Home Explore Help
Sign In
hanzhengyi
/
usky-website
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
usky-website
/
web
/
pa
/
server_privileges.php

server_privileges.php 16 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490 
  1. <?php
    2. 

  2. /* vim: set expandtab sw=4 ts=4 sts=4: */
    3. 

  3. /**
    4. 

  4.  *
    5. 

  5.  * @package PhpMyAdmin
    6. 

  6.  */
    7. 

  7. 

  8. /**
    9. 

  9.  *
    10. 

  10.  */
    11. 

  11. require_once 'libraries/common.inc.php';
    12. 

  12. 

  13. /**
    14. 

  14.  * functions implementation for this script
    15. 

  15.  */
    16. 

  16. require_once 'libraries/display_change_password.lib.php';
    17. 

  17. require_once 'libraries/server_privileges.lib.php';
    18. 

  18. 

  19. /**
    20. 

  20.  * Does the common work
    21. 

  21.  */
    22. 

  22. $response = PMA_Response::getInstance();
    23. 

  23. $header   = $response->getHeader();
    24. 

  24. $scripts  = $header->getScripts();
    25. 

  25. $scripts->addFile('server_privileges.js');
    26. 

  26. 

  27. $_add_user_error = false;
    28. 

  28. 

  29. if (isset ($_REQUEST['username'])) {
    30. 

  30.     $username = $_REQUEST['username'];
    31. 

  31. }
    32. 

  32. if (isset ($_REQUEST['hostname'])) {
    33. 

  33.     $hostname = $_REQUEST['hostname'];
    34. 

  34. }
    35. 

  35. 

  36. /**
    37. 

  37.  * Sets globals from $_POST patterns, for privileges and max_* vars
    38. 

  38.  */
    39. 

  39. 

  40. $post_patterns = array(
    41. 

  41.     '/_priv$/i',
    42. 

  42.     '/^max_/i'
    43. 

  43. );
    44. 

  44. foreach (array_keys($_POST) as $post_key) {
    45. 

  45.     foreach ($post_patterns as $one_post_pattern) {
    46. 

  46.         if (preg_match($one_post_pattern, $post_key)) {
    47. 

  47.             $GLOBALS[$post_key] = $_POST[$post_key];
    48. 

  48.         }
    49. 

  49.     }
    50. 

  50. }
    51. 

  51. 

  52. require 'libraries/server_common.inc.php';
    53. 

  53. 

  54. $conditional_class = 'ajax';
    55. 

  55. 

  56. /**
    57. 

  57.  * Messages are built using the message name
    58. 

  58.  */
    59. 

  59. $strPrivDescAllPrivileges = __('Includes all privileges except GRANT.');
    60. 

  60. $strPrivDescAlter = __('Allows altering the structure of existing tables.');
    61. 

  61. $strPrivDescAlterRoutine = __('Allows altering and dropping stored routines.');
    62. 

  62. $strPrivDescCreateDb = __('Allows creating new databases and tables.');
    63. 

  63. $strPrivDescCreateRoutine = __('Allows creating stored routines.');
    64. 

  64. $strPrivDescCreateTbl = __('Allows creating new tables.');
    65. 

  65. $strPrivDescCreateTmpTable = __('Allows creating temporary tables.');
    66. 

  66. $strPrivDescCreateUser = __('Allows creating, dropping and renaming user accounts.');
    67. 

  67. $strPrivDescCreateView = __('Allows creating new views.');
    68. 

  68. $strPrivDescDelete = __('Allows deleting data.');
    69. 

  69. $strPrivDescDropDb = __('Allows dropping databases and tables.');
    70. 

  70. $strPrivDescDropTbl = __('Allows dropping tables.');
    71. 

  71. $strPrivDescEvent = __('Allows to set up events for the event scheduler');
    72. 

  72. $strPrivDescExecute = __('Allows executing stored routines.');
    73. 

  73. $strPrivDescFile = __('Allows importing data from and exporting data into files.');
    74. 

  74. $strPrivDescGrant = __('Allows adding users and privileges without reloading the privilege tables.');
    75. 

  75. $strPrivDescIndex = __('Allows creating and dropping indexes.');
    76. 

  76. $strPrivDescInsert = __('Allows inserting and replacing data.');
    77. 

  77. $strPrivDescLockTables = __('Allows locking tables for the current thread.');
    78. 

  78. $strPrivDescMaxConnections = __('Limits the number of new connections the user may open per hour.');
    79. 

  79. $strPrivDescMaxQuestions = __('Limits the number of queries the user may send to the server per hour.');
    80. 

  80. $strPrivDescMaxUpdates = __('Limits the number of commands that change any table or database the user may execute per hour.');
    81. 

  81. $strPrivDescMaxUserConnections = __('Limits the number of simultaneous connections the user may have.');
    82. 

  82. $strPrivDescProcess = __('Allows viewing processes of all users');
    83. 

  83. $strPrivDescReferences = __('Has no effect in this MySQL version.');
    84. 

  84. $strPrivDescReload = __('Allows reloading server settings and flushing the server\'s caches.');
    85. 

  85. $strPrivDescReplClient = __('Allows the user to ask where the slaves / masters are.');
    86. 

  86. $strPrivDescReplSlave = __('Needed for the replication slaves.');
    87. 

  87. $strPrivDescSelect = __('Allows reading data.');
    88. 

  88. $strPrivDescShowDb = __('Gives access to the complete list of databases.');
    89. 

  89. $strPrivDescShowView = __('Allows performing SHOW CREATE VIEW queries.');
    90. 

  90. $strPrivDescShutdown = __('Allows shutting down the server.');
    91. 

  91. $strPrivDescSuper = __('Allows connecting, even if maximum number of connections is reached; required for most administrative operations like setting global variables or killing threads of other users.');
    92. 

  92. $strPrivDescTrigger = __('Allows creating and dropping triggers');
    93. 

  93. $strPrivDescUpdate = __('Allows changing data.');
    94. 

  94. $strPrivDescUsage = __('No privileges.');
    95. 

  95. 

  96. /**
    97. 

  97.  * Checks if a dropdown box has been used for selecting a database / table
    98. 

  98.  */
    99. 

  99. if (PMA_isValid($_REQUEST['pred_tablename'])) {
    100. 

  100.     $tablename = $_REQUEST['pred_tablename'];
    101. 

  101. } elseif (PMA_isValid($_REQUEST['tablename'])) {
    102. 

  102.     $tablename = $_REQUEST['tablename'];
    103. 

  103. } else {
    104. 

  104.     unset($tablename);
    105. 

  105. }
    106. 

  106. 

  107. if (PMA_isValid($_REQUEST['pred_dbname'])) {
    108. 

  108.     $dbname = $_REQUEST['pred_dbname'];
    109. 

  109.     unset($pred_dbname);
    110. 

  110. } elseif (PMA_isValid($_REQUEST['dbname'])) {
    111. 

  111.     $dbname = $_REQUEST['dbname'];
    112. 

  112. } else {
    113. 

  113.     unset($dbname);
    114. 

  114.     unset($tablename);
    115. 

  115. }
    116. 

  116. 

  117. if (isset($dbname)) {
    118. 

  118.     $unescaped_db = PMA_Util::unescapeMysqlWildcards($dbname);
    119. 

  119.     $db_and_table = PMA_Util::backquote($unescaped_db) . '.';
    120. 

  120.     if (isset($tablename)) {
    121. 

  121.         $db_and_table .= PMA_Util::backquote($tablename);
    122. 

  122.     } else {
    123. 

  123.         $db_and_table .= '*';
    124. 

  124.     }
    125. 

  125. } else {
    126. 

  126.     $db_and_table = '*.*';
    127. 

  127. }
    128. 

  128. 

  129. // check if given $dbname is a wildcard or not
    130. 

  130. if (isset($dbname)) {
    131. 

  131.     //if (preg_match('/\\\\(?:_|%)/i', $dbname)) {
    132. 

  132.     if (preg_match('/(?<!\\\\)(?:_|%)/i', $dbname)) {
    133. 

  133.         $dbname_is_wildcard = true;
    134. 

  134.     } else {
    135. 

  135.         $dbname_is_wildcard = false;
    136. 

  136.     }
    137. 

  137. }
    138. 

  138. 

  139. /**
    140. 

  140.  * Checks if the user is allowed to do what he tries to...
    141. 

  141.  */
    142. 

  142. if (! $is_superuser) {
    143. 

  143.     $response->addHTML(
    144. 

  144.         '<h2>' . "\n"
    145. 

  145.         . PMA_Util::getIcon('b_usrlist.png')
    146. 

  146.         . __('Privileges') . "\n"
    147. 

  147.         . '</h2>' . "\n"
    148. 

  148.     );
    149. 

  149.     $response->addHTML(PMA_Message::error(__('No Privileges'))->getDisplay());
    150. 

  150.     exit;
    151. 

  151. }
    152. 

  152. 

  153. /**
    154. 

  154.  * Changes / copies a user, part I
    155. 

  155.  */
    156. 

  156. if (isset($_REQUEST['change_copy'])) {
    157. 

  157.     $user_host_condition = ' WHERE `User` = '
    158. 

  158.         . "'". PMA_Util::sqlAddSlashes($_REQUEST['old_username']) . "'"
    159. 

  159.         . ' AND `Host` = '
    160. 

  160.         . "'" . PMA_Util::sqlAddSlashes($_REQUEST['old_hostname']) . "';";
    161. 

  161.     $row = PMA_DBI_fetch_single_row(
    162. 

  162.         'SELECT * FROM `mysql`.`user` ' . $user_host_condition
    163. 

  163.     );
    164. 

  164.     if (! $row) {
    165. 

  165.         PMA_Message::notice(__('No user found.'))->display();
    166. 

  166.         unset($_REQUEST['change_copy']);
    167. 

  167.     } else {
    168. 

  168.         extract($row, EXTR_OVERWRITE);
    169. 

  169.         // Recent MySQL versions have the field "Password" in mysql.user,
    170. 

  170.         // so the previous extract creates $Password but this script
    171. 

  171.         // uses $password
    172. 

  172.         if (! isset($password) && isset($Password)) {
    173. 

  173.             $password = $Password;
    174. 

  174.         }
    175. 

  175.         $queries = array();
    176. 

  176.     }
    177. 

  177. }
    178. 

  178. 

  179. /**
    180. 

  180.  * Adds a user
    181. 

  181.  *   (Changes / copies a user, part II)
    182. 

  182.  */
    183. 

  183. if (isset($_REQUEST['adduser_submit']) || isset($_REQUEST['change_copy'])) {
    184. 

  184.     $sql_query = '';
    185. 

  185.     if ($_POST['pred_username'] == 'any') {
    186. 

  186.         $username = '';
    187. 

  187.     }
    188. 

  188.     switch ($_POST['pred_hostname']) {
    189. 

  189.     case 'any':
    190. 

  190.         $hostname = '%';
    191. 

  191.         break;
    192. 

  192.     case 'localhost':
    193. 

  193.         $hostname = 'localhost';
    194. 

  194.         break;
    195. 

  195.     case 'hosttable':
    196. 

  196.         $hostname = '';
    197. 

  197.         break;
    198. 

  198.     case 'thishost':
    199. 

  199.         $_user_name = PMA_DBI_fetch_value('SELECT USER()');
    200. 

  200.         $hostname = substr($_user_name, (strrpos($_user_name, '@') + 1));
    201. 

  201.         unset($_user_name);
    202. 

  202.         break;
    203. 

  203.     }
    204. 

  204.     $sql = "SELECT '1' FROM `mysql`.`user`"
    205. 

  205.         . " WHERE `User` = '" . PMA_Util::sqlAddSlashes($username) . "'"
    206. 

  206.         . " AND `Host` = '" . PMA_Util::sqlAddSlashes($hostname) . "';";
    207. 

  207.     if (PMA_DBI_fetch_value($sql) == 1) {
    208. 

  208.         $message = PMA_Message::error(__('The user %s already exists!'));
    209. 

  209.         $message->addParam('[em]\'' . $username . '\'@\'' . $hostname . '\'[/em]');
    210. 

  210.         $_REQUEST['adduser'] = true;
    211. 

  211.         $_add_user_error = true;
    212. 

  212.     } else {
    213. 

  213.         list($create_user_real, $create_user_show, $real_sql_query, $sql_query)
    214. 

  214.             = PMA_getSqlQueriesForDisplayAndAddUser(
    215. 

  215.                 $username, $hostname, (isset ($password) ? $password : '')
    216. 

  216.             );
    217. 

  217. 

  218.         if (empty($_REQUEST['change_copy'])) {
    219. 

  219.             $_error = false;
    220. 

  220. 

  221.             if (isset($create_user_real)) {
    222. 

  222.                 if (! PMA_DBI_try_query($create_user_real)) {
    223. 

  223.                     $_error = true;
    224. 

  224.                 }
    225. 

  225.                 $sql_query = $create_user_show . $sql_query;
    226. 

  226.             }
    227. 

  227.             list($sql_query, $message) = PMA_addUserAndCreateDatabase(
    228. 

  228.                 $_error, $real_sql_query, $sql_query, $username, $hostname,
    229. 

  229.                 isset($dbname) ? $dbname : null
    230. 

  230.             );
    231. 

  231. 

  232.         } else {
    233. 

  233.             if (isset($create_user_real)) {
    234. 

  234.                 $queries[] = $create_user_real;
    235. 

  235.             }
    236. 

  236.             $queries[] = $real_sql_query;
    237. 

  237.             // we put the query containing the hidden password in
    238. 

  238.             // $queries_for_display, at the same position occupied
    239. 

  239.             // by the real query in $queries
    240. 

  240.             $tmp_count = count($queries);
    241. 

  241.             if (isset($create_user_real)) {
    242. 

  242.                 $queries_for_display[$tmp_count - 2] = $create_user_show;
    243. 

  243.             }
    244. 

  244.             $queries_for_display[$tmp_count - 1] = $sql_query;
    245. 

  245.         }
    246. 

  246.         unset($res, $real_sql_query);
    247. 

  247.     }
    248. 

  248. }
    249. 

  249. 

  250. /**
    251. 

  251.  * Changes / copies a user, part III
    252. 

  252.  */
    253. 

  253. if (isset($_REQUEST['change_copy'])) {
    254. 

  254.     $queries = PMA_getDbSpecificPrivsQueriesForChangeOrCopyUser(
    255. 

  255.         $queries, $username, $hostname
    256. 

  256.     );
    257. 

  257. }
    258. 

  258. 

  259. /**
    260. 

  260.  * Updates privileges
    261. 

  261.  */
    262. 

  262. if (! empty($_POST['update_privs'])) {
    263. 

  263.     list($sql_query, $message) = PMA_updatePrivileges(
    264. 

  264.         $username,
    265. 

  265.         $hostname,
    266. 

  266.         (isset($tablename) ? $tablename : ''),
    267. 

  267.         (isset($dbname) ? $dbname : '')
    268. 

  268.     );
    269. 

  269. }
    270. 

  270. 

  271. /**
    272. 

  272.  * Revokes Privileges
    273. 

  273.  */
    274. 

  274. if (isset($_REQUEST['revokeall'])) {
    275. 

  275.     list ($message, $sql_query) = PMA_getMessageAndSqlQueryForPrivilegesRevoke(
    276. 

  276.         $db_and_table,
    277. 

  277.         (isset($dbname) ? $dbname : ''),
    278. 

  278.         (isset($tablename) ? $tablename : ''),
    279. 

  279.         $username, $hostname
    280. 

  280.     );
    281. 

  281. }
    282. 

  282. 

  283. /**
    284. 

  284.  * Updates the password
    285. 

  285.  */
    286. 

  286. if (isset($_REQUEST['change_pw'])) {
    287. 

  287.     $message = PMA_getMessageForUpdatePassword(
    288. 

  288.         $err_url, $username, $hostname
    289. 

  289.     );
    290. 

  290. }
    291. 

  291. 

  292. /**
    293. 

  293.  * Deletes users
    294. 

  294.  *   (Changes / copies a user, part IV)
    295. 

  295.  */
    296. 

  296. if (isset($_REQUEST['delete'])
    297. 

  297.     || (isset($_REQUEST['change_copy']) && $_REQUEST['mode'] < 4)
    298. 

  298. ) {
    299. 

  299.     if (isset($_REQUEST['change_copy'])) {
    300. 

  300.         $selected_usr = array(
    301. 

  301.             $_REQUEST['old_username'] . '&amp;#27;' . $_REQUEST['old_hostname']
    302. 

  302.         );
    303. 

  303.     } else {
    304. 

  304.         $selected_usr = $_REQUEST['selected_usr'];
    305. 

  305.         $queries = array();
    306. 

  306.     }
    307. 

  307.     foreach ($selected_usr as $each_user) {
    308. 

  308.         list($this_user, $this_host) = explode('&amp;#27;', $each_user);
    309. 

  309.         $queries[] = '# '
    310. 

  310.             . sprintf(
    311. 

  311.                 __('Deleting %s'),
    312. 

  312.                 '\'' . $this_user . '\'@\'' . $this_host . '\''
    313. 

  313.             )
    314. 

  314.             . ' ...';
    315. 

  315.         $queries[] = 'DROP USER \''
    316. 

  316.             . PMA_Util::sqlAddSlashes($this_user)
    317. 

  317.             . '\'@\'' . PMA_Util::sqlAddSlashes($this_host) . '\';';
    318. 

  318. 

  319.         if (isset($_REQUEST['drop_users_db'])) {
    320. 

  320.             $queries[] = 'DROP DATABASE IF EXISTS '
    321. 

  321.                 . PMA_Util::backquote($this_user) . ';';
    322. 

  322.             $GLOBALS['reload'] = true;
    323. 

  323.         }
    324. 

  324.     }
    325. 

  325.     if (empty($_REQUEST['change_copy'])) {
    326. 

  326.         list($sql_query, $message) = PMA_deleteUser($queries);
    327. 

  327.     }
    328. 

  328. }
    329. 

  329. 

  330. /**
    331. 

  331.  * Changes / copies a user, part V
    332. 

  332.  */
    333. 

  333. if (isset($_REQUEST['change_copy'])) {
    334. 

  334.     $tmp_count = 0;
    335. 

  335.     foreach ($queries as $sql_query) {
    336. 

  336.         if ($sql_query{0} != '#') {
    337. 

  337.             PMA_DBI_query($sql_query);
    338. 

  338.         }
    339. 

  339.         // when there is a query containing a hidden password, take it
    340. 

  340.         // instead of the real query sent
    341. 

  341.         if (isset($queries_for_display[$tmp_count])) {
    342. 

  342.             $queries[$tmp_count] = $queries_for_display[$tmp_count];
    343. 

  343.         }
    344. 

  344.         $tmp_count++;
    345. 

  345.     }
    346. 

  346.     $message = PMA_Message::success();
    347. 

  347.     $sql_query = join("\n", $queries);
    348. 

  348. }
    349. 

  349. 

  350. /**
    351. 

  351.  * Reloads the privilege tables into memory
    352. 

  352.  */
    353. 

  353. if (isset($_REQUEST['flush_privileges'])) {
    354. 

  354.     $sql_query = 'FLUSH PRIVILEGES;';
    355. 

  355.     PMA_DBI_query($sql_query);
    356. 

  356.     $message = PMA_Message::success(__('The privileges were reloaded successfully.'));
    357. 

  357. }
    358. 

  358. 

  359. /**
    360. 

  360.  * some standard links
    361. 

  361.  */
    362. 

  362. list($link_edit, $link_revoke, $link_export)
    363. 

  363.     = PMA_getStandardLinks($conditional_class);
    364. 

  364. 

  365. /**
    366. 

  366.  * If we are in an Ajax request for Create User/Edit User/Revoke User/
    367. 

  367.  * Flush Privileges, show $message and exit.
    368. 

  368.  */
    369. 

  369. if ($GLOBALS['is_ajax_request']
    370. 

  370.     && empty($_REQUEST['ajax_page_request'])
    371. 

  371.     && ! isset($_REQUEST['export'])
    372. 

  372.     && (! isset($_REQUEST['submit_mult']) || $_REQUEST['submit_mult'] != 'export')
    373. 

  373.     && (! isset($_REQUEST['adduser']) || $_add_user_error)
    374. 

  374.     && (! isset($_REQUEST['initial']) || empty($_REQUEST['initial']))
    375. 

  375.     && ! isset($_REQUEST['showall'])
    376. 

  376.     && ! isset($_REQUEST['edit_user_dialog'])
    377. 

  377.     && ! isset($_REQUEST['db_specific'])
    378. 

  378. ) {
    379. 

  379.     $extra_data = PMA_getExtraDataForAjaxBehavior(
    380. 

  380.         (isset($password) ? $password : ''),
    381. 

  381.         $link_export,
    382. 

  382.         (isset($sql_query) ? $sql_query : ''),
    383. 

  383.         $link_edit,
    384. 

  384.         (isset($hostname) ? $hostname : ''),
    385. 

  385.         (isset($username) ? $username : '')
    386. 

  386.     );
    387. 

  387. 

  388.     if (! empty($message) && $message instanceof PMA_Message) {
    389. 

  389.         $response = PMA_Response::getInstance();
    390. 

  390.         $response->isSuccess($message->isSuccess());
    391. 

  391.         $response->addJSON('message', $message);
    392. 

  392.         $response->addJSON($extra_data);
    393. 

  393.         exit;
    394. 

  394.     }
    395. 

  395. }
    396. 

  396. 

  397. /**
    398. 

  398.  * Displays the links
    399. 

  399.  */
    400. 

  400. if (isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'db') {
    401. 

  401.     $_REQUEST['db'] = $_REQUEST['checkprivs'];
    402. 

  402. 

  403.     $url_query .= '&amp;goto=db_operations.php';
    404. 

  404. 

  405.     // Gets the database structure
    406. 

  406.     $sub_part = '_structure';
    407. 

  407.     ob_start();
    408. 

  408.     include 'libraries/db_info.inc.php';
    409. 

  409.     $content = ob_get_contents();
    410. 

  410.     ob_end_clean();
    411. 

  411.     $response->addHTML($content . "\n");
    412. 

  412. } else {
    413. 

  413.     if (! empty($GLOBALS['message'])) {
    414. 

  414.         $response->addHTML(PMA_Util::getMessage($GLOBALS['message']));
    415. 

  415.         unset($GLOBALS['message']);
    416. 

  416.     }
    417. 

  417. }
    418. 

  418. 

  419. /**
    420. 

  420.  * Displays the page
    421. 

  421.  */
    422. 

  422. 

  423. // export user definition
    424. 

  424. if (isset($_REQUEST['export'])
    425. 

  425.     || (isset($_REQUEST['submit_mult']) && $_REQUEST['submit_mult'] == 'export')
    426. 

  426. ) {
    427. 

  427.     list($title, $export) = PMA_getHtmlForExportUserDefinition(
    428. 

  428.         isset($username) ? $username : null,
    429. 

  429.         isset($hostname) ? $hostname : null
    430. 

  430.     );
    431. 

  431. 

  432.     unset($username, $hostname, $grants, $one_grant);
    433. 

  433. 

  434.     $response = PMA_Response::getInstance();
    435. 

  435.     if ($GLOBALS['is_ajax_request']) {
    436. 

  436.         $response->addJSON('message', $export);
    437. 

  437.         $response->addJSON('title', $title);
    438. 

  438.         exit;
    439. 

  439.     } else {
    440. 

  440.         $response->addHTML("<h2>$title</h2>$export");
    441. 

  441.     }
    442. 

  442. }
    443. 

  443. 

  444. if (empty($_REQUEST['adduser'])
    445. 

  445.     && (! isset($_REQUEST['checkprivs'])
    446. 

  446.     || ! strlen($_REQUEST['checkprivs']))
    447. 

  447. ) {
    448. 

  448.     if (! isset($username)) {
    449. 

  449.         // No username is given --> display the overview
    450. 

  450.         $response->addHTML(
    451. 

  451.             PMA_getHtmlForDisplayUserOverviewPage(
    452. 

  452.                 $link_edit, $pmaThemeImage, $text_dir,
    453. 

  453.                 $conditional_class, $link_export
    454. 

  454.             )
    455. 

  455.         );
    456. 

  456.     } else {
    457. 

  457.         // A user was selected -> display the user's properties
    458. 

  458. 

  459.         // In an Ajax request, prevent cached values from showing
    460. 

  460.         if ($GLOBALS['is_ajax_request'] == true) {
    461. 

  461.             header('Cache-Control: no-cache');
    462. 

  462.         }
    463. 

  463.         $url_dbname = urlencode(
    464. 

  464.             str_replace(
    465. 

  465.                 array('\_', '\%'),
    466. 

  466.                 array('_', '%'), $_REQUEST['dbname']
    467. 

  467.             )
    468. 

  468.         );
    469. 

  469.         $response->addHTML(
    470. 

  470.             PMA_getHtmlForDisplayUserProperties(
    471. 

  471.                 ((isset ($dbname_is_wildcard)) ? $dbname_is_wildcard : ''),
    472. 

  472.                 $url_dbname, $username, $hostname, $link_edit, $link_revoke,
    473. 

  473.                 (isset($dbname) ? $dbname : ''),
    474. 

  474.                 (isset($tablename) ? $tablename : '')
    475. 

  475.             )
    476. 

  476.         );
    477. 

  477.     }
    478. 

  478. } elseif (isset($_REQUEST['adduser'])) {
    479. 

  479.     // Add user
    480. 

  480.     $response->addHTML(
    481. 

  481.         PMA_getHtmlForAddUser((isset($dbname) ? $dbname : ''))
    482. 

  482.     );
    483. 

  483. } else {
    484. 

  484.     // check the privileges for a particular database.
    485. 

  485.     $response->addHTML(
    486. 

  486.         PMA_getHtmlForSpecificDbPrivileges($link_edit, $conditional_class)
    487. 

  487.     );
    488. 

  488. } // end if (empty($_REQUEST['adduser']) && empty($checkprivs))... elseif... else...
    489. 

  489. 

  490. ?>
    491.