diff --git a/var/www/common.php b/var/www/common.php
index 42dbd6c..242b2bf 100644
--- a/var/www/common.php
+++ b/var/www/common.php
@@ -516,6 +516,20 @@ function add_user_db(PDO $db, int $user_id) : ?string {
return $mysql_db;
}
+function del_user_db(PDO $db, int $user_id, string $mysql_db) {
+ $stmt = $db->prepare('SELECT mysql_user FROM users WHERE id = ?;');
+ $stmt->execute([$user_id]);
+ $user = $stmt->fetch(PDO::FETCH_ASSOC);
+ $stmt = $db->prepare('SELECT null FROM mysql_databases WHERE user_id = ? AND mysql_database = ?;');
+ $stmt->execute([$user_id, $mysql_db]);
+ if($stmt->fetch()){
+ $db->exec('REVOKE ALL PRIVILEGES ON `'.preg_replace('/[^a-z0-9]/i', '', $mysql_db)."`.* FROM '".preg_replace('/[^a-z0-9]/i', '', $user['mysql_user'])."'@'%';");
+ $db->exec('DROP DATABASE IF EXISTS `'.preg_replace('/[^a-z0-9]/i', '', $mysql_db).'`;');
+ $stmt = $db->prepare('DELETE FROM mysql_databases WHERE user_id = ? AND mysql_database = ?;');
+ $stmt->execute([$user_id, $mysql_db]);
+ }
+}
+
function check_csrf_error(){
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] !== $_SESSION['csrf_token']){
return 'Invalid CSRF token, please try again.';
diff --git a/var/www/html/home.php b/var/www/html/home.php
index 75dab22..1d19e0d 100644
--- a/var/www/html/home.php
+++ b/var/www/html/home.php
@@ -13,6 +13,31 @@ if(isset($_POST['action']) && $_POST['action']==='add_db'){
}
add_user_db($db, $user['id']);
}
+if(isset($_POST['action']) && $_POST['action']==='del_db' && !empty($_POST['db'])){
+ if($error=check_csrf_error()){
+ die($error);
+ } ?>
+
+Daniel's Hosting - Delete database
+
+
+
+
+This will delete your database and all data asociated with it. It can't be un-done. Are you sure?
+
+No, don't delete.
+fetch(PDO::FETCH_ASSOC)){
echo '';
echo 'MySQL Database
';
echo '';
-echo '| Database | Host | User |
|---|
';
+echo '| Database | Host | User | Action |
|---|
';
$stmt=$db->prepare('SELECT mysql_database FROM mysql_databases WHERE user_id = ?;');
$stmt->execute([$user['id']]);
$count_dbs = 0;
while($mysql=$stmt->fetch(PDO::FETCH_ASSOC)){
++$count_dbs;
- echo "| $mysql[mysql_database] | localhost | $user[mysql_user] |
";
+ echo '';
}
echo '
';
if($count_dbs