Untitled

<?php
/* A script to sanitize the input for IP, subdomain, domain, login, and pass */

$ip = $_POST['ip'];  //  Gets the vars from the URL. .../script.php?ip=
$sub = $_POST['sub'];
$domain = $_POST['domain'];
$type = $_POST['type'];
$login = $_POST['login'];
$pass = $_POST['pass'];  // Never stores an unencrypted password.
$reload = $_POST['reload'];

if ( $reload ) {
$output = exec("/sbin/updatezone");
echo "$output\n";
} else {
// Verify IP addy
try{
  if ( $type == "A" ) { if (preg_match('/^(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:[.](?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}$/', $ip)) {
    // Ip addy is good
  }
  else
    throw new exception('IP address is not valid.');
}}
catch (exception $e){
  echo $e->getMessage();
}


// Verify subdomain

#echo "$ip\n$sub\n$domain\n$type\n$login\n$pass\n";

$db = mysql_connect(localhost, root, mik3json);
$database = mysql_select_db("system", $db);
$query = mysql_query("SELECT password,uid FROM users WHERE username='$login'", $db);
$row = mysql_fetch_array($query);

if ( $pass != $row['password'] ) {
	die("login failed\n");
} else {
	#echo "User verified\n";
}

$uid = $row['uid'];

#echo $uid. "\n";

$query = mysql_query("SELECT domain,master_domain FROM domains WHERE uid='$uid'", $db);

while ( $row = mysql_fetch_array($query) ) {

#echo $row['master_domain'];

$query2 = mysql_query("SELECT Domain FROM master_domains WHERE ID='{$row['master_domain']}'", $db);
$row2 = mysql_fetch_array($query2);

$domain2 = $row['domain'].".". $row2['Domain'];

$fqdn = $sub.".".$domain;

#echo $fqdn."\n";
#echo $row['domain']. "\n";

if ( $fqdn == $domain2 ) {
$allow = "1";
}
}

if ( ! $allow ) {
	die($fqdn." cannot be modified by ".$login."\n"); }
elseif ( $allow == "1" ) {
	#echo $login." is permitted to modify ".$fqdn."\n";

	$output = exec("/sbin/update $ip $domain $sub $type");
	echo "$output\n";
}
}
?>