2 /* vim: set expandtab sw=4 ts=4 sts=4: */
4 * Holds the PhpMyAdmin\UserPassword class
11 use PhpMyAdmin\Message
;
12 use PhpMyAdmin\Response
;
13 use PhpMyAdmin\Server\Privileges
;
18 * Functions for user_password.php
25 * Send the message as an ajax request
27 * @param array $change_password_message Message to display
28 * @param string $sql_query SQL query executed
32 public function getChangePassMessage(array $change_password_message, $sql_query = '')
34 $response = Response
::getInstance();
35 if ($response->isAjax()) {
37 * If in an Ajax request, we don't need to show the rest of the page
39 if ($change_password_message['error']) {
40 $response->addJSON('message', $change_password_message['msg']);
41 $response->setRequestStatus(false);
43 $sql_query = Util
::getMessage(
44 $change_password_message['msg'],
48 $response->addJSON('message', $sql_query);
55 * Generate the message
57 * @return array error value and message
59 public function setChangePasswordMsg()
62 $message = Message
::success(__('The profile has been updated.'));
64 if (($_POST['nopass'] != '1')) {
65 if (strlen($_POST['pma_pw']) === 0 ||
strlen($_POST['pma_pw2']) === 0) {
66 $message = Message
::error(__('The password is empty!'));
68 } elseif ($_POST['pma_pw'] !== $_POST['pma_pw2']) {
69 $message = Message
::error(
70 __('The passwords aren\'t the same!')
73 } elseif (strlen($_POST['pma_pw']) > 256) {
74 $message = Message
::error(__('Password is too long!'));
78 return array('error' => $error, 'msg' => $message);
84 * @param string $password New password
85 * @param string $message Message
86 * @param array $change_password_message Message to show
90 public function changePassword($password, $message, array $change_password_message)
94 $hashing_function = $this->changePassHashingFunction();
96 list($username, $hostname) = $GLOBALS['dbi']->getCurrentUserAndHost();
98 $serverType = Util
::getServerType();
99 $serverVersion = $GLOBALS['dbi']->getVersion();
101 if (isset($_POST['authentication_plugin'])
102 && ! empty($_POST['authentication_plugin'])
104 $orig_auth_plugin = $_POST['authentication_plugin'];
106 $orig_auth_plugin = Privileges
::getCurrentAuthenticationPlugin(
107 'change', $username, $hostname
111 $sql_query = 'SET password = '
112 . (($password == '') ?
'\'\'' : $hashing_function . '(\'***\')');
114 if ($serverType == 'MySQL'
115 && $serverVersion >= 50706
117 $sql_query = 'ALTER USER \'' . $GLOBALS['dbi']->escapeString($username)
118 . '\'@\'' . $GLOBALS['dbi']->escapeString($hostname)
119 . '\' IDENTIFIED WITH ' . $orig_auth_plugin . ' BY '
120 . (($password == '') ?
'\'\'' : '\'***\'');
121 } elseif (($serverType == 'MySQL'
122 && $serverVersion >= 50507)
123 ||
($serverType == 'MariaDB'
124 && $serverVersion >= 50200)
126 // For MySQL versions 5.5.7+ and MariaDB versions 5.2+,
127 // explicitly set value of `old_passwords` so that
128 // it does not give an error while using
129 // the PASSWORD() function
130 if ($orig_auth_plugin == 'sha256_password') {
135 $GLOBALS['dbi']->tryQuery('SET `old_passwords` = ' . $value . ';');
138 $this->changePassUrlParamsAndSubmitQuery(
139 $username, $hostname, $password,
140 $sql_query, $hashing_function, $orig_auth_plugin
143 $auth_plugin->handlePasswordChange($password);
144 $this->getChangePassMessage($change_password_message, $sql_query);
145 $this->changePassDisplayPage($message, $sql_query);
149 * Generate the hashing function
151 * @return string $hashing_function
153 private function changePassHashingFunction()
156 $_POST['authentication_plugin'], 'identical', 'mysql_old_password'
158 $hashing_function = 'OLD_PASSWORD';
160 $hashing_function = 'PASSWORD';
162 return $hashing_function;
166 * Changes password for a user
168 * @param string $username Username
169 * @param string $hostname Hostname
170 * @param string $password Password
171 * @param string $sql_query SQL query
172 * @param string $hashing_function Hashing function
173 * @param string $orig_auth_plugin Original Authentication Plugin
177 private function changePassUrlParamsAndSubmitQuery(
178 $username, $hostname, $password, $sql_query, $hashing_function, $orig_auth_plugin
180 $err_url = 'user_password.php' . Url
::getCommon();
182 $serverType = Util
::getServerType();
183 $serverVersion = $GLOBALS['dbi']->getVersion();
185 if ($serverType == 'MySQL' && $serverVersion >= 50706) {
186 $local_query = 'ALTER USER \'' . $GLOBALS['dbi']->escapeString($username)
187 . '\'@\'' . $GLOBALS['dbi']->escapeString($hostname) . '\''
188 . ' IDENTIFIED with ' . $orig_auth_plugin . ' BY '
191 : '\'' . $GLOBALS['dbi']->escapeString($password) . '\'');
192 } elseif ($serverType == 'MariaDB'
193 && $serverVersion >= 50200
194 && $serverVersion < 100100
195 && $orig_auth_plugin !== ''
197 if ($orig_auth_plugin == 'mysql_native_password') {
198 // Set the hashing method used by PASSWORD()
199 // to be 'mysql_native_password' type
200 $GLOBALS['dbi']->tryQuery('SET old_passwords = 0;');
201 } elseif ($orig_auth_plugin == 'sha256_password') {
202 // Set the hashing method used by PASSWORD()
203 // to be 'sha256_password' type
204 $GLOBALS['dbi']->tryQuery('SET `old_passwords` = 2;');
207 $hashedPassword = Privileges
::getHashedPassword($_POST['pma_pw']);
209 $local_query = "UPDATE `mysql`.`user` SET"
210 . " `authentication_string` = '" . $hashedPassword
211 . "', `Password` = '', "
212 . " `plugin` = '" . $orig_auth_plugin . "'"
213 . " WHERE `User` = '" . $GLOBALS['dbi']->escapeString($username)
214 . "' AND Host = '" . $GLOBALS['dbi']->escapeString($hostname) . "';";
216 $local_query = 'SET password = ' . (($password == '')
218 : $hashing_function . '(\''
219 . $GLOBALS['dbi']->escapeString($password) . '\')');
221 if (! @$GLOBALS['dbi']->tryQuery($local_query)) {
223 $GLOBALS['dbi']->getError(),
230 // Flush privileges after successful password change
231 $GLOBALS['dbi']->tryQuery("FLUSH PRIVILEGES;");
237 * @param string $message Message
238 * @param string $sql_query SQL query
242 private function changePassDisplayPage($message, $sql_query)
244 echo '<h1>' , __('Change password') , '</h1>' , "\n\n";
245 echo Util
::getMessage(
246 $message, $sql_query, 'success'
248 echo '<a href="index.php' , Url
::getCommon()
249 , ' target="_parent">' , "\n"
250 , '<strong>' , __('Back') , '</strong></a>';