mirror of
https://github.com/getnamingo/registry.git
synced 2025-08-05 17:18:04 +02:00
Fixed potential domain transfer security issue
This commit is contained in:
parent
6ebfa541de
commit
0c0d980b02
6 changed files with 413 additions and 5 deletions
|
@ -17,6 +17,8 @@ try {
|
|||
}
|
||||
|
||||
try {
|
||||
$dbh->beginTransaction();
|
||||
|
||||
$query_domain = "SELECT id, name, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate, transfer_exdate FROM domain WHERE CURRENT_TIMESTAMP > acdate AND trstatus = 'pending'";
|
||||
$stmt_domain = $dbh->prepare($query_domain);
|
||||
$stmt_domain->execute();
|
||||
|
@ -56,12 +58,118 @@ try {
|
|||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
// Fetch contact map
|
||||
$stmt = $dbh->prepare('SELECT contact_id, type FROM domain_contact_map WHERE domain_id = ?');
|
||||
$stmt->execute([$domain_id]);
|
||||
$contactMap = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
|
||||
// Prepare an array to hold new contact IDs to prevent duplicating contacts
|
||||
$newContactIds = [];
|
||||
|
||||
// Copy registrant data
|
||||
$stmt = $dbh->prepare('SELECT * FROM contact WHERE id = ?');
|
||||
$stmt->execute([$registrant]);
|
||||
$registrantData = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
unset($registrantData['id']);
|
||||
$registrantData['identifier'] = generateAuthInfo();
|
||||
$registrantData['clid'] = $reid;
|
||||
|
||||
$stmt = $dbh->prepare('INSERT INTO contact (' . implode(', ', array_keys($registrantData)) . ') VALUES (:' . implode(', :', array_keys($registrantData)) . ')');
|
||||
foreach ($registrantData as $key => $value) {
|
||||
$stmt->bindValue(':' . $key, $value);
|
||||
}
|
||||
$stmt->execute();
|
||||
$newRegistrantId = $dbh->lastInsertId();
|
||||
$newContactIds[$registrant] = $newRegistrantId;
|
||||
|
||||
// Copy postal info for the registrant
|
||||
$stmt = $dbh->prepare('SELECT * FROM contact_postalInfo WHERE contact_id = ?');
|
||||
$stmt->execute([$registrant]);
|
||||
$postalInfos = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
|
||||
foreach ($postalInfos as $postalInfo) {
|
||||
unset($postalInfo['id']);
|
||||
$postalInfo['contact_id'] = $newRegistrantId;
|
||||
$columns = array_keys($postalInfo);
|
||||
$stmt = $dbh->prepare('INSERT INTO contact_postalInfo (' . implode(', ', $columns) . ') VALUES (:' . implode(', :', $columns) . ')');
|
||||
foreach ($postalInfo as $key => $value) {
|
||||
$stmt->bindValue(':' . $key, $value);
|
||||
}
|
||||
$stmt->execute();
|
||||
}
|
||||
|
||||
// Insert auth info and status for the new registrant
|
||||
$new_authinfo = generateAuthInfo();
|
||||
$dbh->prepare('INSERT INTO contact_authInfo (contact_id, authtype, authinfo) VALUES (?, ?, ?)')->execute([$newRegistrantId, 'pw', $new_authinfo]);
|
||||
$dbh->prepare('INSERT INTO contact_status (contact_id, status) VALUES (?, ?)')->execute([$newRegistrantId, 'ok']);
|
||||
|
||||
// Process each contact in the contact map
|
||||
foreach ($contactMap as $contact) {
|
||||
if (!array_key_exists($contact['contact_id'], $newContactIds)) {
|
||||
$stmt = $dbh->prepare('SELECT * FROM contact WHERE id = ?');
|
||||
$stmt->execute([$contact['contact_id']]);
|
||||
$contactData = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
unset($contactData['id']);
|
||||
$contactData['identifier'] = generateAuthInfo();
|
||||
$contactData['clid'] = $reid;
|
||||
|
||||
$stmt = $dbh->prepare('INSERT INTO contact (' . implode(', ', array_keys($contactData)) . ') VALUES (:' . implode(', :', array_keys($contactData)) . ')');
|
||||
foreach ($contactData as $key => $value) {
|
||||
$stmt->bindValue(':' . $key, $value);
|
||||
}
|
||||
$stmt->execute();
|
||||
$newContactId = $dbh->lastInsertId();
|
||||
$newContactIds[$contact['contact_id']] = $newContactId;
|
||||
|
||||
// Repeat postal info and auth info/status insertion for each new contact
|
||||
$stmt = $dbh->prepare('SELECT * FROM contact_postalInfo WHERE contact_id = ?');
|
||||
$stmt->execute([$contact['contact_id']]);
|
||||
$postalInfos = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
|
||||
foreach ($postalInfos as $postalInfo) {
|
||||
unset($postalInfo['id']);
|
||||
$postalInfo['contact_id'] = $newContactId;
|
||||
$columns = array_keys($postalInfo);
|
||||
$stmt = $dbh->prepare('INSERT INTO contact_postalInfo (' . implode(', ', $columns) . ') VALUES (:' . implode(', :', $columns) . ')');
|
||||
foreach ($postalInfo as $key => $value) {
|
||||
$stmt->bindValue(':' . $key, $value);
|
||||
}
|
||||
$stmt->execute();
|
||||
}
|
||||
|
||||
$new_authinfo = generateAuthInfo();
|
||||
$dbh->prepare('INSERT INTO contact_authInfo (contact_id, authtype, authinfo) VALUES (?, ?, ?)')->execute([$newContactId, 'pw', $new_authinfo]);
|
||||
$dbh->prepare('INSERT INTO contact_status (contact_id, status) VALUES (?, ?)')->execute([$newContactId, 'ok']);
|
||||
}
|
||||
}
|
||||
|
||||
$from = $dbh->query("SELECT exdate FROM domain WHERE id = '$domain_id' LIMIT 1")->fetchColumn();
|
||||
|
||||
$stmt_update = $dbh->prepare("UPDATE domain SET exdate = DATE_ADD(exdate, INTERVAL $date_add MONTH), lastupdate = CURRENT_TIMESTAMP, clid = '$reid', upid = '$clid', trdate = CURRENT_TIMESTAMP, trstatus = 'serverApproved', acdate = CURRENT_TIMESTAMP, transfer_exdate = NULL WHERE id = '$domain_id'");
|
||||
$stmt_update = $dbh->prepare("UPDATE domain SET exdate = DATE_ADD(exdate, INTERVAL $date_add MONTH), lastupdate = CURRENT_TIMESTAMP, clid = '$reid', upid = '$clid', registrant = '$newRegistrantId', trdate = CURRENT_TIMESTAMP, trstatus = 'serverApproved', acdate = CURRENT_TIMESTAMP, transfer_exdate = NULL WHERE id = '$domain_id'");
|
||||
$stmt_update->execute();
|
||||
|
||||
$new_authinfo = generateAuthInfo();
|
||||
$stmt_update_auth = $dbh->prepare("UPDATE domain_authInfo SET authinfo = '$new_authinfo' WHERE domain_id = '$domain_id'");
|
||||
$stmt_update_auth->execute();
|
||||
|
||||
foreach ($contactMap as $contact) {
|
||||
// Construct the SQL update query
|
||||
$sql = "UPDATE domain_contact_map SET contact_id = :new_contact_id WHERE domain_id = :domain_id AND type = :type AND contact_id = :contact_id";
|
||||
|
||||
// Prepare the SQL statement
|
||||
$stmt = $dbh->prepare($sql);
|
||||
|
||||
// Bind the values to the placeholders
|
||||
$stmt->bindValue(':new_contact_id', $newContactIds[$contact['contact_id']]);
|
||||
$stmt->bindValue(':domain_id', $domain_id);
|
||||
$stmt->bindValue(':type', $contact['type']);
|
||||
$stmt->bindValue(':contact_id', $contact['contact_id']);
|
||||
|
||||
// Execute the update statement
|
||||
$stmt->execute();
|
||||
}
|
||||
|
||||
$stmt_update_host = $dbh->prepare("UPDATE host SET clid = '$reid', upid = NULL, lastupdate = CURRENT_TIMESTAMP, trdate = CURRENT_TIMESTAMP WHERE domain_id = '$domain_id'");
|
||||
$stmt_update_host->execute();
|
||||
|
||||
|
@ -112,9 +220,15 @@ try {
|
|||
}
|
||||
}
|
||||
$stmt_contact = null;
|
||||
$dbh->commit();
|
||||
$log->info('job finished successfully.');
|
||||
} catch (PDOException $e) {
|
||||
$dbh->rollBack();
|
||||
$log->error('Database error: ' . $e->getMessage());
|
||||
} catch (PDOException $e) {
|
||||
$dbh->rollBack();
|
||||
$log->error('Database error: ' . $e->getMessage());
|
||||
} catch (Throwable $e) {
|
||||
$dbh->rollBack();
|
||||
$log->error('Error: ' . $e->getMessage());
|
||||
}
|
|
@ -165,4 +165,34 @@ function getDomainPrice($pdo, $domain_name, $tld_id, $date_add = 12, $command =
|
|||
}
|
||||
|
||||
return ['type' => 'not_found', 'price' => 0];
|
||||
}
|
||||
|
||||
function generateAuthInfo(): string {
|
||||
$length = 16;
|
||||
$charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
|
||||
$retVal = "";
|
||||
$digitCount = 0;
|
||||
|
||||
// Generate initial random string
|
||||
for ($i = 0; $i < $length; $i++) {
|
||||
$randomIndex = random_int(0, strlen($charset) - 1);
|
||||
$char = $charset[$randomIndex];
|
||||
$retVal .= $char;
|
||||
if ($char >= '0' && $char <= '9') {
|
||||
$digitCount++;
|
||||
}
|
||||
}
|
||||
|
||||
// Ensure there are at least two digits in the string
|
||||
while ($digitCount < 2) {
|
||||
// Replace a non-digit character at a random position with a digit
|
||||
$replacePosition = random_int(0, $length - 1);
|
||||
if (!($retVal[$replacePosition] >= '0' && $retVal[$replacePosition] <= '9')) {
|
||||
$randomDigit = random_int(0, 9); // Generate a digit from 0 to 9
|
||||
$retVal = substr_replace($retVal, (string)$randomDigit, $replacePosition, 1);
|
||||
$digitCount++;
|
||||
}
|
||||
}
|
||||
|
||||
return $retVal;
|
||||
}
|
Loading…
Add table
Add a link
Reference in a new issue