2 /* vim: set expandtab sw=4 ts=4 sts=4: */
4 * Server privileges and users manipulations
12 require_once 'libraries/common.inc.php';
15 * functions implementation for this script
17 require_once 'libraries/display_change_password.lib.php';
18 require_once 'libraries/server_privileges.lib.php';
20 $cfgRelation = PMA_getRelationsParam();
23 * Does the common work
25 $response = PMA_Response
::getInstance();
26 $header = $response->getHeader();
27 $scripts = $header->getScripts();
28 $scripts->addFile('server_privileges.js');
30 if ((isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'server')
31 && $GLOBALS['cfgRelation']['menuswork']
33 include_once 'libraries/server_users.lib.php';
34 $response->addHTML('<div>');
35 $response->addHTML(PMA_getHtmlForSubMenusOnUsersPage('server_privileges.php'));
39 * Sets globals from $_POST patterns, for privileges and max_* vars
42 $post_patterns = array(
46 foreach (array_keys($_POST) as $post_key) {
47 foreach ($post_patterns as $one_post_pattern) {
48 if (preg_match($one_post_pattern, $post_key)) {
49 $GLOBALS[$post_key] = $_POST[$post_key];
54 require 'libraries/server_common.inc.php';
57 * Messages are built using the message name
59 $strPrivDescAllPrivileges = __('Includes all privileges except GRANT.');
60 $strPrivDescAlter = __('Allows altering the structure of existing tables.');
61 $strPrivDescAlterRoutine = __('Allows altering and dropping stored routines.');
62 $strPrivDescCreateDb = __('Allows creating new databases and tables.');
63 $strPrivDescCreateRoutine = __('Allows creating stored routines.');
64 $strPrivDescCreateTbl = __('Allows creating new tables.');
65 $strPrivDescCreateTmpTable = __('Allows creating temporary tables.');
66 $strPrivDescCreateUser = __('Allows creating, dropping and renaming user accounts.');
67 $strPrivDescCreateView = __('Allows creating new views.');
68 $strPrivDescDelete = __('Allows deleting data.');
69 $strPrivDescDropDb = __('Allows dropping databases and tables.');
70 $strPrivDescDropTbl = __('Allows dropping tables.');
71 $strPrivDescEvent = __('Allows to set up events for the event scheduler');
72 $strPrivDescExecute = __('Allows executing stored routines.');
73 $strPrivDescFile = __('Allows importing data from and exporting data into files.');
74 $strPrivDescGrant = __(
75 'Allows adding users and privileges without reloading the privilege tables.'
77 $strPrivDescIndex = __('Allows creating and dropping indexes.');
78 $strPrivDescInsert = __('Allows inserting and replacing data.');
79 $strPrivDescLockTables = __('Allows locking tables for the current thread.');
80 $strPrivDescMaxConnections = __(
81 'Limits the number of new connections the user may open per hour.'
83 $strPrivDescMaxQuestions = __(
84 'Limits the number of queries the user may send to the server per hour.'
86 $strPrivDescMaxUpdates = __(
87 'Limits the number of commands that change any table or database '
88 . 'the user may execute per hour.'
90 $strPrivDescMaxUserConnections = __(
91 'Limits the number of simultaneous connections the user may have.'
93 $strPrivDescProcess = __('Allows viewing processes of all users');
94 $strPrivDescReferences = __('Has no effect in this MySQL version.');
95 $strPrivDescReload = __(
96 'Allows reloading server settings and flushing the server\'s caches.'
98 $strPrivDescReplClient = __(
99 'Allows the user to ask where the slaves / masters are.'
101 $strPrivDescReplSlave = __('Needed for the replication slaves.');
102 $strPrivDescSelect = __('Allows reading data.');
103 $strPrivDescShowDb = __('Gives access to the complete list of databases.');
104 $strPrivDescShowView = __('Allows performing SHOW CREATE VIEW queries.');
105 $strPrivDescShutdown = __('Allows shutting down the server.');
106 $strPrivDescSuper = __(
107 'Allows connecting, even if maximum number of connections is reached; '
108 . 'required for most administrative operations like setting global variables '
109 . 'or killing threads of other users.'
111 $strPrivDescTrigger = __('Allows creating and dropping triggers');
112 $strPrivDescUpdate = __('Allows changing data.');
113 $strPrivDescUsage = __('No privileges.');
115 $_add_user_error = false;
117 * Get DB information: username, hostname, dbname,
118 * tablename, db_and_table, dbname_is_wildcard
121 $username, $hostname, $dbname, $tablename,
122 $db_and_table, $dbname_is_wildcard
123 ) = PMA_getDataForDBInfo();
126 * Checks if the user is allowed to do what he tries to...
128 if (! $is_superuser) {
129 $response->addHTML(PMA_getHtmlForSubPageHeader('privileges', '', false));
130 $response->addHTML(PMA_Message
::error(__('No Privileges'))->getDisplay());
135 * Changes / copies a user, part I
137 list($queries, $password) = PMA_getDataForChangeOrCopyUser();
141 * (Changes / copies a user, part II)
143 list($ret_message, $ret_queries, $queries_for_display, $sql_query, $_add_user_error)
145 isset($dbname)?
$dbname : null,
146 isset($username)?
$username : null,
147 isset($hostname)?
$hostname : null,
148 isset($password)?
$password : null,
149 $cfgRelation['menuswork']
151 //update the old variables
152 if (isset($ret_queries)) {
153 $queries = $ret_queries;
156 if (isset($ret_message)) {
157 $message = $ret_message;
162 * Changes / copies a user, part III
164 if (isset($_REQUEST['change_copy'])) {
165 $queries = PMA_getDbSpecificPrivsQueriesForChangeOrCopyUser(
166 $queries, $username, $hostname
173 if (! empty($_POST['update_privs'])) {
174 list($sql_query, $message) = PMA_updatePrivileges(
175 (isset($username) ?
$username : ''),
176 (isset($hostname) ?
$hostname : ''),
177 (isset($tablename) ?
$tablename : ''),
178 (isset($dbname) ?
$dbname : '')
183 * Assign users to user groups
185 if (! empty($_REQUEST['changeUserGroup']) && $cfgRelation['menuswork']) {
186 PMA_setUserGroup($username, $_REQUEST['userGroup']);
187 $message = PMA_Message
::success();
193 if (isset($_REQUEST['revokeall'])) {
194 list ($message, $sql_query) = PMA_getMessageAndSqlQueryForPrivilegesRevoke(
196 (isset($dbname) ?
$dbname : ''),
197 (isset($tablename) ?
$tablename : ''),
203 * Updates the password
205 if (isset($_REQUEST['change_pw'])) {
206 $message = PMA_updatePassword(
207 $err_url, $username, $hostname
213 * (Changes / copies a user, part IV)
215 if (isset($_REQUEST['delete'])
216 ||
(isset($_REQUEST['change_copy']) && $_REQUEST['mode'] < 4)
218 $queries = PMA_getDataForDeleteUsers($queries);
219 if (empty($_REQUEST['change_copy'])) {
220 list($sql_query, $message) = PMA_deleteUser($queries);
225 * Changes / copies a user, part V
227 if (isset($_REQUEST['change_copy'])) {
228 $queries = PMA_getDataForQueries($queries, $queries_for_display);
229 $message = PMA_Message
::success();
230 $sql_query = join("\n", $queries);
234 * Reloads the privilege tables into memory
236 $message_ret = PMA_updateMessageForReload();
237 if (isset($message_ret)) {
238 $message = $message_ret;
243 * If we are in an Ajax request for Create User/Edit User/Revoke User/
244 * Flush Privileges, show $message and exit.
246 if ($GLOBALS['is_ajax_request']
247 && empty($_REQUEST['ajax_page_request'])
248 && ! isset($_REQUEST['export'])
249 && (! isset($_REQUEST['submit_mult']) ||
$_REQUEST['submit_mult'] != 'export')
250 && (! isset($_REQUEST['adduser']) ||
$_add_user_error)
251 && (! isset($_REQUEST['initial']) ||
empty($_REQUEST['initial']))
252 && ! isset($_REQUEST['showall'])
253 && ! isset($_REQUEST['edit_user_dialog'])
254 && ! isset($_REQUEST['edit_user_group_dialog'])
255 && ! isset($_REQUEST['db_specific'])
257 $extra_data = PMA_getExtraDataForAjaxBehavior(
258 (isset($password) ?
$password : ''),
259 (isset($sql_query) ?
$sql_query : ''),
260 (isset($hostname) ?
$hostname : ''),
261 (isset($username) ?
$username : '')
264 if (! empty($message) && $message instanceof PMA_Message
) {
265 $response = PMA_Response
::getInstance();
266 $response->isSuccess($message->isSuccess());
267 $response->addJSON('message', $message);
268 $response->addJSON($extra_data);
276 if (isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'db') {
277 $_REQUEST['db'] = $_REQUEST['checkprivsdb'];
279 $url_query .= '&goto=db_operations.php';
281 // Gets the database structure
282 $sub_part = '_structure';
284 include 'libraries/db_info.inc.php';
285 $content = ob_get_contents();
287 $response->addHTML($content . "\n");
289 if (! empty($GLOBALS['message'])) {
290 $response->addHTML(PMA_Util
::getMessage($GLOBALS['message']));
291 unset($GLOBALS['message']);
299 PMA_getHtmlForUserGroupDialog(
300 isset($username)?
$username : null,
301 $cfgRelation['menuswork']
305 // export user definition
306 if (isset($_REQUEST['export'])
307 ||
(isset($_REQUEST['submit_mult']) && $_REQUEST['submit_mult'] == 'export')
309 list($title, $export) = PMA_getListForExportUserDefinition(
310 isset($username) ?
$username : null,
311 isset($hostname) ?
$hostname : null
314 unset($username, $hostname, $grants, $one_grant);
316 $response = PMA_Response
::getInstance();
317 if ($GLOBALS['is_ajax_request']) {
318 $response->addJSON('message', $export);
319 $response->addJSON('title', $title);
322 $response->addHTML("<h2>$title</h2>$export");
326 if (isset($_REQUEST['adduser'])) {
329 PMA_getHtmlForAddUser((isset($dbname) ?
$dbname : ''))
331 } elseif (isset($_REQUEST['checkprivsdb'])) {
332 if (isset($_REQUEST['checkprivstable'])) {
333 // check the privileges for a particular table.
335 PMA_getHtmlForSpecificTablePrivileges(
336 $_REQUEST['checkprivsdb'], $_REQUEST['checkprivstable']
340 // check the privileges for a particular database.
342 PMA_getHtmlForSpecificDbPrivileges($_REQUEST['checkprivsdb'])
346 if (! isset($username)) {
347 // No username is given --> display the overview
349 PMA_getHtmlForDisplayUserOverviewPage($pmaThemeImage, $text_dir)
352 // A user was selected -> display the user's properties
353 // In an Ajax request, prevent cached values from showing
354 if ($GLOBALS['is_ajax_request'] == true) {
355 header('Cache-Control: no-cache');
357 $url_dbname = urlencode(
360 array('_', '%'), $_REQUEST['dbname']
364 PMA_getHtmlForDisplayUserProperties(
365 ((isset ($dbname_is_wildcard)) ?
$dbname_is_wildcard : ''),
366 $url_dbname, $username, $hostname,
367 (isset($dbname) ?
$dbname : ''),
368 (isset($tablename) ?
$tablename : '')
374 if ((isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'server')
375 && $GLOBALS['cfgRelation']['menuswork']
377 $response->addHTML('</div>');