-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathajaxsaveuseredit.php
131 lines (94 loc) · 2.84 KB
/
ajaxsaveuseredit.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
<?php
/*
SQL Buddy - Web based MySQL administration
http://interruptorgeek.com/sql-buddy-ig-review/
ajaxsavecolumnedit.php
- saves the details of a table column
MIT license
Original : 2008 Calvin Lough <http://calv.in>
Reviewed : 2016 Carlos Martín Arnillas <https://interruptorgeek.com>
*/
include "functions.php";
loginCheck();
$conn->selectDB("mysql");
function removeAdminPrivs($priv) {
if ($priv == "FILE" || $priv == "PROCESS" || $priv == "RELOAD" || $priv == "SHUTDOWN" || $priv == "SUPER")
return false;
else
return true;
}
if (isset($_GET['user']))
$user = $_GET['user'];
if (isset($_POST['NEWPASS']))
$newPass = $_POST['NEWPASS'];
if (isset($_POST['CHOICE']))
$choice = $_POST['CHOICE'];
if (isset($_POST['ACCESSLEVEL']))
$accessLevel = $_POST['ACCESSLEVEL'];
else
$accessLevel = "GLOBAL";
if ($accessLevel != "LIMITED")
$accessLevel = "GLOBAL";
if (isset($_POST['DBLIST']))
$dbList = $_POST['DBLIST'];
else
$dbList = array();
if (isset($_POST['PRIVILEGES']))
$privileges = $_POST['PRIVILEGES'];
else
$privileges = array();
if (isset($_POST['GRANTOPTION']))
$grantOption = $_POST['GRANTOPTION'];
if (isset($user) && ($accessLevel == "GLOBAL" || ($accessLevel == "LIMITED" && sizeof($dbList) > 0))) {
if ($choice == "ALL") {
$privList = "ALL";
} else {
if (isset($privileges) && count($privileges) > 0)
$privList = implode(", ", $privileges);
else
$privList = "USAGE";
if (sizeof($privileges) > 0) {
if ($accessLevel == "LIMITED") {
$privileges = array_filter($privileges, "removeAdminPrivs");
}
$privList = implode(", ", $privileges);
} else {
$privList = "USAGE";
}
}
$split = explode("@", $user);
if (isset($split[0]))
$name = $split[0];
if (isset($split[1]))
$host = $split[1];
if (isset($name) && isset($host)) {
$user = "'" . $name . "'@'" . $host . "'";
if ($accessLevel == "LIMITED") {
$conn->query("DELETE FROM `db` WHERE `User`='$name' AND `Host`='$host'");
foreach ($dbList as $theDb) {
$query = "GRANT " . $privList . " ON `$theDb`.* TO " . $user;
if (isset($grantOption))
$query .= " WITH GRANT OPTION";
$conn->query($query) or ($dbError = $conn->error());
}
} else {
$conn->query("REVOKE ALL PRIVILEGES ON *.* FROM " . $user);
$conn->query("REVOKE GRANT OPTION ON *.* FROM " . $user);
$query = "GRANT " . $privList . " ON *.* TO " . $user;
if (isset($grantOption))
$query .= " WITH GRANT OPTION";
$conn->query($query) or ($dbError = $conn->error());
}
if (isset($newPass))
$conn->query("SET PASSWORD FOR '$name'@'$host' = PASSWORD('$newPass')") or ($dbError = $conn->error());
$conn->query("FLUSH PRIVILEGES") or ($dbError = $conn->error());
echo "{\n";
echo " \"formupdate\": \"" . $_GET['form'] . "\",\n";
echo " \"errormess\": \"";
if (isset($dbError))
echo $dbError;
echo "\"\n";
echo '}';
}
}
?>