From 3fc28c0142bf8ab4e2cfae44931e2a51aadc4d51 Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Mon, 25 Feb 2013 13:51:37 -0500
Subject: [PATCH] - Added: remoting queries with a lot of results (e.g. email addresses or alias domains or dns rr) lead to non-functioning soap requests   - added '#OFFSET#' AND '#LIMIT#' handling to the query   - added automatic 'WHERE 1' if an empty array was given as query   example: $result = $api->sites_web_domain_get('type' => 'vhost', '#OFFSET#' => 25, '#LIMIT#' => 50); to get the websites 26 to 75

---
 interface/web/sites/database_user_edit.php |   62 ++++++++++++++++++++-----------
 1 files changed, 40 insertions(+), 22 deletions(-)

diff --git a/interface/web/sites/database_user_edit.php b/interface/web/sites/database_user_edit.php
index 65bf255..50975a7 100644
--- a/interface/web/sites/database_user_edit.php
+++ b/interface/web/sites/database_user_edit.php
@@ -40,7 +40,6 @@
 
 require_once('../../lib/config.inc.php');
 require_once('../../lib/app.inc.php');
-require_once('tools.inc.php');
 
 //* Check permissions for module
 $app->auth->check_module_permissions('sites');
@@ -60,20 +59,20 @@
 		 */
 		
 		//* Get the database user prefix
-		$app->uses('getconf');
+		$app->uses('getconf,tools_sites');
 		$global_config = $app->getconf->get_global_config('sites');
-		$dbuser_prefix = replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
+		$dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
 		
         if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
 			// Get the limits of the client
 			$client_group_id = $_SESSION["s"]["user"]["default_group"];
-			$client = $app->db->queryOneRecord("SELECT client.contactname, client.name, client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+			$client = $app->db->queryOneRecord("SELECT client.company_name, client.contact_name, client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
             
             // Fill the client select field
             $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(client.company_name,' :: ',client.contact_name) as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY sys_group.name";
             $records = $app->db->queryAllRecords($sql);
             $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
-            $client_select = '<option value="'.$tmp['groupid'].'">'.$client['name'].' :: '.$client['contactname'].'</option>';
+            $client_select = '<option value="'.$tmp['groupid'].'">'.$client['company_name'].' :: '.$client['contact_name'].'</option>';
             //$tmp_data_record = $app->tform->getDataRecord($this->id);
             if(is_array($records)) {
                 foreach( $records as $rec) {
@@ -101,14 +100,11 @@
         
 		if ($this->dataRecord['database_user'] != ""){
 			/* REMOVE the restriction */
-			$app->tpl->setVar("database_user", str_replace($dbuser_prefix , '', $this->dataRecord['database_user']));
+			$app->tpl->setVar("database_user", $app->tools_sites->removePrefix($this->dataRecord['database_user'], $this->dataRecord['database_user_prefix'], $dbuser_prefix));
 		}
 		
-		if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
-			$app->tpl->setVar("database_user_prefix", $global_config['dbuser_prefix']);
-		} else {
-			$app->tpl->setVar("database_user_prefix", $dbuser_prefix);
-		}
+    
+		$app->tpl->setVar("database_user_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_user_prefix'], $dbuser_prefix, $global_config['dbuser_prefix']));
 		
 		parent::onShowEnd();
 	}
@@ -125,10 +121,15 @@
 		global $app, $conf, $interfaceConf;
 
 		//* Get the database user prefix
-		$app->uses('getconf');
+		$app->uses('getconf,tools_sites');
 		$global_config = $app->getconf->get_global_config('sites');
-		$dbuser_prefix = replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
+		$dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
 
+        $this->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM web_database_user WHERE database_user_id = '".$this->id."'");
+        
+        $dbuser_prefix = $app->tools_sites->getPrefix($this->oldDataRecord['database_user_prefix'], $dbuser_prefix);
+        $this->dataRecord['database_user_prefix'] = $dbuser_prefix;
+        
 		//* Database username shall not be empty
 		if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'<br />';
 
@@ -136,7 +137,7 @@
 		
 		//* Check database user against blacklist
 		$dbuser_blacklist = array($conf['db_user'],'mysql','root');
-		if(in_array($dbname_prefix . $this->dataRecord['database_user'],$dbname_blacklist)) {
+		if(in_array($dbuser_prefix . $this->dataRecord['database_user'],$dbuser_blacklist)) {
 			$app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';
 		}
 		
@@ -146,6 +147,8 @@
 			$this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
 		}
 		
+        $this->dataRecord['server_id'] = $conf['server_id'];
+        
 		parent::onBeforeUpdate();
 	}
 
@@ -156,15 +159,17 @@
 		if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'<br />';
 
 		//* Get the database name and database user prefix
-		$app->uses('getconf');
+		$app->uses('getconf,tools_sites');
 		$global_config = $app->getconf->get_global_config('sites');
-		$dbuser_prefix = replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
+		$dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
 		
+        $this->dataRecord['database_user_prefix'] = $dbuser_prefix;
+        
 		if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}',$dbuser_prefix . $this->dataRecord['database_user'],$app->tform->wordbook["database_user_error_len"]).'<br />';
 		
 		//* Check database user against blacklist
 		$dbuser_blacklist = array($conf['db_user'],'mysql','root');
-		if(in_array($dbname_prefix . $this->dataRecord['database_user'],$dbname_blacklist)) {
+		if(is_array($dbuser_blacklist) && in_array($dbuser_prefix . $this->dataRecord['database_user'],$dbuser_blacklist)) {
 			$app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';
 		}
 
@@ -174,6 +179,8 @@
 			$this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
 		}
 		
+        $this->dataRecord['server_id'] = $conf['server_id'];
+        
 		parent::onBeforeInsert();
 	}
 
@@ -181,11 +188,11 @@
 		global $app, $conf;
 		
 		if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
-			$client_group_id = intval($this->dataRecord["client_group_id"]);
+			$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
 			$app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);
 		}
 		if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
-			$client_group_id = intval($this->dataRecord["client_group_id"]);
+			$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
 			$app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);
 		}
 	}
@@ -194,14 +201,25 @@
 		global $app, $conf;
 
 		if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
-			$client_group_id = intval($this->dataRecord["client_group_id"]);
+			$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
 			$app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);
 		}
 		if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
-			$client_group_id = intval($this->dataRecord["client_group_id"]);
+			$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
 			$app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);
 		}
-
+		
+		$password = $app->db->queryOneRecord("SELECT database_password FROM web_database_user WHERE database_user_id = ".$this->id);
+        
+        $records = $app->db->queryAllRecords("SELECT DISTINCT server_id FROM web_database WHERE database_user_id = '".$app->functions->intval($this->id)."' UNION SELECT DISTINCT server_id FROM web_database WHERE database_ro_user_id = '".$app->functions->intval($this->id)."'");
+        foreach($records as $rec) {
+            $new_rec = $this->dataRecord;
+            $new_rec['server_id'] = $rec['server_id'];
+			// Make sure to store the password in encrypted form in sys_datalog
+			$new_rec['database_password'] = $password['database_password'];
+            $app->db->datalogSave('web_database_user', 'UPDATE', 'database_user_id', $this->id, $this->oldDataRecord, $new_rec);
+        }
+        unset($new_rec);
 	}
 
 }

--
Gitblit v1.9.1