diff -ur --new-file XName-2.0.4/ChangeLog XName/ChangeLog --- XName-2.0.4/ChangeLog Thu Jan 1 01:00:00 1970 +++ XName/ChangeLog Tue Jul 16 16:41:48 2002 @@ -0,0 +1,63 @@ +Version 2.0.1 +------------- + +Thu Jun 06 2002 Yann Hirou (hirou@xname.org) + + * initial public release + + +Version 2.0.2 +------------- + +Wed Jun 12 2002 Yann Hirou (hirou@xname.org) + + * html/includes/login.php: correct "argument missing" + in "new Zone" line 43. + bug reported by EspReSso (espresso@magnum.espresso.org) + + +Version 2.0.3 +------------- + +Wed Jun 12 2002 Yann Hirou (hirou@xname.org) + + * delete zone files when deleting zone + (modified in html/deletezone.php and bin/delete.pl) + + +Version 2.0.4 +------------- + +Wed Jun 12 2002 Yann Hirou (hirou@xname.org) + + * database modification - dns_deleted (zonename,zonetype,userid) + to correct bug of persistent zones even if deleted + + * correction of delete.pl to delete slaves files properly + bugs reported by EspReSso (espresso@magnum.espresso.org) + + +Version 2.0.5 +------------- + +Tue Jul 16 2002 Yann Hirou (hirou@xname.org) + + * logout bug corrected - idsession was not deleted from dns_session + and use of "back" button worked. + + * integration of patch for register_globals=Off, for php 4.1.0 and upper. + modified to permit register_globals on or off. + + * $config->tousersource - email address used as From: in all + to-user emails, instead of $config->emailfrom and $config->contactemail + bug reported by Simon Kramer (simon@krameronline.ch) + + * perl script config variables regrouped in one config file + config.pl. All binaries paths are configurable + + * binaries in PHP scripts are all configurable through libs/config.php + config->bindig $config->binhost and $config->binnamedcheckzone + + * backend added - html/backend.php provides basic info for wmXName + or other desktop tools: nbZones, nbInfo, nbWarning, nbError for + given user. diff -ur --new-file XName-2.0.4/INSTALL XName/INSTALL --- XName-2.0.4/INSTALL Thu Jun 6 00:51:00 2002 +++ XName/INSTALL Tue Jul 16 18:39:35 2002 @@ -8,6 +8,7 @@ in the two first lines - run sql code $ mysql -upoweruser -p < sql/creation.sql +- create mysql user for xname - xnameuser for example XName web interface @@ -15,10 +16,10 @@ - edit html/libs/config.php change all items accordingly with your site configuration + dig named-checkzone host have to be present on your computer. + You should have them if you're using Bind. - edit html/disclaimer.php change the disclaimer text to your one -- be sure to have following programs available in your path: - dig named-checkzone host If you want to use your own design instead of XName.org's one, simply change each html/*.php file, accordingly @@ -34,9 +35,9 @@ - edit /etc/named.conf, configure general options, suppress eventually everything at the end concerning local zones. You have now a clean named header file. Just copy it into /etc/bind/headers -or somewhere else (to be configured in bin/generate.pl). +or somewhere else (to be configured in bin/config.pl). -- edit bin/generate.pl, bin/insertlogs.pl and bin/delete.pl, modify vars. +- edit bin/config.pl, modify vars. - modify crontab Add in crontab a line for insertlogs.pl, every 10 mn @@ -49,6 +50,10 @@ 30 * * * * root /home/xname/bin/delete.pl 35 * * * * root /home/xname/bin/generate.pl +- install Date::Parse perl module + $ perl -MCPAN -e shell + cpan> install Date::Parse + I Want to contribute ===================== @@ -57,4 +62,3 @@ Report any idea to xname@xname.org Report any patch to xname@xname.org See http://www.xname.org/contribute for further contribution. - diff -ur --new-file XName-2.0.4/bin/config.pl XName/bin/config.pl --- XName-2.0.4/bin/config.pl Thu Jan 1 01:00:00 1970 +++ XName/bin/config.pl Fri Jul 5 19:14:17 2002 @@ -0,0 +1,74 @@ +############################################################### +# This file is part of XName.org project # +# See http://www.xname.org/ for details # +# # +# License: GPLv2 # +# See LICENSE file, or http://www.gnu.org/copyleft/gpl.html # +# # +# Author(s): Yann Hirou # +############################################################### + + + +#################################### +# SITE variables # +#################################### +$SITE_NAME="XName DEMO"; +$SITE_NS="ns0.xname.org"; + + +#################################### +# DATABASE variables # +#################################### +$DB_HOST='127.0.0.1'; +$DB_PORT='3306'; +$DB_USER='xnameuser'; +$DB_PASSWORD='password'; +$DB_NAME='xnamedev'; + + +#################################### +# NAMED variables # +#################################### +$NAMED_CONF = "/var/chroot/named/etc/named.conf"; +$NAMED_CONF_HEADERS = "/var/chroot/named/etc/named_headers"; +$NAMED_DATA_DIR = "/var/chroot/named/var/named/"; +$NAMED_DATA_CHROOTED_DIR = "/var/named/"; +$NAMED_MASTERS_DIR = "masters/"; +$NAMED_SLAVES_DIR = "slaves/"; + + +#################################### +# EMAIL variables # +#################################### +$EMAIL_ADMIN = "demo\@xname.org"; +$EMAIL_FROM = "XName DEMO "; +$EMAIL_SUBJECT_PREFIX = "[XName.org]"; +$EMAIL_SIGNATURE = " +-- +Xname.org Team +xname\@xname.org +"; + + +#################################### +# LOG variables # +#################################### +$LOG_FILE='/tmp/xname.log'; +$LOG_PREFIX='XName-'; +$LOG_HOURS_TO_KEEP='6'; + + +#################################### +# SYSTEM variables # +#################################### +$SYSLOG_FILE = "/var/log/daemon.log"; + + +#################################### +# Commands # +#################################### +$RM_COMMAND = '/bin/rm'; +$RNDC_COMMAND='/usr/local/bin/rndc'; +$CHECKCONF_COMMAND = '/usr/local/sbin/named-checkconf'; +$RELOADALL_COMMAND = '/etc/init.d/named stop && /usr/bin/killall named && /etc/init.d/named start'; diff -ur --new-file XName-2.0.4/bin/delete.pl XName/bin/delete.pl --- XName-2.0.4/bin/delete.pl Thu Jun 13 00:02:47 2002 +++ XName/bin/delete.pl Fri Jul 12 17:47:15 2002 @@ -12,26 +12,13 @@ use DBI; -#################################### -# DATABASE variables # -#################################### -$DB_HOST='127.0.0.1'; -$DB_PORT='3306'; -$DB_USER='xnameuser'; -$DB_PASSWORD='password'; -$DB_NAME='xnamedev'; - -#################################### -# NAMED variables # -#################################### -$NAMED_DATA_DIR = "/var/chroot/named/var/named/"; - -#################################### -# LOG variables # -#################################### -$LOG_FILE='/tmp/xname.log'; -$LOG_PREFIX='XName-delete'; +require "config.pl"; +$LOG_PREFIX .='delete'; + +######################################################################## +# To modify configuration parameters, edit config.pl +######################################################################## ######################################################################## @@ -139,9 +126,9 @@ # Delete $NAMED_DATA_DIR/masters|slaves if($zonetype eq "P"){ - $command= "rm $NAMED_DATA_DIR" . "masters/" . $zonename; + $command= "$RM_COMMAND $NAMED_DATA_DIR" . $NAMED_MASTERS_DIR . $zonename; }else{ - $command= "rm $NAMED_DATA_DIR" . "slaves/" . $zonename; + $command= "$RM_COMMAND $NAMED_DATA_DIR" . $NAMED_SLAVES_DIR . $zonename; } `$command`; push(@todelete,$zonename); diff -ur --new-file XName-2.0.4/bin/generate.pl XName/bin/generate.pl --- XName-2.0.4/bin/generate.pl Wed Jun 5 19:48:49 2002 +++ XName/bin/generate.pl Fri Jul 12 17:47:15 2002 @@ -15,52 +15,14 @@ use GnuPG::Interface; use Mail::Sendmail; +require "config.pl"; -#################################### -# SITE variables # -#################################### -$SITE_NAME="XName DEMO"; -$SITE_NS="ns0.xname.org"; - - -#################################### -# DATABASE variables # -#################################### -$DB_HOST='127.0.0.1'; -$DB_PORT='3306'; -$DB_USER='xnameuser'; -$DB_PASSWORD='password'; -$DB_NAME='xnamedev'; - - -#################################### -# NAMED variables # -#################################### -$NAMED_CONF = "/var/chroot/named/etc/named.conf"; -$NAMED_CONF_HEADERS = "/var/chroot/named/etc/named_headers"; -$NAMED_DATA_DIR = "/var/chroot/named/var/named/"; -$NAMED_DATA_CHROOTED_DIR = "/var/named/"; - - -#################################### -# EMAIL variables # -#################################### -$EMAIL_ADMIN = "demo\@xname.org"; -$EMAIL_FROM = "XName DEMO "; -$EMAIL_SUBJECT_PREFIX = "[XName.org]"; -$EMAIL_SIGNATURE = " --- -Xname.org Team -xname\@xname.org -"; - +$LOG_PREFIX .='generate'; -#################################### -# LOG variables # -#################################### -$LOG_FILE='/tmp/xname.log'; -$LOG_PREFIX='XName-generate'; +######################################################################## +# To modify configuration parameters, edit config.pl +######################################################################## ######################################################################## @@ -279,8 +241,8 @@ # open file - open(DATA_FILE, ">" . $NAMED_DATA_DIR . "masters/" . $zone ) || print LOG $LOG_PREFIX . " : Error - opening $NAMED_DATA_DIR masters/ $zone"; + open(DATA_FILE, ">" . $NAMED_DATA_DIR . $NAMED_MASTERS_DIR . $zone ) || print LOG $LOG_PREFIX . " : Error + opening $NAMED_DATA_DIR $NAMED_MASTERS_DIR $zone"; print DATA_FILE $toprint; close(DATA_FILE); } @@ -339,7 +301,7 @@ $zone = $ref->{'zone'}; # reload named for each concerned zone ONLY -`/usr/local/bin/rndc reload $zone` +`$RNDC_COMMAND reload $zone` } @@ -382,7 +344,7 @@ zone "' . $ref->{'zone'} . '" { type slave; - file "' . $NAMED_DATA_CHROOTED_DIR . 'slaves/' . $ref->{'zone'} . '"; + file "' . $NAMED_DATA_CHROOTED_DIR . $NAMED_MASTERS_DIR . $ref->{'zone'} . '"; masters {' . $masters . '; }; allow-transfer {' . $xfer. '; }; };'; @@ -395,7 +357,7 @@ # reload named for each concerned zone ONLY - `/usr/local/bin/rndc reload $zone` + `$RNDC_COMMAND reload $zone` } @@ -415,7 +377,7 @@ # check if error. If error, DO NOT RELOAD -@result = `/usr/local/sbin/named-checkconf $NAMED_CONF`; +@result = `$CHECKCONF_COMMAND $NAMED_CONF`; $error = 0; foreach(@result){ if(/error/){ @@ -440,9 +402,7 @@ }else{ # reload - `/etc/init.d/named stop`; - `/usr/bin/killall named`; - `/etc/init.d/named start`; + `$RELOADALL_COMMAND`; } # ********************************************************* diff -ur --new-file XName-2.0.4/bin/insertlogs.pl XName/bin/insertlogs.pl --- XName-2.0.4/bin/insertlogs.pl Wed Jun 5 19:43:58 2002 +++ XName/bin/insertlogs.pl Fri Jul 12 17:47:15 2002 @@ -14,30 +14,16 @@ use Time::localtime; use Date::Parse; +require "config.pl"; -#################################### -# DATABASE variables # -#################################### -$DB_HOST='127.0.0.1'; -$DB_PORT='3306'; -$DB_USER='xnameuser'; -$DB_PASSWORD='password'; -$DB_NAME='xnamedev'; - -#################################### -# LOG variables # -#################################### -$LOG_FILE='/tmp/xname.log'; -$LOG_PREFIX='XName-insertlogs'; - - -#################################### -# SYSTEM variables # -#################################### -$SYSLOG_FILE = "/var/log/daemon.log"; +$LOG_PREFIX .= "insertlogs"; ######################################################################## +# To modify configuration parameters, edit config.pl +######################################################################## + +######################################################################## # STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOPS STOP STOP # # Do not edit anything below this line @@ -121,6 +107,13 @@ # if no line is read, don't save last read line ! $readline = 0; +$protectednameddir= $NAMED_DATA_CHROOTED_DIR; +$protectednameddir =~ s/\//\\\//g; +$protectedmastersdir = $NAMED_MASTERS_DIR; +$protectedmastersdir =~ s/\//\\\//g; +$protectedmastersdir = $NAMED_SLAVES_DIR; +$protectedslavesdir =~ s/\//\\\//g; + while(){ $readline++; $line = $_; @@ -142,8 +135,9 @@ if($content =~ /\s('|)([^\/\s]+)\/IN/){ $zonename = $2; }else{ - - if($content =~ /\/var\/named\/(masters|slaves)\/([^:]+):/){ + + if($content =~ + /$protectednameddir($protectedmastersdir|$protectedslavesdir)([^:]+):/){ $zonename = $2; }else{ print LOG $LOG_PREFIX . " : Not matching : $content\n"; @@ -253,7 +247,7 @@ } -deleteOldLogs(60*6); +deleteOldLogs(60*$LOG_HOURS_TO_KEEP); diff -ur --new-file XName-2.0.4/html/backend.php XName/html/backend.php --- XName-2.0.4/html/backend.php Thu Jan 1 01:00:00 1970 +++ XName/html/backend.php Tue Jul 16 15:49:02 2002 @@ -0,0 +1,83 @@ +idsession; +} + +if($logout){ + $user->logout($idsession); +} + +if(!$user->error && $user->authenticated==1){ + $allzones = $user->listallzones(); + if(!notnull($user->error)){ + $numberofzones = count($allzones); + // print number of zones + print "NbZones: $numberofzones\n"; + $Izones = 0; + $Wzones = 0; + $Ezones = 0; + while($otherzone= array_pop($allzones)){ + $newzone = new Zone($db,$otherzone[0],$otherzone[1]); + $status = $newzone->zonestatus(); + switch($status) { + case 'I': + $Izones++; + break; + case 'W': + $Wzones++; + break; + case 'E': + $Ezones++; + break; + } + } + + + // print number of I zones + print "NbI: $Izones\n"; + // print number of W zones + print "NbW: $Wzones\n"; + // print number of E zones + print "NbE: $Ezones\n"; + + }else{ + print "ERROR User"; + } + +}else{ + print "ERROR login - $login & $password"; +} + +?> diff -ur --new-file XName-2.0.4/html/createuser.php XName/html/createuser.php --- XName-2.0.4/html/createuser.php Wed Jun 5 18:11:04 2002 +++ XName/html/createuser.php Tue Jul 16 14:50:01 2002 @@ -19,17 +19,32 @@ include 'includes/header.php'; +if(isset($_REQUEST) && isset($_REQUEST['loginnew'])){ + $loginnew=$_REQUEST['loginnew']; +} if(isset($loginnew)){ - $loginnew=addslashes($loginnew); + $loginnew = addslashes($loginnew); +} + +if(isset($_REQUEST) && isset($_REQUEST['passwordnew'])){ + $passwordnew=$_REQUEST['passwordnew']; } if(isset($passwordnew)){ - $passwordnew=addslashes($passwordnew); + $passwordnew = addslashes($passwordnew); +} + +if(isset($_REQUEST) && isset($_REQUEST['confirmpasswordnew'])){ + $confirmpasswordnew=$_REQUEST['confirmpasswordnew']; } if(isset($confirmpasswordnew)){ - $confirmpasswordnew=addslashes($confirmpasswordnew); + $confirmpasswordnew = addslashes($confirmpasswordnew); +} + +if(isset($_REQUEST) && isset($_REQUEST['email'])){ + $email=$_REQUEST['email']; } if(isset($email)){ - $email=addslashes($email); + $email = addslashes($email); } // zone numbers @@ -99,8 +114,10 @@ if(!notnull($email)){ $missing .= ' email,'; } - if($ihaveread != 1){ - $missing .= ' I have read the disclaimer,'; + if((isset($_REQUEST) && $_REQUEST['ihaveread'] != 1) || (!isset($_REQUEST) + && $ihaveread != 1)){ + $missing .= ' I have read the disclaimer,'; + } } if(notnull($missing)){ diff -ur --new-file XName-2.0.4/html/createzone.php XName/html/createzone.php --- XName-2.0.4/html/createzone.php Wed Jun 5 18:09:28 2002 +++ XName/html/createzone.php Tue Jul 16 14:50:01 2002 @@ -40,7 +40,8 @@ $content = 'you must log in before creating new zone. '; }else{ - if(!isset($zonenamenew)){ + if((isset($_REQUEST) && !isset($_REQUEST['zonenamenew'])) || + (!isset($_REQUEST) && !isset($zonenamenew))){ $content ='
print confirm screen $content = '
Confirmation
diff -ur --new-file XName-2.0.4/html/digwindow.php XName/html/digwindow.php --- XName-2.0.4/html/digwindow.php Wed Jun 5 18:12:55 2002 +++ XName/html/digwindow.php Tue Jul 16 14:50:01 2002 @@ -24,14 +24,25 @@ // protect variables for db usage +if(isset($_REQUEST) && isset($_REQUEST['idsession'])){ + $idsession=$_REQUEST['idsession']; +} if(isset($idsession)){ $idsession=addslashes($idsession); } + +if(isset($_REQUEST) && isset($_REQUEST['login'])){ + $login=$_REQUEST['login']; +} if(isset($login)){ - $login=addslashes($login); + $login = addslashes($login); +} + +if(isset($_REQUEST) && isset($_REQUEST['password'])){ + $password=$_REQUEST['password']; } if(isset($password)){ - $password=addslashes($password); + $password = addslashes($password); } $db = new Db($config); @@ -42,7 +53,8 @@ $idsession=$user->idsession; } -if($logout){ +if((isset($_REQUEST) && $_REQUEST['logout']) || + (!isset($_REQUEST) && $logout == 1)){ $user->logout($idsession); } @@ -57,9 +69,11 @@ } if($user->authenticated==1){ - $zonename = addslashes($zonename); - $zonetype = addslashes($zonetype); - $server = addslashes($server); + if(isset($_REQUEST)){ + $zonename = $REQUEST['zonename']; + $zonetype = $REQUEST['zonetype']; + $server = $REQUEST['server']; + } $zone = new Zone($db,$zonename,$zonetype,$config); if($zone->error){ print "" . $user->error . "\n"; diff -ur --new-file XName-2.0.4/html/includes/header.php XName/html/includes/header.php --- XName-2.0.4/html/includes/header.php Tue Jun 4 22:55:18 2002 +++ XName/html/includes/header.php Tue Jul 16 14:50:01 2002 @@ -7,18 +7,28 @@ print $html->header('Free DNS Hosting Service'); - // protect variables for db usage -if(isset($idsession)){ - $idsession=addslashes($idsession); -} -if(isset($login)){ - $login=addslashes($login); +if(isset($_REQUEST)){ + if(isset($_GET['idsession'])){ + $idsession=addslashes($_GET['idsession']); + } + if(isset($_REQUEST['login'])){ + $login=addslashes($_REQUEST['login']); + } + if(isset($_REQUEST['password'])){ + $password=addslashes($_REQUEST['password']); + } +}else{ + if(isset($idsession)){ + $idsession=addslashes($idsession); + } + if(isset($login)){ + $login=addslashes($login); + } + if(isset($password)){ + $password=addslashes($password); + } } -if(isset($password)){ - $password=addslashes($password); -} - $db = new Db($config); $user = new User($db,$login,$password,$idsession); @@ -27,7 +37,7 @@ $idsession=$user->idsession; } -if($logout){ +if($_REQUEST['logout'] || $logout){ $user->logout($idsession); } diff -ur --new-file XName-2.0.4/html/includes/login.php XName/html/includes/login.php --- XName-2.0.4/html/includes/login.php Wed Jun 12 12:21:54 2002 +++ XName/html/includes/login.php Tue Jul 16 14:50:01 2002 @@ -30,7 +30,7 @@ $content = ' '; diff -ur --new-file XName-2.0.4/html/libs/config.php XName/html/libs/config.php --- XName-2.0.4/html/libs/config.php Wed Jun 5 17:47:21 2002 +++ XName/html/libs/config.php Tue Jul 16 18:32:10 2002 @@ -29,7 +29,8 @@ $this->sitename = 'XName Demo site'; $this->domainname = 'dev.xname.org'; $this->mainurl = 'http://dev.xname.org/'; - $this->contactemail = 'demo@xname.org'; + $this->contactemail = 'demo@xname.org'; // used on web pages + $this->tousersource = 'webserver@xname.org'; // used in to-user emails $this->emailsignature = 'XName DEMO team'; $this->cssurl = "style/xname.css"; // emailfrom & emailto are used when an error @@ -47,6 +48,10 @@ // your NS parameters $this->nsname = 'ns0.xname.org'; $this->nsaddress = '213.11.111.252'; + // bin paths + $this->bindig = '/bin/dig'; + $this->binhost = '/bin/host'; + $this->binnamedcheckzone = '/bin/named-checkzone'; return $this; } } diff -ur --new-file XName-2.0.4/html/libs/xname.php XName/html/libs/xname.php --- XName-2.0.4/html/libs/xname.php Wed Jun 5 18:21:33 2002 +++ XName/html/libs/xname.php Tue Jul 16 14:50:01 2002 @@ -18,6 +18,7 @@ include 'libs/primary.php'; include 'libs/secondary.php'; + // ********************************************************** // Utilities @@ -323,6 +324,11 @@ */ function checkDig($server,$zone){ + // quite awful... +// if(!isset($config)){ +// $config = new Config(); +// } + $result = `/bin/dig soa '$zone' @'$server'`; // check if status:* diff -ur --new-file XName-2.0.4/html/logwindow.php XName/html/logwindow.php --- XName-2.0.4/html/logwindow.php Wed Jun 5 18:17:03 2002 +++ XName/html/logwindow.php Tue Jul 16 14:50:01 2002 @@ -25,14 +25,25 @@ // protect variables for db usage +if(isset($_REQUEST) && isset($_REQUEST['idsession'])){ + $idsession=$_REQUEST['idsession']; +} if(isset($idsession)){ - $idsession=addslashes($idsession); + $idsession = addslashes($idsession); +} + +if(isset($_REQUEST) && isset($_REQUEST['login'])){ + $login=$_REQUEST['login']; } if(isset($login)){ - $login=addslashes($login); + $login = addslashes($login); +} + +if(isset($_REQUEST) && isset($_REQUEST['password'])){ + $password=$_REQUEST['password']; } if(isset($password)){ - $password=addslashes($password); + $password = addslashes($password); } $db = new Db($config); @@ -43,7 +54,8 @@ $idsession=$user->idsession; } -if($logout){ +if((isset($_REQUEST) && $_REQUEST['logout']) || + (!isset($_REQUEST) && $logout == 1)){ $user->logout($idsession); } @@ -58,6 +70,10 @@ } if($user->authenticated==1){ + if(isset($_REQUEST)){ + $zonename = $REQUEST['zonename']; + $zonetype = $REQUEST['zonetype']; + } $zonename = addslashes($zonename); $zonetype = addslashes($zonetype); $zone = new Zone($db,$zonename,$zonetype,$config); diff -ur --new-file XName-2.0.4/html/modify.php XName/html/modify.php --- XName-2.0.4/html/modify.php Wed Jun 5 18:18:09 2002 +++ XName/html/modify.php Tue Jul 16 14:50:01 2002 @@ -37,9 +37,13 @@ if($user->authenticated==1){ + if(isset($_REQUEST) && isset($_REQUEST['zonename'])){ + $zonename=$_REQUEST['zonename']; + $zonetype=$_REQUEST['zonetype']; + } if(notnull($zonename)){ - $zonename=addslashes($zonename); - $zonetype=addslashes($zonetype); + $zonename = addslashes($zonename); + $zonetype = addslashes($zonetype); $zone = new Zone($db,$zonename,$zonetype,$config); if($zone->error){ print "Error: " . $zone->error; @@ -61,16 +65,28 @@ if($zone->zonetype=='P'){ $title .= ' Primary'; + if(isset($_REQUEST)){ + $azone = $_REQUEST['azone']; + $xferip = $_REQUEST['xferip']; + } $azone=addslashes($azone); $xferip=addslashes($xferip); - - $params=array($HTTP_POST_VARS,$azone,$xferip); + if(isset($_REQUEST)){ + $params=array($_REQUEST,$azone,$xferip); + }else{ + $params=array($HTTP_POST_VARS,$azone,$xferip); + } $currentzone = new Primary($db,$zone->zonename,$zone->zonetype,$user,$config); }else{ if($zone->zonetype=='S'){ $title .= ' Secondary'; + if(isset($_REQUEST)){ + $primary = $_REQUEST['primary']; + $xfer = $_REQUEST['xfer']; + $xferip = $_REQUEST['xferip']; + } $primary=addslashes($primary); $xfer=addslashes($xfer); $xferip=addslashes($xferip); @@ -79,7 +95,9 @@ Secondary($db,$zone->zonename,$zone->zonetype,$user,$config); } } - + if(isset($_REQUEST)){ + $modified = $_REQUEST['modified']; + } if($modified == 1){ $content = $currentzone->printModified($params); }else{ diff -ur --new-file XName-2.0.4/html/password.php XName/html/password.php --- XName-2.0.4/html/password.php Wed Jun 5 18:19:06 2002 +++ XName/html/password.php Tue Jul 16 14:50:01 2002 @@ -31,7 +31,8 @@ // main content $title = "Password recovery"; -if(!isset($id) && !isset($account)){ +if((isset($_REQUEST) && !isset($_REQUEST['id']) && !isset($_REQUEST['account'])) + || (!isset($_REQUEST) && !isset($id) && !isset($account))){ $content = ' You have lost your password ?
Fill in the following field, and an email will be sent to you, @@ -49,18 +50,29 @@
'; }else{ - if(notnull($account) || notnull($zonename)){ + if((isset($_REQUEST) && (notnull($_REQUEST['account']) || + notnull($_REQUEST['zonename']))) || + (!isset($_REQUEST) && (notnull($account) || notnull($zonename)))){ $error = 0; - $content = ''; - if(notnull($zonename)){ + $content = ''; + if((isset($_REQUEST) && notnull($_REQUEST['zonename'])) || + (!isset($_REQUEST) && notnull($zonename))){ + if(isset($_REQUEST)){ + $zonename = $_REQUEST['zonename']; + } $zonename = addslashes($zonename); - if(!notnull($zonetype)){ + + if((isset($_REQUEST) && !notnull($_REQUEST['zonetype'])) || + (!isset($_REQUEST) && !notnull($zonetype))){ $content = 'Error: you did not specify zone type'; $error = 1; }else{ + if(isset($_REQUEST)){ + $zonetype = $_REQUEST['zonetype']; + } $zonetype=addslashes($zonetype); - $zone=new Zone($db,$zonename,$zonetype); + $zone=new Zone($db,$zonename,$zonetype,$config); if(notnull($zone->error)){ $content = 'Error: ' . $zone->error; $error=1; @@ -70,7 +82,11 @@ } } }else{ - if(notnull($account)){ + if((isset($_REQUEST) && notnull($_REQUEST['account'])) || + (!isset($_REQUEST) && notnull($account))){ + if(isset($_REQUEST)){ + $account = $_REQUEST['account']; + } $account = addslashes($account); if(!$user->Exists($account)){ $error = 1; @@ -110,7 +126,7 @@ />'; $content .= 'Recovery mail not sent.'; }else{ - if(mailer($config->contactemail,$email, + if(mailer($config->tousersource,$email, $config->sitename . " password recovery","",$mailbody)){ $content .= ' Recorvery mail was successfully sent to your @@ -133,7 +149,11 @@ } }else{ - if(isset($id)){ + if((isset($_REQUEST) && isset($_REQUEST['id'])) || + (!isset($_REQUEST) && isset($id))){ + if(isset($_REQUEST)){ + $id = $_REQUEST['id']; + } $id=addslashes($id); if($user->validateIDRecovery($id)){ // id OK, validate @@ -152,14 +172,23 @@ URL'; } }else{ - if(notnull($zonename)){ + if((isset($_REQUEST) && notnull($_REQUEST['zonename'])) || + (!isset($_REQUEST) && notnull($zonename))){ + if(isset($_REQUEST)){ + $zonename = $_REQUEST['zonename']; + } $zonename = addslashes($zonename); - if(!notnull($zonetype)){ + + if((isset($_REQUEST) && !notnull($_REQUEST['zonetype'])) || + (!isset($_REQUEST) && !notnull($zonetype))){ $content = 'Error: you did not specify zone type'; $error = 1; }else{ - $zonetype=addslashes($zonetype); + if(isset($_REQUEST)){ + $zonetype=$_REQUEST['zonetype']; + } + $zonetype = addslashes($zonetype); $zone=new Zone($db,$zonename,$zonetype); if(notnull($zone->error)){ $content = 'Error: ' . $zone->error; diff -ur --new-file XName-2.0.4/html/user.php XName/html/user.php --- XName-2.0.4/html/user.php Wed Jun 5 18:20:01 2002 +++ XName/html/user.php Tue Jul 16 14:50:01 2002 @@ -37,7 +37,8 @@ }else{ // print login, email, change password // valid or not - if(!$modify){ + if((isset($_REQUEST) && !$_REQUEST['modify']) || + (!isset($_REQUEST) && !$modify)){ $content = '
@@ -68,7 +69,11 @@ }else{ $content = ""; // check if newlogin already exists or not - if(notnull($newlogin)){ + if((isset($_REQUEST) && notnull($_REQUEST['newlogin'])) || + (!isset($_REQUEST) && notnull($newlogin))){ + if(isset($_REQUEST)){ + $newlogin = $_REQUEST['newlogin']; + } $newlogin=addslashes($newlogin); $content .= 'Changing your login name... '; if(!checkName($newlogin)){ @@ -93,6 +98,9 @@ // check if mail modified or not // if modified ==> valid=0 // password + if(isset($_REQUEST)){ + $email = $_REQUEST['email']; + } if($email != $user->Retrievemail()){ // mail modified // check & warn if bad @@ -149,7 +157,7 @@ $content .= $user->error; }else{ - if(mailer($config->emailfrom,$email, $config->sitename . + if(mailer($config->tousersource,$email, $config->sitename . " email validation","",$mailbody)){ $content .= 'OK.

A mail was succesfully sent to you, to validate your @@ -171,12 +179,20 @@ } if(!$error){ - if($oldpass){ + if((isset($_REQUEST) && $_REQUEST['oldpass']) || + (!isset($_REQUEST) && $oldpass)){ $content .= 'Modifying password... '; // check if old = current + if(isset($_REQUEST)){ + $oldpass = $_REQUEST['oldpass']; + } $oldpass = addslashes($oldpass); if($oldpass == $user->Retrievepassword()){ // check if new = confirmnew + if(isset($_REQUEST)){ + $passnew = $_REQUEST['passnew']; + $confirmpassnew = $_REQUEST['confirmpassnew']; + } if($passnew != $confirmpassnew){ $error = 1; $content .= 'Error: new passwords do not diff -ur --new-file XName-2.0.4/html/validate.php XName/html/validate.php --- XName-2.0.4/html/validate.php Wed Jun 5 18:20:50 2002 +++ XName/html/validate.php Tue Jul 16 14:50:01 2002 @@ -24,7 +24,11 @@ $title = 'Email validation'; -if(notnull($id)){ +if((isset($_REQUEST) && notnull($_REQUEST['id'])) || + (!isset($_REQUEST) && notnull($id))){ + if(isset($_REQUEST)){ + $id = $_REQUEST['id']; + } if($user->validateIDEmail($id)){ $content = 'Your email is now flagged as valid.