search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fixed bug #667682 ("UNSIGNED" option in SET or ENUM).
[phpmyadmin/crack.git] / user_details.php3
blob2e0b6f3c36cef72ada5ad174f16d40d71188ce28
1 <?php
2 /* $Id$*/
3 // vim: expandtab sw=4 ts=4 sts=4:
4
5
6 /**
7 * Gets some core libraries
8 */
9 require('./libraries/grab_globals.lib.php3');
10 require('./libraries/common.lib.php3');
11
12
13 /**
14 * Defines the url to return to in case of error in a sql statement
15 */
16 $err_url = 'user_details.php3?' . PMA_generate_common_url('mysql', 'user');
17
18 /**
19 * Displays the table of grants for an user
20 *
21 * @param mixed the id of the query used to get hosts and databases lists
22 * or an arry containing host and user informations
23 * @param mixed the database to check garnts for, FALSE for all databases
24 *
25 * @return boolean always true
26 *
27 * @global string the current language
28 * @global string the current charset for MySQL
29 * @global integer the server to use (refers to the number in the
30 * configuration file)
31 *
32 * @see PMA_checkDb()
33 *
34 * @TODO "SHOW GRANTS" statements is available and buggyless since
35 * MySQL 3.23.4 and it seems not to return privileges of the anonymous
36 * user while these privileges applies to all users.
37 */
38 function PMA_tableGrants(&$host_db_result, $dbcheck = FALSE) {
39 global $lang, $convcharset, $server;
40 ?>
41
42 <!-- Table of grants -->
43 <table border="<?php echo $GLOBALS['cfg']['Border']; ?>">
44 <tr>
45 <?php
46 // 1. Table headers
47 if ($dbcheck) {
48 echo "\n";
49 echo ' <th>' . $GLOBALS['strAction'] . '</th>' . "\n";
50 echo ' <th>' . $GLOBALS['strHost'] . '</th>' . "\n";
51 echo ' <th>' . $GLOBALS['strUser'] . '</th>';
52 } else {
53 echo "\n";
54 echo ' <th colspan="2">' . $GLOBALS['strAction'] . '</th>';
55 }
56 echo "\n";
57 echo ' <th>' . $GLOBALS['strDatabase'] . '</th>' . "\n";
58 echo ' <th>' . UCFirst($GLOBALS['strTable']) . '</th>' . "\n";
59 echo ' <th>' . $GLOBALS['strPrivileges'] . '</th>' . "\n";
60 if (!$dbcheck) {
61 echo ' <th>' . $GLOBALS['strGrantOption'] . '</th>' . "\n";
62 }
63 ?>
64 </tr>
65 <?php
66 echo "\n";
67
68 // 2. Table body
69 $url_query = PMA_generate_common_url('mysql', 'user');
70
71 while ($row = (is_array($host_db_result) ? $host_db_result : PMA_mysql_fetch_array($host_db_result))) {
72 $local_query = 'SHOW GRANTS FOR \'' . $row['User'] . '\'@\'' . $row['Host'] . '\'';
73 $result = PMA_mysql_query($local_query);
74 $grants_cnt = ($result) ? @mysql_num_rows($result) : 0;
75
76 if ($grants_cnt) {
77 $i = 0;
78 while ($usr_row = PMA_mysql_fetch_row($result)) {
79 if (eregi('GRANT (.*) ON ([^.]+).([^.]+) TO .*$', $usr_row[0], $parts)) {
80 if ($parts[1] == 'USAGE') {
81 $priv = '';
82 } else {
83 // loic1: bug #487673 - revoke 'reference'
84 $priv = ereg_replace('REFERENCE([^S]|$)', 'REFERENCES\\1', trim($parts[1]));
85 // loic1: bug #576896 - No "FILE" privileges on a
86 // database if neither "INSERT" nor "UPDATE" one
87 if (strpos(' ' . $priv, 'FILE')
88 && !(strpos(' ' . $priv, 'INSERT') || strpos(' ' . $priv, 'UPDATE'))) {
89 $priv = ereg_replace('(^FILE(, )?)|(, FILE)', '', $priv);
90 }
91 }
92 $db = $parts[2];
93 $table = trim($parts[3]);
94 $grantopt = eregi('WITH GRANT OPTION$', $usr_row[0]);
95 } else {
96 $priv = '';
97 $db = '&nbsp;';
98 $table = '&nbsp;';
99 $column = '&nbsp;';
100 $grantopt = FALSE;
101 } // end if...else
102
103 // Password Line
104 if ($priv == '' && !$grantopt) {
105 continue;
106 }
107
108 // Checking the database (take into account wildcards)
109 if ($dbcheck
110 && ($db != '*' && $db != $dbcheck)) {
111 // TODO: db names may contain characters that are regexp
112 // instructions
113 $re = '(^|(\\\\\\\\)+|[^\])';
114 $db_regex = ereg_replace($re . '%', '\\1.*', ereg_replace($re . '_', '\\1.{1}', $db));
115 if (!eregi('^' . $db_regex . '$', $dbcheck)) {
116 continue;
117 }
118 } // end if
119
120 $bgcolor = ($i % 2) ? $GLOBALS['cfg']['BgcolorOne'] : $GLOBALS['cfg']['BgcolorTwo'];
121 $revoke_url = 'sql.php3'
122 . '?' . $url_query
123 . '&amp;sql_query=' . urlencode('REVOKE ' . $priv . ' ON ' . PMA_backquote($db) . '.' . PMA_backquote($table) . ' FROM \'' . $row['User'] . '\'@\'' . $row['Host'] . '\'')
124 . '&amp;zero_rows=' . urlencode(sprintf($GLOBALS['strRevokeMessage'], ' <span style="color: #002E80">' . $row['User'] . '@' . $row['Host'] . '</span>') . '<br />' . $GLOBALS['strRememberReload'])
125 . '&amp;goto=user_details.php3';
126 if ($grantopt) {
127 $revoke_grant_url = 'sql.php3'
128 . '?' . $url_query
129 . '&amp;sql_query=' . urlencode('REVOKE GRANT OPTION ON ' . PMA_backquote($db) . '.' . PMA_backquote($table) . ' FROM \'' . $row['User'] . '\'@\'' . $row['Host'] . '\'')
130 . '&amp;zero_rows=' . urlencode(sprintf($GLOBALS['strRevokeGrantMessage'], ' <span style="color: #002E80">' . $row['User'] . '@' . $row['Host'] . '</span>') . '<br />' . $GLOBALS['strRememberReload'])
131 . '&amp;goto=user_details.php3';
132 }
133 ?>
134 <tr>
135 <?php
136 if (!$dbcheck) {
137 if ($priv) {
138 echo "\n";
139 ?>
140 <td<?php if (!$grantopt) echo ' colspan="2"'; ?> bgcolor="<?php echo $bgcolor; ?>">
141 <a href="<?php echo $revoke_url; ?>">
142 <?php echo $GLOBALS['strRevokePriv']; ?></a>
143 </td>
144 <?php
145 }
146 if ($grantopt) {
147 echo "\n";
148 ?>
149 <td<?php if (!$priv) echo ' colspan="2"'; ?> bgcolor="<?php echo $bgcolor; ?>">
150 <a href="<?php echo $revoke_grant_url; ?>">
151 <?php echo $GLOBALS['strRevokeGrant']; ?></a>
152 </td>
153 <?php
154 }
155 } else {
156 if ($priv) {
157 echo "\n";
158 ?>
159 <td bgcolor="<?php echo $bgcolor; ?>">
160 <a href="<?php echo $revoke_url; ?>">
161 <?php echo $GLOBALS['strRevoke']; ?></a>
162 </td>
163 <?php
164 } else {
165 echo "\n";
166 ?>
167 <td bgcolor="<?php echo $bgcolor; ?>">&nbsp;</td>
168 <?php
169 }
170 echo "\n";
171 ?>
172 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo $row['Host']; ?></td>
173 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo ($row['User']) ? $row['User'] : '<span style="color: #FF0000">' . $GLOBALS['strAny'] . '</span>'; ?></td>
174 <?php
175 }
176 echo "\n";
177 ?>
178 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo ($db == '*') ? '<span style="color: #002E80">' . $GLOBALS['strAll'] . '</span>' : $db; ?></td>
179 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo ($table == '*') ? '<span style="color: #002E80">' . $GLOBALS['strAll'] . '</span>' : $table; ?></td>
180 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo ($priv != '') ? $priv : '<span style="color: #002E80">' . $GLOBALS['strNoPrivileges'] . '</span>'; ?></td>
181 <?php
182 if (!$dbcheck) {
183 echo "\n";
184 ?>
185 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo ($grantopt) ? $GLOBALS['strYes'] : $GLOBALS['strNo']; ?></td>
186 <?php
187 }
188 echo "\n";
189 ?>
190 <!-- Debug <td bgcolor="<?php echo $bgcolor; ?>"><?php echo $usr_row[0] ?></td> Debug -->
191 </tr>
192 <?php
193 $i++;
194 echo "\n";
195 } // end while $usr_row
196 } // end if $grants_cnt >0
197 // $host_db_result is an array containing related to only one user
198 // -> exit the loop
199 if (is_array($host_db_result)) {
200 break;
201 }
202 } // end while $row
203 ?>
204 </table>
205 <hr />
206
207 <?php
208 echo "\n";
209
210 return TRUE;
211 } // end of the 'PMA_tableGrants()' function
212
213
214 /**
215 * Displays the list of grants for a/all database/s
216 *
217 * @param mixed the database to check garnts for, FALSE for all databases
218 *
219 * @return boolean true/false in case of success/failure
220 *
221 * @see PMA_tableGrants()
222 */
223 function PMA_checkDb($dbcheck)
224 {
225 $local_query = 'SELECT Host, User FROM mysql.user ORDER BY Host, User';
226 $result = PMA_mysql_query($local_query);
227 $host_usr_cnt = ($result) ? @mysql_num_rows($result) : 0;
228
229 if (!$host_usr_cnt) {
230 return FALSE;
231 }
232 PMA_tableGrants($result, $dbcheck);
233
234 return TRUE;
235 } // end of the 'PMA_checkDb()' function
236
237
238 /**
239 * Displays the privileges part of a page
240 *
241 * @param string the name of the form for js validation
242 * @param array the list of the privileges of the user
243 *
244 * @return boolean always true
245 *
246 * @global integer whether all/none of the privileges have to be checked or
247 * not
248 *
249 * @see PMA_normalOperations()
250 */
251 function PMA_tablePrivileges($form, $row = FALSE)
252 {
253 global $checkpriv;
254
255 $checkpriv_url = $GLOBALS['cfg']['PmaAbsoluteUri']
256 . 'user_details.php3?';
257 if (empty($GLOBALS['QUERY_STRING'])) {
258 if (isset($_SERVER) && !empty($_SERVER['QUERY_STRING'])) {
259 $GLOBALS['QUERY_STRING'] = $_SERVER['QUERY_STRING'];
260 }
261 else if (isset($GLOBALS['HTTP_SERVER_VARS']) && !empty($GLOBALS['HTTP_SERVER_VARS']['QUERY_STRING'])) {
262 $GLOBALS['QUERY_STRING'] = $GLOBALS['HTTP_SERVER_VARS']['QUERY_STRING'];
263 }
264 }
265 if (!empty($GLOBALS['QUERY_STRING'])) {
266 $checkpriv_url .= str_replace('&', '&amp;', $GLOBALS['QUERY_STRING']) . '&amp;';
267 }
268 ?>
269
270 <table>
271 <?php
272 echo "\n";
273 $list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
274 'Shutdown', 'Process', 'File', 'Grant', 'References', 'Index', 'Alter');
275 $item = 0;
276 while ((list(,$priv) = each($list_priv)) && ++$item) {
277 $priv_priv = $priv . '_priv';
278 if (isset($checkpriv)) {
279 $checked = ($checkpriv == 'all') ? ' checked="checked"' : '';
280 } else {
281 $checked = ($row && $row[$priv_priv] == 'Y') ? ' checked="checked"' : '';
282 }
283 if ($item % 2 == 1) {
284 echo ' <tr>' . "\n";
285 } else {
286 echo ' <td>&nbsp;</td>' . "\n";
287 }
288 echo ' <td>' . "\n";
289 echo ' <input type="checkbox" name="' . $priv . '_priv" id="checkbox_priv_' . $priv . '"' . $checked . ' />' . "\n";
290 echo ' </td>' . "\n";
291 echo ' <td><label for="checkbox_priv_' . $priv . '">' . $priv . '</label></td>' . "\n";
292 if ($item % 2 == 0) {
293 echo ' </tr>' . "\n";
294 }
295 } // end while
296 if ($item % 2 == 1) {
297 echo ' <td colspan="2">&nbsp;<td>' . "\n";
298 echo ' </tr>' . "\n";
299 } // end if
300 ?>
301 </table>
302 <table>
303 <tr>
304 <td>
305 <a href="<?php echo $checkpriv_url; ?>checkpriv=all" onclick="checkForm('<?php echo $form; ?>', true); return false">
306 <?php echo $GLOBALS['strCheckAll']; ?></a>
307 </td>
308 <td>&nbsp;</td>
309 <td>
310 <a href="<?php echo $checkpriv_url; ?>checkpriv=none" onclick="checkForm('<?php echo $form; ?>', false); return false">
311 <?php echo $GLOBALS['strUncheckAll']; ?></a>
312 </td>
313 </tr>
314 </table>
315 <?php
316 echo "\n";
317
318 return TRUE;
319 } // end of the 'PMA_tablePrivileges()' function
320
321
322 /**
323 * Displays the page for "normal" operations
324 *
325 * @return boolean always true
326 *
327 * @global string the current language
328 * @global string the current charset for MySQL
329 * @global integer the server to use (refers to the number in the
330 * configuration file)
331 *
332 * @see PMA_tablePrivileges()
333 */
334 function PMA_normalOperations()
335 {
336 global $lang, $convcharset, $server;
337 ?>
338
339 <ul>
340
341 <li>
342 <div style="margin-bottom: 10px">
343 <a href="user_details.php3?<?php echo PMA_generate_common_url('mysql', 'user'); ?>&amp;mode=reload">
344 <?php echo $GLOBALS['strReloadMySQL']; ?></a>&nbsp;
345 <?php echo PMA_showMySQLDocu('MySQL_Database_Administration.', 'FLUSH') . "\n"; ?>
346 </div>
347 </li>
348
349 <li>
350 <form name="dbPrivForm" action="user_details.php3" method="post">
351 <?php echo $GLOBALS['strCheckDbPriv'] . "\n"; ?>
352 <table>
353 <tr>
354 <td>
355 <?php echo $GLOBALS['strDatabase']; ?>&nbsp;:&nbsp;
356 <select name="db">
357 <?php
358 echo "\n";
359 $result = PMA_mysql_query('SHOW DATABASES');
360 if ($result && @mysql_num_rows($result)) {
361 while ($row = PMA_mysql_fetch_row($result)) {
362 echo ' ';
363 echo '<option value="' . str_replace('"', '&quot;', $row[0]) . '">' . htmlspecialchars($row[0]) . '</option>' . "\n";
364 } // end while
365 } // end if
366 ?>
367 </select>
368 <?php echo PMA_generate_common_hidden_inputs(); ?>
369 <input type="hidden" name="check" value="1" />
370 <input type="submit" value="<?php echo $GLOBALS['strGo']; ?>" />
371 </td>
372 </tr>
373 </table>
374 </form>
375 </li>
376
377 <li>
378 <form action="user_details.php3" method="post" name="addUserForm" onsubmit="return checkAddUser()">
379 <?php echo $GLOBALS['strAddUser'] . "\n"; ?>
380 <table>
381 <tr>
382 <td>
383 <input type="radio" name="anyhost" id="radio_anyhost0" checked="checked" />
384 <label for="radio_anyhost0"><?php echo $GLOBALS['strAnyHost']; ?></label>
385 </td>
386 <td>&nbsp;</td>
387 <td>
388 <input type="radio" name="anyhost" id="radio_anyhost1" />
389 <label for="radio_anyhost1"><?php echo $GLOBALS['strHost']; ?></label>&nbsp;:&nbsp;
390 </td>
391 <td>
392 <input type="text" name="host" size="10" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="this.form.anyhost[1].checked = true" />
393 </td>
394 </tr>
395 <tr>
396 <td>
397 <input type="radio" name="anyuser" value="1" id="radio_anyuser1" />
398 <label for="radio_anyuser1"><?php echo $GLOBALS['strAnyUser']; ?></label>
399 </td>
400 <td>&nbsp;</td>
401 <td>
402 <input type="radio" name="anyuser" value="0" id="radio_anyuser0" checked="checked" />
403 <label for="radio_anyuser0"><?php echo $GLOBALS['strUserName']; ?></label>&nbsp;:&nbsp;
404 </td>
405 <td>
406 <input type="text" name="pma_user" size="10" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="this.form.anyuser[1].checked = true" />
407 </td>
408 </tr>
409 <tr>
410 <td>
411 <input type="radio" name="nopass" value="1" id="radio_nopass1" onclick="pma_pw.value = ''; pma_pw2.value = ''; this.checked = true" />
412 <label for="radio_nopass1"><?php echo $GLOBALS['strNoPassword']; ?></label>
413 </td>
414 <td>&nbsp;</td>
415 <td>
416 <input type="radio" name="nopass" value="0" id="radio_nopass0" checked="checked" />
417 <label for="radio_nopass0"><?php echo $GLOBALS['strPassword']; ?></label>&nbsp;:&nbsp;
418 </td>
419 <td>
420 <input type="password" name="pma_pw" size="10" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="nopass[1].checked = true" />
421 &nbsp;&nbsp;
422 <?php echo $GLOBALS['strReType']; ?>&nbsp;:&nbsp;
423 <input type="password" name="pma_pw2" size="10" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="nopass[1].checked = true" />
424 </td>
425 </tr>
426 <tr>
427 <td colspan="4">
428 <br />
429 <?php echo $GLOBALS['strPrivileges']; ?>&nbsp;:
430 <br />
431 </td>
432 </tr>
433 </table>
434 <?php
435 echo "\n";
436 PMA_tablePrivileges('addUserForm');
437 ?>
438 <?php echo PMA_generate_common_hidden_inputs(); ?>
439 <input type="submit" name="submit_addUser" value="<?php echo $GLOBALS['strGo']; ?>" />
440 </form>
441 </li>
442
443 </ul>
444 <?php
445
446 return TRUE;
447 } // end of the 'PMA_normalOperations()' function
448
449
450 /**
451 * Displays the grant operations part of an user properties page
452 *
453 * @param array grants of the current user
454 *
455 * @return boolean always true
456 *
457 * @global string the current language
458 * @global string the current charset for MySQL
459 * @global integer the server to use (refers to the number in the
460 * configuration file)
461 * @global string the host name to check grants for
462 * @global string the username to check grants for
463 * @global string the database to check grants for
464 * @global string the table to check grants for
465 *
466 * @see PMA_tablePrivileges()
467 */
468 function PMA_grantOperations($grants)
469 {
470 global $lang, $convcharset, $server, $host, $pma_user;
471 global $dbgrant, $tablegrant, $newdb;
472 ?>
473
474 <ul>
475
476 <li>
477 <div style="margin-bottom: 10px">
478 <a href="user_details.php3?<?php echo PMA_generate_common_url('mysql', 'user'); ?>">
479 <?php echo $GLOBALS['strBack']; ?></a>
480 </div>
481 </li>
482
483 <li>
484 <form action="user_details.php3" method="post" name="userGrants">
485 <?php echo PMA_generate_common_hidden_inputs(); ?>
486 <input type="hidden" name="grants" value="1" />
487 <input type="hidden" name="host" value="<?php echo str_replace('"', '&quot;', $host); ?>" />
488 <input type="hidden" name="pma_user" value="<?php echo str_replace('"', '&quot;', $pma_user); ?>" />
489
490 <?php echo $GLOBALS['strAddPriv'] . "\n"; ?>
491 <table>
492 <tr>
493 <td>
494 <input type="radio" name="anydb" value="1" id="radio_anydb1"<?php echo ($dbgrant) ? '' : ' checked="checked"'; ?> />
495 <label for="radio_anydb1"><?php echo $GLOBALS['strAnyDatabase']; ?></label>
496 </td>
497 <td>&nbsp;&nbsp;&nbsp;</td>
498 <td>
499 <input type="radio" name="anydb" value="0" id="radio_anydb0"<?php echo ($dbgrant) ? ' checked="checked"' : ''; ?> />
500 <label for="radio_anydb0"><?php echo $GLOBALS['strDatabase']; ?></label><a href="./Documentation.html#underscore" target="documentation" title="<?php echo $GLOBALS['strDocu']; ?>">(*)</a>&nbsp;:&nbsp;
501 </td>
502 <td>
503 <select name="dbgrant" onchange="change(this)">
504 <option></option>
505 <?php
506 echo "\n";
507 // if (!isset($dbgrant)) {
508 // echo ' ';
509 // echo '<option></option>' . "\n";
510 // }
511 $is_selected_db = FALSE;
512 $result = PMA_mysql_query('SHOW DATABASES');
513 if ($result && @mysql_num_rows($result)) {
514 while ($row = PMA_mysql_fetch_row($result)) {
515 $selected = (($row[0] == $dbgrant) ? ' selected="selected"' : '');
516 if (!empty($selected)) {
517 $is_selected_db = TRUE;
518 }
519 echo ' ';
520 echo '<option' . $selected . '>' . $row[0] . '</option>' . "\n";
521 } // end while
522 } // end if
523 ?>
524 </select>
525 </td>
526 <td>
527 &nbsp;
528 <input type="submit" value="<?php echo $GLOBALS['strShowTables']; ?>" />
529 </td>
530 </tr>
531 <tr>
532 <td>
533 <input type="radio" name="anytable" value="1" id="radio_anytable1"<?php echo ($tablegrant) ? '' : ' checked="checked"'; ?> />
534 <label for="radio_anytable1"><?php echo $GLOBALS['strAnyTable']; ?></label>
535 </td>
536 <td>&nbsp;&nbsp;&nbsp;</td>
537 <td>
538 <input type="radio" name="anytable" value="0" id="radio_anytable0"<?php echo ($tablegrant) ? ' checked="checked"' : ''; ?> />
539 <label for="radio_anytable0"><?php echo $GLOBALS['strTable']; ?></label>&nbsp;:&nbsp;
540 </td>
541 <td>
542 <select name="tablegrant" onchange="change(this)">
543 <option></option>
544 <?php
545 echo "\n";
546 // if (!isset($tablegrant)) {
547 // echo ' ';
548 // echo '<option></option>' . "\n";
549 // }
550 if (isset($dbgrant)) {
551 $result = PMA_mysql_query('SHOW TABLES FROM ' . PMA_backquote($dbgrant));
552 if ($result && @mysql_num_rows($result)) {
553 while ($row = PMA_mysql_fetch_row($result)) {
554 $selected = ((isset($tablegrant) && $row[0] == $tablegrant) ? ' selected="selected"' : '');
555 echo ' ';
556 echo '<option' . $selected . '>' . $row[0] . '</option>' . "\n";
557 } // end while
558 } // end if
559 } // end if
560 ?>
561 </select>
562 </td>
563 <td>
564 &nbsp;
565 <input type="submit" value="<?php echo $GLOBALS['strShowCols']; ?>" />
566 </td>
567 </tr>
568 <tr>
569 <td valign="top">
570 <input type="radio" name="anycolumn" value="1" id="radio_anycolumn1" checked="checked" />
571 <label for="radio_anycolumn1"><?php echo $GLOBALS['strAnyColumn']; ?></label>
572 </td>
573 <td>&nbsp;&nbsp;&nbsp;</td>
574 <td valign="top">
575 <input type="radio" name="anycolumn" value="0" id="radio_anycolumn0" />
576 <label for="radio_anycolumn0"><?php echo $GLOBALS['strColumn']; ?></label>&nbsp;:&nbsp;
577 </td>
578 <td>
579 <?php
580 echo "\n";
581 if (!isset($dbgrant) || !isset($tablegrant)) {
582 echo ' ' . '<select name="colgrant[]">' . "\n";
583 echo ' ' . '<option></option>' . "\n";
584 echo ' ' . '</select>' . "\n";
585 }
586 else {
587 $result = PMA_mysql_query('SHOW COLUMNS FROM ' . PMA_backquote($tablegrant) . ' FROM ' . PMA_backquote($dbgrant));
588 if ($result && @mysql_num_rows($result)) {
589 echo ' '
590 . '<select name="colgrant[]" multiple="multiple" onchange="anycolumn[1].checked = true">' . "\n";
591 while ($row = PMA_mysql_fetch_row($result)) {
592 echo ' ';
593 echo '<option value="' . str_replace('"', '&quot;', $row[0]) . '">' . $row[0] . '</option>' . "\n";
594 } // end while
595 } else {
596 echo ' ' . '<select name="colgrant[]">' . "\n";
597 echo ' ' . '<option></option>' . "\n";
598 } // end if... else...
599 echo ' '
600 . '</select>' . "\n";
601 } // end if... else
602 ?>
603 </td>
604 <td></td>
605 </tr>
606 <tr>
607 <td colspan="5">
608 <i><?php echo $GLOBALS['strOr']; ?></i>
609 </td>
610 </tr>
611 <tr>
612 <td colspan="5">
613 <?php echo $GLOBALS['strDatabaseWildcard'] . "\n"; ?>&nbsp;
614 <input type="text" name="newdb" value="<?php echo ((!$is_selected_db && !empty($pma_user)) ? $pma_user . '%' : ''); ?>" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="change(this)" />
615 </td>
616 <tr>
617 </table>
618
619 <table>
620 <tr>
621 <td>
622 <br />
623 <?php echo $GLOBALS['strPrivileges']; ?>&nbsp;:&nbsp;
624 <br />
625 </td>
626 </tr>
627 </table>
628 <?php
629 echo "\n";
630 PMA_tablePrivileges('userGrants', $grants);
631 ?>
632 <input type="submit" name="upd_grants" value="<?php echo $GLOBALS['strGo']; ?>" />
633 </form>
634 </li>
635
636 </ul>
637 <?php
638 echo "\n";
639
640 return TRUE;
641 } // end of the 'PMA_grantOperations()' function
642
643
644 /**
645 * Displays the page to edit operations
646 *
647 * @param string the host name to check grants for
648 * @param string the user name to check grants for
649 *
650 * @return boolean always true
651 *
652 * @global string the current language
653 * @global string the current charset for MySQL
654 * @global integer the server to use (refers to the number in the
655 * configuration file)
656 *
657 * @see PMA_tablePrivileges()
658 */
659 function PMA_editOperations($host, $user)
660 {
661 global $lang, $convcharset, $server;
662
663 $result = PMA_mysql_query('SELECT * FROM mysql.user WHERE User = \'' . PMA_sqlAddslashes($user) . '\' AND Host = \'' . PMA_sqlAddslashes($host) . '\'');
664 $rows = ($result) ? @mysql_num_rows($result) : 0;
665
666 if (!$rows) {
667 return FALSE;
668 }
669
670 $row = PMA_mysql_fetch_array($result);
671 ?>
672
673 <ul>
674
675 <li>
676 <div style="margin-bottom: 10px">
677 <a href="user_details.php3?<?php echo PMA_generate_common_url('mysql', 'user'); ?>">
678 <?php echo $GLOBALS['strBack']; ?></a>
679 </div>
680 </li>
681
682 <li>
683 <form action="user_details.php3" method="post" name="updUserForm" onsubmit="return checkUpdProfile()">
684 <?php echo $GLOBALS['strUpdateProfile'] . "\n"; ?>
685 <table>
686 <tr>
687 <td>
688 <input type="radio" value="1" name="anyhost" id="radio_anyhost1"<?php if ($host == '' || $host == '%') echo ' checked="checked"'; ?> />
689 <label for="radio_anyhost1"><?php echo $GLOBALS['strAnyHost']; ?></label>
690 </td>
691 <td>&nbsp;</td>
692 <td>
693 <input type="radio" value="0" name="anyhost" id="radio_anyhost0"<?php if ($host != '' && $host != '%') echo ' checked="checked"'; ?> />
694 <label for="radio_anyhost0"><?php echo $GLOBALS['strHost']; ?></label>&nbsp;:&nbsp;
695 </td>
696 <td>
697 <input type="text" name="new_server" size="10" value="<?php echo str_replace('"', '&quot;', $host); ?>" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="this.form.anyhost[1].checked = true" />
698 </td>
699 </tr>
700 <tr>
701 <td>
702 <input type="radio" value="1" name="anyuser" id="radio_anyuser1"<?php if ($user == '') echo ' checked="checked"'; ?> />
703 <label for="radio_anyuser1"><?php echo $GLOBALS['strAnyUser']; ?></label>
704 </td>
705 <td>&nbsp;</td>
706 <td>
707 <input type="radio" value="0" name="anyuser" id="radio_anyuser0"<?php if ($user != '') echo ' checked="checked"'; ?> />
708 <label for="radio_anyuser0"><?php echo $GLOBALS['strUserName']; ?></label>&nbsp;:&nbsp;
709 </td>
710 <td>
711 <input type="text" name="new_user" size="10" value="<?php echo str_replace('"', '&quot;', $user); ?>" class="textfield" <?php echo $GLOBALS['chg_evt_handler']; ?>="this.form.anyuser[1].checked = true" />
712 </td>
713 </tr>
714 <tr>
715 <td>
716 <input type="radio" name="nopass" value="-1" id="radio_nopass-1" checked="checked" onclick="new_pw.value = ''; new_pw2.value = ''; this.checked = true" />
717 <label for="radio_nopass-1"><?php echo $GLOBALS['strKeepPass']; ?></label>
718 </td>
719 <td colspan="3">&nbsp;</td>
720 </tr>
721 <tr>
722 <td colspan="4" align="<?php echo $GLOBALS['cell_align_left']; ?>">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<?php echo $GLOBALS['strOr']; ?></td>
723 </tr>
724 <tr>
725 <td>
726 <input type="radio" name="nopass" value="1" id="radio_nopass1" onclick="new_pw.value = ''; new_pw2.value = ''; this.checked = true" />
727 <label for="radio_nopass1"><?php echo $GLOBALS['strNoPassword']; ?></label>
728 </td>
729 <td>&nbsp;</td>
730 <td>
731 <input type="radio" name="nopass" value="0" id="radio_nopass0" />
732 <label for="radio_nopass0"><?php echo $GLOBALS['strPassword']; ?></label>&nbsp;:&nbsp;
733 </td>
734 <td>
735 <input type="password" name="new_pw" size="10" <?php echo $GLOBALS['chg_evt_handler']; ?>="nopass[2].checked = true" />
736 &nbsp;&nbsp;
737 <?php echo $GLOBALS['strReType']; ?>&nbsp;:&nbsp;
738 <input type="password" name="new_pw2" size="10" <?php echo $GLOBALS['chg_evt_handler']; ?>="nopass[2].checked = true" />
739 </td>
740 </tr>
741 </table>
742 <?php echo PMA_generate_common_hidden_inputs(); ?>
743 <input type="hidden" name="host" value="<?php echo str_replace('"', '&quot;', $host); ?>" />
744 <input type="hidden" name="pma_user" value="<?php echo str_replace('"', '&quot;', $user); ?>" />
745 <input type="submit" name="submit_updProfile" value="<?php echo $GLOBALS['strGo']; ?>" />
746 </form>
747 </li>
748
749 <li>
750 <form action="user_details.php3" method="post" name="privForm">
751 <?php echo $GLOBALS['strEditPrivileges'] . "\n"; ?>
752 <?php
753 PMA_tablePrivileges('privForm', $row);
754 echo "\n";
755 ?>
756 <?php echo PMA_generate_common_hidden_inputs(); ?>
757 <input type="hidden" name="host" value="<?php echo str_replace('"', '&quot;', $host); ?>" />
758 <input type="hidden" name="pma_user" value="<?php echo str_replace('"', '&quot;', $user); ?>" />
759 <input type="submit" name="submit_chgPriv" value="<?php echo $GLOBALS['strGo']; ?>" />
760 </form>
761 </li>
762
763 </ul>
764 <?php
765 echo "\n";
766
767 return TRUE;
768 } // end of the 'PMA_editOperations()' function
769
770
771 /**
772 * Displays the table of the users
773 *
774 * @param string the host name
775 * @param string the user name
776 *
777 * @return boolean always true
778 *
779 * @global string the current language
780 * @global string the current charset for MySQL
781 * @global integer the server to use (refers to the number in the
782 * configuration file)
783 */
784 function PMA_tableUsers($host = FALSE, $user = FALSE)
785 {
786 global $lang, $convcharset, $server;
787
788 $local_query = 'SELECT * FROM mysql.user ';
789 if ($host || $user) {
790 $local_query .= ' WHERE 1 ';
791 }
792 if ($host) {
793 $local_query .= ' AND Host = \'' . PMA_sqlAddslashes($host) . '\'';
794 $local_query .= ' AND User = \'' . PMA_sqlAddslashes($user) . '\'';
795 }
796 $local_query .= ' ORDER BY Host, User';
797 $result = PMA_mysql_query($local_query);
798 $rows = ($result) ? @mysql_num_rows($result) : 0;
799
800 if (!$rows) {
801 return FALSE;
802 }
803
804 echo '<i>' . $GLOBALS['strEnglishPrivileges'] . '</i><br />' . "\n";
805 echo '<table border="' . $GLOBALS['cfg']['Border'] . '">' . "\n";
806 echo '<tr>' . "\n";
807 echo ' <th colspan="'. (($user) ? '2' : '3') . '">' . $GLOBALS['strAction'] . '</th>' . "\n";
808 echo ' <th>' . $GLOBALS['strHost'] . '</th>' . "\n";
809 echo ' <th>' . $GLOBALS['strUser'] . '</th>' . "\n";
810 echo ' <th>' . $GLOBALS['strPassword'] . '</th>' . "\n";
811 echo ' <th>' . $GLOBALS['strPrivileges'] . '</th>' . "\n";
812 echo '</tr>' . "\n";
813
814 $i = 0;
815 while ($row = PMA_mysql_fetch_array($result)) {
816
817 $bgcolor = ($i % 2) ? $GLOBALS['cfg']['BgcolorOne'] : $GLOBALS['cfg']['BgcolorTwo'];
818
819 $strPriv = '';
820 if ($row['Select_priv'] == 'Y') {
821 $strPriv .= 'Select ';
822 }
823 if ($row['Insert_priv'] == 'Y') {
824 $strPriv .= 'Insert ';
825 }
826 if ($row['Update_priv'] == 'Y') {
827 $strPriv .= 'Update ';
828 }
829 if ($row['Delete_priv'] == 'Y') {
830 $strPriv .= 'Delete ';
831 }
832 if ($row['Create_priv'] == 'Y') {
833 $strPriv .= 'Create ';
834 }
835 if ($row['Drop_priv'] == 'Y') {
836 $strPriv .= 'Drop ';
837 }
838 if ($row['Reload_priv'] == 'Y') {
839 $strPriv .= 'Reload ';
840 }
841 if ($row['Shutdown_priv'] == 'Y') {
842 $strPriv .= 'Shutdown ';
843 }
844 if ($row['Process_priv'] == 'Y') {
845 $strPriv .= 'Process ';
846 }
847 if ($row['File_priv'] == 'Y') {
848 $strPriv .= 'File ';
849 }
850 if ($row['Grant_priv'] == 'Y') {
851 $strPriv .= 'Grant ';
852 }
853 if ($row['References_priv'] == 'Y') {
854 $strPriv .= 'References ';
855 }
856 if ($row['Index_priv'] == 'Y') {
857 $strPriv .= 'Index ';
858 }
859 if ($row['Alter_priv'] == 'Y') {
860 $strPriv .= 'Alter ';
861 }
862 if ($strPriv == '') {
863 $strPriv = '<span style="color: #002E80">' . $GLOBALS['strNoPrivileges'] . '</span>';
864 }
865
866 $query = PMA_generate_common_url('mysql', 'user');
867 if (!$user) {
868 $edit_url = 'user_details.php3?'
869 . PMA_generate_common_url()
870 . '&amp;edit=1&amp;host=' . urlencode($row['Host']) . '&amp;pma_user=' . urlencode($row['User']);
871 }
872 $delete_url = 'user_details.php3?'
873 . $query
874 . '&amp;delete=1&amp;confirm=1&amp;delete_host=' . urlencode($row['Host']) . '&amp;delete_user=' . urlencode($row['User']);
875 $check_url = 'user_details.php3?'
876 . PMA_generate_common_url()
877 . '&amp;grants=1&amp;host=' . urlencode($row['Host']) . '&amp;pma_user=' . urlencode($row['User']);
878 ?>
879
880 <tr>
881 <?php
882 if (!$user) {
883 echo "\n";
884 ?>
885 <td bgcolor="<?php echo $bgcolor;?>">
886 <a href="<?php echo $edit_url; ?>">
887 <?php echo $GLOBALS['strEdit']; ?></a>
888 </td>
889 <?php
890 }
891 echo "\n";
892 ?>
893 <td bgcolor="<?php echo $bgcolor;?>">
894 <a href="<?php echo $delete_url; ?>">
895 <?php echo $GLOBALS['strDelete']; ?></a>
896 </td>
897 <td bgcolor="<?php echo $bgcolor;?>">
898 <a href="<?php echo $check_url; ?>">
899 <?php echo $GLOBALS['strGrants']; ?></a>
900 </td>
901 <!--
902 <td bgcolor="<?php echo $bgcolor;?>">
903 <a href="<?php echo (($check_url != '') ? $check_url : '#'); ?>">
904 <?php echo $GLOBALS['strGrants']; ?></a>
905 </td>
906 //-->
907 <td bgcolor="<?php echo $bgcolor;?>">
908 <?php echo $row['Host'] . "\n"; ?>
909 </td>
910 <td bgcolor="<?php echo $bgcolor;?>">
911 <?php echo (($row['User']) ? '<b>' . $row['User'] . '</b>' : '<span style="color: #FF0000">' . $GLOBALS['strAny'] . '</span>') . "\n"; ?>
912 </td>
913 <td bgcolor="<?php echo $bgcolor;?>">
914 <?php echo (($row[$GLOBALS['password_field']]) ? $GLOBALS['strYes'] : '<span style="color: #FF0000">' . $GLOBALS['strNo'] . '</span>') . "\n"; ?>
915 </td>
916 <td bgcolor="<?php echo $bgcolor;?>">
917 <?php echo $strPriv . "\n"; ?>
918 </td>
919 </tr>
920 <?php
921 echo "\n";
922 $i++;
923 } // end while
924
925 echo "\n";
926 ?>
927 </table>
928 <hr />
929 <?php
930 echo "\n";
931
932 return TRUE;
933 } // end of the 'PMA_tableUsers()' function
934
935
936 /**
937 * Displays a confirmation form
938 *
939 * @param string the host name and...
940 * @param string ... the username to delete
941 *
942 * @global string the current language
943 * @global string the current charset for MySQL
944 * @global integer the server to use (refers to the number in the
945 * configuration file)
946 */
947 function PMA_confirm($the_host, $the_user) {
948 global $lang, $convcharset, $server;
949
950 if (get_magic_quotes_gpc() == 1) {
951 $the_host = stripslashes($the_host);
952 $the_user = stripslashes($the_user);
953 }
954
955 echo $GLOBALS['strConfirm'] . '&nbsp;:&nbsp<br />' . "\n";
956 echo 'DELETE FROM mysql.user WHERE Host = \'' . $the_host . '\' AND User = \'' . $the_user . '\'' . '<br />' . "\n";
957 ?>
958 <form action="user_details.php3" method="post">
959 <?php echo PMA_generate_common_hidden_inputs('mysql', 'user'); ?>
960 <input type="hidden" name="delete" value="<?php echo(isset($GLOBALS['delete']) ? '1' : '0'); ?>" />
961 <input type="hidden" name="delete_host" value="<?php echo str_replace('"', '&quot;', $the_host); ?>" />
962 <input type="hidden" name="delete_user" value="<?php echo str_replace('"', '&quot;', $the_user); ?>" />
963 <input type="submit" name="btnConfirm" value="<?php echo $GLOBALS['strYes']; ?>" />
964 <input type="submit" name="btnConfirm" value="<?php echo $GLOBALS['strNo']; ?>" />
965 </form>
966 <?php
967 echo "\n";
968
969 include('./footer.inc.php3');
970 } // end of the 'PMA_confirm()' function
971
972
973
974 /**
975 * Ensures the user is super-user and gets the case sensitive password field
976 * name
977 */
978 $result = @PMA_mysql_query('USE mysql');
979 if (PMA_mysql_error()) {
980 include('./header.inc.php3');
981 echo '<p><b>' . $strError . '</b></p>' . "\n";
982 echo '<p>&nbsp;&nbsp;&nbsp;&nbsp;' . $strNoRights . '</p>' . "\n";
983 include('./footer.inc.php3');
984 exit();
985 }
986 // The previous logic did not work if the password field is named "password":
987 //$result = @PMA_mysql_query('SELECT COUNT(Password) FROM mysql.user');
988 //$password_field = (($result && PMA_mysql_result($result, 0)) ? 'Password' : 'password');
989
990 // using a syntax that works with older and recent MySQL,
991 // and assumes that the field name ends with "assword":
992 $result = @PMA_mysql_query('SHOW FIELDS FROM user FROM mysql LIKE \'%assword\'');
993 if ($result) {
994 $password_field = PMA_mysql_result($result, 0);
995 }
996
997 /**
998 * Autocomplete feature of IE kills the "onchange" event handler and it must be
999 * replaced by the "onpropertychange" one in this case
1000 */
1001 $chg_evt_handler = (PMA_USR_BROWSER_AGENT == 'IE' && PMA_USR_BROWSER_VER >= 5)
1002 ? 'onpropertychange'
1003 : 'onchange';
1004
1005
1006 /**
1007 * Displays headers
1008 */
1009 if (isset($db)) {
1010 $db_bkp = (get_magic_quotes_gpc() ? stripslashes($db) : $db);
1011 unset($db);
1012 }
1013 if (isset($table)) {
1014 $table_bkp = (get_magic_quotes_gpc() ? stripslashes($table) : $table);
1015 unset($table);
1016 }
1017 if (get_magic_quotes_gpc()) {
1018 if (!empty($host)) {
1019 $host = stripslashes($host);
1020 }
1021 if (!empty($pma_user)) {
1022 $pma_user = stripslashes($pma_user);
1023 }
1024 }
1025
1026 if (!isset($message)) {
1027 $js_to_run = 'user_details.js';
1028 include('./header.inc.php3');
1029 }
1030 if (!isset($submit_updProfile)) {
1031 echo '<h1>' . "\n";
1032 echo ' ' . ((!isset($host) || $host == '') ? $strAnyHost : $strHost . ' ' . $host) . ' - ' . ((!isset($pma_user) || $pma_user == '') ? $strAnyUser : $strUser . ' ' . $pma_user) . "\n";
1033 echo '</h1>';
1034 }
1035 if (isset($message)) {
1036 $show_query = '1';
1037 PMA_showMessage($message);
1038 }
1039
1040 if (isset($db_bkp)) {
1041 $db = $db_bkp;
1042 unset($db_bkp);
1043 }
1044 if (isset($table_bkp)) {
1045 $table = $table_bkp;
1046 unset($table_bkp);
1047 }
1048
1049
1050 /**
1051 * Some actions has been submitted
1052 */
1053 // Confirms an action
1054 if (isset($confirm) && $confirm) {
1055 PMA_confirm($delete_host, $delete_user);
1056 exit();
1057 }
1058
1059 // Reloads mysql
1060 else if (($server > 0) && isset($mode) && ($mode == 'reload')) {
1061 $result = PMA_mysql_query('FLUSH PRIVILEGES');
1062 if ($result != 0) {
1063 echo '<p><b>' . $strMySQLReloaded . '</b></p>' . "\n";
1064 } else {
1065 echo '<p><b>' . $strReloadFailed . '</b></p>' . "\n";
1066 }
1067 }
1068
1069 // Deletes an user
1070 else if (isset($delete) && $delete
1071 && isset($btnConfirm) && $btnConfirm == $strYes) {
1072 if (get_magic_quotes_gpc()) {
1073 $delete_host = stripslashes($delete_host);
1074 $delete_user = stripslashes($delete_user);
1075 }
1076 $common_where = ' WHERE Host = \'' . PMA_sqlAddslashes($delete_host) . '\' AND User = \'' . PMA_sqlAddslashes($delete_user) . '\'';
1077
1078 // Delete Grants First!
1079 $sql_query = 'DELETE FROM mysql.db' . $common_where;
1080 $sql_query_cpy = $sql_query;
1081 PMA_mysql_query($sql_query);
1082 $sql_query = 'DELETE FROM mysql.tables_priv' . $common_where;
1083 $sql_query_cpy .= ";\n" . $sql_query;
1084 PMA_mysql_query($sql_query);
1085 $sql_query = 'DELETE FROM mysql.columns_priv' . $common_where;
1086 $sql_query_cpy .= ";\n" . $sql_query;
1087 PMA_mysql_query($sql_query);
1088
1089 $sql_query = 'DELETE FROM mysql.user' . $common_where;
1090 $sql_query_cpy .= ";\n" . $sql_query;
1091 $result = PMA_mysql_query($sql_query);
1092
1093 $sql_query = $sql_query_cpy;
1094 unset($sql_query_cpy);
1095 if ($result) {
1096 PMA_showMessage(sprintf($strDeleteUserMessage, '<span style="color: #002E80">' . $delete_user . '@' . $delete_host . '</span>') . '<br />' . $strRememberReload);
1097 } else {
1098 PMA_showMessage($strDeleteFailed);
1099 }
1100 }
1101
1102 // Adds an user
1103 else if (isset($submit_addUser)) {
1104 $show_query = '1';
1105 if (!isset($host) || $host == '') {
1106 $host = '%';
1107 }
1108 //if (!isset($pma_user) || $pma_user == '') {
1109 // $pma_user = '%';
1110 //}
1111 if (isset($anyuser) && $anyuser=="1") {
1112 $pma_user = '';
1113
1114 // this is for the case where js is disabled, so they did not get
1115 // the error before submitting
1116 } else if (isset($pma_user) && empty($pma_user)) {
1117 echo '<p><b>' . $strError . '&nbsp;:&nbsp;' . $strUserEmpty . '</b></p>' . "\n";
1118 unset($host);
1119 unset($pma_user);
1120 $forgot_checkbox_any_user = TRUE;
1121 }
1122
1123 // Password is not confirmed
1124 if ((!isset($nopass) || !$nopass) && $pma_pw == '') {
1125 echo '<p><b>' . $strError . '&nbsp;:&nbsp;' . $strPasswordEmpty . '</b></p>' . "\n";
1126 unset($host);
1127 unset($pma_user);
1128 }
1129 else if ($pma_pw != ''
1130 && (!isset($pma_pw2) || $pma_pw != $pma_pw2)) {
1131 echo '<p><b>' . $strError . '&nbsp;:&nbsp;' . $strPasswordNotSame . '</b></p>' . "\n";
1132 unset($host);
1133 unset($pma_user);
1134 }
1135
1136 // Password confirmed
1137 else if (!isset($forgot_checkbox_any_user)) {
1138 $sql_query = '';
1139 $list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
1140 'Shutdown', 'Process', 'File', 'Grant', 'References', 'Index', 'Alter');
1141 for ($i = 0; $i < 14; $i++) {
1142 $priv_name = $list_priv[$i] . '_priv';
1143 if (isset($$priv_name)) {
1144 $sql_query .= (empty($sql_query) ? $priv_name : ', ' . $priv_name) . ' = \'Y\'';
1145 } else {
1146 $sql_query .= (empty($sql_query) ? $priv_name : ', ' . $priv_name) . ' = \'N\'';
1147 }
1148 } // end for
1149 unset($list_priv);
1150
1151 if (get_magic_quotes_gpc() && $pma_pw != '') {
1152 $pma_pw = stripslashes($pma_pw);
1153 }
1154
1155 $local_query = 'INSERT INTO mysql.user '
1156 . 'SET Host = \'' . PMA_sqlAddslashes($host) . '\', User = \'' . PMA_sqlAddslashes($pma_user) . '\', ' . $password_field . ' = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . PMA_sqlAddslashes($pma_pw) . '\')')
1157 . ', ' . $sql_query;
1158 $sql_query = 'INSERT INTO mysql.user '
1159 . 'SET Host = \'' . PMA_sqlAddslashes($host) . '\', User = \'' . PMA_sqlAddslashes($pma_user) . '\', ' . $password_field . ' = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . ereg_replace('.', '*', $pma_pw) . '\')')
1160 . ', ' . $sql_query;
1161 $result = @PMA_mysql_query($local_query) or PMA_mysqlDie('', '', FALSE, $err_url);
1162 unset($host);
1163 unset($pma_user);
1164 PMA_showMessage($strAddUserMessage . '<br />' . $strRememberReload);
1165 } // end else
1166 }
1167
1168 // Updates the profile of an user
1169 else if (isset($submit_updProfile)) {
1170 $show_query = '1';
1171 $edit = TRUE;
1172 if (!isset($host) || $host == '') {
1173 $host = '%';
1174 }
1175 //if (!isset($pma_user) || $pma_user == '') {
1176 // $pma_user = '%';
1177 //}
1178 if (!isset($pma_user)) {
1179 $pma_user = '';
1180 }
1181
1182 // Builds the sql query
1183 $common_upd = '';
1184
1185 if (isset($anyhost) && $anyhost) {
1186 $new_server = '%';
1187 } else if ($new_server != '' && get_magic_quotes_gpc()) {
1188 $new_server = stripslashes($new_server);
1189 }
1190 if ($new_server != '' && $new_server != $host) {
1191 $common_upd .= 'Host = \'' . PMA_sqlAddslashes($new_server) . '\'';
1192 } else if (isset($new_server)) {
1193 unset($new_server);
1194 }
1195 if (isset($anyuser) && $anyuser=="1") {
1196 //$new_user = '%';
1197 // anonymous user must be empty, not %
1198 $new_user = '';
1199 } else if ($new_user != '' && get_magic_quotes_gpc()) {
1200 $new_user = stripslashes($new_user);
1201 }
1202 //if ($new_user != '' && $new_user != $pma_user) {
1203 if ($new_user != $pma_user) {
1204 $common_upd .= (empty($common_upd) ? '' : ', ')
1205 . 'User = \'' . PMA_sqlAddslashes($new_user) . '\'';
1206 } else if (isset($new_user)) {
1207 unset($new_user);
1208 }
1209
1210 if (isset($nopass) && $nopass == -1) {
1211 $sql_query = $common_upd;
1212 $local_query = $common_upd;
1213 }
1214 else if ((!isset($nopass) || $nopass == 0) && $new_pw == '') {
1215 echo '<h1>' . "\n";
1216 echo ' ' . $strHost . ' ' . $host . ' - ' . $strUser . ' ' . (($pma_user != '') ? $pma_user : $strAny) . "\n";
1217 echo '</h1>' . "\n";
1218 echo '<p><b>' . $strError . '&nbsp;:&nbsp;' . $strPasswordEmpty . '</b></p>' . "\n";
1219 }
1220 else if ($new_pw != ''
1221 && (!isset($new_pw2) || $new_pw != $new_pw2)) {
1222 echo '<h1>' . "\n";
1223 echo ' ' . $strHost . ' ' . $host . ' - ' . $strUser . ' ' . (($pma_user != '') ? $pma_user : $strAny) . "\n";
1224 echo '</h1>' . "\n";
1225 echo '<p><b>' . $strError . '&nbsp;:&nbsp;' . $strPasswordNotSame . '</b></p>' . "\n";
1226 }
1227 else {
1228 $sql_query = (empty($common_upd) ? '' : $common_upd . ', ')
1229 . $password_field . ' = ' . (($new_pw == '') ? '\'\'' : 'PASSWORD(\'' . ereg_replace('.', '*', $new_pw) . '\')');
1230 $local_query = (empty($common_upd) ? '' : $common_upd . ', ')
1231 . $password_field . ' = ' . (($new_pw == '') ? '\'\'' : 'PASSWORD(\'' . PMA_sqlAddslashes($new_pw) . '\')');
1232 }
1233
1234 if (!empty($sql_query)) {
1235 $common_where = ' WHERE Host = \'' . PMA_sqlAddslashes($host) . '\' AND User = \'' . PMA_sqlAddslashes($pma_user) . '\'';
1236 // Updates profile
1237 $local_query = 'UPDATE user SET ' . $local_query . $common_where;
1238 $sql_query_cpy = 'UPDATE user SET ' . $sql_query . $common_where;
1239 $result = @PMA_mysql_query($local_query) or PMA_mysqlDie('', '', FALSE, $err_url . '&amp;host=' . urlencode($host) . '&amp;pma_user=' . urlencode($pma_user) . '&amp;edit=1');
1240
1241 // Updates grants
1242 if (isset($new_server) || isset($new_user)) {
1243 $sql_query = 'UPDATE mysql.db SET ' . $common_upd . $common_where;
1244 $sql_query_cpy .= ";\n" . $sql_query;
1245 PMA_mysql_query($sql_query);
1246 $sql_query = 'UPDATE mysql.tables_priv SET ' . $common_upd . $common_where;
1247 $sql_query_cpy .= ";\n" . $sql_query;
1248 PMA_mysql_query($sql_query);
1249 $sql_query = 'UPDATE mysql.columns_priv SET ' . $common_upd . $common_where;
1250 $sql_query_cpy .= ";\n" . $sql_query;
1251 PMA_mysql_query($sql_query);
1252 unset($common_upd);
1253 }
1254
1255 $sql_query = $sql_query_cpy;
1256 unset($sql_query_cpy);
1257 if (isset($new_server)) {
1258 $host = $new_server;
1259 }
1260 if (isset($new_user)) {
1261 $pma_user = $new_user;
1262 }
1263 echo '<h1>' . "\n";
1264 echo ' ' . $strHost . ' ' . $host . ' - ' . $strUser . ' ' . (($pma_user != '') ? $pma_user : $strAny) . "\n";
1265 echo '</h1>' . "\n";
1266 PMA_showMessage($strUpdateProfileMessage . '<br />' . $strRememberReload);
1267 } else {
1268 echo '<h1>' . "\n";
1269 echo ' ' . $strHost . ' ' . $host . ' - ' . $strUser . ' ' . (($pma_user != '') ? $pma_user : $strAny) . "\n";
1270 echo '</h1>' . "\n";
1271 PMA_showMessage($strNoModification);
1272 }
1273 }
1274
1275 // Changes the privileges of an user
1276 else if (isset($submit_chgPriv)) {
1277 $show_query = '1';
1278 $edit = TRUE;
1279 if (!isset($host) || $host == '') {
1280 $host = '%';
1281 }
1282 if (!isset($pma_user) || $pma_user == '') {
1283 $pma_user = '%';
1284 }
1285
1286 $sql_query = '';
1287 $list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
1288 'Shutdown', 'Process', 'File', 'Grant', 'References', 'Index', 'Alter');
1289 for ($i = 0; $i < 14; $i++) {
1290 $priv_name = $list_priv[$i] . '_priv';
1291 if (isset($$priv_name)) {
1292 $sql_query .= (empty($sql_query) ? $priv_name : ', ' . $priv_name) . ' = \'Y\'';
1293 } else {
1294 $sql_query .= (empty($sql_query) ? $priv_name : ', ' . $priv_name) . ' = \'N\'';
1295 }
1296 } // end for
1297 unset($list_priv);
1298
1299 $sql_query = 'UPDATE user SET '
1300 . $sql_query
1301 . ' WHERE Host = \'' . PMA_sqlAddslashes($host) . '\' AND User = \'' . PMA_sqlAddslashes($pma_user) . '\'';
1302 $result = @PMA_mysql_query($sql_query) or PMA_mysqlDie('', '', FALSE, $err_url . '&amp;host=' . urlencode($host) . '&amp;pma_user=' . urlencode($pma_user) . '&amp;edit=1');
1303 PMA_showMessage(sprintf($strUpdatePrivMessage, '<span style="color: #002E80">' . $pma_user . '@' . $host . '</span>') . '<br />' . $strRememberReload);
1304 }
1305
1306 // Revoke/Grant privileges
1307 else if (isset($grants) && $grants) {
1308 $show_query = '1';
1309 if (!isset($host) || $host == '') {
1310 $host = '%';
1311 }
1312 if (!isset($pma_user) || $pma_user == '') {
1313 $pma_user = '%';
1314 }
1315
1316 if (isset($upd_grants)) {
1317 $sql_query = '';
1318 $col_list = '';
1319
1320 if (isset($colgrant) && !$anycolumn && !$newdb) {
1321 $colgrant_cnt = count($colgrant);
1322 for ($i = 0; $i < $colgrant_cnt; $i++) {
1323 if (get_magic_quotes_gpc()) {
1324 $colgrant[$i] = stripslashes($colgrant[$i]);
1325 }
1326 $col_list .= (empty($col_list) ? PMA_backquote($colgrant[$i]) : ', ' . PMA_backquote($colgrant[$i]));
1327 } // end for
1328 unset($colgrant);
1329 $col_list = ' (' . $col_list . ')';
1330 } // end if
1331
1332 $list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
1333 'Shutdown', 'Process', 'File', 'References', 'Index', 'Alter');
1334 for ($i = 0; $i < 13; $i++) {
1335 $priv_name = $list_priv[$i] . '_priv';
1336 if (isset($$priv_name)) {
1337 $sql_query .= (empty($sql_query) ? $list_priv[$i] : ', ' . $list_priv[$i]) . $col_list;
1338 }
1339 } // end for
1340 unset($list_priv);
1341 if (empty($sql_query)) {
1342 $sql_query = 'USAGE' . $col_list;
1343 }
1344 $priv_grant = 'Grant_priv';
1345 $priv_grant = (isset($$priv_grant) ? ' WITH GRANT OPTION' : '');
1346
1347 if (get_magic_quotes_gpc()) {
1348 if ($newdb) {
1349 $newdb = stripslashes($newdb);
1350 } else {
1351 if (isset($dbgrant) && !$anydb && !$newdb) {
1352 $dbgrant = stripslashes($dbgrant);
1353 }
1354 if (isset($tablegrant) && !$anytable && !$newdb) {
1355 $tablegrant = stripslashes($tablegrant);
1356 }
1357 }
1358 } // end if
1359
1360 // Escape wilcard characters if required
1361 if (isset($dbgrant) && !$anydb && !$newdb) {
1362 $re = '(^|(\\\\\\\\)+|[^\])(_|%)'; // non-escaped wildcards
1363 $dbgrant = ereg_replace($re, '\\1\\\\3', $dbgrant);
1364 }
1365
1366 if (!$newdb) {
1367 $sql_query .= ' ON '
1368 . (($anydb || $dbgrant == '') ? '*' : PMA_backquote($dbgrant))
1369 . '.'
1370 . (($anytable || $tablegrant == '') ? '*' : PMA_backquote($tablegrant));
1371 } else {
1372 $sql_query .= ' ON ' . PMA_backquote($newdb) . '.*';
1373 }
1374
1375 $sql_query .= ' TO ' . '\'' . PMA_sqlAddslashes($pma_user) . '\'' . '@' . '\'' . PMA_sqlAddslashes($host) . '\'';
1376
1377 $sql_query = 'GRANT ' . $sql_query . $priv_grant;
1378 $result = @PMA_mysql_query($sql_query) or PMA_mysqlDie('', '', FALSE, $err_url . '&amp;host=' . urlencode($host) . '&amp;pma_user=' . urlencode($pma_user) . '&amp;grants=1');
1379 PMA_showMessage($strAddPrivMessage . '.<br />' . $strRememberReload);
1380 } // end if
1381 }
1382
1383
1384
1385 /**
1386 * Displays the page
1387 */
1388 // Edit an user properies
1389 if (isset($edit) && $edit) {
1390 PMA_tableUsers($host, $pma_user);
1391 PMA_editOperations($host, $pma_user);
1392 }
1393
1394 // Revoke/Grant privileges for an user
1395 else if (isset($grants) && $grants) {
1396 // Displays the full list of privileges for this host & user
1397 $infos['Host'] = $host;
1398 $infos['User'] = $pma_user;
1399 PMA_tableGrants($infos);
1400
1401 // Displays the list of privileges for user on the selected db/table/column
1402 $user_priv = array();
1403 $list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
1404 'Shutdown', 'Process', 'File', 'Grant', 'References', 'Index',
1405 'Alter');
1406 $list_priv_new = array();
1407
1408 // Gets globals privileges
1409 $result = PMA_mysql_query('SELECT * FROM mysql.user WHERE (Host = \'' . PMA_sqlAddslashes($host) . '\' OR Host = \'%\') AND (User = \'' . PMA_sqlAddslashes($pma_user) . '\' OR User = \'\')');
1410 $row = ($result) ? @PMA_mysql_fetch_array($result) : FALSE;
1411 if ($row) {
1412 while (list(,$priv) = each($list_priv)) {
1413 $priv_priv = $priv . '_priv';
1414 if ($row[$priv_priv] == 'Y') {
1415 $user_priv[$priv_priv] = 'Y';
1416 } else {
1417 $user_priv[$priv_priv] = 'N';
1418 $list_priv_new[] = $priv;
1419 }
1420 } // end while
1421 mysql_free_result($result);
1422 $list_priv = $list_priv_new;
1423 unset($list_priv_new);
1424 $list_priv_new = array();
1425 } // end if $row
1426
1427 // If a target database is set, gets privileges for this database
1428 if (count($list_priv) && isset($dbgrant)) {
1429 if (get_magic_quotes_gpc()) {
1430 $dbgrant = stripslashes($dbgrant);
1431 }
1432 $result = PMA_mysql_query('SELECT * FROM mysql.db WHERE (Host = \'' . PMA_sqlAddslashes($host) . '\' OR Host = \'%\') AND (User = \'' . PMA_sqlAddslashes($pma_user) . '\' OR User = \'\') AND Db = \'' . PMA_sqlAddslashes($dbgrant) . '\'');
1433 $row = ($result) ? @PMA_mysql_fetch_array($result) : FALSE;
1434 if ($row) {
1435 while (list(,$priv) = each($list_priv)) {
1436 $priv_priv = $priv . '_priv';
1437 if (isset($row[$priv_priv]) && $row[$priv_priv] == 'Y') {
1438 $user_priv[$priv_priv] = 'Y';
1439 } else {
1440 $list_priv_new[] = $priv;
1441 }
1442 } // end while
1443 mysql_free_result($result);
1444 $list_priv = $list_priv_new;
1445 unset($list_priv_new);
1446 $list_priv_new = array();
1447 } // end if $row
1448 } // end if
1449
1450 // If a target table is set, gets privileges for this table
1451 if (count($list_priv) && isset($tablegrant)) {
1452 if (get_magic_quotes_gpc()) {
1453 $tablegrant = stripslashes($tablegrant);
1454 }
1455 $result = PMA_mysql_query('SELECT * FROM mysql.tables_priv WHERE (Host = \'' . PMA_sqlAddslashes($host) . '\' OR Host = \'%\') AND (User = \'' . PMA_sqlAddslashes($pma_user) . '\' OR User = \'\') AND Db = \'' . PMA_sqlAddslashes($dbgrant) . '\' AND Table_name = \'' . PMA_sqlAddslashes($tablegrant) . '\'');
1456 $row = ($result) ? @PMA_mysql_fetch_array($result) : FALSE;
1457 if ($row && $row['Table_priv']) {
1458 while (list(,$priv) = each($list_priv)) {
1459 $priv_priv = $priv . '_priv';
1460 if (eregi('(^|,)' . $priv . '(,|$)', $row['Table_priv'])) {
1461 $user_priv[$priv_priv] = 'Y';
1462 } else {
1463 $list_priv_new[] = $priv;
1464 }
1465 } // end while
1466 mysql_free_result($result);
1467 $list_priv = $list_priv_new;
1468 unset($list_priv_new);
1469 $list_priv_new = array();
1470 } // end if $row
1471 } // end if
1472
1473 // TODO: column privileges
1474
1475 PMA_grantOperations($user_priv);
1476 }
1477
1478 // Check database privileges
1479 else if (isset($check) && $check) {
1480 PMA_checkDb($db);
1481 ?>
1482 <ul>
1483 <li>
1484 <a href="user_details.php3?<?php echo PMA_generate_common_url('mysql', 'user'); ?>">
1485 <?php echo $strBack; ?></a>
1486 </li>
1487 </ul>
1488 <?php
1489 echo "\n";
1490 }
1491
1492 // Displays all users profiles
1493 else {
1494 if (!isset($host)) {
1495 $host = FALSE;
1496 }
1497 if (!isset($pma_user)) {
1498 $pma_user = FALSE;
1499 }
1500 PMA_tableUsers($host, $pma_user) or PMA_mysqlDie($strNoUsersFound, '', FALSE, '');
1501 PMA_normalOperations();
1502 }
1503
1504
1505 /**
1506 * Displays the footer
1507 */
1508 require('./footer.inc.php3');
1509 ?>
Drizzle / GSOC 2011