ISPConfig3 devel
blame | history | patch | commit | commitdiff | ignore whitespace
tbrehm
2013-08-02 2332b2279d8a8599b4f041370315edc9544b1560 
 interface/web/sites/database_user_edit.php


@@ -57,17 +57,17 @@


       * If the names are restricted -> remove the restriction, so that the


       * data can be edited


       */


		




      //* Get the database user prefix


      $app->uses('getconf,tools_sites');


      $global_config = $app->getconf->get_global_config('sites');


      $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);


		




        if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {


         // Get the limits of the client


         $client_group_id = $_SESSION["s"]["user"]["default_group"];


         $client = $app->db->queryOneRecord("SELECT client.company_name, client.contact_name, client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            




            // Fill the client select field


            $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY sys_group.name";


            $records = $app->db->queryAllRecords($sql);


@@ -96,24 +96,24 @@


         }


         $app->tpl->setVar("client_group_id",$client_select);


        }


        


        






      if ($this->dataRecord['database_user'] != ""){


         /* REMOVE the restriction */


         $app->tpl->setVar("database_user", $app->tools_sites->removePrefix($this->dataRecord['database_user'], $this->dataRecord['database_user_prefix'], $dbuser_prefix));


      }


		


    






      $app->tpl->setVar("database_user_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_user_prefix'], $dbuser_prefix, $global_config['dbuser_prefix']));


		




      parent::onShowEnd();


   }


    




    function onSubmit() {


        global $app;


        




        if($_SESSION['s']['user']['typ'] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) unset($this->dataRecord["client_group_id"]);


        




        parent::onSubmit();


    }




@@ -126,35 +126,40 @@


      $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);




        $this->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM web_database_user WHERE database_user_id = '".$this->id."'");


        




        $dbuser_prefix = $app->tools_sites->getPrefix($this->oldDataRecord['database_user_prefix'], $dbuser_prefix);


        $this->dataRecord['database_user_prefix'] = $dbuser_prefix;


        




      //* Database username shall not be empty


      if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'<br />';




      if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}',$dbuser_prefix . $this->dataRecord['database_user'],$app->tform->wordbook["database_user_error_len"]).'<br />';


		




      //* Check database user against blacklist


      $dbuser_blacklist = array($conf['db_user'],'mysql','root');


      if(in_array($dbuser_prefix . $this->dataRecord['database_user'],$dbuser_blacklist)) {


         $app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';


      }


		




      if ($app->tform->errorMessage == ''){


         /* restrict the names if there is no error */


            /* crop user and db names if they are too long -> mysql: user: 16 chars / db: 64 chars */


         $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);


      }


		




      /* prepare password for MongoDB */


      // TODO: this still doens't work as when only the username changes we have no database_password.


      // taking the one from oldData doesn't work as it's encrypted...shit!


      $this->dataRecord['database_password_mongo'] = $this->dataRecord['database_user'].":mongo:".$this->dataRecord['database_password'];




        $this->dataRecord['server_id'] = 0; // we need this on all servers


        




      parent::onBeforeUpdate();


   }




   function onBeforeInsert() {


      global $app, $conf, $interfaceConf;


		




      //* Database username shall not be empty


      if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'<br />';




@@ -162,11 +167,11 @@


      $app->uses('getconf,tools_sites');


      $global_config = $app->getconf->get_global_config('sites');


      $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);


		




        $this->dataRecord['database_user_prefix'] = $dbuser_prefix;


        




      if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}',$dbuser_prefix . $this->dataRecord['database_user'],$app->tform->wordbook["database_user_error_len"]).'<br />';


		




      //* Check database user against blacklist


      $dbuser_blacklist = array($conf['db_user'],'mysql','root');


      if(is_array($dbuser_blacklist) && in_array($dbuser_prefix . $this->dataRecord['database_user'],$dbuser_blacklist)) {


@@ -178,15 +183,18 @@


      if ($app->tform->errorMessage == ''){


         $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);


      }


		


        $this->dataRecord['server_id'] = 0; // we need this on all servers


        




      $this->dataRecord['server_id'] = 0; // we need this on all servers




      /* prepare password for MongoDB */


      $this->dataRecord['database_password_mongo'] = $this->dataRecord['database_user'].":mongo:".$this->dataRecord['database_password'];




      parent::onBeforeInsert();


   }




   function onAfterInsert() {


      global $app, $conf;


		




      if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {


         $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);


         $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);


@@ -208,9 +216,9 @@


         $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);


         $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);


      }


		




      /*$password = $app->db->queryOneRecord("SELECT database_password FROM web_database_user WHERE database_user_id = ".$this->id);


        




        $records = $app->db->queryAllRecords("SELECT DISTINCT server_id FROM web_database WHERE database_user_id = '".$app->functions->intval($this->id)."' UNION SELECT DISTINCT server_id FROM web_database WHERE database_ro_user_id = '".$app->functions->intval($this->id)."'");


        foreach($records as $rec) {


            $new_rec = $this->dataRecord;