From 377015e0d78cce3bd62af0357fcb951fe506efb4 Mon Sep 17 00:00:00 2001 From: Joe Presbrey Date: Mon, 29 Aug 2005 22:37:56 +0000 Subject: [PATCH] new templates defaults fix security fixes adding databases? git-svn-id: svn://presbrey.mit.edu/sql/mitsql@42 a142d4bd-2cfb-0310-9673-cb33a7e74f58 --- .htaccess | 2 +- contact.php | 2 + defaults.cfg.php | 4 +- global.act.php | 29 ++-- global.done.php | 9 +- lib/dbaccess.lib.php | 19 ++- lib/security.lib.php | 63 +++++++-- login.php | 32 +++-- main.php | 10 ++ mitsql.cfg.php | 16 +-- mitsql.css | 3 + mitsql.sql | 330 +++++++++++++++++++++---------------------- test.php | 30 ++-- tpl/contact.php | 14 ++ tpl/index.php | 26 ++-- tpl/main.php | 10 ++ tpl/menu.php | 6 +- tpl/signup.php | 10 +- 18 files changed, 363 insertions(+), 252 deletions(-) create mode 100755 tpl/contact.php diff --git a/.htaccess b/.htaccess index 16859fb..c7f7094 100644 --- a/.htaccess +++ b/.htaccess @@ -1,5 +1,5 @@ +php_value auto_append_file "global.done.php" #php_value auto_prepend_file "prepend.php" -#php_value auto_append_file "global.done.php" #php_flag xdebug.remote_enable on #php_flag xdebug.remote_autostart on #php_value xdebug.remote_host "localhost" diff --git a/contact.php b/contact.php index 23fc076..c642dee 100644 --- a/contact.php +++ b/contact.php @@ -3,6 +3,8 @@ require_once('mitsql.cfg.php'); require_once('mitsql.lib.php'); +//redirect('main'); + include 'tpl/contact.php'; ?> diff --git a/defaults.cfg.php b/defaults.cfg.php index 3e42eea..ab8bb0f 100644 --- a/defaults.cfg.php +++ b/defaults.cfg.php @@ -2,7 +2,9 @@ $_NEW_DB['nBytes'] = 0; $_NEW_DB['dCreated'] = 'NOW()'; -$_NEW_DB['bEnabled'] = 1; +$_NEW_DB['bEnabled'] = 0; + +$_NEW_DBOWNER = array(); $_NEW_DBQUOTA['nBytesSoft'] = 0; $_NEW_DBQUOTA['nBytesHard'] = 0; diff --git a/global.act.php b/global.act.php index 009d529..a260ad7 100644 --- a/global.act.php +++ b/global.act.php @@ -15,13 +15,12 @@ $err = array(); ## SESSION VARS $timings = array(); -$UserId = 0; -$Username = ''; +$UserId = sess('UserId'); +/*$Username = ''; $Name = ''; $Email = ''; $UL = 0; $Login = sess('Login'); -$LoginSSL = sess('LoginSSL'); if (is_a($Login, 'Login')) { $UserId = $Login->getUserId(); @@ -31,7 +30,8 @@ if (is_a($Login, 'Login')) { $UL = $Login->getUL(); } else { $Login = new Login(''); -} +}*/ +$Login = new Login($UserId); ## PROCESS CERTIFICATE @@ -44,14 +44,19 @@ if (isSSL()) { $SSLName = $SSLCred['Name']; $SSLUsername = $SSLCred['Username']; $SSLEmail = $SSLCred['Email']; -} -if (!is_a($LoginSSL, 'Login')) { + + /*$LoginSSL = sess('LoginSSL'); + if (!is_a($LoginSSL, 'Login')) { $LoginSSL = new Login($SSLUsername); }*/ $LoginSSL = new Login($SSLUsername); -} -if (!isLoggedIn() && !$LoginSSL->exists()) { - if (!empty($SSLName)) - addUser($SSLCred); - $LoginSSL->refresh(); + $LoginSSL->update($SSLCred['Name'],$SSLCred['Email']); + + if (!isLoggedIn() && !$LoginSSL->exists()) { + if (!empty($SSLName)) + addUser($SSLCred); + $LoginSSL->refresh(); + } +} else { + unset($_SESSION['LoginSSL']); } -?> +?> \ No newline at end of file diff --git a/global.done.php b/global.done.php index 51febd8..576e28e 100644 --- a/global.done.php +++ b/global.done.php @@ -3,13 +3,16 @@ require_once('mitsql.cfg.php'); require_once('mitsql.lib.php'); -sess('Login', $Login); -sess('LoginSSL', $LoginSSL); +/* +isset($Login) && sess('Login', $Login); +isset($LoginSSL) && sess('LoginSSL', $LoginSSL); +*/ if (DEBUG) { echo '
';
 	print_r($_SESSION);
 	print_r($timings);
+	isset($User) && print_r($User);
 }
 
-?>
+?>
\ No newline at end of file
diff --git a/lib/dbaccess.lib.php b/lib/dbaccess.lib.php
index 9e759c1..24fd6dc 100644
--- a/lib/dbaccess.lib.php
+++ b/lib/dbaccess.lib.php
@@ -5,7 +5,6 @@ require_once('joe.lib.php');
 function DBMaster($sql) {
 	sessTime($sql);
 	$res = mysql_query($sql);
-	if (mysql_error()) die($sql."
\n".mysql_error());
 	sessTime();
 	return $res;
 }
@@ -17,12 +16,18 @@ function DBSlave($sql) {
 }
 
 function DBSelect($sql) { return DBSlave($sql); }
-function DBInsert($sql) { DBMaster($sql); return mysql_insert_id(); }
-function DBUpdate($sql) { DBMaster($sql); }
-function DBDelete($sql) { DBMaster($sql); }
-function DBGrant($sql) { DBMaster($sql); }
-function DBRevoke($sql) { DBMaster($sql); }
-function DBSet($sql) { DBMaster($sql); }
+function DBInsert($sql) {
+	DBMaster($sql);
+	if (mysql_error()) die($sql."
\n".mysql_error());
+	return mysql_insert_id();
+}
+function DBUpdate($sql) { DBInsert($sql); }
+function DBDelete($sql) { DBInsert($sql); }
+function DBCreate($sql) { DBMaster($sql); }
+function DBDrop($sql) { DBMaster($sql); }
+function DBGrant($sql) { DBInsert($sql); }
+function DBRevoke($sql) { DBInsert($sql); }
+function DBSet($sql) { DBInsert($sql); }
 function DBShow($sql) { return DBSlave($sql); }
 
 function calcDBSize($tdb) {
diff --git a/lib/security.lib.php b/lib/security.lib.php
index fe9bd0b..8cd49db 100644
--- a/lib/security.lib.php
+++ b/lib/security.lib.php
@@ -6,14 +6,15 @@ class Login {
 	var $u, $p;
     var $info;
     function Login($u, $p=null) {
+		if (empty($u)) return;
 		$this->u = $u;
 		$this->p = $p;
-        $opt = is_null($p)?'':sprintf(" AND Password='%s' ", mysql_escape_string(base64_encode($p)));
+		$opt = sprintf(" Username = '%s'", mysql_escape_string($u));
+        $opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p))));
+		is_numeric($u) && $opt = sprintf(" UserId = '%s'", mysql_escape_string($u));
         $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
                         FROM User
-                        WHERE Username = '%s'
-                        $opt",
-                        mysql_escape_string($u));
+                        WHERE %s", $opt);
         $r = fetchRows(DBSelect($sql),'UserId');
         $this->info = count($r)?array_shift($r):$r;
     }
@@ -66,16 +67,15 @@ class Login {
 	if (!empty($upd) && $upd != 'SET')
 		DBUpdate($sql);
 		if (isset($arr['Name']))
-			$this->name = $arr['Name'];
+			$this->info['Name'] = $arr['Name'];
 		if (isset($arr['Email']))
-			$this->email = $arr['Email'];
+			$this->info['Email'] = $arr['Email'];
 	}
 }
 
 class User {
 	var $userId;
 	var $info;
-	var $pass;
 	var $dblist;
     function User($userId) {
 		$this->userId = $userId;
@@ -85,7 +85,8 @@ class User {
                         mysql_escape_string($userId));
         $r = fetchRows(DBSelect($sql),'UserId');
         $this->info = count($r)?array_shift($r):$r;
-		$this->pass = base64_decode($this->info['Password']);
+		$this->dblist = $this->getDBList();
+//		$this->pass = base64_decode($this->info['Password']);
     }
     function exists() {
         return count($this->info);
@@ -101,6 +102,10 @@ class User {
         $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
                         buildSQLSet($arr), mysql_escape_string($this->getUserId()));
         DBUpdate($sql);
+		$sql = sprintf('SET PASSWORD FOR \'%s\'@\'%%\'=PASSWORD(\'%s\')',
+						mysql_escape_string($this->getUsername()),
+						mysql_escape_string($pwd));
+		DBSet($sql);
 	}
 	function signup($pwd) {
 		$this->pass = $pwd;
@@ -141,7 +146,7 @@ class User {
 							mysql_escape_string($verb),
 							mysql_escape_string($name),
 							mysql_escape_string($prep),
-							$this->getUsername,
+							mysql_escape_string($this->getUsername()),
 							'%');
 			DBGrant($sql);
 		}
@@ -150,12 +155,17 @@ class User {
 		$sql = sprintf("SELECT *
 						FROM DBOwner
 						INNER JOIN DB ON DB.DatabaseId = DBOwner.DatabaseId
-						INNER JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
-						WHERE UserId = '%s'",
+						LEFT JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
+						WHERE UserId = '%s' AND DB.bEnabled=1",
 						mysql_escape_string($this->getUserId()));
 		$r = fetchRows(DBSelect($sql),'DatabaseId');
 		return $r;
 	}
+	function addDB($name) {
+		if (!addDB($name, $this->getUserId())) return false;
+		$this->setAccess($name);
+		return true;
+	}
 }
 
 
@@ -231,4 +241,33 @@ function addUser($sslCredentials) {
 	return $UserId;
 }
 
-?>
+function addDB($dbname,$userid) {
+    global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER;
+
+	DBCreate(sprintf('CREATE DATABASE `%s`', mysql_escape_string($dbname)));
+	if (mysql_error()) return false;
+
+	$newdb['Name'] = $dbname;
+    $arr = array_merge($newdb, $_NEW_DB);
+	$arr['bEnabled'] = 1;
+    $sql = sprintf("INSERT INTO DB %s",
+                    buildSQLInsert($arr));
+    $DBId = DBInsert($sql);
+
+	$arr = $_NEW_DBQUOTA;
+	$arr['DatabaseId'] = $DBId;
+    $sql = sprintf("INSERT INTO DBQuota %s",
+                    buildSQLInsert($arr));
+	DBInsert($sql);
+
+	$arr = $_NEW_DBOWNER;
+	$arr['DatabaseId'] = $DBId;
+	$arr['UserId'] = $userid;
+    $sql = sprintf("INSERT INTO DBOwner %s",
+                    buildSQLInsert($arr));
+	DBInsert($sql);
+
+	return $DBId;
+}
+
+?>
\ No newline at end of file
diff --git a/login.php b/login.php
index f11e80e..de6416e 100644
--- a/login.php
+++ b/login.php
@@ -9,23 +9,25 @@ if (isSSL()) {
 	}
 }
 
-if (empty($err) && isPost()) {
-	
+if (isPost() && empty($err)) {
+
 	if (isSSL()) {
-	    $Login = new Login($SSLUsername);
-		$Login->update($SSLCred['Name'],$SSLCred['Email']);
-		sess('Login', $Login);
+		$Login = $LoginSSL;
 	} else {
 		$Login = new Login($i_u, $i_p);
-		if ($Login->exists() && !$Login->isEnabled()) {
-			$err[] = 'Account not active. Did you signup yet?.';
-		} elseif (!$Login->exists()) {
-			$err[] = 'Nonexistant account or invalid password.';
-		} elseif (!$Login->canLogin()) {
-			$err[] = 'That account is no longer valid. Please contact the staff.';
-		} else {
-			sess('Login', $Login);
-		}
+	}
+	
+	if ($Login->exists() && !$Login->isEnabled()) {
+		$err[] = 'Account not active. Did you signup yet?.';
+	} elseif (!$Login->exists()) {
+		$err[] = 'Nonexistant account or invalid password.';
+	} elseif (!$Login->canLogin()) {
+		$err[] = 'That account is no longer valid. Please contact the staff.';
+	}
+
+	if (empty($err)) {
+		sess('UserId', $Login->getUserId());
+		redirect('main');
 	}
 
 }
@@ -34,4 +36,4 @@ isLoggedIn() && redirect('main');
 
 include 'tpl/login.php';
 
-?>
+?>
\ No newline at end of file
diff --git a/main.php b/main.php
index b0bd1da..775fbda 100644
--- a/main.php
+++ b/main.php
@@ -5,6 +5,16 @@ require_once('mitsql.lib.php');
 
 if (!isLoggedIn()) redirect('index');
 
+$User = new User($Login->getUserID());
+
+if (isPost()) {
+	if (isset($i_newdb)) {
+		if ($User->addDB($User->getUsername().DELIMETER.$i_newdb)==false) {
+			$err[] = mysql_error();
+		}
+	}
+}
+
 include 'tpl/main.php';
 
 ?>
diff --git a/mitsql.cfg.php b/mitsql.cfg.php
index 9244b1c..c3b7849 100755
--- a/mitsql.cfg.php
+++ b/mitsql.cfg.php
@@ -5,16 +5,16 @@
 	written for SIPB/MIT SQL service
 */
 
-define('DEBUG', 0);
-define('DEVEL', 0);
-define('VERSION', '0.2-dev');
-
+define('VERSION', '0.3-dev');
 define('DELIMETER', '+');
 
-define('DBHOST', 'sql.mit.edu');
-define('ADMINUSER', 'root');
-define('ADMINPASS', base64_decode('TXlCZWF0c1Bvc3RA'));
-define('ADMINDB', 'mitsql');
+file_exists('server.cfg.php') && require('server.cfg.php');
+defined('DEBUG') || define('DEBUG', 0);
+defined('DEVEL') || define('DEVEL', 0);
+defined('DBHOST') || define('DBHOST', 'sql.mit.edu');
+defined('ADMINUSER') || define('ADMINUSER', 'root');
+defined('ADMINPASS') || define('ADMINPASS', base64_decode('TXlCZWF0c1Bvc3RA'));
+defined('ADMINDB') || define('ADMINDB', 'mitsql');
 
 set_time_limit(0);
 ignore_user_abort(1);
diff --git a/mitsql.css b/mitsql.css
index 37746d3..b19423f 100644
--- a/mitsql.css
+++ b/mitsql.css
@@ -95,3 +95,6 @@ div.err li {
 	font-weight: bold;
 	list-style-type: square;
 }
+pre {
+	font-size: 10px;
+}
\ No newline at end of file
diff --git a/mitsql.sql b/mitsql.sql
index df06c00..2a56522 100644
--- a/mitsql.sql
+++ b/mitsql.sql
@@ -1,165 +1,165 @@
--- MySQL dump 10.9
---
--- Host: localhost    Database: mitsql
--- ------------------------------------------------------
--- Server version	4.1.12-nt
-
-/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
-/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
-/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
-/*!40101 SET NAMES utf8 */;
-/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
-/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
-/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
-/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
-
---
--- Table structure for table `db`
---
-
-DROP TABLE IF EXISTS `db`;
-CREATE TABLE `db` (
-  `DatabaseId` int(10) unsigned NOT NULL auto_increment,
-  `Name` varchar(200) NOT NULL default '',
-  `nBytes` int(10) unsigned NOT NULL default '0',
-  `dLastCheck` datetime NOT NULL default '0000-00-00 00:00:00',
-  `dCreated` datetime NOT NULL default '0000-00-00 00:00:00',
-  `bEnabled` tinyint(3) unsigned NOT NULL default '1',
-  PRIMARY KEY  (`DatabaseId`)
-) ENGINE=MyISAM DEFAULT CHARSET=latin1;
-
---
--- Table structure for table `dbowner`
---
-
-DROP TABLE IF EXISTS `dbowner`;
-CREATE TABLE `dbowner` (
-  `DatabaseId` int(10) unsigned NOT NULL default '0',
-  `UserId` int(10) unsigned NOT NULL default '0',
-  `GroupId` int(10) unsigned NOT NULL default '0',
-  KEY `DatabaseId` (`DatabaseId`),
-  KEY `UserId` (`UserId`),
-  KEY `GroupId` (`GroupId`)
-) ENGINE=MyISAM DEFAULT CHARSET=latin1;
-
---
--- Table structure for table `dbquota`
---
-
-DROP TABLE IF EXISTS `dbquota`;
-CREATE TABLE `dbquota` (
-  `DatabaseId` int(10) unsigned NOT NULL default '0',
-  `nBytesSoft` int(10) unsigned NOT NULL default '0',
-  `nBytesHard` int(10) unsigned NOT NULL default '0',
-  `dCreated` datetime NOT NULL default '0000-00-00 00:00:00',
-  PRIMARY KEY  (`DatabaseId`)
-) ENGINE=MyISAM DEFAULT CHARSET=latin1;
-
---
--- Table structure for table `group`
---
-
-DROP TABLE IF EXISTS `group`;
-CREATE TABLE `group` (
-  `GroupId` int(10) unsigned NOT NULL auto_increment,
-  `Username` varchar(200) NOT NULL default '',
-  `Password` varchar(200) NOT NULL default '',
-  `Name` text NOT NULL,
-  `Email` text NOT NULL,
-  `dCreated` datetime NOT NULL default '0000-00-00 00:00:00',
-  `bEnabled` tinyint(3) unsigned NOT NULL default '1',
-  PRIMARY KEY  (`GroupId`)
-) ENGINE=MyISAM DEFAULT CHARSET=latin1;
-
---
--- Table structure for table `groupquota`
---
-
-DROP TABLE IF EXISTS `groupquota`;
-CREATE TABLE `groupquota` (
-  `GroupId` int(10) unsigned NOT NULL default '0',
-  `nDatabases` int(10) unsigned NOT NULL default '0',
-  `nBytesSoft` int(10) unsigned NOT NULL default '0',
-  `nBytesHard` int(10) unsigned NOT NULL default '0',
-  `dCreated` datetime NOT NULL default '0000-00-00 00:00:00',
-  PRIMARY KEY  (`GroupId`)
-) ENGINE=MyISAM DEFAULT CHARSET=latin1;
-
---
--- Table structure for table `groupstat`
---
-
-DROP TABLE IF EXISTS `groupstat`;
-CREATE TABLE `groupstat` (
-  `GroupId` int(10) unsigned NOT NULL default '0',
-  `nDatabases` int(10) unsigned NOT NULL default '0',
-  `nBytes` int(10) unsigned NOT NULL default '0',
-  `dLastCheck` datetime NOT NULL default '0000-00-00 00:00:00',
-  PRIMARY KEY  (`GroupId`)
-) ENGINE=MyISAM DEFAULT CHARSET=latin1;
-
---
--- Table structure for table `user`
---
-
-DROP TABLE IF EXISTS `user`;
-CREATE TABLE `user` (
-  `UserId` int(10) unsigned NOT NULL auto_increment,
-  `Username` varchar(200) NOT NULL default '',
-  `Password` varchar(200) NOT NULL default '',
-  `Name` text NOT NULL,
-  `Email` text NOT NULL,
-  `UL` tinyint(3) unsigned NOT NULL default '1',
-  `dCreated` datetime NOT NULL default '0000-00-00 00:00:00',
-  `dSignup` datetime NOT NULL default '0000-00-00 00:00:00',
-  `bEnabled` tinyint(3) unsigned NOT NULL default '0',
-  PRIMARY KEY  (`UserId`)
-) ENGINE=MyISAM DEFAULT CHARSET=latin1;
-
---
--- Table structure for table `usergroup`
---
-
-DROP TABLE IF EXISTS `usergroup`;
-CREATE TABLE `usergroup` (
-  `UserId` int(10) unsigned NOT NULL default '0',
-  `GroupId` int(10) unsigned NOT NULL default '0',
-  KEY `UserId` (`UserId`),
-  KEY `GroupId` (`GroupId`)
-) ENGINE=MyISAM DEFAULT CHARSET=latin1;
-
---
--- Table structure for table `userquota`
---
-
-DROP TABLE IF EXISTS `userquota`;
-CREATE TABLE `userquota` (
-  `UserId` int(10) unsigned NOT NULL default '0',
-  `nDatabases` int(10) unsigned NOT NULL default '0',
-  `nBytesSoft` int(10) unsigned NOT NULL default '0',
-  `nBytesHard` int(10) unsigned NOT NULL default '0',
-  `dCreated` datetime NOT NULL default '0000-00-00 00:00:00',
-  PRIMARY KEY  (`UserId`)
-) ENGINE=MyISAM DEFAULT CHARSET=latin1;
-
---
--- Table structure for table `userstat`
---
-
-DROP TABLE IF EXISTS `userstat`;
-CREATE TABLE `userstat` (
-  `UserId` int(10) unsigned NOT NULL default '0',
-  `nDatabases` int(10) unsigned NOT NULL default '0',
-  `nBytes` int(10) unsigned NOT NULL default '0',
-  `dLastCheck` datetime NOT NULL default '0000-00-00 00:00:00',
-  PRIMARY KEY  (`UserId`)
-) ENGINE=MyISAM DEFAULT CHARSET=latin1;
-
-/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
-/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
-/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
-/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
-/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
-/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
-/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-
+-- MySQL dump 10.9
+--
+-- Host: localhost    Database: mitsql
+-- ------------------------------------------------------
+-- Server version	4.1.12-nt
+
+/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
+/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
+/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
+/*!40101 SET NAMES utf8 */;
+/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
+/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
+/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
+/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
+
+--
+-- Table structure for table `DB`
+--
+
+DROP TABLE IF EXISTS `DB`;
+CREATE TABLE `DB` (
+  `DatabaseId` int(10) unsigned NOT NULL auto_increment,
+  `Name` varchar(200) NOT NULL default '',
+  `nBytes` int(10) unsigned NOT NULL default '0',
+  `dLastCheck` datetime NOT NULL default '0000-00-00 00:00:00',
+  `dCreated` datetime NOT NULL default '0000-00-00 00:00:00',
+  `bEnabled` tinyint(3) unsigned NOT NULL default '1',
+  PRIMARY KEY  (`DatabaseId`)
+) ENGINE=MyISAM DEFAULT CHARSET=latin1;
+
+--
+-- Table structure for table `DBOwner`
+--
+
+DROP TABLE IF EXISTS `DBOwner`;
+CREATE TABLE `DBOwner` (
+  `DatabaseId` int(10) unsigned NOT NULL default '0',
+  `UserId` int(10) unsigned NOT NULL default '0',
+  `GroupId` int(10) unsigned NOT NULL default '0',
+  KEY `DatabaseId` (`DatabaseId`),
+  KEY `UserId` (`UserId`),
+  KEY `GroupId` (`GroupId`)
+) ENGINE=MyISAM DEFAULT CHARSET=latin1;
+
+--
+-- Table structure for table `DBQuota`
+--
+
+DROP TABLE IF EXISTS `DBQuota`;
+CREATE TABLE `DBQuota` (
+  `DatabaseId` int(10) unsigned NOT NULL default '0',
+  `nBytesSoft` int(10) unsigned NOT NULL default '0',
+  `nBytesHard` int(10) unsigned NOT NULL default '0',
+  `dCreated` datetime NOT NULL default '0000-00-00 00:00:00',
+  PRIMARY KEY  (`DatabaseId`)
+) ENGINE=MyISAM DEFAULT CHARSET=latin1;
+
+--
+-- Table structure for table `Group`
+--
+
+DROP TABLE IF EXISTS `Group`;
+CREATE TABLE `Group` (
+  `GroupId` int(10) unsigned NOT NULL auto_increment,
+  `Username` varchar(200) NOT NULL default '',
+  `Password` varchar(200) NOT NULL default '',
+  `Name` text NOT NULL,
+  `Email` text NOT NULL,
+  `dCreated` datetime NOT NULL default '0000-00-00 00:00:00',
+  `bEnabled` tinyint(3) unsigned NOT NULL default '1',
+  PRIMARY KEY  (`GroupId`)
+) ENGINE=MyISAM DEFAULT CHARSET=latin1;
+
+--
+-- Table structure for table `GroupQuota`
+--
+
+DROP TABLE IF EXISTS `GroupQuota`;
+CREATE TABLE `GroupQuota` (
+  `GroupId` int(10) unsigned NOT NULL default '0',
+  `nDatabases` int(10) unsigned NOT NULL default '0',
+  `nBytesSoft` int(10) unsigned NOT NULL default '0',
+  `nBytesHard` int(10) unsigned NOT NULL default '0',
+  `dCreated` datetime NOT NULL default '0000-00-00 00:00:00',
+  PRIMARY KEY  (`GroupId`)
+) ENGINE=MyISAM DEFAULT CHARSET=latin1;
+
+--
+-- Table structure for table `GroupStat`
+--
+
+DROP TABLE IF EXISTS `GroupStat`;
+CREATE TABLE `GroupStat` (
+  `GroupId` int(10) unsigned NOT NULL default '0',
+  `nDatabases` int(10) unsigned NOT NULL default '0',
+  `nBytes` int(10) unsigned NOT NULL default '0',
+  `dLastCheck` datetime NOT NULL default '0000-00-00 00:00:00',
+  PRIMARY KEY  (`GroupId`)
+) ENGINE=MyISAM DEFAULT CHARSET=latin1;
+
+--
+-- Table structure for table `User`
+--
+
+DROP TABLE IF EXISTS `User`;
+CREATE TABLE `User` (
+  `UserId` int(10) unsigned NOT NULL auto_increment,
+  `Username` varchar(200) NOT NULL default '',
+  `Password` varchar(200) NOT NULL default '',
+  `Name` text NOT NULL,
+  `Email` text NOT NULL,
+  `UL` tinyint(3) unsigned NOT NULL default '1',
+  `dCreated` datetime NOT NULL default '0000-00-00 00:00:00',
+  `dSignup` datetime NOT NULL default '0000-00-00 00:00:00',
+  `bEnabled` tinyint(3) unsigned NOT NULL default '0',
+  PRIMARY KEY  (`UserId`)
+) ENGINE=MyISAM DEFAULT CHARSET=latin1;
+
+--
+-- Table structure for table `UserGroup`
+--
+
+DROP TABLE IF EXISTS `UserGroup`;
+CREATE TABLE `UserGroup` (
+  `UserId` int(10) unsigned NOT NULL default '0',
+  `GroupId` int(10) unsigned NOT NULL default '0',
+  KEY `UserId` (`UserId`),
+  KEY `GroupId` (`GroupId`)
+) ENGINE=MyISAM DEFAULT CHARSET=latin1;
+
+--
+-- Table structure for table `UserQuota`
+--
+
+DROP TABLE IF EXISTS `UserQuota`;
+CREATE TABLE `UserQuota` (
+  `UserId` int(10) unsigned NOT NULL default '0',
+  `nDatabases` int(10) unsigned NOT NULL default '0',
+  `nBytesSoft` int(10) unsigned NOT NULL default '0',
+  `nBytesHard` int(10) unsigned NOT NULL default '0',
+  `dCreated` datetime NOT NULL default '0000-00-00 00:00:00',
+  PRIMARY KEY  (`UserId`)
+) ENGINE=MyISAM DEFAULT CHARSET=latin1;
+
+--
+-- Table structure for table `UserStat`
+--
+
+DROP TABLE IF EXISTS `UserStat`;
+CREATE TABLE `UserStat` (
+  `UserId` int(10) unsigned NOT NULL default '0',
+  `nDatabases` int(10) unsigned NOT NULL default '0',
+  `nBytes` int(10) unsigned NOT NULL default '0',
+  `dLastCheck` datetime NOT NULL default '0000-00-00 00:00:00',
+  PRIMARY KEY  (`UserId`)
+) ENGINE=MyISAM DEFAULT CHARSET=latin1;
+
+/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
+/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
+/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
+/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
+/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
+/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
+/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
+
diff --git a/test.php b/test.php
index bbea2a4..41b9f31 100755
--- a/test.php
+++ b/test.php
@@ -3,18 +3,22 @@
 require_once('mitsql.cfg.php');
 require_once('mitsql.lib.php');
 
-/*
-include 'phpinfo.php';
-exit;
-*/
-
-$thisPath=pathinfo($_SERVER['SCRIPT_NAME']);
+function getManagedDBs($owner=null) {
+	$databases = array_keys(fetchRows(DBSelect('SHOW DATABASES'),'Database'));
+	$owners = array();
+	foreach($databases as $database) {
+		if (stristr($database, DELIMETER)) {
+			$exp = explode(DELIMETER, $database);
+			$thisowner = array_shift($exp);
+			if (!is_null($owner) && $thisowner!=$owner) { continue; }
+			isset($owners[$thisowner]) || $owners[$thisowner] = array();
+			$owners[$thisowner][] = $database;
+		}
+	}
+	return $owners;
+}
 
-session_set_cookie_params(0, $thisPath['dirname']);
-@session_start();
+$g = getManagedDBs();
+print_r($g);
 
-if (isSess('i')) {
-    sess('i', sess('i')+1);
-} else {
-    echo sess('i', 1);
-}
+?>
\ No newline at end of file
diff --git a/tpl/contact.php b/tpl/contact.php
new file mode 100755
index 0000000..7e7d1d4
--- /dev/null
+++ b/tpl/contact.php
@@ -0,0 +1,14 @@
+
+
+
Contact

+
+
+
+Please direct inquiries to:
+sql at mit.edu
+
+
diff --git a/tpl/index.php b/tpl/index.php
index 85b8d4d..22a3aa7 100644
--- a/tpl/index.php
+++ b/tpl/index.php
@@ -1,27 +1,28 @@
 
-
+/*
 Important Notice:
 This is a beta service and is not yet ready for use in data intensive applications.
 
 

 
 

-
+*/
+?>
 
About

 
 

 This service provides MySQL databases to Athena account holders.
-You must choose a MySQL password (independent of your Athena account) when you Signup and then use this interface to create and drop your MySQL databases.
+You must choose a MySQL password (independent of your Athena account) when you Signup and then use this interface to create and drop databases.
 All subsequent SQL commands can be issued from any host, client, and/or script of your choosing.
 

 
 
Backups

 
 

-As you work with your SQL data, it is automatically saved on an additional secondary SQL server for restoration in the event of a single server failure.
-We strongly recommend you keep your own backups for your own independent use in all other cases.
-Although we continually put forth our best efforts, we can make no guarantees on the reliability of the service and access to the data.

+We strongly recommend you keep backups of your SQL schema and data.
+As you work with your SQL data, it is automatically saved on an additional secondary SQL server for restoration in the event of a server failure.
+Although we continually put forth our best efforts, we can make no guarantees on the reliability of the service and access to the data.
+

 
 
Quotas

 
@@ -35,16 +36,25 @@ This service is not designed to store gratuitous amounts of information in the B
 Users should instead store these types of data in AFS and use SQL tables only to catalogue it.
 

 
+

+Always use this interface to create and drop databases.
+Although you can drop any of your databases outside this interface, doing so will not relinquish your rights to that database and will therefore still count against your quota.
+

+
 
Disclaimer

 
 

 We reserve the right to suspend or terminate your MySQL account at any time and for any or no reason.
 

 
+

+We perform no query logging, schema or data backups, or any other backups otherwise generally available. You are solely responsible for performing backups of your data.
+

+
 

 We maintain general usage statistics of this service by the MIT community at large.
 

 
 
+?>
\ No newline at end of file
diff --git a/tpl/main.php b/tpl/main.php
index 2f75713..cbf4250 100644
--- a/tpl/main.php
+++ b/tpl/main.php
@@ -5,13 +5,23 @@ include 'head.php';
 ?>
 
Databases

 
+
+
+
 

 Thanks for signing up.  This interface is nearly ready.  We will e-mail you as soon as this portion of the site is ready.
 

 

 - The MIT SQL Team
 

+
+
+

+
 
+

+

 
+
 Main |
 Logout
  
-Logged in as  on 
+Logged in as getUsername()?> on 
 
 

-Signup | Login via SQL or SSL
+Home |
+Signup |
+Login via SQL or SSL
 
 
 
 
diff --git a/tpl/signup.php b/tpl/signup.php
index 5be6e87..5fa7f9f 100644
--- a/tpl/signup.php
+++ b/tpl/signup.php
@@ -9,13 +9,13 @@ $thisTxt = isSSL()?' with this Certificate':' via SQL';
 
 
 canSignup()): ?>
-
You are registering as: 

-

-

+
You are registering as: getUsername()?>

+
getName()?>

+
getEmail()?>

 
 

-
password: 

-
confirm: 

+
 

+
 

 
 

 
-- 
2.45.1