search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
update
[phpmyadmin/crack.git] / user_details.php3
blobe1fc92185cb28d3b264c4c9a0efbded3040fe3f6
1 <?php
2 /* $Id$*/
3 // vim: expandtab sw=4 ts=4 sts=4:
4
5
6 /**
7 * Gets some core libraries
8 */
9 require('./libraries/grab_globals.lib.php3');
10 require('./libraries/common.lib.php3');
11
12
13 /**
14 * Defines the url to return to in case of error in a sql statement
15 */
16 $err_url = 'user_details.php3'
17 . '?lang=' . $lang
18 . '&amp;convcharset=' . $convcharset
19 . '&amp;server=' . $server
20 . '&amp;db=mysql'
21 . '&amp;table=user';
22
23
24 /**
25 * Displays the table of grants for an user
26 *
27 * @param mixed the id of the query used to get hosts and databases lists
28 * or an arry containing host and user informations
29 * @param mixed the database to check garnts for, FALSE for all databases
30 *
31 * @return boolean always true
32 *
33 * @global string the current language
34 * @global string the current charset for MySQL
35 * @global integer the server to use (refers to the number in the
36 * configuration file)
37 *
38 * @see PMA_checkDb()
39 *
40 * @TODO "SHOW GRANTS" statements is available and buggyless since
41 * MySQL 3.23.4 and it seems not to return privileges of the anonymous
42 * user while these privileges applies to all users.
43 */
44 function PMA_tableGrants(&$host_db_result, $dbcheck = FALSE) {
45 global $lang, $convcharset, $server;
46 ?>
47
48 <!-- Table of grants -->
49 <table border="<?php echo $GLOBALS['cfg']['Border']; ?>">
50 <tr>
51 <?php
52 // 1. Table headers
53 if ($dbcheck) {
54 echo "\n";
55 echo ' <th>' . $GLOBALS['strAction'] . '</th>' . "\n";
56 echo ' <th>' . $GLOBALS['strHost'] . '</th>' . "\n";
57 echo ' <th>' . $GLOBALS['strUser'] . '</th>';
58 } else {
59 echo "\n";
60 echo ' <th colspan="2">' . $GLOBALS['strAction'] . '</th>';
61 }
62 echo "\n";
63 echo ' <th>' . $GLOBALS['strDatabase'] . '</th>' . "\n";
64 echo ' <th>' . UCFirst($GLOBALS['strTable']) . '</th>' . "\n";
65 echo ' <th>' . $GLOBALS['strPrivileges'] . '</th>' . "\n";
66 if (!$dbcheck) {
67 echo ' <th>Grant Option</th>' . "\n";
68 }
69 ?>
70 </tr>
71 <?php
72 echo "\n";
73
74 // 2. Table body
75 $url_query = 'lang=' . $lang . '&amp;convcharset=' . $convcharset . '&amp;server=' . $server . '&amp;db=mysql&amp;table=user';
76
77 while ($row = (is_array($host_db_result) ? $host_db_result : PMA_mysql_fetch_array($host_db_result))) {
78 $local_query = 'SHOW GRANTS FOR \'' . $row['User'] . '\'@\'' . $row['Host'] . '\'';
79 $result = PMA_mysql_query($local_query);
80 $grants_cnt = ($result) ? @mysql_num_rows($result) : 0;
81
82 if ($grants_cnt) {
83 $i = 0;
84 while ($usr_row = PMA_mysql_fetch_row($result)) {
85 if (eregi('GRANT (.*) ON ([^.]+).([^.]+) TO .*$', $usr_row[0], $parts)) {
86 if ($parts[1] == 'USAGE') {
87 $priv = '';
88 } else {
89 // loic1: bug #487673 - revoke 'reference'
90 $priv = ereg_replace('REFERENCE([^S]|$)', 'REFERENCES\\1', trim($parts[1]));
91 // loic1: bug #576896 - No "FILE" privileges on a
92 // database if neither "INSERT" nor "UPDATE" one
93 if (strpos(' ' . $priv, 'FILE')
94 && !(strpos(' ' . $priv, 'INSERT') || strpos(' ' . $priv, 'UPDATE'))) {
95 $priv = ereg_replace('(^FILE(, )?)|(, FILE)', '', $priv);
96 }
97 }
98 $db = $parts[2];
99 $table = trim($parts[3]);
100 $grantopt = eregi('WITH GRANT OPTION$', $usr_row[0]);
101 } else {
102 $priv = '';
103 $db = '&nbsp;';
104 $table = '&nbsp;';
105 $column = '&nbsp;';
106 $grantopt = FALSE;
107 } // end if...else
108
109 // Password Line
110 if ($priv == '' && !$grantopt) {
111 continue;
112 }
113
114 // Checking the database (take into account wildcards)
115 if ($dbcheck
116 && ($db != '*' && $db != $dbcheck)) {
117 // TODO: db names may contain characters that are regexp
118 // instructions
119 $re = '(^|(\\\\\\\\)+|[^\])';
120 $db_regex = ereg_replace($re . '%', '\\1.*', ereg_replace($re . '_', '\\1.{1}', $db));
121 if (!eregi('^' . $db_regex . '$', $dbcheck)) {
122 continue;
123 }
124 } // end if
125
126 $bgcolor = ($i % 2) ? $GLOBALS['cfg']['BgcolorOne'] : $GLOBALS['cfg']['BgcolorTwo'];
127 $revoke_url = 'sql.php3'
128 . '?' . $url_query
129 . '&amp;sql_query=' . urlencode('REVOKE ' . $priv . ' ON ' . PMA_backquote($db) . '.' . PMA_backquote($table) . ' FROM \'' . $row['User'] . '\'@\'' . $row['Host'] . '\'')
130 . '&amp;zero_rows=' . urlencode(sprintf($GLOBALS['strRevokeMessage'], ' <span style="color: #002E80">' . $row['User'] . '@' . $row['Host'] . '</span>') . '<br />' . $GLOBALS['strRememberReload'])
131 . '&amp;goto=user_details.php3';
132 if ($grantopt) {
133 $revoke_grant_url = 'sql.php3'
134 . '?' . $url_query
135 . '&amp;sql_query=' . urlencode('REVOKE GRANT OPTION ON ' . PMA_backquote($db) . '.' . PMA_backquote($table) . ' FROM \'' . $row['User'] . '\'@\'' . $row['Host'] . '\'')
136 . '&amp;zero_rows=' . urlencode(sprintf($GLOBALS['strRevokeGrantMessage'], ' <span style="color: #002E80">' . $row['User'] . '@' . $row['Host'] . '</span>') . '<br />' . $GLOBALS['strRememberReload'])
137 . '&amp;goto=user_details.php3';
138 }
139 ?>
140 <tr>
141 <?php
142 if (!$dbcheck) {
143 if ($priv) {
144 echo "\n";
145 ?>
146 <td<?php if (!$grantopt) echo ' colspan="2"'; ?> bgcolor="<?php echo $bgcolor; ?>">
147 <a href="<?php echo $revoke_url; ?>">
148 <?php echo $GLOBALS['strRevokePriv']; ?></a>
149 </td>
150 <?php
151 }
152 if ($grantopt) {
153 echo "\n";
154 ?>
155 <td<?php if (!$priv) echo ' colspan="2"'; ?> bgcolor="<?php echo $bgcolor; ?>">
156 <a href="<?php echo $revoke_grant_url; ?>">
157 <?php echo $GLOBALS['strRevokeGrant']; ?></a>
158 </td>
159 <?php
160 }
161 } else {
162 if ($priv) {
163 echo "\n";
164 ?>
165 <td bgcolor="<?php echo $bgcolor; ?>">
166 <a href="<?php echo $revoke_url; ?>">
167 <?php echo $GLOBALS['strRevoke']; ?></a>
168 </td>
169 <?php
170 } else {
171 echo "\n";
172 ?>
173 <td bgcolor="<?php echo $bgcolor; ?>">&nbsp;</td>
174 <?php
175 }
176 echo "\n";
177 ?>
178 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo $row['Host']; ?></td>
179 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo ($row['User']) ? $row['User'] : '<span style="color: #FF0000">' . $GLOBALS['strAny'] . '</span>'; ?></td>
180 <?php
181 }
182 echo "\n";
183 ?>
184 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo ($db == '*') ? '<span style="color: #002E80">' . $GLOBALS['strAll'] . '</span>' : $db; ?></td>
185 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo ($table == '*') ? '<span style="color: #002E80">' . $GLOBALS['strAll'] . '</span>' : $table; ?></td>
186 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo ($priv != '') ? $priv : '<span style="color: #002E80">' . $GLOBALS['strNoPrivileges'] . '</span>'; ?></td>
187 <?php
188 if (!$dbcheck) {
189 echo "\n";
190 ?>
191 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo ($grantopt) ? $GLOBALS['strYes'] : $GLOBALS['strNo']; ?></td>
192 <?php
193 }
194 echo "\n";
195 ?>
196 <!-- Debug <td bgcolor="<?php echo $bgcolor; ?>"><?php echo $usr_row[0] ?></td> Debug -->
197 </tr>
198 <?php
199 $i++;
200 echo "\n";
201 } // end while $usr_row
202 } // end if $grants_cnt >0
203 // $host_db_result is an array containing related to only one user
204 // -> exit the loop
205 if (is_array($host_db_result)) {
206 break;
207 }
208 } // end while $row
209 ?>
210 </table>
211 <hr />
212
213 <?php
214 echo "\n";
215
216 return TRUE;
217 } // end of the 'PMA_tableGrants()' function
218
219
220 /**
221 * Displays the list of grants for a/all database/s
222 *
223 * @param mixed the database to check garnts for, FALSE for all databases
224 *
225 * @return boolean true/false in case of success/failure
226 *
227 * @see PMA_tableGrants()
228 */
229 function PMA_checkDb($dbcheck)
230 {
231 $local_query = 'SELECT Host, User FROM mysql.user ORDER BY Host, User';
232 $result = PMA_mysql_query($local_query);
233 $host_usr_cnt = ($result) ? @mysql_num_rows($result) : 0;
234
235 if (!$host_usr_cnt) {
236 return FALSE;
237 }
238 PMA_tableGrants($result, $dbcheck);
239
240 return TRUE;
241 } // end of the 'PMA_checkDb()' function
242
243
244 /**
245 * Displays the privileges part of a page
246 *
247 * @param string the name of the form for js validation
248 * @param array the list of the privileges of the user
249 *
250 * @return boolean always true
251 *
252 * @global integer whether all/none of the privileges have to be checked or
253 * not
254 *
255 * @see PMA_normalOperations()
256 */
257 function PMA_tablePrivileges($form, $row = FALSE)
258 {
259 global $checkpriv;
260
261 $checkpriv_url = $GLOBALS['cfg']['PmaAbsoluteUri']
262 . 'user_details.php3?';
263 if (empty($GLOBALS['QUERY_STRING'])) {
264 if (isset($_SERVER) && !empty($_SERVER['QUERY_STRING'])) {
265 $GLOBALS['QUERY_STRING'] = $_SERVER['QUERY_STRING'];
266 }
267 else if (isset($GLOBALS['HTTP_SERVER_VARS']) && !empty($GLOBALS['HTTP_SERVER_VARS']['QUERY_STRING'])) {
268 $GLOBALS['QUERY_STRING'] = $GLOBALS['HTTP_SERVER_VARS']['QUERY_STRING'];
269 }
270 }
271 if (!empty($GLOBALS['QUERY_STRING'])) {
272 $checkpriv_url .= str_replace('&', '&amp;', $GLOBALS['QUERY_STRING']) . '&amp;';
273 }
274 ?>
275
276 <table>
277 <?php
278 echo "\n";
279 $list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
280 'Shutdown', 'Process', 'File', 'Grant', 'References', 'Index', 'Alter');
281 $item = 0;
282 while ((list(,$priv) = each($list_priv)) && ++$item) {
283 $priv_priv = $priv . '_priv';
284 if (isset($checkpriv)) {
285 $checked = ($checkpriv == 'all') ? ' checked="checked"' : '';
286 } else {
287 $checked = ($row && $row[$priv_priv] == 'Y') ? ' checked="checked"' : '';
288 }
289 if ($item % 2 == 1) {
290 echo ' <tr>' . "\n";
291 } else {
292 echo ' <td>&nbsp;</td>' . "\n";
293 }
294 echo ' <td>' . "\n";
295 echo ' <input type="checkbox" name="' . $priv . '_priv" id="checkbox_priv_' . $priv . '"' . $checked . ' />' . "\n";
296 echo ' </td>' . "\n";
297 echo ' <td><label for="checkbox_priv_' . $priv . '">' . $priv . '</label></td>' . "\n";
298 if ($item % 2 == 0) {
299 echo ' </tr>' . "\n";
300 }
301 } // end while
302 if ($item % 2 == 1) {
303 echo ' <td colspan="2">&nbsp;<td>' . "\n";
304 echo ' </tr>' . "\n";
305 } // end if
306 ?>
307 </table>
308 <table>
309 <tr>
310 <td>
311 <a href="<?php echo $checkpriv_url; ?>checkpriv=all" onclick="checkForm('<?php echo $form; ?>', true); return false">
312 <?php echo $GLOBALS['strCheckAll']; ?></a>
313 </td>
314 <td>&nbsp;</td>
315 <td>
316 <a href="<?php echo $checkpriv_url; ?>checkpriv=none" onclick="checkForm('<?php echo $form; ?>', false); return false">
317 <?php echo $GLOBALS['strUncheckAll']; ?></a>
318 </td>
319 </tr>
320 </table>
321 <?php
322 echo "\n";
323
324 return TRUE;
325 } // end of the 'PMA_tablePrivileges()' function
326
327
328 /**
329 * Displays the page for "normal" operations
330 *
331 * @return boolean always true
332 *
333 * @global string the current language
334 * @global string the current charset for MySQL
335 * @global integer the server to use (refers to the number in the
336 * configuration file)
337 *
338 * @see PMA_tablePrivileges()
339 */
340 function PMA_normalOperations()
341 {
342 global $lang, $convcharset, $server;
343 ?>
344
345 <ul>
346
347 <li>
348 <div style="margin-bottom: 10px">
349 <a href="user_details.php3?lang=<?php echo $lang; ?>&amp;convcharset=<?php echo $convcharset; ?>&amp;server=<?php echo $server; ?>&amp;db=mysql&amp;table=user&amp;mode=reload">
350 <?php echo $GLOBALS['strReloadMySQL']; ?></a>&nbsp;
351 <?php echo PMA_showMySQLDocu('MySQL_Database_Administration.', 'FLUSH') . "\n"; ?>
352 </div>
353 </li>
354
355 <li>
356 <form name="dbPrivForm" action="user_details.php3" method="post">
357 <?php echo $GLOBALS['strCheckDbPriv'] . "\n"; ?>
358 <table>
359 <tr>
360 <td>
361 <?php echo $GLOBALS['strDatabase']; ?>&nbsp;:&nbsp;
362 <select name="db">
363 <?php
364 echo "\n";
365 $result = PMA_mysql_query('SHOW DATABASES');
366 if ($result && @mysql_num_rows($result)) {
367 while ($row = PMA_mysql_fetch_row($result)) {
368 echo ' ';
369 echo '<option value="' . str_replace('"', '&quot;', $row[0]) . '">' . htmlspecialchars($row[0]) . '</option>' . "\n";
370 } // end while
371 } // end if
372 ?>
373 </select>
374 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
375 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
376 <input type="hidden" name="server" value="<?php echo $server; ?>" />
377 <input type="hidden" name="check" value="1" />
378 <input type="submit" value="<?php echo $GLOBALS['strGo']; ?>" />
379 </td>
380 </tr>
381 </table>
382 </form>
383 </li>
384
385 <li>
386 <form action="user_details.php3" method="post" name="addUserForm" onsubmit="return checkAddUser()">
387 <?php echo $GLOBALS['strAddUser'] . "\n"; ?>
388 <table>
389 <tr>
390 <td>
391 <input type="radio" name="anyhost" id="radio_anyhost0" checked="checked" />
392 <label for="radio_anyhost0"><?php echo $GLOBALS['strAnyHost']; ?></label>
393 </td>
394 <td>&nbsp;</td>
395 <td>
396 <input type="radio" name="anyhost" id="radio_anyhost1" />
397 <label for="radio_anyhost1"><?php echo $GLOBALS['strHost']; ?></label>&nbsp;:&nbsp;
398 </td>
399 <td>
400 <input type="text" name="host" size="10" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="this.form.anyhost[1].checked = true" />
401 </td>
402 </tr>
403 <tr>
404 <td>
405 <input type="radio" name="anyuser" id="radio_anyuser0" />
406 <label for="radio_anyuser0"><?php echo $GLOBALS['strAnyUser']; ?></label>
407 </td>
408 <td>&nbsp;</td>
409 <td>
410 <input type="radio" name="anyuser" id="radio_anyuser1" checked="checked" />
411 <label for="radio_anyuser1"><?php echo $GLOBALS['strUserName']; ?></label>&nbsp;:&nbsp;
412 </td>
413 <td>
414 <input type="text" name="pma_user" size="10" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="this.form.anyuser[1].checked = true" />
415 </td>
416 </tr>
417 <tr>
418 <td>
419 <input type="radio" name="nopass" value="1" id="radio_nopass1" onclick="pma_pw.value = ''; pma_pw2.value = ''; this.checked = true" />
420 <label for="radio_nopass1"><?php echo $GLOBALS['strNoPassword']; ?></label>
421 </td>
422 <td>&nbsp;</td>
423 <td>
424 <input type="radio" name="nopass" value="0" id="radio_nopass0" checked="checked" />
425 <label for="radio_nopass0"><?php echo $GLOBALS['strPassword']; ?></label>&nbsp;:&nbsp;
426 </td>
427 <td>
428 <input type="password" name="pma_pw" size="10" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="nopass[1].checked = true" />
429 &nbsp;&nbsp;
430 <?php echo $GLOBALS['strReType']; ?>&nbsp;:&nbsp;
431 <input type="password" name="pma_pw2" size="10" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="nopass[1].checked = true" />
432 </td>
433 </tr>
434 <tr>
435 <td colspan="4">
436 <br />
437 <?php echo $GLOBALS['strPrivileges']; ?>&nbsp;:
438 <br />
439 </td>
440 </tr>
441 </table>
442 <?php
443 echo "\n";
444 PMA_tablePrivileges('addUserForm');
445 ?>
446 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
447 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
448 <input type="hidden" name="server" value="<?php echo $server; ?>" />
449 <input type="submit" name="submit_addUser" value="<?php echo $GLOBALS['strGo']; ?>" />
450 </form>
451 </li>
452
453 </ul>
454 <?php
455
456 return TRUE;
457 } // end of the 'PMA_normalOperations()' function
458
459
460 /**
461 * Displays the grant operations part of an user properties page
462 *
463 * @param array grants of the current user
464 *
465 * @return boolean always true
466 *
467 * @global string the current language
468 * @global string the current charset for MySQL
469 * @global integer the server to use (refers to the number in the
470 * configuration file)
471 * @global string the host name to check grants for
472 * @global string the username to check grants for
473 * @global string the database to check grants for
474 * @global string the table to check grants for
475 *
476 * @see PMA_tablePrivileges()
477 */
478 function PMA_grantOperations($grants)
479 {
480 global $lang, $convcharset, $server, $host, $pma_user;
481 global $dbgrant, $tablegrant, $newdb;
482 ?>
483
484 <ul>
485
486 <li>
487 <div style="margin-bottom: 10px">
488 <a href="user_details.php3?lang=<?php echo $lang; ?>&amp;convcharset=<?php echo $convcharset; ?>&amp;server=<?php echo $server; ?>&amp;db=mysql&amp;table=user">
489 <?php echo $GLOBALS['strBack']; ?></a>
490 </div>
491 </li>
492
493 <li>
494 <form action="user_details.php3" method="post" name="userGrants">
495 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
496 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
497 <input type="hidden" name="server" value="<?php echo $server; ?>" />
498 <input type="hidden" name="grants" value="1" />
499 <input type="hidden" name="host" value="<?php echo str_replace('"', '&quot;', $host); ?>" />
500 <input type="hidden" name="pma_user" value="<?php echo str_replace('"', '&quot;', $pma_user); ?>" />
501
502 <?php echo $GLOBALS['strAddPriv'] . "\n"; ?>
503 <table>
504 <tr>
505 <td>
506 <input type="radio" name="anydb" value="1" id="radio_anydb1"<?php echo ($dbgrant) ? '' : ' checked="checked"'; ?> />
507 <label for="radio_anydb1"><?php echo $GLOBALS['strAnyDatabase']; ?></label>
508 </td>
509 <td>&nbsp;&nbsp;&nbsp;</td>
510 <td>
511 <input type="radio" name="anydb" value="0" id="radio_anydb0"<?php echo ($dbgrant) ? ' checked="checked"' : ''; ?> />
512 <label for="radio_anydb0"><?php echo $GLOBALS['strDatabase']; ?></label><a href="./Documentation.html#underscore" target="documentation" title="<?php echo $GLOBALS['strDocu']; ?>">(*)</a>&nbsp;:&nbsp;
513 </td>
514 <td>
515 <select name="dbgrant" onchange="change(this)">
516 <option></option>
517 <?php
518 echo "\n";
519 // if (!isset($dbgrant)) {
520 // echo ' ';
521 // echo '<option></option>' . "\n";
522 // }
523 $is_selected_db = FALSE;
524 $result = PMA_mysql_query('SHOW DATABASES');
525 if ($result && @mysql_num_rows($result)) {
526 while ($row = PMA_mysql_fetch_row($result)) {
527 $selected = (($row[0] == $dbgrant) ? ' selected="selected"' : '');
528 if (!empty($selected)) {
529 $is_selected_db = TRUE;
530 }
531 echo ' ';
532 echo '<option' . $selected . '>' . $row[0] . '</option>' . "\n";
533 } // end while
534 } // end if
535 ?>
536 </select>
537 </td>
538 <td>
539 &nbsp;
540 <input type="submit" value="<?php echo $GLOBALS['strShowTables']; ?>" />
541 </td>
542 </tr>
543 <tr>
544 <td>
545 <input type="radio" name="anytable" value="1" id="radio_anytable1"<?php echo ($tablegrant) ? '' : ' checked="checked"'; ?> />
546 <label for="radio_anytable1"><?php echo $GLOBALS['strAnyTable']; ?></label>
547 </td>
548 <td>&nbsp;&nbsp;&nbsp;</td>
549 <td>
550 <input type="radio" name="anytable" value="0" id="radio_anytable0"<?php echo ($tablegrant) ? ' checked="checked"' : ''; ?> />
551 <label for="radio_anytable0"><?php echo $GLOBALS['strTable']; ?></label>&nbsp;:&nbsp;
552 </td>
553 <td>
554 <select name="tablegrant" onchange="change(this)">
555 <option></option>
556 <?php
557 echo "\n";
558 // if (!isset($tablegrant)) {
559 // echo ' ';
560 // echo '<option></option>' . "\n";
561 // }
562 if (isset($dbgrant)) {
563 $result = PMA_mysql_query('SHOW TABLES FROM ' . PMA_backquote($dbgrant));
564 if ($result && @mysql_num_rows($result)) {
565 while ($row = PMA_mysql_fetch_row($result)) {
566 $selected = ((isset($tablegrant) && $row[0] == $tablegrant) ? ' selected="selected"' : '');
567 echo ' ';
568 echo '<option' . $selected . '>' . $row[0] . '</option>' . "\n";
569 } // end while
570 } // end if
571 } // end if
572 ?>
573 </select>
574 </td>
575 <td>
576 &nbsp;
577 <input type="submit" value="<?php echo $GLOBALS['strShowCols']; ?>" />
578 </td>
579 </tr>
580 <tr>
581 <td valign="top">
582 <input type="radio" name="anycolumn" value="1" id="radio_anycolumn1" checked="checked" />
583 <label for="radio_anycolumn1"><?php echo $GLOBALS['strAnyColumn']; ?></label>
584 </td>
585 <td>&nbsp;&nbsp;&nbsp;</td>
586 <td valign="top">
587 <input type="radio" name="anycolumn" value="0" id="radio_anycolumn0" />
588 <label for="radio_anycolumn0"><?php echo $GLOBALS['strColumn']; ?></label>&nbsp;:&nbsp;
589 </td>
590 <td>
591 <?php
592 echo "\n";
593 if (!isset($dbgrant) || !isset($tablegrant)) {
594 echo ' ' . '<select name="colgrant[]">' . "\n";
595 echo ' ' . '<option></option>' . "\n";
596 echo ' ' . '</select>' . "\n";
597 }
598 else {
599 $result = PMA_mysql_query('SHOW COLUMNS FROM ' . PMA_backquote($tablegrant) . ' FROM ' . PMA_backquote($dbgrant));
600 if ($result && @mysql_num_rows($result)) {
601 echo ' '
602 . '<select name="colgrant[]" multiple="multiple" onchange="anycolumn[1].checked = true">' . "\n";
603 while ($row = PMA_mysql_fetch_row($result)) {
604 echo ' ';
605 echo '<option value="' . str_replace('"', '&quot;', $row[0]) . '">' . $row[0] . '</option>' . "\n";
606 } // end while
607 } else {
608 echo ' ' . '<select name="colgrant[]">' . "\n";
609 echo ' ' . '<option></option>' . "\n";
610 } // end if... else...
611 echo ' '
612 . '</select>' . "\n";
613 } // end if... else
614 ?>
615 </td>
616 <td></td>
617 </tr>
618 <tr>
619 <td colspan="5">
620 <i><?php echo $GLOBALS['strOr']; ?></i>
621 </td>
622 </tr>
623 <tr>
624 <td colspan="5">
625 <?php echo $GLOBALS['strDatabaseWildcard'] . "\n"; ?>&nbsp;
626 <input type="text" name="newdb" value="<?php echo ((!$is_selected_db && !empty($pma_user)) ? $pma_user . '%' : ''); ?>" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="change(this)" />
627 </td>
628 <tr>
629 </table>
630
631 <table>
632 <tr>
633 <td>
634 <br />
635 <?php echo $GLOBALS['strPrivileges']; ?>&nbsp;:&nbsp;
636 <br />
637 </td>
638 </tr>
639 </table>
640 <?php
641 echo "\n";
642 PMA_tablePrivileges('userGrants', $grants);
643 ?>
644 <input type="submit" name="upd_grants" value="<?php echo $GLOBALS['strGo']; ?>" />
645 </form>
646 </li>
647
648 </ul>
649 <?php
650 echo "\n";
651
652 return TRUE;
653 } // end of the 'PMA_grantOperations()' function
654
655
656 /**
657 * Displays the page to edit operations
658 *
659 * @param string the host name to check grants for
660 * @param string the user name to check grants for
661 *
662 * @return boolean always true
663 *
664 * @global string the current language
665 * @global string the current charset for MySQL
666 * @global integer the server to use (refers to the number in the
667 * configuration file)
668 *
669 * @see PMA_tablePrivileges()
670 */
671 function PMA_editOperations($host, $user)
672 {
673 global $lang, $convcharset, $server;
674
675 $result = PMA_mysql_query('SELECT * FROM mysql.user WHERE User = \'' . PMA_sqlAddslashes($user) . '\' AND Host = \'' . PMA_sqlAddslashes($host) . '\'');
676 $rows = ($result) ? @mysql_num_rows($result) : 0;
677
678 if (!$rows) {
679 return FALSE;
680 }
681
682 $row = PMA_mysql_fetch_array($result);
683 ?>
684
685 <ul>
686
687 <li>
688 <div style="margin-bottom: 10px">
689 <a href="user_details.php3?lang=<?php echo $lang; ?>&amp;convcharset=<?php echo $convcharset; ?>&amp;server=<?php echo $server; ?>&amp;db=mysql&amp;table=user">
690 <?php echo $GLOBALS['strBack']; ?></a>
691 </div>
692 </li>
693
694 <li>
695 <form action="user_details.php3" method="post" name="updUserForm" onsubmit="return checkUpdProfile()">
696 <?php echo $GLOBALS['strUpdateProfile'] . "\n"; ?>
697 <table>
698 <tr>
699 <td>
700 <input type="radio" value="1" name="anyhost" id="radio_anyhost1"<?php if ($host == '' || $host == '%') echo ' checked="checked"'; ?> />
701 <label for="radio_anyhost1"><?php echo $GLOBALS['strAnyHost']; ?></label>
702 </td>
703 <td>&nbsp;</td>
704 <td>
705 <input type="radio" value="0" name="anyhost" id="radio_anyhost0"<?php if ($host != '' && $host != '%') echo ' checked="checked"'; ?> />
706 <label for="radio_anyhost0"><?php echo $GLOBALS['strHost']; ?></label>&nbsp;:&nbsp;
707 </td>
708 <td>
709 <input type="text" name="new_server" size="10" value="<?php echo str_replace('"', '&quot;', $host); ?>" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="this.form.anyhost[1].checked = true" />
710 </td>
711 </tr>
712 <tr>
713 <td>
714 <input type="radio" value="1" name="anyuser" id="radio_anyuser1"<?php if ($user == '' || $user == '%') echo ' checked="checked"'; ?> />
715 <label for="radio_anyuser1"><?php echo $GLOBALS['strAnyUser']; ?></label>
716 </td>
717 <td>&nbsp;</td>
718 <td>
719 <input type="radio" value="0" name="anyuser" id="radio_anyuser0"<?php if ($user != '' && $user != '%') echo ' checked="checked"'; ?> />
720 <label for="radio_anyuser0"><?php echo $GLOBALS['strUserName']; ?></label>&nbsp;:&nbsp;
721 </td>
722 <td>
723 <input type="text" name="new_user" size="10" value="<?php echo str_replace('"', '&quot;', $user); ?>" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="this.form.anyuser[1].checked = true" />
724 </td>
725 </tr>
726 <tr>
727 <td>
728 <input type="radio" name="nopass" value="-1" id="radio_nopass-1" checked="checked" onclick="new_pw.value = ''; new_pw2.value = ''; this.checked = true" />
729 <label for="radio_nopass-1"><?php echo $GLOBALS['strKeepPass']; ?></label>
730 </td>
731 <td colspan="3">&nbsp;</td>
732 </tr>
733 <tr>
734 <td colspan="4" align="<?php echo $GLOBALS['cell_align_left']; ?>">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<?php echo $GLOBALS['strOr']; ?></td>
735 </tr>
736 <tr>
737 <td>
738 <input type="radio" name="nopass" value="1" id="radio_nopass1" onclick="new_pw.value = ''; new_pw2.value = ''; this.checked = true" />
739 <label for="radio_nopass1"><?php echo $GLOBALS['strNoPassword']; ?></label>
740 </td>
741 <td>&nbsp;</td>
742 <td>
743 <input type="radio" name="nopass" value="0" id="radio_nopass0" />
744 <label for="radio_nopass0"><?php echo $GLOBALS['strPassword']; ?></label>&nbsp;:&nbsp;
745 </td>
746 <td>
747 <input type="password" name="new_pw" size="10" <?php echo $GLOBALS['chg_evt_handler']; ?>="nopass[2].checked = true" />
748 &nbsp;&nbsp;
749 <?php echo $GLOBALS['strReType']; ?>&nbsp;:&nbsp;
750 <input type="password" name="new_pw2" size="10" <?php echo $GLOBALS['chg_evt_handler']; ?>="nopass[2].checked = true" />
751 </td>
752 </tr>
753 </table>
754 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
755 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
756 <input type="hidden" name="server" value="<?php echo $server; ?>" />
757 <input type="hidden" name="host" value="<?php echo str_replace('"', '&quot;', $host); ?>" />
758 <input type="hidden" name="pma_user" value="<?php echo str_replace('"', '&quot;', $user); ?>" />
759 <input type="submit" name="submit_updProfile" value="<?php echo $GLOBALS['strGo']; ?>" />
760 </form>
761 </li>
762
763 <li>
764 <form action="user_details.php3" method="post" name="privForm">
765 <?php echo $GLOBALS['strEditPrivileges'] . "\n"; ?>
766 <?php
767 PMA_tablePrivileges('privForm', $row);
768 echo "\n";
769 ?>
770 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
771 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
772 <input type="hidden" name="server" value="<?php echo $server; ?>" />
773 <input type="hidden" name="host" value="<?php echo str_replace('"', '&quot;', $host); ?>" />
774 <input type="hidden" name="pma_user" value="<?php echo str_replace('"', '&quot;', $user); ?>" />
775 <input type="submit" name="submit_chgPriv" value="<?php echo $GLOBALS['strGo']; ?>" />
776 </form>
777 </li>
778
779 </ul>
780 <?php
781 echo "\n";
782
783 return TRUE;
784 } // end of the 'PMA_editOperations()' function
785
786
787 /**
788 * Displays the table of the users
789 *
790 * @param string the host name
791 * @param string the user name
792 *
793 * @return boolean always true
794 *
795 * @global string the current language
796 * @global string the current charset for MySQL
797 * @global integer the server to use (refers to the number in the
798 * configuration file)
799 */
800 function PMA_tableUsers($host = FALSE, $user = FALSE)
801 {
802 global $lang, $convcharset, $server;
803
804 $local_query = 'SELECT * FROM mysql.user ';
805 if ($host || $user) {
806 $local_query .= ' WHERE 1 ';
807 }
808 if ($host) {
809 $local_query .= ' AND Host = \'' . PMA_sqlAddslashes($host) . '\'';
810 $local_query .= ' AND User = \'' . PMA_sqlAddslashes($user) . '\'';
811 }
812 $local_query .= ' ORDER BY Host, User';
813 $result = PMA_mysql_query($local_query);
814 $rows = ($result) ? @mysql_num_rows($result) : 0;
815
816 if (!$rows) {
817 return FALSE;
818 }
819
820 echo '<i>' . $GLOBALS['strEnglishPrivileges'] . '</i><br />' . "\n";
821 echo '<table border="' . $GLOBALS['cfg']['Border'] . '">' . "\n";
822 echo '<tr>' . "\n";
823 echo ' <th colspan="'. (($user) ? '2' : '3') . '">' . $GLOBALS['strAction'] . '</th>' . "\n";
824 echo ' <th>' . $GLOBALS['strHost'] . '</th>' . "\n";
825 echo ' <th>' . $GLOBALS['strUser'] . '</th>' . "\n";
826 echo ' <th>' . $GLOBALS['strPassword'] . '</th>' . "\n";
827 echo ' <th>' . $GLOBALS['strPrivileges'] . '</th>' . "\n";
828 echo '</tr>' . "\n";
829
830 $i = 0;
831 while ($row = PMA_mysql_fetch_array($result)) {
832
833 $bgcolor = ($i % 2) ? $GLOBALS['cfg']['BgcolorOne'] : $GLOBALS['cfg']['BgcolorTwo'];
834
835 $strPriv = '';
836 if ($row['Select_priv'] == 'Y') {
837 $strPriv .= 'Select ';
838 }
839 if ($row['Insert_priv'] == 'Y') {
840 $strPriv .= 'Insert ';
841 }
842 if ($row['Update_priv'] == 'Y') {
843 $strPriv .= 'Update ';
844 }
845 if ($row['Delete_priv'] == 'Y') {
846 $strPriv .= 'Delete ';
847 }
848 if ($row['Create_priv'] == 'Y') {
849 $strPriv .= 'Create ';
850 }
851 if ($row['Drop_priv'] == 'Y') {
852 $strPriv .= 'Drop ';
853 }
854 if ($row['Reload_priv'] == 'Y') {
855 $strPriv .= 'Reload ';
856 }
857 if ($row['Shutdown_priv'] == 'Y') {
858 $strPriv .= 'Shutdown ';
859 }
860 if ($row['Process_priv'] == 'Y') {
861 $strPriv .= 'Process ';
862 }
863 if ($row['File_priv'] == 'Y') {
864 $strPriv .= 'File ';
865 }
866 if ($row['Grant_priv'] == 'Y') {
867 $strPriv .= 'Grant ';
868 }
869 if ($row['References_priv'] == 'Y') {
870 $strPriv .= 'References ';
871 }
872 if ($row['Index_priv'] == 'Y') {
873 $strPriv .= 'Index ';
874 }
875 if ($row['Alter_priv'] == 'Y') {
876 $strPriv .= 'Alter ';
877 }
878 if ($strPriv == '') {
879 $strPriv = '<span style="color: #002E80">' . $GLOBALS['strNoPrivileges'] . '</span>';
880 }
881
882 $query = 'lang=' . $lang . '&amp;server=' . $server . '&amp;db=mysql&amp;table=user&amp;convcharset=' . $convcharset;
883 if (!$user) {
884 $edit_url = 'user_details.php3'
885 . '?lang=' . $lang . '&amp;convcharset=' . $convcharset . '&amp;server=' . $server
886 . '&amp;edit=1&amp;host=' . urlencode($row['Host']) . '&amp;pma_user=' . urlencode($row['User']);
887 }
888 $delete_url = 'user_details.php3'
889 . '?' . $query
890 . '&amp;delete=1&amp;confirm=1&amp;delete_host=' . urlencode($row['Host']) . '&amp;delete_user=' . urlencode($row['User']);
891 $check_url = 'user_details.php3'
892 . '?lang=' . $lang . '&amp;convcharset=' . $convcharset . '&amp;server=' . $server
893 . '&amp;grants=1&amp;host=' . urlencode($row['Host']) . '&amp;pma_user=' . urlencode($row['User']);
894 ?>
895
896 <tr>
897 <?php
898 if (!$user) {
899 echo "\n";
900 ?>
901 <td bgcolor="<?php echo $bgcolor;?>">
902 <a href="<?php echo $edit_url; ?>">
903 <?php echo $GLOBALS['strEdit']; ?></a>
904 </td>
905 <?php
906 }
907 echo "\n";
908 ?>
909 <td bgcolor="<?php echo $bgcolor;?>">
910 <a href="<?php echo $delete_url; ?>">
911 <?php echo $GLOBALS['strDelete']; ?></a>
912 </td>
913 <td bgcolor="<?php echo $bgcolor;?>">
914 <a href="<?php echo $check_url; ?>">
915 <?php echo $GLOBALS['strGrants']; ?></a>
916 </td>
917 <!--
918 <td bgcolor="<?php echo $bgcolor;?>">
919 <a href="<?php echo (($check_url != '') ? $check_url : '#'); ?>">
920 <?php echo $GLOBALS['strGrants']; ?></a>
921 </td>
922 //-->
923 <td bgcolor="<?php echo $bgcolor;?>">
924 <?php echo $row['Host'] . "\n"; ?>
925 </td>
926 <td bgcolor="<?php echo $bgcolor;?>">
927 <?php echo (($row['User']) ? '<b>' . $row['User'] . '</b>' : '<span style="color: #FF0000">' . $GLOBALS['strAny'] . '</span>') . "\n"; ?>
928 </td>
929 <td bgcolor="<?php echo $bgcolor;?>">
930 <?php echo (($row[$GLOBALS['password_field']]) ? $GLOBALS['strYes'] : '<span style="color: #FF0000">' . $GLOBALS['strNo'] . '</span>') . "\n"; ?>
931 </td>
932 <td bgcolor="<?php echo $bgcolor;?>">
933 <?php echo $strPriv . "\n"; ?>
934 </td>
935 </tr>
936 <?php
937 echo "\n";
938 $i++;
939 } // end while
940
941 echo "\n";
942 ?>
943 </table>
944 <hr />
945 <?php
946 echo "\n";
947
948 return TRUE;
949 } // end of the 'PMA_tableUsers()' function
950
951
952 /**
953 * Displays a confirmation form
954 *
955 * @param string the host name and...
956 * @param string ... the username to delete
957 *
958 * @global string the current language
959 * @global string the current charset for MySQL
960 * @global integer the server to use (refers to the number in the
961 * configuration file)
962 */
963 function PMA_confirm($the_host, $the_user) {
964 global $lang, $convcharset, $server;
965
966 if (get_magic_quotes_gpc() == 1) {
967 $the_host = stripslashes($the_host);
968 $the_user = stripslashes($the_user);
969 }
970
971 echo $GLOBALS['strConfirm'] . '&nbsp;:&nbsp<br />' . "\n";
972 echo 'DELETE FROM mysql.user WHERE Host = \'' . $the_host . '\' AND User = \'' . $the_user . '\'' . '<br />' . "\n";
973 ?>
974 <form action="user_details.php3" method="post">
975 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
976 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
977 <input type="hidden" name="server" value="<?php echo $server; ?>" />
978 <input type="hidden" name="db" value="mysql" />
979 <input type="hidden" name="table" value="user" />
980 <input type="hidden" name="delete" value="<?php echo(isset($GLOBALS['delete']) ? '1' : '0'); ?>" />
981 <input type="hidden" name="delete_host" value="<?php echo str_replace('"', '&quot;', $the_host); ?>" />
982 <input type="hidden" name="delete_user" value="<?php echo str_replace('"', '&quot;', $the_user); ?>" />
983 <input type="submit" name="btnConfirm" value="<?php echo $GLOBALS['strYes']; ?>" />
984 <input type="submit" name="btnConfirm" value="<?php echo $GLOBALS['strNo']; ?>" />
985 </form>
986 <?php
987 echo "\n";
988
989 include('./footer.inc.php3');
990 } // end of the 'PMA_confirm()' function
991
992
993
994 /**
995 * Ensures the user is super-user and gets the case sensitive password field
996 * name
997 */
998 $result = @PMA_mysql_query('USE mysql');
999 if (PMA_mysql_error()) {
1000 include('./header.inc.php3');
1001 echo '<p><b>' . $strError . '</b></p>' . "\n";
1002 echo '<p>&nbsp;&nbsp;&nbsp;&nbsp;' . $strNoRights . '</p>' . "\n";
1003 include('./footer.inc.php3');
1004 exit();
1005 }
1006 // The previous logic did not work if the password field is named "password":
1007 //$result = @PMA_mysql_query('SELECT COUNT(Password) FROM mysql.user');
1008 //$password_field = (($result && PMA_mysql_result($result, 0)) ? 'Password' : 'password');
1009
1010 // using a syntax that works with older and recent MySQL,
1011 // and assumes that the field name ends with "assword":
1012 $result = @PMA_mysql_query('SHOW FIELDS FROM user FROM mysql LIKE \'%assword\'');
1013 if ($result) {
1014 $password_field = PMA_mysql_result($result, 0);
1015 }
1016
1017 /**
1018 * Autocomplete feature of IE kills the "onchange" event handler and it must be
1019 * replaced by the "onpropertychange" one in this case
1020 */
1021 $chg_evt_handler = (PMA_USR_BROWSER_AGENT == 'IE' && PMA_USR_BROWSER_VER >= 5)
1022 ? 'onpropertychange'
1023 : 'onchange';
1024
1025
1026 /**
1027 * Displays headers
1028 */
1029 if (isset($db)) {
1030 $db_bkp = (get_magic_quotes_gpc() ? stripslashes($db) : $db);
1031 unset($db);
1032 }
1033 if (isset($table)) {
1034 $table_bkp = (get_magic_quotes_gpc() ? stripslashes($table) : $table);
1035 unset($table);
1036 }
1037 if (get_magic_quotes_gpc()) {
1038 if (!empty($host)) {
1039 $host = stripslashes($host);
1040 }
1041 if (!empty($pma_user)) {
1042 $pma_user = stripslashes($pma_user);
1043 }
1044 }
1045
1046 if (!isset($message)) {
1047 $js_to_run = 'user_details.js';
1048 include('./header.inc.php3');
1049 }
1050 if (!isset($submit_updProfile)) {
1051 echo '<h1>' . "\n";
1052 echo ' ' . ((!isset($host) || $host == '') ? $strAnyHost : $strHost . ' ' . $host) . ' - ' . ((!isset($pma_user) || $pma_user == '') ? $strAnyUser : $strUser . ' ' . $pma_user) . "\n";
1053 echo '</h1>';
1054 }
1055 if (isset($message)) {
1056 $show_query = '1';
1057 PMA_showMessage($message);
1058 }
1059
1060 if (isset($db_bkp)) {
1061 $db = $db_bkp;
1062 unset($db_bkp);
1063 }
1064 if (isset($table_bkp)) {
1065 $table = $table_bkp;
1066 unset($table_bkp);
1067 }
1068
1069
1070 /**
1071 * Some actions has been submitted
1072 */
1073 // Confirms an action
1074 if (isset($confirm) && $confirm) {
1075 PMA_confirm($delete_host, $delete_user);
1076 exit();
1077 }
1078
1079 // Reloads mysql
1080 else if (($server > 0) && isset($mode) && ($mode == 'reload')) {
1081 $result = PMA_mysql_query('FLUSH PRIVILEGES');
1082 if ($result != 0) {
1083 echo '<p><b>' . $strMySQLReloaded . '</b></p>' . "\n";
1084 } else {
1085 echo '<p><b>' . $strReloadFailed . '</b></p>' . "\n";
1086 }
1087 }
1088
1089 // Deletes an user
1090 else if (isset($delete) && $delete
1091 && isset($btnConfirm) && $btnConfirm == $strYes) {
1092 if (get_magic_quotes_gpc()) {
1093 $delete_host = stripslashes($delete_host);
1094 $delete_user = stripslashes($delete_user);
1095 }
1096 $common_where = ' WHERE Host = \'' . PMA_sqlAddslashes($delete_host) . '\' AND User = \'' . PMA_sqlAddslashes($delete_user) . '\'';
1097
1098 // Delete Grants First!
1099 $sql_query = 'DELETE FROM mysql.db' . $common_where;
1100 $sql_query_cpy = $sql_query;
1101 PMA_mysql_query($sql_query);
1102 $sql_query = 'DELETE FROM mysql.tables_priv' . $common_where;
1103 $sql_query_cpy .= ";\n" . $sql_query;
1104 PMA_mysql_query($sql_query);
1105 $sql_query = 'DELETE FROM mysql.columns_priv' . $common_where;
1106 $sql_query_cpy .= ";\n" . $sql_query;
1107 PMA_mysql_query($sql_query);
1108
1109 $sql_query = 'DELETE FROM mysql.user' . $common_where;
1110 $sql_query_cpy .= ";\n" . $sql_query;
1111 $result = PMA_mysql_query($sql_query);
1112
1113 $sql_query = $sql_query_cpy;
1114 unset($sql_query_cpy);
1115 if ($result) {
1116 PMA_showMessage(sprintf($strDeleteUserMessage, '<span style="color: #002E80">' . $delete_user . '@' . $delete_host . '</span>') . '<br />' . $strRememberReload);
1117 } else {
1118 PMA_showMessage($strDeleteFailed);
1119 }
1120 }
1121
1122 // Adds an user
1123 else if (isset($submit_addUser)) {
1124 $show_query = '1';
1125 if (!isset($host) || $host == '') {
1126 $host = '%';
1127 }
1128 if (!isset($pma_user) || $pma_user == '') {
1129 $pma_user = '%';
1130 }
1131
1132 // Password is not confirmed
1133 if ((!isset($nopass) || !$nopass) && $pma_pw == '') {
1134 echo '<p><b>' . $strError . '&nbsp;:&nbsp;' . $strPasswordEmpty . '</b></p>' . "\n";
1135 unset($host);
1136 unset($pma_user);
1137 }
1138 else if ($pma_pw != ''
1139 && (!isset($pma_pw2) || $pma_pw != $pma_pw2)) {
1140 echo '<p><b>' . $strError . '&nbsp;:&nbsp;' . $strPasswordNotSame . '</b></p>' . "\n";
1141 unset($host);
1142 unset($pma_user);
1143 }
1144
1145 // Password confirmed
1146 else {
1147 $sql_query = '';
1148 $list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
1149 'Shutdown', 'Process', 'File', 'Grant', 'References', 'Index', 'Alter');
1150 for ($i = 0; $i < 14; $i++) {
1151 $priv_name = $list_priv[$i] . '_priv';
1152 if (isset($$priv_name)) {
1153 $sql_query .= (empty($sql_query) ? $priv_name : ', ' . $priv_name) . ' = \'Y\'';
1154 } else {
1155 $sql_query .= (empty($sql_query) ? $priv_name : ', ' . $priv_name) . ' = \'N\'';
1156 }
1157 } // end for
1158 unset($list_priv);
1159
1160 if (get_magic_quotes_gpc() && $pma_pw != '') {
1161 $pma_pw = stripslashes($pma_pw);
1162 }
1163
1164 $local_query = 'INSERT INTO mysql.user '
1165 . 'SET Host = \'' . PMA_sqlAddslashes($host) . '\', User = \'' . PMA_sqlAddslashes($pma_user) . '\', ' . $password_field . ' = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . PMA_sqlAddslashes($pma_pw) . '\')')
1166 . ', ' . $sql_query;
1167 $sql_query = 'INSERT INTO mysql.user '
1168 . 'SET Host = \'' . PMA_sqlAddslashes($host) . '\', User = \'' . PMA_sqlAddslashes($pma_user) . '\', ' . $password_field . ' = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . ereg_replace('.', '*', $pma_pw) . '\')')
1169 . ', ' . $sql_query;
1170 $result = @PMA_mysql_query($local_query) or PMA_mysqlDie('', '', FALSE, $err_url);
1171 unset($host);
1172 unset($pma_user);
1173 PMA_showMessage($strAddUserMessage . '<br />' . $strRememberReload);
1174 } // end else
1175 }
1176
1177 // Updates the profile of an user
1178 else if (isset($submit_updProfile)) {
1179 $show_query = '1';
1180 $edit = TRUE;
1181 if (!isset($host) || $host == '') {
1182 $host = '%';
1183 }
1184 if (!isset($pma_user) || $pma_user == '') {
1185 $pma_user = '%';
1186 }
1187
1188 // Builds the sql query
1189 $common_upd = '';
1190
1191 if (isset($anyhost) && $anyhost) {
1192 $new_server = '%';
1193 } else if ($new_server != '' && get_magic_quotes_gpc()) {
1194 $new_server = stripslashes($new_server);
1195 }
1196 if ($new_server != '' && $new_server != $host) {
1197 $common_upd .= 'Host = \'' . PMA_sqlAddslashes($new_server) . '\'';
1198 } else if (isset($new_server)) {
1199 unset($new_server);
1200 }
1201
1202 if (isset($anyuser) && $anyuser) {
1203 $new_user = '%';
1204 } else if ($new_user != '' && get_magic_quotes_gpc()) {
1205 $new_user = stripslashes($new_user);
1206 }
1207 if ($new_user != '' && $new_user != $pma_user) {
1208 $common_upd .= (empty($common_upd) ? '' : ', ')
1209 . 'User = \'' . PMA_sqlAddslashes($new_user) . '\'';
1210 } else if (isset($new_user)) {
1211 unset($new_user);
1212 }
1213
1214 if (isset($nopass) && $nopass == -1) {
1215 $sql_query = $common_upd;
1216 $local_query = $common_upd;
1217 }
1218 else if ((!isset($nopass) || $nopass == 0) && $new_pw == '') {
1219 echo '<h1>' . "\n";
1220 echo ' ' . $strHost . ' ' . $host . ' - ' . $strUser . ' ' . (($pma_user != '') ? $pma_user : $strAny) . "\n";
1221 echo '</h1>' . "\n";
1222 echo '<p><b>' . $strError . '&nbsp;:&nbsp;' . $strPasswordEmpty . '</b></p>' . "\n";
1223 }
1224 else if ($new_pw != ''
1225 && (!isset($new_pw2) || $new_pw != $new_pw2)) {
1226 echo '<h1>' . "\n";
1227 echo ' ' . $strHost . ' ' . $host . ' - ' . $strUser . ' ' . (($pma_user != '') ? $pma_user : $strAny) . "\n";
1228 echo '</h1>' . "\n";
1229 echo '<p><b>' . $strError . '&nbsp;:&nbsp;' . $strPasswordNotSame . '</b></p>' . "\n";
1230 }
1231 else {
1232 $sql_query = (empty($common_upd) ? '' : $common_upd . ', ')
1233 . $password_field . ' = ' . (($new_pw == '') ? '\'\'' : 'PASSWORD(\'' . ereg_replace('.', '*', $new_pw) . '\')');
1234 $local_query = (empty($common_upd) ? '' : $common_upd . ', ')
1235 . $password_field . ' = ' . (($new_pw == '') ? '\'\'' : 'PASSWORD(\'' . PMA_sqlAddslashes($new_pw) . '\')');
1236 }
1237
1238 if (!empty($sql_query)) {
1239 $common_where = ' WHERE Host = \'' . PMA_sqlAddslashes($host) . '\' AND User = \'' . PMA_sqlAddslashes($pma_user) . '\'';
1240
1241 // Updates profile
1242 $local_query = 'UPDATE user SET ' . $local_query . $common_where;
1243 $sql_query_cpy = 'UPDATE user SET ' . $sql_query . $common_where;
1244 $result = @PMA_mysql_query($local_query) or PMA_mysqlDie('', '', FALSE, $err_url . '&amp;host=' . urlencode($host) . '&amp;pma_user=' . urlencode($pma_user) . '&amp;edit=1');
1245
1246 // Updates grants
1247 if (isset($new_server) || isset($new_user)) {
1248 $sql_query = 'UPDATE mysql.db SET ' . $common_upd . $common_where;
1249 $sql_query_cpy .= ";\n" . $sql_query;
1250 PMA_mysql_query($sql_query);
1251 $sql_query = 'UPDATE mysql.tables_priv SET ' . $common_upd . $common_where;
1252 $sql_query_cpy .= ";\n" . $sql_query;
1253 PMA_mysql_query($sql_query);
1254 $sql_query = 'UPDATE mysql.columns_priv SET ' . $common_upd . $common_where;
1255 $sql_query_cpy .= ";\n" . $sql_query;
1256 PMA_mysql_query($sql_query);
1257 unset($common_upd);
1258 }
1259
1260 $sql_query = $sql_query_cpy;
1261 unset($sql_query_cpy);
1262 if (isset($new_server)) {
1263 $host = $new_server;
1264 }
1265 if (isset($new_user)) {
1266 $pma_user = $new_user;
1267 }
1268 echo '<h1>' . "\n";
1269 echo ' ' . $strHost . ' ' . $host . ' - ' . $strUser . ' ' . (($pma_user != '') ? $pma_user : $strAny) . "\n";
1270 echo '</h1>' . "\n";
1271 PMA_showMessage($strUpdateProfileMessage . '<br />' . $strRememberReload);
1272 } else {
1273 echo '<h1>' . "\n";
1274 echo ' ' . $strHost . ' ' . $host . ' - ' . $strUser . ' ' . (($pma_user != '') ? $pma_user : $strAny) . "\n";
1275 echo '</h1>' . "\n";
1276 PMA_showMessage($strNoModification);
1277 }
1278 }
1279
1280 // Changes the privileges of an user
1281 else if (isset($submit_chgPriv)) {
1282 $show_query = '1';
1283 $edit = TRUE;
1284 if (!isset($host) || $host == '') {
1285 $host = '%';
1286 }
1287 if (!isset($pma_user) || $pma_user == '') {
1288 $pma_user = '%';
1289 }
1290
1291 $sql_query = '';
1292 $list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
1293 'Shutdown', 'Process', 'File', 'Grant', 'References', 'Index', 'Alter');
1294 for ($i = 0; $i < 14; $i++) {
1295 $priv_name = $list_priv[$i] . '_priv';
1296 if (isset($$priv_name)) {
1297 $sql_query .= (empty($sql_query) ? $priv_name : ', ' . $priv_name) . ' = \'Y\'';
1298 } else {
1299 $sql_query .= (empty($sql_query) ? $priv_name : ', ' . $priv_name) . ' = \'N\'';
1300 }
1301 } // end for
1302 unset($list_priv);
1303
1304 $sql_query = 'UPDATE user SET '
1305 . $sql_query
1306 . ' WHERE Host = \'' . PMA_sqlAddslashes($host) . '\' AND User = \'' . PMA_sqlAddslashes($pma_user) . '\'';
1307 $result = @PMA_mysql_query($sql_query) or PMA_mysqlDie('', '', FALSE, $err_url . '&amp;host=' . urlencode($host) . '&amp;pma_user=' . urlencode($pma_user) . '&amp;edit=1');
1308 PMA_showMessage(sprintf($strUpdatePrivMessage, '<span style="color: #002E80">' . $pma_user . '@' . $host . '</span>') . '<br />' . $strRememberReload);
1309 }
1310
1311 // Revoke/Grant privileges
1312 else if (isset($grants) && $grants) {
1313 $show_query = '1';
1314 if (!isset($host) || $host == '') {
1315 $host = '%';
1316 }
1317 if (!isset($pma_user) || $pma_user == '') {
1318 $pma_user = '%';
1319 }
1320
1321 if (isset($upd_grants)) {
1322 $sql_query = '';
1323 $col_list = '';
1324
1325 if (isset($colgrant) && !$anycolumn && !$newdb) {
1326 $colgrant_cnt = count($colgrant);
1327 for ($i = 0; $i < $colgrant_cnt; $i++) {
1328 if (get_magic_quotes_gpc()) {
1329 $colgrant[$i] = stripslashes($colgrant[$i]);
1330 }
1331 $col_list .= (empty($col_list) ? PMA_backquote($colgrant[$i]) : ', ' . PMA_backquote($colgrant[$i]));
1332 } // end for
1333 unset($colgrant);
1334 $col_list = ' (' . $col_list . ')';
1335 } // end if
1336
1337 $list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
1338 'Shutdown', 'Process', 'File', 'References', 'Index', 'Alter');
1339 for ($i = 0; $i < 13; $i++) {
1340 $priv_name = $list_priv[$i] . '_priv';
1341 if (isset($$priv_name)) {
1342 $sql_query .= (empty($sql_query) ? $list_priv[$i] : ', ' . $list_priv[$i]) . $col_list;
1343 }
1344 } // end for
1345 unset($list_priv);
1346 if (empty($sql_query)) {
1347 $sql_query = 'USAGE' . $col_list;
1348 }
1349 $priv_grant = 'Grant_priv';
1350 $priv_grant = (isset($$priv_grant) ? ' WITH GRANT OPTION' : '');
1351
1352 if (get_magic_quotes_gpc()) {
1353 if ($newdb) {
1354 $newdb = stripslashes($newdb);
1355 } else {
1356 if (isset($dbgrant) && !$anydb && !$newdb) {
1357 $dbgrant = stripslashes($dbgrant);
1358 }
1359 if (isset($tablegrant) && !$anytable && !$newdb) {
1360 $tablegrant = stripslashes($tablegrant);
1361 }
1362 }
1363 } // end if
1364
1365 // Escape wilcard characters if required
1366 if (isset($dbgrant) && !$anydb && !$newdb) {
1367 $re = '(^|(\\\\\\\\)+|[^\])(_|%)'; // non-escaped wildcards
1368 $dbgrant = ereg_replace($re, '\\1\\\\3', $dbgrant);
1369 }
1370
1371 if (!$newdb) {
1372 $sql_query .= ' ON '
1373 . (($anydb || $dbgrant == '') ? '*' : PMA_backquote($dbgrant))
1374 . '.'
1375 . (($anytable || $tablegrant == '') ? '*' : PMA_backquote($tablegrant));
1376 } else {
1377 $sql_query .= ' ON ' . PMA_backquote($newdb) . '.*';
1378 }
1379
1380 $sql_query .= ' TO ' . '\'' . PMA_sqlAddslashes($pma_user) . '\'' . '@' . '\'' . PMA_sqlAddslashes($host) . '\'';
1381
1382 $sql_query = 'GRANT ' . $sql_query . $priv_grant;
1383 $result = @PMA_mysql_query($sql_query) or PMA_mysqlDie('', '', FALSE, $err_url . '&amp;host=' . urlencode($host) . '&amp;pma_user=' . urlencode($pma_user) . '&amp;grants=1');
1384 PMA_showMessage($strAddPrivMessage . '.<br />' . $strRememberReload);
1385 } // end if
1386 }
1387
1388
1389
1390 /**
1391 * Displays the page
1392 */
1393 // Edit an user properies
1394 if (isset($edit) && $edit) {
1395 PMA_tableUsers($host, $pma_user);
1396 PMA_editOperations($host, $pma_user);
1397 }
1398
1399 // Revoke/Grant privileges for an user
1400 else if (isset($grants) && $grants) {
1401 // Displays the full list of privileges for this host & user
1402 $infos['Host'] = $host;
1403 $infos['User'] = $pma_user;
1404 PMA_tableGrants($infos);
1405
1406 // Displays the list of privileges for user on the selected db/table/column
1407 $user_priv = array();
1408 $list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
1409 'Shutdown', 'Process', 'File', 'Grant', 'References', 'Index',
1410 'Alter');
1411 $list_priv_new = array();
1412
1413 // Gets globals privileges
1414 $result = PMA_mysql_query('SELECT * FROM mysql.user WHERE (Host = \'' . PMA_sqlAddslashes($host) . '\' OR Host = \'%\') AND (User = \'' . PMA_sqlAddslashes($pma_user) . '\' OR User = \'\')');
1415 $row = ($result) ? @PMA_mysql_fetch_array($result) : FALSE;
1416 if ($row) {
1417 while (list(,$priv) = each($list_priv)) {
1418 $priv_priv = $priv . '_priv';
1419 if ($row[$priv_priv] == 'Y') {
1420 $user_priv[$priv_priv] = 'Y';
1421 } else {
1422 $user_priv[$priv_priv] = 'N';
1423 $list_priv_new[] = $priv;
1424 }
1425 } // end while
1426 mysql_free_result($result);
1427 $list_priv = $list_priv_new;
1428 unset($list_priv_new);
1429 $list_priv_new = array();
1430 } // end if $row
1431
1432 // If a target database is set, gets privileges for this database
1433 if (count($list_priv) && isset($dbgrant)) {
1434 if (get_magic_quotes_gpc()) {
1435 $dbgrant = stripslashes($dbgrant);
1436 }
1437 $result = PMA_mysql_query('SELECT * FROM mysql.db WHERE (Host = \'' . PMA_sqlAddslashes($host) . '\' OR Host = \'%\') AND (User = \'' . PMA_sqlAddslashes($pma_user) . '\' OR User = \'\') AND Db = \'' . PMA_sqlAddslashes($dbgrant) . '\'');
1438 $row = ($result) ? @PMA_mysql_fetch_array($result) : FALSE;
1439 if ($row) {
1440 while (list(,$priv) = each($list_priv)) {
1441 $priv_priv = $priv . '_priv';
1442 if (isset($row[$priv_priv]) && $row[$priv_priv] == 'Y') {
1443 $user_priv[$priv_priv] = 'Y';
1444 } else {
1445 $list_priv_new[] = $priv;
1446 }
1447 } // end while
1448 mysql_free_result($result);
1449 $list_priv = $list_priv_new;
1450 unset($list_priv_new);
1451 $list_priv_new = array();
1452 } // end if $row
1453 } // end if
1454
1455 // If a target table is set, gets privileges for this table
1456 if (count($list_priv) && isset($tablegrant)) {
1457 if (get_magic_quotes_gpc()) {
1458 $tablegrant = stripslashes($tablegrant);
1459 }
1460 $result = PMA_mysql_query('SELECT * FROM mysql.tables_priv WHERE (Host = \'' . PMA_sqlAddslashes($host) . '\' OR Host = \'%\') AND (User = \'' . PMA_sqlAddslashes($pma_user) . '\' OR User = \'\') AND Db = \'' . PMA_sqlAddslashes($dbgrant) . '\' AND Table_name = \'' . PMA_sqlAddslashes($tablegrant) . '\'');
1461 $row = ($result) ? @PMA_mysql_fetch_array($result) : FALSE;
1462 if ($row && $row['Table_priv']) {
1463 while (list(,$priv) = each($list_priv)) {
1464 $priv_priv = $priv . '_priv';
1465 if (eregi('(^|,)' . $priv . '(,|$)', $row['Table_priv'])) {
1466 $user_priv[$priv_priv] = 'Y';
1467 } else {
1468 $list_priv_new[] = $priv;
1469 }
1470 } // end while
1471 mysql_free_result($result);
1472 $list_priv = $list_priv_new;
1473 unset($list_priv_new);
1474 $list_priv_new = array();
1475 } // end if $row
1476 } // end if
1477
1478 // TODO: column privileges
1479
1480 PMA_grantOperations($user_priv);
1481 }
1482
1483 // Check database privileges
1484 else if (isset($check) && $check) {
1485 PMA_checkDb($db);
1486 ?>
1487 <ul>
1488 <li>
1489 <a href="user_details.php3?lang=<?php echo $lang;?>&amp;convcharset=<?php echo $convcharset; ?>&amp;server=<?php echo $server; ?>&amp;db=mysql&amp;table=user">
1490 <?php echo $strBack; ?></a>
1491 </li>
1492 </ul>
1493 <?php
1494 echo "\n";
1495 }
1496
1497 // Displays all users profiles
1498 else {
1499 if (!isset($host)) {
1500 $host = FALSE;
1501 }
1502 if (!isset($pma_user)) {
1503 $pma_user = FALSE;
1504 }
1505 PMA_tableUsers($host, $pma_user) or PMA_mysqlDie($strNoUsersFound, '', FALSE, '');
1506 PMA_normalOperations();
1507 }
1508
1509
1510 /**
1511 * Displays the footer
1512 */
1513 require('./footer.inc.php3');
1514 ?>
Drizzle / GSOC 2011