/**
 * Get SQL queries for Display and Add user
 *
 * @param string $username username
 * @param string $hostname host name
 * @param string $password password
 *
 * @return array ($create_user_real, $create_user_show,$real_sql_query, $sql_query)
 */
function PMA_getSqlQueriesForDisplayAndAddUser($username, $hostname, $password)
{
    $create_user_real = 'CREATE USER \'' . PMA_Util::sqlAddSlashes($username) . '\'@\'' . PMA_Util::sqlAddSlashes($hostname) . '\'';
    $real_sql_query = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON *.* TO \'' . PMA_Util::sqlAddSlashes($username) . '\'@\'' . PMA_Util::sqlAddSlashes($hostname) . '\'';
    if ($_POST['pred_password'] != 'none' && $_POST['pred_password'] != 'keep') {
        $sql_query = $real_sql_query;
        // Requires SELECT privilege on mysql database
        // for using this with GRANT queries. It can be skipped.
        if ($GLOBALS['is_superuser']) {
            $sql_query .= ' IDENTIFIED BY \'***\'';
            $real_sql_query .= ' IDENTIFIED BY \'' . PMA_Util::sqlAddSlashes($_POST['pma_pw']) . '\'';
        }
        if (isset($create_user_real)) {
            $create_user_show = $create_user_real . ' IDENTIFIED BY \'***\'';
            $create_user_real .= ' IDENTIFIED BY \'' . PMA_Util::sqlAddSlashes($_POST['pma_pw']) . '\'';
        }
    } else {
        if ($_POST['pred_password'] == 'keep' && !empty($password)) {
            $real_sql_query .= ' IDENTIFIED BY PASSWORD \'' . $password . '\'';
            if (isset($create_user_real)) {
                $create_user_real .= ' IDENTIFIED BY PASSWORD \'' . $password . '\'';
            }
        }
        $sql_query = $real_sql_query;
        if (isset($create_user_real)) {
            $create_user_show = $create_user_real;
        }
    }
    // add REQUIRE clause
    $require_clause = PMA_getRequireClause();
    $real_sql_query .= $require_clause;
    $sql_query .= $require_clause;
    if (isset($_POST['Grant_priv']) && $_POST['Grant_priv'] == 'Y' || (isset($_POST['max_questions']) || isset($_POST['max_connections']) || isset($_POST['max_updates']) || isset($_POST['max_user_connections']))) {
        $with_clause = PMA_getWithClauseForAddUserAndUpdatePrivs();
        $real_sql_query .= $with_clause;
        $sql_query .= $with_clause;
    }
    if (isset($create_user_real)) {
        $create_user_real .= ';';
        $create_user_show .= ';';
    }
    $real_sql_query .= ';';
    $sql_query .= ';';
    // No Global GRANT_OPTION privilege
    if (!$GLOBALS['is_grantuser']) {
        $real_sql_query = '';
        $sql_query = '';
    }
    return array($create_user_real, $create_user_show, $real_sql_query, $sql_query);
}
 /**
  * Test for PMA_getExtraDataForAjaxBehavior
  *
  * @return void
  */
 public function testPMAGetExtraDataForAjaxBehavior()
 {
     $password = "******";
     $sql_query = "pma_sql_query";
     $username = "******";
     $hostname = "pma_hostname";
     $GLOBALS['dbname'] = "pma_dbname";
     $_REQUEST['adduser_submit'] = "adduser_submit";
     $_REQUEST['change_copy'] = "change_copy";
     $_REQUEST['validate_username'] = "******";
     $_REQUEST['username'] = "******";
     $_POST['update_privs'] = "update_privs";
     //PMA_getExtraDataForAjaxBehavior
     $extra_data = PMA_getExtraDataForAjaxBehavior($password, $sql_query, $hostname, $username);
     //user_exists
     $this->assertEquals(false, $extra_data['user_exists']);
     //db_wildcard_privs
     $this->assertEquals(true, $extra_data['db_wildcard_privs']);
     //user_exists
     $this->assertEquals(false, $extra_data['db_specific_privs']);
     //new_user_initial
     $this->assertEquals('P', $extra_data['new_user_initial']);
     //sql_query
     $this->assertEquals(PMA\libraries\Util::getMessage(null, $sql_query), $extra_data['sql_query']);
     //new_user_string
     $this->assertContains(htmlspecialchars($hostname), $extra_data['new_user_string']);
     $this->assertContains(htmlspecialchars($username), $extra_data['new_user_string']);
     //new_privileges
     $this->assertContains(join(', ', PMA_extractPrivInfo(null, true)), $extra_data['new_privileges']);
 }
 for ($i = 0; $i < count($current_privileges); $i++) {
     $current = $current_privileges[$i];
     $user_form .= '        <td>' . "\n"
        . '            ';
     if (! isset($current['Db']) || $current['Db'] == '*') {
         $user_form .= __('global');
     } elseif ($current['Db'] == PMA_escape_mysql_wildcards($checkprivs)) {
         $user_form .= __('database-specific');
     } else {
         $user_form .= __('wildcard'). ': <code>' . htmlspecialchars($current['Db']) . '</code>';
     }
     $user_form .= "\n"
        . '        </td>' . "\n"
        . '        <td>' . "\n"
        . '            <code>' . "\n"
        . '                ' . join(',' . "\n" . '                ', PMA_extractPrivInfo($current, true)) . "\n"
        . '            </code>' . "\n"
        . '        </td>' . "\n"
        . '        <td>' . "\n"
        . '            ' . ($current['Grant_priv'] == 'Y' ? __('Yes') : __('No')) . "\n"
        . '        </td>' . "\n"
        . '        <td>' . "\n";
     $user_form .= sprintf(
         $link_edit,
         urlencode($current_user),
         urlencode($current_host),
         urlencode(! isset($current['Db']) || $current['Db'] == '*' ? '' : $current['Db']),
         ''
     );
     $user_form .= '</td>' . "\n"
        . '    </tr>' . "\n";
/**
 * Get SQL queries for Display and Add user
 *
 * @param string $username username
 * @param string $hostname host name
 * @param string $password password
 *
 * @return array ($create_user_real, $create_user_show,$real_sql_query, $sql_query
 *                $password_set_real, $password_set_show)
 */
function PMA_getSqlQueriesForDisplayAndAddUser($username, $hostname, $password)
{
    $slashedUsername = PMA_Util::sqlAddSlashes($username);
    $slashedHostname = PMA_Util::sqlAddSlashes($hostname);
    $slashedPassword = PMA_Util::sqlAddSlashes($password);
    $create_user_stmt = sprintf('CREATE USER \'%s\'@\'%s\'', $slashedUsername, $slashedHostname);
    if (PMA_MYSQL_INT_VERSION >= 50507 && isset($_REQUEST['authentication_plugin'])) {
        $create_user_stmt .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin'];
    }
    if (PMA_MYSQL_INT_VERSION >= 50707 && strpos($create_user_stmt, '%') !== false) {
        $create_user_stmt = str_replace('%', '%%', $create_user_stmt);
    }
    $create_user_real = $create_user_show = $create_user_stmt;
    $password_set_stmt = 'SET PASSWORD FOR \'%s\'@\'%s\' = PASSWORD(\'%s\')';
    $password_set_show = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, '***');
    $sql_query_stmt = sprintf('GRANT %s ON *.* TO \'%s\'@\'%s\'', join(', ', PMA_extractPrivInfo()), $slashedUsername, $slashedHostname);
    $real_sql_query = $sql_query = $sql_query_stmt;
    if (PMA_MYSQL_INT_VERSION < 50707) {
        if ($_POST['pred_password'] == 'keep') {
            $password_set_real = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, $slashedPassword);
        } else {
            if ($_POST['pred_password'] == 'none') {
                $password_set_real = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, null);
            } else {
                $password_set_real = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, $_POST['pma_pw']);
            }
        }
    } else {
        $password_set_real = null;
        $create_user_stmt .= ' BY \'%s\'';
        if ($_POST['pred_password'] == 'keep') {
            $create_user_real = sprintf($create_user_stmt, $password);
            $create_user_show = sprintf($create_user_stmt, '***');
        } else {
            if ($_POST['pred_password'] == 'none') {
                $create_user_real = sprintf($create_user_stmt, null);
                $create_user_show = sprintf($create_user_stmt, '***');
            } else {
                $create_user_real = sprintf($create_user_stmt, $_POST['pma_pw']);
                $create_user_show = sprintf($create_user_stmt, '***');
            }
        }
    }
    // add REQUIRE clause
    $require_clause = PMA_getRequireClause();
    $real_sql_query .= $require_clause;
    $sql_query .= $require_clause;
    if (isset($_POST['Grant_priv']) && $_POST['Grant_priv'] == 'Y' || (isset($_POST['max_questions']) || isset($_POST['max_connections']) || isset($_POST['max_updates']) || isset($_POST['max_user_connections']))) {
        $with_clause = PMA_getWithClauseForAddUserAndUpdatePrivs();
        $real_sql_query .= $with_clause;
        $sql_query .= $with_clause;
    }
    if (isset($create_user_real)) {
        $create_user_real .= ';';
        $create_user_show .= ';';
    }
    $real_sql_query .= ';';
    $sql_query .= ';';
    // No Global GRANT_OPTION privilege
    if (!$GLOBALS['is_grantuser']) {
        $real_sql_query = '';
        $sql_query = '';
    }
    if (PMA_Util::getServerType() == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50700) {
        $password_set_real = null;
        $password_set_show = null;
    } else {
        $password_set_real .= ";";
        $password_set_show .= ";";
    }
    return array($create_user_real, $create_user_show, $real_sql_query, $sql_query, $password_set_real, $password_set_show);
}
/**
 * Get SQL queries for Display and Add user
 *
 * @param string $username usernam
 * @param string $hostname host name
 * @param string $password password
 *
 * @return array ($create_user_real, $create_user_show,$real_sql_query, $sql_query)
 */
function PMA_getSqlQueriesForDisplayAndAddUser($username, $hostname, $password)
{
    $sql_query = '';
    $create_user_real = 'CREATE USER \'' . PMA_Util::sqlAddSlashes($username) . '\'@\'' . PMA_Util::sqlAddSlashes($hostname) . '\'';
    $real_sql_query = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON *.* TO \'' . PMA_Util::sqlAddSlashes($username) . '\'@\'' . PMA_Util::sqlAddSlashes($hostname) . '\'';
    if ($_POST['pred_password'] != 'none' && $_POST['pred_password'] != 'keep') {
        $sql_query = $real_sql_query . ' IDENTIFIED BY \'***\'';
        $real_sql_query .= ' IDENTIFIED BY \'' . PMA_Util::sqlAddSlashes($_POST['pma_pw']) . '\'';
        if (isset($create_user_real)) {
            $create_user_show = $create_user_real . ' IDENTIFIED BY \'***\'';
            $create_user_real .= ' IDENTIFIED BY \'' . PMA_Util::sqlAddSlashes($_POST['pma_pw']) . '\'';
        }
    } else {
        if ($_POST['pred_password'] == 'keep' && !empty($password)) {
            $real_sql_query .= ' IDENTIFIED BY PASSWORD \'' . $password . '\'';
            if (isset($create_user_real)) {
                $create_user_real .= ' IDENTIFIED BY PASSWORD \'' . $password . '\'';
            }
        }
        $sql_query = $real_sql_query;
        if (isset($create_user_real)) {
            $create_user_show = $create_user_real;
        }
    }
    if (isset($_POST['Grant_priv']) && $_POST['Grant_priv'] == 'Y' || (isset($_POST['max_questions']) || isset($_POST['max_connections']) || isset($_POST['max_updates']) || isset($_POST['max_user_connections']))) {
        $with_clause = PMA_getWithClauseForAddUserAndUpdatePrivs();
        $real_sql_query .= ' ' . $with_clause;
        $sql_query .= ' ' . $with_clause;
    }
    if (isset($create_user_real)) {
        $create_user_real .= ';';
        $create_user_show .= ';';
    }
    $real_sql_query .= ';';
    $sql_query .= ';';
    return array($create_user_real, $create_user_show, $real_sql_query, $sql_query);
}
Example #6
0
         $user_form .= '>' . (empty($current_user) ? '<span style="color: #FF0000">' . __('Any') . '</span>' : htmlspecialchars($current_user)) . "\n" . '        </td>' . "\n" . '        <td';
         if (count($current_privileges) > 1) {
             $user_form .= ' rowspan="' . count($current_privileges) . '"';
         }
         $user_form .= '>' . htmlspecialchars($current_host) . '</td>' . "\n";
         for ($i = 0; $i < count($current_privileges); $i++) {
             $current = $current_privileges[$i];
             $user_form .= '        <td>' . "\n" . '            ';
             if (!isset($current['Db']) || $current['Db'] == '*') {
                 $user_form .= __('global');
             } elseif ($current['Db'] == PMA_escape_mysql_wildcards($checkprivs)) {
                 $user_form .= __('database-specific');
             } else {
                 $user_form .= __('wildcard') . ': <tt>' . htmlspecialchars($current['Db']) . '</tt>';
             }
             $user_form .= "\n" . '        </td>' . "\n" . '        <td>' . "\n" . '            <tt>' . "\n" . '                ' . join(',' . "\n" . '                ', PMA_extractPrivInfo($current, true)) . "\n" . '            </tt>' . "\n" . '        </td>' . "\n" . '        <td>' . "\n" . '            ' . ($current['Grant_priv'] == 'Y' ? __('Yes') : __('No')) . "\n" . '        </td>' . "\n" . '        <td>' . "\n";
             $user_form .= sprintf($link_edit, urlencode($current_user), urlencode($current_host), urlencode(!isset($current['Db']) || $current['Db'] == '*' ? '' : $current['Db']), '');
             $user_form .= '</td>' . "\n" . '    </tr>' . "\n";
             if ($i + 1 < count($current_privileges)) {
                 $user_form .= '<tr class="noclick ' . ($odd_row ? 'odd' : 'even') . '">' . "\n";
             }
         }
         if (empty($row) && empty($row1) && empty($row2)) {
             break;
         }
         $odd_row = !$odd_row;
     }
 } else {
     $user_form .= '    <tr class="odd">' . "\n" . '        <td colspan="6">' . "\n" . '            ' . __('No user found.') . "\n" . '        </td>' . "\n" . '    </tr>' . "\n";
 }
 $user_form .= '</tbody>' . "\n" . '</table></fieldset></form>' . "\n";
/**
 * Get SQL queries for Display and Add user
 *
 * @param string $username username
 * @param string $hostname host name
 * @param string $password password
 *
 * @return array ($create_user_real, $create_user_show,$real_sql_query, $sql_query
 *                $password_set_real, $password_set_show)
 */
function PMA_getSqlQueriesForDisplayAndAddUser($username, $hostname, $password)
{
    $slashedUsername = Util::sqlAddSlashes($username);
    $slashedHostname = Util::sqlAddSlashes($hostname);
    $slashedPassword = Util::sqlAddSlashes($password);
    $serverType = Util::getServerType();
    $create_user_stmt = sprintf('CREATE USER \'%s\'@\'%s\'', $slashedUsername, $slashedHostname);
    // See https://github.com/phpmyadmin/phpmyadmin/pull/11560#issuecomment-147158219
    // for details regarding details of syntax usage for various versions
    // 'IDENTIFIED WITH auth_plugin'
    // is supported by MySQL 5.5.7+
    if (($serverType == 'MySQL' || $serverType == 'Percona Server') && PMA_MYSQL_INT_VERSION >= 50507 && isset($_REQUEST['authentication_plugin'])) {
        $create_user_stmt .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin'];
    }
    // 'IDENTIFIED VIA auth_plugin'
    // is supported by MariaDB 5.2+
    if ($serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200 && isset($_REQUEST['authentication_plugin'])) {
        $create_user_stmt .= ' IDENTIFIED VIA ' . $_REQUEST['authentication_plugin'];
    }
    $create_user_real = $create_user_show = $create_user_stmt;
    $password_set_stmt = 'SET PASSWORD FOR \'%s\'@\'%s\' = \'%s\'';
    $password_set_show = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, '***');
    $sql_query_stmt = sprintf('GRANT %s ON *.* TO \'%s\'@\'%s\'', join(', ', PMA_extractPrivInfo()), $slashedUsername, $slashedHostname);
    $real_sql_query = $sql_query = $sql_query_stmt;
    // Set the proper hashing method
    if (isset($_REQUEST['authentication_plugin'])) {
        PMA_setProperPasswordHashing($_REQUEST['authentication_plugin']);
    }
    // Use 'CREATE USER ... WITH ... AS ..' syntax for
    // newer MySQL versions
    // and 'CREATE USER ... USING .. VIA ..' syntax for
    // newer MariaDB versions
    if (($serverType == 'MySQL' || $serverType == 'Percona Server') && PMA_MYSQL_INT_VERSION >= 50706 || $serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200) {
        $password_set_real = null;
        // Required for binding '%' with '%s'
        $create_user_stmt = str_replace('%', '%%', $create_user_stmt);
        // MariaDB uses 'USING' whereas MySQL uses 'AS'
        if ($serverType == 'MariaDB') {
            $create_user_stmt .= ' USING \'%s\'';
        } else {
            $create_user_stmt .= ' AS \'%s\'';
        }
        if ($_POST['pred_password'] == 'keep') {
            $create_user_real = sprintf($create_user_stmt, $slashedPassword);
            $create_user_show = sprintf($create_user_stmt, '***');
        } else {
            if ($_POST['pred_password'] == 'none') {
                $create_user_real = sprintf($create_user_stmt, null);
                $create_user_show = sprintf($create_user_stmt, '***');
            } else {
                $hashedPassword = PMA_getHashedPassword($_POST['pma_pw']);
                $create_user_real = sprintf($create_user_stmt, $hashedPassword);
                $create_user_show = sprintf($create_user_stmt, '***');
            }
        }
    } else {
        // Use 'SET PASSWORD' syntax for pre-5.7.6 MySQL versions
        // and pre-5.2.0 MariaDB versions
        if ($_POST['pred_password'] == 'keep') {
            $password_set_real = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, $slashedPassword);
        } else {
            if ($_POST['pred_password'] == 'none') {
                $password_set_real = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, null);
            } else {
                $hashedPassword = PMA_getHashedPassword($_POST['pma_pw']);
                $password_set_real = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, $hashedPassword);
            }
        }
    }
    // add REQUIRE clause
    $require_clause = PMA_getRequireClause();
    $real_sql_query .= $require_clause;
    $sql_query .= $require_clause;
    if (isset($_POST['Grant_priv']) && $_POST['Grant_priv'] == 'Y' || (isset($_POST['max_questions']) || isset($_POST['max_connections']) || isset($_POST['max_updates']) || isset($_POST['max_user_connections']))) {
        $with_clause = PMA_getWithClauseForAddUserAndUpdatePrivs();
        $real_sql_query .= $with_clause;
        $sql_query .= $with_clause;
    }
    if (isset($create_user_real)) {
        $create_user_real .= ';';
        $create_user_show .= ';';
    }
    $real_sql_query .= ';';
    $sql_query .= ';';
    // No Global GRANT_OPTION privilege
    if (!$GLOBALS['is_grantuser']) {
        $real_sql_query = '';
        $sql_query = '';
    }
    // Use 'SET PASSWORD' for pre-5.7.6 MySQL versions
    // and pre-5.2.0 MariaDB
    if ($serverType == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706 || $serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200) {
        $password_set_real = null;
        $password_set_show = null;
    } else {
        $password_set_real .= ";";
        $password_set_show .= ";";
    }
    return array($create_user_real, $create_user_show, $real_sql_query, $sql_query, $password_set_real, $password_set_show);
}
            }
            echo '>' . (empty($current_user) ? '<span style="color: #FF0000">' . $GLOBALS['strAny'] . '</span>' : htmlspecialchars($current_user)) . "\n" . '        </td>' . "\n" . '        <td';
            if (count($current_privileges) > 1) {
                echo ' rowspan="' . count($current_privileges) . '"';
            }
            echo '>' . htmlspecialchars($current_host) . '</td>' . "\n";
            foreach ($current_privileges as $current) {
                echo '        <td>' . "\n" . '            ';
                if (!isset($current['Db']) || $current['Db'] == '*') {
                    echo $GLOBALS['strGlobal'];
                } elseif ($current['Db'] == PMA_escape_mysql_wildcards($checkprivs)) {
                    echo $GLOBALS['strDbSpecific'];
                } else {
                    echo $GLOBALS['strWildcard'], ': <tt>' . htmlspecialchars($current['Db']) . '</tt>';
                }
                echo "\n" . '        </td>' . "\n" . '        <td>' . "\n" . '            <tt>' . "\n" . '                ' . join(',' . "\n" . '                ', PMA_extractPrivInfo($current, TRUE)) . "\n" . '            <tt>' . "\n" . '        </td>' . "\n" . '        <td>' . "\n" . '            ' . ($current['Grant_priv'] == 'Y' ? $GLOBALS['strYes'] : $GLOBALS['strNo']) . "\n" . '        </td>' . "\n" . '        <td>' . "\n";
                printf($link_edit, urlencode($current_user), urlencode($current_host), urlencode(!isset($current['Db']) || $current['Db'] == '*' ? '' : $current['Db']), '');
                echo '</td>' . "\n" . '    </tr>' . "\n";
            }
            if (empty($row) && empty($row1) && empty($row2)) {
                break;
            }
            $odd_row = !$odd_row;
        }
    } else {
        echo '    <tr class="odd">' . "\n" . '        <td colspan="6">' . "\n" . '            ' . $GLOBALS['strNoUsersFound'] . "\n" . '        </td>' . "\n" . '    </tr>' . "\n";
    }
    echo '</tbody>' . "\n" . '</table>' . "\n";
}
// end if (empty($adduser) && empty($checkprivs)) ... else if ... else ...
/**
                if (count($current_privileges) > 1) {
                    echo ' rowspan="' . count($current_privileges) . '"';
                }
                echo ' bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n" . '            ' . htmlspecialchars($current_host) . "\n" . '        </td>' . "\n";
                foreach ($current_privileges as $current) {
                    echo '        <td bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n" . '            ';
                    if (!isset($current['Db']) || $current['Db'] == '*') {
                        echo $strGlobal;
                    } else {
                        if ($current['Db'] == $checkprivs) {
                            echo $strDbSpecific;
                        } else {
                            echo $strWildcard, ': <tt>' . htmlspecialchars($current['Db']) . '</tt>';
                        }
                    }
                    echo "\n" . '        </td>' . "\n" . '        <td bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n" . '            <tt>' . "\n" . '                ' . join(',' . "\n" . '                ', PMA_extractPrivInfo($current, TRUE)) . "\n" . '            <tt>' . "\n" . '        </td>' . "\n" . '        <td bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n" . '            ' . ($current['Grant_priv'] == 'Y' ? $strYes : $strNo) . "\n" . '        </td>' . "\n" . '        <td bgcolor="' . ($useBgcolorOne ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']) . '">' . "\n" . '            <a href="./server_privileges.php?' . $url_query . '&amp;username='******'&amp;hostname=' . urlencode($current_host) . (!isset($current['Db']) || $current['Db'] == '*' ? '' : '&amp;dbname=' . urlencode($current['Db'])) . '">' . "\n" . '                ' . $strEdit . "\n" . '            </a>' . "\n" . '        </td>' . "\n" . '    </tr>' . "\n";
                }
                if (empty($row) && empty($row1) && empty($row2)) {
                    break;
                }
                $useBgcolorOne = !$useBgcolorOne;
            }
        } else {
            echo '    <tr>' . "\n" . '        <td colspan="6" bgcolor="' . $cfg['BgcolorTwo'] . '">' . "\n" . '            ' . $strNoUsersFound . "\n" . '        </td>' . "\n" . '    </tr>' . "\n";
        }
        echo '</table>' . "\n";
    }
}
// end if (empty($adduser) && empty($checkprivs)) ... else if ... else ...
/**
 * Displays the footer
            }
            echo '>' . (empty($current_user) ? '<span style="color: #FF0000">' . __('Any') . '</span>' : htmlspecialchars($current_user)) . "\n" . '        </td>' . "\n" . '        <td';
            if (count($current_privileges) > 1) {
                echo ' rowspan="' . count($current_privileges) . '"';
            }
            echo '>' . htmlspecialchars($current_host) . '</td>' . "\n";
            foreach ($current_privileges as $current) {
                echo '        <td>' . "\n" . '            ';
                if (!isset($current['Db']) || $current['Db'] == '*') {
                    echo __('global');
                } elseif ($current['Db'] == PMA_escape_mysql_wildcards($checkprivs)) {
                    echo __('database-specific');
                } else {
                    echo __('wildcard'), ': <tt>' . htmlspecialchars($current['Db']) . '</tt>';
                }
                echo "\n" . '        </td>' . "\n" . '        <td>' . "\n" . '            <tt>' . "\n" . '                ' . join(',' . "\n" . '                ', PMA_extractPrivInfo($current, TRUE)) . "\n" . '            </tt>' . "\n" . '        </td>' . "\n" . '        <td>' . "\n" . '            ' . ($current['Grant_priv'] == 'Y' ? __('Yes') : __('No')) . "\n" . '        </td>' . "\n" . '        <td>' . "\n";
                printf($link_edit, urlencode($current_user), urlencode($current_host), urlencode(!isset($current['Db']) || $current['Db'] == '*' ? '' : $current['Db']), '');
                echo '</td>' . "\n" . '    </tr>' . "\n";
            }
            if (empty($row) && empty($row1) && empty($row2)) {
                break;
            }
            $odd_row = !$odd_row;
        }
    } else {
        echo '    <tr class="odd">' . "\n" . '        <td colspan="6">' . "\n" . '            ' . __('No user found.') . "\n" . '        </td>' . "\n" . '    </tr>' . "\n";
    }
    echo '</tbody>' . "\n" . '</table></form>' . "\n";
    // Offer to create a new user for the current database
    echo '<fieldset id="fieldset_add_user">' . "\n" . '    <a href="server_privileges.php?' . $GLOBALS['url_query'] . '&amp;adduser=1&amp;dbname=' . htmlspecialchars($checkprivs) . '">' . "\n" . PMA_getIcon('b_usradd.png') . '        ' . __('Add a new User') . '</a>' . "\n" . '</fieldset>' . "\n";
}
/**
 * Get SQL queries for Display and Add user
 *
 * @param string $username username
 * @param string $hostname host name
 * @param string $password password
 *
 * @return array ($create_user_real, $create_user_show,$real_sql_query, $sql_query
 *                $password_set_real, $password_set_show)
 */
function PMA_getSqlQueriesForDisplayAndAddUser($username, $hostname, $password)
{
    $slashedUsername = PMA_Util::sqlAddSlashes($username);
    $slashedHostname = PMA_Util::sqlAddSlashes($hostname);
    // '%' character causes binding problems with sprintf
    // and therefore has to be escaped using an extra '%'
    $escapedHostname = $hostname;
    $escapedUsername = $username;
    if (strpos($hostname, '%') !== false) {
        $escapedHostname = str_replace('%', '%%', $hostname);
    }
    if (strpos($username, '%') !== false) {
        $escapedUsername = str_replace('%', '%%', $username);
    }
    $slashedEscapedUsername = PMA_Util::sqlAddSlashes($escapedUsername);
    $slashedEscapedHostname = PMA_Util::sqlAddSlashes($escapedHostname);
    $create_user_stmt = sprintf('CREATE USER \'%s\'@\'%s\'', $slashedEscapedUsername, $slashedEscapedHostname);
    $create_user_real = $create_user_show = $create_user_stmt;
    $password_set_stmt = 'SET PASSWORD FOR \'%s\'@\'%s\' = PASSWORD(\'%s\')';
    $password_set_show = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, '***');
    $password_set_real = null;
    $sql_query_stmt = sprintf('GRANT %s ON *.* TO \'%s\'@\'%s\'', join(', ', PMA_extractPrivInfo()), $slashedUsername, $slashedHostname);
    $real_sql_query = $sql_query = $sql_query_stmt;
    //@todo Following blocks should be delegated to another function and factorized.
    //There are too much duplication here.
    if ($_POST['pred_password'] != 'none' && $_POST['pred_password'] != 'keep') {
        $slashedPassword = PMA_Util::sqlAddSlashes($_POST['pma_pw']);
        if (isset($_REQUEST['authentication_plugin']) && $_REQUEST['authentication_plugin']) {
            if (PMA_MYSQL_INT_VERSION >= 50700) {
                $create_user_stmt .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin'] . ' BY \'%s\'';
                $create_user_show = sprintf($create_user_stmt, '***');
                $create_user_real = sprintf($create_user_stmt, $slashedPassword);
            } else {
                $create_user_stmt .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin'];
                $create_user_show = $create_user_real = $create_user_stmt;
            }
        } else {
            $sql_query_stmt .= ' IDENTIFIED BY \'%s\' ';
            $sql_query = sprintf($sql_query_stmt, '***');
            $real_sql_query = sprintf($sql_query_stmt, $slashedPassword);
        }
        $password_set_real = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, $slashedPassword);
    } else {
        $slashedPassword = PMA_Util::sqlAddSlashes($password);
        if ($_POST['pred_password'] == 'keep' && !empty($password)) {
            if (isset($_REQUEST['authentication_plugin']) && $_REQUEST['authentication_plugin']) {
                if (PMA_MYSQL_INT_VERSION >= 50700) {
                    $create_user_stmt .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin'] . ' BY \'%s\'';
                    $create_user_show = sprintf($create_user_stmt, '***');
                    $create_user_real = sprintf($create_user_stmt, $slashedPassword);
                } else {
                    $create_user_stmt .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin'];
                    $create_user_show = $create_user_real = $create_user_stmt;
                }
                $password_set_real = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, $slashedPassword);
            } else {
                $sql_query_stmt .= ' IDENTIFIED BY \'%s\' ';
                $sql_query = sprintf($sql_query_stmt, '***');
                $real_sql_query = sprintf($sql_query_stmt, $slashedPassword);
                $password_set_real = null;
            }
        } elseif ($_POST['pred_password'] == 'keep' && empty($password)) {
            if (isset($_REQUEST['authentication_plugin']) && $_REQUEST['authentication_plugin']) {
                if (PMA_MYSQL_INT_VERSION >= 50700) {
                    $create_user_stmt .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin'] . ' BY \'%s\'';
                    $create_user_show = sprintf($create_user_stmt, '***');
                    $create_user_real = sprintf($create_user_stmt, null);
                } else {
                    $create_user_stmt .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin'];
                    $create_user_show = $create_user_real = $create_user_stmt;
                }
                $password_set_real = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, null);
            } else {
                $sql_query_stmt .= ' IDENTIFIED BY \'%s\' ';
                $sql_query = sprintf($sql_query_stmt, '***');
                $real_sql_query = sprintf($sql_query_stmt, null);
                $password_set_real = null;
            }
        }
    }
    // add REQUIRE clause
    $require_clause = PMA_getRequireClause();
    $real_sql_query .= $require_clause;
    $sql_query .= $require_clause;
    if (isset($_POST['Grant_priv']) && $_POST['Grant_priv'] == 'Y' || (isset($_POST['max_questions']) || isset($_POST['max_connections']) || isset($_POST['max_updates']) || isset($_POST['max_user_connections']))) {
        $with_clause = PMA_getWithClauseForAddUserAndUpdatePrivs();
        $real_sql_query .= $with_clause;
        $sql_query .= $with_clause;
    }
    if (isset($create_user_real)) {
        $create_user_real .= ';';
        $create_user_show .= ';';
    }
    $real_sql_query .= ';';
    $sql_query .= ';';
    // No Global GRANT_OPTION privilege
    if (!$GLOBALS['is_grantuser']) {
        $real_sql_query = '';
        $sql_query = '';
    }
    if (PMA_Util::getServerType() == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50700) {
        $password_set_real = null;
        $password_set_show = null;
    } else {
        $password_set_real .= ";";
        $password_set_show .= ";";
    }
    return array($create_user_real, $create_user_show, $real_sql_query, $sql_query, $password_set_real, $password_set_show);
}
/**
 * Get SQL queries for Display and Add user
 *
 * @param string $username username
 * @param string $hostname host name
 * @param string $password password
 *
 * @return array ($create_user_real, $create_user_show,$real_sql_query, $sql_query
 *                $password_set_real, $password_set_show)
 */
function PMA_getSqlQueriesForDisplayAndAddUser($username, $hostname, $password)
{
    $create_user_real = 'CREATE USER \'' . PMA_Util::sqlAddSlashes($username) . '\'@\'' . PMA_Util::sqlAddSlashes($hostname) . '\'';
    $password_set_real = 'SET PASSWORD FOR \'' . PMA_Util::sqlAddSlashes($username) . '\'@\'' . PMA_Util::sqlAddSlashes($hostname) . '\' = ' . ' PASSWORD(\'';
    $real_sql_query = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON *.* TO \'' . PMA_Util::sqlAddSlashes($username) . '\'@\'' . PMA_Util::sqlAddSlashes($hostname) . '\'';
    $create_user_show = $create_user_real;
    $password_set_show = $password_set_real . '***\')';
    $sql_query = $real_sql_query;
    if ($_POST['pred_password'] != 'none' && $_POST['pred_password'] != 'keep') {
        if (isset($create_user_real)) {
            if (isset($_REQUEST['authentication_plugin']) && $_REQUEST['authentication_plugin']) {
                if (PMA_MYSQL_INT_VERSION >= 50700) {
                    $create_user_show .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin'] . ' BY \'***\'';
                    $create_user_real .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin'] . ' BY  \'' . PMA_Util::sqlAddSlashes($_POST['pma_pw']) . '\' ';
                } else {
                    $create_user_show .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin'];
                    $create_user_real .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin'];
                    $password_set_real .= '\'' . PMA_Util::sqlAddSlashes($_POST['pma_pw']) . '\');';
                }
            } else {
                $sql_query .= ' IDENTIFIED BY \'***\'';
                $real_sql_query .= ' IDENTIFIED BY  \'' . PMA_Util::sqlAddSlashes($_POST['pma_pw']) . '\' ';
                $password_set_real .= '\'' . PMA_Util::sqlAddSlashes($_POST['pma_pw']) . '\');';
            }
        }
    } else {
        if ($_POST['pred_password'] == 'keep' && !empty($password)) {
            if (isset($_REQUEST['authentication_plugin']) && $_REQUEST['authentication_plugin']) {
                if (PMA_MYSQL_INT_VERSION >= 50700) {
                    $create_user_show .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin'] . ' BY \'***\'';
                    $create_user_real .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin'] . ' BY  \'' . PMA_Util::sqlAddSlashes($_POST['pma_pw']) . '\' ';
                } else {
                    $create_user_show .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin'];
                    $create_user_real .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin'];
                    $password_set_real .= '\'' . PMA_Util::sqlAddSlashes($_POST['pma_pw']) . '\');';
                }
            } else {
                $sql_query .= ' IDENTIFIED BY \'***\'';
                $real_sql_query .= ' IDENTIFIED BY  \'' . PMA_Util::sqlAddSlashes($password) . '\' ';
                $password_set_real .= '\'' . PMA_Util::sqlAddSlashes($password) . '\');';
            }
        }
    }
    // add REQUIRE clause
    $require_clause = PMA_getRequireClause();
    $real_sql_query .= $require_clause;
    $sql_query .= $require_clause;
    if (isset($_POST['Grant_priv']) && $_POST['Grant_priv'] == 'Y' || (isset($_POST['max_questions']) || isset($_POST['max_connections']) || isset($_POST['max_updates']) || isset($_POST['max_user_connections']))) {
        $with_clause = PMA_getWithClauseForAddUserAndUpdatePrivs();
        $real_sql_query .= $with_clause;
        $sql_query .= $with_clause;
    }
    if (isset($create_user_real)) {
        $create_user_real .= ';';
        $create_user_show .= ';';
    }
    $real_sql_query .= ';';
    $sql_query .= ';';
    // No Global GRANT_OPTION privilege
    if (!$GLOBALS['is_grantuser']) {
        $real_sql_query = '';
        $sql_query = '';
    }
    if (PMA_MYSQL_INT_VERSION >= 50700) {
        $password_set_real = null;
        $password_set_show = null;
    } else {
        $password_set_real .= ";";
        $password_set_show .= ";";
    }
    return array($create_user_real, $create_user_show, $real_sql_query, $sql_query, $password_set_real, $password_set_show);
}