From 5045c7ee88c4dd07586179268799415b176e624c Mon Sep 17 00:00:00 2001
From: moglia <moglia@ispconfig3>
Date: Wed, 12 May 2010 14:41:58 -0400
Subject: [PATCH] Improved database list for turns end user life easy.  If you are admin you need back to client list do consult id. Only admin can view CLIEND_ID for example and limited users can not know your id using easy way. This issue reported by my ispconfig end users. Direct show of end database user name resolve all of  these steps on a single step.

---
 server/lib/classes/db_mysql.inc.php |  192 +++++++++++++++++++++++++++++++++++++++--------
 1 files changed, 158 insertions(+), 34 deletions(-)

diff --git a/server/lib/classes/db_mysql.inc.php b/server/lib/classes/db_mysql.inc.php
index 0270821..229b11e 100644
--- a/server/lib/classes/db_mysql.inc.php
+++ b/server/lib/classes/db_mysql.inc.php
@@ -29,20 +29,19 @@
 
 	class db
 	{
-		var $dbHost = "";		  // hostname of the MySQL server
-		var $dbName = "";		  // logical database name on that server
-		var $dbUser = "";		  // database authorized user
-		var $dbPass = "";		  // user's password
-		var $dbCharset = "";      // what charset comes and goes to mysql: utf8 / latin1
-		var $linkId = 0;		  // last result of mysql_connect()
-		var $queryId = 0;		  // last result of mysql_query()
-		var $record	= array();	  // last record fetched
-        var $autoCommit = 1;      // Autocommit Transactions
-		var $currentRow;		  // current row number
-		var $errorNumber = 0;	  // last error number
-		var $errorMessage = "";	  // last error message
-		var $errorLocation = "";  // last error location
-		var $show_error_messages = false;
+		var $dbHost = "";		// hostname of the MySQL server
+		var $dbName = "";		// logical database name on that server
+		var $dbUser = "";		// database authorized user
+		var $dbPass = "";		// user's password
+		var $linkId = 0;		// last result of mysql_connect()
+		var $queryId = 0;		// last result of mysql_query()
+		var $record	= array();	// last record fetched
+        var $autoCommit = 1;    // Autocommit Transactions
+		var $currentRow;		// current row number
+		var $errorNumber = 0;	// last error number
+		var $errorMessage = "";	// last error message
+		var $errorLocation = "";// last error location
+		var $show_error_messages = true;
 
 		// constructor
 		function db()
@@ -53,20 +52,22 @@
 			$this->dbName = $conf["db_database"];
 			$this->dbUser = $conf["db_user"];
 			$this->dbPass = $conf["db_password"];
-			$this->dbCharset = $conf["db_charset"];
+			$this->dbCharset = $conf['db_charset'];
 			//$this->connect();
 		}
 
 		// error handler
 		function updateError($location)
 		{
-			$this->errorNumber = mysql_errno();
-			$this->errorMessage = mysql_error();
+			global $app;
+			$this->errorNumber = mysql_errno($this->linkId);
+			$this->errorMessage = mysql_error($this->linkId);
 			$this->errorLocation = $location;
-			if($this->errorNumber && $this->show_error_messages)
+			if($this->errorNumber && $this->show_error_messages && method_exists($app,'log'))
 			{
-				echo('<br /><b>'.$this->errorLocation.'</b><br />'.$this->errorMessage);
-				flush();
+				// echo('<br /><b>'.$this->errorLocation.'</b><br />'.$this->errorMessage);
+				$app->log($this->errorLocation." ".$this->errorMessage,LOGLEVEL_WARN);
+				//flush();
 			}
 		}
 
@@ -77,10 +78,11 @@
 				$this->linkId = mysql_connect($this->dbHost, $this->dbUser, $this->dbPass);
 				if(!$this->linkId)
 				{
-					$this->updateError('DB::connect()<br />mysql_connect');
+					$this->updateError('DB::connect()-> mysql_connect');
 					return false;
 				}
-    			$this->queryId = @mysql_query('SET NAMES '.$this->dbCharset, $this->linkId);
+				$this->queryId = @mysql_query('SET NAMES '.$this->dbCharset, $this->linkId);
+				$this->queryId = @mysql_query("SET character_set_results = '".$this->dbCharset."', character_set_client = '".$this->dbCharset."', character_set_connection = '".$this->dbCharset."', character_set_database = '".$this->dbCharset."', character_set_server = '".$this->dbCharset."'", $this->linkId);
 			}
 			return true;
 		}
@@ -93,11 +95,11 @@
 			}
 			if(!mysql_select_db($this->dbName, $this->linkId))
 			{
-				$this->updateError('DB::connect()<br />mysql_select_db');
+				$this->updateError('DB::connect()-> mysql_select_db');
 				return false;
 			}
 			$this->queryId = @mysql_query($queryString, $this->linkId);
-			$this->updateError('DB::query('.$queryString.')<br />mysql_query');
+			$this->updateError('DB::query('.$queryString.') -> mysql_query');
 			if(!$this->queryId)
 			{
 				return false;
@@ -135,7 +137,7 @@
 		function nextRecord()
 		{
             $this->record = mysql_fetch_assoc($this->queryId);
-			$this->updateError('DB::nextRecord()<br />mysql_fetch_array');
+			$this->updateError('DB::nextRecord()-> mysql_fetch_array');
 			if(!$this->record || !is_array($this->record))
 			{
 				return false;
@@ -171,7 +173,7 @@
 				return addslashes($formfield);
 			}
 			
-			return mysql_real_escape_string($formfield);
+			return mysql_real_escape_string($formfield, $this->linkId);
         }
 		
 		// Check der variablen
@@ -190,7 +192,8 @@
 		return $out;
 		}
        
-       
+       /*
+	   //* These functions are deprecated and will be removed.
        function insert($tablename,$form,$debug = 0)
        {
          if(is_array($form)){
@@ -225,15 +228,136 @@
       		 if($debug == 1) echo "mySQL Error Message: ".$this->errorMessage;
            }
        }
+	   */
+	   
+	   public function diffrec($record_old, $record_new) {
+		$diffrec_full = array();
+		$diff_num = 0;
+
+		if(is_array($record_old) && count($record_old) > 0) {
+			foreach($record_old as $key => $val) {
+				// if(!isset($record_new[$key]) || $record_new[$key] != $val) {
+				if($record_new[$key] != $val) {
+					// Record has changed
+					$diffrec_full['old'][$key] = $val;
+					$diffrec_full['new'][$key] = $record_new[$key];
+					$diff_num++;
+				} else {
+					$diffrec_full['old'][$key] = $val;
+					$diffrec_full['new'][$key] = $val;
+				}
+			}
+		} elseif(is_array($record_new)) {
+			foreach($record_new as $key => $val) {
+				if(isset($record_new[$key]) && @$record_old[$key] != $val) {
+					// Record has changed
+					$diffrec_full['new'][$key] = $val;
+					$diffrec_full['old'][$key] = @$record_old[$key];
+					$diff_num++;
+				} else {
+					$diffrec_full['new'][$key] = $val;
+					$diffrec_full['old'][$key] = $val;
+				}
+			}
+		}
+		
+		return array('diff_num' => $diff_num, 'diff_rec' => $diffrec_full);
+		
+	}
+	
+	//** Function to fill the datalog with a full differential record.
+	public function datalogSave($db_table, $action, $primary_field, $primary_id, $record_old, $record_new) {
+		global $app,$conf;
+
+		// Insert backticks only for incomplete table names.
+		if(stristr($db_table,'.')) {
+			$escape = '';
+		} else {
+			$escape = '`';
+		}
+
+		$tmp = $this->diffrec($record_old, $record_new);
+		$diffrec_full = $tmp['diff_rec'];
+		$diff_num = $tmp['diff_num'];
+		unset($tmp);
+		
+		// Insert the server_id, if the record has a server_id
+		$server_id = (isset($record_old["server_id"]) && $record_old["server_id"] > 0)?$record_old["server_id"]:0;
+		if(isset($record_new["server_id"])) $server_id = $record_new["server_id"];
+		
+
+		if($diff_num > 0) {
+			//print_r($diff_num);
+			//print_r($diffrec_full);
+			$diffstr = $app->db->quote(serialize($diffrec_full));
+			$username = $app->db->quote($_SESSION["s"]["user"]["username"]);
+			$dbidx = $primary_field.":".$primary_id;
+						
+			if($action == 'INSERT') $action = 'i';
+			if($action == 'UPDATE') $action = 'u';
+			if($action == 'DELETE') $action = 'd';
+			$sql = "INSERT INTO sys_datalog (dbtable,dbidx,server_id,action,tstamp,user,data) VALUES ('".$db_table."','$dbidx','$server_id','$action','".time()."','$username','$diffstr')";
+			$app->db->query($sql);
+		}
+
+		return true;
+	}
+	
+	//** Inserts a record and saves the changes into the datalog
+	public function datalogInsert($tablename, $insert_data, $index_field) {
+		global $app;
+		
+		$old_rec = array();
+		$this->query("INSERT INTO $tablename $insert_data");
+		$index_value = $this->insertID();
+		$new_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
+		$this->datalogSave($tablename, 'INSERT', $index_field, $index_value, $old_rec, $new_rec);
+		
+		return $index_value;
+	}
+	
+	//** Updates a record and saves the changes into the datalog
+	public function datalogUpdate($tablename, $update_data, $index_field, $index_value) {
+		global $app;
+		
+		$old_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
+		$this->query("UPDATE $tablename SET $update_data WHERE $index_field = '$index_value'");
+		$new_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
+		$this->datalogSave($tablename, 'UPDATE', $index_field, $index_value, $old_rec, $new_rec);
+		
+		return true;
+	}
+	
+	//** Deletes a record and saves the changes into the datalog
+	public function datalogDelete($tablename, $index_field, $index_value) {
+		global $app;
+		
+		$old_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
+		$this->query("DELETE FROM $tablename WHERE $index_field = '$index_value'");
+		$new_rec = array();
+		$this->datalogSave($tablename, 'DELETE', $index_field, $index_value, $old_rec, $new_rec);
+		
+		return true;
+	}
        
-       function closeConn() {
+       public function closeConn()
+    	{
+    		if($this->linkId)
+    		{
+    			mysql_close($this->linkId);
+    			return true;
+    		} else { return false; }
+    	}
        
-       }
-       
-       function freeResult() {
-       
-       
-       }
+    	public function freeResult($query) 
+    	{
+    		if(mysql_free_result($query))
+    		{
+    			return true;
+    		} else {
+    			return false;
+    		}
+    	}
        
        function delete() {
        

--
Gitblit v1.9.1