diff --git a/cp/app/Controllers/RegistrarsController.php b/cp/app/Controllers/RegistrarsController.php index 2a44ed5..7958216 100644 --- a/cp/app/Controllers/RegistrarsController.php +++ b/cp/app/Controllers/RegistrarsController.php @@ -340,10 +340,13 @@ class RegistrarsController extends Controller [ $registrar['id'] ]); $registrarOte = $db->select('SELECT * FROM registrar_ote WHERE registrar_id = ? ORDER by command', [ $registrar['id'] ]); - $registrarUsers = $db->selectRow('SELECT user_id FROM registrar_users WHERE registrar_id = ?', - [ $registrar['id'] ]); - $userEmail = $db->selectRow('SELECT email FROM users WHERE id = ?', - [ $registrarUsers['user_id'] ]); + $userEmail = $db->selectRow( + 'SELECT u.email + FROM registrar_users ru + JOIN users u ON ru.user_id = u.id + WHERE ru.registrar_id = ? AND u.roles_mask = ?', + [$registrar['id'], 4] + ); $registrarWhitelist = $db->select('SELECT addr FROM registrar_whitelist WHERE registrar_id = ?', [ $registrar['id'] ]); // Check if RegistrarOTE is not empty @@ -400,10 +403,13 @@ class RegistrarsController extends Controller [ $registrar['id'] ]); $registrarOte = $db->select('SELECT * FROM registrar_ote WHERE registrar_id = ? ORDER by command', [ $registrar['id'] ]); - $registrarUsers = $db->selectRow('SELECT user_id FROM registrar_users WHERE registrar_id = ?', - [ $registrar['id'] ]); - $userEmail = $db->selectRow('SELECT email FROM users WHERE id = ?', - [ $registrarUsers['user_id'] ]); + $userEmail = $db->selectRow( + 'SELECT u.email + FROM registrar_users ru + JOIN users u ON ru.user_id = u.id + WHERE ru.registrar_id = ? AND u.roles_mask = ?', + [$registrar['id'], 4] + ); $registrarWhitelist = $db->select('SELECT addr FROM registrar_whitelist WHERE registrar_id = ?', [ $registrar['id'] ]); // Check if RegistrarOTE is not empty @@ -471,10 +477,13 @@ class RegistrarsController extends Controller [ $registrar['id'] ]); $registrarOte = $db->select("SELECT * FROM registrar_ote WHERE registrar_id = ?", [ $registrar['id'] ]); - $user_id = $db->selectValue("SELECT user_id FROM registrar_users WHERE registrar_id = ?", - [ $registrar['id'] ]); - $user = $db->selectRow("SELECT email FROM users WHERE id = ?", - [ $user_id ]); + $user = $db->selectRow( + 'SELECT u.email + FROM registrar_users ru + JOIN users u ON ru.user_id = u.id + WHERE ru.registrar_id = ? AND u.roles_mask = ?', + [$registrar['id'], 4] + ); $whitelist = $db->select("SELECT * FROM registrar_whitelist WHERE registrar_id = ?", [ $registrar['id'] ]); // Check if RegistrarOTE is not empty @@ -1030,10 +1039,13 @@ class RegistrarsController extends Controller [ $registrar['id'] ]); $registrarOte = $db->select("SELECT * FROM registrar_ote WHERE registrar_id = ?", [ $registrar['id'] ]); - $user_id = $db->selectValue("SELECT user_id FROM registrar_users WHERE registrar_id = ?", - [ $registrar['id'] ]); - $user = $db->selectRow("SELECT email FROM users WHERE id = ?", - [ $user_id ]); + $user = $db->selectRow( + 'SELECT u.email + FROM registrar_users ru + JOIN users u ON ru.user_id = u.id + WHERE ru.registrar_id = ? AND u.roles_mask = ?', + [$registrar['id'], 4] + ); $whitelist = $db->select("SELECT * FROM registrar_whitelist WHERE registrar_id = ?", [ $registrar['id'] ]); // Check if RegistrarOTE is not empty diff --git a/epp/src/epp-create.php b/epp/src/epp-create.php index 1cee527..cb5f9d2 100644 --- a/epp/src/epp-create.php +++ b/epp/src/epp-create.php @@ -886,7 +886,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m return; } - $ns = $xml->xpath('//domain:ns')[0]; + $ns = $xml->xpath('//domain:ns')[0] ?? null; $hostObj_list = null; $hostAttr_list = null; @@ -1144,9 +1144,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m } } else { // External host - if (preg_match('/^([A-Z0-9]([A-Z0-9-]{0,61}[A-Z0-9]){0,1}\.){1,125}[A-Z0-9]([A-Z0-9-]{0,61}[A-Z0-9])$/i', $hostName) && strlen($hostName) < 254) { - - } else { + if (!validateHostName($hostName)) { sendEppError($conn, $db, 2005, 'Invalid domain:hostName', $clTRID, $trans); return; } @@ -1456,7 +1454,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m ':price' => $price ]); - if ($hostObj_list !== null && is_array($hostObj_list)) { + if (!empty($hostObj_list) && is_array($hostObj_list)) { foreach ($hostObj_list as $node) { $hostObj = strtoupper((string)$node); @@ -1513,52 +1511,64 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m } } - if ($hostAttr_list !== null && is_array($hostAttr_list)) { - foreach ($hostAttr_list as $element) { - foreach ($element->children() as $node) { - $hostName = strtoupper($node->xpath('//domain:hostName')[0]); - $stmt = $db->prepare("SELECT id FROM host WHERE name = ? LIMIT 1"); - $stmt->execute([$hostName]); - $hostName_already_exist = $stmt->fetchColumn(); - - if ($hostName_already_exist) { - $stmt = $db->prepare("SELECT domain_id FROM domain_host_map WHERE domain_id = ? AND host_id = ? LIMIT 1"); + if (!empty($hostAttr_list) && is_array($hostAttr_list)) { + foreach ($hostAttr_list as $node) { + // Extract the hostName + $hostName = strtoupper((string)$node->xpath('./domain:hostName')[0] ?? ''); + if (empty($hostName)) { + continue; // Skip if no hostName found + } + + // Check if the host already exists + $stmt = $db->prepare("SELECT id FROM host WHERE name = ? LIMIT 1"); + $stmt->execute([$hostName]); + $hostName_already_exist = $stmt->fetchColumn(); + + if ($hostName_already_exist) { + // Check if the host is already mapped to this domain + $stmt = $db->prepare("SELECT domain_id FROM domain_host_map WHERE domain_id = ? AND host_id = ? LIMIT 1"); + $stmt->execute([$domain_id, $hostName_already_exist]); + $domain_host_map_id = $stmt->fetchColumn(); + + if (!$domain_host_map_id) { + // Map the host to the domain + $stmt = $db->prepare("INSERT INTO domain_host_map (domain_id,host_id) VALUES (?, ?)"); $stmt->execute([$domain_id, $hostName_already_exist]); - $domain_host_map_id = $stmt->fetchColumn(); - - if (!$domain_host_map_id) { - $stmt = $db->prepare("INSERT INTO domain_host_map (domain_id,host_id) VALUES(?,?)"); - $stmt->execute([$domain_id, $hostName_already_exist]); - } else { - $stmt = $db->prepare("INSERT INTO error_log (registrar_id,log,date) VALUES(?, ?, CURRENT_TIMESTAMP(3))"); - $stmt->execute([$clid, "Domain : $domainName ; hostName : $hostName - se dubleaza"]); - } } else { - $stmt = $db->prepare("INSERT INTO host (name,domain_id,clid,crid,crdate) VALUES(?, ?, ?, ?, CURRENT_TIMESTAMP(3))"); - $stmt->execute([$hostName, $domain_id, $clid, $clid]); - $host_id = $db->lastInsertId(); + // Log duplicate mapping error + $stmt = $db->prepare("INSERT INTO error_log (registrar_id, log, date) VALUES (?, ?, CURRENT_TIMESTAMP(3))"); + $stmt->execute([$clid, "Domain: $domainName ; hostName: $hostName - duplicate mapping"]); + } + } else { + // Insert a new host + $stmt = $db->prepare("INSERT INTO host (name, domain_id, clid, crid, crdate) VALUES (?, ?, ?, ?, CURRENT_TIMESTAMP(3))"); + $stmt->execute([$hostName, $domain_id, $clid, $clid]); + $host_id = $db->lastInsertId(); - $stmt = $db->prepare("INSERT INTO domain_host_map (domain_id,host_id) VALUES(?,?)"); - $stmt->execute([$domain_id, $host_id]); + // Map the new host to the domain + $stmt = $db->prepare("INSERT INTO domain_host_map (domain_id, host_id) VALUES (?, ?)"); + $stmt->execute([$domain_id, $host_id]); - foreach ($node->xpath('//domain:hostAddr') as $nodeAddr) { - $hostAddr = (string)$nodeAddr; - $addr_type = $nodeAddr->attributes()->ip ?? 'v4'; + // Process and insert host addresses + foreach ($node->xpath('./domain:hostAddr') as $nodeAddr) { + $hostAddr = (string)$nodeAddr; + $addr_type = (string)($nodeAddr->attributes()->ip ?? 'v4'); - if ($addr_type == 'v6') { - $hostAddr = normalize_v6_address($hostAddr); - } else { - $hostAddr = normalize_v4_address($hostAddr); - } - - $stmt = $db->prepare("INSERT INTO host_addr (host_id,addr,ip) VALUES(?,?,?)"); - $stmt->execute([$host_id, $hostAddr, $addr_type]); + // Normalize the address + if ($addr_type === 'v6') { + $hostAddr = normalize_v6_address($hostAddr); + } else { + $hostAddr = normalize_v4_address($hostAddr); } + + // Insert the address into host_addr table + $stmt = $db->prepare("INSERT INTO host_addr (host_id, addr, ip) VALUES (?, ?, ?)"); + $stmt->execute([$host_id, $hostAddr, $addr_type]); } } } } - + $contact_admin_list = $xml->xpath("//domain:contact[@type='admin']"); $contact_billing_list = $xml->xpath("//domain:contact[@type='billing']"); $contact_tech_list = $xml->xpath("//domain:contact[@type='tech']"); diff --git a/epp/src/helpers.php b/epp/src/helpers.php index 0212b4e..067b580 100644 --- a/epp/src/helpers.php +++ b/epp/src/helpers.php @@ -685,4 +685,29 @@ function validateLocField($input, $minLength = 5, $maxLength = 255) { return mb_strlen($input) >= $minLength && mb_strlen($input) <= $maxLength && preg_match($locRegex, $input); +} + +/** + * Validates a hostname or domain name. + * + * @param string $hostName + * @return bool + */ +function validateHostName(string $hostName): bool +{ + // Ensure length is under 254 characters + if (strlen($hostName) >= 254) { + return false; + } + + // Use filter_var to validate domain/hostnames + if (!filter_var($hostName, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) { + return false; + } + + // Optional: regex for stricter validation (if needed) + return preg_match( + '/^([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$/', + $hostName + ); } \ No newline at end of file