<?
// Init vars
$i = 0;
$j = 0;
$k = 0;
unset($done);
unset($userlist);
unset($error);
// Get current domain's user list
$dbp = mysql_query("SELECT username FROM users WHERE id=".$domaindata['id']." ORDER BY username");
while ($tmp = mysql_fetch_array($dbp)) {
$utmp = substr($tmp['username'],0,16);
if ($userlist[$j-1] != $utmp)
$userlist[$j++] = $utmp;
}
// If data is set (i.e the submit button has been hit)
if ((isset($data) OR $action == 'remove') && ($userdata['type'] != 'demo') && $confirm) {
// remove spaces and slashes.
if ($action != 'remove') {
while (list($key, $val) = each($data))
$data[$key] = trim(stripslashes($val));
reset($data);
}
// create database
if ($action == 'create') {
// Check database name
if (!eregi($rx['user'],$data['dbname']))
$error[$i++] = $T['err']['db']['name'];
// Name is free?
if (@mysql_select_db($data['dbname'])) {
mysql_select_db($cfg['dbname']);
$error[$i++] = $T['err']['db']['name taken'];
}
// Verify username validity
$j = 0;
$uvalid = false;
while($userlist[$j]) {
if ($userlist[$j] == $data['dbuser']) {
$uvalid = true;
break;
}
++$j;
}
if (!$uvalid)
$error[$i++] = $T['err']['db']['username'];
// if user is already in the db, dont check pass or create it!
mysql_select_db('mysql');
$dbp = mysql_query("SELECT User FROM user WHERE User='".$data['dbuser']."'");
if (mysql_num_rows($dbp))
$userset = true;
else
$userset = false;
// Verify password
if (!eregi($rx['pass'],$data['password']) AND !$userset) {
$error[$i++] = $T['err']['db']['password'];
}
// Check for weak password
if ($cfg['strong_passwords']) {
if (!password_check($data['password'])) {
$error[$i++] = $T['err']['db']['weakpassword'];
}
}
// Verify there free databases
// Construct SQL query
$sql_query = "SELECT User FROM db WHERE ";
$sql_query .= "User='".implode("' OR User='",$userlist);
$sql_query .= "'";
// Fetch current databases
$dbp = mysql_query($sql_query);
if (mysql_num_rows($dbp) >= $domaindata['db'])
$error[$i++] = $T['err']['db']['no db'];
mysql_select_db($cfg['dbname']);
if(!$error) {
if (!mysql_query("CREATE DATABASE `".$data['dbname']."`")) {
$error[$i++] = $T['err']['db']['no create'];
}
mysql_select_db('mysql');
if (!$userset) {
mysql_query("INSERT INTO user SET Host='localhost', User='".$data['dbuser']."', password=PASSWORD('".$data['password']."')");
}
mysql_query("INSERT INTO db SET Host='localhost', Db='".$data['dbname']."', User='".$data['dbuser']."', Select_priv='Y',
Insert_priv='Y', Update_priv='Y', Delete_priv='Y', Create_priv='Y' ,Drop_priv='Y', Grant_priv='N',
References_priv='Y', Index_priv='Y', Alter_priv='Y'");
mysql_query("FLUSH PRIVILEGES");
mysql_select_db($cfg['dbname']);
if(!$error) {
$done[++$k] = $T['db created'].$data['dbname'];
}
}
}
// update database(s)
elseif ($action == 'update') {
// loop through all possible input
while (list($key, $val) = each($data)) {
// if its a password, check it out
if (ereg("_pass$",$key) AND $val) {
// Get username
$uname = trim(ereg_replace("_pass$","",$key));
// Check username
if (!eregi($rx['user'],$uname))
$error[$i++] = $T['err']['db']['username'];
// Verify password
if (!eregi($rx['pass'],$val))
$error[$i++] = $T['err']['db']['password'];
// if no errors, update user's password
if (!$error) {
mysql_select_db('mysql');
mysql_query("UPDATE user SET Password = PASSWORD('$val') WHERE User='$uname'");
mysql_query("FLUSH PRIVILEGES");
mysql_select_db($cfg['dbname']);
$done[++$k] = $T['db user updated'].$uname;
}
}
}
}
// remove database
elseif ($action == 'remove') {
// Check database name
if (!eregi($rx['user'],$data['dbname']))
$error[$i++] = $T['err']['db']['name'];
// Verify the db exists and is valid
// Construct SQL query
$sql_query = "SELECT User FROM db WHERE ";
$sql_query .= "User='".implode("' OR User='",$userlist);
$sql_query .= "' AND Db='".$data['dbname']."'";
// Fetch current databases
mysql_select_db('mysql');
$dbp = mysql_query($sql_query);
if (!mysql_num_rows($dbp)) {
$error[$i++] = $T['err']['db']['invalid db'];
}
$uname = mysql_fetch_array($dbp);
$uname = $uname['User'];
// Verify if the user is still in use
$dbp = mysql_query("SELECT Db FROM db WHERE User = '$uname'");
$userused = mysql_num_rows($dbp);
mysql_select_db($cfg['dbname']);
// if no errors, update user's password
if (!$error) {
mysql_query("DROP DATABASE ".$data['dbname']);
mysql_select_db('mysql');
if (!$userused)
mysql_query("DELETE FROM user WHERE User='$uname'");
mysql_query("DELETE FROM db WHERE Db='".$data['dbname']."'");
mysql_query("FLUSH PRIVILEGES");
mysql_select_db($cfg['dbname']);
$done[++$k] = $T['db removed'].$data['dbname'];
}
}
if ($error)
echo "<br> ".implode("<br>\n ",$error)."<br><br>\n";
if ($done)
echo "<br> ".implode("<br>\n ",$done)."<br><br>\n";
} elseif ((isset($data) OR $action == 'remove') && $userdata['type'] == 'demo') {
echo "<center>".$T['err']['demo user']."</center>";
} elseif ((isset($data) OR $action == 'remove') && !$confirm) {
?>
<blockquote>
<form action="<?=$current_url;?>" method="post" name="webcp1" onSubmit="submitonce(this);">
<?=$T['really '.$action];?><b><?=(($action == "update") ? "password" : $data['dbname']);?></b><br>
<input type="submit" value="<?=$T['yes'];?>">
<?
foreach ($data as $key => $val) {
echo '<input type="hidden" name="data['.$key.']" value="'.$data[$key].'">';
}
?>
<input type="hidden" name="action" value="<?=$action;?>">
<input type="hidden" name="confirm" value="true">
</form>
</blockquote>
<?
}
// check for users, else display message
$dbp = mysql_query("SELECT username FROM users WHERE id=".$domaindata['id']." AND action != 'remove'");
$numrows = mysql_num_rows($dbp);
if (!$numrows)
echo $T['no users'];
else {
?>
<form action="<?=$current_url;?>" method="post" name="webcp1" onSubmit="submitonce(this);">
<div align="center">
<table border="0" cellpadding="0" cellspacing="0" summary="" width="500">
<tr>
<td>
<b class="big"><?=$T['MySQL DB Creation'];?></b>
<table border="0" cellpadding="0" cellspacing="0" summary="" class="tblbg">
<tr>
<td>
<table border="0" cellspacing="1" summary="">
<tr>
<td class="row2"><b><?=$T['Database Name'];?></b></td>
<td class="row2"><b><?=$T['Username'];?></b></td>
<td class="row2"><b><?=$T['Password'];?></b></td>
</tr>
<tr>
<td class="row1"><input type="text" name="data[dbname]" size="20" maxlength="25" value="<?=(($error) ? $data['dbname'] : "");?>"></td>
<td class="row1"><select name="data[dbuser]">
<? $j = 0;
while($userlist[$j]) {
echo "<option value='".$userlist[$j]."'";
if ($error && ($userlist[$j] == $data['dbuser'])) { echo " selected "; }
echo "> ".$userlist[$j]."</option>\n";
++$j;
} ?></select>
</td>
<td class="row1"><input type="text" name="data[password]" size="20" maxlength="25"></td>
</tr>
</table>
</td>
</tr>
</table><br>
<input type="hidden" name="action" value="create">
<div align="right"><input type="submit" value="<?=$T['Create Database'];?>"></div>
</td>
</tr>
</table>
</div></form><br><br>
<?
if ($userlist) {
// Construct SQL query
$sql_query = "SELECT Db,User FROM db WHERE ";
$sql_query .= "User='".implode("' OR User='",$userlist);
$sql_query .= "'";
// Fetch current databases
mysql_select_db('mysql');
$dbp = mysql_query($sql_query);
if (mysql_num_rows($dbp)) { ?>
<div align="center">
<form action="<?=$current_url;?>" method="post" name="webcp2" onSubmit="submitonce(this);">
<table border="0" cellpadding="0" cellspacing="0" summary="" width="500">
<tr>
<td>
<b class="big"><?=$T['MySQL DB Management'];?></b>
<table border="0" cellpadding="0" cellspacing="0" summary="" class="tblbg">
<tr>
<td>
<table border="0" cellspacing="1" summary="">
<tr>
<td class="row2"><b> <?=$T['Database Name'];?> </b></td>
<td class="row2"><b> <?=$T['Num Tables'];?> </b></td>
<td class="row2"><b> <?=$T['Database Size'];?> </b></td>
<td class="row2"><b> <?=$T['Username'];?> </b></td>
<td class="row2"><b> <?=$T['Password'];?> </b></td>
<td class="row2"> </td>
</tr>
<?
while ($dbdata = mysql_fetch_array($dbp)) {
$dbp1 = mysql_list_tables($dbdata['Db']);
$db = mysql_select_db($dbdata['Db'])
or exit('Could not select database: ' . mysql_error());
// Calculate DB size by adding table size + index size:
$rows = mysql_query("SHOW TABLE STATUS");
$dbsize = 0;
while ($row = mysql_fetch_array($rows)) {
$dbsize += $row['Data_length'] + $row['Index_length'];
}
$db = mysql_select_db($cfg['dbname']);
$dbsize = file_size_info($dbsize);
?>
<tr>
<td class="row1"><i><?=$dbdata['Db'];?></i></td>
<td class="row1"><?=intval(@mysql_num_rows($dbp1));?></td>
<td class="row1"><?=$dbsize['size'];?> <?=$dbsize['type'];?></td>
<td class="row1"><i><?=$dbdata['User'];?></i></td>
<td class="row1"><input type="text" name="data[<?=$dbdata['User'];?>_pass]" size="20" maxlength="25"></td>
<td class="row1"> <a href="<?=$current_url;?>&action=remove&data[dbname]=<?=$dbdata['Db'];?>"><img src="icon/remove.gif" border="0" width="15" height="15" alt="Remove"></a> </td>
</tr>
<? } ?>
</table>
</td>
</tr>
</table><br>
<input type="hidden" name="action" value="update">
<div align="right"><input type="submit" value="<?=$T['Update Settings'];?>"></div>
</td>
</tr>
</table>
</form></div>
<? }
mysql_select_db($cfg['dbname']);
}
}
?>