diff --git a/epp/src/epp-create.php b/epp/src/epp-create.php index 9ae2099..23a72eb 100644 --- a/epp/src/epp-create.php +++ b/epp/src/epp-create.php @@ -18,18 +18,14 @@ function processContactCreate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT * FROM contact WHERE identifier = :id"); $stmt->execute(['id' => $contactID]); - $contact = $stmt->fetch(PDO::FETCH_ASSOC); - + $stmt->closeCursor(); if ($contact) { sendEppError($conn, $db, 2302, 'Contact ID already exists', $clTRID, $trans); return; } - $stmt = $db->prepare("SELECT id FROM registrar WHERE clid = :clid LIMIT 1"); - $stmt->bindParam(':clid', $clid, PDO::PARAM_STR); - $stmt->execute(); - $clid = $stmt->fetch(PDO::FETCH_ASSOC); + $clid = getClid($db, $clid); $contactCreate = $xml->command->create->children('urn:ietf:params:xml:ns:contact-1.0')->create; $postalInfoInt = null; @@ -332,8 +328,8 @@ function processContactCreate($conn, $db, $xml, $clid, $database_type, $trans) { $email, $nin ?? null, $nin_type ?? null, - $clid['id'], - $clid['id'], + $clid, + $clid, $disclose_voice, $disclose_fax, $disclose_email @@ -356,14 +352,14 @@ function processContactCreate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("INSERT INTO contact_status (contact_id,status) VALUES(?,?)"); $stmt->execute([$contact_id, 'ok']); - - $stmt = $db->prepare("SELECT identifier FROM contact WHERE id = ? LIMIT 1"); - $stmt->execute([$contact_id]); - $identifier = $stmt->fetchColumn(); - $stmt = $db->prepare("SELECT crdate FROM contact WHERE id = ? LIMIT 1"); + $stmt = $db->prepare("SELECT identifier, crdate FROM contact WHERE id = ? LIMIT 1"); $stmt->execute([$contact_id]); - $crdate = $stmt->fetchColumn(); + $row = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); + + $identifier = $row['identifier'] ?? null; + $crdate = $row['crdate'] ?? null; } catch (PDOException $e) { sendEppError($conn, $db, 2400, 'Contact could not be created due to database error', $clTRID, $trans); @@ -411,11 +407,7 @@ function processHostCreate($conn, $db, $xml, $clid, $database_type, $trans) { return; } - $stmt = $db->prepare("SELECT id FROM registrar WHERE clid = :clid LIMIT 1"); - $stmt->bindParam(':clid', $clid, PDO::PARAM_STR); - $stmt->execute(); - $clid = $stmt->fetch(PDO::FETCH_ASSOC); - $clid = $clid['id']; + $clid = getClid($db, $clid); $nsArr = []; @@ -476,6 +468,7 @@ function processHostCreate($conn, $db, $xml, $clid, $database_type, $trans) { break; } } + $stmt->closeCursor(); if (!$domain_exist) { sendEppError($conn, $db, 2303, 'A host name object can NOT be created in a repository for which no superordinate domain name object exists', $clTRID, $trans); @@ -520,6 +513,7 @@ function processHostCreate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT crdate FROM host WHERE name = ? LIMIT 1"); $stmt->execute([$hostName]); $crdate = $stmt->fetchColumn(); + $stmt->closeCursor(); $svTRID = generateSvTRID(); $response = [ @@ -551,6 +545,7 @@ function processHostCreate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT crdate FROM host WHERE name = ? LIMIT 1"); $stmt->execute([$hostName]); $crdate = $stmt->fetchColumn(); + $stmt->closeCursor(); $svTRID = generateSvTRID(); $response = [ @@ -589,6 +584,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m $stmt = $db->prepare("SELECT value FROM settings WHERE name = 'launch_phases' LIMIT 1"); $stmt->execute(); $launch_extension_enabled = $stmt->fetchColumn(); + $stmt->closeCursor(); } if ($launch_extension_enabled && isset($launch_create)) { @@ -660,6 +656,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m $stmt = $db->prepare("SELECT id FROM domain_tld WHERE UPPER(tld) = ?"); $stmt->execute([$domain_extension]); $tld_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if (!$tld_id) { sendEppError($conn, $db, 2306, 'Invalid domain extension', $clTRID, $trans); @@ -669,6 +666,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m $stmt = $db->prepare("SELECT id FROM domain WHERE name = ? LIMIT 1"); $stmt->execute([$domainName]); $domain_already_exist = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($domain_already_exist) { sendEppError($conn, $db, 2302, 'Domain name already exists', $clTRID, $trans); @@ -690,6 +688,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m "); $stmt->execute([$tld_id, $currentDate, $currentDate]); $phase_details = $stmt->fetchColumn(); + $stmt->closeCursor(); $launch_phase = $launch_phase ?? null; @@ -714,6 +713,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m "); $stmt->execute([$tld_id, $currentDate, $currentDate]); $phase_details = $stmt->fetchColumn(); + $stmt->closeCursor(); // Check if the phase requires application submission if (empty($launch_phase) && $launch_phase !== 'custom' && $phase_details === 'Application') { @@ -822,6 +822,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m $stmt = $db->prepare("SELECT id FROM reserved_domain_names WHERE name = ? LIMIT 1"); $stmt->execute([$label]); $domain_already_reserved = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($domain_already_reserved) { if ($allocation_token !== null) { @@ -832,6 +833,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m $stmt->bindParam(':token', $allocationTokenValue, PDO::PARAM_STR); $stmt->execute(); $token = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($token) { // No action needed, script continues @@ -885,16 +887,13 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m return; } - $stmt = $db->prepare("SELECT id FROM registrar WHERE clid = :clid LIMIT 1"); - $stmt->bindParam(':clid', $clid, PDO::PARAM_STR); - $stmt->execute(); - $clid = $stmt->fetch(PDO::FETCH_ASSOC); - $clid = $clid['id']; + $clid = getClid($db, $clid); $stmt = $db->prepare("SELECT accountBalance, creditLimit, currency FROM registrar WHERE id = :registrar_id LIMIT 1"); $stmt->bindParam(':registrar_id', $clid, PDO::PARAM_INT); $stmt->execute(); $result = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $registrar_balance = $result['accountBalance']; $creditLimit = $result['creditLimit']; $currency = $result['currency']; @@ -973,6 +972,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m $stmt->execute(); $host_id_already_exist = $stmt->fetch(PDO::FETCH_COLUMN); + $stmt->closeCursor(); if (!$host_id_already_exist) { sendEppError($conn, $db, 2303, 'domain:hostObj '.$hostObj.' does not exist', $clTRID, $trans); @@ -1002,6 +1002,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m break; } } + $stmt->closeCursor(); if ($internal_host) { if (preg_match('/\.' . preg_quote($domainName, '/') . '$/i', $hostName)) { @@ -1032,34 +1033,14 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m $addr_type = (string) ($node['ip'] ?? 'v4'); if ($addr_type == 'v6') { - if (preg_match('/^[\da-fA-F]{1,4}(:[\da-fA-F]{1,4}){7}$/', $hostAddr) || - preg_match('/^::$/', $hostAddr) || - preg_match('/^([\da-fA-F]{1,4}:){1,7}:$/', $hostAddr) || - preg_match('/^[\da-fA-F]{1,4}:(:[\da-fA-F]{1,4}){1,6}$/', $hostAddr) || - preg_match('/^([\da-fA-F]{1,4}:){2}(:[\da-fA-F]{1,4}){1,5}$/', $hostAddr) || - preg_match('/^([\da-fA-F]{1,4}:){3}(:[\da-fA-F]{1,4}){1,4}$/', $hostAddr) || - preg_match('/^([\da-fA-F]{1,4}:){4}(:[\da-fA-F]{1,4}){1,3}$/', $hostAddr) || - preg_match('/^([\da-fA-F]{1,4}:){5}(:[\da-fA-F]{1,4}){1,2}$/', $hostAddr) || - preg_match('/^([\da-fA-F]{1,4}:){6}:[\da-fA-F]{1,4}$/', $hostAddr) - ) { - // true - // Additional verifications for reserved or private IPs as per [RFC5735] [RFC5156] can go here. - } else { + if (!filter_var($hostAddr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v6', $clTRID, $trans); return; } } else { - list($a, $b, $c, $d) = explode('.', $hostAddr); - if (preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $hostAddr) && $a < 256 && $b < 256 && $c < 256 && $d < 256) { - // true - // Additional verifications for reserved or private IPs as per [RFC5735] [RFC5156] can go here. - if ($hostAddr == '127.0.0.1') { - sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v4', $clTRID, $trans); - return; - } - } else { - sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v4', $clTRID, $trans); - return; + if (!filter_var($hostAddr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) || $hostAddr === '127.0.0.1') { + sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v4', $clTRID, $trans); + return; } } } @@ -1081,6 +1062,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m break; } } + $stmt->closeCursor(); // Object does not exist error if (!$domain_exist) { @@ -1129,36 +1111,14 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m $addr_type = isset($node['ip']) ? (string) $node['ip'] : 'v4'; if ($addr_type === 'v6') { - if (preg_match('/^[\da-fA-F]{1,4}(:[\da-fA-F]{1,4}){7}$/', $hostAddr) || - $hostAddr === '::' || - preg_match('/^([\da-fA-F]{1,4}:){1,7}:$/', $hostAddr) || - preg_match('/^[\da-fA-F]{1,4}:(:[\da-fA-F]{1,4}){1,6}$/', $hostAddr) || - preg_match('/^([\da-fA-F]{1,4}:){2}(:[\da-fA-F]{1,4}){1,5}$/', $hostAddr) || - preg_match('/^([\da-fA-F]{1,4}:){3}(:[\da-fA-F]{1,4}){1,4}$/', $hostAddr) || - preg_match('/^([\da-fA-F]{1,4}:){4}(:[\da-fA-F]{1,4}){1,3}$/', $hostAddr) || - preg_match('/^([\da-fA-F]{1,4}:){5}(:[\da-fA-F]{1,4}){1,2}$/', $hostAddr) || - preg_match('/^([\da-fA-F]{1,4}:){6}:[\da-fA-F]{1,4}$/', $hostAddr) - ) { - // true - // Add check for reserved or private IP addresses (not implemented here, add as needed) - } else { - sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v6', $clTRID, $trans); - return; + if (!filter_var($hostAddr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { + sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v6', $clTRID, $trans); + return; } } else { - list($a, $b, $c, $d) = explode('.', $hostAddr); - - if (preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $hostAddr) && - $a < 256 && $b < 256 && $c < 256 && $d < 256) { - // true - // Add check for reserved or private IP addresses (not implemented here, add as needed) - if ($hostAddr === '127.0.0.1') { - sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v4', $clTRID, $trans); - return; - } - } else { - sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v4', $clTRID, $trans); - return; + if (!filter_var($hostAddr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) || $hostAddr === '127.0.0.1') { + sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v4', $clTRID, $trans); + return; } } } @@ -1203,6 +1163,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m $registrantStmt = $db->prepare("SELECT id FROM contact WHERE identifier = :registrant LIMIT 1"); $registrantStmt->execute([':registrant' => $registrant_id]); $registrant_id = $registrantStmt->fetchColumn(); + $registrantStmt->closeCursor(); // Set registrant_id to null if it returns false if ($registrant_id === false) { @@ -1215,6 +1176,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m $stmt->execute(); $row = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); if (!$row) { sendEppError($conn, $db, 2303, 'domain:registrant does not exist', $clTRID, $trans); return; @@ -1246,6 +1208,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m $stmt->execute(); $row = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); if (!$row) { sendEppError($conn, $db, 2303, 'domain:contact '.$type.' does not exist', $clTRID, $trans); return; @@ -1340,6 +1303,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m $selectDomainDatesStmt = $db->prepare("SELECT crdate,exdate FROM application WHERE name = :name LIMIT 1"); $selectDomainDatesStmt->execute([':name' => $domainName]); [$from, $to] = $selectDomainDatesStmt->fetch(PDO::FETCH_NUM); + $selectDomainDatesStmt->closeCursor(); $statementStmt = $db->prepare("INSERT INTO statement (registrar_id,date,command,domain_name,length_in_months,fromS,toS,amount) VALUES(:registrar_id,CURRENT_TIMESTAMP(3),:cmd,:name,:date_add,:from,:to,:price)"); $statementStmt->execute([ @@ -1359,11 +1323,13 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m $hostExistStmt = $db->prepare("SELECT id FROM host WHERE name = :hostObj LIMIT 1"); $hostExistStmt->execute([':hostObj' => $hostObj]); $hostObj_already_exist = $hostExistStmt->fetchColumn(); + $hostExistStmt->closeCursor(); if ($hostObj_already_exist) { $domainHostMapStmt = $db->prepare("SELECT domain_id FROM application_host_map WHERE domain_id = :domain_id AND host_id = :host_id LIMIT 1"); $domainHostMapStmt->execute([':domain_id' => $domain_id, ':host_id' => $hostObj_already_exist]); $domain_host_map_id = $domainHostMapStmt->fetchColumn(); + $domainHostMapStmt->closeCursor(); if (!$domain_host_map_id) { $insertDomainHostMapStmt = $db->prepare("INSERT INTO application_host_map (domain_id,host_id) VALUES(:domain_id,:host_id)"); @@ -1426,12 +1392,14 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m $stmt = $db->prepare("SELECT id FROM host WHERE name = ? LIMIT 1"); $stmt->execute([$hostName]); $hostName_already_exist = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($hostName_already_exist) { // Check if the host is already mapped to this domain $stmt = $db->prepare("SELECT domain_id FROM application_host_map WHERE domain_id = ? AND host_id = ? LIMIT 1"); $stmt->execute([$domain_id, $hostName_already_exist]); $domain_host_map_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if (!$domain_host_map_id) { // Map the host to the domain @@ -1493,6 +1461,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m $stmt = $db->prepare("SELECT id FROM contact WHERE identifier = ? LIMIT 1"); $stmt->execute([$contact]); $contact_id = $stmt->fetchColumn(); + $stmt->closeCursor(); $stmt = $db->prepare("INSERT INTO application_contact_map (domain_id,contact_id,type) VALUES(?,?,?)"); $stmt->execute([$domain_id, $contact_id, $type]); @@ -1502,6 +1471,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m $stmt = $db->prepare("SELECT crdate,exdate FROM domain WHERE name = ? LIMIT 1"); $stmt->execute([$domainName]); [$crdate, $exdate] = $stmt->fetch(PDO::FETCH_NUM); + $stmt->closeCursor(); $db->commit(); } catch (Exception $e) { @@ -1709,6 +1679,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m $selectDomainDatesStmt = $db->prepare("SELECT crdate,exdate FROM domain WHERE name = :name LIMIT 1"); $selectDomainDatesStmt->execute([':name' => $domainName]); [$from, $to] = $selectDomainDatesStmt->fetch(PDO::FETCH_NUM); + $selectDomainDatesStmt->closeCursor(); $statementStmt = $db->prepare("INSERT INTO statement (registrar_id,date,command,domain_name,length_in_months,fromS,toS,amount) VALUES(:registrar_id,CURRENT_TIMESTAMP(3),:cmd,:name,:date_add,:from,:to,:price)"); $statementStmt->execute([ @@ -1728,11 +1699,13 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m $hostExistStmt = $db->prepare("SELECT id FROM host WHERE name = :hostObj LIMIT 1"); $hostExistStmt->execute([':hostObj' => $hostObj]); $hostObj_already_exist = $hostExistStmt->fetchColumn(); + $hostExistStmt->closeCursor(); if ($hostObj_already_exist) { $domainHostMapStmt = $db->prepare("SELECT domain_id FROM domain_host_map WHERE domain_id = :domain_id AND host_id = :host_id LIMIT 1"); $domainHostMapStmt->execute([':domain_id' => $domain_id, ':host_id' => $hostObj_already_exist]); $domain_host_map_id = $domainHostMapStmt->fetchColumn(); + $domainHostMapStmt->closeCursor(); if (!$domain_host_map_id) { $insertDomainHostMapStmt = $db->prepare("INSERT INTO domain_host_map (domain_id,host_id) VALUES(:domain_id,:host_id)"); @@ -1795,12 +1768,14 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m $stmt = $db->prepare("SELECT id FROM host WHERE name = ? LIMIT 1"); $stmt->execute([$hostName]); $hostName_already_exist = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($hostName_already_exist) { // Check if the host is already mapped to this domain $stmt = $db->prepare("SELECT domain_id FROM domain_host_map WHERE domain_id = ? AND host_id = ? LIMIT 1"); $stmt->execute([$domain_id, $hostName_already_exist]); $domain_host_map_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if (!$domain_host_map_id) { // Map the host to the domain @@ -1862,6 +1837,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m $stmt = $db->prepare("SELECT id FROM contact WHERE identifier = ? LIMIT 1"); $stmt->execute([$contact]); $contact_id = $stmt->fetchColumn(); + $stmt->closeCursor(); $stmt = $db->prepare("INSERT INTO domain_contact_map (domain_id,contact_id,type) VALUES(?,?,?)"); $stmt->execute([$domain_id, $contact_id, $type]); @@ -1871,10 +1847,12 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m $stmt = $db->prepare("SELECT crdate,exdate FROM domain WHERE name = ? LIMIT 1"); $stmt->execute([$domainName]); [$crdate, $exdate] = $stmt->fetch(PDO::FETCH_NUM); + $stmt->closeCursor(); $stmt = $db->prepare("SELECT id FROM statistics WHERE date = CURDATE()"); $stmt->execute(); $curdate_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if (!$curdate_id) { $stmt = $db->prepare("INSERT IGNORE INTO statistics (date) VALUES(CURDATE())"); diff --git a/epp/src/epp-delete.php b/epp/src/epp-delete.php index b735429..830a45a 100644 --- a/epp/src/epp-delete.php +++ b/epp/src/epp-delete.php @@ -12,6 +12,7 @@ function processContactDelete($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT id, clid FROM contact WHERE identifier = ? LIMIT 1"); $stmt->execute([$contactID]); $row = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $contact_id = $row['id'] ?? null; $registrar_id_contact = $row['clid'] ?? null; @@ -21,12 +22,7 @@ function processContactDelete($conn, $db, $xml, $clid, $database_type, $trans) { return; } - $stmt = $db->prepare("SELECT id FROM registrar WHERE clid = :clid LIMIT 1"); - $stmt->bindParam(':clid', $clid, PDO::PARAM_STR); - $stmt->execute(); - $clid = $stmt->fetch(PDO::FETCH_ASSOC); - $clid = $clid['id']; - + $clid = getClid($db, $clid); if ($clid !== $registrar_id_contact) { sendEppError($conn, $db, 2201, 'Contact belongs to another registrar', $clTRID, $trans); return; @@ -35,6 +31,7 @@ function processContactDelete($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT id FROM domain WHERE registrant = ? LIMIT 1"); $stmt->execute([$contact_id]); $registrantExists = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($registrantExists) { sendEppError($conn, $db, 2305, 'This contact is associated with a domain as a registrant', $clTRID, $trans); @@ -44,6 +41,7 @@ function processContactDelete($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT id FROM domain_contact_map WHERE contact_id = ? LIMIT 1"); $stmt->execute([$contact_id]); $contactInUse = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($contactInUse) { sendEppError($conn, $db, 2305, 'This contact is associated with a domain', $clTRID, $trans); @@ -59,6 +57,7 @@ function processContactDelete($conn, $db, $xml, $clid, $database_type, $trans) { return; } } + $stmt->closeCursor(); // Delete associated records $db->prepare("DELETE FROM contact_postalInfo WHERE contact_id = ?")->execute([$contact_id]); @@ -108,6 +107,7 @@ function processHostDelete($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare($query); $stmt->execute([':name' => $hostName]); $result = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $host_id = $result['id'] ?? null; $registrar_id_host = $result['clid'] ?? null; @@ -117,12 +117,7 @@ function processHostDelete($conn, $db, $xml, $clid, $database_type, $trans) { return; } - $stmt = $db->prepare("SELECT id FROM registrar WHERE clid = :clid LIMIT 1"); - $stmt->bindParam(':clid', $clid, PDO::PARAM_STR); - $stmt->execute(); - $clid = $stmt->fetch(PDO::FETCH_ASSOC); - $clid = $clid['id']; - + $clid = getClid($db, $clid); if ($clid !== $registrar_id_host) { sendEppError($conn, $db, 2201, 'Host belongs to another registrar', $clTRID, $trans); return; @@ -132,6 +127,7 @@ function processHostDelete($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare($query); $stmt->execute([':host_id' => $host_id]); $nameserver_inuse = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($nameserver_inuse) { sendEppError($conn, $db, 2305, 'It is not possible to delete because it is a dependency, it is used by some domain', $clTRID, $trans); @@ -199,6 +195,7 @@ function processDomainDelete($conn, $db, $xml, $clid, $database_type, $trans) { } $stmt->execute([':name' => $domainName]); $result = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); if (!$result) { sendEppError($conn, $db, 2303, 'domain:name does not exist', $clTRID, $trans); @@ -230,6 +227,7 @@ function processDomainDelete($conn, $db, $xml, $clid, $database_type, $trans) { $stmt->bindParam(':clid', $clid, PDO::PARAM_STR); $stmt->execute(); $result2 = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $clid = $result2['id']; $currency = $result2['currency']; @@ -248,6 +246,7 @@ function processDomainDelete($conn, $db, $xml, $clid, $database_type, $trans) { return; } } + $stmt->closeCursor(); } if (isset($launch_delete)) { @@ -257,6 +256,7 @@ function processDomainDelete($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT id FROM application WHERE name = ? AND phase_type = ? AND application_id = ? LIMIT 1"); $stmt->execute([$domainName, $phaseType, $applicationID]); $result = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); if (!$result) { sendEppError($conn, $db, 2306, "Please verify the launch phase and/or the application ID", $clTRID, $trans); @@ -306,6 +306,7 @@ function processDomainDelete($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT id FROM domain WHERE id = ? AND (CURRENT_TIMESTAMP(3) < DATE_ADD(crdate, INTERVAL 5 DAY)) LIMIT 1"); $stmt->execute([$domain_id]); $addPeriod_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($addPeriod_id) { $returnValue = getDomainPrice($db, $domainName, $tldid, $addPeriod, 'create', $clid, $currency); @@ -334,6 +335,7 @@ function processDomainDelete($conn, $db, $xml, $clid, $database_type, $trans) { $db->exec("DELETE FROM host_status WHERE host_id = $host_id"); $db->exec("DELETE FROM domain_host_map WHERE host_id = $host_id"); } + $stmt->closeCursor(); // Delete domain related records $db->exec("DELETE FROM domain_contact_map WHERE domain_id = $domain_id"); @@ -364,6 +366,7 @@ function processDomainDelete($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT id FROM domain WHERE id = ? AND (CURRENT_TIMESTAMP(3) < DATE_ADD(renewedDate, INTERVAL 45 DAY)) LIMIT 1"); $stmt->execute([$domain_id]); $autoRenewPeriod_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($autoRenewPeriod_id) { $returnValue = getDomainPrice($db, $domainName, $tldid, $autoRenewPeriod, 'renew', $clid, $currency); @@ -387,6 +390,7 @@ function processDomainDelete($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT id FROM domain WHERE id = ? AND (CURRENT_TIMESTAMP(3) < DATE_ADD(renewedDate, INTERVAL 5 DAY)) LIMIT 1"); $stmt->execute([$domain_id]); $renewPeriod_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($renewPeriod_id) { $returnValue = getDomainPrice($db, $domainName, $tldid, $renewPeriod, 'renew', $clid, $currency); @@ -410,6 +414,7 @@ function processDomainDelete($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT id FROM domain WHERE id = ? AND (CURRENT_TIMESTAMP(3) < DATE_ADD(trdate, INTERVAL 5 DAY)) LIMIT 1"); $stmt->execute([$domain_id]); $transferPeriod_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($transferPeriod_id) { // Return money if a transfer was also a renew diff --git a/epp/src/epp-info.php b/epp/src/epp-info.php index 932ac72..d1a503c 100644 --- a/epp/src/epp-info.php +++ b/epp/src/epp-info.php @@ -31,6 +31,7 @@ function processContactInfo($conn, $db, $xml, $trans) { "); $stmt->execute(['id' => $contactID]); $contact = $stmt->fetchAll(PDO::FETCH_ASSOC); + $stmt->closeCursor(); if (!$contact) { sendEppError($conn, $db, 2303, 'Contact does not exist', $clTRID, $trans); @@ -61,6 +62,7 @@ function processContactInfo($conn, $db, $xml, $trans) { $stmt = $db->prepare("SELECT status FROM contact_status WHERE contact_id = :id"); $stmt->execute(['id' => $contactRow['id']]); $statuses = $stmt->fetchAll(PDO::FETCH_COLUMN); + $stmt->closeCursor(); $statusArray = array_map(fn($status) => [$status], $statuses); // Handle Disclose Fields (Only Show When Set to `1`) @@ -138,6 +140,7 @@ function processHostInfo($conn, $db, $xml, $trans) { $stmt->execute(['name' => $hostName]); $host = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); if (!$host) { sendEppError($conn, $db, 2303, 'Host does not exist', $clTRID, $trans); @@ -148,6 +151,7 @@ function processHostInfo($conn, $db, $xml, $trans) { $stmt3 = $db->prepare("SELECT `addr`, `ip` FROM `host_addr` WHERE `host_id` = :id"); $stmt3->execute(['id' => $host['id']]); $addresses = $stmt3->fetchAll(PDO::FETCH_ASSOC); + $stmt3->closeCursor(); $addrArray = []; foreach($addresses as $addr) { @@ -158,6 +162,7 @@ function processHostInfo($conn, $db, $xml, $trans) { $stmt = $db->prepare("SELECT * FROM host_status WHERE host_id = :id"); $stmt->execute(['id' => $host['id']]); $statuses = $stmt->fetchAll(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $statusArray = []; foreach($statuses as $status) { @@ -168,6 +173,7 @@ function processHostInfo($conn, $db, $xml, $trans) { $stmt2 = $db->prepare("SELECT domain_id FROM domain_host_map WHERE host_id = :id LIMIT 1"); $stmt2->execute(['id' => $host['id']]); $domainData = $stmt2->fetch(PDO::FETCH_ASSOC); + $stmt2->closeCursor(); if ($domainData) { $statusArray[] = ['linked']; @@ -269,6 +275,7 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) { $stmt->execute(); $domain = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); if (!$domain) { sendEppError($conn, $db, 2303, 'Application does not exist', $clTRID, $trans); @@ -279,6 +286,7 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) { $stmt = $db->prepare("SELECT * FROM application_contact_map WHERE domain_id = :id"); $stmt->execute(['id' => $domain['id']]); $contacts = $stmt->fetchAll(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $transformedContacts = []; foreach ($contacts as $contact) { @@ -289,6 +297,7 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) { $stmt = $db->prepare("SELECT * FROM application_host_map WHERE domain_id = :id"); $stmt->execute(['id' => $domain['id']]); $hosts = $stmt->fetchAll(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $transformedHosts = []; if ($hosts) { @@ -301,11 +310,13 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) { $stmt = $db->prepare("SELECT * FROM application_status WHERE domain_id = :id LIMIT 1"); $stmt->execute(['id' => $domain['id']]); $status = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); // Fetch registrant identifier $stmt = $db->prepare("SELECT identifier FROM contact WHERE id = :id"); $stmt->execute(['id' => $domain['registrant']]); $registrant_id = $stmt->fetch(PDO::FETCH_COLUMN); + $stmt->closeCursor(); $svTRID = generateSvTRID(); $response = [ @@ -360,6 +371,7 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) { $stmt->execute(); $domain = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); if (!$domain) { sendEppError($conn, $db, 2303, 'Domain does not exist', $clTRID, $trans); @@ -370,6 +382,7 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) { $stmt = $db->prepare("SELECT id FROM domain_authInfo WHERE domain_id = ? AND authtype = 'pw' AND authinfo = ? LIMIT 1"); $stmt->execute([$domain['id'], $authInfo_pw]); $domain_authinfo_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if (!$domain_authinfo_id) { sendEppError($conn, $db, 2202, 'authInfo pw is not correct', $clTRID, $trans); @@ -381,6 +394,7 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) { $stmt = $db->prepare("SELECT * FROM domain_contact_map WHERE domain_id = :id"); $stmt->execute(['id' => $domain['id']]); $contacts = $stmt->fetchAll(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $transformedContacts = []; foreach ($contacts as $contact) { @@ -391,6 +405,7 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) { $stmt = $db->prepare("SELECT * FROM domain_host_map WHERE domain_id = :id"); $stmt->execute(['id' => $domain['id']]); $hosts = $stmt->fetchAll(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $transformedHosts = []; if ($hosts) { @@ -402,16 +417,19 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) { $stmt = $db->prepare("SELECT name FROM host WHERE domain_id = :id"); $stmt->execute(['id' => $domain['id']]); $hostNames = $stmt->fetchAll(PDO::FETCH_COLUMN, 0); + $stmt->closeCursor(); // Fetch authInfo $stmt = $db->prepare("SELECT * FROM domain_authInfo WHERE domain_id = :id"); $stmt->execute(['id' => $domain['id']]); $authInfo = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); // Fetch status $stmt = $db->prepare("SELECT * FROM domain_status WHERE domain_id = :id"); $stmt->execute(['id' => $domain['id']]); $statuses = $stmt->fetchAll(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $statusArray = []; foreach($statuses as $status) { @@ -422,11 +440,13 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) { $stmt = $db->prepare("SELECT * FROM secdns WHERE domain_id = :id"); $stmt->execute(['id' => $domain['id']]); $secDnsRecords = $stmt->fetchAll(PDO::FETCH_ASSOC); + $stmt->closeCursor(); // Fetch registrant identifier $stmt = $db->prepare("SELECT identifier FROM contact WHERE id = :id"); $stmt->execute(['id' => $domain['registrant']]); $registrant_id = $stmt->fetch(PDO::FETCH_COLUMN); + $stmt->closeCursor(); $transformedSecDnsRecords = []; if ($secDnsRecords) { @@ -528,6 +548,7 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) { $stmt->bindParam(':domainName', $domainName, PDO::PARAM_STR); $stmt->execute(); $token = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($token) { $response['allocation'] = $token; @@ -556,6 +577,7 @@ function processFundsInfo($conn, $db, $xml, $clid, $trans) { $stmt->execute(['id' => $clid]); $funds = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $creditBalance = ($funds['accountBalance'] < 0) ? -$funds['accountBalance'] : 0; $availableCredit = $funds['creditLimit'] - $creditBalance; diff --git a/epp/src/epp-renew.php b/epp/src/epp-renew.php index 36e98fb..736636a 100644 --- a/epp/src/epp-renew.php +++ b/epp/src/epp-renew.php @@ -38,11 +38,7 @@ function processDomainRenew($conn, $db, $xml, $clid, $database_type, $trans) { $period = 'y'; } - $stmt = $db->prepare("SELECT id FROM registrar WHERE clid = :clid LIMIT 1"); - $stmt->bindParam(':clid', $clid, PDO::PARAM_STR); - $stmt->execute(); - $clid = $stmt->fetch(PDO::FETCH_ASSOC); - $stmt->closeCursor(); + $clid = getClid($db, $clid); $stmt = $db->prepare("SELECT id, name, tldid, exdate, clid FROM domain WHERE name = :domainName LIMIT 1"); $stmt->bindParam(':domainName', $domainName, PDO::PARAM_STR); @@ -55,7 +51,7 @@ function processDomainRenew($conn, $db, $xml, $clid, $database_type, $trans) { return; } - if ($clid['id'] != $domainData['clid']) { + if ($clid != $domainData['clid']) { sendEppError($conn, $db, 2201, 'It belongs to another registrar', $clTRID, $trans); return; } @@ -96,7 +92,6 @@ function processDomainRenew($conn, $db, $xml, $clid, $database_type, $trans) { } $after_10_years = $db->query("SELECT YEAR(DATE_ADD(CURDATE(),INTERVAL 10 YEAR))")->fetchColumn(); - $stmt->closeCursor(); $stmt = $db->prepare("SELECT YEAR(DATE_ADD(:exdate, INTERVAL :date_add MONTH))"); $stmt->bindParam(':exdate', $domainData['exdate'], PDO::PARAM_STR); $stmt->bindParam(':date_add', $date_add, PDO::PARAM_INT); @@ -112,7 +107,7 @@ function processDomainRenew($conn, $db, $xml, $clid, $database_type, $trans) { // Check registrar account balance $stmt = $db->prepare("SELECT accountBalance, creditLimit, currency FROM registrar WHERE id = :registrarId LIMIT 1"); - $stmt->bindParam(':registrarId', $clid['id'], PDO::PARAM_INT); + $stmt->bindParam(':registrarId', $clid, PDO::PARAM_INT); $stmt->execute(); $row = $stmt->fetch(PDO::FETCH_ASSOC); $stmt->closeCursor(); @@ -120,7 +115,7 @@ function processDomainRenew($conn, $db, $xml, $clid, $database_type, $trans) { $creditLimit = $row['creditLimit']; $currency = $row['currency']; - $returnValue = getDomainPrice($db, $domainData['name'], $domainData['tldid'], $date_add, 'renew', $clid['id'], $currency); + $returnValue = getDomainPrice($db, $domainData['name'], $domainData['tldid'], $date_add, 'renew', $clid, $currency); $price = $returnValue['price']; if (($registrar_balance + $creditLimit) < $price) { @@ -139,7 +134,7 @@ function processDomainRenew($conn, $db, $xml, $clid, $database_type, $trans) { $stmt->bindParam(':date_add', $date_add, PDO::PARAM_INT); $stmt->bindParam(':rgpstatus', $rgpstatus, PDO::PARAM_STR); $stmt->bindParam(':renewPeriod', $date_add, PDO::PARAM_INT); - $stmt->bindParam(':upid', $clid['id'], PDO::PARAM_INT); + $stmt->bindParam(':upid', $clid, PDO::PARAM_INT); $stmt->bindParam(':domain_id', $domainData['id'], PDO::PARAM_INT); $stmt->execute(); @@ -152,14 +147,14 @@ function processDomainRenew($conn, $db, $xml, $clid, $database_type, $trans) { // Update registrar's account balance: $stmt = $db->prepare("UPDATE registrar SET accountBalance = (accountBalance - :price) WHERE id = :registrar_id"); $stmt->bindParam(':price', $price, PDO::PARAM_INT); - $stmt->bindParam(':registrar_id', $clid['id'], PDO::PARAM_INT); + $stmt->bindParam(':registrar_id', $clid, PDO::PARAM_INT); $stmt->execute(); // Insert into payment_history: $description = "renew domain $domainName for period $date_add MONTH"; $negative_price = -$price; $stmt = $db->prepare("INSERT INTO payment_history (registrar_id, date, description, amount) VALUES (:registrar_id, CURRENT_TIMESTAMP(3), :description, :amount)"); - $stmt->bindParam(':registrar_id', $clid['id'], PDO::PARAM_INT); + $stmt->bindParam(':registrar_id', $clid, PDO::PARAM_INT); $stmt->bindParam(':description', $description, PDO::PARAM_STR); $stmt->bindParam(':amount', $negative_price, PDO::PARAM_INT); $stmt->execute(); @@ -173,7 +168,7 @@ function processDomainRenew($conn, $db, $xml, $clid, $database_type, $trans) { // Insert into statement: $stmt = $db->prepare("INSERT INTO statement (registrar_id, date, command, domain_name, length_in_months, fromS, toS, amount) VALUES (?, CURRENT_TIMESTAMP(3), ?, ?, ?, ?, ?, ?)"); - $stmt->execute([$clid['id'], 'renew', $domainName, $date_add, $from, $to, $price]); + $stmt->execute([$clid, 'renew', $domainName, $date_add, $from, $to, $price]); } } diff --git a/epp/src/epp-transfer.php b/epp/src/epp-transfer.php index cad5827..0f944e0 100644 --- a/epp/src/epp-transfer.php +++ b/epp/src/epp-transfer.php @@ -17,6 +17,7 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT id, clid FROM contact WHERE identifier = :identifier LIMIT 1"); $stmt->execute([':identifier' => $identifier]); $result = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $contact_id = $result['id'] ?? null; $registrar_id_contact = $result['clid'] ?? null; @@ -24,12 +25,8 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans) sendEppError($conn, $db, 2303, 'Contact does not exist', $clTRID, $trans); return; } - - $stmt = $db->prepare("SELECT id FROM registrar WHERE clid = :clid LIMIT 1"); - $stmt->bindParam(':clid', $clid, PDO::PARAM_STR); - $stmt->execute(); - $clid = $stmt->fetch(PDO::FETCH_ASSOC); - $clid = $clid['id']; + + $clid = getClid($db, $clid); if ($op === 'approve') { if ($clid !== $registrar_id_contact) { @@ -44,6 +41,7 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans) ':authInfo_pw' => $authInfo_pw ]); $contact_authinfo_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if (!$contact_authinfo_id) { sendEppError($conn, $db, 2202, 'authInfo pw is not correct', $clTRID, $trans); @@ -54,6 +52,7 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT crid, crdate, upid, lastupdate, trdate, trstatus, reid, redate, acid, acdate FROM contact WHERE id = :contact_id LIMIT 1"); $stmt->execute([':contact_id' => $contact_id]); $contactInfo = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $trstatus = $contactInfo['trstatus'] ?? ''; if ($trstatus === 'pending') { @@ -71,14 +70,17 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT crid, crdate, upid, lastupdate, trdate, trstatus, reid, redate, acid, acdate FROM contact WHERE id = :contact_id LIMIT 1"); $stmt->execute([':contact_id' => $contact_id]); $updatedContactInfo = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $reid_identifier_stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1"); $reid_identifier_stmt->execute([':reid' => $updatedContactInfo['reid']]); $reid_identifier = $reid_identifier_stmt->fetchColumn(); + $reid_identifier_stmt->closeCursor(); $acid_identifier_stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1"); $acid_identifier_stmt->execute([':acid' => $updatedContactInfo['acid']]); $acid_identifier = $acid_identifier_stmt->fetchColumn(); + $acid_identifier_stmt->closeCursor(); $svTRID = generateSvTRID(); $response = [ @@ -116,7 +118,8 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans) if ($authInfo_pw) { $stmt = $db->prepare("SELECT id FROM contact_authInfo WHERE contact_id = :contact_id AND authtype = 'pw' AND authinfo = :authInfo_pw LIMIT 1"); $stmt->execute([':contact_id' => $contact_id, ':authInfo_pw' => $authInfo_pw]); - $contact_authinfo_id = $stmt->fetchColumn(); + $contact_authinfo_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if (!$contact_authinfo_id) { sendEppError($conn, $db, 2202, 'authInfo pw is not correct', $clTRID, $trans); return; @@ -126,6 +129,7 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT crid, crdate, upid, lastupdate, trdate, trstatus, reid, redate, acid, acdate FROM contact WHERE id = :contact_id LIMIT 1"); $stmt->execute([':contact_id' => $contact_id]); $contactInfo = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $trstatus = $contactInfo['trstatus'] ?? ''; if ($trstatus === 'pending') { @@ -139,14 +143,17 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT crid, crdate, upid, lastupdate, trdate, trstatus, reid, redate, acid, acdate FROM contact WHERE id = :contact_id LIMIT 1"); $stmt->execute([':contact_id' => $contact_id]); $updatedContactInfo = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $reid_identifier_stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1"); $reid_identifier_stmt->execute([':reid' => $updatedContactInfo['reid']]); $reid_identifier = $reid_identifier_stmt->fetchColumn(); + $reid_identifier_stmt->closeCursor(); $acid_identifier_stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1"); $acid_identifier_stmt->execute([':acid' => $updatedContactInfo['acid']]); $acid_identifier = $acid_identifier_stmt->fetchColumn(); + $acid_identifier_stmt->closeCursor(); $svTRID = generateSvTRID(); $response = [ @@ -177,16 +184,19 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT crid, crdate, upid, lastupdate, trdate, trstatus, reid, redate, acid, acdate FROM contact WHERE id = :contact_id LIMIT 1"); $stmt->execute([':contact_id' => $contact_id]); $contactInfo = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $trstatus = $contactInfo['trstatus'] ?? ''; if ($trstatus === 'pending') { $reid_identifier_stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1"); $reid_identifier_stmt->execute([':reid' => $contactInfo['reid']]); $reid_identifier = $reid_identifier_stmt->fetchColumn(); + $reid_identifier_stmt->closeCursor(); $acid_identifier_stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1"); $acid_identifier_stmt->execute([':acid' => $contactInfo['acid']]); $acid_identifier = $acid_identifier_stmt->fetchColumn(); + $acid_identifier_stmt->closeCursor(); $svTRID = generateSvTRID(); $response = [ @@ -224,6 +234,7 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT id FROM contact_authInfo WHERE contact_id = :contact_id AND authtype = 'pw' AND authinfo = :authInfo_pw LIMIT 1"); $stmt->execute([':contact_id' => $contact_id, ':authInfo_pw' => $authInfo_pw]); $contact_authinfo_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if (!$contact_authinfo_id) { sendEppError($conn, $db, 2202, 'authInfo pw is not correct', $clTRID, $trans); @@ -234,6 +245,7 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT crid, crdate, upid, lastupdate, trdate, trstatus, reid, redate, acid, acdate FROM contact WHERE id = :contact_id LIMIT 1"); $stmt->execute([':contact_id' => $contact_id]); $contactInfo = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); if ($contactInfo['trstatus'] === 'pending') { // The losing registrar has five days once the contact is pending to respond. @@ -247,15 +259,18 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT crid, crdate, upid, lastupdate, trdate, trstatus, reid, redate, acid, acdate FROM contact WHERE id = :contact_id LIMIT 1"); $stmt->execute([':contact_id' => $contact_id]); $contactInfo = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); // Fetch registrar identifiers $reidStmt = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1"); $reidStmt->execute([':reid' => $contactInfo['reid']]); $reid_identifier = $reidStmt->fetchColumn(); + $reidStmt->closeCursor(); $acidStmt = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1"); $acidStmt->execute([':acid' => $contactInfo['acid']]); $acid_identifier = $acidStmt->fetchColumn(); + $acidStmt->closeCursor(); $svTRID = generateSvTRID(); $response = [ @@ -287,6 +302,7 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT DATEDIFF(CURRENT_TIMESTAMP(3),crdate) FROM contact WHERE id = :contact_id LIMIT 1"); $stmt->execute([':contact_id' => $contact_id]); $days_from_registration = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($days_from_registration < 60) { sendEppError($conn, $db, 2201, 'The contact name must not be within 60 days of its initial registration', $clTRID, $trans); @@ -297,6 +313,7 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT trdate, DATEDIFF(CURRENT_TIMESTAMP(3),trdate) AS intval FROM contact WHERE id = :contact_id LIMIT 1"); $stmt->execute([':contact_id' => $contact_id]); $result = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $last_trdate = $result['trdate']; $days_from_last_transfer = $result['intval']; @@ -309,6 +326,7 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT id FROM contact_authInfo WHERE contact_id = :contact_id AND authtype = 'pw' AND authinfo = :authInfo_pw LIMIT 1"); $stmt->execute([':contact_id' => $contact_id, ':authInfo_pw' => $authInfo_pw]); $contact_authinfo_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if (!$contact_authinfo_id) { sendEppError($conn, $db, 2202, 'authInfo pw is not correct', $clTRID, $trans); @@ -325,6 +343,7 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans) return; } } + $stmt->closeCursor(); if ($clid == $registrar_id_contact) { sendEppError($conn, $db, 2106, 'Destination client of the transfer operation is the contact sponsoring client', $clTRID, $trans); @@ -334,6 +353,7 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT crid,crdate,upid,lastupdate,trdate,trstatus,reid,redate,acid,acdate FROM contact WHERE id = :contact_id LIMIT 1"); $stmt->execute([':contact_id' => $contact_id]); $result = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $trstatus = $result['trstatus']; if (!$trstatus || $trstatus != 'pending') { @@ -352,6 +372,7 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT crid,crdate,upid,lastupdate,trdate,trstatus,reid,redate,acid,acdate FROM contact WHERE id = :contact_id LIMIT 1"); $stmt->execute([':contact_id' => $contact_id]); $result = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $reid_identifier = $db->query("SELECT clid FROM registrar WHERE id = '{$result['reid']}' LIMIT 1")->fetchColumn(); $acid_identifier = $db->query("SELECT clid FROM registrar WHERE id = '{$result['acid']}' LIMIT 1")->fetchColumn(); @@ -420,6 +441,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt->bindParam(':name', $domainName, PDO::PARAM_STR); $stmt->execute(); $row = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $domain_id = $row['id'] ?? null; $tldid = $row['tldid'] ?? null; @@ -430,11 +452,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) return; } - $stmt = $db->prepare("SELECT id FROM registrar WHERE clid = :clid LIMIT 1"); - $stmt->bindParam(':clid', $clid, PDO::PARAM_STR); - $stmt->execute(); - $clid = $stmt->fetch(PDO::FETCH_ASSOC); - $clid = $clid['id']; + $clid = getClid($db, $clid); if ($op === 'approve') { if ($clid !== $registrar_id_domain) { @@ -446,6 +464,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT id FROM domain_authInfo WHERE domain_id = ? AND authtype = 'pw' AND authinfo = ? LIMIT 1"); $stmt->execute([$domain_id, $authInfo_pw]); $domain_authinfo_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if (!$domain_authinfo_id) { sendEppError($conn, $db, 2202, 'authInfo pw is not correct', $clTRID, $trans); @@ -456,6 +475,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT id,registrant,crdate,exdate,lastupdate,clid,crid,upid,trdate,trstatus,reid,redate,acid,acdate,transfer_exdate FROM domain WHERE name = ? LIMIT 1"); $stmt->execute([$domainName]); $row = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); if ($row && $row["trstatus"] === 'pending') { $date_add = 0; @@ -464,15 +484,18 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT accountBalance,creditLimit FROM registrar WHERE id = ? LIMIT 1"); $stmt->execute([$row["reid"]]); list($registrar_balance, $creditLimit) = $stmt->fetch(PDO::FETCH_NUM); + $stmt->closeCursor(); if ($row["transfer_exdate"]) { $stmt = $db->prepare("SELECT PERIOD_DIFF(DATE_FORMAT(transfer_exdate, '%Y%m'), DATE_FORMAT(exdate, '%Y%m')) AS intval FROM domain WHERE name = ? LIMIT 1"); $stmt->execute([$domainName]); $date_add = $stmt->fetchColumn(); + $stmt->closeCursor(); $stmt = $db->prepare("SELECT currency FROM registrar WHERE id = :registrar_id LIMIT 1"); $stmt->execute([':registrar_id' => $clid]); $result = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $currency = $result["currency"]; $returnValue = getDomainPrice($db, $domainName, $tldid, $date_add, 'transfer', $clid, $currency); @@ -488,6 +511,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare('SELECT contact_id, type FROM domain_contact_map WHERE domain_id = ?'); $stmt->execute([$domain_id]); $contactMap = $stmt->fetchAll(PDO::FETCH_ASSOC); + $stmt->closeCursor(); // Prepare an array to hold new contact IDs to prevent duplicating contacts $newContactIds = []; @@ -496,6 +520,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare('SELECT * FROM contact WHERE id = ?'); $stmt->execute([$row['registrant']]); $registrantData = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); unset($registrantData['id']); $registrantData['identifier'] = generateAuthInfo(); $registrantData['clid'] = $row['reid']; @@ -512,6 +537,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare('SELECT * FROM contact_postalInfo WHERE contact_id = ?'); $stmt->execute([$row['registrant']]); $postalInfos = $stmt->fetchAll(PDO::FETCH_ASSOC); + $stmt->closeCursor(); foreach ($postalInfos as $postalInfo) { unset($postalInfo['id']); @@ -535,6 +561,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare('SELECT * FROM contact WHERE id = ?'); $stmt->execute([$contact['contact_id']]); $contactData = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); unset($contactData['id']); $contactData['identifier'] = generateAuthInfo(); $contactData['clid'] = $row["reid"]; @@ -551,6 +578,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare('SELECT * FROM contact_postalInfo WHERE contact_id = ?'); $stmt->execute([$contact['contact_id']]); $postalInfos = $stmt->fetchAll(PDO::FETCH_ASSOC); + $stmt->closeCursor(); foreach ($postalInfos as $postalInfo) { unset($postalInfo['id']); @@ -572,6 +600,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT exdate FROM domain WHERE id = :domain_id LIMIT 1"); $stmt->execute(['domain_id' => $domain_id]); $from = $stmt->fetchColumn(); + $stmt->closeCursor(); $stmt = $db->prepare("UPDATE domain SET exdate = DATE_ADD(exdate, INTERVAL ? MONTH), lastupdate = CURRENT_TIMESTAMP(3), clid = ?, upid = ?, registrant = ?, trdate = CURRENT_TIMESTAMP(3), trstatus = 'clientApproved', acdate = CURRENT_TIMESTAMP(3), transfer_exdate = NULL, rgpstatus = 'transferPeriod', transferPeriod = ? WHERE id = ?"); $stmt->execute([$date_add, $row["reid"], $clid, $newRegistrantId, $date_add, $domain_id]); @@ -595,6 +624,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare('SELECT status FROM domain_status WHERE domain_id = ? AND status = ? LIMIT 1'); $stmt->execute([$domain_id, 'pendingTransfer']); $existingStatus = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($existingStatus === 'pendingTransfer') { $deleteStmt = $db->prepare('DELETE FROM domain_status WHERE domain_id = ? AND status = ?'); @@ -642,6 +672,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT exdate FROM domain WHERE id = :domain_id LIMIT 1"); $stmt->execute(['domain_id' => $domain_id]); $to = $stmt->fetchColumn(); + $stmt->closeCursor(); $stmt = $db->prepare("INSERT INTO statement (registrar_id,date,command,domain_name,length_in_months,fromS,toS,amount) VALUES(:registrar_id, CURRENT_TIMESTAMP(3), :command, :domain_name, :length_in_months, :from, :to, :amount)"); $stmt->execute(['registrar_id' => $row['reid'], 'command' => 'transfer', 'domain_name' => $domainName, 'length_in_months' => $date_add, 'from' => $from, 'to' => $to, 'amount' => $price]); @@ -649,19 +680,23 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT id,registrant,crdate,exdate,lastupdate,clid,crid,upid,trdate,trstatus,reid,redate,acid,acdate,transfer_exdate FROM domain WHERE name = :name LIMIT 1"); $stmt->execute(['name' => $domainName]); $row = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); extract($row); $stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1"); $stmt->execute(['reid' => $reid]); $reid_identifier = $stmt->fetchColumn(); + $stmt->closeCursor(); $stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1"); $stmt->execute(['acid' => $acid]); $acid_identifier = $stmt->fetchColumn(); + $stmt->closeCursor(); $stmt = $db->prepare("SELECT id FROM statistics WHERE date = CURDATE()"); $stmt->execute(); $curdate_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if (!$curdate_id) { $stmt = $db->prepare("INSERT IGNORE INTO statistics (date) VALUES(CURDATE())"); @@ -712,6 +747,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT id FROM domain_authInfo WHERE domain_id = :domain_id AND authtype = 'pw' AND authinfo = :authInfo_pw LIMIT 1"); $stmt->execute(['domain_id' => $domain_id, 'authInfo_pw' => $authInfo_pw]); $domain_authinfo_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if (!$domain_authinfo_id) { sendEppError($conn, $db, 2202, 'authInfo pw is not correct', $clTRID, $trans); @@ -722,6 +758,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT id, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate, transfer_exdate FROM domain WHERE name = :name LIMIT 1"); $stmt->execute(['name' => $domainName]); $row = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); extract($row); if ($trstatus === 'pending') { @@ -747,6 +784,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare('SELECT status FROM domain_status WHERE domain_id = ? AND status = ? LIMIT 1'); $stmt->execute([$domain_id, 'pendingTransfer']); $existingStatus = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($existingStatus === 'pendingTransfer') { $deleteStmt = $db->prepare('DELETE FROM domain_status WHERE domain_id = ? AND status = ?'); @@ -763,15 +801,18 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT id, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate, transfer_exdate FROM domain WHERE name = :name LIMIT 1"); $stmt->execute(['name' => $domainName]); $row = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); extract($row); $stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1"); $stmt->execute(['reid' => $reid]); $reid_identifier = $stmt->fetchColumn(); + $stmt->closeCursor(); $stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1"); $stmt->execute(['acid' => $acid]); $acid_identifier = $stmt->fetchColumn(); + $stmt->closeCursor(); $svTRID = generateSvTRID(); $response = [ @@ -809,6 +850,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT id, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate, transfer_exdate FROM domain WHERE name = :name LIMIT 1"); $stmt->execute(['name' => $domainName]); $result = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); extract($result); if ($trstatus === 'pending') { @@ -816,10 +858,12 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmtReID = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1"); $stmtReID->execute(['reid' => $reid]); $reid_identifier = $stmtReID->fetchColumn(); + $stmtReID->closeCursor(); $stmtAcID = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1"); $stmtAcID->execute(['acid' => $acid]); $acid_identifier = $stmtAcID->fetchColumn(); + $stmtAcID->closeCursor(); $svTRID = generateSvTRID(); $response = [ @@ -861,6 +905,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmtAuthInfo = $db->prepare("SELECT id FROM domain_authInfo WHERE domain_id = :domain_id AND authtype = 'pw' AND authinfo = :authInfo_pw LIMIT 1"); $stmtAuthInfo->execute(['domain_id' => $domain_id, 'authInfo_pw' => $authInfo_pw]); $domain_authinfo_id = $stmtAuthInfo->fetchColumn(); + $stmtAuthInfo->closeCursor(); if (!$domain_authinfo_id) { sendEppError($conn, $db, 2202, 'authInfo pw is not correct', $clTRID, $trans); @@ -871,6 +916,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT id, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate, transfer_exdate FROM domain WHERE name = :name LIMIT 1"); $stmt->execute(['name' => $domainName]); $result = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); extract($result); if ($trstatus === 'pending') { @@ -896,6 +942,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare('SELECT status FROM domain_status WHERE domain_id = ? AND status = ? LIMIT 1'); $stmt->execute([$domain_id, 'pendingTransfer']); $existingStatus = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($existingStatus === 'pendingTransfer') { $deleteStmt = $db->prepare('DELETE FROM domain_status WHERE domain_id = ? AND status = ?'); @@ -912,10 +959,12 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmtReID = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1"); $stmtReID->execute(['reid' => $reid]); $reid_identifier = $stmtReID->fetchColumn(); + $stmtReID->closeCursor(); $stmtAcID = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1"); $stmtAcID->execute(['acid' => $acid]); $acid_identifier = $stmtAcID->fetchColumn(); + $stmtAcID->closeCursor(); $svTRID = generateSvTRID(); $response = [ @@ -957,6 +1006,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt->bindParam(':token', $allocationTokenValue, PDO::PARAM_STR); $stmt->execute(); $token = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($token) { // No action needed, script continues @@ -970,6 +1020,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT DATEDIFF(CURRENT_TIMESTAMP(3), crdate) FROM domain WHERE id = :domain_id LIMIT 1"); $stmt->execute(['domain_id' => $domain_id]); $days_from_registration = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($days_from_registration < 60) { sendEppError($conn, $db, 2201, 'The domain name must not be within 60 days of its initial registration', $clTRID, $trans); @@ -980,6 +1031,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT trdate, DATEDIFF(CURRENT_TIMESTAMP(3),trdate) AS intval FROM domain WHERE id = :domain_id LIMIT 1"); $stmt->execute(['domain_id' => $domain_id]); $result = $stmt->fetch(); + $stmt->closeCursor(); $last_trdate = $result["trdate"]; $days_from_last_transfer = $result["intval"]; @@ -992,6 +1044,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT DATEDIFF(CURRENT_TIMESTAMP(3),exdate) FROM domain WHERE id = :domain_id LIMIT 1"); $stmt->execute(['domain_id' => $domain_id]); $days_from_expiry_date = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($days_from_expiry_date > 30) { sendEppError($conn, $db, 2201, 'The domain name must not be more than 30 days past its expiry date', $clTRID, $trans); @@ -1002,6 +1055,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT id FROM domain_authInfo WHERE domain_id = :domain_id AND authtype = 'pw' AND authinfo = :authInfo_pw LIMIT 1"); $stmt->execute(['domain_id' => $domain_id, 'authInfo_pw' => $authInfo_pw]); $domain_authinfo_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if (!$domain_authinfo_id) { sendEppError($conn, $db, 2202, 'authInfo pw is invalid', $clTRID, $trans); @@ -1017,6 +1071,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) return; } } + $stmt->closeCursor(); if ($clid == $registrar_id_domain) { sendEppError($conn, $db, 2106, 'Destination client of the transfer operation is the domain sponsoring client', $clTRID, $trans); @@ -1026,6 +1081,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT id, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate FROM domain WHERE name = ? LIMIT 1"); $stmt->execute([$domainName]); $row = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $domain_id = $row['id']; $registrant = $row['registrant']; @@ -1078,6 +1134,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT accountBalance, creditLimit, currency FROM registrar WHERE id = :registrar_id LIMIT 1"); $stmt->execute([':registrar_id' => $clid]); $result = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $registrar_balance = $result["accountBalance"]; $creditLimit = $result["creditLimit"]; $currency = $result["currency"]; @@ -1097,6 +1154,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare('SELECT status FROM domain_status WHERE domain_id = ? AND status = ? LIMIT 1'); $stmt->execute([$domain_id, 'ok']); $existingStatus = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($existingStatus === 'ok') { $deleteStmt = $db->prepare('DELETE FROM domain_status WHERE domain_id = ? AND status = ?'); @@ -1114,16 +1172,19 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT id, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate, transfer_exdate FROM domain WHERE name = :name LIMIT 1"); $stmt->execute([':name' => $domainName]); $result = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); list($domain_id, $registrant, $crdate, $exdate, $lastupdate, $registrar_id_domain, $crid, $upid, $trdate, $trstatus, $reid, $redate, $acid, $acdate, $transfer_exdate) = array_values($result); $stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1"); $stmt->execute([':reid' => $reid]); $reid_identifier = $stmt->fetchColumn(); + $stmt->closeCursor(); $stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1"); $stmt->execute([':acid' => $acid]); $acid_identifier = $stmt->fetchColumn(); + $stmt->closeCursor(); // The current sponsoring registrar will receive a notification of a pending transfer $stmt = $db->prepare("INSERT INTO poll (registrar_id,qdate,msg,msg_type,obj_name_or_id,obj_trStatus,obj_reID,obj_reDate,obj_acID,obj_acDate,obj_exDate) VALUES(:registrar_id_domain, CURRENT_TIMESTAMP(3), 'Transfer requested.', 'domainTransfer', :name, 'pending', :reid_identifier, :redate, :acid_identifier, :acdate, :transfer_exdate)"); @@ -1177,6 +1238,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare('SELECT status FROM domain_status WHERE domain_id = ? AND status = ? LIMIT 1'); $stmt->execute([$domain_id, 'ok']); $existingStatus = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($existingStatus === 'ok') { $deleteStmt = $db->prepare('DELETE FROM domain_status WHERE domain_id = ? AND status = ?'); @@ -1194,16 +1256,19 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) $stmt = $db->prepare("SELECT id, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate, transfer_exdate FROM domain WHERE name = :name LIMIT 1"); $stmt->execute([':name' => $domainName]); $result = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); list($domain_id, $registrant, $crdate, $exdate, $lastupdate, $registrar_id_domain, $crid, $upid, $trdate, $trstatus, $reid, $redate, $acid, $acdate, $transfer_exdate) = array_values($result); $stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1"); $stmt->execute([':reid' => $reid]); $reid_identifier = $stmt->fetchColumn(); + $stmt->closeCursor(); $stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1"); $stmt->execute([':acid' => $acid]); $acid_identifier = $stmt->fetchColumn(); + $stmt->closeCursor(); // Notify the current sponsoring registrar of the pending transfer $stmt = $db->prepare("INSERT INTO poll (registrar_id, qdate, msg, msg_type, obj_name_or_id, obj_trStatus, obj_reID, obj_reDate, obj_acID, obj_acDate, obj_exDate) VALUES(:registrar_id_domain, CURRENT_TIMESTAMP(3), 'Transfer requested.', 'domainTransfer', :name, 'pending', :reid_identifier, :redate, :acid_identifier, :acdate, NULL)"); diff --git a/epp/src/epp-update.php b/epp/src/epp-update.php index 926bef7..7023f22 100644 --- a/epp/src/epp-update.php +++ b/epp/src/epp-update.php @@ -22,6 +22,7 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT id, clid FROM contact WHERE identifier = :identifier LIMIT 1"); $stmt->execute([':identifier' => $contactID]); $row = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $contact_id = $row['id'] ?? null; $registrar_id_contact = $row['clid'] ?? null; @@ -29,13 +30,8 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) { sendEppError($conn, $db, 2303, 'Contact does not exist', $clTRID, $trans); return; } - - $stmt = $db->prepare("SELECT id FROM registrar WHERE clid = :clid LIMIT 1"); - $stmt->bindParam(':clid', $clid, PDO::PARAM_STR); - $stmt->execute(); - $clid = $stmt->fetch(PDO::FETCH_ASSOC); - $clid = $clid['id']; + $clid = getClid($db, $clid); if ($clid != $registrar_id_contact) { sendEppError($conn, $db, 2201, 'It belongs to another registrar', $clTRID, $trans); return; @@ -50,11 +46,13 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) { return; } } + $stmt->closeCursor(); $clientUpdateProhibited = 0; $stmt = $db->prepare("SELECT id FROM contact_status WHERE contact_id = :contact_id AND status = 'clientUpdateProhibited' LIMIT 1"); $stmt->execute([':contact_id' => $contact_id]); $clientUpdateProhibited = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($contactRem) { $statusList = $xml->xpath('//contact:status/@s', $contactRem); @@ -100,6 +98,7 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT id FROM contact_status WHERE contact_id = :contact_id AND status = :status LIMIT 1"); $stmt->execute([':contact_id' => $contact_id, ':status' => $status]); $contactStatusId = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($contactStatusId) { sendEppError($conn, $db, 2306, 'This status '.$status.' already exists for this contact', $clTRID, $trans); @@ -110,10 +109,7 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) { } if ($contactChg) { - $stmt = $db->prepare("SELECT id FROM registrar WHERE clid = :clid LIMIT 1"); - $stmt->bindParam(':clid', $clid, PDO::PARAM_STR); - $stmt->execute(); - $clid = $stmt->fetch(PDO::FETCH_ASSOC); + $clid = getClid($db, $clid); $postalInfoInt = null; $postalInfoLoc = null; @@ -433,6 +429,7 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt->bindParam(':contact_id', $contact_id, PDO::PARAM_INT); $stmt->execute(); $row = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); extract($row); if ($postalInfoInt) { @@ -441,6 +438,7 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt_int->bindParam(':contact_id', $contact_id, PDO::PARAM_INT); $stmt_int->execute(); $row_int = $stmt_int->fetch(PDO::FETCH_ASSOC); + $stmt_int->closeCursor(); extract($row_int); } @@ -450,6 +448,7 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt_loc->bindParam(':contact_id', $contact_id, PDO::PARAM_INT); $stmt_loc->execute(); $row_loc = $stmt_loc->fetch(PDO::FETCH_ASSOC); + $stmt_loc->closeCursor(); extract($row_loc); } @@ -458,12 +457,14 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt_pw->bindParam(':contact_id', $contact_id, PDO::PARAM_INT); $stmt_pw->execute(); $e_authInfo_pw = $stmt_pw->fetchColumn(); + $stmt_pw->closeCursor(); // For contact_authInfo table with authtype = 'ext' $stmt_ext = $db->prepare("SELECT authinfo FROM contact_authInfo WHERE contact_id = :contact_id AND authtype = 'ext' LIMIT 1"); $stmt_ext->bindParam(':contact_id', $contact_id, PDO::PARAM_INT); $stmt_ext->execute(); $e_authInfo_ext = $stmt_ext->fetchColumn(); + $stmt_ext->closeCursor(); $postalInfo_int = $xml->xpath("//contact:postalInfo[@type='int']")[0] ?? null; if ($postalInfoInt) { @@ -692,6 +693,7 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt->execute([$name]); $row = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); $hostId = $row['id'] ?? null; $registrarIdHost = $row['clid'] ?? null; @@ -700,12 +702,7 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) { return; } - $stmt = $db->prepare("SELECT id FROM registrar WHERE clid = :clid LIMIT 1"); - $stmt->bindParam(':clid', $clid, PDO::PARAM_STR); - $stmt->execute(); - $clid = $stmt->fetch(PDO::FETCH_ASSOC); - $clid = $clid['id']; - + $clid = getClid($db, $clid); if ($clid !== $registrarIdHost) { sendEppError($conn, $db, 2201, 'Not registrar for host', $clTRID, $trans); return; @@ -721,12 +718,14 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) { return; } } + $stmtStatus->closeCursor(); $clientUpdateProhibited = 0; $stmtClientUpdateProhibited = $db->prepare("SELECT id FROM host_status WHERE host_id = ? AND status = 'clientUpdateProhibited' LIMIT 1"); $stmtClientUpdateProhibited->execute([$hostId]); $clientUpdateProhibited = $stmtClientUpdateProhibited->fetchColumn(); + $stmtClientUpdateProhibited->closeCursor(); if (isset($hostRem)) { $addrList = $xml->xpath('//host:rem/host:addr'); @@ -774,6 +773,7 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT id FROM host_status WHERE host_id = ? AND status = ? LIMIT 1"); $stmt->execute([$hostId, $status]); $contact_status_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($contact_status_id) { sendEppError($conn, $db, 2306, 'This status '.$status.' already exists for this host', $clTRID, $trans); return; @@ -792,6 +792,7 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT id FROM host_addr WHERE host_id = ? AND addr = ? AND ip = '6' LIMIT 1"); $stmt->execute([$hostId, $addr]); $ipv6_addr_already_exists = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($ipv6_addr_already_exists) { sendEppError($conn, $db, 2306, 'This addr '.$addr.' already exists for this host', $clTRID, $trans); return; @@ -808,6 +809,7 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT id FROM host_addr WHERE host_id = ? AND addr = ? AND ip = '4' LIMIT 1"); $stmt->execute([$hostId, $addr]); $ipv4_addr_already_exists = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($ipv4_addr_already_exists) { sendEppError($conn, $db, 2306, 'This addr '.$addr.' already exists for this host', $clTRID, $trans); return; @@ -832,6 +834,7 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT id FROM host WHERE name = ? LIMIT 1"); $stmt->execute([$chg_name]); $chg_name_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($chg_name_id) { sendEppError($conn, $db, 2306, 'If it already exists, then we can\'t change it', $clTRID, $trans); @@ -845,11 +848,13 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT domain_id FROM host WHERE name = ? LIMIT 1"); $stmt->execute([$name]); $domain_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($domain_id) { $stmt = $db->prepare("SELECT name FROM domain WHERE id = ? LIMIT 1"); $stmt->execute([$domain_id]); $domain_name = $stmt->fetchColumn(); + $stmt->closeCursor(); if (!stripos($chg_name, ".$domain_name")) { sendEppError($conn, $db, 2005, 'It must be a subdomain of '.$domain_name, $clTRID, $trans); @@ -868,6 +873,7 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) { break; } } + $stmt->closeCursor(); if ($internal_host) { sendEppError($conn, $db, 2005, 'Must be external host', $clTRID, $trans); @@ -882,6 +888,7 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) { LIMIT 1"); $stmt->execute([$hostId]); $domain_host_map_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($domain_host_map_id) { sendEppError($conn, $db, 2305, 'It is not possible to modify because it is a dependency, it is used by some domain as NS', $clTRID, $trans); @@ -992,6 +999,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT value FROM settings WHERE name = 'launch_phases' LIMIT 1"); $stmt->execute(); $launch_extension_enabled = $stmt->fetchColumn(); + $stmt->closeCursor(); } if ($domainRem === null && $domainAdd === null && $domainChg === null && $extensionNode === null) { @@ -1007,18 +1015,14 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT id,tldid,exdate,clid FROM domain WHERE name = ? LIMIT 1"); $stmt->execute([$domainName]); $row = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt->closeCursor(); if (!$row) { sendEppError($conn, $db, 2303, 'Domain name does not exist', $clTRID, $trans); return; } - $stmt = $db->prepare("SELECT id FROM registrar WHERE clid = :clid LIMIT 1"); - $stmt->bindParam(':clid', $clid, PDO::PARAM_STR); - $stmt->execute(); - $clid = $stmt->fetch(PDO::FETCH_ASSOC); - $clid = $clid['id']; - + $clid = getClid($db, $clid); if ($clid != $row['clid']) { sendEppError($conn, $db, 2201, 'You do not have privileges to modify a domain name that belongs to another registrar', $clTRID, $trans); return; @@ -1048,6 +1052,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { } $launch_valid = $stmt->fetchColumn(); + $stmt->closeCursor(); if (!$launch_valid) { sendEppError($conn, $db, 2304, 'Invalid launch phase or applicationID for this domain', $clTRID, $trans); @@ -1063,11 +1068,13 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { return; } } + $stmt->closeCursor(); $clientUpdateProhibited = 0; $stmt = $db->prepare("SELECT id FROM domain_status WHERE domain_id = ? AND status = 'clientUpdateProhibited' LIMIT 1"); $stmt->execute([$row['id']]); $clientUpdateProhibited = $stmt->fetchColumn(); + $stmt->closeCursor(); if (isset($domainRem)) { $ns = $xml->xpath('//domain:rem/domain:ns') ?? []; @@ -1130,6 +1137,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT id FROM domain_status WHERE domain_id = ? AND status = ? LIMIT 1"); $stmt->execute([$row['id'], $status]); $domainStatusId = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($domainStatusId) { sendEppError($conn, $db, 2306, 'This status '.$status.' already exists for this domain', $clTRID, $trans); @@ -1197,6 +1205,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT tld FROM domain_tld"); $stmt->execute(); $tlds = $stmt->fetchAll(PDO::FETCH_COLUMN); + $stmt->closeCursor(); $host_from_this_registry = 0; foreach ($tlds as $tld) { $tld = preg_quote(strtoupper($tld), '/'); @@ -1214,6 +1223,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt->bindParam(':hostObj', $hostObj); $stmt->execute(); $host_id_already_exist = $stmt->fetchColumn(); + $stmt->closeCursor(); if (!$host_id_already_exist) { sendEppError($conn, $db, 2303, 'Invalid domain:hostObj '.$hostObj, $clTRID, $trans); return; @@ -1287,6 +1297,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT id FROM contact WHERE identifier = ? LIMIT 1"); $stmt->execute([$contact]); $contact_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if (!$contact_id) { sendEppError($conn, $db, 2303, 'This contact '.$contact.' does not exist', $clTRID, $trans); @@ -1296,6 +1307,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt2 = $db->prepare("SELECT id FROM domain_contact_map WHERE domain_id = ? AND contact_id = ? AND type = ? LIMIT 1"); $stmt2->execute([$row['id'], $contact_id, $contact_type]); $domain_contact_map_id = $stmt2->fetchColumn(); + $stmt2->closeCursor(); if ($domain_contact_map_id) { sendEppError($conn, $db, 2306, 'This contact '.$contact.' already exists for type '.$contact_type, $clTRID, $trans); @@ -1314,6 +1326,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt3 = $db->prepare("SELECT id FROM contact WHERE identifier = ? LIMIT 1"); $stmt3->execute([$registrant]); $registrant_id = $stmt3->fetchColumn(); + $stmt3->closeCursor(); if (!$registrant_id) { sendEppError($conn, $db, 2303, 'Registrant does not exist', $clTRID, $trans); @@ -1329,6 +1342,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { return; } } + $stmt4->closeCursor(); $authInfo_pw_elements = $domainChg->xpath('//domain:authInfo/domain:pw[1]'); if (!empty($authInfo_pw_elements)) { @@ -1361,6 +1375,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt->bindParam(':domain_id', $domain_id, PDO::PARAM_INT); $stmt->execute(); $temp_id_rgpstatus = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($temp_id_rgpstatus == 0) { sendEppError($conn, $db, 2304, 'pendingRestore can only be done if the domain is now in redemptionPeriod rgpStatus', $clTRID, $trans); @@ -1371,6 +1386,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt->bindParam(':domain_id', $domain_id, PDO::PARAM_INT); $stmt->execute(); $temp_id_status = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($temp_id_status == 0) { sendEppError($conn, $db, 2304, 'pendingRestore can only be done if the domain is now in pendingDelete status', $clTRID, $trans); @@ -1381,6 +1397,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt->bindParam(':domain_id', $domain_id, PDO::PARAM_INT); $stmt->execute(); $temp_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($temp_id == 0) { sendEppError($conn, $db, 2304, 'report can only be sent if the domain is in pendingRestore status', $clTRID, $trans); @@ -1405,6 +1422,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt->bindParam(':hostObj', $hostObj, PDO::PARAM_STR); $stmt->execute(); $host_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($host_id) { $stmt = $db->prepare("DELETE FROM domain_host_map WHERE domain_id = :domain_id AND host_id = :host_id"); @@ -1430,6 +1448,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt->bindParam(':hostName', $hostName, PDO::PARAM_STR); $stmt->execute(); $host_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($host_id) { $stmt = $db->prepare("DELETE FROM domain_host_map WHERE domain_id = :domain_id AND host_id = :host_id"); @@ -1462,6 +1481,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt->bindParam(':contact', $contact, PDO::PARAM_STR); $stmt->execute(); $contact_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($contact_id) { $stmt = $db->prepare("DELETE FROM domain_contact_map WHERE domain_id = :domain_id AND contact_id = :contact_id AND type = :contact_type"); @@ -1509,6 +1529,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt->bindParam(':hostObj', $hostObj, PDO::PARAM_STR); $stmt->execute(); $hostObj_already_exist = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($hostObj_already_exist) { $stmt = $db->prepare("SELECT domain_id FROM domain_host_map WHERE domain_id = :domain_id AND host_id = :hostObj_already_exist LIMIT 1"); @@ -1516,6 +1537,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt->bindParam(':hostObj_already_exist', $hostObj_already_exist, PDO::PARAM_INT); $stmt->execute(); $domain_host_map_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if (!$domain_host_map_id) { $stmt = $db->prepare("INSERT INTO domain_host_map (domain_id,host_id) VALUES(:domain_id, :hostObj_already_exist)"); @@ -1557,6 +1579,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { break; } } + $sth->closeCursor(); if ($host_from_this_registry) { if (preg_match("/\.$domainName$/i", $hostObj)) { @@ -1611,11 +1634,13 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt->bindParam(':hostName', $hostName, PDO::PARAM_STR); $stmt->execute(); $hostName_already_exist = $stmt->fetchColumn(); + $stmt->closeCursor(); if ($hostName_already_exist) { $sth = $db->prepare("SELECT domain_id FROM domain_host_map WHERE domain_id = ? AND host_id = ? LIMIT 1"); $sth->execute([$domain_id, $hostName_already_exist]); $domain_host_map_id = $sth->fetchColumn(); + $sth->closeCursor(); if (!$domain_host_map_id) { $sth = $db->prepare("INSERT INTO domain_host_map (domain_id,host_id) VALUES(?, ?)"); @@ -1690,6 +1715,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt->bindParam(':contact', $contact, PDO::PARAM_STR); $stmt->execute(); $contact_id = $stmt->fetchColumn(); + $stmt->closeCursor(); try { $stmt = $db->prepare("INSERT INTO domain_contact_map (domain_id,contact_id,type) VALUES(:domain_id, :contact_id, :contact_type)"); @@ -1746,6 +1772,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $sth = $db->prepare("SELECT id FROM contact WHERE identifier = ? LIMIT 1"); $sth->execute([$registrant]); $registrant_id = $sth->fetchColumn(); + $sth->closeCursor(); $sth = $db->prepare("UPDATE domain SET registrant = ?, upid = ?, lastupdate = CURRENT_TIMESTAMP(3) WHERE id = ?"); if (!$sth->execute([$registrant_id, $clid, $domain_id])) { @@ -1820,6 +1847,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $sth = $db->prepare("SELECT COUNT(id) AS ids FROM domain WHERE rgpstatus = 'redemptionPeriod' AND id = ?"); $sth->execute([$domain_id]); $temp_id = $sth->fetchColumn(); + $sth->closeCursor(); if ($temp_id == 1) { $sth = $db->prepare("UPDATE domain SET rgpstatus = 'pendingRestore', resTime = CURRENT_TIMESTAMP(3), upid = ?, lastupdate = CURRENT_TIMESTAMP(3) WHERE id = ?"); @@ -1854,11 +1882,13 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $sth = $db->prepare("SELECT COUNT(id) AS ids FROM domain WHERE rgpstatus = 'pendingRestore' AND id = ?"); $sth->execute([$domain_id]); $temp_id = $sth->fetchColumn(); + $sth->closeCursor(); if ($temp_id == 1) { $sth = $db->prepare("SELECT accountBalance,creditLimit,currency FROM registrar WHERE id = ?"); $sth->execute([$clid]); list($registrar_balance, $creditLimit, $currency) = $sth->fetch(); + $sth->closeCursor(); $returnValue = getDomainPrice($db, $domainName, $row['tldid'], 12, 'renew', $clid, $currency); $renew_price = $returnValue['price']; @@ -1873,6 +1903,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $sth = $db->prepare("SELECT exdate FROM domain WHERE id = ?"); $sth->execute([$domain_id]); $from = $sth->fetchColumn(); + $sth->closeCursor(); $sth = $db->prepare("UPDATE domain SET exdate = DATE_ADD(exdate, INTERVAL 12 MONTH), rgpstatus = NULL, rgpresTime = CURRENT_TIMESTAMP(3), rgppostData = ?, rgpresReason = ?, rgpstatement1 = ?, rgpstatement2 = ?, upid = ?, lastupdate = CURRENT_TIMESTAMP(3) WHERE id = ?"); @@ -1895,6 +1926,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT exdate FROM domain WHERE id = ?"); $stmt->execute([$domain_id]); $to = $stmt->fetchColumn(); + $stmt->closeCursor(); $sth = $db->prepare("INSERT INTO statement (registrar_id,date,command,domain_name,length_in_months,fromS,toS,amount) VALUES(?,CURRENT_TIMESTAMP(3),?,?,?,?,?,?)"); $sth->execute([$clid, 'restore', $domainName, 0, $from, $from, $restore_price]); @@ -1904,6 +1936,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt = $db->prepare("SELECT id FROM statistics WHERE date = CURDATE()"); $stmt->execute(); $curdate_id = $stmt->fetchColumn(); + $stmt->closeCursor(); if (!$curdate_id) { $db->prepare("INSERT IGNORE INTO statistics (date) VALUES(CURDATE())") diff --git a/epp/src/helpers.php b/epp/src/helpers.php index 80557e8..1e5cf89 100644 --- a/epp/src/helpers.php +++ b/epp/src/helpers.php @@ -647,6 +647,7 @@ function updatePermittedIPs($pool, $permittedIPsTable) { $query = "SELECT addr FROM registrar_whitelist"; $stmt = $pdo->query($query); $permittedIPs = $stmt->fetchAll(PDO::FETCH_COLUMN, 0); + $stmt->closeCursor(); $pool->put($pdo); // Manually clear the table by removing each entry diff --git a/epp/start_epp.php b/epp/start_epp.php index a73171a..a1df797 100644 --- a/epp/start_epp.php +++ b/epp/start_epp.php @@ -101,13 +101,15 @@ $server->handle(function (Connection $conn) use ($table, $pool, $c, $log, $permi // Get a PDO connection from the pool $pdo = $pool->get(); if (!$pdo) { - throw new PDOException("Failed to retrieve a connection from Swoole PDOPool."); + $conn->close(); + break; } $data = $conn->recv(); $connId = spl_object_id($conn); if ($data === false || strlen($data) < 4) { - sendEppError($conn, $pdo, 2000, 'Data reception error'); + sendEppError($conn, $pdo, 2000, 'Invalid or no data received'); + $conn->close(); break; } @@ -120,8 +122,8 @@ $server->handle(function (Connection $conn) use ($table, $pool, $c, $log, $permi $xml = simplexml_load_string($xmlData); if ($xml === false) { - sendEppError($conn, $pdo, 2001, 'Invalid XML'); - break; + sendEppError($conn, $pdo, 2001, 'Invalid XML syntax'); + continue; } $xml->registerXPathNamespace('e', 'urn:ietf:params:xml:ns:epp-1.0'); @@ -137,7 +139,8 @@ $server->handle(function (Connection $conn) use ($table, $pool, $c, $log, $permi $xml->registerXPathNamespace('allocationToken', 'urn:ietf:params:xml:ns:allocationToken-1.0'); if ($xml->getName() != 'epp') { - continue; // Skip this iteration if not an EPP command + sendEppError($conn, $pdo, 2001, 'Root element must be '); + continue; } switch (true) { @@ -148,7 +151,7 @@ $server->handle(function (Connection $conn) use ($table, $pool, $c, $log, $permi $clTRID = (string) $xml->command->clTRID; $clid = getClid($pdo, $clID); if (!$clid) { - sendEppError($conn, $pdo, 2200, 'Authentication error', $clTRID); + sendEppError($conn, $pdo, 2201, 'Unknown client identifier', $clTRID); break; } $xmlString = $xml->asXML(); @@ -210,7 +213,7 @@ $server->handle(function (Connection $conn) use ($table, $pool, $c, $log, $permi } break; } - + case isset($xml->command->logout): { $data = $table->get($connId); @@ -591,17 +594,20 @@ $server->handle(function (Connection $conn) use ($table, $pool, $c, $log, $permi $log->error('Failed to reconnect to DB: ' . $e2->getMessage()); sendEppError($conn, null, 2500, 'Error connecting to the EPP database'); $conn->close(); + break; } } else { // Non-connection errors (e.g. syntax error, constraint violation) => no reconnect attempt sendEppError($conn, $pdo, 2500, 'DB error: ' . $e->getMessage()); $conn->close(); + break; } } catch (Throwable $e) { // Catch any other exceptions or errors $log->error('General Error: ' . $e->getMessage()); sendEppError($conn, $pdo, 2500, 'General error'); $conn->close(); + break; } finally { // Return the connection to the pool $pool->put($pdo);