157 lines
No EOL
4.6 KiB
PHP
157 lines
No EOL
4.6 KiB
PHP
<?php
|
|
/**
|
|
* This file is a part of MyWebSQL package
|
|
*
|
|
* @file: modules/usermanager.php
|
|
* @author Samnan ur Rehman
|
|
* @copyright (c) 2008-2014 Samnan ur Rehman
|
|
* @web http://mywebsql.net
|
|
* @license http://mywebsql.net/license
|
|
*/
|
|
|
|
function processRequest(&$db) {
|
|
$action = v($_REQUEST["id"]);
|
|
include(BASE_PATH . "/lib/usermanager.php");
|
|
$legacyServer = Session::get('db', 'version') < 5;
|
|
$editor = new userManager($db, $legacyServer);
|
|
$message = '';
|
|
|
|
if ($action != '') {
|
|
if ($action == "add")
|
|
$result = addUser($db, v($_REQUEST["query"]), $editor);
|
|
else if ($action == "delete")
|
|
$result = deleteUser($db, v($_REQUEST["query"]), $editor);
|
|
else if ($action == "update")
|
|
$result = updateUser($db, v($_REQUEST["query"]), $editor);
|
|
|
|
if ($result) {
|
|
$db->flush('PRIVILEGES', true);
|
|
$message = __('The command executed successfully');
|
|
}
|
|
else
|
|
$message = __('Error occurred while executing the query');
|
|
}
|
|
|
|
displayUserForm($db, $editor, $message, $action);
|
|
}
|
|
|
|
function displayUserForm(&$db, &$editor, $message, $action) {
|
|
$dbList = $db->getDatabases();
|
|
$userList = $editor->getUsersList();
|
|
$privilegeNames = Privileges::getNames();
|
|
$dbPrivilegeNames = DbPrivileges::getNames();
|
|
|
|
// current user name is not plaintext in case of 'update' action
|
|
$userName = '';
|
|
if ($action == 'update') {
|
|
$obj = json_decode(v($_REQUEST['query']));
|
|
if (is_object($obj))
|
|
$userName = $obj->username . '@' . $obj->hostname;
|
|
} else
|
|
$userName = v($_REQUEST['query']);
|
|
|
|
$currentUser = selectUser($userList, $userName);
|
|
$privileges = array();
|
|
$dbPrivileges = array();
|
|
$userInfo = array();
|
|
if ($currentUser) {
|
|
$privileges = $currentUser->getGlobalPrivileges();
|
|
foreach($dbList as $db_name)
|
|
$dbPrivileges[$db_name] = $currentUser->getDbPrivileges($db_name);
|
|
|
|
$userInfo = array('username' => $currentUser->userName, 'host' => $currentUser->host);
|
|
}
|
|
$users = userOptions($userList, $currentUser);
|
|
|
|
$replace = array(
|
|
'ID' => v($_REQUEST["id"]) ? htmlspecialchars($_REQUEST["id"]) : '',
|
|
'MESSAGE' => $message,
|
|
'USERS' => $users,
|
|
'USER_INFO' => json_encode($userInfo),
|
|
'DATABASES' => json_encode($dbList),
|
|
'PRIVILEGES' => json_encode($privileges),
|
|
'DB_PRIVILEGES' => json_encode($dbPrivileges),
|
|
'PRIVILEGE_NAMES' => json_encode($privilegeNames),
|
|
'DB_PRIVILEGE_NAMES' => json_encode($dbPrivilegeNames)
|
|
);
|
|
echo view('usermanager', $replace);
|
|
}
|
|
|
|
function selectUser($list, $user) {
|
|
foreach($list as $obj) {
|
|
$name = $obj->userName . '@' . $obj->host;
|
|
if ($user == $name)
|
|
return $obj;
|
|
}
|
|
|
|
$obj = count($list) > 0 ? $list[0] : NULL;
|
|
return $obj;
|
|
}
|
|
|
|
function addUser(&$db, $info, &$editor) {
|
|
$info = json_decode($info);
|
|
|
|
if (!is_object($info))
|
|
return false;
|
|
|
|
return $editor->add($info->username, $info->hostname, $info->pwd);
|
|
}
|
|
|
|
function deleteUser(&$db, $info, &$editor) {
|
|
$info = json_decode($info);
|
|
|
|
if (!is_object($info))
|
|
return false;
|
|
|
|
return $editor->delete($info->username, $info->host);
|
|
}
|
|
|
|
function updateUser(&$db, $info, &$editor) {
|
|
$info = json_decode($info);
|
|
if (!is_object($info))
|
|
return false;
|
|
|
|
// only change user info if it requires update
|
|
if ($info->oldusername != $info->username || $info->oldhostname != $info->hostname) {
|
|
$result = $editor->update($info->oldusername, $info->oldhostname, $info->username, $info->hostname);
|
|
if (!$result)
|
|
return false;
|
|
}
|
|
|
|
// change password only if requested
|
|
if (isset($info->password) && $info->password != '') {
|
|
$result = $editor->updatePassword($info->username, $info->hostname, $info->password);
|
|
if (!$result)
|
|
return false;
|
|
} else if (isset($info->removepass) && $info->removepass == '1') {
|
|
$result = $editor->updatePassword($info->username, $info->hostname, '');
|
|
if (!$result)
|
|
return false;
|
|
}
|
|
|
|
$user = $editor->getUser($info->username, $info->hostname);
|
|
$user->setGlobalPrivileges($info->privileges);
|
|
|
|
$dbList = $db->getDatabases();
|
|
foreach($dbList as $db_name) {
|
|
$result = $user->setDbPrivileges($db_name, isset($info->db_privileges->$db_name) ? $info->db_privileges->$db_name : array() );
|
|
if (!$result)
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
function userOptions($array, $selected) {
|
|
$str = $selected == '' ? '<option value="">- - -</option>' : '';
|
|
foreach($array as $user) {
|
|
$name = $user->userName . '@' . $user->host;
|
|
if ($selected->userName == $user->userName && $selected->host == $user->host)
|
|
$str .= '<option selected="selected" value="'.htmlspecialchars($name).'">'.htmlspecialchars($name).'</option>';
|
|
else
|
|
$str .= '<option value="'.htmlspecialchars($name).'">'.htmlspecialchars($name).'</option>';
|
|
}
|
|
|
|
return $str;
|
|
}
|
|
?>
|