servnest/ns.php

<?php

function nsCommonRequirements() {
	if (isset($_POST['action'])
		AND isset($_POST['zone'])
		AND isset($_POST['ttl-value'])
		AND isset($_POST['ttl-multiplier'])
		AND isset($_SESSION['username'])
	) {
		antiCSRF();
		return true;
	}
}

function nsParseCommonRequirements() {
	$values['action'] = checkAction($_POST['action']);

	nsCheckZonePossession($_POST['zone']);

	if (($_POST['subdomain'] === "") OR ($_POST['subdomain'] === "@"))
		$values['domain'] = $_POST['zone'];
	else
		$values['domain'] = $_POST['subdomain'] . "." . $_POST['zone'];
	checkAbsoluteDomainFormat($values['domain']);

	$values['ttl'] = $_POST['ttl-value'] * $_POST['ttl-multiplier'];

	if (!($values['ttl'] >= 300 AND $values['ttl'] <= 432000))
		exit("Erreur : le TTL doit être compris entre 5 minutes et 5 jours (entre 300 et 432000 secondes)");

	return $values;
}

function nsListUserZones($username) {
	$db = new PDO('sqlite:' . DB_PATH);
	$usernameArray[0] = $username;

	$op = $db->prepare('SELECT zone FROM zones WHERE username = ?');
	$op->execute($usernameArray);

	$data = $op->fetch();
	if (isset($data['zone']))
		$zone = $data['zone'];
	else
		$zone = NULL;

	$i = 0;
	$zones = NULL;

	while ($zone != NULL) {
		$zones[$i] = $zone;
		$i++;
		$data = $op->fetch();
		if (isset($data['zone']))
			$zone = $data['zone'];
		else
			$zone = NULL;
	}

	return $zones;
}

function nsCheckZonePossession($submittedZone) {
	checkAbsoluteDomainFormat($submittedZone);

	$db = new PDO('sqlite:' . DB_PATH);
	$username[0] = $_SESSION['username'];

	$op = $db->prepare('SELECT zone FROM zones WHERE username = ?');
	$op->execute($username);

	$dbZone = $op->fetch()['zone'];

	while ($dbZone != NULL) {
		if ($dbZone === $submittedZone) return;
		$dbZone = $op->fetch()['zone'];
	}

	// If there is no entry in the database for the user matching the submitted zone
	exit("ERROR: You don't own this zone on the nameserver");
}