|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* set of functions with the Privileges section in pma |
|
4
|
|
|
*/ |
|
5
|
|
|
|
|
6
|
|
|
declare(strict_types=1); |
|
7
|
|
|
|
|
8
|
|
|
namespace PhpMyAdmin\Server; |
|
9
|
|
|
|
|
10
|
|
|
use PhpMyAdmin\Config; |
|
11
|
|
|
use PhpMyAdmin\ConfigStorage\Features\ConfigurableMenusFeature; |
|
12
|
|
|
use PhpMyAdmin\ConfigStorage\Relation; |
|
13
|
|
|
use PhpMyAdmin\ConfigStorage\RelationCleanup; |
|
14
|
|
|
use PhpMyAdmin\Current; |
|
15
|
|
|
use PhpMyAdmin\Database\Routines; |
|
16
|
|
|
use PhpMyAdmin\DatabaseInterface; |
|
17
|
|
|
use PhpMyAdmin\Dbal\Connection; |
|
18
|
|
|
use PhpMyAdmin\Dbal\ConnectionType; |
|
19
|
|
|
use PhpMyAdmin\Dbal\ResultInterface; |
|
20
|
|
|
use PhpMyAdmin\Html\Generator; |
|
21
|
|
|
use PhpMyAdmin\Html\MySQLDocumentation; |
|
22
|
|
|
use PhpMyAdmin\Identifiers\DatabaseName; |
|
|
|
|
|
|
23
|
|
|
use PhpMyAdmin\Identifiers\TableName; |
|
|
|
|
|
|
24
|
|
|
use PhpMyAdmin\Message; |
|
25
|
|
|
use PhpMyAdmin\Query\Compatibility; |
|
26
|
|
|
use PhpMyAdmin\ResponseRenderer; |
|
27
|
|
|
use PhpMyAdmin\Template; |
|
28
|
|
|
use PhpMyAdmin\Url; |
|
29
|
|
|
use PhpMyAdmin\UserPrivileges; |
|
30
|
|
|
use PhpMyAdmin\Util; |
|
31
|
|
|
|
|
32
|
|
|
use function __; |
|
33
|
|
|
use function array_fill_keys; |
|
34
|
|
|
use function array_filter; |
|
35
|
|
|
use function array_intersect; |
|
36
|
|
|
use function array_keys; |
|
37
|
|
|
use function array_map; |
|
38
|
|
|
use function array_merge; |
|
39
|
|
|
use function array_unique; |
|
40
|
|
|
use function count; |
|
41
|
|
|
use function explode; |
|
42
|
|
|
use function htmlspecialchars; |
|
43
|
|
|
use function implode; |
|
44
|
|
|
use function in_array; |
|
45
|
|
|
use function is_array; |
|
46
|
|
|
use function is_string; |
|
47
|
|
|
use function json_decode; |
|
48
|
|
|
use function ksort; |
|
49
|
|
|
use function max; |
|
50
|
|
|
use function mb_strpos; |
|
51
|
|
|
use function mb_strrpos; |
|
52
|
|
|
use function mb_strtolower; |
|
53
|
|
|
use function mb_strtoupper; |
|
54
|
|
|
use function mb_substr; |
|
55
|
|
|
use function preg_match; |
|
56
|
|
|
use function preg_replace; |
|
57
|
|
|
use function range; |
|
58
|
|
|
use function sprintf; |
|
59
|
|
|
use function str_contains; |
|
60
|
|
|
use function str_replace; |
|
61
|
|
|
use function str_starts_with; |
|
62
|
|
|
use function strnatcasecmp; |
|
63
|
|
|
use function strtr; |
|
64
|
|
|
use function trim; |
|
65
|
|
|
use function uksort; |
|
66
|
|
|
|
|
67
|
|
|
/** |
|
68
|
|
|
* Privileges class |
|
69
|
|
|
*/ |
|
70
|
|
|
class Privileges |
|
71
|
|
|
{ |
|
72
|
224 |
|
public function __construct( |
|
73
|
|
|
public Template $template, |
|
74
|
|
|
public DatabaseInterface $dbi, |
|
75
|
|
|
public Relation $relation, |
|
76
|
|
|
private RelationCleanup $relationCleanup, |
|
77
|
|
|
private Plugins $plugins, |
|
78
|
|
|
) { |
|
79
|
224 |
|
} |
|
80
|
|
|
|
|
81
|
|
|
/** |
|
82
|
|
|
* Escapes wildcard in a database+table specification |
|
83
|
|
|
* before using it in a GRANT statement. |
|
84
|
|
|
* |
|
85
|
|
|
* Escaping a wildcard character in a GRANT is only accepted at the global |
|
86
|
|
|
* or database level, not at table level; this is why I remove |
|
87
|
|
|
* the escaping character. Internally, in mysql.tables_priv.Db there are |
|
88
|
|
|
* no escaping (for example test_db) but in mysql.db you'll see test\_db |
|
89
|
|
|
* for a db-specific privilege. |
|
90
|
|
|
* |
|
91
|
|
|
* @param string $dbname Database name |
|
92
|
|
|
* @param string $tablename Table name |
|
93
|
|
|
* |
|
94
|
|
|
* @return string the escaped (if necessary) database.table |
|
95
|
|
|
*/ |
|
96
|
20 |
|
public function wildcardEscapeForGrant(string $dbname, string $tablename): string |
|
97
|
|
|
{ |
|
98
|
20 |
|
if ($dbname === '') { |
|
99
|
12 |
|
return '*.*'; |
|
100
|
|
|
} |
|
101
|
|
|
|
|
102
|
12 |
|
if ($tablename === '') { |
|
103
|
4 |
|
return Util::backquote($dbname) . '.*'; |
|
104
|
|
|
} |
|
105
|
|
|
|
|
106
|
12 |
|
return Util::backquote( |
|
107
|
12 |
|
$this->unescapeGrantWildcards($dbname), |
|
108
|
12 |
|
) . '.' . Util::backquote($tablename); |
|
109
|
|
|
} |
|
110
|
|
|
|
|
111
|
|
|
/** |
|
112
|
|
|
* Add slashes before "_" and "%" characters for using them in MySQL |
|
113
|
|
|
* database, table and field names. |
|
114
|
|
|
* Note: This function does not escape backslashes! |
|
115
|
|
|
* |
|
116
|
|
|
* @param string $name the string to escape |
|
117
|
|
|
* |
|
118
|
|
|
* @return string the escaped string |
|
119
|
|
|
*/ |
|
120
|
36 |
|
public function escapeGrantWildcards(string $name): string |
|
121
|
|
|
{ |
|
122
|
36 |
|
return strtr($name, ['_' => '\\_', '%' => '\\%']); |
|
123
|
|
|
} |
|
124
|
|
|
|
|
125
|
|
|
/** |
|
126
|
|
|
* removes slashes before "_" and "%" characters |
|
127
|
|
|
* Note: This function does not unescape backslashes! |
|
128
|
|
|
* |
|
129
|
|
|
* @param string $name the string to escape |
|
130
|
|
|
* |
|
131
|
|
|
* @return string the escaped string |
|
132
|
|
|
*/ |
|
133
|
60 |
|
public function unescapeGrantWildcards(string $name): string |
|
134
|
|
|
{ |
|
135
|
60 |
|
return strtr($name, ['\\_' => '_', '\\%' => '%']); |
|
136
|
|
|
} |
|
137
|
|
|
|
|
138
|
|
|
/** |
|
139
|
|
|
* Generates a condition on the user name |
|
140
|
|
|
* |
|
141
|
|
|
* @param string|null $initial the user's initial |
|
142
|
|
|
* |
|
143
|
|
|
* @return string the generated condition |
|
144
|
|
|
*/ |
|
145
|
12 |
|
public function rangeOfUsers(string|null $initial = null): string |
|
146
|
|
|
{ |
|
147
|
12 |
|
if ($initial === null) { |
|
148
|
8 |
|
return ''; |
|
149
|
|
|
} |
|
150
|
|
|
|
|
151
|
8 |
|
if ($initial === '') { |
|
152
|
4 |
|
return "WHERE `User` = ''"; |
|
153
|
|
|
} |
|
154
|
|
|
|
|
155
|
8 |
|
$like = $this->dbi->escapeMysqlWildcards($initial) . '%'; |
|
156
|
|
|
|
|
157
|
|
|
// strtolower() is used because the User field |
|
158
|
|
|
// might be BINARY, so LIKE would be case sensitive |
|
159
|
8 |
|
return 'WHERE `User` LIKE ' |
|
160
|
8 |
|
. $this->dbi->quoteString($like) |
|
161
|
8 |
|
. ' OR `User` LIKE ' |
|
162
|
8 |
|
. $this->dbi->quoteString(mb_strtolower($like)); |
|
163
|
|
|
} |
|
164
|
|
|
|
|
165
|
|
|
/** |
|
166
|
|
|
* Parses privileges into an array, it modifies the array |
|
167
|
|
|
* |
|
168
|
|
|
* @param mixed[] $row Results row from |
|
169
|
|
|
*/ |
|
170
|
12 |
|
public function fillInTablePrivileges(array &$row): void |
|
171
|
|
|
{ |
|
172
|
12 |
|
$row1 = $this->dbi->fetchSingleRow('SHOW COLUMNS FROM `mysql`.`tables_priv` LIKE \'Table_priv\';'); |
|
173
|
|
|
// note: in MySQL 5.0.3 we get "Create View', 'Show view'; |
|
174
|
|
|
// the View for Create is spelled with uppercase V |
|
175
|
|
|
// the view for Show is spelled with lowercase v |
|
176
|
|
|
// and there is a space between the words |
|
177
|
|
|
|
|
178
|
12 |
|
$avGrants = explode( |
|
179
|
12 |
|
'\',\'', |
|
180
|
12 |
|
mb_substr( |
|
181
|
12 |
|
$row1['Type'], |
|
182
|
12 |
|
mb_strpos($row1['Type'], '(') + 2, |
|
183
|
12 |
|
mb_strpos($row1['Type'], ')') |
|
184
|
12 |
|
- mb_strpos($row1['Type'], '(') - 3, |
|
185
|
12 |
|
), |
|
186
|
12 |
|
); |
|
187
|
|
|
|
|
188
|
12 |
|
$usersGrants = explode(',', $row['Table_priv']); |
|
189
|
|
|
|
|
190
|
12 |
|
foreach ($avGrants as $currentGrant) { |
|
191
|
12 |
|
$row[$currentGrant . '_priv'] = in_array($currentGrant, $usersGrants, true) ? 'Y' : 'N'; |
|
192
|
|
|
} |
|
193
|
|
|
|
|
194
|
12 |
|
unset($row['Table_priv']); |
|
195
|
|
|
} |
|
196
|
|
|
|
|
197
|
|
|
/** |
|
198
|
|
|
* Extracts the privilege information of a priv table row |
|
199
|
|
|
* |
|
200
|
|
|
* @param mixed[]|null $row the row |
|
201
|
|
|
* @param bool $enableHTML add <dfn> tag with tooltips |
|
202
|
|
|
* @param bool $tablePrivs whether row contains table privileges |
|
203
|
|
|
* |
|
204
|
|
|
* @return string[] |
|
205
|
|
|
* |
|
206
|
|
|
* @global resource $user_link the database connection |
|
207
|
|
|
*/ |
|
208
|
48 |
|
public function extractPrivInfo(array|null $row = null, bool $enableHTML = false, bool $tablePrivs = false): array |
|
209
|
|
|
{ |
|
210
|
48 |
|
$grants = $tablePrivs ? $this->getTableGrantsArray() : $this->getGrantsArray(); |
|
211
|
|
|
|
|
212
|
48 |
|
if ($row !== null && isset($row['Table_priv'])) { |
|
213
|
|
|
$this->fillInTablePrivileges($row); |
|
214
|
|
|
} |
|
215
|
|
|
|
|
216
|
48 |
|
$privs = []; |
|
217
|
48 |
|
$allPrivileges = true; |
|
218
|
48 |
|
foreach ($grants as $currentGrant) { |
|
219
|
|
|
if ( |
|
220
|
48 |
|
($row === null || ! isset($row[$currentGrant[0]])) |
|
221
|
48 |
|
&& ($row !== null || ! isset($GLOBALS[$currentGrant[0]])) |
|
222
|
|
|
) { |
|
223
|
48 |
|
continue; |
|
224
|
|
|
} |
|
225
|
|
|
|
|
226
|
|
|
if ( |
|
227
|
4 |
|
($row !== null && $row[$currentGrant[0]] === 'Y') |
|
228
|
4 |
|
|| ($row === null |
|
229
|
4 |
|
&& ($GLOBALS[$currentGrant[0]] === 'Y' |
|
230
|
4 |
|
|| (is_array($GLOBALS[$currentGrant[0]]) |
|
231
|
4 |
|
&& count($GLOBALS[$currentGrant[0]]) == $_REQUEST['column_count'] |
|
232
|
4 |
|
&& empty($GLOBALS[$currentGrant[0] . '_none'])))) |
|
233
|
|
|
) { |
|
234
|
4 |
|
if ($enableHTML) { |
|
235
|
4 |
|
$privs[] = '<dfn title="' . $currentGrant[2] . '">' |
|
236
|
4 |
|
. $currentGrant[1] . '</dfn>'; |
|
237
|
|
|
} else { |
|
238
|
2 |
|
$privs[] = $currentGrant[1]; |
|
239
|
|
|
} |
|
240
|
|
|
} elseif ( |
|
241
|
4 |
|
! empty($GLOBALS[$currentGrant[0]]) |
|
242
|
4 |
|
&& is_array($GLOBALS[$currentGrant[0]]) |
|
243
|
4 |
|
&& empty($GLOBALS[$currentGrant[0] . '_none']) |
|
244
|
|
|
) { |
|
245
|
|
|
// Required for proper escaping of ` (backtick) in a column name |
|
246
|
|
|
$grantCols = array_map( |
|
247
|
|
|
Util::backquote(...), |
|
248
|
|
|
$GLOBALS[$currentGrant[0]], |
|
249
|
|
|
); |
|
250
|
|
|
|
|
251
|
|
|
if ($enableHTML) { |
|
252
|
|
|
$privs[] = '<dfn title="' . $currentGrant[2] . '">' |
|
253
|
|
|
. $currentGrant[1] . '</dfn>' |
|
254
|
|
|
. ' (' . implode(', ', $grantCols) . ')'; |
|
255
|
|
|
} else { |
|
256
|
|
|
$privs[] = $currentGrant[1] |
|
257
|
|
|
. ' (' . implode(', ', $grantCols) . ')'; |
|
258
|
|
|
} |
|
259
|
|
|
} else { |
|
260
|
4 |
|
$allPrivileges = false; |
|
261
|
|
|
} |
|
262
|
|
|
} |
|
263
|
|
|
|
|
264
|
48 |
|
if ($privs === []) { |
|
265
|
48 |
|
if ($enableHTML) { |
|
266
|
8 |
|
$privs[] = '<dfn title="' . __('No privileges.') . '">USAGE</dfn>'; |
|
267
|
|
|
} else { |
|
268
|
44 |
|
$privs[] = 'USAGE'; |
|
269
|
|
|
} |
|
270
|
4 |
|
} elseif ($allPrivileges && (! isset($_POST['grant_count']) || count($privs) == $_POST['grant_count'])) { |
|
271
|
4 |
|
if ($enableHTML) { |
|
272
|
4 |
|
$privs = ['<dfn title="' . __('Includes all privileges except GRANT.') . '">ALL PRIVILEGES</dfn>']; |
|
273
|
|
|
} else { |
|
274
|
|
|
$privs = ['ALL PRIVILEGES']; |
|
275
|
|
|
} |
|
276
|
|
|
} |
|
277
|
|
|
|
|
278
|
48 |
|
return $privs; |
|
279
|
|
|
} |
|
280
|
|
|
|
|
281
|
|
|
/** |
|
282
|
|
|
* Returns an array of table grants and their descriptions |
|
283
|
|
|
* |
|
284
|
|
|
* @return string[][] array of table grants |
|
285
|
|
|
*/ |
|
286
|
4 |
|
public function getTableGrantsArray(): array |
|
287
|
|
|
{ |
|
288
|
4 |
|
return [ |
|
289
|
4 |
|
['Delete', 'DELETE', __('Allows deleting data.')], |
|
290
|
4 |
|
['Create', 'CREATE', __('Allows creating new tables.')], |
|
291
|
4 |
|
['Drop', 'DROP', __('Allows dropping tables.')], |
|
292
|
4 |
|
['Index', 'INDEX', __('Allows creating and dropping indexes.')], |
|
293
|
4 |
|
['Alter', 'ALTER', __('Allows altering the structure of existing tables.')], |
|
294
|
4 |
|
['Create View', 'CREATE_VIEW', __('Allows creating new views.')], |
|
295
|
4 |
|
['Show view', 'SHOW_VIEW', __('Allows performing SHOW CREATE VIEW queries.')], |
|
296
|
4 |
|
['Trigger', 'TRIGGER', __('Allows creating and dropping triggers.')], |
|
297
|
4 |
|
]; |
|
298
|
|
|
} |
|
299
|
|
|
|
|
300
|
|
|
/** |
|
301
|
|
|
* Get the grants array which contains all the privilege types |
|
302
|
|
|
* and relevant grant messages |
|
303
|
|
|
* |
|
304
|
|
|
* @return string[][] |
|
305
|
|
|
*/ |
|
306
|
52 |
|
public function getGrantsArray(): array |
|
307
|
|
|
{ |
|
308
|
52 |
|
return [ |
|
309
|
52 |
|
['Select_priv', 'SELECT', __('Allows reading data.')], |
|
310
|
52 |
|
['Insert_priv', 'INSERT', __('Allows inserting and replacing data.')], |
|
311
|
52 |
|
['Update_priv', 'UPDATE', __('Allows changing data.')], |
|
312
|
52 |
|
['Delete_priv', 'DELETE', __('Allows deleting data.')], |
|
313
|
52 |
|
['Create_priv', 'CREATE', __('Allows creating new databases and tables.')], |
|
314
|
52 |
|
['Drop_priv', 'DROP', __('Allows dropping databases and tables.')], |
|
315
|
52 |
|
['Reload_priv', 'RELOAD', __('Allows reloading server settings and flushing the server\'s caches.')], |
|
316
|
52 |
|
['Shutdown_priv', 'SHUTDOWN', __('Allows shutting down the server.')], |
|
317
|
52 |
|
['Process_priv', 'PROCESS', __('Allows viewing processes of all users.')], |
|
318
|
52 |
|
['File_priv', 'FILE', __('Allows importing data from and exporting data into files.')], |
|
319
|
52 |
|
['References_priv', 'REFERENCES', __('Has no effect in this MySQL version.')], |
|
320
|
52 |
|
['Index_priv', 'INDEX', __('Allows creating and dropping indexes.')], |
|
321
|
52 |
|
['Alter_priv', 'ALTER', __('Allows altering the structure of existing tables.')], |
|
322
|
52 |
|
['Show_db_priv', 'SHOW DATABASES', __('Gives access to the complete list of databases.')], |
|
323
|
52 |
|
[ |
|
324
|
52 |
|
'Super_priv', |
|
325
|
52 |
|
'SUPER', |
|
326
|
52 |
|
__( |
|
327
|
52 |
|
'Allows connecting, even if maximum number of connections ' |
|
328
|
52 |
|
. 'is reached; required for most administrative operations ' |
|
329
|
52 |
|
. 'like setting global variables or killing threads of other users.', |
|
330
|
52 |
|
), |
|
331
|
52 |
|
], |
|
332
|
52 |
|
['Create_tmp_table_priv', 'CREATE TEMPORARY TABLES', __('Allows creating temporary tables.')], |
|
333
|
52 |
|
['Lock_tables_priv', 'LOCK TABLES', __('Allows locking tables for the current thread.')], |
|
334
|
52 |
|
['Repl_slave_priv', 'REPLICATION SLAVE', __('Needed for the replication replicas.')], |
|
335
|
52 |
|
[ |
|
336
|
52 |
|
'Repl_client_priv', |
|
337
|
52 |
|
'REPLICATION CLIENT', |
|
338
|
52 |
|
__('Allows the user to ask where the replicas / primaries are.'), |
|
339
|
52 |
|
], |
|
340
|
52 |
|
['Create_view_priv', 'CREATE VIEW', __('Allows creating new views.')], |
|
341
|
52 |
|
['Event_priv', 'EVENT', __('Allows to set up events for the event scheduler.')], |
|
342
|
52 |
|
['Trigger_priv', 'TRIGGER', __('Allows creating and dropping triggers.')], |
|
343
|
|
|
// for table privs: |
|
344
|
52 |
|
['Create View_priv', 'CREATE VIEW', __('Allows creating new views.')], |
|
345
|
52 |
|
['Show_view_priv', 'SHOW VIEW', __('Allows performing SHOW CREATE VIEW queries.')], |
|
346
|
|
|
// for table privs: |
|
347
|
52 |
|
['Show view_priv', 'SHOW VIEW', __('Allows performing SHOW CREATE VIEW queries.')], |
|
348
|
52 |
|
[ |
|
349
|
52 |
|
'Delete_history_priv', |
|
350
|
52 |
|
'DELETE HISTORY', |
|
351
|
|
|
// phpcs:ignore Generic.Files.LineLength.TooLong |
|
352
|
|
|
/* l10n: https://mariadb.com/kb/en/library/grant/#table-privileges "Remove historical rows from a table using the DELETE HISTORY statement" */ |
|
353
|
52 |
|
__('Allows deleting historical rows.'), |
|
354
|
52 |
|
], |
|
355
|
52 |
|
[ |
|
356
|
|
|
// This was finally removed in the following MariaDB versions |
|
357
|
|
|
// @see https://jira.mariadb.org/browse/MDEV-20382 |
|
358
|
52 |
|
'Delete versioning rows_priv', |
|
359
|
52 |
|
'DELETE HISTORY', |
|
360
|
|
|
// phpcs:ignore Generic.Files.LineLength.TooLong |
|
361
|
|
|
/* l10n: https://mariadb.com/kb/en/library/grant/#table-privileges "Remove historical rows from a table using the DELETE HISTORY statement" */ |
|
362
|
52 |
|
__('Allows deleting historical rows.'), |
|
363
|
52 |
|
], |
|
364
|
52 |
|
['Create_routine_priv', 'CREATE ROUTINE', __('Allows creating stored routines.')], |
|
365
|
52 |
|
['Alter_routine_priv', 'ALTER ROUTINE', __('Allows altering and dropping stored routines.')], |
|
366
|
52 |
|
['Create_user_priv', 'CREATE USER', __('Allows creating, dropping and renaming user accounts.')], |
|
367
|
52 |
|
['Execute_priv', 'EXECUTE', __('Allows executing stored routines.')], |
|
368
|
52 |
|
]; |
|
369
|
|
|
} |
|
370
|
|
|
|
|
371
|
|
|
/** |
|
372
|
|
|
* Get sql query for display privileges table |
|
373
|
|
|
* |
|
374
|
|
|
* @param string $db the database |
|
375
|
|
|
* @param string $table the table |
|
376
|
|
|
* @param string $username username for database connection |
|
377
|
|
|
* @param string $hostname hostname for database connection |
|
378
|
|
|
* |
|
379
|
|
|
* @return string sql query |
|
380
|
|
|
*/ |
|
381
|
16 |
|
public function getSqlQueryForDisplayPrivTable( |
|
382
|
|
|
string $db, |
|
383
|
|
|
string $table, |
|
384
|
|
|
string $username, |
|
385
|
|
|
string $hostname, |
|
386
|
|
|
): string { |
|
387
|
16 |
|
if ($db === '*') { |
|
388
|
8 |
|
return 'SELECT * FROM `mysql`.`user`' |
|
389
|
8 |
|
. $this->getUserHostCondition($username, $hostname) . ';'; |
|
390
|
|
|
} |
|
391
|
|
|
|
|
392
|
12 |
|
if ($table === '*') { |
|
393
|
4 |
|
return 'SELECT * FROM `mysql`.`db`' |
|
394
|
4 |
|
. $this->getUserHostCondition($username, $hostname) |
|
395
|
4 |
|
. ' AND `Db` = ' . $this->dbi->quoteString($db); |
|
396
|
|
|
} |
|
397
|
|
|
|
|
398
|
12 |
|
return 'SELECT `Table_priv`' |
|
399
|
12 |
|
. ' FROM `mysql`.`tables_priv`' |
|
400
|
12 |
|
. $this->getUserHostCondition($username, $hostname) |
|
401
|
12 |
|
. ' AND `Db` = ' . $this->dbi->quoteString($this->unescapeGrantWildcards($db)) |
|
402
|
12 |
|
. ' AND `Table_name` = ' . $this->dbi->quoteString($table) . ';'; |
|
403
|
|
|
} |
|
404
|
|
|
|
|
405
|
|
|
/** |
|
406
|
|
|
* Sets the user group from request values |
|
407
|
|
|
* |
|
408
|
|
|
* @param string $username username |
|
409
|
|
|
* @param string $userGroup user group to set |
|
410
|
|
|
*/ |
|
411
|
8 |
|
public function setUserGroup(string $username, string $userGroup): void |
|
412
|
|
|
{ |
|
413
|
8 |
|
$configurableMenusFeature = $this->relation->getRelationParameters()->configurableMenusFeature; |
|
414
|
8 |
|
if ($configurableMenusFeature === null) { |
|
415
|
8 |
|
return; |
|
416
|
|
|
} |
|
417
|
|
|
|
|
418
|
|
|
$userTable = Util::backquote($configurableMenusFeature->database) |
|
419
|
|
|
. '.' . Util::backquote($configurableMenusFeature->users); |
|
420
|
|
|
|
|
421
|
|
|
$sqlQuery = 'SELECT `usergroup` FROM ' . $userTable |
|
422
|
|
|
. ' WHERE `username` = ' . $this->dbi->quoteString($username, ConnectionType::ControlUser); |
|
423
|
|
|
$oldUserGroup = $this->dbi->fetchValue($sqlQuery, 0, ConnectionType::ControlUser); |
|
424
|
|
|
|
|
425
|
|
|
if ($oldUserGroup === false) { |
|
426
|
|
|
$updQuery = 'INSERT INTO ' . $userTable . '(`username`, `usergroup`)' |
|
427
|
|
|
. ' VALUES (' . $this->dbi->quoteString($username, ConnectionType::ControlUser) . ', ' |
|
428
|
|
|
. $this->dbi->quoteString($userGroup, ConnectionType::ControlUser) . ')'; |
|
429
|
|
|
} elseif ($userGroup === '') { |
|
430
|
|
|
$updQuery = 'DELETE FROM ' . $userTable |
|
431
|
|
|
. ' WHERE `username`=' . $this->dbi->quoteString($username, ConnectionType::ControlUser); |
|
432
|
|
|
} elseif ($oldUserGroup != $userGroup) { |
|
433
|
|
|
$updQuery = 'UPDATE ' . $userTable |
|
434
|
|
|
. ' SET `usergroup`=' . $this->dbi->quoteString($userGroup, ConnectionType::ControlUser) |
|
435
|
|
|
. ' WHERE `username`=' . $this->dbi->quoteString($username, ConnectionType::ControlUser); |
|
436
|
|
|
} else { |
|
437
|
|
|
return; |
|
438
|
|
|
} |
|
439
|
|
|
|
|
440
|
|
|
$this->dbi->queryAsControlUser($updQuery); |
|
441
|
|
|
} |
|
442
|
|
|
|
|
443
|
|
|
/** |
|
444
|
|
|
* Displays the privileges form table |
|
445
|
|
|
* |
|
446
|
|
|
* @param string $db the database |
|
447
|
|
|
* @param string $table the table |
|
448
|
|
|
* @param bool $submit whether to display the submit button or not |
|
449
|
|
|
* |
|
450
|
|
|
* @return string html snippet |
|
451
|
|
|
* |
|
452
|
|
|
* @global array $cfg the phpMyAdmin configuration |
|
453
|
|
|
* @global resource $user_link the database connection |
|
454
|
|
|
*/ |
|
455
|
20 |
|
public function getHtmlToDisplayPrivilegesTable( |
|
456
|
|
|
string $db = '*', |
|
457
|
|
|
string $table = '*', |
|
458
|
|
|
bool $submit = true, |
|
459
|
|
|
): string { |
|
460
|
20 |
|
if ($db === '*') { |
|
461
|
8 |
|
$table = '*'; |
|
462
|
|
|
} |
|
463
|
|
|
|
|
464
|
20 |
|
$username = ''; |
|
465
|
20 |
|
$hostname = ''; |
|
466
|
20 |
|
$row = []; |
|
467
|
20 |
|
if (isset($GLOBALS['username'])) { |
|
468
|
12 |
|
$username = $GLOBALS['username']; |
|
469
|
12 |
|
$hostname = $GLOBALS['hostname']; |
|
470
|
12 |
|
$sqlQuery = $this->getSqlQueryForDisplayPrivTable($db, $table, $username, $hostname); |
|
471
|
12 |
|
$row = $this->dbi->fetchSingleRow($sqlQuery); |
|
472
|
|
|
} |
|
473
|
|
|
|
|
474
|
20 |
|
if ($row === null || $row === []) { |
|
475
|
12 |
|
if ($table === '*' && $this->dbi->isSuperUser()) { |
|
476
|
|
|
$row = []; |
|
477
|
|
|
$sqlQuery = 'SHOW COLUMNS FROM `mysql`.' . ($db === '*' ? '`user`' : '`db`') . ';'; |
|
478
|
|
|
|
|
479
|
|
|
$res = $this->dbi->query($sqlQuery); |
|
480
|
|
|
while ($row1 = $res->fetchRow()) { |
|
481
|
|
|
if (str_starts_with($row1[0], 'max_')) { |
|
|
|
|
|
|
482
|
|
|
$row[$row1[0]] = 0; |
|
483
|
|
|
} elseif (str_starts_with($row1[0], 'x509_') || str_starts_with($row1[0], 'ssl_')) { |
|
484
|
|
|
$row[$row1[0]] = ''; |
|
485
|
|
|
} else { |
|
486
|
|
|
$row[$row1[0]] = 'N'; |
|
487
|
|
|
} |
|
488
|
|
|
} |
|
489
|
12 |
|
} elseif ($table === '*') { |
|
490
|
4 |
|
$row = []; |
|
491
|
|
|
} else { |
|
492
|
8 |
|
$row = ['Table_priv' => '']; |
|
493
|
|
|
} |
|
494
|
|
|
} |
|
495
|
|
|
|
|
496
|
20 |
|
$columns = []; |
|
497
|
20 |
|
if (isset($row['Table_priv'])) { |
|
498
|
12 |
|
$this->fillInTablePrivileges($row); |
|
499
|
|
|
|
|
500
|
|
|
// get columns |
|
501
|
12 |
|
$res = $this->dbi->tryQuery( |
|
502
|
12 |
|
'SHOW COLUMNS FROM ' |
|
503
|
12 |
|
. Util::backquote( |
|
504
|
12 |
|
$this->unescapeGrantWildcards($db), |
|
505
|
12 |
|
) |
|
506
|
12 |
|
. '.' . Util::backquote($table) . ';', |
|
507
|
12 |
|
); |
|
508
|
12 |
|
if ($res) { |
|
509
|
12 |
|
while ($row1 = $res->fetchRow()) { |
|
510
|
8 |
|
$columns[$row1[0]] = [ |
|
511
|
8 |
|
'Select' => false, |
|
512
|
8 |
|
'Insert' => false, |
|
513
|
8 |
|
'Update' => false, |
|
514
|
8 |
|
'References' => false, |
|
515
|
8 |
|
]; |
|
516
|
|
|
} |
|
517
|
|
|
} |
|
518
|
|
|
} |
|
519
|
|
|
|
|
520
|
20 |
|
if ($columns !== []) { |
|
521
|
8 |
|
$res = $this->dbi->query( |
|
522
|
8 |
|
'SELECT `Column_name`, `Column_priv`' |
|
523
|
8 |
|
. ' FROM `mysql`.`columns_priv`' |
|
524
|
8 |
|
. $this->getUserHostCondition($username, $hostname) |
|
525
|
8 |
|
. ' AND `Db` = ' . $this->dbi->quoteString($this->unescapeGrantWildcards($db)) |
|
526
|
8 |
|
. ' AND `Table_name` = ' . $this->dbi->quoteString($table) . ';', |
|
527
|
8 |
|
); |
|
528
|
|
|
|
|
529
|
8 |
|
while ($row1 = $res->fetchRow()) { |
|
530
|
4 |
|
$row1[1] = explode(',', $row1[1]); |
|
|
|
|
|
|
531
|
4 |
|
foreach ($row1[1] as $current) { |
|
532
|
4 |
|
$columns[$row1[0]][$current] = true; |
|
533
|
|
|
} |
|
534
|
|
|
} |
|
535
|
|
|
} |
|
536
|
|
|
|
|
537
|
20 |
|
return $this->template->render('server/privileges/privileges_table', [ |
|
538
|
20 |
|
'is_global' => $db === '*', |
|
539
|
20 |
|
'is_database' => $table === '*', |
|
540
|
20 |
|
'row' => $row, |
|
541
|
20 |
|
'columns' => $columns, |
|
542
|
20 |
|
'has_submit' => $submit, |
|
543
|
20 |
|
'supports_references_privilege' => Compatibility::supportsReferencesPrivilege($this->dbi), |
|
544
|
20 |
|
'is_mariadb' => $this->dbi->isMariaDB(), |
|
545
|
20 |
|
]); |
|
546
|
|
|
} |
|
547
|
|
|
|
|
548
|
|
|
/** |
|
549
|
|
|
* Get the HTML snippet for routine specific privileges |
|
550
|
|
|
* |
|
551
|
|
|
* @param string $username username for database connection |
|
552
|
|
|
* @param string $hostname hostname for database connection |
|
553
|
|
|
* @param string $db the database |
|
554
|
|
|
* @param string $routine the routine |
|
555
|
|
|
* @param string $urlDbname url encoded db name |
|
556
|
|
|
*/ |
|
557
|
|
|
public function getHtmlForRoutineSpecificPrivileges( |
|
558
|
|
|
string $username, |
|
559
|
|
|
string $hostname, |
|
560
|
|
|
string $db, |
|
561
|
|
|
string $routine, |
|
562
|
|
|
string $urlDbname, |
|
563
|
|
|
): string { |
|
564
|
|
|
$privileges = $this->getRoutinePrivileges($username, $hostname, $db, $routine); |
|
565
|
|
|
|
|
566
|
|
|
return $this->template->render('server/privileges/edit_routine_privileges', [ |
|
567
|
|
|
'username' => $username, |
|
568
|
|
|
'hostname' => $hostname, |
|
569
|
|
|
'database' => $db, |
|
570
|
|
|
'routine' => $routine, |
|
571
|
|
|
'privileges' => $privileges, |
|
572
|
|
|
'dbname' => $urlDbname, |
|
573
|
|
|
'current_user' => $this->dbi->getCurrentUser(), |
|
574
|
|
|
]); |
|
575
|
|
|
} |
|
576
|
|
|
|
|
577
|
|
|
/** |
|
578
|
|
|
* Displays the fields used by the "new user" form as well as the |
|
579
|
|
|
* "change login information / copy user" form. |
|
580
|
|
|
* |
|
581
|
|
|
* @param string|null $user User name |
|
582
|
|
|
* @param string|null $host Host name |
|
583
|
|
|
* |
|
584
|
|
|
* @return string a HTML snippet |
|
585
|
|
|
*/ |
|
586
|
8 |
|
public function getHtmlForLoginInformationFields( |
|
587
|
|
|
string|null $user = null, |
|
588
|
|
|
string|null $host = null, |
|
589
|
|
|
): string { |
|
590
|
8 |
|
$GLOBALS['pred_username'] ??= null; |
|
591
|
8 |
|
$GLOBALS['pred_hostname'] ??= null; |
|
592
|
8 |
|
$GLOBALS['username'] ??= null; |
|
593
|
8 |
|
$GLOBALS['hostname'] ??= null; |
|
594
|
8 |
|
$GLOBALS['new_username'] ??= null; |
|
595
|
|
|
|
|
596
|
8 |
|
[$usernameLength, $hostnameLength] = $this->getUsernameAndHostnameLength(); |
|
597
|
|
|
|
|
598
|
8 |
|
if (isset($GLOBALS['username']) && $GLOBALS['username'] === '') { |
|
599
|
|
|
$GLOBALS['pred_username'] = 'any'; |
|
600
|
|
|
} |
|
601
|
|
|
|
|
602
|
8 |
|
$currentUser = (string) $this->dbi->fetchValue('SELECT USER();'); |
|
603
|
8 |
|
$thisHost = null; |
|
604
|
8 |
|
if ($currentUser !== '') { |
|
605
|
|
|
$thisHost = str_replace( |
|
606
|
|
|
'\'', |
|
607
|
|
|
'', |
|
608
|
|
|
mb_substr( |
|
609
|
|
|
$currentUser, |
|
610
|
|
|
mb_strrpos($currentUser, '@') + 1, |
|
611
|
|
|
), |
|
612
|
|
|
); |
|
613
|
|
|
} |
|
614
|
|
|
|
|
615
|
8 |
|
if (! isset($GLOBALS['pred_hostname']) && isset($GLOBALS['hostname'])) { |
|
616
|
|
|
$GLOBALS['pred_hostname'] = match (mb_strtolower($GLOBALS['hostname'])) { |
|
617
|
|
|
'localhost', '127.0.0.1' => 'localhost', |
|
618
|
|
|
'%' => 'any', |
|
619
|
|
|
default => 'userdefined', |
|
620
|
|
|
}; |
|
621
|
|
|
} |
|
622
|
|
|
|
|
623
|
8 |
|
$serverVersion = $this->dbi->getVersion(); |
|
624
|
8 |
|
if ($user !== null && $host !== null) { |
|
625
|
|
|
$authPlugin = $this->getCurrentAuthenticationPlugin($user, $host); |
|
626
|
|
|
} else { |
|
627
|
8 |
|
$authPlugin = $this->getDefaultAuthenticationPlugin(); |
|
628
|
|
|
} |
|
629
|
|
|
|
|
630
|
8 |
|
$isNew = (Compatibility::isMySqlOrPerconaDb() && $serverVersion >= 50507) |
|
631
|
8 |
|
|| (Compatibility::isMariaDb() && $serverVersion >= 50200); |
|
632
|
|
|
|
|
633
|
8 |
|
$activeAuthPlugins = ['mysql_native_password' => __('Native MySQL authentication')]; |
|
634
|
8 |
|
if ($isNew) { |
|
635
|
|
|
$activeAuthPlugins = $this->plugins->getAuthentication(); |
|
636
|
|
|
if (isset($activeAuthPlugins['mysql_old_password'])) { |
|
637
|
|
|
unset($activeAuthPlugins['mysql_old_password']); |
|
638
|
|
|
} |
|
639
|
|
|
} |
|
640
|
|
|
|
|
641
|
8 |
|
return $this->template->render('server/privileges/login_information_fields', [ |
|
642
|
8 |
|
'pred_username' => $GLOBALS['pred_username'] ?? null, |
|
643
|
8 |
|
'pred_hostname' => $GLOBALS['pred_hostname'] ?? null, |
|
644
|
8 |
|
'username_length' => $usernameLength, |
|
645
|
8 |
|
'hostname_length' => $hostnameLength, |
|
646
|
8 |
|
'username' => $GLOBALS['username'] ?? null, |
|
647
|
8 |
|
'new_username' => $GLOBALS['new_username'] ?? null, |
|
648
|
8 |
|
'hostname' => $GLOBALS['hostname'] ?? null, |
|
649
|
8 |
|
'this_host' => $thisHost, |
|
650
|
8 |
|
'is_change' => $user !== null && $host !== null, |
|
651
|
8 |
|
'auth_plugin' => $authPlugin, |
|
652
|
8 |
|
'active_auth_plugins' => $activeAuthPlugins, |
|
653
|
8 |
|
'is_new' => $isNew, |
|
654
|
8 |
|
]); |
|
655
|
|
|
} |
|
656
|
|
|
|
|
657
|
|
|
/** |
|
658
|
|
|
* Get username and hostname length |
|
659
|
|
|
* |
|
660
|
|
|
* @return mixed[] username length and hostname length |
|
661
|
|
|
*/ |
|
662
|
8 |
|
public function getUsernameAndHostnameLength(): array |
|
663
|
|
|
{ |
|
664
|
|
|
/* Fallback values */ |
|
665
|
8 |
|
$usernameLength = 16; |
|
666
|
8 |
|
$hostnameLength = 41; |
|
667
|
|
|
|
|
668
|
|
|
/* Try to get real lengths from the database */ |
|
669
|
8 |
|
$fieldsInfo = $this->dbi->fetchResult( |
|
670
|
8 |
|
'SELECT COLUMN_NAME, CHARACTER_MAXIMUM_LENGTH ' |
|
671
|
8 |
|
. 'FROM information_schema.columns ' |
|
672
|
8 |
|
. "WHERE table_schema = 'mysql' AND table_name = 'user' " |
|
673
|
8 |
|
. "AND COLUMN_NAME IN ('User', 'Host')", |
|
674
|
8 |
|
); |
|
675
|
8 |
|
foreach ($fieldsInfo as $val) { |
|
676
|
8 |
|
if ($val['COLUMN_NAME'] === 'User') { |
|
677
|
8 |
|
$usernameLength = $val['CHARACTER_MAXIMUM_LENGTH']; |
|
678
|
8 |
|
} elseif ($val['COLUMN_NAME'] === 'Host') { |
|
679
|
8 |
|
$hostnameLength = $val['CHARACTER_MAXIMUM_LENGTH']; |
|
680
|
|
|
} |
|
681
|
|
|
} |
|
682
|
|
|
|
|
683
|
8 |
|
return [$usernameLength, $hostnameLength]; |
|
684
|
|
|
} |
|
685
|
|
|
|
|
686
|
|
|
/** |
|
687
|
|
|
* Get current authentication plugin in use for a user |
|
688
|
|
|
* |
|
689
|
|
|
* @param string $username User name |
|
690
|
|
|
* @param string $hostname Host name |
|
691
|
|
|
* |
|
692
|
|
|
* @return string authentication plugin in use |
|
693
|
|
|
*/ |
|
694
|
4 |
|
public function getCurrentAuthenticationPlugin( |
|
695
|
|
|
string $username, |
|
696
|
|
|
string $hostname, |
|
697
|
|
|
): string { |
|
698
|
4 |
|
$plugin = $this->dbi->fetchValue( |
|
699
|
4 |
|
'SELECT `plugin` FROM `mysql`.`user`' . $this->getUserHostCondition($username, $hostname) . ' LIMIT 1', |
|
700
|
4 |
|
); |
|
701
|
|
|
|
|
702
|
|
|
// Table 'mysql'.'user' may not exist for some previous |
|
703
|
|
|
// versions of MySQL - in that case consider fallback value |
|
704
|
4 |
|
return is_string($plugin) ? $plugin : 'mysql_native_password'; |
|
705
|
|
|
} |
|
706
|
|
|
|
|
707
|
|
|
/** |
|
708
|
|
|
* Get the default authentication plugin |
|
709
|
|
|
* |
|
710
|
|
|
* @return string|null authentication plugin |
|
711
|
|
|
*/ |
|
712
|
8 |
|
public function getDefaultAuthenticationPlugin(): string|null |
|
713
|
|
|
{ |
|
714
|
8 |
|
if ($this->dbi->getVersion() >= 50702) { |
|
715
|
|
|
$plugin = $this->dbi->fetchValue('SELECT @@default_authentication_plugin'); |
|
716
|
|
|
|
|
717
|
|
|
return is_string($plugin) ? $plugin : null; |
|
718
|
|
|
} |
|
719
|
|
|
|
|
720
|
|
|
/* Fallback (standard) value */ |
|
721
|
8 |
|
return 'mysql_native_password'; |
|
722
|
|
|
} |
|
723
|
|
|
|
|
724
|
|
|
/** |
|
725
|
|
|
* Returns all the grants for a certain user on a certain host |
|
726
|
|
|
* Used in the export privileges for all users section |
|
727
|
|
|
* |
|
728
|
|
|
* @param string $user User name |
|
729
|
|
|
* @param string $host Host name |
|
730
|
|
|
* |
|
731
|
|
|
* @return string containing all the grants text |
|
732
|
|
|
*/ |
|
733
|
4 |
|
public function getGrants(string $user, string $host): string |
|
734
|
|
|
{ |
|
735
|
4 |
|
$grants = $this->dbi->fetchResult( |
|
736
|
4 |
|
'SHOW GRANTS FOR ' |
|
737
|
4 |
|
. $this->dbi->quoteString($user) . '@' |
|
738
|
4 |
|
. $this->dbi->quoteString($host), |
|
739
|
4 |
|
); |
|
740
|
4 |
|
$response = ''; |
|
741
|
4 |
|
foreach ($grants as $oneGrant) { |
|
742
|
4 |
|
$response .= $oneGrant . ";\n\n"; |
|
743
|
|
|
} |
|
744
|
|
|
|
|
745
|
4 |
|
return $response; |
|
746
|
|
|
} |
|
747
|
|
|
|
|
748
|
|
|
/** |
|
749
|
|
|
* Update password and get message for password updating |
|
750
|
|
|
* |
|
751
|
|
|
* @param string $errorUrl error url |
|
752
|
|
|
* @param string $username username |
|
753
|
|
|
* @param string $hostname hostname |
|
754
|
|
|
* |
|
755
|
|
|
* @return Message success or error message after updating password |
|
756
|
|
|
*/ |
|
757
|
4 |
|
public function updatePassword(string $errorUrl, string $username, string $hostname): Message |
|
758
|
|
|
{ |
|
759
|
|
|
// similar logic in /user-password |
|
760
|
4 |
|
$message = null; |
|
761
|
|
|
|
|
762
|
4 |
|
if (isset($_POST['pma_pw'], $_POST['pma_pw2']) && empty($_POST['nopass'])) { |
|
763
|
|
|
if ($_POST['pma_pw'] != $_POST['pma_pw2']) { |
|
764
|
|
|
$message = Message::error(__('The passwords aren\'t the same!')); |
|
765
|
|
|
} elseif (empty($_POST['pma_pw']) || empty($_POST['pma_pw2'])) { |
|
766
|
|
|
$message = Message::error(__('The password is empty!')); |
|
767
|
|
|
} |
|
768
|
|
|
} |
|
769
|
|
|
|
|
770
|
|
|
// here $nopass could be == 1 |
|
771
|
4 |
|
if ($message === null) { |
|
772
|
4 |
|
$hashingFunction = 'PASSWORD'; |
|
773
|
4 |
|
$serverVersion = $this->dbi->getVersion(); |
|
774
|
4 |
|
$authenticationPlugin = $_POST['authentication_plugin'] ?? $this->getCurrentAuthenticationPlugin( |
|
775
|
4 |
|
$username, |
|
776
|
4 |
|
$hostname, |
|
777
|
4 |
|
); |
|
778
|
|
|
|
|
779
|
|
|
// Use 'ALTER USER ...' syntax for MySQL 5.7.6+ |
|
780
|
4 |
|
if (Compatibility::isMySqlOrPerconaDb() && $serverVersion >= 50706) { |
|
781
|
4 |
|
if ($authenticationPlugin !== 'mysql_old_password') { |
|
782
|
4 |
|
$queryPrefix = 'ALTER USER ' |
|
783
|
4 |
|
. $this->dbi->quoteString($username) |
|
784
|
4 |
|
. '@' . $this->dbi->quoteString($hostname) |
|
785
|
4 |
|
. ' IDENTIFIED WITH ' |
|
786
|
4 |
|
. $authenticationPlugin |
|
787
|
4 |
|
. ' BY '; |
|
788
|
|
|
} else { |
|
789
|
|
|
$queryPrefix = 'ALTER USER ' |
|
790
|
|
|
. $this->dbi->quoteString($username) |
|
791
|
|
|
. '@' . $this->dbi->quoteString($hostname) |
|
792
|
|
|
. ' IDENTIFIED BY '; |
|
793
|
|
|
} |
|
794
|
|
|
|
|
795
|
|
|
// in $sql_query which will be displayed, hide the password |
|
796
|
4 |
|
$sqlQuery = $queryPrefix . "'*'"; |
|
797
|
|
|
|
|
798
|
4 |
|
$localQuery = $queryPrefix . $this->dbi->quoteString($_POST['pma_pw']); |
|
799
|
|
|
} elseif (Compatibility::isMariaDb() && $serverVersion >= 10000) { |
|
800
|
|
|
// MariaDB uses "SET PASSWORD" syntax to change user password. |
|
801
|
|
|
// On Galera cluster only DDL queries are replicated, since |
|
802
|
|
|
// users are stored in MyISAM storage engine. |
|
803
|
|
|
$sqlQuery = $localQuery = 'SET PASSWORD FOR ' |
|
804
|
|
|
. $this->dbi->quoteString($username) |
|
805
|
|
|
. '@' . $this->dbi->quoteString($hostname) |
|
806
|
|
|
. ' = PASSWORD (' . $this->dbi->quoteString($_POST['pma_pw']) . ')'; |
|
807
|
|
|
} elseif (Compatibility::isMariaDb() && $serverVersion >= 50200 && $this->dbi->isSuperUser()) { |
|
808
|
|
|
// Use 'UPDATE `mysql`.`user` ...' Syntax for MariaDB 5.2+ |
|
809
|
|
|
if ($authenticationPlugin === 'mysql_native_password') { |
|
810
|
|
|
// Set the hashing method used by PASSWORD() |
|
811
|
|
|
// to be 'mysql_native_password' type |
|
812
|
|
|
$this->dbi->tryQuery('SET old_passwords = 0;'); |
|
813
|
|
|
} elseif ($authenticationPlugin === 'sha256_password') { |
|
814
|
|
|
// Set the hashing method used by PASSWORD() |
|
815
|
|
|
// to be 'sha256_password' type |
|
816
|
|
|
$this->dbi->tryQuery('SET `old_passwords` = 2;'); |
|
817
|
|
|
} |
|
818
|
|
|
|
|
819
|
|
|
$hashedPassword = $this->getHashedPassword($_POST['pma_pw']); |
|
820
|
|
|
|
|
821
|
|
|
$sqlQuery = 'SET PASSWORD FOR ' |
|
822
|
|
|
. $this->dbi->quoteString($username) |
|
823
|
|
|
. '@' . $this->dbi->quoteString($hostname) . ' = ' |
|
824
|
|
|
. ($_POST['pma_pw'] == '' |
|
825
|
|
|
? '\'\'' |
|
826
|
|
|
: $hashingFunction . '(\'' |
|
827
|
|
|
. preg_replace('@.@s', '*', $_POST['pma_pw']) . '\')'); |
|
828
|
|
|
|
|
829
|
|
|
$localQuery = 'UPDATE `mysql`.`user` SET ' |
|
830
|
|
|
. " `authentication_string` = '" . $hashedPassword |
|
831
|
|
|
. "', `Password` = '', " |
|
832
|
|
|
. " `plugin` = '" . $authenticationPlugin . "'" |
|
833
|
|
|
. $this->getUserHostCondition($username, $hostname) . ';'; |
|
834
|
|
|
} else { |
|
835
|
|
|
// USE 'SET PASSWORD ...' syntax for rest of the versions |
|
836
|
|
|
// Backup the old value, to be reset later |
|
837
|
|
|
$row = $this->dbi->fetchSingleRow('SELECT @@old_passwords;'); |
|
838
|
|
|
$origValue = $row['@@old_passwords']; |
|
839
|
|
|
$updatePluginQuery = 'UPDATE `mysql`.`user` SET' |
|
840
|
|
|
. " `plugin` = '" . $authenticationPlugin . "'" |
|
841
|
|
|
. $this->getUserHostCondition($username, $hostname) . ';'; |
|
842
|
|
|
|
|
843
|
|
|
// Update the plugin for the user |
|
844
|
|
|
if (! $this->dbi->tryQuery($updatePluginQuery)) { |
|
845
|
|
|
Generator::mysqlDie( |
|
846
|
|
|
$this->dbi->getError(), |
|
847
|
|
|
$updatePluginQuery, |
|
848
|
|
|
false, |
|
849
|
|
|
$errorUrl, |
|
850
|
|
|
); |
|
851
|
|
|
} |
|
852
|
|
|
|
|
853
|
|
|
$this->dbi->tryQuery('FLUSH PRIVILEGES;'); |
|
854
|
|
|
|
|
855
|
|
|
if ($authenticationPlugin === 'mysql_native_password') { |
|
856
|
|
|
// Set the hashing method used by PASSWORD() |
|
857
|
|
|
// to be 'mysql_native_password' type |
|
858
|
|
|
$this->dbi->tryQuery('SET old_passwords = 0;'); |
|
859
|
|
|
} elseif ($authenticationPlugin === 'sha256_password') { |
|
860
|
|
|
// Set the hashing method used by PASSWORD() |
|
861
|
|
|
// to be 'sha256_password' type |
|
862
|
|
|
$this->dbi->tryQuery('SET `old_passwords` = 2;'); |
|
863
|
|
|
} |
|
864
|
|
|
|
|
865
|
|
|
$sqlQuery = 'SET PASSWORD FOR ' |
|
866
|
|
|
. $this->dbi->quoteString($username) |
|
867
|
|
|
. '@' . $this->dbi->quoteString($hostname) . ' = ' |
|
868
|
|
|
. ($_POST['pma_pw'] == '' |
|
869
|
|
|
? '\'\'' |
|
870
|
|
|
: $hashingFunction . '(\'' |
|
871
|
|
|
. preg_replace('@.@s', '*', $_POST['pma_pw']) . '\')'); |
|
872
|
|
|
|
|
873
|
|
|
$localQuery = 'SET PASSWORD FOR ' |
|
874
|
|
|
. $this->dbi->quoteString($username) |
|
875
|
|
|
. '@' . $this->dbi->quoteString($hostname) . ' = ' |
|
876
|
|
|
. ($_POST['pma_pw'] == '' ? '\'\'' : $hashingFunction |
|
877
|
|
|
. '(' . $this->dbi->quoteString($_POST['pma_pw']) . ')'); |
|
878
|
|
|
} |
|
879
|
|
|
|
|
880
|
4 |
|
if (! $this->dbi->tryQuery($localQuery)) { |
|
881
|
|
|
Generator::mysqlDie( |
|
882
|
|
|
$this->dbi->getError(), |
|
883
|
|
|
$sqlQuery, |
|
884
|
|
|
false, |
|
885
|
|
|
$errorUrl, |
|
886
|
|
|
); |
|
887
|
|
|
} |
|
888
|
|
|
|
|
889
|
|
|
// Flush privileges after successful password change |
|
890
|
4 |
|
$this->dbi->tryQuery('FLUSH PRIVILEGES;'); |
|
891
|
|
|
|
|
892
|
4 |
|
$message = Message::success( |
|
893
|
4 |
|
__('The password for %s was changed successfully.'), |
|
894
|
4 |
|
); |
|
895
|
4 |
|
$message->addParam('\'' . $username . '\'@\'' . $hostname . '\''); |
|
896
|
4 |
|
if (isset($origValue)) { |
|
897
|
|
|
$this->dbi->tryQuery('SET `old_passwords` = ' . $origValue . ';'); |
|
898
|
|
|
} |
|
899
|
|
|
} |
|
900
|
|
|
|
|
901
|
4 |
|
return $message; |
|
902
|
|
|
} |
|
903
|
|
|
|
|
904
|
|
|
/** |
|
905
|
|
|
* Revokes privileges and get message and SQL query for privileges revokes |
|
906
|
|
|
* |
|
907
|
|
|
* @param string $dbname database name |
|
908
|
|
|
* @param string $tablename table name |
|
909
|
|
|
* @param string $username username |
|
910
|
|
|
* @param string $hostname host name |
|
911
|
|
|
* @param string $itemType item type |
|
912
|
|
|
* |
|
913
|
|
|
* @return array{Message, string} ($message, $sql_query) |
|
|
|
|
|
|
914
|
|
|
*/ |
|
915
|
4 |
|
public function getMessageAndSqlQueryForPrivilegesRevoke( |
|
916
|
|
|
string $dbname, |
|
917
|
|
|
string $tablename, |
|
918
|
|
|
string $username, |
|
919
|
|
|
string $hostname, |
|
920
|
|
|
string $itemType, |
|
921
|
|
|
): array { |
|
922
|
4 |
|
$dbAndTable = $this->wildcardEscapeForGrant($dbname, $tablename); |
|
923
|
|
|
|
|
924
|
4 |
|
$sqlQuery0 = 'REVOKE ALL PRIVILEGES ON ' . $itemType . ' ' . $dbAndTable |
|
925
|
4 |
|
. ' FROM ' |
|
926
|
4 |
|
. $this->dbi->quoteString($username) . '@' |
|
927
|
4 |
|
. $this->dbi->quoteString($hostname) . ';'; |
|
928
|
|
|
|
|
929
|
4 |
|
$sqlQuery1 = 'REVOKE GRANT OPTION ON ' . $itemType . ' ' . $dbAndTable |
|
930
|
4 |
|
. ' FROM ' . $this->dbi->quoteString($username) . '@' |
|
931
|
4 |
|
. $this->dbi->quoteString($hostname) . ';'; |
|
932
|
|
|
|
|
933
|
4 |
|
$this->dbi->query($sqlQuery0); |
|
934
|
4 |
|
if (! $this->dbi->tryQuery($sqlQuery1)) { |
|
935
|
|
|
// this one may fail, too... |
|
936
|
|
|
$sqlQuery1 = ''; |
|
937
|
|
|
} |
|
938
|
|
|
|
|
939
|
4 |
|
$sqlQuery = $sqlQuery0 . ' ' . $sqlQuery1; |
|
940
|
4 |
|
$message = Message::success( |
|
941
|
4 |
|
__('You have revoked the privileges for %s.'), |
|
942
|
4 |
|
); |
|
943
|
4 |
|
$message->addParam('\'' . $username . '\'@\'' . $hostname . '\''); |
|
944
|
|
|
|
|
945
|
4 |
|
return [$message, $sqlQuery]; |
|
946
|
|
|
} |
|
947
|
|
|
|
|
948
|
|
|
/** |
|
949
|
|
|
* Get REQUIRE clause |
|
950
|
|
|
* |
|
951
|
|
|
* @return string REQUIRE clause |
|
952
|
|
|
*/ |
|
953
|
36 |
|
public function getRequireClause(): string |
|
954
|
|
|
{ |
|
955
|
|
|
/** @var string|null $sslType */ |
|
956
|
36 |
|
$sslType = $_POST['ssl_type'] ?? $GLOBALS['ssl_type'] ?? null; |
|
957
|
|
|
/** @var string|null $sslCipher */ |
|
958
|
36 |
|
$sslCipher = $_POST['ssl_cipher'] ?? $GLOBALS['ssl_cipher'] ?? null; |
|
959
|
|
|
/** @var string|null $x509Issuer */ |
|
960
|
36 |
|
$x509Issuer = $_POST['x509_issuer'] ?? $GLOBALS['x509_issuer'] ?? null; |
|
961
|
|
|
/** @var string|null $x509Subject */ |
|
962
|
36 |
|
$x509Subject = $_POST['x509_subject'] ?? $GLOBALS['x509_subject'] ?? null; |
|
963
|
|
|
|
|
964
|
36 |
|
if ($sslType === 'SPECIFIED') { |
|
965
|
|
|
$require = []; |
|
966
|
|
|
if (is_string($sslCipher) && $sslCipher !== '') { |
|
967
|
|
|
$require[] = 'CIPHER ' . $this->dbi->quoteString($sslCipher); |
|
968
|
|
|
} |
|
969
|
|
|
|
|
970
|
|
|
if (is_string($x509Issuer) && $x509Issuer !== '') { |
|
971
|
|
|
$require[] = 'ISSUER ' . $this->dbi->quoteString($x509Issuer); |
|
972
|
|
|
} |
|
973
|
|
|
|
|
974
|
|
|
if (is_string($x509Subject) && $x509Subject !== '') { |
|
975
|
|
|
$require[] = 'SUBJECT ' . $this->dbi->quoteString($x509Subject); |
|
976
|
|
|
} |
|
977
|
|
|
|
|
978
|
|
|
if ($require !== []) { |
|
979
|
|
|
$requireClause = ' REQUIRE ' . implode(' AND ', $require); |
|
980
|
|
|
} else { |
|
981
|
|
|
$requireClause = ' REQUIRE NONE'; |
|
982
|
|
|
} |
|
983
|
36 |
|
} elseif ($sslType === 'X509') { |
|
984
|
|
|
$requireClause = ' REQUIRE X509'; |
|
985
|
36 |
|
} elseif ($sslType === 'ANY') { |
|
986
|
|
|
$requireClause = ' REQUIRE SSL'; |
|
987
|
|
|
} else { |
|
988
|
36 |
|
$requireClause = ' REQUIRE NONE'; |
|
989
|
|
|
} |
|
990
|
|
|
|
|
991
|
36 |
|
return $requireClause; |
|
992
|
|
|
} |
|
993
|
|
|
|
|
994
|
|
|
/** |
|
995
|
|
|
* Get a WITH clause for 'update privileges' and 'add user' |
|
996
|
|
|
*/ |
|
997
|
40 |
|
public function getWithClauseForAddUserAndUpdatePrivs(): string |
|
998
|
|
|
{ |
|
999
|
40 |
|
$sqlQuery = ''; |
|
1000
|
|
|
if ( |
|
1001
|
40 |
|
isset($_POST['Grant_priv']) && $_POST['Grant_priv'] === 'Y' |
|
1002
|
40 |
|
&& ! (Compatibility::isMySqlOrPerconaDb() && $this->dbi->getVersion() >= 80011) |
|
1003
|
|
|
) { |
|
1004
|
8 |
|
$sqlQuery .= ' GRANT OPTION'; |
|
1005
|
|
|
} |
|
1006
|
|
|
|
|
1007
|
40 |
|
if (isset($_POST['max_questions'])) { |
|
1008
|
12 |
|
$maxQuestions = (int) $_POST['max_questions']; |
|
1009
|
12 |
|
$maxQuestions = max(0, $maxQuestions); |
|
1010
|
12 |
|
$sqlQuery .= ' MAX_QUERIES_PER_HOUR ' . $maxQuestions; |
|
1011
|
|
|
} |
|
1012
|
|
|
|
|
1013
|
40 |
|
if (isset($_POST['max_connections'])) { |
|
1014
|
12 |
|
$maxConnections = (int) $_POST['max_connections']; |
|
1015
|
12 |
|
$maxConnections = max(0, $maxConnections); |
|
1016
|
12 |
|
$sqlQuery .= ' MAX_CONNECTIONS_PER_HOUR ' . $maxConnections; |
|
1017
|
|
|
} |
|
1018
|
|
|
|
|
1019
|
40 |
|
if (isset($_POST['max_updates'])) { |
|
1020
|
12 |
|
$maxUpdates = (int) $_POST['max_updates']; |
|
1021
|
12 |
|
$maxUpdates = max(0, $maxUpdates); |
|
1022
|
12 |
|
$sqlQuery .= ' MAX_UPDATES_PER_HOUR ' . $maxUpdates; |
|
1023
|
|
|
} |
|
1024
|
|
|
|
|
1025
|
40 |
|
if (isset($_POST['max_user_connections'])) { |
|
1026
|
12 |
|
$maxUserConnections = (int) $_POST['max_user_connections']; |
|
1027
|
12 |
|
$maxUserConnections = max(0, $maxUserConnections); |
|
1028
|
12 |
|
$sqlQuery .= ' MAX_USER_CONNECTIONS ' . $maxUserConnections; |
|
1029
|
|
|
} |
|
1030
|
|
|
|
|
1031
|
40 |
|
return $sqlQuery !== '' ? ' WITH' . $sqlQuery : ''; |
|
1032
|
|
|
} |
|
1033
|
|
|
|
|
1034
|
|
|
/** |
|
1035
|
|
|
* Get HTML for addUsersForm, This function call if isset($_GET['adduser']) |
|
1036
|
|
|
* |
|
1037
|
|
|
* @param string $dbname database name |
|
1038
|
|
|
* |
|
1039
|
|
|
* @return string HTML for addUserForm |
|
1040
|
|
|
*/ |
|
1041
|
4 |
|
public function getHtmlForAddUser(string $dbname): string |
|
1042
|
|
|
{ |
|
1043
|
4 |
|
$isGrantUser = $this->dbi->isGrantUser(); |
|
1044
|
4 |
|
$loginInformationFieldsNew = $this->getHtmlForLoginInformationFields(); |
|
1045
|
4 |
|
$privilegesTable = ''; |
|
1046
|
4 |
|
if ($isGrantUser) { |
|
1047
|
4 |
|
$privilegesTable = $this->getHtmlToDisplayPrivilegesTable('*', '*', false); |
|
1048
|
|
|
} |
|
1049
|
|
|
|
|
1050
|
4 |
|
return $this->template->render('server/privileges/add_user', [ |
|
1051
|
4 |
|
'database' => $dbname, |
|
1052
|
4 |
|
'login_information_fields_new' => $loginInformationFieldsNew, |
|
1053
|
4 |
|
'is_grant_user' => $isGrantUser, |
|
1054
|
4 |
|
'privileges_table' => $privilegesTable, |
|
1055
|
4 |
|
]); |
|
1056
|
|
|
} |
|
1057
|
|
|
|
|
1058
|
|
|
/** @return mixed[] */ |
|
1059
|
|
|
public function getAllPrivileges(DatabaseName $db, TableName|null $table = null): array |
|
1060
|
|
|
{ |
|
1061
|
|
|
$databasePrivileges = $this->getGlobalAndDatabasePrivileges($db); |
|
1062
|
|
|
$tablePrivileges = []; |
|
1063
|
|
|
if ($table !== null) { |
|
1064
|
|
|
$tablePrivileges = $this->getTablePrivileges($db, $table); |
|
1065
|
|
|
} |
|
1066
|
|
|
|
|
1067
|
|
|
$routinePrivileges = $this->getRoutinesPrivileges($db); |
|
1068
|
|
|
$allPrivileges = array_merge($databasePrivileges, $tablePrivileges, $routinePrivileges); |
|
1069
|
|
|
|
|
1070
|
|
|
$privileges = []; |
|
1071
|
|
|
foreach ($allPrivileges as $privilege) { |
|
1072
|
|
|
$userHost = $privilege['User'] . '@' . $privilege['Host']; |
|
1073
|
|
|
$privileges[$userHost] ??= []; |
|
1074
|
|
|
$privileges[$userHost]['user'] = (string) $privilege['User']; |
|
1075
|
|
|
$privileges[$userHost]['host'] = (string) $privilege['Host']; |
|
1076
|
|
|
$privileges[$userHost]['privileges'] ??= []; |
|
1077
|
|
|
$privileges[$userHost]['privileges'][] = $this->getSpecificPrivilege($privilege); |
|
1078
|
|
|
} |
|
1079
|
|
|
|
|
1080
|
|
|
return $privileges; |
|
1081
|
|
|
} |
|
1082
|
|
|
|
|
1083
|
|
|
/** |
|
1084
|
|
|
* @param mixed[] $row Array with user privileges |
|
1085
|
|
|
* |
|
1086
|
|
|
* @return mixed[] |
|
1087
|
|
|
*/ |
|
1088
|
|
|
private function getSpecificPrivilege(array $row): array |
|
1089
|
|
|
{ |
|
1090
|
|
|
$privilege = ['type' => $row['Type'], 'database' => $row['Db']]; |
|
1091
|
|
|
if ($row['Type'] === 'r') { |
|
1092
|
|
|
$privilege['routine'] = $row['Routine_name']; |
|
1093
|
|
|
$privilege['has_grant'] = str_contains($row['Proc_priv'], 'Grant'); |
|
1094
|
|
|
$privilege['privileges'] = explode(',', $row['Proc_priv']); |
|
1095
|
|
|
} elseif ($row['Type'] === 't') { |
|
1096
|
|
|
$privilege['table'] = $row['Table_name']; |
|
1097
|
|
|
$privilege['has_grant'] = str_contains($row['Table_priv'], 'Grant'); |
|
1098
|
|
|
$tablePrivs = explode(',', $row['Table_priv']); |
|
1099
|
|
|
$specificPrivileges = []; |
|
1100
|
|
|
$grantsArr = $this->getTableGrantsArray(); |
|
1101
|
|
|
foreach ($grantsArr as $grant) { |
|
1102
|
|
|
$specificPrivileges[$grant[0]] = 'N'; |
|
1103
|
|
|
foreach ($tablePrivs as $tablePriv) { |
|
1104
|
|
|
if ($grant[0] !== $tablePriv) { |
|
1105
|
|
|
continue; |
|
1106
|
|
|
} |
|
1107
|
|
|
|
|
1108
|
|
|
$specificPrivileges[$grant[0]] = 'Y'; |
|
1109
|
|
|
} |
|
1110
|
|
|
} |
|
1111
|
|
|
|
|
1112
|
|
|
$privilege['privileges'] = $this->extractPrivInfo($specificPrivileges, true, true); |
|
1113
|
|
|
} else { |
|
1114
|
|
|
$privilege['has_grant'] = $row['Grant_priv'] === 'Y'; |
|
1115
|
|
|
$privilege['privileges'] = $this->extractPrivInfo($row, true); |
|
1116
|
|
|
} |
|
1117
|
|
|
|
|
1118
|
|
|
return $privilege; |
|
1119
|
|
|
} |
|
1120
|
|
|
|
|
1121
|
|
|
/** @return array<int, array<string|null>> */ |
|
1122
|
|
|
private function getGlobalAndDatabasePrivileges(DatabaseName $db): array |
|
1123
|
|
|
{ |
|
1124
|
|
|
$listOfPrivileges = '`Select_priv`, |
|
1125
|
|
|
`Insert_priv`, |
|
1126
|
|
|
`Update_priv`, |
|
1127
|
|
|
`Delete_priv`, |
|
1128
|
|
|
`Create_priv`, |
|
1129
|
|
|
`Drop_priv`, |
|
1130
|
|
|
`Grant_priv`, |
|
1131
|
|
|
`Index_priv`, |
|
1132
|
|
|
`Alter_priv`, |
|
1133
|
|
|
`References_priv`, |
|
1134
|
|
|
`Create_tmp_table_priv`, |
|
1135
|
|
|
`Lock_tables_priv`, |
|
1136
|
|
|
`Create_view_priv`, |
|
1137
|
|
|
`Show_view_priv`, |
|
1138
|
|
|
`Create_routine_priv`, |
|
1139
|
|
|
`Alter_routine_priv`, |
|
1140
|
|
|
`Execute_priv`, |
|
1141
|
|
|
`Event_priv`, |
|
1142
|
|
|
`Trigger_priv`,'; |
|
1143
|
|
|
|
|
1144
|
|
|
$listOfComparedPrivileges = 'BINARY `Select_priv` = \'N\' AND |
|
1145
|
|
|
BINARY `Insert_priv` = \'N\' AND |
|
1146
|
|
|
BINARY `Update_priv` = \'N\' AND |
|
1147
|
|
|
BINARY `Delete_priv` = \'N\' AND |
|
1148
|
|
|
BINARY `Create_priv` = \'N\' AND |
|
1149
|
|
|
BINARY `Drop_priv` = \'N\' AND |
|
1150
|
|
|
BINARY `Grant_priv` = \'N\' AND |
|
1151
|
|
|
BINARY `References_priv` = \'N\' AND |
|
1152
|
|
|
BINARY `Create_tmp_table_priv` = \'N\' AND |
|
1153
|
|
|
BINARY `Lock_tables_priv` = \'N\' AND |
|
1154
|
|
|
BINARY `Create_view_priv` = \'N\' AND |
|
1155
|
|
|
BINARY `Show_view_priv` = \'N\' AND |
|
1156
|
|
|
BINARY `Create_routine_priv` = \'N\' AND |
|
1157
|
|
|
BINARY `Alter_routine_priv` = \'N\' AND |
|
1158
|
|
|
BINARY `Execute_priv` = \'N\' AND |
|
1159
|
|
|
BINARY `Event_priv` = \'N\' AND |
|
1160
|
|
|
BINARY `Trigger_priv` = \'N\''; |
|
1161
|
|
|
|
|
1162
|
|
|
$query = ' |
|
1163
|
|
|
( |
|
1164
|
|
|
SELECT `User`, `Host`, ' . $listOfPrivileges . ' \'*\' AS `Db`, \'g\' AS `Type` |
|
1165
|
|
|
FROM `mysql`.`user` |
|
1166
|
|
|
WHERE NOT (' . $listOfComparedPrivileges . ') |
|
1167
|
|
|
) |
|
1168
|
|
|
UNION |
|
1169
|
|
|
( |
|
1170
|
|
|
SELECT `User`, `Host`, ' . $listOfPrivileges . ' `Db`, \'d\' AS `Type` |
|
1171
|
|
|
FROM `mysql`.`db` |
|
1172
|
|
|
WHERE ' . $this->dbi->quoteString($db->getName()) . ' LIKE `Db` AND NOT (' |
|
1173
|
|
|
. $listOfComparedPrivileges . ') |
|
1174
|
|
|
) |
|
1175
|
|
|
ORDER BY `User` ASC, `Host` ASC, `Db` ASC; |
|
1176
|
|
|
'; |
|
1177
|
|
|
|
|
1178
|
|
|
return $this->dbi->query($query)->fetchAllAssoc(); |
|
1179
|
|
|
} |
|
1180
|
|
|
|
|
1181
|
|
|
/** @return array<int, array<string|null>> */ |
|
1182
|
|
|
private function getTablePrivileges(DatabaseName $db, TableName $table): array |
|
1183
|
|
|
{ |
|
1184
|
|
|
$query = ' |
|
1185
|
|
|
SELECT `User`, `Host`, `Db`, \'t\' AS `Type`, `Table_name`, `Table_priv` |
|
1186
|
|
|
FROM `mysql`.`tables_priv` |
|
1187
|
|
|
WHERE |
|
1188
|
|
|
? LIKE `Db` AND |
|
1189
|
|
|
? LIKE `Table_name` AND |
|
1190
|
|
|
NOT (`Table_priv` = \'\' AND Column_priv = \'\') |
|
1191
|
|
|
ORDER BY `User` ASC, `Host` ASC, `Db` ASC, `Table_priv` ASC; |
|
1192
|
|
|
'; |
|
1193
|
|
|
$statement = $this->dbi->prepare($query); |
|
1194
|
|
|
if ($statement === null || ! $statement->execute([$db->getName(), $table->getName()])) { |
|
1195
|
|
|
return []; |
|
1196
|
|
|
} |
|
1197
|
|
|
|
|
1198
|
|
|
return $statement->getResult()->fetchAllAssoc(); |
|
1199
|
|
|
} |
|
1200
|
|
|
|
|
1201
|
|
|
/** @return array<int, array<string|null>> */ |
|
1202
|
|
|
private function getRoutinesPrivileges(DatabaseName $db): array |
|
1203
|
|
|
{ |
|
1204
|
|
|
$query = ' |
|
1205
|
|
|
SELECT *, \'r\' AS `Type` |
|
1206
|
|
|
FROM `mysql`.`procs_priv` |
|
1207
|
|
|
WHERE Db = ' . $this->dbi->quoteString($db->getName()) . ';'; |
|
1208
|
|
|
|
|
1209
|
|
|
return $this->dbi->query($query)->fetchAllAssoc(); |
|
1210
|
|
|
} |
|
1211
|
|
|
|
|
1212
|
|
|
/** |
|
1213
|
|
|
* Get HTML error for View Users form |
|
1214
|
|
|
* For non superusers such as grant/create users |
|
1215
|
|
|
*/ |
|
1216
|
4 |
|
private function getHtmlForViewUsersError(): string |
|
1217
|
|
|
{ |
|
1218
|
4 |
|
return Message::error( |
|
1219
|
4 |
|
__('Not enough privilege to view users.'), |
|
1220
|
4 |
|
)->getDisplay(); |
|
1221
|
|
|
} |
|
1222
|
|
|
|
|
1223
|
|
|
/** |
|
1224
|
|
|
* Returns edit, revoke or export link for a user. |
|
1225
|
|
|
* |
|
1226
|
|
|
* @param string $linktype The link type (edit | revoke | export) |
|
1227
|
|
|
* @param string $username User name |
|
1228
|
|
|
* @param string $hostname Host name |
|
1229
|
|
|
* @param string $dbname Database name |
|
1230
|
|
|
* @param string $tablename Table name |
|
1231
|
|
|
* @param string $routinename Routine name |
|
1232
|
|
|
* @param string $initial Initial value |
|
1233
|
|
|
* |
|
1234
|
|
|
* @return string HTML code with link |
|
1235
|
|
|
*/ |
|
1236
|
8 |
|
public function getUserLink( |
|
1237
|
|
|
string $linktype, |
|
1238
|
|
|
string $username, |
|
1239
|
|
|
string $hostname, |
|
1240
|
|
|
string $dbname = '', |
|
1241
|
|
|
string $tablename = '', |
|
1242
|
|
|
string $routinename = '', |
|
1243
|
|
|
string $initial = '', |
|
1244
|
|
|
): string { |
|
1245
|
8 |
|
$linkClass = ''; |
|
1246
|
8 |
|
if ($linktype === 'edit') { |
|
1247
|
8 |
|
$linkClass = 'edit_user_anchor'; |
|
1248
|
8 |
|
} elseif ($linktype === 'export') { |
|
1249
|
8 |
|
$linkClass = 'export_user_anchor ajax'; |
|
1250
|
|
|
} |
|
1251
|
|
|
|
|
1252
|
8 |
|
$params = ['username' => $username, 'hostname' => $hostname]; |
|
1253
|
|
|
switch ($linktype) { |
|
1254
|
8 |
|
case 'edit': |
|
1255
|
8 |
|
$params['dbname'] = $dbname; |
|
1256
|
8 |
|
$params['tablename'] = $tablename; |
|
1257
|
8 |
|
$params['routinename'] = $routinename; |
|
1258
|
8 |
|
break; |
|
1259
|
8 |
|
case 'revoke': |
|
1260
|
8 |
|
$params['dbname'] = $dbname; |
|
1261
|
8 |
|
$params['tablename'] = $tablename; |
|
1262
|
8 |
|
$params['routinename'] = $routinename; |
|
1263
|
8 |
|
$params['revokeall'] = 1; |
|
1264
|
8 |
|
break; |
|
1265
|
8 |
|
case 'export': |
|
1266
|
8 |
|
$params['initial'] = $initial; |
|
1267
|
8 |
|
$params['export'] = 1; |
|
1268
|
8 |
|
break; |
|
1269
|
|
|
} |
|
1270
|
|
|
|
|
1271
|
8 |
|
$action = []; |
|
1272
|
|
|
switch ($linktype) { |
|
1273
|
8 |
|
case 'edit': |
|
1274
|
8 |
|
$action['icon'] = 'b_usredit'; |
|
1275
|
8 |
|
$action['text'] = __('Edit privileges'); |
|
1276
|
8 |
|
break; |
|
1277
|
8 |
|
case 'revoke': |
|
1278
|
8 |
|
$action['icon'] = 'b_usrdrop'; |
|
1279
|
8 |
|
$action['text'] = __('Revoke'); |
|
1280
|
8 |
|
break; |
|
1281
|
8 |
|
case 'export': |
|
1282
|
8 |
|
$action['icon'] = 'b_tblexport'; |
|
1283
|
8 |
|
$action['text'] = __('Export'); |
|
1284
|
8 |
|
break; |
|
1285
|
|
|
} |
|
1286
|
|
|
|
|
1287
|
8 |
|
return $this->template->render('server/privileges/get_user_link', [ |
|
1288
|
8 |
|
'link_class' => $linkClass, |
|
1289
|
8 |
|
'is_revoke' => $linktype === 'revoke', |
|
1290
|
8 |
|
'url_params' => $params, |
|
1291
|
8 |
|
'action' => $action, |
|
1292
|
8 |
|
]); |
|
1293
|
|
|
} |
|
1294
|
|
|
|
|
1295
|
|
|
/** |
|
1296
|
|
|
* Returns number of defined user groups |
|
1297
|
|
|
*/ |
|
1298
|
4 |
|
public function getUserGroupCount(ConfigurableMenusFeature $configurableMenusFeature): int |
|
1299
|
|
|
{ |
|
1300
|
4 |
|
$userGroupTable = Util::backquote($configurableMenusFeature->database) |
|
1301
|
4 |
|
. '.' . Util::backquote($configurableMenusFeature->userGroups); |
|
1302
|
4 |
|
$sqlQuery = 'SELECT COUNT(*) FROM ' . $userGroupTable; |
|
1303
|
|
|
|
|
1304
|
4 |
|
return (int) $this->dbi->fetchValue($sqlQuery, 0, ConnectionType::ControlUser); |
|
1305
|
|
|
} |
|
1306
|
|
|
|
|
1307
|
|
|
/** |
|
1308
|
|
|
* Returns name of user group that user is part of |
|
1309
|
|
|
* |
|
1310
|
|
|
* @param string $username User name |
|
1311
|
|
|
* |
|
1312
|
|
|
* @return string|null usergroup if found or null if not found |
|
1313
|
|
|
*/ |
|
1314
|
4 |
|
public function getUserGroupForUser(string $username): string|null |
|
1315
|
|
|
{ |
|
1316
|
4 |
|
$configurableMenusFeature = $this->relation->getRelationParameters()->configurableMenusFeature; |
|
1317
|
4 |
|
if ($configurableMenusFeature === null) { |
|
1318
|
|
|
return null; |
|
1319
|
|
|
} |
|
1320
|
|
|
|
|
1321
|
4 |
|
$userTable = Util::backquote($configurableMenusFeature->database) |
|
1322
|
4 |
|
. '.' . Util::backquote($configurableMenusFeature->users); |
|
1323
|
4 |
|
$sqlQuery = 'SELECT `usergroup` FROM ' . $userTable |
|
1324
|
4 |
|
. ' WHERE `username` = \'' . $username . '\'' |
|
1325
|
4 |
|
. ' LIMIT 1'; |
|
1326
|
|
|
|
|
1327
|
4 |
|
$usergroup = $this->dbi->fetchValue($sqlQuery, 0, ConnectionType::ControlUser); |
|
1328
|
|
|
|
|
1329
|
4 |
|
if ($usergroup === false) { |
|
1330
|
|
|
return null; |
|
1331
|
|
|
} |
|
1332
|
|
|
|
|
1333
|
4 |
|
return $usergroup; |
|
1334
|
|
|
} |
|
1335
|
|
|
|
|
1336
|
|
|
/** |
|
1337
|
|
|
* This function return the extra data array for the ajax behavior |
|
1338
|
|
|
* |
|
1339
|
|
|
* @param string $password password |
|
1340
|
|
|
* @param string $sqlQuery sql query |
|
1341
|
|
|
* @param string $hostname hostname |
|
1342
|
|
|
* @param string $username username |
|
1343
|
|
|
* |
|
1344
|
|
|
* @return (string|bool)[] |
|
1345
|
|
|
*/ |
|
1346
|
4 |
|
public function getExtraDataForAjaxBehavior( |
|
1347
|
|
|
string $password, |
|
1348
|
|
|
string $sqlQuery, |
|
1349
|
|
|
string $hostname, |
|
1350
|
|
|
string $username, |
|
1351
|
|
|
): array { |
|
1352
|
4 |
|
if (isset($GLOBALS['dbname'])) { |
|
1353
|
|
|
//if (preg_match('/\\\\(?:_|%)/i', $dbname)) { |
|
1354
|
4 |
|
if (preg_match('/(?<!\\\\)(?:_|%)/', $GLOBALS['dbname'])) { |
|
1355
|
4 |
|
$dbnameIsWildcard = true; |
|
1356
|
|
|
} else { |
|
1357
|
|
|
$dbnameIsWildcard = false; |
|
1358
|
|
|
} |
|
1359
|
|
|
} |
|
1360
|
|
|
|
|
1361
|
4 |
|
$configurableMenusFeature = $this->relation->getRelationParameters()->configurableMenusFeature; |
|
1362
|
|
|
|
|
1363
|
4 |
|
$userGroupCount = 0; |
|
1364
|
4 |
|
if ($configurableMenusFeature !== null) { |
|
1365
|
|
|
$userGroupCount = $this->getUserGroupCount($configurableMenusFeature); |
|
1366
|
|
|
} |
|
1367
|
|
|
|
|
1368
|
4 |
|
$extraData = []; |
|
1369
|
4 |
|
if ($sqlQuery !== '') { |
|
1370
|
4 |
|
$extraData['sql_query'] = Generator::getMessage('', $sqlQuery); |
|
1371
|
|
|
} |
|
1372
|
|
|
|
|
1373
|
4 |
|
if (isset($_POST['change_copy'])) { |
|
1374
|
4 |
|
$user = [ |
|
1375
|
4 |
|
'name' => $username, |
|
1376
|
4 |
|
'host' => $hostname, |
|
1377
|
4 |
|
'has_password' => $password !== '' || isset($_POST['pma_pw']), |
|
1378
|
4 |
|
'privileges' => implode(', ', $this->extractPrivInfo(null, true)), |
|
1379
|
4 |
|
'has_group' => $configurableMenusFeature !== null, |
|
1380
|
4 |
|
'has_group_edit' => $configurableMenusFeature !== null && $userGroupCount > 0, |
|
1381
|
4 |
|
'has_grant' => isset($_POST['Grant_priv']) && $_POST['Grant_priv'] === 'Y', |
|
1382
|
4 |
|
]; |
|
1383
|
4 |
|
$extraData['new_user_string'] = $this->template->render('server/privileges/new_user_ajax', [ |
|
1384
|
4 |
|
'user' => $user, |
|
1385
|
4 |
|
'is_grantuser' => $this->dbi->isGrantUser(), |
|
1386
|
4 |
|
'initial' => $_GET['initial'] ?? '', |
|
1387
|
4 |
|
]); |
|
1388
|
|
|
|
|
1389
|
|
|
/** |
|
1390
|
|
|
* Generate the string for this alphabet's initial, to update the user |
|
1391
|
|
|
* pagination |
|
1392
|
|
|
*/ |
|
1393
|
4 |
|
$newUserInitial = mb_strtoupper( |
|
1394
|
4 |
|
mb_substr($username, 0, 1), |
|
1395
|
4 |
|
); |
|
1396
|
4 |
|
$newUserInitialString = '<a href="'; |
|
1397
|
4 |
|
$newUserInitialString .= Url::getFromRoute('/server/privileges', ['initial' => $newUserInitial]); |
|
1398
|
4 |
|
$newUserInitialString .= '">' . $newUserInitial . '</a>'; |
|
1399
|
4 |
|
$extraData['new_user_initial'] = $newUserInitial; |
|
1400
|
4 |
|
$extraData['new_user_initial_string'] = $newUserInitialString; |
|
1401
|
|
|
} |
|
1402
|
|
|
|
|
1403
|
4 |
|
if (isset($_POST['update_privs'])) { |
|
1404
|
4 |
|
$extraData['db_specific_privs'] = false; |
|
1405
|
4 |
|
$extraData['db_wildcard_privs'] = false; |
|
1406
|
4 |
|
if (isset($dbnameIsWildcard)) { |
|
1407
|
4 |
|
$extraData['db_specific_privs'] = ! $dbnameIsWildcard; |
|
1408
|
4 |
|
$extraData['db_wildcard_privs'] = $dbnameIsWildcard; |
|
1409
|
|
|
} |
|
1410
|
|
|
|
|
1411
|
4 |
|
$newPrivileges = implode(', ', $this->extractPrivInfo(null, true)); |
|
1412
|
|
|
|
|
1413
|
4 |
|
$extraData['new_privileges'] = $newPrivileges; |
|
1414
|
|
|
} |
|
1415
|
|
|
|
|
1416
|
4 |
|
if (isset($_GET['validate_username'])) { |
|
1417
|
4 |
|
$sqlQuery = 'SELECT * FROM `mysql`.`user` WHERE `User` = ' |
|
1418
|
4 |
|
. $this->dbi->quoteString($_GET['username']) . ';'; |
|
1419
|
4 |
|
$res = $this->dbi->query($sqlQuery); |
|
1420
|
4 |
|
$extraData['user_exists'] = $res->fetchRow() !== []; |
|
1421
|
|
|
} |
|
1422
|
|
|
|
|
1423
|
4 |
|
return $extraData; |
|
1424
|
|
|
} |
|
1425
|
|
|
|
|
1426
|
|
|
/** |
|
1427
|
|
|
* no db name given, so we want all privs for the given user |
|
1428
|
|
|
* db name was given, so we want all user specific rights for this db |
|
1429
|
|
|
* So this function returns user rights as an array |
|
1430
|
|
|
* |
|
1431
|
|
|
* @param string $username username |
|
1432
|
|
|
* @param string $hostname host name |
|
1433
|
|
|
* @param string $type database or table |
|
1434
|
|
|
* @param string $dbname database name |
|
1435
|
|
|
* |
|
1436
|
|
|
* @return mixed[] database rights |
|
1437
|
|
|
*/ |
|
1438
|
4 |
|
public function getUserSpecificRights(string $username, string $hostname, string $type, string $dbname = ''): array |
|
1439
|
|
|
{ |
|
1440
|
4 |
|
$userHostCondition = $this->getUserHostCondition($username, $hostname); |
|
1441
|
|
|
|
|
1442
|
4 |
|
if ($type === 'database') { |
|
1443
|
4 |
|
$tablesToSearchForUsers = ['tables_priv', 'columns_priv', 'procs_priv']; |
|
1444
|
4 |
|
$dbOrTableName = 'Db'; |
|
1445
|
4 |
|
} elseif ($type === 'table') { |
|
1446
|
4 |
|
$userHostCondition .= ' AND `Db` LIKE ' . $this->dbi->quoteString($dbname); |
|
1447
|
4 |
|
$tablesToSearchForUsers = ['columns_priv']; |
|
1448
|
4 |
|
$dbOrTableName = 'Table_name'; |
|
1449
|
|
|
} else { // routine |
|
1450
|
|
|
$userHostCondition .= ' AND `Db` LIKE ' . $this->dbi->quoteString($dbname); |
|
1451
|
|
|
$tablesToSearchForUsers = ['procs_priv']; |
|
1452
|
|
|
$dbOrTableName = 'Routine_name'; |
|
1453
|
|
|
} |
|
1454
|
|
|
|
|
1455
|
|
|
// we also want privileges for this user not in table `db` but in other table |
|
1456
|
4 |
|
$tables = $this->dbi->fetchResult('SHOW TABLES FROM `mysql`;'); |
|
1457
|
|
|
|
|
1458
|
4 |
|
$dbRightsSqls = []; |
|
1459
|
4 |
|
foreach ($tablesToSearchForUsers as $tableSearchIn) { |
|
1460
|
4 |
|
if (! in_array($tableSearchIn, $tables, true)) { |
|
1461
|
4 |
|
continue; |
|
1462
|
|
|
} |
|
1463
|
|
|
|
|
1464
|
4 |
|
$dbRightsSqls[] = 'SELECT DISTINCT `' . $dbOrTableName |
|
1465
|
4 |
|
. '` FROM `mysql`.' . Util::backquote($tableSearchIn) |
|
1466
|
4 |
|
. $userHostCondition; |
|
1467
|
|
|
} |
|
1468
|
|
|
|
|
1469
|
4 |
|
$userDefaults = [$dbOrTableName => '', 'Grant_priv' => 'N', 'privs' => ['USAGE'], 'Column_priv' => true]; |
|
1470
|
|
|
|
|
1471
|
|
|
// for the rights |
|
1472
|
4 |
|
$dbRights = []; |
|
1473
|
|
|
|
|
1474
|
4 |
|
$dbRightsSql = '(' . implode(') UNION (', $dbRightsSqls) . ')' |
|
1475
|
4 |
|
. ' ORDER BY `' . $dbOrTableName . '` ASC'; |
|
1476
|
|
|
|
|
1477
|
4 |
|
$dbRightsResult = $this->dbi->query($dbRightsSql); |
|
1478
|
|
|
|
|
1479
|
4 |
|
while ($dbRightsRow = $dbRightsResult->fetchAssoc()) { |
|
1480
|
|
|
$dbRightsRow = array_merge($userDefaults, $dbRightsRow); |
|
1481
|
|
|
if ($type === 'database') { |
|
1482
|
|
|
// only Db names in the table `mysql`.`db` uses wildcards |
|
1483
|
|
|
// as we are in the db specific rights display we want |
|
1484
|
|
|
// all db names escaped, also from other sources |
|
1485
|
|
|
$dbRightsRow['Db'] = $this->escapeGrantWildcards($dbRightsRow['Db']); |
|
1486
|
|
|
} |
|
1487
|
|
|
|
|
1488
|
|
|
$dbRights[$dbRightsRow[$dbOrTableName]] = $dbRightsRow; |
|
1489
|
|
|
} |
|
1490
|
|
|
|
|
1491
|
4 |
|
$sqlQuery = match ($type) { |
|
1492
|
4 |
|
'database' => 'SELECT * FROM `mysql`.`db`' |
|
1493
|
4 |
|
. $userHostCondition . ' ORDER BY `Db` ASC', |
|
1494
|
4 |
|
'table' => 'SELECT `Table_name`,' |
|
1495
|
4 |
|
. ' `Table_priv`,' |
|
1496
|
4 |
|
. ' IF(`Column_priv` = _latin1 \'\', 0, 1)' |
|
1497
|
4 |
|
. ' AS \'Column_priv\'' |
|
1498
|
4 |
|
. ' FROM `mysql`.`tables_priv`' |
|
1499
|
4 |
|
. $userHostCondition |
|
1500
|
4 |
|
. ' ORDER BY `Table_name` ASC;', |
|
1501
|
4 |
|
default => 'SELECT `Routine_name`, `Proc_priv`' |
|
1502
|
4 |
|
. ' FROM `mysql`.`procs_priv`' |
|
1503
|
4 |
|
. $userHostCondition |
|
1504
|
4 |
|
. ' ORDER BY `Routine_name`', |
|
1505
|
4 |
|
}; |
|
1506
|
|
|
|
|
1507
|
4 |
|
$result = $this->dbi->query($sqlQuery); |
|
1508
|
|
|
|
|
1509
|
4 |
|
while ($row = $result->fetchAssoc()) { |
|
1510
|
|
|
if (isset($dbRights[$row[$dbOrTableName]])) { |
|
1511
|
|
|
$dbRights[$row[$dbOrTableName]] = array_merge($dbRights[$row[$dbOrTableName]], $row); |
|
1512
|
|
|
} else { |
|
1513
|
|
|
$dbRights[$row[$dbOrTableName]] = $row; |
|
1514
|
|
|
} |
|
1515
|
|
|
|
|
1516
|
|
|
if ($type !== 'database') { |
|
1517
|
|
|
continue; |
|
1518
|
|
|
} |
|
1519
|
|
|
|
|
1520
|
|
|
// there are db specific rights for this user |
|
1521
|
|
|
// so we can drop this db rights |
|
1522
|
|
|
$dbRights[$row['Db']]['can_delete'] = true; |
|
1523
|
|
|
} |
|
1524
|
|
|
|
|
1525
|
4 |
|
return $dbRights; |
|
1526
|
|
|
} |
|
1527
|
|
|
|
|
1528
|
|
|
/** |
|
1529
|
|
|
* Parses Proc_priv data |
|
1530
|
|
|
* |
|
1531
|
|
|
* @param string $privs Proc_priv |
|
1532
|
|
|
* |
|
1533
|
|
|
* @return array<string, string> |
|
1534
|
|
|
*/ |
|
1535
|
|
|
public function parseProcPriv(string $privs): array |
|
1536
|
|
|
{ |
|
1537
|
|
|
$result = ['Alter_routine_priv' => 'N', 'Execute_priv' => 'N', 'Grant_priv' => 'N']; |
|
1538
|
|
|
foreach (explode(',', $privs) as $priv) { |
|
1539
|
|
|
if ($priv === 'Alter Routine') { |
|
1540
|
|
|
$result['Alter_routine_priv'] = 'Y'; |
|
1541
|
|
|
} else { |
|
1542
|
|
|
$result[$priv . '_priv'] = 'Y'; |
|
1543
|
|
|
} |
|
1544
|
|
|
} |
|
1545
|
|
|
|
|
1546
|
|
|
return $result; |
|
1547
|
|
|
} |
|
1548
|
|
|
|
|
1549
|
|
|
/** |
|
1550
|
|
|
* Get a HTML table for display user's table specific or database specific rights |
|
1551
|
|
|
* |
|
1552
|
|
|
* @param string $username username |
|
1553
|
|
|
* @param string $hostname host name |
|
1554
|
|
|
* @param string $type database, table or routine |
|
1555
|
|
|
* @param string $dbname database name |
|
1556
|
|
|
*/ |
|
1557
|
4 |
|
public function getHtmlForAllTableSpecificRights( |
|
1558
|
|
|
string $username, |
|
1559
|
|
|
string $hostname, |
|
1560
|
|
|
string $type, |
|
1561
|
|
|
string $dbname = '', |
|
1562
|
|
|
): string { |
|
1563
|
4 |
|
$uiData = [ |
|
1564
|
4 |
|
'database' => [ |
|
1565
|
4 |
|
'form_id' => 'database_specific_priv', |
|
1566
|
4 |
|
'sub_menu_label' => __('Database'), |
|
1567
|
4 |
|
'legend' => __('Database-specific privileges'), |
|
1568
|
4 |
|
'type_label' => __('Database'), |
|
1569
|
4 |
|
], |
|
1570
|
4 |
|
'table' => [ |
|
1571
|
4 |
|
'form_id' => 'table_specific_priv', |
|
1572
|
4 |
|
'sub_menu_label' => __('Table'), |
|
1573
|
4 |
|
'legend' => __('Table-specific privileges'), |
|
1574
|
4 |
|
'type_label' => __('Table'), |
|
1575
|
4 |
|
], |
|
1576
|
4 |
|
'routine' => [ |
|
1577
|
4 |
|
'form_id' => 'routine_specific_priv', |
|
1578
|
4 |
|
'sub_menu_label' => __('Routine'), |
|
1579
|
4 |
|
'legend' => __('Routine-specific privileges'), |
|
1580
|
4 |
|
'type_label' => __('Routine'), |
|
1581
|
4 |
|
], |
|
1582
|
4 |
|
]; |
|
1583
|
|
|
|
|
1584
|
|
|
/** |
|
1585
|
|
|
* no db name given, so we want all privs for the given user |
|
1586
|
|
|
* db name was given, so we want all user specific rights for this db |
|
1587
|
|
|
*/ |
|
1588
|
4 |
|
$dbRights = $this->getUserSpecificRights($username, $hostname, $type, $dbname); |
|
1589
|
4 |
|
ksort($dbRights); |
|
1590
|
|
|
|
|
1591
|
4 |
|
$foundRows = []; |
|
1592
|
4 |
|
$privileges = []; |
|
1593
|
4 |
|
foreach ($dbRights as $row) { |
|
1594
|
|
|
$onePrivilege = []; |
|
1595
|
|
|
|
|
1596
|
|
|
$paramTableName = ''; |
|
1597
|
|
|
$paramRoutineName = ''; |
|
1598
|
|
|
|
|
1599
|
|
|
if ($type === 'database') { |
|
1600
|
|
|
$name = $row['Db']; |
|
1601
|
|
|
$onePrivilege['grant'] = $row['Grant_priv'] === 'Y'; |
|
1602
|
|
|
$onePrivilege['table_privs'] = ! empty($row['Table_priv']) |
|
1603
|
|
|
|| ! empty($row['Column_priv']); |
|
1604
|
|
|
$onePrivilege['privileges'] = implode(',', $this->extractPrivInfo($row, true)); |
|
1605
|
|
|
|
|
1606
|
|
|
$paramDbName = $row['Db']; |
|
1607
|
|
|
} elseif ($type === 'table') { |
|
1608
|
|
|
$name = $row['Table_name']; |
|
1609
|
|
|
$onePrivilege['grant'] = in_array( |
|
1610
|
|
|
'Grant', |
|
1611
|
|
|
explode(',', $row['Table_priv']), |
|
1612
|
|
|
true, |
|
1613
|
|
|
); |
|
1614
|
|
|
$onePrivilege['column_privs'] = ! empty($row['Column_priv']); |
|
1615
|
|
|
$onePrivilege['privileges'] = implode(',', $this->extractPrivInfo($row, true)); |
|
1616
|
|
|
|
|
1617
|
|
|
$paramDbName = $this->escapeGrantWildcards($dbname); |
|
1618
|
|
|
$paramTableName = $row['Table_name']; |
|
1619
|
|
|
} else { // routine |
|
1620
|
|
|
$name = $row['Routine_name']; |
|
1621
|
|
|
$onePrivilege['grant'] = in_array( |
|
1622
|
|
|
'Grant', |
|
1623
|
|
|
explode(',', $row['Proc_priv']), |
|
1624
|
|
|
true, |
|
1625
|
|
|
); |
|
1626
|
|
|
|
|
1627
|
|
|
$privs = $this->parseProcPriv($row['Proc_priv']); |
|
1628
|
|
|
$onePrivilege['privileges'] = implode( |
|
1629
|
|
|
',', |
|
1630
|
|
|
$this->extractPrivInfo($privs, true), |
|
1631
|
|
|
); |
|
1632
|
|
|
|
|
1633
|
|
|
$paramDbName = $this->escapeGrantWildcards($dbname); |
|
1634
|
|
|
$paramRoutineName = $row['Routine_name']; |
|
1635
|
|
|
} |
|
1636
|
|
|
|
|
1637
|
|
|
$foundRows[] = $name; |
|
1638
|
|
|
$onePrivilege['name'] = $name; |
|
1639
|
|
|
|
|
1640
|
|
|
$onePrivilege['edit_link'] = ''; |
|
1641
|
|
|
if ($this->dbi->isGrantUser()) { |
|
1642
|
|
|
$onePrivilege['edit_link'] = $this->getUserLink( |
|
1643
|
|
|
'edit', |
|
1644
|
|
|
$username, |
|
1645
|
|
|
$hostname, |
|
1646
|
|
|
$paramDbName, |
|
1647
|
|
|
$paramTableName, |
|
1648
|
|
|
$paramRoutineName, |
|
1649
|
|
|
); |
|
1650
|
|
|
} |
|
1651
|
|
|
|
|
1652
|
|
|
$onePrivilege['revoke_link'] = ''; |
|
1653
|
|
|
if ($type !== 'database' || ! empty($row['can_delete'])) { |
|
1654
|
|
|
$onePrivilege['revoke_link'] = $this->getUserLink( |
|
1655
|
|
|
'revoke', |
|
1656
|
|
|
$username, |
|
1657
|
|
|
$hostname, |
|
1658
|
|
|
$paramDbName, |
|
1659
|
|
|
$paramTableName, |
|
1660
|
|
|
$paramRoutineName, |
|
1661
|
|
|
); |
|
1662
|
|
|
} |
|
1663
|
|
|
|
|
1664
|
|
|
$privileges[] = $onePrivilege; |
|
1665
|
|
|
} |
|
1666
|
|
|
|
|
1667
|
4 |
|
$data = $uiData[$type]; |
|
1668
|
4 |
|
$data['privileges'] = $privileges; |
|
1669
|
4 |
|
$data['username'] = $username; |
|
1670
|
4 |
|
$data['hostname'] = $hostname; |
|
1671
|
4 |
|
$data['database'] = $dbname; |
|
1672
|
4 |
|
$data['escaped_database'] = $this->escapeGrantWildcards($dbname); |
|
1673
|
4 |
|
$data['type'] = $type; |
|
1674
|
|
|
|
|
1675
|
4 |
|
if ($type === 'database') { |
|
1676
|
4 |
|
$predDbArray = $this->dbi->getDatabaseList(); |
|
1677
|
4 |
|
$databasesToSkip = ['information_schema', 'performance_schema']; |
|
1678
|
|
|
|
|
1679
|
4 |
|
$databases = []; |
|
1680
|
4 |
|
$escapedDatabases = []; |
|
1681
|
4 |
|
foreach ($predDbArray as $currentDb) { |
|
1682
|
4 |
|
if (in_array($currentDb, $databasesToSkip, true)) { |
|
1683
|
|
|
continue; |
|
1684
|
|
|
} |
|
1685
|
|
|
|
|
1686
|
4 |
|
$currentDbEscaped = $this->escapeGrantWildcards($currentDb); |
|
1687
|
|
|
// cannot use array_diff() once, outside of the loop, |
|
1688
|
|
|
// because the list of databases has special characters |
|
1689
|
|
|
// already escaped in $foundRows, |
|
1690
|
|
|
// contrary to the output of SHOW DATABASES |
|
1691
|
4 |
|
if (in_array($currentDbEscaped, $foundRows, true)) { |
|
1692
|
|
|
continue; |
|
1693
|
|
|
} |
|
1694
|
|
|
|
|
1695
|
4 |
|
$databases[] = $currentDb; |
|
1696
|
4 |
|
$escapedDatabases[] = $currentDbEscaped; |
|
1697
|
|
|
} |
|
1698
|
|
|
|
|
1699
|
4 |
|
$data['databases'] = $databases; |
|
1700
|
4 |
|
$data['escaped_databases'] = $escapedDatabases; |
|
1701
|
4 |
|
} elseif ($type === 'table') { |
|
1702
|
4 |
|
$result = $this->dbi->tryQuery('SHOW TABLES FROM ' . Util::backquote($dbname)); |
|
1703
|
|
|
|
|
1704
|
4 |
|
$tables = []; |
|
1705
|
4 |
|
if ($result) { |
|
1706
|
4 |
|
while ($row = $result->fetchRow()) { |
|
1707
|
4 |
|
if (in_array($row[0], $foundRows, true)) { |
|
1708
|
|
|
continue; |
|
1709
|
|
|
} |
|
1710
|
|
|
|
|
1711
|
4 |
|
$tables[] = $row[0]; |
|
1712
|
|
|
} |
|
1713
|
|
|
} |
|
1714
|
|
|
|
|
1715
|
4 |
|
$data['tables'] = $tables; |
|
1716
|
|
|
} else { // routine |
|
1717
|
|
|
$routineData = Routines::getDetails($this->dbi, $dbname); |
|
1718
|
|
|
|
|
1719
|
|
|
$routines = []; |
|
1720
|
|
|
foreach ($routineData as $routine) { |
|
1721
|
|
|
if (in_array($routine->name, $foundRows, true)) { |
|
1722
|
|
|
continue; |
|
1723
|
|
|
} |
|
1724
|
|
|
|
|
1725
|
|
|
$routines[] = $routine->name; |
|
1726
|
|
|
} |
|
1727
|
|
|
|
|
1728
|
|
|
$data['routines'] = $routines; |
|
1729
|
|
|
} |
|
1730
|
|
|
|
|
1731
|
4 |
|
return $this->template->render('server/privileges/privileges_summary', $data); |
|
1732
|
|
|
} |
|
1733
|
|
|
|
|
1734
|
|
|
/** |
|
1735
|
|
|
* Get HTML for display the users overview |
|
1736
|
|
|
* (if less than 50 users, display them immediately) |
|
1737
|
|
|
* |
|
1738
|
|
|
* @param ResultInterface $result ran sql query |
|
1739
|
|
|
* @param mixed[] $dbRights user's database rights array |
|
1740
|
|
|
* @param string $textDir text directory |
|
1741
|
|
|
* |
|
1742
|
|
|
* @return string HTML snippet |
|
1743
|
|
|
*/ |
|
1744
|
8 |
|
public function getUsersOverview(ResultInterface $result, array $dbRights, string $textDir): string |
|
1745
|
|
|
{ |
|
1746
|
8 |
|
$configurableMenusFeature = $this->relation->getRelationParameters()->configurableMenusFeature; |
|
1747
|
|
|
|
|
1748
|
8 |
|
while ($row = $result->fetchAssoc()) { |
|
1749
|
4 |
|
$row['privs'] = $this->extractPrivInfo($row, true); |
|
1750
|
4 |
|
$dbRights[$row['User']][$row['Host']] = $row; |
|
1751
|
|
|
} |
|
1752
|
|
|
|
|
1753
|
8 |
|
unset($result); |
|
1754
|
|
|
|
|
1755
|
8 |
|
$userGroupCount = 0; |
|
1756
|
8 |
|
if ($configurableMenusFeature !== null) { |
|
1757
|
4 |
|
$sqlQuery = 'SELECT * FROM ' . Util::backquote($configurableMenusFeature->database) |
|
1758
|
4 |
|
. '.' . Util::backquote($configurableMenusFeature->users); |
|
1759
|
4 |
|
$result = $this->dbi->tryQueryAsControlUser($sqlQuery); |
|
1760
|
4 |
|
$groupAssignment = []; |
|
1761
|
4 |
|
if ($result) { |
|
1762
|
4 |
|
while ($row = $result->fetchAssoc()) { |
|
1763
|
|
|
$groupAssignment[$row['username']] = $row['usergroup']; |
|
1764
|
|
|
} |
|
1765
|
|
|
} |
|
1766
|
|
|
|
|
1767
|
4 |
|
unset($result); |
|
1768
|
|
|
|
|
1769
|
4 |
|
$userGroupCount = $this->getUserGroupCount($configurableMenusFeature); |
|
1770
|
|
|
} |
|
1771
|
|
|
|
|
1772
|
8 |
|
$hosts = []; |
|
1773
|
8 |
|
$hasAccountLocking = Compatibility::hasAccountLocking($this->dbi->isMariaDB(), $this->dbi->getVersion()); |
|
1774
|
8 |
|
foreach ($dbRights as $user) { |
|
1775
|
4 |
|
ksort($user); |
|
1776
|
4 |
|
foreach ($user as $host) { |
|
1777
|
4 |
|
$res = $this->getUserPrivileges((string) $host['User'], (string) $host['Host'], $hasAccountLocking); |
|
1778
|
|
|
|
|
1779
|
4 |
|
$hasPassword = false; |
|
1780
|
|
|
if ( |
|
1781
|
4 |
|
(isset($res['authentication_string']) |
|
1782
|
|
|
&& $res['authentication_string'] !== '') |
|
1783
|
4 |
|
|| (isset($res['Password']) |
|
1784
|
4 |
|
&& $res['Password'] !== '') |
|
1785
|
|
|
) { |
|
1786
|
|
|
$hasPassword = true; |
|
1787
|
|
|
} |
|
1788
|
|
|
|
|
1789
|
4 |
|
$hosts[] = [ |
|
1790
|
4 |
|
'user' => $host['User'], |
|
1791
|
4 |
|
'host' => $host['Host'], |
|
1792
|
4 |
|
'has_password' => $hasPassword, |
|
1793
|
4 |
|
'has_select_priv' => isset($host['Select_priv']), |
|
1794
|
4 |
|
'privileges' => $host['privs'], |
|
1795
|
4 |
|
'group' => $groupAssignment[$host['User']] ?? '', |
|
1796
|
4 |
|
'has_grant' => $host['Grant_priv'] === 'Y', |
|
1797
|
4 |
|
'is_account_locked' => isset($res['account_locked']) && $res['account_locked'] === 'Y', |
|
1798
|
4 |
|
]; |
|
1799
|
|
|
} |
|
1800
|
|
|
} |
|
1801
|
|
|
|
|
1802
|
8 |
|
return $this->template->render('server/privileges/users_overview', [ |
|
1803
|
8 |
|
'menus_work' => $configurableMenusFeature !== null, |
|
1804
|
8 |
|
'user_group_count' => $userGroupCount, |
|
1805
|
8 |
|
'text_dir' => $textDir, |
|
1806
|
8 |
|
'initial' => $_GET['initial'] ?? '', |
|
1807
|
8 |
|
'hosts' => $hosts, |
|
1808
|
8 |
|
'is_grantuser' => $this->dbi->isGrantUser(), |
|
1809
|
8 |
|
'is_createuser' => $this->dbi->isCreateUser(), |
|
1810
|
8 |
|
'has_account_locking' => $hasAccountLocking, |
|
1811
|
8 |
|
]); |
|
1812
|
|
|
} |
|
1813
|
|
|
|
|
1814
|
|
|
/** |
|
1815
|
|
|
* Displays the initials if there are many privileges |
|
1816
|
|
|
*/ |
|
1817
|
8 |
|
public function getHtmlForInitials(): string |
|
1818
|
|
|
{ |
|
1819
|
8 |
|
$usersCount = $this->dbi->fetchValue('SELECT COUNT(*) FROM `mysql`.`user`'); |
|
1820
|
8 |
|
if ($usersCount === false || $usersCount <= 20) { |
|
1821
|
4 |
|
return ''; |
|
1822
|
|
|
} |
|
1823
|
|
|
|
|
1824
|
4 |
|
$result = $this->dbi->tryQuery('SELECT DISTINCT UPPER(LEFT(`User`, 1)) FROM `user`'); |
|
1825
|
4 |
|
if ($result === false) { |
|
1826
|
|
|
return ''; |
|
1827
|
|
|
} |
|
1828
|
|
|
|
|
1829
|
4 |
|
$initials = $result->fetchAllColumn(); |
|
1830
|
|
|
// Display the initials, which can be any characters, not |
|
1831
|
|
|
// just letters. For letters A-Z, we add the non-used letters |
|
1832
|
|
|
// as greyed out. |
|
1833
|
4 |
|
$initialsMap = array_fill_keys($initials, true) + array_fill_keys(range('A', 'Z'), false); |
|
1834
|
4 |
|
uksort($initialsMap, strnatcasecmp(...)); |
|
|
|
|
|
|
1835
|
|
|
|
|
1836
|
4 |
|
return $this->template->render('server/privileges/initials_row', [ |
|
1837
|
4 |
|
'array_initials' => $initialsMap, |
|
1838
|
4 |
|
'selected_initial' => $_GET['initial'] ?? null, |
|
1839
|
4 |
|
]); |
|
1840
|
|
|
} |
|
1841
|
|
|
|
|
1842
|
|
|
/** |
|
1843
|
|
|
* Get the database rights array for Display user overview |
|
1844
|
|
|
* |
|
1845
|
|
|
* @return (string|string[])[][][] database rights array |
|
1846
|
|
|
*/ |
|
1847
|
8 |
|
public function getDbRightsForUserOverview(string|null $initial): array |
|
1848
|
|
|
{ |
|
1849
|
|
|
// we also want users not in table `user` but in other table |
|
1850
|
8 |
|
$mysqlTables = $this->dbi->fetchResult('SHOW TABLES FROM `mysql`'); |
|
1851
|
8 |
|
$userTables = ['user', 'db', 'tables_priv', 'columns_priv', 'procs_priv']; |
|
1852
|
8 |
|
$whereUser = $this->rangeOfUsers($initial); |
|
1853
|
8 |
|
$sqls = []; |
|
1854
|
8 |
|
foreach (array_intersect($userTables, $mysqlTables) as $table) { |
|
1855
|
8 |
|
$sqls[] = '(SELECT DISTINCT `User`, `Host` FROM `mysql`.`' . $table . '` ' . $whereUser . ')'; |
|
1856
|
|
|
} |
|
1857
|
|
|
|
|
1858
|
8 |
|
$sql = implode(' UNION ', $sqls) . ' ORDER BY `User` ASC, `Host` ASC'; |
|
1859
|
8 |
|
$result = $this->dbi->query($sql); |
|
1860
|
|
|
|
|
1861
|
8 |
|
$userDefaults = ['User' => '', 'Host' => '%', 'Password' => '?', 'Grant_priv' => 'N', 'privs' => ['USAGE']]; |
|
1862
|
8 |
|
$dbRights = []; |
|
1863
|
8 |
|
while ($row = $result->fetchAssoc()) { |
|
1864
|
|
|
/** @psalm-var array{User: string, Host: string} $row */ |
|
1865
|
8 |
|
$dbRights[$row['User']][$row['Host']] = array_merge($userDefaults, $row); |
|
1866
|
|
|
} |
|
1867
|
|
|
|
|
1868
|
8 |
|
ksort($dbRights); |
|
1869
|
|
|
|
|
1870
|
8 |
|
return $dbRights; |
|
1871
|
|
|
} |
|
1872
|
|
|
|
|
1873
|
|
|
/** |
|
1874
|
|
|
* Delete user and get message and sql query for delete user in privileges |
|
1875
|
|
|
* |
|
1876
|
|
|
* @param mixed[] $queries queries |
|
1877
|
|
|
* |
|
1878
|
|
|
* @return array{string, Message} Message |
|
|
|
|
|
|
1879
|
|
|
*/ |
|
1880
|
4 |
|
public function deleteUser(array $queries): array |
|
1881
|
|
|
{ |
|
1882
|
4 |
|
$sqlQuery = ''; |
|
1883
|
4 |
|
if ($queries === []) { |
|
1884
|
4 |
|
$message = Message::error(__('No users selected for deleting!')); |
|
1885
|
|
|
} else { |
|
1886
|
4 |
|
if ($_POST['mode'] == 3) { |
|
1887
|
4 |
|
$queries[] = '# ' . __('Reloading the privileges') . ' …'; |
|
1888
|
4 |
|
$queries[] = 'FLUSH PRIVILEGES;'; |
|
1889
|
|
|
} |
|
1890
|
|
|
|
|
1891
|
4 |
|
$dropUserError = ''; |
|
1892
|
4 |
|
foreach ($queries as $sqlQuery) { |
|
1893
|
4 |
|
if ($sqlQuery[0] === '#') { |
|
1894
|
4 |
|
continue; |
|
1895
|
|
|
} |
|
1896
|
|
|
|
|
1897
|
4 |
|
if ($this->dbi->tryQuery($sqlQuery)) { |
|
1898
|
4 |
|
continue; |
|
1899
|
|
|
} |
|
1900
|
|
|
|
|
1901
|
4 |
|
$dropUserError .= $this->dbi->getError() . "\n"; |
|
1902
|
|
|
} |
|
1903
|
|
|
|
|
1904
|
|
|
// tracking sets this, causing the deleted db to be shown in navi |
|
1905
|
4 |
|
Current::$database = ''; |
|
1906
|
|
|
|
|
1907
|
4 |
|
$sqlQuery = implode("\n", $queries); |
|
1908
|
4 |
|
if ($dropUserError !== '') { |
|
1909
|
4 |
|
$message = Message::rawError($dropUserError); |
|
1910
|
|
|
} else { |
|
1911
|
4 |
|
$message = Message::success( |
|
1912
|
4 |
|
__('The selected users have been deleted successfully.'), |
|
1913
|
4 |
|
); |
|
1914
|
|
|
} |
|
1915
|
|
|
} |
|
1916
|
|
|
|
|
1917
|
4 |
|
return [$sqlQuery, $message]; |
|
1918
|
|
|
} |
|
1919
|
|
|
|
|
1920
|
|
|
/** |
|
1921
|
|
|
* Update the privileges and return the success or error message |
|
1922
|
|
|
* |
|
1923
|
|
|
* @return array{string, Message} success message or error message for update |
|
|
|
|
|
|
1924
|
|
|
*/ |
|
1925
|
12 |
|
public function updatePrivileges( |
|
1926
|
|
|
string $username, |
|
1927
|
|
|
string $hostname, |
|
1928
|
|
|
string $tablename, |
|
1929
|
|
|
string $dbname, |
|
1930
|
|
|
string $itemType, |
|
1931
|
|
|
): array { |
|
1932
|
12 |
|
$dbAndTable = $this->wildcardEscapeForGrant($dbname, $tablename); |
|
1933
|
|
|
|
|
1934
|
12 |
|
$sqlQuery0 = 'REVOKE ALL PRIVILEGES ON ' . $itemType . ' ' . $dbAndTable |
|
1935
|
12 |
|
. ' FROM ' . $this->dbi->quoteString($username) |
|
1936
|
12 |
|
. '@' . $this->dbi->quoteString($hostname) . ';'; |
|
1937
|
|
|
|
|
1938
|
12 |
|
if (! isset($_POST['Grant_priv']) || $_POST['Grant_priv'] !== 'Y') { |
|
1939
|
|
|
$sqlQuery1 = 'REVOKE GRANT OPTION ON ' . $itemType . ' ' . $dbAndTable |
|
1940
|
|
|
. ' FROM ' . $this->dbi->quoteString($username) . '@' |
|
1941
|
|
|
. $this->dbi->quoteString($hostname) . ';'; |
|
1942
|
|
|
} else { |
|
1943
|
12 |
|
$sqlQuery1 = ''; |
|
1944
|
|
|
} |
|
1945
|
|
|
|
|
1946
|
12 |
|
$grantBackQuery = null; |
|
1947
|
12 |
|
$alterUserQuery = null; |
|
1948
|
|
|
|
|
1949
|
|
|
// Should not do a GRANT USAGE for a table-specific privilege, it |
|
1950
|
|
|
// causes problems later (cannot revoke it) |
|
1951
|
12 |
|
if (! ($tablename !== '' && implode('', $this->extractPrivInfo()) === 'USAGE')) { |
|
1952
|
8 |
|
[$grantBackQuery, $alterUserQuery] = $this->generateQueriesForUpdatePrivileges( |
|
1953
|
8 |
|
$itemType, |
|
1954
|
8 |
|
$dbAndTable, |
|
1955
|
8 |
|
$username, |
|
1956
|
8 |
|
$hostname, |
|
1957
|
8 |
|
$dbname, |
|
1958
|
8 |
|
); |
|
1959
|
|
|
} |
|
1960
|
|
|
|
|
1961
|
12 |
|
if (! $this->dbi->tryQuery($sqlQuery0)) { |
|
1962
|
|
|
// This might fail when the executing user does not have |
|
1963
|
|
|
// ALL PRIVILEGES themselves. |
|
1964
|
|
|
// See https://github.com/phpmyadmin/phpmyadmin/issues/9673 |
|
1965
|
8 |
|
$sqlQuery0 = ''; |
|
1966
|
|
|
} |
|
1967
|
|
|
|
|
1968
|
12 |
|
if ($sqlQuery1 !== '' && ! $this->dbi->tryQuery($sqlQuery1)) { |
|
1969
|
|
|
// this one may fail, too... |
|
1970
|
|
|
$sqlQuery1 = ''; |
|
1971
|
|
|
} |
|
1972
|
|
|
|
|
1973
|
12 |
|
if ($grantBackQuery !== null) { |
|
1974
|
8 |
|
$this->dbi->query($grantBackQuery); |
|
1975
|
|
|
} else { |
|
1976
|
4 |
|
$grantBackQuery = ''; |
|
1977
|
|
|
} |
|
1978
|
|
|
|
|
1979
|
12 |
|
if ($alterUserQuery !== null) { |
|
1980
|
4 |
|
$this->dbi->query($alterUserQuery); |
|
1981
|
|
|
} else { |
|
1982
|
8 |
|
$alterUserQuery = ''; |
|
1983
|
|
|
} |
|
1984
|
|
|
|
|
1985
|
12 |
|
$sqlQuery = $sqlQuery0 . ' ' . $sqlQuery1 . ' ' . $grantBackQuery . ' ' . $alterUserQuery; |
|
1986
|
12 |
|
$message = Message::success(__('You have updated the privileges for %s.')); |
|
1987
|
12 |
|
$message->addParam('\'' . $username . '\'@\'' . $hostname . '\''); |
|
1988
|
|
|
|
|
1989
|
12 |
|
return [$sqlQuery, $message]; |
|
1990
|
|
|
} |
|
1991
|
|
|
|
|
1992
|
|
|
/** |
|
1993
|
|
|
* Generate the query for the GRANTS and requirements + limits |
|
1994
|
|
|
* |
|
1995
|
|
|
* @return array<int,string|null> |
|
1996
|
|
|
*/ |
|
1997
|
8 |
|
private function generateQueriesForUpdatePrivileges( |
|
1998
|
|
|
string $itemType, |
|
1999
|
|
|
string $dbAndTable, |
|
2000
|
|
|
string $username, |
|
2001
|
|
|
string $hostname, |
|
2002
|
|
|
string $dbname, |
|
2003
|
|
|
): array { |
|
2004
|
8 |
|
$alterUserQuery = null; |
|
2005
|
|
|
|
|
2006
|
8 |
|
$grantBackQuery = 'GRANT ' . implode(', ', $this->extractPrivInfo()) |
|
2007
|
8 |
|
. ' ON ' . $itemType . ' ' . $dbAndTable |
|
2008
|
8 |
|
. ' TO ' . $this->dbi->quoteString($username) . '@' |
|
2009
|
8 |
|
. $this->dbi->quoteString($hostname); |
|
2010
|
|
|
|
|
2011
|
8 |
|
$isMySqlOrPercona = Compatibility::isMySqlOrPerconaDb(); |
|
2012
|
8 |
|
$needsToUseAlter = $isMySqlOrPercona && $this->dbi->getVersion() >= 80011; |
|
2013
|
|
|
|
|
2014
|
8 |
|
if ($needsToUseAlter) { |
|
2015
|
4 |
|
$alterUserQuery = 'ALTER USER ' . $this->dbi->quoteString($username) . '@' |
|
2016
|
4 |
|
. $this->dbi->quoteString($hostname) . ' '; |
|
2017
|
|
|
} |
|
2018
|
|
|
|
|
2019
|
8 |
|
if ($dbname === '') { |
|
2020
|
|
|
// add REQUIRE clause |
|
2021
|
8 |
|
if ($needsToUseAlter) { |
|
2022
|
4 |
|
$alterUserQuery .= $this->getRequireClause(); |
|
2023
|
|
|
} else { |
|
2024
|
4 |
|
$grantBackQuery .= $this->getRequireClause(); |
|
2025
|
|
|
} |
|
2026
|
|
|
} |
|
2027
|
|
|
|
|
2028
|
|
|
if ( |
|
2029
|
8 |
|
(isset($_POST['Grant_priv']) && $_POST['Grant_priv'] === 'Y') |
|
2030
|
8 |
|
|| ($dbname === '' |
|
2031
|
8 |
|
&& (isset($_POST['max_questions']) || isset($_POST['max_connections']) |
|
2032
|
8 |
|
|| isset($_POST['max_updates']) |
|
2033
|
8 |
|
|| isset($_POST['max_user_connections']))) |
|
2034
|
|
|
) { |
|
2035
|
8 |
|
if ($needsToUseAlter) { |
|
2036
|
4 |
|
$alterUserQuery .= $this->getWithClauseForAddUserAndUpdatePrivs(); |
|
2037
|
|
|
} else { |
|
2038
|
4 |
|
$grantBackQuery .= $this->getWithClauseForAddUserAndUpdatePrivs(); |
|
2039
|
|
|
} |
|
2040
|
|
|
} |
|
2041
|
|
|
|
|
2042
|
8 |
|
$grantBackQuery .= ';'; |
|
2043
|
|
|
|
|
2044
|
8 |
|
if ($needsToUseAlter) { |
|
2045
|
4 |
|
$alterUserQuery .= ';'; |
|
2046
|
|
|
} |
|
2047
|
|
|
|
|
2048
|
8 |
|
return [$grantBackQuery, $alterUserQuery]; |
|
2049
|
|
|
} |
|
2050
|
|
|
|
|
2051
|
|
|
/** |
|
2052
|
|
|
* Get List of information: Changes / copies a user |
|
2053
|
|
|
*/ |
|
2054
|
4 |
|
public function getDataForChangeOrCopyUser(string $oldUsername, string $oldHostname): string|null |
|
2055
|
|
|
{ |
|
2056
|
4 |
|
if (isset($_POST['change_copy'])) { |
|
2057
|
4 |
|
$userHostCondition = $this->getUserHostCondition($oldUsername, $oldHostname); |
|
2058
|
4 |
|
$row = $this->dbi->fetchSingleRow('SELECT * FROM `mysql`.`user` ' . $userHostCondition . ';'); |
|
2059
|
4 |
|
if ($row === null || $row === []) { |
|
2060
|
|
|
$response = ResponseRenderer::getInstance(); |
|
2061
|
|
|
$response->addHTML( |
|
2062
|
|
|
Message::notice(__('No user found.'))->getDisplay(), |
|
2063
|
|
|
); |
|
2064
|
|
|
unset($_POST['change_copy']); |
|
2065
|
|
|
} else { |
|
2066
|
4 |
|
foreach ($row as $key => $value) { |
|
2067
|
4 |
|
$GLOBALS[$key] = $value; |
|
2068
|
|
|
} |
|
2069
|
|
|
|
|
2070
|
4 |
|
$serverVersion = $this->dbi->getVersion(); |
|
2071
|
|
|
// Recent MySQL versions have the field "Password" in mysql.user, |
|
2072
|
|
|
// so the previous extract creates $row['Password'] but this script |
|
2073
|
|
|
// uses $password |
|
2074
|
4 |
|
if (! isset($row['password']) && isset($row['Password'])) { |
|
2075
|
4 |
|
$row['password'] = $row['Password']; |
|
2076
|
|
|
} |
|
2077
|
|
|
|
|
2078
|
|
|
if ( |
|
2079
|
4 |
|
Compatibility::isMySqlOrPerconaDb() |
|
2080
|
4 |
|
&& $serverVersion >= 50606 |
|
2081
|
4 |
|
&& $serverVersion < 50706 |
|
2082
|
4 |
|
&& ((isset($row['authentication_string']) |
|
2083
|
4 |
|
&& empty($row['password'])) |
|
2084
|
4 |
|
|| (isset($row['plugin']) |
|
2085
|
4 |
|
&& $row['plugin'] === 'sha256_password')) |
|
2086
|
|
|
) { |
|
2087
|
|
|
$row['password'] = $row['authentication_string']; |
|
2088
|
|
|
} |
|
2089
|
|
|
|
|
2090
|
|
|
if ( |
|
2091
|
4 |
|
Compatibility::isMariaDb() |
|
2092
|
4 |
|
&& $serverVersion >= 50500 |
|
2093
|
4 |
|
&& isset($row['authentication_string']) |
|
2094
|
4 |
|
&& empty($row['password']) |
|
2095
|
|
|
) { |
|
2096
|
|
|
$row['password'] = $row['authentication_string']; |
|
2097
|
|
|
} |
|
2098
|
|
|
|
|
2099
|
|
|
// Always use 'authentication_string' column |
|
2100
|
|
|
// for MySQL 5.7.6+ since it does not have |
|
2101
|
|
|
// the 'password' column at all |
|
2102
|
|
|
if ( |
|
2103
|
4 |
|
Compatibility::isMySqlOrPerconaDb() |
|
2104
|
4 |
|
&& $serverVersion >= 50706 |
|
2105
|
4 |
|
&& isset($row['authentication_string']) |
|
2106
|
|
|
) { |
|
2107
|
4 |
|
$row['password'] = $row['authentication_string']; |
|
2108
|
|
|
} |
|
2109
|
|
|
|
|
2110
|
4 |
|
return $row['password']; |
|
2111
|
|
|
} |
|
2112
|
|
|
} |
|
2113
|
|
|
|
|
2114
|
4 |
|
return null; |
|
2115
|
|
|
} |
|
2116
|
|
|
|
|
2117
|
|
|
/** |
|
2118
|
|
|
* Update Data for information: Deletes users |
|
2119
|
|
|
* |
|
2120
|
|
|
* @param mixed[] $queries queries array |
|
2121
|
|
|
* |
|
2122
|
|
|
* @return mixed[] |
|
2123
|
|
|
*/ |
|
2124
|
4 |
|
public function getDataForDeleteUsers(array $queries): array |
|
2125
|
|
|
{ |
|
2126
|
4 |
|
if (isset($_POST['change_copy'])) { |
|
2127
|
4 |
|
$selectedUsr = [$_POST['old_username'] . '&#27;' . $_POST['old_hostname']]; |
|
2128
|
|
|
} else { |
|
2129
|
|
|
// null happens when no user was selected |
|
2130
|
|
|
$selectedUsr = $_POST['selected_usr'] ?? null; |
|
2131
|
|
|
$queries = []; |
|
2132
|
|
|
} |
|
2133
|
|
|
|
|
2134
|
|
|
// this happens, was seen in https://reports.phpmyadmin.net/reports/view/17146 |
|
2135
|
4 |
|
if (! is_array($selectedUsr)) { |
|
2136
|
|
|
return []; |
|
2137
|
|
|
} |
|
2138
|
|
|
|
|
2139
|
4 |
|
foreach ($selectedUsr as $eachUser) { |
|
2140
|
4 |
|
[$thisUser, $thisHost] = explode('&#27;', $eachUser); |
|
2141
|
4 |
|
$queries[] = '# ' |
|
2142
|
4 |
|
. sprintf( |
|
2143
|
4 |
|
__('Deleting %s'), |
|
2144
|
4 |
|
'\'' . $thisUser . '\'@\'' . $thisHost . '\'', |
|
2145
|
4 |
|
) |
|
2146
|
4 |
|
. ' ...'; |
|
2147
|
4 |
|
$queries[] = 'DROP USER ' |
|
2148
|
4 |
|
. $this->dbi->quoteString($thisUser) |
|
2149
|
4 |
|
. '@' . $this->dbi->quoteString($thisHost) . ';'; |
|
2150
|
4 |
|
$this->relationCleanup->user($thisUser); |
|
2151
|
|
|
|
|
2152
|
4 |
|
if (! isset($_POST['drop_users_db'])) { |
|
2153
|
4 |
|
continue; |
|
2154
|
|
|
} |
|
2155
|
|
|
|
|
2156
|
|
|
$queries[] = 'DROP DATABASE IF EXISTS ' |
|
2157
|
|
|
. Util::backquote($thisUser) . ';'; |
|
2158
|
|
|
$GLOBALS['reload'] = true; |
|
2159
|
|
|
} |
|
2160
|
|
|
|
|
2161
|
4 |
|
return $queries; |
|
2162
|
|
|
} |
|
2163
|
|
|
|
|
2164
|
|
|
/** |
|
2165
|
|
|
* update Message For Reload |
|
2166
|
|
|
*/ |
|
2167
|
|
|
public function updateMessageForReload(): Message|null |
|
2168
|
|
|
{ |
|
2169
|
|
|
$message = null; |
|
2170
|
|
|
if (isset($_GET['flush_privileges'])) { |
|
2171
|
|
|
$sqlQuery = 'FLUSH PRIVILEGES;'; |
|
2172
|
|
|
$this->dbi->query($sqlQuery); |
|
2173
|
|
|
$message = Message::success( |
|
2174
|
|
|
__('The privileges were reloaded successfully.'), |
|
2175
|
|
|
); |
|
2176
|
|
|
} |
|
2177
|
|
|
|
|
2178
|
|
|
if (isset($_GET['validate_username'])) { |
|
2179
|
|
|
return Message::success(); |
|
2180
|
|
|
} |
|
2181
|
|
|
|
|
2182
|
|
|
return $message; |
|
2183
|
|
|
} |
|
2184
|
|
|
|
|
2185
|
|
|
/** |
|
2186
|
|
|
* update Data For Queries from queries_for_display |
|
2187
|
|
|
* |
|
2188
|
|
|
* @param mixed[] $queries queries array |
|
2189
|
|
|
* @param mixed[]|null $queriesForDisplay queries array for display |
|
2190
|
|
|
* |
|
2191
|
|
|
* @return mixed[] |
|
2192
|
|
|
*/ |
|
2193
|
|
|
public function getDataForQueries(array $queries, array|null $queriesForDisplay): array |
|
2194
|
|
|
{ |
|
2195
|
|
|
$tmpCount = 0; |
|
2196
|
|
|
foreach ($queries as $sqlQuery) { |
|
2197
|
|
|
if ($sqlQuery[0] !== '#') { |
|
2198
|
|
|
$this->dbi->query($sqlQuery); |
|
2199
|
|
|
} |
|
2200
|
|
|
|
|
2201
|
|
|
// when there is a query containing a hidden password, take it |
|
2202
|
|
|
// instead of the real query sent |
|
2203
|
|
|
if (isset($queriesForDisplay[$tmpCount])) { |
|
2204
|
|
|
$queries[$tmpCount] = $queriesForDisplay[$tmpCount]; |
|
2205
|
|
|
} |
|
2206
|
|
|
|
|
2207
|
|
|
$tmpCount++; |
|
2208
|
|
|
} |
|
2209
|
|
|
|
|
2210
|
|
|
return $queries; |
|
2211
|
|
|
} |
|
2212
|
|
|
|
|
2213
|
|
|
/** |
|
2214
|
|
|
* update Data for information: Adds a user |
|
2215
|
|
|
* |
|
2216
|
|
|
* @param string|mixed[]|null $dbname db name |
|
2217
|
|
|
* @param string $username user name |
|
2218
|
|
|
* @param string $hostname host name |
|
2219
|
|
|
* @param string|null $password password |
|
2220
|
|
|
* @param bool $isMenuwork is_menuwork set? |
|
2221
|
|
|
* |
|
2222
|
|
|
* @return array{Message|null, string[], string[]|null, string|null, bool} |
|
|
|
|
|
|
2223
|
|
|
*/ |
|
2224
|
8 |
|
public function addUser( |
|
2225
|
|
|
string|array|null $dbname, |
|
2226
|
|
|
string $username, |
|
2227
|
|
|
string $hostname, |
|
2228
|
|
|
string|null $password, |
|
2229
|
|
|
bool $isMenuwork, |
|
2230
|
|
|
): array { |
|
2231
|
8 |
|
$message = null; |
|
2232
|
8 |
|
$queries = []; |
|
2233
|
8 |
|
$queriesForDisplay = null; |
|
2234
|
8 |
|
$sqlQuery = null; |
|
2235
|
|
|
|
|
2236
|
8 |
|
if (! isset($_POST['adduser_submit']) && ! isset($_POST['change_copy'])) { |
|
2237
|
|
|
return [ |
|
2238
|
|
|
$message, |
|
2239
|
|
|
$queries, |
|
2240
|
|
|
$queriesForDisplay, |
|
2241
|
|
|
$sqlQuery, |
|
2242
|
|
|
false, // Add user error |
|
2243
|
|
|
]; |
|
2244
|
|
|
} |
|
2245
|
|
|
|
|
2246
|
8 |
|
$sqlQuery = ''; |
|
2247
|
|
|
// Some reports were sent to the error reporting server with phpMyAdmin 5.1.0 |
|
2248
|
|
|
// pred_username was reported to be not defined |
|
2249
|
8 |
|
$predUsername = $_POST['pred_username'] ?? ''; |
|
2250
|
8 |
|
if ($predUsername === 'any') { |
|
2251
|
8 |
|
$username = ''; |
|
2252
|
|
|
} |
|
2253
|
|
|
|
|
2254
|
8 |
|
switch ($_POST['pred_hostname']) { |
|
2255
|
8 |
|
case 'any': |
|
2256
|
|
|
$hostname = '%'; |
|
2257
|
|
|
break; |
|
2258
|
8 |
|
case 'localhost': |
|
2259
|
8 |
|
$hostname = 'localhost'; |
|
2260
|
8 |
|
break; |
|
2261
|
|
|
case 'hosttable': |
|
2262
|
|
|
$hostname = ''; |
|
2263
|
|
|
break; |
|
2264
|
|
|
case 'thishost': |
|
2265
|
|
|
$currentUserName = $this->dbi->fetchValue('SELECT USER()'); |
|
2266
|
|
|
if (is_string($currentUserName)) { |
|
2267
|
|
|
$hostname = mb_substr($currentUserName, mb_strrpos($currentUserName, '@') + 1); |
|
2268
|
|
|
unset($currentUserName); |
|
2269
|
|
|
} |
|
2270
|
|
|
|
|
2271
|
|
|
break; |
|
2272
|
|
|
} |
|
2273
|
|
|
|
|
2274
|
8 |
|
if ($this->userExists($username, $hostname)) { |
|
2275
|
|
|
$message = Message::error(__('The user %s already exists!')); |
|
2276
|
|
|
$message->addParam('[em]\'' . $username . '\'@\'' . $hostname . '\'[/em]'); |
|
2277
|
|
|
$_GET['adduser'] = true; |
|
2278
|
|
|
|
|
2279
|
|
|
return [ |
|
2280
|
|
|
$message, |
|
2281
|
|
|
$queries, |
|
2282
|
|
|
$queriesForDisplay, |
|
2283
|
|
|
$sqlQuery, |
|
2284
|
|
|
true, // Add user error |
|
2285
|
|
|
]; |
|
2286
|
|
|
} |
|
2287
|
|
|
|
|
2288
|
8 |
|
[ |
|
2289
|
8 |
|
$createUserReal, |
|
2290
|
8 |
|
$createUserShow, |
|
2291
|
8 |
|
$realSqlQuery, |
|
2292
|
8 |
|
$sqlQuery, |
|
2293
|
8 |
|
$passwordSetReal, |
|
2294
|
8 |
|
$passwordSetShow, |
|
2295
|
8 |
|
$alterRealSqlQuery, |
|
2296
|
8 |
|
$alterSqlQuery, |
|
2297
|
8 |
|
] = $this->getSqlQueriesForDisplayAndAddUser($username, $hostname, $password ?? ''); |
|
2298
|
|
|
|
|
2299
|
8 |
|
if (empty($_POST['change_copy'])) { |
|
2300
|
8 |
|
$error = false; |
|
2301
|
|
|
|
|
2302
|
8 |
|
if (! $this->dbi->tryQuery($createUserReal)) { |
|
2303
|
|
|
$error = true; |
|
2304
|
|
|
} |
|
2305
|
|
|
|
|
2306
|
8 |
|
if (isset($_POST['authentication_plugin']) && $passwordSetReal !== '') { |
|
2307
|
4 |
|
$this->setProperPasswordHashing($_POST['authentication_plugin']); |
|
2308
|
4 |
|
if ($this->dbi->tryQuery($passwordSetReal)) { |
|
2309
|
4 |
|
$sqlQuery .= $passwordSetShow; |
|
2310
|
|
|
} |
|
2311
|
|
|
} |
|
2312
|
|
|
|
|
2313
|
8 |
|
$sqlQuery = $createUserShow . $sqlQuery; |
|
2314
|
|
|
|
|
2315
|
8 |
|
[$sqlQuery, $message] = $this->addUserAndCreateDatabase( |
|
2316
|
8 |
|
$error, |
|
2317
|
8 |
|
$realSqlQuery, |
|
2318
|
8 |
|
$sqlQuery, |
|
2319
|
8 |
|
$username, |
|
2320
|
8 |
|
$hostname, |
|
2321
|
8 |
|
is_string($dbname) ? $dbname : '', |
|
|
|
|
|
|
2322
|
8 |
|
$alterRealSqlQuery, |
|
2323
|
8 |
|
$alterSqlQuery, |
|
2324
|
8 |
|
isset($_POST['createdb-1']), |
|
2325
|
8 |
|
isset($_POST['createdb-2']), |
|
2326
|
8 |
|
isset($_POST['createdb-3']), |
|
2327
|
8 |
|
); |
|
2328
|
8 |
|
if (! empty($_POST['userGroup']) && $isMenuwork) { |
|
2329
|
8 |
|
$this->setUserGroup($GLOBALS['username'], $_POST['userGroup']); |
|
2330
|
|
|
} |
|
2331
|
|
|
|
|
2332
|
8 |
|
return [ |
|
2333
|
8 |
|
$message, |
|
2334
|
8 |
|
$queries, |
|
2335
|
8 |
|
$queriesForDisplay, |
|
2336
|
8 |
|
$sqlQuery, |
|
2337
|
8 |
|
$error, // Add user error if the query fails |
|
2338
|
8 |
|
]; |
|
2339
|
|
|
} |
|
2340
|
|
|
|
|
2341
|
|
|
// Copy the user group while copying a user |
|
2342
|
|
|
$oldUserGroup = $_POST['old_usergroup'] ?? ''; |
|
2343
|
|
|
$this->setUserGroup($_POST['username'], $oldUserGroup); |
|
2344
|
|
|
|
|
2345
|
|
|
$queries[] = $createUserReal; |
|
2346
|
|
|
$queries[] = $realSqlQuery; |
|
2347
|
|
|
|
|
2348
|
|
|
if (isset($_POST['authentication_plugin']) && $passwordSetReal !== '') { |
|
2349
|
|
|
$this->setProperPasswordHashing($_POST['authentication_plugin']); |
|
2350
|
|
|
|
|
2351
|
|
|
$queries[] = $passwordSetReal; |
|
2352
|
|
|
} |
|
2353
|
|
|
|
|
2354
|
|
|
// we put the query containing the hidden password in |
|
2355
|
|
|
// $queries_for_display, at the same position occupied |
|
2356
|
|
|
// by the real query in $queries |
|
2357
|
|
|
$tmpCount = count($queries); |
|
2358
|
|
|
$queriesForDisplay[$tmpCount - 2] = $createUserShow; |
|
2359
|
|
|
|
|
2360
|
|
|
if ($passwordSetReal !== '') { |
|
2361
|
|
|
$queriesForDisplay[$tmpCount - 3] = $createUserShow; |
|
2362
|
|
|
$queriesForDisplay[$tmpCount - 2] = $sqlQuery; |
|
2363
|
|
|
$queriesForDisplay[$tmpCount - 1] = $passwordSetShow; |
|
2364
|
|
|
} else { |
|
2365
|
|
|
$queriesForDisplay[$tmpCount - 1] = $sqlQuery; |
|
2366
|
|
|
} |
|
2367
|
|
|
|
|
2368
|
|
|
return [ |
|
2369
|
|
|
$message, |
|
2370
|
|
|
$queries, |
|
2371
|
|
|
$queriesForDisplay, |
|
2372
|
|
|
$sqlQuery, |
|
2373
|
|
|
false, // Add user error |
|
2374
|
|
|
]; |
|
2375
|
|
|
} |
|
2376
|
|
|
|
|
2377
|
|
|
/** |
|
2378
|
|
|
* Sets proper value of `old_passwords` according to |
|
2379
|
|
|
* the authentication plugin selected |
|
2380
|
|
|
* |
|
2381
|
|
|
* @param string $authPlugin authentication plugin selected |
|
2382
|
|
|
*/ |
|
2383
|
16 |
|
public function setProperPasswordHashing(string $authPlugin): void |
|
2384
|
|
|
{ |
|
2385
|
|
|
// Set the hashing method used by PASSWORD() |
|
2386
|
|
|
// to be of type depending upon $authentication_plugin |
|
2387
|
16 |
|
if ($authPlugin === 'sha256_password') { |
|
2388
|
|
|
$this->dbi->tryQuery('SET `old_passwords` = 2;'); |
|
2389
|
16 |
|
} elseif ($authPlugin === 'mysql_old_password') { |
|
2390
|
|
|
$this->dbi->tryQuery('SET `old_passwords` = 1;'); |
|
2391
|
|
|
} else { |
|
2392
|
16 |
|
$this->dbi->tryQuery('SET `old_passwords` = 0;'); |
|
2393
|
|
|
} |
|
2394
|
|
|
} |
|
2395
|
|
|
|
|
2396
|
|
|
/** |
|
2397
|
|
|
* Update DB information: DB, Table, isWildcard |
|
2398
|
|
|
* |
|
2399
|
|
|
* @return mixed[] |
|
2400
|
|
|
* @psalm-return array{?string, ?string, array|string|null, ?string, ?string, bool} |
|
2401
|
|
|
*/ |
|
2402
|
4 |
|
public function getDataForDBInfo(): array |
|
2403
|
|
|
{ |
|
2404
|
4 |
|
$username = null; |
|
2405
|
4 |
|
$hostname = null; |
|
2406
|
4 |
|
$dbname = null; |
|
2407
|
4 |
|
$tablename = null; |
|
2408
|
4 |
|
$routinename = null; |
|
2409
|
|
|
|
|
2410
|
4 |
|
if (isset($_REQUEST['username'])) { |
|
2411
|
4 |
|
$username = (string) $_REQUEST['username']; |
|
2412
|
|
|
} |
|
2413
|
|
|
|
|
2414
|
4 |
|
if (isset($_REQUEST['hostname'])) { |
|
2415
|
4 |
|
$hostname = (string) $_REQUEST['hostname']; |
|
2416
|
|
|
} |
|
2417
|
|
|
|
|
2418
|
|
|
/** |
|
2419
|
|
|
* Checks if a dropdown box has been used for selecting a database / table |
|
2420
|
|
|
*/ |
|
2421
|
|
|
if ( |
|
2422
|
4 |
|
isset($_POST['pred_tablename']) |
|
2423
|
4 |
|
&& is_string($_POST['pred_tablename']) |
|
2424
|
4 |
|
&& $_POST['pred_tablename'] !== '' |
|
2425
|
|
|
) { |
|
2426
|
4 |
|
$tablename = $_POST['pred_tablename']; |
|
2427
|
|
|
} elseif ( |
|
2428
|
4 |
|
isset($_REQUEST['tablename']) |
|
2429
|
4 |
|
&& is_string($_REQUEST['tablename']) |
|
2430
|
4 |
|
&& $_REQUEST['tablename'] !== '' |
|
2431
|
|
|
) { |
|
2432
|
4 |
|
$tablename = $_REQUEST['tablename']; |
|
2433
|
|
|
} |
|
2434
|
|
|
|
|
2435
|
|
|
if ( |
|
2436
|
4 |
|
isset($_POST['pred_routinename']) |
|
2437
|
4 |
|
&& is_string($_POST['pred_routinename']) |
|
2438
|
4 |
|
&& $_POST['pred_routinename'] !== '' |
|
2439
|
|
|
) { |
|
2440
|
|
|
$routinename = $_POST['pred_routinename']; |
|
2441
|
|
|
} elseif ( |
|
2442
|
4 |
|
isset($_REQUEST['routinename']) |
|
2443
|
4 |
|
&& is_string($_REQUEST['routinename']) |
|
2444
|
4 |
|
&& $_REQUEST['routinename'] !== '' |
|
2445
|
|
|
) { |
|
2446
|
|
|
$routinename = $_REQUEST['routinename']; |
|
2447
|
|
|
} |
|
2448
|
|
|
|
|
2449
|
|
|
// Accept only array of non-empty strings |
|
2450
|
|
|
if ( |
|
2451
|
4 |
|
isset($_POST['pred_dbname']) |
|
2452
|
4 |
|
&& is_array($_POST['pred_dbname']) |
|
2453
|
4 |
|
&& $_POST['pred_dbname'] === array_filter($_POST['pred_dbname']) |
|
2454
|
|
|
) { |
|
2455
|
4 |
|
$dbname = $_POST['pred_dbname']; |
|
2456
|
|
|
// If dbname contains only one database. |
|
2457
|
4 |
|
if (count($dbname) === 1) { |
|
2458
|
4 |
|
$dbname = (string) $dbname[0]; |
|
2459
|
|
|
} |
|
2460
|
|
|
} |
|
2461
|
|
|
|
|
2462
|
4 |
|
if ($dbname === null && isset($_REQUEST['dbname'])) { |
|
2463
|
4 |
|
if (is_array($_REQUEST['dbname'])) { |
|
2464
|
|
|
// Accept only array of non-empty strings |
|
2465
|
4 |
|
if ($_REQUEST['dbname'] === array_filter($_REQUEST['dbname'])) { |
|
2466
|
4 |
|
$dbname = $_REQUEST['dbname']; |
|
2467
|
|
|
} |
|
2468
|
|
|
} elseif ( |
|
2469
|
4 |
|
is_string($_REQUEST['dbname']) |
|
2470
|
4 |
|
&& $_REQUEST['dbname'] !== '' |
|
2471
|
|
|
) { |
|
2472
|
4 |
|
$dbname = $_REQUEST['dbname']; |
|
2473
|
|
|
} |
|
2474
|
|
|
} |
|
2475
|
|
|
|
|
2476
|
|
|
// check if given $dbname is a wildcard or not |
|
2477
|
4 |
|
$databaseNameIsWildcard = is_string($dbname) && preg_match('/(?<!\\\\)(?:_|%)/', $dbname); |
|
2478
|
|
|
|
|
2479
|
4 |
|
return [$username, $hostname, $dbname, $tablename, $routinename, $databaseNameIsWildcard]; |
|
2480
|
|
|
} |
|
2481
|
|
|
|
|
2482
|
|
|
/** |
|
2483
|
|
|
* Get title and textarea for export user definition in Privileges |
|
2484
|
|
|
* |
|
2485
|
|
|
* @param string $username username |
|
2486
|
|
|
* @param string $hostname host name |
|
2487
|
|
|
* @param string[]|null $selectedUsers |
|
2488
|
|
|
*/ |
|
2489
|
4 |
|
public function getExportUserDefinitionTextarea( |
|
2490
|
|
|
string $username, |
|
2491
|
|
|
string $hostname, |
|
2492
|
|
|
array|null $selectedUsers, |
|
2493
|
|
|
): string { |
|
2494
|
4 |
|
$export = '<textarea class="export" cols="60" rows="15">'; |
|
2495
|
|
|
|
|
2496
|
4 |
|
if ($selectedUsers !== null) { |
|
|
|
|
|
|
2497
|
|
|
//For removing duplicate entries of users |
|
2498
|
|
|
$selectedUsers = array_unique($selectedUsers); |
|
2499
|
|
|
|
|
2500
|
|
|
foreach ($selectedUsers as $exportUser) { |
|
2501
|
|
|
$exportUsername = mb_substr( |
|
2502
|
|
|
$exportUser, |
|
2503
|
|
|
0, |
|
2504
|
|
|
(int) mb_strpos($exportUser, '&'), |
|
2505
|
|
|
); |
|
2506
|
|
|
$exportHostname = mb_substr( |
|
2507
|
|
|
$exportUser, |
|
2508
|
|
|
mb_strrpos($exportUser, ';') + 1, |
|
2509
|
|
|
); |
|
2510
|
|
|
$export .= '# ' |
|
2511
|
|
|
. sprintf( |
|
2512
|
|
|
__('Privileges for %s'), |
|
2513
|
|
|
'`' . htmlspecialchars($exportUsername) |
|
2514
|
|
|
. '`@`' . htmlspecialchars($exportHostname) . '`', |
|
2515
|
|
|
) |
|
2516
|
|
|
. "\n\n"; |
|
2517
|
|
|
$export .= $this->getGrants($exportUsername, $exportHostname) . "\n"; |
|
2518
|
|
|
} |
|
2519
|
|
|
} else { |
|
2520
|
|
|
// export privileges for a single user |
|
2521
|
4 |
|
$export .= $this->getGrants($username, $hostname); |
|
2522
|
|
|
} |
|
2523
|
|
|
|
|
2524
|
|
|
// remove trailing whitespace |
|
2525
|
4 |
|
$export = trim($export); |
|
2526
|
|
|
|
|
2527
|
4 |
|
return $export . '</textarea>'; |
|
2528
|
|
|
} |
|
2529
|
|
|
|
|
2530
|
|
|
/** |
|
2531
|
|
|
* Get HTML for display Add userfieldset |
|
2532
|
|
|
* |
|
2533
|
|
|
* @return string html output |
|
2534
|
|
|
*/ |
|
2535
|
4 |
|
private function getAddUserHtmlFieldset(): string |
|
2536
|
|
|
{ |
|
2537
|
4 |
|
if (! $this->dbi->isCreateUser()) { |
|
2538
|
|
|
return ''; |
|
2539
|
|
|
} |
|
2540
|
|
|
|
|
2541
|
4 |
|
return $this->template->render('server/privileges/add_user_fieldset', ['url_params' => ['adduser' => 1]]); |
|
2542
|
|
|
} |
|
2543
|
|
|
|
|
2544
|
4 |
|
private function checkStructureOfPrivilegeTable(): string |
|
2545
|
|
|
{ |
|
2546
|
|
|
// the query failed! This may have two reasons: |
|
2547
|
|
|
// - the user does not have enough privileges |
|
2548
|
|
|
// - the privilege tables use a structure of an earlier version. |
|
2549
|
|
|
// so let's try a more simple query |
|
2550
|
4 |
|
if (! $this->dbi->tryQuery('SELECT 1 FROM `mysql`.`user`')) { |
|
2551
|
4 |
|
return $this->getHtmlForViewUsersError() . $this->getAddUserHtmlFieldset(); |
|
2552
|
|
|
} |
|
2553
|
|
|
|
|
2554
|
|
|
// This message is hardcoded because I will replace it by |
|
2555
|
|
|
// a automatic repair feature soon. |
|
2556
|
4 |
|
$raw = 'Your privilege table structure seems to be older than' |
|
2557
|
4 |
|
. ' this MySQL version!<br>' |
|
2558
|
4 |
|
. 'Please run the <code>mysql_upgrade</code> command' |
|
2559
|
4 |
|
. ' that should be included in your MySQL server distribution' |
|
2560
|
4 |
|
. ' to solve this problem!'; |
|
2561
|
|
|
|
|
2562
|
4 |
|
return Message::rawError($raw)->getDisplay(); |
|
2563
|
|
|
} |
|
2564
|
|
|
|
|
2565
|
|
|
/** |
|
2566
|
|
|
* Get HTML snippet for display user overview page |
|
2567
|
|
|
* |
|
2568
|
|
|
* @param string $textDir text directory |
|
2569
|
|
|
*/ |
|
2570
|
4 |
|
public function getHtmlForUserOverview( |
|
2571
|
|
|
UserPrivileges $userPrivileges, |
|
2572
|
|
|
string $textDir, |
|
2573
|
|
|
string|null $initial, |
|
2574
|
|
|
): string { |
|
2575
|
4 |
|
$serverVersion = $this->dbi->getVersion(); |
|
2576
|
4 |
|
$passwordColumn = Compatibility::isMySqlOrPerconaDb() && $serverVersion >= 50706 |
|
2577
|
4 |
|
? 'authentication_string' |
|
2578
|
|
|
: 'Password'; |
|
2579
|
|
|
|
|
2580
|
|
|
// $sql is for the initial-filtered |
|
2581
|
4 |
|
$sql = 'SELECT *, IF(`' . $passwordColumn . "` = _latin1 '', 'N', 'Y') AS `Password`" . |
|
2582
|
4 |
|
' FROM `mysql`.`user` ' . $this->rangeOfUsers($initial) . ' ORDER BY `User` ASC, `Host` ASC'; |
|
2583
|
|
|
|
|
2584
|
4 |
|
$res = $this->dbi->tryQuery($sql); |
|
2585
|
4 |
|
if ($res === false) { |
|
2586
|
4 |
|
$errorMessages = $this->checkStructureOfPrivilegeTable(); |
|
2587
|
|
|
} else { |
|
2588
|
4 |
|
$dbRights = $this->getDbRightsForUserOverview($initial); |
|
2589
|
4 |
|
$emptyUserNotice = $this->getEmptyUserNotice($dbRights); |
|
2590
|
4 |
|
$initialsHtml = $this->getHtmlForInitials(); |
|
2591
|
|
|
|
|
2592
|
|
|
// Display the user overview (if less than 50 users, display them immediately) |
|
2593
|
4 |
|
if (isset($_GET['initial']) || isset($_GET['showall']) || $res->numRows() < 50) { |
|
2594
|
4 |
|
$usersOverview = $this->getUsersOverview($res, $dbRights, $textDir) . |
|
2595
|
4 |
|
$this->template->render('export_modal'); |
|
2596
|
|
|
} |
|
2597
|
|
|
|
|
2598
|
4 |
|
$response = ResponseRenderer::getInstance(); |
|
2599
|
4 |
|
if (! $response->isAjax() || ! empty($_REQUEST['ajax_page_request'])) { |
|
2600
|
4 |
|
if ($userPrivileges->isReload) { |
|
2601
|
4 |
|
$flushnote = new Message( |
|
2602
|
4 |
|
__( |
|
2603
|
4 |
|
'Note: phpMyAdmin gets the users’ privileges directly ' |
|
2604
|
4 |
|
. 'from MySQL’s privilege tables. The content of these ' |
|
2605
|
4 |
|
. 'tables may differ from the privileges the server uses, ' |
|
2606
|
4 |
|
. 'if they have been changed manually. In this case, ' |
|
2607
|
4 |
|
. 'you should %sreload the privileges%s before you continue.', |
|
2608
|
4 |
|
), |
|
2609
|
4 |
|
Message::NOTICE, |
|
2610
|
4 |
|
); |
|
2611
|
4 |
|
$flushnote->addParamHtml( |
|
2612
|
4 |
|
'<a href="' . Url::getFromRoute('/server/privileges', ['flush_privileges' => 1]) |
|
2613
|
4 |
|
. '" id="reload_privileges_anchor">', |
|
2614
|
4 |
|
); |
|
2615
|
4 |
|
$flushnote->addParamHtml('</a>'); |
|
2616
|
|
|
} else { |
|
2617
|
|
|
$flushnote = new Message( |
|
2618
|
|
|
__( |
|
2619
|
|
|
'Note: phpMyAdmin gets the users’ privileges directly ' |
|
2620
|
|
|
. 'from MySQL’s privilege tables. The content of these ' |
|
2621
|
|
|
. 'tables may differ from the privileges the server uses, ' |
|
2622
|
|
|
. 'if they have been changed manually. In this case, ' |
|
2623
|
|
|
. 'the privileges have to be reloaded but currently, you ' |
|
2624
|
|
|
. 'don\'t have the RELOAD privilege.', |
|
2625
|
|
|
) |
|
2626
|
|
|
. MySQLDocumentation::show( |
|
2627
|
|
|
'privileges-provided', |
|
2628
|
|
|
false, |
|
2629
|
|
|
null, |
|
2630
|
|
|
null, |
|
2631
|
|
|
'priv_reload', |
|
2632
|
|
|
), |
|
2633
|
|
|
Message::NOTICE, |
|
2634
|
|
|
); |
|
2635
|
|
|
} |
|
2636
|
|
|
|
|
2637
|
4 |
|
$flushNotice = $flushnote->getDisplay(); |
|
2638
|
|
|
} |
|
2639
|
|
|
} |
|
2640
|
|
|
|
|
2641
|
4 |
|
return $this->template->render('server/privileges/user_overview', [ |
|
2642
|
4 |
|
'error_messages' => $errorMessages ?? '', |
|
2643
|
4 |
|
'empty_user_notice' => $emptyUserNotice ?? '', |
|
2644
|
4 |
|
'initials' => $initialsHtml ?? '', |
|
2645
|
4 |
|
'users_overview' => $usersOverview ?? '', |
|
2646
|
4 |
|
'is_createuser' => $this->dbi->isCreateUser(), |
|
2647
|
4 |
|
'flush_notice' => $flushNotice ?? '', |
|
2648
|
4 |
|
]); |
|
2649
|
|
|
} |
|
2650
|
|
|
|
|
2651
|
|
|
/** |
|
2652
|
|
|
* Get HTML snippet for display user properties |
|
2653
|
|
|
* |
|
2654
|
|
|
* @param bool $dbnameIsWildcard whether database name is wildcard or not |
|
2655
|
|
|
* @param string $urlDbname url database name that urlencode() string |
|
2656
|
|
|
* @param string $username username |
|
2657
|
|
|
* @param string $hostname host name |
|
2658
|
|
|
* @param string|mixed[] $dbname database name |
|
2659
|
|
|
* @param string $tablename table name |
|
2660
|
|
|
* @psalm-param non-empty-string $route |
|
2661
|
|
|
*/ |
|
2662
|
8 |
|
public function getHtmlForUserProperties( |
|
2663
|
|
|
bool $dbnameIsWildcard, |
|
2664
|
|
|
string $urlDbname, |
|
2665
|
|
|
string $username, |
|
2666
|
|
|
string $hostname, |
|
2667
|
|
|
string|array $dbname, |
|
2668
|
|
|
string $tablename, |
|
2669
|
|
|
string $route, |
|
2670
|
|
|
): string { |
|
2671
|
8 |
|
$userDoesNotExists = ! $this->userExists($username, $hostname); |
|
2672
|
|
|
|
|
2673
|
8 |
|
$loginInformationFields = ''; |
|
2674
|
8 |
|
if ($userDoesNotExists) { |
|
2675
|
|
|
$loginInformationFields = $this->getHtmlForLoginInformationFields(); |
|
2676
|
|
|
} |
|
2677
|
|
|
|
|
2678
|
8 |
|
$params = ['username' => $username, 'hostname' => $hostname]; |
|
2679
|
8 |
|
$params['dbname'] = $dbname; |
|
2680
|
8 |
|
if (! is_array($dbname) && $dbname !== '' && $tablename !== '') { |
|
|
|
|
|
|
2681
|
8 |
|
$params['tablename'] = $tablename; |
|
2682
|
|
|
} |
|
2683
|
|
|
|
|
2684
|
8 |
|
$privilegesTable = $this->getHtmlToDisplayPrivilegesTable( |
|
2685
|
|
|
// If $dbname is an array, pass any one db as all have same privs. |
|
2686
|
8 |
|
is_string($dbname) && $dbname !== '' |
|
2687
|
8 |
|
? $dbname |
|
2688
|
8 |
|
: (is_array($dbname) ? (string) $dbname[0] : '*'), |
|
2689
|
8 |
|
$tablename !== '' |
|
2690
|
8 |
|
? $tablename |
|
2691
|
8 |
|
: '*', |
|
2692
|
8 |
|
); |
|
2693
|
|
|
|
|
2694
|
8 |
|
$tableSpecificRights = ''; |
|
2695
|
8 |
|
if (! is_array($dbname) && $tablename === '' && $dbnameIsWildcard === false) { |
|
2696
|
|
|
// no table name was given, display all table specific rights |
|
2697
|
|
|
// but only if $dbname contains no wildcards |
|
2698
|
|
|
if ($dbname === '') { |
|
2699
|
|
|
$tableSpecificRights .= $this->getHtmlForAllTableSpecificRights($username, $hostname, 'database'); |
|
2700
|
|
|
} else { |
|
2701
|
|
|
// unescape wildcards in dbname at table level |
|
2702
|
|
|
$unescapedDb = $this->unescapeGrantWildcards($dbname); |
|
2703
|
|
|
|
|
2704
|
|
|
$tableSpecificRights .= $this->getHtmlForAllTableSpecificRights( |
|
2705
|
|
|
$username, |
|
2706
|
|
|
$hostname, |
|
2707
|
|
|
'table', |
|
2708
|
|
|
$unescapedDb, |
|
2709
|
|
|
); |
|
2710
|
|
|
$tableSpecificRights .= $this->getHtmlForAllTableSpecificRights( |
|
2711
|
|
|
$username, |
|
2712
|
|
|
$hostname, |
|
2713
|
|
|
'routine', |
|
2714
|
|
|
$unescapedDb, |
|
2715
|
|
|
); |
|
2716
|
|
|
} |
|
2717
|
|
|
} |
|
2718
|
|
|
|
|
2719
|
8 |
|
$config = Config::getInstance(); |
|
|
|
|
|
|
2720
|
8 |
|
$databaseUrl = Util::getScriptNameForOption($config->settings['DefaultTabDatabase'], 'database'); |
|
2721
|
8 |
|
$databaseUrlTitle = Util::getTitleForTarget($config->settings['DefaultTabDatabase']); |
|
2722
|
8 |
|
$tableUrl = Util::getScriptNameForOption($config->settings['DefaultTabTable'], 'table'); |
|
2723
|
8 |
|
$tableUrlTitle = Util::getTitleForTarget($config->settings['DefaultTabTable']); |
|
2724
|
|
|
|
|
2725
|
8 |
|
$changePassword = ''; |
|
2726
|
8 |
|
$userGroup = ''; |
|
2727
|
8 |
|
$changeLoginInfoFields = ''; |
|
2728
|
8 |
|
if ($dbname === '' && ! $userDoesNotExists) { |
|
2729
|
|
|
//change login information |
|
2730
|
|
|
$changePassword = $this->getFormForChangePassword($username, $hostname, true, $route); |
|
2731
|
|
|
$userGroup = $this->getUserGroupForUser($username); |
|
2732
|
|
|
$changeLoginInfoFields = $this->getHtmlForLoginInformationFields($username, $hostname); |
|
2733
|
|
|
} |
|
2734
|
|
|
|
|
2735
|
8 |
|
return $this->template->render('server/privileges/user_properties', [ |
|
2736
|
8 |
|
'user_does_not_exists' => $userDoesNotExists, |
|
2737
|
8 |
|
'login_information_fields' => $loginInformationFields, |
|
2738
|
8 |
|
'params' => $params, |
|
2739
|
8 |
|
'privileges_table' => $privilegesTable, |
|
2740
|
8 |
|
'table_specific_rights' => $tableSpecificRights, |
|
2741
|
8 |
|
'change_password' => $changePassword, |
|
2742
|
8 |
|
'database' => $dbname, |
|
2743
|
8 |
|
'dbname' => $urlDbname, |
|
2744
|
8 |
|
'username' => $username, |
|
2745
|
8 |
|
'hostname' => $hostname, |
|
2746
|
8 |
|
'is_databases' => $dbnameIsWildcard || is_array($dbname) && count($dbname) > 1, |
|
2747
|
8 |
|
'is_wildcard' => $dbnameIsWildcard, |
|
2748
|
8 |
|
'table' => $tablename, |
|
2749
|
8 |
|
'current_user' => $this->dbi->getCurrentUser(), |
|
2750
|
8 |
|
'user_group' => $userGroup, |
|
2751
|
8 |
|
'change_login_info_fields' => $changeLoginInfoFields, |
|
2752
|
8 |
|
'database_url' => $databaseUrl, |
|
2753
|
8 |
|
'database_url_title' => $databaseUrlTitle, |
|
2754
|
8 |
|
'table_url' => $tableUrl, |
|
2755
|
8 |
|
'table_url_title' => $tableUrlTitle, |
|
2756
|
8 |
|
]); |
|
2757
|
|
|
} |
|
2758
|
|
|
|
|
2759
|
|
|
/** |
|
2760
|
|
|
* Get queries for Table privileges to change or copy user |
|
2761
|
|
|
* |
|
2762
|
|
|
* @param string $userHostCondition user host condition to select relevant table privileges |
|
2763
|
|
|
* @param mixed[] $queries queries array |
|
2764
|
|
|
* @param string $username username |
|
2765
|
|
|
* @param string $hostname host name |
|
2766
|
|
|
* |
|
2767
|
|
|
* @return mixed[] |
|
2768
|
|
|
*/ |
|
2769
|
|
|
public function getTablePrivsQueriesForChangeOrCopyUser( |
|
2770
|
|
|
string $userHostCondition, |
|
2771
|
|
|
array $queries, |
|
2772
|
|
|
string $username, |
|
2773
|
|
|
string $hostname, |
|
2774
|
|
|
): array { |
|
2775
|
|
|
$res = $this->dbi->query( |
|
2776
|
|
|
'SELECT `Db`, `Table_name`, `Table_priv` FROM `mysql`.`tables_priv`' . $userHostCondition . ';', |
|
2777
|
|
|
); |
|
2778
|
|
|
while ($row = $res->fetchAssoc()) { |
|
2779
|
|
|
$res2 = $this->dbi->query( |
|
2780
|
|
|
'SELECT `Column_name`, `Column_priv`' |
|
2781
|
|
|
. ' FROM `mysql`.`columns_priv`' |
|
2782
|
|
|
. $userHostCondition |
|
2783
|
|
|
. ' AND `Db` = ' . $this->dbi->quoteString($row['Db']) |
|
|
|
|
|
|
2784
|
|
|
. ' AND `Table_name` = ' . $this->dbi->quoteString($row['Table_name']) |
|
2785
|
|
|
. ';', |
|
2786
|
|
|
); |
|
2787
|
|
|
|
|
2788
|
|
|
$tmpPrivs1 = $this->extractPrivInfo($row); |
|
2789
|
|
|
$tmpPrivs2 = ['Select' => [], 'Insert' => [], 'Update' => [], 'References' => []]; |
|
2790
|
|
|
|
|
2791
|
|
|
while ($row2 = $res2->fetchAssoc()) { |
|
2792
|
|
|
$tmpArray = explode(',', $row2['Column_priv']); |
|
|
|
|
|
|
2793
|
|
|
if (in_array('Select', $tmpArray, true)) { |
|
2794
|
|
|
$tmpPrivs2['Select'][] = $row2['Column_name']; |
|
2795
|
|
|
} |
|
2796
|
|
|
|
|
2797
|
|
|
if (in_array('Insert', $tmpArray, true)) { |
|
2798
|
|
|
$tmpPrivs2['Insert'][] = $row2['Column_name']; |
|
2799
|
|
|
} |
|
2800
|
|
|
|
|
2801
|
|
|
if (in_array('Update', $tmpArray, true)) { |
|
2802
|
|
|
$tmpPrivs2['Update'][] = $row2['Column_name']; |
|
2803
|
|
|
} |
|
2804
|
|
|
|
|
2805
|
|
|
if (! in_array('References', $tmpArray, true)) { |
|
2806
|
|
|
continue; |
|
2807
|
|
|
} |
|
2808
|
|
|
|
|
2809
|
|
|
$tmpPrivs2['References'][] = $row2['Column_name']; |
|
2810
|
|
|
} |
|
2811
|
|
|
|
|
2812
|
|
|
if ($tmpPrivs2['Select'] !== [] && ! in_array('SELECT', $tmpPrivs1, true)) { |
|
2813
|
|
|
$tmpPrivs1[] = 'SELECT (`' . implode('`, `', $tmpPrivs2['Select']) . '`)'; |
|
2814
|
|
|
} |
|
2815
|
|
|
|
|
2816
|
|
|
if ($tmpPrivs2['Insert'] !== [] && ! in_array('INSERT', $tmpPrivs1, true)) { |
|
2817
|
|
|
$tmpPrivs1[] = 'INSERT (`' . implode('`, `', $tmpPrivs2['Insert']) . '`)'; |
|
2818
|
|
|
} |
|
2819
|
|
|
|
|
2820
|
|
|
if ($tmpPrivs2['Update'] !== [] && ! in_array('UPDATE', $tmpPrivs1, true)) { |
|
2821
|
|
|
$tmpPrivs1[] = 'UPDATE (`' . implode('`, `', $tmpPrivs2['Update']) . '`)'; |
|
2822
|
|
|
} |
|
2823
|
|
|
|
|
2824
|
|
|
if ($tmpPrivs2['References'] !== [] && ! in_array('REFERENCES', $tmpPrivs1, true)) { |
|
2825
|
|
|
$tmpPrivs1[] = 'REFERENCES (`' . implode('`, `', $tmpPrivs2['References']) . '`)'; |
|
2826
|
|
|
} |
|
2827
|
|
|
|
|
2828
|
|
|
$queries[] = 'GRANT ' . implode(', ', $tmpPrivs1) |
|
2829
|
|
|
. ' ON ' . Util::backquote($row['Db']) . '.' |
|
2830
|
|
|
. Util::backquote($row['Table_name']) |
|
2831
|
|
|
. ' TO ' . $this->dbi->quoteString($username) |
|
2832
|
|
|
. '@' . $this->dbi->quoteString($hostname) |
|
2833
|
|
|
. (in_array('Grant', explode(',', $row['Table_priv']), true) |
|
2834
|
|
|
? ' WITH GRANT OPTION;' |
|
2835
|
|
|
: ';'); |
|
2836
|
|
|
} |
|
2837
|
|
|
|
|
2838
|
|
|
return $queries; |
|
2839
|
|
|
} |
|
2840
|
|
|
|
|
2841
|
|
|
/** |
|
2842
|
|
|
* Get queries for database specific privileges for change or copy user |
|
2843
|
|
|
* |
|
2844
|
|
|
* @param mixed[] $queries queries array with string |
|
2845
|
|
|
* @param string $username username |
|
2846
|
|
|
* @param string $hostname host name |
|
2847
|
|
|
* |
|
2848
|
|
|
* @return mixed[] |
|
2849
|
|
|
*/ |
|
2850
|
|
|
public function getDbSpecificPrivsQueriesForChangeOrCopyUser( |
|
2851
|
|
|
array $queries, |
|
2852
|
|
|
string $username, |
|
2853
|
|
|
string $hostname, |
|
2854
|
|
|
string $oldUsername, |
|
2855
|
|
|
string $oldHostname, |
|
2856
|
|
|
): array { |
|
2857
|
|
|
$userHostCondition = $this->getUserHostCondition($oldUsername, $oldHostname); |
|
2858
|
|
|
|
|
2859
|
|
|
$res = $this->dbi->query('SELECT * FROM `mysql`.`db`' . $userHostCondition . ';'); |
|
2860
|
|
|
|
|
2861
|
|
|
foreach ($res as $row) { |
|
2862
|
|
|
$queries[] = 'GRANT ' . implode(', ', $this->extractPrivInfo($row)) |
|
2863
|
|
|
. ' ON ' . Util::backquote($row['Db']) . '.*' |
|
2864
|
|
|
. ' TO ' . $this->dbi->quoteString($username) . '@' . $this->dbi->quoteString($hostname) |
|
2865
|
|
|
. ($row['Grant_priv'] === 'Y' ? ' WITH GRANT OPTION;' : ';'); |
|
2866
|
|
|
} |
|
2867
|
|
|
|
|
2868
|
|
|
return $this->getTablePrivsQueriesForChangeOrCopyUser($userHostCondition, $queries, $username, $hostname); |
|
2869
|
|
|
} |
|
2870
|
|
|
|
|
2871
|
|
|
/** |
|
2872
|
|
|
* Prepares queries for adding users and |
|
2873
|
|
|
* also create database and return query and message |
|
2874
|
|
|
* |
|
2875
|
|
|
* @param bool $error whether user create or not |
|
2876
|
|
|
* @param string $realSqlQuery SQL query for add a user |
|
2877
|
|
|
* @param string $sqlQuery SQL query to be displayed |
|
2878
|
|
|
* @param string $username username |
|
2879
|
|
|
* @param string $hostname host name |
|
2880
|
|
|
* @param string $dbname database name |
|
2881
|
|
|
* @param string $alterRealSqlQuery SQL query for ALTER USER |
|
2882
|
|
|
* @param string $alterSqlQuery SQL query for ALTER USER to be displayed |
|
2883
|
|
|
* |
|
2884
|
|
|
* @return array{string, Message} |
|
|
|
|
|
|
2885
|
|
|
*/ |
|
2886
|
12 |
|
public function addUserAndCreateDatabase( |
|
2887
|
|
|
bool $error, |
|
2888
|
|
|
string $realSqlQuery, |
|
2889
|
|
|
string $sqlQuery, |
|
2890
|
|
|
string $username, |
|
2891
|
|
|
string $hostname, |
|
2892
|
|
|
string $dbname, |
|
2893
|
|
|
string $alterRealSqlQuery, |
|
2894
|
|
|
string $alterSqlQuery, |
|
2895
|
|
|
bool $createDb1, |
|
2896
|
|
|
bool $createDb2, |
|
2897
|
|
|
bool $createDb3, |
|
2898
|
|
|
): array { |
|
2899
|
12 |
|
if ($error || ($realSqlQuery !== '' && ! $this->dbi->tryQuery($realSqlQuery))) { |
|
2900
|
|
|
$createDb1 = $createDb2 = $createDb3 = false; |
|
2901
|
|
|
$message = Message::rawError($this->dbi->getError()); |
|
2902
|
12 |
|
} elseif ($alterRealSqlQuery !== '' && ! $this->dbi->tryQuery($alterRealSqlQuery)) { |
|
2903
|
|
|
$createDb1 = $createDb2 = $createDb3 = false; |
|
2904
|
|
|
$message = Message::rawError($this->dbi->getError()); |
|
2905
|
|
|
} else { |
|
2906
|
12 |
|
$sqlQuery .= $alterSqlQuery; |
|
2907
|
12 |
|
$message = Message::success(__('You have added a new user.')); |
|
2908
|
|
|
} |
|
2909
|
|
|
|
|
2910
|
12 |
|
if ($createDb1) { |
|
2911
|
|
|
// Create database with same name and grant all privileges |
|
2912
|
|
|
$query = 'CREATE DATABASE IF NOT EXISTS ' . Util::backquote($username) . ';'; |
|
2913
|
|
|
$sqlQuery .= $query; |
|
2914
|
|
|
if (! $this->dbi->tryQuery($query)) { |
|
2915
|
|
|
$message = Message::rawError($this->dbi->getError()); |
|
2916
|
|
|
} |
|
2917
|
|
|
|
|
2918
|
|
|
/** |
|
2919
|
|
|
* Reload the navigation |
|
2920
|
|
|
*/ |
|
2921
|
|
|
$GLOBALS['reload'] = true; |
|
2922
|
|
|
Current::$database = $username; |
|
2923
|
|
|
|
|
2924
|
|
|
$query = 'GRANT ALL PRIVILEGES ON ' |
|
2925
|
|
|
. Util::backquote( |
|
2926
|
|
|
$this->escapeGrantWildcards($username), |
|
2927
|
|
|
) . '.* TO ' |
|
2928
|
|
|
. $this->dbi->quoteString($username) . '@' . $this->dbi->quoteString($hostname) . ';'; |
|
2929
|
|
|
$sqlQuery .= $query; |
|
2930
|
|
|
if (! $this->dbi->tryQuery($query)) { |
|
2931
|
|
|
$message = Message::rawError($this->dbi->getError()); |
|
2932
|
|
|
} |
|
2933
|
|
|
} |
|
2934
|
|
|
|
|
2935
|
12 |
|
if ($createDb2) { |
|
2936
|
|
|
// Grant all privileges on wildcard name (username\_%) |
|
2937
|
|
|
$query = 'GRANT ALL PRIVILEGES ON ' |
|
2938
|
|
|
. Util::backquote( |
|
2939
|
|
|
$this->escapeGrantWildcards($username) . '\_%', |
|
2940
|
|
|
) . '.* TO ' |
|
2941
|
|
|
. $this->dbi->quoteString($username) . '@' . $this->dbi->quoteString($hostname) . ';'; |
|
2942
|
|
|
$sqlQuery .= $query; |
|
2943
|
|
|
if (! $this->dbi->tryQuery($query)) { |
|
2944
|
|
|
$message = Message::rawError($this->dbi->getError()); |
|
2945
|
|
|
} |
|
2946
|
|
|
} |
|
2947
|
|
|
|
|
2948
|
12 |
|
if ($createDb3) { |
|
2949
|
|
|
// Grant all privileges on the specified database to the new user |
|
2950
|
8 |
|
$query = 'GRANT ALL PRIVILEGES ON ' |
|
2951
|
8 |
|
. Util::backquote($dbname) . '.* TO ' |
|
2952
|
8 |
|
. $this->dbi->quoteString($username) . '@' . $this->dbi->quoteString($hostname) . ';'; |
|
2953
|
8 |
|
$sqlQuery .= $query; |
|
2954
|
8 |
|
if (! $this->dbi->tryQuery($query)) { |
|
2955
|
|
|
$message = Message::rawError($this->dbi->getError()); |
|
2956
|
|
|
} |
|
2957
|
|
|
} |
|
2958
|
|
|
|
|
2959
|
12 |
|
return [$sqlQuery, $message]; |
|
2960
|
|
|
} |
|
2961
|
|
|
|
|
2962
|
|
|
/** |
|
2963
|
|
|
* Get the hashed string for password |
|
2964
|
|
|
* |
|
2965
|
|
|
* @param string $password password |
|
2966
|
|
|
*/ |
|
2967
|
4 |
|
public function getHashedPassword(string $password): string |
|
2968
|
|
|
{ |
|
2969
|
4 |
|
return (string) $this->dbi->fetchValue('SELECT PASSWORD(' . $this->dbi->quoteString($password) . ');'); |
|
2970
|
|
|
} |
|
2971
|
|
|
|
|
2972
|
|
|
/** |
|
2973
|
|
|
* Check if MariaDB's 'simple_password_check' |
|
2974
|
|
|
* OR 'cracklib_password_check' is ACTIVE |
|
2975
|
|
|
*/ |
|
2976
|
28 |
|
private function checkIfMariaDBPwdCheckPluginActive(): bool |
|
2977
|
|
|
{ |
|
2978
|
28 |
|
$serverVersion = $this->dbi->getVersion(); |
|
2979
|
28 |
|
if (! (Compatibility::isMariaDb() && $serverVersion >= 100002)) { |
|
2980
|
28 |
|
return false; |
|
2981
|
|
|
} |
|
2982
|
|
|
|
|
2983
|
|
|
$result = $this->dbi->tryQuery('SHOW PLUGINS SONAME LIKE \'%_password_check%\''); |
|
2984
|
|
|
|
|
2985
|
|
|
/* Plugins are not working, for example directory does not exists */ |
|
2986
|
|
|
if ($result === false) { |
|
2987
|
|
|
return false; |
|
2988
|
|
|
} |
|
2989
|
|
|
|
|
2990
|
|
|
while ($row = $result->fetchAssoc()) { |
|
2991
|
|
|
if ($row['Status'] === 'ACTIVE') { |
|
2992
|
|
|
return true; |
|
2993
|
|
|
} |
|
2994
|
|
|
} |
|
2995
|
|
|
|
|
2996
|
|
|
return false; |
|
2997
|
|
|
} |
|
2998
|
|
|
|
|
2999
|
|
|
/** |
|
3000
|
|
|
* Get SQL queries for Display and Add user |
|
3001
|
|
|
* |
|
3002
|
|
|
* @param string $username username |
|
3003
|
|
|
* @param string $hostname host name |
|
3004
|
|
|
* @param string $password password |
|
3005
|
|
|
* |
|
3006
|
|
|
* @return array{string, string, string, string, string, string, string, string} |
|
|
|
|
|
|
3007
|
|
|
*/ |
|
3008
|
28 |
|
public function getSqlQueriesForDisplayAndAddUser(string $username, string $hostname, string $password): array |
|
3009
|
|
|
{ |
|
3010
|
28 |
|
$slashedUsername = $this->dbi->quoteString($username); |
|
3011
|
28 |
|
$slashedHostname = $this->dbi->quoteString($hostname); |
|
3012
|
28 |
|
$slashedPassword = $this->dbi->quoteString($password); |
|
3013
|
28 |
|
$serverVersion = $this->dbi->getVersion(); |
|
3014
|
|
|
|
|
3015
|
28 |
|
$createUserStmt = sprintf('CREATE USER %s@%s', $slashedUsername, $slashedHostname); |
|
3016
|
28 |
|
$isMariaDBPwdPluginActive = $this->checkIfMariaDBPwdCheckPluginActive(); |
|
3017
|
|
|
|
|
3018
|
|
|
// See https://github.com/phpmyadmin/phpmyadmin/pull/11560#issuecomment-147158219 |
|
3019
|
|
|
// for details regarding details of syntax usage for various versions |
|
3020
|
|
|
|
|
3021
|
|
|
// 'IDENTIFIED WITH auth_plugin' |
|
3022
|
|
|
// is supported by MySQL 5.5.7+ |
|
3023
|
28 |
|
if (Compatibility::isMySqlOrPerconaDb() && $serverVersion >= 50507 && isset($_POST['authentication_plugin'])) { |
|
3024
|
12 |
|
$createUserStmt .= ' IDENTIFIED WITH ' |
|
3025
|
12 |
|
. $_POST['authentication_plugin']; |
|
3026
|
|
|
} |
|
3027
|
|
|
|
|
3028
|
|
|
// 'IDENTIFIED VIA auth_plugin' |
|
3029
|
|
|
// is supported by MariaDB 5.2+ |
|
3030
|
|
|
if ( |
|
3031
|
28 |
|
Compatibility::isMariaDb() |
|
3032
|
28 |
|
&& $serverVersion >= 50200 |
|
3033
|
28 |
|
&& isset($_POST['authentication_plugin']) |
|
3034
|
28 |
|
&& ! $isMariaDBPwdPluginActive |
|
3035
|
|
|
) { |
|
3036
|
|
|
$createUserStmt .= ' IDENTIFIED VIA ' |
|
3037
|
|
|
. $_POST['authentication_plugin']; |
|
3038
|
|
|
} |
|
3039
|
|
|
|
|
3040
|
28 |
|
$createUserReal = $createUserStmt; |
|
3041
|
28 |
|
$createUserShow = $createUserStmt; |
|
3042
|
|
|
|
|
3043
|
28 |
|
$passwordSetStmt = 'SET PASSWORD FOR %s@%s = %s'; |
|
3044
|
28 |
|
$passwordSetShow = sprintf($passwordSetStmt, $slashedUsername, $slashedHostname, '\'***\''); |
|
3045
|
|
|
|
|
3046
|
28 |
|
$sqlQueryStmt = sprintf( |
|
3047
|
28 |
|
'GRANT %s ON *.* TO %s@%s', |
|
3048
|
28 |
|
implode(', ', $this->extractPrivInfo()), |
|
3049
|
28 |
|
$slashedUsername, |
|
3050
|
28 |
|
$slashedHostname, |
|
3051
|
28 |
|
); |
|
3052
|
28 |
|
$realSqlQuery = $sqlQuery = $sqlQueryStmt; |
|
3053
|
|
|
|
|
3054
|
|
|
// Set the proper hashing method |
|
3055
|
28 |
|
if (isset($_POST['authentication_plugin'])) { |
|
3056
|
16 |
|
$this->setProperPasswordHashing($_POST['authentication_plugin']); |
|
3057
|
|
|
} |
|
3058
|
|
|
|
|
3059
|
|
|
// Use 'CREATE USER ... WITH ... AS ..' syntax for |
|
3060
|
|
|
// newer MySQL versions |
|
3061
|
|
|
// and 'CREATE USER ... VIA .. USING ..' syntax for |
|
3062
|
|
|
// newer MariaDB versions |
|
3063
|
|
|
if ( |
|
3064
|
28 |
|
(Compatibility::isMySqlOrPerconaDb() && $serverVersion >= 50706) |
|
3065
|
28 |
|
|| (Compatibility::isMariaDb() && $serverVersion >= 50200) |
|
3066
|
|
|
) { |
|
3067
|
20 |
|
$passwordSetReal = ''; |
|
3068
|
|
|
|
|
3069
|
|
|
// Required for binding '%' with '%s' |
|
3070
|
20 |
|
$createUserStmt = str_replace('%', '%%', $createUserStmt); |
|
3071
|
|
|
|
|
3072
|
|
|
// MariaDB uses 'USING' whereas MySQL uses 'AS' |
|
3073
|
|
|
// but MariaDB with validation plugin needs cleartext password |
|
3074
|
20 |
|
if (Compatibility::isMariaDb() && ! $isMariaDBPwdPluginActive) { |
|
3075
|
|
|
$createUserStmt .= ' USING %s'; |
|
3076
|
20 |
|
} elseif (Compatibility::isMariaDb()) { |
|
3077
|
|
|
$createUserStmt .= ' IDENTIFIED BY %s'; |
|
3078
|
20 |
|
} elseif (Compatibility::isMySqlOrPerconaDb() && $serverVersion >= 80011) { |
|
3079
|
12 |
|
if (! str_contains($createUserStmt, 'IDENTIFIED')) { |
|
3080
|
|
|
// Maybe the authentication_plugin was not posted and then a part is missing |
|
3081
|
8 |
|
$createUserStmt .= ' IDENTIFIED BY %s'; |
|
3082
|
|
|
} else { |
|
3083
|
8 |
|
$createUserStmt .= ' BY %s'; |
|
3084
|
|
|
} |
|
3085
|
|
|
} else { |
|
3086
|
8 |
|
$createUserStmt .= ' AS %s'; |
|
3087
|
|
|
} |
|
3088
|
|
|
|
|
3089
|
20 |
|
if ($_POST['pred_password'] === 'keep') { |
|
3090
|
16 |
|
$createUserReal = sprintf($createUserStmt, $slashedPassword); |
|
3091
|
4 |
|
} elseif ($_POST['pred_password'] === 'none') { |
|
3092
|
|
|
$createUserReal = sprintf($createUserStmt, "''"); |
|
3093
|
|
|
} else { |
|
3094
|
|
|
if ( |
|
3095
|
4 |
|
! ((Compatibility::isMariaDb() && $isMariaDBPwdPluginActive) |
|
3096
|
4 |
|
|| Compatibility::isMySqlOrPerconaDb() && $serverVersion >= 80011) |
|
3097
|
|
|
) { |
|
3098
|
|
|
$hashedPassword = $this->getHashedPassword($_POST['pma_pw']); |
|
3099
|
|
|
} else { |
|
3100
|
|
|
// MariaDB with validation plugin needs cleartext password |
|
3101
|
4 |
|
$hashedPassword = $_POST['pma_pw']; |
|
3102
|
|
|
} |
|
3103
|
|
|
|
|
3104
|
4 |
|
$createUserReal = sprintf($createUserStmt, $this->dbi->quoteString($hashedPassword)); |
|
3105
|
|
|
} |
|
3106
|
|
|
|
|
3107
|
20 |
|
$createUserShow = sprintf($createUserStmt, '\'***\''); |
|
3108
|
8 |
|
} elseif ($_POST['pred_password'] === 'keep') { |
|
3109
|
|
|
// Use 'SET PASSWORD' syntax for pre-5.7.6 MySQL versions |
|
3110
|
|
|
// and pre-5.2.0 MariaDB versions |
|
3111
|
4 |
|
$passwordSetReal = sprintf($passwordSetStmt, $slashedUsername, $slashedHostname, $slashedPassword); |
|
3112
|
4 |
|
} elseif ($_POST['pred_password'] === 'none') { |
|
3113
|
|
|
$passwordSetReal = sprintf($passwordSetStmt, $slashedUsername, $slashedHostname, "''"); |
|
3114
|
|
|
} else { |
|
3115
|
4 |
|
$hashedPassword = $this->getHashedPassword($_POST['pma_pw']); |
|
3116
|
4 |
|
$passwordSetReal = sprintf( |
|
3117
|
4 |
|
$passwordSetStmt, |
|
3118
|
4 |
|
$slashedUsername, |
|
3119
|
4 |
|
$slashedHostname, |
|
3120
|
4 |
|
$this->dbi->quoteString($hashedPassword), |
|
3121
|
4 |
|
); |
|
3122
|
|
|
} |
|
3123
|
|
|
|
|
3124
|
28 |
|
$alterRealSqlQuery = ''; |
|
3125
|
28 |
|
$alterSqlQuery = ''; |
|
3126
|
28 |
|
if (Compatibility::isMySqlOrPerconaDb() && $serverVersion >= 80011) { |
|
3127
|
12 |
|
$sqlQueryStmt = ''; |
|
3128
|
12 |
|
if (isset($_POST['Grant_priv']) && $_POST['Grant_priv'] === 'Y') { |
|
3129
|
|
|
$sqlQueryStmt = ' WITH GRANT OPTION'; |
|
3130
|
|
|
} |
|
3131
|
|
|
|
|
3132
|
12 |
|
$realSqlQuery .= $sqlQueryStmt; |
|
3133
|
12 |
|
$sqlQuery .= $sqlQueryStmt; |
|
3134
|
|
|
|
|
3135
|
12 |
|
$alterSqlQueryStmt = sprintf('ALTER USER %s@%s', $slashedUsername, $slashedHostname); |
|
3136
|
12 |
|
$alterRealSqlQuery = $alterSqlQueryStmt; |
|
3137
|
12 |
|
$alterSqlQuery = $alterSqlQueryStmt; |
|
3138
|
|
|
} |
|
3139
|
|
|
|
|
3140
|
|
|
// add REQUIRE clause |
|
3141
|
28 |
|
$requireClause = $this->getRequireClause(); |
|
3142
|
28 |
|
$withClause = $this->getWithClauseForAddUserAndUpdatePrivs(); |
|
3143
|
|
|
|
|
3144
|
28 |
|
if (Compatibility::isMySqlOrPerconaDb() && $serverVersion >= 80011) { |
|
3145
|
12 |
|
$alterRealSqlQuery .= $requireClause; |
|
3146
|
12 |
|
$alterSqlQuery .= $requireClause; |
|
3147
|
12 |
|
$alterRealSqlQuery .= $withClause; |
|
3148
|
12 |
|
$alterSqlQuery .= $withClause; |
|
3149
|
|
|
} else { |
|
3150
|
16 |
|
$realSqlQuery .= $requireClause; |
|
3151
|
16 |
|
$sqlQuery .= $requireClause; |
|
3152
|
16 |
|
$realSqlQuery .= $withClause; |
|
3153
|
16 |
|
$sqlQuery .= $withClause; |
|
3154
|
|
|
} |
|
3155
|
|
|
|
|
3156
|
28 |
|
if ($alterRealSqlQuery !== '') { |
|
3157
|
12 |
|
$alterRealSqlQuery .= ';'; |
|
3158
|
12 |
|
$alterSqlQuery .= ';'; |
|
3159
|
|
|
} |
|
3160
|
|
|
|
|
3161
|
28 |
|
$createUserReal .= ';'; |
|
3162
|
28 |
|
$createUserShow .= ';'; |
|
3163
|
28 |
|
$realSqlQuery .= ';'; |
|
3164
|
28 |
|
$sqlQuery .= ';'; |
|
3165
|
|
|
// No Global GRANT_OPTION privilege |
|
3166
|
28 |
|
if (! $this->dbi->isGrantUser()) { |
|
3167
|
|
|
$realSqlQuery = ''; |
|
3168
|
|
|
$sqlQuery = ''; |
|
3169
|
|
|
} |
|
3170
|
|
|
|
|
3171
|
|
|
// Use 'SET PASSWORD' for pre-5.7.6 MySQL versions |
|
3172
|
|
|
// and pre-5.2.0 MariaDB |
|
3173
|
|
|
if ( |
|
3174
|
28 |
|
(Compatibility::isMySqlOrPerconaDb() |
|
3175
|
28 |
|
&& $serverVersion >= 50706) |
|
3176
|
28 |
|
|| (Compatibility::isMariaDb() |
|
3177
|
28 |
|
&& $serverVersion >= 50200) |
|
3178
|
|
|
) { |
|
3179
|
20 |
|
$passwordSetReal = ''; |
|
3180
|
20 |
|
$passwordSetShow = ''; |
|
3181
|
|
|
} else { |
|
3182
|
8 |
|
if ($passwordSetReal !== '') { |
|
3183
|
8 |
|
$passwordSetReal .= ';'; |
|
3184
|
|
|
} |
|
3185
|
|
|
|
|
3186
|
8 |
|
$passwordSetShow .= ';'; |
|
3187
|
|
|
} |
|
3188
|
|
|
|
|
3189
|
28 |
|
return [ |
|
3190
|
28 |
|
$createUserReal, |
|
3191
|
28 |
|
$createUserShow, |
|
3192
|
28 |
|
$realSqlQuery, |
|
3193
|
28 |
|
$sqlQuery, |
|
3194
|
28 |
|
$passwordSetReal, |
|
3195
|
28 |
|
$passwordSetShow, |
|
3196
|
28 |
|
$alterRealSqlQuery, |
|
3197
|
28 |
|
$alterSqlQuery, |
|
3198
|
28 |
|
]; |
|
3199
|
|
|
} |
|
3200
|
|
|
|
|
3201
|
|
|
/** |
|
3202
|
|
|
* Returns the type ('PROCEDURE' or 'FUNCTION') of the routine |
|
3203
|
|
|
* |
|
3204
|
|
|
* @param string $dbname database |
|
3205
|
|
|
* @param string $routineName routine |
|
3206
|
|
|
* |
|
3207
|
|
|
* @return string type |
|
3208
|
|
|
*/ |
|
3209
|
|
|
public function getRoutineType(string $dbname, string $routineName): string |
|
3210
|
|
|
{ |
|
3211
|
|
|
$routineData = Routines::getDetails($this->dbi, $dbname); |
|
3212
|
|
|
$routineName = mb_strtolower($routineName); |
|
3213
|
|
|
|
|
3214
|
|
|
foreach ($routineData as $routine) { |
|
3215
|
|
|
if (mb_strtolower($routine->name) === $routineName) { |
|
3216
|
|
|
return $routine->type; |
|
3217
|
|
|
} |
|
3218
|
|
|
} |
|
3219
|
|
|
|
|
3220
|
|
|
return ''; |
|
3221
|
|
|
} |
|
3222
|
|
|
|
|
3223
|
|
|
/** |
|
3224
|
|
|
* @param string $username User name |
|
3225
|
|
|
* @param string $hostname Host name |
|
3226
|
|
|
* @param string $database Database name |
|
3227
|
|
|
* @param string $routine Routine name |
|
3228
|
|
|
* |
|
3229
|
|
|
* @return array<string, string> |
|
3230
|
|
|
*/ |
|
3231
|
|
|
private function getRoutinePrivileges( |
|
3232
|
|
|
string $username, |
|
3233
|
|
|
string $hostname, |
|
3234
|
|
|
string $database, |
|
3235
|
|
|
string $routine, |
|
3236
|
|
|
): array { |
|
3237
|
|
|
$sql = 'SELECT `Proc_priv`' |
|
3238
|
|
|
. ' FROM `mysql`.`procs_priv`' |
|
3239
|
|
|
. $this->getUserHostCondition($username, $hostname) |
|
3240
|
|
|
. ' AND `Db` = ' . $this->dbi->quoteString($this->unescapeGrantWildcards($database)) |
|
3241
|
|
|
. ' AND `Routine_name` LIKE ' . $this->dbi->quoteString($routine) . ';'; |
|
3242
|
|
|
$privileges = (string) $this->dbi->fetchValue($sql); |
|
3243
|
|
|
|
|
3244
|
|
|
return $this->parseProcPriv($privileges); |
|
3245
|
|
|
} |
|
3246
|
|
|
|
|
3247
|
|
|
/** @psalm-param non-empty-string $route */ |
|
3248
|
4 |
|
public function getFormForChangePassword( |
|
3249
|
|
|
string $username, |
|
3250
|
|
|
string $hostname, |
|
3251
|
|
|
bool $editOthers, |
|
3252
|
|
|
string $route, |
|
3253
|
|
|
): string { |
|
3254
|
4 |
|
$isPrivileges = $route === '/server/privileges'; |
|
3255
|
|
|
|
|
3256
|
4 |
|
$serverVersion = $this->dbi->getVersion(); |
|
3257
|
4 |
|
$origAuthPlugin = $this->getCurrentAuthenticationPlugin($username, $hostname); |
|
3258
|
|
|
|
|
3259
|
4 |
|
$isNew = (Compatibility::isMySqlOrPerconaDb() && $serverVersion >= 50507) |
|
3260
|
4 |
|
|| (Compatibility::isMariaDb() && $serverVersion >= 50200); |
|
3261
|
4 |
|
$hasMoreAuthPlugins = (Compatibility::isMySqlOrPerconaDb() && $serverVersion >= 50706) |
|
3262
|
4 |
|
|| ($this->dbi->isSuperUser() && $editOthers); |
|
3263
|
|
|
|
|
3264
|
4 |
|
$activeAuthPlugins = ['mysql_native_password' => __('Native MySQL authentication')]; |
|
3265
|
|
|
|
|
3266
|
4 |
|
if ($isNew && $hasMoreAuthPlugins) { |
|
3267
|
4 |
|
$activeAuthPlugins = $this->plugins->getAuthentication(); |
|
3268
|
4 |
|
if (isset($activeAuthPlugins['mysql_old_password'])) { |
|
3269
|
4 |
|
unset($activeAuthPlugins['mysql_old_password']); |
|
3270
|
|
|
} |
|
3271
|
|
|
} |
|
3272
|
|
|
|
|
3273
|
4 |
|
return $this->template->render('server/privileges/change_password', [ |
|
3274
|
4 |
|
'username' => $username, |
|
3275
|
4 |
|
'hostname' => $hostname, |
|
3276
|
4 |
|
'is_privileges' => $isPrivileges, |
|
3277
|
4 |
|
'is_new' => $isNew, |
|
3278
|
4 |
|
'has_more_auth_plugins' => $hasMoreAuthPlugins, |
|
3279
|
4 |
|
'active_auth_plugins' => $activeAuthPlugins, |
|
3280
|
4 |
|
'orig_auth_plugin' => $origAuthPlugin, |
|
3281
|
4 |
|
]); |
|
3282
|
|
|
} |
|
3283
|
|
|
|
|
3284
|
|
|
/** |
|
3285
|
|
|
* @see https://dev.mysql.com/doc/refman/en/account-locking.html |
|
3286
|
|
|
* @see https://mariadb.com/kb/en/account-locking/ |
|
3287
|
|
|
* |
|
3288
|
|
|
* @return array<string, string|null>|null |
|
3289
|
|
|
*/ |
|
3290
|
8 |
|
private function getUserPrivileges(string $user, string $host, bool $hasAccountLocking): array|null |
|
3291
|
|
|
{ |
|
3292
|
8 |
|
$query = 'SELECT * FROM `mysql`.`user` WHERE `User` = ? AND `Host` = ?;'; |
|
3293
|
8 |
|
$statement = $this->dbi->prepare($query); |
|
3294
|
8 |
|
if ($statement === null || ! $statement->execute([$user, $host])) { |
|
3295
|
4 |
|
return null; |
|
3296
|
|
|
} |
|
3297
|
|
|
|
|
3298
|
4 |
|
$result = $statement->getResult(); |
|
3299
|
|
|
/** @var array<string, string|null>|null $userPrivileges */ |
|
3300
|
4 |
|
$userPrivileges = $result->fetchAssoc(); |
|
3301
|
4 |
|
if ($userPrivileges === []) { |
|
3302
|
|
|
return null; |
|
3303
|
|
|
} |
|
3304
|
|
|
|
|
3305
|
4 |
|
if (! $hasAccountLocking || ! $this->dbi->isMariaDB()) { |
|
3306
|
|
|
return $userPrivileges; |
|
3307
|
|
|
} |
|
3308
|
|
|
|
|
3309
|
4 |
|
$userPrivileges['account_locked'] = 'N'; |
|
3310
|
|
|
|
|
3311
|
4 |
|
$query = 'SELECT * FROM `mysql`.`global_priv` WHERE `User` = ? AND `Host` = ?;'; |
|
3312
|
4 |
|
$statement = $this->dbi->prepare($query); |
|
3313
|
4 |
|
if ($statement === null || ! $statement->execute([$user, $host])) { |
|
3314
|
|
|
return $userPrivileges; |
|
3315
|
|
|
} |
|
3316
|
|
|
|
|
3317
|
4 |
|
$result = $statement->getResult(); |
|
3318
|
|
|
/** @var array<string, string|null>|null $globalPrivileges */ |
|
3319
|
4 |
|
$globalPrivileges = $result->fetchAssoc(); |
|
3320
|
4 |
|
if ($globalPrivileges === []) { |
|
3321
|
|
|
return $userPrivileges; |
|
3322
|
|
|
} |
|
3323
|
|
|
|
|
3324
|
4 |
|
$privileges = json_decode($globalPrivileges['Priv'] ?? '[]', true); |
|
3325
|
4 |
|
if (! is_array($privileges)) { |
|
3326
|
|
|
return $userPrivileges; |
|
3327
|
|
|
} |
|
3328
|
|
|
|
|
3329
|
4 |
|
if (isset($privileges['account_locked']) && $privileges['account_locked']) { |
|
3330
|
4 |
|
$userPrivileges['account_locked'] = 'Y'; |
|
3331
|
|
|
} |
|
3332
|
|
|
|
|
3333
|
4 |
|
return $userPrivileges; |
|
3334
|
|
|
} |
|
3335
|
|
|
|
|
3336
|
40 |
|
private function getUserHostCondition(string $username, string $hostname): string |
|
3337
|
|
|
{ |
|
3338
|
40 |
|
return ' WHERE `User` = ' . $this->dbi->quoteString($username) |
|
3339
|
40 |
|
. ' AND `Host` = ' . $this->dbi->quoteString($hostname); |
|
3340
|
|
|
} |
|
3341
|
|
|
|
|
3342
|
16 |
|
private function userExists(string $username, string $hostname): bool |
|
3343
|
|
|
{ |
|
3344
|
16 |
|
$sql = "SELECT '1' FROM `mysql`.`user`" . $this->getUserHostCondition($username, $hostname) . ';'; |
|
3345
|
|
|
|
|
3346
|
16 |
|
return (bool) $this->dbi->fetchValue($sql); |
|
3347
|
|
|
} |
|
3348
|
|
|
|
|
3349
|
|
|
/** @param array<array<array<mixed>>> $dbRights */ |
|
3350
|
4 |
|
private function getEmptyUserNotice(array $dbRights): string |
|
3351
|
|
|
{ |
|
3352
|
4 |
|
foreach ($dbRights as $user => $userRights) { |
|
3353
|
4 |
|
foreach (array_keys($userRights) as $host) { |
|
3354
|
4 |
|
if ($user === '' && $host === 'localhost') { |
|
3355
|
|
|
return Message::notice( |
|
3356
|
|
|
__( |
|
3357
|
|
|
'A user account allowing any user from localhost to ' |
|
3358
|
|
|
. 'connect is present. This will prevent other users ' |
|
3359
|
|
|
. 'from connecting if the host part of their account ' |
|
3360
|
|
|
. 'allows a connection from any (%) host.', |
|
3361
|
|
|
) |
|
3362
|
|
|
. MySQLDocumentation::show('problems-connecting'), |
|
3363
|
|
|
)->getDisplay(); |
|
3364
|
|
|
} |
|
3365
|
|
|
} |
|
3366
|
|
|
} |
|
3367
|
|
|
|
|
3368
|
4 |
|
return ''; |
|
3369
|
|
|
} |
|
3370
|
|
|
} |
|
3371
|
|
|
|
phpmyadmin /
phpmyadmin
Loading history...
The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g.
excluded_paths: ["lib/*"], you can move it to the dependency path list as follows:For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths