' . $GLOBALS['strAction'] . '' . "\n";
echo ' | ' . $GLOBALS['strHost'] . ' | ' . "\n";
echo ' ' . $GLOBALS['strUser'] . ' | ';
} else {
echo "\n";
echo ' ' . $GLOBALS['strAction'] . ' | ';
}
echo "\n";
echo ' ' . $GLOBALS['strDatabase'] . ' | ' . "\n";
echo ' ' . UCFirst($GLOBALS['strTable']) . ' | ' . "\n";
echo ' ' . $GLOBALS['strPrivileges'] . ' | ' . "\n";
if (!$dbcheck) {
echo ' Grant Option | ' . "\n";
}
?>
' . $row['User'] . '@' . $row['Host'] . '') . '
' . $GLOBALS['strRememberReload'])
. '&goto=user_details.php3';
if ($grantopt) {
$revoke_grant_url = 'sql.php3'
. '?' . $url_query
. '&sql_query=' . urlencode('REVOKE GRANT OPTION ON ' . PMA_backquote($db) . '.' . PMA_backquote($table) . ' FROM \'' . $row['User'] . '\'@\'' . $row['Host'] . '\'')
. '&zero_rows=' . urlencode(sprintf($GLOBALS['strRevokeGrantMessage'], ' ' . $row['User'] . '@' . $row['Host'] . '') . '
' . $GLOBALS['strRememberReload'])
. '&goto=user_details.php3';
}
?>
bgcolor="">
bgcolor="">
|
|
|
|
' . $GLOBALS['strAny'] . ''; ?> |
' . $GLOBALS['strAll'] . '' : $db; ?> |
' . $GLOBALS['strAll'] . '' : $table; ?> |
' . $GLOBALS['strNoPrivileges'] . ''; ?> |
|
0
// $host_db_result is an array containing related to only one user
// -> exit the loop
if (is_array($host_db_result)) {
break;
}
} // end while $row
?>
' . $GLOBALS['strEnglishPrivileges'] . '
' . "\n";
echo '' . "\n";
echo '' . "\n";
echo ' | ' . $GLOBALS['strAction'] . ' | ' . "\n";
echo ' ' . $GLOBALS['strHost'] . ' | ' . "\n";
echo ' ' . $GLOBALS['strUser'] . ' | ' . "\n";
echo ' ' . $GLOBALS['strPassword'] . ' | ' . "\n";
echo ' ' . $GLOBALS['strPrivileges'] . ' | ' . "\n";
echo '
' . "\n";
$i = 0;
while ($row = mysql_fetch_array($result)) {
$bgcolor = ($i % 2) ? $GLOBALS['cfgBgcolorOne'] : $GLOBALS['cfgBgcolorTwo'];
$strPriv = '';
if ($row['Select_priv'] == 'Y') {
$strPriv .= 'Select ';
}
if ($row['Insert_priv'] == 'Y') {
$strPriv .= 'Insert ';
}
if ($row['Update_priv'] == 'Y') {
$strPriv .= 'Update ';
}
if ($row['Delete_priv'] == 'Y') {
$strPriv .= 'Delete ';
}
if ($row['Create_priv'] == 'Y') {
$strPriv .= 'Create ';
}
if ($row['Drop_priv'] == 'Y') {
$strPriv .= 'Drop ';
}
if ($row['Reload_priv'] == 'Y') {
$strPriv .= 'Reload ';
}
if ($row['Shutdown_priv'] == 'Y') {
$strPriv .= 'Shutdown ';
}
if ($row['Process_priv'] == 'Y') {
$strPriv .= 'Process ';
}
if ($row['File_priv'] == 'Y') {
$strPriv .= 'File ';
}
if ($row['Grant_priv'] == 'Y') {
$strPriv .= 'Grant ';
}
if ($row['References_priv'] == 'Y') {
$strPriv .= 'References ';
}
if ($row['Index_priv'] == 'Y') {
$strPriv .= 'Index ';
}
if ($row['Alter_priv'] == 'Y') {
$strPriv .= 'Alter ';
}
if ($strPriv == '') {
$strPriv = '' . $GLOBALS['strNoPrivileges'] . '';
}
$query = 'lang=' . $lang . '&server=' . $server . '&db=mysql&table=user';
if (!$user) {
$edit_url = 'user_details.php3'
. '?lang=' . $lang . '&server=' . $server
. '&edit=1&host=' . urlencode($row['Host']) . '&pma_user=' . urlencode($row['User']);
}
$delete_url = 'user_details.php3'
. '?' . $query
. '&delete=1&confirm=1&delete_host=' . urlencode($row['Host']) . '&delete_user=' . urlencode($row['User']);
$check_url = 'user_details.php3'
. '?lang=' . $lang . '&server=' . $server
. '&grants=1&host=' . urlencode($row['Host']) . '&pma_user=' . urlencode($row['User']);
// $check_result = mysql_query('SHOW GRANTS FOR \'' . $row['User'] . '\'@\'' . $row['Host'] . '\'');
// if (@mysql_num_rows($check_result) == 0) {
// $check_url = '';
// }
?>
|
|
|
|
|
' . $row['User'] . '' : '' . $GLOBALS['strAny'] . '') . "\n"; ?>
|
' . $GLOBALS['strNo'] . '') . "\n"; ?>
|
|
' . "\n";
echo 'DELETE FROM mysql.user WHERE Host = \'' . $the_host . '\' AND User = \'' . $the_user . '\'' . '
' . "\n";
?>
' . $strError . '' . "\n";
echo ' ' . $strNoRights . '
' . "\n";
include('./footer.inc.php3');
exit();
}
$result = @mysql_query('SELECT COUNT(Password) FROM mysql.user');
$password_field = (mysql_result($result, 0) ? 'Password' : 'password');
/**
* Autocomplete feature of IE kills the "onchange" event handler and it must be
* replaced by the "onpropertychange" one in this case
*/
$chg_evt_handler = (PMA_USR_BROWSER_AGENT == 'IE' && PMA_USR_BROWSER_VER >= 5)
? 'onpropertychange'
: 'onchange';
/**
* Displays headers
*/
if (isset($db)) {
$db_bkp = (get_magic_quotes_gpc() ? stripslashes($db) : $db);
unset($db);
}
if (isset($table)) {
$table_bkp = (get_magic_quotes_gpc() ? stripslashes($table) : $table);
unset($table);
}
if (get_magic_quotes_gpc()) {
if (!empty($host)) {
$host = stripslashes($host);
}
if (!empty($pma_user)) {
$pma_user = stripslashes($pma_user);
}
}
if (!isset($message)) {
$js_to_run = 'user_details.js';
include('./header.inc.php3');
}
if (!isset($submit_updProfile)) {
echo '' . "\n";
echo ' ' . ((!isset($host) || $host == '') ? $strAnyHost : $strHost . ' ' . $host) . ' - ' . ((!isset($pma_user) || $pma_user == '') ? $strAnyUser : $strUser . ' ' . $pma_user) . "\n";
echo '
';
}
if (isset($message)) {
$show_query = 'y';
PMA_showMessage($message);
}
if (isset($db_bkp)) {
$db = $db_bkp;
unset($db_bkp);
}
if (isset($table_bkp)) {
$table = $table_bkp;
unset($table_bkp);
}
/**
* Some actions has been submitted
*/
// Confirms an action
if (isset($confirm) && $confirm) {
PMA_confirm($delete_host, $delete_user);
exit();
}
// Reloads mysql
else if (($server > 0) && isset($mode) && ($mode == 'reload')) {
$result = mysql_query('FLUSH PRIVILEGES');
if ($result != 0) {
echo '' . $strMySQLReloaded . '
' . "\n";
} else {
echo '' . $strReloadFailed . '
' . "\n";
}
}
// Deletes an user
else if (isset($delete) && $delete
&& isset($btnConfirm) && $btnConfirm == $strYes) {
if (get_magic_quotes_gpc()) {
$delete_host = stripslashes($delete_host);
$delete_user = stripslashes($delete_user);
}
$common_where = ' WHERE Host = \'' . PMA_sqlAddslashes($delete_host) . '\' AND User = \'' . PMA_sqlAddslashes($delete_user) . '\'';
// Delete Grants First!
$sql_query = 'DELETE FROM mysql.db' . $common_where;
$sql_query_cpy = $sql_query;
mysql_query($sql_query);
$sql_query = 'DELETE FROM mysql.tables_priv' . $common_where;
$sql_query_cpy .= ";\n" . $sql_query;
mysql_query($sql_query);
$sql_query = 'DELETE FROM mysql.columns_priv' . $common_where;
$sql_query_cpy .= ";\n" . $sql_query;
mysql_query($sql_query);
$sql_query = 'DELETE FROM mysql.user' . $common_where;
$sql_query_cpy .= ";\n" . $sql_query;
$result = mysql_query($sql_query);
$sql_query = $sql_query_cpy;
unset($sql_query_cpy);
if ($result) {
PMA_showMessage(sprintf($strDeleteUserMessage, '' . $delete_user . '@' . $delete_host . '') . '
' . $strRememberReload);
} else {
PMA_showMessage($strDeleteFailed);
}
}
// Adds an user
else if (isset($submit_addUser)) {
$show_query = 'y';
if (!isset($host) || $host == '') {
$host = '%';
}
if (!isset($pma_user) || $pma_user == '') {
$pma_user = '%';
}
// Password is not confirmed
if ((!isset($nopass) || !$nopass) && $pma_pw == '') {
echo '' . $strError . ' : ' . $strPasswordEmpty . '
' . "\n";
unset($host);
unset($pma_user);
}
else if ($pma_pw != ''
&& (!isset($pma_pw2) || $pma_pw != $pma_pw2)) {
echo '' . $strError . ' : ' . $strPasswordNotSame . '
' . "\n";
unset($host);
unset($pma_user);
}
// Password confirmed
else {
$sql_query = '';
$list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
'Shutdown', 'Process', 'File', 'Grant', 'References', 'Index', 'Alter');
for ($i = 0; $i < 14; $i++) {
$priv_name = $list_priv[$i] . '_priv';
if (isset($$priv_name)) {
$sql_query .= (empty($sql_query) ? $priv_name : ', ' . $priv_name) . ' = \'Y\'';
} else {
$sql_query .= (empty($sql_query) ? $priv_name : ', ' . $priv_name) . ' = \'N\'';
}
} // end for
unset($list_priv);
if (get_magic_quotes_gpc() && $pma_pw != '') {
$pma_pw = stripslashes($pma_pw);
}
$local_query = 'INSERT INTO mysql.user '
. 'SET Host = \'' . PMA_sqlAddslashes($host) . '\', User = \'' . PMA_sqlAddslashes($pma_user) . '\', ' . $password_field . ' = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . PMA_sqlAddslashes($pma_pw) . '\')')
. ', ' . $sql_query;
$sql_query = 'INSERT INTO mysql.user '
. 'SET Host = \'' . PMA_sqlAddslashes($host) . '\', User = \'' . PMA_sqlAddslashes($pma_user) . '\', ' . $password_field . ' = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . ereg_replace('.', '*', $pma_pw) . '\')')
. ', ' . $sql_query;
$result = @mysql_query($local_query) or PMA_mysqlDie('', '', FALSE, $err_url);
unset($host);
unset($pma_user);
PMA_showMessage($strAddUserMessage . '
' . $strRememberReload);
} // end else
}
// Updates the profile of an user
else if (isset($submit_updProfile)) {
$show_query = 'y';
$edit = TRUE;
if (!isset($host) || $host == '') {
$host = '%';
}
if (!isset($pma_user) || $pma_user == '') {
$pma_user = '%';
}
// Builds the sql query
$common_upd = '';
if (isset($anyhost) && $anyhost) {
$new_server = '%';
} else if ($new_server != '' && get_magic_quotes_gpc()) {
$new_server = stripslashes($new_server);
}
if ($new_server != '' && $new_server != $host) {
$common_upd .= 'Host = \'' . PMA_sqlAddslashes($new_server) . '\'';
} else if (isset($new_server)) {
unset($new_server);
}
if (isset($anyuser) && $anyuser) {
$new_user = '%';
} else if ($new_user != '' && get_magic_quotes_gpc()) {
$new_user = stripslashes($new_user);
}
if ($new_user != '' && $new_user != $pma_user) {
$common_upd .= (empty($common_upd) ? '' : ', ')
. 'User = \'' . PMA_sqlAddslashes($new_user) . '\'';
} else if (isset($new_user)) {
unset($new_user);
}
if (isset($nopass) && $nopass == -1) {
$sql_query = $common_upd;
$local_query = $common_upd;
}
else if ((!isset($nopass) || $nopass == 0) && $new_pw == '') {
echo '' . "\n";
echo ' ' . $strHost . ' ' . $host . ' - ' . $strUser . ' ' . (($pma_user != '') ? $pma_user : $strAny) . "\n";
echo '
' . "\n";
echo '' . $strError . ' : ' . $strPasswordEmpty . '
' . "\n";
}
else if ($new_pw != ''
&& (!isset($new_pw2) || $new_pw != $new_pw2)) {
echo '' . "\n";
echo ' ' . $strHost . ' ' . $host . ' - ' . $strUser . ' ' . (($pma_user != '') ? $pma_user : $strAny) . "\n";
echo '
' . "\n";
echo '' . $strError . ' : ' . $strPasswordNotSame . '
' . "\n";
}
else {
$sql_query = (empty($common_upd) ? '' : $common_upd . ', ')
. $password_field . ' = ' . (($new_pw == '') ? '\'\'' : 'PASSWORD(\'' . ereg_replace('.', '*', $new_pw) . '\')');
$local_query = (empty($common_upd) ? '' : $common_upd . ', ')
. $password_field . ' = ' . (($new_pw == '') ? '\'\'' : 'PASSWORD(\'' . PMA_sqlAddslashes($new_pw) . '\')');
}
if (!empty($sql_query)) {
$common_where = ' WHERE Host = \'' . PMA_sqlAddslashes($host) . '\' AND User = \'' . PMA_sqlAddslashes($pma_user) . '\'';
// Updates profile
$local_query = 'UPDATE user SET ' . $local_query . $common_where;
$sql_query_cpy = 'UPDATE user SET ' . $sql_query . $common_where;
$result = @mysql_query($local_query) or PMA_mysqlDie('', '', FALSE, $err_url . '&host=' . urlencode($host) . '&pma_user=' . urlencode($pma_user) . '&edit=1');
// Updates grants
if (isset($new_server) || isset($new_user)) {
$sql_query = 'UPDATE mysql.db SET ' . $common_upd . $common_where;
$sql_query_cpy .= ";\n" . $sql_query;
mysql_query($sql_query);
$sql_query = 'UPDATE mysql.tables_priv SET ' . $common_upd . $common_where;
$sql_query_cpy .= ";\n" . $sql_query;
mysql_query($sql_query);
$sql_query = 'UPDATE mysql.columns_priv SET ' . $common_upd . $common_where;
$sql_query_cpy .= ";\n" . $sql_query;
mysql_query($sql_query);
unset($common_upd);
}
$sql_query = $sql_query_cpy;
unset($sql_query_cpy);
if (isset($new_server)) {
$host = $new_server;
}
if (isset($new_user)) {
$pma_user = $new_user;
}
echo '' . "\n";
echo ' ' . $strHost . ' ' . $host . ' - ' . $strUser . ' ' . (($pma_user != '') ? $pma_user : $strAny) . "\n";
echo '
' . "\n";
PMA_showMessage($strUpdateProfileMessage . '
' . $strRememberReload);
} else {
echo '' . "\n";
echo ' ' . $strHost . ' ' . $host . ' - ' . $strUser . ' ' . (($pma_user != '') ? $pma_user : $strAny) . "\n";
echo '
' . "\n";
PMA_showMessage($strNoModification);
}
}
// Changes the privileges of an user
else if (isset($submit_chgPriv)) {
$show_query = 'y';
$edit = TRUE;
if (!isset($host) || $host == '') {
$host = '%';
}
if (!isset($pma_user) || $pma_user == '') {
$pma_user = '%';
}
$sql_query = '';
$list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
'Shutdown', 'Process', 'File', 'Grant', 'References', 'Index', 'Alter');
for ($i = 0; $i < 14; $i++) {
$priv_name = $list_priv[$i] . '_priv';
if (isset($$priv_name)) {
$sql_query .= (empty($sql_query) ? $priv_name : ', ' . $priv_name) . ' = \'Y\'';
} else {
$sql_query .= (empty($sql_query) ? $priv_name : ', ' . $priv_name) . ' = \'N\'';
}
} // end for
unset($list_priv);
$sql_query = 'UPDATE user SET '
. $sql_query
. ' WHERE Host = \'' . PMA_sqlAddslashes($host) . '\' AND User = \'' . PMA_sqlAddslashes($pma_user) . '\'';
$result = @mysql_query($sql_query) or PMA_mysqlDie('', '', FALSE, $err_url . '&host=' . urlencode($host) . '&pma_user=' . urlencode($pma_user) . '&edit=1');
PMA_showMessage(sprintf($strUpdatePrivMessage, '' . $pma_user . '@' . $host . '') . '
' . $strRememberReload);
}
// Revoke/Grant privileges
else if (isset($grants) && $grants) {
$show_query = 'y';
if (!isset($host) || $host == '') {
$host = '%';
}
if (!isset($pma_user) || $pma_user == '') {
$pma_user = '%';
}
if (isset($upd_grants)) {
$sql_query = '';
$col_list = '';
if (isset($colgrant) && !$anycolumn && !$newdb) {
$colgrant_cnt = count($colgrant);
for ($i = 0; $i < $colgrant_cnt; $i++) {
if (get_magic_quotes_gpc()) {
$colgrant[$i] = stripslashes($colgrant[$i]);
}
$col_list .= (empty($col_list) ? PMA_backquote($colgrant[$i]) : ', ' . PMA_backquote($colgrant[$i]));
} // end for
unset($colgrant);
$col_list = ' (' . $col_list . ')';
} // end if
$list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
'Shutdown', 'Process', 'File', 'References', 'Index', 'Alter');
for ($i = 0; $i < 13; $i++) {
$priv_name = $list_priv[$i] . '_priv';
if (isset($$priv_name)) {
$sql_query .= (empty($sql_query) ? $list_priv[$i] : ', ' . $list_priv[$i]) . $col_list;
}
} // end for
unset($list_priv);
if (empty($sql_query)) {
$sql_query = 'USAGE' . $col_list;
}
$priv_grant = 'Grant_priv';
$priv_grant = (isset($$priv_grant) ? ' WITH GRANT OPTION' : '');
if (get_magic_quotes_gpc()) {
if ($newdb) {
$newdb = stripslashes($newdb);
} else {
if (isset($dbgrant) && !$anydb && !$newdb) {
$dbgrant = stripslashes($dbgrant);
}
if (isset($tablegrant) && !$anytable && !$newdb) {
$tablegrant = stripslashes($tablegrant);
}
}
} // end if
// Escape wilcard characters if required
if (isset($dbgrant) && !$anydb && !$newdb) {
$re = '(^|(\\\\\\\\)+|[^\])(_|%)'; // non-escaped wildcards
$dbgrant = ereg_replace($re, '\\\\3', $dbgrant);
}
if (!$newdb) {
$sql_query .= ' ON '
. (($anydb || $dbgrant == '') ? '*' : PMA_backquote($dbgrant))
. '.'
. (($anytable || $tablegrant == '') ? '*' : PMA_backquote($tablegrant));
} else {
$sql_query .= ' ON ' . PMA_backquote($newdb) . '.*';
}
$sql_query .= ' TO ' . '\'' . PMA_sqlAddslashes($pma_user) . '\'' . '@' . '\'' . PMA_sqlAddslashes($host) . '\'';
$sql_query = 'GRANT ' . $sql_query . $priv_grant;
$result = @mysql_query($sql_query) or PMA_mysqlDie('', '', FALSE, $err_url . '&host=' . urlencode($host) . '&pma_user=' . urlencode($pma_user) . '&grants=1');
PMA_showMessage($strAddPrivMessage . '.
' . $strRememberReload);
} // end if
}
/**
* Displays the page
*/
// Edit an user properies
if (isset($edit) && $edit) {
PMA_tableUsers($host, $pma_user);
PMA_editOperations($host, $pma_user);
}
// Revoke/Grant privileges for an user
else if (isset($grants) && $grants) {
// Displays the full list of privileges for this host & user
$infos['Host'] = $host;
$infos['User'] = $pma_user;
PMA_tableGrants($infos);
// Displays the list of privileges for user on the selected db/table/column
$user_priv = array();
$list_priv = array('Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload',
'Shutdown', 'Process', 'File', 'Grant', 'References', 'Index',
'Alter');
$list_priv_new = array();
// Gets globals privileges
$result = mysql_query('SELECT * FROM mysql.user WHERE (Host = \'' . PMA_sqlAddslashes($host) . '\' OR Host = \'%\') AND (User = \'' . PMA_sqlAddslashes($pma_user) . '\' OR User = \'\')');
$row = @mysql_fetch_array($result);
if ($row) {
while (list(,$priv) = each($list_priv)) {
$priv_priv = $priv . '_priv';
if ($row[$priv_priv] == 'Y') {
$user_priv[$priv_priv] = 'Y';
} else {
$user_priv[$priv_priv] = 'N';
$list_priv_new[] = $priv;
}
} // end while
mysql_free_result($result);
$list_priv = $list_priv_new;
unset($list_priv_new);
$list_priv_new = array();
} // end if $row
// If a target database is set, gets privileges for this database
if (count($list_priv) && isset($dbgrant)) {
if (get_magic_quotes_gpc()) {
$dbgrant = stripslashes($dbgrant);
}
$result = mysql_query('SELECT * FROM mysql.db WHERE (Host = \'' . PMA_sqlAddslashes($host) . '\' OR Host = \'%\') AND (User = \'' . PMA_sqlAddslashes($pma_user) . '\' OR User = \'\') AND Db = \'' . PMA_sqlAddslashes($dbgrant) . '\'');
$row = @mysql_fetch_array($result);
if ($row) {
while (list(,$priv) = each($list_priv)) {
$priv_priv = $priv . '_priv';
if (isset($row[$priv_priv]) && $row[$priv_priv] == 'Y') {
$user_priv[$priv_priv] = 'Y';
} else {
$list_priv_new[] = $priv;
}
} // end while
mysql_free_result($result);
$list_priv = $list_priv_new;
unset($list_priv_new);
$list_priv_new = array();
} // end if $row
} // end if
// If a target table is set, gets privileges for this table
if (count($list_priv) && isset($tablegrant)) {
if (get_magic_quotes_gpc()) {
$tablegrant = stripslashes($tablegrant);
}
$result = mysql_query('SELECT * FROM mysql.tables_priv WHERE (Host = \'' . PMA_sqlAddslashes($host) . '\' OR Host = \'%\') AND (User = \'' . PMA_sqlAddslashes($pma_user) . '\' OR User = \'\') AND Db = \'' . PMA_sqlAddslashes($dbgrant) . '\' AND Table_name = \'' . PMA_sqlAddslashes($tablegrant) . '\'');
$row = @mysql_fetch_array($result);
if ($row && $row['Table_priv']) {
while (list(,$priv) = each($list_priv)) {
$priv_priv = $priv . '_priv';
if (eregi('(^|,)' . $priv . '(,|$)', $row['Table_priv'])) {
$user_priv[$priv_priv] = 'Y';
} else {
$list_priv_new[] = $priv;
}
} // end while
mysql_free_result($result);
$list_priv = $list_priv_new;
unset($list_priv_new);
$list_priv_new = array();
} // end if $row
} // end if
// TODO: column privileges
PMA_grantOperations($user_priv);
}
// Check database privileges
else if (isset($check) && $check) {
PMA_checkDb($db);
?>