Merge remote-tracking branch 'origin/master' into issue-68

Conflicts: index.php
2025-07-23 19:42:58 +03:00 · 2017-11-07 12:03:09 +00:00 · 2017-11-07 12:03:09 +00:00 · 41d6d16a86
commit 41d6d16a86
parent dcae922075 0befe9e5ab
8 changed files with 60 additions and 30 deletions
--- a/includes/class/ApiHandler.php
+++ b/includes/class/ApiHandler.php
@ -93,12 +93,6 @@ class ApiHandler {

        curl_setopt($this->curlh, CURLOPT_URL, $this->baseurl().$this->url);

-        //print "Here we go:\n";
-        //print "Request: ".$this->method.' '.$this->baseurl().$this->url."\n";
-        //if ($this->content != '') {
-        //    print "Content: ".$this->content."\n";
-        //}
-
        $return = curl_exec($this->curlh);
        $code = curl_getinfo($this->curlh, CURLINFO_HTTP_CODE);
        $json = json_decode($return, 1);
@ -116,12 +110,11 @@ class ApiHandler {
    }

    public function call() {
-        if (substr($this->url, 0, 1) == '/') {
-            $this->apiurl();
-        } else {
-            $this->apiurl = '/';
+        if (substr($this->url, 0, 1) != '/') {
+            $this->url = '/'.$this->url;
        }
-
+        $this->apiurl();
+        $this->url = str_replace($this->apiurl, '', $this->url);
        $this->go();
    }
 }
--- a/includes/config.inc.php-dist
+++ b/includes/config.inc.php-dist
@ -41,10 +41,18 @@ $templates[] = array(
    'name' => 'Tuxis',
    'owner' => 'username', # Set to 'public' to make it available to all users
    'records' => array(
-        array(
-            'name'      => '',
-            'type'      => 'MX',
-            'content'   => '200 mx2.tuxis.nl')
+    array(
+        'name'      => '',
+        'type'      => 'MX',
+        'content'   => '200 mx2.tuxis.nl'),
+    array(
+        'name'      => '',
+        'type'      => 'A',
+        'content'   => '1.2.3.4'),
+    array(
+        'name'      => 'www',
+        'type'      => 'CNAME',
+        'content'   => '[zonename]')
    )
 );
 */
--- a/includes/misc.inc.php
+++ b/includes/misc.inc.php
@ -36,7 +36,7 @@ if (isset($defaults['primaryns'])) {
 }

 if (!isset($logo) or empty($logo)) {
-    $logo = 'http://www.tuxis.nl/uploads/images/nsedit.png';
+    $logo = 'https://www.tuxis.nl/uploads/images/nsedit.png';
 }


--- a/includes/session.inc.php
+++ b/includes/session.inc.php
@ -9,11 +9,13 @@ global $current_user;
 $current_user = false;

 // session startup
-function _set_current_user($username, $is_admin = false, $has_csrf_token = false, $is_api = false) {
+function _set_current_user($username, $userid, $localauth = true, $is_admin = false, $has_csrf_token = false, $is_api = false) {
    global $current_user;

    $current_user = array(
        'username' => $username,
+        'id' => $userid,
+        'localauth' => $localauth,
        'is_admin' => $is_admin,
        'has_csrf_token' => $has_csrf_token,
        'is_api' => $is_api,
@ -177,7 +179,7 @@ function _try_login($username, $password) {
        writelog("Failed to find user!", $username);
        return false;
    } else {
-        _set_current_user($username, (bool) $user['isadmin']);
+        _set_current_user($username, $user['id'], (bool) $do_local_auth, (bool) $user['isadmin']);

        if (session_id()) {
            session_unset();
@ -187,6 +189,8 @@ function _try_login($username, $password) {
        session_regenerate_id(true) or die('session failure: regenerated id failed');
        session_unset();
        $_SESSION['username'] = $username;
+        $_SESSION['localauth'] = $do_local_auth;
+        $_SESSION['userid'] = $user['id'];

        # requires session:
        _check_csrf_token($user);
@ -206,7 +210,7 @@ function _check_session() {
            and $_POST['adminapikey'] === $adminapikey)
        {
            # Allow this request, fake that we're logged in as user.
-            return _set_current_user('admin', true, true, true);
+            return _set_current_user('admin', 1, false, true, true, true);
        }
        else
        {
@ -222,7 +226,7 @@ function _check_session() {
                session_destroy();
                session_unset();
            } else {
-                _set_current_user($_SESSION['username'], (bool) $user['isadmin']);
+                _set_current_user($_SESSION['username'], $_SESSION['userid'], (bool) $_SESSION['localauth'], (bool) $user['isadmin']);
                _check_csrf_token($user);
                return;
            }
@ -281,6 +285,16 @@ function get_sess_user() {
    return $current_user ? $current_user['username'] : null;
 }

+function get_sess_userid() {
+    global $current_user;
+    return $current_user ? $current_user['id'] : null;
+}
+
+function has_local_auth() {
+    global $current_user;
+    return $current_user ? $current_user['localauth'] : null;
+}
+
 function logout() {
    @session_destroy();
    @session_unset();