Translated using Weblate (French)
[phpmyadmin.git] / server_privileges.php
blobc095f42a91b725dd5494049d3f896a99fc84964b
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Server privileges and users manipulations
6 * @package PhpMyAdmin
7 */
9 /**
10 * include common file
12 require_once 'libraries/common.inc.php';
14 /**
15 * functions implementation for this script
17 require_once 'libraries/display_change_password.lib.php';
18 require_once 'libraries/server_privileges.lib.php';
19 require_once 'libraries/check_user_privileges.lib.php';
21 $cfgRelation = PMA_getRelationsParam();
23 /**
24 * Does the common work
26 $response = PMA\libraries\Response::getInstance();
27 $header = $response->getHeader();
28 $scripts = $header->getScripts();
29 $scripts->addFile('server_privileges.js');
31 if ((isset($_REQUEST['viewing_mode'])
32 && $_REQUEST['viewing_mode'] == 'server')
33 && $GLOBALS['cfgRelation']['menuswork']
34 ) {
35 include_once 'libraries/server_users.lib.php';
36 $response->addHTML('<div>');
37 $response->addHTML(PMA_getHtmlForSubMenusOnUsersPage('server_privileges.php'));
40 /**
41 * Sets globals from $_POST patterns, for privileges and max_* vars
44 $post_patterns = array(
45 '/_priv$/i',
46 '/^max_/i'
49 PMA_setPostAsGlobal($post_patterns);
51 require 'libraries/server_common.inc.php';
53 /**
54 * Messages are built using the message name
56 $strPrivDescAllPrivileges = __('Includes all privileges except GRANT.');
57 $strPrivDescAlter = __('Allows altering the structure of existing tables.');
58 $strPrivDescAlterRoutine = __('Allows altering and dropping stored routines.');
59 $strPrivDescCreateDb = __('Allows creating new databases and tables.');
60 $strPrivDescCreateRoutine = __('Allows creating stored routines.');
61 $strPrivDescCreateTbl = __('Allows creating new tables.');
62 $strPrivDescCreateTmpTable = __('Allows creating temporary tables.');
63 $strPrivDescCreateUser = __('Allows creating, dropping and renaming user accounts.');
64 $strPrivDescCreateView = __('Allows creating new views.');
65 $strPrivDescDelete = __('Allows deleting data.');
66 $strPrivDescDropDb = __('Allows dropping databases and tables.');
67 $strPrivDescDropTbl = __('Allows dropping tables.');
68 $strPrivDescEvent = __('Allows to set up events for the event scheduler.');
69 $strPrivDescExecute = __('Allows executing stored routines.');
70 $strPrivDescFile = __('Allows importing data from and exporting data into files.');
71 $strPrivDescGrant = __(
72 'Allows adding users and privileges without reloading the privilege tables.'
74 $strPrivDescIndex = __('Allows creating and dropping indexes.');
75 $strPrivDescInsert = __('Allows inserting and replacing data.');
76 $strPrivDescLockTables = __('Allows locking tables for the current thread.');
77 $strPrivDescMaxConnections = __(
78 'Limits the number of new connections the user may open per hour.'
80 $strPrivDescMaxQuestions = __(
81 'Limits the number of queries the user may send to the server per hour.'
83 $strPrivDescMaxUpdates = __(
84 'Limits the number of commands that change any table or database '
85 . 'the user may execute per hour.'
87 $strPrivDescMaxUserConnections = __(
88 'Limits the number of simultaneous connections the user may have.'
90 $strPrivDescProcess = __('Allows viewing processes of all users.');
91 $strPrivDescReferences = __('Has no effect in this MySQL version.');
92 $strPrivDescReload = __(
93 'Allows reloading server settings and flushing the server\'s caches.'
95 $strPrivDescReplClient = __(
96 'Allows the user to ask where the slaves / masters are.'
98 $strPrivDescReplSlave = __('Needed for the replication slaves.');
99 $strPrivDescSelect = __('Allows reading data.');
100 $strPrivDescShowDb = __('Gives access to the complete list of databases.');
101 $strPrivDescShowView = __('Allows performing SHOW CREATE VIEW queries.');
102 $strPrivDescShutdown = __('Allows shutting down the server.');
103 $strPrivDescSuper = __(
104 'Allows connecting, even if maximum number of connections is reached; '
105 . 'required for most administrative operations like setting global variables '
106 . 'or killing threads of other users.'
108 $strPrivDescTrigger = __('Allows creating and dropping triggers.');
109 $strPrivDescUpdate = __('Allows changing data.');
110 $strPrivDescUsage = __('No privileges.');
112 $_add_user_error = false;
114 * Get DB information: username, hostname, dbname,
115 * tablename, db_and_table, dbname_is_wildcard
117 list(
118 $username, $hostname, $dbname, $tablename, $routinename,
119 $db_and_table, $dbname_is_wildcard
120 ) = PMA_getDataForDBInfo();
123 * Checks if the user is allowed to do what he tries to...
125 if (!$GLOBALS['is_superuser'] && !$GLOBALS['is_grantuser']
126 && !$GLOBALS['is_createuser']
128 $response->addHTML(PMA_getHtmlForSubPageHeader('privileges', '', false));
129 $response->addHTML(
130 PMA\libraries\Message::error(__('No Privileges'))
131 ->getDisplay()
133 exit;
137 * Checks if the user is using "Change Login Information / Copy User" dialog
138 * only to update the password
140 if (isset($_REQUEST['change_copy']) && $username == $_REQUEST['old_username']
141 && $hostname == $_REQUEST['old_hostname']
143 $response->addHTML(
144 PMA\libraries\Message::error(
146 "Username and hostname didn't change. "
147 . "If you only want to change the password, "
148 . "'Change password' tab should be used."
150 )->getDisplay()
152 $response->setRequestStatus(false);
153 exit;
157 * Changes / copies a user, part I
159 list($queries, $password) = PMA_getDataForChangeOrCopyUser();
162 * Adds a user
163 * (Changes / copies a user, part II)
165 list($ret_message, $ret_queries, $queries_for_display, $sql_query, $_add_user_error)
166 = PMA_addUser(
167 isset($dbname)? $dbname : null,
168 isset($username)? $username : null,
169 isset($hostname)? $hostname : null,
170 isset($password)? $password : null,
171 $cfgRelation['menuswork']
173 //update the old variables
174 if (isset($ret_queries)) {
175 $queries = $ret_queries;
176 unset($ret_queries);
178 if (isset($ret_message)) {
179 $message = $ret_message;
180 unset($ret_message);
184 * Changes / copies a user, part III
186 if (isset($_REQUEST['change_copy'])) {
187 $queries = PMA_getDbSpecificPrivsQueriesForChangeOrCopyUser(
188 $queries, $username, $hostname
192 $itemType = '';
193 if (! empty($routinename)) {
194 $itemType = PMA_getRoutineType($dbname, $routinename);
198 * Updates privileges
200 if (! empty($_POST['update_privs'])) {
201 if (is_array($dbname)) {
202 foreach ($dbname as $key => $db_name) {
203 list($sql_query[$key], $message) = PMA_updatePrivileges(
204 (isset($username) ? $username : ''),
205 (isset($hostname) ? $hostname : ''),
206 (isset($tablename)
207 ? $tablename
208 : (isset($routinename) ? $routinename : '')),
209 (isset($db_name) ? $db_name : ''),
210 $itemType
214 $sql_query = implode("\n", $sql_query);
215 } else {
216 list($sql_query, $message) = PMA_updatePrivileges(
217 (isset($username) ? $username : ''),
218 (isset($hostname) ? $hostname : ''),
219 (isset($tablename)
220 ? $tablename
221 : (isset($routinename) ? $routinename : '')),
222 (isset($dbname) ? $dbname : ''),
223 $itemType
229 * Assign users to user groups
231 if (! empty($_REQUEST['changeUserGroup']) && $cfgRelation['menuswork']
232 && $GLOBALS['is_superuser'] && $GLOBALS['is_createuser']
234 PMA_setUserGroup($username, $_REQUEST['userGroup']);
235 $message = PMA\libraries\Message::success();
239 * Revokes Privileges
241 if (isset($_REQUEST['revokeall'])) {
242 list ($message, $sql_query) = PMA_getMessageAndSqlQueryForPrivilegesRevoke(
243 (isset($dbname) ? $dbname : ''),
244 (isset($tablename)
245 ? $tablename
246 : (isset($routinename) ? $routinename : '')),
247 $username,
248 $hostname,
249 $itemType
254 * Updates the password
256 if (isset($_REQUEST['change_pw'])) {
257 $message = PMA_updatePassword(
258 $err_url, $username, $hostname
263 * Deletes users
264 * (Changes / copies a user, part IV)
266 if (isset($_REQUEST['delete'])
267 || (isset($_REQUEST['change_copy']) && $_REQUEST['mode'] < 4)
269 include_once 'libraries/relation_cleanup.lib.php';
270 $queries = PMA_getDataForDeleteUsers($queries);
271 if (empty($_REQUEST['change_copy'])) {
272 list($sql_query, $message) = PMA_deleteUser($queries);
277 * Changes / copies a user, part V
279 if (isset($_REQUEST['change_copy'])) {
280 $queries = PMA_getDataForQueries($queries, $queries_for_display);
281 $message = PMA\libraries\Message::success();
282 $sql_query = join("\n", $queries);
286 * Reloads the privilege tables into memory
288 $message_ret = PMA_updateMessageForReload();
289 if (isset($message_ret)) {
290 $message = $message_ret;
291 unset($message_ret);
295 * If we are in an Ajax request for Create User/Edit User/Revoke User/
296 * Flush Privileges, show $message and exit.
298 if ($GLOBALS['is_ajax_request']
299 && empty($_REQUEST['ajax_page_request'])
300 && ! isset($_REQUEST['export'])
301 && (! isset($_REQUEST['submit_mult']) || $_REQUEST['submit_mult'] != 'export')
302 && ((! isset($_REQUEST['initial']) || $_REQUEST['initial'] === null
303 || $_REQUEST['initial'] === '')
304 || (isset($_REQUEST['delete']) && $_REQUEST['delete'] === 'Go'))
305 && ! isset($_REQUEST['showall'])
306 && ! isset($_REQUEST['edit_user_group_dialog'])
307 && ! isset($_REQUEST['db_specific'])
309 $extra_data = PMA_getExtraDataForAjaxBehavior(
310 (isset($password) ? $password : ''),
311 (isset($sql_query) ? $sql_query : ''),
312 (isset($hostname) ? $hostname : ''),
313 (isset($username) ? $username : '')
316 if (! empty($message) && $message instanceof PMA\libraries\Message) {
317 $response = PMA\libraries\Response::getInstance();
318 $response->setRequestStatus($message->isSuccess());
319 $response->addJSON('message', $message);
320 $response->addJSON($extra_data);
321 exit;
326 * Displays the links
328 if (isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'db') {
329 $GLOBALS['db'] = $_REQUEST['db'] = $_REQUEST['checkprivsdb'];
331 $url_query .= '&amp;goto=db_operations.php';
333 // Gets the database structure
334 $sub_part = '_structure';
335 ob_start();
337 list(
338 $tables,
339 $num_tables,
340 $total_num_tables,
341 $sub_part,
342 $is_show_stats,
343 $db_is_system_schema,
344 $tooltip_truename,
345 $tooltip_aliasname,
346 $pos
347 ) = PMA\libraries\Util::getDbInfo($db, isset($sub_part) ? $sub_part : '');
349 $content = ob_get_contents();
350 ob_end_clean();
351 $response->addHTML($content . "\n");
352 } else {
353 if (! empty($GLOBALS['message'])) {
354 $response->addHTML(PMA\libraries\Util::getMessage($GLOBALS['message']));
355 unset($GLOBALS['message']);
360 * Displays the page
362 $response->addHTML(
363 PMA_getHtmlForUserGroupDialog(
364 isset($username)? $username : null,
365 $cfgRelation['menuswork']
369 // export user definition
370 if (isset($_REQUEST['export'])
371 || (isset($_REQUEST['submit_mult']) && $_REQUEST['submit_mult'] == 'export')
373 list($title, $export) = PMA_getListForExportUserDefinition(
374 isset($username) ? $username : null,
375 isset($hostname) ? $hostname : null
378 unset($username, $hostname, $grants, $one_grant);
380 $response = PMA\libraries\Response::getInstance();
381 if ($GLOBALS['is_ajax_request']) {
382 $response->addJSON('message', $export);
383 $response->addJSON('title', $title);
384 exit;
385 } else {
386 $response->addHTML("<h2>$title</h2>$export");
390 if (isset($_REQUEST['adduser'])) {
391 // Add user
392 $response->addHTML(
393 PMA_getHtmlForAddUser((isset($dbname) ? $dbname : ''))
395 } elseif (isset($_REQUEST['checkprivsdb'])) {
396 if (isset($_REQUEST['checkprivstable'])) {
397 // check the privileges for a particular table.
398 $response->addHTML(
399 PMA_getHtmlForSpecificTablePrivileges(
400 $_REQUEST['checkprivsdb'], $_REQUEST['checkprivstable']
403 } else {
404 // check the privileges for a particular database.
405 $response->addHTML(
406 PMA_getHtmlForSpecificDbPrivileges($_REQUEST['checkprivsdb'])
409 } else {
410 if (isset($dbname) && ! is_array($dbname)) {
411 $url_dbname = urlencode(
412 str_replace(
413 array('\_', '\%'),
414 array('_', '%'),
415 $_REQUEST['dbname']
420 if (! isset($username)) {
421 // No username is given --> display the overview
422 $response->addHTML(
423 PMA_getHtmlForUserOverview($pmaThemeImage, $text_dir)
425 } else if (!empty($routinename)) {
426 $response->addHTML(
427 PMA_getHtmlForRoutineSpecificPrivilges(
428 $username, $hostname, $dbname, $routinename,
429 (isset($url_dbname) ? $url_dbname : '')
432 } else {
433 // A user was selected -> display the user's properties
434 // In an Ajax request, prevent cached values from showing
435 if ($GLOBALS['is_ajax_request'] == true) {
436 header('Cache-Control: no-cache');
439 $response->addHTML(
440 PMA_getHtmlForUserProperties(
441 (isset($dbname_is_wildcard) ? $dbname_is_wildcard : ''),
442 (isset($url_dbname) ? $url_dbname : ''),
443 $username, $hostname,
444 (isset($dbname) ? $dbname : ''),
445 (isset($tablename) ? $tablename : '')
451 if ((isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'server')
452 && $GLOBALS['cfgRelation']['menuswork']
454 $response->addHTML('</div>');