mirror of
https://github.com/vrana/adminer.git
synced 2025-08-13 01:54:00 +02:00
Prepare Privileges
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@313 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
jakubvrana
@@ -1,5 +1,5 @@
|
||||
<?php
|
||||
if (!(strlen($_GET["db"]) ? $mysql->select_db($_GET["db"]) : isset($_GET["sql"]) || isset($_GET["dump"]) || isset($_GET["database"]) || isset($_GET["processlist"]))) {
|
||||
if (!(strlen($_GET["db"]) ? $mysql->select_db($_GET["db"]) : isset($_GET["sql"]) || isset($_GET["dump"]) || isset($_GET["database"]) || isset($_GET["processlist"]) || isset($_GET["privileges"]))) {
|
||||
if (strlen($_GET["db"])) {
|
||||
unset($_SESSION["databases"][$_GET["server"]]);
|
||||
}
|
||||
@@ -9,6 +9,7 @@ if (!(strlen($_GET["db"]) ? $mysql->select_db($_GET["db"]) : isset($_GET["sql"])
|
||||
} else {
|
||||
page_header(lang('Select database'), null);
|
||||
echo '<p><a href="' . htmlspecialchars($SELF) . 'database=">' . lang('Create new database') . "</a></p>\n";
|
||||
echo '<p><a href="' . htmlspecialchars($SELF) . 'privileges=">' . lang('Privileges') . "</a></p>\n";
|
||||
echo '<p><a href="' . htmlspecialchars($SELF) . 'processlist=">' . lang('Process list') . "</a></p>\n";
|
||||
echo "<p>" . lang('MySQL version') . ": <b>$mysql->server_info</b> " . lang('through PHP extension') . " <b>" . (extension_loaded("mysqli") ? "MySQLi" : (extension_loaded("mysql") ? "MySQL" : "PDO")) . "</b></p>\n";
|
||||
}
|
||||
|
||||
@@ -9,7 +9,7 @@ function page_header($title, $breadcrumb = array(), $title2 = "") {
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||
<meta http-equiv="Content-Script-Type" content="text/javascript" />
|
||||
<meta name="robots" content="noindex" />
|
||||
<title><?php echo $title . (strlen($title2) ? ": " . htmlspecialchars($title2) : "") . " - " . lang('phpMinAdmin') . " 1.3.3-dev"; ?></title>
|
||||
<title><?php echo $title . (strlen($title2) ? ": " . htmlspecialchars($title2) : "") . " - " . lang('phpMinAdmin') . " 1.4.0-dev"; ?></title>
|
||||
<link rel="shortcut icon" type="image/x-icon" href="favicon.ico" />
|
||||
<link rel="stylesheet" type="text/css" href="default.css" />
|
||||
<?php if ($_COOKIE["highlight"] == "jush") { ?>
|
||||
@@ -32,7 +32,7 @@ function page_header($title, $breadcrumb = array(), $title2 = "") {
|
||||
}
|
||||
foreach ($breadcrumb as $key => $val) {
|
||||
if (strlen($val)) {
|
||||
echo '<a href="' . htmlspecialchars($SELF) . "$key=" . urlencode($val) . '">' . htmlspecialchars($val) . '</a> > ';
|
||||
echo '<a href="' . htmlspecialchars($SELF) . "$key=" . ($key != "privileges" ? urlencode($val) : "") . '">' . htmlspecialchars($val) . '</a> > ';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -83,6 +83,8 @@ if (isset($_GET["dump"])) {
|
||||
include "./procedure.inc.php";
|
||||
} elseif (isset($_GET["trigger"])) {
|
||||
include "./trigger.inc.php";
|
||||
} elseif (isset($_GET["privileges"])) {
|
||||
include "./privileges.inc.php";
|
||||
} elseif (isset($_GET["processlist"])) {
|
||||
include "./processlist.inc.php";
|
||||
} else {
|
||||
|
||||
90
privileges.inc.php
Normal file
90
privileges.inc.php
Normal file
@@ -0,0 +1,90 @@
|
||||
<?php
|
||||
if (isset($_GET["name"])) {
|
||||
page_header((strlen($_GET["privileges"]) ? lang('Username') . ": " . htmlspecialchars("$_GET[name]@$_GET[privileges]") : lang('Create user')), array("privileges" => lang('Privileges')));
|
||||
$privileges = array();
|
||||
$result = $mysql->query("SHOW PRIVILEGES");
|
||||
while ($row = $result->fetch_assoc()) {
|
||||
foreach (explode(",", $row["Context"]) as $context) {
|
||||
$privileges[$context][$row["Privilege"]] = $row["Comment"]; //! translation
|
||||
}
|
||||
}
|
||||
$result->free();
|
||||
$privileges["Server Admin"] += $privileges["File access on server"];
|
||||
$privileges["Databases"]["Create routine"] = $privileges["Procedures"]["Create routine"];
|
||||
$privileges["Columns"] = array();
|
||||
foreach (array("Select", "Insert", "Update", "References") as $val) {
|
||||
$privileges["Columns"][$val] = $privileges["Tables"][$val];
|
||||
}
|
||||
unset($privileges["Server Admin"]["Usage"]);
|
||||
unset($privileges["Procedures"]["Create routine"]);
|
||||
unset($privileges["Functions"]["Create routine"]);
|
||||
$grants = array();
|
||||
if (strlen($_GET["privileges"]) && ($result = $mysql->query("SHOW GRANTS FOR '" . $mysql->escape_string($_GET["name"]) . "'@'" . $mysql->escape_string($_GET["privileges"]) . "'"))) { //! Use information_schema for MySQL 5 - column names in column privileges are not escaped
|
||||
while ($row = $result->fetch_row()) {
|
||||
if (preg_match('~GRANT (.*) ON (.*) TO ~', $row[0], $match)) { //! escape part between ON and TO
|
||||
preg_match_all('~ *([^(,]*[^ ,(])( *\\([^)]+\\))?~', $match[1], $matches, PREG_SET_ORDER);
|
||||
foreach ($matches as $val) {
|
||||
$grants["$match[2]$val[2]"][$val[1]] = true;
|
||||
}
|
||||
}
|
||||
if (preg_match('~ WITH GRANT OPTION~', $row[0])) { //! don't check inside strings and identifiers
|
||||
$grants[$match[2]]["GRANT OPTION"] = true;
|
||||
}
|
||||
}
|
||||
$result->free();
|
||||
}
|
||||
$grants[""] = true;
|
||||
|
||||
foreach (array(
|
||||
"Server Admin" => lang('Server'),
|
||||
"Databases" => lang('Database'),
|
||||
"Tables" => lang('Table'),
|
||||
"Columns" => lang('Column'),
|
||||
"Procedures" => lang('Procedure'),
|
||||
"Functions" => lang('Function'),
|
||||
) as $key => $val) {
|
||||
if ($privileges[$key]) {
|
||||
echo "<table border='0' cellspacing='0' cellpadding='2'>\n";
|
||||
echo "<thead><tr>";
|
||||
if ($key != "Server Admin") {
|
||||
echo "<th>$val</th>";
|
||||
}
|
||||
foreach ($privileges[$key] as $privilege => $comment) {
|
||||
echo '<td title="' . htmlspecialchars($comment) . '">' . htmlspecialchars($privilege) . '</td>';
|
||||
}
|
||||
echo "</tr></thead>\n";
|
||||
foreach ($grants as $object => $grant) {
|
||||
if ($key == "Server Admin" ? $object == (isset($grants["*.*"]) ? "*.*" : "")
|
||||
: !$object || (substr($object, -1) == ")" || $key == "Columns" ? substr($object, -1) == ")" xor $key != "Columns"
|
||||
: (preg_match('~PROCEDURE ~', $object) ? $key == "Procedures"
|
||||
: (preg_match('~FUNCTION ~', $object) ? $key == "Functions"
|
||||
: (substr($object, -1) == "*" || $key == "Tables"
|
||||
))))) {
|
||||
echo "<tr align='center'>";
|
||||
if ($key != "Server Admin") {
|
||||
echo '<th><input name="" value="' . htmlspecialchars($object) . "\" size='10' /></th>";
|
||||
}
|
||||
foreach ($privileges[$key] as $privilege => $comment) {
|
||||
echo "<td><input type='checkbox' name='grant' value='1'" . ($grant[strtoupper($privilege)] || ($privilege != "Grant option" && $grant["ALL PRIVILEGES"]) ? " checked='checked'" : "") . " /></td>";
|
||||
}
|
||||
echo "</tr>\n";
|
||||
}
|
||||
}
|
||||
echo "</table>\n";
|
||||
}
|
||||
}
|
||||
//! DROP USER, name, server, password
|
||||
} else {
|
||||
page_header(lang('Privileges'));
|
||||
echo '<p><a href="' . htmlspecialchars($SELF) . 'privileges=&name=">' . lang('Create user') . "</a></p>\n";
|
||||
//! use mysql database if possible (GRANTEE not properly escaped) or CURRENT_USER in MySQL 4 in case of insufficient privileges
|
||||
$result = $mysql->query("SELECT DISTINCT GRANTEE FROM information_schema.USER_PRIVILEGES");
|
||||
echo "<table border='1' cellspacing='0' cellpadding='2'>\n";
|
||||
echo "<thead><tr><th> </th><th>" . lang('Username') . "</th><th>" . lang('Server') . "</th></tr></thead>\n";
|
||||
while ($row = $result->fetch_row()) {
|
||||
preg_match("~'((?:[^']+|'')*)'@'((?:[^']+|'')+)'~", $row[0], $match);
|
||||
echo '<tr><td><a href="' . htmlspecialchars($SELF) . 'privileges=' . urlencode($match[2]) . '&name=' . urlencode($match[1]) . '">' . lang('edit') . '</a></td><td>' . htmlspecialchars(str_replace("''", "'", $match[1])) . "</td><td>" . htmlspecialchars(str_replace("''", "'", $match[2])) . "</td></tr>\n";
|
||||
}
|
||||
echo "</table>\n";
|
||||
$result->free();
|
||||
}
|
||||
Reference in New Issue
Block a user