Remove concurrent_layout and clarify layout and themes selections (#272)
[openemr.git] / phpmyadmin / server_privileges.php
blob161da2ee1a90fa5dadb57431a5b349cd516c4b9e
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Server privileges and users manipulations
6 * @package PhpMyAdmin
7 */
9 /**
10 * include common file
12 require_once 'libraries/common.inc.php';
14 /**
15 * functions implementation for this script
17 require_once 'libraries/display_change_password.lib.php';
18 require_once 'libraries/server_privileges.lib.php';
20 $cfgRelation = PMA_getRelationsParam();
22 /**
23 * Does the common work
25 $response = PMA_Response::getInstance();
26 $header = $response->getHeader();
27 $scripts = $header->getScripts();
28 $scripts->addFile('server_privileges.js');
30 if ((isset($_REQUEST['viewing_mode'])
31 && $_REQUEST['viewing_mode'] == 'server')
32 && $GLOBALS['cfgRelation']['menuswork']
33 ) {
34 include_once 'libraries/server_users.lib.php';
35 $response->addHTML('<div>');
36 $response->addHTML(PMA_getHtmlForSubMenusOnUsersPage('server_privileges.php'));
39 /**
40 * Sets globals from $_POST patterns, for privileges and max_* vars
43 $post_patterns = array(
44 '/_priv$/i',
45 '/^max_/i'
48 PMA_setPostAsGlobal($post_patterns);
50 require 'libraries/server_common.inc.php';
52 /**
53 * Messages are built using the message name
55 $strPrivDescAllPrivileges = __('Includes all privileges except GRANT.');
56 $strPrivDescAlter = __('Allows altering the structure of existing tables.');
57 $strPrivDescAlterRoutine = __('Allows altering and dropping stored routines.');
58 $strPrivDescCreateDb = __('Allows creating new databases and tables.');
59 $strPrivDescCreateRoutine = __('Allows creating stored routines.');
60 $strPrivDescCreateTbl = __('Allows creating new tables.');
61 $strPrivDescCreateTmpTable = __('Allows creating temporary tables.');
62 $strPrivDescCreateUser = __('Allows creating, dropping and renaming user accounts.');
63 $strPrivDescCreateView = __('Allows creating new views.');
64 $strPrivDescDelete = __('Allows deleting data.');
65 $strPrivDescDropDb = __('Allows dropping databases and tables.');
66 $strPrivDescDropTbl = __('Allows dropping tables.');
67 $strPrivDescEvent = __('Allows to set up events for the event scheduler.');
68 $strPrivDescExecute = __('Allows executing stored routines.');
69 $strPrivDescFile = __('Allows importing data from and exporting data into files.');
70 $strPrivDescGrant = __(
71 'Allows adding users and privileges without reloading the privilege tables.'
73 $strPrivDescIndex = __('Allows creating and dropping indexes.');
74 $strPrivDescInsert = __('Allows inserting and replacing data.');
75 $strPrivDescLockTables = __('Allows locking tables for the current thread.');
76 $strPrivDescMaxConnections = __(
77 'Limits the number of new connections the user may open per hour.'
79 $strPrivDescMaxQuestions = __(
80 'Limits the number of queries the user may send to the server per hour.'
82 $strPrivDescMaxUpdates = __(
83 'Limits the number of commands that change any table or database '
84 . 'the user may execute per hour.'
86 $strPrivDescMaxUserConnections = __(
87 'Limits the number of simultaneous connections the user may have.'
89 $strPrivDescProcess = __('Allows viewing processes of all users.');
90 $strPrivDescReferences = __('Has no effect in this MySQL version.');
91 $strPrivDescReload = __(
92 'Allows reloading server settings and flushing the server\'s caches.'
94 $strPrivDescReplClient = __(
95 'Allows the user to ask where the slaves / masters are.'
97 $strPrivDescReplSlave = __('Needed for the replication slaves.');
98 $strPrivDescSelect = __('Allows reading data.');
99 $strPrivDescShowDb = __('Gives access to the complete list of databases.');
100 $strPrivDescShowView = __('Allows performing SHOW CREATE VIEW queries.');
101 $strPrivDescShutdown = __('Allows shutting down the server.');
102 $strPrivDescSuper = __(
103 'Allows connecting, even if maximum number of connections is reached; '
104 . 'required for most administrative operations like setting global variables '
105 . 'or killing threads of other users.'
107 $strPrivDescTrigger = __('Allows creating and dropping triggers.');
108 $strPrivDescUpdate = __('Allows changing data.');
109 $strPrivDescUsage = __('No privileges.');
111 $_add_user_error = false;
113 * Get DB information: username, hostname, dbname,
114 * tablename, db_and_table, dbname_is_wildcard
116 list(
117 $username, $hostname, $dbname, $tablename,
118 $db_and_table, $dbname_is_wildcard
119 ) = PMA_getDataForDBInfo();
122 * Checks if the user is allowed to do what he tries to...
124 if (!$GLOBALS['is_superuser'] && !$GLOBALS['is_grantuser']
125 && !$GLOBALS['is_createuser']
127 $response->addHTML(PMA_getHtmlForSubPageHeader('privileges', '', false));
128 $response->addHTML(PMA_Message::error(__('No Privileges'))->getDisplay());
129 exit;
133 * Checks if the user is using "Change Login Information / Copy User" dialog
134 * only to update the password
136 if (isset($_REQUEST['change_copy']) && $username == $_REQUEST['old_username']
137 && $hostname == $_REQUEST['old_hostname']
139 $response->addHTML(
140 PMA_Message::error(
142 "Username and hostname didn't change. "
143 . "If you only want to change the password, "
144 . "'Change password' tab should be used."
146 )->getDisplay()
148 $response->isSuccess(false);
149 exit;
153 * Changes / copies a user, part I
155 list($queries, $password) = PMA_getDataForChangeOrCopyUser();
158 * Adds a user
159 * (Changes / copies a user, part II)
161 list($ret_message, $ret_queries, $queries_for_display, $sql_query, $_add_user_error)
162 = PMA_addUser(
163 isset($dbname)? $dbname : null,
164 isset($username)? $username : null,
165 isset($hostname)? $hostname : null,
166 isset($password)? $password : null,
167 $cfgRelation['menuswork']
169 //update the old variables
170 if (isset($ret_queries)) {
171 $queries = $ret_queries;
172 unset($ret_queries);
174 if (isset($ret_message)) {
175 $message = $ret_message;
176 unset($ret_message);
180 * Changes / copies a user, part III
182 if (isset($_REQUEST['change_copy'])) {
183 $queries = PMA_getDbSpecificPrivsQueriesForChangeOrCopyUser(
184 $queries, $username, $hostname
189 * Updates privileges
191 if (! empty($_POST['update_privs'])) {
192 if (is_array($dbname)) {
193 foreach ($dbname as $key => $db_name) {
194 list($sql_query[$key], $message) = PMA_updatePrivileges(
195 (isset($username) ? $username : ''),
196 (isset($hostname) ? $hostname : ''),
197 (isset($tablename) ? $tablename : ''),
198 (isset($db_name) ? $db_name : '')
202 $sql_query = implode("\n", $sql_query);
203 } else {
204 list($sql_query, $message) = PMA_updatePrivileges(
205 (isset($username) ? $username : ''),
206 (isset($hostname) ? $hostname : ''),
207 (isset($tablename) ? $tablename : ''),
208 (isset($dbname) ? $dbname : '')
214 * Assign users to user groups
216 if (! empty($_REQUEST['changeUserGroup']) && $cfgRelation['menuswork']
217 && $GLOBALS['is_superuser'] && $GLOBALS['is_createuser']
219 PMA_setUserGroup($username, $_REQUEST['userGroup']);
220 $message = PMA_Message::success();
224 * Revokes Privileges
226 if (isset($_REQUEST['revokeall'])) {
227 list ($message, $sql_query) = PMA_getMessageAndSqlQueryForPrivilegesRevoke(
228 (isset($dbname) ? $dbname : ''),
229 (isset($tablename) ? $tablename : ''),
230 $username, $hostname
235 * Updates the password
237 if (isset($_REQUEST['change_pw'])) {
238 $message = PMA_updatePassword(
239 $err_url, $username, $hostname
244 * Deletes users
245 * (Changes / copies a user, part IV)
247 if (isset($_REQUEST['delete'])
248 || (isset($_REQUEST['change_copy']) && $_REQUEST['mode'] < 4)
250 include_once 'libraries/relation_cleanup.lib.php';
251 $queries = PMA_getDataForDeleteUsers($queries);
252 if (empty($_REQUEST['change_copy'])) {
253 list($sql_query, $message) = PMA_deleteUser($queries);
258 * Changes / copies a user, part V
260 if (isset($_REQUEST['change_copy'])) {
261 $queries = PMA_getDataForQueries($queries, $queries_for_display);
262 $message = PMA_Message::success();
263 $sql_query = join("\n", $queries);
267 * Reloads the privilege tables into memory
269 $message_ret = PMA_updateMessageForReload();
270 if (isset($message_ret)) {
271 $message = $message_ret;
272 unset($message_ret);
276 * If we are in an Ajax request for Create User/Edit User/Revoke User/
277 * Flush Privileges, show $message and exit.
279 if ($GLOBALS['is_ajax_request']
280 && empty($_REQUEST['ajax_page_request'])
281 && ! isset($_REQUEST['export'])
282 && (! isset($_REQUEST['submit_mult']) || $_REQUEST['submit_mult'] != 'export')
283 && ((! isset($_REQUEST['initial']) || $_REQUEST['initial'] === null
284 || $_REQUEST['initial'] === '')
285 || (isset($_REQUEST['delete']) && $_REQUEST['delete'] === 'Go'))
286 && ! isset($_REQUEST['showall'])
287 && ! isset($_REQUEST['edit_user_group_dialog'])
288 && ! isset($_REQUEST['db_specific'])
290 $extra_data = PMA_getExtraDataForAjaxBehavior(
291 (isset($password) ? $password : ''),
292 (isset($sql_query) ? $sql_query : ''),
293 (isset($hostname) ? $hostname : ''),
294 (isset($username) ? $username : '')
297 if (! empty($message) && $message instanceof PMA_Message) {
298 $response = PMA_Response::getInstance();
299 $response->isSuccess($message->isSuccess());
300 $response->addJSON('message', $message);
301 $response->addJSON($extra_data);
302 exit;
307 * Displays the links
309 if (isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'db') {
310 $GLOBALS['db'] = $_REQUEST['db'] = $_REQUEST['checkprivsdb'];
312 $url_query .= '&amp;goto=db_operations.php';
314 // Gets the database structure
315 $sub_part = '_structure';
316 ob_start();
318 list(
319 $tables,
320 $num_tables,
321 $total_num_tables,
322 $sub_part,
323 $is_show_stats,
324 $db_is_system_schema,
325 $tooltip_truename,
326 $tooltip_aliasname,
327 $pos
328 ) = PMA_Util::getDbInfo($db, isset($sub_part) ? $sub_part : '');
330 $content = ob_get_contents();
331 ob_end_clean();
332 $response->addHTML($content . "\n");
333 } else {
334 if (! empty($GLOBALS['message'])) {
335 $response->addHTML(PMA_Util::getMessage($GLOBALS['message']));
336 unset($GLOBALS['message']);
341 * Displays the page
343 $response->addHTML(
344 PMA_getHtmlForUserGroupDialog(
345 isset($username)? $username : null,
346 $cfgRelation['menuswork']
350 // export user definition
351 if (isset($_REQUEST['export'])
352 || (isset($_REQUEST['submit_mult']) && $_REQUEST['submit_mult'] == 'export')
354 list($title, $export) = PMA_getListForExportUserDefinition(
355 isset($username) ? $username : null,
356 isset($hostname) ? $hostname : null
359 unset($username, $hostname, $grants, $one_grant);
361 $response = PMA_Response::getInstance();
362 if ($GLOBALS['is_ajax_request']) {
363 $response->addJSON('message', $export);
364 $response->addJSON('title', $title);
365 exit;
366 } else {
367 $response->addHTML("<h2>$title</h2>$export");
371 if (isset($_REQUEST['adduser'])) {
372 // Add user
373 $response->addHTML(
374 PMA_getHtmlForAddUser((isset($dbname) ? $dbname : ''))
376 } elseif (isset($_REQUEST['checkprivsdb'])) {
377 if (isset($_REQUEST['checkprivstable'])) {
378 // check the privileges for a particular table.
379 $response->addHTML(
380 PMA_getHtmlForSpecificTablePrivileges(
381 $_REQUEST['checkprivsdb'], $_REQUEST['checkprivstable']
384 } else {
385 // check the privileges for a particular database.
386 $response->addHTML(
387 PMA_getHtmlForSpecificDbPrivileges($_REQUEST['checkprivsdb'])
390 } else {
391 if (! isset($username)) {
392 // No username is given --> display the overview
393 $response->addHTML(
394 PMA_getHtmlForUserOverview($pmaThemeImage, $text_dir)
396 } else {
397 // A user was selected -> display the user's properties
398 // In an Ajax request, prevent cached values from showing
399 if ($GLOBALS['is_ajax_request'] == true) {
400 header('Cache-Control: no-cache');
402 if (isset($dbname) && ! is_array($dbname)) {
403 $url_dbname = urlencode(
404 str_replace(
405 array('\_', '\%'),
406 array('_', '%'), $_REQUEST['dbname']
410 $response->addHTML(
411 PMA_getHtmlForUserProperties(
412 (isset($dbname_is_wildcard) ? $dbname_is_wildcard : ''),
413 (isset($url_dbname) ? $url_dbname : ''),
414 $username, $hostname,
415 (isset($dbname) ? $dbname : ''),
416 (isset($tablename) ? $tablename : '')
422 if ((isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'server')
423 && $GLOBALS['cfgRelation']['menuswork']
425 $response->addHTML('</div>');