From 2696e12bd643eaca85b9780b1c7d8ec1377df0fb Mon Sep 17 00:00:00 2001
From: latham <latham@ispconfig3>
Date: Fri, 04 Nov 2011 09:57:16 -0400
Subject: [PATCH] This will sort the modules by alpha before the dashboard is pushed to the front.  This patch keeps the menu tabs stable instead of different on each user. Logging in as an admin, reseller, and user would show the tabs in different order each time do to user creation.

---
 interface/web/sites/database_edit.php |  140 +++++++++++++++++++++++++++++-----------------
 1 files changed, 88 insertions(+), 52 deletions(-)

diff --git a/interface/web/sites/database_edit.php b/interface/web/sites/database_edit.php
index 5ed2dc8..e066943 100644
--- a/interface/web/sites/database_edit.php
+++ b/interface/web/sites/database_edit.php
@@ -56,17 +56,11 @@
 
 		// we will check only users, not admins
 		if($_SESSION["s"]["user"]["typ"] == 'user') {
-
-			// Get the limits of the client
-			$client_group_id = $_SESSION["s"]["user"]["default_group"];
-			$client = $app->db->queryOneRecord("SELECT limit_database FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
-			// Check if the user may add another database.
-			if($client["limit_database"] >= 0) {
-				$tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE sys_groupid = $client_group_id");
-				if($tmp["number"] >= $client["limit_database"]) {
-					$app->error($app->tform->wordbook["limit_database_txt"]);
-				}
+			if(!$app->tform->checkClientLimit('limit_database')) {
+				$app->error($app->tform->wordbook["limit_database_txt"]);
+			}
+			if(!$app->tform->checkResellerLimit('limit_database')) {
+				$app->error('Reseller: '.$app->tform->wordbook["limit_database_txt"]);
 			}
 		}
 
@@ -91,20 +85,22 @@
 
 			// Get the limits of the client
 			$client_group_id = $_SESSION["s"]["user"]["default_group"];
-			$client = $app->db->queryOneRecord("SELECT client_id, default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
+			$client = $app->db->queryOneRecord("SELECT client.client_id, limit_web_domain, default_webserver, contact_name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+			
 			// Set the webserver to the default server of the client
-			$tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = $client[default_dbserver]");
-			$app->tpl->setVar("server_id","<option value='$client[default_dbserver]'>$tmp[server_name]</option>");
+			$tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = $client[default_webserver]");
+			$app->tpl->setVar("server_id","<option value='$client[default_webserver]'>$tmp[server_name]</option>");
 			unset($tmp);
-
+			
 			// Fill the client select field
-			$sql = "SELECT groupid, name FROM sys_group, client WHERE sys_group.client_id = client.parent_client_id AND client.parent_client_id = ".$client['client_id'];
+			$sql = "SELECT groupid, name FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY name";
 			$clients = $app->db->queryAllRecords($sql);
-			$client_select = '';
+			$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
+			$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contact_name'].'</option>';
+			//$tmp_data_record = $app->tform->getDataRecord($this->id);
 			if(is_array($clients)) {
 				foreach( $clients as $client) {
-					$selected = @($client["groupid"] == $this->dataRecord["sys_groupid"])?'SELECTED':'';
+					$selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
 					$client_select .= "<option value='$client[groupid]' $selected>$client[name]</option>\r\n";
 				}
 			}
@@ -136,12 +132,13 @@
 			unset($ips);
 
 			// Fill the client select field
-			$sql = "SELECT groupid, name FROM sys_group WHERE client_id > 0";
+			$sql = "SELECT groupid, name FROM sys_group WHERE client_id > 0 ORDER BY name";
 			$clients = $app->db->queryAllRecords($sql);
 			$client_select = "<option value='0'></option>";
+			//$tmp_data_record = $app->tform->getDataRecord($this->id);
 			if(is_array($clients)) {
 				foreach( $clients as $client) {
-					$selected = @($client["groupid"] == $this->dataRecord["sys_groupid"])?'SELECTED':'';
+					$selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
 					$client_select .= "<option value='$client[groupid]' $selected>$client[name]</option>\r\n";
 				}
 			}
@@ -157,8 +154,8 @@
 		//* Get the database name and database user prefix
 		$app->uses('getconf');
 		$global_config = $app->getconf->get_global_config('sites');
-		$dbname_prefix = ($global_config['dbname_prefix'] == '')?'':str_replace('[CLIENTNAME]', $this->getClientName(), $global_config['dbname_prefix']);
-		$dbuser_prefix = ($global_config['dbuser_prefix'] == '')?'':str_replace('[CLIENTNAME]', $this->getClientName(), $global_config['dbuser_prefix']);
+		$dbname_prefix = replacePrefix($global_config['dbname_prefix'], $this->dataRecord);
+		$dbuser_prefix = replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
 		
 		if ($this->dataRecord['database_name'] != ""){
 			/* REMOVE the restriction */
@@ -172,6 +169,15 @@
 		} else {
 			$app->tpl->setVar("database_name_prefix", $dbname_prefix);
 			$app->tpl->setVar("database_user_prefix", $dbuser_prefix);
+		}
+		
+		if($this->id > 0) {
+			//* we are editing a existing record
+			$app->tpl->setVar("edit_disabled", 1);
+			$app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]);
+			$app->tpl->setVar("database_charset_value", $this->dataRecord["database_charset"]);
+		} else {
+			$app->tpl->setVar("edit_disabled", 0);
 		}
 
 		parent::onShowEnd();
@@ -226,17 +232,21 @@
 		//* Get the database name and database user prefix
 		$app->uses('getconf');
 		$global_config = $app->getconf->get_global_config('sites');
-		$dbname_prefix = ($global_config['dbname_prefix'] == '')?'':str_replace('[CLIENTNAME]', $this->getClientName(), $global_config['dbname_prefix']);
-		$dbuser_prefix = ($global_config['dbuser_prefix'] == '')?'':str_replace('[CLIENTNAME]', $this->getClientName(), $global_config['dbuser_prefix']);
+		$dbname_prefix = replacePrefix($global_config['dbname_prefix'], $this->dataRecord);
+		$dbuser_prefix = replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
 
 		//* Prevent that the database name and charset is changed
 		$old_record = $app->tform->getDataRecord($this->id);
-		if($old_record["database_name"] != $restriction . $this->dataRecord["database_name"]) {
+		if($old_record["database_name"] != $dbname_prefix . $this->dataRecord["database_name"]) {
 			$app->tform->errorMessage .= $app->tform->wordbook["database_name_change_txt"].'<br />';
 		}
 		if($old_record["database_charset"] != $this->dataRecord["database_charset"]) {
 			$app->tform->errorMessage .= $app->tform->wordbook["database_charset_change_txt"].'<br />';
 		}
+		
+		//* Database username and database name shall not be empty
+		if($this->dataRecord['database_name'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_name_error_empty"].'<br />';
+		if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'<br />';
 
 		//* Check if the server has been changed
 		// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
@@ -248,28 +258,72 @@
 			}
 		}
 		unset($old_record);
-
+		
+		if(strlen($dbname_prefix . $this->dataRecord['database_name']) > 64) $app->tform->errorMessage .= str_replace('{db}',$dbname_prefix . $this->dataRecord['database_name'],$app->tform->wordbook["database_name_error_len"]).'<br />';
+		if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}',$dbuser_prefix . $this->dataRecord['database_user'],$app->tform->wordbook["database_user_error_len"]).'<br />';
+		
+		//* Check database name and user against blacklist
+		$dbname_blacklist = array($conf['db_database'],'mysql');
+		if(in_array($dbname_prefix . $this->dataRecord['database_name'],$dbname_blacklist)) {
+			$app->tform->errorMessage .= $app->lng('Database name not allowed.').'<br />';
+		}
+		
+		$dbuser_blacklist = array($conf['db_user'],'mysql','root');
+		if(in_array($dbname_prefix . $this->dataRecord['database_user'],$dbname_blacklist)) {
+			$app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';
+		}
+		
 		if ($app->tform->errorMessage == ''){
 			/* restrict the names if there is no error */
-			$this->dataRecord['database_name'] = $dbname_prefix . $this->dataRecord['database_name'];
-			$this->dataRecord['database_user'] = $dbuser_prefix . $this->dataRecord['database_user'];
+            /* crop user and db names if they are too long -> mysql: user: 16 chars / db: 64 chars */
+			$this->dataRecord['database_name'] = substr($dbname_prefix . $this->dataRecord['database_name'], 0, 64);
+			$this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
 		}
-
+		
+		//* Check for duplicates
+		$tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$this->dataRecord['database_name']."' AND server_id = '".$this->dataRecord["server_id"]."' AND database_id != '".$this->id."'");
+		if($tmp['dbnum'] > 0) $app->tform->errorMessage .= $app->lng('database_name_error_unique').'<br />';
+		
 		parent::onBeforeUpdate();
 	}
 
 	function onBeforeInsert() {
 		global $app, $conf, $interfaceConf;
+		
+		//* Database username and database name shall not be empty
+		if($this->dataRecord['database_name'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_name_error_empty"].'<br />';
+		if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'<br />';
 
 		//* Get the database name and database user prefix
 		$app->uses('getconf');
 		$global_config = $app->getconf->get_global_config('sites');
-		$dbname_prefix = ($global_config['dbname_prefix'] == '')?'':str_replace('[CLIENTNAME]', $this->getClientName(), $global_config['dbname_prefix']);
-		$dbuser_prefix = ($global_config['dbuser_prefix'] == '')?'':str_replace('[CLIENTNAME]', $this->getClientName(), $global_config['dbuser_prefix']);
+		$dbname_prefix = replacePrefix($global_config['dbname_prefix'], $this->dataRecord);
+		$dbuser_prefix = replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
+		
+		if(strlen($dbname_prefix . $this->dataRecord['database_name']) > 64) $app->tform->errorMessage .= str_replace('{db}',$dbname_prefix . $this->dataRecord['database_name'],$app->tform->wordbook["database_name_error_len"]).'<br />';
+		if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}',$dbuser_prefix . $this->dataRecord['database_user'],$app->tform->wordbook["database_user_error_len"]).'<br />';
+		
+		//* Check database name and user against blacklist
+		$dbname_blacklist = array($conf['db_database'],'mysql');
+		if(in_array($dbname_prefix . $this->dataRecord['database_name'],$dbname_blacklist)) {
+			$app->tform->errorMessage .= $app->lng('Database name not allowed.').'<br />';
+		}
+		
+		$dbuser_blacklist = array($conf['db_user'],'mysql','root');
+		if(in_array($dbname_prefix . $this->dataRecord['database_user'],$dbname_blacklist)) {
+			$app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';
+		}
 
 		/* restrict the names */
-		$this->dataRecord['database_name'] = $dbname_prefix . $this->dataRecord['database_name'];
-		$this->dataRecord['database_user'] = $dbuser_prefix . $this->dataRecord['database_user'];
+        /* crop user and db names if they are too long -> mysql: user: 16 chars / db: 64 chars */
+		if ($app->tform->errorMessage == ''){
+			$this->dataRecord['database_name'] = substr($dbname_prefix . $this->dataRecord['database_name'], 0, 64);
+			$this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
+		}
+		
+		//* Check for duplicates
+		$tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$this->dataRecord['database_name']."' AND server_id = '".$this->dataRecord["server_id"]."'");
+		if($tmp['dbnum'] > 0) $app->tform->errorMessage .= $app->tform->lng('database_name_error_unique').'<br />';
 
 		parent::onBeforeInsert();
 	}
@@ -303,24 +357,6 @@
 			$app->db->query("UPDATE web_database SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_id = ".$this->id);
 		}
 
-	}
-	
-	function getClientName() {
-		global $app, $conf;
-	
-		if($_SESSION["s"]["user"]["typ"] != 'admin') {
-			// Get the group-id of the user
-			$client_group_id = $_SESSION["s"]["user"]["default_group"];
-		} else {
-			// Get the group-id from the data itself
-			$client_group_id = $this->dataRecord['client_group_id'];
-		}
-		/* get the name of the client */
-		$tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = " . $client_group_id);
-		$clientName = $tmp['name'];
-		if ($clientName == "") $clientName = 'default';
-		$clientName = convertClientName($clientName);
-	
 	}
 
 }

--
Gitblit v1.9.1