ISPConfig3 devel
view | history | commit | commitdiff
tbrehm
2013-08-02 2332b2279d8a8599b4f041370315edc9544b1560
commit | author | age
381520 1 <?php
M 2 /*
3 Copyright (c) 2008, Till Brehm, projektfarm Gmbh
4 All rights reserved.
5
6 Redistribution and use in source and binary forms, with or without modification,
7 are permitted provided that the following conditions are met:
8
9     * Redistributions of source code must retain the above copyright notice,
10       this list of conditions and the following disclaimer.
11     * Redistributions in binary form must reproduce the above copyright notice,
12       this list of conditions and the following disclaimer in the documentation
13       and/or other materials provided with the distribution.
14     * Neither the name of ISPConfig nor the names of its contributors
15       may be used to endorse or promote products derived from this software without
16       specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
22 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
23 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
25 OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
26 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
27 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30
31 /******************************************
32 * Begin Form configuration
33 ******************************************/
34
35 $tform_def_file = "form/database_user.tform.php";
36
37 /******************************************
38 * End Form configuration
39 ******************************************/
40
41 require_once('../../lib/config.inc.php');
42 require_once('../../lib/app.inc.php');
43
44 //* Check permissions for module
45 $app->auth->check_module_permissions('sites');
46
47 // Loading classes
48 $app->uses('tpl,tform,tform_actions');
49 $app->load('tform_actions');
50
51 class page_action extends tform_actions {
52
53     function onShowEnd() {
54         global $app, $conf, $interfaceConf;
55
56         /*
57          * If the names are restricted -> remove the restriction, so that the
58          * data can be edited
59          */
2332b2 60
381520 61         //* Get the database user prefix
31f6ce 62         $app->uses('getconf,tools_sites');
381520 63         $global_config = $app->getconf->get_global_config('sites');
31f6ce 64         $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
2332b2 65
381520 66         if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
M 67             // Get the limits of the client
68             $client_group_id = $_SESSION["s"]["user"]["default_group"];
4bd960 69             $client = $app->db->queryOneRecord("SELECT client.company_name, client.contact_name, client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
2332b2 70
381520 71             // Fill the client select field
615a0a 72             $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY sys_group.name";
381520 73             $records = $app->db->queryAllRecords($sql);
M 74             $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
615a0a 75             $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contact_name'].'</option>';
381520 76             //$tmp_data_record = $app->tform->getDataRecord($this->id);
M 77             if(is_array($records)) {
78                 foreach( $records as $rec) {
79                     $selected = @(is_array($this->dataRecord) && ($rec["groupid"] == $this->dataRecord['client_group_id'] || $rec["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
615a0a 80                     $client_select .= "<option value='$rec[groupid]' $selected>$rec[contactname]</option>\r\n";
381520 81                 }
M 82             }
83             $app->tpl->setVar("client_group_id",$client_select);
84         } elseif($_SESSION["s"]["user"]["typ"] == 'admin') {
85             // Fill the client select field
615a0a 86             $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY sys_group.name";
381520 87             $clients = $app->db->queryAllRecords($sql);
M 88             $client_select = "<option value='0'></option>";
89             //$tmp_data_record = $app->tform->getDataRecord($this->id);
90             if(is_array($clients)) {
91                 foreach( $clients as $client) {
92                     //$selected = @($client["groupid"] == $tmp_data_record["sys_groupid"])?'SELECTED':'';
93                     $selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
615a0a 94                     $client_select .= "<option value='$client[groupid]' $selected>$client[contactname]</option>\r\n";
381520 95                 }
M 96             }
97             $app->tpl->setVar("client_group_id",$client_select);
98         }
2332b2 99
T 100
381520 101         if ($this->dataRecord['database_user'] != ""){
M 102             /* REMOVE the restriction */
10b4c8 103             $app->tpl->setVar("database_user", $app->tools_sites->removePrefix($this->dataRecord['database_user'], $this->dataRecord['database_user_prefix'], $dbuser_prefix));
381520 104         }
2332b2 105
T 106
10b4c8 107         $app->tpl->setVar("database_user_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_user_prefix'], $dbuser_prefix, $global_config['dbuser_prefix']));
2332b2 108
381520 109         parent::onShowEnd();
M 110     }
2332b2 111
381520 112     function onSubmit() {
M 113         global $app;
2332b2 114
381520 115         if($_SESSION['s']['user']['typ'] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) unset($this->dataRecord["client_group_id"]);
2332b2 116
381520 117         parent::onSubmit();
M 118     }
119
120     function onBeforeUpdate() {
121         global $app, $conf, $interfaceConf;
122
123         //* Get the database user prefix
31f6ce 124         $app->uses('getconf,tools_sites');
381520 125         $global_config = $app->getconf->get_global_config('sites');
31f6ce 126         $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
381520 127
10b4c8 128         $this->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM web_database_user WHERE database_user_id = '".$this->id."'");
2332b2 129
10b4c8 130         $dbuser_prefix = $app->tools_sites->getPrefix($this->oldDataRecord['database_user_prefix'], $dbuser_prefix);
T 131         $this->dataRecord['database_user_prefix'] = $dbuser_prefix;
2332b2 132
381520 133         //* Database username shall not be empty
M 134         if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'<br />';
135
136         if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}',$dbuser_prefix . $this->dataRecord['database_user'],$app->tform->wordbook["database_user_error_len"]).'<br />';
2332b2 137
381520 138         //* Check database user against blacklist
M 139         $dbuser_blacklist = array($conf['db_user'],'mysql','root');
31f6ce 140         if(in_array($dbuser_prefix . $this->dataRecord['database_user'],$dbuser_blacklist)) {
381520 141             $app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';
M 142         }
2332b2 143
381520 144         if ($app->tform->errorMessage == ''){
M 145             /* restrict the names if there is no error */
146             /* crop user and db names if they are too long -> mysql: user: 16 chars / db: 64 chars */
147             $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
148         }
2332b2 149
T 150         /* prepare password for MongoDB */
151         // TODO: this still doens't work as when only the username changes we have no database_password.
152         // taking the one from oldData doesn't work as it's encrypted...shit!
153         $this->dataRecord['database_password_mongo'] = $this->dataRecord['database_user'].":mongo:".$this->dataRecord['database_password'];
154
615a0a 155         $this->dataRecord['server_id'] = 0; // we need this on all servers
2332b2 156
381520 157         parent::onBeforeUpdate();
M 158     }
159
160     function onBeforeInsert() {
161         global $app, $conf, $interfaceConf;
2332b2 162
381520 163         //* Database username shall not be empty
M 164         if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'<br />';
165
166         //* Get the database name and database user prefix
31f6ce 167         $app->uses('getconf,tools_sites');
381520 168         $global_config = $app->getconf->get_global_config('sites');
31f6ce 169         $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
2332b2 170
10b4c8 171         $this->dataRecord['database_user_prefix'] = $dbuser_prefix;
2332b2 172
381520 173         if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}',$dbuser_prefix . $this->dataRecord['database_user'],$app->tform->wordbook["database_user_error_len"]).'<br />';
2332b2 174
381520 175         //* Check database user against blacklist
M 176         $dbuser_blacklist = array($conf['db_user'],'mysql','root');
31f6ce 177         if(is_array($dbuser_blacklist) && in_array($dbuser_prefix . $this->dataRecord['database_user'],$dbuser_blacklist)) {
381520 178             $app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';
M 179         }
180
181         /* restrict the names */
182         /* crop user names if they are too long -> mysql: user: 16 chars / db: 64 chars */
183         if ($app->tform->errorMessage == ''){
184             $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
185         }
2332b2 186
T 187         $this->dataRecord['server_id'] = 0; // we need this on all servers
188
189         /* prepare password for MongoDB */
190         $this->dataRecord['database_password_mongo'] = $this->dataRecord['database_user'].":mongo:".$this->dataRecord['database_password'];
191
381520 192         parent::onBeforeInsert();
M 193     }
194
195     function onAfterInsert() {
196         global $app, $conf;
2332b2 197
381520 198         if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
65ea2e 199             $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
381520 200             $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);
M 201         }
202         if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
65ea2e 203             $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
381520 204             $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);
M 205         }
206     }
207
208     function onAfterUpdate() {
209         global $app, $conf;
210
211         if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
65ea2e 212             $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
381520 213             $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);
M 214         }
215         if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
65ea2e 216             $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
381520 217             $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);
M 218         }
2332b2 219
615a0a 220         /*$password = $app->db->queryOneRecord("SELECT database_password FROM web_database_user WHERE database_user_id = ".$this->id);
2332b2 221
65ea2e 222         $records = $app->db->queryAllRecords("SELECT DISTINCT server_id FROM web_database WHERE database_user_id = '".$app->functions->intval($this->id)."' UNION SELECT DISTINCT server_id FROM web_database WHERE database_ro_user_id = '".$app->functions->intval($this->id)."'");
317b4d 223         foreach($records as $rec) {
M 224             $new_rec = $this->dataRecord;
225             $new_rec['server_id'] = $rec['server_id'];
526b99 226             // Make sure to store the password in encrypted form in sys_datalog
T 227             $new_rec['database_password'] = $password['database_password'];
bfcdef 228             $app->db->datalogSave('web_database_user', 'UPDATE', 'database_user_id', $this->id, $this->oldDataRecord, $new_rec);
317b4d 229         }
615a0a 230         unset($new_rec);*/
381520 231     }
M 232
233 }
234
235 $page = new page_action;
236 $page->onLoad();
237
238 ?>