From 317b4d0d88793601d32105de19427c151512f889 Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Tue, 04 Sep 2012 10:12:45 -0400
Subject: [PATCH] Fixed: Some improvements and fixes for the database/user separation

---
 server/plugins-available/mysql_clientdb_plugin.inc.php       |   10 ++++++----
 interface/web/sites/form/database_user.tform.php             |   11 +++++++++++
 interface/lib/plugins/sites_web_database_user_plugin.inc.php |    5 +++--
 interface/web/sites/database_user_edit.php                   |   15 ++++++++++++++-
 interface/web/sites/database_edit.php                        |    1 +
 5 files changed, 35 insertions(+), 7 deletions(-)

diff --git a/interface/lib/plugins/sites_web_database_user_plugin.inc.php b/interface/lib/plugins/sites_web_database_user_plugin.inc.php
index 4b6af43..be894ca 100644
--- a/interface/lib/plugins/sites_web_database_user_plugin.inc.php
+++ b/interface/lib/plugins/sites_web_database_user_plugin.inc.php
@@ -30,11 +30,12 @@
         // also make sure that the user can not delete domain created by a admin
         if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {
             $client_group_id = intval($page_form->dataRecord["client_group_id"]);
-            $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$page_form->id);
+            $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE database_user_id = ".$page_form->id);
         }
         if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) {
             $client_group_id = intval($page_form->dataRecord["client_group_id"]);
-            $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE domain_id = ".$page_form->id);
+            $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$page_form->id);
         }
+        $app->db->query("UPDATE web_database_user SET server_id = '" . intval($conf['server_id']) . "' WHERE database_user_id = ".$page_form->id);
 	}
 }              	
\ No newline at end of file
diff --git a/interface/web/sites/database_edit.php b/interface/web/sites/database_edit.php
index 1393aaf..3858440 100644
--- a/interface/web/sites/database_edit.php
+++ b/interface/web/sites/database_edit.php
@@ -309,6 +309,7 @@
         global $app;
         if(!empty($sql) && !$app->tform->isReadonlyTab($app->tform->getCurrentTab(),$this->id)) {
             
+            $app->uses('sites_database_plugin');
             $app->sites_database_plugin->processDatabaseUpdate($this);
 
             $app->db->query($sql);
diff --git a/interface/web/sites/database_user_edit.php b/interface/web/sites/database_user_edit.php
index 651b208..f3ec904 100644
--- a/interface/web/sites/database_user_edit.php
+++ b/interface/web/sites/database_user_edit.php
@@ -145,6 +145,8 @@
 			$this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
 		}
 		
+        $this->dataRecord['server_id'] = $conf['server_id'];
+        
 		parent::onBeforeUpdate();
 	}
 
@@ -173,6 +175,8 @@
 			$this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
 		}
 		
+        $this->dataRecord['server_id'] = $conf['server_id'];
+        
 		parent::onBeforeInsert();
 	}
 
@@ -200,7 +204,16 @@
 			$client_group_id = intval($this->dataRecord["client_group_id"]);
 			$app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);
 		}
-
+        
+        $old_rec = $app->db->queryOneRecord("SELECT * FROM web_database_user WHERE database_user_id = '".$this->id."'");
+        
+        $records = $app->db->queryAllRecords("SELECT DISTINCT server_id FROM web_database WHERE database_user_id = '".intval($this->id)."' UNION SELECT DISTINCT server_id FROM web_database WHERE database_ro_user_id = '".intval($this->id)."'");
+        foreach($records as $rec) {
+            $new_rec = $this->dataRecord;
+            $new_rec['server_id'] = $rec['server_id'];
+            $app->db->datalogSave('web_database_user', 'UPDATE', 'database_user_id', $this->id, $old_rec, $new_rec);
+        }
+        unset($new_rec);
 	}
 
 }
diff --git a/interface/web/sites/form/database_user.tform.php b/interface/web/sites/form/database_user.tform.php
index f8cd38c..9716701 100644
--- a/interface/web/sites/form/database_user.tform.php
+++ b/interface/web/sites/form/database_user.tform.php
@@ -63,6 +63,17 @@
 	##################################
 	# Begin Datatable fields
 	##################################
+		'server_id' => array (
+			'datatype'	=> 'INTEGER',
+			'formtype'	=> 'SELECT',
+			'default'	=> '',
+			'datasource'	=> array ( 	'type'	=> 'SQL',
+										'querystring' => 'SELECT server_id,server_name FROM server WHERE mirror_server_id = 0 AND {AUTHSQL} AND db_server = 1 ORDER BY server_name',
+										'keyfield'=> 'server_id',
+										'valuefield'=> 'server_name'
+									 ),
+			'value'		=> ''
+		),
 		'database_user' => array (
 			'datatype'	=> 'VARCHAR',
 			'formtype'	=> 'TEXT',
diff --git a/server/plugins-available/mysql_clientdb_plugin.inc.php b/server/plugins-available/mysql_clientdb_plugin.inc.php
index 98efd8c..df840ee 100644
--- a/server/plugins-available/mysql_clientdb_plugin.inc.php
+++ b/server/plugins-available/mysql_clientdb_plugin.inc.php
@@ -88,9 +88,11 @@
       foreach($host_list as $db_host) {
           $db_host = trim($db_host);
           
+          $app->log($action . ' for user ' . $database_user . ' at host ' . $db_host, LOGLEVEL_DEBUG);
+          
           // check if entry is valid ip address
           $valid = true;
-		  if($db_host == '%') {
+		  if($db_host == '%' || $db_host == 'localhost') {
 		  	$valid = true;
 		  } elseif(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $db_host)) {
               $groups = explode('.', $db_host);
@@ -106,6 +108,7 @@
           
           if($action == 'GRANT') {
               if(!$link->query("GRANT " . ($user_read_only ? "SELECT" : "ALL") . " ON ".$link->escape_string($database_name).".* TO '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."';")) $success = false;
+              $app->log("GRANT " . ($user_read_only ? "SELECT" : "ALL") . " ON ".$link->escape_string($database_name).".* TO '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."'; success? " . ($success ? 'yes' : 'no'), LOGLEVEL_DEBUG);
           } elseif($action == 'REVOKE') {
               if(!$link->query("REVOKE ALL PRIVILEGES ON ".$link->escape_string($database_name).".* FROM '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."';")) $success = false;
           } elseif($action == 'DROP') {
@@ -388,9 +391,8 @@
 			}
 
 			if($data['new']['database_password'] != $data['old']['database_password']) {
-				$db_host = 'localhost';
-				$link->query("SET PASSWORD FOR '".$link->escape_string($data['new']['database_user'])."'@'$db_host' = '".$link->escape_string($data['new']['database_password'])."';");
-				$app->log('Changing MySQL user password for: '.$data['new']['database_user'],LOGLEVEL_DEBUG);
+				$link->query("SET PASSWORD FOR '".$link->escape_string($data['new']['database_user'])."'@'$db_host' = PASSWORD('".$link->escape_string($data['new']['database_password'])."');"); // is contained in clear text so PASSWORD() func is needed
+				$app->log('Changing MySQL user password for: '.$data['new']['database_user'].'@'.$db_host,LOGLEVEL_DEBUG);
 			}
         }
         

--
Gitblit v1.9.1