deblan/pdnsmanager
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
pdnsmanager/api/domains.php
Alexander Dormann 21c9ecba05 Implement ONLY_FULL_GROUP_BY compatibility (#15) 
SQL92 requires that all columns (except aggregates) in the select clause
is part of the group by clause. SQL99 loosens this restriction a bit and
states that all columns in the select clause must be functionally
dependent of the group by clause.

This commit fixes all partial GROUP BY queries to be compatible with
SQL92. Previously, when MySQLs sql_mode included ONLY_FULL_GROUP_BY,
aggregating queries failed, resulting in an empty domain listing.
2016-05-14 11:56:18 +02:00

134 lines
3.6 KiB
PHP
Raw Blame History

<?php
/*
* Copyright 2016 Lukas Metzger <developer@lukas-metzger.com>.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
require_once '../config/config-default.php';
require_once '../lib/database.php';
require_once '../lib/session.php';
$input = json_decode(file_get_contents('php://input'));
if(!isset($input->csrfToken) || $input->csrfToken !== $_SESSION['csrfToken']) {
echo "Permission denied!";
exit();
}
if(isset($input->action) && $input->action == "getDomains") {
$sql = "
SELECT D.id,D.name,D.type,count(R.domain_id) AS records
FROM domains D
LEFT OUTER JOIN records R ON D.id = R.domain_id
LEFT OUTER JOIN permissions P ON D.id = P.domain
WHERE (P.user=? OR ?)
GROUP BY D.id, D.name, D.type
HAVING
(D.name LIKE ? OR ?) AND
(D.type=? OR ?)
";
if(isset($input->sort->field) && $input->sort->field != "") {
if($input->sort->field == "id") {
$sql .= "ORDER BY id";
} else if($input->sort->field == "name") {
$sql .= "ORDER BY name";
} else if($input->sort->field == "type") {
$sql .= "ORDER BY type";
} else if($input->sort->field == "records") {
$sql .= "ORDER BY records";
}
if(isset($input->sort->order)) {
if($input->sort->order == 0) {
$sql .= " DESC";
} else if($input->sort->order == 1) {
$sql .= " ASC";
}
}
}
$stmt = $db->prepare($sql);
if(isset($input->name)) {
$name_filter = "%" . $input->name . "%";
$name_filter_used = 0;
} else {
$name_filter = "";
$name_filter_used = 1;
}
$id_filter = $_SESSION['id'];
$id_filter_used = (int)($_SESSION['type'] == "admin" ? 1 : 0);
if(isset($input->type)) {
$type_filter = $input->type;
$type_filter_used = 0;
} else {
$type_filter = "";
$type_filter_used = 1;
}
$stmt->bind_param("sisiii",
$id_filter, $id_filter_used,
$name_filter, $name_filter_used,
$type_filter, $type_filter_used
);
$stmt->execute();
$result = $stmt->get_result();
$retval = Array();
while($obj = $result->fetch_object()) {
$retval[] = $obj;
}
}
if(isset($input->action) && $input->action == "deleteDomain") {
$domainId = $input->id;
$db->autocommit(false);
$stmt = $db->prepare("DELETE FROM permissions WHERE domain=?");
$stmt->bind_param("i", $domainId);
$stmt->execute();
$stmt->close();
$stmt = $db->prepare("DELETE FROM remote WHERE record IN (SELECT id FROM records WHERE domain_id=?)");
$stmt->bind_param("i", $domainId);
$stmt->execute();
$stmt->close();
$stmt = $db->prepare("DELETE FROM records WHERE domain_id=?");
$stmt->bind_param("i", $domainId);
$stmt->execute();
$stmt->close();
$stmt = $db->prepare("DELETE FROM domains WHERE id=?");
$stmt->bind_param("i", $domainId);
$stmt->execute();
$stmt->close();
$db->commit();
}
if(isset($retval)) {
echo json_encode($retval);
} else {
echo "{}";
}
Reference in a new issue View git blame Copy permalink