Re: [users] Patch to fix authentication

Robin Bowes Sun, 30 Apr 2006 10:49:58 -0700

Bill Shupp wrote:
> 
> Thanks for all your feedback.  I'll be back to work on this stuff early
> this week, and will review all the changes and get them tested and
> hopefully integrated.


You may as well start with the attached patch - this is a diff from
0.9.9.1 against my current working version.

It contains the following fixes:

axfr-get.php
============
Add "-R" to the tcpclient command.
This stops tcpclient looking up TCPREMOTEINFO which is often not
available and simply causes the tcpclient command to hang until it times
out (default 26 seconds)

index.php
=========
Turn on Full error reporting (E_ALL)
This is useful for debugging when evaluating vegadns but should be
disabled in production.

create_tables.php
=================
Add quotes to md5() function when creating default password.
VegaDNS wouldn't work for me without this. Identified by Bob Hutchinson.

domains.php
===========
Add checks for default_ns and default_soa being present in the $_REQUEST
array before accessing them.
This prevents php warning notices in the form:
Notice: Undefined index: default_soa in
/var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 534

functions.php
=============
Removed MD5 function from query in authenticate_user function
Added several checks for array elements being set before attempting to
access them to prevent php warning notices.
Set a default value for $out_array in the parse_dataline function.
This prevents php warning notices in the form:
Notice: Undefined index: out_array in
/var/www/vegadns/vegadns-0.9.9.1/src/functions.php on line 433

R.

diff -ur --exclude=config.php vegadns-0.9.9.1/axfr_get.php 
vegadns-0.9.9.1-working/axfr_get.php
--- vegadns-0.9.9.1/axfr_get.php        2005-02-04 00:07:16.000000000 +0000
+++ vegadns-0.9.9.1-working/axfr_get.php        2006-04-25 01:23:48.000000000 
+0100
@@ -45,7 +45,7 @@
 $rand = rand();
 $file = "/tmp/$domain.$rand";
 
-$command = "/usr/local/bin/tcpclient '".escapeshellcmd($hostname)."' 53 
/usr/local/bin/axfr-get '".escapeshellcmd($domain)."' $file $file.tmp 2>&1";
+$command = "/usr/local/bin/tcpclient -R '".escapeshellcmd($hostname)."' 53 
/usr/local/bin/axfr-get '".escapeshellcmd($domain)."' $file $file.tmp 2>&1";
 exec($command, $out);
 
 // Print any errors first
diff -ur --exclude=config.php vegadns-0.9.9.1/index.php 
vegadns-0.9.9.1-working/index.php
--- vegadns-0.9.9.1/index.php   2005-09-10 17:49:22.000000000 +0100
+++ vegadns-0.9.9.1-working/index.php   2006-03-29 20:26:44.000000000 +0100
@@ -23,6 +23,7 @@
 ini_set('log_errors', 1);
 ini_set('allow_url_fopen', 0);
 ini_set('session.use_cookies',0);
+ini_set('error_reporting', E_ALL);
 
 // Check that register_globals is off
 if(ini_get('register_globals')) {
diff -ur --exclude=config.php vegadns-0.9.9.1/src/create_tables.php 
vegadns-0.9.9.1-working/src/create_tables.php
--- vegadns-0.9.9.1/src/create_tables.php       2005-02-04 00:05:34.000000000 
+0000
+++ vegadns-0.9.9.1-working/src/create_tables.php       2006-03-29 
20:28:51.000000000 +0100
@@ -40,7 +40,7 @@
 ) TYPE=MyISAM";
 mysql_query($q) or die(mysql_error());
 
-$q = "INSERT INTO accounts VALUES 
(0,0,'[email protected]','".md5(test)."','Test','User','','senior_admin','active')";
+$q = "INSERT INTO accounts VALUES 
(0,0,'[email protected]','".md5('test')."','Test','User','','senior_admin','active')";
 mysql_query($q) or die(mysql_error()."<br>".$q);
 
 $q = "CREATE TABLE active_sessions (
diff -ur --exclude=config.php vegadns-0.9.9.1/src/domains.php 
vegadns-0.9.9.1-working/src/domains.php
--- vegadns-0.9.9.1/src/domains.php     2005-09-10 12:35:33.000000000 +0100
+++ vegadns-0.9.9.1-working/src/domains.php     2006-04-30 18:27:45.000000000 
+0100
@@ -531,10 +531,10 @@
 
     $counter = 0;
     // default SOA and NS
-    if ($_REQUEST['default_soa']=="on")
+    if (isset($_REQUEST['default_soa']) && $_REQUEST['default_soa']=="on")
      $def_soa=mysql_fetch_array(
       mysql_query("SELECT host,val FROM default_records WHERE type='S'"));
-    if ($_REQUEST['default_ns']=="on") {
+    if (isset($_REQUEST['default_ns']) && $_REQUEST['default_ns']=="on") {
      $q=mysql_query("SELECT host,val,distance,ttl FROM default_records WHERE 
type='N'");
      while ($l = mysql_fetch_array($q))
       $def_ns[]=$l;
@@ -582,11 +582,11 @@
             if($line_key != 'domain' && !ereg("^#", $value)) {
                 $result = parse_dataline($value);
                 if(is_array($result)) {
-                   if (($_REQUEST['default_soa']=="on") && 
($result['type']=='S')) {
+                   if ((isset($_REQUEST['default_soa']) && 
$_REQUEST['default_soa']=="on") && ($result['type']=='S')) {
                     $result['val']=$def_soa['val'];
                     $result['host']=$def_soa['host'];
                    }
-                   if (($_REQUEST['default_ns']!="on") || 
($result['type']!='N')) {
+                   if ((isset($_REQUEST['default_ns']) && 
$_REQUEST['default_ns']!="on") || ($result['type']!='N')) {
                      $q = "insert into records 
                          (domain_id,host,type,val,distance,ttl) 
                          values(
@@ -601,7 +601,7 @@
                 }
             }
        }
-        if ($_REQUEST['default_ns']=="on") {
+        if (isset($_REQUEST['default_ns']) && $_REQUEST['default_ns']=="on") {
         $counter=0;
          while ($ns = $def_ns[$counter]) {
          $host = ereg_replace("DOMAIN", $domain, $ns['host']);
diff -ur --exclude=config.php vegadns-0.9.9.1/src/functions.php 
vegadns-0.9.9.1-working/src/functions.php
--- vegadns-0.9.9.1/src/functions.php   2005-09-10 17:48:07.000000000 +0100
+++ vegadns-0.9.9.1-working/src/functions.php   2006-04-30 18:38:50.000000000 
+0100
@@ -35,7 +35,7 @@
     mysql_query("delete from active_sessions where time < $oldsessions");
     $result = mysql_query("select Email from accounts where 
         Email='".mysql_real_escape_string(strtolower($email))."' and 
-        Password='".md5($password)."' and
+        Password='".$password."' and
         Status='active' LIMIT 1") or die(mysql_error());
     $resultarray = mysql_fetch_array($result);
     if($resultarray['Email'] != "") {
@@ -294,36 +294,39 @@
 function parse_soa($soa) {
 
     $email_soa = explode(":", $soa['host']);
-    $array['tldemail'] = $email_soa[0];
-    $array['tldhost'] = $email_soa[1];
-
+    if (isset($email_soa[0])) {
+        $array['tldemail'] = $email_soa[0];
+    }
+    if (isset($email_soa[1])) {
+        $array['tldhost'] = $email_soa[1];
+    }
     $ttls_soa = explode(":", $soa['val']);
     // ttl
-    if($soa['ttl'] == "") {
+    if(!isset($soa['ttl']) || $soa['ttl'] == "") {
         $array['ttl'] = 86400;
     } else {
         $array['ttl'] = $soa['ttl'];
     }
     // refresh
-    if($ttls_soa[0] == "") {
+    if(!isset($ttls_soa[0]) || $ttls_soa[0] == "") {
         $array['refresh'] = 16384;
     } else {
         $array['refresh'] = $ttls_soa[0];
     }
     // retry
-    if($ttls_soa[1] == "") {
+    if (!isset($ttls_soa[1]) || $ttls_soa[1] == "") {
         $array['retry'] = 2048;
     } else {
         $array['retry'] = $ttls_soa[1];
     }
     // expiration
-    if($ttls_soa[2] == "") {
+    if (!isset($ttls_soa[2]) || $ttls_soa[2] == "") {
         $array['expire'] = 1048576;
     } else {
         $array['expire'] = $ttls_soa[2];
     }
     // min
-    if($ttls_soa[3] == "") {
+    if(!isset($ttls_soa[3]) || $ttls_soa[3] == "") {
         $array['minimum'] = 2560;
     } else {
         $array['minimum'] = $ttls_soa[3];
@@ -381,6 +384,7 @@
     // Strip first char
     $stripped = ereg_replace("^.", "", $line);
     $array = explode(":", $stripped);
+    $out_array = '';
 
     // Format the array according to the type
     if(strncmp('+', $line, 1) == 0) {

Re: [users] Patch to fix authentication

Reply via email to