/**
* returns html code for db link to default db page
*
* @param string $database database
*
* @return string html link to default db page
*/
function PMA_getDbLink($database = null)
{
if (!strlen($database)) {
if (!strlen($GLOBALS['db'])) {
return '';
}
$database = $GLOBALS['db'];
} else {
$database = PMA_unescapeMysqlWildcards($database);
}
return '<a href="' . $GLOBALS['cfg']['DefaultTabDatabase'] . '?' . PMA_generate_common_url($database) . '" title="' . sprintf(__('Jump to database "%s".'), htmlspecialchars($database)) . '">' . htmlspecialchars($database) . '</a>';
}
/**
* PMA_unescapeMysqlWildcards tests
* @dataProvider escapeDataProvider
*/
public function testUnEscape($a, $b)
{
$this->assertEquals($b, PMA_unescapeMysqlWildcards($a));
}
/**
* Displays the privileges form table
*
* @param string $db the database
* @param string $table the table
* @param boolean $submit wheather to display the submit button or not
*
* @global array $cfg the phpMyAdmin configuration
* @global ressource $user_link the database connection
*
* @return void
*/
function PMA_displayPrivTable($db = '*', $table = '*', $submit = true)
{
global $random_n;
if ($db == '*') {
$table = '*';
}
if (isset($GLOBALS['username'])) {
$username = $GLOBALS['username'];
$hostname = $GLOBALS['hostname'];
if ($db == '*') {
$sql_query = "SELECT * FROM `mysql`.`user`" . " WHERE `User` = '" . PMA_sqlAddSlashes($username) . "'" . " AND `Host` = '" . PMA_sqlAddSlashes($hostname) . "';";
} elseif ($table == '*') {
$sql_query = "SELECT * FROM `mysql`.`db`" . " WHERE `User` = '" . PMA_sqlAddSlashes($username) . "'" . " AND `Host` = '" . PMA_sqlAddSlashes($hostname) . "'" . " AND '" . PMA_unescapeMysqlWildcards($db) . "'" . " LIKE `Db`;";
} else {
$sql_query = "SELECT `Table_priv`" . " FROM `mysql`.`tables_priv`" . " WHERE `User` = '" . PMA_sqlAddSlashes($username) . "'" . " AND `Host` = '" . PMA_sqlAddSlashes($hostname) . "'" . " AND `Db` = '" . PMA_unescapeMysqlWildcards($db) . "'" . " AND `Table_name` = '" . PMA_sqlAddSlashes($table) . "';";
}
$row = PMA_DBI_fetch_single_row($sql_query);
}
if (empty($row)) {
if ($table == '*') {
if ($db == '*') {
$sql_query = 'SHOW COLUMNS FROM `mysql`.`user`;';
} elseif ($table == '*') {
$sql_query = 'SHOW COLUMNS FROM `mysql`.`db`;';
}
$res = PMA_DBI_query($sql_query);
while ($row1 = PMA_DBI_fetch_row($res)) {
if (substr($row1[0], 0, 4) == 'max_') {
$row[$row1[0]] = 0;
} else {
$row[$row1[0]] = 'N';
}
}
PMA_DBI_free_result($res);
} else {
$row = array('Table_priv' => '');
}
}
if (isset($row['Table_priv'])) {
$row1 = PMA_DBI_fetch_single_row('SHOW COLUMNS FROM `mysql`.`tables_priv` LIKE \'Table_priv\';', 'ASSOC', $GLOBALS['userlink']);
// note: in MySQL 5.0.3 we get "Create View', 'Show view';
// the View for Create is spelled with uppercase V
// the view for Show is spelled with lowercase v
// and there is a space between the words
$av_grants = explode('\',\'', substr($row1['Type'], strpos($row1['Type'], '(') + 2, strpos($row1['Type'], ')') - strpos($row1['Type'], '(') - 3));
unset($row1);
$users_grants = explode(',', $row['Table_priv']);
foreach ($av_grants as $current_grant) {
$row[$current_grant . '_priv'] = in_array($current_grant, $users_grants) ? 'Y' : 'N';
}
unset($row['Table_priv'], $current_grant, $av_grants, $users_grants);
// get collumns
$res = PMA_DBI_try_query('SHOW COLUMNS FROM ' . PMA_backquote(PMA_unescapeMysqlWildcards($db)) . '.' . PMA_backquote($table) . ';');
$columns = array();
if ($res) {
while ($row1 = PMA_DBI_fetch_row($res)) {
$columns[$row1[0]] = array('Select' => false, 'Insert' => false, 'Update' => false, 'References' => false);
}
PMA_DBI_free_result($res);
}
unset($res, $row1);
}
// t a b l e - s p e c i f i c p r i v i l e g e s
if (!empty($columns)) {
$res = PMA_DBI_query('SELECT `Column_name`, `Column_priv`' . ' FROM `mysql`.`columns_priv`' . ' WHERE `User`' . ' = \'' . PMA_sqlAddSlashes($username) . "'" . ' AND `Host`' . ' = \'' . PMA_sqlAddSlashes($hostname) . "'" . ' AND `Db`' . ' = \'' . PMA_sqlAddSlashes(PMA_unescapeMysqlWildcards($db)) . "'" . ' AND `Table_name`' . ' = \'' . PMA_sqlAddSlashes($table) . '\';');
while ($row1 = PMA_DBI_fetch_row($res)) {
$row1[1] = explode(',', $row1[1]);
foreach ($row1[1] as $current) {
$columns[$row1[0]][$current] = true;
}
}
PMA_DBI_free_result($res);
unset($res, $row1, $current);
echo '<input type="hidden" name="grant_count" value="' . count($row) . '" />' . "\n" . '<input type="hidden" name="column_count" value="' . count($columns) . '" />' . "\n" . '<fieldset id="fieldset_user_priv">' . "\n" . ' <legend>' . __('Table-specific privileges') . PMA_showHint(__('Note: MySQL privilege names are expressed in English')) . '</legend>' . "\n";
// privs that are attached to a specific column
PMA_displayColumnPrivs($columns, $row, 'Select_priv', 'SELECT', 'select', __('Allows reading data.'), 'Select');
PMA_displayColumnPrivs($columns, $row, 'Insert_priv', 'INSERT', 'insert', __('Allows inserting and replacing data.'), 'Insert');
PMA_displayColumnPrivs($columns, $row, 'Update_priv', 'UPDATE', 'update', __('Allows changing data.'), 'Update');
PMA_displayColumnPrivs($columns, $row, 'References_priv', 'REFERENCES', 'references', __('Has no effect in this MySQL version.'), 'References');
// privs that are not attached to a specific column
echo ' <div class="item">' . "\n";
foreach ($row as $current_grant => $current_grant_value) {
$grant_type = substr($current_grant, 0, strlen($current_grant) - 5);
if (in_array($grant_type, array('Select', 'Insert', 'Update', 'References'))) {
continue;
}
// make a substitution to match the messages variables;
// also we must substitute the grant we get, because we can't generate
// a form variable containing blanks (those would get changed to
// an underscore when receiving the POST)
if ($current_grant == 'Create View_priv') {
$tmp_current_grant = 'CreateView_priv';
$current_grant = 'Create_view_priv';
} elseif ($current_grant == 'Show view_priv') {
$tmp_current_grant = 'ShowView_priv';
$current_grant = 'Show_view_priv';
} else {
$tmp_current_grant = $current_grant;
}
echo ' <div class="item">' . "\n" . ' <input type="checkbox"' . (empty($GLOBALS['checkall']) ? '' : ' checked="checked"') . ' name="' . $current_grant . '" id="checkbox_' . $current_grant . '" value="Y" ' . ($current_grant_value == 'Y' ? 'checked="checked" ' : '') . 'title="';
echo (isset($GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5)]) ? $GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5)] : $GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5) . 'Tbl']) . '"/>' . "\n";
echo ' <label for="checkbox_' . $current_grant . '"><code><dfn title="' . (isset($GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5)]) ? $GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5)] : $GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5) . 'Tbl']) . '">' . strtoupper(substr($current_grant, 0, strlen($current_grant) - 5)) . '</dfn></code></label>' . "\n" . ' </div>' . "\n";
}
// end foreach ()
echo ' </div>' . "\n";
// for Safari 2.0.2
echo ' <div class="clearfloat"></div>' . "\n";
} else {
// g l o b a l o r d b - s p e c i f i c
//
$privTable_names = array(0 => __('Data'), 1 => __('Structure'), 2 => __('Administration'));
// d a t a
$privTable[0] = array(array('Select', 'SELECT', __('Allows reading data.')), array('Insert', 'INSERT', __('Allows inserting and replacing data.')), array('Update', 'UPDATE', __('Allows changing data.')), array('Delete', 'DELETE', __('Allows deleting data.')));
if ($db == '*') {
$privTable[0][] = array('File', 'FILE', __('Allows importing data from and exporting data into files.'));
}
// s t r u c t u r e
$privTable[1] = array(array('Create', 'CREATE', $table == '*' ? __('Allows creating new databases and tables.') : __('Allows creating new tables.')), array('Alter', 'ALTER', __('Allows altering the structure of existing tables.')), array('Index', 'INDEX', __('Allows creating and dropping indexes.')), array('Drop', 'DROP', $table == '*' ? __('Allows dropping databases and tables.') : __('Allows dropping tables.')), array('Create_tmp_table', 'CREATE TEMPORARY TABLES', __('Allows creating temporary tables.')), array('Show_view', 'SHOW VIEW', __('Allows performing SHOW CREATE VIEW queries.')), array('Create_routine', 'CREATE ROUTINE', __('Allows creating stored routines.')), array('Alter_routine', 'ALTER ROUTINE', __('Allows altering and dropping stored routines.')), array('Execute', 'EXECUTE', __('Allows executing stored routines.')));
// this one is for a db-specific priv: Create_view_priv
if (isset($row['Create_view_priv'])) {
$privTable[1][] = array('Create_view', 'CREATE VIEW', __('Allows creating new views.'));
}
// this one is for a table-specific priv: Create View_priv
if (isset($row['Create View_priv'])) {
$privTable[1][] = array('Create View', 'CREATE VIEW', __('Allows creating new views.'));
}
if (isset($row['Event_priv'])) {
// MySQL 5.1.6
$privTable[1][] = array('Event', 'EVENT', __('Allows to set up events for the event scheduler'));
$privTable[1][] = array('Trigger', 'TRIGGER', __('Allows creating and dropping triggers'));
}
// a d m i n i s t r a t i o n
$privTable[2] = array(array('Grant', 'GRANT', __('Allows adding users and privileges without reloading the privilege tables.')));
if ($db == '*') {
$privTable[2][] = array('Super', 'SUPER', __('Allows connecting, even if maximum number of connections is reached; required for most administrative operations like setting global variables or killing threads of other users.'));
$privTable[2][] = array('Process', 'PROCESS', __('Allows viewing processes of all users'));
$privTable[2][] = array('Reload', 'RELOAD', __('Allows reloading server settings and flushing the server\'s caches.'));
$privTable[2][] = array('Shutdown', 'SHUTDOWN', __('Allows shutting down the server.'));
$privTable[2][] = array('Show_db', 'SHOW DATABASES', __('Gives access to the complete list of databases.'));
}
$privTable[2][] = array('Lock_tables', 'LOCK TABLES', __('Allows locking tables for the current thread.'));
$privTable[2][] = array('References', 'REFERENCES', __('Has no effect in this MySQL version.'));
if ($db == '*') {
$privTable[2][] = array('Repl_client', 'REPLICATION CLIENT', __('Allows the user to ask where the slaves / masters are.'));
$privTable[2][] = array('Repl_slave', 'REPLICATION SLAVE', __('Needed for the replication slaves.'));
$privTable[2][] = array('Create_user', 'CREATE USER', __('Allows creating, dropping and renaming user accounts.'));
}
echo '<input type="hidden" name="grant_count" value="' . (count($privTable[0]) + count($privTable[1]) + count($privTable[2]) - (isset($row['Grant_priv']) ? 1 : 0)) . '" />' . "\n" . '<fieldset id="fieldset_user_global_rights">' . "\n" . ' <legend>' . "\n" . ' ' . ($db == '*' ? __('Global privileges') : ($table == '*' ? __('Database-specific privileges') : __('Table-specific privileges'))) . "\n" . ' (<a href="server_privileges.php?' . $GLOBALS['url_query'] . '&checkall=1" onclick="setCheckboxes(\'addUsersForm_' . $random_n . '\', true); return false;">' . __('Check All') . '</a> /' . "\n" . ' <a href="server_privileges.php?' . $GLOBALS['url_query'] . '" onclick="setCheckboxes(\'addUsersForm_' . $random_n . '\', false); return false;">' . __('Uncheck All') . '</a>)' . "\n" . ' </legend>' . "\n" . ' <p><small><i>' . __('Note: MySQL privilege names are expressed in English') . '</i></small></p>' . "\n";
// Output the Global privilege tables with checkboxes
foreach ($privTable as $i => $table) {
echo ' <fieldset>' . "\n" . ' <legend>' . __($privTable_names[$i]) . '</legend>' . "\n";
foreach ($table as $priv) {
echo ' <div class="item">' . "\n" . ' <input type="checkbox"' . ' name="' . $priv[0] . '_priv" id="checkbox_' . $priv[0] . '_priv"' . ' value="Y" title="' . $priv[2] . '"' . (!empty($GLOBALS['checkall']) || $row[$priv[0] . '_priv'] == 'Y' ? ' checked="checked"' : '') . '/>' . "\n" . ' <label for="checkbox_' . $priv[0] . '_priv"><code><dfn title="' . $priv[2] . '">' . $priv[1] . '</dfn></code></label>' . "\n" . ' </div>' . "\n";
}
echo ' </fieldset>' . "\n";
}
// The "Resource limits" box is not displayed for db-specific privs
if ($db == '*') {
echo ' <fieldset>' . "\n" . ' <legend>' . __('Resource limits') . '</legend>' . "\n" . ' <p><small><i>' . __('Note: Setting these options to 0 (zero) removes the limit.') . '</i></small></p>' . "\n" . ' <div class="item">' . "\n" . ' <label for="text_max_questions"><code><dfn title="' . __('Limits the number of queries the user may send to the server per hour.') . '">MAX QUERIES PER HOUR</dfn></code></label>' . "\n" . ' <input type="text" name="max_questions" id="text_max_questions" value="' . $row['max_questions'] . '" size="11" maxlength="11" title="' . __('Limits the number of queries the user may send to the server per hour.') . '" />' . "\n" . ' </div>' . "\n" . ' <div class="item">' . "\n" . ' <label for="text_max_updates"><code><dfn title="' . __('Limits the number of commands that change any table or database the user may execute per hour.') . '">MAX UPDATES PER HOUR</dfn></code></label>' . "\n" . ' <input type="text" name="max_updates" id="text_max_updates" value="' . $row['max_updates'] . '" size="11" maxlength="11" title="' . __('Limits the number of commands that change any table or database the user may execute per hour.') . '" />' . "\n" . ' </div>' . "\n" . ' <div class="item">' . "\n" . ' <label for="text_max_connections"><code><dfn title="' . __('Limits the number of new connections the user may open per hour.') . '">MAX CONNECTIONS PER HOUR</dfn></code></label>' . "\n" . ' <input type="text" name="max_connections" id="text_max_connections" value="' . $row['max_connections'] . '" size="11" maxlength="11" title="' . __('Limits the number of new connections the user may open per hour.') . '" />' . "\n" . ' </div>' . "\n" . ' <div class="item">' . "\n" . ' <label for="text_max_user_connections"><code><dfn title="' . __('Limits the number of simultaneous connections the user may have.') . '">MAX USER_CONNECTIONS</dfn></code></label>' . "\n" . ' <input type="text" name="max_user_connections" id="text_max_user_connections" value="' . $row['max_user_connections'] . '" size="11" maxlength="11" title="' . __('Limits the number of simultaneous connections the user may have.') . '" />' . "\n" . ' </div>' . "\n" . ' </fieldset>' . "\n";
}
// for Safari 2.0.2
echo ' <div class="clearfloat"></div>' . "\n";
}
echo '</fieldset>' . "\n";
if ($submit) {
echo '<fieldset id="fieldset_user_privtable_footer" class="tblFooters">' . "\n" . ' <input type="submit" name="update_privs" value="' . __('Go') . '" />' . "\n" . '</fieldset>' . "\n";
}
}
/**
* checks the only_db configuration
*
* @return boolean false if there is no only_db, otherwise true
*/
protected function _checkOnlyDatabase()
{
if (is_string($GLOBALS['cfg']['Server']['only_db']) && strlen($GLOBALS['cfg']['Server']['only_db'])) {
$GLOBALS['cfg']['Server']['only_db'] = array($GLOBALS['cfg']['Server']['only_db']);
}
if (!is_array($GLOBALS['cfg']['Server']['only_db'])) {
return false;
}
$items = array();
foreach ($GLOBALS['cfg']['Server']['only_db'] as $each_only_db) {
if ($each_only_db === '*' && !$this->_show_databases_disabled) {
// append all not already listed dbs to the list
$items = array_merge($items, array_diff($this->_retrieve(), $items));
// there can only be one '*', and this can only be last
break;
}
// check if the db name contains wildcard,
// thus containing not escaped _ or %
if (!preg_match('/(^|[^\\\\])(_|%)/', $each_only_db)) {
// ... not contains wildcard
$items[] = PMA_unescapeMysqlWildcards($each_only_db);
continue;
}
if (!$this->_show_databases_disabled) {
$items = array_merge($items, $this->_retrieve($each_only_db));
continue;
}
// @todo induce error, about not using wildcards
// with SHOW DATABASE disabled?
}
$this->exchangeArray($items);
return true;
}
