| Current File : //root/panel/modules/remote_mysql_users/code/controller.ext.php |
<?php
/**
* @copyright 2014-2015 Sentora Project (http://www.sentora.org/)
* Sentora is a GPL fork of the ZPanel Project whose original header follows:
*
* ZPanel - A Cross-Platform Open-Source Web Hosting Control panel.
*
* @package ZPanel
* @version $Id$
* @author Bobby Allen - ballen@bobbyallen.me
* @copyright (c) 2008-2014 ZPanel Group - http://www.zpanelcp.com/
* @license http://opensource.org/licenses/gpl-3.0.html GNU Public License v3
*
* This program (ZPanel) is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
class module_controller extends ctrl_module
{
static $alreadyexists;
static $dbalreadyadded;
static $blank;
static $badname;
static $badpass;
static $rootabuse;
static $badIP;
static $ok;
/**
* The 'worker' methods.
*/
static function callCSFRemoteMysql($in)
{
$service_port = 4444 ;
$address = gethostbyname('localhost');
$socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
$result = socket_connect($socket, $address, $service_port);
socket_set_option($socket, SOL_SOCKET, SO_RCVTIMEO, array("sec" => 5 , "usec" =>0));
$out = '';
socket_write($socket, $in, strlen($in));
$output = "" ;
socket_close($socket);
return true;
}
static function CleanOrphanDatabases($uid)
{
global $zdbh;
$sql = "SELECT * FROM x_mysql_dbmap WHERE mm_user_fk=:userid";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':userid', $uid);
$numrows->execute();
if ($numrows->fetchColumn() <> 0) {
$sql = $zdbh->prepare($sql);
$sql->bindParam(':userid', $uid);
$sql->execute();
while ($rowmysql = $sql->fetch()) {
$rowdbSql = "SELECT * FROM x_mysql_databases WHERE my_id_pk=:id AND my_deleted_ts IS NULL";
$find = $zdbh->prepare($rowdbSql);
$find->bindParam(':id', $rowmysql['mm_database_fk']);
$find->execute();
$rowdb = $find->fetch();
if (!$rowdb) {
}
}
return true;
} else {
return false;
}
}
static function ListUsers($uid)
{
global $zdbh;
// Remove deleted databases from MySQL userlist...
self::CleanOrphanDatabases($uid);
$sql = "SELECT * FROM x_remote_mysql_hosts WHERE re_acc_fk=:userid AND re_host_vc!='localhost' AND re_deleted_ts IS NULL";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':userid', $uid);
//$numrows->bindParam(':localhost', "localhost");
$numrows->execute();
$rowcount = $numrows->rowCount();
if ($rowcount <> 0) {
$sql = $zdbh->prepare($sql);
$sql->bindParam(':userid', $uid);
$res = array();
$sql->execute();
while ($rowmysql = $sql->fetch()) {
//$numrowdb = $zdbh->query("SELECT COUNT(*) FROM x_mysql_dbmap WHERE mm_user_fk=" . $rowmysql['mu_id_pk'] . "")->fetch();
/*$numrows = $zdbh->prepare("SELECT COUNT(*) FROM x_mysql_dbmap WHERE mm_user_fk=:mysql");
$numrows->bindParam(':mysql', $rowmysql['mu_id_pk']);
$numrows->execute();
$numrowdb = $numrows->fetch();
if ($rowmysql['mu_access_vc'] == "localhost") {
$access = $rowmysql['mu_access_vc'];
} else {
$access = $rowmysql['mu_access_vc'];
}*/
array_push($res, array('hostid' => $rowmysql['re_id_pk'],
'host' => $rowmysql['re_host_vc']));
#'dbpassword' => $rowmysql['mu_pass_vc'],
#'totaldb' => $numrowdb[0],
#'accesshtml' => $access,
#'access' => $rowmysql['mu_access_vc']));
}
return $res;
} else {
return false;
}
}
static function gethelpicon()
{
global $zdbh;
global $controller;
$temp=$controller->GetControllerRequest('URL','module') ;
$val = '/assets/one.txt';
$val1 = '/modules/';
$name=file_get_contents("modules/$temp/assets/helpicon.txt");
return $name;
}
static function ListDatabases($uid)
{
global $zdbh;
$sql = "SELECT * FROM x_mysql_databases WHERE my_acc_fk=:userid AND my_deleted_ts IS NULL";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':userid', $uid);
$numrows->execute();
$num_res = $numrows->rowCount();
//if ($numrows->fetchColumn() <> 0) {
if($num_res <> 0) {
//$sql = $zdbh->prepare($sql);
$res = array();
//$sql->bindParam(':userid', $uid);
//$sql->execute();
while ($rowmysql = $numrows->fetch()) {
$sql = "SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME=:db_name";
$num = $zdbh->prepare($sql);
$num->bindParam(':db_name', $rowmysql['my_name_vc']);
$num->execute();
$result_count = $num->rowCount();
if($result_count <> 0)
{
array_push($res, array('mysqlid' => $rowmysql['my_id_pk'], 'mysqlname' => $rowmysql['my_name_vc']));
}
//array_push($res, array('mysqlid' => $rowmysql['my_id_pk'],'mysqlname' => $rowmysql['my_name_vc']));
}
return $res;
} else {
return false;
}
}
static function ListUserDatabases($uid)
{
global $zdbh;
$sql = "SELECT * FROM x_mysql_dbmap WHERE mm_user_fk=:userid";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':userid', $uid);
$numrows->execute();
if ($numrows->fetchColumn() <> 0) {
$sql = $zdbh->prepare($sql);
$res = array();
$sql->bindParam(':userid', $uid);
$sql->execute();
while ($rowmysql = $sql->fetch()) {
$numrows = $zdbh->prepare("SELECT * FROM x_mysql_databases WHERE my_id_pk=:database AND my_deleted_ts IS NULL");
$numrows->bindParam(':database', $rowmysql['mm_database_fk']);
$numrows->execute();
$rowdb = $numrows->fetch();
if ($rowdb) {
array_push($res, array('mmid' => $rowmysql['mm_id_pk'],
'mmaccount' => $rowmysql['mm_acc_fk'],
'mmuserid' => $rowmysql['mm_user_fk'],
'mmdbid' => $rowmysql['mm_database_fk'],
'mmdbname' => $rowdb['my_name_vc']));
}
}
return $res;
} else {
return false;
}
}
static function ListCurrentUser($mid)
{
global $zdbh;
//$numrows = $zdbh->prepare("SELECT * FROM x_mysql_users WHERE mu_id_pk=:mid AND mu_deleted_ts IS NULL");
$numrows = $zdbh->prepare("SELECT * FROM x_remote_mysql_hosts WHERE re_id_pk=:mid AND re_deleted_ts IS NULL");
$numrows->bindParam(':mid', $mid);
$numrows->execute();
if ($numrows->fetchColumn() <> 0) {
//$sql = $zdbh->prepare("SELECT * FROM x_mysql_users WHERE mu_id_pk=:mid AND mu_deleted_ts IS NULL");
$sql = $zdbh->prepare("SELECT * FROM x_remote_mysql_hosts WHERE re_id_pk=:mid AND re_deleted_ts IS NULL");
$res = array();
$sql->bindParam(':mid', $mid);
$sql->execute();
while ($rowmysql = $sql->fetch()) {
array_push($res, array('hostid' => $rowmysql['re_id_pk'],
'hostname' => $rowmysql['re_host_vc']));
}
return $res;
} else {
return false;
}
}
static function ExecuteCreateHost($uid, $hostname, $prefix)
{
global $zdbh;
global $controller;
$currentuser = ctrl_users::GetUserDetail($uid);
$currentuser_details = ctrl_users::GetUserDetail();
// Check for spaces and remove if found...
$hostname = strtolower(str_replace(' ', '', $hostname));
// If errors are found, then exit before creating user...
/*if (fs_director::CheckForEmptyValue(self::CheckCreateForErrors($hostname,$uid,$username))) {
return false;
}*/
# runtime_hook::Execute('OnBeforeCreateDatabaseUser');
// $numrows = $zdbh->prepare("SELECT A.my_id_pk as db_id, A.my_name_vc as db_name,C.mu_id_pk as db_uid,C.mu_name_vc as db_uname,C.mu_access_vc as db_host, C.mu_pass_vc db_pass From x_mysql_databases as A INNER JOIN x_mysql_dbmap AS B ON (A.my_id_pk = B.mm_database_fk) INNER JOIN x_mysql_users AS C ON (B.mm_user_fk = C.mu_id_pk) WHERE A.my_acc_fk=:userid");
$numrows = $zdbh->prepare("SELECT * FROM x_mysql_users WHERE mu_acc_fk =:userid AND mu_deleted_ts IS NULL");
$numrows->bindParam(':userid', $uid);
$numrows->execute();
$rowcount= $numrows->rowCount();
if ($rowcount <> 0) {
while ($rowmysql = $numrows->fetch()) {
$password = $rowmysql['mu_pass_vc'];
$username = $rowmysql['mu_name_vc'];
$sql_userid= $rowmysql['mu_id_pk'];
//$database= $rowmysql['db_id'];
//$dbname = $rowmysql['db_name'];
if (fs_director::CheckForEmptyValue(self::CheckCreateForErrors($hostname,$uid,$username))) {
return false;
}
// Create user in MySQL
$sql = $zdbh->prepare("CREATE USER :username@:access;");
$sql->bindParam(':username', $username);
$sql->bindParam(':access', $hostname);
$sql->execute();
// Set MySQL password for new user...
if(trim($password)=="******")
{
$sql_user = "SELECT * FROM mysql.user WHERE user ='$username'";
$numrows_user = $zdbh->prepare($sql_user);
$numrows_user->execute();
$fetch_row_data= $numrows_user->fetch();
$mysql_real_password=$fetch_row_data['Password'];
$sql_password_update = $zdbh->prepare("UPDATE mysql.user set Password='$mysql_real_password' WHERE User='$username' AND Host='$hostname'");
$sql_password_update->execute();
}
else
{
$sql = $zdbh->prepare("SET PASSWORD FOR :username@:access=PASSWORD(:password)");
$sql->bindParam(':username', $username);
$sql->bindParam(':access', $hostname);
$sql->bindParam(':password', $password);
$sql->execute();
}
/*
// Get the database name from the ID...
$numrows = $zdbh->prepare("SELECT * FROM x_mysql_databases WHERE my_id_pk=:database AND my_deleted_ts IS NULL");
$numrows->bindParam(':database', $database);
$numrows->execute();
$rowdb = $numrows->fetch();
// Remove all priveledges to all databases
$sql = $zdbh->prepare("GRANT USAGE ON *.* TO :username@:access");
$sql->bindParam(':username', $username);
$sql->bindParam(':access', $hostname);
$sql->execute();
*/
$numrows1 = $zdbh->prepare("SELECT DISTINCT A.my_id_pk as db_id, A.my_name_vc as db_name From x_mysql_databases as A INNER JOIN x_mysql_dbmap AS B ON (A.my_id_pk = B.mm_database_fk) WHERE A.my_acc_fk=:userid AND mm_user_fk=:mysql_userid");
$numrows1->bindParam(':userid', $uid);
$numrows1->bindParam(':mysql_userid', $sql_userid);
$numrows1->execute();
$rowcount1= $numrows->rowCount();
if($rowcount1 >0)
{
while ($rowmysql1 = $numrows1->fetch()) {
$sql = "SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME=:db_name";
$num = $zdbh->prepare($sql);
$num->bindParam(':db_name', $rowmysql1['db_name']);
$num->execute();
$result_count = $num->rowCount();
if($result_count <> 0)
{
$dbname = $rowmysql1['db_name'];
$sql = $zdbh->prepare("GRANT USAGE ON *.* TO :username@:access");
$sql->bindParam(':username', $username);
$sql->bindParam(':access', $hostname);
$sql->execute();
// Grant privileges for new user to the assigned database...
$usernameClean = $zdbh->mysqlRealEscapeString($username);
$accessClean = $zdbh->mysqlRealEscapeString($hostname);
$my_name_vc = $zdbh->mysqlRealEscapeString($dbname);
//$my_name_vc = $zdbh->mysqlRealEscapeString($rowdb['my_name_vc']);
$sql = $zdbh->prepare("GRANT ALL PRIVILEGES ON `$my_name_vc`.* TO `$usernameClean`@`$accessClean`");
//$sql->bindParam(':username', $username, PDO::PARAM_STR);
//$sql->bindParam(':access', $access, PDO::PARAM_STR);
//$sql->bindParam(':name', $rowdb['my_name_vc'], PDO::PARAM_STR);
$sql->execute();
$sql = $zdbh->prepare("FLUSH PRIVILEGES");
$sql->execute();
}
}
}
/*$sql = $zdbh->prepare("INSERT INTO x_mysql_users (
mu_acc_fk,
mu_name_vc,
mu_database_fk,
mu_pass_vc,
mu_access_vc,
mu_created_ts) VALUES (
:userid,
:username,
:database,
:password,
:access,
:time)");
$sql->bindParam(':userid', $uid);
$sql->bindParam(':username', $username);
$sql->bindParam(':database', $database);
$sql->bindParam(':password', $password);
$sql->bindParam(':access', $hostname);
$time = time();
$sql->bindParam(':time', $time);
$sql->execute();*/
}
}
else {
if (fs_director::CheckForEmptyValue(self::CheckCreateForErrors($hostname,$uid,$username))) {
return false;
}
}
// Add user to Sentora database...
$sql = $zdbh->prepare("INSERT INTO x_remote_mysql_hosts (
re_host_vc,
re_acc_fk,
re_created_ts) VALUES (
:hostname,
:userid,
:time)");
$sql->bindParam(':userid', $uid);
$sql->bindParam(':hostname', $hostname);
$time = time();
$sql->bindParam(':time', $time);
$sql->execute();
// Get the new users id...
//$rowuser = $zdbh->query("SELECT * FROM x_mysql_users WHERE mu_name_vc='" . $username . "' AND mu_acc_fk=" . $uid . " AND mu_deleted_ts IS NULL")->fetch();
$numrows = $zdbh->prepare("SELECT * FROM x_remote_mysql_hosts WHERE re_host_vc=:hostname AND re_acc_fk=:userid AND re_deleted_ts IS NULL");
$numrows->bindParam(':hostname', $hostname);
$numrows->bindParam(':userid', $uid);
$numrows->execute();
$rowuser = $numrows->fetch();
// Add database to Sentora user account...
//self::ExecuteAddDB($uid, $rowuser['mu_id_pk'], $database);
//runtime_hook::Execute('OnAfterCreateDatabaseUser');
$stmt_remote_user = $zdbh->prepare("SELECT * FROM x_remote_mysql_hosts WHERE re_deleted_ts IS NULL");
$stmt_remote_user->execute();
$row_count_remote_user = $stmt_remote_user->rowCount();
if($row_count_remote_user)
{
$in="command enable_disable_remote_mysql 1";
$get_value=self::callCSFRemoteMysql($in);
}
self::$ok = true;
return true;
}
static function CheckCreateForErrors($hostname,$userid,$username)
{
global $zdbh;
// Check to make sure the user name is not blank before we go any further...
if ($hostname == '') {
self::$blank = true;
return false;
}
if($hostname !="%")
{
if(!filter_var($hostname, FILTER_VALIDATE_IP))
{
self::$badIP = true;
return false;
}
}
// Check to make sure the user name is not blank before we go any further...
/*if ($username == 'root') {
self::$rootabuse = true;
return false;
}
// Check to make sure the user name is not blank before we go any further...
if ($database == '') {
self::$blank = true;
return false;
}*/
// Check to make sure the user name is not a duplicate...
$sql = "SELECT COUNT(*) FROM x_remote_mysql_hosts WHERE re_host_vc=:hostname AND re_acc_fk=:userid AND re_deleted_ts IS NULL";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':hostname', $hostname);
$numrows->bindParam(':userid', $userid);
if ($numrows->execute()) {
if ($numrows->fetchColumn() <> 0) {
self::$alreadyexists = true;
return false;
}
}
// Check to make sure the user name is not a duplicate (checks actual mysql table)...
$sql = "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = :username AND host = :hostname)";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':username', $username);
$numrows->bindParam(':hostname', $hostname);
if ($numrows->execute()) {
if ($numrows->fetchColumn() <> 0) {
self::$alreadyexists = true;
return false;
}
}
// Check for invalid username
/*if (!self::IsValidUserName($username)) {
self::$badname = true;
return false;
}*/
// Check for invalid IP address
if ($hostname != "localhost" && strtolower($hostname) != "localhost" && $hostname != "%") {
if (!sys_monitoring::IsAnyValidIP($hostname)) {
self::$badIP = true;
return false;
}
}
return true;
}
static function CheckAddForErrors($userid, $database)
{
global $zdbh;
// Check to make sure the database isnt already added...
//$result = $zdbh->query("SELECT * FROM x_mysql_dbmap WHERE mm_database_fk=" . $database . " AND mm_user_fk=" . $userid . "")->fetch();
$numrows = $zdbh->prepare("SELECT * FROM x_mysql_dbmap WHERE mm_database_fk=:database AND mm_user_fk=:userid");
$numrows->bindParam(':database', $database);
$numrows->bindParam(':userid', $userid);
$numrows->execute();
$result = $numrows->fetch();
if ($result) {
self::$dbalreadyadded = true;
return false;
}
return true;
}
static function ExecuteDeleteUser($re_id_pk)
{
global $zdbh;
$numrows = $zdbh->prepare("SELECT * FROM x_remote_mysql_hosts WHERE re_id_pk=:re_id_pk AND re_deleted_ts IS NULL");
$numrows->bindParam(':re_id_pk', $re_id_pk);
$numrows->execute();
$rowuser = $numrows->fetch();
$get_host=$rowuser['re_host_vc'];
$currentuser = ctrl_users::GetUserDetail();
$uid = $currentuser['userid'];
$numrows_user = $zdbh->prepare("SELECT * FROM x_mysql_users WHERE mu_acc_fk=:myuserid AND mu_deleted_ts IS NULL");
$numrows_user->bindParam(':myuserid', $uid);
$numrows_user->execute();
while($rowuser = $numrows_user->fetch())
{
$mu_name_vc = $zdbh->mysqlRealEscapeString($rowuser['mu_name_vc']);
$sql_drop = $zdbh->prepare("DROP USER '".$mu_name_vc."'@'".$get_host."';");
$sql_drop->execute();
$sql_flush = $zdbh->prepare("FLUSH PRIVILEGES");
$sql_flush->execute();
}
$client_ip = self::get_client_ip();
$sql = $zdbh->prepare("UPDATE x_remote_mysql_hosts SET re_deleted_ts = :time, ip_deleted = :client_ip WHERE re_id_pk = :re_id_pk");
$time = time();
$sql->bindParam(':time', $time);
$sql->bindParam(':client_ip', $client_ip);
$sql->bindParam(':re_id_pk', $re_id_pk);
$sql->execute();
//runtime_hook::Execute('OnAfterDeleteDatabaseUser');
$stmt_remote_user = $zdbh->prepare("SELECT * FROM x_remote_mysql_hosts WHERE re_deleted_ts IS NULL");
$stmt_remote_user->execute();
$row_count_remote_user = $stmt_remote_user->rowCount();
if(!$row_count_remote_user)
{
$in="command enable_disable_remote_mysql 0";
$get_value=self::callCSFRemoteMysql($in);
}
self::$ok = true;
return true;
}
static function get_client_ip() {
$ipaddress = '';
if (isset($_SERVER['HTTP_CLIENT_IP']))
$ipaddress = $_SERVER['HTTP_CLIENT_IP'];
else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
$ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
else if(isset($_SERVER['HTTP_X_FORWARDED']))
$ipaddress = $_SERVER['HTTP_X_FORWARDED'];
else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
$ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
else if(isset($_SERVER['HTTP_FORWARDED']))
$ipaddress = $_SERVER['HTTP_FORWARDED'];
else if(isset($_SERVER['REMOTE_ADDR']))
$ipaddress = $_SERVER['REMOTE_ADDR'];
else
$ipaddress = 'UNKNOWN';
return $ipaddress;
}
static function ExecuteAddDB($uid, $myuserid, $dbid)
{
global $zdbh;
if (fs_director::CheckForEmptyValue(self::CheckAddForErrors($myuserid, $dbid))) {
return false;
}
if (!isset($uid) || $uid == NULL || $uid == '') {
$currentuser = ctrl_users::GetUserDetail();
$uid = $currentuser['userid'];
}
runtime_hook::Execute('OnBeforeAddDatabaseAccess');
//$rowdb = $zdbh->query("SELECT * FROM x_mysql_databases WHERE my_id_pk=" . $dbid . " AND my_deleted_ts IS NULL")->fetch();
$numrows = $zdbh->prepare("SELECT * FROM x_mysql_databases WHERE my_id_pk=:dbid AND my_deleted_ts IS NULL");
$numrows->bindParam(':dbid', $dbid);
$numrows->execute();
$rowdb = $numrows->fetch();
//$rowuser = $zdbh->query("SELECT * FROM x_mysql_users WHERE mu_id_pk=" . $myuserid . " AND mu_deleted_ts IS NULL")->fetch();
$numrows = $zdbh->prepare("SELECT * FROM x_mysql_users WHERE mu_id_pk=:myuserid AND mu_deleted_ts IS NULL");
$numrows->bindParam(':myuserid', $myuserid);
$numrows->execute();
$rowuser = $numrows->fetch();
$my_name_vc = $zdbh->mysqlRealEscapeString($rowdb['my_name_vc']);
$mu_name_vc = $zdbh->mysqlRealEscapeString($rowuser['mu_name_vc']);
$mu_access_vc = $zdbh->mysqlRealEscapeString($rowuser['mu_access_vc']);
$sql = $zdbh->prepare("GRANT ALL PRIVILEGES ON `$my_name_vc`.* TO `$mu_name_vc`@`$mu_access_vc`");
$sql->bindParam(':my_name_vc', $rowdb['my_name_vc'], PDO::PARAM_STR);
$sql->bindParam(':mu_name_vc', $rowuser['mu_name_vc'], PDO::PARAM_STR);
$sql->bindParam(':mu_access_vc', $rowuser['mu_access_vc'], PDO::PARAM_STR);
$sql->execute();
$sql = $zdbh->prepare("FLUSH PRIVILEGES");
$sql->execute();
$sql2 = $zdbh->prepare("
INSERT INTO x_mysql_dbmap (
mm_acc_fk,
mm_user_fk,
mm_database_fk) VALUES (
:uid,
:myuserid,
:dbid
)");
$sql2->bindParam(':uid', $uid);
$sql2->bindParam(':myuserid', $myuserid);
$sql2->bindParam(':dbid', $dbid);
$sql2->execute();
runtime_hook::Execute('OnAfterAddDatabaseAccess');
self::$ok = true;
if(isset($_SESSION['cgs_user']) && isset($_SESSION['cgs_id']) && array_key_exists("cgs_user",$_SESSION) && array_key_exists("cgs_id",$_SESSION) )
{
if($_SESSION['cgs_pk_id'] == $uid)
{
$user_name = $_SESSION['cgs_user'];
$sql2 = $zdbh->prepare("select my_name_vc from x_mysql_databases where my_acc_fk =:newid and my_deleted_ts IS NULL");
$sql2->bindParam(':newid',$uid);
$sql2->execute();
$row_count3 = $sql2->rowCount();
if($row_count3 >0)
{
while($rows=$sql2->fetch())
{
$my_name_vc = $rows['my_name_vc'];
try{
$sql = $zdbh->prepare("GRANT ALL PRIVILEGES ON `$my_name_vc`. * TO :username@'localhost' ");
$sql->bindParam(':username', $user_name);
$sql->execute();
$sql = $zdbh->prepare("FLUSH PRIVILEGES");
$sql->execute();
}
catch(Exception $e) { }
}
}
}
}
return true;
}
static function ExecuteRemoveDB($myuserid, $mapid)
{ // <-- mmid = dbmaps
global $zdbh;
runtime_hook::Execute('OnBeforeRemoveDatabaseAccess');
$numrows = $zdbh->prepare("SELECT * FROM x_mysql_dbmap WHERE mm_id_pk=:mapid");
$numrows->bindParam(':mapid', $mapid);
$numrows->execute();
$rowdbmap = $numrows->fetch();
$numrows = $zdbh->prepare("SELECT * FROM x_mysql_databases WHERE my_id_pk=:mm_database_fk AND my_deleted_ts IS NULL");
$numrows->bindParam(':mm_database_fk', $rowdbmap['mm_database_fk']);
$numrows->execute();
$rowdb = $numrows->fetch();
$numrows = $zdbh->prepare("SELECT * FROM x_mysql_users WHERE mu_id_pk=:myuserid AND mu_deleted_ts IS NULL");
$numrows->bindParam(':myuserid', $myuserid);
$numrows->execute();
$rowuser = $numrows->fetch();
$sql = $zdbh->prepare("REVOKE ALL PRIVILEGES ON `" . $rowdb['my_name_vc'] . "`.* FROM '" . $rowuser['mu_name_vc'] . "'@'" . $rowuser['mu_access_vc'] . "'");
$sql->execute();
$sql = $zdbh->prepare("FLUSH PRIVILEGES");
$sql->execute();
$sql = $zdbh->prepare("DELETE FROM x_mysql_dbmap WHERE mm_id_pk=:mapid AND mm_user_fk=:myuserid");
$sql->bindParam(':mapid', $mapid);
$sql->bindParam(':myuserid', $myuserid);
$sql->execute();
runtime_hook::Execute('OnAfterRemoveDatabaseAccess');
self::$ok = true;
return true;
}
static function ExecuteResetPassword($myuserid, $password)
{
global $zdbh;
global $controller;
runtime_hook::Execute('OnBeforeResetDatabasePassword');
//$rowuser = $zdbh->query("SELECT * FROM x_mysql_users WHERE mu_id_pk=" . $myuserid . " AND mu_deleted_ts IS NULL")->fetch();
$numrows = $zdbh->prepare("SELECT * FROM x_mysql_users WHERE mu_id_pk=:myuserid AND mu_deleted_ts IS NULL");
$numrows->bindParam(':myuserid', $myuserid);
$numrows->execute();
$rowuser = $numrows->fetch();
$currentuser = ctrl_users::GetUserDetail();
$uid = $currentuser['userid'];
$query = "SELECT * from x_password_strength WHERE ps_user_vc='$uid'";
$res = $zdbh->prepare($query);
$res->execute();
$results = $res->rowCount();
if($results == 0)
{
if (fs_director::CheckForEmptyValue(self::CheckPasswordForErrors($password))) {
return false;
}
$sql = "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = :mu_name_vc)";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':mu_name_vc', $rowuser['mu_name_vc']);
if ($numrows->execute()) {
if ($numrows->fetchColumn() <> 0) {
// Set MySQL password for new user...
$sql = $zdbh->prepare("SET PASSWORD FOR :mu_name_vc@:mu_access_vc=PASSWORD(:password)");
$sql->bindParam(':mu_name_vc', $rowuser['mu_name_vc']);
$sql->bindParam(':mu_access_vc', $rowuser['mu_access_vc']);
$sql->bindParam(':password', $password);
$sql->execute();
$sql = $zdbh->prepare("FLUSH PRIVILEGES");
$sql->execute();
$sql = $zdbh->prepare("UPDATE x_mysql_users SET mu_pass_vc=:password WHERE mu_id_pk=:myuserid");
$sql->bindParam(':password', $password);
$sql->bindParam(':myuserid', $myuserid);
$sql->execute();
}
}
runtime_hook::Execute('OnAfterResetDatabasePassword');
self::$ok = true;
return true;
}
while($rows=$res->fetch())
{
$values= ($rows['ps_muenabled_in'] == 0 ) ? "CheckPasswordForErrors" : "";
// $values= ($rows['ps_muenabled_in'] == 0 ) ? "CheckPasswordForErrors" : "";
if($values == "CheckPasswordForErrors")
{
if (fs_director::CheckForEmptyValue(self::$values($password))) {
return false;
}
/* New Code Start */
/*if (!preg_match_all('$\S*(?=\S{9,})(?=\S*[a-z])(?=\S*[A-Z])(?=\S*[\d])(?=\S*[\W])\S*$', $password)) {
self::$badpass = true;
}*/
$sql = "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = :mu_name_vc)";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':mu_name_vc', $rowuser['mu_name_vc']);
if ($numrows->execute()) {
if ($numrows->fetchColumn() <> 0) {
// Set MySQL password for new user...
$sql = $zdbh->prepare("SET PASSWORD FOR :mu_name_vc@:mu_access_vc=PASSWORD(:password)");
$sql->bindParam(':mu_name_vc', $rowuser['mu_name_vc']);
$sql->bindParam(':mu_access_vc', $rowuser['mu_access_vc']);
$sql->bindParam(':password', $password);
$sql->execute();
$sql = $zdbh->prepare("FLUSH PRIVILEGES");
$sql->execute();
$sql = $zdbh->prepare("UPDATE x_mysql_users SET mu_pass_vc=:password WHERE mu_id_pk=:myuserid");
$sql->bindParam(':password', $password);
$sql->bindParam(':myuserid', $myuserid);
$sql->execute();
}
}
runtime_hook::Execute('OnAfterResetDatabasePassword');
self::$ok = true;
return true;
}
else
if($values == "")
{
$sql = "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = :mu_name_vc)";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':mu_name_vc', $rowuser['mu_name_vc']);
if ($numrows->execute()) {
if ($numrows->fetchColumn() <> 0) {
// Set MySQL password for new user...
$sql = $zdbh->prepare("SET PASSWORD FOR :mu_name_vc@:mu_access_vc=PASSWORD(:password)");
$sql->bindParam(':mu_name_vc', $rowuser['mu_name_vc']);
$sql->bindParam(':mu_access_vc', $rowuser['mu_access_vc']);
$sql->bindParam(':password', $password);
$sql->execute();
$sql = $zdbh->prepare("FLUSH PRIVILEGES");
$sql->execute();
$sql = $zdbh->prepare("UPDATE x_mysql_users SET mu_pass_vc=:password WHERE mu_id_pk=:myuserid");
$sql->bindParam(':password', $password);
$sql->bindParam(':myuserid', $myuserid);
$sql->execute();
}
}
runtime_hook::Execute('OnAfterResetDatabasePassword');
self::$ok = true;
return true;
}
}
}
static function CheckPasswordForErrors($password)
{
if (!self::IsValidPassword($password)) {
self::$badpass = true;
return false;
}
return true;
}
static function IsValidUserName($username)
{
if (!preg_match('/^[a-z\d\w][a-z\d\w-]{0,62}$/i', $username) || preg_match('/-$/', $username)) {
return false;
} else {
if (strlen($username) < 17) {
// Enforce the MySQL username limit! (http://dev.mysql.com/doc/refman/4.1/en/user-names.html)
return true;
}
return false;
}
}
static function IsValidPassword($password)
{
if (!preg_match_all('$\S*(?=\S{9,})(?=\S*[a-z])(?=\S*[A-Z])(?=\S*[\d])(?=\S*[\W])\S*$', $password)) {
return false;
}
return true;
}
/**
* End 'worker' methods.
*/
/**
* Webinterface sudo methods.
*/
static function doCreateHost()
{
global $controller;
runtime_csfr::Protect();
$currentuser = ctrl_users::GetUserDetail();
$formvars = $controller->GetAllControllerRequests('FORM');
/* ($formvars['inAccess'] == 1) {
$access = "localhost";
} else {
$access = $formvars['inAccessIP'];
}*/
if (self::ExecuteCreateHost($currentuser['userid'], $formvars['inHostName'], $formvars['inprefix']))
return true;
return false;
}
static function doEditHost()
{
global $controller;
runtime_csfr::Protect();
$currentuser = ctrl_users::GetUserDetail();
$formvars = $controller->GetAllControllerRequests('FORM');
foreach (self::ListUsers($currentuser['userid']) as $row) {
if (isset($formvars['inDelete_' . $row['hostid'] . ''])) {
header("location: ./?module=" . $controller->GetCurrentModule() . "&show=Delete&other=" . $row['hostid'] . "");
exit;
}
/*if (isset($formvars['inEdit_' . $row['userid'] . ''])) {
header("location: ./?module=" . $controller->GetCurrentModule() . "&show=Edit&other=" . $row['userid'] . "");
exit;
}*/
}
return;
}
static function doAddDB()
{
global $controller;
runtime_csfr::Protect();
$currentuser = ctrl_users::GetUserDetail();
$formvars = $controller->GetAllControllerRequests('FORM');
if (self::ExecuteAddDB($currentuser['userid'], $formvars['inUser'], $formvars['inDatabase']))
return true;
return false;
}
static function doRemoveDB()
{
global $controller;
runtime_csfr::Protect();
$currentuser = ctrl_users::GetUserDetail();
$formvars = $controller->GetAllControllerRequests('FORM');
foreach (self::ListUserDatabases($formvars['inUser']) as $row) {
if (isset($formvars['inRemove_' . $row['mmid'] . ''])) {
if (self::ExecuteRemoveDB($formvars['inUser'], $formvars['inRemove_' . $row['mmid'] . ''])) {
return true;
} else {
return false;
}
}
}
return false;
}
static function doConfirmDeleteUser()
{
global $controller;
runtime_csfr::Protect();
$formvars = $controller->GetAllControllerRequests('FORM');
if (self::ExecuteDeleteUser($formvars['inDelete']))
return true;
return false;
}
static function doResetPW()
{
global $controller;
runtime_csfr::Protect();
$formvars = $controller->GetAllControllerRequests('FORM');
if (self::ExecuteResetPassword($formvars['inUser'], $formvars['inResetPW']))
return true;
return false;
}
static function getUserList()
{
global $controller;
$currentuser = ctrl_users::GetUserDetail();
return self::ListUsers($currentuser['userid']);
}
static function getDatabaseList()
{
global $controller;
$currentuser = ctrl_users::GetUserDetail();
return self::ListDatabases($currentuser['userid']);
}
static function getUserDatabaseList()
{
global $controller;
$currentuser = ctrl_users::GetUserDetail();
return self::ListUserDatabases($controller->GetControllerRequest('URL', 'other'));
}
static function getisDeleteUser()
{
global $controller;
$urlvars = $controller->GetAllControllerRequests('URL');
if ((isset($urlvars['show'])) && ($urlvars['show'] == "Delete"))
return true;
return false;
}
static function getisEditUser()
{
global $controller;
$urlvars = $controller->GetAllControllerRequests('URL');
if ((isset($urlvars['show'])) && ($urlvars['show'] == "Edit"))
return true;
return false;
}
static function getisCreateUser()
{
global $controller;
$urlvars = $controller->GetAllControllerRequests('URL');
if (!isset($urlvars['show']))
return true;
return false;
}
static function getCurrentUserName()
{
global $zdbh;
global $controller;
$currentuser = ctrl_users::GetUserDetail();
$uid = $currentuser['userid'];
$query = "SELECT * from x_database_settings WHERE ds_user_vc='$uid'";
$res = $zdbh->prepare($query);
$res->execute();
$results = $res->rowCount();
$val = "";
if($results == 0)
{
return $currentuser['username']."_";
}
else
if($results > 0)
{
while($rows=$res->fetch())
{
if($rows['ds_enabled_in'] == 0)
{
return $currentuser['username']."_";
}
else if($rows['ds_enabled_in'] == 1)
{
return $val;
}
}
}
}
static function getCurrentID()
{
global $zdbh;
global $controller;
$currentuser = ctrl_users::GetUserDetail();
$uid = $currentuser['userid'];
$query = "SELECT * from x_password_strength WHERE ps_user_vc='$uid'";
$res = $zdbh->prepare($query);
$res->execute();
$results = $res->rowCount();
$val = "";
if($results == 0)
{
return "input-password";
}
else
if($results > 0)
{
while($rows=$res->fetch())
{
if($rows['ps_muenabled_in'] == 0)
{
return "input-password";
}
else if($rows['ps_muenabled_in'] == 1)
{
return $val;
}
}
}
}
static function getGeneratePass()
{
global $zdbh;
global $controller;
$currentuser = ctrl_users::GetUserDetail();
$uid = $currentuser['userid'];
$query = "SELECT * from x_password_strength WHERE ps_user_vc='$uid'";
$res = $zdbh->prepare($query);
$res->execute();
$results = $res->rowCount();
$val = "";
if($results == 0)
{
return "Generate Password";
}
else
if($results > 0)
{
while($rows=$res->fetch())
{
if($rows['ps_muenabled_in'] == 0)
{
return "Generate Password";
}
else if($rows['ps_muenabled_in'] == 1)
{
return $val;
}
}
}
}
static function getEditCurrentUserName()
{
global $controller;
if ($controller->GetControllerRequest('URL', 'other')) {
$current = self::ListCurrentUser($controller->GetControllerRequest('URL', 'other'));
return $current[0]['hostname'];
} else {
return "";
}
}
static function getEditCurrentUserID()
{
global $controller;
if ($controller->GetControllerRequest('URL', 'other')) {
$current = self::ListCurrentUser($controller->GetControllerRequest('URL', 'other'));
return $current[0]['hostid'];
} else {
return "";
}
}
static function getcurrentnote()
{
global $zdbh;
global $controller;
$currentuser = ctrl_users::GetUserDetail();
$uid = $currentuser['userid'];
$query = "SELECT * from x_password_strength WHERE ps_user_vc='$uid'";
$res = $zdbh->prepare($query);
$res->execute();
$results = $res->rowCount();
$val = "";
if($results == 0)
{
return true;
}
else
if($results > 0)
{
while($rows=$res->fetch())
{
if($rows['ps_muenabled_in'] == 0)
{
return true;
}
else if($rows['ps_muenabled_in'] == 1)
{
return false;
}
}
}
}
static function getMysqlUsagepChart()
{
return '<img src="' . ui_tpl_assetfolderpath::Template() . 'img/misc/unlimited.png" alt="' . ui_language::translate('Unlimited') . '"/>';
}
static function getResult()
{
if (!fs_director::CheckForEmptyValue(self::$blank)) {
return ui_sysmessage::shout(ui_language::translate("You need to specify a HopstIP or % to create Remote MySQL user."), "zannounceerror");
}
if (!fs_director::CheckForEmptyValue(self::$rootabuse)) {
return ui_sysmessage::shout(ui_language::translate("You cannot create a user named 'root'! This attempt has been logged and the system administrator notified!."), "zannounceerror");
}
if (!fs_director::CheckForEmptyValue(self::$alreadyexists)) {
return ui_sysmessage::shout(ui_language::translate("A MySQL Host with that IP already appears to exsist."), "zannounceerror");
}
if (!fs_director::CheckForEmptyValue(self::$badname)) {
return ui_sysmessage::shout(ui_language::translate("Your MySQL Host name is not valid. Please enter a valid MySQL Host name."), "zannounceerror");
}
if (!fs_director::CheckForEmptyValue(self::$badpass)) {
return ui_sysmessage::shout(ui_language::translate("Your MySQL password is not valid. Enter Valid characters of length 9 with atleast 1 uppercase,lowercase,number,special character."), "zannounceerror");
}
if (!fs_director::CheckForEmptyValue(self::$badIP)) {
return ui_sysmessage::shout(ui_language::translate("The IP address is not valid. Please enter a valid IP address."), "zannounceerror");
}
if (!fs_director::CheckForEmptyValue(self::$dbalreadyadded)) {
return ui_sysmessage::shout(ui_language::translate("That Hostname has already been added to this user."), "zannounceerror");
}
if (!fs_director::CheckForEmptyValue(self::$ok)) {
return ui_sysmessage::shout(ui_language::translate("Changes to your Remote MySQL Host have been saved successfully!"), "zannounceok");
}
return;
}
/**
* Webinterface sudo methods.
*/
}