/**
* PostgreSQL 8.1 support
*
- * $Id: Postgres81.php,v 1.11 2006/09/28 13:04:00 xzilla Exp $
+ * $Id: Postgres81.php,v 1.12 2006/12/28 04:26:55 xzilla Exp $
*/
include_once('./classes/database/Postgres80.php');
}
// Roles
-
- /**
- * Changes a role's password
- * @param $rolename The rolename
- * @param $password The new password
- * @return 0 success
- */
- function changePassword($rolename, $password) {
- $enc = $this->_encryptPassword($rolename, $password);
- $this->fieldClean($rolename);
- $this->clean($enc);
- $sql = "ALTER ROLE \"{$rolename}\" WITH ENCRYPTED PASSWORD '{$enc}'";
-
- return $this->execute($sql);
- }
-
/**
* Returns all roles in the database cluster
+ * @param $rolename (optional) The roleme to exclude from the select
* @return All roles
*/
- function getRoles() {
- $sql = "SELECT * FROM pg_catalog.pg_roles ORDER BY rolname";
-
+ function getRoles($rolename = '') {
+ $sql = 'SELECT rolname, rolsuper, rolcreatedb, rolcreaterole, rolinherit, rolcanlogin, rolconnlimit, rolvaliduntil,
+ rolconfig FROM pg_catalog.pg_roles';
+ if($rolename) $sql .= " WHERE rolname!='{$rolename}'";
+ $sql .= ' ORDER BY rolname';
+
return $this->selectSet($sql);
}
/**
* Returns information about a single role
- * @param $rolename The username of the role to retrieve
+ * @param $rolename The rolename of the role to retrieve
* @return The role's data
*/
function getRole($rolename) {
$this->clean($rolename);
- $sql = "SELECT * FROM pg_catalog.pg_roles WHERE rolname='{$rolename}'";
-
+ $sql = "SELECT rolname, rolsuper, rolcreatedb, rolcreaterole, rolinherit, rolcanlogin, rolconnlimit, rolvaliduntil,
+ rolconfig FROM pg_catalog.pg_roles WHERE rolname='{$rolename}'";
+
return $this->selectSet($sql);
}
* Creates a new role
* @param $rolename The rolename of the role to create
* @param $password A password for the role
- * @param $createdb boolean Whether or not the role can create databases
- * @param $createrole boolean Whether or not the role can create other roles
- * @param $expiry string Format 'YYYY-MM-DD HH:MM:SS'. '' means never expire
- * @param $group (array) The groups to create the role in
+ * @param $superuser Boolean whether or not the role is a superuser
+ * @param $createdb Boolean whether or not the role can create databases
+ * @param $createrole Boolean whether or not the role can create other roles
+ * @param $inherits Boolean whether or not the role inherits the privileges from parent roles
+ * @param $login Boolean whether or not the role will be allowed to login
+ * @param $connlimit Number of concurrent connections the role can make
+ * @param $expiry String Format 'YYYY-MM-DD HH:MM:SS'. '' means never expire
+ * @param $memberof (array) Roles to which the new role will be immediately added as a new member
+ * @param $members (array) Roles which are automatically added as members of the new role
+ * @param $adminmembers (array) Roles which are automatically added as admin members of the new role
* @return 0 success
*/
- function createRole($rolename, $password, $createdb, $super, $createrole, $inherits, $login, $expiry, $conn, $roles) {
+ function createRole($rolename, $password, $superuser, $createdb, $createrole, $inherits, $login, $connlimit, $expiry, $memberof, $members, $adminmembers) {
$enc = $this->_encryptPassword($rolename, $password);
$this->fieldClean($rolename);
+ $this->clean($enc);
+ $this->clean($connlimit);
$this->clean($expiry);
- $this->clean($conn);
- $this->fieldArrayClean($roles);
+ $this->fieldArrayClean($memberof);
+ $this->fieldArrayClean($members);
+ $this->fieldArrayClean($adminmembers);
$sql = "CREATE ROLE \"{$rolename}\"";
if ($password != '') $sql .= " WITH ENCRYPTED PASSWORD '{$enc}'";
+ $sql .= ($superuser) ? ' SUPERUSER' : ' NOSUPERUSER';
$sql .= ($createdb) ? ' CREATEDB' : ' NOCREATEDB';
$sql .= ($createrole) ? ' CREATEROLE' : ' NOCREATEROLE';
- $sql .= ($super) ? ' SUPERUSER' : ' NOSUPERUSER';
$sql .= ($inherits) ? ' INHERIT' : ' NOINHERIT';
$sql .= ($login) ? ' LOGIN' : ' NOLOGIN';
- if ($conn != '') $sql .= " CONNECTION LIMIT {$conn}";
- if (is_array($roles) && sizeof($roles) > 0) $sql .= " IN ROLE \"" . join('", "', $roles) . "\"";
- if ($expiry != '') $sql .= " VALID UNTIL '{$expiry}'";
-
+ if ($connlimit != '') $sql .= " CONNECTION LIMIT {$connlimit}"; else $sql .= ' CONNECTION LIMIT -1';
+ if ($expiry != '') $sql .= " VALID UNTIL '{$expiry}'"; else $sql .= " VALID UNTIL 'infinity'";
+ if (is_array($memberof) && sizeof($memberof) > 0) $sql .= ' IN ROLE "' . join('", "', $memberof) . '"';
+ if (is_array($members) && sizeof($members) > 0) $sql .= ' ROLE "' . join('", "', $members) . '"';
+ if (is_array($adminmembers) && sizeof($adminmembers) > 0) $sql .= ' ADMIN "' . join('", "', $adminmembers) . '"';
+
return $this->execute($sql);
}
+ /**
+ * Removes a role
+ * @param $rolename The rolename of the role to drop
+ * @return 0 success
+ */
+ function dropRole($rolename) {
+ $this->fieldClean($rolename);
+
+ $sql = "DROP ROLE \"{$rolename}\"";
+
+ return $this->execute($sql);
+ }
+
+ /**
+ * Adjusts a role's info and renames it
+ * @param $rolename The rolename of the role to create
+ * @param $password A password for the role
+ * @param $superuser Boolean whether or not the role is a superuser
+ * @param $createdb Boolean whether or not the role can create databases
+ * @param $createrole Boolean whether or not the role can create other roles
+ * @param $inherits Boolean whether or not the role inherits the privileges from parent roles
+ * @param $login Boolean whether or not the role will be allowed to login
+ * @param $connlimit Number of concurrent connections the role can make
+ * @param $expiry string Format 'YYYY-MM-DD HH:MM:SS'. '' means never expire
+ * @param $memberof (array) Roles to which the role will be immediately added as a new member
+ * @param $members (array) Roles which are automatically added as members of the role
+ * @param $adminmembers (array) Roles which are automatically added as admin members of the role
+ * @param $memberofold (array) Original roles whose the role belongs to
+ * @param $membersold (array) Original roles that are members of the role
+ * @param $adminmembersold (array) Original roles that are admin members of the role
+ * @param $newrolename The new name of the role
+ * @return 0 success
+ * @return -1 transaction error
+ * @return -2 set role attributes error
+ * @return -3 rename error
+ */
+ function setRenameRole($rolename, $password, $superuser, $createdb, $createrole, $inherits, $login, $connlimit, $expiry, $memberof, $members, $adminmembers, $memberofold, $membersold, $adminmembersold, $newrolename) {
+
+ $status = $this->beginTransaction();
+ if ($status != 0) return -1;
+
+ $status = $this->setRole($rolename, $password, $superuser, $createdb, $createrole, $inherits, $login, $connlimit, $expiry, $memberof, $members, $adminmembers, $memberofold, $membersold, $adminmembersold);
+ if ($status != 0) {
+ $this->rollbackTransaction();
+ return -2;
+ }
+
+ if ($rolename != $newrolename){
+ $status = $this->renameRole($rolename, $newrolename);
+ if ($status != 0) {
+ $this->rollbackTransaction();
+ return -3;
+ }
+ }
+
+ return $this->endTransaction();
+ }
+
/**
* Adjusts a role's info
- * @param $rolename The rolename of the role to modify
- * @param $password A new password for the role
- * @param $createdb boolean Whether or not the role can create databases
- * @param $createrole boolean Whether or not the role can create other roles
- * @param $inherit Inherits privs from parent role or not.
- * @param $login Can login or not
- * @param $expiry string Format 'YYYY-MM-DD HH:MM:SS'. '' means never expire.
+ * @param $rolename The rolename of the role to create
+ * @param $password A password for the role
+ * @param $superuser Boolean whether or not the role is a superuser
+ * @param $createdb Boolean whether or not the role can create databases
+ * @param $createrole Boolean whether or not the role can create other roles
+ * @param $inherits Boolean whether or not the role inherits the privileges from parent roles
+ * @param $login Boolean whether or not the role will be allowed to login
+ * @param $connlimit Number of concurrent connections the role can make
+ * @param $expiry string Format 'YYYY-MM-DD HH:MM:SS'. '' means never expire
+ * @param $memberof (array) Roles to which the role will be immediately added as a new member
+ * @param $members (array) Roles which are automatically added as members of the role
+ * @param $adminmembers (array) Roles which are automatically added as admin members of the role
+ * @param $memberofold (array) Original roles whose the role belongs to
+ * @param $membersold (array) Original roles that are members of the role
+ * @param $adminmembersold (array) Original roles that are admin members of the role
* @return 0 success
*/
- function setRole($rolename, $password, $createdb, $createrole, $inherit, $login, $expiry) {
+ function setRole($rolename, $password, $superuser, $createdb, $createrole, $inherits, $login, $connlimit, $expiry, $memberof, $members, $adminmembers, $memberofold, $membersold, $adminmembersold) {
$enc = $this->_encryptPassword($rolename, $password);
$this->fieldClean($rolename);
+ $this->clean($enc);
+ $this->clean($connlimit);
$this->clean($expiry);
-
+ $this->fieldArrayClean($memberof);
+ $this->fieldArrayClean($members);
+ $this->fieldArrayClean($adminmembers);
+
$sql = "ALTER ROLE \"{$rolename}\"";
if ($password != '') $sql .= " WITH ENCRYPTED PASSWORD '{$enc}'";
+ $sql .= ($superuser) ? ' SUPERUSER' : ' NOSUPERUSER';
$sql .= ($createdb) ? ' CREATEDB' : ' NOCREATEDB';
$sql .= ($createrole) ? ' CREATEROLE' : ' NOCREATEROLE';
- $sql .= ($inherit) ? ' INHERIT' : ' NOINHERIT';
+ $sql .= ($inherits) ? ' INHERIT' : ' NOINHERIT';
$sql .= ($login) ? ' LOGIN' : ' NOLOGIN';
- if ($expiry != '') $sql .= " VALID UNTIL '{$expiry}'";
- else $sql .= " VALID UNTIL 'infinity'";
+ if ($connlimit != '') $sql .= " CONNECTION LIMIT {$connlimit}"; else $sql .= ' CONNECTION LIMIT -1';
+ if ($expiry != '') $sql .= " VALID UNTIL '{$expiry}'"; else $sql .= " VALID UNTIL 'infinity'";
- return $this->execute($sql);
+ $status = $this->execute($sql);
+
+ if ($status != 0) return -1;
+
+ //memberof
+ $old = explode(',', $memberofold);
+ foreach ($memberof as $m) {
+ if (!in_array($m, $old)) {
+ $status = $this->grantRole($m, $rolename);
+ if ($status != 0) return -1;
+ }
+ }
+ if($memberofold)
+ {
+ foreach ($old as $o) {
+ if (!in_array($o, $memberof)) {
+ $status = $this->revokeRole($o, $rolename, 0, 'CASCADE');
+ if ($status != 0) return -1;
+ }
+ }
+ }
+
+ //members
+ $old = explode(',', $membersold);
+ foreach ($members as $m) {
+ if (!in_array($m, $old)) {
+ $status = $this->grantRole($rolename, $m);
+ if ($status != 0) return -1;
+ }
+ }
+ if($membersold)
+ {
+ foreach ($old as $o) {
+ if (!in_array($o, $members)) {
+ $status = $this->revokeRole($rolename, $o, 0, 'CASCADE');
+ if ($status != 0) return -1;
+ }
+ }
+ }
+
+ //adminmembers
+ $old = explode(',', $adminmembersold);
+ foreach ($adminmembers as $m) {
+ if (!in_array($m, $old)) {
+ $status = $this->grantRole($rolename, $m, 1);
+ if ($status != 0) return -1;
+ }
+ }
+ if($adminmembersold)
+ {
+ foreach ($old as $o) {
+ if (!in_array($o, $adminmembers)) {
+ $status = $this->revokeRole($rolename, $o, 1, 'CASCADE');
+ if ($status != 0) return -1;
+ }
+ }
+ }
+
+ return $status;
}
/**
- * Removes a role
- * @param $rolename The rolename of the role to drop
+ * Renames a role
+ * @param $rolename The rolename of the role to rename
+ * @param $newrolename The new name of the role
* @return 0 success
*/
- function dropRole($rolename) {
+ function renameRole($rolename, $newrolename){
$this->fieldClean($rolename);
+ $this->fieldClean($newrolename);
+
+ $sql = "ALTER ROLE \"{$rolename}\" RENAME TO \"{$newrolename}\"";
- $sql = "DROP ROLE \"{$rolename}\"";
-
return $this->execute($sql);
}
/**
- * Renames a user
- * @param $username The username of the user to rename
- * @param $newname The new name of the user
+ * Grants membership in a role
+ * @param $role The name of the target role
+ * @param $rolename The name of the role that will belong to the target role
+ * @param $admin (optional) Flag to grant the admin option
+ * @return 0 success
+ */
+ function grantRole($role, $rolename, $admin=0) {
+ $this->fieldClean($role);
+ $this->fieldClean($rolename);
+
+ $sql = "GRANT \"{$role}\" TO \"{$rolename}\"";
+ if($admin == 1) $sql .= ' WITH ADMIN OPTION';
+
+ return $this->execute($sql);
+ }
+
+ /**
+ * Revokes membership in a role
+ * @param $role The name of the target role
+ * @param $rolename The name of the role that will not belong to the target role
+ * @param $admin (optional) Flag to revoke only the admin option
+ * @param $type (optional) Type of revoke: RESTRICT | CASCADE
* @return 0 success
*/
- function renameUser($username, $newname){
- $this->fieldClean($username);
- $this->fieldClean($newname);
+ function revokeRole($role, $rolename, $admin = 0, $type = 'RESTRICT') {
+ $this->fieldClean($role);
+ $this->fieldClean($rolename);
- $sql = "ALTER USER \"{$username}\" RENAME TO \"{$newname}\"";
+ $sql = "REVOKE ";
+ if($admin == 1) $sql .= 'ADMIN OPTION FOR ';
+ $sql .= "\"{$role}\" FROM \"{$rolename}\" {$type}";
return $this->execute($sql);
}
+ /**
+ * Changes a role's password
+ * @param $rolename The rolename
+ * @param $password The new password
+ * @return 0 success
+ */
+ function changePassword($rolename, $password) {
+ $enc = $this->_encryptPassword($rolename, $password);
+ $this->fieldClean($rolename);
+ $this->clean($enc);
+
+ $sql = "ALTER ROLE \"{$rolename}\" WITH ENCRYPTED PASSWORD '{$enc}'";
+
+ return $this->execute($sql);
+ }
+
+ /**
+ * Returns all rolenames which the role belongs to
+ * @param $rolename The rolename
+ * @return All rolenames
+ */
+ function getMemberOf($rolename) {
+ $this->clean($rolname);
+
+ $sql = "SELECT rolname FROM pg_catalog.pg_roles R, pg_auth_members M WHERE R.oid=M.roleid
+ AND member IN (SELECT oid FROM pg_catalog.pg_roles WHERE rolname='{$rolename}') ORDER BY rolname";
+
+ return $this->selectSet($sql);
+ }
+
+ /**
+ * Returns all rolenames that are members of a role
+ * @param $rolename The rolename
+ * @param $admin (optional) Find only admin members
+ * @return All rolenames
+ */
+ function getMembers($rolename, $admin = 'f') {
+ $this->clean($rolname);
+
+ $sql = "SELECT rolname FROM pg_catalog.pg_roles R, pg_auth_members M WHERE R.oid=M.member AND admin_option='{$admin}'
+ AND roleid IN (SELECT oid FROM pg_catalog.pg_roles WHERE rolname='{$rolename}') ORDER BY rolname";
+
+ return $this->selectSet($sql);
+ }
+
/**
* Returns all available process information.
* @return A recordset
return $this->selectSet($sql);
}
-
/**
* Enables a trigger
* @param $tgname The name of the trigger to enable
--- /dev/null
+<?php
+
+ /**
+ * Manage roles in a database cluster
+ *
+ * $Id: roles.php
+ */
+
+ // Include application functions
+ include_once('./libraries/lib.inc.php');
+
+ $action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+ if (!isset($msg)) $msg = '';
+ $PHP_SELF = $_SERVER['PHP_SELF'];
+
+ /**
+ * Displays a screen for create a new role
+ */
+ function doCreate($msg = '') {
+ global $data, $misc, $username;
+ global $PHP_SELF, $lang;
+
+ if (!isset($_POST['formRolename'])) $_POST['formRolename'] = '';
+ if (!isset($_POST['formPassword'])) $_POST['formPassword'] = '';
+ if (!isset($_POST['formConfirm'])) $_POST['formConfirm'] = '';
+ if (!isset($_POST['formConnLimit'])) $_POST['formConnLimit'] = '';
+ if (!isset($_POST['formExpires'])) $_POST['formExpires'] = '';
+ if (!isset($_POST['memberof'])) $_POST['memberof'] = array();
+ if (!isset($_POST['members'])) $_POST['members'] = array();
+ if (!isset($_POST['adminmembers'])) $_POST['adminmembers'] = array();
+
+ $misc->printTrail('role');
+ $misc->printTitle($lang['strcreaterole'],'pg.role.create');
+ $misc->printMsg($msg);
+
+ echo "<form action=\"$PHP_SELF\" method=\"post\">\n";
+ echo $misc->form;
+ echo "<table>\n";
+ echo "\t<tr>\n\t\t<th class=\"data left required\" width=\"130\">{$lang['strrolename']}</th>\n";
+ echo "\t\t<td class=\"data1\"><input size=\"15\" maxlength=\"15\" name=\"formRolename\" value=\"", htmlspecialchars($_POST['formRolename']), "\" /></td>\n\t</tr>\n";
+ echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['strpassword']}</th>\n";
+ echo "\t\t<td class=\"data1\"><input size=\"15\" maxlength=\"32\" type=\"password\" name=\"formPassword\" value=\"", htmlspecialchars($_POST['formPassword']), "\" /></td>\n\t</tr>\n";
+ echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['strconfirm']}</th>\n";
+ echo "\t\t<td class=\"data1\"><input size=\"15\" maxlength=\"32\" type=\"password\" name=\"formConfirm\" value=\"", htmlspecialchars($_POST['formConfirm']), "\" /></td>\n\t</tr>\n";
+ echo "\t<tr>\n\t\t<th class=\"data left\"><label for=\"formSuper\">{$lang['strsuper']}</label></th>\n";
+ echo "\t\t<td class=\"data1\"><input type=\"checkbox\" id=\"formSuper\" name=\"formSuper\"",
+ (isset($_POST['formSuper'])) ? ' checked="checked"' : '', " /></td>\n\t</tr>\n";
+ echo "\t<tr>\n\t\t<th class=\"data left\"><label for=\"formCreateDB\">{$lang['strcreatedb']}</label></th>\n";
+ echo "\t\t<td class=\"data1\"><input type=\"checkbox\" id=\"formCreateDB\" name=\"formCreateDB\"",
+ (isset($_POST['formCreateDB'])) ? ' checked="checked"' : '', " /></td>\n\t</tr>\n";
+ echo "\t<tr>\n\t\t<th class=\"data left\"><label for=\"formCreateRole\">{$lang['strcancreaterole']}</label></th>\n";
+ echo "\t\t<td class=\"data1\"><input type=\"checkbox\" id=\"formCreateDB\" name=\"formCreateRole\"",
+ (isset($_POST['formCreateRole'])) ? ' checked="checked"' : '', " /></td>\n\t</tr>\n";
+ echo "\t<tr>\n\t\t<th class=\"data left\"><label for=\"formCreateDB\">{$lang['strinheritsprivs']}</label></th>\n";
+ echo "\t\t<td class=\"data1\"><input type=\"checkbox\" id=\"formInherits\" name=\"formInherits\"",
+ (isset($_POST['formInherits'])) ? ' checked="checked"' : '', " /></td>\n\t</tr>\n";
+ echo "\t<tr>\n\t\t<th class=\"data left\"><label for=\"formCanLogin\">{$lang['strcanlogin']}</label></th>\n";
+ echo "\t\t<td class=\"data1\"><input type=\"checkbox\" id=\"formCanLogin\" name=\"formCanLogin\"",
+ (isset($_POST['formCanLogin'])) ? ' checked="checked"' : '', " /></td>\n\t</tr>\n";
+ echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['strconnlimit']}</th>\n";
+ echo "\t\t<td class=\"data1\"><input size=\"4\" name=\"formConnLimit\" value=\"", htmlspecialchars($_POST['formConnLimit']), "\" /></td>\n\t</tr>\n";
+ echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['strexpires']}</th>\n";
+ echo "\t\t<td class=\"data1\"><input size=\"23\" maxlength=\"60\" name=\"formExpires\" value=\"", htmlspecialchars($_POST['formExpires']), "\" /></td>\n\t</tr>\n";
+
+ $roles = $data->getRoles();
+ if ($roles->recordCount() > 0) {
+ echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['strmemberof']}</th>\n";
+ echo "\t\t<td class=\"data\">\n";
+ echo "\t\t\t<select name=\"memberof[]\" multiple=\"multiple\" size=\"", min(20, $roles->recordCount()), "\">\n";
+ while (!$roles->EOF) {
+ $rolename = $roles->f['rolname'];
+ echo "\t\t\t\t<option value=\"{$rolename}\"",
+ (in_array($rolename, $_POST['memberof']) ? ' selected="selected"' : ''), ">", $misc->printVal($rolename), "</option>\n";
+ $roles->moveNext();
+ }
+ echo "\t\t\t</select>\n";
+ echo "\t\t</td>\n\t</tr>\n";
+
+ $roles->moveFirst();
+ echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['strmembers']}</th>\n";
+ echo "\t\t<td class=\"data\">\n";
+ echo "\t\t\t<select name=\"members[]\" multiple=\"multiple\" size=\"", min(20, $roles->recordCount()), "\">\n";
+ while (!$roles->EOF) {
+ $rolename = $roles->f['rolname'];
+ echo "\t\t\t\t<option value=\"{$rolename}\"",
+ (in_array($rolename, $_POST['members']) ? ' selected="selected"' : ''), ">", $misc->printVal($rolename), "</option>\n";
+ $roles->moveNext();
+ }
+ echo "\t\t\t</select>\n";
+ echo "\t\t</td>\n\t</tr>\n";
+
+ $roles->moveFirst();
+ echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['stradminmembers']}</th>\n";
+ echo "\t\t<td class=\"data\">\n";
+ echo "\t\t\t<select name=\"adminmembers[]\" multiple=\"multiple\" size=\"", min(20, $roles->recordCount()), "\">\n";
+ while (!$roles->EOF) {
+ $rolename = $roles->f['rolname'];
+ echo "\t\t\t\t<option value=\"{$rolename}\"",
+ (in_array($rolename, $_POST['adminmembers']) ? ' selected="selected"' : ''), ">", $misc->printVal($rolename), "</option>\n";
+ $roles->moveNext();
+ }
+ echo "\t\t\t</select>\n";
+ echo "\t\t</td>\n\t</tr>\n";
+ }
+
+ echo "</table>\n";
+ echo "<p><input type=\"hidden\" name=\"action\" value=\"save_create\" />\n";
+ echo "<input type=\"submit\" name=\"create\" value=\"{$lang['strcreate']}\" />\n";
+ echo "<input type=\"submit\" name=\"cancel\" value=\"{$lang['strcancel']}\" /></p>\n";
+ echo "</form>\n";
+ }
+
+ /**
+ * Actually creates the new role in the database
+ */
+ function doSaveCreate() {
+ global $data, $lang;
+
+ if(!isset($_POST['memberof'])) $_POST['memberof'] = array();
+ if(!isset($_POST['members'])) $_POST['members'] = array();
+ if(!isset($_POST['adminmembers'])) $_POST['adminmembers'] = array();
+
+ // Check data
+ if ($_POST['formRolename'] == '')
+ doCreate($lang['strroleneedsname']);
+ else if ($_POST['formPassword'] != $_POST['formConfirm'])
+ doCreate($lang['strpasswordconfirm']);
+ else {
+ $status = $data->createRole($_POST['formRolename'], $_POST['formPassword'], isset($_POST['formSuper']),
+ isset($_POST['formCreateDB']), isset($_POST['formCreateRole']), isset($_POST['formInherits']),
+ isset($_POST['formCanLogin']), $_POST['formConnLimit'], $_POST['formExpires'], $_POST['memberof'], $_POST['members'],
+ $_POST['adminmembers']);
+ if ($status == 0)
+ doDefault($lang['strrolecreated']);
+ else
+ doCreate($lang['strrolecreatedbad']);
+ }
+ }
+
+ /**
+ * Function to allow alter a role
+ */
+ function doAlter($msg = '') {
+ global $data, $misc;
+ global $PHP_SELF, $lang;
+
+ $misc->printTrail('role');
+ $misc->printTitle($lang['stralterrole'],'pg.role.alter');
+ $misc->printMsg($msg);
+
+ $roledata = $data->getRole($_REQUEST['rolename']);
+
+ if ($roledata->recordCount() > 0) {
+ $server_info = $misc->getServerInfo();
+ $canRename = $data->hasUserRename() && ($_REQUEST['rolename'] != $server_info['username']);
+ $roledata->f['rolsuper'] = $data->phpBool($roledata->f['rolsuper']);
+ $roledata->f['rolcreatedb'] = $data->phpBool($roledata->f['rolcreatedb']);
+ $roledata->f['rolcreaterole'] = $data->phpBool($roledata->f['rolcreaterole']);
+ $roledata->f['rolinherit'] = $data->phpBool($roledata->f['rolinherit']);
+ $roledata->f['rolcanlogin'] = $data->phpBool($roledata->f['rolcanlogin']);
+
+ if (!isset($_POST['formExpires'])){
+ if ($canRename) $_POST['formNewRoleName'] = $roledata->f['rolname'];
+ if ($roledata->f['rolsuper']) $_POST['formSuper'] = '';
+ if ($roledata->f['rolcreatedb']) $_POST['formCreateDB'] = '';
+ if ($roledata->f['rolcreaterole']) $_POST['formCreateRole'] = '';
+ if ($roledata->f['rolinherit']) $_POST['formInherits'] = '';
+ if ($roledata->f['rolcanlogin']) $_POST['formCanLogin'] = '';
+ $_POST['formConnLimit'] = $roledata->f['rolconnlimit'] == '-1' ? '' : $roledata->f['rolconnlimit'];
+ $_POST['formExpires'] = $roledata->f['rolvaliduntil'] == 'infinity' ? '' : $roledata->f['rolvaliduntil'];
+ $_POST['formPassword'] = '';
+ }
+
+ echo "<form action=\"$PHP_SELF\" method=\"post\">\n";
+ echo $misc->form;
+ echo "<table>\n";
+ echo "\t<tr>\n\t\t<th class=\"data left\" width=\"130\">{$lang['strrolename']}</th>\n";
+ echo "\t\t<td class=\"data1\">", ($canRename ? "<input name=\"formNewRoleName\" size=\"15\" maxlength=\"15\" value=\"" . htmlspecialchars($_POST['formNewRoleName']) . "\" />" : $misc->printVal($roledata->f['rolname'])), "</td>\n\t</tr>\n";
+ echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['strpassword']}</th>\n";
+ echo "\t\t<td class=\"data1\"><input type=\"password\" size=\"15\" maxlength=\"32\" name=\"formPassword\" value=\"", htmlspecialchars($_POST['formPassword']), "\" /></td>\n\t</tr>\n";
+ echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['strconfirm']}</th>\n";
+ echo "\t\t<td class=\"data1\"><input type=\"password\" size=\"15\" maxlength=\"32\" name=\"formConfirm\" value=\"\" /></td>\n\t</tr>\n";
+ echo "\t<tr>\n\t\t<th class=\"data left\"><label for=\"formSuper\">{$lang['strsuper']}</label></th>\n";
+ echo "\t\t<td class=\"data1\"><input type=\"checkbox\" id=\"formSuper\" name=\"formSuper\"",
+ (isset($_POST['formSuper'])) ? ' checked="checked"' : '', " /></td>\n\t</tr>\n";
+ echo "\t<tr>\n\t\t<th class=\"data left\"><label for=\"formCreateDB\">{$lang['strcreatedb']}</label></th>\n";
+ echo "\t\t<td class=\"data1\"><input type=\"checkbox\" id=\"formCreateDB\" name=\"formCreateDB\"",
+ (isset($_POST['formCreateDB'])) ? ' checked="checked"' : '', " /></td>\n\t</tr>\n";
+ echo "\t<tr>\n\t\t<th class=\"data left\"><label for=\"formCreateRole\">{$lang['strcancreaterole']}</label></th>\n";
+ echo "\t\t<td class=\"data1\"><input type=\"checkbox\" id=\"formCreateRole\" name=\"formCreateRole\"",
+ (isset($_POST['formCreateRole'])) ? ' checked="checked"' : '', " /></td>\n\t</tr>\n";
+ echo "\t<tr>\n\t\t<th class=\"data left\"><label for=\"formInherits\">{$lang['strinheritsprivs']}</label></th>\n";
+ echo "\t\t<td class=\"data1\"><input type=\"checkbox\" id=\"formInherits\" name=\"formInherits\"",
+ (isset($_POST['formInherits'])) ? ' checked="checked"' : '', " /></td>\n\t</tr>\n";
+ echo "\t<tr>\n\t\t<th class=\"data left\"><label for=\"formCanLogin\">{$lang['strcanlogin']}</label></th>\n";
+ echo "\t\t<td class=\"data1\"><input type=\"checkbox\" id=\"formCanLogin\" name=\"formCanLogin\"",
+ (isset($_POST['formCanLogin'])) ? ' checked="checked"' : '', " /></td>\n\t</tr>\n";
+ echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['strconnlimit']}</th>\n";
+ echo "\t\t<td class=\"data1\"><input size=\"4\" maxlength=\"4\" name=\"formConnLimit\" value=\"", htmlspecialchars($_POST['formConnLimit']), "\" /></td>\n\t</tr>\n";
+ echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['strexpires']}</th>\n";
+ echo "\t\t<td class=\"data1\"><input size=\"23\" maxlength=\"60\" name=\"formExpires\" value=\"", htmlspecialchars($_POST['formExpires']), "\" /></td>\n\t</tr>\n";
+
+ if (!isset($_POST['memberof']))
+ {
+ $memberof = $data->getMemberOf($_REQUEST['rolename']);
+ if ($memberof->recordCount() > 0) {
+ $i = 0;
+ while (!$memberof->EOF) {
+ $_POST['memberof'][$i++] = $memberof->f['rolname'];
+ $memberof->moveNext();
+ }
+ }
+ else
+ $_POST['memberof'] = array();
+ $memberofold = implode(',', $_POST['memberof']);
+ }
+ if (!isset($_POST['members']))
+ {
+ $members = $data->getMembers($_REQUEST['rolename']);
+ if ($members->recordCount() > 0) {
+ $i = 0;
+ while (!$members->EOF) {
+ $_POST['members'][$i++] = $members->f['rolname'];
+ $members->moveNext();
+ }
+ }
+ else
+ $_POST['members'] = array();
+ $membersold = implode(',', $_POST['members']);
+ }
+ if (!isset($_POST['adminmembers']))
+ {
+ $adminmembers = $data->getMembers($_REQUEST['rolename'], 't');
+ if ($adminmembers->recordCount() > 0) {
+ $i = 0;
+ while (!$adminmembers->EOF) {
+ $_POST['adminmembers'][$i++] = $adminmembers->f['rolname'];
+ $adminmembers->moveNext();
+ }
+ }
+ else
+ $_POST['adminmembers'] = array();
+ $adminmembersold = implode(',', $_POST['adminmembers']);
+ }
+
+ $roles = $data->getRoles($_REQUEST['rolename']);
+ if ($roles->recordCount() > 0) {
+ echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['strmemberof']}</th>\n";
+ echo "\t\t<td class=\"data\">\n";
+ echo "\t\t\t<select name=\"memberof[]\" multiple=\"multiple\" size=\"", min(20, $roles->recordCount()), "\">\n";
+ while (!$roles->EOF) {
+ $rolename = $roles->f['rolname'];
+ echo "\t\t\t\t<option value=\"{$rolename}\"",
+ (in_array($rolename, $_POST['memberof']) ? ' selected="selected"' : ''), ">", $misc->printVal($rolename), "</option>\n";
+ $roles->moveNext();
+ }
+ echo "\t\t\t</select>\n";
+ echo "\t\t</td>\n\t</tr>\n";
+
+ $roles->moveFirst();
+ echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['strmembers']}</th>\n";
+ echo "\t\t<td class=\"data\">\n";
+ echo "\t\t\t<select name=\"members[]\" multiple=\"multiple\" size=\"", min(20, $roles->recordCount()), "\">\n";
+ while (!$roles->EOF) {
+ $rolename = $roles->f['rolname'];
+ echo "\t\t\t\t<option value=\"{$rolename}\"",
+ (in_array($rolename, $_POST['members']) ? ' selected="selected"' : ''), ">", $misc->printVal($rolename), "</option>\n";
+ $roles->moveNext();
+ }
+ echo "\t\t\t</select>\n";
+ echo "\t\t</td>\n\t</tr>\n";
+
+ $roles->moveFirst();
+ echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['stradminmembers']}</th>\n";
+ echo "\t\t<td class=\"data\">\n";
+ echo "\t\t\t<select name=\"adminmembers[]\" multiple=\"multiple\" size=\"", min(20, $roles->recordCount()), "\">\n";
+ while (!$roles->EOF) {
+ $rolename = $roles->f['rolname'];
+ echo "\t\t\t\t<option value=\"{$rolename}\"",
+ (in_array($rolename, $_POST['adminmembers']) ? ' selected="selected"' : ''), ">", $misc->printVal($rolename), "</option>\n";
+ $roles->moveNext();
+ }
+ echo "\t\t\t</select>\n";
+ echo "\t\t</td>\n\t</tr>\n";
+ }
+ echo "</table>\n";
+
+ echo "<p><input type=\"hidden\" name=\"action\" value=\"save_alter\" />\n";
+ echo "<input type=\"hidden\" name=\"rolename\" value=\"", htmlspecialchars($_REQUEST['rolename']), "\" />\n";
+ echo "<input type=\"hidden\" name=\"memberofold\" value=\"", isset($_POST['memberofold']) ? $_POST['memberofold'] : htmlspecialchars($memberofold), "\" />\n";
+ echo "<input type=\"hidden\" name=\"membersold\" value=\"", isset($_POST['membersold']) ? $_POST['membersold'] : htmlspecialchars($membersold), "\" />\n";
+ echo "<input type=\"hidden\" name=\"adminmembersold\" value=\"", isset($_POST['adminmembersold']) ? $_POST['adminmembersold'] : htmlspecialchars($adminmembersold), "\" />\n";
+ echo "<input type=\"submit\" name=\"alter\" value=\"{$lang['stralter']}\" />\n";
+ echo "<input type=\"submit\" name=\"cancel\" value=\"{$lang['strcancel']}\" /></p>\n";
+ echo "</form>\n";
+ }
+ else echo "<p>{$lang['strnodata']}</p>\n";
+ }
+
+ /**
+ * Function to save after editing a role
+ */
+ function doSaveAlter() {
+ global $data, $lang;
+
+ if(!isset($_POST['memberof'])) $_POST['memberof'] = array();
+ if(!isset($_POST['members'])) $_POST['members'] = array();
+ if(!isset($_POST['adminmembers'])) $_POST['adminmembers'] = array();
+
+ // Check name and password
+ if (isset($_POST['formNewRoleName']) && $_POST['formNewRoleName'] == '')
+ doAlter($lang['strroleneedsname']);
+ else if ($_POST['formPassword'] != $_POST['formConfirm'])
+ doAlter($lang['strpasswordconfirm']);
+ else {
+ if (isset($_POST['formNewRoleName'])) $status = $data->setRenameRole($_POST['rolename'], $_POST['formPassword'], isset($_POST['formSuper']), isset($_POST['formCreateDB']), isset($_POST['formCreateRole']), isset($_POST['formInherits']), isset($_POST['formCanLogin']), $_POST['formConnLimit'], $_POST['formExpires'], $_POST['memberof'], $_POST['members'], $_POST['adminmembers'], $_POST['memberofold'], $_POST['membersold'], $_POST['adminmembersold'], $_POST['formNewRoleName']);
+ else $status = $data->setRole($_POST['rolename'], $_POST['formPassword'], isset($_POST['formSuper']), isset($_POST['formCreateDB']), isset($_POST['formCreateRole']), isset($_POST['formInherits']), isset($_POST['formCanLogin']), $_POST['formConnLimit'], $_POST['formExpires'], $_POST['memberof'], $_POST['members'], $_POST['adminmembers'], $_POST['memberofold'], $_POST['membersold'], $_POST['adminmembersold']);
+ if ($status == 0)
+ doDefault($lang['strroleupdated']);
+ else
+ doAlter($lang['strroleupdatedbad']);
+ }
+ }
+
+ /**
+ * Show confirmation of drop a role and perform actual drop
+ */
+ function doDrop($confirm) {
+ global $data, $misc;
+ global $PHP_SELF, $lang;
+
+ if ($confirm) {
+ $misc->printTrail('role');
+ $misc->printTitle($lang['strdroprole'],'pg.role.drop');
+
+ echo "<p>", sprintf($lang['strconfdroprole'], $misc->printVal($_REQUEST['rolename'])), "</p>\n";
+
+ echo "<form action=\"$PHP_SELF\" method=\"post\">\n";
+ echo $misc->form;
+ echo "<input type=\"hidden\" name=\"action\" value=\"drop\" />\n";
+ echo "<input type=\"hidden\" name=\"rolename\" value=\"", htmlspecialchars($_REQUEST['rolename']), "\" />\n";
+ echo "<input type=\"submit\" name=\"drop\" value=\"{$lang['strdrop']}\" />\n";
+ echo "<input type=\"submit\" name=\"cancel\" value=\"{$lang['strcancel']}\" />\n";
+ echo "</form>\n";
+ }
+ else {
+ $status = $data->dropRole($_REQUEST['rolename']);
+ if ($status == 0)
+ doDefault($lang['strroledropped']);
+ else
+ doDefault($lang['strroledroppedbad']);
+ }
+ }
+
+ /**
+ * Show the properties of a role
+ */
+ function doProperties($msg = '') {
+ global $data, $misc;
+ global $PHP_SELF, $lang;
+
+ $misc->printTrail('role');
+ $misc->printTitle($lang['strproperties'],'pg.role');
+ $misc->printMsg($msg);
+
+ $roledata = $data->getRole($_REQUEST['rolename']);
+ if($roledata->recordCount() > 0 ) {
+ $roledata->f['rolsuper'] = $data->phpBool($roledata->f['rolsuper']);
+ $roledata->f['rolcreatedb'] = $data->phpBool($roledata->f['rolcreatedb']);
+ $roledata->f['rolcreaterole'] = $data->phpBool($roledata->f['rolcreaterole']);
+ $roledata->f['rolinherit'] = $data->phpBool($roledata->f['rolinherit']);
+ $roledata->f['rolcanlogin'] = $data->phpBool($roledata->f['rolcanlogin']);
+
+ echo "<table>\n";
+ echo "\t<tr>\n\t\t<th class=\"data\" width=\"130\">Description</th>\n";
+ echo "\t\t<th class=\"data\" width=\"120\">Value</th>\n\t</tr>\n";
+ echo "\t<tr>\n\t\t<td class=\"data1\">{$lang['strrolename']}</td>\n";
+ echo "\t\t<td class=\"data1\">", htmlspecialchars($_REQUEST['rolename']), "</td>\n\t</tr>\n";
+ echo "\t<tr>\n\t\t<td class=\"data2\">{$lang['strsuper']}</td>\n";
+ echo "\t\t<td class=\"data2\">", (($roledata->f['rolsuper']) ? $lang['stryes'] : $lang['strno']), "</td>\n\t</tr>\n";
+ echo "\t<tr>\n\t\t<td class=\"data1\">{$lang['strcreatedb']}</td>\n";
+ echo "\t\t<td class=\"data1\">", (($roledata->f['rolcreatedb']) ? $lang['stryes'] : $lang['strno']), "</td>\n";
+ echo "\t<tr>\n\t\t<td class=\"data2\">{$lang['strcancreaterole']}</td>\n";
+ echo "\t\t<td class=\"data2\">", (($roledata->f['rolcreaterole']) ? $lang['stryes'] : $lang['strno']), "</td>\n";
+ echo "\t<tr>\n\t\t<td class=\"data1\">{$lang['strinheritsprivs']}</td>\n";
+ echo "\t\t<td class=\"data1\">", (($roledata->f['rolinherit']) ? $lang['stryes'] : $lang['strno']), "</td>\n";
+ echo "\t<tr>\n\t\t<td class=\"data2\">{$lang['strcanlogin']}</td>\n";
+ echo "\t\t<td class=\"data2\">", (($roledata->f['rolcanlogin']) ? $lang['stryes'] : $lang['strno']), "</td>\n";
+ echo "\t<tr>\n\t\t<td class=\"data1\">{$lang['strconnlimit']}</td>\n";
+ echo "\t\t<td class=\"data1\">", ($roledata->f['rolconnlimit'] == '-1' ? $lang['strnolimit'] : $misc->printVal($roledata->f['rolconnlimit'])), "</td>\n";
+ echo "\t<tr>\n\t\t<td class=\"data2\">{$lang['strexpires']}</td>\n";
+ echo "\t\t<td class=\"data2\">", ($roledata->f['rolvaliduntil'] == 'infinity' ? $lang['strnever'] : $misc->printVal($roledata->f['rolvaliduntil'])), "</td>\n";
+ echo "\t<tr>\n\t\t<td class=\"data1\">{$lang['strsessiondefaults']}</td>\n";
+ echo "\t\t<td class=\"data1\">", $misc->printVal($roledata->f['rolconfig']), "</td>\n";
+ echo "\t<tr>\n\t\t<td class=\"data2\">{$lang['strmemberof']}</td>\n";
+ echo "\t\t<td class=\"data2\">";
+ $memberof = $data->getMemberOf($_REQUEST['rolename']);
+ if ($memberof->recordCount() > 0) {
+ while (!$memberof->EOF) {
+ echo $misc->printVal($memberof->f['rolname']), "<br />\n";
+ $memberof->moveNext();
+ }
+ }
+ echo "</td>\n\t</tr>\n";
+ echo "\t<tr>\n\t\t<td class=\"data1\">{$lang['strmembers']}</td>\n";
+ echo "\t\t<td class=\"data1\">";
+ $members = $data->getMembers($_REQUEST['rolename']);
+ if ($members->recordCount() > 0) {
+ while (!$members->EOF) {
+ echo $misc->printVal($members->f['rolname']), "<br />\n";
+ $members->moveNext();
+ }
+ }
+ echo "</td>\n\t</tr>\n";
+ echo "\t<tr>\n\t\t<td class=\"data2\">{$lang['stradminmembers']}</td>\n";
+ echo "\t\t<td class=\"data2\">";
+ $adminmembers = $data->getMembers($_REQUEST['rolename'], 't');
+ if ($adminmembers->recordCount() > 0) {
+ while (!$adminmembers->EOF) {
+ echo $misc->printVal($adminmembers->f['rolname']), "<br />\n";
+ $adminmembers->moveNext();
+ }
+ }
+ echo "</td>\n\t</tr>\n";
+ echo "</table>\n";
+ }
+ else echo "<p>{$lang['strnodata']}</p>\n";
+
+ echo "<p><a class=\"navlink\" href=\"$PHP_SELF?{$misc->href}\">{$lang['strshowallroles']}</a> |\n";
+ echo "<a class=\"navlink\" href=\"$PHP_SELF?action=alter&{$misc->href}&rolename=",
+ urlencode($_REQUEST['rolename']), "\">{$lang['stralter']}</a> |\n";
+ echo "<a class=\"navlink\" href=\"$PHP_SELF?action=confirm_drop&{$misc->href}&rolename=",
+ urlencode($_REQUEST['rolename']), "\">{$lang['strdrop']}</a>\n";
+ }
+
+ /**
+ * If a role is not a superuser role, then we have an 'account management'
+ * page for change his password, etc. We don't prevent them from
+ * messing with the URL to gain access to other role admin stuff, because
+ * the PostgreSQL permissions will prevent them changing anything anyway.
+ */
+ function doAccount($msg = '') {
+ global $data, $misc;
+ global $PHP_SELF, $lang;
+
+ $server_info = $misc->getServerInfo();
+
+ $roledata = $data->getRole($server_info['username']);
+ $_REQUEST['rolename'] = $server_info['username'];
+
+ $misc->printTrail('role');
+ $misc->printTabs('server','account');
+ $misc->printMsg($msg);
+
+ if ($roledata->recordCount() > 0) {
+ $roledata->f['rolsuper'] = $data->phpBool($roledata->f['rolsuper']);
+ $roledata->f['rolcreatedb'] = $data->phpBool($roledata->f['rolcreatedb']);
+ $roledata->f['rolcreaterole'] = $data->phpBool($roledata->f['rolcreaterole']);
+ $roledata->f['rolinherit'] = $data->phpBool($roledata->f['rolinherit']);
+ echo "<table>\n";
+ echo "\t<tr>\n\t\t<th class=\"data\">{$lang['strrolename']}</th>\n";
+ echo "\t\t<th class=\"data\">{$lang['strsuper']}</th>\n";
+ echo "\t\t<th class=\"data\">{$lang['strcreatedb']}</th>\n";
+ echo "\t\t<th class=\"data\">{$lang['strcancreaterole']}</th>\n";
+ echo "\t\t<th class=\"data\">{$lang['strinheritsprivs']}</th>\n";
+ echo "\t\t<th class=\"data\">{$lang['strconnlimit']}</th>\n";
+ echo "\t\t<th class=\"data\">{$lang['strexpires']}</th>\n";
+ echo "\t\t<th class=\"data\">{$lang['strsessiondefaults']}</th>\n";
+ echo "\t</tr>\n";
+ echo "\t<tr>\n\t\t<td class=\"data1\">", $misc->printVal($roledata->f['rolname']), "</td>\n";
+ echo "\t\t<td class=\"data1\" id=\"center\">", (($roledata->f['rolsuper']) ? $lang['stryes'] : $lang['strno']), "</td>\n";
+ echo "\t\t<td class=\"data1\" id=\"center\">", (($roledata->f['rolcreatedb']) ? $lang['stryes'] : $lang['strno']), "</td>\n";
+ echo "\t\t<td class=\"data1\" id=\"center\">", (($roledata->f['rolcreaterole']) ? $lang['stryes'] : $lang['strno']), "</td>\n";
+ echo "\t\t<td class=\"data1\" id=\"center\">", (($roledata->f['rolinherit']) ? $lang['stryes'] : $lang['strno']), "</td>\n";
+ echo "\t\t<td class=\"data1\" id=\"center\">", ($roledata->f['rolconnlimit'] == '-1' ? $lang['strnolimit'] : $misc->printVal($roledata->f['rolconnlimit'])), "</td>\n";
+ echo "\t\t<td class=\"data1\">", ($roledata->f['rolvaliduntil'] == 'infinity' ? $lang['strnever'] : $misc->printVal($roledata->f['rolvaliduntil'])), "</td>\n";
+ echo "\t\t<td class=\"data1\">", $misc->printVal($roledata->f['rolconfig']), "</td>\n";
+ echo "\t</tr>\n</table>\n";
+ }
+ else echo "<p>{$lang['strnodata']}</p>\n";
+
+ echo "<p><a class=\"navlink\" href=\"{$PHP_SELF}?action=confchangepassword&{$misc->href}\">{$lang['strchangepassword']}</a></p>\n";
+ }
+
+ /**
+ * Show confirmation of change password and actually change password
+ */
+ function doChangePassword($confirm, $msg = '') {
+ global $data, $misc;
+ global $PHP_SELF, $lang, $conf;
+
+ $server_info = $misc->getServerInfo();
+
+ if ($confirm) {
+ $_REQUEST['rolename'] = $server_info['username'];
+ $misc->printTrail('role');
+ $misc->printTitle($lang['strchangepassword'],'pg.role.alter');
+ $misc->printMsg($msg);
+
+ if (!isset($_POST['password'])) $_POST['password'] = '';
+ if (!isset($_POST['confirm'])) $_POST['confirm'] = '';
+
+ echo "<form action=\"$PHP_SELF\" method=\"post\">\n";
+ echo $misc->form;
+ echo "<table>\n";
+ echo "\t<tr>\n\t\t<th class=\"data left required\">{$lang['strpassword']}</th>\n";
+ echo "\t\t<td><input type=\"password\" name=\"password\" size=\"32\" value=\"",
+ htmlspecialchars($_POST['password']), "\" /></td>\n\t</tr>\n";
+ echo "\t<tr>\n\t\t<th class=\"data left required\">{$lang['strconfirm']}</th>\n";
+ echo "\t\t<td><input type=\"password\" name=\"confirm\" size=\"32\" value=\"\" /></td>\n\t</tr>\n";
+ echo "<table>\n";
+ echo "<p><input type=\"hidden\" name=\"action\" value=\"changepassword\" />\n";
+ echo "<input type=\"submit\" name=\"ok\" value=\"{$lang['strok']}\" />\n";
+ echo "<input type=\"submit\" name=\"cancel\" value=\"{$lang['strcancel']}\" />\n";
+ echo "</p></form>\n";
+ }
+ else {
+ // Check that password is minimum length
+ if (strlen($_POST['password']) < $conf['min_password_length'])
+ doChangePassword(true, $lang['strpasswordshort']);
+ // Check that password matches confirmation password
+ elseif ($_POST['password'] != $_POST['confirm'])
+ doChangePassword(true, $lang['strpasswordconfirm']);
+ else {
+ $status = $data->changePassword($server_info['username'], $_POST['password']);
+ if ($status == 0)
+ doAccount($lang['strpasswordchanged']);
+ else
+ doAccount($lang['strpasswordchangedbad']);
+ }
+ }
+ }
+
+
+ /**
+ * Show default list of roles in the database
+ */
+ function doDefault($msg = '') {
+ global $data, $misc;
+ global $PHP_SELF, $lang;
+
+ function renderRoleConnLimit($val) {
+ return $val == '-1' ? 'No limit' : htmlspecialchars($val);
+ }
+
+ function renderRoleExpires($val) {
+ return $val == 'infinity' ? 'Never' : htmlspecialchars($val);
+ }
+
+ $misc->printTrail('server');
+ $misc->printTabs('server','roles');
+ $misc->printMsg($msg);
+
+ $roles = $data->getRoles();
+
+ $columns = array(
+ 'rolename' => array(
+ 'title' => $lang['strrolename'],
+ 'field' => 'rolname',
+ ),
+ 'superuser' => array(
+ 'title' => $lang['strsuper'],
+ 'field' => 'rolsuper',
+ 'type' => 'yesno',
+ ),
+ 'createdb' => array(
+ 'title' => $lang['strcreatedb'],
+ 'field' => 'rolcreatedb',
+ 'type' => 'yesno',
+ ),
+ 'createrole' => array(
+ 'title' => $lang['strcancreaterole'],
+ 'field' => 'rolcreaterole',
+ 'type' => 'yesno',
+ ),
+ 'inherits' => array(
+ 'title' => $lang['strinheritsprivs'],
+ 'field' => 'rolinherit',
+ 'type' => 'yesno',
+ ),
+ 'canloging' => array(
+ 'title' => $lang['strcanlogin'],
+ 'field' => 'rolcanlogin',
+ 'type' => 'yesno',
+ ),
+ 'expires' => array(
+ 'title' => $lang['strexpires'],
+ 'field' => 'rolvaliduntil',
+ 'type' => 'callback',
+ 'params'=> array('function' => 'renderRoleExpires'),
+ ),
+ 'actions' => array(
+ 'title' => $lang['stractions'],
+ ),
+ );
+
+ $actions = array(
+ 'properties' => array(
+ 'title' => $lang['strproperties'],
+ 'url' => "redirect.php?subject=role&action=properties&{$misc->href}&",
+ 'vars' => array('rolename' => 'rolname'),
+ ),
+ 'alter' => array(
+ 'title' => $lang['stralter'],
+ 'url' => "{$PHP_SELF}?action=alter&{$misc->href}&",
+ 'vars' => array('rolename' => 'rolname'),
+ ),
+ 'drop' => array(
+ 'title' => $lang['strdrop'],
+ 'url' => "{$PHP_SELF}?action=confirm_drop&{$misc->href}&",
+ 'vars' => array('rolename' => 'rolname'),
+ ),
+ );
+
+ $misc->printTable($roles, $columns, $actions, $lang['strnoroles']);
+
+ echo "<p><a class=\"navlink\" href=\"{$PHP_SELF}?action=create&{$misc->href}\">{$lang['strcreaterole']}</a></p>\n";
+
+ }
+
+ $misc->printHeader($lang['strroles']);
+ $misc->printBody();
+
+ switch ($action) {
+ case 'create':
+ doCreate();
+ break;
+ case 'save_create':
+ if (isset($_POST['create'])) doSaveCreate();
+ else doDefault();
+ break;
+ case 'alter':
+ doAlter();
+ break;
+ case 'save_alter':
+ if (isset($_POST['alter'])) doSaveAlter();
+ else doDefault();
+ break;
+ case 'confirm_drop':
+ doDrop(true);
+ break;
+ case 'drop':
+ if (isset($_POST['drop'])) doDrop(false);
+ else doDefault();
+ break;
+ case 'properties':
+ doProperties();
+ break;
+ case 'confchangepassword':
+ doChangePassword(true);
+ break;
+ case 'changepassword':
+ if (isset($_REQUEST['ok'])) doChangePassword(false);
+ else doAccount();
+ break;
+ case 'account':
+ doAccount();
+ break;
+ default:
+ doDefault();
+ }
+
+ $misc->printFooter();
+
+?>
projects / phppgadmin.git / commitdiff