* config.inc.php3, config.php3, Docs, sql.php3: added configuration variable

$cfgAllowUserDropDatabase (set by default to FALSE), which will display
          or not the link "Drop database" and reject the command if the user is
          not allowed to run it (requested by <lance@uklinux.net>).
This commit is contained in:
Olivier Müller
2001-08-21 17:41:58 +00:00
parent 8fafafb823
commit 3d439121e3
5 changed files with 58 additions and 2 deletions

View File

@@ -9,6 +9,10 @@ $Source$
* db_stats.php3: added list of 20 biggest db's.
* lib.inc.php3: fixed the socket patch, should work now.
* lib.inc.php3: re-fixed :)
* config.inc.php3, config.php3, Docs, sql.php3: added configuration variable
$cfgAllowUserDropDatabase (set by default to FALSE), which will display
or not the link "Drop database" and reject the command if the user is
not allowed to run it (requested by <lance@uklinux.net>).
2001-08-21 Lo<4C>c Chapeaux <lolo@phpheaven.net>
* db_stats.php3: ensured the script is XHTML1.0 compliant and fits the

View File

@@ -433,6 +433,15 @@
<br /><br />
</dd>
<dt><b>$cfgAllowUserDropDatabase </b>boolean</dt>
<dd>
Defines whether standard users (non administrator) are allowed to
delete their own database or not. If set as FALSE, the link
"Drop Database" will not be shown, and even a "DROP DATABASE mydatabase"
will be rejected. Quite practical for ISP's with many customers.
<br /><br />
</dd>
<dt><b>$cfgShowSQL </b>boolean</dt>
<dd>
Defines whether sql-queries generated by phpMyAdmin should be displayed

View File

@@ -94,13 +94,14 @@ unset($cfgServers[0]);
$cfgConfirm = TRUE; // confirm 'DROP TABLE' & 'DROP DATABASE'
$cfgPersistentConnections = FALSE; // use persistent connections to MySQL database
$cfgShowBlob = FALSE; // display blob field contents in browse mode
$cfgProtectBlob = TRUE; // disallow editing of blob fields in edit mode
$cfgProtectBlob = TRUE; // disallow editing of blob fields in edit mode
$cfgAllowUserDropDatabase = FALSE; // disallow users to delete their own database
$cfgShowSQL = TRUE; // show SQL queries as run
$cfgSkipLockedTables = FALSE; // mark used tables, make possible to show
// locked tables (since MySQL 3.23.30)
$cfgMaxRows = 30; // maximum number of rows to display in browse mode
$cfgOrder = 'ASC'; // default for 'ORDER BY' clause
$cfgOBGzip = TRUE; // GZIP output buffering
$cfgOBGzip = TRUE; // GZIP output buffering
$cfgGZipDump = TRUE; // Allow the use of gzip/bzip compression
$cfgBZipDump = TRUE; // for dump files

View File

@@ -543,12 +543,32 @@ echo ' ' . '&nbsp;<input type="submit" value="' . $strGo . '" />' . "\n";
</form>
</li>
<?php
// Check if the user is a Superuser - TODO: set a global variable with this information
$is_superuser = FALSE;
$result = mysql_query('SELECT * FROM mysql.user');
$rows = @mysql_num_rows($result);
if (!empty($rows)) { $is_superuser = TRUE; }
// Display the DROP DATABASE link only if allowed to do so
if ($cfgAllowUserDropDatabase || $is_superuser) {
?>
<!-- Drop database -->
<li>
<a href="sql.php3?server=<?php echo $server; ?>&lang=<?php echo $lang; ?>&db=<?php echo $db; ?>&sql_query=<?php echo urlencode('DROP DATABASE ' . backquote($db)); ?>&zero_rows=<?php echo urlencode($strDatabase . ' ' . htmlspecialchars(backquote($db)) . ' ' . $strHasBeenDropped); ?>&goto=main.php3&back=db_details.php3&reload=true">
<?php echo $strDropDB . ' ' . htmlspecialchars($db); ?></a>
<?php echo show_docu('manual_Reference.html#DROP_DATABASE') . "\n"; ?>
</li>
<?php
}
?>
</ul>

View File

@@ -8,6 +8,28 @@
require('./grab_globals.inc.php3');
require('./lib.inc.php3');
/**
* Check rights in case of DROP DATABASE
*/
if (eregi('DROP DATABASE', $sql_query)) {
// Check if the user is a Superuser - TODO: set a global variable with this information
$is_superuser = FALSE;
$result = mysql_query('SELECT * FROM mysql.user');
$rows = @mysql_num_rows($result);
if (!empty($rows)) { $is_superuser = TRUE; }
if (!$cfgAllowUserDropDatabase && !$is_superuser) {
include('./header.inc.php3');
echo '<b>' . $strAccessDenied . '</b>' . "\n";
require('./footer.inc.php3');
exit();
}
}
/**
* Bookmark add