search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
update
[phpmyadmin/crack.git] / user_details.php3
blob42f0c7b9604ce50ff3d3ceb24ec691d477928f02
1 <?php
2 /* $Id$*/
3
4
5 /**
6 * Gets some core libraries
7 */
8 require('./libraries/grab_globals.lib.php3');
9 require('./libraries/common.lib.php3');
10
11
12 /**
13 * Defines the url to return to in case of error in a sql statement
14 */
15 $err_url = 'user_details.php3'
16 . '?lang=' . $lang
17 . '&amp;convcharset=' . $convcharset
18 . '&amp;server=' . $server
19 . '&amp;db=mysql'
20 . '&amp;table=user';
21
22
23 /**
24 * Displays the table of grants for an user
25 *
26 * @param mixed the id of the query used to get hosts and databases lists
27 * or an arry containing host and user informations
28 * @param mixed the database to check garnts for, FALSE for all databases
29 *
30 * @return boolean always true
31 *
32 * @global string the current language
33 * @global string the current charset for MySQL
34 * @global integer the server to use (refers to the number in the
35 * configuration file)
36 *
37 * @see PMA_checkDb()
38 *
39 * @TODO "SHOW GRANTS" statements is available and buggyless since
40 * MySQL 3.23.4 and it seems not to return privileges of the anonymous
41 * user while these privileges applies to all users.
42 */
43 function PMA_tableGrants(&$host_db_result, $dbcheck = FALSE) {
44 global $lang, $convcharset, $server;
45 ?>
46
47 <!-- Table of grants -->
48 <table border="<?php echo $GLOBALS['cfg']['Border']; ?>">
49 <tr>
50 <?php
51 // 1. Table headers
52 if ($dbcheck) {
53 echo "\n";
54 echo ' <th>' . $GLOBALS['strAction'] . '</th>' . "\n";
55 echo ' <th>' . $GLOBALS['strHost'] . '</th>' . "\n";
56 echo ' <th>' . $GLOBALS['strUser'] . '</th>';
57 } else {
58 echo "\n";
59 echo ' <th colspan="2">' . $GLOBALS['strAction'] . '</th>';
60 }
61 echo "\n";
62 echo ' <th>' . $GLOBALS['strDatabase'] . '</th>' . "\n";
63 echo ' <th>' . UCFirst($GLOBALS['strTable']) . '</th>' . "\n";
64 echo ' <th>' . $GLOBALS['strPrivileges'] . '</th>' . "\n";
65 if (!$dbcheck) {
66 echo ' <th>Grant Option</th>' . "\n";
67 }
68 ?>
69 </tr>
70 <?php
71 echo "\n";
72
73 // 2. Table body
74 $url_query = 'lang=' . $lang . '&amp;convcharset=' . $convcharset . '&amp;server=' . $server . '&amp;db=mysql&amp;table=user';
75
76 while ($row = (is_array($host_db_result) ? $host_db_result : PMA_mysql_fetch_array($host_db_result))) {
77 $local_query = 'SHOW GRANTS FOR \'' . $row['User'] . '\'@\'' . $row['Host'] . '\'';
78 $result = PMA_mysql_query($local_query);
79 $grants_cnt = ($result) ? @mysql_num_rows($result) : 0;
80
81 if ($grants_cnt) {
82 $i = 0;
83 while ($usr_row = PMA_mysql_fetch_row($result)) {
84 if (eregi('GRANT (.*) ON ([^.]+).([^.]+) TO .*$', $usr_row[0], $parts)) {
85 if ($parts[1] == 'USAGE') {
86 $priv = '';
87 } else {
88 // loic1: bug #487673 - revoke 'reference'
89 $priv = ereg_replace('REFERENCE([^S]|$)', 'REFERENCES\\1', trim($parts[1]));
90 // loic1: bug #576896 - No "FILE" privileges on a
91 // database if neither "INSERT" nor "UPDATE" one
92 if (strpos(' ' . $priv, 'FILE')
93 && !(strpos(' ' . $priv, 'INSERT') || strpos(' ' . $priv, 'UPDATE'))) {
94 $priv = ereg_replace('(^FILE(, )?)|(, FILE)', '', $priv);
95 }
96 }
97 $db = $parts[2];
98 $table = trim($parts[3]);
99 $grantopt = eregi('WITH GRANT OPTION$', $usr_row[0]);
100 } else {
101 $priv = '';
102 $db = '&nbsp;';
103 $table = '&nbsp;';
104 $column = '&nbsp;';
105 $grantopt = FALSE;
106 } // end if...else
107
108 // Password Line
109 if ($priv == '' && !$grantopt) {
110 continue;
111 }
112
113 // Checking the database (take into account wildcards)
114 if ($dbcheck
115 && ($db != '*' && $db != $dbcheck)) {
116 // TODO: db names may contain characters that are regexp
117 // instructions
118 $re = '(^|(\\\\\\\\)+|[^\])';
119 $db_regex = ereg_replace($re . '%', '\\1.*', ereg_replace($re . '_', '\\1.{1}', $db));
120 if (!eregi('^' . $db_regex . '$', $dbcheck)) {
121 continue;
122 }
123 } // end if
124
125 $bgcolor = ($i % 2) ? $GLOBALS['cfg']['BgcolorOne'] : $GLOBALS['cfg']['BgcolorTwo'];
126 $revoke_url = 'sql.php3'
127 . '?' . $url_query
128 . '&amp;sql_query=' . urlencode('REVOKE ' . $priv . ' ON ' . PMA_backquote($db) . '.' . PMA_backquote($table) . ' FROM \'' . $row['User'] . '\'@\'' . $row['Host'] . '\'')
129 . '&amp;zero_rows=' . urlencode(sprintf($GLOBALS['strRevokeMessage'], ' <span style="color: #002E80">' . $row['User'] . '@' . $row['Host'] . '</span>') . '<br />' . $GLOBALS['strRememberReload'])
130 . '&amp;goto=user_details.php3';
131 if ($grantopt) {
132 $revoke_grant_url = 'sql.php3'
133 . '?' . $url_query
134 . '&amp;sql_query=' . urlencode('REVOKE GRANT OPTION ON ' . PMA_backquote($db) . '.' . PMA_backquote($table) . ' FROM \'' . $row['User'] . '\'@\'' . $row['Host'] . '\'')
135 . '&amp;zero_rows=' . urlencode(sprintf($GLOBALS['strRevokeGrantMessage'], ' <span style="color: #002E80">' . $row['User'] . '@' . $row['Host'] . '</span>') . '<br />' . $GLOBALS['strRememberReload'])
136 . '&amp;goto=user_details.php3';
137 }
138 ?>
139 <tr>
140 <?php
141 if (!$dbcheck) {
142 if ($priv) {
143 echo "\n";
144 ?>
145 <td<?php if (!$grantopt) echo ' colspan="2"'; ?> bgcolor="<?php echo $bgcolor; ?>">
146 <a href="<?php echo $revoke_url; ?>">
147 <?php echo $GLOBALS['strRevokePriv']; ?></a>
148 </td>
149 <?php
150 }
151 if ($grantopt) {
152 echo "\n";
153 ?>
154 <td<?php if (!$priv) echo ' colspan="2"'; ?> bgcolor="<?php echo $bgcolor; ?>">
155 <a href="<?php echo $revoke_grant_url; ?>">
156 <?php echo $GLOBALS['strRevokeGrant']; ?></a>
157 </td>
158 <?php
159 }
160 } else {
161 if ($priv) {
162 echo "\n";
163 ?>
164 <td bgcolor="<?php echo $bgcolor; ?>">
165 <a href="<?php echo $revoke_url; ?>">
166 <?php echo $GLOBALS['strRevoke']; ?></a>
167 </td>
168 <?php
169 } else {
170 echo "\n";
171 ?>
172 <td bgcolor="<?php echo $bgcolor; ?>">&nbsp;</td>
173 <?php
174 }
175 echo "\n";
176 ?>
177 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo $row['Host']; ?></td>
178 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo ($row['User']) ? $row['User'] : '<span style="color: #FF0000">' . $GLOBALS['strAny'] . '</span>'; ?></td>
179 <?php
180 }
181 echo "\n";
182 ?>
183 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo ($db == '*') ? '<span style="color: #002E80">' . $GLOBALS['strAll'] . '</span>' : $db; ?></td>
184 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo ($table == '*') ? '<span style="color: #002E80">' . $GLOBALS['strAll'] . '</span>' : $table; ?></td>
185 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo ($priv != '') ? $priv : '<span style="color: #002E80">' . $GLOBALS['strNoPrivileges'] . '</span>'; ?></td>
186 <?php
187 if (!$dbcheck) {
188 echo "\n";
189 ?>
190 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo ($grantopt) ? $GLOBALS['strYes'] : $GLOBALS['strNo']; ?></td>
191 <?php
192 }
193 echo "\n";
194 ?>
195 <!-- Debug <td bgcolor="<?php echo $bgcolor; ?>"><?php echo $usr_row[0] ?></td> Debug -->
196 </tr>
197 <?php
198 $i++;
199 echo "\n";
200 } // end while $usr_row
201 } // end if $grants_cnt >0
202 // $host_db_result is an array containing related to only one user
203 // -> exit the loop
204 if (is_array($host_db_result)) {
205 break;
206 }
207 } // end while $row
208 ?>
209 </table>
210 <hr />
211
212 <?php
213 echo "\n";
214
215 return TRUE;
216 } // end of the 'PMA_tableGrants()' function
217
218
219 /**
220 * Displays the list of grants for a/all database/s
221 *
222 * @param mixed the database to check garnts for, FALSE for all databases
223 *
224 * @return boolean true/false in case of success/failure
225 *
226 * @see PMA_tableGrants()
227 */
228 function PMA_checkDb($dbcheck)
229 {
230 $local_query = 'SELECT Host, User FROM mysql.user ORDER BY Host, User';
231 $result = PMA_mysql_query($local_query);
232 $host_usr_cnt = ($result) ? @mysql_num_rows($result) : 0;
233
234 if (!$host_usr_cnt) {
235 return FALSE;
236 }
237 PMA_tableGrants($result, $dbcheck);
238
239 return TRUE;
240 } // end of the 'PMA_checkDb()' function
241
242
243 /**
244 * Displays the privileges part of a page
245 *
246 * @param string the name of the form for js validation
247 * @param array the list of the privileges of the user
248 *
249 * @return boolean always true
250 *
251 * @global integer whether all/none of the privileges have to be checked or
252 * not
253 *
254 * @see PMA_normalOperations()
255 */
256 function PMA_tablePrivileges($form, $row = FALSE)
257 {
258 global $checkpriv;
259
260 $checkpriv_url = $GLOBALS['cfg']['PmaAbsoluteUri']
261 . 'user_details.php3?';
262 if (empty($GLOBALS['QUERY_STRING'])) {
263 $GLOBALS['QUERY_STRING'] = (isset($_SERVER))
264 ? $_SERVER['QUERY_STRING']
265 : $GLOBALS['HTTP_SERVER_VARS']['QUERY_STRING'];
266 }
267 if (!empty($GLOBALS['QUERY_STRING'])) {
268 $checkpriv_url .= str_replace('&', '&amp;', $GLOBALS['QUERY_STRING']) . '&amp;';
269 }
270 ?>
271
272 <table>
273 <?php
274 echo "\n";
275 $list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
276 'Shutdown', 'Process', 'File', 'Grant', 'References', 'Index', 'Alter');
277 $item = 0;
278 while ((list(,$priv) = each($list_priv)) && ++$item) {
279 $priv_priv = $priv . '_priv';
280 if (isset($checkpriv)) {
281 $checked = ($checkpriv == 'all') ? ' checked="checked"' : '';
282 } else {
283 $checked = ($row && $row[$priv_priv] == 'Y') ? ' checked="checked"' : '';
284 }
285 if ($item % 2 == 1) {
286 echo ' <tr>' . "\n";
287 } else {
288 echo ' <td>&nbsp;</td>' . "\n";
289 }
290 echo ' <td>' . "\n";
291 echo ' <input type="checkbox" name="' . $priv . '_priv" id="checkbox_priv_' . $priv . '"' . $checked . ' />' . "\n";
292 echo ' </td>' . "\n";
293 echo ' <td><label for="checkbox_priv_' . $priv . '">' . $priv . '</label></td>' . "\n";
294 if ($item % 2 == 0) {
295 echo ' </tr>' . "\n";
296 }
297 } // end while
298 if ($item % 2 == 1) {
299 echo ' <td colspan="2">&nbsp;<td>' . "\n";
300 echo ' </tr>' . "\n";
301 } // end if
302 ?>
303 </table>
304 <table>
305 <tr>
306 <td>
307 <a href="<?php echo $checkpriv_url; ?>checkpriv=all" onclick="checkForm('<?php echo $form; ?>', true); return false">
308 <?php echo $GLOBALS['strCheckAll']; ?></a>
309 </td>
310 <td>&nbsp;</td>
311 <td>
312 <a href="<?php echo $checkpriv_url; ?>checkpriv=none" onclick="checkForm('<?php echo $form; ?>', false); return false">
313 <?php echo $GLOBALS['strUncheckAll']; ?></a>
314 </td>
315 </tr>
316 </table>
317 <?php
318 echo "\n";
319
320 return TRUE;
321 } // end of the 'PMA_tablePrivileges()' function
322
323
324 /**
325 * Displays the page for "normal" operations
326 *
327 * @return boolean always true
328 *
329 * @global string the current language
330 * @global string the current charset for MySQL
331 * @global integer the server to use (refers to the number in the
332 * configuration file)
333 *
334 * @see PMA_tablePrivileges()
335 */
336 function PMA_normalOperations()
337 {
338 global $lang, $convcharset, $server;
339 ?>
340
341 <ul>
342
343 <li>
344 <div style="margin-bottom: 10px">
345 <a href="user_details.php3?lang=<?php echo $lang; ?>&amp;convcharset=<?php echo $convcharset; ?>&amp;server=<?php echo $server; ?>&amp;db=mysql&amp;table=user&amp;mode=reload">
346 <?php echo $GLOBALS['strReloadMySQL']; ?></a>&nbsp;
347 <?php echo PMA_showDocuShort('F/L/FLUSH.html') . "\n"; ?>
348 </div>
349 </li>
350
351 <li>
352 <form name="dbPrivForm" action="user_details.php3" method="post">
353 <?php echo $GLOBALS['strCheckDbPriv'] . "\n"; ?>
354 <table>
355 <tr>
356 <td>
357 <?php echo $GLOBALS['strDatabase']; ?>&nbsp;:&nbsp;
358 <select name="db">
359 <?php
360 echo "\n";
361 $result = PMA_mysql_query('SHOW DATABASES');
362 if ($result && @mysql_num_rows($result)) {
363 while ($row = PMA_mysql_fetch_row($result)) {
364 echo ' ';
365 echo '<option value="' . str_replace('"', '&quot;', $row[0]) . '">' . htmlspecialchars($row[0]) . '</option>' . "\n";
366 } // end while
367 } // end if
368 ?>
369 </select>
370 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
371 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
372 <input type="hidden" name="server" value="<?php echo $server; ?>" />
373 <input type="hidden" name="check" value="1" />
374 <input type="submit" value="<?php echo $GLOBALS['strGo']; ?>" />
375 </td>
376 </tr>
377 </table>
378 </form>
379 </li>
380
381 <li>
382 <form action="user_details.php3" method="post" name="addUserForm" onsubmit="return checkAddUser()">
383 <?php echo $GLOBALS['strAddUser'] . "\n"; ?>
384 <table>
385 <tr>
386 <td>
387 <input type="radio" name="anyhost" id="radio_anyhost0" checked="checked" />
388 <label for="radio_anyhost0"><?php echo $GLOBALS['strAnyHost']; ?></label>
389 </td>
390 <td>&nbsp;</td>
391 <td>
392 <input type="radio" name="anyhost" id="radio_anyhost1" />
393 <label for="radio_anyhost1"><?php echo $GLOBALS['strHost']; ?></label>&nbsp;:&nbsp;
394 </td>
395 <td>
396 <input type="text" name="host" size="10" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="this.form.anyhost[1].checked = true" />
397 </td>
398 </tr>
399 <tr>
400 <td>
401 <input type="radio" name="anyuser" id="radio_anyuser0" />
402 <label for="radio_anyuser0"><?php echo $GLOBALS['strAnyUser']; ?></label>
403 </td>
404 <td>&nbsp;</td>
405 <td>
406 <input type="radio" name="anyuser" id="radio_anyuser1" checked="checked" />
407 <label for="radio_anyuser1"><?php echo $GLOBALS['strUserName']; ?></label>&nbsp;:&nbsp;
408 </td>
409 <td>
410 <input type="text" name="pma_user" size="10" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="this.form.anyuser[1].checked = true" />
411 </td>
412 </tr>
413 <tr>
414 <td>
415 <input type="radio" name="nopass" value="1" id="radio_nopass1" onclick="pma_pw.value = ''; pma_pw2.value = ''; this.checked = true" />
416 <label for="radio_nopass1"><?php echo $GLOBALS['strNoPassword']; ?></label>
417 </td>
418 <td>&nbsp;</td>
419 <td>
420 <input type="radio" name="nopass" value="0" id="radio_nopass0" checked="checked" />
421 <label for="radio_nopass0"><?php echo $GLOBALS['strPassword']; ?></label>&nbsp;:&nbsp;
422 </td>
423 <td>
424 <input type="password" name="pma_pw" size="10" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="nopass[1].checked = true" />
425 &nbsp;&nbsp;
426 <?php echo $GLOBALS['strReType']; ?>&nbsp;:&nbsp;
427 <input type="password" name="pma_pw2" size="10" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="nopass[1].checked = true" />
428 </td>
429 </tr>
430 <tr>
431 <td colspan="4">
432 <br />
433 <?php echo $GLOBALS['strPrivileges']; ?>&nbsp;:
434 <br />
435 </td>
436 </tr>
437 </table>
438 <?php
439 echo "\n";
440 PMA_tablePrivileges('addUserForm');
441 ?>
442 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
443 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
444 <input type="hidden" name="server" value="<?php echo $server; ?>" />
445 <input type="submit" name="submit_addUser" value="<?php echo $GLOBALS['strGo']; ?>" />
446 </form>
447 </li>
448
449 </ul>
450 <?php
451
452 return TRUE;
453 } // end of the 'PMA_normalOperations()' function
454
455
456 /**
457 * Displays the grant operations part of an user properties page
458 *
459 * @param array grants of the current user
460 *
461 * @return boolean always true
462 *
463 * @global string the current language
464 * @global string the current charset for MySQL
465 * @global integer the server to use (refers to the number in the
466 * configuration file)
467 * @global string the host name to check grants for
468 * @global string the username to check grants for
469 * @global string the database to check grants for
470 * @global string the table to check grants for
471 *
472 * @see PMA_tablePrivileges()
473 */
474 function PMA_grantOperations($grants)
475 {
476 global $lang, $convcharset, $server, $host, $pma_user;
477 global $dbgrant, $tablegrant, $newdb;
478 ?>
479
480 <ul>
481
482 <li>
483 <div style="margin-bottom: 10px">
484 <a href="user_details.php3?lang=<?php echo $lang; ?>&amp;convcharset=<?php echo $convcharset; ?>&amp;server=<?php echo $server; ?>&amp;db=mysql&amp;table=user">
485 <?php echo $GLOBALS['strBack']; ?></a>
486 </div>
487 </li>
488
489 <li>
490 <form action="user_details.php3" method="post" name="userGrants">
491 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
492 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
493 <input type="hidden" name="server" value="<?php echo $server; ?>" />
494 <input type="hidden" name="grants" value="1" />
495 <input type="hidden" name="host" value="<?php echo str_replace('"', '&quot;', $host); ?>" />
496 <input type="hidden" name="pma_user" value="<?php echo str_replace('"', '&quot;', $pma_user); ?>" />
497
498 <?php echo $GLOBALS['strAddPriv'] . "\n"; ?>
499 <table>
500 <tr>
501 <td>
502 <input type="radio" name="anydb" value="1" id="radio_anydb1"<?php echo ($dbgrant) ? '' : ' checked="checked"'; ?> />
503 <label for="radio_anydb1"><?php echo $GLOBALS['strAnyDatabase']; ?></label>
504 </td>
505 <td>&nbsp;&nbsp;&nbsp;</td>
506 <td>
507 <input type="radio" name="anydb" value="0" id="radio_anydb0"<?php echo ($dbgrant) ? ' checked="checked"' : ''; ?> />
508 <label for="radio_anydb0"><?php echo $GLOBALS['strDatabase']; ?></label><a href="./Documentation.html#underscore" target="documentation" title="<?php echo $GLOBALS['strDocu']; ?>">(*)</a>&nbsp;:&nbsp;
509 </td>
510 <td>
511 <select name="dbgrant" onchange="change(this)">
512 <option></option>
513 <?php
514 echo "\n";
515 // if (!isset($dbgrant)) {
516 // echo ' ';
517 // echo '<option></option>' . "\n";
518 // }
519 $is_selected_db = FALSE;
520 $result = PMA_mysql_query('SHOW DATABASES');
521 if ($result && @mysql_num_rows($result)) {
522 while ($row = PMA_mysql_fetch_row($result)) {
523 $selected = (($row[0] == $dbgrant) ? ' selected="selected"' : '');
524 if (!empty($selected)) {
525 $is_selected_db = TRUE;
526 }
527 echo ' ';
528 echo '<option' . $selected . '>' . $row[0] . '</option>' . "\n";
529 } // end while
530 } // end if
531 ?>
532 </select>
533 </td>
534 <td>
535 &nbsp;
536 <input type="submit" value="<?php echo $GLOBALS['strShowTables']; ?>" />
537 </td>
538 </tr>
539 <tr>
540 <td>
541 <input type="radio" name="anytable" value="1" id="radio_anytable1"<?php echo ($tablegrant) ? '' : ' checked="checked"'; ?> />
542 <label for="radio_anytable1"><?php echo $GLOBALS['strAnyTable']; ?></label>
543 </td>
544 <td>&nbsp;&nbsp;&nbsp;</td>
545 <td>
546 <input type="radio" name="anytable" value="0" id="radio_anytable0"<?php echo ($tablegrant) ? ' checked="checked"' : ''; ?> />
547 <label for="radio_anytable0"><?php echo $GLOBALS['strTable']; ?></label>&nbsp;:&nbsp;
548 </td>
549 <td>
550 <select name="tablegrant" onchange="change(this)">
551 <option></option>
552 <?php
553 echo "\n";
554 // if (!isset($tablegrant)) {
555 // echo ' ';
556 // echo '<option></option>' . "\n";
557 // }
558 if (isset($dbgrant)) {
559 $result = PMA_mysql_query('SHOW TABLES FROM ' . PMA_backquote($dbgrant));
560 if ($result && @mysql_num_rows($result)) {
561 while ($row = PMA_mysql_fetch_row($result)) {
562 $selected = ((isset($tablegrant) && $row[0] == $tablegrant) ? ' selected="selected"' : '');
563 echo ' ';
564 echo '<option' . $selected . '>' . $row[0] . '</option>' . "\n";
565 } // end while
566 } // end if
567 } // end if
568 ?>
569 </select>
570 </td>
571 <td>
572 &nbsp;
573 <input type="submit" value="<?php echo $GLOBALS['strShowCols']; ?>" />
574 </td>
575 </tr>
576 <tr>
577 <td valign="top">
578 <input type="radio" name="anycolumn" value="1" id="radio_anycolumn1" checked="checked" />
579 <label for="radio_anycolumn1"><?php echo $GLOBALS['strAnyColumn']; ?></label>
580 </td>
581 <td>&nbsp;&nbsp;&nbsp;</td>
582 <td valign="top">
583 <input type="radio" name="anycolumn" value="0" id="radio_anycolumn0" />
584 <label for="radio_anycolumn0"><?php echo $GLOBALS['strColumn']; ?></label>&nbsp;:&nbsp;
585 </td>
586 <td>
587 <?php
588 echo "\n";
589 if (!isset($dbgrant) || !isset($tablegrant)) {
590 echo ' ' . '<select name="colgrant[]">' . "\n";
591 echo ' ' . '<option></option>' . "\n";
592 echo ' ' . '</select>' . "\n";
593 }
594 else {
595 $result = PMA_mysql_query('SHOW COLUMNS FROM ' . PMA_backquote($tablegrant) . ' FROM ' . PMA_backquote($dbgrant));
596 if ($result && @mysql_num_rows($result)) {
597 echo ' '
598 . '<select name="colgrant[]" multiple="multiple" onchange="anycolumn[1].checked = true">' . "\n";
599 while ($row = PMA_mysql_fetch_row($result)) {
600 echo ' ';
601 echo '<option value="' . str_replace('"', '&quot;', $row[0]) . '">' . $row[0] . '</option>' . "\n";
602 } // end while
603 } else {
604 echo ' ' . '<select name="colgrant[]">' . "\n";
605 echo ' ' . '<option></option>' . "\n";
606 } // end if... else...
607 echo ' '
608 . '</select>' . "\n";
609 } // end if... else
610 ?>
611 </td>
612 <td></td>
613 </tr>
614 <tr>
615 <td colspan="5">
616 <i><?php echo $GLOBALS['strOr']; ?></i>
617 </td>
618 </tr>
619 <tr>
620 <td colspan="5">
621 <?php echo $GLOBALS['strDatabaseWildcard'] . "\n"; ?>&nbsp;
622 <input type="text" name="newdb" value="<?php echo ((!$is_selected_db && !empty($pma_user)) ? $pma_user . '%' : ''); ?>" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="change(this)" />
623 </td>
624 <tr>
625 </table>
626
627 <table>
628 <tr>
629 <td>
630 <br />
631 <?php echo $GLOBALS['strPrivileges']; ?>&nbsp;:&nbsp;
632 <br />
633 </td>
634 </tr>
635 </table>
636 <?php
637 echo "\n";
638 PMA_tablePrivileges('userGrants', $grants);
639 ?>
640 <input type="submit" name="upd_grants" value="<?php echo $GLOBALS['strGo']; ?>" />
641 </form>
642 </li>
643
644 </ul>
645 <?php
646 echo "\n";
647
648 return TRUE;
649 } // end of the 'PMA_grantOperations()' function
650
651
652 /**
653 * Displays the page to edit operations
654 *
655 * @param string the host name to check grants for
656 * @param string the user name to check grants for
657 *
658 * @return boolean always true
659 *
660 * @global string the current language
661 * @global string the current charset for MySQL
662 * @global integer the server to use (refers to the number in the
663 * configuration file)
664 *
665 * @see PMA_tablePrivileges()
666 */
667 function PMA_editOperations($host, $user)
668 {
669 global $lang, $convcharset, $server;
670
671 $result = PMA_mysql_query('SELECT * FROM mysql.user WHERE User = \'' . PMA_sqlAddslashes($user) . '\' AND Host = \'' . PMA_sqlAddslashes($host) . '\'');
672 $rows = ($result) ? @mysql_num_rows($result) : 0;
673
674 if (!$rows) {
675 return FALSE;
676 }
677
678 $row = PMA_mysql_fetch_array($result);
679 ?>
680
681 <ul>
682
683 <li>
684 <div style="margin-bottom: 10px">
685 <a href="user_details.php3?lang=<?php echo $lang; ?>&amp;convcharset=<?php echo $convcharset; ?>&amp;server=<?php echo $server; ?>&amp;db=mysql&amp;table=user">
686 <?php echo $GLOBALS['strBack']; ?></a>
687 </div>
688 </li>
689
690 <li>
691 <form action="user_details.php3" method="post" name="updUserForm" onsubmit="return checkUpdProfile()">
692 <?php echo $GLOBALS['strUpdateProfile'] . "\n"; ?>
693 <table>
694 <tr>
695 <td>
696 <input type="radio" value="1" name="anyhost" id="radio_anyhost1"<?php if ($host == '' || $host == '%') echo ' checked="checked"'; ?> />
697 <label for="radio_anyhost1"><?php echo $GLOBALS['strAnyHost']; ?></label>
698 </td>
699 <td>&nbsp;</td>
700 <td>
701 <input type="radio" value="0" name="anyhost" id="radio_anyhost0"<?php if ($host != '' && $host != '%') echo ' checked="checked"'; ?> />
702 <label for="radio_anyhost0"><?php echo $GLOBALS['strHost']; ?></label>&nbsp;:&nbsp;
703 </td>
704 <td>
705 <input type="text" name="new_server" size="10" value="<?php echo str_replace('"', '&quot;', $host); ?>" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="this.form.anyhost[1].checked = true" />
706 </td>
707 </tr>
708 <tr>
709 <td>
710 <input type="radio" value="1" name="anyuser" id="radio_anyuser1"<?php if ($user == '' || $user == '%') echo ' checked="checked"'; ?> />
711 <label for="radio_anyuser1"><?php echo $GLOBALS['strAnyUser']; ?></label>
712 </td>
713 <td>&nbsp;</td>
714 <td>
715 <input type="radio" value="0" name="anyuser" id="radio_anyuser0"<?php if ($user != '' && $user != '%') echo ' checked="checked"'; ?> />
716 <label for="radio_anyuser0"><?php echo $GLOBALS['strUserName']; ?></label>&nbsp;:&nbsp;
717 </td>
718 <td>
719 <input type="text" name="new_user" size="10" value="<?php echo str_replace('"', '&quot;', $user); ?>" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="this.form.anyuser[1].checked = true" />
720 </td>
721 </tr>
722 <tr>
723 <td>
724 <input type="radio" name="nopass" value="-1" id="radio_nopass-1" checked="checked" onclick="new_pw.value = ''; new_pw2.value = ''; this.checked = true" />
725 <label for="radio_nopass-1"><?php echo $GLOBALS['strKeepPass']; ?></label>
726 </td>
727 <td colspan="3">&nbsp;</td>
728 </tr>
729 <tr>
730 <td colspan="4" align="<?php echo $GLOBALS['cell_align_left']; ?>">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<?php echo $GLOBALS['strOr']; ?></td>
731 </tr>
732 <tr>
733 <td>
734 <input type="radio" name="nopass" value="1" id="radio_nopass1" onclick="new_pw.value = ''; new_pw2.value = ''; this.checked = true" />
735 <label for="radio_nopass1"><?php echo $GLOBALS['strNoPassword']; ?></label>
736 </td>
737 <td>&nbsp;</td>
738 <td>
739 <input type="radio" name="nopass" value="0" id="radio_nopass0" />
740 <label for="radio_nopass0"><?php echo $GLOBALS['strPassword']; ?></label>&nbsp;:&nbsp;
741 </td>
742 <td>
743 <input type="password" name="new_pw" size="10" <?php echo $GLOBALS['chg_evt_handler']; ?>="nopass[2].checked = true" />
744 &nbsp;&nbsp;
745 <?php echo $GLOBALS['strReType']; ?>&nbsp;:&nbsp;
746 <input type="password" name="new_pw2" size="10" <?php echo $GLOBALS['chg_evt_handler']; ?>="nopass[2].checked = true" />
747 </td>
748 </tr>
749 </table>
750 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
751 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
752 <input type="hidden" name="server" value="<?php echo $server; ?>" />
753 <input type="hidden" name="host" value="<?php echo str_replace('"', '&quot;', $host); ?>" />
754 <input type="hidden" name="pma_user" value="<?php echo str_replace('"', '&quot;', $user); ?>" />
755 <input type="submit" name="submit_updProfile" value="<?php echo $GLOBALS['strGo']; ?>" />
756 </form>
757 </li>
758
759 <li>
760 <form action="user_details.php3" method="post" name="privForm">
761 <?php echo $GLOBALS['strEditPrivileges'] . "\n"; ?>
762 <?php
763 PMA_tablePrivileges('privForm', $row);
764 echo "\n";
765 ?>
766 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
767 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
768 <input type="hidden" name="server" value="<?php echo $server; ?>" />
769 <input type="hidden" name="host" value="<?php echo str_replace('"', '&quot;', $host); ?>" />
770 <input type="hidden" name="pma_user" value="<?php echo str_replace('"', '&quot;', $user); ?>" />
771 <input type="submit" name="submit_chgPriv" value="<?php echo $GLOBALS['strGo']; ?>" />
772 </form>
773 </li>
774
775 </ul>
776 <?php
777 echo "\n";
778
779 return TRUE;
780 } // end of the 'PMA_editOperations()' function
781
782
783 /**
784 * Displays the table of the users
785 *
786 * @param string the host name
787 * @param string the user name
788 *
789 * @return boolean always true
790 *
791 * @global string the current language
792 * @global string the current charset for MySQL
793 * @global integer the server to use (refers to the number in the
794 * configuration file)
795 */
796 function PMA_tableUsers($host = FALSE, $user = FALSE)
797 {
798 global $lang, $convcharset, $server;
799
800 $local_query = 'SELECT * FROM mysql.user ';
801 if ($host || $user) {
802 $local_query .= ' WHERE 1 ';
803 }
804 if ($host) {
805 $local_query .= ' AND Host = \'' . PMA_sqlAddslashes($host) . '\'';
806 $local_query .= ' AND User = \'' . PMA_sqlAddslashes($user) . '\'';
807 }
808 $local_query .= ' ORDER BY Host, User';
809 $result = PMA_mysql_query($local_query);
810 $rows = ($result) ? @mysql_num_rows($result) : 0;
811
812 if (!$rows) {
813 return FALSE;
814 }
815
816 echo '<i>' . $GLOBALS['strEnglishPrivileges'] . '</i><br />' . "\n";
817 echo '<table border="' . $GLOBALS['cfg']['Border'] . '">' . "\n";
818 echo '<tr>' . "\n";
819 echo ' <th colspan="'. (($user) ? '2' : '3') . '">' . $GLOBALS['strAction'] . '</th>' . "\n";
820 echo ' <th>' . $GLOBALS['strHost'] . '</th>' . "\n";
821 echo ' <th>' . $GLOBALS['strUser'] . '</th>' . "\n";
822 echo ' <th>' . $GLOBALS['strPassword'] . '</th>' . "\n";
823 echo ' <th>' . $GLOBALS['strPrivileges'] . '</th>' . "\n";
824 echo '</tr>' . "\n";
825
826 $i = 0;
827 while ($row = PMA_mysql_fetch_array($result)) {
828
829 $bgcolor = ($i % 2) ? $GLOBALS['cfg']['BgcolorOne'] : $GLOBALS['cfg']['BgcolorTwo'];
830
831 $strPriv = '';
832 if ($row['Select_priv'] == 'Y') {
833 $strPriv .= 'Select ';
834 }
835 if ($row['Insert_priv'] == 'Y') {
836 $strPriv .= 'Insert ';
837 }
838 if ($row['Update_priv'] == 'Y') {
839 $strPriv .= 'Update ';
840 }
841 if ($row['Delete_priv'] == 'Y') {
842 $strPriv .= 'Delete ';
843 }
844 if ($row['Create_priv'] == 'Y') {
845 $strPriv .= 'Create ';
846 }
847 if ($row['Drop_priv'] == 'Y') {
848 $strPriv .= 'Drop ';
849 }
850 if ($row['Reload_priv'] == 'Y') {
851 $strPriv .= 'Reload ';
852 }
853 if ($row['Shutdown_priv'] == 'Y') {
854 $strPriv .= 'Shutdown ';
855 }
856 if ($row['Process_priv'] == 'Y') {
857 $strPriv .= 'Process ';
858 }
859 if ($row['File_priv'] == 'Y') {
860 $strPriv .= 'File ';
861 }
862 if ($row['Grant_priv'] == 'Y') {
863 $strPriv .= 'Grant ';
864 }
865 if ($row['References_priv'] == 'Y') {
866 $strPriv .= 'References ';
867 }
868 if ($row['Index_priv'] == 'Y') {
869 $strPriv .= 'Index ';
870 }
871 if ($row['Alter_priv'] == 'Y') {
872 $strPriv .= 'Alter ';
873 }
874 if ($strPriv == '') {
875 $strPriv = '<span style="color: #002E80">' . $GLOBALS['strNoPrivileges'] . '</span>';
876 }
877
878 $query = 'lang=' . $lang . '&amp;server=' . $server . '&amp;db=mysql&amp;table=user&amp;convcharset=' . $convcharset;
879 if (!$user) {
880 $edit_url = 'user_details.php3'
881 . '?lang=' . $lang . '&amp;convcharset=' . $convcharset . '&amp;server=' . $server
882 . '&amp;edit=1&amp;host=' . urlencode($row['Host']) . '&amp;pma_user=' . urlencode($row['User']);
883 }
884 $delete_url = 'user_details.php3'
885 . '?' . $query
886 . '&amp;delete=1&amp;confirm=1&amp;delete_host=' . urlencode($row['Host']) . '&amp;delete_user=' . urlencode($row['User']);
887 $check_url = 'user_details.php3'
888 . '?lang=' . $lang . '&amp;convcharset=' . $convcharset . '&amp;server=' . $server
889 . '&amp;grants=1&amp;host=' . urlencode($row['Host']) . '&amp;pma_user=' . urlencode($row['User']);
890 ?>
891
892 <tr>
893 <?php
894 if (!$user) {
895 echo "\n";
896 ?>
897 <td bgcolor="<?php echo $bgcolor;?>">
898 <a href="<?php echo $edit_url; ?>">
899 <?php echo $GLOBALS['strEdit']; ?></a>
900 </td>
901 <?php
902 }
903 echo "\n";
904 ?>
905 <td bgcolor="<?php echo $bgcolor;?>">
906 <a href="<?php echo $delete_url; ?>">
907 <?php echo $GLOBALS['strDelete']; ?></a>
908 </td>
909 <td bgcolor="<?php echo $bgcolor;?>">
910 <a href="<?php echo $check_url; ?>">
911 <?php echo $GLOBALS['strGrants']; ?></a>
912 </td>
913 <!--
914 <td bgcolor="<?php echo $bgcolor;?>">
915 <a href="<?php echo (($check_url != '') ? $check_url : '#'); ?>">
916 <?php echo $GLOBALS['strGrants']; ?></a>
917 </td>
918 //-->
919 <td bgcolor="<?php echo $bgcolor;?>">
920 <?php echo $row['Host'] . "\n"; ?>
921 </td>
922 <td bgcolor="<?php echo $bgcolor;?>">
923 <?php echo (($row['User']) ? '<b>' . $row['User'] . '</b>' : '<span style="color: #FF0000">' . $GLOBALS['strAny'] . '</span>') . "\n"; ?>
924 </td>
925 <td bgcolor="<?php echo $bgcolor;?>">
926 <?php echo (($row[$GLOBALS['password_field']]) ? $GLOBALS['strYes'] : '<span style="color: #FF0000">' . $GLOBALS['strNo'] . '</span>') . "\n"; ?>
927 </td>
928 <td bgcolor="<?php echo $bgcolor;?>">
929 <?php echo $strPriv . "\n"; ?>
930 </td>
931 </tr>
932 <?php
933 echo "\n";
934 $i++;
935 } // end while
936
937 echo "\n";
938 ?>
939 </table>
940 <hr />
941 <?php
942 echo "\n";
943
944 return TRUE;
945 } // end of the 'PMA_tableUsers()' function
946
947
948 /**
949 * Displays a confirmation form
950 *
951 * @param string the host name and...
952 * @param string ... the username to delete
953 *
954 * @global string the current language
955 * @global string the current charset for MySQL
956 * @global integer the server to use (refers to the number in the
957 * configuration file)
958 */
959 function PMA_confirm($the_host, $the_user) {
960 global $lang, $convcharset, $server;
961
962 if (get_magic_quotes_gpc() == 1) {
963 $the_host = stripslashes($the_host);
964 $the_user = stripslashes($the_user);
965 }
966
967 echo $GLOBALS['strConfirm'] . '&nbsp;:&nbsp<br />' . "\n";
968 echo 'DELETE FROM mysql.user WHERE Host = \'' . $the_host . '\' AND User = \'' . $the_user . '\'' . '<br />' . "\n";
969 ?>
970 <form action="user_details.php3" method="post">
971 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
972 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
973 <input type="hidden" name="server" value="<?php echo $server; ?>" />
974 <input type="hidden" name="db" value="mysql" />
975 <input type="hidden" name="table" value="user" />
976 <input type="hidden" name="delete" value="<?php echo(isset($GLOBALS['delete']) ? '1' : '0'); ?>" />
977 <input type="hidden" name="delete_host" value="<?php echo str_replace('"', '&quot;', $the_host); ?>" />
978 <input type="hidden" name="delete_user" value="<?php echo str_replace('"', '&quot;', $the_user); ?>" />
979 <input type="submit" name="btnConfirm" value="<?php echo $GLOBALS['strYes']; ?>" />
980 <input type="submit" name="btnConfirm" value="<?php echo $GLOBALS['strNo']; ?>" />
981 </form>
982 <?php
983 echo "\n";
984
985 include('./footer.inc.php3');
986 } // end of the 'PMA_confirm()' function
987
988
989
990 /**
991 * Ensures the user is super-user and gets the case sensitive password field
992 * name
993 */
994 $result = @PMA_mysql_query('USE mysql');
995 if (PMA_mysql_error()) {
996 include('./header.inc.php3');
997 echo '<p><b>' . $strError . '</b></p>' . "\n";
998 echo '<p>&nbsp;&nbsp;&nbsp;&nbsp;' . $strNoRights . '</p>' . "\n";
999 include('./footer.inc.php3');
1000 exit();
1001 }
1002 // The previous logic did not work if the password field is named "password":
1003 //$result = @PMA_mysql_query('SELECT COUNT(Password) FROM mysql.user');
1004 //$password_field = (($result && PMA_mysql_result($result, 0)) ? 'Password' : 'password');
1005
1006 // using a syntax that works with older and recent MySQL,
1007 // and assumes that the field name ends with "assword":
1008 $result = @PMA_mysql_query('SHOW FIELDS FROM user FROM mysql LIKE \'%assword\'');
1009 if ($result) {
1010 $password_field = PMA_mysql_result($result, 0);
1011 }
1012
1013 /**
1014 * Autocomplete feature of IE kills the "onchange" event handler and it must be
1015 * replaced by the "onpropertychange" one in this case
1016 */
1017 $chg_evt_handler = (PMA_USR_BROWSER_AGENT == 'IE' && PMA_USR_BROWSER_VER >= 5)
1018 ? 'onpropertychange'
1019 : 'onchange';
1020
1021
1022 /**
1023 * Displays headers
1024 */
1025 if (isset($db)) {
1026 $db_bkp = (get_magic_quotes_gpc() ? stripslashes($db) : $db);
1027 unset($db);
1028 }
1029 if (isset($table)) {
1030 $table_bkp = (get_magic_quotes_gpc() ? stripslashes($table) : $table);
1031 unset($table);
1032 }
1033 if (get_magic_quotes_gpc()) {
1034 if (!empty($host)) {
1035 $host = stripslashes($host);
1036 }
1037 if (!empty($pma_user)) {
1038 $pma_user = stripslashes($pma_user);
1039 }
1040 }
1041
1042 if (!isset($message)) {
1043 $js_to_run = 'user_details.js';
1044 include('./header.inc.php3');
1045 }
1046 if (!isset($submit_updProfile)) {
1047 echo '<h1>' . "\n";
1048 echo ' ' . ((!isset($host) || $host == '') ? $strAnyHost : $strHost . ' ' . $host) . ' - ' . ((!isset($pma_user) || $pma_user == '') ? $strAnyUser : $strUser . ' ' . $pma_user) . "\n";
1049 echo '</h1>';
1050 }
1051 if (isset($message)) {
1052 $show_query = '1';
1053 PMA_showMessage($message);
1054 }
1055
1056 if (isset($db_bkp)) {
1057 $db = $db_bkp;
1058 unset($db_bkp);
1059 }
1060 if (isset($table_bkp)) {
1061 $table = $table_bkp;
1062 unset($table_bkp);
1063 }
1064
1065
1066 /**
1067 * Some actions has been submitted
1068 */
1069 // Confirms an action
1070 if (isset($confirm) && $confirm) {
1071 PMA_confirm($delete_host, $delete_user);
1072 exit();
1073 }
1074
1075 // Reloads mysql
1076 else if (($server > 0) && isset($mode) && ($mode == 'reload')) {
1077 $result = PMA_mysql_query('FLUSH PRIVILEGES');
1078 if ($result != 0) {
1079 echo '<p><b>' . $strMySQLReloaded . '</b></p>' . "\n";
1080 } else {
1081 echo '<p><b>' . $strReloadFailed . '</b></p>' . "\n";
1082 }
1083 }
1084
1085 // Deletes an user
1086 else if (isset($delete) && $delete
1087 && isset($btnConfirm) && $btnConfirm == $strYes) {
1088 if (get_magic_quotes_gpc()) {
1089 $delete_host = stripslashes($delete_host);
1090 $delete_user = stripslashes($delete_user);
1091 }
1092 $common_where = ' WHERE Host = \'' . PMA_sqlAddslashes($delete_host) . '\' AND User = \'' . PMA_sqlAddslashes($delete_user) . '\'';
1093
1094 // Delete Grants First!
1095 $sql_query = 'DELETE FROM mysql.db' . $common_where;
1096 $sql_query_cpy = $sql_query;
1097 PMA_mysql_query($sql_query);
1098 $sql_query = 'DELETE FROM mysql.tables_priv' . $common_where;
1099 $sql_query_cpy .= ";\n" . $sql_query;
1100 PMA_mysql_query($sql_query);
1101 $sql_query = 'DELETE FROM mysql.columns_priv' . $common_where;
1102 $sql_query_cpy .= ";\n" . $sql_query;
1103 PMA_mysql_query($sql_query);
1104
1105 $sql_query = 'DELETE FROM mysql.user' . $common_where;
1106 $sql_query_cpy .= ";\n" . $sql_query;
1107 $result = PMA_mysql_query($sql_query);
1108
1109 $sql_query = $sql_query_cpy;
1110 unset($sql_query_cpy);
1111 if ($result) {
1112 PMA_showMessage(sprintf($strDeleteUserMessage, '<span style="color: #002E80">' . $delete_user . '@' . $delete_host . '</span>') . '<br />' . $strRememberReload);
1113 } else {
1114 PMA_showMessage($strDeleteFailed);
1115 }
1116 }
1117
1118 // Adds an user
1119 else if (isset($submit_addUser)) {
1120 $show_query = '1';
1121 if (!isset($host) || $host == '') {
1122 $host = '%';
1123 }
1124 if (!isset($pma_user) || $pma_user == '') {
1125 $pma_user = '%';
1126 }
1127
1128 // Password is not confirmed
1129 if ((!isset($nopass) || !$nopass) && $pma_pw == '') {
1130 echo '<p><b>' . $strError . '&nbsp;:&nbsp;' . $strPasswordEmpty . '</b></p>' . "\n";
1131 unset($host);
1132 unset($pma_user);
1133 }
1134 else if ($pma_pw != ''
1135 && (!isset($pma_pw2) || $pma_pw != $pma_pw2)) {
1136 echo '<p><b>' . $strError . '&nbsp;:&nbsp;' . $strPasswordNotSame . '</b></p>' . "\n";
1137 unset($host);
1138 unset($pma_user);
1139 }
1140
1141 // Password confirmed
1142 else {
1143 $sql_query = '';
1144 $list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
1145 'Shutdown', 'Process', 'File', 'Grant', 'References', 'Index', 'Alter');
1146 for ($i = 0; $i < 14; $i++) {
1147 $priv_name = $list_priv[$i] . '_priv';
1148 if (isset($$priv_name)) {
1149 $sql_query .= (empty($sql_query) ? $priv_name : ', ' . $priv_name) . ' = \'Y\'';
1150 } else {
1151 $sql_query .= (empty($sql_query) ? $priv_name : ', ' . $priv_name) . ' = \'N\'';
1152 }
1153 } // end for
1154 unset($list_priv);
1155
1156 if (get_magic_quotes_gpc() && $pma_pw != '') {
1157 $pma_pw = stripslashes($pma_pw);
1158 }
1159
1160 $local_query = 'INSERT INTO mysql.user '
1161 . 'SET Host = \'' . PMA_sqlAddslashes($host) . '\', User = \'' . PMA_sqlAddslashes($pma_user) . '\', ' . $password_field . ' = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . PMA_sqlAddslashes($pma_pw) . '\')')
1162 . ', ' . $sql_query;
1163 $sql_query = 'INSERT INTO mysql.user '
1164 . 'SET Host = \'' . PMA_sqlAddslashes($host) . '\', User = \'' . PMA_sqlAddslashes($pma_user) . '\', ' . $password_field . ' = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . ereg_replace('.', '*', $pma_pw) . '\')')
1165 . ', ' . $sql_query;
1166 $result = @PMA_mysql_query($local_query) or PMA_mysqlDie('', '', FALSE, $err_url);
1167 unset($host);
1168 unset($pma_user);
1169 PMA_showMessage($strAddUserMessage . '<br />' . $strRememberReload);
1170 } // end else
1171 }
1172
1173 // Updates the profile of an user
1174 else if (isset($submit_updProfile)) {
1175 $show_query = '1';
1176 $edit = TRUE;
1177 if (!isset($host) || $host == '') {
1178 $host = '%';
1179 }
1180 if (!isset($pma_user) || $pma_user == '') {
1181 $pma_user = '%';
1182 }
1183
1184 // Builds the sql query
1185 $common_upd = '';
1186
1187 if (isset($anyhost) && $anyhost) {
1188 $new_server = '%';
1189 } else if ($new_server != '' && get_magic_quotes_gpc()) {
1190 $new_server = stripslashes($new_server);
1191 }
1192 if ($new_server != '' && $new_server != $host) {
1193 $common_upd .= 'Host = \'' . PMA_sqlAddslashes($new_server) . '\'';
1194 } else if (isset($new_server)) {
1195 unset($new_server);
1196 }
1197
1198 if (isset($anyuser) && $anyuser) {
1199 $new_user = '%';
1200 } else if ($new_user != '' && get_magic_quotes_gpc()) {
1201 $new_user = stripslashes($new_user);
1202 }
1203 if ($new_user != '' && $new_user != $pma_user) {
1204 $common_upd .= (empty($common_upd) ? '' : ', ')
1205 . 'User = \'' . PMA_sqlAddslashes($new_user) . '\'';
1206 } else if (isset($new_user)) {
1207 unset($new_user);
1208 }
1209
1210 if (isset($nopass) && $nopass == -1) {
1211 $sql_query = $common_upd;
1212 $local_query = $common_upd;
1213 }
1214 else if ((!isset($nopass) || $nopass == 0) && $new_pw == '') {
1215 echo '<h1>' . "\n";
1216 echo ' ' . $strHost . ' ' . $host . ' - ' . $strUser . ' ' . (($pma_user != '') ? $pma_user : $strAny) . "\n";
1217 echo '</h1>' . "\n";
1218 echo '<p><b>' . $strError . '&nbsp;:&nbsp;' . $strPasswordEmpty . '</b></p>' . "\n";
1219 }
1220 else if ($new_pw != ''
1221 && (!isset($new_pw2) || $new_pw != $new_pw2)) {
1222 echo '<h1>' . "\n";
1223 echo ' ' . $strHost . ' ' . $host . ' - ' . $strUser . ' ' . (($pma_user != '') ? $pma_user : $strAny) . "\n";
1224 echo '</h1>' . "\n";
1225 echo '<p><b>' . $strError . '&nbsp;:&nbsp;' . $strPasswordNotSame . '</b></p>' . "\n";
1226 }
1227 else {
1228 $sql_query = (empty($common_upd) ? '' : $common_upd . ', ')
1229 . $password_field . ' = ' . (($new_pw == '') ? '\'\'' : 'PASSWORD(\'' . ereg_replace('.', '*', $new_pw) . '\')');
1230 $local_query = (empty($common_upd) ? '' : $common_upd . ', ')
1231 . $password_field . ' = ' . (($new_pw == '') ? '\'\'' : 'PASSWORD(\'' . PMA_sqlAddslashes($new_pw) . '\')');
1232 }
1233
1234 if (!empty($sql_query)) {
1235 $common_where = ' WHERE Host = \'' . PMA_sqlAddslashes($host) . '\' AND User = \'' . PMA_sqlAddslashes($pma_user) . '\'';
1236
1237 // Updates profile
1238 $local_query = 'UPDATE user SET ' . $local_query . $common_where;
1239 $sql_query_cpy = 'UPDATE user SET ' . $sql_query . $common_where;
1240 $result = @PMA_mysql_query($local_query) or PMA_mysqlDie('', '', FALSE, $err_url . '&amp;host=' . urlencode($host) . '&amp;pma_user=' . urlencode($pma_user) . '&amp;edit=1');
1241
1242 // Updates grants
1243 if (isset($new_server) || isset($new_user)) {
1244 $sql_query = 'UPDATE mysql.db SET ' . $common_upd . $common_where;
1245 $sql_query_cpy .= ";\n" . $sql_query;
1246 PMA_mysql_query($sql_query);
1247 $sql_query = 'UPDATE mysql.tables_priv SET ' . $common_upd . $common_where;
1248 $sql_query_cpy .= ";\n" . $sql_query;
1249 PMA_mysql_query($sql_query);
1250 $sql_query = 'UPDATE mysql.columns_priv SET ' . $common_upd . $common_where;
1251 $sql_query_cpy .= ";\n" . $sql_query;
1252 PMA_mysql_query($sql_query);
1253 unset($common_upd);
1254 }
1255
1256 $sql_query = $sql_query_cpy;
1257 unset($sql_query_cpy);
1258 if (isset($new_server)) {
1259 $host = $new_server;
1260 }
1261 if (isset($new_user)) {
1262 $pma_user = $new_user;
1263 }
1264 echo '<h1>' . "\n";
1265 echo ' ' . $strHost . ' ' . $host . ' - ' . $strUser . ' ' . (($pma_user != '') ? $pma_user : $strAny) . "\n";
1266 echo '</h1>' . "\n";
1267 PMA_showMessage($strUpdateProfileMessage . '<br />' . $strRememberReload);
1268 } else {
1269 echo '<h1>' . "\n";
1270 echo ' ' . $strHost . ' ' . $host . ' - ' . $strUser . ' ' . (($pma_user != '') ? $pma_user : $strAny) . "\n";
1271 echo '</h1>' . "\n";
1272 PMA_showMessage($strNoModification);
1273 }
1274 }
1275
1276 // Changes the privileges of an user
1277 else if (isset($submit_chgPriv)) {
1278 $show_query = '1';
1279 $edit = TRUE;
1280 if (!isset($host) || $host == '') {
1281 $host = '%';
1282 }
1283 if (!isset($pma_user) || $pma_user == '') {
1284 $pma_user = '%';
1285 }
1286
1287 $sql_query = '';
1288 $list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
1289 'Shutdown', 'Process', 'File', 'Grant', 'References', 'Index', 'Alter');
1290 for ($i = 0; $i < 14; $i++) {
1291 $priv_name = $list_priv[$i] . '_priv';
1292 if (isset($$priv_name)) {
1293 $sql_query .= (empty($sql_query) ? $priv_name : ', ' . $priv_name) . ' = \'Y\'';
1294 } else {
1295 $sql_query .= (empty($sql_query) ? $priv_name : ', ' . $priv_name) . ' = \'N\'';
1296 }
1297 } // end for
1298 unset($list_priv);
1299
1300 $sql_query = 'UPDATE user SET '
1301 . $sql_query
1302 . ' WHERE Host = \'' . PMA_sqlAddslashes($host) . '\' AND User = \'' . PMA_sqlAddslashes($pma_user) . '\'';
1303 $result = @PMA_mysql_query($sql_query) or PMA_mysqlDie('', '', FALSE, $err_url . '&amp;host=' . urlencode($host) . '&amp;pma_user=' . urlencode($pma_user) . '&amp;edit=1');
1304 PMA_showMessage(sprintf($strUpdatePrivMessage, '<span style="color: #002E80">' . $pma_user . '@' . $host . '</span>') . '<br />' . $strRememberReload);
1305 }
1306
1307 // Revoke/Grant privileges
1308 else if (isset($grants) && $grants) {
1309 $show_query = '1';
1310 if (!isset($host) || $host == '') {
1311 $host = '%';
1312 }
1313 if (!isset($pma_user) || $pma_user == '') {
1314 $pma_user = '%';
1315 }
1316
1317 if (isset($upd_grants)) {
1318 $sql_query = '';
1319 $col_list = '';
1320
1321 if (isset($colgrant) && !$anycolumn && !$newdb) {
1322 $colgrant_cnt = count($colgrant);
1323 for ($i = 0; $i < $colgrant_cnt; $i++) {
1324 if (get_magic_quotes_gpc()) {
1325 $colgrant[$i] = stripslashes($colgrant[$i]);
1326 }
1327 $col_list .= (empty($col_list) ? PMA_backquote($colgrant[$i]) : ', ' . PMA_backquote($colgrant[$i]));
1328 } // end for
1329 unset($colgrant);
1330 $col_list = ' (' . $col_list . ')';
1331 } // end if
1332
1333 $list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
1334 'Shutdown', 'Process', 'File', 'References', 'Index', 'Alter');
1335 for ($i = 0; $i < 13; $i++) {
1336 $priv_name = $list_priv[$i] . '_priv';
1337 if (isset($$priv_name)) {
1338 $sql_query .= (empty($sql_query) ? $list_priv[$i] : ', ' . $list_priv[$i]) . $col_list;
1339 }
1340 } // end for
1341 unset($list_priv);
1342 if (empty($sql_query)) {
1343 $sql_query = 'USAGE' . $col_list;
1344 }
1345 $priv_grant = 'Grant_priv';
1346 $priv_grant = (isset($$priv_grant) ? ' WITH GRANT OPTION' : '');
1347
1348 if (get_magic_quotes_gpc()) {
1349 if ($newdb) {
1350 $newdb = stripslashes($newdb);
1351 } else {
1352 if (isset($dbgrant) && !$anydb && !$newdb) {
1353 $dbgrant = stripslashes($dbgrant);
1354 }
1355 if (isset($tablegrant) && !$anytable && !$newdb) {
1356 $tablegrant = stripslashes($tablegrant);
1357 }
1358 }
1359 } // end if
1360
1361 // Escape wilcard characters if required
1362 if (isset($dbgrant) && !$anydb && !$newdb) {
1363 $re = '(^|(\\\\\\\\)+|[^\])(_|%)'; // non-escaped wildcards
1364 $dbgrant = ereg_replace($re, '\\1\\\\3', $dbgrant);
1365 }
1366
1367 if (!$newdb) {
1368 $sql_query .= ' ON '
1369 . (($anydb || $dbgrant == '') ? '*' : PMA_backquote($dbgrant))
1370 . '.'
1371 . (($anytable || $tablegrant == '') ? '*' : PMA_backquote($tablegrant));
1372 } else {
1373 $sql_query .= ' ON ' . PMA_backquote($newdb) . '.*';
1374 }
1375
1376 $sql_query .= ' TO ' . '\'' . PMA_sqlAddslashes($pma_user) . '\'' . '@' . '\'' . PMA_sqlAddslashes($host) . '\'';
1377
1378 $sql_query = 'GRANT ' . $sql_query . $priv_grant;
1379 $result = @PMA_mysql_query($sql_query) or PMA_mysqlDie('', '', FALSE, $err_url . '&amp;host=' . urlencode($host) . '&amp;pma_user=' . urlencode($pma_user) . '&amp;grants=1');
1380 PMA_showMessage($strAddPrivMessage . '.<br />' . $strRememberReload);
1381 } // end if
1382 }
1383
1384
1385
1386 /**
1387 * Displays the page
1388 */
1389 // Edit an user properies
1390 if (isset($edit) && $edit) {
1391 PMA_tableUsers($host, $pma_user);
1392 PMA_editOperations($host, $pma_user);
1393 }
1394
1395 // Revoke/Grant privileges for an user
1396 else if (isset($grants) && $grants) {
1397 // Displays the full list of privileges for this host & user
1398 $infos['Host'] = $host;
1399 $infos['User'] = $pma_user;
1400 PMA_tableGrants($infos);
1401
1402 // Displays the list of privileges for user on the selected db/table/column
1403 $user_priv = array();
1404 $list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
1405 'Shutdown', 'Process', 'File', 'Grant', 'References', 'Index',
1406 'Alter');
1407 $list_priv_new = array();
1408
1409 // Gets globals privileges
1410 $result = PMA_mysql_query('SELECT * FROM mysql.user WHERE (Host = \'' . PMA_sqlAddslashes($host) . '\' OR Host = \'%\') AND (User = \'' . PMA_sqlAddslashes($pma_user) . '\' OR User = \'\')');
1411 $row = ($result) ? @PMA_mysql_fetch_array($result) : FALSE;
1412 if ($row) {
1413 while (list(,$priv) = each($list_priv)) {
1414 $priv_priv = $priv . '_priv';
1415 if ($row[$priv_priv] == 'Y') {
1416 $user_priv[$priv_priv] = 'Y';
1417 } else {
1418 $user_priv[$priv_priv] = 'N';
1419 $list_priv_new[] = $priv;
1420 }
1421 } // end while
1422 mysql_free_result($result);
1423 $list_priv = $list_priv_new;
1424 unset($list_priv_new);
1425 $list_priv_new = array();
1426 } // end if $row
1427
1428 // If a target database is set, gets privileges for this database
1429 if (count($list_priv) && isset($dbgrant)) {
1430 if (get_magic_quotes_gpc()) {
1431 $dbgrant = stripslashes($dbgrant);
1432 }
1433 $result = PMA_mysql_query('SELECT * FROM mysql.db WHERE (Host = \'' . PMA_sqlAddslashes($host) . '\' OR Host = \'%\') AND (User = \'' . PMA_sqlAddslashes($pma_user) . '\' OR User = \'\') AND Db = \'' . PMA_sqlAddslashes($dbgrant) . '\'');
1434 $row = ($result) ? @PMA_mysql_fetch_array($result) : FALSE;
1435 if ($row) {
1436 while (list(,$priv) = each($list_priv)) {
1437 $priv_priv = $priv . '_priv';
1438 if (isset($row[$priv_priv]) && $row[$priv_priv] == 'Y') {
1439 $user_priv[$priv_priv] = 'Y';
1440 } else {
1441 $list_priv_new[] = $priv;
1442 }
1443 } // end while
1444 mysql_free_result($result);
1445 $list_priv = $list_priv_new;
1446 unset($list_priv_new);
1447 $list_priv_new = array();
1448 } // end if $row
1449 } // end if
1450
1451 // If a target table is set, gets privileges for this table
1452 if (count($list_priv) && isset($tablegrant)) {
1453 if (get_magic_quotes_gpc()) {
1454 $tablegrant = stripslashes($tablegrant);
1455 }
1456 $result = PMA_mysql_query('SELECT * FROM mysql.tables_priv WHERE (Host = \'' . PMA_sqlAddslashes($host) . '\' OR Host = \'%\') AND (User = \'' . PMA_sqlAddslashes($pma_user) . '\' OR User = \'\') AND Db = \'' . PMA_sqlAddslashes($dbgrant) . '\' AND Table_name = \'' . PMA_sqlAddslashes($tablegrant) . '\'');
1457 $row = ($result) ? @PMA_mysql_fetch_array($result) : FALSE;
1458 if ($row && $row['Table_priv']) {
1459 while (list(,$priv) = each($list_priv)) {
1460 $priv_priv = $priv . '_priv';
1461 if (eregi('(^|,)' . $priv . '(,|$)', $row['Table_priv'])) {
1462 $user_priv[$priv_priv] = 'Y';
1463 } else {
1464 $list_priv_new[] = $priv;
1465 }
1466 } // end while
1467 mysql_free_result($result);
1468 $list_priv = $list_priv_new;
1469 unset($list_priv_new);
1470 $list_priv_new = array();
1471 } // end if $row
1472 } // end if
1473
1474 // TODO: column privileges
1475
1476 PMA_grantOperations($user_priv);
1477 }
1478
1479 // Check database privileges
1480 else if (isset($check) && $check) {
1481 PMA_checkDb($db);
1482 ?>
1483 <ul>
1484 <li>
1485 <a href="user_details.php3?lang=<?php echo $lang;?>&amp;convcharset=<?php echo $convcharset; ?>&amp;server=<?php echo $server; ?>&amp;db=mysql&amp;table=user">
1486 <?php echo $strBack; ?></a>
1487 </li>
1488 </ul>
1489 <?php
1490 echo "\n";
1491 }
1492
1493 // Displays all users profiles
1494 else {
1495 if (!isset($host)) {
1496 $host = FALSE;
1497 }
1498 if (!isset($pma_user)) {
1499 $pma_user = FALSE;
1500 }
1501 PMA_tableUsers($host, $pma_user) or PMA_mysqlDie($strNoUsersFound, '', FALSE, '');
1502 PMA_normalOperations();
1503 }
1504
1505
1506 /**
1507 * Displays the footer
1508 */
1509 require('./footer.inc.php3');
1510 ?>
Drizzle / GSOC 2011