From 2da8671831e0e18472ba6482cbbc9f7e53ddfa0b Mon Sep 17 00:00:00 2001 From: Sebastian Mendel Date: Wed, 9 Nov 2005 12:36:13 +0000 Subject: db with only table specific rights where not displayed if there was not at least one db with db specfic rights --- server_privileges.php | 448 ++++++++++++++++++++++++-------------------------- 1 file changed, 218 insertions(+), 230 deletions(-) (limited to 'server_privileges.php') diff --git a/server_privileges.php b/server_privileges.php index 6cfc86241d..2b705c0e7b 100644 --- a/server_privileges.php +++ b/server_privileges.php @@ -45,9 +45,9 @@ if (!$is_superuser) { } /** - * Generates a condition on the user name + * Generates a condition on the user name * - * @param string the user's initial + * @param string the user's initial * @return string the generated condition */ function PMA_RangeOfUsers($initial = '') { @@ -170,7 +170,7 @@ function PMA_extractPrivInfo($row = '', $enableHTML = FALSE) /** * Displays on which column(s) a table-specific privilege is granted */ -function PMA_display_column_privs($spaces, $columns, $row, $name_for_select, $priv_for_header, $name, $name_for_dfn, $name_for_current) { +function PMA_display_column_privs($spaces, $columns, $row, $name_for_select, $priv_for_header, $name, $name_for_dfn, $name_for_current) { echo $spaces . '
' . "\n" . $spaces . '
' . "\n"; } else { @@ -622,7 +622,7 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0 ) { default: $GLOBALS['pred_hostname'] = 'userdefined'; break; - } + } } echo $spaces . ' ' . "\n" . $spaces . ' ' . "\n"; @@ -679,10 +679,10 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0 ) { * Changes / copies a user, part I */ if (!empty($change_copy)) { - $user_host_condition = - ' WHERE ' . PMA_convert_using('User') - .' = ' . PMA_convert_using(PMA_sqlAddslashes($old_username), 'quoted') - .' AND ' . PMA_convert_using('Host') + $user_host_condition = + ' WHERE ' . PMA_convert_using('User') + .' = ' . PMA_convert_using(PMA_sqlAddslashes($old_username), 'quoted') + .' AND ' . PMA_convert_using('Host') .' = ' . PMA_convert_using($old_hostname, 'quoted') . ';'; $res = PMA_DBI_query('SELECT * FROM `mysql`.`user` ' . $user_host_condition); if (!$res) { @@ -733,9 +733,9 @@ if (!empty($adduser_submit) || !empty($change_copy)) { } $res = PMA_DBI_query( 'SELECT \'foo\' FROM `mysql`.`user`' - .' WHERE ' . PMA_convert_using('User') - .' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') - .' AND ' . PMA_convert_using('Host') + .' WHERE ' . PMA_convert_using('User') + .' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') + .' AND ' . PMA_convert_using('Host') .' = ' . PMA_convert_using($hostname, 'quoted') . ';', NULL, PMA_DBI_QUERY_STORE ); if (PMA_DBI_num_rows($res) == 1) { @@ -744,14 +744,14 @@ if (!empty($adduser_submit) || !empty($change_copy)) { $adduser = 1; } else { PMA_DBI_free_result($res); - + if ( 50002 <= PMA_MYSQL_INT_VERSION ) { // MySQL 5 requires CREATE USER before any GRANT on this user can done $create_user_real = 'CREATE USER \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\''; } - - $real_sql_query = - 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON *.* TO \'' + + $real_sql_query = + 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON *.* TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\''; if ($pred_password != 'none' && $pred_password != 'keep') { $pma_pw_hidden = ''; @@ -846,15 +846,15 @@ if (!empty($adduser_submit) || !empty($change_copy)) { * Changes / copies a user, part III */ if (!empty($change_copy)) { - $user_host_condition = - ' WHERE ' . PMA_convert_using('User') - .' = ' . PMA_convert_using(PMA_sqlAddslashes($old_username), 'quoted') - .' AND ' . PMA_convert_using('Host') + $user_host_condition = + ' WHERE ' . PMA_convert_using('User') + .' = ' . PMA_convert_using(PMA_sqlAddslashes($old_username), 'quoted') + .' AND ' . PMA_convert_using('Host') .' = ' . PMA_convert_using($old_hostname, 'quoted') . ';'; $res = PMA_DBI_query('SELECT * FROM `mysql`.`db`' . $user_host_condition ); while ($row = PMA_DBI_fetch_assoc($res)) { - $queries[] = - 'GRANT ' . join(', ', PMA_extractPrivInfo($row)) + $queries[] = + 'GRANT ' . join(', ', PMA_extractPrivInfo($row)) .' ON `' . $row['Db'] . '`.*' .' TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\'' . ( $row['Grant_priv'] == 'Y' ? ' WITH GRANT OPTION;' : ';' ); @@ -869,14 +869,14 @@ if (!empty($change_copy)) { $res2 = PMA_DBI_QUERY( 'SELECT `Column_name`, `Column_priv`' .' FROM `mysql`.`columns_priv`' - .' WHERE ' . PMA_convert_using('User') - .' = ' . PMA_convert_using(PMA_sqlAddslashes($old_username), 'quoted') - .' AND ' . PMA_convert_using('`Host`') - .' = ' . PMA_convert_using($old_hostname, 'quoted') - .' AND ' . PMA_convert_using('`Db`') - .' = ' . PMA_convert_using($row['Db'], 'quoted') - .' AND ' . PMA_convert_using('`Table_name`') - .' = ' . PMA_convert_using($row['Table_name'], 'quoted') + .' WHERE ' . PMA_convert_using('User') + .' = ' . PMA_convert_using(PMA_sqlAddslashes($old_username), 'quoted') + .' AND ' . PMA_convert_using('`Host`') + .' = ' . PMA_convert_using($old_hostname, 'quoted') + .' AND ' . PMA_convert_using('`Db`') + .' = ' . PMA_convert_using($row['Db'], 'quoted') + .' AND ' . PMA_convert_using('`Table_name`') + .' = ' . PMA_convert_using($row['Table_name'], 'quoted') .';', NULL, PMA_DBI_QUERY_STORE ); @@ -917,10 +917,10 @@ if (!empty($change_copy)) { $tmp_privs1[] = 'REFERENCES (`' . join('`, `', $tmp_privs2['References']) . '`)'; } unset($tmp_privs2); - $queries[] = - 'GRANT ' . join(', ', $tmp_privs1) - . ' ON `' . $row['Db'] . '`.`' . $row['Table_name'] - . '` TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\'' + $queries[] = + 'GRANT ' . join(', ', $tmp_privs1) + . ' ON `' . $row['Db'] . '`.`' . $row['Table_name'] + . '` TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\'' . (in_array('Grant', explode(',', $row['Table_priv'])) ? ' WITH GRANT OPTION;' : ';'); } } @@ -951,24 +951,24 @@ if (!empty($update_privs)) { $db_and_table .= '*'; } } - - $sql_query0 = - 'REVOKE ALL PRIVILEGES ON ' . $db_and_table + + $sql_query0 = + 'REVOKE ALL PRIVILEGES ON ' . $db_and_table . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';'; if (!isset($Grant_priv) || $Grant_priv != 'Y') { - $sql_query1 = - 'REVOKE GRANT OPTION ON ' . $db_and_table + $sql_query1 = + 'REVOKE GRANT OPTION ON ' . $db_and_table . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';'; } - $sql_query2 = - 'GRANT ' . join(', ', PMA_extractPrivInfo()) - . ' ON ' . $db_and_table + $sql_query2 = + 'GRANT ' . join(', ', PMA_extractPrivInfo()) + . ' ON ' . $db_and_table . ' TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\''; // FIXME: similar code appears twice in this script if ( ( isset($Grant_priv) && $Grant_priv == 'Y') || ( empty($dbname) && PMA_MYSQL_INT_VERSION >= 40002 - && ( isset($max_questions) || isset($max_connections) + && ( isset($max_questions) || isset($max_connections) || isset($max_updates) || isset($max_user_connections)))) { $sql_query2 .= 'WITH'; @@ -1015,7 +1015,7 @@ if (!empty($update_privs)) { * Revokes Privileges */ if (!empty($revokeall)) { - + if (empty($dbname)) { $db_and_table = '*.*'; } else { @@ -1027,12 +1027,12 @@ if (!empty($revokeall)) { $db_and_table .= PMA_backquote( $tablename ); } } - - $sql_query0 = - 'REVOKE ALL PRIVILEGES ON ' . $db_and_table + + $sql_query0 = + 'REVOKE ALL PRIVILEGES ON ' . $db_and_table . ' FROM \'' . $username . '\'@\'' . $hostname . '\';'; - $sql_query1 = - 'REVOKE GRANT OPTION ON ' . $db_and_table + $sql_query1 = + 'REVOKE GRANT OPTION ON ' . $db_and_table . ' FROM \'' . $username . '\'@\'' . $hostname . '\';'; PMA_DBI_query($sql_query0); if (!PMA_DBI_try_query($sql_query1)) { // this one may fail, too... @@ -1101,7 +1101,7 @@ if (!empty($delete) || (!empty($change_copy) && $mode < 4)) { $this_table = substr($row[0], (strpos($row[0], 'ON') + 3), (strpos($row[0], ' TO ') - strpos($row[0], 'ON') - 3)); if ($this_table != '*.*') { $queries[] = 'REVOKE ALL PRIVILEGES ON ' . $this_table . ' FROM \'' . PMA_sqlAddslashes($this_user) . '\'@\'' . $this_host . '\';'; - + if (strpos($row[0], 'WITH GRANT OPTION')) { $queries[] = 'REVOKE GRANT OPTION ON ' . $this_table . ' FROM \'' . PMA_sqlAddslashes($this_user) . '\'@\'' . $this_host . '\';'; } @@ -1120,10 +1120,10 @@ if (!empty($delete) || (!empty($change_copy) && $mode < 4)) { if ($mode != 2) { // If we REVOKE the table grants, we should not need to modify the // `mysql`.`db`, `mysql`.`tables_priv` and `mysql`.`columns_priv` tables manually... - $user_host_condition = - ' WHERE ' . PMA_convert_using('User') - . ' = ' . PMA_convert_using(PMA_sqlAddslashes($this_user), 'quoted') - . ' AND ' . PMA_convert_using('Host') + $user_host_condition = + ' WHERE ' . PMA_convert_using('User') + . ' = ' . PMA_convert_using(PMA_sqlAddslashes($this_user), 'quoted') + . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($this_host, 'quoted') . ';'; $queries[] = 'DELETE FROM `mysql`.`db`' . $user_host_condition; $queries[] = 'DELETE FROM `mysql`.`tables_priv`' . $user_host_condition; @@ -1236,15 +1236,15 @@ $link_revoke .= ''; /** * Displays the page */ -if (empty($adduser) && empty($checkprivs)) { - if (!isset($username)) { +if ( empty( $adduser ) && empty( $checkprivs ) ) { + if ( ! isset( $username ) ) { // No username is given --> display the overview echo '

' . "\n" . ($GLOBALS['cfg']['MainPageIconic'] ? '' : '') . $GLOBALS['strUserOverview'] . "\n" . '

' . "\n"; - $sql_query = + $sql_query = 'SELECT `User`,' . ' `Host`,' . ' IF(`Password` = ' . (PMA_MYSQL_INT_VERSION >= 40100 ? '_latin1 ' : '') . '\'\', \'N\', \'Y\') AS \'Password\',' . @@ -1270,11 +1270,11 @@ if (empty($adduser) && empty($checkprivs)) { if (PMA_MYSQL_INT_VERSION >= 50001) { $sql_query .= ', `Create_view_priv`, `Show_view_priv`'; } - + if (PMA_MYSQL_INT_VERSION >= 50003) { $sql_query .= ', `Create_user_priv`, `Create_routine_priv`, `Alter_routine_priv`'; } - + $sql_query .= ' FROM `mysql`.`user`'; $sql_query .= (isset($initial) ? PMA_RangeOfUsers($initial) : ''); @@ -1282,7 +1282,7 @@ if (empty($adduser) && empty($checkprivs)) { $sql_query .= ' ORDER BY `User` ASC, `Host` ASC;'; $res = PMA_DBI_try_query($sql_query, NULL, PMA_DBI_QUERY_STORE); - if (!$res) { + if ( ! $res ) { // the query failed! This may have two reasons: // - the user does not have enough privileges // - the privilege tables use a structure of an earlier version. @@ -1307,18 +1307,18 @@ if (empty($adduser) && empty($checkprivs)) { // we also want users not in table `user` but in other table $tables = PMA_DBI_fetch_result('SHOW TABLES FROM `mysql`;'); - + $tables_to_search_for_users = array( 'user', 'db', 'tables_priv', 'columns_priv', 'procs_priv', ); - + $db_rights_sqls = array(); foreach ( $tables_to_search_for_users as $table_search_in ) { if ( in_array( $table_search_in, $tables ) ) { $db_rights_sqls[] = 'SELECT DISTINCT `User`, `Host` FROM `mysql`.`' . $table_search_in . '` ' . (isset($initial) ? PMA_RangeOfUsers($initial) : ''); } } - + $user_defaults = array( 'User' => '', 'Host' => '%', @@ -1326,18 +1326,18 @@ if (empty($adduser) && empty($checkprivs)) { 'Grant_priv' => 'N', 'privs' => array( 'USAGE' ), ); - + // for all initials, even non A-Z $array_initials = array(); // for the rights $db_rights = array(); - + if ( PMA_MYSQL_INT_VERSION >= 40000 ) { $db_rights_sql = '(' . implode( ') UNION DISTINCT (', $db_rights_sqls ) . ')' .' ORDER BY `User` ASC, `Host` ASC'; - + $db_rights_result = PMA_DBI_query( $db_rights_sql ); - + while ( $db_rights_row = PMA_DBI_fetch_assoc( $db_rights_result ) ) { $db_rights_row = array_merge( $user_defaults, $db_rights_row ); $db_rights[$db_rights_row['User']][$db_rights_row['Host']] = @@ -1346,7 +1346,7 @@ if (empty($adduser) && empty($checkprivs)) { } else { foreach ( $db_rights_sqls as $db_rights_sql ) { $db_rights_result = PMA_DBI_query( $db_rights_sql ); - + while ( $db_rights_row = PMA_DBI_fetch_assoc( $db_rights_result ) ) { $db_rights_row = array_merge( $user_defaults, $db_rights_row ); $db_rights[$db_rights_row['User']][$db_rights_row['Host']] = @@ -1357,7 +1357,7 @@ if (empty($adduser) && empty($checkprivs)) { PMA_DBI_free_result( $db_rights_result ); unset( $db_rights_sql, $db_rights_sqls, $db_rights_result, $db_rights_row ); ksort( $db_rights ); - + /** * Displays the initials */ @@ -1374,7 +1374,7 @@ if (empty($adduser) && empty($checkprivs)) { $array_initials[$tmp_initial] = TRUE; } - // Display the initials, which can be any characters, not + // Display the initials, which can be any characters, not // just letters. For letters A-Z, we add the non-used letters // as greyed out. @@ -1392,7 +1392,7 @@ if (empty($adduser) && empty($checkprivs)) { echo ''; /** - * Display the user overview + * Display the user overview * (if less than 50 users, display them immediately) */ @@ -1404,7 +1404,7 @@ if (empty($adduser) && empty($checkprivs)) { } @PMA_DBI_free_result( $res ); unset( $res ); - + echo '
' . "\n" . PMA_generate_common_hidden_inputs('', '', 1) . ' ' . "\n" @@ -1468,7 +1468,7 @@ if (empty($adduser) && empty($checkprivs)) { . ' ' . "\n" . ' ' . "\n" . '

' . "\n"; - + // add/delete user fieldset echo '
' . "\n" . ' ' . "\n" @@ -1548,20 +1548,20 @@ if (empty($adduser) && empty($checkprivs)) { . PMA_generate_common_hidden_inputs('', '', 3) . '' . "\n" . '' . "\n"; - if (!empty($dbname)) { + if ( ! empty( $dbname ) ) { echo '' . "\n"; - if (!empty($tablename)) { + if ( ! empty( $tablename ) ) { echo ' ' . "\n"; } } PMA_displayPrivTable((empty($dbname) ? '*' : $dbname), ((empty($dbname) || empty($tablename)) ? '*' : $tablename), TRUE, 3); echo '' . "\n"; - - if ( empty( $tablename ) && isset($dbname_is_wildcard) && ! $dbname_is_wildcard ) { - + + if ( empty( $tablename ) && empty( $dbname_is_wildcard ) ) { + // no table name was given, display all table specific rights // but only if $dbname contains no wildcards - + // table header echo '
' . "\n" . PMA_generate_common_hidden_inputs('', '', 6) @@ -1579,74 +1579,105 @@ if (empty($adduser) && empty($checkprivs)) { . '' . "\n" . '' . "\n" . '' . "\n"; + $user_host_condition = - ' WHERE ' . PMA_convert_using('User') - . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') - . ' AND ' . PMA_convert_using('Host') + ' WHERE ' . PMA_convert_using('`User`') + . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') + . ' AND ' . PMA_convert_using('`Host`') . ' = ' . PMA_convert_using($hostname, 'quoted'); - + // table body // get data - if (empty($dbname)) { - $sql_query = 'SELECT * FROM `mysql`.`db`' . $user_host_condition . ' ORDER BY `Db` ASC;'; + if ( empty( $dbname ) ) { + // we also want privielgs for this user not in table `db` but in other table + $tables = PMA_DBI_fetch_result('SHOW TABLES FROM `mysql`;'); + + $tables_to_search_for_users = array( + 'tables_priv', 'columns_priv', + ); + + $db_rights_sqls = array(); + foreach ( $tables_to_search_for_users as $table_search_in ) { + if ( in_array( $table_search_in, $tables ) ) { + $db_rights_sqls[] = ' + SELECT DISTINCT `Db` + FROM `mysql`.`' . $table_search_in . '` + ' . $user_host_condition; + } + } + + $user_defaults = array( + 'Db' => '', + 'Grant_priv' => 'N', + 'privs' => array( 'USAGE' ), + 'Table_priv' => true, + ); + + // for the rights + $db_rights = array(); + + if ( PMA_MYSQL_INT_VERSION >= 40000 ) { + $db_rights_sql = '(' . implode( ') UNION DISTINCT (', $db_rights_sqls ) . ')' + .' ORDER BY `Db` ASC'; + + $db_rights_result = PMA_DBI_query( $db_rights_sql ); + + while ( $db_rights_row = PMA_DBI_fetch_assoc( $db_rights_result ) ) { + $db_rights_row = array_merge( $user_defaults, $db_rights_row ); + $db_rights[$db_rights_row['Db']] = $db_rights_row; + } + } else { + foreach ( $db_rights_sqls as $db_rights_sql ) { + $db_rights_result = PMA_DBI_query( $db_rights_sql ); + + while ( $db_rights_row = PMA_DBI_fetch_assoc( $db_rights_result ) ) { + $db_rights_row = array_merge( $user_defaults, $db_rights_row ); + $db_rights[$db_rights_row['Db']] = $db_rights_row; + } + } + } + PMA_DBI_free_result( $db_rights_result ); + unset( $db_rights_sql, $db_rights_sqls, $db_rights_result, $db_rights_row ); + + $sql_query = 'SELECT * FROM `mysql`.`db`' . $user_host_condition . ' ORDER BY `Db` ASC'; + $res = PMA_DBI_query( $sql_query ); + unset( $sql_query ); + + while ( $row = PMA_DBI_fetch_assoc( $res ) ) { + $db_rights[$row['Db']] = $row; + $db_rights[$row['Db']]['can_delete'] = true; + } + PMA_DBI_free_result( $res ); + unset( $row, $res ); + + ksort( $db_rights ); } else { - $sql_query = + $sql_query = 'SELECT `Table_name`,' .' `Table_priv`,' .' IF(`Column_priv` = ' . (PMA_MYSQL_INT_VERSION >= 40100 ? '_latin1 ' : '') . ' \'\', 0, 1)' .' AS \'Column_priv\'' - .' FROM `mysql`.`tables_priv`' + .' FROM `mysql`.`tables_priv`' . $user_host_condition - .' AND ' . PMA_convert_using('`Db`') - .' LIKE ' . PMA_convert_using($dbname, 'quoted') + .' AND ' . PMA_convert_using('`Db`') + .' LIKE ' . PMA_convert_using($dbname, 'quoted') .' ORDER BY `Table_name` ASC;'; + $db_rights = PMA_DBI_fetch_result( $sql_query, 'Db', NULL, NULL, PMA_DBI_QUERY_STORE ); } - $res = PMA_DBI_query($sql_query, NULL, PMA_DBI_QUERY_STORE); - + + // display rows - if (PMA_DBI_affected_rows() == 0) { + if ( count( $db_rights ) < 1 ) { echo '' . "\n" . '
' . $GLOBALS['strNone'] . '
' . "\n" . '' . "\n"; } else { $odd_row = true; - if (empty($dbname)) { - $res2 = PMA_DBI_query('SELECT `Db` FROM `mysql`.`tables_priv`' . $user_host_condition . ' GROUP BY `Db` ORDER BY `Db` ASC;'); - $row2 = PMA_DBI_fetch_assoc($res2); - if ( $row2 ) { - $row2['Db'] = PMA_escape_mysql_wildcards( $row2['Db'] ); - } - } $found_rows = array(); - while ($row = PMA_DBI_fetch_assoc($res)) { - while (empty($dbname) && $row2 && $row['Db'] > $row2['Db']) { - $found_rows[] = $row2['Db']; - echo '' . "\n" - . ' ' . htmlspecialchars( $row2['Db'] ) . '' . "\n" - . ' ' . "\n" - . ' USAGE' . "\n" - . ' ' . "\n" - . ' ' . $GLOBALS['strNo'] . '' . "\n" - . ' ' . $GLOBALS['strYes'] . '' . "\n" - . ' '; - printf( $link_edit, urlencode( $username ), - urlencode( $hostname ), - urlencode( $row2['Db'] ), - '' ); - echo '' . "\n" - . ' '; - printf( $link_revoke, urlencode( $username ), - urlencode( $hostname ), urlencode( $row2['Db'] ), '' ); - echo '' . "\n" - . '' . "\n"; - $row2 = PMA_DBI_fetch_assoc($res2); - if ( $row2 ) { - $row2['Db'] = PMA_escape_mysql_wildcards( $row2['Db'] ); - } - $odd_row = ! $odd_row; - } // end while + //while ( $row = PMA_DBI_fetch_assoc( $res ) ) { + foreach ( $db_rights as $row ) { $found_rows[] = empty($dbname) ? $row['Db'] : $row['Table_name']; - + echo '' . "\n" . ' ' . htmlspecialchars(empty($dbname) ? $row['Db'] : $row['Table_name']) . '' . "\n" . ' ' . "\n" @@ -1654,15 +1685,8 @@ if (empty($adduser) && empty($checkprivs)) { . ' ' . "\n" . ' ' . (((empty($dbname) && $row['Grant_priv'] == 'Y') || (!empty($dbname) && in_array('Grant', explode(',', $row['Table_priv'])))) ? $GLOBALS['strYes'] : $GLOBALS['strNo']) . '' . "\n" . ' '; - if ((empty($dbname) && $row2 && $row['Db'] == $row2['Db']) - || (!empty($dbname) && $row['Column_priv'])) { + if ( $row['Table_priv'] || $row['Column_priv'] ) { echo $GLOBALS['strYes']; - if (empty($dbname)) { - $row2 = PMA_DBI_fetch_assoc($res2); - if ( $row2 ) { - $row2['Db'] = PMA_escape_mysql_wildcards( $row2['Db'] ); - } - } } else { echo $GLOBALS['strNo']; } @@ -1674,80 +1698,46 @@ if (empty($adduser) && empty($checkprivs)) { urlencode( empty($dbname) ? '' : $row['Table_name'] ) ); echo '' . "\n" . ' '; - printf( $link_revoke, urlencode( $username ), - urlencode( $hostname ), - urlencode( empty( $dbname ) ? $row['Db'] : $dbname ), - urlencode( empty( $dbname ) ? '' : $row['Table_name'] ) ); - echo '' . "\n" - . '' . "\n"; - $odd_row = ! $odd_row; - } // end while - - - while (empty($dbname) && $row2) { - - $found_rows[] = $row2['Db']; - echo '' . "\n" - . ' ' . htmlspecialchars( $row2['Db']) . '' . "\n" - . ' ' . "\n" - . ' USAGE' . "\n" - . ' ' . "\n" - . ' ' . $GLOBALS['strNo'] . '' . "\n" - . ' ' . $GLOBALS['strYes'] . '' . "\n" - . ' '; - printf( $link_edit, urlencode( $username ), - urlencode( $hostname ), - urlencode( $row2['Db'] ), - '' ); - echo '' . "\n" - . ' '; - printf( $link_revoke, urlencode( $username ), - urlencode( $hostname ), urlencode( $row2['Db'] ), '' ); + if ( $row['can_delete'] || $row['Table_name'] ) { + printf( $link_revoke, urlencode( $username ), + urlencode( $hostname ), + urlencode( empty( $dbname ) ? $row['Db'] : $dbname ), + urlencode( empty( $dbname ) ? '' : $row['Table_name'] ) ); + } echo '' . "\n" . '' . "\n"; - $row2 = PMA_DBI_fetch_assoc($res2); - if ( $row2 ) { - $row2['Db'] = PMA_escape_mysql_wildcards( $row2['Db'] ); - } - $odd_row = ! $odd_row; } // end while - if (empty($dbname)) { - PMA_DBI_free_result($res2); - unset($res2); - unset($row2); - } } - PMA_DBI_free_result($res); - unset($res); unset($row); echo '' . "\n" . '' . "\n"; - + if (empty($dbname)) { - + // no database name was give, display select db - + if ( ! empty( $found_rows ) ) { - $pred_db_array = array_diff( + $pred_db_array = array_diff( PMA_DBI_fetch_result( 'SHOW DATABASES;' ), $found_rows ); } else { $pred_db_array =PMA_DBI_fetch_result( 'SHOW DATABASES;' ); } - + echo ' ' . "\n"; if (!empty($pred_db_array)) { echo ' ' . "\n"; } - echo ' ' . "\n"; + echo ' ' . "\n" + .PMA_showHint( $GLOBALS['strEscapeWildcards'] ); } else { echo ' ' . "\n" . ' ' . "\n"; @@ -1759,8 +1749,7 @@ if (empty($adduser) && empty($checkprivs)) { } } PMA_DBI_free_result($res); - unset($res); - unset($row); + unset( $res, $row ); if (!empty($pred_tbl_array)) { echo ' ' . "\n"; } - echo ' ' . PMA_showHint($GLOBALS['strEscapeWildcards']) . "\n" - . '
' . "\n"; + echo '' . "\n"; echo '
' . "\n" - . ' ' . PMA_showHint($GLOBALS['strEscapeWildcards']) . "\n" + . ' ' . '
' . "\n" . '' . "\n"; } @@ -1882,27 +1870,27 @@ if (empty($adduser) && empty($checkprivs)) { $no = PMA_convert_using('N', 'quoted'); - $list_of_privileges = - PMA_convert_using('Select_priv') . ' AS Select_priv, ' - . PMA_convert_using('Insert_priv') . ' AS Insert_priv, ' - . PMA_convert_using('Update_priv') . ' AS Update_priv, ' - . PMA_convert_using('Delete_priv') . ' AS Delete_priv, ' - . PMA_convert_using('Create_priv') . ' AS Create_priv, ' - . PMA_convert_using('Drop_priv') . ' AS Drop_priv, ' + $list_of_privileges = + PMA_convert_using('Select_priv') . ' AS Select_priv, ' + . PMA_convert_using('Insert_priv') . ' AS Insert_priv, ' + . PMA_convert_using('Update_priv') . ' AS Update_priv, ' + . PMA_convert_using('Delete_priv') . ' AS Delete_priv, ' + . PMA_convert_using('Create_priv') . ' AS Create_priv, ' + . PMA_convert_using('Drop_priv') . ' AS Drop_priv, ' . PMA_convert_using('Grant_priv') . ' AS Grant_priv, ' . PMA_convert_using('References_priv') . ' AS References_priv'; - $list_of_compared_privileges = - PMA_convert_using('Select_priv') . ' = ' . $no - . ' AND ' . PMA_convert_using('Insert_priv') . ' = ' . $no - . ' AND ' . PMA_convert_using('Update_priv') . ' = ' . $no - . ' AND ' . PMA_convert_using('Delete_priv') . ' = ' . $no - . ' AND ' . PMA_convert_using('Create_priv') . ' = ' . $no - . ' AND ' . PMA_convert_using('Drop_priv') . ' = ' . $no - . ' AND ' . PMA_convert_using('Grant_priv') . ' = ' . $no + $list_of_compared_privileges = + PMA_convert_using('Select_priv') . ' = ' . $no + . ' AND ' . PMA_convert_using('Insert_priv') . ' = ' . $no + . ' AND ' . PMA_convert_using('Update_priv') . ' = ' . $no + . ' AND ' . PMA_convert_using('Delete_priv') . ' = ' . $no + . ' AND ' . PMA_convert_using('Create_priv') . ' = ' . $no + . ' AND ' . PMA_convert_using('Drop_priv') . ' = ' . $no + . ' AND ' . PMA_convert_using('Grant_priv') . ' = ' . $no . ' AND ' . PMA_convert_using('References_priv') . ' = ' . $no; - $sql_query = + $sql_query = '(SELECT ' . PMA_convert_using('`User`') . ' AS `User`, ' . PMA_convert_using('`Host`') . ' AS `Host`, ' . PMA_convert_using('`Db`') . ' AS `Db`, ' @@ -1912,10 +1900,10 @@ if (empty($adduser) && empty($checkprivs)) { .' LIKE ' . PMA_convert_using('`Db`') .' AND NOT (' . $list_of_compared_privileges. ')) ' .'UNION ' - .'(SELECT ' . PMA_convert_using('`User`') . ' AS `User`, ' - . PMA_convert_using('`Host`') . ' AS `Host`, ' - . PMA_convert_using('*', 'quoted') .' AS `Db`, ' - . $list_of_privileges + .'(SELECT ' . PMA_convert_using('`User`') . ' AS `User`, ' + . PMA_convert_using('`Host`') . ' AS `Host`, ' + . PMA_convert_using('*', 'quoted') .' AS `Db`, ' + . $list_of_privileges .' FROM `mysql`.`user` ' .' WHERE NOT (' . $list_of_compared_privileges . ')) ' .' ORDER BY `User` ASC,' @@ -1931,7 +1919,7 @@ if (empty($adduser) && empty($checkprivs)) { $sql_query = 'SELECT * FROM `mysql`.`user` WHERE NOT (`Select_priv` = \'N\' AND `Insert_priv` = \'N\' AND `Update_priv` = \'N\' AND `Delete_priv` = \'N\' AND `Create_priv` = \'N\' AND `Drop_priv` = \'N\' AND `Grant_priv` = \'N\' AND `References_priv` = \'N\') ORDER BY `User` ASC, `Host` ASC;'; $res1 = PMA_DBI_query($sql_query); $row1 = PMA_DBI_fetch_assoc($res1); - $sql_query = + $sql_query = 'SELECT * FROM `mysql`.`db`' .' WHERE \'' . $checkprivs . '\'' .' LIKE `Db`' -- cgit v1.2.3