Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
tree: 207c6fcb46
Fetching contributors…

Octocat-spinner-32-eaf2f5

Cannot retrieve contributors at this time

file 130 lines (93 sloc) 2.845 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130
<?php
/*

SQL Buddy - Web based MySQL administration
http://www.sqlbuddy.com/

ajaxsavecolumnedit.php
- saves the details of a table column

MIT license

2008 Calvin Lough <http://calv.in>

*/

include "functions.php";

loginCheck();

$conn->selectDB("mysql");

function removeAdminPrivs($priv) {
if ($priv == "FILE" || $priv == "PROCESS" || $priv == "RELOAD" || $priv == "SHUTDOWN" || $priv == "SUPER")
return false;
else
return true;
}

if (isset($_GET['user']))
$user = $_GET['user'];

if (isset($_POST['NEWPASS']))
$newPass = $_POST['NEWPASS'];

if (isset($_POST['CHOICE']))
$choice = $_POST['CHOICE'];

if (isset($_POST['ACCESSLEVEL']))
$accessLevel = $_POST['ACCESSLEVEL'];
else
$accessLevel = "GLOBAL";

if ($accessLevel != "LIMITED")
$accessLevel = "GLOBAL";

if (isset($_POST['DBLIST']))
$dbList = $_POST['DBLIST'];
else
$dbList = array();

if (isset($_POST['PRIVILEGES']))
$privileges = $_POST['PRIVILEGES'];
else
$privileges = array();

if (isset($_POST['GRANTOPTION']))
$grantOption = $_POST['GRANTOPTION'];

if (isset($user) && ($accessLevel == "GLOBAL" || ($accessLevel == "LIMITED" && sizeof($dbList) > 0))) {

if ($choice == "ALL") {
$privList = "ALL";
} else {
if (isset($privileges) && count($privileges) > 0)
$privList = implode(", ", $privileges);
else
$privList = "USAGE";

if (sizeof($privileges) > 0) {
if ($accessLevel == "LIMITED") {
$privileges = array_filter($privileges, "removeAdminPrivs");
}

$privList = implode(", ", $privileges);
} else {
$privList = "USAGE";
}

}

$split = explode("@", $user);

if (isset($split[0]))
$name = $split[0];

if (isset($split[1]))
$host = $split[1];

if (isset($name) && isset($host)) {
$user = "'" . $name . "'@'" . $host . "'";

if ($accessLevel == "LIMITED") {
$conn->query("DELETE FROM `db` WHERE `User`='$name' AND `Host`='$host'");

foreach ($dbList as $theDb) {
$query = "GRANT " . $privList . " ON `$theDb`.* TO " . $user;

if (isset($grantOption))
$query .= " WITH GRANT OPTION";

$conn->query($query) or ($dbError = $conn->error());
}
} else {
$conn->query("REVOKE ALL PRIVILEGES ON *.* FROM " . $user);
$conn->query("REVOKE GRANT OPTION ON *.* FROM " . $user);

$query = "GRANT " . $privList . " ON *.* TO " . $user;

if (isset($grantOption))
$query .= " WITH GRANT OPTION";

$conn->query($query) or ($dbError = $conn->error());
}

if (isset($newPass))
$conn->query("SET PASSWORD FOR '$name'@'$host' = PASSWORD('$newPass')") or ($dbError = $conn->error());

$conn->query("FLUSH PRIVILEGES") or ($dbError = $conn->error());

echo "{\n";
echo " \"formupdate\": \"" . $_GET['form'] . "\",\n";
echo " \"errormess\": \"";
if (isset($dbError))
echo $dbError;
echo "\"\n";
echo '}';
}
}

?>
Something went wrong with that request. Please try again.