gitlabFork/ISPConfig3.git - Solinfo Gitblit

			@@ -56,17 +56,11 @@

			// we will check only users, not admins
			if($_SESSION["s"]["user"]["typ"] == 'user') {

			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client = $app->db->queryOneRecord("SELECT limit_database FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			// Check if the user may add another database.
			if($client["limit_database"] >= 0) {
			$tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE sys_groupid = $client_group_id");
			if($tmp["number"] >= $client["limit_database"]) {
			$app->error($app->tform->wordbook["limit_database_txt"]);
			}
			if(!$app->tform->checkClientLimit('limit_database')) {
			$app->error($app->tform->wordbook["limit_database_txt"]);
			}
			if(!$app->tform->checkResellerLimit('limit_database')) {
			$app->error('Reseller: '.$app->tform->wordbook["limit_database_txt"]);
			}
			}

			@@ -91,20 +85,22 @@

			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client = $app->db->queryOneRecord("SELECT client_id, default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			$client = $app->db->queryOneRecord("SELECT client.client_id, limit_web_domain, default_webserver, contact_name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			// Set the webserver to the default server of the client
			$tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = $client[default_dbserver]");
			$app->tpl->setVar("server_id","<option value='$client[default_dbserver]'>$tmp[server_name]</option>");
			$tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = $client[default_webserver]");
			$app->tpl->setVar("server_id","<option value='$client[default_webserver]'>$tmp[server_name]</option>");
			unset($tmp);


			// Fill the client select field
			$sql = "SELECT groupid, name FROM sys_group, client WHERE sys_group.client_id = client.parent_client_id AND client.parent_client_id = ".$client['client_id'];
			$sql = "SELECT groupid, name FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY name";
			$clients = $app->db->queryAllRecords($sql);
			$client_select = '';
			$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
			$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contact_name'].'</option>';
			$tmp_data_record = $app->tform->getDataRecord($this->id);
			if(is_array($clients)) {
			foreach( $clients as $client) {
			$selected = @($client["groupid"] == $this->dataRecord["sys_groupid"])?'SELECTED':'';
			$selected = @($client["groupid"] == $tmp_data_record["sys_groupid"])?'SELECTED':'';
			$client_select .= "<option value='$client[groupid]' $selected>$client[name]</option>\r\n";
			}
			}
			@@ -136,12 +132,13 @@
			unset($ips);

			// Fill the client select field
			$sql = "SELECT groupid, name FROM sys_group WHERE client_id > 0";
			$sql = "SELECT groupid, name FROM sys_group WHERE client_id > 0 ORDER BY name";
			$clients = $app->db->queryAllRecords($sql);
			$client_select = "<option value='0'></option>";
			$tmp_data_record = $app->tform->getDataRecord($this->id);
			if(is_array($clients)) {
			foreach( $clients as $client) {
			$selected = @($client["groupid"] == $this->dataRecord["sys_groupid"])?'SELECTED':'';
			$selected = @($client["groupid"] == $tmp_data_record["sys_groupid"])?'SELECTED':'';
			$client_select .= "<option value='$client[groupid]' $selected>$client[name]</option>\r\n";
			}
			}
			@@ -261,14 +258,32 @@
			}
			}
			unset($old_record);


			if(strlen($dbname_prefix . $this->dataRecord['database_name']) > 64) $app->tform->errorMessage .= str_replace('{db}',$dbname_prefix . $this->dataRecord['database_name'],$app->tform->wordbook["database_name_error_len"]).'<br />';
			if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}',$dbuser_prefix . $this->dataRecord['database_user'],$app->tform->wordbook["database_user_error_len"]).'<br />';

			//* Check database name and user against blacklist
			$dbname_blacklist = array($conf['db_database'],'mysql');
			if(in_array($dbname_prefix . $this->dataRecord['database_name'],$dbname_blacklist)) {
			$app->tform->errorMessage .= $app->lng('Database name not allowed.').'<br />';
			}

			$dbuser_blacklist = array($conf['db_user'],'mysql','root');
			if(in_array($dbname_prefix . $this->dataRecord['database_user'],$dbname_blacklist)) {
			$app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';
			}

			if ($app->tform->errorMessage == ''){
			/* restrict the names if there is no error */
			/* crop user and db names if they are too long -> mysql: user: 16 chars / db: 64 chars */
			$this->dataRecord['database_name'] = substr($dbname_prefix . $this->dataRecord['database_name'], 0, 64);
			$this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
			}


			//* Check for duplicates
			$tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$this->dataRecord['database_name']."' AND server_id = '".$this->dataRecord["server_id"]."' AND database_id != '".$this->id."'");
			if($tmp['dbnum'] > 0) $app->tform->errorMessage .= $app->lng('database_name_error_unique').'<br />';

			parent::onBeforeUpdate();
			}

			@@ -284,11 +299,31 @@
			$global_config = $app->getconf->get_global_config('sites');
			$dbname_prefix = replacePrefix($global_config['dbname_prefix'], $this->dataRecord);
			$dbuser_prefix = replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);

			if(strlen($dbname_prefix . $this->dataRecord['database_name']) > 64) $app->tform->errorMessage .= str_replace('{db}',$dbname_prefix . $this->dataRecord['database_name'],$app->tform->wordbook["database_name_error_len"]).'<br />';
			if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}',$dbuser_prefix . $this->dataRecord['database_user'],$app->tform->wordbook["database_user_error_len"]).'<br />';

			//* Check database name and user against blacklist
			$dbname_blacklist = array($conf['db_database'],'mysql');
			if(in_array($dbname_prefix . $this->dataRecord['database_name'],$dbname_blacklist)) {
			$app->tform->errorMessage .= $app->lng('Database name not allowed.').'<br />';
			}

			$dbuser_blacklist = array($conf['db_user'],'mysql','root');
			if(in_array($dbname_prefix . $this->dataRecord['database_user'],$dbname_blacklist)) {
			$app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';
			}

			/* restrict the names */
			/* crop user and db names if they are too long -> mysql: user: 16 chars / db: 64 chars */
			$this->dataRecord['database_name'] = substr($dbname_prefix . $this->dataRecord['database_name'], 0, 64);
			$this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
			if ($app->tform->errorMessage == ''){
			$this->dataRecord['database_name'] = substr($dbname_prefix . $this->dataRecord['database_name'], 0, 64);
			$this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
			}

			//* Check for duplicates
			$tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$this->dataRecord['database_name']."' AND server_id = '".$this->dataRecord["server_id"]."'");
			if($tmp['dbnum'] > 0) $app->tform->errorMessage .= $app->tform->lng('database_name_error_unique').'<br />';

			parent::onBeforeInsert();
			}