<?php/* $Id: server_privileges.php 9855 2007-01-20 15:38:45Z lem9 $ */// vim: expandtab sw=4 ts=4 sts=4:require_once('./libraries/common.lib.php');/** * Does the common work */$js_to_run = 'server_privileges.js';require('./libraries/server_common.inc.php');/** * Checks if a dropdown box has been used for selecting a database / table */if (isset($pred_dbname) && strlen($pred_dbname)) {    $dbname = $pred_dbname;    unset($pred_dbname);}if (isset($pred_tablename) && strlen($pred_tablename)) {    $tablename = $pred_tablename;    unset($pred_tablename);}// check if given $dbanem is a wildcard or notif ( isset( $dbname ) ) {    //if ( preg_match( '/\\\\(?:_|%)/i', $dbname ) ) {    if ( preg_match( '/(?<!\\\\)(?:_|%)/i', $dbname ) ) {        $dbname_is_wildcard = true;    } else {        $dbname_is_wildcard = false;    }}/** * Checks if the user is allowed to do what he tries to... */if (!$is_superuser) {    require('./libraries/server_links.inc.php');    echo '<h2>' . "\n"       . ($GLOBALS['cfg']['MainPageIconic'] ? '<img class="icon" src="'. $GLOBALS['pmaThemeImage'] . 'b_usrlist.png" alt="" />' : '')       . $GLOBALS['strPrivileges'] . "\n"       . '</h2>' . "\n"       . $GLOBALS['strNoPrivileges'] . "\n";    require_once('./libraries/footer.inc.php');}/** * Generates a condition on the user name * * @param   string   the user's initial * @return  string   the generated condition */function PMA_RangeOfUsers($initial = '') {// strtolower() is used because the User field// might be BINARY, so LIKE would be case sensitive    if (!empty($initial)) {        $ret = " WHERE " . PMA_convert_using('User')         . " LIKE " . PMA_convert_using($initial . '%', 'quoted')         . " OR ". PMA_convert_using('User')         . " LIKE " . PMA_convert_using(strtolower($initial) . '%', 'quoted');    } else {        $ret = '';    }    return $ret;} // end function/** * Extracts the privilege information of a priv table row * * @param   array   $row        the row * @param   boolean $enableHTML add <dfn> tag with tooltips * * @global  ressource $user_link the database connection * * @return  array */function PMA_extractPrivInfo($row = '', $enableHTML = FALSE){    $grants = array(        array('Select_priv', 'SELECT', $GLOBALS['strPrivDescSelect']),        array('Insert_priv', 'INSERT', $GLOBALS['strPrivDescInsert']),        array('Update_priv', 'UPDATE', $GLOBALS['strPrivDescUpdate']),        array('Delete_priv', 'DELETE', $GLOBALS['strPrivDescDelete']),        array('Create_priv', 'CREATE', $GLOBALS['strPrivDescCreateDb']),        array('Drop_priv', 'DROP', $GLOBALS['strPrivDescDropDb']),        array('Reload_priv', 'RELOAD', $GLOBALS['strPrivDescReload']),        array('Shutdown_priv', 'SHUTDOWN', $GLOBALS['strPrivDescShutdown']),        array('Process_priv', 'PROCESS', $GLOBALS['strPrivDescProcess' . ((!empty($row) && isset($row['Super_priv'])) || (empty($row) && isset($GLOBALS['Super_priv'])) ? '4' : '3')]),        array('File_priv', 'FILE', $GLOBALS['strPrivDescFile']),        array('References_priv', 'REFERENCES', $GLOBALS['strPrivDescReferences']),        array('Index_priv', 'INDEX', $GLOBALS['strPrivDescIndex']),        array('Alter_priv', 'ALTER', $GLOBALS['strPrivDescAlter']),        array('Show_db_priv', 'SHOW DATABASES', $GLOBALS['strPrivDescShowDb']),        array('Super_priv', 'SUPER', $GLOBALS['strPrivDescSuper']),        array('Create_tmp_table_priv', 'CREATE TEMPORARY TABLES', $GLOBALS['strPrivDescCreateTmpTable']),        array('Lock_tables_priv', 'LOCK TABLES', $GLOBALS['strPrivDescLockTables']),        array('Repl_slave_priv', 'REPLICATION SLAVE', $GLOBALS['strPrivDescReplSlave']),        array('Repl_client_priv', 'REPLICATION CLIENT', $GLOBALS['strPrivDescReplClient']),        array('Create_view_priv', 'CREATE VIEW', $GLOBALS['strPrivDescCreateView']),        // for table privs:        array('Create View_priv', 'CREATE VIEW', $GLOBALS['strPrivDescCreateView']),        array('Show_view_priv', 'SHOW VIEW', $GLOBALS['strPrivDescShowView']),        // for table privs:        array('Show view_priv', 'SHOW VIEW', $GLOBALS['strPrivDescShowView']),        array('Create_routine_priv', 'CREATE ROUTINE', $GLOBALS['strPrivDescCreateRoutine']),        array('Alter_routine_priv', 'ALTER ROUTINE', $GLOBALS['strPrivDescAlterRoutine']),        array('Create_user_priv', 'CREATE USER', $GLOBALS['strPrivDescCreateUser'])    );    if (PMA_MYSQL_INT_VERSION >= 40002 && PMA_MYSQL_INT_VERSION <50003) {        $grants[] = array('Execute_priv', 'EXECUTE', $GLOBALS['strPrivDescExecute']);    } else {        $grants[] = array('Execute_priv', 'EXECUTE', $GLOBALS['strPrivDescExecute5']);    }    if (!empty($row) && isset($row['Table_priv'])) {        $res = PMA_DBI_query(            'SHOW COLUMNS FROM `mysql`.`tables_priv` LIKE \'Table_priv\';',            $GLOBALS['userlink'] );        $row1 = PMA_DBI_fetch_assoc($res);        PMA_DBI_free_result($res);        $av_grants = explode ('\',\'', substr($row1['Type'], 5, strlen($row1['Type']) - 7));        unset($row1);        $users_grants = explode(',', $row['Table_priv']);        foreach ($av_grants as $current_grant) {            $row[$current_grant . '_priv'] = in_array($current_grant, $users_grants) ? 'Y' : 'N';        }        unset($current_grant);        unset($av_grants);        unset($users_grants);    }    $privs = array();    $allPrivileges = TRUE;    foreach ($grants as $current_grant) {        if ((!empty($row) && isset($row[$current_grant[0]])) || (empty($row) && isset($GLOBALS[$current_grant[0]]))) {            if ((!empty($row) && $row[$current_grant[0]] == 'Y') || (empty($row) && ($GLOBALS[$current_grant[0]] == 'Y' || (is_array($GLOBALS[$current_grant[0]]) && count($GLOBALS[$current_grant[0]]) == $GLOBALS['column_count'] && empty($GLOBALS[$current_grant[0] . '_none']))))) {                if ($enableHTML) {                    $privs[] = '<dfn title="' . $current_grant[2] . '">' . $current_grant[1] . '</dfn>';                } else {                    $privs[] = $current_grant[1];                }            } elseif (!empty($GLOBALS[$current_grant[0]]) && is_array($GLOBALS[$current_grant[0]]) && empty($GLOBALS[$current_grant[0] . '_none'])) {                if ($enableHTML) {                    $priv_string = '<dfn title="' . $current_grant[2] . '">' . $current_grant[1] . '</dfn>';                } else {                    $priv_string = $current_grant[1];                }                $privs[] = $priv_string . ' (`' . join('`, `', $GLOBALS[$current_grant[0]]) . '`)';            } else {                $allPrivileges = FALSE;            }        }    }    if (empty($privs)) {        if ($enableHTML) {            $privs[] = '<dfn title="' . $GLOBALS['strPrivDescUsage'] . '">USAGE</dfn>';        } else {            $privs[] = 'USAGE';        }    } elseif ($allPrivileges && (!isset($GLOBALS['grant_count']) || count($privs) == $GLOBALS['grant_count'])) {        if ($enableHTML) {            $privs = array('<dfn title="' . $GLOBALS['strPrivDescAllPrivileges'] . '">ALL PRIVILEGES</dfn>');        } else {            $privs = array('ALL PRIVILEGES');        }    }    return $privs;} // end of the 'PMA_extractPrivInfo()' function/** * Displays on which column(s) a table-specific privilege is granted */function PMA_display_column_privs($spaces, $columns, $row, $name_for_select, $priv_for_header, $name, $name_for_dfn, $name_for_current) {        echo $spaces . '    <div class="item" id="div_item_' . $name . '">' . "\n"           . $spaces . '        <label for="select_' . $name . '_priv">' . "\n"           . $spaces . '            <tt><dfn title="' . $name_for_dfn . '">' . $priv_for_header . '</dfn></tt>' . "\n"           . $spaces . '        </label>' . "\n"           . $spaces . '        <select id="select_' . $name . '_priv" name="' . $name_for_select . '[]" multiple="multiple">' . "\n";        foreach ($columns as $current_column => $current_column_privileges) {            echo $spaces . '            <option value="' . htmlspecialchars($current_column) . '"';            if ($row[$name_for_select] == 'Y' || $current_column_privileges[$name_for_current]) {                echo ' selected="selected"';            }            echo '>' . htmlspecialchars($current_column) . '</option>' . "\n";        }        echo $spaces . '        </select>' . "\n"           . $spaces . '        <i>' . $GLOBALS['strOr'] . '</i>' . "\n"           . $spaces . '        <label for="checkbox_' . $name_for_select . '_none"><input type="checkbox"' . (empty($GLOBALS['checkall']) ?  '' : ' checked="checked"') . ' name="' . $name_for_select . '_none" id="checkbox_' . $name_for_select . '_none" title="' . $GLOBALS['strNone'] . '" />'           . $GLOBALS['strNone'] . '</label>' . "\n"           . $spaces . '    </div>' . "\n";} // end function/** * Displays the privileges form table * * @param   string  $db     the database * @param   string  $table  the table * @param   boolean $submit wheather to display the submit button or not * @param   int     $indent the indenting level of the code * * @global  array      $cfg         the phpMyAdmin configuration * @global  ressource  $user_link   the database connection * * @return  void */function PMA_displayPrivTable($db = '*', $table = '*', $submit = TRUE, $indent = 0){    if ($db == '*') {        $table = '*';    }    $spaces = str_repeat( '    ', $indent );    if (isset($GLOBALS['username'])) {        $username = $GLOBALS['username'];        $hostname = $GLOBALS['hostname'];        if ($db == '*') {            $sql_query =                 'SELECT * FROM `mysql`.`user`'                .' WHERE ' . PMA_convert_using('User')                .' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted')                .' AND ' . PMA_convert_using('Host')                .' = ' . PMA_convert_using($hostname, 'quoted') . ';';        } elseif ($table == '*') {            $sql_query =                'SELECT * FROM `mysql`.`db`'                .' WHERE ' . PMA_convert_using('`User`')                .' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted')                .' AND ' . PMA_convert_using('`Host`')                .' = ' . PMA_convert_using($hostname, 'quoted')                .' AND ' .  PMA_convert_using( PMA_unescape_mysql_wildcards( $db ), 'quoted' )                .' LIKE ' . PMA_convert_using( '`Db`' ) . ';';        } else {            $sql_query =                'SELECT `Table_priv`'                .' FROM `mysql`.`tables_priv`'                .' WHERE ' . PMA_convert_using('`User`')                .' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted')                .' AND ' .PMA_convert_using('`Host`')                .' = ' . PMA_convert_using( $hostname, 'quoted' )                .' AND ' .PMA_convert_using('`Db`')                .' = ' . PMA_convert_using( PMA_unescape_mysql_wildcards( $db ), 'quoted' )                .' AND ' . PMA_convert_using('`Table_name`')                .' = ' . PMA_convert_using($table, 'quoted') . ';';        }        $res = PMA_DBI_query($sql_query);        $row = PMA_DBI_fetch_assoc($res);        PMA_DBI_free_result($res);    }    if (empty($row)) {        if ($table == '*') {            if ($db == '*') {                $sql_query = 'SHOW COLUMNS FROM `mysql`.`user`;';            } elseif ($table == '*') {                $sql_query = 'SHOW COLUMNS FROM `mysql`.`db`;';            }            $res = PMA_DBI_query($sql_query);            while ($row1 = PMA_DBI_fetch_row($res)) {                if (substr($row1[0], 0, 4) == 'max_') {                    $row[$row1[0]] = 0;                } else {                    $row[$row1[0]] = 'N';                }            }