yosoyhendrix
/
hestiacp
огледало од https://github.com/hestiacp/hestiacp


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100
							<?php
use function Hestiacp\quoteshellarg\quoteshellarg;

ob_start();
$TAB = 'DB';

// Main include
include($_SERVER['DOCUMENT_ROOT'].'/inc/main.php');

// Check database id
if (empty($_GET['database'])) {
    header("Location: /list/db/");
    exit;
}

// Edit as someone else?
if (($_SESSION['userContext'] === 'admin') && (!empty($_GET['user']))) {
    $user=quoteshellarg($_GET['user']);
    $user_plain=htmlentities($_GET['user']);
}

// List datbase
$v_database = $_GET['database'];
exec(HESTIA_CMD."v-list-database ".$user." ".quoteshellarg($v_database)." 'json'", $output, $return_var);
check_return_code_redirect($return_var, $output, '/list/db/');
$data = json_decode(implode('', $output), true);
unset($output);

// Parse database
$v_username = $user;
$v_dbuser =  preg_replace("/^".$user_plain."_/", "", $data[$v_database]['DBUSER']);
$v_password = "";
$v_host = $data[$v_database]['HOST'];
$v_type = $data[$v_database]['TYPE'];
$v_charset = $data[$v_database]['CHARSET'];
$v_date = $data[$v_database]['DATE'];
$v_time = $data[$v_database]['TIME'];
$v_suspended = $data[$v_database]['SUSPENDED'];
if ($v_suspended == 'yes') {
    $v_status =  'suspended';
} else {
    $v_status =  'active';
}

// Check POST request
if (!empty($_POST['save'])) {
    $v_username = $user;

    // Check token
    verify_csrf($_POST);

    // Change database user
    if (($v_dbuser != $_POST['v_dbuser']) && (empty($_SESSION['error_msg']))) {
        $cmd = implode(" ", array(
            HESTIA_CMD . "v-change-database-user",
            // $user is already shell-quoted
            $user,
            quoteshellarg($v_database),
            quoteshellarg($_POST['v_dbuser']),
        ));
        exec($cmd, $output, $return_var);

        check_return_code($return_var, $output);
        unset($output);
    }

    // Change database password
    if ((!empty($_POST['v_password'])) && (empty($_SESSION['error_msg']))) {
        if (!validate_password($_POST['v_password'])) {
            $_SESSION['error_msg'] = _('Password does not match the minimum requirements');
        } else {
            $v_password = tempnam("/tmp", "vst");
            $fp = fopen($v_password, "w");
            fwrite($fp, $_POST['v_password']."\n");
            fclose($fp);
            exec(HESTIA_CMD."v-change-database-password ".$user." ".quoteshellarg($v_database)." ".$v_password, $output, $return_var);
            check_return_code($return_var, $output);
            unset($output);
            unlink($v_password);
            $v_password = quoteshellarg($_POST['v_password']);
        }
    }

    // Set success message
    if (empty($_SESSION['error_msg'])) {
        $_SESSION['ok_msg'] = _('Changes has been saved.');
    }
    // if the mysql username was changed, render_page() below will render with the OLD mysql username,
    // to prvent that, make the browser refresh the page.
    http_response_code(303);
    header("Location: " . $_SERVER['REQUEST_URI']);
    die();
}

// Render page
render_page($user, $TAB, 'edit_db');

// Flush session messages
unset($_SESSION['error_msg']);
unset($_SESSION['ok_msg']);