From b28b73e9130a0cf8912c03e5443a3eda5c527141 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 27 Apr 2016 19:04:49 +0200 Subject: [PATCH] issue #75: defines length of sql user and database names depending of the local configuration. --- bureau/admin/sql_list.php | 4 ++-- bureau/class/config.php | 11 +++++++++++ bureau/class/m_mysql.php | 15 +++++++++------ 3 files changed, 22 insertions(+), 8 deletions(-) diff --git a/bureau/admin/sql_list.php b/bureau/admin/sql_list.php index 889fdb90..8cd8402c 100644 --- a/bureau/admin/sql_list.php +++ b/bureau/admin/sql_list.php @@ -96,8 +96,8 @@ for($i=0;$i user["login"].'_')); + // Set a maximum length for the database name if we want the mysql user to be automatically created. + $max_dbsufix_size=(variable_get("sql_max_database_length", 16)-strlen($mem->user["login"].'_')); ?> user["login"]; ?>_ diff --git a/bureau/class/config.php b/bureau/class/config.php index 323ebabd..7412c2fa 100644 --- a/bureau/class/config.php +++ b/bureau/class/config.php @@ -225,3 +225,14 @@ variable_get('subadmin_restriction', '0', "This variable sets the way the accoun variable_get('auth_ip_ftp_default_yes', '1', "This variable sets if you want to allow all IP address to access FTP by default. If the user start to define some IP or subnet in the allow list, only those he defined will be allowed.", array('desc' => 'Allow by default?', 'type' => 'boolean')); +if ((variable_get('sql_max_username_length', NULL)==NULL)||(variable_get('sql_max_database_length', NULL)==NULL)) { + $result = $db->query("SELECT (SELECT CHARACTER_MAXIMUM_LENGTH length FROM information_schema.columns WHERE TABLE_SCHEMA='mysql' and TABLE_NAME='user' and COLUMN_NAME='User') username, (SELECT CHARACTER_MAXIMUM_LENGTH length FROM information_schema.columns WHERE TABLE_SCHEMA='mysql' and TABLE_NAME='db' and COLUMN_NAME='Db') `database`"); + if ($db->next_record($result)) { + $variable = $db->Record; + $variable['username']=min(128, $variable['username']); + $variable['database']=min($variable['database'], $variable['username']); + variable_set('sql_max_username_length', $variable['username'], 'Maximum length allowed for SQL usernames'); + variable_set('sql_max_database_length', $variable['database'], 'Maximum length allowed for SQL databases names'); + } + +} diff --git a/bureau/class/m_mysql.php b/bureau/class/m_mysql.php index 8dcfd864..926bb151 100644 --- a/bureau/class/m_mysql.php +++ b/bureau/class/m_mysql.php @@ -257,8 +257,9 @@ class m_mysql { return false; } - if (strlen($dbname) > 64) { - $err->raise("mysql", _("Database name cannot exceed 64 characters")); + $len=variable_get("sql_max_database_length", 64); + if (strlen($dbname) > $len) { + $err->raise("mysql", _("Database name cannot exceed %d characters"), $len); return false; } $db->query("SELECT * FROM db WHERE db='$dbname';"); @@ -422,8 +423,9 @@ class m_mysql { return false; } - if (strlen($password) > 16) { - $err->raise("mysql", _("MySQL password cannot exceed 16 characters")); + $len=variable_get("sql_max_username_length", 16); + if (strlen($password) > $len) { + $err->raise("mysql", _("MySQL password cannot exceed %d characters"), $len); return false; } @@ -714,8 +716,9 @@ class m_mysql { } // We check the length of the COMPLETE username, not only the part after _ - if (strlen($user) > 16) { - $err->raise("mysql", _("MySQL username cannot exceed 16 characters")); + $len=variable_get("sql_max_username_length", 16); + if (strlen($user) > $len) { + $err->raise("mysql", _("MySQL username cannot exceed %d characters"), $len); return false; } $db->query("SELECT * FROM dbusers WHERE name='$user';");