phpmyadmin/server_privileges.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * Server privileges and users manipulations
   5  *
   6  * @package PhpMyAdmin
   7  */
   8
   9 /**
  10  * include common file
  11  */
  12 require_once 'libraries/common.inc.php';
  13
  14 /**
  15  * functions implementation for this script
  16  */
  17 require_once 'libraries/display_change_password.lib.php';
  18 require_once 'libraries/server_privileges.lib.php';
  19
  20 $cfgRelation = PMA_getRelationsParam();
  21
  22 /**
  23  * Does the common work
  24  */
  25 $response = PMA_Response::getInstance();
  26 $header   = $response->getHeader();
  27 $scripts  = $header->getScripts();
  28 $scripts->addFile('server_privileges.js');
  29
  30 if ((isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'server')
  31     && $GLOBALS['cfgRelation']['menuswork']
  32 ) {
  33     include_once 'libraries/server_users.lib.php';
  34     $response->addHTML('<div>');
  35     $response->addHTML(PMA_getHtmlForSubMenusOnUsersPage('server_privileges.php'));
  36 }
  37
  38 /**
  39  * Sets globals from $_POST patterns, for privileges and max_* vars
  40  */
  41
  42 $post_patterns = array(
  43     '/_priv$/i',
  44     '/^max_/i'
  45 );
  46 foreach (array_keys($_POST) as $post_key) {
  47     foreach ($post_patterns as $one_post_pattern) {
  48         if (preg_match($one_post_pattern, $post_key)) {
  49             $GLOBALS[$post_key] = $_POST[$post_key];
  50         }
  51     }
  52 }
  53
  54 require 'libraries/server_common.inc.php';
  55
  56 /**
  57  * Messages are built using the message name
  58  */
  59 $strPrivDescAllPrivileges = __('Includes all privileges except GRANT.');
  60 $strPrivDescAlter = __('Allows altering the structure of existing tables.');
  61 $strPrivDescAlterRoutine = __('Allows altering and dropping stored routines.');
  62 $strPrivDescCreateDb = __('Allows creating new databases and tables.');
  63 $strPrivDescCreateRoutine = __('Allows creating stored routines.');
  64 $strPrivDescCreateTbl = __('Allows creating new tables.');
  65 $strPrivDescCreateTmpTable = __('Allows creating temporary tables.');
  66 $strPrivDescCreateUser = __('Allows creating, dropping and renaming user accounts.');
  67 $strPrivDescCreateView = __('Allows creating new views.');
  68 $strPrivDescDelete = __('Allows deleting data.');
  69 $strPrivDescDropDb = __('Allows dropping databases and tables.');
  70 $strPrivDescDropTbl = __('Allows dropping tables.');
  71 $strPrivDescEvent = __('Allows to set up events for the event scheduler.');
  72 $strPrivDescExecute = __('Allows executing stored routines.');
  73 $strPrivDescFile = __('Allows importing data from and exporting data into files.');
  74 $strPrivDescGrant = __(
  75     'Allows adding users and privileges without reloading the privilege tables.'
  76 );
  77 $strPrivDescIndex = __('Allows creating and dropping indexes.');
  78 $strPrivDescInsert = __('Allows inserting and replacing data.');
  79 $strPrivDescLockTables = __('Allows locking tables for the current thread.');
  80 $strPrivDescMaxConnections = __(
  81     'Limits the number of new connections the user may open per hour.'
  82 );
  83 $strPrivDescMaxQuestions = __(
  84     'Limits the number of queries the user may send to the server per hour.'
  85 );
  86 $strPrivDescMaxUpdates = __(
  87     'Limits the number of commands that change any table or database '
  88     . 'the user may execute per hour.'
  89 );
  90 $strPrivDescMaxUserConnections = __(
  91     'Limits the number of simultaneous connections the user may have.'
  92 );
  93 $strPrivDescProcess = __('Allows viewing processes of all users.');
  94 $strPrivDescReferences = __('Has no effect in this MySQL version.');
  95 $strPrivDescReload = __(
  96     'Allows reloading server settings and flushing the server\'s caches.'
  97 );
  98 $strPrivDescReplClient = __(
  99     'Allows the user to ask where the slaves / masters are.'
 100 );
 101 $strPrivDescReplSlave = __('Needed for the replication slaves.');
 102 $strPrivDescSelect = __('Allows reading data.');
 103 $strPrivDescShowDb = __('Gives access to the complete list of databases.');
 104 $strPrivDescShowView = __('Allows performing SHOW CREATE VIEW queries.');
 105 $strPrivDescShutdown = __('Allows shutting down the server.');
 106 $strPrivDescSuper = __(
 107     'Allows connecting, even if maximum number of connections is reached; '
 108     . 'required for most administrative operations like setting global variables '
 109     . 'or killing threads of other users.'
 110 );
 111 $strPrivDescTrigger = __('Allows creating and dropping triggers.');
 112 $strPrivDescUpdate = __('Allows changing data.');
 113 $strPrivDescUsage = __('No privileges.');
 114
 115 $_add_user_error = false;
 116 /**
 117  * Get DB information: username, hostname, dbname,
 118  * tablename, db_and_table, dbname_is_wildcard
 119  */
 120 list(
 121     $username, $hostname, $dbname, $tablename,
 122     $db_and_table, $dbname_is_wildcard
 123 ) = PMA_getDataForDBInfo();
 124
 125 /**
 126  * Checks if the user is allowed to do what he tries to...
 127  */
 128 if (! $is_superuser) {
 129     $response->addHTML(PMA_getHtmlForSubPageHeader('privileges', '', false));
 130     $response->addHTML(PMA_Message::error(__('No Privileges'))->getDisplay());
 131     exit;
 132 }
 133
 134 /**
 135  * Checks if the user is using "Change Login Information / Copy User" dialog
 136  * only to update the password
 137  */
 138 if (isset($_REQUEST['change_copy']) && $username == $_REQUEST['old_username']
 139     && $hostname == $_REQUEST['old_hostname']
 140 ) {
 141     $response->addHTML(
 142         PMA_Message::error(__('Username and hostname didn\'t change.'))->getDisplay()
 143     );
 144     $response->isSuccess(false);
 145     exit;
 146 }
 147
 148 /**
 149  * Changes / copies a user, part I
 150  */
 151 list($queries, $password) = PMA_getDataForChangeOrCopyUser();
 152
 153 /**
 154  * Adds a user
 155  *   (Changes / copies a user, part II)
 156  */
 157 list($ret_message, $ret_queries, $queries_for_display, $sql_query, $_add_user_error)
 158     = PMA_addUser(
 159         isset($dbname)? $dbname : null,
 160         isset($username)? $username : null,
 161         isset($hostname)? $hostname : null,
 162         isset($password)? $password : null,
 163         $cfgRelation['menuswork']
 164     );
 165 //update the old variables
 166 if (isset($ret_queries)) {
 167     $queries = $ret_queries;
 168     unset($ret_queries);
 169 }
 170 if (isset($ret_message)) {
 171     $message = $ret_message;
 172     unset($ret_message);
 173 }
 174
 175 /**
 176  * Changes / copies a user, part III
 177  */
 178 if (isset($_REQUEST['change_copy'])) {
 179     $queries = PMA_getDbSpecificPrivsQueriesForChangeOrCopyUser(
 180         $queries, $username, $hostname
 181     );
 182 }
 183
 184 /**
 185  * Updates privileges
 186  */
 187 if (! empty($_POST['update_privs'])) {
 188     list($sql_query, $message) = PMA_updatePrivileges(
 189         (isset($username) ? $username : ''),
 190         (isset($hostname) ? $hostname : ''),
 191         (isset($tablename) ? $tablename : ''),
 192         (isset($dbname) ? $dbname : '')
 193     );
 194 }
 195
 196 /**
 197  * Assign users to user groups
 198  */
 199 if (! empty($_REQUEST['changeUserGroup']) && $cfgRelation['menuswork']) {
 200     PMA_setUserGroup($username, $_REQUEST['userGroup']);
 201     $message = PMA_Message::success();
 202 }
 203
 204 /**
 205  * Revokes Privileges
 206  */
 207 if (isset($_REQUEST['revokeall'])) {
 208     list ($message, $sql_query) = PMA_getMessageAndSqlQueryForPrivilegesRevoke(
 209         $db_and_table,
 210         (isset($dbname) ? $dbname : ''),
 211         (isset($tablename) ? $tablename : ''),
 212         $username, $hostname
 213     );
 214 }
 215
 216 /**
 217  * Updates the password
 218  */
 219 if (isset($_REQUEST['change_pw'])) {
 220     $message = PMA_updatePassword(
 221         $err_url, $username, $hostname
 222     );
 223 }
 224
 225 /**
 226  * Deletes users
 227  *   (Changes / copies a user, part IV)
 228  */
 229 if (isset($_REQUEST['delete'])
 230     || (isset($_REQUEST['change_copy']) && $_REQUEST['mode'] < 4)
 231 ) {
 232     $queries = PMA_getDataForDeleteUsers($queries);
 233     if (empty($_REQUEST['change_copy'])) {
 234         list($sql_query, $message) = PMA_deleteUser($queries);
 235     }
 236 }
 237
 238 /**
 239  * Changes / copies a user, part V
 240  */
 241 if (isset($_REQUEST['change_copy'])) {
 242     $queries = PMA_getDataForQueries($queries, $queries_for_display);
 243     $message = PMA_Message::success();
 244     $sql_query = join("\n", $queries);
 245 }
 246
 247 /**
 248  * Reloads the privilege tables into memory
 249  */
 250 $message_ret = PMA_updateMessageForReload();
 251 if (isset($message_ret)) {
 252     $message = $message_ret;
 253     unset($message_ret);
 254 }
 255
 256 /**
 257  * If we are in an Ajax request for Create User/Edit User/Revoke User/
 258  * Flush Privileges, show $message and exit.
 259  */
 260 if ($GLOBALS['is_ajax_request']
 261     && empty($_REQUEST['ajax_page_request'])
 262     && ! isset($_REQUEST['export'])
 263     && (! isset($_REQUEST['submit_mult']) || $_REQUEST['submit_mult'] != 'export')
 264     && (! isset($_REQUEST['adduser']) || $_add_user_error)
 265     && (! isset($_REQUEST['initial']) || empty($_REQUEST['initial']))
 266     && ! isset($_REQUEST['showall'])
 267     && ! isset($_REQUEST['edit_user_dialog'])
 268     && ! isset($_REQUEST['edit_user_group_dialog'])
 269     && ! isset($_REQUEST['db_specific'])
 270 ) {
 271     $extra_data = PMA_getExtraDataForAjaxBehavior(
 272         (isset($password) ? $password : ''),
 273         (isset($sql_query) ? $sql_query : ''),
 274         (isset($hostname) ? $hostname : ''),
 275         (isset($username) ? $username : '')
 276     );
 277
 278     if (! empty($message) && $message instanceof PMA_Message) {
 279         $response = PMA_Response::getInstance();
 280         $response->isSuccess($message->isSuccess());
 281         $response->addJSON('message', $message);
 282         $response->addJSON($extra_data);
 283         exit;
 284     }
 285 }
 286
 287 /**
 288  * Displays the links
 289  */
 290 if (isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'db') {
 291     $_REQUEST['db'] = $_REQUEST['checkprivsdb'];
 292
 293     $url_query .= '&amp;goto=db_operations.php';
 294
 295     // Gets the database structure
 296     $sub_part = '_structure';
 297     ob_start();
 298     include 'libraries/db_info.inc.php';
 299     $content = ob_get_contents();
 300     ob_end_clean();
 301     $response->addHTML($content . "\n");
 302 } else {
 303     if (! empty($GLOBALS['message'])) {
 304         $response->addHTML(PMA_Util::getMessage($GLOBALS['message']));
 305         unset($GLOBALS['message']);
 306     }
 307 }
 308
 309 /**
 310  * Displays the page
 311  */
 312 $response->addHTML(
 313     PMA_getHtmlForUserGroupDialog(
 314         isset($username)? $username : null,
 315         $cfgRelation['menuswork']
 316     )
 317 );
 318
 319 // export user definition
 320 if (isset($_REQUEST['export'])
 321     || (isset($_REQUEST['submit_mult']) && $_REQUEST['submit_mult'] == 'export')
 322 ) {
 323     list($title, $export) = PMA_getListForExportUserDefinition(
 324         isset($username) ? $username : null,
 325         isset($hostname) ? $hostname : null
 326     );
 327
 328     unset($username, $hostname, $grants, $one_grant);
 329
 330     $response = PMA_Response::getInstance();
 331     if ($GLOBALS['is_ajax_request']) {
 332         $response->addJSON('message', $export);
 333         $response->addJSON('title', $title);
 334         exit;
 335     } else {
 336         $response->addHTML("<h2>$title</h2>$export");
 337     }
 338 }
 339
 340 if (isset($_REQUEST['adduser'])) {
 341     // Add user
 342     $response->addHTML(
 343         PMA_getHtmlForAddUser((isset($dbname) ? $dbname : ''))
 344     );
 345 } elseif (isset($_REQUEST['checkprivsdb'])) {
 346     if (isset($_REQUEST['checkprivstable'])) {
 347         // check the privileges for a particular table.
 348         $response->addHTML(
 349             PMA_getHtmlForSpecificTablePrivileges(
 350                 $_REQUEST['checkprivsdb'], $_REQUEST['checkprivstable']
 351             )
 352         );
 353     } else {
 354         // check the privileges for a particular database.
 355         $response->addHTML(
 356             PMA_getHtmlForSpecificDbPrivileges($_REQUEST['checkprivsdb'])
 357         );
 358     }
 359 } else {
 360     if (! isset($username)) {
 361         // No username is given --> display the overview
 362         $response->addHTML(
 363             PMA_getHtmlForUserOverview($pmaThemeImage, $text_dir)
 364         );
 365     } else {
 366         // A user was selected -> display the user's properties
 367         // In an Ajax request, prevent cached values from showing
 368         if ($GLOBALS['is_ajax_request'] == true) {
 369             header('Cache-Control: no-cache');
 370         }
 371         $url_dbname = urlencode(
 372             str_replace(
 373                 array('\_', '\%'),
 374                 array('_', '%'), $_REQUEST['dbname']
 375             )
 376         );
 377         $response->addHTML(
 378             PMA_getHtmlForUserProperties(
 379                 ((isset ($dbname_is_wildcard)) ? $dbname_is_wildcard : ''),
 380                 $url_dbname, $username, $hostname,
 381                 (isset($dbname) ? $dbname : ''),
 382                 (isset($tablename) ? $tablename : '')
 383             )
 384         );
 385     }
 386 }
 387
 388 if ((isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'server')
 389     && $GLOBALS['cfgRelation']['menuswork']
 390 ) {
 391     $response->addHTML('</div>');
 392 }
 393
 394 ?>