From 07c3bd9b777e55d0b8fc988d6583e44861a3ee43 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Sun, 15 Mar 2009 08:04:13 -0400
Subject: [PATCH] Improved password protection of website statistics.
---
server/plugins-available/mysql_clientdb_plugin.inc.php | 150 ++++++++++++++++++++++++++++++++++++--------------
1 files changed, 108 insertions(+), 42 deletions(-)
diff --git a/server/plugins-available/mysql_clientdb_plugin.inc.php b/server/plugins-available/mysql_clientdb_plugin.inc.php
index 7711236..eaf85e7 100644
--- a/server/plugins-available/mysql_clientdb_plugin.inc.php
+++ b/server/plugins-available/mysql_clientdb_plugin.inc.php
@@ -1,7 +1,7 @@
<?php
/*
-Copyright (c) 2008, Till Brehm, projektfarm Gmbh
+Copyright (c) 2007, Till Brehm, projektfarm Gmbh
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
@@ -33,6 +33,19 @@
var $plugin_name = 'mysql_clientdb_plugin';
var $class_name = 'mysql_clientdb_plugin';
+ //* This function is called during ispconfig installation to determine
+ // if a symlink shall be created for this plugin.
+ function onInstall() {
+ global $conf;
+
+ if($conf['services']['db'] == true) {
+ return true;
+ } else {
+ return false;
+ }
+
+ }
+
/*
This function is called when the plugin is loaded
@@ -58,8 +71,9 @@
global $app, $conf;
if($data["new"]["type"] == 'mysql') {
- if(!include_once(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
+ if(!include(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
$app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf',LOGLEVEL_ERROR);
+ return;
}
//* Connect to the database
@@ -68,23 +82,34 @@
$app->log('Unable to connect to the database'.mysql_error($link),LOGLEVEL_ERROR);
return;
}
-
+
+ // Charset for the new table
+ if($data["new"]["database_charset"] != '') {
+ $query_charset_table = ' DEFAULT CHARACTER SET '.$data["new"]["database_charset"];
+ } else {
+ $query_charset_table = '';
+ }
+
//* Create the new database
- if (mysql_query('CREATE DATABASE '.addslashes($data["new"]["database_name"]),$link)) {
+ if (mysql_query('CREATE DATABASE '.mysql_real_escape_string($data["new"]["database_name"]).$query_charset_table,$link)) {
$app->log('Created MySQL database: '.$data["new"]["database_name"],LOGLEVEL_DEBUG);
} else {
$app->log('Unable to connect to the database'.mysql_error($link),LOGLEVEL_ERROR);
}
- // Create the database user
- if($data["new"]["remote_access"] == 'y') {
- $db_host = '%';
- } else {
+ // Create the database user if database is active
+ if($data["new"]["active"] == 'y') {
+
+ if($data["new"]["remote_access"] == 'y') {
+ $db_host = '%';
+ mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
+ }
+
$db_host = 'localhost';
+ mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
+
+
}
-
- mysql_query("GRANT ALL ON ".addslashes($data["new"]["database_name"]).".* TO '".addslashes($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".addslashes($data["new"]["database_password"])."';",$link);
- //echo "GRANT ALL ON ".addslashes($data["new"]["database_name"]).".* TO '".addslashes($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".addslashes($data["new"]["database_password"])."';";
mysql_query("FLUSH PRIVILEGES;",$link);
mysql_close($link);
@@ -95,52 +120,84 @@
global $app, $conf;
if($data["new"]["type"] == 'mysql') {
- if(!include_once(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
+ if(!include(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
$app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf',LOGLEVEL_ERROR);
return;
}
-
+
//* Connect to the database
$link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
if (!$link) {
$app->log('Unable to connect to the database'.mysql_error($link),LOGLEVEL_ERROR);
+ return;
+ }
+
+ // Create the database user if database was disabled before
+ if($data["new"]["active"] == 'y' && $data["old"]["active"] == 'n') {
+
+ if($data["new"]["remote_access"] == 'y') {
+ $db_host = '%';
+ mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
+ }
+
+ $db_host = 'localhost';
+ mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
+
+ // mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
+ //echo "GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"]).".* TO '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"])."';";
+ }
+
+ // Remove database user, if inactive
+ if($data["new"]["active"] == 'n' && $data["old"]["active"] == 'y') {
+
+ if($data["old"]["remote_access"] == 'y') {
+ $db_host = '%';
+ mysql_query("DROP USER '".mysql_real_escape_string($data["old"]["database_user"],$link)."'@'$db_host';",$link);
+ }
+
+ $db_host = 'localhost';
+ mysql_query("DROP USER '".mysql_real_escape_string($data["old"]["database_user"],$link)."'@'$db_host';",$link);
+
+
+ //mysql_query("REVOKE ALL PRIVILEGES ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* FROM '".mysql_real_escape_string($data["new"]["database_user"],$link)."';",$link);
}
//* Rename User
if($data["new"]["database_user"] != $data["old"]["database_user"]) {
- mysql_query("RENAME USER '".addslashes($data["old"]["database_user"])."' TO '".addslashes($data["new"]["database_user"])."'",$link);
+ $db_host = 'localhost';
+ mysql_query("RENAME USER '".mysql_real_escape_string($data["old"]["database_user"],$link)."'@'$db_host' TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host'",$link);
+ if($data["old"]["remote_access"] == 'y') {
+ $db_host = '%';
+ mysql_query("RENAME USER '".mysql_real_escape_string($data["old"]["database_user"],$link)."'@'$db_host' TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host'",$link);
+ }
$app->log('Renaming mysql user: '.$data["old"]["database_user"].' to '.$data["new"]["database_user"],LOGLEVEL_DEBUG);
}
//* Remote access option has changed.
if($data["new"]["remote_access"] != $data["old"]["remote_access"]) {
- if($data["new"]["remote_access"] == 'y') {
- mysql_query("UPDATE mysql.user SET Host = '%' WHERE User = '".addslashes($data["new"]["database_user"])."' and Host = 'localhost';",$link);
- mysql_query("UPDATE mysql.db SET Host = '%' WHERE User = '".addslashes($data["new"]["database_user"])."' and Host = 'localhost';",$link);
+
+ //* revoke old priveliges
+ //mysql_query("REVOKE ALL PRIVILEGES ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* FROM '".mysql_real_escape_string($data["new"]["database_user"],$link)."';",$link);
+
+ //* set new priveliges
+ $db_host = '%';
+ if($data["new"]["remote_access"] == 'y') {
+ mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
} else {
- mysql_query("UPDATE mysql.user SET Host = 'localhost' WHERE User = '".addslashes($data["new"]["database_user"])."' and Host = '%';",$link);
- mysql_query("UPDATE mysql.db SET Host = 'localhost' WHERE User = '".addslashes($data["new"]["database_user"])."' and Host = '%';",$link);
+ mysql_query("DROP USER '".mysql_real_escape_string($data["old"]["database_user"],$link)."'@'$db_host';",$link);
}
$app->log('Changing mysql remote access priveliges for database: '.$data["new"]["database_name"],LOGLEVEL_DEBUG);
}
- //* Get the db host setting for the access priveliges
- if($data["new"]["remote_access"] == 'y') {
- $db_host = '%';
- } else {
- $db_host = 'localhost';
- }
-
- /*
- //* Rename database
- if($data["new"]["database_name"] != $data["old"]["database_name"]) {
- mysql_query("",$link);
- }
- */
-
//* Change password
if($data["new"]["database_password"] != $data["old"]["database_password"]) {
- mysql_query("SET PASSWORD FOR '".addslashes($data["new"]["database_user"])."'@'$db_host' = PASSWORD('".addslashes($data["new"]["database_password"])."');",$link);
+ $db_host = 'localhost';
+ mysql_query("SET PASSWORD FOR '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' = PASSWORD('".mysql_real_escape_string($data["new"]["database_password"],$link)."');",$link);
+
+ if($data["new"]["remote_access"] == 'y') {
+ $db_host = '%';
+ mysql_query("SET PASSWORD FOR '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' = PASSWORD('".mysql_real_escape_string($data["new"]["database_password"],$link)."');",$link);
+ }
$app->log('Changing mysql user password for: '.$data["new"]["database_user"],LOGLEVEL_DEBUG);
}
@@ -154,7 +211,7 @@
global $app, $conf;
if($data["old"]["type"] == 'mysql') {
- if(!include_once(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
+ if(!include(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
$app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf',LOGLEVEL_ERROR);
return;
}
@@ -163,21 +220,30 @@
$link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
if (!$link) {
$app->log('Unable to connect to the database'.mysql_error($link),LOGLEVEL_ERROR);
+ return;
}
//* Get the db host setting for the access priveliges
if($data["old"]["remote_access"] == 'y') {
$db_host = '%';
+ if(mysql_query("DROP USER '".mysql_real_escape_string($data["old"]["database_user"],$link)."'@'$db_host';",$link)) {
+ $app->log('Dropping mysql user: '.$data["old"]["database_user"],LOGLEVEL_DEBUG);
+ } else {
+ $app->log('Error while dropping mysql user: '.$data["old"]["database_user"].' '.mysql_error($link),LOGLEVEL_ERROR);
+ }
+ }
+ $db_host = 'localhost';
+ if(mysql_query("DROP USER '".mysql_real_escape_string($data["old"]["database_user"],$link)."'@'$db_host';",$link)) {
+ $app->log('Dropping mysql user: '.$data["old"]["database_user"],LOGLEVEL_DEBUG);
} else {
- $db_host = 'localhost';
+ $app->log('Error while dropping mysql user: '.$data["old"]["database_user"].' '.mysql_error($link),LOGLEVEL_ERROR);
}
- mysql_query("DROP USER '".addslashes($data["old"]["database_user"])."'@'$db_host';",$link);
- $app->log('Dropping mysql user: '.$data["old"]["database_user"],LOGLEVEL_DEBUG);
-
- mysql_query('DROP DATABASE '.addslashes($data["old"]["database_name"]),$link);
- $app->log('Dropping mysql database: '.$data["old"]["database_name"],LOGLEVEL_DEBUG);
-
+ if(mysql_query('DROP DATABASE '.mysql_real_escape_string($data["old"]["database_name"],$link),$link)) {
+ $app->log('Dropping mysql database: '.$data["old"]["database_name"],LOGLEVEL_DEBUG);
+ } else {
+ $app->log('Error while dropping mysql database: '.$data["old"]["database_name"].' '.mysql_error($link),LOGLEVEL_ERROR);
+ }
mysql_query("FLUSH PRIVILEGES;",$link);
mysql_close($link);
--
Gitblit v1.9.1