| Current File : //etc/zpanel/panel/deletedatabase.php |
<?php
include('/etc/sentora/panel/cnf/db.php');
include('/etc/sentora/panel/dryden/db/driver.class.php');
include('/etc/sentora/panel/dryden/ctrl/options.class.php');
include('/etc/sentora/panel/dryden/runtime/controller.class.php');
include('/etc/sentora/panel/dryden/runtime/hash.class.php');
include('/etc/sentora/panel/dryden/ctrl/auth.class.php');
include('/etc/sentora/panel/dryden/fs/director.class.php');
include('/etc/sentora/panel/dryden/fs/filehandler.class.php');
include('/etc/sentora/panel/dryden/runtime/hook.class.php');
include('/etc/sentora/panel/dryden/debug/logger.class.php');
include('/etc/sentora/panel/dryden/sys/versions.class.php');
try {
$zdbh = new db_driver("mysql:host=" . $host . ";dbname=" . $dbname . "", $user, $pass);
} catch (PDOException $e) {
exit();
}
$db_exists_flag=0;
$mysql_exists_flag=0;
$rootabuse=0;
$invalid_mysql_user=0;
$get_username=$argv[1];
$get_password=$argv[2];
$get_databasename=$argv[3];
$get_mysqlusername=$argv[4];
$get_mysqlpassword=$argv[5];
$username=$get_username;
$databasename=$get_databasename;
global $controller, $zdbh, $zlo;
$controller = new runtime_controller();
$sql_for_login="SELECT ac_id_pk,ac_passsalt_vc FROM x_accounts WHERE ac_user_vc = :username AND ac_deleted_ts IS NULL";
$sql = $zdbh->prepare($sql_for_login);
$sql->bindParam(':username', $get_username);
$sql->execute();
$result = $sql->fetch();
$crypto = new runtime_hash;
$crypto->SetPassword($get_password);
$crypto->SetSalt($result['ac_passsalt_vc']);
$secure_password = $crypto->CryptParts($crypto->Crypt())->Hash;
$output="";
/////////////////////////////////////////////////////////////////////////// Check User Validation start ////////////////////////////////////////////////
if (!ctrl_auth::checkvaliduser($get_username, $secure_password)) {
echo $output="Invalid User";
}else
{
$user_id=$result['ac_id_pk'];
/* /////////////////////////////////////////// /////////////////////////// Check Individual validation start /////////////////////////////////////////// /////////////////////////// */
$sql = "SELECT COUNT(*) FROM x_mysql_databases WHERE my_name_vc=:dbName AND my_acc_fk=:my_acc_fk AND my_deleted_ts IS NULL";
// $dbName = $username . "_" . $databasename;
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':dbName', $databasename);
$numrows->bindParam(':my_acc_fk', $user_id);
if ($numrows->execute()) {
if ($numrows->fetchColumn() <> 0) {
$db_exists_flag=1;
}
}
if ($get_mysqlusername == 'root') {
$rootabuse = 1;
}
// Check to make sure the user name is not a duplicate...
$sql = "SELECT COUNT(*) FROM x_mysql_users WHERE mu_name_vc=:username AND mu_pass_vc=:mu_pass_vc AND mu_acc_fk=:mu_acc_fk AND mu_deleted_ts IS NULL";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':username', $get_mysqlusername);
$numrows->bindParam(':mu_acc_fk', $user_id);
$numrows->bindParam(':mu_pass_vc',$get_mysqlpassword);
if ($numrows->execute()) {
if ($numrows->fetchColumn() <> 0) {
$mysql_exists_flag=1;
}
}
// Check to make sure the user name is not a duplicate (checks actual mysql table)...
$sql = "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = :username)";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':username', $get_mysqlusername);
if ($numrows->execute()) {
if ($numrows->fetchColumn() <> 0) {
$mysql_exists_flag=1;
}
}
/* /////////////////////////////////////////// /////////////////////////// Check Individual validation End /////////////////////////////////////////// /////////////////////////// */
if($db_exists_flag==0)
{
echo "Database does not exisits";
}else if($mysql_exists_flag==0)
{
echo "Invalid credentials of mysqlusername / mysql password ";
}else if($rootabuse ==1)
{
echo "Mysql user name as root not allowed";
}
else
{
// Create Database and Mysql User and Password
try {
//$my_name_vc = $zdbh->mysqlRealEscapeString($rowmysql['my_name_vc']);
$sql = $zdbh->prepare("DROP DATABASE IF EXISTS `$get_databasename`;");
$sql->execute();
$sql = $zdbh->prepare("FLUSH PRIVILEGES");
$sql->execute();
$sql = $zdbh->prepare("SELECT * FROM x_mysql_databases WHERE my_name_vc=:dbName AND my_acc_fk=:my_acc_fk AND my_deleted_ts IS NULL");
$sql->bindParam(':dbName', $databasename);
$sql->bindParam(':my_acc_fk', $user_id);
$sql->execute();
$retval = $sql->fetch();
$my_id_pk= $retval ['my_id_pk'];
$time=time();
$sql = $zdbh->prepare("UPDATE x_mysql_databases SET my_deleted_ts = :time WHERE my_id_pk = :my_id_pk");
$sql->bindParam(':time', $time);
$sql->bindParam(':my_id_pk', $my_id_pk);
$sql->execute();
$sql = $zdbh->prepare("DELETE FROM x_mysql_dbmap WHERE mm_database_fk=:my_id_pk");
$sql->bindParam(':my_id_pk', $my_id_pk);
$sql->execute();
/* ////////////////////////////// Mysql user start /////////////////////////// */
/* $numrows = $zdbh->prepare("SELECT * FROM x_mysql_users WHERE mu_id_pk=:mu_id_pk AND mu_deleted_ts IS NULL");
$numrows->bindParam(':mu_id_pk', $mu_id_pk);
$numrows->execute();
$rowuser = $numrows->fetch();
*/
$sql = "SELECT * FROM x_mysql_users WHERE mu_name_vc=:username AND mu_pass_vc=:mu_pass_vc AND mu_acc_fk=:mu_acc_fk AND mu_deleted_ts IS NULL";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':username', $get_mysqlusername);
$numrows->bindParam(':mu_acc_fk', $user_id);
$numrows->bindParam(':mu_pass_vc',$get_mysqlpassword);
$numrows->execute();
$rowuser = $numrows->fetch();
$sql = "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = :name)";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':name', $rowuser['mu_name_vc']);
if ($numrows->execute()) {
if ($numrows->fetchColumn() <> 0) {
//drop user
$sql = $zdbh->prepare("DROP USER :name@:access;");
$sql->bindParam(':name', $rowuser['mu_name_vc']);
$sql->bindParam(':access', $rowuser['mu_access_vc']);
$sql->execute();
//flush privileges
$sql = $zdbh->prepare("FLUSH PRIVILEGES");
$sql->execute();
}
}
$sql = $zdbh->prepare("
UPDATE x_mysql_users
SET mu_deleted_ts = :time
WHERE mu_id_pk = :mu_id_pk");
$time = time();
$sql->bindParam(':time', $time);
$sql->bindParam(':mu_id_pk', $rowuser['mu_id_pk']);
$sql->execute();
$sql = $zdbh->prepare("
DELETE FROM x_mysql_dbmap
WHERE mm_user_fk = :mu_id_pk");
$sql->bindParam(':mu_id_pk', $rowuser['mu_id_pk']);
$sql->execute();
/* ////////////////////////////// Mysql user End /////////////////////////// */
echo "DATABASE deleted successfully";
} catch (PDOException $e) {
//return false;
echo "something wrong in your DATABASE creation. Contact your server administrator";
}
}
}
/////////////////////////////////////////////////////////////////////////// Check User Validation End ////////////////////////////////////////////////
?>