<?php
/*************************************************************************************************

    ddnsaddhostname.php
    Add Hostname for ddns

    Original:    2007.07.26 Ver.0.01 Genki wrote http://blog.genkikko.net/etc/ddnsadduser.phps
    Modified:    2013.07.27 Ver.1.0 Masashi.org
    Modified:    2019.10.04 Ver.1.1 Masashi.org (mysqli etc)

***************************************************************************************************/
include "ddnscommon.php";

//
include "del_nday_file.php";
if(
del_nday_file(1)){die();}
//
//Misc settings
/*Domain name list*/
$link mysqli_connect($db_host $db_user $db_pass $db_name);
if (
mysqli_connect_errno() > 0) {
  die(
"DB Connection error: " mysqli_connect_error());
}

$sql "SELECT domain FROM domain";
$rs mysqli_query($link,$sql);
$ct mysqli_num_rows($rs);
for(
$i=0;$i<$ct;$i++){
        
$row mysqli_fetch_row($rs);
        
$domains[$i] = $row[0];
}
mysqli_close($link);

//prohibited sub-domain names
$invalid_subdomain = array("www[0-9]*","mail[0-9]*","ns[0-9]*","dns[0-9]*","ddns[0-9]*","album[0-9]*","blog[0-9]*","data[0-9]*","ddnsupdate");

//Items by POST method
$array = array("username","mailaddress","subdomain","domain","p_temp","password","confirm");

for(
$i=0;$array[$i];$i++){
    $
$array[$i] = $_POST["{$array[$i]}"];
}

//Items by GET method
$temp $_GET['temp'];

// checking each value
// Check login information (username & password)
$link mysqli_connect($db_host $db_user $db_pass $db_name);
if (
mysqli_connect_errno() > 0) {
  die(
"DB Connection error: " mysqli_connect_error());
}
$pw_md5 md5($password);
$sql sprintf("SELECT email,su FROM userdata WHERE username='%s' AND password='%s'",
    
mysqli_real_escape_string($link,$username),
    
mysqli_real_escape_string($link,$pw_md5));
$rs mysqli_query($link,$sql);
$item mysqli_fetch_array($rs);

mysqli_close($link);

if(!
$item && $username && $password){
    
$flag_illegal_logindata1;
    
$flag_illegal 1;
}

$subdomain str_replace(" ",null,$subdomain);
if(!
preg_match("(^[a-z]+[0-9a-z]+)",$subdomain) && $subdomain){
    
$flag_illegal_subdomain1;
    
$flag_illegal 1;
}

if((
$mailaddress != $item['email']) && $item){
        
$flag_mailaddress_not_match 1;
        
$flag_illegal 1;
}

for(
$i=0;$domains[$i];$i++){
    if(
preg_match("($domains[$i])",$domain)){
        
$flag_legal_domain 1;
    }
}
if(!
$flag_legal_domain){
    
$flag_illegal_domain 1;
    
$flag_illegal 1;
}
for(
$i=0;$invalid_subdomain[$i];$i++){
    if(
preg_match("(^{$invalid_subdomain[$i]}$)",$subdomain)){
        
$subdomain null;
        
$flag_invalid_subdomain 1;
    }
}

/******************************  Output HTML header **********************************************/
include "ddnsheader.php";
echo<<<EOH
<TITLE>Register Hostname for DDNS -{$org_name}-</TITLE>
</HEAD>
EOH;

echo<<<EOH
<BODY>
<h1>Register Hostname for DDNS</h1>
EOH;

/*************************************************************************************************

    STEP 4.
    When temporary file name is sent by GET, show password input panel.

***************************************************************************************************/
if($temp){
    
$tempfile "./temporary/$temp";
    if(!
file_exists($tempfile)){
        echo 
"URL is invalid";
    }else{
        
$list file($tempfile);
        for(
$i=0;$list[$i];$i++){
            
$list[$i] = explode(",",$list[$i]);
            
$list[$list[$i][0]] = $list[$i][1];
        }
        echo <<<EOF
<h2>STEP 4 : E-mail Confirmatin</h2>
<form action="
{$_SERVER['SCRIPT_NAME']}" method="post">
    <input type="hidden" name="username" value="
{$list['username']}">
    <input type="hidden" name="mailaddress" value="
{$list['mailaddress']}">
    <input type="hidden" name="subdomain" value="
{$list['subdomain']}">
    <input type="hidden" name="domain" value="
{$list['domain']}">
    <input type="hidden" name="p_temp" value="
$temp">
    <table border=1>
        <tr>
            <td>
                User ID
            </td>
            <td>
                
{$list['username']}
            </td>
        </tr>
        <tr>
            <td>
                E-mail address
            </td>
            <td>
                
{$list['mailaddress']}
            </td>
        </tr>
        <tr>
            <td>
                Hostname
            </td>
            <td>
                
{$list['subdomain']}.{$list['domain']}
            </td>
        </tr>
        <tr>
            <td>
                Password
            </td>
            <td>
                <input type="password" name="password" size=20 maxlength=20>
            </td>
        </tr>
    </table>
    <br />
    <input type="submit" value="Register Hostname">
</form>
<hr />
<a href="./">Return to homepage</a> -
EOF;
echo 
$org_name."-";
    }


/*************************************************************************************************

    STEP 5. and STEP 6.
    When all data by POST, check them and proceed user registration.

***************************************************************************************************/
}elseif($username && $mailaddress && $subdomain && $domain && $p_temp){
    
$tempfile "./temporary/$p_temp";
    if(!
file_exists($tempfile)){
        echo 
"ERROR: Not found temporary file.<br /><br />";
        echo 
"<a href=\"./\">Return to homepage</a> -".$org_name."-";
        die();
    }
    
$list file($tempfile);
    for(
$i=0;$list[$i];$i++){
        
$list[$i] = explode(",",$list[$i]);
        
$list[$list[$i][0]] = $list[$i][1];
    }

    
$link mysqli_connect($db_host $db_user $db_pass $db_name);
    if (
mysqli_connect_errno() > 0) {
      die(
"DB Connection error: " mysqli_connect_error());
    }
    
$pw_md5 md5($password);

    
$sql sprintf("SELECT email,su FROM userdata WHERE username='%s' AND password='%s'",
        
mysqli_real_escape_string($link,$username),
        
mysqli_real_escape_string($link,$pw_md5));
    
$rs mysqli_query($link,$sql);
    
$item mysqli_fetch_array($rs);
    
mysqli_close($link);

    if(!
$item){

// STEP 6.

        
echo <<<EOF

<h2>STEP 4 : E-mail Confirmatin</h2>
<form action="
{$_SERVER['SCRIPT_NAME']}" method="post">
    <input type="hidden" name="username" value="
{$list['username']}">
    <input type="hidden" name="mailaddress" value="
{$list['mailaddress']}">
    <input type="hidden" name="subdomain" value="
{$list['subdomain']}">
    <input type="hidden" name="domain" value="
{$list['domain']}">
    <input type="hidden" name="p_temp" value="
$p_temp">
    <table border=1>
        <tr>
            <td>User ID</td>
            <td>
                
{$list['username']}
            </td>
        </tr>
        <tr>
            <td>E-mail address</td>
            <td>
                
{$list['mailaddress']}
            </td>
        </tr>
        <tr>
            <td>Hostname</td>
            <td>
                
{$list['subdomain']}.{$list['domain']}
            </td>
        </tr>
        <tr>
            <td>Password</td>
            <td>
                <input type="password" name="password" size=20 maxlength=20>
            </td>
        </tr>
    </table>
    <br />
    <input type="submit" value="Register Hostname">
</form>
<br />
<font color="red">Password is NOT correct.</font>
EOF;

// STEP 5.

    
}else{

        echo 
"<h2>STEP 5 : Register your IP Address</h2>";

        
$link mysqli_connect($db_host $db_user $db_pass $db_name);
        if (
mysqli_connect_errno() > 0) {
          die(
"DB Connection error: " mysqli_connect_error());
        }
        
$hostname =$subdomain.".".$domain;
        
$sql sprintf("SELECT * FROM hostdata WHERE hostname='%s'",
            
mysqli_real_escape_string($link,$hostname));
        
$rs mysqli_query($link,$sql);
        
$item mysqli_fetch_array($rs);

        if(
$item){
            echo 
"Sorry,<br />";
            echo 
"The hostname is already used.<br />";
            echo 
"Please try other names.<hr />";
        }else{
            
$ipaddress $_SERVER['REMOTE_ADDR'];
            
$timestamp date('Y-m-d H:i:s');
            
$t0 "0000-00-00 00:00:00";
            
$sql sprintf("INSERT INTO hostdata VALUES ( '%s' , '%s' , '%s' , '0.0.0.0' , '$t0' ,'$t0' , '%s' , '$timestamp')",
                
mysqli_real_escape_string($link,$username),
                
mysqli_real_escape_string($link,$domain),
                
mysqli_real_escape_string($link,$hostname),
                
mysqli_real_escape_string($link,$ipaddress));
            
$rs mysqli_query($link,$sql);
            if(!
$rs){
                echo 
"Registration failure!<br />";
                echo 
"Please contact to administration.<br />";
                echo 
$adm_mail."<hr />";
            }else{
                echo 
"Hostname Registration has been completed!<br /><br />";
                echo <<<EOF
<form action="./ddnsupdate.php" method="post">
    <table border=0>
        <tr>
            <td>User ID</td><td>:</td>
                        <td>
                <input type="text" name="username" size=20 maxlength=20 value="
{$username}">
            </td>
        </tr>
        <tr>
            <td>Password</td><td>:</td>
            <td>
                <input type="password" name="password" size=20 maxlength=20 value="
{$password}">
            </td>
        </tr>
        <tr>
            <td>IP address</td><td>:</td>
            <td>
                <input type="text" name="ipaddress" size=20 maxlength=20 value="
{$_SERVER['REMOTE_ADDR']}">
        </td>
        </tr>
        <tr>
            <td>Hostname</td><td>:</td>
            <td>
                <input type="text" name="subdomain" size=20 maxlength=20 value="
{$subdomain}">
                <select name="domain">
                <option value="">- Select Domain Name -
EOF;
                
// Create Index from array of $domain
                
for($i=0;$domains[$i];$i++){
                    if(
$domains[$i] == $domain){
                        echo 
"<option value=\"{$domains[$i]}\" selected>.{$domains[$i]}\n";
                    }else{
                        echo 
"<option value=\"{$domains[$i]}\">.{$domains[$i]}\n";
                    }
                }
                echo <<<EOF
                </select>
            </td>
        </tr>
    </table>
    <br />
    <input type="submit" value="Register IP Address">
</form>
<br />
EOF;
            }
        }
        
mysqli_close($link);
        
unlink($tempfile);
    }
    echo <<<EOF
    <hr />
    <a href="./">Return to homepage</a> -
EOF;
echo 
$org_name."-";

/*************************************************************************************************

    STEP 2. STEP 3.
    When 4 data are sent by POST, display confirmation panel.
    If $confirm == YES, create templary file and send a mail.

***************************************************************************************************/
}elseif($username && $mailaddress && $subdomain && $domain && $password && !$flag_illegal){
    if(
$confirm == "YES"){
        echo <<<EOF
<h2>STEP 3 : Sending E-mail</h2>
EOF;
    }else{
        echo <<<EOF
<h2>STEP 2 : Confirm Data to send</h2>
EOF;
    }
    echo <<<EOF
<table border=1>
    <tr>
        <td>User ID</td>
        <td>
            
$username
        </td>
    </tr>
    <tr>
        <td>E-mail address</td>
        <td>
            
$mailaddress
        </td>
    </tr>
    <tr>
        <td>Hostname</td>
        <td>
            
$subdomain.$domain
        </td>
    </tr>
</table>

EOF;
    if(
$confirm == "YES"){
        include 
"rand_str.php";
        
$random rand_str(40,'all');
        
$tempfile "./temporary/$random";
        
touch($tempfile);
        
$dat = <<<EOF
username,$username,
mailaddress,
$mailaddress,
subdomain,
$subdomain,
domain,
$domain,
EOF;
        
$fp fopen($tempfile,"w");
        
fputs($fp,$dat);
        
fclose($fp);

        
$body "Pre-registration completed!\r\n";
        
$body $body."Proceed to Registration\r\n";
        
$body $body.$site_url.$_SERVER['SCRIPT_NAME']."?temp=".$random;

        
$body mb_convert_encoding($body,"JIS");
        
$subject mb_convert_encoding("Subject: ".$org_name." DDNS Hostname pre-registration notice","JIS");

                
$msg_ng="<br />Sending mail failure<br />Please contact to administrator<br />".$adm_mail;
                
$msg_ok="<br />Pre-registration notice has been sent to your email address<br />Please proceed registration from an url in the email";
                
$msg=$msg_ng;

        
$sock fsockopen("localhost",25);
        
fputs($sock,"HELO ".$mail_srv."\r\n");
        
$result fgets($sock,128);
        if(
preg_match("(^220)",$result)){
            
fputs($sock,"MAIL FROM:<".$adm_mail.">\r\n");
            
$result fgets($sock,128);
            if(
preg_match("(^250)",$result)){
                
fputs($sock,"RCPT TO:<$mailaddress>\r\n");
                
$result fgets($sock,128);
                if(
preg_match("(^250)",$result)){
                    
fputs($sock,"DATA\r\n");
                    
$result fgets($sock,128);
                    if(
preg_match("(^250)",$result)){
                        
fputs($sock,"$subject\r\n");
                        
fputs($sock,"$body\r\n");
                        
$result fputs($sock,".\r\n");
                        if(
$result){
                            
$msg=$msg_ok;
                        }
                    }
                }
            }
        }
        echo 
$msg;
        
fclose($sock);

// STEP 2.

    
}else{

        
$link mysqli_connect($db_host $db_user $db_pass $db_name);
        if (
mysqli_connect_errno() > 0) {
          die(
"DB Connection error: " mysqli_connect_error());
        }
        
$hostname =$subdomain.".".$domain;
        
$sql sprintf("SELECT * FROM hostdata WHERE hostname='%s'",
            
mysqli_real_escape_string($link,$hostname));
        
$rs mysqli_query($link,$sql);
        
$item mysqli_fetch_array($rs);
        
mysqli_close($link);

        if(
$item){
            echo 
"Sorry,<br />";
            echo 
"<font color=\"red\">The hostname is already registered.</font><hr />";
            echo 
"<a href=\"./\">Return to homepage</a> -".$org_name."-";
            die();

        }else{

            echo <<<EOF
<br />
Click on "Confirm", if those informatin are correct.<br />
<br />
<form action="
{$_SERVER['SCRIPT_NAME']}" method="post">\n
    <input type="hidden" name="username" value="
$username">
    <input type="hidden" name="password" value="
$password">
    <input type="hidden" name="mailaddress" value="
$mailaddress">
    <input type="hidden" name="subdomain" value="
$subdomain">
    <input type="hidden" name="domain" value="
$domain">
    <input type="hidden" name="confirm" value="YES">
    <input type="submit" value="Confirm to Send an E-mail">
</form>
<hr />
<a href="./">Return to homepage</a> -
EOF;
echo 
$org_name."-";
        }
    }

/*************************************************************************************************

    STEP 1.
    If there is no data for sending, show input form.

***************************************************************************************************/
}else{
    echo 
"<h2>STEP 1 : Input Data</h2>";
    if(
$username || $mailaddress || $subdomain || $password){
        if(!
$username){
            
$msg .= "User ID is missing.<br />";
        }
        if(!
$password){
            
$msg .= "Password is missing<br />";
        }
        if(
$flag_illegal_logindata){
            
$msg .= "The User ID or Password is not correct.<br />";
        }
        if(!
$mailaddress){
            
$msg .= "E-mail address is missing.<br />";
        }
        if(
$flag_mailaddress_not_match){
            
$msg .= "The E-mail address is not registered.<br />";
        }
        if(!
$subdomain){
            if(
$flag_invalid_subdomain){
                
$msg .= "The sub-domain is unavailable. Please chose another.<br />";
            }else{
                
$msg .= "Sub-domain is missing.<br />";
            }
        }
        if(
$flag_illegal_subdomain){
            
$msg .= "The Sub-domain is invalid. Not less than 2 characters,1st character shall be alphabet.<br />";
        }
        if(
$flag_illegal_domain){
            
$msg .= "The Domain name is invalid. Please chose form the select box.<br />";
        }
    }

    echo 
"<font color=\"red\">$msg</font>";

    echo <<<EOF
<form action="{$_SERVER['SCRIPT_NAME']}" method="post">
    <table border=0>
        <tr>
            <td>User ID</td><td>:</td>
            <td>
                <input type="text" name="username" size=20 maxlength=20 value="
$username">
            </td>
        </tr>
        <tr>
            <td>Password</td><td>:</td>
            <td>
                <input type="password" name="password" size=20 maxlength=20>
            </td>
        </tr>
        <tr>
            <td>E-mail address</td><td>:</td>
            <td>
                <input type="text" name="mailaddress" size=40 maxlength=100 value="
$mailaddress">
            </td>
        </tr>
        <tr>
            <td>Hostname</td><td>:</td>
            <td>
                <input type="text" name="subdomain" size=20 maxlength=20 value="
$subdomain">
                <select name="domain">
                    <option value="">- Select Domain Name -
EOF;
    for(
$i=0;$domains[$i];$i++){
        if(
$domains[$i] == $domain){
            echo 
"<option value=\"{$domains[$i]}\" selected>.{$domains[$i]}\n";
        }else{
            echo 
"<option value=\"{$domains[$i]}\">.{$domains[$i]}\n";
        }
    }
    echo <<<EOF
                </select>
            </td>
        </tr>
    </table>
    <br />
    <input type="submit" value="Register Hostname">
</form>
<hr />
<a href="./">Return to homepage</a> -
EOF;
echo 
$org_name."-";

}

echo <<<EOF
</BODY>
</HTML>
EOF;

?>