phpmyadmin/server_privileges.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * Server privileges and users manipulations
   5  *
   6  * @package PhpMyAdmin
   7  */
   8
   9 /**
  10  * include common file
  11  */
  12 require_once 'libraries/common.inc.php';
  13
  14 /**
  15  * functions implementation for this script
  16  */
  17 require_once 'libraries/display_change_password.lib.php';
  18 require_once 'libraries/server_privileges.lib.php';
  19
  20 $cfgRelation = PMA_getRelationsParam();
  21
  22 /**
  23  * Does the common work
  24  */
  25 $response = PMA_Response::getInstance();
  26 $header   = $response->getHeader();
  27 $scripts  = $header->getScripts();
  28 $scripts->addFile('server_privileges.js');
  29
  30 if ((isset($_REQUEST['viewing_mode'])
  31     && $_REQUEST['viewing_mode'] == 'server')
  32     && $GLOBALS['cfgRelation']['menuswork']
  33 ) {
  34     include_once 'libraries/server_users.lib.php';
  35     $response->addHTML('<div>');
  36     $response->addHTML(PMA_getHtmlForSubMenusOnUsersPage('server_privileges.php'));
  37 }
  38
  39 /**
  40  * Sets globals from $_POST patterns, for privileges and max_* vars
  41  */
  42
  43 $post_patterns = array(
  44     '/_priv$/i',
  45     '/^max_/i'
  46 );
  47
  48 PMA_setPostAsGlobal($post_patterns);
  49
  50 require 'libraries/server_common.inc.php';
  51
  52 /**
  53  * Messages are built using the message name
  54  */
  55 $strPrivDescAllPrivileges = __('Includes all privileges except GRANT.');
  56 $strPrivDescAlter = __('Allows altering the structure of existing tables.');
  57 $strPrivDescAlterRoutine = __('Allows altering and dropping stored routines.');
  58 $strPrivDescCreateDb = __('Allows creating new databases and tables.');
  59 $strPrivDescCreateRoutine = __('Allows creating stored routines.');
  60 $strPrivDescCreateTbl = __('Allows creating new tables.');
  61 $strPrivDescCreateTmpTable = __('Allows creating temporary tables.');
  62 $strPrivDescCreateUser = __('Allows creating, dropping and renaming user accounts.');
  63 $strPrivDescCreateView = __('Allows creating new views.');
  64 $strPrivDescDelete = __('Allows deleting data.');
  65 $strPrivDescDropDb = __('Allows dropping databases and tables.');
  66 $strPrivDescDropTbl = __('Allows dropping tables.');
  67 $strPrivDescEvent = __('Allows to set up events for the event scheduler.');
  68 $strPrivDescExecute = __('Allows executing stored routines.');
  69 $strPrivDescFile = __('Allows importing data from and exporting data into files.');
  70 $strPrivDescGrant = __(
  71     'Allows adding users and privileges without reloading the privilege tables.'
  72 );
  73 $strPrivDescIndex = __('Allows creating and dropping indexes.');
  74 $strPrivDescInsert = __('Allows inserting and replacing data.');
  75 $strPrivDescLockTables = __('Allows locking tables for the current thread.');
  76 $strPrivDescMaxConnections = __(
  77     'Limits the number of new connections the user may open per hour.'
  78 );
  79 $strPrivDescMaxQuestions = __(
  80     'Limits the number of queries the user may send to the server per hour.'
  81 );
  82 $strPrivDescMaxUpdates = __(
  83     'Limits the number of commands that change any table or database '
  84     . 'the user may execute per hour.'
  85 );
  86 $strPrivDescMaxUserConnections = __(
  87     'Limits the number of simultaneous connections the user may have.'
  88 );
  89 $strPrivDescProcess = __('Allows viewing processes of all users.');
  90 $strPrivDescReferences = __('Has no effect in this MySQL version.');
  91 $strPrivDescReload = __(
  92     'Allows reloading server settings and flushing the server\'s caches.'
  93 );
  94 $strPrivDescReplClient = __(
  95     'Allows the user to ask where the slaves / masters are.'
  96 );
  97 $strPrivDescReplSlave = __('Needed for the replication slaves.');
  98 $strPrivDescSelect = __('Allows reading data.');
  99 $strPrivDescShowDb = __('Gives access to the complete list of databases.');
 100 $strPrivDescShowView = __('Allows performing SHOW CREATE VIEW queries.');
 101 $strPrivDescShutdown = __('Allows shutting down the server.');
 102 $strPrivDescSuper = __(
 103     'Allows connecting, even if maximum number of connections is reached; '
 104     . 'required for most administrative operations like setting global variables '
 105     . 'or killing threads of other users.'
 106 );
 107 $strPrivDescTrigger = __('Allows creating and dropping triggers.');
 108 $strPrivDescUpdate = __('Allows changing data.');
 109 $strPrivDescUsage = __('No privileges.');
 110
 111 $_add_user_error = false;
 112 /**
 113  * Get DB information: username, hostname, dbname,
 114  * tablename, db_and_table, dbname_is_wildcard
 115  */
 116 list(
 117     $username, $hostname, $dbname, $tablename,
 118     $db_and_table, $dbname_is_wildcard
 119 ) = PMA_getDataForDBInfo();
 120
 121 /**
 122  * Checks if the user is allowed to do what he tries to...
 123  */
 124 if (!$GLOBALS['is_superuser'] && !$GLOBALS['is_grantuser']
 125     && !$GLOBALS['is_createuser']
 126 ) {
 127     $response->addHTML(PMA_getHtmlForSubPageHeader('privileges', '', false));
 128     $response->addHTML(PMA_Message::error(__('No Privileges'))->getDisplay());
 129     exit;
 130 }
 131
 132 /**
 133  * Checks if the user is using "Change Login Information / Copy User" dialog
 134  * only to update the password
 135  */
 136 if (isset($_REQUEST['change_copy']) && $username == $_REQUEST['old_username']
 137     && $hostname == $_REQUEST['old_hostname']
 138 ) {
 139     $response->addHTML(
 140         PMA_Message::error(
 141             __(
 142                 "Username and hostname didn't change. "
 143                 . "If you only want to change the password, "
 144                 . "'Change password' tab should be used."
 145             )
 146         )->getDisplay()
 147     );
 148     $response->isSuccess(false);
 149     exit;
 150 }
 151
 152 /**
 153  * Changes / copies a user, part I
 154  */
 155 list($queries, $password) = PMA_getDataForChangeOrCopyUser();
 156
 157 /**
 158  * Adds a user
 159  *   (Changes / copies a user, part II)
 160  */
 161 list($ret_message, $ret_queries, $queries_for_display, $sql_query, $_add_user_error)
 162     = PMA_addUser(
 163         isset($dbname)? $dbname : null,
 164         isset($username)? $username : null,
 165         isset($hostname)? $hostname : null,
 166         isset($password)? $password : null,
 167         $cfgRelation['menuswork']
 168     );
 169 //update the old variables
 170 if (isset($ret_queries)) {
 171     $queries = $ret_queries;
 172     unset($ret_queries);
 173 }
 174 if (isset($ret_message)) {
 175     $message = $ret_message;
 176     unset($ret_message);
 177 }
 178
 179 /**
 180  * Changes / copies a user, part III
 181  */
 182 if (isset($_REQUEST['change_copy'])) {
 183     $queries = PMA_getDbSpecificPrivsQueriesForChangeOrCopyUser(
 184         $queries, $username, $hostname
 185     );
 186 }
 187
 188 /**
 189  * Updates privileges
 190  */
 191 if (! empty($_POST['update_privs'])) {
 192     if (is_array($dbname)) {
 193         foreach ($dbname as $key => $db_name) {
 194             list($sql_query[$key], $message) = PMA_updatePrivileges(
 195                 (isset($username) ? $username : ''),
 196                 (isset($hostname) ? $hostname : ''),
 197                 (isset($tablename) ? $tablename : ''),
 198                 (isset($db_name) ? $db_name : '')
 199             );
 200         }
 201
 202         $sql_query = implode("\n", $sql_query);
 203     } else {
 204         list($sql_query, $message) = PMA_updatePrivileges(
 205             (isset($username) ? $username : ''),
 206             (isset($hostname) ? $hostname : ''),
 207             (isset($tablename) ? $tablename : ''),
 208             (isset($dbname) ? $dbname : '')
 209         );
 210     }
 211 }
 212
 213 /**
 214  * Assign users to user groups
 215  */
 216 if (! empty($_REQUEST['changeUserGroup']) && $cfgRelation['menuswork']
 217     && $GLOBALS['is_superuser'] && $GLOBALS['is_createuser']
 218 ) {
 219     PMA_setUserGroup($username, $_REQUEST['userGroup']);
 220     $message = PMA_Message::success();
 221 }
 222
 223 /**
 224  * Revokes Privileges
 225  */
 226 if (isset($_REQUEST['revokeall'])) {
 227     list ($message, $sql_query) = PMA_getMessageAndSqlQueryForPrivilegesRevoke(
 228         (isset($dbname) ? $dbname : ''),
 229         (isset($tablename) ? $tablename : ''),
 230         $username, $hostname
 231     );
 232 }
 233
 234 /**
 235  * Updates the password
 236  */
 237 if (isset($_REQUEST['change_pw'])) {
 238     $message = PMA_updatePassword(
 239         $err_url, $username, $hostname
 240     );
 241 }
 242
 243 /**
 244  * Deletes users
 245  *   (Changes / copies a user, part IV)
 246  */
 247 if (isset($_REQUEST['delete'])
 248     || (isset($_REQUEST['change_copy']) && $_REQUEST['mode'] < 4)
 249 ) {
 250     include_once 'libraries/relation_cleanup.lib.php';
 251     $queries = PMA_getDataForDeleteUsers($queries);
 252     if (empty($_REQUEST['change_copy'])) {
 253         list($sql_query, $message) = PMA_deleteUser($queries);
 254     }
 255 }
 256
 257 /**
 258  * Changes / copies a user, part V
 259  */
 260 if (isset($_REQUEST['change_copy'])) {
 261     $queries = PMA_getDataForQueries($queries, $queries_for_display);
 262     $message = PMA_Message::success();
 263     $sql_query = join("\n", $queries);
 264 }
 265
 266 /**
 267  * Reloads the privilege tables into memory
 268  */
 269 $message_ret = PMA_updateMessageForReload();
 270 if (isset($message_ret)) {
 271     $message = $message_ret;
 272     unset($message_ret);
 273 }
 274
 275 /**
 276  * If we are in an Ajax request for Create User/Edit User/Revoke User/
 277  * Flush Privileges, show $message and exit.
 278  */
 279 if ($GLOBALS['is_ajax_request']
 280     && empty($_REQUEST['ajax_page_request'])
 281     && ! isset($_REQUEST['export'])
 282     && (! isset($_REQUEST['submit_mult']) || $_REQUEST['submit_mult'] != 'export')
 283     && ((! isset($_REQUEST['initial']) || $_REQUEST['initial'] === null
 284     || $_REQUEST['initial'] === '')
 285     || (isset($_REQUEST['delete']) && $_REQUEST['delete'] === 'Go'))
 286     && ! isset($_REQUEST['showall'])
 287     && ! isset($_REQUEST['edit_user_group_dialog'])
 288     && ! isset($_REQUEST['db_specific'])
 289 ) {
 290     $extra_data = PMA_getExtraDataForAjaxBehavior(
 291         (isset($password) ? $password : ''),
 292         (isset($sql_query) ? $sql_query : ''),
 293         (isset($hostname) ? $hostname : ''),
 294         (isset($username) ? $username : '')
 295     );
 296
 297     if (! empty($message) && $message instanceof PMA_Message) {
 298         $response = PMA_Response::getInstance();
 299         $response->isSuccess($message->isSuccess());
 300         $response->addJSON('message', $message);
 301         $response->addJSON($extra_data);
 302         exit;
 303     }
 304 }
 305
 306 /**
 307  * Displays the links
 308  */
 309 if (isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'db') {
 310     $GLOBALS['db'] = $_REQUEST['db'] = $_REQUEST['checkprivsdb'];
 311
 312     $url_query .= '&amp;goto=db_operations.php';
 313
 314     // Gets the database structure
 315     $sub_part = '_structure';
 316     ob_start();
 317
 318     list(
 319         $tables,
 320         $num_tables,
 321         $total_num_tables,
 322         $sub_part,
 323         $is_show_stats,
 324         $db_is_system_schema,
 325         $tooltip_truename,
 326         $tooltip_aliasname,
 327         $pos
 328     ) = PMA_Util::getDbInfo($db, isset($sub_part) ? $sub_part : '');
 329
 330     $content = ob_get_contents();
 331     ob_end_clean();
 332     $response->addHTML($content . "\n");
 333 } else {
 334     if (! empty($GLOBALS['message'])) {
 335         $response->addHTML(PMA_Util::getMessage($GLOBALS['message']));
 336         unset($GLOBALS['message']);
 337     }
 338 }
 339
 340 /**
 341  * Displays the page
 342  */
 343 $response->addHTML(
 344     PMA_getHtmlForUserGroupDialog(
 345         isset($username)? $username : null,
 346         $cfgRelation['menuswork']
 347     )
 348 );
 349
 350 // export user definition
 351 if (isset($_REQUEST['export'])
 352     || (isset($_REQUEST['submit_mult']) && $_REQUEST['submit_mult'] == 'export')
 353 ) {
 354     list($title, $export) = PMA_getListForExportUserDefinition(
 355         isset($username) ? $username : null,
 356         isset($hostname) ? $hostname : null
 357     );
 358
 359     unset($username, $hostname, $grants, $one_grant);
 360
 361     $response = PMA_Response::getInstance();
 362     if ($GLOBALS['is_ajax_request']) {
 363         $response->addJSON('message', $export);
 364         $response->addJSON('title', $title);
 365         exit;
 366     } else {
 367         $response->addHTML("<h2>$title</h2>$export");
 368     }
 369 }
 370
 371 if (isset($_REQUEST['adduser'])) {
 372     // Add user
 373     $response->addHTML(
 374         PMA_getHtmlForAddUser((isset($dbname) ? $dbname : ''))
 375     );
 376 } elseif (isset($_REQUEST['checkprivsdb'])) {
 377     if (isset($_REQUEST['checkprivstable'])) {
 378         // check the privileges for a particular table.
 379         $response->addHTML(
 380             PMA_getHtmlForSpecificTablePrivileges(
 381                 $_REQUEST['checkprivsdb'], $_REQUEST['checkprivstable']
 382             )
 383         );
 384     } else {
 385         // check the privileges for a particular database.
 386         $response->addHTML(
 387             PMA_getHtmlForSpecificDbPrivileges($_REQUEST['checkprivsdb'])
 388         );
 389     }
 390 } else {
 391     if (! isset($username)) {
 392         // No username is given --> display the overview
 393         $response->addHTML(
 394             PMA_getHtmlForUserOverview($pmaThemeImage, $text_dir)
 395         );
 396     } else {
 397         // A user was selected -> display the user's properties
 398         // In an Ajax request, prevent cached values from showing
 399         if ($GLOBALS['is_ajax_request'] == true) {
 400             header('Cache-Control: no-cache');
 401         }
 402         if (isset($dbname) && ! is_array($dbname)) {
 403             $url_dbname = urlencode(
 404                 str_replace(
 405                     array('\_', '\%'),
 406                     array('_', '%'), $_REQUEST['dbname']
 407                 )
 408             );
 409         }
 410         $response->addHTML(
 411             PMA_getHtmlForUserProperties(
 412                 (isset($dbname_is_wildcard) ? $dbname_is_wildcard : ''),
 413                 (isset($url_dbname) ? $url_dbname : ''),
 414                 $username, $hostname,
 415                 (isset($dbname) ? $dbname : ''),
 416                 (isset($tablename) ? $tablename : '')
 417             )
 418         );
 419     }
 420 }
 421
 422 if ((isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'server')
 423     && $GLOBALS['cfgRelation']['menuswork']
 424 ) {
 425     $response->addHTML('</div>');
 426 }