ISPConfig3 devel
blame | history | patch | commit | commitdiff | ignore whitespace
Falko Timme
2014-04-05 ca4b71c1db5981433efc68f7c032b8dac588b6d5 
 interface/web/sites/database_user_edit.php


@@ -38,8 +38,8 @@


* End Form configuration


******************************************/




require_once('../../lib/config.inc.php');


require_once('../../lib/app.inc.php');


require_once '../../lib/config.inc.php';


require_once '../../lib/app.inc.php';




//* Check permissions for module


$app->auth->check_module_permissions('sites');


@@ -63,27 +63,27 @@


      $global_config = $app->getconf->get_global_config('sites');


      $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);




        if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {


      if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {


         // Get the limits of the client


         $client_group_id = $_SESSION["s"]["user"]["default_group"];


         $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


         $client = $app->db->queryOneRecord("SELECT client.company_name, client.contact_name, client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");




            // Fill the client select field


            $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY sys_group.name";


            $records = $app->db->queryAllRecords($sql);


            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);


            $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contact_name'].'</option>';


            //$tmp_data_record = $app->tform->getDataRecord($this->id);


            if(is_array($records)) {


                foreach( $records as $rec) {


                    $selected = @(is_array($this->dataRecord) && ($rec["groupid"] == $this->dataRecord['client_group_id'] || $rec["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';


                    $client_select .= "<option value='$rec[groupid]' $selected>$rec[contactname]</option>\r\n";


                }


            }


            $app->tpl->setVar("client_group_id",$client_select);


        } elseif($_SESSION["s"]["user"]["typ"] == 'admin') {


         // Fill the client select field


         $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY sys_group.name";


         $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id'])." ORDER BY client.company_name, client.contact_name, sys_group.name";


         $records = $app->db->queryAllRecords($sql);


         $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));


         $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contact_name'].'</option>';


         //$tmp_data_record = $app->tform->getDataRecord($this->id);


         if(is_array($records)) {


            foreach( $records as $rec) {


               $selected = @(is_array($this->dataRecord) && ($rec["groupid"] == $this->dataRecord['client_group_id'] || $rec["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';


               $client_select .= "<option value='$rec[groupid]' $selected>$rec[contactname]</option>\r\n";


            }


         }


         $app->tpl->setVar("client_group_id", $client_select);


      } elseif($_SESSION["s"]["user"]["typ"] == 'admin') {


         // Fill the client select field


         $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";


         $clients = $app->db->queryAllRecords($sql);


         $client_select = "<option value='0'></option>";


         //$tmp_data_record = $app->tform->getDataRecord($this->id);


@@ -94,8 +94,8 @@


               $client_select .= "<option value='$client[groupid]' $selected>$client[contactname]</option>\r\n";


            }


         }


         $app->tpl->setVar("client_group_id",$client_select);


        }


         $app->tpl->setVar("client_group_id", $client_select);


      }






      if ($this->dataRecord['database_user'] != ""){


@@ -109,13 +109,13 @@


      parent::onShowEnd();


   }




    function onSubmit() {


        global $app;


   function onSubmit() {


      global $app;




        if($_SESSION['s']['user']['typ'] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) unset($this->dataRecord["client_group_id"]);


      if($_SESSION['s']['user']['typ'] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) unset($this->dataRecord["client_group_id"]);




        parent::onSubmit();


    }


      parent::onSubmit();


   }




   function onBeforeUpdate() {


      global $app, $conf, $interfaceConf;


@@ -125,34 +125,29 @@


      $global_config = $app->getconf->get_global_config('sites');


      $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);




        $this->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM web_database_user WHERE database_user_id = '".$this->id."'");


      $this->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM web_database_user WHERE database_user_id = '".$this->id."'");




        $dbuser_prefix = $app->tools_sites->getPrefix($this->oldDataRecord['database_user_prefix'], $dbuser_prefix);


        $this->dataRecord['database_user_prefix'] = $dbuser_prefix;


      $dbuser_prefix = $app->tools_sites->getPrefix($this->oldDataRecord['database_user_prefix'], $dbuser_prefix);


      $this->dataRecord['database_user_prefix'] = $dbuser_prefix;




      //* Database username shall not be empty


      if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'<br />';




      if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}',$dbuser_prefix . $this->dataRecord['database_user'],$app->tform->wordbook["database_user_error_len"]).'<br />';


      if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}', $dbuser_prefix . $this->dataRecord['database_user'], $app->tform->wordbook["database_user_error_len"]).'<br />';




      //* Check database user against blacklist


      $dbuser_blacklist = array($conf['db_user'],'mysql','root');


      if(in_array($dbuser_prefix . $this->dataRecord['database_user'],$dbuser_blacklist)) {


      $dbuser_blacklist = array($conf['db_user'], 'mysql', 'root');


      if(in_array($dbuser_prefix . $this->dataRecord['database_user'], $dbuser_blacklist)) {


         $app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';


      }




      if ($app->tform->errorMessage == ''){


         /* restrict the names if there is no error */


            /* crop user and db names if they are too long -> mysql: user: 16 chars / db: 64 chars */


         /* crop user and db names if they are too long -> mysql: user: 16 chars / db: 64 chars */


         $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);


      }




      /* prepare password for MongoDB */


      // TODO: this still doens't work as when only the username changes we have no database_password.


      // taking the one from oldData doesn't work as it's encrypted...shit!


      $this->dataRecord['database_password_mongo'] = $this->dataRecord['database_user'].":mongo:".$this->dataRecord['database_password'];




        $this->dataRecord['server_id'] = 0; // we need this on all servers


      $this->dataRecord['server_id'] = 0; // we need this on all servers




      parent::onBeforeUpdate();


   }


@@ -168,26 +163,23 @@


      $global_config = $app->getconf->get_global_config('sites');


      $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);




        $this->dataRecord['database_user_prefix'] = $dbuser_prefix;


      $this->dataRecord['database_user_prefix'] = $dbuser_prefix;




      if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}',$dbuser_prefix . $this->dataRecord['database_user'],$app->tform->wordbook["database_user_error_len"]).'<br />';


      if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}', $dbuser_prefix . $this->dataRecord['database_user'], $app->tform->wordbook["database_user_error_len"]).'<br />';




      //* Check database user against blacklist


      $dbuser_blacklist = array($conf['db_user'],'mysql','root');


      if(is_array($dbuser_blacklist) && in_array($dbuser_prefix . $this->dataRecord['database_user'],$dbuser_blacklist)) {


      $dbuser_blacklist = array($conf['db_user'], 'mysql', 'root');


      if(is_array($dbuser_blacklist) && in_array($dbuser_prefix . $this->dataRecord['database_user'], $dbuser_blacklist)) {


         $app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';


      }




      /* restrict the names */


        /* crop user names if they are too long -> mysql: user: 16 chars / db: 64 chars */


      /* crop user names if they are too long -> mysql: user: 16 chars / db: 64 chars */


      if ($app->tform->errorMessage == ''){


         $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);


      }




      $this->dataRecord['server_id'] = 0; // we need this on all servers




      /* prepare password for MongoDB */


      $this->dataRecord['database_password_mongo'] = $this->dataRecord['database_user'].":mongo:".$this->dataRecord['database_password'];




      parent::onBeforeInsert();


   }


@@ -235,4 +227,4 @@


$page = new page_action;


$page->onLoad();




?>


?>