robin.thoni
/
docker-pdns-server
Watch 1
Star 0
Fork 0
Code Issues 4 Pull Requests 0 Releases 8 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
31 Commits
2 Branches
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
docker-pdns-server/poweradmin/poweradmin-2.1.7/dynamic_update.php

dynamic_update.php 5.6KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182 
  1. <?php

  2. 

  3. /*  Poweradmin, a friendly web-based admin tool for PowerDNS.

  4.  *  See <http://www.poweradmin.org> for more details.

  5.  *

  6.  *  Copyright 2007-2010  Rejo Zenger <rejo@zenger.nl>

  7.  *  Copyright 2010-2014  Poweradmin Development Team

  8.  *      <http://www.poweradmin.org/credits.html>

  9.  *

  10.  *  This program is free software: you can redistribute it and/or modify

  11.  *  it under the terms of the GNU General Public License as published by

  12.  *  the Free Software Foundation, either version 3 of the License, or

  13.  *  (at your option) any later version.

  14.  *

  15.  *  This program is distributed in the hope that it will be useful,

  16.  *  but WITHOUT ANY WARRANTY; without even the implied warranty of

  17.  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  18.  *  GNU General Public License for more details.

  19.  *

  20.  *  You should have received a copy of the GNU General Public License

  21.  *  along with this program.  If not, see <http://www.gnu.org/licenses/>.

  22.  */

  23. 

  24. /**

  25.  * Script that handles requests to update DNS records, required for clients

  26.  * with dynamic ip addresses

  27.  *

  28.  * @package     Poweradmin

  29.  * @copyright   2007-2010 Rejo Zenger <rejo@zenger.nl>

  30.  * @copyright   2010-2014 Poweradmin Development Team

  31.  * @license     http://opensource.org/licenses/GPL-3.0 GPL

  32.  */

  33. require('inc/config.inc.php');

  34. require('inc/database.inc.php');

  35. 

  36. $db = dbConnect();

  37. 

  38. /** Make sql query safe

  39.  *

  40.  * @param mixed $value Unsafe Value

  41.  *

  42.  * @return mixed $value Safe Value

  43.  */

  44. function safe($value) {

  45.     global $db, $db_type, $db_layer;

  46. 

  47.     if ($db_type == 'mysql') {

  48.         if ($db_layer == 'MDB2') {

  49.             $value = mysql_real_escape_string($value);

  50.         } elseif ($db_layer == 'PDO') {

  51.             $value = $db->quote($value, 'text');

  52.             $value = substr($value, 1, -1); // remove quotes

  53.         }

  54.     } else {

  55.         return status_exit('baddbtype');

  56.     }

  57. 

  58.     return $value;

  59. }

  60. 

  61. /** Get exit status message

  62.  *

  63.  * Print verbose status message for request

  64.  *

  65.  * @param string $status Short status message

  66.  *

  67.  * @return boolean false

  68.  */

  69. function status_exit($status) {

  70.     $verbose_codes = array(

  71.         'badagent' => 'Your user agent is not valid.',

  72.         'badauth' => 'Invalid username or password.  Authentication failed.',

  73.         'notfqdn' => 'The hostname you specified was not valid.',

  74.         'dnserr' => 'A DNS error has occurred on our end.  We apologize for any inconvenience.',

  75.         '!yours' => 'The specified hostname does not belong to you.',

  76.         'nohost' => 'The specified hostname does not exist.',

  77.         'good' => 'Your hostname has been updated.',

  78.         '911' => 'A critical error has occurred on our end.  We apologize for any inconvenience.',

  79.         'nochg' => 'This update was identical to your last update, so no changes were made to your hostname configuration.',

  80.         'baddbtype' => 'Unsupported database type',

  81.     );

  82. 

  83.     if (isset($_REQUEST['verbose'])) {

  84.         $pieces = preg_split('/\s/', $status);

  85.         $status = $verbose_codes[$pieces[0]];

  86.     }

  87.     echo "$status\n";

  88.     return false;

  89. }

  90. 

  91. if (!(isset($_SERVER)) && !$_SERVER['HTTP_USER_AGENT']) {

  92.     return status_exit('badagent');

  93. }

  94. 

  95. // Grab username & password based on HTTP auth, alternatively the query string

  96. if (isset($_SERVER['PHP_AUTH_USER'])) {

  97. 	$auth_username = $_SERVER['PHP_AUTH_USER'];

  98. } elseif (isset($_REQUEST['username'])) {

  99. 	$auth_username = $_REQUEST['username'];

  100. }

  101. if (isset($_SERVER['PHP_AUTH_PW'])) {

  102. 	$auth_password = $_SERVER['PHP_AUTH_PW'];

  103. } elseif (isset($_REQUEST['password'])) {

  104. 	$auth_password = $_REQUEST['password'];

  105. }

  106. 

  107. // If we still don't have a username, throw up

  108. if (!isset($auth_username)) {

  109.     header('WWW-Authenticate: Basic realm="DNS Update"');

  110.     header('HTTP/1.0 401 Unauthorized');

  111.     return status_exit('badauth');

  112. }

  113. 

  114. $username = safe($auth_username);

  115. // FIXME: supports only md5 hashes

  116. $password = md5(safe($auth_password));

  117. $hostname = safe($_REQUEST['hostname']);

  118. 

  119. // Grab IP to use

  120. $given_ip = "";

  121. if (!empty($_REQUEST['myip'])) {

  122. 	$given_ip = $_REQUEST['myip'];

  123. 

  124. } elseif (!empty($_REQUEST['ip'])) {

  125. 	$given_ip = $_REQUEST['ip'];

  126. 

  127. }

  128. // Look for tag tograb the IP we coming from

  129. if ($given_ip == "whatismyip") {

  130. 	$given_ip = $_SERVER['REMOTE_ADDR'];

  131. }

  132. // Finally get save version of the IP

  133. $ip = safe($given_ip);

  134. // Check its ok...

  135. if (!preg_match('/^((?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/i', $ip)) {

  136.     return status_exit('dnserr');

  137. }

  138. 

  139. if (!strlen($hostname)) {

  140.     return status_exit('notfqdn');

  141. }

  142. 

  143. $user_query = "

  144. 	SELECT

  145. 		users.id

  146. 	FROM

  147. 		users, perm_templ, perm_templ_items, perm_items

  148. 	WHERE

  149. 		users.username = '$username'

  150. 		AND users.password = '$password'

  151. 		AND users.active = 1

  152. 		AND perm_templ.id = users.perm_templ

  153. 		AND perm_templ_items.templ_id = perm_templ.id

  154. 		AND perm_items.id = perm_templ_items.perm_id

  155. 		AND (

  156. 				perm_items.name = 'zone_content_edit_own'

  157. 				OR perm_items.name = 'zone_content_edit_others'

  158. 		)

  159. ";

  160. $user = $db->queryRow($user_query);

  161. if (!$user) {

  162.     return status_exit('badauth');

  163. }

  164. 

  165. $zones_query = "SELECT domain_id FROM zones WHERE owner='{$user["id"]}'";

  166. $zones_result = $db->query($zones_query);

  167. $was_updated = false;

  168. 

  169. while ($zone = $zones_result->fetchRow()) {

  170.     $name_query = "SELECT name FROM records WHERE domain_id='{$zone["domain_id"]}' and type = 'A'";

  171.     $result = $db->query($name_query);

  172. 

  173.     while ($record = $result->fetchRow()) {

  174.         if ($hostname == $record['name']) {

  175.             $update_query = "UPDATE records SET content ='{$ip}' where name='{$record["name"]}' and type='A'";

  176.             $update_result = $db->query($update_query);

  177.             $was_updated = true;

  178.         }

  179.     }

  180. }

  181. 

  182. return ($was_updated ? status_exit('good') : status_exit('!yours'));