Commit 317b4d0d authored by mcramer's avatar mcramer

Fixed: Some improvements and fixes for the database/user separation

parent 5c80fff2
......@@ -30,11 +30,12 @@ class sites_web_database_user_plugin {
// also make sure that the user can not delete domain created by a admin
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = intval($page_form->dataRecord["client_group_id"]);
$app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$page_form->id);
$app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE database_user_id = ".$page_form->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) {
$client_group_id = intval($page_form->dataRecord["client_group_id"]);
$app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE domain_id = ".$page_form->id);
$app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$page_form->id);
}
$app->db->query("UPDATE web_database_user SET server_id = '" . intval($conf['server_id']) . "' WHERE database_user_id = ".$page_form->id);
}
}
\ No newline at end of file
......@@ -309,6 +309,7 @@ class page_action extends tform_actions {
global $app;
if(!empty($sql) && !$app->tform->isReadonlyTab($app->tform->getCurrentTab(),$this->id)) {
$app->uses('sites_database_plugin');
$app->sites_database_plugin->processDatabaseUpdate($this);
$app->db->query($sql);
......
......@@ -145,6 +145,8 @@ class page_action extends tform_actions {
$this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
}
$this->dataRecord['server_id'] = $conf['server_id'];
parent::onBeforeUpdate();
}
......@@ -173,6 +175,8 @@ class page_action extends tform_actions {
$this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
}
$this->dataRecord['server_id'] = $conf['server_id'];
parent::onBeforeInsert();
}
......@@ -200,7 +204,16 @@ class page_action extends tform_actions {
$client_group_id = intval($this->dataRecord["client_group_id"]);
$app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);
}
$old_rec = $app->db->queryOneRecord("SELECT * FROM web_database_user WHERE database_user_id = '".$this->id."'");
$records = $app->db->queryAllRecords("SELECT DISTINCT server_id FROM web_database WHERE database_user_id = '".intval($this->id)."' UNION SELECT DISTINCT server_id FROM web_database WHERE database_ro_user_id = '".intval($this->id)."'");
foreach($records as $rec) {
$new_rec = $this->dataRecord;
$new_rec['server_id'] = $rec['server_id'];
$app->db->datalogSave('web_database_user', 'UPDATE', 'database_user_id', $this->id, $old_rec, $new_rec);
}
unset($new_rec);
}
}
......
......@@ -63,6 +63,17 @@ $form["tabs"]['database_user'] = array (
##################################
# Begin Datatable fields
##################################
'server_id' => array (
'datatype' => 'INTEGER',
'formtype' => 'SELECT',
'default' => '',
'datasource' => array ( 'type' => 'SQL',
'querystring' => 'SELECT server_id,server_name FROM server WHERE mirror_server_id = 0 AND {AUTHSQL} AND db_server = 1 ORDER BY server_name',
'keyfield'=> 'server_id',
'valuefield'=> 'server_name'
),
'value' => ''
),
'database_user' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
......
......@@ -88,9 +88,11 @@ class mysql_clientdb_plugin {
foreach($host_list as $db_host) {
$db_host = trim($db_host);
$app->log($action . ' for user ' . $database_user . ' at host ' . $db_host, LOGLEVEL_DEBUG);
// check if entry is valid ip address
$valid = true;
if($db_host == '%') {
if($db_host == '%' || $db_host == 'localhost') {
$valid = true;
} elseif(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $db_host)) {
$groups = explode('.', $db_host);
......@@ -106,6 +108,7 @@ class mysql_clientdb_plugin {
if($action == 'GRANT') {
if(!$link->query("GRANT " . ($user_read_only ? "SELECT" : "ALL") . " ON ".$link->escape_string($database_name).".* TO '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."';")) $success = false;
$app->log("GRANT " . ($user_read_only ? "SELECT" : "ALL") . " ON ".$link->escape_string($database_name).".* TO '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."'; success? " . ($success ? 'yes' : 'no'), LOGLEVEL_DEBUG);
} elseif($action == 'REVOKE') {
if(!$link->query("REVOKE ALL PRIVILEGES ON ".$link->escape_string($database_name).".* FROM '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."';")) $success = false;
} elseif($action == 'DROP') {
......@@ -388,9 +391,8 @@ class mysql_clientdb_plugin {
}
if($data['new']['database_password'] != $data['old']['database_password']) {
$db_host = 'localhost';
$link->query("SET PASSWORD FOR '".$link->escape_string($data['new']['database_user'])."'@'$db_host' = '".$link->escape_string($data['new']['database_password'])."';");
$app->log('Changing MySQL user password for: '.$data['new']['database_user'],LOGLEVEL_DEBUG);
$link->query("SET PASSWORD FOR '".$link->escape_string($data['new']['database_user'])."'@'$db_host' = PASSWORD('".$link->escape_string($data['new']['database_password'])."');"); // is contained in clear text so PASSWORD() func is needed
$app->log('Changing MySQL user password for: '.$data['new']['database_user'].'@'.$db_host,LOGLEVEL_DEBUG);
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment