deblan/pdnsmanager
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fixed whitespace errors, removed unneccessary tables

Browse source
This commit is contained in:
Lukas Metzger 2017-02-05 17:12:38 +01:00
parent 107bfc7c67
commit a105edc4ab
16 changed files with 236 additions and 458 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
api/add-domain.php
View file

@ -43,7 +43,7 @@ if(isset($input->action) && $input->action == "addDomain") {
$soaData[] = $input->expire; $soaData[] = $input->expire;
$soaData[] = $input->ttl; $soaData[] = $input->ttl;
$domainsName = strtolower(preg_replace('/\s+/', '', $input->name)); $domainsName = strtolower(preg_replace('/\s+/', '', $input->name));
$soaContent = implode(" ", $soaData); $soaContent = implode(" ", $soaData);
@ -55,16 +55,16 @@ if(isset($input->action) && $input->action == "addDomain") {
$stmt->execute(); $stmt->execute();
$stmt = $db->prepare("SELECT MAX(id) FROM domains WHERE name=:name AND type=:type"); $stmt = $db->prepare("SELECT MAX(id) FROM domains WHERE name=:name AND type=:type");
$stmt->bindValue(':name', $domainsName, PDO::PARAM_STR); $stmt->bindValue(':name', $domainsName, PDO::PARAM_STR);
$stmt->bindValue(':type', $input->type, PDO::PARAM_STR); $stmt->bindValue(':type', $input->type, PDO::PARAM_STR);
$stmt->execute(); $stmt->execute();
$newDomainId = $stmt->fetchColumn(); $newDomainId = $stmt->fetchColumn();
$stmt = $db->prepare("INSERT INTO records(domain_id,name,type,content,ttl) VALUES (:domain_id,:name,'SOA',:content,:ttl)"); $stmt = $db->prepare("INSERT INTO records(domain_id,name,type,content,ttl) VALUES (:domain_id,:name,'SOA',:content,:ttl)");
$stmt->bindValue(':domain_id', $newDomainId, PDO::PARAM_INT); $stmt->bindValue(':domain_id', $newDomainId, PDO::PARAM_INT);
$stmt->bindValue(':name', $domainsName, PDO::PARAM_STR); $stmt->bindValue(':name', $domainsName, PDO::PARAM_STR);
$stmt->bindValue(':content', $soaContent, PDO::PARAM_STR); $stmt->bindValue(':content', $soaContent, PDO::PARAM_STR);
$stmt->bindValue(':ttl', $input->ttl, PDO::PARAM_INT); $stmt->bindValue(':ttl', $input->ttl, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$db->commit(); $db->commit();

36
api/domains.php
View file

@ -65,18 +65,18 @@ if(isset($input->action) && $input->action == "getDomains") {
$type_filter_used = 1; $type_filter_used = 1;
} }
$stmt->bindValue(':user1', $id_filter, PDO::PARAM_STR); $stmt->bindValue(':user1', $id_filter, PDO::PARAM_STR);
$stmt->bindValue(':user2', $id_filter_used, PDO::PARAM_INT); $stmt->bindValue(':user2', $id_filter_used, PDO::PARAM_INT);
$stmt->bindValue(':name1', $name_filter, PDO::PARAM_STR); $stmt->bindValue(':name1', $name_filter, PDO::PARAM_STR);
$stmt->bindValue(':name2', $name_filter_used, PDO::PARAM_INT); $stmt->bindValue(':name2', $name_filter_used, PDO::PARAM_INT);
$stmt->bindValue(':type1', $type_filter, PDO::PARAM_INT); $stmt->bindValue(':type1', $type_filter, PDO::PARAM_INT);
$stmt->bindValue(':type2', $type_filter_used, PDO::PARAM_INT); $stmt->bindValue(':type2', $type_filter_used, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$result = $stmt->fetchColumn(); $result = $stmt->fetchColumn();
if ($result == 0) { if ($result == 0) {
$result = 1; $result = 1;
} }
// Initialize the return value // Initialize the return value
$retval = Array(); $retval = Array();
@ -149,14 +149,14 @@ if(isset($input->action) && $input->action == "getDomains") {
$type_filter_used = 1; $type_filter_used = 1;
} }
$stmt->bindValue(':user1', $id_filter, PDO::PARAM_STR); $stmt->bindValue(':user1', $id_filter, PDO::PARAM_STR);
$stmt->bindValue(':user2', $id_filter_used, PDO::PARAM_INT); $stmt->bindValue(':user2', $id_filter_used, PDO::PARAM_INT);
$stmt->bindValue(':name1', $name_filter, PDO::PARAM_STR); $stmt->bindValue(':name1', $name_filter, PDO::PARAM_STR);
$stmt->bindValue(':name2', $name_filter_used, PDO::PARAM_INT); $stmt->bindValue(':name2', $name_filter_used, PDO::PARAM_INT);
$stmt->bindValue(':type1', $type_filter, PDO::PARAM_INT); $stmt->bindValue(':type1', $type_filter, PDO::PARAM_INT);
$stmt->bindValue(':type2', $type_filter_used, PDO::PARAM_INT); $stmt->bindValue(':type2', $type_filter_used, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
while($obj = $stmt->fetchObject()) { while($obj = $stmt->fetchObject()) {
$retval['data'][] = $obj; $retval['data'][] = $obj;
} }
@ -168,7 +168,7 @@ if(isset($input->action) && $input->action == "deleteDomain") {
$db->beginTransaction(); $db->beginTransaction();
$stmt = $db->prepare("DELETE FROM permissions WHERE domain=:domain_id"); $stmt = $db->prepare("DELETE FROM permissions WHERE domain=:domain_id");
$stmt->bindValue(':domain_id', $domainId, PDO::PARAM_INT); $stmt->bindValue(':domain_id', $domainId, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$stmt = $db->prepare("DELETE FROM remote WHERE record IN (SELECT id FROM records WHERE domain_id=:domain_id)"); $stmt = $db->prepare("DELETE FROM remote WHERE record IN (SELECT id FROM records WHERE domain_id=:domain_id)");

106
api/edit-master.php
View file

@ -31,9 +31,9 @@ if(!isset($input->csrfToken) || $input->csrfToken !== $_SESSION['csrfToken']) {
//Permission check //Permission check
if(isset($input->domain)) { if(isset($input->domain)) {
$permquery = $db->prepare("SELECT COUNT(*) FROM permissions WHERE userid=:user AND domain=:domain"); $permquery = $db->prepare("SELECT COUNT(*) FROM permissions WHERE userid=:user AND domain=:domain");
$permquery->bindValue(':user', $_SESSION['id'], PDO::PARAM_INT); $permquery->bindValue(':user', $_SESSION['id'], PDO::PARAM_INT);
$permquery->bindValue(':domain', $input->domain, PDO::PARAM_INT); $permquery->bindValue(':domain', $input->domain, PDO::PARAM_INT);
$permquery->execute(); $permquery->execute();
if($permquery->fetchColumn() < 1 && $_SESSION['type'] != "admin") { if($permquery->fetchColumn() < 1 && $_SESSION['type'] != "admin") {
echo "Permission denied!"; echo "Permission denied!";
@ -113,11 +113,11 @@ if(isset($input->action) && $input->action == "getRecords") {
$domainId = (int)$input->domain; $domainId = (int)$input->domain;
$stmt->bindValue(':name1', $name_filter, PDO::PARAM_STR); $stmt->bindValue(':name1', $name_filter, PDO::PARAM_STR);
$stmt->bindValue(':name2', $name_filter_used, PDO::PARAM_INT); $stmt->bindValue(':name2', $name_filter_used, PDO::PARAM_INT);
$stmt->bindValue(':content1', $content_filter, PDO::PARAM_STR); $stmt->bindValue(':content1', $content_filter, PDO::PARAM_STR);
$stmt->bindValue(':content2', $content_filter_used, PDO::PARAM_INT); $stmt->bindValue(':content2', $content_filter_used, PDO::PARAM_INT);
$stmt->bindValue(':domain_id', $domainId, PDO::PARAM_INT); $stmt->bindValue(':domain_id', $domainId, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$retval = Array(); $retval = Array();
@ -133,7 +133,7 @@ if(isset($input->action) && $input->action == "getSoa") {
$domainId = (int)$input->domain; $domainId = (int)$input->domain;
$stmt = $db->prepare("SELECT content FROM records WHERE type='SOA' AND domain_id=:domain_id LIMIT 1"); $stmt = $db->prepare("SELECT content FROM records WHERE type='SOA' AND domain_id=:domain_id LIMIT 1");
$stmt->bindValue(':domain_id', $domainId, PDO::PARAM_INT); $stmt->bindValue(':domain_id', $domainId, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$content = $stmt->fetchColumn(); $content = $stmt->fetchColumn();
@ -149,8 +149,6 @@ if(isset($input->action) && $input->action == "getSoa") {
$retval['retry'] = $content[4]; $retval['retry'] = $content[4];
$retval['expire'] = $content[5]; $retval['expire'] = $content[5];
$retval['ttl'] = $content[6]; $retval['ttl'] = $content[6];
} }
//Action for getting SOA Serial //Action for getting SOA Serial
@ -158,7 +156,7 @@ if(isset($input->action) && $input->action == "getSerial") {
$domainId = (int)$input->domain; $domainId = (int)$input->domain;
$stmt = $db->prepare("SELECT content FROM records WHERE type='SOA' AND domain_id=:domain_id LIMIT 1"); $stmt = $db->prepare("SELECT content FROM records WHERE type='SOA' AND domain_id=:domain_id LIMIT 1");
$stmt->bindValue(':domain_id', $domainId, PDO::PARAM_INT); $stmt->bindValue(':domain_id', $domainId, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$content = $stmt->fetchColumn(); $content = $stmt->fetchColumn();
@ -174,12 +172,12 @@ if(isset($input->action) && $input->action == "getSerial") {
if(isset($input->action) && $input->action == "saveSoa") { if(isset($input->action) && $input->action == "saveSoa") {
$domainId = (int)$input->domain; $domainId = (int)$input->domain;
$db->beginTransaction(); $db->beginTransaction();
$stmt = $db->prepare("SELECT content FROM records WHERE type='SOA' AND domain_id=:domain_id LIMIT 1"); $stmt = $db->prepare("SELECT content FROM records WHERE type='SOA' AND domain_id=:domain_id LIMIT 1");
$stmt->bindValue(':domain_id', $domainId, PDO::PARAM_INT); $stmt->bindValue(':domain_id', $domainId, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$content = $stmt->fetchColumn();; $content = $stmt->fetchColumn();;
$content = explode(" ", $content); $content = explode(" ", $content);
$serial = $content[2]; $serial = $content[2];
@ -193,9 +191,9 @@ if(isset($input->action) && $input->action == "saveSoa") {
$newsoa .= $input->ttl; $newsoa .= $input->ttl;
$stmt = $db->prepare("UPDATE records SET content=:content,ttl=:ttl WHERE type='SOA' AND domain_id=:domain_id"); $stmt = $db->prepare("UPDATE records SET content=:content,ttl=:ttl WHERE type='SOA' AND domain_id=:domain_id");
$stmt->bindValue(':content', $newsoa, PDO::PARAM_STR); $stmt->bindValue(':content', $newsoa, PDO::PARAM_STR);
$stmt->bindValue(':ttl', $input->ttl, PDO::PARAM_INT); $stmt->bindValue(':ttl', $input->ttl, PDO::PARAM_INT);
$stmt->bindValue(':domain_id', $domainId, PDO::PARAM_INT); $stmt->bindValue(':domain_id', $domainId, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$db->commit(); $db->commit();
@ -209,16 +207,16 @@ if(isset($input->action) && $input->action == "saveSoa") {
if(isset($input->action) && $input->action == "saveRecord") { if(isset($input->action) && $input->action == "saveRecord") {
$domainId = $input->domain; $domainId = $input->domain;
$recordName = strtolower(preg_replace('/\s+/', '', $input->name)); $recordName = strtolower(preg_replace('/\s+/', '', $input->name));
$recordContent = trim($input->content); $recordContent = trim($input->content);
$stmt = $db->prepare("UPDATE records SET name=:name,type=:type,content=:content,ttl=:ttl,prio=:prio WHERE id=:id AND domain_id=:domain_id"); $stmt = $db->prepare("UPDATE records SET name=:name,type=:type,content=:content,ttl=:ttl,prio=:prio WHERE id=:id AND domain_id=:domain_id");
$stmt->bindValue(':name', $recordName, PDO::PARAM_STR); $stmt->bindValue(':name', $recordName, PDO::PARAM_STR);
$stmt->bindValue(':type', $input->type, PDO::PARAM_STR); $stmt->bindValue(':type', $input->type, PDO::PARAM_STR);
$stmt->bindValue(':content', $recordContent, PDO::PARAM_STR); $stmt->bindValue(':content', $recordContent, PDO::PARAM_STR);
$stmt->bindValue(':ttl', $input->ttl, PDO::PARAM_INT); $stmt->bindValue(':ttl', $input->ttl, PDO::PARAM_INT);
$stmt->bindValue(':prio', $input->prio, PDO::PARAM_INT); $stmt->bindValue(':prio', $input->prio, PDO::PARAM_INT);
$stmt->bindValue(':id', $input->id, PDO::PARAM_INT); $stmt->bindValue(':id', $input->id, PDO::PARAM_INT);
$stmt->bindValue(':domain_id', $domainId, PDO::PARAM_INT); $stmt->bindValue(':domain_id', $domainId, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
update_serial($db, $domainId); update_serial($db, $domainId);
} }
@ -226,32 +224,32 @@ if(isset($input->action) && $input->action == "saveRecord") {
//Action for adding Record //Action for adding Record
if(isset($input->action) && $input->action == "addRecord") { if(isset($input->action) && $input->action == "addRecord") {
$domainId = $input->domain; $domainId = $input->domain;
$recordName = strtolower(preg_replace('/\s+/', '', $input->name)); $recordName = strtolower(preg_replace('/\s+/', '', $input->name));
$recordContent = trim($input->content); $recordContent = trim($input->content);
$db->beginTransaction(); $db->beginTransaction();
$stmt = $db->prepare("INSERT INTO records (domain_id, name, type, content, prio, ttl) VALUES (:domain_id,:name,:type,:content,:prio,:ttl)"); $stmt = $db->prepare("INSERT INTO records (domain_id, name, type, content, prio, ttl) VALUES (:domain_id,:name,:type,:content,:prio,:ttl)");
$stmt->bindValue(':domain_id', $domainId, PDO::PARAM_INT); $stmt->bindValue(':domain_id', $domainId, PDO::PARAM_INT);
$stmt->bindValue(':name', $recordName, PDO::PARAM_STR); $stmt->bindValue(':name', $recordName, PDO::PARAM_STR);
$stmt->bindValue(':type', $input->type, PDO::PARAM_STR); $stmt->bindValue(':type', $input->type, PDO::PARAM_STR);
$stmt->bindValue(':content', $recordContent, PDO::PARAM_STR); $stmt->bindValue(':content', $recordContent, PDO::PARAM_STR);
$stmt->bindValue(':ttl', $input->ttl, PDO::PARAM_INT); $stmt->bindValue(':ttl', $input->ttl, PDO::PARAM_INT);
$stmt->bindValue(':prio', $input->prio, PDO::PARAM_INT); $stmt->bindValue(':prio', $input->prio, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$stmt = $db->prepare("SELECT MAX(id) FROM records WHERE domain_id=:domain_id AND name=:name AND type=:type AND content=:content AND prio=:prio AND ttl=:ttl"); $stmt = $db->prepare("SELECT MAX(id) FROM records WHERE domain_id=:domain_id AND name=:name AND type=:type AND content=:content AND prio=:prio AND ttl=:ttl");
$stmt->bindValue(':domain_id', $domainId, PDO::PARAM_INT); $stmt->bindValue(':domain_id', $domainId, PDO::PARAM_INT);
$stmt->bindValue(':name', $recordName, PDO::PARAM_STR); $stmt->bindValue(':name', $recordName, PDO::PARAM_STR);
$stmt->bindValue(':type', $input->type, PDO::PARAM_STR); $stmt->bindValue(':type', $input->type, PDO::PARAM_STR);
$stmt->bindValue(':content', $recordContent, PDO::PARAM_STR); $stmt->bindValue(':content', $recordContent, PDO::PARAM_STR);
$stmt->bindValue(':ttl', $input->ttl, PDO::PARAM_INT); $stmt->bindValue(':ttl', $input->ttl, PDO::PARAM_INT);
$stmt->bindValue(':prio', $input->prio, PDO::PARAM_INT); $stmt->bindValue(':prio', $input->prio, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$newId = $stmt->fetchColumn(); $newId = $stmt->fetchColumn();
$db->commit();
$db->commit();
$retval = Array(); $retval = Array();
$retval['newId'] = $newId; $retval['newId'] = $newId;
@ -264,8 +262,8 @@ if(isset($input->action) && $input->action == "removeRecord") {
$recordId = $input->id; $recordId = $input->id;
$stmt = $db->prepare("DELETE FROM records WHERE id=:id AND domain_id=:domain_id"); $stmt = $db->prepare("DELETE FROM records WHERE id=:id AND domain_id=:domain_id");
$stmt->bindValue(':id', $recordId, PDO::PARAM_INT); $stmt->bindValue(':id', $recordId, PDO::PARAM_INT);
$stmt->bindValue(':domain_id', $domainId, PDO::PARAM_INT); $stmt->bindValue(':domain_id', $domainId, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
update_serial($db, $domainId); update_serial($db, $domainId);

36
api/edit-remote.php
View file

@ -30,8 +30,8 @@ if(!isset($input->csrfToken) || $input->csrfToken !== $_SESSION['csrfToken']) {
//Permission check //Permission check
if(isset($input->record)) { if(isset($input->record)) {
$permquery = $db->prepare("SELECT COUNT(*) FROM records JOIN permissions ON records.domain_id=permissions.domain WHERE userid=:user AND records.id=:id"); $permquery = $db->prepare("SELECT COUNT(*) FROM records JOIN permissions ON records.domain_id=permissions.domain WHERE userid=:user AND records.id=:id");
$permquery->bindValue(':user', $_SESSION['id'], PDO::PARAM_INT); $permquery->bindValue(':user', $_SESSION['id'], PDO::PARAM_INT);
$permquery->bindValue(':id', $input->record, PDO::PARAM_INT); $permquery->bindValue(':id', $input->record, PDO::PARAM_INT);
$permquery->execute(); $permquery->execute();
if($permquery->fetchColumn() < 1 && $_SESSION['type'] != "admin") { if($permquery->fetchColumn() < 1 && $_SESSION['type'] != "admin") {
echo "Permission denied!"; echo "Permission denied!";
@ -48,7 +48,7 @@ if(isset($input->action) && $input->action == "getPermissions") {
$sql = "SELECT id, description, type FROM remote WHERE record=:record"; $sql = "SELECT id, description, type FROM remote WHERE record=:record";
$stmt = $db->prepare($sql); $stmt = $db->prepare($sql);
$stmt->bindValue(':record', $input->record, PDO::PARAM_INT); $stmt->bindValue(':record', $input->record, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$retval = Array(); $retval = Array();
@ -66,9 +66,9 @@ if(isset($input->action) && $input->action == "addPassword") {
$sql = "INSERT INTO remote(record,description,type,security) VALUES (:record,:description,'password',:security)"; $sql = "INSERT INTO remote(record,description,type,security) VALUES (:record,:description,'password',:security)";
$stmt = $db->prepare($sql); $stmt = $db->prepare($sql);
$stmt->bindValue(':record', $input->record, PDO::PARAM_INT); $stmt->bindValue(':record', $input->record, PDO::PARAM_INT);
$stmt->bindValue(':description', $input->description, PDO::PARAM_STR); $stmt->bindValue(':description', $input->description, PDO::PARAM_STR);
$stmt->bindValue(':security', $passwordHash, PDO::PARAM_STR); $stmt->bindValue(':security', $passwordHash, PDO::PARAM_STR);
$stmt->execute(); $stmt->execute();
} }
@ -77,9 +77,9 @@ if(isset($input->action) && $input->action == "addKey") {
$sql = "INSERT INTO remote(record,description,type,security) VALUES (:record,:description,'key',:security)"; $sql = "INSERT INTO remote(record,description,type,security) VALUES (:record,:description,'key',:security)";
$stmt = $db->prepare($sql); $stmt = $db->prepare($sql);
$stmt->bindValue(':record', $input->record, PDO::PARAM_INT); $stmt->bindValue(':record', $input->record, PDO::PARAM_INT);
$stmt->bindValue(':description', $input->description, PDO::PARAM_STR); $stmt->bindValue(':description', $input->description, PDO::PARAM_STR);
$stmt->bindValue(':security', $input->key, PDO::PARAM_STR); $stmt->bindValue(':security', $input->key, PDO::PARAM_STR);
$stmt->execute(); $stmt->execute();
} }
@ -89,14 +89,14 @@ if(isset($input->action) && $input->action == "changePassword") {
$passwordHash = password_hash($input->password, PASSWORD_DEFAULT); $passwordHash = password_hash($input->password, PASSWORD_DEFAULT);
$sql = "UPDATE remote SET description=:description,security=:security WHERE id=:id"; $sql = "UPDATE remote SET description=:description,security=:security WHERE id=:id";
$stmt = $db->prepare($sql); $stmt = $db->prepare($sql);
$stmt->bindValue(':description', $input->description, PDO::PARAM_STR); $stmt->bindValue(':description', $input->description, PDO::PARAM_STR);
$stmt->bindValue(':security', $passwordHash, PDO::PARAM_STR); $stmt->bindValue(':security', $passwordHash, PDO::PARAM_STR);
$stmt->bindValue(':id', $input->permission, PDO::PARAM_INT); $stmt->bindValue(':id', $input->permission, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
} else { } else {
$sql = "UPDATE remote SET description=:description WHERE id=:id"; $sql = "UPDATE remote SET description=:description WHERE id=:id";
$stmt = $db->prepare($sql); $stmt = $db->prepare($sql);
$stmt->bindValue(':description', $input->description, PDO::PARAM_STR); $stmt->bindValue(':description', $input->description, PDO::PARAM_STR);
$stmt->bindValue(':id', $input->permission, PDO::PARAM_INT); $stmt->bindValue(':id', $input->permission, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
} }
@ -106,10 +106,10 @@ if(isset($input->action) && $input->action == "changePassword") {
if(isset($input->action) && $input->action == "changeKey") { if(isset($input->action) && $input->action == "changeKey") {
$sql = "UPDATE remote SET description=:description,security=:security WHERE id=:id"; $sql = "UPDATE remote SET description=:description,security=:security WHERE id=:id";
$stmt = $db->prepare($sql); $stmt = $db->prepare($sql);
$stmt->bindValue(':description', $input->description, PDO::PARAM_STR); $stmt->bindValue(':description', $input->description, PDO::PARAM_STR);
$stmt->bindValue(':security', $input->key, PDO::PARAM_STR); $stmt->bindValue(':security', $input->key, PDO::PARAM_STR);
$stmt->bindValue(':id', $input->permission, PDO::PARAM_INT); $stmt->bindValue(':id', $input->permission, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
} }
@ -117,7 +117,7 @@ if(isset($input->action) && $input->action == "changeKey") {
if(isset($input->action) && $input->action == "getKey") { if(isset($input->action) && $input->action == "getKey") {
$sql = "SELECT security FROM remote WHERE id=:id AND type='key' LIMIT 1"; $sql = "SELECT security FROM remote WHERE id=:id AND type='key' LIMIT 1";
$stmt = $db->prepare($sql); $stmt = $db->prepare($sql);
$stmt->bindValue(':id', $input->permission, PDO::PARAM_INT); $stmt->bindValue(':id', $input->permission, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$key = $stmt->fetchColumn(); $key = $stmt->fetchColumn();

49
api/edit-user.php
View file

@ -38,18 +38,17 @@ if(isset($input->action) && $input->action == "addUser") {
$db->beginTransaction(); $db->beginTransaction();
$stmt = $db->prepare("INSERT INTO users(name,password,type) VALUES (:name,:password,:type)"); $stmt = $db->prepare("INSERT INTO users(name,password,type) VALUES (:name,:password,:type)");
$stmt->bindValue(':name', $input->name, PDO::PARAM_STR);
$stmt->bindValue(':name', $input->name, PDO::PARAM_STR); $stmt->bindValue(':password', $passwordHash, PDO::PARAM_STR);
$stmt->bindValue(':password', $passwordHash, PDO::PARAM_STR); $stmt->bindValue(':type', $input->type, PDO::PARAM_STR);
$stmt->bindValue(':type', $input->type, PDO::PARAM_STR);
$stmt->execute(); $stmt->execute();
$stmt = $db->prepare("SELECT MAX(id) FROM users WHERE name=:name AND password=:password AND type=:type"); $stmt = $db->prepare("SELECT MAX(id) FROM users WHERE name=:name AND password=:password AND type=:type");
$stmt->bindValue(':name', $input->name, PDO::PARAM_STR); $stmt->bindValue(':name', $input->name, PDO::PARAM_STR);
$stmt->bindValue(':password', $passwordHash, PDO::PARAM_STR); $stmt->bindValue(':password', $passwordHash, PDO::PARAM_STR);
$stmt->bindValue(':type', $input->type, PDO::PARAM_STR); $stmt->bindValue(':type', $input->type, PDO::PARAM_STR);
$stmt->execute(); $stmt->execute();
$newUserId = $stmt->fetchColumn(); $newUserId = $stmt->fetchColumn();
$db->commit(); $db->commit();
@ -59,10 +58,10 @@ if(isset($input->action) && $input->action == "addUser") {
if(isset($input->action) && $input->action == "getUserData") { if(isset($input->action) && $input->action == "getUserData") {
$stmt = $db->prepare("SELECT name,type FROM users WHERE id=:id LIMIT 1"); $stmt = $db->prepare("SELECT name,type FROM users WHERE id=:id LIMIT 1");
$stmt->bindValue(':id', $input->id, PDO::PARAM_INT); $stmt->bindValue(':id', $input->id, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$stmt->bindColumn('name', $userName); $stmt->bindColumn('name', $userName);
$stmt->bindColumn('type', $userType); $stmt->bindColumn('type', $userType);
$stmt->fetch(PDO::FETCH_BOUND); $stmt->fetch(PDO::FETCH_BOUND);
$retval = Array(); $retval = Array();
@ -74,16 +73,16 @@ if(isset($input->action) && $input->action == "saveUserChanges") {
if(isset($input->password)) { if(isset($input->password)) {
$passwordHash = password_hash($input->password, PASSWORD_DEFAULT); $passwordHash = password_hash($input->password, PASSWORD_DEFAULT);
$stmt = $db->prepare("UPDATE users SET name=:name,password=:password,type=:type WHERE id=:id"); $stmt = $db->prepare("UPDATE users SET name=:name,password=:password,type=:type WHERE id=:id");
$stmt->bindValue(':name', $input->name, PDO::PARAM_STR); $stmt->bindValue(':name', $input->name, PDO::PARAM_STR);
$stmt->bindValue(':password', $passwordHash, PDO::PARAM_STR); $stmt->bindValue(':password', $passwordHash, PDO::PARAM_STR);
$stmt->bindValue(':type', $input->type, PDO::PARAM_STR); $stmt->bindValue(':type', $input->type, PDO::PARAM_STR);
$stmt->bindValue(':id', $input->id, PDO::PARAM_INT); $stmt->bindValue(':id', $input->id, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
} else { } else {
$stmt = $db->prepare("UPDATE users SET name=:name,type=:type WHERE id=:id"); $stmt = $db->prepare("UPDATE users SET name=:name,type=:type WHERE id=:id");
$stmt->bindValue(':name', $input->name, PDO::PARAM_STR); $stmt->bindValue(':name', $input->name, PDO::PARAM_STR);
$stmt->bindValue(':type', $input->type, PDO::PARAM_STR); $stmt->bindValue(':type', $input->type, PDO::PARAM_STR);
$stmt->bindValue(':id', $input->id, PDO::PARAM_INT); $stmt->bindValue(':id', $input->id, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
} }
} }
@ -111,8 +110,8 @@ if(isset($input->action) && $input->action == "removePermission") {
$stmt = $db->prepare("DELETE FROM permissions WHERE userid=:user AND domain=:domain"); $stmt = $db->prepare("DELETE FROM permissions WHERE userid=:user AND domain=:domain");
$stmt->bindValue(':user', $input->userId, PDO::PARAM_INT); $stmt->bindValue(':user', $input->userId, PDO::PARAM_INT);
$stmt->bindValue(':domain', $input->domainId, PDO::PARAM_INT); $stmt->bindValue(':domain', $input->domainId, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
} }
@ -121,8 +120,8 @@ if(isset($input->action) && $input->action == "searchDomains" && isset($input->t
$searchTerm = "%" . $input->term . "%"; $searchTerm = "%" . $input->term . "%";
$stmt->bindValue(':name', $searchTerm, PDO::PARAM_STR); $stmt->bindValue(':name', $searchTerm, PDO::PARAM_STR);
$stmt->bindValue(':user', $input->userId, PDO::PARAM_INT); $stmt->bindValue(':user', $input->userId, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$retval = Array(); $retval = Array();
@ -136,8 +135,8 @@ if(isset($input->action) && $input->action == "addPermissions") {
$stmt = $db->prepare("INSERT INTO permissions(userid,domain) VALUES (:user,:domain)"); $stmt = $db->prepare("INSERT INTO permissions(userid,domain) VALUES (:user,:domain)");
foreach($input->domains as $domain) { foreach($input->domains as $domain) {
$stmt->bindValue(':user', $input->userId, PDO::PARAM_INT); $stmt->bindValue(':user', $input->userId, PDO::PARAM_INT);
$stmt->bindValue(':domain', $domain, PDO::PARAM_INT); $stmt->bindValue(':domain', $domain, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
} }
} }

186
api/install.php
View file

@ -83,7 +83,7 @@ CREATE TABLE IF NOT EXISTS remote (
nonce varchar(255) DEFAULT NULL, nonce varchar(255) DEFAULT NULL,
PRIMARY KEY (id), PRIMARY KEY (id),
KEY record (record), KEY record (record),
CONSTRAINT remote_ibfk_1 FOREIGN KEY (record) REFERENCES records (id) ON DELETE CASCADE CONSTRAINT remote_ibfk_1 FOREIGN KEY (record) REFERENCES records (id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=latin1; ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
CREATE TABLE IF NOT EXISTS options ( CREATE TABLE IF NOT EXISTS options (
@ -94,58 +94,7 @@ CREATE TABLE IF NOT EXISTS options (
DELETE FROM options where name='schema_version'; DELETE FROM options where name='schema_version';
INSERT INTO options(name,value) VALUES ('schema_version', 4); INSERT INTO options(name,value) VALUES ('schema_version', 3);
CREATE TABLE IF NOT EXISTS supermasters (
ip VARCHAR(64) NOT NULL,
nameserver VARCHAR(255) NOT NULL,
account VARCHAR(40) NOT NULL,
PRIMARY KEY (ip, nameserver)
) Engine=InnoDB DEFAULT CHARSET=latin1;
CREATE TABLE IF NOT EXISTS comments (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
name VARCHAR(255) NOT NULL,
type VARCHAR(10) NOT NULL,
modified_at INT NOT NULL,
account VARCHAR(40) NOT NULL,
comment VARCHAR(64000) NOT NULL,
PRIMARY KEY (id),
KEY comments_domain_id_idx (domain_id),
KEY comments_name_type_idx (name,type),
KEY comments_order_idx (domain_id, modified_at)
) Engine=InnoDB DEFAULT CHARSET=latin1;
CREATE TABLE IF NOT EXISTS domainmetadata (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
kind VARCHAR(32),
content TEXT,
PRIMARY KEY (id),
KEY domainmetadata_idx (domain_id, kind)
) Engine=InnoDB DEFAULT CHARSET=latin1;
CREATE TABLE IF NOT EXISTS cryptokeys (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
flags INT NOT NULL,
active BOOL,
content TEXT,
PRIMARY KEY(id),
KEY domainidindex (domain_id)
) Engine=InnoDB DEFAULT CHARSET=latin1;
CREATE TABLE IF NOT EXISTS tsigkeys (
id INT AUTO_INCREMENT,
name VARCHAR(255),
algorithm VARCHAR(50),
secret VARCHAR(255),
PRIMARY KEY (id),
UNIQUE KEY namealgoindex (name, algorithm)
) Engine=InnoDB DEFAULT CHARSET=latin1;
"; ";
$sql["pgsql"]=" $sql["pgsql"]="
@ -231,66 +180,9 @@ CREATE TABLE IF NOT EXISTS options (
DELETE FROM options where name='schema_version'; DELETE FROM options where name='schema_version';
INSERT INTO options(name,value) VALUES ('schema_version', 4); INSERT INTO options(name,value) VALUES ('schema_version', 3);
CREATE TABLE IF NOT EXISTS supermasters (
ip INET NOT NULL,
nameserver VARCHAR(255) NOT NULL,
account VARCHAR(40) NOT NULL,
PRIMARY KEY(ip, nameserver)
);
CREATE TABLE IF NOT EXISTS comments (
id SERIAL PRIMARY KEY,
domain_id INT NOT NULL,
name VARCHAR(255) NOT NULL,
type VARCHAR(10) NOT NULL,
modified_at INT NOT NULL,
account VARCHAR(40) DEFAULT NULL,
comment VARCHAR(65535) NOT NULL,
CONSTRAINT domain_exists
FOREIGN KEY(domain_id) REFERENCES domains(id)
ON DELETE CASCADE,
CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
);
CREATE INDEX IF NOT EXISTS comments_domain_id_idx ON comments (domain_id);
CREATE INDEX IF NOT EXISTS comments_name_type_idx ON comments (name, type);
CREATE INDEX IF NOT EXISTS comments_order_idx ON comments (domain_id, modified_at);
CREATE TABLE IF NOT EXISTS domainmetadata (
id SERIAL PRIMARY KEY,
domain_id INT REFERENCES domains(id) ON DELETE CASCADE,
kind VARCHAR(32),
content TEXT
);
CREATE INDEX IF NOT EXISTS domainidmetaindex ON domainmetadata(domain_id);
CREATE TABLE IF NOT EXISTS cryptokeys (
id SERIAL PRIMARY KEY,
domain_id INT REFERENCES domains(id) ON DELETE CASCADE,
flags INT NOT NULL,
active BOOL,
content TEXT
);
CREATE INDEX IF NOT EXISTS domainidindex ON cryptokeys(domain_id);
CREATE TABLE IF NOT EXISTS tsigkeys (
id SERIAL PRIMARY KEY,
name VARCHAR(255),
algorithm VARCHAR(50),
secret VARCHAR(255),
CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
);
CREATE UNIQUE INDEX IF NOT EXISTS namealgoindex ON tsigkeys(name, algorithm);
"; ";
try { try {
$db = new PDO("$input->type:dbname=$input->database;host=$input->host;port=$input->port", $input->user, $input->password); $db = new PDO("$input->type:dbname=$input->database;host=$input->host;port=$input->port", $input->user, $input->password);
} }
@ -303,42 +195,42 @@ $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if (!isset($retval)) { if (!isset($retval)) {
$passwordHash = password_hash($input->userPassword, PASSWORD_DEFAULT); $passwordHash = password_hash($input->userPassword, PASSWORD_DEFAULT);
$queries = explode(";", $sql[$input->type]);
$db->beginTransaction();
foreach ($queries as $query) {
if (preg_replace('/\s+/', '', $query) != '') {
$db->exec($query);
}
}
$db->commit();
$stmt = $db->prepare("INSERT INTO users(name,password,type) VALUES (:user,:hash,'admin')");
$stmt->bindValue(':user', $input->userName, PDO::PARAM_STR);
$stmt->bindValue(':hash', $passwordHash, PDO::PARAM_STR);
$stmt->execute();
$configFile = Array();
$configFile[] = '<?php';
$configFile[] = '$config[\'db_host\'] = \'' . addslashes($input->host) . "';";
$configFile[] = '$config[\'db_user\'] = \'' . addslashes($input->user) . "';";
$configFile[] = '$config[\'db_password\'] = \'' . addslashes($input->password) . "';";
$configFile[] = '$config[\'db_name\'] = \'' . addslashes($input->database) . "';";
$configFile[] = '$config[\'db_port\'] = ' . addslashes($input->port) . ";";
$configFile[] = '$config[\'db_type\'] = \'' . addslashes($input->type) . "';";
$queries = explode(";", $sql[$input->type]); $retval['status'] = "success";
try {
$db->beginTransaction(); file_put_contents("../config/config-user.php", implode("\n", $configFile));
}
foreach ($queries as $query) { catch (Exception $e) {
if (preg_replace('/\s+/', '', $query) != '') { $retval['status'] = "error";
$db->exec($query); $retval['message'] = serialize($e);
} }
}
$db->commit();
$stmt = $db->prepare("INSERT INTO users(name,password,type) VALUES (:user,:hash,'admin')");
$stmt->bindValue(':user', $input->userName, PDO::PARAM_STR);
$stmt->bindValue(':hash', $passwordHash, PDO::PARAM_STR);
$stmt->execute();
$configFile = Array();
$configFile[] = '<?php';
$configFile[] = '$config[\'db_host\'] = \'' . addslashes($input->host) . "';";
$configFile[] = '$config[\'db_user\'] = \'' . addslashes($input->user) . "';";
$configFile[] = '$config[\'db_password\'] = \'' . addslashes($input->password) . "';";
$configFile[] = '$config[\'db_name\'] = \'' . addslashes($input->database) . "';";
$configFile[] = '$config[\'db_port\'] = ' . addslashes($input->port) . ";";
$configFile[] = '$config[\'db_type\'] = \'' . addslashes($input->type) . "';";
$retval['status'] = "success";
try {
file_put_contents("../config/config-user.php", implode("\n", $configFile));
}
catch (Exception $e) {
$retval['status'] = "error";
$retval['message'] = serialize($e);
}
} }
if(isset($retval)) { if(isset($retval)) {

4
api/password.php
View file

@ -31,8 +31,8 @@ if(isset($input->action) && $input->action == "changePassword") {
$passwordHash = password_hash($input->password, PASSWORD_DEFAULT); $passwordHash = password_hash($input->password, PASSWORD_DEFAULT);
$stmt = $db->prepare("UPDATE users SET password=:password WHERE id=:id"); $stmt = $db->prepare("UPDATE users SET password=:password WHERE id=:id");
$stmt->bindValue(':password', $passwordHash, PDO::PARAM_STR); $stmt->bindValue(':password', $passwordHash, PDO::PARAM_STR);
$stmt->bindValue(':id', $_SESSION['id'], PDO::PARAM_INT); $stmt->bindValue(':id', $_SESSION['id'], PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
} }

38
api/remote.php
View file

@ -28,11 +28,11 @@ if(filter_input(INPUT_SERVER, "REQUEST_METHOD") == "GET") {
$input_content = filter_input(INPUT_GET, "content"); $input_content = filter_input(INPUT_GET, "content");
$stmt = $db->prepare("SELECT security,record FROM remote WHERE type='password' AND id=:id LIMIT 1"); $stmt = $db->prepare("SELECT security,record FROM remote WHERE type='password' AND id=:id LIMIT 1");
$stmt->bindValue(':id', $input_id, PDO::PARAM_INT); $stmt->bindValue(':id', $input_id, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$stmt->bindColumn('security', $passwordHash); $stmt->bindColumn('security', $passwordHash);
$stmt->bindColumn('record', $record); $stmt->bindColumn('record', $record);
$stmt->fetch(PDO::FETCH_BOUND); $stmt->fetch(PDO::FETCH_BOUND);
if(!password_verify($input_password, $passwordHash)) { if(!password_verify($input_password, $passwordHash)) {
$return['status'] = "error"; $return['status'] = "error";
@ -42,15 +42,15 @@ if(filter_input(INPUT_SERVER, "REQUEST_METHOD") == "GET") {
} }
$stmt = $db->prepare("UPDATE records SET content=:content WHERE name=:name AND id=:id"); $stmt = $db->prepare("UPDATE records SET content=:content WHERE name=:name AND id=:id");
$stmt->bindValue(':content', $input_content, PDO::PARAM_STR); $stmt->bindValue(':content', $input_content, PDO::PARAM_STR);
$stmt->bindValue(':name', $input_domain, PDO::PARAM_STR); $stmt->bindValue(':name', $input_domain, PDO::PARAM_STR);
$stmt->bindValue(':id', $record, PDO::PARAM_INT); $stmt->bindValue(':id', $record, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$stmt = $db->prepare("SELECT domain_id FROM records WHERE id=:id LIMIT 1"); $stmt = $db->prepare("SELECT domain_id FROM records WHERE id=:id LIMIT 1");
$stmt->bindValue(':id', $record, PDO::PARAM_INT); $stmt->bindValue(':id', $record, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$domain_id = $stmt->fetchColumn(); $domain_id = $stmt->fetchColumn();
update_serial($db, $domain_id); update_serial($db, $domain_id);
@ -74,10 +74,10 @@ if(filter_input(INPUT_SERVER, "REQUEST_METHOD") == "GET") {
if(isset($input->domain) && isset($input->id) && isset($input->content)) { if(isset($input->domain) && isset($input->id) && isset($input->content)) {
$stmt = $db->prepare("SELECT E.name,E.id FROM remote R JOIN records E ON R.record = E.id WHERE R.id=:id LIMIT 1"); $stmt = $db->prepare("SELECT E.name,E.id FROM remote R JOIN records E ON R.record = E.id WHERE R.id=:id LIMIT 1");
$stmt->bindValue(':id', $input->id, PDO::PARAM_INT); $stmt->bindValue(':id', $input->id, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$stmt->bindColumn('E.name', $domainName); $stmt->bindColumn('E.name', $domainName);
$stmt->bindColumn('E.id', $record); $stmt->bindColumn('E.id', $record);
$stmt->fetch(PDO::FETCH_BOUND); $stmt->fetch(PDO::FETCH_BOUND);
if($domainName != $input->domain) { if($domainName != $input->domain) {
@ -92,8 +92,8 @@ if(filter_input(INPUT_SERVER, "REQUEST_METHOD") == "GET") {
$dbNonce = $newNonce . ":" . time(); $dbNonce = $newNonce . ":" . time();
$stmt = $db->prepare("UPDATE remote SET nonce=:nonce WHERE id=:id"); $stmt = $db->prepare("UPDATE remote SET nonce=:nonce WHERE id=:id");
$stmt->bindValue(':nonce', $dbNonce, PDO::PARAM_STR); $stmt->bindValue(':nonce', $dbNonce, PDO::PARAM_STR);
$stmt->bindValue(':id', $input->id, PDO::PARAM_INT); $stmt->bindValue(':id', $input->id, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$return['nonce'] = $newNonce; $return['nonce'] = $newNonce;
@ -103,9 +103,9 @@ if(filter_input(INPUT_SERVER, "REQUEST_METHOD") == "GET") {
$stmt = $db->prepare("SELECT security,nonce FROM remote WHERE id=:id LIMIT 1"); $stmt = $db->prepare("SELECT security,nonce FROM remote WHERE id=:id LIMIT 1");
$stmt->bindValue(':id', $input->id, PDO::PARAM_INT); $stmt->bindValue(':id', $input->id, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$stmt->bindColumn('security', $pubkey); $stmt->bindColumn('security', $pubkey);
$stmt->bindColumn('nonce', $dbNonce); $stmt->bindColumn('nonce', $dbNonce);
$stmt->fetch(PDO::FETCH_BOUND); $stmt->fetch(PDO::FETCH_BOUND);
$nonce = explode(":", $dbNonce); $nonce = explode(":", $dbNonce);
@ -127,9 +127,9 @@ if(filter_input(INPUT_SERVER, "REQUEST_METHOD") == "GET") {
} }
$stmt = $db->prepare("UPDATE records SET content=:content WHERE name=:name AND id=:id"); $stmt = $db->prepare("UPDATE records SET content=:content WHERE name=:name AND id=:id");
$stmt->bindValue(':content', $input->content, PDO::PARAM_STR); $stmt->bindValue(':content', $input->content, PDO::PARAM_STR);
$stmt->bindValue(':name', $input->domain, PDO::PARAM_STR); $stmt->bindValue(':name', $input->domain, PDO::PARAM_STR);
$stmt->bindValue(':id', $record, PDO::PARAM_INT); $stmt->bindValue(':id', $record, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$stmt = $db->prepare("SELECT domain_id FROM records WHERE id=:id LIMIT 1"); $stmt = $db->prepare("SELECT domain_id FROM records WHERE id=:id LIMIT 1");

171
api/upgrade.php
View file

@ -55,17 +55,16 @@ if(isset($input->action) && $input->action == "requestUpgrade") {
INSERT INTO options(name,value) VALUES ('schema_version', 1); INSERT INTO options(name,value) VALUES ('schema_version', 1);
"; ";
$sql["pgsql"] = "INSERT INTO options(name,value) VALUES ('schema_version', 1);"; $sql["pgsql"] = "INSERT INTO options(name,value) VALUES ('schema_version', 1);";
$queries = explode(";", $sql[$dbType]); $queries = explode(";", $sql[$dbType]);
$db->beginTransaction();
$db->beginTransaction();
foreach ($queries as $query) {
if (preg_replace('/\s+/', '', $query) != '') {
$db->exec($query);
}
}
$db->commit(); foreach ($queries as $query) {
if (preg_replace('/\s+/', '', $query) != '') {
$db->exec($query);
}
}
$db->commit();
} }
if($currentVersion < 2) { if($currentVersion < 2) {
$sql["mysql"] = " $sql["mysql"] = "
@ -89,18 +88,17 @@ if(isset($input->action) && $input->action == "requestUpgrade") {
UPDATE options SET value=2 WHERE name='schema_version'; UPDATE options SET value=2 WHERE name='schema_version';
"; ";
$sql["pgsql"] = "UPDATE options SET value=2 WHERE name='schema_version';"; $sql["pgsql"] = "UPDATE options SET value=2 WHERE name='schema_version';";
$queries = explode(";", $sql[$dbType]); $queries = explode(";", $sql[$dbType]);
$db->beginTransaction();
foreach ($queries as $query) {
if (preg_replace('/\s+/', '', $query) != '') {
$db->exec($query);
}
}
$db->commit(); $db->beginTransaction();
foreach ($queries as $query) {
if (preg_replace('/\s+/', '', $query) != '') {
$db->exec($query);
}
}
$db->commit();
} }
if($currentVersion < 3) { if($currentVersion < 3) {
$sql["mysql"] = " $sql["mysql"] = "
@ -118,129 +116,20 @@ if(isset($input->action) && $input->action == "requestUpgrade") {
UPDATE options SET value=3 WHERE name='schema_version'; UPDATE options SET value=3 WHERE name='schema_version';
"; ";
$sql["pgsql"] = "UPDATE options SET value=3 WHERE name='schema_version';"; $sql["pgsql"] = "UPDATE options SET value=3 WHERE name='schema_version';";
$queries = explode(";", $sql[$dbType]);
$db->beginTransaction();
foreach ($queries as $query) {
if (preg_replace('/\s+/', '', $query) != '') {
$db->exec($query);
}
}
$db->commit(); $queries = explode(";", $sql[$dbType]);
$db->beginTransaction();
foreach ($queries as $query) {
if (preg_replace('/\s+/', '', $query) != '') {
$db->exec($query);
}
}
$db->commit();
} }
if($currentVersion < 4) {
$sql["mysql"] = "
CREATE TABLE IF NOT EXISTS supermasters (
ip VARCHAR(64) NOT NULL,
nameserver VARCHAR(255) NOT NULL,
account VARCHAR(40) NOT NULL,
PRIMARY KEY (ip, nameserver)
) Engine=InnoDB DEFAULT CHARSET=latin1;
CREATE TABLE IF NOT EXISTS comments (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
name VARCHAR(255) NOT NULL,
type VARCHAR(10) NOT NULL,
modified_at INT NOT NULL,
account VARCHAR(40) NOT NULL,
comment VARCHAR(64000) NOT NULL,
PRIMARY KEY (id),
KEY comments_domain_id_idx (domain_id),
KEY comments_name_type_idx (name,type),
KEY comments_order_idx (domain_id, modified_at)
) Engine=InnoDB DEFAULT CHARSET=latin1;
CREATE TABLE IF NOT EXISTS cryptokeys (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
flags INT NOT NULL,
active BOOL,
content TEXT,
PRIMARY KEY(id),
KEY domainidindex (domain_id)
) Engine=InnoDB DEFAULT CHARSET=latin1;
CREATE TABLE IF NOT EXISTS tsigkeys (
id INT AUTO_INCREMENT,
name VARCHAR(255),
algorithm VARCHAR(50),
secret VARCHAR(255),
PRIMARY KEY (id),
UNIQUE KEY namealgoindex (name, algorithm)
) Engine=InnoDB DEFAULT CHARSET=latin1;
DELETE FROM permissions
WHERE user IN (
SELECT id FROM user
LEFT OUTER JOIN (
SELECT MIN(U.id) AS minid, U.name
FROM user AS U
GROUP BY U.name
) as KeepRows ON user.id = KeepRows.minid
WHERE KeepRows.minid IS NULL
);
ALTER TABLE permissions ADD userid INT NOT NULL;
UPDATE permissions SET userid = user;
ALTER TABLE permissions DROP FOREIGN KEY permissions_ibfk_2;
ALTER TABLE permissions DROP user;
CREATE TABLE IF NOT EXISTS users (
id int(11) NOT NULL,
name varchar(50) NOT NULL,
password varchar(200) NOT NULL,
type varchar(20) NOT NULL,
PRIMARY KEY (id)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
INSERT INTO users (id, name, password, type) SELECT id, name, password, type FROM user;
DELETE FROM users
WHERE users.id IN (
SELECT user.id FROM user
LEFT OUTER JOIN (
SELECT MIN(U.id) AS minid, U.name
FROM user AS U
GROUP BY U.name
) as KeepRows ON user.id = KeepRows.minid
WHERE KeepRows.minid IS NULL
);
ALTER TABLE users ADD CONSTRAINT UNIQUE KEY user_name_index (name);
ALTER TABLE users MODIFY COLUMN id int(11) NOT NULL AUTO_INCREMENT;
ALTER TABLE permissions ADD CONSTRAINT permissions_ibfk_2 FOREIGN KEY (userid) REFERENCES users (id) ON DELETE CASCADE;
DROP TABLE user;
UPDATE domains SET name=LOWER(name);
UPDATE records SET name=LOWER(name);
UPDATE options SET value=4 WHERE name='schema_version';
";
$sql["pgsql"] = "UPDATE options SET value=4 WHERE name='schema_version';";
$queries = explode(";", $sql[$dbType]);
$db->beginTransaction();
foreach ($queries as $query) {
if (preg_replace('/\s+/', '', $query) != '') {
$db->exec($query);
}
}
$db->commit();
}
$retval['status'] = "success"; $retval['status'] = "success";
} }

12
api/users.php
View file

@ -78,10 +78,10 @@ if(isset($input->action) && $input->action == "getUsers") {
$type_filter_used = 1; $type_filter_used = 1;
} }
$stmt->bindValue(':name1', $name_filter, PDO::PARAM_STR); $stmt->bindValue(':name1', $name_filter, PDO::PARAM_STR);
$stmt->bindValue(':name2', $name_filter_used, PDO::PARAM_INT); $stmt->bindValue(':name2', $name_filter_used, PDO::PARAM_INT);
$stmt->bindValue(':type1', $type_filter, PDO::PARAM_INT); $stmt->bindValue(':type1', $type_filter, PDO::PARAM_INT);
$stmt->bindValue(':type2', $type_filter_used, PDO::PARAM_INT); $stmt->bindValue(':type2', $type_filter_used, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$retval = Array(); $retval = Array();
@ -97,11 +97,11 @@ if(isset($input->action) && $input->action == "deleteUser") {
$db->beginTransaction(); $db->beginTransaction();
$stmt = $db->prepare("DELETE FROM permissions WHERE userid=:userid"); $stmt = $db->prepare("DELETE FROM permissions WHERE userid=:userid");
$stmt->bindValue(':userid', $userId, PDO::PARAM_INT); $stmt->bindValue(':userid', $userId, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$stmt = $db->prepare("DELETE FROM users WHERE id=:id"); $stmt = $db->prepare("DELETE FROM users WHERE id=:id");
$stmt->bindValue(':id', $userId, PDO::PARAM_INT); $stmt->bindValue(':id', $userId, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$db->commit(); $db->commit();

6
domains.php
View file

@ -73,7 +73,7 @@ limitations under the License.
<select class="form-control no-shadow" id="searchType"> <select class="form-control no-shadow" id="searchType">
<option value="none">No filter...</option> <option value="none">No filter...</option>
<option value="MASTER">MASTER</option> <option value="MASTER">MASTER</option>
<option value="NATIVE">NATIVE</option> <option value="NATIVE">NATIVE</option>
</select> </select>
</div> </div>
</form> </form>
@ -93,8 +93,8 @@ limitations under the License.
<?php <?php
if($_SESSION['type'] == "admin") { if($_SESSION['type'] == "admin") {
echo '<div class="row text-center">'; echo '<div class="row text-center">';
echo '<a class="btn btn-primary" href="add-domain.php#NATIVE">Add NATIVE</a>'; echo '<a class="btn btn-success" href="add-domain.php#MASTER">Add MASTER</a>';
echo '<a class="btn btn-success margin-left-20" href="add-domain.php#MASTER">Add MASTER</a>'; echo '<a class="btn btn-primary margin-left-20" href="add-domain.php#NATIVE">Add NATIVE</a>';
echo '</div>'; echo '</div>';
} }
?> ?>

2
edit-master.php
View file

@ -70,7 +70,7 @@ limitations under the License.
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="soa-mail" class="control-label">Email</label> <label for="soa-mail" class="control-label">Email</label>
<input type="email" class="form-control" id="soa-mail" placeholder="Email" autocomplete="off" tabindex="2"> <input type="text" class="form-control" id="soa-mail" placeholder="Email" autocomplete="off" data-regex="^.+@[^.]+(\.[^.]+)*$" tabindex="2">
</div> </div>
<button disabled type="submit" class="btn btn-primary" tabindex="7">Save</button> <button disabled type="submit" class="btn btn-primary" tabindex="7">Save</button>
</div> </div>

8
install.php
View file

@ -66,10 +66,10 @@ limitations under the License.
<h3>Database</h3> <h3>Database</h3>
<div class="form-group"> <div class="form-group">
<label for="dbType" class="control-label">Type</label> <label for="dbType" class="control-label">Type</label>
<select class="form-control" id="dbType"> <select class="form-control" id="dbType">
<option value="mysql" selected>MySQL</option> <option value="mysql" selected>MySQL</option>
<option value="pgsql">PgSQL</option> <option value="pgsql">PgSQL</option>
</select> </select>
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="dbHost" class="control-label">Host</label> <label for="dbHost" class="control-label">Host</label>

14
lib/checkversion.php
View file

@ -17,7 +17,7 @@
*/ */
function getExpectedVersion() { function getExpectedVersion() {
return 4; return 3;
} }
function checkVersion($db) { function checkVersion($db) {
@ -29,12 +29,12 @@ function checkVersion($db) {
} }
function getVersion($db) { function getVersion($db) {
$stmt = $db->prepare("SELECT value FROM options WHERE name='schema_version' LIMIT 1");
$stmt = $db->prepare("SELECT value FROM options WHERE name='schema_version' LIMIT 1"); $stmt->execute();
$stmt->execute(); $version = $stmt->fetchColumn();
$version = $stmt->fetchColumn();
if (!$version) { if (!$version) {
$version = 0; $version = 0;
} }
return $version; return $version;
} }

4
lib/database.php
View file

@ -17,8 +17,8 @@
*/ */
try { try {
$db = new PDO($config['db_type'].":dbname=".$config['db_name'].";host=".$config['db_host'].";port=".strval($config['db_port']), $config['db_user'], $config['db_password']); $db = new PDO($config['db_type'].":dbname=".$config['db_name'].";host=".$config['db_host'].";port=".strval($config['db_port']), $config['db_user'], $config['db_password']);
} }
catch (PDOException $e) { catch (PDOException $e) {
die("Connection to database failed"); die("Connection to database failed");
} }

6
lib/update-serial.php
View file

@ -24,7 +24,7 @@ function update_serial($db, $domainId) {
$stmt->bindValue(':domain_id', $domainId, PDO::PARAM_INT); $stmt->bindValue(':domain_id', $domainId, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$content = $stmt->fetchColumn(); $content = $stmt->fetchColumn();
$content = explode(" ", $content); $content = explode(" ", $content);
$serial = $content[2]; $serial = $content[2];
@ -48,10 +48,10 @@ function update_serial($db, $domainId) {
$newsoa = implode(" ", $content); $newsoa = implode(" ", $content);
$stmt = $db->prepare("UPDATE records SET content=:content WHERE type='SOA' AND domain_id=:domain_id"); $stmt = $db->prepare("UPDATE records SET content=:content WHERE type='SOA' AND domain_id=:domain_id");
$stmt->bindValue(':content', $newsoa, PDO::PARAM_STR); $stmt->bindValue(':content', $newsoa, PDO::PARAM_STR);
$stmt->bindValue(':domain_id', $domainId, PDO::PARAM_INT); $stmt->bindValue(':domain_id', $domainId, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$db->commit(); $db->commit();
} }