From dd17c0b873485d9ab30a9f7d332a98a8d3f583f4 Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Sun, 31 Dec 2023 14:46:18 +0200 Subject: [PATCH] Fixed #58; also other minor bugs removed --- cp/app/Controllers/DomainsController.php | 51 +++++++++++++++---- cp/bootstrap/helper.php | 2 +- .../views/admin/domains/createDomain.twig | 6 +++ .../views/admin/domains/requestTransfer.twig | 5 ++ epp/src/epp-check.php | 3 +- epp/src/epp-create.php | 3 +- epp/src/epp-transfer.php | 3 +- epp/src/helpers.php | 2 +- 8 files changed, 61 insertions(+), 14 deletions(-) diff --git a/cp/app/Controllers/DomainsController.php b/cp/app/Controllers/DomainsController.php index 39c9920..f53c782 100644 --- a/cp/app/Controllers/DomainsController.php +++ b/cp/app/Controllers/DomainsController.php @@ -57,8 +57,20 @@ class DomainsController extends Controller $domain_already_reserved = $this->container->get('db')->selectRow('SELECT id,type FROM reserved_domain_names WHERE name = ? LIMIT 1',[$parts['domain']]); if ($domain_already_reserved) { - $this->container->get('flash')->addMessage('info', 'Domain ' . $domainName . ' is not available, as it is ' . $domain_already_reserved['type'] . '!'); - return $response->withHeader('Location', '/domain/check')->withStatus(302); + if ($token !== null && $token !== '') { + $allocation_token = $this->container->get('db')->selectValue('SELECT token FROM allocation_tokens WHERE domain_name = ? AND token = ?',[$domainName,$token]); + + if ($allocation_token) { + $this->container->get('flash')->addMessage('success', 'Domain ' . $domainName . ' is available!
Allocation token valid'); + return $response->withHeader('Location', '/domain/check')->withStatus(302); + } else { + $this->container->get('flash')->addMessage('error', 'Domain ' . $domainName . ' is not available: Allocation Token mismatch'); + return $response->withHeader('Location', '/domain/check')->withStatus(302); + } + } else { + $this->container->get('flash')->addMessage('info', 'Domain ' . $domainName . ' is not available, as it is ' . $domain_already_reserved['type'] . '!'); + return $response->withHeader('Location', '/domain/check')->withStatus(302); + } } else { if ($claim == 1) { $this->container->get('flash')->addMessage('success', 'Domain ' . $domainName . ' is available!
Claim exists.
Claim key is: ' . $claim_key); @@ -108,6 +120,8 @@ class DomainsController extends Controller $phaseType = $data['phaseType'] ?? 'none'; $smd = $data['smd'] ?? null; + + $token = $data['token'] ?? null; $nameservers = !empty($data['nameserver']) ? $data['nameserver'] : null; $nameserver_ipv4 = !empty($data['nameserver_ipv4']) ? $data['nameserver_ipv4'] : null; @@ -259,13 +273,22 @@ class DomainsController extends Controller ); if ($domain_already_reserved) { - return view($response, 'admin/domains/createDomain.twig', [ - 'domainName' => $domainName, - 'error' => 'Domain name is reserved or restricted', - 'registrars' => $registrars, - 'registrar' => $registrar, - 'launch_phases' => $launch_phases - ]); + if ($token !== null && $token !== '') { + $allocation_token = $db->selectValue('SELECT token FROM allocation_tokens WHERE domain_name = ? AND token = ?',[$domainName,$token]); + + if (!$allocation_token) { + $this->container->get('flash')->addMessage('error', 'Domain ' . $domainName . ' is not available: Allocation Token mismatch'); + return $response->withHeader('Location', '/domain/create')->withStatus(302); + } + } else { + return view($response, 'admin/domains/createDomain.twig', [ + 'domainName' => $domainName, + 'error' => 'Domain name is reserved or restricted', + 'registrars' => $registrars, + 'registrar' => $registrar, + 'launch_phases' => $launch_phases + ]); + } } if ($registrationYears && (($registrationYears < 1) || ($registrationYears > 10))) { @@ -2347,6 +2370,7 @@ class DomainsController extends Controller $domain_id = $domain['id']; $tldid = $domain['tldid']; $registrar_id_domain = $domain['clid']; + $token = $data['token'] ?? null; if (!$domain_id) { $this->container->get('flash')->addMessage('error', 'Domain does not exist in registry'); @@ -2428,6 +2452,15 @@ class DomainsController extends Controller return $response->withHeader('Location', '/transfer/request')->withStatus(302); } + if ($token !== null && $token !== '') { + $allocation_token = $db->selectValue('SELECT token FROM allocation_tokens WHERE domain_name = ? AND token = ?',[$domainName,$token]); + + if (!$allocation_token) { + $this->container->get('flash')->addMessage('error', 'Domain ' . $domainName . ' can not be transferred: Allocation Token mismatch'); + return $response->withHeader('Location', '/transfer/request')->withStatus(302); + } + } + $domain = $db->selectRow('SELECT id, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate FROM domain WHERE name = ? LIMIT 1', [ $domainName ]); diff --git a/cp/bootstrap/helper.php b/cp/bootstrap/helper.php index ad9d8e6..cf4fde0 100644 --- a/cp/bootstrap/helper.php +++ b/cp/bootstrap/helper.php @@ -300,7 +300,7 @@ function extractDomainAndTLD($urlString) { foreach ($testTlds as $testTld) { if (str_ends_with($host, "$testTld")) { // Handle the test TLD case - $tldLength = strlen($testTld) + 1; // +1 for the dot + $tldLength = strlen($testTld); // No +1 for the dot $hostWithoutTld = substr($host, 0, -$tldLength); $hostParts = explode('.', $hostWithoutTld); $sld = array_pop($hostParts); diff --git a/cp/resources/views/admin/domains/createDomain.twig b/cp/resources/views/admin/domains/createDomain.twig index a0a66f8..e152f84 100644 --- a/cp/resources/views/admin/domains/createDomain.twig +++ b/cp/resources/views/admin/domains/createDomain.twig @@ -24,6 +24,7 @@
+ {% include 'partials/flash.twig' %} {% if domainName is defined and crdate is defined %}
diff --git a/cp/resources/views/admin/domains/requestTransfer.twig b/cp/resources/views/admin/domains/requestTransfer.twig index a63a418..0110918 100644 --- a/cp/resources/views/admin/domains/requestTransfer.twig +++ b/cp/resources/views/admin/domains/requestTransfer.twig @@ -63,6 +63,11 @@ {{ __('Estimated Price') }}: $0.00
+
+ + +
+
diff --git a/epp/src/epp-check.php b/epp/src/epp-check.php index c309f06..2193391 100644 --- a/epp/src/epp-check.php +++ b/epp/src/epp-check.php @@ -266,8 +266,9 @@ function processDomainCheck($conn, $db, $xml, $trans) { if ($allocation_token !== null) { $allocationTokenValue = (string)$allocation_token; - $stmt = $db->prepare("SELECT token FROM allocation_tokens WHERE domain_name = :domainName LIMIT 1"); + $stmt = $db->prepare("SELECT token FROM allocation_tokens WHERE domain_name = :domainName AND token = :token LIMIT 1"); $stmt->bindParam(':domainName', $label, PDO::PARAM_STR); + $stmt->bindParam(':token', $allocationTokenValue, PDO::PARAM_STR); $stmt->execute(); $token = $stmt->fetchColumn(); diff --git a/epp/src/epp-create.php b/epp/src/epp-create.php index 7471795..a1f0cdf 100644 --- a/epp/src/epp-create.php +++ b/epp/src/epp-create.php @@ -625,8 +625,9 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans) { if ($allocation_token !== null) { $allocationTokenValue = (string)$allocation_token; - $stmt = $db->prepare("SELECT token FROM allocation_tokens WHERE domain_name = :domainName LIMIT 1"); + $stmt = $db->prepare("SELECT token FROM allocation_tokens WHERE domain_name = :domainName AND token = :token LIMIT 1"); $stmt->bindParam(':domainName', $label, PDO::PARAM_STR); + $stmt->bindParam(':token', $allocationTokenValue, PDO::PARAM_STR); $stmt->execute(); $token = $stmt->fetchColumn(); diff --git a/epp/src/epp-transfer.php b/epp/src/epp-transfer.php index 926c109..7589b5a 100644 --- a/epp/src/epp-transfer.php +++ b/epp/src/epp-transfer.php @@ -756,8 +756,9 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans) if ($allocation_token !== null) { $allocationTokenValue = (string)$allocation_token; - $stmt = $db->prepare("SELECT token FROM allocation_tokens WHERE domain_name = :domainName LIMIT 1"); + $stmt = $db->prepare("SELECT token FROM allocation_tokens WHERE domain_name = :domainName AND token = :token LIMIT 1"); $stmt->bindParam(':domainName', $domainName, PDO::PARAM_STR); + $stmt->bindParam(':token', $allocationTokenValue, PDO::PARAM_STR); $stmt->execute(); $token = $stmt->fetchColumn(); diff --git a/epp/src/helpers.php b/epp/src/helpers.php index fec471b..562a803 100644 --- a/epp/src/helpers.php +++ b/epp/src/helpers.php @@ -257,7 +257,7 @@ function extractDomainAndTLD($urlString) { foreach ($testTlds as $testTld) { if (str_ends_with($host, "$testTld")) { // Handle the test TLD case - $tldLength = strlen($testTld) + 1; // +1 for the dot + $tldLength = strlen($testTld); // No +1 for the dot $hostWithoutTld = substr($host, 0, -$tldLength); $hostParts = explode('.', $hostWithoutTld); $sld = array_pop($hostParts);