From ac5aad586bb01eed44c34f457f3c8f1c7af8e44b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Chapeaux?= <lolo@phpheaven.net>
Date: Tue, 21 Aug 2001 18:20:07 +0000
Subject: [PATCH] improved a bit Olivier's patch about the "Drop database"
 restrictions

---
 ChangeLog        | 10 ++++++----
 db_details.php3  | 24 ++++++++++--------------
 db_readdump.php3 | 15 +++++++++++++++
 sql.php3         | 30 +++++++++++++-----------------
 4 files changed, 44 insertions(+), 35 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 85d3c7b6f..d2ba3213d 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,10 +9,10 @@ $Source$
 	* db_stats.php3: added list of 20 biggest db's.
 	* lib.inc.php3: fixed the socket patch, should work now.
 	* lib.inc.php3: re-fixed :)
-        * config.inc.php3, config.php3, Docs, sql.php3: added configuration variable
-          $cfgAllowUserDropDatabase (set by default to FALSE), which will display
-          or not the link "Drop database" and reject the command if the user is
-          not allowed to run it (requested by <lance@uklinux.net>).
+	* config.inc.php3, config.php3, Docs, sql.php3: added configuration
+	  variable $cfgAllowUserDropDatabase (set by default to FALSE), which will
+	  display or not the link "Drop database" and reject the command if the
+	  user is not allowed to run it (requested by <lance@uklinux.net>). 
 
 2001-08-21  Loïc Chapeaux  <lolo@phpheaven.net>
 	* db_stats.php3: ensured the script is XHTML1.0 compliant and fits the
@@ -36,6 +36,8 @@ $Source$
 	  tbl_properties.inc.php3; tbl_properties.php3; user_details.php3:
 	  replaced MYSQL_MAJOR_VERSION and MYSQL_MINOR_VERSION constants by
 	  MYSQL_INT_VERSION.
+	* db_details.php3; sql.php3; db_readdump.php3; lang/*: improved a bit
+	  Olivier's patch about the "Drop database" restrictions.
 
 2001-08-20  Olivier Müller  <om@omnis.ch>
 	* db_stats.php3: new file and feature (sorry :) : simply display an
diff --git a/db_details.php3 b/db_details.php3
index c70eb84f1..b17279f91 100755
--- a/db_details.php3
+++ b/db_details.php3
@@ -544,31 +544,27 @@ echo '        ' . '&nbsp;<input type="submit" value="' . $strGo . '" />' . "\n";
     </li>
 
 <?php
-
-// Check if the user is a Superuser - TODO: set a global variable with this information
-
-$is_superuser = FALSE;
-$result = mysql_query('SELECT * FROM mysql.user');
-$rows   = @mysql_num_rows($result);
-if (!empty($rows)) { $is_superuser = TRUE; }
-
+// Check if the user is a Superuser
+// TODO: set a global variable with this information
+$result       = mysql_query('SELECT * FROM mysql.user');
+$rows         = @mysql_num_rows($result);
+// loic1: empry <> 0 with ceratin php3 releases
+$is_superuser = (!empty($rows) || $rows != 0);
+    
 // Display the DROP DATABASE link only if allowed to do so
-
 if ($cfgAllowUserDropDatabase || $is_superuser) {
-?>
-
+    ?>
     <!-- Drop database -->
     <li>
         <a href="sql.php3?server=<?php echo $server; ?>&lang=<?php echo $lang; ?>&db=<?php echo $db; ?>&sql_query=<?php echo urlencode('DROP DATABASE ' . backquote($db)); ?>&zero_rows=<?php echo urlencode($strDatabase . ' ' . htmlspecialchars(backquote($db)) . ' ' . $strHasBeenDropped); ?>&goto=main.php3&back=db_details.php3&reload=true">
             <?php echo $strDropDB . ' ' . htmlspecialchars($db); ?></a>
         <?php echo show_docu('manual_Reference.html#DROP_DATABASE') . "\n"; ?>
     </li>
-
-<?php
+    <?php
 }
+echo "\n";
 ?>
 
-
 </ul>
 
 
diff --git a/db_readdump.php3 b/db_readdump.php3
index 610263879..d15eba927 100755
--- a/db_readdump.php3
+++ b/db_readdump.php3
@@ -70,6 +70,21 @@ if (!empty($prev_sql_query)) {
     }
 }
 
+// Drop database is not allowed -> ensure the query can be run
+if (!$cfgAllowUserDropDatabase
+    && eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE ', $sql_query)) {
+    // Checks if the user is a Superuser
+    // TODO: set a global variable with this information
+    $result = mysql_query('SELECT * FROM mysql.user');
+    $rows   = @mysql_num_rows($result);
+    // empty <> 0 for certain php3 releases
+    if (empty($rows) || $rows == 0) {
+        include('./header.inc.php3');
+        mysql_die($strNoDropDatabases);
+    }
+}
+define('PMA_CHK_DROP', 1);
+
 // Copy the query, used for display purposes only
 $sql_query_cpy = $sql_query;
 
diff --git a/sql.php3 b/sql.php3
index 19fa5f26f..137392eda 100755
--- a/sql.php3
+++ b/sql.php3
@@ -8,27 +8,23 @@
 require('./grab_globals.inc.php3');
 require('./lib.inc.php3');
 
-/**
- * Check rights in case of DROP DATABASE
- */
 
-if (eregi('DROP DATABASE', $sql_query)) {
-    // Check if the user is a Superuser - TODO: set a global variable with this information
-
-    $is_superuser = FALSE;
+/** 
+ * Check rights in case of DROP DATABASE 
+ */ 
+if (!is_defined('PMA_CHK_DROP')
+    && !$cfgAllowUserDropDatabase
+    && eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE ', $sql_query)) {
+    // Checks if the user is a Superuser
+    // TODO: set a global variable with this information
     $result = mysql_query('SELECT * FROM mysql.user');
     $rows   = @mysql_num_rows($result);
-    if (!empty($rows)) { $is_superuser = TRUE; }
-
-    if (!$cfgAllowUserDropDatabase && !$is_superuser) {
+    // empty <> 0 for certain php3 releases
+    if (empty($rows) || $rows == 0) {
         include('./header.inc.php3');
-	echo '<b>' . $strAccessDenied . '</b>' . "\n";
-        require('./footer.inc.php3');
-        exit();
-    }
-}
-
-
+        mysql_die($strNoDropDatabases);
+    } // end if
+} // end if
 
 
 /**