server_privileges.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * Server privileges and users manipulations
   5  *
   6  * @package PhpMyAdmin
   7  */
   8
   9 /**
  10  * include common file
  11  */
  12 require_once 'libraries/common.inc.php';
  13
  14 /**
  15  * functions implementation for this script
  16  */
  17 require_once 'libraries/display_change_password.lib.php';
  18 require_once 'libraries/server_privileges.lib.php';
  19 require_once 'libraries/check_user_privileges.lib.php';
  20
  21 $cfgRelation = PMA_getRelationsParam();
  22
  23 /**
  24  * Does the common work
  25  */
  26 $response = PMA\libraries\Response::getInstance();
  27 $header   = $response->getHeader();
  28 $scripts  = $header->getScripts();
  29 $scripts->addFile('server_privileges.js');
  30 $scripts->addFile('zxcvbn.js');
  31
  32 if ((isset($_REQUEST['viewing_mode'])
  33     && $_REQUEST['viewing_mode'] == 'server')
  34     && $GLOBALS['cfgRelation']['menuswork']
  35 ) {
  36     include_once 'libraries/server_users.lib.php';
  37     $response->addHTML('<div>');
  38     $response->addHTML(PMA_getHtmlForSubMenusOnUsersPage('server_privileges.php'));
  39 }
  40
  41 /**
  42  * Sets globals from $_POST patterns, for privileges and max_* vars
  43  */
  44
  45 $post_patterns = array(
  46     '/_priv$/i',
  47     '/^max_/i'
  48 );
  49
  50 PMA_setPostAsGlobal($post_patterns);
  51
  52 require 'libraries/server_common.inc.php';
  53
  54 /**
  55  * Messages are built using the message name
  56  */
  57 $strPrivDescAllPrivileges = __('Includes all privileges except GRANT.');
  58 $strPrivDescAlter = __('Allows altering the structure of existing tables.');
  59 $strPrivDescAlterRoutine = __('Allows altering and dropping stored routines.');
  60 $strPrivDescCreateDb = __('Allows creating new databases and tables.');
  61 $strPrivDescCreateRoutine = __('Allows creating stored routines.');
  62 $strPrivDescCreateTbl = __('Allows creating new tables.');
  63 $strPrivDescCreateTmpTable = __('Allows creating temporary tables.');
  64 $strPrivDescCreateUser = __('Allows creating, dropping and renaming user accounts.');
  65 $strPrivDescCreateView = __('Allows creating new views.');
  66 $strPrivDescDelete = __('Allows deleting data.');
  67 $strPrivDescDropDb = __('Allows dropping databases and tables.');
  68 $strPrivDescDropTbl = __('Allows dropping tables.');
  69 $strPrivDescEvent = __('Allows to set up events for the event scheduler.');
  70 $strPrivDescExecute = __('Allows executing stored routines.');
  71 $strPrivDescFile = __('Allows importing data from and exporting data into files.');
  72 $strPrivDescGrantTbl = __(
  73     'Allows user to give to other users or remove from other users the privileges '
  74     . 'that user possess yourself.'
  75 );
  76 $strPrivDescIndex = __('Allows creating and dropping indexes.');
  77 $strPrivDescInsert = __('Allows inserting and replacing data.');
  78 $strPrivDescLockTables = __('Allows locking tables for the current thread.');
  79 $strPrivDescMaxConnections = __(
  80     'Limits the number of new connections the user may open per hour.'
  81 );
  82 $strPrivDescMaxQuestions = __(
  83     'Limits the number of queries the user may send to the server per hour.'
  84 );
  85 $strPrivDescMaxUpdates = __(
  86     'Limits the number of commands that change any table or database '
  87     . 'the user may execute per hour.'
  88 );
  89 $strPrivDescMaxUserConnections = __(
  90     'Limits the number of simultaneous connections the user may have.'
  91 );
  92 $strPrivDescProcess = __('Allows viewing processes of all users.');
  93 $strPrivDescReferences = __('Has no effect in this MySQL version.');
  94 $strPrivDescReload = __(
  95     'Allows reloading server settings and flushing the server\'s caches.'
  96 );
  97 $strPrivDescReplClient = __(
  98     'Allows the user to ask where the slaves / masters are.'
  99 );
 100 $strPrivDescReplSlave = __('Needed for the replication slaves.');
 101 $strPrivDescSelect = __('Allows reading data.');
 102 $strPrivDescShowDb = __('Gives access to the complete list of databases.');
 103 $strPrivDescShowView = __('Allows performing SHOW CREATE VIEW queries.');
 104 $strPrivDescShutdown = __('Allows shutting down the server.');
 105 $strPrivDescSuper = __(
 106     'Allows connecting, even if maximum number of connections is reached; '
 107     . 'required for most administrative operations like setting global variables '
 108     . 'or killing threads of other users.'
 109 );
 110 $strPrivDescTrigger = __('Allows creating and dropping triggers.');
 111 $strPrivDescUpdate = __('Allows changing data.');
 112 $strPrivDescUsage = __('No privileges.');
 113
 114 $_add_user_error = false;
 115 /**
 116  * Get DB information: username, hostname, dbname,
 117  * tablename, db_and_table, dbname_is_wildcard
 118  */
 119 list(
 120     $username, $hostname, $dbname, $tablename, $routinename,
 121     $db_and_table, $dbname_is_wildcard
 122 ) = PMA_getDataForDBInfo();
 123
 124 /**
 125  * Checks if the user is allowed to do what he tries to...
 126  */
 127 if (!$GLOBALS['is_superuser'] && !$GLOBALS['is_grantuser']
 128     && !$GLOBALS['is_createuser']
 129 ) {
 130     $response->addHTML(PMA_getHtmlForSubPageHeader('privileges', '', false));
 131     $response->addHTML(
 132         PMA\libraries\Message::error(__('No Privileges'))
 133             ->getDisplay()
 134     );
 135     exit;
 136 }
 137
 138 /**
 139  * Checks if the user is using "Change Login Information / Copy User" dialog
 140  * only to update the password
 141  */
 142 if (isset($_REQUEST['change_copy']) && $username == $_REQUEST['old_username']
 143     && $hostname == $_REQUEST['old_hostname']
 144 ) {
 145     $response->addHTML(
 146         PMA\libraries\Message::error(
 147             __(
 148                 "Username and hostname didn't change. "
 149                 . "If you only want to change the password, "
 150                 . "'Change password' tab should be used."
 151             )
 152         )->getDisplay()
 153     );
 154     $response->setRequestStatus(false);
 155     exit;
 156 }
 157
 158 /**
 159  * Changes / copies a user, part I
 160  */
 161 list($queries, $password) = PMA_getDataForChangeOrCopyUser();
 162
 163 /**
 164  * Adds a user
 165  *   (Changes / copies a user, part II)
 166  */
 167 list($ret_message, $ret_queries, $queries_for_display, $sql_query, $_add_user_error)
 168     = PMA_addUser(
 169         isset($dbname)? $dbname : null,
 170         isset($username)? $username : null,
 171         isset($hostname)? $hostname : null,
 172         isset($password)? $password : null,
 173         $cfgRelation['menuswork']
 174     );
 175 //update the old variables
 176 if (isset($ret_queries)) {
 177     $queries = $ret_queries;
 178     unset($ret_queries);
 179 }
 180 if (isset($ret_message)) {
 181     $message = $ret_message;
 182     unset($ret_message);
 183 }
 184
 185 /**
 186  * Changes / copies a user, part III
 187  */
 188 if (isset($_REQUEST['change_copy'])) {
 189     $queries = PMA_getDbSpecificPrivsQueriesForChangeOrCopyUser(
 190         $queries, $username, $hostname
 191     );
 192 }
 193
 194 $itemType = '';
 195 if (! empty($routinename)) {
 196     $itemType = PMA_getRoutineType($dbname, $routinename);
 197 }
 198
 199 /**
 200  * Updates privileges
 201  */
 202 if (! empty($_POST['update_privs'])) {
 203     if (is_array($dbname)) {
 204         foreach ($dbname as $key => $db_name) {
 205             list($sql_query[$key], $message) = PMA_updatePrivileges(
 206                 (isset($username) ? $username : ''),
 207                 (isset($hostname) ? $hostname : ''),
 208                 (isset($tablename)
 209                     ? $tablename
 210                     : (isset($routinename) ? $routinename : '')),
 211                 (isset($db_name) ? $db_name : ''),
 212                 $itemType
 213             );
 214         }
 215
 216         $sql_query = implode("\n", $sql_query);
 217     } else {
 218         list($sql_query, $message) = PMA_updatePrivileges(
 219             (isset($username) ? $username : ''),
 220             (isset($hostname) ? $hostname : ''),
 221             (isset($tablename)
 222                 ? $tablename
 223                 : (isset($routinename) ? $routinename : '')),
 224             (isset($dbname) ? $dbname : ''),
 225             $itemType
 226         );
 227     }
 228 }
 229
 230 /**
 231  * Assign users to user groups
 232  */
 233 if (! empty($_REQUEST['changeUserGroup']) && $cfgRelation['menuswork']
 234     && $GLOBALS['is_superuser'] && $GLOBALS['is_createuser']
 235 ) {
 236     PMA_setUserGroup($username, $_REQUEST['userGroup']);
 237     $message = PMA\libraries\Message::success();
 238 }
 239
 240 /**
 241  * Revokes Privileges
 242  */
 243 if (isset($_REQUEST['revokeall'])) {
 244     list ($message, $sql_query) = PMA_getMessageAndSqlQueryForPrivilegesRevoke(
 245         (isset($dbname) ? $dbname : ''),
 246         (isset($tablename)
 247             ? $tablename
 248             : (isset($routinename) ? $routinename : '')),
 249         $username,
 250         $hostname,
 251         $itemType
 252     );
 253 }
 254
 255 /**
 256  * Updates the password
 257  */
 258 if (isset($_REQUEST['change_pw'])) {
 259     $message = PMA_updatePassword(
 260         $err_url, $username, $hostname
 261     );
 262 }
 263
 264 /**
 265  * Deletes users
 266  *   (Changes / copies a user, part IV)
 267  */
 268 if (isset($_REQUEST['delete'])
 269     || (isset($_REQUEST['change_copy']) && $_REQUEST['mode'] < 4)
 270 ) {
 271     include_once 'libraries/relation_cleanup.lib.php';
 272     $queries = PMA_getDataForDeleteUsers($queries);
 273     if (empty($_REQUEST['change_copy'])) {
 274         list($sql_query, $message) = PMA_deleteUser($queries);
 275     }
 276 }
 277
 278 /**
 279  * Changes / copies a user, part V
 280  */
 281 if (isset($_REQUEST['change_copy'])) {
 282     $queries = PMA_getDataForQueries($queries, $queries_for_display);
 283     $message = PMA\libraries\Message::success();
 284     $sql_query = join("\n", $queries);
 285 }
 286
 287 /**
 288  * Reloads the privilege tables into memory
 289  */
 290 $message_ret = PMA_updateMessageForReload();
 291 if (isset($message_ret)) {
 292     $message = $message_ret;
 293     unset($message_ret);
 294 }
 295
 296 /**
 297  * If we are in an Ajax request for Create User/Edit User/Revoke User/
 298  * Flush Privileges, show $message and exit.
 299  */
 300 if ($GLOBALS['is_ajax_request']
 301     && empty($_REQUEST['ajax_page_request'])
 302     && ! isset($_REQUEST['export'])
 303     && (! isset($_REQUEST['submit_mult']) || $_REQUEST['submit_mult'] != 'export')
 304     && ((! isset($_REQUEST['initial']) || $_REQUEST['initial'] === null
 305     || $_REQUEST['initial'] === '')
 306     || (isset($_REQUEST['delete']) && $_REQUEST['delete'] === __('Go')))
 307     && ! isset($_REQUEST['showall'])
 308     && ! isset($_REQUEST['edit_user_group_dialog'])
 309     && ! isset($_REQUEST['db_specific'])
 310 ) {
 311     $extra_data = PMA_getExtraDataForAjaxBehavior(
 312         (isset($password) ? $password : ''),
 313         (isset($sql_query) ? $sql_query : ''),
 314         (isset($hostname) ? $hostname : ''),
 315         (isset($username) ? $username : '')
 316     );
 317
 318     if (! empty($message) && $message instanceof PMA\libraries\Message) {
 319         $response = PMA\libraries\Response::getInstance();
 320         $response->setRequestStatus($message->isSuccess());
 321         $response->addJSON('message', $message);
 322         $response->addJSON($extra_data);
 323         exit;
 324     }
 325 }
 326
 327 /**
 328  * Displays the links
 329  */
 330 if (isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'db') {
 331     $GLOBALS['db'] = $_REQUEST['db'] = $_REQUEST['checkprivsdb'];
 332
 333     $url_query .= '&amp;goto=db_operations.php';
 334
 335     // Gets the database structure
 336     $sub_part = '_structure';
 337     ob_start();
 338
 339     list(
 340         $tables,
 341         $num_tables,
 342         $total_num_tables,
 343         $sub_part,
 344         $is_show_stats,
 345         $db_is_system_schema,
 346         $tooltip_truename,
 347         $tooltip_aliasname,
 348         $pos
 349     ) = PMA\libraries\Util::getDbInfo($db, isset($sub_part) ? $sub_part : '');
 350
 351     $content = ob_get_contents();
 352     ob_end_clean();
 353     $response->addHTML($content . "\n");
 354 } else {
 355     if (! empty($GLOBALS['message'])) {
 356         $response->addHTML(PMA\libraries\Util::getMessage($GLOBALS['message']));
 357         unset($GLOBALS['message']);
 358     }
 359 }
 360
 361 /**
 362  * Displays the page
 363  */
 364 $response->addHTML(
 365     PMA_getHtmlForUserGroupDialog(
 366         isset($username)? $username : null,
 367         $cfgRelation['menuswork']
 368     )
 369 );
 370
 371 // export user definition
 372 if (isset($_REQUEST['export'])
 373     || (isset($_REQUEST['submit_mult']) && $_REQUEST['submit_mult'] == 'export')
 374 ) {
 375     list($title, $export) = PMA_getListForExportUserDefinition(
 376         isset($username) ? $username : null,
 377         isset($hostname) ? $hostname : null
 378     );
 379
 380     unset($username, $hostname, $grants, $one_grant);
 381
 382     $response = PMA\libraries\Response::getInstance();
 383     if ($GLOBALS['is_ajax_request']) {
 384         $response->addJSON('message', $export);
 385         $response->addJSON('title', $title);
 386         exit;
 387     } else {
 388         $response->addHTML("<h2>$title</h2>$export");
 389     }
 390 }
 391
 392 if (isset($_REQUEST['adduser'])) {
 393     // Add user
 394     $response->addHTML(
 395         PMA_getHtmlForAddUser((isset($dbname) ? $dbname : ''))
 396     );
 397 } elseif (isset($_REQUEST['checkprivsdb'])) {
 398     if (isset($_REQUEST['checkprivstable'])) {
 399         // check the privileges for a particular table.
 400         $response->addHTML(
 401             PMA_getHtmlForSpecificTablePrivileges(
 402                 $_REQUEST['checkprivsdb'], $_REQUEST['checkprivstable']
 403             )
 404         );
 405     } else {
 406         // check the privileges for a particular database.
 407         $response->addHTML(
 408             PMA_getHtmlForSpecificDbPrivileges($_REQUEST['checkprivsdb'])
 409         );
 410     }
 411 } else {
 412     if (isset($dbname) && ! is_array($dbname)) {
 413         $url_dbname = urlencode(
 414             str_replace(
 415                 array('\_', '\%'),
 416                 array('_', '%'),
 417                 $_REQUEST['dbname']
 418             )
 419         );
 420     }
 421
 422     if (! isset($username)) {
 423         // No username is given --> display the overview
 424         $response->addHTML(
 425             PMA_getHtmlForUserOverview($pmaThemeImage, $text_dir)
 426         );
 427     } else if (!empty($routinename)) {
 428         $response->addHTML(
 429             PMA_getHtmlForRoutineSpecificPrivilges(
 430                 $username, $hostname, $dbname, $routinename,
 431                 (isset($url_dbname) ? $url_dbname : '')
 432             )
 433         );
 434     } else {
 435         // A user was selected -> display the user's properties
 436         // In an Ajax request, prevent cached values from showing
 437         if ($GLOBALS['is_ajax_request'] == true) {
 438             header('Cache-Control: no-cache');
 439         }
 440
 441         $response->addHTML(
 442             PMA_getHtmlForUserProperties(
 443                 (isset($dbname_is_wildcard) ? $dbname_is_wildcard : ''),
 444                 (isset($url_dbname) ? $url_dbname : ''),
 445                 $username, $hostname,
 446                 (isset($dbname) ? $dbname : ''),
 447                 (isset($tablename) ? $tablename : '')
 448             )
 449         );
 450     }
 451 }
 452
 453 if ((isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'server')
 454     && $GLOBALS['cfgRelation']['menuswork']
 455 ) {
 456     $response->addHTML('</div>');
 457 }