auth->check_module_permissions('dns');
// Loading classes
$app->uses('tpl,tform,tform_actions,validate_dns');
$app->load('tform_actions');
class page_action extends tform_actions {
function onShowNew() {
global $app, $conf;
// we will check only users, not admins
if($_SESSION["s"]["user"]["typ"] == 'user') {
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($client["limit_dns_record"] >= 0) {
$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_record"]) {
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
}
}
}
parent::onShowNew();
}
function onShowEnd() {
global $app, $conf;
$zone = $app->functions->intval($_GET['zone']);
// get domain-name
$sql = "SELECT * FROM dns_soa WHERE id = ? AND ?";
$rec = $app->db->queryOneRecord($sql, $zone, $app->tform->getAuthSQL('r'));
$domain_name = rtrim($rec['origin'], '.');
// set defaults
$dmarc_policy = 'none';
$dmarc_adkim = 'r';
$dmarc_aspf = 'r';
$dmarc_rf = 'afrf';
$dmarc_pct = 100;
$dmarc_ri = 86400;
$dmarc_sp = 'same';
//* check for an existing dmarc-record
$sql = "SELECT data, active FROM dns_rr WHERE data LIKE 'v=DMARC1%' AND zone = ? AND name = ? AND ?";
$rec = $app->db->queryOneRecord($sql, $zone, '_dmarc.'.$domain_name.'.', $app->tform->getAuthSQL('r'));
if ( isset($rec) && !empty($rec) ) {
$this->id = 1;
$old_data = strtolower($rec['data']);
$app->tpl->setVar("data", $old_data);
if ($rec['active'] == 'Y') $app->tpl->setVar("active", "CHECKED");
$dmarc_rua = '';
$dmarc_ruf = '';
$dmac_rf = '';
$dmac_rua = '';
$dmac_ruf = '';
// browse through data
$temp = explode('; ', $old_data);
foreach ($temp as $part) {
if (preg_match("/^p=/", $part)) $dmarc_policy = str_replace('p=', '', $part);
if (preg_match("/^rua=/", $part)) {
$dmarc_rua = str_replace(array('rua=','mailto:'), '', $part).' ';
$dmarc_rua = str_replace(',', ' ', $dmarc_rua);
}
if (preg_match("/^ruf=/", $part)) {
$dmarc_ruf = str_replace(array('ruf=','mailto:'), '', $part).' ';
$dmarc_ruf = str_replace(',', ' ', $dmarc_ruf);
}
if (preg_match("/^fo=/", $part)) $dmarc_fo = str_replace('fo=', '', $part);
if (preg_match("/^adkim=/", $part)) $dmarc_adkim = str_replace('adkim=', '', $part);
if (preg_match("/^aspf=/", $part)) $dmarc_aspf = str_replace('aspf=', '', $part);
if (preg_match("/^rf=/", $part)) $dmarc_rf = str_replace('rf=', '', $part);
if (preg_match("/^(afrf:iodef|iodef:afrf)$/s", $dmarc_rf)) $dmarc_rf = str_replace(':', ' ', $dmarc_rf);
if (preg_match("/^pct=/", $part)) $dmarc_pct = str_replace('pct=', '', $part);
if (preg_match("/^ri=/", $part)) $dmarc_ri = str_replace('ri=', '', $part);
}
}
//set html-values
$app->tpl->setVar('domain', $domain_name);
//create dmarc-policy-list
$dmarc_policy_value = array(
'none' => 'dmarc_policy_none_txt',
'quarantine' => 'dmarc_policy_quarantine_txt',
'reject' => 'dmarc_policy_reject_txt',
);
$dmarc_policy_list='';
foreach($dmarc_policy_value as $value => $txt) {
$selected = @($dmarc_policy == $value)?' selected':'';
$dmarc_policy_list .= "\r\n";
}
$app->tpl->setVar('dmarc_policy', $dmarc_policy_list);
if (!empty($dmarc_rua)) $app->tpl->setVar("dmarc_rua", $dmarc_rua);
if (!empty($dmarc_ruf)) $app->tpl->setVar("dmarc_ruf", $dmarc_ruf);
//set dmarc-fo-options
if (isset($dmarc_fo)) {
$temp = explode(':', $dmarc_fo);
foreach ($temp as $fo => $value) $app->tpl->setVar("dmarc_fo".$value, 'CHECKED');
} else
$app->tpl->setVar("dmarc_fo0", 'CHECKED');
unset($temp);
//create dmarc-adkim-list
$dmarc_adkim_value = array(
'r' => 'dmarc_adkim_r_txt',
's' => 'dmarc_adkim_s_txt',
);
$dmarc_adkim_list='';
foreach($dmarc_adkim_value as $value => $txt) {
$selected = @($dmarc_adkim == $value)?' selected':'';
$dmarc_adkim_list .= "\r\n";
}
$app->tpl->setVar('dmarc_adkim', $dmarc_adkim_list);
//create dmarc-aspf-list
$dmarc_aspf_value = array(
'r' => 'dmarc_aspf_r_txt',
's' => 'dmarc_aspf_s_txt',
);
$dmarc_aspf_list='';
foreach($dmarc_aspf_value as $value => $txt) {
$selected = @($dmarc_aspf == $value)?' selected':'';
$dmarc_aspf_list .= "\r\n";
}
$app->tpl->setVar('dmarc_aspf', $dmarc_aspf_list);
if ( strpos($dmarc_rf, 'afrf') !== false ) $app->tpl->setVar("dmarc_rf_afrf", 'CHECKED');
if ( strpos($dmarc_rf, 'iodef') !== false ) $app->tpl->setVar("dmarc_rf_iodef", 'CHECKED');
$app->tpl->setVar("dmarc_pct", $dmarc_pct);
$app->tpl->setVar("dmarc_ri", $dmarc_ri);
//create dmarc-sp-list
$dmarc_sp_value = array(
'same' => 'dmarc_sp_same_txt',
'none' => 'dmarc_sp_none_txt',
'quarantine' => 'dmarc_sp_quarantine_txt',
'reject' => 'dmarc_sp_reject_txt',
);
$dmarc_sp_list='';
foreach($dmarc_sp_value as $value => $txt) {
$selected = @($dmarc_sp == $value)?' selected':'';
$dmarc_sp_list .= "\r\n";
}
$app->tpl->setVar('dmarc_sp', $dmarc_sp_list);
parent::onShowEnd();
}
function onSubmit() {
global $app, $conf;
// Get the parent soa record of the domain
$soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND ?", $_POST['zone'], $app->tform->getAuthSQL('r'));
// Check if Domain belongs to user
if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
// Check the client limits, if user is not the admin
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another mailbox.
if($this->id == 0 && $client["limit_dns_record"] >= 0) {
$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_dns_record"]) {
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
}
}
} // end if user is not admin
$domain_name = rtrim($soa['origin'], '.');
// DMARC requieres at least one active dkim-record...
$sql = "SELECT * FROM dns_rr WHERE name LIKE ? AND type='TXT' AND data like 'v=DKIM1;%' AND active='Y'";
$temp = $app->db->queryAllRecords($sql, '%._domainkey.'.$domain_name.'.');
if (empty($temp)) {
if (isset($app->tform->errorMessage )) $app->tform->errorMessage = ' ' . $app->tform->errorMessage;
$app->tform->errorMessage .= $app->tform->wordbook['dmarc_no_dkim_txt'].$email;
}
// ... and an active spf-record (this breaks the current draft but DMARC is useless if you use DKIM or SPF
$sql = "SELECT * FROM dns_rr WHERE name LIKE ? AND type='TXT' AND (data LIKE 'v=spf1%' AND active = 'y')";
$temp = $app->db->queryAllRecords($sql, $domain_name.'.');
// abort if more than 1 active spf-records (backward-compatibility)
if (is_array($temp[1])) {
if (isset($app->tform->errorMessage )) $app->tform->errorMessage = ' ' . $app->tform->errorMessage;
$app->tform->errorMessage .= $app->tform->wordbook['dmarc_more_spf_txt'];
}
if (empty($temp)) {
if (isset($app->tform->errorMessage )) $app->tform->errorMessage = ' ' . $app->tform->errorMessage;
$app->tform->errorMessage .= $app->tform->wordbook['dmarc_no_spf_txt'];
}
unset($temp);
//validate dmarc_pct
$this->dataRecord['dmarc_pct'] = $app->functions->intval($this->dataRecord['dmarc_pct']);
if ($this->dataRecord['dmarc_pct'] < 0) $this->dataRecord['dmarc_pct'] = 0;
if ($this->dataRecord['dmarc_pct'] > 100) $this->dataRecord['dmarc_pct'] = 100;
//create dmarc-record
$dmarc_record[] = 'p='.$this->dataRecord['dmarc_policy'];
if (!empty($this->dataRecord['dmarc_rua'])) {
$dmarc_rua = explode(' ', $this->dataRecord['dmarc_rua']);
$dmarc_rua = array_filter($dmarc_rua);
foreach ($dmarc_rua as $rec) {
if (!filter_var($rec, FILTER_VALIDATE_EMAIL)) {
if (isset($app->tform->errorMessage )) $app->tform->errorMessage = ' ' . $app->tform->errorMessage;
$app->tform->errorMessage .= $app->tform->wordbook['dmarc_invalid_email_txt'].': '.$dmarc_rua;
} else {
$temp .= 'mailto:'.$rec.',';
}
}
$dmarc_record[] = 'rua='.rtrim($temp, ',');
unset ($dmarc_rua);
unset($temp);
}
if (!empty($this->dataRecord['dmarc_ruf'])) {
$dmarc_ruf = explode(' ', $this->dataRecord['dmarc_ruf']);
$dmarc_ruf = array_filter($dmarc_ruf);
foreach ($dmarc_ruf as $rec) {
if (!filter_var($rec, FILTER_VALIDATE_EMAIL)) {
if (isset($app->tform->errorMessage )) $app->tform->errorMessage = ' ' . $app->tform->errorMessage;
$app->tform->errorMessage .= $app->tform->wordbook['dmarc_invalid_email_txt'].': '.$dmarc_rua;
} else {
$temp .= 'mailto:'.$rec.',';
}
}
$dmarc_record[] = 'ruf='.rtrim($temp, ',');
unset ($dmarc_ruf);
unset($temp);
}
$fo_rec = '';
if (isset($this->dataRecord['dmarc_fo0'])) $fo_rec[] = '0';
if (isset($this->dataRecord['dmarc_fo1'])) $fo_rec[] = '1';
if (isset($this->dataRecord['dmarc_fod'])) $fo_rec[] = 'd';
if (isset($this->dataRecord['dmarc_fos'])) $fo_rec[] = 's';
if (is_array($fo_rec) && !empty($fo_rec)) {
$rec = 'fo='.implode(':', $fo_rec);
if ($rec != 'fo=0') $dmarc_record[] = 'fo='.implode(':', $fo_rec);
unset($rec);
}
if ($this->dataRecord['dmarc_adkim'] != 'r' )
$dmarc_record[] = 'adkim='.$this->dataRecord['dmarc_adkim'];
if ($this->dataRecord['dmarc_aspf'] != 'r' )
$dmarc_record[] = 'aspf='.$this->dataRecord['dmarc_aspf'];
if (isset($this->dataRecord['dmarc_rf_afrf']) && isset($this->dataRecord['dmarc_rf_iodef']))
$dmarc_record[] = 'rf=afrf:iodef';
else {
if (isset($this->dataRecord['dmarc_rf_iodef']))
$dmarc_record[] = 'rf=iodef';
}
unset($fo_rec);
if (!empty($this->dataRecord['dmarc_pct']) && $this->dataRecord['dmarc_pct'] != 100)
$dmarc_record[] = 'pct='.$this->dataRecord['dmarc_pct'];
if (!empty($this->dataRecord['dmarc_ri']) && $this->dataRecord['dmarc_ri'] != '86400')
$dmarc_record[] = 'ri='.$this->dataRecord['dmarc_ri'];
if (!empty($this->dataRecord['dmarc_sp']) && $this->dataRecord['dmarc_sp'] != 'same')
$dmarc_record[] = 'sp='.$this->dataRecord['dmarc_sp'];
$temp = implode('; ', $dmarc_record);
if (!empty($temp))
$this->dataRecord['data'] = 'v=DMARC1; ' . $temp;
else $app->tform->errorMessage .= $app->tform->wordbook["dmarc_empty_txt"];
$this->dataRecord['name'] = '_dmarc.' . $soa['origin'];
if (isset($this->dataRecord['active'])) $this->dataRecord['active'] = 'Y';
// Set the server ID of the rr record to the same server ID as the parent record.
$this->dataRecord["server_id"] = $soa["server_id"];
// Update the serial number and timestamp of the RR record
$soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ?", $this->id);
$this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
$this->dataRecord["stamp"] = date('Y-m-d H:i:s');
// always update an existing entry
$check=$app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ? AND type = ? AND data LIKE 'v=DMARC1%' AND name = ?", $this->dataRecord['zone'], $this->dataRecord['type'], $this->dataRecord['name']);
$this->id = $check['id'];
if (!isset($this->dataRecord['active'])) $this->dataRecord['active'] = 'N';
parent::onSubmit();
}
function onAfterInsert() {
global $app, $conf;
//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
$soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND ?", $app->functions->intval($this->dataRecord["zone"]), $app->tform->getAuthSQL('r'));
$app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
//* Update the serial number of the SOA record
$soa_id = $app->functions->intval($_POST["zone"]);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
$app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
}
function onAfterUpdate() {
global $app, $conf;
//* Update the serial number of the SOA record
$soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND ?", $app->functions->intval($this->dataRecord["zone"]), $app->tform->getAuthSQL('r'));
$soa_id = $app->functions->intval($_POST["zone"]);
$serial = $app->validate_dns->increase_serial($soa["serial"]);
$app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
}
}
$page = new page_action;
$page->onLoad();
?>