From ce7425d598bd5cc0fa050dddf65921e32ef9d386 Mon Sep 17 00:00:00 2001 From: Sebastian Mendel Date: Thu, 27 Oct 2005 20:49:15 +0000 Subject: [PATCH] bug #688255 Can't edit priv. when different host in db and user --- ChangeLog | 2 + server_privileges.php | 171 ++++++++++++++++++++++++++++++------------ 2 files changed, 123 insertions(+), 50 deletions(-) diff --git a/ChangeLog b/ChangeLog index c0cd0d934..988a8c5e4 100755 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,8 @@ $Source$ - use db_name LIKE REPLACE( mysql.db.Db, \_, _ ) * libraries/grab_globals.lib.php: [XSS] clean $_SERVER variables * left.php, libraries/common.lib.php: format rowcount in left frame + * server_privileges.php: + bug #688255 Can't edit priv. when different host in db and user 2005-10-26 Marc Delisle * lang/french* updates diff --git a/server_privileges.php b/server_privileges.php index b5ee8edb5..25efe4a31 100644 --- a/server_privileges.php +++ b/server_privileges.php @@ -521,8 +521,7 @@ function PMA_displayPrivTable($db = '*', $table = '*', $submit = TRUE, $indent = * * @return void */ -function PMA_displayLoginInformationFields($mode = 'new', $indent = 0 ) -{ +function PMA_displayLoginInformationFields($mode = 'new', $indent = 0 ) { $spaces = str_repeat( ' ', $indent); // Get user/host name lengths @@ -542,6 +541,9 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0 ) } unset($fields_info); + if ( isset( $GLOBALS['username'] ) && strlen( $GLOBALS['username'] ) === 0 ) { + $GLOBALS['pred_username'] = 'any'; + } echo $spaces . '
' . "\n" . $spaces . '' . $GLOBALS['strLoginInformation'] . '' . "\n" . $spaces . '
' . "\n" @@ -613,8 +615,12 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0 ) . $spaces . ' ' . "\n" . $spaces . '' . "\n" . $spaces . '' . "\n" @@ -623,7 +629,7 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0 ) . $spaces . '' . "\n" - . $spaces . '' . "\n" + . $spaces . ' ' . "\n" . $spaces . '' . "\n" . $spaces . '
' . "\n" . $spaces . '
' . "\n" @@ -1249,7 +1255,7 @@ if (empty($adduser) && empty($checkprivs)) { // - the privilege tables use a structure of an earlier version. // so let's try a more simple query - $sql_query = 'SELECT * FROM `mysql`.`user`'; + $sql_query = 'SELECT * FROM `mysql`.`user`'; $res = PMA_DBI_try_query($sql_query, NULL, PMA_DBI_QUERY_STORE); if (!$res) { @@ -1266,33 +1272,87 @@ if (empty($adduser) && empty($checkprivs)) { } } else { - /** - * Displays the initials - */ - + // we also want users not in table `user` but in other table + $tables = PMA_DBI_fetch_result('SHOW TABLES FROM `mysql`;'); + + $db_rights_sqls = array(); + $db_rights_sqls[] = 'SELECT DISTINCT `User`, `Host` FROM `mysql`.`user` '; + if ( in_array( 'db', $tables ) ) { + $db_rights_sqls[] = 'SELECT DISTINCT `User`, `Host` FROM `mysql`.`db` '; + } + if ( in_array( 'tables_priv', $tables ) ) { + $db_rights_sqls[] = 'SELECT DISTINCT `User`, `Host` FROM `mysql`.`tables_priv`'; + } + if ( in_array( 'columns_priv', $tables ) ) { + $db_rights_sqls[] = 'SELECT DISTINCT `User`, `Host` FROM `mysql`.`columns_priv`'; + } + + $user_defaults = array( + 'User' => '', + 'Host' => '%', + 'Password' => 'N', + 'Grant_priv' => 'N', + 'privs' => array( 'USAGE' ), + ); + // for all initials, even non A-Z $array_initials = array(); + // for the rights + $db_rights = array(); + + if ( PMA_MYSQL_INT_VERSION >= 40000 ) { + $db_rights_sql = '(' . implode( ') UNION DISTINCT (', $db_rights_sqls ) . ')' + .' ORDER BY `User` ASC, `Host` ASC'; + + $db_rights_result = PMA_DBI_query( $db_rights_sql ); + + while ( $db_rights_row = PMA_DBI_fetch_assoc( $db_rights_result ) ) { + $db_rights_row = array_merge( $user_defaults, $db_rights_row ); + $db_rights[$db_rights_row['User']][$db_rights_row['Host']] = + $db_rights_row; + if ( ! empty( $db_rights_row['User'] ) ) { + $letter = strtoupper( $db_rights_row['User']{0} ); + $array_initials[$letter] = true; + } + } + } else { + foreach ( $db_rights_sqls as $db_rights_sql ) { + $db_rights_result = PMA_DBI_query( $db_rights_sql ); + + while ( $db_rights_row = PMA_DBI_fetch_assoc( $db_rights_result ) ) { + $db_rights_row = array_merge( $user_defaults, $db_rights_row ); + $db_rights[$db_rights_row['User']][$db_rights_row['Host']] = + $db_rights_row; + if ( ! empty( $db_rights_row['User'] ) ) { + $letter = strtoupper( $db_rights_row['User']{0} ); + $array_initials[$letter] = true; + } + } + } + } + PMA_DBI_free_result( $db_rights_result ); + unset( $db_rights_sql, $db_rights_sqls, $db_rights_result, $db_rights_row ); + ksort( $db_rights ); + + /** + * Displays the initials + */ // initialize to FALSE the letters A-Z for ($letter_counter = 1; $letter_counter < 27; $letter_counter++) { - $array_initials[chr($letter_counter + 64)] = FALSE; - } - - $initials = PMA_DBI_try_query('SELECT DISTINCT UPPER(LEFT(' . PMA_convert_using('User') . ',1)) FROM `mysql`.`user` ORDER BY `User` ASC', NULL, PMA_DBI_QUERY_STORE); - while (list($tmp_initial) = PMA_DBI_fetch_row($initials)) { - $array_initials[$tmp_initial] = TRUE; + if ( ! isset( $array_initials[chr($letter_counter + 64)] ) ) { + $array_initials[chr($letter_counter + 64)] = FALSE; + } } // Display the initials, which can be any characters, not // just letters. For letters A-Z, we add the non-used letters // as greyed out. - uksort($array_initials, "strnatcasecmp"); - reset($array_initials); + uksort( $array_initials, "strnatcasecmp" ); echo ''; foreach ($array_initials as $tmp_initial => $initial_was_found) { - if ($initial_was_found) { echo '' . "\n"; } else { @@ -1309,6 +1369,13 @@ if (empty($adduser) && empty($checkprivs)) { if (isset($initial) || isset($showall) || PMA_DBI_num_rows($res) < 50) { + while ( $row = PMA_DBI_fetch_assoc( $res ) ) { + $row['privs'] = PMA_extractPrivInfo( $row, true ); + $db_rights[$row['User']][$row['Host']] = $row; + } + @PMA_DBI_free_result( $res ); + unset( $res ); + echo '' . "\n" . PMA_generate_common_hidden_inputs('', '', 1) . '
' . $tmp_initial . '
' . "\n" @@ -1324,27 +1391,27 @@ if (empty($adduser) && empty($checkprivs)) { echo ' ' . "\n"; echo ' ' . "\n"; $odd_row = true; - for ($i = 0; $row = PMA_DBI_fetch_assoc($res); $i++) { - echo ' ' . "\n" - . ' ' . "\n" - . ' ' . "\n" - . ' ' . "\n"; - $privs = PMA_extractPrivInfo($row, TRUE); - echo ' ' . "\n" - . ' ' . "\n" - . ' ' . "\n" - . ' ' . "\n" - . ' ' . "\n"; - $odd_row = ! $odd_row; + foreach ( $db_rights as $user ) { + ksort( $user ); + foreach ( $user as $host ) { + echo ' ' . "\n" + . ' ' . "\n" + . ' ' . "\n" + . ' ' . "\n"; + echo ' ' . "\n" + . ' ' . "\n" + . ' ' . "\n" + . ' ' . "\n" + . ' ' . "\n"; + $odd_row = ! $odd_row; + } } - @PMA_DBI_free_result($res); - unset($res); - unset ($row); + unset( $user, $host, $odd_row ); echo ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n"; $odd_row = ! $odd_row; } // end while - - + + while (empty($dbname) && $row2) { $row2['Db'] = str_replace( '\\_', '_', $row2['Db'] ); - + $found_rows[] = $row2['Db']; echo '' . "\n" . ' ' . "\n" @@ -1575,7 +1645,7 @@ if (empty($adduser) && empty($checkprivs)) { echo '' . "\n" . '' . "\n"; $row2 = PMA_DBI_fetch_assoc($res2); - + $odd_row = ! $odd_row; } // end while if (empty($dbname)) { @@ -1640,7 +1710,8 @@ if (empty($adduser) && empty($checkprivs)) { . '' . "\n" . '' . "\n"; } - if (empty($dbname)) { + + if ( empty($dbname) && ! $user_does_not_exists ) { echo '' . "\n" . PMA_generate_common_hidden_inputs('', '', 3) . '' . "\n" @@ -1697,7 +1768,7 @@ if (empty($adduser) && empty($checkprivs)) { . '' . "\n"; } } -} else if (!empty($adduser)) { +} elseif (!empty($adduser)) { // Add a new user $GLOBALS['url_query'] .= '&adduser=1'; echo '

' . "\n"

' . htmlspecialchars($row['Host']) . '' . ($row['Password'] == 'Y' ? $GLOBALS['strYes'] : '' . $GLOBALS['strNo'] . '') . '' . "\n" - . ' ' . join(',' . "\n" . ' ', $privs) . "\n" - . ' ' . ($row['Grant_priv'] == 'Y' ? $GLOBALS['strYes'] : $GLOBALS['strNo']) . ''; - printf( $link_edit, urlencode( $row['User'] ), - urlencode( $row['Host'] ), '', '' ); - echo '
' . htmlspecialchars($host['Host']) . '' . ($host['Password'] == 'Y' ? $GLOBALS['strYes'] : '' . $GLOBALS['strNo'] . '') . '' . "\n" + . ' ' . implode( ',' . "\n" . ' ', $host['privs'] ) . "\n" + . ' ' . ($host['Grant_priv'] == 'Y' ? $GLOBALS['strYes'] : $GLOBALS['strNo']) . ''; + printf( $link_edit, urlencode( $host['User'] ), + urlencode( $host['Host'] ), '', '' ); + echo '
' . "\n" . ' ' . $GLOBALS['strEnglishPrivileges'] . '' . "\n" @@ -1422,12 +1489,14 @@ if (empty($adduser) && empty($checkprivs)) { } echo ' : ' . $GLOBALS['strEditPrivileges'] . '' . "\n"; $res = PMA_DBI_query('SELECT \'foo\' FROM `mysql`.`user` WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($hostname, 'quoted') . ';', NULL, PMA_DBI_QUERY_STORE); - if (PMA_DBI_num_rows($res) < 1) { - echo $GLOBALS['strUserNotFound']; - require_once('./footer.inc.php'); - } + $user_does_not_exists = (PMA_DBI_num_rows( $res ) < 1); PMA_DBI_free_result($res); unset($res); + if ( $user_does_not_exists ) { + echo $GLOBALS['strUserNotFound']; + PMA_displayLoginInformationFields(); + //require_once('./footer.inc.php'); + } echo '' . "\n" . PMA_generate_common_hidden_inputs('', '', 3) . '' . "\n" @@ -1440,6 +1509,7 @@ if (empty($adduser) && empty($checkprivs)) { } PMA_displayPrivTable((empty($dbname) ? '*' : $dbname), ((empty($dbname) || empty($tablename)) ? '*' : $tablename), TRUE, 3); echo '' . "\n"; + if (empty($tablename)) { echo '
' . "\n" . PMA_generate_common_hidden_inputs('', '', 6) @@ -1517,7 +1587,7 @@ if (empty($adduser) && empty($checkprivs)) { $row['Db'] = str_replace( '\\_', '_', $row['Db'] ); } $found_rows[] = empty($dbname) ? $row['Db'] : $row['Table_name']; - + echo '
' . htmlspecialchars(empty($dbname) ? $row['Db'] : $row['Table_name']) . '' . "\n" @@ -1550,11 +1620,11 @@ if (empty($adduser) && empty($checkprivs)) { . '
' . htmlspecialchars( $row2['Db']) . '