break; } // end if } // end while PMA_DBI_free_result($rs_usr); unset($rs_usr, $row, $re0, $re1); } else { // Finally, let's try to get the user's privileges by using SHOW // GRANTS... // Maybe we'll find a little CREATE priv there :) $rs_usr = PMA_DBI_try_query('SHOW GRANTS FOR ' . $mysql_cur_user_and_host . ';', $controllink, PMA_DBI_QUERY_STORE); if (!$rs_usr) { // OK, now we'd have to guess the user's hostname, but we // only try out the 'username'@'%' case. $rs_usr = PMA_DBI_try_query('SHOW GRANTS FOR ' . PMA_convert_using(PMA_sqlAddslashes($mysql_cur_user), 'quoted') . ';', $controllink, PMA_DBI_QUERY_STORE); } unset($local_query); if ($rs_usr) { PMA_analyseShowGrant($rs_usr, $is_create_db_priv, $db_to_create, $is_reload_priv, $dbs_where_create_table_allowed); PMA_DBI_free_result($rs_usr); unset($rs_usr); } // end if } // end elseif } // end if } // end else (MySQL < 4.1.2) // If disabled, don't show it
/** * Displays the privileges form table * * @param string the database * @param string the table * @param boolean wheather to display the submit button or not * @param int the indenting level of the code * * @global array the phpMyAdmin configuration * @global ressource the database connection * * @return void */ function PMA_displayPrivTable($db = '*', $table = '*', $submit = TRUE, $indent = 0) { global $cfg, $userlink, $url_query, $checkall; if ($db == '*') { $table = '*'; } $spaces = ''; for ($i = 0; $i < $indent; $i++) { $spaces .= ' '; } if (isset($GLOBALS['username'])) { $username = $GLOBALS['username']; $hostname = $GLOBALS['hostname']; if ($db == '*') { $sql_query = 'SELECT * FROM `user` WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($hostname, 'quoted') . ';'; } else { if ($table == '*') { $sql_query = 'SELECT * FROM `db` WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($hostname, 'quoted') . ' AND ' . PMA_convert_using('Db') . ' = ' . PMA_convert_using($db, 'quoted') . ';'; } else { $sql_query = 'SELECT `Table_priv` FROM `tables_priv` WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($hostname, 'quoted') . ' AND ' . PMA_convert_using('Db') . ' = ' . PMA_convert_using($db, 'quoted') . ' AND ' . PMA_convert_using('Table_name') . ' = ' . PMA_convert_using($table, 'quoted') . ';'; } } $res = PMA_DBI_query($sql_query); $row = PMA_DBI_fetch_assoc($res); PMA_DBI_free_result($res); } if (empty($row)) { if ($table == '*') { if ($db == '*') { $sql_query = 'SHOW COLUMNS FROM `mysql`.`user`;'; } else { if ($table == '*') { $sql_query = 'SHOW COLUMNS FROM `mysql`.`db`;'; } } $res = PMA_DBI_query($sql_query); while ($row1 = PMA_DBI_fetch_row($res)) { if (substr($row1[0], 0, 4) == 'max_') { $row[$row1[0]] = 0; } else { $row[$row1[0]] = 'N'; } } PMA_DBI_free_result($res); } else { $row = array('Table_priv' => ''); } } if (isset($row['Table_priv'])) { $res = PMA_DBI_query('SHOW COLUMNS FROM `tables_priv` LIKE \'Table_priv\';', $userlink); $row1 = PMA_DBI_fetch_assoc($res); PMA_DBI_free_result($res); $av_grants = explode('\',\'', substr($row1['Type'], strpos($row1['Type'], '(') + 2, strpos($row1['Type'], ')') - strpos($row1['Type'], '(') - 3)); unset($res, $row1); $users_grants = explode(',', $row['Table_priv']); foreach ($av_grants as $current_grant) { $row[$current_grant . '_priv'] = in_array($current_grant, $users_grants) ? 'Y' : 'N'; } unset($row['Table_priv'], $current_grant, $av_grants, $users_grants); $res = PMA_DBI_try_query('SHOW COLUMNS FROM `' . $db . '`.`' . $table . '`;'); $columns = array(); if ($res) { while ($row1 = PMA_DBI_fetch_row($res)) { $columns[$row1[0]] = array('Select' => FALSE, 'Insert' => FALSE, 'Update' => FALSE, 'References' => FALSE); } PMA_DBI_free_result($res); } unset($res, $row1); } if (!empty($columns)) { $res = PMA_DBI_QUERY('SELECT `Column_name`, `Column_priv` FROM `columns_priv` WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($hostname, 'quoted') . ' AND ' . PMA_convert_using('Db') . ' = ' . PMA_convert_using($db, 'quoted') . ' AND ' . PMA_convert_using('Table_name') . ' = ' . PMA_convert_using($table, 'quoted') . ';'); while ($row1 = PMA_DBI_fetch_row($res)) { $row1[1] = explode(',', $row1[1]); foreach ($row1[1] as $current) { $columns[$row1[0]][$current] = TRUE; } } PMA_DBI_free_result($res); unset($res); unset($row1); unset($current); echo $spaces . '<input type="hidden" name="grant_count" value="' . count($row) . '" />' . "\n" . $spaces . '<input type="hidden" name="column_count" value="' . count($columns) . '" />' . "\n" . $spaces . '<table border="0" cellpadding="2" cellspacing="1">' . "\n" . $spaces . ' <tr>' . "\n" . $spaces . ' <th colspan="6"> ' . $GLOBALS['strTblPrivileges'] . ' </th>' . "\n" . $spaces . ' </tr>' . "\n" . $spaces . ' <tr>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '" colspan="6"><small><i>' . $GLOBALS['strEnglishPrivileges'] . '</i></small></td>' . "\n" . $spaces . ' </tr>' . "\n" . $spaces . ' <tr>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorOne'] . '"> <tt><dfn title="' . $GLOBALS['strPrivDescSelect'] . '">SELECT</dfn></tt> </td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorOne'] . '"> <tt><dfn title="' . $GLOBALS['strPrivDescInsert'] . '">INSERT</dfn></tt> </td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorOne'] . '"> <tt><dfn title="' . $GLOBALS['strPrivDescUpdate'] . '">UPDATE</dfn></tt> </td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorOne'] . '"> <tt><dfn title="' . $GLOBALS['strPrivDescReferences'] . '">REFERENCES</dfn></tt> </td>' . "\n"; list($current_grant, $current_grant_value) = each($row); while (in_array(substr($current_grant, 0, strlen($current_grant) - 5), array('Select', 'Insert', 'Update', 'References'))) { list($current_grant, $current_grant_value) = each($row); } echo $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><input type="checkbox"' . (empty($checkall) ? '' : ' checked="checked"') . ' name="' . $current_grant . '" id="checkbox_' . $current_grant . '" value="Y" ' . ($current_grant_value == 'Y' ? 'checked="checked" ' : '') . 'title="' . (isset($GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5)]) ? $GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5)] : $GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5) . 'Tbl']) . '"/></td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><label for="checkbox_' . $current_grant . '"><tt><dfn title="' . (isset($GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5)]) ? $GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5)] : $GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5) . 'Tbl']) . '">' . strtoupper(substr($current_grant, 0, strlen($current_grant) - 5)) . '</dfn></tt></label></td>' . "\n" . $spaces . ' </tr>' . "\n" . $spaces . ' <tr>' . "\n"; $rowspan = count($row) - 5; echo $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '" rowspan="' . $rowspan . '" valign="top">' . "\n" . $spaces . ' <select name="Select_priv[]" multiple="multiple">' . "\n"; foreach ($columns as $current_column => $current_column_privileges) { echo $spaces . ' <option value="' . htmlspecialchars($current_column) . '"'; if ($row['Select_priv'] == 'Y' || $current_column_privileges['Select']) { echo ' selected="selected"'; } echo '>' . htmlspecialchars($current_column) . '</option>' . "\n"; } echo $spaces . ' </select><br />' . "\n" . $spaces . ' <i>' . $GLOBALS['strOr'] . '</i><br />' . "\n" . $spaces . ' <input type="checkbox"' . (empty($checkall) ? '' : ' checked="checked"') . ' name="Select_priv_none" id="checkbox_Select_priv_none" title="' . $GLOBALS['strNone'] . '" /><label for="checkbox_Select_priv_none">' . $GLOBALS['strNone'] . '</label>' . "\n" . $spaces . ' </td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '" rowspan="' . $rowspan . '" valign="top">' . "\n" . $spaces . ' <select name="Insert_priv[]" multiple="multiple">' . "\n"; foreach ($columns as $current_column => $current_column_privileges) { echo $spaces . ' <option value="' . htmlspecialchars($current_column) . '"'; if ($row['Insert_priv'] == 'Y' || $current_column_privileges['Insert']) { echo ' selected="selected"'; } echo '>' . htmlspecialchars($current_column) . '</option>' . "\n"; } echo $spaces . ' </select><br />' . "\n" . $spaces . ' <i>' . $GLOBALS['strOr'] . '</i><br />' . "\n" . $spaces . ' <input type="checkbox"' . (empty($checkall) ? '' : ' checked="checked"') . ' name="Insert_priv_none" id="checkbox_Insert_priv_none" title="' . $GLOBALS['strNone'] . '" /><label for="checkbox_Insert_priv_none">' . $GLOBALS['strNone'] . '</label>' . "\n" . $spaces . ' </td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '" rowspan="' . $rowspan . '" valign="top">' . "\n" . $spaces . ' <select name="Update_priv[]" multiple="multiple">' . "\n"; foreach ($columns as $current_column => $current_column_privileges) { echo $spaces . ' <option value="' . htmlspecialchars($current_column) . '"'; if ($row['Update_priv'] == 'Y' || $current_column_privileges['Update']) { echo ' selected="selected"'; } echo '>' . htmlspecialchars($current_column) . '</option>' . "\n"; } echo $spaces . ' </select><br />' . "\n" . $spaces . ' <i>' . $GLOBALS['strOr'] . '</i><br />' . "\n" . $spaces . ' <input type="checkbox"' . (empty($checkall) ? '' : ' checked="checked"') . ' name="Update_priv_none" id="checkbox_Update_priv_none" title="' . $GLOBALS['strNone'] . '" /><label for="checkbox_Update_priv_none">' . $GLOBALS['strNone'] . '</label>' . "\n" . $spaces . ' </td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '" rowspan="' . $rowspan . '" valign="top">' . "\n" . $spaces . ' <select name="References_priv[]" multiple="multiple">' . "\n"; foreach ($columns as $current_column => $current_column_privileges) { echo $spaces . ' <option value="' . htmlspecialchars($current_column) . '"'; if ($row['References_priv'] == 'Y' || $current_column_privileges['References']) { echo ' selected="selected"'; } echo '>' . htmlspecialchars($current_column) . '</option>' . "\n"; } echo $spaces . ' </select><br />' . "\n" . $spaces . ' <i>' . $GLOBALS['strOr'] . '</i><br />' . "\n" . $spaces . ' <input type="checkbox"' . (empty($checkall) ? '' : ' checked="checked"') . ' name="References_priv_none" id="checkbox_References_priv_none" title="' . $GLOBALS['strNone'] . '" /><label for="checkbox_References_priv_none">' . $GLOBALS['strNone'] . '</label>' . "\n" . $spaces . ' </td>' . "\n"; unset($rowspan); list($current_grant, $current_grant_value) = each($row); while (in_array(substr($current_grant, 0, strlen($current_grant) - 5), array('Select', 'Insert', 'Update', 'References'))) { list($current_grant, $current_grant_value) = each($row); } echo $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><input type="checkbox"' . (empty($checkall) ? '' : ' checked="checked"') . ' name="' . $current_grant . '" id="checkbox_' . $current_grant . '" value="Y" ' . ($current_grant_value == 'Y' ? 'checked="checked" ' : '') . 'title="' . (isset($GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5)]) ? $GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5)] : $GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5) . 'Tbl']) . '"/></td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><label for="checkbox_' . $current_grant . '"><tt><dfn title="' . (isset($GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5)]) ? $GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5)] : $GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5) . 'Tbl']) . '">' . strtoupper(substr($current_grant, 0, strlen($current_grant) - 5)) . '</dfn></tt></label></td>' . "\n" . $spaces . ' </tr>' . "\n"; while (list($current_grant, $current_grant_value) = each($row)) { if (in_array(substr($current_grant, 0, strlen($current_grant) - 5), array('Select', 'Insert', 'Update', 'References'))) { continue; } echo $spaces . ' <tr>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><input type="checkbox"' . (empty($checkall) ? '' : ' checked="checked"') . ' name="' . $current_grant . '" id="checkbox_' . $current_grant . '" value="Y" ' . ($current_grant_value == 'Y' ? 'checked="checked" ' : '') . 'title="' . (isset($GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5)]) ? $GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5)] : $GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5) . 'Tbl']) . '"/></td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><label for="checkbox_' . $current_grant . '"><tt><dfn title="' . (isset($GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5)]) ? $GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5)] : $GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5) . 'Tbl']) . '">' . strtoupper(substr($current_grant, 0, strlen($current_grant) - 5)) . '</dfn></tt></label></td>' . "\n" . $spaces . ' </tr>' . "\n"; } } else { $privTable[0] = array(array('Select', 'SELECT', $GLOBALS['strPrivDescSelect']), array('Insert', 'INSERT', $GLOBALS['strPrivDescInsert']), array('Update', 'UPDATE', $GLOBALS['strPrivDescUpdate']), array('Delete', 'DELETE', $GLOBALS['strPrivDescDelete'])); if ($db == '*') { $privTable[0][] = array('File', 'FILE', $GLOBALS['strPrivDescFile']); } $privTable[1] = array(array('Create', 'CREATE', $table == '*' ? $GLOBALS['strPrivDescCreateDb'] : $GLOBALS['strPrivDescCreateTbl']), array('Alter', 'ALTER', $GLOBALS['strPrivDescAlter']), array('Index', 'INDEX', $GLOBALS['strPrivDescIndex']), array('Drop', 'DROP', $table == '*' ? $GLOBALS['strPrivDescDropDb'] : $GLOBALS['strPrivDescDropTbl'])); if (isset($row['Create_tmp_table_priv'])) { $privTable[1][] = array('Create_tmp_table', 'CREATE TEMPORARY TABLES', $GLOBALS['strPrivDescCreateTmpTable']); } $privTable[2] = array(); if (isset($row['Grant_priv'])) { $privTable[2][] = array('Grant', 'GRANT', $GLOBALS['strPrivDescGrant']); } if ($db == '*') { if (isset($row['Super_priv'])) { $privTable[2][] = array('Super', 'SUPER', $GLOBALS['strPrivDescSuper']); $privTable[2][] = array('Process', 'PROCESS', $GLOBALS['strPrivDescProcess4']); } else { $privTable[2][] = array('Process', 'PROCESS', $GLOBALS['strPrivDescProcess3']); } $privTable[2][] = array('Reload', 'RELOAD', $GLOBALS['strPrivDescReload']); $privTable[2][] = array('Shutdown', 'SHUTDOWN', $GLOBALS['strPrivDescShutdown']); if (isset($row['Show_db_priv'])) { $privTable[2][] = array('Show_db', 'SHOW DATABASES', $GLOBALS['strPrivDescShowDb']); } } if (isset($row['Lock_tables_priv'])) { $privTable[2][] = array('Lock_tables', 'LOCK TABLES', $GLOBALS['strPrivDescLockTables']); } $privTable[2][] = array('References', 'REFERENCES', $GLOBALS['strPrivDescReferences']); if ($db == '*') { if (isset($row['Execute_priv'])) { $privTable[2][] = array('Execute', 'EXECUTE', $GLOBALS['strPrivDescExecute']); } if (isset($row['Repl_client_priv'])) { $privTable[2][] = array('Repl_client', 'REPLICATION CLIENT', $GLOBALS['strPrivDescReplClient']); } if (isset($row['Repl_slave_priv'])) { $privTable[2][] = array('Repl_slave', 'REPLICATION SLAVE', $GLOBALS['strPrivDescReplSlave']); } } echo $spaces . '<input type="hidden" name="grant_count" value="' . (count($privTable[0]) + count($privTable[1]) + count($privTable[2]) - (isset($row['Grant_priv']) ? 1 : 0)) . '" />' . "\n" . $spaces . '<table border="0" cellpadding="2" cellspacing="1">' . "\n" . $spaces . ' <tr>' . "\n" . $spaces . ' <th colspan="6"> ' . ($db == '*' ? $GLOBALS['strGlobalPrivileges'] : ($table == '*' ? $GLOBALS['strDbPrivileges'] : $GLOBALS['strTblPrivileges'])) . ' </th>' . "\n" . $spaces . ' </tr>' . "\n" . $spaces . ' <tr>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '" align="center" colspan="6"><small><i>' . $GLOBALS['strEnglishPrivileges'] . '</i></small><br />' . "\n" . $spaces . ' <a href="./server_privileges.php?' . $url_query . '&checkall=1" onclick="setCheckboxes(\'usersForm\', \'\', true); return false;">' . $GLOBALS['strCheckAll'] . '</a>' . "\n" . $spaces . '  ' . "\n" . $spaces . ' <a href="./server_privileges.php?' . $url_query . '" onclick="setCheckboxes(\'usersForm\', \'\', false); return false;">' . $GLOBALS['strUncheckAll'] . '</a></td>' . "\n" . $spaces . ' </tr>' . "\n" . $spaces . ' <tr>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorOne'] . '" colspan="2"> <b><i>' . $GLOBALS['strData'] . '</i></b> </td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorOne'] . '" colspan="2"> <b><i>' . $GLOBALS['strStructure'] . '</i></b> </td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorOne'] . '" colspan="2"> <b><i>' . $GLOBALS['strAdministration'] . '</i></b> </td>' . "\n" . $spaces . ' </tr>' . "\n"; $limitTable = FALSE; for ($i = 0; isset($privTable[0][$i]) || isset($privTable[1][$i]) || isset($privTable[2][$i]); $i++) { echo $spaces . ' <tr>' . "\n"; for ($j = 0; $j < 3; $j++) { if (isset($privTable[$j][$i])) { echo $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><input type="checkbox"' . (empty($checkall) ? '' : ' checked="checked"') . ' name="' . $privTable[$j][$i][0] . '_priv" id="checkbox_' . $privTable[$j][$i][0] . '_priv" value="Y" ' . ($row[$privTable[$j][$i][0] . '_priv'] == 'Y' ? 'checked="checked" ' : '') . 'title="' . $privTable[$j][$i][2] . '"/></td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><label for="checkbox_' . $privTable[$j][$i][0] . '_priv"><tt><dfn title="' . $privTable[$j][$i][2] . '">' . $privTable[$j][$i][1] . '</dfn></tt></label></td>' . "\n"; } else { if ($db == '*' && !isset($privTable[0][$i]) && !isset($privTable[1][$i]) && isset($row['max_questions']) && isset($row['max_updates']) && isset($row['max_connections']) && !$limitTable) { echo $spaces . ' <td colspan="4" rowspan="' . (count($privTable[2]) - $i) . '">' . "\n" . $spaces . ' <table border="0" cellpadding="0" cellspacing="0">' . "\n" . $spaces . ' <tr>' . "\n" . $spaces . ' <th colspan="2"> ' . $GLOBALS['strResourceLimits'] . ' </th>' . "\n" . $spaces . ' </tr>' . "\n" . $spaces . ' <tr>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '" colspan="2"><small><i>' . $GLOBALS['strZeroRemovesTheLimit'] . '</i></small></td>' . "\n" . $spaces . ' </tr>' . "\n" . $spaces . ' <tr>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><label for="text_max_questions"><tt><dfn title="' . $GLOBALS['strPrivDescMaxQuestions'] . '">MAX QUERIES PER HOUR</dfn></tt></label></td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><input type="text" class="textfield" name="max_questions" id="text_max_questions" value="' . $row['max_questions'] . '" size="11" maxlength="11" title="' . $GLOBALS['strPrivDescMaxQuestions'] . '" /></td>' . "\n" . $spaces . ' </tr>' . "\n" . $spaces . ' <tr>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><label for="text_max_updates"><tt><dfn title="' . $GLOBALS['strPrivDescMaxUpdates'] . '">MAX UPDATES PER HOUR</dfn></tt></label></td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><input type="text" class="textfield" name="max_updates" id="text_max_updates" value="' . $row['max_updates'] . '" size="11" maxlength="11" title="' . $GLOBALS['strPrivDescMaxUpdates'] . '" /></td>' . "\n" . $spaces . ' </tr>' . "\n" . $spaces . ' <tr>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><label for="text_max_connections"><tt><dfn title="' . $GLOBALS['strPrivDescMaxConnections'] . '">MAX CONNECTIONS PER HOUR</dfn></tt></label></td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><input type="text" class="textfield" name="max_connections" id="text_max_connections" value="' . $row['max_connections'] . '" size="11" maxlength="11" title="' . $GLOBALS['strPrivDescMaxConnections'] . '" /></td>' . "\n" . $spaces . ' </tr>' . "\n" . $spaces . ' </table>' . "\n" . $spaces . ' </td>' . "\n"; $limitTable = TRUE; } else { if (!$limitTable) { echo $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '" colspan="2"> </td>' . "\n"; } } } } } echo $spaces . ' </tr>' . "\n"; } if ($submit) { echo $spaces . ' <tr>' . "\n" . $spaces . ' <td colspan="6" align="right">' . "\n" . $spaces . ' <input type="submit" name="update_privs" value="' . $GLOBALS['strGo'] . '" />' . "\n" . $spaces . ' </td>' . "\n" . $spaces . ' </tr>' . "\n"; } echo $spaces . '</table>' . "\n"; }
/** * Displays the privileges form table * * @param string $db the database * @param string $table the table * @param boolean $submit wheather to display the submit button or not * @param int $indent the indenting level of the code * * @global array $cfg the phpMyAdmin configuration * @global ressource $user_link the database connection * * @return void */ function PMA_displayPrivTable($db = '*', $table = '*', $submit = TRUE, $indent = 0) { if ($db == '*') { $table = '*'; } $spaces = str_repeat(' ', $indent); if (isset($GLOBALS['username'])) { $username = $GLOBALS['username']; $hostname = $GLOBALS['hostname']; if ($db == '*') { $sql_query = 'SELECT * FROM `mysql`.`user`' . ' WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($hostname, 'quoted') . ';'; } elseif ($table == '*') { $sql_query = 'SELECT * FROM `mysql`.`db`' . ' WHERE ' . PMA_convert_using('`User`') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('`Host`') . ' = ' . PMA_convert_using($hostname, 'quoted') . ' AND ' . PMA_convert_using(PMA_unescape_mysql_wildcards($db), 'quoted') . ' LIKE ' . PMA_convert_using('`Db`') . ';'; } else { $sql_query = 'SELECT `Table_priv`' . ' FROM `mysql`.`tables_priv`' . ' WHERE ' . PMA_convert_using('`User`') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('`Host`') . ' = ' . PMA_convert_using($hostname, 'quoted') . ' AND ' . PMA_convert_using('`Db`') . ' = ' . PMA_convert_using(PMA_unescape_mysql_wildcards($db), 'quoted') . ' AND ' . PMA_convert_using('`Table_name`') . ' = ' . PMA_convert_using($table, 'quoted') . ';'; } $res = PMA_DBI_query($sql_query); $row = PMA_DBI_fetch_assoc($res); PMA_DBI_free_result($res); } if (empty($row)) { if ($table == '*') { if ($db == '*') { $sql_query = 'SHOW COLUMNS FROM `mysql`.`user`;'; } else { if ($table == '*') { $sql_query = 'SHOW COLUMNS FROM `mysql`.`db`;'; } } $res = PMA_DBI_query($sql_query); while ($row1 = PMA_DBI_fetch_row($res)) { if (substr($row1[0], 0, 4) == 'max_') { $row[$row1[0]] = 0; } else { $row[$row1[0]] = 'N'; } } PMA_DBI_free_result($res); } else { $row = array('Table_priv' => ''); } } if (isset($row['Table_priv'])) { $res = PMA_DBI_query('SHOW COLUMNS FROM `mysql`.`tables_priv` LIKE \'Table_priv\';', $GLOBALS['userlink']); // note: in MySQL 5.0.3 we get "Create View', 'Show view'; // the View for Create is spelled with uppercase V // the view for Show is spelled with lowercase v // and there is a space between the words $row1 = PMA_DBI_fetch_assoc($res); PMA_DBI_free_result($res); $av_grants = explode('\',\'', substr($row1['Type'], strpos($row1['Type'], '(') + 2, strpos($row1['Type'], ')') - strpos($row1['Type'], '(') - 3)); unset($res, $row1); $users_grants = explode(',', $row['Table_priv']); foreach ($av_grants as $current_grant) { $row[$current_grant . '_priv'] = in_array($current_grant, $users_grants) ? 'Y' : 'N'; } unset($row['Table_priv'], $current_grant, $av_grants, $users_grants); // get collumns $res = PMA_DBI_try_query('SHOW COLUMNS FROM `' . PMA_unescape_mysql_wildcards($db) . '`.`' . $table . '`;'); $columns = array(); if ($res) { while ($row1 = PMA_DBI_fetch_row($res)) { $columns[$row1[0]] = array('Select' => FALSE, 'Insert' => FALSE, 'Update' => FALSE, 'References' => FALSE); } PMA_DBI_free_result($res); } unset($res, $row1); } // t a b l e - s p e c i f i c p r i v i l e g e s if (!empty($columns)) { $res = PMA_DBI_query('SELECT `Column_name`, `Column_priv`' . ' FROM `mysql`.`columns_priv`' . ' WHERE ' . PMA_convert_using('`User`') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('`Host`') . ' = ' . PMA_convert_using($hostname, 'quoted') . ' AND ' . PMA_convert_using('`Db`') . ' = ' . PMA_convert_using(PMA_unescape_mysql_wildcards($db), 'quoted') . ' AND ' . PMA_convert_using('`Table_name`') . ' = ' . PMA_convert_using($table, 'quoted') . ';'); while ($row1 = PMA_DBI_fetch_row($res)) { $row1[1] = explode(',', $row1[1]); foreach ($row1[1] as $current) { $columns[$row1[0]][$current] = TRUE; } } PMA_DBI_free_result($res); unset($res, $row1, $current); echo $spaces . '<input type="hidden" name="grant_count" value="' . count($row) . '" />' . "\n" . $spaces . '<input type="hidden" name="column_count" value="' . count($columns) . '" />' . "\n" . $spaces . '<fieldset id="fieldset_user_priv">' . "\n" . $spaces . ' <legend>' . $GLOBALS['strTblPrivileges'] . '</legend>' . "\n" . $spaces . ' <p><small><i>' . $GLOBALS['strEnglishPrivileges'] . '</i></small></p>' . "\n"; // privs that are attached to a specific column PMA_display_column_privs($spaces, $columns, $row, 'Select_priv', 'SELECT', 'select', $GLOBALS['strPrivDescSelect'], 'Select'); PMA_display_column_privs($spaces, $columns, $row, 'Insert_priv', 'INSERT', 'insert', $GLOBALS['strPrivDescInsert'], 'Insert'); PMA_display_column_privs($spaces, $columns, $row, 'Update_priv', 'UPDATE', 'update', $GLOBALS['strPrivDescUpdate'], 'Update'); PMA_display_column_privs($spaces, $columns, $row, 'References_priv', 'REFERENCES', 'references', $GLOBALS['strPrivDescReferences'], 'References'); // privs that are not attached to a specific column echo $spaces . ' <div class="item">' . "\n"; foreach ($row as $current_grant => $current_grant_value) { if (in_array(substr($current_grant, 0, strlen($current_grant) - 5), array('Select', 'Insert', 'Update', 'References'))) { continue; } // make a substitution to match the messages variables; // also we must substitute the grant we get, because we can't generate // a form variable containing blanks (those would get changed to // an underscore when receiving the POST) if ($current_grant == 'Create View_priv') { $tmp_current_grant = 'CreateView_priv'; $current_grant = 'Create_view_priv'; } elseif ($current_grant == 'Show view_priv') { $tmp_current_grant = 'ShowView_priv'; $current_grant = 'Show_view_priv'; } else { $tmp_current_grant = $current_grant; } echo $spaces . ' <div class="item">' . "\n" . $spaces . ' <input type="checkbox"' . (empty($GLOBALS['checkall']) ? '' : ' checked="checked"') . ' name="' . $current_grant . '" id="checkbox_' . $current_grant . '" value="Y" ' . ($current_grant_value == 'Y' ? 'checked="checked" ' : '') . 'title="'; echo (isset($GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5)]) ? $GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5)] : $GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5) . 'Tbl']) . '"/>' . "\n"; echo $spaces . ' <label for="checkbox_' . $current_grant . '"><tt><dfn title="' . (isset($GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5)]) ? $GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5)] : $GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5) . 'Tbl']) . '">' . strtoupper(substr($current_grant, 0, strlen($current_grant) - 5)) . '</dfn></tt></label>' . "\n" . $spaces . ' </div>' . "\n"; } // end foreach() echo $spaces . ' </div>' . "\n"; } else { // g l o b a l o r d b - s p e c i f i c // // d a t a $privTable[0] = array(array('Select', 'SELECT', $GLOBALS['strPrivDescSelect']), array('Insert', 'INSERT', $GLOBALS['strPrivDescInsert']), array('Update', 'UPDATE', $GLOBALS['strPrivDescUpdate']), array('Delete', 'DELETE', $GLOBALS['strPrivDescDelete'])); if ($db == '*') { $privTable[0][] = array('File', 'FILE', $GLOBALS['strPrivDescFile']); } // s t r u c t u r e $privTable[1] = array(array('Create', 'CREATE', $table == '*' ? $GLOBALS['strPrivDescCreateDb'] : $GLOBALS['strPrivDescCreateTbl']), array('Alter', 'ALTER', $GLOBALS['strPrivDescAlter']), array('Index', 'INDEX', $GLOBALS['strPrivDescIndex']), array('Drop', 'DROP', $table == '*' ? $GLOBALS['strPrivDescDropDb'] : $GLOBALS['strPrivDescDropTbl'])); if (isset($row['Create_tmp_table_priv'])) { $privTable[1][] = array('Create_tmp_table', 'CREATE TEMPORARY TABLES', $GLOBALS['strPrivDescCreateTmpTable']); } // this one is for a db-specific priv: Create_view_priv if (isset($row['Create_view_priv'])) { $privTable[1][] = array('Create_view', 'CREATE VIEW', $GLOBALS['strPrivDescCreateView']); } // this one is for a table-specific priv: Create View_priv if (isset($row['Create View_priv'])) { $privTable[1][] = array('Create View', 'CREATE VIEW', $GLOBALS['strPrivDescCreateView']); } if (isset($row['Show_view_priv'])) { $privTable[1][] = array('Show_view', 'SHOW VIEW', $GLOBALS['strPrivDescShowView']); } if (isset($row['Create_routine_priv'])) { $privTable[1][] = array('Create_routine', 'CREATE ROUTINE', $GLOBALS['strPrivDescCreateRoutine']); } if (isset($row['Alter_routine_priv'])) { $privTable[1][] = array('Alter_routine', 'ALTER ROUTINE', $GLOBALS['strPrivDescAlterRoutine']); } if (isset($row['Execute_priv'])) { if (PMA_MYSQL_INT_VERSION >= 40002 && PMA_MYSQL_INT_VERSION < 50003) { $privTable[1][] = array('Execute', 'EXECUTE', $GLOBALS['strPrivDescExecute']); } else { $privTable[1][] = array('Execute', 'EXECUTE', $GLOBALS['strPrivDescExecute5']); } } // a d m i n i s t r a t i o n $privTable[2] = array(); if (isset($row['Grant_priv'])) { $privTable[2][] = array('Grant', 'GRANT', $GLOBALS['strPrivDescGrant']); } if ($db == '*') { if (isset($row['Super_priv'])) { $privTable[2][] = array('Super', 'SUPER', $GLOBALS['strPrivDescSuper']); $privTable[2][] = array('Process', 'PROCESS', $GLOBALS['strPrivDescProcess4']); } else { $privTable[2][] = array('Process', 'PROCESS', $GLOBALS['strPrivDescProcess3']); } $privTable[2][] = array('Reload', 'RELOAD', $GLOBALS['strPrivDescReload']); $privTable[2][] = array('Shutdown', 'SHUTDOWN', $GLOBALS['strPrivDescShutdown']); if (isset($row['Show_db_priv'])) { $privTable[2][] = array('Show_db', 'SHOW DATABASES', $GLOBALS['strPrivDescShowDb']); } } if (isset($row['Lock_tables_priv'])) { $privTable[2][] = array('Lock_tables', 'LOCK TABLES', $GLOBALS['strPrivDescLockTables']); } $privTable[2][] = array('References', 'REFERENCES', $GLOBALS['strPrivDescReferences']); if ($db == '*') { //if (isset($row['Execute_priv'])) { // $privTable[2][] = array('Execute', 'EXECUTE', $GLOBALS['strPrivDescExecute']); //} if (isset($row['Repl_client_priv'])) { $privTable[2][] = array('Repl_client', 'REPLICATION CLIENT', $GLOBALS['strPrivDescReplClient']); } if (isset($row['Repl_slave_priv'])) { $privTable[2][] = array('Repl_slave', 'REPLICATION SLAVE', $GLOBALS['strPrivDescReplSlave']); } if (isset($row['Create_user_priv'])) { $privTable[2][] = array('Create_user', 'CREATE USER', $GLOBALS['strPrivDescCreateUser']); } } echo $spaces . '<input type="hidden" name="grant_count" value="' . (count($privTable[0]) + count($privTable[1]) + count($privTable[2]) - (isset($row['Grant_priv']) ? 1 : 0)) . '" />' . "\n" . $spaces . '<fieldset id="fieldset_user_global_rights">' . "\n" . $spaces . ' <legend>' . "\n" . $spaces . ' ' . ($db == '*' ? $GLOBALS['strGlobalPrivileges'] : ($table == '*' ? $GLOBALS['strDbPrivileges'] : $GLOBALS['strTblPrivileges'])) . "\n" . $spaces . ' ( <a href="./server_privileges.php?' . $GLOBALS['url_query'] . '&checkall=1" onclick="setCheckboxes(\'usersForm\', true); return false;">' . $GLOBALS['strCheckAll'] . '</a> /' . "\n" . $spaces . ' <a href="./server_privileges.php?' . $GLOBALS['url_query'] . '" onclick="setCheckboxes(\'usersForm\', false); return false;">' . $GLOBALS['strUncheckAll'] . '</a> )' . "\n" . $spaces . ' </legend>' . "\n" . $spaces . ' <p><small><i>' . $GLOBALS['strEnglishPrivileges'] . '</i></small></p>' . "\n" . $spaces . ' <fieldset>' . "\n" . $spaces . ' <legend>' . $GLOBALS['strData'] . '</legend>' . "\n"; foreach ($privTable[0] as $priv) { echo $spaces . ' <div class="item">' . "\n" . $spaces . ' <input type="checkbox"' . (empty($GLOBALS['checkall']) ? '' : ' checked="checked"') . ' name="' . $priv[0] . '_priv" id="checkbox_' . $priv[0] . '_priv" value="Y" ' . ($row[$priv[0] . '_priv'] == 'Y' ? 'checked="checked" ' : '') . 'title="' . $priv[2] . '"/>' . "\n" . $spaces . ' <label for="checkbox_' . $priv[0] . '_priv"><tt><dfn title="' . $priv[2] . '">' . $priv[1] . '</dfn></tt></label>' . "\n" . $spaces . ' </div>' . "\n"; } echo $spaces . ' </fieldset>' . "\n" . $spaces . ' <fieldset>' . "\n" . $spaces . ' <legend>' . $GLOBALS['strStructure'] . '</legend>' . "\n"; foreach ($privTable[1] as $priv) { echo $spaces . ' <div class="item">' . "\n" . $spaces . ' <input type="checkbox"' . (empty($GLOBALS['checkall']) ? '' : ' checked="checked"') . ' name="' . $priv[0] . '_priv" id="checkbox_' . $priv[0] . '_priv" value="Y" ' . ($row[$priv[0] . '_priv'] == 'Y' ? 'checked="checked" ' : '') . 'title="' . $priv[2] . '"/>' . "\n" . $spaces . ' <label for="checkbox_' . $priv[0] . '_priv"><tt><dfn title="' . $priv[2] . '">' . $priv[1] . '</dfn></tt></label>' . "\n" . $spaces . ' </div>' . "\n"; } echo $spaces . ' </fieldset>' . "\n" . $spaces . ' <fieldset>' . "\n" . $spaces . ' <legend>' . $GLOBALS['strAdministration'] . '</legend>' . "\n"; foreach ($privTable[2] as $priv) { echo $spaces . ' <div class="item">' . "\n" . $spaces . ' <input type="checkbox"' . (empty($GLOBALS['checkall']) ? '' : ' checked="checked"') . ' name="' . $priv[0] . '_priv" id="checkbox_' . $priv[0] . '_priv" value="Y" ' . ($row[$priv[0] . '_priv'] == 'Y' ? 'checked="checked" ' : '') . 'title="' . $priv[2] . '"/>' . "\n" . $spaces . ' <label for="checkbox_' . $priv[0] . '_priv"><tt><dfn title="' . $priv[2] . '">' . $priv[1] . '</dfn></tt></label>' . "\n" . $spaces . ' </div>' . "\n"; } echo $spaces . ' </fieldset>' . "\n"; // The "Resource limits" box is not displayed for db-specific privs if ($db == '*') { echo $spaces . ' <fieldset>' . "\n" . $spaces . ' <legend>' . $GLOBALS['strResourceLimits'] . '</legend>' . "\n" . $spaces . ' <p><small><i>' . $GLOBALS['strZeroRemovesTheLimit'] . '</i></small></p>' . "\n" . $spaces . ' <div class="item">' . "\n" . $spaces . ' <label for="text_max_questions"><tt><dfn title="' . $GLOBALS['strPrivDescMaxQuestions'] . '">MAX QUERIES PER HOUR</dfn></tt></label>' . "\n" . $spaces . ' <input type="text" name="max_questions" id="text_max_questions" value="' . $row['max_questions'] . '" size="11" maxlength="11" title="' . $GLOBALS['strPrivDescMaxQuestions'] . '" />' . "\n" . $spaces . ' </div>' . "\n" . $spaces . ' <div class="item">' . "\n" . $spaces . ' <label for="text_max_updates"><tt><dfn title="' . $GLOBALS['strPrivDescMaxUpdates'] . '">MAX UPDATES PER HOUR</dfn></tt></label>' . "\n" . $spaces . ' <input type="text" name="max_updates" id="text_max_updates" value="' . $row['max_updates'] . '" size="11" maxlength="11" title="' . $GLOBALS['strPrivDescMaxUpdates'] . '" />' . "\n" . $spaces . ' </div>' . "\n" . $spaces . ' <div class="item">' . "\n" . $spaces . ' <label for="text_max_connections"><tt><dfn title="' . $GLOBALS['strPrivDescMaxConnections'] . '">MAX CONNECTIONS PER HOUR</dfn></tt></label>' . "\n" . $spaces . ' <input type="text" name="max_connections" id="text_max_connections" value="' . $row['max_connections'] . '" size="11" maxlength="11" title="' . $GLOBALS['strPrivDescMaxConnections'] . '" />' . "\n" . $spaces . ' </div>' . "\n"; if (PMA_MYSQL_INT_VERSION >= 50003) { echo $spaces . ' <div class="item">' . "\n" . $spaces . ' <label for="text_max_user_connections"><tt><dfn title="' . $GLOBALS['strPrivDescMaxUserConnections'] . '">MAX USER_CONNECTIONS</dfn></tt></label>' . "\n" . $spaces . ' <input type="text" name="max_user_connections" id="text_max_user_connections" value="' . $row['max_user_connections'] . '" size="11" maxlength="11" title="' . $GLOBALS['strPrivDescMaxUserConnections'] . '" />' . "\n" . $spaces . ' </div>' . "\n"; } echo $spaces . ' </fieldset>' . "\n"; } } echo $spaces . '</fieldset>' . "\n"; if ($submit) { echo $spaces . '<fieldset id="fieldset_user_privtable_footer" class="tblFooters">' . "\n" . $spaces . ' <input type="submit" name="update_privs" value="' . $GLOBALS['strGo'] . '" />' . "\n" . $spaces . '</fieldset>' . "\n"; } }
if (!$is_reload_priv) { $is_reload_priv = $result_usr['Reload_priv'] == 'Y'; } } // end while PMA_DBI_free_result($rs_usr); unset($rs_usr, $result_usr); } // end if } // end if // If the user has Create priv on a inexistant db, show him in the dialog // the first inexistant db name that we find, in most cases it's probably // the one he just dropped :) if (!$is_create_priv) { $local_query = 'SELECT DISTINCT Db FROM mysql.db WHERE ' . PMA_convert_using('Create_priv') . ' = ' . PMA_convert_using('Y', 'quoted') . ' AND (' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($mysql_cur_user), 'quoted') . ' OR ' . PMA_convert_using('User') . ' = ' . PMA_convert_using('', 'quoted') . ');'; $rs_usr = PMA_DBI_try_query($local_query, $dbh, PMA_DBI_QUERY_STORE); if ($rs_usr) { $re0 = '(^|(\\\\\\\\)+|[^\\])'; // non-escaped wildcards $re1 = '(^|[^\\])(\\\\)+'; // escaped wildcards while ($row = PMA_DBI_fetch_assoc($rs_usr)) { if (ereg($re0 . '(%|_)', $row['Db']) || !PMA_DBI_try_query('USE ' . ereg_replace($re1 . '(%|_)', '\\1\\3', $row['Db'])) && substr(PMA_DBI_getError(), 1, 4) != 1044) { $db_to_create = ereg_replace($re0 . '%', '\\1...', ereg_replace($re0 . '_', '\\1?', $row['Db'])); $db_to_create = ereg_replace($re1 . '(%|_)', '\\1\\3', $db_to_create); $is_create_priv = TRUE; break; } // end if }