[Sommaire] [Imprimer]

   1  <?php
   2  /* $Id: display_create_table.lib.php 8348 2006-01-19 17:13:20Z lem9 $ */
   3  // vim: expandtab sw=4 ts=4 sts=4:
   4  
   5  // Displays form for creating a table (if user has privileges for that)
   6  
   7  require_once ('./libraries/check_user_privileges.lib.php');
   8  
   9  // for MySQL >= 4.1.0, we should be able to detect if user has a CREATE
  10  // privilege by looking at SHOW GRANTS output;
  11  // for < 4.1.0, it could be more difficult because the logic tries to
  12  // detect the current host and it might be expressed in many ways; also
  13  // on a shared server, the user might be unable to define a controluser 
  14  // that has the proper rights to the "mysql" db;
  15  // so we give up and assume that user has the right to create a table
  16  //
  17  // Note: in this case we could even skip the following "foreach" logic
  18  
  19  // Addendum, 2006-01-19: ok, I give up. We got some reports about servers
  20  // where the hostname field in mysql.user is not the same as the one
  21  // in mysql.db for a user. In this case, SHOW GRANTS does not return
  22  // the db-specific privileges. And probably, those users are on a shared
  23  // server, so can't set up a control user with rights to the "mysql" db.
  24  // We cannot reliably detect the db-specific privileges, so no more
  25  // warnings about the lack of privileges for CREATE TABLE. Tested
  26  // on MySQL 5.0.18.
  27  
  28  $is_create_table_priv = true;
  29  
  30  /*
  31  if (PMA_MYSQL_INT_VERSION >= 40100) {
  32      $is_create_table_priv = false;
  33  } else {
  34      $is_create_table_priv = true;
  35  }
  36  
  37  foreach ( $dbs_where_create_table_allowed as $allowed_db ) {
  38  
  39      // if we find the exact db name, we stop here
  40      if ($allowed_db == $db) {
  41          $is_create_table_priv = TRUE;
  42          break;
  43      }
  44  
  45      // '*' indicates a global CREATE priv
  46      if ($allowed_db == '*') {
  47          $is_create_table_priv = TRUE;
  48          break;
  49      }
  50  
  51      if (ereg('%|_', $allowed_db)) {
  52          // take care of wildcards and escaped wildcards,
  53          // transforming them into regexp patterns
  54          $max_position = strlen($allowed_db) - 1;
  55          $i = 0;
  56          $pattern = '';
  57          while ($i <= $max_position) {
  58              if ($allowed_db[$i] == '\\'){
  59                  if ($i < $max_position - 1 && $allowed_db[$i+1] == '_'){
  60                      $chunk = '_';
  61                      $i++;
  62                  } elseif ($i < $max_position - 1 && $allowed_db[$i+1] == '%'){
  63                      $chunk = '%';
  64                      $i++;
  65                  } else {
  66                      $chunk = $allowed_db[$i];
  67                  }
  68              } elseif ($allowed_db[$i] == '_'){
  69                  $chunk = '.';
  70              } elseif ($allowed_db[$i] == '%'){
  71                  $chunk = '(.)*';
  72              } else {
  73                  $chunk = $allowed_db[$i];
  74              }
  75              $pattern .= $chunk;
  76              $i++;
  77          } // end while
  78          unset($i, $max_position, $chunk);
  79  
  80          $matches = '';
  81          if (preg_match('@' .$pattern . '@i', $db, $matches)) {
  82              if ($matches[0] == $db) {
  83                  $is_create_table_priv = TRUE;
  84                  break;
  85                  //TODO: maybe receive in $allowed_db also the db names
  86                  // on which we cannot CREATE, and check them
  87                  // in this foreach, because if a user is allowed to CREATE
  88                  // on db foo% but forbidden on db foobar, he should not
  89                  // see the Create table dialog
  90              }
  91          }
  92      }
  93  } // end foreach
  94  unset($i, $max_position, $chunk, $pattern);
  95  */
  96  ?>
  97  <form method="post" action="tbl_create.php"
  98      onsubmit="return (emptyFormElements(this, 'table') &amp;&amp; checkFormElementInRange(this, 'num_fields', '<?php echo str_replace('\'', '\\\'', $GLOBALS['strInvalidFieldCount']); ?>', 1))">
  99  <fieldset>
 100      <legend>
 101  <?php
 102  if ( $GLOBALS['cfg']['PropertiesIconic'] ) {
 103      echo '<img class="icon" src="' . $pmaThemeImage . 'b_newtbl.png" width="16" height="16" alt="" />';
 104  }
 105  echo sprintf( $strCreateNewTable, PMA_getDbLink() );
 106  ?>
 107      </legend>
 108  <?php if ( $is_create_table_priv ) { ?>
 109      <?php echo PMA_generate_common_hidden_inputs( $db ); ?>
 110      <div class="formelement">
 111          <?php echo $strName; ?>:
 112          <input type="text" name="table" maxlength="64" size="30" />
 113      </div>
 114      <div class="formelement">
 115          <?php echo $strNumberOfFields; ?>:
 116          <input type="text" name="num_fields" size="2" />
 117      </div>
 118      <div class="clearfloat"></div>
 119  </fieldset>
 120  <fieldset class="tblFooters">
 121      <input type="submit" value="<?php echo $strGo; ?>" />
 122  <?php } else { ?>
 123      <div class="error"><?php echo $strNoPrivileges; ?></div>
 124  <?php } // end if else ?>
 125  </fieldset>
 126  </form>