Hi Marc, Garvin & list,
-----Original Message----- From: Marc Delisle
In main.php3, $dbh is used to look into the mysql.* tables. But if not controluser is defined, $dbh will contain $userlink, and, for PMA_MYSQL_INT_VERSION >= 32304 we then use a SHOW GRANTS to get the information. So with no controluser, my non-privileged user sees all his databases in the left pane, and he sees the Create database dialog because he has a wildcard db CREATE priv.
So maybe we should rephrase in the doc, to talk about the MySQL version where the controluser really needs privs on the mysql db.
I am glad to see that you have so much trust in my SHOW GRANTS patch, but it has its limitations: The problem is that, in order to use SHOW GRANTS, we have to guess the user's hostname as it appears in the user profile. For example, you create a user 'foo'@'192.168.0.%' and logon as 'foo'@'192.168.0.123'. In this case, phpMyAdmin sends these queries: SHOW GRANTS FOR 'foo'@'192.168.0.123'; SHOW GRANTS FOR 'foo'@'%'; Both queries fail and MySQL would say that the user does not exist.
The SHOW GRANTS patch only works for users like 'user'@'host' or 'user'@'%' which are the most common ways to define users.
Regards,
Alexander M. Turek alex@bugfixes.info
+-----------------------------+ | The phpMyAdmin Project | | http://www.phpmyadmin.net | | rabus@users.sourceforge.net | +-----------------------------+ | [bugfixes.info] | | http://www.bugfixes.info | | rabus@bugfixes.info | +-----------------------------+