If we login via the apikey, show it in the session

If we add a zone via the api, and the owner doesn't exist yet, create it.

includes/session.inc.php

@@ -13,12 +13,13 @@ function is_logged_in() {
         global $adminapikey;
         global $adminapiips;
 
-        if (isset($adminapikey) && isset($allowedips)) {
+        if (isset($adminapikey) && isset($adminapiips)) {
             if (array_search($_SERVER['REMOTE_ADDR'], $adminapiips) !== FALSE) {
                 if ($_POST['adminapikey'] == $adminapikey) {
                     # Allow this request, fake that we're logged in.
                     set_logged_in('admin');
                     set_is_adminuser();
+                    $_SESSION['apientrance'] = 'true';
                     return TRUE;
                 }
             }
@@ -27,6 +28,17 @@ function is_logged_in() {
     }
 }
 
+function set_apiuser() {
+    $_SESSION['apientrance'] = 'true';
+}
+
+function is_apiuser() {
+    if (isset($_SESSION['apientrance']) && $_SESSION['apientrance'] = 'true') {
+        return TRUE;
+    }
+    return FALSE;
+}
+
 function set_logged_in($login_user) {
     $_SESSION['logged_in'] = 'true';
     $_SESSION['username']  = $login_user;

zones.php

@@ -118,6 +118,13 @@ function add_db_zone($zone, $owner) {
     if (_valid_label($zone) === FALSE) {
         jtable_respond(null, 'error', "$zone is not a valid zonename");
     }
+
+    if (is_apiuser()) {
+        if (!get_user_info($owner)) {
+            add_user($owner);
+        }
+    }
+
     $db = get_db();
     $q = $db->prepare("INSERT OR REPLACE INTO zones (zone, owner) VALUES (?, (SELECT id FROM users WHERE emailaddress = ?))");
     $q->bindValue(1, $zone, SQLITE3_TEXT);