break;
}
// end if
}
// end while
PMA_DBI_free_result($rs_usr);
unset($rs_usr, $row, $re0, $re1);
} else {
// Finally, let's try to get the user's privileges by using SHOW
// GRANTS...
// Maybe we'll find a little CREATE priv there :)
$rs_usr = PMA_DBI_try_query('SHOW GRANTS FOR ' . $mysql_cur_user_and_host . ';', $controllink, PMA_DBI_QUERY_STORE);
if (!$rs_usr) {
// OK, now we'd have to guess the user's hostname, but we
// only try out the 'username'@'%' case.
$rs_usr = PMA_DBI_try_query('SHOW GRANTS FOR ' . PMA_convert_using(PMA_sqlAddslashes($mysql_cur_user), 'quoted') . ';', $controllink, PMA_DBI_QUERY_STORE);
}
unset($local_query);
if ($rs_usr) {
PMA_analyseShowGrant($rs_usr, $is_create_db_priv, $db_to_create, $is_reload_priv, $dbs_where_create_table_allowed);
PMA_DBI_free_result($rs_usr);
unset($rs_usr);
}
// end if
}
// end elseif
}
// end if
}
// end else (MySQL < 4.1.2)
// If disabled, don't show it
/**
* Displays the privileges form table
*
* @param string the database
* @param string the table
* @param boolean wheather to display the submit button or not
* @param int the indenting level of the code
*
* @global array the phpMyAdmin configuration
* @global ressource the database connection
*
* @return void
*/
function PMA_displayPrivTable($db = '*', $table = '*', $submit = TRUE, $indent = 0)
{
global $cfg, $userlink, $url_query, $checkall;
if ($db == '*') {
$table = '*';
}
$spaces = '';
for ($i = 0; $i < $indent; $i++) {
$spaces .= ' ';
}
if (isset($GLOBALS['username'])) {
$username = $GLOBALS['username'];
$hostname = $GLOBALS['hostname'];
if ($db == '*') {
$sql_query = 'SELECT * FROM `user` WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($hostname, 'quoted') . ';';
} else {
if ($table == '*') {
$sql_query = 'SELECT * FROM `db` WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($hostname, 'quoted') . ' AND ' . PMA_convert_using('Db') . ' = ' . PMA_convert_using($db, 'quoted') . ';';
} else {
$sql_query = 'SELECT `Table_priv` FROM `tables_priv` WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($hostname, 'quoted') . ' AND ' . PMA_convert_using('Db') . ' = ' . PMA_convert_using($db, 'quoted') . ' AND ' . PMA_convert_using('Table_name') . ' = ' . PMA_convert_using($table, 'quoted') . ';';
}
}
$res = PMA_DBI_query($sql_query);
$row = PMA_DBI_fetch_assoc($res);
PMA_DBI_free_result($res);
}
if (empty($row)) {
if ($table == '*') {
if ($db == '*') {
$sql_query = 'SHOW COLUMNS FROM `mysql`.`user`;';
} else {
if ($table == '*') {
$sql_query = 'SHOW COLUMNS FROM `mysql`.`db`;';
}
}
$res = PMA_DBI_query($sql_query);
while ($row1 = PMA_DBI_fetch_row($res)) {
if (substr($row1[0], 0, 4) == 'max_') {
$row[$row1[0]] = 0;
} else {
$row[$row1[0]] = 'N';
}
}
PMA_DBI_free_result($res);
} else {
$row = array('Table_priv' => '');
}
}
if (isset($row['Table_priv'])) {
$res = PMA_DBI_query('SHOW COLUMNS FROM `tables_priv` LIKE \'Table_priv\';', $userlink);
$row1 = PMA_DBI_fetch_assoc($res);
PMA_DBI_free_result($res);
$av_grants = explode('\',\'', substr($row1['Type'], strpos($row1['Type'], '(') + 2, strpos($row1['Type'], ')') - strpos($row1['Type'], '(') - 3));
unset($res, $row1);
$users_grants = explode(',', $row['Table_priv']);
foreach ($av_grants as $current_grant) {
$row[$current_grant . '_priv'] = in_array($current_grant, $users_grants) ? 'Y' : 'N';
}
unset($row['Table_priv'], $current_grant, $av_grants, $users_grants);
$res = PMA_DBI_try_query('SHOW COLUMNS FROM `' . $db . '`.`' . $table . '`;');
$columns = array();
if ($res) {
while ($row1 = PMA_DBI_fetch_row($res)) {
$columns[$row1[0]] = array('Select' => FALSE, 'Insert' => FALSE, 'Update' => FALSE, 'References' => FALSE);
}
PMA_DBI_free_result($res);
}
unset($res, $row1);
}
if (!empty($columns)) {
$res = PMA_DBI_QUERY('SELECT `Column_name`, `Column_priv` FROM `columns_priv` WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($hostname, 'quoted') . ' AND ' . PMA_convert_using('Db') . ' = ' . PMA_convert_using($db, 'quoted') . ' AND ' . PMA_convert_using('Table_name') . ' = ' . PMA_convert_using($table, 'quoted') . ';');
while ($row1 = PMA_DBI_fetch_row($res)) {
$row1[1] = explode(',', $row1[1]);
foreach ($row1[1] as $current) {
$columns[$row1[0]][$current] = TRUE;
}
}
PMA_DBI_free_result($res);
unset($res);
unset($row1);
unset($current);
echo $spaces . '<input type="hidden" name="grant_count" value="' . count($row) . '" />' . "\n" . $spaces . '<input type="hidden" name="column_count" value="' . count($columns) . '" />' . "\n" . $spaces . '<table border="0" cellpadding="2" cellspacing="1">' . "\n" . $spaces . ' <tr>' . "\n" . $spaces . ' <th colspan="6"> ' . $GLOBALS['strTblPrivileges'] . ' </th>' . "\n" . $spaces . ' </tr>' . "\n" . $spaces . ' <tr>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '" colspan="6"><small><i>' . $GLOBALS['strEnglishPrivileges'] . '</i></small></td>' . "\n" . $spaces . ' </tr>' . "\n" . $spaces . ' <tr>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorOne'] . '"> <tt><dfn title="' . $GLOBALS['strPrivDescSelect'] . '">SELECT</dfn></tt> </td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorOne'] . '"> <tt><dfn title="' . $GLOBALS['strPrivDescInsert'] . '">INSERT</dfn></tt> </td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorOne'] . '"> <tt><dfn title="' . $GLOBALS['strPrivDescUpdate'] . '">UPDATE</dfn></tt> </td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorOne'] . '"> <tt><dfn title="' . $GLOBALS['strPrivDescReferences'] . '">REFERENCES</dfn></tt> </td>' . "\n";
list($current_grant, $current_grant_value) = each($row);
while (in_array(substr($current_grant, 0, strlen($current_grant) - 5), array('Select', 'Insert', 'Update', 'References'))) {
list($current_grant, $current_grant_value) = each($row);
}
echo $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><input type="checkbox"' . (empty($checkall) ? '' : ' checked="checked"') . ' name="' . $current_grant . '" id="checkbox_' . $current_grant . '" value="Y" ' . ($current_grant_value == 'Y' ? 'checked="checked" ' : '') . 'title="' . (isset($GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5)]) ? $GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5)] : $GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5) . 'Tbl']) . '"/></td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><label for="checkbox_' . $current_grant . '"><tt><dfn title="' . (isset($GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5)]) ? $GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5)] : $GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5) . 'Tbl']) . '">' . strtoupper(substr($current_grant, 0, strlen($current_grant) - 5)) . '</dfn></tt></label></td>' . "\n" . $spaces . ' </tr>' . "\n" . $spaces . ' <tr>' . "\n";
$rowspan = count($row) - 5;
echo $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '" rowspan="' . $rowspan . '" valign="top">' . "\n" . $spaces . ' <select name="Select_priv[]" multiple="multiple">' . "\n";
foreach ($columns as $current_column => $current_column_privileges) {
echo $spaces . ' <option value="' . htmlspecialchars($current_column) . '"';
if ($row['Select_priv'] == 'Y' || $current_column_privileges['Select']) {
echo ' selected="selected"';
}
echo '>' . htmlspecialchars($current_column) . '</option>' . "\n";
}
echo $spaces . ' </select><br />' . "\n" . $spaces . ' <i>' . $GLOBALS['strOr'] . '</i><br />' . "\n" . $spaces . ' <input type="checkbox"' . (empty($checkall) ? '' : ' checked="checked"') . ' name="Select_priv_none" id="checkbox_Select_priv_none" title="' . $GLOBALS['strNone'] . '" /><label for="checkbox_Select_priv_none">' . $GLOBALS['strNone'] . '</label>' . "\n" . $spaces . ' </td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '" rowspan="' . $rowspan . '" valign="top">' . "\n" . $spaces . ' <select name="Insert_priv[]" multiple="multiple">' . "\n";
foreach ($columns as $current_column => $current_column_privileges) {
echo $spaces . ' <option value="' . htmlspecialchars($current_column) . '"';
if ($row['Insert_priv'] == 'Y' || $current_column_privileges['Insert']) {
echo ' selected="selected"';
}
echo '>' . htmlspecialchars($current_column) . '</option>' . "\n";
}
echo $spaces . ' </select><br />' . "\n" . $spaces . ' <i>' . $GLOBALS['strOr'] . '</i><br />' . "\n" . $spaces . ' <input type="checkbox"' . (empty($checkall) ? '' : ' checked="checked"') . ' name="Insert_priv_none" id="checkbox_Insert_priv_none" title="' . $GLOBALS['strNone'] . '" /><label for="checkbox_Insert_priv_none">' . $GLOBALS['strNone'] . '</label>' . "\n" . $spaces . ' </td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '" rowspan="' . $rowspan . '" valign="top">' . "\n" . $spaces . ' <select name="Update_priv[]" multiple="multiple">' . "\n";
foreach ($columns as $current_column => $current_column_privileges) {
echo $spaces . ' <option value="' . htmlspecialchars($current_column) . '"';
if ($row['Update_priv'] == 'Y' || $current_column_privileges['Update']) {
echo ' selected="selected"';
}
echo '>' . htmlspecialchars($current_column) . '</option>' . "\n";
}
echo $spaces . ' </select><br />' . "\n" . $spaces . ' <i>' . $GLOBALS['strOr'] . '</i><br />' . "\n" . $spaces . ' <input type="checkbox"' . (empty($checkall) ? '' : ' checked="checked"') . ' name="Update_priv_none" id="checkbox_Update_priv_none" title="' . $GLOBALS['strNone'] . '" /><label for="checkbox_Update_priv_none">' . $GLOBALS['strNone'] . '</label>' . "\n" . $spaces . ' </td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '" rowspan="' . $rowspan . '" valign="top">' . "\n" . $spaces . ' <select name="References_priv[]" multiple="multiple">' . "\n";
foreach ($columns as $current_column => $current_column_privileges) {
echo $spaces . ' <option value="' . htmlspecialchars($current_column) . '"';
if ($row['References_priv'] == 'Y' || $current_column_privileges['References']) {
echo ' selected="selected"';
}
echo '>' . htmlspecialchars($current_column) . '</option>' . "\n";
}
echo $spaces . ' </select><br />' . "\n" . $spaces . ' <i>' . $GLOBALS['strOr'] . '</i><br />' . "\n" . $spaces . ' <input type="checkbox"' . (empty($checkall) ? '' : ' checked="checked"') . ' name="References_priv_none" id="checkbox_References_priv_none" title="' . $GLOBALS['strNone'] . '" /><label for="checkbox_References_priv_none">' . $GLOBALS['strNone'] . '</label>' . "\n" . $spaces . ' </td>' . "\n";
unset($rowspan);
list($current_grant, $current_grant_value) = each($row);
while (in_array(substr($current_grant, 0, strlen($current_grant) - 5), array('Select', 'Insert', 'Update', 'References'))) {
list($current_grant, $current_grant_value) = each($row);
}
echo $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><input type="checkbox"' . (empty($checkall) ? '' : ' checked="checked"') . ' name="' . $current_grant . '" id="checkbox_' . $current_grant . '" value="Y" ' . ($current_grant_value == 'Y' ? 'checked="checked" ' : '') . 'title="' . (isset($GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5)]) ? $GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5)] : $GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5) . 'Tbl']) . '"/></td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><label for="checkbox_' . $current_grant . '"><tt><dfn title="' . (isset($GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5)]) ? $GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5)] : $GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5) . 'Tbl']) . '">' . strtoupper(substr($current_grant, 0, strlen($current_grant) - 5)) . '</dfn></tt></label></td>' . "\n" . $spaces . ' </tr>' . "\n";
while (list($current_grant, $current_grant_value) = each($row)) {
if (in_array(substr($current_grant, 0, strlen($current_grant) - 5), array('Select', 'Insert', 'Update', 'References'))) {
continue;
}
echo $spaces . ' <tr>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><input type="checkbox"' . (empty($checkall) ? '' : ' checked="checked"') . ' name="' . $current_grant . '" id="checkbox_' . $current_grant . '" value="Y" ' . ($current_grant_value == 'Y' ? 'checked="checked" ' : '') . 'title="' . (isset($GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5)]) ? $GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5)] : $GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5) . 'Tbl']) . '"/></td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><label for="checkbox_' . $current_grant . '"><tt><dfn title="' . (isset($GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5)]) ? $GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5)] : $GLOBALS['strPrivDesc' . substr($current_grant, 0, strlen($current_grant) - 5) . 'Tbl']) . '">' . strtoupper(substr($current_grant, 0, strlen($current_grant) - 5)) . '</dfn></tt></label></td>' . "\n" . $spaces . ' </tr>' . "\n";
}
} else {
$privTable[0] = array(array('Select', 'SELECT', $GLOBALS['strPrivDescSelect']), array('Insert', 'INSERT', $GLOBALS['strPrivDescInsert']), array('Update', 'UPDATE', $GLOBALS['strPrivDescUpdate']), array('Delete', 'DELETE', $GLOBALS['strPrivDescDelete']));
if ($db == '*') {
$privTable[0][] = array('File', 'FILE', $GLOBALS['strPrivDescFile']);
}
$privTable[1] = array(array('Create', 'CREATE', $table == '*' ? $GLOBALS['strPrivDescCreateDb'] : $GLOBALS['strPrivDescCreateTbl']), array('Alter', 'ALTER', $GLOBALS['strPrivDescAlter']), array('Index', 'INDEX', $GLOBALS['strPrivDescIndex']), array('Drop', 'DROP', $table == '*' ? $GLOBALS['strPrivDescDropDb'] : $GLOBALS['strPrivDescDropTbl']));
if (isset($row['Create_tmp_table_priv'])) {
$privTable[1][] = array('Create_tmp_table', 'CREATE TEMPORARY TABLES', $GLOBALS['strPrivDescCreateTmpTable']);
}
$privTable[2] = array();
if (isset($row['Grant_priv'])) {
$privTable[2][] = array('Grant', 'GRANT', $GLOBALS['strPrivDescGrant']);
}
if ($db == '*') {
if (isset($row['Super_priv'])) {
$privTable[2][] = array('Super', 'SUPER', $GLOBALS['strPrivDescSuper']);
$privTable[2][] = array('Process', 'PROCESS', $GLOBALS['strPrivDescProcess4']);
} else {
$privTable[2][] = array('Process', 'PROCESS', $GLOBALS['strPrivDescProcess3']);
}
$privTable[2][] = array('Reload', 'RELOAD', $GLOBALS['strPrivDescReload']);
$privTable[2][] = array('Shutdown', 'SHUTDOWN', $GLOBALS['strPrivDescShutdown']);
if (isset($row['Show_db_priv'])) {
$privTable[2][] = array('Show_db', 'SHOW DATABASES', $GLOBALS['strPrivDescShowDb']);
}
}
if (isset($row['Lock_tables_priv'])) {
$privTable[2][] = array('Lock_tables', 'LOCK TABLES', $GLOBALS['strPrivDescLockTables']);
}
$privTable[2][] = array('References', 'REFERENCES', $GLOBALS['strPrivDescReferences']);
if ($db == '*') {
if (isset($row['Execute_priv'])) {
$privTable[2][] = array('Execute', 'EXECUTE', $GLOBALS['strPrivDescExecute']);
}
if (isset($row['Repl_client_priv'])) {
$privTable[2][] = array('Repl_client', 'REPLICATION CLIENT', $GLOBALS['strPrivDescReplClient']);
}
if (isset($row['Repl_slave_priv'])) {
$privTable[2][] = array('Repl_slave', 'REPLICATION SLAVE', $GLOBALS['strPrivDescReplSlave']);
}
}
echo $spaces . '<input type="hidden" name="grant_count" value="' . (count($privTable[0]) + count($privTable[1]) + count($privTable[2]) - (isset($row['Grant_priv']) ? 1 : 0)) . '" />' . "\n" . $spaces . '<table border="0" cellpadding="2" cellspacing="1">' . "\n" . $spaces . ' <tr>' . "\n" . $spaces . ' <th colspan="6"> ' . ($db == '*' ? $GLOBALS['strGlobalPrivileges'] : ($table == '*' ? $GLOBALS['strDbPrivileges'] : $GLOBALS['strTblPrivileges'])) . ' </th>' . "\n" . $spaces . ' </tr>' . "\n" . $spaces . ' <tr>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '" align="center" colspan="6"><small><i>' . $GLOBALS['strEnglishPrivileges'] . '</i></small><br />' . "\n" . $spaces . ' <a href="./server_privileges.php?' . $url_query . '&checkall=1" onclick="setCheckboxes(\'usersForm\', \'\', true); return false;">' . $GLOBALS['strCheckAll'] . '</a>' . "\n" . $spaces . '  ' . "\n" . $spaces . ' <a href="./server_privileges.php?' . $url_query . '" onclick="setCheckboxes(\'usersForm\', \'\', false); return false;">' . $GLOBALS['strUncheckAll'] . '</a></td>' . "\n" . $spaces . ' </tr>' . "\n" . $spaces . ' <tr>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorOne'] . '" colspan="2"> <b><i>' . $GLOBALS['strData'] . '</i></b> </td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorOne'] . '" colspan="2"> <b><i>' . $GLOBALS['strStructure'] . '</i></b> </td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorOne'] . '" colspan="2"> <b><i>' . $GLOBALS['strAdministration'] . '</i></b> </td>' . "\n" . $spaces . ' </tr>' . "\n";
$limitTable = FALSE;
for ($i = 0; isset($privTable[0][$i]) || isset($privTable[1][$i]) || isset($privTable[2][$i]); $i++) {
echo $spaces . ' <tr>' . "\n";
for ($j = 0; $j < 3; $j++) {
if (isset($privTable[$j][$i])) {
echo $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><input type="checkbox"' . (empty($checkall) ? '' : ' checked="checked"') . ' name="' . $privTable[$j][$i][0] . '_priv" id="checkbox_' . $privTable[$j][$i][0] . '_priv" value="Y" ' . ($row[$privTable[$j][$i][0] . '_priv'] == 'Y' ? 'checked="checked" ' : '') . 'title="' . $privTable[$j][$i][2] . '"/></td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><label for="checkbox_' . $privTable[$j][$i][0] . '_priv"><tt><dfn title="' . $privTable[$j][$i][2] . '">' . $privTable[$j][$i][1] . '</dfn></tt></label></td>' . "\n";
} else {
if ($db == '*' && !isset($privTable[0][$i]) && !isset($privTable[1][$i]) && isset($row['max_questions']) && isset($row['max_updates']) && isset($row['max_connections']) && !$limitTable) {
echo $spaces . ' <td colspan="4" rowspan="' . (count($privTable[2]) - $i) . '">' . "\n" . $spaces . ' <table border="0" cellpadding="0" cellspacing="0">' . "\n" . $spaces . ' <tr>' . "\n" . $spaces . ' <th colspan="2"> ' . $GLOBALS['strResourceLimits'] . ' </th>' . "\n" . $spaces . ' </tr>' . "\n" . $spaces . ' <tr>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '" colspan="2"><small><i>' . $GLOBALS['strZeroRemovesTheLimit'] . '</i></small></td>' . "\n" . $spaces . ' </tr>' . "\n" . $spaces . ' <tr>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><label for="text_max_questions"><tt><dfn title="' . $GLOBALS['strPrivDescMaxQuestions'] . '">MAX QUERIES PER HOUR</dfn></tt></label></td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><input type="text" class="textfield" name="max_questions" id="text_max_questions" value="' . $row['max_questions'] . '" size="11" maxlength="11" title="' . $GLOBALS['strPrivDescMaxQuestions'] . '" /></td>' . "\n" . $spaces . ' </tr>' . "\n" . $spaces . ' <tr>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><label for="text_max_updates"><tt><dfn title="' . $GLOBALS['strPrivDescMaxUpdates'] . '">MAX UPDATES PER HOUR</dfn></tt></label></td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><input type="text" class="textfield" name="max_updates" id="text_max_updates" value="' . $row['max_updates'] . '" size="11" maxlength="11" title="' . $GLOBALS['strPrivDescMaxUpdates'] . '" /></td>' . "\n" . $spaces . ' </tr>' . "\n" . $spaces . ' <tr>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><label for="text_max_connections"><tt><dfn title="' . $GLOBALS['strPrivDescMaxConnections'] . '">MAX CONNECTIONS PER HOUR</dfn></tt></label></td>' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '"><input type="text" class="textfield" name="max_connections" id="text_max_connections" value="' . $row['max_connections'] . '" size="11" maxlength="11" title="' . $GLOBALS['strPrivDescMaxConnections'] . '" /></td>' . "\n" . $spaces . ' </tr>' . "\n" . $spaces . ' </table>' . "\n" . $spaces . ' </td>' . "\n";
$limitTable = TRUE;
} else {
if (!$limitTable) {
echo $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '" colspan="2"> </td>' . "\n";
}
}
}
}
}
echo $spaces . ' </tr>' . "\n";
}
if ($submit) {
echo $spaces . ' <tr>' . "\n" . $spaces . ' <td colspan="6" align="right">' . "\n" . $spaces . ' <input type="submit" name="update_privs" value="' . $GLOBALS['strGo'] . '" />' . "\n" . $spaces . ' </td>' . "\n" . $spaces . ' </tr>' . "\n";
}
echo $spaces . '</table>' . "\n";
}
/**
* Displays the privileges form table
*
* @param string $db the database
* @param string $table the table
* @param boolean $submit wheather to display the submit button or not
* @param int $indent the indenting level of the code
*
* @global array $cfg the phpMyAdmin configuration
* @global ressource $user_link the database connection
*
* @return void
*/
function PMA_displayPrivTable($db = '*', $table = '*', $submit = TRUE, $indent = 0)
{
if ($db == '*') {
$table = '*';
}
$spaces = str_repeat(' ', $indent);
if (isset($GLOBALS['username'])) {
$username = $GLOBALS['username'];
$hostname = $GLOBALS['hostname'];
if ($db == '*') {
$sql_query = 'SELECT * FROM `mysql`.`user`' . ' WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($hostname, 'quoted') . ';';
} elseif ($table == '*') {
$sql_query = 'SELECT * FROM `mysql`.`db`' . ' WHERE ' . PMA_convert_using('`User`') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('`Host`') . ' = ' . PMA_convert_using($hostname, 'quoted') . ' AND ' . PMA_convert_using(PMA_unescape_mysql_wildcards($db), 'quoted') . ' LIKE ' . PMA_convert_using('`Db`') . ';';
} else {
$sql_query = 'SELECT `Table_priv`' . ' FROM `mysql`.`tables_priv`' . ' WHERE ' . PMA_convert_using('`User`') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('`Host`') . ' = ' . PMA_convert_using($hostname, 'quoted') . ' AND ' . PMA_convert_using('`Db`') . ' = ' . PMA_convert_using(PMA_unescape_mysql_wildcards($db), 'quoted') . ' AND ' . PMA_convert_using('`Table_name`') . ' = ' . PMA_convert_using($table, 'quoted') . ';';
}
$res = PMA_DBI_query($sql_query);
$row = PMA_DBI_fetch_assoc($res);
PMA_DBI_free_result($res);
}
if (empty($row)) {
if ($table == '*') {
if ($db == '*') {
$sql_query = 'SHOW COLUMNS FROM `mysql`.`user`;';
} else {
if ($table == '*') {
$sql_query = 'SHOW COLUMNS FROM `mysql`.`db`;';
}
}
$res = PMA_DBI_query($sql_query);
while ($row1 = PMA_DBI_fetch_row($res)) {
if (substr($row1[0], 0, 4) == 'max_') {
$row[$row1[0]] = 0;
} else {
$row[$row1[0]] = 'N';
}
}
PMA_DBI_free_result($res);
} else {
$row = array('Table_priv' => '');
}
}
if (isset($row['Table_priv'])) {
$res = PMA_DBI_query('SHOW COLUMNS FROM `mysql`.`tables_priv` LIKE \'Table_priv\';', $GLOBALS['userlink']);
// note: in MySQL 5.0.3 we get "Create View', 'Show view';
// the View for Create is spelled with uppercase V
// the view for Show is spelled with lowercase v
// and there is a space between the words
$row1 = PMA_DBI_fetch_assoc($res);
PMA_DBI_free_result($res);
$av_grants = explode('\',\'', substr($row1['Type'], strpos($row1['Type'], '(') + 2, strpos($row1['Type'], ')') - strpos($row1['Type'], '(') - 3));
unset($res, $row1);
$users_grants = explode(',', $row['Table_priv']);
foreach ($av_grants as $current_grant) {
$row[$current_grant . '_priv'] = in_array($current_grant, $users_grants) ? 'Y' : 'N';
}
unset($row['Table_priv'], $current_grant, $av_grants, $users_grants);
// get collumns
$res = PMA_DBI_try_query('SHOW COLUMNS FROM `' . PMA_unescape_mysql_wildcards($db) . '`.`' . $table . '`;');
$columns = array();
if ($res) {
while ($row1 = PMA_DBI_fetch_row($res)) {
$columns[$row1[0]] = array('Select' => FALSE, 'Insert' => FALSE, 'Update' => FALSE, 'References' => FALSE);
}
PMA_DBI_free_result($res);
}
unset($res, $row1);
}
// t a b l e - s p e c i f i c p r i v i l e g e s
if (!empty($columns)) {
$res = PMA_DBI_query('SELECT `Column_name`, `Column_priv`' . ' FROM `mysql`.`columns_priv`' . ' WHERE ' . PMA_convert_using('`User`') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('`Host`') . ' = ' . PMA_convert_using($hostname, 'quoted') . ' AND ' . PMA_convert_using('`Db`') . ' = ' . PMA_convert_using(PMA_unescape_mysql_wildcards($db), 'quoted') . ' AND ' . PMA_convert_using('`Table_name`') . ' = ' . PMA_convert_using($table, 'quoted') . ';');
while ($row1 = PMA_DBI_fetch_row($res)) {
$row1[1] = explode(',', $row1[1]);
foreach ($row1[1] as $current) {
$columns[$row1[0]][$current] = TRUE;
}
}
PMA_DBI_free_result($res);
unset($res, $row1, $current);
echo $spaces . '<input type="hidden" name="grant_count" value="' . count($row) . '" />' . "\n" . $spaces . '<input type="hidden" name="column_count" value="' . count($columns) . '" />' . "\n" . $spaces . '<fieldset id="fieldset_user_priv">' . "\n" . $spaces . ' <legend>' . $GLOBALS['strTblPrivileges'] . '</legend>' . "\n" . $spaces . ' <p><small><i>' . $GLOBALS['strEnglishPrivileges'] . '</i></small></p>' . "\n";
// privs that are attached to a specific column
PMA_display_column_privs($spaces, $columns, $row, 'Select_priv', 'SELECT', 'select', $GLOBALS['strPrivDescSelect'], 'Select');
PMA_display_column_privs($spaces, $columns, $row, 'Insert_priv', 'INSERT', 'insert', $GLOBALS['strPrivDescInsert'], 'Insert');
PMA_display_column_privs($spaces, $columns, $row, 'Update_priv', 'UPDATE', 'update', $GLOBALS['strPrivDescUpdate'], 'Update');
PMA_display_column_privs($spaces, $columns, $row, 'References_priv', 'REFERENCES', 'references', $GLOBALS['strPrivDescReferences'], 'References');
// privs that are not attached to a specific column
echo $spaces . ' <div class="item">' . "\n";
foreach ($row as $current_grant => $current_grant_value) {
if (in_array(substr($current_grant, 0, strlen($current_grant) - 5), array('Select', 'Insert', 'Update', 'References'))) {
continue;
}
// make a substitution to match the messages variables;
// also we must substitute the grant we get, because we can't generate
// a form variable containing blanks (those would get changed to
// an underscore when receiving the POST)
if ($current_grant == 'Create View_priv') {
$tmp_current_grant = 'CreateView_priv';
$current_grant = 'Create_view_priv';
} elseif ($current_grant == 'Show view_priv') {
$tmp_current_grant = 'ShowView_priv';
$current_grant = 'Show_view_priv';
} else {
$tmp_current_grant = $current_grant;
}
echo $spaces . ' <div class="item">' . "\n" . $spaces . ' <input type="checkbox"' . (empty($GLOBALS['checkall']) ? '' : ' checked="checked"') . ' name="' . $current_grant . '" id="checkbox_' . $current_grant . '" value="Y" ' . ($current_grant_value == 'Y' ? 'checked="checked" ' : '') . 'title="';
echo (isset($GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5)]) ? $GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5)] : $GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5) . 'Tbl']) . '"/>' . "\n";
echo $spaces . ' <label for="checkbox_' . $current_grant . '"><tt><dfn title="' . (isset($GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5)]) ? $GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5)] : $GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5) . 'Tbl']) . '">' . strtoupper(substr($current_grant, 0, strlen($current_grant) - 5)) . '</dfn></tt></label>' . "\n" . $spaces . ' </div>' . "\n";
}
// end foreach()
echo $spaces . ' </div>' . "\n";
} else {
// g l o b a l o r d b - s p e c i f i c
//
// d a t a
$privTable[0] = array(array('Select', 'SELECT', $GLOBALS['strPrivDescSelect']), array('Insert', 'INSERT', $GLOBALS['strPrivDescInsert']), array('Update', 'UPDATE', $GLOBALS['strPrivDescUpdate']), array('Delete', 'DELETE', $GLOBALS['strPrivDescDelete']));
if ($db == '*') {
$privTable[0][] = array('File', 'FILE', $GLOBALS['strPrivDescFile']);
}
// s t r u c t u r e
$privTable[1] = array(array('Create', 'CREATE', $table == '*' ? $GLOBALS['strPrivDescCreateDb'] : $GLOBALS['strPrivDescCreateTbl']), array('Alter', 'ALTER', $GLOBALS['strPrivDescAlter']), array('Index', 'INDEX', $GLOBALS['strPrivDescIndex']), array('Drop', 'DROP', $table == '*' ? $GLOBALS['strPrivDescDropDb'] : $GLOBALS['strPrivDescDropTbl']));
if (isset($row['Create_tmp_table_priv'])) {
$privTable[1][] = array('Create_tmp_table', 'CREATE TEMPORARY TABLES', $GLOBALS['strPrivDescCreateTmpTable']);
}
// this one is for a db-specific priv: Create_view_priv
if (isset($row['Create_view_priv'])) {
$privTable[1][] = array('Create_view', 'CREATE VIEW', $GLOBALS['strPrivDescCreateView']);
}
// this one is for a table-specific priv: Create View_priv
if (isset($row['Create View_priv'])) {
$privTable[1][] = array('Create View', 'CREATE VIEW', $GLOBALS['strPrivDescCreateView']);
}
if (isset($row['Show_view_priv'])) {
$privTable[1][] = array('Show_view', 'SHOW VIEW', $GLOBALS['strPrivDescShowView']);
}
if (isset($row['Create_routine_priv'])) {
$privTable[1][] = array('Create_routine', 'CREATE ROUTINE', $GLOBALS['strPrivDescCreateRoutine']);
}
if (isset($row['Alter_routine_priv'])) {
$privTable[1][] = array('Alter_routine', 'ALTER ROUTINE', $GLOBALS['strPrivDescAlterRoutine']);
}
if (isset($row['Execute_priv'])) {
if (PMA_MYSQL_INT_VERSION >= 40002 && PMA_MYSQL_INT_VERSION < 50003) {
$privTable[1][] = array('Execute', 'EXECUTE', $GLOBALS['strPrivDescExecute']);
} else {
$privTable[1][] = array('Execute', 'EXECUTE', $GLOBALS['strPrivDescExecute5']);
}
}
// a d m i n i s t r a t i o n
$privTable[2] = array();
if (isset($row['Grant_priv'])) {
$privTable[2][] = array('Grant', 'GRANT', $GLOBALS['strPrivDescGrant']);
}
if ($db == '*') {
if (isset($row['Super_priv'])) {
$privTable[2][] = array('Super', 'SUPER', $GLOBALS['strPrivDescSuper']);
$privTable[2][] = array('Process', 'PROCESS', $GLOBALS['strPrivDescProcess4']);
} else {
$privTable[2][] = array('Process', 'PROCESS', $GLOBALS['strPrivDescProcess3']);
}
$privTable[2][] = array('Reload', 'RELOAD', $GLOBALS['strPrivDescReload']);
$privTable[2][] = array('Shutdown', 'SHUTDOWN', $GLOBALS['strPrivDescShutdown']);
if (isset($row['Show_db_priv'])) {
$privTable[2][] = array('Show_db', 'SHOW DATABASES', $GLOBALS['strPrivDescShowDb']);
}
}
if (isset($row['Lock_tables_priv'])) {
$privTable[2][] = array('Lock_tables', 'LOCK TABLES', $GLOBALS['strPrivDescLockTables']);
}
$privTable[2][] = array('References', 'REFERENCES', $GLOBALS['strPrivDescReferences']);
if ($db == '*') {
//if (isset($row['Execute_priv'])) {
// $privTable[2][] = array('Execute', 'EXECUTE', $GLOBALS['strPrivDescExecute']);
//}
if (isset($row['Repl_client_priv'])) {
$privTable[2][] = array('Repl_client', 'REPLICATION CLIENT', $GLOBALS['strPrivDescReplClient']);
}
if (isset($row['Repl_slave_priv'])) {
$privTable[2][] = array('Repl_slave', 'REPLICATION SLAVE', $GLOBALS['strPrivDescReplSlave']);
}
if (isset($row['Create_user_priv'])) {
$privTable[2][] = array('Create_user', 'CREATE USER', $GLOBALS['strPrivDescCreateUser']);
}
}
echo $spaces . '<input type="hidden" name="grant_count" value="' . (count($privTable[0]) + count($privTable[1]) + count($privTable[2]) - (isset($row['Grant_priv']) ? 1 : 0)) . '" />' . "\n" . $spaces . '<fieldset id="fieldset_user_global_rights">' . "\n" . $spaces . ' <legend>' . "\n" . $spaces . ' ' . ($db == '*' ? $GLOBALS['strGlobalPrivileges'] : ($table == '*' ? $GLOBALS['strDbPrivileges'] : $GLOBALS['strTblPrivileges'])) . "\n" . $spaces . ' ( <a href="./server_privileges.php?' . $GLOBALS['url_query'] . '&checkall=1" onclick="setCheckboxes(\'usersForm\', true); return false;">' . $GLOBALS['strCheckAll'] . '</a> /' . "\n" . $spaces . ' <a href="./server_privileges.php?' . $GLOBALS['url_query'] . '" onclick="setCheckboxes(\'usersForm\', false); return false;">' . $GLOBALS['strUncheckAll'] . '</a> )' . "\n" . $spaces . ' </legend>' . "\n" . $spaces . ' <p><small><i>' . $GLOBALS['strEnglishPrivileges'] . '</i></small></p>' . "\n" . $spaces . ' <fieldset>' . "\n" . $spaces . ' <legend>' . $GLOBALS['strData'] . '</legend>' . "\n";
foreach ($privTable[0] as $priv) {
echo $spaces . ' <div class="item">' . "\n" . $spaces . ' <input type="checkbox"' . (empty($GLOBALS['checkall']) ? '' : ' checked="checked"') . ' name="' . $priv[0] . '_priv" id="checkbox_' . $priv[0] . '_priv" value="Y" ' . ($row[$priv[0] . '_priv'] == 'Y' ? 'checked="checked" ' : '') . 'title="' . $priv[2] . '"/>' . "\n" . $spaces . ' <label for="checkbox_' . $priv[0] . '_priv"><tt><dfn title="' . $priv[2] . '">' . $priv[1] . '</dfn></tt></label>' . "\n" . $spaces . ' </div>' . "\n";
}
echo $spaces . ' </fieldset>' . "\n" . $spaces . ' <fieldset>' . "\n" . $spaces . ' <legend>' . $GLOBALS['strStructure'] . '</legend>' . "\n";
foreach ($privTable[1] as $priv) {
echo $spaces . ' <div class="item">' . "\n" . $spaces . ' <input type="checkbox"' . (empty($GLOBALS['checkall']) ? '' : ' checked="checked"') . ' name="' . $priv[0] . '_priv" id="checkbox_' . $priv[0] . '_priv" value="Y" ' . ($row[$priv[0] . '_priv'] == 'Y' ? 'checked="checked" ' : '') . 'title="' . $priv[2] . '"/>' . "\n" . $spaces . ' <label for="checkbox_' . $priv[0] . '_priv"><tt><dfn title="' . $priv[2] . '">' . $priv[1] . '</dfn></tt></label>' . "\n" . $spaces . ' </div>' . "\n";
}
echo $spaces . ' </fieldset>' . "\n" . $spaces . ' <fieldset>' . "\n" . $spaces . ' <legend>' . $GLOBALS['strAdministration'] . '</legend>' . "\n";
foreach ($privTable[2] as $priv) {
echo $spaces . ' <div class="item">' . "\n" . $spaces . ' <input type="checkbox"' . (empty($GLOBALS['checkall']) ? '' : ' checked="checked"') . ' name="' . $priv[0] . '_priv" id="checkbox_' . $priv[0] . '_priv" value="Y" ' . ($row[$priv[0] . '_priv'] == 'Y' ? 'checked="checked" ' : '') . 'title="' . $priv[2] . '"/>' . "\n" . $spaces . ' <label for="checkbox_' . $priv[0] . '_priv"><tt><dfn title="' . $priv[2] . '">' . $priv[1] . '</dfn></tt></label>' . "\n" . $spaces . ' </div>' . "\n";
}
echo $spaces . ' </fieldset>' . "\n";
// The "Resource limits" box is not displayed for db-specific privs
if ($db == '*') {
echo $spaces . ' <fieldset>' . "\n" . $spaces . ' <legend>' . $GLOBALS['strResourceLimits'] . '</legend>' . "\n" . $spaces . ' <p><small><i>' . $GLOBALS['strZeroRemovesTheLimit'] . '</i></small></p>' . "\n" . $spaces . ' <div class="item">' . "\n" . $spaces . ' <label for="text_max_questions"><tt><dfn title="' . $GLOBALS['strPrivDescMaxQuestions'] . '">MAX QUERIES PER HOUR</dfn></tt></label>' . "\n" . $spaces . ' <input type="text" name="max_questions" id="text_max_questions" value="' . $row['max_questions'] . '" size="11" maxlength="11" title="' . $GLOBALS['strPrivDescMaxQuestions'] . '" />' . "\n" . $spaces . ' </div>' . "\n" . $spaces . ' <div class="item">' . "\n" . $spaces . ' <label for="text_max_updates"><tt><dfn title="' . $GLOBALS['strPrivDescMaxUpdates'] . '">MAX UPDATES PER HOUR</dfn></tt></label>' . "\n" . $spaces . ' <input type="text" name="max_updates" id="text_max_updates" value="' . $row['max_updates'] . '" size="11" maxlength="11" title="' . $GLOBALS['strPrivDescMaxUpdates'] . '" />' . "\n" . $spaces . ' </div>' . "\n" . $spaces . ' <div class="item">' . "\n" . $spaces . ' <label for="text_max_connections"><tt><dfn title="' . $GLOBALS['strPrivDescMaxConnections'] . '">MAX CONNECTIONS PER HOUR</dfn></tt></label>' . "\n" . $spaces . ' <input type="text" name="max_connections" id="text_max_connections" value="' . $row['max_connections'] . '" size="11" maxlength="11" title="' . $GLOBALS['strPrivDescMaxConnections'] . '" />' . "\n" . $spaces . ' </div>' . "\n";
if (PMA_MYSQL_INT_VERSION >= 50003) {
echo $spaces . ' <div class="item">' . "\n" . $spaces . ' <label for="text_max_user_connections"><tt><dfn title="' . $GLOBALS['strPrivDescMaxUserConnections'] . '">MAX USER_CONNECTIONS</dfn></tt></label>' . "\n" . $spaces . ' <input type="text" name="max_user_connections" id="text_max_user_connections" value="' . $row['max_user_connections'] . '" size="11" maxlength="11" title="' . $GLOBALS['strPrivDescMaxUserConnections'] . '" />' . "\n" . $spaces . ' </div>' . "\n";
}
echo $spaces . ' </fieldset>' . "\n";
}
}
echo $spaces . '</fieldset>' . "\n";
if ($submit) {
echo $spaces . '<fieldset id="fieldset_user_privtable_footer" class="tblFooters">' . "\n" . $spaces . ' <input type="submit" name="update_privs" value="' . $GLOBALS['strGo'] . '" />' . "\n" . $spaces . '</fieldset>' . "\n";
}
}
if (!$is_reload_priv) {
$is_reload_priv = $result_usr['Reload_priv'] == 'Y';
}
}
// end while
PMA_DBI_free_result($rs_usr);
unset($rs_usr, $result_usr);
}
// end if
}
// end if
// If the user has Create priv on a inexistant db, show him in the dialog
// the first inexistant db name that we find, in most cases it's probably
// the one he just dropped :)
if (!$is_create_priv) {
$local_query = 'SELECT DISTINCT Db FROM mysql.db WHERE ' . PMA_convert_using('Create_priv') . ' = ' . PMA_convert_using('Y', 'quoted') . ' AND (' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($mysql_cur_user), 'quoted') . ' OR ' . PMA_convert_using('User') . ' = ' . PMA_convert_using('', 'quoted') . ');';
$rs_usr = PMA_DBI_try_query($local_query, $dbh, PMA_DBI_QUERY_STORE);
if ($rs_usr) {
$re0 = '(^|(\\\\\\\\)+|[^\\])';
// non-escaped wildcards
$re1 = '(^|[^\\])(\\\\)+';
// escaped wildcards
while ($row = PMA_DBI_fetch_assoc($rs_usr)) {
if (ereg($re0 . '(%|_)', $row['Db']) || !PMA_DBI_try_query('USE ' . ereg_replace($re1 . '(%|_)', '\\1\\3', $row['Db'])) && substr(PMA_DBI_getError(), 1, 4) != 1044) {
$db_to_create = ereg_replace($re0 . '%', '\\1...', ereg_replace($re0 . '_', '\\1?', $row['Db']));
$db_to_create = ereg_replace($re1 . '(%|_)', '\\1\\3', $db_to_create);
$is_create_priv = TRUE;
break;
}
// end if
}
