Permalink
Browse files

. #0008562: MySQL 8 Syntax Changes blocks installation

  • Loading branch information...
fmancardi committed Feb 9, 2019
1 parent 664f03e commit 6691f4ff4671fb2b9de7b071780ac83e685b2035
Showing with 74 additions and 60 deletions.
  1. +74 −60 install/installUtils.php
@@ -113,7 +113,6 @@ function getUserList(&$db,$db_type)
// Returns an array containing the original sql statement in the first array element;
// the remaining elements of the array are driver dependent.
//
// 20071104 - franciscom
// Looking into adodb-mssql.inc.php, you will note that array[1]
// is a mssql stm object.
// This info is very important, to use mssql_free_statement()
@@ -293,7 +292,9 @@ function create_user_for_db($db_type,$db_name,$db_server, $db_admin_name, $db_ad
case 'mysql':
case 'mysqli':
default:
// Starting with MySQL 8 the following sentence is WRONG !!
// for MySQL making the user and assign right is the same operation
//
$op = _mysql_make_user($db,$the_host,$db_name,$login,$passwd);
break;
@@ -303,8 +304,7 @@ function create_user_for_db($db_type,$db_name,$db_server, $db_admin_name, $db_ad
{
// just assign rights on the database
$msg = 'ok - user_exists';
switch($db_type)
{
switch($db_type) {
case 'mysql':
case 'mysqli':
$op = _mysql_assign_grants($db,$the_host,$db_name,$login,$passwd);
@@ -317,7 +317,6 @@ function create_user_for_db($db_type,$db_name,$db_server, $db_admin_name, $db_ad
case 'mssql':
$op = _mssql_assign_grants($db,$the_host,$db_name,$login,$passwd);
break;
}
}
@@ -472,83 +471,98 @@ function check_db_loaded_extension($db_type) {
// 20060514 - franciscom
function _mysql_make_user($dbhandler,$db_host,$db_name,$login,$passwd)
{
/**
*
*
*/
function _mysql_make_user($dbhandler,$db_host,$db_name,$login,$passwd) {
$op = new stdclass();
$op = new stdclass();
$op->status_ok=true;
$op->msg = 'ok - new user';
// Escaping following rules form:
//
// MySQL Manual
// 9.2. Database, Table, Index, Column, and Alias Names
//
$stmt = "GRANT SELECT, UPDATE, DELETE, INSERT ON " .
"`" . $dbhandler->prepare_string($db_name) . "`" . ".* TO " .
"'" . $dbhandler->prepare_string($login) . "'";
// 20070310 - $the_host -> $db_host
if (strlen(trim($db_host)) != 0)
{
$stmt .= "@" . "'" . $dbhandler->prepare_string($db_host) . "'";
}
$stmt .= " IDENTIFIED BY '" . $passwd . "'";
$op->status_ok = true;
$op->msg = 'ok - new user';
if (!@$dbhandler->exec_query($stmt))
{
// Escaping following rules form:
//
// MySQL Manual
// 9.2. Database, Table, Index, Column, and Alias Names
//
$safeDBHost = $dbhandler->prepare_string($db_host);
$safeDBName = $dbhandler->prepare_string($db_name);
$safeLogin = $dbhandler->prepare_string($login);
$stmt = " CREATE USER '$safeLogin' ";
if (strlen(trim($db_host)) != 0) {
$stmt .= "@" . "'$safeDBHost'";
}
// To have compatibility with MySQL 5.x
// IDENTIFIED WITH mysql_native_password
$stmt .=
" IDENTIFIED WITH mysql_native_password BY '$passwd' ";
echo $stmt;
if (!@$dbhandler->exec_query($stmt)) {
$op->msg = "ko - " . $dbhandler->error_msg();
$op->status_ok=false;
}
return $op;
}
else
{
// 20051217 - fm
/**
*
*/
function _mysql_assign_grants($dbhandler,$db_host,$db_name,$login,$passwd) {
$op->status_ok = true;
$op->msg = 'ok - new user';
// Escaping following rules form:
//
// MySQL Manual
// 9.2. Database, Table, Index, Column, and Alias Names
//
$safeDBHost = $dbhandler->prepare_string($db_host);
$safeDBName = $dbhandler->prepare_string($db_name);
$safeLogin = $dbhandler->prepare_string($login);
$stmt = "GRANT SELECT, UPDATE, DELETE, INSERT ON
`$safeDBName`.* TO '$safeLogin'@'$safeDBHost'
WITH GRANT OPTION ";
if ( !@$dbhandler->exec_query($stmt) ) {
$op->msg = "ko - " . $dbhandler->error_msg();
$op->status_ok=false;
}
// found that you get access denied in this situation:
// 1. you have create the user with grant for host.
// 2. you are running your app on host.
// 3. you don't have GRANT for localhost.
// 3. you don't have GRANT for localhost.
//
// Then I've decide to grant always access from localhost
// to avoid this kind of problem.
// I hope this is not a security hole.
//
//
// 20070310 - $the_host -> $db_host
if( strcasecmp('localhost',$db_host) != 0)
{
// 20060514 - franciscom - missing
$stmt = "GRANT SELECT, UPDATE, DELETE, INSERT ON " .
"`" . $dbhandler->prepare_string($db_name) . "`" . ".* TO " .
"'" . $dbhandler->prepare_string($login) . "'@'localhost'" .
" IDENTIFIED BY '" . $passwd . "'";
if ( !@$dbhandler->exec_query($stmt) )
{
if( strcasecmp('localhost',$db_host) != 0 ) {
$stmt = "GRANT SELECT, UPDATE, DELETE, INSERT ON
`$safeDBName`.* TO '$safeLogin'@'localhost'
WITH GRANT OPTION ";
if ( !@$dbhandler->exec_query($stmt) ) {
$op->msg = "ko - " . $dbhandler->error_msg();
$op->status_ok=false;
}
}
}
return ($op);
}
if( $op->status_ok) {
$op->msg = 'ok - grant assignment';
}
// 20060514 - franciscom
// for MySQL just a wrapper
function _mysql_assign_grants($dbhandler,$db_host,$db_name,$login,$passwd)
{
$op = _mysql_make_user($dbhandler,$db_host,$db_name,$login,$passwd);
if( $op->status_ok)
{
$op->msg = 'ok - grant assignment';
}
return ($op);
return ($op);
}

0 comments on commit 6691f4f

Please sign in to comment.