The names of the database and the database_user can be limited by the system

vogelor

2008-12-12 9f6339a58df07ea702c353283d866ea2d046026b

The names of the database and the database_user can be limited by the system

 interface/web/sites/database_edit.php

@@ -40,6 +40,7 @@

require_once('../../lib/config.inc.php');
require_once('../../lib/app.inc.php');
require_once('tools.inc.php');

//* Check permissions for module
$app->auth->check_module_permissions('sites');
@@ -73,7 +74,7 @@
    }
    
    function onShowEnd() {
        global $app, $conf;
        global $app, $conf, $interfaceConf;
        
        if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
        
@@ -148,6 +149,40 @@
            
        }
        
        /*
         * If the names are restricted -> remove the client, so that the
         * data can be edited
         */
        if ($interfaceConf['restrict_names'] == true){
            /* Get the group-id */
            if($_SESSION["s"]["user"]["typ"] != 'admin') {
                // Get the group-id of the user
                $client_group_id = $_SESSION["s"]["user"]["default_group"];
            }
            else {
                // Get the group-id from the data itself
                $client_group_id = $this->dataRecord['sys_groupid'];
            }
            /* get the name of the client */
            $tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = " . $client_group_id);
            $clientName = $tmp['name'];
            if ($clientName == "") $clientName = 'default';
            $clientName = convertClientName($clientName);
            if ($this->dataRecord['database_name'] != ""){
                /* REMOVE the restriction */
                $app->tpl->setVar("database_name", str_replace($clientName . '_' , '', $this->dataRecord['database_name']));
                $app->tpl->setVar("database_user", str_replace($clientName . '_' , '', $this->dataRecord['database_user']));
            }
            if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
                $app->tpl->setVar("database_name_prefix", '{client}_');
                $app->tpl->setVar("database_user_prefix", '{client}_');
            }
            else {
                $app->tpl->setVar("database_name_prefix", $clientName . '_');
                $app->tpl->setVar("database_user_prefix", $clientName . '_');
            }
        }

        parent::onShowEnd();
    }
    
@@ -172,7 +207,7 @@
                
                
                // Check if the user may add another database
                if($client["limit_web_domain"] >= 0) {
                if($client["limit_database"] >= 0) {
                    $tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE sys_groupid = $client_group_id");
                    if($tmp["number"] >= $client["limit_database"]) {
                        $app->error($app->tform->wordbook["limit_database_txt"]);
@@ -190,36 +225,93 @@
    }

    function onBeforeUpdate() {
        global $app, $conf;
        global $app, $conf, $interfaceConf;

        /*
         * If the names should be restricted -> do it!
         */
        if ($interfaceConf['restrict_names'] == true){
            /* Get the group-id */
            if($_SESSION["s"]["user"]["typ"] != 'admin') {
                // Get the group-id of the user
                $client_group_id = $_SESSION["s"]["user"]["default_group"];
            }
            else {
                // Get the group-id from the data itself
                $client_group_id = $this->dataRecord['client_group_id'];
            }
            /* get the name of the client */
            $tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = " . $client_group_id);
            $clientName = $tmp['name'];
            if ($clientName == "") $clientName = 'default';
            $clientName = convertClientName($clientName);
            $nameSuffix = $clientName . '_';
        }
        else {
            $nameSuffix = '';
        }

        $error = false;

        //* Prevent that the database name and charset is changed
        $old_record = $app->tform->getDataRecord($this->id);
        if($old_record["database_name"] != $nameSuffix . $this->dataRecord["database_name"]) {
            $app->tform->errorMessage .= $app->tform->wordbook["database_name_change_txt"].'<br />';
            $error = true;
        }
        if($old_record["database_charset"] != $this->dataRecord["database_charset"]) {
            $app->tform->errorMessage .= $app->tform->wordbook["database_charset_change_txt"].'<br />';
            $error = true;
        }

        //* Check if the server has been changed
        // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
        if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
            $rec = $app->db->queryOneRecord("SELECT server_id from web_database WHERE database_id = ".$this->id);
            if($rec['server_id'] != $this->dataRecord["server_id"]) {
            if($old_record["server_id"] != $this->dataRecord["server_id"]) {
                //* Add a error message and switch back to old server
                $app->tform->errorMessage .= $app->lng('The Server can not be changed.');
                $this->dataRecord["server_id"] = $rec['server_id'];
                $error = true;
            }
            unset($rec);
        }
    }

    function onUpdate() {
        global $app, $conf;
		
        //* Prevent that the database name and charset is changed
        $old_record = $app->tform->getDataRecord($this->id);
        if($old_record["database_name"] != $this->dataRecord["database_name"]) {
            $app->tform->errorMessage .= $app->tform->wordbook["database_name_change_txt"].'<br />';
        }
        if($old_record["database_charset"] != $this->dataRecord["database_charset"]) {
            $app->tform->errorMessage .= $app->tform->wordbook["database_charset_change_txt"].'<br />';
        }
        unset($old_record);
        
        parent::onUpdate();
        if ($error == false){
            /* restrict the names if there is no error */
            $this->dataRecord['database_name'] = $nameSuffix . $this->dataRecord['database_name'];
            $this->dataRecord['database_user'] = $nameSuffix . $this->dataRecord['database_user'];
        }
        
        parent::onBeforeUpdate();
    }

    function onBeforeInsert() {
        global $app, $conf, $interfaceConf;
        global $interfaceConf;

        /*
         * If the names should be restricted -> do it!
         */
        if ($interfaceConf['restrict_names'] == true){
            /* Get the group-id */
            if($_SESSION["s"]["user"]["typ"] != 'admin') {
                // Get the group-id of the user
                $client_group_id = $_SESSION["s"]["user"]["default_group"];
            }
            else {
                // Get the group-id from the data itself
                $client_group_id = $this->dataRecord['client_group_id'];
            }
            /* get the name of the client */
            $tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = " . $client_group_id);
            $clientName = $tmp['name'];
            if ($clientName == "") $clientName = 'default';
            $clientName = convertClientName($clientName);
            /* restrict the names */
            $this->dataRecord['database_name'] = $clientName . '_' . $this->dataRecord['database_name'];
            $this->dataRecord['database_user'] = $clientName . '_' . $this->dataRecord['database_user'];
        }
        parent::onBeforeInsert();
    }
    
    function onAfterInsert() {
@@ -240,7 +332,7 @@
    function onAfterUpdate() {
        global $app, $conf;
        
        // make sure that the record belongs to the clinet group and not the admin group when a dmin inserts it
        // make sure that the record belongs to the client group and not the admin group when a admin inserts it
        // also make sure that the user can not delete domain created by a admin
        if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
            $client_group_id = intval($this->dataRecord["client_group_id"]);

 interface/web/sites/templates/database_edit.htm

@@ -26,10 +26,12 @@
      </span>

      <span class="wf_oneField">

        <label for="database_name" class="wf_preField">{tmpl_var name='database_name_txt'}</label>

        {tmpl_var name='database_name_prefix'}

        <input type="text" id="database_name" name="database_name" value="{tmpl_var name='database_name'}" size="30" maxlength="255" class="wf_required"><span class="wf_reqMark">*</span><br>

      </span>

      <span class="wf_oneField">

        <label for="database_user" class="wf_preField">{tmpl_var name='database_user_txt'}</label>

        {tmpl_var name='database_user_prefix'}

        <input type="text" id="database_user" name="database_user" value="{tmpl_var name='database_user'}" size="30" maxlength="255" class="wf_required"><span class="wf_reqMark">*</span><br>

      </span>

      <span class="wf_oneField">


 interface/web/sites/tools.inc.php

New file
@@ -0,0 +1,20 @@
<?php
function convertClientName($name){
    /**
     *  only allow 'a'..'z', '_', '0'..'9'
     */
    $allowed = 'abcdefghijklmnopqrstuvwxyz0123456789_';
    $res = '';
    $name = strtolower(trim($name));
    for ($i=0; $i < strlen($name); $i++){
        if ($name[$i] == ' ') continue;
        if (strpos($allowed, $name[$i]) !== false){
            $res .= $name[$i];
        }
        else {
            $res .= '_';
        }
    }
    return $res;
}
?>