From 3657cf7cc6c33a4532def886e65bd6fbcf881943 Mon Sep 17 00:00:00 2001
From: madmuffin <kontakt+madmuffin@patrick-brueckner.de>
Date: Mon, 19 Nov 2012 19:22:21 +0100
Subject: [PATCH] Patching Revoking Privileges (both when deleting user and
 disabling user): * if manual changes were made or user was created with very
 old version of SysCP or if MySQL access hosts in settings were altered since
 creating user/privileges, all privileges will be deleted anyways.

---
 admin_customers.php | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/admin_customers.php b/admin_customers.php
index bedbf190..7af3c713 100644
--- a/admin_customers.php
+++ b/admin_customers.php
@@ -223,12 +223,17 @@ if($page == 'customers'
 						$last_dbserver = $row_database['dbserver'];
 					}
 
-					foreach(array_unique(explode(',', $settings['system']['mysql_access_host'])) as $mysql_access_host)
+					if(mysql_get_server_info() < '5.0.2') {
+						// failsafe if user has been deleted manually (requires MySQL 4.1.2+)
+						$db_root->query('REVOKE ALL PRIVILEGES, GRANT OPTION FROM \'' . $db_root->escape($row_database['databasename']) .'\'',false,true);
+					}
+
+					$host_res = $db_root->query("SELECT `Host` FROM `mysql`.`user` WHERE `User`='" . $db_root->escape($row_database['databasename']) . "'");
+					while($host = $db_root->fetch_array($host_res))
 					{
-						$mysql_access_host = trim($mysql_access_host);
-						$db_root->query('REVOKE ALL PRIVILEGES ON * . * FROM `' . $db_root->escape($row_database['databasename']) . '`@`' . $db_root->escape($mysql_access_host) . '`',false,true);
-						$db_root->query('REVOKE ALL PRIVILEGES ON `' . str_replace('_', '\_', $db_root->escape($row_database['databasename'])) . '` . * FROM `' . $db_root->escape($row_database['databasename']) . '`@`' . $db_root->escape($mysql_access_host) . '`',false,true);
-						$db_root->query('DELETE FROM `mysql`.`user` WHERE `User` = "' . $db_root->escape($row_database['databasename']) . '" AND `Host` = "' . $db_root->escape($mysql_access_host) . '"');
+						// as of MySQL 5.0.2 this also revokes privileges. (requires MySQL 4.1.2+)
+						$db_root->query('DROP USER \'' . $db_root->escape($row_database['databasename']). '\'@\'' . $db_root->escape($host['Host']) . '\'', false, true);
+						
 					}
 
 					$db_root->query('DROP DATABASE IF EXISTS `' . $db_root->escape($row_database['databasename']) . '`');
@@ -1262,8 +1267,8 @@ if($page == 'customers'
 								/* Prevent access, if deactivated */
 								if($deactivated)
 								{
-									$db_root->query('REVOKE ALL PRIVILEGES ON * . * FROM `' . $db_root->escape($row_database['databasename']) . '`@`' . $db_root->escape($mysql_access_host) . '`');
-									$db_root->query('REVOKE ALL PRIVILEGES ON `' . str_replace('_', '\_', $db_root->escape($row_database['databasename'])) . '` . * FROM `' . $db_root->escape($row_database['databasename']) . '`@`' . $db_root->escape($mysql_access_host) . '`');
+									// failsafe if user has been deleted manually (requires MySQL 4.1.2+)
+									$db_root->query('REVOKE ALL PRIVILEGES, GRANT OPTION FROM \'' . $db_root->escape($row_database['databasename']) .'\'',false,true);
 								}
 								else /* Otherwise grant access */
 								{