sf-static/sql/modules/usermanager.php

<?php
/**
 * This file is a part of MyWebSQL package
 *
 * @file:      modules/usermanager.php
 * @author     Samnan ur Rehman
 * @copyright  (c) 2008-2014 Samnan ur Rehman
 * @web        http://mywebsql.net
 * @license    http://mywebsql.net/license
 */

	function processRequest(&$db) {
		$action = v($_REQUEST["id"]);
		include(BASE_PATH . "/lib/usermanager.php");
		$legacyServer = Session::get('db', 'version') < 5;
		$editor = new userManager($db, $legacyServer);
		$message = '';

		if ($action != '') {
			if ($action == "add")
				$result = addUser($db, v($_REQUEST["query"]), $editor);
			else if ($action == "delete")
				$result = deleteUser($db, v($_REQUEST["query"]), $editor);
			else if ($action == "update")
				$result = updateUser($db, v($_REQUEST["query"]), $editor);

			if ($result) {
				$db->flush('PRIVILEGES', true);
				$message = __('The command executed successfully');
			}
			else
				$message = __('Error occurred while executing the query');
		}

		displayUserForm($db, $editor, $message, $action);
	}

	function displayUserForm(&$db, &$editor, $message, $action) {
		$dbList = $db->getDatabases();
		$userList = $editor->getUsersList();
		$privilegeNames = Privileges::getNames();
		$dbPrivilegeNames = DbPrivileges::getNames();

		// current user name is not plaintext in case of 'update' action
		$userName = '';
		if ($action == 'update') {
			$obj = json_decode(v($_REQUEST['query']));
			if (is_object($obj))
				$userName = $obj->username . '@' . $obj->hostname;
		} else
			$userName = v($_REQUEST['query']);

		$currentUser = selectUser($userList, $userName);
		$privileges  = array();
		$dbPrivileges = array();
		$userInfo = array();
		if ($currentUser) {
			$privileges = $currentUser->getGlobalPrivileges();
			foreach($dbList as $db_name)
				$dbPrivileges[$db_name] = $currentUser->getDbPrivileges($db_name);

			$userInfo = array('username' => $currentUser->userName, 'host' => $currentUser->host);
		}
		$users = userOptions($userList, $currentUser);

		$replace = array(
			'ID' => v($_REQUEST["id"]) ? htmlspecialchars($_REQUEST["id"]) : '',
			'MESSAGE' => $message,
			'USERS' => $users,
			'USER_INFO' => json_encode($userInfo),
			'DATABASES' => json_encode($dbList),
			'PRIVILEGES' => json_encode($privileges),
			'DB_PRIVILEGES' => json_encode($dbPrivileges),
			'PRIVILEGE_NAMES' => json_encode($privilegeNames),
			'DB_PRIVILEGE_NAMES' => json_encode($dbPrivilegeNames)
		);
		echo view('usermanager', $replace);
	}

	function selectUser($list, $user) {
		foreach($list as $obj) {
			$name = $obj->userName . '@' . $obj->host;
			if ($user == $name)
				return $obj;
		}

		$obj = count($list) > 0 ? $list[0] : NULL;
		return $obj;
	}

	function addUser(&$db, $info, &$editor) {
		$info = json_decode($info);

		if (!is_object($info))
			return false;

		return $editor->add($info->username, $info->hostname, $info->pwd);
	}

	function deleteUser(&$db, $info, &$editor) {
		$info = json_decode($info);

		if (!is_object($info))
			return false;

		return $editor->delete($info->username, $info->host);
	}

	function updateUser(&$db, $info, &$editor) {
		$info = json_decode($info);
		if (!is_object($info))
			return false;

		// only change user info if it requires update
		if ($info->oldusername != $info->username || $info->oldhostname != $info->hostname) {
			$result = $editor->update($info->oldusername, $info->oldhostname, $info->username, $info->hostname);
			if (!$result)
				return false;
		}

		// change password only if requested
		if (isset($info->password) && $info->password != '') {
			$result = $editor->updatePassword($info->username, $info->hostname, $info->password);
			if (!$result)
				return false;
		} else if (isset($info->removepass) && $info->removepass == '1') {
			$result = $editor->updatePassword($info->username, $info->hostname, '');
			if (!$result)
				return false;
		}

		$user = $editor->getUser($info->username, $info->hostname);
		$user->setGlobalPrivileges($info->privileges);

		$dbList = $db->getDatabases();
		foreach($dbList as $db_name) {
			$result = $user->setDbPrivileges($db_name, isset($info->db_privileges->$db_name) ? $info->db_privileges->$db_name : array() );
			if (!$result)
				return false;
		}

		return true;
	}

	function userOptions($array, $selected) {
		$str = $selected == '' ? '<option value="">- - -</option>' : '';
		foreach($array as $user) {
			$name = $user->userName . '@' . $user->host;
			if ($selected->userName == $user->userName && $selected->host == $user->host)
				$str .= '<option selected="selected" value="'.htmlspecialchars($name).'">'.htmlspecialchars($name).'</option>';
			else
				$str .= '<option value="'.htmlspecialchars($name).'">'.htmlspecialchars($name).'</option>';
		}

		return $str;
	}
?>
initial commit 2023-02-28 18:21:07 +00:00			`<?php`
			`/**`
			`* This file is a part of MyWebSQL package`
			`*`
			`* @file: modules/usermanager.php`
			`* @author Samnan ur Rehman`
			`* @copyright (c) 2008-2014 Samnan ur Rehman`
			`* @web http://mywebsql.net`
			`* @license http://mywebsql.net/license`
			`*/`

			`function processRequest(&$db) {`
			`$action = v($_REQUEST["id"]);`
			`include(BASE_PATH . "/lib/usermanager.php");`
			`$legacyServer = Session::get('db', 'version') < 5;`
			`$editor = new userManager($db, $legacyServer);`
			`$message = '';`

			`if ($action != '') {`
			`if ($action == "add")`
			`$result = addUser($db, v($_REQUEST["query"]), $editor);`
			`else if ($action == "delete")`
			`$result = deleteUser($db, v($_REQUEST["query"]), $editor);`
			`else if ($action == "update")`
			`$result = updateUser($db, v($_REQUEST["query"]), $editor);`

			`if ($result) {`
			`$db->flush('PRIVILEGES', true);`
			`$message = __('The command executed successfully');`
			`}`
			`else`
			`$message = __('Error occurred while executing the query');`
			`}`

			`displayUserForm($db, $editor, $message, $action);`
			`}`

			`function displayUserForm(&$db, &$editor, $message, $action) {`
			`$dbList = $db->getDatabases();`
			`$userList = $editor->getUsersList();`
			`$privilegeNames = Privileges::getNames();`
			`$dbPrivilegeNames = DbPrivileges::getNames();`

			`// current user name is not plaintext in case of 'update' action`
			`$userName = '';`
			`if ($action == 'update') {`
			`$obj = json_decode(v($_REQUEST['query']));`
			`if (is_object($obj))`
			`$userName = $obj->username . '@' . $obj->hostname;`
			`} else`
			`$userName = v($_REQUEST['query']);`

			`$currentUser = selectUser($userList, $userName);`
			`$privileges = array();`
			`$dbPrivileges = array();`
			`$userInfo = array();`
			`if ($currentUser) {`
			`$privileges = $currentUser->getGlobalPrivileges();`
			`foreach($dbList as $db_name)`
			`$dbPrivileges[$db_name] = $currentUser->getDbPrivileges($db_name);`

			`$userInfo = array('username' => $currentUser->userName, 'host' => $currentUser->host);`
			`}`
			`$users = userOptions($userList, $currentUser);`

			`$replace = array(`
			`'ID' => v($_REQUEST["id"]) ? htmlspecialchars($_REQUEST["id"]) : '',`
			`'MESSAGE' => $message,`
			`'USERS' => $users,`
			`'USER_INFO' => json_encode($userInfo),`
			`'DATABASES' => json_encode($dbList),`
			`'PRIVILEGES' => json_encode($privileges),`
			`'DB_PRIVILEGES' => json_encode($dbPrivileges),`
			`'PRIVILEGE_NAMES' => json_encode($privilegeNames),`
			`'DB_PRIVILEGE_NAMES' => json_encode($dbPrivilegeNames)`
			`);`
			`echo view('usermanager', $replace);`
			`}`

			`function selectUser($list, $user) {`
			`foreach($list as $obj) {`
			`$name = $obj->userName . '@' . $obj->host;`
			`if ($user == $name)`
			`return $obj;`
			`}`

			`$obj = count($list) > 0 ? $list[0] : NULL;`
			`return $obj;`
			`}`

			`function addUser(&$db, $info, &$editor) {`
			`$info = json_decode($info);`

			`if (!is_object($info))`
			`return false;`

			`return $editor->add($info->username, $info->hostname, $info->pwd);`
			`}`

			`function deleteUser(&$db, $info, &$editor) {`
			`$info = json_decode($info);`

			`if (!is_object($info))`
			`return false;`

			`return $editor->delete($info->username, $info->host);`
			`}`

			`function updateUser(&$db, $info, &$editor) {`
			`$info = json_decode($info);`
			`if (!is_object($info))`
			`return false;`

			`// only change user info if it requires update`
			`if ($info->oldusername != $info->username \|\| $info->oldhostname != $info->hostname) {`
			`$result = $editor->update($info->oldusername, $info->oldhostname, $info->username, $info->hostname);`
			`if (!$result)`
			`return false;`
			`}`

			`// change password only if requested`
			`if (isset($info->password) && $info->password != '') {`
			`$result = $editor->updatePassword($info->username, $info->hostname, $info->password);`
			`if (!$result)`
			`return false;`
			`} else if (isset($info->removepass) && $info->removepass == '1') {`
			`$result = $editor->updatePassword($info->username, $info->hostname, '');`
			`if (!$result)`
			`return false;`
			`}`

			`$user = $editor->getUser($info->username, $info->hostname);`
			`$user->setGlobalPrivileges($info->privileges);`

			`$dbList = $db->getDatabases();`
			`foreach($dbList as $db_name) {`
			`$result = $user->setDbPrivileges($db_name, isset($info->db_privileges->$db_name) ? $info->db_privileges->$db_name : array() );`
			`if (!$result)`
			`return false;`
			`}`

			`return true;`
			`}`

			`function userOptions($array, $selected) {`
			`$str = $selected == '' ? '<option value="">- - -</option>' : '';`
			`foreach($array as $user) {`
			`$name = $user->userName . '@' . $user->host;`
			`if ($selected->userName == $user->userName && $selected->host == $user->host)`
			`$str .= '<option selected="selected" value="'.htmlspecialchars($name).'">'.htmlspecialchars($name).'</option>';`
			`else`
			`$str .= '<option value="'.htmlspecialchars($name).'">'.htmlspecialchars($name).'</option>';`
			`}`

			`return $str;`
			`}`
			`?>`