webinterface.git

@@ -243,7 +243,7 @@ function generate_form_token($form_id)

 function check_form_token($form_id, $formtoken = NULL)

 {

   if ($formtoken == NULL)

-    $formtoken = $_POST['formtoken'];

+    $formtoken = $_REQUEST['formtoken'];

   $sessid = session_id();

   if ($sessid == "") 

   {

@@ -1,230 +0,0 @@

-<?php

-/*

-This file belongs to the Webinterface of schokokeks.org Hosting

-

-Written 2008-2013 by schokokeks.org Hosting, namely

-  Bernd Wurst <bernd@schokokeks.org>

-  Hanno Böck <hanno@schokokeks.org>

-

-To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.

-

-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 

-http://creativecommons.org/publicdomain/zero/1.0/

-

-Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.

-*/

-

-require_once('session/start.php');

-require_once('inc/icons.php');

-require_role(array(ROLE_SYSTEMUSER));

-

-global $prefix;

-

-require_once('mysql.php');

-

-$output_something = true;

-

-

-if (isset($_GET['action']))

-  switch ($_GET['action'])

-  {

-    case 'delete_db':

-      if (! has_mysql_database($_GET['db']))

-        system_failure('Ungültige Datenbank');

-      $sure = user_is_sure();

-      if ($sure === NULL)

-      {

-        are_you_sure("action=delete_db&db={$_GET['db']}", "Möchten Sie die Datenbank »{$_GET['db']}« wirklich löschen?");

-        $output_something = false;

-      }

-      elseif ($sure === true)

-      {

-        delete_mysql_database($_GET['db']);

-        header("Location: ?");

-        $output_something = false;

-      }

-      elseif ($sure === false)

-      {

-        header("Location: ?");

-        $output_something = false;

-      }

-      break;

-    case 'delete_user':

-      if (! has_mysql_user($_GET['user']))

-        system_failure('Ungültiger Benutzer');

-      $sure = user_is_sure();

-      if ($sure === NULL)

-      {

-        are_you_sure("action=delete_user&user={$_GET['user']}", "Möchten Sie den Benutzer »{$_GET['user']}« wirklich löschen?");

-        $output_something = false;

-      }

-      elseif ($sure === true)

-      {

-        delete_mysql_account($_GET['user']);

-        header("Location: ?");

-        $output_something = false;

-      }

-      elseif ($sure === false)

-      {

-        header("Location: ?");

-        $output_something = false;

-      }

-      break;

-    case 'change_pw':

-      check_form_token('mysql_databases');

-      set_mysql_password($_POST['mysql_username'], $_POST['mysql_password']);

-      header("Location: ?");

-      $output_something = false;

-      break;

-    default:

-      system_failure("Diese Funktion scheint noch nicht eingebaut zu sein!");

-  }

-

-

-$dbs = get_mysql_databases($_SESSION['userinfo']['uid']);

-$users = get_mysql_accounts($_SESSION['userinfo']['uid']);

-

-if (isset($_POST['accesseditor']))

-{

-  check_form_token('mysql_databases');

-  /* Eine neue Datenbank */

-  if ($_POST['new_db'] != '')

-  {

-    create_mysql_database($_POST['new_db']);

-    if (isset($_POST['access']['new']))

-    {

-      $_POST['access'][$_POST['new_db']] = array();

-      foreach ($users as $user) {

-        $user = $user['username'];

-        if (in_array($user, $_POST['access']['new'])) {

-          array_push($_POST['access'][$_POST['new_db']], $user);

-        }

-      }

-      if (($_POST['new_user'] != '') and (in_array('new', $_POST['access']['new'])))

-        array_push($_POST['access'][$_POST['new_db']], $_POST['new_user']);

-    }

-  }

-

-  /* Ein neuer Account soll angelegt werden */

-  if ($_POST['new_user'] != '')

-  {

-    create_mysql_account($_POST['new_user']);

-    foreach ($dbs as $db) {

-      $db = $db['name'];

-      if (isset($_POST['access'][$db]) and (in_array('new', $_POST['access'][$db]))) {

-        array_push($_POST['access'][$db], $_POST['new_user']);

-      }

-    }

-  }

-  

-  if (($_POST['new_user'] != '') or ($_POST['new_db'] != ''))

-  {

-    $dbs = get_mysql_databases($_SESSION['userinfo']['uid']);

-    $users = get_mysql_accounts($_SESSION['userinfo']['uid']);

-  }

-

-  foreach ($dbs as $db)

-  {

-    $db = $db['name'];

-    foreach ($users as $user)

-    {

-      $user = $user['username'];

-      if (! isset($_POST['access'][$db]))

-        set_mysql_access($db, $user, false);

-      else

-        set_mysql_access($db, $user, in_array($user, $_POST['access'][$db]));

-    }

-  }

-  $mysql_access = NULL;

-}

-

-if ($output_something)

-{

-  title("MySQL-Datenbanken");

-  output('<p>Hier können Sie Ihre MySQL-Datenbanken verwalten. Die Einstellungen werden mit einer leichten Verzögerung (maximal 5 Minuten) in das System übertragen. Bitte beachten Sie, dass neue Zugänge also nicht umgehend funktionieren.</p>

-  <p><strong>Hinweis:</strong> In dieser Matrix sehen Sie links die Datenbanken und oben die Benutzer, die Sie eingerichtet haben.

-  In die leeren Eingabefelder können Sie den Namen eines neuen Benutzers bzw. einer neuen Datenbank eintragen. Sofern Sie noch keine Datenbank(en) oder Benutzer eingerichtet haben, erscheinen nur die Eingabefelder. Vergessen Sie nicht, nach der Erstellung eines neuen Benutzerkontos dem betreffenden Benutzer ein Passwort zu setzen (s. unten auf dieser Seite). Der Name von Datenbanken und Datenbank-Benutzern muss mit dem Namen des System-Benutzeraccounts übereinstimmen oder mit diesem und einem nachfolgenden Unterstrich beginnen. Z.B. kann der System-Benutzer <em>bernd</em> die MySQL-Accounts <em>bernd</em> und <em>bernd_2</em> erzeugen. Aufgrund einer Beschränkung des MySQL-Servers dürfen Benutzernamen allerdings zur Zeit nur 16 Zeichen lang sein.</p>');

-

-  $form = '

-  <table>

-  <tr><th>&#160;</th><th style="background-color: #729bb3; color: #fff;padding: 0.2em;" colspan="'.(count($users)+1).'">Benutzerkonten</th></tr>

-  <tr><th style="background-color: #729bb3; color: #fff;padding: 0.2em; text-align: left;">Datenbanken</th>';

-

-  foreach ($users as $user)

-  {

-    $username = $user["username"];

-    //$username = str_replace('_', '_ ', $user['username']);

-    $desc = ($user['description'] ? $user['description'].' (Erstellt: '.$user['created'].')' : 'Erstellt: '.$user['created']);

-    $form .= "<th><span title=\"{$desc}\">{$username}</span><br />".internal_link("", icon_delete("Benutzer »{$user['username']}« löschen"), "action=delete_user&user={$user['username']}")."</th>";

-  }

-  $form .= '<th><input type="text" name="new_user" size="10" value="" /><br />'.icon_add().'</th></tr>

-';

-

-  array_push($users, array('username' => "new", 'description' => NULL));

-

-  $servers = servers_for_databases();

-

-  foreach($dbs as $db)

-  {

-    $phpmyadmin = "https://mysql.{$servers[$db['name']]}/";

-    $desc = ($db['description'] ? $db['description'].' (Erstellt: '.$db['created'].')' : 'Erstellt: '.$db['created']);

-    $form .= "<tr><td style=\"border: 0px; font-weight: bold; text-align: right;\"><span title=\"{$desc}\">{$db['name']}</span>&#160;".internal_link("", icon_delete("Datenbank »{$db['name']}« löschen"), "action=delete_db&db={$db['name']}")."&#160;<a href=\"".$phpmyadmin."\">".other_icon("database_go.png", "Datenbank-Verwaltung über phpMyAdmin")."</a></td>";

-    foreach ($users as $user)

-      $form .= '<td style="text-align: center;"><input type="checkbox" id="'.$db['name'].'_'.$user['username'].'" name="access['.$db['name'].'][]" value="'.$user['username'].'" '.(get_mysql_access($db['name'], $user['username']) ? 'checked="checked" ' : '')." /></td>";

-    $form .= "</tr>\n";

-  }

-

-  $form .= '

-  <tr><td style="border: 0px; font-weight: bold; text-align: right;"><input type="text" name="new_db" size="15" value="" />'.icon_add().'</td>';

-  foreach ($users as $user)

-    $form .= '<td style="text-align: center;"><input type="checkbox" id="new_'.$user['username'].'" name="access[new][]" value="'.$user['username'].'" /></td>';

-  $form .= '</tr>

-  </table>

-  <p><input type="submit" name="accesseditor" value="Speichern" /></p>';

-

-  

-  output(html_form('mysql_databases', 'databases', '', $form));

-

-  $myservers = array();

-  foreach ($servers as $s) {

-    if (! in_array($s, $myservers)) {

-      $myservers[] = $s;

-    }

-  }

-

-  output("<h4>Verwaltung der Datenbanken (phpMyAdmin)</h4>

-  <p><img src=\"{$prefix}images/phpmyadmin.png\" style=\"width: 120px; height: 70px; float: right;\" />Zur Verwaltung der Datenbank-Inhalte stellen wir Ihnen eine stets aktualisierte Version von phpMyAdmin zur Verfügung.</p>");

-  if (count($myservers) == 1) {

-    output("<p><strong><a href=\"https://mysql.{$myservers[0]}/\">phpMyAdmin aufrufen</a></strong></p>");

-  }

-  else {

-    output("<p><em>Ihre Datenbanken befinden sich auf unterschiedlichen Servern, daher müssen Sie die jeweils passende Adresse für phpMyAdmin benutzen. Klicken Sie auf das Symbol ".other_icon("database_go.png", "Datenbank-Verwaltung über phpMyAdmin")." oben neben der jeweiligen Datenbank.</em></p>");

-  }

-

-

-  $users = get_mysql_accounts($_SESSION['userinfo']['uid']);

-

-

-

-  $my_users = array();

-  foreach ($users as $u)

-  {

-    $my_users[$u['username']] = $u['username'];

-  }

-  $form = '<div>

-  <label for="mysql_username">Benutzername:</label>&#160;'.html_select('mysql_username', $my_users).'

-     

-  <label for="password">Passwort:</label>&#160;<input type="password" name="mysql_password" id="password" />

-  &#160;&#160;<input type="submit" value="Setzen" />

-</div>';

-

-

-  output('<h4>Passwort ändern</h4>

-  <p>Hier können Sie das Passwort eines MySQL-Benutzeraccounts ändern bzw. neu setzen</p>

-

-  '.html_form('mysql_databases', 'databases', 'action=change_pw', $form).'<br />');

-

-}

-

-

-?>

@@ -0,0 +1,58 @@

+<?php

+/*

+This file belongs to the Webinterface of schokokeks.org Hosting

+

+Written 2008-2013 by schokokeks.org Hosting, namely

+  Bernd Wurst <bernd@schokokeks.org>

+  Hanno Böck <hanno@schokokeks.org>

+

+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.

+

+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 

+http://creativecommons.org/publicdomain/zero/1.0/

+

+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.

+*/

+

+require_once('session/start.php');

+require_once('inc/icons.php');

+require_role(array(ROLE_SYSTEMUSER));

+

+global $prefix;

+

+require_once('mysql.php');

+

+$dbs = get_mysql_databases($_SESSION['userinfo']['uid']);

+$users = get_mysql_accounts($_SESSION['userinfo']['uid']);

+$username = $_SESSION['userinfo']['username'];

+

+$section = 'mysql_overview';

+title('Beschreibung ändern');

+

+if (isset($_GET['db'])) {

+  $thisdb = NULL;

+  foreach ($dbs as $db) {

+    if ($db['name'] == $_GET['db']) {

+      $thisdb = $db;

+    }

+  }

+  $form = '<p>Ändern Sie hier die Beschreibung der Datenbank <strong>'.$thisdb['name'].'</strong>.</p>';

+  $form .= '<p><input type="text" name="description" value="'.$thisdb['description'].'" /></p>

+<p><input type="submit" value="Speichern" /></p>';

+  output(html_form('mysql_description', 'save', "action=description&db={$thisdb['name']}", $form));

+}

+if (isset($_GET['username'])) {

+  $thisuser = NULL;

+  foreach ($users as $user) {

+    if ($user['username'] == $_GET['username']) {

+      $thisuser = $user;

+    }

+  }

+  $form = '<p>Ändern Sie hier die Beschreibung der Datenbank <strong>'.$thisuser['username'].'</strong>.</p>';

+  $form .= '<p><input type="text" name="description" value="'.$thisuser['description'].'" /></p>

+<p><input type="submit" value="Speichern" /></p>';

+  output(html_form('mysql_description', 'save', "action=description&username={$thisuser['username']}", $form));

+}

+

+

+

@@ -17,7 +17,7 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r

 function get_mysql_accounts($UID)

 {

   $UID = (int) $UID;

-  $result = db_query("SELECT username, description, created FROM misc.mysql_accounts WHERE useraccount=$UID ORDER BY username");

+  $result = db_query("SELECT id, username, description, created FROM misc.mysql_accounts WHERE useraccount=$UID ORDER BY username");

   if (mysql_num_rows($result) == 0)

     return array();

   $list = array();

@@ -42,6 +42,37 @@ function get_mysql_databases($UID)

   return $list;

 }

+function set_database_description($dbname, $description) 

+{

+  $dbs = get_mysql_databases($_SESSION['userinfo']['uid']);

+  $thisdb = NULL;

+  foreach ($dbs as $db) {

+    if ($db['name'] == $dbname) {

+      $thisdb = $db;

+    }

+  }

+  if ($thisdb == NULL) {

+    system_failure('Ungültige Datenbank');

+  }

+  $description = maybe_null(filter_input_general($description));

+  db_query("UPDATE misc.mysql_database SET description={$description} WHERE id={$thisdb['id']}");

+}

+

+function set_dbuser_description($username, $description) 

+{

+  $users = get_mysql_accounts($_SESSION['userinfo']['uid']);

+  $thisuser = NULL;

+  foreach ($users as $user) {

+    if ($user['username'] == $username) {

+      $thisuser = $user;

+    }

+  }

+  if ($thisuser == NULL) {

+    system_failure('Ungültiger Benutzer');

+  }

+  $description = maybe_null(filter_input_general($description));

+  db_query("UPDATE misc.mysql_accounts SET description={$description} WHERE id={$thisuser['id']}");

+}

 function servers_for_databases()

 {

@@ -136,7 +167,7 @@ function delete_mysql_account($username)

 }

-function create_mysql_database($dbname, $description = '')

+function create_mysql_database($dbname, $description = '', $server = NULL)

 {

   if (! validate_mysql_dbname($dbname))

   {

@@ -147,8 +178,12 @@ function create_mysql_database($dbname, $description = '')

   $dbname = mysql_real_escape_string($dbname);

   $uid = $_SESSION['userinfo']['uid'];

   $description = maybe_null($description); 

+  $server = (int) $server;

+  if (! in_array($server, additional_servers()) || ($server == my_server_id())) {

+    $server = 'NULL';

+  }

   logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "creating database »{$dbname}«");

-  db_query("INSERT INTO misc.mysql_database (name, useraccount, description) VALUES ('$dbname', $uid, $description);");

+  db_query("INSERT INTO misc.mysql_database (name, useraccount, server, description) VALUES ('$dbname', $uid, $server, $description);");

 }

@@ -18,7 +18,7 @@ $role = $_SESSION['role'];

 if ($role & ROLE_SYSTEMUSER)

 {

-  $menu["mysql_databases"] = array("label" => "MySQL-Datenbank", "file" => "databases", "weight" => 20);

+  $menu["mysql_overview"] = array("label" => "MySQL-Datenbank", "file" => "overview", "weight" => 20);

 }

 ?>

@@ -0,0 +1,78 @@

+<?php

+/*

+This file belongs to the Webinterface of schokokeks.org Hosting

+

+Written 2008-2013 by schokokeks.org Hosting, namely

+  Bernd Wurst <bernd@schokokeks.org>

+  Hanno Böck <hanno@schokokeks.org>

+

+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.

+

+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 

+http://creativecommons.org/publicdomain/zero/1.0/

+

+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.

+*/

+

+require_once('session/start.php');

+require_once('inc/icons.php');

+require_role(array(ROLE_SYSTEMUSER));

+

+global $prefix;

+

+require_once('mysql.php');

+

+$dbs = get_mysql_databases($_SESSION['userinfo']['uid']);

+$users = get_mysql_accounts($_SESSION['userinfo']['uid']);

+$username = $_SESSION['userinfo']['username'];

+

+$section = 'mysql_overview';

+title('Neue MySQL-Datenbank');

+

+$dbnames = array();

+foreach ($dbs as $db) {

+  $dbnames[] = $db['name'];

+}

+

+$suggestion = $username.'_1';

+$count = 2;

+while (in_array($suggestion, $dbnames)) {

+  $suggestion = $username.'_'.$count;

+  $count++;

+}

+

+$form = '<h4>Name der neuen Datenbank</h4>

+<input type="text" name="newdb" value="'.$suggestion.'" />

+<p>Bitte nur Kleinbuchstaben, Zahlen und Unterstrich verwenden. Der Datenbankname muss mit dem Benutzernamen beginnen.</p>

+<p><label for="description">Optionale Beschreibung dieser Datenbank:</label> <input type="text" name="description" id="description" /></p>

+';

+if (count(additional_servers()) > 0) {

+  $form .= '<h4>Server</h4>';

+  $form .= '<p>Auf welchem Server soll diese Datenbank eingerichtet werden?</p>';

+  $available_servers = additional_servers();

+  $available_servers[] = my_server_id();

+  $available_servers = array_unique($available_servers);

+  

+  $selectable_servers = array();

+  $all_servers = server_names();

+  foreach ($all_servers as $id => $fqdn) {

+    if (in_array($id, $available_servers)) {

+      $selectable_servers[$id] = $fqdn;

+    }

+  }

+  $form .= html_select('server', $selectable_servers, my_server_id());

+  $form .= '<p>Alle Benutzer die auf diese Datenbank zugreifen dürfen, werden automatisch auf dem passenden Server eingerichtet</p>';

+}

+if (count($users) > 0) {

+  $form .= '<h4>Berechtigungen</h4>';

+  $form .= '<p>Welche der bisher vorhandenen Datenbank-Benutzer dürfen auf diese Datenbank zugreifen?</p>';

+  foreach ($users as $user) {

+    $form .= '<p><input type="checkbox" id="access_'.$user['username'].'" name="access[]" value="'.$user['username'].'" /> <label for="access_'.$user['username'].'">'.$user['username'].'</label></p>';

+  }

+}

+ 

+$form .= '<p><input type="submit" name="submit" value="Speichern"/><p>';

+

+

+output(html_form('mysql_newdb', 'save', 'action=newdb', $form));

+

@@ -0,0 +1,94 @@

+<?php

+/*

+This file belongs to the Webinterface of schokokeks.org Hosting

+

+Written 2008-2013 by schokokeks.org Hosting, namely

+  Bernd Wurst <bernd@schokokeks.org>

+  Hanno Böck <hanno@schokokeks.org>

+

+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.

+

+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 

+http://creativecommons.org/publicdomain/zero/1.0/

+

+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.

+*/

+

+require_once('session/start.php');

+require_once('inc/icons.php');

+require_role(array(ROLE_SYSTEMUSER));

+

+global $prefix;

+

+require_once('mysql.php');

+

+$dbs = get_mysql_databases($_SESSION['userinfo']['uid']);

+$users = get_mysql_accounts($_SESSION['userinfo']['uid']);

+$username = $_SESSION['userinfo']['username'];

+

+$section = 'mysql_overview';

+title('Neuer MySQL-Benutzer');

+

+

+html_header('

+<script type="text/javascript">

+

+  function makePasswd() {

+    var passwd = \'\';

+    var chars = \'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789\';

+    for (i=0; i<15; i++) {

+      var c = Math.floor(Math.random()*chars.length + 1);

+      passwd += chars.charAt(c)

+    }

+    return passwd;

+  }

+

+  function setRandomPassword() 

+  {

+    pass = makePasswd();

+    document.getElementById(\'newpass\').value = pass;

+    document.getElementById(\'newpass_display\').value = pass;

+    document.getElementById(\'newpass_display\').parentNode.style.display = \'block\';

+  }

+</script>');

+

+

+$usernames = array();

+foreach ($users as $user) {

+  $usernames[] = $user['username'];

+}

+

+$suggestion = $username;

+$count = 1;

+while (in_array($suggestion, $usernames)) {

+  $suggestion = $username.'_'.$count;

+  $count++;

+}

+

+$form = '<h4>Benutzername</h4>

+<input type="text" name="newuser" value="'.$suggestion.'" maxlength="16" />

+<p>Bitte nur Kleinbuchstaben, Zahlen und Unterstrich verwenden. Der Benutzername muss mit Ihrem System-Benutzernamen beginnen.</p>

+<p>Aufgrund einer Einschränkung des MySQL-Servers dürfen Benutzernamen nur maximal 16 Zeichen lang sein.</p>

+<p><label for="description">Optionale Beschreibung dieses Benutzers:</label> <input type="text" name="description" id="description" /></p>

+<h4>Passwort</h4>

+<input onchange="document.getElementById(\'newpass_display\').parentNode.style.display=\'none\'" type="password" name="newpass" id="newpass" value="" /> <button type="button" onclick="setRandomPassword()">Passwort erzeugen</button>

+<p style="display: none;">Automatisch erzeugtes Passwort: <input id="newpass_display" type="text" readonly="readonly" /></p>

+<h4>Berechtigungen</h4>';

+if (count($dbs) > 0) {

+  $form .= '<p>Auf welche der bisher vorhandenen Datenbanken darf dieser Benutzer zugreifen?</p>';

+  foreach ($dbs as $db) {

+    $desc = '';

+    if ($db['description']) {

+      $desc = ' - <em>'.$db['description'].'</em>';

+    }

+    $form .= '<p><input type="checkbox" id="access_'.$db['name'].'" name="access[]" value="'.$db['name'].'" /> <label for="access_'.$db['name'].'">'.$db['name'].$desc.'</label></p>';

+  }

+} else {

+  $form .= '<p><em>Bisher gibt es noch keine Datenbanken.</em></p>';

+}

+ 

+$form .= '<p><input type="submit" name="submit" value="Speichern"/><p>';

+

+

+output(html_form('mysql_newuser', 'save', 'action=newuser', $form));

+

@@ -0,0 +1,129 @@

+<?php

+/*

+This file belongs to the Webinterface of schokokeks.org Hosting

+

+Written 2008-2013 by schokokeks.org Hosting, namely

+  Bernd Wurst <bernd@schokokeks.org>

+  Hanno Böck <hanno@schokokeks.org>

+

+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.

+

+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 

+http://creativecommons.org/publicdomain/zero/1.0/

+

+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.

+*/

+

+require_once('session/start.php');

+require_once('inc/icons.php');

+require_role(array(ROLE_SYSTEMUSER));

+

+global $prefix;

+

+require_once('mysql.php');

+

+$dbs = get_mysql_databases($_SESSION['userinfo']['uid']);

+$users = get_mysql_accounts($_SESSION['userinfo']['uid']);

+

+  title("MySQL-Datenbanken");

+  output('<p>Hier können Sie den Zugriff auf Ihre MySQL-Datenbanken verwalten. Die Einstellungen werden mit einer leichten Verzögerung (maximal 5 Minuten) in das System übertragen. Bitte beachten Sie, dass neue Zugänge also nicht umgehend funktionieren.</p>

+  <p><strong>Hinweis:</strong> In dieser Matrix sehen Sie links die Datenbanken und oben die Benutzer, die Sie eingerichtet haben. In der Übersicht ist dargestellt, welcher Benutzer auf welche Datenbank Zugriff erhält. Klicken Sie auf die Symbole um die Zugriffsrechte zu ändern.</p>');

+

+  $form = '

+  <table>

+  <tr><th>&#160;</th><th style="background-color: #729bb3; color: #fff;padding: 0.2em;" colspan="'.(count($users)+1).'">Benutzerkonten</th></tr>

+  <tr><th style="background-color: #729bb3; color: #fff;padding: 0.2em; text-align: left;">Datenbanken</th>';

+

+  foreach ($users as $user)

+  {

+    $username = $user["username"];

+    //$username = str_replace('_', '_ ', $user['username']);

+    $desc = '';

+    if ($user['description']) {

+      $desc = '<br /><span style="font-weight: normal; font-size: 80%; font-style: italic;">'.$user['description'].'</span>';

+    } 

+    $form .= "<th><span title=\"Erstellt: {$user['created']}\">{$username}</span>".$desc;

+    $form .= "<br />".internal_link('description', other_icon("comment.png", 'Beschreibung ändern'), "username={$username}")."&#160;";

+    $form .= internal_link("save", icon_delete("Benutzer »{$user['username']}« löschen"), "action=delete_user&user={$user['username']}")."</th>";

+  }

+

+  $servers = servers_for_databases();

+

+  $formtoken = generate_form_token('mysql_permchange');

+

+  foreach($dbs as $db)

+  {

+    $phpmyadmin = "https://mysql.{$servers[$db['name']]}/";

+    $desc = '';

+    if ($db['description']) {

+      $desc = '<br /><span style="font-weight: normal; font-size: 80%; font-style: italic;">'.$db['description'].'</span>';

+    } 

+    $form .= "<tr><td style=\"border: 0px; font-weight: bold; text-align: right;\"><span title=\"Erstellt: {$db['created']}\">{$db['name']}</span>&#160;";

+    $form .= internal_link('description', other_icon("comment.png", 'Datenbank-Beschreibung ändern'), "db={$db['name']}")." ";

+    $form .= internal_link("save", icon_delete("Datenbank »{$db['name']}« löschen"), "action=delete_db&db={$db['name']}")." ";

+    $form .= "<a href=\"".$phpmyadmin."\">".other_icon("database_go.png", "Datenbank-Verwaltung über phpMyAdmin")."</a>";

+    $form .= "{$desc}</td>";

+    foreach ($users as $user) {

+      $form .= '<td style="text-align: center;">';

+      if (get_mysql_access($db['name'], $user['username'])) {

+        $form .= internal_link('save', icon_enabled('Zugriff erlaubt; Anklicken zum Ändern'), "action=permchange&user={$user['username']}&db={$db['name']}&access=0&formtoken={$formtoken}");

+      } else {

+        $form .= internal_link('save', icon_disabled('Zugriff verweigern; Anklicken zum Ändern'), "action=permchange&user={$user['username']}&db={$db['name']}&access=1&formtoken={$formtoken}");

+      }

+      

+    }

+    $form .= "</tr>\n";

+  }

+

+  $form .= '

+  </table>';

+

+  

+  output(html_form('mysql_databases', 'databases', '', $form));

+

+  addnew('newdb', 'Neue Datenbank');

+  addnew('newuser', 'Neuer DB-Benutzer');

+

+

+  $myservers = array();

+  foreach ($servers as $s) {

+    if (! in_array($s, $myservers)) {

+      $myservers[] = $s;

+    }

+  }

+

+  output("<h4>Verwaltung der Datenbanken (phpMyAdmin)</h4>

+  <p><img src=\"{$prefix}images/phpmyadmin.png\" style=\"width: 120px; height: 70px; float: right;\" />Zur Verwaltung der Datenbank-Inhalte stellen wir Ihnen eine stets aktualisierte Version von phpMyAdmin zur Verfügung.</p>");

+  if (count($myservers) == 1) {

+    output("<p><strong><a href=\"https://mysql.{$myservers[0]}/\">phpMyAdmin aufrufen</a></strong></p>");

+  }

+  else {

+    output("<p><em>Ihre Datenbanken befinden sich auf unterschiedlichen Servern, daher müssen Sie die jeweils passende Adresse für phpMyAdmin benutzen. Klicken Sie auf das Symbol ".other_icon("database_go.png", "Datenbank-Verwaltung über phpMyAdmin")." oben neben der jeweiligen Datenbank.</em></p>");

+  }

+

+

+  $users = get_mysql_accounts($_SESSION['userinfo']['uid']);

+

+

+

+  $my_users = array();

+  foreach ($users as $u)

+  {

+    $my_users[$u['username']] = $u['username'];

+  }

+  $form = '<div>

+  <label for="mysql_username">Benutzername:</label>&#160;'.html_select('mysql_username', $my_users).'

+     

+  <label for="password">Passwort:</label>&#160;<input type="password" name="mysql_password" id="password" />

+  &#160;&#160;<input type="submit" value="Setzen" />

+</div>';

+

+

+  output('<h4>Passwort ändern</h4>

+  <p>Hier können Sie das Passwort eines MySQL-Benutzeraccounts ändern bzw. neu setzen</p>

+

+  '.html_form('mysql_databases', 'save', 'action=change_pw', $form).'<br />');

+

+

+

+?>

@@ -0,0 +1,151 @@

+<?php

+/*

+This file belongs to the Webinterface of schokokeks.org Hosting

+

+Written 2008-2013 by schokokeks.org Hosting, namely

+  Bernd Wurst <bernd@schokokeks.org>

+  Hanno Böck <hanno@schokokeks.org>

+

+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.

+

+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 

+http://creativecommons.org/publicdomain/zero/1.0/

+

+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.

+*/

+

+require_once('session/start.php');

+require_once('inc/icons.php');

+require_role(array(ROLE_SYSTEMUSER));

+

+global $prefix;

+

+require_once('mysql.php');

+

+if (isset($_GET['action']) && $_GET['action'] == 'permchange') {

+  check_form_token('mysql_permchange');

+  set_mysql_access($_GET['db'], $_GET['user'], ($_GET['access'] == 1));

+  redirect('overview');

+}

+

+if (isset($_GET['action']) && $_GET['action'] == 'newdb') {

+  check_form_token('mysql_newdb');

+  $dbname = $_POST['newdb'];

+  $desc = $_POST['description'];

+  $server = NULL;

+  if (isset($_POST['server'])) {

+    $server = $_POST['server'];

+  }

+  create_mysql_database($dbname, $desc, $server);

+  if (isset($_POST['access'])) {

+    foreach ($_POST['access'] as $user) {

+      set_mysql_access($dbname, $user, true);

+    }

+  }

+  redirect('overview');

+}

+

+if (isset($_GET['action']) && $_GET['action'] == 'newuser') {

+  check_form_token('mysql_newuser');

+  $username = $_POST['newuser'];

+  $desc = $_POST['description'];

+  $password = $_POST['newpass'];

+  create_mysql_account($username, $desc);

+  set_mysql_password($username, $password);

+  if (isset($_POST['access'])) {

+    foreach ($_POST['access'] as $dbname) {

+      set_mysql_access($dbname, $username, true);

+    }

+  }

+  redirect('overview');

+}

+

+if (isset($_GET['action']) && $_GET['action'] == 'description') {

+  check_form_token('mysql_description');

+  if (isset($_GET['db'])) {

+    $db = $_GET['db'];

+    $description = $_POST['description'];

+    set_database_description($db, $description);

+  }

+  if (isset($_GET['username'])) {

+    $user = $_GET['username'];

+    $description = $_POST['description'];

+    set_dbuser_description($user, $description);

+  }

+  redirect('overview');

+}

+

+

+if (isset($_GET['action'])) {

+  switch ($_GET['action'])

+  {

+    case 'delete_db':

+      if (! has_mysql_database($_GET['db']))

+        system_failure('Ungültige Datenbank');

+      $sure = user_is_sure();

+      if ($sure === NULL)

+      {

+        are_you_sure("action=delete_db&db={$_GET['db']}", "Möchten Sie die Datenbank »{$_GET['db']}« wirklich löschen?");

+      }

+      elseif ($sure === true)

+      {

+        delete_mysql_database($_GET['db']);

+        redirect('overview');

+      }

+      elseif ($sure === false)

+      {

+        redirect('overview');

+      }

+      break;

+    case 'delete_user':

+      if (! has_mysql_user($_GET['user']))

+        system_failure('Ungültiger Benutzer');

+      $sure = user_is_sure();

+      if ($sure === NULL)

+      {

+        are_you_sure("action=delete_user&user={$_GET['user']}", "Möchten Sie den Benutzer »{$_GET['user']}« wirklich löschen?");

+      }

+      elseif ($sure === true)

+      {

+        delete_mysql_account($_GET['user']);

+        redirect('overview');

+      }

+      elseif ($sure === false)

+      {

+        redirect('overview');

+      }

+      break;

+    case 'change_pw':

+      check_form_token('mysql_databases');

+      set_mysql_password($_POST['mysql_username'], $_POST['mysql_password']);

+      redirect('overview');

+      break;

+    default:

+      system_failure("Diese Funktion scheint noch nicht eingebaut zu sein!");

+  }

+}

+

+$dbs = get_mysql_databases($_SESSION['userinfo']['uid']);

+$users = get_mysql_accounts($_SESSION['userinfo']['uid']);

+

+if (isset($_POST['accesseditor']))

+{

+  check_form_token('mysql_databases');

+  

+  foreach ($dbs as $db)

+  {

+    $db = $db['name'];

+    foreach ($users as $user)

+    {

+      $user = $user['username'];

+      if (! isset($_POST['access'][$db]))

+        set_mysql_access($db, $user, false);

+      else

+        set_mysql_access($db, $user, in_array($user, $_POST['access'][$db]));

+    }

+  }

+  $mysql_access = NULL;

+}

+

+

+?>

@@ -17,7 +17,7 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r

 if ($_SESSION['role'] & ROLE_SYSTEMUSER) {

   $shortcuts[] = array( 'section' => 'Datenbank', 

                         'weight'  => 20, 

-                        'file'    => 'databases', 

+                        'file'    => 'overview', 

                         'icon'    => 'mysql.png', 

                         'title'   => 'MySQL-Datenbanken',

                         'alert'   => NULL );