From d9f4b2044809fb765fd462da216b1d6c056cd71f Mon Sep 17 00:00:00 2001 From: lamclennan Date: Sun, 8 Jan 2017 14:15:31 +1000 Subject: [PATCH] Updated upgrade scripts for MySQL Renamed the user table to users and added a unique key to it so duplicate users can't be created. Upgrade scripts delete duplicates and keep the lowest id (which is what would have been used for authentication anyway, i.e. other users were useless). Added upgrade script to put domains names and records names to lower case text as is required by postgres. --- api/domains.php | 4 +-- api/edit-master.php | 2 +- api/edit-remote.php | 2 +- api/edit-user.php | 18 ++++++------- api/index.php | 2 +- api/install.php | 63 +++++++++++++++++++++------------------------ api/password.php | 2 +- api/upgrade.php | 52 ++++++++++++++++++++++++++++++++++++- api/users.php | 6 ++--- 9 files changed, 99 insertions(+), 52 deletions(-) diff --git a/api/domains.php b/api/domains.php index 54f02c3..d35e728 100644 --- a/api/domains.php +++ b/api/domains.php @@ -39,7 +39,7 @@ if(isset($input->action) && $input->action == "getDomains") { SELECT COUNT(*) AS anzahl FROM domains D LEFT OUTER JOIN permissions P ON D.id = P.domain - WHERE (P.\"user\"=:user1 OR :user2) AND + WHERE (P.userid=:user1 OR :user2) AND (D.name LIKE :name1 OR :name2) AND (D.type=:type1 OR :type2) "; @@ -91,7 +91,7 @@ if(isset($input->action) && $input->action == "getDomains") { FROM domains D LEFT OUTER JOIN records R ON D.id = R.domain_id LEFT OUTER JOIN permissions P ON D.id = P.domain - WHERE (P.\"user\"=:user1 OR :user2) + WHERE (P.userid=:user1 OR :user2) GROUP BY D.id, D.name, D.type HAVING (D.name LIKE :name1 OR :name2) AND diff --git a/api/edit-master.php b/api/edit-master.php index ad0d670..14bd19d 100644 --- a/api/edit-master.php +++ b/api/edit-master.php @@ -31,7 +31,7 @@ if(!isset($input->csrfToken) || $input->csrfToken !== $_SESSION['csrfToken']) { //Permission check if(isset($input->domain)) { - $permquery = $db->prepare("SELECT COUNT(*) FROM permissions WHERE \"user\"=:user AND domain=:domain"); + $permquery = $db->prepare("SELECT COUNT(*) FROM permissions WHERE userid=:user AND domain=:domain"); $permquery->bindValue(':user', $_SESSION['id'], PDO::PARAM_INT); $permquery->bindValue(':domain', $input->domain, PDO::PARAM_INT); $permquery->execute(); diff --git a/api/edit-remote.php b/api/edit-remote.php index 79e097c..b4f1155 100644 --- a/api/edit-remote.php +++ b/api/edit-remote.php @@ -29,7 +29,7 @@ if(!isset($input->csrfToken) || $input->csrfToken !== $_SESSION['csrfToken']) { //Permission check if(isset($input->record)) { - $permquery = $db->prepare("SELECT COUNT(*) FROM records JOIN permissions ON records.domain_id=permissions.domain WHERE \"user\"=:user AND records.id=:id"); + $permquery = $db->prepare("SELECT COUNT(*) FROM records JOIN permissions ON records.domain_id=permissions.domain WHERE userid=:user AND records.id=:id"); $permquery->bindValue(':user', $_SESSION['id'], PDO::PARAM_INT); $permquery->bindValue(':id', $input->record, PDO::PARAM_INT); $permquery->execute(); diff --git a/api/edit-user.php b/api/edit-user.php index e6e2b63..0f48084 100644 --- a/api/edit-user.php +++ b/api/edit-user.php @@ -37,14 +37,14 @@ if(isset($input->action) && $input->action == "addUser") { $db->beginTransaction(); - $stmt = $db->prepare("INSERT INTO \"user\"(name,password,type) VALUES (:name,:password,:type)"); + $stmt = $db->prepare("INSERT INTO users(name,password,type) VALUES (:name,:password,:type)"); $stmt->bindValue(':name', $input->name, PDO::PARAM_STR); $stmt->bindValue(':password', $passwordHash, PDO::PARAM_STR); $stmt->bindValue(':type', $input->type, PDO::PARAM_STR); $stmt->execute(); - $stmt = $db->prepare("SELECT MAX(id) FROM \"user\" WHERE name=:name AND password=:password AND type=:type"); + $stmt = $db->prepare("SELECT MAX(id) FROM users WHERE name=:name AND password=:password AND type=:type"); $stmt->bindValue(':name', $input->name, PDO::PARAM_STR); $stmt->bindValue(':password', $passwordHash, PDO::PARAM_STR); $stmt->bindValue(':type', $input->type, PDO::PARAM_STR); @@ -58,7 +58,7 @@ if(isset($input->action) && $input->action == "addUser") { } if(isset($input->action) && $input->action == "getUserData") { - $stmt = $db->prepare("SELECT name,type FROM \"user\" WHERE id=:id LIMIT 1"); + $stmt = $db->prepare("SELECT name,type FROM users WHERE id=:id LIMIT 1"); $stmt->bindValue(':id', $input->id, PDO::PARAM_INT); $stmt->execute(); $stmt->bindColumn('name', $userName); @@ -73,14 +73,14 @@ if(isset($input->action) && $input->action == "getUserData") { if(isset($input->action) && $input->action == "saveUserChanges") { if(isset($input->password)) { $passwordHash = password_hash($input->password, PASSWORD_DEFAULT); - $stmt = $db->prepare("UPDATE \"user\" SET name=:name,password=:password,type=:type WHERE id=:id"); + $stmt = $db->prepare("UPDATE users SET name=:name,password=:password,type=:type WHERE id=:id"); $stmt->bindValue(':name', $input->name, PDO::PARAM_STR); $stmt->bindValue(':password', $passwordHash, PDO::PARAM_STR); $stmt->bindValue(':type', $input->type, PDO::PARAM_STR); $stmt->bindValue(':id', $input->id, PDO::PARAM_INT); $stmt->execute(); } else { - $stmt = $db->prepare("UPDATE \"user\" SET name=:name,type=:type WHERE id=:id"); + $stmt = $db->prepare("UPDATE users SET name=:name,type=:type WHERE id=:id"); $stmt->bindValue(':name', $input->name, PDO::PARAM_STR); $stmt->bindValue(':type', $input->type, PDO::PARAM_STR); $stmt->bindValue(':id', $input->id, PDO::PARAM_INT); @@ -94,7 +94,7 @@ if(isset($input->action) && $input->action == "getPermissions") { SELECT D.id,D.name FROM permissions P JOIN domains D ON P.domain=D.id - WHERE P.\"user\"=:user + WHERE P.userid=:user "); $stmt->bindValue(':user', $input->id, PDO::PARAM_INT); @@ -109,7 +109,7 @@ if(isset($input->action) && $input->action == "getPermissions") { if(isset($input->action) && $input->action == "removePermission") { - $stmt = $db->prepare("DELETE FROM permissions WHERE \"user\"=:user AND domain=:domain"); + $stmt = $db->prepare("DELETE FROM permissions WHERE userid=:user AND domain=:domain"); $stmt->bindValue(':user', $input->userId, PDO::PARAM_INT); $stmt->bindValue(':domain', $input->domainId, PDO::PARAM_INT); @@ -117,7 +117,7 @@ if(isset($input->action) && $input->action == "removePermission") { } if(isset($input->action) && $input->action == "searchDomains" && isset($input->term)) { - $stmt = $db->prepare("SELECT id,name AS text FROM domains WHERE name LIKE :name AND id NOT IN(SELECT domain FROM permissions WHERE \"user\"=:user)"); + $stmt = $db->prepare("SELECT id,name AS text FROM domains WHERE name LIKE :name AND id NOT IN(SELECT domain FROM permissions WHERE userid=:user)"); $searchTerm = "%" . $input->term . "%"; @@ -133,7 +133,7 @@ if(isset($input->action) && $input->action == "searchDomains" && isset($input->t } if(isset($input->action) && $input->action == "addPermissions") { - $stmt = $db->prepare("INSERT INTO permissions(\"user\",domain) VALUES (:user,:domain)"); + $stmt = $db->prepare("INSERT INTO permissions(userid,domain) VALUES (:user,:domain)"); foreach($input->domains as $domain) { $stmt->bindValue(':user', $input->userId, PDO::PARAM_INT); diff --git a/api/index.php b/api/index.php index 90a2d64..5233d77 100644 --- a/api/index.php +++ b/api/index.php @@ -21,7 +21,7 @@ require_once '../lib/database.php'; $input = json_decode(file_get_contents('php://input')); -$stmt = $db->prepare("SELECT id,password,type FROM \"user\" WHERE name=:name LIMIT 1"); +$stmt = $db->prepare("SELECT id,password,type FROM users WHERE name=:name LIMIT 1"); $stmt->bindValue(':name', $input->user, PDO::PARAM_STR); $stmt->execute(); $stmt->bindColumn('id', $id); diff --git a/api/install.php b/api/install.php index 10b8aea..191f03f 100644 --- a/api/install.php +++ b/api/install.php @@ -38,13 +38,6 @@ CREATE TABLE IF NOT EXISTS domains ( UNIQUE KEY name_index (name) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -CREATE TABLE IF NOT EXISTS permissions ( - user int(11) NOT NULL, - domain int(11) NOT NULL, - PRIMARY KEY (user,domain), - KEY domain (domain) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; - CREATE TABLE IF NOT EXISTS records ( id int(11) NOT NULL AUTO_INCREMENT, domain_id int(11) DEFAULT NULL, @@ -59,13 +52,11 @@ CREATE TABLE IF NOT EXISTS records ( PRIMARY KEY (id), KEY rec_name_index (name), KEY nametype_index (name,type), - KEY domain_id (domain_id) + KEY domain_id (domain_id), + CONSTRAINT records_ibfk_1 FOREIGN KEY (domain_id) REFERENCES domains (id) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -ALTER TABLE records - ADD CONSTRAINT records_ibfk_1 FOREIGN KEY (domain_id) REFERENCES domains (id) ON DELETE CASCADE; - -CREATE TABLE IF NOT EXISTS user ( +CREATE TABLE IF NOT EXISTS users ( id int(11) NOT NULL AUTO_INCREMENT, name varchar(50) NOT NULL, password varchar(200) NOT NULL, @@ -74,10 +65,14 @@ CREATE TABLE IF NOT EXISTS user ( UNIQUE KEY user_name_index (name) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -ALTER TABLE permissions - ADD CONSTRAINT permissions_ibfk_1 FOREIGN KEY (domain) REFERENCES domains (id) ON DELETE CASCADE; -ALTER TABLE permissions - ADD CONSTRAINT permissions_ibfk_2 FOREIGN KEY (user) REFERENCES user (id) ON DELETE CASCADE; +CREATE TABLE IF NOT EXISTS permissions ( + userid int(11) NOT NULL, + domain int(11) NOT NULL, + PRIMARY KEY (userid,domain), + KEY domain (domain), + CONSTRAINT permissions_ibfk_1 FOREIGN KEY (domain) REFERENCES domains (id) ON DELETE CASCADE, + CONSTRAINT permissions_ibfk_2 FOREIGN KEY (userid) REFERENCES users (id) ON DELETE CASCADE +) ENGINE=InnoDB DEFAULT CHARSET=latin1; CREATE TABLE IF NOT EXISTS remote ( id int(11) NOT NULL AUTO_INCREMENT, @@ -87,18 +82,18 @@ CREATE TABLE IF NOT EXISTS remote ( security varchar(2000) NOT NULL, nonce varchar(255) DEFAULT NULL, PRIMARY KEY (id), - KEY record (record) + KEY record (record), + CONSTRAINT remote_ibfk_1 FOREIGN KEY (record) REFERENCES records (id) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -ALTER TABLE remote - ADD CONSTRAINT remote_ibfk_1 FOREIGN KEY (record) REFERENCES records (id) ON DELETE CASCADE; - CREATE TABLE IF NOT EXISTS options ( name varchar(255) NOT NULL, value varchar(2000) DEFAULT NULL, PRIMARY KEY (name) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; +DELETE FROM options where name='schema_version'; + INSERT INTO options(name,value) VALUES ('schema_version', 4); CREATE TABLE IF NOT EXISTS supermasters ( @@ -159,7 +154,7 @@ CREATE TABLE IF NOT EXISTS domains ( name VARCHAR(255) NOT NULL, master VARCHAR(128) DEFAULT NULL, last_check INT DEFAULT NULL, - \"type\" VARCHAR(6) NOT NULL, + type VARCHAR(6) NOT NULL, notified_serial INT DEFAULT NULL, account VARCHAR(40) DEFAULT NULL, CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT))) @@ -171,7 +166,7 @@ CREATE TABLE IF NOT EXISTS records ( id SERIAL PRIMARY KEY, domain_id INT DEFAULT NULL, name VARCHAR(255) DEFAULT NULL, - \"type\" VARCHAR(10) DEFAULT NULL, + type VARCHAR(10) DEFAULT NULL, content VARCHAR(65535) DEFAULT NULL, ttl INT DEFAULT NULL, prio INT DEFAULT NULL, @@ -190,24 +185,24 @@ CREATE INDEX IF NOT EXISTS nametype_index ON records(name,type); CREATE INDEX IF NOT EXISTS domain_id ON records(domain_id); CREATE INDEX IF NOT EXISTS recordorder ON records (domain_id, ordername text_pattern_ops); -CREATE TABLE IF NOT EXISTS \"user\" ( +CREATE TABLE IF NOT EXISTS users ( id SERIAL PRIMARY KEY, name varchar(50) NOT NULL, password varchar(200) NOT NULL, - \"type\" varchar(20) NOT NULL + type varchar(20) NOT NULL ); -CREATE UNIQUE INDEX IF NOT EXISTS user_name_index ON \"user\"(name); +CREATE UNIQUE INDEX IF NOT EXISTS user_name_index ON users(name); CREATE TABLE IF NOT EXISTS permissions ( - \"user\" INT NOT NULL, - \"domain\" INT NOT NULL, - PRIMARY KEY (\"user\",domain), + userid INT NOT NULL, + domain INT NOT NULL, + PRIMARY KEY (userid,domain), CONSTRAINT domain_exists FOREIGN KEY(domain) REFERENCES domains(id) ON DELETE CASCADE, CONSTRAINT user_exists - FOREIGN KEY(\"user\") REFERENCES \"user\"(id) + FOREIGN KEY(userid) REFERENCES users(id) ON DELETE CASCADE ); @@ -217,8 +212,8 @@ CREATE TABLE IF NOT EXISTS remote ( id SERIAL PRIMARY KEY, record INT NOT NULL, description varchar(255) NOT NULL, - \"type\" varchar(20) NOT NULL, - \"security\" varchar(2000) NOT NULL, + type varchar(20) NOT NULL, + security varchar(2000) NOT NULL, nonce varchar(255) DEFAULT NULL, CONSTRAINT record_exists FOREIGN KEY(record) REFERENCES records(id) @@ -233,6 +228,8 @@ CREATE TABLE IF NOT EXISTS options ( PRIMARY KEY (name) ); +DELETE FROM options where name='schema_version'; + INSERT INTO options(name,value) VALUES ('schema_version', 4); CREATE TABLE IF NOT EXISTS supermasters ( @@ -247,7 +244,7 @@ CREATE TABLE IF NOT EXISTS comments ( id SERIAL PRIMARY KEY, domain_id INT NOT NULL, name VARCHAR(255) NOT NULL, - \"type\" VARCHAR(10) NOT NULL, + type VARCHAR(10) NOT NULL, modified_at INT NOT NULL, account VARCHAR(40) DEFAULT NULL, comment VARCHAR(65535) NOT NULL, @@ -318,7 +315,7 @@ if (!isset($retval)) { $db->commit(); - $stmt = $db->prepare("INSERT INTO \"user\"(name,password,type) VALUES (:user,:hash,'admin')"); + $stmt = $db->prepare("INSERT INTO users(name,password,type) VALUES (:user,:hash,'admin')"); $stmt->bindValue(':user', $input->userName, PDO::PARAM_STR); $stmt->bindValue(':hash', $passwordHash, PDO::PARAM_STR); $stmt->execute(); diff --git a/api/password.php b/api/password.php index 7c48f93..60d41c2 100644 --- a/api/password.php +++ b/api/password.php @@ -30,7 +30,7 @@ if(!isset($input->csrfToken) || $input->csrfToken !== $_SESSION['csrfToken']) { if(isset($input->action) && $input->action == "changePassword") { $passwordHash = password_hash($input->password, PASSWORD_DEFAULT); - $stmt = $db->prepare("UPDATE \"user\" SET password=:password WHERE id=:id"); + $stmt = $db->prepare("UPDATE users SET password=:password WHERE id=:id"); $stmt->bindValue(':password', $passwordHash, PDO::PARAM_STR); $stmt->bindValue(':id', $_SESSION['id'], PDO::PARAM_INT); $stmt->execute(); diff --git a/api/upgrade.php b/api/upgrade.php index 9f1255c..19e4323 100644 --- a/api/upgrade.php +++ b/api/upgrade.php @@ -174,8 +174,58 @@ if(isset($input->action) && $input->action == "requestUpgrade") { UNIQUE KEY namealgoindex (name, algorithm) ) Engine=InnoDB DEFAULT CHARSET=latin1; - ALTER TABLE user ADD UNIQUE KEY user_name_index (name); + DELETE FROM permissions + WHERE user IN ( + SELECT id FROM user + LEFT OUTER JOIN ( + SELECT MIN(U.id) AS minid, U.name + FROM user AS U + GROUP BY U.name + ) as KeepRows ON user.id = KeepRows.minid + WHERE KeepRows.minid IS NULL + ); + + ALTER TABLE permissions ADD userid INT NOT NULL; + UPDATE permissions SET userid = user; + + ALTER TABLE permissions DROP FOREIGN KEY permissions_ibfk_2; + + ALTER TABLE permissions DROP user; + + CREATE TABLE IF NOT EXISTS users ( + id int(11) NOT NULL, + name varchar(50) NOT NULL, + password varchar(200) NOT NULL, + type varchar(20) NOT NULL, + PRIMARY KEY (id) + ) ENGINE=InnoDB DEFAULT CHARSET=latin1; + + INSERT INTO users (id, name, password, type) SELECT id, name, password, type FROM user; + + DELETE FROM users + WHERE users.id IN ( + SELECT user.id FROM user + LEFT OUTER JOIN ( + SELECT MIN(U.id) AS minid, U.name + FROM user AS U + GROUP BY U.name + ) as KeepRows ON user.id = KeepRows.minid + WHERE KeepRows.minid IS NULL + ); + + ALTER TABLE users ADD CONSTRAINT UNIQUE KEY user_name_index (name); + + ALTER TABLE users MODIFY COLUMN id int(11) NOT NULL AUTO_INCREMENT; + + ALTER TABLE permissions ADD CONSTRAINT permissions_ibfk_2 FOREIGN KEY (userid) REFERENCES users (id) ON DELETE CASCADE; + + DROP TABLE user; + + UPDATE domains SET name=LOWER(name); + + UPDATE records SET name=LOWER(name); + UPDATE options SET value=4 WHERE name='schema_version'; "; $sql["pgsql"] = "UPDATE options SET value=4 WHERE name='schema_version';"; diff --git a/api/users.php b/api/users.php index 75c7a2d..d4d31c3 100644 --- a/api/users.php +++ b/api/users.php @@ -36,7 +36,7 @@ if(isset($input->action) && $input->action == "getUsers") { $sql = " SELECT id,name,type - FROM \"user\" + FROM users WHERE (name LIKE :name1 OR :name2) AND (type=:type1 OR :type2) @@ -96,11 +96,11 @@ if(isset($input->action) && $input->action == "deleteUser") { $db->beginTransaction(); - $stmt = $db->prepare("DELETE FROM permissions WHERE \"user\"=:userid"); + $stmt = $db->prepare("DELETE FROM permissions WHERE userid=:userid"); $stmt->bindValue(':userid', $userId, PDO::PARAM_INT); $stmt->execute(); - $stmt = $db->prepare("DELETE FROM \"user\" WHERE id=:id"); + $stmt = $db->prepare("DELETE FROM users WHERE id=:id"); $stmt->bindValue(':id', $userId, PDO::PARAM_INT); $stmt->execute();