gitlabFork/ISPConfig3.git - Solinfo Gitblit

			@@ -56,17 +56,11 @@

			// we will check only users, not admins
			if($_SESSION["s"]["user"]["typ"] == 'user') {

			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client = $app->db->queryOneRecord("SELECT limit_database FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			// Check if the user may add another database.
			if($client["limit_database"] >= 0) {
			$tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE sys_groupid = $client_group_id");
			if($tmp["number"] >= $client["limit_database"]) {
			$app->error($app->tform->wordbook["limit_database_txt"]);
			}
			if(!$app->tform->checkClientLimit('limit_database')) {
			$app->error($app->tform->wordbook["limit_database_txt"]);
			}
			if(!$app->tform->checkResellerLimit('limit_database')) {
			$app->error('Reseller: '.$app->tform->wordbook["limit_database_txt"]);
			}
			}

			@@ -91,24 +85,12 @@

			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client = $app->db->queryOneRecord("SELECT client_id, default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			$client = $app->db->queryOneRecord("SELECT client.client_id, limit_web_domain, default_webserver, contact_name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			// Set the webserver to the default server of the client
			$tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = $client[default_dbserver]");
			$app->tpl->setVar("server_id","<option value='$client[default_dbserver]'>$tmp[server_name]</option>");
			$tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = $client[default_webserver]");
			$app->tpl->setVar("server_id","<option value='$client[default_webserver]'>$tmp[server_name]</option>");
			unset($tmp);

			// Fill the client select field
			$sql = "SELECT groupid, name FROM sys_group, client WHERE sys_group.client_id = client.parent_client_id AND client.parent_client_id = ".$client['client_id'];
			$clients = $app->db->queryAllRecords($sql);
			$client_select = '';
			if(is_array($clients)) {
			foreach( $clients as $client) {
			$selected = @($client["groupid"] == $this->dataRecord["sys_groupid"])?'SELECTED':'';
			$client_select .= "<option value='$client[groupid]' $selected>$client[name]</option>\r\n";
			}
			}
			$app->tpl->setVar("client_group_id",$client_select);

			} else {

			@@ -121,32 +103,6 @@
			$server_id = $tmp['server_id'];
			}

			$sql = "SELECT ip_address FROM server_ip WHERE server_id = $server_id";
			$ips = $app->db->queryAllRecords($sql);
			$ip_select = "<option value=''></option>";
			//$ip_select = "";
			if(is_array($ips)) {
			foreach( $ips as $ip) {
			$selected = ($ip["ip_address"] == $this->dataRecord["ip_address"])?'SELECTED':'';
			$ip_select .= "<option value='$ip[ip_address]' $selected>$ip[ip_address]</option>\r\n";
			}
			}
			$app->tpl->setVar("ip_address",$ip_select);
			unset($tmp);
			unset($ips);

			// Fill the client select field
			$sql = "SELECT groupid, name FROM sys_group WHERE client_id > 0";
			$clients = $app->db->queryAllRecords($sql);
			$client_select = "<option value='0'></option>";
			if(is_array($clients)) {
			foreach( $clients as $client) {
			$selected = @($client["groupid"] == $this->dataRecord["sys_groupid"])?'SELECTED':'';
			$client_select .= "<option value='$client[groupid]' $selected>$client[name]</option>\r\n";
			}
			}
			$app->tpl->setVar("client_group_id",$client_select);

			}

			/*
			@@ -157,8 +113,8 @@
			//* Get the database name and database user prefix
			$app->uses('getconf');
			$global_config = $app->getconf->get_global_config('sites');
			$dbname_prefix = ($global_config['dbname_prefix'] == '')?'':str_replace('[CLIENTNAME]', $this->getClientName(), $global_config['dbname_prefix']);
			$dbuser_prefix = ($global_config['dbuser_prefix'] == '')?'':str_replace('[CLIENTNAME]', $this->getClientName(), $global_config['dbuser_prefix']);
			$dbname_prefix = replacePrefix($global_config['dbname_prefix'], $this->dataRecord);
			$dbuser_prefix = replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);

			if ($this->dataRecord['database_name'] != ""){
			/* REMOVE the restriction */
			@@ -172,6 +128,15 @@
			} else {
			$app->tpl->setVar("database_name_prefix", $dbname_prefix);
			$app->tpl->setVar("database_user_prefix", $dbuser_prefix);
			}

			if($this->id > 0) {
			//* we are editing a existing record
			$app->tpl->setVar("edit_disabled", 1);
			$app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]);
			$app->tpl->setVar("database_charset_value", $this->dataRecord["database_charset"]);
			} else {
			$app->tpl->setVar("edit_disabled", 0);
			}

			parent::onShowEnd();
			@@ -206,9 +171,6 @@
			}

			}

			// Clients may not set the client_group_id, so we unset them if user is not a admin and the client is not a reseller
			if(!$app->auth->has_clients($_SESSION['s']['user']['userid'])) unset($this->dataRecord["client_group_id"]);
			}


			@@ -218,25 +180,27 @@
			function onBeforeUpdate() {
			global $app, $conf, $interfaceConf;

			/*
			* If the names should be restricted -> do it!
			*/

			//* Site shell not be empty
			if($this->dataRecord['parent_domain_id'] == 0) $app->tform->errorMessage .= $app->tform->lng("database_site_error_empty").'<br />';

			//* Get the database name and database user prefix
			$app->uses('getconf');
			$global_config = $app->getconf->get_global_config('sites');
			$dbname_prefix = ($global_config['dbname_prefix'] == '')?'':str_replace('[CLIENTNAME]', $this->getClientName(), $global_config['dbname_prefix']);
			$dbuser_prefix = ($global_config['dbuser_prefix'] == '')?'':str_replace('[CLIENTNAME]', $this->getClientName(), $global_config['dbuser_prefix']);
			$dbname_prefix = replacePrefix($global_config['dbname_prefix'], $this->dataRecord);
			$dbuser_prefix = replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);

			//* Prevent that the database name and charset is changed
			$old_record = $app->tform->getDataRecord($this->id);
			if($old_record["database_name"] != $restriction . $this->dataRecord["database_name"]) {
			if($old_record["database_name"] != $dbname_prefix . $this->dataRecord["database_name"]) {
			$app->tform->errorMessage .= $app->tform->wordbook["database_name_change_txt"].'<br />';
			}
			if($old_record["database_charset"] != $this->dataRecord["database_charset"]) {
			$app->tform->errorMessage .= $app->tform->wordbook["database_charset_change_txt"].'<br />';
			}

			//* Database username and database name shall not be empty
			if($this->dataRecord['database_name'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_name_error_empty"].'<br />';
			if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'<br />';

			//* Check if the server has been changed
			// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
			@@ -248,79 +212,110 @@
			}
			}
			unset($old_record);


			if(strlen($dbname_prefix . $this->dataRecord['database_name']) > 64) $app->tform->errorMessage .= str_replace('{db}',$dbname_prefix . $this->dataRecord['database_name'],$app->tform->wordbook["database_name_error_len"]).'<br />';
			if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}',$dbuser_prefix . $this->dataRecord['database_user'],$app->tform->wordbook["database_user_error_len"]).'<br />';

			//* Check database name and user against blacklist
			$dbname_blacklist = array($conf['db_database'],'mysql');
			if(in_array($dbname_prefix . $this->dataRecord['database_name'],$dbname_blacklist)) {
			$app->tform->errorMessage .= $app->lng('Database name not allowed.').'<br />';
			}

			$dbuser_blacklist = array($conf['db_user'],'mysql','root');
			if(in_array($dbname_prefix . $this->dataRecord['database_user'],$dbname_blacklist)) {
			$app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';
			}

			if ($app->tform->errorMessage == ''){
			/* restrict the names if there is no error */
			$this->dataRecord['database_name'] = $dbname_prefix . $this->dataRecord['database_name'];
			$this->dataRecord['database_user'] = $dbuser_prefix . $this->dataRecord['database_user'];
			/* crop user and db names if they are too long -> mysql: user: 16 chars / db: 64 chars */
			$this->dataRecord['database_name'] = substr($dbname_prefix . $this->dataRecord['database_name'], 0, 64);
			$this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
			}


			//* Check for duplicates
			$tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$this->dataRecord['database_name']."' AND server_id = '".$this->dataRecord["server_id"]."' AND database_id != '".$this->id."'");
			if($tmp['dbnum'] > 0) $app->tform->errorMessage .= $app->lng('database_name_error_unique').'<br />';

			parent::onBeforeUpdate();
			}

			function onBeforeInsert() {
			global $app, $conf, $interfaceConf;

			//* Site shell not be empty
			if($this->dataRecord['parent_domain_id'] == 0) $app->tform->errorMessage .= $app->tform->lng("database_site_error_empty").'<br />';

			//* Database username and database name shall not be empty
			if($this->dataRecord['database_name'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_name_error_empty"].'<br />';
			if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'<br />';

			//* Get the database name and database user prefix
			$app->uses('getconf');
			$global_config = $app->getconf->get_global_config('sites');
			$dbname_prefix = ($global_config['dbname_prefix'] == '')?'':str_replace('[CLIENTNAME]', $this->getClientName(), $global_config['dbname_prefix']);
			$dbuser_prefix = ($global_config['dbuser_prefix'] == '')?'':str_replace('[CLIENTNAME]', $this->getClientName(), $global_config['dbuser_prefix']);
			$dbname_prefix = replacePrefix($global_config['dbname_prefix'], $this->dataRecord);
			$dbuser_prefix = replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);

			if(strlen($dbname_prefix . $this->dataRecord['database_name']) > 64) $app->tform->errorMessage .= str_replace('{db}',$dbname_prefix . $this->dataRecord['database_name'],$app->tform->wordbook["database_name_error_len"]).'<br />';
			if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}',$dbuser_prefix . $this->dataRecord['database_user'],$app->tform->wordbook["database_user_error_len"]).'<br />';

			//* Check database name and user against blacklist
			$dbname_blacklist = array($conf['db_database'],'mysql');
			if(in_array($dbname_prefix . $this->dataRecord['database_name'],$dbname_blacklist)) {
			$app->tform->errorMessage .= $app->lng('Database name not allowed.').'<br />';
			}

			$dbuser_blacklist = array($conf['db_user'],'mysql','root');
			if(in_array($dbname_prefix . $this->dataRecord['database_user'],$dbname_blacklist)) {
			$app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';
			}

			/* restrict the names */
			$this->dataRecord['database_name'] = $dbname_prefix . $this->dataRecord['database_name'];
			$this->dataRecord['database_user'] = $dbuser_prefix . $this->dataRecord['database_user'];
			/* crop user and db names if they are too long -> mysql: user: 16 chars / db: 64 chars */
			if ($app->tform->errorMessage == ''){
			$this->dataRecord['database_name'] = substr($dbname_prefix . $this->dataRecord['database_name'], 0, 64);
			$this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
			}

			//* Check for duplicates
			$tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$this->dataRecord['database_name']."' AND server_id = '".$this->dataRecord["server_id"]."'");
			if($tmp['dbnum'] > 0) $app->tform->errorMessage .= $app->tform->lng('database_name_error_unique').'<br />';

			parent::onBeforeInsert();
			}

			function onAfterInsert() {
			global $app, $conf;

			// make sure that the record belongs to the clinet group and not the admin group when a dmin inserts it
			// also make sure that the user can not delete domain created by a admin
			if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
			$client_group_id = intval($this->dataRecord["client_group_id"]);
			$app->db->query("UPDATE web_database SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE database_id = ".$this->id);
			}
			if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
			$client_group_id = intval($this->dataRecord["client_group_id"]);
			$app->db->query("UPDATE web_database SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_id = ".$this->id);

			if($this->dataRecord["parent_domain_id"] > 0) {
			$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($this->dataRecord["parent_domain_id"]));

			//* The Database user shall be owned by the same group then the website
			$sys_groupid = $web['sys_groupid'];
			$backup_interval = $web['backup_interval'];
			$backup_copies = $web['backup_copies'];

			$sql = "UPDATE web_database SET sys_groupid = '$sys_groupid', backup_interval = '$backup_interval', backup_copies = '$backup_copies' WHERE database_id = ".$this->id;
			$app->db->query($sql);
			}
			}

			function onAfterUpdate() {
			global $app, $conf;

			// make sure that the record belongs to the client group and not the admin group when a admin inserts it
			// also make sure that the user can not delete domain created by a admin
			if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
			$client_group_id = intval($this->dataRecord["client_group_id"]);
			$app->db->query("UPDATE web_database SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE database_id = ".$this->id);
			}
			if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
			$client_group_id = intval($this->dataRecord["client_group_id"]);
			$app->db->query("UPDATE web_database SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_id = ".$this->id);
			if($this->dataRecord["parent_domain_id"] > 0) {
			$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($this->dataRecord["parent_domain_id"]));

			//* The Database user shall be owned by the same group then the website
			$sys_groupid = $web['sys_groupid'];
			$backup_interval = $web['backup_interval'];
			$backup_copies = $web['backup_copies'];

			$sql = "UPDATE web_database SET sys_groupid = '$sys_groupid', backup_interval = '$backup_interval', backup_copies = '$backup_copies' WHERE database_id = ".$this->id;
			$app->db->query($sql);
			}

			}

			function getClientName() {
			global $app, $conf;

			if($_SESSION["s"]["user"]["typ"] != 'admin') {
			// Get the group-id of the user
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			} else {
			// Get the group-id from the data itself
			$client_group_id = $this->dataRecord['client_group_id'];
			}
			/* get the name of the client */
			$tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = " . $client_group_id);
			$clientName = $tmp['name'];
			if ($clientName == "") $clientName = 'default';
			$clientName = convertClientName($clientName);

			}

			}