<?php
/*************************************************************************************************

    ddnsadddomain.php
    Make Domain Name Table for DDNS

        2013.07.27 Ver.1.0 Masashi.org
        2019.10.04 Ver.1.1 Masashi.org (mysqli etc)

***************************************************************************************************/
include "ddnscommon.php";

//
include "del_nday_file.php";
if(
del_nday_file(1)){die();}
//
//Items by POST method
$array = array("username","mailaddress","domain","p_temp","password","confirm");

for(
$i=0;$array[$i];$i++){
    $
$array[$i] = $_POST["{$array[$i]}"];
}

//Items by GET method
$temp $_GET['temp'];

// checking each value

// Check login information (username & password)
$link mysqli_connect($db_host $db_user $db_pass $db_name);
if (
mysqli_connect_errno() > 0) {
  die(
"DB Connection error: " mysqli_connect_error());
}

$pw_md5 md5($password);
$sql sprintf("SELECT email,su FROM userdata WHERE username='%s' AND password='%s'",
        
mysqli_real_escape_string($link,$username),
        
mysqli_real_escape_string($link,$pw_md5));

$rs mysqli_query($link,$sql);
$item mysqli_fetch_array($rs);

mysqli_close($link);

if(!
$item && $username && $password){
    
$flag_illegal_logindata1;
    
$flag_illegal 1;
}

// Check domain name format
$domain str_replace(" ",null,$domain);
if(!
preg_match("/^[0-9a-z][0-9a-z\-]+[0-9a-z]+\.[a-z]+$/",$domain) && $domain){
    
$flag_illegal_domain1;
    
$flag_illegal 1;
}

if((
$mailaddress != $item['email']) && $item){
    
$flag_mailaddress_not_match 1;
    
$flag_illegal 1;
}

if(!
$item['su'] && $item){
    
$flag_no_privilege 1;
    
$flag_illegal 1;
}


/******************************  Output HTML header **********************************************/
include "ddnsheader.php";
echo<<<EOH
<TITLE>Register Domain Name for DDNS -{$org_name}-</TITLE>
</HEAD>
EOH;

echo<<<EOH
<BODY>
<h1>Register Domain Name for DDNS</h1>
EOH;

/*************************************************************************************************

    STEP 4.
    When temporary file name is sent by GET, show password input panel.

***************************************************************************************************/
if($temp){
    
$tempfile "./temporary/$temp";
    if(!
file_exists($tempfile)){
        echo 
"URL is invalid";
    }else{
        
$list file($tempfile);
        for(
$i=0;$list[$i];$i++){
            
$list[$i] = explode(",",$list[$i]);
            
$list[$list[$i][0]] = $list[$i][1];
        }
        echo <<<EOF
<h2>STEP 4 : E-mail Confirmatin</h2>
<form action="
{$_SERVER['SCRIPT_NAME']}" method="post">
    <input type="hidden" name="username" value="
{$list['username']}">
    <input type="hidden" name="mailaddress" value="
{$list['mailaddress']}">
    <input type="hidden" name="domain" value="
{$list['domain']}">
    <input type="hidden" name="p_temp" value="
$temp">
    <table border=0>
        <tr>
            <td>User ID</td><td>:</td>
            <td>
                
{$list['username']}
            </td>
        </tr>
        <tr>
            <td>E-mail address</td><td>:</td>
            <td>
                
{$list['mailaddress']}
            </td>
        </tr>
        <tr>
            <td>Domain Name</td><td>:</td>
            <td>
                
{$list['domain']}
            </td>
        </tr>
        <tr>
            <td>Password</td><td>:</td>
            <td>
                <input type="password" name="password" size=20 maxlength=20>
            </td>
        </tr>
    </table>
    <br />
    <input type="submit" value="Register Domain Name">
</form>
EOF;
    }


/*************************************************************************************************

    STEP 5. and STEP 6.
    When all data by POST, check them and proceed user registration.

***************************************************************************************************/
}elseif($username && $mailaddress && $domain && $p_temp){
    
$tempfile "./temporary/$p_temp";
    if(!
file_exists($tempfile)){
        echo 
"ERROR: Not found temporary file.<br /><hr />";
        echo 
"<a href=\"./\">Return to homepage</a> -".$org_name."-";
        die();
    }
    
$list file($tempfile);
    for(
$i=0;$list[$i];$i++){
        
$list[$i] = explode(",",$list[$i]);
        
$list[$list[$i][0]] = $list[$i][1];
    }


    
$link mysqli_connect($db_host $db_user $db_pass $db_name);
    if (
mysqli_connect_errno() > 0) {
      die(
"DB Connection error: " mysqli_connect_error());
    }

    
$pw_md5 md5($password);

    
$sql sprintf("SELECT email,su FROM userdata WHERE username='%s' AND password='%s'",
        
mysqli_real_escape_string($link,$username),
        
mysqli_real_escape_string($link,$pw_md5));
    
$rs mysqli_query($link,$sql);
    
$item mysqli_fetch_array($rs);
    
mysqli_close($link);

    if(!
$item){

// STEP 6.

        
echo <<<EOF
<h2>STEP 4 : E-mail Confirmatin</h2>
<form action="
{$_SERVER['SCRIPT_NAME']}" method="post">
    <input type="hidden" name="username" value="
{$list['username']}">
    <input type="hidden" name="mailaddress" value="
{$list['mailaddress']}">
    <input type="hidden" name="domain" value="
{$list['domain']}">
    <input type="hidden" name="p_temp" value="
$p_temp">
    <table border=0>
        <tr>
            <td>User ID</td><td>:</td>
            <td>
                
{$list['username']}
            </td>
        </tr>
        <tr>
            <td>E-mail address</td><td>:</td>
            <td>
                
{$list['mailaddress']}
            </td>
        </tr>
        <tr>
            <td>Domain Name</td><td>:</td>
            <td>
                
{$list['domain']}
            </td>
        </tr>
        <tr>
            <td>Password</td><td>:</td>
            <td>
                <input type="password" name="password" size=20 maxlength=20>
            </td>
        </tr>
    </table>
    <br />
    <font color="red">Password is NOT correct.</font><br />
    <input type="submit" value="Register Domain Name">
</form>
EOF;
    }elseif(!
$item['su']){
        echo 
"<font color=\"red\">You have no privilege.</font><br />";
        echo 
"Please contact to administrator<br />".$adm_mail;

// STEP 5.

    
}else{

        echo 
"<h2>STEP 5 : Result of Registration</h2>";

        
$link mysqli_connect($db_host $db_user $db_pass $db_name);
        if (
mysqli_connect_errno() > 0) {
          die(
"DB Connection error: " mysqli_connect_error());
        }

        
$sql sprintf("SELECT * FROM domain WHERE domain='%s'",
            
mysqli_real_escape_string($link,$domain));
        
$rs mysqli_query($link,$sql);
        
$item mysqli_fetch_array($rs);

        if(
$item){
            echo 
"Sorry,<br />";
            echo 
"<font color=\"red\">The domain name is already registered.</font>";
        }else{
            
$timestamp date('Y-m-d H:i:s');
            
$sql sprintf("INSERT INTO domain VALUES ( '%s' , '%s' , '$timestamp' )",
                
mysqli_real_escape_string($link,$domain),
                
mysqli_real_escape_string($link,$username));
            
$rs mysqli_query($link,$sql);
            if(!
$rs){
                echo 
"Registration failure!<br />";
                echo 
"Please contact to administration.<br />";
                echo 
$adm_mail;
            }else{
                echo 
"Registration has been completed!";
             }

        }
        
mysqli_close($link);
        
unlink($tempfile);
    }
/*************************************************************************************************

    STEP 2. STEP 3.
    When 4 data are sent by POST, display confirmation panel.
    If $confirm == YES, create templary file and send a mail.

***************************************************************************************************/
}elseif($username && $mailaddress && $domain && $password && !$flag_illegal){
        if(
$confirm == "YES"){
        echo <<<EOF
<h2>STEP 3 : Sending E-mail</h2>
EOF;
    }else{
        echo <<<EOF
<h2>STEP 2 : Confirm Sending Data</h2>
EOF;
    }
    echo <<<EOF
<table border=1>
    <tr>
        <td>User ID</td>
        <td>
            
$username
        </td>
    </tr>
    <tr>
        <td>E-mail address</td>
        <td>
            
$mailaddress
        </td>
    </tr>
    <tr>
        <td>Domain Name</td>
        <td>
            
$domain
        </td>
    </tr>
</table>

EOF;
    if(
$confirm == "YES"){
        include 
"rand_str.php";
        
$random rand_str(40,'all');
        
$tempfile "./temporary/$random";
        
touch($tempfile);
        
$dat = <<<EOF
username,$username,
mailaddress,
$mailaddress,
domain,
$domain,
EOF;
        
$fp fopen($tempfile,"w");
        
fputs($fp,$dat);
        
fclose($fp);

        
$body "Pre-registration completed!\r\n";
        
$body $body."Proceed to Registration\r\n";
        
$body $body.$site_url.$_SERVER['SCRIPT_NAME']."?temp=".$random;

        
$body mb_convert_encoding($body,"JIS");
        
$subject mb_convert_encoding("Subject: ".$org_name." DDNS Domain Name pre-registration notice","JIS");

                
$msg_ng="<br />Sending mail failure<br />Please contact to administrator<br />".$adm_mail;
                
$msg_ok="<br />Pre-registration notice has been sent to your email address<br />Please proceed registration from an url in the email";
                
$msg=$msg_ng;

        
$sock fsockopen("localhost",25);
        
fputs($sock,"HELO ".$mail_srv."\r\n");
        
$result fgets($sock,128);
        if(
preg_match("(^220)",$result)){
            
fputs($sock,"MAIL FROM:<".$adm_mail.">\r\n");
            
$result fgets($sock,128);
            if(
preg_match("(^250)",$result)){
                
fputs($sock,"RCPT TO:<$mailaddress>\r\n");
                
$result fgets($sock,128);
                if(
preg_match("(^250)",$result)){
                    
fputs($sock,"DATA\r\n");
                    
$result fgets($sock,128);
                    if(
preg_match("(^250)",$result)){
                        
fputs($sock,"$subject\r\n");
                        
fputs($sock,"$body\r\n");
                        
$result fputs($sock,".\r\n");
                        if(
$result){
                            
$msg=$msg_ok;
                        }
                    }
                }
            }
        }
        echo 
$msg;
        
fclose($sock);

// STEP 2.

    
}else{

        
$link mysqli_connect($db_host $db_user $db_pass $db_name);
        if (
mysqli_connect_errno() > 0) {
          die(
"DB Connection error: " mysqli_connect_error());
        }

        
$sql sprintf("SELECT * FROM domain WHERE domain='%s'",
            
mysqli_real_escape_string($link,$domain));
        
$rs mysqli_query($link,$sql);
        
$item mysqli_fetch_array($rs);
        
mysqli_close($link);

        if(
$item){
            echo 
"Sorry,<br />";
            echo 
"<font color=\"red\">The domain name is already registered.</font>";

        }else{
            echo <<<EOF
<br />
Click on Confirm, if those informatin are correct<br />
<br />
<form action="
{$_SERVER['SCRIPT_NAME']}" method="post">\n
    <input type="hidden" name="username" value="
$username">
    <input type="hidden" name="password" value="
$password">
    <input type="hidden" name="mailaddress" value="
$mailaddress">
    <input type="hidden" name="domain" value="
$domain">
    <input type="hidden" name="confirm" value="YES">
    <input type="submit" value="Confirm">
</form>
EOF;
        }
    }

/*************************************************************************************************

    STEP 1.
    If there is no data for sending, show input form.

***************************************************************************************************/
}else{
    echo 
"<h2>STEP 1 : Input Data</h2>";
    if(
$username || $mailaddress || $domain || $password){
        if(!
$username){
            
$msg .= "User ID is missing.<br />";
        }
        if(!
$password){
            
$msg .= "Password is missing<br />";
        }
        if(
$flag_illegal_logindata){
            
$msg .= "User ID or Password is not correct.<br />";
        }
        if(!
$mailaddress){
            
$msg .= "E-mail address is missing.<br />";
        }
        if(
$flag_mailaddress_not_match && $mailaddress){
            
$msg .= "E-mail address is not registered.<br />";
        }
        if(!
$domain){
            
$msg .= "Domain name is missing.<br />";
        }
        if(
$flag_illegal_domain && $domain){
            
$msg .= "Domain name is invalid.<br />";
        }
        if(
$flag_no_privilege){
            
$msg .= "User ID has no privilege.<br />";
        }
    }
    echo 
"<font color=\"red\">$msg</font>";
    echo <<<EOF
<form action="{$_SERVER['SCRIPT_NAME']}" method="post">
    <table border=0>
        <tr>
            <td>User ID</td><td>:</td>
            <td>
                <input type="text" name="username" size=20 maxlength=20 value="
$username">
            </td>
        </tr>
        <tr>
            <td>Password</td><td>:</td>
            <td>
                <input type="password" name="password" size=20 maxlength=20>
            </td>
        </tr>
        <tr>
            <td>E-mail address</td><td>:</td>
            <td>
                <input type="text" name="mailaddress" size=40 maxlength=100 value="
$mailaddress">
            </td>
        </tr>
        <tr>
            <td>Domain Name</td><td>:</td>
            <td>
                <input type="text" name="domain" size=20 maxlength=20 value="
$domain">
            </td>
        </tr>
    </table>
    <br />
    <font color="red">Privilege is required.</font><br />
    <input type="submit" value="Register Domain Name">
</form>
EOF;

}
?>
<hr />
<a href="./">Return to homepage</a> -<?php echo $org_name;?>-
</body>
</html>