diff --git a/css/styles.css b/css/styles.css index d52a9f3..95cef57 100644 --- a/css/styles.css +++ b/css/styles.css @@ -99,6 +99,18 @@ a:hover { form { text-align: center; } +.error-messages { + background-color: #ffdddd; + border: 1px solid #ff0000; + color: #ff0000; + margin: 10px 0; + padding: 10px; + border-radius: 5px; +} + +.error-messages p { + margin: 5px 0; +} /* Aligning form inputs to the left */ form input[type="text"], diff --git a/includes/dns_cron.php b/includes/dns_cron.php index 7186452..7d5ade4 100644 --- a/includes/dns_cron.php +++ b/includes/dns_cron.php @@ -81,7 +81,7 @@ fclose($logFile); // Git commit and push if there are changes if ($changes) { -// exec('git add .'); -// exec('git commit -m "Updated DNS files"'); -// exec('git push origin master'); + exec('git add .'); + exec('git commit -m "Updated DNS files"'); + exec('git push origin master'); } \ No newline at end of file diff --git a/includes/domain_register.php b/includes/domain_register.php index 6686b0c..815d0e1 100644 --- a/includes/domain_register.php +++ b/includes/domain_register.php @@ -3,9 +3,35 @@ require_once 'initdb.php'; session_start(); +// Initialize error messages array if not set +if (!isset($_SESSION['error_messages'])) { + $_SESSION['error_messages'] = []; +} + +// Session timeout logic +$timeout = 1800; // 30 minutes in seconds +if (isset($_SESSION['last_activity']) && (time() - $_SESSION['last_activity'] > $timeout)) { + // Last request was more than 30 minutes ago + session_unset(); // Unset $_SESSION variable + session_destroy(); // Destroy session data + header("Location: /?page=login"); // Redirect to login page + exit; +} + +$_SESSION['last_activity'] = time(); // Update last activity time + +// Check if user IP or user agent has changed +if ((isset($_SESSION['user_ip']) && $_SESSION['user_ip'] !== $_SERVER['REMOTE_ADDR']) || + (isset($_SESSION['user_agent']) && $_SESSION['user_agent'] !== $_SERVER['HTTP_USER_AGENT'])) { + session_unset(); + session_destroy(); + header("Location: /?page=login"); + exit; +} + // Redirect to login if not logged in if (!isset($_SESSION['username'])) { - header("Location: https://tildenic.org/?page=login"); + header("Location: /?page=login"); exit; } @@ -14,22 +40,41 @@ $restrictedDomains = ['master.tilde', 'nic.tilde', 'tilde.tilde']; // Add more a // Function to register domain function registerDomain($domain, $userId, $pdo, $restrictedDomains) { + // Ensure '.tilde' is appended only once + if (!str_ends_with($domain, '.tilde')) { + $domain .= '.tilde'; + } + + // Debug: Output the full domain name +// echo "Attempting to register domain: " . htmlspecialchars($domain) . "
"; + + // Validate domain format (excluding the '.tilde' part) + $domainNameWithoutSuffix = str_replace('.tilde', '', $domain); + if (!preg_match('/^[a-zA-Z0-9\-]+$/', $domainNameWithoutSuffix)) { +// echo "Error: Invalid domain format detected.
"; // Debug message + return "Error: Invalid domain format. Only letters, numbers, and hyphens are allowed."; + } + if (in_array($domain, $restrictedDomains)) { +// echo "Error: Domain is restricted.
"; // Debug message return "Error: The domain '$domain' cannot be registered."; } try { $stmt = $pdo->prepare("INSERT INTO domains (user_id, domain_name) VALUES (?, ?)"); $stmt->execute([$userId, $domain]); + // echo "Domain registered successfully.
"; // Debug message return "Domain registered successfully: " . htmlspecialchars($domain); } catch (PDOException $e) { + // echo "Database error occurred.
"; // Debug message if ($e->getCode() == 23000) { - return "Error: The domain '$domain' is already registered."; - } else { - return "Error: An error occurred while registering the domain."; - } - } + return"Error: The domain '$domain' is already registered."; +} else { +return "Error: An error occurred while registering the domain."; } +} +} + // Function to get user ID function getUserId($username, $pdo) { diff --git a/includes/login.php b/includes/login.php index 26aad04..a242a47 100644 --- a/includes/login.php +++ b/includes/login.php @@ -1,6 +1,5 @@ $timeout)) { + // last request was more than 30 minutes ago + session_unset(); // unset $_SESSION variable + session_destroy(); // destroy session data + header("Location: /?page=login"); // redirect to login page + exit; +} + +$_SESSION['last_activity'] = time(); // update last activity time + +// Check if user IP or user agent has changed +if (isset($_SESSION['user_ip']) && $_SESSION['user_ip'] !== $_SERVER['REMOTE_ADDR'] || + isset($_SESSION['user_agent']) && $_SESSION['user_agent'] !== $_SERVER['HTTP_USER_AGENT']) { + session_unset(); + session_destroy(); + header("Location: /?page=login"); + exit; +} + ?> @@ -50,4 +78,4 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])) {

- + \ No newline at end of file diff --git a/includes/main.php b/includes/main.php index 4db3fb9..bdea4e6 100644 --- a/includes/main.php +++ b/includes/main.php @@ -1,143 +1,133 @@ - 'Quebec, Canada', // Replace with actual locations - 'ns2' => 'Frankfurt, Germany', - 'ns3' => 'Sydney, Australia', - // Add more as needed - ]; - - if (file_exists($masterFile)) { - $content = file_get_contents($masterFile); - // Regex to match A records (IPv4) - preg_match_all('/(\S+)\s+IN\s+A\s+(\S+)/', $content, $aMatches); - // Regex to match AAAA records (IPv6) - preg_match_all('/(\S+)\s+IN\s+AAAA\s+(\S+)/', $content, $aaaaMatches); - - $ipv4Records = array_combine($aMatches[1], $aMatches[2]); - $ipv6Records = array_combine($aaaaMatches[1], $aaaaMatches[2]); - - foreach ($nsFilter as $nsName) { - $ipv4 = isset($ipv4Records[$nsName]) ? $ipv4Records[$nsName] : 'IPv4 not found'; - $ipv6 = isset($ipv6Records[$nsName]) ? $ipv6Records[$nsName] : 'IPv6 not found'; - $geographicalArea = isset($nsGeographicalAreas[$nsName]) ? $nsGeographicalAreas[$nsName] : 'Unknown Location'; - - $servers[] = [ - 'hostname' => $nsName, - 'ipv4' => $ipv4, - 'ipv6' => $ipv6, - 'location' => $geographicalArea - ]; - } - } - - return $servers; -} - -$dnsServers = getDnsServersInfo(); - -// Function to check server status -//function checkServerStatus($server) { - // Ping command varies depending on the operating system - // This is an example for a Unix-like system -// $output = []; -// $status = null; -// exec("ping -c 1 -W 5000 " . escapeshellarg($server), $output, $status); -// -// return $status === 0 ? "Online" : "Offline"; -//} -function checkServerStatus($server) { - $port = 53; // DNS port, change if necessary - $timeout = 10; // Timeout in seconds - - $fp = @fsockopen($server, $port, $errno, $errstr, $timeout); - - if ($fp) { - fclose($fp); - return "Online"; - } else { - return "Offline"; - } -} -?> - - - - - - |--===TildeNIC ===--| Bringing .tilde to the Tildeverse! - - - -
- -
- -
-

Welcome to TildeNIC

-
-

TildeNIC is where you can request your .tilde top level domain. To do so, you need to first change your DNS over to one of the resolvers we offer, or you can self-host one.

- -

NOTE! None of the servers currently listed are functional. They are old IP addresses. New servers will be online very soon!

-

- OpenNIC Information -

-

- Domains offered by OpenNIC are also able to be resolved using our servers, Such as: -

- Will all resolve using our dns servers. For more information about OpenNIC you can visit http://opennic.org -

-
- -
-

TildeNIC Available DNS Servers

- -
-
- + 'Quebec, Canada', // Replace with actual locations + 'ns2' => 'Frankfurt, Germany', + 'ns3' => 'Sydney, Australia', + // Add more as needed + ]; + + if (file_exists($masterFile)) { + $content = file_get_contents($masterFile); + // Regex to match A records (IPv4) + preg_match_all('/(\S+)\s+IN\s+A\s+(\S+)/', $content, $aMatches); + // Regex to match AAAA records (IPv6) + preg_match_all('/(\S+)\s+IN\s+AAAA\s+(\S+)/', $content, $aaaaMatches); + + $ipv4Records = array_combine($aMatches[1], $aMatches[2]); + $ipv6Records = array_combine($aaaaMatches[1], $aaaaMatches[2]); + + foreach ($nsFilter as $nsName) { + $ipv4 = isset($ipv4Records[$nsName]) ? $ipv4Records[$nsName] : 'IPv4 not found'; + $ipv6 = isset($ipv6Records[$nsName]) ? $ipv6Records[$nsName] : 'IPv6 not found'; + $geographicalArea = isset($nsGeographicalAreas[$nsName]) ? $nsGeographicalAreas[$nsName] : 'Unknown Location'; + + $servers[] = [ + 'hostname' => $nsName, + 'ipv4' => $ipv4, + 'ipv6' => $ipv6, + 'location' => $geographicalArea + ]; + } + } + + return $servers; +} + +$dnsServers = getDnsServersInfo(); + +// Function to check server status +function checkServerStatus($server) { + $port = 53; // DNS port, change if necessary + $timeout = 10; // Timeout in seconds + + $fp = @fsockopen($server, $port, $errno, $errstr, $timeout); + + if ($fp) { + fclose($fp); + return "Online"; + } else { + return "Offline"; + } +} +?> + + + + + + |--===TildeNIC ===--| Bringing .tilde to the Tildeverse! + + + +
+ +
+ +
+

Welcome to TildeNIC

+
+

TildeNIC is where you can request your .tilde top level domain. To do so, you need to first change your DNS over to one of the resolvers we offer, or you can self-host one.

+ +

+ OpenNIC Information +

+

+ Domains offered by OpenNIC are also able to be resolved using our servers, Such as: +

+ Will all resolve using our dns servers. For more information about OpenNIC you can visit http://opennic.org +

+
+ +
+

TildeNIC Available DNS Servers

+ +
+
+ \ No newline at end of file diff --git a/includes/user_domains.php b/includes/user_domains.php index 7feca33..f5d5ca6 100644 --- a/includes/user_domains.php +++ b/includes/user_domains.php @@ -3,9 +3,35 @@ require_once 'initdb.php'; session_start(); +// Initialize error messages array if not set +if (!isset($_SESSION['error_messages'])) { + $_SESSION['error_messages'] = []; +} + +// Session timeout logic +$timeout = 1800; // 30 minutes in seconds +if (isset($_SESSION['last_activity']) && (time() - $_SESSION['last_activity'] > $timeout)) { + // Last request was more than 30 minutes ago + session_unset(); // Unset $_SESSION variable + session_destroy(); // Destroy session data + header("Location: /?page=login"); // Redirect to login page + exit; +} + +$_SESSION['last_activity'] = time(); // Update last activity time + +// Check if user IP or user agent has changed +if ((isset($_SESSION['user_ip']) && $_SESSION['user_ip'] !== $_SERVER['REMOTE_ADDR']) || + (isset($_SESSION['user_agent']) && $_SESSION['user_agent'] !== $_SERVER['HTTP_USER_AGENT'])) { + session_unset(); + session_destroy(); + header("Location: /?page=login"); + exit; +} + // Redirect to login if not logged in if (!isset($_SESSION['username'])) { - header("Location: https://tildenic.org/?page=login"); + header("Location: /?page=login"); exit; } @@ -24,31 +50,76 @@ function getUserDomains($userId, $pdo) { } // Function to remove a domain -function removeDomain($domainId, $pdo) { +function removeDomain($domainId, $userId, $pdo) { + // First, verify that the domain belongs to the user + $stmt = $pdo->prepare("SELECT COUNT(*) FROM domains WHERE id = ? AND user_id = ?"); + $stmt->execute([$domainId, $userId]); + $count = $stmt->fetchColumn(); + + if ($count == 0) { + // The domain does not belong to the user + return false; + } + + // Proceed with deletion since the domain belongs to the user $stmt = $pdo->prepare("DELETE FROM domains WHERE id = ?"); $stmt->execute([$domainId]); + return true; } + // Function to update domain's IP address -function updateDomainIP($domainId, $ipAddress, $pdo) { - $stmt = $pdo->prepare("UPDATE domains SET ip_address = ? WHERE id = ?"); // Updating ip_address +function updateDomainIP($domainId, $userId, $ipAddress, $pdo) { + // Validate the IP address + if (!filter_var($ipAddress, FILTER_VALIDATE_IP)) { + // The IP address is not valid + return false; + } + + // Verify that the domain belongs to the user + $stmt = $pdo->prepare("SELECT COUNT(*) FROM domains WHERE id = ? AND user_id = ?"); + $stmt->execute([$domainId, $userId]); + $count = $stmt->fetchColumn(); + + if ($count == 0) { + // The domain does not belong to the user + return false; + } + + // Proceed with IP address update since the domain belongs to the user + $stmt = $pdo->prepare("UPDATE domains SET ip_address = ? WHERE id = ?"); $stmt->execute([$ipAddress, $domainId]); + return true; } // Handle domain removal if (isset($_GET['remove'])) { - removeDomain($_GET['remove'], $pdo); - header("Location: https://tildenic.org/?page=user_domains"); - exit; + $userId = getUserId($_SESSION['username'], $pdo); + $domainId = $_GET['remove']; + + $result = removeDomain($domainId, $userId, $pdo); + if ($result !== true) { + $_SESSION['error_messages'][] = "Error: You do not have permission to delete this domain."; + } else { + header("Location: https://tildenic.org/?page=user_domains"); + exit; + } } + // Handle IP address update if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['update_ip'])) { $domainId = $_POST['domain_id']; + $userId = getUserId($_SESSION['username'], $pdo); $ipAddress = $_POST['ip_address']; - updateDomainIP($domainId, $ipAddress, $pdo); - header("Location: https://tildenic.org/?page=user_domains"); - exit; + + $result = updateDomainIP($domainId, $userId, $ipAddress, $pdo); + if ($result !== true) { + $_SESSION['error_messages'][] = "Error: Invalid IP address or you do not have permission to update the IP address for this domain."; + } else { + header("Location: https://tildenic.org/?page=user_domains"); + exit; + } } // Handle logout if (isset($_POST['logout'])) { @@ -56,23 +127,62 @@ if (isset($_POST['logout'])) { header("Location: https://tildenic.org/?page=login"); exit; } -// Handle form submission -if ($_SERVER["REQUEST_METHOD"] == "POST") { +// Handle form submission for domain removal +if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['remove_domain'])) { $domainId = $_POST['domain_id']; + $userId = getUserId($_SESSION['username'], $pdo); - if (isset($_POST['update_ip'])) { - // Update IP address - $ipAddress = $_POST['ip_address']; - updateDomainIP($domainId, $ipAddress, $pdo); - } elseif (isset($_POST['remove_domain'])) { - // Remove domain - removeDomain($domainId, $pdo); + if (!removeDomain($domainId, $userId, $pdo)) { + $_SESSION['error_messages'][] = "Error: You do not have permission to delete this domain."; + } else { + header("Location: https://tildenic.org/?page=user_domains"); + exit; } +} +// Redirect to the user domains page after processing the form +if ($_SERVER["REQUEST_METHOD"] == "POST") { header("Location: https://tildenic.org/?page=user_domains"); exit; } +// Function to validate and update IP addresses for a user's domains +function validateAndUpdateIPs($userId, $pdo) { + // Fetch all domains for the user + $stmt = $pdo->prepare("SELECT id, ip_address FROM domains WHERE user_id = ?"); + $stmt->execute([$userId]); + $domains = $stmt->fetchAll(); + + $invalidIPs = []; + + foreach ($domains as $domain) { + $domainId = $domain['id']; + $ipAddress = $domain['ip_address']; + + // Check if the IP address is valid + if (!empty($ipAddress) && !filter_var($ipAddress, FILTER_VALIDATE_IP)) { + // IP address is invalid, update the domain to remove the IP address + $updateStmt = $pdo->prepare("UPDATE domains SET ip_address = NULL WHERE id = ?"); + $updateStmt->execute([$domainId]); + + // Add to the list of domains with invalid IPs + $invalidIPs[] = $domainId; + } + } + + return $invalidIPs; +} + + +// When the user accesses their domain management page +$userId = getUserId($_SESSION['username'], $pdo); +$invalidIPDomains = validateAndUpdateIPs($userId, $pdo); + +if (!empty($invalidIPDomains)) { + // Inform the user that some IP addresses were invalid and have been removed + echo "Invalid IP addresses were found and removed from the following domains: " . implode(", ", $invalidIPDomains) . ". Please update them."; +} + $userId = getUserId($_SESSION['username'], $pdo); $domains = getUserDomains($userId, $pdo); ?> @@ -99,6 +209,15 @@ $domains = getUserDomains($userId, $pdo); + + +
+ +

+ + +
+

Your Domains