From 2696e12bd643eaca85b9780b1c7d8ec1377df0fb Mon Sep 17 00:00:00 2001
From: latham <latham@ispconfig3>
Date: Fri, 04 Nov 2011 09:57:16 -0400
Subject: [PATCH] This will sort the modules by alpha before the dashboard is pushed to the front. This patch keeps the menu tabs stable instead of different on each user. Logging in as an admin, reseller, and user would show the tabs in different order each time do to user creation.
---
interface/web/sites/database_edit.php | 102 ++++++++++++++++++++++++++++++++++++--------------
1 files changed, 73 insertions(+), 29 deletions(-)
diff --git a/interface/web/sites/database_edit.php b/interface/web/sites/database_edit.php
index 51d740d..e066943 100644
--- a/interface/web/sites/database_edit.php
+++ b/interface/web/sites/database_edit.php
@@ -56,17 +56,11 @@
// we will check only users, not admins
if($_SESSION["s"]["user"]["typ"] == 'user') {
-
- // Get the limits of the client
- $client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT limit_database FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // Check if the user may add another database.
- if($client["limit_database"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_database"]) {
- $app->error($app->tform->wordbook["limit_database_txt"]);
- }
+ if(!$app->tform->checkClientLimit('limit_database')) {
+ $app->error($app->tform->wordbook["limit_database_txt"]);
+ }
+ if(!$app->tform->checkResellerLimit('limit_database')) {
+ $app->error('Reseller: '.$app->tform->wordbook["limit_database_txt"]);
}
}
@@ -91,20 +85,22 @@
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT client_id, default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
+ $client = $app->db->queryOneRecord("SELECT client.client_id, limit_web_domain, default_webserver, contact_name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+
// Set the webserver to the default server of the client
- $tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = $client[default_dbserver]");
- $app->tpl->setVar("server_id","<option value='$client[default_dbserver]'>$tmp[server_name]</option>");
+ $tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = $client[default_webserver]");
+ $app->tpl->setVar("server_id","<option value='$client[default_webserver]'>$tmp[server_name]</option>");
unset($tmp);
-
+
// Fill the client select field
- $sql = "SELECT groupid, name FROM sys_group, client WHERE sys_group.client_id = client.parent_client_id AND client.parent_client_id = ".$client['client_id'];
+ $sql = "SELECT groupid, name FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY name";
$clients = $app->db->queryAllRecords($sql);
- $client_select = '';
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
+ $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contact_name'].'</option>';
+ //$tmp_data_record = $app->tform->getDataRecord($this->id);
if(is_array($clients)) {
foreach( $clients as $client) {
- $selected = @($client["groupid"] == $this->dataRecord["sys_groupid"])?'SELECTED':'';
+ $selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
$client_select .= "<option value='$client[groupid]' $selected>$client[name]</option>\r\n";
}
}
@@ -136,12 +132,13 @@
unset($ips);
// Fill the client select field
- $sql = "SELECT groupid, name FROM sys_group WHERE client_id > 0";
+ $sql = "SELECT groupid, name FROM sys_group WHERE client_id > 0 ORDER BY name";
$clients = $app->db->queryAllRecords($sql);
$client_select = "<option value='0'></option>";
+ //$tmp_data_record = $app->tform->getDataRecord($this->id);
if(is_array($clients)) {
foreach( $clients as $client) {
- $selected = @($client["groupid"] == $this->dataRecord["sys_groupid"])?'SELECTED':'';
+ $selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
$client_select .= "<option value='$client[groupid]' $selected>$client[name]</option>\r\n";
}
}
@@ -172,6 +169,15 @@
} else {
$app->tpl->setVar("database_name_prefix", $dbname_prefix);
$app->tpl->setVar("database_user_prefix", $dbuser_prefix);
+ }
+
+ if($this->id > 0) {
+ //* we are editing a existing record
+ $app->tpl->setVar("edit_disabled", 1);
+ $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]);
+ $app->tpl->setVar("database_charset_value", $this->dataRecord["database_charset"]);
+ } else {
+ $app->tpl->setVar("edit_disabled", 0);
}
parent::onShowEnd();
@@ -239,8 +245,8 @@
}
//* Database username and database name shall not be empty
- if($this->dataRecord['database_name'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_name_error_empty"];
- if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"];
+ if($this->dataRecord['database_name'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_name_error_empty"].'<br />';
+ if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'<br />';
//* Check if the server has been changed
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
@@ -252,14 +258,32 @@
}
}
unset($old_record);
-
+
+ if(strlen($dbname_prefix . $this->dataRecord['database_name']) > 64) $app->tform->errorMessage .= str_replace('{db}',$dbname_prefix . $this->dataRecord['database_name'],$app->tform->wordbook["database_name_error_len"]).'<br />';
+ if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}',$dbuser_prefix . $this->dataRecord['database_user'],$app->tform->wordbook["database_user_error_len"]).'<br />';
+
+ //* Check database name and user against blacklist
+ $dbname_blacklist = array($conf['db_database'],'mysql');
+ if(in_array($dbname_prefix . $this->dataRecord['database_name'],$dbname_blacklist)) {
+ $app->tform->errorMessage .= $app->lng('Database name not allowed.').'<br />';
+ }
+
+ $dbuser_blacklist = array($conf['db_user'],'mysql','root');
+ if(in_array($dbname_prefix . $this->dataRecord['database_user'],$dbname_blacklist)) {
+ $app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';
+ }
+
if ($app->tform->errorMessage == ''){
/* restrict the names if there is no error */
/* crop user and db names if they are too long -> mysql: user: 16 chars / db: 64 chars */
$this->dataRecord['database_name'] = substr($dbname_prefix . $this->dataRecord['database_name'], 0, 64);
$this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
}
-
+
+ //* Check for duplicates
+ $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$this->dataRecord['database_name']."' AND server_id = '".$this->dataRecord["server_id"]."' AND database_id != '".$this->id."'");
+ if($tmp['dbnum'] > 0) $app->tform->errorMessage .= $app->lng('database_name_error_unique').'<br />';
+
parent::onBeforeUpdate();
}
@@ -267,19 +291,39 @@
global $app, $conf, $interfaceConf;
//* Database username and database name shall not be empty
- if($this->dataRecord['database_name'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_name_error_empty"];
- if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"];
+ if($this->dataRecord['database_name'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_name_error_empty"].'<br />';
+ if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'<br />';
//* Get the database name and database user prefix
$app->uses('getconf');
$global_config = $app->getconf->get_global_config('sites');
$dbname_prefix = replacePrefix($global_config['dbname_prefix'], $this->dataRecord);
$dbuser_prefix = replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
+
+ if(strlen($dbname_prefix . $this->dataRecord['database_name']) > 64) $app->tform->errorMessage .= str_replace('{db}',$dbname_prefix . $this->dataRecord['database_name'],$app->tform->wordbook["database_name_error_len"]).'<br />';
+ if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}',$dbuser_prefix . $this->dataRecord['database_user'],$app->tform->wordbook["database_user_error_len"]).'<br />';
+
+ //* Check database name and user against blacklist
+ $dbname_blacklist = array($conf['db_database'],'mysql');
+ if(in_array($dbname_prefix . $this->dataRecord['database_name'],$dbname_blacklist)) {
+ $app->tform->errorMessage .= $app->lng('Database name not allowed.').'<br />';
+ }
+
+ $dbuser_blacklist = array($conf['db_user'],'mysql','root');
+ if(in_array($dbname_prefix . $this->dataRecord['database_user'],$dbname_blacklist)) {
+ $app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';
+ }
/* restrict the names */
/* crop user and db names if they are too long -> mysql: user: 16 chars / db: 64 chars */
- $this->dataRecord['database_name'] = substr($dbname_prefix . $this->dataRecord['database_name'], 0, 64);
- $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
+ if ($app->tform->errorMessage == ''){
+ $this->dataRecord['database_name'] = substr($dbname_prefix . $this->dataRecord['database_name'], 0, 64);
+ $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
+ }
+
+ //* Check for duplicates
+ $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$this->dataRecord['database_name']."' AND server_id = '".$this->dataRecord["server_id"]."'");
+ if($tmp['dbnum'] > 0) $app->tform->errorMessage .= $app->tform->lng('database_name_error_unique').'<br />';
parent::onBeforeInsert();
}
--
Gitblit v1.9.1