$html_output .= Template::get('select_all')
'pma_theme_image' => $GLOBALS['pmaThemeImage'],
'text_dir' => $GLOBALS['text_dir'],
'form_name' => "usersForm",
$html_output .= Util::getButtonOrImage(
'submit_mult', 'mult_submit',
__('Export'), 'b_tblexport', 'export'
$html_output .= '';
$html_output .= '';
} else {
$html_output .= self::getHtmlForViewUsersError();
// Offer to create a new user for the current database
$html_output .= self::getAddUserHtmlFieldset($db, $table);
return $html_output;
* gets privilege map
* @param string $db the database
* @return array $privMap the privilege map
public static function getPrivMap($db)
list($listOfPrivs, $listOfComparedPrivs)
= self::getListOfPrivilegesAndComparedPrivileges();
= "("
. " SELECT " . $listOfPrivs . ", '*' AS `Db`, 'g' AS `Type`"
. " FROM `mysql`.`user`"
. " WHERE NOT (" . $listOfComparedPrivs . ")"
. ")"
. " UNION "
. "("
. " SELECT " . $listOfPrivs . ", `Db`, 'd' AS `Type`"
. " FROM `mysql`.`db`"
. " WHERE '" . $GLOBALS['dbi']->escapeString($db) . "' LIKE `Db`"
. " AND NOT (" . $listOfComparedPrivs . ")"
. ")"
. " ORDER BY `User` ASC, `Host` ASC, `Db` ASC;";
$res = $GLOBALS['dbi']->query($sql_query);
$privMap = array();
self::mergePrivMapFromResult($privMap, $res);
return $privMap;
* merge privilege map and rows from resultset
* @param array &$privMap the privilege map reference
* @param object $result the resultset of query
* @return void
public static function mergePrivMapFromResult(array &$privMap, $result)
while ($row = $GLOBALS['dbi']->fetchAssoc($result)) {
$user = $row['User'];
$host = $row['Host'];
if (! isset($privMap[$user])) {
$privMap[$user] = array();
if (! isset($privMap[$user][$host])) {
$privMap[$user][$host] = array();
$privMap[$user][$host][] = $row;
* Get HTML snippet for privileges table head
* @return string $html_output
public static function getHtmlForPrivsTableHead()
return '
. ''
. ' | '
. '' . __('User name') . ' | '
. '' . __('Host name') . ' | '
. '' . __('Type') . ' | '
. '' . __('Privileges') . ' | '
. '' . __('Grant') . ' | '
. '' . __('Action') . ' | '
. '
. '';
* Get HTML error for View Users form
* For non superusers such as grant/create users
* @return string $html_output
public static function getHtmlForViewUsersError()
return Message::error(
__('Not enough privilege to view users.')
* Get HTML snippet for table body of specific database or table privileges
* @param array $privMap privilege map
* @param string $db database
* @return string $html_output
public static function getHtmlTableBodyForSpecificDbOrTablePrivs($privMap, $db)
$html_output = '
$index_checkbox = 0;
if (empty($privMap)) {
$html_output .= ''
. ''
. __('No user found.')
. ' | '
. '
. '';
return $html_output;
foreach ($privMap as $current_user => $val) {
foreach ($val as $current_host => $current_privileges) {
$nbPrivileges = count($current_privileges);
$html_output .= '
$value = htmlspecialchars($current_user . '' . $current_host);
$html_output .= ' 1) {
$html_output .= ' rowspan="' . $nbPrivileges . '"';
$html_output .= '>';
$html_output .= ' | ' . "\n";
// user
$html_output .= ' 1) {
$html_output .= ' rowspan="' . $nbPrivileges . '"';
$html_output .= '>';
if (empty($current_user)) {
$html_output .= ''
. __('Any') . '';
} else {
$html_output .= htmlspecialchars($current_user);
$html_output .= ' | ';
// host
$html_output .= ' 1) {
$html_output .= ' rowspan="' . $nbPrivileges . '"';
$html_output .= '>';
$html_output .= htmlspecialchars($current_host);
$html_output .= ' | ';
$html_output .= self::getHtmlListOfPrivs(
$db, $current_privileges, $current_user,
//For fetching routine based privileges
$html_output .= self::getHtmlTableBodyForSpecificDbRoutinePrivs($db, $index_checkbox);
$html_output .= '';
return $html_output;
* Get HTML to display privileges
* @param string $db Database name
* @param array $current_privileges List of privileges
* @param string $current_user Current user
* @param string $current_host Current host
* @return string HTML to display privileges
public static function getHtmlListOfPrivs(
$db, array $current_privileges, $current_user,
) {
$nbPrivileges = count($current_privileges);
$html_output = null;
for ($i = 0; $i < $nbPrivileges; $i++) {
$current = $current_privileges[$i];
// type
$html_output .= '';
if ($current['Type'] == 'g') {
$html_output .= __('global');
} elseif ($current['Type'] == 'd') {
if ($current['Db'] == Util::escapeMysqlWildcards($db)) {
$html_output .= __('database-specific');
} else {
$html_output .= __('wildcard') . ': '
. ''
. htmlspecialchars($current['Db'])
. ' ';
} elseif ($current['Type'] == 't') {
$html_output .= __('table-specific');
$html_output .= ' | ';
// privileges
$html_output .= '';
if (isset($current['Table_name'])) {
$privList = explode(',', $current['Table_priv']);
$privs = array();
$grantsArr = self::getTableGrantsArray();
foreach ($grantsArr as $grant) {
$privs[$grant[0]] = 'N';
foreach ($privList as $priv) {
if ($grant[0] == $priv) {
$privs[$grant[0]] = 'Y';
$html_output .= ''
. join(
self::extractPrivInfo($privs, true, true)
. ' ';
} else {
$html_output .= ''
. join(
self::extractPrivInfo($current, true, false)
. ' ';
$html_output .= ' | ';
// grant
$html_output .= '';
$containsGrant = false;
if (isset($current['Table_name'])) {
$privList = explode(',', $current['Table_priv']);
foreach ($privList as $priv) {
if ($priv == 'Grant') {
$containsGrant = true;
} else {
$containsGrant = $current['Grant_priv'] == 'Y';
$html_output .= ($containsGrant ? __('Yes') : __('No'));
$html_output .= ' | ';
// action
$html_output .= '';
$specific_db = (isset($current['Db']) && $current['Db'] != '*')
? $current['Db'] : '';
$specific_table = (isset($current['Table_name'])
&& $current['Table_name'] != '*')
? $current['Table_name'] : '';
if ($GLOBALS['is_grantuser']) {
$html_output .= self::getUserLink(
$html_output .= ' | ';
$html_output .= ''
. self::getUserLink(
. ' | ';
$html_output .= '
if (($i + 1) < $nbPrivileges) {
$html_output .= '
return $html_output;
* Returns edit, revoke or export link for a user.
* @param string $linktype The link type (edit | revoke | export)
* @param string $username User name
* @param string $hostname Host name
* @param string $dbname Database name
* @param string $tablename Table name
* @param string $routinename Routine name
* @param string $initial Initial value
* @return string HTML code with link
public static function getUserLink(
$linktype, $username, $hostname, $dbname = '',
$tablename = '', $routinename = '', $initial = ''
) {
$html = ' $username,
'hostname' => $hostname
switch($linktype) {
case 'edit':
$params['dbname'] = $dbname;
$params['tablename'] = $tablename;
$params['routinename'] = $routinename;
case 'revoke':
$params['dbname'] = $dbname;
$params['tablename'] = $tablename;
$params['routinename'] = $routinename;
$params['revokeall'] = 1;
case 'export':
$params['initial'] = $initial;
$params['export'] = 1;
$html .= ' href="server_privileges.php';
if ($linktype == 'revoke') {
$html .= '" data-post="' . Url::getCommon($params, '');
} else {
$html .= Url::getCommon($params);
$html .= '">';
switch($linktype) {
case 'edit':
$html .= Util::getIcon('b_usredit', __('Edit privileges'));
case 'revoke':
$html .= Util::getIcon('b_usrdrop', __('Revoke'));
case 'export':
$html .= Util::getIcon('b_tblexport', __('Export'));
$html .= '';
return $html;
* Returns user group edit link
* @param string $username User name
* @return string HTML code with link
public static function getUserGroupEditLink($username)
return ''
. Util::getIcon('b_usrlist', __('Edit user group'))
. '';
* Returns number of defined user groups
* @return integer $user_group_count
public static function getUserGroupCount()
$relation = new Relation();
$cfgRelation = $relation->getRelationsParam();
$user_group_table = Util::backquote($cfgRelation['db'])
. '.' . Util::backquote($cfgRelation['usergroups']);
$sql_query = 'SELECT COUNT(*) FROM ' . $user_group_table;
$user_group_count = $GLOBALS['dbi']->fetchValue(
$sql_query, 0, 0, DatabaseInterface::CONNECT_CONTROL
return $user_group_count;
* Returns name of user group that user is part of
* @param string $username User name
* @return mixed usergroup if found or null if not found
public static function getUserGroupForUser($username)
$relation = new Relation();
$cfgRelation = $relation->getRelationsParam();
if (empty($cfgRelation['db'])
|| empty($cfgRelation['users'])
) {
return null;
$user_table = Util::backquote($cfgRelation['db'])
. '.' . Util::backquote($cfgRelation['users']);
$sql_query = 'SELECT `usergroup` FROM ' . $user_table
. ' WHERE `username` = \'' . $username . '\''
. ' LIMIT 1';
$usergroup = $GLOBALS['dbi']->fetchValue(
$sql_query, 0, 0, DatabaseInterface::CONNECT_CONTROL
if ($usergroup === false) {
return null;
return $usergroup;
* This function return the extra data array for the ajax behavior
* @param string $password password
* @param string $sql_query sql query
* @param string $hostname hostname
* @param string $username username
* @return array $extra_data
public static function getExtraDataForAjaxBehavior(
$password, $sql_query, $hostname, $username
) {
$relation = new Relation();
if (isset($GLOBALS['dbname'])) {
//if (preg_match('/\\\\(?:_|%)/i', $dbname)) {
if (preg_match('/(? 0) {
$extra_data['sql_query'] = Util::getMessage(null, $sql_query);
if (isset($_POST['change_copy'])) {
* generate html on the fly for the new user that was just created.
$new_user_string = '
' . "\n"
. ' '
. ' | ' . "\n"
. ' | ' . "\n"
. '' . htmlspecialchars($hostname) . ' | ' . "\n";
$new_user_string .= '';
if (! empty($password) || isset($_POST['pma_pw'])) {
$new_user_string .= __('Yes');
} else {
$new_user_string .= ''
. __('No')
. '';
$new_user_string .= ' | ' . "\n";
$new_user_string .= ''
. '' . join(', ', self::extractPrivInfo(null, true)) . ' '
. ' | '; //Fill in privileges here
// if $cfg['Servers'][$i]['users'] and $cfg['Servers'][$i]['usergroups'] are
// enabled
$cfgRelation = $relation->getRelationsParam();
if (!empty($cfgRelation['users']) && !empty($cfgRelation['usergroups'])) {
$new_user_string .= ' | ';
$new_user_string .= '';
if ((isset($_POST['Grant_priv']) && $_POST['Grant_priv'] == 'Y')) {
$new_user_string .= __('Yes');
} else {
$new_user_string .= __('No');
$new_user_string .=' | ';
if ($GLOBALS['is_grantuser']) {
$new_user_string .= ''
. self::getUserLink('edit', $username, $hostname)
. ' | ' . "\n";
if ($cfgRelation['menuswork'] && $user_group_count > 0) {
$new_user_string .= ''
. self::getUserGroupEditLink($username)
. ' | ' . "\n";
$new_user_string .= ''
. self::getUserLink(
isset($_GET['initial']) ? $_GET['initial'] : ''
. ' | ' . "\n";
$new_user_string .= '
$extra_data['new_user_string'] = $new_user_string;
* Generate the string for this alphabet's initial, to update the user
* pagination
$new_user_initial = mb_strtoupper(
mb_substr($username, 0, 1)
$newUserInitialString = '
. $new_user_initial . '';
$extra_data['new_user_initial'] = $new_user_initial;
$extra_data['new_user_initial_string'] = $newUserInitialString;
if (isset($_POST['update_privs'])) {
$extra_data['db_specific_privs'] = false;
$extra_data['db_wildcard_privs'] = false;
if (isset($dbname_is_wildcard)) {
$extra_data['db_specific_privs'] = ! $dbname_is_wildcard;
$extra_data['db_wildcard_privs'] = $dbname_is_wildcard;
$new_privileges = join(', ', self::extractPrivInfo(null, true));
$extra_data['new_privileges'] = $new_privileges;
if (isset($_GET['validate_username'])) {
$sql_query = "SELECT * FROM `mysql`.`user` WHERE `User` = '"
. $GLOBALS['dbi']->escapeString($_GET['username']) . "';";
$res = $GLOBALS['dbi']->query($sql_query);
$row = $GLOBALS['dbi']->fetchRow($res);
if (empty($row)) {
$extra_data['user_exists'] = false;
} else {
$extra_data['user_exists'] = true;
return $extra_data;
* Get the HTML snippet for change user login information
* @param string $username username
* @param string $hostname host name
* @return string HTML snippet
public static function getChangeLoginInformationHtmlForm($username, $hostname)
$choices = array(
'4' => __('… keep the old one.'),
'1' => __('… delete the old one from the user tables.'),
'2' => __(
'… revoke all active privileges from '
. 'the old one and delete it afterwards.'
'3' => __(
'… delete the old one from the user tables '
. 'and reload the privileges afterwards.'
$html_output = '' . "\n";
return $html_output;
* Provide a line with links to the relevant database and table
* @param string $url_dbname url database name that urlencode() string
* @param string $dbname database name
* @param string $tablename table name
* @return string HTML snippet
public static function getLinkToDbAndTable($url_dbname, $dbname, $tablename)
$html_output = '[ ' . __('Database')
. '
. htmlspecialchars(Util::unescapeMysqlWildcards($dbname)) . ': '
. Util::getTitleForTarget(
. " ]\n";
if (strlen($tablename) > 0) {
$html_output .= ' [ ' . __('Table') . '
' . htmlspecialchars($tablename) . ': '
. Util::getTitleForTarget(
. " ]\n";
return $html_output;
* no db name given, so we want all privs for the given user
* db name was given, so we want all user specific rights for this db
* So this function returns user rights as an array
* @param string $username username
* @param string $hostname host name
* @param string $type database or table
* @param string $dbname database name
* @return array $db_rights database rights
public static function getUserSpecificRights($username, $hostname, $type, $dbname = '')
$user_host_condition = " WHERE `User`"
. " = '" . $GLOBALS['dbi']->escapeString($username) . "'"
. " AND `Host`"
. " = '" . $GLOBALS['dbi']->escapeString($hostname) . "'";
if ($type == 'database') {
$tables_to_search_for_users = array(
'tables_priv', 'columns_priv', 'procs_priv'
$dbOrTableName = 'Db';
} elseif ($type == 'table') {
$user_host_condition .= " AND `Db` LIKE '"
. $GLOBALS['dbi']->escapeString($dbname) . "'";
$tables_to_search_for_users = array('columns_priv',);
$dbOrTableName = 'Table_name';
} else { // routine
$user_host_condition .= " AND `Db` LIKE '"
. $GLOBALS['dbi']->escapeString($dbname) . "'";
$tables_to_search_for_users = array('procs_priv',);
$dbOrTableName = 'Routine_name';
// we also want privileges for this user not in table `db` but in other table
$tables = $GLOBALS['dbi']->fetchResult('SHOW TABLES FROM `mysql`;');
$db_rights_sqls = array();
foreach ($tables_to_search_for_users as $table_search_in) {
if (in_array($table_search_in, $tables)) {
$db_rights_sqls[] = '
SELECT DISTINCT `' . $dbOrTableName . '`
FROM `mysql`.' . Util::backquote($table_search_in)
. $user_host_condition;
$user_defaults = array(
$dbOrTableName => '',
'Grant_priv' => 'N',
'privs' => array('USAGE'),
'Column_priv' => true,
// for the rights
$db_rights = array();
$db_rights_sql = '(' . implode(') UNION (', $db_rights_sqls) . ')'
. ' ORDER BY `' . $dbOrTableName . '` ASC';
$db_rights_result = $GLOBALS['dbi']->query($db_rights_sql);
while ($db_rights_row = $GLOBALS['dbi']->fetchAssoc($db_rights_result)) {
$db_rights_row = array_merge($user_defaults, $db_rights_row);
if ($type == 'database') {
// only Db names in the table `mysql`.`db` uses wildcards
// as we are in the db specific rights display we want
// all db names escaped, also from other sources
$db_rights_row['Db'] = Util::escapeMysqlWildcards(
$db_rights[$db_rights_row[$dbOrTableName]] = $db_rights_row;
if ($type == 'database') {
$sql_query = 'SELECT * FROM `mysql`.`db`'
. $user_host_condition . ' ORDER BY `Db` ASC';
} elseif ($type == 'table') {
$sql_query = 'SELECT `Table_name`,'
. ' `Table_priv`,'
. ' IF(`Column_priv` = _latin1 \'\', 0, 1)'
. ' AS \'Column_priv\''
. ' FROM `mysql`.`tables_priv`'
. $user_host_condition
. ' ORDER BY `Table_name` ASC;';
} else {
$sql_query = "SELECT `Routine_name`, `Proc_priv`"
. " FROM `mysql`.`procs_priv`"
. $user_host_condition
. " ORDER BY `Routine_name`";
$result = $GLOBALS['dbi']->query($sql_query);
while ($row = $GLOBALS['dbi']->fetchAssoc($result)) {
if (isset($db_rights[$row[$dbOrTableName]])) {
= array_merge($db_rights[$row[$dbOrTableName]], $row);
} else {
$db_rights[$row[$dbOrTableName]] = $row;
if ($type == 'database') {
// there are db specific rights for this user
// so we can drop this db rights
$db_rights[$row['Db']]['can_delete'] = true;
return $db_rights;
* Parses Proc_priv data
* @param string $privs Proc_priv
* @return array
public static function parseProcPriv($privs)
$result = array(
'Alter_routine_priv' => 'N',
'Execute_priv' => 'N',
'Grant_priv' => 'N',
foreach (explode(',', $privs) as $priv) {
if ($priv == 'Alter Routine') {
$result['Alter_routine_priv'] = 'Y';
} else {
$result[$priv . '_priv'] = 'Y';
return $result;
* Get a HTML table for display user's tabel specific or database specific rights
* @param string $username username
* @param string $hostname host name
* @param string $type database, table or routine
* @param string $dbname database name
* @return array $html_output
public static function getHtmlForAllTableSpecificRights(
$username, $hostname, $type, $dbname = ''
) {
$uiData = array(
'database' => array(
'form_id' => 'database_specific_priv',
'sub_menu_label' => __('Database'),
'legend' => __('Database-specific privileges'),
'type_label' => __('Database'),
'table' => array(
'form_id' => 'table_specific_priv',
'sub_menu_label' => __('Table'),
'legend' => __('Table-specific privileges'),
'type_label' => __('Table'),
'routine' => array(
'form_id' => 'routine_specific_priv',
'sub_menu_label' => __('Routine'),
'legend' => __('Routine-specific privileges'),
'type_label' => __('Routine'),
* no db name given, so we want all privs for the given user
* db name was given, so we want all user specific rights for this db
$db_rights = self::getUserSpecificRights($username, $hostname, $type, $dbname);
$foundRows = array();
$privileges = array();
foreach ($db_rights as $row) {
$onePrivilege = array();
$paramTableName = '';
$paramRoutineName = '';
if ($type == 'database') {
$name = $row['Db'];
$onePrivilege['grant'] = $row['Grant_priv'] == 'Y';
$onePrivilege['table_privs'] = ! empty($row['Table_priv'])
|| ! empty($row['Column_priv']);
$onePrivilege['privileges'] = join(',', self::extractPrivInfo($row, true));
$paramDbName = $row['Db'];
} elseif ($type == 'table') {
$name = $row['Table_name'];
$onePrivilege['grant'] = in_array(
explode(',', $row['Table_priv'])
$onePrivilege['column_privs'] = ! empty($row['Column_priv']);
$onePrivilege['privileges'] = join(',', self::extractPrivInfo($row, true));
$paramDbName = $dbname;
$paramTableName = $row['Table_name'];
} else { // routine
$name = $row['Routine_name'];
$onePrivilege['grant'] = in_array(
explode(',', $row['Proc_priv'])
$privs = self::parseProcPriv($row['Proc_priv']);
$onePrivilege['privileges'] = join(
self::extractPrivInfo($privs, true)
$paramDbName = $dbname;
$paramRoutineName = $row['Routine_name'];
$foundRows[] = $name;
$onePrivilege['name'] = $name;
$onePrivilege['edit_link'] = '';
if ($GLOBALS['is_grantuser']) {
$onePrivilege['edit_link'] = self::getUserLink(
$onePrivilege['revoke_link'] = '';
if ($type != 'database' || ! empty($row['can_delete'])) {
$onePrivilege['revoke_link'] = self::getUserLink(
$privileges[] = $onePrivilege;
$data = $uiData[$type];
$data['privileges'] = $privileges;
$data['username'] = $username;
$data['hostname'] = $hostname;
$data['database'] = $dbname;
$data['type'] = $type;
if ($type == 'database') {
// we already have the list of databases from libraries/common.inc.php
// via $pma = new PMA;
$pred_db_array = $GLOBALS['dblist']->databases;
$databases_to_skip = array('information_schema', 'performance_schema');
$databases = array();
if (! empty($pred_db_array)) {
foreach ($pred_db_array as $current_db) {
if (in_array($current_db, $databases_to_skip)) {
$current_db_escaped = Util::escapeMysqlWildcards($current_db);
// cannot use array_diff() once, outside of the loop,
// because the list of databases has special characters
// already escaped in $foundRows,
// contrary to the output of SHOW DATABASES
if (! in_array($current_db_escaped, $foundRows)) {
$databases[] = $current_db;
$data['databases'] = $databases;
} elseif ($type == 'table') {
$result = @$GLOBALS['dbi']->tryQuery(
"SHOW TABLES FROM " . Util::backquote($dbname),
$tables = array();
if ($result) {
while ($row = $GLOBALS['dbi']->fetchRow($result)) {
if (! in_array($row[0], $foundRows)) {
$tables[] = $row[0];
$data['tables'] = $tables;
} else { // routine
$routineData = $GLOBALS['dbi']->getRoutines($dbname);
$routines = array();
foreach ($routineData as $routine) {
if (! in_array($routine['name'], $foundRows)) {
$routines[] = $routine['name'];
$data['routines'] = $routines;
$html_output = Template::get('privileges/privileges_summary')
return $html_output;
* Get HTML for display the users overview
* (if less than 50 users, display them immediately)
* @param array $result ran sql query
* @param array $db_rights user's database rights array
* @param string $pmaThemeImage a image source link
* @param string $text_dir text directory
* @return string HTML snippet
public static function getUsersOverview($result, array $db_rights, $pmaThemeImage, $text_dir)
while ($row = $GLOBALS['dbi']->fetchAssoc($result)) {
$row['privs'] = self::extractPrivInfo($row, true);
$db_rights[$row['User']][$row['Host']] = $row;
$user_group_count = 0;
if ($GLOBALS['cfgRelation']['menuswork']) {
$user_group_count = self::getUserGroupCount();
= '
' . "\n";
return $html_output;
* Get table body for 'tableuserrights' table in userform
* @param array $db_rights user's database rights array
* @return string HTML snippet
public static function getHtmlTableBodyForUserRights(array $db_rights)
$relation = new Relation();
$cfgRelation = $relation->getRelationsParam();
if ($cfgRelation['menuswork']) {
$users_table = Util::backquote($cfgRelation['db'])
. "." . Util::backquote($cfgRelation['users']);
$sql_query = 'SELECT * FROM ' . $users_table;
$result = $relation->queryAsControlUser($sql_query, false);
$group_assignment = array();
if ($result) {
while ($row = $GLOBALS['dbi']->fetchAssoc($result)) {
$group_assignment[$row['username']] = $row['usergroup'];
$user_group_count = self::getUserGroupCount();
$index_checkbox = 0;
$html_output = '';
foreach ($db_rights as $user) {
foreach ($user as $host) {
$html_output .= '
. "\n";
$html_output .= ''
. ' | ' . "\n";
$html_output .= ' | ' . "\n"
. '' . htmlspecialchars($host['Host']) . ' | ' . "\n";
$html_output .= '';
$password_column = 'Password';
$check_plugin_query = "SELECT * FROM `mysql`.`user` WHERE "
. "`User` = '" . $host['User'] . "' AND `Host` = '"
. $host['Host'] . "'";
$res = $GLOBALS['dbi']->fetchSingleRow($check_plugin_query);
if ((isset($res['authentication_string'])
&& ! empty($res['authentication_string']))
|| (isset($res['Password'])
&& ! empty($res['Password']))
) {
$host[$password_column] = 'Y';
} else {
$host[$password_column] = 'N';
switch ($host[$password_column]) {
case 'Y':
$html_output .= __('Yes');
case 'N':
$html_output .= '' . __('No')
. '';
// this happens if this is a definition not coming from mysql.user
$html_output .= '--'; // in future version, replace by "not present"
} // end switch
if (! isset($host['Select_priv'])) {
$html_output .= Util::showHint(
__('The selected user was not found in the privilege table.')
$html_output .= ' | ' . "\n";
$html_output .= '' . "\n"
. '' . implode(',' . "\n" . ' ', $host['privs']) . "\n"
. ' | ' . "\n";
if ($cfgRelation['menuswork']) {
$html_output .= '' . "\n"
. (isset($group_assignment[$host['User']])
? htmlspecialchars($group_assignment[$host['User']])
: ''
. ' | ' . "\n";
$html_output .= ''
. ($host['Grant_priv'] == 'Y' ? __('Yes') : __('No'))
. ' | ' . "\n";
if ($GLOBALS['is_grantuser']) {
$html_output .= ''
. self::getUserLink(
. ' | ';
if ($cfgRelation['menuswork'] && $user_group_count > 0) {
if (empty($host['User'])) {
$html_output .= ' | ';
} else {
$html_output .= ''
. self::getUserGroupEditLink($host['User'])
. ' | ';
$html_output .= ''
. self::getUserLink(
isset($_GET['initial']) ? $_GET['initial'] : ''
. ' | ';
$html_output .= '
return $html_output;
* Get HTML fieldset for Add/Delete user
* @return string HTML snippet
public static function getFieldsetForAddDeleteUser()
$html_output = self::getAddUserHtmlFieldset();
$html_output .= Template::get('privileges/delete_user_fieldset')
return $html_output;
* Get HTML for Displays the initials
* @param array $array_initials array for all initials, even non A-Z
* @return string HTML snippet
public static function getHtmlForInitials(array $array_initials)
// initialize to false the letters A-Z
for ($letter_counter = 1; $letter_counter < 27; $letter_counter++) {
if (! isset($array_initials[mb_chr($letter_counter + 64)])) {
$array_initials[mb_chr($letter_counter + 64)] = false;
$initials = $GLOBALS['dbi']->tryQuery(
. ' ORDER BY UPPER(LEFT(`User`,1)) ASC',
if ($initials) {
while (list($tmp_initial) = $GLOBALS['dbi']->fetchRow($initials)) {
$array_initials[$tmp_initial] = true;
// Display the initials, which can be any characters, not
// just letters. For letters A-Z, we add the non-used letters
// as greyed out.
uksort($array_initials, "strnatcasecmp");
$html_output = Template::get('privileges/initials_row')
'array_initials' => $array_initials,
'initial' => isset($_GET['initial']) ? $_GET['initial'] : null,
return $html_output;
* Get the database rights array for Display user overview
* @return array $db_rights database rights array
public static function getDbRightsForUserOverview()
// we also want users not in table `user` but in other table
$tables = $GLOBALS['dbi']->fetchResult('SHOW TABLES FROM `mysql`;');
$tablesSearchForUsers = array(
'user', 'db', 'tables_priv', 'columns_priv', 'procs_priv',
$db_rights_sqls = array();
foreach ($tablesSearchForUsers as $table_search_in) {
if (in_array($table_search_in, $tables)) {
$db_rights_sqls[] = 'SELECT DISTINCT `User`, `Host` FROM `mysql`.`'
. $table_search_in . '` '
. (isset($_GET['initial'])
? self::rangeOfUsers($_GET['initial'])
: '');
$user_defaults = array(
'User' => '',
'Host' => '%',
'Password' => '?',
'Grant_priv' => 'N',
'privs' => array('USAGE'),
// for the rights
$db_rights = array();
$db_rights_sql = '(' . implode(') UNION (', $db_rights_sqls) . ')'
. ' ORDER BY `User` ASC, `Host` ASC';
$db_rights_result = $GLOBALS['dbi']->query($db_rights_sql);
while ($db_rights_row = $GLOBALS['dbi']->fetchAssoc($db_rights_result)) {
$db_rights_row = array_merge($user_defaults, $db_rights_row);
= $db_rights_row;
return $db_rights;
* Delete user and get message and sql query for delete user in privileges
* @param array $queries queries
* @return array Message
public static function deleteUser(array $queries)
$sql_query = '';
if (empty($queries)) {
$message = Message::error(__('No users selected for deleting!'));
} else {
if ($_POST['mode'] == 3) {
$queries[] = '# ' . __('Reloading the privileges') . ' …';
$queries[] = 'FLUSH PRIVILEGES;';
$drop_user_error = '';
foreach ($queries as $sql_query) {
if ($sql_query[0] != '#') {
if (! $GLOBALS['dbi']->tryQuery($sql_query)) {
$drop_user_error .= $GLOBALS['dbi']->getError() . "\n";
// tracking sets this, causing the deleted db to be shown in navi
$sql_query = join("\n", $queries);
if (! empty($drop_user_error)) {
$message = Message::rawError($drop_user_error);
} else {
$message = Message::success(
__('The selected users have been deleted successfully.')
return array($sql_query, $message);
* Update the privileges and return the success or error message
* @param string $username username
* @param string $hostname host name
* @param string $tablename table name
* @param string $dbname database name
* @param string $itemType item type
* @return Message success message or error message for update
public static function updatePrivileges($username, $hostname, $tablename, $dbname, $itemType)
$db_and_table = self::wildcardEscapeForGrant($dbname, $tablename);
$sql_query0 = 'REVOKE ALL PRIVILEGES ON ' . $itemType . ' ' . $db_and_table
. ' FROM \'' . $GLOBALS['dbi']->escapeString($username)
. '\'@\'' . $GLOBALS['dbi']->escapeString($hostname) . '\';';
if (! isset($_POST['Grant_priv']) || $_POST['Grant_priv'] != 'Y') {
$sql_query1 = 'REVOKE GRANT OPTION ON ' . $itemType . ' ' . $db_and_table
. ' FROM \'' . $GLOBALS['dbi']->escapeString($username) . '\'@\''
. $GLOBALS['dbi']->escapeString($hostname) . '\';';
} else {
$sql_query1 = '';
// Should not do a GRANT USAGE for a table-specific privilege, it
// causes problems later (cannot revoke it)
if (! (strlen($tablename) > 0
&& 'USAGE' == implode('', self::extractPrivInfo()))
) {
$sql_query2 = 'GRANT ' . join(', ', self::extractPrivInfo())
. ' ON ' . $itemType . ' ' . $db_and_table
. ' TO \'' . $GLOBALS['dbi']->escapeString($username) . '\'@\''
. $GLOBALS['dbi']->escapeString($hostname) . '\'';
if (strlen($dbname) === 0) {
// add REQUIRE clause
$sql_query2 .= self::getRequireClause();
if ((isset($_POST['Grant_priv']) && $_POST['Grant_priv'] == 'Y')
|| (strlen($dbname) === 0
&& (isset($_POST['max_questions']) || isset($_POST['max_connections'])
|| isset($_POST['max_updates'])
|| isset($_POST['max_user_connections'])))
) {
$sql_query2 .= self::getWithClauseForAddUserAndUpdatePrivs();
$sql_query2 .= ';';
if (! $GLOBALS['dbi']->tryQuery($sql_query0)) {
// This might fail when the executing user does not have
// ALL PRIVILEGES himself.
// See https://github.com/phpmyadmin/phpmyadmin/issues/9673
$sql_query0 = '';
if (! empty($sql_query1) && ! $GLOBALS['dbi']->tryQuery($sql_query1)) {
// this one may fail, too...
$sql_query1 = '';
if (! empty($sql_query2)) {
} else {
$sql_query2 = '';
$sql_query = $sql_query0 . ' ' . $sql_query1 . ' ' . $sql_query2;
$message = Message::success(__('You have updated the privileges for %s.'));
$message->addParam('\'' . $username . '\'@\'' . $hostname . '\'');
return array($sql_query, $message);
* Get List of information: Changes / copies a user
* @return array
public static function getDataForChangeOrCopyUser()
$queries = null;
$password = null;
if (isset($_POST['change_copy'])) {
$user_host_condition = ' WHERE `User` = '
. "'" . $GLOBALS['dbi']->escapeString($_POST['old_username']) . "'"
. ' AND `Host` = '
. "'" . $GLOBALS['dbi']->escapeString($_POST['old_hostname']) . "';";
$row = $GLOBALS['dbi']->fetchSingleRow(
'SELECT * FROM `mysql`.`user` ' . $user_host_condition
if (! $row) {
$response = Response::getInstance();
Message::notice(__('No user found.'))->getDisplay()
} else {
extract($row, EXTR_OVERWRITE);
foreach ($row as $key => $value) {
$GLOBALS[$key] = $value;
$serverVersion = $GLOBALS['dbi']->getVersion();
// Recent MySQL versions have the field "Password" in mysql.user,
// so the previous extract creates $Password but this script
// uses $password
if (! isset($password) && isset($Password)) {
$password = $Password;
if (Util::getServerType() == 'MySQL'
&& $serverVersion >= 50606
&& $serverVersion < 50706
&& ((isset($authentication_string)
&& empty($password))
|| (isset($plugin)
&& $plugin == 'sha256_password'))
) {
$password = $authentication_string;
if (Util::getServerType() == 'MariaDB'
&& $serverVersion >= 50500
&& isset($authentication_string)
&& empty($password)
) {
$password = $authentication_string;
// Always use 'authentication_string' column
// for MySQL 5.7.6+ since it does not have
// the 'password' column at all
if (in_array(Util::getServerType(), array('MySQL', 'Percona Server'))
&& $serverVersion >= 50706
&& isset($authentication_string)
) {
$password = $authentication_string;
$queries = array();
return array($queries, $password);
* Update Data for information: Deletes users
* @param array $queries queries array
* @return array
public static function getDataForDeleteUsers($queries)
if (isset($_POST['change_copy'])) {
$selected_usr = array(
$_POST['old_username'] . '' . $_POST['old_hostname']
} else {
$selected_usr = $_POST['selected_usr'];
$queries = array();
// this happens, was seen in https://reports.phpmyadmin.net/reports/view/17146
if (! is_array($selected_usr)) {
return array();
foreach ($selected_usr as $each_user) {
list($this_user, $this_host) = explode('', $each_user);
$queries[] = '# '
. sprintf(
__('Deleting %s'),
'\'' . $this_user . '\'@\'' . $this_host . '\''
. ' ...';
$queries[] = 'DROP USER \''
. $GLOBALS['dbi']->escapeString($this_user)
. '\'@\'' . $GLOBALS['dbi']->escapeString($this_host) . '\';';
if (isset($_POST['drop_users_db'])) {
. Util::backquote($this_user) . ';';
$GLOBALS['reload'] = true;
return $queries;
* update Message For Reload
* @return array
public static function updateMessageForReload()
$message = null;
if (isset($_GET['flush_privileges'])) {
$sql_query = 'FLUSH PRIVILEGES;';
$message = Message::success(
__('The privileges were reloaded successfully.')
if (isset($_GET['validate_username'])) {
$message = Message::success();
return $message;
* update Data For Queries from queries_for_display
* @param array $queries queries array
* @param array|null $queries_for_display queries array for display
* @return null
public static function getDataForQueries(array $queries, $queries_for_display)
$tmp_count = 0;
foreach ($queries as $sql_query) {
if ($sql_query[0] != '#') {
// when there is a query containing a hidden password, take it
// instead of the real query sent
if (isset($queries_for_display[$tmp_count])) {
$queries[$tmp_count] = $queries_for_display[$tmp_count];
return $queries;
* update Data for information: Adds a user
* @param string $dbname db name
* @param string $username user name
* @param string $hostname host name
* @param string $password password
* @param bool $is_menuwork is_menuwork set?
* @return array
public static function addUser(
$dbname, $username, $hostname,
$password, $is_menuwork
) {
$_add_user_error = false;
$message = null;
$queries = null;
$queries_for_display = null;
$sql_query = null;
if (!isset($_POST['adduser_submit']) && !isset($_POST['change_copy'])) {
return array(
$message, $queries, $queries_for_display, $sql_query, $_add_user_error
$sql_query = '';
if ($_POST['pred_username'] == 'any') {
$username = '';
switch ($_POST['pred_hostname']) {
case 'any':
$hostname = '%';
case 'localhost':
$hostname = 'localhost';
case 'hosttable':
$hostname = '';
case 'thishost':
$_user_name = $GLOBALS['dbi']->fetchValue('SELECT USER()');
$hostname = mb_substr(
(mb_strrpos($_user_name, '@') + 1)
$sql = "SELECT '1' FROM `mysql`.`user`"
. " WHERE `User` = '" . $GLOBALS['dbi']->escapeString($username) . "'"
. " AND `Host` = '" . $GLOBALS['dbi']->escapeString($hostname) . "';";
if ($GLOBALS['dbi']->fetchValue($sql) == 1) {
$message = Message::error(__('The user %s already exists!'));
$message->addParam('[em]\'' . $username . '\'@\'' . $hostname . '\'[/em]');
$_GET['adduser'] = true;
$_add_user_error = true;
return array(
$create_user_real, $create_user_show, $real_sql_query, $sql_query,
$password_set_real, $password_set_show,
) = self::getSqlQueriesForDisplayAndAddUser(
$username, $hostname, (isset($password) ? $password : '')
if (empty($_POST['change_copy'])) {
$_error = false;
if (isset($create_user_real)) {
if (!$GLOBALS['dbi']->tryQuery($create_user_real)) {
$_error = true;
if (isset($password_set_real) && !empty($password_set_real)
&& isset($_POST['authentication_plugin'])
) {
if ($GLOBALS['dbi']->tryQuery($password_set_real)) {
$sql_query .= $password_set_show;
$sql_query = $create_user_show . $sql_query;
list($sql_query, $message) = self::addUserAndCreateDatabase(
isset($dbname) ? $dbname : null,
if (!empty($_POST['userGroup']) && $is_menuwork) {
self::setUserGroup($GLOBALS['username'], $_POST['userGroup']);
return array(
// Copy the user group while copying a user
$old_usergroup =
isset($_POST['old_usergroup']) ? $_POST['old_usergroup'] : null;
self::setUserGroup($_POST['username'], $old_usergroup);
if (isset($create_user_real)) {
$queries[] = $create_user_real;
$queries[] = $real_sql_query;
if (isset($password_set_real) && ! empty($password_set_real)
&& isset($_POST['authentication_plugin'])
) {
$queries[] = $password_set_real;
// we put the query containing the hidden password in
// $queries_for_display, at the same position occupied
// by the real query in $queries
$tmp_count = count($queries);
if (isset($create_user_real)) {
$queries_for_display[$tmp_count - 2] = $create_user_show;
if (isset($password_set_real) && ! empty($password_set_real)) {
$queries_for_display[$tmp_count - 3] = $create_user_show;
$queries_for_display[$tmp_count - 2] = $sql_query;
$queries_for_display[$tmp_count - 1] = $password_set_show;
} else {
$queries_for_display[$tmp_count - 1] = $sql_query;
return array(
$message, $queries, $queries_for_display, $sql_query, $_add_user_error
* Sets proper value of `old_passwords` according to
* the authentication plugin selected
* @param string $auth_plugin authentication plugin selected
* @return void
public static function setProperPasswordHashing($auth_plugin)
// Set the hashing method used by PASSWORD()
// to be of type depending upon $authentication_plugin
if ($auth_plugin == 'sha256_password') {
$GLOBALS['dbi']->tryQuery('SET `old_passwords` = 2;');
} elseif ($auth_plugin == 'mysql_old_password') {
$GLOBALS['dbi']->tryQuery('SET `old_passwords` = 1;');
} else {
$GLOBALS['dbi']->tryQuery('SET `old_passwords` = 0;');
* Update DB information: DB, Table, isWildcard
* @return array
public static function getDataForDBInfo()
$username = null;
$hostname = null;
$dbname = null;
$tablename = null;
$routinename = null;
$dbname_is_wildcard = null;
if (isset($_REQUEST['username'])) {
$username = $_REQUEST['username'];
if (isset($_REQUEST['hostname'])) {
$hostname = $_REQUEST['hostname'];
* Checks if a dropdown box has been used for selecting a database / table
if (Core::isValid($_POST['pred_tablename'])) {
$tablename = $_POST['pred_tablename'];
} elseif (Core::isValid($_REQUEST['tablename'])) {
$tablename = $_REQUEST['tablename'];
} else {
if (Core::isValid($_POST['pred_routinename'])) {
$routinename = $_POST['pred_routinename'];
} elseif (Core::isValid($_REQUEST['routinename'])) {
$routinename = $_REQUEST['routinename'];
} else {
if (isset($_POST['pred_dbname'])) {
$is_valid_pred_dbname = true;
foreach ($_POST['pred_dbname'] as $key => $db_name) {
if (! Core::isValid($db_name)) {
$is_valid_pred_dbname = false;
if (isset($_REQUEST['dbname'])) {
$is_valid_dbname = true;
if (is_array($_REQUEST['dbname'])) {
foreach ($_REQUEST['dbname'] as $key => $db_name) {
if (! Core::isValid($db_name)) {
$is_valid_dbname = false;
} else {
if (! Core::isValid($_REQUEST['dbname'])) {
$is_valid_dbname = false;
if (isset($is_valid_pred_dbname) && $is_valid_pred_dbname) {
$dbname = $_POST['pred_dbname'];
// If dbname contains only one database.
if (count($dbname) == 1) {
$dbname = $dbname[0];
} elseif (isset($is_valid_dbname) && $is_valid_dbname) {
$dbname = $_REQUEST['dbname'];
} else {
if (isset($dbname)) {
if (is_array($dbname)) {
$db_and_table = $dbname;
foreach ($db_and_table as $key => $db_name) {
$db_and_table[$key] .= '.';
} else {
$unescaped_db = Util::unescapeMysqlWildcards($dbname);
$db_and_table = Util::backquote($unescaped_db) . '.';
if (isset($tablename)) {
$db_and_table .= Util::backquote($tablename);
} else {
if (is_array($db_and_table)) {
foreach ($db_and_table as $key => $db_name) {
$db_and_table[$key] .= '*';
} else {
$db_and_table .= '*';
} else {
$db_and_table = '*.*';
// check if given $dbname is a wildcard or not
if (isset($dbname)) {
//if (preg_match('/\\\\(?:_|%)/i', $dbname)) {
if (! is_array($dbname) && preg_match('/(?';
if (isset($_POST['selected_usr'])) {
// export privileges for selected users
$title = __('Privileges');
//For removing duplicate entries of users
$_POST['selected_usr'] = array_unique($_POST['selected_usr']);
foreach ($_POST['selected_usr'] as $export_user) {
$export_username = mb_substr(
$export_user, 0, mb_strpos($export_user, '&')
$export_hostname = mb_substr(
$export_user, mb_strrpos($export_user, ';') + 1
$export .= '# '
. sprintf(
__('Privileges for %s'),
'`' . htmlspecialchars($export_username)
. '`@`' . htmlspecialchars($export_hostname) . '`'
. "\n\n";
$export .= self::getGrants($export_username, $export_hostname) . "\n";
} else {
// export privileges for a single user
$title = __('User') . ' `' . htmlspecialchars($username)
. '`@`' . htmlspecialchars($hostname) . '`';
$export .= self::getGrants($username, $hostname);
// remove trailing whitespace
$export = trim($export);
$export .= '';
return array($title, $export);
* Get HTML for display Add userfieldset
* @param string $db the database
* @param string $table the table name
* @return string html output
public static function getAddUserHtmlFieldset($db = '', $table = '')
if (!$GLOBALS['is_createuser']) {
return '';
$rel_params = array();
$url_params = array(
'adduser' => 1
if (!empty($db)) {
= $rel_params['checkprivsdb']
= $db;
if (!empty($table)) {
= $rel_params['checkprivstable']
= $table;
return Template::get('privileges/add_user_fieldset')
'url_params' => $url_params,
'rel_params' => $rel_params
* Get HTML header for display User's properties
* @param boolean $dbname_is_wildcard whether database name is wildcard or not
* @param string $url_dbname url database name that urlencode() string
* @param string $dbname database name
* @param string $username username
* @param string $hostname host name
* @param string $entity_name entity (table or routine) name
* @param string $entity_type optional, type of entity ('table' or 'routine')
* @return string $html_output
public static function getHtmlHeaderForUserProperties(
$dbname_is_wildcard, $url_dbname, $dbname,
$username, $hostname, $entity_name, $entity_type='table'
) {
$html_output = '
' . "\n"
. Util::getIcon('b_usredit')
. __('Edit privileges:') . ' '
. __('User account');
if (! empty($dbname)) {
$html_output .= ' \'' . htmlspecialchars($username)
. '\'@\'' . htmlspecialchars($hostname)
. '\'' . "\n";
$html_output .= ' - ';
$html_output .= ($dbname_is_wildcard
|| is_array($dbname) && count($dbname) > 1)
? __('Databases') : __('Database');
if (! empty($entity_name) && $entity_type === 'table') {
$html_output .= ' ' . htmlspecialchars($dbname)
. '';
$html_output .= ' - ' . __('Table')
. ' ' . htmlspecialchars($entity_name) . '';
} elseif (! empty($entity_name)) {
$html_output .= ' ' . htmlspecialchars($dbname)
. '';
$html_output .= ' - ' . __('Routine')
. ' ' . htmlspecialchars($entity_name) . '';
} else {
if (! is_array($dbname)) {
$dbname = array($dbname);
$html_output .= ' '
. htmlspecialchars(implode(', ', $dbname))
. '';
} else {
$html_output .= ' \'' . htmlspecialchars($username)
. '\'@\'' . htmlspecialchars($hostname)
. '\'' . "\n";
$html_output .= '
' . "\n";
$cur_user = $GLOBALS['dbi']->getCurrentUser();
$user = $username . '@' . $hostname;
// Add a short notice for the user
// to remind him that he is editing his own privileges
if ($user === $cur_user) {
$html_output .= Message::notice(
'Note: You are attempting to edit privileges of the '
. 'user with which you are currently logged in.'
return $html_output;
* Get HTML snippet for display user overview page
* @param string $pmaThemeImage a image source link
* @param string $text_dir text directory
* @return string $html_output
public static function getHtmlForUserOverview($pmaThemeImage, $text_dir)
$html_output = '
' . "\n"
. Util::getIcon('b_usrlist')
. __('User accounts overview') . "\n"
. '
' . "\n";
$password_column = 'Password';
$server_type = Util::getServerType();
$serverVersion = $GLOBALS['dbi']->getVersion();
if (($server_type == 'MySQL' || $server_type == 'Percona Server')
&& $serverVersion >= 50706
) {
$password_column = 'authentication_string';
// $sql_query is for the initial-filtered,
// $sql_query_all is for counting the total no. of users
$sql_query = $sql_query_all = 'SELECT *,' .
" IF(`" . $password_column . "` = _latin1 '', 'N', 'Y') AS 'Password'" .
' FROM `mysql`.`user`';
$sql_query .= (isset($_GET['initial'])
? self::rangeOfUsers($_GET['initial'])
: '');
$sql_query .= ' ORDER BY `User` ASC, `Host` ASC;';
$sql_query_all .= ' ;';
$res = $GLOBALS['dbi']->tryQuery(
$res_all = $GLOBALS['dbi']->tryQuery(
if (! $res) {
// the query failed! This may have two reasons:
// - the user does not have enough privileges
// - the privilege tables use a structure of an earlier version.
// so let's try a more simple query
$sql_query = 'SELECT * FROM `mysql`.`user`';
$res = $GLOBALS['dbi']->tryQuery(
if (! $res) {
$html_output .= self::getHtmlForViewUsersError();
$html_output .= self::getAddUserHtmlFieldset();
} else {
// This message is hardcoded because I will replace it by
// a automatic repair feature soon.
$raw = 'Your privilege table structure seems to be older than'
. ' this MySQL version!
. 'Please run the
. ' that should be included in your MySQL server distribution'
. ' to solve this problem!';
$html_output .= Message::rawError($raw)->getDisplay();
} else {
$db_rights = self::getDbRightsForUserOverview();
// for all initials, even non A-Z
$array_initials = array();
foreach ($db_rights as $right) {
foreach ($right as $account) {
if (empty($account['User']) && $account['Host'] == 'localhost') {
$html_output .= Message::notice(
'A user account allowing any user from localhost to '
. 'connect is present. This will prevent other users '
. 'from connecting if the host part of their account '
. 'allows a connection from any (%) host.'
. Util::showMySQLDocu('problems-connecting')
break 2;
* Displays the initials
* Also not necessary if there is less than 20 privileges
if ($GLOBALS['dbi']->numRows($res_all) > 20) {
$html_output .= self::getHtmlForInitials($array_initials);
* Display the user overview
* (if less than 50 users, display them immediately)
if (isset($_GET['initial'])
|| isset($_GET['showall'])
|| $GLOBALS['dbi']->numRows($res) < 50
) {
$html_output .= self::getUsersOverview(
$res, $db_rights, $pmaThemeImage, $text_dir
} else {
$html_output .= self::getAddUserHtmlFieldset();
} // end if (display overview)
$response = Response::getInstance();
if (! $response->isAjax()
|| ! empty($_REQUEST['ajax_page_request'])
) {
if ($GLOBALS['is_reload_priv']) {
$flushnote = new Message(
'Note: phpMyAdmin gets the users’ privileges directly '
. 'from MySQL’s privilege tables. The content of these '
. 'tables may differ from the privileges the server uses, '
. 'if they have been changed manually. In this case, '
. 'you should %sreload the privileges%s before you continue.'
} else {
$flushnote = new Message(
'Note: phpMyAdmin gets the users’ privileges directly '
. 'from MySQL’s privilege tables. The content of these '
. 'tables may differ from the privileges the server uses, '
. 'if they have been changed manually. In this case, '
. 'the privileges have to be reloaded but currently, you '
. 'don\'t have the RELOAD privilege.'
. Util::showMySQLDocu(
$html_output .= $flushnote->getDisplay();
return $html_output;
* Get HTML snippet for display user properties
* @param boolean $dbname_is_wildcard whether database name is wildcard or not
* @param string $url_dbname url database name that urlencode() string
* @param string $username username
* @param string $hostname host name
* @param string $dbname database name
* @param string $tablename table name
* @return string $html_output
public static function getHtmlForUserProperties($dbname_is_wildcard, $url_dbname,
$username, $hostname, $dbname, $tablename
) {
$html_output = '
$html_output .= self::getHtmlHeaderForUserProperties(
$dbname_is_wildcard, $url_dbname, $dbname, $username, $hostname,
$tablename, 'table'
$sql = "SELECT '1' FROM `mysql`.`user`"
. " WHERE `User` = '" . $GLOBALS['dbi']->escapeString($username) . "'"
. " AND `Host` = '" . $GLOBALS['dbi']->escapeString($hostname) . "';";
$user_does_not_exists = (bool) ! $GLOBALS['dbi']->fetchValue($sql);
if ($user_does_not_exists) {
$html_output .= Message::error(
__('The selected user was not found in the privilege table.')
$html_output .= self::getHtmlForLoginInformationFields();
$_params = array(
'username' => $username,
'hostname' => $hostname,
if (! is_array($dbname) && strlen($dbname) > 0) {
$_params['dbname'] = $dbname;
if (strlen($tablename) > 0) {
$_params['tablename'] = $tablename;
} else {
$_params['dbname'] = $dbname;
$html_output .= '' . "\n";
if (! is_array($dbname) && strlen($tablename) === 0
&& empty($dbname_is_wildcard)
) {
// no table name was given, display all table specific rights
// but only if $dbname contains no wildcards
if (strlen($dbname) === 0) {
$html_output .= self::getHtmlForAllTableSpecificRights(
$username, $hostname, 'database'
} else {
// unescape wildcards in dbname at table level
$unescaped_db = Util::unescapeMysqlWildcards($dbname);
$html_output .= self::getHtmlForAllTableSpecificRights(
$username, $hostname, 'table', $unescaped_db
$html_output .= self::getHtmlForAllTableSpecificRights(
$username, $hostname, 'routine', $unescaped_db
// Provide a line with links to the relevant database and table
if (! is_array($dbname) && strlen($dbname) > 0 && empty($dbname_is_wildcard)) {
$html_output .= self::getLinkToDbAndTable($url_dbname, $dbname, $tablename);
if (! is_array($dbname) && strlen($dbname) === 0 && ! $user_does_not_exists) {
//change login information
$html_output .= ChangePassword::getHtml(
$html_output .= self::getChangeLoginInformationHtmlForm($username, $hostname);
$html_output .= '
return $html_output;
* Get queries for Table privileges to change or copy user
* @param string $user_host_condition user host condition to
* select relevant table privileges
* @param array $queries queries array
* @param string $username username
* @param string $hostname host name
* @return array $queries
public static function getTablePrivsQueriesForChangeOrCopyUser($user_host_condition,
array $queries, $username, $hostname
) {
$res = $GLOBALS['dbi']->query(
'SELECT `Db`, `Table_name`, `Table_priv` FROM `mysql`.`tables_priv`'
. $user_host_condition,
while ($row = $GLOBALS['dbi']->fetchAssoc($res)) {
$res2 = $GLOBALS['dbi']->query(
'SELECT `Column_name`, `Column_priv`'
. ' FROM `mysql`.`columns_priv`'
. ' WHERE `User`'
. ' = \'' . $GLOBALS['dbi']->escapeString($_POST['old_username']) . "'"
. ' AND `Host`'
. ' = \'' . $GLOBALS['dbi']->escapeString($_POST['old_username']) . '\''
. ' AND `Db`'
. ' = \'' . $GLOBALS['dbi']->escapeString($row['Db']) . "'"
. ' AND `Table_name`'
. ' = \'' . $GLOBALS['dbi']->escapeString($row['Table_name']) . "'"
. ';',
$tmp_privs1 = self::extractPrivInfo($row);
$tmp_privs2 = array(
'Select' => array(),
'Insert' => array(),
'Update' => array(),
'References' => array()
while ($row2 = $GLOBALS['dbi']->fetchAssoc($res2)) {
$tmp_array = explode(',', $row2['Column_priv']);
if (in_array('Select', $tmp_array)) {
$tmp_privs2['Select'][] = $row2['Column_name'];
if (in_array('Insert', $tmp_array)) {
$tmp_privs2['Insert'][] = $row2['Column_name'];
if (in_array('Update', $tmp_array)) {
$tmp_privs2['Update'][] = $row2['Column_name'];
if (in_array('References', $tmp_array)) {
$tmp_privs2['References'][] = $row2['Column_name'];
if (count($tmp_privs2['Select']) > 0 && ! in_array('SELECT', $tmp_privs1)) {
$tmp_privs1[] = 'SELECT (`' . join('`, `', $tmp_privs2['Select']) . '`)';
if (count($tmp_privs2['Insert']) > 0 && ! in_array('INSERT', $tmp_privs1)) {
$tmp_privs1[] = 'INSERT (`' . join('`, `', $tmp_privs2['Insert']) . '`)';
if (count($tmp_privs2['Update']) > 0 && ! in_array('UPDATE', $tmp_privs1)) {
$tmp_privs1[] = 'UPDATE (`' . join('`, `', $tmp_privs2['Update']) . '`)';
if (count($tmp_privs2['References']) > 0
&& ! in_array('REFERENCES', $tmp_privs1)
) {
= 'REFERENCES (`' . join('`, `', $tmp_privs2['References']) . '`)';
$queries[] = 'GRANT ' . join(', ', $tmp_privs1)
. ' ON ' . Util::backquote($row['Db']) . '.'
. Util::backquote($row['Table_name'])
. ' TO \'' . $GLOBALS['dbi']->escapeString($username)
. '\'@\'' . $GLOBALS['dbi']->escapeString($hostname) . '\''
. (in_array('Grant', explode(',', $row['Table_priv']))
: ';');
return $queries;
* Get queries for database specific privileges for change or copy user
* @param array $queries queries array with string
* @param string $username username
* @param string $hostname host name
* @return array $queries
public static function getDbSpecificPrivsQueriesForChangeOrCopyUser(
array $queries, $username, $hostname
) {
$user_host_condition = ' WHERE `User`'
. ' = \'' . $GLOBALS['dbi']->escapeString($_POST['old_username']) . "'"
. ' AND `Host`'
. ' = \'' . $GLOBALS['dbi']->escapeString($_POST['old_hostname']) . '\';';
$res = $GLOBALS['dbi']->query(
'SELECT * FROM `mysql`.`db`' . $user_host_condition
while ($row = $GLOBALS['dbi']->fetchAssoc($res)) {
$queries[] = 'GRANT ' . join(', ', self::extractPrivInfo($row))
. ' ON ' . Util::backquote($row['Db']) . '.*'
. ' TO \'' . $GLOBALS['dbi']->escapeString($username)
. '\'@\'' . $GLOBALS['dbi']->escapeString($hostname) . '\''
. ($row['Grant_priv'] == 'Y' ? ' WITH GRANT OPTION;' : ';');
$queries = self::getTablePrivsQueriesForChangeOrCopyUser(
$user_host_condition, $queries, $username, $hostname
return $queries;
* Prepares queries for adding users and
* also create database and return query and message
* @param boolean $_error whether user create or not
* @param string $real_sql_query SQL query for add a user
* @param string $sql_query SQL query to be displayed
* @param string $username username
* @param string $hostname host name
* @param string $dbname database name
* @param string $alter_real_sql_query SQL query for ALTER USER
* @param string $alter_sql_query SQL query for ALTER USER to be displayed
* @return array $sql_query, $message
public static function addUserAndCreateDatabase(
) {
if ($_error || (!empty($real_sql_query)
&& !$GLOBALS['dbi']->tryQuery($real_sql_query))
) {
$_POST['createdb-1'] = $_POST['createdb-2']
= $_POST['createdb-3'] = null;
$message = Message::rawError($GLOBALS['dbi']->getError());
} elseif ($alter_real_sql_query !== '' && !$GLOBALS['dbi']->tryQuery($alter_real_sql_query)) {
$_POST['createdb-1'] = $_POST['createdb-2']
= $_POST['createdb-3'] = null;
$message = Message::rawError($GLOBALS['dbi']->getError());
} else {
$sql_query .= $alter_sql_query;
$message = Message::success(__('You have added a new user.'));
if (isset($_POST['createdb-1'])) {
// Create database with same name and grant all privileges
. Util::backquote(
) . ';';
$sql_query .= $q;
if (! $GLOBALS['dbi']->tryQuery($q)) {
$message = Message::rawError($GLOBALS['dbi']->getError());
* Reload the navigation
$GLOBALS['reload'] = true;
$GLOBALS['db'] = $username;
. Util::backquote(
) . '.* TO \''
. $GLOBALS['dbi']->escapeString($username)
. '\'@\'' . $GLOBALS['dbi']->escapeString($hostname) . '\';';
$sql_query .= $q;
if (! $GLOBALS['dbi']->tryQuery($q)) {
$message = Message::rawError($GLOBALS['dbi']->getError());
if (isset($_POST['createdb-2'])) {
// Grant all privileges on wildcard name (username\_%)
. Util::backquote(
) . '\_%'
) . '.* TO \''
. $GLOBALS['dbi']->escapeString($username)
. '\'@\'' . $GLOBALS['dbi']->escapeString($hostname) . '\';';
$sql_query .= $q;
if (! $GLOBALS['dbi']->tryQuery($q)) {
$message = Message::rawError($GLOBALS['dbi']->getError());
if (isset($_POST['createdb-3'])) {
// Grant all privileges on the specified database to the new user
. Util::backquote(
) . '.* TO \''
. $GLOBALS['dbi']->escapeString($username)
. '\'@\'' . $GLOBALS['dbi']->escapeString($hostname) . '\';';
$sql_query .= $q;
if (! $GLOBALS['dbi']->tryQuery($q)) {
$message = Message::rawError($GLOBALS['dbi']->getError());
return array($sql_query, $message);
* Get the hashed string for password
* @param string $password password
* @return string $hashedPassword
public static function getHashedPassword($password)
$password = $GLOBALS['dbi']->escapeString($password);
$result = $GLOBALS['dbi']->fetchSingleRow(
"SELECT PASSWORD('" . $password . "') AS `password`;"
$hashedPassword = $result['password'];
return $hashedPassword;
* Check if MariaDB's 'simple_password_check'
* OR 'cracklib_password_check' is ACTIVE
* @return boolean if atleast one of the plugins is ACTIVE
public static function checkIfMariaDBPwdCheckPluginActive()
$serverVersion = $GLOBALS['dbi']->getVersion();
if (!(Util::getServerType() == 'MariaDB' && $serverVersion >= 100002)) {
return false;
$result = $GLOBALS['dbi']->tryQuery(
'SHOW PLUGINS SONAME LIKE \'%_password_check%\''
/* Plugins are not working, for example directory does not exists */
if ($result === false) {
return false;
while ($row = $GLOBALS['dbi']->fetchAssoc($result)) {
if ($row['Status'] === 'ACTIVE') {
return true;
return false;
* Get SQL queries for Display and Add user
* @param string $username username
* @param string $hostname host name
* @param string $password password
* @return array ($create_user_real, $create_user_show, $real_sql_query, $sql_query
* $password_set_real, $password_set_show, $alter_real_sql_query, $alter_sql_query)
public static function getSqlQueriesForDisplayAndAddUser($username, $hostname, $password)
$slashedUsername = $GLOBALS['dbi']->escapeString($username);
$slashedHostname = $GLOBALS['dbi']->escapeString($hostname);
$slashedPassword = $GLOBALS['dbi']->escapeString($password);
$serverType = Util::getServerType();
$serverVersion = $GLOBALS['dbi']->getVersion();
$create_user_stmt = sprintf(
'CREATE USER \'%s\'@\'%s\'',
$isMariaDBPwdPluginActive = self::checkIfMariaDBPwdCheckPluginActive();
// See https://github.com/phpmyadmin/phpmyadmin/pull/11560#issuecomment-147158219
// for details regarding details of syntax usage for various versions
// 'IDENTIFIED WITH auth_plugin'
// is supported by MySQL 5.5.7+
if (($serverType == 'MySQL' || $serverType == 'Percona Server')
&& $serverVersion >= 50507
&& isset($_POST['authentication_plugin'])
) {
$create_user_stmt .= ' IDENTIFIED WITH '
. $_POST['authentication_plugin'];
// 'IDENTIFIED VIA auth_plugin'
// is supported by MariaDB 5.2+
if ($serverType == 'MariaDB'
&& $serverVersion >= 50200
&& isset($_POST['authentication_plugin'])
&& ! $isMariaDBPwdPluginActive
) {
$create_user_stmt .= ' IDENTIFIED VIA '
. $_POST['authentication_plugin'];
$create_user_real = $create_user_show = $create_user_stmt;
$password_set_stmt = 'SET PASSWORD FOR \'%s\'@\'%s\' = \'%s\'';
$password_set_show = sprintf(
$sql_query_stmt = sprintf(
'GRANT %s ON *.* TO \'%s\'@\'%s\'',
join(', ', self::extractPrivInfo()),
$real_sql_query = $sql_query = $sql_query_stmt;
// Set the proper hashing method
if (isset($_POST['authentication_plugin'])) {
// Use 'CREATE USER ... WITH ... AS ..' syntax for
// newer MySQL versions
// and 'CREATE USER ... VIA .. USING ..' syntax for
// newer MariaDB versions
if ((($serverType == 'MySQL' || $serverType == 'Percona Server')
&& $serverVersion >= 50706)
|| ($serverType == 'MariaDB'
&& $serverVersion >= 50200)
) {
$password_set_real = null;
// Required for binding '%' with '%s'
$create_user_stmt = str_replace(
'%', '%%', $create_user_stmt
// MariaDB uses 'USING' whereas MySQL uses 'AS'
// but MariaDB with validation plugin needs cleartext password
if ($serverType == 'MariaDB'
&& ! $isMariaDBPwdPluginActive
) {
$create_user_stmt .= ' USING \'%s\'';
} elseif ($serverType == 'MariaDB') {
$create_user_stmt .= ' IDENTIFIED BY \'%s\'';
} elseif (($serverType == 'MySQL' || $serverType == 'Percona Server') && $serverVersion >= 80011) {
$create_user_stmt .= ' BY \'%s\'';
} else {
$create_user_stmt .= ' AS \'%s\'';
if ($_POST['pred_password'] == 'keep') {
$create_user_real = sprintf(
$create_user_show = sprintf(
} elseif ($_POST['pred_password'] == 'none') {
$create_user_real = sprintf(
$create_user_show = sprintf(
} else {
if (! (($serverType == 'MariaDB' && $isMariaDBPwdPluginActive)
|| ($serverType == 'MySQL' || $serverType == 'Percona Server') && $serverVersion >= 80011)) {
$hashedPassword = self::getHashedPassword($_POST['pma_pw']);
} else {
// MariaDB with validation plugin needs cleartext password
$hashedPassword = $_POST['pma_pw'];
$create_user_real = sprintf(
$create_user_show = sprintf(
} else {
// Use 'SET PASSWORD' syntax for pre-5.7.6 MySQL versions
// and pre-5.2.0 MariaDB versions
if ($_POST['pred_password'] == 'keep') {
$password_set_real = sprintf(
} elseif ($_POST['pred_password'] == 'none') {
$password_set_real = sprintf(
} else {
$hashedPassword = self::getHashedPassword($_POST['pma_pw']);
$password_set_real = sprintf(
$alter_real_sql_query = '';
$alter_sql_query = '';
if (($serverType == 'MySQL' || $serverType == 'Percona Server') && $serverVersion >= 80011) {
$sql_query_stmt = '';
if ((isset($_POST['Grant_priv']) && $_POST['Grant_priv'] == 'Y')
|| (isset($GLOBALS['Grant_priv']) && $GLOBALS['Grant_priv'] == 'Y')
) {
$sql_query_stmt = ' WITH GRANT OPTION';
$real_sql_query .= $sql_query_stmt;
$sql_query .= $sql_query_stmt;
$alter_sql_query_stmt = sprintf(
'ALTER USER \'%s\'@\'%s\'',
$alter_real_sql_query = $alter_sql_query_stmt;
$alter_sql_query = $alter_sql_query_stmt;
// add REQUIRE clause
$require_clause = self::getRequireClause();
$with_clause = self::getWithClauseForAddUserAndUpdatePrivs();
if (($serverType == 'MySQL' || $serverType == 'Percona Server') && $serverVersion >= 80011) {
$alter_real_sql_query .= $require_clause;
$alter_sql_query .= $require_clause;
$alter_real_sql_query .= $with_clause;
$alter_sql_query .= $with_clause;
} else {
$real_sql_query .= $require_clause;
$sql_query .= $require_clause;
$real_sql_query .= $with_clause;
$sql_query .= $with_clause;
if (isset($create_user_real)) {
$create_user_real .= ';';
$create_user_show .= ';';
if ($alter_real_sql_query !== '') {
$alter_real_sql_query .= ';';
$alter_sql_query .= ';';
$real_sql_query .= ';';
$sql_query .= ';';
// No Global GRANT_OPTION privilege
if (!$GLOBALS['is_grantuser']) {
$real_sql_query = '';
$sql_query = '';
// Use 'SET PASSWORD' for pre-5.7.6 MySQL versions
// and pre-5.2.0 MariaDB
if (($serverType == 'MySQL'
&& $serverVersion >= 50706)
|| ($serverType == 'MariaDB'
&& $serverVersion >= 50200)
) {
$password_set_real = null;
$password_set_show = null;
} else {
if ($password_set_real !== null) {
$password_set_real .= ";";
$password_set_show .= ";";
return array(
* Returns the type ('PROCEDURE' or 'FUNCTION') of the routine
* @param string $dbname database
* @param string $routineName routine
* @return string type
public static function getRoutineType($dbname, $routineName)
$routineData = $GLOBALS['dbi']->getRoutines($dbname);
foreach ($routineData as $routine) {
if ($routine['name'] === $routineName) {
return $routine['type'];
return '';