2 /* vim: set expandtab sw=4 ts=4 sts=4: */
4 * Server privileges and users manipulations
12 require_once 'libraries/common.inc.php';
15 * functions implementation for this script
17 require_once 'libraries/display_change_password.lib.php';
18 require_once 'libraries/server_privileges.lib.php';
19 require_once 'libraries/check_user_privileges.lib.php';
21 $cfgRelation = PMA_getRelationsParam();
24 * Does the common work
26 $response = PMA\libraries\Response
::getInstance();
27 $header = $response->getHeader();
28 $scripts = $header->getScripts();
29 $scripts->addFile('server_privileges.js');
30 $scripts->addFile('zxcvbn.js');
32 if ((isset($_REQUEST['viewing_mode'])
33 && $_REQUEST['viewing_mode'] == 'server')
34 && $GLOBALS['cfgRelation']['menuswork']
36 include_once 'libraries/server_users.lib.php';
37 $response->addHTML('<div>');
38 $response->addHTML(PMA_getHtmlForSubMenusOnUsersPage('server_privileges.php'));
42 * Sets globals from $_POST patterns, for privileges and max_* vars
45 $post_patterns = array(
50 PMA_setPostAsGlobal($post_patterns);
52 require 'libraries/server_common.inc.php';
55 * Messages are built using the message name
57 $strPrivDescAllPrivileges = __('Includes all privileges except GRANT.');
58 $strPrivDescAlter = __('Allows altering the structure of existing tables.');
59 $strPrivDescAlterRoutine = __('Allows altering and dropping stored routines.');
60 $strPrivDescCreateDb = __('Allows creating new databases and tables.');
61 $strPrivDescCreateRoutine = __('Allows creating stored routines.');
62 $strPrivDescCreateTbl = __('Allows creating new tables.');
63 $strPrivDescCreateTmpTable = __('Allows creating temporary tables.');
64 $strPrivDescCreateUser = __('Allows creating, dropping and renaming user accounts.');
65 $strPrivDescCreateView = __('Allows creating new views.');
66 $strPrivDescDelete = __('Allows deleting data.');
67 $strPrivDescDropDb = __('Allows dropping databases and tables.');
68 $strPrivDescDropTbl = __('Allows dropping tables.');
69 $strPrivDescEvent = __('Allows to set up events for the event scheduler.');
70 $strPrivDescExecute = __('Allows executing stored routines.');
71 $strPrivDescFile = __('Allows importing data from and exporting data into files.');
72 $strPrivDescGrantTbl = __(
73 'Allows user to give to other users or remove from other users the privileges '
74 . 'that user possess yourself.'
76 $strPrivDescIndex = __('Allows creating and dropping indexes.');
77 $strPrivDescInsert = __('Allows inserting and replacing data.');
78 $strPrivDescLockTables = __('Allows locking tables for the current thread.');
79 $strPrivDescMaxConnections = __(
80 'Limits the number of new connections the user may open per hour.'
82 $strPrivDescMaxQuestions = __(
83 'Limits the number of queries the user may send to the server per hour.'
85 $strPrivDescMaxUpdates = __(
86 'Limits the number of commands that change any table or database '
87 . 'the user may execute per hour.'
89 $strPrivDescMaxUserConnections = __(
90 'Limits the number of simultaneous connections the user may have.'
92 $strPrivDescProcess = __('Allows viewing processes of all users.');
93 $strPrivDescReferences = __('Has no effect in this MySQL version.');
94 $strPrivDescReload = __(
95 'Allows reloading server settings and flushing the server\'s caches.'
97 $strPrivDescReplClient = __(
98 'Allows the user to ask where the slaves / masters are.'
100 $strPrivDescReplSlave = __('Needed for the replication slaves.');
101 $strPrivDescSelect = __('Allows reading data.');
102 $strPrivDescShowDb = __('Gives access to the complete list of databases.');
103 $strPrivDescShowView = __('Allows performing SHOW CREATE VIEW queries.');
104 $strPrivDescShutdown = __('Allows shutting down the server.');
105 $strPrivDescSuper = __(
106 'Allows connecting, even if maximum number of connections is reached; '
107 . 'required for most administrative operations like setting global variables '
108 . 'or killing threads of other users.'
110 $strPrivDescTrigger = __('Allows creating and dropping triggers.');
111 $strPrivDescUpdate = __('Allows changing data.');
112 $strPrivDescUsage = __('No privileges.');
114 $_add_user_error = false;
116 * Get DB information: username, hostname, dbname,
117 * tablename, db_and_table, dbname_is_wildcard
120 $username, $hostname, $dbname, $tablename, $routinename,
121 $db_and_table, $dbname_is_wildcard
122 ) = PMA_getDataForDBInfo();
125 * Checks if the user is allowed to do what he tries to...
127 if (!$GLOBALS['is_superuser'] && !$GLOBALS['is_grantuser']
128 && !$GLOBALS['is_createuser']
130 $response->addHTML(PMA_getHtmlForSubPageHeader('privileges', '', false));
132 PMA\libraries\Message
::error(__('No Privileges'))
139 * Checks if the user is using "Change Login Information / Copy User" dialog
140 * only to update the password
142 if (isset($_REQUEST['change_copy']) && $username == $_REQUEST['old_username']
143 && $hostname == $_REQUEST['old_hostname']
146 PMA\libraries\Message
::error(
148 "Username and hostname didn't change. "
149 . "If you only want to change the password, "
150 . "'Change password' tab should be used."
154 $response->setRequestStatus(false);
159 * Changes / copies a user, part I
161 list($queries, $password) = PMA_getDataForChangeOrCopyUser();
165 * (Changes / copies a user, part II)
167 list($ret_message, $ret_queries, $queries_for_display, $sql_query, $_add_user_error)
169 isset($dbname)?
$dbname : null,
170 isset($username)?
$username : null,
171 isset($hostname)?
$hostname : null,
172 isset($password)?
$password : null,
173 $cfgRelation['menuswork']
175 //update the old variables
176 if (isset($ret_queries)) {
177 $queries = $ret_queries;
180 if (isset($ret_message)) {
181 $message = $ret_message;
186 * Changes / copies a user, part III
188 if (isset($_REQUEST['change_copy'])) {
189 $queries = PMA_getDbSpecificPrivsQueriesForChangeOrCopyUser(
190 $queries, $username, $hostname
195 if (! empty($routinename)) {
196 $itemType = PMA_getRoutineType($dbname, $routinename);
202 if (! empty($_POST['update_privs'])) {
203 if (is_array($dbname)) {
204 foreach ($dbname as $key => $db_name) {
205 list($sql_query[$key], $message) = PMA_updatePrivileges(
206 (isset($username) ?
$username : ''),
207 (isset($hostname) ?
$hostname : ''),
210 : (isset($routinename) ?
$routinename : '')),
211 (isset($db_name) ?
$db_name : ''),
216 $sql_query = implode("\n", $sql_query);
218 list($sql_query, $message) = PMA_updatePrivileges(
219 (isset($username) ?
$username : ''),
220 (isset($hostname) ?
$hostname : ''),
223 : (isset($routinename) ?
$routinename : '')),
224 (isset($dbname) ?
$dbname : ''),
231 * Assign users to user groups
233 if (! empty($_REQUEST['changeUserGroup']) && $cfgRelation['menuswork']
234 && $GLOBALS['is_superuser'] && $GLOBALS['is_createuser']
236 PMA_setUserGroup($username, $_REQUEST['userGroup']);
237 $message = PMA\libraries\Message
::success();
243 if (isset($_REQUEST['revokeall'])) {
244 list ($message, $sql_query) = PMA_getMessageAndSqlQueryForPrivilegesRevoke(
245 (isset($dbname) ?
$dbname : ''),
248 : (isset($routinename) ?
$routinename : '')),
256 * Updates the password
258 if (isset($_REQUEST['change_pw'])) {
259 $message = PMA_updatePassword(
260 $err_url, $username, $hostname
266 * (Changes / copies a user, part IV)
268 if (isset($_REQUEST['delete'])
269 ||
(isset($_REQUEST['change_copy']) && $_REQUEST['mode'] < 4)
271 include_once 'libraries/relation_cleanup.lib.php';
272 $queries = PMA_getDataForDeleteUsers($queries);
273 if (empty($_REQUEST['change_copy'])) {
274 list($sql_query, $message) = PMA_deleteUser($queries);
279 * Changes / copies a user, part V
281 if (isset($_REQUEST['change_copy'])) {
282 $queries = PMA_getDataForQueries($queries, $queries_for_display);
283 $message = PMA\libraries\Message
::success();
284 $sql_query = join("\n", $queries);
288 * Reloads the privilege tables into memory
290 $message_ret = PMA_updateMessageForReload();
291 if (isset($message_ret)) {
292 $message = $message_ret;
297 * If we are in an Ajax request for Create User/Edit User/Revoke User/
298 * Flush Privileges, show $message and exit.
300 if ($GLOBALS['is_ajax_request']
301 && empty($_REQUEST['ajax_page_request'])
302 && ! isset($_REQUEST['export'])
303 && (! isset($_REQUEST['submit_mult']) ||
$_REQUEST['submit_mult'] != 'export')
304 && ((! isset($_REQUEST['initial']) ||
$_REQUEST['initial'] === null
305 ||
$_REQUEST['initial'] === '')
306 ||
(isset($_REQUEST['delete']) && $_REQUEST['delete'] === __('Go')))
307 && ! isset($_REQUEST['showall'])
308 && ! isset($_REQUEST['edit_user_group_dialog'])
309 && ! isset($_REQUEST['db_specific'])
311 $extra_data = PMA_getExtraDataForAjaxBehavior(
312 (isset($password) ?
$password : ''),
313 (isset($sql_query) ?
$sql_query : ''),
314 (isset($hostname) ?
$hostname : ''),
315 (isset($username) ?
$username : '')
318 if (! empty($message) && $message instanceof PMA\libraries\Message
) {
319 $response = PMA\libraries\Response
::getInstance();
320 $response->setRequestStatus($message->isSuccess());
321 $response->addJSON('message', $message);
322 $response->addJSON($extra_data);
330 if (isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'db') {
331 $GLOBALS['db'] = $_REQUEST['db'] = $_REQUEST['checkprivsdb'];
333 $url_query .= '&goto=db_operations.php';
335 // Gets the database structure
336 $sub_part = '_structure';
345 $db_is_system_schema,
349 ) = PMA\libraries\Util
::getDbInfo($db, isset($sub_part) ?
$sub_part : '');
351 $content = ob_get_contents();
353 $response->addHTML($content . "\n");
355 if (! empty($GLOBALS['message'])) {
356 $response->addHTML(PMA\libraries\Util
::getMessage($GLOBALS['message']));
357 unset($GLOBALS['message']);
365 PMA_getHtmlForUserGroupDialog(
366 isset($username)?
$username : null,
367 $cfgRelation['menuswork']
371 // export user definition
372 if (isset($_REQUEST['export'])
373 ||
(isset($_REQUEST['submit_mult']) && $_REQUEST['submit_mult'] == 'export')
375 list($title, $export) = PMA_getListForExportUserDefinition(
376 isset($username) ?
$username : null,
377 isset($hostname) ?
$hostname : null
380 unset($username, $hostname, $grants, $one_grant);
382 $response = PMA\libraries\Response
::getInstance();
383 if ($GLOBALS['is_ajax_request']) {
384 $response->addJSON('message', $export);
385 $response->addJSON('title', $title);
388 $response->addHTML("<h2>$title</h2>$export");
392 if (isset($_REQUEST['adduser'])) {
395 PMA_getHtmlForAddUser((isset($dbname) ?
$dbname : ''))
397 } elseif (isset($_REQUEST['checkprivsdb'])) {
398 if (isset($_REQUEST['checkprivstable'])) {
399 // check the privileges for a particular table.
401 PMA_getHtmlForSpecificTablePrivileges(
402 $_REQUEST['checkprivsdb'], $_REQUEST['checkprivstable']
406 // check the privileges for a particular database.
408 PMA_getHtmlForSpecificDbPrivileges($_REQUEST['checkprivsdb'])
412 if (isset($dbname) && ! is_array($dbname)) {
413 $url_dbname = urlencode(
422 if (! isset($username)) {
423 // No username is given --> display the overview
425 PMA_getHtmlForUserOverview($pmaThemeImage, $text_dir)
427 } else if (!empty($routinename)) {
429 PMA_getHtmlForRoutineSpecificPrivilges(
430 $username, $hostname, $dbname, $routinename,
431 (isset($url_dbname) ?
$url_dbname : '')
435 // A user was selected -> display the user's properties
436 // In an Ajax request, prevent cached values from showing
437 if ($GLOBALS['is_ajax_request'] == true) {
438 header('Cache-Control: no-cache');
442 PMA_getHtmlForUserProperties(
443 (isset($dbname_is_wildcard) ?
$dbname_is_wildcard : ''),
444 (isset($url_dbname) ?
$url_dbname : ''),
445 $username, $hostname,
446 (isset($dbname) ?
$dbname : ''),
447 (isset($tablename) ?
$tablename : '')
453 if ((isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'server')
454 && $GLOBALS['cfgRelation']['menuswork']
456 $response->addHTML('</div>');