server_privileges.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * Server privileges and users manipulations
   5  *
   6  * @package PhpMyAdmin
   7  */
   8
   9 /**
  10  * include common file
  11  */
  12 require_once 'libraries/common.inc.php';
  13
  14 /**
  15  * functions implementation for this script
  16  */
  17 require_once 'libraries/display_change_password.lib.php';
  18 require_once 'libraries/server_privileges.lib.php';
  19
  20 $cfgRelation = PMA_getRelationsParam();
  21
  22 /**
  23  * Does the common work
  24  */
  25 $response = PMA\libraries\Response::getInstance();
  26 $header   = $response->getHeader();
  27 $scripts  = $header->getScripts();
  28 $scripts->addFile('server_privileges.js');
  29
  30 if ((isset($_REQUEST['viewing_mode'])
  31     && $_REQUEST['viewing_mode'] == 'server')
  32     && $GLOBALS['cfgRelation']['menuswork']
  33 ) {
  34     include_once 'libraries/server_users.lib.php';
  35     $response->addHTML('<div>');
  36     $response->addHTML(PMA_getHtmlForSubMenusOnUsersPage('server_privileges.php'));
  37 }
  38
  39 /**
  40  * Sets globals from $_POST patterns, for privileges and max_* vars
  41  */
  42
  43 $post_patterns = array(
  44     '/_priv$/i',
  45     '/^max_/i'
  46 );
  47
  48 PMA_setPostAsGlobal($post_patterns);
  49
  50 require 'libraries/server_common.inc.php';
  51
  52 /**
  53  * Messages are built using the message name
  54  */
  55 $strPrivDescAllPrivileges = __('Includes all privileges except GRANT.');
  56 $strPrivDescAlter = __('Allows altering the structure of existing tables.');
  57 $strPrivDescAlterRoutine = __('Allows altering and dropping stored routines.');
  58 $strPrivDescCreateDb = __('Allows creating new databases and tables.');
  59 $strPrivDescCreateRoutine = __('Allows creating stored routines.');
  60 $strPrivDescCreateTbl = __('Allows creating new tables.');
  61 $strPrivDescCreateTmpTable = __('Allows creating temporary tables.');
  62 $strPrivDescCreateUser = __('Allows creating, dropping and renaming user accounts.');
  63 $strPrivDescCreateView = __('Allows creating new views.');
  64 $strPrivDescDelete = __('Allows deleting data.');
  65 $strPrivDescDropDb = __('Allows dropping databases and tables.');
  66 $strPrivDescDropTbl = __('Allows dropping tables.');
  67 $strPrivDescEvent = __('Allows to set up events for the event scheduler.');
  68 $strPrivDescExecute = __('Allows executing stored routines.');
  69 $strPrivDescFile = __('Allows importing data from and exporting data into files.');
  70 $strPrivDescGrant = __(
  71     'Allows adding users and privileges without reloading the privilege tables.'
  72 );
  73 $strPrivDescIndex = __('Allows creating and dropping indexes.');
  74 $strPrivDescInsert = __('Allows inserting and replacing data.');
  75 $strPrivDescLockTables = __('Allows locking tables for the current thread.');
  76 $strPrivDescMaxConnections = __(
  77     'Limits the number of new connections the user may open per hour.'
  78 );
  79 $strPrivDescMaxQuestions = __(
  80     'Limits the number of queries the user may send to the server per hour.'
  81 );
  82 $strPrivDescMaxUpdates = __(
  83     'Limits the number of commands that change any table or database '
  84     . 'the user may execute per hour.'
  85 );
  86 $strPrivDescMaxUserConnections = __(
  87     'Limits the number of simultaneous connections the user may have.'
  88 );
  89 $strPrivDescProcess = __('Allows viewing processes of all users.');
  90 $strPrivDescReferences = __('Has no effect in this MySQL version.');
  91 $strPrivDescReload = __(
  92     'Allows reloading server settings and flushing the server\'s caches.'
  93 );
  94 $strPrivDescReplClient = __(
  95     'Allows the user to ask where the slaves / masters are.'
  96 );
  97 $strPrivDescReplSlave = __('Needed for the replication slaves.');
  98 $strPrivDescSelect = __('Allows reading data.');
  99 $strPrivDescShowDb = __('Gives access to the complete list of databases.');
 100 $strPrivDescShowView = __('Allows performing SHOW CREATE VIEW queries.');
 101 $strPrivDescShutdown = __('Allows shutting down the server.');
 102 $strPrivDescSuper = __(
 103     'Allows connecting, even if maximum number of connections is reached; '
 104     . 'required for most administrative operations like setting global variables '
 105     . 'or killing threads of other users.'
 106 );
 107 $strPrivDescTrigger = __('Allows creating and dropping triggers.');
 108 $strPrivDescUpdate = __('Allows changing data.');
 109 $strPrivDescUsage = __('No privileges.');
 110
 111 $_add_user_error = false;
 112 /**
 113  * Get DB information: username, hostname, dbname,
 114  * tablename, db_and_table, dbname_is_wildcard
 115  */
 116 list(
 117     $username, $hostname, $dbname, $tablename, $routinename,
 118     $db_and_table, $dbname_is_wildcard
 119 ) = PMA_getDataForDBInfo();
 120
 121 /**
 122  * Checks if the user is allowed to do what he tries to...
 123  */
 124 if (!$GLOBALS['is_superuser'] && !$GLOBALS['is_grantuser']
 125     && !$GLOBALS['is_createuser']
 126 ) {
 127     $response->addHTML(PMA_getHtmlForSubPageHeader('privileges', '', false));
 128     $response->addHTML(PMA\libraries\Message::error(__('No Privileges'))->getDisplay());
 129     exit;
 130 }
 131
 132 /**
 133  * Checks if the user is using "Change Login Information / Copy User" dialog
 134  * only to update the password
 135  */
 136 if (isset($_REQUEST['change_copy']) && $username == $_REQUEST['old_username']
 137     && $hostname == $_REQUEST['old_hostname']
 138 ) {
 139     $response->addHTML(
 140         PMA\libraries\Message::error(__('Username and hostname didn\'t change.'))->getDisplay()
 141     );
 142     $response->setRequestStatus(false);
 143     exit;
 144 }
 145
 146 /**
 147  * Changes / copies a user, part I
 148  */
 149 list($queries, $password) = PMA_getDataForChangeOrCopyUser();
 150
 151 /**
 152  * Adds a user
 153  *   (Changes / copies a user, part II)
 154  */
 155 list($ret_message, $ret_queries, $queries_for_display, $sql_query, $_add_user_error)
 156     = PMA_addUser(
 157         isset($dbname)? $dbname : null,
 158         isset($username)? $username : null,
 159         isset($hostname)? $hostname : null,
 160         isset($password)? $password : null,
 161         $cfgRelation['menuswork']
 162     );
 163 //update the old variables
 164 if (isset($ret_queries)) {
 165     $queries = $ret_queries;
 166     unset($ret_queries);
 167 }
 168 if (isset($ret_message)) {
 169     $message = $ret_message;
 170     unset($ret_message);
 171 }
 172
 173 /**
 174  * Changes / copies a user, part III
 175  */
 176 if (isset($_REQUEST['change_copy'])) {
 177     $queries = PMA_getDbSpecificPrivsQueriesForChangeOrCopyUser(
 178         $queries, $username, $hostname
 179     );
 180 }
 181
 182 $itemType = '';
 183 if (! empty($routinename)) {
 184     $itemType = PMA_getRoutineType($dbname, $routinename);
 185 }
 186
 187 /**
 188  * Updates privileges
 189  */
 190 if (! empty($_POST['update_privs'])) {
 191     if (is_array($dbname)) {
 192         foreach ($dbname as $key => $db_name) {
 193             list($sql_query[$key], $message) = PMA_updatePrivileges(
 194                 (isset($username) ? $username : ''),
 195                 (isset($hostname) ? $hostname : ''),
 196                 (isset($tablename)
 197                     ? $tablename
 198                     : (isset($routinename) ? $routinename : '')),
 199                 (isset($db_name) ? $db_name : ''),
 200                 $itemType
 201             );
 202         }
 203
 204         $sql_query = implode("\n", $sql_query);
 205     } else {
 206         list($sql_query, $message) = PMA_updatePrivileges(
 207             (isset($username) ? $username : ''),
 208             (isset($hostname) ? $hostname : ''),
 209             (isset($tablename)
 210                 ? $tablename
 211                 : (isset($routinename) ? $routinename : '')),
 212             (isset($dbname) ? $dbname : ''),
 213             $itemType
 214         );
 215     }
 216 }
 217
 218 /**
 219  * Assign users to user groups
 220  */
 221 if (! empty($_REQUEST['changeUserGroup']) && $cfgRelation['menuswork']
 222     && $GLOBALS['is_superuser'] && $GLOBALS['is_createuser']
 223 ) {
 224     PMA_setUserGroup($username, $_REQUEST['userGroup']);
 225     $message = PMA\libraries\Message::success();
 226 }
 227
 228 /**
 229  * Revokes Privileges
 230  */
 231 if (isset($_REQUEST['revokeall'])) {
 232     list ($message, $sql_query) = PMA_getMessageAndSqlQueryForPrivilegesRevoke(
 233         (isset($dbname) ? $dbname : ''),
 234         (isset($tablename)
 235             ? $tablename
 236             : (isset($routinename) ? $routinename : '')),
 237         $username,
 238         $hostname,
 239         $itemType
 240     );
 241 }
 242
 243 /**
 244  * Updates the password
 245  */
 246 if (isset($_REQUEST['change_pw'])) {
 247     $message = PMA_updatePassword(
 248         $err_url, $username, $hostname
 249     );
 250 }
 251
 252 /**
 253  * Deletes users
 254  *   (Changes / copies a user, part IV)
 255  */
 256 if (isset($_REQUEST['delete'])
 257     || (isset($_REQUEST['change_copy']) && $_REQUEST['mode'] < 4)
 258 ) {
 259     include_once 'libraries/relation_cleanup.lib.php';
 260     $queries = PMA_getDataForDeleteUsers($queries);
 261     if (empty($_REQUEST['change_copy'])) {
 262         list($sql_query, $message) = PMA_deleteUser($queries);
 263     }
 264 }
 265
 266 /**
 267  * Changes / copies a user, part V
 268  */
 269 if (isset($_REQUEST['change_copy'])) {
 270     $queries = PMA_getDataForQueries($queries, $queries_for_display);
 271     $message = PMA\libraries\Message::success();
 272     $sql_query = join("\n", $queries);
 273 }
 274
 275 /**
 276  * Reloads the privilege tables into memory
 277  */
 278 $message_ret = PMA_updateMessageForReload();
 279 if (isset($message_ret)) {
 280     $message = $message_ret;
 281     unset($message_ret);
 282 }
 283
 284 /**
 285  * If we are in an Ajax request for Create User/Edit User/Revoke User/
 286  * Flush Privileges, show $message and exit.
 287  */
 288 if ($GLOBALS['is_ajax_request']
 289     && empty($_REQUEST['ajax_page_request'])
 290     && ! isset($_REQUEST['export'])
 291     && (! isset($_REQUEST['submit_mult']) || $_REQUEST['submit_mult'] != 'export')
 292     && ((! isset($_REQUEST['initial']) || $_REQUEST['initial'] === null
 293     || $_REQUEST['initial'] === '')
 294     || (isset($_REQUEST['delete']) && $_REQUEST['delete'] === 'Go'))
 295     && ! isset($_REQUEST['showall'])
 296     && ! isset($_REQUEST['edit_user_group_dialog'])
 297     && ! isset($_REQUEST['db_specific'])
 298 ) {
 299     $extra_data = PMA_getExtraDataForAjaxBehavior(
 300         (isset($password) ? $password : ''),
 301         (isset($sql_query) ? $sql_query : ''),
 302         (isset($hostname) ? $hostname : ''),
 303         (isset($username) ? $username : '')
 304     );
 305
 306     if (! empty($message) && $message instanceof PMA\libraries\Message) {
 307         $response = PMA\libraries\Response::getInstance();
 308         $response->setRequestStatus($message->isSuccess());
 309         $response->addJSON('message', $message);
 310         $response->addJSON($extra_data);
 311         exit;
 312     }
 313 }
 314
 315 /**
 316  * Displays the links
 317  */
 318 if (isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'db') {
 319     $GLOBALS['db'] = $_REQUEST['db'] = $_REQUEST['checkprivsdb'];
 320
 321     $url_query .= '&amp;goto=db_operations.php';
 322
 323     // Gets the database structure
 324     $sub_part = '_structure';
 325     ob_start();
 326
 327     list(
 328         $tables,
 329         $num_tables,
 330         $total_num_tables,
 331         $sub_part,
 332         $is_show_stats,
 333         $db_is_system_schema,
 334         $tooltip_truename,
 335         $tooltip_aliasname,
 336         $pos
 337     ) = PMA\libraries\Util::getDbInfo($db, isset($sub_part) ? $sub_part : '');
 338
 339     $content = ob_get_contents();
 340     ob_end_clean();
 341     $response->addHTML($content . "\n");
 342 } else {
 343     if (! empty($GLOBALS['message'])) {
 344         $response->addHTML(PMA\libraries\Util::getMessage($GLOBALS['message']));
 345         unset($GLOBALS['message']);
 346     }
 347 }
 348
 349 /**
 350  * Displays the page
 351  */
 352 $response->addHTML(
 353     PMA_getHtmlForUserGroupDialog(
 354         isset($username)? $username : null,
 355         $cfgRelation['menuswork']
 356     )
 357 );
 358
 359 // export user definition
 360 if (isset($_REQUEST['export'])
 361     || (isset($_REQUEST['submit_mult']) && $_REQUEST['submit_mult'] == 'export')
 362 ) {
 363     list($title, $export) = PMA_getListForExportUserDefinition(
 364         isset($username) ? $username : null,
 365         isset($hostname) ? $hostname : null
 366     );
 367
 368     unset($username, $hostname, $grants, $one_grant);
 369
 370     $response = PMA\libraries\Response::getInstance();
 371     if ($GLOBALS['is_ajax_request']) {
 372         $response->addJSON('message', $export);
 373         $response->addJSON('title', $title);
 374         exit;
 375     } else {
 376         $response->addHTML("<h2>$title</h2>$export");
 377     }
 378 }
 379
 380 if (isset($_REQUEST['adduser'])) {
 381     // Add user
 382     $response->addHTML(
 383         PMA_getHtmlForAddUser((isset($dbname) ? $dbname : ''))
 384     );
 385 } elseif (isset($_REQUEST['checkprivsdb'])) {
 386     if (isset($_REQUEST['checkprivstable'])) {
 387         // check the privileges for a particular table.
 388         $response->addHTML(
 389             PMA_getHtmlForSpecificTablePrivileges(
 390                 $_REQUEST['checkprivsdb'], $_REQUEST['checkprivstable']
 391             )
 392         );
 393     } else {
 394         // check the privileges for a particular database.
 395         $response->addHTML(
 396             PMA_getHtmlForSpecificDbPrivileges($_REQUEST['checkprivsdb'])
 397         );
 398     }
 399 } else {
 400     if (isset($dbname) && ! is_array($dbname)) {
 401         $url_dbname = urlencode(
 402             str_replace(
 403                 array('\_', '\%'),
 404                 array('_', '%'),
 405                 $_REQUEST['dbname']
 406             )
 407         );
 408     }
 409
 410     if (! isset($username)) {
 411         // No username is given --> display the overview
 412         $response->addHTML(
 413             PMA_getHtmlForUserOverview($pmaThemeImage, $text_dir)
 414         );
 415     } else if (!empty($routinename)) {
 416         $response->addHTML(
 417             PMA_getHtmlForRoutineSpecificPrivilges(
 418                 $username, $hostname, $dbname, $routinename,
 419                 (isset($url_dbname) ? $url_dbname : '')
 420             )
 421         );
 422     } else {
 423         // A user was selected -> display the user's properties
 424         // In an Ajax request, prevent cached values from showing
 425         if ($GLOBALS['is_ajax_request'] == true) {
 426             header('Cache-Control: no-cache');
 427         }
 428
 429         $response->addHTML(
 430             PMA_getHtmlForUserProperties(
 431                 (isset($dbname_is_wildcard) ? $dbname_is_wildcard : ''),
 432                 (isset($url_dbname) ? $url_dbname : ''),
 433                 $username, $hostname,
 434                 (isset($dbname) ? $dbname : ''),
 435                 (isset($tablename) ? $tablename : '')
 436             )
 437         );
 438     }
 439 }
 440
 441 if ((isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'server')
 442     && $GLOBALS['cfgRelation']['menuswork']
 443 ) {
 444     $response->addHTML('</div>');
 445 }