MySQL User Administrator

0) { Menu (); footer(); } else { $badid="Y"; Login ($badid); } echo "

$present "; // end of the checklogin function } //------------------------------------------------------ // // Login Function. // Asks for username and password. // //------------------------------------------------------ Function Login ($badid) { // begin of the login function global $pagename; if ("$badid" == "Y") { echo " You have entered an invalid User ID and Password: "; } echo " Please enter your login information:

Please enter your login name:

Please enter your password:

"; // end of the login function } //------------------------------------------------------ // // The Main Menu. // The main screen where all the user information // is entered. This is called from the login // screen with no values set (except defaults) or // from the "update" buttons using the // "autofill" function. // //------------------------------------------------------ Function Menu () { global $password,$user, $SCRIPT_NAME, $dbdefault, $hostdefault, $autofill, $radio_opt, $victim, $host, $database, $Select_priv, $Insert_priv, $Update_priv, $Delete_priv, $Create_priv, $Drop_priv, $Shutdown_priv, $Process_priv, $Reload_priv, $File_priv; $bgcolor="#ddddff"; $bgadmin="#bbbbbb"; $tbcolor="#000080"; if ( "$autofill" == "Y" ) { if ( "$Select_priv" == "Y" ) { $Select_priv="checked"; } else { $Select_priv=""; } if ( "$Insert_priv" == "Y" ) { $Insert_priv="checked"; } else { $Insert_priv=""; } if ( "$Update_priv" == "Y" ) { $Update_priv="checked"; } else { $Update_priv=""; } if ( "$Delete_priv" == "Y" ) { $Delete_priv="checked"; } else { $Delete_priv=""; } if ( "$Create_priv" == "Y" ) { $Create_priv="checked"; } else { $Create_priv=""; } if ( "$Drop_priv" == "Y" ) { $Drop_priv="checked"; } else { $Drop_priv=""; } if ( "$Reload_priv" == "Y" ) { $Reload_priv="checked"; } else { $Reload_priv=""; } if ( "$Shutdown_priv" == "Y" ) { $Shutdown_priv="checked"; } else { $Shutdown_priv=""; } if ( "$Process_priv" == "Y" ) { $Process_priv="checked"; } else { $Process_priv=""; } if ( "$File_priv" == "Y" ) { $File_priv="checked"; } else { $File_priv=""; } if ( "$radio_opt" == "user" ) { $radio_opt_2="selected"; } if ( "$radio_opt" == "db" ) { $radio_opt_3="selected"; } $hostdefault=$host; $dbdefault=$database; } else { $radio_opt_1="selected"; $Select_priv="checked"; $Insert_priv="checked"; $Update_priv="checked"; $Delete_priv="checked"; $Create_priv=""; $Drop_priv=""; $Reload_priv=""; $Shutdown_priv=""; $Process_priv=""; $File_priv=""; } echo "

Actions/Commands:

User Definition:

USER: PASS:

HOST: CONFIRM:

DB: For old password leave blank

Basic User Settings:

Select:

Delete:

Insert:

Create:

Update:

Drop:

Administrative User Settings:

Reload:

Shutdown:

Process:

File:

"; } //------------------------------------------------------ // // Basic error checking. the "pw" variable is set // before the functions are run to let this // function know if it needs to verify password // information or not. If a null is entered for // something that has a default, the default is // set again (user removed it from form). // //------------------------------------------------------ Function checknclean () { global $victim, $pw1, $pw2, $host, $database, $pw, $hostdefault, $dbdefault, $Select_priv, $Insert_priv, $Update_priv, $Delete_priv, $Create_priv, $Drop_priv, $Reload_priv, $Shutdown_priv, $Process_priv, $File_priv; if ( "$victim" == "" ) { die ("Casper doesn't need an update!"); } if ( "$database" == "" ) { $database = "$dbdefault"; } if ( "$host" == "" ) { $host = "$hostdefault"; } if ( "$pw" == "1" ) { if ( "$pw1" != "$pw2" ) { die ("Passwords don't match, try again"); } if ( "$pw1" == "" ) { die ("If you don't want passwords, change the source code.
Otherwise come back when you've got one!"); } } if ( "$Select_priv" != "Y" ) { $Select_priv = "N"; } if ( "$Insert_priv" != "Y" ) { $Insert_priv = "N"; } if ( "$Update_priv" != "Y" ) { $Update_priv = "N"; } if ( "$Delete_priv" != "Y" ) { $Delete_priv = "N"; } if ( "$Create_priv" != "Y" ) { $Create_priv = "N"; } if ( "$Drop_priv" != "Y" ) { $Drop_priv = "N"; } if ( "$Reload_priv" != "Y" ) { $Reload_priv = "N"; } if ( "$Shutdown_priv" != "Y" ) { $Shutdown_priv = "N"; } if ( "$Process_priv" != "Y" ) { $Process_priv = "N"; } if ( "$File_priv" != "Y" ) { $File_priv = "N"; } } //------------------------------------------------------ // // Displays the mysql user table with // buttons for update and delete. // When feeding it user information for it's // query, use "%" for a wildcard. // //------------------------------------------------------ Function show_user ($victim, $host) { global $user, $password, $pagename; @mysql_select_db("mysql"); // Determine what query to run. if ( "$victim" == "%" ) { if ( "$host" == "%" ) { $result=mysql_query("select * from user"); } else { $result=mysql_query("select * from user where host = \"$host\" "); } } elseif ( "$host" == "%" ) { $result=mysql_query("select * from user where user = \"$victim\" "); } else { $result=mysql_query("select * from user where user = \"$victim\" and host = \"$host\" "); } // Print out the resulting information. echo " "; $counter=0; while (@mysql_data_seek($result,$counter)) { $row=mysql_fetch_object($result); $counter++; //-------------------------------- // The Update Button //-------------------------------- echo " "; //-------------------------------- // The Delete Button //-------------------------------- echo" "; //-------------------------------- // Print table values //-------------------------------- for ($i=0; $i"; echo "$row[$i]"; echo ""; } echo ""; } echo "
Host User Password Sel Ins Upd Del Crt Drp Rld Sht Ps File

Host\"> Select_priv\"> Insert_priv\"> Update_priv\"> Delete_priv\"> Create_priv\"> Drop_priv\"> Reload_priv\"> Shutdown_priv\"> Process_priv\"> File_priv\"> User\">
Host\"> User\">
"; } //------------------------------------------------------ // // Displays the mysql DB table with // buttons for update and delete. // When feeding it user information for it's // query, use "%" for a wildcard. // //------------------------------------------------------ Function show_db ($victim, $host) { global $user, $password, $pagename; @mysql_select_db("mysql"); // Determine what query to run. if ("$victim" == "%") { if ("$host" == "%") { $result=mysql_query("select * from db"); } else { $result=mysql_query("select * from db where host = \"$host\" "); } } elseif ("$host" == "%") { $result=mysql_query("select * from db where user = \"$vitcim\" "); } else { $result = mysql_query("select * from db where user = \"$victim\" and host = \"$host\" "); } // Print out the resulting information. echo " "; $counter=0; while (@mysql_data_seek($result,$counter)){ $row=mysql_fetch_object($result); $counter++; //-------------------------------- // The Update Button //-------------------------------- echo " "; //-------------------------------- // The Delete Button //-------------------------------- echo" "; //-------------------------------- // Print table values //-------------------------------- echo " "; // for ($i=0; $i"; // echo "$row[$i]"; // echo ""; // } // echo "\n"; } echo "
Host Db User Sel Ins Upd Del Crt Drp

Select_priv\"> Insert_priv\"> Update_priv\"> Delete_priv\"> Drop_priv\"> User\"> Db\">
Host\"> User\"> Db\">
$row->Host $row->Db $row->User $row->Select_priv $row->Insert_priv $row->Update_priv $row->Delete_priv $row->Create_priv $row->Drop_priv
"; } //------------------------------------------------------ // // This function is the main add function (the // quick add option). It puts user information into // the main user table (password etc), but gives // the user no global rights. It then gives the // user rights for the specified database. // This is just for convenience, you could do the // same thing with g_add and then a d_add. // //------------------------------------------------------ Function add () { checknclean (); global $user, $password, $server, $victim, $pw1, $host, $database, $Select_priv, $Insert_priv, $Update_priv, $Delete_priv, $Create_priv, $Drop_priv; mysql_connect($server,$user,$password); mysql("mysql", "insert into user ( user, host, password, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv ) values ('$victim', '$host', password(\"$pw1\"), 'N','N','N','N','N','N')"); mysql("mysql", "insert into db ( user, host, db, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv ) values ('$victim', '$host', '$database', '$Select_priv','$Insert_priv','$Update_priv', '$Delete_priv','$Create_priv','$Drop_priv')"); Reload_Tables(); echo "
New Global User Settings
"; show_user ("%","%"); echo "
New Database Access Table
"; show_db ("%","%"); echo "That user has been added!"; } //------------------------------------------------------ // // Delete a user/host from every table // //------------------------------------------------------ Function g_delete () { global $user, $password, $server, $victim, $host, $database; checknclean (); mysql_connect($server,$user,$password); mysql("mysql","delete from user where user = \"$victim\" and host = \"$host\" "); mysql("mysql","delete from db where user = \"$victim\" and host = \"$host\" "); Reload_Tables(); echo "
New Global User Settings
"; show_user("%","%"); echo "
New Database Access Table
"; show_db("%","%"); echo "The user $victim@$host has been deleted the user"; } //------------------------------------------------------ // // Delete a user/host from a particular database. // //------------------------------------------------------ Function d_delete () { global $user, $password, $server, $victim, $host, $database; checknclean (); mysql_connect($server,$user,$password); mysql("mysql","delete from db where user = \"$victim\" and host = \"$host\" "); Reload_Tables(); echo "
New Global User Settings
"; show_user("%","%"); echo "
New Database Access Table
"; show_db("%","%"); echo "The user $victim@$host has been deleted the user"; } //------------------------------------------------------ // // Add a global user. (user table only) // //------------------------------------------------------ Function g_add () { global $user, $password, $server, $victim, $pw1, $host, $Select_priv, $Insert_priv, $Update_priv, $Delete_priv, $Create_priv, $Drop_priv, $Reload_priv, $Shutdown_priv, $Process_priv, $File_priv; checknclean (); mysql_connect($server,$user,$password); mysql("mysql", "insert into user ( user, host, password, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv, File_priv ) values ('$victim', '$host', password(\"$pw1\"), '$Select_priv','$Insert_priv','$Update_priv', '$Delete_priv','$Create_priv','$Drop_priv', '$Reload_priv','$Shutdown_priv', '$Process_priv','$File_priv')"); Reload_Tables(); echo "
New Global User Settings
"; show_user ("%","%","user"); echo "
New Database Access Table
"; show_db ("%","%","db"); echo "That user has been added!"; } //------------------------------------------------------ // // Add a user to a database. (db table only) // //------------------------------------------------------ Function d_add () { checknclean (); global $user, $password, $server, $victim, $host, $database, $Select_priv, $Insert_priv, $Update_priv, $Delete_priv, $Create_priv, $Drop_priv; mysql_connect($server,$user,$password); mysql("mysql", "insert into db ( user, host, db, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv ) values ('$victim', '$host', '$database', '$Select_priv','$Insert_priv','$Update_priv', '$Delete_priv','$Create_priv','$Drop_priv')"); Reload_Tables(); echo "
New Global User Settings
"; show_user ("%","%"); echo "
New Database Access Table
"; show_db ("%","%"); echo "That user has been added!"; } //------------------------------------------------------ // // Modify a user's global settings (user table only). // //------------------------------------------------------ Function g_modify () { global $user, $password, $server, $victim, $pw1, $pw2, $host, $Select_priv, $Insert_priv, $Update_priv, $Delete_priv, $Create_priv, $Drop_priv, $Reload_priv, $Shutdown_priv, $Process_priv, $File_priv; checknclean (); if ( "$pw1" != "$pw2" ) { die ("Passwords don't match, try again"); } mysql_connect($server,$user,$password); if ( "$pw1" == "" ) { mysql("mysql", "update user set user = '$victim', host = '$host', Select_priv = '$Select_priv', Insert_priv = '$Insert_priv', Update_priv = '$Update_priv', Delete_priv = '$Delete_priv', Create_priv = '$Create_priv', Drop_priv = '$Drop_priv', Reload_priv = '$Reload_priv', Shutdown_priv = '$Shutdown_priv', Process_priv = '$Process_priv', File_priv = '$File_priv' where user = '$victim' and host = '$host'"); } else { mysql("mysql", "update user set user = '$victim', host = '$host', password = '$pw1', Select_priv = '$Select_priv', Insert_priv = '$Insert_priv', Update_priv = '$Update_priv', Delete_priv = '$Delete_priv', Create_priv = '$Create_priv', Drop_priv = '$drop_priv' where user = '$victim' and host = '$host'"); } Reload_Tables(); echo "
New Global User Settings
"; show_user ("%","%"); echo "
New Database Access Table
"; show_db ("%","%"); } //------------------------------------------------------ // // Modify a user's database settings (db table only). // //------------------------------------------------------ Function d_modify () { global $user, $password, $server, $victim, $host, $database, $Select_priv, $Insert_priv, $Update_priv, $Delete_priv, $Create_priv, $Drop_priv; checknclean (); mysql_connect($server,$user,$password); mysql("mysql", "update db set user = '$victim', host = '$host', db = '$database', Select_priv = '$Select_priv', Insert_priv = '$Insert_priv', Update_priv = '$Update_priv', Delete_priv = '$Delete_priv', Create_priv = '$Create_priv', Drop_priv = '$Drop_priv' where user = '$victim' and host = '$host'"); Reload_Tables(); echo "
New Global User Settings
"; show_user ("%","%"); echo "
New Database Access Table
"; show_db ("%","%"); } //------------------------------------------------------ // // Global Display Function: // Display full user and db tables. // //------------------------------------------------------ Function g_display () { global $user, $password, $server; mysql_connect($server,$user,$password); show_user ("%","%"); show_db ("%","%"); } //------------------------------------------------------ // // The footer printed at the bottem of the page // //------------------------------------------------------ Function footer() { global $password, $user, $pagename; echo "

Login HELP SHOW PERMISSION TABLES Main Menu
"; } // // Main Loop // // if pw is set to 1, then the function will // know to perform password matching verification // and test to make sure it's not null. switch ($mode) { case ""; Login ($badid);break; case "checklogin"; CheckLogin(); break; case "Menu"; Menu (); footer(); break; case "g-add"; $pw = "1"; g_add (); footer(); break; case "d-add"; d_add (); footer(); break; case "g-delete"; g_delete (); footer(); break; case "d-delete"; d_delete (); footer(); break; case "g-modify"; g_modify (); footer(); break; case "d-modify"; d_modify (); footer(); break; case "add"; $pw = "1"; add (); footer(); break; case "help"; help (); footer(); break; case "delete"; delete (); footer(); break; case "g-display"; g_display (); footer(); break; default; echo "Admin utility internal error: Unknown mode: $mode"; } ?>