diff --unified --recursive /tmp/mantis-1.0.6/admin/install.php mantis/admin/install.php --- /tmp/mantis-1.0.6/admin/install.php 2006-05-05 12:03:24.000000000 -0400 +++ mantis/admin/install.php 2006-12-02 08:25:47.000000000 -0500 @@ -145,7 +145,7 @@ Checking PHP version (your version is ) - ServerInfo(); + # check if db exists for the admin $t_result = @$g_db->Connect($f_hostname, $f_admin_username, $f_admin_password, $f_database_name); if ( $t_result ) { @@ -273,6 +276,7 @@ } else { print_test_result( BAD, true, 'Does administrative user have access to the database? ( ' . db_error_msg() . ' )' ); } + $g_db->Close(); ?> @@ -281,8 +285,6 @@ Checking Database Server Version ServerInfo(); echo '
Running ' . $f_db_type . ' version ' . $t_version_info['description']; ?> @@ -293,7 +295,7 @@ case 'mysql': case 'mysqli': if ( function_exists ( 'version_compare' ) ) { - if ( version_compare ( $t_version_info['version'] , '4.1.0', '>' ) ) { + if ( $t_version_info['version'] && version_compare ( $t_version_info['version'] , '4.1.0', '>' ) ) { $t_warning = 'Please ensure that your installation supports the new password scheme used in MySQL 4.1.0 and later. See ' . 'http://dev.mysql.com/doc/mysql/en/password-hashing.html.'; } @@ -318,14 +320,15 @@ $g_db = ADONewConnection($f_db_type); $t_result = @$g_db->Connect($f_hostname, $f_db_username, $f_db_password, $f_database_name); - if ( $t_result == true ) { + if ( $t_result ) { print_test_result( GOOD ); + $f_db_access = true; } else { print_test_result( BAD, false, 'Database user doesn\'t have access to the database ( ' . db_error_msg() . ' )' ); } + $g_db->Close(); ?> - Installing Database - + Create database if it does not exist Connect( $f_hostname, $f_admin_username, $f_admin_password, $f_database_name ); - $g_db->Close(); - - if ( $t_result == true ) { + if ( $f_db_exists ) { print_test_result( GOOD ); } else { // create db @@ -491,8 +491,9 @@ $dict = NewDataDictionary( $g_db ); $sqlarray = $dict->CreateDatabase( $f_database_name ); $ret = $dict->ExecuteSQLArray( $sqlarray ); - if( $ret == 2) { + if ( $ret == 2 ) { print_test_result( GOOD ); + $t_db_created = true; } else { print_test_result( BAD, true, 'Does administrative user have access to create the database? ( ' . db_error_msg() . ' )' ); $t_install_state--; # db creation failed, allow user to re-enter user/password info @@ -501,6 +502,102 @@ } ?> + + + + Create database user with privileges + + Connect($f_hostname, $f_admin_username, $f_admin_password); + + if ( $t_result ) { + # build list of tables (objects) + for ($i = 0; $i < sizeof($upgrade); $i++) { + switch ( $upgrade[$i][0] ) { + case 'CreateTableSQL': + $t_tables[$upgrade[$i][1][0]] = 1; + break; + case 'DropTableSQL': + unset($t_tables[$upgrade[$i][1][0]]); + break; + case 'RenameTableSQL': + unset($t_tables[$upgrade[$i][1][0]]); + $t_tables[$upgrade[$i][1][1]] = 1; + default: + } + } + + foreach ( $t_tables as $t_table => $t_ignore ) { + if ( $t_tablelist ) { + $t_tablelist .= ','.$t_table; + } else { + $t_tablelist = $t_table; + } + } + + switch ( $f_db_type ) { + case 'mysql': + case 'mysqli': + $t_sqlarray = Array( + 'GRANT ALL PRIVILEGES ON '.$f_database_name.'.* TO '.$f_db_username.'@'.$f_hostname.' IDENTIFIED BY \''.$f_db_password.'\'', + 'FLUSH PRIVILEGES' + ); + break; + case 'pgsql': + $t_sqlarray = Array( + 'CREATE USER '.$f_db_username.' WITH PASSWORD \''.$f_db_password.'\'', + 'USE '.$f_database_name, + 'GRANT ALL ON '.$t_tablelist.' TO '.$f_db_username + ); + break; + case 'mssql': + $t_sqlarray = Array( + 'CREATE LOGIN '.$f_dbusername.' WITH PASSWORD \''.$f_db_password.'\'', + 'USE '.$f_database_name, + 'CREATE USER '.$f_dbusername.' FOR LOGIN '.$f_dbusername, + 'GRANT ALL PRIVILEGES ON '.$t_tablelist.' TO '.$f_dbusername + ); + break; + case 'oci8': + $t_sqlarray = Array( + 'CREATE USER '.$f_dbusername.' IDENTIFIED BY '.$db_password, + 'GRANT ALL ON '.$t_tablelist.' TO '.$f_dbusername + ); + break; + default: + $t_sqlarray = Array(); + } + + for ($i = 0; $i < sizeof( $t_sqlarray ); $i++) { + $t_query = $t_sqlarray[$i]; +echo "$t_query
"; + $t_result = @$g_db->Execute( $t_query ); + if ( !$t_result ) { + break; + } # continue until error + } + + if ( $t_result ) { + print_test_result( GOOD ); + } else { + print_test_result( BAD, false, 'Administrative user could not grant database access to user ( ' . db_error_msg() . ' )' ); + } + } else { + print_test_result( BAD, true, 'Administrative user does not have access to the database ( ' . db_error_msg() . ' )' ); + } + $g_db->Close(); + ?> + + Attempting to connect to database as user @@ -509,8 +606,10 @@ $g_db = ADONewConnection($f_db_type); $t_result = @$g_db->Connect($f_hostname, $f_db_username, $f_db_password, $f_database_name); - if ( $t_result == true ) { + if ( $t_result ) { print_test_result( GOOD ); + $f_db_access = true; + $f_db_exists = true; } else { print_test_result( BAD, false, 'Database user doesn\'t have access to the database ( ' . db_error_msg() . ' )' ); } @@ -518,15 +617,13 @@ ?> Connect( $f_hostname, $f_admin_username, $f_admin_password, $f_database_name ); - if ( ! $f_log_queries ) { + if ( !$f_log_queries ) { $g_db_connected = true; # fake out database access routines used by config_get } $t_last_update = config_get( 'database_version', -1, ALL_USERS, ALL_PROJECTS ); @@ -536,8 +633,8 @@ echo ' Database Creation Suppressed, SQL Queries follow

';
 		}
 
-		while ( ( $i <= $lastid ) && ! $g_failed ) {
-			if ( ! $f_log_queries ) {
+		while ( ( $i <= $lastid ) && !$g_failed ) {
+			if ( !$f_log_queries ) {
 				echo 'Create Schema ( ' . $upgrade[$i][0] . ' on ' . $upgrade[$i][1][0] . ' )';
 			}
 
@@ -568,14 +665,13 @@
 			echo 'INSERT INTO mantis_config_table ( value, type, access_reqd, config_id, project_id, user_id ) VALUES (\'' . $lastid . '\', 1, 90, \'database_version\', 20, 0 );' . "\r\n";
 			echo '

Your database has not been created yet. Please create the database, then install the tables and data using the information above before proceeding.'; } - + $g_db->Close(); } if ( false == $g_failed ) { $t_install_state++; } else { $t_install_state--; } - ?> "> + # rather than the following line @@ -628,7 +725,7 @@ $t_config_filename = $g_absolute_path . 'config_inc.php'; if ( !file_exists ( $t_config_filename ) ) { - if ( $fd = @fopen( $t_config_filename, 'x' ) ) { + if ( $fd = @fopen( $t_config_filename, 'w' ) ) { fwrite( $fd, $t_config ); fclose( $fd ); } @@ -661,9 +758,7 @@ echo '

' . htmlentities( $t_config ) . '

'; } ?> - - - + @@ -694,7 +789,7 @@ $g_db = ADONewConnection($f_db_type); $t_result = @$g_db->Connect($f_hostname, $f_db_username, $f_db_password, $f_database_name); - if ( $t_result == true ) { + if ( $t_result ) { print_test_result( GOOD ); } else { print_test_result( BAD, false, 'Database user doesn\'t have access to the database ( ' . db_error_msg() . ' )' ); @@ -710,7 +805,7 @@ $t_query = "SELECT COUNT(*) FROM $t_mantis_config_table"; $t_result = @$g_db->Execute( $t_query ); - if ( $t_result != false ) { + if ( $t_result ) { print_test_result( GOOD ); } else { @@ -726,7 +821,7 @@ $t_query = "INSERT INTO $t_mantis_config_table ( value, type, access_reqd, config_id, project_id, user_id ) VALUES ('test', 1, 90, 'database_test', 20, 0 )"; $t_result = @$g_db->Execute( $t_query ); - if ( $t_result != false ) { + if ( $t_result ) { print_test_result( GOOD ); } else { @@ -742,7 +837,7 @@ $t_query = "UPDATE $t_mantis_config_table SET value='test_update' WHERE config_id='database_test'"; $t_result = @$g_db->Execute( $t_query ); - if ( $t_result != false ) { + if ( $t_result ) { print_test_result( GOOD ); } else { @@ -758,12 +853,13 @@ $t_query = "DELETE FROM $t_mantis_config_table WHERE config_id='database_test'"; $t_result = @$g_db->Execute( $t_query ); - if ( $t_result != false ) { + if ( $t_result ) { print_test_result( GOOD ); } else { print_test_result( BAD, true, 'Database user doesn\'t have DELETE access to the database ( ' . db_error_msg() . ' )' ); } + $g_db->Close(); ?> @@ -786,7 +882,7 @@ } # end install_state == 7 -if( $g_failed ) { +if ( $g_failed ) { ?> @@ -808,6 +904,7 @@ +

@@ -820,3 +917,4 @@ + diff --unified --recursive /tmp/mantis-1.0.6/admin/schema.php mantis/admin/schema.php --- /tmp/mantis-1.0.6/admin/schema.php 2006-02-19 09:42:24.000000000 -0500 +++ mantis/admin/schema.php 2006-12-01 20:36:47.000000000 -0500 @@ -26,7 +26,7 @@ user_id I DEFAULT '0' PRIMARY, access_reqd I DEFAULT '0', type I DEFAULT '90', - value XS NOTNULL", + value X NOTNULL", Array('mysql' => 'TYPE=MyISAM', 'pgsql' => 'WITHOUT OIDS'))); $upgrade[] = Array('CreateIndexSQL',Array('idx_config',config_get('mantis_config_table'),'config_id')); @@ -108,9 +108,9 @@ $upgrade[] = Array('CreateTableSQL',Array(config_get('mantis_bug_text_table')," id I PRIMARY UNSIGNED NOTNULL AUTOINCREMENT, - description XS NOTNULL, - steps_to_reproduce XS NOTNULL, - additional_information XS NOTNULL + description X NOTNULL, + steps_to_reproduce X NOTNULL, + additional_information X NOTNULL ",Array('mysql' => 'TYPE=MyISAM', 'pgsql' => 'WITHOUT OIDS'))); $upgrade[] = Array('CreateTableSQL',Array(config_get('mantis_bugnote_table')," @@ -129,7 +129,7 @@ $upgrade[] = Array('CreateTableSQL',Array(config_get('mantis_bugnote_text_table')," id I UNSIGNED NOTNULL PRIMARY AUTOINCREMENT, - note XS NOTNULL + note X NOTNULL ",Array('mysql' => 'TYPE=MyISAM', 'pgsql' => 'WITHOUT OIDS'))); $upgrade[] = Array('CreateTableSQL',Array(config_get('mantis_custom_field_project_table')," @@ -174,7 +174,7 @@ project_id I NOTNULL DEFAULT '0', is_public L DEFAULT NULL, name C(64) NOTNULL DEFAULT \" '' \", - filter_string XS NOTNULL + filter_string X NOTNULL ",Array('mysql' => 'TYPE=MyISAM', 'pgsql' => 'WITHOUT OIDS'))); $upgrade[] = Array('CreateTableSQL',Array(config_get('mantis_news_table')," @@ -186,7 +186,7 @@ view_state I2 NOTNULL DEFAULT '10', announcement L NOTNULL DEFAULT '0', headline C(64) NOTNULL DEFAULT \" '' \", - body XS NOTNULL + body X NOTNULL ",Array('mysql' => 'TYPE=MyISAM', 'pgsql' => 'WITHOUT OIDS'))); $upgrade[] = Array('CreateTableSQL',Array(config_get('mantis_project_category_table')," @@ -222,7 +222,7 @@ view_state I2 NOTNULL DEFAULT '10', access_min I2 NOTNULL DEFAULT '10', file_path C(250) NOTNULL DEFAULT \" '' \", - description XS NOTNULL + description X NOTNULL ",Array('mysql' => 'TYPE=MyISAM', 'pgsql' => 'WITHOUT OIDS'))); $upgrade[] = Array('CreateIndexSQL',Array('idx_project_id',config_get('mantis_project_table'),'id')); $upgrade[] = Array('CreateIndexSQL',Array('idx_project_name',config_get('mantis_project_table'),'name',Array('UNIQUE'))); @@ -240,7 +240,7 @@ project_id I UNSIGNED NOTNULL DEFAULT '0', version C(64) NOTNULL DEFAULT \" '' \", date_order T NOTNULL DEFAULT '1970-01-01 00:00:01', - description XS NOTNULL, + description X NOTNULL, released L NOTNULL DEFAULT '1' ",Array('mysql' => 'TYPE=MyISAM', 'pgsql' => 'WITHOUT OIDS'))); $upgrade[] = Array('CreateIndexSQL',Array('idx_project_version',config_get('mantis_project_version_table'),'project_id,version',Array('UNIQUE'))); @@ -265,7 +265,7 @@ type I NOTNULL, timestamp T NOTNULL, expiry T, - value XS NOTNULL", + value X NOTNULL", Array('mysql' => 'TYPE=MyISAM', 'pgsql' => 'WITHOUT OIDS'))); $upgrade[] = Array('CreateTableSQL',Array(config_get('mantis_user_pref_table')," @@ -313,7 +313,7 @@ platform C(32) NOTNULL DEFAULT \" '' \", os C(32) NOTNULL DEFAULT \" '' \", os_build C(32) NOTNULL DEFAULT \" '' \", - description XS NOTNULL + description X NOTNULL ",Array('mysql' => 'TYPE=MyISAM', 'pgsql' => 'WITHOUT OIDS'))); $upgrade[] = Array('CreateTableSQL',Array(config_get('mantis_user_table'),"