From 2a189307eb0a6693a8d64b62e3845ca87c58d1eb Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Fri, 18 May 2012 08:34:18 -0400
Subject: [PATCH] - Added "Repeat Password" field to all forms where a password has to be set.
---
server/plugins-available/mysql_clientdb_plugin.inc.php | 235 +++++++++++++++++++++++++++++++++++-----------------------
1 files changed, 142 insertions(+), 93 deletions(-)
diff --git a/server/plugins-available/mysql_clientdb_plugin.inc.php b/server/plugins-available/mysql_clientdb_plugin.inc.php
index 602fae4..59a6cf4 100644
--- a/server/plugins-available/mysql_clientdb_plugin.inc.php
+++ b/server/plugins-available/mysql_clientdb_plugin.inc.php
@@ -66,149 +66,197 @@
}
+ function process_host_list($action, $database_name, $database_user, $database_password, $host_list, $link, $database_rename_user = '') {
+ global $app;
+
+ $action = strtoupper($action);
+
+ // set to all hosts if none given
+ if(trim($host_list) == '') $host_list = '%';
+
+ // process arrays and comma separated strings
+ if(!is_array($host_list)) $host_list = explode(',', $host_list);
+
+ $success = true;
+
+ // loop through hostlist
+ foreach($host_list as $db_host) {
+ $db_host = trim($db_host);
+
+ // check if entry is valid ip address
+ $valid = true;
+ if($db_host == '%') {
+ $valid = true;
+ } elseif(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $db_host)) {
+ $groups = explode('.', $db_host);
+ foreach($groups as $group){
+ if($group<0 OR $group>255)
+ $valid=false;
+ }
+ } else {
+ $valid = false;
+ }
+
+ if($valid == false) continue;
+
+ if($action == 'GRANT') {
+ if(!$link->query("GRANT ALL ON ".$link->escape_string($database_name).".* TO '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."';")) $success = false;
+ } elseif($action == 'REVOKE') {
+ //mysql_query("REVOKE ALL PRIVILEGES ON ".mysql_real_escape_string($database_name,$link).".* FROM '".mysql_real_escape_string($database_user,$link)."';",$link);
+ } elseif($action == 'DROP') {
+ if(!$link->query("DROP USER '".$link->escape_string($database_user)."'@'$db_host';")) $success = false;
+ } elseif($action == 'RENAME') {
+ if(!$link->query("RENAME USER '".$link->escape_string($database_user)."'@'$db_host' TO '".$link->escape_string($database_rename_user)."'@'$db_host'")) $success = false;
+ } elseif($action == 'PASSWORD') {
+ if(!$link->query("SET PASSWORD FOR '".$link->escape_string($database_user)."'@'$db_host' = '".$link->escape_string($database_password)."';")) $success = false;
+ }
+ }
+
+ return $success;
+ }
function db_insert($event_name,$data) {
global $app, $conf;
- if($data["new"]["type"] == 'mysql') {
+ if($data['new']['type'] == 'mysql') {
if(!include(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
$app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf',LOGLEVEL_ERROR);
return;
}
+
+ if($data['new']['database_user'] == 'root') {
+ $app->log('User root not allowed for Client databases',LOGLEVEL_WARNING);
+ return;
+ }
//* Connect to the database
- $link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
- if (!$link) {
- $app->log('Unable to connect to the database'.mysql_error($link),LOGLEVEL_ERROR);
+ $link = new mysqli($clientdb_host, $clientdb_user, $clientdb_password);
+ if ($link->connect_error) {
+ $app->log('Unable to connect to mysql'.$link->connect_error,LOGLEVEL_ERROR);
return;
}
// Charset for the new table
- if($data["new"]["database_charset"] != '') {
- $query_charset_table = ' DEFAULT CHARACTER SET '.$data["new"]["database_charset"];
+ if($data['new']['database_charset'] != '') {
+ $query_charset_table = ' DEFAULT CHARACTER SET '.$data['new']['database_charset'];
} else {
$query_charset_table = '';
}
//* Create the new database
- if (mysql_query('CREATE DATABASE '.mysql_real_escape_string($data["new"]["database_name"]).$query_charset_table,$link)) {
- $app->log('Created MySQL database: '.$data["new"]["database_name"],LOGLEVEL_DEBUG);
+ if ($link->query('CREATE DATABASE '.$link->escape_string($data['new']['database_name']).$query_charset_table)) {
+ $app->log('Created MySQL database: '.$data['new']['database_name'],LOGLEVEL_DEBUG);
} else {
- $app->log('Unable to connect to the database'.mysql_error($link),LOGLEVEL_ERROR);
+ $app->log('Unable to create the database: '.$link->error,LOGLEVEL_WARNING);
}
// Create the database user if database is active
- if($data["new"]["active"] == 'y') {
+ if($data['new']['active'] == 'y') {
- if($data["new"]["remote_access"] == 'y') {
- $db_host = '%';
- mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
- $db_host = 'localhost';
- mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
- } else {
- $db_host = 'localhost';
- mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
+ if($data['new']['remote_access'] == 'y') {
+ $this->process_host_list('GRANT', $data['new']['database_name'], $data['new']['database_user'], $data['new']['database_password'], $data['new']['remote_ips'], $link);
}
+
+ $db_host = 'localhost';
+ $link->query("GRANT ALL ON `".str_replace(array('_','%'),array('\\_','\\%'),$link->escape_string($data['new']['database_name']))."`.* TO '".$link->escape_string($data['new']['database_user'])."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($data['new']['database_password'])."';");
+
}
- mysql_query("FLUSH PRIVILEGES;",$link);
- mysql_close($link);
+ $link->query('FLUSH PRIVILEGES;');
+ $link->close();
}
}
function db_update($event_name,$data) {
global $app, $conf;
- if($data["new"]["type"] == 'mysql') {
+ if($data['new']['type'] == 'mysql') {
if(!include(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
$app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf',LOGLEVEL_ERROR);
return;
}
+ if($data['new']['database_user'] == 'root') {
+ $app->log('User root not allowed for Client databases',LOGLEVEL_WARNING);
+ return;
+ }
+
//* Connect to the database
- $link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
- if (!$link) {
- $app->log('Unable to connect to the database'.mysql_error($link),LOGLEVEL_ERROR);
+ $link = new mysqli($clientdb_host, $clientdb_user, $clientdb_password);
+ if ($link->connect_error) {
+ $app->log('Unable to connect to the database: '.$link->connect_error,LOGLEVEL_ERROR);
return;
}
// Create the database user if database was disabled before
- if($data["new"]["active"] == 'y' && $data["old"]["active"] == 'n') {
+ if($data['new']['active'] == 'y' && $data['old']['active'] == 'n') {
- if($data["new"]["remote_access"] == 'y') {
- $db_host = '%';
- mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
- $db_host = 'localhost';
- mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
- } else {
- $db_host = 'localhost';
- mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
+ if($data['new']['remote_access'] == 'y') {
+ $this->process_host_list('GRANT', $data['new']['database_name'], $data['new']['database_user'], $data['new']['database_password'], $data['new']['remote_ips'], $link);
}
+
+ $db_host = 'localhost';
+ $link->query("GRANT ALL ON `".str_replace(array('_','%'),array('\\_','\\%'),$link->escape_string($data['new']['database_name']))."`.* TO '".$link->escape_string($data['new']['database_user'])."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($data['new']['database_password'])."';");
// mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
//echo "GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"]).".* TO '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"])."';";
}
// Remove database user, if inactive
- if($data["new"]["active"] == 'n' && $data["old"]["active"] == 'y') {
+ if($data['new']['active'] == 'n' && $data['old']['active'] == 'y') {
- if($data["old"]["remote_access"] == 'y') {
- $db_host = '%';
- } else {
- $db_host = 'localhost';
+ if($data['old']['remote_access'] == 'y') {
+ $this->process_host_list('DROP', '', $data['old']['database_user'], '', $data['old']['remote_ips'], $link);
}
- mysql_query("REVOKE ALL PRIVILEGES ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* FROM '".mysql_real_escape_string($data["new"]["database_user"],$link)."';",$link);
+ $db_host = 'localhost';
+ $link->query("DROP USER '".$link->escape_string($data['old']['database_user'])."'@'$db_host';");
+ //mysql_query("REVOKE ALL PRIVILEGES ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* FROM '".mysql_real_escape_string($data["new"]["database_user"],$link)."';",$link);
}
//* Rename User
- if($data["new"]["database_user"] != $data["old"]["database_user"]) {
- mysql_query("RENAME USER '".mysql_real_escape_string($data["old"]["database_user"],$link)."' TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'",$link);
- $app->log('Renaming mysql user: '.$data["old"]["database_user"].' to '.$data["new"]["database_user"],LOGLEVEL_DEBUG);
+ if($data['new']['database_user'] != $data['old']['database_user']) {
+ $db_host = 'localhost';
+ $link->query("RENAME USER '".$link->escape_string($data['old']['database_user'])."'@'$db_host' TO '".$link->escape_string($data['new']['database_user'])."'@'$db_host'");
+ if($data['old']['remote_access'] == 'y') {
+ $this->process_host_list('RENAME', '', $data['old']['database_user'], '', $data['new']['remote_ips'], $link, $data['new']['database_user']);
+ }
+ $app->log('Renaming MySQL user: '.$data['old']['database_user'].' to '.$data['new']['database_user'],LOGLEVEL_DEBUG);
}
//* Remote access option has changed.
- if($data["new"]["remote_access"] != $data["old"]["remote_access"]) {
+ if($data['new']['remote_access'] != $data['old']['remote_access']) {
//* revoke old priveliges
- mysql_query("REVOKE ALL PRIVILEGES ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* FROM '".mysql_real_escape_string($data["new"]["database_user"],$link)."';",$link);
+ //mysql_query("REVOKE ALL PRIVILEGES ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* FROM '".mysql_real_escape_string($data["new"]["database_user"],$link)."';",$link);
//* set new priveliges
- if($data["new"]["remote_access"] == 'y') {
- $db_host = '%';
- mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
- $db_host = 'localhost';
- mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
+ if($data['new']['remote_access'] == 'y') {
+ $this->process_host_list('GRANT', $data['new']['database_name'], $data['new']['database_user'], $data['new']['database_password'], $data['new']['remote_ips'], $link);
} else {
- $db_host = 'localhost';
- mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
+ $this->process_host_list('DROP', '', $data['old']['database_user'], '', $data['old']['remote_ips'], $link);
}
- $app->log('Changing mysql remote access priveliges for database: '.$data["new"]["database_name"],LOGLEVEL_DEBUG);
- }
-
- //* Get the db host setting for the access priveliges
- if($data["new"]["remote_access"] == 'y') {
- $db_host = '%';
- } else {
- $db_host = 'localhost';
- }
-
- /*
- //* Rename database
- if($data["new"]["database_name"] != $data["old"]["database_name"]) {
- mysql_query("",$link);
- }
- */
-
+ $app->log('Changing MySQL remote access privileges for database: '.$data['new']['database_name'],LOGLEVEL_DEBUG);
+ } elseif($data['new']['remote_access'] == 'y' && $data['new']['remote_ips'] != $data['old']['remote_ips']) {
+ //* Change remote access list
+ $this->process_host_list('DROP', '', $data['old']['database_user'], '', $data['old']['remote_ips'], $link);
+ $this->process_host_list('GRANT', $data['new']['database_name'], $data['new']['database_user'], $data['new']['database_password'], $data['new']['remote_ips'], $link);
+ }
+
//* Change password
- if($data["new"]["database_password"] != $data["old"]["database_password"]) {
- mysql_query("SET PASSWORD FOR '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' = PASSWORD('".mysql_real_escape_string($data["new"]["database_password"],$link)."');",$link);
- $app->log('Changing mysql user password for: '.$data["new"]["database_user"],LOGLEVEL_DEBUG);
+ if($data['new']['database_password'] != $data['old']['database_password']) {
+ $db_host = 'localhost';
+ $link->query("SET PASSWORD FOR '".$link->escape_string($data['new']['database_user'])."'@'$db_host' = '".$link->escape_string($data['new']['database_password'])."';");
+
+ if($data['new']['remote_access'] == 'y') {
+ $this->process_host_list('PASSWORD', '', $data['new']['database_user'], $data['new']['database_password'], $data['new']['remote_ips'],$link);
+ }
+ $app->log('Changing MySQL user password for: '.$data['new']['database_user'],LOGLEVEL_DEBUG);
}
- mysql_query("FLUSH PRIVILEGES;",$link);
- mysql_close($link);
+ $link->query('FLUSH PRIVILEGES;');
+ $link->close();
}
}
@@ -216,41 +264,42 @@
function db_delete($event_name,$data) {
global $app, $conf;
- if($data["old"]["type"] == 'mysql') {
+ if($data['old']['type'] == 'mysql') {
if(!include(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
$app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf',LOGLEVEL_ERROR);
return;
}
//* Connect to the database
- $link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
- if (!$link) {
- $app->log('Unable to connect to the database'.mysql_error($link),LOGLEVEL_ERROR);
+ $link = new mysqli($clientdb_host, $clientdb_user, $clientdb_password);
+ if ($link->connect_error) {
+ $app->log('Unable to connect to mysql: '.$link->connect_error,LOGLEVEL_ERROR);
return;
}
//* Get the db host setting for the access priveliges
- if($data["old"]["remote_access"] == 'y') {
- $db_host = '%';
+ if($data['old']['remote_access'] == 'y') {
+ if($this->process_host_list('DROP', '', $data['old']['database_user'], '', $data['old']['remote_ips'], $link)) {
+ $app->log('Dropping MySQL user: '.$data['old']['database_user'],LOGLEVEL_DEBUG);
+ } else {
+ $app->log('Error while dropping MySQL user: '.$data['old']['database_user'].' '.$link->error,LOGLEVEL_WARNING);
+ }
+ }
+ $db_host = 'localhost';
+ if($link->query("DROP USER '".$link->escape_string($data['old']['database_user'])."'@'$db_host';")) {
+ $app->log('Dropping MySQL user: '.$data['old']['database_user'],LOGLEVEL_DEBUG);
} else {
- $db_host = 'localhost';
+ $app->log('Error while dropping MySQL user: '.$data['old']['database_user'].' '.$link->error,LOGLEVEL_WARNING);
}
- if(mysql_query("DROP USER '".mysql_real_escape_string($data["old"]["database_user"],$link)."'@'$db_host';",$link)) {
- $app->log('Dropping mysql user: '.$data["old"]["database_user"],LOGLEVEL_DEBUG);
+ if($link->query('DROP DATABASE '.$link->escape_string($data['old']['database_name']))) {
+ $app->log('Dropping MySQL database: '.$data['old']['database_name'],LOGLEVEL_DEBUG);
} else {
- $app->log('Error while dropping mysql user: '.$data["old"]["database_user"].' '.mysql_error($link),LOGLEVEL_ERROR);
+ $app->log('Error while dropping MySQL database: '.$data['old']['database_name'].' '.$link->error,LOGLEVEL_WARNING);
}
- if(mysql_query('DROP DATABASE '.mysql_real_escape_string($data["old"]["database_name"],$link),$link)) {
- $app->log('Dropping mysql database: '.$data["old"]["database_name"],LOGLEVEL_DEBUG);
- } else {
- $app->log('Error while dropping mysql database: '.$data["old"]["database_name"].' '.mysql_error($link),LOGLEVEL_ERROR);
- }
-
-
- mysql_query("FLUSH PRIVILEGES;",$link);
- mysql_close($link);
+ $link->query('FLUSH PRIVILEGES;');
+ $link->close();
}
@@ -261,4 +310,4 @@
} // end class
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1