ISPConfig3 devel
view | history | commit | commitdiff
tbrehm
2013-02-22 526b997c9891a796b152cdbab8e329b356b1f596
commit | author | age
381520 1 <?php
M 2 /*
3 Copyright (c) 2008, Till Brehm, projektfarm Gmbh
4 All rights reserved.
5
6 Redistribution and use in source and binary forms, with or without modification,
7 are permitted provided that the following conditions are met:
8
9     * Redistributions of source code must retain the above copyright notice,
10       this list of conditions and the following disclaimer.
11     * Redistributions in binary form must reproduce the above copyright notice,
12       this list of conditions and the following disclaimer in the documentation
13       and/or other materials provided with the distribution.
14     * Neither the name of ISPConfig nor the names of its contributors
15       may be used to endorse or promote products derived from this software without
16       specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
22 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
23 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
25 OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
26 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
27 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30
31 /******************************************
32 * Begin Form configuration
33 ******************************************/
34
35 $tform_def_file = "form/database_user.tform.php";
36
37 /******************************************
38 * End Form configuration
39 ******************************************/
40
41 require_once('../../lib/config.inc.php');
42 require_once('../../lib/app.inc.php');
43
44 //* Check permissions for module
45 $app->auth->check_module_permissions('sites');
46
47 // Loading classes
48 $app->uses('tpl,tform,tform_actions');
49 $app->load('tform_actions');
50
51 class page_action extends tform_actions {
52
53     function onShowEnd() {
54         global $app, $conf, $interfaceConf;
55
56         /*
57          * If the names are restricted -> remove the restriction, so that the
58          * data can be edited
59          */
60         
61         //* Get the database user prefix
31f6ce 62         $app->uses('getconf,tools_sites');
381520 63         $global_config = $app->getconf->get_global_config('sites');
31f6ce 64         $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
381520 65         
M 66         if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
67             // Get the limits of the client
68             $client_group_id = $_SESSION["s"]["user"]["default_group"];
4bd960 69             $client = $app->db->queryOneRecord("SELECT client.company_name, client.contact_name, client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
381520 70             
M 71             // Fill the client select field
72             $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(client.company_name,' :: ',client.contact_name) as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY sys_group.name";
73             $records = $app->db->queryAllRecords($sql);
74             $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
4bd960 75             $client_select = '<option value="'.$tmp['groupid'].'">'.$client['company_name'].' :: '.$client['contact_name'].'</option>';
381520 76             //$tmp_data_record = $app->tform->getDataRecord($this->id);
M 77             if(is_array($records)) {
78                 foreach( $records as $rec) {
79                     $selected = @(is_array($this->dataRecord) && ($rec["groupid"] == $this->dataRecord['client_group_id'] || $rec["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
80                     $client_select .= "<option value='$rec[groupid]' $selected>$rec[name] :: $rec[contactname]</option>\r\n";
81                 }
82             }
83             $app->tpl->setVar("client_group_id",$client_select);
84         } elseif($_SESSION["s"]["user"]["typ"] == 'admin') {
85             // Fill the client select field
86             $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(client.company_name,' :: ',client.contact_name) as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY sys_group.name";
87             $clients = $app->db->queryAllRecords($sql);
88             $client_select = "<option value='0'></option>";
89             //$tmp_data_record = $app->tform->getDataRecord($this->id);
90             if(is_array($clients)) {
91                 foreach( $clients as $client) {
92                     //$selected = @($client["groupid"] == $tmp_data_record["sys_groupid"])?'SELECTED':'';
93                     $selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
94                     $client_select .= "<option value='$client[groupid]' $selected>$client[name] :: $client[contactname]</option>\r\n";
95                 }
96             }
97             $app->tpl->setVar("client_group_id",$client_select);
98         }
99         
100         
101         if ($this->dataRecord['database_user'] != ""){
102             /* REMOVE the restriction */
10b4c8 103             $app->tpl->setVar("database_user", $app->tools_sites->removePrefix($this->dataRecord['database_user'], $this->dataRecord['database_user_prefix'], $dbuser_prefix));
381520 104         }
M 105         
10b4c8 106     
T 107         $app->tpl->setVar("database_user_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_user_prefix'], $dbuser_prefix, $global_config['dbuser_prefix']));
381520 108         
M 109         parent::onShowEnd();
110     }
111     
112     function onSubmit() {
113         global $app;
114         
115         if($_SESSION['s']['user']['typ'] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) unset($this->dataRecord["client_group_id"]);
116         
117         parent::onSubmit();
118     }
119
120     function onBeforeUpdate() {
121         global $app, $conf, $interfaceConf;
122
123         //* Get the database user prefix
31f6ce 124         $app->uses('getconf,tools_sites');
381520 125         $global_config = $app->getconf->get_global_config('sites');
31f6ce 126         $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
381520 127
10b4c8 128         $this->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM web_database_user WHERE database_user_id = '".$this->id."'");
T 129         
130         $dbuser_prefix = $app->tools_sites->getPrefix($this->oldDataRecord['database_user_prefix'], $dbuser_prefix);
131         $this->dataRecord['database_user_prefix'] = $dbuser_prefix;
132         
381520 133         //* Database username shall not be empty
M 134         if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'<br />';
135
136         if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}',$dbuser_prefix . $this->dataRecord['database_user'],$app->tform->wordbook["database_user_error_len"]).'<br />';
137         
138         //* Check database user against blacklist
139         $dbuser_blacklist = array($conf['db_user'],'mysql','root');
31f6ce 140         if(in_array($dbuser_prefix . $this->dataRecord['database_user'],$dbuser_blacklist)) {
381520 141             $app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';
M 142         }
143         
144         if ($app->tform->errorMessage == ''){
145             /* restrict the names if there is no error */
146             /* crop user and db names if they are too long -> mysql: user: 16 chars / db: 64 chars */
147             $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
148         }
149         
317b4d 150         $this->dataRecord['server_id'] = $conf['server_id'];
M 151         
381520 152         parent::onBeforeUpdate();
M 153     }
154
155     function onBeforeInsert() {
156         global $app, $conf, $interfaceConf;
157         
158         //* Database username shall not be empty
159         if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'<br />';
160
161         //* Get the database name and database user prefix
31f6ce 162         $app->uses('getconf,tools_sites');
381520 163         $global_config = $app->getconf->get_global_config('sites');
31f6ce 164         $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
381520 165         
10b4c8 166         $this->dataRecord['database_user_prefix'] = $dbuser_prefix;
T 167         
381520 168         if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}',$dbuser_prefix . $this->dataRecord['database_user'],$app->tform->wordbook["database_user_error_len"]).'<br />';
M 169         
170         //* Check database user against blacklist
171         $dbuser_blacklist = array($conf['db_user'],'mysql','root');
31f6ce 172         if(is_array($dbuser_blacklist) && in_array($dbuser_prefix . $this->dataRecord['database_user'],$dbuser_blacklist)) {
381520 173             $app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';
M 174         }
175
176         /* restrict the names */
177         /* crop user names if they are too long -> mysql: user: 16 chars / db: 64 chars */
178         if ($app->tform->errorMessage == ''){
179             $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
180         }
181         
317b4d 182         $this->dataRecord['server_id'] = $conf['server_id'];
M 183         
381520 184         parent::onBeforeInsert();
M 185     }
186
187     function onAfterInsert() {
188         global $app, $conf;
189         
190         if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
65ea2e 191             $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
381520 192             $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);
M 193         }
194         if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
65ea2e 195             $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
381520 196             $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);
M 197         }
198     }
199
200     function onAfterUpdate() {
201         global $app, $conf;
202
203         if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
65ea2e 204             $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
381520 205             $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);
M 206         }
207         if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
65ea2e 208             $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
381520 209             $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);
M 210         }
526b99 211         
T 212         $password = $app->db->queryOneRecord("SELECT database_password FROM web_database_user WHERE database_user_id = ".$this->id);
317b4d 213         
65ea2e 214         $records = $app->db->queryAllRecords("SELECT DISTINCT server_id FROM web_database WHERE database_user_id = '".$app->functions->intval($this->id)."' UNION SELECT DISTINCT server_id FROM web_database WHERE database_ro_user_id = '".$app->functions->intval($this->id)."'");
317b4d 215         foreach($records as $rec) {
M 216             $new_rec = $this->dataRecord;
217             $new_rec['server_id'] = $rec['server_id'];
526b99 218             // Make sure to store the password in encrypted form in sys_datalog
T 219             $new_rec['database_password'] = $password['database_password'];
bfcdef 220             $app->db->datalogSave('web_database_user', 'UPDATE', 'database_user_id', $this->id, $this->oldDataRecord, $new_rec);
317b4d 221         }
M 222         unset($new_rec);
381520 223     }
M 224
225 }
226
227 $page = new page_action;
228 $page->onLoad();
229
230 ?>