177 { |
177 { |
178 static $conn = false; |
178 static $conn = false; |
179 if ( $act_get ) |
179 if ( $act_get ) |
180 return $conn; |
180 return $conn; |
181 |
181 |
182 $db_user = mysql_real_escape_string($_POST['db_user']); |
182 $db_user =& $_POST['db_user']; |
183 $db_pass = mysql_real_escape_string($_POST['db_pass']); |
183 $db_pass =& $_POST['db_pass']; |
184 $db_name = mysql_real_escape_string($_POST['db_name']); |
184 $db_name =& $_POST['db_name']; |
185 |
185 |
186 if ( !preg_match('/^[a-z0-9_]+$/', $db_name) ) |
186 if ( !preg_match('/^[a-z0-9_-]+$/', $db_name) ) |
187 die("<p>SECURITY: malformed database name</p>"); |
187 { |
|
188 $db_name = htmlspecialchars($db_name); |
|
189 die("<p>SECURITY: malformed database name \"$db_name\"</p>"); |
|
190 } |
188 |
191 |
189 // First, try to connect using the normal credentials |
192 // First, try to connect using the normal credentials |
190 $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']); |
193 $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']); |
191 if ( !$conn ) |
194 if ( !$conn ) |
192 { |
195 { |
197 if ( !$conn_root ) |
200 if ( !$conn_root ) |
198 { |
201 { |
199 // Couldn't connect using either set of credentials. Bail out. |
202 // Couldn't connect using either set of credentials. Bail out. |
200 return false; |
203 return false; |
201 } |
204 } |
|
205 unset($db_user, $db_pass); |
|
206 $db_user = mysql_real_escape_string($_POST['db_user']); |
|
207 $db_pass = mysql_real_escape_string($_POST['db_pass']); |
202 // Create the user account |
208 // Create the user account |
203 $q = @mysql_query("GRANT ALL PRIVILEGES ON test.* TO '{$db_user}'@'localhost' IDENTIFIED BY '$db_pass' WITH GRANT OPTION;", $conn_root); |
209 $q = @mysql_query("GRANT ALL PRIVILEGES ON test.* TO '{$db_user}'@'localhost' IDENTIFIED BY '$db_pass' WITH GRANT OPTION;", $conn_root); |
204 if ( !$q ) |
210 if ( !$q ) |
205 { |
211 { |
206 return false; |
212 return false; |
225 if ( !$q ) |
231 if ( !$q ) |
226 { |
232 { |
227 return false; |
233 return false; |
228 } |
234 } |
229 } |
235 } |
230 } |
236 mysql_close($conn_root); |
231 } |
237 $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']); |
232 $q = @mysql_query("USE $db_name;", $conn); |
238 if ( !$conn ) |
|
239 { |
|
240 // This should honestly never happen. |
|
241 return false; |
|
242 } |
|
243 } |
|
244 } |
|
245 $q = @mysql_query("USE `$db_name`;", $conn); |
233 if ( !$q ) |
246 if ( !$q ) |
234 { |
247 { |
235 // access denied to the database; try the whole root schenanegan again |
248 // access denied to the database; try the whole root schenanegan again |
236 if ( !empty($_POST['db_root_user']) && !empty($_POST['db_root_pass']) ) |
249 if ( !empty($_POST['db_root_user']) && !empty($_POST['db_root_pass']) ) |
237 { |
250 { |
240 { |
253 { |
241 // Couldn't connect as root; bail out |
254 // Couldn't connect as root; bail out |
242 return false; |
255 return false; |
243 } |
256 } |
244 // create the database, if it doesn't exist |
257 // create the database, if it doesn't exist |
245 $q = @mysql_query("CREATE DATABASE IF NOT EXISTS $db_name;", $conn_root); |
258 $q = @mysql_query("CREATE DATABASE IF NOT EXISTS `$db_name`;", $conn_root); |
246 if ( !$q ) |
259 if ( !$q ) |
247 { |
260 { |
248 // this really should never fail, so don't give any tolerance to it |
261 // this really should never fail, so don't give any tolerance to it |
249 return false; |
262 return false; |
250 } |
263 } |
|
264 unset($db_user, $db_pass); |
|
265 $db_user = mysql_real_escape_string($_POST['db_user']); |
|
266 $db_pass = mysql_real_escape_string($_POST['db_pass']); |
251 // we're in with root rights; grant access to the database |
267 // we're in with root rights; grant access to the database |
252 $q = @mysql_query("GRANT ALL PRIVILEGES ON $db_name.* TO '{$db_user}'@'localhost';", $conn_root); |
268 $q = @mysql_query("GRANT ALL PRIVILEGES ON `$db_name`.* TO '{$db_user}'@'localhost';", $conn_root); |
253 if ( !$q ) |
269 if ( !$q ) |
254 { |
270 { |
255 return false; |
271 return false; |
256 } |
272 } |
257 if ( $_POST['db_host'] != 'localhost' && $_POST['db_host'] != '127.0.0.1' && $_POST['db_host'] != '::1' ) |
273 if ( $_POST['db_host'] != 'localhost' && $_POST['db_host'] != '127.0.0.1' && $_POST['db_host'] != '::1' ) |
258 { |
274 { |
259 $q = @mysql_query("GRANT ALL PRIVILEGES ON $db_name.* TO '{$db_user}'@'%';", $conn_root); |
275 $q = @mysql_query("GRANT ALL PRIVILEGES ON `$db_name`.* TO '{$db_user}'@'%';", $conn_root); |
260 if ( !$q ) |
276 if ( !$q ) |
261 { |
277 { |
262 return false; |
278 return false; |
263 } |
279 } |
264 } |
280 } |
|
281 mysql_close($conn_root); |
|
282 // grant tables have hopefully been flushed, kill and reconnect our regular user connection |
|
283 mysql_close($conn); |
|
284 $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']); |
|
285 if ( !$conn ) |
|
286 { |
|
287 return false; |
|
288 } |
265 } |
289 } |
266 else |
290 else |
267 { |
291 { |
268 return false; |
292 return false; |
269 } |
293 } |
270 // try again |
294 // try again |
271 $q = @mysql_query("USE $db_name;", $conn); |
295 $q = @mysql_query("USE `$db_name`;", $conn); |
272 if ( !$q ) |
296 if ( !$q ) |
273 { |
297 { |
274 // really failed this time; bail out |
298 // really failed this time; bail out |
275 return false; |
299 return false; |
276 } |
300 } |