191 |
191 |
192 $db_user =& $_POST['db_user']; |
192 $db_user =& $_POST['db_user']; |
193 $db_pass =& $_POST['db_pass']; |
193 $db_pass =& $_POST['db_pass']; |
194 $db_name =& $_POST['db_name']; |
194 $db_name =& $_POST['db_name']; |
195 |
195 |
196 if ( !preg_match('/^[a-z0-9_]+$/', $db_name) ) |
196 if ( !preg_match('/^[a-z0-9_-]+$/', $db_name) ) |
197 { |
197 { |
198 die('<pre>' . htmlspecialchars(print_r($_POST, true)) . '</pre>'); |
|
199 $db_name = htmlspecialchars($db_name); |
198 $db_name = htmlspecialchars($db_name); |
200 die("<p>SECURITY: malformed database name \"$db_name\"</p>"); |
199 die("<p>SECURITY: malformed database name \"$db_name\"</p>"); |
201 } |
200 } |
202 |
201 |
203 // First, try to connect using the normal credentials |
202 // First, try to connect using the normal credentials |
242 if ( !$q ) |
241 if ( !$q ) |
243 { |
242 { |
244 return false; |
243 return false; |
245 } |
244 } |
246 } |
245 } |
247 } |
246 mysql_close($conn_root); |
248 } |
247 $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']); |
249 $q = @mysql_query("USE $db_name;", $conn); |
248 if ( !$conn ) |
|
249 { |
|
250 // This should honestly never happen. |
|
251 return false; |
|
252 } |
|
253 } |
|
254 } |
|
255 $q = @mysql_query("USE `$db_name`;", $conn); |
250 if ( !$q ) |
256 if ( !$q ) |
251 { |
257 { |
252 // access denied to the database; try the whole root schenanegan again |
258 // access denied to the database; try the whole root schenanegan again |
253 if ( !empty($_POST['db_root_user']) && !empty($_POST['db_root_pass']) ) |
259 if ( !empty($_POST['db_root_user']) && !empty($_POST['db_root_pass']) ) |
254 { |
260 { |
257 { |
263 { |
258 // Couldn't connect as root; bail out |
264 // Couldn't connect as root; bail out |
259 return false; |
265 return false; |
260 } |
266 } |
261 // create the database, if it doesn't exist |
267 // create the database, if it doesn't exist |
262 $q = @mysql_query("CREATE DATABASE IF NOT EXISTS $db_name;", $conn_root); |
268 $q = @mysql_query("CREATE DATABASE IF NOT EXISTS `$db_name`;", $conn_root); |
263 if ( !$q ) |
269 if ( !$q ) |
264 { |
270 { |
265 // this really should never fail, so don't give any tolerance to it |
271 // this really should never fail, so don't give any tolerance to it |
266 return false; |
272 return false; |
267 } |
273 } |
268 unset($db_user, $db_pass); |
274 unset($db_user, $db_pass); |
269 $db_user = mysql_real_escape_string($_POST['db_user']); |
275 $db_user = mysql_real_escape_string($_POST['db_user']); |
270 $db_pass = mysql_real_escape_string($_POST['db_pass']); |
276 $db_pass = mysql_real_escape_string($_POST['db_pass']); |
271 // we're in with root rights; grant access to the database |
277 // we're in with root rights; grant access to the database |
272 $q = @mysql_query("GRANT ALL PRIVILEGES ON $db_name.* TO '{$db_user}'@'localhost';", $conn_root); |
278 $q = @mysql_query("GRANT ALL PRIVILEGES ON `$db_name`.* TO '{$db_user}'@'localhost';", $conn_root); |
273 if ( !$q ) |
279 if ( !$q ) |
274 { |
280 { |
275 return false; |
281 return false; |
276 } |
282 } |
277 if ( $_POST['db_host'] != 'localhost' && $_POST['db_host'] != '127.0.0.1' && $_POST['db_host'] != '::1' ) |
283 if ( $_POST['db_host'] != 'localhost' && $_POST['db_host'] != '127.0.0.1' && $_POST['db_host'] != '::1' ) |
278 { |
284 { |
279 $q = @mysql_query("GRANT ALL PRIVILEGES ON $db_name.* TO '{$db_user}'@'%';", $conn_root); |
285 $q = @mysql_query("GRANT ALL PRIVILEGES ON `$db_name`.* TO '{$db_user}'@'%';", $conn_root); |
280 if ( !$q ) |
286 if ( !$q ) |
281 { |
287 { |
282 return false; |
288 return false; |
283 } |
289 } |
284 } |
290 } |
|
291 mysql_close($conn_root); |
|
292 // grant tables have hopefully been flushed, kill and reconnect our regular user connection |
|
293 mysql_close($conn); |
|
294 $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']); |
|
295 if ( !$conn ) |
|
296 { |
|
297 return false; |
|
298 } |
285 } |
299 } |
286 else |
300 else |
287 { |
301 { |
288 return false; |
302 return false; |
289 } |
303 } |
290 // try again |
304 // try again |
291 $q = @mysql_query("USE $db_name;", $conn); |
305 $q = @mysql_query("USE `$db_name`;", $conn); |
292 if ( !$q ) |
306 if ( !$q ) |
293 { |
307 { |
294 // really failed this time; bail out |
308 // really failed this time; bail out |
295 return false; |
309 return false; |
296 } |
310 } |