2 /* vim: set expandtab sw=4 ts=4 sts=4: */
4 * Server privileges and users manipulations
8 declare(strict_types
=1);
11 use PhpMyAdmin\Message
;
12 use PhpMyAdmin\Relation
;
13 use PhpMyAdmin\RelationCleanup
;
14 use PhpMyAdmin\Response
;
15 use PhpMyAdmin\Server\Privileges
;
16 use PhpMyAdmin\Server\Users
;
17 use PhpMyAdmin\Template
;
19 if (! defined('ROOT_PATH')) {
20 define('ROOT_PATH', __DIR__
. DIRECTORY_SEPARATOR
);
26 require_once ROOT_PATH
. 'libraries/common.inc.php';
29 * functions implementation for this script
31 require_once ROOT_PATH
. 'libraries/check_user_privileges.inc.php';
33 $relation = new Relation($GLOBALS['dbi']);
34 $cfgRelation = $relation->getRelationsParam();
37 * Does the common work
39 $response = Response
::getInstance();
40 $header = $response->getHeader();
41 $scripts = $header->getScripts();
42 $scripts->addFile('server_privileges.js');
43 $scripts->addFile('vendor/zxcvbn.js');
45 $template = new Template();
46 $relationCleanup = new RelationCleanup($GLOBALS['dbi'], $relation);
47 $serverPrivileges = new Privileges($template, $GLOBALS['dbi'], $relation, $relationCleanup);
49 if ((isset($_GET['viewing_mode'])
50 && $_GET['viewing_mode'] == 'server')
51 && $GLOBALS['cfgRelation']['menuswork']
53 $response->addHTML('<div>');
54 $response->addHTML(Users
::getHtmlForSubMenusOnUsersPage('server_privileges.php'));
58 * Sets globals from $_POST patterns, for privileges and max_* vars
66 Core
::setPostAsGlobal($post_patterns);
68 require ROOT_PATH
. 'libraries/server_common.inc.php';
71 * Messages are built using the message name
73 $strPrivDescAllPrivileges = __('Includes all privileges except GRANT.');
74 $strPrivDescAlter = __('Allows altering the structure of existing tables.');
75 $strPrivDescAlterRoutine = __('Allows altering and dropping stored routines.');
76 $strPrivDescCreateDb = __('Allows creating new databases and tables.');
77 $strPrivDescCreateRoutine = __('Allows creating stored routines.');
78 $strPrivDescCreateTbl = __('Allows creating new tables.');
79 $strPrivDescCreateTmpTable = __('Allows creating temporary tables.');
80 $strPrivDescCreateUser = __('Allows creating, dropping and renaming user accounts.');
81 $strPrivDescCreateView = __('Allows creating new views.');
82 $strPrivDescDelete = __('Allows deleting data.');
83 $strPrivDescDropDb = __('Allows dropping databases and tables.');
84 $strPrivDescDropTbl = __('Allows dropping tables.');
85 $strPrivDescEvent = __('Allows to set up events for the event scheduler.');
86 $strPrivDescExecute = __('Allows executing stored routines.');
87 $strPrivDescFile = __('Allows importing data from and exporting data into files.');
88 $strPrivDescGrantTbl = __(
89 'Allows user to give to other users or remove from other users the privileges '
90 . 'that user possess yourself.'
92 $strPrivDescIndex = __('Allows creating and dropping indexes.');
93 $strPrivDescInsert = __('Allows inserting and replacing data.');
94 $strPrivDescLockTables = __('Allows locking tables for the current thread.');
95 $strPrivDescMaxConnections = __(
96 'Limits the number of new connections the user may open per hour.'
98 $strPrivDescMaxQuestions = __(
99 'Limits the number of queries the user may send to the server per hour.'
101 $strPrivDescMaxUpdates = __(
102 'Limits the number of commands that change any table or database '
103 . 'the user may execute per hour.'
105 $strPrivDescMaxUserConnections = __(
106 'Limits the number of simultaneous connections the user may have.'
108 $strPrivDescProcess = __('Allows viewing processes of all users.');
109 $strPrivDescReferences = __('Has no effect in this MySQL version.');
110 $strPrivDescReload = __(
111 'Allows reloading server settings and flushing the server\'s caches.'
113 $strPrivDescReplClient = __(
114 'Allows the user to ask where the slaves / masters are.'
116 $strPrivDescReplSlave = __('Needed for the replication slaves.');
117 $strPrivDescSelect = __('Allows reading data.');
118 $strPrivDescShowDb = __('Gives access to the complete list of databases.');
119 $strPrivDescShowView = __('Allows performing SHOW CREATE VIEW queries.');
120 $strPrivDescShutdown = __('Allows shutting down the server.');
121 $strPrivDescSuper = __(
122 'Allows connecting, even if maximum number of connections is reached; '
123 . 'required for most administrative operations like setting global variables '
124 . 'or killing threads of other users.'
126 $strPrivDescTrigger = __('Allows creating and dropping triggers.');
127 $strPrivDescUpdate = __('Allows changing data.');
128 $strPrivDescUsage = __('No privileges.');
130 $_add_user_error = false;
132 * Get DB information: username, hostname, dbname,
133 * tablename, db_and_table, dbname_is_wildcard
136 $username, $hostname, $dbname, $tablename, $routinename,
137 $db_and_table, $dbname_is_wildcard
138 ) = $serverPrivileges->getDataForDBInfo();
141 * Checks if the user is allowed to do what he tries to...
143 if (! $GLOBALS['dbi']->isSuperuser() && ! $GLOBALS['is_grantuser']
144 && ! $GLOBALS['is_createuser']
147 $template->render('server/sub_page_header', [
148 'type' => 'privileges',
153 Message
::error(__('No Privileges'))
158 if (! $GLOBALS['is_grantuser'] && ! $GLOBALS['is_createuser']) {
159 $response->addHTML(Message
::notice(
160 __('You do not have the privileges to administrate the users!')
165 * Checks if the user is using "Change Login Information / Copy User" dialog
166 * only to update the password
168 if (isset($_POST['change_copy']) && $username == $_POST['old_username']
169 && $hostname == $_POST['old_hostname']
174 "Username and hostname didn't change. "
175 . "If you only want to change the password, "
176 . "'Change password' tab should be used."
180 $response->setRequestStatus(false);
185 * Changes / copies a user, part I
187 list($queries, $password) = $serverPrivileges->getDataForChangeOrCopyUser();
191 * (Changes / copies a user, part II)
193 list($ret_message, $ret_queries, $queries_for_display, $sql_query, $_add_user_error)
194 = $serverPrivileges->addUser(
195 isset($dbname) ?
$dbname : null,
196 isset($username) ?
$username : null,
197 isset($hostname) ?
$hostname : null,
198 isset($password) ?
$password : null,
199 $cfgRelation['menuswork']
201 //update the old variables
202 if (isset($ret_queries)) {
203 $queries = $ret_queries;
206 if (isset($ret_message)) {
207 $message = $ret_message;
212 * Changes / copies a user, part III
214 if (isset($_POST['change_copy'])) {
215 $queries = $serverPrivileges->getDbSpecificPrivsQueriesForChangeOrCopyUser(
223 if (! empty($routinename)) {
224 $itemType = $serverPrivileges->getRoutineType($dbname, $routinename);
230 if (! empty($_POST['update_privs'])) {
231 if (is_array($dbname)) {
232 foreach ($dbname as $key => $db_name) {
233 list($sql_query[$key], $message) = $serverPrivileges->updatePrivileges(
234 (isset($username) ?
$username : ''),
235 (isset($hostname) ?
$hostname : ''),
238 : (isset($routinename) ?
$routinename : '')),
239 (isset($db_name) ?
$db_name : ''),
244 $sql_query = implode("\n", $sql_query);
246 list($sql_query, $message) = $serverPrivileges->updatePrivileges(
247 (isset($username) ?
$username : ''),
248 (isset($hostname) ?
$hostname : ''),
251 : (isset($routinename) ?
$routinename : '')),
252 (isset($dbname) ?
$dbname : ''),
259 * Assign users to user groups
261 if (! empty($_POST['changeUserGroup']) && $cfgRelation['menuswork']
262 && $GLOBALS['dbi']->isSuperuser() && $GLOBALS['is_createuser']
264 $serverPrivileges->setUserGroup($username, $_POST['userGroup']);
265 $message = Message
::success();
271 if (isset($_POST['revokeall'])) {
272 list ($message, $sql_query) = $serverPrivileges->getMessageAndSqlQueryForPrivilegesRevoke(
273 (isset($dbname) ?
$dbname : ''),
276 : (isset($routinename) ?
$routinename : '')),
284 * Updates the password
286 if (isset($_POST['change_pw'])) {
287 $message = $serverPrivileges->updatePassword(
296 * (Changes / copies a user, part IV)
298 if (isset($_POST['delete'])
299 ||
(isset($_POST['change_copy']) && $_POST['mode'] < 4)
301 $queries = $serverPrivileges->getDataForDeleteUsers($queries);
302 if (empty($_POST['change_copy'])) {
303 list($sql_query, $message) = $serverPrivileges->deleteUser($queries);
308 * Changes / copies a user, part V
310 if (isset($_POST['change_copy'])) {
311 $queries = $serverPrivileges->getDataForQueries($queries, $queries_for_display);
312 $message = Message
::success();
313 $sql_query = join("\n", $queries);
317 * Reloads the privilege tables into memory
319 $message_ret = $serverPrivileges->updateMessageForReload();
320 if (! is_null($message_ret)) {
321 $message = $message_ret;
326 * If we are in an Ajax request for Create User/Edit User/Revoke User/
327 * Flush Privileges, show $message and exit.
329 if ($response->isAjax()
330 && empty($_REQUEST['ajax_page_request'])
331 && ! isset($_GET['export'])
332 && (! isset($_POST['submit_mult']) ||
$_POST['submit_mult'] != 'export')
333 && ((! isset($_GET['initial']) ||
$_GET['initial'] === null
334 ||
$_GET['initial'] === '')
335 ||
(isset($_POST['delete']) && $_POST['delete'] === __('Go')))
336 && ! isset($_GET['showall'])
337 && ! isset($_GET['edit_user_group_dialog'])
339 $extra_data = $serverPrivileges->getExtraDataForAjaxBehavior(
340 (isset($password) ?
$password : ''),
341 (isset($sql_query) ?
$sql_query : ''),
342 (isset($hostname) ?
$hostname : ''),
343 (isset($username) ?
$username : '')
346 if (! empty($message) && $message instanceof Message
) {
347 $response->setRequestStatus($message->isSuccess());
348 $response->addJSON('message', $message);
349 $response->addJSON($extra_data);
357 if (isset($_GET['viewing_mode']) && $_GET['viewing_mode'] == 'db') {
358 $GLOBALS['db'] = $_REQUEST['db'] = $_GET['checkprivsdb'];
360 $url_query .= '&goto=db_operations.php';
362 // Gets the database structure
363 $sub_part = '_structure';
372 $db_is_system_schema,
376 ) = PhpMyAdmin\Util
::getDbInfo($db, is_null($sub_part) ?
'' : $sub_part);
378 $content = ob_get_contents();
380 $response->addHTML($content . "\n");
382 if (! empty($GLOBALS['message'])) {
383 $response->addHTML(PhpMyAdmin\Util
::getMessage($GLOBALS['message']));
384 unset($GLOBALS['message']);
392 $serverPrivileges->getHtmlForUserGroupDialog(
393 isset($username) ?
$username : null,
394 $cfgRelation['menuswork']
398 // export user definition
399 if (isset($_GET['export'])
400 ||
(isset($_POST['submit_mult']) && $_POST['submit_mult'] == 'export')
402 list($title, $export) = $serverPrivileges->getListForExportUserDefinition(
403 isset($username) ?
$username : null,
404 isset($hostname) ?
$hostname : null
407 unset($username, $hostname, $grants, $one_grant);
409 if ($response->isAjax()) {
410 $response->addJSON('message', $export);
411 $response->addJSON('title', $title);
414 $response->addHTML("<h2>$title</h2>$export");
418 if (isset($_GET['adduser'])) {
421 $serverPrivileges->getHtmlForAddUser((isset($dbname) ?
$dbname : ''))
423 } elseif (isset($_GET['checkprivsdb'])) {
424 if (isset($_GET['checkprivstable'])) {
425 // check the privileges for a particular table.
427 $serverPrivileges->getHtmlForSpecificTablePrivileges(
428 $_GET['checkprivsdb'],
429 $_GET['checkprivstable']
433 // check the privileges for a particular database.
435 $serverPrivileges->getHtmlForSpecificDbPrivileges($_GET['checkprivsdb'])
439 if (isset($dbname) && ! is_array($dbname)) {
440 $url_dbname = urlencode(
455 if (! isset($username)) {
456 // No username is given --> display the overview
458 $serverPrivileges->getHtmlForUserOverview($pmaThemeImage, $text_dir)
460 } elseif (! empty($routinename)) {
462 $serverPrivileges->getHtmlForRoutineSpecificPrivileges(
467 (isset($url_dbname) ?
$url_dbname : '')
471 // A user was selected -> display the user's properties
472 // In an Ajax request, prevent cached values from showing
473 if ($response->isAjax()) {
474 header('Cache-Control: no-cache');
478 $serverPrivileges->getHtmlForUserProperties(
479 (isset($dbname_is_wildcard) ?
$dbname_is_wildcard : ''),
480 (isset($url_dbname) ?
$url_dbname : ''),
483 (isset($dbname) ?
$dbname : ''),
484 (isset($tablename) ?
$tablename : '')
490 if ((isset($_GET['viewing_mode']) && $_GET['viewing_mode'] == 'server')
491 && $GLOBALS['cfgRelation']['menuswork']
493 $response->addHTML('</div>');