Viewing file: users.php (12.13 KB) -rw-rw-rw- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php /*
SQL Buddy - Web based MySQL administration http://www.sqlbuddy.com/
users.php - manage users page
MIT license
2008 Calvin Lough <http://calv.in>
*/
include "functions.php";
loginCheck();
function removeAdminPrivs($priv) { if ($priv == "FILE" || $priv == "PROCESS" || $priv == "RELOAD" || $priv == "SHUTDOWN" || $priv == "SUPER") return false; else return true; }
if ($_POST) { if (isset($_POST['NEWHOST'])) $newHost = $_POST['NEWHOST']; else $newHost = "localhost"; if (isset($_POST['NEWNAME'])) $newName = $_POST['NEWNAME']; if (isset($_POST['NEWPASS'])) $newPass = $_POST['NEWPASS']; if (isset($_POST['ACCESSLEVEL'])) $accessLevel = $_POST['ACCESSLEVEL']; else $accessLevel = "GLOBAL"; if ($accessLevel != "LIMITED") $accessLevel = "GLOBAL"; if (isset($_POST['DBLIST'])) $dbList = $_POST['DBLIST']; else $dbList = array(); if (isset($_POST['NEWCHOICE'])) $newChoice = $_POST['NEWCHOICE']; if (isset($_POST['NEWPRIVILEGES'])) $newPrivileges = $_POST['NEWPRIVILEGES']; if (isset($newName) && ($accessLevel == "GLOBAL" || ($accessLevel == "LIMITED" && sizeof($dbList) > 0))) { if ($newChoice == "ALL") { $privList = "ALL"; } else { if (sizeof($newPrivileges) > 0) { if ($accessLevel == "LIMITED") { $newPrivileges = array_filter($newPrivileges, "removeAdminPrivs"); } $privList = implode(", ", $newPrivileges); } else { $privList = "USAGE"; } } if ($accessLevel == "LIMITED") { foreach ($dbList as $theDb) { $newQuery = "GRANT " . $privList; $newQuery .= " ON `$theDb`.*"; $newQuery .= " TO '" . $newName . "'@'" . $newHost . "'"; if ($newPass) $newQuery .= " IDENTIFIED BY '" . $newPass . "'"; if (isset($_POST['GRANTOPTION'])) $newQuery .= " WITH GRANT OPTION"; $conn->query($newQuery) or ($dbError = $conn->error()); } } else { $newQuery = "GRANT " . $privList; $newQuery .= " ON *.*"; $newQuery .= " TO '" . $newName . "'@'" . $newHost . "'"; if ($newPass) $newQuery .= " IDENTIFIED BY '" . $newPass . "'"; if (isset($_POST['GRANTOPTION'])) $newQuery .= " WITH GRANT OPTION"; $conn->query($newQuery) or ($dbError = $conn->error()); } $conn->query("FLUSH PRIVILEGES") or ($dbError = $conn->error()); } }
$connected = $conn->selectDB("mysql");
// delete users if (isset($_POST['deleteUsers']) && $connected) { $deleteUsers = $_POST['deleteUsers']; // boom! $userList = explode(";", $deleteUsers); foreach ($userList as $each) { $split = explode("@", $each, 2); if (isset($split[0])) $user = trim($split[0]); if (isset($split[1])) $host = trim($split[1]); if (isset($user) && isset($host)) { $conn->query("REVOKE ALL PRIVILEGES ON *.* FROM '$user'@'$host'"); $conn->query("REVOKE GRANT OPTION ON *.* FROM '$user'@'$host'"); $conn->query("DELETE FROM `user` WHERE `User`='$user' AND `Host`='$host'"); $conn->query("DELETE FROM `db` WHERE `User`='$user' AND `Host`='$host'"); $conn->query("DELETE FROM `tables_priv` WHERE `User`='$user' AND `Host`='$host'"); $conn->query("DELETE FROM `columns_priv` WHERE `User`='$user' AND `Host`='$host'"); } } $conn->query("FLUSH PRIVILEGES"); }
if (isset($dbError)) { echo '<div class="errormessage" style="margin: 6px 12px 10px 7px; width: 550px">'; echo '<strong>' . __("Error performing operation") . '</strong><p>' . $dbError . '</p>'; echo '</div>'; }
?>
<div class="users">
<?php
if ($connected) { $userSql = $conn->query("SELECT * FROM `user`"); if ($conn->isResultSet($userSql)) { ?> <table class="browsenav"> <tr> <td class="options"> <?php echo __("Select") . ': <a onclick="checkAll()">' . __("All") . '</a> <a onclick="checkNone()">' . __("None") . '</a>'; echo ' ' . __("With selected") . ': <a onclick="editSelectedRows()">' . __("Edit") . '</a> <a onclick="deleteSelectedUsers()">' . __("Delete") . '</a>'; ?> </td> </tr> </table> <?php echo '<div class="grid">'; echo '<div class="emptyvoid"> </div>'; echo '<div class="gridheader impotent">'; echo '<div class="gridheaderinner">'; echo '<table cellpadding="0" cellspacing="0">'; echo '<tr>'; echo '<td><div column="1" class="headertitle column1">' . __("Host") . '</div></td>'; echo '<td><div class="columnresizer"></div></td>'; echo '<td><div column="2" class="headertitle column2">' . __("User") . '</div></td>'; echo '<td><div class="columnresizer"></div></td>'; echo '</tr>'; echo '</table>'; echo '</div>'; echo '</div>'; echo '<div class="leftchecks" style="max-height: 400px">'; $m = 0; while ($userRow = $conn->fetchAssoc($userSql)) { $queryBuilder = $userRow['User'] . "@" . $userRow['Host']; echo '<dl class="manip'; if ($m % 2 == 1) echo ' alternator'; else echo ' alternator2'; echo '"><dt><input type="checkbox" class="check' . $m . '" onclick="rowClicked(' . $m++ . ')" querybuilder="' . $queryBuilder . '" /></dt></dl>'; } echo '</div>'; $userSql = $conn->query("SELECT * FROM `user`"); echo '<div class="gridscroll withchecks" style="overflow-x: hidden; max-height: 400px">'; if ($conn->isResultSet($userSql)) { $m = 0; while ($userRow = $conn->fetchAssoc($userSql)) { echo '<div class="row' . $m . ' browse'; if ($m % 2 == 1) { echo ' alternator'; } else { echo ' alternator2'; } echo '">'; echo '<table cellspacing="0" cellpadding="0">'; echo '<tr>'; echo '<td><div class="item column1">' . $userRow['Host'] . '</div></td>'; echo '<td><div class="item column2">' . $userRow['User'] . '</div></td>'; echo '</tr>'; echo '</table>'; echo '</div>'; $m++; } } echo '</div>'; echo '</div>'; } $hasPermissions = false; // check to see if this user has proper permissions to manage users $checkSql = $conn->query("SELECT `Grant_priv` FROM `user` WHERE `Host`='" . $conn->getOptionValue("host") . "' AND `User`='" . $_SESSION['SB_LOGIN_USER'] . "' LIMIT 1"); if ($conn->isResultSet($checkSql)) { $grantValue = $conn->result($checkSql, 0, "Grant_priv"); if ($grantValue == "Y") { $hasPermissions = true; } } if ($hasPermissions) { ?> <div class="inputbox" style="margin-top: 15px"> <h4><?php echo __("Add a new user"); ?></h4> <form id="NEWUSERFORM" onsubmit="submitForm('NEWUSERFORM'); return false"> <table cellpadding="0"> <tr> <td class="secondaryheader"><?php echo __("Host"); ?>:</td> <td><input type="text" class="text" name="NEWHOST" value="localhost" /></td> </tr> <tr> <td class="secondaryheader"><?php echo __("Name"); ?>:</td> <td><input type="text" class="text" name="NEWNAME" /></td> </tr> <tr> <td class="secondaryheader"><?php echo __("Password"); ?>:</td> <td><input type="password" class="text" name="NEWPASS" /></td> </tr> <?php $dbList = $conn->listDatabases(); if ($conn->isResultSet($dbList)) { ?> <tr> <td class="secondaryheader"><?php echo __("Allow access to"); ?>:</td> <td> <label><input type="radio" name="ACCESSLEVEL" value="GLOBAL" id="ACCESSGLOBAL" onchange="updatePane('ACCESSSELECTED', 'dbaccesspane'); updatePane('ACCESSGLOBAL', 'adminprivlist')" onclick="updatePane('ACCESSSELECTED', 'dbaccesspane'); updatePane('ACCESSGLOBAL', 'adminprivlist')" checked="checked" /><?php echo __("All databases"); ?></label><br /> <label><input type="radio" name="ACCESSLEVEL" value="LIMITED" id="ACCESSSELECTED" onchange="updatePane('ACCESSSELECTED', 'dbaccesspane'); updatePane('ACCESSGLOBAL', 'adminprivlist')" onclick="updatePane('ACCESSSELECTED', 'dbaccesspane'); updatePane('ACCESSGLOBAL', 'adminprivlist')" /><?php echo __("Selected databases"); ?></label> <div id="dbaccesspane" style="display: none" class="privpane"> <table cellpadding="0"> <?php while ($dbRow = $conn->fetchArray($dbList)) { echo '<tr>'; echo '<td>'; echo '<label><input type="checkbox" name="DBLIST[]" value="' . $dbRow[0] . '" />' . $dbRow[0] . '</label>'; echo '</td>'; echo '</tr>'; } ?> </table> </div> </td> </tr> <?php } ?> <tr> <td class="secondaryheader"><?php echo __("Give user"); ?>:</td> <td> <label><input type="radio" name="NEWCHOICE" value="ALL" onchange="updatePane('PRIVSELECTED', 'privilegepane')" onclick="updatePane('PRIVSELECTED', 'privilegepane')" checked="checked" /><?php echo __("All privileges"); ?></label><br /> <label><input type="radio" name="NEWCHOICE" value="SELECTED" id="PRIVSELECTED" onchange="updatePane('PRIVSELECTED', 'privilegepane')" onclick="updatePane('PRIVSELECTED', 'privilegepane')" /><?php echo __("Selected privileges"); ?></label> <div id="privilegepane" style="display: none" class="privpane"> <div class="paneheader"> <?php echo __("User privileges"); ?> </div> <table cellpadding="0" id="userprivs"> <tr> <td width="50%"> <label><input type="checkbox" name="NEWPRIVILEGES[]" value="SELECT" /><?php echo __("Select"); ?></label> </td> <td width="50%"> <label><input type="checkbox" name="NEWPRIVILEGES[]" value="INSERT" /><?php echo __("Insert"); ?></label> </td> </tr> <tr> <td> <label><input type="checkbox" name="NEWPRIVILEGES[]" value="UPDATE" /><?php echo __("Update"); ?></label> </td> <td> <label><input type="checkbox" name="NEWPRIVILEGES[]" value="DELETE" /><?php echo __("Delete"); ?></label> </td> </tr> <tr> <td> <label><input type="checkbox" name="NEWPRIVILEGES[]" value="INDEX" /><?php echo __("Index"); ?></label> </td> <td> <label><input type="checkbox" name="NEWPRIVILEGES[]" value="ALTER" /><?php echo __("Alter"); ?></label> </td> </tr> <tr> <td> <label><input type="checkbox" name="NEWPRIVILEGES[]" value="CREATE" /><?php echo __("Create"); ?></label> </td> <td> <label><input type="checkbox" name="NEWPRIVILEGES[]" value="DROP" /><?php echo __("Drop"); ?></label> </td> </tr> <tr> <td colspan="2"> <label><input type="checkbox" name="NEWPRIVILEGES[]" value="CREATE TEMPORARY TABLES" /><?php echo __("Temp tables"); ?></label> </td> </tr> </table> <div id="adminprivlist"> <div class="paneheader"> <?php echo __("Administrator privileges"); ?> </div> <table cellpadding="0" id="adminprivs"> <tr> <td width="50%"> <label><input type="checkbox" name="NEWPRIVILEGES[]" value="FILE" /><?php echo __("File"); ?></label> </td> <td width="50%"> <label><input type="checkbox" name="NEWPRIVILEGES[]" value="PROCESS" /><?php echo __("Process"); ?></label> </td> </tr> <tr> <td> <label><input type="checkbox" name="NEWPRIVILEGES[]" value="RELOAD" /><?php echo __("Reload"); ?></label> </td> <td> <label><input type="checkbox" name="NEWPRIVILEGES[]" value="SHUTDOWN" /><?php echo __("Shutdown"); ?></label> </td> </tr> <tr> <td> <label><input type="checkbox" name="NEWPRIVILEGES[]" value="SUPER" /><?php echo __("Super"); ?></label> </td> <td> </td> </tr> </table> </div> </div> </td> </tr> </table> <table cellpadding="0"> <tr> <td class="secondaryheader"><?php echo __("Options"); ?>:</td> <td> <label><input type="checkbox" name="GRANTOPTION" value="true" /><?php echo __("Grant option"); ?></label> </td> </tr> </table> <div style="margin-top: 10px; height: 22px; padding: 4px 0"> <input type="submit" class="inputbutton" value="<?php echo __("Submit"); ?>" /> </div> </form> </div> <?php } else { ?> <h4 style="margin-top: 20px"><?php echo __("Error"); ?></h4> <p><?php echo __("You do not have enough permissions to create new users."); ?></p> <?php }
} else { ?> <div class="errorpage"> <h4><?php echo __("Error"); ?></h4> <p><?php echo __("You do not have enough permissions to view or manage users."); ?></p> </div> <?php }
?> </div>
<script type="text/javascript" authkey="<?php echo $requestKey; ?>"> setTimeout(function(){ startGrid(); }, 1); </script>
|