/**
     * Test for PMA_queryAsControlUser
     *
     * @return void
     */
    public function testPMAQueryAsControlUser()
    {
        $dbi = $this->getMockBuilder('PMA_DatabaseInterface')
            ->disableOriginalConstructor()
            ->getMock();

        $dbi->expects($this->once())
            ->method('query')
            ->will($this->returnValue('executeResult1'));

        $dbi->expects($this->once())
            ->method('tryQuery')
            ->will($this->returnValue('executeResult2'));

        $GLOBALS['dbi'] = $dbi;

        $sql = "insert into PMA_bookmark A,B values(1, 2)";
        $this->assertEquals(
            'executeResult1',
            PMA_queryAsControlUser($sql)
        );
        $this->assertEquals(
            'executeResult2',
            PMA_queryAsControlUser($sql, false)
        );
    }
/**
 * Retrieve IDs and names of schema pages
 *
 * @param string $db database name
 *
 * @return array array of schema page id and names
 */
function PMA_getPageIdsAndNames($db)
{
    $cfgRelation = PMA_getRelationsParam();
    $page_query = "SELECT `page_nr`, `page_descr` FROM " . PMA\libraries\Util::backquote($cfgRelation['db']) . "." . PMA\libraries\Util::backquote($cfgRelation['pdf_pages']) . " WHERE db_name = '" . PMA\libraries\Util::sqlAddSlashes($db) . "'" . " ORDER BY `page_descr`";
    $page_rs = PMA_queryAsControlUser($page_query, false, PMA\libraries\DatabaseInterface::QUERY_STORE);
    $result = array();
    while ($curr_page = $GLOBALS['dbi']->fetchAssoc($page_rs)) {
        $result[$curr_page['page_nr']] = $curr_page['page_descr'];
    }
    return $result;
}
 /**
  * Returns recently used tables from phpMyAdmin database.
  *
  * @return array
  */
 public function getFromDb()
 {
     // Read from phpMyAdmin database, if recent tables is not in session
     $sql_query = " SELECT `tables` FROM " . $this->_pmaTable . " WHERE `username` = '" . $GLOBALS['cfg']['Server']['user'] . "'";
     $row = PMA_DBI_fetch_array(PMA_queryAsControlUser($sql_query));
     if (isset($row[0])) {
         return json_decode($row[0], true);
     } else {
         return array();
     }
 }
Example #4
0
 /**
  * Returns recently used tables from phpMyAdmin database.
  *
  * @return array
  */
 public function getFromDb()
 {
     // Read from phpMyAdmin database, if recent tables is not in session
     $sql_query = " SELECT `tables` FROM " . $this->_pmaTable . " WHERE `username` = '" . $GLOBALS['cfg']['Server']['user'] . "'";
     $return = array();
     $result = PMA_queryAsControlUser($sql_query, false);
     if ($result) {
         $row = $GLOBALS['dbi']->fetchArray($result);
         if (isset($row[0])) {
             $return = json_decode($row[0], true);
         }
     }
     return $return;
 }
/**
 * Function to handle updates for internal relations
 *
 * @param string $destination_db          destination database
 * @param string $multi_edit_columns_name multi edit column name
 * @param string $destination_table       destination table
 * @param string $destination_column      destination column
 * @param array  $cfgRelation             configuration relation
 * @param string $db                      current database
 * @param string $table                   current table
 * @param array  $existrel                db, table, column
 *
 * @return void
 */
function PMA_handleUpdatesForInternalRelations($destination_db, $multi_edit_columns_name, $destination_table, $destination_column, $cfgRelation, $db, $table, $existrel)
{
    foreach ($destination_db as $master_field_md5 => $foreign_db) {
        $upd_query = PMA_getQueryForInternalRelationUpdate($multi_edit_columns_name, $master_field_md5, $foreign_db, $destination_table, $destination_column, $cfgRelation, $db, $table, isset($existrel) ? $existrel : null);
        if ($upd_query) {
            PMA_queryAsControlUser($upd_query);
        }
    }
}
/**
 * Add/update a user group with allowed menu tabs.
 *
 * @param string  $userGroup user group name
 * @param boolean $new       whether this is a new user group
 *
 * @return void
 */
function PMA_editUserGroup($userGroup, $new = false)
{
    $tabs = PMA_Util::getMenuTabList();
    $groupTable = PMA_Util::backquote($GLOBALS['cfg']['Server']['pmadb']) . "." . PMA_Util::backquote($GLOBALS['cfg']['Server']['usergroups']);
    if (!$new) {
        $sql_query = "DELETE FROM " . $groupTable . " WHERE `usergroup`='" . PMA_Util::sqlAddSlashes($userGroup) . "';";
        PMA_queryAsControlUser($sql_query, true);
    }
    $sql_query = "INSERT INTO " . $groupTable . "(`usergroup`, `tab`, `allowed`)" . " VALUES ";
    $first = true;
    foreach ($tabs as $tabGroupName => $tabGroup) {
        foreach ($tabs[$tabGroupName] as $tab => $tabName) {
            if (!$first) {
                $sql_query .= ", ";
            }
            $tabName = $tabGroupName . '_' . $tab;
            $allowed = isset($_REQUEST[$tabName]) && $_REQUEST[$tabName] == 'Y';
            $sql_query .= "('" . $userGroup . "', '" . $tabName . "', '" . ($allowed ? "Y" : "N") . "')";
            $first = false;
        }
    }
    $sql_query .= ";";
    PMA_queryAsControlUser($sql_query, true);
}
 /**
  * Returns the names of children of type $type present inside this container
  * This method is overridden by the Node_Database and Node_Table classes
  *
  * @param string $type         The type of item we are looking for
  *                             ('tables', 'views', etc)
  * @param int    $pos          The offset of the list within the results
  * @param string $searchClause A string used to filter the results of the query
  *
  * @return array
  */
 public function getData($type, $pos, $searchClause = '')
 {
     $maxItems = $GLOBALS['cfg']['MaxNavigationItems'];
     $retval = array();
     $db = $this->real_name;
     switch ($type) {
         case 'tables':
             $escdDb = PMA_Util::sqlAddSlashes($db);
             $query = "SELECT `TABLE_NAME` AS `name` ";
             $query .= "FROM `INFORMATION_SCHEMA`.`TABLES` ";
             $query .= "WHERE `TABLE_SCHEMA`='{$escdDb}' ";
             if (PMA_DRIZZLE) {
                 $query .= "AND `TABLE_TYPE`='BASE' ";
             } else {
                 $query .= "AND `TABLE_TYPE`='BASE TABLE' ";
             }
             if (!empty($searchClause)) {
                 $query .= "AND `TABLE_NAME` LIKE '%";
                 $query .= PMA_Util::sqlAddSlashes($searchClause, true);
                 $query .= "%'";
             }
             $query .= "ORDER BY `TABLE_NAME` ASC ";
             $query .= "LIMIT " . intval($pos) . ", {$maxItems}";
             $retval = $GLOBALS['dbi']->fetchResult($query);
             break;
         case 'views':
             $escdDb = PMA_Util::sqlAddSlashes($db);
             $query = "SELECT `TABLE_NAME` AS `name` ";
             $query .= "FROM `INFORMATION_SCHEMA`.`TABLES` ";
             $query .= "WHERE `TABLE_SCHEMA`='{$escdDb}' ";
             if (PMA_DRIZZLE) {
                 $query .= "AND `TABLE_TYPE`!='BASE' ";
             } else {
                 $query .= "AND `TABLE_TYPE`!='BASE TABLE' ";
             }
             if (!empty($searchClause)) {
                 $query .= "AND `TABLE_NAME` LIKE '%";
                 $query .= PMA_Util::sqlAddSlashes($searchClause, true);
                 $query .= "%'";
             }
             $query .= "ORDER BY `TABLE_NAME` ASC ";
             $query .= "LIMIT " . intval($pos) . ", {$maxItems}";
             $retval = $GLOBALS['dbi']->fetchResult($query);
             break;
         case 'procedures':
             $escdDb = PMA_Util::sqlAddSlashes($db);
             $query = "SELECT `ROUTINE_NAME` AS `name` ";
             $query .= "FROM `INFORMATION_SCHEMA`.`ROUTINES` ";
             $query .= "WHERE `ROUTINE_SCHEMA`='{$escdDb}'";
             $query .= "AND `ROUTINE_TYPE`='PROCEDURE' ";
             if (!empty($searchClause)) {
                 $query .= "AND `ROUTINE_NAME` LIKE '%";
                 $query .= PMA_Util::sqlAddSlashes($searchClause, true);
                 $query .= "%'";
             }
             $query .= "ORDER BY `ROUTINE_NAME` ASC ";
             $query .= "LIMIT " . intval($pos) . ", {$maxItems}";
             $retval = $GLOBALS['dbi']->fetchResult($query);
             break;
         case 'functions':
             $escdDb = PMA_Util::sqlAddSlashes($db);
             $query = "SELECT `ROUTINE_NAME` AS `name` ";
             $query .= "FROM `INFORMATION_SCHEMA`.`ROUTINES` ";
             $query .= "WHERE `ROUTINE_SCHEMA`='{$escdDb}' ";
             $query .= "AND `ROUTINE_TYPE`='FUNCTION' ";
             if (!empty($searchClause)) {
                 $query .= "AND `ROUTINE_NAME` LIKE '%";
                 $query .= PMA_Util::sqlAddSlashes($searchClause, true);
                 $query .= "%'";
             }
             $query .= "ORDER BY `ROUTINE_NAME` ASC ";
             $query .= "LIMIT " . intval($pos) . ", {$maxItems}";
             $retval = $GLOBALS['dbi']->fetchResult($query);
             break;
         case 'events':
             $escdDb = PMA_Util::sqlAddSlashes($db);
             $query = "SELECT `EVENT_NAME` AS `name` ";
             $query .= "FROM `INFORMATION_SCHEMA`.`EVENTS` ";
             $query .= "WHERE `EVENT_SCHEMA`='{$escdDb}' ";
             if (!empty($searchClause)) {
                 $query .= "AND `EVENT_NAME` LIKE '%";
                 $query .= PMA_Util::sqlAddSlashes($searchClause, true);
                 $query .= "%'";
             }
             $query .= "ORDER BY `EVENT_NAME` ASC ";
             $query .= "LIMIT " . intval($pos) . ", {$maxItems}";
             $retval = $GLOBALS['dbi']->fetchResult($query);
             break;
         default:
             break;
     }
     // Remove hidden items so that they are not displayed in navigation tree
     $cfgRelation = PMA_getRelationsParam();
     if ($cfgRelation['navwork']) {
         $navTable = PMA_Util::backquote($cfgRelation['db']) . "." . PMA_Util::backquote($cfgRelation['navigationhiding']);
         $sqlQuery = "SELECT `item_name` FROM " . $navTable . " WHERE `username`='" . $cfgRelation['user'] . "'" . " AND `item_type`='" . $GLOBALS['PMA_String']->substr($type, 0, -1) . "'" . " AND `db_name`='" . PMA_Util::sqlAddSlashes($db) . "'";
         $result = PMA_queryAsControlUser($sqlQuery, false);
         if ($result) {
             $hiddenItems = array();
             while ($row = $GLOBALS['dbi']->fetchArray($result)) {
                 $hiddenItems[] = $row[0];
             }
             foreach ($retval as $key => $item) {
                 if (in_array($item, $hiddenItems)) {
                     unset($retval[$key]);
                 }
             }
         }
         $GLOBALS['dbi']->freeResult($result);
     }
     return $retval;
 }
/**
 * Cleanup user related relation stuff
 *
 * @param string $username username
 *
 * @return void
 */
function PMA_relationsCleanupUser($username)
{
    $cfgRelation = PMA_getRelationsParam();
    if ($cfgRelation['bookmarkwork']) {
        $remove_query = "DELETE FROM " . PMA\libraries\Util::backquote($cfgRelation['db']) . "." . PMA\libraries\Util::backquote($cfgRelation['bookmark']) . " WHERE `user`  = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'";
        PMA_queryAsControlUser($remove_query);
    }
    if ($cfgRelation['historywork']) {
        $remove_query = "DELETE FROM " . PMA\libraries\Util::backquote($cfgRelation['db']) . "." . PMA\libraries\Util::backquote($cfgRelation['history']) . " WHERE `username`  = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'";
        PMA_queryAsControlUser($remove_query);
    }
    if ($cfgRelation['recentwork']) {
        $remove_query = "DELETE FROM " . PMA\libraries\Util::backquote($cfgRelation['db']) . "." . PMA\libraries\Util::backquote($cfgRelation['recent']) . " WHERE `username`  = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'";
        PMA_queryAsControlUser($remove_query);
    }
    if ($cfgRelation['favoritework']) {
        $remove_query = "DELETE FROM " . PMA\libraries\Util::backquote($cfgRelation['db']) . "." . PMA\libraries\Util::backquote($cfgRelation['favorite']) . " WHERE `username`  = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'";
        PMA_queryAsControlUser($remove_query);
    }
    if ($cfgRelation['uiprefswork']) {
        $remove_query = "DELETE FROM " . PMA\libraries\Util::backquote($cfgRelation['db']) . "." . PMA\libraries\Util::backquote($cfgRelation['table_uiprefs']) . " WHERE `username`  = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'";
        PMA_queryAsControlUser($remove_query);
    }
    if ($cfgRelation['userconfigwork']) {
        $remove_query = "DELETE FROM " . PMA\libraries\Util::backquote($cfgRelation['db']) . "." . PMA\libraries\Util::backquote($cfgRelation['userconfig']) . " WHERE `username`  = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'";
        PMA_queryAsControlUser($remove_query);
    }
    if ($cfgRelation['menuswork']) {
        $remove_query = "DELETE FROM " . PMA\libraries\Util::backquote($cfgRelation['db']) . "." . PMA\libraries\Util::backquote($cfgRelation['users']) . " WHERE `username`  = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'";
        PMA_queryAsControlUser($remove_query);
    }
    if ($cfgRelation['navwork']) {
        $remove_query = "DELETE FROM " . PMA\libraries\Util::backquote($cfgRelation['db']) . "." . PMA\libraries\Util::backquote($cfgRelation['navigationhiding']) . " WHERE `username`  = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'";
        PMA_queryAsControlUser($remove_query);
    }
    if ($cfgRelation['savedsearcheswork']) {
        $remove_query = "DELETE FROM " . PMA\libraries\Util::backquote($cfgRelation['db']) . "." . PMA\libraries\Util::backquote($cfgRelation['savedsearches']) . " WHERE `username`  = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'";
        PMA_queryAsControlUser($remove_query);
    }
    if ($cfgRelation['designersettingswork']) {
        $remove_query = "DELETE FROM " . PMA\libraries\Util::backquote($cfgRelation['db']) . "." . PMA\libraries\Util::backquote($cfgRelation['designer_settings']) . " WHERE `username`  = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'";
        PMA_queryAsControlUser($remove_query);
    }
}
Example #9
0
/**
 * Removes a foreign relation
 *
 * @param string $T1 foreign db.table
 * @param string $F1 foreign field
 * @param string $T2 master db.table
 * @param string $F2 master field
 *
 * @return array array of success/failure and message
 */
function PMA_removeRelation($T1, $F1, $T2, $F2)
{
    list($DB1, $T1) = explode(".", $T1);
    list($DB2, $T2) = explode(".", $T2);
    $tables = $GLOBALS['dbi']->getTablesFull($DB1, $T1);
    $type_T1 = mb_strtoupper($tables[$T1]['ENGINE']);
    $tables = $GLOBALS['dbi']->getTablesFull($DB2, $T2);
    $type_T2 = mb_strtoupper($tables[$T2]['ENGINE']);
    if (PMA_Util::isForeignKeySupported($type_T1) && PMA_Util::isForeignKeySupported($type_T2) && $type_T1 == $type_T2) {
        // InnoDB
        $existrel_foreign = PMA_getForeigners($DB2, $T2, '', 'foreign');
        $foreigner = PMA_searchColumnInForeigners($existrel_foreign, $F2);
        if (isset($foreigner['constraint'])) {
            $upd_query = 'ALTER TABLE ' . PMA_Util::backquote($DB2) . '.' . PMA_Util::backquote($T2) . ' DROP FOREIGN KEY ' . PMA_Util::backquote($foreigner['constraint']) . ';';
            if ($GLOBALS['dbi']->query($upd_query)) {
                return array(true, __('FOREIGN KEY relation has been removed.'));
            }
            $error = $GLOBALS['dbi']->getError();
            return array(false, __('Error: FOREIGN KEY relation could not be removed!') . "<br/>" . $error);
        }
    }
    // internal relations
    $delete_query = "DELETE FROM " . PMA_Util::backquote($GLOBALS['cfgRelation']['db']) . "." . $GLOBALS['cfgRelation']['relation'] . " WHERE " . "master_db = '" . PMA_Util::sqlAddSlashes($DB2) . "'" . " AND master_table = '" . PMA_Util::sqlAddSlashes($T2) . "'" . " AND master_field = '" . PMA_Util::sqlAddSlashes($F2) . "'" . " AND foreign_db = '" . PMA_Util::sqlAddSlashes($DB1) . "'" . " AND foreign_table = '" . PMA_Util::sqlAddSlashes($T1) . "'" . " AND foreign_field = '" . PMA_Util::sqlAddSlashes($F1) . "'";
    $result = PMA_queryAsControlUser($delete_query, false, PMA_DatabaseInterface::QUERY_STORE);
    if (!$result) {
        $error = $GLOBALS['dbi']->getError($GLOBALS['controllink']);
        return array(false, __('Error: Internal relation could not be removed!') . "<br/>" . $error);
    }
    return array(true, __('Internal relation has been removed.'));
}
/**
 * Returns HTML for the options in teplate dropdown
 *
 * @param string $export_type export type - server, database, or table
 *
 * @return string HTML for the options in teplate dropdown
 */
function PMA_getOptionsForExportTemplates($export_type)
{
    $ret = '<option value="">-- ' . __('Select a template') . ' --</option>';
    // Get the relation settings
    $cfgRelation = PMA_getRelationsParam();
    $query = "SELECT `id`, `template_name` FROM " . PMA_Util::backquote($cfgRelation['db']) . '.' . PMA_Util::backquote($cfgRelation['export_templates']) . " WHERE `username` = " . "'" . PMA_Util::sqlAddSlashes($GLOBALS['cfg']['Server']['user']) . "'" . " AND `export_type` = '" . $export_type . "'" . " ORDER BY `template_name`;";
    $result = PMA_queryAsControlUser($query);
    if ($result) {
        while ($row = $GLOBALS['dbi']->fetchAssoc($result, $GLOBALS['controllink'])) {
            $ret .= '<option value="' . htmlspecialchars($row['id']) . '"';
            if (!empty($_GET['template_id']) && $_GET['template_id'] == $row['id']) {
                $ret .= ' selected="selected"';
            }
            $ret .= '>';
            $ret .= htmlspecialchars($row['template_name']) . '</option>';
        }
    }
    return $ret;
}
 /**
  * The "Table_Stats" constructor
  *
  * @param string  $tableName        The table name
  * @param string  $font             The font  name
  * @param integer $fontSize         The font size
  * @param integer $pageNumber       Page number
  * @param integer &$same_wide_width The max width among tables
  * @param boolean $showKeys         Whether to display keys or not
  * @param boolean $showInfo         Whether to display table position or not
  *
  * @global object    The current eps document
  * @global integer   The current page number (from the
  *                     $cfg['Servers'][$i]['table_coords'] table)
  * @global array     The relations settings
  * @global string    The current db name
  *
  * @access private
  * @see PMA_EPS, Table_Stats::Table_Stats_setWidth,
  *      Table_Stats::Table_Stats_setHeight
  */
 function __construct($tableName, $font, $fontSize, $pageNumber, &$same_wide_width, $showKeys = false, $showInfo = false)
 {
     global $eps, $cfgRelation, $db;
     $common_functions = PMA_CommonFunctions::getInstance();
     $this->_tableName = $tableName;
     $sql = 'DESCRIBE ' . $common_functions->backquote($tableName);
     $result = PMA_DBI_try_query($sql, null, PMA_DBI_QUERY_STORE);
     if (!$result || !PMA_DBI_num_rows($result)) {
         $eps->dieSchema($pageNumber, "EPS", sprintf(__('The %s table doesn\'t exist!'), $tableName));
     }
     /*
      * load fields
      * check to see if it will load all fields or only the foreign keys
      */
     if ($showKeys) {
         $indexes = PMA_Index::getFromTable($this->_tableName, $db);
         $all_columns = array();
         foreach ($indexes as $index) {
             $all_columns = array_merge($all_columns, array_flip(array_keys($index->getColumns())));
         }
         $this->fields = array_keys($all_columns);
     } else {
         while ($row = PMA_DBI_fetch_row($result)) {
             $this->fields[] = $row[0];
         }
     }
     $this->_showInfo = $showInfo;
     // height and width
     $this->_setHeightTable($fontSize);
     // setWidth must me after setHeight, because title
     // can include table height which changes table width
     $this->_setWidthTable($font, $fontSize);
     if ($same_wide_width < $this->width) {
         $same_wide_width = $this->width;
     }
     // x and y
     $sql = 'SELECT x, y FROM ' . $common_functions->backquote($GLOBALS['cfgRelation']['db']) . '.' . $common_functions->backquote($cfgRelation['table_coords']) . ' WHERE db_name = \'' . $common_functions->sqlAddSlashes($db) . '\'' . ' AND   table_name = \'' . $common_functions->sqlAddSlashes($tableName) . '\'' . ' AND   pdf_page_number = ' . $pageNumber;
     $result = PMA_queryAsControlUser($sql, false, PMA_DBI_QUERY_STORE);
     if (!$result || !PMA_DBI_num_rows($result)) {
         $eps->dieSchema($pageNumber, "EPS", sprintf(__('Please configure the coordinates for table %s'), $tableName));
     }
     list($this->x, $this->y) = PMA_DBI_fetch_row($result);
     $this->x = (double) $this->x;
     $this->y = (double) $this->y;
     // displayfield
     $this->displayfield = PMA_getDisplayField($db, $tableName);
     // index
     $result = PMA_DBI_query('SHOW INDEX FROM ' . $common_functions->backquote($tableName) . ';', null, PMA_DBI_QUERY_STORE);
     if (PMA_DBI_num_rows($result) > 0) {
         while ($row = PMA_DBI_fetch_assoc($result)) {
             if ($row['Key_name'] == 'PRIMARY') {
                 $this->primary[] = $row['Column_name'];
             }
         }
     }
 }
/**
 * Function to handle updates for internal relations
 *
 * @param array      $destination_db          destination databases
 * @param array      $multi_edit_columns_name multi edit column names
 * @param array      $destination_table       destination tables
 * @param array      $destination_column      destination columns
 * @param array      $cfgRelation             configuration relation
 * @param string     $db                      current database
 * @param string     $table                   current table
 * @param array|null $existrel                db, table, column
 *
 * @return string
 */
function PMA_handleUpdatesForInternalRelations($destination_db, $multi_edit_columns_name, $destination_table, $destination_column, $cfgRelation, $db, $table, $existrel)
{
    $html_output = '';
    $updated = false;
    foreach ($destination_db as $master_field_md5 => $foreign_db) {
        $upd_query = PMA_getQueryForInternalRelationUpdate($multi_edit_columns_name, $master_field_md5, $foreign_db, $destination_table, $destination_column, $cfgRelation, $db, $table, isset($existrel) ? $existrel : null);
        if ($upd_query) {
            PMA_queryAsControlUser($upd_query);
            $updated = true;
        }
    }
    if ($updated) {
        $html_output = PMA_Util::getMessage(__('Internal relations were successfully updated.'), '', 'success');
    }
    return $html_output;
}
Example #13
0
/**
 * Handles export template actions
 *
 * @param array $cfgRelation Relation configuration
 *
 * @return void
 */
function PMA_handleExportTemplateActions($cfgRelation)
{
    if (isset($_REQUEST['templateId'])) {
        $id = $GLOBALS['dbi']->escapeString($_REQUEST['templateId']);
    } else {
        $id = '';
    }
    $templateTable = PMA\libraries\Util::backquote($cfgRelation['db']) . '.' . PMA\libraries\Util::backquote($cfgRelation['export_templates']);
    $user = $GLOBALS['dbi']->escapeString($GLOBALS['cfg']['Server']['user']);
    switch ($_REQUEST['templateAction']) {
        case 'create':
            $query = "INSERT INTO " . $templateTable . "(" . " `username`, `export_type`," . " `template_name`, `template_data`" . ") VALUES (" . "'" . $user . "', " . "'" . $GLOBALS['dbi']->escapeString($_REQUEST['exportType']) . "', '" . $GLOBALS['dbi']->escapeString($_REQUEST['templateName']) . "', '" . $GLOBALS['dbi']->escapeString($_REQUEST['templateData']) . "');";
            break;
        case 'load':
            $query = "SELECT `template_data` FROM " . $templateTable . " WHERE `id` = " . $id . " AND `username` = '" . $user . "'";
            break;
        case 'update':
            $query = "UPDATE " . $templateTable . " SET `template_data` = " . "'" . $GLOBALS['dbi']->escapeString($_REQUEST['templateData']) . "'" . " WHERE `id` = " . $id . " AND `username` = '" . $user . "'";
            break;
        case 'delete':
            $query = "DELETE FROM " . $templateTable . " WHERE `id` = " . $id . " AND `username` = '" . $user . "'";
            break;
        default:
            $query = '';
            break;
    }
    $result = PMA_queryAsControlUser($query, false);
    $response = Response::getInstance();
    if (!$result) {
        $error = $GLOBALS['dbi']->getError($GLOBALS['controllink']);
        $response->setRequestStatus(false);
        $response->addJSON('message', $error);
        exit;
    }
    $response->setRequestStatus(true);
    if ('create' == $_REQUEST['templateAction']) {
        $response->addJSON('data', PMA_getOptionsForExportTemplates($_REQUEST['exportType']));
    } elseif ('load' == $_REQUEST['templateAction']) {
        $data = null;
        while ($row = $GLOBALS['dbi']->fetchAssoc($result, $GLOBALS['controllink'])) {
            $data = $row['template_data'];
        }
        $response->addJSON('data', $data);
    }
    $GLOBALS['dbi']->freeResult($result);
}
Example #14
0
/**
 * Save value for a designer setting
 *
 * @param string $index setting
 * @param string $value value
 *
 * @return bool whether the operation succeeded
 */
function PMA_saveDesignerSetting($index, $value)
{
    $cfgRelation = PMA_getRelationsParam();
    $cfgDesigner = array('user' => $GLOBALS['cfg']['Server']['user'], 'db' => $cfgRelation['db'], 'table' => $cfgRelation['designer_settings']);
    $success = true;
    if ($GLOBALS['cfgRelation']['designersettingswork']) {
        $orig_data_query = "SELECT settings_data" . " FROM " . PMA_Util::backquote($cfgDesigner['db']) . "." . PMA_Util::backquote($cfgDesigner['table']) . " WHERE username = '******'user']) . "';";
        $orig_data = $GLOBALS['dbi']->fetchSingleRow($orig_data_query, $GLOBALS['controllink']);
        if (!empty($orig_data)) {
            $orig_data = json_decode($orig_data['settings_data'], true);
            $orig_data[$index] = $value;
            $orig_data = json_encode($orig_data);
            $save_query = "UPDATE " . PMA_Util::backquote($cfgDesigner['db']) . "." . PMA_Util::backquote($cfgDesigner['table']) . " SET settings_data = '" . $orig_data . "'" . " WHERE username = '******'user']) . "';";
            $success = PMA_queryAsControlUser($save_query);
        } else {
            $save_data = array($index => $value);
            $query = "INSERT INTO " . PMA_Util::backquote($cfgDesigner['db']) . "." . PMA_Util::backquote($cfgDesigner['table']) . " (username, settings_data)" . " VALUES('" . $cfgDesigner['user'] . "'," . " '" . json_encode($save_data) . "');";
            $success = PMA_queryAsControlUser($query);
        }
    }
    return $success;
}
/**
 * Set a single mimetype to a certain value.
 *
 * @param string $db                     the name of the db
 * @param string $table                  the name of the table
 * @param string $key                    the name of the column
 * @param string $mimetype               the mimetype of the column
 * @param string $transformation         the transformation of the column
 * @param string $transformation_options the transformation options of the column
 * @param string $forcedelete            force delete, will erase any existing
 *                                       comments for this column
 *
 * @access  public
 *
 * @return boolean  true, if comment-query was made.
 */
function PMA_setMIME($db, $table, $key, $mimetype, $transformation, $transformation_options, $forcedelete = false)
{
    $cfgRelation = PMA_getRelationsParam();
    if (!$cfgRelation['commwork']) {
        return false;
    }
    // convert mimetype to old format (f.e. text_plain)
    $mimetype = strtolower($mimetype);
    // old format has octet-stream instead of octetstream for mimetype
    if (strstr($mimetype, "octetstream")) {
        $mimetype = "application_octet-stream";
    }
    // convert transformation to old format (f.e. text_plain__substring.inc.php)
    $transformation = strtolower($transformation);
    $transformation = str_replace(".class.php", ".inc.php", $transformation);
    $last_pos = strrpos($transformation, "_");
    $transformation = substr($transformation, 0, $last_pos) . "_" . substr($transformation, $last_pos);
    $test_qry = '
         SELECT `mimetype`,
                `comment`
           FROM ' . PMA_Util::backquote($cfgRelation['db']) . '.' . PMA_Util::backquote($cfgRelation['column_info']) . '
          WHERE `db_name`     = \'' . PMA_Util::sqlAddSlashes($db) . '\'
            AND `table_name`  = \'' . PMA_Util::sqlAddSlashes($table) . '\'
            AND `column_name` = \'' . PMA_Util::sqlAddSlashes($key) . '\'';
    $test_rs = PMA_queryAsControlUser($test_qry, true, PMA_DBI_QUERY_STORE);
    if ($test_rs && PMA_DBI_num_rows($test_rs) > 0) {
        $row = @PMA_DBI_fetch_assoc($test_rs);
        PMA_DBI_free_result($test_rs);
        if (!$forcedelete && (strlen($mimetype) || strlen($transformation) || strlen($transformation_options) || strlen($row['comment']))) {
            $upd_query = '
                UPDATE ' . PMA_Util::backquote($cfgRelation['db']) . '.' . PMA_Util::backquote($cfgRelation['column_info']) . '
                   SET `mimetype`               = \'' . PMA_Util::sqlAddSlashes($mimetype) . '\',
                       `transformation`         = \'' . PMA_Util::sqlAddSlashes($transformation) . '\',
                       `transformation_options` = \'' . PMA_Util::sqlAddSlashes($transformation_options) . '\'';
        } else {
            $upd_query = 'DELETE FROM ' . PMA_Util::backquote($cfgRelation['db']) . '.' . PMA_Util::backquote($cfgRelation['column_info']);
        }
        $upd_query .= '
            WHERE `db_name`     = \'' . PMA_Util::sqlAddSlashes($db) . '\'
              AND `table_name`  = \'' . PMA_Util::sqlAddSlashes($table) . '\'
              AND `column_name` = \'' . PMA_Util::sqlAddSlashes($key) . '\'';
    } elseif (strlen($mimetype) || strlen($transformation) || strlen($transformation_options)) {
        $upd_query = 'INSERT INTO ' . PMA_Util::backquote($cfgRelation['db']) . '.' . PMA_Util::backquote($cfgRelation['column_info']) . ' (db_name, table_name, column_name, mimetype, transformation, transformation_options) ' . ' VALUES(' . '\'' . PMA_Util::sqlAddSlashes($db) . '\',' . '\'' . PMA_Util::sqlAddSlashes($table) . '\',' . '\'' . PMA_Util::sqlAddSlashes($key) . '\',' . '\'' . PMA_Util::sqlAddSlashes($mimetype) . '\',' . '\'' . PMA_Util::sqlAddSlashes($transformation) . '\',' . '\'' . PMA_Util::sqlAddSlashes($transformation_options) . '\')';
    }
    if (isset($upd_query)) {
        return PMA_queryAsControlUser($upd_query);
    } else {
        return false;
    }
}
Example #16
0
}
// Get tracked data about the database
$data = Tracker::getTrackedData($_REQUEST['db'], '', '1');
// No tables present and no log exist
if ($num_tables == 0 && count($data['ddlog']) == 0) {
    echo '<p>', __('No tables found in database.'), '</p>', "\n";
    if (empty($db_is_system_schema)) {
        echo PMA_getHtmlForCreateTable($db);
    }
    exit;
}
// ---------------------------------------------------------------------------
$cfgRelation = PMA_getRelationsParam();
// Prepare statement to get HEAD version
$all_tables_query = ' SELECT table_name, MAX(version) as version FROM ' . PMA\libraries\Util::backquote($cfgRelation['db']) . '.' . PMA\libraries\Util::backquote($cfgRelation['tracking']) . ' WHERE db_name = \'' . PMA\libraries\Util::sqlAddSlashes($_REQUEST['db']) . '\' ' . ' GROUP BY table_name' . ' ORDER BY table_name ASC';
$all_tables_result = PMA_queryAsControlUser($all_tables_query);
// If a HEAD version exists
if (is_object($all_tables_result) && $GLOBALS['dbi']->numRows($all_tables_result) > 0) {
    PMA_displayTrackedTables($GLOBALS['db'], $all_tables_result, $url_query, $pmaThemeImage, $text_dir, $cfgRelation);
}
$untracked_tables = PMA_getUntrackedTables($GLOBALS['db']);
// If untracked tables exist
if (count($untracked_tables) > 0) {
    PMA_displayUntrackedTables($GLOBALS['db'], $untracked_tables, $url_query, $pmaThemeImage, $text_dir);
}
// If available print out database log
if (count($data['ddlog']) > 0) {
    $log = '';
    foreach ($data['ddlog'] as $entry) {
        $log .= '# ' . $entry['date'] . ' ' . $entry['username'] . "\n" . $entry['statement'] . "\n";
    }
Example #17
0
 /**
  * Returns a list of allowed tabs for the current user for the given level
  *
  * @param string $level 'server', 'db' or 'table' level
  *
  * @return array list of allowed tabs
  */
 private function _getAllowedTabs($level)
 {
     $allowedTabs = PMA_Util::getMenuTabList($level);
     $cfgRelation = PMA_getRelationsParam();
     if (isset($cfgRelation['menuswork']) && $cfgRelation['menuswork']) {
         $groupTable = PMA_Util::backquote($cfgRelation['db']) . "." . PMA_Util::backquote($cfgRelation['usergroups']);
         $userTable = PMA_Util::backquote($cfgRelation['db']) . "." . PMA_Util::backquote($cfgRelation['users']);
         $sql_query = "SELECT `tab` FROM " . $groupTable . " WHERE `allowed` = 'N'" . " AND `tab` LIKE '" . $level . "%'" . " AND `usergroup` = (SELECT usergroup FROM " . $userTable . " WHERE `username` = '" . PMA_Util::sqlAddSlashes($GLOBALS['cfg']['Server']['user']) . "')";
         $result = PMA_queryAsControlUser($sql_query, false);
         if ($result) {
             while ($row = $GLOBALS['dbi']->fetchAssoc($result)) {
                 $tabName = mb_substr($row['tab'], mb_strpos($row['tab'], '_') + 1);
                 unset($allowedTabs[$tabName]);
             }
         }
     }
     return $allowedTabs;
 }
 /**
  * Return list of hidden items of given type
  *
  * @param string $type The type of items we are looking for
  *                     ('table', 'function', 'group', etc.)
  *
  * @return array Array containing hidden items of given type
  */
 public function getHiddenItems($type)
 {
     $db = $this->real_name;
     $cfgRelation = PMA_getRelationsParam();
     if (empty($cfgRelation['navigationhiding'])) {
         return array();
     }
     $navTable = Util::backquote($cfgRelation['db']) . "." . Util::backquote($cfgRelation['navigationhiding']);
     $sqlQuery = "SELECT `item_name` FROM " . $navTable . " WHERE `username`='" . $cfgRelation['user'] . "'" . " AND `item_type`='" . $type . "'" . " AND `db_name`='" . Util::sqlAddSlashes($db) . "'";
     $result = PMA_queryAsControlUser($sqlQuery, false);
     $hiddenItems = array();
     if ($result) {
         while ($row = $GLOBALS['dbi']->fetchArray($result)) {
             $hiddenItems[] = $row[0];
         }
     }
     $GLOBALS['dbi']->freeResult($result);
     return $hiddenItems;
 }
Example #19
0
 /**
  * Returns HTML for the dialog to show hidden navigation items.
  *
  * @param string $dbName    database name
  * @param string $itemType  type of the items to include
  * @param string $tableName table name
  *
  * @return string HTML for the dialog to show hidden navigation items
  */
 public function getItemUnhideDialog($dbName, $itemType = null, $tableName = null)
 {
     $html = '<form method="post" action="navigation.php" class="ajax">';
     $html .= '<fieldset>';
     $html .= PMA_URL_getHiddenInputs($dbName, $tableName);
     $navTable = PMA_Util::backquote($GLOBALS['cfgRelation']['db']) . "." . PMA_Util::backquote($GLOBALS['cfgRelation']['navigationhiding']);
     $sqlQuery = "SELECT `item_name`, `item_type` FROM " . $navTable . " WHERE `username`='" . PMA_Util::sqlAddSlashes($GLOBALS['cfg']['Server']['user']) . "'" . " AND `db_name`='" . PMA_Util::sqlAddSlashes($dbName) . "'" . " AND `table_name`='" . (!empty($tableName) ? PMA_Util::sqlAddSlashes($tableName) : '') . "'";
     $result = PMA_queryAsControlUser($sqlQuery, false);
     $hidden = array();
     if ($result) {
         while ($row = $GLOBALS['dbi']->fetchArray($result)) {
             $type = $row['item_type'];
             if (!isset($hidden[$type])) {
                 $hidden[$type] = array();
             }
             $hidden[$type][] = $row['item_name'];
         }
     }
     $GLOBALS['dbi']->freeResult($result);
     $typeMap = array('event' => __('Events:'), 'function' => __('Functions:'), 'procedure' => __('Procedures:'), 'table' => __('Tables:'), 'view' => __('Views:'));
     if (empty($tableName)) {
         $first = true;
         foreach ($typeMap as $t => $lable) {
             if ((empty($itemType) || $itemType == $t) && isset($hidden[$t])) {
                 $html .= (!$first ? '<br/>' : '') . '<strong>' . $lable . '</strong>';
                 $html .= '<table width="100%"><tbody>';
                 $odd = true;
                 foreach ($hidden[$t] as $hiddenItem) {
                     $html .= '<tr class="' . ($odd ? 'odd' : 'even') . '">';
                     $html .= '<td>' . htmlspecialchars($hiddenItem) . '</td>';
                     $html .= '<td style="width:80px"><a href="navigation.php' . PMA_URL_getCommon() . '&unhideNavItem=true' . '&itemType=' . urlencode($t) . '&itemName=' . urlencode($hiddenItem) . '&dbName=' . urlencode($dbName) . '"' . ' class="unhideNavItem ajax">' . PMA_Util::getIcon('lightbulb.png', __('Show')) . '</a></td>';
                     $odd = !$odd;
                 }
                 $html .= '</tbody></table>';
                 $first = false;
             }
         }
     }
     $html .= '</fieldset>';
     $html .= '</form>';
     return $html;
 }
Example #20
0
 /**
  * Analyzes a given SQL statement and saves tracking data.
  *
  * @param string $query a SQL query
  *
  * @static
  *
  * @return void
  */
 public static function handleQuery($query)
 {
     // If query is marked as untouchable, leave
     if (mb_strstr($query, "/*NOTRACK*/")) {
         return;
     }
     if (!(substr($query, -1) == ';')) {
         $query = $query . ";\n";
     }
     // Get some information about query
     $result = self::parseQuery($query);
     // Get database name
     $dbname = trim(isset($GLOBALS['db']) ? $GLOBALS['db'] : '', '`');
     // $dbname can be empty, for example when coming from Synchronize
     // and this is a query for the remote server
     if (empty($dbname)) {
         return;
     }
     // If we found a valid statement
     if (isset($result['identifier'])) {
         $version = self::getVersion($dbname, $result['tablename'], $result['identifier']);
         // If version not exists and auto-creation is enabled
         if ($GLOBALS['cfg']['Server']['tracking_version_auto_create'] == true && self::isTracked($dbname, $result['tablename']) == false && $version == -1) {
             // Create the version
             switch ($result['identifier']) {
                 case 'CREATE TABLE':
                     self::createVersion($dbname, $result['tablename'], '1');
                     break;
                 case 'CREATE VIEW':
                     self::createVersion($dbname, $result['tablename'], '1', '', true);
                     break;
                 case 'CREATE DATABASE':
                     self::createDatabaseVersion($dbname, '1', $query);
                     break;
             }
             // end switch
         }
         // If version exists
         if (self::isTracked($dbname, $result['tablename']) && $version != -1) {
             if ($result['type'] == 'DDL') {
                 $save_to = 'schema_sql';
             } elseif ($result['type'] == 'DML') {
                 $save_to = 'data_sql';
             } else {
                 $save_to = '';
             }
             $date = date('Y-m-d H:i:s');
             // Cut off `dbname`. from query
             $query = preg_replace('/`' . preg_quote($dbname) . '`\\s?\\./', '', $query);
             // Add log information
             $query = self::getLogComment() . $query;
             // Mark it as untouchable
             $sql_query = " /*NOTRACK*/\n" . " UPDATE " . self::_getTrackingTable() . " SET " . Util::backquote($save_to) . " = CONCAT( " . Util::backquote($save_to) . ",'\n" . Util::sqlAddSlashes($query) . "') ," . " `date_updated` = '" . $date . "' ";
             // If table was renamed we have to change
             // the tablename attribute in pma_tracking too
             if ($result['identifier'] == 'RENAME TABLE') {
                 $sql_query .= ', `table_name` = \'' . Util::sqlAddSlashes($result['tablename_after_rename']) . '\' ';
             }
             // Save the tracking information only for
             //     1. the database
             //     2. the table / view
             //     3. the statements
             // we want to track
             $sql_query .= " WHERE FIND_IN_SET('" . $result['identifier'] . "',tracking) > 0" . " AND `db_name` = '" . Util::sqlAddSlashes($dbname) . "' " . " AND `table_name` = '" . Util::sqlAddSlashes($result['tablename']) . "' " . " AND `version` = '" . Util::sqlAddSlashes($version) . "' ";
             PMA_queryAsControlUser($sql_query);
         }
     }
 }
Example #21
0
/**
 * Function to get sql results for selectable tables
 *
 * @return array
 */
function PMA_getSQLResultForSelectableTables()
{
    include_once 'libraries/relation.lib.php';
    $cfgRelation = PMA_getRelationsParam();
    $sql_query = " SELECT DISTINCT db_name, table_name FROM " . PMA_Util::backquote($cfgRelation['db']) . "." . PMA_Util::backquote($cfgRelation['tracking']) . " WHERE db_name = '" . PMA_Util::sqlAddSlashes($GLOBALS['db']) . "' " . " ORDER BY db_name, table_name";
    return PMA_queryAsControlUser($sql_query);
}
Example #22
0
    /**
     * Copy database
     */
    $response->addHTML(PMA_getHtmlForCopyDatabase($GLOBALS['db']));
    /**
     * Change database charset
     */
    $response->addHTML(PMA_getHtmlForChangeDatabaseCharset($GLOBALS['db'], $table));
    if (!$cfgRelation['allworks'] && $cfg['PmaNoRelation_DisableWarning'] == false) {
        $message = PMA\libraries\Message::notice(__('The phpMyAdmin configuration storage has been deactivated. ' . '%sFind out why%s.'));
        $message->addParam('<a href="' . './chk_rel.php' . $url_query . '">', false);
        $message->addParam('</a>', false);
        /* Show error if user has configured something, notice elsewhere */
        if (!empty($cfg['Servers'][$server]['pmadb'])) {
            $message->isError(true);
        }
    }
    // end if
}
// end if (!$is_information_schema)
$response->addHTML('</div>');
// not sure about displaying the PDF dialog in case db is information_schema
if ($cfgRelation['pdfwork'] && $num_tables > 0) {
    // We only show this if we find something in the new pdf_pages table
    $test_query = '
        SELECT *
        FROM ' . PMA\libraries\Util::backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA\libraries\Util::backquote($cfgRelation['pdf_pages']) . '
        WHERE db_name = \'' . PMA\libraries\Util::sqlAddSlashes($GLOBALS['db']) . '\'';
    $test_rs = PMA_queryAsControlUser($test_query, false, PMA\libraries\DatabaseInterface::QUERY_STORE);
}
// end if
 /**
  * Returns the file name
  *
  * @param String $extension file extension
  *
  * @return string file name
  */
 protected function getFileName($extension)
 {
     $filename = $this->db . $extension;
     // Get the name of this page to use as filename
     if ($this->pageNumber != -1 && !$this->offline) {
         $_name_sql = 'SELECT page_descr FROM ' . PMA\libraries\Util::backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA\libraries\Util::backquote($GLOBALS['cfgRelation']['pdf_pages']) . ' WHERE page_nr = ' . $this->pageNumber;
         $_name_rs = PMA_queryAsControlUser($_name_sql);
         $_name_row = $GLOBALS['dbi']->fetchRow($_name_rs);
         $filename = $_name_row[0] . $extension;
     }
     return $filename;
 }
Example #24
0
    </thead>
    <tbody>
    <?php 
    // Print out information about versions
    $drop_image_or_text = '';
    if (PMA_Util::showIcons('ActionLinksMode')) {
        $drop_image_or_text .= PMA_Util::getImage('b_drop.png', __('Delete tracking data for this table'));
    }
    if (PMA_Util::showText('ActionLinksMode')) {
        $drop_image_or_text .= __('Drop');
    }
    $style = 'odd';
    while ($one_result = $GLOBALS['dbi']->fetchArray($all_tables_result)) {
        list($table_name, $version_number) = $one_result;
        $table_query = ' SELECT * FROM ' . PMA_Util::backquote($cfgRelation['db']) . '.' . PMA_Util::backquote($cfgRelation['tracking']) . ' WHERE `db_name` = \'' . PMA_Util::sqlAddSlashes($_REQUEST['db']) . '\' AND `table_name`  = \'' . PMA_Util::sqlAddSlashes($table_name) . '\' AND `version` = \'' . $version_number . '\'';
        $table_result = PMA_queryAsControlUser($table_query);
        $version_data = $GLOBALS['dbi']->fetchArray($table_result);
        $tmp_link = 'tbl_tracking.php' . $url_query . '&amp;table=' . htmlspecialchars($version_data['table_name']);
        $delete_link = 'db_tracking.php' . $url_query . '&amp;table=' . htmlspecialchars($version_data['table_name']) . '&amp;delete_tracking=true&amp';
        ?>
        <tr class="noclick <?php 
        echo $style;
        ?>
">
            <td><?php 
        echo htmlspecialchars($version_data['db_name']);
        ?>
</td>
            <td><?php 
        echo htmlspecialchars($version_data['table_name']);
        ?>
Example #25
0
/**
 * Create a PDF page
 *
 * @param string $newpage     name of the new PDF page
 * @param array  $cfgRelation Relation configuration
 * @param string $db          database name
 *
 * @return string   $pdf_page_number
 */
function PMA_REL_createPage($newpage, $cfgRelation, $db)
{
    if (!isset($newpage) || $newpage == '') {
        $newpage = __('no description');
    }
    $ins_query = 'INSERT INTO ' . PMA_Util::backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_Util::backquote($cfgRelation['pdf_pages']) . ' (db_name, page_descr)' . ' VALUES (\'' . PMA_Util::sqlAddSlashes($db) . '\', \'' . PMA_Util::sqlAddSlashes($newpage) . '\')';
    PMA_queryAsControlUser($ins_query, false);
    return $GLOBALS['dbi']->insertId(isset($GLOBALS['controllink']) ? $GLOBALS['controllink'] : '');
}
/**
 * Add/update a user group with allowed menu tabs.
 *
 * @param string  $userGroup user group name
 * @param boolean $new       whether this is a new user group
 *
 * @return void
 */
function PMA_editUserGroup($userGroup, $new = false)
{
    $tabs = PMA\libraries\Util::getMenuTabList();
    $cfgRelation = PMA_getRelationsParam();
    $groupTable = PMA\libraries\Util::backquote($cfgRelation['db']) . "." . PMA\libraries\Util::backquote($cfgRelation['usergroups']);
    if (!$new) {
        $sql_query = "DELETE FROM " . $groupTable . " WHERE `usergroup`='" . $GLOBALS['dbi']->escapeString($userGroup) . "';";
        PMA_queryAsControlUser($sql_query, true);
    }
    $sql_query = "INSERT INTO " . $groupTable . "(`usergroup`, `tab`, `allowed`)" . " VALUES ";
    $first = true;
    foreach ($tabs as $tabGroupName => $tabGroup) {
        foreach ($tabGroup as $tab => $tabName) {
            if (!$first) {
                $sql_query .= ", ";
            }
            $tabName = $tabGroupName . '_' . $tab;
            $allowed = isset($_REQUEST[$tabName]) && $_REQUEST[$tabName] == 'Y';
            $sql_query .= "('" . $GLOBALS['dbi']->escapeString($userGroup) . "', '" . $tabName . "', '" . ($allowed ? "Y" : "N") . "')";
            $first = false;
        }
    }
    $sql_query .= ";";
    PMA_queryAsControlUser($sql_query, true);
}
 /**
  * get all tables involved or included in page
  *
  * @param string  $db         name of the database
  * @param integer $pageNumber page no. whose tables will be fetched in an array
  *
  * @return Array an array of tables
  *
  * @access public
  */
 public function getAllTables($db, $pageNumber)
 {
     global $cfgRelation;
     // Get All tables
     $tab_sql = 'SELECT table_name FROM ' . PMA_Util::backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_Util::backquote($cfgRelation['table_coords']) . ' WHERE db_name = \'' . PMA_Util::sqlAddSlashes($db) . '\'' . ' AND pdf_page_number = ' . $pageNumber;
     $tab_rs = PMA_queryAsControlUser($tab_sql, null, PMA_DBI_QUERY_STORE);
     if (!$tab_rs || !PMA_DBI_num_rows($tab_rs) > 0) {
         $this->dieSchema('', __('This page does not contain any tables!'));
     }
     while ($curr_table = @PMA_DBI_fetch_assoc($tab_rs)) {
         $alltables[] = PMA_Util::sqlAddSlashes($curr_table['table_name']);
     }
     return $alltables;
 }
 /**
  * This method is used to render the page header.
  *
  * @return void
  *
  * @see TCPDF::Header()
  */
 public function Header()
 {
     // We only show this if we find something in the new pdf_pages table
     // This function must be named "Header" to work with the TCPDF library
     if ($this->_withDoc) {
         if ($this->_offline || $this->_pageNumber == -1) {
             $pg_name = __("PDF export page");
         } else {
             $test_query = 'SELECT * FROM ' . PMA_Util::backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_Util::backquote($GLOBALS['cfgRelation']['pdf_pages']) . ' WHERE db_name = \'' . PMA_Util::sqlAddSlashes($this->_db) . '\' AND page_nr = \'' . $this->_pageNumber . '\'';
             $test_rs = PMA_queryAsControlUser($test_query);
             $pages = @$GLOBALS['dbi']->fetchAssoc($test_rs);
             $pg_name = ucfirst($pages['page_descr']);
         }
         $this->SetFont($this->_ff, 'B', 14);
         $this->Cell(0, 6, $pg_name, 'B', 1, 'C');
         $this->SetFont($this->_ff, '');
         $this->Ln();
     }
 }
/**
 * Get table body for 'tableuserrights' table in userform
 *
 * @param array $db_rights user's database rights array
 *
 * @return string HTML snippet
 */
function PMA_getHtmlTableBodyForUserRights($db_rights)
{
    $cfgRelation = PMA_getRelationsParam();
    if ($cfgRelation['menuswork']) {
        $users_table = PMA_Util::backquote($cfgRelation['db']) . "." . PMA_Util::backquote($cfgRelation['users']);
        $sql_query = 'SELECT * FROM ' . $users_table;
        $result = PMA_queryAsControlUser($sql_query, false);
        $group_assignment = array();
        if ($result) {
            while ($row = $GLOBALS['dbi']->fetchAssoc($result)) {
                $group_assignment[$row['username']] = $row['usergroup'];
            }
        }
        $GLOBALS['dbi']->freeResult($result);
        $user_group_count = PMA_getUserGroupCount();
    }
    $odd_row = true;
    $index_checkbox = 0;
    $html_output = '';
    foreach ($db_rights as $user) {
        ksort($user);
        foreach ($user as $host) {
            $index_checkbox++;
            $html_output .= '<tr class="' . ($odd_row ? 'odd' : 'even') . '">' . "\n";
            $html_output .= '<td>' . '<input type="checkbox" class="checkall" name="selected_usr[]" ' . 'id="checkbox_sel_users_' . $index_checkbox . '" value="' . htmlspecialchars($host['User'] . '&amp;#27;' . $host['Host']) . '"' . ' /></td>' . "\n";
            $html_output .= '<td><label ' . 'for="checkbox_sel_users_' . $index_checkbox . '">' . (empty($host['User']) ? '<span style="color: #FF0000">' . __('Any') . '</span>' : htmlspecialchars($host['User'])) . '</label></td>' . "\n" . '<td>' . htmlspecialchars($host['Host']) . '</td>' . "\n";
            $html_output .= '<td>';
            switch ($host['Password']) {
                case 'Y':
                    $html_output .= __('Yes');
                    break;
                case 'N':
                    $html_output .= '<span style="color: #FF0000">' . __('No') . '</span>';
                    break;
                    // this happens if this is a definition not coming from mysql.user
                // this happens if this is a definition not coming from mysql.user
                default:
                    $html_output .= '--';
                    // in future version, replace by "not present"
                    break;
            }
            // end switch
            $html_output .= '</td>' . "\n";
            $html_output .= '<td><code>' . "\n" . '' . implode(',' . "\n" . '            ', $host['privs']) . "\n" . '</code></td>' . "\n";
            if ($cfgRelation['menuswork']) {
                $html_output .= '<td class="usrGroup">' . "\n" . (isset($group_assignment[$host['User']]) ? $group_assignment[$host['User']] : '') . '</td>' . "\n";
            }
            $html_output .= '<td>' . ($host['Grant_priv'] == 'Y' ? __('Yes') : __('No')) . '</td>' . "\n";
            if ($GLOBALS['is_grantuser']) {
                $html_output .= '<td class="center">' . PMA_getUserLink('edit', $host['User'], $host['Host']) . '</td>';
            }
            if ($cfgRelation['menuswork'] && $user_group_count > 0) {
                if (empty($host['User'])) {
                    $html_output .= '<td class="center"></td>';
                } else {
                    $html_output .= '<td class="center">' . PMA_getUserGroupEditLink($host['User']) . '</td>';
                }
            }
            $html_output .= '<td class="center">' . PMA_getUserLink('export', $host['User'], $host['Host'], '', '', isset($_GET['initial']) ? $_GET['initial'] : '') . '</td>';
            $html_output .= '</tr>';
            $odd_row = !$odd_row;
        }
    }
    return $html_output;
}
Example #30
0
 /**
  * Return UI preferences for this table from phpMyAdmin database.
  *
  * @return array
  */
 protected function getUiPrefsFromDb()
 {
     $pma_table = PMA_Util::backquote($GLOBALS['cfg']['Server']['pmadb']) . "." . PMA_Util::backquote($GLOBALS['cfg']['Server']['table_uiprefs']);
     // Read from phpMyAdmin database
     $sql_query = " SELECT `prefs` FROM " . $pma_table . " WHERE `username` = '" . $GLOBALS['cfg']['Server']['user'] . "'" . " AND `db_name` = '" . PMA_Util::sqlAddSlashes($this->db_name) . "'" . " AND `table_name` = '" . PMA_Util::sqlAddSlashes($this->name) . "'";
     $row = PMA_DBI_fetch_array(PMA_queryAsControlUser($sql_query));
     if (isset($row[0])) {
         return json_decode($row[0], true);
     } else {
         return array();
     }
 }