3 * Holds the PhpMyAdmin\UserPassword class
5 declare(strict_types
=1);
9 use PhpMyAdmin\Html\Generator
;
10 use PhpMyAdmin\Server\Privileges
;
14 * Functions for user password
18 /** @var Privileges */
19 private $serverPrivileges;
22 * @param Privileges $serverPrivileges Privileges object
24 public function __construct(Privileges
$serverPrivileges)
26 $this->serverPrivileges
= $serverPrivileges;
30 * Send the message as an ajax request
32 * @param array $change_password_message Message to display
33 * @param string $sql_query SQL query executed
37 public function getChangePassMessage(array $change_password_message, $sql_query = '')
39 $response = Response
::getInstance();
40 if ($response->isAjax()) {
42 * If in an Ajax request, we don't need to show the rest of the page
44 if ($change_password_message['error']) {
45 $response->addJSON('message', $change_password_message['msg']);
46 $response->setRequestStatus(false);
48 $sql_query = Generator
::getMessage(
49 $change_password_message['msg'],
53 $response->addJSON('message', $sql_query);
60 * Generate the message
62 * @return array error value and message
64 public function setChangePasswordMsg()
67 $message = Message
::success(__('The profile has been updated.'));
69 if ($_POST['nopass'] != '1') {
70 if (strlen($_POST['pma_pw']) === 0 ||
strlen($_POST['pma_pw2']) === 0) {
71 $message = Message
::error(__('The password is empty!'));
73 } elseif ($_POST['pma_pw'] !== $_POST['pma_pw2']) {
74 $message = Message
::error(
75 __('The passwords aren\'t the same!')
78 } elseif (strlen($_POST['pma_pw']) > 256) {
79 $message = Message
::error(__('Password is too long!'));
92 * @param string $password New password
93 * @param string $message Message
94 * @param array $change_password_message Message to show
98 public function changePassword($password, $message, array $change_password_message)
102 $hashing_function = $this->changePassHashingFunction();
104 [$username, $hostname] = $GLOBALS['dbi']->getCurrentUserAndHost();
106 $serverType = Util
::getServerType();
107 $serverVersion = $GLOBALS['dbi']->getVersion();
109 if (isset($_POST['authentication_plugin'])
110 && ! empty($_POST['authentication_plugin'])
112 $orig_auth_plugin = $_POST['authentication_plugin'];
114 $orig_auth_plugin = $this->serverPrivileges
->getCurrentAuthenticationPlugin(
121 $sql_query = 'SET password = '
122 . ($password == '' ?
'\'\'' : $hashing_function . '(\'***\')');
124 if ($serverType == 'MySQL'
125 && $serverVersion >= 50706
127 $sql_query = 'ALTER USER \'' . $GLOBALS['dbi']->escapeString($username)
128 . '\'@\'' . $GLOBALS['dbi']->escapeString($hostname)
129 . '\' IDENTIFIED WITH ' . $orig_auth_plugin . ' BY '
130 . ($password == '' ?
'\'\'' : '\'***\'');
131 } elseif (($serverType == 'MySQL'
132 && $serverVersion >= 50507)
133 ||
($serverType == 'MariaDB'
134 && $serverVersion >= 50200)
136 // For MySQL versions 5.5.7+ and MariaDB versions 5.2+,
137 // explicitly set value of `old_passwords` so that
138 // it does not give an error while using
139 // the PASSWORD() function
140 if ($orig_auth_plugin == 'sha256_password') {
145 $GLOBALS['dbi']->tryQuery('SET `old_passwords` = ' . $value . ';');
148 $this->changePassUrlParamsAndSubmitQuery(
157 $auth_plugin->handlePasswordChange($password);
158 $this->getChangePassMessage($change_password_message, $sql_query);
159 $this->changePassDisplayPage($message, $sql_query);
163 * Generate the hashing function
167 private function changePassHashingFunction()
170 $_POST['authentication_plugin'],
174 $hashing_function = 'OLD_PASSWORD';
176 $hashing_function = 'PASSWORD';
178 return $hashing_function;
182 * Changes password for a user
184 * @param string $username Username
185 * @param string $hostname Hostname
186 * @param string $password Password
187 * @param string $sql_query SQL query
188 * @param string $hashing_function Hashing function
189 * @param string $orig_auth_plugin Original Authentication Plugin
193 private function changePassUrlParamsAndSubmitQuery(
201 $err_url = Url
::getFromRoute('/user-password');
203 $serverType = Util
::getServerType();
204 $serverVersion = $GLOBALS['dbi']->getVersion();
206 if ($serverType == 'MySQL' && $serverVersion >= 50706) {
207 $local_query = 'ALTER USER \'' . $GLOBALS['dbi']->escapeString($username)
208 . '\'@\'' . $GLOBALS['dbi']->escapeString($hostname) . '\''
209 . ' IDENTIFIED with ' . $orig_auth_plugin . ' BY '
212 : '\'' . $GLOBALS['dbi']->escapeString($password) . '\'');
213 } elseif ($serverType == 'MariaDB'
214 && $serverVersion >= 50200
215 && $serverVersion < 100100
216 && $orig_auth_plugin !== ''
218 if ($orig_auth_plugin == 'mysql_native_password') {
219 // Set the hashing method used by PASSWORD()
220 // to be 'mysql_native_password' type
221 $GLOBALS['dbi']->tryQuery('SET old_passwords = 0;');
222 } elseif ($orig_auth_plugin == 'sha256_password') {
223 // Set the hashing method used by PASSWORD()
224 // to be 'sha256_password' type
225 $GLOBALS['dbi']->tryQuery('SET `old_passwords` = 2;');
228 $hashedPassword = $this->serverPrivileges
->getHashedPassword($_POST['pma_pw']);
230 $local_query = 'UPDATE `mysql`.`user` SET'
231 . " `authentication_string` = '" . $hashedPassword
232 . "', `Password` = '', "
233 . " `plugin` = '" . $orig_auth_plugin . "'"
234 . " WHERE `User` = '" . $GLOBALS['dbi']->escapeString($username)
235 . "' AND Host = '" . $GLOBALS['dbi']->escapeString($hostname) . "';";
237 $local_query = 'SET password = ' . ($password == ''
239 : $hashing_function . '(\''
240 . $GLOBALS['dbi']->escapeString($password) . '\')');
242 if (! @$GLOBALS['dbi']->tryQuery($local_query)) {
244 $GLOBALS['dbi']->getError(),
251 // Flush privileges after successful password change
252 $GLOBALS['dbi']->tryQuery('FLUSH PRIVILEGES;');
258 * @param string $message Message
259 * @param string $sql_query SQL query
263 private function changePassDisplayPage($message, $sql_query)
265 echo '<h1>' , __('Change password') , '</h1>' , "\n\n";
266 echo Generator
::getMessage(
271 $template = new Template();
272 echo $template->render('user_password');