From f1926a01df8871cdacb29c97ffbfd7ff18d1610a Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Tue, 09 Feb 2016 11:56:40 -0500
Subject: [PATCH] Fixed problems that prevented ISPConfig to run on PHP 7, Issue #3716
---
server/plugins-available/mysql_clientdb_plugin.inc.php | 787 +++++++++++++++++++++++++++++++++++++++++++++----------
1 files changed, 639 insertions(+), 148 deletions(-)
diff --git a/server/plugins-available/mysql_clientdb_plugin.inc.php b/server/plugins-available/mysql_clientdb_plugin.inc.php
index 2cfd97a..7a5128a 100644
--- a/server/plugins-available/mysql_clientdb_plugin.inc.php
+++ b/server/plugins-available/mysql_clientdb_plugin.inc.php
@@ -1,7 +1,7 @@
<?php
/*
-Copyright (c) 2008, Till Brehm, projektfarm Gmbh
+Copyright (c) 2007, Till Brehm, projektfarm Gmbh
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
@@ -29,211 +29,702 @@
*/
class mysql_clientdb_plugin {
-
+
var $plugin_name = 'mysql_clientdb_plugin';
var $class_name = 'mysql_clientdb_plugin';
-
-
+
+ //* This function is called during ispconfig installation to determine
+ // if a symlink shall be created for this plugin.
+ function onInstall() {
+ global $conf;
+
+ if($conf['services']['db'] == true) {
+ return true;
+ } else {
+ return false;
+ }
+
+ }
+
+
/*
This function is called when the plugin is loaded
*/
-
+
function onLoad() {
global $app;
-
+
/*
Register for the events
*/
-
- //* Mailboxes
- $app->plugins->registerEvent('database_insert',$this->plugin_name,'db_insert');
- $app->plugins->registerEvent('database_update',$this->plugin_name,'db_update');
- $app->plugins->registerEvent('database_delete',$this->plugin_name,'db_delete');
-
-
+
+ //* Databases
+ $app->plugins->registerEvent('database_insert', $this->plugin_name, 'db_insert');
+ $app->plugins->registerEvent('database_update', $this->plugin_name, 'db_update');
+ $app->plugins->registerEvent('database_delete', $this->plugin_name, 'db_delete');
+
+ //* Database users
+ $app->plugins->registerEvent('database_user_insert', $this->plugin_name, 'db_user_insert');
+ $app->plugins->registerEvent('database_user_update', $this->plugin_name, 'db_user_update');
+ $app->plugins->registerEvent('database_user_delete', $this->plugin_name, 'db_user_delete');
+
+
}
-
-
- function db_insert($event_name,$data) {
+
+ function process_host_list($action, $database_name, $database_user, $database_password, $host_list, $link, $database_rename_user = '', $user_read_only = false) {
+ global $app;
+
+ $action = strtoupper($action);
+
+ // set to all hosts if none given
+ if(trim($host_list) == '') $host_list = '%';
+
+ // process arrays and comma separated strings
+ if(!is_array($host_list)) $host_list = explode(',', $host_list);
+
+ $success = true;
+ if(!preg_match('/\*[A-F0-9]{40}$/', $database_password)) {
+ $result = $link->query("SELECT PASSWORD('" . $link->escape_string($database_password) . "') as `crypted`");
+ if($result) {
+ $row = $result->fetch_assoc();
+ $database_password = $row['crypted'];
+ $result->free();
+ }
+ }
+ // loop through hostlist
+ foreach($host_list as $db_host) {
+ $db_host = trim($db_host);
+
+ $app->log($action . ' for user ' . $database_user . ' at host ' . $db_host, LOGLEVEL_DEBUG);
+
+ // check if entry is valid ip address
+ $valid = true;
+ if($db_host == '%' || $db_host == 'localhost') {
+ $valid = true;
+// } elseif(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $db_host)) {
+ } elseif(preg_match("/^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/", $db_host)) {
+ $groups = explode('.', $db_host);
+ foreach($groups as $group){
+ if($group<0 or $group>255)
+ $valid=false;
+ }
+ } else {
+ $valid = false;
+ }
+
+ if($valid == false) continue;
+
+ if($action == 'GRANT') {
+ if(!$link->query("GRANT " . ($user_read_only ? "SELECT" : "ALL") . " ON `".$link->escape_string($database_name)."`.* TO '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."';")) $success = false;
+ $app->log("GRANT " . ($user_read_only ? "SELECT" : "ALL") . " ON `".$link->escape_string($database_name)."`.* TO '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."'; success? " . ($success ? 'yes' : 'no'), LOGLEVEL_DEBUG);
+ } elseif($action == 'REVOKE') {
+ if(!$link->query("REVOKE ALL PRIVILEGES ON `".$link->escape_string($database_name)."`.* FROM '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."';")) $success = false;
+ } elseif($action == 'DROP') {
+ if(!$link->query("DROP USER '".$link->escape_string($database_user)."'@'$db_host';")) $success = false;
+ } elseif($action == 'RENAME') {
+ if(!$link->query("RENAME USER '".$link->escape_string($database_user)."'@'$db_host' TO '".$link->escape_string($database_rename_user)."'@'$db_host'")) $success = false;
+ } elseif($action == 'PASSWORD') {
+ if(!$link->query("SET PASSWORD FOR '".$link->escape_string($database_user)."'@'$db_host' = '".$link->escape_string($database_password)."';")) $success = false;
+ }
+ }
+
+ return $success;
+ }
+
+ function drop_or_revoke_user($database_id, $user_id, $host_list){
+ global $app;
+
+ // set to all hosts if none given
+ if(trim($host_list) == '') $host_list = '%';
+
+ $db_user_databases = $app->db->queryAllRecords("SELECT * FROM web_database WHERE (database_user_id = ? OR database_ro_user_id = ?) AND active = 'y' AND database_id != ?", $user_id, $user_id, $database_id);
+ $db_user_host_list = array();
+ if(is_array($db_user_databases) && !empty($db_user_databases)){
+ foreach($db_user_databases as $db_user_database){
+ if($db_user_database['remote_access'] == 'y'){
+ if($db_user_database['remote_ips'] == ''){
+ $db_user_host_list[] = '%';
+ } else {
+ $tmp_remote_ips = explode(',', $db_user_database['remote_ips']);
+ if(is_array($tmp_remote_ips) && !empty($tmp_remote_ips)){
+ foreach($tmp_remote_ips as $tmp_remote_ip){
+ $tmp_remote_ip = trim($tmp_remote_ip);
+ if($tmp_remote_ip != '') $db_user_host_list[] = $tmp_remote_ip;
+ }
+ }
+ unset($tmp_remote_ips);
+ }
+ }
+ $db_user_host_list[] = 'localhost';
+ }
+ }
+ $host_list_arr = explode(',', $host_list);
+ //print_r($host_list_arr);
+ $drop_hosts = array_diff($host_list_arr, $db_user_host_list);
+ //print_r($drop_hosts);
+ $revoke_hosts = array_diff($host_list_arr, $drop_hosts);
+ //print_r($revoke_hosts);
+
+ $drop_host_list = implode(',', $drop_hosts);
+ $revoke_host_list = implode(',', $revoke_hosts);
+ //echo $drop_host_list."\n";
+ //echo $revoke_host_list."\n";
+ return array('revoke_hosts' => $revoke_host_list, 'drop_hosts' => $drop_host_list);
+ }
+
+ function db_insert($event_name, $data) {
global $app, $conf;
-
- if($data["new"]["type"] == 'mysql') {
- if(!include_once(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
- $app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf',LOGLEVEL_ERROR);
+
+ if($data['new']['type'] == 'mysql') {
+ if(!include ISPC_LIB_PATH.'/mysql_clientdb.conf') {
+ $app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf', LOGLEVEL_ERROR);
return;
}
-
+
//* Connect to the database
- $link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
- if (!$link) {
- $app->log('Unable to connect to the database'.mysql_error($link),LOGLEVEL_ERROR);
+ $link = new mysqli($clientdb_host, $clientdb_user, $clientdb_password);
+ if ($link->connect_error) {
+ $app->log('Unable to connect to mysql'.$link->connect_error, LOGLEVEL_ERROR);
return;
}
// Charset for the new table
- if($data["new"]["database_charset"] != '') {
- $query_charset_table = ' DEFAULT CHARACTER SET '.$data["new"]["database_charset"];
+ if($data['new']['database_charset'] != '') {
+ $query_charset_table = ' DEFAULT CHARACTER SET '.$data['new']['database_charset'];
} else {
- $query_charset_table = '';
+ $query_charset_table = '';
}
//* Create the new database
- if (mysql_query('CREATE DATABASE '.mysql_real_escape_string($data["new"]["database_name"]).$query_charset_table,$link)) {
- $app->log('Created MySQL database: '.$data["new"]["database_name"],LOGLEVEL_DEBUG);
+ if ($link->query('CREATE DATABASE `'.$link->escape_string($data['new']['database_name']).'`'.$query_charset_table)) {
+ $app->log('Created MySQL database: '.$data['new']['database_name'], LOGLEVEL_DEBUG);
} else {
- $app->log('Unable to connect to the database'.mysql_error($link),LOGLEVEL_ERROR);
+ $app->log('Unable to create the database: '.$link->error, LOGLEVEL_WARNING);
}
-
+
// Create the database user if database is active
- if($data["new"]["active"] == 'y') {
-
- if($data["new"]["remote_access"] == 'y') {
- $db_host = '%';
- } else {
- $db_host = 'localhost';
+ if($data['new']['active'] == 'y') {
+
+ // get the users for this database
+ $db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = ?", $data['new']['database_user_id']);
+ $db_ro_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = ?", $data['new']['database_ro_user_id']);
+
+ $host_list = '';
+ if($data['new']['remote_access'] == 'y') {
+ $host_list = $data['new']['remote_ips'];
+ if($host_list == '') $host_list = '%';
}
-
- mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"]).".* TO '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"])."';",$link);
- //echo "GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"]).".* TO '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"])."';";
+ if($host_list != '') $host_list .= ',';
+ $host_list .= 'localhost';
+
+ if($db_user) {
+ if($db_user['database_user'] == 'root') $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
+ else $this->process_host_list('GRANT', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $host_list, $link);
+ }
+ if($db_ro_user && $data['new']['database_user_id'] != $data['new']['database_ro_user_id']) {
+ if($db_ro_user['database_user'] == 'root') $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
+ else $this->process_host_list('GRANT', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $host_list, $link, '', true);
+ }
+
}
-
- mysql_query("FLUSH PRIVILEGES;",$link);
- mysql_close($link);
+
+ $link->query('FLUSH PRIVILEGES;');
+ $link->close();
}
}
-
- function db_update($event_name,$data) {
+
+ function db_update($event_name, $data) {
global $app, $conf;
-
- if($data["new"]["type"] == 'mysql') {
- if(!include_once(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
- $app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf',LOGLEVEL_ERROR);
+
+ // skip processing if database was and is inactive
+ if($data['new']['active'] == 'n' && $data['old']['active'] == 'n') return;
+
+ if($data['new']['type'] == 'mysql') {
+ if(!include ISPC_LIB_PATH.'/mysql_clientdb.conf') {
+ $app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf', LOGLEVEL_ERROR);
return;
}
-
+
//* Connect to the database
- $link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
- if (!$link) {
- $app->log('Unable to connect to the database'.mysql_error($link),LOGLEVEL_ERROR);
+ $link = new mysqli($clientdb_host, $clientdb_user, $clientdb_password);
+ if ($link->connect_error) {
+ $app->log('Unable to connect to the database: '.$link->connect_error, LOGLEVEL_ERROR);
return;
}
-
+
+ // get the users for this database
+ $db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = ?", $data['new']['database_user_id']);
+ $old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = ?", $data['old']['database_user_id']);
+
+ $db_ro_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = ?", $data['new']['database_ro_user_id']);
+ $old_db_ro_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = ?", $data['old']['database_ro_user_id']);
+
+ $host_list = '';
+ if($data['new']['remote_access'] == 'y') {
+ $host_list = $data['new']['remote_ips'];
+ if($host_list == '') $host_list = '%';
+ }
+ if($host_list != '') $host_list .= ',';
+ $host_list .= 'localhost';
+
+ // REVOKES and DROPS have to be done on old host list, not new host list
+ $old_host_list = '';
+ if($data['old']['remote_access'] == 'y') {
+ $old_host_list = $data['old']['remote_ips'];
+ if($old_host_list == '') $old_host_list = '%';
+ }
+ if($old_host_list != '') $old_host_list .= ',';
+ $old_host_list .= 'localhost';
+
+ //* rename database
+ if ( $data['new']['database_name'] != $data['old']['database_name'] ) {
+ $old_name = $link->escape_string($data['old']['database_name']);
+ $new_name = $link->escape_string($data['new']['database_name']);
+ $timestamp = time();
+
+ $tables = $link->query("SELECT TABLE_NAME FROM information_schema.tables WHERE table_schema='".$old_name."' AND TABLE_TYPE='BASE TABLE'");
+ if ($tables->num_rows > 0) {
+ while ($row = $tables->fetch_assoc()) {
+ $tables_array[] = $row['TABLE_NAME'];
+ }
+
+ //* save triggers, routines and events
+ $triggers = $link->query("SHOW TRIGGERS FROM ".$old_name);
+ if ($triggers->num_rows > 0) {
+ while ($row = $triggers->fetch_assoc()) {
+ $triggers_array[] = $row;
+ }
+ $app->log('Dumping triggers from '.$old_name, LOGLEVEL_DEBUG);
+ $command = "mysqldump -h ".escapeshellarg($clientdb_host)." -u ".escapeshellarg($clientdb_user)." -p".escapeshellarg($clientdb_password)." ".$old_name." -d -t -R -E > ".$timestamp.$old_name.'.triggers';
+ exec($command, $out, $ret);
+ $app->system->chmod($timestamp.$old_name.'.triggers', 0600);
+ if ($ret != 0) {
+ unset($triggers_array);
+ $app->system->unlink($timestamp.$old_name.'.triggers');
+ $app->log('Unable to dump triggers from '.$old_name, LOGLEVEL_ERROR);
+ }
+ unset($out);
+ }
+
+ //* save views
+ $views = $link->query("SELECT TABLE_NAME FROM information_schema.tables WHERE table_schema='".$old_name."' and TABLE_TYPE='VIEW'");
+ if ($views->num_rows > 0) {
+ while ($row = $views->fetch_assoc()) {
+ $views_array[] = $row;
+ }
+ foreach ($views_array as $_views) {
+ $temp[] = $_views['TABLE_NAME'];
+ }
+ $app->log('Dumping views from '.$old_name, LOGLEVEL_DEBUG);
+ $temp_views = implode(' ', $temp);
+ $command = "mysqldump -h ".escapeshellarg($clientdb_host)." -u ".escapeshellarg($clientdb_user)." -p".escapeshellarg($clientdb_password)." ".$old_name." ".$temp_views." > ".$timestamp.$old_name.'.views';
+ exec($command, $out, $ret);
+ $app->system->chmod($timestamp.$old_name.'.views', 0600);
+ if ($ret != 0) {
+ unset($views_array);
+ $app->system->unlink($timestamp.$old_name.'.views');
+ $app->log('Unable to dump views from '.$old_name, LOGLEVEL_ERROR);
+ }
+ unset($out);
+ unset($temp);
+ unset($temp_views);
+ }
+
+ //* create new database
+ $this->db_insert($event_name, $data);
+
+ $link->query("show databases like '".$new_name."'");
+ if ($link) {
+ //* rename tables
+ foreach ($tables_array as $table) {
+ $table = $link->escape_string($table);
+ $sql = "RENAME TABLE ".$old_name.".".$table." TO ".$new_name.".".$table;
+ $link->query($sql);
+ $app->log($sql, LOGLEVEL_DEBUG);
+ if(!$link) {
+ $app->log($sql." failed", LOGLEVEL_ERROR);
+ }
+ }
+
+ //* drop old triggers
+ if (@is_array($triggers_array)) {
+ foreach($triggers_array as $trigger) {
+ $_trigger = $link->escape_string($trigger['Trigger']);
+ $sql = "DROP TRIGGER ".$old_name.".".$_trigger;
+ $link->query($sql);
+ $app->log($sql, LOGLEVEL_DEBUG);
+ unset($_trigger);
+ }
+ //* update triggers, routines and events
+ $command = "mysql -h ".escapeshellarg($clientdb_host)." -u ".escapeshellarg($clientdb_user)." -p".escapeshellarg($clientdb_password)." ".$new_name." < ".$timestamp.$old_name.'.triggers';
+ exec($command, $out, $ret);
+ if ($ret != 0) {
+ $app->log('Unable to import triggers for '.$new_name, LOGLEVEL_ERROR);
+ } else {
+ $app->system->unlink($timestamp.$old_name.'.triggers');
+ }
+ }
+
+ //* loading views
+ if (@is_array($views_array)) {
+ $command = "mysql -h ".escapeshellarg($clientdb_host)." -u ".escapeshellarg($clientdb_user)." -p".escapeshellarg($clientdb_password)." ".$new_name." < ".$timestamp.$old_name.'.views';
+ exec($command, $out, $ret);
+ if ($ret != 0) {
+ $app->log('Unable to import views for '.$new_name, LOGLEVEL_ERROR);
+ } else {
+ $app->system->unlink($timestamp.$old_name.'.views');
+ }
+ }
+
+ //* drop old database
+ $this->db_delete($event_name, $data);
+ } else {
+ $app->log('Connection to new databse '.$new_name.' failed', LOGLEVEL_ERROR);
+ if (@is_array($triggers_array)) {
+ $app->system->unlink($timestamp.$old_name.'.triggers');
+ }
+ if (@is_array($views_array)) {
+ $app->system->unlink($timestamp.$old_name.'.views');
+ }
+ }
+
+ } else { //* SELECT TABLE_NAME error
+ $app->log('Unable to rename database '.$old_name.' to '.$new_name, LOGLEVEL_ERROR);
+ }
+ }
+
// Create the database user if database was disabled before
- if($data["new"]["active"] == 'y' && $data["old"]["active"] == 'n') {
-
- if($data["new"]["remote_access"] == 'y') {
- $db_host = '%';
- } else {
- $db_host = 'localhost';
+ if($data['new']['active'] == 'y') {
+ if($db_user) {
+ if($db_user['database_user'] == 'root') $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
+ else $this->process_host_list('GRANT', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $host_list, $link);
}
-
- mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"]).".* TO '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"])."';",$link);
- //echo "GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"]).".* TO '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"])."';";
- }
-
- // Remove database user, if inactive
- if($data["new"]["active"] == 'n' && $data["old"]["active"] == 'y') {
-
- if($data["old"]["remote_access"] == 'y') {
- $db_host = '%';
- } else {
- $db_host = 'localhost';
+ if($db_ro_user && $data['new']['database_user_id'] != $data['new']['database_ro_user_id']) {
+ if($db_ro_user['database_user'] == 'root') $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
+ else $this->process_host_list('GRANT', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $host_list, $link, '', true);
}
-
- mysql_query("REVOKE ALL ON ".mysql_real_escape_string($data["new"]["database_name"]).".* TO '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"])."';",$link);
- //echo "GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"]).".* TO '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"])."';";
+ } else if($data['new']['active'] == 'n' && $data['old']['active'] == 'y') { // revoke database user, if inactive
+ if($old_db_user) {
+ if($old_db_user['database_user'] == 'root'){
+ $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
+ } else {
+ // Find out users to drop and users to revoke
+ $drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $old_host_list);
+ if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
+ if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
+
+
+ //$this->process_host_list('DROP', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $old_host_list, $link);
+ //$this->process_host_list('REVOKE', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $old_host_list, $link);
+ }
+
+ }
+ if($old_db_ro_user && $data['old']['database_user_id'] != $data['old']['database_ro_user_id']) {
+ if($old_db_ro_user['database_user'] == 'root'){
+ $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
+ } else {
+ // Find out users to drop and users to revoke
+ $drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_ro_user_id'], $old_host_list);
+ if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
+ if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
+
+ //$this->process_host_list('DROP', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $old_host_list, $link);
+ //$this->process_host_list('REVOKE', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $old_host_list, $link);
+ }
+ }
+ // Database is not active, so stop processing here
+ $link->query('FLUSH PRIVILEGES;');
+ $link->close();
+ return;
+ }
+
+ //* selected Users have changed
+ if($data['new']['database_user_id'] != $data['old']['database_user_id']) {
+ if($data['old']['database_user_id'] && $data['old']['database_user_id'] != $data['new']['database_ro_user_id']) {
+ if($old_db_user) {
+ if($old_db_user['database_user'] == 'root'){
+ $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
+ } else {
+ // Find out users to drop and users to revoke
+ $drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $old_host_list);
+ if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
+ if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
+
+ //$this->process_host_list('DROP', $data['new']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $old_host_list, $link);
+ //$this->process_host_list('REVOKE', $data['new']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $old_host_list, $link);
+ }
+ }
+ }
+ if($db_user) {
+ if($db_user['database_user'] == 'root') $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
+ else $this->process_host_list('GRANT', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $host_list, $link);
+ }
}
-
- //* Rename User
- if($data["new"]["database_user"] != $data["old"]["database_user"]) {
- mysql_query("RENAME USER '".mysql_real_escape_string($data["old"]["database_user"])."' TO '".mysql_real_escape_string($data["new"]["database_user"])."'",$link);
- $app->log('Renaming mysql user: '.$data["old"]["database_user"].' to '.$data["new"]["database_user"],LOGLEVEL_DEBUG);
+ if($data['new']['database_ro_user_id'] != $data['old']['database_ro_user_id']) {
+ if($data['old']['database_ro_user_id'] && $data['old']['database_ro_user_id'] != $data['new']['database_user_id']) {
+ if($old_db_ro_user) {
+ if($old_db_ro_user['database_user'] == 'root'){
+ $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
+ } else {
+ // Find out users to drop and users to revoke
+ $drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $old_host_list);
+ if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
+ if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
+
+ //$this->process_host_list('DROP', $data['new']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $old_host_list, $link);
+ //$this->process_host_list('REVOKE', $data['new']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $old_host_list, $link);
+ }
+ }
+ }
+ if($db_ro_user && $data['new']['database_user_id'] != $data['new']['database_ro_user_id']) {
+ if($db_ro_user['database_user'] == 'root') $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
+ else $this->process_host_list('GRANT', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $host_list, $link, '', true);
+ }
}
-
+
//* Remote access option has changed.
- if($data["new"]["remote_access"] != $data["old"]["remote_access"]) {
- if($data["new"]["remote_access"] == 'y') {
- mysql_query("UPDATE mysql.user SET Host = '%' WHERE User = '".mysql_real_escape_string($data["new"]["database_user"])."' and Host = 'localhost';",$link);
- mysql_query("UPDATE mysql.db SET Host = '%' WHERE User = '".mysql_real_escape_string($data["new"]["database_user"])."' and Host = 'localhost';",$link);
+ if($data['new']['remote_access'] != $data['old']['remote_access']) {
+
+ //* revoke old priveliges
+ //mysql_query("REVOKE ALL PRIVILEGES ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* FROM '".mysql_real_escape_string($data["new"]["database_user"],$link)."';",$link);
+
+ //* set new priveliges
+ if($data['new']['remote_access'] == 'y') {
+ if($db_user) {
+ if($db_user['database_user'] == 'root'){
+ $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
+ } else {
+ $this->process_host_list('GRANT', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $data['new']['remote_ips'], $link);
+ }
+ }
+ if($db_ro_user && $data['new']['database_user_id'] != $data['new']['database_ro_user_id']) {
+ if($db_ro_user['database_user'] == 'root') $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
+ else $this->process_host_list('GRANT', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $data['new']['remote_ips'], $link, '', true);
+ }
} else {
- mysql_query("UPDATE mysql.user SET Host = 'localhost' WHERE User = '".mysql_real_escape_string($data["new"]["database_user"])."' and Host = '%';",$link);
- mysql_query("UPDATE mysql.db SET Host = 'localhost' WHERE User = '".mysql_real_escape_string($data["new"]["database_user"])."' and Host = '%';",$link);
+ if($old_db_user) {
+ if($old_db_user['database_user'] == 'root'){
+ $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
+ } else {
+ // Find out users to drop and users to revoke
+ $drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $data['old']['remote_ips']);
+ if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
+ if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
+
+ //$this->process_host_list('DROP', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $data['old']['remote_ips'], $link);
+ //$this->process_host_list('REVOKE', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $data['old']['remote_ips'], $link);
+ }
+ }
+ if($old_db_ro_user && $data['old']['database_user_id'] != $data['old']['database_ro_user_id']) {
+ if($old_db_ro_user['database_user'] == 'root'){
+ $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
+ } else {
+ // Find out users to drop and users to revoke
+ $drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_ro_user_id'], $data['old']['remote_ips']);
+ if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
+ if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
+
+ //$this->process_host_list('DROP', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $data['old']['remote_ips'], $link);
+ //$this->process_host_list('REVOKE', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $data['old']['remote_ips'], $link);
+ }
+ }
}
- $app->log('Changing mysql remote access priveliges for database: '.$data["new"]["database_name"],LOGLEVEL_DEBUG);
+ $app->log('Changing MySQL remote access privileges for database: '.$data['new']['database_name'], LOGLEVEL_DEBUG);
+ } elseif($data['new']['remote_access'] == 'y' && $data['new']['remote_ips'] != $data['old']['remote_ips']) {
+ //* Change remote access list
+ if($old_db_user) {
+ if($old_db_user['database_user'] == 'root'){
+ $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
+ } else {
+ // Find out users to drop and users to revoke
+ $drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $data['old']['remote_ips']);
+ if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
+ if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
+ }
+ }
+ if($db_user) {
+ if($db_user['database_user'] == 'root'){
+ $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
+ } else {
+ $this->process_host_list('GRANT', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $data['new']['remote_ips'], $link);
+ }
+ }
+
+ if($old_db_ro_user && $data['old']['database_user_id'] != $data['old']['database_ro_user_id']) {
+ if($old_db_ro_user['database_user'] == 'root'){
+ $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
+ } else {
+ // Find out users to drop and users to revoke
+ $drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $data['old']['remote_ips']);
+ if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
+ if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
+ }
+ }
+
+ if($db_ro_user && $data['new']['database_user_id'] != $data['new']['database_ro_user_id']) {
+ if($db_ro_user['database_user'] == 'root'){
+ $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
+ } else {
+ $this->process_host_list('GRANT', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $data['new']['remote_ips'], $link, '', true);
+ }
+ }
}
-
- //* Get the db host setting for the access priveliges
- if($data["new"]["remote_access"] == 'y') {
- $db_host = '%';
- } else {
- $db_host = 'localhost';
- }
-
- /*
- //* Rename database
- if($data["new"]["database_name"] != $data["old"]["database_name"]) {
- mysql_query("",$link);
- }
- */
-
- //* Change password
- if($data["new"]["database_password"] != $data["old"]["database_password"]) {
- mysql_query("SET PASSWORD FOR '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' = PASSWORD('".mysql_real_escape_string($data["new"]["database_password"])."');",$link);
- $app->log('Changing mysql user password for: '.$data["new"]["database_user"],LOGLEVEL_DEBUG);
- }
-
- mysql_query("FLUSH PRIVILEGES;",$link);
- mysql_close($link);
+
+
+ $link->query('FLUSH PRIVILEGES;');
+ $link->close();
}
-
+
}
-
- function db_delete($event_name,$data) {
+
+ function db_delete($event_name, $data) {
global $app, $conf;
-
- if($data["old"]["type"] == 'mysql') {
- if(!include_once(ISPC_LIB_PATH.'/mysql_clientdb.conf')) {
- $app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf',LOGLEVEL_ERROR);
+
+ if($data['old']['type'] == 'mysql') {
+ if(!include ISPC_LIB_PATH.'/mysql_clientdb.conf') {
+ $app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf', LOGLEVEL_ERROR);
return;
}
-
+
//* Connect to the database
- $link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
- if (!$link) {
- $app->log('Unable to connect to the database'.mysql_error($link),LOGLEVEL_ERROR);
+ $link = new mysqli($clientdb_host, $clientdb_user, $clientdb_password);
+ if ($link->connect_error) {
+ $app->log('Unable to connect to mysql: '.$link->connect_error, LOGLEVEL_ERROR);
return;
}
-
- //* Get the db host setting for the access priveliges
- if($data["old"]["remote_access"] == 'y') {
- $db_host = '%';
- } else {
- $db_host = 'localhost';
+
+ $old_host_list = '';
+ if($data['old']['remote_access'] == 'y') {
+ $old_host_list = $data['old']['remote_ips'];
+ if($old_host_list == '') $old_host_list = '%';
}
-
- if(mysql_query("DROP USER '".mysql_real_escape_string($data["old"]["database_user"])."'@'$db_host';",$link)) {
- $app->log('Dropping mysql user: '.$data["old"]["database_user"],LOGLEVEL_DEBUG);
- } else {
- $app->log('Error while dropping mysql user: '.$data["old"]["database_user"].' '.mysql_error($link),LOGLEVEL_ERROR);
+ if($old_host_list != '') $old_host_list .= ',';
+ $old_host_list .= 'localhost';
+
+ if($data['old']['database_user_id']) {
+ $old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = ?", $data['old']['database_user_id']);
+ $drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $old_host_list);
+ if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
+ if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
}
-
- if(mysql_query('DROP DATABASE '.mysql_real_escape_string($data["old"]["database_name"]),$link)) {
- $app->log('Dropping mysql database: '.$data["old"]["database_name"],LOGLEVEL_DEBUG);
- } else {
- $app->log('Error while dropping mysql database: '.$data["old"]["database_name"].' '.mysql_error($link),LOGLEVEL_ERROR);
+ if($data['old']['database_ro_user_id']) {
+ $old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = ?", $data['old']['database_ro_user_id']);
+ $drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_ro_user_id'], $old_host_list);
+ if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
+ if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
}
-
-
- mysql_query("FLUSH PRIVILEGES;",$link);
- mysql_close($link);
+
+
+ if($link->query('DROP DATABASE `'.$link->escape_string($data['old']['database_name'].'`'))) {
+ $app->log('Dropping MySQL database: '.$data['old']['database_name'], LOGLEVEL_DEBUG);
+ } else {
+ $app->log('Error while dropping MySQL database: '.$data['old']['database_name'].' '.$link->error, LOGLEVEL_WARNING);
+ }
+
+ $link->query('FLUSH PRIVILEGES;');
+ $link->close();
}
-
-
+
+
}
-
-
-
+
+
+ function db_user_insert($event_name, $data) {
+ global $app, $conf;
+ // we have nothing to do here, stale user accounts are useless ;)
+ }
+
+ function db_user_update($event_name, $data) {
+ global $app, $conf;
+
+ if(!include ISPC_LIB_PATH.'/mysql_clientdb.conf') {
+ $app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf', LOGLEVEL_ERROR);
+ return;
+ }
+
+ //* Connect to the database
+ $link = new mysqli($clientdb_host, $clientdb_user, $clientdb_password);
+ if ($link->connect_error) {
+ $app->log('Unable to connect to mysql'.$link->connect_error, LOGLEVEL_ERROR);
+ return;
+ }
+
+
+ if($data['old']['database_user'] == $data['new']['database_user'] && ($data['old']['database_password'] == $data['new']['database_password'] || $data['new']['database_password'] == '')) {
+ return;
+ }
+
+
+ $host_list = array('localhost');
+ // get all databases this user was active for
+ $user_id = intval($data['old']['database_user_id']);
+ $db_list = $app->db->queryAllRecords("SELECT `remote_access`, `remote_ips` FROM `web_database` WHERE `database_user_id` = ? OR database_ro_user_id = ?", $user_id, $user_id);;
+ if(count($db_list) < 1) return; // nothing to do on this server for this db user
+
+ foreach($db_list as $database) {
+ if($database['remote_access'] != 'y') continue;
+
+ if($database['remote_ips'] != '') $ips = explode(',', $database['remote_ips']);
+ else $ips = array('%');
+
+ foreach($ips as $ip) {
+ $ip = trim($ip);
+ if(!in_array($ip, $host_list)) $host_list[] = $ip;
+ }
+ }
+
+ foreach($host_list as $db_host) {
+ if($data['new']['database_user'] != $data['old']['database_user']) {
+ $link->query("RENAME USER '".$link->escape_string($data['old']['database_user'])."'@'$db_host' TO '".$link->escape_string($data['new']['database_user'])."'@'$db_host'");
+ $app->log('Renaming MySQL user: '.$data['old']['database_user'].' to '.$data['new']['database_user'], LOGLEVEL_DEBUG);
+ }
+
+ if($data['new']['database_password'] != $data['old']['database_password'] && $data['new']['database_password'] != '') {
+ $link->query("SET PASSWORD FOR '".$link->escape_string($data['new']['database_user'])."'@'$db_host' = '".$link->escape_string($data['new']['database_password'])."';");
+ $app->log('Changing MySQL user password for: '.$data['new']['database_user'].'@'.$db_host, LOGLEVEL_DEBUG);
+ }
+ }
+
+ $link->query('FLUSH PRIVILEGES;');
+ $link->close();
+
+ }
+
+ function db_user_delete($event_name, $data) {
+ global $app, $conf;
+
+ if(!include ISPC_LIB_PATH.'/mysql_clientdb.conf') {
+ $app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf', LOGLEVEL_ERROR);
+ return;
+ }
+
+ //* Connect to the database
+ $link = new mysqli($clientdb_host, $clientdb_user, $clientdb_password);
+ if ($link->connect_error) {
+ $app->log('Unable to connect to mysql'.$link->connect_error, LOGLEVEL_ERROR);
+ return;
+ }
+
+ $host_list = array();
+ // read all mysql users with this username
+ $result = $link->query("SELECT `User`, `Host` FROM `mysql`.`user` WHERE `User` = '" . $link->escape_string($data['old']['database_user']) . "' AND `Create_user_priv` = 'N'"); // basic protection against accidently deleting system users like debian-sys-maint
+ if($result) {
+ while($row = $result->fetch_assoc()) {
+ $host_list[] = $row['Host'];
+ }
+ $result->free();
+ }
+
+ foreach($host_list as $db_host) {
+ if($link->query("DROP USER '".$link->escape_string($data['old']['database_user'])."'@'$db_host';")) {
+ $app->log('Dropping MySQL user: '.$data['old']['database_user'], LOGLEVEL_DEBUG);
+ }
+ }
+
+ $link->query('FLUSH PRIVILEGES;');
+ $link->close();
+ }
} // end class
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1