/class/class.manager.php

http://freshdns.googlecode.com/ · PHP · 587 lines · 478 code · 100 blank · 9 comment · 55 complexity · 429ca133863f3635729dc5f213df0b6b MD5 · raw file

  1. <?php
  2. class manager
  3. {
  4. private $database;
  5. /* **************************************** */
  6. function __construct ($database)
  7. {
  8. $this->database = $database;
  9. }
  10. function __destruct () {
  11. unset($this->users, $this->domains, $this->database);
  12. }
  13. /* **************************************** */
  14. function addUser ($username, $password, $fullname, $email, $description, $level, $active, $maxdomains)
  15. {
  16. if($_SESSION['level']<10)
  17. {
  18. throw new Exception("No rights");
  19. return false;
  20. }
  21. $query = "INSERT INTO `users` ( `id` , `username` , `password` , `fullname` , `email` , `description` , `level` , `active` , `maxdomains`) VALUES
  22. ('', '".$this->database->escape_string($username)."', '".$this->database->escape_string($password)."', '".$this->database->escape_string($fullname)."',
  23. '".$this->database->escape_string($email)."', '".$this->database->escape_string($description)."', '".$this->database->escape_string($level)."',
  24. '".$this->database->escape_string($active)."', '".$this->database->escape_string($maxdomains)."');";
  25. if($this->database->query_master($query))
  26. {
  27. return mysql_insert_id();
  28. }else
  29. {
  30. throw new Exception($this->database->error());
  31. }
  32. }
  33. function getUser ($userId)
  34. {
  35. $query = "SELECT * FROM users WHERE id = '".$this->database->escape_string($userId)."'";
  36. $query = $this->database->query_slave($query) or die ($this->database->error());
  37. if($this->database->num_rows($query)==0)
  38. {
  39. return '';
  40. }else
  41. {
  42. return $this->database->fetch_array($query);
  43. }
  44. }
  45. function updateUser ($orgUserId, $userId, $username, $password, $fullname, $email, $description, $level, $active, $maxdomains)
  46. {
  47. $query = "UPDATE `users`
  48. SET `username`='".$this->database->escape_string($username)."',
  49. `fullname`='".$this->database->escape_string($fullname)."', `email`='".$this->database->escape_string($email)."',
  50. `description`='".$this->database->escape_string($description)."',";
  51. if($_SESSION['level']>5)
  52. {
  53. $query .= " `level`='".$this->database->escape_string($level)."', `active`='".$this->database->escape_string($active)."', `maxdomains`='".$this->database->escape_string($maxdomains)."',";
  54. }
  55. if($password!="")
  56. {
  57. $query .= " `password`='".$this->database->escape_string(md5($password))."',";
  58. }
  59. $query .= " `id`='".$this->database->escape_string($userId)."'
  60. WHERE `id`='".$this->database->escape_string($orgUserId)."' LIMIT 1;";
  61. if($_SESSION['level']<5 && $_SESSION['userId']!=$orgUserId || $_SESSION['level']>=5)
  62. {
  63. if($this->database->query_master($query))
  64. {
  65. return true;
  66. }else
  67. {
  68. throw new Exception ($this->database->error());
  69. }
  70. }
  71. }
  72. function removeUser ($userId)
  73. {
  74. if($_SESSION['level']>=5)
  75. {
  76. $query = "DELETE FROM `users` WHERE `id`='".$this->database->escape_string($userId)."' LIMIT 1;";
  77. if($this->database->query_master($query))
  78. {
  79. return true;
  80. }else
  81. {
  82. throw new Exception ($this->database->error());
  83. }
  84. }
  85. }
  86. function removeUserData ($userId)
  87. {
  88. if($_SESSION['level']>=5)
  89. {
  90. $query = "DELETE FROM zones z, domains d, records r USING zones z, domains d, records r
  91. WHERE z.domain_id = d.id AND
  92. z.domain_id = r.domain_id AND
  93. z.owner = '".$this->database->escape_string($userId)."';";
  94. if($this->database->query_master($query))
  95. {
  96. return true;
  97. }else
  98. {
  99. throw new Exception ($this->database->error());
  100. }
  101. }
  102. }
  103. /* **************************************** */
  104. function addZone ($domainId, $userId, $comment)
  105. {
  106. if($_SESSION['level']<5)
  107. {
  108. $userId = $_SESSION['userId'];
  109. }
  110. $query = "INSERT INTO `zones` ( `id` , `domain_id` , `owner` , `comment` )
  111. VALUES ( NULL , '".$this->database->escape_string($domainId)."', '".$this->database->escape_string($userId)."', '".$this->database->escape_string($comment)."' );";
  112. if($this->database->query_master($query))
  113. {
  114. return mysql_insert_id();
  115. }else
  116. {
  117. throw new Exception($this->database->error());
  118. }
  119. }
  120. function editZone ($domainId, $userId)
  121. {
  122. $query = "UPDATE `zones` SET owner='".$this->database->escape_string($userId)."' WHERE `domain_id` = '".$this->database->escape_string($domainId)."'";
  123. if($_SESSION['level']<5)
  124. {
  125. $query .= " AND owner = '".$this->database->escape_string($_SESSION['userId'])."'";
  126. }
  127. $query .= " LIMIT 1;";
  128. if($this->database->query_master($query))
  129. {
  130. return true;
  131. }else
  132. {
  133. throw new Exception ($this->database->error());
  134. }
  135. }
  136. function removeZone ($zoneId)
  137. {
  138. $query = "DELETE FROM `zones` WHERE `id` = '".$this->database->escape_string($zoneId)."'";
  139. if($_SESSION['level']<5)
  140. {
  141. $query .= " AND owner = '".$this->database->escape_string($_SESSION['userId'])."'";
  142. }
  143. $query .= " LIMIT 1;";
  144. if($this->database->query_master($query))
  145. {
  146. return true;
  147. }else
  148. {
  149. throw new Exception ($this->database->error());
  150. }
  151. }
  152. function removeZoneByDomainId ($domainId)
  153. {
  154. $query = "DELETE FROM `zones` WHERE `domain_id` = '".$this->database->escape_string($domainId)."'";
  155. if($_SESSION['level']<5)
  156. {
  157. $query .= " AND owner = '".$this->database->escape_string($_SESSION['userId'])."'";
  158. }
  159. if($this->database->query_master($query))
  160. {
  161. return true;
  162. }else
  163. {
  164. throw new Exception ($this->database->error());
  165. }
  166. }
  167. /* **************************************** */
  168. function getDomain ($domainId)
  169. {
  170. $query = "SELECT * FROM domains WHERE id='".$this->database->escape_string($domainId)."'";
  171. $query = $this->database->query_slave($query) or die ($this->database->error());
  172. if($this->database->num_rows($query)==0)
  173. {
  174. return '';
  175. }else
  176. {
  177. return $this->database->fetch_array($query);
  178. }
  179. }
  180. function addDomain ($name, $master, $lastCheck, $type, $notifiedSerial, $account)
  181. {
  182. if($_SESSION['level'] == 1)
  183. {
  184. if(!$this->canAddDomainCheckMax($_SESSION['userId']))
  185. {
  186. throw new Exception("Max domain setting reached. Please ask your host to update your max domains setting.");
  187. $error = 1;
  188. }
  189. }
  190. if($error != 1)
  191. {
  192. $query = "INSERT INTO `domains` ( `id` , `name` , `master` , `last_check` , `type` , `notified_serial` , `account` ) VALUES
  193. ('', '".$this->database->escape_string(trim($name))."', '".$this->database->escape_string($master)."' , '".$this->database->escape_string($lastCheck)."' ,
  194. '".$this->database->escape_string($type)."', '".$this->database->escape_string($notifiedSerial)."' , '".$this->database->escape_string($account)."');";
  195. if($this->database->query_master($query))
  196. {
  197. return mysql_insert_id();
  198. }else
  199. {
  200. throw new Exception($this->database->error());
  201. }
  202. }
  203. }
  204. function updateDomain ($orgDomainId, $domainId, $name, $master, $lastCheck, $type, $notifiedSerial, $account)
  205. {
  206. $query = "UPDATE `domains` SET `id` = '".$this->database->escape_string($domainId)."', `name` = '".$this->database->escape_string($name)."',
  207. `master` = '".$this->database->escape_string($master)."', `last_check` = '".$this->database->escape_string($lastCheck)."',
  208. `type` = '".$this->database->escape_string($type)."', `notified_serial` = '".$this->database->escape_string($notifiedSerial)."',
  209. `account` = '".$this->database->escape_string($account)."'
  210. WHERE `id` = '".$this->database->escape_string($orgDomainId)."' LIMIT 1;";
  211. if($this->database->query_master($query))
  212. {
  213. return true;
  214. }else
  215. {
  216. throw new Exception ($this->database->error());
  217. }
  218. }
  219. function removeDomain ($domainId)
  220. {
  221. $query = "DELETE FROM `domains` WHERE `id`='".$this->database->escape_string($domainId)."' LIMIT 1;";
  222. if($this->database->query_master($query))
  223. {
  224. return true;
  225. }else
  226. {
  227. throw new Exception ($this->database->error());
  228. }
  229. }
  230. function canAddDomainCheckMax ($userId)
  231. {
  232. $query = "SELECT count(owner) AS current FROM zones WHERE owner = ".$this->database->escape_string($userId);
  233. $query = $this->database->query_slave($query) or die ($this->database->error());
  234. $record = $this->database->fetch_array($query);
  235. $user = $this->getUser($userId);
  236. if($record['current'] < $user['maxdomains'] || $user['maxdomains'] == 0)
  237. {
  238. return true;
  239. }
  240. return false;
  241. }
  242. function searchDomains ($q)
  243. {
  244. if(strlen($q)<2) // SEARCHES SMALLER THAN 2 ARE USELESS AND TAKE UP CPU :@
  245. {
  246. return '';
  247. }
  248. $return = array();
  249. $query = "SELECT d.id, d.name, count(r.id) AS records, fullname, u.id AS userId
  250. FROM domains d, records r, zones z, users u
  251. WHERE d.id=r.domain_id AND
  252. d.id = z.domain_id AND
  253. z.owner = u.id AND";
  254. if($_SESSION['level']==1)
  255. {
  256. $query .= " z.owner = '".$_SESSION['userId']."' AND";
  257. }
  258. $query .= " d.name LIKE '%".addslashes($q)."%'
  259. GROUP BY r.domain_id
  260. ORDER BY name";
  261. $query = $this->database->query_slave($query) or die ($this->database->error());
  262. if($this->database->num_rows($query)==0)
  263. {
  264. return '';
  265. }else
  266. {
  267. while($record=$this->database->fetch_array($query))
  268. {
  269. $return[] = $record;
  270. }
  271. return $return;
  272. }
  273. }
  274. function getListByLetter ($letter)
  275. {
  276. $query = "SELECT d.id, d.name, d.name REGEXP '^".$letter."' AS regex, count(r.id) AS records, fullname, u.id AS userId
  277. FROM domains d, records r, zones z, users u
  278. WHERE d.id=r.domain_id AND
  279. d.id = z.domain_id AND";
  280. if($_SESSION['level']==1)
  281. {
  282. $query .= " z.owner = '".$_SESSION['userId']."' AND";
  283. }
  284. $query .= " z.owner = u.id
  285. GROUP BY r.domain_id
  286. HAVING regex = 1
  287. ORDER BY name;";
  288. $query = $this->database->query_slave($query) or die ($this->database->error());
  289. if($this->database->num_rows($query)==0)
  290. {
  291. return '';
  292. }else
  293. {
  294. while($record=$this->database->fetch_array($query))
  295. {
  296. $return[] = $record;
  297. }
  298. return $return;
  299. }
  300. }
  301. function getListByOwner ($userId)
  302. {
  303. if($_SESSION['level']>=5)
  304. {
  305. $query = "SELECT d.id, d.name, count(r.id) AS records, fullname, u.id AS userId
  306. FROM domains d, records r, zones z, users u
  307. WHERE d.id=r.domain_id AND
  308. d.id = z.domain_id AND
  309. z.owner = u.id AND
  310. z.owner = '".$userId."'
  311. GROUP BY r.domain_id
  312. ORDER BY name;";
  313. $query = $this->database->query_slave($query) or die ($this->database->error());
  314. if($this->database->num_rows($query)==0)
  315. {
  316. return '';
  317. }else
  318. {
  319. while($record=$this->database->fetch_array($query))
  320. {
  321. $return[] = $record;
  322. }
  323. return $return;
  324. }
  325. }
  326. }
  327. function getAllOwners ()
  328. {
  329. $query = "SELECT id, fullname, level FROM users ORDER BY fullname";
  330. $query = $this->database->query_slave($query) or die ($this->database->error());
  331. if($this->database->num_rows($query)==0)
  332. {
  333. throw new Exception("No records found");
  334. }else
  335. {
  336. while($record=$this->database->fetch_array($query))
  337. {
  338. $return[] = $record;
  339. }
  340. return $return;
  341. }
  342. }
  343. function transferDomain ($domainId, $owner)
  344. {
  345. if($_SESSION['level']<5)
  346. {
  347. throw new Exception("No rights");
  348. return false;
  349. }
  350. $query = "UPDATE zones SET owner='".$this->database->escape_string($owner)."' WHERE domain_id='".$this->database->escape_string($domainId)."'";
  351. if($this->database->query_master($query))
  352. {
  353. return true;
  354. }else
  355. {
  356. throw new Exception($this->database->error());
  357. return false;
  358. }
  359. }
  360. /* **************************************** */
  361. function addRecord ($domainId, $name, $type, $content, $ttl, $prio, $changeDate)
  362. {
  363. $query = "INSERT INTO `records` ( `id` , `domain_id` , `name` , `type` , `content` , `ttl` , `prio` , `change_date` ) VALUES
  364. ( '', '".$this->database->escape_string($domainId)."', '".$this->database->escape_string(trim($name))."', '".$this->database->escape_string($type)."',
  365. '".$this->database->escape_string($content)."', '".$this->database->escape_string($ttl)."', '".$this->database->escape_string($prio)."', '".$this->database->escape_string($changeDate)."');";
  366. if($this->database->query_master($query))
  367. {
  368. // UPDATE THE SOA SERIAL
  369. $this->updateSoaSerial($domainId);
  370. return mysql_insert_id();
  371. }else
  372. {
  373. throw new Exception($this->database->error());
  374. }
  375. }
  376. function updateRecord ($orgRecordId, $recordId, $domainId, $name, $type, $content, $ttl, $prio, $changeDate, $updateSerial = true)
  377. {
  378. $query = "UPDATE `records` SET
  379. `id` = '".$this->database->escape_string($recordId)."', `domain_id` = '".$this->database->escape_string($domainId)."',
  380. `name` = '".$this->database->escape_string($name)."', `type` = '".$this->database->escape_string($type)."',
  381. `content` = '".$this->database->escape_string($content)."', `ttl` = '".$this->database->escape_string($ttl)."',
  382. `prio` = '".$this->database->escape_string($prio)."', `change_date` = '".$this->database->escape_string($changeDate)."'
  383. WHERE `id` = '".$this->database->escape_string($orgRecordId)."' LIMIT 1;";
  384. if($this->database->query_master($query))
  385. {
  386. if($updateSerial)
  387. {
  388. // UPDATE THE SOA SERIAL
  389. $this->updateSoaSerial($domainId);
  390. }
  391. return true;
  392. }else
  393. {
  394. throw new Exception ($this->database->error());
  395. }
  396. }
  397. function removeRecord ($recordId, $domainId)
  398. {
  399. $query = "DELETE records FROM records, zones WHERE records.domain_id = zones.domain_id AND";
  400. if($_SESSION['level']<5)
  401. {
  402. $query .= " zones.owner = '".$_SESSION['userId']."' AND";
  403. }
  404. $query .= " records.id='".$this->database->escape_string($recordId)."'";
  405. if($this->database->query_master($query))
  406. {
  407. // UPDATE THE SOA SERIAL
  408. $this->updateSoaSerial($domainId);
  409. return true;
  410. }else
  411. {
  412. throw new Exception ($this->database->error());
  413. }
  414. }
  415. function getAllRecords ($domainId)
  416. {
  417. $query = "SELECT * FROM zones z, records r
  418. WHERE r.domain_id = z.domain_id AND";
  419. if($_SESSION['level']<5)
  420. {
  421. $query .= " z.owner = '".$_SESSION['userId']."' AND";
  422. }
  423. $query .= " r.domain_id = '".$this->database->escape_string($domainId)."'
  424. ORDER BY r.type DESC, r.prio ASC, r.name ASC";
  425. $query = $this->database->query_slave($query) or die ($this->database->error());
  426. if($this->database->num_rows($query)==0)
  427. {
  428. return '';
  429. }else
  430. {
  431. while($record=$this->database->fetch_array($query))
  432. {
  433. $return[] = $record;
  434. }
  435. return $return;
  436. }
  437. }
  438. function removeAllRecords ($domainId)
  439. {
  440. $query = "DELETE records FROM records, zones
  441. WHERE records.domain_id = zones.domain_id AND";
  442. if($_SESSION['level']<5)
  443. {
  444. $query .= " zones.owner = '".$_SESSION['userId']."' AND";
  445. }
  446. $query .= " records.domain_id='".$this->database->escape_string($domainId)."';";
  447. if($this->database->query_master($query))
  448. {
  449. return true;
  450. }else
  451. {
  452. throw new Exception ($this->database->error());
  453. }
  454. }
  455. function createNewSoaSerial ()
  456. {
  457. return date("Ymd").'00';
  458. }
  459. function updateSoaSerial ($domainId)
  460. {
  461. $query = "SELECT content FROM records WHERE domain_id='".$this->database->escape_string($domainId)."' AND type='SOA'";
  462. $query = $this->database->query_slave($query) or die ($this->database->error());
  463. $record = $this->database->fetch_array($query);
  464. $soa = explode(" ", $record['content']);
  465. if(substr($soa[2], 0, 8) != date("Ymd")) // IF THE SOA ISN'T OF TODAY THEN CREATE A NEW SOA
  466. {
  467. $soa[2] = $this->createNewSoaSerial();
  468. }else // SOA + 1
  469. {
  470. $soa[2]++;
  471. }
  472. return $this->setSoaSerial ($domainId, $soa[0], $soa[1], $soa[2]);
  473. }
  474. function setSoaSerial ($domainId, $ns0, $hostmaster, $serial)
  475. {
  476. $query = "UPDATE records SET content='".$this->database->escape_string($ns0." ".$hostmaster." ".$serial)."' WHERE domain_id='".$this->database->escape_string($domainId)."' AND type='SOA'";
  477. if($this->database->query_master($query))
  478. {
  479. return true;
  480. }else
  481. {
  482. throw new Exception ($this->database->error());
  483. }
  484. }
  485. /* **************************************** */
  486. }
  487. ?>