/** * Get HTML for the Change password dialog * * @param string $username username * @param string $hostname hostname * * @return string html snippet */ function PMA_getHtmlForChangePassword($username, $hostname) { /** * autocomplete feature of IE kills the "onchange" event handler and it * must be replaced by the "onpropertychange" one in this case */ $chg_evt_handler = PMA_USR_BROWSER_AGENT == 'IE' && PMA_USR_BROWSER_VER >= 5 && PMA_USR_BROWSER_VER < 7 ? 'onpropertychange' : 'onchange'; $is_privileges = basename($_SERVER['SCRIPT_NAME']) === 'server_privileges.php'; $html = '<form method="post" id="change_password_form" ' . 'action="' . basename($GLOBALS['PMA_PHP_SELF']) . '" ' . 'name="chgPassword" ' . 'class="' . ($is_privileges ? 'submenu-item' : '') . '">'; $html .= PMA_URL_getHiddenInputs(); if (strpos($GLOBALS['PMA_PHP_SELF'], 'server_privileges') !== false) { $html .= '<input type="hidden" name="username" ' . 'value="' . htmlspecialchars($username) . '" />' . '<input type="hidden" name="hostname" ' . 'value="' . htmlspecialchars($hostname) . '" />'; } $html .= '<fieldset id="fieldset_change_password">' . '<legend' . ($is_privileges ? ' data-submenu-label="' . __('Change password') . '"' : '') . '>' . __('Change password') . '</legend>' . '<table class="data noclick">' . '<tr class="odd">' . '<td colspan="2">' . '<input type="radio" name="nopass" value="1" id="nopass_1" ' . 'onclick="pma_pw.value = \'\'; pma_pw2.value = \'\'; ' . 'this.checked = true" />' . '<label for="nopass_1">' . __('No Password') . '</label>' . '</td>' . '</tr>' . '<tr class="even vmiddle">' . '<td>' . '<input type="radio" name="nopass" value="0" id="nopass_0" ' . 'onclick="document.getElementById(\'text_pma_pw\').focus();" ' . 'checked="checked" />' . '<label for="nopass_0">' . __('Password:'******' </label>' . '</td>' . '<td>' . '<input type="password" name="pma_pw" id="text_pma_pw" size="10" ' . 'class="textfield"' . $chg_evt_handler . '="nopass[1].checked = true" />' . ' ' . __('Re-type:') . ' ' . '<input type="password" name="pma_pw2" id="text_pma_pw2" size="10" ' . 'class="textfield"' . $chg_evt_handler . '="nopass[1].checked = true" />' . '</td>' . '</tr>'; $html .= '<tr class="vmiddle">' . '<td>' . __('Password Hashing:') . '</td><td>'; $serverType = PMA\libraries\Util::getServerType(); $orig_auth_plugin = PMA_getCurrentAuthenticationPlugin('change', $username, $hostname); if ($serverType == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50507 || $serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200) { $auth_plugin_dropdown = PMA_getHtmlForAuthPluginsDropdown($username, $hostname, $orig_auth_plugin, 'change_pw', 'new'); $html .= $auth_plugin_dropdown; $html .= '</td></tr>'; $html .= '<tr id="tr_element_before_generate_password"></tr>'; $html .= '</table>'; $html .= '<div ' . ($orig_auth_plugin != 'sha256_password' ? 'style="display:none"' : '') . ' id="ssl_reqd_warning_cp">' . Message::notice(__('This method requires using an \'<i>SSL connection</i>\' ' . 'or an \'<i>unencrypted connection that encrypts the password ' . 'using RSA</i>\'; while connecting to the server.') . PMA\libraries\Util::showMySQLDocu('sha256-authentication-plugin'))->getDisplay() . '</div>'; $html .= '<div ' . ($orig_auth_plugin != 'sha256_password' ? 'style="display:none"' : '') . ' id="ssl_reqd_warning_cp">' . Message::notice(__('This method requires using an \'<i>SSL connection</i>\' ' . 'or an \'<i>unencrypted connection that encrypts the password ' . 'using RSA</i>\'; while connecting to the server.') . PMA\libraries\Util::showMySQLDocu('sha256-authentication-plugin'))->getDisplay() . '</div>'; } else { $auth_plugin_dropdown = PMA_getHtmlForAuthPluginsDropdown($username, $hostname, $orig_auth_plugin, 'change_pw', 'old'); $html .= $auth_plugin_dropdown . '</td></tr>' . '<tr id="tr_element_before_generate_password"></tr>' . '</table>'; } $html .= '</fieldset>' . '<fieldset id="fieldset_change_password_footer" class="tblFooters">' . '<input type="hidden" name="change_pw" value="1" />' . '<input type="submit" value="' . __('Go') . '" />' . '</fieldset>' . '</form>'; return $html; }
echo '</ul>'; // User preferences if ($server > 0) { echo '<ul>'; PMA_printListItem(PMA\libraries\Util::getImage('b_tblops.png') . " " . __('More settings'), 'li_user_preferences', 'prefs_manage.php' . $common_url_query, null, null, null, "no_bullets"); echo '</ul>'; } echo '</div>'; echo '</div>'; echo '<div id="main_pane_right">'; if ($server > 0 && $GLOBALS['cfg']['ShowServerInfo']) { echo '<div class="group">'; echo '<h2>', __('Database server'), '</h2>'; echo '<ul>', "\n"; PMA_printListItem(__('Server:') . ' ' . $server_info, 'li_server_info'); PMA_printListItem(__('Server type:') . ' ' . PMA\libraries\Util::getServerType(), 'li_server_type'); PMA_printListItem(__('Server version:') . ' ' . PMA_MYSQL_STR_VERSION . ' - ' . PMA_MYSQL_VERSION_COMMENT, 'li_server_version'); PMA_printListItem(__('Protocol version:') . ' ' . $GLOBALS['dbi']->getProtoInfo(), 'li_mysql_proto'); PMA_printListItem(__('User:'******' ' . htmlspecialchars($mysql_cur_user_and_host), 'li_user_info'); echo ' <li id="li_select_mysql_charset">'; echo ' ', __('Server charset:'), ' ' . ' <span lang="en" dir="ltr">'; echo ' ', $mysql_charsets_descriptions[$mysql_charset_map['utf-8']]; echo ' (', $mysql_charset_map['utf-8'], ')' . ' </span>' . ' </li>' . ' </ul>' . ' </div>'; } if ($GLOBALS['cfg']['ShowServerInfo'] || $GLOBALS['cfg']['ShowPhpInfo']) { echo '<div class="group">'; echo '<h2>', __('Web server'), '</h2>'; echo '<ul>'; if ($GLOBALS['cfg']['ShowServerInfo']) { PMA_printListItem($_SERVER['SERVER_SOFTWARE'], 'li_web_server_software'); if ($server > 0) {
/** * Changes password for a user * * @param string $username Username * @param string $hostname Hostname * @param string $password Password * @param string $sql_query SQL query * @param string $hashing_function Hashing function * @param string $orig_auth_plugin Original Authentication Plugin * * @return void */ function PMA_changePassUrlParamsAndSubmitQuery($username, $hostname, $password, $sql_query, $hashing_function, $orig_auth_plugin) { $err_url = 'user_password.php' . PMA_URL_getCommon(); $serverType = PMA\libraries\Util::getServerType(); if ($serverType == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706) { $local_query = 'ALTER USER \'' . $username . '\'@\'' . $hostname . '\'' . ' IDENTIFIED with ' . $orig_auth_plugin . ' BY ' . ($password == '' ? '\'\'' : '\'' . PMA\libraries\Util::sqlAddSlashes($password) . '\''); } else { if ($serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200 && PMA_MYSQL_INT_VERSION < 100100 && $orig_auth_plugin !== '') { if ($orig_auth_plugin == 'mysql_native_password') { // Set the hashing method used by PASSWORD() // to be 'mysql_native_password' type $GLOBALS['dbi']->tryQuery('SET old_passwords = 0;'); } else { if ($orig_auth_plugin == 'sha256_password') { // Set the hashing method used by PASSWORD() // to be 'sha256_password' type $GLOBALS['dbi']->tryQuery('SET `old_passwords` = 2;'); } } $hashedPassword = PMA_getHashedPassword($_POST['pma_pw']); $local_query = "UPDATE `mysql`.`user` SET" . " `authentication_string` = '" . $hashedPassword . "', `Password` = '', " . " `plugin` = '" . $orig_auth_plugin . "'" . " WHERE `User` = '" . $username . "' AND Host = '" . $hostname . "';"; } else { $local_query = 'SET password = '******'' ? '\'\'' : $hashing_function . '(\'' . PMA\libraries\Util::sqlAddSlashes($password) . '\')'); } } if (!@$GLOBALS['dbi']->tryQuery($local_query)) { PMA\libraries\Util::mysqlDie($GLOBALS['dbi']->getError(), $sql_query, false, $err_url); } // Flush privileges after successful password change $GLOBALS['dbi']->tryQuery("FLUSH PRIVILEGES;"); }
/** * Generate the error url and submit the query * * @param string $username Username * @param string $hostname Hostname * @param string $password Password * @param string $sql_query SQL query * @param string $hashing_function Hashing function * @param string $auth_plugin Authentication Plugin * * @return void */ function PMA_changePassUrlParamsAndSubmitQuery($username, $hostname, $password, $sql_query, $hashing_function, $auth_plugin) { $err_url = 'user_password.php' . PMA_URL_getCommon(); if (PMA\libraries\Util::getServerType() === 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706) { $local_query = 'ALTER USER \'' . $username . '\'@\'' . $hostname . '\'' . ' IDENTIFIED with ' . $auth_plugin . ' BY ' . ($password == '' ? '\'\'' : '\'' . PMA\libraries\Util::sqlAddSlashes($password) . '\''); } else { $local_query = 'SET password = '******'' ? '\'\'' : $hashing_function . '(\'' . PMA\libraries\Util::sqlAddSlashes($password) . '\')'); } if (!@$GLOBALS['dbi']->tryQuery($local_query)) { PMA\libraries\Util::mysqlDie($GLOBALS['dbi']->getError(), $sql_query, false, $err_url); } }