<?php use function Hestiacp\quoteshellarg\quoteshellarg; ob_start(); $TAB = "DB"; // Main include include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php"; // Check database id if (empty($_GET["database"])) { header("Location: /list/db/"); exit(); } // Edit as someone else? if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) { $user = quoteshellarg($_GET["user"]); $user_plain = htmlentities($_GET["user"]); } // List datbase $v_database = $_GET["database"]; exec( HESTIA_CMD . "v-list-database " . $user . " " . quoteshellarg($v_database) . " 'json'", $output, $return_var, ); check_return_code_redirect($return_var, $output, "/list/db/"); $data = json_decode(implode("", $output), true); unset($output); // Parse database $v_username = $user; $v_dbuser = preg_replace("/^" . $user_plain . "_/", "", $data[$v_database]["DBUSER"]); $v_password = ""; $v_host = $data[$v_database]["HOST"]; $v_type = $data[$v_database]["TYPE"]; $v_charset = $data[$v_database]["CHARSET"]; $v_date = $data[$v_database]["DATE"]; $v_time = $data[$v_database]["TIME"]; $v_suspended = $data[$v_database]["SUSPENDED"]; if ($v_suspended == "yes") { $v_status = "suspended"; } else { $v_status = "active"; } // Check POST request if (!empty($_POST["save"])) { $v_username = $user; // Check token verify_csrf($_POST); // Change database user if ($v_dbuser != $_POST["v_dbuser"] && empty($_SESSION["error_msg"])) { $cmd = implode(" ", [ HESTIA_CMD . "v-change-database-user", // $user is already shell-quoted $user, quoteshellarg($v_database), quoteshellarg($_POST["v_dbuser"]), ]); exec($cmd, $output, $return_var); check_return_code($return_var, $output); unset($output); } // Change database password if (!empty($_POST["v_password"]) && empty($_SESSION["error_msg"])) { if (!validate_password($_POST["v_password"])) { $_SESSION["error_msg"] = _("Password does not match the minimum requirements."); } else { $v_password = tempnam("/tmp", "vst"); $fp = fopen($v_password, "w"); fwrite($fp, $_POST["v_password"] . "\n"); fclose($fp); exec( HESTIA_CMD . "v-change-database-password " . $user . " " . quoteshellarg($v_database) . " " . $v_password, $output, $return_var, ); check_return_code($return_var, $output); unset($output); unlink($v_password); $v_password = quoteshellarg($_POST["v_password"]); } } // Set success message if (empty($_SESSION["error_msg"])) { $_SESSION["ok_msg"] = _("Changes have been saved."); } // if the mysql username was changed, render_page() below will render with the OLD mysql username, // to prvent that, make the browser refresh the page. http_response_code(303); header("Location: " . $_SERVER["REQUEST_URI"]); die(); } // Render page render_page($user, $TAB, "edit_db"); // Flush session messages unset($_SESSION["error_msg"]); unset($_SESSION["ok_msg"]);