2 /* vim: set expandtab sw=4 ts=4 sts=4: */
4 * Get user's global privileges and some db-specific privileges
5 * ($controllink and $userlink are links to MySQL defined in the "common.inc.php" library)
6 * Note: if no controluser is defined, $controllink contains $userlink
10 if (! defined('PHPMYADMIN')) {
17 $is_create_db_priv = false;
18 $is_process_priv = true;
19 $is_reload_priv = false;
21 $dbs_where_create_table_allowed = array();
23 // We were trying to find if user if superuser with 'USE mysql'
24 // but users with the global priv CREATE TEMPORARY TABLES or LOCK TABLES
25 // can do a 'USE mysql' (even if they cannot see the tables)
26 $is_superuser = PMA_isSuperuser();
28 function PMA_analyseShowGrant($rs_usr, &$is_create_db_priv, &$db_to_create, &$is_reload_priv, &$dbs_where_create_table_allowed) {
30 $re0 = '(^|(\\\\\\\\)+|[^\])'; // non-escaped wildcards
31 $re1 = '(^|[^\])(\\\)+'; // escaped wildcards
32 while ($row = PMA_DBI_fetch_row($rs_usr)) {
33 $show_grants_dbname = substr($row[0], strpos($row[0], ' ON ') +
4, (strpos($row[0], '.', strpos($row[0], ' ON ')) - strpos($row[0], ' ON ') - 4));
34 $show_grants_dbname = ereg_replace('^`(.*)`', '\\1', $show_grants_dbname);
35 $show_grants_str = substr($row[0], 6, (strpos($row[0], ' ON ') - 6));
36 if ($show_grants_str == 'RELOAD') {
37 $is_reload_priv = true;
40 * @todo if we find CREATE VIEW but not CREATE, do not offer
41 * the create database dialog box
43 if (($show_grants_str == 'ALL') ||
($show_grants_str == 'ALL PRIVILEGES') ||
($show_grants_str == 'CREATE') ||
strpos($show_grants_str, 'CREATE,') !== false) {
44 if ($show_grants_dbname == '*') {
45 // a global CREATE privilege
46 $is_create_db_priv = true;
47 $is_reload_priv = true;
49 $dbs_where_create_table_allowed[] = '*';
52 // this array may contain wildcards
53 $dbs_where_create_table_allowed[] = $show_grants_dbname;
55 // before MySQL 4.1.0, we cannot use backquotes around a dbname
56 // for the USE command, so the USE will fail if the dbname contains
57 // a "-" and we cannot detect if such a db already exists;
58 // since 4.1.0, we need to use backquotes if the dbname contains a "-"
61 if (PMA_MYSQL_INT_VERSION
> 40100) {
62 $dbname_to_test = PMA_backquote($show_grants_dbname);
64 $dbname_to_test = $show_grants_dbname;
67 if ((ereg($re0 . '%|_', $show_grants_dbname)
68 && !ereg('\\\\%|\\\\_', $show_grants_dbname))
69 // does this db exist?
70 ||
(!PMA_DBI_try_query('USE ' . ereg_replace($re1 .'(%|_)', '\\1\\3', $dbname_to_test), null, PMA_DBI_QUERY_STORE
)
71 && substr(PMA_DBI_getError(), 1, 4) != 1044)
73 $db_to_create = ereg_replace($re0 . '%', '\\1...', ereg_replace($re0 . '_', '\\1?', $show_grants_dbname));
74 $db_to_create = ereg_replace($re1 . '(%|_)', '\\1\\3', $db_to_create);
75 $is_create_db_priv = true;
78 * @todo collect $db_to_create into an array, to display a
79 * drop-down in the "Create new database" dialog
81 // we don't break, we want all possible databases
89 // Detection for some CREATE privilege.
91 // Since MySQL 4.1.2, we can easily detect current user's grants
92 // using $userlink (no control user needed)
93 // and we don't have to try any other method for detection
95 if (PMA_MYSQL_INT_VERSION
>= 40102) {
96 $rs_usr = PMA_DBI_try_query('SHOW GRANTS', $userlink, PMA_DBI_QUERY_STORE
);
98 PMA_analyseShowGrant($rs_usr, $is_create_db_priv, $db_to_create, $is_reload_priv, $dbs_where_create_table_allowed);
99 PMA_DBI_free_result($rs_usr);
104 // Before MySQL 4.1.2, we first try to find a priv in mysql.user. Hopefuly
105 // the controluser is correctly defined; but here, $controllink could contain
106 // $userlink so maybe the SELECT will fail
108 if (!$is_create_db_priv) {
109 $res = PMA_DBI_query('SELECT USER();', null, PMA_DBI_QUERY_STORE
);
110 list($mysql_cur_user_and_host) = PMA_DBI_fetch_row($res);
111 $mysql_cur_user = substr($mysql_cur_user_and_host, 0, strrpos($mysql_cur_user_and_host, '@'));
113 $local_query = 'SELECT Create_priv, Reload_priv FROM mysql.user WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($mysql_cur_user), 'quoted') . ' OR ' . PMA_convert_using('User') . ' = ' . PMA_convert_using('', 'quoted') . ';';
114 $rs_usr = PMA_DBI_try_query($local_query, $controllink, PMA_DBI_QUERY_STORE
); // Debug: or PMA_mysqlDie('', $local_query, false);
116 while ($result_usr = PMA_DBI_fetch_assoc($rs_usr)) {
117 if (!$is_create_db_priv) {
118 $is_create_db_priv = ($result_usr['Create_priv'] == 'Y');
120 if (!$is_reload_priv) {
121 $is_reload_priv = ($result_usr['Reload_priv'] == 'Y');
124 PMA_DBI_free_result($rs_usr);
125 unset($rs_usr, $result_usr);
126 if ($is_create_db_priv) {
127 $dbs_where_create_table_allowed[] = '*';
132 // If the user has Create priv on a inexistant db, show him in the dialog
133 // the first inexistant db name that we find, in most cases it's probably
134 // the one he just dropped :)
135 if (!$is_create_db_priv) {
136 $local_query = 'SELECT DISTINCT Db FROM mysql.db WHERE ' . PMA_convert_using('Create_priv') . ' = ' . PMA_convert_using('Y', 'quoted') . ' AND (' . PMA_convert_using('User') . ' = ' .PMA_convert_using(PMA_sqlAddslashes($mysql_cur_user), 'quoted') . ' OR ' . PMA_convert_using('User') . ' = ' . PMA_convert_using('', 'quoted') . ');';
138 $rs_usr = PMA_DBI_try_query($local_query, $controllink, PMA_DBI_QUERY_STORE
);
140 $re0 = '(^|(\\\\\\\\)+|[^\])'; // non-escaped wildcards
141 $re1 = '(^|[^\])(\\\)+'; // escaped wildcards
142 while ($row = PMA_DBI_fetch_assoc($rs_usr)) {
143 $dbs_where_create_table_allowed[] = $row['Db'];
144 if (ereg($re0 . '(%|_)', $row['Db'])
145 ||
(!PMA_DBI_try_query('USE ' . ereg_replace($re1 . '(%|_)', '\\1\\3', $row['Db'])) && substr(PMA_DBI_getError(), 1, 4) != 1044)) {
146 $db_to_create = ereg_replace($re0 . '%', '\\1...', ereg_replace($re0 . '_', '\\1?', $row['Db']));
147 $db_to_create = ereg_replace($re1 . '(%|_)', '\\1\\3', $db_to_create);
148 $is_create_db_priv = true;
152 PMA_DBI_free_result($rs_usr);
153 unset($rs_usr, $row, $re0, $re1);
155 // Finally, let's try to get the user's privileges by using SHOW
157 // Maybe we'll find a little CREATE priv there :)
158 $rs_usr = PMA_DBI_try_query('SHOW GRANTS FOR ' . $mysql_cur_user_and_host . ';', $controllink, PMA_DBI_QUERY_STORE
);
160 // OK, now we'd have to guess the user's hostname, but we
161 // only try out the 'username'@'%' case.
162 $rs_usr = PMA_DBI_try_query('SHOW GRANTS FOR ' . PMA_convert_using(PMA_sqlAddslashes($mysql_cur_user), 'quoted') . ';', $controllink, PMA_DBI_QUERY_STORE
);
166 PMA_analyseShowGrant($rs_usr, $is_create_db_priv, $db_to_create, $is_reload_priv, $dbs_where_create_table_allowed);
167 PMA_DBI_free_result($rs_usr);
172 } // end else (MySQL < 4.1.2)
174 // If disabled, don't show it
175 if (!$cfg['SuggestDBName']) {