maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

finish Mysqls.update, untested

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2018-02-24 16:46:56 +01:00
parent bda652f947
commit 20aac1ccd4
3 changed files with 145 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
admin_admins.php
View File

@@ -229,7 +229,6 @@ if ($page == 'admins'
} elseif($action == 'edit' } elseif($action == 'edit'
&& $id != 0 && $id != 0
) { ) {
try { try {
$json_result = Admins::getLocal($userinfo, array( $json_result = Admins::getLocal($userinfo, array(
'id' => $id 'id' => $id

44
customer_mysql.php
View File

@@ -172,48 +172,12 @@ if ($page == 'overview') {
$result = json_decode($json_result, true)['data']; $result = json_decode($json_result, true)['data'];
if (isset($result['databasename']) && $result['databasename'] != '') { if (isset($result['databasename']) && $result['databasename'] != '') {
if (!isset($sql_root[$result['dbserver']]) || !is_array($sql_root[$result['dbserver']])) {
$result['dbserver'] = 0;
}
if (isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
// Only change Password if it is set, do nothing if it is empty! -- PH 2004-11-29 try {
$password = validate($_POST['mysql_password'], 'password'); $json_result = Mysqls::getLocal($userinfo, $_POST)->update();
if ($password != '') { } catch (Exception $e) {
// validate password dynamic_error($e->getMessage());
$password = validatePassword($password);
if ($password == $result['databasename']) {
standard_error('passwordshouldnotbeusername');
}
// Begin root-session
Database::needRoot(true);
foreach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {
$stmt = Database::prepare("SET PASSWORD FOR :dbname@:host = PASSWORD(:password)");
$params = array(
"dbname" => $result['databasename'],
"host" => $mysql_access_host,
"password" => $password
);
Database::pexecute($stmt, $params);
}
$stmt = Database::prepare("FLUSH PRIVILEGES");
Database::pexecute($stmt);
Database::needRoot(false);
// End root-session
} }
// Update the Database description -- PH 2004-11-29
$log->logAction(USR_ACTION, LOG_INFO, "edited database '" . $result['databasename'] . "'");
$databasedescription = validate($_POST['description'], 'description');
$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DATABASES . "`
SET `description` = :desc
WHERE `customerid` = :customerid
AND `id` = :id"
);
Database::pexecute($stmt, array("desc" => $databasedescription, "customerid" => $userinfo['customerid'], "id" => $id));
redirectTo($filename, array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
} else { } else {

164
lib/classes/api/commands/class.Mysqls.php
View File

@@ -31,7 +31,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
* optional, send created resource-information to customer, default: false * optional, send created resource-information to customer, default: false
* @param int $customer_id * @param int $customer_id
* required when called as admin, not needed when called as customer * required when called as admin, not needed when called as customer
* *
* @access admin, customer * @access admin, customer
* @throws Exception * @throws Exception
* @return array * @return array
@@ -39,20 +39,20 @@ class Mysqls extends ApiCommand implements ResourceEntity
public function add() public function add()
{ {
if ($this->getUserDetail('mysqls_used') < $this->getUserDetail('mysqls') || $this->getUserDetail('mysqls') == '-1') { if ($this->getUserDetail('mysqls_used') < $this->getUserDetail('mysqls') || $this->getUserDetail('mysqls') == '-1') {
// required paramters // required paramters
$password = $this->getParam('mysql_password'); $password = $this->getParam('mysql_password');
// parameters // parameters
$dbserver = $this->getParam('mysql_server', true, 0); $dbserver = $this->getParam('mysql_server', true, 0);
$databasedescription = $this->getParam('description', true, ''); $databasedescription = $this->getParam('description', true, '');
$sendinfomail = $this->getParam('sendinfomail', true, 0); $sendinfomail = $this->getParam('sendinfomail', true, 0);
// validation // validation
$password = validate($password, 'password', '', '', array(), true); $password = validate($password, 'password', '', '', array(), true);
$password = validatePassword($password, true); $password = validatePassword($password, true);
$databasedescription = validate(trim($databasedescription), 'description', '', '', array(), true); $databasedescription = validate(trim($databasedescription), 'description', '', '', array(), true);
// validate whether the dbserver exists // validate whether the dbserver exists
$dbserver = validate($dbserver, html_entity_decode($this->lng['mysql']['mysql_server']), '', '', 0, true); $dbserver = validate($dbserver, html_entity_decode($this->lng['mysql']['mysql_server']), '', '', 0, true);
Database::needRoot(true, $dbserver); Database::needRoot(true, $dbserver);
@@ -62,18 +62,18 @@ class Mysqls extends ApiCommand implements ResourceEntity
if (! isset($sql_root) || ! is_array($sql_root)) { if (! isset($sql_root) || ! is_array($sql_root)) {
throw new ErrorException("Database server with index #" . $dbserver . " is unknown", 404); throw new ErrorException("Database server with index #" . $dbserver . " is unknown", 404);
} }
if ($password == '') { if ($password == '') {
standard_error(array( standard_error(array(
'stringisempty', 'stringisempty',
'mysql_password' 'mysql_password'
), '', true); ), '', true);
} }
if ($sendinfomail != 1) { if ($sendinfomail != 1) {
$sendinfomail = 0; $sendinfomail = 0;
} }
// get needed customer info to reduce the mysql-usage-counter by one // get needed customer info to reduce the mysql-usage-counter by one
if ($this->isAdmin()) { if ($this->isAdmin()) {
// get customer id // get customer id
@@ -89,7 +89,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
} else { } else {
$customer_id = $this->getUserDetail('customer_id'); $customer_id = $this->getUserDetail('customer_id');
} }
$newdb_params = array( $newdb_params = array(
'loginname' => ($this->isAdmin() ? $customer['loginname'] : $this->getUserDetail('loginname')), 'loginname' => ($this->isAdmin() ? $customer['loginname'] : $this->getUserDetail('loginname')),
'mysql_lastaccountnumber' => ($this->isAdmin() ? $customer['mysql_lastaccountnumber'] : $this->getUserDetail('mysql_lastaccountnumber')) 'mysql_lastaccountnumber' => ($this->isAdmin() ? $customer['mysql_lastaccountnumber'] : $this->getUserDetail('mysql_lastaccountnumber'))
@@ -97,12 +97,12 @@ class Mysqls extends ApiCommand implements ResourceEntity
// create database, user, set permissions, etc.pp. // create database, user, set permissions, etc.pp.
$dbm = new DbManager($this->logger()); $dbm = new DbManager($this->logger());
$username = $dbm->createDatabase($newdb_params['loginname'], $password, $newdb_params['mysql_lastaccountnumber']); $username = $dbm->createDatabase($newdb_params['loginname'], $password, $newdb_params['mysql_lastaccountnumber']);
// we've checked against the password in dbm->createDatabase // we've checked against the password in dbm->createDatabase
if ($username == false) { if ($username == false) {
standard_error('passwordshouldnotbeusername', '', true); standard_error('passwordshouldnotbeusername', '', true);
} }
// add database info to froxlor // add database info to froxlor
$stmt = Database::prepare(" $stmt = Database::prepare("
INSERT INTO `" . TABLE_PANEL_DATABASES . "` INSERT INTO `" . TABLE_PANEL_DATABASES . "`
@@ -121,7 +121,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
Database::pexecute($stmt, $params, true, true); Database::pexecute($stmt, $params, true, true);
$databaseid = Database::lastInsertId(); $databaseid = Database::lastInsertId();
$params['id'] = $databaseid; $params['id'] = $databaseid;
// update customer usage // update customer usage
$stmt = Database::prepare(" $stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_CUSTOMERS . "` UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
@@ -131,7 +131,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
Database::pexecute($stmt, array( Database::pexecute($stmt, array(
"customerid" => ($this->isAdmin() ? $customer['customerid'] : $this->getUserDetail('customerid')) "customerid" => ($this->isAdmin() ? $customer['customerid'] : $this->getUserDetail('customerid'))
), true, true); ), true, true);
// update admin usage // update admin usage
$stmt = Database::prepare(" $stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_ADMINS . "` UPDATE `" . TABLE_PANEL_ADMINS . "`
@@ -141,20 +141,20 @@ class Mysqls extends ApiCommand implements ResourceEntity
Database::pexecute($stmt, array( Database::pexecute($stmt, array(
"adminid" => $this->getUserDetail('adminid') "adminid" => $this->getUserDetail('adminid')
), true, true); ), true, true);
// send info-mail? // send info-mail?
if ($sendinfomail == 1) { if ($sendinfomail == 1) {
$pma = $this->lng['admin']['notgiven']; $pma = $this->lng['admin']['notgiven'];
if (Settings::Get('panel.phpmyadmin_url') != '') { if (Settings::Get('panel.phpmyadmin_url') != '') {
$pma = Settings::Get('panel.phpmyadmin_url'); $pma = Settings::Get('panel.phpmyadmin_url');
} }
Database::needRoot(true, $dbserver); Database::needRoot(true, $dbserver);
Database::needSqlData(); Database::needSqlData();
$sql_root = Database::getSqlData(); $sql_root = Database::getSqlData();
Database::needRoot(false); Database::needRoot(false);
$userinfo = ($this->isAdmin() ? $customer : $this->getUserData()); $userinfo = ($this->isAdmin() ? $customer : $this->getUserData());
$replace_arr = array( $replace_arr = array(
'SALUTATION' => getCorrectUserSalutation($userinfo), 'SALUTATION' => getCorrectUserSalutation($userinfo),
'CUST_NAME' => getCorrectUserSalutation($userinfo), // < keep this for compatibility 'CUST_NAME' => getCorrectUserSalutation($userinfo), // < keep this for compatibility
@@ -164,7 +164,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
'DB_SRV' => $sql_root['host'], 'DB_SRV' => $sql_root['host'],
'PMA_URI' => $pma 'PMA_URI' => $pma
); );
$def_language = $userinfo['def_language']; $def_language = $userinfo['def_language'];
$result_stmt = Database::prepare(" $result_stmt = Database::prepare("
SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "` SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
@@ -178,7 +178,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
"lang" => $def_language "lang" => $def_language
), true, true); ), true, true);
$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $this->lng['mails']['new_database_by_customer']['subject']), $replace_arr)); $mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $this->lng['mails']['new_database_by_customer']['subject']), $replace_arr));
$result_stmt = Database::prepare(" $result_stmt = Database::prepare("
SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "` SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid`= :adminid WHERE `adminid`= :adminid
@@ -191,7 +191,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
"lang" => $def_language "lang" => $def_language
)); ));
$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $this->lng['mails']['new_database_by_customer']['mailbody']), $replace_arr)); $mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $this->lng['mails']['new_database_by_customer']['mailbody']), $replace_arr));
$_mailerror = false; $_mailerror = false;
try { try {
$this->mail->Subject = $mail_subject; $this->mail->Subject = $mail_subject;
@@ -206,12 +206,12 @@ class Mysqls extends ApiCommand implements ResourceEntity
$mailerr_msg = $e->getMessage(); $mailerr_msg = $e->getMessage();
$_mailerror = true; $_mailerror = true;
} }
if ($_mailerror) { if ($_mailerror) {
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_ERR, "[API] Error sending mail: " . $mailerr_msg); $this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_ERR, "[API] Error sending mail: " . $mailerr_msg);
standard_error('errorsendingmail', $userinfo['email'], true); standard_error('errorsendingmail', $userinfo['email'], true);
} }
$this->mail->ClearAddresses(); $this->mail->ClearAddresses();
} }
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_WARNING, "[API] added mysql-database '" . $username . "'"); $this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_WARNING, "[API] added mysql-database '" . $username . "'");
@@ -319,8 +319,126 @@ class Mysqls extends ApiCommand implements ResourceEntity
throw new Exception("MySQL database with " . $key . " could not be found", 404); throw new Exception("MySQL database with " . $key . " could not be found", 404);
} }
/**
* update a mysql database entry by either id or dbname
*
* @param int $id
* optional, the database-id
* @param string $dbname
* optional, the databasename
* @param int $dbserver
* optional, specify database-server, default is none
* @param string $mysql_password
* optional, update password for the database
* @param string $description
* optional, description for database
*
* @access admin, customer
* @throws Exception
* @return array
*/
public function update() public function update()
{} {
$id = $this->getParam('id', true, 0);
$dn_optional = ($id <= 0 ? false : true);
$dbname = $this->getParam('dbname', $dn_optional, '');
$dbserver = $this->getParam('dbserver', true, - 1);
if ($id <= 0 && empty($dbname)) {
throw new Exception("Either 'id' or 'dbname' parameter must be given", 406);
}
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'mysql')) {
throw new Exception("You cannot access this resource", 405);
}
$json_result = Mysqls::getLocal($this->getUserData(), array(
'id' => $id,
'dbname' => $dbname,
'dbserver' => $dbserver
))->get();
$result = json_decode($json_result, true)['data'];
$id = $result['id'];
// paramters
$password = $this->getParam('mysql_password', true, '');
$databasedescription = $this->getParam('description', true, '');
// validation
$password = validate($password, 'password', '', '', array(), true);
$password = validatePassword($password, true);
$databasedescription = validate(trim($databasedescription), 'description', '', '', array(), true);
// validate whether the dbserver exists
$dbserver = validate($dbserver, html_entity_decode($this->lng['mysql']['mysql_server']), '', '', 0, true);
Database::needRoot(true, $dbserver);
Database::needSqlData();
$sql_root = Database::getSqlData();
Database::needRoot(false);
if (! isset($sql_root) || ! is_array($sql_root)) {
throw new ErrorException("Database server with index #" . $dbserver . " is unknown", 404);
}
if ($sendinfomail != 1) {
$sendinfomail = 0;
}
// get needed customer info to reduce the mysql-usage-counter by one
if ($this->isAdmin()) {
// get customer id
$customer_id = $this->getParam('customer_id');
$json_result = Customers::getLocal($this->getUserData(), array(
'id' => $result['customerid']
))->get();
$customer = json_decode($json_result, true)['data'];
// check whether the customer has enough resources to get the database added
if ($customer['mysqls_used'] >= $customer['mysqls'] && $customer['mysqls'] != '-1') {
throw new Exception("Customer has no more resources available", 406);
}
} else {
$customer_id = $this->getUserDetail('customer_id');
}
if ($password != '') {
// validate password
$password = validatePassword($password, true);
if ($password == $result['databasename']) {
standard_error('passwordshouldnotbeusername', '', true);
}
// Begin root-session
Database::needRoot(true, $result['dbserver']);
foreach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {
$stmt = Database::prepare("SET PASSWORD FOR :dbname@:host = PASSWORD(:password)");
$params = array(
"dbname" => $result['databasename'],
"host" => $mysql_access_host,
"password" => $password
);
Database::pexecute($stmt, $params, true, true);
}
$stmt = Database::prepare("FLUSH PRIVILEGES");
Database::pexecute($stmt, null, true, true);
Database::needRoot(false);
// End root-session
}
$stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_DATABASES . "`
SET `description` = :desc
WHERE `customerid` = :customerid
AND `id` = :id
");
$params = array(
"desc" => $databasedescription,
"customerid" => ($this->isAdmin() ? $customer['customerid'] : $this->getUserDetail('customerid')),
"id" => $id
);
Database::pexecute($stmt, $params, true, true);
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_WARNING, "[API] updated mysql-database '" . $result['databasename'] . "'");
return $this->response(200, "successfull", $params);
}
/** /**
* list all databases, if called from an admin, list all databases of all customers you are allowed to view, or specify id or loginname for one specific customer * list all databases, if called from an admin, list all databases of all customers you are allowed to view, or specify id or loginname for one specific customer
@@ -444,7 +562,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'mysql')) { if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'mysql')) {
throw new Exception("You cannot access this resource", 405); throw new Exception("You cannot access this resource", 405);
} }
$json_result = Mysqls::getLocal($this->getUserData(), array( $json_result = Mysqls::getLocal($this->getUserData(), array(
'id' => $id, 'id' => $id,
'dbname' => $dbname, 'dbname' => $dbname,