ISPConfig3 devel
view | history | commit | commitdiff
Marius Cramer
2015-08-06 37b29231e47a0c4458dc1c15d98588f16f07e1e2
commit | author | age
381520 1 <?php
M 2 /*
3 Copyright (c) 2008, Till Brehm, projektfarm Gmbh
4 All rights reserved.
5
6 Redistribution and use in source and binary forms, with or without modification,
7 are permitted provided that the following conditions are met:
8
9     * Redistributions of source code must retain the above copyright notice,
10       this list of conditions and the following disclaimer.
11     * Redistributions in binary form must reproduce the above copyright notice,
12       this list of conditions and the following disclaimer in the documentation
13       and/or other materials provided with the distribution.
14     * Neither the name of ISPConfig nor the names of its contributors
15       may be used to endorse or promote products derived from this software without
16       specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
22 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
23 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
25 OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
26 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
27 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30
31 /******************************************
32 * Begin Form configuration
33 ******************************************/
34
35 $tform_def_file = "form/database_user.tform.php";
36
37 /******************************************
38 * End Form configuration
39 ******************************************/
40
b1a6a5 41 require_once '../../lib/config.inc.php';
MC 42 require_once '../../lib/app.inc.php';
381520 43
M 44 //* Check permissions for module
45 $app->auth->check_module_permissions('sites');
46
47 // Loading classes
48 $app->uses('tpl,tform,tform_actions');
49 $app->load('tform_actions');
50
51 class page_action extends tform_actions {
52
53     function onShowEnd() {
54         global $app, $conf, $interfaceConf;
55
56         /*
57          * If the names are restricted -> remove the restriction, so that the
58          * data can be edited
59          */
bd68aa 60
381520 61         //* Get the database user prefix
31f6ce 62         $app->uses('getconf,tools_sites');
381520 63         $global_config = $app->getconf->get_global_config('sites');
31f6ce 64         $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
bd68aa 65
b1a6a5 66         if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
381520 67             // Get the limits of the client
604c0c 68             $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
cc7a82 69             $client = $app->db->queryOneRecord("SELECT client.company_name, client.contact_name, client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
bd68aa 70
b1a6a5 71             // Fill the client select field
2af58c 72             $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
MC 73             $records = $app->db->queryAllRecords($sql, $client['client_id']);
74             $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
b1a6a5 75             $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contact_name'].'</option>';
MC 76             //$tmp_data_record = $app->tform->getDataRecord($this->id);
77             if(is_array($records)) {
78                 foreach( $records as $rec) {
79                     $selected = @(is_array($this->dataRecord) && ($rec["groupid"] == $this->dataRecord['client_group_id'] || $rec["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
80                     $client_select .= "<option value='$rec[groupid]' $selected>$rec[contactname]</option>\r\n";
81                 }
82             }
83             $app->tpl->setVar("client_group_id", $client_select);
84         } elseif($_SESSION["s"]["user"]["typ"] == 'admin') {
381520 85             // Fill the client select field
ca4b71 86             $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
381520 87             $clients = $app->db->queryAllRecords($sql);
M 88             $client_select = "<option value='0'></option>";
89             //$tmp_data_record = $app->tform->getDataRecord($this->id);
90             if(is_array($clients)) {
91                 foreach( $clients as $client) {
92                     //$selected = @($client["groupid"] == $tmp_data_record["sys_groupid"])?'SELECTED':'';
93                     $selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
615a0a 94                     $client_select .= "<option value='$client[groupid]' $selected>$client[contactname]</option>\r\n";
381520 95                 }
M 96             }
b1a6a5 97             $app->tpl->setVar("client_group_id", $client_select);
MC 98         }
bd68aa 99
MC 100
381520 101         if ($this->dataRecord['database_user'] != ""){
M 102             /* REMOVE the restriction */
10b4c8 103             $app->tpl->setVar("database_user", $app->tools_sites->removePrefix($this->dataRecord['database_user'], $this->dataRecord['database_user_prefix'], $dbuser_prefix));
381520 104         }
bd68aa 105
ba18a8 106         if($this->dataRecord['database_user'] == "") {
07c297 107             $app->tpl->setVar("database_user_prefix", $dbuser_prefix);
SC 108         } else {
109             $app->tpl->setVar("database_user_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_user_prefix'], $dbuser_prefix, $global_config['dbuser_prefix']));
110         }
bd68aa 111
381520 112         parent::onShowEnd();
M 113     }
bd68aa 114
b1a6a5 115     function onSubmit() {
MC 116         global $app;
bd68aa 117
b1a6a5 118         if($_SESSION['s']['user']['typ'] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) unset($this->dataRecord["client_group_id"]);
bd68aa 119
b1a6a5 120         parent::onSubmit();
MC 121     }
381520 122
M 123     function onBeforeUpdate() {
124         global $app, $conf, $interfaceConf;
125
126         //* Get the database user prefix
31f6ce 127         $app->uses('getconf,tools_sites');
381520 128         $global_config = $app->getconf->get_global_config('sites');
31f6ce 129         $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
381520 130
2af58c 131         $this->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM web_database_user WHERE database_user_id = ?", $this->id);
bd68aa 132
b1a6a5 133         $dbuser_prefix = $app->tools_sites->getPrefix($this->oldDataRecord['database_user_prefix'], $dbuser_prefix);
MC 134         $this->dataRecord['database_user_prefix'] = $dbuser_prefix;
bd68aa 135
381520 136         //* Database username shall not be empty
M 137         if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'<br />';
138
b1a6a5 139         if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}', $dbuser_prefix . $this->dataRecord['database_user'], $app->tform->wordbook["database_user_error_len"]).'<br />';
bd68aa 140
381520 141         //* Check database user against blacklist
b1a6a5 142         $dbuser_blacklist = array($conf['db_user'], 'mysql', 'root');
MC 143         if(in_array($dbuser_prefix . $this->dataRecord['database_user'], $dbuser_blacklist)) {
381520 144             $app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';
M 145         }
bd68aa 146
381520 147         if ($app->tform->errorMessage == ''){
M 148             /* restrict the names if there is no error */
b1a6a5 149             /* crop user and db names if they are too long -> mysql: user: 16 chars / db: 64 chars */
381520 150             $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
M 151         }
bd68aa 152
MC 153         /* prepare password for MongoDB */
154         // TODO: this still doens't work as when only the username changes we have no database_password.
155         // taking the one from oldData doesn't work as it's encrypted...shit!
156         $this->dataRecord['database_password_mongo'] = $this->dataRecord['database_user'].":mongo:".$this->dataRecord['database_password'];
157
b1a6a5 158         $this->dataRecord['server_id'] = 0; // we need this on all servers
bd68aa 159
381520 160         parent::onBeforeUpdate();
M 161     }
162
163     function onBeforeInsert() {
164         global $app, $conf, $interfaceConf;
bd68aa 165
381520 166         //* Database username shall not be empty
M 167         if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'<br />';
168
169         //* Get the database name and database user prefix
31f6ce 170         $app->uses('getconf,tools_sites');
381520 171         $global_config = $app->getconf->get_global_config('sites');
31f6ce 172         $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
bd68aa 173
b1a6a5 174         $this->dataRecord['database_user_prefix'] = $dbuser_prefix;
bd68aa 175
b1a6a5 176         if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}', $dbuser_prefix . $this->dataRecord['database_user'], $app->tform->wordbook["database_user_error_len"]).'<br />';
bd68aa 177
381520 178         //* Check database user against blacklist
b1a6a5 179         $dbuser_blacklist = array($conf['db_user'], 'mysql', 'root');
MC 180         if(is_array($dbuser_blacklist) && in_array($dbuser_prefix . $this->dataRecord['database_user'], $dbuser_blacklist)) {
381520 181             $app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';
M 182         }
183
184         /* restrict the names */
b1a6a5 185         /* crop user names if they are too long -> mysql: user: 16 chars / db: 64 chars */
381520 186         if ($app->tform->errorMessage == ''){
M 187             $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
188         }
bd68aa 189
MC 190         $this->dataRecord['server_id'] = 0; // we need this on all servers
191
192         /* prepare password for MongoDB */
193         $this->dataRecord['database_password_mongo'] = $this->dataRecord['database_user'].":mongo:".$this->dataRecord['database_password'];
194
381520 195         parent::onBeforeInsert();
M 196     }
197
198     function onAfterInsert() {
199         global $app, $conf;
bd68aa 200
381520 201         if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
65ea2e 202             $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
2af58c 203             $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $this->id);
381520 204         }
M 205         if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
65ea2e 206             $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
2af58c 207             $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $this->id);
381520 208         }
M 209     }
210
211     function onAfterUpdate() {
212         global $app, $conf;
213
214         if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
65ea2e 215             $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
2af58c 216             $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $this->id);
381520 217         }
M 218         if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
65ea2e 219             $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
2af58c 220             $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $this->id);
381520 221         }
M 222     }
223
224 }
225
226 $page = new page_action;
227 $page->onLoad();
228
b1a6a5 229 ?>