Updating SQL rights
This commit is contained in:
Steven Mondji-Lerider
parent
01efac2f2a
commit
bd20cc5d40
|
|
@ -95,7 +95,7 @@ for($i=0;$i<count($rdb);$i++) {
|
||||||
$q=$quota->getquota("mysql");
|
$q=$quota->getquota("mysql");
|
||||||
if($q['u'] == 0 ){
|
if($q['u'] == 0 ){
|
||||||
?>
|
?>
|
||||||
<p> <span class="ina"><a href="sql_add.php"><?php __("Create a new MySQL database"); ?></a></span> </p>
|
<p> <span class="ina"><a href="sql_doadd.php"><?php __("Create a new MySQL database"); ?></a></span> </p>
|
||||||
<?php }else{
|
<?php }else{
|
||||||
?>
|
?>
|
||||||
<form method="post" action="sql_doadd.php" id="main" name="main">
|
<form method="post" action="sql_doadd.php" id="main" name="main">
|
||||||
|
|
|
||||||
|
|
@ -35,12 +35,11 @@ $fields = array (
|
||||||
);
|
);
|
||||||
getFields($fields);
|
getFields($fields);
|
||||||
|
|
||||||
|
|
||||||
foreach($_POST as $k=>$v) {
|
foreach($_POST as $k=>$v) {
|
||||||
$keys[$k]=$v;
|
$keys[$k]=$v;
|
||||||
}
|
}
|
||||||
|
|
||||||
$cleanrights=array("select","update","insert","delete","create","drop","references","index","alter","create_tmp",'lock');
|
$cleanrights=$mysql->available_sql_rights();
|
||||||
foreach($mysql->get_dblist() as $d){
|
foreach($mysql->get_dblist() as $d){
|
||||||
$rights=array();
|
$rights=array();
|
||||||
foreach ($cleanrights as $r) {
|
foreach ($cleanrights as $r) {
|
||||||
|
|
@ -48,6 +47,7 @@ foreach($mysql->get_dblist() as $d){
|
||||||
$rights[]=$r;
|
$rights[]=$r;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
//add if empty rights
|
||||||
$mysql->set_user_rights($id,$d['db'],$rights);
|
$mysql->set_user_rights($id,$d['db'],$rights);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -66,11 +66,18 @@ if ($r) {
|
||||||
<th>ALTER</th>
|
<th>ALTER</th>
|
||||||
<th>CREATE_TMP_TABLE</th>
|
<th>CREATE_TMP_TABLE</th>
|
||||||
<th>LOCK</th>
|
<th>LOCK</th>
|
||||||
|
<th>CREATE VIEW</th>
|
||||||
|
<th>SHOW VIEW</th>
|
||||||
|
<th>CREATE ROUTINE</th>
|
||||||
|
<th>ALTER ROUTINE</th>
|
||||||
|
<th>EXECUTE</th>
|
||||||
|
<th>EVENT</th>
|
||||||
|
<th>TRIGGER</th>
|
||||||
</tr>
|
</tr>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
$col=1;
|
$col=1;
|
||||||
$sql_right=Array('select','insert','update','delete','create','drop','references','index','alter','create_tmp','lock');
|
$sql_right=$mysql->available_sql_rights();
|
||||||
for($i=0;$i<count($r);$i++) {
|
for($i=0;$i<count($r);$i++) {
|
||||||
$val=$r[$i];
|
$val=$r[$i];
|
||||||
$col=3-$col;
|
$col=3-$col;
|
||||||
|
|
|
||||||
|
|
@ -409,6 +409,7 @@ class m_mysql {
|
||||||
function grant($base,$user,$rights=null,$pass=null,$table='*'){
|
function grant($base,$user,$rights=null,$pass=null,$table='*'){
|
||||||
global $err,$db;
|
global $err,$db;
|
||||||
$err->log("mysql","grant",$base."-".$user);
|
$err->log("mysql","grant",$base."-".$user);
|
||||||
|
|
||||||
if(!preg_match("#^[0-9a-z_\\*\\\\]*$#",$base)){
|
if(!preg_match("#^[0-9a-z_\\*\\\\]*$#",$base)){
|
||||||
$err->raise("mysql","base_not_match");
|
$err->raise("mysql","base_not_match");
|
||||||
return false;
|
return false;
|
||||||
|
|
@ -544,7 +545,7 @@ class m_mysql {
|
||||||
$dbu=$dbn;
|
$dbu=$dbn;
|
||||||
$r=array();
|
$r=array();
|
||||||
$dbn=str_replace('_','\_',$dbn);
|
$dbn=str_replace('_','\_',$dbn);
|
||||||
$q=$db->query("Select Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,References_priv,Index_priv,Alter_priv,Create_tmp_table_priv,Lock_tables_priv from mysql.db where Db='".$dbn."' and User!='".$cuid."_myadm';");
|
$q=$db->query("Select * from mysql.db where Db='".$dbn."' and User!='".$cuid."_myadm';");
|
||||||
|
|
||||||
if(!$db->num_rows()){
|
if(!$db->num_rows()){
|
||||||
return $r;
|
return $r;
|
||||||
|
|
@ -587,6 +588,27 @@ class m_mysql {
|
||||||
if($db->f('Lock_tables_priv') !== "Y"){
|
if($db->f('Lock_tables_priv') !== "Y"){
|
||||||
return $r;
|
return $r;
|
||||||
}
|
}
|
||||||
|
if($db->f('Create_view_priv') !== "Y"){
|
||||||
|
return $r;
|
||||||
|
}
|
||||||
|
if($db->f('Show_view_priv') !== "Y"){
|
||||||
|
return $r;
|
||||||
|
}
|
||||||
|
if($db->f('Create_routine_priv') !== "Y"){
|
||||||
|
return $r;
|
||||||
|
}
|
||||||
|
if($db->f('Alter_routine_priv') !== "Y"){
|
||||||
|
return $r;
|
||||||
|
}
|
||||||
|
if($db->f('Execute_priv') !== "Y"){
|
||||||
|
return $r;
|
||||||
|
}
|
||||||
|
if($db->f('Event_priv') !== "Y"){
|
||||||
|
return $r;
|
||||||
|
}
|
||||||
|
if($db->f('Trigger_priv') !== "Y"){
|
||||||
|
return $r;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}//endwhile
|
}//endwhile
|
||||||
if(!$db->query("SELECT name,password from dbusers where name='".$dbu."';")){
|
if(!$db->query("SELECT name,password from dbusers where name='".$dbu."';")){
|
||||||
|
|
@ -748,15 +770,23 @@ class m_mysql {
|
||||||
foreach($dblist as $tab){
|
foreach($dblist as $tab){
|
||||||
$pos=strpos($tab['db'],"_");
|
$pos=strpos($tab['db'],"_");
|
||||||
if($pos === false){
|
if($pos === false){
|
||||||
$this->dbus->query("SELECT Db, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, References_priv, Index_priv, Alter_priv, Create_tmp_table_priv, Lock_tables_priv FROM mysql.db WHERE User='".$user."' AND Host='".$this->dbus->Host."' AND Db='".$tab["db"]."';");
|
$this->dbus->query("SELECT * FROM mysql.db WHERE User='".$user."' AND Host='".$this->dbus->Host."' AND Db='".$tab["db"]."';");
|
||||||
}else{
|
}else{
|
||||||
$dbname=str_replace('_','\_',$tab['db']);
|
$dbname=str_replace('_','\_',$tab['db']);
|
||||||
$this->dbus->query("SELECT Db, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, References_priv, Index_priv, Alter_priv, Create_tmp_table_priv, Lock_tables_priv FROM mysql.db WHERE User='".$user."' AND Host='".$this->dbus->Host."' AND Db='".$dbname."';");
|
$this->dbus->query("SELECT * FROM mysql.db WHERE User='".$user."' AND Host='".$this->dbus->Host."' AND Db='".$dbname."';");
|
||||||
}
|
}
|
||||||
if ($this->dbus->next_record()){
|
if ($this->dbus->next_record()){
|
||||||
$r[]=array("db"=>$tab["db"], "select"=>$this->dbus->f("Select_priv"), "insert"=>$this->dbus->f("Insert_priv"), "update"=>$this->dbus->f("Update_priv"), "delete"=>$this->dbus->f("Delete_priv"), "create"=>$this->dbus->f("Create_priv"), "drop"=>$this->dbus->f("Drop_priv"), "references"=>$this->dbus->f("References_priv"), "index"=>$this->dbus->f("Index_priv"), "alter"=>$this->dbus->f("Alter_priv"), "create_tmp"=>$this->dbus->f("Create_tmp_table_priv"), "lock"=>$this->dbus->f("Lock_tables_priv"));
|
$r[]=array("db"=>$tab["db"], "select"=>$this->dbus->f("Select_priv"), "insert"=>$this->dbus->f("Insert_priv"), "update"=>$this->dbus->f("Update_priv"), "delete"=>$this->dbus->f("Delete_priv"), "create"=>$this->dbus->f("Create_priv"), "drop"=>$this->dbus->f("Drop_priv"), "references"=>$this->dbus->f("References_priv"), "index"=>$this->dbus->f("Index_priv"), "alter"=>$this->dbus->f("Alter_priv"), "create_tmp"=>$this->dbus->f("Create_tmp_table_priv"), "lock"=>$this->dbus->f("Lock_tables_priv"),
|
||||||
|
"create_view"=>$this->dbus->f("Create_view_priv"),
|
||||||
|
"show_view"=>$this->dbus->f("Show_view_priv"),
|
||||||
|
"create_routine"=>$this->dbus->f("Create_routine_priv"),
|
||||||
|
"alter_routine"=>$this->dbus->f("Alter_routine_priv"),
|
||||||
|
"execute"=>$this->dbus->f("Execute_priv"),
|
||||||
|
"event"=>$this->dbus->f("Event_priv"),
|
||||||
|
"trigger"=>$this->dbus->f("Trigger_priv")
|
||||||
|
);
|
||||||
}else{
|
}else{
|
||||||
$r[]=array("db"=>$tab['db'], "select"=>"N", "insert"=>"N", "update"=>"N", "delete"=>"N", "create"=>"N", "drop"=>"N", "references"=>"N", "index"=>"N", "alter"=>"N", "Create_tmp"=>"N", "lock"=>"N" );
|
$r[]=array("db"=>$tab['db'], "select"=>"N", "insert"=>"N", "update"=>"N", "delete"=>"N", "create"=>"N", "drop"=>"N", "references"=>"N", "index"=>"N", "alter"=>"N", "Create_tmp"=>"N", "lock"=>"N","create_view"=>"N","show_view"=>"N","create_routine"=>"N","alter_routine"=>"N","execute"=>"N","event"=>"N","trigger"=>"N");
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -776,7 +806,6 @@ class m_mysql {
|
||||||
function set_user_rights($user,$dbn,$rights) {
|
function set_user_rights($user,$dbn,$rights) {
|
||||||
global $mem,$err,$db;
|
global $mem,$err,$db;
|
||||||
$err->log("mysql","set_user_rights");
|
$err->log("mysql","set_user_rights");
|
||||||
$err->log("mysql",$dbn);
|
|
||||||
|
|
||||||
$usern=addslashes($user);
|
$usern=addslashes($user);
|
||||||
$dbname=addslashes($dbn);
|
$dbname=addslashes($dbn);
|
||||||
|
|
@ -818,6 +847,27 @@ class m_mysql {
|
||||||
case "lock":
|
case "lock":
|
||||||
$strrights.="LOCK TABLES,";
|
$strrights.="LOCK TABLES,";
|
||||||
break;
|
break;
|
||||||
|
case "create_view":
|
||||||
|
$strrights.="CREATE VIEW,";
|
||||||
|
break;
|
||||||
|
case "show_view":
|
||||||
|
$strrights.="SHOW VIEW,";
|
||||||
|
break;
|
||||||
|
case "create_routine":
|
||||||
|
$strrights.="CREATE ROUTINE,";
|
||||||
|
break;
|
||||||
|
case "alter_routine":
|
||||||
|
$strrights.="ALTER ROUTINE,";
|
||||||
|
break;
|
||||||
|
case "execute":
|
||||||
|
$strrights.="EXECUTE,";
|
||||||
|
break;
|
||||||
|
case "event":
|
||||||
|
$strrights.="EVENT,";
|
||||||
|
break;
|
||||||
|
case "trigger":
|
||||||
|
$strrights.="TRIGGER,";
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -833,6 +883,12 @@ class m_mysql {
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function available_sql_rights(){
|
||||||
|
return Array('select','insert','update','delete','create','drop','references','index','alter','create_tmp','lock','create_view','show_view','create_routine','alter_routine','execute','event','trigger');
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* ----------------------------------------------------------------- */
|
/* ----------------------------------------------------------------- */
|
||||||
/** Hook function called by the quota class to compute user used quota
|
/** Hook function called by the quota class to compute user used quota
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue