kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Commit de modification simplification de gestion du SQL

This commit is contained in:
Steven Mondji-Lerider 2012-08-10 17:18:34 +00:00
parent de0bff335b
commit 5bf955c998
10 changed files with 113 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
bureau/admin/sql_add.php
View File

@ -38,9 +38,9 @@ if (!$quota->cancreate("mysql")) {
?>
<h3><?php __("Create a new MySQL database"); ?></h3>
<?php
if ($error) {
if (isset($error) && $error) {
echo "<p class=\"error\">$error</p>";
if ($fatal) {
if (isset($fatal) && $fatal) {
include_once("foot.php");
exit();
}
@ -48,9 +48,11 @@ if (!$quota->cancreate("mysql")) {
?>
<form method="post" action="sql_doadd.php" id="main" name="main">
<table class="tedit">
<tr><th><label for="dbn"><?php __("MySQL Database"); ?></label></th><td>
<span class="int" id="dbnpfx"><?php echo $mem->user["login"]; ?>_</span><input type="text" class="int" name="dbn" id="dbn" value="<?php ehe($dbn); ?>" size="20" maxlength="30" />
</td></tr>
<tr>
<th><label for="dbn"><?php __("MySQL Database"); ?></label></th>
<td>
<span class="int" id="dbnpfx"><?php echo $mem->user["login"]; ?>_</span><input type="text" class="int" name="dbn" id="dbn" value="" size="20" maxlength="30" />
</tr>
</table>
<br />
<input type="submit" class="inb" name="submit" value="<?php __("Create this new MySQL database."); ?>" />

2
bureau/admin/sql_admin.php
View File

@ -30,7 +30,7 @@
require_once("../class/config.php");
// include_once ("head.php");
if (!$r=$mysql->get_dblist()) {
if (!$r=$mysql->php_myadmin_connect()) {
$error=$err->errstr();
} else {
setcookie("REMOTE_USER",$r[0]["login"],0,"/");

2
bureau/admin/sql_doadd.php
View File

@ -44,4 +44,4 @@ if (!$mysql->add_db($dbn)) {
include("sql_list.php");
?>
?>

2
bureau/admin/sql_getparam.php
View File

@ -56,7 +56,7 @@ if (!$r=$mysql->get_dblist()) {
</tr>
<tr>
<th><?php __("MySQL Server"); ?></th>
<td><code><?php echo $mysql->server; ?></code></td>
<td><code><?php echo $mysql->dbus->HumanHostname; ?></code></td>
</tr>
<tr>
<th><?php __("Main database"); ?></th>

49
bureau/admin/sql_list.php
View File

@ -30,7 +30,8 @@
require_once("../class/config.php");
include_once("head.php");
$r=$mysql->get_dblist();
$rdb=$mysql->get_dblist();
$r=$mysql->get_userslist();
?>
<h3><?php __("MySQL Databases"); ?></h3>
@ -40,20 +41,30 @@ $r=$mysql->get_dblist();
if (isset($error) && $error) {
echo "<p class=\"error\">$error</p>";
}
if ($r) {
echo "<p>"._("help_sql_list_ok")."</p>";
if(!$r || empty($r)){
echo "<p class=\"error\">"._("You have no sql user at the moment.")."</p>";
}
?>
<table class="tedit">
<tr>
<?php __("Your current settings are"); ?>
</tr><tr>
<th><?php __("MySQL Server"); ?> : </th>
<td><code><?php echo $mysql->dbus->HumanHostname; ?></code></td>
</tr>
</table>
<?php
if($rdb){
?>
<form method="post" action="sql_del.php" name="main" id="main">
<table class="tlist">
<tr><th>&nbsp;</th><th><?php __("Database"); ?></th><th><?php __("Backup"); ?></th><th><?php __("Restore"); ?></th><th><?php __("Size"); ?></th></tr>
<?php
$col=1;
for($i=0;$i<count($r);$i++) {
$val=$r[$i];
for($i=0;$i<count($rdb);$i++) {
$val=$rdb[$i];
$val['size'] = $mysql->get_db_size($val['db']);
$col=3-$col;
?>
@ -74,31 +85,15 @@ for($i=0;$i<count($r);$i++) {
</td></tr>
</table>
</form>
<?php
}
?>
<p>&nbsp;</p>
<?php if ($quota->cancreate("mysql")) { ?>
<p> <span class="ina"><a href="sql_add.php"><?php __("Create a new MySQL database"); ?></a></span> </p>
<?php } ?>
<p><span class="ina"><a href="sql_passchg.php"><?php __("Change the MySQL password"); ?></a></span></p>
<p><span class="ina"><a href="sql_getparam.php"><?php __("Get the current MySQL parameters"); ?></a></span></p>
<?php
} else {
echo "<p>"._("help_sql_list_no")."</p>";
<?php }
?>
<form method="post" action="sql_addmain.php" name="main" id="main">
<table class="tedit">
<tr><th><?php __("Username"); ?></th><td><code><?php echo $mem->user["login"]; ?></code></td></tr>
<tr><th><label for="pass"><?php __("Password"); ?></label></th><td><code><input class="int" type="password" name="pass" id="pass" value="" /></code></td></tr>
<tr><th><?php __("SQL Server"); ?></th><td><code><?php echo $L_MYSQL_HOST; ?></code></td></tr>
<tr><th><?php __("Database"); ?></th><td><code><?php echo $mem->user["login"]; ?></code></td></tr>
<tr class="trbtn"><td colspan="2"><input type="submit" class="inb" name="submit" value="<?php __("Create my main database"); ?>" /></td></tr>
</table>
</form>
<?php } ?>
<script type="text/javascript">
document.forms['main'].pass.focus();
document.forms['main'].setAttribute('autocomplete', 'off');

8
bureau/admin/sql_users_list.php
View File

@ -41,12 +41,8 @@ $rdb=$mysql->get_dblist();
if (isset($error) && $error) {
echo "<p class=\"error\">$error</p><p>&nbsp;</p>";
}
if ($rdb) {
if($r){
echo "<p>"._("help_sql_users_list_ok")."</p>";
?>
<form method="post" action="sql_users_del.php">
<table cellspacing="0" cellpadding="4">
<tr><th>&nbsp;</th><th><?php __("User"); ?></th><th><?php __("Rights"); ?></th><th><?php __("Password");?></th></tr>
@ -87,9 +83,5 @@ for($i=0;$i<count($r);$i++) {
</p>
<?php
}
} else {
include("sql_list.php"); // no main database, let's show the main db creation form (don't duplicate it here...)
exit();
}
?>
<?php include_once("foot.php"); ?>

2
bureau/admin/sql_users_password.php
View File

@ -42,7 +42,7 @@ $r=$mysql->get_user_dblist($id);
<hr id="topbar"/>
<br />
<?php
if ($error) {
if (isset($error) && $error) {
echo "<p class=\"error\">$error</p><p>&nbsp;</p>";
}

155
bureau/class/m_mysql.php
View File

@ -83,7 +83,6 @@ class DB_users extends DB_Sql {
# Create the object
$this->Host = $host;
$this->client = $GLOBALS['L_MYSQL_CLIENT'];
$this->User = $user;
$this->Password = $password;
// TODO BUG BUG BUG
@ -150,6 +149,28 @@ class m_mysql {
return $c;
}
/*---------------------------------------------------------------------------*/
/** Get the login and password of the special user able to connect to phpmyadmin
* @return array returns an associative array with login and password
* Returns FALSE if error
*/
function php_myadmin_connect(){
global $db,$cuid,$err;
$err->log("mysql","php_myadmin_connect");
$db->query("SELECT name,password FROM dbusers WHERE uid='$cuid' and enable='ADMIN';");
if (!$db->num_rows()) {
$err->raise("mysql",11);
return false;
}
$db->next_record();
$info=array();
$info[]=array(
"login"=>$db->f("name"),
"pass"=>$db->f("password")
);
return $info;
}
/*---------------------------------------------------------------------------*/
/** Returns the details of a user's database.
@ -189,7 +210,7 @@ class m_mysql {
* an error occured, such as over quota user.
*/
function add_db($dbn) {
global $db,$err,$quota,$mem,$cuid;
global $db,$err,$quota,$mem,$cuid,$admin;
$err->log("mysql","add_db",$dbn);
if (!$quota->cancreate("mysql")) {
$err->raise("mysql",1);
@ -209,23 +230,28 @@ class m_mysql {
$err->raise("mysql",3);
return false;
}
// find the login/pass for this user :
$db->query("SELECT login,pass FROM db WHERE uid='$cuid' LIMIT 0,1;");
if (!$db->num_rows()) {
$lo=$mem->user["login"];
$pa="";
} else {
//checking for the phpmyadmin user
$db->query("SELECT * FROM dbusers WHERE uid=$cuid AND enable='ADMIN';");
if ($db->num_rows()) {
$db->next_record();
$lo=addslashes($db->f("login"));
$pa=addslashes($db->f("pass"));
$myadm=$db->f("name");
$password=$db->f("password");
}else{
$err->raise("mysql",3);
return false;
}
//Grant the special user every rights.
if ($this->dbus->query("CREATE DATABASE `$dbname`;")) {
$err->log("mysql","add_db_succes",$dbn);
// Ok, database does not exist, quota is ok and dbname is compliant. Let's proceed
$db->query("INSERT INTO db (uid,login,pass,db,bck_mode) VALUES ('$cuid','$lo','$pa','$dbname',0);");
// give everything but GRANT on db.*
// we assume there's already a user
$this->dbus->query("GRANT ALL PRIVILEGES ON `".$dbname."`.* TO '".$lo."@".$this->dbus->client."';");
$db->query("INSERT INTO db (uid,login,pass,db,bck_mode) VALUES ('$cuid','$myadm','$password','$dbname',0);");
 #TODO escape dbname to avoid wildcard '_'
die();
print_r("GRANT ALL PRIVILEGES ON `".$dbname."`.* TO '".$myadm."'@".$this->dbus->Host." IDENTIFIED BY '".addslashes($password)."'");
$this->dbus->query("GRANT ALL PRIVILEGES ON `".addslashes($dbname)."`.* TO '".$myadm."'@".$this->dbus->Host." IDENTIFIED BY '".addslashes($password)."'");
$this->dbus->query("FLUSH PRIVILEGES;");
return true;
} else {
$err->log("mysql","add_db",$dbn);
@ -246,25 +272,17 @@ class m_mysql {
$err->log("mysql","del_db",$dbn);
$dbname=addslashes($mem->user["login"].($dbn?"_":"").$dbn);
$db->query("SELECT login FROM db WHERE db='$dbname';");
$db->query("SELECT uid FROM db WHERE db='$dbname';");
if (!$db->num_rows()) {
$err->raise("mysql",4);
return false;
}
$db->next_record();
$login=$db->f("login");
// Ok, database exists and dbname is compliant. Let's proceed
$db->query("DELETE FROM size_db WHERE db='$dbname';");
$db->query("DELETE FROM db WHERE uid='$cuid' AND db='$dbname';");
$this->dbus->query("DROP DATABASE `$dbname`;");
$db->query("SELECT COUNT(*) AS cnt FROM db WHERE uid='$cuid';");
$db->next_record();
$this->dbus->query("REVOKE ALL PRIVILEGES ON `".$dbname."`.* FROM '".$login."'@".$this->dbus->client."");
if ($this->dbus->f("cnt")==0) {
$this->dbus->query("DELETE FROM mysql.user WHERE User='".$login."';");
$this->dbus->query("FLUSH PRIVILEGES;");
}
return true;
}
@ -347,55 +365,11 @@ class m_mysql {
// Update all the "pass" fields for this user :
$db->query("UPDATE db SET pass='$password' WHERE uid='$cuid';");
$this->dbus->query("SET PASSWORD FOR ".$login."@".$this->dbus->client." = PASSWORD('$password');");
$this->dbus->query("SET PASSWORD FOR ".$login."@".$this->dbus->Host." = PASSWORD('$password');");
return true;
}
/* ----------------------------------------------------------------- */
/** Create a new mysql account for this user
* @param string cleartext password for the new account
* It also create the first database.
*/
function new_mysql($password) {
global $db,$err,$mem,$cuid,$admin;
$err->log("mysql","new_mysql");
if (strlen($password)>16) {
$err->raise("mysql",8);
return false;
}
if (!$password) {
$err->raise("mysql",20);
return false;
}
$db->query("SELECT * FROM db WHERE uid='$cuid';");
if ($db->num_rows()) {
$err->raise("mysql",10);
return false;
}
$login=$mem->user["login"];
$dbname=$mem->user["login"];
// Username cannot be longer than 16 characters
if (strlen($login)>16) {
$err->raise("mysql",15);
return false;
}
// Check this password against the password policy using common API :
if (is_callable(array($admin,"checkPolicy"))) {
if (!$admin->checkPolicy("mysql",$login,$password)) {
return false; // The error has been raised by checkPolicy()
}
}
// OK, creation now...
$db->query("INSERT INTO db (uid,login,pass,db) VALUES ('$cuid','".$login."','$password','".$dbname."');");
// give everything but GRANT on $user.*
$this->dbus->query("GRANT ALL PRIVILEGES ON `".$dbname."`.* TO '".$login."'@".$this->dbus->client." IDENTIFIED BY '".addslashes($password)."'");
$this->dbus->query("CREATE DATABASE `".$dbname."`;");
return true;
}
/* ----------------------------------------------------------------- */
@ -465,7 +439,7 @@ class m_mysql {
function get_userslist() {
global $db,$err,$bro,$cuid;
$err->log("mysql","get_userslist");
$db->query("SELECT name FROM dbusers WHERE uid='$cuid' ORDER BY name;");
$db->query("SELECT name FROM dbusers WHERE uid='$cuid' and enable not in ('ADMIN','HIDDEN') ORDER BY name;");
if (!$db->num_rows()) {
$err->raise("mysql",19);
return false;
@ -535,9 +509,9 @@ class m_mysql {
}
// We create the user account (the "file" right is the only one we need globally to be able to use load data into outfile)
$this->dbus->query("GRANT file ON *.* TO '$user'@".$this->dbus->client." IDENTIFIED BY '$pass';");
$this->dbus->query("GRANT file ON *.* TO '$user'@".$this->dbus->Host." IDENTIFIED BY '$pass';");
// We add him to the user table
$db->query("INSERT INTO dbusers (uid,name) VALUES($cuid,'$user');");
$db->query("INSERT INTO dbusers (uid,name,enable) VALUES($cuid,'$user','ACTIVATED');");
return true;
}
@ -567,7 +541,7 @@ class m_mysql {
return false; // The error has been raised by checkPolicy()
}
}
$this->dbus->query("SET PASSWORD FOR ".$user."@".$this->dbus->client." = PASSWORD(".$pass.")");
$this->dbus->query("SET PASSWORD FOR ".$user."@".$this->dbus->Host." = PASSWORD(".$pass.")");
return true;
}
@ -586,7 +560,7 @@ class m_mysql {
$err->raise("mysql",14);
return false;
}
$db->query("SELECT name FROM dbusers WHERE name='".$mem->user["login"]."_$user';");
$db->query("SELECT name FROM dbusers WHERE name='".$mem->user["login"]."_$user' and enable not in ('ADMIN','HIDDEN');");
if (!$db->num_rows()) {
$err->raise("mysql",18);
return false;
@ -595,9 +569,9 @@ class m_mysql {
$login=$db->f("name");
// Ok, database exists and dbname is compliant. Let's proceed
$this->dbus->query("REVOKE ALL PRIVILEGES ON *.* FROM '".$mem->user["login"]."_$user'@".$this->dbus->client.";");
$this->dbus->query("DELETE FROM mysql.db WHERE User='".$mem->user["login"]."_$user' AND Host=".$this->dbus->client.";");
$this->dbus->query("DELETE FROM mysql.user WHERE User='".$mem->user["login"]."_$user' AND Host=".$this->dbus->client.";");
$this->dbus->query("REVOKE ALL PRIVILEGES ON *.* FROM '".$mem->user["login"]."_$user'@'".$this->dbus->Host."';");
$this->dbus->query("DELETE FROM mysql.db WHERE User='".$mem->user["login"]."_$user' AND Host='".$this->dbus->Host."';");
$this->dbus->query("DELETE FROM mysql.user WHERE User='".$mem->user["login"]."_$user' AND Host='".$this->dbus->Host."';");
$this->dbus->query("FLUSH PRIVILEGES");
$this->dbus->query("DELETE FROM dbusers WHERE uid='$cuid' AND name='".$mem->user["login"]."_$user';");
return true;
@ -618,7 +592,7 @@ class m_mysql {
$dblist=$this->get_dblist();
for ( $i=0 ; $i<count($dblist) ; $i++ ) {
$this->dbus->query("SELECT Db, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, References_priv, Index_priv, Alter_priv, Create_tmp_table_priv, Lock_tables_priv FROM mysql.db WHERE User='".$mem->user["login"].($user?"_":"").$user."' AND Host=".$this->dbus->client." AND Db='".$dblist[$i]["db"]."';");
$this->dbus->query("SELECT Db, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, References_priv, Index_priv, Alter_priv, Create_tmp_table_priv, Lock_tables_priv FROM mysql.db WHERE User='".$mem->user["login"].($user?"_":"").$user."' AND Host='".$this->dbus->Host."' AND Db='".$dblist[$i]["db"]."';");
if ($this->dbus->next_record())
$r[]=array("db"=>$dblist[$i]["name"], "select"=>$this->dbus->f("Select_priv"), "insert"=>$this->dbus->f("Insert_priv"), "update"=>$this->dbus->f("Update_priv"), "delete"=>$this->dbus->f("Delete_priv"), "create"=>$this->dbus->f("Create_priv"), "drop"=>$this->dbus->f("Drop_priv"), "references"=>$this->dbus->f("References_priv"), "index"=>$this->dbus->f("Index_priv"), "alter"=>$this->dbus->f("Alter_priv"), "create_tmp"=>$this->dbus->f("Create_tmp_table_priv"), "lock"=>$this->dbus->f("Lock_tables_priv"));
else
@ -643,6 +617,7 @@ class m_mysql {
$usern=addslashes($mem->user["login"].($user?"_":"").$user);
$dbname=addslashes($mem->user["login"].($dbn?"_":"").$dbn);
// On génère les droits en fonction du tableau de droits
$strrights="";
for( $i=0 ; $i<count($rights) ; $i++ ) {
switch ($rights[$i]) {
case "select":
@ -684,10 +659,10 @@ class m_mysql {
// We reset all user rights on this DB :
$this->dbus->query("SELECT * FROM mysql.db WHERE User = '$usern' AND Db = '$dbname';");
if($this->dbus->num_rows())
$this->dbus->query("REVOKE ALL PRIVILEGES ON $dbname.* FROM '$usern'@'".$this->dbus->client."';");
$this->dbus->query("REVOKE ALL PRIVILEGES ON $dbname.* FROM '$usern'@'".$this->dbus->Host."';");
if( $strrights ){
$strrights=substr($strrights,0,strlen($strrights)-1);
$this->dbus->query("GRANT $strrights ON $dbname.* TO '$usern'@'".$this->dbus->client."';");
$this->dbus->query("GRANT $strrights ON $dbname.* TO '$usern'@'".$this->dbus->Host."';");
}
$this->dbus->query("FLUSH PRIVILEGES");
return TRUE;
@ -721,6 +696,26 @@ class m_mysql {
} else return false;
}
/* ----------------------------------------------------------------- */
/** Hook function called when a user is created.
* AlternC's standard function that create a member
* @access private
*/
function alternc_add_member() {
global $db,$err,$cuid,$mem;
$err->log("mysql","alternc_add_member");
//checking for the phpmyadmin user
$db->query("SELECT name,password FROM dbusers WHERE uid=$cuid AND Type='ADMIN';");
if ($db->num_rows()) {
$myadm=$db->f("name");
$password=$db->f("password");
}else{
$myadm=$mem->user["login"]."_myadm";
$password="kikoulol";
$db->query("INSERT INTO dbusers (uid,name,password,enable) VALUES ('$cuid','$myadm','$password','ADMIN');");
}
return true;
}
/* ----------------------------------------------------------------- */
/** Hook function called when a user is deleted.
@ -749,7 +744,7 @@ class m_mysql {
/* ----------------------------------------------------------------- */
/** Hook function called when a user is logged out.
* We just remove the cookie created in admin/sql_admin.php
* @access private
a @access private
*/
function alternc_del_session() {
setcookie("REMOTE_USER","");

2
etc/alternc/phpmyadmin.inc.php
View File

@ -16,7 +16,7 @@
include_once('/var/alternc/bureau/class/local.php');
$cfg['SuhosinDisableWarning'] = true;
$cfg['ShowCreateDb'] = false;
$i = 1;
$cfg['Servers'][$i]['host'] = $GLOBALS['L_MYSQL_HOST']; // MySQL hostname or IP address

5
install/mysql.sql
View File

@ -97,6 +97,7 @@ CREATE TABLE IF NOT EXISTS chgmail (
# Contient les bases mysql des membres, + login / pass en clair
CREATE TABLE IF NOT EXISTS db (
id bigint(20) unsigned NOT NULL AUTO_INCREMENT,
uid int(10) unsigned NOT NULL default '0', # Numro de l`utilisateur
login varchar(16) NOT NULL default '', # Nom d`utilisateur mysql
pass varchar(16) NOT NULL default '', # Mot de passe mysql
@ -105,7 +106,7 @@ CREATE TABLE IF NOT EXISTS db (
bck_history tinyint(3) unsigned NOT NULL default '0', # Nombre de backup conserver ?
bck_gzip tinyint(3) unsigned NOT NULL default '0', # Faut-il compresser les backups ?
bck_dir varchar(255) NOT NULL default '', # O stocke-t-on les backups sql ?
KEY uid (uid)
PRIMARY KEY uid (uid)
) TYPE=MyISAM COMMENT='Bases MySQL des membres';
--
@ -448,6 +449,8 @@ CREATE TABLE IF NOT EXISTS `dbusers` (
`id` int(10) unsigned NOT NULL auto_increment,
`uid` int(10) unsigned NOT NULL default '0',
`name` varchar(16) NOT NULL default '',
`password` varchar( 64 ),
`enable` enum ('ACTIVATED', 'HIDDEN', 'ADMIN') NOT NULL DEFAULT 'ACTIVATED',
KEY `id` (`id`)
) TYPE=MyISAM COMMENT='Utilisateurs MySQL des membres';