From b9efd906e5de1971822daa89bcc006891be83981 Mon Sep 17 00:00:00 2001 From: lamclennan Date: Sun, 8 Jan 2017 02:51:16 +1000 Subject: [PATCH] Postgres SQL Fixes A few commands changed to suit postgres and the "user" table. --- api/domains.php | 14 ++++---- api/edit-master.php | 2 +- api/edit-remote.php | 2 +- api/edit-user.php | 18 +++++----- api/index.php | 2 +- api/install.php | 82 ++++++++++++++++++++++++++------------------- api/password.php | 2 +- api/upgrade.php | 55 +++++++++++++++++++++++++----- api/users.php | 6 ++-- 9 files changed, 118 insertions(+), 65 deletions(-) diff --git a/api/domains.php b/api/domains.php index f54e3e1..54f02c3 100644 --- a/api/domains.php +++ b/api/domains.php @@ -39,7 +39,7 @@ if(isset($input->action) && $input->action == "getDomains") { SELECT COUNT(*) AS anzahl FROM domains D LEFT OUTER JOIN permissions P ON D.id = P.domain - WHERE (P.user=:user1 OR :user2) AND + WHERE (P.\"user\"=:user1 OR :user2) AND (D.name LIKE :name1 OR :name2) AND (D.type=:type1 OR :type2) "; @@ -91,7 +91,7 @@ if(isset($input->action) && $input->action == "getDomains") { FROM domains D LEFT OUTER JOIN records R ON D.id = R.domain_id LEFT OUTER JOIN permissions P ON D.id = P.domain - WHERE (P.user=:user1 OR :user2) + WHERE (P.\"user\"=:user1 OR :user2) GROUP BY D.id, D.name, D.type HAVING (D.name LIKE :name1 OR :name2) AND @@ -120,13 +120,13 @@ if(isset($input->action) && $input->action == "getDomains") { /* * Now the number of entries gets limited to the domainRows config value. - * SQL LIMIT is used for that: - * LIMIT lower, upper - * Note that LIMIT 0,4 returns the first five rows! + * SQL LIMIT and OFFSET is used for that: + * LIMIT upper OFFSET lower + * Note that LIMIT 5 OFFSET 0 returns the first five rows! */ $lower_limit = ($config['domain_rows'] * ($input->page - 1)); - $sql .= " LIMIT " . $lower_limit . ", " . $config['domain_rows']; + $sql .= " LIMIT " . $config['domain_rows'] . " OFFSET " . $lower_limit; $stmt = $db->prepare($sql); @@ -156,7 +156,7 @@ if(isset($input->action) && $input->action == "getDomains") { $stmt->bindValue(':type1', $type_filter, PDO::PARAM_INT); $stmt->bindValue(':type2', $type_filter_used, PDO::PARAM_INT); $stmt->execute(); - + while($obj = $stmt->fetchObject()) { $retval['data'][] = $obj; } diff --git a/api/edit-master.php b/api/edit-master.php index 64b60b8..ad0d670 100644 --- a/api/edit-master.php +++ b/api/edit-master.php @@ -31,7 +31,7 @@ if(!isset($input->csrfToken) || $input->csrfToken !== $_SESSION['csrfToken']) { //Permission check if(isset($input->domain)) { - $permquery = $db->prepare("SELECT COUNT(*) FROM permissions WHERE user=:user AND domain=:domain"); + $permquery = $db->prepare("SELECT COUNT(*) FROM permissions WHERE \"user\"=:user AND domain=:domain"); $permquery->bindValue(':user', $_SESSION['id'], PDO::PARAM_INT); $permquery->bindValue(':domain', $input->domain, PDO::PARAM_INT); $permquery->execute(); diff --git a/api/edit-remote.php b/api/edit-remote.php index 8867699..79e097c 100644 --- a/api/edit-remote.php +++ b/api/edit-remote.php @@ -29,7 +29,7 @@ if(!isset($input->csrfToken) || $input->csrfToken !== $_SESSION['csrfToken']) { //Permission check if(isset($input->record)) { - $permquery = $db->prepare("SELECT COUNT(*) FROM records JOIN permissions ON records.domain_id=permissions.domain WHERE user=:user AND records.id=:id"); + $permquery = $db->prepare("SELECT COUNT(*) FROM records JOIN permissions ON records.domain_id=permissions.domain WHERE \"user\"=:user AND records.id=:id"); $permquery->bindValue(':user', $_SESSION['id'], PDO::PARAM_INT); $permquery->bindValue(':id', $input->record, PDO::PARAM_INT); $permquery->execute(); diff --git a/api/edit-user.php b/api/edit-user.php index befab23..e6e2b63 100644 --- a/api/edit-user.php +++ b/api/edit-user.php @@ -37,14 +37,14 @@ if(isset($input->action) && $input->action == "addUser") { $db->beginTransaction(); - $stmt = $db->prepare("INSERT INTO user(name,password,type) VALUES (:name,:password,:type)"); + $stmt = $db->prepare("INSERT INTO \"user\"(name,password,type) VALUES (:name,:password,:type)"); $stmt->bindValue(':name', $input->name, PDO::PARAM_STR); $stmt->bindValue(':password', $passwordHash, PDO::PARAM_STR); $stmt->bindValue(':type', $input->type, PDO::PARAM_STR); $stmt->execute(); - $stmt = $db->prepare("SELECT MAX(id) FROM user WHERE name=:name AND password=:password AND type=:type"); + $stmt = $db->prepare("SELECT MAX(id) FROM \"user\" WHERE name=:name AND password=:password AND type=:type"); $stmt->bindValue(':name', $input->name, PDO::PARAM_STR); $stmt->bindValue(':password', $passwordHash, PDO::PARAM_STR); $stmt->bindValue(':type', $input->type, PDO::PARAM_STR); @@ -58,7 +58,7 @@ if(isset($input->action) && $input->action == "addUser") { } if(isset($input->action) && $input->action == "getUserData") { - $stmt = $db->prepare("SELECT name,type FROM user WHERE id=:id LIMIT 1"); + $stmt = $db->prepare("SELECT name,type FROM \"user\" WHERE id=:id LIMIT 1"); $stmt->bindValue(':id', $input->id, PDO::PARAM_INT); $stmt->execute(); $stmt->bindColumn('name', $userName); @@ -73,14 +73,14 @@ if(isset($input->action) && $input->action == "getUserData") { if(isset($input->action) && $input->action == "saveUserChanges") { if(isset($input->password)) { $passwordHash = password_hash($input->password, PASSWORD_DEFAULT); - $stmt = $db->prepare("UPDATE user SET name=:name,password=:password,type=:type WHERE id=:id"); + $stmt = $db->prepare("UPDATE \"user\" SET name=:name,password=:password,type=:type WHERE id=:id"); $stmt->bindValue(':name', $input->name, PDO::PARAM_STR); $stmt->bindValue(':password', $passwordHash, PDO::PARAM_STR); $stmt->bindValue(':type', $input->type, PDO::PARAM_STR); $stmt->bindValue(':id', $input->id, PDO::PARAM_INT); $stmt->execute(); } else { - $stmt = $db->prepare("UPDATE user SET name=:name,type=:type WHERE id=:id"); + $stmt = $db->prepare("UPDATE \"user\" SET name=:name,type=:type WHERE id=:id"); $stmt->bindValue(':name', $input->name, PDO::PARAM_STR); $stmt->bindValue(':type', $input->type, PDO::PARAM_STR); $stmt->bindValue(':id', $input->id, PDO::PARAM_INT); @@ -94,7 +94,7 @@ if(isset($input->action) && $input->action == "getPermissions") { SELECT D.id,D.name FROM permissions P JOIN domains D ON P.domain=D.id - WHERE P.user=:user + WHERE P.\"user\"=:user "); $stmt->bindValue(':user', $input->id, PDO::PARAM_INT); @@ -109,7 +109,7 @@ if(isset($input->action) && $input->action == "getPermissions") { if(isset($input->action) && $input->action == "removePermission") { - $stmt = $db->prepare("DELETE FROM permissions WHERE user=:user AND domain=:domain"); + $stmt = $db->prepare("DELETE FROM permissions WHERE \"user\"=:user AND domain=:domain"); $stmt->bindValue(':user', $input->userId, PDO::PARAM_INT); $stmt->bindValue(':domain', $input->domainId, PDO::PARAM_INT); @@ -117,7 +117,7 @@ if(isset($input->action) && $input->action == "removePermission") { } if(isset($input->action) && $input->action == "searchDomains" && isset($input->term)) { - $stmt = $db->prepare("SELECT id,name AS text FROM domains WHERE name LIKE :name AND id NOT IN(SELECT domain FROM permissions WHERE user=:user)"); + $stmt = $db->prepare("SELECT id,name AS text FROM domains WHERE name LIKE :name AND id NOT IN(SELECT domain FROM permissions WHERE \"user\"=:user)"); $searchTerm = "%" . $input->term . "%"; @@ -133,7 +133,7 @@ if(isset($input->action) && $input->action == "searchDomains" && isset($input->t } if(isset($input->action) && $input->action == "addPermissions") { - $stmt = $db->prepare("INSERT INTO permissions(user,domain) VALUES (:user,:domain)"); + $stmt = $db->prepare("INSERT INTO permissions(\"user\",domain) VALUES (:user,:domain)"); foreach($input->domains as $domain) { $stmt->bindValue(':user', $input->userId, PDO::PARAM_INT); diff --git a/api/index.php b/api/index.php index d460dc0..90a2d64 100644 --- a/api/index.php +++ b/api/index.php @@ -21,7 +21,7 @@ require_once '../lib/database.php'; $input = json_decode(file_get_contents('php://input')); -$stmt = $db->prepare("SELECT id,password,type FROM user WHERE name=:name LIMIT 1"); +$stmt = $db->prepare("SELECT id,password,type FROM \"user\" WHERE name=:name LIMIT 1"); $stmt->bindValue(':name', $input->user, PDO::PARAM_STR); $stmt->execute(); $stmt->bindColumn('id', $id); diff --git a/api/install.php b/api/install.php index f6445d9..10b8aea 100644 --- a/api/install.php +++ b/api/install.php @@ -70,7 +70,8 @@ CREATE TABLE IF NOT EXISTS user ( name varchar(50) NOT NULL, password varchar(200) NOT NULL, type varchar(20) NOT NULL, - PRIMARY KEY (id) + PRIMARY KEY (id), + UNIQUE KEY user_name_index (name) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; ALTER TABLE permissions @@ -158,7 +159,7 @@ CREATE TABLE IF NOT EXISTS domains ( name VARCHAR(255) NOT NULL, master VARCHAR(128) DEFAULT NULL, last_check INT DEFAULT NULL, - type VARCHAR(6) NOT NULL, + \"type\" VARCHAR(6) NOT NULL, notified_serial INT DEFAULT NULL, account VARCHAR(40) DEFAULT NULL, CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT))) @@ -170,7 +171,7 @@ CREATE TABLE IF NOT EXISTS records ( id SERIAL PRIMARY KEY, domain_id INT DEFAULT NULL, name VARCHAR(255) DEFAULT NULL, - type VARCHAR(10) DEFAULT NULL, + \"type\" VARCHAR(10) DEFAULT NULL, content VARCHAR(65535) DEFAULT NULL, ttl INT DEFAULT NULL, prio INT DEFAULT NULL, @@ -189,22 +190,24 @@ CREATE INDEX IF NOT EXISTS nametype_index ON records(name,type); CREATE INDEX IF NOT EXISTS domain_id ON records(domain_id); CREATE INDEX IF NOT EXISTS recordorder ON records (domain_id, ordername text_pattern_ops); -CREATE TABLE IF NOT EXISTS user ( +CREATE TABLE IF NOT EXISTS \"user\" ( id SERIAL PRIMARY KEY, name varchar(50) NOT NULL, password varchar(200) NOT NULL, - type varchar(20) NOT NULL + \"type\" varchar(20) NOT NULL ); +CREATE UNIQUE INDEX IF NOT EXISTS user_name_index ON \"user\"(name); + CREATE TABLE IF NOT EXISTS permissions ( - user INT NOT NULL, - domain INT NOT NULL, - PRIMARY KEY (user,domain), + \"user\" INT NOT NULL, + \"domain\" INT NOT NULL, + PRIMARY KEY (\"user\",domain), CONSTRAINT domain_exists - FOREIGN KEY(domain_id) REFERENCES domains(id) + FOREIGN KEY(domain) REFERENCES domains(id) ON DELETE CASCADE, CONSTRAINT user_exists - FOREIGN KEY(user) REFERENCES user(id) + FOREIGN KEY(\"user\") REFERENCES \"user\"(id) ON DELETE CASCADE ); @@ -214,11 +217,11 @@ CREATE TABLE IF NOT EXISTS remote ( id SERIAL PRIMARY KEY, record INT NOT NULL, description varchar(255) NOT NULL, - type varchar(20) NOT NULL, - security varchar(2000) NOT NULL, - nonce varchar(255) DEFAULT NULL, + \"type\" varchar(20) NOT NULL, + \"security\" varchar(2000) NOT NULL, + nonce varchar(255) DEFAULT NULL, CONSTRAINT record_exists - FOREIGN KEY(record_id) REFERENCES records(id) + FOREIGN KEY(record) REFERENCES records(id) ON DELETE CASCADE ); @@ -244,7 +247,7 @@ CREATE TABLE IF NOT EXISTS comments ( id SERIAL PRIMARY KEY, domain_id INT NOT NULL, name VARCHAR(255) NOT NULL, - type VARCHAR(10) NOT NULL, + \"type\" VARCHAR(10) NOT NULL, modified_at INT NOT NULL, account VARCHAR(40) DEFAULT NULL, comment VARCHAR(65535) NOT NULL, @@ -297,36 +300,47 @@ catch (PDOException $e) { $retval['status'] = "error"; $retval['message'] = serialize($e); } + +$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + if (!isset($retval)) { $passwordHash = password_hash($input->userPassword, PASSWORD_DEFAULT); - - $stmt = $db->query($sql[$input->type]); - while ($stmt->nextRowset()) {;} - - $stmt = $db->prepare("INSERT INTO user(name,password,type) VALUES (:user,:hash,'admin')"); + + $queries = explode(";", $sql[$input->type]); + + $db->beginTransaction(); + + foreach ($queries as $query) { + if (preg_replace('/\s+/', '', $query) != '') { + $db->exec($query); + } + } + + $db->commit(); + + $stmt = $db->prepare("INSERT INTO \"user\"(name,password,type) VALUES (:user,:hash,'admin')"); $stmt->bindValue(':user', $input->userName, PDO::PARAM_STR); $stmt->bindValue(':hash', $passwordHash, PDO::PARAM_STR); - $stmt->execute(); - - $configFile = Array(); - - $configFile[] = 'host) . "';"; - $configFile[] = '$config[\'db_user\'] = \'' . addslashes($input->user) . "';"; - $configFile[] = '$config[\'db_password\'] = \'' . addslashes($input->password) . "';"; - $configFile[] = '$config[\'db_name\'] = \'' . addslashes($input->database) . "';"; - $configFile[] = '$config[\'db_port\'] = ' . addslashes($input->port) . ";"; - $configFile[] = '$config[\'db_type\'] = \'' . addslashes($input->type) . "';"; + $stmt->execute(); + $configFile = Array(); + + $configFile[] = 'host) . "';"; + $configFile[] = '$config[\'db_user\'] = \'' . addslashes($input->user) . "';"; + $configFile[] = '$config[\'db_password\'] = \'' . addslashes($input->password) . "';"; + $configFile[] = '$config[\'db_name\'] = \'' . addslashes($input->database) . "';"; + $configFile[] = '$config[\'db_port\'] = ' . addslashes($input->port) . ";"; + $configFile[] = '$config[\'db_type\'] = \'' . addslashes($input->type) . "';"; + + $retval['status'] = "success"; try { - file_put_contents("../config/config-user.php", implode("\n", $configFile)); - $retval['status'] = "success"; + file_put_contents("../config/config-user.php", implode("\n", $configFile)); } catch (Exception $e) { $retval['status'] = "error"; $retval['message'] = serialize($e); } - } if(isset($retval)) { diff --git a/api/password.php b/api/password.php index d81b5e9..7c48f93 100644 --- a/api/password.php +++ b/api/password.php @@ -30,7 +30,7 @@ if(!isset($input->csrfToken) || $input->csrfToken !== $_SESSION['csrfToken']) { if(isset($input->action) && $input->action == "changePassword") { $passwordHash = password_hash($input->password, PASSWORD_DEFAULT); - $stmt = $db->prepare("UPDATE user SET password=:password WHERE id=:id"); + $stmt = $db->prepare("UPDATE \"user\" SET password=:password WHERE id=:id"); $stmt->bindValue(':password', $passwordHash, PDO::PARAM_STR); $stmt->bindValue(':id', $_SESSION['id'], PDO::PARAM_INT); $stmt->execute(); diff --git a/api/upgrade.php b/api/upgrade.php index 19d57fc..9f1255c 100644 --- a/api/upgrade.php +++ b/api/upgrade.php @@ -55,8 +55,17 @@ if(isset($input->action) && $input->action == "requestUpgrade") { INSERT INTO options(name,value) VALUES ('schema_version', 1); "; $sql["pgsql"] = "INSERT INTO options(name,value) VALUES ('schema_version', 1);"; - $stmt = $db->query($sql[$dbType]); - while ($stmt->nextRowset()) {;} + $queries = explode(";", $sql[$dbType]); + + $db->beginTransaction(); + + foreach ($queries as $query) { + if (preg_replace('/\s+/', '', $query) != '') { + $db->exec($query); + } + } + + $db->commit(); } if($currentVersion < 2) { $sql["mysql"] = " @@ -80,8 +89,18 @@ if(isset($input->action) && $input->action == "requestUpgrade") { UPDATE options SET value=2 WHERE name='schema_version'; "; $sql["pgsql"] = "UPDATE options SET value=2 WHERE name='schema_version';"; - $stmt = $db->query($sql[$dbType]); - while ($stmt->nextRowset()) {;} + $queries = explode(";", $sql[$dbType]); + + $db->beginTransaction(); + + foreach ($queries as $query) { + if (preg_replace('/\s+/', '', $query) != '') { + $db->exec($query); + } + } + + $db->commit(); + } if($currentVersion < 3) { $sql["mysql"] = " @@ -99,8 +118,17 @@ if(isset($input->action) && $input->action == "requestUpgrade") { UPDATE options SET value=3 WHERE name='schema_version'; "; $sql["pgsql"] = "UPDATE options SET value=3 WHERE name='schema_version';"; - $stmt = $db->query($sql[$dbType]); - while ($stmt->nextRowset()) {;} + $queries = explode(";", $sql[$dbType]); + + $db->beginTransaction(); + + foreach ($queries as $query) { + if (preg_replace('/\s+/', '', $query) != '') { + $db->exec($query); + } + } + + $db->commit(); } if($currentVersion < 4) { @@ -146,11 +174,22 @@ if(isset($input->action) && $input->action == "requestUpgrade") { UNIQUE KEY namealgoindex (name, algorithm) ) Engine=InnoDB DEFAULT CHARSET=latin1; + ALTER TABLE user ADD UNIQUE KEY user_name_index (name); + UPDATE options SET value=4 WHERE name='schema_version'; "; $sql["pgsql"] = "UPDATE options SET value=4 WHERE name='schema_version';"; - $stmt = $db->query($sql[$dbType]); - while ($stmt->nextRowset()) {;} + $queries = explode(";", $sql[$dbType]); + + $db->beginTransaction(); + + foreach ($queries as $query) { + if (preg_replace('/\s+/', '', $query) != '') { + $db->exec($query); + } + } + + $db->commit(); } $retval['status'] = "success"; } diff --git a/api/users.php b/api/users.php index b5cdc24..75c7a2d 100644 --- a/api/users.php +++ b/api/users.php @@ -36,7 +36,7 @@ if(isset($input->action) && $input->action == "getUsers") { $sql = " SELECT id,name,type - FROM user + FROM \"user\" WHERE (name LIKE :name1 OR :name2) AND (type=:type1 OR :type2) @@ -96,11 +96,11 @@ if(isset($input->action) && $input->action == "deleteUser") { $db->beginTransaction(); - $stmt = $db->prepare("DELETE FROM permissions WHERE user=:userid"); + $stmt = $db->prepare("DELETE FROM permissions WHERE \"user\"=:userid"); $stmt->bindValue(':userid', $userId, PDO::PARAM_INT); $stmt->execute(); - $stmt = $db->prepare("DELETE FROM user WHERE id=:id"); + $stmt = $db->prepare("DELETE FROM \"user\" WHERE id=:id"); $stmt->bindValue(':id', $userId, PDO::PARAM_INT); $stmt->execute();