nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixes for backslash in password/username

Browse Source
This commit is contained in:
Michal Čihař
2003-07-09 10:01:23 +00:00
parent e505c393f0
commit 0522b2f466
3 changed files with 41 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@@ -5,6 +5,12 @@ phpMyAdmin - Changelog
$Id$ $Id$
$Source$ $Source$
2003-07-09 Michal Cihar <nijel@users.sourceforge.net>
* libraries/auth/cookie.auth.lib.php3: Fixed broken login with backslash
in password/username (bug #747020).
* server_privileges.php3: Fixed escaping when backslash in
password/username.
2003-07-09 Garvin Hicking <me@supergarv.de> 2003-07-09 Garvin Hicking <me@supergarv.de>
* Documentation.html, config.inc.php3, libraries/common.lib.php3, * Documentation.html, config.inc.php3, libraries/common.lib.php3,
libraries/config_import.lib.php3, header.inc.php3: Created auto-detection libraries/config_import.lib.php3, header.inc.php3: Created auto-detection

7
libraries/auth/cookie.auth.lib.php3
View File

@@ -445,12 +445,15 @@ if (uname.value == '') {
// Returns whether we get authentication settings or not // Returns whether we get authentication settings or not
if (!$from_cookie && !$from_form) { if (!$from_cookie && !$from_form) {
return FALSE; return FALSE;
} else { } elseif ($from_cookie) {
if (get_magic_quotes_gpc()) { if (get_magic_quotes_gpc()) {
$PHP_AUTH_USER = stripslashes($PHP_AUTH_USER); $PHP_AUTH_USER = stripslashes($PHP_AUTH_USER);
$PHP_AUTH_PW = stripslashes($PHP_AUTH_PW); // no need to strip password as it is encrypted during transfer
} }
return TRUE; return TRUE;
} else {
// we don't need to strip here, it is done in grab_globals
return TRUE;
} }
} // end of the 'PMA_auth_check()' function } // end of the 'PMA_auth_check()' function

60
server_privileges.php3
View File

@@ -155,11 +155,11 @@ function PMA_displayPrivTable($db = '*', $table = '*', $submit = TRUE, $indent =
$username = $GLOBALS['username']; $username = $GLOBALS['username'];
$hostname = $GLOBALS['hostname']; $hostname = $GLOBALS['hostname'];
if ($db == '*') { if ($db == '*') {
$sql_query = 'SELECT * FROM `user` WHERE `User` = "' . $username . '" AND `Host` = "' . $hostname . '";'; $sql_query = 'SELECT * FROM `user` WHERE `User` = "' . PMA_sqlAddslashes($username) . '" AND `Host` = "' . $hostname . '";';
} else if ($table == '*') { } else if ($table == '*') {
$sql_query = 'SELECT * FROM `db` WHERE `User` = "' . $username . '" AND `Host` = "' . $hostname . '" AND `Db` = "' . $db . '";'; $sql_query = 'SELECT * FROM `db` WHERE `User` = "' . PMA_sqlAddslashes($username) . '" AND `Host` = "' . $hostname . '" AND `Db` = "' . $db . '";';
} else { } else {
$sql_query = 'SELECT `Table_priv` FROM `tables_priv` WHERE `User` = "' . $username . '" AND `Host` = "' . $hostname . '" AND `Db` = "' . $db . '" AND `Table_name` = "' . $table . '";'; $sql_query = 'SELECT `Table_priv` FROM `tables_priv` WHERE `User` = "' . PMA_sqlAddslashes($username) . '" AND `Host` = "' . $hostname . '" AND `Db` = "' . $db . '" AND `Table_name` = "' . $table . '";';
} }
$res = PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $sql_query); $res = PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $sql_query);
if ($res) { if ($res) {
@@ -220,7 +220,7 @@ function PMA_displayPrivTable($db = '*', $table = '*', $submit = TRUE, $indent =
} }
} }
if (!empty($columns)) { if (!empty($columns)) {
$sql_query = 'SELECT `Column_name`, `Column_priv` FROM `columns_priv` WHERE `User` = "' . $username . '" AND `Host` = "' . $hostname . '" AND `Db` = "' . $db . '" AND `Table_name` = "' . $table . '";'; $sql_query = 'SELECT `Column_name`, `Column_priv` FROM `columns_priv` WHERE `User` = "' . PMA_sqlAddslashes($username) . '" AND `Host` = "' . $hostname . '" AND `Db` = "' . $db . '" AND `Table_name` = "' . $table . '";';
$res = PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $sql_query); $res = PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $sql_query);
while ($row1 = PMA_mysql_fetch_row($res)) { while ($row1 = PMA_mysql_fetch_row($res)) {
$row1[1] = explode(',', $row1[1]); $row1[1] = explode(',', $row1[1]);
@@ -555,7 +555,7 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0)
* Changes / copies a user, part I * Changes / copies a user, part I
*/ */
if (!empty($change_copy)) { if (!empty($change_copy)) {
$local_query = 'SELECT * FROM `mysql`.`user` WHERE `User` = "' . $old_username . '" AND `Host` = "' . $old_hostname . '";'; $local_query = 'SELECT * FROM `mysql`.`user` WHERE `User` = "' . PMA_sqlAddslashes($old_username) . '" AND `Host` = "' . $old_hostname . '";';
$res = PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $local_query); $res = PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $local_query);
if (!$res) { if (!$res) {
$message = $strNoUsersFound; $message = $strNoUsersFound;
@@ -597,7 +597,7 @@ if (!empty($adduser_submit) || !empty($change_copy)) {
unset($row); unset($row);
break; break;
} }
$local_query = 'SELECT "foo" FROM `user` WHERE `User` = "' . $username . '" AND `Host` = "' . $hostname . '";'; $local_query = 'SELECT "foo" FROM `user` WHERE `User` = "' . PMA_sqlAddslashes($username) . '" AND `Host` = "' . $hostname . '";';
$res = PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $local_query); $res = PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $local_query);
unset($local_query); unset($local_query);
if (mysql_affected_rows($userlink) == 1) { if (mysql_affected_rows($userlink) == 1) {
@@ -605,7 +605,7 @@ if (!empty($adduser_submit) || !empty($change_copy)) {
$adduser = 1; $adduser = 1;
} else { } else {
if (PMA_MYSQL_INT_VERSION >= 32211) { if (PMA_MYSQL_INT_VERSION >= 32211) {
$real_sql_query = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON *.* TO "' . $username . '"@"' . $hostname . '"'; $real_sql_query = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON *.* TO "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '"';
if ($pred_password != 'none' && $pred_password != 'keep') { if ($pred_password != 'none' && $pred_password != 'keep') {
$pma_pw_hidden = ''; $pma_pw_hidden = '';
for ($i = 0; $i < strlen($pma_pw); $i++) { for ($i = 0; $i < strlen($pma_pw); $i++) {
@@ -650,7 +650,7 @@ if (!empty($adduser_submit) || !empty($change_copy)) {
unset($real_sql_query); unset($real_sql_query);
} else { } else {
$privileges = PMA_extractPrivInfo(); $privileges = PMA_extractPrivInfo();
$real_sql_query = 'INSERT INTO `user` SET `Host` = "' . $hostname . '", `User` = "' . $username . '"'; $real_sql_query = 'INSERT INTO `user` SET `Host` = "' . $hostname . '", `User` = "' . PMA_sqlAddslashes($username) . '"';
if ($pred_password != 'none') { if ($pred_password != 'none') {
$pma_pw_hidden = ''; $pma_pw_hidden = '';
for ($i = 0; $i < strlen($pma_pw); $i++) { for ($i = 0; $i < strlen($pma_pw); $i++) {
@@ -679,16 +679,16 @@ if (!empty($adduser_submit) || !empty($change_copy)) {
* Changes / copies a user, part III * Changes / copies a user, part III
*/ */
if (!empty($change_copy)) { if (!empty($change_copy)) {
$local_query = 'SELECT * FROM `mysql`.`db` WHERE `User` = "' . $old_username . '" AND `Host` = "' . $old_hostname . '";'; $local_query = 'SELECT * FROM `mysql`.`db` WHERE `User` = "' . PMA_sqlAddslashes($old_username) . '" AND `Host` = "' . $old_hostname . '";';
$res = PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $local_query); $res = PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $local_query);
while ($row = PMA_mysql_fetch_array($res, MYSQL_ASSOC)) { while ($row = PMA_mysql_fetch_array($res, MYSQL_ASSOC)) {
$queries[] = 'GRANT ' . join(', ', PMA_extractPrivInfo($row)) . ' ON `' . $row['Db'] . '`.* TO "' . $username . '"@"' . $hostname . '"' . ($row['Grant_priv'] == 'Y' ? ' WITH GRANT OPTION' : '') . ';'; $queries[] = 'GRANT ' . join(', ', PMA_extractPrivInfo($row)) . ' ON `' . $row['Db'] . '`.* TO "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '"' . ($row['Grant_priv'] == 'Y' ? ' WITH GRANT OPTION' : '') . ';';
} }
mysql_free_result($res); mysql_free_result($res);
$local_query = 'SELECT `Db`, `Table_name`, `Table_priv` FROM `mysql`.`tables_priv` WHERE `User` = "' . $old_username . '" AND `Host` = "' . $old_hostname . '";'; $local_query = 'SELECT `Db`, `Table_name`, `Table_priv` FROM `mysql`.`tables_priv` WHERE `User` = "' . PMA_sqlAddslashes($old_username) . '" AND `Host` = "' . $old_hostname . '";';
$res = PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $local_query); $res = PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $local_query);
while ($row = PMA_mysql_fetch_array($res, MYSQL_ASSOC)) { while ($row = PMA_mysql_fetch_array($res, MYSQL_ASSOC)) {
$local_query = 'SELECT `Column_name`, `Column_priv` FROM `mysql`.`columns_priv` WHERE `User` = "' . $old_username . '" AND `Host` = "' . $old_hostname . '" AND `Db` = "' . $row['Db'] . '";'; $local_query = 'SELECT `Column_name`, `Column_priv` FROM `mysql`.`columns_priv` WHERE `User` = "' . PMA_sqlAddslashes($old_username) . '" AND `Host` = "' . $old_hostname . '" AND `Db` = "' . $row['Db'] . '";';
$res2 = PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $local_query); $res2 = PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $local_query);
$tmp_privs1 = PMA_extractPrivInfo($row); $tmp_privs1 = PMA_extractPrivInfo($row);
$tmp_privs2 = array( $tmp_privs2 = array(
@@ -726,7 +726,7 @@ if (!empty($change_copy)) {
$tmp_privs1[] = 'REFERENCES (`' . join(', ', $tmp_privs2['References']) . '`)'; $tmp_privs1[] = 'REFERENCES (`' . join(', ', $tmp_privs2['References']) . '`)';
} }
unset($tmp_privs2); unset($tmp_privs2);
$queries[] = 'GRANT ' . join(', ', $tmp_privs1) . ' ON `' . $row['Db'] . '`.`' . $row['Table_name'] . '` TO "' . $username . '"@"' . $hostname . '"' . (in_array('Grant', explode(',', $row['Table_priv'])) ? ' WITH GRANT OPTION' : '') . ';'; $queries[] = 'GRANT ' . join(', ', $tmp_privs1) . ' ON `' . $row['Db'] . '`.`' . $row['Table_name'] . '` TO "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '"' . (in_array('Grant', explode(',', $row['Table_priv'])) ? ' WITH GRANT OPTION' : '') . ';';
} }
} }
@@ -737,9 +737,9 @@ if (!empty($change_copy)) {
if (!empty($update_privs)) { if (!empty($update_privs)) {
if (PMA_MYSQL_INT_VERSION >= 32211) { if (PMA_MYSQL_INT_VERSION >= 32211) {
$db_and_table = empty($dbname) ? '*.*' : PMA_backquote($dbname) . '.' . (empty($tablename) ? '*' : PMA_backquote($tablename)); $db_and_table = empty($dbname) ? '*.*' : PMA_backquote($dbname) . '.' . (empty($tablename) ? '*' : PMA_backquote($tablename));
$sql_query0 = 'REVOKE ALL PRIVILEGES ON ' . $db_and_table . ' FROM "' . $username . '"@"' . $hostname . '";'; $sql_query0 = 'REVOKE ALL PRIVILEGES ON ' . $db_and_table . ' FROM "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '";';
$sql_query1 = 'REVOKE GRANT OPTION ON ' . $db_and_table . ' FROM "' . $username . '"@"' . $hostname . '";'; $sql_query1 = 'REVOKE GRANT OPTION ON ' . $db_and_table . ' FROM "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '";';
$sql_query2 = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON ' . $db_and_table . ' TO "' . $username . '"@"' . $hostname . '"'; $sql_query2 = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON ' . $db_and_table . ' TO "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '"';
if ((isset($Grant_priv) && $Grant_priv == 'Y') || (empty($dbname) && (isset($max_questions) || isset($max_connections) || isset($max_updates)))) { if ((isset($Grant_priv) && $Grant_priv == 'Y') || (empty($dbname) && (isset($max_questions) || isset($max_connections) || isset($max_updates)))) {
$sql_query2 .= 'WITH'; $sql_query2 .= 'WITH';
if (isset($Grant_priv) && $Grant_priv == 'Y') { if (isset($Grant_priv) && $Grant_priv == 'Y') {
@@ -818,8 +818,8 @@ if (!empty($change_pw)) {
for ($i = 0; $i < strlen($pma_pw); $i++) { for ($i = 0; $i < strlen($pma_pw); $i++) {
$hidden_pw .= '*'; $hidden_pw .= '*';
} }
$local_query = 'SET PASSWORD FOR "' . $username . '"@"' . $hostname . '" = PASSWORD("' . $pma_pw . '")'; $local_query = 'SET PASSWORD FOR "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '" = PASSWORD("' . PMA_sqlAddslashes($pma_pw) . '")';
$sql_query = 'SET PASSWORD FOR "' . $username . '"@"' . $hostname . '" = PASSWORD("' . $hidden_pw . '")'; $sql_query = 'SET PASSWORD FOR "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '" = PASSWORD("' . $hidden_pw . '")';
PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink)); PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink));
$message = sprintf($strPasswordChanged, '\'' . $username . '\'@\'' . $hostname . '\''); $message = sprintf($strPasswordChanged, '\'' . $username . '\'@\'' . $hostname . '\'');
} }
@@ -842,14 +842,14 @@ if (!empty($delete) || (!empty($change_copy) && $mode < 4)) {
if ($mode == 2) { if ($mode == 2) {
// The SHOW GRANTS query may fail if the user has not been loaded // The SHOW GRANTS query may fail if the user has not been loaded
// into memory // into memory
$res = PMA_mysql_query('SHOW GRANTS FOR "' . $this_user . '"@"' . $this_host . '";', $userlink); $res = PMA_mysql_query('SHOW GRANTS FOR "' . PMA_sqlAddslashes($this_user) . '"@"' . $this_host . '";', $userlink);
if ($res) { if ($res) {
$queries[] = 'REVOKE ALL PRIVILEGES ON *.* FROM "' . $this_user . '"@"' . $this_host . '";'; $queries[] = 'REVOKE ALL PRIVILEGES ON *.* FROM "' . PMA_sqlAddslashes($this_user) . '"@"' . $this_host . '";';
while ($row = PMA_mysql_fetch_row($res)) { while ($row = PMA_mysql_fetch_row($res)) {
$this_table = substr($row[0], (strpos($row[0], 'ON') + 3), (strpos($row[0], ' TO ') - strpos($row[0], 'ON') - 3)); $this_table = substr($row[0], (strpos($row[0], 'ON') + 3), (strpos($row[0], ' TO ') - strpos($row[0], 'ON') - 3));
if ($this_table != '*.*') { if ($this_table != '*.*') {
$queries[] = 'REVOKE ALL PRIVILEGES ON ' . $this_table . ' FROM "' . $this_user . '"@"' . $this_host . '";'; $queries[] = 'REVOKE ALL PRIVILEGES ON ' . $this_table . ' FROM "' . PMA_sqlAddslashes($this_user) . '"@"' . $this_host . '";';
$queries[] = 'REVOKE GRANT OPTION ON ' . $this_table . ' FROM "' . $this_user . '"@"' . $this_host . '";'; $queries[] = 'REVOKE GRANT OPTION ON ' . $this_table . ' FROM "' . PMA_sqlAddslashes($this_user) . '"@"' . $this_host . '";';
} }
unset($this_table); unset($this_table);
} }
@@ -857,13 +857,13 @@ if (!empty($delete) || (!empty($change_copy) && $mode < 4)) {
} }
unset($res); unset($res);
} }
$queries[] = 'DELETE FROM `user` WHERE `User` = "' . $this_user . '" AND `Host` = "' . $this_host . '";'; $queries[] = 'DELETE FROM `user` WHERE `User` = "' . PMA_sqlAddslashes($this_user) . '" AND `Host` = "' . $this_host . '";';
if ($mode != 2) { if ($mode != 2) {
// If we REVOKE the table grants, we should not need to modify the // If we REVOKE the table grants, we should not need to modify the
// `db`, `tables_priv` and `columns_priv` tables manually... // `db`, `tables_priv` and `columns_priv` tables manually...
$queries[] = 'DELETE FROM `db` WHERE `User` = "' . $this_user . '" AND `Host` = "' . $this_host . '";'; $queries[] = 'DELETE FROM `db` WHERE `User` = "' . PMA_sqlAddslashes($this_user) . '" AND `Host` = "' . $this_host . '";';
$queries[] = 'DELETE FROM `tables_priv` WHERE `User` = "' . $this_user . '" AND `Host` = "' . $this_host . '";'; $queries[] = 'DELETE FROM `tables_priv` WHERE `User` = "' . PMA_sqlAddslashes($this_user) . '" AND `Host` = "' . $this_host . '";';
$queries[] = 'DELETE FROM `columns_priv` WHERE `User` = "' . $this_user . '" AND `Host` = "' . $this_host . '";'; $queries[] = 'DELETE FROM `columns_priv` WHERE `User` = "' . PMA_sqlAddslashes($this_user) . '" AND `Host` = "' . $this_host . '";';
} }
if (!empty($drop_users_db)) { if (!empty($drop_users_db)) {
$queries[] = 'DROP DATABASE IF EXISTS ' . PMA_backquote($this_user) . ';'; $queries[] = 'DROP DATABASE IF EXISTS ' . PMA_backquote($this_user) . ';';
@@ -1056,7 +1056,7 @@ if (empty($adduser) && empty($checkprivs)) {
} }
} }
echo '</h2>' . "\n"; echo '</h2>' . "\n";
$res = PMA_mysql_query('SELECT "foo" FROM `user` WHERE `User` = "' . $username . '" AND `Host` = "' . $hostname . '";', $userlink); $res = PMA_mysql_query('SELECT "foo" FROM `user` WHERE `User` = "' . PMA_sqlAddslashes($username) . '" AND `Host` = "' . $hostname . '";', $userlink);
if (mysql_affected_rows($userlink) <= 0) { if (mysql_affected_rows($userlink) <= 0) {
echo $strUserNotFound; echo $strUserNotFound;
include('./footer.inc.php3'); include('./footer.inc.php3');
@@ -1094,9 +1094,9 @@ if (empty($adduser) && empty($checkprivs)) {
. ' <th colspan="2">&nbsp;' . $strAction . '&nbsp;</th>' . "\n" . ' <th colspan="2">&nbsp;' . $strAction . '&nbsp;</th>' . "\n"
. ' </tr>' . "\n"; . ' </tr>' . "\n";
if (empty($dbname)) { if (empty($dbname)) {
$sql_query = 'SELECT * FROM `db` WHERE `Host` = "' . $hostname . '" AND `User` = "' . $username . '" ORDER BY `Db` ASC;'; $sql_query = 'SELECT * FROM `db` WHERE `Host` = "' . $hostname . '" AND `User` = "' . PMA_sqlAddslashes($username) . '" ORDER BY `Db` ASC;';
} else { } else {
$sql_query = 'SELECT `Table_name`, `Table_priv`, IF(`Column_priv` = "", 0, 1) AS "Column_priv" FROM `tables_priv` WHERE `Host` = "' . $hostname . '" AND `User` = "' . $username . '" AND `Db` = "' . $dbname . '" ORDER BY `Table_name` ASC;'; $sql_query = 'SELECT `Table_name`, `Table_priv`, IF(`Column_priv` = "", 0, 1) AS "Column_priv" FROM `tables_priv` WHERE `Host` = "' . $hostname . '" AND `User` = "' . PMA_sqlAddslashes($username) . '" AND `Db` = "' . $dbname . '" ORDER BY `Table_name` ASC;';
} }
$res = PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $sql_query); $res = PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $sql_query);
if (mysql_affected_rows($userlink) == 0) { if (mysql_affected_rows($userlink) == 0) {
@@ -1106,7 +1106,7 @@ if (empty($adduser) && empty($checkprivs)) {
} else { } else {
$useBgcolorOne = TRUE; $useBgcolorOne = TRUE;
if (empty($dbname)) { if (empty($dbname)) {
$res2 = PMA_mysql_query('SELECT `Db` FROM `tables_priv` WHERE `Host` = "' . $hostname . '" AND `User` = "' . $username . '" GROUP BY `Db` ORDER BY `Db` ASC;') or PMA_mysqlDie(PMA_mysql_error($userlink), 'SELECT `Db` FROM `tables_priv` WHERE `Host` = "' . $hostname . '" AND `User` = "' . $username . '" GROUP BY `Db` ORDER BY `Db` ASC;'); $res2 = PMA_mysql_query('SELECT `Db` FROM `tables_priv` WHERE `Host` = "' . $hostname . '" AND `User` = "' . PMA_sqlAddslashes($username) . '" GROUP BY `Db` ORDER BY `Db` ASC;') or PMA_mysqlDie(PMA_mysql_error($userlink), 'SELECT `Db` FROM `tables_priv` WHERE `Host` = "' . $hostname . '" AND `User` = "' . PMA_sqlAddslashes($username) . '" GROUP BY `Db` ORDER BY `Db` ASC;');
$row2 = PMA_mysql_fetch_array($res2, MYSQL_ASSOC); $row2 = PMA_mysql_fetch_array($res2, MYSQL_ASSOC);
} }
$found_rows = array(); $found_rows = array();