From 262e3c76a8bc04398f8b8a8045d2a953e493e958 Mon Sep 17 00:00:00 2001
From: Mark Schouten <mark@tuxis.nl>
Date: Fri, 26 Sep 2014 13:47:52 +0200
Subject: [PATCH] Allow remote boxes to execute stuff, eventhough they don't
 really login

---
 includes/config.inc.php-dist |  5 +++++
 includes/session.inc.php     | 13 +++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/includes/config.inc.php-dist b/includes/config.inc.php-dist
index bafbcf7..4b0c551 100644
--- a/includes/config.inc.php-dist
+++ b/includes/config.inc.php-dist
@@ -13,6 +13,11 @@ $apisid  = '';      # PowerDNS's :server_id
 #$wefactapiurl = 'https://yourdomain/Pro/apiv2/api.php';
 #$wefactapikey = 'xyz';
 
+# If you want external scripts to be able to execute stuff here, add the
+# remote-ip to $adminapiips and create a $adminapikey
+#$adminapiips = array();
+#$adminapikey = 'thisshouldbequitealongstring,youknow';
+
 $authdb  = "../etc/pdns.users.sqlite3";
 
 $templates = array();
diff --git a/includes/session.inc.php b/includes/session.inc.php
index 32ce442..d383898 100644
--- a/includes/session.inc.php
+++ b/includes/session.inc.php
@@ -10,6 +10,19 @@ function is_logged_in() {
     if (isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == "true") {
         return TRUE;
     } else {
+        global $adminapikey;
+        global $adminapiips;
+
+        if (isset($adminapikey) && isset($allowedips)) {
+            if (array_search($_SERVER['REMOTE_ADDR'], $adminapiips) !== FALSE) {
+                if ($_POST['adminapikey'] == $adminapikey) {
+                    # Allow this request, fake that we're logged in.
+                    set_logged_in('admin');
+                    set_is_adminuser();
+                    return TRUE;
+                }
+            }
+        }
         return FALSE;
     }
 }