Bob Hutchinson wrote: > > On Sunday 30 Apr 2006 21:26, Robin Bowes wrote: >> >> WARNING - EXTREMELY RAW PATCH AHEAD > > > > wow, all sorts going on here ;-)
Yeah, fun fun fun! I've actually tempered things a little now and move the "apply default records" functionality to the domain list records page and added a confirmation page. It's working well. Patch attached. > > > > Here is how I set up my default records, pulled from phpmyadmin and edited to > > suit: > > > > host type val > > hostmaster.DOMAIN:ns1.example.com S 16384:2048:1048576:2560 > > www.DOMAIN A 1.2.3.4 > > ftp.DOMAIN A 1.2.3.4 > > mail.DOMAIN A 1.2.3.4 > > webmail.DOMAIN A 1.2.3.4 > > DOMAIN A 1.2.3.4 > > DOMAIN N ns1.example.com > > DOMAIN N ns2.example.com > > DOMAIN M mail.DOMAIN Is there any reason you use A records instead of CNAMES? > BTW regarding the md5 passwords thing, here is what grep found on a virgin > > copy of 0.9.9.1. I've removed the CHANGELOG, md5update and smarty lines > > > > vegadns-0.9.9.1 # grep -rn md5 * > > > > src/create_tables.php:43:$q = "INSERT INTO accounts VALUES > > (0,0,'test@test.com','".md5 > > (test)."','Test','User','','senior_admin','active')"; > > > > src/functions.php:38: Password='".md5($password)."' and > > > > src/help.php:56: $newpass = substr(md5(rand(0,10000)."vegadns_". > > $_REQUEST['username'].rand(0,10000)),0,rand(5,8)); > > > > src/help.php:57: mysql_query("update accounts set Password='".md5 > > ($newpass)."' where cid=".$fa[0]); > > > > src/users.php:100: $q .= ", Password='".md5 > > (mysql_escape_string($_REQUEST['password']))."'"; > > > > src/users.php:179: '".md5 > > (mysql_escape_string($_REQUEST['password']))."',"; > > > > HTH I did that too and couldn't find anywhere obvious where the password entered by the user on the login page is md5-encrypted. Strange... R.
diff -ur --new-file --exclude=config.php vegadns-0.9.9.1/axfr_get.php vegadns-0.9.9.1-working/axfr_get.php --- vegadns-0.9.9.1/axfr_get.php 2005-02-04 00:07:16.000000000 +0000 +++ vegadns-0.9.9.1-working/axfr_get.php 2006-04-25 01:23:48.000000000 +0100 @@ -45,7 +45,7 @@ $rand = rand(); $file = "/tmp/$domain.$rand"; -$command = "/usr/local/bin/tcpclient '".escapeshellcmd($hostname)."' 53 /usr/local/bin/axfr-get '".escapeshellcmd($domain)."' $file $file.tmp 2>&1"; +$command = "/usr/local/bin/tcpclient -R '".escapeshellcmd($hostname)."' 53 /usr/local/bin/axfr-get '".escapeshellcmd($domain)."' $file $file.tmp 2>&1"; exec($command, $out); // Print any errors first diff -ur --new-file --exclude=config.php vegadns-0.9.9.1/index.php vegadns-0.9.9.1-working/index.php --- vegadns-0.9.9.1/index.php 2005-09-10 17:49:22.000000000 +0100 +++ vegadns-0.9.9.1-working/index.php 2006-03-29 20:26:44.000000000 +0100 @@ -23,6 +23,7 @@ ini_set('log_errors', 1); ini_set('allow_url_fopen', 0); ini_set('session.use_cookies',0); +ini_set('error_reporting', E_ALL); // Check that register_globals is off if(ini_get('register_globals')) { diff -ur --new-file --exclude=config.php vegadns-0.9.9.1/src/create_tables.php vegadns-0.9.9.1-working/src/create_tables.php --- vegadns-0.9.9.1/src/create_tables.php 2005-02-04 00:05:34.000000000 +0000 +++ vegadns-0.9.9.1-working/src/create_tables.php 2006-03-29 20:28:51.000000000 +0100 @@ -40,7 +40,7 @@ ) TYPE=MyISAM"; mysql_query($q) or die(mysql_error()); -$q = "INSERT INTO accounts VALUES (0,0,'test@test.com','".md5(test)."','Test','User','','senior_admin','active')"; +$q = "INSERT INTO accounts VALUES (0,0,'test@test.com','".md5('test')."','Test','User','','senior_admin','active')"; mysql_query($q) or die(mysql_error()."<br>".$q); $q = "CREATE TABLE active_sessions ( diff -ur --new-file --exclude=config.php vegadns-0.9.9.1/src/domains.php vegadns-0.9.9.1-working/src/domains.php --- vegadns-0.9.9.1/src/domains.php 2005-09-10 12:35:33.000000000 +0100 +++ vegadns-0.9.9.1-working/src/domains.php 2006-04-30 20:04:03.000000000 +0100 @@ -220,7 +220,7 @@ exit; } // make sure it's at least a correct domain name - if (!eregi("^[\.a-z0-9-]+$",$domain)) { + if (!eregi("^[\.a-z0-9-]+$",$domain)) { set_msg_err("Error: domain $domain does not appear to be a valid domain name"); $smarty->display('header.tpl'); require('src/new_domain_form.php'); @@ -267,76 +267,7 @@ if($id == -1) die("Error getting domain id"); dns_log($id,"added domain $domain with status $domain_status"); - // Get default records - if($user_info['Account_Type'] == 'user') { - $q = "select * from default_records where default_type='group' and group_owner_id='".$user_info['gid']."'"; - $result = mysql_query($q) or die(mysql_error()); - if(mysql_num_rows($result) == 0) { - // Get system default records - $q = "select * from default_records where default_type='system'"; - $result = mysql_query($q) or die(mysql_error()); - } - } else if($user_info['Account_Type'] == 'group_admin') { - $q = "select * from default_records where default_type='group' and group_owner_id='".$user_info['cid']."'"; - $result = mysql_query($q) or die(mysql_error()); - if(mysql_num_rows($result) == 0) { - // Get system default records - $q = "select * from default_records where default_type='system'"; - $result = mysql_query($q) or die(mysql_error()); - } - } else if($user_info['Account_Type'] == 'senior_admin') { - // Get system default records - $q = "select * from default_records where default_type='system'"; - $result = mysql_query($q) or die(mysql_error()); - } - - if(mysql_num_rows($result) == 0) { - set_msg_err("Error: you have not yet setup default records"); - header("Location: $base_url"); - exit; - } - - // Build arrays - $counter = 0; - while($row = mysql_fetch_array($result)) { - if($row['type'] == 'S' && !isset($soa_array)) { - $soa_array = $row; - } else { - $records_array[$counter] = $row; - $counter++; - } - } - - - // Add SOA record - $host = ereg_replace("DOMAIN", $domain, $soa_array['host']); - $val = ereg_replace("DOMAIN", $domain, $soa_array['val']); - $q = "insert into records (domain_id,host,type,val,ttl) - values('$id', - '".mysql_escape_string($host)."', - 'S', - '$val', - '".$soa_array['ttl']."')"; - mysql_query($q) or die(mysql_error()); - dns_log($id, "added soa"); - - // Add default records - - if(is_array($records_array)) { - while(list($key,$row) = each($records_array)) { - $host = ereg_replace("DOMAIN", $domain, $row['host']); - $val = ereg_replace("DOMAIN", $domain, $row['val']); - $q = "insert into records (domain_id,host,type,val,distance,ttl) - values('$id', - '".mysql_escape_string($host)."', - '".$row['type']."', - '$val', - '".$row['distance']."', - '".$row['ttl']."')"; - mysql_query($q) or die(mysql_error()); - dns_log($id, "added ".$row['type']." $host with value $val"); - } - } + add_default_records($domain, $user_info); // Email the support address if an inactive domain is added $body = "inactive domain \"$domain\" added by ".$user_info['Email']."\n\n"; @@ -531,10 +462,10 @@ $counter = 0; // default SOA and NS - if ($_REQUEST['default_soa']=="on") + if (isset($_REQUEST['default_soa']) && $_REQUEST['default_soa']=="on") $def_soa=mysql_fetch_array( mysql_query("SELECT host,val FROM default_records WHERE type='S'")); - if ($_REQUEST['default_ns']=="on") { + if (isset($_REQUEST['default_ns']) && $_REQUEST['default_ns']=="on") { $q=mysql_query("SELECT host,val,distance,ttl FROM default_records WHERE type='N'"); while ($l = mysql_fetch_array($q)) $def_ns[]=$l; @@ -582,11 +513,11 @@ if($line_key != 'domain' && !ereg("^#", $value)) { $result = parse_dataline($value); if(is_array($result)) { - if (($_REQUEST['default_soa']=="on") && ($result['type']=='S')) { + if ((isset($_REQUEST['default_soa']) && $_REQUEST['default_soa']=="on") && ($result['type']=='S')) { $result['val']=$def_soa['val']; $result['host']=$def_soa['host']; } - if (($_REQUEST['default_ns']!="on") || ($result['type']!='N')) { + if ((isset($_REQUEST['default_ns']) && $_REQUEST['default_ns']!="on") || ($result['type']!='N')) { $q = "insert into records (domain_id,host,type,val,distance,ttl) values( @@ -601,22 +532,23 @@ } } } - if ($_REQUEST['default_ns']=="on") { - $counter=0; - while ($ns = $def_ns[$counter]) { - $host = ereg_replace("DOMAIN", $domain, $ns['host']); - $q = "insert into records - (domain_id,host,type,val,distance,ttl) - values( - $domain_id, - '".mysql_escape_string($host)."', - 'N', - '".mysql_escape_string($ns['val'])."', - '".$ns['distance']."', - '".$ns['ttl']."')"; - mysql_query($q) or die(mysql_error().$q); - $counter++; - } + if (isset($_REQUEST['default_ns']) && $_REQUEST['default_ns']=="on") { + $counter=0; + while (isset($def_ns[$counter])) { + $ns = $def_ns[$counter]; + $host = ereg_replace("DOMAIN", $domain, $ns['host']); + $q = "insert into records + (domain_id,host,type,val,distance,ttl) + values( + $domain_id, + '".mysql_escape_string($host)."', + 'N', + '".mysql_escape_string($ns['val'])."', + '".$ns['distance']."', + '".$ns['ttl']."')"; + mysql_query($q) or die(mysql_error().$q); + $counter++; + } } $log_entry = "imported via axfr from ".$_REQUEST['hostname']; dns_log($domain_id,$log_entry); diff -ur --new-file --exclude=config.php vegadns-0.9.9.1/src/functions.php vegadns-0.9.9.1-working/src/functions.php --- vegadns-0.9.9.1/src/functions.php 2005-09-10 17:48:07.000000000 +0100 +++ vegadns-0.9.9.1-working/src/functions.php 2006-04-30 20:04:05.000000000 +0100 @@ -35,7 +35,7 @@ mysql_query("delete from active_sessions where time < $oldsessions"); $result = mysql_query("select Email from accounts where Email='".mysql_real_escape_string(strtolower($email))."' and - Password='".md5($password)."' and + Password='".$password."' and Status='active' LIMIT 1") or die(mysql_error()); $resultarray = mysql_fetch_array($result); if($resultarray['Email'] != "") { @@ -294,36 +294,39 @@ function parse_soa($soa) { $email_soa = explode(":", $soa['host']); - $array['tldemail'] = $email_soa[0]; - $array['tldhost'] = $email_soa[1]; - + if (isset($email_soa[0])) { + $array['tldemail'] = $email_soa[0]; + } + if (isset($email_soa[1])) { + $array['tldhost'] = $email_soa[1]; + } $ttls_soa = explode(":", $soa['val']); // ttl - if($soa['ttl'] == "") { + if(!isset($soa['ttl']) || $soa['ttl'] == "") { $array['ttl'] = 86400; } else { $array['ttl'] = $soa['ttl']; } // refresh - if($ttls_soa[0] == "") { + if(!isset($ttls_soa[0]) || $ttls_soa[0] == "") { $array['refresh'] = 16384; } else { $array['refresh'] = $ttls_soa[0]; } // retry - if($ttls_soa[1] == "") { + if (!isset($ttls_soa[1]) || $ttls_soa[1] == "") { $array['retry'] = 2048; } else { $array['retry'] = $ttls_soa[1]; } // expiration - if($ttls_soa[2] == "") { + if (!isset($ttls_soa[2]) || $ttls_soa[2] == "") { $array['expire'] = 1048576; } else { $array['expire'] = $ttls_soa[2]; } // min - if($ttls_soa[3] == "") { + if(!isset($ttls_soa[3]) || $ttls_soa[3] == "") { $array['minimum'] = 2560; } else { $array['minimum'] = $ttls_soa[3]; @@ -381,6 +384,7 @@ // Strip first char $stripped = ereg_replace("^.", "", $line); $array = explode(":", $stripped); + $out_array = ''; // Format the array according to the type if(strncmp('+', $line, 1) == 0) { @@ -462,6 +466,83 @@ } } +// Add the default records to an existing domain +function add_default_records($domain, $user_info) { + // Get domain ID + $id = get_dom_id($domain); + if($id == -1) die("Error getting domain id"); + + // Get default records + if($user_info['Account_Type'] == 'user') { + $q = "select * from default_records where default_type='group' and group_owner_id='".$user_info['gid']."'"; + $result = mysql_query($q) or die(mysql_error()); + if(mysql_num_rows($result) == 0) { + // Get system default records + $q = "select * from default_records where default_type='system'"; + $result = mysql_query($q) or die(mysql_error()); + } + } else if($user_info['Account_Type'] == 'group_admin') { + $q = "select * from default_records where default_type='group' and group_owner_id='".$user_info['cid']."'"; + $result = mysql_query($q) or die(mysql_error()); + if(mysql_num_rows($result) == 0) { + // Get system default records + $q = "select * from default_records where default_type='system'"; + $result = mysql_query($q) or die(mysql_error()); + } + } else if($user_info['Account_Type'] == 'senior_admin') { + // Get system default records + $q = "select * from default_records where default_type='system'"; + $result = mysql_query($q) or die(mysql_error()); + } + + if(mysql_num_rows($result) == 0) { + set_msg_err("Error: you have not yet setup default records"); + header("Location: $base_url"); + exit; + } + // Build arrays + $counter = 0; + while($row = mysql_fetch_array($result)) { + if($row['type'] == 'S' && !isset($soa_array)) { + $soa_array = $row; + } else { + $records_array[$counter] = $row; + $counter++; + } + } + + + // Add SOA record + $host = ereg_replace("DOMAIN", $domain, $soa_array['host']); + $val = ereg_replace("DOMAIN", $domain, $soa_array['val']); + $q = "insert into records (domain_id,host,type,val,ttl) + values('$id', + '".mysql_escape_string($host)."', + 'S', + '$val', + '".$soa_array['ttl']."')"; + mysql_query($q) or die(mysql_error()); + dns_log($id, "added soa"); + + // Add default records + + if(is_array($records_array)) { + while(list($key,$row) = each($records_array)) { + $host = ereg_replace("DOMAIN", $domain, $row['host']); + $val = ereg_replace("DOMAIN", $domain, $row['val']); + $q = "insert into records (domain_id,host,type,val,distance,ttl) + values('$id', + '".mysql_escape_string($host)."', + '".$row['type']."', + '$val', + '".$row['distance']."', + '".$row['ttl']."')"; + mysql_query($q) or die(mysql_error()); + dns_log($id, "added ".$row['type']." $host with value $val"); + } + } +} + // END FUNCTIONS ?> diff -ur --new-file --exclude=config.php vegadns-0.9.9.1/src/records.php vegadns-0.9.9.1-working/src/records.php --- vegadns-0.9.9.1/src/records.php 2005-09-10 12:58:04.000000000 +0100 +++ vegadns-0.9.9.1-working/src/records.php 2006-05-01 00:13:55.000000000 +0100 @@ -230,6 +230,7 @@ $smarty->assign('display_soa', $display_soa); $smarty->assign('add_record_url', "$base_url&mode=records&record_mode=add_record&domain=$domain"); $smarty->assign('view_log_url', "$base_url&mode=records&record_mode=view_log&domain=$domain"); + $smarty->assign('apply_default_records_url', "$base_url&mode=records&record_mode=apply_default_records&domain=$domain"); $smarty->assign('all_url', "$base_url&mode=records&domain=$domain&page=all&sortfield=$sortfield&sortway=$sortway&search=".urlencode($search)); $smarty->assign('first_record', $first_record); @@ -537,6 +538,35 @@ exit; } +} else if($_REQUEST['record_mode'] == 'apply_default_records') { + // apply default records + // echo "It's working!"; + $smarty->assign('domain', $domain); + $smarty->assign('cancel_url', "$base_url&mode=records&domain=".urlencode($domain)."&record_mode=delete_cancelled"); + $smarty->assign('apply_url', "$base_url&mode=records&record_mode=apply_default_records_now&domain=".urlencode($domain)); + $smarty->display('header.tpl'); + $smarty->display('apply_default_records_confirm.tpl'); + $smarty->display('footer.tpl'); + + exit; + +} else if($_REQUEST['record_mode'] == 'apply_default_records_now') { + // apply default records + // make sure the domain was given + if(!isset($_REQUEST['domain'])) { + set_msg_err("Error: no domain"); + $smarty->display('header.tpl'); + $smarty->display('footer.tpl'); + exit; + } + + add_default_records($domain, $user_info); + + set_msg("Default records applied successfully"); + header("Location: $base_url&mode=records&domain=".urlencode($domain)); + + exit; + } else { die("Error: illegal records_mode"); diff -ur --new-file --exclude=config.php vegadns-0.9.9.1/templates/apply_default_records_confirm.tpl vegadns-0.9.9.1-working/templates/apply_default_records_confirm.tpl --- vegadns-0.9.9.1/templates/apply_default_records_confirm.tpl 1970-01-01 01:00:00.000000000 +0100 +++ vegadns-0.9.9.1-working/templates/apply_default_records_confirm.tpl 2006-04-30 23:53:30.000000000 +0100 @@ -0,0 +1,3 @@ +<h3>Are you really sure you want to apply default records to domain {$domain|escape} ?</h3><p> + +<a href="{$cancel_url}">cancel</a>   |   <a href="{$apply_url}">apply</a> diff -ur --new-file --exclude=config.php vegadns-0.9.9.1/templates/list_records.tpl vegadns-0.9.9.1-working/templates/list_records.tpl --- vegadns-0.9.9.1/templates/list_records.tpl 2004-10-09 18:43:53.000000000 +0100 +++ vegadns-0.9.9.1-working/templates/list_records.tpl 2006-04-30 23:51:10.000000000 +0100 @@ -80,7 +80,8 @@ </tr> <tr bgcolor="#cccccc"> <td>Records</td> - <td align="right" width="5%" nowrap><a href="{$add_record_url}">add record</a></td> + <td align="right" width="11%"><a href="{$apply_default_records_url}">Apply Default Records</a></td> + <td align="right" width="6%" nowrap><a href="{$add_record_url}">add record</a></td> <td align="right" width="5%" nowrap><a href="{$view_log_url}">view log</a></td> </tr> </table>