From 88b7d384233943951e362f954948402eacd81736 Mon Sep 17 00:00:00 2001
From: Joe Presbrey <presbrey@mit.edu>
Date: Fri, 9 Sep 2005 02:00:26 +0000
Subject: [PATCH] old admin stuff deleted bar graphs added message output fixed
 admin impersonate

git-svn-id: svn://presbrey.mit.edu/sql/mitsql@47 a142d4bd-2cfb-0310-9673-cb33a7e74f58
---
 .htaccess            |  8 +++--
 admin/index.php      | 41 ------------------------
 defaults.cfg.php     |  2 +-
 global.act.php       | 21 ++-----------
 global.done.php      |  2 +-
 lib/dbaccess.lib.php |  1 +
 lib/display.lib.php  | 24 ++++++++++++++
 lib/joe.lib.php      |  7 +++--
 lib/security.lib.php | 74 +++++++++++++++++++++++++++++++++++++-------
 main.php             |  1 +
 mitsql.css           | 24 ++++++++++++--
 php.ini              |  3 +-
 signup.php           | 18 ++++++++---
 test.php             | 13 ++++++--
 tpl/main.php         | 27 +++++++++++++---
 tpl/menu.php         |  8 ++++-
 16 files changed, 179 insertions(+), 95 deletions(-)
 delete mode 100755 admin/index.php

diff --git a/.htaccess b/.htaccess
index 3263492..a438060 100644
--- a/.htaccess
+++ b/.htaccess
@@ -6,7 +6,9 @@
 #php_value xdebug.remote_port "9000"
 
 RewriteEngine On
-RewriteBase /~presbrey/mitsql/
+RewriteBase /~sql/dev/
+#RewriteBase http://sql.mit.edu/
+#RewriteBase /
 
 #RewriteOptions MaxRedirects=1
 
@@ -52,7 +54,7 @@ RewriteBase /~presbrey/mitsql/
 
 ## REVISION 4
 
-RewriteCond %{REQUEST_URI} ^.*/mitsql/do/(.+)$
+RewriteCond %{REQUEST_URI} ^.*/do/(.+)$
 RewriteRule ^do/(.+)$ $1.php [QSA]
 
 RewriteCond %{REQUEST_FILENAME} !-f
@@ -62,7 +64,7 @@ RewriteRule .* do/index [R,L,QSA]
 #RewriteCond %{THE_REQUEST} ^(GET|HEAD)\ /.+\.php\ HTTP
 #RewriteRule .* do/index [R,L,QSA]
 
-RewriteCond %{THE_REQUEST} !^(GET|POST)\ /.+mitsql/do/.+\ HTTP
+RewriteCond %{THE_REQUEST} !^(GET|POST)\ /.+do/.+\ HTTP
 RewriteCond %{REQUEST_FILENAME} !\.html$
 RewriteCond %{REQUEST_FILENAME} !\.css$
 RewriteCond %{REQUEST_FILENAME} !\.jpg$
diff --git a/admin/index.php b/admin/index.php
deleted file mode 100755
index 7af9251..0000000
--- a/admin/index.php
+++ /dev/null
@@ -1,41 +0,0 @@
-<?php
-
-ini_set('display_errors', 1);
-ignore_user_abort(1);
-error_reporting(E_ALL);
-set_time_limit(0);
-session_start();
-if (isset($_GET['reset'])) { session_destroy(); session_start(); }
-require_once('../mitsql.lib.php');
-
-$dba = new DBAdmin();
-
-$inputvars = array('initpw', 'op', 'name', 'owner');
-foreach($inputvars as $i) {
-	$newvar = 'i_'.$i;
-	$$newvar = isset($_GET[$i]) ? $_GET[$i] : null;
-}
-if (isset($i_op)) {
-	switch($i_op) {
-		case 'admin':
-			if (isset($i_owner)) {
-				if (!isset($_SESSION['realuser'])) {
-					$_SESSION['realuser'] = $_SESSION['owner'];
-				}
-				$_SESSION['owner'] = $i_owner;
-				redirectLocal('/../');
-			}
-			redirectLocal('/admin/');
-	}
-}
-
-include('../style.inc');
-
-$dblist = $dba->fullDBList();
-ksort($dblist);
-
-echo '<table>';
-$dba->printDBs($dblist);
-echo '</table>';
-
-?>
\ No newline at end of file
diff --git a/defaults.cfg.php b/defaults.cfg.php
index ab8bb0f..df1ab09 100644
--- a/defaults.cfg.php
+++ b/defaults.cfg.php
@@ -15,7 +15,7 @@ $_NEW_USER['UL'] = 1;
 $_NEW_USER['dCreated'] = 'NOW()';
 $_NEW_USER['bEnabled'] = 0;
 
-$_NEW_USERQUOTA['nDatabases'] = 5;
+$_NEW_USERQUOTA['nDatabasesHard'] = 5;
 $_NEW_USERQUOTA['nBytesSoft'] = 26214400;
 $_NEW_USERQUOTA['nBytesHard'] = 26214400;
 $_NEW_USERQUOTA['dCreated'] = 'NOW()';
diff --git a/global.act.php b/global.act.php
index a260ad7..8fe4a4c 100644
--- a/global.act.php
+++ b/global.act.php
@@ -10,27 +10,12 @@ if (isset($i_ssl)) {
 }
 if (isset($i_reset)) { session_destroy(); session_start(); redirect(newQS('reset')); }
 
-$err = array();
+$msg = $err = array();
 
 ## SESSION VARS
 
 $timings = array();
 $UserId = sess('UserId');
-/*$Username = '';
-$Name = '';
-$Email = '';
-$UL = 0;
-$Login = sess('Login');
-
-if (is_a($Login, 'Login')) {
-    $UserId = $Login->getUserId();
-	$Username = $Login->getUsername();
-	$Name = $Login->getName();
-	$Email = $Login->getEmail();
-	$UL = $Login->getUL();
-} else {
-	$Login = new Login('');
-}*/
 $Login = new Login($UserId);
 
 ## PROCESS CERTIFICATE
@@ -40,7 +25,7 @@ $SSLName = '';
 $SSLEmail = '';
 $SSLUsername = '';
 
-if (isSSL()) {
+if (isSSL() || !isLoggedIn()) {
 	$SSLName = $SSLCred['Name'];
 	$SSLUsername = $SSLCred['Username'];
 	$SSLEmail = $SSLCred['Email'];
@@ -59,4 +44,4 @@ if (isSSL()) {
 	unset($_SESSION['LoginSSL']);
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/global.done.php b/global.done.php
index 576e28e..18d11a4 100644
--- a/global.done.php
+++ b/global.done.php
@@ -15,4 +15,4 @@ if (DEBUG) {
 	isset($User) && print_r($User);
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/lib/dbaccess.lib.php b/lib/dbaccess.lib.php
index 24fd6dc..bcbc894 100644
--- a/lib/dbaccess.lib.php
+++ b/lib/dbaccess.lib.php
@@ -12,6 +12,7 @@ function DBSlave($sql) {
 	sessTime($sql);
 	$res = mysql_query($sql);
 	sessTime();
+	if (mysql_error()) die($sql."<br />\n".mysql_error());
 	return $res;
 }
 
diff --git a/lib/display.lib.php b/lib/display.lib.php
index b1d6d2d..ecb4e49 100644
--- a/lib/display.lib.php
+++ b/lib/display.lib.php
@@ -20,4 +20,28 @@ function sprintTS($timestamp) {
 		':'.substr($timestamp,12,2);
 }
 
+function printBar($percent, $txt1 = '', $txt2 = '') {
+	$color1 = 'black';
+	$color2 = 'white';
+	$color3 = 'white';
+	$color4 = 'black';
+	if ($percent>1) {
+		$percent = $percent/100;
+	} /*
+	} elseif (!is_integer($percent) && $percent<2) {
+		$percent = $percent*100;
+	} elseif ($percent == 1) {
+		$percent = 100;
+	} */
+	$per1 = $per2 = ceil($percent*100);
+	$per2 = 100 - $per2;
+	$per1 .= "%";
+	$per2 .= "%";
+	return '<table cellpadding=0 cellspacing=0 width="100%" class="bargraph">
+				<tr>
+				<td class="bar" align="left" width="'.$per1.'"><div style="position: relative;"><div style="left: 0; display: inline; position: absolute;">&nbsp;'.$txt1.'&nbsp;</div>&nbsp;</div></td>
+				<td class="fill" width="'.$per2.'"><div style="position: relative;">&nbsp;<div style="right: 0; display: inline; position: absolute;">'.$txt2.'&nbsp;<em>'.$per1.'</em></div></div></td>
+				</tr></table>';
+}
+
 ?>
diff --git a/lib/joe.lib.php b/lib/joe.lib.php
index 55afc81..04c4dc1 100755
--- a/lib/joe.lib.php
+++ b/lib/joe.lib.php
@@ -105,9 +105,12 @@ function fetchRows($rs, $key = null) {
     }
 }
 
-function printErrors($errArray) {
+function printErrors($err) { printList('err', $err); }
+function printMsgs($err) { printList('msg', $err); }
+
+function printList($class,$errArray) {
     if (isset($errArray) && count($errArray)) {
-        echo '<div class="err"><ul>';
+        echo '<div class="',$class,'"><ul>';
         foreach($errArray as $err) {
             echo '<li><p>',$err,'</p></li>';
         }
diff --git a/lib/security.lib.php b/lib/security.lib.php
index 8cd49db..c898f76 100644
--- a/lib/security.lib.php
+++ b/lib/security.lib.php
@@ -79,15 +79,31 @@ class User {
 	var $dblist;
     function User($userId) {
 		$this->userId = $userId;
-        $sql = sprintf("SELECT UserId, Username, Password, Name, Email, UL, bEnabled
+        $sql = sprintf("SELECT User.UserId, Username, Password, Name, Email, UL, bEnabled, nBytesSoft, nBytesHard, nBytes, nDatabases, nDatabasesHard
                         FROM User
-                        WHERE UserId = '%s'",
+						NATURAL JOIN UserQuota
+						NATURAL JOIN UserStat
+                        WHERE User.UserId = '%s'",
                         mysql_escape_string($userId));
         $r = fetchRows(DBSelect($sql),'UserId');
         $this->info = count($r)?array_shift($r):$r;
 		$this->dblist = $this->getDBList();
 //		$this->pass = base64_decode($this->info['Password']);
     }
+	function refresh() {
+		unset($this->dblist);
+		$this->User($this->userId);
+		/*
+        $sql = sprintf("SELECT UserId, Username, Password, Name, Email, UL, bEnabled
+                        FROM User
+                        WHERE UserId = '%s'",
+                        mysql_escape_string($this->userId));
+        $r = fetchRows(DBSelect($sql),'UserId');
+        $this->info = count($r)?array_shift($r):$r;
+		unset($this->dblist);
+		$this->getDBList();
+		*/
+	}
     function exists() {
         return count($this->info);
     }
@@ -96,6 +112,14 @@ class User {
     }
     function getUsername() {
         return $this->exists()?$this->info['Username']:'';
+    }
+    function getBytes() {
+        if($this->exists()) {
+			$arr['nBytes'] = $this->info['nBytes'];
+			$arr['nBytesSoft'] = $this->info['nBytesSoft'];
+			$arr['nBytesHard'] = $this->info['nBytesHard'];
+			return $arr;
+		}
     }
 	function setPassword($pwd) {
 		$arr['Password'] = base64_encode($pwd);
@@ -135,8 +159,7 @@ class User {
 		$verb = $yes?'GRANT':'REVOKE';
 		$prep = $yes?'TO':'FROM';
 		if (is_null($db)) {
-			$this->dblist = $this->getDBList();
-			$dbs = $this->dblist;
+			$dbs = $this->getDBList();
 		} else {
 			$dbs[] = array('Name'=>$db);
 		}
@@ -152,14 +175,20 @@ class User {
 		}
 	}
 	function getDBList() {
-		$sql = sprintf("SELECT *
+		if (isset($this->dblist)) {
+			return $this->dblist;
+		} else {
+			//			LEFT JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
+			$sql = sprintf("SELECT *
 						FROM DBOwner
-						INNER JOIN DB ON DB.DatabaseId = DBOwner.DatabaseId
-						LEFT JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
-						WHERE UserId = '%s' AND DB.bEnabled=1",
+						NATURAL JOIN DB
+						NATURAL JOIN DBQuota
+						WHERE DBOwner.UserId = '%s' AND DB.bEnabled=1",
 						mysql_escape_string($this->getUserId()));
-		$r = fetchRows(DBSelect($sql),'DatabaseId');
-		return $r;
+//			$r = fetchRows(DBSelect($sql),'DatabaseId');
+			$r = fetchRows(DBSelect($sql),'Name');
+			return $r;
+		}
 	}
 	function addDB($name) {
 		if (!addDB($name, $this->getUserId())) return false;
@@ -177,6 +206,29 @@ function isLoggedIn($aLogin=null) {
     return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->canLogin();
 }
 
+function isImpersonating() {
+	return isSess('_UserId') && isSess('UserId');
+}
+
+function impersonate($userId=null) {
+	$wasImpersonating = isImpersonating();
+	if ($wasImpersonating) {
+		if (is_null($userId)) {
+			sess('UserId',sess('_UserId'));
+		} elseif ($userId>0) {
+			sess('UserId',$userId);
+		} else {
+			return false;
+		}
+	} elseif (isLoggedIn()) {
+		sess('_UserId',sess('UserId'));
+		sess('UserId',$userId);
+		return true;
+	} else {
+		return false;
+	}
+}
+
 function isSSL() {
 	return $_SERVER['SERVER_PORT'] == 443;
 }
@@ -270,4 +322,4 @@ function addDB($dbname,$userid) {
 	return $DBId;
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/main.php b/main.php
index 0e919c3..d59a921 100644
--- a/main.php
+++ b/main.php
@@ -13,6 +13,7 @@ if (isPost()) {
 		if ($User->addDB($dbname)==false) {
 			$err[] = mysql_error();
 		} else {
+			$User->refresh();
 			$msg[] = 'Database `'.$dbname.'` created.';
 		}
 	}
diff --git a/mitsql.css b/mitsql.css
index b19423f..8235060 100644
--- a/mitsql.css
+++ b/mitsql.css
@@ -8,8 +8,6 @@ body {
 	width: 640px;
 	margin-left: auto;
 	margin-right: auto;
-}
-#body {
 	padding: 5px 2px 2px 2px;
 }
 #content0 {
@@ -84,6 +82,16 @@ td p {
 	padding-left: 10px;
 	border-left: 1px solid black;
 }
+div.msg {
+	margin: 0px 20px 20px 20px;
+	background-color: #ccc;
+	border: 1px solid black;
+}
+div.msg {
+	font-variant: small-caps;
+	font-weight: bold;
+	list-style-type: square;
+}
 div.err {
 	margin: 0px 20px 20px 20px;
 	background-color: #ccc;
@@ -97,4 +105,14 @@ div.err li {
 }
 pre {
 	font-size: 10px;
-}
\ No newline at end of file
+}
+table.bargraph {
+	border: 1px solid #ccc;
+}
+table.bargraph td.bar {
+	height: 18px;
+	background-color: #888;
+}
+table.bargraph td.fill {
+	background-color: #bbb;
+}
diff --git a/php.ini b/php.ini
index 2de09ec..549f5a6 100755
--- a/php.ini
+++ b/php.ini
@@ -1,4 +1,3 @@
-display_errors = 0;
+display_errors = 0
 extension = mysql.so
 auto_append_file = "global.done.php"
-session.save_path = "/mit/presbrey/web_tmp"
diff --git a/signup.php b/signup.php
index fa93c8b..27d80d5 100644
--- a/signup.php
+++ b/signup.php
@@ -16,11 +16,19 @@ if (isLoggedIn()) {
 		$err[] = 'Please install a valid certificate.';
 	} else {
 		if (isPost() && $LoginSSL->canSignup()) {
-			$u = new User($LoginSSL->getUserId());
-			$u->signup($i_p1);
-			$LoginSSL->refresh();
-			sess('Login', $LoginSSL);
-			redirect('login', true);
+			if (empty($i_p1)) {
+				$err[] = 'Your password may not be blank.';
+			} elseif ($i_p1 != $i_p2) {
+				$err[] = 'Your confirmation password does not match.';
+			} else {
+				$u = new User($LoginSSL->getUserId());
+				$u->signup($i_p1);
+				$LoginSSL->refresh();
+				sess('Login', $LoginSSL);
+				redirect('login', true);
+			}
+		} elseif (isPost()) {
+			$err[] = 'You may not signup.';
 		}
 	}
 }
diff --git a/test.php b/test.php
index 41b9f31..a633147 100755
--- a/test.php
+++ b/test.php
@@ -3,8 +3,11 @@
 require_once('mitsql.cfg.php');
 require_once('mitsql.lib.php');
 
+include 'tpl/head.php';
+
 function getManagedDBs($owner=null) {
-	$databases = array_keys(fetchRows(DBSelect('SHOW DATABASES'),'Database'));
+//	$databases = array_keys(fetchRows(DBSelect('SHOW DATABASES'),'Database'));
+	$databases = array_keys(fetchRows(DBSelect('SELECT Name FROM DB'),'Name'));
 	$owners = array();
 	foreach($databases as $database) {
 		if (stristr($database, DELIMETER)) {
@@ -18,7 +21,13 @@ function getManagedDBs($owner=null) {
 	return $owners;
 }
 
+/*
 $g = getManagedDBs();
 print_r($g);
+*/
+
+$User = new User($Login->getUserId());
+print_r($User->getDBList());
 
-?>
\ No newline at end of file
+include 'tpl/foot.php';
+?>
diff --git a/tpl/main.php b/tpl/main.php
index 63972b1..f223960 100644
--- a/tpl/main.php
+++ b/tpl/main.php
@@ -6,6 +6,7 @@ include 'head.php';
 <h2>Databases</h2>
 
 <?php printErrors($err); ?>
+<?php printMsgs($msg); ?>
 
 <? if (!DEVEL && 0) { ?>
 <p>
@@ -16,15 +17,31 @@ Thanks for signing up.  This interface is nearly ready.  We will e-mail you as s
 </p>
 <? } else { ?>
 
-<ul>
+<table width="100%">
+<form>
 <?php
+	$bytes = $User->getBytes();
+	$usage = $bytes['nBytes'];
+	$total = $bytes['nBytesHard'];
 	foreach($myDBs as $db) {
-		
-		echo '<li>',$db['Name'],'</li>';
-
+		echo '<tr><td width="100%">';
+		$usage += $db['nBytes'];
+		if ($total>0)
+			$percentage = $db['nBytes']/$total;
+		else $percentage = 0;
+		echo printBar($percentage, $db['Name'], sprintSize($db['nBytes']));
+		echo '</td><td>';
+		echo '<input type="submit" name="drop[',$db['Name'],']" value="drop">';
+		echo '</td></tr>';
 	}
+	if ($total>0)
+		$percentage = $usage/$total;
+	else
+		$percentage = 0;
+	echo printBar($percentage, '<b>TOTAL</b>', sprintSize($usage).' / '.sprintSize($total));
 ?>
-</ul>
+</form>
+</table>
 
 <form method="post">
 <p><span style="width: 150px;"><label for="p1">new database:</label></span> <input type="text" name="newdb">
diff --git a/tpl/menu.php b/tpl/menu.php
index 5e3bd81..49f4cbb 100644
--- a/tpl/menu.php
+++ b/tpl/menu.php
@@ -4,7 +4,13 @@
 <a href="main">Main</a> |
 <a href="logout">Logout</a>
 </div>&nbsp;
-Logged in as <em><?=$User->getUsername()?></em> on <?=DBHOST?>
+<?php
+	$loggedInText = $Login->getUsername();
+	if (isImpersonating()) {
+		$loggedInText = '<a href="admin?impersonate">'.$loggedInText.'</a>';
+	}
+?>
+Logged in as <em><?=$loggedInText?></em> on <?=DBHOST?>
 <?php else: ?>
 <div style="float:left">
 <a href="index">Home</a> |
-- 
2.45.1