Current File : /home/inlingua/public_html/decay_sym/root/var/softaculous/apps/phpmyadmin/3/webuzo.php

<?php

/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
 * Single signon for phpMyAdmin
 *
 * This is just example how to use session based single signon with
 * phpMyAdmin, it is not intended to be perfect code and look, only
 * shows how you can integrate this functionality in your application.
 *
 * @package    PhpMyAdmin
 * @subpackage Example
 */

/* Use cookies for session */
ini_set('session.use_cookies', 'true');
/* Change this to true if using phpMyAdmin over https */
$secure_cookie = false;
/* Need to have cookie visible from parent directory */
session_set_cookie_params(0, '/', '', $secure_cookie, true);
/* Create signon session */
$session_name = 'SignonSession';
session_name($session_name);
// Uncomment and change the following line to match your $cfg['SessionSavePath']
//session_save_path('/foobar');
@session_start();

include_once('/usr/local/webuzo/sdk/sessions.php');

$webuzo_sess = new Webuzo_Sessions();
$logged_in = $webuzo_sess->isLogin();
$is_multiuser = $webuzo_sess->globals['is_multiuser'];

// Send to login URL
if(empty($logged_in)){
	$webuzo_sess->show_login();
	die();
}

$pass_path = "/var/webuzo/my.conf";
if(file_exists($pass_path)){
	$pass = file_get_contents($pass_path);
}

// Remote mysql ?
$host = (!empty($webuzo_sess->globals['mysql_host']) && $webuzo_sess->globals['mysql_host'] != 'localhost') ? $webuzo_sess->globals['mysql_host'] : 'localhost';

// Root user
if(
	(method_exists($webuzo_sess, 'is_admin_panel') && $webuzo_sess->is_admin_panel()) &&		
	(	
		(!empty($webuzo_sess->orig_user) && $webuzo_sess->orig_user == 'root') || 
		(!empty($logged_in['user']) && $logged_in['user'] == 'root')
	)
){
	
	$tmp_user = 'root';
	$tmp_pass = $pass;

// Regular user
}elseif(!empty($logged_in['user']) && $logged_in['user'] != 'root'){
	
	$loggedin_user = $logged_in['user'];
	$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789@!#$";
	$tmp_user = 'tmp_'.$logged_in['user'];
	$tmp_pass = substr(str_shuffle($chars),0,16);
	
	
	$query[] = "DROP USER '$tmp_user'@'localhost'";
	$query[] = "DROP USER '$tmp_user'@'".$webuzo_sess->globals['WU_PRIMARY_IP']."'";
	$query[] = "DROP USER '$tmp_user'@'".$webuzo_sess->globals['WU_PRIMARY_DOMAIN']."'";
	$query[] = "CREATE USER IF NOT EXISTS '$tmp_user'@'localhost' IDENTIFIED BY '$tmp_pass'";
	$query[] = "ALTER USER '$tmp_user'@'localhost' IDENTIFIED BY '$tmp_pass'";
	$query[] = "CREATE USER IF NOT EXISTS '$tmp_user'@'".$webuzo_sess->globals['WU_PRIMARY_IP']."' IDENTIFIED BY '$tmp_pass'";
	$query[] = "ALTER USER '$tmp_user'@'".$webuzo_sess->globals['WU_PRIMARY_IP']."' IDENTIFIED BY '$tmp_pass'";
	$query[] = "CREATE USER IF NOT EXISTS '$tmp_user'@'".$webuzo_sess->globals['WU_PRIMARY_DOMAIN']."' IDENTIFIED BY '$tmp_pass'";
	$query[] = "ALTER USER '$tmp_user'@'".$webuzo_sess->globals['WU_PRIMARY_DOMAIN']."' IDENTIFIED BY '$tmp_pass'";
	$query[] = "FLUSH PRIVILEGES";
	
	// Old method with prefix
	if(empty($webuzo_sess->globals['mysql_new_method'])){
		$query[] = "GRANT ALL PRIVILEGES ON `$loggedin_user\_%`.* TO '$tmp_user'@'localhost'";
		$query[] = "GRANT ALL PRIVILEGES ON `$loggedin_user\_%`.* TO '$tmp_user'@'".$webuzo_sess->globals['WU_PRIMARY_IP']."'";
		$query[] = "GRANT ALL PRIVILEGES ON `$loggedin_user\_%`.* TO '$tmp_user'@'".$webuzo_sess->globals['WU_PRIMARY_DOMAIN']."'";
	
	// Without prefix
	}else{
		$path = $webuzo_sess->globals['users_path'].'/'.$loggedin_user.'/mysql';
		$data = @json_decode(file_get_contents($path), true);
		
		// Revoke all privileges first
		$query[] = "REVOKE ALL PRIVILEGES, GRANT OPTION FROM '$tmp_user'@'localhost'";
		$query[] = "REVOKE ALL PRIVILEGES, GRANT OPTION FROM '$tmp_user'@'".$webuzo_sess->globals['WU_PRIMARY_IP']."'";
		$query[] = "REVOKE ALL PRIVILEGES, GRANT OPTION FROM '$tmp_user'@'".$webuzo_sess->globals['WU_PRIMARY_DOMAIN']."'";
		
		// Are there any Database ?
		if(!empty($data['localhost']['dbs'])){
			foreach($data['localhost']['dbs'] as $k => $v){
				$query[] = "GRANT ALL PRIVILEGES ON `$k`.* TO '$tmp_user'@'localhost'";
				$query[] = "GRANT ALL PRIVILEGES ON `$k`.* TO '$tmp_user'@'".$webuzo_sess->globals['WU_PRIMARY_IP']."'";
				$query[] = "GRANT ALL PRIVILEGES ON `$k`.* TO '$tmp_user'@'".$webuzo_sess->globals['WU_PRIMARY_DOMAIN']."'";
			}
		}
	}
	
	$sconn = @mysqli_connect($host, 'root', $pass);
	foreach($query as $q => $v){		
		mysqli_query($sconn, $v);
	}
	
// Not logged in
}else{
	$webuzo_sess->show_login();
	die();
}

/* Store there credentials */
$_SESSION['PMA_single_signon_user'] = $tmp_user;
$_SESSION['PMA_single_signon_password'] = $tmp_pass;
$_SESSION['PMA_single_signon_host'] = $host;
$_SESSION['PMA_single_signon_port'] = '3306';
/* Update another field of server configuration */
$_SESSION['PMA_single_signon_cfgupdate'] = array('verbose' => 'Webuzo Signon');
$id = session_id();

/* Close that session */
@session_write_close();

/* Redirect to phpMyAdmin (should use absolute URL here!) */
header('Location: '.$webuzo_sess->SESS['url'].'phpmyadmin/index.php');