From d892976220d7fed72a2ed8b0658f19b2b1473fdf Mon Sep 17 00:00:00 2001
From: Stricted <info@stricted.de>
Date: Fri, 6 Mar 2015 14:37:06 +0100
Subject: [PATCH] use UUID's for api keys and rename ENABLE_DEBUG_MODE to
 ENABLE_DEBUG

---
 bind9.php                         |  2 +-
 database.sql                      |  4 ++--
 lib/page/ActionPage.class.php     |  2 +-
 lib/page/ApiPage.class.php        |  2 +-
 lib/page/RecordAddPage.class.php  | 13 ++++++++++---
 lib/page/RecordEditPage.class.php | 13 ++++++++++---
 lib/system/DNS.class.php          | 11 ++++++++++-
 templates/default/footer.tpl      |  8 ++++----
 templates/default/header.tpl      |  8 ++++----
 templates/default/login.tpl       |  8 ++++----
 templates/default/offline.tpl     |  8 ++++----
 11 files changed, 51 insertions(+), 28 deletions(-)

diff --git a/bind9.php b/bind9.php
index 1c0d1f1..b1c8a3a 100644
--- a/bind9.php
+++ b/bind9.php
@@ -10,7 +10,7 @@ if (is_array($data) && !isset($data['error'])) {
 	shell_exec("rm -rf /srv/bind/*");
 	
 	foreach ($data as $zone) {
-		$out = $zone['soa']['origin']."     ".$zone['soa']['minimum']."  IN      SOA     ".$zone['soa']['ns']." ".$zone['soa']['mbox']." (\n";
+		$out = $zone['soa']['origin']."\t".$zone['soa']['minimum']."\tIN\tSOA\t".$zone['soa']['ns']."\t".$zone['soa']['mbox']." (\n";
 		$out .=	"\t\t\t\t".$zone['soa']['serial']."\t; Serial\n";
 		$out .=	"\t\t\t\t".$zone['soa']['refresh']."\t\t; Refresh\n";
 		$out .=	"\t\t\t\t".$zone['soa']['retry']."\t\t; Retry\n";
diff --git a/database.sql b/database.sql
index fb01195..3aa361c 100644
--- a/database.sql
+++ b/database.sql
@@ -79,9 +79,9 @@ ALTER TABLE dns_soa_to_user ADD FOREIGN KEY (userID) REFERENCES dns_user (userID
 ALTER TABLE dns_soa_to_user ADD FOREIGN KEY (soaID) REFERENCES dns_soa (id) ON DELETE CASCADE;
 ALTER TABLE dns_template ADD FOREIGN KEY (userID) REFERENCES dns_user (userID) ON DELETE CASCADE;
 
-INSERT INTO dns_options VALUES (1, 'dns_api_key', 'aa');
+INSERT INTO dns_options VALUES (1, 'dns_api_key', '0E2372C5-E5A3-424B-82E5-75AD723A9447');
 INSERT INTO dns_options VALUES (2, 'offline', '0');
-INSERT INTO dns_options VALUES (3, 'enable_debug_mode', '1');
+INSERT INTO dns_options VALUES (3, 'enable_debug', '1');
 INSERT INTO dns_options VALUES (4, 'dns_default_records', '{domain}:NS:ns1.stricted.de.\n{domain}:NS:ns2.stricted.de.\n{domain}:NS:ns3.stricted.de.\n{domain}:NS:ns4.stricted.de.\n{domain}:NS:ns5.stricted.de.\n{domain}:MX:mail.{domain}\n{domain}:A:84.200.248.52\n{domain}:AAAA:2001:1608:12:1::def\n*.{domain}:A:84.200.248.52\n*.{domain}:AAAA:2001:1608:12:1::def\n{domain}:TXT:\"v=spf1 mx -all\"');
 INSERT INTO dns_options VALUES (5, 'dns_soa_mbox', 'info.stricted.de.');
 INSERT INTO dns_options VALUES (6, 'dns_soa_ns', 'ns1.stricted.de.');
diff --git a/lib/page/ActionPage.class.php b/lib/page/ActionPage.class.php
index 13b2e96..d58fc8b 100644
--- a/lib/page/ActionPage.class.php
+++ b/lib/page/ActionPage.class.php
@@ -179,7 +179,7 @@ class ActionPage extends AbstractPage {
 				$row = DNS::getDB()->fetch_array($res);
 				
 				if (empty($row)) {
-					$apiKey = DNS::generateRandomID();
+					$apiKey = DNS::generateUUID();
 					
 					$sql = "INSERT INTO dns_api (id, userID, apiKey) VALUES (NULL, ?, ?)";
 					DNS::getDB()->query($sql, array($_SESSION['userID'], $apiKey));
diff --git a/lib/page/ApiPage.class.php b/lib/page/ApiPage.class.php
index 61fc762..879ac9d 100644
--- a/lib/page/ApiPage.class.php
+++ b/lib/page/ApiPage.class.php
@@ -17,7 +17,7 @@ class ApiPage extends AbstractPage {
 			$key = $_REQUEST['key'];
 		}
 		
-		if (!defined('DNS_API_KEY') || $key != DNS_API_KEY || empty($key)) {
+		if (!defined('DNS_API_KEY') || $key != DNS_API_KEY || empty($key) || !preg_match('/[a-f0-9]{8}\-[a-f0-9]{4}\-4[a-f0-9]{3}\-[89ab][a-f0-9]{3}\-[a-f0-9]{12}/i', $key)) {
 			header('Content-Type: application/json');
 			echo json_encode(array("error" => "wrong access key"), JSON_PRETTY_PRINT);
 			exit;
diff --git a/lib/page/RecordAddPage.class.php b/lib/page/RecordAddPage.class.php
index 326dd08..348dbfe 100644
--- a/lib/page/RecordAddPage.class.php
+++ b/lib/page/RecordAddPage.class.php
@@ -34,9 +34,16 @@ class RecordAddPage extends AbstractPage {
 		$types = array('A', 'AAAA', 'CNAME', 'MX', 'PTR', 'SRV', 'TXT', 'TLSA', 'NS', 'DS');
 		$error = array();
 		if (isset($_POST['submit']) && !empty($_POST['submit'])) {
-			if (isset($_POST['name']) && !empty($_POST['name']) && isset($_POST['ttl']) && !empty($_POST['ttl']) && isset($_POST['type']) && !empty($_POST['type']) && isset($_POST['data']) && !empty($_POST['data'])) {
+			if (isset($_POST['name']) && isset($_POST['ttl']) && !empty($_POST['ttl']) && isset($_POST['type']) && !empty($_POST['type']) && isset($_POST['data']) && !empty($_POST['data'])) {
 				$type = trim($_POST['type']);
-				$name = $idna->encode(trim($_POST['name']));
+				
+				if (!empty($_POST['name'])) {
+					$name = $idna->encode(trim($_POST['name']));
+				}
+				else {
+					$name = $idna->encode(trim($soa['origin']));
+				}
+				
 				if (in_array($type, $types)) {
 					$aux = 0;
 					if (($type == "MX" || $type == "TLSA" || $type == "SRV" || $type == "DS") && isset($_POST['aux']) && !empty($_POST['aux'])) {
@@ -109,7 +116,7 @@ class RecordAddPage extends AbstractPage {
 			$res = DNS::getDB()->query($sql, array($_GET['id'], $name, $type, $data));
 			$rr = DNS::getDB()->fetch_array($res);
 			if (!empty($rr)) {
-				$error = array_merge($error, array('name', 'type', 'data'));
+				$error = array_merge($error, array('type', 'data'));
 			}
 			
 			if (empty($error)) {
diff --git a/lib/page/RecordEditPage.class.php b/lib/page/RecordEditPage.class.php
index 4a2caf6..9497ec8 100644
--- a/lib/page/RecordEditPage.class.php
+++ b/lib/page/RecordEditPage.class.php
@@ -38,9 +38,16 @@ class RecordEditPage extends AbstractPage {
 		$types = array('A', 'AAAA', 'CNAME', 'MX', 'PTR', 'SRV', 'TXT', 'TLSA', 'NS', 'DS');
 		$error = array();
 		if (isset($_POST['submit']) && !empty($_POST['submit'])) {
-			if (isset($_POST['name']) && !empty($_POST['name']) && isset($_POST['ttl']) && !empty($_POST['ttl']) && isset($_POST['type']) && !empty($_POST['type']) && isset($_POST['data']) && !empty($_POST['data'])) {
+			if (isset($_POST['name']) && isset($_POST['ttl']) && !empty($_POST['ttl']) && isset($_POST['type']) && !empty($_POST['type']) && isset($_POST['data']) && !empty($_POST['data'])) {
 				$type = trim($_POST['type']);
-				$name = $idna->encode(trim($_POST['name']));
+				
+				if (!empty($_POST['name'])) {
+					$name = $idna->encode(trim($_POST['name']));
+				}
+				else {
+					$name = $idna->encode(trim($soa['origin']));
+				}
+				
 				if (in_array($type, $types)) {
 					$aux = 0;
 					if (($type == "MX" || $type == "TLSA" || $type == "SRV" || $type == "DS") && isset($_POST['aux']) && !empty($_POST['aux'])) {
@@ -113,7 +120,7 @@ class RecordEditPage extends AbstractPage {
 			$res = DNS::getDB()->query($sql, array($rr['zone'], $name, $type, $data, $_GET['id']));
 			$rr = DNS::getDB()->fetch_array($res);
 			if (!empty($rr)) {
-				$error = array_merge($error, array('name', 'type', 'data'));
+				$error = array_merge($error, array('type', 'data'));
 			}
 			
 			if (empty($error)) {
diff --git a/lib/system/DNS.class.php b/lib/system/DNS.class.php
index e75c6ec..35fd65c 100644
--- a/lib/system/DNS.class.php
+++ b/lib/system/DNS.class.php
@@ -173,7 +173,7 @@ class DNS {
 		self::getTPL()->setPluginsDir(DNS_DIR."/lib/api/smarty/plugins");
 		self::getTPL()->loadFilter('pre', 'hascontent');
 		
-		if (!ENABLE_DEBUG_MODE) {
+		if (!ENABLE_DEBUG) {
 			self::getTPL()->loadFilter('output', 'trimwhitespace');
 		}
 		
@@ -206,6 +206,15 @@ class DNS {
 		return sha1(microtime() . uniqid(mt_rand(), true));
 	}
 	
+	/**
+	 * Creates an UUID.
+	 * 
+	 * @return	string
+	 */
+	public static function generateUUID() {
+		return strtoupper(sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x', mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(16384, 20479), mt_rand(32768, 49151), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535)));
+	}
+	
 	/**
 	 * build options from database
 	 *
diff --git a/templates/default/footer.tpl b/templates/default/footer.tpl
index a278d19..715700f 100644
--- a/templates/default/footer.tpl
+++ b/templates/default/footer.tpl
@@ -16,9 +16,9 @@
 			language['javascript.confirm'] = '{lang}javascript.confirm{/lang}';
 			language['domain.disabled'] = '{lang}domain.disabled{/lang}';
 		</script>
-		<script src="js/default/jquery{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.js"></script>
-		<script src="js/default/bootstrap{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.js"></script>
-		<script src="js/default/metisMenu{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.js"></script>
-		<script src="js/default/functions{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.js"></script>
+		<script src="js/default/jquery{if !$smarty.const.ENABLE_DEBUG}.min{/if}.js"></script>
+		<script src="js/default/bootstrap{if !$smarty.const.ENABLE_DEBUG}.min{/if}.js"></script>
+		<script src="js/default/metisMenu{if !$smarty.const.ENABLE_DEBUG}.min{/if}.js"></script>
+		<script src="js/default/functions{if !$smarty.const.ENABLE_DEBUG}.min{/if}.js"></script>
 	</body>
 </html>
\ No newline at end of file
diff --git a/templates/default/header.tpl b/templates/default/header.tpl
index 305941f..acf6af3 100644
--- a/templates/default/header.tpl
+++ b/templates/default/header.tpl
@@ -7,10 +7,10 @@
 		<meta name="description" content="">
 		<meta name="author" content="">
 		<title>Domain Control Panel</title>
-		<link href="css/default/bootstrap{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.css" rel="stylesheet">
-		<link href="css/default/metisMenu{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.css" rel="stylesheet">
-		<link href="css/default/sb-admin-2{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.css" rel="stylesheet">
-		<link href="css/default/font-awesome{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.css" rel="stylesheet" type="text/css">
+		<link href="css/default/bootstrap{if !$smarty.const.ENABLE_DEBUG}.min{/if}.css" rel="stylesheet">
+		<link href="css/default/metisMenu{if !$smarty.const.ENABLE_DEBUG}.min{/if}.css" rel="stylesheet">
+		<link href="css/default/sb-admin-2{if !$smarty.const.ENABLE_DEBUG}.min{/if}.css" rel="stylesheet">
+		<link href="css/default/font-awesome{if !$smarty.const.ENABLE_DEBUG}.min{/if}.css" rel="stylesheet" type="text/css">
 
 		<!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
 		<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
diff --git a/templates/default/login.tpl b/templates/default/login.tpl
index 2be7295..1a5e67b 100644
--- a/templates/default/login.tpl
+++ b/templates/default/login.tpl
@@ -7,8 +7,8 @@
 		<meta name="description" content="">
 		<meta name="author" content="">
 		<title>Domain Control Panel</title>
-		<link href="css/default/bootstrap{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.css" rel="stylesheet">
-		<link href="css/default/sb-admin-2{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.css" rel="stylesheet">
+		<link href="css/default/bootstrap{if !$smarty.const.ENABLE_DEBUG}.min{/if}.css" rel="stylesheet">
+		<link href="css/default/sb-admin-2{if !$smarty.const.ENABLE_DEBUG}.min{/if}.css" rel="stylesheet">
 		<!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
 		<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
 		<!--[if lt IE 9]>
@@ -46,7 +46,7 @@
 				</div>
 			</div>
 		</div>
-		<script src="js/default/jquery{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.js"></script>
-		<script src="js/default/bootstrap{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.js"></script>
+		<script src="js/default/jquery{if !$smarty.const.ENABLE_DEBUG}.min{/if}.js"></script>
+		<script src="js/default/bootstrap{if !$smarty.const.ENABLE_DEBUG}.min{/if}.js"></script>
 	</body>
 </html>
diff --git a/templates/default/offline.tpl b/templates/default/offline.tpl
index 414d03d..87bde86 100644
--- a/templates/default/offline.tpl
+++ b/templates/default/offline.tpl
@@ -7,9 +7,9 @@
 		<meta name="description" content="">
 		<meta name="author" content="">
 		<title>Domain Control Panel</title>
-		<link href="css/default/bootstrap{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.css" rel="stylesheet">
+		<link href="css/default/bootstrap{if !$smarty.const.ENABLE_DEBUG}.min{/if}.css" rel="stylesheet">
 		<link href="css/default/sb-admin-2.css" rel="stylesheet">
-		<link href="css/default/font-awesome{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.css" rel="stylesheet" type="text/css">
+		<link href="css/default/font-awesome{if !$smarty.const.ENABLE_DEBUG}.min{/if}.css" rel="stylesheet" type="text/css">
 		<!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
 		<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
 		<!--[if lt IE 9]>
@@ -73,8 +73,8 @@
 			</div>
 		</div>
 
-		<script src="js/default/jquery{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.js"></script>
-		<script src="js/default/bootstrap{if !$smarty.const.ENABLE_DEBUG_MODE}.min{/if}.js"></script>
+		<script src="js/default/jquery{if !$smarty.const.ENABLE_DEBUG}.min{/if}.js"></script>
+		<script src="js/default/bootstrap{if !$smarty.const.ENABLE_DEBUG}.min{/if}.js"></script>
 		<script type="text/javascript">
 			{literal}
 			function loadDomain() {
-- 
2.20.1