From 7f35f25869795abb515002d9f37146401d21d6eb Mon Sep 17 00:00:00 2001
From: Mark Schouten <mark@tuxis.nl>
Date: Fri, 26 Sep 2014 14:02:22 +0200
Subject: [PATCH] If we login via the apikey, show it in the session If we add
 a zone via the api, and the owner doesn't exist yet, create it.

---
 includes/session.inc.php | 14 +++++++++++++-
 zones.php                |  7 +++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/includes/session.inc.php b/includes/session.inc.php
index d383898..51e5719 100644
--- a/includes/session.inc.php
+++ b/includes/session.inc.php
@@ -13,12 +13,13 @@ function is_logged_in() {
         global $adminapikey;
         global $adminapiips;
 
-        if (isset($adminapikey) && isset($allowedips)) {
+        if (isset($adminapikey) && isset($adminapiips)) {
             if (array_search($_SERVER['REMOTE_ADDR'], $adminapiips) !== FALSE) {
                 if ($_POST['adminapikey'] == $adminapikey) {
                     # Allow this request, fake that we're logged in.
                     set_logged_in('admin');
                     set_is_adminuser();
+                    $_SESSION['apientrance'] = 'true';
                     return TRUE;
                 }
             }
@@ -27,6 +28,17 @@ function is_logged_in() {
     }
 }
 
+function set_apiuser() {
+    $_SESSION['apientrance'] = 'true';
+}
+
+function is_apiuser() {
+    if (isset($_SESSION['apientrance']) && $_SESSION['apientrance'] = 'true') {
+        return TRUE;
+    }
+    return FALSE;
+}
+
 function set_logged_in($login_user) {
     $_SESSION['logged_in'] = 'true';
     $_SESSION['username']  = $login_user;
diff --git a/zones.php b/zones.php
index 4b561af..caf55b7 100644
--- a/zones.php
+++ b/zones.php
@@ -118,6 +118,13 @@ function add_db_zone($zone, $owner) {
     if (_valid_label($zone) === FALSE) {
         jtable_respond(null, 'error', "$zone is not a valid zonename");
     }
+
+    if (is_apiuser()) {
+        if (!get_user_info($owner)) {
+            add_user($owner);
+        }
+    }
+
     $db = get_db();
     $q = $db->prepare("INSERT OR REPLACE INTO zones (zone, owner) VALUES (?, (SELECT id FROM users WHERE emailaddress = ?))");
     $q->bindValue(1, $zone, SQLITE3_TEXT);