phpmyadmin/libraries/List_Database.class.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * holds the PMA_List_Database class
   5  *
   6  * @package PhpMyAdmin
   7  */
   8 if (! defined('PHPMYADMIN')) {
   9     exit;
  10 }
  11
  12 /**
  13  * the list base class
  14  */
  15 require_once './libraries/List.class.php';
  16
  17 /**
  18  * handles database lists
  19  *
  20  * <code>
  21  * $PMA_List_Database = new PMA_List_Database($userlink, $controllink);
  22  * </code>
  23  *
  24  * @todo this object should be attached to the PMA_Server object
  25  * @todo ? make use of INFORMATION_SCHEMA
  26  * @todo ? support --skip-showdatabases and user has only global rights
  27  *
  28  * @package PhpMyAdmin
  29  * @since   phpMyAdmin 2.9.10
  30  */
  31 class PMA_List_Database extends PMA_List
  32 {
  33     /**
  34      * @var mixed   database link resource|object to be used
  35      * @access protected
  36      */
  37     protected $db_link = null;
  38
  39     /**
  40      * @var mixed   user database link resource|object
  41      * @access protected
  42      */
  43     protected $db_link_user = null;
  44
  45     /**
  46      * @var mixed   controluser database link resource|object
  47      * @access protected
  48      */
  49     protected $db_link_control = null;
  50
  51     /**
  52      * @var boolean whether SHOW DATABASES is disabled or not
  53      * @access protected
  54      */
  55     protected $show_databases_disabled = false;
  56
  57     /**
  58      * @var string command to retrieve databases from server
  59      * @access protected
  60      */
  61     protected $command = null;
  62
  63     /**
  64      * Constructor
  65      *
  66      * @param mixed $db_link_user    user database link resource|object
  67      * @param mixed $db_link_control control database link resource|object
  68      *
  69      * @return void
  70      */
  71     public function __construct($db_link_user = null, $db_link_control = null)
  72     {
  73         $this->db_link = $db_link_user;
  74         $this->db_link_user = $db_link_user;
  75         $this->db_link_control = $db_link_control;
  76
  77         parent::__construct();
  78         $this->build();
  79     }
  80
  81     /**
  82      * checks if the configuration wants to hide some databases
  83      *
  84      * @return void
  85      */
  86     protected function checkHideDatabase()
  87     {
  88         if (empty($GLOBALS['cfg']['Server']['hide_db'])) {
  89             return;
  90         }
  91
  92         foreach ($this->getArrayCopy() as $key => $db) {
  93             if (preg_match('/' . $GLOBALS['cfg']['Server']['hide_db'] . '/', $db)) {
  94                 $this->offsetUnset($key);
  95             }
  96         }
  97     }
  98
  99     /**
 100      * retrieves database list from server
 101      *
 102      * @param string $like_db_name usally a db_name containing wildcards
 103      *
 104      * @return array
 105      * @todo   we could also search mysql tables if all fail?
 106      */
 107     protected function retrieve($like_db_name = null)
 108     {
 109         if ($this->show_databases_disabled) {
 110             return array();
 111         }
 112
 113         if (null !== $like_db_name) {
 114             $command = "SHOW DATABASES LIKE '" . $like_db_name . "'";
 115         } elseif (null === $this->command) {
 116             $command = str_replace(
 117                 '#user#', $GLOBALS['cfg']['Server']['user'],
 118                 $GLOBALS['cfg']['Server']['ShowDatabasesCommand']
 119             );
 120             $this->command = $command;
 121         } else {
 122             $command = $this->command;
 123         }
 124
 125         $database_list = PMA_DBI_fetch_result($command, null, null, $this->db_link);
 126         PMA_DBI_getError();
 127
 128         if ($GLOBALS['errno'] !== 0) {
 129             // failed to get database list, try the control user
 130             // (hopefully there is one and he has SHOW DATABASES right)
 131             $this->db_link = $this->db_link_control;
 132             $database_list = PMA_DBI_fetch_result(
 133                 $command, null, null, $this->db_link
 134             );
 135
 136             PMA_DBI_getError();
 137
 138             if ($GLOBALS['errno'] !== 0) {
 139                 // failed! we will display a warning that phpMyAdmin could not safely
 140                 // retrieve database list, the admin has to setup a control user or
 141                 // allow SHOW DATABASES
 142                 $GLOBALS['error_showdatabases'] = true;
 143                 $this->show_databases_disabled = true;
 144             }
 145         }
 146
 147         if ($GLOBALS['cfg']['NaturalOrder']) {
 148             natsort($database_list);
 149         } else {
 150             // need to sort anyway, otherwise information_schema
 151             // goes at the top
 152             sort($database_list);
 153         }
 154
 155         return $database_list;
 156     }
 157
 158     /**
 159      * builds up the list
 160      *
 161      * @return void
 162      */
 163     public function build()
 164     {
 165         if (! $this->checkOnlyDatabase()) {
 166             $items = $this->retrieve();
 167             $this->exchangeArray($items);
 168         }
 169
 170         $this->checkHideDatabase();
 171     }
 172
 173     /**
 174      * checks the only_db configuration
 175      *
 176      * @return boolean false if there is no only_db, otherwise true
 177      */
 178     protected function checkOnlyDatabase()
 179     {
 180         if (is_string($GLOBALS['cfg']['Server']['only_db'])
 181             && strlen($GLOBALS['cfg']['Server']['only_db'])
 182         ) {
 183             $GLOBALS['cfg']['Server']['only_db'] = array(
 184                 $GLOBALS['cfg']['Server']['only_db']
 185             );
 186         }
 187
 188         if (! is_array($GLOBALS['cfg']['Server']['only_db'])) {
 189             return false;
 190         }
 191
 192         $items = array();
 193
 194         foreach ($GLOBALS['cfg']['Server']['only_db'] as $each_only_db) {
 195
 196             // check if the db name contains wildcard,
 197             // thus containing not escaped _ or %
 198             if (! preg_match('/(^|[^\\\\])(_|%)/', $each_only_db)) {
 199                 // ... not contains wildcard
 200                 $items[] = PMA_Util::unescapeMysqlWildcards($each_only_db);
 201                 continue;
 202             }
 203
 204             if (! $this->show_databases_disabled) {
 205                 $items = array_merge($items, $this->retrieve($each_only_db));
 206                 continue;
 207             }
 208
 209             // @todo induce error, about not using wildcards
 210             // with SHOW DATABASE disabled?
 211         }
 212
 213         $this->exchangeArray($items);
 214
 215         return true;
 216     }
 217
 218     /**
 219      * returns default item
 220      *
 221      * @return string default item
 222      */
 223     public function getDefault()
 224     {
 225         if (strlen($GLOBALS['db'])) {
 226             return $GLOBALS['db'];
 227         }
 228
 229         return $this->getEmpty();
 230     }
 231
 232     /**
 233      * this is just a backup, if all is fine this can be deleted later
 234      *
 235      * @deprecated
 236      * @return void
 237      */
 238     protected function checkAgainstPrivTables()
 239     {
 240         // 1. get allowed dbs from the "mysql.db" table
 241         // User can be blank (anonymous user)
 242         $local_query = "
 243             SELECT DISTINCT `Db` FROM `mysql`.`db`
 244             WHERE `Select_priv` = 'Y'
 245             AND `User`
 246             IN ('" . PMA_Util::sqlAddSlashes($GLOBALS['cfg']['Server']['user']) . "', '')";
 247         $tmp_mydbs = PMA_DBI_fetch_result(
 248             $local_query, null, null, $GLOBALS['controllink']
 249         );
 250         if ($tmp_mydbs) {
 251             // Will use as associative array of the following 2 code
 252             // lines:
 253             //   the 1st is the only line intact from before
 254             //     correction,
 255             //   the 2nd replaces $dblist[] = $row['Db'];
 256
 257             // Code following those 2 lines in correction continues
 258             // populating $dblist[], as previous code did. But it is
 259             // now populated with actual database names instead of
 260             // with regular expressions.
 261             $tmp_alldbs = PMA_DBI_query('SHOW DATABASES;', $GLOBALS['controllink']);
 262             // all databases cases - part 2
 263             if (isset($tmp_mydbs['%'])) {
 264                 while ($tmp_row = PMA_DBI_fetch_row($tmp_alldbs)) {
 265                     $dblist[] = $tmp_row[0];
 266                 } // end while
 267             } else {
 268                 while ($tmp_row = PMA_DBI_fetch_row($tmp_alldbs)) {
 269                     $tmp_db = $tmp_row[0];
 270                     if (isset($tmp_mydbs[$tmp_db]) && $tmp_mydbs[$tmp_db] == 1) {
 271                         $dblist[]           = $tmp_db;
 272                         $tmp_mydbs[$tmp_db] = 0;
 273                     } elseif (! isset($dblist[$tmp_db])) {
 274                         foreach ($tmp_mydbs as $tmp_matchpattern => $tmp_value) {
 275                             // fixed bad regexp
 276                             // TODO: db names may contain characters
 277                             //       that are regexp instructions
 278                             $re        = '(^|(\\\\\\\\)+|[^\])';
 279                             $tmp_regex = preg_replace(
 280                                 '/' . addcslashes($re, '/') . '%/',
 281                                 '\\1.*',
 282                                 preg_replace(
 283                                     '/' . addcslashes($re, '/') . '_/',
 284                                     '\\1.{1}',
 285                                     $tmp_matchpattern
 286                                 )
 287                             );
 288                             // Fixed db name matching
 289                             // 2000-08-28 -- Benjamin Gandon
 290                             if (preg_match('/^' . addcslashes($tmp_regex, '/') . '$/', $tmp_db)) {
 291                                 $dblist[] = $tmp_db;
 292                                 break;
 293                             }
 294                         } // end while
 295                     } // end if ... elseif ...
 296                 } // end while
 297             } // end else
 298             PMA_DBI_free_result($tmp_alldbs);
 299             unset($tmp_mydbs);
 300         } // end if
 301
 302         // 2. get allowed dbs from the "mysql.tables_priv" table
 303         $local_query = 'SELECT DISTINCT `Db` FROM `mysql`.`tables_priv`';
 304         $local_query .= ' WHERE `Table_priv` LIKE \'%Select%\'';
 305         $local_query .= ' AND `User` = \'';
 306         $local_query .= PMA_Util::sqlAddSlashes($GLOBALS['cfg']['Server']['user']) . '\'';
 307         $rs          = PMA_DBI_try_query($local_query, $GLOBALS['controllink']);
 308         if ($rs && @PMA_DBI_num_rows($rs)) {
 309             while ($row = PMA_DBI_fetch_assoc($rs)) {
 310                 if (!in_array($row['Db'], $dblist)) {
 311                     $dblist[] = $row['Db'];
 312                 }
 313             } // end while
 314             PMA_DBI_free_result($rs);
 315         } // end if
 316     }
 317 }
 318 ?>