Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Role user test

  • Loading branch information...
commit 8d4e448d15974cba225f8103c18b2b0669c6ffd2 1 parent 597fd88
@xianglei authored
View
7 accesslist.ini
@@ -3,23 +3,28 @@ username=data
password=3e4r5t6y
privdb=all
mrslots=0,0
+role=superadmin
[1]
username=mobile
password=1q2w3e4r
privdb=mvv,mlvv,mdaily,mactive,active_ipad,active_express,mobiletype,mdaily_count,mdownload,msearch
mrslots=2,1
+role=dbadmin
[2]
username=adver
password=1qaz2wsx
privdb=active2,addl,pv,vv,midinfo,click,movie_box_source,moviebox,cms
mrslots=2,1
+role=user
[3]
username=online
password=2wsx3edc
privdb=active2,click,pv,vv,boxlist,drm
mrslots=2,1
+role=user
[4]
username=local
password=2w3e4r5t
privdb=active2,daily5,error5,user_config,asf,bbinding,binstall,associate,face_action,ie_action,tips_test_action
-mrslots=2,1
+mrslots=2,1
+role=user
View
7 config.inc.php
@@ -54,8 +54,8 @@
else
{
- $onlydb = $auth->AuthUser($env["privFile"],$user,$pass);
- if(($onlydb == FALSE) || ($onlydb == ""))
+ $priv = $auth->AuthUser($env["privFile"],$user,$pass);
+ if(($priv == FALSE) || ($priv['privdb'] == ""))
{
include_once "templates/login.html";
die('');
@@ -64,7 +64,8 @@
{
$_SESSION['username'] = $user;
$_SESSION['password'] = $pass;
- $_SESSION['onlydb'] = $onlydb;
+ $_SESSION['onlydb'] = $priv['privdb'];
+ $_SESSION['role'] = $priv['role'];
}
}
View
2  dbList.php
@@ -14,7 +14,7 @@
$i = 0;
echo '<br />';
-if($_SESSION['onlydb'] == "all")
+if($_SESSION['role'] == "superadmin")
{
while('' != @$db_array[$i]) {
echo '<a href="javascript:showsd(\'tableList.php?database='.$db_array[$i].'\',\'dbStructure.php?database='.$db_array[$i].'\')" target="left"><img src=images/database.png>'.$db_array[$i].'</a><br />'."\n";
View
6 dbStructure.php
@@ -41,7 +41,7 @@
echo "<tr bgcolor=#FFFF99>
<td></td>
<td>".$lang['tableName']."</td>";
- if($_SESSION['onlydb'] == "all")
+ if($_SESSION['role'] == "superadmin" || $_SESSION['role'] == "dbadmin")
{
echo "<td>".$lang['alterTable']."</td>
<td>".$lang['loadData']."</td>
@@ -69,7 +69,7 @@
echo "<td>\n";
echo '<a href=sqlQuery.php?table='.$db_array[$i].'&database='.$_GET['database'].' target="right">'.$db_array[$i].'</a>';
echo "</td>\n";
- if($_SESSION['onlydb'] == "all")
+ if($_SESSION['role'] == "superadmin" || $_SESSION['role'] == "dbadmin")
{
echo "<td>\n";
echo "<a href=alterTable.php?database=".$_GET['database']."&table=".$db_array[$i]."><img src=images/b_props.png>".$lang['alterTable']."</a>";
@@ -100,7 +100,7 @@
echo $lang['select']." / ".$lang['deselect']."<bR><br>\n";
echo "<input type=submit name=submit value=".$lang['submit'].">";
echo "</form><br><br>";
- if($_SESSION['onlydb'] == "all")
+ if($_SESSION['role'] == "superadmin" || $_SESSION['role'] == "dbadmin")
{
include_once "templates/add_table.html";
}
View
2  getResult.php
@@ -31,7 +31,7 @@
}
$filename = $env['output_path']."/hive_res.".$str.".csv";
- if($_SESSION['onlydb'] != "all")
+ if($_SESSION['role'] != "superadmin")
{
$logfile = $env['logs_path'].$_SESSION['username']."_".$str.".log";
}
View
4 history.php
@@ -31,7 +31,7 @@
{
if(!is_dir($dir.$file))
{
- if($_SESSION['onlydb'] == 'all')
+ if($_SESSION['role'] == 'superadmin')
{
$file_array[$i] = $file;
}
@@ -95,7 +95,7 @@
$tmp = substr($tmp[1]."_".$tmp[2],0,-4);
if(file_exists($env['output_path']."/hive_res.".$tmp.".csv"))
{
- if($_SESSION['onlydb'] == 'all')
+ if($_SESSION['role'] == 'superadmin')
{
echo "<td><a href=getResult.php?str=".$file.">$file</a></td>\n";
}
View
2  index.php
@@ -2,7 +2,7 @@
include_once 'config.inc.php';
-if($_SESSION['onlydb'] != "")
+if($_SESSION['role'] != "")
{
if(@$_GET['frame'])
{
View
4 libs/classes/class.auth.php
@@ -56,7 +56,7 @@ public function AuthUser($pAuthFilename,$pUsername,$pPassword)
{
if(preg_match("/\b".$pUsername."\b/",$v["username"]) && preg_match("/\b".$pPassword."\b/", $v["password"]))
{
- return $v['privdb'];
+ return $v;
}
else
{
@@ -108,7 +108,7 @@ public function AuthSql($pPrivilege,$pSql)
preg_match("/\bdfs -\b/i",$pSql)
)
{
- if($pPrivilege != "all")
+ if($pPrivilege != "superadmin" || $pPrivilege != "dbadmin")
{
return FALSE;
}
View
2  sqlQuery.php
@@ -123,7 +123,7 @@
$sha1 = $etc->FingerPrintMake();
#auth if have enough privileges to do hql query
- $sql = $auth->AuthSql($_SESSION['onlydb'],@$_POST['sql']);
+ $sql = $auth->AuthSql($_SESSION['role'],@$_POST['sql']);
if($sql == FALSE)
{
die("<script>alert('".$lang['permissionDenied']."');history.back()</script>");
View
2  templates/sql_query_navi.html
@@ -15,7 +15,7 @@
</a>
</td>-->
<?php
-if($_SESSION['onlydb'] == "all")
+if($_SESSION['role'] == "superadmin" || $_SESSION['role'] == "dbadmin")
{
?>
<td>
Please sign in to comment.
Something went wrong with that request. Please try again.