Updated upgrade scripts for MySQL

Renamed the user table to users and added a unique key to it so
duplicate users can't be created.

Upgrade scripts delete duplicates and keep the lowest id (which is what
would have been used for authentication anyway, i.e. other users were
useless).

Added upgrade script to put domains names and records names to lower
case text as is required by postgres.
This commit is contained in:
lamclennan 2017-01-08 14:15:31 +10:00
parent b9efd906e5
commit d9f4b20448
9 changed files with 99 additions and 52 deletions

View file

@ -39,7 +39,7 @@ if(isset($input->action) && $input->action == "getDomains") {
SELECT COUNT(*) AS anzahl
FROM domains D
LEFT OUTER JOIN permissions P ON D.id = P.domain
WHERE (P.\"user\"=:user1 OR :user2) AND
WHERE (P.userid=:user1 OR :user2) AND
(D.name LIKE :name1 OR :name2) AND
(D.type=:type1 OR :type2)
";
@ -91,7 +91,7 @@ if(isset($input->action) && $input->action == "getDomains") {
FROM domains D
LEFT OUTER JOIN records R ON D.id = R.domain_id
LEFT OUTER JOIN permissions P ON D.id = P.domain
WHERE (P.\"user\"=:user1 OR :user2)
WHERE (P.userid=:user1 OR :user2)
GROUP BY D.id, D.name, D.type
HAVING
(D.name LIKE :name1 OR :name2) AND

View file

@ -31,7 +31,7 @@ if(!isset($input->csrfToken) || $input->csrfToken !== $_SESSION['csrfToken']) {
//Permission check
if(isset($input->domain)) {
$permquery = $db->prepare("SELECT COUNT(*) FROM permissions WHERE \"user\"=:user AND domain=:domain");
$permquery = $db->prepare("SELECT COUNT(*) FROM permissions WHERE userid=:user AND domain=:domain");
$permquery->bindValue(':user', $_SESSION['id'], PDO::PARAM_INT);
$permquery->bindValue(':domain', $input->domain, PDO::PARAM_INT);
$permquery->execute();

View file

@ -29,7 +29,7 @@ if(!isset($input->csrfToken) || $input->csrfToken !== $_SESSION['csrfToken']) {
//Permission check
if(isset($input->record)) {
$permquery = $db->prepare("SELECT COUNT(*) FROM records JOIN permissions ON records.domain_id=permissions.domain WHERE \"user\"=:user AND records.id=:id");
$permquery = $db->prepare("SELECT COUNT(*) FROM records JOIN permissions ON records.domain_id=permissions.domain WHERE userid=:user AND records.id=:id");
$permquery->bindValue(':user', $_SESSION['id'], PDO::PARAM_INT);
$permquery->bindValue(':id', $input->record, PDO::PARAM_INT);
$permquery->execute();

View file

@ -37,14 +37,14 @@ if(isset($input->action) && $input->action == "addUser") {
$db->beginTransaction();
$stmt = $db->prepare("INSERT INTO \"user\"(name,password,type) VALUES (:name,:password,:type)");
$stmt = $db->prepare("INSERT INTO users(name,password,type) VALUES (:name,:password,:type)");
$stmt->bindValue(':name', $input->name, PDO::PARAM_STR);
$stmt->bindValue(':password', $passwordHash, PDO::PARAM_STR);
$stmt->bindValue(':type', $input->type, PDO::PARAM_STR);
$stmt->execute();
$stmt = $db->prepare("SELECT MAX(id) FROM \"user\" WHERE name=:name AND password=:password AND type=:type");
$stmt = $db->prepare("SELECT MAX(id) FROM users WHERE name=:name AND password=:password AND type=:type");
$stmt->bindValue(':name', $input->name, PDO::PARAM_STR);
$stmt->bindValue(':password', $passwordHash, PDO::PARAM_STR);
$stmt->bindValue(':type', $input->type, PDO::PARAM_STR);
@ -58,7 +58,7 @@ if(isset($input->action) && $input->action == "addUser") {
}
if(isset($input->action) && $input->action == "getUserData") {
$stmt = $db->prepare("SELECT name,type FROM \"user\" WHERE id=:id LIMIT 1");
$stmt = $db->prepare("SELECT name,type FROM users WHERE id=:id LIMIT 1");
$stmt->bindValue(':id', $input->id, PDO::PARAM_INT);
$stmt->execute();
$stmt->bindColumn('name', $userName);
@ -73,14 +73,14 @@ if(isset($input->action) && $input->action == "getUserData") {
if(isset($input->action) && $input->action == "saveUserChanges") {
if(isset($input->password)) {
$passwordHash = password_hash($input->password, PASSWORD_DEFAULT);
$stmt = $db->prepare("UPDATE \"user\" SET name=:name,password=:password,type=:type WHERE id=:id");
$stmt = $db->prepare("UPDATE users SET name=:name,password=:password,type=:type WHERE id=:id");
$stmt->bindValue(':name', $input->name, PDO::PARAM_STR);
$stmt->bindValue(':password', $passwordHash, PDO::PARAM_STR);
$stmt->bindValue(':type', $input->type, PDO::PARAM_STR);
$stmt->bindValue(':id', $input->id, PDO::PARAM_INT);
$stmt->execute();
} else {
$stmt = $db->prepare("UPDATE \"user\" SET name=:name,type=:type WHERE id=:id");
$stmt = $db->prepare("UPDATE users SET name=:name,type=:type WHERE id=:id");
$stmt->bindValue(':name', $input->name, PDO::PARAM_STR);
$stmt->bindValue(':type', $input->type, PDO::PARAM_STR);
$stmt->bindValue(':id', $input->id, PDO::PARAM_INT);
@ -94,7 +94,7 @@ if(isset($input->action) && $input->action == "getPermissions") {
SELECT D.id,D.name
FROM permissions P
JOIN domains D ON P.domain=D.id
WHERE P.\"user\"=:user
WHERE P.userid=:user
");
$stmt->bindValue(':user', $input->id, PDO::PARAM_INT);
@ -109,7 +109,7 @@ if(isset($input->action) && $input->action == "getPermissions") {
if(isset($input->action) && $input->action == "removePermission") {
$stmt = $db->prepare("DELETE FROM permissions WHERE \"user\"=:user AND domain=:domain");
$stmt = $db->prepare("DELETE FROM permissions WHERE userid=:user AND domain=:domain");
$stmt->bindValue(':user', $input->userId, PDO::PARAM_INT);
$stmt->bindValue(':domain', $input->domainId, PDO::PARAM_INT);
@ -117,7 +117,7 @@ if(isset($input->action) && $input->action == "removePermission") {
}
if(isset($input->action) && $input->action == "searchDomains" && isset($input->term)) {
$stmt = $db->prepare("SELECT id,name AS text FROM domains WHERE name LIKE :name AND id NOT IN(SELECT domain FROM permissions WHERE \"user\"=:user)");
$stmt = $db->prepare("SELECT id,name AS text FROM domains WHERE name LIKE :name AND id NOT IN(SELECT domain FROM permissions WHERE userid=:user)");
$searchTerm = "%" . $input->term . "%";
@ -133,7 +133,7 @@ if(isset($input->action) && $input->action == "searchDomains" && isset($input->t
}
if(isset($input->action) && $input->action == "addPermissions") {
$stmt = $db->prepare("INSERT INTO permissions(\"user\",domain) VALUES (:user,:domain)");
$stmt = $db->prepare("INSERT INTO permissions(userid,domain) VALUES (:user,:domain)");
foreach($input->domains as $domain) {
$stmt->bindValue(':user', $input->userId, PDO::PARAM_INT);

View file

@ -21,7 +21,7 @@ require_once '../lib/database.php';
$input = json_decode(file_get_contents('php://input'));
$stmt = $db->prepare("SELECT id,password,type FROM \"user\" WHERE name=:name LIMIT 1");
$stmt = $db->prepare("SELECT id,password,type FROM users WHERE name=:name LIMIT 1");
$stmt->bindValue(':name', $input->user, PDO::PARAM_STR);
$stmt->execute();
$stmt->bindColumn('id', $id);

View file

@ -38,13 +38,6 @@ CREATE TABLE IF NOT EXISTS domains (
UNIQUE KEY name_index (name)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
CREATE TABLE IF NOT EXISTS permissions (
user int(11) NOT NULL,
domain int(11) NOT NULL,
PRIMARY KEY (user,domain),
KEY domain (domain)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
CREATE TABLE IF NOT EXISTS records (
id int(11) NOT NULL AUTO_INCREMENT,
domain_id int(11) DEFAULT NULL,
@ -59,13 +52,11 @@ CREATE TABLE IF NOT EXISTS records (
PRIMARY KEY (id),
KEY rec_name_index (name),
KEY nametype_index (name,type),
KEY domain_id (domain_id)
KEY domain_id (domain_id),
CONSTRAINT records_ibfk_1 FOREIGN KEY (domain_id) REFERENCES domains (id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
ALTER TABLE records
ADD CONSTRAINT records_ibfk_1 FOREIGN KEY (domain_id) REFERENCES domains (id) ON DELETE CASCADE;
CREATE TABLE IF NOT EXISTS user (
CREATE TABLE IF NOT EXISTS users (
id int(11) NOT NULL AUTO_INCREMENT,
name varchar(50) NOT NULL,
password varchar(200) NOT NULL,
@ -74,10 +65,14 @@ CREATE TABLE IF NOT EXISTS user (
UNIQUE KEY user_name_index (name)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
ALTER TABLE permissions
ADD CONSTRAINT permissions_ibfk_1 FOREIGN KEY (domain) REFERENCES domains (id) ON DELETE CASCADE;
ALTER TABLE permissions
ADD CONSTRAINT permissions_ibfk_2 FOREIGN KEY (user) REFERENCES user (id) ON DELETE CASCADE;
CREATE TABLE IF NOT EXISTS permissions (
userid int(11) NOT NULL,
domain int(11) NOT NULL,
PRIMARY KEY (userid,domain),
KEY domain (domain),
CONSTRAINT permissions_ibfk_1 FOREIGN KEY (domain) REFERENCES domains (id) ON DELETE CASCADE,
CONSTRAINT permissions_ibfk_2 FOREIGN KEY (userid) REFERENCES users (id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
CREATE TABLE IF NOT EXISTS remote (
id int(11) NOT NULL AUTO_INCREMENT,
@ -87,18 +82,18 @@ CREATE TABLE IF NOT EXISTS remote (
security varchar(2000) NOT NULL,
nonce varchar(255) DEFAULT NULL,
PRIMARY KEY (id),
KEY record (record)
KEY record (record),
CONSTRAINT remote_ibfk_1 FOREIGN KEY (record) REFERENCES records (id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
ALTER TABLE remote
ADD CONSTRAINT remote_ibfk_1 FOREIGN KEY (record) REFERENCES records (id) ON DELETE CASCADE;
CREATE TABLE IF NOT EXISTS options (
name varchar(255) NOT NULL,
value varchar(2000) DEFAULT NULL,
PRIMARY KEY (name)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
DELETE FROM options where name='schema_version';
INSERT INTO options(name,value) VALUES ('schema_version', 4);
CREATE TABLE IF NOT EXISTS supermasters (
@ -159,7 +154,7 @@ CREATE TABLE IF NOT EXISTS domains (
name VARCHAR(255) NOT NULL,
master VARCHAR(128) DEFAULT NULL,
last_check INT DEFAULT NULL,
\"type\" VARCHAR(6) NOT NULL,
type VARCHAR(6) NOT NULL,
notified_serial INT DEFAULT NULL,
account VARCHAR(40) DEFAULT NULL,
CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
@ -171,7 +166,7 @@ CREATE TABLE IF NOT EXISTS records (
id SERIAL PRIMARY KEY,
domain_id INT DEFAULT NULL,
name VARCHAR(255) DEFAULT NULL,
\"type\" VARCHAR(10) DEFAULT NULL,
type VARCHAR(10) DEFAULT NULL,
content VARCHAR(65535) DEFAULT NULL,
ttl INT DEFAULT NULL,
prio INT DEFAULT NULL,
@ -190,24 +185,24 @@ CREATE INDEX IF NOT EXISTS nametype_index ON records(name,type);
CREATE INDEX IF NOT EXISTS domain_id ON records(domain_id);
CREATE INDEX IF NOT EXISTS recordorder ON records (domain_id, ordername text_pattern_ops);
CREATE TABLE IF NOT EXISTS \"user\" (
CREATE TABLE IF NOT EXISTS users (
id SERIAL PRIMARY KEY,
name varchar(50) NOT NULL,
password varchar(200) NOT NULL,
\"type\" varchar(20) NOT NULL
type varchar(20) NOT NULL
);
CREATE UNIQUE INDEX IF NOT EXISTS user_name_index ON \"user\"(name);
CREATE UNIQUE INDEX IF NOT EXISTS user_name_index ON users(name);
CREATE TABLE IF NOT EXISTS permissions (
\"user\" INT NOT NULL,
\"domain\" INT NOT NULL,
PRIMARY KEY (\"user\",domain),
userid INT NOT NULL,
domain INT NOT NULL,
PRIMARY KEY (userid,domain),
CONSTRAINT domain_exists
FOREIGN KEY(domain) REFERENCES domains(id)
ON DELETE CASCADE,
CONSTRAINT user_exists
FOREIGN KEY(\"user\") REFERENCES \"user\"(id)
FOREIGN KEY(userid) REFERENCES users(id)
ON DELETE CASCADE
);
@ -217,8 +212,8 @@ CREATE TABLE IF NOT EXISTS remote (
id SERIAL PRIMARY KEY,
record INT NOT NULL,
description varchar(255) NOT NULL,
\"type\" varchar(20) NOT NULL,
\"security\" varchar(2000) NOT NULL,
type varchar(20) NOT NULL,
security varchar(2000) NOT NULL,
nonce varchar(255) DEFAULT NULL,
CONSTRAINT record_exists
FOREIGN KEY(record) REFERENCES records(id)
@ -233,6 +228,8 @@ CREATE TABLE IF NOT EXISTS options (
PRIMARY KEY (name)
);
DELETE FROM options where name='schema_version';
INSERT INTO options(name,value) VALUES ('schema_version', 4);
CREATE TABLE IF NOT EXISTS supermasters (
@ -247,7 +244,7 @@ CREATE TABLE IF NOT EXISTS comments (
id SERIAL PRIMARY KEY,
domain_id INT NOT NULL,
name VARCHAR(255) NOT NULL,
\"type\" VARCHAR(10) NOT NULL,
type VARCHAR(10) NOT NULL,
modified_at INT NOT NULL,
account VARCHAR(40) DEFAULT NULL,
comment VARCHAR(65535) NOT NULL,
@ -318,7 +315,7 @@ if (!isset($retval)) {
$db->commit();
$stmt = $db->prepare("INSERT INTO \"user\"(name,password,type) VALUES (:user,:hash,'admin')");
$stmt = $db->prepare("INSERT INTO users(name,password,type) VALUES (:user,:hash,'admin')");
$stmt->bindValue(':user', $input->userName, PDO::PARAM_STR);
$stmt->bindValue(':hash', $passwordHash, PDO::PARAM_STR);
$stmt->execute();

View file

@ -30,7 +30,7 @@ if(!isset($input->csrfToken) || $input->csrfToken !== $_SESSION['csrfToken']) {
if(isset($input->action) && $input->action == "changePassword") {
$passwordHash = password_hash($input->password, PASSWORD_DEFAULT);
$stmt = $db->prepare("UPDATE \"user\" SET password=:password WHERE id=:id");
$stmt = $db->prepare("UPDATE users SET password=:password WHERE id=:id");
$stmt->bindValue(':password', $passwordHash, PDO::PARAM_STR);
$stmt->bindValue(':id', $_SESSION['id'], PDO::PARAM_INT);
$stmt->execute();

View file

@ -174,8 +174,58 @@ if(isset($input->action) && $input->action == "requestUpgrade") {
UNIQUE KEY namealgoindex (name, algorithm)
) Engine=InnoDB DEFAULT CHARSET=latin1;
ALTER TABLE user ADD UNIQUE KEY user_name_index (name);
DELETE FROM permissions
WHERE user IN (
SELECT id FROM user
LEFT OUTER JOIN (
SELECT MIN(U.id) AS minid, U.name
FROM user AS U
GROUP BY U.name
) as KeepRows ON user.id = KeepRows.minid
WHERE KeepRows.minid IS NULL
);
ALTER TABLE permissions ADD userid INT NOT NULL;
UPDATE permissions SET userid = user;
ALTER TABLE permissions DROP FOREIGN KEY permissions_ibfk_2;
ALTER TABLE permissions DROP user;
CREATE TABLE IF NOT EXISTS users (
id int(11) NOT NULL,
name varchar(50) NOT NULL,
password varchar(200) NOT NULL,
type varchar(20) NOT NULL,
PRIMARY KEY (id)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
INSERT INTO users (id, name, password, type) SELECT id, name, password, type FROM user;
DELETE FROM users
WHERE users.id IN (
SELECT user.id FROM user
LEFT OUTER JOIN (
SELECT MIN(U.id) AS minid, U.name
FROM user AS U
GROUP BY U.name
) as KeepRows ON user.id = KeepRows.minid
WHERE KeepRows.minid IS NULL
);
ALTER TABLE users ADD CONSTRAINT UNIQUE KEY user_name_index (name);
ALTER TABLE users MODIFY COLUMN id int(11) NOT NULL AUTO_INCREMENT;
ALTER TABLE permissions ADD CONSTRAINT permissions_ibfk_2 FOREIGN KEY (userid) REFERENCES users (id) ON DELETE CASCADE;
DROP TABLE user;
UPDATE domains SET name=LOWER(name);
UPDATE records SET name=LOWER(name);
UPDATE options SET value=4 WHERE name='schema_version';
";
$sql["pgsql"] = "UPDATE options SET value=4 WHERE name='schema_version';";

View file

@ -36,7 +36,7 @@ if(isset($input->action) && $input->action == "getUsers") {
$sql = "
SELECT id,name,type
FROM \"user\"
FROM users
WHERE
(name LIKE :name1 OR :name2) AND
(type=:type1 OR :type2)
@ -96,11 +96,11 @@ if(isset($input->action) && $input->action == "deleteUser") {
$db->beginTransaction();
$stmt = $db->prepare("DELETE FROM permissions WHERE \"user\"=:userid");
$stmt = $db->prepare("DELETE FROM permissions WHERE userid=:userid");
$stmt->bindValue(':userid', $userId, PDO::PARAM_INT);
$stmt->execute();
$stmt = $db->prepare("DELETE FROM \"user\" WHERE id=:id");
$stmt = $db->prepare("DELETE FROM users WHERE id=:id");
$stmt->bindValue(':id', $userId, PDO::PARAM_INT);
$stmt->execute();