function add_sql_user(&$sql, $user_id, $db_id)
{
global $cfg;
if (!isset($_POST['uaction'])) {
return;
}
//
// let's check user input;
//
if ($_POST['user_name'] === '' && !isset($_POST['Add_Exist'])) {
set_page_message(tr('Please type user name!'));
return;
}
if ($_POST['pass'] === '' && $_POST['pass_rep'] === '' && !isset($_POST['Add_Exist'])) {
set_page_message(tr('Please type user password!'));
return;
}
if ($_POST['pass'] !== $_POST['pass_rep'] && !isset($_POST['Add_Exist'])) {
set_page_message(tr('Entered passwords does not match!'));
return;
}
if (strlen($_POST['pass']) > $cfg['MAX_SQL_PASS_LENGTH'] && !isset($_POST['Add_Exist'])) {
set_page_message(tr('Too user long password!'));
return;
}
if (isset($_POST['Add_Exist'])) {
$query = "SELECT sqlu_pass FROM sql_user WHERE sqlu_id = ?";
$rs = exec_query($sql, $query, array($_POST['sqluser_id']));
if ($rs->RecordCount() == 0) {
set_page_message(tr('SQL-user not found! Maybe it was deleted by another user!'));
return;
}
$user_pass = $rs->fields['sqlu_pass'];
} else {
$user_pass = $_POST['pass'];
}
$dmn_id = get_user_domain_id($sql, $user_id);
if (!isset($_POST['Add_Exist'])) {
//
// we'll use domain_id in the name of the database;
//
if (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] === 'on' && isset($_POST['id_pos']) && $_POST['id_pos'] === 'start') {
$db_user = $dmn_id . "_" . $_POST['user_name'];
} else {
if (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] === 'on' && isset($_POST['id_pos']) && $_POST['id_pos'] === 'end') {
$db_user = $_POST['user_name'] . "_" . $dmn_id;
} else {
$db_user = $_POST['user_name'];
}
}
} else {
if (isset($_POST['Add_Exist'])) {
$query = "SELECT sqlu_name FROM sql_user WHERE sqlu_id = ?";
$rs = exec_query($sql, $query, array($_POST['sqluser_id']));
$db_user = $rs->fields['sqlu_name'];
}
}
if (strlen($db_user) > $cfg['MAX_SQL_USER_LENGTH']) {
set_page_message(tr('User name too long!'));
return;
}
// are wildcards used?
//
if (ereg("\\%|\\?", $db_user)) {
set_page_message(tr('Wildcards as % and ? are not allowed!'));
return;
}
//
// have we such sql user in the system?!
//
if (check_db_user($sql, $db_user) && !isset($_POST['Add_Exist'])) {
set_page_message(tr('Specified SQL username name already exists!'));
return;
}
//
// add user in the vhcs table;
//
$query = <<<SQL_QUERY
insert into sql_user
(sqld_id, sqlu_name, sqlu_pass)
values
(?, ?, ?)
SQL_QUERY;
$rs = exec_query($sql, $query, array($db_id, $db_user, $user_pass));
$query = <<<SQL_QUERY
select
sqld_name as db_name
from
sql_database
where
sqld_id = ?
and
domain_id = ?
SQL_QUERY;
$rs = exec_query($sql, $query, array($db_id, $dmn_id));
$db_name = $rs->fields['db_name'];
//
// add user in the mysql system tables;
//
$new_db_name = ereg_replace("_", "\\_", $db_name);
$query = 'grant all on ' . quoteIdentifier($new_db_name) . '.* to ?@\'localhost\' identified by ?';
$rs = exec_query($sql, $query, array($db_user, $user_pass));
$query = 'grant all on ' . quoteIdentifier($new_db_name) . '.* to ?@\'%\' identified by ?';
$rs = exec_query($sql, $query, array($db_user, $user_pass));
write_log($_SESSION['user_logged'] . " : add SQL user" . $db_name);
set_page_message(tr('SQL user successfully added!'));
user_goto('manage_sql.php');
}
/**
* @todo
* * Database user with same name can be added several times
* * If creation of database user fails in MySQL-Table, database user is already
* in loclal EasySCP table -> Error handling
*/
function add_sql_user($sql, $user_id, $db_id)
{
$cfg = EasySCP_Registry::get('Config');
if (!isset($_POST['uaction'])) {
return;
}
// let's check user input
if (empty($_POST['user_name']) && !isset($_POST['Add_Exist'])) {
set_page_message(tr('Please type user name!'), 'warning');
return;
}
if (empty($_POST['pass']) && empty($_POST['pass_rep']) && !isset($_POST['Add_Exist'])) {
set_page_message(tr('Please type user password!'), 'warning');
return;
}
if (isset($_POST['pass']) && isset($_POST['pass_rep']) && $_POST['pass'] !== $_POST['pass_rep'] && !isset($_POST['Add_Exist'])) {
set_page_message(tr('Entered passwords do not match!'), 'warning');
return;
}
if (isset($_POST['pass']) && strlen($_POST['pass']) > $cfg->MAX_SQL_PASS_LENGTH && !isset($_POST['Add_Exist'])) {
set_page_message(tr('Too long user password!'), 'warning');
return;
}
if (isset($_POST['pass']) && !preg_match('/^[[:alnum:]:!*+#_.-]+$/', $_POST['pass']) && !isset($_POST['Add_Exist'])) {
set_page_message(tr('Don\'t use special chars like "@, $, %..." in the password!'), 'warning');
return;
}
if (isset($_POST['pass']) && !chk_password($_POST['pass']) && !isset($_POST['Add_Exist'])) {
if ($cfg->PASSWD_STRONG) {
set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning');
} else {
set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning');
}
return;
}
if (isset($_POST['Add_Exist'])) {
$query = "SELECT `sqlu_pass` FROM `sql_user` WHERE `sqlu_id` = ?";
$rs = exec_query($sql, $query, $_POST['sqluser_id']);
if ($rs->recordCount() == 0) {
set_page_message(tr('SQL-user not found! It might has been deleted by another user.'), 'warning');
return;
}
$user_pass = decrypt_db_password($rs->fields['sqlu_pass']);
} else {
$user_pass = $_POST['pass'];
}
$dmn_id = get_user_domain_id($user_id);
if (!isset($_POST['Add_Exist'])) {
// we'll use domain_id in the name of the database;
if (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] === 'on' && isset($_POST['id_pos']) && $_POST['id_pos'] === 'start') {
$db_user = $dmn_id . "_" . clean_input($_POST['user_name']);
} else {
if (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] === 'on' && isset($_POST['id_pos']) && $_POST['id_pos'] === 'end') {
$db_user = clean_input($_POST['user_name']) . "_" . $dmn_id;
} else {
$db_user = clean_input($_POST['user_name']);
}
}
} else {
$query = "SELECT `sqlu_name` FROM `sql_user` WHERE `sqlu_id` = ?";
$rs = exec_query($sql, $query, $_POST['sqluser_id']);
$db_user = $rs->fields['sqlu_name'];
}
if (strlen($db_user) > $cfg->MAX_SQL_USER_LENGTH) {
set_page_message(tr('User name too long!'), 'warning');
return;
}
// are wildcards used?
if (preg_match("/[%|\\?]+/", $db_user)) {
set_page_message(tr('Wildcards such as %% and ? are not allowed!'), 'warning');
return;
}
// have we such sql user in the system?!
if (check_db_user($sql, $db_user) && !isset($_POST['Add_Exist'])) {
set_page_message(tr('Specified SQL username name already exists!'), 'warning');
return;
}
// add user in the EasySCP table;
$query = "\n\t\tINSERT INTO `sql_user`\n\t\t\t(`sqld_id`, `sqlu_name`, `sqlu_pass`)\n\t\tVALUES\n\t\t\t(?, ?, ?)\n\t";
exec_query($sql, $query, array($db_id, $db_user, encrypt_db_password($user_pass)));
update_reseller_c_props(get_reseller_id($dmn_id));
$query = "\n\t\tSELECT\n\t\t\t`sqld_name` AS `db_name`\n\t\tFROM\n\t\t\t`sql_database`\n\t\tWHERE\n\t\t\t`sqld_id` = ?\n\t\tAND\n\t\t\t`domain_id` = ?\n\t";
$rs = exec_query($sql, $query, array($db_id, $dmn_id));
$db_name = $rs->fields['db_name'];
$db_name = preg_replace("/([_%\\?\\*])/", '\\\\$1', $db_name);
// add user in the mysql system tables
$query = "GRANT ALL PRIVILEGES ON " . quoteIdentifier($db_name) . ".* TO ?@? IDENTIFIED BY ?";
exec_query($sql, $query, array($db_user, "localhost", $user_pass));
exec_query($sql, $query, array($db_user, "%", $user_pass));
write_log($_SESSION['user_logged'] . ": add SQL user: " . tohtml($db_user));
set_page_message(tr('SQL user successfully added!'), 'info');
user_goto('sql_manage.php');
}