* Erlaube Beschreibung zu Datenbanken und Benutzern * Prüfe bei Benutzernamen auf <= 16 Zeichen (fbbc80e)

* Erlaube Beschreibung zu Datenbanken und Benutzern * Prüfe bei Benutzernamen auf <= 16 Zeichen

bernd commited on 2009-03-19 08:17:07
Zeige 2 geänderte Dateien mit 33 Einfügungen und 24 Löschungen.

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1309 87cf0b9e-d624-0410-a070-f6ee81989793

modules/mysql/databases.php 3abbbf9..926ae1e
modules/mysql/include/mysql.php 00b7e0c..836010b

modules/mysql/databases.php

Zeige Datei @ fbbc80e

@@ -80,6 +80,7 @@ if (isset($_POST['accesseditor']))
     {
       $_POST['access'][$_POST['new_db']] = array();
       foreach ($users as $user)
+        $user = $user['username'];
         if (in_array($user, $_POST['access']['new']))
           array_push($_POST['access'][$_POST['new_db']], $user);
       if (($_POST['new_user'] != '') and (in_array('new', $_POST['access']['new'])))
@@ -92,6 +93,7 @@ if (isset($_POST['accesseditor']))
   {
     create_mysql_account($_POST['new_user']);
     foreach ($dbs as $db)
+      $db = $db['name'];
       if (isset($_POST['access'][$db]) and (in_array('new', $_POST['access'][$db])))
         array_push($_POST['access'][$db], $_POST['new_user']);
   }
@@ -103,11 +105,17 @@ if (isset($_POST['accesseditor']))
   }
 
   foreach ($dbs as $db)
+  {
+    $db = $db['name'];
     foreach ($users as $user)
+    {
+      $user = $user['username'];
       if (! isset($_POST['access'][$db]))
         set_mysql_access($db, $user, false);
       else
         set_mysql_access($db, $user, in_array($user, $_POST['access'][$db]));
+    }
+  }
   $mysql_access = NULL;
 }
 
@@ -125,7 +133,10 @@ if ($output_something)
   <tr><th style="background-color: #729bb3; color: #fff;padding: 0.2em; text-align: left;">Datenbanken</th>';
 
   foreach ($users as $user)
-    $form .= "<th>{$user}<br />".internal_link("", "<img src=\"{$prefix}images/delete.png\" title=\"Benutzer »{$user}« löschen\" alt=\"löschen\" />", "action=delete_user&user={$user}")."</th>";
+  {
+    $desc = ($user['description'] ? $user['description'] : '');
+    $form .= "<th><span title=\"{$desc}\">{$user['username']}</span><br />".internal_link("", "<img src=\"{$prefix}images/delete.png\" title=\"Benutzer »{$user['username']}« löschen\" alt=\"löschen\" />", "action=delete_user&user={$user['username']}")."</th>";
+  }
   $form .= '<th><input type="text" name="new_user" size="10" value="" /></th></tr>
 ';
 
@@ -133,9 +144,10 @@ if ($output_something)
 
   foreach($dbs as $db)
   {
-    $form .= "<tr><td style=\"border: 0px; font-weight: bold; text-align: right;\">{$db}&#160;".internal_link("", "<img src=\"{$prefix}images/delete.png\" title=\"Datenbank »{$db}« löschen\" alt=\"löschen\" />", "action=delete_db&db={$db}")."</td>";
+    $desc = ($db['description'] ? $db['description'] : '');
+    $form .= "<tr><td style=\"border: 0px; font-weight: bold; text-align: right;\"><span title=\"{$desc}\">{$db['name']}</span>&#160;".internal_link("", "<img src=\"{$prefix}images/delete.png\" title=\"Datenbank »{$db['name']}« löschen\" alt=\"löschen\" />", "action=delete_db&db={$db['name']}")."</td>";
     foreach ($users as $user)
-      $form .= '<td style="text-align: center;"><input type="checkbox" id="'.$db.'_'.$user.'" name="access['.$db.'][]" value="'.$user.'" '.(get_mysql_access($db, $user) ? 'checked="checked" ' : '')." /></td>";
+      $form .= '<td style="text-align: center;"><input type="checkbox" id="'.$db.'_'.$user.'" name="access['.$db.'][]" value="'.$user.'" '.(get_mysql_access($db['name'], $user['username']) ? 'checked="checked" ' : '')." /></td>";
     $form .= "</tr>\n";
   }
 
@@ -157,7 +169,7 @@ if ($output_something)
   $my_users = array();
   foreach ($users as $u)
   {
-    $my_users[$u] = $u;
+    $my_users[$u['username']] = $u['username'];
   }
   $form = '<div>
   <label for="mysql_username">Benutzername:</label>&#160;'.html_select('mysql_username', $my_users).'

modules/mysql/include/mysql.php

Zeige Datei @ fbbc80e

@@ -3,13 +3,13 @@
 function get_mysql_accounts($UID)
 {
   $UID = (int) $UID;
-  $result = db_query("SELECT username FROM misc.mysql_accounts WHERE useraccount=$UID");
+  $result = db_query("SELECT username, description FROM misc.mysql_accounts WHERE useraccount=$UID");
   if (mysql_num_rows($result) == 0)
     return array();
   $list = array();
-  while ($item = mysql_fetch_object($result))
+  while ($item = mysql_fetch_assoc($result))
   {
-    array_push($list, $item->username);
+    $list[] = $item;
   }
   return $list;
 }
@@ -17,13 +17,13 @@ function get_mysql_accounts($UID)
 function get_mysql_databases($UID)
 {
   $UID = (int) $UID;
-  $result = db_query("SELECT name FROM misc.mysql_database WHERE useraccount=$UID");
+  $result = db_query("SELECT name, description FROM misc.mysql_database WHERE useraccount=$UID");
   if (mysql_num_rows($result) == 0)
     return array();
   $list = array();
-  while ($item = mysql_fetch_object($result))
+  while ($item = mysql_fetch_assoc($result))
   {
-    array_push($list, $item->name);
+    $list[] = $item;
   }
   return $list;
 }
@@ -70,22 +70,19 @@ function set_mysql_access($db, $account, $status)
 }
 
 
-function create_mysql_account($username)
+function create_mysql_account($username, $description = '')
 {
-  if (! validate_mysql_dbname($username))
+  if (! validate_mysql_username($username))
   {
     logger("modules/mysql/include/mysql", "mysql", "illegal username »{$username}«");
     input_error("Der eingegebene Benutzername entspricht leider nicht der Konvention. Bitte tragen Sie einen passenden Namen ein.");
     return NULL;
   }
-  if (strlen($username) > 16)
-  {
-    warning('Der eingegebene MySQL-Benutzername wurde abgeschnitten. Systemseitig begrenzt MySQL einen Benutzernamen auf 16 Zeichen.');
-  }
   $uid = $_SESSION['userinfo']['uid'];
   $username = mysql_real_escape_string($username);
+  $description = maybe_null($description);
   logger("modules/mysql/include/mysql", "mysql", "creating user »{$username}«");
-  db_query("INSERT INTO misc.mysql_accounts (username, password, useraccount) VALUES ('$username', '!', $uid);");
+  db_query("INSERT INTO misc.mysql_accounts (username, password, useraccount, description) VALUES ('$username', '!', $uid, $description);");
 }
 
 
@@ -98,7 +95,7 @@ function delete_mysql_account($username)
 }
 
 
-function create_mysql_database($dbname)
+function create_mysql_database($dbname, $description = '')
 {
   if (! validate_mysql_dbname($dbname))
   {
@@ -108,8 +105,9 @@ function create_mysql_database($dbname)
   }
   $dbname = mysql_real_escape_string($dbname);
   $uid = $_SESSION['userinfo']['uid'];
+  $description = maybe_null($description);
   logger("modules/mysql/include/mysql", "mysql", "creating database »{$dbname}«");
-  db_query("INSERT INTO misc.mysql_database (name, useraccount) VALUES ('$dbname', $uid);");
+  db_query("INSERT INTO misc.mysql_database (name, useraccount, description) VALUES ('$dbname', $uid, $description);");
 }
 
 
@@ -122,17 +120,16 @@ function delete_mysql_database($dbname)
 }
 
 
-function validate_mysql_username($username)
+function validate_mysql_dbname($dbname)
 {
   $sys_username = $_SESSION['userinfo']['username'];
-  return preg_match("/^{$sys_username}(_[a-zA-Z0-9_-]+)?$/", $username);
+  return preg_match("/^{$sys_username}(_[a-zA-Z0-9_-]+)?$/", $dbname);
 }
 
 
-function validate_mysql_dbname($dbname)
+function validate_mysql_username($username)
 {
-  // Funktioniert! ;-)
-  return validate_mysql_username($dbname);
+  return validate_mysql_dbname($username) && (count($username) <= 16);
 }
 
 


...	...	@@ -80,6 +80,7 @@ if (isset($_POST['accesseditor']))
80	80	{
81	81	$_POST['access'][$_POST['new_db']] = array();
82	82	foreach ($users as $user)
	83	+ $user = $user['username'];
83	84	if (in_array($user, $_POST['access']['new']))
84	85	array_push($_POST['access'][$_POST['new_db']], $user);
85	86	if (($_POST['new_user'] != '') and (in_array('new', $_POST['access']['new'])))
...	...	@@ -92,6 +93,7 @@ if (isset($_POST['accesseditor']))
92	93	{
93	94	create_mysql_account($_POST['new_user']);
94	95	foreach ($dbs as $db)
	96	+ $db = $db['name'];
95	97	if (isset($_POST['access'][$db]) and (in_array('new', $_POST['access'][$db])))
96	98	array_push($_POST['access'][$db], $_POST['new_user']);
97	99	}
...	...	@@ -103,11 +105,17 @@ if (isset($_POST['accesseditor']))
103	105	}
104	106
105	107	foreach ($dbs as $db)
	108	+ {
	109	+ $db = $db['name'];
106	110	foreach ($users as $user)
	111	+ {
	112	+ $user = $user['username'];
107	113	if (! isset($_POST['access'][$db]))
108	114	set_mysql_access($db, $user, false);
109	115	else
110	116	set_mysql_access($db, $user, in_array($user, $_POST['access'][$db]));
	117	+ }
	118	+ }
111	119	$mysql_access = NULL;
112	120	}
113	121
...	...	@@ -125,7 +133,10 @@ if ($output_something)
125	133	<tr><th style="background-color: #729bb3; color: #fff;padding: 0.2em; text-align: left;">Datenbanken</th>';
126	134
127	135	foreach ($users as $user)
128		- $form .= "<th>{$user}<br />".internal_link("", "<img src=\"{$prefix}images/delete.png\" title=\"Benutzer »{$user}« löschen\" alt=\"löschen\" />", "action=delete_user&user={$user}")."</th>";
	136	+ {
	137	+ $desc = ($user['description'] ? $user['description'] : '');
	138	+ $form .= "<th><span title=\"{$desc}\">{$user['username']}</span><br />".internal_link("", "<img src=\"{$prefix}images/delete.png\" title=\"Benutzer »{$user['username']}« löschen\" alt=\"löschen\" />", "action=delete_user&user={$user['username']}")."</th>";
	139	+ }
129	140	$form .= '<th><input type="text" name="new_user" size="10" value="" /></th></tr>
130	141	';
131	142
...	...	@@ -133,9 +144,10 @@ if ($output_something)
133	144
134	145	foreach($dbs as $db)
135	146	{
136		- $form .= "<tr><td style=\"border: 0px; font-weight: bold; text-align: right;\">{$db} ".internal_link("", "<img src=\"{$prefix}images/delete.png\" title=\"Datenbank »{$db}« löschen\" alt=\"löschen\" />", "action=delete_db&db={$db}")."</td>";
	147	+ $desc = ($db['description'] ? $db['description'] : '');
	148	+ $form .= "<tr><td style=\"border: 0px; font-weight: bold; text-align: right;\"><span title=\"{$desc}\">{$db['name']}</span> ".internal_link("", "<img src=\"{$prefix}images/delete.png\" title=\"Datenbank »{$db['name']}« löschen\" alt=\"löschen\" />", "action=delete_db&db={$db['name']}")."</td>";
137	149	foreach ($users as $user)
138		- $form .= '<td style="text-align: center;"><input type="checkbox" id="'.$db.'_'.$user.'" name="access['.$db.'][]" value="'.$user.'" '.(get_mysql_access($db, $user) ? 'checked="checked" ' : '')." /></td>";
	150	+ $form .= '<td style="text-align: center;"><input type="checkbox" id="'.$db.'_'.$user.'" name="access['.$db.'][]" value="'.$user.'" '.(get_mysql_access($db['name'], $user['username']) ? 'checked="checked" ' : '')." /></td>";
139	151	$form .= "</tr>\n";
140	152	}
141	153
...	...	@@ -157,7 +169,7 @@ if ($output_something)
157	169	$my_users = array();
158	170	foreach ($users as $u)
159	171	{
160		- $my_users[$u] = $u;
	172	+ $my_users[$u['username']] = $u['username'];
161	173	}
162	174	$form = '<div>
163	175	<label for="mysql_username">Benutzername:</label> '.html_select('mysql_username', $my_users).'

...	...	@@ -3,13 +3,13 @@
3	3	function get_mysql_accounts($UID)
4	4	{
5	5	$UID = (int) $UID;
6		- $result = db_query("SELECT username FROM misc.mysql_accounts WHERE useraccount=$UID");
	6	+ $result = db_query("SELECT username, description FROM misc.mysql_accounts WHERE useraccount=$UID");
7	7	if (mysql_num_rows($result) == 0)
8	8	return array();
9	9	$list = array();
10		- while ($item = mysql_fetch_object($result))
	10	+ while ($item = mysql_fetch_assoc($result))
11	11	{
12		- array_push($list, $item->username);
	12	+ $list[] = $item;
13	13	}
14	14	return $list;
15	15	}
...	...	@@ -17,13 +17,13 @@ function get_mysql_accounts($UID)
17	17	function get_mysql_databases($UID)
18	18	{
19	19	$UID = (int) $UID;
20		- $result = db_query("SELECT name FROM misc.mysql_database WHERE useraccount=$UID");
	20	+ $result = db_query("SELECT name, description FROM misc.mysql_database WHERE useraccount=$UID");
21	21	if (mysql_num_rows($result) == 0)
22	22	return array();
23	23	$list = array();
24		- while ($item = mysql_fetch_object($result))
	24	+ while ($item = mysql_fetch_assoc($result))
25	25	{
26		- array_push($list, $item->name);
	26	+ $list[] = $item;
27	27	}
28	28	return $list;
29	29	}
...	...	@@ -70,22 +70,19 @@ function set_mysql_access($db, $account, $status)
70	70	}
71	71
72	72
73		-function create_mysql_account($username)
	73	+function create_mysql_account($username, $description = '')
74	74	{
75		- if (! validate_mysql_dbname($username))
	75	+ if (! validate_mysql_username($username))
76	76	{
77	77	logger("modules/mysql/include/mysql", "mysql", "illegal username »{$username}«");
78	78	input_error("Der eingegebene Benutzername entspricht leider nicht der Konvention. Bitte tragen Sie einen passenden Namen ein.");
79	79	return NULL;
80	80	}
81		- if (strlen($username) > 16)
82		- {
83		- warning('Der eingegebene MySQL-Benutzername wurde abgeschnitten. Systemseitig begrenzt MySQL einen Benutzernamen auf 16 Zeichen.');
84		- }
85	81	$uid = $_SESSION['userinfo']['uid'];
86	82	$username = mysql_real_escape_string($username);
	83	+ $description = maybe_null($description);
87	84	logger("modules/mysql/include/mysql", "mysql", "creating user »{$username}«");
88		- db_query("INSERT INTO misc.mysql_accounts (username, password, useraccount) VALUES ('$username', '!', $uid);");
	85	+ db_query("INSERT INTO misc.mysql_accounts (username, password, useraccount, description) VALUES ('$username', '!', $uid, $description);");
89	86	}
90	87
91	88
...	...	@@ -98,7 +95,7 @@ function delete_mysql_account($username)
98	95	}
99	96
100	97
101		-function create_mysql_database($dbname)
	98	+function create_mysql_database($dbname, $description = '')
102	99	{
103	100	if (! validate_mysql_dbname($dbname))
104	101	{
...	...	@@ -108,8 +105,9 @@ function create_mysql_database($dbname)
108	105	}
109	106	$dbname = mysql_real_escape_string($dbname);
110	107	$uid = $_SESSION['userinfo']['uid'];
	108	+ $description = maybe_null($description);
111	109	logger("modules/mysql/include/mysql", "mysql", "creating database »{$dbname}«");
112		- db_query("INSERT INTO misc.mysql_database (name, useraccount) VALUES ('$dbname', $uid);");
	110	+ db_query("INSERT INTO misc.mysql_database (name, useraccount, description) VALUES ('$dbname', $uid, $description);");
113	111	}
114	112
115	113
...	...	@@ -122,17 +120,16 @@ function delete_mysql_database($dbname)
122	120	}
123	121
124	122
125		-function validate_mysql_username($username)
	123	+function validate_mysql_dbname($dbname)
126	124	{
127	125	$sys_username = $_SESSION['userinfo']['username'];
128		- return preg_match("/^{$sys_username}(_[a-zA-Z0-9_-]+)?$/", $username);
	126	+ return preg_match("/^{$sys_username}(_[a-zA-Z0-9_-]+)?$/", $dbname);
129	127	}
130	128
131	129
132		-function validate_mysql_dbname($dbname)
	130	+function validate_mysql_username($username)
133	131	{
134		- // Funktioniert! ;-)
135		- return validate_mysql_username($dbname);
	132	+ return validate_mysql_dbname($username) && (count($username) <= 16);
136	133	}
137	134
138	135
139	136

webinterface.git