0ct0pu5
/
servnest


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778
							<?php

if (processForm()) {
	$_POST['domain'] = formatAbsoluteDomain($_POST['domain']);

	if (query('select', 'zones', ['zone' => $_POST['domain']], 'zone') !== [])
		output(403, 'Cette zone existe déjà sur ce service.');

	exec(CONF['ns']['kdig_path'] . ' ' . ltrim(strstr($_POST['domain'], '.'), '.') . ' NS +short', $parentAuthoritatives);
	if ($parentAuthoritatives === [])
		output(403, 'Serveurs de noms de la zone parente introuvables');
	foreach ($parentAuthoritatives as $parentAuthoritative)
		checkAbsoluteDomainFormat($parentAuthoritative);

	exec(CONF['ns']['kdig_path'] . ' ' . $_POST['domain'] . ' NS @' . $parentAuthoritatives[0] . ' +noidn', $results);
	if (preg_match('/^' . preg_quote($_POST['domain'], '/') . '[\t ]+[0-9]{1,8}[\t ]+IN[\t ]+NS[\t ]+(?<salt>[0-9a-f]{8})-(?<hash>[0-9a-f]{32})\.auth-owner.+$/m', implode(LF, $results), $matches) !== 1)
		output(403, 'Enregistrement d\'authentification introuvable');

	checkAuthToken($matches['salt'], $matches['hash']);

	rateLimit();

	insert('zones', [
		'zone' => $_POST['domain'],
		'username' => $_SESSION['username'],
	]);

	$knotZonePath = CONF['ns']['knot_zones_path'] . '/' . $_POST['domain'] . 'zone';
	$knotZone = implode(' ', [
		$_POST['domain'],
		SOA_VALUES['ttl'],
		'SOA',
		CONF['ns']['servers'][0],
		SOA_VALUES['email'],
		1,
		SOA_VALUES['refresh'],
		SOA_VALUES['retry'],
		SOA_VALUES['expire'],
		SOA_VALUES['negative'],
	]) . LF;
	foreach (CONF['ns']['servers'] as $server)
		$knotZone .= $_POST['domain'] . ' 86400 NS ' . $server . LF;
	if (is_int(file_put_contents($knotZonePath, $knotZone)) !== true)
		output(500, 'Failed to write new zone file.');
	if (chmod($knotZonePath, 0660) !== true)
		output(500, 'Failed to chmod new zone file.');

	knotcConfExec([
		"set 'zone[" . $_POST['domain'] . "]'",
		"set 'zone[" . $_POST['domain'] . "].template' 'niver'",
	]);

	output(200, 'La zone a été créée.');
}

$proof = getAuthToken();

?>

<p>
	Le domaine doit avoir un <?= linkToDocs('ns-record', 'enregistrement NS') ?> qui commence par <code><?= $proof ?>.auth-owner</code> lors du traitement de ce formulaire.
</p>

<p>
	La zone sera servie par ces serveurs de noms :
	<ul>
<?php
foreach (CONF['ns']['servers'] as $server)
	echo '	<li><code>' . $server . '</code></li>';
?>
	</ul>
</p>

<form method="post">
	<label for="domain">Domaine</label><br>
	<input required="" placeholder="domain.<?= PLACEHOLDER_DOMAIN ?>." id="domain" name="domain" type="text"><br>
	<input value="Ajouter" type="submit">
</form>