/** * Get HTML for the Change password dialog * * @param string $mode where is the function being called? * values : 'change_pw' or 'edit_other' * @param string $username username * @param string $hostname hostname * * @return string html snippet */ function PMA_getHtmlForChangePassword($mode, $username, $hostname) { /** * autocomplete feature of IE kills the "onchange" event handler and it * must be replaced by the "onpropertychange" one in this case */ $chg_evt_handler = PMA_USR_BROWSER_AGENT == 'IE' && PMA_USR_BROWSER_VER >= 5 && PMA_USR_BROWSER_VER < 7 ? 'onpropertychange' : 'onchange'; $is_privileges = basename($_SERVER['SCRIPT_NAME']) === 'server_privileges.php'; $html = '<form method="post" id="change_password_form" ' . 'action="' . basename($GLOBALS['PMA_PHP_SELF']) . '" ' . 'name="chgPassword" ' . 'class="' . ($is_privileges ? 'submenu-item' : '') . '">'; $html .= PMA_URL_getHiddenInputs(); if (strpos($GLOBALS['PMA_PHP_SELF'], 'server_privileges') !== false) { $html .= '<input type="hidden" name="username" ' . 'value="' . htmlspecialchars($username) . '" />' . '<input type="hidden" name="hostname" ' . 'value="' . htmlspecialchars($hostname) . '" />'; } $html .= '<fieldset id="fieldset_change_password">' . '<legend' . ($is_privileges ? ' data-submenu-label="' . __('Change password') . '"' : '') . '>' . __('Change password') . '</legend>' . '<table class="data noclick">' . '<tr class="odd">' . '<td colspan="2">' . '<input type="radio" name="nopass" value="1" id="nopass_1" ' . 'onclick="pma_pw.value = \'\'; pma_pw2.value = \'\'; ' . 'this.checked = true" />' . '<label for="nopass_1">' . __('No Password') . '</label>' . '</td>' . '</tr>' . '<tr class="even vmiddle">' . '<td>' . '<input type="radio" name="nopass" value="0" id="nopass_0" ' . 'onclick="document.getElementById(\'text_pma_pw\').focus();" ' . 'checked="checked" />' . '<label for="nopass_0">' . __('Password:'******' </label>' . '</td>' . '<td>' . '<input type="password" name="pma_pw" id="text_pma_pw" size="10" ' . 'class="textfield"' . $chg_evt_handler . '="nopass[1].checked = true" />' . ' ' . __('Re-type:') . ' ' . '<input type="password" name="pma_pw2" id="text_pma_pw2" size="10" ' . 'class="textfield"' . $chg_evt_handler . '="nopass[1].checked = true" />' . '</td>' . '</tr>'; $serverType = PMA_Util::getServerType(); $orig_auth_plugin = PMA_getCurrentAuthenticationPlugin('change', $username, $hostname); $is_superuser = $GLOBALS['dbi']->isSuperuser(); if ($serverType == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50507 || $serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200) { // Provide this option only for 5.7.6+ // OR for privileged users in 5.5.7+ if ($serverType == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706 || $is_superuser && $mode == 'edit_other') { $auth_plugin_dropdown = PMA_getHtmlForAuthPluginsDropdown($username, $hostname, $orig_auth_plugin, 'change_pw', 'new'); $html .= '<tr class="vmiddle">' . '<td>' . __('Password Hashing:') . '</td><td>'; $html .= $auth_plugin_dropdown; $html .= '</td></tr>' . '<tr id="tr_element_before_generate_password"></tr>' . '</table>'; $html .= '<div ' . ($orig_auth_plugin != 'sha256_password' ? 'style="display:none"' : '') . ' id="ssl_reqd_warning_cp">' . PMA_Message::notice(__('This method requires using an \'<i>SSL connection</i>\' ' . 'or an \'<i>unencrypted connection that encrypts the password ' . 'using RSA</i>\'; while connecting to the server.') . PMA_Util::showMySQLDocu('sha256-authentication-plugin'))->getDisplay() . '</div>'; } else { $html .= '<tr id="tr_element_before_generate_password"></tr>' . '</table>'; } } else { $auth_plugin_dropdown = PMA_getHtmlForAuthPluginsDropdown($username, $hostname, $orig_auth_plugin, 'change_pw', 'old'); $html .= '<tr class="vmiddle">' . '<td>' . __('Password Hashing:') . '</td><td>'; $html .= $auth_plugin_dropdown . '</td></tr>' . '<tr id="tr_element_before_generate_password"></tr>' . '</table>'; } $html .= '</fieldset>' . '<fieldset id="fieldset_change_password_footer" class="tblFooters">' . '<input type="hidden" name="change_pw" value="1" />' . '<input type="submit" value="' . __('Go') . '" />' . '</fieldset>' . '</form>'; return $html; }
/** * Get HTML for the Change password dialog * * @param string $username username * @param string $hostname hostname * * @return string html snippet */ function PMA_getHtmlForChangePassword($username, $hostname) { /** * autocomplete feature of IE kills the "onchange" event handler and it * must be replaced by the "onpropertychange" one in this case */ $chg_evt_handler = PMA_USR_BROWSER_AGENT == 'IE' && PMA_USR_BROWSER_VER >= 5 && PMA_USR_BROWSER_VER < 7 ? 'onpropertychange' : 'onchange'; $is_privileges = basename($_SERVER['SCRIPT_NAME']) === 'server_privileges.php'; $html = '<form method="post" id="change_password_form" ' . 'action="' . basename($GLOBALS['PMA_PHP_SELF']) . '" ' . 'name="chgPassword" ' . 'class="' . ($is_privileges ? 'submenu-item' : '') . '">'; $html .= PMA_URL_getHiddenInputs(); if (strpos($GLOBALS['PMA_PHP_SELF'], 'server_privileges') !== false) { $html .= '<input type="hidden" name="username" ' . 'value="' . htmlspecialchars($username) . '" />' . '<input type="hidden" name="hostname" ' . 'value="' . htmlspecialchars($hostname) . '" />'; } $html .= '<fieldset id="fieldset_change_password">' . '<legend' . ($is_privileges ? ' data-submenu-label="' . __('Change password') . '"' : '') . '>' . __('Change password') . '</legend>' . '<table class="data noclick">' . '<tr class="odd">' . '<td colspan="2">' . '<input type="radio" name="nopass" value="1" id="nopass_1" ' . 'onclick="pma_pw.value = \'\'; pma_pw2.value = \'\'; ' . 'this.checked = true" />' . '<label for="nopass_1">' . __('No Password') . '</label>' . '</td>' . '</tr>' . '<tr class="even vmiddle">' . '<td>' . '<input type="radio" name="nopass" value="0" id="nopass_0" ' . 'onclick="document.getElementById(\'text_pma_pw\').focus();" ' . 'checked="checked" />' . '<label for="nopass_0">' . __('Password:'******' </label>' . '</td>' . '<td>' . '<input type="password" name="pma_pw" id="text_pma_pw" size="10" ' . 'class="textfield"' . $chg_evt_handler . '="nopass[1].checked = true" />' . ' ' . __('Re-type:') . ' ' . '<input type="password" name="pma_pw2" id="text_pma_pw2" size="10" ' . 'class="textfield"' . $chg_evt_handler . '="nopass[1].checked = true" />' . '</td>' . '</tr>'; $default_auth_plugin = PMA_getCurrentAuthenticationPlugin('change', $username, $hostname); // See http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-5.html if (PMA_Util::getServerType() == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50705) { $html .= '<tr class="vmiddle">' . '<td>' . __('Password Hashing:') . '</td>' . '<td>' . '<input type="radio" name="pw_hash" id="radio_pw_hash_mysql_native" ' . 'value="mysql_native_password"'; if ($default_auth_plugin == 'mysql_native_password') { $html .= '" checked="checked"'; } $html .= ' />' . '<label for="radio_pw_hash_mysql_native">' . __('MySQL native password') . '</label>' . '</td>' . '</tr>' . '<tr id="tr_element_before_generate_password">' . '<td> </td>' . '<td>' . '<input type="radio" name="pw_hash" id="radio_pw_hash_sha256" ' . 'value="sha256_password"'; if ($default_auth_plugin == 'sha256_password') { $html .= '" checked="checked"'; } $html .= ' />' . '<label for="radio_pw_hash_sha256">' . __('SHA256 password') . '</label>' . '</td>' . '</tr>'; } elseif (PMA_Util::getServerType() == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50606) { $html .= '<tr class="vmiddle" id="tr_element_before_generate_password">' . '<td>' . __('Password Hashing:') . '</td>' . '<td>' . '<input type="radio" name="pw_hash" id="radio_pw_hash_new" ' . 'value="' . $default_auth_plugin . '" checked="checked" />' . '<label for="radio_pw_hash_new">' . $default_auth_plugin . '</label>' . '</td>' . '</tr>'; } else { $html .= '<tr class="vmiddle">' . '<td>' . __('Password Hashing:') . '</td>' . '<td>' . '<input type="radio" name="pw_hash" id="radio_pw_hash_new" ' . 'value="mysql_native_password" checked="checked" />' . '<label for="radio_pw_hash_new">mysql_native_password</label>' . '</td>' . '</tr>' . '<tr id="tr_element_before_generate_password" >' . '<td> </td>' . '<td>' . '<input type="radio" name="pw_hash" id="radio_pw_hash_old" ' . 'value="old" />' . '<label for="radio_pw_hash_old">' . __('MySQL 4.0 compatible') . '</label>' . '</td>' . '</tr>'; } $html .= '</table>'; $html .= '<div ' . ($default_auth_plugin != 'sha256_password' ? 'style="display:none"' : '') . ' id="ssl_reqd_warning_cp">' . PMA_Message::notice(__('This method requires using an \'<i>SSL connection</i>\' ' . 'or an \'<i>unencrypted connection that encrypts the password ' . 'using RSA</i>\'; while connecting to the server.') . PMA_Util::showMySQLDocu('sha256-authentication-plugin'))->getDisplay() . '</div>'; $html .= '</fieldset>' . '<fieldset id="fieldset_change_password_footer" class="tblFooters">' . '<input type="hidden" name="change_pw" value="1" />' . '<input type="submit" value="' . __('Go') . '" />' . '</fieldset>' . '</form>'; return $html; }
/** * Get HTML snippet for display user overview page * * @param string $pmaThemeImage a image source link * @param string $text_dir text directory * * @return string $html_output */ function PMA_getHtmlForUserOverview($pmaThemeImage, $text_dir) { $html_output = '<h2>' . "\n" . PMA_Util::getIcon('b_usrlist.png') . __('Users overview') . "\n" . '</h2>' . "\n"; $password_column = 'Password'; if (PMA_Util::getServerType() == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706) { $password_column = 'authentication_string'; } // $sql_query is for the initial-filtered, // $sql_query_all is for counting the total no. of users $sql_query = $sql_query_all = 'SELECT *,' . " IF(`" . $password_column . "` = _latin1 '', 'N', 'Y') AS 'Password'" . ' FROM `mysql`.`user`'; $sql_query .= isset($_REQUEST['initial']) ? PMA_rangeOfUsers($_REQUEST['initial']) : ''; $sql_query .= ' ORDER BY `User` ASC, `Host` ASC;'; $sql_query_all .= ' ;'; $res = $GLOBALS['dbi']->tryQuery($sql_query, null, PMA_DatabaseInterface::QUERY_STORE); $res_all = $GLOBALS['dbi']->tryQuery($sql_query_all, null, PMA_DatabaseInterface::QUERY_STORE); if (!$res) { // the query failed! This may have two reasons: // - the user does not have enough privileges // - the privilege tables use a structure of an earlier version. // so let's try a more simple query $GLOBALS['dbi']->freeResult($res); $GLOBALS['dbi']->freeResult($res_all); $sql_query = 'SELECT * FROM `mysql`.`user`'; $res = $GLOBALS['dbi']->tryQuery($sql_query, null, PMA_DatabaseInterface::QUERY_STORE); if (!$res) { $html_output .= PMA_getHtmlForViewUsersError(); $html_output .= PMA_getAddUserHtmlFieldset(); } else { // This message is hardcoded because I will replace it by // a automatic repair feature soon. $raw = 'Your privilege table structure seems to be older than' . ' this MySQL version!<br />' . 'Please run the <code>mysql_upgrade</code> command' . '(<code>mysql_fix_privilege_tables</code> on older systems)' . ' that should be included in your MySQL server distribution' . ' to solve this problem!'; $html_output .= PMA_Message::rawError($raw)->getDisplay(); } $GLOBALS['dbi']->freeResult($res); } else { $db_rights = PMA_getDbRightsForUserOverview(); // for all initials, even non A-Z $array_initials = array(); /** * Displays the initials * Also not necessary if there is less than 20 privileges */ if ($GLOBALS['dbi']->numRows($res_all) > 20) { $html_output .= PMA_getHtmlForInitials($array_initials); } /** * Display the user overview * (if less than 50 users, display them immediately) */ if (isset($_REQUEST['initial']) || isset($_REQUEST['showall']) || $GLOBALS['dbi']->numRows($res) < 50) { $html_output .= PMA_getUsersOverview($res, $db_rights, $pmaThemeImage, $text_dir); } else { $html_output .= PMA_getAddUserHtmlFieldset(); } // end if (display overview) if (!$GLOBALS['is_ajax_request'] || !empty($_REQUEST['ajax_page_request'])) { $flushnote = new PMA_Message(__('Note: phpMyAdmin gets the users\' privileges directly ' . 'from MySQL\'s privilege tables. The content of these tables ' . 'may differ from the privileges the server uses, ' . 'if they have been changed manually. In this case, ' . 'you should %sreload the privileges%s before you continue.'), PMA_Message::NOTICE); $flushLink = '<a href="server_privileges.php' . PMA_URL_getCommon(array('flush_privileges' => 1)) . '" id="reload_privileges_anchor">'; $flushnote->addParam($flushLink, false); $flushnote->addParam('</a>', false); $html_output .= $flushnote->getDisplay(); } } return $html_output; }
/** * Get SQL queries for Display and Add user * * @param string $username username * @param string $hostname host name * @param string $password password * * @return array ($create_user_real, $create_user_show,$real_sql_query, $sql_query * $password_set_real, $password_set_show) */ function PMA_getSqlQueriesForDisplayAndAddUser($username, $hostname, $password) { $slashedUsername = PMA_Util::sqlAddSlashes($username); $slashedHostname = PMA_Util::sqlAddSlashes($hostname); $slashedPassword = PMA_Util::sqlAddSlashes($password); $create_user_stmt = sprintf('CREATE USER \'%s\'@\'%s\'', $slashedUsername, $slashedHostname); if (PMA_MYSQL_INT_VERSION >= 50507 && isset($_REQUEST['authentication_plugin'])) { $create_user_stmt .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin']; } if (PMA_MYSQL_INT_VERSION >= 50707 && strpos($create_user_stmt, '%') !== false) { $create_user_stmt = str_replace('%', '%%', $create_user_stmt); } $create_user_real = $create_user_show = $create_user_stmt; $password_set_stmt = 'SET PASSWORD FOR \'%s\'@\'%s\' = PASSWORD(\'%s\')'; $password_set_show = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, '***'); $sql_query_stmt = sprintf('GRANT %s ON *.* TO \'%s\'@\'%s\'', join(', ', PMA_extractPrivInfo()), $slashedUsername, $slashedHostname); $real_sql_query = $sql_query = $sql_query_stmt; if (PMA_MYSQL_INT_VERSION < 50707) { if ($_POST['pred_password'] == 'keep') { $password_set_real = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, $slashedPassword); } else { if ($_POST['pred_password'] == 'none') { $password_set_real = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, null); } else { $password_set_real = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, $_POST['pma_pw']); } } } else { $password_set_real = null; $create_user_stmt .= ' BY \'%s\''; if ($_POST['pred_password'] == 'keep') { $create_user_real = sprintf($create_user_stmt, $password); $create_user_show = sprintf($create_user_stmt, '***'); } else { if ($_POST['pred_password'] == 'none') { $create_user_real = sprintf($create_user_stmt, null); $create_user_show = sprintf($create_user_stmt, '***'); } else { $create_user_real = sprintf($create_user_stmt, $_POST['pma_pw']); $create_user_show = sprintf($create_user_stmt, '***'); } } } // add REQUIRE clause $require_clause = PMA_getRequireClause(); $real_sql_query .= $require_clause; $sql_query .= $require_clause; if (isset($_POST['Grant_priv']) && $_POST['Grant_priv'] == 'Y' || (isset($_POST['max_questions']) || isset($_POST['max_connections']) || isset($_POST['max_updates']) || isset($_POST['max_user_connections']))) { $with_clause = PMA_getWithClauseForAddUserAndUpdatePrivs(); $real_sql_query .= $with_clause; $sql_query .= $with_clause; } if (isset($create_user_real)) { $create_user_real .= ';'; $create_user_show .= ';'; } $real_sql_query .= ';'; $sql_query .= ';'; // No Global GRANT_OPTION privilege if (!$GLOBALS['is_grantuser']) { $real_sql_query = ''; $sql_query = ''; } if (PMA_Util::getServerType() == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50700) { $password_set_real = null; $password_set_show = null; } else { $password_set_real .= ";"; $password_set_show .= ";"; } return array($create_user_real, $create_user_show, $real_sql_query, $sql_query, $password_set_real, $password_set_show); }
echo '</ul>'; // User preferences if ($server > 0) { echo '<ul>'; PMA_printListItem(PMA_Util::getImage('b_tblops.png') . " " . __('More settings'), 'li_user_preferences', 'prefs_manage.php' . $common_url_query, null, null, null, "no_bullets"); echo '</ul>'; } echo '</div>'; echo '</div>'; echo '<div id="main_pane_right">'; if ($server > 0 && $GLOBALS['cfg']['ShowServerInfo']) { echo '<div class="group">'; echo '<h2>' . __('Database server') . '</h2>'; echo '<ul>' . "\n"; PMA_printListItem(__('Server:') . ' ' . $server_info, 'li_server_info'); PMA_printListItem(__('Server type:') . ' ' . PMA_Util::getServerType(), 'li_server_type'); PMA_printListItem(__('Server version:') . ' ' . PMA_MYSQL_STR_VERSION . ' - ' . PMA_MYSQL_VERSION_COMMENT, 'li_server_version'); PMA_printListItem(__('Protocol version:') . ' ' . $GLOBALS['dbi']->getProtoInfo(), 'li_mysql_proto'); PMA_printListItem(__('User:'******' ' . htmlspecialchars($mysql_cur_user_and_host), 'li_user_info'); echo ' <li id="li_select_mysql_charset">'; echo ' ' . __('Server charset:') . ' ' . ' <span lang="en" dir="ltr">'; if (!PMA_DRIZZLE) { echo ' ' . $mysql_charsets_descriptions[$mysql_charset_map['utf-8']]; } echo ' (' . $mysql_charset_map['utf-8'] . ')' . ' </span>' . ' </li>' . ' </ul>' . ' </div>'; } if ($GLOBALS['cfg']['ShowServerInfo'] || $GLOBALS['cfg']['ShowPhpInfo']) { echo '<div class="group">'; echo '<h2>' . __('Web server') . '</h2>'; echo '<ul>'; if ($GLOBALS['cfg']['ShowServerInfo']) {
/** * Get SQL queries for Display and Add user * * @param string $username username * @param string $hostname host name * @param string $password password * * @return array ($create_user_real, $create_user_show,$real_sql_query, $sql_query * $password_set_real, $password_set_show) */ function PMA_getSqlQueriesForDisplayAndAddUser($username, $hostname, $password) { $slashedUsername = PMA_Util::sqlAddSlashes($username); $slashedHostname = PMA_Util::sqlAddSlashes($hostname); $slashedPassword = PMA_Util::sqlAddSlashes($password); $serverType = PMA_Util::getServerType(); $create_user_stmt = sprintf('CREATE USER \'%s\'@\'%s\'', $slashedUsername, $slashedHostname); // See https://github.com/phpmyadmin/phpmyadmin/pull/11560#issuecomment-147158219 // for details regarding details of syntax usage for various versions // 'IDENTIFIED WITH auth_plugin' // is supported by MySQL 5.5.7+ if (($serverType == 'MySQL' || $serverType == 'Percona Server') && PMA_MYSQL_INT_VERSION >= 50507 && isset($_REQUEST['authentication_plugin'])) { $create_user_stmt .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin']; } // 'IDENTIFIED VIA auth_plugin' // is supported by MariaDB 5.2+ if ($serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200 && isset($_REQUEST['authentication_plugin'])) { $create_user_stmt .= ' IDENTIFIED VIA ' . $_REQUEST['authentication_plugin']; } $create_user_real = $create_user_show = $create_user_stmt; $password_set_stmt = 'SET PASSWORD FOR \'%s\'@\'%s\' = \'%s\''; $password_set_show = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, '***'); $password_set_real = null; $sql_query_stmt = sprintf('GRANT %s ON *.* TO \'%s\'@\'%s\'', join(', ', PMA_extractPrivInfo()), $slashedUsername, $slashedHostname); $real_sql_query = $sql_query = $sql_query_stmt; // Set the proper hashing method if (isset($_REQUEST['authentication_plugin'])) { PMA_setProperPasswordHashing($_REQUEST['authentication_plugin']); } // Use 'CREATE USER ... WITH ... AS ..' syntax for // newer MySQL versions // and 'CREATE USER ... USING .. VIA ..' syntax for // newer MariaDB versions if (($serverType == 'MySQL' || $serverType == 'Percona Server') && PMA_MYSQL_INT_VERSION >= 50706 || $serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200) { $password_set_real = null; // Required for binding '%' with '%s' $create_user_stmt = str_replace('%', '%%', $create_user_stmt); // MariaDB uses 'USING' whereas MySQL uses 'AS' if ($serverType == 'MariaDB') { $create_user_stmt .= ' USING \'%s\''; } else { $create_user_stmt .= ' AS \'%s\''; } $create_user_real = $create_user_show = $create_user_stmt; if ($_POST['pred_password'] == 'keep') { $create_user_real = sprintf($create_user_stmt, $slashedPassword); $create_user_show = sprintf($create_user_stmt, '***'); } else { if ($_POST['pred_password'] == 'none') { $create_user_real = sprintf($create_user_stmt, null); $create_user_show = sprintf($create_user_stmt, '***'); } else { $hashedPassword = PMA_getHashedPassword($_POST['pma_pw']); $create_user_real = sprintf($create_user_stmt, $hashedPassword); $create_user_show = sprintf($create_user_stmt, '***'); } } } else { // Use 'SET PASSWORD' syntax for pre-5.7.6 MySQL versions // and pre-5.2.0 MariaDB versions if ($_POST['pred_password'] == 'keep') { $password_set_real = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, $slashedPassword); } else { if ($_POST['pred_password'] == 'none') { $password_set_real = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, null); } else { $hashedPassword = PMA_getHashedPassword($_POST['pma_pw']); $password_set_real = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, $hashedPassword); } } } // add REQUIRE clause $require_clause = PMA_getRequireClause(); $real_sql_query .= $require_clause; $sql_query .= $require_clause; if (isset($_POST['Grant_priv']) && $_POST['Grant_priv'] == 'Y' || (isset($_POST['max_questions']) || isset($_POST['max_connections']) || isset($_POST['max_updates']) || isset($_POST['max_user_connections']))) { $with_clause = PMA_getWithClauseForAddUserAndUpdatePrivs(); $real_sql_query .= $with_clause; $sql_query .= $with_clause; } if (isset($create_user_real)) { $create_user_real .= ';'; $create_user_show .= ';'; } $real_sql_query .= ';'; $sql_query .= ';'; // No Global GRANT_OPTION privilege if (!$GLOBALS['is_grantuser']) { $real_sql_query = ''; $sql_query = ''; } // Use 'SET PASSWORD' for pre-5.7.6 MySQL versions // and pre-5.2.0 MariaDB if ($serverType == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706 || $serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200) { $password_set_real = null; $password_set_show = null; } else { $password_set_real .= ";"; $password_set_show .= ";"; } return array($create_user_real, $create_user_show, $real_sql_query, $sql_query, $password_set_real, $password_set_show); }
/** * Returns the generation expression for virtual columns * * @param string $column name of the column * * @return array|boolean associative array of column name and their expressions * or false on failure */ public function getColumnGenerationExpression($column = null) { $serverType = PMA_Util::getServerType(); if ($serverType == 'MySQL' && PMA_MYSQL_INT_VERSION > 50705 && !$GLOBALS['cfg']['Server']['DisableIS']) { $sql = "SELECT\r\n `COLUMN_NAME` AS `Field`,\r\n `GENERATION_EXPRESSION` AS `Expression`\r\n FROM\r\n `information_schema`.`COLUMNS`\r\n WHERE\r\n `TABLE_SCHEMA` = '" . PMA_Util::sqlAddSlashes($this->_db_name) . "'\r\n AND `TABLE_NAME` = '" . PMA_Util::sqlAddSlashes($this->_name) . "'"; if ($column != null) { $sql .= " AND `COLUMN_NAME` = '" . PMA_Util::sqlAddSlashes($column) . "'"; } $columns = $this->_dbi->fetchResult($sql, 'Field', 'Expression'); return $columns; } $createTable = $this->showCreate(); if (!$createTable) { return false; } $parser = new SqlParser\Parser($createTable); /** * @var SqlParser\Statements\CreateStatement $stmt */ $stmt = $parser->statements[0]; $fields = SqlParser\Utils\Table::getFields($stmt); if ($column != null) { $expression = isset($fields[$column]['expr']) ? substr($fields[$column]['expr'], 1, -1) : ''; return array($column => $expression); } $ret = array(); foreach ($fields as $field => $options) { if (isset($options['expr'])) { $ret[$field] = substr($options['expr'], 1, -1); } } return $ret; }
/** * Generate the error url and submit the query * * @param string $username Username * @param string $hostname Hostname * @param string $password Password * @param string $sql_query SQL query * @param string $hashing_function Hashing function * @param string $orig_auth_plugin Original Authentication Plugin * * @return void */ function PMA_changePassUrlParamsAndSubmitQuery($username, $hostname, $password, $sql_query, $hashing_function, $orig_auth_plugin) { $err_url = 'user_password.php' . PMA_URL_getCommon(); $serverType = PMA_Util::getServerType(); if ($serverType == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706) { $local_query = 'ALTER USER \'' . $username . '\'@\'' . $hostname . '\'' . ' IDENTIFIED with ' . $orig_auth_plugin . ' BY ' . ($password == '' ? '\'\'' : '\'' . PMA_Util::sqlAddSlashes($password) . '\''); } else { if ($serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200) { if ($orig_auth_plugin == 'mysql_native_password') { // Set the hashing method used by PASSWORD() // to be 'mysql_native_password' type $GLOBALS['dbi']->tryQuery('SET old_passwords = 0;'); } else { if ($orig_auth_plugin == 'sha256_password') { // Set the hashing method used by PASSWORD() // to be 'sha256_password' type $GLOBALS['dbi']->tryQuery('SET `old_passwords` = 2;'); } } $hashedPassword = PMA_getHashedPassword($_POST['pma_pw']); $local_query = "UPDATE `mysql`.`user` SET" . " `authentication_string` = '" . $hashedPassword . "', `Password` = '', " . " `plugin` = '" . $orig_auth_plugin . "'" . " WHERE `User` = '" . $username . "' AND Host = '" . $hostname . "';"; $GLOBALS['dbi']->tryQuery("FLUSH PRIVILEGES;"); } else { $local_query = 'SET password = '******'' ? '\'\'' : $hashing_function . '(\'' . PMA_Util::sqlAddSlashes($password) . '\')'); } } if (!@$GLOBALS['dbi']->tryQuery($local_query)) { PMA_Util::mysqlDie($GLOBALS['dbi']->getError(), $sql_query, false, $err_url); } }
/** * Generate the error url and submit the query * * @param string $username Username * @param string $hostname Hostname * @param string $password Password * @param string $sql_query SQL query * @param string $hashing_function Hashing function * @param string $auth_plugin Authentication Plugin * * @return void */ function PMA_changePassUrlParamsAndSubmitQuery($username, $hostname, $password, $sql_query, $hashing_function, $auth_plugin) { $err_url = 'user_password.php' . PMA_URL_getCommon(); if (PMA_Util::getServerType() === 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706) { $local_query = 'ALTER USER \'' . $username . '\'@\'' . $hostname . '\'' . ' IDENTIFIED with ' . $auth_plugin . ' BY ' . ($password == '' ? '\'\'' : '\'' . PMA_Util::sqlAddSlashes($password) . '\''); } else { $local_query = 'SET password = '******'' ? '\'\'' : $hashing_function . '(\'' . PMA_Util::sqlAddSlashes($password) . '\')'); } if (!@$GLOBALS['dbi']->tryQuery($local_query)) { PMA_Util::mysqlDie($GLOBALS['dbi']->getError(), $sql_query, false, $err_url); } }
/** * Get SQL queries for Display and Add user * * @param string $username username * @param string $hostname host name * @param string $password password * * @return array ($create_user_real, $create_user_show,$real_sql_query, $sql_query * $password_set_real, $password_set_show) */ function PMA_getSqlQueriesForDisplayAndAddUser($username, $hostname, $password) { $slashedUsername = PMA_Util::sqlAddSlashes($username); $slashedHostname = PMA_Util::sqlAddSlashes($hostname); // '%' character causes binding problems with sprintf // and therefore has to be escaped using an extra '%' $escapedHostname = $hostname; $escapedUsername = $username; if (strpos($hostname, '%') !== false) { $escapedHostname = str_replace('%', '%%', $hostname); } if (strpos($username, '%') !== false) { $escapedUsername = str_replace('%', '%%', $username); } $slashedEscapedUsername = PMA_Util::sqlAddSlashes($escapedUsername); $slashedEscapedHostname = PMA_Util::sqlAddSlashes($escapedHostname); $create_user_stmt = sprintf('CREATE USER \'%s\'@\'%s\'', $slashedEscapedUsername, $slashedEscapedHostname); $create_user_real = $create_user_show = $create_user_stmt; $password_set_stmt = 'SET PASSWORD FOR \'%s\'@\'%s\' = PASSWORD(\'%s\')'; $password_set_show = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, '***'); $password_set_real = null; $sql_query_stmt = sprintf('GRANT %s ON *.* TO \'%s\'@\'%s\'', join(', ', PMA_extractPrivInfo()), $slashedUsername, $slashedHostname); $real_sql_query = $sql_query = $sql_query_stmt; //@todo Following blocks should be delegated to another function and factorized. //There are too much duplication here. if ($_POST['pred_password'] != 'none' && $_POST['pred_password'] != 'keep') { $slashedPassword = PMA_Util::sqlAddSlashes($_POST['pma_pw']); if (isset($_REQUEST['authentication_plugin']) && $_REQUEST['authentication_plugin']) { if (PMA_MYSQL_INT_VERSION >= 50700) { $create_user_stmt .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin'] . ' BY \'%s\''; $create_user_show = sprintf($create_user_stmt, '***'); $create_user_real = sprintf($create_user_stmt, $slashedPassword); } else { $create_user_stmt .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin']; $create_user_show = $create_user_real = $create_user_stmt; } } else { $sql_query_stmt .= ' IDENTIFIED BY \'%s\' '; $sql_query = sprintf($sql_query_stmt, '***'); $real_sql_query = sprintf($sql_query_stmt, $slashedPassword); } $password_set_real = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, $slashedPassword); } else { $slashedPassword = PMA_Util::sqlAddSlashes($password); if ($_POST['pred_password'] == 'keep' && !empty($password)) { if (isset($_REQUEST['authentication_plugin']) && $_REQUEST['authentication_plugin']) { if (PMA_MYSQL_INT_VERSION >= 50700) { $create_user_stmt .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin'] . ' BY \'%s\''; $create_user_show = sprintf($create_user_stmt, '***'); $create_user_real = sprintf($create_user_stmt, $slashedPassword); } else { $create_user_stmt .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin']; $create_user_show = $create_user_real = $create_user_stmt; } $password_set_real = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, $slashedPassword); } else { $sql_query_stmt .= ' IDENTIFIED BY \'%s\' '; $sql_query = sprintf($sql_query_stmt, '***'); $real_sql_query = sprintf($sql_query_stmt, $slashedPassword); $password_set_real = null; } } elseif ($_POST['pred_password'] == 'keep' && empty($password)) { if (isset($_REQUEST['authentication_plugin']) && $_REQUEST['authentication_plugin']) { if (PMA_MYSQL_INT_VERSION >= 50700) { $create_user_stmt .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin'] . ' BY \'%s\''; $create_user_show = sprintf($create_user_stmt, '***'); $create_user_real = sprintf($create_user_stmt, null); } else { $create_user_stmt .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin']; $create_user_show = $create_user_real = $create_user_stmt; } $password_set_real = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, null); } else { $sql_query_stmt .= ' IDENTIFIED BY \'%s\' '; $sql_query = sprintf($sql_query_stmt, '***'); $real_sql_query = sprintf($sql_query_stmt, null); $password_set_real = null; } } } // add REQUIRE clause $require_clause = PMA_getRequireClause(); $real_sql_query .= $require_clause; $sql_query .= $require_clause; if (isset($_POST['Grant_priv']) && $_POST['Grant_priv'] == 'Y' || (isset($_POST['max_questions']) || isset($_POST['max_connections']) || isset($_POST['max_updates']) || isset($_POST['max_user_connections']))) { $with_clause = PMA_getWithClauseForAddUserAndUpdatePrivs(); $real_sql_query .= $with_clause; $sql_query .= $with_clause; } if (isset($create_user_real)) { $create_user_real .= ';'; $create_user_show .= ';'; } $real_sql_query .= ';'; $sql_query .= ';'; // No Global GRANT_OPTION privilege if (!$GLOBALS['is_grantuser']) { $real_sql_query = ''; $sql_query = ''; } if (PMA_Util::getServerType() == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50700) { $password_set_real = null; $password_set_show = null; } else { $password_set_real .= ";"; $password_set_show .= ";"; } return array($create_user_real, $create_user_show, $real_sql_query, $sql_query, $password_set_real, $password_set_show); }
echo '</div>'; echo '<div id="main_pane_right">'; if ($server > 0 && $GLOBALS['cfg']['ShowServerInfo']) { echo '<div class="group">'; echo '<h2>' . __('Database server') . '</h2>'; echo '<ul>' . "\n"; PMA_printListItem( __('Server') . ': ' . $server_info, 'li_server_info' ); PMA_printListItem( __('Software') . ': ' . PMA_Util::getServerType(), 'li_server_type' ); PMA_printListItem( __('Software version') . ': ' . PMA_MYSQL_STR_VERSION . ' - ' . PMA_MYSQL_VERSION_COMMENT, 'li_server_version' ); PMA_printListItem( __('Protocol version') . ': ' . PMA_DBI_get_proto_info(), 'li_mysql_proto' ); PMA_printListItem( __('User') . ': ' . htmlspecialchars($mysql_cur_user_and_host), 'li_user_info' );