| Current File : //etc/sentora/panel/modules/mysql_users/code/controller.ext.php |
<?php
/**
* @copyright 2014-2015 Sentora Project (http://www.sentora.org/)
* Sentora is a GPL fork of the ZPanel Project whose original header follows:
*
* ZPanel - A Cross-Platform Open-Source Web Hosting Control panel.
*
* @package ZPanel
* @version $Id$
* @author Bobby Allen - ballen@bobbyallen.me
* @copyright (c) 2008-2014 ZPanel Group - http://www.zpanelcp.com/
* @license http://opensource.org/licenses/gpl-3.0.html GNU Public License v3
*
* This program (ZPanel) is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
class module_controller extends ctrl_module
{
static $alreadyexists;
static $dbalreadyadded;
static $blank;
static $badname;
static $badpass;
static $rootabuse;
static $badIP;
static $created_ok;
static $deleted_ok;
static $passreset_ok;
static $blankdbadded;
static $priv_req_err;
static $update_priv_succ;
static $db_added;
/**
* The 'worker' methods.
*/
static function CleanOrphanDatabases($uid)
{
global $zdbh;
$sql = "SELECT * FROM x_mysql_dbmap WHERE mm_user_fk=:userid";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':userid', $uid);
$numrows->execute();
if ($numrows->fetchColumn() <> 0) {
$sql = $zdbh->prepare($sql);
$sql->bindParam(':userid', $uid);
$sql->execute();
while ($rowmysql = $sql->fetch()) {
$rowdbSql = "SELECT * FROM x_mysql_databases WHERE my_id_pk=:id AND my_deleted_ts IS NULL";
$find = $zdbh->prepare($rowdbSql);
$find->bindParam(':id', $rowmysql['mm_database_fk']);
$find->execute();
$rowdb = $find->fetch();
if (!$rowdb) {
}
}
return true;
} else {
return false;
}
}
static function ListUsers($uid)
{
global $zdbh;
// Remove deleted databases from MySQL userlist...
self::CleanOrphanDatabases($uid);
$sql = "SELECT * FROM x_mysql_users WHERE mu_acc_fk=:userid AND mu_deleted_ts IS NULL";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':userid', $uid);
$numrows->execute();
if ($numrows->fetchColumn() <> 0) {
$sql = $zdbh->prepare($sql);
$sql->bindParam(':userid', $uid);
$res = array();
$sql->execute();
while ($rowmysql = $sql->fetch()) {
//$numrowdb = $zdbh->query("SELECT COUNT(*) FROM x_mysql_dbmap WHERE mm_user_fk=" . $rowmysql['mu_id_pk'] . "")->fetch();
$numrows = $zdbh->prepare("SELECT COUNT(*) FROM x_mysql_dbmap WHERE mm_user_fk=:mysql");
$numrows->bindParam(':mysql', $rowmysql['mu_id_pk']);
$numrows->execute();
$numrowdb = $numrows->fetch();
if ($rowmysql['mu_access_vc'] == "localhost") {
$access = $rowmysql['mu_access_vc'];
} else {
$access = $rowmysql['mu_access_vc'];
}
array_push($res, array('userid' => $rowmysql['mu_id_pk'],
'username' => $rowmysql['mu_name_vc'],
'dbpassword' => $rowmysql['mu_pass_vc'],
'totaldb' => $numrowdb[0],
'accesshtml' => $access,
'access' => $rowmysql['mu_access_vc']));
}
return $res;
} else {
return false;
}
}
static function gethelpicon()
{
global $zdbh;
global $controller;
$temp=$controller->GetControllerRequest('URL','module') ;
$val = '/assets/one.txt';
$val1 = '/modules/';
$name=file_get_contents("modules/$temp/assets/helpicon.txt");
return $name;
}
static function ListDatabases($uid)
{
global $zdbh;
$sql = "SELECT * FROM x_mysql_databases WHERE my_acc_fk=:userid AND my_deleted_ts IS NULL";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':userid', $uid);
$numrows->execute();
$num_res = $numrows->rowCount();
if($num_res <> 0) {
//if ($numrows->fetchColumn() <> 0) {
// $sql = $zdbh->prepare($sql);
$res = array();
// $sql->bindParam(':userid', $uid);
// $sql->execute();
while ($rowmysql = $numrows->fetch()) {
$sql = "SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME=:db_name";
$num = $zdbh->prepare($sql);
$num->bindParam(':db_name', $rowmysql['my_name_vc']);
$num->execute();
$result_count = $num->rowCount();
if($result_count <> 0)
{
array_push($res, array('mysqlid' => $rowmysql['my_id_pk'], 'mysqlname' => $rowmysql['my_name_vc']));
}
}
return $res;
} else {
return false;
}
}
static function ListUserDatabases($uid)
{
global $zdbh;
$sql = "SELECT * FROM x_mysql_dbmap WHERE mm_user_fk=:userid";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':userid', $uid);
$numrows->execute();
if ($numrows->fetchColumn() <> 0) {
$sql = $zdbh->prepare($sql);
$res = array();
$sql->bindParam(':userid', $uid);
$sql->execute();
while ($rowmysql = $sql->fetch()) {
$numrows = $zdbh->prepare("SELECT * FROM x_mysql_databases WHERE my_id_pk=:database AND my_deleted_ts IS NULL");
$numrows->bindParam(':database', $rowmysql['mm_database_fk']);
$numrows->execute();
$rowdb = $numrows->fetch();
if ($rowdb) {
array_push($res, array('mmid' => $rowmysql['mm_id_pk'],
'mmaccount' => $rowmysql['mm_acc_fk'],
'mmuserid' => $rowmysql['mm_user_fk'],
'mmdbid' => $rowmysql['mm_database_fk'],
'mmdbname' => $rowdb['my_name_vc']));
}
}
return $res;
} else {
return false;
}
}
static function currentMySqlUserData($mid)
{
global $zdbh;
//$numrows = $zdbh->prepare("SELECT * FROM x_mysql_users WHERE mu_id_pk=(SELECT mm_user_fk FROM x_mysql_dbmap WHERE mm_id_pk =:mid) AND mu_deleted_ts IS NULL");
$numrows = $zdbh->prepare("SELECT u.mu_id_pk as user_id, u.mu_name_vc as user_name, d.my_id_pk as db_id , d.my_name_vc as db_name FROM x_mysql_users as u JOIN x_mysql_dbmap as dm ON (u.mu_id_pk = mm_user_fk) JOIN x_mysql_databases as d ON (dm.mm_database_fk = d.my_id_pk) WHERE dm.mm_id_pk =:mid AND u.mu_deleted_ts IS NULL;");
$numrows->bindParam(':mid', $mid);
$numrows->execute();
$res_count = $numrows->rowCount();
if ($res_count <> 0) {
//$sql = $zdbh->prepare("SELECT * FROM x_mysql_users WHERE mu_id_pk=:mid AND mu_deleted_ts IS NULL");
$res = array();
//$sql->bindParam(':mid', $mid);
//$sql->execute();
while ($rowmysql = $numrows->fetch()) {
array_push($res, array('user_id' => $rowmysql['user_id'],
'user_name' => $rowmysql['user_name'],
'db_id' => $rowmysql['db_id'],
'db_name' => $rowmysql['db_name']));
}
return $res;
} else {
return false;
}
}
static function ListCurrentUser($mid)
{
global $zdbh;
$numrows = $zdbh->prepare("SELECT * FROM x_mysql_users WHERE mu_id_pk=:mid AND mu_deleted_ts IS NULL");
$numrows->bindParam(':mid', $mid);
$numrows->execute();
$res_count = $numrows->rowCount();
if ($res_count <> 0) {
//$sql = $zdbh->prepare("SELECT * FROM x_mysql_users WHERE mu_id_pk=:mid AND mu_deleted_ts IS NULL");
$res = array();
//$sql->bindParam(':mid', $mid);
//$sql->execute();
while ($rowmysql = $numrows->fetch()) {
array_push($res, array('userid' => $rowmysql['mu_id_pk'],
'username' => $rowmysql['mu_name_vc']));
}
return $res;
} else {
return false;
}
}
static function ExecuteCreateUser($uid, $username, $database, $access, $prefix, $privileges)
{
global $zdbh;
global $controller;
$currentuser = ctrl_users::GetUserDetail($uid);
$currentuser_details = ctrl_users::GetUserDetail();
// Check for spaces and remove if found...
$username = strtolower(str_replace(' ', '', $prefix.$username));
// If errors are found, then exit before creating user...
if (fs_director::CheckForEmptyValue(self::CheckCreateForErrors($username, $database, $access))) {
return false;
}
runtime_hook::Execute('OnBeforeCreateDatabaseUser');
$numrows = $zdbh->prepare("SELECT * FROM x_remote_mysql_hosts WHERE re_acc_fk=:userid AND re_deleted_ts IS NULL");
$numrows->bindParam(':userid', $uid);
$numrows->execute();
$rowcount= $numrows->rowCount();
/********** code added by Sangeeth to revoke remotehost Start *************/
//if ($rowcount <> 0) {
$rowmysqls = $numrows->fetchAll();
$localhost= array("re_host_vc"=>$access, "re_acc_fk"=>$uid);
array_push($rowmysqls, $localhost);
$password = fs_director::GenerateRandomPassword(9, 4);
$user_access = $access;
foreach($rowmysqls as $rowmysql) {
$access = $rowmysql['re_host_vc'];
echo $access;
//$password = fs_director::GenerateRandomPassword(9, 4);
// Create user in MySQL
$sql = $zdbh->prepare("CREATE USER :username@:access;");
$sql->bindParam(':username', $username);
$sql->bindParam(':access', $access);
$sql->execute();
// Set MySQL password for new user...
$sql = $zdbh->prepare("SET PASSWORD FOR :username@:access=PASSWORD(:password)");
$sql->bindParam(':username', $username);
$sql->bindParam(':access', $access);
$sql->bindParam(':password', $password);
$sql->execute();
// Get the database name from the ID...
$numrows = $zdbh->prepare("SELECT * FROM x_mysql_databases WHERE my_id_pk=:database AND my_deleted_ts IS NULL");
$numrows->bindParam(':database', $database);
$numrows->execute();
$rowdb = $numrows->fetch();
// Remove all priveledges to all databases
$sql = $zdbh->prepare("GRANT USAGE ON *.* TO :username@:access");
$sql->bindParam(':username', $username);
$sql->bindParam(':access', $access);
$sql->execute();
$dbname = $rowdb['my_name_vc'];
$usernameClean = $zdbh->mysqlRealEscapeString($username);
$accessClean = $zdbh->mysqlRealEscapeString($access);
//$accessClean = $zdbh->mysqlRealEscapeString($user_access);
$my_name_vc = $zdbh->mysqlRealEscapeString($dbname);
//$my_name_vc = $zdbh->mysqlRealEscapeString($rowdb['my_name_vc']);
$sql = $zdbh->prepare("GRANT $privileges ON `$my_name_vc`.* TO `$usernameClean`@`$accessClean`");
//$sql->bindParam(':username', $username, PDO::PARAM_STR);
//$sql->bindParam(':access', $access, PDO::PARAM_STR);
//$sql->bindParam(':name', $rowdb['my_name_vc'], PDO::PARAM_STR);
$sql->execute();
$sql = $zdbh->prepare("FLUSH PRIVILEGES");
$sql->execute();
//}
//}
}
/********** code added by Sangeeth to revoke remotehost End *************/
//}
// Add user to Sentora database...
$sql = $zdbh->prepare("INSERT INTO x_mysql_users (
mu_acc_fk,
mu_name_vc,
mu_database_fk,
mu_pass_vc,
mu_access_vc,
mu_created_ts) VALUES (
:userid,
:username,
:database,
:password,
:access,
:time)");
$sql->bindParam(':userid', $uid);
$sql->bindParam(':username', $username);
$sql->bindParam(':database', $database);
$sql->bindParam(':password', $password);
$sql->bindParam(':access', $user_access);
$time = time();
$sql->bindParam(':time', $time);
$sql->execute();
$mysql_userid = $zdbh->lastInsertId();
/********** Code removed by Sangeeth to get LastInsertId Start *************/
// Get the new users id...
//$rowuser = $zdbh->query("SELECT * FROM x_mysql_users WHERE mu_name_vc='" . $username . "' AND mu_acc_fk=" . $uid . " AND mu_deleted_ts IS NULL")->fetch();
/* $numrows = $zdbh->prepare("SELECT * FROM x_mysql_users WHERE mu_name_vc=:username AND mu_acc_fk=:userid AND mu_deleted_ts IS NULL");
$numrows->bindParam(':username', $username);
$numrows->bindParam(':userid', $uid);
$numrows->execute();
$rowuser = $numrows->fetch();
// Add database to Sentora user account...
self::ExecuteAddDB($uid, $rowuser['mu_id_pk'], $database);
*//********** Code removed by Sangeeth to get LastInsertId End *************/
self::ExecuteAddDB($uid, $mysql_userid, $database,$privileges);
runtime_hook::Execute('OnAfterCreateDatabaseUser');
self::$created_ok = true;
return true;
}
static function CheckCreateForErrors($username, $database, $access)
{
global $zdbh;
// Check to make sure the user name is not blank before we go any further...
if ($username == '') {
self::$blank = true;
return false;
}
// Check to make sure the user name is not blank before we go any further...
if ($username == 'root') {
self::$rootabuse = true;
return false;
}
// Check to make sure the user name is not blank before we go any further...
if ($database == '') {
self::$blank = true;
return false;
}
// Check to make sure the user name is not a duplicate...
$sql = "SELECT COUNT(*) FROM x_mysql_users WHERE mu_name_vc=:username AND mu_deleted_ts IS NULL";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':username', $username);
if ($numrows->execute()) {
if ($numrows->fetchColumn() <> 0) {
self::$alreadyexists = true;
return false;
}
}
// Check to make sure the user name is not a duplicate (checks actual mysql table)...
$sql = "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = :username)";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':username', $username);
if ($numrows->execute()) {
if ($numrows->fetchColumn() <> 0) {
self::$alreadyexists = true;
return false;
}
}
// Check for invalid username
if (!self::IsValidUserName($username)) {
self::$badname = true;
return false;
}
// Check for invalid IP address
if ($access != "localhost" && strtolower($access) != "localhost") {
if (!sys_monitoring::IsAnyValidIP($access)) {
self::$badIP = true;
return false;
}
}
return true;
}
static function CheckAddForErrors($userid, $database)
{
if(!($database) || $database =="" ) {
self::$blankdbadded = true;
return false;
}
global $zdbh;
// Check to make sure the database isnt already added...
//$result = $zdbh->query("SELECT * FROM x_mysql_dbmap WHERE mm_database_fk=" . $database . " AND mm_user_fk=" . $userid . "")->fetch();
$numrows = $zdbh->prepare("SELECT * FROM x_mysql_dbmap WHERE mm_database_fk=:database AND mm_user_fk=:userid");
$numrows->bindParam(':database', $database);
$numrows->bindParam(':userid', $userid);
$numrows->execute();
$result = $numrows->fetch();
if ($result) {
self::$dbalreadyadded = true;
return false;
}
return true;
}
static function ExecuteDeleteUser($mu_id_pk)
{
global $zdbh;
runtime_hook::Execute('OnBeforeDeleteDatabaseUser');
//$rowuser = $zdbh->query("SELECT * FROM x_mysql_users WHERE mu_id_pk=" . $mu_id_pk . " AND mu_deleted_ts IS NULL")->fetch();
$numrows = $zdbh->prepare("SELECT * FROM x_mysql_users WHERE mu_id_pk=:mu_id_pk AND mu_deleted_ts IS NULL");
$numrows->bindParam(':mu_id_pk', $mu_id_pk);
$numrows->execute();
$rowuser = $numrows->fetch();
$sql = "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = :name)";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':name', $rowuser['mu_name_vc']);
if ($numrows->execute()) {
//echo $numrows->fetchColumn();exit;
$currentuser = ctrl_users::GetUserDetail();
$uid = $currentuser['userid'];
if ($numrows->fetchColumn() <> 0) {
$numrows = $zdbh->prepare("SELECT * FROM x_remote_mysql_hosts WHERE re_acc_fk=:userid AND re_deleted_ts IS NULL");
$numrows->bindParam(':userid', $uid);
$numrows->execute();
$rowhosts= $numrows->fetchAll();
$access = $rowuser['mu_access_vc'];
array_push($rowhosts, array("re_host_vc"=>$access, "re_acc_fk"=>$uid));
foreach($rowhosts as $rowhost) {
//drop user
$sql = $zdbh->prepare("DROP USER :name@:access;");
$sql->bindParam(':name', $rowuser['mu_name_vc']);
//$sql->bindParam(':access', $rowuser['mu_access_vc']);
$sql->bindParam(':access', $rowhost['re_host_vc']);
$sql->execute();
//flush privileges
$sql = $zdbh->prepare("FLUSH PRIVILEGES");
$sql->execute();
}
}
}
$client_ip = self::get_client_ip();
$sql = $zdbh->prepare("
UPDATE x_mysql_users
SET mu_deleted_ts = :time,
ip_deleted = :client_ip
WHERE mu_id_pk = :mu_id_pk");
$time = time();
$sql->bindParam(':time', $time);
$sql->bindParam(':client_ip', $client_ip);
$sql->bindParam(':mu_id_pk', $mu_id_pk);
$sql->execute();
$sql = $zdbh->prepare("
DELETE FROM x_mysql_dbmap
WHERE mm_user_fk = :mu_id_pk");
$sql->bindParam(':mu_id_pk', $mu_id_pk);
$sql->execute();
runtime_hook::Execute('OnAfterDeleteDatabaseUser');
self::$deleted_ok = true;
return true;
}
static function get_client_ip() {
$ipaddress = '';
if (isset($_SERVER['HTTP_CLIENT_IP']))
$ipaddress = $_SERVER['HTTP_CLIENT_IP'];
else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
$ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
else if(isset($_SERVER['HTTP_X_FORWARDED']))
$ipaddress = $_SERVER['HTTP_X_FORWARDED'];
else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
$ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
else if(isset($_SERVER['HTTP_FORWARDED']))
$ipaddress = $_SERVER['HTTP_FORWARDED'];
else if(isset($_SERVER['REMOTE_ADDR']))
$ipaddress = $_SERVER['REMOTE_ADDR'];
else
$ipaddress = 'UNKNOWN';
return $ipaddress;
}
static function ExecuteAddDB($uid, $myuserid, $dbid, $privileges)
{
global $zdbh;
if (fs_director::CheckForEmptyValue(self::CheckAddForErrors($myuserid, $dbid))) {
return false;
}
if (!isset($uid) || $uid == NULL || $uid == '') {
$currentuser = ctrl_users::GetUserDetail();
$uid = $currentuser['userid'];
}
runtime_hook::Execute('OnBeforeAddDatabaseAccess');
//$rowdb = $zdbh->query("SELECT * FROM x_mysql_databases WHERE my_id_pk=" . $dbid . " AND my_deleted_ts IS NULL")->fetch();
$numrows = $zdbh->prepare("SELECT * FROM x_mysql_databases WHERE my_id_pk=:dbid AND my_deleted_ts IS NULL");
$numrows->bindParam(':dbid', $dbid);
$numrows->execute();
$rowdb = $numrows->fetch();
//$rowuser = $zdbh->query("SELECT * FROM x_mysql_users WHERE mu_id_pk=" . $myuserid . " AND mu_deleted_ts IS NULL")->fetch();
$numrows = $zdbh->prepare("SELECT * FROM x_mysql_users WHERE mu_id_pk=:myuserid AND mu_deleted_ts IS NULL");
$numrows->bindParam(':myuserid', $myuserid);
$numrows->execute();
$rowuser = $numrows->fetch();
$numrows = $zdbh->prepare("SELECT * FROM x_remote_mysql_hosts WHERE re_acc_fk=:userid AND re_deleted_ts IS NULL");
$numrows->bindParam(':userid', $uid);
$numrows->execute();
$rowhosts= $numrows->fetchAll();
//$localhost= array("re_host_vc"=>"localhost", "re_acc_fk"=>$uid);
array_push($rowhosts, array("re_host_vc"=>$rowuser['mu_access_vc'], "re_acc_fk"=>$uid));
foreach ($rowhosts as $rowhost) {
$my_name_vc = $zdbh->mysqlRealEscapeString($rowdb['my_name_vc']);
$mu_name_vc = $zdbh->mysqlRealEscapeString($rowuser['mu_name_vc']);
//$mu_access_vc = $zdbh->mysqlRealEscapeString($rowuser['mu_access_vc']);
$mu_access_vc = $zdbh->mysqlRealEscapeString($rowhost['re_host_vc']);
$sql = $zdbh->prepare("GRANT $privileges ON `$my_name_vc`.* TO `$mu_name_vc`@`$mu_access_vc`");
$sql->bindParam(':my_name_vc', $rowdb['my_name_vc'], PDO::PARAM_STR);
$sql->bindParam(':mu_name_vc', $rowuser['mu_name_vc'], PDO::PARAM_STR);
//$sql->bindParam(':mu_access_vc', $rowuser['mu_access_vc'], PDO::PARAM_STR);
$sql->bindParam(':mu_access_vc', $rowhost['re_host_vc'], PDO::PARAM_STR);
//echo "<pre>";print_r($sql);exit;
$sql->execute();
$sql = $zdbh->prepare("FLUSH PRIVILEGES");
$sql->execute();
}
$sql2 = $zdbh->prepare("INSERT INTO x_mysql_dbmap (
mm_acc_fk,
mm_user_fk,
mm_database_fk) VALUES (
:uid,
:myuserid,
:dbid
)");
$sql2->bindParam(':uid', $uid);
$sql2->bindParam(':myuserid', $myuserid);
$sql2->bindParam(':dbid', $dbid);
$sql2->execute();
runtime_hook::Execute('OnAfterAddDatabaseAccess');
//self::$created_ok = true;
self::$db_added = true;
if(isset($_SESSION['cgs_user']) && isset($_SESSION['cgs_id']) && array_key_exists("cgs_user",$_SESSION) && array_key_exists("cgs_id",$_SESSION) )
{
if($_SESSION['cgs_pk_id'] == $uid)
{
$user_name = $_SESSION['cgs_user'];
$sql2 = $zdbh->prepare("select my_name_vc from x_mysql_databases where my_acc_fk =:newid and my_deleted_ts IS NULL");
$sql2->bindParam(':newid',$uid);
$sql2->execute();
$row_count3 = $sql2->rowCount();
if($row_count3 >0)
{
while($rows=$sql2->fetch())
{
$my_name_vc = $rows['my_name_vc'];
try{
$sql = $zdbh->prepare("GRANT $privileges ON `$my_name_vc`. * TO :username@'localhost' ");
$sql->bindParam(':username', $user_name);
$sql->execute();
$sql = $zdbh->prepare("FLUSH PRIVILEGES");
$sql->execute();
}
catch(Exception $e) { }
}
}
}
}
return true;
}
static function ExecuteRemoveDB($myuserid, $mapid)
{ // <-- mmid = dbmaps
global $zdbh;
runtime_hook::Execute('OnBeforeRemoveDatabaseAccess');
$numrows = $zdbh->prepare("SELECT * FROM x_mysql_dbmap WHERE mm_id_pk=:mapid");
$numrows->bindParam(':mapid', $mapid);
$numrows->execute();
$rowdbmap = $numrows->fetch();
$numrows = $zdbh->prepare("SELECT * FROM x_mysql_databases WHERE my_id_pk=:mm_database_fk AND my_deleted_ts IS NULL");
$numrows->bindParam(':mm_database_fk', $rowdbmap['mm_database_fk']);
$numrows->execute();
$rowdb = $numrows->fetch();
$numrows = $zdbh->prepare("SELECT * FROM x_mysql_users WHERE mu_id_pk=:myuserid AND mu_deleted_ts IS NULL");
$numrows->bindParam(':myuserid', $myuserid);
$numrows->execute();
$rowuser = $numrows->fetch();
/*$sql = $zdbh->prepare("REVOKE ALL PRIVILEGES ON `" . $rowdb['my_name_vc'] . "`.* FROM '" . $rowuser['mu_name_vc'] . "'@'" . $rowuser['mu_access_vc'] . "'");
$sql->execute();*/
$sql = "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = :name)";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':name', $rowuser['mu_name_vc']);
if ($numrows->execute()) {
//echo $numrows->fetchColumn();exit;
$currentuser = ctrl_users::GetUserDetail();
$uid = $currentuser['userid'];
if ($numrows->fetchColumn() <> 0) {
$numrows = $zdbh->prepare("SELECT * FROM x_remote_mysql_hosts WHERE re_acc_fk=:userid AND re_deleted_ts IS NULL");
$numrows->bindParam(':userid', $uid);
$numrows->execute();
$rowhosts= $numrows->fetchAll();
array_push($rowhosts, array("re_host_vc"=>"localhost", "re_acc_fk"=>$uid));
foreach($rowhosts as $rowhost) {
$sql = $zdbh->prepare("REVOKE ALL PRIVILEGES ON `" . $rowdb['my_name_vc'] . "`.* FROM '" . $rowuser['mu_name_vc'] . "'@'" . $rowhost['re_host_vc'] . "'");
$sql->execute();
}
}
}
$sql = $zdbh->prepare("FLUSH PRIVILEGES");
$sql->execute();
$sql = $zdbh->prepare("DELETE FROM x_mysql_dbmap WHERE mm_id_pk=:mapid AND mm_user_fk=:myuserid");
$sql->bindParam(':mapid', $mapid);
$sql->bindParam(':myuserid', $myuserid);
$sql->execute();
runtime_hook::Execute('OnAfterRemoveDatabaseAccess');
self::$deleted_ok = true;
return true;
}
static function ExecuteResetPassword($myuserid, $password)
{
global $zdbh;
global $controller;
runtime_hook::Execute('OnBeforeResetDatabasePassword');
//$rowuser = $zdbh->query("SELECT * FROM x_mysql_users WHERE mu_id_pk=" . $myuserid . " AND mu_deleted_ts IS NULL")->fetch();
$numrows = $zdbh->prepare("SELECT * FROM x_mysql_users WHERE mu_id_pk=:myuserid AND mu_deleted_ts IS NULL");
$numrows->bindParam(':myuserid', $myuserid);
$numrows->execute();
$rowuser = $numrows->fetch();
$currentuser = ctrl_users::GetUserDetail();
$uid = $currentuser['userid'];
$query = "SELECT * from x_password_strength WHERE ps_user_vc='$uid'";
$res = $zdbh->prepare($query);
$res->execute();
$results = $res->rowCount();
if($results == 0)
{
if (fs_director::CheckForEmptyValue(self::CheckPasswordForErrors($password))) {
return false;
}
$sql = "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = :mu_name_vc)";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':mu_name_vc', $rowuser['mu_name_vc']);
if ($numrows->execute()) {
if ($numrows->fetchColumn() <> 0) {
// Set MySQL password for new user...
$sql = $zdbh->prepare("SET PASSWORD FOR :mu_name_vc@:mu_access_vc=PASSWORD(:password)");
$sql->bindParam(':mu_name_vc', $rowuser['mu_name_vc']);
$sql->bindParam(':mu_access_vc', $rowuser['mu_access_vc']);
$sql->bindParam(':password', $password);
$sql->execute();
$sql = $zdbh->prepare("FLUSH PRIVILEGES");
$sql->execute();
$sql = $zdbh->prepare("UPDATE x_mysql_users SET mu_pass_vc=:password WHERE mu_id_pk=:myuserid");
$sql->bindParam(':password', $password);
$sql->bindParam(':myuserid', $myuserid);
$sql->execute();
}
}
runtime_hook::Execute('OnAfterResetDatabasePassword');
self::$passreset_ok = true;
return true;
}
while($rows=$res->fetch())
{
$values= ($rows['ps_muenabled_in'] == 0 ) ? "CheckPasswordForErrors" : "";
// $values= ($rows['ps_muenabled_in'] == 0 ) ? "CheckPasswordForErrors" : "";
if($values == "CheckPasswordForErrors")
{
if (fs_director::CheckForEmptyValue(self::$values($password))) {
return false;
}
/* New Code Start */
/*if (!preg_match_all('$\S*(?=\S{9,})(?=\S*[a-z])(?=\S*[A-Z])(?=\S*[\d])(?=\S*[\W])\S*$', $password)) {
self::$badpass = true;
}*/
$sql = "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = :mu_name_vc)";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':mu_name_vc', $rowuser['mu_name_vc']);
if ($numrows->execute()) {
if ($numrows->fetchColumn() <> 0) {
// Set MySQL password for new user...
$sql = $zdbh->prepare("SET PASSWORD FOR :mu_name_vc@:mu_access_vc=PASSWORD(:password)");
$sql->bindParam(':mu_name_vc', $rowuser['mu_name_vc']);
$sql->bindParam(':mu_access_vc', $rowuser['mu_access_vc']);
$sql->bindParam(':password', $password);
$sql->execute();
$sql = $zdbh->prepare("FLUSH PRIVILEGES");
$sql->execute();
$sql = $zdbh->prepare("UPDATE x_mysql_users SET mu_pass_vc=:password WHERE mu_id_pk=:myuserid");
$sql->bindParam(':password', $password);
$sql->bindParam(':myuserid', $myuserid);
$sql->execute();
}
}
runtime_hook::Execute('OnAfterResetDatabasePassword');
self::$passreset_ok = true;
return true;
}
else
if($values == "")
{
$sql = "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = :mu_name_vc)";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':mu_name_vc', $rowuser['mu_name_vc']);
if ($numrows->execute()) {
if ($numrows->fetchColumn() <> 0) {
// Set MySQL password for new user...
$sql = $zdbh->prepare("SET PASSWORD FOR :mu_name_vc@:mu_access_vc=PASSWORD(:password)");
$sql->bindParam(':mu_name_vc', $rowuser['mu_name_vc']);
$sql->bindParam(':mu_access_vc', $rowuser['mu_access_vc']);
$sql->bindParam(':password', $password);
$sql->execute();
$sql = $zdbh->prepare("FLUSH PRIVILEGES");
$sql->execute();
$sql = $zdbh->prepare("UPDATE x_mysql_users SET mu_pass_vc=:password WHERE mu_id_pk=:myuserid");
$sql->bindParam(':password', $password);
$sql->bindParam(':myuserid', $myuserid);
$sql->execute();
}
}
runtime_hook::Execute('OnAfterResetDatabasePassword');
self::$passreset_ok = true;
return true;
}
}
}
static function getManagePrivileges() {
global $zdbh;
global $controller;
$select_priv ="";$insert_priv="";$update_priv="";$delete_priv="";
$create_priv="";$drop_priv="";$grant_priv="";$references_priv="";
$index_priv="";$alter_priv="";$create_tmp_table_priv="";$lock_tables_priv="";
$create_view_priv="";$show_view_priv="";$create_routine_priv="";
$alter_routine_priv="";$execute_priv="";$event_priv="";$trigger_priv="";
$currentuser = ctrl_users::GetUserDetail();
$display ='';
if($controller->GetControllerRequest('URL', 'other')) {
$formvars = $controller->GetAllControllerRequests('FORM');
$db_username= self::getManageUserName();
$db_name= self::getManageUserDatabaseName();
$host='localhost';
$sql = $zdbh->prepare("SELECT *FROM mysql.db WHERE db='$db_name' AND user='$db_username' AND Host='$host'");
$sql->execute();
if($sql->rowCount()>0) {
while ($res = $sql->fetch()) {
$select_priv = $res['Select_priv']=="Y" ? 'checked="checked"' : '';
$insert_priv= $res['Insert_priv']=="Y" ? 'checked="checked"' : '';
$update_priv= $res['Update_priv']=="Y" ? 'checked="checked"' : '';
$delete_priv= $res['Delete_priv']=="Y" ? 'checked="checked"' : '';
$create_priv= $res['Create_priv']=="Y" ? 'checked="checked"' : '';
$drop_priv= $res['Drop_priv']=="Y" ? 'checked="checked"' : '';
$grant_priv= $res['Grant_priv']=="Y" ? 'checked="checked"' : '';
$references_priv= $res['References_priv']=="Y" ? 'checked="checked"' : '';
$index_priv= $res['Index_priv']=="Y" ? 'checked="checked"' : '';
$alter_priv= $res['Alter_priv']=="Y" ? 'checked="checked"' : '';
$create_tmp_table_priv= $res['Create_tmp_table_priv']=="Y" ? 'checked="checked"' : '';
$lock_tables_priv= $res['Lock_tables_priv']=="Y" ? 'checked="checked"' : '';
$create_view_priv= $res['Create_view_priv']=="Y" ? 'checked="checked"' : '';
$show_view_priv= $res['Show_view_priv']=="Y" ? 'checked="checked"' : '';
$create_routine_priv= $res['Create_routine_priv']=="Y" ? 'checked="checked"' : '';
$alter_routine_priv= $res['Alter_routine_priv']=="Y" ? 'checked="checked"' : '';
$execute_priv= $res['Execute_priv']=="Y" ? 'checked="checked"' : '';
$event_priv= $res['Event_priv']=="Y" ? 'checked="checked"' : '';
$trigger_priv= $res['Trigger_priv']=="Y" ? 'checked="checked"' : '';
}
}
$display .='<form action="./?module=mysql_users&action=ManagePrivileges" method="post">';
$display .='<input type="hidden" id="db_username" name="db_username" value="'.$db_username.'" />';
$display .='<input type="hidden" id="db_name" name="db_name" value="'.$db_name.'" />';
} else {}
//$display ='<h2><: Manage User Privileges :></h2>';
//$display .='<h4>User : <@ ManageUserName @> </h4>';
//$display .='<h4>Database : <@ ManageUserDatabaseName @> </h4>';
//$display .='<form action="./?module=mysql_users&action=ManagePrivileges" method="post">';
$display .='<table id="privilage_table">';
$display .='<thead><tr><td>-------------------------------------------------- </td>';
$display .='<td>-------------------------------------------------- </td></tr>';
$display .='<tr><th colspan="2"><div><label>';
$display .='<input name="all_privi" id="all_privi" value="all_privileges" type="checkbox" onclick="checkUncheckAll()">';
$display .='ALL PRIVILEGES';
$display .='</label></div></th></tr>';
$display .='<tr><td>--------------------------------------------- </td>';
$display .='<td>-------------------------------------------------- </td></tr>';
$display .='</thead>';
$display .='<tbody>';
$display .='<tr>';
$display .='<td><div><label>';
$display .='<input id="chkALTER" name="privileges[]" value="ALTER" class="privil_right" type="checkbox" '.$alter_priv.'onclick="checkAnyone()">';
$display .='ALTER';
$display .='</label></div></td>';
$display .='<td><div><label>';
$display .='<input id="chkALTERROUTINE" name="privileges[]" value="ALTER ROUTINE" class="privil_right" type="checkbox" '.$alter_routine_priv.' onclick="checkAnyone()">';
$display .='ALTER ROUTINE';
$display .='</label></div></td></tr>';
$display .='<tr><td><div><label>';
$display .='<input id="chkCREATE" name="privileges[]" value="CREATE" class="privil_right" type="checkbox" '.$create_priv.' onclick="checkAnyone()">';
$display .='CREATE';
$display .='</label></div></td><td>';
$display .='<div><label>';
$display .='<input id="chkCREATEROUTINE" name="privileges[]" value="CREATE ROUTINE" class="privil_right" type="checkbox" '.$create_routine_priv.' onclick="checkAnyone()">';
$display .='CREATE ROUTINE';
$display .='</label></div></td></tr>';
$display .='<tr><td><div><label>';
$display .='<input id="chkCREATETEMPORARYTABLES" name="privileges[]" value="CREATE TEMPORARY TABLES" class="privil_right" type="checkbox" '.$create_tmp_table_priv.' onclick="checkAnyone()">';
$display .='CREATE TEMPORARY TABLES';
$display .='</label></div></td>';
$display .='<td><div><label>';
$display .='<input id="chkCREATEVIEW" name="privileges[]" value="CREATE VIEW" class="privil_right" type="checkbox" '.$create_view_priv.' onclick="checkAnyone()">';
$display .='CREATE VIEW';
$display .='</label></div></td></tr>';
$display .='<tr><td><div><label>';
$display .='<input id="chkDELETE" name="privileges[]" value="DELETE" class="privil_right" type="checkbox" '.$delete_priv.' onclick="checkAnyone()">';
$display .='DELETE';
$display .='</label></div></td><td>';
$display .='<div><label>';
$display .='<input id="chkDROP" name="privileges[]" value="DROP" class="privil_right" type="checkbox" '.$drop_priv.' onclick="checkAnyone()">';
$display .='DROP';
$display .='</label></div></td></tr>';
$display .='<tr><td><div><label>';
$display .='<input id="chkEVENT" name="privileges[]" value="EVENT" class="privil_right" type="checkbox" '.$event_priv.' onclick="checkAnyone()">';
$display .='EVENT';
$display .='</label></div></td><td>';
$display .='<div><label>';
$display .='<input id="chkEXECUTE" name="privileges[]" value="EXECUTE" class="privil_right" type="checkbox" '.$execute_priv.' onclick="checkAnyone()">';
$display .='EXECUTE';
$display .='</label></div></td></tr>';
$display .='<tr><td><div><label>';
$display .='<input id="chkINDEX" name="privileges[]" value="INDEX" class="privil_right" type="checkbox" '.$index_priv.' onclick="checkAnyone()">';
$display .='INDEX';
$display .='</label></div></td>';
$display .='<td><div><label>';
$display .='<input id="chkINSERT" name="privileges[]" value="INSERT" class="privil_right" type="checkbox" '.$insert_priv.' onclick="checkAnyone()">';
$display .='INSERT';
$display .='</label></div></td></tr>';
$display .='<tr><td><div><label>';
$display .='<input id="chkLOCKTABLES" name="privileges[]" value="LOCK TABLES" class="privil_right" type="checkbox" '.$lock_tables_priv.' onclick="checkAnyone()">';
$display .='LOCK TABLES';
$display .='</label></div></td><td>';
$display .='<div><label>';
$display .='<input id="chkREFERENCES" name="privileges[]" value="REFERENCES" class="privil_right" type="checkbox" '.$references_priv.' onclick="checkAnyone()">';
$display .='REFERENCES';
$display .='</label></div></td></tr>';
$display .='<tr><td><div><label>';
$display .='<input id="chkSELECT" name="privileges[]" value="SELECT" class="privil_right" type="checkbox" '.$select_priv.' onclick="checkAnyone()">';
$display .='SELECT';
$display .='</label></div></td>';
$display .='<td><div><label>';
$display .='<input id="chkSHOWVIEW" name="privileges[]" value="SHOW VIEW" class="privil_right" type="checkbox" '.$show_view_priv.' onclick="checkAnyone()">';
$display .='SHOW VIEW';
$display .='</label></div></td></tr>';
$display .='<tr><td><div><label>';
$display .='<input id="chkTRIGGER" name="privileges[]" value="TRIGGER" class="privil_right" type="checkbox" '.$trigger_priv.' onclick="checkAnyone()">';
$display .='TRIGGER';
$display .='</label></div></td>';
$display .='<td><div><label>';
$display .='<input id="chkUPDATE" name="privileges[]" value="UPDATE" class="privil_right" type="checkbox" '.$update_priv.' onclick="checkAnyone()">';
$display .='UPDATE';
$display .='</label></div></td></tr>';
$display .='<tr><td>--------------------------------------------- </td>';
$display .='<td>-------------------------------------------------- </td></tr>';
$display .='<td></td>';
$display .='<td>';
$display .='<input type="hidden" name="inUser" value="<@ EditCurrentUserID @>">';
$display .='<button id="sub_priv" name ="sub_priv" class="button-loader btn btn-primary" type="submit" >Update Privileges</button>';
$display .='</td>';
$display .='</tbody>';
$display .='</table>';
if($controller->GetControllerRequest('URL', 'other'))
$display .='</form>';
return $display;
}
static function doManagePrivileges()
{
global $controller;
//runtime_csfr::Protect();
$currentuser = ctrl_users::GetUserDetail();
$formvars = $controller->GetAllControllerRequests('FORM');
$db_username= $formvars['db_username'];
$db_name= $formvars['db_name'];
if(!isset($formvars['all_privi']) && !isset($formvars['privileges'])) {
self::$priv_req_err= true;
return false;
}
if($formvars['all_privi']== "all_privileges") {
$privileges = "ALL PRIVILEGES";
}
else {
$privileges = implode(", ",$formvars['privileges']);
}
//$privileges = implode(", ",$formvars['privileges']);
self::ExecuteManagePrivilages($db_username, $db_name, $privileges);
}
static function ExecuteManagePrivilages($db_username, $db_name, $privileges)
{
global $zdbh;
$currentuser = ctrl_users::GetUserDetail();
$uid = $currentuser['userid'];
$numrows = $zdbh->prepare("SELECT * FROM x_remote_mysql_hosts WHERE re_acc_fk=:userid AND re_deleted_ts IS NULL");
$numrows->bindParam(':userid', $uid);
$numrows->execute();
$rowmysqls = $numrows->fetchAll();
$localhost= array("re_host_vc"=>'localhost', "re_acc_fk"=>$uid);
array_push($rowmysqls, $localhost);
$password = fs_director::GenerateRandomPassword(9, 4);
$user_access = $access;
foreach($rowmysqls as $rowmysql) {
$access = $rowmysql['re_host_vc'];
$sql = $zdbh->prepare("REVOKE ALL PRIVILEGES ON `".$db_name ."`.* FROM '".$db_username."'@'".$access."'");
$sql->execute();
$sql = $zdbh->prepare("FLUSH PRIVILEGES");
$sql->execute();
$sql = $zdbh->prepare("GRANT $privileges ON `$db_name`.* TO `$db_username`@`$access`");
$sql->execute();
$sql = $zdbh->prepare("FLUSH PRIVILEGES");
$sql->execute();
}
self::$update_priv_succ = true;
}
static function CheckPasswordForErrors($password)
{
if (!self::IsValidPassword($password)) {
self::$badpass = true;
return false;
}
return true;
}
static function IsValidUserName($username)
{
if (!preg_match('/^[a-z\d\w][a-z\d\w-]{0,62}$/i', $username) || preg_match('/-$/', $username)) {
return false;
} else {
if (strlen($username) < 17) {
// Enforce the MySQL username limit! (http://dev.mysql.com/doc/refman/4.1/en/user-names.html)
return true;
}
return false;
}
}
static function IsValidPassword($password)
{
if (!preg_match_all('$\S*(?=\S{9,})(?=\S*[a-z])(?=\S*[A-Z])(?=\S*[\d])(?=\S*[\W])\S*$', $password)) {
return false;
}
return true;
}
/**
* End 'worker' methods.
*/
/**
* Webinterface sudo methods.
*/
static function doCreateUser()
{
global $controller;
runtime_csfr::Protect();
$currentuser = ctrl_users::GetUserDetail();
$formvars = $controller->GetAllControllerRequests('FORM');
if ($formvars['inAccess'] == 1) {
$access = "localhost";
} else {
$access = $formvars['inAccessIP'];
}
if(!isset($formvars['all_privi']) && !isset($formvars['privileges'])) {
self::$priv_req_err= true;
return false;
}
if($formvars['all_privi']== "all_privileges") {
$privileges = "ALL PRIVILEGES";
}
else {
$privileges = implode(", ",$formvars['privileges']);
}
if (self::ExecuteCreateUser($currentuser['userid'], $formvars['inUserName'], $formvars['inDatabase'], $access, $formvars['inprefix'],$privileges))
return true;
return false;
}
static function doEditUser()
{
global $controller;
runtime_csfr::Protect();
$currentuser = ctrl_users::GetUserDetail();
$formvars = $controller->GetAllControllerRequests('FORM');
foreach (self::ListUsers($currentuser['userid']) as $row) {
if (isset($formvars['inDelete_' . $row['userid'] . ''])) {
header("location: ./?module=" . $controller->GetCurrentModule() . "&show=Delete&other=" . $row['userid'] . "");
exit;
}
if (isset($formvars['inEdit_' . $row['userid'] . ''])) {
header("location: ./?module=" . $controller->GetCurrentModule() . "&show=Edit&other=" . $row['userid'] . "");
exit;
}
}
return;
}
static function doAddDB()
{
global $controller;
global $zdbh;
runtime_csfr::Protect();
$currentuser = ctrl_users::GetUserDetail();
$formvars = $controller->GetAllControllerRequests('FORM');
//echo "<pre>";print_r($formvars);
if(!isset($formvars['all_privi']) && !isset($formvars['privileges']))
{
$select_priv ="";$insert_priv="";$update_priv="";$delete_priv="";
$create_priv="";$drop_priv="";$grant_priv="";$references_priv="";
$index_priv="";$alter_priv="";$create_tmp_table_priv="";$lock_tables_priv="";
$create_view_priv="";$show_view_priv="";$create_routine_priv="";
$alter_routine_priv="";$execute_priv="";$event_priv="";$trigger_priv="";
$currentuser = ctrl_users::GetUserDetail();
$display ='';
$db_userid = $formvars['inUser'];
$db_id = $formvars['inDatabase'];
$sql = $zdbh->prepare("SELECT mu_name_vc FROM x_mysql_users WHERE mu_id_pk=$db_userid");
$sql->execute();
$res = $sql->fetch();
$db_username = $res['mu_name_vc'];
//$db_username= self::getManageUserName();
//$db_name= self::getManageUserDatabaseName();
$host='localhost';
$sql = $zdbh->prepare("SELECT * FROM mysql.db WHERE user='$db_username' AND Host='$host'");
$sql->execute();
//echo "SELECT * FROM mysql.db WHERE db='$db_name' AND user='$db_username' AND Host='$host'";
//echo $sql->rowCount();
if($sql->rowCount()>0) {
while ($res = $sql->fetch()) {
$select_priv = $res['Select_priv']=="Y" ? 'SELECT' : '';
$insert_priv= $res['Insert_priv']=="Y" ? 'INSERT' : '';
$update_priv= $res['Update_priv']=="Y" ? 'UPDATE' : '';
$delete_priv= $res['Delete_priv']=="Y" ? 'DELETE' : '';
$create_priv= $res['Create_priv']=="Y" ? 'CREATE' : '';
$drop_priv= $res['Drop_priv']=="Y" ? 'DROP' : '';
$grant_priv= $res['Grant_priv']=="Y" ? 'ALL PRIVILEGES' : '';
$references_priv= $res['References_priv']=="Y" ? 'REFERENCES' : '';
$index_priv= $res['Index_priv']=="Y" ? 'INDEX' : '';
$alter_priv= $res['Alter_priv']=="Y" ? 'ALTER' : '';
$create_tmp_table_priv= $res['Create_tmp_table_priv']=="Y" ? 'CREATE TEMPORARY TABLES' : '';
$lock_tables_priv= $res['Lock_tables_priv']=="Y" ? 'LOCK TABLES' : '';
$create_view_priv= $res['Create_view_priv']=="Y" ? 'CREATE VIEW' : '';
$show_view_priv= $res['Show_view_priv']=="Y" ? 'SHOW VIEW' : '';
$create_routine_priv= $res['Create_routine_priv']=="Y" ? 'CREATE ROUTINE' : '';
$alter_routine_priv= $res['Alter_routine_priv']=="Y" ? 'ALTER ROUTINE' : '';
$execute_priv= $res['Execute_priv']=="Y" ? 'EXECUTE' : '';
$event_priv= $res['Event_priv']=="Y" ? 'EVENT' : '';
$trigger_priv= $res['Trigger_priv']=="Y" ? 'TRIGGER' : '';
}
$privileges = array($select_priv,$insert_priv,$update_priv,$delete_priv,$create_priv,$drop_priv,$grant_priv,$references_priv,$index_priv,$alter_priv,$create_tmp_table_priv,$lock_tables_priv,$create_view_priv,$show_view_priv,$create_routine_priv,$alter_routine_priv,$execute_priv,$event_priv,$trigger_priv);
$privileges = implode(",", array_filter($privileges));
}
}
else if($formvars['all_privi']== "all_privileges") {
$privileges = "ALL PRIVILEGES";
}
else {
$privileges = implode(", ",$formvars['privileges']);
}
if (self::ExecuteAddDB($currentuser['userid'], $formvars['inUser'], $formvars['inDatabase'], $privileges))
return true;
return false;
}
static function doRemoveDB()
{
global $controller;
runtime_csfr::Protect();
$currentuser = ctrl_users::GetUserDetail();
$formvars = $controller->GetAllControllerRequests('FORM');
foreach (self::ListUserDatabases($formvars['inUser']) as $row) {
/*if (isset($formvars['inRemove_' . $row['mmid'] . ''])) {
if (self::ExecuteRemoveDB($formvars['inUser'], $formvars['inRemove_' . $row['mmid'] . ''])) {
return true;
} else {
return false;
}
}*/
if (isset($formvars['inRemove_' . $row['mmid'] . ''])) {
header("location: ./?module=" . $controller->GetCurrentModule() . "&show=RemoveDb&other=" . $row['mmid'] . "");
exit;
}
if (isset($formvars['inManage_' . $row['mmid'] . ''])) {
header("location: ./?module=" . $controller->GetCurrentModule() . "&show=Manage&other=" . $row['mmid'] . "");
exit;
}
}
return false;
}
static function doConfirmDeleteUser()
{
global $controller;
runtime_csfr::Protect();
$formvars = $controller->GetAllControllerRequests('FORM');
if (self::ExecuteDeleteUser($formvars['inDelete']))
return true;
return false;
}
static function doConfirmRemoveDb()
{
global $controller;
runtime_csfr::Protect();
$formvars = $controller->GetAllControllerRequests('FORM');
if (self::ExecuteRemoveDB($formvars['inUser'], $formvars['inRemoveDb']))
return true;
return false;
}
static function doResetPW()
{
global $controller;
runtime_csfr::Protect();
$formvars = $controller->GetAllControllerRequests('FORM');
if (self::ExecuteResetPassword($formvars['inUser'], $formvars['inResetPW']))
return true;
return false;
}
static function getUserList()
{
global $controller;
$currentuser = ctrl_users::GetUserDetail();
return self::ListUsers($currentuser['userid']);
}
static function getDatabaseList()
{
global $controller;
$currentuser = ctrl_users::GetUserDetail();
return self::ListDatabases($currentuser['userid']);
}
static function getUserDatabaseList()
{
global $controller;
$currentuser = ctrl_users::GetUserDetail();
return self::ListUserDatabases($controller->GetControllerRequest('URL', 'other'));
}
static function getisDeleteUser()
{
global $controller;
$urlvars = $controller->GetAllControllerRequests('URL');
if ((isset($urlvars['show'])) && ($urlvars['show'] == "Delete"))
return true;
return false;
}
static function getisRemoveDb()
{
global $controller;
$urlvars = $controller->GetAllControllerRequests('URL');
if ((isset($urlvars['show'])) && ($urlvars['show'] == "RemoveDb"))
return true;
return false;
}
static function getisEditUser()
{
global $controller;
$urlvars = $controller->GetAllControllerRequests('URL');
if ((isset($urlvars['show'])) && ($urlvars['show'] == "Edit"))
return true;
return false;
}
static function getisManageUser()
{
global $controller;
$urlvars = $controller->GetAllControllerRequests('URL');
if ((isset($urlvars['show'])) && ($urlvars['show'] == "Manage"))
return true;
return false;
}
static function getisCreateUser()
{
global $controller;
$urlvars = $controller->GetAllControllerRequests('URL');
if (!isset($urlvars['show']))
return true;
return false;
}
static function getCurrentUserName()
{
global $zdbh;
global $controller;
$currentuser = ctrl_users::GetUserDetail();
$uid = $currentuser['userid'];
$query = "SELECT * from x_database_settings WHERE ds_user_vc='$uid'";
$res = $zdbh->prepare($query);
$res->execute();
$results = $res->rowCount();
$val = "";
if($results == 0)
{
return $currentuser['username']."_";
}
else
if($results > 0)
{
while($rows=$res->fetch())
{
if($rows['ds_enabled_in'] == 0)
{
return $currentuser['username']."_";
}
else if($rows['ds_enabled_in'] == 1)
{
return $val;
}
}
}
}
static function getCurrentID()
{
global $zdbh;
global $controller;
$currentuser = ctrl_users::GetUserDetail();
$uid = $currentuser['userid'];
$query = "SELECT * from x_password_strength WHERE ps_user_vc='$uid'";
$res = $zdbh->prepare($query);
$res->execute();
$results = $res->rowCount();
$val = "";
if($results == 0)
{
return "input-password";
}
else
if($results > 0)
{
while($rows=$res->fetch())
{
if($rows['ps_muenabled_in'] == 0)
{
return "input-password";
}
else if($rows['ps_muenabled_in'] == 1)
{
return $val;
}
}
}
}
static function getGeneratePass()
{
global $zdbh;
global $controller;
$currentuser = ctrl_users::GetUserDetail();
$uid = $currentuser['userid'];
$query = "SELECT * from x_password_strength WHERE ps_user_vc='$uid'";
$res = $zdbh->prepare($query);
$res->execute();
$results = $res->rowCount();
$val = "";
if($results == 0)
{
return "Generate Password";
}
else
if($results > 0)
{
while($rows=$res->fetch())
{
if($rows['ps_muenabled_in'] == 0)
{
return "Generate Password";
}
else if($rows['ps_muenabled_in'] == 1)
{
return $val;
}
}
}
}
static function getEditCurrentUserName()
{
global $controller;
if ($controller->GetControllerRequest('URL', 'other')) {
$current = self::ListCurrentUser($controller->GetControllerRequest('URL', 'other'));
return $current[0]['username'];
} else {
return "";
}
}
static function getManageUserName()
{
global $controller;
if ($controller->GetControllerRequest('URL', 'other')) {
$current = self::currentMySqlUserData($controller->GetControllerRequest('URL', 'other'));
if($controller->GetControllerRequest('URL', 'show') == "RemoveDb")
return $current[0]['user_id'];
else
return $current[0]['user_name'];
} else {
return "";
}
}
static function getRemoveDbId()
{
global $controller;
if ($controller->GetControllerRequest('URL', 'other')) {
return $controller->GetControllerRequest('URL', 'other');
} else {
return "";
}
}
static function getManageUserDatabaseName()
{
global $controller;
if ($controller->GetControllerRequest('URL', 'other')) {
$current = self::currentMySqlUserData($controller->GetControllerRequest('URL', 'other'));
return $current[0]['db_name'];
} else {
return "";
}
}
static function getEditCurrentUserID()
{
global $controller;
if ($controller->GetControllerRequest('URL', 'other')) {
$current = self::ListCurrentUser($controller->GetControllerRequest('URL', 'other'));
return $current[0]['userid'];
} else {
return "";
}
}
static function getcurrentnote()
{
global $zdbh;
global $controller;
$currentuser = ctrl_users::GetUserDetail();
$uid = $currentuser['userid'];
$query = "SELECT * from x_password_strength WHERE ps_user_vc='$uid'";
$res = $zdbh->prepare($query);
$res->execute();
$results = $res->rowCount();
$val = "";
if($results == 0)
{
return true;
}
else
if($results > 0)
{
while($rows=$res->fetch())
{
if($rows['ps_muenabled_in'] == 0)
{
return true;
}
else if($rows['ps_muenabled_in'] == 1)
{
return false;
}
}
}
}
static function getMysqlUsagepChart()
{
return '<img src="' .ui_tpl_assetfolderpath::Template(). 'img/misc/unlimited.png" alt="' .ui_language::translate('Unlimited'). '"/>';
}
static function getResult()
{
if (!fs_director::CheckForEmptyValue(self::$blank)) {
return ui_sysmessage::shout(ui_language::translate("To create your MySQL user, Please specify the username and select the database."), "zannounceerror");
}
if (!fs_director::CheckForEmptyValue(self::$rootabuse)) {
return ui_sysmessage::shout(ui_language::translate("You can't create a user named 'root'! This attempt has been logged and the system administrator notified!."), "zannounceerror");
}
if (!fs_director::CheckForEmptyValue(self::$alreadyexists)) {
return ui_sysmessage::shout(ui_language::translate("This MySQL username has already exsist."), "zannounceerror");
}
if (!fs_director::CheckForEmptyValue(self::$badname)) {
return ui_sysmessage::shout(ui_language::translate("Your MySQL user name is not valid. Please enter a valid MySQL user name of length 16 including prefix."), "zannounceerror");
}
if (!fs_director::CheckForEmptyValue(self::$badpass)) {
return ui_sysmessage::shout(ui_language::translate("Your MySQL password is not valid. Enter Valid characters of length 9 with atleast 1 uppercase,lowercase,number,special character."), "zannounceerror");
}
if (!fs_director::CheckForEmptyValue(self::$badIP)) {
return ui_sysmessage::shout(ui_language::translate("The IP address is not valid. Please enter a valid IP address."), "zannounceerror");
}
if (!fs_director::CheckForEmptyValue(self::$dbalreadyadded)) {
return ui_sysmessage::shout(ui_language::translate("That database has already been added to this user."), "zannounceerror");
}
if (!fs_director::CheckForEmptyValue(self::$blankdbadded)) {
return ui_sysmessage::shout(ui_language::translate("Please select any database to add for this user."), "zannounceerror");
}
if (!fs_director::CheckForEmptyValue(self::$priv_req_err)) {
return ui_sysmessage::shout(ui_language::translate("Please assign privileges to the user."), "zannounceerror");
}
if (!fs_director::CheckForEmptyValue(self::$deleted_ok)) {
return ui_sysmessage::shout(ui_language::translate("MySQL user has been deleted successfully!"), "zannounceok");
}
if (!fs_director::CheckForEmptyValue(self::$created_ok)) {
return ui_sysmessage::shout(ui_language::translate("MySQL user has been created successfully!"), "zannounceok");
}
if (!fs_director::CheckForEmptyValue(self::$update_priv_succ)) {
return ui_sysmessage::shout(ui_language::translate("MySQL user privileges has been updated successfully!"), "zannounceok");
}
if (!fs_director::CheckForEmptyValue(self::$db_added)) {
return ui_sysmessage::shout(ui_language::translate("MySQL database has been added successfully to the user!"), "zannounceok");
}
if (!fs_director::CheckForEmptyValue(self::$passreset_ok)) {
return ui_sysmessage::shout(ui_language::translate("MySQL user password has been changed successfully!"), "zannounceok");
}
return;
}
/**
* Webinterface sudo methods.
*/
}