did accidentally overwrite previous implmeentation of SPF

This one also sets type SPF as well as two records within DNS as of RFC4408
Hop that's okay?

Author: A. Täffner

interface/web/dns/dns_spf_edit.php

@@ -1,7 +1,7 @@
 <?php
 
 /*
-Copyright (c) 2007, Till Brehm, projektfarm Gmbh
+Copyright (c) 2014, Florian Schaal, info@schaal-24.de
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,
@@ -40,10 +40,226 @@
 
 require_once '../../lib/config.inc.php';
 require_once '../../lib/app.inc.php';
-require_once './dns_edit_base.php';
+
+//* Check permissions for module
+$app->auth->check_module_permissions('dns');
 
 // Loading classes
-class page_action extends dns_page_action {
+$app->uses('tpl,tform,tform_actions,validate_dns');
+$app->load('tform_actions');
+
+class page_action extends tform_actions {
+
+	function onShowNew() {
+		global $app, $conf;
+		// we will check only users, not admins
+		if($_SESSION["s"]["user"]["typ"] == 'user') {
+
+			// Get the limits of the client
+			$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
+			$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
+
+			// Check if the user may add another mailbox.
+			if($client["limit_dns_record"] >= 0) {
+				$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
+				if($tmp["number"] >= $client["limit_dns_record"]) {
+					$app->error($app->tform->wordbook["limit_dns_record_txt"]);
+				}
+			}
+		}
+
+		parent::onShowNew();
+	}
+
+	function onShowEnd() {
+		global $app, $conf;
+
+		$zone = $app->functions->intval($_GET['zone']);
+
+		//* check for an existing spf-record
+		$sql = "SELECT data, active FROM dns_rr WHERE data LIKE 'v=spf1%' AND zone = ? AND " . $app->tform->getAuthSQL('r');
+		$rec = $app->db->queryOneRecord($sql, $zone);
+		if ( isset($rec) && !empty($rec) ) {
+			$this->id = 1;
+			$old_data = strtolower($rec['data']);
+
+			$app->tpl->setVar("data", $old_data);
+			if ($rec['active'] == 'Y') $app->tpl->setVar("active", "CHECKED"); else $app->tpl->setVar("active", "UNCHECKED");
+
+			$spf_hostname = '';
+			$spf_ip = '';
+			$spf_domain = '';
+			$spf_mechanism = '';
+
+			// browse through data
+			$temp = explode(' ', $old_data);
+			foreach ($temp as $part) {
+				if ($part == 'a') $app->tpl->setVar("spf_a_active", "CHECKED");
+				if ($part == 'mx') $app->tpl->setVar("spf_mx_active", "CHECKED");
+	    		if (preg_match("/^ip(4|6):/", $part)) $spf_ip .= str_replace(array('ip4:','ip6:'), '', $part) . ' ';
+    			if (preg_match("/^a:/", $part)) $spf_hostname .= str_replace('a:', '', $part) . ' ';
+    			if (preg_match("/^\\??include/", $part)) $spf_domain .= str_replace(array('include:', '?'), '', $part) . ' ';
+			}
+			unset($temp);
+			$spf_ip = rtrim($spf_ip);
+			$spf_hostname = rtrim($spf_hostname);
+			$spf_domain = rtrim($spf_domain);
+			$spf_mechanism = substr($rec['data'], -4, 1);
+		}
+
+		//set html-values
+		$app->tpl->setVar("spf_ip", $spf_ip);
+		$app->tpl->setVar("spf_hostname", $spf_hostname);
+		$app->tpl->setVar("spf_domain", $spf_domain);
+		//create spf-mechanism-list
+		$spf_mechanism_value = array( 
+			'+' => 'spf_mechanism_pass_txt',
+			'-' => 'spf_mechanism_fail_txt',
+			'~' => 'spf_mechanism_softfail_txt',
+			'?' => 'spf_mechanism_neutral_txt'
+		);
+		$spf_mechanism_list='';
+		foreach($spf_mechanism_value as $value => $txt) {
+			$selected = @($spf_mechanism == $value)?' selected':'';
+			$spf_mechanism_list .= "<option value='$value'$selected>".$app->tform->wordbook[$txt]."</option>\r\n";
+		}
+		$app->tpl->setVar('spf_mechanism', $spf_mechanism_list);
+
+		parent::onShowEnd();
+
+	}
+
+	function onSubmit() {
+		global $app, $conf;
+
+
+		// Get the parent soa record of the domain
+		$soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $app->functions->intval($_POST["zone"]));
+
+		// Check if Domain belongs to user
+		if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
+
+		// Check the client limits, if user is not the admin
+		if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
+			// Get the limits of the client
+			$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
+			$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
+
+			// Check if the user may add another mailbox.
+			if($this->id == 0 && $client["limit_dns_record"] >= 0) {
+				$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
+				if($tmp["number"] >= $client["limit_dns_record"]) {
+					$app->error($app->tform->wordbook["limit_dns_record_txt"]);
+				}
+			}
+		} // end if user is not admin
+
+		//create spf-record
+		if (!empty($this->dataRecord['spf_mx'])) {
+			$spf_record[] = 'mx';
+		}
+		if (!empty($this->dataRecord['spf_a'])) {
+			$spf_record[] = 'a';
+		}
+		$spf_ip = trim($this->dataRecord['spf_ip']);
+		if (!empty($spf_ip)) {
+			$rec = split(' ', $spf_ip);
+			foreach ($rec as $ip) {
+				$temp_ip = explode('/', $ip);
+				if (filter_var($temp_ip[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
+					$temp = 'ip4:' . $temp_ip[0];
+					if (isset($temp_ip[1])) $temp .= '/' . $temp_ip[1];
+					$spf_record[] = $temp;
+					unset($temp);
+				}
+				elseif (filter_var($temp_ip[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
+					$temp = 'ip6:' . $temp_ip[0];
+					if (isset($temp_ip[1])) $temp .= '/' . $temp_ip[1];
+					$spf_record[] = $temp;
+					unset($temp);
+				}
+				else { 
+					if (isset($app->tform->errorMessage )) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
+					$app->tform->errorMessage .= $app->tform->wordbook["spf_invalid_ip_txt"]. $temp_ip[0];
+					if (isset( $temp_ip[1])) $app->tform->errorMessage .= "/".$temp_ip[1];
+				}
+			}
+		}
+		$spf_hostname = trim($this->dataRecord['spf_hostname']);
+		if (!empty($spf_hostname)) {
+			$rec = split(' ', $spf_hostname);
+			foreach ($rec as $hostname) { 
+				if (preg_match('/^[a-zA-Z0-9\\.\\-\\*]{0,64}$/', $hostname)) 
+					$spf_record[] = 'a:' . $hostname;
+				else {
+					if (isset($app->tform->errorMessage )) $app->tform->errorMessage .= '<br/>' . $app->tform->wordbook["spf_invalid_hostname_txt"]. $hostname;
+					$app->tform->errorMessage .= $app->tform->wordbook["spf_invalid_hostname_txt"]. $hostname;
+				}
+			}
+			unset($rec);
+		}
+		$spf_domain = trim($this->dataRecord['spf_domain']);
+		if (!empty($spf_domain)) {
+			$rec = split(' ', $spf_domain);
+			foreach ($rec as $domain) {
+				if (preg_match('/^[_a-zA-Z0-9\\.\\-\\*]{0,64}$/', $domain))
+					$spf_record[] = 'include:' . $domain;
+				else {
+					if (isset($app->tform->errorMessage )) $app->tform->errorMessage .= '<br/>' . $app->tform->wordbook["spf_invalid_domain_txt"]. $domain;
+					$app->tform->errorMessage .= $app->tform->wordbook["spf_invalid_domain_txt"]. $domain;
+				}
+			}
+		}
+
+		$temp = implode(' ', $spf_record);unset($spf_record);
+		if (!empty($temp)) 
+			$this->dataRecord['data'] = 'v=spf1 ' . $temp . ' ' . $this->dataRecord['spf_mechanism'] . 'all';
+		else $this->dataRecord['data'] = 'v=spf1 ' . $this->dataRecord['spf_mechanism'] . 'all';
+		unset($temp);
+
+		$this->dataRecord['name'] = $soa['origin'];
+		if (isset($this->dataRecord['active'])) $this->dataRecord['active'] = 'Y';
+		
+		// Set the server ID of the rr record to the same server ID as the parent record.
+		$this->dataRecord["server_id"] = $soa["server_id"];
+
+		// Update the serial number  and timestamp of the RR record
+		$soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ?", $this->id);
+		$this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
+		$this->dataRecord["stamp"] = date('Y-m-d H:i:s');
+
+		// always update an existing entry
+		$check=$app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ? AND type = ? AND data LIKE 'v=spf1%' AND name = ?", $this->dataRecord["zone"], $this->dataRecord["type"], $this->dataRecord['name']);
+		$this->id = $check['id'];
+
+		if (!isset($this->dataRecord['active'])) $this->dataRecord['active'] = 'N';
+
+		parent::onSubmit();
+	}
+
+	function onAfterInsert() {
+		global $app, $conf;
+
+		//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
+		$soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $app->functions->intval($this->dataRecord["zone"]));
+		$app->db->datalogUpdate('dns_rr', array("sys_groupid" => $soa['sys_groupid']), 'id', $this->id);
+
+		//* Update the serial number of the SOA record
+		$soa_id = $app->functions->intval($_POST["zone"]);
+		$serial = $app->validate_dns->increase_serial($soa["serial"]);
+		$app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $soa_id);
+
+	}
+
+	function onAfterUpdate() {
+		global $app, $conf;
+
+		//* Update the serial number of the SOA record
+		$soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $app->functions->intval($this->dataRecord["zone"]));
+		$soa_id = $app->functions->intval($_POST["zone"]);
+		$serial = $app->validate_dns->increase_serial($soa["serial"]);
+		$app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $soa_id);
+	}
 
 }
 

interface/web/dns/form/dns_spf.tform.php

@@ -105,17 +105,21 @@
 		'data' => array (
 			'datatype' => 'VARCHAR',
 			'formtype' => 'TEXT',
-			'validators' => array (  
-				0 => array ( 
-					'type' => 'NOTEMPTY', 
-					'errmsg'=> 'data_error_empty'
-				),
-			),
 			'default' => '',
 			'value'  => '',
 			'width'  => '30',
 			'maxlength' => '255'
 		),
+		/*
+		'aux' => array (
+			'datatype'	=> 'INTEGER',
+			'formtype'	=> 'TEXT',
+			'default'	=> '0',
+			'value'		=> '',
+			'width'		=> '10',
+			'maxlength'	=> '10'
+		),
+		*/
 		'ttl' => array (
 			'datatype' => 'INTEGER',
 			'formtype' => 'TEXT',
@@ -132,7 +136,6 @@
 			'datatype' => 'VARCHAR',
 			'formtype' => 'CHECKBOX',
 			'default' => 'Y',
-			'value'  => array(0 => 'N', 1 => 'Y')
 		),
 		'stamp' => array (
 			'datatype' => 'VARCHAR',
@@ -151,15 +154,11 @@
 			'maxlength' => '10'
 		),
 		//#################################
-		// ENDE Datatable fields
+		// End Datatable fields
 		//#################################
 	)
 );
 
-if($_SESSION["s"]["user"]["typ"] == 'admin') {
-	unset($form["tabs"]['dns']['fields']['data']['validators']);
-	$form["tabs"]['dns']['fields']['data']['validators'][0]['type'] = 'NOTEMPTY';
-	$form["tabs"]['dns']['fields']['data']['validators'][0]['errmsg'] = 'data_error_empty';
-	$form["tabs"]['dns']['fields']['data']['maxlength'] = 512;
-}
+
+
 ?>

interface/web/dns/lib/lang/de_dns_spf.lng

@@ -1,17 +1,28 @@
+
+
 <?php
-$wb['server_id_txt'] = 'Server';
-$wb['zone_txt'] = 'Zone';
-$wb['name_txt'] = 'Hostname';
-$wb['type_txt'] = 'Typ';
-$wb['data_txt'] = 'Daten';
+$wb['data_txt'] = 'SPF Record';
+$wb['spf_mechanism_txt'] = 'SPF Mechanismus';
+$wb['spf_mechanism_pass_txt'] = 'Pass - Mails von anderen Sendern zulassen';
+$wb['spf_mechanism_fail_txt'] = 'Fail - Mails von anderen Sendern abweisen';
+$wb['spf_mechanism_softfail_txt'] = 'SoftFail - Mails von anderen Sendern zulassen aber markieren';
+$wb['spf_mechanism_neutral_txt'] = 'Neutral - nichts unternehmen';
+$wb['spf_mx_txt'] = 'Von allen MX-Servern dürfen Mails für diese Domain verschicken';
+$wb['spf_a_txt'] = 'Von allen eingetragenen IP-Adressen dürfen Mails für diese Domain verschickt werden';
+$wb['spf_ip_txt'] = '(Zusätzliche) IP-Adressen im CIDR Format, die Mails für diese Domain verschicken dürfen';
+$wb['spf_ip_note_txt'] = '(mehrere IPs mit Leerzeichen trennen)';
+$wb['spf_invalid_ip_txt'] = 'Ungültige IP-Adresse';
+$wb['spf_hostname_txt'] = '(Zusätzliche) Hostnamen, die für diese Domain Mails verschicken dürfen oder als Relay arbeiten.';
+$wb['spf_hostname_note_txt'] = '(mehrere Hostnamen mit Leerzeichen trennen)';
+$wb['spf_invalid_hostname_txt'] = 'Ungültiger Hostname';
+$wb['spf_domain_txt'] = 'Zusätzliche Domains, die Mails verschicken dürfen oder als Relay arbeiten';
+$wb['spf_domain_note_txt'] = '(mehrerer Domains mit Leerzeichen trennen)';
+$wb['spf_invalid_domain_txt'] = 'Ungültiger Domainname';
 $wb['ttl_txt'] = 'TTL';
 $wb['active_txt'] = 'Aktiv';
+$wb["record_exists_txt"] = 'DNS-Eintrag existiert bereits';
+$wb['ttl_range_error'] = 'Min. TTL time ist 60 Sekunden.';
 $wb['limit_dns_record_txt'] = 'Die maximale Anzahl an DNS Einträgen für Ihr Konto wurde erreicht.';
 $wb['no_zone_perm'] = 'Sie haben nicht die Berechtigung, einen Eintrag zu dieser DNS Zone hinzuzufügen.';
-$wb['name_error_empty'] = 'Der Hostname ist leer.';
-$wb['name_error_regex'] = 'Der Hostname hat das falsche Format.';
-$wb['data_error_empty'] = 'Text ist leer';
-$wb['data_error_regex'] = 'Textformat ungültig';
-$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
-$wb['info_txt'] = 'Im Nameserver wird zusätzlich ein identischer TXT-Record angelegt. Ihnen wird jedoch nur der SPF-Record angezeigt und auch nur ein Record berechnet.';
 ?>
+

interface/web/dns/lib/lang/en_dns_spf.lng

@@ -1,17 +1,28 @@
+
+
 <?php
-$wb["server_id_txt"] = 'Server';
-$wb["zone_txt"] = 'Zone';
-$wb["name_txt"] = 'Hostname';
-$wb["type_txt"] = 'type';
-$wb["data_txt"] = 'Daten';
+$wb['data_txt'] = 'SPF-Record';
+$wb['spf_mechanism_txt'] = 'SPF Mechanism';
+$wb['spf_mechanism_pass_txt'] = 'Pass - allow mail from other senders';
+$wb['spf_mechanism_fail_txt'] = 'Fail - reject mail from other senders';
+$wb['spf_mechanism_softfail_txt'] = 'SoftFail - allow mail from other senders but mark the email';
+$wb['spf_mechanism_neutral_txt'] = 'Neutral - do nothing';
+$wb['spf_mx_txt'] = 'Allow servers listed as MX to send email for this domain';
+$wb['spf_a_txt'] = 'Allow current IP address of the domain to send email for this domain';
+$wb['spf_ip_txt'] = 'Additional IP addresses in CIDR format that deliver or relay mail for this domain';
+$wb['spf_ip_note_txt'] = '(Sepearate IPs with whitespaces)';
+$wb['spf_invalid_ip_txt'] = 'Invalid IP-address';
+$wb['spf_hostname_txt'] = 'Any other server hostname that may deliver or relay mail for this domain';
+$wb['spf_hostname_note_txt'] = '(Sepearate hostnames with whitespaces)';
+$wb['spf_invalid_hostname_txt'] = 'Invalid hostname';
+$wb['spf_domain_txt'] = 'Any domains that may deliver or relay mail for this domain';
+$wb['spf_domain_note_txt'] = '(Sepearate domains with whitespaces)';
+$wb['spf_invalid_domain_txt'] = 'Invalid domainname';
 $wb["ttl_txt"] = 'TTL';
 $wb["active_txt"] = 'Active';
+$wb["record_exists_txt"] = 'DNS-Record already exists';
 $wb["limit_dns_record_txt"] = 'The max. number of DNS records for your account is reached.';
 $wb["no_zone_perm"] = 'You do not have the permission to add a record to this DNS zone.';
-$wb["name_error_empty"] = 'The hostname is empty.';
-$wb["name_error_regex"] = 'The hostname has the wrong format.';
-$wb["data_error_empty"] = 'Text empty';
-$wb["data_error_regex"] = 'Text format invalid';
 $wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
-$wb['info_txt'] = 'This will also create an identic TXT record within the nameserver. You will only see the SPF record and you will also only be charged for one record.';
 ?>
+