2 /* vim: set expandtab sw=4 ts=4 sts=4: */
4 * Server privileges and users manipulations
8 declare(strict_types
=1);
11 use PhpMyAdmin\Message
;
12 use PhpMyAdmin\Relation
;
13 use PhpMyAdmin\RelationCleanup
;
14 use PhpMyAdmin\Response
;
15 use PhpMyAdmin\Server\Privileges
;
16 use PhpMyAdmin\Server\Users
;
17 use PhpMyAdmin\Template
;
22 require_once 'libraries/common.inc.php';
25 * functions implementation for this script
27 require_once 'libraries/check_user_privileges.inc.php';
29 $relation = new Relation($GLOBALS['dbi']);
30 $cfgRelation = $relation->getRelationsParam();
33 * Does the common work
35 $response = Response
::getInstance();
36 $header = $response->getHeader();
37 $scripts = $header->getScripts();
38 $scripts->addFile('server_privileges.js');
39 $scripts->addFile('vendor/zxcvbn.js');
41 $template = new Template();
42 $relationCleanup = new RelationCleanup($GLOBALS['dbi'], $relation);
43 $serverPrivileges = new Privileges($template, $GLOBALS['dbi'], $relation, $relationCleanup);
45 if ((isset($_REQUEST['viewing_mode'])
46 && $_REQUEST['viewing_mode'] == 'server')
47 && $GLOBALS['cfgRelation']['menuswork']
49 $response->addHTML('<div>');
50 $response->addHTML(Users
::getHtmlForSubMenusOnUsersPage('server_privileges.php'));
54 * Sets globals from $_POST patterns, for privileges and max_* vars
62 Core
::setPostAsGlobal($post_patterns);
64 require 'libraries/server_common.inc.php';
67 * Messages are built using the message name
69 $strPrivDescAllPrivileges = __('Includes all privileges except GRANT.');
70 $strPrivDescAlter = __('Allows altering the structure of existing tables.');
71 $strPrivDescAlterRoutine = __('Allows altering and dropping stored routines.');
72 $strPrivDescCreateDb = __('Allows creating new databases and tables.');
73 $strPrivDescCreateRoutine = __('Allows creating stored routines.');
74 $strPrivDescCreateTbl = __('Allows creating new tables.');
75 $strPrivDescCreateTmpTable = __('Allows creating temporary tables.');
76 $strPrivDescCreateUser = __('Allows creating, dropping and renaming user accounts.');
77 $strPrivDescCreateView = __('Allows creating new views.');
78 $strPrivDescDelete = __('Allows deleting data.');
79 $strPrivDescDropDb = __('Allows dropping databases and tables.');
80 $strPrivDescDropTbl = __('Allows dropping tables.');
81 $strPrivDescEvent = __('Allows to set up events for the event scheduler.');
82 $strPrivDescExecute = __('Allows executing stored routines.');
83 $strPrivDescFile = __('Allows importing data from and exporting data into files.');
84 $strPrivDescGrantTbl = __(
85 'Allows user to give to other users or remove from other users the privileges '
86 . 'that user possess yourself.'
88 $strPrivDescIndex = __('Allows creating and dropping indexes.');
89 $strPrivDescInsert = __('Allows inserting and replacing data.');
90 $strPrivDescLockTables = __('Allows locking tables for the current thread.');
91 $strPrivDescMaxConnections = __(
92 'Limits the number of new connections the user may open per hour.'
94 $strPrivDescMaxQuestions = __(
95 'Limits the number of queries the user may send to the server per hour.'
97 $strPrivDescMaxUpdates = __(
98 'Limits the number of commands that change any table or database '
99 . 'the user may execute per hour.'
101 $strPrivDescMaxUserConnections = __(
102 'Limits the number of simultaneous connections the user may have.'
104 $strPrivDescProcess = __('Allows viewing processes of all users.');
105 $strPrivDescReferences = __('Has no effect in this MySQL version.');
106 $strPrivDescReload = __(
107 'Allows reloading server settings and flushing the server\'s caches.'
109 $strPrivDescReplClient = __(
110 'Allows the user to ask where the slaves / masters are.'
112 $strPrivDescReplSlave = __('Needed for the replication slaves.');
113 $strPrivDescSelect = __('Allows reading data.');
114 $strPrivDescShowDb = __('Gives access to the complete list of databases.');
115 $strPrivDescShowView = __('Allows performing SHOW CREATE VIEW queries.');
116 $strPrivDescShutdown = __('Allows shutting down the server.');
117 $strPrivDescSuper = __(
118 'Allows connecting, even if maximum number of connections is reached; '
119 . 'required for most administrative operations like setting global variables '
120 . 'or killing threads of other users.'
122 $strPrivDescTrigger = __('Allows creating and dropping triggers.');
123 $strPrivDescUpdate = __('Allows changing data.');
124 $strPrivDescUsage = __('No privileges.');
126 $_add_user_error = false;
128 * Get DB information: username, hostname, dbname,
129 * tablename, db_and_table, dbname_is_wildcard
132 $username, $hostname, $dbname, $tablename, $routinename,
133 $db_and_table, $dbname_is_wildcard
134 ) = $serverPrivileges->getDataForDBInfo();
137 * Checks if the user is allowed to do what he tries to...
139 if (!$GLOBALS['dbi']->isSuperuser() && !$GLOBALS['is_grantuser']
140 && !$GLOBALS['is_createuser']
143 $template->render('server/sub_page_header', [
144 'type' => 'privileges',
149 Message
::error(__('No Privileges'))
154 if (! $GLOBALS['is_grantuser'] && !$GLOBALS['is_createuser']) {
155 $response->addHTML(Message
::notice(
156 __('You do not have the privileges to administrate the users!')
161 * Checks if the user is using "Change Login Information / Copy User" dialog
162 * only to update the password
164 if (isset($_REQUEST['change_copy']) && $username == $_REQUEST['old_username']
165 && $hostname == $_REQUEST['old_hostname']
170 "Username and hostname didn't change. "
171 . "If you only want to change the password, "
172 . "'Change password' tab should be used."
176 $response->setRequestStatus(false);
181 * Changes / copies a user, part I
183 list($queries, $password) = $serverPrivileges->getDataForChangeOrCopyUser();
187 * (Changes / copies a user, part II)
189 list($ret_message, $ret_queries, $queries_for_display, $sql_query, $_add_user_error)
190 = $serverPrivileges->addUser(
191 isset($dbname) ?
$dbname : null,
192 isset($username) ?
$username : null,
193 isset($hostname) ?
$hostname : null,
194 isset($password) ?
$password : null,
195 $cfgRelation['menuswork']
197 //update the old variables
198 if (isset($ret_queries)) {
199 $queries = $ret_queries;
202 if (isset($ret_message)) {
203 $message = $ret_message;
208 * Changes / copies a user, part III
210 if (isset($_REQUEST['change_copy'])) {
211 $queries = $serverPrivileges->getDbSpecificPrivsQueriesForChangeOrCopyUser(
219 if (! empty($routinename)) {
220 $itemType = $serverPrivileges->getRoutineType($dbname, $routinename);
226 if (! empty($_POST['update_privs'])) {
227 if (is_array($dbname)) {
228 foreach ($dbname as $key => $db_name) {
229 list($sql_query[$key], $message) = $serverPrivileges->updatePrivileges(
230 (isset($username) ?
$username : ''),
231 (isset($hostname) ?
$hostname : ''),
234 : (isset($routinename) ?
$routinename : '')),
235 (isset($db_name) ?
$db_name : ''),
240 $sql_query = implode("\n", $sql_query);
242 list($sql_query, $message) = $serverPrivileges->updatePrivileges(
243 (isset($username) ?
$username : ''),
244 (isset($hostname) ?
$hostname : ''),
247 : (isset($routinename) ?
$routinename : '')),
248 (isset($dbname) ?
$dbname : ''),
255 * Assign users to user groups
257 if (! empty($_REQUEST['changeUserGroup']) && $cfgRelation['menuswork']
258 && $GLOBALS['dbi']->isSuperuser() && $GLOBALS['is_createuser']
260 $serverPrivileges->setUserGroup($username, $_REQUEST['userGroup']);
261 $message = Message
::success();
267 if (isset($_REQUEST['revokeall'])) {
268 list ($message, $sql_query) = $serverPrivileges->getMessageAndSqlQueryForPrivilegesRevoke(
269 (isset($dbname) ?
$dbname : ''),
272 : (isset($routinename) ?
$routinename : '')),
280 * Updates the password
282 if (isset($_REQUEST['change_pw'])) {
283 $message = $serverPrivileges->updatePassword(
292 * (Changes / copies a user, part IV)
294 if (isset($_REQUEST['delete'])
295 ||
(isset($_REQUEST['change_copy']) && $_REQUEST['mode'] < 4)
297 $queries = $serverPrivileges->getDataForDeleteUsers($queries);
298 if (empty($_REQUEST['change_copy'])) {
299 list($sql_query, $message) = $serverPrivileges->deleteUser($queries);
304 * Changes / copies a user, part V
306 if (isset($_REQUEST['change_copy'])) {
307 $queries = $serverPrivileges->getDataForQueries($queries, $queries_for_display);
308 $message = Message
::success();
309 $sql_query = join("\n", $queries);
313 * Reloads the privilege tables into memory
315 $message_ret = $serverPrivileges->updateMessageForReload();
316 if (! is_null($message_ret)) {
317 $message = $message_ret;
322 * If we are in an Ajax request for Create User/Edit User/Revoke User/
323 * Flush Privileges, show $message and exit.
325 if ($response->isAjax()
326 && empty($_REQUEST['ajax_page_request'])
327 && ! isset($_REQUEST['export'])
328 && (! isset($_REQUEST['submit_mult']) ||
$_REQUEST['submit_mult'] != 'export')
329 && ((! isset($_REQUEST['initial']) ||
$_REQUEST['initial'] === null
330 ||
$_REQUEST['initial'] === '')
331 ||
(isset($_REQUEST['delete']) && $_REQUEST['delete'] === __('Go')))
332 && ! isset($_REQUEST['showall'])
333 && ! isset($_REQUEST['edit_user_group_dialog'])
334 && ! isset($_REQUEST['db_specific'])
336 $extra_data = $serverPrivileges->getExtraDataForAjaxBehavior(
337 (isset($password) ?
$password : ''),
338 (isset($sql_query) ?
$sql_query : ''),
339 (isset($hostname) ?
$hostname : ''),
340 (isset($username) ?
$username : '')
343 if (! empty($message) && $message instanceof Message
) {
344 $response->setRequestStatus($message->isSuccess());
345 $response->addJSON('message', $message);
346 $response->addJSON($extra_data);
354 if (isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'db') {
355 $GLOBALS['db'] = $_REQUEST['db'] = $_REQUEST['checkprivsdb'];
357 $url_query .= '&goto=db_operations.php';
359 // Gets the database structure
360 $sub_part = '_structure';
369 $db_is_system_schema,
373 ) = PhpMyAdmin\Util
::getDbInfo($db, is_null($sub_part) ?
'' : $sub_part);
375 $content = ob_get_contents();
377 $response->addHTML($content . "\n");
379 if (! empty($GLOBALS['message'])) {
380 $response->addHTML(PhpMyAdmin\Util
::getMessage($GLOBALS['message']));
381 unset($GLOBALS['message']);
389 $serverPrivileges->getHtmlForUserGroupDialog(
390 isset($username) ?
$username : null,
391 $cfgRelation['menuswork']
395 // export user definition
396 if (isset($_REQUEST['export'])
397 ||
(isset($_REQUEST['submit_mult']) && $_REQUEST['submit_mult'] == 'export')
399 list($title, $export) = $serverPrivileges->getListForExportUserDefinition(
400 isset($username) ?
$username : null,
401 isset($hostname) ?
$hostname : null
404 unset($username, $hostname, $grants, $one_grant);
406 if ($response->isAjax()) {
407 $response->addJSON('message', $export);
408 $response->addJSON('title', $title);
411 $response->addHTML("<h2>$title</h2>$export");
415 if (isset($_REQUEST['adduser'])) {
418 $serverPrivileges->getHtmlForAddUser((isset($dbname) ?
$dbname : ''))
420 } elseif (isset($_REQUEST['checkprivsdb'])) {
421 if (isset($_REQUEST['checkprivstable'])) {
422 // check the privileges for a particular table.
424 $serverPrivileges->getHtmlForSpecificTablePrivileges(
425 $_REQUEST['checkprivsdb'],
426 $_REQUEST['checkprivstable']
430 // check the privileges for a particular database.
432 $serverPrivileges->getHtmlForSpecificDbPrivileges($_REQUEST['checkprivsdb'])
436 if (isset($dbname) && ! is_array($dbname)) {
437 $url_dbname = urlencode(
446 if (! isset($username)) {
447 // No username is given --> display the overview
449 $serverPrivileges->getHtmlForUserOverview($pmaThemeImage, $text_dir)
451 } elseif (!empty($routinename)) {
453 $serverPrivileges->getHtmlForRoutineSpecificPrivileges(
458 (isset($url_dbname) ?
$url_dbname : '')
462 // A user was selected -> display the user's properties
463 // In an Ajax request, prevent cached values from showing
464 if ($response->isAjax()) {
465 header('Cache-Control: no-cache');
469 $serverPrivileges->getHtmlForUserProperties(
470 (isset($dbname_is_wildcard) ?
$dbname_is_wildcard : ''),
471 (isset($url_dbname) ?
$url_dbname : ''),
474 (isset($dbname) ?
$dbname : ''),
475 (isset($tablename) ?
$tablename : '')
481 if ((isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'server')
482 && $GLOBALS['cfgRelation']['menuswork']
484 $response->addHTML('</div>');