New SQL interface + bugfixes

2012-08-25 17:05:38 +00:00 · 2012-08-25 17:05:38 +00:00 · 33c13635a4
parent c77b6df3ff
commit 33c13635a4
13 changed files with 385 additions and 226 deletions
--- a/bureau/admin/sql_add.php
+++ b/bureau/admin/sql_add.php
@ -45,6 +45,10 @@ if (!$quota->cancreate("mysql")) {
 			exit();
 		}
 	}
 $q=$quota->getquota("mysql");
 if($q['u'] == 0 ){
 	include_once("sql_doadd.php");	
 }else{
 ?>
 <form method="post" action="sql_doadd.php" id="main" name="main">
 <table class="tedit">
@ -57,7 +61,9 @@ if (!$quota->cancreate("mysql")) {
 <br />
 <input type="submit" class="inb" name="submit" value="<?php __("Create this new MySQL database."); ?>" />
 </form>
-
+<?php
 }
 ?>
 <script type="text/javascript">
  document.forms['main'].dbn.focus();
 </script>
--- a/bureau/admin/sql_del.php
+++ b/bureau/admin/sql_del.php
@ -81,7 +81,7 @@ if (!$found) {
 reset($_POST);
 while (list($key,$val)=each($_POST)) {
  if (substr($key,0,4)=="del_") {
-    echo "<input type=\"hidden\" name=\"$key\" value=\"$val\" />".$mem->user["login"].(($val)?"_":"")."$val<br />\n";
+    echo "<input type=\"hidden\" name=\"$key\" value=\"$val\" />".$val."<br />\n";
  }
 }
--- a/bureau/admin/sql_doadd.php
+++ b/bureau/admin/sql_doadd.php
@ -33,17 +33,37 @@ $fields = array (
        "dbn"                 => array ("post", "string", ""),
 );
 getFields($fields);
 if (!$quota->cancreate("mysql")) {
 	$error=_("err_mysql_1");
 	include("sql_add.php");
 	exit;
 }
 $q=$quota->getquota("mysql");
 if($q['u'] == 0){
 	$dbname=$mem->user["login"];
 	if(!$mysql->add_db($dbname)){
 	  $error=$err->errstr();
 		include("sql_add.php");
 		exit;
 	}
 }else{
  if(!empty($dbn)){
    $dbname=$mem->user["login"]."_".$dbn;
    if(!$mysql->add_db($dbname)) {
      $error=$err->errstr();
      include("sql_add.php");
      exit;
    }
  }else{
    $dbname=$mem->user["login"];
    if(!$mysql->add_db($dbname)) {
      $error=$err->errstr();
      include("sql_add.php");
      exit;
    }
  }
 if (!$mysql->add_db($dbn)) {
  $error=$err->errstr();
  include("sql_add.php");
  exit;
 }
 include("sql_list.php");
--- a/bureau/admin/sql_getparam.php
+++ b/bureau/admin/sql_getparam.php
@ -30,10 +30,16 @@
 require_once("../class/config.php");
 include_once("head.php");
 $fields = array (
 	"dbname"    => array ("request", "string", ""),
 );
 getFields($fields);
 if (!$r=$mysql->get_dblist()) {
 	$error=$err->errstr();
 }
 ?>
 <h3><?php __("MySQL Databases"); ?></h3>
 <hr id="topbar"/>
@ -42,29 +48,43 @@ if (!$r=$mysql->get_dblist()) {
 	if (isset($error) && $error) {
 		echo "<p class=\"error\">$error</p><p>&nbsp;</p>";
 	}
-
+$r=$mysql->get_defaultsparam($dbname);
 if(!empty($r)){
 ?>
-<p><?php __("Your current settings are"); ?> : </p>
+<p><?php __("Your current connection settings are"); ?> : </p>
 <table class="tedit">
 	<tr>
-		<th><?php __("Username"); ?></th>
+		<th><?php __("Mysql Server"); ?></th>
 		<td><code><?php echo $mem->user["login"]; ?></code></td>
 	</tr>
 	<tr>
 		<th><?php __("Password"); ?></th>
 		<td><code><?php echo $r[0]["pass"]; ?></code></td>
 	</tr>
 	<tr>
 		<th><?php __("MySQL Server"); ?></th>
 		<td><code><?php echo $mysql->dbus->HumanHostname; ?></code></td>
 	</tr>
 	<tr>
-		<th><?php __("Main database"); ?></th>
+		<th><?php __("Database"); ?></th>
-		<td><code><?php echo $r[0]["db"]; ?></code></td>
+		<td><code><?php echo $dbname; ?></code></td>
 	</tr>
 <?php
 if(isset($r['user'])){
 ?>
 	<tr>
 		<th><?php __("Login"); ?></th>
 		<td><code><?php echo $r['user']; ?></code></td>
 	</tr>
 	<tr>
 		<th><?php __("Password"); ?></th>
 		<td><code><?php echo $r['password']; ?></code></td>
 	</tr>
 <?php
 }
 ?>
 </table>
-
+<?php
 if(!isset($r['user'])){
 	echo "<p class=\"error\">";__("You changed the MySQL User base configuration. Please refer to your configuration");echo"</p><p>&nbsp;</p>";
 }
 ?>
 <p><span class="ina"><a href="sql_list.php"><?php __("Back to the MySQL database list"); ?></a></span></p>
-<?php include_once("foot.php"); ?>
+<?php
 } //empty $r
 include_once("foot.php"); ?>
--- a/bureau/admin/sql_list.php
+++ b/bureau/admin/sql_list.php
@ -59,20 +59,21 @@ if($rdb){
 ?>
 <form method="post" action="sql_del.php" name="main" id="main">
 <table class="tlist">
-   <tr><th>&nbsp;</th><th><?php __("Database"); ?></th><th><?php __("Backup"); ?></th><th><?php __("Restore"); ?></th><th><?php __("Size"); ?></th></tr>
+   <tr><th>&nbsp;</th><th><?php __("Database"); ?></th><th><?php __("Backup"); ?></th><th><?php __("Restore"); ?></th><th><?php __("Settings"); ?></th><th><?php __("Size"); ?></th></tr>
 <?php
 $col=1;
 for($i=0;$i<count($rdb);$i++) {
  $val=$rdb[$i];
  $val['size'] = $mysql->get_db_size($val['db']);
- $col=3-$col;
+  $col=3-$col;
 ?>
 	<tr  class="lst<?php echo $col; ?>">
-		<td align="center"><input type="checkbox" class="inc" id="del_<?php echo $val["name"]; ?>" name="del_<?php echo $val["name"]; ?>" value="<?php echo ($val["name"])?$val["name"]:"_"; ?>" /></td>
+		<td align="center"><input type="checkbox" class="inc" id="del_<?php echo $val["db"]; ?>" name="del_<?php echo $val["db"]; ?>" value="<?php echo ($val["db"]); ?>" /></td>
-	   	<td><label for="del_<?php echo $val["name"]; ?>"><?php echo $val["db"]; ?></label></td>
+	   	<td><label for="del_<?php echo $val["db"]; ?>"><?php echo $val["db"]; ?></label></td>
-		<td><div class="ina"><a href="sql_bck.php?id=<?php echo $val["name"] ?>"><?php __("Backup"); ?></a></div></td>
+		<td><div class="ina"><a href="sql_bck.php?id=<?php echo $val["db"] ?>"><?php __("Backup"); ?></a></div></td>
-		<td><div class="ina"><a href="sql_restore.php?id=<?php echo $val["name"] ?>"><?php __("Restore"); ?></a></div></td>
+		<td><div class="ina"><a href="sql_restore.php?id=<?php echo $val["db"] ?>"><?php __("Restore"); ?></a></div></td>
 		<td><div class="ina"><a href="sql_getparam.php?dbname=<?php echo $val["db"] ?>"><?php __("Settings"); ?></a></div></td>
 		<td><code><?php echo format_size($val["size"]); ?></code></td>
 	</tr>
 <?php
--- a/bureau/admin/sql_users_add.php
+++ b/bureau/admin/sql_users_add.php
@ -37,11 +37,6 @@ $fields = array (
 );
 getFields($fields);
 if (!$quota->cancreate("mysql_users")) {
 	$error=_("err_mysql_13");
 	$fatal=1;
 }
 ?>
 <h3><?php __("Create a new MySQL user"); ?></h3>
 <hr id="topbar"/>
--- a/bureau/admin/sql_users_del.php
+++ b/bureau/admin/sql_users_del.php
@ -28,6 +28,10 @@
 ----------------------------------------------------------------------
 */
 require_once("../class/config.php");
 $fields = array (
        "confirm"                => array ("post", "string", ""),
 );
 getFields($fields);
 if(!isset($error)){
 	$error="";
 }
@ -40,7 +44,7 @@ if (isset($confirm) && ($confirm=="y")) {
      if (!$r) {
 	$error.=$err->errstr()."<br />";
      } else {
-	$error.=sprintf(_("The user %s has been successfully deleted"),$mem->user["login"]."_$val")."<br />";
+	$error.=sprintf(_("The user %s has been successfully deleted"),$val)."<br />";
      }
    }
  }
@ -63,7 +67,7 @@ include_once("head.php");
 reset($_POST);
 while (list($key,$val)=each($_POST)) {
  if (substr($key,0,4)=="del_") {
-    echo "<input type=\"hidden\" name=\"$key\" value=\"$val\" />".$mem->user["login"]."_$val<br />\n";
+    echo "<input type=\"hidden\" name=\"$key\" value=\"$val\" />".$val."<br />\n";
  }
 }
--- a/bureau/admin/sql_users_doadd.php
+++ b/bureau/admin/sql_users_doadd.php
@ -37,16 +37,19 @@ $fields = array (
 getFields($fields);
-if (!$quota->cancreate("mysql_users")) {
+if(!empty($usern)){
-//	$error=_("err_mysql_1");
+  if (!$mysql->add_user($usern,$password,$passconf)) {
-	include("sql_users_add.php");
+    $error=$err->errstr();
-	exit;
+    include("sql_users_add.php");
-}
+    exit;
-
+  }
-if (!$mysql->add_user($usern,$password,$passconf)) {
+}else{
-  $error=$err->errstr();
+  $usern=$mem->user["login"];
-  include("sql_users_add.php");
+  if (!$mysql->add_user($usern,$password,$passconf)) {
-  exit;
+    $error=$err->errstr();
    include("sql_users_add.php");
    exit;
  }
 }
 include("sql_users_list.php");
--- a/bureau/admin/sql_users_dorights.php
+++ b/bureau/admin/sql_users_dorights.php
@ -1,6 +1,6 @@
 <?php
 /*
- $Id: sql_users_rights.php,v 1.8 2006/02/16 16:26:28 nahuel Exp $
+ $Id: sql_users_dorights.php,v 1.8 2006/02/16 16:26:28 nahuel Exp $
 ----------------------------------------------------------------------
 AlternC - Web Hosting System
 Copyright (C) 2002 by the AlternC Development Team.
@ -31,21 +31,24 @@ require_once("../class/config.php");
 $fields = array (
-	"id"    		=> array ("post", "string", ""),
+  "id"        => array ("post", "string", ""),
 );
 getFields($fields);
-$keys=array_keys($_POST);
+foreach($_POST as $k=>$v) {
-$dblist=$mysql->get_dblist();
+  $keys[$k]=$v;
 }
-for( $i=0 ; $i<count($dblist) ; $i++ ) {
+$cleanrights=array("select","update","insert","delete","create","drop","references","index","alter","create_tmp",'lock');
 foreach($mysql->get_dblist() as $d){
  $rights=array();
-  for( $j=0 ; $j<count($keys) ; $j++ ) {
+  foreach ($cleanrights as $r) {
-      if( strpos( $keys[$j], $dblist[$i]["name"]."_" ) === 0 )
+    if (isset($keys[$d['db'].'_'.$r])) {
-        $rights[]=substr($keys[$j], strlen( $dblist[$i]["name"]."_" ));
+      $rights[]=$r; 
-  }
+    }
-  $mysql->set_user_rights($id,$dblist[$i]["name"],$rights);
+  }  
  $mysql->set_user_rights($id,$d['db'],$rights);
 }
 $error=_("The rights has been successfully applied to the user");
--- a/bureau/admin/sql_users_list.php
+++ b/bureau/admin/sql_users_list.php
@ -56,7 +56,7 @@ for($i=0;$i<count($r);$i++) {
 	  <td align="center">
            <input type="checkbox" class="inc" id="del_<?php echo $val["name"]; ?>" name="del_<?php echo $val["name"]; ?>" value="<?php echo $val["name"]; ?>" />
          </td>
-	  <td><label for="del_<?php echo $val["name"]; ?>"><?php echo $mem->user["login"]."_".$val["name"]; ?></label></td>
+	  <td><label for="del_<?php echo $val["name"]; ?>"><?php echo $val["name"]; ?></label></td>
 	  <td><span class="ina"><a href="sql_users_rights.php?id=<?php echo $val["name"] ?>"><?php __("Manage the rights"); ?></a></span></td>
 	  <td><span class="ina"><a href="sql_users_password.php?id=<?php echo $val["name"] ?>"><?php __("Password change"); ?></a></span></td>
 	</tr>
@ -76,12 +76,10 @@ for($i=0;$i<count($r);$i++) {
 <?php
  }
  if ($quota->cancreate("mysql_users")) {
 ?>
 <p>
  <span class="ina"><a href="sql_users_add.php"><?php __("Create a new MySQL user"); ?></a><br /></span>
 </p>
 <?php
  }
 ?>
 <?php include_once("foot.php"); ?>
--- a/bureau/admin/sql_users_password.php
+++ b/bureau/admin/sql_users_password.php
@ -38,7 +38,7 @@ getFields($fields);
 $r=$mysql->get_user_dblist($id);
 ?>
-<h3><?php __("Change this user's password"); echo " - ".$mem->user["login"]."_".$id ?></h3>
+<h3><?php __("Change this user's password"); echo " - ".$id ?></h3>
 <hr id="topbar"/>
 <br />
 <?php
--- a/bureau/admin/sql_users_rights.php
+++ b/bureau/admin/sql_users_rights.php
@ -36,9 +36,8 @@ $fields = array (
 getFields($fields);
 $r=$mysql->get_user_dblist($id);
 ?>
-<h3><?php printf(_("MySQL Rights for %s"),$mem->user["login"]."_".$id) ?></h3>
+<h3><?php printf(_("MySQL Rights for %s"),$id) ?></h3>
 <hr id="topbar"/>
 <br />
 <?php
@ -77,7 +76,7 @@ for($i=0;$i<count($r);$i++) {
  $col=3-$col;
 ?>
 	<tr class="lst<?php echo $col; ?>">
-    <td><strong><?php echo $mem->user["login"].($val["db"]?"_":"").$val["db"] ?></strong></td>
+    <td><strong><?php echo $val["db"] ?></strong></td>
    <td><a href="javascript:inverse_sql_right('<?php echo htmlentities($val["db"]);?>');"><?php __('Reverse selection');?></a></td>
    <?php foreach($sql_right as $sr) { ?>
 	  <td align="center">
--- a/bureau/class/m_mysql.php
+++ b/bureau/class/m_mysql.php
@ -1,32 +1,32 @@
 <?php
 /*
- $Id: m_mysql.php,v 1.35 2005/12/18 09:51:32 benjamin Exp $
+   $Id: m_mysql.php,v 1.35 2005/12/18 09:51:32 benjamin Exp $
- ----------------------------------------------------------------------
+   ----------------------------------------------------------------------
- AlternC - Web Hosting System
+   AlternC - Web Hosting System
- Copyright (C) 2002 by the AlternC Development Team.
+   Copyright (C) 2002 by the AlternC Development Team.
- http://alternc.org/
+   http://alternc.org/
- ----------------------------------------------------------------------
+   ----------------------------------------------------------------------
- Based on:
+   Based on:
- Valentin Lacambre's web hosting softwares: http://altern.org/
+   Valentin Lacambre's web hosting softwares: http://altern.org/
- ----------------------------------------------------------------------
+   ----------------------------------------------------------------------
- LICENSE
+   LICENSE
- This program is free software; you can redistribute it and/or
+   This program is free software; you can redistribute it and/or
- modify it under the terms of the GNU General Public License (GPL)
+   modify it under the terms of the GNU General Public License (GPL)
- as published by the Free Software Foundation; either version 2
+   as published by the Free Software Foundation; either version 2
- of the License, or (at your option) any later version.
+   of the License, or (at your option) any later version.
- This program is distributed in the hope that it will be useful,
+   This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- GNU General Public License for more details.
+   GNU General Public License for more details.
- To read the license please visit http://www.gnu.org/copyleft/gpl.html
+   To read the license please visit http://www.gnu.org/copyleft/gpl.html
- ----------------------------------------------------------------------
+   ----------------------------------------------------------------------
- Original Author of file: Benjamin Sonntag
+   Original Author of file: Benjamin Sonntag
- Purpose of file: Manage mysql database for users.
+   Purpose of file: Manage mysql database for users.
- ----------------------------------------------------------------------
+   ----------------------------------------------------------------------
-*/
+ */
 /**
 * MySQL user database management for AlternC.
 * This class manage user's databases in MySQL, and user's MySQL accounts.
@ -38,11 +38,11 @@ class DB_users extends DB_Sql {
  var $Host,$HumanHostname,$User,$Password,$client;
  /**
-  * Creator
+   * Creator
-  */
+   */
  function DB_users() {
-    # Use the dbusers file if exist, else use default alternc configuration
+# Use the dbusers file if exist, else use default alternc configuration
    if ( is_readable("/etc/alternc/dbusers.cnf") ) {
      $mysqlconf=file_get_contents("/etc/alternc/dbusers.cnf");
    } else {
@ -50,29 +50,29 @@ class DB_users extends DB_Sql {
    }
    $mysqlconf=explode("\n",$mysqlconf);
-    # Read the configuration
+# Read the configuration
    foreach ($mysqlconf as $line) {
-      # First, read the "standard" configuration
+# First, read the "standard" configuration
      if (preg_match('/^([A-Za-z0-9_]*) *= *"?(.*?)"?$/', trim($line), $regs)) {
-          switch ($regs[1]) {
+        switch ($regs[1]) {
          case "user":
-              $user = $regs[2];
+            $user = $regs[2];
-              break;
+          break;
          case "password":
-              $password = $regs[2];
+            $password = $regs[2];
-              break;
+          break;
          case "host":
-              $host = $regs[2];
+            $host = $regs[2];
-              break;
+          break;
-          }
+        }
      }
-      # Then, read specific alternc configuration
+# Then, read specific alternc configuration
      if (preg_match('/^#alternc_var ([A-Za-z0-9_]*) *= *"?(.*?)"?$/', trim($line), $regs)) {
        $$regs[1]=$regs[2];
      }
    }
-    # Set value of human_host if unset
+# Set value of human_host if unset
    if (! isset($human_hostname) || empty($human_hostname)) {
      if ( checkip($host) || checkipv6($host) ) {
        $human_hostname = gethostbyaddr($host);
@ -81,13 +81,13 @@ class DB_users extends DB_Sql {
      }
    }
-    # Create the object
+# Create the object
    $this->Host     = $host;
    $this->User     = $user;
    $this->Password = $password;
-// TODO BUG BUG BUG
+    // TODO BUG BUG BUG
-// c'est pas étanche : $db se retrouve avec Database de $sql->dbu . Danger, faut comprendre pourquoi
+    // c'est pas étanche : $db se retrouve avec Database de $sql->dbu . Danger, faut comprendre pourquoi
-// Si on veux que ca marche, il faut Database=alternc.
+    // Si on veux que ca marche, il faut Database=alternc.
    //$this->Database = "mysql";
    $this->Database = "alternc";
    $this->HumanHostname = $human_hostname;
@ -101,8 +101,8 @@ class m_mysql {
  /*---------------------------------------------------------------------------*/
  /** Constructor
-  * m_mysql([$mid]) Constructeur de la classe m_mysql, initialise le membre concerne
+   * m_mysql([$mid]) Constructeur de la classe m_mysql, initialise le membre concerne
-  */
+   */
  function m_mysql() {
    $this->dbus = new DB_users();
  }
@ -113,7 +113,7 @@ class m_mysql {
   * Quota name
   */
  function alternc_quota_names() {
-    return array("mysql","mysql_users");
+    return array("mysql");
  }
@ -162,12 +162,12 @@ class m_mysql {
    $db->next_record();
    $info=array();
    $info[]=array(
-                "login"=>$db->f("name"),
+        "login"=>$db->f("name"),
-                "pass"=>$db->f("password")
+        "pass"=>$db->f("password")
-            );
+        );
    return $info;
  }
-    
+
  /*---------------------------------------------------------------------------*/
  /** Returns the details of a user's database.
@ -199,6 +199,12 @@ class m_mysql {
    return array("enabled"=>true,"login"=>$db->f("login"),"db"=>$db->f("db"), "name"=>$dbn,"bck"=>$db->f("bck_mode"), "dir"=>substr($db->f("bck_dir"),strlen($root)), "size"=>$size, "pass"=>$db->f("pass"), "history"=>$db->f("bck_history"), "gzip"=>$db->f("bck_gzip"));
  }
  function test_get_param($dbname){
    global $db,$err,$cuid;
    $db->query("SELECT ");
  }
  /*---------------------------------------------------------------------------*/
  /** Create a new database for the current user.
@ -209,15 +215,25 @@ class m_mysql {
  function add_db($dbn) {
    global $db,$err,$quota,$mem,$cuid,$admin;
    $err->log("mysql","add_db",$dbn);
    $password_user="";
    if (!$quota->cancreate("mysql")) {
      $err->raise("mysql",1);
      return false;
    }
    $pos=strpos($dbn,'_');
    if($pos === false){
      $dbname=$dbn;
    }else{
      $dbncomp=explode('_',$dbn);
      $dbname=$dbn;
      $dbn=$dbncomp[1];
    }
    if (!preg_match("#^[0-9a-z]*$#",$dbn)) {
      $err->raise("mysql",2);
      return false;
    }
-    $dbname=$mem->user["login"].($dbn?"_":"").$dbn;
+
    if (strlen($dbname) > 64) {
      $err->raise("mysql",12);
      return false;
@ -227,6 +243,14 @@ class m_mysql {
      $err->raise("mysql",3);
      return false;
    }
    $db->query("SELECT name from dbusers where name='".$dbname."' and enable='ACTIVATED' ;");
    if(!$db->num_rows()){
      $password_user=create_pass(8);
      if(!$this->add_user($dbn,$password_user,$password_user)){
      }
    }
    //checking for the phpmyadmin user
    $db->query("SELECT * FROM dbusers WHERE uid=$cuid AND enable='ADMIN';");
    if ($db->num_rows()) {
@ -234,18 +258,21 @@ class m_mysql {
      $myadm=$db->f("name");  
      $password=$db->f("password");  
    }else{
-      $err->raise("mysql",3);
+      $err->raise("mysql",3);//FIXME error code
      return false;
    }
    //Grant the special user every rights.
    if ($this->dbus->query("CREATE DATABASE `$dbname`;")) {
      $err->log("mysql","add_db_succes",$dbn);
      // Ok, database does not exist, quota is ok and dbname is compliant. Let's proceed
      $db->query("INSERT INTO db (uid,login,pass,db,bck_mode) VALUES ('$cuid','$myadm','$password','$dbname',0);");
      $dbuser=$dbname;
      $dbname=str_replace('_','\_',$dbname);
      $this->grant($dbname,$myadm,"ALL PRIVILEGES",$password);
      if(!empty($password_user)){
        $this->grant($dbname,$dbuser,"ALL PRIVILEGES",$password_user);
      }
      $this->dbus->query("FLUSH PRIVILEGES;");
      return true;
    } else {
@ -265,8 +292,7 @@ class m_mysql {
  function del_db($dbn) {
    global $db,$err,$mem,$cuid;
    $err->log("mysql","del_db",$dbn);
-
+    $dbname=addslashes($dbn);
    $dbname=addslashes($mem->user["login"].($dbn?"_":"").$dbn);
    $db->query("SELECT uid FROM db WHERE db='$dbname';");
    if (!$db->num_rows()) {
      $err->raise("mysql",4);
@ -278,9 +304,17 @@ class m_mysql {
    $db->query("DELETE FROM size_db WHERE db='$dbname';");
    $db->query("DELETE FROM db WHERE uid='$cuid' AND db='$dbname';");
    $this->dbus->query("DROP DATABASE `$dbname`;");
    $db_esc=str_replace('_','\_',$dbname);
    $db->query("select User from mysql.db where User='".$dbname."' and Db!='".$db_esc."' and (Select_priv='Y' or Insert_priv='Y' or Update_priv='Y' or Delete_priv='Y' or Create_priv='Y' or Drop_priv='Y' or References_priv='Y' or Index_priv='Y' or Alter_priv='Y' or Create_tmp_table_priv='Y' or Lock_tables_priv='Y');");
    if(!$db->num_rows()){
      $this->del_user($dbname);
    }
    return true;
  }
-  
+
  /*---------------------------------------------------------------------------*/
  /** Set the backup parameters for the database $db
@ -354,7 +388,7 @@ class m_mysql {
    // Check this password against the password policy using common API : 
    if (is_callable(array($admin,"checkPolicy"))) {
      if (!$admin->checkPolicy("mysql",$login,$password)) {
-	      return false; // The error has been raised by checkPolicy()
+        return false; // The error has been raised by checkPolicy()
      }
    }
@ -364,48 +398,47 @@ class m_mysql {
    return true;
  }
-/**
+  /**
-* Function used to grant SQL rights to users:
+   * Function used to grant SQL rights to users:
-* @base :database 
+   * @base :database 
-* @user : database user
+   * @user : database user
-* @rights : rights to apply ( optional, every rights apply given if missing
+   * @rights : rights to apply ( optional, every rights apply given if missing
-* @pass : user password ( optional, if not given the pass stays the same, else it takes the new value )
+   * @pass : user password ( optional, if not given the pass stays the same, else it takes the new value )
-* @table : sql tables to apply rights
+   * @table : sql tables to apply rights
-**/
+   **/
  function grant($base,$user,$rights=null,$pass=null,$table='*'){
    global $err,$db;
-    $err->log("mysql","grant",$base);
+    $err->log("mysql","grant",$base."-".$user);
    if(!preg_match("#^[0-9a-z_\\*\\\\]*$#",$base)){
-      $err->raise("mysql",2);
+      $err->raise("mysql","base_not_match");
      return false;
    }elseif(!$db->query("select db from db where db='$base';")){
-      $err->raise("mysql",10);
+      $err->raise("mysql","query base fail");
      return false; 
    }
    if($rights==null){
      $rights='ALL PRIVILEGES';
    }elseif(!preg_match("#^[a-zA-Z,\s]*$#",$rights)){
-      $err->raise("mysql",3);
+      $err->raise("mysql","rights_fail");
      return false;
    }
    if(!preg_match("#^[0-9a-z_]*$#",$user)) {
-      $err->raise("mysql",5);
+      $err->raise("mysql","user match");
      return false;
    }
    $db->query("select name from dbusers where name='".$user."' ;");
    if(!$db->num_rows()){
-    	$err->raise("mysql",6);
+      $lol=$db->f('name');
-	return false;
+      $err->raise("mysql","num row 0:".$lol."<--".$user);
      return false;
    }
    if($rights == "FILE"){
-       $grant="grant ".$rights." on ".$base.".".$table." to '".$user."'@'".$this->dbus->Host."'" ;
+      $grant="grant ".$rights." on ".$base.".".$table." to '".$user."'@'".$this->dbus->Host."'" ;
    }else{
-       $grant="grant ".$rights." on `".$base."`.".$table." to '".$user."'@'".$this->dbus->Host."'" ;
+      $grant="grant ".$rights." on `".$base."`.".$table." to '".$user."'@'".$this->dbus->Host."'" ;
    }
    if($pass){
@ -413,10 +446,10 @@ class m_mysql {
    }else{
      $grant .= ";";
    }
-   if(!$this->dbus->query($grant)){
+    if(!$this->dbus->query($grant)){
-      $err->raise("mysql",7);
+      $err->raise("mysql","grant fail:".$grant);
      return false;
-   }
+    }
    return true;
  }
@ -430,7 +463,7 @@ class m_mysql {
   * @return boolean TRUE if the database has been restored, or FALSE if an error occurred
   */
  function restore($file,$stdout,$id) { 
-// TODO don't work with the separated sql serveur for dbusers
+    // TODO don't work with the separated sql serveur for dbusers
    global $err,$bro,$mem,$L_MYSQL_HOST;
    if (!$r=$this->get_mysql_details($id)) { 
      return false; 
@ -447,7 +480,7 @@ class m_mysql {
      $exe="/usr/bin/mysql -h".escapeshellarg($L_MYSQL_HOST)." -u".escapeshellarg($r["login"])." -p".escapeshellarg($r["pass"])." ".escapeshellarg($r["db"])." <".escapeshellarg($fi); 
    }
    $exe .= " 2>&1";
-    
+
    echo "<code><pre>" ;
    if ($stdout) {
      passthru($exe,$ret);
@ -462,7 +495,7 @@ class m_mysql {
    }
  }
-  
+
  /* ----------------------------------------------------------------- */
  /** Get the size of a database
   * @param $dbname name of the database
@ -471,7 +504,7 @@ class m_mysql {
   */
  function get_db_size($dbname) {
    global $db,$err;
-    
+
    $this->dbus->query("SHOW TABLE STATUS FROM `$dbname`;");
    $size = 0;
    while ($db->next_record()) {
@ -480,8 +513,8 @@ class m_mysql {
    }
    return $size;
  }
-  
+
-  
+
  /* ------------------------------------------------------------ */
  /** 
   * Returns the list of database users of an account
@ -492,12 +525,80 @@ class m_mysql {
    $c=array();
    $db->query("SELECT name FROM dbusers WHERE uid='$cuid' and enable not in ('ADMIN','HIDDEN') ORDER BY name;");
    while ($db->next_record()) {
-      $c[]=array("name"=>substr($db->f("name"),strpos($db->f("name"),"_")+1));
+      $pos=strpos($db->f("name"),"_");
      if($pos === false){
        $c[]=array("name"=>($db->f("name")));
      }else{
        $c[]=array("name"=>($db->f("name")));
        //$c[]=array("name"=>substr($db->f("name"),strpos($db->f("name"),"_")+1));
      }
    }
    return $c;
  }
  function get_defaultsparam($dbn){
    global $db,$err,$bro,$cuid;
    $err->log("mysql","getdefaults");
    $dbu=$dbn;
    $r=array();
    $dbn=str_replace('_','\_',$dbn);
    $db->query("Select Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,References_priv,Index_priv,Alter_priv,Create_tmp_table_priv,Lock_tables_priv from mysql.db where Db='".$dbn."' and User='".$dbu."';");
    if(!$db->num_rows()){
      return $r;
    }
    $db->next_record();
    $r['Host']=$db->f('Host');		
    if($db->f('Select_priv') !== "Y"){
      return $r;
    } 
    if($db->f('Insert_priv') !== "Y"){
      return $r;
    } 
    if($db->f('Update_priv') !== "Y"){
      return $r;
    } 
    if($db->f('Delete_priv') !== "Y"){
      return $r;
    } 
    if($db->f('Create_priv') !== "Y"){
      return $r;
    } 
    if($db->f('Drop_priv') !== "Y"){
      return $r;
    } 
    if($db->f('References_priv') !== "Y"){
      return $r;
    } 
    if($db->f('Index_priv') !== "Y"){
      return $r;
    } 
    if($db->f('Alter_priv') !== "Y"){
      return $r;
    } 
    if($db->f('Create_tmp_table_priv') !== "Y"){
      return $r;
    } 
    if($db->f('Lock_tables_priv') !== "Y"){
      return $r;
    } 
    if(!$db->query("SELECT name,password from dbusers where name='".$dbu."';")){
      return $r;
    }
    if(!$db->num_rows()){
      return $r;
    }
    $db->next_record();
    $r['user']=$db->f('name');
    $r['password']=$db->f('password');
    return $r;
  }
  /* ------------------------------------------------------------ */
  /** 
@ -512,7 +613,12 @@ class m_mysql {
    $err->log("mysql","add_user",$usern);
    $usern=trim($usern);
-    $user=addslashes($mem->user["login"]."_".$usern);
+    $login=$mem->user["login"];
    if($login != $usern){ 
      $user=addslashes($login."_".$usern);
    }else{
      $user=$usern;
    }
    $pass=addslashes($password);
    if (!$usern) {
@ -523,15 +629,12 @@ class m_mysql {
      $err->raise("mysql",20);
      return false;
    }
    if (!$quota->cancreate("mysql_users")) {
      $err->raise("mysql",13);
      return false;
    }
    if (!preg_match("#^[0-9a-z]#",$usern)) {
      $err->raise("mysql",14);
      return false;
    }
-    
+
    // We check the length of the COMPLETE username, not only the part after _
    if (strlen($user) > 16) {
      $err->raise("mysql",15);
@ -550,14 +653,14 @@ class m_mysql {
    // Check this password against the password policy using common API : 
    if (is_callable(array($admin,"checkPolicy"))) {
      if (!$admin->checkPolicy("mysql",$user,$password)) {
-	      return false; // The error has been raised by checkPolicy()
+        return false; // The error has been raised by checkPolicy()
      }
    }
    // We add him to the user table 
    $db->query("INSERT INTO dbusers (uid,name,password,enable) VALUES($cuid,'$user','$password','ACTIVATED');");
    // We create the user account (the "file" right is the only one we need globally to be able to use load data into outfile)
    $this->grant("*",$user,"FILE",$pass);
    // We add him to the user table 
    $db->query("INSERT INTO dbusers (uid,name,enable) VALUES($cuid,'$user','ACTIVATED');");
    return true;
  }
@ -574,7 +677,7 @@ class m_mysql {
    $err->log("mysql","change_user_pass",$usern);
    $usern=trim($usern);
-    $user=addslashes($mem->user["login"]."_".$usern);
+    $user=addslashes($usern);
    $pass=addslashes($password);
    if ($password != $passconf || !$password) {
      $err->raise("mysql",17);
@ -584,10 +687,11 @@ class m_mysql {
    // Check this password against the password policy using common API : 
    if (is_callable(array($admin,"checkPolicy"))) {
      if (!$admin->checkPolicy("mysql",$user,$password)) {
-    	return false; // The error has been raised by checkPolicy()
+        return false; // The error has been raised by checkPolicy()
      }
    }
-    $this->dbus->query("SET PASSWORD FOR ".$user."@".$this->dbus->Host." = PASSWORD('".$pass."')");
+    $db->query("SET PASSWORD FOR '".$user."'@'".$this->dbus->Host."' = PASSWORD('".$pass."');");
    $db->query("UPDATE dbusers set password='".$pass."' where name='".$usern."' and uid=$cuid ;");
    return true;
  }
@ -606,7 +710,7 @@ class m_mysql {
      $err->raise("mysql",14);
      return false;
    }
-    $db->query("SELECT name FROM dbusers WHERE name='".$mem->user["login"]."_$user' and enable not in ('ADMIN','HIDDEN');");
+    $db->query("SELECT name FROM dbusers WHERE name='".$user."' and enable not in ('ADMIN','HIDDEN');");
    if (!$db->num_rows()) {
      $err->raise("mysql",18);
      return false;
@ -615,11 +719,11 @@ class m_mysql {
    $login=$db->f("name");
    // Ok, database exists and dbname is compliant. Let's proceed
-    $this->dbus->query("REVOKE ALL PRIVILEGES ON *.* FROM '".$mem->user["login"]."_$user'@'".$this->dbus->Host."';");
+    $db->query("REVOKE ALL PRIVILEGES ON *.* FROM '".$user."'@'".$this->dbus->Host."';");
-    $this->dbus->query("DELETE FROM mysql.db WHERE User='".$mem->user["login"]."_$user' AND Host='".$this->dbus->Host."';");
+    $db->query("DELETE FROM mysql.db WHERE User='".$user."' AND Host='".$this->dbus->Host."';");
-    $this->dbus->query("DELETE FROM mysql.user WHERE User='".$mem->user["login"]."_$user' AND Host='".$this->dbus->Host."';");
+    $db->query("DELETE FROM mysql.user WHERE User='".$user."' AND Host='".$this->dbus->Host."';");
-    $this->dbus->query("FLUSH PRIVILEGES");
+    $db->query("FLUSH PRIVILEGES");
-    $this->dbus->query("DELETE FROM dbusers WHERE uid='$cuid' AND name='".$mem->user["login"]."_$user';");
+    $db->query("DELETE FROM dbusers WHERE uid='$cuid' AND name='".$user."';");
    return true;
  }
@ -630,21 +734,29 @@ class m_mysql {
   * @param $user the username 
   * @return array An array of database name and rights
   **/
-  function get_user_dblist($user) {
+
-    global $db,$err,$mem,$cuid,$L_MYSQL_DATABASE;
+  function get_user_dblist($user){
-    $err->log("mysql","get_user_dblist");
+    global $db,$err,$mem,$cuid;
    $r=array();
    $db->free();
    $dblist=$this->get_dblist();
-    for ( $i=0 ; $i<count($dblist) ; $i++ ) {
+    foreach($dblist as $tab){
-      $this->dbus->query("SELECT Db, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, References_priv, Index_priv, Alter_priv, Create_tmp_table_priv, Lock_tables_priv FROM mysql.db WHERE User='".$mem->user["login"].($user?"_":"").$user."' AND Host='".$this->dbus->Host."' AND Db='".$dblist[$i]["db"]."';");
+      $pos=strpos($tab['db'],"_");
-      if ($this->dbus->next_record())
+      if($pos === false){
-        $r[]=array("db"=>$dblist[$i]["name"], "select"=>$this->dbus->f("Select_priv"), "insert"=>$this->dbus->f("Insert_priv"),	"update"=>$this->dbus->f("Update_priv"), "delete"=>$this->dbus->f("Delete_priv"), "create"=>$this->dbus->f("Create_priv"), "drop"=>$this->dbus->f("Drop_priv"), "references"=>$this->dbus->f("References_priv"), "index"=>$this->dbus->f("Index_priv"), "alter"=>$this->dbus->f("Alter_priv"), "create_tmp"=>$this->dbus->f("Create_tmp_table_priv"), "lock"=>$this->dbus->f("Lock_tables_priv"));
+        $this->dbus->query("SELECT Db, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, References_priv, Index_priv, Alter_priv, Create_tmp_table_priv, Lock_tables_priv FROM mysql.db WHERE User='".$user."' AND Host='".$this->dbus->Host."' AND Db='".$tab["db"]."';");
-      else
+      }else{
-        $r[]=array("db"=>$dblist[$i]["name"], "select"=>"N", "insert"=>"N", "update"=>"N", "delete"=>"N", "create"=>"N", "drop"=>"N", "references"=>"N", "index"=>"N", "alter"=>"N", "Create_tmp"=>"N", "lock"=>"N" );
+        $dbname=str_replace('_','\_',$tab['db']);
-    }
+        $this->dbus->query("SELECT Db, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, References_priv, Index_priv, Alter_priv, Create_tmp_table_priv, Lock_tables_priv FROM mysql.db WHERE User='".$user."' AND Host='".$this->dbus->Host."' AND Db='".$dbname."';");
-    
+      }	
      if ($this->dbus->next_record()){
        $r[]=array("db"=>$tab["db"], "select"=>$this->dbus->f("Select_priv"), "insert"=>$this->dbus->f("Insert_priv"),	"update"=>$this->dbus->f("Update_priv"), "delete"=>$this->dbus->f("Delete_priv"), "create"=>$this->dbus->f("Create_priv"), "drop"=>$this->dbus->f("Drop_priv"), "references"=>$this->dbus->f("References_priv"), "index"=>$this->dbus->f("Index_priv"), "alter"=>$this->dbus->f("Alter_priv"), "create_tmp"=>$this->dbus->f("Create_tmp_table_priv"), "lock"=>$this->dbus->f("Lock_tables_priv"));
      }else{
        $r[]=array("db"=>$tab['db'], "select"=>"N", "insert"=>"N", "update"=>"N", "delete"=>"N", "create"=>"N", "drop"=>"N", "references"=>"N", "index"=>"N", "alter"=>"N", "Create_tmp"=>"N", "lock"=>"N" );
      }
    }	
    return $r;
  }
@ -658,54 +770,57 @@ class m_mysql {
   * 
   **/
  function set_user_rights($user,$dbn,$rights) {
-    global $mem, $db;
+    global $mem,$err,$db;
    $err->log("mysql","set_user_rights");
    $err->log("mysql",$dbn);
-    $usern=addslashes($mem->user["login"].($user?"_":"").$user);
+    $usern=addslashes($user);
-    $dbname=addslashes($mem->user["login"].($dbn?"_":"").$dbn);
+    $dbname=addslashes($dbn);
    $dbname=str_replace('_','\_',$dbname);
    // On génère les droits en fonction du tableau de droits
    $strrights="";
    for( $i=0 ; $i<count($rights) ; $i++ ) {
      switch ($rights[$i]) {
        case "select":
          $strrights.="SELECT,";
-          break;
+        break;
        case "insert":
          $strrights.="INSERT,";
-          break;
+        break;
        case "update":
          $strrights.="UPDATE,";
-          break;
+        break;
        case "delete":
          $strrights.="DELETE,";
-          break;
+        break;
        case "create":
          $strrights.="CREATE,";
-          break;
+        break;
        case "drop":
          $strrights.="DROP,";
-          break;
+        break;
        case "references":
          $strrights.="REFERENCES,";
-          break;
+        break;
        case "index":
          $strrights.="INDEX,";
-          break;
+        break;
        case "alter":
          $strrights.="ALTER,";
-          break;
+        break;
        case "create_tmp":
          $strrights.="CREATE TEMPORARY TABLES,";
-          break;
+        break;
        case "lock":
          $strrights.="LOCK TABLES,";
-          break;
+        break;
      }
    }
    // We reset all user rights on this DB : 
    $this->dbus->query("SELECT * FROM mysql.db WHERE User = '$usern' AND Db = '$dbname';");
    if($this->dbus->num_rows())
-      $this->dbus->query("REVOKE ALL PRIVILEGES ON $dbname.* FROM '$usern'@'".$this->dbus->Host."';");
+      $this->dbus->query("REVOKE ALL PRIVILEGES ON `$dbname`.* FROM '$usern'@'".$this->dbus->Host."';");
    if( $strrights ){
      $strrights=substr($strrights,0,strlen($strrights)-1);
      $this->grant($dbname,$usern,$strrights);
@ -728,9 +843,9 @@ class m_mysql {
      $err->log("mysql","alternc_get_quota");
      $c=$this->get_dblist();
      if (is_array($c)) {
-	      return count($c);
+        return count($c);
      } else {
-	      return 0;
+        return 0;
      }
    } elseif ($name=="mysql_users") {
      $err->log("mysql","alternc_get_quota");
@ -756,24 +871,19 @@ class m_mysql {
      $myadm=$db->f("name");  
      $password=$db->f("password");  
    }else{
-	$myadm=$cuid."_myadm";
+      $myadm=$cuid."_myadm";
-      }
+      $password=create_pass(8); 
    }
    $db->query("INSERT INTO dbusers (uid,name,password,enable) VALUES ('$cuid','$myadm','$password','ADMIN');");
      $chars = "1234567890abcdefghijkmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
      $i = 0;
      $password = "";
      while ($i <= 8) {
        $password .= $chars{mt_rand(0,strlen($chars))};
        $i++;
      } 
      $db->query("INSERT INTO dbusers (uid,name,password,enable) VALUES ('$cuid','$myadm','$password','ADMIN');");
    return true;
  }
-  
+
  /* ----------------------------------------------------------------- */
  /** Hook function called when a user is deleted.
   * AlternC's standard function that delete a member
@ -785,13 +895,13 @@ class m_mysql {
    $c=$this->get_dblist();
    if (is_array($c)) {
      for($i=0;$i<count($c);$i++) {
-	      $this->del_db($c[$i]["name"]);
+        $this->del_db($c[$i]["name"]);
      }
    }
    $d=$this->get_userslist();
    if (!empty($d)) {
      for($i=0;$i<count($d);$i++) {
-	      $this->del_user($d[$i]["name"]);
+        $this->del_user($d[$i]["name"]);
      }
    }
    return true;
@ -808,7 +918,7 @@ class m_mysql {
    setcookie("REMOTE_PASSWORD","");
  }
-  
+
  /* ----------------------------------------------------------------- */
  /**
   * Exporte all the mysql information of an account
@ -816,7 +926,7 @@ class m_mysql {
   * EXPERIMENTAL 'sid' function ;) 
   */
  function alternc_export_conf() {
-//TODO don't work with separated sql server for dbusers
+    //TODO don't work with separated sql server for dbusers
    global $db,$err,$cuid;
    $err->log("mysql","export");
    $db->query("SELECT login, pass, db, bck_mode, bck_dir, bck_history, bck_gzip FROM db WHERE uid='$cuid';");
@ -825,15 +935,15 @@ class m_mysql {
      $str.="   <login>".$db->Record["login"]."</login>\n";
      $str.="   <pass>".$db->Record["pass"]."</pass>\n";
      do {
-	$filename=$tmpdir."/mysql.".$db->Record["db"].".sql.gz";
+        $filename=$tmpdir."/mysql.".$db->Record["db"].".sql.gz";
-	$str.="   <database>".($db->Record["db"])."</database>\n";
+        $str.="   <database>".($db->Record["db"])."</database>\n";
-	$str.="   <password>".($db->Record["pass"])."</password>\n";
+        $str.="   <password>".($db->Record["pass"])."</password>\n";
-	if ($s["bck_mode"]!=0) {
+        if ($s["bck_mode"]!=0) {
-	  $str.="   <backup-mode>".($db->Record["bck_mode"])."</backup-mode>\n";
+          $str.="   <backup-mode>".($db->Record["bck_mode"])."</backup-mode>\n";
-	  $str.="   <backup-dir>".($db->Record["bck_dir"])."</backup-dir>\n";
+          $str.="   <backup-dir>".($db->Record["bck_dir"])."</backup-dir>\n";
-	  $str.="   <backup-history>".($db->Record["bck_history"])."</backup-history>\n";
+          $str.="   <backup-history>".($db->Record["bck_history"])."</backup-history>\n";
-	  $str.="   <backup-gzip>".($db->Record["bck_gzip"])."</backup-gzip>\n";
+          $str.="   <backup-gzip>".($db->Record["bck_gzip"])."</backup-gzip>\n";
-	}
+        }
      } while ($db->next_record());
      $str.=" </sql>\n";
    }
@ -846,22 +956,22 @@ class m_mysql {
   * @access private
   * EXPERIMENTAL 'sid' function ;) 
   */
-function alternc_export_data ($dir){
+  function alternc_export_data ($dir){
    global $db, $err, $cuid,$mem;
    $err->log("mysql","export_data");
    $db->query("SELECT db.login, db.pass, db.db, dbusers.name FROM db,dbusers WHERE db.uid='$cuid' AND dbusers.uid=db.uid;");
    $dir.="sql/";
    if(!is_dir($dir)){
-        if(!mkdir($dir)){
+      if(!mkdir($dir)){
-            $err->raise('mysql',4);
+        $err->raise('mysql',4);
-        }
+      }
    }
    // on exporte toutes les bases utilisateur.
    while($db->next_record()){
-	    $filename=$dir."mysql.".$db->Record["db"].".".date("H:i:s").".sql.gz";
+      $filename=$dir."mysql.".$db->Record["db"].".".date("H:i:s").".sql.gz";
-	    exec ("/usr/bin/mysqldump --defaults-file=/etc/alternc/my.cnf --add-drop-table --allow-keywords -Q -f -q -a -e ".escapeshellarg($db->Record["db"])." |/bin/gzip >".escapeshellarg($filename));
+      exec ("/usr/bin/mysqldump --defaults-file=/etc/alternc/my.cnf --add-drop-table --allow-keywords -Q -f -q -a -e ".escapeshellarg($db->Record["db"])." |/bin/gzip >".escapeshellarg($filename));
    }
-}
+  }
 } /* Class m_mysql */