From 6733652286e1b74e447a75d0dac9d1637096b34d Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Sun, 11 Jan 2009 12:44:25 -0500
Subject: [PATCH] Fixed several bugs in client db plugin.

---
 server/plugins-available/mysql_clientdb_plugin.inc.php |  119 +++++++++++++++++++++++++++++++++++++++++++++++------------
 1 files changed, 94 insertions(+), 25 deletions(-)

diff --git a/server/plugins-available/mysql_clientdb_plugin.inc.php b/server/plugins-available/mysql_clientdb_plugin.inc.php
index 4699379..602fae4 100644
--- a/server/plugins-available/mysql_clientdb_plugin.inc.php
+++ b/server/plugins-available/mysql_clientdb_plugin.inc.php
@@ -1,7 +1,7 @@
 <?php
 
 /*
-Copyright (c) 2008, Till Brehm, projektfarm Gmbh
+Copyright (c) 2007, Till Brehm, projektfarm Gmbh
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,
@@ -33,6 +33,19 @@
 	var $plugin_name = 'mysql_clientdb_plugin';
 	var $class_name  = 'mysql_clientdb_plugin';
 	
+	//* This function is called during ispconfig installation to determine
+	//  if a symlink shall be created for this plugin.
+	function onInstall() {
+		global $conf;
+		
+		if($conf['services']['db'] == true) {
+			return true;
+		} else {
+			return false;
+		}
+		
+	}
+	
 		
 	/*
 	 	This function is called when the plugin is loaded
@@ -58,7 +71,7 @@
 		global $app, $conf;
 		
 		if($data["new"]["type"] == 'mysql') {
-			if(!include_once(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
+			if(!include(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
 				$app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf',LOGLEVEL_ERROR);
 				return;
 			}
@@ -69,23 +82,35 @@
 				$app->log('Unable to connect to the database'.mysql_error($link),LOGLEVEL_ERROR);
 				return;
 			}
-		
+
+			// Charset for the new table
+			if($data["new"]["database_charset"] != '') {
+        $query_charset_table = ' DEFAULT CHARACTER SET '.$data["new"]["database_charset"];
+			} else {
+        $query_charset_table = '';
+			}
+
 			//* Create the new database
-			if (mysql_query('CREATE DATABASE '.addslashes($data["new"]["database_name"]),$link)) {
+			if (mysql_query('CREATE DATABASE '.mysql_real_escape_string($data["new"]["database_name"]).$query_charset_table,$link)) {
 				$app->log('Created MySQL database: '.$data["new"]["database_name"],LOGLEVEL_DEBUG);
 			} else {
 				$app->log('Unable to connect to the database'.mysql_error($link),LOGLEVEL_ERROR);
 			}
 			
-			// Create the database user
-			if($data["new"]["remote_access"] == 'y') {
-			 	$db_host = '%';
-			} else {
-				$db_host = 'localhost';
+			// Create the database user if database is active
+			if($data["new"]["active"] == 'y') {
+				
+				if($data["new"]["remote_access"] == 'y') {
+			 		$db_host = '%';
+					mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
+					$db_host = 'localhost';
+					mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
+				} else {
+					$db_host = 'localhost';
+					mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
+				}
+				
 			}
-			
-			mysql_query("GRANT ALL ON ".addslashes($data["new"]["database_name"]).".* TO '".addslashes($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".addslashes($data["new"]["database_password"])."';",$link);
-			//echo "GRANT ALL ON ".addslashes($data["new"]["database_name"]).".* TO '".addslashes($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".addslashes($data["new"]["database_password"])."';";
 			
 			mysql_query("FLUSH PRIVILEGES;",$link);
 			mysql_close($link);
@@ -96,31 +121,68 @@
 		global $app, $conf;
 		
 		if($data["new"]["type"] == 'mysql') {
-			if(!include_once(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
+			if(!include(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
 				$app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf',LOGLEVEL_ERROR);
 				return;
 			}
-		
+			
 			//* Connect to the database
 			$link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
 			if (!$link) {
 				$app->log('Unable to connect to the database'.mysql_error($link),LOGLEVEL_ERROR);
+				return;
+			}
+			
+			// Create the database user if database was disabled before
+			if($data["new"]["active"] == 'y' && $data["old"]["active"] == 'n') {
+				
+				if($data["new"]["remote_access"] == 'y') {
+			 		$db_host = '%';
+					mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
+					$db_host = 'localhost';
+					mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
+				} else {
+					$db_host = 'localhost';
+					mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
+				}
+				
+				// mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
+				//echo "GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"]).".* TO '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"])."';";
+			}
+			
+			// Remove database user, if inactive
+			if($data["new"]["active"] == 'n' && $data["old"]["active"] == 'y') {
+				
+				if($data["old"]["remote_access"] == 'y') {
+			 		$db_host = '%';
+				} else {
+					$db_host = 'localhost';
+				}
+				
+				mysql_query("REVOKE ALL PRIVILEGES ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* FROM '".mysql_real_escape_string($data["new"]["database_user"],$link)."';",$link);
 			}
 			
 			//* Rename User
 			if($data["new"]["database_user"] != $data["old"]["database_user"]) {
-				mysql_query("RENAME USER '".addslashes($data["old"]["database_user"])."' TO '".addslashes($data["new"]["database_user"])."'",$link);
+				mysql_query("RENAME USER '".mysql_real_escape_string($data["old"]["database_user"],$link)."' TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'",$link);
 				$app->log('Renaming mysql user: '.$data["old"]["database_user"].' to '.$data["new"]["database_user"],LOGLEVEL_DEBUG);
 			}
 			
 			//* Remote access option has changed.
 			if($data["new"]["remote_access"] != $data["old"]["remote_access"]) {
+				
+				//* revoke old priveliges
+				mysql_query("REVOKE ALL PRIVILEGES ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* FROM '".mysql_real_escape_string($data["new"]["database_user"],$link)."';",$link);
+				
+				//* set new priveliges
 				if($data["new"]["remote_access"] == 'y') {
-					mysql_query("UPDATE mysql.user SET Host = '%' WHERE User = '".addslashes($data["new"]["database_user"])."' and Host = 'localhost';",$link);
-					mysql_query("UPDATE mysql.db SET Host = '%' WHERE User = '".addslashes($data["new"]["database_user"])."' and Host = 'localhost';",$link);
+			 		$db_host = '%';
+					mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
+					$db_host = 'localhost';
+					mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
 				} else {
-					mysql_query("UPDATE mysql.user SET Host = 'localhost' WHERE User = '".addslashes($data["new"]["database_user"])."' and Host = '%';",$link);
-					mysql_query("UPDATE mysql.db SET Host = 'localhost' WHERE User = '".addslashes($data["new"]["database_user"])."' and Host = '%';",$link);
+					$db_host = 'localhost';
+					mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* TO '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"],$link)."';",$link);
 				}
 				$app->log('Changing mysql remote access priveliges for database: '.$data["new"]["database_name"],LOGLEVEL_DEBUG);
 			}
@@ -141,7 +203,7 @@
 			
 			//* Change password
 			if($data["new"]["database_password"] != $data["old"]["database_password"]) {
-				mysql_query("SET PASSWORD FOR '".addslashes($data["new"]["database_user"])."'@'$db_host' = PASSWORD('".addslashes($data["new"]["database_password"])."');",$link);
+				mysql_query("SET PASSWORD FOR '".mysql_real_escape_string($data["new"]["database_user"],$link)."'@'$db_host' = PASSWORD('".mysql_real_escape_string($data["new"]["database_password"],$link)."');",$link);
 				$app->log('Changing mysql user password for: '.$data["new"]["database_user"],LOGLEVEL_DEBUG);
 			}
 			
@@ -155,7 +217,7 @@
 		global $app, $conf;
 		
 		if($data["old"]["type"] == 'mysql') {
-			if(!include_once(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
+			if(!include(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
 				$app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf',LOGLEVEL_ERROR);
 				return;
 			}
@@ -164,6 +226,7 @@
 			$link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
 			if (!$link) {
 				$app->log('Unable to connect to the database'.mysql_error($link),LOGLEVEL_ERROR);
+				return;
 			}
 			
 			//* Get the db host setting for the access priveliges
@@ -173,11 +236,17 @@
 				$db_host = 'localhost';
 			}
 			
-			mysql_query("DROP USER '".addslashes($data["old"]["database_user"])."'@'$db_host';",$link);
-			$app->log('Dropping mysql user: '.$data["old"]["database_user"],LOGLEVEL_DEBUG);
+			if(mysql_query("DROP USER '".mysql_real_escape_string($data["old"]["database_user"],$link)."'@'$db_host';",$link)) {
+				$app->log('Dropping mysql user: '.$data["old"]["database_user"],LOGLEVEL_DEBUG);
+			} else {
+				$app->log('Error while dropping mysql user: '.$data["old"]["database_user"].' '.mysql_error($link),LOGLEVEL_ERROR);
+			}
 			
-			mysql_query('DROP DATABASE '.addslashes($data["old"]["database_name"]),$link);
-			$app->log('Dropping mysql database: '.$data["old"]["database_name"],LOGLEVEL_DEBUG);
+			if(mysql_query('DROP DATABASE '.mysql_real_escape_string($data["old"]["database_name"],$link),$link)) {
+				$app->log('Dropping mysql database: '.$data["old"]["database_name"],LOGLEVEL_DEBUG);
+			} else {
+				$app->log('Error while dropping mysql database: '.$data["old"]["database_name"].' '.mysql_error($link),LOGLEVEL_ERROR);
+			}
 			
 			
 			mysql_query("FLUSH PRIVILEGES;",$link);

--
Gitblit v1.9.1