PageRenderTime 50ms CodeModel.GetById 18ms RepoModel.GetById 1ms app.codeStats 0ms

/index.php

http://github.com/shupp/VegaDNS
PHP | 263 lines | 159 code | 62 blank | 42 comment | 72 complexity | 797259903aba854a970aed40c7ad7d05 MD5 | raw file
Possible License(s): GPL-2.0, LGPL-2.1 
    

  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4.  *
    5. 

  5.  * VegaDNS - DNS Administration Tool for use with djbdns
    6. 

  6.  *
    7. 

  7.  * CREDITS:
    8. 

  8.  * Written by Bill Shupp
    9. 

  9.  * <hostmaster@shupp.org>
    10. 

  10.  *
    11. 

  11.  * LICENSE:
    12. 

  12.  * This software is distributed under the GNU General Public License
    13. 

  13.  * Copyright 2003-2016, Bill Shupp
    14. 

  14.  * see COPYING for details
    15. 

  15.  *
    16. 

  16.  */
    17. 

  17. 

  18. 

  19. 

  20. // PHP INIT/SECURITY STUFF
    21. 

  21. ini_set('display_errors', 0);
    22. 

  22. ini_set('display_startup_errors', 0);
    23. 

  23. ini_set('log_errors', 1);
    24. 

  24. ini_set('allow_url_fopen', 0);
    25. 

  25. ini_set('session.use_cookies',0);
    26. 

  26. ini_set('session.use_only_cookies', 0);
    27. 

  27. ini_set('error_reporting', E_ALL & ~E_DEPRECATED);
    28. 

  28. 

  29. // Smarty
    30. 

  30. define('SMARTY_DIR', 'smarty/');
    31. 

  31. require(SMARTY_DIR.'/Smarty.class.php');
    32. 

  32. $smarty = new Smarty;
    33. 

  33. $smarty->assign('php_self', $_SERVER['PHP_SELF']);
    34. 

  34. 

  35. // Get configuration settings
    36. 

  36. require('src/config.php');
    37. 

  37. 

  38. // Set version
    39. 

  39. $smarty->assign('version', $version);
    40. 

  40. 

  41. // Get functions
    42. 

  42. require('src/functions.php');
    43. 

  43. 

  44. // Get IPv6 Functions
    45. 

  45. require_once 'src/Net/IPv6.php';
    46. 

  46. 

  47. // Get PDO wrapper and connect
    48. 

  48. require_once 'src/VDB.php';
    49. 

  49. try {
    50. 

  50.     $pdo = VDB::singleton();
    51. 

  51. } catch (Exception $e) {
    52. 

  52.     echo "Error connecting to database: " . $e->getMessage();
    53. 

  53.     exit;
    54. 

  54. }
    55. 

  55. 

  56. // Make sure the private_dirs exist and are writable
    57. 

  57. if(!is_writable($session_dir)) die("Error: $session_dir is not writabale.  Please read INSTALL");
    58. 

  58. if(!is_writable("$private_dirs/templates_c")) die("Error: $private_dirs/templates_c is not writabale.  Please read INSTALL");
    59. 

  59. if(!is_writable("$private_dirs/configs")) die("Error: $private_dirs/configs is not writabale.  Please read INSTALL");
    60. 

  60. if(!is_writable("$private_dirs/cache")) die("Error: $private_dirs/cache is not writabale.  Please read INSTALL");
    61. 

  61. 

  62. 

  63. if(isset($_REQUEST['state']) && $_REQUEST['state'] == 'get_data') {
    64. 

  64. 

  65.     // Check trusted hosts
    66. 

  66.     $array = explode(',',$trusted_hosts);
    67. 

  67.     $remote_addr = ip2long($_SERVER['REMOTE_ADDR']);
    68. 

  68.     while((list($key,$value) = each($array)) && $trusted == 0) {
    69. 

  69.         $cidr = explode("/", trim($value), 2);
    70. 

  70.         $addr = ip2long($cidr[0]);
    71. 

  71.         $len = (count($cidr) == 2) ? intval($cidr[1]) : 32;
    72. 

  72.         $shift = 32 - $len;
    73. 

  73.         if (($remote_addr >> $shift) == ($addr >> $shift)) {
    74. 

  74.             $trusted = 1;
    75. 

  75.             break;
    76. 

  76.         }
    77. 

  77.     }
    78. 

  78. 

  79.     if($trusted == 1) {
    80. 

  80.         // EXPORT DATA
    81. 

  81.         header("Content-type: text/plain");
    82. 

  82.         require('src/data.php');
    83. 

  83.     } else {
    84. 

  84.         header($_SERVER['SERVER_PROTOCOL'] . " 403 Forbidden");
    85. 

  85.         echo "Error: Host ".$_SERVER['REMOTE_ADDR']." is not authorized to access this page";
    86. 

  86.     }
    87. 

  87.     exit;
    88. 

  88. }
    89. 

  89. 

  90. // Setup session
    91. 

  91. session_name('VDNSSessid');
    92. 

  92. if (isset($use_mysql_sessions) && $use_mysql_sessions == true) {
    93. 

  93.     require_once 'src/MySQLSessions.php';
    94. 

  94.     $mysql_sessions = MysqlSessions::singleton();
    95. 

  95. } else {
    96. 

  96.     session_save_path($session_dir);
    97. 

  97.     session_start();
    98. 

  98. }
    99. 

  99. $smarty->assign('session_name', session_name());
    100. 

  100. $smarty->assign('session_id', session_id());
    101. 

  101. 

  102. if(!isset($_REQUEST['state'])) {
    103. 

  103. 

  104.     if(check_first_use() == 1) {
    105. 

  105.         // Add tables
    106. 

  106.         require('src/create_tables.php');
    107. 

  107.         set_msg("Welcome to VegaDNS!<br>Please edit your account settings for the initial 'senior_admin'");
    108. 

  108.         header("Location: ".$_SERVER['PHP_SELF']."?".SID."&state=logged_in&mode=users&user_mode=edit_account&cid=1");
    109. 

  109.         exit;
    110. 

  110.     }
    111. 

  111. 

  112.     // MAIN
    113. 

  113. 

  114.     $smarty->display('header.tpl');
    115. 

  115.     $smarty->display('login_screen.tpl');
    116. 

  116.     $smarty->display('footer.tpl');
    117. 

  117.     exit;
    118. 

  118. 

  119. } else if($_REQUEST['state'] == "end") {
    120. 

  120. 

  121.     // CANCEL
    122. 

  122. 

  123.     // End session
    124. 

  124.     $q = "delete from active_sessions where sid='".session_id()."'";
    125. 

  125.     $result = $pdo->query($q) or die(print_r($pdo->errorInfo()));
    126. 

  126.     session_unset();
    127. 

  127.     session_destroy();
    128. 

  128.     header("Location: index.php");
    129. 

  129.     exit;
    130. 

  130. 

  131. } else if($_REQUEST['state'] == "login_screen") {
    132. 

  132. 

  133.     // LOGIN SCREEN
    134. 

  134. 

  135.     $smarty->display('header.tpl');
    136. 

  136.     require('src/login_screen.php');
    137. 

  137.     $smarty->display('footer.tpl');
    138. 

  138.     exit;
    139. 

  139. 

  140. } else if($_REQUEST['state'] == "login") {
    141. 

  141. 

  142.     // LOGIN
    143. 

  143. 

  144.     if(!isset($_REQUEST['mode'])) {
    145. 

  145.         $auth = "FALSE";
    146. 

  146.         if(isset($_REQUEST['email']) && isset($_REQUEST['password'])) {
    147. 

  147.             $auth = authenticate_user($_REQUEST['email'], $_REQUEST['password']);
    148. 

  148.         } else {
    149. 

  149.             set_msg_err("Error: You must supply a username and password");
    150. 

  150.             header("Location: ".$_SERVER['PHP_SELF']."?".SID);
    151. 

  151.             exit;
    152. 

  152.         }
    153. 

  153.         if($auth == "TRUE") {
    154. 

  154.             header("Location: ".$_SERVER['PHP_SELF']."?".SID."&state=logged_in");
    155. 

  155.             exit;
    156. 

  156.         } else {
    157. 

  157.             set_msg_err("Error signing on: incorrect email address or password<p><a href=".$_SERVER['PHP_SELF']."?".SID."&state=help>forgot your password?</a>");
    158. 

  158.             header("Location: ".$_SERVER['PHP_SELF']."?".SID);
    159. 

  159.             exit;
    160. 

  160.         }
    161. 

  161.     } else {
    162. 

  162.         // Make sure they are logged in
    163. 

  163.         $email = verify_session();
    164. 

  164.         if($email == "") {
    165. 

  165.             set_msg_err("Error: you do not appear to be logged in");
    166. 

  166.             header("Location: ".$_SERVER['PHP_SELF']."?".SID);
    167. 

  167.             exit;
    168. 

  168.         } else {
    169. 

  169.             header("Location: ".$_SERVER['PHP_SELF']."?".SID."&state=logged_in");
    170. 

  170.             exit;
    171. 

  171.         }
    172. 

  172. 

  173. 

  174.     }
    175. 

  175. 

  176. } else if($_REQUEST['state'] == "logged_in") {
    177. 

  177.     // SHOW MAIN SCREEN
    178. 

  178. 

  179.     // First make sure they are really logged in!
    180. 

  180.     $email = verify_session();
    181. 

  181.     if($email == "") {
    182. 

  182.         set_msg_err("Error: you do not appear to be logged in.");
    183. 

  183.         header("Location: ".$_SERVER['PHP_SELF']."?".SID);
    184. 

  184.         exit;
    185. 

  185.     } else {
    186. 

  186. 

  187. 

  188.         // Set base url for convenience
    189. 

  189.         $base_url = $_SERVER['PHP_SELF']."?".SID."&state=logged_in";
    190. 

  190.         // Get current account settings
    191. 

  191.         $result = $pdo->query("select * from accounts where Email='$email'")
    192. 

  192.             or die(print_r($pdo->errorInfo()));
    193. 

  193.         $user_info = $result->fetchAll();
    194. 

  194.         $user_info = $user_info[0];
    195. 

  195. 

  196.         // Setup smarty stuff
    197. 

  197.         $smarty->assign('email', $email);
    198. 

  198.         $smarty->assign('state', $_REQUEST['state']);
    199. 

  199.         if(isset($_REQUEST['mode']))
    200. 

  200.             $smarty->assign('mode', $_REQUEST['mode']);
    201. 

  201.         $smarty->assign('base_url', $base_url);
    202. 

  202.         $smarty->assign('logout_url', $_SERVER['PHP_SELF'].'?'.SID.'&state=end');
    203. 

  203.         $smarty->assign('account_type', $user_info['Account_Type']);
    204. 

  204.         $smarty->assign('cid', $user_info['cid']);
    205. 

  205. 

  206. 

  207.         if(!isset($_REQUEST['mode']) || $_REQUEST['mode'] == "main_menu") {
    208. 

  208.             $smarty->display('header.tpl');
    209. 

  209.             $smarty->display('footer.tpl');
    210. 

  210.             exit;
    211. 

  211. 

  212.         } else if($_REQUEST['mode'] == "domains") {
    213. 

  213. 

  214.             // LIST DOMAINS
    215. 

  215. 

  216.             require('src/domains.php');
    217. 

  217.             exit;
    218. 

  218. 

  219.         } else if($_REQUEST['mode'] == "users") {
    220. 

  220. 

  221.             // USERS
    222. 

  222. 

  223.             require('src/users.php');
    224. 

  224.             exit;
    225. 

  225. 

  226.         } else if($_REQUEST['mode'] == "records") {
    227. 

  227. 

  228.             // LIST RECORDS FOR DOMAIN
    229. 

  229. 

  230.             require('src/records.php');
    231. 

  231.             exit;
    232. 

  232. 

  233.         } else if($_REQUEST['mode'] == "default_records") {
    234. 

  234. 

  235.             // LIST DEFAULT RECORDS FOR NEW DOMAINS
    236. 

  236. 

  237.             require('src/default_records.php');
    238. 

  238.             exit;
    239. 

  239. 

  240.         } else if($_REQUEST['mode'] == "dnsquery") {
    241. 

  241. 

  242.             // LIST DEFAULT RECORDS FOR NEW DOMAINS
    243. 

  243. 

  244.             require('src/dnsquery.php');
    245. 

  245.             exit;
    246. 

  246. 

  247.         } else {
    248. 

  248.             die("Error: illegal mode\n");
    249. 

  249.         }
    250. 

  250.     }
    251. 

  251. 

  252. } else if($_REQUEST['state'] == "help") {
    253. 

  253. 

  254.         require('src/help.php');
    255. 

  255.         exit;
    256. 

  256. 

  257. 

  258. }
    259. 

  259. 

  260. 

  261. 

  262. 

  263. ?>
    264. 

  264.