<?php
/*************************************************************************************************

    ddnsaddhostname.php
    Add Hostname for ddns

    Original:    2007.07.26 Ver.0.01 Genki wrote http://blog.genkikko.net/etc/ddnsadduser.phps
    Modified:    2013.07.27 Ver.1.0 Masashi.org
    Modified:    2019.10.04 Ver.1.1 Masashi.org (mysqli etc)

***************************************************************************************************/
include "ddnscommon.php";

//
include "del_nday_file.php";
if(del_nday_file(1)){die();}
//
//Misc settings
/*Domain name list*/
$link = mysqli_connect($db_host , $db_user , $db_pass , $db_name);
if (mysqli_connect_errno() > 0) {
  die("DB Connection error: " . mysqli_connect_error());
}

$sql = "SELECT domain FROM domain";
$rs = mysqli_query($link,$sql);
$ct = mysqli_num_rows($rs);
for($i=0;$i<$ct;$i++){
        $row = mysqli_fetch_row($rs);
        $domains[$i] = $row[0];
}
mysqli_close($link);

//prohibited sub-domain names
$invalid_subdomain = array("www[0-9]*","mail[0-9]*","ns[0-9]*","dns[0-9]*","ddns[0-9]*","album[0-9]*","blog[0-9]*","data[0-9]*","ddnsupdate");

//Items by POST method
$array = array("username","mailaddress","subdomain","domain","p_temp","password","confirm");

for($i=0;$array[$i];$i++){
    $$array[$i] = $_POST["{$array[$i]}"];
}

//Items by GET method
$temp = $_GET['temp'];

// checking each value
// Check login information (username & password)
$link = mysqli_connect($db_host , $db_user , $db_pass , $db_name);
if (mysqli_connect_errno() > 0) {
  die("DB Connection error: " . mysqli_connect_error());
}
$pw_md5 = md5($password);
$sql = sprintf("SELECT email,su FROM userdata WHERE username='%s' AND password='%s'",
    mysqli_real_escape_string($link,$username),
    mysqli_real_escape_string($link,$pw_md5));
$rs = mysqli_query($link,$sql);
$item = mysqli_fetch_array($rs);

mysqli_close($link);

if(!$item && $username && $password){
    $flag_illegal_logindata= 1;
    $flag_illegal = 1;
}

$subdomain = str_replace(" ",null,$subdomain);
if(!preg_match("(^[a-z]+[0-9a-z]+)",$subdomain) && $subdomain){
    $flag_illegal_subdomain= 1;
    $flag_illegal = 1;
}

if(($mailaddress != $item['email']) && $item){
        $flag_mailaddress_not_match = 1;
        $flag_illegal = 1;
}

for($i=0;$domains[$i];$i++){
    if(preg_match("($domains[$i])",$domain)){
        $flag_legal_domain = 1;
    }
}
if(!$flag_legal_domain){
    $flag_illegal_domain = 1;
    $flag_illegal = 1;
}
for($i=0;$invalid_subdomain[$i];$i++){
    if(preg_match("(^{$invalid_subdomain[$i]}$)",$subdomain)){
        $subdomain = null;
        $flag_invalid_subdomain = 1;
    }
}

/******************************  Output HTML header **********************************************/
include "ddnsheader.php";
echo<<<EOH
<TITLE>Register Hostname for DDNS -{$org_name}-</TITLE>
</HEAD>
EOH;

echo<<<EOH
<BODY>
<h1>Register Hostname for DDNS</h1>
EOH;

/*************************************************************************************************

    STEP 4.
    When temporary file name is sent by GET, show password input panel.

***************************************************************************************************/
if($temp){
    $tempfile = "./temporary/$temp";
    if(!file_exists($tempfile)){
        echo "URL is invalid";
    }else{
        $list = file($tempfile);
        for($i=0;$list[$i];$i++){
            $list[$i] = explode(",",$list[$i]);
            $list[$list[$i][0]] = $list[$i][1];
        }
        echo <<<EOF
<h2>STEP 4 : E-mail Confirmatin</h2>
<form action="{$_SERVER['SCRIPT_NAME']}" method="post">
    <input type="hidden" name="username" value="{$list['username']}">
    <input type="hidden" name="mailaddress" value="{$list['mailaddress']}">
    <input type="hidden" name="subdomain" value="{$list['subdomain']}">
    <input type="hidden" name="domain" value="{$list['domain']}">
    <input type="hidden" name="p_temp" value="$temp">
    <table border=1>
        <tr>
            <td>
                User ID
            </td>
            <td>
                {$list['username']}
            </td>
        </tr>
        <tr>
            <td>
                E-mail address
            </td>
            <td>
                {$list['mailaddress']}
            </td>
        </tr>
        <tr>
            <td>
                Hostname
            </td>
            <td>
                {$list['subdomain']}.{$list['domain']}
            </td>
        </tr>
        <tr>
            <td>
                Password
            </td>
            <td>
                <input type="password" name="password" size=20 maxlength=20>
            </td>
        </tr>
    </table>
    <br />
    <input type="submit" value="Register Hostname">
</form>
<hr />
<a href="./">Return to homepage</a> -
EOF;
echo $org_name."-";
    }


/*************************************************************************************************

    STEP 5. and STEP 6.
    When all data by POST, check them and proceed user registration.

***************************************************************************************************/
}elseif($username && $mailaddress && $subdomain && $domain && $p_temp){
    $tempfile = "./temporary/$p_temp";
    if(!file_exists($tempfile)){
        echo "ERROR: Not found temporary file.<br /><br />";
        echo "<a href=\"./\">Return to homepage</a> -".$org_name."-";
        die();
    }
    $list = file($tempfile);
    for($i=0;$list[$i];$i++){
        $list[$i] = explode(",",$list[$i]);
        $list[$list[$i][0]] = $list[$i][1];
    }

    $link = mysqli_connect($db_host , $db_user , $db_pass , $db_name);
    if (mysqli_connect_errno() > 0) {
      die("DB Connection error: " . mysqli_connect_error());
    }
    $pw_md5 = md5($password);

    $sql = sprintf("SELECT email,su FROM userdata WHERE username='%s' AND password='%s'",
        mysqli_real_escape_string($link,$username),
        mysqli_real_escape_string($link,$pw_md5));
    $rs = mysqli_query($link,$sql);
    $item = mysqli_fetch_array($rs);
    mysqli_close($link);

    if(!$item){

// STEP 6.

        echo <<<EOF

<h2>STEP 4 : E-mail Confirmatin</h2>
<form action="{$_SERVER['SCRIPT_NAME']}" method="post">
    <input type="hidden" name="username" value="{$list['username']}">
    <input type="hidden" name="mailaddress" value="{$list['mailaddress']}">
    <input type="hidden" name="subdomain" value="{$list['subdomain']}">
    <input type="hidden" name="domain" value="{$list['domain']}">
    <input type="hidden" name="p_temp" value="$p_temp">
    <table border=1>
        <tr>
            <td>User ID</td>
            <td>
                {$list['username']}
            </td>
        </tr>
        <tr>
            <td>E-mail address</td>
            <td>
                {$list['mailaddress']}
            </td>
        </tr>
        <tr>
            <td>Hostname</td>
            <td>
                {$list['subdomain']}.{$list['domain']}
            </td>
        </tr>
        <tr>
            <td>Password</td>
            <td>
                <input type="password" name="password" size=20 maxlength=20>
            </td>
        </tr>
    </table>
    <br />
    <input type="submit" value="Register Hostname">
</form>
<br />
<font color="red">Password is NOT correct.</font>
EOF;

// STEP 5.

    }else{

        echo "<h2>STEP 5 : Register your IP Address</h2>";

        $link = mysqli_connect($db_host , $db_user , $db_pass , $db_name);
        if (mysqli_connect_errno() > 0) {
          die("DB Connection error: " . mysqli_connect_error());
        }
        $hostname =$subdomain.".".$domain;
        $sql = sprintf("SELECT * FROM hostdata WHERE hostname='%s'",
            mysqli_real_escape_string($link,$hostname));
        $rs = mysqli_query($link,$sql);
        $item = mysqli_fetch_array($rs);

        if($item){
            echo "Sorry,<br />";
            echo "The hostname is already used.<br />";
            echo "Please try other names.<hr />";
        }else{
            $ipaddress = $_SERVER['REMOTE_ADDR'];
            $timestamp = date('Y-m-d H:i:s');
            $t0 = "0000-00-00 00:00:00";
            $sql = sprintf("INSERT INTO hostdata VALUES ( '%s' , '%s' , '%s' , '0.0.0.0' , '$t0' ,'$t0' , '%s' , '$timestamp')",
                mysqli_real_escape_string($link,$username),
                mysqli_real_escape_string($link,$domain),
                mysqli_real_escape_string($link,$hostname),
                mysqli_real_escape_string($link,$ipaddress));
            $rs = mysqli_query($link,$sql);
            if(!$rs){
                echo "Registration failure!<br />";
                echo "Please contact to administration.<br />";
                echo $adm_mail."<hr />";
            }else{
                echo "Hostname Registration has been completed!<br /><br />";
                echo <<<EOF
<form action="./ddnsupdate.php" method="post">
    <table border=0>
        <tr>
            <td>User ID</td><td>:</td>
                        <td>
                <input type="text" name="username" size=20 maxlength=20 value="{$username}">
            </td>
        </tr>
        <tr>
            <td>Password</td><td>:</td>
            <td>
                <input type="password" name="password" size=20 maxlength=20 value="{$password}">
            </td>
        </tr>
        <tr>
            <td>IP address</td><td>:</td>
            <td>
                <input type="text" name="ipaddress" size=20 maxlength=20 value="{$_SERVER['REMOTE_ADDR']}">
        </td>
        </tr>
        <tr>
            <td>Hostname</td><td>:</td>
            <td>
                <input type="text" name="subdomain" size=20 maxlength=20 value="{$subdomain}">
                <select name="domain">
                <option value="">- Select Domain Name -
EOF;
                // Create Index from array of $domain
                for($i=0;$domains[$i];$i++){
                    if($domains[$i] == $domain){
                        echo "<option value=\"{$domains[$i]}\" selected>.{$domains[$i]}\n";
                    }else{
                        echo "<option value=\"{$domains[$i]}\">.{$domains[$i]}\n";
                    }
                }
                echo <<<EOF
                </select>
            </td>
        </tr>
    </table>
    <br />
    <input type="submit" value="Register IP Address">
</form>
<br />
EOF;
            }
        }
        mysqli_close($link);
        unlink($tempfile);
    }
    echo <<<EOF
    <hr />
    <a href="./">Return to homepage</a> -
EOF;
echo $org_name."-";

/*************************************************************************************************

    STEP 2. STEP 3.
    When 4 data are sent by POST, display confirmation panel.
    If $confirm == YES, create templary file and send a mail.

***************************************************************************************************/
}elseif($username && $mailaddress && $subdomain && $domain && $password && !$flag_illegal){
    if($confirm == "YES"){
        echo <<<EOF
<h2>STEP 3 : Sending E-mail</h2>
EOF;
    }else{
        echo <<<EOF
<h2>STEP 2 : Confirm Data to send</h2>
EOF;
    }
    echo <<<EOF
<table border=1>
    <tr>
        <td>User ID</td>
        <td>
            $username
        </td>
    </tr>
    <tr>
        <td>E-mail address</td>
        <td>
            $mailaddress
        </td>
    </tr>
    <tr>
        <td>Hostname</td>
        <td>
            $subdomain.$domain
        </td>
    </tr>
</table>

EOF;
    if($confirm == "YES"){
        include "rand_str.php";
        $random = rand_str(40,'all');
        $tempfile = "./temporary/$random";
        touch($tempfile);
        $dat = <<<EOF
username,$username,
mailaddress,$mailaddress,
subdomain,$subdomain,
domain,$domain,
EOF;
        $fp = fopen($tempfile,"w");
        fputs($fp,$dat);
        fclose($fp);

        $body = "Pre-registration completed!\r\n";
        $body = $body."Proceed to Registration\r\n";
        $body = $body.$site_url.$_SERVER['SCRIPT_NAME']."?temp=".$random;

        $body = mb_convert_encoding($body,"JIS");
        $subject = mb_convert_encoding("Subject: ".$org_name." DDNS Hostname pre-registration notice","JIS");

                $msg_ng="<br />Sending mail failure<br />Please contact to administrator<br />".$adm_mail;
                $msg_ok="<br />Pre-registration notice has been sent to your email address<br />Please proceed registration from an url in the email";
                $msg=$msg_ng;

        $sock = fsockopen("localhost",25);
        fputs($sock,"HELO ".$mail_srv."\r\n");
        $result = fgets($sock,128);
        if(preg_match("(^220)",$result)){
            fputs($sock,"MAIL FROM:<".$adm_mail.">\r\n");
            $result = fgets($sock,128);
            if(preg_match("(^250)",$result)){
                fputs($sock,"RCPT TO:<$mailaddress>\r\n");
                $result = fgets($sock,128);
                if(preg_match("(^250)",$result)){
                    fputs($sock,"DATA\r\n");
                    $result = fgets($sock,128);
                    if(preg_match("(^250)",$result)){
                        fputs($sock,"$subject\r\n");
                        fputs($sock,"$body\r\n");
                        $result = fputs($sock,".\r\n");
                        if($result){
                            $msg=$msg_ok;
                        }
                    }
                }
            }
        }
        echo $msg;
        fclose($sock);

// STEP 2.

    }else{

        $link = mysqli_connect($db_host , $db_user , $db_pass , $db_name);
        if (mysqli_connect_errno() > 0) {
          die("DB Connection error: " . mysqli_connect_error());
        }
        $hostname =$subdomain.".".$domain;
        $sql = sprintf("SELECT * FROM hostdata WHERE hostname='%s'",
            mysqli_real_escape_string($link,$hostname));
        $rs = mysqli_query($link,$sql);
        $item = mysqli_fetch_array($rs);
        mysqli_close($link);

        if($item){
            echo "Sorry,<br />";
            echo "<font color=\"red\">The hostname is already registered.</font><hr />";
            echo "<a href=\"./\">Return to homepage</a> -".$org_name."-";
            die();

        }else{

            echo <<<EOF
<br />
Click on "Confirm", if those informatin are correct.<br />
<br />
<form action="{$_SERVER['SCRIPT_NAME']}" method="post">\n
    <input type="hidden" name="username" value="$username">
    <input type="hidden" name="password" value="$password">
    <input type="hidden" name="mailaddress" value="$mailaddress">
    <input type="hidden" name="subdomain" value="$subdomain">
    <input type="hidden" name="domain" value="$domain">
    <input type="hidden" name="confirm" value="YES">
    <input type="submit" value="Confirm to Send an E-mail">
</form>
<hr />
<a href="./">Return to homepage</a> -
EOF;
echo $org_name."-";
        }
    }

/*************************************************************************************************

    STEP 1.
    If there is no data for sending, show input form.

***************************************************************************************************/
}else{
    echo "<h2>STEP 1 : Input Data</h2>";
    if($username || $mailaddress || $subdomain || $password){
        if(!$username){
            $msg .= "User ID is missing.<br />";
        }
        if(!$password){
            $msg .= "Password is missing<br />";
        }
        if($flag_illegal_logindata){
            $msg .= "The User ID or Password is not correct.<br />";
        }
        if(!$mailaddress){
            $msg .= "E-mail address is missing.<br />";
        }
        if($flag_mailaddress_not_match){
            $msg .= "The E-mail address is not registered.<br />";
        }
        if(!$subdomain){
            if($flag_invalid_subdomain){
                $msg .= "The sub-domain is unavailable. Please chose another.<br />";
            }else{
                $msg .= "Sub-domain is missing.<br />";
            }
        }
        if($flag_illegal_subdomain){
            $msg .= "The Sub-domain is invalid. Not less than 2 characters,1st character shall be alphabet.<br />";
        }
        if($flag_illegal_domain){
            $msg .= "The Domain name is invalid. Please chose form the select box.<br />";
        }
    }

    echo "<font color=\"red\">$msg</font>";

    echo <<<EOF
<form action="{$_SERVER['SCRIPT_NAME']}" method="post">
    <table border=0>
        <tr>
            <td>User ID</td><td>:</td>
            <td>
                <input type="text" name="username" size=20 maxlength=20 value="$username">
            </td>
        </tr>
        <tr>
            <td>Password</td><td>:</td>
            <td>
                <input type="password" name="password" size=20 maxlength=20>
            </td>
        </tr>
        <tr>
            <td>E-mail address</td><td>:</td>
            <td>
                <input type="text" name="mailaddress" size=40 maxlength=100 value="$mailaddress">
            </td>
        </tr>
        <tr>
            <td>Hostname</td><td>:</td>
            <td>
                <input type="text" name="subdomain" size=20 maxlength=20 value="$subdomain">
                <select name="domain">
                    <option value="">- Select Domain Name -
EOF;
    for($i=0;$domains[$i];$i++){
        if($domains[$i] == $domain){
            echo "<option value=\"{$domains[$i]}\" selected>.{$domains[$i]}\n";
        }else{
            echo "<option value=\"{$domains[$i]}\">.{$domains[$i]}\n";
        }
    }
    echo <<<EOF
                </select>
            </td>
        </tr>
    </table>
    <br />
    <input type="submit" value="Register Hostname">
</form>
<hr />
<a href="./">Return to homepage</a> -
EOF;
echo $org_name."-";

}

echo <<<EOF
</BODY>
</HTML>
EOF;

?>