search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
update
[phpmyadmin/crack.git] / user_details.php3
blob3b8ffa581bd1754c819edd6c0a1b1670198ee0b7
1 <?php
2 /* $Id$*/
3
4
5 /**
6 * Gets some core libraries
7 */
8 require('./libraries/grab_globals.lib.php3');
9 require('./libraries/common.lib.php3');
10
11
12 /**
13 * Defines the url to return to in case of error in a sql statement
14 */
15 $err_url = 'user_details.php3'
16 . '?lang=' . $lang
17 . '&amp;convcharset=' . $convcharset
18 . '&amp;server=' . $server
19 . '&amp;db=mysql'
20 . '&amp;table=user';
21
22
23 /**
24 * Displays the table of grants for an user
25 *
26 * @param mixed the id of the query used to get hosts and databases lists
27 * or an arry containing host and user informations
28 * @param mixed the database to check garnts for, FALSE for all databases
29 *
30 * @return boolean always true
31 *
32 * @global string the current language
33 * @global string the current charset for MySQL
34 * @global integer the server to use (refers to the number in the
35 * configuration file)
36 *
37 * @see PMA_checkDb()
38 *
39 * @TODO "SHOW GRANTS" statements is available and buggyless since
40 * MySQL 3.23.4 and it seems not to return privileges of the anonymous
41 * user while these privileges applies to all users.
42 */
43 function PMA_tableGrants(&$host_db_result, $dbcheck = FALSE) {
44 global $lang, $convcharset, $server;
45 ?>
46
47 <!-- Table of grants -->
48 <table border="<?php echo $GLOBALS['cfg']['Border']; ?>">
49 <tr>
50 <?php
51 // 1. Table headers
52 if ($dbcheck) {
53 echo "\n";
54 echo ' <th>' . $GLOBALS['strAction'] . '</th>' . "\n";
55 echo ' <th>' . $GLOBALS['strHost'] . '</th>' . "\n";
56 echo ' <th>' . $GLOBALS['strUser'] . '</th>';
57 } else {
58 echo "\n";
59 echo ' <th colspan="2">' . $GLOBALS['strAction'] . '</th>';
60 }
61 echo "\n";
62 echo ' <th>' . $GLOBALS['strDatabase'] . '</th>' . "\n";
63 echo ' <th>' . UCFirst($GLOBALS['strTable']) . '</th>' . "\n";
64 echo ' <th>' . $GLOBALS['strPrivileges'] . '</th>' . "\n";
65 if (!$dbcheck) {
66 echo ' <th>Grant Option</th>' . "\n";
67 }
68 ?>
69 </tr>
70 <?php
71 echo "\n";
72
73 // 2. Table body
74 $url_query = 'lang=' . $lang . '&amp;convcharset=' . $convcharset . '&amp;server=' . $server . '&amp;db=mysql&amp;table=user';
75
76 while ($row = (is_array($host_db_result) ? $host_db_result : PMA_mysql_fetch_array($host_db_result))) {
77 $local_query = 'SHOW GRANTS FOR \'' . $row['User'] . '\'@\'' . $row['Host'] . '\'';
78 $result = PMA_mysql_query($local_query);
79 $grants_cnt = ($result) ? @mysql_num_rows($result) : 0;
80
81 if ($grants_cnt) {
82 $i = 0;
83 while ($usr_row = PMA_mysql_fetch_row($result)) {
84 if (eregi('GRANT (.*) ON ([^.]+).([^.]+) TO .*$', $usr_row[0], $parts)) {
85 // loic1: bug #487673 - revoke 'reference'
86 if ($parts[1] == 'USAGE') {
87 $priv = '';
88 } else {
89 $priv = ereg_replace('REFERENCE([^S]|$)', 'REFERENCES\\1', trim($parts[1]));
90 }
91 $db = $parts[2];
92 $table = trim($parts[3]);
93 $grantopt = eregi('WITH GRANT OPTION$', $usr_row[0]);
94 } else {
95 $priv = '';
96 $db = '&nbsp;';
97 $table = '&nbsp;';
98 $column = '&nbsp;';
99 $grantopt = FALSE;
100 } // end if...else
101
102 // Password Line
103 if ($priv == '' && !$grantopt) {
104 continue;
105 }
106
107 // Checking the database (take into account wildcards)
108 if ($dbcheck
109 && ($db != '*' && $db != $dbcheck)) {
110 // TODO: db names may contain characters that are regexp
111 // instructions
112 $re = '(^|(\\\\\\\\)+|[^\])';
113 $db_regex = ereg_replace($re . '%', '\\1.*', ereg_replace($re . '_', '\\1.{1}', $db));
114 if (!eregi('^' . $db_regex . '$', $dbcheck)) {
115 continue;
116 }
117 } // end if
118
119 $bgcolor = ($i % 2) ? $GLOBALS['cfg']['BgcolorOne'] : $GLOBALS['cfg']['BgcolorTwo'];
120 $revoke_url = 'sql.php3'
121 . '?' . $url_query
122 . '&amp;sql_query=' . urlencode('REVOKE ' . $priv . ' ON ' . PMA_backquote($db) . '.' . PMA_backquote($table) . ' FROM \'' . $row['User'] . '\'@\'' . $row['Host'] . '\'')
123 . '&amp;zero_rows=' . urlencode(sprintf($GLOBALS['strRevokeMessage'], ' <span style="color: #002E80">' . $row['User'] . '@' . $row['Host'] . '</span>') . '<br />' . $GLOBALS['strRememberReload'])
124 . '&amp;goto=user_details.php3';
125 if ($grantopt) {
126 $revoke_grant_url = 'sql.php3'
127 . '?' . $url_query
128 . '&amp;sql_query=' . urlencode('REVOKE GRANT OPTION ON ' . PMA_backquote($db) . '.' . PMA_backquote($table) . ' FROM \'' . $row['User'] . '\'@\'' . $row['Host'] . '\'')
129 . '&amp;zero_rows=' . urlencode(sprintf($GLOBALS['strRevokeGrantMessage'], ' <span style="color: #002E80">' . $row['User'] . '@' . $row['Host'] . '</span>') . '<br />' . $GLOBALS['strRememberReload'])
130 . '&amp;goto=user_details.php3';
131 }
132 ?>
133 <tr>
134 <?php
135 if (!$dbcheck) {
136 if ($priv) {
137 echo "\n";
138 ?>
139 <td<?php if (!$grantopt) echo ' colspan="2"'; ?> bgcolor="<?php echo $bgcolor; ?>">
140 <a href="<?php echo $revoke_url; ?>">
141 <?php echo $GLOBALS['strRevokePriv']; ?></a>
142 </td>
143 <?php
144 }
145 if ($grantopt) {
146 echo "\n";
147 ?>
148 <td<?php if (!$priv) echo ' colspan="2"'; ?> bgcolor="<?php echo $bgcolor; ?>">
149 <a href="<?php echo $revoke_grant_url; ?>">
150 <?php echo $GLOBALS['strRevokeGrant']; ?></a>
151 </td>
152 <?php
153 }
154 } else {
155 if ($priv) {
156 echo "\n";
157 ?>
158 <td bgcolor="<?php echo $bgcolor; ?>">
159 <a href="<?php echo $revoke_url; ?>">
160 <?php echo $GLOBALS['strRevoke']; ?></a>
161 </td>
162 <?php
163 } else {
164 echo "\n";
165 ?>
166 <td bgcolor="<?php echo $bgcolor; ?>">&nbsp;</td>
167 <?php
168 }
169 echo "\n";
170 ?>
171 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo $row['Host']; ?></td>
172 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo ($row['User']) ? $row['User'] : '<span style="color: #FF0000">' . $GLOBALS['strAny'] . '</span>'; ?></td>
173 <?php
174 }
175 echo "\n";
176 ?>
177 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo ($db == '*') ? '<span style="color: #002E80">' . $GLOBALS['strAll'] . '</span>' : $db; ?></td>
178 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo ($table == '*') ? '<span style="color: #002E80">' . $GLOBALS['strAll'] . '</span>' : $table; ?></td>
179 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo ($priv != '') ? $priv : '<span style="color: #002E80">' . $GLOBALS['strNoPrivileges'] . '</span>'; ?></td>
180 <?php
181 if (!$dbcheck) {
182 echo "\n";
183 ?>
184 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo ($grantopt) ? $GLOBALS['strYes'] : $GLOBALS['strNo']; ?></td>
185 <?php
186 }
187 echo "\n";
188 ?>
189 <!-- Debug <td bgcolor="<?php echo $bgcolor; ?>"><?php echo $usr_row[0] ?></td> Debug -->
190 </tr>
191 <?php
192 $i++;
193 echo "\n";
194 } // end while $usr_row
195 } // end if $grants_cnt >0
196 // $host_db_result is an array containing related to only one user
197 // -> exit the loop
198 if (is_array($host_db_result)) {
199 break;
200 }
201 } // end while $row
202 ?>
203 </table>
204 <hr />
205
206 <?php
207 echo "\n";
208
209 return TRUE;
210 } // end of the 'PMA_tableGrants()' function
211
212
213 /**
214 * Displays the list of grants for a/all database/s
215 *
216 * @param mixed the database to check garnts for, FALSE for all databases
217 *
218 * @return boolean true/false in case of success/failure
219 *
220 * @see PMA_tableGrants()
221 */
222 function PMA_checkDb($dbcheck)
223 {
224 $local_query = 'SELECT Host, User FROM mysql.user ORDER BY Host, User';
225 $result = PMA_mysql_query($local_query);
226 $host_usr_cnt = ($result) ? @mysql_num_rows($result) : 0;
227
228 if (!$host_usr_cnt) {
229 return FALSE;
230 }
231 PMA_tableGrants($result, $dbcheck);
232
233 return TRUE;
234 } // end of the 'PMA_checkDb()' function
235
236
237 /**
238 * Displays the privileges part of a page
239 *
240 * @param string the name of the form for js validation
241 * @param array the list of the privileges of the user
242 *
243 * @return boolean always true
244 *
245 * @global integer whether all/none of the privileges have to be checked or
246 * not
247 *
248 * @see PMA_normalOperations()
249 */
250 function PMA_tablePrivileges($form, $row = FALSE)
251 {
252 global $checkpriv;
253
254 $checkpriv_url = $GLOBALS['cfg']['PmaAbsoluteUri']
255 . 'user_details.php3?';
256 if (empty($GLOBALS['QUERY_STRING'])) {
257 $GLOBALS['QUERY_STRING'] = (isset($_SERVER))
258 ? $_SERVER['QUERY_STRING']
259 : $GLOBALS['HTTP_SERVER_VARS']['QUERY_STRING'];
260 }
261 if (!empty($GLOBALS['QUERY_STRING'])) {
262 $checkpriv_url .= str_replace('&', '&amp;', $GLOBALS['QUERY_STRING']) . '&amp;';
263 }
264 ?>
265
266 <table>
267 <?php
268 echo "\n";
269 $list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
270 'Shutdown', 'Process', 'File', 'Grant', 'References', 'Index', 'Alter');
271 $item = 0;
272 while ((list(,$priv) = each($list_priv)) && ++$item) {
273 $priv_priv = $priv . '_priv';
274 if (isset($checkpriv)) {
275 $checked = ($checkpriv == 'all') ? ' checked="checked"' : '';
276 } else {
277 $checked = ($row && $row[$priv_priv] == 'Y') ? ' checked="checked"' : '';
278 }
279 if ($item % 2 == 1) {
280 echo ' <tr>' . "\n";
281 } else {
282 echo ' <td>&nbsp;</td>' . "\n";
283 }
284 echo ' <td>' . "\n";
285 echo ' <input type="checkbox" name="' . $priv . '_priv" id="checkbox_priv_' . $priv . '"' . $checked . ' />' . "\n";
286 echo ' </td>' . "\n";
287 echo ' <td><label for="checkbox_priv_' . $priv . '">' . $priv . '</label></td>' . "\n";
288 if ($item % 2 == 0) {
289 echo ' </tr>' . "\n";
290 }
291 } // end while
292 if ($item % 2 == 1) {
293 echo ' <td colspan="2">&nbsp;<td>' . "\n";
294 echo ' </tr>' . "\n";
295 } // end if
296 ?>
297 </table>
298 <table>
299 <tr>
300 <td>
301 <a href="<?php echo $checkpriv_url; ?>checkpriv=all" onclick="checkForm('<?php echo $form; ?>', true); return false">
302 <?php echo $GLOBALS['strCheckAll']; ?></a>
303 </td>
304 <td>&nbsp;</td>
305 <td>
306 <a href="<?php echo $checkpriv_url; ?>checkpriv=none" onclick="checkForm('<?php echo $form; ?>', false); return false">
307 <?php echo $GLOBALS['strUncheckAll']; ?></a>
308 </td>
309 </tr>
310 </table>
311 <?php
312 echo "\n";
313
314 return TRUE;
315 } // end of the 'PMA_tablePrivileges()' function
316
317
318 /**
319 * Displays the page for "normal" operations
320 *
321 * @return boolean always true
322 *
323 * @global string the current language
324 * @global string the current charset for MySQL
325 * @global integer the server to use (refers to the number in the
326 * configuration file)
327 *
328 * @see PMA_tablePrivileges()
329 */
330 function PMA_normalOperations()
331 {
332 global $lang, $convcharset, $server;
333 ?>
334
335 <ul>
336
337 <li>
338 <div style="margin-bottom: 10px">
339 <a href="user_details.php3?lang=<?php echo $lang; ?>&amp;convcharset=<?php echo $convcharset; ?>&amp;server=<?php echo $server; ?>&amp;db=mysql&amp;table=user&amp;mode=reload">
340 <?php echo $GLOBALS['strReloadMySQL']; ?></a>&nbsp;
341 <?php echo PMA_showDocuShort('F/L/FLUSH.html') . "\n"; ?>
342 </div>
343 </li>
344
345 <li>
346 <form name="dbPrivForm" action="user_details.php3" method="post">
347 <?php echo $GLOBALS['strCheckDbPriv'] . "\n"; ?>
348 <table>
349 <tr>
350 <td>
351 <?php echo $GLOBALS['strDatabase']; ?>&nbsp;:&nbsp;
352 <select name="db">
353 <?php
354 echo "\n";
355 $result = PMA_mysql_query('SHOW DATABASES');
356 if ($result && @mysql_num_rows($result)) {
357 while ($row = PMA_mysql_fetch_row($result)) {
358 echo ' ';
359 echo '<option value="' . str_replace('"', '&quot;', $row[0]) . '">' . htmlspecialchars($row[0]) . '</option>' . "\n";
360 } // end while
361 } // end if
362 ?>
363 </select>
364 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
365 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
366 <input type="hidden" name="server" value="<?php echo $server; ?>" />
367 <input type="hidden" name="check" value="1" />
368 <input type="submit" value="<?php echo $GLOBALS['strGo']; ?>" />
369 </td>
370 </tr>
371 </table>
372 </form>
373 </li>
374
375 <li>
376 <form action="user_details.php3" method="post" name="addUserForm" onsubmit="return checkAddUser()">
377 <?php echo $GLOBALS['strAddUser'] . "\n"; ?>
378 <table>
379 <tr>
380 <td>
381 <input type="radio" name="anyhost" id="radio_anyhost0" checked="checked" />
382 <label for="radio_anyhost0"><?php echo $GLOBALS['strAnyHost']; ?></label>
383 </td>
384 <td>&nbsp;</td>
385 <td>
386 <input type="radio" name="anyhost" id="radio_anyhost1" />
387 <label for="radio_anyhost1"><?php echo $GLOBALS['strHost']; ?></label>&nbsp;:&nbsp;
388 </td>
389 <td>
390 <input type="text" name="host" size="10" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="this.form.anyhost[1].checked = true" />
391 </td>
392 </tr>
393 <tr>
394 <td>
395 <input type="radio" name="anyuser" id="radio_anyuser0" />
396 <label for="radio_anyuser0"><?php echo $GLOBALS['strAnyUser']; ?></label>
397 </td>
398 <td>&nbsp;</td>
399 <td>
400 <input type="radio" name="anyuser" id="radio_anyuser1" checked="checked" />
401 <label for="radio_anyuser1"><?php echo $GLOBALS['strUserName']; ?></label>&nbsp;:&nbsp;
402 </td>
403 <td>
404 <input type="text" name="pma_user" size="10" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="this.form.anyuser[1].checked = true" />
405 </td>
406 </tr>
407 <tr>
408 <td>
409 <input type="radio" name="nopass" value="1" id="radio_nopass1" onclick="pma_pw.value = ''; pma_pw2.value = ''; this.checked = true" />
410 <label for="radio_nopass1"><?php echo $GLOBALS['strNoPassword']; ?></label>
411 </td>
412 <td>&nbsp;</td>
413 <td>
414 <input type="radio" name="nopass" value="0" id="radio_nopass0" checked="checked" />
415 <label for="radio_nopass0"><?php echo $GLOBALS['strPassword']; ?></label>&nbsp;:&nbsp;
416 </td>
417 <td>
418 <input type="password" name="pma_pw" size="10" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="nopass[1].checked = true" />
419 &nbsp;&nbsp;
420 <?php echo $GLOBALS['strReType']; ?>&nbsp;:&nbsp;
421 <input type="password" name="pma_pw2" size="10" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="nopass[1].checked = true" />
422 </td>
423 </tr>
424 <tr>
425 <td colspan="4">
426 <br />
427 <?php echo $GLOBALS['strPrivileges']; ?>&nbsp;:
428 <br />
429 </td>
430 </tr>
431 </table>
432 <?php
433 echo "\n";
434 PMA_tablePrivileges('addUserForm');
435 ?>
436 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
437 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
438 <input type="hidden" name="server" value="<?php echo $server; ?>" />
439 <input type="submit" name="submit_addUser" value="<?php echo $GLOBALS['strGo']; ?>" />
440 </form>
441 </li>
442
443 </ul>
444 <?php
445
446 return TRUE;
447 } // end of the 'PMA_normalOperations()' function
448
449
450 /**
451 * Displays the grant operations part of an user properties page
452 *
453 * @param array grants of the current user
454 *
455 * @return boolean always true
456 *
457 * @global string the current language
458 * @global string the current charset for MySQL
459 * @global integer the server to use (refers to the number in the
460 * configuration file)
461 * @global string the host name to check grants for
462 * @global string the username to check grants for
463 * @global string the database to check grants for
464 * @global string the table to check grants for
465 *
466 * @see PMA_tablePrivileges()
467 */
468 function PMA_grantOperations($grants)
469 {
470 global $lang, $convcharset, $server, $host, $pma_user;
471 global $dbgrant, $tablegrant, $newdb;
472 ?>
473
474 <ul>
475
476 <li>
477 <div style="margin-bottom: 10px">
478 <a href="user_details.php3?lang=<?php echo $lang; ?>&amp;convcharset=<?php echo $convcharset; ?>&amp;server=<?php echo $server; ?>&amp;db=mysql&amp;table=user">
479 <?php echo $GLOBALS['strBack']; ?></a>
480 </div>
481 </li>
482
483 <li>
484 <form action="user_details.php3" method="post" name="userGrants">
485 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
486 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
487 <input type="hidden" name="server" value="<?php echo $server; ?>" />
488 <input type="hidden" name="grants" value="1" />
489 <input type="hidden" name="host" value="<?php echo str_replace('"', '&quot;', $host); ?>" />
490 <input type="hidden" name="pma_user" value="<?php echo str_replace('"', '&quot;', $pma_user); ?>" />
491
492 <?php echo $GLOBALS['strAddPriv'] . "\n"; ?>
493 <table>
494 <tr>
495 <td>
496 <input type="radio" name="anydb" value="1" id="radio_anydb1"<?php echo ($dbgrant) ? '' : ' checked="checked"'; ?> />
497 <label for="radio_anydb1"><?php echo $GLOBALS['strAnyDatabase']; ?></label>
498 </td>
499 <td>&nbsp;&nbsp;&nbsp;</td>
500 <td>
501 <input type="radio" name="anydb" value="0" id="radio_anydb0"<?php echo ($dbgrant) ? ' checked="checked"' : ''; ?> />
502 <label for="radio_anydb0"><?php echo $GLOBALS['strDatabase']; ?></label><a href="./Documentation.html#underscore" target="documentation" title="<?php echo $GLOBALS['strDocu']; ?>">(*)</a>&nbsp;:&nbsp;
503 </td>
504 <td>
505 <select name="dbgrant" onchange="change(this)">
506 <option></option>
507 <?php
508 echo "\n";
509 // if (!isset($dbgrant)) {
510 // echo ' ';
511 // echo '<option></option>' . "\n";
512 // }
513 $is_selected_db = FALSE;
514 $result = PMA_mysql_query('SHOW DATABASES');
515 if ($result && @mysql_num_rows($result)) {
516 while ($row = PMA_mysql_fetch_row($result)) {
517 $selected = (($row[0] == $dbgrant) ? ' selected="selected"' : '');
518 if (!empty($selected)) {
519 $is_selected_db = TRUE;
520 }
521 echo ' ';
522 echo '<option' . $selected . '>' . $row[0] . '</option>' . "\n";
523 } // end while
524 } // end if
525 ?>
526 </select>
527 </td>
528 <td>
529 &nbsp;
530 <input type="submit" value="<?php echo $GLOBALS['strShowTables']; ?>" />
531 </td>
532 </tr>
533 <tr>
534 <td>
535 <input type="radio" name="anytable" value="1" id="radio_anytable1"<?php echo ($tablegrant) ? '' : ' checked="checked"'; ?> />
536 <label for="radio_anytable1"><?php echo $GLOBALS['strAnyTable']; ?></label>
537 </td>
538 <td>&nbsp;&nbsp;&nbsp;</td>
539 <td>
540 <input type="radio" name="anytable" value="0" id="radio_anytable0"<?php echo ($tablegrant) ? ' checked="checked"' : ''; ?> />
541 <label for="radio_anytable0"><?php echo $GLOBALS['strTable']; ?></label>&nbsp;:&nbsp;
542 </td>
543 <td>
544 <select name="tablegrant" onchange="change(this)">
545 <option></option>
546 <?php
547 echo "\n";
548 // if (!isset($tablegrant)) {
549 // echo ' ';
550 // echo '<option></option>' . "\n";
551 // }
552 if (isset($dbgrant)) {
553 $result = PMA_mysql_query('SHOW TABLES FROM ' . PMA_backquote($dbgrant));
554 if ($result && @mysql_num_rows($result)) {
555 while ($row = PMA_mysql_fetch_row($result)) {
556 $selected = ((isset($tablegrant) && $row[0] == $tablegrant) ? ' selected="selected"' : '');
557 echo ' ';
558 echo '<option' . $selected . '>' . $row[0] . '</option>' . "\n";
559 } // end while
560 } // end if
561 } // end if
562 ?>
563 </select>
564 </td>
565 <td>
566 &nbsp;
567 <input type="submit" value="<?php echo $GLOBALS['strShowCols']; ?>" />
568 </td>
569 </tr>
570 <tr>
571 <td valign="top">
572 <input type="radio" name="anycolumn" value="1" id="radio_anycolumn1" checked="checked" />
573 <label for="radio_anycolumn1"><?php echo $GLOBALS['strAnyColumn']; ?></label>
574 </td>
575 <td>&nbsp;&nbsp;&nbsp;</td>
576 <td valign="top">
577 <input type="radio" name="anycolumn" value="0" id="radio_anycolumn0" />
578 <label for="radio_anycolumn0"><?php echo $GLOBALS['strColumn']; ?></label>&nbsp;:&nbsp;
579 </td>
580 <td>
581 <?php
582 echo "\n";
583 if (!isset($dbgrant) || !isset($tablegrant)) {
584 echo ' ' . '<select name="colgrant[]">' . "\n";
585 echo ' ' . '<option></option>' . "\n";
586 echo ' ' . '</select>' . "\n";
587 }
588 else {
589 $result = PMA_mysql_query('SHOW COLUMNS FROM ' . PMA_backquote($tablegrant) . ' FROM ' . PMA_backquote($dbgrant));
590 if ($result && @mysql_num_rows($result)) {
591 echo ' '
592 . '<select name="colgrant[]" multiple="multiple" onchange="anycolumn[1].checked = true">' . "\n";
593 while ($row = PMA_mysql_fetch_row($result)) {
594 echo ' ';
595 echo '<option value="' . str_replace('"', '&quot;', $row[0]) . '">' . $row[0] . '</option>' . "\n";
596 } // end while
597 } else {
598 echo ' ' . '<select name="colgrant[]">' . "\n";
599 echo ' ' . '<option></option>' . "\n";
600 } // end if... else...
601 echo ' '
602 . '</select>' . "\n";
603 } // end if... else
604 ?>
605 </td>
606 <td></td>
607 </tr>
608 <tr>
609 <td colspan="5">
610 <i><?php echo $GLOBALS['strOr']; ?></i>
611 </td>
612 </tr>
613 <tr>
614 <td colspan="5">
615 <?php echo $GLOBALS['strDatabaseWildcard'] . "\n"; ?>&nbsp;
616 <input type="text" name="newdb" value="<?php echo ((!$is_selected_db && !empty($pma_user)) ? $pma_user . '%' : ''); ?>" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="change(this)" />
617 </td>
618 <tr>
619 </table>
620
621 <table>
622 <tr>
623 <td>
624 <br />
625 <?php echo $GLOBALS['strPrivileges']; ?>&nbsp;:&nbsp;
626 <br />
627 </td>
628 </tr>
629 </table>
630 <?php
631 echo "\n";
632 PMA_tablePrivileges('userGrants', $grants);
633 ?>
634 <input type="submit" name="upd_grants" value="<?php echo $GLOBALS['strGo']; ?>" />
635 </form>
636 </li>
637
638 </ul>
639 <?php
640 echo "\n";
641
642 return TRUE;
643 } // end of the 'PMA_grantOperations()' function
644
645
646 /**
647 * Displays the page to edit operations
648 *
649 * @param string the host name to check grants for
650 * @param string the user name to check grants for
651 *
652 * @return boolean always true
653 *
654 * @global string the current language
655 * @global string the current charset for MySQL
656 * @global integer the server to use (refers to the number in the
657 * configuration file)
658 *
659 * @see PMA_tablePrivileges()
660 */
661 function PMA_editOperations($host, $user)
662 {
663 global $lang, $convcharset, $server;
664
665 $result = PMA_mysql_query('SELECT * FROM mysql.user WHERE User = \'' . PMA_sqlAddslashes($user) . '\' AND Host = \'' . PMA_sqlAddslashes($host) . '\'');
666 $rows = ($result) ? @mysql_num_rows($result) : 0;
667
668 if (!$rows) {
669 return FALSE;
670 }
671
672 $row = PMA_mysql_fetch_array($result);
673 ?>
674
675 <ul>
676
677 <li>
678 <div style="margin-bottom: 10px">
679 <a href="user_details.php3?lang=<?php echo $lang; ?>&amp;convcharset=<?php echo $convcharset; ?>&amp;server=<?php echo $server; ?>&amp;db=mysql&amp;table=user">
680 <?php echo $GLOBALS['strBack']; ?></a>
681 </div>
682 </li>
683
684 <li>
685 <form action="user_details.php3" method="post" name="updUserForm" onsubmit="return checkUpdProfile()">
686 <?php echo $GLOBALS['strUpdateProfile'] . "\n"; ?>
687 <table>
688 <tr>
689 <td>
690 <input type="radio" value="1" name="anyhost" id="radio_anyhost1"<?php if ($host == '' || $host == '%') echo ' checked="checked"'; ?> />
691 <label for="radio_anyhost1"><?php echo $GLOBALS['strAnyHost']; ?></label>
692 </td>
693 <td>&nbsp;</td>
694 <td>
695 <input type="radio" value="0" name="anyhost" id="radio_anyhost0"<?php if ($host != '' && $host != '%') echo ' checked="checked"'; ?> />
696 <label for="radio_anyhost0"><?php echo $GLOBALS['strHost']; ?></label>&nbsp;:&nbsp;
697 </td>
698 <td>
699 <input type="text" name="new_server" size="10" value="<?php echo str_replace('"', '&quot;', $host); ?>" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="this.form.anyhost[1].checked = true" />
700 </td>
701 </tr>
702 <tr>
703 <td>
704 <input type="radio" value="1" name="anyuser" id="radio_anyuser1"<?php if ($user == '' || $user == '%') echo ' checked="checked"'; ?> />
705 <label for="radio_anyuser1"><?php echo $GLOBALS['strAnyUser']; ?></label>
706 </td>
707 <td>&nbsp;</td>
708 <td>
709 <input type="radio" value="0" name="anyuser" id="radio_anyuser0"<?php if ($user != '' && $user != '%') echo ' checked="checked"'; ?> />
710 <label for="radio_anyuser0"><?php echo $GLOBALS['strUserName']; ?></label>&nbsp;:&nbsp;
711 </td>
712 <td>
713 <input type="text" name="new_user" size="10" value="<?php echo str_replace('"', '&quot;', $user); ?>" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="this.form.anyuser[1].checked = true" />
714 </td>
715 </tr>
716 <tr>
717 <td>
718 <input type="radio" name="nopass" value="-1" id="radio_nopass-1" checked="checked" onclick="new_pw.value = ''; new_pw2.value = ''; this.checked = true" />
719 <label for="radio_nopass-1"><?php echo $GLOBALS['strKeepPass']; ?></label>
720 </td>
721 <td colspan="3">&nbsp;</td>
722 </tr>
723 <tr>
724 <td colspan="4" align="<?php echo $GLOBALS['cell_align_left']; ?>">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<?php echo $GLOBALS['strOr']; ?></td>
725 </tr>
726 <tr>
727 <td>
728 <input type="radio" name="nopass" value="1" id="radio_nopass1" onclick="new_pw.value = ''; new_pw2.value = ''; this.checked = true" />
729 <label for="radio_nopass1"><?php echo $GLOBALS['strNoPassword']; ?></label>
730 </td>
731 <td>&nbsp;</td>
732 <td>
733 <input type="radio" name="nopass" value="0" id="radio_nopass0" />
734 <label for="radio_nopass0"><?php echo $GLOBALS['strPassword']; ?></label>&nbsp;:&nbsp;
735 </td>
736 <td>
737 <input type="password" name="new_pw" size="10" <?php echo $GLOBALS['chg_evt_handler']; ?>="nopass[2].checked = true" />
738 &nbsp;&nbsp;
739 <?php echo $GLOBALS['strReType']; ?>&nbsp;:&nbsp;
740 <input type="password" name="new_pw2" size="10" <?php echo $GLOBALS['chg_evt_handler']; ?>="nopass[2].checked = true" />
741 </td>
742 </tr>
743 </table>
744 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
745 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
746 <input type="hidden" name="server" value="<?php echo $server; ?>" />
747 <input type="hidden" name="host" value="<?php echo str_replace('"', '&quot;', $host); ?>" />
748 <input type="hidden" name="pma_user" value="<?php echo str_replace('"', '&quot;', $user); ?>" />
749 <input type="submit" name="submit_updProfile" value="<?php echo $GLOBALS['strGo']; ?>" />
750 </form>
751 </li>
752
753 <li>
754 <form action="user_details.php3" method="post" name="privForm">
755 <?php echo $GLOBALS['strEditPrivileges'] . "\n"; ?>
756 <?php
757 PMA_tablePrivileges('privForm', $row);
758 echo "\n";
759 ?>
760 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
761 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
762 <input type="hidden" name="server" value="<?php echo $server; ?>" />
763 <input type="hidden" name="host" value="<?php echo str_replace('"', '&quot;', $host); ?>" />
764 <input type="hidden" name="pma_user" value="<?php echo str_replace('"', '&quot;', $user); ?>" />
765 <input type="submit" name="submit_chgPriv" value="<?php echo $GLOBALS['strGo']; ?>" />
766 </form>
767 </li>
768
769 </ul>
770 <?php
771 echo "\n";
772
773 return TRUE;
774 } // end of the 'PMA_editOperations()' function
775
776
777 /**
778 * Displays the table of the users
779 *
780 * @param string the host name
781 * @param string the user name
782 *
783 * @return boolean always true
784 *
785 * @global string the current language
786 * @global string the current charset for MySQL
787 * @global integer the server to use (refers to the number in the
788 * configuration file)
789 */
790 function PMA_tableUsers($host = FALSE, $user = FALSE)
791 {
792 global $lang, $convcharset, $server;
793
794 $local_query = 'SELECT * FROM mysql.user ';
795 if ($host || $user) {
796 $local_query .= ' WHERE 1 ';
797 }
798 if ($host) {
799 $local_query .= ' AND Host = \'' . PMA_sqlAddslashes($host) . '\'';
800 $local_query .= ' AND User = \'' . PMA_sqlAddslashes($user) . '\'';
801 }
802 $local_query .= ' ORDER BY Host, User';
803 $result = PMA_mysql_query($local_query);
804 $rows = ($result) ? @mysql_num_rows($result) : 0;
805
806 if (!$rows) {
807 return FALSE;
808 }
809
810 echo '<i>' . $GLOBALS['strEnglishPrivileges'] . '</i><br />' . "\n";
811 echo '<table border="' . $GLOBALS['cfg']['Border'] . '">' . "\n";
812 echo '<tr>' . "\n";
813 echo ' <th colspan="'. (($user) ? '2' : '3') . '">' . $GLOBALS['strAction'] . '</th>' . "\n";
814 echo ' <th>' . $GLOBALS['strHost'] . '</th>' . "\n";
815 echo ' <th>' . $GLOBALS['strUser'] . '</th>' . "\n";
816 echo ' <th>' . $GLOBALS['strPassword'] . '</th>' . "\n";
817 echo ' <th>' . $GLOBALS['strPrivileges'] . '</th>' . "\n";
818 echo '</tr>' . "\n";
819
820 $i = 0;
821 while ($row = PMA_mysql_fetch_array($result)) {
822
823 $bgcolor = ($i % 2) ? $GLOBALS['cfg']['BgcolorOne'] : $GLOBALS['cfg']['BgcolorTwo'];
824
825 $strPriv = '';
826 if ($row['Select_priv'] == 'Y') {
827 $strPriv .= 'Select ';
828 }
829 if ($row['Insert_priv'] == 'Y') {
830 $strPriv .= 'Insert ';
831 }
832 if ($row['Update_priv'] == 'Y') {
833 $strPriv .= 'Update ';
834 }
835 if ($row['Delete_priv'] == 'Y') {
836 $strPriv .= 'Delete ';
837 }
838 if ($row['Create_priv'] == 'Y') {
839 $strPriv .= 'Create ';
840 }
841 if ($row['Drop_priv'] == 'Y') {
842 $strPriv .= 'Drop ';
843 }
844 if ($row['Reload_priv'] == 'Y') {
845 $strPriv .= 'Reload ';
846 }
847 if ($row['Shutdown_priv'] == 'Y') {
848 $strPriv .= 'Shutdown ';
849 }
850 if ($row['Process_priv'] == 'Y') {
851 $strPriv .= 'Process ';
852 }
853 if ($row['File_priv'] == 'Y') {
854 $strPriv .= 'File ';
855 }
856 if ($row['Grant_priv'] == 'Y') {
857 $strPriv .= 'Grant ';
858 }
859 if ($row['References_priv'] == 'Y') {
860 $strPriv .= 'References ';
861 }
862 if ($row['Index_priv'] == 'Y') {
863 $strPriv .= 'Index ';
864 }
865 if ($row['Alter_priv'] == 'Y') {
866 $strPriv .= 'Alter ';
867 }
868 if ($strPriv == '') {
869 $strPriv = '<span style="color: #002E80">' . $GLOBALS['strNoPrivileges'] . '</span>';
870 }
871
872 $query = 'lang=' . $lang . '&amp;server=' . $server . '&amp;db=mysql&amp;table=user&amp;convcharset=' . $convcharset;
873 if (!$user) {
874 $edit_url = 'user_details.php3'
875 . '?lang=' . $lang . '&amp;convcharset=' . $convcharset . '&amp;server=' . $server
876 . '&amp;edit=1&amp;host=' . urlencode($row['Host']) . '&amp;pma_user=' . urlencode($row['User']);
877 }
878 $delete_url = 'user_details.php3'
879 . '?' . $query
880 . '&amp;delete=1&amp;confirm=1&amp;delete_host=' . urlencode($row['Host']) . '&amp;delete_user=' . urlencode($row['User']);
881 $check_url = 'user_details.php3'
882 . '?lang=' . $lang . '&amp;convcharset=' . $convcharset . '&amp;server=' . $server
883 . '&amp;grants=1&amp;host=' . urlencode($row['Host']) . '&amp;pma_user=' . urlencode($row['User']);
884 ?>
885
886 <tr>
887 <?php
888 if (!$user) {
889 echo "\n";
890 ?>
891 <td bgcolor="<?php echo $bgcolor;?>">
892 <a href="<?php echo $edit_url; ?>">
893 <?php echo $GLOBALS['strEdit']; ?></a>
894 </td>
895 <?php
896 }
897 echo "\n";
898 ?>
899 <td bgcolor="<?php echo $bgcolor;?>">
900 <a href="<?php echo $delete_url; ?>">
901 <?php echo $GLOBALS['strDelete']; ?></a>
902 </td>
903 <td bgcolor="<?php echo $bgcolor;?>">
904 <a href="<?php echo $check_url; ?>">
905 <?php echo $GLOBALS['strGrants']; ?></a>
906 </td>
907 <!--
908 <td bgcolor="<?php echo $bgcolor;?>">
909 <a href="<?php echo (($check_url != '') ? $check_url : '#'); ?>">
910 <?php echo $GLOBALS['strGrants']; ?></a>
911 </td>
912 //-->
913 <td bgcolor="<?php echo $bgcolor;?>">
914 <?php echo $row['Host'] . "\n"; ?>
915 </td>
916 <td bgcolor="<?php echo $bgcolor;?>">
917 <?php echo (($row['User']) ? '<b>' . $row['User'] . '</b>' : '<span style="color: #FF0000">' . $GLOBALS['strAny'] . '</span>') . "\n"; ?>
918 </td>
919 <td bgcolor="<?php echo $bgcolor;?>">
920 <?php echo (($row[$GLOBALS['password_field']]) ? $GLOBALS['strYes'] : '<span style="color: #FF0000">' . $GLOBALS['strNo'] . '</span>') . "\n"; ?>
921 </td>
922 <td bgcolor="<?php echo $bgcolor;?>">
923 <?php echo $strPriv . "\n"; ?>
924 </td>
925 </tr>
926 <?php
927 echo "\n";
928 $i++;
929 } // end while
930
931 echo "\n";
932 ?>
933 </table>
934 <hr />
935 <?php
936 echo "\n";
937
938 return TRUE;
939 } // end of the 'PMA_tableUsers()' function
940
941
942 /**
943 * Displays a confirmation form
944 *
945 * @param string the host name and...
946 * @param string ... the username to delete
947 *
948 * @global string the current language
949 * @global string the current charset for MySQL
950 * @global integer the server to use (refers to the number in the
951 * configuration file)
952 */
953 function PMA_confirm($the_host, $the_user) {
954 global $lang, $convcharset, $server;
955
956 if (get_magic_quotes_gpc() == 1) {
957 $the_host = stripslashes($the_host);
958 $the_user = stripslashes($the_user);
959 }
960
961 echo $GLOBALS['strConfirm'] . '&nbsp;:&nbsp<br />' . "\n";
962 echo 'DELETE FROM mysql.user WHERE Host = \'' . $the_host . '\' AND User = \'' . $the_user . '\'' . '<br />' . "\n";
963 ?>
964 <form action="user_details.php3" method="post">
965 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
966 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
967 <input type="hidden" name="server" value="<?php echo $server; ?>" />
968 <input type="hidden" name="db" value="mysql" />
969 <input type="hidden" name="table" value="user" />
970 <input type="hidden" name="delete" value="<?php echo(isset($GLOBALS['delete']) ? '1' : '0'); ?>" />
971 <input type="hidden" name="delete_host" value="<?php echo str_replace('"', '&quot;', $the_host); ?>" />
972 <input type="hidden" name="delete_user" value="<?php echo str_replace('"', '&quot;', $the_user); ?>" />
973 <input type="submit" name="btnConfirm" value="<?php echo $GLOBALS['strYes']; ?>" />
974 <input type="submit" name="btnConfirm" value="<?php echo $GLOBALS['strNo']; ?>" />
975 </form>
976 <?php
977 echo "\n";
978
979 include('./footer.inc.php3');
980 } // end of the 'PMA_confirm()' function
981
982
983
984 /**
985 * Ensures the user is super-user and gets the case sensitive password field
986 * name
987 */
988 $result = @PMA_mysql_query('USE mysql');
989 if (PMA_mysql_error()) {
990 include('./header.inc.php3');
991 echo '<p><b>' . $strError . '</b></p>' . "\n";
992 echo '<p>&nbsp;&nbsp;&nbsp;&nbsp;' . $strNoRights . '</p>' . "\n";
993 include('./footer.inc.php3');
994 exit();
995 }
996 $result = @PMA_mysql_query('SELECT COUNT(Password) FROM mysql.user');
997 $password_field = (($result && PMA_mysql_result($result, 0)) ? 'Password' : 'password');
998
999
1000 /**
1001 * Autocomplete feature of IE kills the "onchange" event handler and it must be
1002 * replaced by the "onpropertychange" one in this case
1003 */
1004 $chg_evt_handler = (PMA_USR_BROWSER_AGENT == 'IE' && PMA_USR_BROWSER_VER >= 5)
1005 ? 'onpropertychange'
1006 : 'onchange';
1007
1008
1009 /**
1010 * Displays headers
1011 */
1012 if (isset($db)) {
1013 $db_bkp = (get_magic_quotes_gpc() ? stripslashes($db) : $db);
1014 unset($db);
1015 }
1016 if (isset($table)) {
1017 $table_bkp = (get_magic_quotes_gpc() ? stripslashes($table) : $table);
1018 unset($table);
1019 }
1020 if (get_magic_quotes_gpc()) {
1021 if (!empty($host)) {
1022 $host = stripslashes($host);
1023 }
1024 if (!empty($pma_user)) {
1025 $pma_user = stripslashes($pma_user);
1026 }
1027 }
1028
1029 if (!isset($message)) {
1030 $js_to_run = 'user_details.js';
1031 include('./header.inc.php3');
1032 }
1033 if (!isset($submit_updProfile)) {
1034 echo '<h1>' . "\n";
1035 echo ' ' . ((!isset($host) || $host == '') ? $strAnyHost : $strHost . ' ' . $host) . ' - ' . ((!isset($pma_user) || $pma_user == '') ? $strAnyUser : $strUser . ' ' . $pma_user) . "\n";
1036 echo '</h1>';
1037 }
1038 if (isset($message)) {
1039 $show_query = '1';
1040 PMA_showMessage($message);
1041 }
1042
1043 if (isset($db_bkp)) {
1044 $db = $db_bkp;
1045 unset($db_bkp);
1046 }
1047 if (isset($table_bkp)) {
1048 $table = $table_bkp;
1049 unset($table_bkp);
1050 }
1051
1052
1053 /**
1054 * Some actions has been submitted
1055 */
1056 // Confirms an action
1057 if (isset($confirm) && $confirm) {
1058 PMA_confirm($delete_host, $delete_user);
1059 exit();
1060 }
1061
1062 // Reloads mysql
1063 else if (($server > 0) && isset($mode) && ($mode == 'reload')) {
1064 $result = PMA_mysql_query('FLUSH PRIVILEGES');
1065 if ($result != 0) {
1066 echo '<p><b>' . $strMySQLReloaded . '</b></p>' . "\n";
1067 } else {
1068 echo '<p><b>' . $strReloadFailed . '</b></p>' . "\n";
1069 }
1070 }
1071
1072 // Deletes an user
1073 else if (isset($delete) && $delete
1074 && isset($btnConfirm) && $btnConfirm == $strYes) {
1075 if (get_magic_quotes_gpc()) {
1076 $delete_host = stripslashes($delete_host);
1077 $delete_user = stripslashes($delete_user);
1078 }
1079 $common_where = ' WHERE Host = \'' . PMA_sqlAddslashes($delete_host) . '\' AND User = \'' . PMA_sqlAddslashes($delete_user) . '\'';
1080
1081 // Delete Grants First!
1082 $sql_query = 'DELETE FROM mysql.db' . $common_where;
1083 $sql_query_cpy = $sql_query;
1084 PMA_mysql_query($sql_query);
1085 $sql_query = 'DELETE FROM mysql.tables_priv' . $common_where;
1086 $sql_query_cpy .= ";\n" . $sql_query;
1087 PMA_mysql_query($sql_query);
1088 $sql_query = 'DELETE FROM mysql.columns_priv' . $common_where;
1089 $sql_query_cpy .= ";\n" . $sql_query;
1090 PMA_mysql_query($sql_query);
1091
1092 $sql_query = 'DELETE FROM mysql.user' . $common_where;
1093 $sql_query_cpy .= ";\n" . $sql_query;
1094 $result = PMA_mysql_query($sql_query);
1095
1096 $sql_query = $sql_query_cpy;
1097 unset($sql_query_cpy);
1098 if ($result) {
1099 PMA_showMessage(sprintf($strDeleteUserMessage, '<span style="color: #002E80">' . $delete_user . '@' . $delete_host . '</span>') . '<br />' . $strRememberReload);
1100 } else {
1101 PMA_showMessage($strDeleteFailed);
1102 }
1103 }
1104
1105 // Adds an user
1106 else if (isset($submit_addUser)) {
1107 $show_query = '1';
1108 if (!isset($host) || $host == '') {
1109 $host = '%';
1110 }
1111 if (!isset($pma_user) || $pma_user == '') {
1112 $pma_user = '%';
1113 }
1114
1115 // Password is not confirmed
1116 if ((!isset($nopass) || !$nopass) && $pma_pw == '') {
1117 echo '<p><b>' . $strError . '&nbsp;:&nbsp;' . $strPasswordEmpty . '</b></p>' . "\n";
1118 unset($host);
1119 unset($pma_user);
1120 }
1121 else if ($pma_pw != ''
1122 && (!isset($pma_pw2) || $pma_pw != $pma_pw2)) {
1123 echo '<p><b>' . $strError . '&nbsp;:&nbsp;' . $strPasswordNotSame . '</b></p>' . "\n";
1124 unset($host);
1125 unset($pma_user);
1126 }
1127
1128 // Password confirmed
1129 else {
1130 $sql_query = '';
1131 $list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
1132 'Shutdown', 'Process', 'File', 'Grant', 'References', 'Index', 'Alter');
1133 for ($i = 0; $i < 14; $i++) {
1134 $priv_name = $list_priv[$i] . '_priv';
1135 if (isset($$priv_name)) {
1136 $sql_query .= (empty($sql_query) ? $priv_name : ', ' . $priv_name) . ' = \'Y\'';
1137 } else {
1138 $sql_query .= (empty($sql_query) ? $priv_name : ', ' . $priv_name) . ' = \'N\'';
1139 }
1140 } // end for
1141 unset($list_priv);
1142
1143 if (get_magic_quotes_gpc() && $pma_pw != '') {
1144 $pma_pw = stripslashes($pma_pw);
1145 }
1146
1147 $local_query = 'INSERT INTO mysql.user '
1148 . 'SET Host = \'' . PMA_sqlAddslashes($host) . '\', User = \'' . PMA_sqlAddslashes($pma_user) . '\', ' . $password_field . ' = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . PMA_sqlAddslashes($pma_pw) . '\')')
1149 . ', ' . $sql_query;
1150 $sql_query = 'INSERT INTO mysql.user '
1151 . 'SET Host = \'' . PMA_sqlAddslashes($host) . '\', User = \'' . PMA_sqlAddslashes($pma_user) . '\', ' . $password_field . ' = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . ereg_replace('.', '*', $pma_pw) . '\')')
1152 . ', ' . $sql_query;
1153 $result = @PMA_mysql_query($local_query) or PMA_mysqlDie('', '', FALSE, $err_url);
1154 unset($host);
1155 unset($pma_user);
1156 PMA_showMessage($strAddUserMessage . '<br />' . $strRememberReload);
1157 } // end else
1158 }
1159
1160 // Updates the profile of an user
1161 else if (isset($submit_updProfile)) {
1162 $show_query = '1';
1163 $edit = TRUE;
1164 if (!isset($host) || $host == '') {
1165 $host = '%';
1166 }
1167 if (!isset($pma_user) || $pma_user == '') {
1168 $pma_user = '%';
1169 }
1170
1171 // Builds the sql query
1172 $common_upd = '';
1173
1174 if (isset($anyhost) && $anyhost) {
1175 $new_server = '%';
1176 } else if ($new_server != '' && get_magic_quotes_gpc()) {
1177 $new_server = stripslashes($new_server);
1178 }
1179 if ($new_server != '' && $new_server != $host) {
1180 $common_upd .= 'Host = \'' . PMA_sqlAddslashes($new_server) . '\'';
1181 } else if (isset($new_server)) {
1182 unset($new_server);
1183 }
1184
1185 if (isset($anyuser) && $anyuser) {
1186 $new_user = '%';
1187 } else if ($new_user != '' && get_magic_quotes_gpc()) {
1188 $new_user = stripslashes($new_user);
1189 }
1190 if ($new_user != '' && $new_user != $pma_user) {
1191 $common_upd .= (empty($common_upd) ? '' : ', ')
1192 . 'User = \'' . PMA_sqlAddslashes($new_user) . '\'';
1193 } else if (isset($new_user)) {
1194 unset($new_user);
1195 }
1196
1197 if (isset($nopass) && $nopass == -1) {
1198 $sql_query = $common_upd;
1199 $local_query = $common_upd;
1200 }
1201 else if ((!isset($nopass) || $nopass == 0) && $new_pw == '') {
1202 echo '<h1>' . "\n";
1203 echo ' ' . $strHost . ' ' . $host . ' - ' . $strUser . ' ' . (($pma_user != '') ? $pma_user : $strAny) . "\n";
1204 echo '</h1>' . "\n";
1205 echo '<p><b>' . $strError . '&nbsp;:&nbsp;' . $strPasswordEmpty . '</b></p>' . "\n";
1206 }
1207 else if ($new_pw != ''
1208 && (!isset($new_pw2) || $new_pw != $new_pw2)) {
1209 echo '<h1>' . "\n";
1210 echo ' ' . $strHost . ' ' . $host . ' - ' . $strUser . ' ' . (($pma_user != '') ? $pma_user : $strAny) . "\n";
1211 echo '</h1>' . "\n";
1212 echo '<p><b>' . $strError . '&nbsp;:&nbsp;' . $strPasswordNotSame . '</b></p>' . "\n";
1213 }
1214 else {
1215 $sql_query = (empty($common_upd) ? '' : $common_upd . ', ')
1216 . $password_field . ' = ' . (($new_pw == '') ? '\'\'' : 'PASSWORD(\'' . ereg_replace('.', '*', $new_pw) . '\')');
1217 $local_query = (empty($common_upd) ? '' : $common_upd . ', ')
1218 . $password_field . ' = ' . (($new_pw == '') ? '\'\'' : 'PASSWORD(\'' . PMA_sqlAddslashes($new_pw) . '\')');
1219 }
1220
1221 if (!empty($sql_query)) {
1222 $common_where = ' WHERE Host = \'' . PMA_sqlAddslashes($host) . '\' AND User = \'' . PMA_sqlAddslashes($pma_user) . '\'';
1223
1224 // Updates profile
1225 $local_query = 'UPDATE user SET ' . $local_query . $common_where;
1226 $sql_query_cpy = 'UPDATE user SET ' . $sql_query . $common_where;
1227 $result = @PMA_mysql_query($local_query) or PMA_mysqlDie('', '', FALSE, $err_url . '&amp;host=' . urlencode($host) . '&amp;pma_user=' . urlencode($pma_user) . '&amp;edit=1');
1228
1229 // Updates grants
1230 if (isset($new_server) || isset($new_user)) {
1231 $sql_query = 'UPDATE mysql.db SET ' . $common_upd . $common_where;
1232 $sql_query_cpy .= ";\n" . $sql_query;
1233 PMA_mysql_query($sql_query);
1234 $sql_query = 'UPDATE mysql.tables_priv SET ' . $common_upd . $common_where;
1235 $sql_query_cpy .= ";\n" . $sql_query;
1236 PMA_mysql_query($sql_query);
1237 $sql_query = 'UPDATE mysql.columns_priv SET ' . $common_upd . $common_where;
1238 $sql_query_cpy .= ";\n" . $sql_query;
1239 PMA_mysql_query($sql_query);
1240 unset($common_upd);
1241 }
1242
1243 $sql_query = $sql_query_cpy;
1244 unset($sql_query_cpy);
1245 if (isset($new_server)) {
1246 $host = $new_server;
1247 }
1248 if (isset($new_user)) {
1249 $pma_user = $new_user;
1250 }
1251 echo '<h1>' . "\n";
1252 echo ' ' . $strHost . ' ' . $host . ' - ' . $strUser . ' ' . (($pma_user != '') ? $pma_user : $strAny) . "\n";
1253 echo '</h1>' . "\n";
1254 PMA_showMessage($strUpdateProfileMessage . '<br />' . $strRememberReload);
1255 } else {
1256 echo '<h1>' . "\n";
1257 echo ' ' . $strHost . ' ' . $host . ' - ' . $strUser . ' ' . (($pma_user != '') ? $pma_user : $strAny) . "\n";
1258 echo '</h1>' . "\n";
1259 PMA_showMessage($strNoModification);
1260 }
1261 }
1262
1263 // Changes the privileges of an user
1264 else if (isset($submit_chgPriv)) {
1265 $show_query = '1';
1266 $edit = TRUE;
1267 if (!isset($host) || $host == '') {
1268 $host = '%';
1269 }
1270 if (!isset($pma_user) || $pma_user == '') {
1271 $pma_user = '%';
1272 }
1273
1274 $sql_query = '';
1275 $list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
1276 'Shutdown', 'Process', 'File', 'Grant', 'References', 'Index', 'Alter');
1277 for ($i = 0; $i < 14; $i++) {
1278 $priv_name = $list_priv[$i] . '_priv';
1279 if (isset($$priv_name)) {
1280 $sql_query .= (empty($sql_query) ? $priv_name : ', ' . $priv_name) . ' = \'Y\'';
1281 } else {
1282 $sql_query .= (empty($sql_query) ? $priv_name : ', ' . $priv_name) . ' = \'N\'';
1283 }
1284 } // end for
1285 unset($list_priv);
1286
1287 $sql_query = 'UPDATE user SET '
1288 . $sql_query
1289 . ' WHERE Host = \'' . PMA_sqlAddslashes($host) . '\' AND User = \'' . PMA_sqlAddslashes($pma_user) . '\'';
1290 $result = @PMA_mysql_query($sql_query) or PMA_mysqlDie('', '', FALSE, $err_url . '&amp;host=' . urlencode($host) . '&amp;pma_user=' . urlencode($pma_user) . '&amp;edit=1');
1291 PMA_showMessage(sprintf($strUpdatePrivMessage, '<span style="color: #002E80">' . $pma_user . '@' . $host . '</span>') . '<br />' . $strRememberReload);
1292 }
1293
1294 // Revoke/Grant privileges
1295 else if (isset($grants) && $grants) {
1296 $show_query = '1';
1297 if (!isset($host) || $host == '') {
1298 $host = '%';
1299 }
1300 if (!isset($pma_user) || $pma_user == '') {
1301 $pma_user = '%';
1302 }
1303
1304 if (isset($upd_grants)) {
1305 $sql_query = '';
1306 $col_list = '';
1307
1308 if (isset($colgrant) && !$anycolumn && !$newdb) {
1309 $colgrant_cnt = count($colgrant);
1310 for ($i = 0; $i < $colgrant_cnt; $i++) {
1311 if (get_magic_quotes_gpc()) {
1312 $colgrant[$i] = stripslashes($colgrant[$i]);
1313 }
1314 $col_list .= (empty($col_list) ? PMA_backquote($colgrant[$i]) : ', ' . PMA_backquote($colgrant[$i]));
1315 } // end for
1316 unset($colgrant);
1317 $col_list = ' (' . $col_list . ')';
1318 } // end if
1319
1320 $list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
1321 'Shutdown', 'Process', 'File', 'References', 'Index', 'Alter');
1322 for ($i = 0; $i < 13; $i++) {
1323 $priv_name = $list_priv[$i] . '_priv';
1324 if (isset($$priv_name)) {
1325 $sql_query .= (empty($sql_query) ? $list_priv[$i] : ', ' . $list_priv[$i]) . $col_list;
1326 }
1327 } // end for
1328 unset($list_priv);
1329 if (empty($sql_query)) {
1330 $sql_query = 'USAGE' . $col_list;
1331 }
1332 $priv_grant = 'Grant_priv';
1333 $priv_grant = (isset($$priv_grant) ? ' WITH GRANT OPTION' : '');
1334
1335 if (get_magic_quotes_gpc()) {
1336 if ($newdb) {
1337 $newdb = stripslashes($newdb);
1338 } else {
1339 if (isset($dbgrant) && !$anydb && !$newdb) {
1340 $dbgrant = stripslashes($dbgrant);
1341 }
1342 if (isset($tablegrant) && !$anytable && !$newdb) {
1343 $tablegrant = stripslashes($tablegrant);
1344 }
1345 }
1346 } // end if
1347
1348 // Escape wilcard characters if required
1349 if (isset($dbgrant) && !$anydb && !$newdb) {
1350 $re = '(^|(\\\\\\\\)+|[^\])(_|%)'; // non-escaped wildcards
1351 $dbgrant = ereg_replace($re, '\\1\\\\3', $dbgrant);
1352 }
1353
1354 if (!$newdb) {
1355 $sql_query .= ' ON '
1356 . (($anydb || $dbgrant == '') ? '*' : PMA_backquote($dbgrant))
1357 . '.'
1358 . (($anytable || $tablegrant == '') ? '*' : PMA_backquote($tablegrant));
1359 } else {
1360 $sql_query .= ' ON ' . PMA_backquote($newdb) . '.*';
1361 }
1362
1363 $sql_query .= ' TO ' . '\'' . PMA_sqlAddslashes($pma_user) . '\'' . '@' . '\'' . PMA_sqlAddslashes($host) . '\'';
1364
1365 $sql_query = 'GRANT ' . $sql_query . $priv_grant;
1366 $result = @PMA_mysql_query($sql_query) or PMA_mysqlDie('', '', FALSE, $err_url . '&amp;host=' . urlencode($host) . '&amp;pma_user=' . urlencode($pma_user) . '&amp;grants=1');
1367 PMA_showMessage($strAddPrivMessage . '.<br />' . $strRememberReload);
1368 } // end if
1369 }
1370
1371
1372
1373 /**
1374 * Displays the page
1375 */
1376 // Edit an user properies
1377 if (isset($edit) && $edit) {
1378 PMA_tableUsers($host, $pma_user);
1379 PMA_editOperations($host, $pma_user);
1380 }
1381
1382 // Revoke/Grant privileges for an user
1383 else if (isset($grants) && $grants) {
1384 // Displays the full list of privileges for this host & user
1385 $infos['Host'] = $host;
1386 $infos['User'] = $pma_user;
1387 PMA_tableGrants($infos);
1388
1389 // Displays the list of privileges for user on the selected db/table/column
1390 $user_priv = array();
1391 $list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
1392 'Shutdown', 'Process', 'File', 'Grant', 'References', 'Index',
1393 'Alter');
1394 $list_priv_new = array();
1395
1396 // Gets globals privileges
1397 $result = PMA_mysql_query('SELECT * FROM mysql.user WHERE (Host = \'' . PMA_sqlAddslashes($host) . '\' OR Host = \'%\') AND (User = \'' . PMA_sqlAddslashes($pma_user) . '\' OR User = \'\')');
1398 $row = ($result) ? @PMA_mysql_fetch_array($result) : FALSE;
1399 if ($row) {
1400 while (list(,$priv) = each($list_priv)) {
1401 $priv_priv = $priv . '_priv';
1402 if ($row[$priv_priv] == 'Y') {
1403 $user_priv[$priv_priv] = 'Y';
1404 } else {
1405 $user_priv[$priv_priv] = 'N';
1406 $list_priv_new[] = $priv;
1407 }
1408 } // end while
1409 mysql_free_result($result);
1410 $list_priv = $list_priv_new;
1411 unset($list_priv_new);
1412 $list_priv_new = array();
1413 } // end if $row
1414
1415 // If a target database is set, gets privileges for this database
1416 if (count($list_priv) && isset($dbgrant)) {
1417 if (get_magic_quotes_gpc()) {
1418 $dbgrant = stripslashes($dbgrant);
1419 }
1420 $result = PMA_mysql_query('SELECT * FROM mysql.db WHERE (Host = \'' . PMA_sqlAddslashes($host) . '\' OR Host = \'%\') AND (User = \'' . PMA_sqlAddslashes($pma_user) . '\' OR User = \'\') AND Db = \'' . PMA_sqlAddslashes($dbgrant) . '\'');
1421 $row = ($result) ? @PMA_mysql_fetch_array($result) : FALSE;
1422 if ($row) {
1423 while (list(,$priv) = each($list_priv)) {
1424 $priv_priv = $priv . '_priv';
1425 if (isset($row[$priv_priv]) && $row[$priv_priv] == 'Y') {
1426 $user_priv[$priv_priv] = 'Y';
1427 } else {
1428 $list_priv_new[] = $priv;
1429 }
1430 } // end while
1431 mysql_free_result($result);
1432 $list_priv = $list_priv_new;
1433 unset($list_priv_new);
1434 $list_priv_new = array();
1435 } // end if $row
1436 } // end if
1437
1438 // If a target table is set, gets privileges for this table
1439 if (count($list_priv) && isset($tablegrant)) {
1440 if (get_magic_quotes_gpc()) {
1441 $tablegrant = stripslashes($tablegrant);
1442 }
1443 $result = PMA_mysql_query('SELECT * FROM mysql.tables_priv WHERE (Host = \'' . PMA_sqlAddslashes($host) . '\' OR Host = \'%\') AND (User = \'' . PMA_sqlAddslashes($pma_user) . '\' OR User = \'\') AND Db = \'' . PMA_sqlAddslashes($dbgrant) . '\' AND Table_name = \'' . PMA_sqlAddslashes($tablegrant) . '\'');
1444 $row = ($result) ? @PMA_mysql_fetch_array($result) : FALSE;
1445 if ($row && $row['Table_priv']) {
1446 while (list(,$priv) = each($list_priv)) {
1447 $priv_priv = $priv . '_priv';
1448 if (eregi('(^|,)' . $priv . '(,|$)', $row['Table_priv'])) {
1449 $user_priv[$priv_priv] = 'Y';
1450 } else {
1451 $list_priv_new[] = $priv;
1452 }
1453 } // end while
1454 mysql_free_result($result);
1455 $list_priv = $list_priv_new;
1456 unset($list_priv_new);
1457 $list_priv_new = array();
1458 } // end if $row
1459 } // end if
1460
1461 // TODO: column privileges
1462
1463 PMA_grantOperations($user_priv);
1464 }
1465
1466 // Check database privileges
1467 else if (isset($check) && $check) {
1468 PMA_checkDb($db);
1469 ?>
1470 <ul>
1471 <li>
1472 <a href="user_details.php3?lang=<?php echo $lang;?>&amp;convcharset=<?php echo $convcharset; ?>&amp;server=<?php echo $server; ?>&amp;db=mysql&amp;table=user">
1473 <?php echo $strBack; ?></a>
1474 </li>
1475 </ul>
1476 <?php
1477 echo "\n";
1478 }
1479
1480 // Displays all users profiles
1481 else {
1482 if (!isset($host)) {
1483 $host = FALSE;
1484 }
1485 if (!isset($pma_user)) {
1486 $pma_user = FALSE;
1487 }
1488 PMA_tableUsers($host, $pma_user) or PMA_mysqlDie($strNoUsersFound, '', FALSE, '');
1489 PMA_normalOperations();
1490 }
1491
1492
1493 /**
1494 * Displays the footer
1495 */
1496 require('./footer.inc.php3');
1497 ?>
Drizzle / GSOC 2011