diff --git a/ChangeLog b/ChangeLog index f12437a41..551f24aea 100755 --- a/ChangeLog +++ b/ChangeLog @@ -5,10 +5,15 @@ phpMyAdmin - Changelog $Id$ $Source$ -2001-09-15 Marc Delisle - * libraries/common.lib.php3, bug #460475: user can be blank in - mysql.db (anonymous user), as stated in MySQL doc. +2001-09-16 Loïc Chapeaux + * headers.inc.php3; users_detail.php3; libraries/user_details.js; lang/*: + rewrtitten the users script so it validates xhtml1.0, and fix a security + issue removing most of the javascript work. +2001-09-15 Marc Delisle + * libraries/common.lib.php3, bug #460475: user can be blank in mysql.db + (anonymous user), as stated in MySQL doc. + 2001-09-15 Loïc Chapeaux * tbl_change.php3, lines 351-352: fixed bug #461623 (wrong maxlength in table_change.php). diff --git a/header.inc.php3 b/header.inc.php3 index e1dcebba3..85d165793 100755 --- a/header.inc.php3 +++ b/header.inc.php3 @@ -91,6 +91,18 @@ var confirmMsg = ' +// js form validation stuff +var jsHostEmpty = ''; +var jsUserEmpty = ''; +var jsPasswordEmpty = ''; +var jsPasswordNotSame = ''; +//--> + + + diff --git a/libraries/user_details.js b/libraries/user_details.js new file mode 100644 index 000000000..5d2eacec6 --- /dev/null +++ b/libraries/user_details.js @@ -0,0 +1,120 @@ +/* $Id$ */ + + +/** + * Validates the the password field in a form + * + * @param object the form + * + * @return boolean whether the field value is valid or not + */ +function checkPassword(the_form) +{ + if (the_form.elements['nopass'][1].checked) { + if (the_form.elements['pma_pw'].value == '') { + alert(jsPasswordEmpty); + the_form.elements['pma_pw2'].value = ''; + the_form.elements['pma_pw'].focus(); + return false; + } else if (the_form.elements['pma_pw'].value != the_form.elements['pma_pw2'].value) { + alert(jsPasswordNotSame); + the_form.elements['pma_pw'].value = ''; + the_form.elements['pma_pw2'].value = ''; + the_form.elements['pma_pw'].focus(); + return false; + } // end if...else if + } // end if + + return true; +} // end of the 'checkPassword()' function + + +/** + * Validates the "add an user" form + * + * @return boolean whether the form is validated or not + */ +function checkAddUser() +{ + var the_form = document.forms['addUserForm']; + + if (the_form.elements['anyhost'][1].checked && the_form.elements['host'].value == '') { + alert(jsHostEmpty); + the_form.elements['host'].focus(); + return false; + } + + if (the_form.elements['anyuser'][1].checked && the_form.elements['pma_user'].value == '') { + alert(jsUserEmpty); + the_form.elements['pma_user'].focus(); + return false; + } + + return checkPassword(the_form); +} // end of the 'addUser()' function + + +/** + * Gets the list of selected options in combo + * + * @param object the form to check + * + * @return string the list of selected options + */ +function getSelected(the_field) { + var the_list = ''; + var opts = the_field.options; + var opts_cnt = opts.length; + + for (var i = 0; i < opts_cnt; i++) { + if (opts[i].selected) { + the_list += opts[i].text + ', '; + } + } // end for + + return the_list.substring(0, the_list.length - 2); +} // end of the 'getSelected()' function + + +/** + * Reloads the page to get tables names in a database or fields names in a + * table + * + * @param object the input text box to build the query from + */ +function change(the_field) { + var l = location.href; + var box_name = the_field.name; + + if (box_name == 'dbgrant') { + var lpos = l.indexOf('&' + box_name); + if (lpos >= 0) { + l = l.substring(0, lpos); + } + } // end if + + location.href = l + '&' + box_name + '=' + getSelected(the_field); +} // end of the 'change()' function + + +/** + * Checks/unchecks all privileges + * + * @param string the form name + * @param boolean whether to check or to uncheck the element + * + * @return boolean always true + */ +function checkForm(the_form, do_check) { + var elts = document.forms[the_form].elements; + var elts_cnt = elts.length; + + for (var i = 0; i < elts_cnt; i++) { + var whichElt = elts[i].name; + if (whichElt.indexOf('_priv') >= 0) { + document.forms[the_form].elements[whichElt].checked = do_check; + } // end if + } // end for + + return true; +} // end of the 'checkForm()' function diff --git a/user_details.php3 b/user_details.php3 index dc4e95bd8..0bfc2707f 100644 --- a/user_details.php3 +++ b/user_details.php3 @@ -2,675 +2,660 @@ /* $Id$*/ +/** + * Gets some core libraries + */ require('./libraries/grab_globals.lib.php3'); require('./libraries/common.lib.php3'); -function check_operations() -{ - global $server, $lang; - global $strBack; - global $self; + +/** + * Displays the table of grants for an user + * + * @param integer the id of the query used to get hosts and databases lists + * @param mixed the database to check garnts for, FALSE for all databases + * + * @return boolean always true + * + * @global string the current language + * @global integer the server to use (refers to the number in the + * configuration file) + * + * @see check_db() + */ +function table_grants(&$host_db_result, $dbcheck = FALSE) { + global $lang, $server; ?> -
- -
+ + + + ' . $GLOBALS['strAction'] . '' . "\n"; + echo ' ' . "\n"; + echo ' '; + } else { + echo "\n"; + echo ' '; + } + echo "\n"; + echo ' ' . "\n"; + echo ' ' . "\n"; + echo ' ' . "\n"; + if (!$dbcheck) { + echo ' ' . "\n"; + } + ?> + + ' . $row['user'] . '@' . $row['host'] . '') + . '&goto=user_details.php3'; + if ($grantopt) { + $revoke_grant_url = 'sql.php3' + . '?' . $url_query + . '&sql_query=' . urlencode('REVOKE GRANT OPTION ON ' . backquote($db) . '.' . backquote($table) . ' FROM \'' . $row['user'] . '\'@\'' . $row['host'] . '\'') + . '&zero_rows=' . urlencode($GLOBALS['strRevokeGrantMessage'] . ' ' . $row['user'] . '@' . $row['host'] . '') + . '&goto=user_details.php3'; + } + ?> + + + > + + + + + > + + + + + + + + + + + + + + + + + + + + 0 + } // end while $row + ?> +
' . $GLOBALS['strHost'] . '' . $GLOBALS['strUser'] . '' . $GLOBALS['strAction'] . '' . $GLOBALS['strDatabase'] . '' . UCFirst($GLOBALS['strTable']) . '' . $GLOBALS['strPrivileges'] . 'Grant Option
+ + +  ' . $GLOBALS['strAny'] . ''; ?>' . $GLOBALS['strAll'] . '' : $db; ?>' . $GLOBALS['strAll'] . '' : $table; ?>' . $GLOBALS['strNoPrivileges'] . ''; ?>
+
- - - -
-
    - -
  • ">
    • - -
  • - - -
    - - - - -
    -
    • - -
  • - - - - - -
    - :  
    - - - - - -
    - :  
    - - - - - - - -
    - : :  

    :
    - -

    -
    -
    • -
-
- - - - -
-
    - -
  • ">
    • - -
  • - - - - -
    > >:  -
    - - - - - -
    > >:  -
    - - - - - - -
     : - -
    - -

    :
    - -

    -
    -
    • -
-
- \n"; - - if ($dbcheck) { - echo "$strAction"; - echo "$strHost"; - echo "$strUser"; - } else { - echo "$strAction"; - } - - echo "$strDatabase"; - echo "" . UCFirst($strTable) . ""; - echo "$strPrivileges"; - if (!$dbcheck) echo "Grant Option"; - echo "\n"; -} - -function table_grants_tail() { - echo "\n
"; -} + return TRUE; +} // end of the 'check_db()' function -function table_grants($host, $user, $dbcheck = FALSE) -{ - global $cfgBgcolorOne, $cfgBgcolorTwo; - global $server, $lang, $db, $table; - global $self; - - global $strEdit, $strDelete, $strAny, $strAll, $strYes, $strNo; - global $strRevoke, $strRevokePriv, $strRevokeGrant; - global $strRevokeMessage, $strRevokeGrantMessage; - global $strNoPrivileges; - - $select = "SHOW GRANTS FOR '$user'@'$host'"; - $result = mysql_query($select); - $rows = @mysql_num_rows($result); - - # Errors - if (!isset($rows)) return -1; - if ($rows == 0) return 0; - - $i = 0; - while ($row = mysql_fetch_row($result)) { - - if (eregi("GRANT (.*) ON ([^\.]+).([^\.]+) TO .*$", $row[0], $parts)) { - $priv = $parts[1]; - $db = $parts[2]; - $table = trim($parts[3]); - $grantopt = eregi("WITH GRANT OPTION$", $row[0]); - } else { - $db = " "; - $table = " "; - $column = " "; - $priv = ""; - $grantopt = FALSE; - } - - if ($priv == "USAGE") $priv = ""; - - # Checking the database ... - if ($dbcheck) - if (!eregi($dbcheck . "|\*", $db) || (trim($priv) == "")) continue; - - # Password Line - if ((trim($priv) == "") && !$grantopt) continue; - - if (!$dbcheck && !isset($show_header)) { - $show_header = TRUE; - table_grants_header(); - } - - $bgcolor = $cfgBgcolorOne; - $i % 2 ? 0: $bgcolor = $cfgBgcolorTwo; - - # Revoke - $query = "server=$server&lang=$lang&db=mysql&table=user"; - $revoke_url = "sql.php3"; -// $revoke_url .= "?sql_query=".urlencode("REVOKE $priv ON " . backquote($db) . "." . backquote($table) . " FROM '$user'@'$host'"); - $revoke_url .= "?sql_query=".urlencode("REVOKE $priv ON " . $db . "." . $table . " FROM '$user'@'$host'"); - $revoke_url .= "&$query"; - $revoke_url .= "&zero_rows=" . urlencode("$strRevokeMessage $user@$host"); - $revoke_url .= "&goto=$self"; - - # Revoke GRANT OPTION - if ($grantopt) { - $revoke_grant_url = "sql.php3"; -// $revoke_grant_url .= "?sql_query=" . urlencode("REVOKE GRANT OPTION ON " . backquote($db) . "." . backquote($table) . " FROM '$user'@'$host'"); - $revoke_grant_url .= "?sql_query=" . urlencode("REVOKE GRANT OPTION ON " . $db . "." . $table . " FROM '$user'@'$host'"); - $revoke_grant_url .= "&$query"; - $revoke_grant_url .= "&zero_rows=" . urlencode("$strRevokeGrantMessage $user@$host"); - $revoke_grant_url .= "&goto=$self"; - } - ?> - - - - - > - - > - - - - - - - - $strAny"; ?> - - - $strAll" : $db; ?> - $strAll" : $table; ?> - $strNoPrivileges"; ?> - - - - - - - - - +
"; - else echo ""; - echo ""; -// echo ""; - echo ""; - if ($item % 2 == 0) echo "\n"; - } - if ($item % 2 == 1) echo "\n"; - + $priv_priv = $priv . '_priv'; + $checked = ($row && $row[$priv_priv] == 'Y') ? ' checked="checked"' : ''; + if ($item % 2 == 1) { + echo ' ' . "\n"; + } else { + echo ' ' . "\n"; + } + echo ' ' . "\n"; + echo ' ' . "\n"; + if ($item % 2 == 0) { + echo ' ' . "\n"; + } + } // end while + if ($item % 2 == 1) { + echo ' ' . "\n"; + } // end if ?> -
 " . ${"str$priv"} . "" . $priv . "
 
 ' . "\n"; + echo ' ' . "\n"; + echo ' ' . $priv . '
 ' . "\n"; + echo '
- - - -
 
+ + + + + + + +
+ + +   + + +
+ +
    + +
  • +
    + +   + +
    +
    • + +
  • +
    + + + + + +
    +  :  + + + + + +
    +
    +
    • + +
  • +
    + + + + + + + + + + + + + + + + + + + + + + + +
    + + +   + +  :  + + +
    + + +   + +  :  + + +
    + + +   + +  :  + + +    +  :  + +
    +
    +  : +
    +
    + + + + +
    +
    • + +
+ + +
    + +
  • +
    + + +
    +
    • + +
  • +
    + + + + " /> + " /> + + + + + + + + + + + + + + + + + + + + + + + + +
    + /> + +     + /> +  :  + + + +   + +
    + /> + +     + /> +  :  + + + +   + +
    + + +     + +  :  + + +
    + + + + + +
    +
    +  :  +
    +
    + + +
    +
    • + +
+ $user@$host
$strRememberReload"); - $del_url .= "&server=$server&lang=$lang&db=mysql&table=user"; - $del_url .= "&goto=$self"; ?> - - -
-
    - -
  • ">
    • - - -
    • - - -
  • - - - - -
    :  :
    -

    -
    • - -
  • - -

    -
    +
  • +
    + + +
    • -
-
+
  • +
    + + + + + + + + +
    + /> + +   + /> +  :  + + +    +  :  + +
    + + + " /> + " /> + +
    +
    • + +
  • +
    + + + + " /> + " /> + +
    +
    • + + + " . $strEnglishPrivileges . "
    "; - echo "\n"; - echo ""; - echo ""; - echo ""; - echo ""; + echo '' . $GLOBALS['strEnglishPrivileges'] . '
    ' . "\n"; + echo '
    $strAction"; - echo "$strHost$strUser$strPassword$strPrivileges
    ' . "\n"; + echo '' . "\n"; + echo ' ' . "\n"; + echo ' ' . "\n"; + echo ' ' . "\n"; + echo ' ' . "\n"; + echo ' ' . "\n"; + echo '' . "\n"; $i = 0; while ($row = mysql_fetch_array($result)) { - $bgcolor = $cfgBgcolorOne; - $i % 2 ? 0: $bgcolor = $cfgBgcolorTwo; + $bgcolor = ($i % 2) ? $GLOBALS['cfgBgcolorOne'] : $GLOBALS['cfgBgcolorTwo']; - $strPriv = ""; - if ($row['Select_priv'] == "Y") $strPriv .= "Select "; - if ($row['Insert_priv'] == "Y") $strPriv .= "Insert "; - if ($row['Update_priv'] == "Y") $strPriv .= "Update "; - if ($row['Delete_priv'] == "Y") $strPriv .= "Delete "; - if ($row['Create_priv'] == "Y") $strPriv .= "Create "; - if ($row['Drop_priv'] == "Y") $strPriv .= "Drop "; - if ($row['Reload_priv'] == "Y") $strPriv .= "Reload "; - if ($row['Shutdown_priv'] == "Y") $strPriv .= "Shutdown "; - if ($row['Process_priv'] == "Y") $strPriv .= "Process "; - if ($row['File_priv'] == "Y") $strPriv .= "File "; - if ($row['Grant_priv'] == "Y") $strPriv .= "Grant "; - if ($row['References_priv'] == "Y") $strPriv .= "References "; - if ($row['Index_priv'] == "Y") $strPriv .= "Index "; - if ($row['Alter_priv'] == "Y") $strPriv .= "Alter "; + $strPriv = ''; + if ($row['Select_priv'] == 'Y') { + $strPriv .= 'Select '; + } + if ($row['Insert_priv'] == 'Y') { + $strPriv .= 'Insert '; + } + if ($row['Update_priv'] == 'Y') { + $strPriv .= 'Update '; + } + if ($row['Delete_priv'] == 'Y') { + $strPriv .= 'Delete '; + } + if ($row['Create_priv'] == 'Y') { + $strPriv .= 'Create '; + } + if ($row['Drop_priv'] == 'Y') { + $strPriv .= 'Drop '; + } + if ($row['Reload_priv'] == 'Y') { + $strPriv .= 'Reload '; + } + if ($row['Shutdown_priv'] == 'Y') { + $strPriv .= 'Shutdown '; + } + if ($row['Process_priv'] == 'Y') { + $strPriv .= 'Process '; + } + if ($row['File_priv'] == 'Y') { + $strPriv .= 'File '; + } + if ($row['Grant_priv'] == 'Y') { + $strPriv .= 'Grant '; + } + if ($row['References_priv'] == 'Y') { + $strPriv .= 'References '; + } + if ($row['Index_priv'] == 'Y') { + $strPriv .= 'Index '; + } + if ($row['Alter_priv'] == 'Y') { + $strPriv .= 'Alter '; + } + if ($strPriv == '') { + $strPriv = '' . $GLOBALS['strNoPrivileges'] . ''; + } - if ($strPriv == "") $strPriv = "$strNoPrivileges"; + $query = 'lang=' . $lang . '&server=' . $server . '&db=mysql&table=user'; + if (!$user) { + $edit_url = 'user_details.php3' + . '?lang=' . $lang . '&server=' . $server + . '&edit=1&host=' . urlencode($row['Host']) . '&pma_user=' . urlencode($row['User']); + } + $delete_url = 'user_details.php3' + . '?' . $query + . '&delete=1&confirm=1&delete_host=' . urlencode($row['Host']) . '&delete_user=' . urlencode($row['User']); + $check_url = 'user_details.php3' + . '?lang=' . $lang . '&server=' . $server + . '&grants=1&host=' . urlencode($row['Host']) . '&pma_user=' . urlencode($row['User']); - $query = "server=$server&lang=$lang&db=mysql&table=user"; - - # Edit - $edit_url = $self; - $edit_url .= "?server=$server&lang=$lang"; - $edit_url .= "&edit=1&host=" . urlencode($row['Host']) . "&user=" . urlencode($row['User']); - - # Delete - $delete_url = "$self?$query"; - $delete_url .= "&delete=1&confirm=1&delete_host=" . urlencode($row['Host']) . "&delete_user=" . urlencode($row['User']); - - # Grants - $check_url = $self; - $check_url .= "?server=$server&lang=$lang"; - $check_url .= "&grants=1&host=" . urlencode($row['Host']) . "&user=" . urlencode($row['User']); - -# $check_result = mysql_query("SHOW GRANTS FOR '" . $row['User'] . "'@'" . $row['Host'] ."'"); -# if (@mysql_num_rows($check_result) == 0) $check_url = "" +// $check_result = mysql_query('SHOW GRANTS FOR \'' . $row['User'] . '\'@\'' . $row['Host'] . '\''); +// if (@mysql_num_rows($check_result) == 0) { +// $check_url = ''; +// } ?> - - - - - - - - - - - + + + + + + + + + + + + +
    ' . $GLOBALS['strAction'] . '' . $GLOBALS['strHost'] . '' . $GLOBALS['strUser'] . '' . $GLOBALS['strPassword'] . '' . $GLOBALS['strPrivileges'] . '
    " . $row['User']. "" : "$strAny"; ?>$strNo"; ?>
    + + + + + + + + + + + + ' . $row['User'] . '' : '' . $GLOBALS['strAny'] . '') . "\n"; ?> + + ' . $GLOBALS['strNo'] . '') . "\n"; ?> + + +
    +
    + \n
    "; - return $rows; -} + echo $GLOBALS['strConfirm'] . ' : 
    ' . "\n"; + echo 'DELETE FROM mysql.user WHERE host = \'' . $the_host . '\' AND user = \'' . $the_user . '\'' . '
    ' . "\n"; + ?> +
    + + + + + + " /> + " /> + + +
    + - - - - -
    - - -
    - -"; - if ($host) echo "$strHost $host - $strUser "; - echo ($user) ? $user : "$strAny"; - echo ""; + echo '

    ' . "\n"; + echo ' ' . $strHost . ' ' . $host . ' - ' . $strUser . ' ' . (($pma_user) ? $pma_user : $strAny) . "\n"; + echo '

    '; } -# Confirm the action ... -if (isset($confirm) && $confirm && (!isset($clickyes) || !$clickyes)) { - confirm(); - exit(); + +/** + * Some actions has been submitted + */ +// Confirms an action +if (isset($confirm) && $confirm) { + confirm($delete_host, $delete_user); + exit(); } -if (($server > 0) && isset($mode) && ($mode == "reload")) - { - $result = mysql_query("FLUSH PRIVILEGES"); - if ($result != 0) { - echo "$strMySQLReloaded"; - } else { - echo "$strReloadFailed"; - } - } - -# Delete an user -if (isset($delete) && $delete && isset($delete_host) && isset($delete_user)) { - - # Delete Grants First! - mysql_query("DELETE FROM mysql.columns_priv WHERE host = '$delete_host' and user = '$delete_user'"); - mysql_query("DELETE FROM mysql.db WHERE host = '$delete_host' and user = '$delete_user'"); - mysql_query("DELETE FROM mysql.tables_priv WHERE host = '$delete_host' and user = '$delete_user'"); - - $result = mysql_query("DELETE FROM mysql.user WHERE host = '$delete_host' and user = '$delete_user'"); - if ($result != 0) { - echo "$strDeleteUserMessage $delete_user@$delete_host
    $strRememberReload    "; - } else { - echo "$strDeleteFailed"; - } +// Reloads mysql +else if (($server > 0) && isset($mode) && ($mode == 'reload')) { + $result = mysql_query('FLUSH PRIVILEGES'); + if ($result != 0) { + echo '

    ' . $strMySQLReloaded . '

    ' . "\n"; + } else { + echo '

    ' . $strReloadFailed . '

    ' . "\n"; + } } -if (isset($edit) && $edit) { # Edit an user - table_users($host, $user); - edit_operations($host, $user); +// Deletes an user +else if (isset($delete) && $delete + && isset($btnConfirm) && $btnConfirm == $strYes) { + if (get_magic_quotes_gpc()) { + $delete_host = stripslashes($delete_host); + $delete_user = stripslashes($delete_user); + } + $common_where = ' WHERE host = \'' . sql_addslashes($delete_host) . '\' AND user = \'' . sql_addslashes($delete_user) . '\''; -} elseif (isset($grants) && $grants) { # Revoke/Grant Privileges - table_grants($host, $user); - grant_operations(); + // Delete Grants First! + mysql_query('DELETE FROM mysql.columns_priv' . $common_where); + mysql_query('DELETE FROM mysql.db' . $common_where); + mysql_query('DELETE FROM mysql.tables_priv' . $common_where); -} elseif (isset($check) && $check) { # Check Database Privileges - check_db($db); - check_operations(); - -} else { # Users actions - if (!isset($host)) $host = FALSE; - if (!isset($user)) $user = FALSE; - table_users($host, $user) || mysql_die($strNoUsersFound); - normal_operations(); + $result = mysql_query('DELETE FROM mysql.user' . $common_where); + if ($result) { + echo '

    ' . $strDeleteUserMessage . ' ' . $delete_user . '@' . $delete_host . '
    '; + echo ' ' . $strRememberReload . '

    '; + } else { + echo '

    ' . $strDeleteFailed . '

    '; + } } +// Adds an user +else if (isset($submit_addUser)) { + $show_query = 'y'; + if (empty($host)) { + $host = '%'; + } + if (empty($pma_user)) { + $pma_user = '%'; + } + + // Password is not confirmed + if ((!isset($nopass) || !$nopass) && empty($pma_pw)) { + echo '

    ' . $strError . ' : ' . $strPasswordEmpty . '

    ' . "\n"; + unset($host); + unset($pma_user); + } + else if (!empty($pma_pw) + && (!isset($pma_pw2) || $pma_pw != $pma_pw2)) { + echo '

    ' . $strError . ' : ' . $strPasswordNotSame . '

    ' . "\n"; + unset($host); + unset($pma_user); + } + + // Password confirmed + else { + $sql_query = ''; + $list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload', + 'Shutdown', 'Process', 'File', 'Grant', 'References', 'Index', 'Alter'); + for ($i = 0; $i < 14; $i++) { + $priv_name = $list_priv[$i] . '_priv'; + if (isset($$priv_name)) { + $sql_query .= (empty($sql_query) ? $priv_name : ', ' . $priv_name) . ' = \'Y\''; + } else { + $sql_query .= (empty($sql_query) ? $priv_name : ', ' . $priv_name) . ' = \'N\''; + } + } // end for + unset($list_priv); + + $sql_query = 'INSERT INTO mysql.user ' + . 'SET host = \'' . sql_addslashes($host) . '\', user = \'' . sql_addslashes($pma_user) . '\', password = ' . (empty($pma_pw) ? '\'\'' : 'PASSWORD(\'' . sql_addslashes($pma_pw) . '\')') + . ', ' . $sql_query; + $result = @mysql_query($sql_query) or mysql_die('', '', FALSE); + unset($host); + unset($pma_user); + show_message($strAddUserMessage . '
    ' . $strRememberReload); + } // end else +} + +// Changes the password of an user +else if (isset($submit_chgPswd)) { + $show_query = 'y'; + $edit = TRUE; + if (empty($host)) { + $host = '%'; + } + if (empty($pma_user)) { + $pma_user = '%'; + } + + // Password is not confirmed + if ((!isset($nopass) || !$nopass) && empty($pma_pw)) { + echo '

    ' . $strError . ' : ' . $strPasswordEmpty . '

    ' . "\n"; + } + else if (!empty($pma_pw) + && (!isset($pma_pw2) || $pma_pw != $pma_pw2)) { + echo '

    ' . $strError . ' : ' . $strPasswordNotSame . '

    ' . "\n"; + } + + // Password confirmed + else { + $sql_query = 'UPDATE user ' + . 'SET password = ' . (empty($pma_pw) ? '\'\'' : 'PASSWORD(\'' . sql_addslashes($pma_pw) . '\')') . ' ' + . 'WHERE user = \'' . sql_addslashes($pma_user) . '\' AND host = \'' . sql_addslashes($host) . '\''; + $result = @mysql_query($sql_query) or mysql_die('', '', FALSE); + show_message($strUpdatePassMessage . ' ' . $pma_user . '@' . $host . '
    ' . $strRememberReload); + } // end else +} + +// Changes the privileges of an user +else if (isset($submit_chgPriv)) { + $show_query = 'y'; + $edit = TRUE; + if (empty($host)) { + $host = '%'; + } + if (empty($pma_user)) { + $pma_user = '%'; + } + + $sql_query = ''; + $list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload', + 'Shutdown', 'Process', 'File', 'Grant', 'References', 'Index', 'Alter'); + for ($i = 0; $i < 14; $i++) { + $priv_name = $list_priv[$i] . '_priv'; + if (isset($$priv_name)) { + $sql_query .= (empty($sql_query) ? $priv_name : ', ' . $priv_name) . ' = \'Y\''; + } else { + $sql_query .= (empty($sql_query) ? $priv_name : ', ' . $priv_name) . ' = \'N\''; + } + } // end for + unset($list_priv); + + $sql_query = 'UPDATE user SET ' + . $sql_query + . ' WHERE host = \'' . sql_addslashes($host) . '\' AND user = \'' . sql_addslashes($pma_user) . '\''; + $result = @mysql_query($sql_query) or mysql_die('', '', FALSE); + show_message($strUpdatePrivMessage . ' ' . $pma_user . '@' . $host . '
    ' . $strRememberReload); +} + +// Revoke/Grant privileges +else if (isset($grants) && $grants) { + $show_query = 'y'; + if (empty($host)) { + $host = '%'; + } + if (empty($pma_user)) { + $pma_user = '%'; + } + + if (isset($upd_grants)) { + $sql_query = ''; + $list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload', + 'Shutdown', 'Process', 'File', 'Grant', 'References', 'Index', 'Alter'); + for ($i = 0; $i < 14; $i++) { + $priv_name = $list_priv[$i] . '_priv'; + if (isset($$priv_name)) { + $sql_query .= (empty($sql_query) ? $list_priv[$i] : ', ' . $list_priv[$i]); + } + } // end for + unset($list_priv); + + if (isset($colgrant) && !$anycolumn) { + $col_list = ''; + $colgrant_cnt = count($colgrant); + for ($i = 0; $i < $colgrant_cnt; $i++) { + if (get_magic_quotes_gpc()) { + $colgrant[$i] = stripslashes($colgrant[$i]); + } + $col_list .= (empty($col_list) ? backquote($colgrant[$i]) : ', ' . backquote($colgrant[$i])); + } // end for + unset($colgrant); + $col_list = '(' . $col_list . ')'; + $sql_query .= (empty($sql_query) ? $col_list : ' ' . $col_list); + } // end if + + $target = (($anydb || empty($dbgrant)) ? '*' : backquote($dbgrant)) . '.' + . (($anytable || empty($tablegrant)) ? '*' : backquote($tablegrant)); + $sql_query .= (empty($sql_query) ? 'ON ' . $target : ' ON ' . $target); + + $target = (($pma_user == '%') ? $pma_user : '\'' . sql_addslashes($pma_user) . '\'') + . '@' + . (($host == '%') ? $host : '\'' . sql_addslashes($host) . '\''); + $sql_query .= (empty($sql_query) ? 'TO ' . $target : ' TO ' . $target); + + $sql_query = 'GRANT ' . $sql_query; + $result = @mysql_query($sql_query) or mysql_die('', '', FALSE); + show_message($strAddPrivMessage); + } // end if +} + + + +/** + * Displays the page + */ +// Edit an user properies +if (isset($edit) && $edit) { + table_users($host, $pma_user); + edit_operations($host, $pma_user); +} + +// Revoke/Grant privileges for an user +else if (isset($grants) && $grants) { + $result = mysql_query('SELECT * FROM mysql.user WHERE host = \'' . sql_addslashes($host) . '\' AND user = \'' . sql_addslashes($pma_user) . '\''); + grant_operations(mysql_fetch_array($result)); +} + +// Check database privileges +else if (isset($check) && $check) { + check_db($db); + ?> + +