equal
deleted
inserted
replaced
177 { |
177 { |
178 static $conn = false; |
178 static $conn = false; |
179 if ( $act_get ) |
179 if ( $act_get ) |
180 return $conn; |
180 return $conn; |
181 |
181 |
182 $db_user = mysql_real_escape_string($_POST['db_user']); |
182 $db_user =& $_POST['db_user']; |
183 $db_pass = mysql_real_escape_string($_POST['db_pass']); |
183 $db_pass =& $_POST['db_pass']; |
184 $db_name = mysql_real_escape_string($_POST['db_name']); |
184 $db_name =& $_POST['db_name']; |
185 |
185 |
186 if ( !preg_match('/^[a-z0-9_]+$/', $db_name) ) |
186 if ( !preg_match('/^[a-z0-9_]+$/', $db_name) ) |
187 die("<p>SECURITY: malformed database name</p>"); |
187 { |
|
188 die('<pre>' . htmlspecialchars(print_r($_POST, true)) . '</pre>'); |
|
189 $db_name = htmlspecialchars($db_name); |
|
190 die("<p>SECURITY: malformed database name \"$db_name\"</p>"); |
|
191 } |
188 |
192 |
189 // First, try to connect using the normal credentials |
193 // First, try to connect using the normal credentials |
190 $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']); |
194 $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']); |
191 if ( !$conn ) |
195 if ( !$conn ) |
192 { |
196 { |
197 if ( !$conn_root ) |
201 if ( !$conn_root ) |
198 { |
202 { |
199 // Couldn't connect using either set of credentials. Bail out. |
203 // Couldn't connect using either set of credentials. Bail out. |
200 return false; |
204 return false; |
201 } |
205 } |
|
206 unset($db_user, $db_pass); |
|
207 $db_user = mysql_real_escape_string($_POST['db_user']); |
|
208 $db_pass = mysql_real_escape_string($_POST['db_pass']); |
202 // Create the user account |
209 // Create the user account |
203 $q = @mysql_query("GRANT ALL PRIVILEGES ON test.* TO '{$db_user}'@'localhost' IDENTIFIED BY '$db_pass' WITH GRANT OPTION;", $conn_root); |
210 $q = @mysql_query("GRANT ALL PRIVILEGES ON test.* TO '{$db_user}'@'localhost' IDENTIFIED BY '$db_pass' WITH GRANT OPTION;", $conn_root); |
204 if ( !$q ) |
211 if ( !$q ) |
205 { |
212 { |
206 return false; |
213 return false; |
246 if ( !$q ) |
253 if ( !$q ) |
247 { |
254 { |
248 // this really should never fail, so don't give any tolerance to it |
255 // this really should never fail, so don't give any tolerance to it |
249 return false; |
256 return false; |
250 } |
257 } |
|
258 unset($db_user, $db_pass); |
|
259 $db_user = mysql_real_escape_string($_POST['db_user']); |
|
260 $db_pass = mysql_real_escape_string($_POST['db_pass']); |
251 // we're in with root rights; grant access to the database |
261 // we're in with root rights; grant access to the database |
252 $q = @mysql_query("GRANT ALL PRIVILEGES ON $db_name.* TO '{$db_user}'@'localhost';", $conn_root); |
262 $q = @mysql_query("GRANT ALL PRIVILEGES ON $db_name.* TO '{$db_user}'@'localhost';", $conn_root); |
253 if ( !$q ) |
263 if ( !$q ) |
254 { |
264 { |
255 return false; |
265 return false; |