search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
added known limitation
[phpmyadmin/crack.git] / user_password.php
blob7b9b89fe0b6682de589c0971284136925c7e66b1
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 *
5 * @version $Id$
6 */
7
8 /**
9 * Gets some core libraries
10 */
11 require_once './libraries/common.inc.php';
12
13 /**
14 * Displays an error message and exits if the user isn't allowed to use this
15 * script
16 */
17 if (!$cfg['ShowChgPassword']) {
18 $cfg['ShowChgPassword'] = PMA_DBI_select_db('mysql');
19 }
20 if ($cfg['Server']['auth_type'] == 'config' || !$cfg['ShowChgPassword']) {
21 require_once './libraries/header.inc.php';
22 echo '<p><b>' . $strError . '</b></p>' . "\n"
23 . '<p>&nbsp;&nbsp;&nbsp;&nbsp;' . $strNoRights . '</p>' . "\n";
24 require_once './libraries/footer.inc.php';
25 } // end if
26
27
28 /**
29 * If the "change password" form has been submitted, checks for valid values
30 * and submit the query or logout
31 */
32 if (isset($nopass)) {
33 $error_msg = '';
34
35 if ($nopass == 0 && isset($pma_pw) && isset($pma_pw2)) {
36 if ($pma_pw != $pma_pw2) {
37 $error_msg = $strPasswordNotSame;
38 }
39 if (empty($pma_pw) || empty($pma_pw2)) {
40 $error_msg = $strPasswordEmpty;
41 }
42 } // end if
43
44 // here $nopass could be == 1
45 if (empty($error_msg)) {
46
47 // Defines the url to return to in case of error in the sql statement
48 $common_url_query = PMA_generate_common_url();
49
50 $err_url = 'user_password.php?' . $common_url_query;
51 $hashing_function = (PMA_MYSQL_INT_VERSION >= 40102 && !empty($pw_hash) && $pw_hash == 'old' ? 'OLD_' : '')
52 . 'PASSWORD';
53
54 $sql_query = 'SET password = ' . (($pma_pw == '') ? '\'\'' : $hashing_function . '(\'' . preg_replace('@.@s', '*', $pma_pw) . '\')');
55 $local_query = 'SET password = ' . (($pma_pw == '') ? '\'\'' : $hashing_function . '(\'' . PMA_sqlAddslashes($pma_pw) . '\')');
56 $result = @PMA_DBI_try_query($local_query) or PMA_mysqlDie(PMA_DBI_getError(), $sql_query, FALSE, $err_url);
57
58 // Changes password cookie if required
59 // Duration = till the browser is closed for password (we don't want this to be saved)
60 if ($cfg['Server']['auth_type'] == 'cookie') {
61
62 PMA_setCookie('pmaPass-' . $server, PMA_blowfish_encrypt($pma_pw, $GLOBALS['cfg']['blowfish_secret'] . $GLOBALS['current_time']));
63
64 } // end if
65 // For http auth. mode, the "back" link will also enforce new
66 // authentication
67 $http_logout = ($cfg['Server']['auth_type'] == 'http')
68 ? '&amp;old_usr=relog'
69 : '';
70
71 // Displays the page
72 require_once './libraries/header.inc.php';
73 echo '<h1>' . $strChangePassword . '</h1>' . "\n\n";
74 $show_query = 'y';
75 PMA_showMessage($strUpdateProfileMessage);
76 ?>
77 <a href="index.php?<?php echo $common_url_query . $http_logout; ?>" target="_parent">
78 <b><?php echo $strBack; ?></b></a>
79 <?php
80 exit();
81 } // end if
82 } // end if
83
84
85 /**
86 * If the "change password" form hasn't been submitted or the values submitted
87 * aren't valid -> displays the form
88 */
89 // Loads the headers
90 $js_to_run = 'user_password.js';
91 require_once './libraries/header.inc.php';
92 echo '<h1>' . $strChangePassword . '</h1>' . "\n\n";
93
94 // Displays an error message if required
95 if (!empty($error_msg)) {
96 echo '<p><b>' . $strError . ':&nbsp;' . $error_msg . '</b></p>' . "\n";
97 }
98
99 // loic1: autocomplete feature of IE kills the "onchange" event handler and it
100 // must be replaced by the "onpropertychange" one in this case
101 $chg_evt_handler = (PMA_USR_BROWSER_AGENT == 'IE' && PMA_USR_BROWSER_VER >= 5)
102 ? 'onpropertychange'
103 : 'onchange';
104
105 // Displays the form
106 ?>
107 <form method="post" action="./user_password.php" name="chgPassword" onsubmit="return checkPassword(this)">
108 <?php echo PMA_generate_common_hidden_inputs(); ?>
109 <table border="0">
110 <tr>
111 <td colspan="2">
112 <input type="radio" name="nopass" value="1" onclick="pma_pw.value = ''; pma_pw2.value = ''; this.checked = true" />
113 <?php echo $GLOBALS['strNoPassword'] . "\n"; ?>
114 </td>
115 </tr>
116 <tr>
117 <td>
118 <input type="radio" name="nopass" value="0" checked="checked " />
119 <?php echo $GLOBALS['strPassword']; ?>:&nbsp;
120 </td>
121 <td>
122 <input type="password" name="pma_pw" size="10" class="textfield" <?php echo $chg_evt_handler; ?>="nopass[1].checked = true" />
123 &nbsp;&nbsp;
124 <?php echo $GLOBALS['strReType']; ?>:&nbsp;
125 <input type="password" name="pma_pw2" size="10" class="textfield" <?php echo $chg_evt_handler; ?>="nopass[1].checked = true" />
126 </td>
127 </tr>
128 <?php
129
130 if (PMA_MYSQL_INT_VERSION >= 40102) {
131 ?>
132 <tr>
133 <td>
134 <?php echo $strPasswordHashing; ?>:
135 </td>
136 <td>
137 <input type="radio" name="pw_hash" id="radio_pw_hash_new" value="new" checked="checked" />
138 <label for="radio_pw_hash_new">
139 MySQL&nbsp;4.1
140 </label>
141 </td>
142 </tr>
143 <tr>
144 <td>&nbsp;</td>
145 <td>
146 <input type="radio" name="pw_hash" id="radio_pw_hash_old" value="old" />
147 <label for="radio_pw_hash_old">
148 <?php echo $strCompatibleHashing; ?>
149 </label>
150 </td>
151 </tr>
152 <?php
153 }
154
155 ?>
156 <tr>
157 <td colspan="2">&nbsp;</td>
158 </tr>
159 <tr>
160 <td colspan="2">
161 <input type="submit" value="<?php echo($strChange); ?>" />
162 </td>
163 </tr>
164 </table>
165 </form>
166
167 <?php
168 /**
169 * Displays the footer
170 */
171 require_once './libraries/footer.inc.php';
172 ?>
Drizzle / GSOC 2011