' . "\n" . ' ' . $strPrivileges . "\n" . '' . "\n" . $strNoPrivileges . "\n"; include('./footer.inc.php3'); exit; } /** * Extracts the privilege information of a priv table row * * @param array the row * @param boolean add tag with tooltips * * @global ressource the database connection * * @return array */ function PMA_extractPrivInfo($row = '', $enableHTML = FALSE) { global $userlink; $grants = array( array('Select_priv', 'SELECT', $GLOBALS['strPrivDescSelect']), array('Insert_priv', 'INSERT', $GLOBALS['strPrivDescInsert']), array('Update_priv', 'UPDATE', $GLOBALS['strPrivDescUpdate']), array('Delete_priv', 'DELETE', $GLOBALS['strPrivDescDelete']), array('Create_priv', 'CREATE', $GLOBALS['strPrivDescCreateDb']), array('Drop_priv', 'DROP', $GLOBALS['strPrivDescDropDb']), array('Reload_priv', 'RELOAD', $GLOBALS['strPrivDescReload']), array('Shutdown_priv', 'SHUTDOWN', $GLOBALS['strPrivDescShutdown']), array('Process_priv', 'PROCESS', $GLOBALS['strPrivDescProcess' . ((!empty($row) && isset($row['Super_priv'])) || (empty($row) && isset($GLOBALS['Super_priv'])) ? '4' : '3')]), array('File_priv', 'FILE', $GLOBALS['strPrivDescFile']), array('References_priv', 'REFERENCES', $GLOBALS['strPrivDescReferences']), array('Index_priv', 'INDEX', $GLOBALS['strPrivDescIndex']), array('Alter_priv', 'ALTER', $GLOBALS['strPrivDescAlter']), array('Show_db_priv', 'SHOW DATABASES', $GLOBALS['strPrivDescShowDb']), array('Super_priv', 'SUPER', $GLOBALS['strPrivDescSuper']), array('Create_tmp_table_priv', 'CREATE TEMPORARY TABLES', $GLOBALS['strPrivDescCreateTmpTable']), array('Lock_tables_priv', 'LOCK TABLES', $GLOBALS['strPrivDescLockTables']), array('Execute_priv', 'EXECUTE', $GLOBALS['strPrivDescExecute']), array('Repl_slave_priv', 'REPLICATION SLAVE', $GLOBALS['strPrivDescReplSlave']), array('Repl_client_priv', 'REPLICATION CLIENT', $GLOBALS['strPrivDescReplClient']) ); if (!empty($row) && isset($row['Table_priv'])) { $sql_query = 'SHOW COLUMNS FROM `tables_priv` LIKE "Table_priv";'; $res = PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $sql_query); unset($sql_query); $row1 = PMA_mysql_fetch_array($res, MYSQL_ASSOC); mysql_free_result($res); $av_grants = explode ('\',\'' , substr($row1['Type'], 5, strlen($row1['Type']) - 7)); unset($row1); $users_grants = explode(',', $row['Table_priv']); while (list(, $current_grant) = each($av_grants)) { $row[$current_grant . '_priv'] = in_array($current_grant, $users_grants) ? 'Y' : 'N'; } unset($current_grant); unset($av_grants); unset($users_grants); } $privs = array(); $allPrivileges = TRUE; while (list(, $current_grant) = each($grants)) { if ((!empty($row) && isset($row[$current_grant[0]])) || (empty($row) && isset($GLOBALS[$current_grant[0]]))) { if ((!empty($row) && $row[$current_grant[0]] == 'Y') || (empty($row) && $GLOBALS[$current_grant[0]] == 'Y')) { if ($enableHTML) { $privs[] = '' . str_replace(' ', ' ', $current_grant[1]) . ''; } else { $privs[] = $current_grant[1]; } } else { $allPrivileges = FALSE; } } } if (empty($privs)) { if ($enableHTML) { $privs[] = 'USAGE'; } else { $privs[] = 'USAGE'; } } else if ($allPrivileges && (!isset($GLOBALS['grant_count']) || count($privs) == $GLOBALS['grant_count'])) { if ($enableHTML) { $privs = array('ALL PRIVILEGES'); } else { $privs = array('ALL PRIVILEGES'); } } return $privs; } // end of the 'PMA_extractPrivInfo()' function /** * Displays the privileges form table * * @param string the database * @param string the table * @param boolean wheather to display the submit button or not * @param int the indenting level of the code * * @global array the phpMyAdmin configuration * @global ressource the database connection * * @return void */ function PMA_displayPrivTable($db = '*', $table = '*', $submit = TRUE, $indent = 0) { global $cfg, $userlink; if ($db == '*') { $table = '*'; } $spaces = ''; for ($i = 0; $i < $indent; $i++) { $spaces .= ' '; } if (isset($GLOBALS['username'])) { $username = $GLOBALS['username']; if (empty($GLOBALS['hostname'])) { $hostname = '%'; } else { $hostname = $GLOBALS['hostname']; } if ($db == '*') { $sql_query = 'SELECT * FROM `user` WHERE `User` = "' . $username . '" AND `Host` = "' . $hostname . '";'; } else if ($table == '*') { $sql_query = 'SELECT * FROM `db` WHERE `User` = "' . $username . '" AND `Host` = "' . $hostname . '" AND `Db` = "' . $db . '";'; } else { $sql_query = 'SELECT `Table_priv` FROM `tables_priv` WHERE `User` = "' . $username . '" AND `Host` = "' . $hostname . '" AND `Db` = "' . $db . '" AND `Table_name` = "' . $table . '";'; } $res = PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $sql_query); if ($res) { $row = PMA_mysql_fetch_array($res, MYSQL_ASSOC); } @mysql_free_result($res); } if (empty($row)) { if ($table == '*') { if ($db == '*') { $sql_query = 'SHOW COLUMNS FROM `mysql`.`user`;'; } else if ($table == '*') { $sql_query = 'SHOW COLUMNS FROM `mysql`.`db`;'; } $res = PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $sql_query); while ($row1 = PMA_mysql_fetch_row($res)) { if (substr($row1[0], 0, 4) == 'max_') { $row[$row1[0]] = 0; } else { $row[$row1[0]] = 'N'; } } mysql_free_result($res); } else { $row = array('Table_priv' => ''); } } if (isset($row['Table_priv'])) { $sql_query = 'SHOW COLUMNS FROM `tables_priv` LIKE "Table_priv";'; $res = PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $sql_query); unset($sql_query); $row1 = PMA_mysql_fetch_array($res, MYSQL_ASSOC); mysql_free_result($res); $av_grants = explode ('\',\'' , substr($row1['Type'], 5, strlen($row1['Type']) - 7)); unset($row1); $users_grants = explode(',', $row['Table_priv']); while (list(, $current_grant) = each($av_grants)) { $row[$current_grant . '_priv'] = in_array($current_grant, $users_grants) ? 'Y' : 'N'; } unset($current_grant); unset($av_grants); unset($users_grants); } $privTable[0] = array( array('Select', 'SELECT', $GLOBALS['strPrivDescSelect']), array('Insert', 'INSERT', $GLOBALS['strPrivDescInsert']), array('Update', 'UPDATE', $GLOBALS['strPrivDescUpdate']), array('Delete', 'DELETE', $GLOBALS['strPrivDescDelete']) ); if ($db == '*') { $privTable[0][] = array('File', 'FILE', $GLOBALS['strPrivDescFile']); } $privTable[1] = array( array('Create', 'CREATE', ($table == '*' ? $GLOBALS['strPrivDescCreateDb'] : $GLOBALS['strPrivDescCreateTbl'])), array('Alter', 'ALTER', $GLOBALS['strPrivDescAlter']), array('Index', 'INDEX', $GLOBALS['strPrivDescIndex']), array('Drop', 'DROP', ($table == '*' ? $GLOBALS['strPrivDescDropDb'] : $GLOBALS['strPrivDescDropTbl'])) ); if (isset($row['Create_tmp_table_priv'])) { $privTable[1][] = array('Create_tmp_table', 'CREATE TEMPORARAY TABLES', $GLOBALS['strPrivDescCreateTmpTable']); } $privTable[2] = array(); if (isset($row['Grant_priv'])) { $privTable[2][] = array('Grant', 'GRANT', $GLOBALS['strPrivDescGrant']); } if ($db == '*') { if (isset($row['Super_priv'])) { $privTable[2][] = array('Super', 'SUPER', $GLOBALS['strPrivDescSuper']); $privTable[2][] = array('Process', 'PROCESS', $GLOBALS['strPrivDescProcess4']); } else { $privTable[2][] = array('Process', 'PROCESS', $GLOBALS['strPrivDescProcess3']); } $privTable[2][] = array('Reload', 'RELOAD', $GLOBALS['strPrivDescReload']); $privTable[2][] = array('Shutdown', 'SHUTDOWN', $GLOBALS['strPrivDescShutdown']); if (isset($row['Show_db_priv'])) { $privTable[2][] = array('Show_db', 'SHOW DATABASES', $GLOBALS['strPrivDescShowDb']); } if (isset($row['Lock_tables_priv'])) { $privTable[2][] = array('Lock_tables', 'LOCK TABLES', $GLOBALS['strPrivDescLockTables']); } } $privTable[2][] = array('References', 'REFERENCES', $GLOBALS['strPrivDescReferences']); if ($db == '*') { if (isset($row['Execute_priv'])) { $privTable[2][] = array('Execute', 'EXECUTE', $GLOBALS['strPrivDescExecute']); } if (isset($row['Repl_client_priv'])) { $privTable[2][] = array('Repl_client', 'REPLICATION CLIENT', $GLOBALS['strPrivDescReplClient']); } if (isset($row['Repl_slave_priv'])) { $privTable[2][] = array('Repl_slave', 'REPLICATION SLAVE', $GLOBALS['strPrivDescReplSlave']); } } echo $spaces . '' . "\n" . $spaces . '' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n"; $limitTable = FALSE; for ($i = 0; isset($privTable[0][$i]) || isset($privTable[1][$i]) || isset($privTable[2][$i]); $i++) { echo $spaces . ' ' . "\n"; for ($j = 0; $j < 3; $j++) { if (isset($privTable[$j][$i])) { echo $spaces . ' ' . "\n" . $spaces . ' ' . "\n"; } else if ($db == '*' && !isset($privTable[0][$i]) && !isset($privTable[1][$i]) && isset($row['max_questions']) && isset($row['max_updates']) && isset($row['max_connections']) && !$limitTable) { echo $spaces . ' ' . "\n"; $limitTable = TRUE; } else if (!$limitTable) { echo $spaces . ' ' . "\n"; } } echo $spaces . ' ' . "\n"; } if ($submit) { echo $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n"; } echo $spaces . '

' . ($db == '*' ? $GLOBALS['strGlobalPrivileges'] : $GLOBALS['strDbPrivileges']) . '

' . $GLOBALS['strEnglishPrivileges'] . '

' . $GLOBALS['strData'] . ' ' . $GLOBALS['strStructure'] . ' ' . $GLOBALS['strAdministration'] . '

' . $privTable[$j][$i][1] . '

' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . ' ' . "\n" . $spaces . '

' . $GLOBALS['strResourceLimits'] . '
' . $GLOBALS['strZeroRemovesTheLimit'] . '
`MAX QUERIES PER HOUR`
`MAX UPDATES PER HOUR`
`MAX CONNECTIONS PER HOUR`

' . "\n" . $spaces . '

' . "\n" . $spaces . ' ' . "\n" . $spaces . '

' . "\n"; } // end of the 'PMA_displayPrivTable()' function /** * Adds a user */ if (!empty($adduser_submit)) { unset($sql_query); if ($pred_username == 'any') { $username = ''; } switch ($pred_hostname) { case 'any': $hostname = '%'; break; case 'localhost': $hostname = 'localhost'; break; case 'thishost': $res = PMA_mysql_query('SELECT USER();', $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), 'SELECT USER();'); $row = PMA_mysql_fetch_row($res); mysql_free_result($res); unset($res); $hostname = substr($row[0], (strrpos($row[0], '@') + 1)); unset($row); break; } $local_query = 'SELECT "foo" FROM `user` WHERE `User` = "' . $username . '" AND `Host` = "' . $hostname . '";'; $res = PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $local_query); unset($local_query); if (mysql_affected_rows($userlink) == 1) { $message = sprintf($strUserAlreadyExists, '\'' . $username . '\'@\'' . $hostname . '\''); $adduser = 1; } else { if (PMA_MYSQL_INT_VERSION >= 32211) { $real_sql_query = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON *.* TO "' . $username . '"@"' . $hostname . '"'; if ($pred_password != 'none') { $pma_pw_hidden = ''; for ($i = 0; $i < strlen($pma_pw); $i++) { $pma_pw_hidden .= '*'; } $sql_query = $real_sql_query . ' IDENTIFIED BY "' . $pma_pw_hidden . '"'; $real_sql_query .= ' IDENTIFIED BY "' . $pma_pw . '"'; } else { $sql_query = $real_sql_query; } if ((isset($Grant_priv) && $Grant_priv == 'Y') || isset($max_questions) || isset($max_connections) || isset($max_updates)) { $real_sql_query .= 'WITH'; $sql_query .= 'WITH'; if (isset($Grant_priv) && $Grant_priv == 'Y') { $real_sql_query .= ' GRANT OPTION'; $sql_query .= ' GRANT OPTION'; } if (isset($max_questions)) { $real_sql_query .= ' MAX_QUERIES_PER_HOUR ' . (int)$max_questions; $sql_query .= ' MAX_QUERIES_PER_HOUR ' . (int)$max_questions; } if (isset($max_connections)) { $real_sql_query .= ' MAX_CONNECTIONS_PER_HOUR ' . (int)$max_connections; $sql_query .= ' MAX_CONNECTIONS_PER_HOUR ' . (int)$max_connections; } if (isset($max_updates)) { $real_sql_query .= ' MAX_UPDATES_PER_HOUR ' . (int)$max_updates; $sql_query .= ' MAX_UPDATES_PER_HOUR ' . (int)$max_updates; } } $real_sql_query .= ';'; $sql_query .= ';'; PMA_mysql_query($real_sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink)); unset($real_sql_query); $message = $strAddUserMessage; } else { $privileges = PMA_extractPrivInfo(); $real_sql_query = 'INSERT INTO `user` SET `Host` = "' . $hostname . '", `User` = "' . $username . '"'; if ($pred_password != 'none') { $pma_pw_hidden = ''; for ($i = 0; $i < strlen($pma_pw); $i++) { $pma_pw_hidden .= '*'; } $sql_query = $real_sql_query . ', `Password` = PASSWORD("' . $pma_pw_hidden . '")'; $real_sql_query .= ', `Password` = PASSWORD("' . $pma_pw . '")'; } else { $sql_query = $real_sql_query; } while (list(, $priv) = each($privileges)) { $real_sql_query .= ', `' . substr($priv, 0, 1) . strtolower(substr($priv, 1)) . '_priv` = "Y"'; $sql_query .= ', `' . substr($priv, 0, 1) . strtolower(substr($priv, 1)) . '_priv` = "Y"'; } PMA_mysql_query($real_sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink)); unset($real_sql_query); $message = $strAddUserMessage . '
' . "\n" . $strRememberReload; } mysql_free_result($res); unset($res); } } /** * Updates privileges */ if (!empty($update_privs)) { if (empty($hostname)) { $hostname = '%'; } if (PMA_MYSQL_INT_VERSION >= 32211) { $db_and_table = empty($dbname) ? '*.*' : PMA_backquote($dbname) . '.' . (empty($tablename) ? '*' : PMA_backquote($tablename)); $sql_query0 = 'REVOKE ALL PRIVILEGES ON ' . $db_and_table . ' FROM "' . $username . '"@"' . $hostname . '";'; $sql_query1 = 'REVOKE GRANT OPTION ON ' . $db_and_table . ' FROM "' . $username . '"@"' . $hostname . '";'; $sql_query2 = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON ' . $db_and_table . ' TO "' . $username . '"@"' . $hostname . '"'; if ((isset($Grant_priv) && $Grant_priv == 'Y') || (empty($dbname) && (isset($max_questions) || isset($max_connections) || isset($max_updates)))) { $sql_query2 .= 'WITH'; if (isset($Grant_priv) && $Grant_priv == 'Y') { $sql_query2 .= ' GRANT OPTION'; } if (isset($max_questions)) { $sql_query2 .= ' MAX_QUERIES_PER_HOUR ' . (int)$max_questions; } if (isset($max_connections)) { $sql_query2 .= ' MAX_CONNECTIONS_PER_HOUR ' . (int)$max_connections; } if (isset($max_updates)) { $sql_query2 .= ' MAX_UPDATES_PER_HOUR ' . (int)$max_updates; } } $sql_query2 .= ';'; PMA_mysql_query($sql_query0, $userlink); // this query may fail, but this does not matter :o) PMA_mysql_query($sql_query1, $userlink); // this one may fail, too... PMA_mysql_query($sql_query2, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $sql_query2); $sql_query = $sql_query0 . ' ' . $sql_query1 . ' ' . $sql_query2; $message = sprintf($strUpdatePrivMessage, '\'' . $username . '\'@\'' . $hostname . '\''); } else { $sql_query = 'SHOW COLUMNS FROM `user`;'; $res = PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink)); $grants = array(); while ($row = PMA_mysql_fetch_row($res)) { if (substr($row[0], -5) == '_priv') { $grants[] = PMA_backquote($row[0]) . ' = "' . (empty($$row[0]) ? 'N' : 'Y') . '"'; } } mysql_free_result($res); unset($res); unset($row); $sql_query = 'UPDATE `user` SET ' . join(', ', $grants) . ' WHERE `User` = "' . $username . '" AND `Host` = "' . $hostname . '";'; PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink)); $message = sprintf($strUpdatePrivMessage, '\'' . $username . '\'@\'' . $hostname . '\'') . '
' . "\n" . $strRememberReload; } } /** * Revokes Privileges */ if (!empty($revokeall)) { if (empty($hostname)) { $hostname = '%'; } if (PMA_MYSQL_INT_VERSION >= 32211) { $db_and_table = PMA_backquote($dbname) . '.' . (empty($tablename) ? '*' : PMA_backquote($tablename)); $sql_query0 = 'REVOKE ALL PRIVILEGES ON ' . $db_and_table . ' FROM "' . $username . '"@"' . $hostname . '";'; $sql_query1 = 'REVOKE GRANT OPTION ON ' . $db_and_table . ' FROM "' . $username . '"@"' . $hostname . '";'; PMA_mysql_query($sql_query0, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $sql_query0); PMA_mysql_query($sql_query1, $userlink); // this one may fail, too... $sql_query = $sql_query0 . ' ' . $sql_query1; $message = sprintf($strRevokeMessage, '\'' . $username . '\'@\'' . $hostname . '\''); } if (empty($tablename)) { unset($dbname); } else { unset($tablename); } } /** * Updates the password */ if (!empty($change_pw)) { if (empty($hostname)) { $hostname = '%'; } if ($nopass == 1) { $sql_query = 'SET PASSWORD FOR "' . $username . '"@"' . $hostname . '" = ""'; PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink)); $message = sprintf($strPasswordChanged, '\'' . $username . '\'@\'' . $hostname . '\''); } else if (empty($pma_pw) || empty($pma_pw2)) { $message = $strPasswordEmpty; } else if ($pma_pw != $pma_pw2) { $message = $strPasswordNotSame; } else { $hidden_pw = ''; for ($i = 0; $i < strlen($pma_pw); $i++) { $hidden_pw .= '*'; } $local_query = 'SET PASSWORD FOR "' . $username . '"@"' . $hostname . '" = PASSWORD("' . $pma_pw . '")'; $sql_query = 'SET PASSWORD FOR "' . $username . '"@"' . $hostname . '" = PASSWORD("' . $hidden_pw . '")'; PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink)); $message = sprintf($strPasswordChanged, '\'' . $username . '\'@\'' . $hostname . '\''); } } /** * Deletes users */ if (!empty($delete)) { $queries = array(); for ($i = 0; isset($selected_usr[$i]); $i++) { list($this_user, $this_host) = explode('@', $selected_usr[$i]); $queries[] = '# ' . sprintf($strDeleting, '\'' . $this_user . '\'@\'' . $this_host . '\'') . ' ...'; if ($mode == 2) { // The SHOW GRANTS query may fail if the user has not been loaded // into memory $res = PMA_mysql_query('SHOW GRANTS FOR "' . $this_user . '"@"' . $this_host . '";', $userlink); if ($res) { $queries[] = 'REVOKE ALL PRIVILEGES ON *.* FROM "' . $this_user . '"@"' . $this_host . '";'; while ($row = PMA_mysql_fetch_row($res)) { $this_table = substr($row[0], (strpos($row[0], 'ON') + 3), -(9 + strlen($this_user . $this_host))); if ($this_table != '*.*') { $queries[] = 'REVOKE ALL PRIVILEGES ON ' . $this_table . ' FROM "' . $this_user . '"@"' . $this_host . '";'; } unset($this_table); } mysql_free_result($res); } unset($res); } $queries[] = 'DELETE FROM `user` WHERE `User` = "' . $this_user . '" AND `Host` = "' . $this_host . '";'; if ($mode != 2) { // If we REVOKE the table grants, we should not need to modify the // `db`, `tables_priv` and `columns_priv` tables manually... $queries[] = 'DELETE FROM `db` WHERE `User` = "' . $this_user . '" AND `Host` = "' . $this_host . '";'; $queries[] = 'DELETE FROM `tables_priv` WHERE `User` = "' . $this_user . '" AND `Host` = "' . $this_host . '";'; $queries[] = 'DELETE FROM `columns_priv` WHERE `User` = "' . $this_user . '" AND `Host` = "' . $this_host . '";'; } if (!empty($drop_users_db)) { $queries[] = 'DROP DATABASE IF EXISTS ' . PMA_backquote($this_user) . ';'; } } if (empty($queries)) { $message = $strError . ': ' . $strDeleteNoUsersSelected; } else { if ($mode == 3) { $queries[] = '# ' . $strReloadingThePrivileges . ' ...'; $queries[] = 'FLUSH PRIVILEGES;'; } while (list(, $sql_query) = each($queries)) { if (substr($sql_query, 0, 1) != '#') { PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink)); } } $sql_query = join("\n", $queries); $message = $strUsersDeleted; } unset($queries); } /** * Reloads the privilege tables into memory */ if (!empty($flush_privileges)) { $sql_query = 'FLUSH PRIVILEGES'; if (@PMA_mysql_query($sql_query, $userlink)) { $message = $strPrivilegesReloaded; } else { PMA_mysqlDie(PMA_mysql_error($userlink)); } } /** * Displays the links */ require('./server_links.inc.php3'); /** * Displays the page */ if (empty($adduser)) { if (!isset($username)) { // No username is given --> display the overview echo '

' . "\n" . ' ' . $strUserOverview . "\n" . '

' . "\n"; $oldPrivTables = FALSE; if (PMA_MYSQL_INT_VERSION >= 40002) { $res = PMA_mysql_query('SELECT `User`, `Host`, IF(`Password` = "", "N", "Y") AS "Password", `Select_priv`, `Insert_priv`, `Update_priv`, `Delete_priv`, `Create_priv`, `Drop_priv`, `Reload_priv`, `Shutdown_priv`, `Process_priv`, `File_priv`, `Grant_priv`, `References_priv`, `Index_priv`, `Alter_priv`, `Show_db_priv`, `Super_priv`, `Create_tmp_table_priv`, `Lock_tables_priv`, `Execute_priv`, `Repl_slave_priv`, `Repl_client_priv` FROM `user` ORDER BY `User` ASC, `Host` ASC;', $userlink); if (!$res) { // the query failed! This may have two reasons: // - the user has not enough privileges // - the privilege tables use a structure of an earlier version. $oldPrivTables = TRUE; } } if (empty($res) || (PMA_MYSQL_INT_VERSION >= 32211 && PMA_MYSQL_INT_VERSION < 40002)) { $res = PMA_mysql_query('SELECT `User`, `Host`, IF(`Password` = "", "N", "Y") AS "Password", `Select_priv`, `Insert_priv`, `Update_priv`, `Delete_priv`, `Index_priv`, `Alter_priv`, `Create_priv`, `Drop_priv`, `Grant_priv`, `References_priv`, `Reload_priv`, `Shutdown_priv`, `Process_priv`, `File_priv` FROM `user` ORDER BY `User` ASC, `Host` ASC;', $userlink); if (!$res) { // the query failed! This may have two reasons: // - the user has not enough privileges // - the privilege tables use a structure of an earlier version. $oldPrivTables = TRUE; } } if (empty($res) || PMA_MYSQL_INT_VERSION < 32211) { $res = PMA_mysql_query('SELECT * FROM `user` ORDER BY `User` ASC, `Host` ASC;', $userlink); } if (!$res) { echo '' . $strNoPrivileges . '' . "\n"; @mysql_free_result($res); unset($res); } else { if ($oldPrivTables) { // rabus: This message is hardcoded because I will replace it by // a automatic repair feature soon. echo '

' . "\n" . ' Warning: Your privilege table structure seem to be older than this MySQL version!
' . "\n" . ' Please run the script mysql_fix_privilege_tables that should be included in your MySQL server distribution to solve this problem!' . "\n" . '

' . "\n"; } echo '

' . "\n" . PMA_generate_common_hidden_inputs('', '', 1) . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n"; echo ' ' . "\n"; $useBgcolorOne = TRUE; for ($i = 0; $row = PMA_mysql_fetch_array($res, MYSQL_ASSOC); $i++) { echo ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n"; $privs = PMA_extractPrivInfo($row, TRUE); echo ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n"; $useBgcolorOne = !$useBgcolorOne; } @mysql_free_result($res); unset($res); unset ($row); echo ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . '

	' . $strUser . '	' . $strHost . '	' . $strPassword . '	' . $strGlobalPrivileges . '	' . $strGrantOption . '	' . $strAction . '
	' . (empty($row['User']) ? '' . $strAny . '' : htmlspecialchars($row['User'])) . '	' . htmlspecialchars($row['Host']) . '	' . ($row['Password'] == 'Y' ? $strYes : '' . $strNo . '') . '	`' . "\n" . ' ' . join(',' . "\n" . ' ', $privs) . "\n" . '`	' . ($row['Grant_priv'] == 'Y' ? $strYes : $strNo) . '	' . $strEdit . '
	' . "\n" . ' ' . $strEnglishPrivileges . ' ' . "\n" . '
' . "\n" . ' ' . "\n" . ' ' . $strCheckAll . '' . "\n" . ' / ' . "\n" . ' ' . $strUncheckAll . '' . "\n" . '

' . "\n" . '

' . "\n" . ' ' . $strAddUser . '
' . "\n" . '

' . "\n" . ' ' . $strRemoveSelectedUsers . '
' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . $strJustDelete . "\n" . '
' . "\n"; if (PMA_MYSQL_INT_VERSION >= 32304) { echo ' ' . "\n" . ' ' . "\n" . ' ' . $strRevokeAndDelete . "\n" . '
' . "\n"; } echo ' ' . "\n" . ' ' . "\n" . ' ' . $strDeleteAndFlush . "\n" . '
' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . $strDropUsersDb . "\n" . '
' . "\n" . ' ' . "\n" . '

' . "\n" . '

' . "\n" . ' ' . sprintf($strFlushPrivilegesNote, '', '') . "\n" . '

' . "\n"; } } else if (isset($username)) { if (!isset($hostname)) { $hostname = '%'; } echo '

' . "\n" . ' ' . $strUser . ' \'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'' . "\n"; if (!empty($dbname)) { echo ' - ' . $strDatabase . ' ' . htmlspecialchars($dbname) . '' . "\n"; if (!empty($tablename)) { echo ' - ' . $strTable . ' ' . htmlspecialchars($dbname) . '' . "\n"; } } echo '

' . "\n"; $res = PMA_mysql_query('SELECT "foo" FROM `user` WHERE `User` = "' . $username . '" AND `Host` = "' . $hostname . '";', $userlink); if (mysql_affected_rows($userlink) <= 0) { echo $strUserNotFound; include('./footer.inc.php3'); exit; } mysql_free_result($res); unset($res); echo '

' . "\n" . '
' . "\n" . PMA_generate_common_hidden_inputs('', '', 3) . ' ' . "\n"; if ($hostname != '%') { echo ' ' . "\n"; } if (!empty($dbname)) { echo ' ' . "\n"; if (!empty($tablename)) { echo ' ' . "\n"; } } echo ' ' . $strEditPrivileges . '
' . "\n"; PMA_displayPrivTable((empty($dbname) ? '*' : $dbname), ((empty($dbname) || empty($tablename)) ? '*' : $tablename), TRUE, 3); echo '
' . "\n" . '

' . "\n" . ' ' . (empty($dbname) ? $strDbPrivileges : $strTblPrivileges) . '
' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n"; if (PMA_MYSQL_INT_VERSION >= 32211) { echo ' ' . "\n"; } echo ' ' . "\n" . ' ' . "\n" . ' ' . "\n"; if (empty($dbname)) { $sql_query = 'SELECT * FROM `db` WHERE `Host` = "' . $hostname . '" AND `User` = "' . $username . '" ORDER BY `Db` ASC;'; } else { $sql_query = 'SELECT `Table_name`, `Table_priv`, IF(`Column_priv` = "", 0, 1) AS "Column_priv" FROM `tables_priv` WHERE `Host` = "' . $hostname . '" AND `User` = "' . $username . '" AND `Db` = "' . $dbname . '" ORDER BY `Table_name` ASC;'; } $res = PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $sql_query); if (mysql_affected_rows($userlink) == 0) { echo ' ' . "\n" . ' ' . "\n" . ' ' . "\n"; } else { $useBgcolorOne = TRUE; if (empty($dbname)) { $res2 = PMA_mysql_query('SELECT `Db` FROM `tables_priv` WHERE `Host` = "' . $hostname . '" AND `User` = "' . $username . '" GROUP BY `Db` ORDER BY `Db` ASC;') or PMA_mysqlDie(PMA_mysql_error($userlink), 'SELECT `Db` FROM `tables_priv` WHERE `Host` = "' . $hostname . '" AND `User` = "' . $username . '" GROUP BY `Db` ORDER BY `Db` ASC;'); $row2 = PMA_mysql_fetch_array($res2, MYSQL_ASSOC); } while ($row = PMA_mysql_fetch_array($res, MYSQL_ASSOC)) { while (empty($dbname) && $row2 && $row['Db'] > $row2['Db']) { echo ' ' . "\n" . ' ' . "\n" . ' ' . "\n"; if (PMA_MYSQL_INT_VERSION >= 32211) { echo ' ' . "\n"; } echo ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n"; $row2 = PMA_mysql_fetch_array($res2, MYSQL_ASSOC); $useBgcolorOne = !$useBgcolorOne; } // end while echo ' ' . "\n" . ' ' . "\n" . ' ' . "\n"; if (PMA_MYSQL_INT_VERSION >= 32211) { echo ' ' . "\n"; } echo ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n"; $useBgcolorOne = !$useBgcolorOne; } // end while while (empty($dbname) && $row2 = PMA_mysql_fetch_array($res2, MYSQL_ASSOC)) { echo ' ' . "\n" . ' ' . "\n" . ' ' . "\n"; if (PMA_MYSQL_INT_VERSION >= 32211) { echo ' ' . "\n"; } echo ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n"; $row2 = PMA_mysql_fetch_array($res2, MYSQL_ASSOC); $useBgcolorOne = !$useBgcolorOne; } // end while if (empty($dbname)) { mysql_free_result($res2); unset($res2); unset($row2); } } mysql_free_result($res); unset($res); unset($row); echo ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . '

' . (empty($dbname) ? $strDatabase : $strTable) . '	' . $strPrivileges . '	' . $strGrantOption . '	' . (empty($dbname) ? $strTblPrivileges : $strColumnPrivileges) . '	' . $strAction . '
' . $strNone . '
' . htmlspecialchars($row2['Db']) . '	`' . "\n" . ' USAGE' . "\n" . '`	' . $strNo . '	' . $strYes . '	' . $strEdit . '	' . $strRevoke . '
' . htmlspecialchars(empty($dbname) ? $row['Db'] : $row['Table_name']) . '	`' . "\n" . ' ' . join(',' . "\n" . ' ', PMA_extractPrivInfo($row, TRUE)) . "\n" . '`	' . (((empty($dbname) && $row['Grant_priv'] == 'Y') \|\| (!empty($dbname) && in_array('Grant', explode(',', $row['Table_priv'])))) ? $strYes : $strNo) . '	'; if ((empty($dbname) && $row2 && $row['Db'] == $row2['Db']) \|\| (!empty($dbname) && $row['Column_priv'])) { echo $strYes; if (empty($dbname)) { $row2 = PMA_mysql_fetch_array($res2, MYSQL_ASSOC); } } else { echo $strNo; } echo '	' . $strEdit . '	' . $strRevoke . '
' . htmlspecialchars($row2['Db']) . '	`' . "\n" . ' USAGE' . "\n" . '`	' . $strNo . '	' . $strYes . '	' . $strEdit . '	' . $strRevoke . '
' . "\n" . ' ' . "\n" . PMA_generate_common_hidden_inputs('', '', 6) . ' ' . "\n"; if ($hostname != '%') { echo ' ' . "\n"; } if (empty($dbname)) { echo ' ' . $strAddPrivilegesOnDb . ':' . "\n" . ' ' . "\n"; } else { echo ' ' . "\n" . ' ' . $strAddPrivilegesOnTbl . ':' . "\n" . ' ' . "\n"; } echo ' ' . "\n" . ' ' . "\n" . '

' . "\n" . '

' . "\n" . '
' . "\n" . PMA_generate_common_hidden_inputs('', '', 3) . ' ' . "\n"; if ($hostname != '%') { echo ' ' . "\n"; } echo ' ' . $strChangePassword . '
' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . '
' . $strNoPassword . '
' . $strPassword . ':
' . $strReType . ':
' . "\n" . ' ' . "\n" . '
' . "\n" . '
' . "\n" . '

' . "\n"; } } else { // Add a new user echo '

' . "\n" . ' ' . $strAddUser . "\n" . '

' . "\n" . '

' . "\n" . PMA_generate_common_hidden_inputs('', '', 1) . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . ' ' . "\n" . '

' . "\n" . ' ' . $strLoginInformation . "\n" . '
' . "\n" . ' ' . "\n" . ' ' . $strUserName . ':' . "\n" . ' ' . "\n" . '	' . "\n" . ' ' . "\n" . '	' . "\n" . ' ' . "\n" . '
' . "\n" . ' ' . "\n" . ' ' . $strHost . ':' . "\n" . ' ' . "\n" . '	' . "\n" . ' ' . "\n" . '	' . "\n" . ' ' . "\n" . '
' . "\n" . ' ' . "\n" . ' ' . $strPassword . ':' . "\n" . ' ' . "\n" . '	' . "\n" . ' ' . "\n" . '	' . "\n" . ' ' . "\n" . '
' . "\n" . ' ' . "\n" . ' ' . $strReType . ':' . "\n" . ' ' . "\n" . '		' . "\n" . ' ' . "\n" . '

' . "\n"; PMA_displayPrivTable('*', '*', FALSE, 1); echo '
' . "\n" . ' ' . "\n" . '

' . "\n"; } // end if (empty($adduser)) ... else ... /** * Displays the footer */ echo "\n\n"; require('./footer.inc.php3'); ?>

	' . $strNoPassword . '
	' . $strPassword . ':
	' . $strReType . ':
' . "\n" . ' ' . "\n" . '