/**
* Get HTML for the Change password dialog
*
* @param string $username username
* @param string $hostname hostname
*
* @return string html snippet
*/
function PMA_getHtmlForChangePassword($username, $hostname)
{
/**
* autocomplete feature of IE kills the "onchange" event handler and it
* must be replaced by the "onpropertychange" one in this case
*/
$chg_evt_handler = PMA_USR_BROWSER_AGENT == 'IE' && PMA_USR_BROWSER_VER >= 5 && PMA_USR_BROWSER_VER < 7 ? 'onpropertychange' : 'onchange';
$is_privileges = basename($_SERVER['SCRIPT_NAME']) === 'server_privileges.php';
$html = '<form method="post" id="change_password_form" ' . 'action="' . basename($GLOBALS['PMA_PHP_SELF']) . '" ' . 'name="chgPassword" ' . 'class="' . ($is_privileges ? 'submenu-item' : '') . '">';
$html .= PMA_URL_getHiddenInputs();
if (strpos($GLOBALS['PMA_PHP_SELF'], 'server_privileges') !== false) {
$html .= '<input type="hidden" name="username" ' . 'value="' . htmlspecialchars($username) . '" />' . '<input type="hidden" name="hostname" ' . 'value="' . htmlspecialchars($hostname) . '" />';
}
$html .= '<fieldset id="fieldset_change_password">' . '<legend' . ($is_privileges ? ' data-submenu-label="' . __('Change password') . '"' : '') . '>' . __('Change password') . '</legend>' . '<table class="data noclick">' . '<tr class="odd">' . '<td colspan="2">' . '<input type="radio" name="nopass" value="1" id="nopass_1" ' . 'onclick="pma_pw.value = \'\'; pma_pw2.value = \'\'; ' . 'this.checked = true" />' . '<label for="nopass_1">' . __('No Password') . '</label>' . '</td>' . '</tr>' . '<tr class="even vmiddle">' . '<td>' . '<input type="radio" name="nopass" value="0" id="nopass_0" ' . 'onclick="document.getElementById(\'text_pma_pw\').focus();" ' . 'checked="checked" />' . '<label for="nopass_0">' . __('Password:'******' </label>' . '</td>' . '<td>' . '<input type="password" name="pma_pw" id="text_pma_pw" size="10" ' . 'class="textfield"' . $chg_evt_handler . '="nopass[1].checked = true" />' . ' ' . __('Re-type:') . ' ' . '<input type="password" name="pma_pw2" id="text_pma_pw2" size="10" ' . 'class="textfield"' . $chg_evt_handler . '="nopass[1].checked = true" />' . '</td>' . '</tr>';
$html .= '<tr class="vmiddle">' . '<td>' . __('Password Hashing:') . '</td><td>';
$serverType = PMA\libraries\Util::getServerType();
$orig_auth_plugin = PMA_getCurrentAuthenticationPlugin('change', $username, $hostname);
if ($serverType == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50507 || $serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200) {
$auth_plugin_dropdown = PMA_getHtmlForAuthPluginsDropdown($username, $hostname, $orig_auth_plugin, 'change_pw', 'new');
$html .= $auth_plugin_dropdown;
$html .= '</td></tr>';
$html .= '<tr id="tr_element_before_generate_password"></tr>';
$html .= '</table>';
$html .= '<div ' . ($orig_auth_plugin != 'sha256_password' ? 'style="display:none"' : '') . ' id="ssl_reqd_warning_cp">' . Message::notice(__('This method requires using an \'<i>SSL connection</i>\' ' . 'or an \'<i>unencrypted connection that encrypts the password ' . 'using RSA</i>\'; while connecting to the server.') . PMA\libraries\Util::showMySQLDocu('sha256-authentication-plugin'))->getDisplay() . '</div>';
$html .= '<div ' . ($orig_auth_plugin != 'sha256_password' ? 'style="display:none"' : '') . ' id="ssl_reqd_warning_cp">' . Message::notice(__('This method requires using an \'<i>SSL connection</i>\' ' . 'or an \'<i>unencrypted connection that encrypts the password ' . 'using RSA</i>\'; while connecting to the server.') . PMA\libraries\Util::showMySQLDocu('sha256-authentication-plugin'))->getDisplay() . '</div>';
} else {
$auth_plugin_dropdown = PMA_getHtmlForAuthPluginsDropdown($username, $hostname, $orig_auth_plugin, 'change_pw', 'old');
$html .= $auth_plugin_dropdown . '</td></tr>' . '<tr id="tr_element_before_generate_password"></tr>' . '</table>';
}
$html .= '</fieldset>' . '<fieldset id="fieldset_change_password_footer" class="tblFooters">' . '<input type="hidden" name="change_pw" value="1" />' . '<input type="submit" value="' . __('Go') . '" />' . '</fieldset>' . '</form>';
return $html;
}
/**
* Get HTML for the Change password dialog
*
* @param string $username username
* @param string $hostname hostname
*
* @return string html snippet
*/
function PMA_getHtmlForChangePassword($username, $hostname)
{
/**
* autocomplete feature of IE kills the "onchange" event handler and it
* must be replaced by the "onpropertychange" one in this case
*/
$chg_evt_handler = PMA_USR_BROWSER_AGENT == 'IE' && PMA_USR_BROWSER_VER >= 5 && PMA_USR_BROWSER_VER < 7 ? 'onpropertychange' : 'onchange';
$is_privileges = basename($_SERVER['SCRIPT_NAME']) === 'server_privileges.php';
$html = '<form method="post" id="change_password_form" ' . 'action="' . basename($GLOBALS['PMA_PHP_SELF']) . '" ' . 'name="chgPassword" ' . 'class="' . ($is_privileges ? 'submenu-item' : '') . '">';
$html .= PMA_URL_getHiddenInputs();
if (strpos($GLOBALS['PMA_PHP_SELF'], 'server_privileges') !== false) {
$html .= '<input type="hidden" name="username" ' . 'value="' . htmlspecialchars($username) . '" />' . '<input type="hidden" name="hostname" ' . 'value="' . htmlspecialchars($hostname) . '" />';
}
$html .= '<fieldset id="fieldset_change_password">' . '<legend' . ($is_privileges ? ' data-submenu-label="' . __('Change password') . '"' : '') . '>' . __('Change password') . '</legend>' . '<table class="data noclick">' . '<tr class="odd">' . '<td colspan="2">' . '<input type="radio" name="nopass" value="1" id="nopass_1" ' . 'onclick="pma_pw.value = \'\'; pma_pw2.value = \'\'; ' . 'this.checked = true" />' . '<label for="nopass_1">' . __('No Password') . '</label>' . '</td>' . '</tr>' . '<tr class="even vmiddle">' . '<td>' . '<input type="radio" name="nopass" value="0" id="nopass_0" ' . 'onclick="document.getElementById(\'text_pma_pw\').focus();" ' . 'checked="checked" />' . '<label for="nopass_0">' . __('Password:'******' </label>' . '</td>' . '<td>' . '<input type="password" name="pma_pw" id="text_pma_pw" size="10" ' . 'class="textfield"' . $chg_evt_handler . '="nopass[1].checked = true" />' . ' ' . __('Re-type:') . ' ' . '<input type="password" name="pma_pw2" id="text_pma_pw2" size="10" ' . 'class="textfield"' . $chg_evt_handler . '="nopass[1].checked = true" />' . '</td>' . '</tr>';
$default_auth_plugin = PMA_getCurrentAuthenticationPlugin('change', $username, $hostname);
// See http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-5.html
if (PMA_MYSQL_INT_VERSION >= 50705) {
$html .= '<tr class="vmiddle">' . '<td>' . __('Password Hashing:') . '</td>' . '<td>' . '<input type="radio" name="pw_hash" id="radio_pw_hash_mysql_native" ' . 'value="mysql_native_password"';
if ($default_auth_plugin == 'mysql_native_password') {
$html .= '" checked="checked"';
}
$html .= ' />' . '<label for="radio_pw_hash_mysql_native">' . __('MySQL native password') . '</label>' . '</td>' . '</tr>' . '<tr id="tr_element_before_generate_password">' . '<td> </td>' . '<td>' . '<input type="radio" name="pw_hash" id="radio_pw_hash_sha256" ' . 'value="sha256_password"';
if ($default_auth_plugin == 'sha256_password') {
$html .= '" checked="checked"';
}
$html .= ' />' . '<label for="radio_pw_hash_sha256">' . __('SHA256 password') . '</label>' . '</td>' . '</tr>';
} elseif (PMA_MYSQL_INT_VERSION >= 50606) {
$html .= '<tr class="vmiddle" id="tr_element_before_generate_password">' . '<td>' . __('Password Hashing:') . '</td>' . '<td>' . '<input type="radio" name="pw_hash" id="radio_pw_hash_new" ' . 'value="' . $default_auth_plugin . '" checked="checked" />' . '<label for="radio_pw_hash_new">' . $default_auth_plugin . '</label>' . '</td>' . '</tr>';
} else {
$html .= '<tr class="vmiddle">' . '<td>' . __('Password Hashing:') . '</td>' . '<td>' . '<input type="radio" name="pw_hash" id="radio_pw_hash_new" ' . 'value="mysql_native_password" checked="checked" />' . '<label for="radio_pw_hash_new">mysql_native_password</label>' . '</td>' . '</tr>' . '<tr id="tr_element_before_generate_password" >' . '<td> </td>' . '<td>' . '<input type="radio" name="pw_hash" id="radio_pw_hash_old" ' . 'value="old" />' . '<label for="radio_pw_hash_old">' . __('MySQL 4.0 compatible') . '</label>' . '</td>' . '</tr>';
}
$html .= '</table>';
$html .= '<div ' . ($default_auth_plugin != 'sha256_password' ? 'style="display:none"' : '') . ' id="ssl_reqd_warning">' . PMA_Message::notice(__('This method requires using an \'<i>SSL connection</i>\' ' . 'or an \'<i>unencrypted connection that encrypts the password ' . 'using RSA</i>\'; while connecting to the server.') . PMA_Util::showMySQLDocu('sha256-authentication-plugin'))->getDisplay() . '</div>';
$html .= '</fieldset>' . '<fieldset id="fieldset_change_password_footer" class="tblFooters">' . '<input type="hidden" name="change_pw" value="1" />' . '<input type="submit" value="' . __('Go') . '" />' . '</fieldset>' . '</form>';
return $html;
}
/**
* Displays the fields used by the "new user" form as well as the
* "change login information / copy user" form.
*
* @param string $mode are we creating a new user or are we just
* changing one? (allowed values: 'new', 'change')
* @param string $username User name
* @param string $hostname Host name
*
* @global array $cfg the phpMyAdmin configuration
* @global resource $user_link the database connection
*
* @return string $html_output a HTML snippet
*/
function PMA_getHtmlForLoginInformationFields($mode = 'new', $username = null, $hostname = null)
{
list($username_length, $hostname_length) = PMA_getUsernameAndHostnameLength();
if (isset($GLOBALS['username']) && mb_strlen($GLOBALS['username']) === 0) {
$GLOBALS['pred_username'] = '******';
}
$html_output = '<fieldset id="fieldset_add_user_login">' . "\n" . '<legend>' . __('Login Information') . '</legend>' . "\n" . '<div class="item">' . "\n" . '<label for="select_pred_username">' . "\n" . ' ' . __('User name:') . "\n" . '</label>' . "\n" . '<span class="options">' . "\n";
$html_output .= '<select name="pred_username" id="select_pred_username" ' . 'title="' . __('User name') . '"' . "\n";
$html_output .= ' onchange="' . 'if (this.value == \'any\') {' . ' username.value = \'\'; ' . ' user_exists_warning.style.display = \'none\'; ' . ' username.required = false; ' . '} else if (this.value == \'userdefined\') {' . ' username.focus(); username.select(); ' . ' username.required = true; ' . '}">' . "\n";
$html_output .= '<option value="any"' . (isset($GLOBALS['pred_username']) && $GLOBALS['pred_username'] == 'any' ? ' selected="selected"' : '') . '>' . __('Any user') . '</option>' . "\n";
$html_output .= '<option value="userdefined"' . (!isset($GLOBALS['pred_username']) || $GLOBALS['pred_username'] == 'userdefined' ? ' selected="selected"' : '') . '>' . __('Use text field') . ':</option>' . "\n";
$html_output .= '</select>' . "\n" . '</span>' . "\n";
$html_output .= '<input type="text" name="username" class="autofocus"' . ' maxlength="' . $username_length . '" title="' . __('User name') . '"' . (empty($GLOBALS['username']) ? '' : ' value="' . htmlspecialchars(isset($GLOBALS['new_username']) ? $GLOBALS['new_username'] : $GLOBALS['username']) . '"') . ' onchange="pred_username.value = \'userdefined\'; this.required = true;" ' . (!isset($GLOBALS['pred_username']) || $GLOBALS['pred_username'] == 'userdefined' ? 'required="required"' : '') . ' />' . "\n";
$html_output .= '<div id="user_exists_warning"' . ' name="user_exists_warning" style="display:none;">' . PMA_Message::notice(__('An account already exists with the same username ' . 'but possibly a different hostname.'))->getDisplay() . '</div>';
$html_output .= '</div>';
$html_output .= '<div class="item">' . "\n" . '<label for="select_pred_hostname">' . "\n" . ' ' . __('Host name:') . "\n" . '</label>' . "\n";
$html_output .= '<span class="options">' . "\n" . ' <select name="pred_hostname" id="select_pred_hostname" ' . 'title="' . __('Host name') . '"' . "\n";
$_current_user = $GLOBALS['dbi']->fetchValue('SELECT USER();');
if (!empty($_current_user)) {
$thishost = str_replace("'", '', mb_substr($_current_user, mb_strrpos($_current_user, '@') + 1));
if ($thishost == 'localhost' || $thishost == '127.0.0.1') {
unset($thishost);
}
}
$html_output .= ' onchange="' . 'if (this.value == \'any\') { ' . ' hostname.value = \'%\'; ' . '} else if (this.value == \'localhost\') { ' . ' hostname.value = \'localhost\'; ' . '} ' . (empty($thishost) ? '' : 'else if (this.value == \'thishost\') { ' . ' hostname.value = \'' . addslashes(htmlspecialchars($thishost)) . '\'; ' . '} ') . 'else if (this.value == \'hosttable\') { ' . ' hostname.value = \'\'; ' . ' hostname.required = false; ' . '} else if (this.value == \'userdefined\') {' . ' hostname.focus(); hostname.select(); ' . ' hostname.required = true; ' . '}">' . "\n";
unset($_current_user);
// when we start editing a user, $GLOBALS['pred_hostname'] is not defined
if (!isset($GLOBALS['pred_hostname']) && isset($GLOBALS['hostname'])) {
switch (mb_strtolower($GLOBALS['hostname'])) {
case 'localhost':
case '127.0.0.1':
$GLOBALS['pred_hostname'] = 'localhost';
break;
case '%':
$GLOBALS['pred_hostname'] = 'any';
break;
default:
$GLOBALS['pred_hostname'] = 'userdefined';
break;
}
}
$html_output .= '<option value="any"' . (isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'any' ? ' selected="selected"' : '') . '>' . __('Any host') . '</option>' . "\n" . '<option value="localhost"' . (isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'localhost' ? ' selected="selected"' : '') . '>' . __('Local') . '</option>' . "\n";
if (!empty($thishost)) {
$html_output .= '<option value="thishost"' . (isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'thishost' ? ' selected="selected"' : '') . '>' . __('This Host') . '</option>' . "\n";
}
unset($thishost);
$html_output .= '<option value="hosttable"' . (isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'hosttable' ? ' selected="selected"' : '') . '>' . __('Use Host Table') . '</option>' . "\n";
$html_output .= '<option value="userdefined"' . (isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'userdefined' ? ' selected="selected"' : '') . '>' . __('Use text field:') . '</option>' . "\n" . '</select>' . "\n" . '</span>' . "\n";
$html_output .= '<input type="text" name="hostname" maxlength="' . $hostname_length . '" value="' . htmlspecialchars(isset($GLOBALS['hostname']) ? $GLOBALS['hostname'] : '%') . '" title="' . __('Host name') . '" onchange="pred_hostname.value = \'userdefined\'; ' . 'this.required = true;" ' . (isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'userdefined' ? 'required="required"' : '') . ' />' . "\n" . PMA_Util::showHint(__('When Host table is used, this field is ignored ' . 'and values stored in Host table are used instead.')) . '</div>' . "\n";
$orig_auth_plugin = PMA_getCurrentAuthenticationPlugin($mode, $username, $hostname);
$html_output .= '<div class="item">' . "\n" . '<label for="select_pred_password">' . "\n" . ' ' . __('Password:'******'</label>' . "\n" . '<span class="options">' . "\n" . '<select name="pred_password" id="select_pred_password" title="' . __('Password') . '"' . "\n";
$html_output .= ' onchange="' . 'if (this.value == \'none\') { ' . ' pma_pw.value = \'\'; pma_pw2.value = \'\'; ' . ' pma_pw.required = false; pma_pw2.required = false; ' . '} else if (this.value == \'userdefined\') { ' . ' pma_pw.focus(); pma_pw.select(); ' . ' pma_pw.required = true; pma_pw2.required = true; ' . '} else { ' . ' pma_pw.required = false; pma_pw2.required = false; ' . '}">' . "\n" . ($mode == 'change' ? '<option value="keep" selected="selected">' . __('Do not change the password') . '</option>' . "\n" : '') . '<option value="none"';
if (isset($GLOBALS['username']) && $mode != 'change') {
$html_output .= ' selected="selected"';
}
$html_output .= '>' . __('No Password') . '</option>' . "\n" . '<option value="userdefined"' . (isset($GLOBALS['username']) ? '' : ' selected="selected"') . '>' . __('Use text field') . ':</option>' . "\n" . '</select>' . "\n" . '</span>' . "\n" . '<input type="password" id="text_pma_pw" name="pma_pw" ' . 'title="' . __('Password') . '" ' . 'onchange="pred_password.value = \'userdefined\'; this.required = true; ' . 'pma_pw2.required = true;" ' . (isset($GLOBALS['username']) ? '' : 'required="required"') . '/>' . "\n" . '</div>' . "\n";
$html_output .= '<div class="item" ' . 'id="div_element_before_generate_password">' . "\n" . '<label for="text_pma_pw2">' . "\n" . ' ' . __('Re-type:') . "\n" . '</label>' . "\n" . '<span class="options"> </span>' . "\n" . '<input type="password" name="pma_pw2" id="text_pma_pw2" ' . 'title="' . __('Re-type') . '" ' . 'onchange="pred_password.value = \'userdefined\'; this.required = true; ' . 'pma_pw.required = true;" ' . (isset($GLOBALS['username']) ? '' : 'required="required"') . '/>' . "\n" . '</div>' . "\n" . '<div class="item" id="authentication_plugin_div">' . '<label for="select_authentication_plugin" >' . __('Authentication Plugin') . '</label><span class="options"> </span>' . "\n" . '<select id="select_authentication_plugin" name="authentication_plugin" ' . 'title="' . __('Authentication Plugin') . '" >' . '<option value="mysql_native_password" ' . ($orig_auth_plugin == 'mysql_native_password' ? 'selected ' : '') . '>' . __('MySQL native password') . '</option>';
// sha256 auth plugin exists only for 5.6.6+
if (PMA_Util::getServerType() == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50606) {
$html_output .= '<option value="sha256_password" ' . ($orig_auth_plugin == 'sha256_password' ? ' selected ' : '') . ' >' . __('SHA256 password') . '</option>';
}
$html_output .= '</select>' . '<div id="ssl_reqd_warning" ' . ($orig_auth_plugin == 'sha256_password' ? '' : ' style="display:none"') . ' >' . PMA_Message::notice(__('This method requires using an \'<i>SSL connection</i>\' ' . 'or an \'<i>unencrypted connection that encrypts the password ' . 'using RSA</i>\'; while connecting to the server.') . PMA_Util::showMySQLDocu('sha256-authentication-plugin'))->getDisplay() . '</div>' . '</div>' . "\n" . '</fieldset>' . "\n";
return $html_output;
}
/**
* Update password and get message for password updating
*
* @param string $err_url error url
* @param string $username username
* @param string $hostname hostname
*
* @return string $message success or error message after updating password
*/
function PMA_updatePassword($err_url, $username, $hostname)
{
// similar logic in user_password.php
$message = '';
$is_superuser = $GLOBALS['dbi']->isSuperuser();
if (empty($_REQUEST['nopass']) && isset($_POST['pma_pw']) && isset($_POST['pma_pw2'])) {
if ($_POST['pma_pw'] != $_POST['pma_pw2']) {
$message = Message::error(__('The passwords aren\'t the same!'));
} elseif (empty($_POST['pma_pw']) || empty($_POST['pma_pw2'])) {
$message = Message::error(__('The password is empty!'));
}
}
// here $nopass could be == 1
if (empty($message)) {
$hashing_function = 'PASSWORD';
$serverType = Util::getServerType();
$authentication_plugin = isset($_REQUEST['authentication_plugin']) ? $_REQUEST['authentication_plugin'] : PMA_getCurrentAuthenticationPlugin('change', $username, $hostname);
// Use 'ALTER USER ...' syntax for MySQL 5.7.6+
if ($serverType == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706) {
if ($authentication_plugin != 'mysql_old_password') {
$query_prefix = "ALTER USER '" . Util::sqlAddSlashes($username) . "'@'" . Util::sqlAddSlashes($hostname) . "'" . " IDENTIFIED WITH " . $authentication_plugin . " BY '";
} else {
$query_prefix = "ALTER USER '" . Util::sqlAddSlashes($username) . "'@'" . Util::sqlAddSlashes($hostname) . "'" . " IDENTIFIED BY '";
}
// in $sql_query which will be displayed, hide the password
$sql_query = $query_prefix . "*'";
$local_query = $query_prefix . Util::sqlAddSlashes($_POST['pma_pw']) . "'";
} else {
if ($serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200 && $is_superuser) {
// Use 'UPDATE `mysql`.`user` ...' Syntax for MariaDB 5.2+
if ($authentication_plugin == 'mysql_native_password') {
// Set the hashing method used by PASSWORD()
// to be 'mysql_native_password' type
$GLOBALS['dbi']->tryQuery('SET old_passwords = 0;');
} else {
if ($authentication_plugin == 'sha256_password') {
// Set the hashing method used by PASSWORD()
// to be 'sha256_password' type
$GLOBALS['dbi']->tryQuery('SET `old_passwords` = 2;');
}
}
$hashedPassword = PMA_getHashedPassword($_POST['pma_pw']);
$sql_query = 'SET PASSWORD FOR \'' . Util::sqlAddSlashes($username) . '\'@\'' . Util::sqlAddSlashes($hostname) . '\' = ' . ($_POST['pma_pw'] == '' ? '\'\'' : $hashing_function . '(\'' . preg_replace('@.@s', '*', $_POST['pma_pw']) . '\')');
$local_query = "UPDATE `mysql`.`user` SET " . " `authentication_string` = '" . $hashedPassword . "', `Password` = '', " . " `plugin` = '" . $authentication_plugin . "'" . " WHERE `User` = '" . $username . "' AND Host = '" . $hostname . "';";
$GLOBALS['dbi']->tryQuery("FLUSH PRIVILEGES;");
} else {
// USE 'SET PASSWORD ...' syntax for rest of the versions
// Backup the old value, to be reset later
$row = $GLOBALS['dbi']->fetchSingleRow('SELECT @@old_passwords;');
$orig_value = $row['@@old_passwords'];
$update_plugin_query = "UPDATE `mysql`.`user` SET" . " `plugin` = '" . $authentication_plugin . "'" . " WHERE `User` = '" . $username . "' AND Host = '" . $hostname . "';";
// Update the plugin for the user
if (!$GLOBALS['dbi']->tryQuery($update_plugin_query)) {
Util::mysqlDie($GLOBALS['dbi']->getError(), $update_plugin_query, false, $err_url);
}
$GLOBALS['dbi']->tryQuery("FLUSH PRIVILEGES;");
if ($authentication_plugin == 'mysql_native_password') {
// Set the hashing method used by PASSWORD()
// to be 'mysql_native_password' type
$GLOBALS['dbi']->tryQuery('SET old_passwords = 0;');
} else {
if ($authentication_plugin == 'sha256_password') {
// Set the hashing method used by PASSWORD()
// to be 'sha256_password' type
$GLOBALS['dbi']->tryQuery('SET `old_passwords` = 2;');
}
}
$sql_query = 'SET PASSWORD FOR \'' . Util::sqlAddSlashes($username) . '\'@\'' . Util::sqlAddSlashes($hostname) . '\' = ' . ($_POST['pma_pw'] == '' ? '\'\'' : $hashing_function . '(\'' . preg_replace('@.@s', '*', $_POST['pma_pw']) . '\')');
$local_query = 'SET PASSWORD FOR \'' . Util::sqlAddSlashes($username) . '\'@\'' . Util::sqlAddSlashes($hostname) . '\' = ' . ($_POST['pma_pw'] == '' ? '\'\'' : $hashing_function . '(\'' . Util::sqlAddSlashes($_POST['pma_pw']) . '\')');
}
}
if (!$GLOBALS['dbi']->tryQuery($local_query)) {
Util::mysqlDie($GLOBALS['dbi']->getError(), $sql_query, false, $err_url);
}
$message = Message::success(__('The password for %s was changed successfully.'));
$message->addParam('\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'');
if (isset($orig_value)) {
$GLOBALS['dbi']->tryQuery('SET `old_passwords` = ' . $orig_value . ';');
}
}
return $message;
}
/**
* Change the password
*
* @param string $password New password
* @param string $message Message
* @param array $change_password_message Message to show
*
* @return void
*/
function PMA_changePassword($password, $message, $change_password_message)
{
global $auth_plugin;
$hashing_function = PMA_changePassHashingFunction();
$row = $GLOBALS['dbi']->fetchSingleRow('SELECT CURRENT_USER() as user');
$curr_user = $row['user'];
list($username, $hostname) = explode('@', $curr_user);
$serverType = PMA\libraries\Util::getServerType();
if (isset($_REQUEST['authentication_plugin']) && !empty($_REQUEST['authentication_plugin'])) {
$orig_auth_plugin = $_REQUEST['authentication_plugin'];
} else {
$orig_auth_plugin = PMA_getCurrentAuthenticationPlugin('change', $username, $hostname);
}
$sql_query = 'SET password = '******'' ? '\'\'' : $hashing_function . '(\'***\')');
if ($serverType == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706) {
$sql_query = 'ALTER USER \'' . $username . '\'@\'' . $hostname . '\' IDENTIFIED WITH ' . $orig_auth_plugin . ' BY ' . ($password == '' ? '\'\'' : '\'***\'');
} else {
if ($serverType == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50507 || $serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200) {
// For MySQL versions 5.5.7+ and MariaDB versions 5.2+,
// explicitly set value of `old_passwords` so that
// it does not give an error while using
// the PASSWORD() function
if ($orig_auth_plugin == 'sha256_password') {
$value = 2;
} else {
$value = 0;
}
$GLOBALS['dbi']->tryQuery('SET `old_passwords` = ' . $value . ';');
}
}
PMA_changePassUrlParamsAndSubmitQuery($username, $hostname, $password, $sql_query, $hashing_function, $orig_auth_plugin);
$auth_plugin->handlePasswordChange($password);
PMA_getChangePassMessage($change_password_message, $sql_query);
PMA_changePassDisplayPage($message, $sql_query);
}