From 3d439121e326d1bf1ef13084f9ae176672eaf692 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20M=C3=BCller?= Date: Tue, 21 Aug 2001 17:41:58 +0000 Subject: [PATCH] * config.inc.php3, config.php3, Docs, sql.php3: added configuration variable $cfgAllowUserDropDatabase (set by default to FALSE), which will display or not the link "Drop database" and reject the command if the user is not allowed to run it (requested by ). --- ChangeLog | 4 ++++ Documentation.html | 9 +++++++++ config.inc.php3 | 5 +++-- db_details.php3 | 20 ++++++++++++++++++++ sql.php3 | 22 ++++++++++++++++++++++ 5 files changed, 58 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index b48e5a3e3..85d3c7b6f 100755 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,10 @@ $Source$ * db_stats.php3: added list of 20 biggest db's. * lib.inc.php3: fixed the socket patch, should work now. * lib.inc.php3: re-fixed :) + * config.inc.php3, config.php3, Docs, sql.php3: added configuration variable + $cfgAllowUserDropDatabase (set by default to FALSE), which will display + or not the link "Drop database" and reject the command if the user is + not allowed to run it (requested by ). 2001-08-21 Loïc Chapeaux * db_stats.php3: ensured the script is XHTML1.0 compliant and fits the diff --git a/Documentation.html b/Documentation.html index 237a9ec3d..53e6e8806 100755 --- a/Documentation.html +++ b/Documentation.html @@ -433,6 +433,15 @@

+
$cfgAllowUserDropDatabase boolean
+
+ Defines whether standard users (non administrator) are allowed to + delete their own database or not. If set as FALSE, the link + "Drop Database" will not be shown, and even a "DROP DATABASE mydatabase" + will be rejected. Quite practical for ISP's with many customers. +

+
+
$cfgShowSQL boolean
Defines whether sql-queries generated by phpMyAdmin should be displayed diff --git a/config.inc.php3 b/config.inc.php3 index 34980e92c..ac7699012 100755 --- a/config.inc.php3 +++ b/config.inc.php3 @@ -94,13 +94,14 @@ unset($cfgServers[0]); $cfgConfirm = TRUE; // confirm 'DROP TABLE' & 'DROP DATABASE' $cfgPersistentConnections = FALSE; // use persistent connections to MySQL database $cfgShowBlob = FALSE; // display blob field contents in browse mode -$cfgProtectBlob = TRUE; // disallow editing of blob fields in edit mode +$cfgProtectBlob = TRUE; // disallow editing of blob fields in edit mode +$cfgAllowUserDropDatabase = FALSE; // disallow users to delete their own database $cfgShowSQL = TRUE; // show SQL queries as run $cfgSkipLockedTables = FALSE; // mark used tables, make possible to show // locked tables (since MySQL 3.23.30) $cfgMaxRows = 30; // maximum number of rows to display in browse mode $cfgOrder = 'ASC'; // default for 'ORDER BY' clause -$cfgOBGzip = TRUE; // GZIP output buffering +$cfgOBGzip = TRUE; // GZIP output buffering $cfgGZipDump = TRUE; // Allow the use of gzip/bzip compression $cfgBZipDump = TRUE; // for dump files diff --git a/db_details.php3 b/db_details.php3 index 92d45361b..c70eb84f1 100755 --- a/db_details.php3 +++ b/db_details.php3 @@ -543,12 +543,32 @@ echo ' ' . ' ' . "\n"; + +
    • + + + + diff --git a/sql.php3 b/sql.php3 index e807931b9..19fa5f26f 100755 --- a/sql.php3 +++ b/sql.php3 @@ -8,6 +8,28 @@ require('./grab_globals.inc.php3'); require('./lib.inc.php3'); +/** + * Check rights in case of DROP DATABASE + */ + +if (eregi('DROP DATABASE', $sql_query)) { + // Check if the user is a Superuser - TODO: set a global variable with this information + + $is_superuser = FALSE; + $result = mysql_query('SELECT * FROM mysql.user'); + $rows = @mysql_num_rows($result); + if (!empty($rows)) { $is_superuser = TRUE; } + + if (!$cfgAllowUserDropDatabase && !$is_superuser) { + include('./header.inc.php3'); + echo '' . $strAccessDenied . '' . "\n"; + require('./footer.inc.php3'); + exit(); + } +} + + + /** * Bookmark add