Translated using Weblate (Chinese (Traditional))
[phpmyadmin.git] / server_privileges.php
blob2d5bf64427c8442a2b1432bd3a9ea83834beda26
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Server privileges and users manipulations
6 * @package PhpMyAdmin
7 */
9 use PhpMyAdmin\Core;
10 use PhpMyAdmin\Message;
11 use PhpMyAdmin\Relation;
12 use PhpMyAdmin\Response;
13 use PhpMyAdmin\Server\Common;
14 use PhpMyAdmin\Server\Privileges;
15 use PhpMyAdmin\Server\Users;
16 use PhpMyAdmin\Template;
18 /**
19 * include common file
21 require_once 'libraries/common.inc.php';
23 /**
24 * functions implementation for this script
26 require_once 'libraries/check_user_privileges.inc.php';
28 $relation = new Relation();
29 $cfgRelation = $relation->getRelationsParam();
31 /**
32 * Does the common work
34 $response = Response::getInstance();
35 $header = $response->getHeader();
36 $scripts = $header->getScripts();
37 $scripts->addFile('server_privileges.js');
38 $scripts->addFile('vendor/zxcvbn.js');
40 if ((isset($_GET['viewing_mode'])
41 && $_GET['viewing_mode'] == 'server')
42 && $GLOBALS['cfgRelation']['menuswork']
43 ) {
44 $response->addHTML('<div>');
45 $response->addHTML(Users::getHtmlForSubMenusOnUsersPage('server_privileges.php'));
48 /**
49 * Sets globals from $_POST patterns, for privileges and max_* vars
52 $post_patterns = array(
53 '/_priv$/i',
54 '/^max_/i'
57 Core::setPostAsGlobal($post_patterns);
59 require 'libraries/server_common.inc.php';
61 /**
62 * Messages are built using the message name
64 $strPrivDescAllPrivileges = __('Includes all privileges except GRANT.');
65 $strPrivDescAlter = __('Allows altering the structure of existing tables.');
66 $strPrivDescAlterRoutine = __('Allows altering and dropping stored routines.');
67 $strPrivDescCreateDb = __('Allows creating new databases and tables.');
68 $strPrivDescCreateRoutine = __('Allows creating stored routines.');
69 $strPrivDescCreateTbl = __('Allows creating new tables.');
70 $strPrivDescCreateTmpTable = __('Allows creating temporary tables.');
71 $strPrivDescCreateUser = __('Allows creating, dropping and renaming user accounts.');
72 $strPrivDescCreateView = __('Allows creating new views.');
73 $strPrivDescDelete = __('Allows deleting data.');
74 $strPrivDescDropDb = __('Allows dropping databases and tables.');
75 $strPrivDescDropTbl = __('Allows dropping tables.');
76 $strPrivDescEvent = __('Allows to set up events for the event scheduler.');
77 $strPrivDescExecute = __('Allows executing stored routines.');
78 $strPrivDescFile = __('Allows importing data from and exporting data into files.');
79 $strPrivDescGrantTbl = __(
80 'Allows user to give to other users or remove from other users the privileges '
81 . 'that user possess yourself.'
83 $strPrivDescIndex = __('Allows creating and dropping indexes.');
84 $strPrivDescInsert = __('Allows inserting and replacing data.');
85 $strPrivDescLockTables = __('Allows locking tables for the current thread.');
86 $strPrivDescMaxConnections = __(
87 'Limits the number of new connections the user may open per hour.'
89 $strPrivDescMaxQuestions = __(
90 'Limits the number of queries the user may send to the server per hour.'
92 $strPrivDescMaxUpdates = __(
93 'Limits the number of commands that change any table or database '
94 . 'the user may execute per hour.'
96 $strPrivDescMaxUserConnections = __(
97 'Limits the number of simultaneous connections the user may have.'
99 $strPrivDescProcess = __('Allows viewing processes of all users.');
100 $strPrivDescReferences = __('Has no effect in this MySQL version.');
101 $strPrivDescReload = __(
102 'Allows reloading server settings and flushing the server\'s caches.'
104 $strPrivDescReplClient = __(
105 'Allows the user to ask where the slaves / masters are.'
107 $strPrivDescReplSlave = __('Needed for the replication slaves.');
108 $strPrivDescSelect = __('Allows reading data.');
109 $strPrivDescShowDb = __('Gives access to the complete list of databases.');
110 $strPrivDescShowView = __('Allows performing SHOW CREATE VIEW queries.');
111 $strPrivDescShutdown = __('Allows shutting down the server.');
112 $strPrivDescSuper = __(
113 'Allows connecting, even if maximum number of connections is reached; '
114 . 'required for most administrative operations like setting global variables '
115 . 'or killing threads of other users.'
117 $strPrivDescTrigger = __('Allows creating and dropping triggers.');
118 $strPrivDescUpdate = __('Allows changing data.');
119 $strPrivDescUsage = __('No privileges.');
121 $_add_user_error = false;
123 * Get DB information: username, hostname, dbname,
124 * tablename, db_and_table, dbname_is_wildcard
126 list(
127 $username, $hostname, $dbname, $tablename, $routinename,
128 $db_and_table, $dbname_is_wildcard
129 ) = Privileges::getDataForDBInfo();
132 * Checks if the user is allowed to do what he tries to...
134 if (!$GLOBALS['dbi']->isSuperuser() && !$GLOBALS['is_grantuser']
135 && !$GLOBALS['is_createuser']
137 $response->addHTML(
138 Template::get('server/sub_page_header')->render([
139 'type' => 'privileges',
140 'is_image' => false,
143 $response->addHTML(
144 Message::error(__('No Privileges'))
145 ->getDisplay()
147 exit;
149 if (! $GLOBALS['is_grantuser'] && !$GLOBALS['is_createuser']) {
150 $response->addHTML(Message::notice(
151 __('You do not have privileges to manipulate with the users!')
152 )->getDisplay());
156 * Checks if the user is using "Change Login Information / Copy User" dialog
157 * only to update the password
159 if (isset($_POST['change_copy']) && $username == $_POST['old_username']
160 && $hostname == $_POST['old_hostname']
162 $response->addHTML(
163 Message::error(
165 "Username and hostname didn't change. "
166 . "If you only want to change the password, "
167 . "'Change password' tab should be used."
169 )->getDisplay()
171 $response->setRequestStatus(false);
172 exit;
176 * Changes / copies a user, part I
178 list($queries, $password) = Privileges::getDataForChangeOrCopyUser();
181 * Adds a user
182 * (Changes / copies a user, part II)
184 list($ret_message, $ret_queries, $queries_for_display, $sql_query, $_add_user_error)
185 = Privileges::addUser(
186 isset($dbname)? $dbname : null,
187 isset($username)? $username : null,
188 isset($hostname)? $hostname : null,
189 isset($password)? $password : null,
190 $cfgRelation['menuswork']
192 //update the old variables
193 if (isset($ret_queries)) {
194 $queries = $ret_queries;
195 unset($ret_queries);
197 if (isset($ret_message)) {
198 $message = $ret_message;
199 unset($ret_message);
203 * Changes / copies a user, part III
205 if (isset($_POST['change_copy'])) {
206 $queries = Privileges::getDbSpecificPrivsQueriesForChangeOrCopyUser(
207 $queries, $username, $hostname
211 $itemType = '';
212 if (! empty($routinename)) {
213 $itemType = Privileges::getRoutineType($dbname, $routinename);
217 * Updates privileges
219 if (! empty($_POST['update_privs'])) {
220 if (is_array($dbname)) {
221 foreach ($dbname as $key => $db_name) {
222 list($sql_query[$key], $message) = Privileges::updatePrivileges(
223 (isset($username) ? $username : ''),
224 (isset($hostname) ? $hostname : ''),
225 (isset($tablename)
226 ? $tablename
227 : (isset($routinename) ? $routinename : '')),
228 (isset($db_name) ? $db_name : ''),
229 $itemType
233 $sql_query = implode("\n", $sql_query);
234 } else {
235 list($sql_query, $message) = Privileges::updatePrivileges(
236 (isset($username) ? $username : ''),
237 (isset($hostname) ? $hostname : ''),
238 (isset($tablename)
239 ? $tablename
240 : (isset($routinename) ? $routinename : '')),
241 (isset($dbname) ? $dbname : ''),
242 $itemType
248 * Assign users to user groups
250 if (! empty($_POST['changeUserGroup']) && $cfgRelation['menuswork']
251 && $GLOBALS['dbi']->isSuperuser() && $GLOBALS['is_createuser']
253 Privileges::setUserGroup($username, $_POST['userGroup']);
254 $message = Message::success();
258 * Revokes Privileges
260 if (isset($_POST['revokeall'])) {
261 list ($message, $sql_query) = Privileges::getMessageAndSqlQueryForPrivilegesRevoke(
262 (isset($dbname) ? $dbname : ''),
263 (isset($tablename)
264 ? $tablename
265 : (isset($routinename) ? $routinename : '')),
266 $username,
267 $hostname,
268 $itemType
273 * Updates the password
275 if (isset($_POST['change_pw'])) {
276 $message = Privileges::updatePassword(
277 $err_url, $username, $hostname
282 * Deletes users
283 * (Changes / copies a user, part IV)
285 if (isset($_POST['delete'])
286 || (isset($_POST['change_copy']) && $_POST['mode'] < 4)
288 $queries = Privileges::getDataForDeleteUsers($queries);
289 if (empty($_POST['change_copy'])) {
290 list($sql_query, $message) = Privileges::deleteUser($queries);
295 * Changes / copies a user, part V
297 if (isset($_POST['change_copy'])) {
298 $queries = Privileges::getDataForQueries($queries, $queries_for_display);
299 $message = Message::success();
300 $sql_query = join("\n", $queries);
304 * Reloads the privilege tables into memory
306 $message_ret = Privileges::updateMessageForReload();
307 if (isset($message_ret)) {
308 $message = $message_ret;
309 unset($message_ret);
313 * If we are in an Ajax request for Create User/Edit User/Revoke User/
314 * Flush Privileges, show $message and exit.
316 if ($response->isAjax()
317 && empty($_REQUEST['ajax_page_request'])
318 && ! isset($_GET['export'])
319 && (! isset($_POST['submit_mult']) || $_POST['submit_mult'] != 'export')
320 && ((! isset($_GET['initial']) || $_GET['initial'] === null
321 || $_GET['initial'] === '')
322 || (isset($_POST['delete']) && $_POST['delete'] === __('Go')))
323 && ! isset($_GET['showall'])
324 && ! isset($_GET['edit_user_group_dialog'])
326 $extra_data = Privileges::getExtraDataForAjaxBehavior(
327 (isset($password) ? $password : ''),
328 (isset($sql_query) ? $sql_query : ''),
329 (isset($hostname) ? $hostname : ''),
330 (isset($username) ? $username : '')
333 if (! empty($message) && $message instanceof Message) {
334 $response->setRequestStatus($message->isSuccess());
335 $response->addJSON('message', $message);
336 $response->addJSON($extra_data);
337 exit;
342 * Displays the links
344 if (isset($_GET['viewing_mode']) && $_GET['viewing_mode'] == 'db') {
345 $GLOBALS['db'] = $_REQUEST['db'] = $_GET['checkprivsdb'];
347 $url_query .= '&amp;goto=db_operations.php';
349 // Gets the database structure
350 $sub_part = '_structure';
351 ob_start();
353 list(
354 $tables,
355 $num_tables,
356 $total_num_tables,
357 $sub_part,
358 $is_show_stats,
359 $db_is_system_schema,
360 $tooltip_truename,
361 $tooltip_aliasname,
362 $pos
363 ) = PhpMyAdmin\Util::getDbInfo($db, isset($sub_part) ? $sub_part : '');
365 $content = ob_get_contents();
366 ob_end_clean();
367 $response->addHTML($content . "\n");
368 } else {
369 if (! empty($GLOBALS['message'])) {
370 $response->addHTML(PhpMyAdmin\Util::getMessage($GLOBALS['message']));
371 unset($GLOBALS['message']);
376 * Displays the page
378 $response->addHTML(
379 Privileges::getHtmlForUserGroupDialog(
380 isset($username)? $username : null,
381 $cfgRelation['menuswork']
385 // export user definition
386 if (isset($_GET['export'])
387 || (isset($_POST['submit_mult']) && $_POST['submit_mult'] == 'export')
389 list($title, $export) = Privileges::getListForExportUserDefinition(
390 isset($username) ? $username : null,
391 isset($hostname) ? $hostname : null
394 unset($username, $hostname, $grants, $one_grant);
396 if ($response->isAjax()) {
397 $response->addJSON('message', $export);
398 $response->addJSON('title', $title);
399 exit;
400 } else {
401 $response->addHTML("<h2>$title</h2>$export");
405 if (isset($_GET['adduser'])) {
406 // Add user
407 $response->addHTML(
408 Privileges::getHtmlForAddUser((isset($dbname) ? $dbname : ''))
410 } elseif (isset($_GET['checkprivsdb'])) {
411 if (isset($_GET['checkprivstable'])) {
412 // check the privileges for a particular table.
413 $response->addHTML(
414 Privileges::getHtmlForSpecificTablePrivileges(
415 $_GET['checkprivsdb'], $_GET['checkprivstable']
418 } else {
419 // check the privileges for a particular database.
420 $response->addHTML(
421 Privileges::getHtmlForSpecificDbPrivileges($_GET['checkprivsdb'])
424 } else {
425 if (isset($dbname) && ! is_array($dbname)) {
426 $url_dbname = urlencode(
427 str_replace(
428 array('\_', '\%'),
429 array('_', '%'),
430 $dbname
435 if (! isset($username)) {
436 // No username is given --> display the overview
437 $response->addHTML(
438 Privileges::getHtmlForUserOverview($pmaThemeImage, $text_dir)
440 } elseif (!empty($routinename)) {
441 $response->addHTML(
442 Privileges::getHtmlForRoutineSpecificPrivileges(
443 $username, $hostname, $dbname, $routinename,
444 (isset($url_dbname) ? $url_dbname : '')
447 } else {
448 // A user was selected -> display the user's properties
449 // In an Ajax request, prevent cached values from showing
450 if ($response->isAjax()) {
451 header('Cache-Control: no-cache');
454 $response->addHTML(
455 Privileges::getHtmlForUserProperties(
456 (isset($dbname_is_wildcard) ? $dbname_is_wildcard : ''),
457 (isset($url_dbname) ? $url_dbname : ''),
458 $username, $hostname,
459 (isset($dbname) ? $dbname : ''),
460 (isset($tablename) ? $tablename : '')
466 if ((isset($_GET['viewing_mode']) && $_GET['viewing_mode'] == 'server')
467 && $GLOBALS['cfgRelation']['menuswork']
469 $response->addHTML('</div>');