| 250 |
kaklik |
1 |
<?php |
|
|
2 |
/* $Id: display_create_table.lib.php,v 1.9 2006/01/19 17:12:12 lem9 Exp $ */ |
|
|
3 |
// vim: expandtab sw=4 ts=4 sts=4: |
|
|
4 |
|
|
|
5 |
// Displays form for creating a table (if user has privileges for that) |
|
|
6 |
|
|
|
7 |
require_once('./libraries/check_user_privileges.lib.php'); |
|
|
8 |
|
|
|
9 |
// for MySQL >= 4.1.0, we should be able to detect if user has a CREATE |
|
|
10 |
// privilege by looking at SHOW GRANTS output; |
|
|
11 |
// for < 4.1.0, it could be more difficult because the logic tries to |
|
|
12 |
// detect the current host and it might be expressed in many ways; also |
|
|
13 |
// on a shared server, the user might be unable to define a controluser |
|
|
14 |
// that has the proper rights to the "mysql" db; |
|
|
15 |
// so we give up and assume that user has the right to create a table |
|
|
16 |
// |
|
|
17 |
// Note: in this case we could even skip the following "foreach" logic |
|
|
18 |
|
|
|
19 |
// Addendum, 2006-01-19: ok, I give up. We got some reports about servers |
|
|
20 |
// where the hostname field in mysql.user is not the same as the one |
|
|
21 |
// in mysql.db for a user. In this case, SHOW GRANTS does not return |
|
|
22 |
// the db-specific privileges. And probably, those users are on a shared |
|
|
23 |
// server, so can't set up a control user with rights to the "mysql" db. |
|
|
24 |
// We cannot reliably detect the db-specific privileges, so no more |
|
|
25 |
// warnings about the lack of privileges for CREATE TABLE. Tested |
|
|
26 |
// on MySQL 5.0.18. |
|
|
27 |
|
|
|
28 |
$is_create_table_priv = true; |
|
|
29 |
|
|
|
30 |
/* |
|
|
31 |
if (PMA_MYSQL_INT_VERSION >= 40100) { |
|
|
32 |
$is_create_table_priv = false; |
|
|
33 |
} else { |
|
|
34 |
$is_create_table_priv = true; |
|
|
35 |
} |
|
|
36 |
|
|
|
37 |
foreach ( $dbs_where_create_table_allowed as $allowed_db ) { |
|
|
38 |
|
|
|
39 |
// if we find the exact db name, we stop here |
|
|
40 |
if ($allowed_db == $db) { |
|
|
41 |
$is_create_table_priv = TRUE; |
|
|
42 |
break; |
|
|
43 |
} |
|
|
44 |
|
|
|
45 |
// '*' indicates a global CREATE priv |
|
|
46 |
if ($allowed_db == '*') { |
|
|
47 |
$is_create_table_priv = TRUE; |
|
|
48 |
break; |
|
|
49 |
} |
|
|
50 |
|
|
|
51 |
if (ereg('%|_', $allowed_db)) { |
|
|
52 |
// take care of wildcards and escaped wildcards, |
|
|
53 |
// transforming them into regexp patterns |
|
|
54 |
$max_position = strlen($allowed_db) - 1; |
|
|
55 |
$i = 0; |
|
|
56 |
$pattern = ''; |
|
|
57 |
while ($i <= $max_position) { |
|
|
58 |
if ($allowed_db[$i] == '\\'){ |
|
|
59 |
if ($i < $max_position - 1 && $allowed_db[$i+1] == '_'){ |
|
|
60 |
$chunk = '_'; |
|
|
61 |
$i++; |
|
|
62 |
} elseif ($i < $max_position - 1 && $allowed_db[$i+1] == '%'){ |
|
|
63 |
$chunk = '%'; |
|
|
64 |
$i++; |
|
|
65 |
} else { |
|
|
66 |
$chunk = $allowed_db[$i]; |
|
|
67 |
} |
|
|
68 |
} elseif ($allowed_db[$i] == '_'){ |
|
|
69 |
$chunk = '.'; |
|
|
70 |
} elseif ($allowed_db[$i] == '%'){ |
|
|
71 |
$chunk = '(.)*'; |
|
|
72 |
} else { |
|
|
73 |
$chunk = $allowed_db[$i]; |
|
|
74 |
} |
|
|
75 |
$pattern .= $chunk; |
|
|
76 |
$i++; |
|
|
77 |
} // end while |
|
|
78 |
unset($i, $max_position, $chunk); |
|
|
79 |
|
|
|
80 |
$matches = ''; |
|
|
81 |
if (preg_match('@' .$pattern . '@i', $db, $matches)) { |
|
|
82 |
if ($matches[0] == $db) { |
|
|
83 |
$is_create_table_priv = TRUE; |
|
|
84 |
break; |
|
|
85 |
//TODO: maybe receive in $allowed_db also the db names |
|
|
86 |
// on which we cannot CREATE, and check them |
|
|
87 |
// in this foreach, because if a user is allowed to CREATE |
|
|
88 |
// on db foo% but forbidden on db foobar, he should not |
|
|
89 |
// see the Create table dialog |
|
|
90 |
} |
|
|
91 |
} |
|
|
92 |
} |
|
|
93 |
} // end foreach |
|
|
94 |
unset($i, $max_position, $chunk, $pattern); |
|
|
95 |
*/ |
|
|
96 |
?> |
|
|
97 |
<form method="post" action="tbl_create.php" |
|
|
98 |
onsubmit="return (emptyFormElements(this, 'table') && checkFormElementInRange(this, 'num_fields', '<?php echo str_replace('\'', '\\\'', $GLOBALS['strInvalidFieldCount']); ?>', 1))"> |
|
|
99 |
<fieldset> |
|
|
100 |
<legend> |
|
|
101 |
<?php |
|
|
102 |
if ( $GLOBALS['cfg']['PropertiesIconic'] ) { |
|
|
103 |
echo '<img class="icon" src="' . $pmaThemeImage . 'b_newtbl.png" width="16" height="16" alt="" />'; |
|
|
104 |
} |
|
|
105 |
echo sprintf( $strCreateNewTable, PMA_getDbLink() ); |
|
|
106 |
?> |
|
|
107 |
</legend> |
|
|
108 |
<?php if ( $is_create_table_priv ) { ?> |
|
|
109 |
<?php echo PMA_generate_common_hidden_inputs( $db ); ?> |
|
|
110 |
<div class="formelement"> |
|
|
111 |
<?php echo $strName; ?>: |
|
|
112 |
<input type="text" name="table" maxlength="64" size="30" /> |
|
|
113 |
</div> |
|
|
114 |
<div class="formelement"> |
|
|
115 |
<?php echo $strNumberOfFields; ?>: |
|
|
116 |
<input type="text" name="num_fields" size="2" /> |
|
|
117 |
</div> |
|
|
118 |
<div class="clearfloat"></div> |
|
|
119 |
</fieldset> |
|
|
120 |
<fieldset class="tblFooters"> |
|
|
121 |
<input type="submit" value="<?php echo $strGo; ?>" /> |
|
|
122 |
<?php } else { ?> |
|
|
123 |
<div class="error"><?php echo $strNoPrivileges; ?></div> |
|
|
124 |
<?php } // end if else ?> |
|
|
125 |
</fieldset> |
|
|
126 |
</form> |