Commit 9f6339a5 authored by vogelor's avatar vogelor
Browse files

The names of the database and the database_user can be limited by the system

parent ee3584cd
...@@ -40,6 +40,7 @@ $tform_def_file = "form/database.tform.php"; ...@@ -40,6 +40,7 @@ $tform_def_file = "form/database.tform.php";
require_once('../../lib/config.inc.php'); require_once('../../lib/config.inc.php');
require_once('../../lib/app.inc.php'); require_once('../../lib/app.inc.php');
require_once('tools.inc.php');
//* Check permissions for module //* Check permissions for module
$app->auth->check_module_permissions('sites'); $app->auth->check_module_permissions('sites');
...@@ -73,7 +74,7 @@ class page_action extends tform_actions { ...@@ -73,7 +74,7 @@ class page_action extends tform_actions {
} }
function onShowEnd() { function onShowEnd() {
global $app, $conf; global $app, $conf, $interfaceConf;
if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) { if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
...@@ -148,6 +149,40 @@ class page_action extends tform_actions { ...@@ -148,6 +149,40 @@ class page_action extends tform_actions {
} }
/*
* If the names are restricted -> remove the client, so that the
* data can be edited
*/
if ($interfaceConf['restrict_names'] == true){
/* Get the group-id */
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the group-id of the user
$client_group_id = $_SESSION["s"]["user"]["default_group"];
}
else {
// Get the group-id from the data itself
$client_group_id = $this->dataRecord['sys_groupid'];
}
/* get the name of the client */
$tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = " . $client_group_id);
$clientName = $tmp['name'];
if ($clientName == "") $clientName = 'default';
$clientName = convertClientName($clientName);
if ($this->dataRecord['database_name'] != ""){
/* REMOVE the restriction */
$app->tpl->setVar("database_name", str_replace($clientName . '_' , '', $this->dataRecord['database_name']));
$app->tpl->setVar("database_user", str_replace($clientName . '_' , '', $this->dataRecord['database_user']));
}
if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
$app->tpl->setVar("database_name_prefix", '{client}_');
$app->tpl->setVar("database_user_prefix", '{client}_');
}
else {
$app->tpl->setVar("database_name_prefix", $clientName . '_');
$app->tpl->setVar("database_user_prefix", $clientName . '_');
}
}
parent::onShowEnd(); parent::onShowEnd();
} }
...@@ -172,7 +207,7 @@ class page_action extends tform_actions { ...@@ -172,7 +207,7 @@ class page_action extends tform_actions {
// Check if the user may add another database // Check if the user may add another database
if($client["limit_web_domain"] >= 0) { if($client["limit_database"] >= 0) {
$tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE sys_groupid = $client_group_id"); $tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE sys_groupid = $client_group_id");
if($tmp["number"] >= $client["limit_database"]) { if($tmp["number"] >= $client["limit_database"]) {
$app->error($app->tform->wordbook["limit_database_txt"]); $app->error($app->tform->wordbook["limit_database_txt"]);
...@@ -190,36 +225,93 @@ class page_action extends tform_actions { ...@@ -190,36 +225,93 @@ class page_action extends tform_actions {
} }
function onBeforeUpdate() { function onBeforeUpdate() {
global $app, $conf; global $app, $conf, $interfaceConf;
//* Check if the server has been changed /*
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway * If the names should be restricted -> do it!
if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) { */
$rec = $app->db->queryOneRecord("SELECT server_id from web_database WHERE database_id = ".$this->id); if ($interfaceConf['restrict_names'] == true){
if($rec['server_id'] != $this->dataRecord["server_id"]) { /* Get the group-id */
//* Add a error message and switch back to old server if($_SESSION["s"]["user"]["typ"] != 'admin') {
$app->tform->errorMessage .= $app->lng('The Server can not be changed.'); // Get the group-id of the user
$this->dataRecord["server_id"] = $rec['server_id']; $client_group_id = $_SESSION["s"]["user"]["default_group"];
} }
unset($rec); else {
// Get the group-id from the data itself
$client_group_id = $this->dataRecord['client_group_id'];
} }
/* get the name of the client */
$tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = " . $client_group_id);
$clientName = $tmp['name'];
if ($clientName == "") $clientName = 'default';
$clientName = convertClientName($clientName);
$nameSuffix = $clientName . '_';
}
else {
$nameSuffix = '';
} }
function onUpdate() { $error = false;
global $app, $conf;
//* Prevent that the database name and charset is changed //* Prevent that the database name and charset is changed
$old_record = $app->tform->getDataRecord($this->id); $old_record = $app->tform->getDataRecord($this->id);
if($old_record["database_name"] != $this->dataRecord["database_name"]) { if($old_record["database_name"] != $nameSuffix . $this->dataRecord["database_name"]) {
$app->tform->errorMessage .= $app->tform->wordbook["database_name_change_txt"].'<br />'; $app->tform->errorMessage .= $app->tform->wordbook["database_name_change_txt"].'<br />';
$error = true;
} }
if($old_record["database_charset"] != $this->dataRecord["database_charset"]) { if($old_record["database_charset"] != $this->dataRecord["database_charset"]) {
$app->tform->errorMessage .= $app->tform->wordbook["database_charset_change_txt"].'<br />'; $app->tform->errorMessage .= $app->tform->wordbook["database_charset_change_txt"].'<br />';
$error = true;
}
//* Check if the server has been changed
// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
if($old_record["server_id"] != $this->dataRecord["server_id"]) {
//* Add a error message and switch back to old server
$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
$this->dataRecord["server_id"] = $rec['server_id'];
$error = true;
}
} }
unset($old_record); unset($old_record);
parent::onUpdate(); if ($error == false){
/* restrict the names if there is no error */
$this->dataRecord['database_name'] = $nameSuffix . $this->dataRecord['database_name'];
$this->dataRecord['database_user'] = $nameSuffix . $this->dataRecord['database_user'];
}
parent::onBeforeUpdate();
}
function onBeforeInsert() {
global $app, $conf, $interfaceConf;
global $interfaceConf;
/*
* If the names should be restricted -> do it!
*/
if ($interfaceConf['restrict_names'] == true){
/* Get the group-id */
if($_SESSION["s"]["user"]["typ"] != 'admin') {
// Get the group-id of the user
$client_group_id = $_SESSION["s"]["user"]["default_group"];
}
else {
// Get the group-id from the data itself
$client_group_id = $this->dataRecord['client_group_id'];
}
/* get the name of the client */
$tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = " . $client_group_id);
$clientName = $tmp['name'];
if ($clientName == "") $clientName = 'default';
$clientName = convertClientName($clientName);
/* restrict the names */
$this->dataRecord['database_name'] = $clientName . '_' . $this->dataRecord['database_name'];
$this->dataRecord['database_user'] = $clientName . '_' . $this->dataRecord['database_user'];
}
parent::onBeforeInsert();
} }
function onAfterInsert() { function onAfterInsert() {
...@@ -240,7 +332,7 @@ class page_action extends tform_actions { ...@@ -240,7 +332,7 @@ class page_action extends tform_actions {
function onAfterUpdate() { function onAfterUpdate() {
global $app, $conf; global $app, $conf;
// make sure that the record belongs to the clinet group and not the admin group when a dmin inserts it // make sure that the record belongs to the client group and not the admin group when a admin inserts it
// also make sure that the user can not delete domain created by a admin // also make sure that the user can not delete domain created by a admin
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) { if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
$client_group_id = intval($this->dataRecord["client_group_id"]); $client_group_id = intval($this->dataRecord["client_group_id"]);
......
...@@ -26,10 +26,12 @@ ...@@ -26,10 +26,12 @@
</span> </span>
<span class="wf_oneField"> <span class="wf_oneField">
<label for="database_name" class="wf_preField">{tmpl_var name='database_name_txt'}</label> <label for="database_name" class="wf_preField">{tmpl_var name='database_name_txt'}</label>
{tmpl_var name='database_name_prefix'}
<input type="text" id="database_name" name="database_name" value="{tmpl_var name='database_name'}" size="30" maxlength="255" class="wf_required"><span class="wf_reqMark">*</span><br> <input type="text" id="database_name" name="database_name" value="{tmpl_var name='database_name'}" size="30" maxlength="255" class="wf_required"><span class="wf_reqMark">*</span><br>
</span> </span>
<span class="wf_oneField"> <span class="wf_oneField">
<label for="database_user" class="wf_preField">{tmpl_var name='database_user_txt'}</label> <label for="database_user" class="wf_preField">{tmpl_var name='database_user_txt'}</label>
{tmpl_var name='database_user_prefix'}
<input type="text" id="database_user" name="database_user" value="{tmpl_var name='database_user'}" size="30" maxlength="255" class="wf_required"><span class="wf_reqMark">*</span><br> <input type="text" id="database_user" name="database_user" value="{tmpl_var name='database_user'}" size="30" maxlength="255" class="wf_required"><span class="wf_reqMark">*</span><br>
</span> </span>
<span class="wf_oneField"> <span class="wf_oneField">
......
<?php
function convertClientName($name){
/**
* only allow 'a'..'z', '_', '0'..'9'
*/
$allowed = 'abcdefghijklmnopqrstuvwxyz0123456789_';
$res = '';
$name = strtolower(trim($name));
for ($i=0; $i < strlen($name); $i++){
if ($name[$i] == ' ') continue;
if (strpos($allowed, $name[$i]) !== false){
$res .= $name[$i];
}
else {
$res .= '_';
}
}
return $res;
}
?>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment