Bob Hutchinson wrote:
> > On Sunday 30 Apr 2006 21:26, Robin Bowes wrote:
>> >> WARNING - EXTREMELY RAW PATCH AHEAD
> >
> > wow, all sorts going on here ;-)
Yeah, fun fun fun!
I've actually tempered things a little now and move the "apply default
records" functionality to the domain list records page and added a
confirmation page. It's working well. Patch attached.
> >
> > Here is how I set up my default records, pulled from phpmyadmin and
edited to
> > suit:
> >
> > host type val
> > hostmaster.DOMAIN:ns1.example.com S 16384:2048:1048576:2560
> > www.DOMAIN A 1.2.3.4
> > ftp.DOMAIN A 1.2.3.4
> > mail.DOMAIN A 1.2.3.4
> > webmail.DOMAIN A 1.2.3.4
> > DOMAIN A 1.2.3.4
> > DOMAIN N ns1.example.com
> > DOMAIN N ns2.example.com
> > DOMAIN M mail.DOMAIN
Is there any reason you use A records instead of CNAMES?
> BTW regarding the md5 passwords thing, here is what grep found on a
virgin
> > copy of 0.9.9.1. I've removed the CHANGELOG, md5update and smarty lines
> >
> > vegadns-0.9.9.1 # grep -rn md5 *
> >
> > src/create_tables.php:43:$q = "INSERT INTO accounts VALUES
> > (0,0,'test@test.com','".md5
> > (test)."','Test','User','','senior_admin','active')";
> >
> > src/functions.php:38: Password='".md5($password)."' and
> >
> > src/help.php:56: $newpass =
substr(md5(rand(0,10000)."vegadns_".
> > $_REQUEST['username'].rand(0,10000)),0,rand(5,8));
> >
> > src/help.php:57: mysql_query("update accounts set
Password='".md5
> > ($newpass)."' where cid=".$fa[0]);
> >
> > src/users.php:100: $q .= ", Password='".md5
> > (mysql_escape_string($_REQUEST['password']))."'";
> >
> > src/users.php:179: '".md5
> > (mysql_escape_string($_REQUEST['password']))."',";
> >
> > HTH
I did that too and couldn't find anywhere obvious where the password
entered by the user on the login page is md5-encrypted.
Strange...
R.
diff -ur --new-file --exclude=config.php vegadns-0.9.9.1/axfr_get.php
vegadns-0.9.9.1-working/axfr_get.php
--- vegadns-0.9.9.1/axfr_get.php 2005-02-04 00:07:16.000000000 +0000
+++ vegadns-0.9.9.1-working/axfr_get.php 2006-04-25 01:23:48.000000000
+0100
@@ -45,7 +45,7 @@
$rand = rand();
$file = "/tmp/$domain.$rand";
-$command = "/usr/local/bin/tcpclient '".escapeshellcmd($hostname)."' 53
/usr/local/bin/axfr-get '".escapeshellcmd($domain)."' $file $file.tmp 2>&1";
+$command = "/usr/local/bin/tcpclient -R '".escapeshellcmd($hostname)."' 53
/usr/local/bin/axfr-get '".escapeshellcmd($domain)."' $file $file.tmp 2>&1";
exec($command, $out);
// Print any errors first
diff -ur --new-file --exclude=config.php vegadns-0.9.9.1/index.php
vegadns-0.9.9.1-working/index.php
--- vegadns-0.9.9.1/index.php 2005-09-10 17:49:22.000000000 +0100
+++ vegadns-0.9.9.1-working/index.php 2006-03-29 20:26:44.000000000 +0100
@@ -23,6 +23,7 @@
ini_set('log_errors', 1);
ini_set('allow_url_fopen', 0);
ini_set('session.use_cookies',0);
+ini_set('error_reporting', E_ALL);
// Check that register_globals is off
if(ini_get('register_globals')) {
diff -ur --new-file --exclude=config.php vegadns-0.9.9.1/src/create_tables.php
vegadns-0.9.9.1-working/src/create_tables.php
--- vegadns-0.9.9.1/src/create_tables.php 2005-02-04 00:05:34.000000000
+0000
+++ vegadns-0.9.9.1-working/src/create_tables.php 2006-03-29
20:28:51.000000000 +0100
@@ -40,7 +40,7 @@
) TYPE=MyISAM";
mysql_query($q) or die(mysql_error());
-$q = "INSERT INTO accounts VALUES
(0,0,'test@test.com','".md5(test)."','Test','User','','senior_admin','active')";
+$q = "INSERT INTO accounts VALUES
(0,0,'test@test.com','".md5('test')."','Test','User','','senior_admin','active')";
mysql_query($q) or die(mysql_error()."<br>".$q);
$q = "CREATE TABLE active_sessions (
diff -ur --new-file --exclude=config.php vegadns-0.9.9.1/src/domains.php
vegadns-0.9.9.1-working/src/domains.php
--- vegadns-0.9.9.1/src/domains.php 2005-09-10 12:35:33.000000000 +0100
+++ vegadns-0.9.9.1-working/src/domains.php 2006-04-30 20:04:03.000000000
+0100
@@ -220,7 +220,7 @@
exit;
}
// make sure it's at least a correct domain name
- if (!eregi("^[\.a-z0-9-]+$",$domain)) {
+ if (!eregi("^[\.a-z0-9-]+$",$domain)) {
set_msg_err("Error: domain $domain does not appear to be a valid
domain name");
$smarty->display('header.tpl');
require('src/new_domain_form.php');
@@ -267,76 +267,7 @@
if($id == -1) die("Error getting domain id");
dns_log($id,"added domain $domain with status $domain_status");
- // Get default records
- if($user_info['Account_Type'] == 'user') {
- $q = "select * from default_records where default_type='group' and
group_owner_id='".$user_info['gid']."'";
- $result = mysql_query($q) or die(mysql_error());
- if(mysql_num_rows($result) == 0) {
- // Get system default records
- $q = "select * from default_records where default_type='system'";
- $result = mysql_query($q) or die(mysql_error());
- }
- } else if($user_info['Account_Type'] == 'group_admin') {
- $q = "select * from default_records where default_type='group' and
group_owner_id='".$user_info['cid']."'";
- $result = mysql_query($q) or die(mysql_error());
- if(mysql_num_rows($result) == 0) {
- // Get system default records
- $q = "select * from default_records where default_type='system'";
- $result = mysql_query($q) or die(mysql_error());
- }
- } else if($user_info['Account_Type'] == 'senior_admin') {
- // Get system default records
- $q = "select * from default_records where default_type='system'";
- $result = mysql_query($q) or die(mysql_error());
- }
-
- if(mysql_num_rows($result) == 0) {
- set_msg_err("Error: you have not yet setup default records");
- header("Location: $base_url");
- exit;
- }
-
- // Build arrays
- $counter = 0;
- while($row = mysql_fetch_array($result)) {
- if($row['type'] == 'S' && !isset($soa_array)) {
- $soa_array = $row;
- } else {
- $records_array[$counter] = $row;
- $counter++;
- }
- }
-
-
- // Add SOA record
- $host = ereg_replace("DOMAIN", $domain, $soa_array['host']);
- $val = ereg_replace("DOMAIN", $domain, $soa_array['val']);
- $q = "insert into records (domain_id,host,type,val,ttl)
- values('$id',
- '".mysql_escape_string($host)."',
- 'S',
- '$val',
- '".$soa_array['ttl']."')";
- mysql_query($q) or die(mysql_error());
- dns_log($id, "added soa");
-
- // Add default records
-
- if(is_array($records_array)) {
- while(list($key,$row) = each($records_array)) {
- $host = ereg_replace("DOMAIN", $domain, $row['host']);
- $val = ereg_replace("DOMAIN", $domain, $row['val']);
- $q = "insert into records (domain_id,host,type,val,distance,ttl)
- values('$id',
- '".mysql_escape_string($host)."',
- '".$row['type']."',
- '$val',
- '".$row['distance']."',
- '".$row['ttl']."')";
- mysql_query($q) or die(mysql_error());
- dns_log($id, "added ".$row['type']." $host with value $val");
- }
- }
+ add_default_records($domain, $user_info);
// Email the support address if an inactive domain is added
$body = "inactive domain \"$domain\" added by ".$user_info['Email']."\n\n";
@@ -531,10 +462,10 @@
$counter = 0;
// default SOA and NS
- if ($_REQUEST['default_soa']=="on")
+ if (isset($_REQUEST['default_soa']) && $_REQUEST['default_soa']=="on")
$def_soa=mysql_fetch_array(
mysql_query("SELECT host,val FROM default_records WHERE type='S'"));
- if ($_REQUEST['default_ns']=="on") {
+ if (isset($_REQUEST['default_ns']) && $_REQUEST['default_ns']=="on") {
$q=mysql_query("SELECT host,val,distance,ttl FROM default_records WHERE
type='N'");
while ($l = mysql_fetch_array($q))
$def_ns[]=$l;
@@ -582,11 +513,11 @@
if($line_key != 'domain' && !ereg("^#", $value)) {
$result = parse_dataline($value);
if(is_array($result)) {
- if (($_REQUEST['default_soa']=="on") &&
($result['type']=='S')) {
+ if ((isset($_REQUEST['default_soa']) &&
$_REQUEST['default_soa']=="on") && ($result['type']=='S')) {
$result['val']=$def_soa['val'];
$result['host']=$def_soa['host'];
}
- if (($_REQUEST['default_ns']!="on") ||
($result['type']!='N')) {
+ if ((isset($_REQUEST['default_ns']) &&
$_REQUEST['default_ns']!="on") || ($result['type']!='N')) {
$q = "insert into records
(domain_id,host,type,val,distance,ttl)
values(
@@ -601,22 +532,23 @@
}
}
}
- if ($_REQUEST['default_ns']=="on") {
- $counter=0;
- while ($ns = $def_ns[$counter]) {
- $host = ereg_replace("DOMAIN", $domain, $ns['host']);
- $q = "insert into records
- (domain_id,host,type,val,distance,ttl)
- values(
- $domain_id,
- '".mysql_escape_string($host)."',
- 'N',
- '".mysql_escape_string($ns['val'])."',
- '".$ns['distance']."',
- '".$ns['ttl']."')";
- mysql_query($q) or die(mysql_error().$q);
- $counter++;
- }
+ if (isset($_REQUEST['default_ns']) && $_REQUEST['default_ns']=="on") {
+ $counter=0;
+ while (isset($def_ns[$counter])) {
+ $ns = $def_ns[$counter];
+ $host = ereg_replace("DOMAIN", $domain, $ns['host']);
+ $q = "insert into records
+ (domain_id,host,type,val,distance,ttl)
+ values(
+ $domain_id,
+ '".mysql_escape_string($host)."',
+ 'N',
+ '".mysql_escape_string($ns['val'])."',
+ '".$ns['distance']."',
+ '".$ns['ttl']."')";
+ mysql_query($q) or die(mysql_error().$q);
+ $counter++;
+ }
}
$log_entry = "imported via axfr from ".$_REQUEST['hostname'];
dns_log($domain_id,$log_entry);
diff -ur --new-file --exclude=config.php vegadns-0.9.9.1/src/functions.php
vegadns-0.9.9.1-working/src/functions.php
--- vegadns-0.9.9.1/src/functions.php 2005-09-10 17:48:07.000000000 +0100
+++ vegadns-0.9.9.1-working/src/functions.php 2006-04-30 20:04:05.000000000
+0100
@@ -35,7 +35,7 @@
mysql_query("delete from active_sessions where time < $oldsessions");
$result = mysql_query("select Email from accounts where
Email='".mysql_real_escape_string(strtolower($email))."' and
- Password='".md5($password)."' and
+ Password='".$password."' and
Status='active' LIMIT 1") or die(mysql_error());
$resultarray = mysql_fetch_array($result);
if($resultarray['Email'] != "") {
@@ -294,36 +294,39 @@
function parse_soa($soa) {
$email_soa = explode(":", $soa['host']);
- $array['tldemail'] = $email_soa[0];
- $array['tldhost'] = $email_soa[1];
-
+ if (isset($email_soa[0])) {
+ $array['tldemail'] = $email_soa[0];
+ }
+ if (isset($email_soa[1])) {
+ $array['tldhost'] = $email_soa[1];
+ }
$ttls_soa = explode(":", $soa['val']);
// ttl
- if($soa['ttl'] == "") {
+ if(!isset($soa['ttl']) || $soa['ttl'] == "") {
$array['ttl'] = 86400;
} else {
$array['ttl'] = $soa['ttl'];
}
// refresh
- if($ttls_soa[0] == "") {
+ if(!isset($ttls_soa[0]) || $ttls_soa[0] == "") {
$array['refresh'] = 16384;
} else {
$array['refresh'] = $ttls_soa[0];
}
// retry
- if($ttls_soa[1] == "") {
+ if (!isset($ttls_soa[1]) || $ttls_soa[1] == "") {
$array['retry'] = 2048;
} else {
$array['retry'] = $ttls_soa[1];
}
// expiration
- if($ttls_soa[2] == "") {
+ if (!isset($ttls_soa[2]) || $ttls_soa[2] == "") {
$array['expire'] = 1048576;
} else {
$array['expire'] = $ttls_soa[2];
}
// min
- if($ttls_soa[3] == "") {
+ if(!isset($ttls_soa[3]) || $ttls_soa[3] == "") {
$array['minimum'] = 2560;
} else {
$array['minimum'] = $ttls_soa[3];
@@ -381,6 +384,7 @@
// Strip first char
$stripped = ereg_replace("^.", "", $line);
$array = explode(":", $stripped);
+ $out_array = '';
// Format the array according to the type
if(strncmp('+', $line, 1) == 0) {
@@ -462,6 +466,83 @@
}
}
+// Add the default records to an existing domain
+function add_default_records($domain, $user_info) {
+ // Get domain ID
+ $id = get_dom_id($domain);
+ if($id == -1) die("Error getting domain id");
+
+ // Get default records
+ if($user_info['Account_Type'] == 'user') {
+ $q = "select * from default_records where default_type='group' and
group_owner_id='".$user_info['gid']."'";
+ $result = mysql_query($q) or die(mysql_error());
+ if(mysql_num_rows($result) == 0) {
+ // Get system default records
+ $q = "select * from default_records where default_type='system'";
+ $result = mysql_query($q) or die(mysql_error());
+ }
+ } else if($user_info['Account_Type'] == 'group_admin') {
+ $q = "select * from default_records where default_type='group' and
group_owner_id='".$user_info['cid']."'";
+ $result = mysql_query($q) or die(mysql_error());
+ if(mysql_num_rows($result) == 0) {
+ // Get system default records
+ $q = "select * from default_records where default_type='system'";
+ $result = mysql_query($q) or die(mysql_error());
+ }
+ } else if($user_info['Account_Type'] == 'senior_admin') {
+ // Get system default records
+ $q = "select * from default_records where default_type='system'";
+ $result = mysql_query($q) or die(mysql_error());
+ }
+
+ if(mysql_num_rows($result) == 0) {
+ set_msg_err("Error: you have not yet setup default records");
+ header("Location: $base_url");
+ exit;
+ }
+ // Build arrays
+ $counter = 0;
+ while($row = mysql_fetch_array($result)) {
+ if($row['type'] == 'S' && !isset($soa_array)) {
+ $soa_array = $row;
+ } else {
+ $records_array[$counter] = $row;
+ $counter++;
+ }
+ }
+
+
+ // Add SOA record
+ $host = ereg_replace("DOMAIN", $domain, $soa_array['host']);
+ $val = ereg_replace("DOMAIN", $domain, $soa_array['val']);
+ $q = "insert into records (domain_id,host,type,val,ttl)
+ values('$id',
+ '".mysql_escape_string($host)."',
+ 'S',
+ '$val',
+ '".$soa_array['ttl']."')";
+ mysql_query($q) or die(mysql_error());
+ dns_log($id, "added soa");
+
+ // Add default records
+
+ if(is_array($records_array)) {
+ while(list($key,$row) = each($records_array)) {
+ $host = ereg_replace("DOMAIN", $domain, $row['host']);
+ $val = ereg_replace("DOMAIN", $domain, $row['val']);
+ $q = "insert into records (domain_id,host,type,val,distance,ttl)
+ values('$id',
+ '".mysql_escape_string($host)."',
+ '".$row['type']."',
+ '$val',
+ '".$row['distance']."',
+ '".$row['ttl']."')";
+ mysql_query($q) or die(mysql_error());
+ dns_log($id, "added ".$row['type']." $host with value $val");
+ }
+ }
+}
+
// END FUNCTIONS
?>
diff -ur --new-file --exclude=config.php vegadns-0.9.9.1/src/records.php
vegadns-0.9.9.1-working/src/records.php
--- vegadns-0.9.9.1/src/records.php 2005-09-10 12:58:04.000000000 +0100
+++ vegadns-0.9.9.1-working/src/records.php 2006-05-01 00:13:55.000000000
+0100
@@ -230,6 +230,7 @@
$smarty->assign('display_soa', $display_soa);
$smarty->assign('add_record_url',
"$base_url&mode=records&record_mode=add_record&domain=$domain");
$smarty->assign('view_log_url',
"$base_url&mode=records&record_mode=view_log&domain=$domain");
+ $smarty->assign('apply_default_records_url',
"$base_url&mode=records&record_mode=apply_default_records&domain=$domain");
$smarty->assign('all_url',
"$base_url&mode=records&domain=$domain&page=all&sortfield=$sortfield&sortway=$sortway&search=".urlencode($search));
$smarty->assign('first_record', $first_record);
@@ -537,6 +538,35 @@
exit;
}
+} else if($_REQUEST['record_mode'] == 'apply_default_records') {
+ // apply default records
+ // echo "It's working!";
+ $smarty->assign('domain', $domain);
+ $smarty->assign('cancel_url',
"$base_url&mode=records&domain=".urlencode($domain)."&record_mode=delete_cancelled");
+ $smarty->assign('apply_url',
"$base_url&mode=records&record_mode=apply_default_records_now&domain=".urlencode($domain));
+ $smarty->display('header.tpl');
+ $smarty->display('apply_default_records_confirm.tpl');
+ $smarty->display('footer.tpl');
+
+ exit;
+
+} else if($_REQUEST['record_mode'] == 'apply_default_records_now') {
+ // apply default records
+ // make sure the domain was given
+ if(!isset($_REQUEST['domain'])) {
+ set_msg_err("Error: no domain");
+ $smarty->display('header.tpl');
+ $smarty->display('footer.tpl');
+ exit;
+ }
+
+ add_default_records($domain, $user_info);
+
+ set_msg("Default records applied successfully");
+ header("Location: $base_url&mode=records&domain=".urlencode($domain));
+
+ exit;
+
} else {
die("Error: illegal records_mode");
diff -ur --new-file --exclude=config.php
vegadns-0.9.9.1/templates/apply_default_records_confirm.tpl
vegadns-0.9.9.1-working/templates/apply_default_records_confirm.tpl
--- vegadns-0.9.9.1/templates/apply_default_records_confirm.tpl 1970-01-01
01:00:00.000000000 +0100
+++ vegadns-0.9.9.1-working/templates/apply_default_records_confirm.tpl
2006-04-30 23:53:30.000000000 +0100
@@ -0,0 +1,3 @@
+<h3>Are you really sure you want to apply default records to domain
{$domain|escape} ?</h3><p>
+
+<a href="{$cancel_url}">cancel</a>   |   <a
href="{$apply_url}">apply</a>
diff -ur --new-file --exclude=config.php
vegadns-0.9.9.1/templates/list_records.tpl
vegadns-0.9.9.1-working/templates/list_records.tpl
--- vegadns-0.9.9.1/templates/list_records.tpl 2004-10-09 18:43:53.000000000
+0100
+++ vegadns-0.9.9.1-working/templates/list_records.tpl 2006-04-30
23:51:10.000000000 +0100
@@ -80,7 +80,8 @@
</tr>
<tr bgcolor="#cccccc">
<td>Records</td>
- <td align="right" width="5%" nowrap><a href="{$add_record_url}">add
record</a></td>
+ <td align="right" width="11%"><a href="{$apply_default_records_url}">Apply
Default Records</a></td>
+ <td align="right" width="6%" nowrap><a href="{$add_record_url}">add
record</a></td>
<td align="right" width="5%" nowrap><a href="{$view_log_url}">view
log</a></td>
</tr>
</table>
