kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fixed #1174 : we check the length of mysql login everywhere. + english comments and misc code cleanup (hook functions at the end of the class)

This commit is contained in:
Benjamin Sonntag 2009-11-30 23:48:48 +00:00
parent 98c27aae57
commit a6a71eb04b
1 changed files with 134 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

233
bureau/class/m_mysql.php
View File

@ -38,6 +38,7 @@ class m_mysql {
var $server; var $server;
var $client; var $client;
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/
/** Constructor /** Constructor
* m_mysql([$mid]) Constructeur de la classe m_mysql, initialise le membre concerne * m_mysql([$mid]) Constructeur de la classe m_mysql, initialise le membre concerne
@ -47,6 +48,7 @@ class m_mysql {
$this->client = $GLOBALS['L_MYSQL_CLIENT']; $this->client = $GLOBALS['L_MYSQL_CLIENT'];
} }
/* ----------------------------------------------------------------- */ /* ----------------------------------------------------------------- */
/** Hook called by m_quota to obtain the quota managed by this class. /** Hook called by m_quota to obtain the quota managed by this class.
* Quota name * Quota name
@ -56,7 +58,6 @@ class m_mysql {
} }
/* ----------------------------------------------------------------- */ /* ----------------------------------------------------------------- */
/** /**
* Password kind used in this class (hook for admin class) * Password kind used in this class (hook for admin class)
@ -66,7 +67,6 @@ class m_mysql {
} }
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/
/** Get the list of the database for the current user. /** Get the list of the database for the current user.
* @return array returns an associative array as follow : <br> * @return array returns an associative array as follow : <br>
@ -90,6 +90,7 @@ class m_mysql {
return $c; return $c;
} }
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/
/** Returns the details of a user's database. /** Returns the details of a user's database.
* $dbn is the name of the database (after the _) or nothing for the database "$user" * $dbn is the name of the database (after the _) or nothing for the database "$user"
@ -120,6 +121,7 @@ class m_mysql {
return array("enabled"=>true,"login"=>$db->f("login"),"db"=>$db->f("db"), "name"=>$dbn,"bck"=>$db->f("bck_mode"), "dir"=>substr($db->f("bck_dir"),strlen($root)), "size"=>$size, "pass"=>$db->f("pass"), "history"=>$db->f("bck_history"), "gzip"=>$db->f("bck_gzip")); return array("enabled"=>true,"login"=>$db->f("login"),"db"=>$db->f("db"), "name"=>$dbn,"bck"=>$db->f("bck_mode"), "dir"=>substr($db->f("bck_dir"),strlen($root)), "size"=>$size, "pass"=>$db->f("pass"), "history"=>$db->f("bck_history"), "gzip"=>$db->f("bck_gzip"));
} }
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/
/** Create a new database for the current user. /** Create a new database for the current user.
* @param $dbn string Database name ($user_$dbn is the mysql db name) * @param $dbn string Database name ($user_$dbn is the mysql db name)
@ -170,6 +172,7 @@ class m_mysql {
} }
} }
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/
/** Delete a database for the current user. /** Delete a database for the current user.
* @param $dbn string Name of the database to delete. The db name is $user_$dbn * @param $dbn string Name of the database to delete. The db name is $user_$dbn
@ -202,6 +205,7 @@ class m_mysql {
return true; return true;
} }
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/
/** Set the backup parameters for the database $db /** Set the backup parameters for the database $db
* @param $db string database name * @param $db string database name
@ -245,6 +249,7 @@ class m_mysql {
return true; return true;
} }
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/
/** Change the password of the user in MySQL /** Change the password of the user in MySQL
* @param $password string new password (cleartext) * @param $password string new password (cleartext)
@ -279,6 +284,7 @@ class m_mysql {
return true; return true;
} }
/* ----------------------------------------------------------------- */ /* ----------------------------------------------------------------- */
/** Create a new mysql account for this user /** Create a new mysql account for this user
* @param string cleartext password for the new account * @param string cleartext password for the new account
@ -299,6 +305,12 @@ class m_mysql {
$login=$mem->user["login"]; $login=$mem->user["login"];
$dbname=$mem->user["login"]; $dbname=$mem->user["login"];
// Username cannot be longer than 16 characters
if (strlen($login)>16) {
$err->raise("mysql",15);
return false;
}
// Check this password against the password policy using common API : // Check this password against the password policy using common API :
if (is_callable(array($admin,"checkPolicy"))) { if (is_callable(array($admin,"checkPolicy"))) {
if (!$admin->checkPolicy("mysql",$login,$password)) { if (!$admin->checkPolicy("mysql",$login,$password)) {
@ -316,7 +328,11 @@ class m_mysql {
/* ----------------------------------------------------------------- */ /* ----------------------------------------------------------------- */
/** Restore a sql backup script on a user's database. /** Restore a sql database.
* @param $file string The filename, relative to the user root dir, which contains a sql dump
* @param $stdout boolean shall-we dump the error to stdout ?
* @param $id integer The ID of the database to dump to.
* @return boolean TRUE if the database has been restored, or FALSE if an error occurred
*/ */
function restore($file,$stdout,$id) { function restore($file,$stdout,$id) {
global $err,$bro,$mem,$L_MYSQL_HOST; global $err,$bro,$mem,$L_MYSQL_HOST;
@ -350,112 +366,30 @@ class m_mysql {
} }
} }
/* ----------------------------------------------------------------- */ /* ----------------------------------------------------------------- */
/** Get size of a database /** Get the size of a database
* @param $dbname name of the database * @param $dbname name of the database
* @return integer database size * @return integer database size
* @access private * @access private
*/ */
function get_db_size($dbname) { function get_db_size($dbname) {
global $db,$err; global $db,$err;
$db->query("SHOW TABLE STATUS FROM `$dbname`;"); $db->query("SHOW TABLE STATUS FROM `$dbname`;");
$size = 0; $size = 0;
while ($db->next_record()) { while ($db->next_record()) {
$size += $db->f('Data_length') + $db->f('Index_length') $size += $db->f('Data_length') + $db->f('Index_length')
+ $db->f('Data_free'); + $db->f('Data_free');
}
return $size;
}
/* ----------------------------------------------------------------- */
/** Hook function called by the quota class to compute user used quota
* Returns the used quota for the $name service for the current user.
* @param $name string name of the quota
* @return integer the number of service used or false if an error occured
* @access private
*/
function alternc_get_quota($name) {
global $err,$db,$cuid;
if ($name=="mysql") {
$err->log("mysql","alternc_get_quota");
$c=$this->get_dblist();
if (is_array($c)) {
return count($c);
} else {
return 0;
}
} elseif ($name=="mysql_users") {
$err->log("mysql","alternc_get_quota");
$c=$this->get_userslist();
if(is_array($c))
return count($c);
else
return 0;
} else return false;
}
/* ----------------------------------------------------------------- */
/** Hook function called when a user is deleted.
* AlternC's standard function that delete a member
*/
function alternc_del_member() {
global $db,$err,$cuid;
$err->log("mysql","alternc_del_member");
$c=$this->get_dblist();
if (is_array($c)) {
for($i=0;$i<count($c);$i++) {
$this->del_db($c[$i]["name"]);
}
} }
return true; return $size;
} }
/* ----------------------------------------------------------------- */
/** Hook function called when a user is logged out.
* We just remove the cookie created in admin/sql_admin.php
*/
function alternc_del_session() {
setcookie("REMOTE_USER","");
setcookie("REMOTE_PASSWORD","");
}
/* ----------------------------------------------------------------- */ /* ------------------------------------------------------------ */
/** /**
* Exporte toutes les informations mysql du compte. * Returns the list of database users of an account
* @access private **/
* EXPERIMENTAL 'sid' function ;)
*/
function alternc_export($tmpdir) {
global $db,$err,$cuid;
$err->log("mysql","export");
$db->query("SELECT login, pass, db, bck_mode, bck_dir, bck_history, bck_gzip FROM db WHERE uid='$cuid';");
if ($db->next_record()) {
$str="<mysql>\n";
$str.=" <login>".xml_entities($db->Record["login"])."</login>";
$str.=" <pass>".xml_entities($db->Record["pass"])."</pass>";
do {
// Do the dump :
$filename=$tmpdir."/mysql.".$db->Record["db"].".sql.gz";
exec("/usr/bin/mysqldump --add-drop-table --allow-keywords -Q -f -q -a -e -u".escapeshellarg($db->Record["login"])." -p".escapeshellarg($db->Record["pass"])." ".escapeshellarg($db->Record["db"])." |/bin/gzip >".escapeshellarg($filename));
$str.=" <db>\n";
$str.=" <name>".xml_entities($db->Record["db"])."</name>\n";
if ($s["bck_mode"]!=0) {
$str.=" <backup>\n";
$str.=" <mode>".xml_entities($db->Record["bck_mode"])."</mode>\n";
$str.=" <dir>".xml_entities($db->Record["bck_dir"])."</dir>\n";
$str.=" <history>".xml_entities($db->Record["bck_history"])."</history>\n";
$str.=" <gzip>".xml_entities($db->Record["bck_gzip"])."</gzip>\n";
$str.=" </backup>\n";
}
$str.=" </db>\n";
} while ($db->next_record());
$str.="</mysql>\n";
}
return $str;
}
function get_userslist() { function get_userslist() {
global $db,$err,$bro,$cuid; global $db,$err,$bro,$cuid;
$err->log("mysql","get_userslist"); $err->log("mysql","get_userslist");
@ -485,7 +419,7 @@ class m_mysql {
global $db,$err,$quota,$mem,$cuid,$admin; global $db,$err,$quota,$mem,$cuid,$admin;
$err->log("mysql","add_user",$usern); $err->log("mysql","add_user",$usern);
$user=addslashes($mem->user["login"]."_$usern"); $user=addslashes($mem->user["login"]."_".$usern);
$pass=addslashes($password); $pass=addslashes($password);
if (!$quota->cancreate("mysql_users")) { if (!$quota->cancreate("mysql_users")) {
@ -497,7 +431,8 @@ class m_mysql {
return false; return false;
} }
if (strlen($usern) > 16 || strlen($usern) == 0 ) { // We check the length of the COMPLETE username, not only the part after _
if (strlen($user) > 16 || strlen($usern) == 0 ) {
$err->raise("mysql",15); $err->raise("mysql",15);
return false; return false;
} }
@ -526,11 +461,10 @@ class m_mysql {
} }
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
/** /**
* Delete a new user in MySQL rights tables * Delete a user in MySQL rights tables
* @param $user the username (we will add _[alternc-account] to it) to delete * @param $user the username (we will add "[alternc-account]_" to it) to delete
* @return TRUE if the user has been deleted in MySQL or FALSE if an error occurred * @return TRUE if the user has been deleted in MySQL or FALSE if an error occurred
**/ **/
function del_user($user) { function del_user($user) {
@ -583,7 +517,6 @@ class m_mysql {
} }
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
/** /**
* Set the access rights of user $user to database $dbn to be rights $rights * Set the access rights of user $user to database $dbn to be rights $rights
@ -650,6 +583,98 @@ class m_mysql {
} }
/* ----------------------------------------------------------------- */
/** Hook function called by the quota class to compute user used quota
* Returns the used quota for the $name service for the current user.
* @param $name string name of the quota
* @return integer the number of service used or false if an error occured
* @access private
*/
function alternc_get_quota($name) {
global $err,$db,$cuid;
if ($name=="mysql") {
$err->log("mysql","alternc_get_quota");
$c=$this->get_dblist();
if (is_array($c)) {
return count($c);
} else {
return 0;
}
} elseif ($name=="mysql_users") {
$err->log("mysql","alternc_get_quota");
$c=$this->get_userslist();
if(is_array($c))
return count($c);
else
return 0;
} else return false;
}
/* ----------------------------------------------------------------- */
/** Hook function called when a user is deleted.
* AlternC's standard function that delete a member
* @access private
*/
function alternc_del_member() {
global $db,$err,$cuid;
$err->log("mysql","alternc_del_member");
$c=$this->get_dblist();
if (is_array($c)) {
for($i=0;$i<count($c);$i++) {
$this->del_db($c[$i]["name"]);
}
}
return true;
}
/* ----------------------------------------------------------------- */
/** Hook function called when a user is logged out.
* We just remove the cookie created in admin/sql_admin.php
* @access private
*/
function alternc_del_session() {
setcookie("REMOTE_USER","");
setcookie("REMOTE_PASSWORD","");
}
/* ----------------------------------------------------------------- */
/**
* Exporte all the mysql information of an account
* @access private
* EXPERIMENTAL 'sid' function ;)
*/
function alternc_export($tmpdir) {
global $db,$err,$cuid;
$err->log("mysql","export");
$db->query("SELECT login, pass, db, bck_mode, bck_dir, bck_history, bck_gzip FROM db WHERE uid='$cuid';");
if ($db->next_record()) {
$str="<mysql>\n";
$str.=" <login>".xml_entities($db->Record["login"])."</login>";
$str.=" <pass>".xml_entities($db->Record["pass"])."</pass>";
do {
// Do the dump :
$filename=$tmpdir."/mysql.".$db->Record["db"].".sql.gz";
exec("/usr/bin/mysqldump --add-drop-table --allow-keywords -Q -f -q -a -e -u".escapeshellarg($db->Record["login"])." -p".escapeshellarg($db->Record["pass"])." ".escapeshellarg($db->Record["db"])." |/bin/gzip >".escapeshellarg($filename));
$str.=" <db>\n";
$str.=" <name>".xml_entities($db->Record["db"])."</name>\n";
if ($s["bck_mode"]!=0) {
$str.=" <backup>\n";
$str.=" <mode>".xml_entities($db->Record["bck_mode"])."</mode>\n";
$str.=" <dir>".xml_entities($db->Record["bck_dir"])."</dir>\n";
$str.=" <history>".xml_entities($db->Record["bck_history"])."</history>\n";
$str.=" <gzip>".xml_entities($db->Record["bck_gzip"])."</gzip>\n";
$str.=" </backup>\n";
}
$str.=" </db>\n";
} while ($db->next_record());
$str.="</mysql>\n";
}
return $str;
}
} /* Class m_mysql */ } /* Class m_mysql */