diff --git a/epp/src/epp-create.php b/epp/src/epp-create.php index 98f71b9..8704be8 100644 --- a/epp/src/epp-create.php +++ b/epp/src/epp-create.php @@ -685,14 +685,8 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m return; } - $stmt = $db->prepare("SELECT id FROM tmch_claims WHERE domain_label = ? AND claim_key = ? LIMIT 1"); - $stmt->execute([$label, $noticeid]); - $claim_valid = $stmt->fetchColumn(); - $stmt->closeCursor(); - - if (!$claim_valid) { - sendEppError($conn, $db, 2306, 'Invalid or expired claims noticeID for this domain label', $clTRID, $trans); - return; + if (strlen($noticeid) !== 27 || !ctype_alnum($noticeid)) { + sendEppError($conn, $db, 2306, 'Invalid noticeID format', $clTRID, $trans); } } elseif ($launch_phase === 'landrush') { // Continue diff --git a/epp/src/epp-delete.php b/epp/src/epp-delete.php index 830a45a..fa440be 100644 --- a/epp/src/epp-delete.php +++ b/epp/src/epp-delete.php @@ -84,7 +84,7 @@ function processContactDelete($conn, $db, $xml, $clid, $database_type, $trans) { $epp = new EPP\EppWriter(); $xml = $epp->epp_writer($response); - updateTransaction($db, 'delete', 'contact', $contact_id, 1000, 'Command completed successfully', $svTRID, $xml, $trans); + updateTransaction($db, 'delete', 'contact', 'C'.$contact_id, 1000, 'Command completed successfully', $svTRID, $xml, $trans); sendEppResponse($conn, $xml); } @@ -163,7 +163,7 @@ function processHostDelete($conn, $db, $xml, $clid, $database_type, $trans) { $epp = new EPP\EppWriter(); $xml = $epp->epp_writer($response); - updateTransaction($db, 'delete', 'host', $host_id, 1000, 'Command completed successfully', $svTRID, $xml, $trans); + updateTransaction($db, 'delete', 'host', $hostName, 1000, 'Command completed successfully', $svTRID, $xml, $trans); sendEppResponse($conn, $xml); } diff --git a/epp/src/epp-info.php b/epp/src/epp-info.php index 8a016c5..cd170b1 100644 --- a/epp/src/epp-info.php +++ b/epp/src/epp-info.php @@ -97,7 +97,7 @@ function processContactInfo($conn, $db, $xml, $clid, $trans) { 'resultCode' => 1000, 'msg' => 'Command completed successfully', 'id' => $contactRow['identifier'], - 'roid' => 'C' . $contactRow['id'] . $roid, + 'roid' => 'C' . $contactRow['id'] . '-' . $roid, 'status' => $statusArray, 'postal' => $postalArray, 'voice' => $contactRow['voice'], @@ -122,7 +122,7 @@ function processContactInfo($conn, $db, $xml, $clid, $trans) { $epp = new EPP\EppWriter(); $xml = $epp->epp_writer($response); - updateTransaction($db, 'info', 'contact', 'C_'.$contactRow['id'], 1000, 'Command completed successfully', $svTRID, $xml, $trans); + updateTransaction($db, 'info', 'contact', 'C'.$contactRow['id'], 1000, 'Command completed successfully', $svTRID, $xml, $trans); sendEppResponse($conn, $xml); } catch (PDOException $e) { @@ -201,7 +201,7 @@ function processHostInfo($conn, $db, $xml, $trans) { 'resultCode' => 1000, 'msg' => 'Command completed successfully', 'name' => $host['name'], - 'roid' => 'H' . $host['id'] . $roid, + 'roid' => 'H' . $host['id'] . '-' . $roid, 'status' => $statusArray, 'addr' => $addrArray, 'clID' => getRegistrarClid($db, $host['clid']), @@ -214,7 +214,7 @@ function processHostInfo($conn, $db, $xml, $trans) { $epp = new EPP\EppWriter(); $xml = $epp->epp_writer($response); - updateTransaction($db, 'info', 'host', 'H_'.$host['id'], 1000, 'Command completed successfully', $svTRID, $xml, $trans); + updateTransaction($db, 'info', 'host', $host['name'], 1000, 'Command completed successfully', $svTRID, $xml, $trans); sendEppResponse($conn, $xml); } catch (PDOException $e) { sendEppError($conn, $db, 2400, 'Database error', $clTRID, $trans); @@ -344,7 +344,7 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) { 'resultCode' => 1000, 'msg' => 'Command completed successfully', 'name' => $domain['name'], - 'roid' => 'A' . $domain['id'] . $roid, + 'roid' => 'A' . $domain['id'] . '-' . $roid, 'status' => $status['status'], 'contact' => $transformedContacts, 'clID' => getRegistrarClid($db, $domain['clid']), @@ -377,7 +377,7 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) { $epp = new EPP\EppWriter(); $xml = $epp->epp_writer($response); - updateTransaction($db, 'info', 'domain', 'A_'.$domain['id'], 1000, 'Command completed successfully', $svTRID, $xml, $trans); + updateTransaction($db, 'info', 'domain', $domain['name'], 1000, 'Command completed successfully', $svTRID, $xml, $trans); sendEppResponse($conn, $xml); } catch (PDOException $e) { sendEppError($conn, $db, 2400, 'Database error', $clTRID, $trans); @@ -512,7 +512,7 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) { 'resultCode' => 1000, 'msg' => 'Command completed successfully', 'name' => $domain['name'], - 'roid' => 'D' . $domain['id'] . $roid, + 'roid' => 'D' . $domain['id'] . '-' . $roid, 'status' => $statusArray, 'contact' => $transformedContacts, 'clID' => getRegistrarClid($db, $domain['clid']), @@ -581,13 +581,12 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) { $epp = new EPP\EppWriter(); $xml = $epp->epp_writer($response); - updateTransaction($db, 'info', 'domain', 'D_'.$domain['id'], 1000, 'Command completed successfully', $svTRID, $xml, $trans); + updateTransaction($db, 'info', 'domain', $domain['name'], 1000, 'Command completed successfully', $svTRID, $xml, $trans); sendEppResponse($conn, $xml); } catch (PDOException $e) { sendEppError($conn, $db, 2400, 'Database error', $clTRID, $trans); } } - } diff --git a/epp/src/epp-update.php b/epp/src/epp-update.php index 5044a63..b127165 100644 --- a/epp/src/epp-update.php +++ b/epp/src/epp-update.php @@ -736,7 +736,7 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $epp = new EPP\EppWriter(); $xml = $epp->epp_writer($response); - updateTransaction($db, 'update', 'contact', $contact_id, 1000, 'Command completed successfully', $svTRID, $xml, $trans); + updateTransaction($db, 'update', 'contact', 'C'.$contact_id, 1000, 'Command completed successfully', $svTRID, $xml, $trans); sendEppResponse($conn, $xml); } @@ -912,20 +912,30 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) { return; } - $stmt = $db->prepare("SELECT domain_id FROM host WHERE name = ? LIMIT 1"); + $stmt = $db->prepare("SELECT id, domain_id FROM host WHERE name = ? LIMIT 1"); $stmt->execute([$name]); - $domain_id = $stmt->fetchColumn(); + $hostRow = $stmt->fetch(PDO::FETCH_ASSOC); $stmt->closeCursor(); - if ($domain_id) { + if ($hostRow) { + $domain_id = $hostRow['domain_id']; + $host_id = $hostRow['id']; + $stmt = $db->prepare("SELECT name FROM domain WHERE id = ? LIMIT 1"); $stmt->execute([$domain_id]); $domain_name = $stmt->fetchColumn(); $stmt->closeCursor(); if (!preg_match('/\.' . preg_quote($domain_name, '/') . '$/i', $chg_name)) { - sendEppError($conn, $db, 2005, 'Out-of-bailiwick change not allowed: host name must be a subdomain of '.$domain_name, $clTRID, $trans); - return; + $stmt = $db->prepare("SELECT COUNT(*) FROM host_addr WHERE host_id = ?"); + $stmt->execute([$host_id]); + $ipCount = $stmt->fetchColumn(); + $stmt->closeCursor(); + + if ($ipCount > 0) { + sendEppError($conn, $db, 2005, 'Out-of-bailiwick change not allowed: host name must be a subdomain of ' . $domain_name, $clTRID, $trans); + return; + } } } else { $tlds = $db->query("SELECT tld FROM domain_tld")->fetchAll(PDO::FETCH_COLUMN); @@ -979,44 +989,48 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $addr_list = $xml->xpath('//host:rem/host:addr'); $status_list = $xml->xpath('//host:rem/host:status/@s'); - $removingCount = count($addr_list); + if (!empty($addr_list)) { + $removingCount = count($addr_list); - $stmt = $db->prepare("SELECT COUNT(*) FROM host_addr WHERE host_id = ?"); - $stmt->execute([$hostId]); - $currentCount = $stmt->fetchColumn(); - $stmt->closeCursor(); - - if ($currentCount - $removingCount <= 0) { - sendEppError($conn, $db, 2306, 'Host must have at least one IP address', $clTRID, $trans); - return; - } - - foreach ($addr_list as $node) { - $addr = (string) $node; - $addr_type = $node->attributes()['ip'] ? (string) $node->attributes()['ip'] : 'v4'; - - $normalized_addr = $addr_type === 'v6' ? normalize_v6_address($addr) : normalize_v4_address($addr); - - // Check if this addr exists - $stmt = $db->prepare("SELECT id FROM host_addr WHERE host_id = ? AND addr = ? AND ip = ?"); - $stmt->execute([$hostId, $normalized_addr, $addr_type]); - $exists = $stmt->fetchColumn(); + $stmt = $db->prepare("SELECT COUNT(*) FROM host_addr WHERE host_id = ?"); + $stmt->execute([$hostId]); + $currentCount = $stmt->fetchColumn(); $stmt->closeCursor(); - if (!$exists) { - sendEppError($conn, $db, 2306, "host:addr $addr not found for host, cannot remove", $clTRID, $trans); + if ($currentCount - $removingCount <= 0) { + sendEppError($conn, $db, 2306, 'Host must have at least one IP address', $clTRID, $trans); return; } - $stmt = $db->prepare("DELETE FROM host_addr WHERE host_id = ? AND addr = ? AND ip = ?"); - $stmt->execute([$hostId, $normalized_addr, $addr_type]); + foreach ($addr_list as $node) { + $addr = (string) $node; + $addr_type = $node->attributes()['ip'] ? (string) $node->attributes()['ip'] : 'v4'; + + $normalized_addr = $addr_type === 'v6' ? normalize_v6_address($addr) : normalize_v4_address($addr); + + // Check if this addr exists + $stmt = $db->prepare("SELECT id FROM host_addr WHERE host_id = ? AND addr = ? AND ip = ?"); + $stmt->execute([$hostId, $normalized_addr, $addr_type]); + $exists = $stmt->fetchColumn(); + $stmt->closeCursor(); + + if (!$exists) { + sendEppError($conn, $db, 2306, "host:addr $addr not found for host, cannot remove", $clTRID, $trans); + return; + } + + $stmt = $db->prepare("DELETE FROM host_addr WHERE host_id = ? AND addr = ? AND ip = ?"); + $stmt->execute([$hostId, $normalized_addr, $addr_type]); + } } - foreach ($status_list as $node) { - $status = (string) $node; - - $stmt = $db->prepare("DELETE FROM host_status WHERE host_id = ? AND status = ?"); - $stmt->execute([$hostId, $status]); + if (!empty($status_list)) { + foreach ($status_list as $node) { + $status = (string) $node; + + $stmt = $db->prepare("DELETE FROM host_status WHERE host_id = ? AND status = ?"); + $stmt->execute([$hostId, $status]); + } } } @@ -1088,7 +1102,7 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $epp = new EPP\EppWriter(); $xml = $epp->epp_writer($response); - updateTransaction($db, 'update', 'host', $hostId, 1000, 'Command completed successfully', $svTRID, $xml, $trans); + updateTransaction($db, 'update', 'host', $name, 1000, 'Command completed successfully', $svTRID, $xml, $trans); sendEppResponse($conn, $xml); }