diff --git a/ChangeLog b/ChangeLog index b48e5a3e3..85d3c7b6f 100755 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,10 @@ $Source$ * db_stats.php3: added list of 20 biggest db's. * lib.inc.php3: fixed the socket patch, should work now. * lib.inc.php3: re-fixed :) + * config.inc.php3, config.php3, Docs, sql.php3: added configuration variable + $cfgAllowUserDropDatabase (set by default to FALSE), which will display + or not the link "Drop database" and reject the command if the user is + not allowed to run it (requested by ). 2001-08-21 Loïc Chapeaux * db_stats.php3: ensured the script is XHTML1.0 compliant and fits the diff --git a/Documentation.html b/Documentation.html index 237a9ec3d..53e6e8806 100755 --- a/Documentation.html +++ b/Documentation.html @@ -433,6 +433,15 @@

+
$cfgAllowUserDropDatabase boolean
+
+ Defines whether standard users (non administrator) are allowed to + delete their own database or not. If set as FALSE, the link + "Drop Database" will not be shown, and even a "DROP DATABASE mydatabase" + will be rejected. Quite practical for ISP's with many customers. +

+
+
$cfgShowSQL boolean
Defines whether sql-queries generated by phpMyAdmin should be displayed diff --git a/config.inc.php3 b/config.inc.php3 index 34980e92c..ac7699012 100755 --- a/config.inc.php3 +++ b/config.inc.php3 @@ -94,13 +94,14 @@ unset($cfgServers[0]); $cfgConfirm = TRUE; // confirm 'DROP TABLE' & 'DROP DATABASE' $cfgPersistentConnections = FALSE; // use persistent connections to MySQL database $cfgShowBlob = FALSE; // display blob field contents in browse mode -$cfgProtectBlob = TRUE; // disallow editing of blob fields in edit mode +$cfgProtectBlob = TRUE; // disallow editing of blob fields in edit mode +$cfgAllowUserDropDatabase = FALSE; // disallow users to delete their own database $cfgShowSQL = TRUE; // show SQL queries as run $cfgSkipLockedTables = FALSE; // mark used tables, make possible to show // locked tables (since MySQL 3.23.30) $cfgMaxRows = 30; // maximum number of rows to display in browse mode $cfgOrder = 'ASC'; // default for 'ORDER BY' clause -$cfgOBGzip = TRUE; // GZIP output buffering +$cfgOBGzip = TRUE; // GZIP output buffering $cfgGZipDump = TRUE; // Allow the use of gzip/bzip compression $cfgBZipDump = TRUE; // for dump files diff --git a/db_details.php3 b/db_details.php3 index 92d45361b..c70eb84f1 100755 --- a/db_details.php3 +++ b/db_details.php3 @@ -543,12 +543,32 @@ echo ' ' . ' ' . "\n"; + +
    • + + + + diff --git a/sql.php3 b/sql.php3 index e807931b9..19fa5f26f 100755 --- a/sql.php3 +++ b/sql.php3 @@ -8,6 +8,28 @@ require('./grab_globals.inc.php3'); require('./lib.inc.php3'); +/** + * Check rights in case of DROP DATABASE + */ + +if (eregi('DROP DATABASE', $sql_query)) { + // Check if the user is a Superuser - TODO: set a global variable with this information + + $is_superuser = FALSE; + $result = mysql_query('SELECT * FROM mysql.user'); + $rows = @mysql_num_rows($result); + if (!empty($rows)) { $is_superuser = TRUE; } + + if (!$cfgAllowUserDropDatabase && !$is_superuser) { + include('./header.inc.php3'); + echo '' . $strAccessDenied . '' . "\n"; + require('./footer.inc.php3'); + exit(); + } +} + + + /** * Bookmark add