kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

New SQL interface + bugfixes

This commit is contained in:
Steven Mondji-Lerider 2012-08-25 17:05:38 +00:00
parent c77b6df3ff
commit 33c13635a4
13 changed files with 385 additions and 226 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
bureau/admin/sql_add.php
View File

@ -45,6 +45,10 @@ if (!$quota->cancreate("mysql")) {
exit();
}
}
$q=$quota->getquota("mysql");
if($q['u'] == 0 ){
include_once("sql_doadd.php");
}else{
?>
<form method="post" action="sql_doadd.php" id="main" name="main">
<table class="tedit">
@ -57,7 +61,9 @@ if (!$quota->cancreate("mysql")) {
<br />
<input type="submit" class="inb" name="submit" value="<?php __("Create this new MySQL database."); ?>" />
</form>
<?php
}
?>
<script type="text/javascript">
document.forms['main'].dbn.focus();
</script>

2
bureau/admin/sql_del.php
View File

@ -81,7 +81,7 @@ if (!$found) {
reset($_POST);
while (list($key,$val)=each($_POST)) {
if (substr($key,0,4)=="del_") {
echo "<input type=\"hidden\" name=\"$key\" value=\"$val\" />".$mem->user["login"].(($val)?"_":"")."$val<br />\n";
echo "<input type=\"hidden\" name=\"$key\" value=\"$val\" />".$val."<br />\n";
}
}

26
bureau/admin/sql_doadd.php
View File

@ -33,19 +33,39 @@ $fields = array (
"dbn" => array ("post", "string", ""),
);
getFields($fields);
if (!$quota->cancreate("mysql")) {
$error=_("err_mysql_1");
include("sql_add.php");
exit;
}
if (!$mysql->add_db($dbn)) {
$q=$quota->getquota("mysql");
if($q['u'] == 0){
$dbname=$mem->user["login"];
if(!$mysql->add_db($dbname)){
$error=$err->errstr();
include("sql_add.php");
exit;
}
}else{
if(!empty($dbn)){
$dbname=$mem->user["login"]."_".$dbn;
if(!$mysql->add_db($dbname)) {
$error=$err->errstr();
include("sql_add.php");
exit;
}
}else{
$dbname=$mem->user["login"];
if(!$mysql->add_db($dbname)) {
$error=$err->errstr();
include("sql_add.php");
exit;
}
}
}
include("sql_list.php");
?>

50
bureau/admin/sql_getparam.php
View File

@ -30,10 +30,16 @@
require_once("../class/config.php");
include_once("head.php");
$fields = array (
"dbname" => array ("request", "string", ""),
);
getFields($fields);
if (!$r=$mysql->get_dblist()) {
$error=$err->errstr();
}
?>
<h3><?php __("MySQL Databases"); ?></h3>
<hr id="topbar"/>
@ -42,29 +48,43 @@ if (!$r=$mysql->get_dblist()) {
if (isset($error) && $error) {
echo "<p class=\"error\">$error</p><p>&nbsp;</p>";
}
$r=$mysql->get_defaultsparam($dbname);
if(!empty($r)){
?>
<p><?php __("Your current settings are"); ?> : </p>
<p><?php __("Your current connection settings are"); ?> : </p>
<table class="tedit">
<tr>
<th><?php __("Username"); ?></th>
<td><code><?php echo $mem->user["login"]; ?></code></td>
</tr>
<tr>
<th><?php __("Password"); ?></th>
<td><code><?php echo $r[0]["pass"]; ?></code></td>
</tr>
<tr>
<th><?php __("MySQL Server"); ?></th>
<th><?php __("Mysql Server"); ?></th>
<td><code><?php echo $mysql->dbus->HumanHostname; ?></code></td>
</tr>
<tr>
<th><?php __("Main database"); ?></th>
<td><code><?php echo $r[0]["db"]; ?></code></td>
<th><?php __("Database"); ?></th>
<td><code><?php echo $dbname; ?></code></td>
</tr>
<?php
if(isset($r['user'])){
?>
<tr>
<th><?php __("Login"); ?></th>
<td><code><?php echo $r['user']; ?></code></td>
</tr>
<tr>
<th><?php __("Password"); ?></th>
<td><code><?php echo $r['password']; ?></code></td>
</tr>
<?php
}
?>
</table>
<?php
if(!isset($r['user'])){
echo "<p class=\"error\">";__("You changed the MySQL User base configuration. Please refer to your configuration");echo"</p><p>&nbsp;</p>";
}
?>
<p><span class="ina"><a href="sql_list.php"><?php __("Back to the MySQL database list"); ?></a></span></p>
<?php include_once("foot.php"); ?>
<?php
} //empty $r
include_once("foot.php"); ?>

11
bureau/admin/sql_list.php
View File

@ -59,7 +59,7 @@ if($rdb){
?>
<form method="post" action="sql_del.php" name="main" id="main">
<table class="tlist">
<tr><th>&nbsp;</th><th><?php __("Database"); ?></th><th><?php __("Backup"); ?></th><th><?php __("Restore"); ?></th><th><?php __("Size"); ?></th></tr>
<tr><th>&nbsp;</th><th><?php __("Database"); ?></th><th><?php __("Backup"); ?></th><th><?php __("Restore"); ?></th><th><?php __("Settings"); ?></th><th><?php __("Size"); ?></th></tr>
<?php
$col=1;
@ -69,10 +69,11 @@ for($i=0;$i<count($rdb);$i++) {
$col=3-$col;
?>
<tr class="lst<?php echo $col; ?>">
<td align="center"><input type="checkbox" class="inc" id="del_<?php echo $val["name"]; ?>" name="del_<?php echo $val["name"]; ?>" value="<?php echo ($val["name"])?$val["name"]:"_"; ?>" /></td>
<td><label for="del_<?php echo $val["name"]; ?>"><?php echo $val["db"]; ?></label></td>
<td><div class="ina"><a href="sql_bck.php?id=<?php echo $val["name"] ?>"><?php __("Backup"); ?></a></div></td>
<td><div class="ina"><a href="sql_restore.php?id=<?php echo $val["name"] ?>"><?php __("Restore"); ?></a></div></td>
<td align="center"><input type="checkbox" class="inc" id="del_<?php echo $val["db"]; ?>" name="del_<?php echo $val["db"]; ?>" value="<?php echo ($val["db"]); ?>" /></td>
<td><label for="del_<?php echo $val["db"]; ?>"><?php echo $val["db"]; ?></label></td>
<td><div class="ina"><a href="sql_bck.php?id=<?php echo $val["db"] ?>"><?php __("Backup"); ?></a></div></td>
<td><div class="ina"><a href="sql_restore.php?id=<?php echo $val["db"] ?>"><?php __("Restore"); ?></a></div></td>
<td><div class="ina"><a href="sql_getparam.php?dbname=<?php echo $val["db"] ?>"><?php __("Settings"); ?></a></div></td>
<td><code><?php echo format_size($val["size"]); ?></code></td>
</tr>
<?php

5
bureau/admin/sql_users_add.php
View File

@ -37,11 +37,6 @@ $fields = array (
);
getFields($fields);
if (!$quota->cancreate("mysql_users")) {
$error=_("err_mysql_13");
$fatal=1;
}
?>
<h3><?php __("Create a new MySQL user"); ?></h3>
<hr id="topbar"/>

8
bureau/admin/sql_users_del.php
View File

@ -28,6 +28,10 @@
----------------------------------------------------------------------
*/
require_once("../class/config.php");
$fields = array (
"confirm" => array ("post", "string", ""),
);
getFields($fields);
if(!isset($error)){
$error="";
}
@ -40,7 +44,7 @@ if (isset($confirm) && ($confirm=="y")) {
if (!$r) {
$error.=$err->errstr()."<br />";
} else {
$error.=sprintf(_("The user %s has been successfully deleted"),$mem->user["login"]."_$val")."<br />";
$error.=sprintf(_("The user %s has been successfully deleted"),$val)."<br />";
}
}
}
@ -63,7 +67,7 @@ include_once("head.php");
reset($_POST);
while (list($key,$val)=each($_POST)) {
if (substr($key,0,4)=="del_") {
echo "<input type=\"hidden\" name=\"$key\" value=\"$val\" />".$mem->user["login"]."_$val<br />\n";
echo "<input type=\"hidden\" name=\"$key\" value=\"$val\" />".$val."<br />\n";
}
}

15
bureau/admin/sql_users_doadd.php
View File

@ -37,17 +37,20 @@ $fields = array (
getFields($fields);
if (!$quota->cancreate("mysql_users")) {
// $error=_("err_mysql_1");
include("sql_users_add.php");
exit;
}
if(!empty($usern)){
if (!$mysql->add_user($usern,$password,$passconf)) {
$error=$err->errstr();
include("sql_users_add.php");
exit;
}
}else{
$usern=$mem->user["login"];
if (!$mysql->add_user($usern,$password,$passconf)) {
$error=$err->errstr();
include("sql_users_add.php");
exit;
}
}
include("sql_users_list.php");

23
bureau/admin/sql_users_dorights.php
View File

@ -1,6 +1,6 @@
<?php
/*
$Id: sql_users_rights.php,v 1.8 2006/02/16 16:26:28 nahuel Exp $
$Id: sql_users_dorights.php,v 1.8 2006/02/16 16:26:28 nahuel Exp $
----------------------------------------------------------------------
AlternC - Web Hosting System
Copyright (C) 2002 by the AlternC Development Team.
@ -36,16 +36,19 @@ $fields = array (
getFields($fields);
$keys=array_keys($_POST);
$dblist=$mysql->get_dblist();
for( $i=0 ; $i<count($dblist) ; $i++ ) {
$rights=array();
for( $j=0 ; $j<count($keys) ; $j++ ) {
if( strpos( $keys[$j], $dblist[$i]["name"]."_" ) === 0 )
$rights[]=substr($keys[$j], strlen( $dblist[$i]["name"]."_" ));
foreach($_POST as $k=>$v) {
$keys[$k]=$v;
}
$mysql->set_user_rights($id,$dblist[$i]["name"],$rights);
$cleanrights=array("select","update","insert","delete","create","drop","references","index","alter","create_tmp",'lock');
foreach($mysql->get_dblist() as $d){
$rights=array();
foreach ($cleanrights as $r) {
if (isset($keys[$d['db'].'_'.$r])) {
$rights[]=$r;
}
}
$mysql->set_user_rights($id,$d['db'],$rights);
}
$error=_("The rights has been successfully applied to the user");

4
bureau/admin/sql_users_list.php
View File

@ -56,7 +56,7 @@ for($i=0;$i<count($r);$i++) {
<td align="center">
<input type="checkbox" class="inc" id="del_<?php echo $val["name"]; ?>" name="del_<?php echo $val["name"]; ?>" value="<?php echo $val["name"]; ?>" />
</td>
<td><label for="del_<?php echo $val["name"]; ?>"><?php echo $mem->user["login"]."_".$val["name"]; ?></label></td>
<td><label for="del_<?php echo $val["name"]; ?>"><?php echo $val["name"]; ?></label></td>
<td><span class="ina"><a href="sql_users_rights.php?id=<?php echo $val["name"] ?>"><?php __("Manage the rights"); ?></a></span></td>
<td><span class="ina"><a href="sql_users_password.php?id=<?php echo $val["name"] ?>"><?php __("Password change"); ?></a></span></td>
</tr>
@ -76,12 +76,10 @@ for($i=0;$i<count($r);$i++) {
<?php
}
if ($quota->cancreate("mysql_users")) {
?>
<p>
<span class="ina"><a href="sql_users_add.php"><?php __("Create a new MySQL user"); ?></a><br /></span>
</p>
<?php
}
?>
<?php include_once("foot.php"); ?>

2
bureau/admin/sql_users_password.php
View File

@ -38,7 +38,7 @@ getFields($fields);
$r=$mysql->get_user_dblist($id);
?>
<h3><?php __("Change this user's password"); echo " - ".$mem->user["login"]."_".$id ?></h3>
<h3><?php __("Change this user's password"); echo " - ".$id ?></h3>
<hr id="topbar"/>
<br />
<?php

5
bureau/admin/sql_users_rights.php
View File

@ -36,9 +36,8 @@ $fields = array (
getFields($fields);
$r=$mysql->get_user_dblist($id);
?>
<h3><?php printf(_("MySQL Rights for %s"),$mem->user["login"]."_".$id) ?></h3>
<h3><?php printf(_("MySQL Rights for %s"),$id) ?></h3>
<hr id="topbar"/>
<br />
<?php
@ -77,7 +76,7 @@ for($i=0;$i<count($r);$i++) {
$col=3-$col;
?>
<tr class="lst<?php echo $col; ?>">
<td><strong><?php echo $mem->user["login"].($val["db"]?"_":"").$val["db"] ?></strong></td>
<td><strong><?php echo $val["db"] ?></strong></td>
<td><a href="javascript:inverse_sql_right('<?php echo htmlentities($val["db"]);?>');"><?php __('Reverse selection');?></a></td>
<?php foreach($sql_right as $sr) { ?>
<td align="center">

210
bureau/class/m_mysql.php
View File

@ -113,7 +113,7 @@ class m_mysql {
* Quota name
*/
function alternc_quota_names() {
return array("mysql","mysql_users");
return array("mysql");
}
@ -199,6 +199,12 @@ class m_mysql {
return array("enabled"=>true,"login"=>$db->f("login"),"db"=>$db->f("db"), "name"=>$dbn,"bck"=>$db->f("bck_mode"), "dir"=>substr($db->f("bck_dir"),strlen($root)), "size"=>$size, "pass"=>$db->f("pass"), "history"=>$db->f("bck_history"), "gzip"=>$db->f("bck_gzip"));
}
function test_get_param($dbname){
global $db,$err,$cuid;
$db->query("SELECT ");
}
/*---------------------------------------------------------------------------*/
/** Create a new database for the current user.
@ -209,15 +215,25 @@ class m_mysql {
function add_db($dbn) {
global $db,$err,$quota,$mem,$cuid,$admin;
$err->log("mysql","add_db",$dbn);
$password_user="";
if (!$quota->cancreate("mysql")) {
$err->raise("mysql",1);
return false;
}
$pos=strpos($dbn,'_');
if($pos === false){
$dbname=$dbn;
}else{
$dbncomp=explode('_',$dbn);
$dbname=$dbn;
$dbn=$dbncomp[1];
}
if (!preg_match("#^[0-9a-z]*$#",$dbn)) {
$err->raise("mysql",2);
return false;
}
$dbname=$mem->user["login"].($dbn?"_":"").$dbn;
if (strlen($dbname) > 64) {
$err->raise("mysql",12);
return false;
@ -227,6 +243,14 @@ class m_mysql {
$err->raise("mysql",3);
return false;
}
$db->query("SELECT name from dbusers where name='".$dbname."' and enable='ACTIVATED' ;");
if(!$db->num_rows()){
$password_user=create_pass(8);
if(!$this->add_user($dbn,$password_user,$password_user)){
}
}
//checking for the phpmyadmin user
$db->query("SELECT * FROM dbusers WHERE uid=$cuid AND enable='ADMIN';");
if ($db->num_rows()) {
@ -234,18 +258,21 @@ class m_mysql {
$myadm=$db->f("name");
$password=$db->f("password");
}else{
$err->raise("mysql",3);
$err->raise("mysql",3);//FIXME error code
return false;
}
//Grant the special user every rights.
if ($this->dbus->query("CREATE DATABASE `$dbname`;")) {
$err->log("mysql","add_db_succes",$dbn);
// Ok, database does not exist, quota is ok and dbname is compliant. Let's proceed
$db->query("INSERT INTO db (uid,login,pass,db,bck_mode) VALUES ('$cuid','$myadm','$password','$dbname',0);");
$dbuser=$dbname;
$dbname=str_replace('_','\_',$dbname);
$this->grant($dbname,$myadm,"ALL PRIVILEGES",$password);
if(!empty($password_user)){
$this->grant($dbname,$dbuser,"ALL PRIVILEGES",$password_user);
}
$this->dbus->query("FLUSH PRIVILEGES;");
return true;
} else {
@ -265,8 +292,7 @@ class m_mysql {
function del_db($dbn) {
global $db,$err,$mem,$cuid;
$err->log("mysql","del_db",$dbn);
$dbname=addslashes($mem->user["login"].($dbn?"_":"").$dbn);
$dbname=addslashes($dbn);
$db->query("SELECT uid FROM db WHERE db='$dbname';");
if (!$db->num_rows()) {
$err->raise("mysql",4);
@ -278,10 +304,18 @@ class m_mysql {
$db->query("DELETE FROM size_db WHERE db='$dbname';");
$db->query("DELETE FROM db WHERE uid='$cuid' AND db='$dbname';");
$this->dbus->query("DROP DATABASE `$dbname`;");
$db_esc=str_replace('_','\_',$dbname);
$db->query("select User from mysql.db where User='".$dbname."' and Db!='".$db_esc."' and (Select_priv='Y' or Insert_priv='Y' or Update_priv='Y' or Delete_priv='Y' or Create_priv='Y' or Drop_priv='Y' or References_priv='Y' or Index_priv='Y' or Alter_priv='Y' or Create_tmp_table_priv='Y' or Lock_tables_priv='Y');");
if(!$db->num_rows()){
$this->del_user($dbname);
}
return true;
}
/*---------------------------------------------------------------------------*/
/** Set the backup parameters for the database $db
* @param $db string database name
@ -374,32 +408,31 @@ class m_mysql {
**/
function grant($base,$user,$rights=null,$pass=null,$table='*'){
global $err,$db;
$err->log("mysql","grant",$base);
$err->log("mysql","grant",$base."-".$user);
if(!preg_match("#^[0-9a-z_\\*\\\\]*$#",$base)){
$err->raise("mysql",2);
$err->raise("mysql","base_not_match");
return false;
}elseif(!$db->query("select db from db where db='$base';")){
$err->raise("mysql",10);
$err->raise("mysql","query base fail");
return false;
}
if($rights==null){
$rights='ALL PRIVILEGES';
}elseif(!preg_match("#^[a-zA-Z,\s]*$#",$rights)){
$err->raise("mysql",3);
$err->raise("mysql","rights_fail");
return false;
}
if(!preg_match("#^[0-9a-z_]*$#",$user)) {
$err->raise("mysql",5);
$err->raise("mysql","user match");
return false;
}
$db->query("select name from dbusers where name='".$user."' ;");
if(!$db->num_rows()){
$err->raise("mysql",6);
$lol=$db->f('name');
$err->raise("mysql","num row 0:".$lol."<--".$user);
return false;
}
if($rights == "FILE"){
@ -414,7 +447,7 @@ class m_mysql {
$grant .= ";";
}
if(!$this->dbus->query($grant)){
$err->raise("mysql",7);
$err->raise("mysql","grant fail:".$grant);
return false;
}
return true;
@ -492,12 +525,80 @@ class m_mysql {
$c=array();
$db->query("SELECT name FROM dbusers WHERE uid='$cuid' and enable not in ('ADMIN','HIDDEN') ORDER BY name;");
while ($db->next_record()) {
$c[]=array("name"=>substr($db->f("name"),strpos($db->f("name"),"_")+1));
$pos=strpos($db->f("name"),"_");
if($pos === false){
$c[]=array("name"=>($db->f("name")));
}else{
$c[]=array("name"=>($db->f("name")));
//$c[]=array("name"=>substr($db->f("name"),strpos($db->f("name"),"_")+1));
}
}
return $c;
}
function get_defaultsparam($dbn){
global $db,$err,$bro,$cuid;
$err->log("mysql","getdefaults");
$dbu=$dbn;
$r=array();
$dbn=str_replace('_','\_',$dbn);
$db->query("Select Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,References_priv,Index_priv,Alter_priv,Create_tmp_table_priv,Lock_tables_priv from mysql.db where Db='".$dbn."' and User='".$dbu."';");
if(!$db->num_rows()){
return $r;
}
$db->next_record();
$r['Host']=$db->f('Host');
if($db->f('Select_priv') !== "Y"){
return $r;
}
if($db->f('Insert_priv') !== "Y"){
return $r;
}
if($db->f('Update_priv') !== "Y"){
return $r;
}
if($db->f('Delete_priv') !== "Y"){
return $r;
}
if($db->f('Create_priv') !== "Y"){
return $r;
}
if($db->f('Drop_priv') !== "Y"){
return $r;
}
if($db->f('References_priv') !== "Y"){
return $r;
}
if($db->f('Index_priv') !== "Y"){
return $r;
}
if($db->f('Alter_priv') !== "Y"){
return $r;
}
if($db->f('Create_tmp_table_priv') !== "Y"){
return $r;
}
if($db->f('Lock_tables_priv') !== "Y"){
return $r;
}
if(!$db->query("SELECT name,password from dbusers where name='".$dbu."';")){
return $r;
}
if(!$db->num_rows()){
return $r;
}
$db->next_record();
$r['user']=$db->f('name');
$r['password']=$db->f('password');
return $r;
}
/* ------------------------------------------------------------ */
/**
@ -512,7 +613,12 @@ class m_mysql {
$err->log("mysql","add_user",$usern);
$usern=trim($usern);
$user=addslashes($mem->user["login"]."_".$usern);
$login=$mem->user["login"];
if($login != $usern){
$user=addslashes($login."_".$usern);
}else{
$user=$usern;
}
$pass=addslashes($password);
if (!$usern) {
@ -523,15 +629,12 @@ class m_mysql {
$err->raise("mysql",20);
return false;
}
if (!$quota->cancreate("mysql_users")) {
$err->raise("mysql",13);
return false;
}
if (!preg_match("#^[0-9a-z]#",$usern)) {
$err->raise("mysql",14);
return false;
}
// We check the length of the COMPLETE username, not only the part after _
if (strlen($user) > 16) {
$err->raise("mysql",15);
@ -554,10 +657,10 @@ class m_mysql {
}
}
// We add him to the user table
$db->query("INSERT INTO dbusers (uid,name,password,enable) VALUES($cuid,'$user','$password','ACTIVATED');");
// We create the user account (the "file" right is the only one we need globally to be able to use load data into outfile)
$this->grant("*",$user,"FILE",$pass);
// We add him to the user table
$db->query("INSERT INTO dbusers (uid,name,enable) VALUES($cuid,'$user','ACTIVATED');");
return true;
}
@ -574,7 +677,7 @@ class m_mysql {
$err->log("mysql","change_user_pass",$usern);
$usern=trim($usern);
$user=addslashes($mem->user["login"]."_".$usern);
$user=addslashes($usern);
$pass=addslashes($password);
if ($password != $passconf || !$password) {
$err->raise("mysql",17);
@ -587,7 +690,8 @@ class m_mysql {
return false; // The error has been raised by checkPolicy()
}
}
$this->dbus->query("SET PASSWORD FOR ".$user."@".$this->dbus->Host." = PASSWORD('".$pass."')");
$db->query("SET PASSWORD FOR '".$user."'@'".$this->dbus->Host."' = PASSWORD('".$pass."');");
$db->query("UPDATE dbusers set password='".$pass."' where name='".$usern."' and uid=$cuid ;");
return true;
}
@ -606,7 +710,7 @@ class m_mysql {
$err->raise("mysql",14);
return false;
}
$db->query("SELECT name FROM dbusers WHERE name='".$mem->user["login"]."_$user' and enable not in ('ADMIN','HIDDEN');");
$db->query("SELECT name FROM dbusers WHERE name='".$user."' and enable not in ('ADMIN','HIDDEN');");
if (!$db->num_rows()) {
$err->raise("mysql",18);
return false;
@ -615,11 +719,11 @@ class m_mysql {
$login=$db->f("name");
// Ok, database exists and dbname is compliant. Let's proceed
$this->dbus->query("REVOKE ALL PRIVILEGES ON *.* FROM '".$mem->user["login"]."_$user'@'".$this->dbus->Host."';");
$this->dbus->query("DELETE FROM mysql.db WHERE User='".$mem->user["login"]."_$user' AND Host='".$this->dbus->Host."';");
$this->dbus->query("DELETE FROM mysql.user WHERE User='".$mem->user["login"]."_$user' AND Host='".$this->dbus->Host."';");
$this->dbus->query("FLUSH PRIVILEGES");
$this->dbus->query("DELETE FROM dbusers WHERE uid='$cuid' AND name='".$mem->user["login"]."_$user';");
$db->query("REVOKE ALL PRIVILEGES ON *.* FROM '".$user."'@'".$this->dbus->Host."';");
$db->query("DELETE FROM mysql.db WHERE User='".$user."' AND Host='".$this->dbus->Host."';");
$db->query("DELETE FROM mysql.user WHERE User='".$user."' AND Host='".$this->dbus->Host."';");
$db->query("FLUSH PRIVILEGES");
$db->query("DELETE FROM dbusers WHERE uid='$cuid' AND name='".$user."';");
return true;
}
@ -630,21 +734,29 @@ class m_mysql {
* @param $user the username
* @return array An array of database name and rights
**/
function get_user_dblist($user){
global $db,$err,$mem,$cuid,$L_MYSQL_DATABASE;
$err->log("mysql","get_user_dblist");
global $db,$err,$mem,$cuid;
$r=array();
$db->free();
$dblist=$this->get_dblist();
for ( $i=0 ; $i<count($dblist) ; $i++ ) {
$this->dbus->query("SELECT Db, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, References_priv, Index_priv, Alter_priv, Create_tmp_table_priv, Lock_tables_priv FROM mysql.db WHERE User='".$mem->user["login"].($user?"_":"").$user."' AND Host='".$this->dbus->Host."' AND Db='".$dblist[$i]["db"]."';");
if ($this->dbus->next_record())
$r[]=array("db"=>$dblist[$i]["name"], "select"=>$this->dbus->f("Select_priv"), "insert"=>$this->dbus->f("Insert_priv"), "update"=>$this->dbus->f("Update_priv"), "delete"=>$this->dbus->f("Delete_priv"), "create"=>$this->dbus->f("Create_priv"), "drop"=>$this->dbus->f("Drop_priv"), "references"=>$this->dbus->f("References_priv"), "index"=>$this->dbus->f("Index_priv"), "alter"=>$this->dbus->f("Alter_priv"), "create_tmp"=>$this->dbus->f("Create_tmp_table_priv"), "lock"=>$this->dbus->f("Lock_tables_priv"));
else
$r[]=array("db"=>$dblist[$i]["name"], "select"=>"N", "insert"=>"N", "update"=>"N", "delete"=>"N", "create"=>"N", "drop"=>"N", "references"=>"N", "index"=>"N", "alter"=>"N", "Create_tmp"=>"N", "lock"=>"N" );
foreach($dblist as $tab){
$pos=strpos($tab['db'],"_");
if($pos === false){
$this->dbus->query("SELECT Db, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, References_priv, Index_priv, Alter_priv, Create_tmp_table_priv, Lock_tables_priv FROM mysql.db WHERE User='".$user."' AND Host='".$this->dbus->Host."' AND Db='".$tab["db"]."';");
}else{
$dbname=str_replace('_','\_',$tab['db']);
$this->dbus->query("SELECT Db, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, References_priv, Index_priv, Alter_priv, Create_tmp_table_priv, Lock_tables_priv FROM mysql.db WHERE User='".$user."' AND Host='".$this->dbus->Host."' AND Db='".$dbname."';");
}
if ($this->dbus->next_record()){
$r[]=array("db"=>$tab["db"], "select"=>$this->dbus->f("Select_priv"), "insert"=>$this->dbus->f("Insert_priv"), "update"=>$this->dbus->f("Update_priv"), "delete"=>$this->dbus->f("Delete_priv"), "create"=>$this->dbus->f("Create_priv"), "drop"=>$this->dbus->f("Drop_priv"), "references"=>$this->dbus->f("References_priv"), "index"=>$this->dbus->f("Index_priv"), "alter"=>$this->dbus->f("Alter_priv"), "create_tmp"=>$this->dbus->f("Create_tmp_table_priv"), "lock"=>$this->dbus->f("Lock_tables_priv"));
}else{
$r[]=array("db"=>$tab['db'], "select"=>"N", "insert"=>"N", "update"=>"N", "delete"=>"N", "create"=>"N", "drop"=>"N", "references"=>"N", "index"=>"N", "alter"=>"N", "Create_tmp"=>"N", "lock"=>"N" );
}
}
return $r;
}
@ -658,10 +770,13 @@ class m_mysql {
*
**/
function set_user_rights($user,$dbn,$rights) {
global $mem, $db;
global $mem,$err,$db;
$err->log("mysql","set_user_rights");
$err->log("mysql",$dbn);
$usern=addslashes($mem->user["login"].($user?"_":"").$user);
$dbname=addslashes($mem->user["login"].($dbn?"_":"").$dbn);
$usern=addslashes($user);
$dbname=addslashes($dbn);
$dbname=str_replace('_','\_',$dbname);
// On génère les droits en fonction du tableau de droits
$strrights="";
for( $i=0 ; $i<count($rights) ; $i++ ) {
@ -705,7 +820,7 @@ class m_mysql {
// We reset all user rights on this DB :
$this->dbus->query("SELECT * FROM mysql.db WHERE User = '$usern' AND Db = '$dbname';");
if($this->dbus->num_rows())
$this->dbus->query("REVOKE ALL PRIVILEGES ON $dbname.* FROM '$usern'@'".$this->dbus->Host."';");
$this->dbus->query("REVOKE ALL PRIVILEGES ON `$dbname`.* FROM '$usern'@'".$this->dbus->Host."';");
if( $strrights ){
$strrights=substr($strrights,0,strlen($strrights)-1);
$this->grant($dbname,$usern,$strrights);
@ -757,15 +872,10 @@ class m_mysql {
$password=$db->f("password");
}else{
$myadm=$cuid."_myadm";
$password=create_pass(8);
}
$chars = "1234567890abcdefghijkmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
$i = 0;
$password = "";
while ($i <= 8) {
$password .= $chars{mt_rand(0,strlen($chars))};
$i++;
}
$db->query("INSERT INTO dbusers (uid,name,password,enable) VALUES ('$cuid','$myadm','$password','ADMIN');");
return true;