diff --git a/htdocs/sql/libraries/display_create_table.lib.php b/htdocs/sql/libraries/display_create_table.lib.php new file mode 100755 --- /dev/null +++ b/htdocs/sql/libraries/display_create_table.lib.php @@ -0,0 +1,134 @@ += 4.1.0, we should be able to detect if user has a CREATE +// privilege by looking at SHOW GRANTS output; +// for < 4.1.0, it could be more difficult because the logic tries to +// detect the current host and it might be expressed in many ways; also +// on a shared server, the user might be unable to define a controluser +// that has the proper rights to the "mysql" db; +// so we give up and assume that user has the right to create a table +// +// Note: in this case we could even skip the following "foreach" logic + +// Addendum, 2006-01-19: ok, I give up. We got some reports about servers +// where the hostname field in mysql.user is not the same as the one +// in mysql.db for a user. In this case, SHOW GRANTS does not return +// the db-specific privileges. And probably, those users are on a shared +// server, so can't set up a control user with rights to the "mysql" db. +// We cannot reliably detect the db-specific privileges, so no more +// warnings about the lack of privileges for CREATE TABLE. Tested +// on MySQL 5.0.18. + +$is_create_table_priv = true; + +/* +if (PMA_MYSQL_INT_VERSION >= 40100) { + $is_create_table_priv = false; +} else { + $is_create_table_priv = true; +} + +foreach ($dbs_where_create_table_allowed as $allowed_db) { + + // if we find the exact db name, we stop here + if ($allowed_db == $db) { + $is_create_table_priv = TRUE; + break; + } + + // '*' indicates a global CREATE priv + if ($allowed_db == '*') { + $is_create_table_priv = TRUE; + break; + } + + if (ereg('%|_', $allowed_db)) { + // take care of wildcards and escaped wildcards, + // transforming them into regexp patterns + $max_position = strlen($allowed_db) - 1; + $i = 0; + $pattern = ''; + while ($i <= $max_position) { + if ($allowed_db[$i] == '\\'){ + if ($i < $max_position - 1 && $allowed_db[$i+1] == '_'){ + $chunk = '_'; + $i++; + } elseif ($i < $max_position - 1 && $allowed_db[$i+1] == '%'){ + $chunk = '%'; + $i++; + } else { + $chunk = $allowed_db[$i]; + } + } elseif ($allowed_db[$i] == '_'){ + $chunk = '.'; + } elseif ($allowed_db[$i] == '%'){ + $chunk = '(.)*'; + } else { + $chunk = $allowed_db[$i]; + } + $pattern .= $chunk; + $i++; + } // end while + unset($i, $max_position, $chunk); + + $matches = ''; + if (preg_match('@' .$pattern . '@i', $db, $matches)) { + if ($matches[0] == $db) { + $is_create_table_priv = TRUE; + break; + //TODO: maybe receive in $allowed_db also the db names + // on which we cannot CREATE, and check them + // in this foreach, because if a user is allowed to CREATE + // on db foo% but forbidden on db foobar, he should not + // see the Create table dialog + } + } + } +} // end foreach +unset($i, $max_position, $chunk, $pattern); +*/ +?> +
+
+ +'; +} +echo sprintf($strCreateNewTable, PMA_getDbLink()); +?> + + + +
+ : + +
+
+ : + +
+
+
+
+ + +
+ +
+