Prepare Privileges

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@313 7c3ca157-0c34-0410-bff1-cbf682f78f5c

diff --git a/connect.inc.php b/connect.inc.php
index ded979f155556dce7e134340f947d845245546cb..6612652435ad45bdcc3facf1de07f7ff3bf75d12 100644 (file)
--- a/connect.inc.php
+++ b/connect.inc.php
@@ -1,5 +1,5 @@
 <?php
-if (!(strlen($_GET["db"]) ? $mysql->select_db($_GET["db"]) : isset($_GET["sql"]) || isset($_GET["dump"]) || isset($_GET["database"]) || isset($_GET["processlist"]))) {
+if (!(strlen($_GET["db"]) ? $mysql->select_db($_GET["db"]) : isset($_GET["sql"]) || isset($_GET["dump"]) || isset($_GET["database"]) || isset($_GET["processlist"]) || isset($_GET["privileges"]))) {
        if (strlen($_GET["db"])) {
                unset($_SESSION["databases"][$_GET["server"]]);
        }
@@ -9,6 +9,7 @@ if (!(strlen($_GET["db"]) ? $mysql->select_db($_GET["db"]) : isset($_GET["sql"])
        } else {
                page_header(lang('Select database'), null);
                echo '<p><a href="' . htmlspecialchars($SELF) . 'database=">' . lang('Create new database') . "</a></p>\n";
+               echo '<p><a href="' . htmlspecialchars($SELF) . 'privileges=">' . lang('Privileges') . "</a></p>\n";
                echo '<p><a href="' . htmlspecialchars($SELF) . 'processlist=">' . lang('Process list') . "</a></p>\n";
                echo "<p>" . lang('MySQL version') . ": <b>$mysql->server_info</b> " . lang('through PHP extension') . " <b>" . (extension_loaded("mysqli") ? "MySQLi" : (extension_loaded("mysql") ? "MySQL" : "PDO")) . "</b></p>\n";
        }

diff --git a/design.inc.php b/design.inc.php
index 95662ee46ce5f277b54c173267d95539698ca553..354ccd0caea5e1f58aaad02053c760902ceef75d 100644 (file)
--- a/design.inc.php
+++ b/design.inc.php
@@ -9,7 +9,7 @@ function page_header($title, $breadcrumb = array(), $title2 = "") {
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 <meta http-equiv="Content-Script-Type" content="text/javascript" />
 <meta name="robots" content="noindex" />
-<title><?php echo $title . (strlen($title2) ? ": " . htmlspecialchars($title2) : "") . " - " . lang('phpMinAdmin') . " 1.3.3-dev"; ?></title>
+<title><?php echo $title . (strlen($title2) ? ": " . htmlspecialchars($title2) : "") . " - " . lang('phpMinAdmin') . " 1.4.0-dev"; ?></title>
 <link rel="shortcut icon" type="image/x-icon" href="favicon.ico" />
 <link rel="stylesheet" type="text/css" href="default.css" />
 <?php if ($_COOKIE["highlight"] == "jush") { ?>
@@ -32,7 +32,7 @@ function page_header($title, $breadcrumb = array(), $title2 = "") {
                        }
                        foreach ($breadcrumb as $key => $val) {
                                if (strlen($val)) {
-                                       echo '<a href="' . htmlspecialchars($SELF) . "$key=" . urlencode($val) . '">' . htmlspecialchars($val) . '</a> &gt; ';
+                                       echo '<a href="' . htmlspecialchars($SELF) . "$key=" . ($key != "privileges" ? urlencode($val) : "") . '">' . htmlspecialchars($val) . '</a> &gt; ';
                                }
                        }
                }

diff --git a/index.php b/index.php
index 53cc465bdc9d8447fae17300e16bce2f53f19702..9dd63f122c9d485186c4b2747986a7fadd2d89bb 100644 (file)
--- a/index.php
+++ b/index.php
@@ -83,6 +83,8 @@ if (isset($_GET["dump"])) {
                        include "./procedure.inc.php";
                } elseif (isset($_GET["trigger"])) {
                        include "./trigger.inc.php";
+               } elseif (isset($_GET["privileges"])) {
+                       include "./privileges.inc.php";
                } elseif (isset($_GET["processlist"])) {
                        include "./processlist.inc.php";
                } else {

diff --git a/privileges.inc.php b/privileges.inc.php
new file mode 100644 (file)
index 0000000..22918a6
--- /dev/null
+++ b/privileges.inc.php
@@ -0,0 +1,90 @@
+<?php
+if (isset($_GET["name"])) {
+       page_header((strlen($_GET["privileges"]) ? lang('Username') . ": " . htmlspecialchars("$_GET[name]@$_GET[privileges]") : lang('Create user')), array("privileges" => lang('Privileges')));
+       $privileges = array();
+       $result = $mysql->query("SHOW PRIVILEGES");
+       while ($row = $result->fetch_assoc()) {
+               foreach (explode(",", $row["Context"]) as $context) {
+                       $privileges[$context][$row["Privilege"]] = $row["Comment"]; //! translation
+               }
+       }
+       $result->free();
+       $privileges["Server Admin"] += $privileges["File access on server"];
+       $privileges["Databases"]["Create routine"] = $privileges["Procedures"]["Create routine"];
+       $privileges["Columns"] = array();
+       foreach (array("Select", "Insert", "Update", "References") as $val) {
+               $privileges["Columns"][$val] = $privileges["Tables"][$val];
+       }
+       unset($privileges["Server Admin"]["Usage"]);
+       unset($privileges["Procedures"]["Create routine"]);
+       unset($privileges["Functions"]["Create routine"]);
+       $grants = array();
+       if (strlen($_GET["privileges"]) && ($result = $mysql->query("SHOW GRANTS FOR '" . $mysql->escape_string($_GET["name"]) . "'@'" . $mysql->escape_string($_GET["privileges"]) . "'"))) { //! Use information_schema for MySQL 5 - column names in column privileges are not escaped
+               while ($row = $result->fetch_row()) {
+                       if (preg_match('~GRANT (.*) ON (.*) TO ~', $row[0], $match)) { //! escape part between ON and TO
+                               preg_match_all('~ *([^(,]*[^ ,(])( *\\([^)]+\\))?~', $match[1], $matches, PREG_SET_ORDER);
+                               foreach ($matches as $val) {
+                                       $grants["$match[2]$val[2]"][$val[1]] = true;
+                               }
+                       }
+                       if (preg_match('~ WITH GRANT OPTION~', $row[0])) { //! don't check inside strings and identifiers
+                               $grants[$match[2]]["GRANT OPTION"] = true;
+                       }
+               }
+               $result->free();
+       }
+       $grants[""] = true;
+       
+       foreach (array(
+               "Server Admin" => lang('Server'),
+               "Databases" => lang('Database'),
+               "Tables" => lang('Table'),
+               "Columns" => lang('Column'),
+               "Procedures" => lang('Procedure'),
+               "Functions" => lang('Function'),
+       ) as $key => $val) {
+               if ($privileges[$key]) {
+                       echo "<table border='0' cellspacing='0' cellpadding='2'>\n";
+                       echo "<thead><tr>";
+                       if ($key != "Server Admin") {
+                               echo "<th>$val</th>";
+                       }
+                       foreach ($privileges[$key] as $privilege => $comment) {
+                               echo '<td title="' . htmlspecialchars($comment) . '">' . htmlspecialchars($privilege) . '</td>';
+                       }
+                       echo "</tr></thead>\n";
+                       foreach ($grants as $object => $grant) {
+                               if ($key == "Server Admin" ? $object == (isset($grants["*.*"]) ? "*.*" : "")
+                               : !$object || (substr($object, -1) == ")" || $key == "Columns" ? substr($object, -1) == ")" xor $key != "Columns"
+                               : (preg_match('~PROCEDURE ~', $object) ? $key == "Procedures"
+                               : (preg_match('~FUNCTION ~', $object) ? $key == "Functions"
+                               : (substr($object, -1) == "*" || $key == "Tables"
+                               ))))) {
+                                       echo "<tr align='center'>";
+                                       if ($key != "Server Admin") {
+                                               echo '<th><input name="" value="' . htmlspecialchars($object) . "\" size='10' /></th>";
+                                       }
+                                       foreach ($privileges[$key] as $privilege => $comment) {
+                                               echo "<td><input type='checkbox' name='grant' value='1'" . ($grant[strtoupper($privilege)] || ($privilege != "Grant option" && $grant["ALL PRIVILEGES"]) ? " checked='checked'" : "") . " /></td>";
+                                       }
+                                       echo "</tr>\n";
+                               }
+                       }
+                       echo "</table>\n";
+               }
+       }
+       //! DROP USER, name, server, password
+} else {
+       page_header(lang('Privileges'));
+       echo '<p><a href="' . htmlspecialchars($SELF) . 'privileges=&amp;name=">' . lang('Create user') . "</a></p>\n";
+       //! use mysql database if possible (GRANTEE not properly escaped) or CURRENT_USER in MySQL 4 in case of insufficient privileges
+       $result = $mysql->query("SELECT DISTINCT GRANTEE FROM information_schema.USER_PRIVILEGES");
+       echo "<table border='1' cellspacing='0' cellpadding='2'>\n";
+       echo "<thead><tr><th>&nbsp;</th><th>" . lang('Username') . "</th><th>" . lang('Server') . "</th></tr></thead>\n";
+       while ($row = $result->fetch_row()) {
+               preg_match("~'((?:[^']+|'')*)'@'((?:[^']+|'')+)'~", $row[0], $match);
+               echo '<tr><td><a href="' . htmlspecialchars($SELF) . 'privileges=' . urlencode($match[2]) . '&amp;name=' . urlencode($match[1]) . '">' . lang('edit') . '</a></td><td>' . htmlspecialchars(str_replace("''", "'", $match[1])) . "</td><td>" . htmlspecialchars(str_replace("''", "'", $match[2])) . "</td></tr>\n";
+       }
+       echo "</table>\n";
+       $result->free();
+}