| Current File : //root/panel/createdatabase.php |
<?php
include('/etc/sentora/panel/cnf/db.php');
include('/etc/sentora/panel/dryden/db/driver.class.php');
include('/etc/sentora/panel/dryden/ctrl/options.class.php');
include('/etc/sentora/panel/dryden/runtime/controller.class.php');
include('/etc/sentora/panel/dryden/runtime/hash.class.php');
include('/etc/sentora/panel/dryden/ctrl/auth.class.php');
include('/etc/sentora/panel/dryden/fs/director.class.php');
include('/etc/sentora/panel/dryden/fs/filehandler.class.php');
include('/etc/sentora/panel/dryden/runtime/hook.class.php');
include('/etc/sentora/panel/dryden/debug/logger.class.php');
include('/etc/sentora/panel/dryden/sys/versions.class.php');
try {
$zdbh = new db_driver("mysql:host=" . $host . ";dbname=" . $dbname . "", $user, $pass);
} catch (PDOException $e) {
exit();
}
$db_exists_flag=0;
$mysql_exists_flag=0;
$rootabuse=0;
$invalid_mysql_user=0;
$get_username=$argv[1];
$get_password=$argv[2];
$get_databasename=$argv[3];
$get_mysqlusername=$argv[4];
$get_mysqlpassword=$argv[5];
$username=$get_username;
$databasename=$get_databasename;
global $controller, $zdbh, $zlo;
$controller = new runtime_controller();
$sql_for_login="SELECT ac_id_pk,ac_passsalt_vc FROM x_accounts WHERE ac_user_vc = :username AND ac_deleted_ts IS NULL";
$sql = $zdbh->prepare($sql_for_login);
$sql->bindParam(':username', $get_username);
$sql->execute();
$result = $sql->fetch();
$crypto = new runtime_hash;
$crypto->SetPassword($get_password);
$crypto->SetSalt($result['ac_passsalt_vc']);
$secure_password = $crypto->CryptParts($crypto->Crypt())->Hash;
$output="";
/////////////////////////////////////////////////////////////////////////// Check User Validation start ////////////////////////////////////////////////
if (!ctrl_auth::checkvaliduser($get_username, $secure_password)) {
echo $output="Invalid User";
}else
{
$user_id=$result['ac_id_pk'];
/* /////////////////////////////////////////// /////////////////////////// Check DB exisits or not /////////////////////////////////////////// /////////////////////////// */
$sql = "SELECT COUNT(*) FROM x_mysql_databases WHERE my_name_vc=:dbName AND my_deleted_ts IS NULL";
$dbName = $username . "_" . $databasename;
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':dbName', $dbName);
if ($numrows->execute()) {
if ($numrows->fetchColumn() <> 0) {
$db_exists_flag=1;
return false;
}
}
if ($get_mysqlusername == 'root') {
$rootabuse = 1;
}
// Check to make sure the user name is not a duplicate...
$sql = "SELECT COUNT(*) FROM x_mysql_users WHERE mu_name_vc=:username AND mu_deleted_ts IS NULL";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':username', $get_mysqlusername);
if ($numrows->execute()) {
if ($numrows->fetchColumn() <> 0) {
$mysql_exists_flag=1;
}
}
// Check to make sure the user name is not a duplicate (checks actual mysql table)...
$sql = "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = :username)";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':username', $get_mysqlusername);
if ($numrows->execute()) {
if ($numrows->fetchColumn() <> 0) {
$mysql_exists_flag=1;
}
}
if (!preg_match('/^[a-z\d][a-z\d-]{0,62}$/i', $get_mysqlusername) || preg_match('/-$/', $get_mysqlusername)) {
$invalid_mysql_user=1;
} else {
if (strlen($get_mysqlusername) < 17) {
// Enforce the MySQL username limit! (http://dev.mysql.com/doc/refman/4.1/en/user-names.html)
// return true;
}else
{
$invalid_mysql_user=1;
}
}
$rows = $zdbh->prepare("
SELECT * FROM x_accounts
LEFT JOIN x_profiles ON (x_accounts.ac_id_pk=x_profiles.ud_user_fk)
LEFT JOIN x_groups ON (x_accounts.ac_group_fk=x_groups.ug_id_pk)
LEFT JOIN x_packages ON (x_accounts.ac_package_fk=x_packages.pk_id_pk)
LEFT JOIN x_quotas ON (x_accounts.ac_package_fk=x_quotas.qt_package_fk)
WHERE x_accounts.ac_id_pk= :uid
");
$rows->bindParam(':uid', $user_id);
$rows->execute();
$dbvals = $rows->fetch();
$sql = $zdbh->prepare("SELECT COUNT(*) AS amount FROM x_mysql_databases WHERE my_acc_fk= :acc_key AND my_deleted_ts IS NULL");
$sql->bindParam(':acc_key', $user_id);
$sql->execute();
$retval = $sql->fetch();
$retval_1= $retval['amount'];
$dbquotaexceed=0;
if(($dbvals['qt_mysql_in'] < 0 ) || ($dbvals['qt_mysql_in'] > $retval_1))
{
}else
{
$dbquotaexceed=1;
}
/* /////////////////////////////////////////// /////////////////////////// Check DB exisits or not /////////////////////////////////////////// /////////////////////////// */
if($db_exists_flag==1)
{
echo "Database already exisits";
}else if($mysql_exists_flag==1)
{
echo "mysql username already exisits";
}else if($rootabuse ==1)
{
echo "Mysql user name as root not allowed";
}else if ($invalid_mysql_user==1)
{
echo "Invalid mysqlusername";
}else if($dbquotaexceed==1)
{
echo "Database quota exceed for this user";
}
else
{
// Create Database and Mysql User and Password
try {
$db = $zdbh->mysqlRealEscapeString($username . "_" . $databasename);
$sql = $zdbh->prepare("CREATE DATABASE `$db` DEFAULT CHARACTER SET 'utf8' COLLATE 'utf8_general_ci';");
$sql->execute();
$sql = $zdbh->prepare("FLUSH PRIVILEGES");
$sql->execute();
$sql = $zdbh->prepare("INSERT INTO x_mysql_databases (
my_acc_fk,
my_name_vc,
my_created_ts) VALUES (
:userid,
:name,
:time)");
$time = time();
$name = $username . "_" . $databasename;
$sql->bindParam(':userid', $user_id);
$sql->bindParam(':time', $time);
$sql->bindParam(':name', $name);
$sql->execute();
$username = strtolower(str_replace(' ', '', $get_mysqlusername));
$password =$get_mysqlpassword;
$access="localhost";
$uid=$user_id;
$database=$db;
// Create user in MySQL
$sql = $zdbh->prepare("CREATE USER :username@:access;");
$sql->bindParam(':username', $username);
$sql->bindParam(':access', $access);
$sql->execute();
// Set MySQL password for new user...
$sql = $zdbh->prepare("SET PASSWORD FOR :username@:access=PASSWORD(:password)");
$sql->bindParam(':username', $username);
$sql->bindParam(':access', $access);
$sql->bindParam(':password', $password);
$sql->execute();
// Get the database name from the ID...
$numrows = $zdbh->prepare("SELECT * FROM x_mysql_databases WHERE my_id_pk=:database AND my_deleted_ts IS NULL");
$numrows->bindParam(':database', $database);
$numrows->execute();
$rowdb = $numrows->fetch();
// Remove all priveledges to all databases
$sql = $zdbh->prepare("GRANT USAGE ON *.* TO :username@:access");
$sql->bindParam(':username', $username);
$sql->bindParam(':access', $access);
$sql->execute();
// Grant privileges for new user to the assigned database...
$usernameClean = $zdbh->mysqlRealEscapeString($username);
$accessClean = $zdbh->mysqlRealEscapeString($access);
$my_name_vc = $zdbh->mysqlRealEscapeString($rowdb['my_name_vc']);
$sql = $zdbh->prepare("GRANT ALL PRIVILEGES ON `$my_name_vc`.* TO `$usernameClean`@`$accessClean`");
//$sql->bindParam(':username', $username, PDO::PARAM_STR);
//$sql->bindParam(':access', $access, PDO::PARAM_STR);
//$sql->bindParam(':name', $rowdb['my_name_vc'], PDO::PARAM_STR);
$sql->execute();
$sql = $zdbh->prepare("FLUSH PRIVILEGES");
$sql->execute();
// Add user to Sentora database...
$sql = $zdbh->prepare("INSERT INTO x_mysql_users (
mu_acc_fk,
mu_name_vc,
mu_database_fk,
mu_pass_vc,
mu_access_vc,
mu_created_ts) VALUES (
:userid,
:username,
:database,
:password,
:access,
:time)");
$sql->bindParam(':userid', $uid);
$sql->bindParam(':username', $username);
$sql->bindParam(':database', $database);
$sql->bindParam(':password', $password);
$sql->bindParam(':access', $access);
$time = time();
$sql->bindParam(':time', $time);
$sql->execute();
// Get the new users id...
$numrows = $zdbh->prepare("SELECT * FROM x_mysql_databases WHERE my_name_vc=:database AND my_acc_fk=:userid AND my_deleted_ts IS NULL");
$numrows->bindParam(':database', $database);
$numrows->bindParam(':userid', $uid);
$numrows->execute();
$rowdb = $numrows->fetch();
//$rowuser = $zdbh->query("SELECT * FROM x_mysql_users WHERE mu_id_pk=" . $myuserid . " AND mu_deleted_ts IS NULL")->fetch();
$numrows = $zdbh->prepare("SELECT * FROM x_mysql_users WHERE mu_name_vc=:username AND mu_acc_fk=:userid AND mu_deleted_ts IS NULL");
$numrows->bindParam(':username', $username);
$numrows->bindParam(':userid', $uid);
$numrows->execute();
$rowuser = $numrows->fetch();
$dbid=$zdbh->mysqlRealEscapeString($rowdb['my_id_pk']);
$myuserid=$zdbh->mysqlRealEscapeString($rowuser['mu_id_pk']);
$my_name_vc = $zdbh->mysqlRealEscapeString($rowdb['my_name_vc']);
$mu_name_vc = $zdbh->mysqlRealEscapeString($rowuser['mu_name_vc']);
$mu_access_vc = $zdbh->mysqlRealEscapeString($rowuser['mu_access_vc']);
$sql = $zdbh->prepare("GRANT ALL PRIVILEGES ON `$my_name_vc`.* TO `$mu_name_vc`@`$mu_access_vc`");
$sql->bindParam(':my_name_vc', $rowdb['my_name_vc'], PDO::PARAM_STR);
$sql->bindParam(':mu_name_vc', $rowuser['mu_name_vc'], PDO::PARAM_STR);
$sql->bindParam(':mu_access_vc', $rowuser['mu_access_vc'], PDO::PARAM_STR);
$sql->execute();
$sql = $zdbh->prepare("FLUSH PRIVILEGES");
$sql->execute();
$sql2 = $zdbh->prepare("
INSERT INTO x_mysql_dbmap (
mm_acc_fk,
mm_user_fk,
mm_database_fk) VALUES (
:uid,
:myuserid,
:dbid
)");
$sql2->bindParam(':uid', $uid);
$sql2->bindParam(':myuserid', $myuserid);
$sql2->bindParam(':dbid', $dbid);
$sql2->execute();
echo "DATABASE created successfully. Your database name is $name";
} catch (PDOException $e) {
//return false;
echo "something wrong in your DATABASE creation. Contact your server administrator";
}
}
}
/////////////////////////////////////////////////////////////////////////// Check User Validation End ////////////////////////////////////////////////
?>