From 0b97e09bb7cdc252dff5fe09e7ec4dd35ca76f60 Mon Sep 17 00:00:00 2001
From: Bryan Seitz <Bryan_Seitz@symantec.com>
Date: Thu, 2 Apr 2015 00:20:34 +0000
Subject: [PATCH] added initial https support

---
 includes/config.inc.php-dist | 15 +++++++++------
 zones.php                    |  9 +++++++--
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/includes/config.inc.php-dist b/includes/config.inc.php-dist
index 6a4e3fd..96e0ce8 100644
--- a/includes/config.inc.php-dist
+++ b/includes/config.inc.php-dist
@@ -1,11 +1,14 @@
 <?php
 
-$apiuser = '';          # The PowerDNS API username. Leave empty for authmethod='xapikey' (see AUTHENTICATION)
-$apipass = '';          # The PowerDNS API-user password or the PowerDNS-API key (see AUTHENTICATION)
-$apiip   = '';          # The IP of the PowerDNS API
-$apiport = '8081';      # The port of the PowerDNS API
-$apisid  = 'localhost'; # PowerDNS's :server_id
-$allowzoneadd = FALSE;  # Allow normal users to add zones
+$apiuser = '';           # The PowerDNS API username. Leave empty for authmethod='xapikey' (see AUTHENTICATION)
+$apipass = '';           # The PowerDNS API-user password or the PowerDNS-API key (see AUTHENTICATION)
+$apiip   = '';           # The IP of the PowerDNS API
+$apiport = '8081';       # The port of the PowerDNS API
+$apisid  = 'localhost';  # PowerDNS's :server_id
+$apiproto      = 'http'; # http | https
+$apisslsverify = FALSE;  # Verify SSL Certificate if using https for apiproto
+$allowzoneadd  = FALSE;  # Allow normal users to add zones
+
 
 ### AUTHENTICATION ###
 # The first versions of the PowerDNS API used the standard webserver password
diff --git a/zones.php b/zones.php
index 0dd31b4..d8f6035 100644
--- a/zones.php
+++ b/zones.php
@@ -13,12 +13,17 @@ if (!is_csrf_safe()) {
 function api_request($path, $opts = null, $type = null) {
     global $apisid, $apiuser, $apipass, $apiip, $apiport, $authmethod;
 
-    $url = "http://$apiip:$apiport${path}";
+    $url = "$apiproto://$apiip:$apiport${path}";
 
     if ($authmethod == "auto") {
         $ad = curl_init();
+
+        if ( strcasecmp( $apiproto, 'https' ) == 0 ) {
+            curl_setopt($ad, CURLOPT_SSL_VERIFYPEER, $apisslverify);
+        }
+
         curl_setopt($ad, CURLOPT_HTTPHEADER, array('X-API-Key: '.$apipass));
-        curl_setopt($ad, CURLOPT_URL, "http://$apiip:$apiport/servers/localhost/statistics");
+        curl_setopt($ad, CURLOPT_URL, "$apiproto://$apiip:$apiport/servers/localhost/statistics");
         curl_setopt($ad, CURLOPT_RETURNTRANSFER, 1);
         curl_exec($ad);
         if (curl_getinfo($ad, CURLINFO_HTTP_CODE) == 401) {