source: alternc/trunk/bureau/class/m_mysql.php @ 2616

Revision 2616, 23.3 KB checked in by benjamin, 4 years ago (diff)

Adding Password Policy management to AlternC \!

Line 
1<?php
2/*
3 $Id: m_mysql.php,v 1.35 2005/12/18 09:51:32 benjamin Exp $
4 ----------------------------------------------------------------------
5 AlternC - Web Hosting System
6 Copyright (C) 2002 by the AlternC Development Team.
7 http://alternc.org/
8 ----------------------------------------------------------------------
9 Based on:
10 Valentin Lacambre's web hosting softwares: http://altern.org/
11 ----------------------------------------------------------------------
12 LICENSE
13
14 This program is free software; you can redistribute it and/or
15 modify it under the terms of the GNU General Public License (GPL)
16 as published by the Free Software Foundation; either version 2
17 of the License, or (at your option) any later version.
18
19 This program is distributed in the hope that it will be useful,
20 but WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
22 GNU General Public License for more details.
23
24 To read the license please visit http://www.gnu.org/copyleft/gpl.html
25 ----------------------------------------------------------------------
26 Original Author of file: Benjamin Sonntag
27 Purpose of file: Manage mysql database for users.
28 ----------------------------------------------------------------------
29*/
30/**
31 * MySQL user database management for AlternC.
32 * This class manage user's databases in MySQL, and user's MySQL accounts.
33 *
34 * @copyright    AlternC-Team 2002-2005 http://alternc.org/
35 */
36class m_mysql {
37
38  var $server;
39  var $client;
40
41  /*---------------------------------------------------------------------------*/
42  /** Constructor
43  * m_mysql([$mid]) Constructeur de la classe m_mysql, initialise le membre concerne
44  */
45  function m_mysql() {
46      $this->server = $GLOBALS['L_MYSQL_HOST'];
47      $this->client = $GLOBALS['L_MYSQL_CLIENT'];
48  }
49
50  /* ----------------------------------------------------------------- */
51  /** Hook called by m_quota to obtain the quota managed by this class.
52   * Quota name
53   */
54  function alternc_quota_names() {
55    return array("mysql","mysql_users");
56  }
57
58
59
60  /* ----------------------------------------------------------------- */
61  /**
62   * Password kind used in this class (hook for admin class)
63   */
64  function alternc_password_policy() {
65    return array("mysql"=>"MySQL users");
66  }
67
68
69
70  /*---------------------------------------------------------------------------*/
71  /** Get the list of the database for the current user.
72   * @return array returns an associative array as follow : <br>
73   *  "db" => database name "bck" => backup mode for this db
74   *  "dir" => Backup folder.
75   *  Returns FALSE if the user has no database.
76   */
77  function get_dblist() {
78    global $db,$err,$bro,$cuid;
79    $err->log("mysql","get_dblist");
80    $db->query("SELECT login,pass,db, bck_mode, bck_dir FROM db WHERE uid='$cuid' ORDER BY db;");
81    if (!$db->num_rows()) {
82      $err->raise("mysql",11);
83      return false;
84    }
85    $c=array();
86    while ($db->next_record()) {
87      list($dbu,$dbn)=split_mysql_database_name($db->f("db"));
88      $c[]=array("db"=>$db->f("db"), "name"=>$dbn,"bck"=>$db->f("bck_mode"), "dir"=>$db->f("bck_dir"), "login"=>$db->f("login"), "pass"=>$db->f("pass"));
89    }
90    return $c;
91  }
92
93  /*---------------------------------------------------------------------------*/
94  /** Returns the details of a user's database.
95   * $dbn is the name of the database (after the _) or nothing for the database "$user"
96   * @return array returns an associative array as follow :
97   *  "db" => Name of the database
98   *  "bck" => Current bckup mode
99   *  "dir" => Backup directory
100   *  "size" => Size of the database (in bytes)
101   *  "pass" => Password of the user
102   *  "history" => Number of backup we keep
103   *  "gzip" => Does we compress the dumps ?
104   *  Returns FALSE if the user has no database of if the database does not exist.
105   */
106  function get_mysql_details($dbn) {
107    global $db,$err,$bro,$mem,$cuid;
108    $root="/var/alternc/html/".substr($mem->user["login"],0,1)."/".$mem->user["login"];
109    $err->log("mysql","get_mysql_details");
110    $dbname=$mem->user["login"].($dbn?"_":"").$dbn;
111    $size=$this->get_db_size($dbname);
112    $db->query("SELECT login,pass,db, bck_mode, bck_gzip, bck_dir, bck_history FROM db WHERE uid='$cuid' AND db='$dbname';");
113    if (!$db->num_rows()) {
114      $err->raise("mysql",4);
115      return array("enabled"=>false);
116    }
117    $c=array();
118    $db->next_record();
119    list($dbu,$dbn)=split_mysql_database_name($db->f("db"));
120    return array("enabled"=>true,"login"=>$db->f("login"),"db"=>$db->f("db"), "name"=>$dbn,"bck"=>$db->f("bck_mode"), "dir"=>substr($db->f("bck_dir"),strlen($root)), "size"=>$size, "pass"=>$db->f("pass"), "history"=>$db->f("bck_history"), "gzip"=>$db->f("bck_gzip"));
121  }
122
123  /*---------------------------------------------------------------------------*/
124  /** Create a new database for the current user.
125   * @param $dbn string Database name ($user_$dbn is the mysql db name)
126   * @return TRUE if the database $user_$db has been successfully created, or FALSE if
127   * an error occured, such as over quota user.
128   */
129  function add_db($dbn) {
130    global $db,$err,$quota,$mem,$cuid;
131    $err->log("mysql","add_db",$dbn);
132    if (!$quota->cancreate("mysql")) {
133      $err->raise("mysql",1);
134      return false;
135    }
136    if (!ereg("^[0-9a-z]*$",$dbn)) {
137      $err->raise("mysql",2);
138      return false;
139    }
140    $dbname=$mem->user["login"].($dbn?"_":"").$dbn;
141    if (strlen($dbname) > 64) {
142      $err->raise("mysql",12);
143      return false;
144    }
145    $db->query("SELECT * FROM db WHERE db='$dbname';");
146    if ($db->num_rows()) {
147      $err->raise("mysql",3);
148      return false;
149    }
150    // find the login/pass for this user :
151    $db->query("SELECT login,pass FROM db WHERE uid='$cuid' LIMIT 0,1;");
152    if (!$db->num_rows()) {
153      $lo=$mem->user["login"];
154      $pa="";
155    } else {
156      $db->next_record();
157      $lo=addslashes($db->f("login"));
158      $pa=addslashes($db->f("pass"));
159    }
160    if ($db->query("CREATE DATABASE `$dbname`;")) {
161      // Ok, database does not exist, quota is ok and dbname is compliant. Let's proceed
162      $db->query("INSERT INTO db (uid,login,pass,db,bck_mode) VALUES ('$cuid','$lo','$pa','$dbname',0);");
163      // give everything but GRANT on db.*
164      // we assume there's already a user
165      $db->query("GRANT ALL PRIVILEGES ON `".$dbname."`.* TO '".$lo."'@'$this->client'");
166      return true;
167    } else {
168      $err->raise("mysql",3);
169      return false;
170    }
171  }
172
173  /*---------------------------------------------------------------------------*/
174  /** Delete a database for the current user.
175   * @param $dbn string Name of the database to delete. The db name is $user_$dbn
176   * @return TRUE if the database $user_$db has been successfully deleted, or FALSE if
177   *  an error occured, such as db does not exist.
178   */
179  function del_db($dbn) {
180    global $db,$err,$mem,$cuid;
181    $err->log("mysql","del_db",$dbn);
182
183    $dbname=addslashes($mem->user["login"].($dbn?"_":"").$dbn);
184    $db->query("SELECT login FROM db WHERE db='$dbname';");
185    if (!$db->num_rows()) {
186      $err->raise("mysql",4);
187      return false;
188    }
189    $db->next_record();
190    $login=$db->f("login");
191
192    // Ok, database exists and dbname is compliant. Let's proceed
193    $db->query("DELETE FROM db WHERE uid='$cuid' AND db='$dbname';");
194    $db->query("DROP DATABASE `$dbname`;");
195    $db->query("SELECT COUNT(*) AS cnt FROM db WHERE uid='$cuid';");
196    $db->next_record();
197    $db->query("REVOKE ALL PRIVILEGES ON `".$dbname."`.* FROM '".$login."'@'$this->client'");
198    if ($db->f("cnt")==0) {
199      $db->query("DELETE FROM mysql.user WHERE User='".$login."';");
200      $db->query("FLUSH PRIVILEGES;");
201    }
202    return true;
203  }
204 
205  /*---------------------------------------------------------------------------*/
206  /** Set the backup parameters for the database $db
207   * @param $db string database name
208   * @param $bck_mode integer Backup mode (0 = none 1 = daily 2 = weekly)
209   * @param $bck_history integer How many backup should we keep ?
210   * @param $bck_gzip boolean shall we compress the backup ?
211   * @param $bck_dir string Directory relative to the user account where the backup will be stored
212   * @return boolean true if the backup parameters has been successfully changed, false if not.
213   */
214  function put_mysql_backup($dbn,$bck_mode,$bck_history,$bck_gzip,$bck_dir) {
215    global $db,$err,$mem,$bro,$cuid;
216    $err->log("mysql","put_mysql_backup");
217    if (!ereg("^[0-9a-z]*$",$dbn)) {
218      $err->raise("mysql",2);
219      return false;
220    }
221    $dbname=$mem->user["login"].($dbn?"_":"").$dbn;
222    $db->query("SELECT * FROM db WHERE uid='$cuid' AND db='$dbname';");
223    if (!$db->num_rows()) {
224      $err->raise("mysql",4);
225      return false;
226    }
227    $db->next_record();
228    $bck_mode=intval($bck_mode);
229    $bck_history=intval($bck_history);
230    if ($bck_gzip)
231      $bck_gzip="1";
232    else
233      $bck_gzip="0";
234    if (!$bck_mode)
235      $bck_mode="0";
236    if (!$bck_history) {
237      $err->raise("mysql",5);
238      return false;
239    }
240    if (($bck_dir=$bro->convertabsolute($bck_dir,0))===false) { // return a full path or FALSE
241      $err->raise("mysql",6);
242      return false;
243    }
244    $db->query("UPDATE db SET bck_mode='$bck_mode', bck_history='$bck_history', bck_gzip='$bck_gzip', bck_dir='$bck_dir' WHERE uid='$cuid' AND db='$dbname';");
245    return true;
246  }
247
248  /*---------------------------------------------------------------------------*/
249  /** Change the password of the user in MySQL
250   * @param $password string new password (cleartext)
251   * @return boolean TRUE if the password has been successfully changed, FALSE else.
252   */
253  function put_mysql_details($password) {
254    global $db,$err,$mem,$cuid,$admin;
255    $err->log("mysql","put_mysql_details");
256    $db->query("SELECT * FROM db WHERE uid='$cuid';");
257    if (!$db->num_rows()) {
258      $err->raise("mysql",7);
259      return false;
260    }
261    $db->next_record();
262    $login=$db->f("login");
263
264    if (strlen($password)>16) {
265      $err->raise("mysql",8);
266      return false;
267    }
268
269    // Check this password against the password policy using common API :
270    if (is_callable(array($admin,"checkPolicy"))) {
271      if (!$admin->checkPolicy("mysql",$login,$password)) {
272        return false; // The error has been raised by checkPolicy()
273      }
274    }
275
276    // Update all the "pass" fields for this user :
277    $db->query("UPDATE db SET pass='$password' WHERE uid='$cuid';");
278    $db->query("SET PASSWORD FOR '$login'@'$this->client' = PASSWORD('$password')");
279    return true;
280  }
281
282  /* ----------------------------------------------------------------- */
283  /** Create a new mysql account for this user
284   * @param string cleartext password for the new account
285   * It also create the first database.
286   */
287  function new_mysql($password) {
288    global $db,$err,$mem,$cuid,$admin;
289    $err->log("mysql","new_mysql");
290    if (strlen($password)>16) {
291      $err->raise("mysql",8);
292      return false;
293    }
294    $db->query("SELECT * FROM db WHERE uid='$cuid';");
295    if ($db->num_rows()) {
296      $err->raise("mysql",10);
297      return false;
298    }
299    $login=$mem->user["login"];
300    $dbname=$mem->user["login"];
301
302    // Check this password against the password policy using common API :
303    if (is_callable(array($admin,"checkPolicy"))) {
304      if (!$admin->checkPolicy("mysql",$login,$password)) {
305        return false; // The error has been raised by checkPolicy()
306      }
307    }   
308
309    // OK, creation now...
310    $db->query("INSERT INTO db (uid,login,pass,db) VALUES ('$cuid','".$login."','$password','".$dbname."');");
311    // give everything but GRANT on $user.*
312    $db->query("GRANT ALL PRIVILEGES ON `".$dbname."`.* TO '".$login."'@'$this->client' IDENTIFIED BY '".$password."'");
313    $db->query("CREATE DATABASE `".$dbname."`;");
314    return true;
315  }
316
317
318  /* ----------------------------------------------------------------- */
319  /** Restore a sql backup script on a user's database.
320   */
321  function restore($file,$stdout,$id) { 
322    global $err,$bro,$mem,$L_MYSQL_HOST;
323    if (!$r=$this->get_mysql_details($id)) { 
324      return false; 
325    } 
326    if (!($fi=$bro->convertabsolute($file,0))) {
327      $err->raise("mysql",9);
328      return false; 
329    }
330    if (substr($fi,-3)==".gz") {
331      $exe="/bin/gzip -d -c <".escapeshellarg($fi)." | /usr/bin/mysql -h".escapeshellarg($L_MYSQL_HOST)." -u".escapeshellarg($r["login"])." -p".escapeshellarg($r["pass"])." ".escapeshellarg($r["db"]); 
332    } elseif (substr($fi,-4)==".bz2") { 
333      $exe="/usr/bin/bunzip2 -d -c <".escapeshellarg($fi)." | /usr/bin/mysql -h".escapeshellarg($L_MYSQL_HOST)." -u".escapeshellarg($r["login"])." -p".escapeshellarg($r["pass"])." ".escapeshellarg($r["db"]); 
334    } else { 
335      $exe="/usr/bin/mysql -h".escapeshellarg($L_MYSQL_HOST)." -u".escapeshellarg($r["login"])." -p".escapeshellarg($r["pass"])." ".escapeshellarg($r["db"])." <".escapeshellarg($fi); 
336    }
337    $exe .= " 2>&1";
338   
339    echo "<code><pre>" ;
340    if ($stdout) {
341      passthru($exe,$ret);
342    } else {
343      exec ($exe,$ret);
344    }
345    echo "</pre></code>" ;
346    if ($ret != 0) {
347      return false ;
348    } else {
349      return true ;
350    }
351  }
352 
353  /* ----------------------------------------------------------------- */
354  /** Get size of a database
355   * @param $dbname name of the database
356   * @return integer database size
357   * @access private
358   */
359 function get_db_size($dbname) {
360   global $db,$err;
361
362   $db->query("SHOW TABLE STATUS FROM `$dbname`;");
363   $size = 0;
364   while ($db->next_record()) {
365     $size += $db->f('Data_length') + $db->f('Index_length')
366              + $db->f('Data_free');
367   }
368   return $size;
369 }
370 
371  /* ----------------------------------------------------------------- */
372  /** Hook function called by the quota class to compute user used quota
373   * Returns the used quota for the $name service for the current user.
374   * @param $name string name of the quota
375   * @return integer the number of service used or false if an error occured
376   * @access private
377   */
378  function alternc_get_quota($name) {
379    global $err,$db,$cuid;
380    if ($name=="mysql") {
381      $err->log("mysql","alternc_get_quota");
382      $c=$this->get_dblist();
383      if (is_array($c)) {
384        return count($c);
385      } else {
386        return 0;
387      }
388    } elseif ($name=="mysql_users") {
389      $err->log("mysql","alternc_get_quota");
390      $c=$this->get_userslist();
391      if(is_array($c))
392        return count($c);
393      else
394        return 0;
395    } else return false;
396  }
397
398
399  /* ----------------------------------------------------------------- */
400  /** Hook function called when a user is deleted.
401   * AlternC's standard function that delete a member
402   */
403  function alternc_del_member() {
404    global $db,$err,$cuid;
405    $err->log("mysql","alternc_del_member");
406    $c=$this->get_dblist();
407    if (is_array($c)) {
408      for($i=0;$i<count($c);$i++) {
409        $this->del_db($c[$i]["name"]);
410      }
411    }
412    return true;
413  }
414
415  /* ----------------------------------------------------------------- */
416  /** Hook function called when a user is logged out.
417   * We just remove the cookie created in admin/sql_admin.php
418   */
419  function alternc_del_session() {
420      setcookie("REMOTE_USER","");
421      setcookie("REMOTE_PASSWORD","");
422  }
423
424  /* ----------------------------------------------------------------- */
425  /**
426   * Exporte toutes les informations mysql du compte.
427   * @access private
428   * EXPERIMENTAL 'sid' function ;)
429   */
430  function alternc_export($tmpdir) {
431    global $db,$err,$cuid;
432    $err->log("mysql","export");
433    $db->query("SELECT login, pass, db, bck_mode, bck_dir, bck_history, bck_gzip FROM db WHERE uid='$cuid';");
434    if ($db->next_record()) {
435      $str="<mysql>\n";
436      $str.="  <login>".xml_entities($db->Record["login"])."</login>";
437      $str.="  <pass>".xml_entities($db->Record["pass"])."</pass>";
438      do {
439        // Do the dump :
440        $filename=$tmpdir."/mysql.".$db->Record["db"].".sql.gz";
441        exec("/usr/bin/mysqldump --add-drop-table --allow-keywords -Q -f -q -a -e -u".escapeshellarg($db->Record["login"])." -p".escapeshellarg($db->Record["pass"])." ".escapeshellarg($db->Record["db"])." |/bin/gzip >".escapeshellarg($filename));
442        $str.="  <db>\n";
443        $str.="    <name>".xml_entities($db->Record["db"])."</name>\n";
444        if ($s["bck_mode"]!=0) {
445          $str.="    <backup>\n";
446          $str.="      <mode>".xml_entities($db->Record["bck_mode"])."</mode>\n";
447          $str.="      <dir>".xml_entities($db->Record["bck_dir"])."</dir>\n";
448          $str.="      <history>".xml_entities($db->Record["bck_history"])."</history>\n";
449          $str.="      <gzip>".xml_entities($db->Record["bck_gzip"])."</gzip>\n";
450          $str.="    </backup>\n";
451        }
452        $str.="  </db>\n";
453      } while ($db->next_record());
454      $str.="</mysql>\n";
455    }
456    return $str;
457  }
458
459  function get_userslist() {
460    global $db,$err,$bro,$cuid;
461    $err->log("mysql","get_userslist");
462    $db->query("SELECT name FROM dbusers WHERE uid='$cuid';");
463    if (!$db->num_rows()) {
464      $err->raise("mysql",19);
465      return false;
466    }
467    $c=array();
468    while ($db->next_record()) {
469      $c[]=array("name"=>substr($db->f("name"),strpos($db->f("name"),"_")+1));
470    }
471
472    return $c;
473  }
474
475
476  /* ------------------------------------------------------------ */
477  /**
478   * Create a new user in MySQL rights tables
479   * @param $usern the username (we will add _[alternc-account] to it)
480   * @param $password The password for this username
481   * @param $passconf The password confirmation
482   * @return TRUE if the user has been created in MySQL or FALSE if an error occurred
483   **/
484  function add_user($usern,$password,$passconf) {
485    global $db,$err,$quota,$mem,$cuid,$admin;
486    $err->log("mysql","add_user",$usern);
487   
488    $user=addslashes($mem->user["login"]."_$usern");
489    $pass=addslashes($password);
490       
491    if (!$quota->cancreate("mysql_users")) {
492      $err->raise("mysql",13);
493      return false;
494    }
495    if (!ereg("^[0-9a-z]",$usern)) {
496      $err->raise("mysql",14);
497      return false;
498    }
499   
500    if (strlen($usern) > 16 || strlen($usern) == 0 ) {
501      $err->raise("mysql",15);
502      return false;
503    }
504    $db->query("SELECT * FROM dbusers WHERE name='$user';");
505    if ($db->num_rows()) {
506      $err->raise("mysql",16);
507      return false;
508    }
509    if ($password != $passconf || !$password) {
510      $err->raise("mysql",17);
511      return false;
512    }
513
514    // Check this password against the password policy using common API :
515    if (is_callable(array($admin,"checkPolicy"))) {
516      if (!$admin->checkPolicy("mysql",$user,$password)) {
517        return false; // The error has been raised by checkPolicy()
518      }
519    }
520
521    // We create the user account (the "file" right is the only one we need globally to be able to use load data into outfile)
522    $db->query("GRANT file ON *.* TO '$user'@'$this->client' IDENTIFIED BY '$pass';");
523    // We add him to the user table
524    $db->query("INSERT INTO dbusers (uid,name) VALUES($cuid,'$user');");
525    return true;
526  }
527
528
529
530  /* ------------------------------------------------------------ */
531  /**
532   * Delete a new user in MySQL rights tables
533   * @param $user the username (we will add _[alternc-account] to it) to delete
534   * @return TRUE if the user has been deleted in MySQL or FALSE if an error occurred
535   **/
536  function del_user($user) {
537    global $db,$err,$mem,$cuid,$L_MYSQL_DATABASE;
538    $err->log("mysql","del_user",$user);
539    if (!ereg("^[0-9a-z]",$user)) {
540      $err->raise("mysql",14);
541      return false;
542    }
543    $db->query("SELECT name FROM dbusers WHERE name='".$mem->user["login"]."_$user';");
544    if (!$db->num_rows()) {
545      $err->raise("mysql",18);
546      return false;
547    }
548    $db->next_record();
549    $login=$db->f("name");
550
551    // Ok, database exists and dbname is compliant. Let's proceed
552    $db->query("REVOKE ALL PRIVILEGES ON *.* FROM '".$mem->user["login"]."_$user'@'$this->client';");
553    $db->query("DELETE FROM mysql.db WHERE User='".$mem->user["login"]."_$user' AND Host='$this->client';");
554    $db->query("DELETE FROM mysql.user WHERE User='".$mem->user["login"]."_$user' AND Host='$this->client';");
555    $db->query("FLUSH PRIVILEGES");
556    $db->query("DELETE FROM dbusers WHERE uid='$cuid' AND name='".$mem->user["login"]."_$user';");
557    return true;
558  }
559
560
561  /* ------------------------------------------------------------ */
562  /**
563   * Return the list of the database rights of user $user
564   * @param $user the username
565   * @return array An array of database name and rights
566   **/
567  function get_user_dblist($user) {
568    global $db,$err,$mem,$cuid,$L_MYSQL_DATABASE;
569    $err->log("mysql","get_user_dblist");
570
571    $r=array();
572    $dblist=$this->get_dblist();
573
574    for ( $i=0 ; $i<count($dblist) ; $i++ ) {
575      $db->query("SELECT Db, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, References_priv, Index_priv, Alter_priv, Create_tmp_table_priv, Lock_tables_priv FROM mysql.db WHERE User='".$mem->user["login"].($user?"_":"").$user."' AND Host='$this->client' AND Db='".$dblist[$i]["db"]."';");
576      if ($db->next_record())
577        $r[]=array("db"=>$dblist[$i]["name"], "select"=>$db->f("Select_priv"), "insert"=>$db->f("Insert_priv"), "update"=>$db->f("Update_priv"), "delete"=>$db->f("Delete_priv"), "create"=>$db->f("Create_priv"), "drop"=>$db->f("Drop_priv"), "references"=>$db->f("References_priv"), "index"=>$db->f("Index_priv"), "alter"=>$db->f("Alter_priv"), "create_tmp"=>$db->f("Create_tmp_table_priv"), "lock"=>$db->f("Lock_tables_priv"));
578      else
579        $r[]=array("db"=>$dblist[$i]["name"], "select"=>"N", "insert"=>"N", "update"=>"N", "delete"=>"N", "create"=>"N", "drop"=>"N", "references"=>"N", "index"=>"N", "alter"=>"N", "Create_tmp"=>"N", "lock"=>"N" );
580    }
581
582    return $r;
583  }
584
585
586
587  /* ------------------------------------------------------------ */
588  /**
589   * Set the access rights of user $user to database $dbn to be rights $rights
590   * @param $user the username to give rights to
591   * @param $dbn The database to give rights to
592   * @param $rights The rights as an array of MySQL keywords (insert, select ...)
593   * @return boolean TRUE if the rights has been applied or FALSE if an error occurred
594   *
595   **/
596  function set_user_rights($user,$dbn,$rights) {
597    global $mem, $db;
598
599    $usern=addslashes($mem->user["login"].($user?"_":"").$user);
600    $dbname=addslashes($mem->user["login"].($dbn?"_":"").$dbn);
601    // On génère les droits en fonction du tableau de droits
602    for( $i=0 ; $i<count($rights) ; $i++ ) {
603      switch ($rights[$i]) {
604        case "select":
605          $strrights.="SELECT,";
606          break;
607        case "insert":
608          $strrights.="INSERT,";
609          break;
610        case "update":
611          $strrights.="UPDATE,";
612          break;
613        case "delete":
614          $strrights.="DELETE,";
615          break;
616        case "create":
617          $strrights.="CREATE,";
618          break;
619        case "drop":
620          $strrights.="DROP,";
621          break;
622        case "references":
623          $strrights.="REFERENCES,";
624          break;
625        case "index":
626          $strrights.="INDEX,";
627          break;
628        case "alter":
629          $strrights.="ALTER,";
630          break;
631        case "create_tmp":
632          $strrights.="CREATE TEMPORARY TABLES,";
633          break;
634        case "lock":
635          $strrights.="LOCK TABLES,";
636          break;
637      }
638    }
639
640    // We reset all user rights on this DB :
641    $db->query("SELECT * FROM mysql.db WHERE User = '$usern' AND Db = '$dbname';");
642    if($db->num_rows())
643      $db->query("REVOKE ALL PRIVILEGES ON $dbname.* FROM '$usern'@'$this->client';");
644    if( $strrights ){
645      $strrights=substr($strrights,0,strlen($strrights)-1);
646      $db->query("GRANT $strrights ON $dbname.* TO '$usern'@'$this->client';");     
647    }
648    $db->query("FLUSH PRIVILEGES");
649    return TRUE;
650  }
651
652
653
654} /* Class m_mysql */
655
656?>
Note: See TracBrowser for help on using the repository browser.