Fixed #58; also other minor bugs removed

getnamingo · Dec 31, 2023 · dd17c0b · dd17c0b
1 parent 0a4afa6
commit dd17c0b
Show file tree

Hide file tree

Showing 8 changed files with 61 additions and 14 deletions.
diff --git a/cp/app/Controllers/DomainsController.php b/cp/app/Controllers/DomainsController.php
@@ -57,8 +57,20 @@ public function checkDomain(Request $request, Response $response)
                         $domain_already_reserved = $this->container->get('db')->selectRow('SELECT id,type FROM reserved_domain_names WHERE name = ? LIMIT 1',[$parts['domain']]);
 
                         if ($domain_already_reserved) {
-                            $this->container->get('flash')->addMessage('info', 'Domain ' . $domainName . ' is not available, as it is ' . $domain_already_reserved['type'] . '!');
-                            return $response->withHeader('Location', '/domain/check')->withStatus(302);
+                            if ($token !== null && $token !== '') {
+                                $allocation_token = $this->container->get('db')->selectValue('SELECT token FROM allocation_tokens WHERE domain_name = ? AND token = ?',[$domainName,$token]);
+
+                                if ($allocation_token) {
+                                    $this->container->get('flash')->addMessage('success', 'Domain ' . $domainName . ' is available!<br />Allocation token valid');
+                                    return $response->withHeader('Location', '/domain/check')->withStatus(302);
+                                } else {
+                                    $this->container->get('flash')->addMessage('error', 'Domain ' . $domainName . ' is not available: Allocation Token mismatch');
+                                    return $response->withHeader('Location', '/domain/check')->withStatus(302);
+                                }
+                            } else {
+                                $this->container->get('flash')->addMessage('info', 'Domain ' . $domainName . ' is not available, as it is ' . $domain_already_reserved['type'] . '!');
+                                return $response->withHeader('Location', '/domain/check')->withStatus(302);
+                            }
                         } else {
                             if ($claim == 1) {
                                 $this->container->get('flash')->addMessage('success', 'Domain ' . $domainName . ' is available!<br />Claim exists.<br />Claim key is: ' . $claim_key);
@@ -108,6 +120,8 @@ public function createDomain(Request $request, Response $response)
 
             $phaseType = $data['phaseType'] ?? 'none';
             $smd = $data['smd'] ?? null;
+
+            $token = $data['token'] ?? null;
 
             $nameservers = !empty($data['nameserver']) ? $data['nameserver'] : null;
             $nameserver_ipv4 = !empty($data['nameserver_ipv4']) ? $data['nameserver_ipv4'] : null;
@@ -259,13 +273,22 @@ public function createDomain(Request $request, Response $response)
             );
 
             if ($domain_already_reserved) {
-                return view($response, 'admin/domains/createDomain.twig', [
-                    'domainName' => $domainName,
-                    'error' => 'Domain name is reserved or restricted',
-                    'registrars' => $registrars,
-                    'registrar' => $registrar,
-                    'launch_phases' => $launch_phases
-                ]);
+                if ($token !== null && $token !== '') {
+                    $allocation_token = $db->selectValue('SELECT token FROM allocation_tokens WHERE domain_name = ? AND token = ?',[$domainName,$token]);
+
+                    if (!$allocation_token) {
+                        $this->container->get('flash')->addMessage('error', 'Domain ' . $domainName . ' is not available: Allocation Token mismatch');
+                        return $response->withHeader('Location', '/domain/create')->withStatus(302);
+                    }
+                } else {    
+                    return view($response, 'admin/domains/createDomain.twig', [
+                        'domainName' => $domainName,
+                        'error' => 'Domain name is reserved or restricted',
+                        'registrars' => $registrars,
+                        'registrar' => $registrar,
+                        'launch_phases' => $launch_phases
+                    ]);
+                }
             }
 
             if ($registrationYears && (($registrationYears < 1) || ($registrationYears > 10))) {
@@ -2347,6 +2370,7 @@ public function requestTransfer(Request $request, Response $response)
             $domain_id = $domain['id'];
             $tldid = $domain['tldid'];
             $registrar_id_domain = $domain['clid'];
+            $token = $data['token'] ?? null;
 
             if (!$domain_id) {
                 $this->container->get('flash')->addMessage('error', 'Domain does not exist in registry');
@@ -2428,6 +2452,15 @@ public function requestTransfer(Request $request, Response $response)
                 return $response->withHeader('Location', '/transfer/request')->withStatus(302);
             }
 
+            if ($token !== null && $token !== '') {
+                $allocation_token = $db->selectValue('SELECT token FROM allocation_tokens WHERE domain_name = ? AND token = ?',[$domainName,$token]);
+
+                if (!$allocation_token) {
+                    $this->container->get('flash')->addMessage('error', 'Domain ' . $domainName . ' can not be transferred: Allocation Token mismatch');
+                    return $response->withHeader('Location', '/transfer/request')->withStatus(302);
+                }
+            }
+
             $domain = $db->selectRow('SELECT id, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate FROM domain WHERE name = ? LIMIT 1',
             [ $domainName ]);
 

diff --git a/cp/bootstrap/helper.php b/cp/bootstrap/helper.php
@@ -300,7 +300,7 @@ function extractDomainAndTLD($urlString) {
     foreach ($testTlds as $testTld) {
         if (str_ends_with($host, "$testTld")) {
             // Handle the test TLD case
-            $tldLength = strlen($testTld) + 1; // +1 for the dot
+            $tldLength = strlen($testTld); // No +1 for the dot
             $hostWithoutTld = substr($host, 0, -$tldLength);
             $hostParts = explode('.', $hostWithoutTld);
             $sld = array_pop($hostParts);

diff --git a/cp/resources/views/admin/domains/createDomain.twig b/cp/resources/views/admin/domains/createDomain.twig
@@ -24,6 +24,7 @@
         <div class="page-body">
           <div class="container-xl">
             <div class="col-12">
+            {% include 'partials/flash.twig' %}
               {% if domainName is defined and crdate is defined %}
                   <div class="alert alert-important alert-success alert-dismissible" role="alert">
                     <div class="d-flex">
@@ -253,6 +254,11 @@
                             </div>
                             {% endif %}
 
+                           <div class="mb-3">
+                             <label for="token" class="form-label">{{ __('Allocation Token') }}</label>
+                             <input type="text" class="form-control" placeholder="Allocation token" name="token" autocapitalize="none">
+                           </div>
+
                     </div>
                 <div class="card-footer">
                   <div class="row align-items-center">

diff --git a/cp/resources/views/admin/domains/requestTransfer.twig b/cp/resources/views/admin/domains/requestTransfer.twig
@@ -63,6 +63,11 @@
                                 <strong>{{ __('Estimated Price') }}: </strong><span id="domainPrice">$0.00</span>
                             </div>
 
+                            <div class="mb-3">
+                              <label for="token" class="form-label">{{ __('Allocation Token') }}</label>
+                              <input type="text" class="form-control" placeholder="Allocation token" name="token" autocapitalize="none">
+                            </div>
+
                     </div>
                 <div class="card-footer">
                   <div class="row align-items-center">

diff --git a/epp/src/epp-check.php b/epp/src/epp-check.php
@@ -266,8 +266,9 @@ function processDomainCheck($conn, $db, $xml, $trans) {
                     if ($allocation_token !== null) {
                         $allocationTokenValue = (string)$allocation_token;
 
-                        $stmt = $db->prepare("SELECT token FROM allocation_tokens WHERE domain_name = :domainName LIMIT 1");
+                        $stmt = $db->prepare("SELECT token FROM allocation_tokens WHERE domain_name = :domainName AND token = :token LIMIT 1");
                         $stmt->bindParam(':domainName', $label, PDO::PARAM_STR);
+                        $stmt->bindParam(':token', $allocationTokenValue, PDO::PARAM_STR);
                         $stmt->execute();
                         $token = $stmt->fetchColumn();
 

diff --git a/epp/src/epp-create.php b/epp/src/epp-create.php
@@ -625,8 +625,9 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans) {
         if ($allocation_token !== null) {
             $allocationTokenValue = (string)$allocation_token;
 
-            $stmt = $db->prepare("SELECT token FROM allocation_tokens WHERE domain_name = :domainName LIMIT 1");
+            $stmt = $db->prepare("SELECT token FROM allocation_tokens WHERE domain_name = :domainName AND token = :token LIMIT 1");
             $stmt->bindParam(':domainName', $label, PDO::PARAM_STR);
+            $stmt->bindParam(':token', $allocationTokenValue, PDO::PARAM_STR);
             $stmt->execute();
             $token = $stmt->fetchColumn();
 

diff --git a/epp/src/epp-transfer.php b/epp/src/epp-transfer.php
@@ -756,8 +756,9 @@ function processDomainTransfer($conn, $db, $xml, $clid, $database_type, $trans)
         if ($allocation_token !== null) {
             $allocationTokenValue = (string)$allocation_token;
 
-            $stmt = $db->prepare("SELECT token FROM allocation_tokens WHERE domain_name = :domainName LIMIT 1");
+            $stmt = $db->prepare("SELECT token FROM allocation_tokens WHERE domain_name = :domainName AND token = :token LIMIT 1");
             $stmt->bindParam(':domainName', $domainName, PDO::PARAM_STR);
+            $stmt->bindParam(':token', $allocationTokenValue, PDO::PARAM_STR);
             $stmt->execute();
             $token = $stmt->fetchColumn();
 

diff --git a/epp/src/helpers.php b/epp/src/helpers.php
@@ -257,7 +257,7 @@ function extractDomainAndTLD($urlString) {
     foreach ($testTlds as $testTld) {
         if (str_ends_with($host, "$testTld")) {
             // Handle the test TLD case
-            $tldLength = strlen($testTld) + 1; // +1 for the dot
+            $tldLength = strlen($testTld); // No +1 for the dot
             $hostWithoutTld = substr($host, 0, -$tldLength);
             $hostParts = explode('.', $hostWithoutTld);
             $sld = array_pop($hostParts);