Install: Fix database name validation (#924)

Added a check for the prefix and some info messages regarding the prefix and db name.

application/modules/install/controllers/Index.php

@@ -327,8 +327,19 @@ public function databaseAction()
             ]);
 
             if ($validation->isValid()) {
-                if ($manualDatabase || in_array($this->getRequest()->getPost('dbName'), $dbList)) {
-                    if (preg_match('/^[a-zA-Z0-9_]{1,64}$/', $this->getRequest()->getPost('dbName'))) {
+                $otherValidationsPassed = true;
+                if ($manualDatabase && !preg_match('/^[a-zA-Z0-9_]{1,64}$/', $this->getRequest()->getPost('dbName'))) {
+                    $validation->getErrorBag()->addError('dbName', $this->getTranslator()->trans('dbNameHasWrongFormat'));
+                    $otherValidationsPassed = false;
+                }
+
+                if (!preg_match('/^[a-zA-Z]+[a-zA-Z0-9_]*$/', $this->getRequest()->getPost('dbPrefix'))) {
+                    $validation->getErrorBag()->addError('dbPrefix', $this->getTranslator()->trans('dbPrefixHasWrongFormat'));
+                    $otherValidationsPassed = false;
+                }
+
+                if ($otherValidationsPassed) {
+                    if ($manualDatabase || in_array($this->getRequest()->getPost('dbName'), $dbList)) {
                         try {
                             $ilch = new \Ilch\Database\Factory();
                             $db = $ilch->getInstanceByEngine($_SESSION['install']['dbEngine']);
@@ -349,15 +360,12 @@ public function databaseAction()
                             } else {
                                 $validation->getErrorBag()->addError('dbName', $this->getTranslator()->trans('dbDatabaseDoesNotExist'));
                             }
-
                         } catch (\Exception $e) {
                             $validation->getErrorBag()->addError('dbName', $this->getTranslator()->trans('dbDatabaseCouldNotConnect'));
                         }
                     } else {
-                        $validation->getErrorBag()->addError('dbName', $this->getTranslator()->trans('dbDatabaseHasWrongFormat'));
+                        $validation->getErrorBag()->addError('dbName', $this->getTranslator()->trans('dbDatabaseDoesNotExist'));
                     }
-                } else {
-                    $validation->getErrorBag()->addError('dbName', $this->getTranslator()->trans('dbDatabaseDoesNotExist'));
                 }
             }
 

application/modules/install/translations/de.php

@@ -33,14 +33,17 @@
     'dbPassword' => 'Passwort',
     'selectDatabase' => 'Datenbank auswählen',
     'dbName' => 'Datenbank',
-    'dbPrefix' => 'Prefix',
+    'dbPrefix' => 'Präfix',
     'dbConnectionError' => 'Konnte keine Verbindung zur Datenbank herstellen',
     'dbDatabaseError' => 'Bitte wähle eine Datenbank aus',
     'dbDatabaseDoesNotExist' => 'Die gewählte Datenbank existiert nicht.',
-    'dbDatabaseHasWrongFormat' => 'Der Datenbankname hat das falsche Format.',
+    'dbNameHasWrongFormat' => 'Der Datenbankname hat das falsche Format.',
+    'dbPrefixHasWrongFormat' => 'Der Präfix hat das falsche Format.',
     'dbDatabaseCouldNotConnect' => 'Konnte keine Verbindung zum Server herstellen.',
     'dbHostInfo' => 'Die Adresse des Datenbankservers meistens localhost',
     'dbUserInfo' => 'Dein MySQL Benutzername',
+    'dbNameInfo' => 'Eingegebene Datenbanknamen dürfen nur a-z, A-Z, 0-9 und einen Unterstrich enthalten. Er darf höchstens 64 Zeichen lang sein.',
+    'dbPrefixInfo' => 'Der Präfix muss mit einem Buchstaben beginnen und es können optional alphanumerische Zeichen folgen und ein Unterstrich.',
     'writable' => 'beschreibbar',
     'notWritable' => 'nicht beschreibbar',
     'usage' => 'Benutzung',

application/modules/install/translations/en.php

@@ -33,14 +33,17 @@
     'dbPassword' => 'password',
     'selectDatabase' => 'Select database',
     'dbName' => 'Database',
-    'dbPrefix' => 'prefix',
+    'dbPrefix' => 'Prefix',
     'dbConnectionError' => 'could not connect to database-server',
     'dbDatabaseError' => 'Please select a database',
     'dbDatabaseDoesNotExist' => 'The specified database does not exist',
-    'dbDatabaseHasWrongFormat' => 'The database name is in the wrong format.',
+    'dbNameHasWrongFormat' => 'The database name is in the wrong format.',
+    'dbPrefixHasWrongFormat' => 'The prefix is in the wrong format.',
     'dbDatabaseCouldNotConnect' => 'Could not connect to server.',
     'dbHostInfo' => 'The address of the database server most localhost',
     'dbUserInfo' => 'Your MySQL username',
+    'dbNameInfo' => 'Entered database names are only allowed to contain a-z, A-Z, 0-9 and an underscore. It can only be 64 characters long.',
+    'dbPrefixInfo' => 'The prefix must start with a letter and can optionally be followed by alphanumeric characters and by an underscore.',
     'writable' => 'writable',
     'notWritable' => 'not writable',
     'usage' => 'Usage',

application/modules/install/views/index/database.php

@@ -9,32 +9,36 @@
     <label for="dbName" class="col-lg-3 control-label">
         <?=$this->getTrans('dbName') ?>:
     </label>
-    <div class="col-lg-9">
-        <?php if (count($database) > 0) : ?>
+    <?php if (count($database) > 0) : ?>
+        <div class="col-lg-9">
             <select class="form-control" id="dbName" name="dbName">
                 <option value=""><?=$this->getTrans('selectDatabase') ?></option>
                 <?php foreach ($database as $value) : ?>
                     <option <?=$this->originalInput('dbName', $this->get('dbName')) == $value ? 'selected="selected"' : '' ?> value="<?=$value ?>"><?=$this->escape($value) ?></option>
                 <?php endforeach; ?>
             </select>
-        <?php else : ?>
+        </div>
+    <?php else : ?>
+        <div class="col-lg-9 input-group">
             <input type="text"
                    class="form-control"
                    id="dbName"
                    name="dbName"
                    value="<?=$this->escape($this->originalInput('dbName', $this->get('dbName'))) ?>" />
-        <?php endif; ?>
-    </div>
+            <div class="input-group-addon" rel="tooltip" title="<?=$this->getTrans('dbNameInfo') ?>"><i class="fa-solid fa-circle-info"></i></div>
+        </div>
+    <?php endif; ?>
 </div>
 <div class="form-group <?=$this->validation()->hasError('dbPrefix') ? 'has-error' : '' ?>">
     <label for="dbPrefix" class="col-lg-3 control-label">
         <?=$this->getTrans('dbPrefix') ?>:
     </label>
-    <div class="col-lg-9">
+    <div class="col-lg-9 input-group">
         <input type="text"
                class="form-control"
                id="dbPrefix"
                name="dbPrefix"
                value="<?=$this->escape($this->originalInput('dbPrefix', $this->get('dbPrefix'))) ?>" />
+        <div class="input-group-addon" rel="tooltip" title="<?=$this->getTrans('dbPrefixInfo') ?>"><i class="fa-solid fa-circle-info"></i></div>
     </div>
 </div>