plugins->registerEvent('database_insert', $this->plugin_name, 'db_insert'); $app->plugins->registerEvent('database_update', $this->plugin_name, 'db_update'); $app->plugins->registerEvent('database_delete', $this->plugin_name, 'db_delete'); //* Database users $app->plugins->registerEvent('database_user_insert', $this->plugin_name, 'db_user_insert'); $app->plugins->registerEvent('database_user_update', $this->plugin_name, 'db_user_update'); $app->plugins->registerEvent('database_user_delete', $this->plugin_name, 'db_user_delete'); } function process_host_list($action, $database_name, $database_user, $database_password, $host_list, $link, $database_rename_user = '', $user_read_only = false) { global $app; $action = strtoupper($action); // set to all hosts if none given if(trim($host_list) == '') $host_list = '%'; // process arrays and comma separated strings if(!is_array($host_list)) $host_list = explode(',', $host_list); $success = true; if(!preg_match('/\*[A-F0-9]{40}$/', $database_password)) { $result = $link->query("SELECT PASSWORD('" . $link->escape_string($database_password) . "') as `crypted`"); if($result) { $row = $result->fetch_assoc(); $database_password = $row['crypted']; $result->free(); } } // loop through hostlist foreach($host_list as $db_host) { $db_host = trim($db_host); $app->log($action . ' for user ' . $database_user . ' at host ' . $db_host, LOGLEVEL_DEBUG); // check if entry is valid ip address $valid = true; if($db_host == '%' || $db_host == 'localhost') { $valid = true; // } elseif(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $db_host)) { } elseif(preg_match("/^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/", $db_host)) { $groups = explode('.', $db_host); foreach($groups as $group){ if($group<0 or $group>255) $valid=false; } } else { $valid = false; } if($valid == false) continue; if($action == 'GRANT') { if(!$link->query("GRANT " . ($user_read_only ? "SELECT" : "ALL") . " ON `".$link->escape_string($database_name)."`.* TO '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."';")) $success = false; $app->log("GRANT " . ($user_read_only ? "SELECT" : "ALL") . " ON `".$link->escape_string($database_name)."`.* TO '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."'; success? " . ($success ? 'yes' : 'no'), LOGLEVEL_DEBUG); } elseif($action == 'REVOKE') { if(!$link->query("REVOKE ALL PRIVILEGES ON `".$link->escape_string($database_name)."`.* FROM '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."';")) $success = false; } elseif($action == 'DROP') { if(!$link->query("DROP USER '".$link->escape_string($database_user)."'@'$db_host';")) $success = false; } elseif($action == 'RENAME') { if(!$link->query("RENAME USER '".$link->escape_string($database_user)."'@'$db_host' TO '".$link->escape_string($database_rename_user)."'@'$db_host'")) $success = false; } elseif($action == 'PASSWORD') { if(!$link->query("SET PASSWORD FOR '".$link->escape_string($database_user)."'@'$db_host' = '".$link->escape_string($database_password)."';")) $success = false; } } return $success; } function drop_or_revoke_user($database_id, $user_id, $host_list){ global $app; // set to all hosts if none given if(trim($host_list) == '') $host_list = '%'; $db_user_databases = $app->db->queryAllRecords("SELECT * FROM web_database WHERE (database_user_id = ? OR database_ro_user_id = ?) AND active = 'y' AND database_id != ?", $user_id, $user_id, $database_id); $db_user_host_list = array(); if(is_array($db_user_databases) && !empty($db_user_databases)){ foreach($db_user_databases as $db_user_database){ if($db_user_database['remote_access'] == 'y'){ if($db_user_database['remote_ips'] == ''){ $db_user_host_list[] = '%'; } else { $tmp_remote_ips = explode(',', $db_user_database['remote_ips']); if(is_array($tmp_remote_ips) && !empty($tmp_remote_ips)){ foreach($tmp_remote_ips as $tmp_remote_ip){ $tmp_remote_ip = trim($tmp_remote_ip); if($tmp_remote_ip != '') $db_user_host_list[] = $tmp_remote_ip; } } unset($tmp_remote_ips); } } $db_user_host_list[] = 'localhost'; } } $host_list_arr = explode(',', $host_list); //print_r($host_list_arr); $drop_hosts = array_diff($host_list_arr, $db_user_host_list); //print_r($drop_hosts); $revoke_hosts = array_diff($host_list_arr, $drop_hosts); //print_r($revoke_hosts); $drop_host_list = implode(',', $drop_hosts); $revoke_host_list = implode(',', $revoke_hosts); //echo $drop_host_list."\n"; //echo $revoke_host_list."\n"; return array('revoke_hosts' => $revoke_host_list, 'drop_hosts' => $drop_host_list); } function db_insert($event_name, $data) { global $app, $conf; if($data['new']['type'] == 'mysql') { if(!include ISPC_LIB_PATH.'/mysql_clientdb.conf') { $app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf', LOGLEVEL_ERROR); return; } //* Connect to the database $link = new mysqli($clientdb_host, $clientdb_user, $clientdb_password); if ($link->connect_error) { $app->log('Unable to connect to mysql'.$link->connect_error, LOGLEVEL_ERROR); return; } // Charset for the new table if($data['new']['database_charset'] != '') { $query_charset_table = ' DEFAULT CHARACTER SET '.$data['new']['database_charset']; } else { $query_charset_table = ''; } //* Create the new database if ($link->query('CREATE DATABASE `'.$link->escape_string($data['new']['database_name']).'`'.$query_charset_table)) { $app->log('Created MySQL database: '.$data['new']['database_name'], LOGLEVEL_DEBUG); } else { $app->log('Unable to create the database: '.$link->error, LOGLEVEL_WARNING); } // Create the database user if database is active if($data['new']['active'] == 'y') { // get the users for this database $db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = ?", $data['new']['database_user_id']); $db_ro_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = ?", $data['new']['database_ro_user_id']); $host_list = ''; if($data['new']['remote_access'] == 'y') { $host_list = $data['new']['remote_ips']; if($host_list == '') $host_list = '%'; } if($host_list != '') $host_list .= ','; $host_list .= 'localhost'; if($db_user) { if($db_user['database_user'] == 'root') $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING); else $this->process_host_list('GRANT', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $host_list, $link); } if($db_ro_user && $data['new']['database_user_id'] != $data['new']['database_ro_user_id']) { if($db_ro_user['database_user'] == 'root') $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING); else $this->process_host_list('GRANT', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $host_list, $link, '', true); } } $link->close(); } } function db_update($event_name, $data) { global $app, $conf; // skip processing if database was and is inactive if($data['new']['active'] == 'n' && $data['old']['active'] == 'n') return; if($data['new']['type'] == 'mysql') { if(!include ISPC_LIB_PATH.'/mysql_clientdb.conf') { $app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf', LOGLEVEL_ERROR); return; } //* Connect to the database $link = new mysqli($clientdb_host, $clientdb_user, $clientdb_password); if ($link->connect_error) { $app->log('Unable to connect to the database: '.$link->connect_error, LOGLEVEL_ERROR); return; } // get the users for this database $db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = ?", $data['new']['database_user_id']); $old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = ?", $data['old']['database_user_id']); $db_ro_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = ?", $data['new']['database_ro_user_id']); $old_db_ro_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = ?", $data['old']['database_ro_user_id']); $host_list = ''; if($data['new']['remote_access'] == 'y') { $host_list = $data['new']['remote_ips']; if($host_list == '') $host_list = '%'; } if($host_list != '') $host_list .= ','; $host_list .= 'localhost'; // REVOKES and DROPS have to be done on old host list, not new host list $old_host_list = ''; if($data['old']['remote_access'] == 'y') { $old_host_list = $data['old']['remote_ips']; if($old_host_list == '') $old_host_list = '%'; } if($old_host_list != '') $old_host_list .= ','; $old_host_list .= 'localhost'; //* rename database if ( $data['new']['database_name'] != $data['old']['database_name'] ) { $old_name = $link->escape_string($data['old']['database_name']); $new_name = $link->escape_string($data['new']['database_name']); $timestamp = time(); $tables = $link->query("SELECT TABLE_NAME FROM information_schema.tables WHERE table_schema='".$old_name."' AND TABLE_TYPE='BASE TABLE'"); if ($tables->num_rows > 0) { while ($row = $tables->fetch_assoc()) { $tables_array[] = $row['TABLE_NAME']; } //* save triggers, routines and events $triggers = $link->query("SHOW TRIGGERS FROM ".$old_name); if ($triggers->num_rows > 0) { while ($row = $triggers->fetch_assoc()) { $triggers_array[] = $row; } $app->log('Dumping triggers from '.$old_name, LOGLEVEL_DEBUG); $command = "mysqldump -h ".escapeshellarg($clientdb_host)." -u ".escapeshellarg($clientdb_user)." -p".escapeshellarg($clientdb_password)." ".$old_name." -d -t -R -E > ".$timestamp.$old_name.'.triggers'; exec($command, $out, $ret); $app->system->chmod($timestamp.$old_name.'.triggers', 0600); if ($ret != 0) { unset($triggers_array); $app->system->unlink($timestamp.$old_name.'.triggers'); $app->log('Unable to dump triggers from '.$old_name, LOGLEVEL_ERROR); } unset($out); } //* save views $views = $link->query("SELECT TABLE_NAME FROM information_schema.tables WHERE table_schema='".$old_name."' and TABLE_TYPE='VIEW'"); if ($views->num_rows > 0) { while ($row = $views->fetch_assoc()) { $views_array[] = $row; } foreach ($views_array as $_views) { $temp[] = $_views['TABLE_NAME']; } $app->log('Dumping views from '.$old_name, LOGLEVEL_DEBUG); $temp_views = implode(' ', $temp); $command = "mysqldump -h ".escapeshellarg($clientdb_host)." -u ".escapeshellarg($clientdb_user)." -p".escapeshellarg($clientdb_password)." ".$old_name." ".$temp_views." > ".$timestamp.$old_name.'.views'; exec($command, $out, $ret); $app->system->chmod($timestamp.$old_name.'.views', 0600); if ($ret != 0) { unset($views_array); $app->system->unlink($timestamp.$old_name.'.views'); $app->log('Unable to dump views from '.$old_name, LOGLEVEL_ERROR); } unset($out); unset($temp); unset($temp_views); } //* create new database $this->db_insert($event_name, $data); $link->query("show databases like '".$new_name."'"); if ($link) { //* rename tables foreach ($tables_array as $table) { $table = $link->escape_string($table); $sql = "RENAME TABLE ".$old_name.".".$table." TO ".$new_name.".".$table; $link->query($sql); $app->log($sql, LOGLEVEL_DEBUG); if(!$link) { $app->log($sql." failed", LOGLEVEL_ERROR); } } //* drop old triggers if (@is_array($triggers_array)) { foreach($triggers_array as $trigger) { $_trigger = $link->escape_string($trigger['Trigger']); $sql = "DROP TRIGGER ".$old_name.".".$_trigger; $link->query($sql); $app->log($sql, LOGLEVEL_DEBUG); unset($_trigger); } //* update triggers, routines and events $command = "mysql -h ".escapeshellarg($clientdb_host)." -u ".escapeshellarg($clientdb_user)." -p".escapeshellarg($clientdb_password)." ".$new_name." < ".$timestamp.$old_name.'.triggers'; exec($command, $out, $ret); if ($ret != 0) { $app->log('Unable to import triggers for '.$new_name, LOGLEVEL_ERROR); } else { $app->system->unlink($timestamp.$old_name.'.triggers'); } } //* loading views if (@is_array($views_array)) { $command = "mysql -h ".escapeshellarg($clientdb_host)." -u ".escapeshellarg($clientdb_user)." -p".escapeshellarg($clientdb_password)." ".$new_name." < ".$timestamp.$old_name.'.views'; exec($command, $out, $ret); if ($ret != 0) { $app->log('Unable to import views for '.$new_name, LOGLEVEL_ERROR); } else { $app->system->unlink($timestamp.$old_name.'.views'); } } //* drop old database $this->db_delete($event_name, $data); } else { $app->log('Connection to new databse '.$new_name.' failed', LOGLEVEL_ERROR); if (@is_array($triggers_array)) { $app->system->unlink($timestamp.$old_name.'.triggers'); } if (@is_array($views_array)) { $app->system->unlink($timestamp.$old_name.'.views'); } } } else { //* SELECT TABLE_NAME error $app->log('Unable to rename database '.$old_name.' to '.$new_name, LOGLEVEL_ERROR); } } // Create the database user if database was disabled before if($data['new']['active'] == 'y') { if($db_user) { if($db_user['database_user'] == 'root') $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING); else $this->process_host_list('GRANT', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $host_list, $link); } if($db_ro_user && $data['new']['database_user_id'] != $data['new']['database_ro_user_id']) { if($db_ro_user['database_user'] == 'root') $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING); else $this->process_host_list('GRANT', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $host_list, $link, '', true); } } else if($data['new']['active'] == 'n' && $data['old']['active'] == 'y') { // revoke database user, if inactive if($old_db_user) { if($old_db_user['database_user'] == 'root'){ $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING); } else { // Find out users to drop and users to revoke $drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $old_host_list); if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link); if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link); //$this->process_host_list('DROP', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $old_host_list, $link); //$this->process_host_list('REVOKE', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $old_host_list, $link); } } if($old_db_ro_user && $data['old']['database_user_id'] != $data['old']['database_ro_user_id']) { if($old_db_ro_user['database_user'] == 'root'){ $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING); } else { // Find out users to drop and users to revoke $drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_ro_user_id'], $old_host_list); if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link); if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link); //$this->process_host_list('DROP', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $old_host_list, $link); //$this->process_host_list('REVOKE', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $old_host_list, $link); } } // Database is not active, so stop processing here $link->close(); return; } //* selected Users have changed if($data['new']['database_user_id'] != $data['old']['database_user_id']) { if($data['old']['database_user_id'] && $data['old']['database_user_id'] != $data['new']['database_ro_user_id']) { if($old_db_user) { if($old_db_user['database_user'] == 'root'){ $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING); } else { // Find out users to drop and users to revoke $drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $old_host_list); if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link); if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link); //$this->process_host_list('DROP', $data['new']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $old_host_list, $link); //$this->process_host_list('REVOKE', $data['new']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $old_host_list, $link); } } } if($db_user) { if($db_user['database_user'] == 'root') $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING); else $this->process_host_list('GRANT', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $host_list, $link); } } if($data['new']['database_ro_user_id'] != $data['old']['database_ro_user_id']) { if($data['old']['database_ro_user_id'] && $data['old']['database_ro_user_id'] != $data['new']['database_user_id']) { if($old_db_ro_user) { if($old_db_ro_user['database_user'] == 'root'){ $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING); } else { // Find out users to drop and users to revoke $drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $old_host_list); if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link); if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link); //$this->process_host_list('DROP', $data['new']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $old_host_list, $link); //$this->process_host_list('REVOKE', $data['new']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $old_host_list, $link); } } } if($db_ro_user && $data['new']['database_user_id'] != $data['new']['database_ro_user_id']) { if($db_ro_user['database_user'] == 'root') $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING); else $this->process_host_list('GRANT', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $host_list, $link, '', true); } } //* Remote access option has changed. if($data['new']['remote_access'] != $data['old']['remote_access']) { //* revoke old priveliges //mysql_query("REVOKE ALL PRIVILEGES ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* FROM '".mysql_real_escape_string($data["new"]["database_user"],$link)."';",$link); //* set new priveliges if($data['new']['remote_access'] == 'y') { if($db_user) { if($db_user['database_user'] == 'root'){ $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING); } else { $this->process_host_list('GRANT', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $data['new']['remote_ips'], $link); } } if($db_ro_user && $data['new']['database_user_id'] != $data['new']['database_ro_user_id']) { if($db_ro_user['database_user'] == 'root') $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING); else $this->process_host_list('GRANT', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $data['new']['remote_ips'], $link, '', true); } } else { if($old_db_user) { if($old_db_user['database_user'] == 'root'){ $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING); } else { // Find out users to drop and users to revoke $drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $data['old']['remote_ips']); if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link); if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link); //$this->process_host_list('DROP', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $data['old']['remote_ips'], $link); //$this->process_host_list('REVOKE', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $data['old']['remote_ips'], $link); } } if($old_db_ro_user && $data['old']['database_user_id'] != $data['old']['database_ro_user_id']) { if($old_db_ro_user['database_user'] == 'root'){ $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING); } else { // Find out users to drop and users to revoke $drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_ro_user_id'], $data['old']['remote_ips']); if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link); if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link); //$this->process_host_list('DROP', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $data['old']['remote_ips'], $link); //$this->process_host_list('REVOKE', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $data['old']['remote_ips'], $link); } } } $app->log('Changing MySQL remote access privileges for database: '.$data['new']['database_name'], LOGLEVEL_DEBUG); } elseif($data['new']['remote_access'] == 'y' && $data['new']['remote_ips'] != $data['old']['remote_ips']) { //* Change remote access list if($old_db_user) { if($old_db_user['database_user'] == 'root'){ $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING); } else { // Find out users to drop and users to revoke $drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $data['old']['remote_ips']); if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link); if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link); } } if($db_user) { if($db_user['database_user'] == 'root'){ $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING); } else { $this->process_host_list('GRANT', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $data['new']['remote_ips'], $link); } } if($old_db_ro_user && $data['old']['database_user_id'] != $data['old']['database_ro_user_id']) { if($old_db_ro_user['database_user'] == 'root'){ $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING); } else { // Find out users to drop and users to revoke $drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $data['old']['remote_ips']); if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link); if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link); } } if($db_ro_user && $data['new']['database_user_id'] != $data['new']['database_ro_user_id']) { if($db_ro_user['database_user'] == 'root'){ $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING); } else { $this->process_host_list('GRANT', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $data['new']['remote_ips'], $link, '', true); } } } $link->close(); } } function db_delete($event_name, $data) { global $app, $conf; if($data['old']['type'] == 'mysql') { if(!include ISPC_LIB_PATH.'/mysql_clientdb.conf') { $app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf', LOGLEVEL_ERROR); return; } //* Connect to the database $link = new mysqli($clientdb_host, $clientdb_user, $clientdb_password); if ($link->connect_error) { $app->log('Unable to connect to mysql: '.$link->connect_error, LOGLEVEL_ERROR); return; } $old_host_list = ''; if($data['old']['remote_access'] == 'y') { $old_host_list = $data['old']['remote_ips']; if($old_host_list == '') $old_host_list = '%'; } if($old_host_list != '') $old_host_list .= ','; $old_host_list .= 'localhost'; if($data['old']['database_user_id']) { $old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = ?", $data['old']['database_user_id']); $drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $old_host_list); if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link); if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link); } if($data['old']['database_ro_user_id']) { $old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = ?", $data['old']['database_ro_user_id']); $drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_ro_user_id'], $old_host_list); if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link); if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link); } if($link->query('DROP DATABASE `'.$link->escape_string($data['old']['database_name'].'`'))) { $app->log('Dropping MySQL database: '.$data['old']['database_name'], LOGLEVEL_DEBUG); } else { $app->log('Error while dropping MySQL database: '.$data['old']['database_name'].' '.$link->error, LOGLEVEL_WARNING); } $link->close(); } } function db_user_insert($event_name, $data) { global $app, $conf; // we have nothing to do here, stale user accounts are useless ;) } function db_user_update($event_name, $data) { global $app, $conf; if(!include ISPC_LIB_PATH.'/mysql_clientdb.conf') { $app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf', LOGLEVEL_ERROR); return; } //* Connect to the database $link = new mysqli($clientdb_host, $clientdb_user, $clientdb_password); if ($link->connect_error) { $app->log('Unable to connect to mysql'.$link->connect_error, LOGLEVEL_ERROR); return; } if($data['old']['database_user'] == $data['new']['database_user'] && ($data['old']['database_password'] == $data['new']['database_password'] || $data['new']['database_password'] == '')) { return; } $host_list = array('localhost'); // get all databases this user was active for $user_id = intval($data['old']['database_user_id']); $db_list = $app->db->queryAllRecords("SELECT `remote_access`, `remote_ips` FROM `web_database` WHERE `database_user_id` = ? OR database_ro_user_id = ?", $user_id, $user_id);; if(count($db_list) < 1) return; // nothing to do on this server for this db user foreach($db_list as $database) { if($database['remote_access'] != 'y') continue; if($database['remote_ips'] != '') $ips = explode(',', $database['remote_ips']); else $ips = array('%'); foreach($ips as $ip) { $ip = trim($ip); if(!in_array($ip, $host_list)) $host_list[] = $ip; } } foreach($host_list as $db_host) { if($data['new']['database_user'] != $data['old']['database_user']) { $link->query("RENAME USER '".$link->escape_string($data['old']['database_user'])."'@'$db_host' TO '".$link->escape_string($data['new']['database_user'])."'@'$db_host'"); $app->log('Renaming MySQL user: '.$data['old']['database_user'].' to '.$data['new']['database_user'], LOGLEVEL_DEBUG); } if($data['new']['database_password'] != $data['old']['database_password'] && $data['new']['database_password'] != '') { $link->query("SET PASSWORD FOR '".$link->escape_string($data['new']['database_user'])."'@'$db_host' = '".$link->escape_string($data['new']['database_password'])."';"); $app->log('Changing MySQL user password for: '.$data['new']['database_user'].'@'.$db_host, LOGLEVEL_DEBUG); } } $link->close(); } function db_user_delete($event_name, $data) { global $app, $conf; if(!include ISPC_LIB_PATH.'/mysql_clientdb.conf') { $app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf', LOGLEVEL_ERROR); return; } //* Connect to the database $link = new mysqli($clientdb_host, $clientdb_user, $clientdb_password); if ($link->connect_error) { $app->log('Unable to connect to mysql'.$link->connect_error, LOGLEVEL_ERROR); return; } $host_list = array(); // read all mysql users with this username $result = $link->query("SELECT `User`, `Host` FROM `mysql`.`user` WHERE `User` = '" . $link->escape_string($data['old']['database_user']) . "' AND `Create_user_priv` = 'N'"); // basic protection against accidently deleting system users like debian-sys-maint if($result) { while($row = $result->fetch_assoc()) { $host_list[] = $row['Host']; } $result->free(); } foreach($host_list as $db_host) { if($link->query("DROP USER '".$link->escape_string($data['old']['database_user'])."'@'$db_host';")) { $app->log('Dropping MySQL user: '.$data['old']['database_user'], LOGLEVEL_DEBUG); } } $link->close(); } } // end class ?>