From e1ceb050e19c7574bca146a8da7047ee4ff456b5 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Sun, 10 Jul 2016 05:02:35 -0400
Subject: [PATCH] Merge branch 'stable-3.1'
---
interface/web/dns/dns_wizard.php | 175 +++++++++++++++++++++++++++++++++++++++------------------
1 files changed, 119 insertions(+), 56 deletions(-)
diff --git a/interface/web/dns/dns_wizard.php b/interface/web/dns/dns_wizard.php
index 26b0111..a0fd131 100644
--- a/interface/web/dns/dns_wizard.php
+++ b/interface/web/dns/dns_wizard.php
@@ -36,10 +36,22 @@
// Loading the template
-$app->uses('tpl,validate_dns');
+$app->uses('tpl,validate_dns,tform');
$app->tpl->newTemplate("form.tpl.htm");
$app->tpl->setInclude('content_tpl', 'templates/dns_wizard.htm');
$app->load_language_file('/web/dns/lib/lang/'.$_SESSION['s']['language'].'_dns_wizard.lng');
+
+// Check if dns record limit has been reached. We will check only users, not admins
+if($_SESSION["s"]["user"]["typ"] == 'user') {
+ $app->tform->formDef['db_table_idx'] = 'id';
+ $app->tform->formDef['db_table'] = 'dns_soa';
+ if(!$app->tform->checkClientLimit('limit_dns_zone')) {
+ $app->error($app->lng('limit_dns_zone_txt'));
+ }
+ if(!$app->tform->checkResellerLimit('limit_dns_zone')) {
+ $app->error('Reseller: '.$app->lng('limit_dns_zone_txt'));
+ }
+}
// import variables
$template_id = (isset($_POST['template_id']))?$app->functions->intval($_POST['template_id']):0;
@@ -71,6 +83,9 @@
unset($n);
$app->tpl->setVar("template_id_option", $template_id_option);
+$app->uses('ini_parser,getconf');
+$domains_settings = $app->getconf->get_global_config('domains');
+
// If the user is administrator
if($_SESSION['s']['user']['typ'] == 'admin') {
@@ -83,47 +98,51 @@
}
$app->tpl->setVar("server_id", $server_id_option);
- // load the list of clients
- $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
- $clients = $app->db->queryAllRecords($sql);
- $client_select = '';
- if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= "<option value='0'></option>";
- if(is_array($clients)) {
- foreach( $clients as $client) {
- $selected = ($client["groupid"] == $sys_groupid)?'SELECTED':'';
- $client_select .= "<option value='$client[groupid]' $selected>$client[contactname]</option>\r\n";
+ if ($domains_settings['use_domain_module'] != 'y') {
+ // load the list of clients
+ $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
+ $clients = $app->db->queryAllRecords($sql);
+ $client_select = '';
+ if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= "<option value='0'></option>";
+ if(is_array($clients)) {
+ foreach( $clients as $client) {
+ $selected = ($client["groupid"] == $sys_groupid)?'SELECTED':'';
+ $client_select .= "<option value='$client[groupid]' $selected>$client[contactname]</option>\r\n";
+ }
}
- }
- $app->tpl->setVar("client_group_id", $client_select);
+ $app->tpl->setVar("client_group_id", $client_select);
+ }
}
if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
- // load the list of clients
- $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id'])." ORDER BY client.company_name, client.contact_name, sys_group.name";
- $clients = $app->db->queryAllRecords($sql);
- $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
- $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
- if(is_array($clients)) {
- foreach( $clients as $client) {
- $selected = ($client["groupid"] == $sys_groupid)?'SELECTED':'';
- $client_select .= "<option value='$client[groupid]' $selected>$client[contactname]</option>\r\n";
+ if ($domains_settings['use_domain_module'] != 'y') {
+ // load the list of clients
+ $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
+ $clients = $app->db->queryAllRecords($sql, $client['client_id']);
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
+ $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
+ if(is_array($clients)) {
+ foreach( $clients as $client) {
+ $selected = ($client["groupid"] == $sys_groupid)?'SELECTED':'';
+ $client_select .= "<option value='$client[groupid]' $selected>$client[contactname]</option>\r\n";
+ }
}
- }
- $app->tpl->setVar("client_group_id", $client_select);
+ $app->tpl->setVar("client_group_id", $client_select);
+ }
}
if($_SESSION["s"]["user"]["typ"] != 'admin')
{
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$client_dns['dns_servers_ids'] = explode(',', $client_dns['dns_servers']);
@@ -134,13 +153,13 @@
$app->tpl->setVar('server_id_value', $client_dns['dns_servers_ids'][0]);
}
- $sql = "SELECT server_id, server_name FROM server WHERE server_id IN (" . $client_dns['dns_servers'] . ");";
- $dns_servers = $app->db->queryAllRecords($sql);
+ $sql = "SELECT server_id, server_name FROM server WHERE server_id IN ?";
+ $dns_servers = $app->db->queryAllRecords($sql, $client_dns['dns_servers_ids']);
$options_dns_servers = "";
foreach ($dns_servers as $dns_server) {
- $options_dns_servers .= "<option value='$dns_server[server_id]'>$dns_server[server_name]</option>";
+ $options_dns_servers .= '<option value="'.$dns_server['server_id'].'"'.($_POST['server_id'] == $dns_server['server_id'] ? ' selected="selected"' : '').'>'.$dns_server['server_name'].'</option>';
}
$app->tpl->setVar("server_id", $options_dns_servers);
@@ -148,7 +167,7 @@
}
-$template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = '".$app->functions->intval($template_id)."'");
+$template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = ?", $template_id);
$fields = explode(',', $template_record['fields']);
if(is_array($fields)) {
foreach($fields as $field) {
@@ -162,9 +181,7 @@
* Now we have to check, if we should use the domain-module to select the domain
* or not
*/
-$app->uses('ini_parser,getconf');
-$settings = $app->getconf->get_global_config('domains');
-if ($settings['use_domain_module'] == 'y') {
+if ($domains_settings['use_domain_module'] == 'y') {
/*
* The domain-module is in use.
*/
@@ -192,13 +209,16 @@
}
if($_POST['create'] == 1) {
-
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
$error = '';
if ($post_server_id)
{
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$client['dns_servers_ids'] = explode(',', $client['dns_servers']);
@@ -215,7 +235,10 @@
// apply filters
if(isset($_POST['domain']) && $_POST['domain'] != ''){
/* check if the domain module is used - and check if the selected domain can be used! */
- if ($settings['use_domain_module'] == 'y') {
+ if ($domains_settings['use_domain_module'] == 'y') {
+ if ($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+ $_POST['client_group_id'] = $app->tools_sites->getClientIdForDomain($_POST['domain']);
+ }
$domain_check = $app->tools_sites->checkDomainModuleDomain($_POST['domain']);
if(!$domain_check) {
// invalid domain selected
@@ -256,7 +279,7 @@
elseif(isset($_POST['ns2']) && !preg_match('/^[\w\.\-]{2,64}\.[a-zA-Z0-9]{2,30}$/', $_POST['ns2'])) $error .= $app->lng('error_ns2_regex').'<br />';
if(isset($_POST['email']) && $_POST['email'] == '') $error .= $app->lng('error_email_empty').'<br />';
- elseif(isset($_POST['email']) && !preg_match('/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z0-9\-]{2,30}$/i', $_POST['email'])) $error .= $app->lng('error_email_regex').'<br />';
+ elseif(isset($_POST['email']) && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) $error .= $app->lng('error_email_regex').'<br />';
// make sure that the record belongs to the client group and not the admin group when admin inserts it
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($_POST['client_group_id'])) {
@@ -289,6 +312,7 @@
if($_POST['ns1'] != '') $tpl_content = str_replace('{NS1}', $_POST['ns1'], $tpl_content);
if($_POST['ns2'] != '') $tpl_content = str_replace('{NS2}', $_POST['ns2'], $tpl_content);
if($_POST['email'] != '') $tpl_content = str_replace('{EMAIL}', $_POST['email'], $tpl_content);
+ $enable_dnssec = (($_POST['dnssec'] == 'Y') ? 'Y' : 'N');
if(isset($_POST['dkim']) && preg_match('/^[\w\.\-\/]{2,255}\.[a-zA-Z0-9\-]{2,30}[\.]{0,1}$/', $_POST['domain'])) {
$sql = $app->db->queryOneRecord("SELECT dkim_public, dkim_selector FROM mail_domain WHERE domain = ? AND dkim = 'y' AND ".$app->tform->getAuthSQL('r'), $_POST['domain']);
$public_key = $sql['dkim_public'];
@@ -303,6 +327,7 @@
$tpl_rows = explode("\n", $tpl_content);
$section = '';
$vars = array();
+ $vars['xfer']='';
$dns_rr = array();
foreach($tpl_rows as $row) {
$row = trim($row);
@@ -327,11 +352,11 @@
if($section == 'dns_records') {
$parts = explode('|', $row);
$dns_rr[] = array(
- 'name' => $app->db->quote($parts[1]),
- 'type' => $app->db->quote($parts[0]),
- 'data' => $app->db->quote($parts[2]),
- 'aux' => $app->db->quote($parts[3]),
- 'ttl' => $app->db->quote($parts[4])
+ 'name' => $parts[1],
+ 'type' => $parts[0],
+ 'data' => $parts[2],
+ 'aux' => $parts[3],
+ 'ttl' => $parts[4]
);
}
}
@@ -351,28 +376,61 @@
if($error == '') {
// Insert the soa record
$sys_userid = $_SESSION['s']['user']['userid'];
- $origin = $app->db->quote($vars['origin']);
- $ns = $app->db->quote($vars['ns']);
- $mbox = $app->db->quote(str_replace('@', '.', $vars['mbox']));
- $refresh = $app->db->quote($vars['refresh']);
- $retry = $app->db->quote($vars['retry']);
- $expire = $app->db->quote($vars['expire']);
- $minimum = $app->db->quote($vars['minimum']);
- $ttl = $app->db->quote($vars['ttl']);
- $xfer = $app->db->quote($vars['xfer']);
- $also_notify = $app->db->quote($vars['also_notify']);
- $update_acl = $app->db->quote($vars['update_acl']);
+ $origin = $vars['origin'];
+ $ns = $vars['ns'];
+ $mbox = str_replace('@', '.', $vars['mbox']);
+ $refresh = $vars['refresh'];
+ $retry = $vars['retry'];
+ $expire = $vars['expire'];
+ $minimum = $vars['minimum'];
+ $ttl = $vars['ttl'];
+ $xfer = $vars['xfer'];
+ $also_notify = $vars['also_notify'];
+ $update_acl = $vars['update_acl'];
$serial = $app->validate_dns->increase_serial(0);
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `origin`, `ns`, `mbox`, `serial`, `refresh`, `retry`, `expire`, `minimum`, `ttl`, `active`, `xfer`, `also_notify`, `update_acl`) VALUES
- ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$origin', '$ns', '$mbox', '$serial', '$refresh', '$retry', '$expire', '$minimum', '$ttl', 'Y', '$xfer', '$also_notify', '$update_acl')";
+ $insert_data = array(
+ "sys_userid" => $sys_userid,
+ "sys_groupid" => $sys_groupid,
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => 'riud',
+ "sys_perm_other" => '',
+ "server_id" => $server_id,
+ "origin" => $origin,
+ "ns" => $ns,
+ "mbox" => $mbox,
+ "serial" => $serial,
+ "refresh" => $refresh,
+ "retry" => $retry,
+ "expire" => $expire,
+ "minimum" => $minimum,
+ "ttl" => $ttl,
+ "active" => 'Y',
+ "xfer" => $xfer,
+ "also_notify" => $also_notify,
+ "update_acl" => $update_acl,
+ "dnssec_wanted" => $enable_dnssec
+ );
$dns_soa_id = $app->db->datalogInsert('dns_soa', $insert_data, 'id');
// Insert the dns_rr records
if(is_array($dns_rr) && $dns_soa_id > 0) {
foreach($dns_rr as $rr) {
- $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES
- ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '$rr[name]', '$rr[type]', '$rr[data]', '$rr[aux]', '$rr[ttl]', 'Y')";
+ $insert_data = array(
+ "sys_userid" => $sys_userid,
+ "sys_groupid" => $sys_groupid,
+ "sys_perm_user" => 'riud',
+ "sys_perm_group" => 'riud',
+ "sys_perm_other" => '',
+ "server_id" => $server_id,
+ "zone" => $dns_soa_id,
+ "name" => $rr['name'],
+ "type" => $rr['type'],
+ "data" => $rr['data'],
+ "aux" => $rr['aux'],
+ "ttl" => $rr['ttl'],
+ "active" => 'Y'
+ );
$dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id');
}
}
@@ -390,6 +448,11 @@
$app->tpl->setVar("title", 'DNS Wizard');
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('dns_wizard');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_dns_wizard.lng';
include $lng_file;
$app->tpl->setVar($wb);
--
Gitblit v1.9.1