/**
* Displays the privileges form table
*
* @param string $db the database
* @param string $table the table
* @param boolean $submit wheather to display the submit button or not
*
* @global array $cfg the phpMyAdmin configuration
* @global ressource $user_link the database connection
*
* @return void
*/
function PMA_displayPrivTable($db = '*', $table = '*', $submit = true)
{
global $random_n;
if ($db == '*') {
$table = '*';
}
if (isset($GLOBALS['username'])) {
$username = $GLOBALS['username'];
$hostname = $GLOBALS['hostname'];
if ($db == '*') {
$sql_query = "SELECT * FROM `mysql`.`user`"
." WHERE `User` = '" . PMA_sqlAddSlashes($username) . "'"
." AND `Host` = '" . PMA_sqlAddSlashes($hostname) . "';";
} elseif ($table == '*') {
$sql_query = "SELECT * FROM `mysql`.`db`"
." WHERE `User` = '" . PMA_sqlAddSlashes($username) . "'"
." AND `Host` = '" . PMA_sqlAddSlashes($hostname) . "'"
." AND '" . PMA_unescape_mysql_wildcards($db) . "'"
." LIKE `Db`;";
} else {
$sql_query = "SELECT `Table_priv`"
." FROM `mysql`.`tables_priv`"
." WHERE `User` = '" . PMA_sqlAddSlashes($username) . "'"
." AND `Host` = '" . PMA_sqlAddSlashes($hostname) . "'"
." AND `Db` = '" . PMA_unescape_mysql_wildcards($db) . "'"
." AND `Table_name` = '" . PMA_sqlAddSlashes($table) . "';";
}
$row = PMA_DBI_fetch_single_row($sql_query);
}
if (empty($row)) {
if ($table == '*') {
if ($db == '*') {
$sql_query = 'SHOW COLUMNS FROM `mysql`.`user`;';
} elseif ($table == '*') {
$sql_query = 'SHOW COLUMNS FROM `mysql`.`db`;';
}
$res = PMA_DBI_query($sql_query);
while ($row1 = PMA_DBI_fetch_row($res)) {
if (substr($row1[0], 0, 4) == 'max_') {
$row[$row1[0]] = 0;
} else {
$row[$row1[0]] = 'N';
}
}
PMA_DBI_free_result($res);
} else {
$row = array('Table_priv' => '');
}
}
if (isset($row['Table_priv'])) {
$row1 = PMA_DBI_fetch_single_row(
'SHOW COLUMNS FROM `mysql`.`tables_priv` LIKE \'Table_priv\';',
'ASSOC', $GLOBALS['userlink']
);
// note: in MySQL 5.0.3 we get "Create View', 'Show view';
// the View for Create is spelled with uppercase V
// the view for Show is spelled with lowercase v
// and there is a space between the words
$av_grants = explode(
'\',\'',
substr(
$row1['Type'],
strpos($row1['Type'], '(') + 2,
strpos($row1['Type'], ')') - strpos($row1['Type'], '(') - 3
)
);
unset($row1);
$users_grants = explode(',', $row['Table_priv']);
foreach ($av_grants as $current_grant) {
$row[$current_grant . '_priv']
= in_array($current_grant, $users_grants) ? 'Y' : 'N';
}
unset($row['Table_priv'], $current_grant, $av_grants, $users_grants);
// get collumns
$res = PMA_DBI_try_query(
'SHOW COLUMNS FROM '
. PMA_backquote(PMA_unescape_mysql_wildcards($db))
. '.' . PMA_backquote($table) . ';'
);
$columns = array();
if ($res) {
while ($row1 = PMA_DBI_fetch_row($res)) {
$columns[$row1[0]] = array(
'Select' => false,
'Insert' => false,
'Update' => false,
'References' => false
);
}
PMA_DBI_free_result($res);
}
unset($res, $row1);
}
// t a b l e - s p e c i f i c p r i v i l e g e s
if (! empty($columns)) {
$res = PMA_DBI_query(
'SELECT `Column_name`, `Column_priv`'
.' FROM `mysql`.`columns_priv`'
.' WHERE `User`'
.' = \'' . PMA_sqlAddSlashes($username) . "'"
.' AND `Host`'
.' = \'' . PMA_sqlAddSlashes($hostname) . "'"
.' AND `Db`'
.' = \'' . PMA_sqlAddSlashes(PMA_unescape_mysql_wildcards($db)) . "'"
.' AND `Table_name`'
.' = \'' . PMA_sqlAddSlashes($table) . '\';'
);
while ($row1 = PMA_DBI_fetch_row($res)) {
$row1[1] = explode(',', $row1[1]);
foreach ($row1[1] as $current) {
$columns[$row1[0]][$current] = true;
}
}
PMA_DBI_free_result($res);
unset($res, $row1, $current);
echo '<input type="hidden" name="grant_count" value="' . count($row) . '" />' . "\n"
. '<input type="hidden" name="column_count" value="' . count($columns) . '" />' . "\n"
. '<fieldset id="fieldset_user_priv">' . "\n"
. ' <legend>' . __('Table-specific privileges')
. PMA_showHint(__('Note: MySQL privilege names are expressed in English'))
. '</legend>' . "\n";
// privs that are attached to a specific column
PMA_displayColumnPrivs(
$columns, $row, 'Select_priv', 'SELECT',
'select', __('Allows reading data.'), 'Select'
);
PMA_displayColumnPrivs(
$columns, $row, 'Insert_priv', 'INSERT',
'insert', __('Allows inserting and replacing data.'), 'Insert'
);
PMA_displayColumnPrivs(
$columns, $row, 'Update_priv', 'UPDATE',
'update', __('Allows changing data.'), 'Update'
);
PMA_displayColumnPrivs(
$columns, $row, 'References_priv', 'REFERENCES', 'references',
__('Has no effect in this MySQL version.'), 'References'
);
// privs that are not attached to a specific column
echo ' <div class="item">' . "\n";
foreach ($row as $current_grant => $current_grant_value) {
$grant_type = substr($current_grant, 0, (strlen($current_grant) - 5));
if (in_array($grant_type, array('Select', 'Insert', 'Update', 'References'))) {
continue;
}
// make a substitution to match the messages variables;
// also we must substitute the grant we get, because we can't generate
// a form variable containing blanks (those would get changed to
// an underscore when receiving the POST)
if ($current_grant == 'Create View_priv') {
$tmp_current_grant = 'CreateView_priv';
$current_grant = 'Create_view_priv';
} elseif ($current_grant == 'Show view_priv') {
$tmp_current_grant = 'ShowView_priv';
$current_grant = 'Show_view_priv';
} else {
$tmp_current_grant = $current_grant;
}
echo ' <div class="item">' . "\n"
. ' <input type="checkbox"'
. (empty($GLOBALS['checkall']) ? '' : ' checked="checked"')
. ' name="' . $current_grant . '" id="checkbox_' . $current_grant
. '" value="Y" '
. ($current_grant_value == 'Y' ? 'checked="checked" ' : '')
. 'title="';
echo (isset($GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, (strlen($tmp_current_grant) - 5))])
? $GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, (strlen($tmp_current_grant) - 5))]
: $GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, (strlen($tmp_current_grant) - 5)) . 'Tbl']) . '"/>' . "\n";
echo ' <label for="checkbox_' . $current_grant
. '"><code><dfn title="'
. (isset($GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, (strlen($tmp_current_grant) - 5))])
? $GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, (strlen($tmp_current_grant) - 5))]
: $GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, (strlen($tmp_current_grant) - 5)) . 'Tbl'])
. '">' . strtoupper(substr($current_grant, 0, strlen($current_grant) - 5)) . '</dfn></code></label>' . "\n"
. ' </div>' . "\n";
} // end foreach ()
echo ' </div>' . "\n";
// for Safari 2.0.2
echo ' <div class="clearfloat"></div>' . "\n";
} else {
// g l o b a l o r d b - s p e c i f i c
//
$privTable_names = array(0 => __('Data'), 1 => __('Structure'), 2 => __('Administration'));
// d a t a
$privTable[0] = array(
array('Select', 'SELECT', __('Allows reading data.')),
array('Insert', 'INSERT', __('Allows inserting and replacing data.')),
array('Update', 'UPDATE', __('Allows changing data.')),
array('Delete', 'DELETE', __('Allows deleting data.'))
);
if ($db == '*') {
$privTable[0][] = array('File', 'FILE', __('Allows importing data from and exporting data into files.'));
}
// s t r u c t u r e
$privTable[1] = array(
array('Create', 'CREATE', ($table == '*' ? __('Allows creating new databases and tables.') : __('Allows creating new tables.'))),
array('Alter', 'ALTER', __('Allows altering the structure of existing tables.')),
array('Index', 'INDEX', __('Allows creating and dropping indexes.')),
array('Drop', 'DROP', ($table == '*' ? __('Allows dropping databases and tables.') : __('Allows dropping tables.'))),
array('Create_tmp_table', 'CREATE TEMPORARY TABLES', __('Allows creating temporary tables.')),
array('Show_view', 'SHOW VIEW', __('Allows performing SHOW CREATE VIEW queries.')),
array('Create_routine', 'CREATE ROUTINE', __('Allows creating stored routines.')),
array('Alter_routine', 'ALTER ROUTINE', __('Allows altering and dropping stored routines.')),
array('Execute', 'EXECUTE', __('Allows executing stored routines.')),
);
// this one is for a db-specific priv: Create_view_priv
if (isset($row['Create_view_priv'])) {
$privTable[1][] = array('Create_view', 'CREATE VIEW', __('Allows creating new views.'));
}
// this one is for a table-specific priv: Create View_priv
if (isset($row['Create View_priv'])) {
$privTable[1][] = array('Create View', 'CREATE VIEW', __('Allows creating new views.'));
}
if (isset($row['Event_priv'])) {
// MySQL 5.1.6
$privTable[1][] = array('Event', 'EVENT', __('Allows to set up events for the event scheduler'));
$privTable[1][] = array('Trigger', 'TRIGGER', __('Allows creating and dropping triggers'));
}
// a d m i n i s t r a t i o n
$privTable[2] = array(
array('Grant', 'GRANT', __('Allows adding users and privileges without reloading the privilege tables.')),
);
if ($db == '*') {
$privTable[2][] = array('Super', 'SUPER', __('Allows connecting, even if maximum number of connections is reached; required for most administrative operations like setting global variables or killing threads of other users.'));
$privTable[2][] = array('Process', 'PROCESS', __('Allows viewing processes of all users'));
$privTable[2][] = array('Reload', 'RELOAD', __('Allows reloading server settings and flushing the server\'s caches.'));
$privTable[2][] = array('Shutdown', 'SHUTDOWN', __('Allows shutting down the server.'));
$privTable[2][] = array('Show_db', 'SHOW DATABASES', __('Gives access to the complete list of databases.'));
}
$privTable[2][] = array('Lock_tables', 'LOCK TABLES', __('Allows locking tables for the current thread.'));
$privTable[2][] = array('References', 'REFERENCES', __('Has no effect in this MySQL version.'));
if ($db == '*') {
$privTable[2][] = array('Repl_client', 'REPLICATION CLIENT', __('Allows the user to ask where the slaves / masters are.'));
$privTable[2][] = array('Repl_slave', 'REPLICATION SLAVE', __('Needed for the replication slaves.'));
$privTable[2][] = array('Create_user', 'CREATE USER', __('Allows creating, dropping and renaming user accounts.'));
}
echo '<input type="hidden" name="grant_count" value="'
. (count($privTable[0]) + count($privTable[1]) + count($privTable[2]) - (isset($row['Grant_priv']) ? 1 : 0))
. '" />' . "\n"
. '<fieldset id="fieldset_user_global_rights">' . "\n"
. ' <legend>' . "\n"
. ' '
. ($db == '*'
? __('Global privileges')
: ($table == '*'
? __('Database-specific privileges')
: __('Table-specific privileges'))) . "\n"
. ' (<a href="server_privileges.php?'
. $GLOBALS['url_query'] . '&checkall=1" onclick="setCheckboxes(\'addUsersForm_' . $random_n . '\', true); return false;">'
. __('Check All') . '</a> /' . "\n"
. ' <a href="server_privileges.php?'
. $GLOBALS['url_query'] . '" onclick="setCheckboxes(\'addUsersForm_' . $random_n . '\', false); return false;">'
. __('Uncheck All') . '</a>)' . "\n"
. ' </legend>' . "\n"
. ' <p><small><i>' . __('Note: MySQL privilege names are expressed in English') . '</i></small></p>' . "\n";
// Output the Global privilege tables with checkboxes
foreach ($privTable as $i => $table) {
echo ' <fieldset>' . "\n"
. ' <legend>' . __($privTable_names[$i]) . '</legend>' . "\n";
foreach ($table as $priv) {
echo ' <div class="item">' . "\n"
. ' <input type="checkbox"'
. ' name="' . $priv[0] . '_priv" id="checkbox_' . $priv[0] . '_priv"'
. ' value="Y" title="' . $priv[2] . '"'
. ((! empty($GLOBALS['checkall']) || $row[$priv[0] . '_priv'] == 'Y') ? ' checked="checked"' : '')
. '/>' . "\n"
. ' <label for="checkbox_' . $priv[0] . '_priv"><code><dfn title="' . $priv[2] . '">'
. $priv[1] . '</dfn></code></label>' . "\n"
. ' </div>' . "\n";
}
echo ' </fieldset>' . "\n";
}
// The "Resource limits" box is not displayed for db-specific privs
if ($db == '*') {
echo ' <fieldset>' . "\n"
. ' <legend>' . __('Resource limits') . '</legend>' . "\n"
. ' <p><small><i>' . __('Note: Setting these options to 0 (zero) removes the limit.') . '</i></small></p>' . "\n"
. ' <div class="item">' . "\n"
. ' <label for="text_max_questions"><code><dfn title="'
. __('Limits the number of queries the user may send to the server per hour.') . '">MAX QUERIES PER HOUR</dfn></code></label>' . "\n"
. ' <input type="text" name="max_questions" id="text_max_questions" value="'
. $row['max_questions'] . '" size="11" maxlength="11" title="' . __('Limits the number of queries the user may send to the server per hour.') . '" />' . "\n"
. ' </div>' . "\n"
. ' <div class="item">' . "\n"
. ' <label for="text_max_updates"><code><dfn title="'
. __('Limits the number of commands that change any table or database the user may execute per hour.') . '">MAX UPDATES PER HOUR</dfn></code></label>' . "\n"
. ' <input type="text" name="max_updates" id="text_max_updates" value="'
. $row['max_updates'] . '" size="11" maxlength="11" title="' . __('Limits the number of commands that change any table or database the user may execute per hour.') . '" />' . "\n"
. ' </div>' . "\n"
. ' <div class="item">' . "\n"
. ' <label for="text_max_connections"><code><dfn title="'
. __('Limits the number of new connections the user may open per hour.') . '">MAX CONNECTIONS PER HOUR</dfn></code></label>' . "\n"
. ' <input type="text" name="max_connections" id="text_max_connections" value="'
. $row['max_connections'] . '" size="11" maxlength="11" title="' . __('Limits the number of new connections the user may open per hour.') . '" />' . "\n"
. ' </div>' . "\n"
. ' <div class="item">' . "\n"
. ' <label for="text_max_user_connections"><code><dfn title="'
. __('Limits the number of simultaneous connections the user may have.') . '">MAX USER_CONNECTIONS</dfn></code></label>' . "\n"
. ' <input type="text" name="max_user_connections" id="text_max_user_connections" value="'
. $row['max_user_connections'] . '" size="11" maxlength="11" title="' . __('Limits the number of simultaneous connections the user may have.') . '" />' . "\n"
. ' </div>' . "\n"
. ' </fieldset>' . "\n";
}
// for Safari 2.0.2
echo ' <div class="clearfloat"></div>' . "\n";
}
echo '</fieldset>' . "\n";
if ($submit) {
echo '<fieldset id="fieldset_user_privtable_footer" class="tblFooters">' . "\n"
. ' <input type="submit" name="update_privs" value="' . __('Go') . '" />' . "\n"
. '</fieldset>' . "\n";
}
} // end of the 'PMA_displayPrivTable()' function
/**
* returns html code for db link to default db page
*
* @param string $database database
*
* @return string html link to default db page
*/
function PMA_getDbLink($database = null)
{
if (!strlen($database)) {
if (!strlen($GLOBALS['db'])) {
return '';
}
$database = $GLOBALS['db'];
} else {
$database = PMA_unescape_mysql_wildcards($database);
}
return '<a href="' . $GLOBALS['cfg']['DefaultTabDatabase'] . '?' . PMA_generate_common_url($database) . '" title="' . sprintf(__('Jump to database "%s".'), htmlspecialchars($database)) . '">' . htmlspecialchars($database) . '</a>';
}
/**
* Displays the privileges form table
*
* @param string $db the database
* @param string $table the table
* @param boolean $submit wheather to display the submit button or not
* @param int $indent the indenting level of the code
*
* @global array $cfg the phpMyAdmin configuration
* @global ressource $user_link the database connection
*
* @return void
*/
function PMA_displayPrivTable($db = '*', $table = '*', $submit = TRUE, $indent = 0)
{
if ($db == '*') {
$table = '*';
}
$spaces = str_repeat(' ', $indent);
if (isset($GLOBALS['username'])) {
$username = $GLOBALS['username'];
$hostname = $GLOBALS['hostname'];
if ($db == '*') {
$sql_query = 'SELECT * FROM `mysql`.`user`' . ' WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($hostname, 'quoted') . ';';
} elseif ($table == '*') {
$sql_query = 'SELECT * FROM `mysql`.`db`' . ' WHERE ' . PMA_convert_using('`User`') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('`Host`') . ' = ' . PMA_convert_using($hostname, 'quoted') . ' AND ' . PMA_convert_using(PMA_unescape_mysql_wildcards($db), 'quoted') . ' LIKE ' . PMA_convert_using('`Db`') . ';';
} else {
$sql_query = 'SELECT `Table_priv`' . ' FROM `mysql`.`tables_priv`' . ' WHERE ' . PMA_convert_using('`User`') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('`Host`') . ' = ' . PMA_convert_using($hostname, 'quoted') . ' AND ' . PMA_convert_using('`Db`') . ' = ' . PMA_convert_using(PMA_unescape_mysql_wildcards($db), 'quoted') . ' AND ' . PMA_convert_using('`Table_name`') . ' = ' . PMA_convert_using($table, 'quoted') . ';';
}
$res = PMA_DBI_query($sql_query);
$row = PMA_DBI_fetch_assoc($res);
PMA_DBI_free_result($res);
}
if (empty($row)) {
if ($table == '*') {
if ($db == '*') {
$sql_query = 'SHOW COLUMNS FROM `mysql`.`user`;';
} else {
if ($table == '*') {
$sql_query = 'SHOW COLUMNS FROM `mysql`.`db`;';
}
}
$res = PMA_DBI_query($sql_query);
while ($row1 = PMA_DBI_fetch_row($res)) {
if (substr($row1[0], 0, 4) == 'max_') {
$row[$row1[0]] = 0;
} else {
$row[$row1[0]] = 'N';
}
}
PMA_DBI_free_result($res);
} else {
$row = array('Table_priv' => '');
}
}
if (isset($row['Table_priv'])) {
$res = PMA_DBI_query('SHOW COLUMNS FROM `mysql`.`tables_priv` LIKE \'Table_priv\';', $GLOBALS['userlink']);
// note: in MySQL 5.0.3 we get "Create View', 'Show view';
// the View for Create is spelled with uppercase V
// the view for Show is spelled with lowercase v
// and there is a space between the words
$row1 = PMA_DBI_fetch_assoc($res);
PMA_DBI_free_result($res);
$av_grants = explode('\',\'', substr($row1['Type'], strpos($row1['Type'], '(') + 2, strpos($row1['Type'], ')') - strpos($row1['Type'], '(') - 3));
unset($res, $row1);
$users_grants = explode(',', $row['Table_priv']);
foreach ($av_grants as $current_grant) {
$row[$current_grant . '_priv'] = in_array($current_grant, $users_grants) ? 'Y' : 'N';
}
unset($row['Table_priv'], $current_grant, $av_grants, $users_grants);
// get collumns
$res = PMA_DBI_try_query('SHOW COLUMNS FROM `' . PMA_unescape_mysql_wildcards($db) . '`.`' . $table . '`;');
$columns = array();
if ($res) {
while ($row1 = PMA_DBI_fetch_row($res)) {
$columns[$row1[0]] = array('Select' => FALSE, 'Insert' => FALSE, 'Update' => FALSE, 'References' => FALSE);
}
PMA_DBI_free_result($res);
}
unset($res, $row1);
}
// t a b l e - s p e c i f i c p r i v i l e g e s
if (!empty($columns)) {
$res = PMA_DBI_query('SELECT `Column_name`, `Column_priv`' . ' FROM `mysql`.`columns_priv`' . ' WHERE ' . PMA_convert_using('`User`') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('`Host`') . ' = ' . PMA_convert_using($hostname, 'quoted') . ' AND ' . PMA_convert_using('`Db`') . ' = ' . PMA_convert_using(PMA_unescape_mysql_wildcards($db), 'quoted') . ' AND ' . PMA_convert_using('`Table_name`') . ' = ' . PMA_convert_using($table, 'quoted') . ';');
while ($row1 = PMA_DBI_fetch_row($res)) {
$row1[1] = explode(',', $row1[1]);
foreach ($row1[1] as $current) {
$columns[$row1[0]][$current] = TRUE;
}
}
PMA_DBI_free_result($res);
unset($res, $row1, $current);
echo $spaces . '<input type="hidden" name="grant_count" value="' . count($row) . '" />' . "\n" . $spaces . '<input type="hidden" name="column_count" value="' . count($columns) . '" />' . "\n" . $spaces . '<fieldset id="fieldset_user_priv">' . "\n" . $spaces . ' <legend>' . $GLOBALS['strTblPrivileges'] . '</legend>' . "\n" . $spaces . ' <p><small><i>' . $GLOBALS['strEnglishPrivileges'] . '</i></small></p>' . "\n";
// privs that are attached to a specific column
PMA_display_column_privs($spaces, $columns, $row, 'Select_priv', 'SELECT', 'select', $GLOBALS['strPrivDescSelect'], 'Select');
PMA_display_column_privs($spaces, $columns, $row, 'Insert_priv', 'INSERT', 'insert', $GLOBALS['strPrivDescInsert'], 'Insert');
PMA_display_column_privs($spaces, $columns, $row, 'Update_priv', 'UPDATE', 'update', $GLOBALS['strPrivDescUpdate'], 'Update');
PMA_display_column_privs($spaces, $columns, $row, 'References_priv', 'REFERENCES', 'references', $GLOBALS['strPrivDescReferences'], 'References');
// privs that are not attached to a specific column
echo $spaces . ' <div class="item">' . "\n";
foreach ($row as $current_grant => $current_grant_value) {
if (in_array(substr($current_grant, 0, strlen($current_grant) - 5), array('Select', 'Insert', 'Update', 'References'))) {
continue;
}
// make a substitution to match the messages variables;
// also we must substitute the grant we get, because we can't generate
// a form variable containing blanks (those would get changed to
// an underscore when receiving the POST)
if ($current_grant == 'Create View_priv') {
$tmp_current_grant = 'CreateView_priv';
$current_grant = 'Create_view_priv';
} elseif ($current_grant == 'Show view_priv') {
$tmp_current_grant = 'ShowView_priv';
$current_grant = 'Show_view_priv';
} else {
$tmp_current_grant = $current_grant;
}
echo $spaces . ' <div class="item">' . "\n" . $spaces . ' <input type="checkbox"' . (empty($GLOBALS['checkall']) ? '' : ' checked="checked"') . ' name="' . $current_grant . '" id="checkbox_' . $current_grant . '" value="Y" ' . ($current_grant_value == 'Y' ? 'checked="checked" ' : '') . 'title="';
echo (isset($GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5)]) ? $GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5)] : $GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5) . 'Tbl']) . '"/>' . "\n";
echo $spaces . ' <label for="checkbox_' . $current_grant . '"><tt><dfn title="' . (isset($GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5)]) ? $GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5)] : $GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5) . 'Tbl']) . '">' . strtoupper(substr($current_grant, 0, strlen($current_grant) - 5)) . '</dfn></tt></label>' . "\n" . $spaces . ' </div>' . "\n";
}
// end foreach()
echo $spaces . ' </div>' . "\n";
} else {
// g l o b a l o r d b - s p e c i f i c
//
// d a t a
$privTable[0] = array(array('Select', 'SELECT', $GLOBALS['strPrivDescSelect']), array('Insert', 'INSERT', $GLOBALS['strPrivDescInsert']), array('Update', 'UPDATE', $GLOBALS['strPrivDescUpdate']), array('Delete', 'DELETE', $GLOBALS['strPrivDescDelete']));
if ($db == '*') {
$privTable[0][] = array('File', 'FILE', $GLOBALS['strPrivDescFile']);
}
// s t r u c t u r e
$privTable[1] = array(array('Create', 'CREATE', $table == '*' ? $GLOBALS['strPrivDescCreateDb'] : $GLOBALS['strPrivDescCreateTbl']), array('Alter', 'ALTER', $GLOBALS['strPrivDescAlter']), array('Index', 'INDEX', $GLOBALS['strPrivDescIndex']), array('Drop', 'DROP', $table == '*' ? $GLOBALS['strPrivDescDropDb'] : $GLOBALS['strPrivDescDropTbl']));
if (isset($row['Create_tmp_table_priv'])) {
$privTable[1][] = array('Create_tmp_table', 'CREATE TEMPORARY TABLES', $GLOBALS['strPrivDescCreateTmpTable']);
}
// this one is for a db-specific priv: Create_view_priv
if (isset($row['Create_view_priv'])) {
$privTable[1][] = array('Create_view', 'CREATE VIEW', $GLOBALS['strPrivDescCreateView']);
}
// this one is for a table-specific priv: Create View_priv
if (isset($row['Create View_priv'])) {
$privTable[1][] = array('Create View', 'CREATE VIEW', $GLOBALS['strPrivDescCreateView']);
}
if (isset($row['Show_view_priv'])) {
$privTable[1][] = array('Show_view', 'SHOW VIEW', $GLOBALS['strPrivDescShowView']);
}
if (isset($row['Create_routine_priv'])) {
$privTable[1][] = array('Create_routine', 'CREATE ROUTINE', $GLOBALS['strPrivDescCreateRoutine']);
}
if (isset($row['Alter_routine_priv'])) {
$privTable[1][] = array('Alter_routine', 'ALTER ROUTINE', $GLOBALS['strPrivDescAlterRoutine']);
}
if (isset($row['Execute_priv'])) {
if (PMA_MYSQL_INT_VERSION >= 40002 && PMA_MYSQL_INT_VERSION < 50003) {
$privTable[1][] = array('Execute', 'EXECUTE', $GLOBALS['strPrivDescExecute']);
} else {
$privTable[1][] = array('Execute', 'EXECUTE', $GLOBALS['strPrivDescExecute5']);
}
}
// a d m i n i s t r a t i o n
$privTable[2] = array();
if (isset($row['Grant_priv'])) {
$privTable[2][] = array('Grant', 'GRANT', $GLOBALS['strPrivDescGrant']);
}
if ($db == '*') {
if (isset($row['Super_priv'])) {
$privTable[2][] = array('Super', 'SUPER', $GLOBALS['strPrivDescSuper']);
$privTable[2][] = array('Process', 'PROCESS', $GLOBALS['strPrivDescProcess4']);
} else {
$privTable[2][] = array('Process', 'PROCESS', $GLOBALS['strPrivDescProcess3']);
}
$privTable[2][] = array('Reload', 'RELOAD', $GLOBALS['strPrivDescReload']);
$privTable[2][] = array('Shutdown', 'SHUTDOWN', $GLOBALS['strPrivDescShutdown']);
if (isset($row['Show_db_priv'])) {
$privTable[2][] = array('Show_db', 'SHOW DATABASES', $GLOBALS['strPrivDescShowDb']);
}
}
if (isset($row['Lock_tables_priv'])) {
$privTable[2][] = array('Lock_tables', 'LOCK TABLES', $GLOBALS['strPrivDescLockTables']);
}
$privTable[2][] = array('References', 'REFERENCES', $GLOBALS['strPrivDescReferences']);
if ($db == '*') {
//if (isset($row['Execute_priv'])) {
// $privTable[2][] = array('Execute', 'EXECUTE', $GLOBALS['strPrivDescExecute']);
//}
if (isset($row['Repl_client_priv'])) {
$privTable[2][] = array('Repl_client', 'REPLICATION CLIENT', $GLOBALS['strPrivDescReplClient']);
}
if (isset($row['Repl_slave_priv'])) {
$privTable[2][] = array('Repl_slave', 'REPLICATION SLAVE', $GLOBALS['strPrivDescReplSlave']);
}
if (isset($row['Create_user_priv'])) {
$privTable[2][] = array('Create_user', 'CREATE USER', $GLOBALS['strPrivDescCreateUser']);
}
}
echo $spaces . '<input type="hidden" name="grant_count" value="' . (count($privTable[0]) + count($privTable[1]) + count($privTable[2]) - (isset($row['Grant_priv']) ? 1 : 0)) . '" />' . "\n" . $spaces . '<fieldset id="fieldset_user_global_rights">' . "\n" . $spaces . ' <legend>' . "\n" . $spaces . ' ' . ($db == '*' ? $GLOBALS['strGlobalPrivileges'] : ($table == '*' ? $GLOBALS['strDbPrivileges'] : $GLOBALS['strTblPrivileges'])) . "\n" . $spaces . ' ( <a href="./server_privileges.php?' . $GLOBALS['url_query'] . '&checkall=1" onclick="setCheckboxes(\'usersForm\', true); return false;">' . $GLOBALS['strCheckAll'] . '</a> /' . "\n" . $spaces . ' <a href="./server_privileges.php?' . $GLOBALS['url_query'] . '" onclick="setCheckboxes(\'usersForm\', false); return false;">' . $GLOBALS['strUncheckAll'] . '</a> )' . "\n" . $spaces . ' </legend>' . "\n" . $spaces . ' <p><small><i>' . $GLOBALS['strEnglishPrivileges'] . '</i></small></p>' . "\n" . $spaces . ' <fieldset>' . "\n" . $spaces . ' <legend>' . $GLOBALS['strData'] . '</legend>' . "\n";
foreach ($privTable[0] as $priv) {
echo $spaces . ' <div class="item">' . "\n" . $spaces . ' <input type="checkbox"' . (empty($GLOBALS['checkall']) ? '' : ' checked="checked"') . ' name="' . $priv[0] . '_priv" id="checkbox_' . $priv[0] . '_priv" value="Y" ' . ($row[$priv[0] . '_priv'] == 'Y' ? 'checked="checked" ' : '') . 'title="' . $priv[2] . '"/>' . "\n" . $spaces . ' <label for="checkbox_' . $priv[0] . '_priv"><tt><dfn title="' . $priv[2] . '">' . $priv[1] . '</dfn></tt></label>' . "\n" . $spaces . ' </div>' . "\n";
}
echo $spaces . ' </fieldset>' . "\n" . $spaces . ' <fieldset>' . "\n" . $spaces . ' <legend>' . $GLOBALS['strStructure'] . '</legend>' . "\n";
foreach ($privTable[1] as $priv) {
echo $spaces . ' <div class="item">' . "\n" . $spaces . ' <input type="checkbox"' . (empty($GLOBALS['checkall']) ? '' : ' checked="checked"') . ' name="' . $priv[0] . '_priv" id="checkbox_' . $priv[0] . '_priv" value="Y" ' . ($row[$priv[0] . '_priv'] == 'Y' ? 'checked="checked" ' : '') . 'title="' . $priv[2] . '"/>' . "\n" . $spaces . ' <label for="checkbox_' . $priv[0] . '_priv"><tt><dfn title="' . $priv[2] . '">' . $priv[1] . '</dfn></tt></label>' . "\n" . $spaces . ' </div>' . "\n";
}
echo $spaces . ' </fieldset>' . "\n" . $spaces . ' <fieldset>' . "\n" . $spaces . ' <legend>' . $GLOBALS['strAdministration'] . '</legend>' . "\n";
foreach ($privTable[2] as $priv) {
echo $spaces . ' <div class="item">' . "\n" . $spaces . ' <input type="checkbox"' . (empty($GLOBALS['checkall']) ? '' : ' checked="checked"') . ' name="' . $priv[0] . '_priv" id="checkbox_' . $priv[0] . '_priv" value="Y" ' . ($row[$priv[0] . '_priv'] == 'Y' ? 'checked="checked" ' : '') . 'title="' . $priv[2] . '"/>' . "\n" . $spaces . ' <label for="checkbox_' . $priv[0] . '_priv"><tt><dfn title="' . $priv[2] . '">' . $priv[1] . '</dfn></tt></label>' . "\n" . $spaces . ' </div>' . "\n";
}
echo $spaces . ' </fieldset>' . "\n";
// The "Resource limits" box is not displayed for db-specific privs
if ($db == '*') {
echo $spaces . ' <fieldset>' . "\n" . $spaces . ' <legend>' . $GLOBALS['strResourceLimits'] . '</legend>' . "\n" . $spaces . ' <p><small><i>' . $GLOBALS['strZeroRemovesTheLimit'] . '</i></small></p>' . "\n" . $spaces . ' <div class="item">' . "\n" . $spaces . ' <label for="text_max_questions"><tt><dfn title="' . $GLOBALS['strPrivDescMaxQuestions'] . '">MAX QUERIES PER HOUR</dfn></tt></label>' . "\n" . $spaces . ' <input type="text" name="max_questions" id="text_max_questions" value="' . $row['max_questions'] . '" size="11" maxlength="11" title="' . $GLOBALS['strPrivDescMaxQuestions'] . '" />' . "\n" . $spaces . ' </div>' . "\n" . $spaces . ' <div class="item">' . "\n" . $spaces . ' <label for="text_max_updates"><tt><dfn title="' . $GLOBALS['strPrivDescMaxUpdates'] . '">MAX UPDATES PER HOUR</dfn></tt></label>' . "\n" . $spaces . ' <input type="text" name="max_updates" id="text_max_updates" value="' . $row['max_updates'] . '" size="11" maxlength="11" title="' . $GLOBALS['strPrivDescMaxUpdates'] . '" />' . "\n" . $spaces . ' </div>' . "\n" . $spaces . ' <div class="item">' . "\n" . $spaces . ' <label for="text_max_connections"><tt><dfn title="' . $GLOBALS['strPrivDescMaxConnections'] . '">MAX CONNECTIONS PER HOUR</dfn></tt></label>' . "\n" . $spaces . ' <input type="text" name="max_connections" id="text_max_connections" value="' . $row['max_connections'] . '" size="11" maxlength="11" title="' . $GLOBALS['strPrivDescMaxConnections'] . '" />' . "\n" . $spaces . ' </div>' . "\n";
if (PMA_MYSQL_INT_VERSION >= 50003) {
echo $spaces . ' <div class="item">' . "\n" . $spaces . ' <label for="text_max_user_connections"><tt><dfn title="' . $GLOBALS['strPrivDescMaxUserConnections'] . '">MAX USER_CONNECTIONS</dfn></tt></label>' . "\n" . $spaces . ' <input type="text" name="max_user_connections" id="text_max_user_connections" value="' . $row['max_user_connections'] . '" size="11" maxlength="11" title="' . $GLOBALS['strPrivDescMaxUserConnections'] . '" />' . "\n" . $spaces . ' </div>' . "\n";
}
echo $spaces . ' </fieldset>' . "\n";
}
}
echo $spaces . '</fieldset>' . "\n";
if ($submit) {
echo $spaces . '<fieldset id="fieldset_user_privtable_footer" class="tblFooters">' . "\n" . $spaces . ' <input type="submit" name="update_privs" value="' . $GLOBALS['strGo'] . '" />' . "\n" . $spaces . '</fieldset>' . "\n";
}
}
/**
* checks the only_db configuration
*
* @uses PMA_List_Database::$_show_databases_disabled
* @uses PMA_List_Database::$items
* @uses PMA_List_Database::_retrieve()
* @uses PMA_unescape_mysql_wildcards()
* @uses preg_match()
* @uses array_diff()
* @uses array_merge()
* @uses is_array()
* @uses strlen()
* @uses is_string()
* @uses $cfg['Server']['only_db']
* @return boolean false if there is no only_db, otherwise true
*/
protected function _checkOnlyDatabase()
{
if (is_string($GLOBALS['cfg']['Server']['only_db'])
&& strlen($GLOBALS['cfg']['Server']['only_db'])) {
$GLOBALS['cfg']['Server']['only_db'] = array(
$GLOBALS['cfg']['Server']['only_db']
);
}
if (! is_array($GLOBALS['cfg']['Server']['only_db'])) {
return false;
}
$items = array();
foreach ($GLOBALS['cfg']['Server']['only_db'] as $each_only_db) {
if ($each_only_db === '*' && ! $this->_show_databases_disabled) {
// append all not already listed dbs to the list
$items = array_merge($items,
array_diff($this->_retrieve(), $items));
// there can only be one '*', and this can only be last
break;
}
// check if the db name contains wildcard,
// thus containing not escaped _ or %
if (! preg_match('/(^|[^\\\\])(_|%)/', $each_only_db)) {
// ... not contains wildcard
$items[] = PMA_unescape_mysql_wildcards($each_only_db);
continue;
}
if (! $this->_show_databases_disabled) {
$items = array_merge($items, $this->_retrieve($each_only_db));
continue;
}
// @todo induce error, about not using wildcards with SHOW DATABASE disabled?
}
$this->exchangeArray($items);
return true;
}
/**
* PMA_unescape_mysql_wildcards tests
* @dataProvider escapeDataProvider
*/
public function testUnEscape($a, $b)
{
$this->assertEquals($b, PMA_unescape_mysql_wildcards($a));
}
