Merge pull request #10 from tuxis-ie/3.4-api-auth

Implement auth-autodetection

includes/config.inc.php-dist

@@ -7,6 +7,12 @@ $apiport = '8081';      # The port of the PowerDNS API
 $apisid  = 'localhost'; # PowerDNS's :server_id
 $allowzoneadd = FALSE;  # Allow normal users to add zones
 
+# The first versions of the PowerDNS API used the standard webserver password
+# for authentication, newer versions use an X-API-Key mechanism. NSEdit tries
+# to autodetect the method you should use, but that does affect performance.
+# For optimal performance, configure the right method.
+# (Should be 'auto', 'xapikey' or 'userpass')
+$authmethod = 'auto';
 
 # If you configure this, nsedit will try to authenticate via WeFact too.
 # Debtors will be added to the sqlitedatabase with their crypted password.
@@ -46,7 +52,12 @@ $defaults['secondaryns'] = 'unconfigured.secondaryns';  # The value of the secon
 $defaults['ttl']         = 3600;                        # Default TTL for records
 $defaults['priority']    = 0;                           # Default for priority in records
 
+$blocklogin = FALSE;
 
+if (!preg_match('/^(xapikey|userpass|auto)$/', $authmethod)) {
+    $errormsg = "The value for $authmethod is incorrect in your config";
+    $blocklogin = TRUE;
+}
 
 
 /* No need to change stuf below */

index.php

@@ -4,6 +4,8 @@ include_once('includes/config.inc.php');
 include_once('includes/session.inc.php');
 include_once('includes/misc.inc.php');
 
+global $errormsg, $blocklogin;
+
 if (isset($_GET['logout']) or isset($_POST['logout'])) {
     logout();
     header("Location: index.php");
@@ -71,7 +73,7 @@ if (!is_logged_in()) {
                 ?>
                 <tr>
                     <td></td>
-                    <td><input type="submit" name="submit" value="Log me in!"></td>
+                    <td><input type="submit" name="submit" value="Log me in!" <?php if ($blocklogin === TRUE)) { echo "disabled"; }; ?>></td>
                 </tr>
             </table>
             <input type="hidden" name="formname" value="loginform">

zones.php

@@ -11,12 +11,29 @@ if (!is_csrf_safe()) {
 }
 
 function api_request($path, $opts = null, $type = null) {
-    global $apisid, $apiuser, $apipass, $apiip, $apiport;
+    global $apisid, $apiuser, $apipass, $apiip, $apiport, $authmethod;
 
     $url = "http://$apiip:$apiport${path}";
 
+    if ($authmethod == "auto") {
+        $ad = curl_init();
+        curl_setopt($ad, CURLOPT_HTTPHEADER, array('X-API-Key: '.$apipass));
+        curl_setopt($ad, CURLOPT_URL, "http://$apiip:$apiport/servers/localhost/statistics");
+        curl_setopt($ad, CURLOPT_RETURNTRANSFER, 1);
+        curl_exec($ad);
+        if (curl_getinfo($ad, CURLINFO_HTTP_CODE) == 401) {
+            $authmethod = 'userpass';
+        } else {
+            $authmethod = 'xapikey';
+        }
+    }
+
     $ch = curl_init();
-    curl_setopt($ch, CURLOPT_USERPWD, "$apiuser:$apipass");
+    if ($authmethod == "xapikey") {
+        curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-API-Key: '.$apipass));
+    } else {
+        curl_setopt($ch, CURLOPT_USERPWD, "$apiuser:$apipass");
+    }
     curl_setopt($ch, CURLOPT_URL, $url); 
     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
     if ($opts) {