/**
* Get HTML for the Change password dialog
*
* @param string $username username
* @param string $hostname hostname
*
* @return string html snippet
*/
function PMA_getHtmlForChangePassword($username, $hostname)
{
/**
* autocomplete feature of IE kills the "onchange" event handler and it
* must be replaced by the "onpropertychange" one in this case
*/
$chg_evt_handler = PMA_USR_BROWSER_AGENT == 'IE' && PMA_USR_BROWSER_VER >= 5 && PMA_USR_BROWSER_VER < 7 ? 'onpropertychange' : 'onchange';
$is_privileges = basename($_SERVER['SCRIPT_NAME']) === 'server_privileges.php';
$html = '<form method="post" id="change_password_form" ' . 'action="' . basename($GLOBALS['PMA_PHP_SELF']) . '" ' . 'name="chgPassword" ' . 'class="' . ($is_privileges ? 'submenu-item' : '') . '">';
$html .= PMA_URL_getHiddenInputs();
if (strpos($GLOBALS['PMA_PHP_SELF'], 'server_privileges') !== false) {
$html .= '<input type="hidden" name="username" ' . 'value="' . htmlspecialchars($username) . '" />' . '<input type="hidden" name="hostname" ' . 'value="' . htmlspecialchars($hostname) . '" />';
}
$html .= '<fieldset id="fieldset_change_password">' . '<legend' . ($is_privileges ? ' data-submenu-label="' . __('Change password') . '"' : '') . '>' . __('Change password') . '</legend>' . '<table class="data noclick">' . '<tr class="odd">' . '<td colspan="2">' . '<input type="radio" name="nopass" value="1" id="nopass_1" ' . 'onclick="pma_pw.value = \'\'; pma_pw2.value = \'\'; ' . 'this.checked = true" />' . '<label for="nopass_1">' . __('No Password') . '</label>' . '</td>' . '</tr>' . '<tr class="even vmiddle">' . '<td>' . '<input type="radio" name="nopass" value="0" id="nopass_0" ' . 'onclick="document.getElementById(\'text_pma_pw\').focus();" ' . 'checked="checked" />' . '<label for="nopass_0">' . __('Password:'******' </label>' . '</td>' . '<td>' . '<input type="password" name="pma_pw" id="text_pma_pw" size="10" ' . 'class="textfield"' . $chg_evt_handler . '="nopass[1].checked = true" />' . ' ' . __('Re-type:') . ' ' . '<input type="password" name="pma_pw2" id="text_pma_pw2" size="10" ' . 'class="textfield"' . $chg_evt_handler . '="nopass[1].checked = true" />' . '</td>' . '</tr>';
$html .= '<tr class="vmiddle">' . '<td>' . __('Password Hashing:') . '</td><td>';
$serverType = PMA\libraries\Util::getServerType();
$orig_auth_plugin = PMA_getCurrentAuthenticationPlugin('change', $username, $hostname);
if ($serverType == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50507 || $serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200) {
$auth_plugin_dropdown = PMA_getHtmlForAuthPluginsDropdown($username, $hostname, $orig_auth_plugin, 'change_pw', 'new');
$html .= $auth_plugin_dropdown;
$html .= '</td></tr>';
$html .= '<tr id="tr_element_before_generate_password"></tr>';
$html .= '</table>';
$html .= '<div ' . ($orig_auth_plugin != 'sha256_password' ? 'style="display:none"' : '') . ' id="ssl_reqd_warning_cp">' . Message::notice(__('This method requires using an \'<i>SSL connection</i>\' ' . 'or an \'<i>unencrypted connection that encrypts the password ' . 'using RSA</i>\'; while connecting to the server.') . PMA\libraries\Util::showMySQLDocu('sha256-authentication-plugin'))->getDisplay() . '</div>';
$html .= '<div ' . ($orig_auth_plugin != 'sha256_password' ? 'style="display:none"' : '') . ' id="ssl_reqd_warning_cp">' . Message::notice(__('This method requires using an \'<i>SSL connection</i>\' ' . 'or an \'<i>unencrypted connection that encrypts the password ' . 'using RSA</i>\'; while connecting to the server.') . PMA\libraries\Util::showMySQLDocu('sha256-authentication-plugin'))->getDisplay() . '</div>';
} else {
$auth_plugin_dropdown = PMA_getHtmlForAuthPluginsDropdown($username, $hostname, $orig_auth_plugin, 'change_pw', 'old');
$html .= $auth_plugin_dropdown . '</td></tr>' . '<tr id="tr_element_before_generate_password"></tr>' . '</table>';
}
$html .= '</fieldset>' . '<fieldset id="fieldset_change_password_footer" class="tblFooters">' . '<input type="hidden" name="change_pw" value="1" />' . '<input type="submit" value="' . __('Go') . '" />' . '</fieldset>' . '</form>';
return $html;
}
echo '</ul>';
// User preferences
if ($server > 0) {
echo '<ul>';
PMA_printListItem(PMA\libraries\Util::getImage('b_tblops.png') . " " . __('More settings'), 'li_user_preferences', 'prefs_manage.php' . $common_url_query, null, null, null, "no_bullets");
echo '</ul>';
}
echo '</div>';
echo '</div>';
echo '<div id="main_pane_right">';
if ($server > 0 && $GLOBALS['cfg']['ShowServerInfo']) {
echo '<div class="group">';
echo '<h2>', __('Database server'), '</h2>';
echo '<ul>', "\n";
PMA_printListItem(__('Server:') . ' ' . $server_info, 'li_server_info');
PMA_printListItem(__('Server type:') . ' ' . PMA\libraries\Util::getServerType(), 'li_server_type');
PMA_printListItem(__('Server version:') . ' ' . PMA_MYSQL_STR_VERSION . ' - ' . PMA_MYSQL_VERSION_COMMENT, 'li_server_version');
PMA_printListItem(__('Protocol version:') . ' ' . $GLOBALS['dbi']->getProtoInfo(), 'li_mysql_proto');
PMA_printListItem(__('User:'******' ' . htmlspecialchars($mysql_cur_user_and_host), 'li_user_info');
echo ' <li id="li_select_mysql_charset">';
echo ' ', __('Server charset:'), ' ' . ' <span lang="en" dir="ltr">';
echo ' ', $mysql_charsets_descriptions[$mysql_charset_map['utf-8']];
echo ' (', $mysql_charset_map['utf-8'], ')' . ' </span>' . ' </li>' . ' </ul>' . ' </div>';
}
if ($GLOBALS['cfg']['ShowServerInfo'] || $GLOBALS['cfg']['ShowPhpInfo']) {
echo '<div class="group">';
echo '<h2>', __('Web server'), '</h2>';
echo '<ul>';
if ($GLOBALS['cfg']['ShowServerInfo']) {
PMA_printListItem($_SERVER['SERVER_SOFTWARE'], 'li_web_server_software');
if ($server > 0) {
/**
* Changes password for a user
*
* @param string $username Username
* @param string $hostname Hostname
* @param string $password Password
* @param string $sql_query SQL query
* @param string $hashing_function Hashing function
* @param string $orig_auth_plugin Original Authentication Plugin
*
* @return void
*/
function PMA_changePassUrlParamsAndSubmitQuery($username, $hostname, $password, $sql_query, $hashing_function, $orig_auth_plugin)
{
$err_url = 'user_password.php' . PMA_URL_getCommon();
$serverType = PMA\libraries\Util::getServerType();
if ($serverType == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706) {
$local_query = 'ALTER USER \'' . $username . '\'@\'' . $hostname . '\'' . ' IDENTIFIED with ' . $orig_auth_plugin . ' BY ' . ($password == '' ? '\'\'' : '\'' . PMA\libraries\Util::sqlAddSlashes($password) . '\'');
} else {
if ($serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200 && PMA_MYSQL_INT_VERSION < 100100 && $orig_auth_plugin !== '') {
if ($orig_auth_plugin == 'mysql_native_password') {
// Set the hashing method used by PASSWORD()
// to be 'mysql_native_password' type
$GLOBALS['dbi']->tryQuery('SET old_passwords = 0;');
} else {
if ($orig_auth_plugin == 'sha256_password') {
// Set the hashing method used by PASSWORD()
// to be 'sha256_password' type
$GLOBALS['dbi']->tryQuery('SET `old_passwords` = 2;');
}
}
$hashedPassword = PMA_getHashedPassword($_POST['pma_pw']);
$local_query = "UPDATE `mysql`.`user` SET" . " `authentication_string` = '" . $hashedPassword . "', `Password` = '', " . " `plugin` = '" . $orig_auth_plugin . "'" . " WHERE `User` = '" . $username . "' AND Host = '" . $hostname . "';";
} else {
$local_query = 'SET password = '******'' ? '\'\'' : $hashing_function . '(\'' . PMA\libraries\Util::sqlAddSlashes($password) . '\')');
}
}
if (!@$GLOBALS['dbi']->tryQuery($local_query)) {
PMA\libraries\Util::mysqlDie($GLOBALS['dbi']->getError(), $sql_query, false, $err_url);
}
// Flush privileges after successful password change
$GLOBALS['dbi']->tryQuery("FLUSH PRIVILEGES;");
}
/**
* Generate the error url and submit the query
*
* @param string $username Username
* @param string $hostname Hostname
* @param string $password Password
* @param string $sql_query SQL query
* @param string $hashing_function Hashing function
* @param string $auth_plugin Authentication Plugin
*
* @return void
*/
function PMA_changePassUrlParamsAndSubmitQuery($username, $hostname, $password, $sql_query, $hashing_function, $auth_plugin)
{
$err_url = 'user_password.php' . PMA_URL_getCommon();
if (PMA\libraries\Util::getServerType() === 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706) {
$local_query = 'ALTER USER \'' . $username . '\'@\'' . $hostname . '\'' . ' IDENTIFIED with ' . $auth_plugin . ' BY ' . ($password == '' ? '\'\'' : '\'' . PMA\libraries\Util::sqlAddSlashes($password) . '\'');
} else {
$local_query = 'SET password = '******'' ? '\'\'' : $hashing_function . '(\'' . PMA\libraries\Util::sqlAddSlashes($password) . '\')');
}
if (!@$GLOBALS['dbi']->tryQuery($local_query)) {
PMA\libraries\Util::mysqlDie($GLOBALS['dbi']->getError(), $sql_query, false, $err_url);
}
}
