/**
* Update the privileges and return the success or error message
*
* @param string $username username
* @param string $hostname host name
* @param string $tablename table name
* @param string $dbname database name
*
* @return PMA_message success message or error message for update
*/
function PMA_updatePrivileges($username, $hostname, $tablename, $dbname)
{
$db_and_table = PMA_wildcardEscapeForGrant($dbname, $tablename);
$sql_query0 = 'REVOKE ALL PRIVILEGES ON ' . $db_and_table . ' FROM \'' . PMA_Util::sqlAddSlashes($username) . '\'@\'' . PMA_Util::sqlAddSlashes($hostname) . '\';';
if (!isset($_POST['Grant_priv']) || $_POST['Grant_priv'] != 'Y') {
$sql_query1 = 'REVOKE GRANT OPTION ON ' . $db_and_table . ' FROM \'' . PMA_Util::sqlAddSlashes($username) . '\'@\'' . PMA_Util::sqlAddSlashes($hostname) . '\';';
} else {
$sql_query1 = '';
}
// Should not do a GRANT USAGE for a table-specific privilege, it
// causes problems later (cannot revoke it)
if (!(mb_strlen($tablename) && 'USAGE' == implode('', PMA_extractPrivInfo()))) {
$sql_query2 = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON ' . $db_and_table . ' TO \'' . PMA_Util::sqlAddSlashes($username) . '\'@\'' . PMA_Util::sqlAddSlashes($hostname) . '\'';
if (!mb_strlen($dbname)) {
// add REQUIRE clause
$sql_query2 .= PMA_getRequireClause();
}
if (isset($_POST['Grant_priv']) && $_POST['Grant_priv'] == 'Y' || !mb_strlen($dbname) && (isset($_POST['max_questions']) || isset($_POST['max_connections']) || isset($_POST['max_updates']) || isset($_POST['max_user_connections']))) {
$sql_query2 .= PMA_getWithClauseForAddUserAndUpdatePrivs();
}
$sql_query2 .= ';';
}
if (!$GLOBALS['dbi']->tryQuery($sql_query0)) {
// This might fail when the executing user does not have
// ALL PRIVILEGES himself.
// See https://sourceforge.net/p/phpmyadmin/bugs/3270/
$sql_query0 = '';
}
if (!empty($sql_query1) && !$GLOBALS['dbi']->tryQuery($sql_query1)) {
// this one may fail, too...
$sql_query1 = '';
}
if (!empty($sql_query2)) {
$GLOBALS['dbi']->query($sql_query2);
} else {
$sql_query2 = '';
}
$sql_query = $sql_query0 . ' ' . $sql_query1 . ' ' . $sql_query2;
$message = PMA_Message::success(__('You have updated the privileges for %s.'));
$message->addParam('\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'');
return array($sql_query, $message);
}
/**
* Test for PMA_wildcardEscapeForGrant
*
* @return void
*/
public function testPMAWildcardEscapeForGrant()
{
$dbname = '';
$tablename = '';
$db_and_table = PMA_wildcardEscapeForGrant($dbname, $tablename);
$this->assertEquals('*.*', $db_and_table);
$dbname = 'dbname';
$tablename = '';
$db_and_table = PMA_wildcardEscapeForGrant($dbname, $tablename);
$this->assertEquals('`dbname`.*', $db_and_table);
$dbname = 'dbname';
$tablename = 'tablename';
$db_and_table = PMA_wildcardEscapeForGrant($dbname, $tablename);
$this->assertEquals('`dbname`.`tablename`', $db_and_table);
}
if (isset($sql_query2)) {
PMA_DBI_query($sql_query2);
} else {
$sql_query2 = '';
}
$sql_query = $sql_query0 . ' ' . $sql_query1 . ' ' . $sql_query2;
$message = PMA_Message::success(__('You have updated the privileges for %s.'));
$message->addParam('\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'');
}
/**
* Revokes Privileges
*/
if (isset($_REQUEST['revokeall'])) {
$db_and_table = PMA_wildcardEscapeForGrant($dbname, isset($tablename) ? $tablename : '');
$sql_query0 = 'REVOKE ALL PRIVILEGES ON ' . $db_and_table
. ' FROM \'' . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\';';
$sql_query1 = 'REVOKE GRANT OPTION ON ' . $db_and_table
. ' FROM \'' . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\';';
PMA_DBI_query($sql_query0);
if (! PMA_DBI_try_query($sql_query1)) {
// this one may fail, too...
$sql_query1 = '';
}
$sql_query = $sql_query0 . ' ' . $sql_query1;
$message = PMA_Message::success(__('You have revoked the privileges for %s'));
$message->addParam('\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'');
if (! isset($tablename)) {
/**
* Update the privileges and return the success or error message
*
* @param string $dbname database name
* @param string $tablename table name
* @param string $username username
* @param string $hostname host name
*
* @return PMA_message success message or error message for update
*/
function PMA_updatePrivileges($username, $hostname, $tablename, $dbname)
{
$common_functions = PMA_CommonFunctions::getInstance();
$db_and_table = PMA_wildcardEscapeForGrant($dbname, $tablename);
$sql_query0 = 'REVOKE ALL PRIVILEGES ON ' . $db_and_table . ' FROM \'' . $common_functions->sqlAddSlashes($username) . '\'@\'' . $common_functions->sqlAddSlashes($hostname) . '\';';
if (!isset($_POST['Grant_priv']) || $_POST['Grant_priv'] != 'Y') {
$sql_query1 = 'REVOKE GRANT OPTION ON ' . $db_and_table . ' FROM \'' . $common_functions->sqlAddSlashes($username) . '\'@\'' . $common_functions->sqlAddSlashes($hostname) . '\';';
} else {
$sql_query1 = '';
}
// Should not do a GRANT USAGE for a table-specific privilege, it
// causes problems later (cannot revoke it)
if (!(strlen($tablename) && 'USAGE' == implode('', PMA_extractPrivInfo()))) {
$sql_query2 = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON ' . $db_and_table . ' TO \'' . $common_functions->sqlAddSlashes($username) . '\'@\'' . $common_functions->sqlAddSlashes($hostname) . '\'';
if (isset($_POST['Grant_priv']) && $_POST['Grant_priv'] == 'Y' || !strlen($dbname) && (isset($_POST['max_questions']) || isset($_POST['max_connections']) || isset($_POST['max_updates']) || isset($_POST['max_user_connections']))) {
$sql_query2 .= PMA_getWithClauseForAddUserAndUpdatePrivs();
}
$sql_query2 .= ';';
}
if (!PMA_DBI_try_query($sql_query0)) {
// This might fail when the executing user does not have ALL PRIVILEGES himself.
// See https://sourceforge.net/tracker/index.php?func=detail&aid=3285929&group_id=23067&atid=377408
$sql_query0 = '';
}
if (isset($sql_query1) && !PMA_DBI_try_query($sql_query1)) {
// this one may fail, too...
$sql_query1 = '';
}
if (isset($sql_query2)) {
PMA_DBI_query($sql_query2);
} else {
$sql_query2 = '';
}
$sql_query = $sql_query0 . ' ' . $sql_query1 . ' ' . $sql_query2;
$message = PMA_Message::success(__('You have updated the privileges for %s.'));
$message->addParam('\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'');
return array($sql_query, $message);
}
