use UUID's for api keys and rename ENABLE_DEBUG_MODE to ENABLE_DEBUG

diff --git a/bind9.php b/bind9.php
index 1c0d1f1691af3008c462d7ebe9cc7197297521cc..b1c8a3a05b1632662c9b3600e9794a25abf55310 100644 (file)
--- a/bind9.php
+++ b/bind9.php
@@ -10,7 +10,7 @@ if (is_array($data) && !isset($data['error'])) {
        shell_exec("rm -rf /srv/bind/*");
        
        foreach ($data as $zone) {
-               $out = $zone['soa']['origin']."     ".$zone['soa']['minimum']."  IN      SOA     ".$zone['soa']['ns']." ".$zone['soa']['mbox']." (\n";
+               $out = $zone['soa']['origin']."\t".$zone['soa']['minimum']."\tIN\tSOA\t".$zone['soa']['ns']."\t".$zone['soa']['mbox']." (\n";
                $out .= "\t\t\t\t".$zone['soa']['serial']."\t; Serial\n";
                $out .= "\t\t\t\t".$zone['soa']['refresh']."\t\t; Refresh\n";
                $out .= "\t\t\t\t".$zone['soa']['retry']."\t\t; Retry\n";

diff --git a/database.sql b/database.sql
index fb0119522ec1c08cc620b9e0a0c0093e1f75687a..3aa361cc06fb7153426e2bf9ef4f66c2c4d9363b 100644 (file)
--- a/database.sql
+++ b/database.sql
@@ -79,9 +79,9 @@ ALTER TABLE dns_soa_to_user ADD FOREIGN KEY (userID) REFERENCES dns_user (userID
 ALTER TABLE dns_soa_to_user ADD FOREIGN KEY (soaID) REFERENCES dns_soa (id) ON DELETE CASCADE;
 ALTER TABLE dns_template ADD FOREIGN KEY (userID) REFERENCES dns_user (userID) ON DELETE CASCADE;
 
-INSERT INTO dns_options VALUES (1, 'dns_api_key', 'aa');
+INSERT INTO dns_options VALUES (1, 'dns_api_key', '0E2372C5-E5A3-424B-82E5-75AD723A9447');
 INSERT INTO dns_options VALUES (2, 'offline', '0');
-INSERT INTO dns_options VALUES (3, 'enable_debug_mode', '1');
+INSERT INTO dns_options VALUES (3, 'enable_debug', '1');
 INSERT INTO dns_options VALUES (4, 'dns_default_records', '{domain}:NS:ns1.stricted.de.\n{domain}:NS:ns2.stricted.de.\n{domain}:NS:ns3.stricted.de.\n{domain}:NS:ns4.stricted.de.\n{domain}:NS:ns5.stricted.de.\n{domain}:MX:mail.{domain}\n{domain}:A:84.200.248.52\n{domain}:AAAA:2001:1608:12:1::def\n*.{domain}:A:84.200.248.52\n*.{domain}:AAAA:2001:1608:12:1::def\n{domain}:TXT:\"v=spf1 mx -all\"');
 INSERT INTO dns_options VALUES (5, 'dns_soa_mbox', 'info.stricted.de.');
 INSERT INTO dns_options VALUES (6, 'dns_soa_ns', 'ns1.stricted.de.');

diff --git a/lib/page/ActionPage.class.php b/lib/page/ActionPage.class.php
index 13b2e96e98fcb86a82e8f49d8d8e9c9147525cf6..d58fc8b421428aae39e1025a6d8d6309984c4fe1 100644 (file)
--- a/lib/page/ActionPage.class.php
+++ b/lib/page/ActionPage.class.php
@@ -179,7 +179,7 @@ class ActionPage extends AbstractPage {
                                $row = DNS::getDB()->fetch_array($res);
                                
                                if (empty($row)) {
-                                       $apiKey = DNS::generateRandomID();
+                                       $apiKey = DNS::generateUUID();
                                        
                                        $sql = "INSERT INTO dns_api (id, userID, apiKey) VALUES (NULL, ?, ?)";
                                        DNS::getDB()->query($sql, array($_SESSION['userID'], $apiKey));

diff --git a/lib/page/ApiPage.class.php b/lib/page/ApiPage.class.php
index 61fc7625bca675ab36d83692936aa6f5aeda07ac..879ac9da2f06082d08f0898253c60b6f29fb2846 100644 (file)
--- a/lib/page/ApiPage.class.php
+++ b/lib/page/ApiPage.class.php
@@ -17,7 +17,7 @@ class ApiPage extends AbstractPage {
                        $key = $_REQUEST['key'];
                }
                
-               if (!defined('DNS_API_KEY') || $key != DNS_API_KEY || empty($key)) {
+               if (!defined('DNS_API_KEY') || $key != DNS_API_KEY || empty($key) || !preg_match('/[a-f0-9]{8}\-[a-f0-9]{4}\-4[a-f0-9]{3}\-[89ab][a-f0-9]{3}\-[a-f0-9]{12}/i', $key)) {
                        header('Content-Type: application/json');
                        echo json_encode(array("error" => "wrong access key"), JSON_PRETTY_PRINT);
                        exit;

diff --git a/lib/page/RecordAddPage.class.php b/lib/page/RecordAddPage.class.php
index 326dd0838b6c6663899619ad89d4ac8a34ed1bb8..348dbfe83d1cbcd448a467cf0f4c92848c101225 100644 (file)
--- a/lib/page/RecordAddPage.class.php
+++ b/lib/page/RecordAddPage.class.php
@@ -34,9 +34,16 @@ class RecordAddPage extends AbstractPage {
                $types = array('A', 'AAAA', 'CNAME', 'MX', 'PTR', 'SRV', 'TXT', 'TLSA', 'NS', 'DS');
                $error = array();
                if (isset($_POST['submit']) && !empty($_POST['submit'])) {
-                       if (isset($_POST['name']) && !empty($_POST['name']) && isset($_POST['ttl']) && !empty($_POST['ttl']) && isset($_POST['type']) && !empty($_POST['type']) && isset($_POST['data']) && !empty($_POST['data'])) {
+                       if (isset($_POST['name']) && isset($_POST['ttl']) && !empty($_POST['ttl']) && isset($_POST['type']) && !empty($_POST['type']) && isset($_POST['data']) && !empty($_POST['data'])) {
                                $type = trim($_POST['type']);
-                               $name = $idna->encode(trim($_POST['name']));
+                               
+                               if (!empty($_POST['name'])) {
+                                       $name = $idna->encode(trim($_POST['name']));
+                               }
+                               else {
+                                       $name = $idna->encode(trim($soa['origin']));
+                               }
+                               
                                if (in_array($type, $types)) {
                                        $aux = 0;
                                        if (($type == "MX" || $type == "TLSA" || $type == "SRV" || $type == "DS") && isset($_POST['aux']) && !empty($_POST['aux'])) {
@@ -109,7 +116,7 @@ class RecordAddPage extends AbstractPage {
                        $res = DNS::getDB()->query($sql, array($_GET['id'], $name, $type, $data));
                        $rr = DNS::getDB()->fetch_array($res);
                        if (!empty($rr)) {
-                               $error = array_merge($error, array('name', 'type', 'data'));
+                               $error = array_merge($error, array('type', 'data'));
                        }
                        
                        if (empty($error)) {

diff --git a/lib/page/RecordEditPage.class.php b/lib/page/RecordEditPage.class.php
index 4a2caf655251cc5372ec9ab2dd1a41abd70343d7..9497ec84ddd25cc8effbb16fa8212ccc80cca1b5 100644 (file)
--- a/lib/page/RecordEditPage.class.php
+++ b/lib/page/RecordEditPage.class.php
@@ -38,9 +38,16 @@ class RecordEditPage extends AbstractPage {
                $types = array('A', 'AAAA', 'CNAME', 'MX', 'PTR', 'SRV', 'TXT', 'TLSA', 'NS', 'DS');
                $error = array();
                if (isset($_POST['submit']) && !empty($_POST['submit'])) {
-                       if (isset($_POST['name']) && !empty($_POST['name']) && isset($_POST['ttl']) && !empty($_POST['ttl']) && isset($_POST['type']) && !empty($_POST['type']) && isset($_POST['data']) && !empty($_POST['data'])) {
+                       if (isset($_POST['name']) && isset($_POST['ttl']) && !empty($_POST['ttl']) && isset($_POST['type']) && !empty($_POST['type']) && isset($_POST['data']) && !empty($_POST['data'])) {
                                $type = trim($_POST['type']);
-                               $name = $idna->encode(trim($_POST['name']));
+                               
+                               if (!empty($_POST['name'])) {
+                                       $name = $idna->encode(trim($_POST['name']));
+                               }
+                               else {
+                                       $name = $idna->encode(trim($soa['origin']));
+                               }
+                               
                                if (in_array($type, $types)) {
                                        $aux = 0;
                                        if (($type == "MX" || $type == "TLSA" || $type == "SRV" || $type == "DS") && isset($_POST['aux']) && !empty($_POST['aux'])) {
@@ -113,7 +120,7 @@ class RecordEditPage extends AbstractPage {
                        $res = DNS::getDB()->query($sql, array($rr['zone'], $name, $type, $data, $_GET['id']));
                        $rr = DNS::getDB()->fetch_array($res);
                        if (!empty($rr)) {
-                               $error = array_merge($error, array('name', 'type', 'data'));
+                               $error = array_merge($error, array('type', 'data'));
                        }
                        
                        if (empty($error)) {

diff --git a/lib/system/DNS.class.php b/lib/system/DNS.class.php
index e75c6ec0739ff005d1e0dd26e29fd5c58a404fde..35fd65cf8c4cefab1dce62001c9f58dea174c209 100644 (file)
--- a/lib/system/DNS.class.php
+++ b/lib/system/DNS.class.php
@@ -173,7 +173,7 @@ class DNS {
                self::getTPL()->setPluginsDir(DNS_DIR."/lib/api/smarty/plugins");
                self::getTPL()->loadFilter('pre', 'hascontent');
                
-               if (!ENABLE_DEBUG_MODE) {
+               if (!ENABLE_DEBUG) {
                        self::getTPL()->loadFilter('output', 'trimwhitespace');
                }
                
@@ -206,6 +206,15 @@ class DNS {
                return sha1(microtime() . uniqid(mt_rand(), true));
        }
        
+       /**
+        * Creates an UUID.
+        * 
+        * @return      string
+        */
+       public static function generateUUID() {
+               return strtoupper(sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x', mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(16384, 20479), mt_rand(32768, 49151), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535)));
+       }
+       
        /**
         * build options from database
         *

diff --git a/templates/default/footer.tpl b/templates/default/footer.tpl
index a278d1900984e2c081d88363e52d4c3f02636839..715700fd29e00dad33942cdeb428d28dd3f7cb83 100644 (file)
--- a/templates/default/footer.tpl
+++ b/templates/default/footer.tpl
@@ -16,9 +16,9 @@
                        language['javascript.confirm'] = '{lang}javascript.confirm{/lang}';
                        language['domain.disabled'] = '{lang}domain.disabled{/lang}';
                </script>
-               <script src="js/default/jquery{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.js"></script>
-               <script src="js/default/bootstrap{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.js"></script>
-               <script src="js/default/metisMenu{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.js"></script>
-               <script src="js/default/functions{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.js"></script>
+               <script src="js/default/jquery{if !$smarty.const.ENABLE_DEBUG}.min{/if}.js"></script>
+               <script src="js/default/bootstrap{if !$smarty.const.ENABLE_DEBUG}.min{/if}.js"></script>
+               <script src="js/default/metisMenu{if !$smarty.const.ENABLE_DEBUG}.min{/if}.js"></script>
+               <script src="js/default/functions{if !$smarty.const.ENABLE_DEBUG}.min{/if}.js"></script>
        </body>
 </html>
\ No newline at end of file

diff --git a/templates/default/header.tpl b/templates/default/header.tpl
index 305941fb6d5a02d839fafdc4c049cdad12ca46e3..acf6af3880ac7f98dfd362fe0c30d4dd2df08557 100644 (file)
--- a/templates/default/header.tpl
+++ b/templates/default/header.tpl
@@ -7,10 +7,10 @@
                <meta name="description" content="">
                <meta name="author" content="">
                <title>Domain Control Panel</title>
-               <link href="css/default/bootstrap{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.css" rel="stylesheet">
-               <link href="css/default/metisMenu{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.css" rel="stylesheet">
-               <link href="css/default/sb-admin-2{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.css" rel="stylesheet">
-               <link href="css/default/font-awesome{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.css" rel="stylesheet" type="text/css">
+               <link href="css/default/bootstrap{if !$smarty.const.ENABLE_DEBUG}.min{/if}.css" rel="stylesheet">
+               <link href="css/default/metisMenu{if !$smarty.const.ENABLE_DEBUG}.min{/if}.css" rel="stylesheet">
+               <link href="css/default/sb-admin-2{if !$smarty.const.ENABLE_DEBUG}.min{/if}.css" rel="stylesheet">
+               <link href="css/default/font-awesome{if !$smarty.const.ENABLE_DEBUG}.min{/if}.css" rel="stylesheet" type="text/css">
 
                <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
                <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->

diff --git a/templates/default/login.tpl b/templates/default/login.tpl
index 2be7295ef88fdca3d7834e746397c28e8d765542..1a5e67b8760f70fe32021a78a202ea49fe730918 100644 (file)
--- a/templates/default/login.tpl
+++ b/templates/default/login.tpl
@@ -7,8 +7,8 @@
                <meta name="description" content="">
                <meta name="author" content="">
                <title>Domain Control Panel</title>
-               <link href="css/default/bootstrap{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.css" rel="stylesheet">
-               <link href="css/default/sb-admin-2{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.css" rel="stylesheet">
+               <link href="css/default/bootstrap{if !$smarty.const.ENABLE_DEBUG}.min{/if}.css" rel="stylesheet">
+               <link href="css/default/sb-admin-2{if !$smarty.const.ENABLE_DEBUG}.min{/if}.css" rel="stylesheet">
                <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
                <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
                <!--[if lt IE 9]>
@@ -46,7 +46,7 @@
                                </div>
                        </div>
                </div>
-               <script src="js/default/jquery{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.js"></script>
-               <script src="js/default/bootstrap{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.js"></script>
+               <script src="js/default/jquery{if !$smarty.const.ENABLE_DEBUG}.min{/if}.js"></script>
+               <script src="js/default/bootstrap{if !$smarty.const.ENABLE_DEBUG}.min{/if}.js"></script>
        </body>
 </html>

diff --git a/templates/default/offline.tpl b/templates/default/offline.tpl
index 414d03d1d11b51a28b5ffbb9e358d3b97096959f..87bde86047704e7a2c0cbc1cd1520b350167f03b 100644 (file)
--- a/templates/default/offline.tpl
+++ b/templates/default/offline.tpl
@@ -7,9 +7,9 @@
                <meta name="description" content="">
                <meta name="author" content="">
                <title>Domain Control Panel</title>
-               <link href="css/default/bootstrap{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.css" rel="stylesheet">
+               <link href="css/default/bootstrap{if !$smarty.const.ENABLE_DEBUG}.min{/if}.css" rel="stylesheet">
                <link href="css/default/sb-admin-2.css" rel="stylesheet">
-               <link href="css/default/font-awesome{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.css" rel="stylesheet" type="text/css">
+               <link href="css/default/font-awesome{if !$smarty.const.ENABLE_DEBUG}.min{/if}.css" rel="stylesheet" type="text/css">
                <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
                <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
                <!--[if lt IE 9]>
@@ -73,8 +73,8 @@
                        </div>
                </div>
 
-               <script src="js/default/jquery{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.js"></script>
-               <script src="js/default/bootstrap{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.js"></script>
+               <script src="js/default/jquery{if !$smarty.const.ENABLE_DEBUG}.min{/if}.js"></script>
+               <script src="js/default/bootstrap{if !$smarty.const.ENABLE_DEBUG}.min{/if}.js"></script>
                <script type="text/javascript">
                        {literal}
                        function loadDomain() {