diff -ur --new-file XName-2.0.4/ChangeLog XName/ChangeLog
--- XName-2.0.4/ChangeLog	Thu Jan  1 01:00:00 1970
+++ XName/ChangeLog	Tue Jul 16 16:41:48 2002
@@ -0,0 +1,63 @@
+Version 2.0.1
+-------------
+
+Thu Jun 06 2002 Yann Hirou (hirou@xname.org)
+
+	* initial public release
+
+
+Version 2.0.2
+-------------
+
+Wed Jun 12 2002 Yann Hirou (hirou@xname.org)
+
+	* html/includes/login.php: correct "argument missing"
+		in "new Zone" line 43.
+		bug reported by EspReSso (espresso@magnum.espresso.org)
+
+
+Version 2.0.3
+-------------
+
+Wed Jun 12 2002 Yann Hirou (hirou@xname.org)
+	
+	* delete zone files when deleting zone
+		(modified in html/deletezone.php and bin/delete.pl)
+
+
+Version 2.0.4
+-------------
+
+Wed Jun 12 2002 Yann Hirou (hirou@xname.org)
+
+	* database modification - dns_deleted (zonename,zonetype,userid)
+		to correct bug of persistent zones even if deleted
+
+	* correction of delete.pl to delete slaves files properly
+		bugs reported by EspReSso  (espresso@magnum.espresso.org)
+
+
+Version 2.0.5
+-------------
+
+Tue Jul 16 2002 Yann Hirou (hirou@xname.org)
+
+	* logout bug corrected - idsession was not deleted from dns_session
+		and use of "back" button worked.
+		
+	* integration of patch for register_globals=Off, for php 4.1.0 and upper.
+	  modified to permit register_globals on or off.
+	  
+	* $config->tousersource - email address used as From: in all
+		to-user emails, instead of $config->emailfrom and $config->contactemail
+		bug reported by Simon Kramer (simon@krameronline.ch)
+		
+	* perl script config variables regrouped in one config file
+		config.pl. All binaries paths are configurable
+		
+	* binaries in PHP scripts are all configurable through libs/config.php
+		config->bindig $config->binhost and $config->binnamedcheckzone
+		
+	* backend added - html/backend.php provides basic info for wmXName
+		or other desktop tools: nbZones, nbInfo, nbWarning, nbError for
+		given user.
diff -ur --new-file XName-2.0.4/INSTALL XName/INSTALL
--- XName-2.0.4/INSTALL	Thu Jun  6 00:51:00 2002
+++ XName/INSTALL	Tue Jul 16 18:39:35 2002
@@ -8,6 +8,7 @@
 	in the two first lines
 - run sql code
 	$ mysql -upoweruser -p < sql/creation.sql
+- create mysql user for xname - xnameuser for example
 
 
 XName web interface
@@ -15,10 +16,10 @@
 
 - edit html/libs/config.php
 	change all items accordingly with your site configuration
+	dig named-checkzone host have to be present on your computer.
+	You should have them if you're using Bind.
 - edit html/disclaimer.php
 	change the disclaimer text to your one
-- be sure to have following programs available in your path:
-	dig named-checkzone host
 
 If you want to use your own design instead of XName.org's one,
 simply change each html/*.php file, accordingly 
@@ -34,9 +35,9 @@
 - edit /etc/named.conf, configure general options, suppress eventually 
 everything at the end concerning local zones. 
 You have now a clean named header file. Just copy it into /etc/bind/headers
-or somewhere else (to be configured in bin/generate.pl).
+or somewhere else (to be configured in bin/config.pl).
 
-- edit bin/generate.pl, bin/insertlogs.pl and bin/delete.pl, modify vars.
+- edit bin/config.pl, modify vars.
 
 - modify crontab
 Add in crontab a line for insertlogs.pl, every 10 mn
@@ -49,6 +50,10 @@
 30 *   * * *   root    /home/xname/bin/delete.pl
 35 *    * * *   root    /home/xname/bin/generate.pl
 
+- install Date::Parse perl module
+ $ perl -MCPAN -e shell
+ cpan> install Date::Parse
+
 
 I Want to contribute
 =====================
@@ -57,4 +62,3 @@
 Report any idea to xname@xname.org
 Report any patch to xname@xname.org
 See http://www.xname.org/contribute for further contribution.
-
diff -ur --new-file XName-2.0.4/bin/config.pl XName/bin/config.pl
--- XName-2.0.4/bin/config.pl	Thu Jan  1 01:00:00 1970
+++ XName/bin/config.pl	Fri Jul  5 19:14:17 2002
@@ -0,0 +1,74 @@
+###############################################################
+#	This file is part of XName.org project                    #
+#	See	http://www.xname.org/ for details                     #
+#	                                                          #
+#	License: GPLv2                                            #
+#	See LICENSE file, or http://www.gnu.org/copyleft/gpl.html #
+#	                                                          #
+#	Author(s): Yann Hirou <hirou@xname.org>                   #
+###############################################################
+
+
+
+####################################
+#          SITE variables          #
+####################################
+$SITE_NAME="XName DEMO";
+$SITE_NS="ns0.xname.org";
+
+
+####################################
+#        DATABASE variables        #
+####################################
+$DB_HOST='127.0.0.1';
+$DB_PORT='3306';
+$DB_USER='xnameuser';
+$DB_PASSWORD='password';
+$DB_NAME='xnamedev';
+
+
+####################################
+#          NAMED variables         #
+####################################
+$NAMED_CONF = "/var/chroot/named/etc/named.conf";
+$NAMED_CONF_HEADERS = "/var/chroot/named/etc/named_headers";
+$NAMED_DATA_DIR = "/var/chroot/named/var/named/";
+$NAMED_DATA_CHROOTED_DIR = "/var/named/";
+$NAMED_MASTERS_DIR = "masters/";
+$NAMED_SLAVES_DIR = "slaves/";
+
+
+####################################
+#          EMAIL variables         #
+####################################
+$EMAIL_ADMIN = "demo\@xname.org";
+$EMAIL_FROM = "XName DEMO <demo\@xname.org>";
+$EMAIL_SUBJECT_PREFIX = "[XName.org]";
+$EMAIL_SIGNATURE = "
+-- 
+Xname.org Team
+xname\@xname.org
+";
+
+
+####################################
+#           LOG variables          #
+####################################
+$LOG_FILE='/tmp/xname.log';
+$LOG_PREFIX='XName-';
+$LOG_HOURS_TO_KEEP='6';
+
+
+####################################
+#         SYSTEM variables         #
+####################################
+$SYSLOG_FILE = "/var/log/daemon.log";
+
+
+####################################
+#           Commands               #
+####################################
+$RM_COMMAND = '/bin/rm';
+$RNDC_COMMAND='/usr/local/bin/rndc';
+$CHECKCONF_COMMAND = '/usr/local/sbin/named-checkconf';
+$RELOADALL_COMMAND = '/etc/init.d/named stop && /usr/bin/killall named && /etc/init.d/named start';
diff -ur --new-file XName-2.0.4/bin/delete.pl XName/bin/delete.pl
--- XName-2.0.4/bin/delete.pl	Thu Jun 13 00:02:47 2002
+++ XName/bin/delete.pl	Fri Jul 12 17:47:15 2002
@@ -12,26 +12,13 @@
 
 use DBI;
 
-####################################
-#        DATABASE variables        #
-####################################
-$DB_HOST='127.0.0.1';
-$DB_PORT='3306';
-$DB_USER='xnameuser';
-$DB_PASSWORD='password';
-$DB_NAME='xnamedev';
-
-####################################
-#          NAMED variables         #
-####################################
-$NAMED_DATA_DIR = "/var/chroot/named/var/named/";
-
-####################################
-#           LOG variables          #
-####################################
-$LOG_FILE='/tmp/xname.log';
-$LOG_PREFIX='XName-delete';
+require "config.pl";
 
+$LOG_PREFIX .='delete';
+
+########################################################################
+#         To modify configuration parameters, edit config.pl
+########################################################################
 
 
 ########################################################################
@@ -139,9 +126,9 @@
 
 	# Delete $NAMED_DATA_DIR/masters|slaves
 	if($zonetype eq "P"){
-		$command= "rm $NAMED_DATA_DIR" . "masters/" . $zonename;
+		$command= "$RM_COMMAND $NAMED_DATA_DIR" . $NAMED_MASTERS_DIR . $zonename;
 	}else{
-		$command= "rm $NAMED_DATA_DIR" . "slaves/" . $zonename;
+		$command= "$RM_COMMAND $NAMED_DATA_DIR" . $NAMED_SLAVES_DIR . $zonename;
 	}
 	`$command`;
 	push(@todelete,$zonename);
diff -ur --new-file XName-2.0.4/bin/generate.pl XName/bin/generate.pl
--- XName-2.0.4/bin/generate.pl	Wed Jun  5 19:48:49 2002
+++ XName/bin/generate.pl	Fri Jul 12 17:47:15 2002
@@ -15,52 +15,14 @@
 use GnuPG::Interface;
 use Mail::Sendmail;
 
+require "config.pl";
 
-####################################
-#          SITE variables          #
-####################################
-$SITE_NAME="XName DEMO";
-$SITE_NS="ns0.xname.org";
-
-
-####################################
-#        DATABASE variables        #
-####################################
-$DB_HOST='127.0.0.1';
-$DB_PORT='3306';
-$DB_USER='xnameuser';
-$DB_PASSWORD='password';
-$DB_NAME='xnamedev';
-
-
-####################################
-#          NAMED variables         #
-####################################
-$NAMED_CONF = "/var/chroot/named/etc/named.conf";
-$NAMED_CONF_HEADERS = "/var/chroot/named/etc/named_headers";
-$NAMED_DATA_DIR = "/var/chroot/named/var/named/";
-$NAMED_DATA_CHROOTED_DIR = "/var/named/";
-
-
-####################################
-#          EMAIL variables         #
-####################################
-$EMAIL_ADMIN = "demo\@xname.org";
-$EMAIL_FROM = "XName DEMO <demo\@xname.org>";
-$EMAIL_SUBJECT_PREFIX = "[XName.org]";
-$EMAIL_SIGNATURE = "
--- 
-Xname.org Team
-xname\@xname.org
-";
-
+$LOG_PREFIX .='generate';
 
-####################################
-#           LOG variables          #
-####################################
-$LOG_FILE='/tmp/xname.log';
-$LOG_PREFIX='XName-generate';
 
+########################################################################
+#         To modify configuration parameters, edit config.pl
+########################################################################
 
 
 ########################################################################
@@ -279,8 +241,8 @@
 
 
 	# open file 
-	open(DATA_FILE, ">" . $NAMED_DATA_DIR . "masters/" . $zone ) || 	print LOG $LOG_PREFIX . " : Error
-	opening $NAMED_DATA_DIR masters/ $zone";
+	open(DATA_FILE, ">" . $NAMED_DATA_DIR . $NAMED_MASTERS_DIR . $zone ) || 	print LOG $LOG_PREFIX . " : Error
+	opening $NAMED_DATA_DIR $NAMED_MASTERS_DIR $zone";
 	print DATA_FILE $toprint;
 	close(DATA_FILE);
 }
@@ -339,7 +301,7 @@
 $zone = $ref->{'zone'};
 # reload named for each concerned zone ONLY
 
-`/usr/local/bin/rndc reload $zone`
+`$RNDC_COMMAND reload $zone`
 
 }		
 
@@ -382,7 +344,7 @@
 		
 zone "' . $ref->{'zone'} . '" {
 	type slave;
-	file "' . $NAMED_DATA_CHROOTED_DIR . 'slaves/' . $ref->{'zone'} . '";
+	file "' . $NAMED_DATA_CHROOTED_DIR . $NAMED_MASTERS_DIR . $ref->{'zone'} . '";
 	masters {' . $masters . '; };
 	allow-transfer {' . $xfer. '; };
 };';
@@ -395,7 +357,7 @@
 # reload named for each concerned zone ONLY
 
 
- `/usr/local/bin/rndc reload $zone`
+ `$RNDC_COMMAND reload $zone`
 
 	
 }
@@ -415,7 +377,7 @@
 
 #  check if error. If error, DO NOT RELOAD
 
-@result = `/usr/local/sbin/named-checkconf $NAMED_CONF`;
+@result = `$CHECKCONF_COMMAND $NAMED_CONF`;
 $error = 0;
 foreach(@result){
 	if(/error/){
@@ -440,9 +402,7 @@
 
 }else{
 	# reload
-	`/etc/init.d/named stop`;
-	`/usr/bin/killall named`;
-	`/etc/init.d/named start`;
+	`$RELOADALL_COMMAND`;
 }
 
 # *********************************************************
diff -ur --new-file XName-2.0.4/bin/insertlogs.pl XName/bin/insertlogs.pl
--- XName-2.0.4/bin/insertlogs.pl	Wed Jun  5 19:43:58 2002
+++ XName/bin/insertlogs.pl	Fri Jul 12 17:47:15 2002
@@ -14,30 +14,16 @@
 use Time::localtime;
 use Date::Parse;
 
+require "config.pl";
 
-####################################
-#        DATABASE variables        #
-####################################
-$DB_HOST='127.0.0.1';
-$DB_PORT='3306';
-$DB_USER='xnameuser';
-$DB_PASSWORD='password';
-$DB_NAME='xnamedev';
-
-####################################
-#           LOG variables          #
-####################################
-$LOG_FILE='/tmp/xname.log';
-$LOG_PREFIX='XName-insertlogs';
-
-
-####################################
-#         SYSTEM variables         #
-####################################
-$SYSLOG_FILE = "/var/log/daemon.log";
+$LOG_PREFIX .= "insertlogs";
 
 
 ########################################################################
+#         To modify configuration parameters, edit config.pl
+########################################################################
+
+########################################################################
 # STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOPS STOP STOP
 #
 # Do not edit anything below this line           
@@ -121,6 +107,13 @@
 # if no line is read, don't save last read line !
 $readline = 0;
 
+$protectednameddir= $NAMED_DATA_CHROOTED_DIR;
+$protectednameddir =~ s/\//\\\//g;
+$protectedmastersdir = $NAMED_MASTERS_DIR;
+$protectedmastersdir =~ s/\//\\\//g;
+$protectedmastersdir = $NAMED_SLAVES_DIR;
+$protectedslavesdir =~ s/\//\\\//g;
+
 while(<FILE>){
 	$readline++;
 	$line = $_;
@@ -142,8 +135,9 @@
 		if($content =~ /\s('|)([^\/\s]+)\/IN/){
 			$zonename = $2;
 		}else{
-		
-			if($content =~ /\/var\/named\/(masters|slaves)\/([^:]+):/){
+			
+			if($content =~
+			/$protectednameddir($protectedmastersdir|$protectedslavesdir)([^:]+):/){
 				$zonename = $2;
 			}else{	
 				print LOG $LOG_PREFIX . " : Not matching : $content\n";
@@ -253,7 +247,7 @@
 }
 
 
-deleteOldLogs(60*6);
+deleteOldLogs(60*$LOG_HOURS_TO_KEEP);
 
 
 
diff -ur --new-file XName-2.0.4/html/backend.php XName/html/backend.php
--- XName-2.0.4/html/backend.php	Thu Jan  1 01:00:00 1970
+++ XName/html/backend.php	Tue Jul 16 15:49:02 2002
@@ -0,0 +1,83 @@
+<?
+require "libs/xname.php";
+
+$config = new Config();
+
+// protect variables for db usage
+if((isset($_REQUEST)){
+	if(isset($_REQUEST['idsession'])){
+		$idsession=$_REQUEST['idsession'];
+	}
+	if(isset($_REQUEST['login'])){
+		$login=$_REQUEST['login'];
+	}
+	if(isset($_REQUEST['password'])){
+		$password=$_REQUEST['password'];
+	}
+}
+
+if(isset($idsession)){
+	$idsession=addslashes($idsession);
+}
+if(isset($login)){
+	$login=addslashes($login);
+}
+if(isset($password)){
+	$password=addslashes($password);
+}
+
+
+$db = new Db($config);
+
+$user = new User($db,$login,$password,$idsession);
+
+if(!notnull($idsession)){
+	$idsession=$user->idsession;
+}
+
+if($logout){
+	$user->logout($idsession);
+}
+
+if(!$user->error && $user->authenticated==1){
+	$allzones = $user->listallzones();
+	if(!notnull($user->error)){
+		$numberofzones = count($allzones);
+		// print number of zones
+		print "NbZones: $numberofzones\n";
+		$Izones = 0;
+		$Wzones = 0;
+		$Ezones = 0;
+		while($otherzone= array_pop($allzones)){
+			$newzone = new Zone($db,$otherzone[0],$otherzone[1]);
+			$status = $newzone->zonestatus();
+			switch($status) {
+				case 'I':
+					$Izones++;
+					break;
+				case 'W':
+					$Wzones++;
+					break;
+				case 'E':
+					$Ezones++;
+					break;
+			}
+		}
+
+
+	// print number of I zones
+	print "NbI: $Izones\n";
+	// print number of W zones
+	print "NbW: $Wzones\n";	
+	// print number of E zones
+	print "NbE: $Ezones\n";
+
+	}else{
+		print "ERROR User";
+	}
+
+}else{
+	print "ERROR login - $login & $password";
+}
+
+?>
diff -ur --new-file XName-2.0.4/html/createuser.php XName/html/createuser.php
--- XName-2.0.4/html/createuser.php	Wed Jun  5 18:11:04 2002
+++ XName/html/createuser.php	Tue Jul 16 14:50:01 2002
@@ -19,17 +19,32 @@
 include 'includes/header.php';
 
 
+if(isset($_REQUEST) && isset($_REQUEST['loginnew'])){
+	$loginnew=$_REQUEST['loginnew'];
+}
 if(isset($loginnew)){
-	$loginnew=addslashes($loginnew);
+	$loginnew = addslashes($loginnew);
+}
+
+if(isset($_REQUEST) && isset($_REQUEST['passwordnew'])){
+	$passwordnew=$_REQUEST['passwordnew'];
 }
 if(isset($passwordnew)){
-	$passwordnew=addslashes($passwordnew);
+	$passwordnew = addslashes($passwordnew);
+}
+
+if(isset($_REQUEST) && isset($_REQUEST['confirmpasswordnew'])){
+	$confirmpasswordnew=$_REQUEST['confirmpasswordnew'];
 }
 if(isset($confirmpasswordnew)){
-	$confirmpasswordnew=addslashes($confirmpasswordnew);
+	$confirmpasswordnew = addslashes($confirmpasswordnew);
+}
+
+if(isset($_REQUEST) && isset($_REQUEST['email'])){
+	$email=$_REQUEST['email'];
 }
 if(isset($email)){
-	$email=addslashes($email);
+	$email = addslashes($email);
 }
 
 // zone numbers
@@ -99,8 +114,10 @@
 	if(!notnull($email)){
 		$missing .= ' email,';
 	}
-	if($ihaveread != 1){
-		$missing .= ' I have read the disclaimer,';
+	if((isset($_REQUEST) && $_REQUEST['ihaveread'] != 1) || (!isset($_REQUEST)
+	&& $ihaveread != 1)){
+			$missing .= ' I have read the disclaimer,';
+		}
 	}
 	
 	if(notnull($missing)){
diff -ur --new-file XName-2.0.4/html/createzone.php XName/html/createzone.php
--- XName-2.0.4/html/createzone.php	Wed Jun  5 18:09:28 2002
+++ XName/html/createzone.php	Tue Jul 16 14:50:01 2002
@@ -40,7 +40,8 @@
 	$content = 'you must log in before creating new zone.
 	';
 }else{
-	if(!isset($zonenamenew)){
+	if((isset($_REQUEST) && !isset($_REQUEST['zonenamenew'])) ||
+		(!isset($_REQUEST) && !isset($zonenamenew))){
 	$content ='
 <form action="' . $PHP_SELF . '" method="post">
 			<input type="hidden" name="idsession" value="' . $user->idsession .
@@ -59,6 +60,10 @@
 ';
 	}else{
 	// $zonenamenew is set
+		if(isset($_REQUEST)){
+			$zonenamenew = $_REQUEST['zonenamenew'];
+			$zonetypenew = $_REQUEST['zonetypenew'];
+		}
 		$content = "";
 		$error = 0;
 		$missing = "";
diff -ur --new-file XName-2.0.4/html/deletezone.php XName/html/deletezone.php
--- XName-2.0.4/html/deletezone.php	Thu Jun 13 00:02:47 2002
+++ XName/html/deletezone.php	Tue Jul 16 14:50:01 2002
@@ -19,8 +19,15 @@
 include 'includes/header.php';
 
 
+if(isset($_REQUEST) && isset($_REQUEST['zonename'])){
+	$zonename=$_REQUEST['zonename'];
+}
 if(isset($zonename)){
-	$zonename=addslashes($zonename);
+	$zonename = addslashes($zonename);
+}
+
+if(isset($_REQUEST) && isset($_REQUEST['zonetype'])){
+	$zonetype=$_REQUEST['zonetype'];
 }
 if(isset($zonetype)){
 	$zonetype=addslashes($zonetype);
@@ -85,7 +92,8 @@
 				$content .= ') is not owned by you.</font>';
 			}else{
 
-				if(!isset($confirm)){
+				if((isset($_REQUEST) && !isset($_REQUEST['confirm'])) ||
+					(!isset($_REQUEST) && !isset($confirm))){
 				// ==> print confirm screen
 					$content = '
 					<div class="boxheader">Confirmation</div>
diff -ur --new-file XName-2.0.4/html/digwindow.php XName/html/digwindow.php
--- XName-2.0.4/html/digwindow.php	Wed Jun  5 18:12:55 2002
+++ XName/html/digwindow.php	Tue Jul 16 14:50:01 2002
@@ -24,14 +24,25 @@
 
 
 // protect variables for db usage
+if(isset($_REQUEST) && isset($_REQUEST['idsession'])){
+	$idsession=$_REQUEST['idsession'];
+}
 if(isset($idsession)){
 	$idsession=addslashes($idsession);
 }
+
+if(isset($_REQUEST) && isset($_REQUEST['login'])){
+	$login=$_REQUEST['login'];
+}
 if(isset($login)){
-	$login=addslashes($login);
+	$login = addslashes($login);
+}
+
+if(isset($_REQUEST) && isset($_REQUEST['password'])){
+	$password=$_REQUEST['password'];
 }
 if(isset($password)){
-	$password=addslashes($password);
+	$password = addslashes($password);
 }
 
 $db = new Db($config);
@@ -42,7 +53,8 @@
 	$idsession=$user->idsession;
 }
 
-if($logout){
+if((isset($_REQUEST) && $_REQUEST['logout']) ||
+	(!isset($_REQUEST) && $logout == 1)){
 	$user->logout($idsession);
 }
 
@@ -57,9 +69,11 @@
 }
 
 if($user->authenticated==1){
-	$zonename = addslashes($zonename);
-	$zonetype = addslashes($zonetype);
-	$server = addslashes($server);
+	if(isset($_REQUEST)){
+		$zonename = $REQUEST['zonename'];
+		$zonetype = $REQUEST['zonetype'];
+		$server = $REQUEST['server'];		
+	}
 	$zone = new Zone($db,$zonename,$zonetype,$config);
 	if($zone->error){
 	print "<font color=\"red\">" . $user->error . "</font>\n";
diff -ur --new-file XName-2.0.4/html/includes/header.php XName/html/includes/header.php
--- XName-2.0.4/html/includes/header.php	Tue Jun  4 22:55:18 2002
+++ XName/html/includes/header.php	Tue Jul 16 14:50:01 2002
@@ -7,18 +7,28 @@
 
 print $html->header('Free DNS Hosting Service');
 
-
 // protect variables for db usage
-if(isset($idsession)){
-	$idsession=addslashes($idsession);
-}
-if(isset($login)){
-	$login=addslashes($login);
+if(isset($_REQUEST)){
+	if(isset($_GET['idsession'])){
+		$idsession=addslashes($_GET['idsession']);
+	}
+	if(isset($_REQUEST['login'])){
+		$login=addslashes($_REQUEST['login']);
+	}
+	if(isset($_REQUEST['password'])){
+		$password=addslashes($_REQUEST['password']);
+	}
+}else{
+	if(isset($idsession)){
+		$idsession=addslashes($idsession);
+	}
+	if(isset($login)){
+		$login=addslashes($login);
+	}
+	if(isset($password)){
+		$password=addslashes($password);
+	}
 }
-if(isset($password)){
-	$password=addslashes($password);
-}
-
 $db = new Db($config);
 
 $user = new User($db,$login,$password,$idsession);
@@ -27,7 +37,7 @@
 	$idsession=$user->idsession;
 }
 
-if($logout){
+if($_REQUEST['logout'] || $logout){
 	$user->logout($idsession);
 }
 
diff -ur --new-file XName-2.0.4/html/includes/login.php XName/html/includes/login.php
--- XName-2.0.4/html/includes/login.php	Wed Jun 12 12:21:54 2002
+++ XName/html/includes/login.php	Tue Jul 16 14:50:01 2002
@@ -30,7 +30,7 @@
 	$content = '<div align="center">
 	<a href="user.php' . $link . '" class="linkcolor">Change 
 	your preferences</a><p />
-	<a href="?logout=1">Logout</a>
+	<a href="index.php' . $link . '&logout=1">Logout</a>
 	</div>
 	';
 	
diff -ur --new-file XName-2.0.4/html/libs/config.php XName/html/libs/config.php
--- XName-2.0.4/html/libs/config.php	Wed Jun  5 17:47:21 2002
+++ XName/html/libs/config.php	Tue Jul 16 18:32:10 2002
@@ -29,7 +29,8 @@
 		$this->sitename = 'XName Demo site';
 		$this->domainname = 'dev.xname.org';
 		$this->mainurl = 'http://dev.xname.org/';
-		$this->contactemail = 'demo@xname.org';
+		$this->contactemail = 'demo@xname.org'; // used on web pages
+		$this->tousersource = 'webserver@xname.org'; // used in to-user emails
 		$this->emailsignature = 'XName DEMO team';
 		$this->cssurl = "style/xname.css";
 		// emailfrom & emailto are used when an error
@@ -47,6 +48,10 @@
 		// your NS parameters
 		$this->nsname = 'ns0.xname.org';
 		$this->nsaddress = '213.11.111.252';
+		// bin paths
+		$this->bindig = '/bin/dig';
+		$this->binhost = '/bin/host';
+		$this->binnamedcheckzone = '/bin/named-checkzone';
 		return $this;
 	}
 }
diff -ur --new-file XName-2.0.4/html/libs/xname.php XName/html/libs/xname.php
--- XName-2.0.4/html/libs/xname.php	Wed Jun  5 18:21:33 2002
+++ XName/html/libs/xname.php	Tue Jul 16 14:50:01 2002
@@ -18,6 +18,7 @@
 include 'libs/primary.php';
 include 'libs/secondary.php';
 
+
 // **********************************************************
 // Utilities 
 
@@ -323,6 +324,11 @@
  */
 function checkDig($server,$zone){
 
+	// quite awful...
+//	if(!isset($config)){
+//		$config = new Config();
+//	}
+	
 	$result = `/bin/dig soa '$zone' @'$server'`;	
 
 	// check if status:*
diff -ur --new-file XName-2.0.4/html/logwindow.php XName/html/logwindow.php
--- XName-2.0.4/html/logwindow.php	Wed Jun  5 18:17:03 2002
+++ XName/html/logwindow.php	Tue Jul 16 14:50:01 2002
@@ -25,14 +25,25 @@
 
 
 // protect variables for db usage
+if(isset($_REQUEST) && isset($_REQUEST['idsession'])){
+	$idsession=$_REQUEST['idsession'];
+}
 if(isset($idsession)){
-	$idsession=addslashes($idsession);
+	$idsession = addslashes($idsession);
+}
+
+if(isset($_REQUEST) && isset($_REQUEST['login'])){
+	$login=$_REQUEST['login'];
 }
 if(isset($login)){
-	$login=addslashes($login);
+	$login = addslashes($login);
+}
+
+if(isset($_REQUEST) && isset($_REQUEST['password'])){
+	$password=$_REQUEST['password'];
 }
 if(isset($password)){
-	$password=addslashes($password);
+	$password = addslashes($password);
 }
 
 $db = new Db($config);
@@ -43,7 +54,8 @@
 	$idsession=$user->idsession;
 }
 
-if($logout){
+if((isset($_REQUEST) && $_REQUEST['logout']) ||
+	(!isset($_REQUEST) && $logout == 1)){
 	$user->logout($idsession);
 }
 
@@ -58,6 +70,10 @@
 }
 
 if($user->authenticated==1){
+	if(isset($_REQUEST)){
+		$zonename = $REQUEST['zonename'];
+		$zonetype = $REQUEST['zonetype'];
+	}
 	$zonename = addslashes($zonename);
 	$zonetype = addslashes($zonetype);
 	$zone = new Zone($db,$zonename,$zonetype,$config);
diff -ur --new-file XName-2.0.4/html/modify.php XName/html/modify.php
--- XName-2.0.4/html/modify.php	Wed Jun  5 18:18:09 2002
+++ XName/html/modify.php	Tue Jul 16 14:50:01 2002
@@ -37,9 +37,13 @@
 
 if($user->authenticated==1){
 
+	if(isset($_REQUEST) && isset($_REQUEST['zonename'])){
+		$zonename=$_REQUEST['zonename'];
+		$zonetype=$_REQUEST['zonetype'];
+	}
 	if(notnull($zonename)){
-		$zonename=addslashes($zonename);
-		$zonetype=addslashes($zonetype);
+		$zonename = addslashes($zonename);
+		$zonetype = addslashes($zonetype);
 		$zone = new Zone($db,$zonename,$zonetype,$config);
 		if($zone->error){
 			print "Error: " . $zone->error;
@@ -61,16 +65,28 @@
 
 				if($zone->zonetype=='P'){
 					$title .= ' Primary';
+					if(isset($_REQUEST)){
+						$azone = $_REQUEST['azone'];
+						$xferip = $_REQUEST['xferip'];
+					}
 					$azone=addslashes($azone);
 					$xferip=addslashes($xferip);
-
-					$params=array($HTTP_POST_VARS,$azone,$xferip);
+					if(isset($_REQUEST)){
+						$params=array($_REQUEST,$azone,$xferip);
+					}else{
+						$params=array($HTTP_POST_VARS,$azone,$xferip);
+					}
 					$currentzone = new
 				
 Primary($db,$zone->zonename,$zone->zonetype,$user,$config);
 				}else{
 					if($zone->zonetype=='S'){
 						$title .= ' Secondary';
+						if(isset($_REQUEST)){
+							$primary = $_REQUEST['primary'];
+							$xfer = $_REQUEST['xfer'];
+							$xferip = $_REQUEST['xferip'];
+						}
 						$primary=addslashes($primary);
 						$xfer=addslashes($xfer);
 						$xferip=addslashes($xferip);
@@ -79,7 +95,9 @@
 Secondary($db,$zone->zonename,$zone->zonetype,$user,$config);
 					}
 				}
-	
+				if(isset($_REQUEST)){
+					$modified = $_REQUEST['modified'];
+				}
 				if($modified == 1){
 					$content = $currentzone->printModified($params);
 				}else{
diff -ur --new-file XName-2.0.4/html/password.php XName/html/password.php
--- XName-2.0.4/html/password.php	Wed Jun  5 18:19:06 2002
+++ XName/html/password.php	Tue Jul 16 14:50:01 2002
@@ -31,7 +31,8 @@
 // main content
 
 $title = "Password recovery";
-if(!isset($id) && !isset($account)){
+if((isset($_REQUEST) && !isset($_REQUEST['id']) && !isset($_REQUEST['account']))
+	|| (!isset($_REQUEST) && !isset($id) && !isset($account))){
 	$content = '
 	You have lost your password ? <br />
 	Fill in the following field, and an email will be sent to you,
@@ -49,18 +50,29 @@
 	</table>
 	</form>';
 }else{
-	if(notnull($account) || notnull($zonename)){
+	if((isset($_REQUEST) && (notnull($_REQUEST['account']) || 
+		notnull($_REQUEST['zonename']))) || 
+		(!isset($_REQUEST) && (notnull($account) || notnull($zonename)))){
 		$error = 0;
-		$content = '';		
-		if(notnull($zonename)){
+		$content = '';
+		if((isset($_REQUEST) && notnull($_REQUEST['zonename'])) ||
+			(!isset($_REQUEST) && notnull($zonename))){
+			if(isset($_REQUEST)){
+				$zonename = $_REQUEST['zonename'];
+			}
 			$zonename = addslashes($zonename);
-			if(!notnull($zonetype)){
+			
+			if((isset($_REQUEST) && !notnull($_REQUEST['zonetype'])) ||
+				(!isset($_REQUEST) && !notnull($zonetype))){
 				$content = '<font color="red">Error: you did not specify
 				zone type</font>';
 				$error = 1;
 			}else{
+				if(isset($_REQUEST)){
+					$zonetype = $_REQUEST['zonetype'];
+				}
 				$zonetype=addslashes($zonetype);
-				$zone=new Zone($db,$zonename,$zonetype);
+				$zone=new Zone($db,$zonename,$zonetype,$config);
 				if(notnull($zone->error)){
 					$content = '<font color="red">Error: ' . $zone->error;
 					$error=1;
@@ -70,7 +82,11 @@
 				}
 			}
 		}else{
-			if(notnull($account)){
+			if((isset($_REQUEST) && notnull($_REQUEST['account'])) ||
+				(!isset($_REQUEST) && notnull($account))){
+				if(isset($_REQUEST)){
+					$account = $_REQUEST['account'];
+				}
 				$account = addslashes($account);
 				if(!$user->Exists($account)){
 					$error = 1;
@@ -110,7 +126,7 @@
 						/>';
 						$content .= 'Recovery mail not sent.';	
 					}else{
-						if(mailer($config->contactemail,$email,
+						if(mailer($config->tousersource,$email,
 						$config->sitename . " password recovery","",$mailbody)){
 							$content .= '
 							Recorvery mail was successfully sent to your
@@ -133,7 +149,11 @@
 		}
 		
 	}else{
-		if(isset($id)){
+		if((isset($_REQUEST) && isset($_REQUEST['id'])) ||
+			(!isset($_REQUEST) && isset($id))){
+				if(isset($_REQUEST)){
+					$id = $_REQUEST['id'];
+				}
 				$id=addslashes($id);
 				if($user->validateIDRecovery($id)){
 					// id OK, validate
@@ -152,14 +172,23 @@
 					URL';
 				}
 		}else{
-			if(notnull($zonename)){
+			if((isset($_REQUEST) && notnull($_REQUEST['zonename'])) ||
+				(!isset($_REQUEST) && notnull($zonename))){
+				if(isset($_REQUEST)){
+					$zonename = $_REQUEST['zonename'];
+				}
 				$zonename = addslashes($zonename);
-				if(!notnull($zonetype)){
+				
+				if((isset($_REQUEST) && !notnull($_REQUEST['zonetype'])) || 
+					(!isset($_REQUEST) && !notnull($zonetype))){
 					$content = '<font color="red">Error: you did not specify
 					zone type</font>';
 					$error = 1;
 				}else{
-					$zonetype=addslashes($zonetype);
+					if(isset($_REQUEST)){
+						$zonetype=$_REQUEST['zonetype'];
+					}
+					$zonetype = addslashes($zonetype);
 					$zone=new Zone($db,$zonename,$zonetype);
 					if(notnull($zone->error)){
 						$content = '<font color="red">Error: ' . $zone->error;
diff -ur --new-file XName-2.0.4/html/user.php XName/html/user.php
--- XName-2.0.4/html/user.php	Wed Jun  5 18:20:01 2002
+++ XName/html/user.php	Tue Jul 16 14:50:01 2002
@@ -37,7 +37,8 @@
 }else{
 	// print login, email, change password
 	// valid or not
-	if(!$modify){
+	if((isset($_REQUEST) && !$_REQUEST['modify']) ||
+		(!isset($_REQUEST) && !$modify)){
 		$content = '
 		<form action="' . $PHP_SELF . '" method="post">
 		<input type="hidden" name="modify" value="1">
@@ -68,7 +69,11 @@
 	}else{
 		$content = "";
 		// check if newlogin already exists or not
-		if(notnull($newlogin)){
+		if((isset($_REQUEST) && notnull($_REQUEST['newlogin'])) ||
+			(!isset($_REQUEST) && notnull($newlogin))){
+			if(isset($_REQUEST)){
+				$newlogin = $_REQUEST['newlogin'];
+			}
 			$newlogin=addslashes($newlogin);
 			$content .= 'Changing your login name... ';
 			if(!checkName($newlogin)){
@@ -93,6 +98,9 @@
 		// check if mail modified or not
 		// if modified ==> valid=0
 		// password
+		if(isset($_REQUEST)){
+			$email = $_REQUEST['email'];
+		}
 		if($email != $user->Retrievemail()){
 			// mail modified
 			// check & warn if bad
@@ -149,7 +157,7 @@
 						$content .= $user->error;
 					}else{
 				
-						if(mailer($config->emailfrom,$email, $config->sitename .
+						if(mailer($config->tousersource,$email, $config->sitename .
 						" email validation","",$mailbody)){
 
 							$content .= 'OK. <p />A mail was succesfully sent to you, to validate your
@@ -171,12 +179,20 @@
 		}
 		
 		if(!$error){
-			if($oldpass){
+			if((isset($_REQUEST) && $_REQUEST['oldpass']) ||
+				(!isset($_REQUEST) && $oldpass)){
 				$content .= 'Modifying password... ';
 				// check if old = current
+				if(isset($_REQUEST)){
+					$oldpass = $_REQUEST['oldpass'];
+				}
 				$oldpass = addslashes($oldpass);
 				if($oldpass == $user->Retrievepassword()){
 					// check if new = confirmnew
+					if(isset($_REQUEST)){
+						$passnew = $_REQUEST['passnew'];
+						$confirmpassnew = $_REQUEST['confirmpassnew'];
+					}
 					if($passnew != $confirmpassnew){
 						$error = 1;
 						$content .= '<font color="red">Error: new passwords do not
diff -ur --new-file XName-2.0.4/html/validate.php XName/html/validate.php
--- XName-2.0.4/html/validate.php	Wed Jun  5 18:20:50 2002
+++ XName/html/validate.php	Tue Jul 16 14:50:01 2002
@@ -24,7 +24,11 @@
 
 $title = 'Email validation';
 
-if(notnull($id)){
+if((isset($_REQUEST) && notnull($_REQUEST['id'])) || 
+	(!isset($_REQUEST) && notnull($id))){
+	if(isset($_REQUEST)){
+		$id = $_REQUEST['id'];
+	}
 	if($user->validateIDEmail($id)){
 	
 		$content = 'Your email is now flagged as valid.<br />
