Simple MySQL Admin

Last reviewed/updated: 30 Jun 2018 | Published: 14 May 2017 | Status: Active
Web browser support: Internet Explorer 10+, Edge 12+, Firefox 6+, Chrome 30+, Opera 17+

1. Introduction

Simple MySQL Admin is a web-based graphical user interface (web GUI) for managing MySQL (mysql.com) and MariaDB (mariadb.org). Simple MySQL Admin is a lightweight and easy to use alternative to phpMyAdmin (phpmyadmin.net). Simple MySQL Admin supports only the most commonly used MySQL/MariaDB features. Currently, Simple MySQL Admin supports:

  • User accounts:
    • Create user accounts.
    • Drop user accounts.
    • Edit user account global privileges.
  • Databases:
    • Create database.
    • Drop databases.

Simple MySQL Admin is written primarily in PHP. Please feel free to download, edit, and/or fork the Simple MySQL Admin source code. The Simple MySQL Admin source code is available at GitHub | learnwebcoding | simple_mysql_admin Repository (github.com).

1.1. Web Browser Support

Web browser support: IE10+, ED12+, FF6+, CH30+, OP17+.

1.2. PHP Support

PHP support: PHP 5.6.8+ and PHP 7+. PHP 5.6.7- not tested.

1.3. Database Server Support

Database server support: MariaDB 10+ and MySQL 5.5+.

1.4. Screenshots

Requirements tab:

Simple MySQL Admin Requirements Tab

User accounts tab:

Simple MySQL Admin User Accounts Tab

Databases tab:

Simple MySQL Admin Databases Tab

1.5. Security

Simple MySQL Admin is intended solely for personal use in private/Intranet/offline/development environments, not public/Internet/online/production environments. As long as Simple MySQL Admin is used as intended, the following known vulnerabilities cannot be exploited unless a malicious user gains access to your computer or network (in which case Simple MySQL Admin vulnerabilities are the least of your problems):

  1. Type: Information disclosure.
    Description: simple_mysql_admin/connection_credentials.php is in plain text.
  2. Type: SQL injection.
    Description: PDO::prepare (php.net)/PDOStatement::bindParam (php.net) do not accept MySQL identifiers (dev.mysql.com) as variables and placeholders. As a result, there are instances where untrusted data is included in SQL statements. This occurs in the indicated locations in the user accounts section class (classes/UserAccnts.class.php) and the databases section class (classes/Databases.class.php).
  3. Type: Cross-site scripting (XSS).
    Description: There are instances where PDOStatement::errorInfo[2] (php.net) outputs untrusted data which is then output to HTML. This occurs in the indicated locations in the user accounts section controller (controllers/userAccnts.php) and the databases section controller (controllers/databases.php).

1.6. Known Issues

For known issue, see GitHub | learnwebcoding | simple_mysql_admin Repository | Issues (github.com).

1.7. How To Download And Try On Your Web Server

To download and try on your web server:

  1. Download the following source code zip file to your computer:
  2. Extract the downloaded zip file. In this example, simple_mysql_admin.zip is extracted to the simple_mysql_admin folder: Contents Extracted Simple MySQL Admin Folder
  3. Copy the simple_mysql_admin folder itself, not the contents of the simple_mysql_admin folder, to the root of the web server.
  4. Point your web browser to the /simple_mysql_admin/index.php file on the web server.
  5. The Simple MySQL Admin interface appears.

1.8. Release History And Changelog

  • v1.3.0 released 08 Apr 2018:
    • Update database server support. Primary changes: 1.) add support for MySQL 5.7 stores MySQL user account password in mysql.user table authentication_string column, not password column (in MySQL 5.7, mysql.user table password column does not exit); 2.) add support for MySQL 5.7 'mysql.session'@'localhost' and 'mysql.sys'@'localhost' reserved user accounts, and MariaDB 10.0 - 10.2 'root'@'computername-pc' reserved user account; 3.) add support for MySQL 5.7 sys reserved database; and 4.) change MySQL to store Simple MySQL Admin | User Accounts | create user account | host name/IP address field empty/blank in mysql.user table host column as any host name ('%' string), not empty string (''), and change Simple MySQL Admin | User Accounts | create user account reports to display host name/IP address field empty/blank as any host name ('%' string), not empty string ('').
    • Replace User Accounts | edit user account privileges | select user account dropdown with explanatory text if all user accounts are reserved.
    • Update lwc.css and update CSS styles.
  • v1.2.2 released 11 Mar 2018:
    • Fix path to images.
    • Update PHP support.
    • Add database server support.
    • Update comments for consistency with other projects.
  • v1.2.1 released 28 Jul 2017:
    • Update lwc.css.
    • Edit simple_mysql_admin.js to be unobtrusive. Change IE support from IE9+ to IE10+.
    • Change Simple MySQL Admin information displayed at bottom of Requirements page.
  • v1.2 released 20 Jul 2017:
    • Redesign interface. Primary changes; 1.) replace page section HTML fieldset and legend elements with div elements, 2.) set max-width dependent on viewport width and center in viewport, and 3.) move app name from top of interface to float: right of tabs.
    • Make last status report persistent.
    • Move section notes from section content always displayed to section title with plus/minus icon and JavaScript to toggle display.
    • Remove use database code as belonging in future Tables page as dropdown.
    • End User Accounts | edit user account privileges | selected user account persistence if selected user account is dropped.
    • Change references to Index section, Requirements section, User Accounts section, and Databases section to Index page, Requirements page, User Accounts page, and Databases page.
  • v1.1.2 released 20 Jun 2017:
    • Update simple_mysql_admin.css to improve presentation/consistency and to eliminate redundant overriding of lwc.css styles.
    • Add HTML button element class='btn-md' attribute where missing and input element required attribute where appropriate.
  • v1.1.1 released 11 Jun 2017:
    • Add lwc.css as primary style sheet and supplement/override lwc.css styles in simple_mysql_admin.css.
    • Update CSS styles.
  • v1.1 released 31 May 2017:
    • Move MySQL running mysqli connection object and MySQL connection PDO connection object from Connection section to Index section.
    • Replace Connection section with Requirements section.
    • Group MySQL running and MySQL connection under MySQL fieldset in, and add Web Browser Cookies fieldset to, Requirements section.
    • Add User Accounts tab and Databases tab are not shown until Requirements section is fulfilled.
    • Change boundary between model code and controller code in User Accounts section and Databases section: move code deemed less model-worthy (ie, "isExecuteSuccessful" and "isFetchSuccessful" conditionals) from model to controller.
    • Add comment Last reviewed/updated for SQL injection: Date or Last reviewed/updated for XSS: Date to Introduction section of relevant files.
    • Change status report from bad to warning when click Go button without specifying/selecting required information.
    • Sync check/uncheck radio buttons/checkboxes between JavaScript EditUserAccntPrivsUtil.checkUserAccntPrivsFormRadioBtnCheckboxes() method and JavaScript EditUserAccntPrivsUtil.coordinateCheckedUncheckedHierarchy() method.
    • Change grant all privileges without grant option from SQL statement that grants all individual global privileges except grant to SQL statement that grants all privileges without grant option.
    • Update Simple_MySQL_Admin_Readme.txt.
  • v1.0.1 released 16 May 2017:
    • Update Simple_MySQL_Admin_Readme.txt.
  • v1.0 released 14 May 2017:
    • Initial release.

1.9. Disclaimer

THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

1.10. Abbreviations

  • IE = Internet Explorer.
  • ED = Edge = EdgeHTML rendering engine (ED12+) and/or Edge browser (ED20+).
  • FF = Firefox.
  • CH = Chrome.
  • OP = Opera.

2. Resources And Additional Information