/** * Get HTML for the Change password dialog * * @param string $username username * @param string $hostname hostname * * @return string html snippet */ function PMA_getHtmlForChangePassword($username, $hostname) { /** * autocomplete feature of IE kills the "onchange" event handler and it * must be replaced by the "onpropertychange" one in this case */ $chg_evt_handler = PMA_USR_BROWSER_AGENT == 'IE' && PMA_USR_BROWSER_VER >= 5 && PMA_USR_BROWSER_VER < 7 ? 'onpropertychange' : 'onchange'; $is_privileges = basename($_SERVER['SCRIPT_NAME']) === 'server_privileges.php'; $html = '<form method="post" id="change_password_form" ' . 'action="' . basename($GLOBALS['PMA_PHP_SELF']) . '" ' . 'name="chgPassword" ' . 'class="' . ($is_privileges ? 'submenu-item' : '') . '">'; $html .= PMA_URL_getHiddenInputs(); if (strpos($GLOBALS['PMA_PHP_SELF'], 'server_privileges') !== false) { $html .= '<input type="hidden" name="username" ' . 'value="' . htmlspecialchars($username) . '" />' . '<input type="hidden" name="hostname" ' . 'value="' . htmlspecialchars($hostname) . '" />'; } $html .= '<fieldset id="fieldset_change_password">' . '<legend' . ($is_privileges ? ' data-submenu-label="' . __('Change password') . '"' : '') . '>' . __('Change password') . '</legend>' . '<table class="data noclick">' . '<tr class="odd">' . '<td colspan="2">' . '<input type="radio" name="nopass" value="1" id="nopass_1" ' . 'onclick="pma_pw.value = \'\'; pma_pw2.value = \'\'; ' . 'this.checked = true" />' . '<label for="nopass_1">' . __('No Password') . '</label>' . '</td>' . '</tr>' . '<tr class="even vmiddle">' . '<td>' . '<input type="radio" name="nopass" value="0" id="nopass_0" ' . 'onclick="document.getElementById(\'text_pma_pw\').focus();" ' . 'checked="checked" />' . '<label for="nopass_0">' . __('Password:'******' </label>' . '</td>' . '<td>' . '<input type="password" name="pma_pw" id="text_pma_pw" size="10" ' . 'class="textfield"' . $chg_evt_handler . '="nopass[1].checked = true" />' . ' ' . __('Re-type:') . ' ' . '<input type="password" name="pma_pw2" id="text_pma_pw2" size="10" ' . 'class="textfield"' . $chg_evt_handler . '="nopass[1].checked = true" />' . '</td>' . '</tr>'; $html .= '<tr class="vmiddle">' . '<td>' . __('Password Hashing:') . '</td>'; $serverType = PMA\libraries\Util::getServerType(); if ($serverType == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50507 || $serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200) { $active_auth_plugins = PMA_getActiveAuthPlugins(); $default_auth_plugin = PMA_getCurrentAuthenticationPlugin('change', $username, $hostname); $iter = 0; $total_plugins = count($active_auth_plugins); foreach ($active_auth_plugins as $plugin) { if ($plugin['PLUGIN_NAME'] == 'mysql_old_password') { continue; } if ($iter != 0) { $html .= '<td> </td>'; } $html .= '<td>' . '<input type="radio" name="pw_hash" value="' . $plugin['PLUGIN_NAME'] . '"' . ($default_auth_plugin == $plugin['PLUGIN_NAME'] ? 'checked="checked" ' : '') . ' id="radio_pw_hash_' . $plugin['PLUGIN_NAME'] . '" />' . '<label for="radio_pw_hash_' . $plugin['PLUGIN_NAME'] . '" >' . __($plugin['PLUGIN_DESCRIPTION']) . ' </label></td></tr>'; if ($iter == $total_plugins - 2) { $html .= '<tr id="tr_element_before_generate_password">'; } else { if ($iter != $total_plugins - 1) { $html .= '<tr>'; } } $iter++; } $html .= '</tr>'; $html .= '</table>'; $html .= '<div ' . ($default_auth_plugin != 'sha256_password' ? 'style="display:none"' : '') . ' id="ssl_reqd_warning_cp">' . Message::notice(__('This method requires using an \'<i>SSL connection</i>\' ' . 'or an \'<i>unencrypted connection that encrypts the password ' . 'using RSA</i>\'; while connecting to the server.') . PMA\libraries\Util::showMySQLDocu('sha256-authentication-plugin'))->getDisplay() . '</div>'; $html .= '<div ' . ($default_auth_plugin != 'sha256_password' ? 'style="display:none"' : '') . ' id="ssl_reqd_warning_cp">' . Message::notice(__('This method requires using an \'<i>SSL connection</i>\' ' . 'or an \'<i>unencrypted connection that encrypts the password ' . 'using RSA</i>\'; while connecting to the server.') . PMA\libraries\Util::showMySQLDocu('sha256-authentication-plugin'))->getDisplay() . '</div>'; } else { $html .= '<td>' . '<input type="radio" name="pw_hash" value="mysql_native_password"' . 'checked="checked" id="radio_pw_hash_native" />' . '<label for="radio_pw_hash_native" >' . __('MySQL Native Authentication') . ' </label></td></tr>' . '<tr id="tr_element_before_generate_password"></tr>' . '</table>'; } $html .= '</fieldset>' . '<fieldset id="fieldset_change_password_footer" class="tblFooters">' . '<input type="hidden" name="change_pw" value="1" />' . '<input type="submit" value="' . __('Go') . '" />' . '</fieldset>' . '</form>'; return $html; }
/** * Gets the currently active authentication plugins * * @param string $orig_auth_plugin Default Authentication plugin * @param string $mode are we creating a new user or are we just * changing one? * (allowed values: 'new', 'edit', 'change_pw') * @param string $versions Is MySQL version newer or older than 5.5.7 * * @return string $html_output */ function PMA_getHtmlForAuthPluginsDropdown($orig_auth_plugin, $mode = 'new', $versions = 'new') { $html_output = '<select ' . 'id="select_authentication_plugin' . ($mode == 'change_pw' ? '_cp' : '') . '" ' . 'name="authentication_plugin" >'; if ($versions == 'new') { $active_auth_plugins = PMA_getActiveAuthPlugins(); foreach ($active_auth_plugins as $plugin) { if ($plugin['PLUGIN_NAME'] == 'mysql_old_password') { continue; } // if description is known, enable its translation if ('Native MySQL authentication' == $plugin['PLUGIN_DESCRIPTION']) { $description = __('Native MySQL authentication'); } elseif ('SHA256 password authentication' == $plugin['PLUGIN_DESCRIPTION']) { $description = __('SHA256 password authentication'); } else { // but there can be other auth plugins, see // https://github.com/phpmyadmin/phpmyadmin/issues/11561 $description = $plugin['PLUGIN_DESCRIPTION']; } $html_output .= '<option value="' . $plugin['PLUGIN_NAME'] . '"' . ($orig_auth_plugin == $plugin['PLUGIN_NAME'] ? 'selected ' : '') . '>' . $description . '</option>'; } $html_output .= '</select>'; } else { $html_output .= '<option value="mysql_native_password" >' . __('Native MySQL Authentication') . '</option>' . '</select>'; } return $html_output; }
/** * Gets the currently active authentication plugins * * @param string $orig_auth_plugin Default Authentication plugin * @param string $mode are we creating a new user or are we just * changing one? * (allowed values: 'new', 'edit', 'change_pw') * @param string $versions Is MySQL version newer or older than 5.5.7 * * @return string $html_output */ function PMA_getHtmlForAuthPluginsDropdown($orig_auth_plugin, $mode = 'new', $versions = 'new') { $select_id = 'select_authentication_plugin' . ($mode == 'change_pw' ? '_cp' : ''); if ($versions == 'new') { $active_auth_plugins = PMA_getActiveAuthPlugins(); if (isset($active_auth_plugins['mysql_old_password'])) { unset($active_auth_plugins['mysql_old_password']); } } else { $active_auth_plugins = array('mysql_native_password' => __('Native MySQL authentication')); } $html_output = Util::getDropdown('authentication_plugin', $active_auth_plugins, $orig_auth_plugin, $select_id); return $html_output; }
/** * Displays the fields used by the "new user" form as well as the * "change login information / copy user" form. * * @param string $mode are we creating a new user or are we just * changing one? (allowed values: 'new', 'change') * @param string $username User name * @param string $hostname Host name * * @global array $cfg the phpMyAdmin configuration * @global resource $user_link the database connection * * @return string $html_output a HTML snippet */ function PMA_getHtmlForLoginInformationFields($mode = 'new', $username = null, $hostname = null) { list($username_length, $hostname_length) = PMA_getUsernameAndHostnameLength(); if (isset($GLOBALS['username']) && mb_strlen($GLOBALS['username']) === 0) { $GLOBALS['pred_username'] = '******'; } $html_output = '<fieldset id="fieldset_add_user_login">' . "\n" . '<legend>' . __('Login Information') . '</legend>' . "\n" . '<div class="item">' . "\n" . '<label for="select_pred_username">' . "\n" . ' ' . __('User name:') . "\n" . '</label>' . "\n" . '<span class="options">' . "\n"; $html_output .= '<select name="pred_username" id="select_pred_username" ' . 'title="' . __('User name') . '"' . "\n"; $html_output .= ' onchange="' . 'if (this.value == \'any\') {' . ' username.value = \'\'; ' . ' user_exists_warning.style.display = \'none\'; ' . ' username.required = false; ' . '} else if (this.value == \'userdefined\') {' . ' username.focus(); username.select(); ' . ' username.required = true; ' . '}">' . "\n"; $html_output .= '<option value="any"' . (isset($GLOBALS['pred_username']) && $GLOBALS['pred_username'] == 'any' ? ' selected="selected"' : '') . '>' . __('Any user') . '</option>' . "\n"; $html_output .= '<option value="userdefined"' . (!isset($GLOBALS['pred_username']) || $GLOBALS['pred_username'] == 'userdefined' ? ' selected="selected"' : '') . '>' . __('Use text field') . ':</option>' . "\n"; $html_output .= '</select>' . "\n" . '</span>' . "\n"; $html_output .= '<input type="text" name="username" class="autofocus"' . ' maxlength="' . $username_length . '" title="' . __('User name') . '"' . (empty($GLOBALS['username']) ? '' : ' value="' . htmlspecialchars(isset($GLOBALS['new_username']) ? $GLOBALS['new_username'] : $GLOBALS['username']) . '"') . ' onchange="pred_username.value = \'userdefined\'; this.required = true;" ' . (!isset($GLOBALS['pred_username']) || $GLOBALS['pred_username'] == 'userdefined' ? 'required="required"' : '') . ' />' . "\n"; $html_output .= '<div id="user_exists_warning"' . ' name="user_exists_warning" style="display:none;">' . Message::notice(__('An account already exists with the same username ' . 'but possibly a different hostname.'))->getDisplay() . '</div>'; $html_output .= '</div>'; $html_output .= '<div class="item">' . "\n" . '<label for="select_pred_hostname">' . "\n" . ' ' . __('Host name:') . "\n" . '</label>' . "\n"; $html_output .= '<span class="options">' . "\n" . ' <select name="pred_hostname" id="select_pred_hostname" ' . 'title="' . __('Host name') . '"' . "\n"; $_current_user = $GLOBALS['dbi']->fetchValue('SELECT USER();'); if (!empty($_current_user)) { $thishost = str_replace("'", '', mb_substr($_current_user, mb_strrpos($_current_user, '@') + 1)); if ($thishost == 'localhost' || $thishost == '127.0.0.1') { unset($thishost); } } $html_output .= ' onchange="' . 'if (this.value == \'any\') { ' . ' hostname.value = \'%\'; ' . '} else if (this.value == \'localhost\') { ' . ' hostname.value = \'localhost\'; ' . '} ' . (empty($thishost) ? '' : 'else if (this.value == \'thishost\') { ' . ' hostname.value = \'' . addslashes(htmlspecialchars($thishost)) . '\'; ' . '} ') . 'else if (this.value == \'hosttable\') { ' . ' hostname.value = \'\'; ' . ' hostname.required = false; ' . '} else if (this.value == \'userdefined\') {' . ' hostname.focus(); hostname.select(); ' . ' hostname.required = true; ' . '}">' . "\n"; unset($_current_user); // when we start editing a user, $GLOBALS['pred_hostname'] is not defined if (!isset($GLOBALS['pred_hostname']) && isset($GLOBALS['hostname'])) { switch (mb_strtolower($GLOBALS['hostname'])) { case 'localhost': case '127.0.0.1': $GLOBALS['pred_hostname'] = 'localhost'; break; case '%': $GLOBALS['pred_hostname'] = 'any'; break; default: $GLOBALS['pred_hostname'] = 'userdefined'; break; } } $html_output .= '<option value="any"' . (isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'any' ? ' selected="selected"' : '') . '>' . __('Any host') . '</option>' . "\n" . '<option value="localhost"' . (isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'localhost' ? ' selected="selected"' : '') . '>' . __('Local') . '</option>' . "\n"; if (!empty($thishost)) { $html_output .= '<option value="thishost"' . (isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'thishost' ? ' selected="selected"' : '') . '>' . __('This Host') . '</option>' . "\n"; } unset($thishost); $html_output .= '<option value="hosttable"' . (isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'hosttable' ? ' selected="selected"' : '') . '>' . __('Use Host Table') . '</option>' . "\n"; $html_output .= '<option value="userdefined"' . (isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'userdefined' ? ' selected="selected"' : '') . '>' . __('Use text field:') . '</option>' . "\n" . '</select>' . "\n" . '</span>' . "\n"; $html_output .= '<input type="text" name="hostname" maxlength="' . $hostname_length . '" value="' . htmlspecialchars(isset($GLOBALS['hostname']) ? $GLOBALS['hostname'] : '%') . '" title="' . __('Host name') . '" onchange="pred_hostname.value = \'userdefined\'; ' . 'this.required = true;" ' . (isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'userdefined' ? 'required="required"' : '') . ' />' . "\n" . Util::showHint(__('When Host table is used, this field is ignored ' . 'and values stored in Host table are used instead.')) . '</div>' . "\n"; $html_output .= '<div class="item">' . "\n" . '<label for="select_pred_password">' . "\n" . ' ' . __('Password:'******'</label>' . "\n" . '<span class="options">' . "\n" . '<select name="pred_password" id="select_pred_password" title="' . __('Password') . '"' . "\n"; $html_output .= ' onchange="' . 'if (this.value == \'none\') { ' . ' pma_pw.value = \'\'; pma_pw2.value = \'\'; ' . ' pma_pw.required = false; pma_pw2.required = false; ' . '} else if (this.value == \'userdefined\') { ' . ' pma_pw.focus(); pma_pw.select(); ' . ' pma_pw.required = true; pma_pw2.required = true; ' . '} else { ' . ' pma_pw.required = false; pma_pw2.required = false; ' . '}">' . "\n" . ($mode == 'change' ? '<option value="keep" selected="selected">' . __('Do not change the password') . '</option>' . "\n" : '') . '<option value="none"'; if (isset($GLOBALS['username']) && $mode != 'change') { $html_output .= ' selected="selected"'; } $html_output .= '>' . __('No Password') . '</option>' . "\n" . '<option value="userdefined"' . (isset($GLOBALS['username']) ? '' : ' selected="selected"') . '>' . __('Use text field') . ':</option>' . "\n" . '</select>' . "\n" . '</span>' . "\n" . '<input type="password" id="text_pma_pw" name="pma_pw" ' . 'title="' . __('Password') . '" ' . 'onchange="pred_password.value = \'userdefined\'; this.required = true; ' . 'pma_pw2.required = true;" ' . (isset($GLOBALS['username']) ? '' : 'required="required"') . '/>' . "\n" . '</div>' . "\n"; $html_output .= '<div class="item" ' . 'id="div_element_before_generate_password">' . "\n" . '<label for="text_pma_pw2">' . "\n" . ' ' . __('Re-type:') . "\n" . '</label>' . "\n" . '<span class="options"> </span>' . "\n" . '<input type="password" name="pma_pw2" id="text_pma_pw2" ' . 'title="' . __('Re-type') . '" ' . 'onchange="pred_password.value = \'userdefined\'; this.required = true; ' . 'pma_pw.required = true;" ' . (isset($GLOBALS['username']) ? '' : 'required="required"') . '/>' . "\n" . '</div>' . "\n" . '<div class="item" id="authentication_plugin_div">' . '<label for="select_authentication_plugin" >'; $serverType = Util::getServerType(); if ($serverType == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50507 || $serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200) { $html_output .= __('Authentication Plugin') . '</label><span class="options"> </span>' . "\n" . '<select id="select_authentication_plugin" name="authentication_plugin" >'; $active_auth_plugins = PMA_getActiveAuthPlugins(); $orig_auth_plugin = PMA_getCurrentAuthenticationPlugin($mode, $username, $hostname); foreach ($active_auth_plugins as $plugin) { if ($plugin['PLUGIN_NAME'] == 'mysql_old_password') { continue; } $html_output .= '<option value="' . $plugin['PLUGIN_NAME'] . '"' . ($orig_auth_plugin == $plugin['PLUGIN_NAME'] ? 'selected ' : '') . '>' . __($plugin['PLUGIN_DESCRIPTION']) . '</option>'; } $html_output .= '</select>' . '<div id="ssl_reqd_warning" ' . ($orig_auth_plugin == 'sha256_password' ? '' : ' style="display:none"') . ' >' . Message::notice(__('This method requires using an \'<i>SSL connection</i>\' ' . 'or an \'<i>unencrypted connection that encrypts the password ' . 'using RSA</i>\'; while connecting to the server.') . Util::showMySQLDocu('sha256-authentication-plugin'))->getDisplay() . '</div>'; } else { $html_output .= __('Password Hashing Method') . '</label><span class="options"> </span>' . "\n" . '<select id="select_authentication_plugin" ' . 'name="authentication_plugin" >' . '<option value="mysql_native_password" >' . __('MySQL Native Authentication') . '</option>' . '</select>'; } $html_output .= '</div>' . "\n" . '</fieldset>' . "\n"; return $html_output; }