danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow users to delete their databases

Browse Source
This commit is contained in:
Daniel Winzen
2019-02-21 21:50:23 +01:00
parent c4cf9e7145
commit f8b3748668
2 changed files with 45 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
var/www/common.php
View File

@ -516,6 +516,20 @@ function add_user_db(PDO $db, int $user_id) : ?string {
return $mysql_db; return $mysql_db;
} }
function del_user_db(PDO $db, int $user_id, string $mysql_db) {
$stmt = $db->prepare('SELECT mysql_user FROM users WHERE id = ?;');
$stmt->execute([$user_id]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt = $db->prepare('SELECT null FROM mysql_databases WHERE user_id = ? AND mysql_database = ?;');
$stmt->execute([$user_id, $mysql_db]);
if($stmt->fetch()){
$db->exec('REVOKE ALL PRIVILEGES ON `'.preg_replace('/[^a-z0-9]/i', '', $mysql_db)."`.* FROM '".preg_replace('/[^a-z0-9]/i', '', $user['mysql_user'])."'@'%';");
$db->exec('DROP DATABASE IF EXISTS `'.preg_replace('/[^a-z0-9]/i', '', $mysql_db).'`;');
$stmt = $db->prepare('DELETE FROM mysql_databases WHERE user_id = ? AND mysql_database = ?;');
$stmt->execute([$user_id, $mysql_db]);
}
}
function check_csrf_error(){ function check_csrf_error(){
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] !== $_SESSION['csrf_token']){ if(empty($_POST['csrf_token']) || $_POST['csrf_token'] !== $_SESSION['csrf_token']){
return 'Invalid CSRF token, please try again.'; return 'Invalid CSRF token, please try again.';

33
var/www/html/home.php
View File

@ -13,6 +13,31 @@ if(isset($_POST['action']) && $_POST['action']==='add_db'){
} }
add_user_db($db, $user['id']); add_user_db($db, $user['id']);
} }
if(isset($_POST['action']) && $_POST['action']==='del_db' && !empty($_POST['db'])){
if($error=check_csrf_error()){
die($error);
} ?>
<!DOCTYPE html><html><head>
<title>Daniel's Hosting - Delete database</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="author" content="Daniel Winzen">
<meta name="viewport" content="width=device-width, initial-scale=1">
</head><body>
<p>This will delete your database <?php echo htmlspecialchars($_POST['db']); ?> and all data asociated with it. It can't be un-done. Are you sure?</p>
<form method="post" action="home.php"><input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
<input type="hidden" name="db" value="<?php echo htmlspecialchars($_POST['db']); ?>">
<button type="submit" name="action" value="del_db_2">Yes, delete</button>
</form>
<p><a href="home.php">No, don't delete.</a></p>
</body></html><?php
exit;
}
if(isset($_POST['action']) && $_POST['action']==='del_db_2' && !empty($_POST['db'])){
if($error=check_csrf_error()){
die($error);
}
del_user_db($db, $user['id'], $_POST['db']);
}
if(isset($_REQUEST['action']) && isset($_REQUEST['onion']) && $_REQUEST['action']==='edit'){ if(isset($_REQUEST['action']) && isset($_REQUEST['onion']) && $_REQUEST['action']==='edit'){
if($error=check_csrf_error()){ if($error=check_csrf_error()){
die($error); die($error);
@ -82,13 +107,17 @@ while($onion=$stmt->fetch(PDO::FETCH_ASSOC)){
echo '</table>'; echo '</table>';
echo '<h3>MySQL Database</h3>'; echo '<h3>MySQL Database</h3>';
echo '<table border="1">'; echo '<table border="1">';
echo '<tr><th>Database</th><th>Host</th><th>User</th></tr>'; echo '<tr><th>Database</th><th>Host</th><th>User</th><th>Action</th></tr>';
$stmt=$db->prepare('SELECT mysql_database FROM mysql_databases WHERE user_id = ?;'); $stmt=$db->prepare('SELECT mysql_database FROM mysql_databases WHERE user_id = ?;');
$stmt->execute([$user['id']]); $stmt->execute([$user['id']]);
$count_dbs = 0; $count_dbs = 0;
while($mysql=$stmt->fetch(PDO::FETCH_ASSOC)){ while($mysql=$stmt->fetch(PDO::FETCH_ASSOC)){
++$count_dbs; ++$count_dbs;
echo "<tr><td>$mysql[mysql_database]</td><td>localhost</td><td>$user[mysql_user]</td></tr>"; echo '<form action="home.php" method="post">';
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">';
echo '<input type="hidden" name="db" value="'.$mysql['mysql_database'].'">';
echo "<tr><td>$mysql[mysql_database]</td><td>localhost</td><td>$user[mysql_user]</td><td><button type=\"submit\" name=\"action\" value=\"del_db\">Delete</button></td></tr>";
echo '</form>';
} }
echo '</table>'; echo '</table>';
if($count_dbs<MAX_NUM_USER_DBS){ if($count_dbs<MAX_NUM_USER_DBS){