gitlabFork/ISPConfig3.git - Solinfo Gitblit

			@@ -58,15 +58,20 @@
			Register for the events
			*/

			//* Mailboxes
			//* Databases
			$app->plugins->registerEvent('database_insert',$this->plugin_name,'db_insert');
			$app->plugins->registerEvent('database_update',$this->plugin_name,'db_update');
			$app->plugins->registerEvent('database_delete',$this->plugin_name,'db_delete');

			//* Database users
			$app->plugins->registerEvent('database_user_insert',$this->plugin_name,'db_user_insert');
			$app->plugins->registerEvent('database_user_update',$this->plugin_name,'db_user_update');
			$app->plugins->registerEvent('database_user_delete',$this->plugin_name,'db_user_delete');


			}

			function process_host_list($action, $database_name, $database_user, $database_password, $host_list, $link, $database_rename_user = '') {
			function process_host_list($action, $database_name, $database_user, $database_password, $host_list, $link, $database_rename_user = '', $user_read_only = false) {
			global $app;

			$action = strtoupper($action);
			@@ -83,9 +88,11 @@
			foreach($host_list as $db_host) {
			$db_host = trim($db_host);

			$app->log($action . ' for user ' . $database_user . ' at host ' . $db_host, LOGLEVEL_DEBUG);

			// check if entry is valid ip address
			$valid = true;
			if($db_host == '%') {
			if($db_host == '%' \|\| $db_host == 'localhost') {
			$valid = true;
			} elseif(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $db_host)) {
			$groups = explode('.', $db_host);
			@@ -100,15 +107,16 @@
			if($valid == false) continue;

			if($action == 'GRANT') {
			if(!mysql_query("GRANT ALL ON ".mysql_real_escape_string($database_name,$link).".* TO '".mysql_real_escape_string($database_user,$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($database_password,$link)."';",$link)) $success = false;
			if(!$link->query("GRANT " . ($user_read_only ? "SELECT" : "ALL") . " ON ".$link->escape_string($database_name).".* TO '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."';")) $success = false;
			$app->log("GRANT " . ($user_read_only ? "SELECT" : "ALL") . " ON ".$link->escape_string($database_name).".* TO '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."'; success? " . ($success ? 'yes' : 'no'), LOGLEVEL_DEBUG);
			} elseif($action == 'REVOKE') {
			//mysql_query("REVOKE ALL PRIVILEGES ON ".mysql_real_escape_string($database_name,$link).".* FROM '".mysql_real_escape_string($database_user,$link)."';",$link);
			if(!$link->query("REVOKE ALL PRIVILEGES ON ".$link->escape_string($database_name).".* FROM '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."';")) $success = false;
			} elseif($action == 'DROP') {
			if(!mysql_query("DROP USER '".mysql_real_escape_string($database_user,$link)."'@'$db_host';",$link)) $success = false;
			if(!$link->query("DROP USER '".$link->escape_string($database_user)."'@'$db_host';")) $success = false;
			} elseif($action == 'RENAME') {
			if(!mysql_query("RENAME USER '".mysql_real_escape_string($database_user,$link)."'@'$db_host' TO '".mysql_real_escape_string($database_rename_user,$link)."'@'$db_host'",$link)) $success = false;
			if(!$link->query("RENAME USER '".$link->escape_string($database_user)."'@'$db_host' TO '".$link->escape_string($database_rename_user)."'@'$db_host'")) $success = false;
			} elseif($action == 'PASSWORD') {
			if(!mysql_query("SET PASSWORD FOR '".mysql_real_escape_string($database_user,$link)."'@'$db_host' = PASSWORD('".mysql_real_escape_string($database_password,$link)."');",$link)) $success = false;
			if(!$link->query("SET PASSWORD FOR '".$link->escape_string($database_user)."'@'$db_host' = '".$link->escape_string($database_password)."';")) $success = false;
			}
			}

			@@ -124,15 +132,10 @@
			return;
			}

			if($data['new']['database_user'] == 'root') {
			$app->log('User root not allowed for Client databases',LOGLEVEL_WARNING);
			return;
			}

			//* Connect to the database
			$link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
			if (!$link) {
			$app->log('Unable to connect to the database'.mysql_error($link),LOGLEVEL_ERROR);
			$link = new mysqli($clientdb_host, $clientdb_user, $clientdb_password);
			if ($link->connect_error) {
			$app->log('Unable to connect to mysql'.$link->connect_error,LOGLEVEL_ERROR);
			return;
			}

			@@ -144,27 +147,41 @@
			}

			//* Create the new database
			if (mysql_query('CREATE DATABASE '.mysql_real_escape_string($data['new']['database_name']).$query_charset_table,$link)) {
			if ($link->query('CREATE DATABASE '.$link->escape_string($data['new']['database_name']).$query_charset_table)) {
			$app->log('Created MySQL database: '.$data['new']['database_name'],LOGLEVEL_DEBUG);
			} else {
			$app->log('Unable to create the database: '.mysql_error($link),LOGLEVEL_WARNING);
			$app->log('Unable to create the database: '.$link->error,LOGLEVEL_WARNING);
			}

			// Create the database user if database is active
			if($data['new']['active'] == 'y') {

			if($data['new']['remote_access'] == 'y') {
			$this->process_host_list('GRANT', $data['new']['database_name'], $data['new']['database_user'], $data['new']['database_password'], $data['new']['remote_ips'], $link);
			}

			$db_host = 'localhost';
			mysql_query("GRANT ALL ON `".str_replace(array('_','%'),array('\\_','\\%'),mysql_real_escape_string($data['new']['database_name'],$link))."`.* TO '".mysql_real_escape_string($data['new']['database_user'],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data['new']['database_password'],$link)."';",$link);

			// get the users for this database
			$db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['new']['database_user_id']) . "'");

			$db_ro_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['new']['database_ro_user_id']) . "'");

			$host_list = '';
			if($data['new']['remote_access'] == 'y') {
			$host_list = $data['new']['remote_ips'];
			if($host_list == '') $host_list = '%';
			}
			if($host_list != '') $host_list .= ',';
			$host_list .= 'localhost';

			if($db_user) {
			if($db_user['database_user'] == 'root') $app->log('User root not allowed for Client databases',LOGLEVEL_WARNING);
			else $this->process_host_list('GRANT', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $host_list, $link);
			}
			if($db_ro_user && $data['new']['database_user_id'] != $data['new']['database_ro_user_id']) {
			if($db_ro_user['database_user'] == 'root') $app->log('User root not allowed for Client databases',LOGLEVEL_WARNING);
			else $this->process_host_list('GRANT', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $host_list, $link, '', true);
			}

			}

			mysql_query('FLUSH PRIVILEGES;',$link);
			mysql_close($link);
			$link->query('FLUSH PRIVILEGES;');
			$link->close();
			}
			}

			@@ -177,55 +194,74 @@
			return;
			}

			if($data['new']['database_user'] == 'root') {
			$app->log('User root not allowed for Client databases',LOGLEVEL_WARNING);
			return;
			}

			//* Connect to the database
			$link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
			if (!$link) {
			$app->log('Unable to connect to the database: '.mysql_error($link),LOGLEVEL_ERROR);
			$link = new mysqli($clientdb_host, $clientdb_user, $clientdb_password);
			if ($link->connect_error) {
			$app->log('Unable to connect to the database: '.$link->connect_error,LOGLEVEL_ERROR);
			return;
			}

			// Create the database user if database was disabled before
			// get the users for this database
			$db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['new']['database_user_id']) . "'");

			$db_ro_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['new']['database_ro_user_id']) . "'");

			$host_list = '';
			if($data['new']['remote_access'] == 'y') {
			$host_list = $data['new']['remote_ips'];
			if($host_list == '') $host_list = '%';
			}
			if($host_list != '') $host_list .= ',';
			$host_list .= 'localhost';

			// Create the database user if database was disabled before
			if($data['new']['active'] == 'y' && $data['old']['active'] == 'n') {

			if($data['new']['remote_access'] == 'y') {
			$this->process_host_list('GRANT', $data['new']['database_name'], $data['new']['database_user'], $data['new']['database_password'], $data['new']['remote_ips'], $link);
			}

			$db_host = 'localhost';
			mysql_query("GRANT ALL ON `".str_replace(array('_','%'),array('\\_','\\%'),mysql_real_escape_string($data['new']['database_name'],$link))."`.* TO '".mysql_real_escape_string($data['new']['database_user'],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data['new']['database_password'],$link)."';",$link);

			// mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
			//echo "GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"]).".* TO '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"])."';";
			if($db_user) {
			if($db_user['database_user'] == 'root') $app->log('User root not allowed for Client databases',LOGLEVEL_WARNING);
			else $this->process_host_list('GRANT', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $host_list, $link);
			}
			if($db_ro_user && $data['new']['database_user_id'] != $data['new']['database_ro_user_id']) {
			if($db_ro_user['database_user'] == 'root') $app->log('User root not allowed for Client databases',LOGLEVEL_WARNING);
			else $this->process_host_list('GRANT', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $host_list, $link, '', true);
			}
			} else if($data['new']['active'] == 'n' && $data['old']['active'] == 'y') { // revoke database user, if inactive
			if($db_user) {
			if($db_user['database_user'] == 'root') $app->log('User root not allowed for Client databases',LOGLEVEL_WARNING);
			else $this->process_host_list('REVOKE', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $host_list, $link);
			}
			if($db_ro_user && $data['new']['database_user_id'] != $data['new']['database_ro_user_id']) {
			if($db_ro_user['database_user'] == 'root') $app->log('User root not allowed for Client databases',LOGLEVEL_WARNING);
			else $this->process_host_list('REVOKE', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $host_list, $link);
			}
			}

			// Remove database user, if inactive
			if($data['new']['active'] == 'n' && $data['old']['active'] == 'y') {

			if($data['old']['remote_access'] == 'y') {
			$this->process_host_list('DROP', '', $data['old']['database_user'], '', $data['old']['remote_ips'], $link);
			}

			$db_host = 'localhost';
			mysql_query("DROP USER '".mysql_real_escape_string($data['old']['database_user'],$link)."'@'$db_host';",$link);


			//mysql_query("REVOKE ALL PRIVILEGES ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* FROM '".mysql_real_escape_string($data["new"]["database_user"],$link)."';",$link);
			}

			//* Rename User
			if($data['new']['database_user'] != $data['old']['database_user']) {
			$db_host = 'localhost';
			mysql_query("RENAME USER '".mysql_real_escape_string($data['old']['database_user'],$link)."'@'$db_host' TO '".mysql_real_escape_string($data['new']['database_user'],$link)."'@'$db_host'",$link);
			if($data['old']['remote_access'] == 'y') {
			$this->process_host_list('RENAME', '', $data['old']['database_user'], '', $data['new']['remote_ips'], $link, $data['new']['database_user']);
			}
			$app->log('Renaming MySQL user: '.$data['old']['database_user'].' to '.$data['new']['database_user'],LOGLEVEL_DEBUG);
			}

			//* selected Users have changed
			if($data['new']['database_user_id'] != $data['old']['database_user_id']) {
			if($data['old']['database_user_id'] && $data['old']['database_user_id'] != $data['new']['database_ro_user_id']) {
			$old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['old']['database_user_id']) . "'");
			if($old_db_user) {
			if($old_db_user['database_user'] == 'root') $app->log('User root not allowed for Client databases',LOGLEVEL_WARNING);
			else $this->process_host_list('REVOKE', $data['new']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $host_list, $link);
			}
			}
			if($db_user) {
			if($db_user['database_user'] == 'root') $app->log('User root not allowed for Client databases',LOGLEVEL_WARNING);
			else $this->process_host_list('GRANT', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $host_list, $link);
			}
			}
			if($data['new']['database_ro_user_id'] != $data['old']['database_ro_user_id']) {
			if($data['old']['database_ro_user_id'] && $data['old']['database_ro_user_id'] != $data['new']['database_user_id']) {
			$old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['old']['database_ro_user_id']) . "'");
			if($old_db_user) {
			if($old_db_user['database_user'] == 'root') $app->log('User root not allowed for Client databases',LOGLEVEL_WARNING);
			else $this->process_host_list('REVOKE', $data['new']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $host_list, $link);
			}
			}
			if($db_ro_user && $data['new']['database_user_id'] != $data['new']['database_ro_user_id']) {
			if($db_ro_user['database_user'] == 'root') $app->log('User root not allowed for Client databases',LOGLEVEL_WARNING);
			else $this->process_host_list('GRANT', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $host_list, $link, '', true);
			}
			}

			//* Remote access option has changed.
			if($data['new']['remote_access'] != $data['old']['remote_access']) {
			@@ -235,30 +271,46 @@

			//* set new priveliges
			if($data['new']['remote_access'] == 'y') {
			$this->process_host_list('GRANT', $data['new']['database_name'], $data['new']['database_user'], $data['new']['database_password'], $data['new']['remote_ips'], $link);
			if($db_user) {
			if($db_user['database_user'] == 'root') $app->log('User root not allowed for Client databases',LOGLEVEL_WARNING);
			else $this->process_host_list('GRANT', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $data['new']['remote_ips'], $link);
			}
			if($db_ro_user && $data['new']['database_user_id'] != $data['new']['database_ro_user_id']) {
			if($db_ro_user['database_user'] == 'root') $app->log('User root not allowed for Client databases',LOGLEVEL_WARNING);
			else $this->process_host_list('GRANT', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $data['new']['remote_ips'], $link, '', true);
			}
			} else {
			$this->process_host_list('DROP', '', $data['old']['database_user'], '', $data['old']['remote_ips'], $link);
			if($db_user) {
			if($db_user['database_user'] == 'root') $app->log('User root not allowed for Client databases',LOGLEVEL_WARNING);
			else $this->process_host_list('REVOKE', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $data['new']['remote_ips'], $link);
			}
			if($db_ro_user && $data['new']['database_user_id'] != $data['new']['database_ro_user_id']) {
			if($db_ro_user['database_user'] == 'root') $app->log('User root not allowed for Client databases',LOGLEVEL_WARNING);
			else $this->process_host_list('REVOKE', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $data['new']['remote_ips'], $link);
			}
			}
			$app->log('Changing MySQL remote access privileges for database: '.$data['new']['database_name'],LOGLEVEL_DEBUG);
			} elseif($data['new']['remote_access'] == 'y' && $data['new']['remote_ips'] != $data['old']['remote_ips']) {
			//* Change remote access list
			$this->process_host_list('DROP', '', $data['old']['database_user'], '', $data['old']['remote_ips'], $link);
			$this->process_host_list('GRANT', $data['new']['database_name'], $data['new']['database_user'], $data['new']['database_password'], $data['new']['remote_ips'], $link);
			}
			//* Change remote access list
			if($db_user) {
			if($db_user['database_user'] == 'root') $app->log('User root not allowed for Client databases',LOGLEVEL_WARNING);
			else {
			$this->process_host_list('REVOKE', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $data['old']['remote_ips'], $link);
			$this->process_host_list('GRANT', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $data['new']['remote_ips'], $link);
			}
			}
			if($db_ro_user && $data['new']['database_user_id'] != $data['new']['database_ro_user_id']) {
			if($db_ro_user['database_user'] == 'root') $app->log('User root not allowed for Client databases',LOGLEVEL_WARNING);
			else {
			$this->process_host_list('REVOKE', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $data['old']['remote_ips'], $link);
			$this->process_host_list('GRANT', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $data['new']['remote_ips'], $link, '', true);
			}
			}
			}

			//* Change password
			if($data['new']['database_password'] != $data['old']['database_password']) {
			$db_host = 'localhost';
			mysql_query("SET PASSWORD FOR '".mysql_real_escape_string($data['new']['database_user'],$link)."'@'$db_host' = PASSWORD('".mysql_real_escape_string($data['new']['database_password'],$link)."');",$link);

			if($data['new']['remote_access'] == 'y') {
			$this->process_host_list('PASSWORD', '', $data['new']['database_user'], $data['new']['database_password'], $data['new']['remote_ips'], $link);
			}
			$app->log('Changing MySQL user password for: '.$data['new']['database_user'],LOGLEVEL_DEBUG);
			}

			mysql_query('FLUSH PRIVILEGES;',$link);
			mysql_close($link);
			$link->query('FLUSH PRIVILEGES;');
			$link->close();
			}

			}
			@@ -273,43 +325,118 @@
			}

			//* Connect to the database
			$link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
			if (!$link) {
			$app->log('Unable to connect to the database: '.mysql_error($link),LOGLEVEL_ERROR);
			$link = new mysqli($clientdb_host, $clientdb_user, $clientdb_password);
			if ($link->connect_error) {
			$app->log('Unable to connect to mysql: '.$link->connect_error,LOGLEVEL_ERROR);
			return;
			}

			//* Get the db host setting for the access priveliges
			if($data['old']['remote_access'] == 'y') {
			if($this->process_host_list('DROP', '', $data['old']['database_user'], '', $data['old']['remote_ips'], $link)) {
			$app->log('Dropping MySQL user: '.$data['old']['database_user'],LOGLEVEL_DEBUG);
			} else {
			$app->log('Error while dropping MySQL user: '.$data['old']['database_user'].' '.mysql_error($link),LOGLEVEL_WARNING);
			}
			}
			$db_host = 'localhost';
			if(mysql_query("DROP USER '".mysql_real_escape_string($data['old']['database_user'],$link)."'@'$db_host';",$link)) {
			$app->log('Dropping MySQL user: '.$data['old']['database_user'],LOGLEVEL_DEBUG);
			} else {
			$app->log('Error while dropping MySQL user: '.$data['old']['database_user'].' '.mysql_error($link),LOGLEVEL_WARNING);
			}

			if(mysql_query('DROP DATABASE '.mysql_real_escape_string($data['old']['database_name'],$link),$link)) {
			if($link->query('DROP DATABASE '.$link->escape_string($data['old']['database_name']))) {
			$app->log('Dropping MySQL database: '.$data['old']['database_name'],LOGLEVEL_DEBUG);
			} else {
			$app->log('Error while dropping MySQL database: '.$data['old']['database_name'].' '.mysql_error($link),LOGLEVEL_WARNING);
			$app->log('Error while dropping MySQL database: '.$data['old']['database_name'].' '.$link->error,LOGLEVEL_WARNING);
			}

			mysql_query('FLUSH PRIVILEGES;',$link);
			mysql_close($link);
			$link->query('FLUSH PRIVILEGES;');
			$link->close();
			}


			}


			function db_user_insert($event_name,$data) {
			global $app, $conf;
			// we have nothing to do here, stale user accounts are useless ;)
			}


			function db_user_update($event_name,$data) {
			global $app, $conf;

			if(!include(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
			$app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf',LOGLEVEL_ERROR);
			return;
			}

			//* Connect to the database
			$link = new mysqli($clientdb_host, $clientdb_user, $clientdb_password);
			if ($link->connect_error) {
			$app->log('Unable to connect to mysql'.$link->connect_error,LOGLEVEL_ERROR);
			return;
			}


			if($data['old']['database_user'] == $data['new']['database_user'] && ($data['old']['database_password'] == $data['new']['database_password'] \|\| $data['new']['database_password'] == '')) {
			return;
			}


			$host_list = array('localhost');
			// get all databases this user was active for
			$db_list = $app->db->queryAllRecords("SELECT `remote_access`, `remote_ips` FROM `web_database` WHERE `database_user_id` = '" . intval($data['old']['database_user_id']) . "'");
			foreach($db_list as $database) {
			if($database['remote_access'] != 'y') continue;

			if($database['remote_ips'] != '') $ips = explode(',', $database['remote_ips']);
			else $ips = array('%');

			foreach($ips as $ip) {
			$ip = trim($ip);
			if(!in_array($ip, $host_list)) $host_list[] = $ip;
			}
			}

			foreach($host_list as $db_host) {
			if($data['new']['database_user'] != $data['old']['database_user']) {
			$link->query("RENAME USER '".$link->escape_string($data['old']['database_user'])."'@'$db_host' TO '".$link->escape_string($data['new']['database_user'])."'@'$db_host'");
			$app->log('Renaming MySQL user: '.$data['old']['database_user'].' to '.$data['new']['database_user'],LOGLEVEL_DEBUG);
			}

			if($data['new']['database_password'] != $data['old']['database_password'] && $data['new']['database_password'] != '') {
			$link->query("SET PASSWORD FOR '".$link->escape_string($data['new']['database_user'])."'@'$db_host' = '".$link->escape_string($data['new']['database_password'])."';");
			$app->log('Changing MySQL user password for: '.$data['new']['database_user'].'@'.$db_host,LOGLEVEL_DEBUG);
			}
			}

			$link->query('FLUSH PRIVILEGES;');
			$link->close();

			}

			function db_user_delete($event_name,$data) {
			global $app, $conf;

			if(!include(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
			$app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf',LOGLEVEL_ERROR);
			return;
			}

			//* Connect to the database
			$link = new mysqli($clientdb_host, $clientdb_user, $clientdb_password);
			if ($link->connect_error) {
			$app->log('Unable to connect to mysql'.$link->connect_error,LOGLEVEL_ERROR);
			return;
			}

			$host_list = array();
			// read all mysql users with this username
			$result = $link->query("SELECT `User`, `Host` FROM `mysql`.`user` WHERE `User` = '" . $link->escape_string($data['old']['database_user']) . "' AND `Create_user_priv` = 'N'"); // basic protection against accidently deleting system users like debian-sys-maint
			if($result) {
			while($row = $result->fetch_assoc()) {
			$host_list[] = $row['Host'];
			}
			$result->free();
			}

			foreach($host_list as $db_host) {
			if($link->query("DROP USER '".$link->escape_string($data['old']['database_user'])."'@'$db_host';")) {
			$app->log('Dropping MySQL user: '.$data['old']['database_user'],LOGLEVEL_DEBUG);
			}
			}

			$link->query('FLUSH PRIVILEGES;');
			$link->close();
			}
			} // end class

			?>