2 /* vim: set expandtab sw=4 ts=4 sts=4: */
4 * Server privileges and users manipulations
10 use PhpMyAdmin\Message
;
11 use PhpMyAdmin\Relation
;
12 use PhpMyAdmin\Response
;
13 use PhpMyAdmin\Server\Common
;
14 use PhpMyAdmin\Server\Privileges
;
15 use PhpMyAdmin\Server\Users
;
16 use PhpMyAdmin\Template
;
21 require_once 'libraries/common.inc.php';
24 * functions implementation for this script
26 require_once 'libraries/check_user_privileges.inc.php';
28 $cfgRelation = Relation
::getRelationsParam();
31 * Does the common work
33 $response = Response
::getInstance();
34 $header = $response->getHeader();
35 $scripts = $header->getScripts();
36 $scripts->addFile('server_privileges.js');
37 $scripts->addFile('vendor/zxcvbn.js');
39 if ((isset($_REQUEST['viewing_mode'])
40 && $_REQUEST['viewing_mode'] == 'server')
41 && $GLOBALS['cfgRelation']['menuswork']
43 $response->addHTML('<div>');
44 $response->addHTML(Users
::getHtmlForSubMenusOnUsersPage('server_privileges.php'));
48 * Sets globals from $_POST patterns, for privileges and max_* vars
51 $post_patterns = array(
56 Core
::setPostAsGlobal($post_patterns);
58 require 'libraries/server_common.inc.php';
61 * Messages are built using the message name
63 $strPrivDescAllPrivileges = __('Includes all privileges except GRANT.');
64 $strPrivDescAlter = __('Allows altering the structure of existing tables.');
65 $strPrivDescAlterRoutine = __('Allows altering and dropping stored routines.');
66 $strPrivDescCreateDb = __('Allows creating new databases and tables.');
67 $strPrivDescCreateRoutine = __('Allows creating stored routines.');
68 $strPrivDescCreateTbl = __('Allows creating new tables.');
69 $strPrivDescCreateTmpTable = __('Allows creating temporary tables.');
70 $strPrivDescCreateUser = __('Allows creating, dropping and renaming user accounts.');
71 $strPrivDescCreateView = __('Allows creating new views.');
72 $strPrivDescDelete = __('Allows deleting data.');
73 $strPrivDescDropDb = __('Allows dropping databases and tables.');
74 $strPrivDescDropTbl = __('Allows dropping tables.');
75 $strPrivDescEvent = __('Allows to set up events for the event scheduler.');
76 $strPrivDescExecute = __('Allows executing stored routines.');
77 $strPrivDescFile = __('Allows importing data from and exporting data into files.');
78 $strPrivDescGrantTbl = __(
79 'Allows user to give to other users or remove from other users the privileges '
80 . 'that user possess yourself.'
82 $strPrivDescIndex = __('Allows creating and dropping indexes.');
83 $strPrivDescInsert = __('Allows inserting and replacing data.');
84 $strPrivDescLockTables = __('Allows locking tables for the current thread.');
85 $strPrivDescMaxConnections = __(
86 'Limits the number of new connections the user may open per hour.'
88 $strPrivDescMaxQuestions = __(
89 'Limits the number of queries the user may send to the server per hour.'
91 $strPrivDescMaxUpdates = __(
92 'Limits the number of commands that change any table or database '
93 . 'the user may execute per hour.'
95 $strPrivDescMaxUserConnections = __(
96 'Limits the number of simultaneous connections the user may have.'
98 $strPrivDescProcess = __('Allows viewing processes of all users.');
99 $strPrivDescReferences = __('Has no effect in this MySQL version.');
100 $strPrivDescReload = __(
101 'Allows reloading server settings and flushing the server\'s caches.'
103 $strPrivDescReplClient = __(
104 'Allows the user to ask where the slaves / masters are.'
106 $strPrivDescReplSlave = __('Needed for the replication slaves.');
107 $strPrivDescSelect = __('Allows reading data.');
108 $strPrivDescShowDb = __('Gives access to the complete list of databases.');
109 $strPrivDescShowView = __('Allows performing SHOW CREATE VIEW queries.');
110 $strPrivDescShutdown = __('Allows shutting down the server.');
111 $strPrivDescSuper = __(
112 'Allows connecting, even if maximum number of connections is reached; '
113 . 'required for most administrative operations like setting global variables '
114 . 'or killing threads of other users.'
116 $strPrivDescTrigger = __('Allows creating and dropping triggers.');
117 $strPrivDescUpdate = __('Allows changing data.');
118 $strPrivDescUsage = __('No privileges.');
120 $_add_user_error = false;
122 * Get DB information: username, hostname, dbname,
123 * tablename, db_and_table, dbname_is_wildcard
126 $username, $hostname, $dbname, $tablename, $routinename,
127 $db_and_table, $dbname_is_wildcard
128 ) = Privileges
::getDataForDBInfo();
131 * Checks if the user is allowed to do what he tries to...
133 if (!$GLOBALS['dbi']->isSuperuser() && !$GLOBALS['is_grantuser']
134 && !$GLOBALS['is_createuser']
137 Template
::get('server/sub_page_header')->render([
138 'type' => 'privileges',
143 Message
::error(__('No Privileges'))
148 if (! $GLOBALS['is_grantuser'] && !$GLOBALS['is_createuser']) {
149 $response->addHTML(Message
::notice(
150 __('You do not have privileges to manipulate with the users!')
155 * Checks if the user is using "Change Login Information / Copy User" dialog
156 * only to update the password
158 if (isset($_REQUEST['change_copy']) && $username == $_REQUEST['old_username']
159 && $hostname == $_REQUEST['old_hostname']
164 "Username and hostname didn't change. "
165 . "If you only want to change the password, "
166 . "'Change password' tab should be used."
170 $response->setRequestStatus(false);
175 * Changes / copies a user, part I
177 list($queries, $password) = Privileges
::getDataForChangeOrCopyUser();
181 * (Changes / copies a user, part II)
183 list($ret_message, $ret_queries, $queries_for_display, $sql_query, $_add_user_error)
184 = Privileges
::addUser(
185 isset($dbname)?
$dbname : null,
186 isset($username)?
$username : null,
187 isset($hostname)?
$hostname : null,
188 isset($password)?
$password : null,
189 $cfgRelation['menuswork']
191 //update the old variables
192 if (isset($ret_queries)) {
193 $queries = $ret_queries;
196 if (isset($ret_message)) {
197 $message = $ret_message;
202 * Changes / copies a user, part III
204 if (isset($_REQUEST['change_copy'])) {
205 $queries = Privileges
::getDbSpecificPrivsQueriesForChangeOrCopyUser(
206 $queries, $username, $hostname
211 if (! empty($routinename)) {
212 $itemType = Privileges
::getRoutineType($dbname, $routinename);
218 if (! empty($_POST['update_privs'])) {
219 if (is_array($dbname)) {
220 foreach ($dbname as $key => $db_name) {
221 list($sql_query[$key], $message) = Privileges
::updatePrivileges(
222 (isset($username) ?
$username : ''),
223 (isset($hostname) ?
$hostname : ''),
226 : (isset($routinename) ?
$routinename : '')),
227 (isset($db_name) ?
$db_name : ''),
232 $sql_query = implode("\n", $sql_query);
234 list($sql_query, $message) = Privileges
::updatePrivileges(
235 (isset($username) ?
$username : ''),
236 (isset($hostname) ?
$hostname : ''),
239 : (isset($routinename) ?
$routinename : '')),
240 (isset($dbname) ?
$dbname : ''),
247 * Assign users to user groups
249 if (! empty($_REQUEST['changeUserGroup']) && $cfgRelation['menuswork']
250 && $GLOBALS['dbi']->isSuperuser() && $GLOBALS['is_createuser']
252 Privileges
::setUserGroup($username, $_REQUEST['userGroup']);
253 $message = Message
::success();
259 if (isset($_REQUEST['revokeall'])) {
260 list ($message, $sql_query) = Privileges
::getMessageAndSqlQueryForPrivilegesRevoke(
261 (isset($dbname) ?
$dbname : ''),
264 : (isset($routinename) ?
$routinename : '')),
272 * Updates the password
274 if (isset($_REQUEST['change_pw'])) {
275 $message = Privileges
::updatePassword(
276 $err_url, $username, $hostname
282 * (Changes / copies a user, part IV)
284 if (isset($_REQUEST['delete'])
285 ||
(isset($_REQUEST['change_copy']) && $_REQUEST['mode'] < 4)
287 $queries = Privileges
::getDataForDeleteUsers($queries);
288 if (empty($_REQUEST['change_copy'])) {
289 list($sql_query, $message) = Privileges
::deleteUser($queries);
294 * Changes / copies a user, part V
296 if (isset($_REQUEST['change_copy'])) {
297 $queries = Privileges
::getDataForQueries($queries, $queries_for_display);
298 $message = Message
::success();
299 $sql_query = join("\n", $queries);
303 * Reloads the privilege tables into memory
305 $message_ret = Privileges
::updateMessageForReload();
306 if (isset($message_ret)) {
307 $message = $message_ret;
312 * If we are in an Ajax request for Create User/Edit User/Revoke User/
313 * Flush Privileges, show $message and exit.
315 if ($response->isAjax()
316 && empty($_REQUEST['ajax_page_request'])
317 && ! isset($_REQUEST['export'])
318 && (! isset($_REQUEST['submit_mult']) ||
$_REQUEST['submit_mult'] != 'export')
319 && ((! isset($_REQUEST['initial']) ||
$_REQUEST['initial'] === null
320 ||
$_REQUEST['initial'] === '')
321 ||
(isset($_REQUEST['delete']) && $_REQUEST['delete'] === __('Go')))
322 && ! isset($_REQUEST['showall'])
323 && ! isset($_REQUEST['edit_user_group_dialog'])
324 && ! isset($_REQUEST['db_specific'])
326 $extra_data = Privileges
::getExtraDataForAjaxBehavior(
327 (isset($password) ?
$password : ''),
328 (isset($sql_query) ?
$sql_query : ''),
329 (isset($hostname) ?
$hostname : ''),
330 (isset($username) ?
$username : '')
333 if (! empty($message) && $message instanceof Message
) {
334 $response->setRequestStatus($message->isSuccess());
335 $response->addJSON('message', $message);
336 $response->addJSON($extra_data);
344 if (isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'db') {
345 $GLOBALS['db'] = $_REQUEST['db'] = $_REQUEST['checkprivsdb'];
347 $url_query .= '&goto=db_operations.php';
349 // Gets the database structure
350 $sub_part = '_structure';
359 $db_is_system_schema,
363 ) = PhpMyAdmin\Util
::getDbInfo($db, isset($sub_part) ?
$sub_part : '');
365 $content = ob_get_contents();
367 $response->addHTML($content . "\n");
369 if (! empty($GLOBALS['message'])) {
370 $response->addHTML(PhpMyAdmin\Util
::getMessage($GLOBALS['message']));
371 unset($GLOBALS['message']);
379 Privileges
::getHtmlForUserGroupDialog(
380 isset($username)?
$username : null,
381 $cfgRelation['menuswork']
385 // export user definition
386 if (isset($_REQUEST['export'])
387 ||
(isset($_REQUEST['submit_mult']) && $_REQUEST['submit_mult'] == 'export')
389 list($title, $export) = Privileges
::getListForExportUserDefinition(
390 isset($username) ?
$username : null,
391 isset($hostname) ?
$hostname : null
394 unset($username, $hostname, $grants, $one_grant);
396 if ($response->isAjax()) {
397 $response->addJSON('message', $export);
398 $response->addJSON('title', $title);
401 $response->addHTML("<h2>$title</h2>$export");
405 if (isset($_REQUEST['adduser'])) {
408 Privileges
::getHtmlForAddUser((isset($dbname) ?
$dbname : ''))
410 } elseif (isset($_REQUEST['checkprivsdb'])) {
411 if (isset($_REQUEST['checkprivstable'])) {
412 // check the privileges for a particular table.
414 Privileges
::getHtmlForSpecificTablePrivileges(
415 $_REQUEST['checkprivsdb'], $_REQUEST['checkprivstable']
419 // check the privileges for a particular database.
421 Privileges
::getHtmlForSpecificDbPrivileges($_REQUEST['checkprivsdb'])
425 if (isset($dbname) && ! is_array($dbname)) {
426 $url_dbname = urlencode(
435 if (! isset($username)) {
436 // No username is given --> display the overview
438 Privileges
::getHtmlForUserOverview($pmaThemeImage, $text_dir)
440 } elseif (!empty($routinename)) {
442 Privileges
::getHtmlForRoutineSpecificPrivileges(
443 $username, $hostname, $dbname, $routinename,
444 (isset($url_dbname) ?
$url_dbname : '')
448 // A user was selected -> display the user's properties
449 // In an Ajax request, prevent cached values from showing
450 if ($response->isAjax()) {
451 header('Cache-Control: no-cache');
455 Privileges
::getHtmlForUserProperties(
456 (isset($dbname_is_wildcard) ?
$dbname_is_wildcard : ''),
457 (isset($url_dbname) ?
$url_dbname : ''),
458 $username, $hostname,
459 (isset($dbname) ?
$dbname : ''),
460 (isset($tablename) ?
$tablename : '')
466 if ((isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'server')
467 && $GLOBALS['cfgRelation']['menuswork']
469 $response->addHTML('</div>');