server_privileges.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * Server privileges and users manipulations
   5  *
   6  * @package PhpMyAdmin
   7  */
   8
   9 /**
  10  * include common file
  11  */
  12 require_once 'libraries/common.inc.php';
  13
  14 /**
  15  * functions implementation for this script
  16  */
  17 require_once 'libraries/display_change_password.lib.php';
  18 require_once 'libraries/server_privileges.lib.php';
  19
  20 $cfgRelation = PMA_getRelationsParam();
  21
  22 /**
  23  * Does the common work
  24  */
  25 $response = PMA_Response::getInstance();
  26 $header   = $response->getHeader();
  27 $scripts  = $header->getScripts();
  28 $scripts->addFile('server_privileges.js');
  29
  30 if ((isset($_REQUEST['viewing_mode'])
  31     && $_REQUEST['viewing_mode'] == 'server')
  32     && $GLOBALS['cfgRelation']['menuswork']
  33 ) {
  34     include_once 'libraries/server_users.lib.php';
  35     $response->addHTML('<div>');
  36     $response->addHTML(PMA_getHtmlForSubMenusOnUsersPage('server_privileges.php'));
  37 }
  38
  39 /**
  40  * Sets globals from $_POST patterns, for privileges and max_* vars
  41  */
  42
  43 $post_patterns = array(
  44     '/_priv$/i',
  45     '/^max_/i'
  46 );
  47
  48 PMA_setPostAsGlobal($post_patterns);
  49
  50 require 'libraries/server_common.inc.php';
  51
  52 /**
  53  * Messages are built using the message name
  54  */
  55 $strPrivDescAllPrivileges = __('Includes all privileges except GRANT.');
  56 $strPrivDescAlter = __('Allows altering the structure of existing tables.');
  57 $strPrivDescAlterRoutine = __('Allows altering and dropping stored routines.');
  58 $strPrivDescCreateDb = __('Allows creating new databases and tables.');
  59 $strPrivDescCreateRoutine = __('Allows creating stored routines.');
  60 $strPrivDescCreateTbl = __('Allows creating new tables.');
  61 $strPrivDescCreateTmpTable = __('Allows creating temporary tables.');
  62 $strPrivDescCreateUser = __('Allows creating, dropping and renaming user accounts.');
  63 $strPrivDescCreateView = __('Allows creating new views.');
  64 $strPrivDescDelete = __('Allows deleting data.');
  65 $strPrivDescDropDb = __('Allows dropping databases and tables.');
  66 $strPrivDescDropTbl = __('Allows dropping tables.');
  67 $strPrivDescEvent = __('Allows to set up events for the event scheduler.');
  68 $strPrivDescExecute = __('Allows executing stored routines.');
  69 $strPrivDescFile = __('Allows importing data from and exporting data into files.');
  70 $strPrivDescGrant = __(
  71     'Allows adding users and privileges without reloading the privilege tables.'
  72 );
  73 $strPrivDescIndex = __('Allows creating and dropping indexes.');
  74 $strPrivDescInsert = __('Allows inserting and replacing data.');
  75 $strPrivDescLockTables = __('Allows locking tables for the current thread.');
  76 $strPrivDescMaxConnections = __(
  77     'Limits the number of new connections the user may open per hour.'
  78 );
  79 $strPrivDescMaxQuestions = __(
  80     'Limits the number of queries the user may send to the server per hour.'
  81 );
  82 $strPrivDescMaxUpdates = __(
  83     'Limits the number of commands that change any table or database '
  84     . 'the user may execute per hour.'
  85 );
  86 $strPrivDescMaxUserConnections = __(
  87     'Limits the number of simultaneous connections the user may have.'
  88 );
  89 $strPrivDescProcess = __('Allows viewing processes of all users.');
  90 $strPrivDescReferences = __('Has no effect in this MySQL version.');
  91 $strPrivDescReload = __(
  92     'Allows reloading server settings and flushing the server\'s caches.'
  93 );
  94 $strPrivDescReplClient = __(
  95     'Allows the user to ask where the slaves / masters are.'
  96 );
  97 $strPrivDescReplSlave = __('Needed for the replication slaves.');
  98 $strPrivDescSelect = __('Allows reading data.');
  99 $strPrivDescShowDb = __('Gives access to the complete list of databases.');
 100 $strPrivDescShowView = __('Allows performing SHOW CREATE VIEW queries.');
 101 $strPrivDescShutdown = __('Allows shutting down the server.');
 102 $strPrivDescSuper = __(
 103     'Allows connecting, even if maximum number of connections is reached; '
 104     . 'required for most administrative operations like setting global variables '
 105     . 'or killing threads of other users.'
 106 );
 107 $strPrivDescTrigger = __('Allows creating and dropping triggers.');
 108 $strPrivDescUpdate = __('Allows changing data.');
 109 $strPrivDescUsage = __('No privileges.');
 110
 111 $_add_user_error = false;
 112 /**
 113  * Get DB information: username, hostname, dbname,
 114  * tablename, db_and_table, dbname_is_wildcard
 115  */
 116 list(
 117     $username, $hostname, $dbname, $tablename,
 118     $db_and_table, $dbname_is_wildcard
 119 ) = PMA_getDataForDBInfo();
 120
 121 /**
 122  * Checks if the user is allowed to do what he tries to...
 123  */
 124 if (!$GLOBALS['is_superuser'] && !$GLOBALS['is_grantuser']
 125     && !$GLOBALS['is_createuser']
 126 ) {
 127     $response->addHTML(PMA_getHtmlForSubPageHeader('privileges', '', false));
 128     $response->addHTML(PMA_Message::error(__('No Privileges'))->getDisplay());
 129     exit;
 130 }
 131
 132 /**
 133  * Checks if the user is using "Change Login Information / Copy User" dialog
 134  * only to update the password
 135  */
 136 if (isset($_REQUEST['change_copy']) && $username == $_REQUEST['old_username']
 137     && $hostname == $_REQUEST['old_hostname']
 138 ) {
 139     $response->addHTML(
 140         PMA_Message::error(__('Username and hostname didn\'t change.'))->getDisplay()
 141     );
 142     $response->isSuccess(false);
 143     exit;
 144 }
 145
 146 /**
 147  * Changes / copies a user, part I
 148  */
 149 list($queries, $password) = PMA_getDataForChangeOrCopyUser();
 150
 151 /**
 152  * Adds a user
 153  *   (Changes / copies a user, part II)
 154  */
 155 list($ret_message, $ret_queries, $queries_for_display, $sql_query, $_add_user_error)
 156     = PMA_addUser(
 157         isset($dbname)? $dbname : null,
 158         isset($username)? $username : null,
 159         isset($hostname)? $hostname : null,
 160         isset($password)? $password : null,
 161         $cfgRelation['menuswork']
 162     );
 163 //update the old variables
 164 if (isset($ret_queries)) {
 165     $queries = $ret_queries;
 166     unset($ret_queries);
 167 }
 168 if (isset($ret_message)) {
 169     $message = $ret_message;
 170     unset($ret_message);
 171 }
 172
 173 /**
 174  * Changes / copies a user, part III
 175  */
 176 if (isset($_REQUEST['change_copy'])) {
 177     $queries = PMA_getDbSpecificPrivsQueriesForChangeOrCopyUser(
 178         $queries, $username, $hostname
 179     );
 180 }
 181
 182 /**
 183  * Updates privileges
 184  */
 185 if (! empty($_POST['update_privs'])) {
 186     if (is_array($dbname)) {
 187         foreach ($dbname as $key => $db_name) {
 188             list($sql_query[$key], $message) = PMA_updatePrivileges(
 189                 (isset($username) ? $username : ''),
 190                 (isset($hostname) ? $hostname : ''),
 191                 (isset($tablename) ? $tablename : ''),
 192                 (isset($db_name) ? $db_name : '')
 193             );
 194         }
 195
 196         $sql_query = implode("\n", $sql_query);
 197     } else {
 198         list($sql_query, $message) = PMA_updatePrivileges(
 199             (isset($username) ? $username : ''),
 200             (isset($hostname) ? $hostname : ''),
 201             (isset($tablename) ? $tablename : ''),
 202             (isset($dbname) ? $dbname : '')
 203         );
 204     }
 205 }
 206
 207 /**
 208  * Assign users to user groups
 209  */
 210 if (! empty($_REQUEST['changeUserGroup']) && $cfgRelation['menuswork']
 211     && $GLOBALS['is_superuser'] && $GLOBALS['is_createuser']
 212 ) {
 213     PMA_setUserGroup($username, $_REQUEST['userGroup']);
 214     $message = PMA_Message::success();
 215 }
 216
 217 /**
 218  * Revokes Privileges
 219  */
 220 if (isset($_REQUEST['revokeall'])) {
 221     list ($message, $sql_query) = PMA_getMessageAndSqlQueryForPrivilegesRevoke(
 222         (isset($dbname) ? $dbname : ''),
 223         (isset($tablename) ? $tablename : ''),
 224         $username, $hostname
 225     );
 226 }
 227
 228 /**
 229  * Updates the password
 230  */
 231 if (isset($_REQUEST['change_pw'])) {
 232     $message = PMA_updatePassword(
 233         $err_url, $username, $hostname
 234     );
 235 }
 236
 237 /**
 238  * Deletes users
 239  *   (Changes / copies a user, part IV)
 240  */
 241 if (isset($_REQUEST['delete'])
 242     || (isset($_REQUEST['change_copy']) && $_REQUEST['mode'] < 4)
 243 ) {
 244     include_once 'libraries/relation_cleanup.lib.php';
 245     $queries = PMA_getDataForDeleteUsers($queries);
 246     if (empty($_REQUEST['change_copy'])) {
 247         list($sql_query, $message) = PMA_deleteUser($queries);
 248     }
 249 }
 250
 251 /**
 252  * Changes / copies a user, part V
 253  */
 254 if (isset($_REQUEST['change_copy'])) {
 255     $queries = PMA_getDataForQueries($queries, $queries_for_display);
 256     $message = PMA_Message::success();
 257     $sql_query = join("\n", $queries);
 258 }
 259
 260 /**
 261  * Reloads the privilege tables into memory
 262  */
 263 $message_ret = PMA_updateMessageForReload();
 264 if (isset($message_ret)) {
 265     $message = $message_ret;
 266     unset($message_ret);
 267 }
 268
 269 /**
 270  * If we are in an Ajax request for Create User/Edit User/Revoke User/
 271  * Flush Privileges, show $message and exit.
 272  */
 273 if ($GLOBALS['is_ajax_request']
 274     && empty($_REQUEST['ajax_page_request'])
 275     && ! isset($_REQUEST['export'])
 276     && (! isset($_REQUEST['submit_mult']) || $_REQUEST['submit_mult'] != 'export')
 277     && ((! isset($_REQUEST['initial']) || $_REQUEST['initial'] === null
 278     || $_REQUEST['initial'] === '')
 279     || (isset($_REQUEST['delete']) && $_REQUEST['delete'] === 'Go'))
 280     && ! isset($_REQUEST['showall'])
 281     && ! isset($_REQUEST['edit_user_group_dialog'])
 282     && ! isset($_REQUEST['db_specific'])
 283 ) {
 284     $extra_data = PMA_getExtraDataForAjaxBehavior(
 285         (isset($password) ? $password : ''),
 286         (isset($sql_query) ? $sql_query : ''),
 287         (isset($hostname) ? $hostname : ''),
 288         (isset($username) ? $username : '')
 289     );
 290
 291     if (! empty($message) && $message instanceof PMA_Message) {
 292         $response = PMA_Response::getInstance();
 293         $response->isSuccess($message->isSuccess());
 294         $response->addJSON('message', $message);
 295         $response->addJSON($extra_data);
 296         exit;
 297     }
 298 }
 299
 300 /**
 301  * Displays the links
 302  */
 303 if (isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'db') {
 304     $GLOBALS['db'] = $_REQUEST['db'] = $_REQUEST['checkprivsdb'];
 305
 306     $url_query .= '&amp;goto=db_operations.php';
 307
 308     // Gets the database structure
 309     $sub_part = '_structure';
 310     ob_start();
 311     include 'libraries/db_info.inc.php';
 312     $content = ob_get_contents();
 313     ob_end_clean();
 314     $response->addHTML($content . "\n");
 315 } else {
 316     if (! empty($GLOBALS['message'])) {
 317         $response->addHTML(PMA_Util::getMessage($GLOBALS['message']));
 318         unset($GLOBALS['message']);
 319     }
 320 }
 321
 322 /**
 323  * Displays the page
 324  */
 325 $response->addHTML(
 326     PMA_getHtmlForUserGroupDialog(
 327         isset($username)? $username : null,
 328         $cfgRelation['menuswork']
 329     )
 330 );
 331
 332 // export user definition
 333 if (isset($_REQUEST['export'])
 334     || (isset($_REQUEST['submit_mult']) && $_REQUEST['submit_mult'] == 'export')
 335 ) {
 336     list($title, $export) = PMA_getListForExportUserDefinition(
 337         isset($username) ? $username : null,
 338         isset($hostname) ? $hostname : null
 339     );
 340
 341     unset($username, $hostname, $grants, $one_grant);
 342
 343     $response = PMA_Response::getInstance();
 344     if ($GLOBALS['is_ajax_request']) {
 345         $response->addJSON('message', $export);
 346         $response->addJSON('title', $title);
 347         exit;
 348     } else {
 349         $response->addHTML("<h2>$title</h2>$export");
 350     }
 351 }
 352
 353 if (isset($_REQUEST['adduser'])) {
 354     // Add user
 355     $response->addHTML(
 356         PMA_getHtmlForAddUser((isset($dbname) ? $dbname : ''))
 357     );
 358 } elseif (isset($_REQUEST['checkprivsdb'])) {
 359     if (isset($_REQUEST['checkprivstable'])) {
 360         // check the privileges for a particular table.
 361         $response->addHTML(
 362             PMA_getHtmlForSpecificTablePrivileges(
 363                 $_REQUEST['checkprivsdb'], $_REQUEST['checkprivstable']
 364             )
 365         );
 366     } else {
 367         // check the privileges for a particular database.
 368         $response->addHTML(
 369             PMA_getHtmlForSpecificDbPrivileges($_REQUEST['checkprivsdb'])
 370         );
 371     }
 372 } else {
 373     if (! isset($username)) {
 374         // No username is given --> display the overview
 375         $response->addHTML(
 376             PMA_getHtmlForUserOverview($pmaThemeImage, $text_dir)
 377         );
 378     } else {
 379         // A user was selected -> display the user's properties
 380         // In an Ajax request, prevent cached values from showing
 381         if ($GLOBALS['is_ajax_request'] == true) {
 382             header('Cache-Control: no-cache');
 383         }
 384         if (isset($dbname) && ! is_array($dbname)) {
 385             $url_dbname = urlencode(
 386                 str_replace(
 387                     array('\_', '\%'),
 388                     array('_', '%'), $_REQUEST['dbname']
 389                 )
 390             );
 391         }
 392         $response->addHTML(
 393             PMA_getHtmlForUserProperties(
 394                 (isset($dbname_is_wildcard) ? $dbname_is_wildcard : ''),
 395                 (isset($url_dbname) ? $url_dbname : ''),
 396                 $username, $hostname,
 397                 (isset($dbname) ? $dbname : ''),
 398                 (isset($tablename) ? $tablename : '')
 399             )
 400         );
 401     }
 402 }
 403
 404 if ((isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'server')
 405     && $GLOBALS['cfgRelation']['menuswork']
 406 ) {
 407     $response->addHTML('</div>');
 408 }