<?php
/*************************************************************************************************

    deletedomain.php
    Delete DDNS domain record

        2013.07.27 Ver.1.0 Masashi.org
        2019.10.04 Ver.1.1 Masashi.org (mysqli etc)

***************************************************************************************************/
include "ddnscommon.php";

//
include "del_nday_file.php";
if(
del_nday_file(1)){die();}
//
/**** Settings ****/
/* List of Domain names */
$link mysqli_connect($db_host $db_user $db_pass $db_name);
if (
mysqli_connect_errno() > 0) {
  die(
"DB Connection error: " mysqli_connect_error());
}
$sql "SELECT domain FROM domain";
$rs mysqli_query($link,$sql);
$ct mysqli_num_rows($rs);
for(
$i=0;$i<$ct;$i++){
        
$row mysqli_fetch_row($rs);
        
$domains[$i] = $row[0];
}

mysqli_close($link);

/**** Initialize POST data into array ****/
$array = array("username","password","domain","confirm");
$sizeofarray sizeof($array);
for(
$i=0;$i<$sizeofarray;$i++){
    $
$array[$i] = $_POST["{$array[$i]}"];
}

/******************************  Output HTML headers  **********************************************/
include "ddnsheader.php";
echo<<<EOH
<TITLE>Delete Domain Name for DDNS -{$org_name}-</TITLE>
</HEAD>
EOH;

echo<<<EOH
<BODY>
<h1>Delete Domain Name for DDNS</h1>
<br />
EOH;

/*************************************************************************************************

    If there is no POST data, display Input Form.

        If any of them is missing, go to input form.
        If any one of them is sent, warn items missing.
        If IP address is not provided by POST method, get ip address from the remote host address.

***************************************************************************************************/
if(!($username && $password && $domain && $confirm)){
    if(
$username || $password || $domain || $confirm){
        if(!
$username){
            
$msg .= "User ID is missing.<br />";
        }
        if(!
$password){
            
$msg .= "Password is missing.<br />";
        }
        if(!
$domain){
            
$msg .= "Domain name is not selected.<br />";
        }
        if(!
$confirm){
            
$msg .= "Deleting domain is not confirmed.<br />";
        }
        echo 
"<font color=\"red\">$msg</font>";
    }
echo <<<EOF
<form action="{$_SERVER['SCRIPT_NAME']}" method="post">
    <table border=0>
        <tr>
            <td>User ID</td><td>:</td>
            <td>
                <input type="text" name="username" size=20 maxlength=20 value="
$username">
            </td>
        </tr>
        <tr>
            <td>Password</td><td>:</td>
            <td>
                <input type="password" name="password" size=20 maxlength=20>
            </td>
        </tr>
        <tr>
            <td>Domain Name</td><td>:</td>
            <td>
                <select name="domain">
                <option value="">- Select Domain Name -
EOF;
                
// Create Index from array of $domain
                
for($i=0;$domains[$i];$i++){
                    if(
$domains[$i] == $domain){
                        echo 
"<option value=\"{$domains[$i]}\" selected>.{$domains[$i]}\n";
                    }else{
                        echo 
"<option value=\"{$domains[$i]}\">.{$domains[$i]}\n";
                    }
                }

                echo <<<EOF
                </select><input type="checkbox" name="confirm" value="99">(Confirm deleting this domain name.)
            </td>
        </tr>
    </table>
    <br />
    <font color="red">Privilege is required.</font><br />
    <input type="submit" value="Delete Domain Name">
</form>

EOF;

/*************************************************************************************************

    If POST data is ready, process them
       compare with data in the database.

***************************************************************************************************/
}else{

    if(
$username && $confirm && $domain){

        
$link mysqli_connect($db_host $db_user $db_pass $db_name);
        if (
mysqli_connect_errno() > 0) {
          die(
"DB Connection error: " mysqli_connect_error());
        }

        
$sql sprintf("SELECT * FROM hostdata WHERE domain='%s'",
            
mysqli_real_escape_string($link,$domain));
        
$rs mysqli_query($link,$sql);
                
$ct mysqli_num_rows($rs);
                for(
$i=0;$i<$ct;$i++){
                        
$item[$i] = mysqli_fetch_array($rs);
                }

                if(
$item){
            echo 
$domain," has Hostname.\n";

        }else{
            
$sql sprintf("SELECT * FROM domain WHERE domain='%s'",
                
mysqli_real_escape_string($link,$domain));
            
$rs mysqli_query($link,$sql);
            
$item mysqli_fetch_array($rs);

            if(!
$item){
                echo 
"Invalid Domain name\n";

            }else{
                
$pw_md5 md5($password);
                
$sql sprintf("SELECT * FROM userdata WHERE username='%s' AND password='%s'",
                    
mysqli_real_escape_string($link,$username),
                    
mysqli_real_escape_string($link,$pw_md5));
                
$rs mysqli_query($link,$sql);
                
$item mysqli_fetch_array($rs);

                if(!
$item){
                    echo 
"Invalid Username or Password\n";

                }elseif(!
$item['su']){
                    echo 
"No Privilege\n";

                }else{
                    
$sql sprintf("DELETE FROM domain WHERE domain='%s'",
                        
mysqli_real_escape_string($link,$domain));
                    
$rs mysqli_query($link,$sql);
                    echo 
"Domain name \"",$domain,"\" has been deleted.\n";
                }
            }
        }
        
mysqli_close($link);
    }
}

?>
<hr />
<a href="./">Return to homepage</a> -<?php echo $org_name?>-
</BODY>
</HTML>