can not connect to database as administrative user.
');
+ exit();
+ }
+ $query="SELECT user FROM mysql.user WHERE user='{$_POST['dbuser']}';";
+ $result = @$connection->query($query);
+ if (!$result) {
+ $entry='DB Error: "'.$connection->error.'" ';
+ $entry.='Offending command was: '.$query.' ';
+ echo($entry);
+ }
+ if($result->num_rows==0){
+ $query="CREATE USER '{$_POST['dbuser']}' IDENTIFIED BY '{$_POST['dbpassword']}';";
+ }else{
+ $query='';
+ }
+ $query.="CREATE DATABASE IF NOT EXISTS `{$_POST['dbname']}`;";
+ $query.="GRANT ALL PRIVILEGES ON `{$_POST['dbname']}` . * TO '{$_POST['dbuser']}';";
+ $result = @$connection->multi_query($query);
+ if (!$result) {
+ $entry='DB Error: "'.$connection->error.'" ';
+ $entry.='Offending command was: '.$query.' ';
+ echo($entry);
+ }
+ $connection->close();
+ }elseif($CONFIG_DBTYPE=='pgsql'){
+ $connection = pg_connect("user='$adminUser' host='$CONFIG_DBHOST' password='$adminPwd'");
+ $query="CREATE USER {$_POST['dbuser']} WITH PASSWORD '{$_POST['dbpassword']}' CREATEDB;";
+ $result = pg_exec($connection, $query);
+ $query="select count(*) from pg_catalog.pg_database where datname = '{$_POST['dbname']}';";
+ $result = pg_exec($connection, $query);
+ if(pg_result($result,0,0)==0){
+ $query="CREATE DATABASE {$_POST['dbname']};";
+ $result = pg_exec($connection, $query);
+ $query="ALTER DATABASE {$_POST['dbname']} OWNER TO {$_POST['dbuser']};";
+ $result = pg_exec($connection, $query);
+ }
}
- $query="SELECT user FROM mysql.user WHERE user='{$_POST['dbuser']}';";
- $result = @$connection->query($query);
- if (!$result) {
- $entry='DB Error: "'.$connection->error.'" ';
- $entry.='Offending command was: '.$query.' ';
- echo($entry);
- }
- if($result->num_rows==0){
- $query="CREATE USER '{$_POST['dbuser']}' IDENTIFIED BY '{$_POST['dbpassword']}';";
- }else{
- $query='';
- }
- $query.="CREATE DATABASE IF NOT EXISTS `{$_POST['dbname']}`;
- GRANT ALL PRIVILEGES ON `{$_POST['dbname']}` . * TO '{$_POST['dbuser']}';";
- $result = @$connection->multi_query($query);
- if (!$result) {
- $entry='DB Error: "'.$connection->error.'" ';
- $entry.='Offending command was: '.$query.' ';
- echo($entry);
- }
- $connection->close();
}
}
?>
diff --git a/inc/lib_log.php b/inc/lib_log.php
index 3e0d3d1609..f002733acd 100755
--- a/inc/lib_log.php
+++ b/inc/lib_log.php
@@ -48,7 +48,7 @@ class OC_LOG {
* @param message $message
*/
public static function event($user,$type,$message){
- $result = OC_DB::query('insert into log (timestamp,user,type,message) values ("'.time().'","'.addslashes($user).'","'.addslashes($type).'","'.addslashes($message).'")');
+ $result = OC_DB::query('INSERT INTO `log` (`timestamp`,`user`,`type`,`message`) VALUES ('.time().',\''.addslashes($user).'\','.addslashes($type).',\''.addslashes($message).'\');');
OC_DB::free_result($result);
}
@@ -62,10 +62,10 @@ class OC_LOG {
echo('
');
if(OC_USER::ingroup($_SESSION['username_clean'],'admin')){
- $result = OC_DB::select('select timestamp,user,type,message from log order by timestamp desc limit 20');
+ $result = OC_DB::select('select `timestamp`,`user`,`type`,`message` from log order by timestamp desc limit 20');
}else{
$user=$_SESSION['username_clean'];
- $result = OC_DB::select('select timestamp,user,type,message from log where user=\''.$user.'\' order by timestamp desc limit 20');
+ $result = OC_DB::select('select `timestamp`,`user`,`type`,`message` from log where user=\''.$user.'\' order by timestamp desc limit 20');
}
foreach($result as $entry){
echo('
');
diff --git a/inc/lib_user.php b/inc/lib_user.php
index e5d994dd02..99909a3321 100755
--- a/inc/lib_user.php
+++ b/inc/lib_user.php
@@ -58,11 +58,11 @@ class OC_USER {
if(OC_USER::getuserid($username)!=0){
return false;
}else{
- $password=sha1($password);
$usernameclean=strtolower($username);
+ $password=sha1($password);
$username=OC_DB::escape($username);
$usernameclean=OC_DB::escape($usernameclean);
- $query="INSERT INTO `users` (`user_id` ,`user_name` ,`user_name_clean` ,`user_password`) VALUES (NULL , '$username', '$usernameclean', '$password')";
+ $query="INSERT INTO `users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username', '$usernameclean', '$password')";
$result=OC_DB::query($query);
return ($result)?true:false;
}
@@ -118,7 +118,7 @@ class OC_USER {
public static function creategroup($groupname){
if(OC_USER::getgroupid($groupname)==0){
$groupname=OC_DB::escape($groupname);
- $query="INSERT INTO `groups` (`group_id` ,`group_name`) VALUES (NULL , '$groupname')";
+ $query="INSERT INTO `groups` (`group_name`) VALUES ('$groupname')";
$result=OC_DB::query($query);
return ($result)?true:false;
}else{
@@ -132,7 +132,6 @@ class OC_USER {
*/
public static function getuserid($username){
$usernameclean=strtolower($username);
- $username=OC_DB::escape($username);
$usernameclean=OC_DB::escape($usernameclean);
$query="SELECT user_id FROM users WHERE user_name_clean = '$usernameclean'";
$result=OC_DB::select($query);
@@ -187,7 +186,7 @@ class OC_USER {
$userid=OC_USER::getuserid($username);
$groupid=OC_USER::getgroupid($groupname);
if($groupid>0 and $userid>0){
- $query="SELECT user_group_id FROM user_group WHERE group_id = $groupid AND user_id = $userid LIMIT 1";
+ $query="SELECT * FROM user_group WHERE group_id = '$groupid' AND user_id = '$userid';";
$result=OC_DB::select($query);
if(isset($result[0]) && isset($result[0]['user_group_id'])){
return true;
@@ -208,7 +207,7 @@ class OC_USER {
$userid=OC_USER::getuserid($username);
$groupid=OC_USER::getgroupid($groupname);
if($groupid!=0 and $userid!=0){
- $query="INSERT INTO `user_group` (`user_group_id` ,`user_id` ,`group_id`) VALUES (NULL , '$userid', '$groupid');";
+ $query="INSERT INTO `user_group` (`user_id` ,`group_id`) VALUES ('$userid', '$groupid');";
$result=OC_DB::query($query);
if($result){
return true;
diff --git a/inc/templates/adminform.php b/inc/templates/adminform.php
index c22c78768b..c94334466a 100755
--- a/inc/templates/adminform.php
+++ b/inc/templates/adminform.php
@@ -37,7 +37,7 @@ function dbtypechange(){
element.style.display='none';
}
}
- }else if(type=='mysql'){
+ }else if(type=='mysql' || type=='pgsql'){
for(i in inputs){
id=inputs[i];
element=document.getElementById(id);
@@ -80,24 +80,36 @@ if($FIRSTRUN){?>