From e7216dc0c4cf1c6452f37815bbf94d7bd57e28a0 Mon Sep 17 00:00:00 2001
From: Stricted <info@stricted.de>
Date: Tue, 17 Feb 2015 13:39:26 +0100
Subject: [PATCH] change some structures

---
 lib/page/ActionPage.class.php            | 20 ++++++++++++++++++--
 lib/page/DomainAddPage.class.php         |  3 +++
 lib/page/UserList.class.php              |  3 +++
 lib/system/DNS.class.php                 | 15 ++++++++++++++-
 lib/{system => util}/ParseZone.class.php |  2 +-
 templates/default/header.tpl             |  2 +-
 templates/default/index.tpl              |  8 ++++++--
 7 files changed, 46 insertions(+), 7 deletions(-)
 rename lib/{system => util}/ParseZone.class.php (99%)

diff --git a/lib/page/ActionPage.class.php b/lib/page/ActionPage.class.php
index 00d4e88..13b2e96 100644
--- a/lib/page/ActionPage.class.php
+++ b/lib/page/ActionPage.class.php
@@ -1,6 +1,6 @@
 <?php
 namespace dns\page;
-use dns\system\ParseZone;
+use dns\util\ParseZone;
 use dns\system\DNS;
 use dns\system\User;
 
@@ -19,6 +19,11 @@ class ActionPage extends AbstractPage {
 		$action = trim($_POST['action']);
 		$dataID = intval(trim($_POST['dataID']));
 		if ($action == "toggleDomain") {
+			if (User::isReseller() === false) {
+				echo "failure";
+				exit;
+			}
+			
 			$soaIDs = User::getAccessibleDomains();
 			if (!in_array($dataID, $soaIDs)) {
 				echo "failure";
@@ -38,6 +43,11 @@ class ActionPage extends AbstractPage {
 			exit;
 		}
 		else if ($action == "deleteDomain") {
+			if (User::isReseller() === false) {
+				echo "failure";
+				exit;
+			}
+			
 			$soaIDs = User::getAccessibleDomains();
 			if (!in_array($dataID, $soaIDs)) {
 				echo "failure";
@@ -169,7 +179,7 @@ class ActionPage extends AbstractPage {
 				$row = DNS::getDB()->fetch_array($res);
 				
 				if (empty($row)) {
-					$apiKey = sha1(uniqid(sha1(uniqid().time().uniqid())));
+					$apiKey = DNS::generateRandomID();
 					
 					$sql = "INSERT INTO dns_api (id, userID, apiKey) VALUES (NULL, ?, ?)";
 					DNS::getDB()->query($sql, array($_SESSION['userID'], $apiKey));
@@ -183,6 +193,12 @@ class ActionPage extends AbstractPage {
 			if (isset($_POST['zone']) && !empty($_POST['zone'])) {
 				if ($dataID == 0) {
 					if (isset($_POST['origin']) && !empty($_POST['origin'])) {
+						/*
+						if (User::isReseller() === false) {
+							echo "failure";
+							exit;
+						}
+						*/
 						// new zone
 					}
 				}
diff --git a/lib/page/DomainAddPage.class.php b/lib/page/DomainAddPage.class.php
index a038bb1..333e709 100644
--- a/lib/page/DomainAddPage.class.php
+++ b/lib/page/DomainAddPage.class.php
@@ -12,6 +12,9 @@ class DomainAddPage extends AbstractPage {
 	public $activeMenuItem = 'add';
 	
 	public function prepare() {
+		if (User::isReseller() === false) {
+			throw new \Exeption('Forbidden', 403);
+		}
 		if (isset($_POST['origin']) && isset($_POST['submit'])) {
 			if (!empty($_POST['origin'])) {
 				$origin = $_POST['origin'];
diff --git a/lib/page/UserList.class.php b/lib/page/UserList.class.php
index 3388f37..442b6a0 100644
--- a/lib/page/UserList.class.php
+++ b/lib/page/UserList.class.php
@@ -29,5 +29,8 @@ class UserListPage extends AbstractPage {
 			
 			DNS::getTPL()->assign(array("user" => $user));
 		}
+		else {
+			throw new \Exeption('Forbidden', 403);
+		}
 	}
 }
diff --git a/lib/system/DNS.class.php b/lib/system/DNS.class.php
index 9ab57e5..e75c6ec 100644
--- a/lib/system/DNS.class.php
+++ b/lib/system/DNS.class.php
@@ -183,7 +183,11 @@ class DNS {
 		*/
 		
 		/* assign language variables */
-		self::getTPL()->assign(array("language" => $this->language));
+		self::getTPL()->assign(array(
+				"language" => $this->language,
+				"isReseller" => User::isReseller(),
+				"isAdmin" => User::isAdmin()
+			));
 	}
 	
 	/**
@@ -193,6 +197,15 @@ class DNS {
 		return self::$tplObj;
 	}
 	
+	/**
+	 * Creates a random hash.
+	 * 
+	 * @return	string
+	 */
+	public static function generateRandomID() {
+		return sha1(microtime() . uniqid(mt_rand(), true));
+	}
+	
 	/**
 	 * build options from database
 	 *
diff --git a/lib/system/ParseZone.class.php b/lib/util/ParseZone.class.php
similarity index 99%
rename from lib/system/ParseZone.class.php
rename to lib/util/ParseZone.class.php
index 72a0eab..2806522 100644
--- a/lib/system/ParseZone.class.php
+++ b/lib/util/ParseZone.class.php
@@ -1,5 +1,5 @@
 <?php
-namespace dns\system;
+namespace dns\util;
 
 /**
  * @author      Jan Altensen (Stricted)
diff --git a/templates/default/header.tpl b/templates/default/header.tpl
index 1629602..305941f 100644
--- a/templates/default/header.tpl
+++ b/templates/default/header.tpl
@@ -50,7 +50,7 @@
 								<a href="#"><i class="fa fa-home"></i> Domains<span class="fa arrow"></span></a>
 								<ul class="{if $activeMenuItem == 'index' || $activeMenuItem == 'add' || $activeMenuItem == 'update'}nav nav-second-level collapse in{else}nav nav-second-level{/if}">
 									<li><a {if $activeMenuItem == 'index'}class="active" {/if}href="index.php?page=DomainList"><i class="fa fa-list"></i> Auflisten</a></li>
-									<li><a {if $activeMenuItem == 'add'}class="active" {/if}href="index.php?page=DomainAdd"><i class="fa fa-plus"></i> HinzufÃ¼gen</a></li>
+									{if $isReseller === true}<li><a {if $activeMenuItem == 'add'}class="active" {/if}href="index.php?page=DomainAdd"><i class="fa fa-plus"></i> HinzufÃ¼gen</a></li>{/if}
 								</ul>
 							</li>
 							<li{if $activeMenuItem == 'settings' || $activeMenuItem == 'api'} class="active"{/if}>
diff --git a/templates/default/index.tpl b/templates/default/index.tpl
index 2b86577..3426b6e 100644
--- a/templates/default/index.tpl
+++ b/templates/default/index.tpl
@@ -6,6 +6,7 @@
 		</ol>
 	</div>
 </div>
+{if $isReseller === true}
 <div class="row">
 	<div class="col-lg-12">
 		<div class="page-header pull-right">
@@ -13,6 +14,7 @@
 		</div>
 	</div>
 </div>
+{/if}
 {hascontent}
 	<div class="row">
 		<div class="col-lg-12">
@@ -41,8 +43,10 @@
 									<td>{$domain['serial']}</td>
 									<td>{$domain['rrc']}</td>
 									<td>
-										<span class="fa fa-remove ttips pointer deleteDomain" delete-id="{$domain['id']}" delete-confirm="{lang}domain.delete.message{/lang}" title="{lang}button.delete{/lang}"></span>
-										<span class="fa fa{if $domain['active']}-check{/if}-square-o ttips pointer toggleDomain" toggle-id="{$domain['id']}" title="{if $domain['active']}{lang}button.disable{/lang}{else}{lang}button.enable{/lang}{/if}" data-disable-message="{lang}button.disable{/lang}" data-enable-message="{lang}button.enable{/lang}"></span>
+										{if $isReseller === true}
+											<span class="fa fa-remove ttips pointer deleteDomain" delete-id="{$domain['id']}" delete-confirm="{lang}domain.delete.message{/lang}" title="{lang}button.delete{/lang}"></span>
+											<span class="fa fa{if $domain['active']}-check{/if}-square-o ttips pointer toggleDomain" toggle-id="{$domain['id']}" title="{if $domain['active']}{lang}button.disable{/lang}{else}{lang}button.enable{/lang}{/if}" data-disable-message="{lang}button.disable{/lang}" data-enable-message="{lang}button.enable{/lang}"></span>
+										{/if}
 										<a href="index.php?page=SecList&id={$domain['id']}" class="ttips" title="Edit DNSSEC"><span class="fa fa-key"></span></a>
 									</td>
 								</tr>
-- 
2.20.1