/**
 * Get HTML for the Change password dialog
 *
 * @param string $username username
 * @param string $hostname hostname
 *
 * @return string html snippet
 */
function PMA_getHtmlForChangePassword($username, $hostname)
{
    /**
     * autocomplete feature of IE kills the "onchange" event handler and it
     * must be replaced by the "onpropertychange" one in this case
     */
    $chg_evt_handler = PMA_USR_BROWSER_AGENT == 'IE' && PMA_USR_BROWSER_VER >= 5 && PMA_USR_BROWSER_VER < 7 ? 'onpropertychange' : 'onchange';
    $is_privileges = basename($_SERVER['SCRIPT_NAME']) === 'server_privileges.php';
    $html = '<form method="post" id="change_password_form" ' . 'action="' . basename($GLOBALS['PMA_PHP_SELF']) . '" ' . 'name="chgPassword" ' . 'class="' . ($is_privileges ? 'submenu-item' : '') . '">';
    $html .= PMA_URL_getHiddenInputs();
    if (strpos($GLOBALS['PMA_PHP_SELF'], 'server_privileges') !== false) {
        $html .= '<input type="hidden" name="username" ' . 'value="' . htmlspecialchars($username) . '" />' . '<input type="hidden" name="hostname" ' . 'value="' . htmlspecialchars($hostname) . '" />';
    }
    $html .= '<fieldset id="fieldset_change_password">' . '<legend' . ($is_privileges ? ' data-submenu-label="' . __('Change password') . '"' : '') . '>' . __('Change password') . '</legend>' . '<table class="data noclick">' . '<tr class="odd">' . '<td colspan="2">' . '<input type="radio" name="nopass" value="1" id="nopass_1" ' . 'onclick="pma_pw.value = \'\'; pma_pw2.value = \'\'; ' . 'this.checked = true" />' . '<label for="nopass_1">' . __('No Password') . '</label>' . '</td>' . '</tr>' . '<tr class="even vmiddle">' . '<td>' . '<input type="radio" name="nopass" value="0" id="nopass_0" ' . 'onclick="document.getElementById(\'text_pma_pw\').focus();" ' . 'checked="checked" />' . '<label for="nopass_0">' . __('Password:'******'&nbsp;</label>' . '</td>' . '<td>' . '<input type="password" name="pma_pw" id="text_pma_pw" size="10" ' . 'class="textfield"' . $chg_evt_handler . '="nopass[1].checked = true" />' . '&nbsp;&nbsp;' . __('Re-type:') . '&nbsp;' . '<input type="password" name="pma_pw2" id="text_pma_pw2" size="10" ' . 'class="textfield"' . $chg_evt_handler . '="nopass[1].checked = true" />' . '</td>' . '</tr>';
    $html .= '<tr class="vmiddle">' . '<td>' . __('Password Hashing:') . '</td><td>';
    $serverType = PMA\libraries\Util::getServerType();
    $orig_auth_plugin = PMA_getCurrentAuthenticationPlugin('change', $username, $hostname);
    if ($serverType == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50507 || $serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200) {
        $auth_plugin_dropdown = PMA_getHtmlForAuthPluginsDropdown($username, $hostname, $orig_auth_plugin, 'change_pw', 'new');
        $html .= $auth_plugin_dropdown;
        $html .= '</td></tr>';
        $html .= '<tr id="tr_element_before_generate_password"></tr>';
        $html .= '</table>';
        $html .= '<div ' . ($orig_auth_plugin != 'sha256_password' ? 'style="display:none"' : '') . ' id="ssl_reqd_warning_cp">' . Message::notice(__('This method requires using an \'<i>SSL connection</i>\' ' . 'or an \'<i>unencrypted connection that encrypts the password ' . 'using RSA</i>\'; while connecting to the server.') . PMA\libraries\Util::showMySQLDocu('sha256-authentication-plugin'))->getDisplay() . '</div>';
        $html .= '<div ' . ($orig_auth_plugin != 'sha256_password' ? 'style="display:none"' : '') . ' id="ssl_reqd_warning_cp">' . Message::notice(__('This method requires using an \'<i>SSL connection</i>\' ' . 'or an \'<i>unencrypted connection that encrypts the password ' . 'using RSA</i>\'; while connecting to the server.') . PMA\libraries\Util::showMySQLDocu('sha256-authentication-plugin'))->getDisplay() . '</div>';
    } else {
        $auth_plugin_dropdown = PMA_getHtmlForAuthPluginsDropdown($username, $hostname, $orig_auth_plugin, 'change_pw', 'old');
        $html .= $auth_plugin_dropdown . '</td></tr>' . '<tr id="tr_element_before_generate_password"></tr>' . '</table>';
    }
    $html .= '</fieldset>' . '<fieldset id="fieldset_change_password_footer" class="tblFooters">' . '<input type="hidden" name="change_pw" value="1" />' . '<input type="submit" value="' . __('Go') . '" />' . '</fieldset>' . '</form>';
    return $html;
}
/**
 * Get HTML for the Change password dialog
 *
 * @param string $username username
 * @param string $hostname hostname
 *
 * @return string html snippet
 */
function PMA_getHtmlForChangePassword($username, $hostname)
{
    /**
     * autocomplete feature of IE kills the "onchange" event handler and it
     * must be replaced by the "onpropertychange" one in this case
     */
    $chg_evt_handler = PMA_USR_BROWSER_AGENT == 'IE' && PMA_USR_BROWSER_VER >= 5 && PMA_USR_BROWSER_VER < 7 ? 'onpropertychange' : 'onchange';
    $is_privileges = basename($_SERVER['SCRIPT_NAME']) === 'server_privileges.php';
    $html = '<form method="post" id="change_password_form" ' . 'action="' . basename($GLOBALS['PMA_PHP_SELF']) . '" ' . 'name="chgPassword" ' . 'class="' . ($is_privileges ? 'submenu-item' : '') . '">';
    $html .= PMA_URL_getHiddenInputs();
    if (strpos($GLOBALS['PMA_PHP_SELF'], 'server_privileges') !== false) {
        $html .= '<input type="hidden" name="username" ' . 'value="' . htmlspecialchars($username) . '" />' . '<input type="hidden" name="hostname" ' . 'value="' . htmlspecialchars($hostname) . '" />';
    }
    $html .= '<fieldset id="fieldset_change_password">' . '<legend' . ($is_privileges ? ' data-submenu-label="' . __('Change password') . '"' : '') . '>' . __('Change password') . '</legend>' . '<table class="data noclick">' . '<tr class="odd">' . '<td colspan="2">' . '<input type="radio" name="nopass" value="1" id="nopass_1" ' . 'onclick="pma_pw.value = \'\'; pma_pw2.value = \'\'; ' . 'this.checked = true" />' . '<label for="nopass_1">' . __('No Password') . '</label>' . '</td>' . '</tr>' . '<tr class="even vmiddle">' . '<td>' . '<input type="radio" name="nopass" value="0" id="nopass_0" ' . 'onclick="document.getElementById(\'text_pma_pw\').focus();" ' . 'checked="checked" />' . '<label for="nopass_0">' . __('Password:'******'&nbsp;</label>' . '</td>' . '<td>' . '<input type="password" name="pma_pw" id="text_pma_pw" size="10" ' . 'class="textfield"' . $chg_evt_handler . '="nopass[1].checked = true" />' . '&nbsp;&nbsp;' . __('Re-type:') . '&nbsp;' . '<input type="password" name="pma_pw2" id="text_pma_pw2" size="10" ' . 'class="textfield"' . $chg_evt_handler . '="nopass[1].checked = true" />' . '</td>' . '</tr>';
    $default_auth_plugin = PMA_getCurrentAuthenticationPlugin('change', $username, $hostname);
    // See http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-5.html
    if (PMA_MYSQL_INT_VERSION >= 50705) {
        $html .= '<tr class="vmiddle">' . '<td>' . __('Password Hashing:') . '</td>' . '<td>' . '<input type="radio" name="pw_hash" id="radio_pw_hash_mysql_native" ' . 'value="mysql_native_password"';
        if ($default_auth_plugin == 'mysql_native_password') {
            $html .= '" checked="checked"';
        }
        $html .= ' />' . '<label for="radio_pw_hash_mysql_native">' . __('MySQL native password') . '</label>' . '</td>' . '</tr>' . '<tr id="tr_element_before_generate_password">' . '<td>&nbsp;</td>' . '<td>' . '<input type="radio" name="pw_hash" id="radio_pw_hash_sha256" ' . 'value="sha256_password"';
        if ($default_auth_plugin == 'sha256_password') {
            $html .= '" checked="checked"';
        }
        $html .= ' />' . '<label for="radio_pw_hash_sha256">' . __('SHA256 password') . '</label>' . '</td>' . '</tr>';
    } elseif (PMA_MYSQL_INT_VERSION >= 50606) {
        $html .= '<tr class="vmiddle" id="tr_element_before_generate_password">' . '<td>' . __('Password Hashing:') . '</td>' . '<td>' . '<input type="radio" name="pw_hash" id="radio_pw_hash_new" ' . 'value="' . $default_auth_plugin . '" checked="checked" />' . '<label for="radio_pw_hash_new">' . $default_auth_plugin . '</label>' . '</td>' . '</tr>';
    } else {
        $html .= '<tr class="vmiddle">' . '<td>' . __('Password Hashing:') . '</td>' . '<td>' . '<input type="radio" name="pw_hash" id="radio_pw_hash_new" ' . 'value="mysql_native_password" checked="checked" />' . '<label for="radio_pw_hash_new">mysql_native_password</label>' . '</td>' . '</tr>' . '<tr id="tr_element_before_generate_password" >' . '<td>&nbsp;</td>' . '<td>' . '<input type="radio" name="pw_hash" id="radio_pw_hash_old" ' . 'value="old" />' . '<label for="radio_pw_hash_old">' . __('MySQL 4.0 compatible') . '</label>' . '</td>' . '</tr>';
    }
    $html .= '</table>';
    $html .= '<div ' . ($default_auth_plugin != 'sha256_password' ? 'style="display:none"' : '') . ' id="ssl_reqd_warning">' . PMA_Message::notice(__('This method requires using an \'<i>SSL connection</i>\' ' . 'or an \'<i>unencrypted connection that encrypts the password ' . 'using RSA</i>\'; while connecting to the server.') . PMA_Util::showMySQLDocu('sha256-authentication-plugin'))->getDisplay() . '</div>';
    $html .= '</fieldset>' . '<fieldset id="fieldset_change_password_footer" class="tblFooters">' . '<input type="hidden" name="change_pw" value="1" />' . '<input type="submit" value="' . __('Go') . '" />' . '</fieldset>' . '</form>';
    return $html;
}
/**
 * Displays the fields used by the "new user" form as well as the
 * "change login information / copy user" form.
 *
 * @param string $mode     are we creating a new user or are we just
 *                         changing  one? (allowed values: 'new', 'change')
 * @param string $username User name
 * @param string $hostname Host name
 *
 * @global  array      $cfg     the phpMyAdmin configuration
 * @global  resource   $user_link the database connection
 *
 * @return string $html_output  a HTML snippet
 */
function PMA_getHtmlForLoginInformationFields($mode = 'new', $username = null, $hostname = null)
{
    list($username_length, $hostname_length) = PMA_getUsernameAndHostnameLength();
    if (isset($GLOBALS['username']) && mb_strlen($GLOBALS['username']) === 0) {
        $GLOBALS['pred_username'] = '******';
    }
    $html_output = '<fieldset id="fieldset_add_user_login">' . "\n" . '<legend>' . __('Login Information') . '</legend>' . "\n" . '<div class="item">' . "\n" . '<label for="select_pred_username">' . "\n" . '    ' . __('User name:') . "\n" . '</label>' . "\n" . '<span class="options">' . "\n";
    $html_output .= '<select name="pred_username" id="select_pred_username" ' . 'title="' . __('User name') . '"' . "\n";
    $html_output .= '        onchange="' . 'if (this.value == \'any\') {' . '    username.value = \'\'; ' . '    user_exists_warning.style.display = \'none\'; ' . '    username.required = false; ' . '} else if (this.value == \'userdefined\') {' . '    username.focus(); username.select(); ' . '    username.required = true; ' . '}">' . "\n";
    $html_output .= '<option value="any"' . (isset($GLOBALS['pred_username']) && $GLOBALS['pred_username'] == 'any' ? ' selected="selected"' : '') . '>' . __('Any user') . '</option>' . "\n";
    $html_output .= '<option value="userdefined"' . (!isset($GLOBALS['pred_username']) || $GLOBALS['pred_username'] == 'userdefined' ? ' selected="selected"' : '') . '>' . __('Use text field') . ':</option>' . "\n";
    $html_output .= '</select>' . "\n" . '</span>' . "\n";
    $html_output .= '<input type="text" name="username" class="autofocus"' . ' maxlength="' . $username_length . '" title="' . __('User name') . '"' . (empty($GLOBALS['username']) ? '' : ' value="' . htmlspecialchars(isset($GLOBALS['new_username']) ? $GLOBALS['new_username'] : $GLOBALS['username']) . '"') . ' onchange="pred_username.value = \'userdefined\'; this.required = true;" ' . (!isset($GLOBALS['pred_username']) || $GLOBALS['pred_username'] == 'userdefined' ? 'required="required"' : '') . ' />' . "\n";
    $html_output .= '<div id="user_exists_warning"' . ' name="user_exists_warning" style="display:none;">' . PMA_Message::notice(__('An account already exists with the same username ' . 'but possibly a different hostname.'))->getDisplay() . '</div>';
    $html_output .= '</div>';
    $html_output .= '<div class="item">' . "\n" . '<label for="select_pred_hostname">' . "\n" . '    ' . __('Host name:') . "\n" . '</label>' . "\n";
    $html_output .= '<span class="options">' . "\n" . '    <select name="pred_hostname" id="select_pred_hostname" ' . 'title="' . __('Host name') . '"' . "\n";
    $_current_user = $GLOBALS['dbi']->fetchValue('SELECT USER();');
    if (!empty($_current_user)) {
        $thishost = str_replace("'", '', mb_substr($_current_user, mb_strrpos($_current_user, '@') + 1));
        if ($thishost == 'localhost' || $thishost == '127.0.0.1') {
            unset($thishost);
        }
    }
    $html_output .= '    onchange="' . 'if (this.value == \'any\') { ' . '     hostname.value = \'%\'; ' . '} else if (this.value == \'localhost\') { ' . '    hostname.value = \'localhost\'; ' . '} ' . (empty($thishost) ? '' : 'else if (this.value == \'thishost\') { ' . '    hostname.value = \'' . addslashes(htmlspecialchars($thishost)) . '\'; ' . '} ') . 'else if (this.value == \'hosttable\') { ' . '    hostname.value = \'\'; ' . '    hostname.required = false; ' . '} else if (this.value == \'userdefined\') {' . '    hostname.focus(); hostname.select(); ' . '    hostname.required = true; ' . '}">' . "\n";
    unset($_current_user);
    // when we start editing a user, $GLOBALS['pred_hostname'] is not defined
    if (!isset($GLOBALS['pred_hostname']) && isset($GLOBALS['hostname'])) {
        switch (mb_strtolower($GLOBALS['hostname'])) {
            case 'localhost':
            case '127.0.0.1':
                $GLOBALS['pred_hostname'] = 'localhost';
                break;
            case '%':
                $GLOBALS['pred_hostname'] = 'any';
                break;
            default:
                $GLOBALS['pred_hostname'] = 'userdefined';
                break;
        }
    }
    $html_output .= '<option value="any"' . (isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'any' ? ' selected="selected"' : '') . '>' . __('Any host') . '</option>' . "\n" . '<option value="localhost"' . (isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'localhost' ? ' selected="selected"' : '') . '>' . __('Local') . '</option>' . "\n";
    if (!empty($thishost)) {
        $html_output .= '<option value="thishost"' . (isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'thishost' ? ' selected="selected"' : '') . '>' . __('This Host') . '</option>' . "\n";
    }
    unset($thishost);
    $html_output .= '<option value="hosttable"' . (isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'hosttable' ? ' selected="selected"' : '') . '>' . __('Use Host Table') . '</option>' . "\n";
    $html_output .= '<option value="userdefined"' . (isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'userdefined' ? ' selected="selected"' : '') . '>' . __('Use text field:') . '</option>' . "\n" . '</select>' . "\n" . '</span>' . "\n";
    $html_output .= '<input type="text" name="hostname" maxlength="' . $hostname_length . '" value="' . htmlspecialchars(isset($GLOBALS['hostname']) ? $GLOBALS['hostname'] : '%') . '" title="' . __('Host name') . '" onchange="pred_hostname.value = \'userdefined\'; ' . 'this.required = true;" ' . (isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'userdefined' ? 'required="required"' : '') . ' />' . "\n" . PMA_Util::showHint(__('When Host table is used, this field is ignored ' . 'and values stored in Host table are used instead.')) . '</div>' . "\n";
    $orig_auth_plugin = PMA_getCurrentAuthenticationPlugin($mode, $username, $hostname);
    $html_output .= '<div class="item">' . "\n" . '<label for="select_pred_password">' . "\n" . '    ' . __('Password:'******'</label>' . "\n" . '<span class="options">' . "\n" . '<select name="pred_password" id="select_pred_password" title="' . __('Password') . '"' . "\n";
    $html_output .= '            onchange="' . 'if (this.value == \'none\') { ' . '    pma_pw.value = \'\'; pma_pw2.value = \'\'; ' . '    pma_pw.required = false; pma_pw2.required = false; ' . '} else if (this.value == \'userdefined\') { ' . '    pma_pw.focus(); pma_pw.select(); ' . '    pma_pw.required = true; pma_pw2.required = true; ' . '} else { ' . '    pma_pw.required = false; pma_pw2.required = false; ' . '}">' . "\n" . ($mode == 'change' ? '<option value="keep" selected="selected">' . __('Do not change the password') . '</option>' . "\n" : '') . '<option value="none"';
    if (isset($GLOBALS['username']) && $mode != 'change') {
        $html_output .= '  selected="selected"';
    }
    $html_output .= '>' . __('No Password') . '</option>' . "\n" . '<option value="userdefined"' . (isset($GLOBALS['username']) ? '' : ' selected="selected"') . '>' . __('Use text field') . ':</option>' . "\n" . '</select>' . "\n" . '</span>' . "\n" . '<input type="password" id="text_pma_pw" name="pma_pw" ' . 'title="' . __('Password') . '" ' . 'onchange="pred_password.value = \'userdefined\'; this.required = true; ' . 'pma_pw2.required = true;" ' . (isset($GLOBALS['username']) ? '' : 'required="required"') . '/>' . "\n" . '</div>' . "\n";
    $html_output .= '<div class="item" ' . 'id="div_element_before_generate_password">' . "\n" . '<label for="text_pma_pw2">' . "\n" . '    ' . __('Re-type:') . "\n" . '</label>' . "\n" . '<span class="options">&nbsp;</span>' . "\n" . '<input type="password" name="pma_pw2" id="text_pma_pw2" ' . 'title="' . __('Re-type') . '" ' . 'onchange="pred_password.value = \'userdefined\'; this.required = true; ' . 'pma_pw.required = true;" ' . (isset($GLOBALS['username']) ? '' : 'required="required"') . '/>' . "\n" . '</div>' . "\n" . '<div class="item" id="authentication_plugin_div">' . '<label for="select_authentication_plugin" >' . __('Authentication Plugin') . '</label><span class="options">&nbsp;</span>' . "\n" . '<select id="select_authentication_plugin" name="authentication_plugin" ' . 'title="' . __('Authentication Plugin') . '" >' . '<option value="mysql_native_password" ' . ($orig_auth_plugin == 'mysql_native_password' ? 'selected ' : '') . '>' . __('MySQL native password') . '</option>';
    // sha256 auth plugin exists only for 5.6.6+
    if (PMA_Util::getServerType() == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50606) {
        $html_output .= '<option value="sha256_password" ' . ($orig_auth_plugin == 'sha256_password' ? ' selected ' : '') . ' >' . __('SHA256 password') . '</option>';
    }
    $html_output .= '</select>' . '<div id="ssl_reqd_warning" ' . ($orig_auth_plugin == 'sha256_password' ? '' : ' style="display:none"') . ' >' . PMA_Message::notice(__('This method requires using an \'<i>SSL connection</i>\' ' . 'or an \'<i>unencrypted connection that encrypts the password ' . 'using RSA</i>\'; while connecting to the server.') . PMA_Util::showMySQLDocu('sha256-authentication-plugin'))->getDisplay() . '</div>' . '</div>' . "\n" . '</fieldset>' . "\n";
    return $html_output;
}
/**
 * Update password and get message for password updating
 *
 * @param string $err_url  error url
 * @param string $username username
 * @param string $hostname hostname
 *
 * @return string $message  success or error message after updating password
 */
function PMA_updatePassword($err_url, $username, $hostname)
{
    // similar logic in user_password.php
    $message = '';
    $is_superuser = $GLOBALS['dbi']->isSuperuser();
    if (empty($_REQUEST['nopass']) && isset($_POST['pma_pw']) && isset($_POST['pma_pw2'])) {
        if ($_POST['pma_pw'] != $_POST['pma_pw2']) {
            $message = Message::error(__('The passwords aren\'t the same!'));
        } elseif (empty($_POST['pma_pw']) || empty($_POST['pma_pw2'])) {
            $message = Message::error(__('The password is empty!'));
        }
    }
    // here $nopass could be == 1
    if (empty($message)) {
        $hashing_function = 'PASSWORD';
        $serverType = Util::getServerType();
        $authentication_plugin = isset($_REQUEST['authentication_plugin']) ? $_REQUEST['authentication_plugin'] : PMA_getCurrentAuthenticationPlugin('change', $username, $hostname);
        // Use 'ALTER USER ...' syntax for MySQL 5.7.6+
        if ($serverType == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706) {
            if ($authentication_plugin != 'mysql_old_password') {
                $query_prefix = "ALTER USER '" . Util::sqlAddSlashes($username) . "'@'" . Util::sqlAddSlashes($hostname) . "'" . " IDENTIFIED WITH " . $authentication_plugin . " BY '";
            } else {
                $query_prefix = "ALTER USER '" . Util::sqlAddSlashes($username) . "'@'" . Util::sqlAddSlashes($hostname) . "'" . " IDENTIFIED BY '";
            }
            // in $sql_query which will be displayed, hide the password
            $sql_query = $query_prefix . "*'";
            $local_query = $query_prefix . Util::sqlAddSlashes($_POST['pma_pw']) . "'";
        } else {
            if ($serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200 && $is_superuser) {
                // Use 'UPDATE `mysql`.`user` ...' Syntax for MariaDB 5.2+
                if ($authentication_plugin == 'mysql_native_password') {
                    // Set the hashing method used by PASSWORD()
                    // to be 'mysql_native_password' type
                    $GLOBALS['dbi']->tryQuery('SET old_passwords = 0;');
                } else {
                    if ($authentication_plugin == 'sha256_password') {
                        // Set the hashing method used by PASSWORD()
                        // to be 'sha256_password' type
                        $GLOBALS['dbi']->tryQuery('SET `old_passwords` = 2;');
                    }
                }
                $hashedPassword = PMA_getHashedPassword($_POST['pma_pw']);
                $sql_query = 'SET PASSWORD FOR \'' . Util::sqlAddSlashes($username) . '\'@\'' . Util::sqlAddSlashes($hostname) . '\' = ' . ($_POST['pma_pw'] == '' ? '\'\'' : $hashing_function . '(\'' . preg_replace('@.@s', '*', $_POST['pma_pw']) . '\')');
                $local_query = "UPDATE `mysql`.`user` SET " . " `authentication_string` = '" . $hashedPassword . "', `Password` = '', " . " `plugin` = '" . $authentication_plugin . "'" . " WHERE `User` = '" . $username . "' AND Host = '" . $hostname . "';";
                $GLOBALS['dbi']->tryQuery("FLUSH PRIVILEGES;");
            } else {
                // USE 'SET PASSWORD ...' syntax for rest of the versions
                // Backup the old value, to be reset later
                $row = $GLOBALS['dbi']->fetchSingleRow('SELECT @@old_passwords;');
                $orig_value = $row['@@old_passwords'];
                $update_plugin_query = "UPDATE `mysql`.`user` SET" . " `plugin` = '" . $authentication_plugin . "'" . " WHERE `User` = '" . $username . "' AND Host = '" . $hostname . "';";
                // Update the plugin for the user
                if (!$GLOBALS['dbi']->tryQuery($update_plugin_query)) {
                    Util::mysqlDie($GLOBALS['dbi']->getError(), $update_plugin_query, false, $err_url);
                }
                $GLOBALS['dbi']->tryQuery("FLUSH PRIVILEGES;");
                if ($authentication_plugin == 'mysql_native_password') {
                    // Set the hashing method used by PASSWORD()
                    // to be 'mysql_native_password' type
                    $GLOBALS['dbi']->tryQuery('SET old_passwords = 0;');
                } else {
                    if ($authentication_plugin == 'sha256_password') {
                        // Set the hashing method used by PASSWORD()
                        // to be 'sha256_password' type
                        $GLOBALS['dbi']->tryQuery('SET `old_passwords` = 2;');
                    }
                }
                $sql_query = 'SET PASSWORD FOR \'' . Util::sqlAddSlashes($username) . '\'@\'' . Util::sqlAddSlashes($hostname) . '\' = ' . ($_POST['pma_pw'] == '' ? '\'\'' : $hashing_function . '(\'' . preg_replace('@.@s', '*', $_POST['pma_pw']) . '\')');
                $local_query = 'SET PASSWORD FOR \'' . Util::sqlAddSlashes($username) . '\'@\'' . Util::sqlAddSlashes($hostname) . '\' = ' . ($_POST['pma_pw'] == '' ? '\'\'' : $hashing_function . '(\'' . Util::sqlAddSlashes($_POST['pma_pw']) . '\')');
            }
        }
        if (!$GLOBALS['dbi']->tryQuery($local_query)) {
            Util::mysqlDie($GLOBALS['dbi']->getError(), $sql_query, false, $err_url);
        }
        $message = Message::success(__('The password for %s was changed successfully.'));
        $message->addParam('\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'');
        if (isset($orig_value)) {
            $GLOBALS['dbi']->tryQuery('SET `old_passwords` = ' . $orig_value . ';');
        }
    }
    return $message;
}
/**
 * Change the password
 *
 * @param string $password                New password
 * @param string $message                 Message
 * @param array  $change_password_message Message to show
 *
 * @return void
 */
function PMA_changePassword($password, $message, $change_password_message)
{
    global $auth_plugin;
    $hashing_function = PMA_changePassHashingFunction();
    $row = $GLOBALS['dbi']->fetchSingleRow('SELECT CURRENT_USER() as user');
    $curr_user = $row['user'];
    list($username, $hostname) = explode('@', $curr_user);
    $serverType = PMA\libraries\Util::getServerType();
    if (isset($_REQUEST['authentication_plugin']) && !empty($_REQUEST['authentication_plugin'])) {
        $orig_auth_plugin = $_REQUEST['authentication_plugin'];
    } else {
        $orig_auth_plugin = PMA_getCurrentAuthenticationPlugin('change', $username, $hostname);
    }
    $sql_query = 'SET password = '******'' ? '\'\'' : $hashing_function . '(\'***\')');
    if ($serverType == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706) {
        $sql_query = 'ALTER USER \'' . $username . '\'@\'' . $hostname . '\' IDENTIFIED WITH ' . $orig_auth_plugin . ' BY ' . ($password == '' ? '\'\'' : '\'***\'');
    } else {
        if ($serverType == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50507 || $serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200) {
            // For MySQL versions 5.5.7+ and MariaDB versions 5.2+,
            // explicitly set value of `old_passwords` so that
            // it does not give an error while using
            // the PASSWORD() function
            if ($orig_auth_plugin == 'sha256_password') {
                $value = 2;
            } else {
                $value = 0;
            }
            $GLOBALS['dbi']->tryQuery('SET `old_passwords` = ' . $value . ';');
        }
    }
    PMA_changePassUrlParamsAndSubmitQuery($username, $hostname, $password, $sql_query, $hashing_function, $orig_auth_plugin);
    $auth_plugin->handlePasswordChange($password);
    PMA_getChangePassMessage($change_password_message, $sql_query);
    PMA_changePassDisplayPage($message, $sql_query);
}