phpmyadmin/user_password.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * displays and handles the form where the user can change his password
   5  * linked from index.php
   6  *
   7  * @package PhpMyAdmin
   8  */
   9
  10 /**
  11  * Gets some core libraries
  12  */
  13 require_once './libraries/common.inc.php';
  14
  15 $response = PMA_Response::getInstance();
  16 $header   = $response->getHeader();
  17 $scripts  = $header->getScripts();
  18 $scripts->addFile('server_privileges.js');
  19
  20 /**
  21  * Displays an error message and exits if the user isn't allowed to use this
  22  * script
  23  */
  24 if (! $cfg['ShowChgPassword']) {
  25     $cfg['ShowChgPassword'] = PMA_DBI_select_db('mysql');
  26 }
  27 if ($cfg['Server']['auth_type'] == 'config' || ! $cfg['ShowChgPassword']) {
  28     PMA_Message::error(
  29         __('You don\'t have sufficient privileges to be here right now!')
  30     )->display();
  31     exit;
  32 } // end if
  33
  34 /**
  35  * If the "change password" form has been submitted, checks for valid values
  36  * and submit the query or logout
  37  */
  38 if (isset($_REQUEST['nopass'])) {
  39     if ($_REQUEST['nopass'] == '1') {
  40         $password = '';
  41     } else {
  42         $password = $_REQUEST['pma_pw'];
  43     }
  44     $change_password_message = PMA_setChangePasswordMsg();
  45     $msg = $change_password_message['msg'];
  46     if (! $change_password_message['error']) {
  47         PMA_changePassword($password, $msg, $change_password_message);
  48     } else {
  49         PMA_getChangePassMessage($change_password_message);
  50     }
  51 }
  52
  53 /**
  54  * If the "change password" form hasn't been submitted or the values submitted
  55  * aren't valid -> displays the form
  56  */
  57
  58 // Displays an error message if required
  59 if (isset($msg)) {
  60     $msg->display();
  61     unset($msg);
  62 }
  63
  64 require_once './libraries/display_change_password.lib.php';
  65 echo PMA_getHtmlForChangePassword($username, $hostname);
  66 exit;
  67
  68 /**
  69  * Send the message as an ajax request
  70  *
  71  * @param array   $change_password_message
  72  * @param string  $sql_query
  73  *
  74  * @return void
  75  */
  76 function PMA_getChangePassMessage($change_password_message, $sql_query = '')
  77 {
  78     if ($GLOBALS['is_ajax_request'] == true) {
  79         /**
  80          * If in an Ajax request, we don't need to show the rest of the page
  81          */
  82         $response = PMA_Response::getInstance();
  83         if ($change_password_message['error']) {
  84             $response->addJSON('message', $change_password_message['msg']);
  85             $response->isSuccess(false);
  86         } else {
  87             $sql_query = PMA_Util::getMessage(
  88                 $change_password_message['msg'],
  89                 $sql_query,
  90                 'success'
  91             );
  92             $response->addJSON('message', $sql_query);
  93         }
  94         exit;
  95     }
  96 }
  97
  98 /**
  99  * Generate the message
 100  *
 101  * @return array   error value and message
 102  */
 103 function PMA_setChangePasswordMsg()
 104 {
 105     $error = false;
 106     $message = PMA_Message::success(__('The profile has been updated.'));
 107
 108     if (($_REQUEST['nopass'] != '1')) {
 109         if (empty($_REQUEST['pma_pw']) || empty($_REQUEST['pma_pw2'])) {
 110             $message = PMA_Message::error(__('The password is empty!'));
 111             $error = true;
 112         } elseif ($_REQUEST['pma_pw'] != $_REQUEST['pma_pw2']) {
 113             $message = PMA_Message::error(__('The passwords aren\'t the same!'));
 114             $error = true;
 115         }
 116     }
 117     return array('error' => $error, 'msg' => $message);
 118 }
 119
 120 /**
 121  * Change the password
 122  *
 123  * @param string  $password
 124  * @param string  $message
 125  * @param array   $change_password_message
 126  *
 127  * @return void
 128  */
 129 function PMA_changePassword($password, $message, $change_password_message)
 130 {
 131     // Defines the url to return to in case of error in the sql statement
 132     $_url_params = array();
 133     $hashing_function = PMA_changePassHashingFunction();
 134     $sql_query = 'SET password = '
 135         . (($password == '') ? '\'\'' : $hashing_function . '(\'***\')');
 136     PMA_ChangePassUrlParamsAndSubmitQuery(
 137         $password, $_url_params, $sql_query, $hashing_function
 138     );
 139
 140     $new_url_params = PMA_changePassAuthType($_url_params, $password);
 141     PMA_getChangePassMessage($change_password_message, $sql_query);
 142     PMA_changePassDisplayPage($message, $sql_query, $new_url_params);
 143 }
 144
 145 /**
 146  * Generate the hashing function
 147  *
 148  * @return string  $hashing_function
 149  */
 150 function PMA_changePassHashingFunction()
 151 {
 152     if (PMA_isValid($_REQUEST['pw_hash'], 'identical', 'old')) {
 153         $hashing_function = 'OLD_PASSWORD';
 154     } else {
 155         $hashing_function = 'PASSWORD';
 156     }
 157     return $hashing_function;
 158 }
 159
 160 /**
 161  * Generate the error url and submit the query
 162  *
 163  * @param string  $password
 164  * @param array   $_url_params
 165  * @param string  $sql_query
 166  * @param string  $hashing_function
 167  *
 168  * @return void
 169  */
 170 function PMA_ChangePassUrlParamsAndSubmitQuery(
 171     $password, $_url_params, $sql_query, $hashing_function
 172 ) {
 173     $err_url = 'user_password.php' . PMA_generate_common_url($_url_params);
 174     $local_query = 'SET password = ' . (($password == '')
 175         ? '\'\''
 176         : $hashing_function . '(\'' . PMA_Util::sqlAddSlashes($password) . '\')');
 177     if (! @PMA_DBI_try_query($local_query)) {
 178         PMA_Util::mysqlDie(PMA_DBI_getError(), $sql_query, false, $err_url);
 179     }
 180 }
 181
 182 /**
 183  * Change password authentication type
 184  *
 185  * @param array   $_url_params
 186  * @param string  $password
 187  *
 188  * @return array   $_url_params
 189  */
 190 function PMA_changePassAuthType($_url_params, $password)
 191 {
 192     /**
 193      * Changes password cookie if required
 194      * Duration = till the browser is closed for password
 195      * (we don't want this to be saved)
 196      */
 197
 198     //    include_once "libraries/plugins/auth/AuthenticationCookie.class.php";
 199     //    $auth_plugin = new AuthenticationCookie();
 200     // the $auth_plugin is already defined in common.inc.php when this is used
 201     global $auth_plugin;
 202
 203     if ($GLOBALS['cfg']['Server']['auth_type'] == 'cookie') {
 204         $GLOBALS['PMA_Config']->setCookie(
 205             'pmaPass-' . $GLOBALS['server'],
 206             $auth_plugin->blowfishEncrypt(
 207                 $password,
 208                 $GLOBALS['cfg']['blowfish_secret']
 209             )
 210         );
 211     }
 212     /**
 213      * For http auth. mode, the "back" link will also enforce new
 214      * authentication
 215      */
 216     if ($GLOBALS['cfg']['Server']['auth_type'] == 'http') {
 217         $_url_params['old_usr'] = 'relog';
 218     }
 219     return $_url_params;
 220 }
 221
 222 /**
 223  * Display the page
 224  *
 225  * @param string  $message
 226  * @param string  $sql_query
 227  * @param array   $_url_params
 228  *
 229  * @return void
 230  */
 231 function PMA_changePassDisplayPage($message, $sql_query, $_url_params)
 232 {
 233     echo '<h1>' . __('Change password') . '</h1>' . "\n\n";
 234     echo PMA_Util::getMessage(
 235         $message, $sql_query, 'success'
 236     );
 237     echo '<a href="index.php'.PMA_generate_common_url($_url_params)
 238         .' target="_parent">'. "\n"
 239         .'<strong>'.__('Back').'</strong></a>';
 240     exit;
 241 }
 242 ?>