2 /* vim: set expandtab sw=4 ts=4 sts=4: */
4 * Server privileges and users manipulations
8 declare(strict_types
=1);
10 use PhpMyAdmin\CheckUserPrivileges
;
12 use PhpMyAdmin\DatabaseInterface
;
13 use PhpMyAdmin\Message
;
14 use PhpMyAdmin\Relation
;
15 use PhpMyAdmin\RelationCleanup
;
16 use PhpMyAdmin\Response
;
17 use PhpMyAdmin\Server\Privileges
;
18 use PhpMyAdmin\Server\Users
;
19 use PhpMyAdmin\Template
;
21 if (! defined('ROOT_PATH')) {
22 define('ROOT_PATH', __DIR__
. DIRECTORY_SEPARATOR
);
25 global $db, $pmaThemeImage, $text_dir, $url_query;
27 require_once ROOT_PATH
. 'libraries/common.inc.php';
29 /** @var Response $response */
30 $response = $containerBuilder->get(Response
::class);
32 /** @var DatabaseInterface $dbi */
33 $dbi = $containerBuilder->get(DatabaseInterface
::class);
35 $checkUserPrivileges = new CheckUserPrivileges($dbi);
36 $checkUserPrivileges->getPrivileges();
38 /** @var Relation $relation */
39 $relation = $containerBuilder->get('relation');
40 $cfgRelation = $relation->getRelationsParam();
43 * Does the common work
45 $header = $response->getHeader();
46 $scripts = $header->getScripts();
47 $scripts->addFile('server/privileges.js');
48 $scripts->addFile('vendor/zxcvbn.js');
50 /** @var Template $template */
51 $template = $containerBuilder->get('template');
52 $relationCleanup = new RelationCleanup($dbi, $relation);
53 $serverPrivileges = new Privileges($template, $dbi, $relation, $relationCleanup);
55 if ((isset($_GET['viewing_mode'])
56 && $_GET['viewing_mode'] == 'server')
57 && $GLOBALS['cfgRelation']['menuswork']
59 $response->addHTML('<div>');
60 $response->addHTML(Users
::getHtmlForSubMenusOnUsersPage('server_privileges.php'));
64 * Sets globals from $_POST patterns, for privileges and max_* vars
72 Core
::setPostAsGlobal($post_patterns);
74 require ROOT_PATH
. 'libraries/server_common.inc.php';
77 * Messages are built using the message name
79 $strPrivDescAllPrivileges = __('Includes all privileges except GRANT.');
80 $strPrivDescAlter = __('Allows altering the structure of existing tables.');
81 $strPrivDescAlterRoutine = __('Allows altering and dropping stored routines.');
82 $strPrivDescCreateDb = __('Allows creating new databases and tables.');
83 $strPrivDescCreateRoutine = __('Allows creating stored routines.');
84 $strPrivDescCreateTbl = __('Allows creating new tables.');
85 $strPrivDescCreateTmpTable = __('Allows creating temporary tables.');
86 $strPrivDescCreateUser = __('Allows creating, dropping and renaming user accounts.');
87 $strPrivDescCreateView = __('Allows creating new views.');
88 $strPrivDescDelete = __('Allows deleting data.');
89 $strPrivDescDeleteHistoricalRows = __('Allows deleting historical rows.');
90 $strPrivDescDropDb = __('Allows dropping databases and tables.');
91 $strPrivDescDropTbl = __('Allows dropping tables.');
92 $strPrivDescEvent = __('Allows to set up events for the event scheduler.');
93 $strPrivDescExecute = __('Allows executing stored routines.');
94 $strPrivDescFile = __('Allows importing data from and exporting data into files.');
95 $strPrivDescGrantTbl = __(
96 'Allows user to give to other users or remove from other users the privileges '
97 . 'that user possess yourself.'
99 $strPrivDescIndex = __('Allows creating and dropping indexes.');
100 $strPrivDescInsert = __('Allows inserting and replacing data.');
101 $strPrivDescLockTables = __('Allows locking tables for the current thread.');
102 $strPrivDescMaxConnections = __(
103 'Limits the number of new connections the user may open per hour.'
105 $strPrivDescMaxQuestions = __(
106 'Limits the number of queries the user may send to the server per hour.'
108 $strPrivDescMaxUpdates = __(
109 'Limits the number of commands that change any table or database '
110 . 'the user may execute per hour.'
112 $strPrivDescMaxUserConnections = __(
113 'Limits the number of simultaneous connections the user may have.'
115 $strPrivDescProcess = __('Allows viewing processes of all users.');
116 $strPrivDescReferences = __('Has no effect in this MySQL version.');
117 $strPrivDescReload = __(
118 'Allows reloading server settings and flushing the server\'s caches.'
120 $strPrivDescReplClient = __(
121 'Allows the user to ask where the slaves / masters are.'
123 $strPrivDescReplSlave = __('Needed for the replication slaves.');
124 $strPrivDescSelect = __('Allows reading data.');
125 $strPrivDescShowDb = __('Gives access to the complete list of databases.');
126 $strPrivDescShowView = __('Allows performing SHOW CREATE VIEW queries.');
127 $strPrivDescShutdown = __('Allows shutting down the server.');
128 $strPrivDescSuper = __(
129 'Allows connecting, even if maximum number of connections is reached; '
130 . 'required for most administrative operations like setting global variables '
131 . 'or killing threads of other users.'
133 $strPrivDescTrigger = __('Allows creating and dropping triggers.');
134 $strPrivDescUpdate = __('Allows changing data.');
135 $strPrivDescUsage = __('No privileges.');
137 $_add_user_error = false;
139 * Get DB information: username, hostname, dbname,
140 * tablename, db_and_table, dbname_is_wildcard
143 $username, $hostname, $dbname, $tablename, $routinename,
144 $db_and_table, $dbname_is_wildcard
145 ) = $serverPrivileges->getDataForDBInfo();
148 * Checks if the user is allowed to do what he tries to...
150 if (! $dbi->isSuperuser() && ! $GLOBALS['is_grantuser']
151 && ! $GLOBALS['is_createuser']
154 $template->render('server/sub_page_header', [
155 'type' => 'privileges',
160 Message
::error(__('No Privileges'))
165 if (! $GLOBALS['is_grantuser'] && ! $GLOBALS['is_createuser']) {
166 $response->addHTML(Message
::notice(
167 __('You do not have the privileges to administrate the users!')
172 * Checks if the user is using "Change Login Information / Copy User" dialog
173 * only to update the password
175 if (isset($_POST['change_copy']) && $username == $_POST['old_username']
176 && $hostname == $_POST['old_hostname']
181 "Username and hostname didn't change. "
182 . "If you only want to change the password, "
183 . "'Change password' tab should be used."
187 $response->setRequestStatus(false);
192 * Changes / copies a user, part I
194 list($queries, $password) = $serverPrivileges->getDataForChangeOrCopyUser();
198 * (Changes / copies a user, part II)
200 list($ret_message, $ret_queries, $queries_for_display, $sql_query, $_add_user_error)
201 = $serverPrivileges->addUser(
202 isset($dbname) ?
$dbname : null,
203 isset($username) ?
$username : null,
204 isset($hostname) ?
$hostname : null,
205 isset($password) ?
$password : null,
206 $cfgRelation['menuswork']
208 //update the old variables
209 if (isset($ret_queries)) {
210 $queries = $ret_queries;
213 if (isset($ret_message)) {
214 $message = $ret_message;
219 * Changes / copies a user, part III
221 if (isset($_POST['change_copy'])) {
222 $queries = $serverPrivileges->getDbSpecificPrivsQueriesForChangeOrCopyUser(
230 if (! empty($routinename)) {
231 $itemType = $serverPrivileges->getRoutineType($dbname, $routinename);
237 if (! empty($_POST['update_privs'])) {
238 if (is_array($dbname)) {
239 foreach ($dbname as $key => $db_name) {
240 list($sql_query[$key], $message) = $serverPrivileges->updatePrivileges(
241 (isset($username) ?
$username : ''),
242 (isset($hostname) ?
$hostname : ''),
245 : (isset($routinename) ?
$routinename : '')),
246 (isset($db_name) ?
$db_name : ''),
251 $sql_query = implode("\n", $sql_query);
253 list($sql_query, $message) = $serverPrivileges->updatePrivileges(
254 (isset($username) ?
$username : ''),
255 (isset($hostname) ?
$hostname : ''),
258 : (isset($routinename) ?
$routinename : '')),
259 (isset($dbname) ?
$dbname : ''),
266 * Assign users to user groups
268 if (! empty($_POST['changeUserGroup']) && $cfgRelation['menuswork']
269 && $dbi->isSuperuser() && $GLOBALS['is_createuser']
271 $serverPrivileges->setUserGroup($username, $_POST['userGroup']);
272 $message = Message
::success();
278 if (isset($_POST['revokeall'])) {
279 list ($message, $sql_query) = $serverPrivileges->getMessageAndSqlQueryForPrivilegesRevoke(
280 (isset($dbname) ?
$dbname : ''),
283 : (isset($routinename) ?
$routinename : '')),
291 * Updates the password
293 if (isset($_POST['change_pw'])) {
294 $message = $serverPrivileges->updatePassword(
303 * (Changes / copies a user, part IV)
305 if (isset($_POST['delete'])
306 ||
(isset($_POST['change_copy']) && $_POST['mode'] < 4)
308 $queries = $serverPrivileges->getDataForDeleteUsers($queries);
309 if (empty($_POST['change_copy'])) {
310 list($sql_query, $message) = $serverPrivileges->deleteUser($queries);
315 * Changes / copies a user, part V
317 if (isset($_POST['change_copy'])) {
318 $queries = $serverPrivileges->getDataForQueries($queries, $queries_for_display);
319 $message = Message
::success();
320 $sql_query = implode("\n", $queries);
324 * Reloads the privilege tables into memory
326 $message_ret = $serverPrivileges->updateMessageForReload();
327 if ($message_ret !== null) {
328 $message = $message_ret;
333 * If we are in an Ajax request for Create User/Edit User/Revoke User/
334 * Flush Privileges, show $message and exit.
336 if ($response->isAjax()
337 && empty($_REQUEST['ajax_page_request'])
338 && ! isset($_GET['export'])
339 && (! isset($_POST['submit_mult']) ||
$_POST['submit_mult'] != 'export')
340 && ((! isset($_GET['initial']) ||
$_GET['initial'] === null
341 ||
$_GET['initial'] === '')
342 ||
(isset($_POST['delete']) && $_POST['delete'] === __('Go')))
343 && ! isset($_GET['showall'])
344 && ! isset($_GET['edit_user_group_dialog'])
346 $extra_data = $serverPrivileges->getExtraDataForAjaxBehavior(
347 (isset($password) ?
$password : ''),
348 (isset($sql_query) ?
$sql_query : ''),
349 (isset($hostname) ?
$hostname : ''),
350 (isset($username) ?
$username : '')
353 if (! empty($message) && $message instanceof Message
) {
354 $response->setRequestStatus($message->isSuccess());
355 $response->addJSON('message', $message);
356 $response->addJSON($extra_data);
364 if (isset($_GET['viewing_mode']) && $_GET['viewing_mode'] == 'db') {
365 $db = $_REQUEST['db'] = $_GET['checkprivsdb'];
367 $url_query .= '&goto=db_operations.php';
369 // Gets the database structure
370 $sub_part = '_structure';
379 $db_is_system_schema,
383 ) = PhpMyAdmin\Util
::getDbInfo($db, $sub_part === null ?
'' : $sub_part);
385 $content = ob_get_contents();
387 $response->addHTML($content . "\n");
388 } elseif (! empty($GLOBALS['message'])) {
389 $response->addHTML(PhpMyAdmin\Util
::getMessage($GLOBALS['message']));
390 unset($GLOBALS['message']);
397 $serverPrivileges->getHtmlForUserGroupDialog(
398 isset($username) ?
$username : null,
399 $cfgRelation['menuswork']
403 // export user definition
404 if (isset($_GET['export'])
405 ||
(isset($_POST['submit_mult']) && $_POST['submit_mult'] == 'export')
407 list($title, $export) = $serverPrivileges->getListForExportUserDefinition(
408 isset($username) ?
$username : null,
409 isset($hostname) ?
$hostname : null
412 unset($username, $hostname, $grants, $one_grant);
414 if ($response->isAjax()) {
415 $response->addJSON('message', $export);
416 $response->addJSON('title', $title);
419 $response->addHTML("<h2>$title</h2>$export");
423 if (isset($_GET['adduser'])) {
426 $serverPrivileges->getHtmlForAddUser((isset($dbname) ?
$dbname : ''))
428 } elseif (isset($_GET['checkprivsdb'])) {
429 if (isset($_GET['checkprivstable'])) {
430 // check the privileges for a particular table.
432 $serverPrivileges->getHtmlForSpecificTablePrivileges(
433 $_GET['checkprivsdb'],
434 $_GET['checkprivstable']
438 // check the privileges for a particular database.
440 $serverPrivileges->getHtmlForSpecificDbPrivileges($_GET['checkprivsdb'])
444 if (isset($dbname) && ! is_array($dbname)) {
445 $url_dbname = urlencode(
460 if (! isset($username)) {
461 // No username is given --> display the overview
463 $serverPrivileges->getHtmlForUserOverview($pmaThemeImage, $text_dir)
465 } elseif (! empty($routinename)) {
467 $serverPrivileges->getHtmlForRoutineSpecificPrivileges(
472 (isset($url_dbname) ?
$url_dbname : '')
476 // A user was selected -> display the user's properties
477 // In an Ajax request, prevent cached values from showing
478 if ($response->isAjax()) {
479 header('Cache-Control: no-cache');
483 $serverPrivileges->getHtmlForUserProperties(
484 (isset($dbname_is_wildcard) ?
$dbname_is_wildcard : ''),
485 (isset($url_dbname) ?
$url_dbname : ''),
488 (isset($dbname) ?
$dbname : ''),
489 (isset($tablename) ?
$tablename : '')
495 if ((isset($_GET['viewing_mode']) && $_GET['viewing_mode'] == 'server')
496 && $GLOBALS['cfgRelation']['menuswork']
498 $response->addHTML('</div>');