func SqlDatabasesAdd(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "databases")
if !auth {
return "not_authorized"
}
db_name := util.Query(ctx, "db_name")
if db_name == "" {
return "db_name_required"
}
db, _ := util.MySQL()
defer db.Close()
// stmt, _ := db.Prepare("CREATE USER ?@'%' IDENTIFIED BY ?;")
// _, err := stmt.Exec(hcuser.System_username + "_" + username, password)
db_name = util.LastResortSanitize(db_name)
db_name = string(hcuser.System_username + "_" + db_name)
stmt, err := db.Prepare("create database " + db_name + "")
if err != nil {
return "bad_characters_used "
}
_, err = stmt.Exec()
if err != nil {
return "failed_to_create_database"
}
stmt.Close()
return "success"
}
func SqlGrantsDelete(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "databases")
if !auth {
return "not_authorized"
}
db_name := util.Query(ctx, "db_name")
if db_name == "" {
return "db_name_required"
}
username := util.Query(ctx, "db_user")
if username == "" {
return "username_required"
}
dbowner := strings.Split(db_name, "_")[0]
userowner := strings.Split(username, "_")[0]
if dbowner != hcuser.System_username || userowner != hcuser.System_username {
return "failed_not_yours"
}
db, _ := util.MySQL()
defer db.Close()
db_name = util.LastResortSanitize(db_name)
username = util.LastResortSanitize(username)
_, err := db.Exec("REVOKE ALL ON " + db_name + ".* FROM '" + username + "'@'%';")
if err != nil {
return "failed_to_delete_grant"
}
return "success"
}
func SqlUsersEdit(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "databases")
if !auth {
return "not_authorized"
}
username := util.Query(ctx, "db_user")
password := util.Query(ctx, "password")
owner := strings.Split(username, "_")[0]
if username == "" {
return "db_user_required"
}
if password == "" {
return "password_required"
}
if owner != hcuser.System_username {
return "failed_not_yours"
}
db, _ := util.MySQL()
defer db.Close()
db_user := util.LastResortSanitize(username)
password = util.LastResortSanitize(password)
_, err := db.Exec("SET PASSWORD FOR '" + db_user + "' = PASSWORD('" + password + "');")
if err != nil {
return "bad_characters_used "
}
return "success"
}
func SqlUsersDelete(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "databases")
if !auth {
return "not_authorized"
}
username := util.Query(ctx, "db_user")
if username == "" {
return "username_required"
}
owner := strings.Split(username, "_")[0]
if owner != hcuser.System_username {
return "failed_not_yours"
}
db, _ := util.MySQL()
defer db.Close()
db_user := util.LastResortSanitize(username)
//password = strings.Replace(password, "'", "\\'", -1)
stmt, err := db.Prepare("DROP USER '" + db_user + "'")
if err != nil {
return "bad_characters_used"
}
_, err = stmt.Exec()
if err != nil {
return "failed_to_delete_user"
}
stmt.Close()
return "success"
}