hestiacp/web/edit/dns/index.php

<?php
use function Hestiacp\quoteshellarg\quoteshellarg;

ob_start();
$TAB = "DNS";

// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";

// Check domain name
if (empty($_GET["domain"])) {
	header("Location: /list/dns/");
	exit();
}

// Edit as someone else?
if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
	$user = quoteshellarg($_GET["user"]);
	$user_plain = htmlentities($_GET["user"]);
}

// List ip addresses
exec(HESTIA_CMD . "v-list-user-ips " . $user . " json", $output, $return_var);
$v_ips = json_decode(implode("", $output), true);
unset($output);

// List dns domain
if (!empty($_GET["domain"]) && empty($_GET["record_id"])) {
	$v_domain = quoteshellarg($_GET["domain"]);
	exec(
		HESTIA_CMD . "v-list-dns-domain " . $user . " " . $v_domain . " json",
		$output,
		$return_var,
	);
	check_return_code_redirect($return_var, $output, "/list/dns/");
	$data = json_decode(implode("", $output), true);
	unset($output);

	// Parse dns domain
	$v_username = $user;
	$v_domain = $_GET["domain"];
	$v_ip = $data[$v_domain]["IP"];
	$v_template = $data[$v_domain]["TPL"];
	$v_ttl = $data[$v_domain]["TTL"];
	$v_dnssec = $data[$v_domain]["DNSSEC"];
	$v_exp = $data[$v_domain]["EXP"];
	$v_soa = $data[$v_domain]["SOA"];
	$v_date = $data[$v_domain]["DATE"];
	$v_time = $data[$v_domain]["TIME"];
	$v_suspended = $data[$v_domain]["SUSPENDED"];
	if ($v_suspended == "yes") {
		$v_status = "suspended";
	} else {
		$v_status = "active";
	}

	// List dns templates
	exec(HESTIA_CMD . "v-list-dns-templates json", $output, $return_var);
	$templates = json_decode(implode("", $output), true);
	unset($output);
}

// List dns record
if (!empty($_GET["domain"]) && !empty($_GET["record_id"])) {
	$v_domain = quoteshellarg($_GET["domain"]);
	$v_record_id = quoteshellarg($_GET["record_id"]);
	exec(
		HESTIA_CMD . "v-list-dns-records " . $user . " " . $v_domain . " 'json'",
		$output,
		$return_var,
	);
	check_return_code_redirect($return_var, $output, "/list/dns/");
	$data = json_decode(implode("", $output), true);
	unset($output);
	// Parse dns record
	$v_username = $user;
	$v_domain = $_GET["domain"];
	$v_record_id = $_GET["record_id"];
	$v_rec = $data[$v_record_id]["RECORD"];
	$v_type = $data[$v_record_id]["TYPE"];
	$v_val = $data[$v_record_id]["VALUE"];
	$v_priority = $data[$v_record_id]["PRIORITY"];
	$v_suspended = $data[$v_record_id]["SUSPENDED"];
	if ($v_suspended == "yes") {
		$v_status = "suspended";
	} else {
		$v_status = "active";
	}
	$v_date = $data[$v_record_id]["DATE"];
	$v_time = $data[$v_record_id]["TIME"];
	$v_ttl = $data[$v_record_id]["TTL"];
}

// Check POST request for dns domain
if (!empty($_POST["save"]) && !empty($_GET["domain"]) && empty($_GET["record_id"])) {
	$v_domain = quoteshellarg($_POST["v_domain"]);

	// Check token
	verify_csrf($_POST);

	// Change domain IP
	if ($v_ip != $_POST["v_ip"] && empty($_SESSION["error_msg"])) {
		$v_ip = quoteshellarg($_POST["v_ip"]);
		exec(
			HESTIA_CMD .
				"v-change-dns-domain-ip " .
				$user .
				" " .
				$v_domain .
				" " .
				$v_ip .
				" 'no'",
			$output,
			$return_var,
		);
		check_return_code($return_var, $output);
		$restart_dns = "yes";
		unset($output);
	}

	// Change domain template
	if ($v_template != $_POST["v_template"] && empty($_SESSION["error_msg"])) {
		$v_template = quoteshellarg($_POST["v_template"]);
		exec(
			HESTIA_CMD .
				"v-change-dns-domain-tpl " .
				$user .
				" " .
				$v_domain .
				" " .
				$v_template .
				" 'no'",
			$output,
			$return_var,
		);
		check_return_code($return_var, $output);
		unset($output);
		$restart_dns = "yes";
	}

	// Change SOA record
	if ($v_soa != $_POST["v_soa"] && empty($_SESSION["error_msg"])) {
		$v_soa = quoteshellarg($_POST["v_soa"]);
		exec(
			HESTIA_CMD .
				"v-change-dns-domain-soa " .
				$user .
				" " .
				$v_domain .
				" " .
				$v_soa .
				" 'no'",
			$output,
			$return_var,
		);
		check_return_code($return_var, $output);
		unset($output);
		$restart_dns = "yes";
	}

	// Change expiration date
	if ($v_exp != $_POST["v_exp"] && empty($_SESSION["error_msg"])) {
		$v_exp = quoteshellarg($_POST["v_exp"]);
		exec(
			HESTIA_CMD .
				"v-change-dns-domain-exp " .
				$user .
				" " .
				$v_domain .
				" " .
				$v_exp .
				" 'no'",
			$output,
			$return_var,
		);
		check_return_code($return_var, $output);
		unset($output);
	}

	// Change domain ttl
	if ($v_ttl != $_POST["v_ttl"] && empty($_SESSION["error_msg"])) {
		$v_ttl = quoteshellarg($_POST["v_ttl"]);
		exec(
			HESTIA_CMD .
				"v-change-dns-domain-ttl " .
				$user .
				" " .
				$v_domain .
				" " .
				$v_ttl .
				" 'no'",
			$output,
			$return_var,
		);
		check_return_code($return_var, $output);
		unset($output);
		$restart_dns = "yes";
	}
	// Change domain dnssec
	if ($_POST["v_dnssec"] == "" && $v_dnssec == "yes" && empty($_SESSION["error_msg"])) {
		exec(
			HESTIA_CMD . "v-change-dns-domain-dnssec " . $user . " " . $v_domain . " 'no'",
			$output,
			$return_var,
		);
		check_return_code($return_var, $output);
		unset($output);
		$v_dnssec = "no";
		$restart_dns = "yes";
	}

	// Change domain dnssec
	if ($_POST["v_dnssec"] == "yes" && $v_dnssec !== "yes" && empty($_SESSION["error_msg"])) {
		exec(
			HESTIA_CMD . "v-change-dns-domain-dnssec " . $user . " " . $v_domain . " 'yes'",
			$output,
			$return_var,
		);
		check_return_code($return_var, $output);
		unset($output);
		$v_dnssec = "yes";
		$restart_dns = "yes";
	}

	// Restart dns server
	if (!empty($restart_dns) && empty($_SESSION["error_msg"])) {
		exec(HESTIA_CMD . "v-restart-dns", $output, $return_var);
		check_return_code($return_var, $output);
		unset($output);
	}

	// Set success message
	if (empty($_SESSION["error_msg"])) {
		$_SESSION["ok_msg"] = _("Changes have been saved.");
	}
	// Restart dns server
	if (empty($_SESSION["error_msg"])) {
		exec(HESTIA_CMD . "v-restart-dns", $output, $return_var);
		check_return_code($return_var, $output);
		unset($output);
	}
}

// Check POST request for dns record
if (!empty($_POST["save"]) && !empty($_GET["domain"]) && !empty($_GET["record_id"])) {
	// Check token
	verify_csrf($_POST);

	// Protect input
	$v_domain = quoteshellarg($_POST["v_domain"]);
	$v_record_id = quoteshellarg($_POST["v_record_id"]);

	// Change dns record
	if (
		$v_rec != $_POST["v_rec"] ||
		$v_type != $_POST["v_type"] ||
		$v_val != $_POST["v_val"] ||
		$v_priority != $_POST["v_priority"] ||
		($v_ttl != $_POST["v_ttl"] && empty($_SESSION["error_msg"]))
	) {
		$v_rec = quoteshellarg($_POST["v_rec"]);
		$v_type = quoteshellarg($_POST["v_type"]);
		$v_val = quoteshellarg($_POST["v_val"]);
		$v_priority = quoteshellarg($_POST["v_priority"]);
		$v_ttl = quoteshellarg($_POST["v_ttl"]);
		exec(
			HESTIA_CMD .
				"v-change-dns-record " .
				$user .
				" " .
				$v_domain .
				" " .
				$v_record_id .
				" " .
				$v_rec .
				" " .
				$v_type .
				" " .
				$v_val .
				" " .
				$v_priority .
				" yes " .
				$v_ttl,
			$output,
			$return_var,
		);
		check_return_code($return_var, $output);
		$v_rec = $_POST["v_rec"];
		$v_type = $_POST["v_type"];
		$v_val = $_POST["v_val"];
		unset($output);
		$restart_dns = "yes";
	}

	// Change dns record id
	if ($_GET["record_id"] != $_POST["v_record_id"] && empty($_SESSION["error_msg"])) {
		$v_old_record_id = quoteshellarg($_GET["record_id"]);
		exec(
			HESTIA_CMD .
				"v-change-dns-record-id " .
				$user .
				" " .
				$v_domain .
				" " .
				$v_old_record_id .
				" " .
				$v_record_id,
			$output,
			$return_var,
		);
		check_return_code($return_var, $output);
		unset($output);
		$restart_dns = "yes";
	}

	// Restart dns server
	if (!empty($restart_dns) && empty($_SESSION["error_msg"])) {
		exec(HESTIA_CMD . "v-restart-dns", $output, $return_var);
		check_return_code($return_var, $output);
		unset($output);
	}

	// Set success message
	if (empty($_SESSION["error_msg"])) {
		$_SESSION["ok_msg"] = _("Changes have been saved.");
	}

	// Change url if record id was changed
	if (empty($_SESSION["error_msg"]) && $_GET["record_id"] != $_POST["v_record_id"]) {
		header(
			"Location: /edit/dns/?domain=" .
				$_GET["domain"] .
				"&record_id=" .
				$_POST["v_record_id"],
		);
		exit();
	}
}

// Render page
if (empty($_GET["record_id"])) {
	// Display body for dns domain
	render_page($user, $TAB, "edit_dns");
} else {
	if (empty($data[$_GET["record_id"]])) {
		header("Location: /list/dns/");
		$_SESSION["error_msg"] = _("Error: unknown record ID.");
	}
	// Display body for dns record
	render_page($user, $TAB, "edit_dns_rec");
}

// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);
Initial 2 years ago			`<?php`
			`use function Hestiacp\quoteshellarg\quoteshellarg;`

			`ob_start();`
			`$TAB = "DNS";`

			`// Main include`
			`include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";`

			`// Check domain name`
			`if (empty($_GET["domain"])) {`
			`header("Location: /list/dns/");`
			`exit();`
			`}`

			`// Edit as someone else?`
			`if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {`
			`$user = quoteshellarg($_GET["user"]);`
			`$user_plain = htmlentities($_GET["user"]);`
			`}`

			`// List ip addresses`
			`exec(HESTIA_CMD . "v-list-user-ips " . $user . " json", $output, $return_var);`
			`$v_ips = json_decode(implode("", $output), true);`
			`unset($output);`

			`// List dns domain`
			`if (!empty($_GET["domain"]) && empty($_GET["record_id"])) {`
			`$v_domain = quoteshellarg($_GET["domain"]);`
			`exec(`
			`HESTIA_CMD . "v-list-dns-domain " . $user . " " . $v_domain . " json",`
			`$output,`
			`$return_var,`
			`);`
			`check_return_code_redirect($return_var, $output, "/list/dns/");`
			`$data = json_decode(implode("", $output), true);`
			`unset($output);`

			`// Parse dns domain`
			`$v_username = $user;`
			`$v_domain = $_GET["domain"];`
			`$v_ip = $data[$v_domain]["IP"];`
			`$v_template = $data[$v_domain]["TPL"];`
			`$v_ttl = $data[$v_domain]["TTL"];`
			`$v_dnssec = $data[$v_domain]["DNSSEC"];`
			`$v_exp = $data[$v_domain]["EXP"];`
			`$v_soa = $data[$v_domain]["SOA"];`
			`$v_date = $data[$v_domain]["DATE"];`
			`$v_time = $data[$v_domain]["TIME"];`
			`$v_suspended = $data[$v_domain]["SUSPENDED"];`
			`if ($v_suspended == "yes") {`
			`$v_status = "suspended";`
			`} else {`
			`$v_status = "active";`
			`}`

			`// List dns templates`
			`exec(HESTIA_CMD . "v-list-dns-templates json", $output, $return_var);`
			`$templates = json_decode(implode("", $output), true);`
			`unset($output);`
			`}`

			`// List dns record`
			`if (!empty($_GET["domain"]) && !empty($_GET["record_id"])) {`
			`$v_domain = quoteshellarg($_GET["domain"]);`
			`$v_record_id = quoteshellarg($_GET["record_id"]);`
			`exec(`
			`HESTIA_CMD . "v-list-dns-records " . $user . " " . $v_domain . " 'json'",`
			`$output,`
			`$return_var,`
			`);`
			`check_return_code_redirect($return_var, $output, "/list/dns/");`
			`$data = json_decode(implode("", $output), true);`
			`unset($output);`
			`// Parse dns record`
			`$v_username = $user;`
			`$v_domain = $_GET["domain"];`
			`$v_record_id = $_GET["record_id"];`
			`$v_rec = $data[$v_record_id]["RECORD"];`
			`$v_type = $data[$v_record_id]["TYPE"];`
			`$v_val = $data[$v_record_id]["VALUE"];`
			`$v_priority = $data[$v_record_id]["PRIORITY"];`
			`$v_suspended = $data[$v_record_id]["SUSPENDED"];`
			`if ($v_suspended == "yes") {`
			`$v_status = "suspended";`
			`} else {`
			`$v_status = "active";`
			`}`
			`$v_date = $data[$v_record_id]["DATE"];`
			`$v_time = $data[$v_record_id]["TIME"];`
			`$v_ttl = $data[$v_record_id]["TTL"];`
			`}`

			`// Check POST request for dns domain`
			`if (!empty($_POST["save"]) && !empty($_GET["domain"]) && empty($_GET["record_id"])) {`
			`$v_domain = quoteshellarg($_POST["v_domain"]);`

			`// Check token`
			`verify_csrf($_POST);`

			`// Change domain IP`
			`if ($v_ip != $_POST["v_ip"] && empty($_SESSION["error_msg"])) {`
			`$v_ip = quoteshellarg($_POST["v_ip"]);`
			`exec(`
			`HESTIA_CMD .`
			`"v-change-dns-domain-ip " .`
			`$user .`
			`" " .`
			`$v_domain .`
			`" " .`
			`$v_ip .`
			`" 'no'",`
			`$output,`
			`$return_var,`
			`);`
			`check_return_code($return_var, $output);`
			`$restart_dns = "yes";`
			`unset($output);`
			`}`

			`// Change domain template`
			`if ($v_template != $_POST["v_template"] && empty($_SESSION["error_msg"])) {`
			`$v_template = quoteshellarg($_POST["v_template"]);`
			`exec(`
			`HESTIA_CMD .`
			`"v-change-dns-domain-tpl " .`
			`$user .`
			`" " .`
			`$v_domain .`
			`" " .`
			`$v_template .`
			`" 'no'",`
			`$output,`
			`$return_var,`
			`);`
			`check_return_code($return_var, $output);`
			`unset($output);`
			`$restart_dns = "yes";`
			`}`

			`// Change SOA record`
			`if ($v_soa != $_POST["v_soa"] && empty($_SESSION["error_msg"])) {`
			`$v_soa = quoteshellarg($_POST["v_soa"]);`
			`exec(`
			`HESTIA_CMD .`
			`"v-change-dns-domain-soa " .`
			`$user .`
			`" " .`
			`$v_domain .`
			`" " .`
			`$v_soa .`
			`" 'no'",`
			`$output,`
			`$return_var,`
			`);`
			`check_return_code($return_var, $output);`
			`unset($output);`
			`$restart_dns = "yes";`
			`}`

			`// Change expiration date`
			`if ($v_exp != $_POST["v_exp"] && empty($_SESSION["error_msg"])) {`
			`$v_exp = quoteshellarg($_POST["v_exp"]);`
			`exec(`
			`HESTIA_CMD .`
			`"v-change-dns-domain-exp " .`
			`$user .`
			`" " .`
			`$v_domain .`
			`" " .`
			`$v_exp .`
			`" 'no'",`
			`$output,`
			`$return_var,`
			`);`
			`check_return_code($return_var, $output);`
			`unset($output);`
			`}`

			`// Change domain ttl`
			`if ($v_ttl != $_POST["v_ttl"] && empty($_SESSION["error_msg"])) {`
			`$v_ttl = quoteshellarg($_POST["v_ttl"]);`
			`exec(`
			`HESTIA_CMD .`
			`"v-change-dns-domain-ttl " .`
			`$user .`
			`" " .`
			`$v_domain .`
			`" " .`
			`$v_ttl .`
			`" 'no'",`
			`$output,`
			`$return_var,`
			`);`
			`check_return_code($return_var, $output);`
			`unset($output);`
			`$restart_dns = "yes";`
			`}`
			`// Change domain dnssec`
			`if ($_POST["v_dnssec"] == "" && $v_dnssec == "yes" && empty($_SESSION["error_msg"])) {`
			`exec(`
			`HESTIA_CMD . "v-change-dns-domain-dnssec " . $user . " " . $v_domain . " 'no'",`
			`$output,`
			`$return_var,`
			`);`
			`check_return_code($return_var, $output);`
			`unset($output);`
			`$v_dnssec = "no";`
			`$restart_dns = "yes";`
			`}`

			`// Change domain dnssec`
			`if ($_POST["v_dnssec"] == "yes" && $v_dnssec !== "yes" && empty($_SESSION["error_msg"])) {`
			`exec(`
			`HESTIA_CMD . "v-change-dns-domain-dnssec " . $user . " " . $v_domain . " 'yes'",`
			`$output,`
			`$return_var,`
			`);`
			`check_return_code($return_var, $output);`
			`unset($output);`
			`$v_dnssec = "yes";`
			`$restart_dns = "yes";`
			`}`

			`// Restart dns server`
			`if (!empty($restart_dns) && empty($_SESSION["error_msg"])) {`
			`exec(HESTIA_CMD . "v-restart-dns", $output, $return_var);`
			`check_return_code($return_var, $output);`
			`unset($output);`
			`}`

			`// Set success message`
			`if (empty($_SESSION["error_msg"])) {`
			`$_SESSION["ok_msg"] = _("Changes have been saved.");`
			`}`
			`// Restart dns server`
			`if (empty($_SESSION["error_msg"])) {`
			`exec(HESTIA_CMD . "v-restart-dns", $output, $return_var);`
			`check_return_code($return_var, $output);`
			`unset($output);`
			`}`
			`}`

			`// Check POST request for dns record`
			`if (!empty($_POST["save"]) && !empty($_GET["domain"]) && !empty($_GET["record_id"])) {`
			`// Check token`
			`verify_csrf($_POST);`

			`// Protect input`
			`$v_domain = quoteshellarg($_POST["v_domain"]);`
			`$v_record_id = quoteshellarg($_POST["v_record_id"]);`

			`// Change dns record`
			`if (`
			`$v_rec != $_POST["v_rec"] \|\|`
			`$v_type != $_POST["v_type"] \|\|`
			`$v_val != $_POST["v_val"] \|\|`
			`$v_priority != $_POST["v_priority"] \|\|`
			`($v_ttl != $_POST["v_ttl"] && empty($_SESSION["error_msg"]))`
			`) {`
			`$v_rec = quoteshellarg($_POST["v_rec"]);`
			`$v_type = quoteshellarg($_POST["v_type"]);`
			`$v_val = quoteshellarg($_POST["v_val"]);`
			`$v_priority = quoteshellarg($_POST["v_priority"]);`
			`$v_ttl = quoteshellarg($_POST["v_ttl"]);`
			`exec(`
			`HESTIA_CMD .`
			`"v-change-dns-record " .`
			`$user .`
			`" " .`
			`$v_domain .`
			`" " .`
			`$v_record_id .`
			`" " .`
			`$v_rec .`
			`" " .`
			`$v_type .`
			`" " .`
			`$v_val .`
			`" " .`
			`$v_priority .`
			`" yes " .`
			`$v_ttl,`
			`$output,`
			`$return_var,`
			`);`
			`check_return_code($return_var, $output);`
			`$v_rec = $_POST["v_rec"];`
			`$v_type = $_POST["v_type"];`
			`$v_val = $_POST["v_val"];`
			`unset($output);`
			`$restart_dns = "yes";`
			`}`

			`// Change dns record id`
			`if ($_GET["record_id"] != $_POST["v_record_id"] && empty($_SESSION["error_msg"])) {`
			`$v_old_record_id = quoteshellarg($_GET["record_id"]);`
			`exec(`
			`HESTIA_CMD .`
			`"v-change-dns-record-id " .`
			`$user .`
			`" " .`
			`$v_domain .`
			`" " .`
			`$v_old_record_id .`
			`" " .`
			`$v_record_id,`
			`$output,`
			`$return_var,`
			`);`
			`check_return_code($return_var, $output);`
			`unset($output);`
			`$restart_dns = "yes";`
			`}`

			`// Restart dns server`
			`if (!empty($restart_dns) && empty($_SESSION["error_msg"])) {`
			`exec(HESTIA_CMD . "v-restart-dns", $output, $return_var);`
			`check_return_code($return_var, $output);`
			`unset($output);`
			`}`

			`// Set success message`
			`if (empty($_SESSION["error_msg"])) {`
			`$_SESSION["ok_msg"] = _("Changes have been saved.");`
			`}`

			`// Change url if record id was changed`
			`if (empty($_SESSION["error_msg"]) && $_GET["record_id"] != $_POST["v_record_id"]) {`
			`header(`
			`"Location: /edit/dns/?domain=" .`
			`$_GET["domain"] .`
			`"&record_id=" .`
			`$_POST["v_record_id"],`
			`);`
			`exit();`
			`}`
			`}`

			`// Render page`
			`if (empty($_GET["record_id"])) {`
			`// Display body for dns domain`
			`render_page($user, $TAB, "edit_dns");`
			`} else {`
			`if (empty($data[$_GET["record_id"]])) {`
			`header("Location: /list/dns/");`
			`$_SESSION["error_msg"] = _("Error: unknown record ID.");`
			`}`
			`// Display body for dns record`
			`render_page($user, $TAB, "edit_dns_rec");`
			`}`

			`// Flush session messages`
			`unset($_SESSION["error_msg"]);`
			`unset($_SESSION["ok_msg"]);`