server_privileges.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * Server privileges and users manipulations
   5  *
   6  * @package PhpMyAdmin
   7  */
   8
   9 /**
  10  * include common file
  11  */
  12 require_once 'libraries/common.inc.php';
  13
  14 /**
  15  * functions implementation for this script
  16  */
  17 require_once 'libraries/display_change_password.lib.php';
  18 require_once 'libraries/server_privileges.lib.php';
  19 require_once 'libraries/check_user_privileges.lib.php';
  20
  21 $cfgRelation = PMA_getRelationsParam();
  22
  23 /**
  24  * Does the common work
  25  */
  26 $response = PMA\libraries\Response::getInstance();
  27 $header   = $response->getHeader();
  28 $scripts  = $header->getScripts();
  29 $scripts->addFile('server_privileges.js');
  30
  31 if ((isset($_REQUEST['viewing_mode'])
  32     && $_REQUEST['viewing_mode'] == 'server')
  33     && $GLOBALS['cfgRelation']['menuswork']
  34 ) {
  35     include_once 'libraries/server_users.lib.php';
  36     $response->addHTML('<div>');
  37     $response->addHTML(PMA_getHtmlForSubMenusOnUsersPage('server_privileges.php'));
  38 }
  39
  40 /**
  41  * Sets globals from $_POST patterns, for privileges and max_* vars
  42  */
  43
  44 $post_patterns = array(
  45     '/_priv$/i',
  46     '/^max_/i'
  47 );
  48
  49 PMA_setPostAsGlobal($post_patterns);
  50
  51 require 'libraries/server_common.inc.php';
  52
  53 /**
  54  * Messages are built using the message name
  55  */
  56 $strPrivDescAllPrivileges = __('Includes all privileges except GRANT.');
  57 $strPrivDescAlter = __('Allows altering the structure of existing tables.');
  58 $strPrivDescAlterRoutine = __('Allows altering and dropping stored routines.');
  59 $strPrivDescCreateDb = __('Allows creating new databases and tables.');
  60 $strPrivDescCreateRoutine = __('Allows creating stored routines.');
  61 $strPrivDescCreateTbl = __('Allows creating new tables.');
  62 $strPrivDescCreateTmpTable = __('Allows creating temporary tables.');
  63 $strPrivDescCreateUser = __('Allows creating, dropping and renaming user accounts.');
  64 $strPrivDescCreateView = __('Allows creating new views.');
  65 $strPrivDescDelete = __('Allows deleting data.');
  66 $strPrivDescDropDb = __('Allows dropping databases and tables.');
  67 $strPrivDescDropTbl = __('Allows dropping tables.');
  68 $strPrivDescEvent = __('Allows to set up events for the event scheduler.');
  69 $strPrivDescExecute = __('Allows executing stored routines.');
  70 $strPrivDescFile = __('Allows importing data from and exporting data into files.');
  71 $strPrivDescGrant = __(
  72     'Allows adding users and privileges without reloading the privilege tables.'
  73 );
  74 $strPrivDescIndex = __('Allows creating and dropping indexes.');
  75 $strPrivDescInsert = __('Allows inserting and replacing data.');
  76 $strPrivDescLockTables = __('Allows locking tables for the current thread.');
  77 $strPrivDescMaxConnections = __(
  78     'Limits the number of new connections the user may open per hour.'
  79 );
  80 $strPrivDescMaxQuestions = __(
  81     'Limits the number of queries the user may send to the server per hour.'
  82 );
  83 $strPrivDescMaxUpdates = __(
  84     'Limits the number of commands that change any table or database '
  85     . 'the user may execute per hour.'
  86 );
  87 $strPrivDescMaxUserConnections = __(
  88     'Limits the number of simultaneous connections the user may have.'
  89 );
  90 $strPrivDescProcess = __('Allows viewing processes of all users.');
  91 $strPrivDescReferences = __('Has no effect in this MySQL version.');
  92 $strPrivDescReload = __(
  93     'Allows reloading server settings and flushing the server\'s caches.'
  94 );
  95 $strPrivDescReplClient = __(
  96     'Allows the user to ask where the slaves / masters are.'
  97 );
  98 $strPrivDescReplSlave = __('Needed for the replication slaves.');
  99 $strPrivDescSelect = __('Allows reading data.');
 100 $strPrivDescShowDb = __('Gives access to the complete list of databases.');
 101 $strPrivDescShowView = __('Allows performing SHOW CREATE VIEW queries.');
 102 $strPrivDescShutdown = __('Allows shutting down the server.');
 103 $strPrivDescSuper = __(
 104     'Allows connecting, even if maximum number of connections is reached; '
 105     . 'required for most administrative operations like setting global variables '
 106     . 'or killing threads of other users.'
 107 );
 108 $strPrivDescTrigger = __('Allows creating and dropping triggers.');
 109 $strPrivDescUpdate = __('Allows changing data.');
 110 $strPrivDescUsage = __('No privileges.');
 111
 112 $_add_user_error = false;
 113 /**
 114  * Get DB information: username, hostname, dbname,
 115  * tablename, db_and_table, dbname_is_wildcard
 116  */
 117 list(
 118     $username, $hostname, $dbname, $tablename, $routinename,
 119     $db_and_table, $dbname_is_wildcard
 120 ) = PMA_getDataForDBInfo();
 121
 122 /**
 123  * Checks if the user is allowed to do what he tries to...
 124  */
 125 if (!$GLOBALS['is_superuser'] && !$GLOBALS['is_grantuser']
 126     && !$GLOBALS['is_createuser']
 127 ) {
 128     $response->addHTML(PMA_getHtmlForSubPageHeader('privileges', '', false));
 129     $response->addHTML(
 130         PMA\libraries\Message::error(__('No Privileges'))
 131             ->getDisplay()
 132     );
 133     exit;
 134 }
 135
 136 /**
 137  * Checks if the user is using "Change Login Information / Copy User" dialog
 138  * only to update the password
 139  */
 140 if (isset($_REQUEST['change_copy']) && $username == $_REQUEST['old_username']
 141     && $hostname == $_REQUEST['old_hostname']
 142 ) {
 143     $response->addHTML(
 144         PMA\libraries\Message::error(
 145             __(
 146                 "Username and hostname didn't change. "
 147                 . "If you only want to change the password, "
 148                 . "'Change password' tab should be used."
 149             )
 150         )->getDisplay()
 151     );
 152     $response->setRequestStatus(false);
 153     exit;
 154 }
 155
 156 /**
 157  * Changes / copies a user, part I
 158  */
 159 list($queries, $password) = PMA_getDataForChangeOrCopyUser();
 160
 161 /**
 162  * Adds a user
 163  *   (Changes / copies a user, part II)
 164  */
 165 list($ret_message, $ret_queries, $queries_for_display, $sql_query, $_add_user_error)
 166     = PMA_addUser(
 167         isset($dbname)? $dbname : null,
 168         isset($username)? $username : null,
 169         isset($hostname)? $hostname : null,
 170         isset($password)? $password : null,
 171         $cfgRelation['menuswork']
 172     );
 173 //update the old variables
 174 if (isset($ret_queries)) {
 175     $queries = $ret_queries;
 176     unset($ret_queries);
 177 }
 178 if (isset($ret_message)) {
 179     $message = $ret_message;
 180     unset($ret_message);
 181 }
 182
 183 /**
 184  * Changes / copies a user, part III
 185  */
 186 if (isset($_REQUEST['change_copy'])) {
 187     $queries = PMA_getDbSpecificPrivsQueriesForChangeOrCopyUser(
 188         $queries, $username, $hostname
 189     );
 190 }
 191
 192 $itemType = '';
 193 if (! empty($routinename)) {
 194     $itemType = PMA_getRoutineType($dbname, $routinename);
 195 }
 196
 197 /**
 198  * Updates privileges
 199  */
 200 if (! empty($_POST['update_privs'])) {
 201     if (is_array($dbname)) {
 202         foreach ($dbname as $key => $db_name) {
 203             list($sql_query[$key], $message) = PMA_updatePrivileges(
 204                 (isset($username) ? $username : ''),
 205                 (isset($hostname) ? $hostname : ''),
 206                 (isset($tablename)
 207                     ? $tablename
 208                     : (isset($routinename) ? $routinename : '')),
 209                 (isset($db_name) ? $db_name : ''),
 210                 $itemType
 211             );
 212         }
 213
 214         $sql_query = implode("\n", $sql_query);
 215     } else {
 216         list($sql_query, $message) = PMA_updatePrivileges(
 217             (isset($username) ? $username : ''),
 218             (isset($hostname) ? $hostname : ''),
 219             (isset($tablename)
 220                 ? $tablename
 221                 : (isset($routinename) ? $routinename : '')),
 222             (isset($dbname) ? $dbname : ''),
 223             $itemType
 224         );
 225     }
 226 }
 227
 228 /**
 229  * Assign users to user groups
 230  */
 231 if (! empty($_REQUEST['changeUserGroup']) && $cfgRelation['menuswork']
 232     && $GLOBALS['is_superuser'] && $GLOBALS['is_createuser']
 233 ) {
 234     PMA_setUserGroup($username, $_REQUEST['userGroup']);
 235     $message = PMA\libraries\Message::success();
 236 }
 237
 238 /**
 239  * Revokes Privileges
 240  */
 241 if (isset($_REQUEST['revokeall'])) {
 242     list ($message, $sql_query) = PMA_getMessageAndSqlQueryForPrivilegesRevoke(
 243         (isset($dbname) ? $dbname : ''),
 244         (isset($tablename)
 245             ? $tablename
 246             : (isset($routinename) ? $routinename : '')),
 247         $username,
 248         $hostname,
 249         $itemType
 250     );
 251 }
 252
 253 /**
 254  * Updates the password
 255  */
 256 if (isset($_REQUEST['change_pw'])) {
 257     $message = PMA_updatePassword(
 258         $err_url, $username, $hostname
 259     );
 260 }
 261
 262 /**
 263  * Deletes users
 264  *   (Changes / copies a user, part IV)
 265  */
 266 if (isset($_REQUEST['delete'])
 267     || (isset($_REQUEST['change_copy']) && $_REQUEST['mode'] < 4)
 268 ) {
 269     include_once 'libraries/relation_cleanup.lib.php';
 270     $queries = PMA_getDataForDeleteUsers($queries);
 271     if (empty($_REQUEST['change_copy'])) {
 272         list($sql_query, $message) = PMA_deleteUser($queries);
 273     }
 274 }
 275
 276 /**
 277  * Changes / copies a user, part V
 278  */
 279 if (isset($_REQUEST['change_copy'])) {
 280     $queries = PMA_getDataForQueries($queries, $queries_for_display);
 281     $message = PMA\libraries\Message::success();
 282     $sql_query = join("\n", $queries);
 283 }
 284
 285 /**
 286  * Reloads the privilege tables into memory
 287  */
 288 $message_ret = PMA_updateMessageForReload();
 289 if (isset($message_ret)) {
 290     $message = $message_ret;
 291     unset($message_ret);
 292 }
 293
 294 /**
 295  * If we are in an Ajax request for Create User/Edit User/Revoke User/
 296  * Flush Privileges, show $message and exit.
 297  */
 298 if ($GLOBALS['is_ajax_request']
 299     && empty($_REQUEST['ajax_page_request'])
 300     && ! isset($_REQUEST['export'])
 301     && (! isset($_REQUEST['submit_mult']) || $_REQUEST['submit_mult'] != 'export')
 302     && ((! isset($_REQUEST['initial']) || $_REQUEST['initial'] === null
 303     || $_REQUEST['initial'] === '')
 304     || (isset($_REQUEST['delete']) && $_REQUEST['delete'] === 'Go'))
 305     && ! isset($_REQUEST['showall'])
 306     && ! isset($_REQUEST['edit_user_group_dialog'])
 307     && ! isset($_REQUEST['db_specific'])
 308 ) {
 309     $extra_data = PMA_getExtraDataForAjaxBehavior(
 310         (isset($password) ? $password : ''),
 311         (isset($sql_query) ? $sql_query : ''),
 312         (isset($hostname) ? $hostname : ''),
 313         (isset($username) ? $username : '')
 314     );
 315
 316     if (! empty($message) && $message instanceof PMA\libraries\Message) {
 317         $response = PMA\libraries\Response::getInstance();
 318         $response->setRequestStatus($message->isSuccess());
 319         $response->addJSON('message', $message);
 320         $response->addJSON($extra_data);
 321         exit;
 322     }
 323 }
 324
 325 /**
 326  * Displays the links
 327  */
 328 if (isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'db') {
 329     $GLOBALS['db'] = $_REQUEST['db'] = $_REQUEST['checkprivsdb'];
 330
 331     $url_query .= '&amp;goto=db_operations.php';
 332
 333     // Gets the database structure
 334     $sub_part = '_structure';
 335     ob_start();
 336
 337     list(
 338         $tables,
 339         $num_tables,
 340         $total_num_tables,
 341         $sub_part,
 342         $is_show_stats,
 343         $db_is_system_schema,
 344         $tooltip_truename,
 345         $tooltip_aliasname,
 346         $pos
 347     ) = PMA\libraries\Util::getDbInfo($db, isset($sub_part) ? $sub_part : '');
 348
 349     $content = ob_get_contents();
 350     ob_end_clean();
 351     $response->addHTML($content . "\n");
 352 } else {
 353     if (! empty($GLOBALS['message'])) {
 354         $response->addHTML(PMA\libraries\Util::getMessage($GLOBALS['message']));
 355         unset($GLOBALS['message']);
 356     }
 357 }
 358
 359 /**
 360  * Displays the page
 361  */
 362 $response->addHTML(
 363     PMA_getHtmlForUserGroupDialog(
 364         isset($username)? $username : null,
 365         $cfgRelation['menuswork']
 366     )
 367 );
 368
 369 // export user definition
 370 if (isset($_REQUEST['export'])
 371     || (isset($_REQUEST['submit_mult']) && $_REQUEST['submit_mult'] == 'export')
 372 ) {
 373     list($title, $export) = PMA_getListForExportUserDefinition(
 374         isset($username) ? $username : null,
 375         isset($hostname) ? $hostname : null
 376     );
 377
 378     unset($username, $hostname, $grants, $one_grant);
 379
 380     $response = PMA\libraries\Response::getInstance();
 381     if ($GLOBALS['is_ajax_request']) {
 382         $response->addJSON('message', $export);
 383         $response->addJSON('title', $title);
 384         exit;
 385     } else {
 386         $response->addHTML("<h2>$title</h2>$export");
 387     }
 388 }
 389
 390 if (isset($_REQUEST['adduser'])) {
 391     // Add user
 392     $response->addHTML(
 393         PMA_getHtmlForAddUser((isset($dbname) ? $dbname : ''))
 394     );
 395 } elseif (isset($_REQUEST['checkprivsdb'])) {
 396     if (isset($_REQUEST['checkprivstable'])) {
 397         // check the privileges for a particular table.
 398         $response->addHTML(
 399             PMA_getHtmlForSpecificTablePrivileges(
 400                 $_REQUEST['checkprivsdb'], $_REQUEST['checkprivstable']
 401             )
 402         );
 403     } else {
 404         // check the privileges for a particular database.
 405         $response->addHTML(
 406             PMA_getHtmlForSpecificDbPrivileges($_REQUEST['checkprivsdb'])
 407         );
 408     }
 409 } else {
 410     if (isset($dbname) && ! is_array($dbname)) {
 411         $url_dbname = urlencode(
 412             str_replace(
 413                 array('\_', '\%'),
 414                 array('_', '%'),
 415                 $_REQUEST['dbname']
 416             )
 417         );
 418     }
 419
 420     if (! isset($username)) {
 421         // No username is given --> display the overview
 422         $response->addHTML(
 423             PMA_getHtmlForUserOverview($pmaThemeImage, $text_dir)
 424         );
 425     } else if (!empty($routinename)) {
 426         $response->addHTML(
 427             PMA_getHtmlForRoutineSpecificPrivilges(
 428                 $username, $hostname, $dbname, $routinename,
 429                 (isset($url_dbname) ? $url_dbname : '')
 430             )
 431         );
 432     } else {
 433         // A user was selected -> display the user's properties
 434         // In an Ajax request, prevent cached values from showing
 435         if ($GLOBALS['is_ajax_request'] == true) {
 436             header('Cache-Control: no-cache');
 437         }
 438
 439         $response->addHTML(
 440             PMA_getHtmlForUserProperties(
 441                 (isset($dbname_is_wildcard) ? $dbname_is_wildcard : ''),
 442                 (isset($url_dbname) ? $url_dbname : ''),
 443                 $username, $hostname,
 444                 (isset($dbname) ? $dbname : ''),
 445                 (isset($tablename) ? $tablename : '')
 446             )
 447         );
 448     }
 449 }
 450
 451 if ((isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'server')
 452     && $GLOBALS['cfgRelation']['menuswork']
 453 ) {
 454     $response->addHTML('</div>');
 455 }