@ -55,7 +55,8 @@ if (isset($_POST["record"]) && !empty($_POST["record"])) {
@@ -55,7 +55,8 @@ if (isset($_POST["record"]) && !empty($_POST["record"])) {
} else {
if (isset($parsed["commands"]["action"])) {
/* Check if such domain name already registered */
$STH = $pdo->query("SELECT COUNT(*) FROM `hosts` WHERE `host` = '" . $domain . "' LIMIT 1");
$STH = $pdo->prepare('SELECT COUNT(*) FROM `hosts` WHERE `host` = ? LIMIT 1');
$STH->execute([$domain]);
switch ($parsed["commands"]["action"]) {
case 'addsubdomain':
@ -75,18 +76,21 @@ if (isset($_POST["record"]) && !empty($_POST["record"])) {
@@ -75,18 +76,21 @@ if (isset($_POST["record"]) && !empty($_POST["record"])) {
if ((sizeof ($darr) - 1) != $i) $dtop .= ".";
}
$STH = $pdo->prepare('SELECT COUNT(*) FROM `hosts` WHERE `host` = ? AND `base64` = ? LIMIT 1');
if (sizeof($darr) < 3 ) {
$result["error"] = "Error while validating: you can't register second level domain (example.i2p) using addsubdomain action.";
} else if ($dtop != $parsed["commands"]["oldname"]) {
$result["error"] = "Error while validating: oldname value is not same as your higher level domain.";
} else if (!$pdo->query("SELECT COUNT(*) FROM `hosts` WHERE `host` = '" . $parsed["commands"]["oldname"] . "' AND `base64` = '" . $parsed["commands"]["olddest"] . "' LIMIT 1") ->fetchColumn()) {
} else if (!$STH->execute([$parsed["commands"]["oldname"], $parsed["commands"]["olddest"]]) || !$STH ->fetchColumn()) {
$result["error"] = "Error while validating: can't find higher level domain with values from oldname and olddest.";
} else {
$base32 = $util->b32from64($parsed["b64"]);
if (!$pdo->exec("INSERT INTO `hosts` (`host`, `base64`, `base32`) VALUES ('" . $domain . "', '" . $parsed["b64"] . "', '" . $base32 . "')")) {
if (!$pdo->prepare('INSERT INTO `hosts` (`host`, `base64`, `base32`) VALUES (?, ?, ?)')->execute([$domain, $parsed["b64"], $base32])) {
$result["error"] = "Error happened while inserting record to database. Please try again later.";
} else {
@ -107,12 +111,15 @@ if (isset($_POST["record"]) && !empty($_POST["record"])) {
@@ -107,12 +111,15 @@ if (isset($_POST["record"]) && !empty($_POST["record"])) {
$result["error"] = "Error while validating: required fields not found. Re-check your registration string.";
} else {
if (!$pdo->query("SELECT COUNT(*) FROM `hosts` WHERE `host` = '" . $domain . "' AND `base64` = '" . $parsed["commands"]["olddest"] . "' LIMIT 1")->fetchColumn()) {
$STH = $pdo->prepare('SELECT COUNT(*) FROM `hosts` WHERE `host` = ? AND `base64` = ? LIMIT 1');
if (!$STH->execute([$domain, $parsed["commands"]["olddest"]]) || !$STH->fetchColumn()) {
$result["error"] = "Error while validating: old base64 and value in olddest field does not match..";
} else {
$base32 = $util->b32from64($parsed["b64"]);
if (!$pdo->exec("UPDATE `hosts` SET `base64` = '" . $parsed["b64"] . "', `base32` = '" . $base32 . "' WHERE `host` = '" . $domain . "'")) {
if (!$pdo->prepare('UPDATE `hosts` SET `base64` = ?, `base32` = ? WHERE `host` = ?')->execute([$parsed["b64"], $base32, $domain])) {
$result["error"] = "Error happened while updating record in database. Please try again later.";
} else {
@ -143,12 +150,15 @@ if (isset($_POST["record"]) && !empty($_POST["record"])) {
@@ -143,12 +150,15 @@ if (isset($_POST["record"]) && !empty($_POST["record"])) {
$olddomain = $parsed["commands"]["oldname"];
}
if (!$pdo->query("SELECT COUNT(*) FROM `hosts` WHERE `host` = '" . $olddomain . "' AND `base64` = '" . parsed["b64"] . "' LIMIT 1")->fetchColumn()) {
$STH = $pdo->prepare('SELECT COUNT(*) FROM `hosts` WHERE `host` = ? AND `base64` = ? LIMIT 1');
if (!$STH->execute([$olddomain, parsed["b64"]]) || !$STH->fetchColumn()) {
$result["error"] = "Error while validating: base64 does not match for domain in oldname field...";
} else {
$base32 = $util->b32from64($parsed["b64"]);
if (!$pdo->exec("INSERT INTO `hosts` (`host`, `base64`, `base32`) VALUES ('" . $domain . "', '" . $parsed["b64"] . "', '" . $base32 . "')")) {
if (!$pdo->prepare('INSERT INTO `hosts` (`host`, `base64`, `base32`) VALUES (?, ?, ?)')->execute([$domain, $parsed["b64"], $base32])) {
$result["error"] = "Error happened while updating record in database. Please try again later.";
} else {
@ -167,7 +177,8 @@ if (isset($_POST["record"]) && !empty($_POST["record"])) {
@@ -167,7 +177,8 @@ if (isset($_POST["record"]) && !empty($_POST["record"])) {
} else {
/* Check if such domain name already registered */
$STH = $pdo->query("SELECT `host`, `base32`, `base64`, `initial`, `disabled` FROM `hosts` WHERE `host` = '" . $domain . "' LIMIT 1");
$STH = $pdo->prepare('SELECT `host`, `base32`, `base64`, `initial`, `disabled` FROM `hosts` WHERE `host` = ? LIMIT 1');
$STH->execute([$domain]);
$row = $STH->fetch(PDO::FETCH_ASSOC);
if($row & & !$row['disabled']) {
@ -189,7 +200,8 @@ if (isset($_POST["record"]) && !empty($_POST["record"])) {
@@ -189,7 +200,8 @@ if (isset($_POST["record"]) && !empty($_POST["record"])) {
$log = "[" . date("d-M-Y H:i:s e") . "] Re-registering attempt for " . $row['host'] . "! Next records will be deleted:" . PHP_EOL;
/* print all records, which will be deleted*/
$STH = $pdo->query("SELECT `host`, `base32`, `base64` FROM `hosts` WHERE `host` = '" . $domain . "' OR `host` LIKE '%." . $domain . "'");
$STH = $pdo->prepare('SELECT `host`, `base32`, `base64` FROM `hosts` WHERE `host` = ? OR `host` LIKE ?');
$STH->execute(['%'.$domain, '%'.$domain]);
$hosts = $STH->fetchAll(PDO::FETCH_ASSOC);
foreach ($hosts as $host) {
$log .= "Host: " . $host['host'] . PHP_EOL . "Base32: " . $host['base32'] . PHP_EOL . "Base64: " . $host['base64'] . PHP_EOL;
@ -198,14 +210,14 @@ if (isset($_POST["record"]) && !empty($_POST["record"])) {
@@ -198,14 +210,14 @@ if (isset($_POST["record"]) && !empty($_POST["record"])) {
file_put_contents(__DIR__ . '/../logs/reg.log', $log, FILE_APPEND);
/* remove domain and subdomains if any found */
$pdo->exec("DELETE FROM `hosts` WHERE `host` = '" . $domain . "' OR `host` LIKE '%." . $domain . "'" );
$pdo->prepare('DELETE FROM `hosts` WHERE `host` = ? OR `host` LIKE %?')->execute(['%'.$domain, '%'.$domain] );
$result["reregister"] = true;
}
$base32 = $util->b32from64($parsed["b64"]);
/* Adding to database 2LD domain */
if (!$pdo->exec("INSERT INTO `hosts` (`host`, `base64`, `base32`) VALUES ('" . $domain . "', '" . $parsed["b64"] . "', '" . $base32 . "')" )) {
if (!$pdo->prepare('INSERT INTO `hosts` (`host`, `base64`, `base32`) VALUES (?, ?, ?)')->execute([$domain, $parsed["b64"], $base32] )) {
$result["error"] = "Error happened while inserting record to database. Please try again later.";
} else {