Esempi in PHP per PMA_getHashedPassword

Esempio n. 1

File: server_privileges.lib.php Progetto: itgsod-philip-skalander/phpmyadmin

/**
 * Get SQL queries for Display and Add user
 *
 * @param string $username username
 * @param string $hostname host name
 * @param string $password password
 *
 * @return array ($create_user_real, $create_user_show,$real_sql_query, $sql_query
 *                $password_set_real, $password_set_show)
 */
function PMA_getSqlQueriesForDisplayAndAddUser($username, $hostname, $password)
{
    $slashedUsername = Util::sqlAddSlashes($username);
    $slashedHostname = Util::sqlAddSlashes($hostname);
    $slashedPassword = Util::sqlAddSlashes($password);
    $serverType = Util::getServerType();
    $create_user_stmt = sprintf('CREATE USER \'%s\'@\'%s\'', $slashedUsername, $slashedHostname);
    // See https://github.com/phpmyadmin/phpmyadmin/pull/11560#issuecomment-147158219
    // for details regarding details of syntax usage for various versions
    // 'IDENTIFIED WITH auth_plugin'
    // is supported by MySQL 5.5.7+
    if (($serverType == 'MySQL' || $serverType == 'Percona Server') && PMA_MYSQL_INT_VERSION >= 50507 && isset($_REQUEST['authentication_plugin'])) {
        $create_user_stmt .= ' IDENTIFIED WITH ' . $_REQUEST['authentication_plugin'];
    }
    // 'IDENTIFIED VIA auth_plugin'
    // is supported by MariaDB 5.2+
    if ($serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200 && isset($_REQUEST['authentication_plugin'])) {
        $create_user_stmt .= ' IDENTIFIED VIA ' . $_REQUEST['authentication_plugin'];
    }
    $create_user_real = $create_user_show = $create_user_stmt;
    $password_set_stmt = 'SET PASSWORD FOR \'%s\'@\'%s\' = \'%s\'';
    $password_set_show = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, '***');
    $sql_query_stmt = sprintf('GRANT %s ON *.* TO \'%s\'@\'%s\'', join(', ', PMA_extractPrivInfo()), $slashedUsername, $slashedHostname);
    $real_sql_query = $sql_query = $sql_query_stmt;
    // Set the proper hashing method
    if (isset($_REQUEST['authentication_plugin'])) {
        PMA_setProperPasswordHashing($_REQUEST['authentication_plugin']);
    }
    // Use 'CREATE USER ... WITH ... AS ..' syntax for
    // newer MySQL versions
    // and 'CREATE USER ... USING .. VIA ..' syntax for
    // newer MariaDB versions
    if (($serverType == 'MySQL' || $serverType == 'Percona Server') && PMA_MYSQL_INT_VERSION >= 50706 || $serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200) {
        $password_set_real = null;
        // Required for binding '%' with '%s'
        $create_user_stmt = str_replace('%', '%%', $create_user_stmt);
        // MariaDB uses 'USING' whereas MySQL uses 'AS'
        if ($serverType == 'MariaDB') {
            $create_user_stmt .= ' USING \'%s\'';
        } else {
            $create_user_stmt .= ' AS \'%s\'';
        }
        if ($_POST['pred_password'] == 'keep') {
            $create_user_real = sprintf($create_user_stmt, $slashedPassword);
            $create_user_show = sprintf($create_user_stmt, '***');
        } else {
            if ($_POST['pred_password'] == 'none') {
                $create_user_real = sprintf($create_user_stmt, null);
                $create_user_show = sprintf($create_user_stmt, '***');
            } else {
                $hashedPassword = PMA_getHashedPassword($_POST['pma_pw']);
                $create_user_real = sprintf($create_user_stmt, $hashedPassword);
                $create_user_show = sprintf($create_user_stmt, '***');
            }
        }
    } else {
        // Use 'SET PASSWORD' syntax for pre-5.7.6 MySQL versions
        // and pre-5.2.0 MariaDB versions
        if ($_POST['pred_password'] == 'keep') {
            $password_set_real = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, $slashedPassword);
        } else {
            if ($_POST['pred_password'] == 'none') {
                $password_set_real = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, null);
            } else {
                $hashedPassword = PMA_getHashedPassword($_POST['pma_pw']);
                $password_set_real = sprintf($password_set_stmt, $slashedUsername, $slashedHostname, $hashedPassword);
            }
        }
    }
    // add REQUIRE clause
    $require_clause = PMA_getRequireClause();
    $real_sql_query .= $require_clause;
    $sql_query .= $require_clause;
    if (isset($_POST['Grant_priv']) && $_POST['Grant_priv'] == 'Y' || (isset($_POST['max_questions']) || isset($_POST['max_connections']) || isset($_POST['max_updates']) || isset($_POST['max_user_connections']))) {
        $with_clause = PMA_getWithClauseForAddUserAndUpdatePrivs();
        $real_sql_query .= $with_clause;
        $sql_query .= $with_clause;
    }
    if (isset($create_user_real)) {
        $create_user_real .= ';';
        $create_user_show .= ';';
    }
    $real_sql_query .= ';';
    $sql_query .= ';';
    // No Global GRANT_OPTION privilege
    if (!$GLOBALS['is_grantuser']) {
        $real_sql_query = '';
        $sql_query = '';
    }
    // Use 'SET PASSWORD' for pre-5.7.6 MySQL versions
    // and pre-5.2.0 MariaDB
    if ($serverType == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706 || $serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200) {
        $password_set_real = null;
        $password_set_show = null;
    } else {
        $password_set_real .= ";";
        $password_set_show .= ";";
    }
    return array($create_user_real, $create_user_show, $real_sql_query, $sql_query, $password_set_real, $password_set_show);
}

Esempio n. 2

File: user_password.php Progetto: Stony-Brook-University/doitsbu

/**
 * Changes password for a user
 *
 * @param string $username         Username
 * @param string $hostname         Hostname
 * @param string $password         Password
 * @param string $sql_query        SQL query
 * @param string $hashing_function Hashing function
 * @param string $orig_auth_plugin Original Authentication Plugin
 *
 * @return void
 */
function PMA_changePassUrlParamsAndSubmitQuery($username, $hostname, $password, $sql_query, $hashing_function, $orig_auth_plugin)
{
    $err_url = 'user_password.php' . PMA_URL_getCommon();
    $serverType = PMA\libraries\Util::getServerType();
    if ($serverType == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706) {
        $local_query = 'ALTER USER \'' . $username . '\'@\'' . $hostname . '\'' . ' IDENTIFIED with ' . $orig_auth_plugin . ' BY ' . ($password == '' ? '\'\'' : '\'' . PMA\libraries\Util::sqlAddSlashes($password) . '\'');
    } else {
        if ($serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200 && PMA_MYSQL_INT_VERSION < 100100 && $orig_auth_plugin !== '') {
            if ($orig_auth_plugin == 'mysql_native_password') {
                // Set the hashing method used by PASSWORD()
                // to be 'mysql_native_password' type
                $GLOBALS['dbi']->tryQuery('SET old_passwords = 0;');
            } else {
                if ($orig_auth_plugin == 'sha256_password') {
                    // Set the hashing method used by PASSWORD()
                    // to be 'sha256_password' type
                    $GLOBALS['dbi']->tryQuery('SET `old_passwords` = 2;');
                }
            }
            $hashedPassword = PMA_getHashedPassword($_POST['pma_pw']);
            $local_query = "UPDATE `mysql`.`user` SET" . " `authentication_string` = '" . $hashedPassword . "', `Password` = '', " . " `plugin` = '" . $orig_auth_plugin . "'" . " WHERE `User` = '" . $username . "' AND Host = '" . $hostname . "';";
        } else {
            $local_query = 'SET password = '******'' ? '\'\'' : $hashing_function . '(\'' . PMA\libraries\Util::sqlAddSlashes($password) . '\')');
        }
    }
    if (!@$GLOBALS['dbi']->tryQuery($local_query)) {
        PMA\libraries\Util::mysqlDie($GLOBALS['dbi']->getError(), $sql_query, false, $err_url);
    }
    // Flush privileges after successful password change
    $GLOBALS['dbi']->tryQuery("FLUSH PRIVILEGES;");
}