Alex9779/hostnames.sql

## hostnames.sql
CREATE TABLE hostnames (
 hostname       VARCHAR(255) PRIMARY KEY,
 username       VARCHAR(255) NOT NULL
);
CREATE UNIQUE INDEX hostname_index ON hostnames(hostname);

## update.php
<?php

$IP = getRealIPAddr();
$HOSTNAME = $_REQUEST['hostname'];
$USERNAME = "";
$PASSWORD = "";

if(!isset($HOSTNAME))
  exit(1);

if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
  $USERNAME=$_SERVER['PHP_AUTH_USER'];
  $PASSWORD=$_SERVER['PHP_AUTH_PW'];
}
elseif(isset($_GET['username']) && isset($_GET['password'])) {
  $USERNAME=$_GET['username'];
  $PASSWORD=$_GET['password'];
}
else
  authFail();

try {
  $db = new PDO("mysql:host=localhost;dbname=pdns","pdns", "secretdbpassword");
} catch(PDOException $e) {
  echo $e->getMessage();
}

$dbh = $db->prepare("SELECT user.username AS username, user.password AS password FROM hostnames LEFT JOIN user ON hostnames.username=user.username WHERE hostname=:hostname");
$dbh->bindparam(':hostname', $HOSTNAME);
$dbh->execute();
$dbr=$dbh->fetch(PDO::FETCH_LAZY);

if(!isset($dbr['username']) || !isset($dbr['password']) ||
    $dbr['username']!=$USERNAME || md5($PASSWORD)!=$dbr['password']) {
  authFail();
}

$dbh = $db->prepare("SELECT id, domain_id FROM records WHERE name=:hostname");
$dbh->bindparam(':hostname', $HOSTNAME);
$dbh->execute();
$dbr=$dbh->fetch(PDO::FETCH_LAZY);

$time = (int)time();

$dbh = $db->prepare("UPDATE records SET content=:content, change_date=:change_date WHERE id=:id");
$dbh->bindparam(':content', $IP);
$dbh->bindparam(':change_date', $time);
$dbh->bindparam(':id', $dbr['id']);
$dbh->execute();

updateSerial($dbr['domain_id']);
print("Success.");

function authFail() {
  header('WWW-Authenticate: Basic realm="My Realm"');
  header('HTTP/1.0 401 Unauthorized');
  exit(1);
}

function updateSerial($domain_id) {
  global $db;

  $dbh = $db->prepare("SELECT content FROM records WHERE type='SOA' AND domain_id=:domain_id");
  $dbh->bindparam(':domain_id', $domain_id);
  $dbh->execute();
  $row = $dbh->fetch(PDO::FETCH_LAZY);

  if(!isset($row['content']))
    die;

  preg_match("/([^\s]+) ([^\s]+) (\d+) (\d+) (\d+) (\d+) (\d+)/", $row['content'], $match);

  if(!isset($match[3]))
    die;
  $dbh = $db->prepare("UPDATE records SET content=:content WHERE type='SOA' AND domain_id=:domain_id");
  $dbh->bindparam(':content', sprintf("%s %s %d %d %d %d %d", $match[1], $match[2], $match[3]+1, $match[4], $match[5], $match[6], $match[7]));
  $dbh->bindparam(':domain_id', $domain_id);
  $dbh->execute();
}

function getRealIPAddr()
{
    if (!empty($_SERVER['HTTP_CLIENT_IP']))   //check ip from share internet
    {
        $ip=$_SERVER['HTTP_CLIENT_IP'];
    }
    elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))   //to check ip is pass from proxy
    {
        $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
    }
    else
    {
        $ip=$_SERVER['REMOTE_ADDR'];
    }
    return $ip;
}
?>
	CREATE TABLE hostnames (
	hostname VARCHAR(255) PRIMARY KEY,
	username VARCHAR(255) NOT NULL
	);
	CREATE UNIQUE INDEX hostname_index ON hostnames(hostname);
	<?php

	$IP = getRealIPAddr();
	$HOSTNAME = $_REQUEST['hostname'];
	$USERNAME = "";
	$PASSWORD = "";

	if(!isset($HOSTNAME))
	exit(1);

	if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
	$USERNAME=$_SERVER['PHP_AUTH_USER'];
	$PASSWORD=$_SERVER['PHP_AUTH_PW'];
	}
	elseif(isset($_GET['username']) && isset($_GET['password'])) {
	$USERNAME=$_GET['username'];
	$PASSWORD=$_GET['password'];
	}
	else
	authFail();

	try {
	$db = new PDO("mysql:host=localhost;dbname=pdns","pdns", "secretdbpassword");
	} catch(PDOException $e) {
	echo $e->getMessage();
	}

	$dbh = $db->prepare("SELECT user.username AS username, user.password AS password FROM hostnames LEFT JOIN user ON hostnames.username=user.username WHERE hostname=:hostname");
	$dbh->bindparam(':hostname', $HOSTNAME);
	$dbh->execute();
	$dbr=$dbh->fetch(PDO::FETCH_LAZY);

	if(!isset($dbr['username']) \|\| !isset($dbr['password']) \|\|
	$dbr['username']!=$USERNAME \|\| md5($PASSWORD)!=$dbr['password']) {
	authFail();
	}

	$dbh = $db->prepare("SELECT id, domain_id FROM records WHERE name=:hostname");
	$dbh->bindparam(':hostname', $HOSTNAME);
	$dbh->execute();
	$dbr=$dbh->fetch(PDO::FETCH_LAZY);

	$time = (int)time();

	$dbh = $db->prepare("UPDATE records SET content=:content, change_date=:change_date WHERE id=:id");
	$dbh->bindparam(':content', $IP);
	$dbh->bindparam(':change_date', $time);
	$dbh->bindparam(':id', $dbr['id']);
	$dbh->execute();

	updateSerial($dbr['domain_id']);
	print("Success.");

	function authFail() {
	header('WWW-Authenticate: Basic realm="My Realm"');
	header('HTTP/1.0 401 Unauthorized');
	exit(1);
	}

	function updateSerial($domain_id) {
	global $db;

	$dbh = $db->prepare("SELECT content FROM records WHERE type='SOA' AND domain_id=:domain_id");
	$dbh->bindparam(':domain_id', $domain_id);
	$dbh->execute();
	$row = $dbh->fetch(PDO::FETCH_LAZY);

	if(!isset($row['content']))
	die;

	preg_match("/([^\s]+) ([^\s]+) (\d+) (\d+) (\d+) (\d+) (\d+)/", $row['content'], $match);

	if(!isset($match[3]))
	die;
	$dbh = $db->prepare("UPDATE records SET content=:content WHERE type='SOA' AND domain_id=:domain_id");
	$dbh->bindparam(':content', sprintf("%s %s %d %d %d %d %d", $match[1], $match[2], $match[3]+1, $match[4], $match[5], $match[6], $match[7]));
	$dbh->bindparam(':domain_id', $domain_id);
	$dbh->execute();
	}

	function getRealIPAddr()
	{
	if (!empty($_SERVER['HTTP_CLIENT_IP'])) //check ip from share internet
	{
	$ip=$_SERVER['HTTP_CLIENT_IP'];
	}
	elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) //to check ip is pass from proxy
	{
	$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
	}
	else
	{
	$ip=$_SERVER['REMOTE_ADDR'];
	}
	return $ip;
	}
	?>