Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.

dynamic_update.php 5.6KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182
  1. <?php
  2. /* Poweradmin, a friendly web-based admin tool for PowerDNS.
  3. * See <http://www.poweradmin.org> for more details.
  4. *
  5. * Copyright 2007-2010 Rejo Zenger <rejo@zenger.nl>
  6. * Copyright 2010-2014 Poweradmin Development Team
  7. * <http://www.poweradmin.org/credits.html>
  8. *
  9. * This program is free software: you can redistribute it and/or modify
  10. * it under the terms of the GNU General Public License as published by
  11. * the Free Software Foundation, either version 3 of the License, or
  12. * (at your option) any later version.
  13. *
  14. * This program is distributed in the hope that it will be useful,
  15. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. * GNU General Public License for more details.
  18. *
  19. * You should have received a copy of the GNU General Public License
  20. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  21. */
  22. /**
  23. * Script that handles requests to update DNS records, required for clients
  24. * with dynamic ip addresses
  25. *
  26. * @package Poweradmin
  27. * @copyright 2007-2010 Rejo Zenger <rejo@zenger.nl>
  28. * @copyright 2010-2014 Poweradmin Development Team
  29. * @license http://opensource.org/licenses/GPL-3.0 GPL
  30. */
  31. require('inc/config.inc.php');
  32. require('inc/database.inc.php');
  33. $db = dbConnect();
  34. /** Make sql query safe
  35. *
  36. * @param mixed $value Unsafe Value
  37. *
  38. * @return mixed $value Safe Value
  39. */
  40. function safe($value) {
  41. global $db, $db_type, $db_layer;
  42. if ($db_type == 'mysql') {
  43. if ($db_layer == 'MDB2') {
  44. $value = mysql_real_escape_string($value);
  45. } elseif ($db_layer == 'PDO') {
  46. $value = $db->quote($value, 'text');
  47. $value = substr($value, 1, -1); // remove quotes
  48. }
  49. } else {
  50. return status_exit('baddbtype');
  51. }
  52. return $value;
  53. }
  54. /** Get exit status message
  55. *
  56. * Print verbose status message for request
  57. *
  58. * @param string $status Short status message
  59. *
  60. * @return boolean false
  61. */
  62. function status_exit($status) {
  63. $verbose_codes = array(
  64. 'badagent' => 'Your user agent is not valid.',
  65. 'badauth' => 'Invalid username or password. Authentication failed.',
  66. 'notfqdn' => 'The hostname you specified was not valid.',
  67. 'dnserr' => 'A DNS error has occurred on our end. We apologize for any inconvenience.',
  68. '!yours' => 'The specified hostname does not belong to you.',
  69. 'nohost' => 'The specified hostname does not exist.',
  70. 'good' => 'Your hostname has been updated.',
  71. '911' => 'A critical error has occurred on our end. We apologize for any inconvenience.',
  72. 'nochg' => 'This update was identical to your last update, so no changes were made to your hostname configuration.',
  73. 'baddbtype' => 'Unsupported database type',
  74. );
  75. if (isset($_REQUEST['verbose'])) {
  76. $pieces = preg_split('/\s/', $status);
  77. $status = $verbose_codes[$pieces[0]];
  78. }
  79. echo "$status\n";
  80. return false;
  81. }
  82. if (!(isset($_SERVER)) && !$_SERVER['HTTP_USER_AGENT']) {
  83. return status_exit('badagent');
  84. }
  85. // Grab username & password based on HTTP auth, alternatively the query string
  86. if (isset($_SERVER['PHP_AUTH_USER'])) {
  87. $auth_username = $_SERVER['PHP_AUTH_USER'];
  88. } elseif (isset($_REQUEST['username'])) {
  89. $auth_username = $_REQUEST['username'];
  90. }
  91. if (isset($_SERVER['PHP_AUTH_PW'])) {
  92. $auth_password = $_SERVER['PHP_AUTH_PW'];
  93. } elseif (isset($_REQUEST['password'])) {
  94. $auth_password = $_REQUEST['password'];
  95. }
  96. // If we still don't have a username, throw up
  97. if (!isset($auth_username)) {
  98. header('WWW-Authenticate: Basic realm="DNS Update"');
  99. header('HTTP/1.0 401 Unauthorized');
  100. return status_exit('badauth');
  101. }
  102. $username = safe($auth_username);
  103. // FIXME: supports only md5 hashes
  104. $password = md5(safe($auth_password));
  105. $hostname = safe($_REQUEST['hostname']);
  106. // Grab IP to use
  107. $given_ip = "";
  108. if (!empty($_REQUEST['myip'])) {
  109. $given_ip = $_REQUEST['myip'];
  110. } elseif (!empty($_REQUEST['ip'])) {
  111. $given_ip = $_REQUEST['ip'];
  112. }
  113. // Look for tag tograb the IP we coming from
  114. if ($given_ip == "whatismyip") {
  115. $given_ip = $_SERVER['REMOTE_ADDR'];
  116. }
  117. // Finally get save version of the IP
  118. $ip = safe($given_ip);
  119. // Check its ok...
  120. if (!preg_match('/^((?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/i', $ip)) {
  121. return status_exit('dnserr');
  122. }
  123. if (!strlen($hostname)) {
  124. return status_exit('notfqdn');
  125. }
  126. $user_query = "
  127. SELECT
  128. users.id
  129. FROM
  130. users, perm_templ, perm_templ_items, perm_items
  131. WHERE
  132. users.username = '$username'
  133. AND users.password = '$password'
  134. AND users.active = 1
  135. AND perm_templ.id = users.perm_templ
  136. AND perm_templ_items.templ_id = perm_templ.id
  137. AND perm_items.id = perm_templ_items.perm_id
  138. AND (
  139. perm_items.name = 'zone_content_edit_own'
  140. OR perm_items.name = 'zone_content_edit_others'
  141. )
  142. ";
  143. $user = $db->queryRow($user_query);
  144. if (!$user) {
  145. return status_exit('badauth');
  146. }
  147. $zones_query = "SELECT domain_id FROM zones WHERE owner='{$user["id"]}'";
  148. $zones_result = $db->query($zones_query);
  149. $was_updated = false;
  150. while ($zone = $zones_result->fetchRow()) {
  151. $name_query = "SELECT name FROM records WHERE domain_id='{$zone["domain_id"]}' and type = 'A'";
  152. $result = $db->query($name_query);
  153. while ($record = $result->fetchRow()) {
  154. if ($hostname == $record['name']) {
  155. $update_query = "UPDATE records SET content ='{$ip}' where name='{$record["name"]}' and type='A'";
  156. $update_result = $db->query($update_query);
  157. $was_updated = true;
  158. }
  159. }
  160. }
  161. return ($was_updated ? status_exit('good') : status_exit('!yours'));