From dfb2d625c969793f32160caaefaec5123d1f3164 Mon Sep 17 00:00:00 2001 From: Michael Kaufmann Date: Fri, 29 Jul 2022 09:35:11 +0200 Subject: [PATCH] use correct target-dbserver to add db and user when using multiple database servers Signed-off-by: Michael Kaufmann --- lib/Froxlor/Api/Commands/Mysqls.php | 8 ++-- lib/Froxlor/Database/DbManager.php | 42 ++++++++----------- .../customer/mysql/formfield.mysql_add.php | 3 +- .../customer/mysql/formfield.mysql_edit.php | 3 +- 4 files changed, 26 insertions(+), 30 deletions(-) diff --git a/lib/Froxlor/Api/Commands/Mysqls.php b/lib/Froxlor/Api/Commands/Mysqls.php index 52d44f8f..51f7458f 100644 --- a/lib/Froxlor/Api/Commands/Mysqls.php +++ b/lib/Froxlor/Api/Commands/Mysqls.php @@ -89,7 +89,7 @@ class Mysqls extends ApiCommand implements ResourceEntity } // validate whether the dbserver exists - $dbserver = Validate::validate($dbserver, html_entity_decode(lng('mysql.mysql_server')), '', '', 0, true); + $dbserver = Validate::validate($dbserver, html_entity_decode(lng('mysql.mysql_server')), '/^[0-9]+$/', '', 0, true); Database::needRoot(true, $dbserver); Database::needSqlData(); $sql_root = Database::getSqlData(); @@ -110,9 +110,9 @@ class Mysqls extends ApiCommand implements ResourceEntity $dbm = new DbManager($this->logger()); if (strtoupper(Settings::Get('customer.mysqlprefix')) == 'DBNAME' && !empty($databasename)) { - $username = $dbm->createDatabase($newdb_params['loginname'] . '_' . $databasename, $password); + $username = $dbm->createDatabase($newdb_params['loginname'] . '_' . $databasename, $password, $dbserver); } else { - $username = $dbm->createDatabase($newdb_params['loginname'], $password, $newdb_params['mysql_lastaccountnumber']); + $username = $dbm->createDatabase($newdb_params['loginname'], $password, $dbserver, $newdb_params['mysql_lastaccountnumber']); } // we've checked against the password in dbm->createDatabase @@ -230,6 +230,8 @@ class Mysqls extends ApiCommand implements ResourceEntity $dbname = $this->getParam('dbname', $dn_optional, ''); $dbserver = $this->getParam('mysql_server', true, -1); + $dbserver = Validate::validate($dbserver, html_entity_decode(lng('mysql.mysql_server')), '/^[0-9]+$/', '', 0, true); + if ($this->isAdmin()) { if ($this->getUserDetail('customers_see_all') != 1) { // if it's a reseller or an admin who cannot see all customers, we need to check diff --git a/lib/Froxlor/Database/DbManager.php b/lib/Froxlor/Database/DbManager.php index ce602da1..c5a0b26a 100644 --- a/lib/Froxlor/Database/DbManager.php +++ b/lib/Froxlor/Database/DbManager.php @@ -79,37 +79,29 @@ class DbManager public static function correctMysqlUsers($mysql_access_host_array) { - // get sql-root access data - Database::needRoot(true); - Database::needSqlData(); - $sql_root = Database::getSqlData(); - Database::needRoot(false); + // get all databases for all dbservers + $databases = []; + $databases_result_stmt = Database::prepare(" + SELECT * FROM `" . TABLE_PANEL_DATABASES . "` + ORDER BY `dbserver` ASC + "); + Database::pexecute($databases_result_stmt); + while ($databases_row = $databases_result_stmt->fetch(PDO::FETCH_ASSOC)) { + if (!isset($databases[$databases_row['dbserver']])) { + $databases[$databases_row['dbserver']] = []; + } + $databases[$databases_row['dbserver']][] = $databases_row['databasename']; + } $dbservers_stmt = Database::query("SELECT DISTINCT `dbserver` FROM `" . TABLE_PANEL_DATABASES . "`"); while ($dbserver = $dbservers_stmt->fetch(PDO::FETCH_ASSOC)) { + // require privileged access for target db-server Database::needRoot(true, $dbserver['dbserver']); - Database::needSqlData(); - $sql_root = Database::getSqlData(); $dbm = new DbManager(FroxlorLogger::getInstanceOf()); $users = $dbm->getManager()->getAllSqlUsers(false); - $databases = [ - $sql_root['db'] - ]; - $databases_result_stmt = Database::prepare(" - SELECT * FROM `" . TABLE_PANEL_DATABASES . "` - WHERE `dbserver` = :mysqlserver - "); - Database::pexecute($databases_result_stmt, [ - 'mysqlserver' => $dbserver['dbserver'] - ]); - - while ($databases_row = $databases_result_stmt->fetch(PDO::FETCH_ASSOC)) { - $databases[] = $databases_row['databasename']; - } - - foreach ($databases as $username) { + foreach ($databases[$dbserver] as $username) { if (isset($users[$username]) && is_array($users[$username]) && isset($users[$username]['hosts']) && is_array($users[$username]['hosts'])) { $password = [ @@ -150,9 +142,9 @@ class DbManager * * @return string|bool $username if successful or false of username is equal to the password */ - public function createDatabase($loginname = null, $password = null, $last_accnumber = 0) + public function createDatabase($loginname = null, $password = null, int $dbserver = 0, $last_accnumber = 0) { - Database::needRoot(true); + Database::needRoot(true, $dbserver); // check whether we shall create a random username if (strtoupper(Settings::Get('customer.mysqlprefix')) == 'RANDOM') { diff --git a/lib/formfields/customer/mysql/formfield.mysql_add.php b/lib/formfields/customer/mysql/formfield.mysql_add.php index 74c6ee53..a0bb6f39 100644 --- a/lib/formfields/customer/mysql/formfield.mysql_add.php +++ b/lib/formfields/customer/mysql/formfield.mysql_add.php @@ -51,7 +51,8 @@ return [ 'label' => lng('customer.generated_pwd'), 'type' => 'text', 'visible' => (Settings::Get('panel.password_regex') == ''), - 'value' => Crypt::generatePassword() + 'value' => Crypt::generatePassword(), + 'readonly' => true ], 'sendinfomail' => [ 'label' => lng('customer.sendinfomail'), diff --git a/lib/formfields/customer/mysql/formfield.mysql_edit.php b/lib/formfields/customer/mysql/formfield.mysql_edit.php index cc48d6a7..c074fa3f 100644 --- a/lib/formfields/customer/mysql/formfield.mysql_edit.php +++ b/lib/formfields/customer/mysql/formfield.mysql_edit.php @@ -52,7 +52,8 @@ return [ 'label' => lng('customer.generated_pwd'), 'type' => 'text', 'visible' => (Settings::Get('panel.password_regex') == ''), - 'value' => Crypt::generatePassword() + 'value' => Crypt::generatePassword(), + 'readonly' => true ] ] ]