ISPConfig3 devel
view | history | commit | commitdiff
Marius Burkard
2016-05-04 c3189ce6c7301c3ec17878fd3918f31d0d3cb18a
commit | author | age
381520 1 <?php
M 2 /*
3 Copyright (c) 2008, Till Brehm, projektfarm Gmbh
4 All rights reserved.
5
6 Redistribution and use in source and binary forms, with or without modification,
7 are permitted provided that the following conditions are met:
8
9     * Redistributions of source code must retain the above copyright notice,
10       this list of conditions and the following disclaimer.
11     * Redistributions in binary form must reproduce the above copyright notice,
12       this list of conditions and the following disclaimer in the documentation
13       and/or other materials provided with the distribution.
14     * Neither the name of ISPConfig nor the names of its contributors
15       may be used to endorse or promote products derived from this software without
16       specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
22 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
23 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
25 OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
26 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
27 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30
31 /******************************************
32 * Begin Form configuration
33 ******************************************/
34
35 $tform_def_file = "form/database_user.tform.php";
36
37 /******************************************
38 * End Form configuration
39 ******************************************/
40
b1a6a5 41 require_once '../../lib/config.inc.php';
MC 42 require_once '../../lib/app.inc.php';
381520 43
M 44 //* Check permissions for module
45 $app->auth->check_module_permissions('sites');
46
47 // Loading classes
48 $app->uses('tpl,tform,tform_actions');
49 $app->load('tform_actions');
50
51 class page_action extends tform_actions {
52
7e2a3f 53     function onShowNew() {
FS 54         global $app;
55
56         // we will check only users, not admins
57         if($_SESSION['s']['user']['typ'] == 'user') {
2527d2 58             if(!$app->tform->checkClientLimit('limit_database_user')) {
7e2a3f 59                 $app->error($app->tform->wordbook["limit_database_user_txt"]);
FS 60             }
2527d2 61             if(!$app->tform->checkResellerLimit('limit_database_user')) {
7e2a3f 62                 $app->error('Reseller: '.$app->tform->wordbook["limit_database_user_txt"]);
FS 63             }
64         }
65
66         parent::onShowNew();
67     }
68
381520 69     function onShowEnd() {
M 70         global $app, $conf, $interfaceConf;
71
72         /*
73          * If the names are restricted -> remove the restriction, so that the
74          * data can be edited
75          */
bd68aa 76
381520 77         //* Get the database user prefix
31f6ce 78         $app->uses('getconf,tools_sites');
381520 79         $global_config = $app->getconf->get_global_config('sites');
31f6ce 80         $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
bd68aa 81
b1a6a5 82         if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
381520 83             // Get the limits of the client
604c0c 84             $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
cc7a82 85             $client = $app->db->queryOneRecord("SELECT client.company_name, client.contact_name, client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
bd68aa 86
b1a6a5 87             // Fill the client select field
2af58c 88             $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
MC 89             $records = $app->db->queryAllRecords($sql, $client['client_id']);
90             $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
b1a6a5 91             $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contact_name'].'</option>';
MC 92             //$tmp_data_record = $app->tform->getDataRecord($this->id);
93             if(is_array($records)) {
94                 foreach( $records as $rec) {
95                     $selected = @(is_array($this->dataRecord) && ($rec["groupid"] == $this->dataRecord['client_group_id'] || $rec["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
96                     $client_select .= "<option value='$rec[groupid]' $selected>$rec[contactname]</option>\r\n";
97                 }
98             }
99             $app->tpl->setVar("client_group_id", $client_select);
100         } elseif($_SESSION["s"]["user"]["typ"] == 'admin') {
381520 101             // Fill the client select field
ca4b71 102             $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
381520 103             $clients = $app->db->queryAllRecords($sql);
M 104             $client_select = "<option value='0'></option>";
105             //$tmp_data_record = $app->tform->getDataRecord($this->id);
106             if(is_array($clients)) {
107                 foreach( $clients as $client) {
108                     //$selected = @($client["groupid"] == $tmp_data_record["sys_groupid"])?'SELECTED':'';
109                     $selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
615a0a 110                     $client_select .= "<option value='$client[groupid]' $selected>$client[contactname]</option>\r\n";
381520 111                 }
M 112             }
b1a6a5 113             $app->tpl->setVar("client_group_id", $client_select);
MC 114         }
bd68aa 115
MC 116
381520 117         if ($this->dataRecord['database_user'] != ""){
M 118             /* REMOVE the restriction */
10b4c8 119             $app->tpl->setVar("database_user", $app->tools_sites->removePrefix($this->dataRecord['database_user'], $this->dataRecord['database_user_prefix'], $dbuser_prefix));
381520 120         }
bd68aa 121
ba18a8 122         if($this->dataRecord['database_user'] == "") {
07c297 123             $app->tpl->setVar("database_user_prefix", $dbuser_prefix);
SC 124         } else {
125             $app->tpl->setVar("database_user_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_user_prefix'], $dbuser_prefix, $global_config['dbuser_prefix']));
126         }
bd68aa 127
381520 128         parent::onShowEnd();
M 129     }
bd68aa 130
b1a6a5 131     function onSubmit() {
MC 132         global $app;
bd68aa 133
b1a6a5 134         if($_SESSION['s']['user']['typ'] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) unset($this->dataRecord["client_group_id"]);
bd68aa 135
b1a6a5 136         parent::onSubmit();
MC 137     }
381520 138
M 139     function onBeforeUpdate() {
140         global $app, $conf, $interfaceConf;
141
142         //* Get the database user prefix
31f6ce 143         $app->uses('getconf,tools_sites');
381520 144         $global_config = $app->getconf->get_global_config('sites');
31f6ce 145         $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
381520 146
2af58c 147         $this->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM web_database_user WHERE database_user_id = ?", $this->id);
bd68aa 148
b1a6a5 149         $dbuser_prefix = $app->tools_sites->getPrefix($this->oldDataRecord['database_user_prefix'], $dbuser_prefix);
MC 150         $this->dataRecord['database_user_prefix'] = $dbuser_prefix;
bd68aa 151
381520 152         //* Database username shall not be empty
M 153         if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'<br />';
154
b1a6a5 155         if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}', $dbuser_prefix . $this->dataRecord['database_user'], $app->tform->wordbook["database_user_error_len"]).'<br />';
bd68aa 156
381520 157         //* Check database user against blacklist
b1a6a5 158         $dbuser_blacklist = array($conf['db_user'], 'mysql', 'root');
MC 159         if(in_array($dbuser_prefix . $this->dataRecord['database_user'], $dbuser_blacklist)) {
381520 160             $app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';
M 161         }
bd68aa 162
381520 163         if ($app->tform->errorMessage == ''){
M 164             /* restrict the names if there is no error */
b1a6a5 165             /* crop user and db names if they are too long -> mysql: user: 16 chars / db: 64 chars */
381520 166             $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
M 167         }
bd68aa 168
MC 169         /* prepare password for MongoDB */
170         // TODO: this still doens't work as when only the username changes we have no database_password.
171         // taking the one from oldData doesn't work as it's encrypted...shit!
e7ae4e 172 /*
bd68aa 173         $this->dataRecord['database_password_mongo'] = $this->dataRecord['database_user'].":mongo:".$this->dataRecord['database_password'];
MC 174
b1a6a5 175         $this->dataRecord['server_id'] = 0; // we need this on all servers
e7ae4e 176 */
381520 177         parent::onBeforeUpdate();
M 178     }
179
180     function onBeforeInsert() {
181         global $app, $conf, $interfaceConf;
bd68aa 182
381520 183         //* Database username shall not be empty
M 184         if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'<br />';
185
186         //* Get the database name and database user prefix
31f6ce 187         $app->uses('getconf,tools_sites');
381520 188         $global_config = $app->getconf->get_global_config('sites');
31f6ce 189         $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
bd68aa 190
b1a6a5 191         $this->dataRecord['database_user_prefix'] = $dbuser_prefix;
bd68aa 192
b1a6a5 193         if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}', $dbuser_prefix . $this->dataRecord['database_user'], $app->tform->wordbook["database_user_error_len"]).'<br />';
bd68aa 194
381520 195         //* Check database user against blacklist
b1a6a5 196         $dbuser_blacklist = array($conf['db_user'], 'mysql', 'root');
MC 197         if(is_array($dbuser_blacklist) && in_array($dbuser_prefix . $this->dataRecord['database_user'], $dbuser_blacklist)) {
381520 198             $app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';
M 199         }
200
201         /* restrict the names */
b1a6a5 202         /* crop user names if they are too long -> mysql: user: 16 chars / db: 64 chars */
381520 203         if ($app->tform->errorMessage == ''){
M 204             $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
205         }
bd68aa 206
MC 207         $this->dataRecord['server_id'] = 0; // we need this on all servers
208
209         /* prepare password for MongoDB */
e7ae4e 210 //        $this->dataRecord['database_password_mongo'] = $this->dataRecord['database_user'].":mongo:".$this->dataRecord['database_password'];
bd68aa 211
381520 212         parent::onBeforeInsert();
M 213     }
214
215     function onAfterInsert() {
216         global $app, $conf;
bd68aa 217
381520 218         if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
65ea2e 219             $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
2af58c 220             $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $this->id);
381520 221         }
M 222         if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
65ea2e 223             $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
2af58c 224             $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $this->id);
381520 225         }
M 226     }
227
228     function onAfterUpdate() {
229         global $app, $conf;
230
231         if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
65ea2e 232             $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
2af58c 233             $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $this->id);
381520 234         }
M 235         if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
65ea2e 236             $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
2af58c 237             $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $this->id);
381520 238         }
M 239     }
240
241 }
242
243 $page = new page_action;
244 $page->onLoad();
245
b1a6a5 246 ?>