From 6733652286e1b74e447a75d0dac9d1637096b34d Mon Sep 17 00:00:00 2001 From: tbrehm <t.brehm@ispconfig.org> Date: Sun, 11 Jan 2009 12:44:25 -0500 Subject: [PATCH] Fixed several bugs in client db plugin. --- server/plugins-available/mysql_clientdb_plugin.inc.php | 43 ++++++++++++++++++++++++++++--------------- server/lib/classes/db_mysql.inc.php | 2 +- 2 files changed, 29 insertions(+), 16 deletions(-) diff --git a/server/lib/classes/db_mysql.inc.php b/server/lib/classes/db_mysql.inc.php index f85cbb0..828bb43 100644 --- a/server/lib/classes/db_mysql.inc.php +++ b/server/lib/classes/db_mysql.inc.php @@ -168,7 +168,7 @@ return addslashes($formfield); } - return mysql_real_escape_string($formfield); + return mysql_real_escape_string($formfield, $this->linkId); } // Check der variablen diff --git a/server/plugins-available/mysql_clientdb_plugin.inc.php b/server/plugins-available/mysql_clientdb_plugin.inc.php index 8e0f15b..602fae4 100644 --- a/server/plugins-available/mysql_clientdb_plugin.inc.php +++ b/server/plugins-available/mysql_clientdb_plugin.inc.php @@ -71,7 +71,7 @@ global $app, $conf; if($data["new"]["type"] == 'mysql') { - if(!include_once(ISPC_LIB_PATH.'/mysql_clientdb.conf')) { + if(!include(ISPC_LIB_PATH.'/mysql_clientdb.conf')) { $app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf',LOGLEVEL_ERROR); return; } @@ -102,12 +102,14 @@ if($data["new"]["remote_access"] == 'y') { $db_host = '%'; + mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link); + $db_host = 'localhost'; + mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link); } else { $db_host = 'localhost'; + mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link); } - mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"]).".* TO '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"])."';",$link); - //echo "GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"]).".* TO '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"])."';"; } mysql_query("FLUSH PRIVILEGES;",$link); @@ -119,7 +121,7 @@ global $app, $conf; if($data["new"]["type"] == 'mysql') { - if(!include_once(ISPC_LIB_PATH.'/mysql_clientdb.conf')) { + if(!include(ISPC_LIB_PATH.'/mysql_clientdb.conf')) { $app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf',LOGLEVEL_ERROR); return; } @@ -136,11 +138,15 @@ if($data["new"]["remote_access"] == 'y') { $db_host = '%'; + mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link); + $db_host = 'localhost'; + mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link); } else { $db_host = 'localhost'; + mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link); } - mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"]).".* TO '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"])."';",$link); + // mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link); //echo "GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"]).".* TO '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"])."';"; } @@ -153,23 +159,30 @@ $db_host = 'localhost'; } - mysql_query("REVOKE ALL PRIVILEGES ON ".mysql_real_escape_string($data["new"]["database_name"]).".* FROM '".mysql_real_escape_string($data["new"]["database_user"])."';",$link); + mysql_query("REVOKE ALL PRIVILEGES ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* FROM '".mysql_real_escape_string($data["new"]["database_user"],$link)."';",$link); } //* Rename User if($data["new"]["database_user"] != $data["old"]["database_user"]) { - mysql_query("RENAME USER '".mysql_real_escape_string($data["old"]["database_user"])."' TO '".mysql_real_escape_string($data["new"]["database_user"])."'",$link); + mysql_query("RENAME USER '".mysql_real_escape_string($data["old"]["database_user"],$link)."' TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'",$link); $app->log('Renaming mysql user: '.$data["old"]["database_user"].' to '.$data["new"]["database_user"],LOGLEVEL_DEBUG); } //* Remote access option has changed. if($data["new"]["remote_access"] != $data["old"]["remote_access"]) { + + //* revoke old priveliges + mysql_query("REVOKE ALL PRIVILEGES ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* FROM '".mysql_real_escape_string($data["new"]["database_user"],$link)."';",$link); + + //* set new priveliges if($data["new"]["remote_access"] == 'y') { - mysql_query("UPDATE mysql.user SET Host = '%' WHERE User = '".mysql_real_escape_string($data["new"]["database_user"])."' and Host = 'localhost';",$link); - mysql_query("UPDATE mysql.db SET Host = '%' WHERE User = '".mysql_real_escape_string($data["new"]["database_user"])."' and Host = 'localhost';",$link); + $db_host = '%'; + mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link); + $db_host = 'localhost'; + mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link); } else { - mysql_query("UPDATE mysql.user SET Host = 'localhost' WHERE User = '".mysql_real_escape_string($data["new"]["database_user"])."' and Host = '%';",$link); - mysql_query("UPDATE mysql.db SET Host = 'localhost' WHERE User = '".mysql_real_escape_string($data["new"]["database_user"])."' and Host = '%';",$link); + $db_host = 'localhost'; + mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link); } $app->log('Changing mysql remote access priveliges for database: '.$data["new"]["database_name"],LOGLEVEL_DEBUG); } @@ -190,7 +203,7 @@ //* Change password if($data["new"]["database_password"] != $data["old"]["database_password"]) { - mysql_query("SET PASSWORD FOR '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' = PASSWORD('".mysql_real_escape_string($data["new"]["database_password"])."');",$link); + mysql_query("SET PASSWORD FOR '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' = PASSWORD('".mysql_real_escape_string($data["new"]["database_password"],$link)."');",$link); $app->log('Changing mysql user password for: '.$data["new"]["database_user"],LOGLEVEL_DEBUG); } @@ -204,7 +217,7 @@ global $app, $conf; if($data["old"]["type"] == 'mysql') { - if(!include_once(ISPC_LIB_PATH.'/mysql_clientdb.conf')) { + if(!include(ISPC_LIB_PATH.'/mysql_clientdb.conf')) { $app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf',LOGLEVEL_ERROR); return; } @@ -223,13 +236,13 @@ $db_host = 'localhost'; } - if(mysql_query("DROP USER '".mysql_real_escape_string($data["old"]["database_user"])."'@'$db_host';",$link)) { + if(mysql_query("DROP USER '".mysql_real_escape_string($data["old"]["database_user"],$link)."'@'$db_host';",$link)) { $app->log('Dropping mysql user: '.$data["old"]["database_user"],LOGLEVEL_DEBUG); } else { $app->log('Error while dropping mysql user: '.$data["old"]["database_user"].' '.mysql_error($link),LOGLEVEL_ERROR); } - if(mysql_query('DROP DATABASE '.mysql_real_escape_string($data["old"]["database_name"]),$link)) { + if(mysql_query('DROP DATABASE '.mysql_real_escape_string($data["old"]["database_name"],$link),$link)) { $app->log('Dropping mysql database: '.$data["old"]["database_name"],LOGLEVEL_DEBUG); } else { $app->log('Error while dropping mysql database: '.$data["old"]["database_name"].' '.mysql_error($link),LOGLEVEL_ERROR); -- Gitblit v1.9.1