server_privileges.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * Server privileges and users manipulations
   5  *
   6  * @package PhpMyAdmin
   7  */
   8
   9 /**
  10  * include common file
  11  */
  12 require_once 'libraries/common.inc.php';
  13
  14 /**
  15  * functions implementation for this script
  16  */
  17 require_once 'libraries/display_change_password.lib.php';
  18 require_once 'libraries/server_privileges.lib.php';
  19
  20 $cfgRelation = PMA_getRelationsParam();
  21
  22 /**
  23  * Does the common work
  24  */
  25 $response = PMA\libraries\Response::getInstance();
  26 $header   = $response->getHeader();
  27 $scripts  = $header->getScripts();
  28 $scripts->addFile('server_privileges.js');
  29
  30 if ((isset($_REQUEST['viewing_mode'])
  31     && $_REQUEST['viewing_mode'] == 'server')
  32     && $GLOBALS['cfgRelation']['menuswork']
  33 ) {
  34     include_once 'libraries/server_users.lib.php';
  35     $response->addHTML('<div>');
  36     $response->addHTML(PMA_getHtmlForSubMenusOnUsersPage('server_privileges.php'));
  37 }
  38
  39 /**
  40  * Sets globals from $_POST patterns, for privileges and max_* vars
  41  */
  42
  43 $post_patterns = array(
  44     '/_priv$/i',
  45     '/^max_/i'
  46 );
  47
  48 PMA_setPostAsGlobal($post_patterns);
  49
  50 require 'libraries/server_common.inc.php';
  51
  52 /**
  53  * Messages are built using the message name
  54  */
  55 $strPrivDescAllPrivileges = __('Includes all privileges except GRANT.');
  56 $strPrivDescAlter = __('Allows altering the structure of existing tables.');
  57 $strPrivDescAlterRoutine = __('Allows altering and dropping stored routines.');
  58 $strPrivDescCreateDb = __('Allows creating new databases and tables.');
  59 $strPrivDescCreateRoutine = __('Allows creating stored routines.');
  60 $strPrivDescCreateTbl = __('Allows creating new tables.');
  61 $strPrivDescCreateTmpTable = __('Allows creating temporary tables.');
  62 $strPrivDescCreateUser = __('Allows creating, dropping and renaming user accounts.');
  63 $strPrivDescCreateView = __('Allows creating new views.');
  64 $strPrivDescDelete = __('Allows deleting data.');
  65 $strPrivDescDropDb = __('Allows dropping databases and tables.');
  66 $strPrivDescDropTbl = __('Allows dropping tables.');
  67 $strPrivDescEvent = __('Allows to set up events for the event scheduler.');
  68 $strPrivDescExecute = __('Allows executing stored routines.');
  69 $strPrivDescFile = __('Allows importing data from and exporting data into files.');
  70 $strPrivDescGrant = __(
  71     'Allows adding users and privileges without reloading the privilege tables.'
  72 );
  73 $strPrivDescIndex = __('Allows creating and dropping indexes.');
  74 $strPrivDescInsert = __('Allows inserting and replacing data.');
  75 $strPrivDescLockTables = __('Allows locking tables for the current thread.');
  76 $strPrivDescMaxConnections = __(
  77     'Limits the number of new connections the user may open per hour.'
  78 );
  79 $strPrivDescMaxQuestions = __(
  80     'Limits the number of queries the user may send to the server per hour.'
  81 );
  82 $strPrivDescMaxUpdates = __(
  83     'Limits the number of commands that change any table or database '
  84     . 'the user may execute per hour.'
  85 );
  86 $strPrivDescMaxUserConnections = __(
  87     'Limits the number of simultaneous connections the user may have.'
  88 );
  89 $strPrivDescProcess = __('Allows viewing processes of all users.');
  90 $strPrivDescReferences = __('Has no effect in this MySQL version.');
  91 $strPrivDescReload = __(
  92     'Allows reloading server settings and flushing the server\'s caches.'
  93 );
  94 $strPrivDescReplClient = __(
  95     'Allows the user to ask where the slaves / masters are.'
  96 );
  97 $strPrivDescReplSlave = __('Needed for the replication slaves.');
  98 $strPrivDescSelect = __('Allows reading data.');
  99 $strPrivDescShowDb = __('Gives access to the complete list of databases.');
 100 $strPrivDescShowView = __('Allows performing SHOW CREATE VIEW queries.');
 101 $strPrivDescShutdown = __('Allows shutting down the server.');
 102 $strPrivDescSuper = __(
 103     'Allows connecting, even if maximum number of connections is reached; '
 104     . 'required for most administrative operations like setting global variables '
 105     . 'or killing threads of other users.'
 106 );
 107 $strPrivDescTrigger = __('Allows creating and dropping triggers.');
 108 $strPrivDescUpdate = __('Allows changing data.');
 109 $strPrivDescUsage = __('No privileges.');
 110
 111 $_add_user_error = false;
 112 /**
 113  * Get DB information: username, hostname, dbname,
 114  * tablename, db_and_table, dbname_is_wildcard
 115  */
 116 list(
 117     $username, $hostname, $dbname, $tablename, $routinename,
 118     $db_and_table, $dbname_is_wildcard
 119 ) = PMA_getDataForDBInfo();
 120
 121 /**
 122  * Checks if the user is allowed to do what he tries to...
 123  */
 124 if (!$GLOBALS['is_superuser'] && !$GLOBALS['is_grantuser']
 125     && !$GLOBALS['is_createuser']
 126 ) {
 127     $response->addHTML(PMA_getHtmlForSubPageHeader('privileges', '', false));
 128     $response->addHTML(
 129         PMA\libraries\Message::error(__('No Privileges'))
 130             ->getDisplay()
 131     );
 132     exit;
 133 }
 134
 135 /**
 136  * Checks if the user is using "Change Login Information / Copy User" dialog
 137  * only to update the password
 138  */
 139 if (isset($_REQUEST['change_copy']) && $username == $_REQUEST['old_username']
 140     && $hostname == $_REQUEST['old_hostname']
 141 ) {
 142     $response->addHTML(
 143         PMA\libraries\Message::error(
 144             __(
 145                 "Username and hostname didn't change. "
 146                 . "If you only want to change the password, "
 147                 . "'Change password' tab should be used."
 148             )
 149         )->getDisplay()
 150     );
 151     $response->setRequestStatus(false);
 152     exit;
 153 }
 154
 155 /**
 156  * Changes / copies a user, part I
 157  */
 158 list($queries, $password) = PMA_getDataForChangeOrCopyUser();
 159
 160 /**
 161  * Adds a user
 162  *   (Changes / copies a user, part II)
 163  */
 164 list($ret_message, $ret_queries, $queries_for_display, $sql_query, $_add_user_error)
 165     = PMA_addUser(
 166         isset($dbname)? $dbname : null,
 167         isset($username)? $username : null,
 168         isset($hostname)? $hostname : null,
 169         isset($password)? $password : null,
 170         $cfgRelation['menuswork']
 171     );
 172 //update the old variables
 173 if (isset($ret_queries)) {
 174     $queries = $ret_queries;
 175     unset($ret_queries);
 176 }
 177 if (isset($ret_message)) {
 178     $message = $ret_message;
 179     unset($ret_message);
 180 }
 181
 182 /**
 183  * Changes / copies a user, part III
 184  */
 185 if (isset($_REQUEST['change_copy'])) {
 186     $queries = PMA_getDbSpecificPrivsQueriesForChangeOrCopyUser(
 187         $queries, $username, $hostname
 188     );
 189 }
 190
 191 $itemType = '';
 192 if (! empty($routinename)) {
 193     $itemType = PMA_getRoutineType($dbname, $routinename);
 194 }
 195
 196 /**
 197  * Updates privileges
 198  */
 199 if (! empty($_POST['update_privs'])) {
 200     if (is_array($dbname)) {
 201         foreach ($dbname as $key => $db_name) {
 202             list($sql_query[$key], $message) = PMA_updatePrivileges(
 203                 (isset($username) ? $username : ''),
 204                 (isset($hostname) ? $hostname : ''),
 205                 (isset($tablename)
 206                     ? $tablename
 207                     : (isset($routinename) ? $routinename : '')),
 208                 (isset($db_name) ? $db_name : ''),
 209                 $itemType
 210             );
 211         }
 212
 213         $sql_query = implode("\n", $sql_query);
 214     } else {
 215         list($sql_query, $message) = PMA_updatePrivileges(
 216             (isset($username) ? $username : ''),
 217             (isset($hostname) ? $hostname : ''),
 218             (isset($tablename)
 219                 ? $tablename
 220                 : (isset($routinename) ? $routinename : '')),
 221             (isset($dbname) ? $dbname : ''),
 222             $itemType
 223         );
 224     }
 225 }
 226
 227 /**
 228  * Assign users to user groups
 229  */
 230 if (! empty($_REQUEST['changeUserGroup']) && $cfgRelation['menuswork']
 231     && $GLOBALS['is_superuser'] && $GLOBALS['is_createuser']
 232 ) {
 233     PMA_setUserGroup($username, $_REQUEST['userGroup']);
 234     $message = PMA\libraries\Message::success();
 235 }
 236
 237 /**
 238  * Revokes Privileges
 239  */
 240 if (isset($_REQUEST['revokeall'])) {
 241     list ($message, $sql_query) = PMA_getMessageAndSqlQueryForPrivilegesRevoke(
 242         (isset($dbname) ? $dbname : ''),
 243         (isset($tablename)
 244             ? $tablename
 245             : (isset($routinename) ? $routinename : '')),
 246         $username,
 247         $hostname,
 248         $itemType
 249     );
 250 }
 251
 252 /**
 253  * Updates the password
 254  */
 255 if (isset($_REQUEST['change_pw'])) {
 256     $message = PMA_updatePassword(
 257         $err_url, $username, $hostname
 258     );
 259 }
 260
 261 /**
 262  * Deletes users
 263  *   (Changes / copies a user, part IV)
 264  */
 265 if (isset($_REQUEST['delete'])
 266     || (isset($_REQUEST['change_copy']) && $_REQUEST['mode'] < 4)
 267 ) {
 268     include_once 'libraries/relation_cleanup.lib.php';
 269     $queries = PMA_getDataForDeleteUsers($queries);
 270     if (empty($_REQUEST['change_copy'])) {
 271         list($sql_query, $message) = PMA_deleteUser($queries);
 272     }
 273 }
 274
 275 /**
 276  * Changes / copies a user, part V
 277  */
 278 if (isset($_REQUEST['change_copy'])) {
 279     $queries = PMA_getDataForQueries($queries, $queries_for_display);
 280     $message = PMA\libraries\Message::success();
 281     $sql_query = join("\n", $queries);
 282 }
 283
 284 /**
 285  * Reloads the privilege tables into memory
 286  */
 287 $message_ret = PMA_updateMessageForReload();
 288 if (isset($message_ret)) {
 289     $message = $message_ret;
 290     unset($message_ret);
 291 }
 292
 293 /**
 294  * If we are in an Ajax request for Create User/Edit User/Revoke User/
 295  * Flush Privileges, show $message and exit.
 296  */
 297 if ($GLOBALS['is_ajax_request']
 298     && empty($_REQUEST['ajax_page_request'])
 299     && ! isset($_REQUEST['export'])
 300     && (! isset($_REQUEST['submit_mult']) || $_REQUEST['submit_mult'] != 'export')
 301     && ((! isset($_REQUEST['initial']) || $_REQUEST['initial'] === null
 302     || $_REQUEST['initial'] === '')
 303     || (isset($_REQUEST['delete']) && $_REQUEST['delete'] === 'Go'))
 304     && ! isset($_REQUEST['showall'])
 305     && ! isset($_REQUEST['edit_user_group_dialog'])
 306     && ! isset($_REQUEST['db_specific'])
 307 ) {
 308     $extra_data = PMA_getExtraDataForAjaxBehavior(
 309         (isset($password) ? $password : ''),
 310         (isset($sql_query) ? $sql_query : ''),
 311         (isset($hostname) ? $hostname : ''),
 312         (isset($username) ? $username : '')
 313     );
 314
 315     if (! empty($message) && $message instanceof PMA\libraries\Message) {
 316         $response = PMA\libraries\Response::getInstance();
 317         $response->setRequestStatus($message->isSuccess());
 318         $response->addJSON('message', $message);
 319         $response->addJSON($extra_data);
 320         exit;
 321     }
 322 }
 323
 324 /**
 325  * Displays the links
 326  */
 327 if (isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'db') {
 328     $GLOBALS['db'] = $_REQUEST['db'] = $_REQUEST['checkprivsdb'];
 329
 330     $url_query .= '&amp;goto=db_operations.php';
 331
 332     // Gets the database structure
 333     $sub_part = '_structure';
 334     ob_start();
 335
 336     list(
 337         $tables,
 338         $num_tables,
 339         $total_num_tables,
 340         $sub_part,
 341         $is_show_stats,
 342         $db_is_system_schema,
 343         $tooltip_truename,
 344         $tooltip_aliasname,
 345         $pos
 346     ) = PMA\libraries\Util::getDbInfo($db, isset($sub_part) ? $sub_part : '');
 347
 348     $content = ob_get_contents();
 349     ob_end_clean();
 350     $response->addHTML($content . "\n");
 351 } else {
 352     if (! empty($GLOBALS['message'])) {
 353         $response->addHTML(PMA\libraries\Util::getMessage($GLOBALS['message']));
 354         unset($GLOBALS['message']);
 355     }
 356 }
 357
 358 /**
 359  * Displays the page
 360  */
 361 $response->addHTML(
 362     PMA_getHtmlForUserGroupDialog(
 363         isset($username)? $username : null,
 364         $cfgRelation['menuswork']
 365     )
 366 );
 367
 368 // export user definition
 369 if (isset($_REQUEST['export'])
 370     || (isset($_REQUEST['submit_mult']) && $_REQUEST['submit_mult'] == 'export')
 371 ) {
 372     list($title, $export) = PMA_getListForExportUserDefinition(
 373         isset($username) ? $username : null,
 374         isset($hostname) ? $hostname : null
 375     );
 376
 377     unset($username, $hostname, $grants, $one_grant);
 378
 379     $response = PMA\libraries\Response::getInstance();
 380     if ($GLOBALS['is_ajax_request']) {
 381         $response->addJSON('message', $export);
 382         $response->addJSON('title', $title);
 383         exit;
 384     } else {
 385         $response->addHTML("<h2>$title</h2>$export");
 386     }
 387 }
 388
 389 if (isset($_REQUEST['adduser'])) {
 390     // Add user
 391     $response->addHTML(
 392         PMA_getHtmlForAddUser((isset($dbname) ? $dbname : ''))
 393     );
 394 } elseif (isset($_REQUEST['checkprivsdb'])) {
 395     if (isset($_REQUEST['checkprivstable'])) {
 396         // check the privileges for a particular table.
 397         $response->addHTML(
 398             PMA_getHtmlForSpecificTablePrivileges(
 399                 $_REQUEST['checkprivsdb'], $_REQUEST['checkprivstable']
 400             )
 401         );
 402     } else {
 403         // check the privileges for a particular database.
 404         $response->addHTML(
 405             PMA_getHtmlForSpecificDbPrivileges($_REQUEST['checkprivsdb'])
 406         );
 407     }
 408 } else {
 409     if (isset($dbname) && ! is_array($dbname)) {
 410         $url_dbname = urlencode(
 411             str_replace(
 412                 array('\_', '\%'),
 413                 array('_', '%'),
 414                 $_REQUEST['dbname']
 415             )
 416         );
 417     }
 418
 419     if (! isset($username)) {
 420         // No username is given --> display the overview
 421         $response->addHTML(
 422             PMA_getHtmlForUserOverview($pmaThemeImage, $text_dir)
 423         );
 424     } else if (!empty($routinename)) {
 425         $response->addHTML(
 426             PMA_getHtmlForRoutineSpecificPrivilges(
 427                 $username, $hostname, $dbname, $routinename,
 428                 (isset($url_dbname) ? $url_dbname : '')
 429             )
 430         );
 431     } else {
 432         // A user was selected -> display the user's properties
 433         // In an Ajax request, prevent cached values from showing
 434         if ($GLOBALS['is_ajax_request'] == true) {
 435             header('Cache-Control: no-cache');
 436         }
 437
 438         $response->addHTML(
 439             PMA_getHtmlForUserProperties(
 440                 (isset($dbname_is_wildcard) ? $dbname_is_wildcard : ''),
 441                 (isset($url_dbname) ? $url_dbname : ''),
 442                 $username, $hostname,
 443                 (isset($dbname) ? $dbname : ''),
 444                 (isset($tablename) ? $tablename : '')
 445             )
 446         );
 447     }
 448 }
 449
 450 if ((isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'server')
 451     && $GLOBALS['cfgRelation']['menuswork']
 452 ) {
 453     $response->addHTML('</div>');
 454 }