zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-07-07 03:23:30 +02:00
Code Issues Projects Releases Packages Wiki Activity

EPP server optimization

Browse source
This commit is contained in:
Pinga 2025-03-29 18:10:33 +02:00
parent a89a09a381
commit ac9995b4e5
8 changed files with 247 additions and 142 deletions
Download patch file Download diff file Expand all files Collapse all files

130
epp/src/epp-create.php
View file

@ -18,18 +18,14 @@ function processContactCreate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT * FROM contact WHERE identifier = :id"); $stmt = $db->prepare("SELECT * FROM contact WHERE identifier = :id");
$stmt->execute(['id' => $contactID]); $stmt->execute(['id' => $contactID]);
$contact = $stmt->fetch(PDO::FETCH_ASSOC); $contact = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
if ($contact) { if ($contact) {
sendEppError($conn, $db, 2302, 'Contact ID already exists', $clTRID, $trans); sendEppError($conn, $db, 2302, 'Contact ID already exists', $clTRID, $trans);
return; return;
} }
$stmt = $db->prepare("SELECT id FROM registrar WHERE clid = :clid LIMIT 1"); $clid = getClid($db, $clid);
$stmt->bindParam(':clid', $clid, PDO::PARAM_STR);
$stmt->execute();
$clid = $stmt->fetch(PDO::FETCH_ASSOC);
$contactCreate = $xml->command->create->children('urn:ietf:params:xml:ns:contact-1.0')->create; $contactCreate = $xml->command->create->children('urn:ietf:params:xml:ns:contact-1.0')->create;
$postalInfoInt = null; $postalInfoInt = null;
@ -332,8 +328,8 @@ function processContactCreate($conn, $db, $xml, $clid, $database_type, $trans) {
$email, $email,
$nin ?? null, $nin ?? null,
$nin_type ?? null, $nin_type ?? null,
$clid['id'], $clid,
$clid['id'], $clid,
$disclose_voice, $disclose_voice,
$disclose_fax, $disclose_fax,
$disclose_email $disclose_email
@ -356,14 +352,14 @@ function processContactCreate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("INSERT INTO contact_status (contact_id,status) VALUES(?,?)"); $stmt = $db->prepare("INSERT INTO contact_status (contact_id,status) VALUES(?,?)");
$stmt->execute([$contact_id, 'ok']); $stmt->execute([$contact_id, 'ok']);
$stmt = $db->prepare("SELECT identifier FROM contact WHERE id = ? LIMIT 1");
$stmt->execute([$contact_id]);
$identifier = $stmt->fetchColumn();
$stmt = $db->prepare("SELECT crdate FROM contact WHERE id = ? LIMIT 1"); $stmt = $db->prepare("SELECT identifier, crdate FROM contact WHERE id = ? LIMIT 1");
$stmt->execute([$contact_id]); $stmt->execute([$contact_id]);
$crdate = $stmt->fetchColumn(); $row = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$identifier = $row['identifier'] ?? null;
$crdate = $row['crdate'] ?? null;
} catch (PDOException $e) { } catch (PDOException $e) {
sendEppError($conn, $db, 2400, 'Contact could not be created due to database error', $clTRID, $trans); sendEppError($conn, $db, 2400, 'Contact could not be created due to database error', $clTRID, $trans);
@ -411,11 +407,7 @@ function processHostCreate($conn, $db, $xml, $clid, $database_type, $trans) {
return; return;
} }
$stmt = $db->prepare("SELECT id FROM registrar WHERE clid = :clid LIMIT 1"); $clid = getClid($db, $clid);
$stmt->bindParam(':clid', $clid, PDO::PARAM_STR);
$stmt->execute();
$clid = $stmt->fetch(PDO::FETCH_ASSOC);
$clid = $clid['id'];
$nsArr = []; $nsArr = [];
@ -476,6 +468,7 @@ function processHostCreate($conn, $db, $xml, $clid, $database_type, $trans) {
break; break;
} }
} }
$stmt->closeCursor();
if (!$domain_exist) { if (!$domain_exist) {
sendEppError($conn, $db, 2303, 'A host name object can NOT be created in a repository for which no superordinate domain name object exists', $clTRID, $trans); sendEppError($conn, $db, 2303, 'A host name object can NOT be created in a repository for which no superordinate domain name object exists', $clTRID, $trans);
@ -520,6 +513,7 @@ function processHostCreate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT crdate FROM host WHERE name = ? LIMIT 1"); $stmt = $db->prepare("SELECT crdate FROM host WHERE name = ? LIMIT 1");
$stmt->execute([$hostName]); $stmt->execute([$hostName]);
$crdate = $stmt->fetchColumn(); $crdate = $stmt->fetchColumn();
$stmt->closeCursor();
$svTRID = generateSvTRID(); $svTRID = generateSvTRID();
$response = [ $response = [
@ -551,6 +545,7 @@ function processHostCreate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT crdate FROM host WHERE name = ? LIMIT 1"); $stmt = $db->prepare("SELECT crdate FROM host WHERE name = ? LIMIT 1");
$stmt->execute([$hostName]); $stmt->execute([$hostName]);
$crdate = $stmt->fetchColumn(); $crdate = $stmt->fetchColumn();
$stmt->closeCursor();
$svTRID = generateSvTRID(); $svTRID = generateSvTRID();
$response = [ $response = [
@ -589,6 +584,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
$stmt = $db->prepare("SELECT value FROM settings WHERE name = 'launch_phases' LIMIT 1"); $stmt = $db->prepare("SELECT value FROM settings WHERE name = 'launch_phases' LIMIT 1");
$stmt->execute(); $stmt->execute();
$launch_extension_enabled = $stmt->fetchColumn(); $launch_extension_enabled = $stmt->fetchColumn();
$stmt->closeCursor();
} }
if ($launch_extension_enabled && isset($launch_create)) { if ($launch_extension_enabled && isset($launch_create)) {
@ -660,6 +656,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
$stmt = $db->prepare("SELECT id FROM domain_tld WHERE UPPER(tld) = ?"); $stmt = $db->prepare("SELECT id FROM domain_tld WHERE UPPER(tld) = ?");
$stmt->execute([$domain_extension]); $stmt->execute([$domain_extension]);
$tld_id = $stmt->fetchColumn(); $tld_id = $stmt->fetchColumn();
$stmt->closeCursor();
if (!$tld_id) { if (!$tld_id) {
sendEppError($conn, $db, 2306, 'Invalid domain extension', $clTRID, $trans); sendEppError($conn, $db, 2306, 'Invalid domain extension', $clTRID, $trans);
@ -669,6 +666,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
$stmt = $db->prepare("SELECT id FROM domain WHERE name = ? LIMIT 1"); $stmt = $db->prepare("SELECT id FROM domain WHERE name = ? LIMIT 1");
$stmt->execute([$domainName]); $stmt->execute([$domainName]);
$domain_already_exist = $stmt->fetchColumn(); $domain_already_exist = $stmt->fetchColumn();
$stmt->closeCursor();
if ($domain_already_exist) { if ($domain_already_exist) {
sendEppError($conn, $db, 2302, 'Domain name already exists', $clTRID, $trans); sendEppError($conn, $db, 2302, 'Domain name already exists', $clTRID, $trans);
@ -690,6 +688,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
"); ");
$stmt->execute([$tld_id, $currentDate, $currentDate]); $stmt->execute([$tld_id, $currentDate, $currentDate]);
$phase_details = $stmt->fetchColumn(); $phase_details = $stmt->fetchColumn();
$stmt->closeCursor();
$launch_phase = $launch_phase ?? null; $launch_phase = $launch_phase ?? null;
@ -714,6 +713,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
"); ");
$stmt->execute([$tld_id, $currentDate, $currentDate]); $stmt->execute([$tld_id, $currentDate, $currentDate]);
$phase_details = $stmt->fetchColumn(); $phase_details = $stmt->fetchColumn();
$stmt->closeCursor();
// Check if the phase requires application submission // Check if the phase requires application submission
if (empty($launch_phase) && $launch_phase !== 'custom' && $phase_details === 'Application') { if (empty($launch_phase) && $launch_phase !== 'custom' && $phase_details === 'Application') {
@ -822,6 +822,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
$stmt = $db->prepare("SELECT id FROM reserved_domain_names WHERE name = ? LIMIT 1"); $stmt = $db->prepare("SELECT id FROM reserved_domain_names WHERE name = ? LIMIT 1");
$stmt->execute([$label]); $stmt->execute([$label]);
$domain_already_reserved = $stmt->fetchColumn(); $domain_already_reserved = $stmt->fetchColumn();
$stmt->closeCursor();
if ($domain_already_reserved) { if ($domain_already_reserved) {
if ($allocation_token !== null) { if ($allocation_token !== null) {
@ -832,6 +833,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
$stmt->bindParam(':token', $allocationTokenValue, PDO::PARAM_STR); $stmt->bindParam(':token', $allocationTokenValue, PDO::PARAM_STR);
$stmt->execute(); $stmt->execute();
$token = $stmt->fetchColumn(); $token = $stmt->fetchColumn();
$stmt->closeCursor();
if ($token) { if ($token) {
// No action needed, script continues // No action needed, script continues
@ -885,16 +887,13 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
return; return;
} }
$stmt = $db->prepare("SELECT id FROM registrar WHERE clid = :clid LIMIT 1"); $clid = getClid($db, $clid);
$stmt->bindParam(':clid', $clid, PDO::PARAM_STR);
$stmt->execute();
$clid = $stmt->fetch(PDO::FETCH_ASSOC);
$clid = $clid['id'];
$stmt = $db->prepare("SELECT accountBalance, creditLimit, currency FROM registrar WHERE id = :registrar_id LIMIT 1"); $stmt = $db->prepare("SELECT accountBalance, creditLimit, currency FROM registrar WHERE id = :registrar_id LIMIT 1");
$stmt->bindParam(':registrar_id', $clid, PDO::PARAM_INT); $stmt->bindParam(':registrar_id', $clid, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC); $result = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$registrar_balance = $result['accountBalance']; $registrar_balance = $result['accountBalance'];
$creditLimit = $result['creditLimit']; $creditLimit = $result['creditLimit'];
$currency = $result['currency']; $currency = $result['currency'];
@ -973,6 +972,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
$stmt->execute(); $stmt->execute();
$host_id_already_exist = $stmt->fetch(PDO::FETCH_COLUMN); $host_id_already_exist = $stmt->fetch(PDO::FETCH_COLUMN);
$stmt->closeCursor();
if (!$host_id_already_exist) { if (!$host_id_already_exist) {
sendEppError($conn, $db, 2303, 'domain:hostObj '.$hostObj.' does not exist', $clTRID, $trans); sendEppError($conn, $db, 2303, 'domain:hostObj '.$hostObj.' does not exist', $clTRID, $trans);
@ -1002,6 +1002,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
break; break;
} }
} }
$stmt->closeCursor();
if ($internal_host) { if ($internal_host) {
if (preg_match('/\.' . preg_quote($domainName, '/') . '$/i', $hostName)) { if (preg_match('/\.' . preg_quote($domainName, '/') . '$/i', $hostName)) {
@ -1032,34 +1033,14 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
$addr_type = (string) ($node['ip'] ?? 'v4'); $addr_type = (string) ($node['ip'] ?? 'v4');
if ($addr_type == 'v6') { if ($addr_type == 'v6') {
if (preg_match('/^[\da-fA-F]{1,4}(:[\da-fA-F]{1,4}){7}$/', $hostAddr) || if (!filter_var($hostAddr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
preg_match('/^::$/', $hostAddr) ||
preg_match('/^([\da-fA-F]{1,4}:){1,7}:$/', $hostAddr) ||
preg_match('/^[\da-fA-F]{1,4}:(:[\da-fA-F]{1,4}){1,6}$/', $hostAddr) ||
preg_match('/^([\da-fA-F]{1,4}:){2}(:[\da-fA-F]{1,4}){1,5}$/', $hostAddr) ||
preg_match('/^([\da-fA-F]{1,4}:){3}(:[\da-fA-F]{1,4}){1,4}$/', $hostAddr) ||
preg_match('/^([\da-fA-F]{1,4}:){4}(:[\da-fA-F]{1,4}){1,3}$/', $hostAddr) ||
preg_match('/^([\da-fA-F]{1,4}:){5}(:[\da-fA-F]{1,4}){1,2}$/', $hostAddr) ||
preg_match('/^([\da-fA-F]{1,4}:){6}:[\da-fA-F]{1,4}$/', $hostAddr)
) {
// true
// Additional verifications for reserved or private IPs as per [RFC5735] [RFC5156] can go here.
} else {
sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v6', $clTRID, $trans); sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v6', $clTRID, $trans);
return; return;
} }
} else { } else {
list($a, $b, $c, $d) = explode('.', $hostAddr); if (!filter_var($hostAddr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) || $hostAddr === '127.0.0.1') {
if (preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $hostAddr) && $a < 256 && $b < 256 && $c < 256 && $d < 256) { sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v4', $clTRID, $trans);
// true return;
// Additional verifications for reserved or private IPs as per [RFC5735] [RFC5156] can go here.
if ($hostAddr == '127.0.0.1') {
sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v4', $clTRID, $trans);
return;
}
} else {
sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v4', $clTRID, $trans);
return;
} }
} }
} }
@ -1081,6 +1062,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
break; break;
} }
} }
$stmt->closeCursor();
// Object does not exist error // Object does not exist error
if (!$domain_exist) { if (!$domain_exist) {
@ -1129,36 +1111,14 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
$addr_type = isset($node['ip']) ? (string) $node['ip'] : 'v4'; $addr_type = isset($node['ip']) ? (string) $node['ip'] : 'v4';
if ($addr_type === 'v6') { if ($addr_type === 'v6') {
if (preg_match('/^[\da-fA-F]{1,4}(:[\da-fA-F]{1,4}){7}$/', $hostAddr) || if (!filter_var($hostAddr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$hostAddr === '::' || sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v6', $clTRID, $trans);
preg_match('/^([\da-fA-F]{1,4}:){1,7}:$/', $hostAddr) || return;
preg_match('/^[\da-fA-F]{1,4}:(:[\da-fA-F]{1,4}){1,6}$/', $hostAddr) ||
preg_match('/^([\da-fA-F]{1,4}:){2}(:[\da-fA-F]{1,4}){1,5}$/', $hostAddr) ||
preg_match('/^([\da-fA-F]{1,4}:){3}(:[\da-fA-F]{1,4}){1,4}$/', $hostAddr) ||
preg_match('/^([\da-fA-F]{1,4}:){4}(:[\da-fA-F]{1,4}){1,3}$/', $hostAddr) ||
preg_match('/^([\da-fA-F]{1,4}:){5}(:[\da-fA-F]{1,4}){1,2}$/', $hostAddr) ||
preg_match('/^([\da-fA-F]{1,4}:){6}:[\da-fA-F]{1,4}$/', $hostAddr)
) {
// true
// Add check for reserved or private IP addresses (not implemented here, add as needed)
} else {
sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v6', $clTRID, $trans);
return;
} }
} else { } else {
list($a, $b, $c, $d) = explode('.', $hostAddr); if (!filter_var($hostAddr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) || $hostAddr === '127.0.0.1') {
sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v4', $clTRID, $trans);
if (preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $hostAddr) && return;
$a < 256 && $b < 256 && $c < 256 && $d < 256) {
// true
// Add check for reserved or private IP addresses (not implemented here, add as needed)
if ($hostAddr === '127.0.0.1') {
sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v4', $clTRID, $trans);
return;
}
} else {
sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v4', $clTRID, $trans);
return;
} }
} }
} }
@ -1203,6 +1163,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
$registrantStmt = $db->prepare("SELECT id FROM contact WHERE identifier = :registrant LIMIT 1"); $registrantStmt = $db->prepare("SELECT id FROM contact WHERE identifier = :registrant LIMIT 1");
$registrantStmt->execute([':registrant' => $registrant_id]); $registrantStmt->execute([':registrant' => $registrant_id]);
$registrant_id = $registrantStmt->fetchColumn(); $registrant_id = $registrantStmt->fetchColumn();
$registrantStmt->closeCursor();
// Set registrant_id to null if it returns false // Set registrant_id to null if it returns false
if ($registrant_id === false) { if ($registrant_id === false) {
@ -1215,6 +1176,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
$stmt->execute(); $stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC); $row = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
if (!$row) { if (!$row) {
sendEppError($conn, $db, 2303, 'domain:registrant does not exist', $clTRID, $trans); sendEppError($conn, $db, 2303, 'domain:registrant does not exist', $clTRID, $trans);
return; return;
@ -1246,6 +1208,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
$stmt->execute(); $stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC); $row = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
if (!$row) { if (!$row) {
sendEppError($conn, $db, 2303, 'domain:contact '.$type.' does not exist', $clTRID, $trans); sendEppError($conn, $db, 2303, 'domain:contact '.$type.' does not exist', $clTRID, $trans);
return; return;
@ -1340,6 +1303,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
$selectDomainDatesStmt = $db->prepare("SELECT crdate,exdate FROM application WHERE name = :name LIMIT 1"); $selectDomainDatesStmt = $db->prepare("SELECT crdate,exdate FROM application WHERE name = :name LIMIT 1");
$selectDomainDatesStmt->execute([':name' => $domainName]); $selectDomainDatesStmt->execute([':name' => $domainName]);
[$from, $to] = $selectDomainDatesStmt->fetch(PDO::FETCH_NUM); [$from, $to] = $selectDomainDatesStmt->fetch(PDO::FETCH_NUM);
$selectDomainDatesStmt->closeCursor();
$statementStmt = $db->prepare("INSERT INTO statement (registrar_id,date,command,domain_name,length_in_months,fromS,toS,amount) VALUES(:registrar_id,CURRENT_TIMESTAMP(3),:cmd,:name,:date_add,:from,:to,:price)"); $statementStmt = $db->prepare("INSERT INTO statement (registrar_id,date,command,domain_name,length_in_months,fromS,toS,amount) VALUES(:registrar_id,CURRENT_TIMESTAMP(3),:cmd,:name,:date_add,:from,:to,:price)");
$statementStmt->execute([ $statementStmt->execute([
@ -1359,11 +1323,13 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
$hostExistStmt = $db->prepare("SELECT id FROM host WHERE name = :hostObj LIMIT 1"); $hostExistStmt = $db->prepare("SELECT id FROM host WHERE name = :hostObj LIMIT 1");
$hostExistStmt->execute([':hostObj' => $hostObj]); $hostExistStmt->execute([':hostObj' => $hostObj]);
$hostObj_already_exist = $hostExistStmt->fetchColumn(); $hostObj_already_exist = $hostExistStmt->fetchColumn();
$hostExistStmt->closeCursor();
if ($hostObj_already_exist) { if ($hostObj_already_exist) {
$domainHostMapStmt = $db->prepare("SELECT domain_id FROM application_host_map WHERE domain_id = :domain_id AND host_id = :host_id LIMIT 1"); $domainHostMapStmt = $db->prepare("SELECT domain_id FROM application_host_map WHERE domain_id = :domain_id AND host_id = :host_id LIMIT 1");
$domainHostMapStmt->execute([':domain_id' => $domain_id, ':host_id' => $hostObj_already_exist]); $domainHostMapStmt->execute([':domain_id' => $domain_id, ':host_id' => $hostObj_already_exist]);
$domain_host_map_id = $domainHostMapStmt->fetchColumn(); $domain_host_map_id = $domainHostMapStmt->fetchColumn();
$domainHostMapStmt->closeCursor();
if (!$domain_host_map_id) { if (!$domain_host_map_id) {
$insertDomainHostMapStmt = $db->prepare("INSERT INTO application_host_map (domain_id,host_id) VALUES(:domain_id,:host_id)"); $insertDomainHostMapStmt = $db->prepare("INSERT INTO application_host_map (domain_id,host_id) VALUES(:domain_id,:host_id)");
@ -1426,12 +1392,14 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
$stmt = $db->prepare("SELECT id FROM host WHERE name = ? LIMIT 1"); $stmt = $db->prepare("SELECT id FROM host WHERE name = ? LIMIT 1");
$stmt->execute([$hostName]); $stmt->execute([$hostName]);
$hostName_already_exist = $stmt->fetchColumn(); $hostName_already_exist = $stmt->fetchColumn();
$stmt->closeCursor();
if ($hostName_already_exist) { if ($hostName_already_exist) {
// Check if the host is already mapped to this domain // Check if the host is already mapped to this domain
$stmt = $db->prepare("SELECT domain_id FROM application_host_map WHERE domain_id = ? AND host_id = ? LIMIT 1"); $stmt = $db->prepare("SELECT domain_id FROM application_host_map WHERE domain_id = ? AND host_id = ? LIMIT 1");
$stmt->execute([$domain_id, $hostName_already_exist]); $stmt->execute([$domain_id, $hostName_already_exist]);
$domain_host_map_id = $stmt->fetchColumn(); $domain_host_map_id = $stmt->fetchColumn();
$stmt->closeCursor();
if (!$domain_host_map_id) { if (!$domain_host_map_id) {
// Map the host to the domain // Map the host to the domain
@ -1493,6 +1461,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
$stmt = $db->prepare("SELECT id FROM contact WHERE identifier = ? LIMIT 1"); $stmt = $db->prepare("SELECT id FROM contact WHERE identifier = ? LIMIT 1");
$stmt->execute([$contact]); $stmt->execute([$contact]);
$contact_id = $stmt->fetchColumn(); $contact_id = $stmt->fetchColumn();
$stmt->closeCursor();
$stmt = $db->prepare("INSERT INTO application_contact_map (domain_id,contact_id,type) VALUES(?,?,?)"); $stmt = $db->prepare("INSERT INTO application_contact_map (domain_id,contact_id,type) VALUES(?,?,?)");
$stmt->execute([$domain_id, $contact_id, $type]); $stmt->execute([$domain_id, $contact_id, $type]);
@ -1502,6 +1471,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
$stmt = $db->prepare("SELECT crdate,exdate FROM domain WHERE name = ? LIMIT 1"); $stmt = $db->prepare("SELECT crdate,exdate FROM domain WHERE name = ? LIMIT 1");
$stmt->execute([$domainName]); $stmt->execute([$domainName]);
[$crdate, $exdate] = $stmt->fetch(PDO::FETCH_NUM); [$crdate, $exdate] = $stmt->fetch(PDO::FETCH_NUM);
$stmt->closeCursor();
$db->commit(); $db->commit();
} catch (Exception $e) { } catch (Exception $e) {
@ -1709,6 +1679,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
$selectDomainDatesStmt = $db->prepare("SELECT crdate,exdate FROM domain WHERE name = :name LIMIT 1"); $selectDomainDatesStmt = $db->prepare("SELECT crdate,exdate FROM domain WHERE name = :name LIMIT 1");
$selectDomainDatesStmt->execute([':name' => $domainName]); $selectDomainDatesStmt->execute([':name' => $domainName]);
[$from, $to] = $selectDomainDatesStmt->fetch(PDO::FETCH_NUM); [$from, $to] = $selectDomainDatesStmt->fetch(PDO::FETCH_NUM);
$selectDomainDatesStmt->closeCursor();
$statementStmt = $db->prepare("INSERT INTO statement (registrar_id,date,command,domain_name,length_in_months,fromS,toS,amount) VALUES(:registrar_id,CURRENT_TIMESTAMP(3),:cmd,:name,:date_add,:from,:to,:price)"); $statementStmt = $db->prepare("INSERT INTO statement (registrar_id,date,command,domain_name,length_in_months,fromS,toS,amount) VALUES(:registrar_id,CURRENT_TIMESTAMP(3),:cmd,:name,:date_add,:from,:to,:price)");
$statementStmt->execute([ $statementStmt->execute([
@ -1728,11 +1699,13 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
$hostExistStmt = $db->prepare("SELECT id FROM host WHERE name = :hostObj LIMIT 1"); $hostExistStmt = $db->prepare("SELECT id FROM host WHERE name = :hostObj LIMIT 1");
$hostExistStmt->execute([':hostObj' => $hostObj]); $hostExistStmt->execute([':hostObj' => $hostObj]);
$hostObj_already_exist = $hostExistStmt->fetchColumn(); $hostObj_already_exist = $hostExistStmt->fetchColumn();
$hostExistStmt->closeCursor();
if ($hostObj_already_exist) { if ($hostObj_already_exist) {
$domainHostMapStmt = $db->prepare("SELECT domain_id FROM domain_host_map WHERE domain_id = :domain_id AND host_id = :host_id LIMIT 1"); $domainHostMapStmt = $db->prepare("SELECT domain_id FROM domain_host_map WHERE domain_id = :domain_id AND host_id = :host_id LIMIT 1");
$domainHostMapStmt->execute([':domain_id' => $domain_id, ':host_id' => $hostObj_already_exist]); $domainHostMapStmt->execute([':domain_id' => $domain_id, ':host_id' => $hostObj_already_exist]);
$domain_host_map_id = $domainHostMapStmt->fetchColumn(); $domain_host_map_id = $domainHostMapStmt->fetchColumn();
$domainHostMapStmt->closeCursor();
if (!$domain_host_map_id) { if (!$domain_host_map_id) {
$insertDomainHostMapStmt = $db->prepare("INSERT INTO domain_host_map (domain_id,host_id) VALUES(:domain_id,:host_id)"); $insertDomainHostMapStmt = $db->prepare("INSERT INTO domain_host_map (domain_id,host_id) VALUES(:domain_id,:host_id)");
@ -1795,12 +1768,14 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
$stmt = $db->prepare("SELECT id FROM host WHERE name = ? LIMIT 1"); $stmt = $db->prepare("SELECT id FROM host WHERE name = ? LIMIT 1");
$stmt->execute([$hostName]); $stmt->execute([$hostName]);
$hostName_already_exist = $stmt->fetchColumn(); $hostName_already_exist = $stmt->fetchColumn();
$stmt->closeCursor();
if ($hostName_already_exist) { if ($hostName_already_exist) {
// Check if the host is already mapped to this domain // Check if the host is already mapped to this domain
$stmt = $db->prepare("SELECT domain_id FROM domain_host_map WHERE domain_id = ? AND host_id = ? LIMIT 1"); $stmt = $db->prepare("SELECT domain_id FROM domain_host_map WHERE domain_id = ? AND host_id = ? LIMIT 1");
$stmt->execute([$domain_id, $hostName_already_exist]); $stmt->execute([$domain_id, $hostName_already_exist]);
$domain_host_map_id = $stmt->fetchColumn(); $domain_host_map_id = $stmt->fetchColumn();
$stmt->closeCursor();
if (!$domain_host_map_id) { if (!$domain_host_map_id) {
// Map the host to the domain // Map the host to the domain
@ -1862,6 +1837,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
$stmt = $db->prepare("SELECT id FROM contact WHERE identifier = ? LIMIT 1"); $stmt = $db->prepare("SELECT id FROM contact WHERE identifier = ? LIMIT 1");
$stmt->execute([$contact]); $stmt->execute([$contact]);
$contact_id = $stmt->fetchColumn(); $contact_id = $stmt->fetchColumn();
$stmt->closeCursor();
$stmt = $db->prepare("INSERT INTO domain_contact_map (domain_id,contact_id,type) VALUES(?,?,?)"); $stmt = $db->prepare("INSERT INTO domain_contact_map (domain_id,contact_id,type) VALUES(?,?,?)");
$stmt->execute([$domain_id, $contact_id, $type]); $stmt->execute([$domain_id, $contact_id, $type]);
@ -1871,10 +1847,12 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
$stmt = $db->prepare("SELECT crdate,exdate FROM domain WHERE name = ? LIMIT 1"); $stmt = $db->prepare("SELECT crdate,exdate FROM domain WHERE name = ? LIMIT 1");
$stmt->execute([$domainName]); $stmt->execute([$domainName]);
[$crdate, $exdate] = $stmt->fetch(PDO::FETCH_NUM); [$crdate, $exdate] = $stmt->fetch(PDO::FETCH_NUM);
$stmt->closeCursor();
$stmt = $db->prepare("SELECT id FROM statistics WHERE date = CURDATE()"); $stmt = $db->prepare("SELECT id FROM statistics WHERE date = CURDATE()");
$stmt->execute(); $stmt->execute();
$curdate_id = $stmt->fetchColumn(); $curdate_id = $stmt->fetchColumn();
$stmt->closeCursor();
if (!$curdate_id) { if (!$curdate_id) {
$stmt = $db->prepare("INSERT IGNORE INTO statistics (date) VALUES(CURDATE())"); $stmt = $db->prepare("INSERT IGNORE INTO statistics (date) VALUES(CURDATE())");

29
epp/src/epp-delete.php
View file

@ -12,6 +12,7 @@ function processContactDelete($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT id, clid FROM contact WHERE identifier = ? LIMIT 1"); $stmt = $db->prepare("SELECT id, clid FROM contact WHERE identifier = ? LIMIT 1");
$stmt->execute([$contactID]); $stmt->execute([$contactID]);
$row = $stmt->fetch(PDO::FETCH_ASSOC); $row = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$contact_id = $row['id'] ?? null; $contact_id = $row['id'] ?? null;
$registrar_id_contact = $row['clid'] ?? null; $registrar_id_contact = $row['clid'] ?? null;
@ -21,12 +22,7 @@ function processContactDelete($conn, $db, $xml, $clid, $database_type, $trans) {
return; return;
} }
$stmt = $db->prepare("SELECT id FROM registrar WHERE clid = :clid LIMIT 1"); $clid = getClid($db, $clid);
$stmt->bindParam(':clid', $clid, PDO::PARAM_STR);
$stmt->execute();
$clid = $stmt->fetch(PDO::FETCH_ASSOC);
$clid = $clid['id'];
if ($clid !== $registrar_id_contact) { if ($clid !== $registrar_id_contact) {
sendEppError($conn, $db, 2201, 'Contact belongs to another registrar', $clTRID, $trans); sendEppError($conn, $db, 2201, 'Contact belongs to another registrar', $clTRID, $trans);
return; return;
@ -35,6 +31,7 @@ function processContactDelete($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT id FROM domain WHERE registrant = ? LIMIT 1"); $stmt = $db->prepare("SELECT id FROM domain WHERE registrant = ? LIMIT 1");
$stmt->execute([$contact_id]); $stmt->execute([$contact_id]);
$registrantExists = $stmt->fetchColumn(); $registrantExists = $stmt->fetchColumn();
$stmt->closeCursor();
if ($registrantExists) { if ($registrantExists) {
sendEppError($conn, $db, 2305, 'This contact is associated with a domain as a registrant', $clTRID, $trans); sendEppError($conn, $db, 2305, 'This contact is associated with a domain as a registrant', $clTRID, $trans);
@ -44,6 +41,7 @@ function processContactDelete($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT id FROM domain_contact_map WHERE contact_id = ? LIMIT 1"); $stmt = $db->prepare("SELECT id FROM domain_contact_map WHERE contact_id = ? LIMIT 1");
$stmt->execute([$contact_id]); $stmt->execute([$contact_id]);
$contactInUse = $stmt->fetchColumn(); $contactInUse = $stmt->fetchColumn();
$stmt->closeCursor();
if ($contactInUse) { if ($contactInUse) {
sendEppError($conn, $db, 2305, 'This contact is associated with a domain', $clTRID, $trans); sendEppError($conn, $db, 2305, 'This contact is associated with a domain', $clTRID, $trans);
@ -59,6 +57,7 @@ function processContactDelete($conn, $db, $xml, $clid, $database_type, $trans) {
return; return;
} }
} }
$stmt->closeCursor();
// Delete associated records // Delete associated records
$db->prepare("DELETE FROM contact_postalInfo WHERE contact_id = ?")->execute([$contact_id]); $db->prepare("DELETE FROM contact_postalInfo WHERE contact_id = ?")->execute([$contact_id]);
@ -108,6 +107,7 @@ function processHostDelete($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare($query); $stmt = $db->prepare($query);
$stmt->execute([':name' => $hostName]); $stmt->execute([':name' => $hostName]);
$result = $stmt->fetch(PDO::FETCH_ASSOC); $result = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$host_id = $result['id'] ?? null; $host_id = $result['id'] ?? null;
$registrar_id_host = $result['clid'] ?? null; $registrar_id_host = $result['clid'] ?? null;
@ -117,12 +117,7 @@ function processHostDelete($conn, $db, $xml, $clid, $database_type, $trans) {
return; return;
} }
$stmt = $db->prepare("SELECT id FROM registrar WHERE clid = :clid LIMIT 1"); $clid = getClid($db, $clid);
$stmt->bindParam(':clid', $clid, PDO::PARAM_STR);
$stmt->execute();
$clid = $stmt->fetch(PDO::FETCH_ASSOC);
$clid = $clid['id'];
if ($clid !== $registrar_id_host) { if ($clid !== $registrar_id_host) {
sendEppError($conn, $db, 2201, 'Host belongs to another registrar', $clTRID, $trans); sendEppError($conn, $db, 2201, 'Host belongs to another registrar', $clTRID, $trans);
return; return;
@ -132,6 +127,7 @@ function processHostDelete($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare($query); $stmt = $db->prepare($query);
$stmt->execute([':host_id' => $host_id]); $stmt->execute([':host_id' => $host_id]);
$nameserver_inuse = $stmt->fetchColumn(); $nameserver_inuse = $stmt->fetchColumn();
$stmt->closeCursor();
if ($nameserver_inuse) { if ($nameserver_inuse) {
sendEppError($conn, $db, 2305, 'It is not possible to delete because it is a dependency, it is used by some domain', $clTRID, $trans); sendEppError($conn, $db, 2305, 'It is not possible to delete because it is a dependency, it is used by some domain', $clTRID, $trans);
@ -199,6 +195,7 @@ function processDomainDelete($conn, $db, $xml, $clid, $database_type, $trans) {
} }
$stmt->execute([':name' => $domainName]); $stmt->execute([':name' => $domainName]);
$result = $stmt->fetch(PDO::FETCH_ASSOC); $result = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
if (!$result) { if (!$result) {
sendEppError($conn, $db, 2303, 'domain:name does not exist', $clTRID, $trans); sendEppError($conn, $db, 2303, 'domain:name does not exist', $clTRID, $trans);
@ -230,6 +227,7 @@ function processDomainDelete($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt->bindParam(':clid', $clid, PDO::PARAM_STR); $stmt->bindParam(':clid', $clid, PDO::PARAM_STR);
$stmt->execute(); $stmt->execute();
$result2 = $stmt->fetch(PDO::FETCH_ASSOC); $result2 = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$clid = $result2['id']; $clid = $result2['id'];
$currency = $result2['currency']; $currency = $result2['currency'];
@ -248,6 +246,7 @@ function processDomainDelete($conn, $db, $xml, $clid, $database_type, $trans) {
return; return;
} }
} }
$stmt->closeCursor();
} }
if (isset($launch_delete)) { if (isset($launch_delete)) {
@ -257,6 +256,7 @@ function processDomainDelete($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT id FROM application WHERE name = ? AND phase_type = ? AND application_id = ? LIMIT 1"); $stmt = $db->prepare("SELECT id FROM application WHERE name = ? AND phase_type = ? AND application_id = ? LIMIT 1");
$stmt->execute([$domainName, $phaseType, $applicationID]); $stmt->execute([$domainName, $phaseType, $applicationID]);
$result = $stmt->fetch(PDO::FETCH_ASSOC); $result = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
if (!$result) { if (!$result) {
sendEppError($conn, $db, 2306, "Please verify the launch phase and/or the application ID", $clTRID, $trans); sendEppError($conn, $db, 2306, "Please verify the launch phase and/or the application ID", $clTRID, $trans);
@ -306,6 +306,7 @@ function processDomainDelete($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT id FROM domain WHERE id = ? AND (CURRENT_TIMESTAMP(3) < DATE_ADD(crdate, INTERVAL 5 DAY)) LIMIT 1"); $stmt = $db->prepare("SELECT id FROM domain WHERE id = ? AND (CURRENT_TIMESTAMP(3) < DATE_ADD(crdate, INTERVAL 5 DAY)) LIMIT 1");
$stmt->execute([$domain_id]); $stmt->execute([$domain_id]);
$addPeriod_id = $stmt->fetchColumn(); $addPeriod_id = $stmt->fetchColumn();
$stmt->closeCursor();
if ($addPeriod_id) { if ($addPeriod_id) {
$returnValue = getDomainPrice($db, $domainName, $tldid, $addPeriod, 'create', $clid, $currency); $returnValue = getDomainPrice($db, $domainName, $tldid, $addPeriod, 'create', $clid, $currency);
@ -334,6 +335,7 @@ function processDomainDelete($conn, $db, $xml, $clid, $database_type, $trans) {
$db->exec("DELETE FROM host_status WHERE host_id = $host_id"); $db->exec("DELETE FROM host_status WHERE host_id = $host_id");
$db->exec("DELETE FROM domain_host_map WHERE host_id = $host_id"); $db->exec("DELETE FROM domain_host_map WHERE host_id = $host_id");
} }
$stmt->closeCursor();
// Delete domain related records // Delete domain related records
$db->exec("DELETE FROM domain_contact_map WHERE domain_id = $domain_id"); $db->exec("DELETE FROM domain_contact_map WHERE domain_id = $domain_id");
@ -364,6 +366,7 @@ function processDomainDelete($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT id FROM domain WHERE id = ? AND (CURRENT_TIMESTAMP(3) < DATE_ADD(renewedDate, INTERVAL 45 DAY)) LIMIT 1"); $stmt = $db->prepare("SELECT id FROM domain WHERE id = ? AND (CURRENT_TIMESTAMP(3) < DATE_ADD(renewedDate, INTERVAL 45 DAY)) LIMIT 1");
$stmt->execute([$domain_id]); $stmt->execute([$domain_id]);
$autoRenewPeriod_id = $stmt->fetchColumn(); $autoRenewPeriod_id = $stmt->fetchColumn();
$stmt->closeCursor();
if ($autoRenewPeriod_id) { if ($autoRenewPeriod_id) {
$returnValue = getDomainPrice($db, $domainName, $tldid, $autoRenewPeriod, 'renew', $clid, $currency); $returnValue = getDomainPrice($db, $domainName, $tldid, $autoRenewPeriod, 'renew', $clid, $currency);
@ -387,6 +390,7 @@ function processDomainDelete($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT id FROM domain WHERE id = ? AND (CURRENT_TIMESTAMP(3) < DATE_ADD(renewedDate, INTERVAL 5 DAY)) LIMIT 1"); $stmt = $db->prepare("SELECT id FROM domain WHERE id = ? AND (CURRENT_TIMESTAMP(3) < DATE_ADD(renewedDate, INTERVAL 5 DAY)) LIMIT 1");
$stmt->execute([$domain_id]); $stmt->execute([$domain_id]);
$renewPeriod_id = $stmt->fetchColumn(); $renewPeriod_id = $stmt->fetchColumn();
$stmt->closeCursor();
if ($renewPeriod_id) { if ($renewPeriod_id) {
$returnValue = getDomainPrice($db, $domainName, $tldid, $renewPeriod, 'renew', $clid, $currency); $returnValue = getDomainPrice($db, $domainName, $tldid, $renewPeriod, 'renew', $clid, $currency);
@ -410,6 +414,7 @@ function processDomainDelete($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT id FROM domain WHERE id = ? AND (CURRENT_TIMESTAMP(3) < DATE_ADD(trdate, INTERVAL 5 DAY)) LIMIT 1"); $stmt = $db->prepare("SELECT id FROM domain WHERE id = ? AND (CURRENT_TIMESTAMP(3) < DATE_ADD(trdate, INTERVAL 5 DAY)) LIMIT 1");
$stmt->execute([$domain_id]); $stmt->execute([$domain_id]);
$transferPeriod_id = $stmt->fetchColumn(); $transferPeriod_id = $stmt->fetchColumn();
$stmt->closeCursor();
if ($transferPeriod_id) { if ($transferPeriod_id) {
// Return money if a transfer was also a renew // Return money if a transfer was also a renew

22
epp/src/epp-info.php
View file

@ -31,6 +31,7 @@ function processContactInfo($conn, $db, $xml, $trans) {
"); ");
$stmt->execute(['id' => $contactID]); $stmt->execute(['id' => $contactID]);
$contact = $stmt->fetchAll(PDO::FETCH_ASSOC); $contact = $stmt->fetchAll(PDO::FETCH_ASSOC);
$stmt->closeCursor();
if (!$contact) { if (!$contact) {
sendEppError($conn, $db, 2303, 'Contact does not exist', $clTRID, $trans); sendEppError($conn, $db, 2303, 'Contact does not exist', $clTRID, $trans);
@ -61,6 +62,7 @@ function processContactInfo($conn, $db, $xml, $trans) {
$stmt = $db->prepare("SELECT status FROM contact_status WHERE contact_id = :id"); $stmt = $db->prepare("SELECT status FROM contact_status WHERE contact_id = :id");
$stmt->execute(['id' => $contactRow['id']]); $stmt->execute(['id' => $contactRow['id']]);
$statuses = $stmt->fetchAll(PDO::FETCH_COLUMN); $statuses = $stmt->fetchAll(PDO::FETCH_COLUMN);
$stmt->closeCursor();
$statusArray = array_map(fn($status) => [$status], $statuses); $statusArray = array_map(fn($status) => [$status], $statuses);
// Handle Disclose Fields (Only Show When Set to `1`) // Handle Disclose Fields (Only Show When Set to `1`)
@ -138,6 +140,7 @@ function processHostInfo($conn, $db, $xml, $trans) {
$stmt->execute(['name' => $hostName]); $stmt->execute(['name' => $hostName]);
$host = $stmt->fetch(PDO::FETCH_ASSOC); $host = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
if (!$host) { if (!$host) {
sendEppError($conn, $db, 2303, 'Host does not exist', $clTRID, $trans); sendEppError($conn, $db, 2303, 'Host does not exist', $clTRID, $trans);
@ -148,6 +151,7 @@ function processHostInfo($conn, $db, $xml, $trans) {
$stmt3 = $db->prepare("SELECT `addr`, `ip` FROM `host_addr` WHERE `host_id` = :id"); $stmt3 = $db->prepare("SELECT `addr`, `ip` FROM `host_addr` WHERE `host_id` = :id");
$stmt3->execute(['id' => $host['id']]); $stmt3->execute(['id' => $host['id']]);
$addresses = $stmt3->fetchAll(PDO::FETCH_ASSOC); $addresses = $stmt3->fetchAll(PDO::FETCH_ASSOC);
$stmt3->closeCursor();
$addrArray = []; $addrArray = [];
foreach($addresses as $addr) { foreach($addresses as $addr) {
@ -158,6 +162,7 @@ function processHostInfo($conn, $db, $xml, $trans) {
$stmt = $db->prepare("SELECT * FROM host_status WHERE host_id = :id"); $stmt = $db->prepare("SELECT * FROM host_status WHERE host_id = :id");
$stmt->execute(['id' => $host['id']]); $stmt->execute(['id' => $host['id']]);
$statuses = $stmt->fetchAll(PDO::FETCH_ASSOC); $statuses = $stmt->fetchAll(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$statusArray = []; $statusArray = [];
foreach($statuses as $status) { foreach($statuses as $status) {
@ -168,6 +173,7 @@ function processHostInfo($conn, $db, $xml, $trans) {
$stmt2 = $db->prepare("SELECT domain_id FROM domain_host_map WHERE host_id = :id LIMIT 1"); $stmt2 = $db->prepare("SELECT domain_id FROM domain_host_map WHERE host_id = :id LIMIT 1");
$stmt2->execute(['id' => $host['id']]); $stmt2->execute(['id' => $host['id']]);
$domainData = $stmt2->fetch(PDO::FETCH_ASSOC); $domainData = $stmt2->fetch(PDO::FETCH_ASSOC);
$stmt2->closeCursor();
if ($domainData) { if ($domainData) {
$statusArray[] = ['linked']; $statusArray[] = ['linked'];
@ -269,6 +275,7 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) {
$stmt->execute(); $stmt->execute();
$domain = $stmt->fetch(PDO::FETCH_ASSOC); $domain = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
if (!$domain) { if (!$domain) {
sendEppError($conn, $db, 2303, 'Application does not exist', $clTRID, $trans); sendEppError($conn, $db, 2303, 'Application does not exist', $clTRID, $trans);
@ -279,6 +286,7 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) {
$stmt = $db->prepare("SELECT * FROM application_contact_map WHERE domain_id = :id"); $stmt = $db->prepare("SELECT * FROM application_contact_map WHERE domain_id = :id");
$stmt->execute(['id' => $domain['id']]); $stmt->execute(['id' => $domain['id']]);
$contacts = $stmt->fetchAll(PDO::FETCH_ASSOC); $contacts = $stmt->fetchAll(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$transformedContacts = []; $transformedContacts = [];
foreach ($contacts as $contact) { foreach ($contacts as $contact) {
@ -289,6 +297,7 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) {
$stmt = $db->prepare("SELECT * FROM application_host_map WHERE domain_id = :id"); $stmt = $db->prepare("SELECT * FROM application_host_map WHERE domain_id = :id");
$stmt->execute(['id' => $domain['id']]); $stmt->execute(['id' => $domain['id']]);
$hosts = $stmt->fetchAll(PDO::FETCH_ASSOC); $hosts = $stmt->fetchAll(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$transformedHosts = []; $transformedHosts = [];
if ($hosts) { if ($hosts) {
@ -301,11 +310,13 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) {
$stmt = $db->prepare("SELECT * FROM application_status WHERE domain_id = :id LIMIT 1"); $stmt = $db->prepare("SELECT * FROM application_status WHERE domain_id = :id LIMIT 1");
$stmt->execute(['id' => $domain['id']]); $stmt->execute(['id' => $domain['id']]);
$status = $stmt->fetch(PDO::FETCH_ASSOC); $status = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
// Fetch registrant identifier // Fetch registrant identifier
$stmt = $db->prepare("SELECT identifier FROM contact WHERE id = :id"); $stmt = $db->prepare("SELECT identifier FROM contact WHERE id = :id");
$stmt->execute(['id' => $domain['registrant']]); $stmt->execute(['id' => $domain['registrant']]);
$registrant_id = $stmt->fetch(PDO::FETCH_COLUMN); $registrant_id = $stmt->fetch(PDO::FETCH_COLUMN);
$stmt->closeCursor();
$svTRID = generateSvTRID(); $svTRID = generateSvTRID();
$response = [ $response = [
@ -360,6 +371,7 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) {
$stmt->execute(); $stmt->execute();
$domain = $stmt->fetch(PDO::FETCH_ASSOC); $domain = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
if (!$domain) { if (!$domain) {
sendEppError($conn, $db, 2303, 'Domain does not exist', $clTRID, $trans); sendEppError($conn, $db, 2303, 'Domain does not exist', $clTRID, $trans);
@ -370,6 +382,7 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) {
$stmt = $db->prepare("SELECT id FROM domain_authInfo WHERE domain_id = ? AND authtype = 'pw' AND authinfo = ? LIMIT 1"); $stmt = $db->prepare("SELECT id FROM domain_authInfo WHERE domain_id = ? AND authtype = 'pw' AND authinfo = ? LIMIT 1");
$stmt->execute([$domain['id'], $authInfo_pw]); $stmt->execute([$domain['id'], $authInfo_pw]);
$domain_authinfo_id = $stmt->fetchColumn(); $domain_authinfo_id = $stmt->fetchColumn();
$stmt->closeCursor();
if (!$domain_authinfo_id) { if (!$domain_authinfo_id) {
sendEppError($conn, $db, 2202, 'authInfo pw is not correct', $clTRID, $trans); sendEppError($conn, $db, 2202, 'authInfo pw is not correct', $clTRID, $trans);
@ -381,6 +394,7 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) {
$stmt = $db->prepare("SELECT * FROM domain_contact_map WHERE domain_id = :id"); $stmt = $db->prepare("SELECT * FROM domain_contact_map WHERE domain_id = :id");
$stmt->execute(['id' => $domain['id']]); $stmt->execute(['id' => $domain['id']]);
$contacts = $stmt->fetchAll(PDO::FETCH_ASSOC); $contacts = $stmt->fetchAll(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$transformedContacts = []; $transformedContacts = [];
foreach ($contacts as $contact) { foreach ($contacts as $contact) {
@ -391,6 +405,7 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) {
$stmt = $db->prepare("SELECT * FROM domain_host_map WHERE domain_id = :id"); $stmt = $db->prepare("SELECT * FROM domain_host_map WHERE domain_id = :id");
$stmt->execute(['id' => $domain['id']]); $stmt->execute(['id' => $domain['id']]);
$hosts = $stmt->fetchAll(PDO::FETCH_ASSOC); $hosts = $stmt->fetchAll(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$transformedHosts = []; $transformedHosts = [];
if ($hosts) { if ($hosts) {
@ -402,16 +417,19 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) {
$stmt = $db->prepare("SELECT name FROM host WHERE domain_id = :id"); $stmt = $db->prepare("SELECT name FROM host WHERE domain_id = :id");
$stmt->execute(['id' => $domain['id']]); $stmt->execute(['id' => $domain['id']]);
$hostNames = $stmt->fetchAll(PDO::FETCH_COLUMN, 0); $hostNames = $stmt->fetchAll(PDO::FETCH_COLUMN, 0);
$stmt->closeCursor();
// Fetch authInfo // Fetch authInfo
$stmt = $db->prepare("SELECT * FROM domain_authInfo WHERE domain_id = :id"); $stmt = $db->prepare("SELECT * FROM domain_authInfo WHERE domain_id = :id");
$stmt->execute(['id' => $domain['id']]); $stmt->execute(['id' => $domain['id']]);
$authInfo = $stmt->fetch(PDO::FETCH_ASSOC); $authInfo = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
// Fetch status // Fetch status
$stmt = $db->prepare("SELECT * FROM domain_status WHERE domain_id = :id"); $stmt = $db->prepare("SELECT * FROM domain_status WHERE domain_id = :id");
$stmt->execute(['id' => $domain['id']]); $stmt->execute(['id' => $domain['id']]);
$statuses = $stmt->fetchAll(PDO::FETCH_ASSOC); $statuses = $stmt->fetchAll(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$statusArray = []; $statusArray = [];
foreach($statuses as $status) { foreach($statuses as $status) {
@ -422,11 +440,13 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) {
$stmt = $db->prepare("SELECT * FROM secdns WHERE domain_id = :id"); $stmt = $db->prepare("SELECT * FROM secdns WHERE domain_id = :id");
$stmt->execute(['id' => $domain['id']]); $stmt->execute(['id' => $domain['id']]);
$secDnsRecords = $stmt->fetchAll(PDO::FETCH_ASSOC); $secDnsRecords = $stmt->fetchAll(PDO::FETCH_ASSOC);
$stmt->closeCursor();
// Fetch registrant identifier // Fetch registrant identifier
$stmt = $db->prepare("SELECT identifier FROM contact WHERE id = :id"); $stmt = $db->prepare("SELECT identifier FROM contact WHERE id = :id");
$stmt->execute(['id' => $domain['registrant']]); $stmt->execute(['id' => $domain['registrant']]);
$registrant_id = $stmt->fetch(PDO::FETCH_COLUMN); $registrant_id = $stmt->fetch(PDO::FETCH_COLUMN);
$stmt->closeCursor();
$transformedSecDnsRecords = []; $transformedSecDnsRecords = [];
if ($secDnsRecords) { if ($secDnsRecords) {
@ -528,6 +548,7 @@ function processDomainInfo($conn, $db, $xml, $clid, $trans) {
$stmt->bindParam(':domainName', $domainName, PDO::PARAM_STR); $stmt->bindParam(':domainName', $domainName, PDO::PARAM_STR);
$stmt->execute(); $stmt->execute();
$token = $stmt->fetchColumn(); $token = $stmt->fetchColumn();
$stmt->closeCursor();
if ($token) { if ($token) {
$response['allocation'] = $token; $response['allocation'] = $token;
@ -556,6 +577,7 @@ function processFundsInfo($conn, $db, $xml, $clid, $trans) {
$stmt->execute(['id' => $clid]); $stmt->execute(['id' => $clid]);
$funds = $stmt->fetch(PDO::FETCH_ASSOC); $funds = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$creditBalance = ($funds['accountBalance'] < 0) ? -$funds['accountBalance'] : 0; $creditBalance = ($funds['accountBalance'] < 0) ? -$funds['accountBalance'] : 0;
$availableCredit = $funds['creditLimit'] - $creditBalance; $availableCredit = $funds['creditLimit'] - $creditBalance;

21
epp/src/epp-renew.php
View file

@ -38,11 +38,7 @@ function processDomainRenew($conn, $db, $xml, $clid, $database_type, $trans) {
$period = 'y'; $period = 'y';
} }
$stmt = $db->prepare("SELECT id FROM registrar WHERE clid = :clid LIMIT 1"); $clid = getClid($db, $clid);
$stmt->bindParam(':clid', $clid, PDO::PARAM_STR);
$stmt->execute();
$clid = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$stmt = $db->prepare("SELECT id, name, tldid, exdate, clid FROM domain WHERE name = :domainName LIMIT 1"); $stmt = $db->prepare("SELECT id, name, tldid, exdate, clid FROM domain WHERE name = :domainName LIMIT 1");
$stmt->bindParam(':domainName', $domainName, PDO::PARAM_STR); $stmt->bindParam(':domainName', $domainName, PDO::PARAM_STR);
@ -55,7 +51,7 @@ function processDomainRenew($conn, $db, $xml, $clid, $database_type, $trans) {
return; return;
} }
if ($clid['id'] != $domainData['clid']) { if ($clid != $domainData['clid']) {
sendEppError($conn, $db, 2201, 'It belongs to another registrar', $clTRID, $trans); sendEppError($conn, $db, 2201, 'It belongs to another registrar', $clTRID, $trans);
return; return;
} }
@ -96,7 +92,6 @@ function processDomainRenew($conn, $db, $xml, $clid, $database_type, $trans) {
} }
$after_10_years = $db->query("SELECT YEAR(DATE_ADD(CURDATE(),INTERVAL 10 YEAR))")->fetchColumn(); $after_10_years = $db->query("SELECT YEAR(DATE_ADD(CURDATE(),INTERVAL 10 YEAR))")->fetchColumn();
$stmt->closeCursor();
$stmt = $db->prepare("SELECT YEAR(DATE_ADD(:exdate, INTERVAL :date_add MONTH))"); $stmt = $db->prepare("SELECT YEAR(DATE_ADD(:exdate, INTERVAL :date_add MONTH))");
$stmt->bindParam(':exdate', $domainData['exdate'], PDO::PARAM_STR); $stmt->bindParam(':exdate', $domainData['exdate'], PDO::PARAM_STR);
$stmt->bindParam(':date_add', $date_add, PDO::PARAM_INT); $stmt->bindParam(':date_add', $date_add, PDO::PARAM_INT);
@ -112,7 +107,7 @@ function processDomainRenew($conn, $db, $xml, $clid, $database_type, $trans) {
// Check registrar account balance // Check registrar account balance
$stmt = $db->prepare("SELECT accountBalance, creditLimit, currency FROM registrar WHERE id = :registrarId LIMIT 1"); $stmt = $db->prepare("SELECT accountBalance, creditLimit, currency FROM registrar WHERE id = :registrarId LIMIT 1");
$stmt->bindParam(':registrarId', $clid['id'], PDO::PARAM_INT); $stmt->bindParam(':registrarId', $clid, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC); $row = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor(); $stmt->closeCursor();
@ -120,7 +115,7 @@ function processDomainRenew($conn, $db, $xml, $clid, $database_type, $trans) {
$creditLimit = $row['creditLimit']; $creditLimit = $row['creditLimit'];
$currency = $row['currency']; $currency = $row['currency'];
$returnValue = getDomainPrice($db, $domainData['name'], $domainData['tldid'], $date_add, 'renew', $clid['id'], $currency); $returnValue = getDomainPrice($db, $domainData['name'], $domainData['tldid'], $date_add, 'renew', $clid, $currency);
$price = $returnValue['price']; $price = $returnValue['price'];
if (($registrar_balance + $creditLimit) < $price) { if (($registrar_balance + $creditLimit) < $price) {
@ -139,7 +134,7 @@ function processDomainRenew($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt->bindParam(':date_add', $date_add, PDO::PARAM_INT); $stmt->bindParam(':date_add', $date_add, PDO::PARAM_INT);
$stmt->bindParam(':rgpstatus', $rgpstatus, PDO::PARAM_STR); $stmt->bindParam(':rgpstatus', $rgpstatus, PDO::PARAM_STR);
$stmt->bindParam(':renewPeriod', $date_add, PDO::PARAM_INT); $stmt->bindParam(':renewPeriod', $date_add, PDO::PARAM_INT);
$stmt->bindParam(':upid', $clid['id'], PDO::PARAM_INT); $stmt->bindParam(':upid', $clid, PDO::PARAM_INT);
$stmt->bindParam(':domain_id', $domainData['id'], PDO::PARAM_INT); $stmt->bindParam(':domain_id', $domainData['id'], PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
@ -152,14 +147,14 @@ function processDomainRenew($conn, $db, $xml, $clid, $database_type, $trans) {
// Update registrar's account balance: // Update registrar's account balance:
$stmt = $db->prepare("UPDATE registrar SET accountBalance = (accountBalance - :price) WHERE id = :registrar_id"); $stmt = $db->prepare("UPDATE registrar SET accountBalance = (accountBalance - :price) WHERE id = :registrar_id");
$stmt->bindParam(':price', $price, PDO::PARAM_INT); $stmt->bindParam(':price', $price, PDO::PARAM_INT);
$stmt->bindParam(':registrar_id', $clid['id'], PDO::PARAM_INT); $stmt->bindParam(':registrar_id', $clid, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
// Insert into payment_history: // Insert into payment_history:
$description = "renew domain $domainName for period $date_add MONTH"; $description = "renew domain $domainName for period $date_add MONTH";
$negative_price = -$price; $negative_price = -$price;
$stmt = $db->prepare("INSERT INTO payment_history (registrar_id, date, description, amount) VALUES (:registrar_id, CURRENT_TIMESTAMP(3), :description, :amount)"); $stmt = $db->prepare("INSERT INTO payment_history (registrar_id, date, description, amount) VALUES (:registrar_id, CURRENT_TIMESTAMP(3), :description, :amount)");
$stmt->bindParam(':registrar_id', $clid['id'], PDO::PARAM_INT); $stmt->bindParam(':registrar_id', $clid, PDO::PARAM_INT);
$stmt->bindParam(':description', $description, PDO::PARAM_STR); $stmt->bindParam(':description', $description, PDO::PARAM_STR);
$stmt->bindParam(':amount', $negative_price, PDO::PARAM_INT); $stmt->bindParam(':amount', $negative_price, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
@ -173,7 +168,7 @@ function processDomainRenew($conn, $db, $xml, $clid, $database_type, $trans) {
// Insert into statement: // Insert into statement:
$stmt = $db->prepare("INSERT INTO statement (registrar_id, date, command, domain_name, length_in_months, fromS, toS, amount) VALUES (?, CURRENT_TIMESTAMP(3), ?, ?, ?, ?, ?, ?)"); $stmt = $db->prepare("INSERT INTO statement (registrar_id, date, command, domain_name, length_in_months, fromS, toS, amount) VALUES (?, CURRENT_TIMESTAMP(3), ?, ?, ?, ?, ?, ?)");
$stmt->execute([$clid['id'], 'renew', $domainName, $date_add, $from, $to, $price]); $stmt->execute([$clid, 'renew', $domainName, $date_add, $from, $to, $price]);
} }
} }

89
epp/src/epp-transfer.php
View file

@ -17,6 +17,7 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT id, clid FROM contact WHERE identifier = :identifier LIMIT 1"); $stmt = $db->prepare("SELECT id, clid FROM contact WHERE identifier = :identifier LIMIT 1");
$stmt->execute([':identifier' => $identifier]); $stmt->execute([':identifier' => $identifier]);
$result = $stmt->fetch(PDO::FETCH_ASSOC); $result = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$contact_id = $result['id'] ?? null; $contact_id = $result['id'] ?? null;
$registrar_id_contact = $result['clid'] ?? null; $registrar_id_contact = $result['clid'] ?? null;
@ -24,12 +25,8 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans)
sendEppError($conn, $db, 2303, 'Contact does not exist', $clTRID, $trans); sendEppError($conn, $db, 2303, 'Contact does not exist', $clTRID, $trans);
return; return;
} }
$stmt = $db->prepare("SELECT id FROM registrar WHERE clid = :clid LIMIT 1"); $clid = getClid($db, $clid);
$stmt->bindParam(':clid', $clid, PDO::PARAM_STR);
$stmt->execute();
$clid = $stmt->fetch(PDO::FETCH_ASSOC);
$clid = $clid['id'];
if ($op === 'approve') { if ($op === 'approve') {
if ($clid !== $registrar_id_contact) { if ($clid !== $registrar_id_contact) {
@ -44,6 +41,7 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans)
':authInfo_pw' => $authInfo_pw ':authInfo_pw' => $authInfo_pw
]); ]);
$contact_authinfo_id = $stmt->fetchColumn(); $contact_authinfo_id = $stmt->fetchColumn();
$stmt->closeCursor();
if (!$contact_authinfo_id) { if (!$contact_authinfo_id) {
sendEppError($conn, $db, 2202, 'authInfo pw is not correct', $clTRID, $trans); sendEppError($conn, $db, 2202, 'authInfo pw is not correct', $clTRID, $trans);
@ -54,6 +52,7 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT crid, crdate, upid, lastupdate, trdate, trstatus, reid, redate, acid, acdate FROM contact WHERE id = :contact_id LIMIT 1"); $stmt = $db->prepare("SELECT crid, crdate, upid, lastupdate, trdate, trstatus, reid, redate, acid, acdate FROM contact WHERE id = :contact_id LIMIT 1");
$stmt->execute([':contact_id' => $contact_id]); $stmt->execute([':contact_id' => $contact_id]);
$contactInfo = $stmt->fetch(PDO::FETCH_ASSOC); $contactInfo = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$trstatus = $contactInfo['trstatus'] ?? ''; $trstatus = $contactInfo['trstatus'] ?? '';
if ($trstatus === 'pending') { if ($trstatus === 'pending') {
@ -71,14 +70,17 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT crid, crdate, upid, lastupdate, trdate, trstatus, reid, redate, acid, acdate FROM contact WHERE id = :contact_id LIMIT 1"); $stmt = $db->prepare("SELECT crid, crdate, upid, lastupdate, trdate, trstatus, reid, redate, acid, acdate FROM contact WHERE id = :contact_id LIMIT 1");
$stmt->execute([':contact_id' => $contact_id]); $stmt->execute([':contact_id' => $contact_id]);
$updatedContactInfo = $stmt->fetch(PDO::FETCH_ASSOC); $updatedContactInfo = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$reid_identifier_stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1"); $reid_identifier_stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1");
$reid_identifier_stmt->execute([':reid' => $updatedContactInfo['reid']]); $reid_identifier_stmt->execute([':reid' => $updatedContactInfo['reid']]);
$reid_identifier = $reid_identifier_stmt->fetchColumn(); $reid_identifier = $reid_identifier_stmt->fetchColumn();
$reid_identifier_stmt->closeCursor();
$acid_identifier_stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1"); $acid_identifier_stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1");
$acid_identifier_stmt->execute([':acid' => $updatedContactInfo['acid']]); $acid_identifier_stmt->execute([':acid' => $updatedContactInfo['acid']]);
$acid_identifier = $acid_identifier_stmt->fetchColumn(); $acid_identifier = $acid_identifier_stmt->fetchColumn();
$acid_identifier_stmt->closeCursor();
$svTRID = generateSvTRID(); $svTRID = generateSvTRID();
$response = [ $response = [
@ -116,7 +118,8 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans)
if ($authInfo_pw) { if ($authInfo_pw) {
$stmt = $db->prepare("SELECT id FROM contact_authInfo WHERE contact_id = :contact_id AND authtype = 'pw' AND authinfo = :authInfo_pw LIMIT 1"); $stmt = $db->prepare("SELECT id FROM contact_authInfo WHERE contact_id = :contact_id AND authtype = 'pw' AND authinfo = :authInfo_pw LIMIT 1");
$stmt->execute([':contact_id' => $contact_id, ':authInfo_pw' => $authInfo_pw]); $stmt->execute([':contact_id' => $contact_id, ':authInfo_pw' => $authInfo_pw]);
$contact_authinfo_id = $stmt->fetchColumn(); $contact_authinfo_id = $stmt->fetchColumn();
$stmt->closeCursor();
if (!$contact_authinfo_id) { if (!$contact_authinfo_id) {
sendEppError($conn, $db, 2202, 'authInfo pw is not correct', $clTRID, $trans); sendEppError($conn, $db, 2202, 'authInfo pw is not correct', $clTRID, $trans);
return; return;
@ -126,6 +129,7 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT crid, crdate, upid, lastupdate, trdate, trstatus, reid, redate, acid, acdate FROM contact WHERE id = :contact_id LIMIT 1"); $stmt = $db->prepare("SELECT crid, crdate, upid, lastupdate, trdate, trstatus, reid, redate, acid, acdate FROM contact WHERE id = :contact_id LIMIT 1");
$stmt->execute([':contact_id' => $contact_id]); $stmt->execute([':contact_id' => $contact_id]);
$contactInfo = $stmt->fetch(PDO::FETCH_ASSOC); $contactInfo = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$trstatus = $contactInfo['trstatus'] ?? ''; $trstatus = $contactInfo['trstatus'] ?? '';
if ($trstatus === 'pending') { if ($trstatus === 'pending') {
@ -139,14 +143,17 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT crid, crdate, upid, lastupdate, trdate, trstatus, reid, redate, acid, acdate FROM contact WHERE id = :contact_id LIMIT 1"); $stmt = $db->prepare("SELECT crid, crdate, upid, lastupdate, trdate, trstatus, reid, redate, acid, acdate FROM contact WHERE id = :contact_id LIMIT 1");
$stmt->execute([':contact_id' => $contact_id]); $stmt->execute([':contact_id' => $contact_id]);
$updatedContactInfo = $stmt->fetch(PDO::FETCH_ASSOC); $updatedContactInfo = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$reid_identifier_stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1"); $reid_identifier_stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1");
$reid_identifier_stmt->execute([':reid' => $updatedContactInfo['reid']]); $reid_identifier_stmt->execute([':reid' => $updatedContactInfo['reid']]);
$reid_identifier = $reid_identifier_stmt->fetchColumn(); $reid_identifier = $reid_identifier_stmt->fetchColumn();
$reid_identifier_stmt->closeCursor();
$acid_identifier_stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1"); $acid_identifier_stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1");
$acid_identifier_stmt->execute([':acid' => $updatedContactInfo['acid']]); $acid_identifier_stmt->execute([':acid' => $updatedContactInfo['acid']]);
$acid_identifier = $acid_identifier_stmt->fetchColumn(); $acid_identifier = $acid_identifier_stmt->fetchColumn();
$acid_identifier_stmt->closeCursor();
$svTRID = generateSvTRID(); $svTRID = generateSvTRID();
$response = [ $response = [
@ -177,16 +184,19 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT crid, crdate, upid, lastupdate, trdate, trstatus, reid, redate, acid, acdate FROM contact WHERE id = :contact_id LIMIT 1"); $stmt = $db->prepare("SELECT crid, crdate, upid, lastupdate, trdate, trstatus, reid, redate, acid, acdate FROM contact WHERE id = :contact_id LIMIT 1");
$stmt->execute([':contact_id' => $contact_id]); $stmt->execute([':contact_id' => $contact_id]);
$contactInfo = $stmt->fetch(PDO::FETCH_ASSOC); $contactInfo = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$trstatus = $contactInfo['trstatus'] ?? ''; $trstatus = $contactInfo['trstatus'] ?? '';
if ($trstatus === 'pending') { if ($trstatus === 'pending') {
$reid_identifier_stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1"); $reid_identifier_stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1");
$reid_identifier_stmt->execute([':reid' => $contactInfo['reid']]); $reid_identifier_stmt->execute([':reid' => $contactInfo['reid']]);
$reid_identifier = $reid_identifier_stmt->fetchColumn(); $reid_identifier = $reid_identifier_stmt->fetchColumn();
$reid_identifier_stmt->closeCursor();
$acid_identifier_stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1"); $acid_identifier_stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1");
$acid_identifier_stmt->execute([':acid' => $contactInfo['acid']]); $acid_identifier_stmt->execute([':acid' => $contactInfo['acid']]);
$acid_identifier = $acid_identifier_stmt->fetchColumn(); $acid_identifier = $acid_identifier_stmt->fetchColumn();
$acid_identifier_stmt->closeCursor();
$svTRID = generateSvTRID(); $svTRID = generateSvTRID();
$response = [ $response = [
@ -224,6 +234,7 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT id FROM contact_authInfo WHERE contact_id = :contact_id AND authtype = 'pw' AND authinfo = :authInfo_pw LIMIT 1"); $stmt = $db->prepare("SELECT id FROM contact_authInfo WHERE contact_id = :contact_id AND authtype = 'pw' AND authinfo = :authInfo_pw LIMIT 1");
$stmt->execute([':contact_id' => $contact_id, ':authInfo_pw' => $authInfo_pw]); $stmt->execute([':contact_id' => $contact_id, ':authInfo_pw' => $authInfo_pw]);
$contact_authinfo_id = $stmt->fetchColumn(); $contact_authinfo_id = $stmt->fetchColumn();
$stmt->closeCursor();
if (!$contact_authinfo_id) { if (!$contact_authinfo_id) {
sendEppError($conn, $db, 2202, 'authInfo pw is not correct', $clTRID, $trans); sendEppError($conn, $db, 2202, 'authInfo pw is not correct', $clTRID, $trans);
@ -234,6 +245,7 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT crid, crdate, upid, lastupdate, trdate, trstatus, reid, redate, acid, acdate FROM contact WHERE id = :contact_id LIMIT 1"); $stmt = $db->prepare("SELECT crid, crdate, upid, lastupdate, trdate, trstatus, reid, redate, acid, acdate FROM contact WHERE id = :contact_id LIMIT 1");
$stmt->execute([':contact_id' => $contact_id]); $stmt->execute([':contact_id' => $contact_id]);
$contactInfo = $stmt->fetch(PDO::FETCH_ASSOC); $contactInfo = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
if ($contactInfo['trstatus'] === 'pending') { if ($contactInfo['trstatus'] === 'pending') {
// The losing registrar has five days once the contact is pending to respond. // The losing registrar has five days once the contact is pending to respond.
@ -247,15 +259,18 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT crid, crdate, upid, lastupdate, trdate, trstatus, reid, redate, acid, acdate FROM contact WHERE id = :contact_id LIMIT 1"); $stmt = $db->prepare("SELECT crid, crdate, upid, lastupdate, trdate, trstatus, reid, redate, acid, acdate FROM contact WHERE id = :contact_id LIMIT 1");
$stmt->execute([':contact_id' => $contact_id]); $stmt->execute([':contact_id' => $contact_id]);
$contactInfo = $stmt->fetch(PDO::FETCH_ASSOC); $contactInfo = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
// Fetch registrar identifiers // Fetch registrar identifiers
$reidStmt = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1"); $reidStmt = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1");
$reidStmt->execute([':reid' => $contactInfo['reid']]); $reidStmt->execute([':reid' => $contactInfo['reid']]);
$reid_identifier = $reidStmt->fetchColumn(); $reid_identifier = $reidStmt->fetchColumn();
$reidStmt->closeCursor();
$acidStmt = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1"); $acidStmt = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1");
$acidStmt->execute([':acid' => $contactInfo['acid']]); $acidStmt->execute([':acid' => $contactInfo['acid']]);
$acid_identifier = $acidStmt->fetchColumn(); $acid_identifier = $acidStmt->fetchColumn();
$acidStmt->closeCursor();
$svTRID = generateSvTRID(); $svTRID = generateSvTRID();
$response = [ $response = [
@ -287,6 +302,7 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT DATEDIFF(CURRENT_TIMESTAMP(3),crdate) FROM contact WHERE id = :contact_id LIMIT 1"); $stmt = $db->prepare("SELECT DATEDIFF(CURRENT_TIMESTAMP(3),crdate) FROM contact WHERE id = :contact_id LIMIT 1");
$stmt->execute([':contact_id' => $contact_id]); $stmt->execute([':contact_id' => $contact_id]);
$days_from_registration = $stmt->fetchColumn(); $days_from_registration = $stmt->fetchColumn();
$stmt->closeCursor();
if ($days_from_registration < 60) { if ($days_from_registration < 60) {
sendEppError($conn, $db, 2201, 'The contact name must not be within 60 days of its initial registration', $clTRID, $trans); sendEppError($conn, $db, 2201, 'The contact name must not be within 60 days of its initial registration', $clTRID, $trans);
@ -297,6 +313,7 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT trdate, DATEDIFF(CURRENT_TIMESTAMP(3),trdate) AS intval FROM contact WHERE id = :contact_id LIMIT 1"); $stmt = $db->prepare("SELECT trdate, DATEDIFF(CURRENT_TIMESTAMP(3),trdate) AS intval FROM contact WHERE id = :contact_id LIMIT 1");
$stmt->execute([':contact_id' => $contact_id]); $stmt->execute([':contact_id' => $contact_id]);
$result = $stmt->fetch(PDO::FETCH_ASSOC); $result = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$last_trdate = $result['trdate']; $last_trdate = $result['trdate'];
$days_from_last_transfer = $result['intval']; $days_from_last_transfer = $result['intval'];
@ -309,6 +326,7 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT id FROM contact_authInfo WHERE contact_id = :contact_id AND authtype = 'pw' AND authinfo = :authInfo_pw LIMIT 1"); $stmt = $db->prepare("SELECT id FROM contact_authInfo WHERE contact_id = :contact_id AND authtype = 'pw' AND authinfo = :authInfo_pw LIMIT 1");
$stmt->execute([':contact_id' => $contact_id, ':authInfo_pw' => $authInfo_pw]); $stmt->execute([':contact_id' => $contact_id, ':authInfo_pw' => $authInfo_pw]);
$contact_authinfo_id = $stmt->fetchColumn(); $contact_authinfo_id = $stmt->fetchColumn();
$stmt->closeCursor();
if (!$contact_authinfo_id) { if (!$contact_authinfo_id) {
sendEppError($conn, $db, 2202, 'authInfo pw is not correct', $clTRID, $trans); sendEppError($conn, $db, 2202, 'authInfo pw is not correct', $clTRID, $trans);
@ -325,6 +343,7 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans)
return; return;
} }
} }
$stmt->closeCursor();
if ($clid == $registrar_id_contact) { if ($clid == $registrar_id_contact) {
sendEppError($conn, $db, 2106, 'Destination client of the transfer operation is the contact sponsoring client', $clTRID, $trans); sendEppError($conn, $db, 2106, 'Destination client of the transfer operation is the contact sponsoring client', $clTRID, $trans);
@ -334,6 +353,7 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT crid,crdate,upid,lastupdate,trdate,trstatus,reid,redate,acid,acdate FROM contact WHERE id = :contact_id LIMIT 1"); $stmt = $db->prepare("SELECT crid,crdate,upid,lastupdate,trdate,trstatus,reid,redate,acid,acdate FROM contact WHERE id = :contact_id LIMIT 1");
$stmt->execute([':contact_id' => $contact_id]); $stmt->execute([':contact_id' => $contact_id]);
$result = $stmt->fetch(PDO::FETCH_ASSOC); $result = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$trstatus = $result['trstatus']; $trstatus = $result['trstatus'];
if (!$trstatus || $trstatus != 'pending') { if (!$trstatus || $trstatus != 'pending') {
@ -352,6 +372,7 @@ function processContactTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT crid,crdate,upid,lastupdate,trdate,trstatus,reid,redate,acid,acdate FROM contact WHERE id = :contact_id LIMIT 1"); $stmt = $db->prepare("SELECT crid,crdate,upid,lastupdate,trdate,trstatus,reid,redate,acid,acdate FROM contact WHERE id = :contact_id LIMIT 1");
$stmt->execute([':contact_id' => $contact_id]); $stmt->execute([':contact_id' => $contact_id]);
$result = $stmt->fetch(PDO::FETCH_ASSOC); $result = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$reid_identifier = $db->query("SELECT clid FROM registrar WHERE id = '{$result['reid']}' LIMIT 1")->fetchColumn(); $reid_identifier = $db->query("SELECT clid FROM registrar WHERE id = '{$result['reid']}' LIMIT 1")->fetchColumn();
$acid_identifier = $db->query("SELECT clid FROM registrar WHERE id = '{$result['acid']}' LIMIT 1")->fetchColumn(); $acid_identifier = $db->query("SELECT clid FROM registrar WHERE id = '{$result['acid']}' LIMIT 1")->fetchColumn();
@ -420,6 +441,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt->bindParam(':name', $domainName, PDO::PARAM_STR); $stmt->bindParam(':name', $domainName, PDO::PARAM_STR);
$stmt->execute(); $stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC); $row = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$domain_id = $row['id'] ?? null; $domain_id = $row['id'] ?? null;
$tldid = $row['tldid'] ?? null; $tldid = $row['tldid'] ?? null;
@ -430,11 +452,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
return; return;
} }
$stmt = $db->prepare("SELECT id FROM registrar WHERE clid = :clid LIMIT 1"); $clid = getClid($db, $clid);
$stmt->bindParam(':clid', $clid, PDO::PARAM_STR);
$stmt->execute();
$clid = $stmt->fetch(PDO::FETCH_ASSOC);
$clid = $clid['id'];
if ($op === 'approve') { if ($op === 'approve') {
if ($clid !== $registrar_id_domain) { if ($clid !== $registrar_id_domain) {
@ -446,6 +464,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT id FROM domain_authInfo WHERE domain_id = ? AND authtype = 'pw' AND authinfo = ? LIMIT 1"); $stmt = $db->prepare("SELECT id FROM domain_authInfo WHERE domain_id = ? AND authtype = 'pw' AND authinfo = ? LIMIT 1");
$stmt->execute([$domain_id, $authInfo_pw]); $stmt->execute([$domain_id, $authInfo_pw]);
$domain_authinfo_id = $stmt->fetchColumn(); $domain_authinfo_id = $stmt->fetchColumn();
$stmt->closeCursor();
if (!$domain_authinfo_id) { if (!$domain_authinfo_id) {
sendEppError($conn, $db, 2202, 'authInfo pw is not correct', $clTRID, $trans); sendEppError($conn, $db, 2202, 'authInfo pw is not correct', $clTRID, $trans);
@ -456,6 +475,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT id,registrant,crdate,exdate,lastupdate,clid,crid,upid,trdate,trstatus,reid,redate,acid,acdate,transfer_exdate FROM domain WHERE name = ? LIMIT 1"); $stmt = $db->prepare("SELECT id,registrant,crdate,exdate,lastupdate,clid,crid,upid,trdate,trstatus,reid,redate,acid,acdate,transfer_exdate FROM domain WHERE name = ? LIMIT 1");
$stmt->execute([$domainName]); $stmt->execute([$domainName]);
$row = $stmt->fetch(PDO::FETCH_ASSOC); $row = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
if ($row && $row["trstatus"] === 'pending') { if ($row && $row["trstatus"] === 'pending') {
$date_add = 0; $date_add = 0;
@ -464,15 +484,18 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT accountBalance,creditLimit FROM registrar WHERE id = ? LIMIT 1"); $stmt = $db->prepare("SELECT accountBalance,creditLimit FROM registrar WHERE id = ? LIMIT 1");
$stmt->execute([$row["reid"]]); $stmt->execute([$row["reid"]]);
list($registrar_balance, $creditLimit) = $stmt->fetch(PDO::FETCH_NUM); list($registrar_balance, $creditLimit) = $stmt->fetch(PDO::FETCH_NUM);
$stmt->closeCursor();
if ($row["transfer_exdate"]) { if ($row["transfer_exdate"]) {
$stmt = $db->prepare("SELECT PERIOD_DIFF(DATE_FORMAT(transfer_exdate, '%Y%m'), DATE_FORMAT(exdate, '%Y%m')) AS intval FROM domain WHERE name = ? LIMIT 1"); $stmt = $db->prepare("SELECT PERIOD_DIFF(DATE_FORMAT(transfer_exdate, '%Y%m'), DATE_FORMAT(exdate, '%Y%m')) AS intval FROM domain WHERE name = ? LIMIT 1");
$stmt->execute([$domainName]); $stmt->execute([$domainName]);
$date_add = $stmt->fetchColumn(); $date_add = $stmt->fetchColumn();
$stmt->closeCursor();
$stmt = $db->prepare("SELECT currency FROM registrar WHERE id = :registrar_id LIMIT 1"); $stmt = $db->prepare("SELECT currency FROM registrar WHERE id = :registrar_id LIMIT 1");
$stmt->execute([':registrar_id' => $clid]); $stmt->execute([':registrar_id' => $clid]);
$result = $stmt->fetch(PDO::FETCH_ASSOC); $result = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$currency = $result["currency"]; $currency = $result["currency"];
$returnValue = getDomainPrice($db, $domainName, $tldid, $date_add, 'transfer', $clid, $currency); $returnValue = getDomainPrice($db, $domainName, $tldid, $date_add, 'transfer', $clid, $currency);
@ -488,6 +511,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare('SELECT contact_id, type FROM domain_contact_map WHERE domain_id = ?'); $stmt = $db->prepare('SELECT contact_id, type FROM domain_contact_map WHERE domain_id = ?');
$stmt->execute([$domain_id]); $stmt->execute([$domain_id]);
$contactMap = $stmt->fetchAll(PDO::FETCH_ASSOC); $contactMap = $stmt->fetchAll(PDO::FETCH_ASSOC);
$stmt->closeCursor();
// Prepare an array to hold new contact IDs to prevent duplicating contacts // Prepare an array to hold new contact IDs to prevent duplicating contacts
$newContactIds = []; $newContactIds = [];
@ -496,6 +520,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare('SELECT * FROM contact WHERE id = ?'); $stmt = $db->prepare('SELECT * FROM contact WHERE id = ?');
$stmt->execute([$row['registrant']]); $stmt->execute([$row['registrant']]);
$registrantData = $stmt->fetch(PDO::FETCH_ASSOC); $registrantData = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
unset($registrantData['id']); unset($registrantData['id']);
$registrantData['identifier'] = generateAuthInfo(); $registrantData['identifier'] = generateAuthInfo();
$registrantData['clid'] = $row['reid']; $registrantData['clid'] = $row['reid'];
@ -512,6 +537,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare('SELECT * FROM contact_postalInfo WHERE contact_id = ?'); $stmt = $db->prepare('SELECT * FROM contact_postalInfo WHERE contact_id = ?');
$stmt->execute([$row['registrant']]); $stmt->execute([$row['registrant']]);
$postalInfos = $stmt->fetchAll(PDO::FETCH_ASSOC); $postalInfos = $stmt->fetchAll(PDO::FETCH_ASSOC);
$stmt->closeCursor();
foreach ($postalInfos as $postalInfo) { foreach ($postalInfos as $postalInfo) {
unset($postalInfo['id']); unset($postalInfo['id']);
@ -535,6 +561,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare('SELECT * FROM contact WHERE id = ?'); $stmt = $db->prepare('SELECT * FROM contact WHERE id = ?');
$stmt->execute([$contact['contact_id']]); $stmt->execute([$contact['contact_id']]);
$contactData = $stmt->fetch(PDO::FETCH_ASSOC); $contactData = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
unset($contactData['id']); unset($contactData['id']);
$contactData['identifier'] = generateAuthInfo(); $contactData['identifier'] = generateAuthInfo();
$contactData['clid'] = $row["reid"]; $contactData['clid'] = $row["reid"];
@ -551,6 +578,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare('SELECT * FROM contact_postalInfo WHERE contact_id = ?'); $stmt = $db->prepare('SELECT * FROM contact_postalInfo WHERE contact_id = ?');
$stmt->execute([$contact['contact_id']]); $stmt->execute([$contact['contact_id']]);
$postalInfos = $stmt->fetchAll(PDO::FETCH_ASSOC); $postalInfos = $stmt->fetchAll(PDO::FETCH_ASSOC);
$stmt->closeCursor();
foreach ($postalInfos as $postalInfo) { foreach ($postalInfos as $postalInfo) {
unset($postalInfo['id']); unset($postalInfo['id']);
@ -572,6 +600,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT exdate FROM domain WHERE id = :domain_id LIMIT 1"); $stmt = $db->prepare("SELECT exdate FROM domain WHERE id = :domain_id LIMIT 1");
$stmt->execute(['domain_id' => $domain_id]); $stmt->execute(['domain_id' => $domain_id]);
$from = $stmt->fetchColumn(); $from = $stmt->fetchColumn();
$stmt->closeCursor();
$stmt = $db->prepare("UPDATE domain SET exdate = DATE_ADD(exdate, INTERVAL ? MONTH), lastupdate = CURRENT_TIMESTAMP(3), clid = ?, upid = ?, registrant = ?, trdate = CURRENT_TIMESTAMP(3), trstatus = 'clientApproved', acdate = CURRENT_TIMESTAMP(3), transfer_exdate = NULL, rgpstatus = 'transferPeriod', transferPeriod = ? WHERE id = ?"); $stmt = $db->prepare("UPDATE domain SET exdate = DATE_ADD(exdate, INTERVAL ? MONTH), lastupdate = CURRENT_TIMESTAMP(3), clid = ?, upid = ?, registrant = ?, trdate = CURRENT_TIMESTAMP(3), trstatus = 'clientApproved', acdate = CURRENT_TIMESTAMP(3), transfer_exdate = NULL, rgpstatus = 'transferPeriod', transferPeriod = ? WHERE id = ?");
$stmt->execute([$date_add, $row["reid"], $clid, $newRegistrantId, $date_add, $domain_id]); $stmt->execute([$date_add, $row["reid"], $clid, $newRegistrantId, $date_add, $domain_id]);
@ -595,6 +624,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare('SELECT status FROM domain_status WHERE domain_id = ? AND status = ? LIMIT 1'); $stmt = $db->prepare('SELECT status FROM domain_status WHERE domain_id = ? AND status = ? LIMIT 1');
$stmt->execute([$domain_id, 'pendingTransfer']); $stmt->execute([$domain_id, 'pendingTransfer']);
$existingStatus = $stmt->fetchColumn(); $existingStatus = $stmt->fetchColumn();
$stmt->closeCursor();
if ($existingStatus === 'pendingTransfer') { if ($existingStatus === 'pendingTransfer') {
$deleteStmt = $db->prepare('DELETE FROM domain_status WHERE domain_id = ? AND status = ?'); $deleteStmt = $db->prepare('DELETE FROM domain_status WHERE domain_id = ? AND status = ?');
@ -642,6 +672,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT exdate FROM domain WHERE id = :domain_id LIMIT 1"); $stmt = $db->prepare("SELECT exdate FROM domain WHERE id = :domain_id LIMIT 1");
$stmt->execute(['domain_id' => $domain_id]); $stmt->execute(['domain_id' => $domain_id]);
$to = $stmt->fetchColumn(); $to = $stmt->fetchColumn();
$stmt->closeCursor();
$stmt = $db->prepare("INSERT INTO statement (registrar_id,date,command,domain_name,length_in_months,fromS,toS,amount) VALUES(:registrar_id, CURRENT_TIMESTAMP(3), :command, :domain_name, :length_in_months, :from, :to, :amount)"); $stmt = $db->prepare("INSERT INTO statement (registrar_id,date,command,domain_name,length_in_months,fromS,toS,amount) VALUES(:registrar_id, CURRENT_TIMESTAMP(3), :command, :domain_name, :length_in_months, :from, :to, :amount)");
$stmt->execute(['registrar_id' => $row['reid'], 'command' => 'transfer', 'domain_name' => $domainName, 'length_in_months' => $date_add, 'from' => $from, 'to' => $to, 'amount' => $price]); $stmt->execute(['registrar_id' => $row['reid'], 'command' => 'transfer', 'domain_name' => $domainName, 'length_in_months' => $date_add, 'from' => $from, 'to' => $to, 'amount' => $price]);
@ -649,19 +680,23 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT id,registrant,crdate,exdate,lastupdate,clid,crid,upid,trdate,trstatus,reid,redate,acid,acdate,transfer_exdate FROM domain WHERE name = :name LIMIT 1"); $stmt = $db->prepare("SELECT id,registrant,crdate,exdate,lastupdate,clid,crid,upid,trdate,trstatus,reid,redate,acid,acdate,transfer_exdate FROM domain WHERE name = :name LIMIT 1");
$stmt->execute(['name' => $domainName]); $stmt->execute(['name' => $domainName]);
$row = $stmt->fetch(PDO::FETCH_ASSOC); $row = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
extract($row); extract($row);
$stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1"); $stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1");
$stmt->execute(['reid' => $reid]); $stmt->execute(['reid' => $reid]);
$reid_identifier = $stmt->fetchColumn(); $reid_identifier = $stmt->fetchColumn();
$stmt->closeCursor();
$stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1"); $stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1");
$stmt->execute(['acid' => $acid]); $stmt->execute(['acid' => $acid]);
$acid_identifier = $stmt->fetchColumn(); $acid_identifier = $stmt->fetchColumn();
$stmt->closeCursor();
$stmt = $db->prepare("SELECT id FROM statistics WHERE date = CURDATE()"); $stmt = $db->prepare("SELECT id FROM statistics WHERE date = CURDATE()");
$stmt->execute(); $stmt->execute();
$curdate_id = $stmt->fetchColumn(); $curdate_id = $stmt->fetchColumn();
$stmt->closeCursor();
if (!$curdate_id) { if (!$curdate_id) {
$stmt = $db->prepare("INSERT IGNORE INTO statistics (date) VALUES(CURDATE())"); $stmt = $db->prepare("INSERT IGNORE INTO statistics (date) VALUES(CURDATE())");
@ -712,6 +747,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT id FROM domain_authInfo WHERE domain_id = :domain_id AND authtype = 'pw' AND authinfo = :authInfo_pw LIMIT 1"); $stmt = $db->prepare("SELECT id FROM domain_authInfo WHERE domain_id = :domain_id AND authtype = 'pw' AND authinfo = :authInfo_pw LIMIT 1");
$stmt->execute(['domain_id' => $domain_id, 'authInfo_pw' => $authInfo_pw]); $stmt->execute(['domain_id' => $domain_id, 'authInfo_pw' => $authInfo_pw]);
$domain_authinfo_id = $stmt->fetchColumn(); $domain_authinfo_id = $stmt->fetchColumn();
$stmt->closeCursor();
if (!$domain_authinfo_id) { if (!$domain_authinfo_id) {
sendEppError($conn, $db, 2202, 'authInfo pw is not correct', $clTRID, $trans); sendEppError($conn, $db, 2202, 'authInfo pw is not correct', $clTRID, $trans);
@ -722,6 +758,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT id, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate, transfer_exdate FROM domain WHERE name = :name LIMIT 1"); $stmt = $db->prepare("SELECT id, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate, transfer_exdate FROM domain WHERE name = :name LIMIT 1");
$stmt->execute(['name' => $domainName]); $stmt->execute(['name' => $domainName]);
$row = $stmt->fetch(PDO::FETCH_ASSOC); $row = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
extract($row); extract($row);
if ($trstatus === 'pending') { if ($trstatus === 'pending') {
@ -747,6 +784,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare('SELECT status FROM domain_status WHERE domain_id = ? AND status = ? LIMIT 1'); $stmt = $db->prepare('SELECT status FROM domain_status WHERE domain_id = ? AND status = ? LIMIT 1');
$stmt->execute([$domain_id, 'pendingTransfer']); $stmt->execute([$domain_id, 'pendingTransfer']);
$existingStatus = $stmt->fetchColumn(); $existingStatus = $stmt->fetchColumn();
$stmt->closeCursor();
if ($existingStatus === 'pendingTransfer') { if ($existingStatus === 'pendingTransfer') {
$deleteStmt = $db->prepare('DELETE FROM domain_status WHERE domain_id = ? AND status = ?'); $deleteStmt = $db->prepare('DELETE FROM domain_status WHERE domain_id = ? AND status = ?');
@ -763,15 +801,18 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT id, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate, transfer_exdate FROM domain WHERE name = :name LIMIT 1"); $stmt = $db->prepare("SELECT id, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate, transfer_exdate FROM domain WHERE name = :name LIMIT 1");
$stmt->execute(['name' => $domainName]); $stmt->execute(['name' => $domainName]);
$row = $stmt->fetch(PDO::FETCH_ASSOC); $row = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
extract($row); extract($row);
$stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1"); $stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1");
$stmt->execute(['reid' => $reid]); $stmt->execute(['reid' => $reid]);
$reid_identifier = $stmt->fetchColumn(); $reid_identifier = $stmt->fetchColumn();
$stmt->closeCursor();
$stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1"); $stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1");
$stmt->execute(['acid' => $acid]); $stmt->execute(['acid' => $acid]);
$acid_identifier = $stmt->fetchColumn(); $acid_identifier = $stmt->fetchColumn();
$stmt->closeCursor();
$svTRID = generateSvTRID(); $svTRID = generateSvTRID();
$response = [ $response = [
@ -809,6 +850,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT id, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate, transfer_exdate FROM domain WHERE name = :name LIMIT 1"); $stmt = $db->prepare("SELECT id, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate, transfer_exdate FROM domain WHERE name = :name LIMIT 1");
$stmt->execute(['name' => $domainName]); $stmt->execute(['name' => $domainName]);
$result = $stmt->fetch(PDO::FETCH_ASSOC); $result = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
extract($result); extract($result);
if ($trstatus === 'pending') { if ($trstatus === 'pending') {
@ -816,10 +858,12 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmtReID = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1"); $stmtReID = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1");
$stmtReID->execute(['reid' => $reid]); $stmtReID->execute(['reid' => $reid]);
$reid_identifier = $stmtReID->fetchColumn(); $reid_identifier = $stmtReID->fetchColumn();
$stmtReID->closeCursor();
$stmtAcID = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1"); $stmtAcID = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1");
$stmtAcID->execute(['acid' => $acid]); $stmtAcID->execute(['acid' => $acid]);
$acid_identifier = $stmtAcID->fetchColumn(); $acid_identifier = $stmtAcID->fetchColumn();
$stmtAcID->closeCursor();
$svTRID = generateSvTRID(); $svTRID = generateSvTRID();
$response = [ $response = [
@ -861,6 +905,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmtAuthInfo = $db->prepare("SELECT id FROM domain_authInfo WHERE domain_id = :domain_id AND authtype = 'pw' AND authinfo = :authInfo_pw LIMIT 1"); $stmtAuthInfo = $db->prepare("SELECT id FROM domain_authInfo WHERE domain_id = :domain_id AND authtype = 'pw' AND authinfo = :authInfo_pw LIMIT 1");
$stmtAuthInfo->execute(['domain_id' => $domain_id, 'authInfo_pw' => $authInfo_pw]); $stmtAuthInfo->execute(['domain_id' => $domain_id, 'authInfo_pw' => $authInfo_pw]);
$domain_authinfo_id = $stmtAuthInfo->fetchColumn(); $domain_authinfo_id = $stmtAuthInfo->fetchColumn();
$stmtAuthInfo->closeCursor();
if (!$domain_authinfo_id) { if (!$domain_authinfo_id) {
sendEppError($conn, $db, 2202, 'authInfo pw is not correct', $clTRID, $trans); sendEppError($conn, $db, 2202, 'authInfo pw is not correct', $clTRID, $trans);
@ -871,6 +916,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT id, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate, transfer_exdate FROM domain WHERE name = :name LIMIT 1"); $stmt = $db->prepare("SELECT id, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate, transfer_exdate FROM domain WHERE name = :name LIMIT 1");
$stmt->execute(['name' => $domainName]); $stmt->execute(['name' => $domainName]);
$result = $stmt->fetch(PDO::FETCH_ASSOC); $result = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
extract($result); extract($result);
if ($trstatus === 'pending') { if ($trstatus === 'pending') {
@ -896,6 +942,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare('SELECT status FROM domain_status WHERE domain_id = ? AND status = ? LIMIT 1'); $stmt = $db->prepare('SELECT status FROM domain_status WHERE domain_id = ? AND status = ? LIMIT 1');
$stmt->execute([$domain_id, 'pendingTransfer']); $stmt->execute([$domain_id, 'pendingTransfer']);
$existingStatus = $stmt->fetchColumn(); $existingStatus = $stmt->fetchColumn();
$stmt->closeCursor();
if ($existingStatus === 'pendingTransfer') { if ($existingStatus === 'pendingTransfer') {
$deleteStmt = $db->prepare('DELETE FROM domain_status WHERE domain_id = ? AND status = ?'); $deleteStmt = $db->prepare('DELETE FROM domain_status WHERE domain_id = ? AND status = ?');
@ -912,10 +959,12 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmtReID = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1"); $stmtReID = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1");
$stmtReID->execute(['reid' => $reid]); $stmtReID->execute(['reid' => $reid]);
$reid_identifier = $stmtReID->fetchColumn(); $reid_identifier = $stmtReID->fetchColumn();
$stmtReID->closeCursor();
$stmtAcID = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1"); $stmtAcID = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1");
$stmtAcID->execute(['acid' => $acid]); $stmtAcID->execute(['acid' => $acid]);
$acid_identifier = $stmtAcID->fetchColumn(); $acid_identifier = $stmtAcID->fetchColumn();
$stmtAcID->closeCursor();
$svTRID = generateSvTRID(); $svTRID = generateSvTRID();
$response = [ $response = [
@ -957,6 +1006,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt->bindParam(':token', $allocationTokenValue, PDO::PARAM_STR); $stmt->bindParam(':token', $allocationTokenValue, PDO::PARAM_STR);
$stmt->execute(); $stmt->execute();
$token = $stmt->fetchColumn(); $token = $stmt->fetchColumn();
$stmt->closeCursor();
if ($token) { if ($token) {
// No action needed, script continues // No action needed, script continues
@ -970,6 +1020,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT DATEDIFF(CURRENT_TIMESTAMP(3), crdate) FROM domain WHERE id = :domain_id LIMIT 1"); $stmt = $db->prepare("SELECT DATEDIFF(CURRENT_TIMESTAMP(3), crdate) FROM domain WHERE id = :domain_id LIMIT 1");
$stmt->execute(['domain_id' => $domain_id]); $stmt->execute(['domain_id' => $domain_id]);
$days_from_registration = $stmt->fetchColumn(); $days_from_registration = $stmt->fetchColumn();
$stmt->closeCursor();
if ($days_from_registration < 60) { if ($days_from_registration < 60) {
sendEppError($conn, $db, 2201, 'The domain name must not be within 60 days of its initial registration', $clTRID, $trans); sendEppError($conn, $db, 2201, 'The domain name must not be within 60 days of its initial registration', $clTRID, $trans);
@ -980,6 +1031,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT trdate, DATEDIFF(CURRENT_TIMESTAMP(3),trdate) AS intval FROM domain WHERE id = :domain_id LIMIT 1"); $stmt = $db->prepare("SELECT trdate, DATEDIFF(CURRENT_TIMESTAMP(3),trdate) AS intval FROM domain WHERE id = :domain_id LIMIT 1");
$stmt->execute(['domain_id' => $domain_id]); $stmt->execute(['domain_id' => $domain_id]);
$result = $stmt->fetch(); $result = $stmt->fetch();
$stmt->closeCursor();
$last_trdate = $result["trdate"]; $last_trdate = $result["trdate"];
$days_from_last_transfer = $result["intval"]; $days_from_last_transfer = $result["intval"];
@ -992,6 +1044,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT DATEDIFF(CURRENT_TIMESTAMP(3),exdate) FROM domain WHERE id = :domain_id LIMIT 1"); $stmt = $db->prepare("SELECT DATEDIFF(CURRENT_TIMESTAMP(3),exdate) FROM domain WHERE id = :domain_id LIMIT 1");
$stmt->execute(['domain_id' => $domain_id]); $stmt->execute(['domain_id' => $domain_id]);
$days_from_expiry_date = $stmt->fetchColumn(); $days_from_expiry_date = $stmt->fetchColumn();
$stmt->closeCursor();
if ($days_from_expiry_date > 30) { if ($days_from_expiry_date > 30) {
sendEppError($conn, $db, 2201, 'The domain name must not be more than 30 days past its expiry date', $clTRID, $trans); sendEppError($conn, $db, 2201, 'The domain name must not be more than 30 days past its expiry date', $clTRID, $trans);
@ -1002,6 +1055,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT id FROM domain_authInfo WHERE domain_id = :domain_id AND authtype = 'pw' AND authinfo = :authInfo_pw LIMIT 1"); $stmt = $db->prepare("SELECT id FROM domain_authInfo WHERE domain_id = :domain_id AND authtype = 'pw' AND authinfo = :authInfo_pw LIMIT 1");
$stmt->execute(['domain_id' => $domain_id, 'authInfo_pw' => $authInfo_pw]); $stmt->execute(['domain_id' => $domain_id, 'authInfo_pw' => $authInfo_pw]);
$domain_authinfo_id = $stmt->fetchColumn(); $domain_authinfo_id = $stmt->fetchColumn();
$stmt->closeCursor();
if (!$domain_authinfo_id) { if (!$domain_authinfo_id) {
sendEppError($conn, $db, 2202, 'authInfo pw is invalid', $clTRID, $trans); sendEppError($conn, $db, 2202, 'authInfo pw is invalid', $clTRID, $trans);
@ -1017,6 +1071,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
return; return;
} }
} }
$stmt->closeCursor();
if ($clid == $registrar_id_domain) { if ($clid == $registrar_id_domain) {
sendEppError($conn, $db, 2106, 'Destination client of the transfer operation is the domain sponsoring client', $clTRID, $trans); sendEppError($conn, $db, 2106, 'Destination client of the transfer operation is the domain sponsoring client', $clTRID, $trans);
@ -1026,6 +1081,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT id, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate FROM domain WHERE name = ? LIMIT 1"); $stmt = $db->prepare("SELECT id, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate FROM domain WHERE name = ? LIMIT 1");
$stmt->execute([$domainName]); $stmt->execute([$domainName]);
$row = $stmt->fetch(PDO::FETCH_ASSOC); $row = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$domain_id = $row['id']; $domain_id = $row['id'];
$registrant = $row['registrant']; $registrant = $row['registrant'];
@ -1078,6 +1134,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT accountBalance, creditLimit, currency FROM registrar WHERE id = :registrar_id LIMIT 1"); $stmt = $db->prepare("SELECT accountBalance, creditLimit, currency FROM registrar WHERE id = :registrar_id LIMIT 1");
$stmt->execute([':registrar_id' => $clid]); $stmt->execute([':registrar_id' => $clid]);
$result = $stmt->fetch(PDO::FETCH_ASSOC); $result = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$registrar_balance = $result["accountBalance"]; $registrar_balance = $result["accountBalance"];
$creditLimit = $result["creditLimit"]; $creditLimit = $result["creditLimit"];
$currency = $result["currency"]; $currency = $result["currency"];
@ -1097,6 +1154,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare('SELECT status FROM domain_status WHERE domain_id = ? AND status = ? LIMIT 1'); $stmt = $db->prepare('SELECT status FROM domain_status WHERE domain_id = ? AND status = ? LIMIT 1');
$stmt->execute([$domain_id, 'ok']); $stmt->execute([$domain_id, 'ok']);
$existingStatus = $stmt->fetchColumn(); $existingStatus = $stmt->fetchColumn();
$stmt->closeCursor();
if ($existingStatus === 'ok') { if ($existingStatus === 'ok') {
$deleteStmt = $db->prepare('DELETE FROM domain_status WHERE domain_id = ? AND status = ?'); $deleteStmt = $db->prepare('DELETE FROM domain_status WHERE domain_id = ? AND status = ?');
@ -1114,16 +1172,19 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT id, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate, transfer_exdate FROM domain WHERE name = :name LIMIT 1"); $stmt = $db->prepare("SELECT id, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate, transfer_exdate FROM domain WHERE name = :name LIMIT 1");
$stmt->execute([':name' => $domainName]); $stmt->execute([':name' => $domainName]);
$result = $stmt->fetch(PDO::FETCH_ASSOC); $result = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
list($domain_id, $registrant, $crdate, $exdate, $lastupdate, $registrar_id_domain, $crid, $upid, $trdate, $trstatus, $reid, $redate, $acid, $acdate, $transfer_exdate) = array_values($result); list($domain_id, $registrant, $crdate, $exdate, $lastupdate, $registrar_id_domain, $crid, $upid, $trdate, $trstatus, $reid, $redate, $acid, $acdate, $transfer_exdate) = array_values($result);
$stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1"); $stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1");
$stmt->execute([':reid' => $reid]); $stmt->execute([':reid' => $reid]);
$reid_identifier = $stmt->fetchColumn(); $reid_identifier = $stmt->fetchColumn();
$stmt->closeCursor();
$stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1"); $stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1");
$stmt->execute([':acid' => $acid]); $stmt->execute([':acid' => $acid]);
$acid_identifier = $stmt->fetchColumn(); $acid_identifier = $stmt->fetchColumn();
$stmt->closeCursor();
// The current sponsoring registrar will receive a notification of a pending transfer // The current sponsoring registrar will receive a notification of a pending transfer
$stmt = $db->prepare("INSERT INTO poll (registrar_id,qdate,msg,msg_type,obj_name_or_id,obj_trStatus,obj_reID,obj_reDate,obj_acID,obj_acDate,obj_exDate) VALUES(:registrar_id_domain, CURRENT_TIMESTAMP(3), 'Transfer requested.', 'domainTransfer', :name, 'pending', :reid_identifier, :redate, :acid_identifier, :acdate, :transfer_exdate)"); $stmt = $db->prepare("INSERT INTO poll (registrar_id,qdate,msg,msg_type,obj_name_or_id,obj_trStatus,obj_reID,obj_reDate,obj_acID,obj_acDate,obj_exDate) VALUES(:registrar_id_domain, CURRENT_TIMESTAMP(3), 'Transfer requested.', 'domainTransfer', :name, 'pending', :reid_identifier, :redate, :acid_identifier, :acdate, :transfer_exdate)");
@ -1177,6 +1238,7 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare('SELECT status FROM domain_status WHERE domain_id = ? AND status = ? LIMIT 1'); $stmt = $db->prepare('SELECT status FROM domain_status WHERE domain_id = ? AND status = ? LIMIT 1');
$stmt->execute([$domain_id, 'ok']); $stmt->execute([$domain_id, 'ok']);
$existingStatus = $stmt->fetchColumn(); $existingStatus = $stmt->fetchColumn();
$stmt->closeCursor();
if ($existingStatus === 'ok') { if ($existingStatus === 'ok') {
$deleteStmt = $db->prepare('DELETE FROM domain_status WHERE domain_id = ? AND status = ?'); $deleteStmt = $db->prepare('DELETE FROM domain_status WHERE domain_id = ? AND status = ?');
@ -1194,16 +1256,19 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
$stmt = $db->prepare("SELECT id, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate, transfer_exdate FROM domain WHERE name = :name LIMIT 1"); $stmt = $db->prepare("SELECT id, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate, transfer_exdate FROM domain WHERE name = :name LIMIT 1");
$stmt->execute([':name' => $domainName]); $stmt->execute([':name' => $domainName]);
$result = $stmt->fetch(PDO::FETCH_ASSOC); $result = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
list($domain_id, $registrant, $crdate, $exdate, $lastupdate, $registrar_id_domain, $crid, $upid, $trdate, $trstatus, $reid, $redate, $acid, $acdate, $transfer_exdate) = array_values($result); list($domain_id, $registrant, $crdate, $exdate, $lastupdate, $registrar_id_domain, $crid, $upid, $trdate, $trstatus, $reid, $redate, $acid, $acdate, $transfer_exdate) = array_values($result);
$stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1"); $stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :reid LIMIT 1");
$stmt->execute([':reid' => $reid]); $stmt->execute([':reid' => $reid]);
$reid_identifier = $stmt->fetchColumn(); $reid_identifier = $stmt->fetchColumn();
$stmt->closeCursor();
$stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1"); $stmt = $db->prepare("SELECT clid FROM registrar WHERE id = :acid LIMIT 1");
$stmt->execute([':acid' => $acid]); $stmt->execute([':acid' => $acid]);
$acid_identifier = $stmt->fetchColumn(); $acid_identifier = $stmt->fetchColumn();
$stmt->closeCursor();
// Notify the current sponsoring registrar of the pending transfer // Notify the current sponsoring registrar of the pending transfer
$stmt = $db->prepare("INSERT INTO poll (registrar_id, qdate, msg, msg_type, obj_name_or_id, obj_trStatus, obj_reID, obj_reDate, obj_acID, obj_acDate, obj_exDate) VALUES(:registrar_id_domain, CURRENT_TIMESTAMP(3), 'Transfer requested.', 'domainTransfer', :name, 'pending', :reid_identifier, :redate, :acid_identifier, :acdate, NULL)"); $stmt = $db->prepare("INSERT INTO poll (registrar_id, qdate, msg, msg_type, obj_name_or_id, obj_trStatus, obj_reID, obj_reDate, obj_acID, obj_acDate, obj_exDate) VALUES(:registrar_id_domain, CURRENT_TIMESTAMP(3), 'Transfer requested.', 'domainTransfer', :name, 'pending', :reid_identifier, :redate, :acid_identifier, :acdate, NULL)");

77
epp/src/epp-update.php
View file

@ -22,6 +22,7 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT id, clid FROM contact WHERE identifier = :identifier LIMIT 1"); $stmt = $db->prepare("SELECT id, clid FROM contact WHERE identifier = :identifier LIMIT 1");
$stmt->execute([':identifier' => $contactID]); $stmt->execute([':identifier' => $contactID]);
$row = $stmt->fetch(PDO::FETCH_ASSOC); $row = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$contact_id = $row['id'] ?? null; $contact_id = $row['id'] ?? null;
$registrar_id_contact = $row['clid'] ?? null; $registrar_id_contact = $row['clid'] ?? null;
@ -29,13 +30,8 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
sendEppError($conn, $db, 2303, 'Contact does not exist', $clTRID, $trans); sendEppError($conn, $db, 2303, 'Contact does not exist', $clTRID, $trans);
return; return;
} }
$stmt = $db->prepare("SELECT id FROM registrar WHERE clid = :clid LIMIT 1");
$stmt->bindParam(':clid', $clid, PDO::PARAM_STR);
$stmt->execute();
$clid = $stmt->fetch(PDO::FETCH_ASSOC);
$clid = $clid['id'];
$clid = getClid($db, $clid);
if ($clid != $registrar_id_contact) { if ($clid != $registrar_id_contact) {
sendEppError($conn, $db, 2201, 'It belongs to another registrar', $clTRID, $trans); sendEppError($conn, $db, 2201, 'It belongs to another registrar', $clTRID, $trans);
return; return;
@ -50,11 +46,13 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
return; return;
} }
} }
$stmt->closeCursor();
$clientUpdateProhibited = 0; $clientUpdateProhibited = 0;
$stmt = $db->prepare("SELECT id FROM contact_status WHERE contact_id = :contact_id AND status = 'clientUpdateProhibited' LIMIT 1"); $stmt = $db->prepare("SELECT id FROM contact_status WHERE contact_id = :contact_id AND status = 'clientUpdateProhibited' LIMIT 1");
$stmt->execute([':contact_id' => $contact_id]); $stmt->execute([':contact_id' => $contact_id]);
$clientUpdateProhibited = $stmt->fetchColumn(); $clientUpdateProhibited = $stmt->fetchColumn();
$stmt->closeCursor();
if ($contactRem) { if ($contactRem) {
$statusList = $xml->xpath('//contact:status/@s', $contactRem); $statusList = $xml->xpath('//contact:status/@s', $contactRem);
@ -100,6 +98,7 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT id FROM contact_status WHERE contact_id = :contact_id AND status = :status LIMIT 1"); $stmt = $db->prepare("SELECT id FROM contact_status WHERE contact_id = :contact_id AND status = :status LIMIT 1");
$stmt->execute([':contact_id' => $contact_id, ':status' => $status]); $stmt->execute([':contact_id' => $contact_id, ':status' => $status]);
$contactStatusId = $stmt->fetchColumn(); $contactStatusId = $stmt->fetchColumn();
$stmt->closeCursor();
if ($contactStatusId) { if ($contactStatusId) {
sendEppError($conn, $db, 2306, 'This status '.$status.' already exists for this contact', $clTRID, $trans); sendEppError($conn, $db, 2306, 'This status '.$status.' already exists for this contact', $clTRID, $trans);
@ -110,10 +109,7 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
} }
if ($contactChg) { if ($contactChg) {
$stmt = $db->prepare("SELECT id FROM registrar WHERE clid = :clid LIMIT 1"); $clid = getClid($db, $clid);
$stmt->bindParam(':clid', $clid, PDO::PARAM_STR);
$stmt->execute();
$clid = $stmt->fetch(PDO::FETCH_ASSOC);
$postalInfoInt = null; $postalInfoInt = null;
$postalInfoLoc = null; $postalInfoLoc = null;
@ -433,6 +429,7 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt->bindParam(':contact_id', $contact_id, PDO::PARAM_INT); $stmt->bindParam(':contact_id', $contact_id, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC); $row = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
extract($row); extract($row);
if ($postalInfoInt) { if ($postalInfoInt) {
@ -441,6 +438,7 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt_int->bindParam(':contact_id', $contact_id, PDO::PARAM_INT); $stmt_int->bindParam(':contact_id', $contact_id, PDO::PARAM_INT);
$stmt_int->execute(); $stmt_int->execute();
$row_int = $stmt_int->fetch(PDO::FETCH_ASSOC); $row_int = $stmt_int->fetch(PDO::FETCH_ASSOC);
$stmt_int->closeCursor();
extract($row_int); extract($row_int);
} }
@ -450,6 +448,7 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt_loc->bindParam(':contact_id', $contact_id, PDO::PARAM_INT); $stmt_loc->bindParam(':contact_id', $contact_id, PDO::PARAM_INT);
$stmt_loc->execute(); $stmt_loc->execute();
$row_loc = $stmt_loc->fetch(PDO::FETCH_ASSOC); $row_loc = $stmt_loc->fetch(PDO::FETCH_ASSOC);
$stmt_loc->closeCursor();
extract($row_loc); extract($row_loc);
} }
@ -458,12 +457,14 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt_pw->bindParam(':contact_id', $contact_id, PDO::PARAM_INT); $stmt_pw->bindParam(':contact_id', $contact_id, PDO::PARAM_INT);
$stmt_pw->execute(); $stmt_pw->execute();
$e_authInfo_pw = $stmt_pw->fetchColumn(); $e_authInfo_pw = $stmt_pw->fetchColumn();
$stmt_pw->closeCursor();
// For contact_authInfo table with authtype = 'ext' // For contact_authInfo table with authtype = 'ext'
$stmt_ext = $db->prepare("SELECT authinfo FROM contact_authInfo WHERE contact_id = :contact_id AND authtype = 'ext' LIMIT 1"); $stmt_ext = $db->prepare("SELECT authinfo FROM contact_authInfo WHERE contact_id = :contact_id AND authtype = 'ext' LIMIT 1");
$stmt_ext->bindParam(':contact_id', $contact_id, PDO::PARAM_INT); $stmt_ext->bindParam(':contact_id', $contact_id, PDO::PARAM_INT);
$stmt_ext->execute(); $stmt_ext->execute();
$e_authInfo_ext = $stmt_ext->fetchColumn(); $e_authInfo_ext = $stmt_ext->fetchColumn();
$stmt_ext->closeCursor();
$postalInfo_int = $xml->xpath("//contact:postalInfo[@type='int']")[0] ?? null; $postalInfo_int = $xml->xpath("//contact:postalInfo[@type='int']")[0] ?? null;
if ($postalInfoInt) { if ($postalInfoInt) {
@ -692,6 +693,7 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt->execute([$name]); $stmt->execute([$name]);
$row = $stmt->fetch(PDO::FETCH_ASSOC); $row = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$hostId = $row['id'] ?? null; $hostId = $row['id'] ?? null;
$registrarIdHost = $row['clid'] ?? null; $registrarIdHost = $row['clid'] ?? null;
@ -700,12 +702,7 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
return; return;
} }
$stmt = $db->prepare("SELECT id FROM registrar WHERE clid = :clid LIMIT 1"); $clid = getClid($db, $clid);
$stmt->bindParam(':clid', $clid, PDO::PARAM_STR);
$stmt->execute();
$clid = $stmt->fetch(PDO::FETCH_ASSOC);
$clid = $clid['id'];
if ($clid !== $registrarIdHost) { if ($clid !== $registrarIdHost) {
sendEppError($conn, $db, 2201, 'Not registrar for host', $clTRID, $trans); sendEppError($conn, $db, 2201, 'Not registrar for host', $clTRID, $trans);
return; return;
@ -721,12 +718,14 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
return; return;
} }
} }
$stmtStatus->closeCursor();
$clientUpdateProhibited = 0; $clientUpdateProhibited = 0;
$stmtClientUpdateProhibited = $db->prepare("SELECT id FROM host_status WHERE host_id = ? AND status = 'clientUpdateProhibited' LIMIT 1"); $stmtClientUpdateProhibited = $db->prepare("SELECT id FROM host_status WHERE host_id = ? AND status = 'clientUpdateProhibited' LIMIT 1");
$stmtClientUpdateProhibited->execute([$hostId]); $stmtClientUpdateProhibited->execute([$hostId]);
$clientUpdateProhibited = $stmtClientUpdateProhibited->fetchColumn(); $clientUpdateProhibited = $stmtClientUpdateProhibited->fetchColumn();
$stmtClientUpdateProhibited->closeCursor();
if (isset($hostRem)) { if (isset($hostRem)) {
$addrList = $xml->xpath('//host:rem/host:addr'); $addrList = $xml->xpath('//host:rem/host:addr');
@ -774,6 +773,7 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT id FROM host_status WHERE host_id = ? AND status = ? LIMIT 1"); $stmt = $db->prepare("SELECT id FROM host_status WHERE host_id = ? AND status = ? LIMIT 1");
$stmt->execute([$hostId, $status]); $stmt->execute([$hostId, $status]);
$contact_status_id = $stmt->fetchColumn(); $contact_status_id = $stmt->fetchColumn();
$stmt->closeCursor();
if ($contact_status_id) { if ($contact_status_id) {
sendEppError($conn, $db, 2306, 'This status '.$status.' already exists for this host', $clTRID, $trans); sendEppError($conn, $db, 2306, 'This status '.$status.' already exists for this host', $clTRID, $trans);
return; return;
@ -792,6 +792,7 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT id FROM host_addr WHERE host_id = ? AND addr = ? AND ip = '6' LIMIT 1"); $stmt = $db->prepare("SELECT id FROM host_addr WHERE host_id = ? AND addr = ? AND ip = '6' LIMIT 1");
$stmt->execute([$hostId, $addr]); $stmt->execute([$hostId, $addr]);
$ipv6_addr_already_exists = $stmt->fetchColumn(); $ipv6_addr_already_exists = $stmt->fetchColumn();
$stmt->closeCursor();
if ($ipv6_addr_already_exists) { if ($ipv6_addr_already_exists) {
sendEppError($conn, $db, 2306, 'This addr '.$addr.' already exists for this host', $clTRID, $trans); sendEppError($conn, $db, 2306, 'This addr '.$addr.' already exists for this host', $clTRID, $trans);
return; return;
@ -808,6 +809,7 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT id FROM host_addr WHERE host_id = ? AND addr = ? AND ip = '4' LIMIT 1"); $stmt = $db->prepare("SELECT id FROM host_addr WHERE host_id = ? AND addr = ? AND ip = '4' LIMIT 1");
$stmt->execute([$hostId, $addr]); $stmt->execute([$hostId, $addr]);
$ipv4_addr_already_exists = $stmt->fetchColumn(); $ipv4_addr_already_exists = $stmt->fetchColumn();
$stmt->closeCursor();
if ($ipv4_addr_already_exists) { if ($ipv4_addr_already_exists) {
sendEppError($conn, $db, 2306, 'This addr '.$addr.' already exists for this host', $clTRID, $trans); sendEppError($conn, $db, 2306, 'This addr '.$addr.' already exists for this host', $clTRID, $trans);
return; return;
@ -832,6 +834,7 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT id FROM host WHERE name = ? LIMIT 1"); $stmt = $db->prepare("SELECT id FROM host WHERE name = ? LIMIT 1");
$stmt->execute([$chg_name]); $stmt->execute([$chg_name]);
$chg_name_id = $stmt->fetchColumn(); $chg_name_id = $stmt->fetchColumn();
$stmt->closeCursor();
if ($chg_name_id) { if ($chg_name_id) {
sendEppError($conn, $db, 2306, 'If it already exists, then we can\'t change it', $clTRID, $trans); sendEppError($conn, $db, 2306, 'If it already exists, then we can\'t change it', $clTRID, $trans);
@ -845,11 +848,13 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT domain_id FROM host WHERE name = ? LIMIT 1"); $stmt = $db->prepare("SELECT domain_id FROM host WHERE name = ? LIMIT 1");
$stmt->execute([$name]); $stmt->execute([$name]);
$domain_id = $stmt->fetchColumn(); $domain_id = $stmt->fetchColumn();
$stmt->closeCursor();
if ($domain_id) { if ($domain_id) {
$stmt = $db->prepare("SELECT name FROM domain WHERE id = ? LIMIT 1"); $stmt = $db->prepare("SELECT name FROM domain WHERE id = ? LIMIT 1");
$stmt->execute([$domain_id]); $stmt->execute([$domain_id]);
$domain_name = $stmt->fetchColumn(); $domain_name = $stmt->fetchColumn();
$stmt->closeCursor();
if (!stripos($chg_name, ".$domain_name")) { if (!stripos($chg_name, ".$domain_name")) {
sendEppError($conn, $db, 2005, 'It must be a subdomain of '.$domain_name, $clTRID, $trans); sendEppError($conn, $db, 2005, 'It must be a subdomain of '.$domain_name, $clTRID, $trans);
@ -868,6 +873,7 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
break; break;
} }
} }
$stmt->closeCursor();
if ($internal_host) { if ($internal_host) {
sendEppError($conn, $db, 2005, 'Must be external host', $clTRID, $trans); sendEppError($conn, $db, 2005, 'Must be external host', $clTRID, $trans);
@ -882,6 +888,7 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
LIMIT 1"); LIMIT 1");
$stmt->execute([$hostId]); $stmt->execute([$hostId]);
$domain_host_map_id = $stmt->fetchColumn(); $domain_host_map_id = $stmt->fetchColumn();
$stmt->closeCursor();
if ($domain_host_map_id) { if ($domain_host_map_id) {
sendEppError($conn, $db, 2305, 'It is not possible to modify because it is a dependency, it is used by some domain as NS', $clTRID, $trans); sendEppError($conn, $db, 2305, 'It is not possible to modify because it is a dependency, it is used by some domain as NS', $clTRID, $trans);
@ -992,6 +999,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT value FROM settings WHERE name = 'launch_phases' LIMIT 1"); $stmt = $db->prepare("SELECT value FROM settings WHERE name = 'launch_phases' LIMIT 1");
$stmt->execute(); $stmt->execute();
$launch_extension_enabled = $stmt->fetchColumn(); $launch_extension_enabled = $stmt->fetchColumn();
$stmt->closeCursor();
} }
if ($domainRem === null && $domainAdd === null && $domainChg === null && $extensionNode === null) { if ($domainRem === null && $domainAdd === null && $domainChg === null && $extensionNode === null) {
@ -1007,18 +1015,14 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT id,tldid,exdate,clid FROM domain WHERE name = ? LIMIT 1"); $stmt = $db->prepare("SELECT id,tldid,exdate,clid FROM domain WHERE name = ? LIMIT 1");
$stmt->execute([$domainName]); $stmt->execute([$domainName]);
$row = $stmt->fetch(PDO::FETCH_ASSOC); $row = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
if (!$row) { if (!$row) {
sendEppError($conn, $db, 2303, 'Domain name does not exist', $clTRID, $trans); sendEppError($conn, $db, 2303, 'Domain name does not exist', $clTRID, $trans);
return; return;
} }
$stmt = $db->prepare("SELECT id FROM registrar WHERE clid = :clid LIMIT 1"); $clid = getClid($db, $clid);
$stmt->bindParam(':clid', $clid, PDO::PARAM_STR);
$stmt->execute();
$clid = $stmt->fetch(PDO::FETCH_ASSOC);
$clid = $clid['id'];
if ($clid != $row['clid']) { if ($clid != $row['clid']) {
sendEppError($conn, $db, 2201, 'You do not have privileges to modify a domain name that belongs to another registrar', $clTRID, $trans); sendEppError($conn, $db, 2201, 'You do not have privileges to modify a domain name that belongs to another registrar', $clTRID, $trans);
return; return;
@ -1048,6 +1052,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
} }
$launch_valid = $stmt->fetchColumn(); $launch_valid = $stmt->fetchColumn();
$stmt->closeCursor();
if (!$launch_valid) { if (!$launch_valid) {
sendEppError($conn, $db, 2304, 'Invalid launch phase or applicationID for this domain', $clTRID, $trans); sendEppError($conn, $db, 2304, 'Invalid launch phase or applicationID for this domain', $clTRID, $trans);
@ -1063,11 +1068,13 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
return; return;
} }
} }
$stmt->closeCursor();
$clientUpdateProhibited = 0; $clientUpdateProhibited = 0;
$stmt = $db->prepare("SELECT id FROM domain_status WHERE domain_id = ? AND status = 'clientUpdateProhibited' LIMIT 1"); $stmt = $db->prepare("SELECT id FROM domain_status WHERE domain_id = ? AND status = 'clientUpdateProhibited' LIMIT 1");
$stmt->execute([$row['id']]); $stmt->execute([$row['id']]);
$clientUpdateProhibited = $stmt->fetchColumn(); $clientUpdateProhibited = $stmt->fetchColumn();
$stmt->closeCursor();
if (isset($domainRem)) { if (isset($domainRem)) {
$ns = $xml->xpath('//domain:rem/domain:ns') ?? []; $ns = $xml->xpath('//domain:rem/domain:ns') ?? [];
@ -1130,6 +1137,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT id FROM domain_status WHERE domain_id = ? AND status = ? LIMIT 1"); $stmt = $db->prepare("SELECT id FROM domain_status WHERE domain_id = ? AND status = ? LIMIT 1");
$stmt->execute([$row['id'], $status]); $stmt->execute([$row['id'], $status]);
$domainStatusId = $stmt->fetchColumn(); $domainStatusId = $stmt->fetchColumn();
$stmt->closeCursor();
if ($domainStatusId) { if ($domainStatusId) {
sendEppError($conn, $db, 2306, 'This status '.$status.' already exists for this domain', $clTRID, $trans); sendEppError($conn, $db, 2306, 'This status '.$status.' already exists for this domain', $clTRID, $trans);
@ -1197,6 +1205,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT tld FROM domain_tld"); $stmt = $db->prepare("SELECT tld FROM domain_tld");
$stmt->execute(); $stmt->execute();
$tlds = $stmt->fetchAll(PDO::FETCH_COLUMN); $tlds = $stmt->fetchAll(PDO::FETCH_COLUMN);
$stmt->closeCursor();
$host_from_this_registry = 0; $host_from_this_registry = 0;
foreach ($tlds as $tld) { foreach ($tlds as $tld) {
$tld = preg_quote(strtoupper($tld), '/'); $tld = preg_quote(strtoupper($tld), '/');
@ -1214,6 +1223,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt->bindParam(':hostObj', $hostObj); $stmt->bindParam(':hostObj', $hostObj);
$stmt->execute(); $stmt->execute();
$host_id_already_exist = $stmt->fetchColumn(); $host_id_already_exist = $stmt->fetchColumn();
$stmt->closeCursor();
if (!$host_id_already_exist) { if (!$host_id_already_exist) {
sendEppError($conn, $db, 2303, 'Invalid domain:hostObj '.$hostObj, $clTRID, $trans); sendEppError($conn, $db, 2303, 'Invalid domain:hostObj '.$hostObj, $clTRID, $trans);
return; return;
@ -1287,6 +1297,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT id FROM contact WHERE identifier = ? LIMIT 1"); $stmt = $db->prepare("SELECT id FROM contact WHERE identifier = ? LIMIT 1");
$stmt->execute([$contact]); $stmt->execute([$contact]);
$contact_id = $stmt->fetchColumn(); $contact_id = $stmt->fetchColumn();
$stmt->closeCursor();
if (!$contact_id) { if (!$contact_id) {
sendEppError($conn, $db, 2303, 'This contact '.$contact.' does not exist', $clTRID, $trans); sendEppError($conn, $db, 2303, 'This contact '.$contact.' does not exist', $clTRID, $trans);
@ -1296,6 +1307,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt2 = $db->prepare("SELECT id FROM domain_contact_map WHERE domain_id = ? AND contact_id = ? AND type = ? LIMIT 1"); $stmt2 = $db->prepare("SELECT id FROM domain_contact_map WHERE domain_id = ? AND contact_id = ? AND type = ? LIMIT 1");
$stmt2->execute([$row['id'], $contact_id, $contact_type]); $stmt2->execute([$row['id'], $contact_id, $contact_type]);
$domain_contact_map_id = $stmt2->fetchColumn(); $domain_contact_map_id = $stmt2->fetchColumn();
$stmt2->closeCursor();
if ($domain_contact_map_id) { if ($domain_contact_map_id) {
sendEppError($conn, $db, 2306, 'This contact '.$contact.' already exists for type '.$contact_type, $clTRID, $trans); sendEppError($conn, $db, 2306, 'This contact '.$contact.' already exists for type '.$contact_type, $clTRID, $trans);
@ -1314,6 +1326,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt3 = $db->prepare("SELECT id FROM contact WHERE identifier = ? LIMIT 1"); $stmt3 = $db->prepare("SELECT id FROM contact WHERE identifier = ? LIMIT 1");
$stmt3->execute([$registrant]); $stmt3->execute([$registrant]);
$registrant_id = $stmt3->fetchColumn(); $registrant_id = $stmt3->fetchColumn();
$stmt3->closeCursor();
if (!$registrant_id) { if (!$registrant_id) {
sendEppError($conn, $db, 2303, 'Registrant does not exist', $clTRID, $trans); sendEppError($conn, $db, 2303, 'Registrant does not exist', $clTRID, $trans);
@ -1329,6 +1342,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
return; return;
} }
} }
$stmt4->closeCursor();
$authInfo_pw_elements = $domainChg->xpath('//domain:authInfo/domain:pw[1]'); $authInfo_pw_elements = $domainChg->xpath('//domain:authInfo/domain:pw[1]');
if (!empty($authInfo_pw_elements)) { if (!empty($authInfo_pw_elements)) {
@ -1361,6 +1375,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt->bindParam(':domain_id', $domain_id, PDO::PARAM_INT); $stmt->bindParam(':domain_id', $domain_id, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$temp_id_rgpstatus = $stmt->fetchColumn(); $temp_id_rgpstatus = $stmt->fetchColumn();
$stmt->closeCursor();
if ($temp_id_rgpstatus == 0) { if ($temp_id_rgpstatus == 0) {
sendEppError($conn, $db, 2304, 'pendingRestore can only be done if the domain is now in redemptionPeriod rgpStatus', $clTRID, $trans); sendEppError($conn, $db, 2304, 'pendingRestore can only be done if the domain is now in redemptionPeriod rgpStatus', $clTRID, $trans);
@ -1371,6 +1386,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt->bindParam(':domain_id', $domain_id, PDO::PARAM_INT); $stmt->bindParam(':domain_id', $domain_id, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$temp_id_status = $stmt->fetchColumn(); $temp_id_status = $stmt->fetchColumn();
$stmt->closeCursor();
if ($temp_id_status == 0) { if ($temp_id_status == 0) {
sendEppError($conn, $db, 2304, 'pendingRestore can only be done if the domain is now in pendingDelete status', $clTRID, $trans); sendEppError($conn, $db, 2304, 'pendingRestore can only be done if the domain is now in pendingDelete status', $clTRID, $trans);
@ -1381,6 +1397,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt->bindParam(':domain_id', $domain_id, PDO::PARAM_INT); $stmt->bindParam(':domain_id', $domain_id, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$temp_id = $stmt->fetchColumn(); $temp_id = $stmt->fetchColumn();
$stmt->closeCursor();
if ($temp_id == 0) { if ($temp_id == 0) {
sendEppError($conn, $db, 2304, 'report can only be sent if the domain is in pendingRestore status', $clTRID, $trans); sendEppError($conn, $db, 2304, 'report can only be sent if the domain is in pendingRestore status', $clTRID, $trans);
@ -1405,6 +1422,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt->bindParam(':hostObj', $hostObj, PDO::PARAM_STR); $stmt->bindParam(':hostObj', $hostObj, PDO::PARAM_STR);
$stmt->execute(); $stmt->execute();
$host_id = $stmt->fetchColumn(); $host_id = $stmt->fetchColumn();
$stmt->closeCursor();
if ($host_id) { if ($host_id) {
$stmt = $db->prepare("DELETE FROM domain_host_map WHERE domain_id = :domain_id AND host_id = :host_id"); $stmt = $db->prepare("DELETE FROM domain_host_map WHERE domain_id = :domain_id AND host_id = :host_id");
@ -1430,6 +1448,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt->bindParam(':hostName', $hostName, PDO::PARAM_STR); $stmt->bindParam(':hostName', $hostName, PDO::PARAM_STR);
$stmt->execute(); $stmt->execute();
$host_id = $stmt->fetchColumn(); $host_id = $stmt->fetchColumn();
$stmt->closeCursor();
if ($host_id) { if ($host_id) {
$stmt = $db->prepare("DELETE FROM domain_host_map WHERE domain_id = :domain_id AND host_id = :host_id"); $stmt = $db->prepare("DELETE FROM domain_host_map WHERE domain_id = :domain_id AND host_id = :host_id");
@ -1462,6 +1481,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt->bindParam(':contact', $contact, PDO::PARAM_STR); $stmt->bindParam(':contact', $contact, PDO::PARAM_STR);
$stmt->execute(); $stmt->execute();
$contact_id = $stmt->fetchColumn(); $contact_id = $stmt->fetchColumn();
$stmt->closeCursor();
if ($contact_id) { if ($contact_id) {
$stmt = $db->prepare("DELETE FROM domain_contact_map WHERE domain_id = :domain_id AND contact_id = :contact_id AND type = :contact_type"); $stmt = $db->prepare("DELETE FROM domain_contact_map WHERE domain_id = :domain_id AND contact_id = :contact_id AND type = :contact_type");
@ -1509,6 +1529,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt->bindParam(':hostObj', $hostObj, PDO::PARAM_STR); $stmt->bindParam(':hostObj', $hostObj, PDO::PARAM_STR);
$stmt->execute(); $stmt->execute();
$hostObj_already_exist = $stmt->fetchColumn(); $hostObj_already_exist = $stmt->fetchColumn();
$stmt->closeCursor();
if ($hostObj_already_exist) { if ($hostObj_already_exist) {
$stmt = $db->prepare("SELECT domain_id FROM domain_host_map WHERE domain_id = :domain_id AND host_id = :hostObj_already_exist LIMIT 1"); $stmt = $db->prepare("SELECT domain_id FROM domain_host_map WHERE domain_id = :domain_id AND host_id = :hostObj_already_exist LIMIT 1");
@ -1516,6 +1537,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt->bindParam(':hostObj_already_exist', $hostObj_already_exist, PDO::PARAM_INT); $stmt->bindParam(':hostObj_already_exist', $hostObj_already_exist, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$domain_host_map_id = $stmt->fetchColumn(); $domain_host_map_id = $stmt->fetchColumn();
$stmt->closeCursor();
if (!$domain_host_map_id) { if (!$domain_host_map_id) {
$stmt = $db->prepare("INSERT INTO domain_host_map (domain_id,host_id) VALUES(:domain_id, :hostObj_already_exist)"); $stmt = $db->prepare("INSERT INTO domain_host_map (domain_id,host_id) VALUES(:domain_id, :hostObj_already_exist)");
@ -1557,6 +1579,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
break; break;
} }
} }
$sth->closeCursor();
if ($host_from_this_registry) { if ($host_from_this_registry) {
if (preg_match("/\.$domainName$/i", $hostObj)) { if (preg_match("/\.$domainName$/i", $hostObj)) {
@ -1611,11 +1634,13 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt->bindParam(':hostName', $hostName, PDO::PARAM_STR); $stmt->bindParam(':hostName', $hostName, PDO::PARAM_STR);
$stmt->execute(); $stmt->execute();
$hostName_already_exist = $stmt->fetchColumn(); $hostName_already_exist = $stmt->fetchColumn();
$stmt->closeCursor();
if ($hostName_already_exist) { if ($hostName_already_exist) {
$sth = $db->prepare("SELECT domain_id FROM domain_host_map WHERE domain_id = ? AND host_id = ? LIMIT 1"); $sth = $db->prepare("SELECT domain_id FROM domain_host_map WHERE domain_id = ? AND host_id = ? LIMIT 1");
$sth->execute([$domain_id, $hostName_already_exist]); $sth->execute([$domain_id, $hostName_already_exist]);
$domain_host_map_id = $sth->fetchColumn(); $domain_host_map_id = $sth->fetchColumn();
$sth->closeCursor();
if (!$domain_host_map_id) { if (!$domain_host_map_id) {
$sth = $db->prepare("INSERT INTO domain_host_map (domain_id,host_id) VALUES(?, ?)"); $sth = $db->prepare("INSERT INTO domain_host_map (domain_id,host_id) VALUES(?, ?)");
@ -1690,6 +1715,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt->bindParam(':contact', $contact, PDO::PARAM_STR); $stmt->bindParam(':contact', $contact, PDO::PARAM_STR);
$stmt->execute(); $stmt->execute();
$contact_id = $stmt->fetchColumn(); $contact_id = $stmt->fetchColumn();
$stmt->closeCursor();
try { try {
$stmt = $db->prepare("INSERT INTO domain_contact_map (domain_id,contact_id,type) VALUES(:domain_id, :contact_id, :contact_type)"); $stmt = $db->prepare("INSERT INTO domain_contact_map (domain_id,contact_id,type) VALUES(:domain_id, :contact_id, :contact_type)");
@ -1746,6 +1772,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$sth = $db->prepare("SELECT id FROM contact WHERE identifier = ? LIMIT 1"); $sth = $db->prepare("SELECT id FROM contact WHERE identifier = ? LIMIT 1");
$sth->execute([$registrant]); $sth->execute([$registrant]);
$registrant_id = $sth->fetchColumn(); $registrant_id = $sth->fetchColumn();
$sth->closeCursor();
$sth = $db->prepare("UPDATE domain SET registrant = ?, upid = ?, lastupdate = CURRENT_TIMESTAMP(3) WHERE id = ?"); $sth = $db->prepare("UPDATE domain SET registrant = ?, upid = ?, lastupdate = CURRENT_TIMESTAMP(3) WHERE id = ?");
if (!$sth->execute([$registrant_id, $clid, $domain_id])) { if (!$sth->execute([$registrant_id, $clid, $domain_id])) {
@ -1820,6 +1847,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$sth = $db->prepare("SELECT COUNT(id) AS ids FROM domain WHERE rgpstatus = 'redemptionPeriod' AND id = ?"); $sth = $db->prepare("SELECT COUNT(id) AS ids FROM domain WHERE rgpstatus = 'redemptionPeriod' AND id = ?");
$sth->execute([$domain_id]); $sth->execute([$domain_id]);
$temp_id = $sth->fetchColumn(); $temp_id = $sth->fetchColumn();
$sth->closeCursor();
if ($temp_id == 1) { if ($temp_id == 1) {
$sth = $db->prepare("UPDATE domain SET rgpstatus = 'pendingRestore', resTime = CURRENT_TIMESTAMP(3), upid = ?, lastupdate = CURRENT_TIMESTAMP(3) WHERE id = ?"); $sth = $db->prepare("UPDATE domain SET rgpstatus = 'pendingRestore', resTime = CURRENT_TIMESTAMP(3), upid = ?, lastupdate = CURRENT_TIMESTAMP(3) WHERE id = ?");
@ -1854,11 +1882,13 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$sth = $db->prepare("SELECT COUNT(id) AS ids FROM domain WHERE rgpstatus = 'pendingRestore' AND id = ?"); $sth = $db->prepare("SELECT COUNT(id) AS ids FROM domain WHERE rgpstatus = 'pendingRestore' AND id = ?");
$sth->execute([$domain_id]); $sth->execute([$domain_id]);
$temp_id = $sth->fetchColumn(); $temp_id = $sth->fetchColumn();
$sth->closeCursor();
if ($temp_id == 1) { if ($temp_id == 1) {
$sth = $db->prepare("SELECT accountBalance,creditLimit,currency FROM registrar WHERE id = ?"); $sth = $db->prepare("SELECT accountBalance,creditLimit,currency FROM registrar WHERE id = ?");
$sth->execute([$clid]); $sth->execute([$clid]);
list($registrar_balance, $creditLimit, $currency) = $sth->fetch(); list($registrar_balance, $creditLimit, $currency) = $sth->fetch();
$sth->closeCursor();
$returnValue = getDomainPrice($db, $domainName, $row['tldid'], 12, 'renew', $clid, $currency); $returnValue = getDomainPrice($db, $domainName, $row['tldid'], 12, 'renew', $clid, $currency);
$renew_price = $returnValue['price']; $renew_price = $returnValue['price'];
@ -1873,6 +1903,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$sth = $db->prepare("SELECT exdate FROM domain WHERE id = ?"); $sth = $db->prepare("SELECT exdate FROM domain WHERE id = ?");
$sth->execute([$domain_id]); $sth->execute([$domain_id]);
$from = $sth->fetchColumn(); $from = $sth->fetchColumn();
$sth->closeCursor();
$sth = $db->prepare("UPDATE domain SET exdate = DATE_ADD(exdate, INTERVAL 12 MONTH), rgpstatus = NULL, rgpresTime = CURRENT_TIMESTAMP(3), rgppostData = ?, rgpresReason = ?, rgpstatement1 = ?, rgpstatement2 = ?, upid = ?, lastupdate = CURRENT_TIMESTAMP(3) WHERE id = ?"); $sth = $db->prepare("UPDATE domain SET exdate = DATE_ADD(exdate, INTERVAL 12 MONTH), rgpstatus = NULL, rgpresTime = CURRENT_TIMESTAMP(3), rgppostData = ?, rgpresReason = ?, rgpstatement1 = ?, rgpstatement2 = ?, upid = ?, lastupdate = CURRENT_TIMESTAMP(3) WHERE id = ?");
@ -1895,6 +1926,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT exdate FROM domain WHERE id = ?"); $stmt = $db->prepare("SELECT exdate FROM domain WHERE id = ?");
$stmt->execute([$domain_id]); $stmt->execute([$domain_id]);
$to = $stmt->fetchColumn(); $to = $stmt->fetchColumn();
$stmt->closeCursor();
$sth = $db->prepare("INSERT INTO statement (registrar_id,date,command,domain_name,length_in_months,fromS,toS,amount) VALUES(?,CURRENT_TIMESTAMP(3),?,?,?,?,?,?)"); $sth = $db->prepare("INSERT INTO statement (registrar_id,date,command,domain_name,length_in_months,fromS,toS,amount) VALUES(?,CURRENT_TIMESTAMP(3),?,?,?,?,?,?)");
$sth->execute([$clid, 'restore', $domainName, 0, $from, $from, $restore_price]); $sth->execute([$clid, 'restore', $domainName, 0, $from, $from, $restore_price]);
@ -1904,6 +1936,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$stmt = $db->prepare("SELECT id FROM statistics WHERE date = CURDATE()"); $stmt = $db->prepare("SELECT id FROM statistics WHERE date = CURDATE()");
$stmt->execute(); $stmt->execute();
$curdate_id = $stmt->fetchColumn(); $curdate_id = $stmt->fetchColumn();
$stmt->closeCursor();
if (!$curdate_id) { if (!$curdate_id) {
$db->prepare("INSERT IGNORE INTO statistics (date) VALUES(CURDATE())") $db->prepare("INSERT IGNORE INTO statistics (date) VALUES(CURDATE())")

1
epp/src/helpers.php
View file

@ -647,6 +647,7 @@ function updatePermittedIPs($pool, $permittedIPsTable) {
$query = "SELECT addr FROM registrar_whitelist"; $query = "SELECT addr FROM registrar_whitelist";
$stmt = $pdo->query($query); $stmt = $pdo->query($query);
$permittedIPs = $stmt->fetchAll(PDO::FETCH_COLUMN, 0); $permittedIPs = $stmt->fetchAll(PDO::FETCH_COLUMN, 0);
$stmt->closeCursor();
$pool->put($pdo); $pool->put($pdo);
// Manually clear the table by removing each entry // Manually clear the table by removing each entry

20
epp/start_epp.php
View file

@ -101,13 +101,15 @@ $server->handle(function (Connection $conn) use ($table, $pool, $c, $log, $permi
// Get a PDO connection from the pool // Get a PDO connection from the pool
$pdo = $pool->get(); $pdo = $pool->get();
if (!$pdo) { if (!$pdo) {
throw new PDOException("Failed to retrieve a connection from Swoole PDOPool."); $conn->close();
break;
} }
$data = $conn->recv(); $data = $conn->recv();
$connId = spl_object_id($conn); $connId = spl_object_id($conn);
if ($data === false || strlen($data) < 4) { if ($data === false || strlen($data) < 4) {
sendEppError($conn, $pdo, 2000, 'Data reception error'); sendEppError($conn, $pdo, 2000, 'Invalid or no data received');
$conn->close();
break; break;
} }
@ -120,8 +122,8 @@ $server->handle(function (Connection $conn) use ($table, $pool, $c, $log, $permi
$xml = simplexml_load_string($xmlData); $xml = simplexml_load_string($xmlData);
if ($xml === false) { if ($xml === false) {
sendEppError($conn, $pdo, 2001, 'Invalid XML'); sendEppError($conn, $pdo, 2001, 'Invalid XML syntax');
break; continue;
} }
$xml->registerXPathNamespace('e', 'urn:ietf:params:xml:ns:epp-1.0'); $xml->registerXPathNamespace('e', 'urn:ietf:params:xml:ns:epp-1.0');
@ -137,7 +139,8 @@ $server->handle(function (Connection $conn) use ($table, $pool, $c, $log, $permi
$xml->registerXPathNamespace('allocationToken', 'urn:ietf:params:xml:ns:allocationToken-1.0'); $xml->registerXPathNamespace('allocationToken', 'urn:ietf:params:xml:ns:allocationToken-1.0');
if ($xml->getName() != 'epp') { if ($xml->getName() != 'epp') {
continue; // Skip this iteration if not an EPP command sendEppError($conn, $pdo, 2001, 'Root element must be <epp>');
continue;
} }
switch (true) { switch (true) {
@ -148,7 +151,7 @@ $server->handle(function (Connection $conn) use ($table, $pool, $c, $log, $permi
$clTRID = (string) $xml->command->clTRID; $clTRID = (string) $xml->command->clTRID;
$clid = getClid($pdo, $clID); $clid = getClid($pdo, $clID);
if (!$clid) { if (!$clid) {
sendEppError($conn, $pdo, 2200, 'Authentication error', $clTRID); sendEppError($conn, $pdo, 2201, 'Unknown client identifier', $clTRID);
break; break;
} }
$xmlString = $xml->asXML(); $xmlString = $xml->asXML();
@ -210,7 +213,7 @@ $server->handle(function (Connection $conn) use ($table, $pool, $c, $log, $permi
} }
break; break;
} }
case isset($xml->command->logout): case isset($xml->command->logout):
{ {
$data = $table->get($connId); $data = $table->get($connId);
@ -591,17 +594,20 @@ $server->handle(function (Connection $conn) use ($table, $pool, $c, $log, $permi
$log->error('Failed to reconnect to DB: ' . $e2->getMessage()); $log->error('Failed to reconnect to DB: ' . $e2->getMessage());
sendEppError($conn, null, 2500, 'Error connecting to the EPP database'); sendEppError($conn, null, 2500, 'Error connecting to the EPP database');
$conn->close(); $conn->close();
break;
} }
} else { } else {
// Non-connection errors (e.g. syntax error, constraint violation) => no reconnect attempt // Non-connection errors (e.g. syntax error, constraint violation) => no reconnect attempt
sendEppError($conn, $pdo, 2500, 'DB error: ' . $e->getMessage()); sendEppError($conn, $pdo, 2500, 'DB error: ' . $e->getMessage());
$conn->close(); $conn->close();
break;
} }
} catch (Throwable $e) { } catch (Throwable $e) {
// Catch any other exceptions or errors // Catch any other exceptions or errors
$log->error('General Error: ' . $e->getMessage()); $log->error('General Error: ' . $e->getMessage());
sendEppError($conn, $pdo, 2500, 'General error'); sendEppError($conn, $pdo, 2500, 'General error');
$conn->close(); $conn->close();
break;
} finally { } finally {
// Return the connection to the pool // Return the connection to the pool
$pool->put($pdo); $pool->put($pdo);