edituser.php

<?php
/*

SQL Buddy - Web based MySQL administration
http://interruptorgeek.com/sql-buddy-ig-review/

edituser.php
- change permissions, password

MIT license

Original : 2008 Calvin Lough <http://calv.in>
Reviewed : 2016 Carlos Martín Arnillas <https://interruptorgeek.com>

*/

include "functions.php";

loginCheck();

$conn->selectDB("mysql");

if (isset($_POST['editParts'])) {
	$editParts = $_POST['editParts'];

	$editParts = explode("; ", $editParts);

	$totalParts = count($editParts);
	$counter = 0;

	$firstField = true;

	foreach ($editParts as $part) {
		$part = trim($part);

		if ($part != "" && $part != ";") {

			list($user, $host) = explode("@", $part);

			$userSQL = $conn->query("SELECT * FROM `user` WHERE `User`='" . $user . "' AND `Host`='" . $host . "'");
			$dbuserSQL = $conn->query("SELECT * FROM `db` WHERE `User`='" . $user . "' AND `Host`='" . $host . "'");

			if ($conn->isResultSet($userSQL)) {

				$allPrivs = true;

				$dbShowList = array();

				if ($conn->isResultSet($dbuserSQL)) {

					$accessLevel = "LIMITED";

					while ($dbuserRow = $conn->fetchAssoc($dbuserSQL)) {
						$selectedPrivs = array();

						$dbShowList[] = $dbuserRow['Db'];

						foreach ($dbuserRow as $key=>$value) {
							if (substr($key, -5) == "_priv" && $key != "Grant_priv" && $value == "N") {
								$allPrivs = false;
							}

							if ($value == "N")
								$selectedPrivs[$key] = $value;
						}

						if (isset($thePrivList)) {
							$thePrivList = array_merge($thePrivList, $selectedPrivs);
						} else {
							$thePrivList = $dbuserRow;
						}
					}
				} else {
					$accessLevel = "GLOBAL";

					$userRow = $conn->fetchAssoc($userSQL);

					foreach ($userRow as $key=>$value) {
						if (substr($key, -5) == "_priv" && $key != "Grant_priv" && $value == "N") {
							$allPrivs = false;
						}
					}

					$thePrivList = $userRow;
				}

				echo '<form id="editform' . $counter . '" querypart="' . $part . '" onsubmit="saveUserEdit(\'editform' . $counter . '\'); return false;">';
				echo '<div class="edituser inputbox">';
				echo '<div class="errormessage" style="margin: 0 7px 13px; display: none"></div>';
				echo '<table class="edit" cellspacing="0" cellpadding="0">';

				?>

				<tr>
					<td class="secondaryheader"><?php echo __("User"); ?>:</td>
					<td><strong><?php echo $part; ?></strong></td>
				</tr>
				<tr>
					<td class="secondaryheader"><?php echo __("Change password"); ?>:</td>
					<td><input type="password" class="text" name="NEWPASS" /></td>
				</tr>
				<?php

				$dbList = $conn->listDatabases();

				if ($conn->isResultSet($dbList)) {

				?>
				<tr>
					<td class="secondaryheader"><?php echo __("Allow access to"); ?>:</td>
					<td>
					<label><input type="radio" name="ACCESSLEVEL" value="GLOBAL" id="ACCESSGLOBAL<?php echo $counter; ?>" onchange="updatePane('ACCESSSELECTED<?php echo $counter; ?>', 'dbaccesspane<?php echo $counter; ?>'); updatePane('ACCESSGLOBAL<?php echo $counter; ?>', 'adminprivlist<?php echo $counter; ?>')" onclick="updatePane('ACCESSSELECTED<?php echo $counter; ?>', 'dbaccesspane<?php echo $counter; ?>'); updatePane('ACCESSGLOBAL<?php echo $counter; ?>', 'adminprivlist<?php echo $counter; ?>')"<?php if ($accessLevel == "GLOBAL") echo ' checked="checked"'; ?> /><?php echo __("All databases"); ?></label><br />
					<label><input type="radio" name="ACCESSLEVEL" value="LIMITED" id="ACCESSSELECTED<?php echo $counter; ?>" onchange="updatePane('ACCESSSELECTED<?php echo $counter; ?>', 'dbaccesspane<?php echo $counter; ?>'); updatePane('ACCESSGLOBA<?php echo $counter; ?>L', 'adminprivlist<?php echo $counter; ?>')" onclick="updatePane('ACCESSSELECTED<?php echo $counter; ?>', 'dbaccesspane<?php echo $counter; ?>'); updatePane('ACCESSGLOBAL<?php echo $counter; ?>', 'adminprivlist<?php echo $counter; ?>')"<?php if ($accessLevel == "LIMITED") echo ' checked="checked"'; ?> /><?php echo __("Selected databases"); ?></label>

					<div id="dbaccesspane<?php echo $counter; ?>"<?php if ($accessLevel == "GLOBAL") echo ' style="display: none"'; ?> class="privpane">
						<table cellpadding="0">
						<?php

						while ($dbRow = $conn->fetchArray($dbList)) {
							echo '<tr>';
							echo '<td>';
							echo '<label><input type="checkbox" name="DBLIST[]" value="' . $dbRow[0] . '"';

							if (in_array($dbRow[0], $dbShowList))
								echo ' checked="checked"';

							echo ' />' . $dbRow[0] . '</label>';
							echo '</td>';
							echo '</tr>';
						}

						?>
						</table>
					</div>

					</td>
				</tr>
				<?php

				}

				?>
				<tr>
					<td class="secondaryheader"><?php echo __("Give user"); ?>:</td>
					<td>
					<label><input type="radio" name="CHOICE" value="ALL" onchange="updatePane('EDITPRIVSELECTED<?php echo $counter; ?>', 'editprivilegepane<?php echo $counter; ?>')" onclick="updatePane('EDITPRIVSELECTED<?php echo $counter; ?>', 'editprivilegepane<?php echo $counter; ?>')" <?php if ($allPrivs) echo 'checked="checked"'; ?> /><?php echo __("All privileges"); ?></label><br />
					<label><input type="radio" name="CHOICE" value="SELECTED" id="EDITPRIVSELECTED<?php echo $counter; ?>" onchange="updatePane('EDITPRIVSELECTED<?php echo $counter; ?>', 'editprivilegepane<?php echo $counter; ?>')" onclick="updatePane('EDITPRIVSELECTED<?php echo $counter; ?>', 'editprivilegepane<?php echo $counter; ?>')" <?php if (!$allPrivs) echo 'checked="checked"'; ?> /><?php echo __("Selected privileges"); ?></label>

					<div id="editprivilegepane<?php echo $counter; ?>" class="privpane" <?php if ($allPrivs) echo 'style="display: none"'; ?>>
					<div class="paneheader">
					<?php echo __("User privileges"); ?>
					</div>
					<table cellpadding="0" id="edituserprivs<?php echo $counter; ?>">
					<tr>
						<td width="50%">
						<label><input type="checkbox" name="PRIVILEGES[]" value="SELECT" <?php if (isset($thePrivList['Select_priv']) && $thePrivList['Select_priv'] == "Y") echo 'checked="checked"'; ?> /><?php echo __("Select"); ?></label>
						</td>
						<td width="50%">
						<label><input type="checkbox" name="PRIVILEGES[]" value="INSERT" <?php if (isset($thePrivList['Insert_priv']) && $thePrivList['Insert_priv'] == "Y") echo 'checked="checked"'; ?> /><?php echo __("Insert"); ?></label>
						</td>
					</tr>
					<tr>
						<td>
						<label><input type="checkbox" name="PRIVILEGES[]" value="UPDATE" <?php if (isset($thePrivList['Update_priv']) && $thePrivList['Update_priv'] == "Y") echo 'checked="checked"'; ?> /><?php echo __("Update"); ?></label>
						</td>
						<td>
						<label><input type="checkbox" name="PRIVILEGES[]" value="DELETE" <?php if (isset($thePrivList['Delete_priv']) && $thePrivList['Delete_priv'] == "Y") echo 'checked="checked"'; ?> /><?php echo __("Delete"); ?></label>
						</td>
					</tr>
					<tr>
						<td>
						<label><input type="checkbox" name="PRIVILEGES[]" value="INDEX" <?php if (isset($thePrivList['Index_priv']) && $thePrivList['Index_priv'] == "Y") echo 'checked="checked"'; ?> /><?php echo __("Index"); ?></label>
						</td>
						<td>
						<label><input type="checkbox" name="PRIVILEGES[]" value="ALTER" <?php if (isset($thePrivList['Alter_priv']) && $thePrivList['Alter_priv'] == "Y") echo 'checked="checked"'; ?> /><?php echo __("Alter"); ?></label>
						</td>
					</tr>
					<tr>
						<td>
						<label><input type="checkbox" name="PRIVILEGES[]" value="CREATE" <?php if (isset($thePrivList['Create_priv']) && $thePrivList['Create_priv'] == "Y") echo 'checked="checked"'; ?> /><?php echo __("Create"); ?></label>
						</td>
						<td>
						<label><input type="checkbox" name="PRIVILEGES[]" value="DROP" <?php if (isset($thePrivList['Drop_priv']) && $thePrivList['Drop_priv'] == "Y") echo 'checked="checked"'; ?> /><?php echo __("Drop"); ?></label>
						</td>
					</tr>
					<tr>
						<td colspan="2">
						<label><input type="checkbox" name="PRIVILEGES[]" value="CREATE TEMPORARY TABLES" <?php if (isset($thePrivList['Create_tmp_table_priv']) && $thePrivList['Create_tmp_table_priv'] == "Y") echo 'checked="checked"'; ?> /><?php echo __("Temp tables"); ?></label>
						</td>
					</tr>
					</table>
					<div id="adminprivlist<?php echo $counter; ?>">
					<div class="paneheader">
					<?php echo __("Administrator privileges"); ?>
					</div>
					<table cellpadding="0" id="editadminprivs<?php echo $counter; ?>">
					<tr>
						<td width="50%">
						<label><input type="checkbox" name="PRIVILEGES[]" value="FILE" <?php if (isset($thePrivList['File_priv']) && $thePrivList['File_priv'] == "Y") echo 'checked="checked"'; ?> /><?php echo __("File"); ?></label>
						</td>
						<td width="50%">
						<label><input type="checkbox" name="PRIVILEGES[]" value="PROCESS" <?php if (isset($thePrivList['Process_priv']) && $thePrivList['Process_priv'] == "Y") echo 'checked="checked"'; ?> /><?php echo __("Process"); ?></label>
						</td>
					</tr>
					<tr>
						<td>
						<label><input type="checkbox" name="PRIVILEGES[]" value="RELOAD" <?php if (isset($thePrivList['Reload_priv']) && $thePrivList['Reload_priv'] == "Y") echo 'checked="checked"'; ?> /><?php echo __("Reload"); ?></label>
						</td>
						<td>
						<label><input type="checkbox" name="PRIVILEGES[]" value="SHUTDOWN" <?php if (isset($thePrivList['Shutdown_priv']) && $thePrivList['Shutdown_priv'] == "Y") echo 'checked="checked"'; ?> /><?php echo __("Shutdown"); ?></label>
						</td>
					</tr>
					<tr>
						<td>
						<label><input type="checkbox" name="PRIVILEGES[]" value="SUPER" <?php if (isset($thePrivList['Super_priv']) && $thePrivList['Super_priv'] == "Y") echo 'checked="checked"'; ?> /><?php echo __("Super"); ?></label>
						</td>
						<td>
						</td>
					</tr>
					</table>
					</div>
					</div>

					</td>
				</tr>
				</table>

				<table cellpadding="0">
				<tr>
					<td class="secondaryheader"><?php echo __("Options"); ?>:</td>
					<td>
					<label><input type="checkbox" name="GRANTOPTION" value="true" <?php if ($thePrivList['Grant_priv'] == "Y") echo 'checked="checked"'; ?> /><?php echo __("Grant option"); ?></label>
					</td>
				</tr>
				</table>

				<div style="margin-top: 10px; height: 22px; padding: 4px 0">
					<input type="submit" class="inputbutton" value="<?php echo __("Submit"); ?>" />&nbsp;&nbsp;<a onclick="cancelEdit('editform<?php echo $counter; ?>')"><?php echo __("Cancel"); ?></a>
				</div>
				</div>
				</form>

			<?php

			} else {
				echo __("User not found!");
			}

			$counter++;
		}
	}

}

?>