server_privileges.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * Server privileges and users manipulations
   5  *
   6  * @package PhpMyAdmin
   7  */
   8 use PMA\libraries\Response;
   9
  10 /**
  11  * include common file
  12  */
  13 require_once 'libraries/common.inc.php';
  14
  15 /**
  16  * functions implementation for this script
  17  */
  18 require_once 'libraries/display_change_password.lib.php';
  19 require_once 'libraries/server_privileges.lib.php';
  20 require_once 'libraries/check_user_privileges.lib.php';
  21
  22 $cfgRelation = PMA_getRelationsParam();
  23
  24 /**
  25  * Does the common work
  26  */
  27 $response = Response::getInstance();
  28 $header   = $response->getHeader();
  29 $scripts  = $header->getScripts();
  30 $scripts->addFile('server_privileges.js');
  31 $scripts->addFile('zxcvbn.js');
  32
  33 if ((isset($_REQUEST['viewing_mode'])
  34     && $_REQUEST['viewing_mode'] == 'server')
  35     && $GLOBALS['cfgRelation']['menuswork']
  36 ) {
  37     include_once 'libraries/server_users.lib.php';
  38     $response->addHTML('<div>');
  39     $response->addHTML(PMA_getHtmlForSubMenusOnUsersPage('server_privileges.php'));
  40 }
  41
  42 /**
  43  * Sets globals from $_POST patterns, for privileges and max_* vars
  44  */
  45
  46 $post_patterns = array(
  47     '/_priv$/i',
  48     '/^max_/i'
  49 );
  50
  51 PMA_setPostAsGlobal($post_patterns);
  52
  53 require 'libraries/server_common.inc.php';
  54
  55 /**
  56  * Messages are built using the message name
  57  */
  58 $strPrivDescAllPrivileges = __('Includes all privileges except GRANT.');
  59 $strPrivDescAlter = __('Allows altering the structure of existing tables.');
  60 $strPrivDescAlterRoutine = __('Allows altering and dropping stored routines.');
  61 $strPrivDescCreateDb = __('Allows creating new databases and tables.');
  62 $strPrivDescCreateRoutine = __('Allows creating stored routines.');
  63 $strPrivDescCreateTbl = __('Allows creating new tables.');
  64 $strPrivDescCreateTmpTable = __('Allows creating temporary tables.');
  65 $strPrivDescCreateUser = __('Allows creating, dropping and renaming user accounts.');
  66 $strPrivDescCreateView = __('Allows creating new views.');
  67 $strPrivDescDelete = __('Allows deleting data.');
  68 $strPrivDescDropDb = __('Allows dropping databases and tables.');
  69 $strPrivDescDropTbl = __('Allows dropping tables.');
  70 $strPrivDescEvent = __('Allows to set up events for the event scheduler.');
  71 $strPrivDescExecute = __('Allows executing stored routines.');
  72 $strPrivDescFile = __('Allows importing data from and exporting data into files.');
  73 $strPrivDescGrantTbl = __(
  74     'Allows user to give to other users or remove from other users the privileges '
  75     . 'that user possess yourself.'
  76 );
  77 $strPrivDescIndex = __('Allows creating and dropping indexes.');
  78 $strPrivDescInsert = __('Allows inserting and replacing data.');
  79 $strPrivDescLockTables = __('Allows locking tables for the current thread.');
  80 $strPrivDescMaxConnections = __(
  81     'Limits the number of new connections the user may open per hour.'
  82 );
  83 $strPrivDescMaxQuestions = __(
  84     'Limits the number of queries the user may send to the server per hour.'
  85 );
  86 $strPrivDescMaxUpdates = __(
  87     'Limits the number of commands that change any table or database '
  88     . 'the user may execute per hour.'
  89 );
  90 $strPrivDescMaxUserConnections = __(
  91     'Limits the number of simultaneous connections the user may have.'
  92 );
  93 $strPrivDescProcess = __('Allows viewing processes of all users.');
  94 $strPrivDescReferences = __('Has no effect in this MySQL version.');
  95 $strPrivDescReload = __(
  96     'Allows reloading server settings and flushing the server\'s caches.'
  97 );
  98 $strPrivDescReplClient = __(
  99     'Allows the user to ask where the slaves / masters are.'
 100 );
 101 $strPrivDescReplSlave = __('Needed for the replication slaves.');
 102 $strPrivDescSelect = __('Allows reading data.');
 103 $strPrivDescShowDb = __('Gives access to the complete list of databases.');
 104 $strPrivDescShowView = __('Allows performing SHOW CREATE VIEW queries.');
 105 $strPrivDescShutdown = __('Allows shutting down the server.');
 106 $strPrivDescSuper = __(
 107     'Allows connecting, even if maximum number of connections is reached; '
 108     . 'required for most administrative operations like setting global variables '
 109     . 'or killing threads of other users.'
 110 );
 111 $strPrivDescTrigger = __('Allows creating and dropping triggers.');
 112 $strPrivDescUpdate = __('Allows changing data.');
 113 $strPrivDescUsage = __('No privileges.');
 114
 115 $_add_user_error = false;
 116 /**
 117  * Get DB information: username, hostname, dbname,
 118  * tablename, db_and_table, dbname_is_wildcard
 119  */
 120 list(
 121     $username, $hostname, $dbname, $tablename, $routinename,
 122     $db_and_table, $dbname_is_wildcard
 123 ) = PMA_getDataForDBInfo();
 124
 125 /**
 126  * Checks if the user is allowed to do what he tries to...
 127  */
 128 if (!$GLOBALS['is_superuser'] && !$GLOBALS['is_grantuser']
 129     && !$GLOBALS['is_createuser']
 130 ) {
 131     $response->addHTML(PMA_getHtmlForSubPageHeader('privileges', '', false));
 132     $response->addHTML(
 133         PMA\libraries\Message::error(__('No Privileges'))
 134             ->getDisplay()
 135     );
 136     exit;
 137 }
 138
 139 /**
 140  * Checks if the user is using "Change Login Information / Copy User" dialog
 141  * only to update the password
 142  */
 143 if (isset($_REQUEST['change_copy']) && $username == $_REQUEST['old_username']
 144     && $hostname == $_REQUEST['old_hostname']
 145 ) {
 146     $response->addHTML(
 147         PMA\libraries\Message::error(
 148             __(
 149                 "Username and hostname didn't change. "
 150                 . "If you only want to change the password, "
 151                 . "'Change password' tab should be used."
 152             )
 153         )->getDisplay()
 154     );
 155     $response->setRequestStatus(false);
 156     exit;
 157 }
 158
 159 /**
 160  * Changes / copies a user, part I
 161  */
 162 list($queries, $password) = PMA_getDataForChangeOrCopyUser();
 163
 164 /**
 165  * Adds a user
 166  *   (Changes / copies a user, part II)
 167  */
 168 list($ret_message, $ret_queries, $queries_for_display, $sql_query, $_add_user_error)
 169     = PMA_addUser(
 170         isset($dbname)? $dbname : null,
 171         isset($username)? $username : null,
 172         isset($hostname)? $hostname : null,
 173         isset($password)? $password : null,
 174         $cfgRelation['menuswork']
 175     );
 176 //update the old variables
 177 if (isset($ret_queries)) {
 178     $queries = $ret_queries;
 179     unset($ret_queries);
 180 }
 181 if (isset($ret_message)) {
 182     $message = $ret_message;
 183     unset($ret_message);
 184 }
 185
 186 /**
 187  * Changes / copies a user, part III
 188  */
 189 if (isset($_REQUEST['change_copy'])) {
 190     $queries = PMA_getDbSpecificPrivsQueriesForChangeOrCopyUser(
 191         $queries, $username, $hostname
 192     );
 193 }
 194
 195 $itemType = '';
 196 if (! empty($routinename)) {
 197     $itemType = PMA_getRoutineType($dbname, $routinename);
 198 }
 199
 200 /**
 201  * Updates privileges
 202  */
 203 if (! empty($_POST['update_privs'])) {
 204     if (is_array($dbname)) {
 205         foreach ($dbname as $key => $db_name) {
 206             list($sql_query[$key], $message) = PMA_updatePrivileges(
 207                 (isset($username) ? $username : ''),
 208                 (isset($hostname) ? $hostname : ''),
 209                 (isset($tablename)
 210                     ? $tablename
 211                     : (isset($routinename) ? $routinename : '')),
 212                 (isset($db_name) ? $db_name : ''),
 213                 $itemType
 214             );
 215         }
 216
 217         $sql_query = implode("\n", $sql_query);
 218     } else {
 219         list($sql_query, $message) = PMA_updatePrivileges(
 220             (isset($username) ? $username : ''),
 221             (isset($hostname) ? $hostname : ''),
 222             (isset($tablename)
 223                 ? $tablename
 224                 : (isset($routinename) ? $routinename : '')),
 225             (isset($dbname) ? $dbname : ''),
 226             $itemType
 227         );
 228     }
 229 }
 230
 231 /**
 232  * Assign users to user groups
 233  */
 234 if (! empty($_REQUEST['changeUserGroup']) && $cfgRelation['menuswork']
 235     && $GLOBALS['is_superuser'] && $GLOBALS['is_createuser']
 236 ) {
 237     PMA_setUserGroup($username, $_REQUEST['userGroup']);
 238     $message = PMA\libraries\Message::success();
 239 }
 240
 241 /**
 242  * Revokes Privileges
 243  */
 244 if (isset($_REQUEST['revokeall'])) {
 245     list ($message, $sql_query) = PMA_getMessageAndSqlQueryForPrivilegesRevoke(
 246         (isset($dbname) ? $dbname : ''),
 247         (isset($tablename)
 248             ? $tablename
 249             : (isset($routinename) ? $routinename : '')),
 250         $username,
 251         $hostname,
 252         $itemType
 253     );
 254 }
 255
 256 /**
 257  * Updates the password
 258  */
 259 if (isset($_REQUEST['change_pw'])) {
 260     $message = PMA_updatePassword(
 261         $err_url, $username, $hostname
 262     );
 263 }
 264
 265 /**
 266  * Deletes users
 267  *   (Changes / copies a user, part IV)
 268  */
 269 if (isset($_REQUEST['delete'])
 270     || (isset($_REQUEST['change_copy']) && $_REQUEST['mode'] < 4)
 271 ) {
 272     include_once 'libraries/relation_cleanup.lib.php';
 273     $queries = PMA_getDataForDeleteUsers($queries);
 274     if (empty($_REQUEST['change_copy'])) {
 275         list($sql_query, $message) = PMA_deleteUser($queries);
 276     }
 277 }
 278
 279 /**
 280  * Changes / copies a user, part V
 281  */
 282 if (isset($_REQUEST['change_copy'])) {
 283     $queries = PMA_getDataForQueries($queries, $queries_for_display);
 284     $message = PMA\libraries\Message::success();
 285     $sql_query = join("\n", $queries);
 286 }
 287
 288 /**
 289  * Reloads the privilege tables into memory
 290  */
 291 $message_ret = PMA_updateMessageForReload();
 292 if (isset($message_ret)) {
 293     $message = $message_ret;
 294     unset($message_ret);
 295 }
 296
 297 /**
 298  * If we are in an Ajax request for Create User/Edit User/Revoke User/
 299  * Flush Privileges, show $message and exit.
 300  */
 301 if ($response->isAjax()
 302     && empty($_REQUEST['ajax_page_request'])
 303     && ! isset($_REQUEST['export'])
 304     && (! isset($_REQUEST['submit_mult']) || $_REQUEST['submit_mult'] != 'export')
 305     && ((! isset($_REQUEST['initial']) || $_REQUEST['initial'] === null
 306     || $_REQUEST['initial'] === '')
 307     || (isset($_REQUEST['delete']) && $_REQUEST['delete'] === __('Go')))
 308     && ! isset($_REQUEST['showall'])
 309     && ! isset($_REQUEST['edit_user_group_dialog'])
 310     && ! isset($_REQUEST['db_specific'])
 311 ) {
 312     $extra_data = PMA_getExtraDataForAjaxBehavior(
 313         (isset($password) ? $password : ''),
 314         (isset($sql_query) ? $sql_query : ''),
 315         (isset($hostname) ? $hostname : ''),
 316         (isset($username) ? $username : '')
 317     );
 318
 319     if (! empty($message) && $message instanceof PMA\libraries\Message) {
 320         $response->setRequestStatus($message->isSuccess());
 321         $response->addJSON('message', $message);
 322         $response->addJSON($extra_data);
 323         exit;
 324     }
 325 }
 326
 327 /**
 328  * Displays the links
 329  */
 330 if (isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'db') {
 331     $GLOBALS['db'] = $_REQUEST['db'] = $_REQUEST['checkprivsdb'];
 332
 333     $url_query .= '&amp;goto=db_operations.php';
 334
 335     // Gets the database structure
 336     $sub_part = '_structure';
 337     ob_start();
 338
 339     list(
 340         $tables,
 341         $num_tables,
 342         $total_num_tables,
 343         $sub_part,
 344         $is_show_stats,
 345         $db_is_system_schema,
 346         $tooltip_truename,
 347         $tooltip_aliasname,
 348         $pos
 349     ) = PMA\libraries\Util::getDbInfo($db, isset($sub_part) ? $sub_part : '');
 350
 351     $content = ob_get_contents();
 352     ob_end_clean();
 353     $response->addHTML($content . "\n");
 354 } else {
 355     if (! empty($GLOBALS['message'])) {
 356         $response->addHTML(PMA\libraries\Util::getMessage($GLOBALS['message']));
 357         unset($GLOBALS['message']);
 358     }
 359 }
 360
 361 /**
 362  * Displays the page
 363  */
 364 $response->addHTML(
 365     PMA_getHtmlForUserGroupDialog(
 366         isset($username)? $username : null,
 367         $cfgRelation['menuswork']
 368     )
 369 );
 370
 371 // export user definition
 372 if (isset($_REQUEST['export'])
 373     || (isset($_REQUEST['submit_mult']) && $_REQUEST['submit_mult'] == 'export')
 374 ) {
 375     list($title, $export) = PMA_getListForExportUserDefinition(
 376         isset($username) ? $username : null,
 377         isset($hostname) ? $hostname : null
 378     );
 379
 380     unset($username, $hostname, $grants, $one_grant);
 381
 382     if ($response->isAjax()) {
 383         $response->addJSON('message', $export);
 384         $response->addJSON('title', $title);
 385         exit;
 386     } else {
 387         $response->addHTML("<h2>$title</h2>$export");
 388     }
 389 }
 390
 391 if (isset($_REQUEST['adduser'])) {
 392     // Add user
 393     $response->addHTML(
 394         PMA_getHtmlForAddUser((isset($dbname) ? $dbname : ''))
 395     );
 396 } elseif (isset($_REQUEST['checkprivsdb'])) {
 397     if (isset($_REQUEST['checkprivstable'])) {
 398         // check the privileges for a particular table.
 399         $response->addHTML(
 400             PMA_getHtmlForSpecificTablePrivileges(
 401                 $_REQUEST['checkprivsdb'], $_REQUEST['checkprivstable']
 402             )
 403         );
 404     } else {
 405         // check the privileges for a particular database.
 406         $response->addHTML(
 407             PMA_getHtmlForSpecificDbPrivileges($_REQUEST['checkprivsdb'])
 408         );
 409     }
 410 } else {
 411     if (isset($dbname) && ! is_array($dbname)) {
 412         $url_dbname = urlencode(
 413             str_replace(
 414                 array('\_', '\%'),
 415                 array('_', '%'),
 416                 $_REQUEST['dbname']
 417             )
 418         );
 419     }
 420
 421     if (! isset($username)) {
 422         // No username is given --> display the overview
 423         $response->addHTML(
 424             PMA_getHtmlForUserOverview($pmaThemeImage, $text_dir)
 425         );
 426     } else if (!empty($routinename)) {
 427         $response->addHTML(
 428             PMA_getHtmlForRoutineSpecificPrivilges(
 429                 $username, $hostname, $dbname, $routinename,
 430                 (isset($url_dbname) ? $url_dbname : '')
 431             )
 432         );
 433     } else {
 434         // A user was selected -> display the user's properties
 435         // In an Ajax request, prevent cached values from showing
 436         if ($response->isAjax()) {
 437             header('Cache-Control: no-cache');
 438         }
 439
 440         $response->addHTML(
 441             PMA_getHtmlForUserProperties(
 442                 (isset($dbname_is_wildcard) ? $dbname_is_wildcard : ''),
 443                 (isset($url_dbname) ? $url_dbname : ''),
 444                 $username, $hostname,
 445                 (isset($dbname) ? $dbname : ''),
 446                 (isset($tablename) ? $tablename : '')
 447             )
 448         );
 449     }
 450 }
 451
 452 if ((isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'server')
 453     && $GLOBALS['cfgRelation']['menuswork']
 454 ) {
 455     $response->addHTML('</div>');
 456 }