From b7b62d1c9cfabf11dd803d7ad90767c8e39f6e74 Mon Sep 17 00:00:00 2001
From: Mark Schouten <mark@tuxis.nl>
Date: Fri, 21 Nov 2014 11:13:17 +0100
Subject: [PATCH] Implement auth-autodetection

---
 includes/config.inc.php-dist | 11 +++++++++++
 index.php                    |  4 +++-
 zones.php                    | 21 +++++++++++++++++++--
 3 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/includes/config.inc.php-dist b/includes/config.inc.php-dist
index bd0c2cb..39fb343 100644
--- a/includes/config.inc.php-dist
+++ b/includes/config.inc.php-dist
@@ -7,6 +7,12 @@ $apiport = '8081';      # The port of the PowerDNS API
 $apisid  = 'localhost'; # PowerDNS's :server_id
 $allowzoneadd = FALSE;  # Allow normal users to add zones
 
+# The first versions of the PowerDNS API used the standard webserver password
+# for authentication, newer versions use an X-API-Key mechanism. NSEdit tries
+# to autodetect the method you should use, but that does affect performance.
+# For optimal performance, configure the right method.
+# (Should be 'auto', 'xapikey' or 'userpass')
+$authmethod = 'auto';
 
 # If you configure this, nsedit will try to authenticate via WeFact too.
 # Debtors will be added to the sqlitedatabase with their crypted password.
@@ -46,7 +52,12 @@ $defaults['secondaryns'] = 'unconfigured.secondaryns';  # The value of the secon
 $defaults['ttl']         = 3600;                        # Default TTL for records
 $defaults['priority']    = 0;                           # Default for priority in records
 
+$blocklogin = FALSE;
 
+if (!preg_match('/^(xapikey|userpass|auto)$/', $authmethod)) {
+    $errormsg = "The value for $authmethod is incorrect in your config";
+    $blocklogin = TRUE;
+}
 
 
 /* No need to change stuf below */
diff --git a/index.php b/index.php
index b9d9c75..25012d6 100644
--- a/index.php
+++ b/index.php
@@ -4,6 +4,8 @@ include_once('includes/config.inc.php');
 include_once('includes/session.inc.php');
 include_once('includes/misc.inc.php');
 
+global $errormsg, $blocklogin;
+
 if (isset($_GET['logout']) or isset($_POST['logout'])) {
     logout();
     header("Location: index.php");
@@ -71,7 +73,7 @@ if (!is_logged_in()) {
                 ?>
                 <tr>
                     <td></td>
-                    <td><input type="submit" name="submit" value="Log me in!"></td>
+                    <td><input type="submit" name="submit" value="Log me in!" <?php if ($blocklogin === TRUE)) { echo "disabled"; }; ?>></td>
                 </tr>
             </table>
             <input type="hidden" name="formname" value="loginform">
diff --git a/zones.php b/zones.php
index cb9b154..f7fe0b2 100644
--- a/zones.php
+++ b/zones.php
@@ -11,12 +11,29 @@ if (!is_csrf_safe()) {
 }
 
 function api_request($path, $opts = null, $type = null) {
-    global $apisid, $apiuser, $apipass, $apiip, $apiport;
+    global $apisid, $apiuser, $apipass, $apiip, $apiport, $authmethod;
 
     $url = "http://$apiip:$apiport${path}";
 
+    if ($authmethod == "auto") {
+        $ad = curl_init();
+        curl_setopt($ad, CURLOPT_HTTPHEADER, array('X-API-Key: '.$apipass));
+        curl_setopt($ad, CURLOPT_URL, "http://$apiip:$apiport/servers/localhost/statistics");
+        curl_setopt($ad, CURLOPT_RETURNTRANSFER, 1);
+        curl_exec($ad);
+        if (curl_getinfo($ad, CURLINFO_HTTP_CODE) == 401) {
+            $authmethod = 'userpass';
+        } else {
+            $authmethod = 'xapikey';
+        }
+    }
+
     $ch = curl_init();
-    curl_setopt($ch, CURLOPT_USERPWD, "$apiuser:$apipass");
+    if ($authmethod == "xapikey") {
+        curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-API-Key: '.$apipass));
+    } else {
+        curl_setopt($ch, CURLOPT_USERPWD, "$apiuser:$apipass");
+    }
     curl_setopt($ch, CURLOPT_URL, $url); 
     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
     if ($opts) {