server_privileges.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * Server privileges and users manipulations
   5  *
   6  * @package PhpMyAdmin
   7  */
   8
   9 /**
  10  * include common file
  11  */
  12 require_once 'libraries/common.inc.php';
  13
  14 /**
  15  * functions implementation for this script
  16  */
  17 require_once 'libraries/display_change_password.lib.php';
  18 require_once 'libraries/server_privileges.lib.php';
  19 require_once 'libraries/check_user_privileges.lib.php';
  20
  21 $cfgRelation = PMA_getRelationsParam();
  22
  23 /**
  24  * Does the common work
  25  */
  26 $response = PMA\libraries\Response::getInstance();
  27 $header   = $response->getHeader();
  28 $scripts  = $header->getScripts();
  29 $scripts->addFile('server_privileges.js');
  30
  31 if ((isset($_REQUEST['viewing_mode'])
  32     && $_REQUEST['viewing_mode'] == 'server')
  33     && $GLOBALS['cfgRelation']['menuswork']
  34 ) {
  35     include_once 'libraries/server_users.lib.php';
  36     $response->addHTML('<div>');
  37     $response->addHTML(PMA_getHtmlForSubMenusOnUsersPage('server_privileges.php'));
  38 }
  39
  40 /**
  41  * Sets globals from $_POST patterns, for privileges and max_* vars
  42  */
  43
  44 $post_patterns = array(
  45     '/_priv$/i',
  46     '/^max_/i'
  47 );
  48
  49 PMA_setPostAsGlobal($post_patterns);
  50
  51 require 'libraries/server_common.inc.php';
  52
  53 /**
  54  * Messages are built using the message name
  55  */
  56 $strPrivDescAllPrivileges = __('Includes all privileges except GRANT.');
  57 $strPrivDescAlter = __('Allows altering the structure of existing tables.');
  58 $strPrivDescAlterRoutine = __('Allows altering and dropping stored routines.');
  59 $strPrivDescCreateDb = __('Allows creating new databases and tables.');
  60 $strPrivDescCreateRoutine = __('Allows creating stored routines.');
  61 $strPrivDescCreateTbl = __('Allows creating new tables.');
  62 $strPrivDescCreateTmpTable = __('Allows creating temporary tables.');
  63 $strPrivDescCreateUser = __('Allows creating, dropping and renaming user accounts.');
  64 $strPrivDescCreateView = __('Allows creating new views.');
  65 $strPrivDescDelete = __('Allows deleting data.');
  66 $strPrivDescDropDb = __('Allows dropping databases and tables.');
  67 $strPrivDescDropTbl = __('Allows dropping tables.');
  68 $strPrivDescEvent = __('Allows to set up events for the event scheduler.');
  69 $strPrivDescExecute = __('Allows executing stored routines.');
  70 $strPrivDescFile = __('Allows importing data from and exporting data into files.');
  71 $strPrivDescGrantTbl = __(
  72     'Allows user to give to other users or remove from other users the privileges '
  73     . 'that user possess yourself.'
  74 );
  75 $strPrivDescIndex = __('Allows creating and dropping indexes.');
  76 $strPrivDescInsert = __('Allows inserting and replacing data.');
  77 $strPrivDescLockTables = __('Allows locking tables for the current thread.');
  78 $strPrivDescMaxConnections = __(
  79     'Limits the number of new connections the user may open per hour.'
  80 );
  81 $strPrivDescMaxQuestions = __(
  82     'Limits the number of queries the user may send to the server per hour.'
  83 );
  84 $strPrivDescMaxUpdates = __(
  85     'Limits the number of commands that change any table or database '
  86     . 'the user may execute per hour.'
  87 );
  88 $strPrivDescMaxUserConnections = __(
  89     'Limits the number of simultaneous connections the user may have.'
  90 );
  91 $strPrivDescProcess = __('Allows viewing processes of all users.');
  92 $strPrivDescReferences = __('Has no effect in this MySQL version.');
  93 $strPrivDescReload = __(
  94     'Allows reloading server settings and flushing the server\'s caches.'
  95 );
  96 $strPrivDescReplClient = __(
  97     'Allows the user to ask where the slaves / masters are.'
  98 );
  99 $strPrivDescReplSlave = __('Needed for the replication slaves.');
 100 $strPrivDescSelect = __('Allows reading data.');
 101 $strPrivDescShowDb = __('Gives access to the complete list of databases.');
 102 $strPrivDescShowView = __('Allows performing SHOW CREATE VIEW queries.');
 103 $strPrivDescShutdown = __('Allows shutting down the server.');
 104 $strPrivDescSuper = __(
 105     'Allows connecting, even if maximum number of connections is reached; '
 106     . 'required for most administrative operations like setting global variables '
 107     . 'or killing threads of other users.'
 108 );
 109 $strPrivDescTrigger = __('Allows creating and dropping triggers.');
 110 $strPrivDescUpdate = __('Allows changing data.');
 111 $strPrivDescUsage = __('No privileges.');
 112
 113 $_add_user_error = false;
 114 /**
 115  * Get DB information: username, hostname, dbname,
 116  * tablename, db_and_table, dbname_is_wildcard
 117  */
 118 list(
 119     $username, $hostname, $dbname, $tablename, $routinename,
 120     $db_and_table, $dbname_is_wildcard
 121 ) = PMA_getDataForDBInfo();
 122
 123 /**
 124  * Checks if the user is allowed to do what he tries to...
 125  */
 126 if (!$GLOBALS['is_superuser'] && !$GLOBALS['is_grantuser']
 127     && !$GLOBALS['is_createuser']
 128 ) {
 129     $response->addHTML(PMA_getHtmlForSubPageHeader('privileges', '', false));
 130     $response->addHTML(
 131         PMA\libraries\Message::error(__('No Privileges'))
 132             ->getDisplay()
 133     );
 134     exit;
 135 }
 136
 137 /**
 138  * Checks if the user is using "Change Login Information / Copy User" dialog
 139  * only to update the password
 140  */
 141 if (isset($_REQUEST['change_copy']) && $username == $_REQUEST['old_username']
 142     && $hostname == $_REQUEST['old_hostname']
 143 ) {
 144     $response->addHTML(
 145         PMA\libraries\Message::error(
 146             __(
 147                 "Username and hostname didn't change. "
 148                 . "If you only want to change the password, "
 149                 . "'Change password' tab should be used."
 150             )
 151         )->getDisplay()
 152     );
 153     $response->setRequestStatus(false);
 154     exit;
 155 }
 156
 157 /**
 158  * Changes / copies a user, part I
 159  */
 160 list($queries, $password) = PMA_getDataForChangeOrCopyUser();
 161
 162 /**
 163  * Adds a user
 164  *   (Changes / copies a user, part II)
 165  */
 166 list($ret_message, $ret_queries, $queries_for_display, $sql_query, $_add_user_error)
 167     = PMA_addUser(
 168         isset($dbname)? $dbname : null,
 169         isset($username)? $username : null,
 170         isset($hostname)? $hostname : null,
 171         isset($password)? $password : null,
 172         $cfgRelation['menuswork']
 173     );
 174 //update the old variables
 175 if (isset($ret_queries)) {
 176     $queries = $ret_queries;
 177     unset($ret_queries);
 178 }
 179 if (isset($ret_message)) {
 180     $message = $ret_message;
 181     unset($ret_message);
 182 }
 183
 184 /**
 185  * Changes / copies a user, part III
 186  */
 187 if (isset($_REQUEST['change_copy'])) {
 188     $queries = PMA_getDbSpecificPrivsQueriesForChangeOrCopyUser(
 189         $queries, $username, $hostname
 190     );
 191 }
 192
 193 $itemType = '';
 194 if (! empty($routinename)) {
 195     $itemType = PMA_getRoutineType($dbname, $routinename);
 196 }
 197
 198 /**
 199  * Updates privileges
 200  */
 201 if (! empty($_POST['update_privs'])) {
 202     if (is_array($dbname)) {
 203         foreach ($dbname as $key => $db_name) {
 204             list($sql_query[$key], $message) = PMA_updatePrivileges(
 205                 (isset($username) ? $username : ''),
 206                 (isset($hostname) ? $hostname : ''),
 207                 (isset($tablename)
 208                     ? $tablename
 209                     : (isset($routinename) ? $routinename : '')),
 210                 (isset($db_name) ? $db_name : ''),
 211                 $itemType
 212             );
 213         }
 214
 215         $sql_query = implode("\n", $sql_query);
 216     } else {
 217         list($sql_query, $message) = PMA_updatePrivileges(
 218             (isset($username) ? $username : ''),
 219             (isset($hostname) ? $hostname : ''),
 220             (isset($tablename)
 221                 ? $tablename
 222                 : (isset($routinename) ? $routinename : '')),
 223             (isset($dbname) ? $dbname : ''),
 224             $itemType
 225         );
 226     }
 227 }
 228
 229 /**
 230  * Assign users to user groups
 231  */
 232 if (! empty($_REQUEST['changeUserGroup']) && $cfgRelation['menuswork']
 233     && $GLOBALS['is_superuser'] && $GLOBALS['is_createuser']
 234 ) {
 235     PMA_setUserGroup($username, $_REQUEST['userGroup']);
 236     $message = PMA\libraries\Message::success();
 237 }
 238
 239 /**
 240  * Revokes Privileges
 241  */
 242 if (isset($_REQUEST['revokeall'])) {
 243     list ($message, $sql_query) = PMA_getMessageAndSqlQueryForPrivilegesRevoke(
 244         (isset($dbname) ? $dbname : ''),
 245         (isset($tablename)
 246             ? $tablename
 247             : (isset($routinename) ? $routinename : '')),
 248         $username,
 249         $hostname,
 250         $itemType
 251     );
 252 }
 253
 254 /**
 255  * Updates the password
 256  */
 257 if (isset($_REQUEST['change_pw'])) {
 258     $message = PMA_updatePassword(
 259         $err_url, $username, $hostname
 260     );
 261 }
 262
 263 /**
 264  * Deletes users
 265  *   (Changes / copies a user, part IV)
 266  */
 267 if (isset($_REQUEST['delete'])
 268     || (isset($_REQUEST['change_copy']) && $_REQUEST['mode'] < 4)
 269 ) {
 270     include_once 'libraries/relation_cleanup.lib.php';
 271     $queries = PMA_getDataForDeleteUsers($queries);
 272     if (empty($_REQUEST['change_copy'])) {
 273         list($sql_query, $message) = PMA_deleteUser($queries);
 274     }
 275 }
 276
 277 /**
 278  * Changes / copies a user, part V
 279  */
 280 if (isset($_REQUEST['change_copy'])) {
 281     $queries = PMA_getDataForQueries($queries, $queries_for_display);
 282     $message = PMA\libraries\Message::success();
 283     $sql_query = join("\n", $queries);
 284 }
 285
 286 /**
 287  * Reloads the privilege tables into memory
 288  */
 289 $message_ret = PMA_updateMessageForReload();
 290 if (isset($message_ret)) {
 291     $message = $message_ret;
 292     unset($message_ret);
 293 }
 294
 295 /**
 296  * If we are in an Ajax request for Create User/Edit User/Revoke User/
 297  * Flush Privileges, show $message and exit.
 298  */
 299 if ($GLOBALS['is_ajax_request']
 300     && empty($_REQUEST['ajax_page_request'])
 301     && ! isset($_REQUEST['export'])
 302     && (! isset($_REQUEST['submit_mult']) || $_REQUEST['submit_mult'] != 'export')
 303     && ((! isset($_REQUEST['initial']) || $_REQUEST['initial'] === null
 304     || $_REQUEST['initial'] === '')
 305     || (isset($_REQUEST['delete']) && $_REQUEST['delete'] === __('Go')))
 306     && ! isset($_REQUEST['showall'])
 307     && ! isset($_REQUEST['edit_user_group_dialog'])
 308     && ! isset($_REQUEST['db_specific'])
 309 ) {
 310     $extra_data = PMA_getExtraDataForAjaxBehavior(
 311         (isset($password) ? $password : ''),
 312         (isset($sql_query) ? $sql_query : ''),
 313         (isset($hostname) ? $hostname : ''),
 314         (isset($username) ? $username : '')
 315     );
 316
 317     if (! empty($message) && $message instanceof PMA\libraries\Message) {
 318         $response = PMA\libraries\Response::getInstance();
 319         $response->setRequestStatus($message->isSuccess());
 320         $response->addJSON('message', $message);
 321         $response->addJSON($extra_data);
 322         exit;
 323     }
 324 }
 325
 326 /**
 327  * Displays the links
 328  */
 329 if (isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'db') {
 330     $GLOBALS['db'] = $_REQUEST['db'] = $_REQUEST['checkprivsdb'];
 331
 332     $url_query .= '&amp;goto=db_operations.php';
 333
 334     // Gets the database structure
 335     $sub_part = '_structure';
 336     ob_start();
 337
 338     list(
 339         $tables,
 340         $num_tables,
 341         $total_num_tables,
 342         $sub_part,
 343         $is_show_stats,
 344         $db_is_system_schema,
 345         $tooltip_truename,
 346         $tooltip_aliasname,
 347         $pos
 348     ) = PMA\libraries\Util::getDbInfo($db, isset($sub_part) ? $sub_part : '');
 349
 350     $content = ob_get_contents();
 351     ob_end_clean();
 352     $response->addHTML($content . "\n");
 353 } else {
 354     if (! empty($GLOBALS['message'])) {
 355         $response->addHTML(PMA\libraries\Util::getMessage($GLOBALS['message']));
 356         unset($GLOBALS['message']);
 357     }
 358 }
 359
 360 /**
 361  * Displays the page
 362  */
 363 $response->addHTML(
 364     PMA_getHtmlForUserGroupDialog(
 365         isset($username)? $username : null,
 366         $cfgRelation['menuswork']
 367     )
 368 );
 369
 370 // export user definition
 371 if (isset($_REQUEST['export'])
 372     || (isset($_REQUEST['submit_mult']) && $_REQUEST['submit_mult'] == 'export')
 373 ) {
 374     list($title, $export) = PMA_getListForExportUserDefinition(
 375         isset($username) ? $username : null,
 376         isset($hostname) ? $hostname : null
 377     );
 378
 379     unset($username, $hostname, $grants, $one_grant);
 380
 381     $response = PMA\libraries\Response::getInstance();
 382     if ($GLOBALS['is_ajax_request']) {
 383         $response->addJSON('message', $export);
 384         $response->addJSON('title', $title);
 385         exit;
 386     } else {
 387         $response->addHTML("<h2>$title</h2>$export");
 388     }
 389 }
 390
 391 if (isset($_REQUEST['adduser'])) {
 392     // Add user
 393     $response->addHTML(
 394         PMA_getHtmlForAddUser((isset($dbname) ? $dbname : ''))
 395     );
 396 } elseif (isset($_REQUEST['checkprivsdb'])) {
 397     if (isset($_REQUEST['checkprivstable'])) {
 398         // check the privileges for a particular table.
 399         $response->addHTML(
 400             PMA_getHtmlForSpecificTablePrivileges(
 401                 $_REQUEST['checkprivsdb'], $_REQUEST['checkprivstable']
 402             )
 403         );
 404     } else {
 405         // check the privileges for a particular database.
 406         $response->addHTML(
 407             PMA_getHtmlForSpecificDbPrivileges($_REQUEST['checkprivsdb'])
 408         );
 409     }
 410 } else {
 411     if (isset($dbname) && ! is_array($dbname)) {
 412         $url_dbname = urlencode(
 413             str_replace(
 414                 array('\_', '\%'),
 415                 array('_', '%'),
 416                 $_REQUEST['dbname']
 417             )
 418         );
 419     }
 420
 421     if (! isset($username)) {
 422         // No username is given --> display the overview
 423         $response->addHTML(
 424             PMA_getHtmlForUserOverview($pmaThemeImage, $text_dir)
 425         );
 426     } else if (!empty($routinename)) {
 427         $response->addHTML(
 428             PMA_getHtmlForRoutineSpecificPrivilges(
 429                 $username, $hostname, $dbname, $routinename,
 430                 (isset($url_dbname) ? $url_dbname : '')
 431             )
 432         );
 433     } else {
 434         // A user was selected -> display the user's properties
 435         // In an Ajax request, prevent cached values from showing
 436         if ($GLOBALS['is_ajax_request'] == true) {
 437             header('Cache-Control: no-cache');
 438         }
 439
 440         $response->addHTML(
 441             PMA_getHtmlForUserProperties(
 442                 (isset($dbname_is_wildcard) ? $dbname_is_wildcard : ''),
 443                 (isset($url_dbname) ? $url_dbname : ''),
 444                 $username, $hostname,
 445                 (isset($dbname) ? $dbname : ''),
 446                 (isset($tablename) ? $tablename : '')
 447             )
 448         );
 449     }
 450 }
 451
 452 if ((isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'server')
 453     && $GLOBALS['cfgRelation']['menuswork']
 454 ) {
 455     $response->addHTML('</div>');
 456 }