Home Explore Help
Sign In
other
/
pma
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
pma
/
libraries
/
classes
/
Display
/
ChangePassword.php

ChangePassword.php 6.4 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165 
  1. <?php
    2. 

  2. /* vim: set expandtab sw=4 ts=4 sts=4: */
    3. 

  3. /**
    4. 

  4.  * Displays form for password change
    5. 

  5.  *
    6. 

  6.  * @package PhpMyAdmin
    7. 

  7.  */
    8. 

  8. namespace PhpMyAdmin\Display;
    9. 

  9. 

  10. use PhpMyAdmin\Message;
    11. 

  11. use PhpMyAdmin\Server\Privileges;
    12. 

  12. use PhpMyAdmin\Url;
    13. 

  13. use PhpMyAdmin\Util;
    14. 

  14. 

  15. /**
    16. 

  16.  * Displays form for password change
    17. 

  17.  *
    18. 

  18.  * @package PhpMyAdmin
    19. 

  19.  */
    20. 

  20. class ChangePassword
    21. 

  21. {
    22. 

  22.     /**
    23. 

  23.       * Get HTML for the Change password dialog
    24. 

  24.       *
    25. 

  25.       * @param string $mode     where is the function being called?
    26. 

  26.       *                         values : 'change_pw' or 'edit_other'
    27. 

  27.       * @param string $username username
    28. 

  28.       * @param string $hostname hostname
    29. 

  29.       *
    30. 

  30.       * @return string html snippet
    31. 

  31.       */
    32. 

  32.     public static function getHtml($mode, $username, $hostname)
    33. 

  33.     {
    34. 

  34.         /**
    35. 

  35.          * autocomplete feature of IE kills the "onchange" event handler and it
    36. 

  36.          * must be replaced by the "onpropertychange" one in this case
    37. 

  37.          */
    38. 

  38.         $chg_evt_handler = 'onchange';
    39. 

  39. 

  40.         $is_privileges = basename($_SERVER['SCRIPT_NAME']) === 'server_privileges.php';
    41. 

  41. 

  42.         $html = '<form method="post" id="change_password_form" '
    43. 

  43.             . 'action="' . basename($GLOBALS['PMA_PHP_SELF']) . '" '
    44. 

  44.             . 'name="chgPassword" '
    45. 

  45.             . 'class="' . ($is_privileges ? 'submenu-item' : '') . '">';
    46. 

  46. 

  47.         $html .= Url::getHiddenInputs();
    48. 

  48. 

  49.         if (strpos($GLOBALS['PMA_PHP_SELF'], 'server_privileges') !== false) {
    50. 

  50.             $html .= '<input type="hidden" name="username" '
    51. 

  51.                 . 'value="' . htmlspecialchars($username) . '" />'
    52. 

  52.                 . '<input type="hidden" name="hostname" '
    53. 

  53.                 . 'value="' . htmlspecialchars($hostname) . '" />';
    54. 

  54.         }
    55. 

  55.         $html .= '<fieldset id="fieldset_change_password">'
    56. 

  56.             . '<legend'
    57. 

  57.             . ($is_privileges
    58. 

  58.                 ? ' data-submenu-label="' . __('Change password') . '"'
    59. 

  59.                 : ''
    60. 

  60.             )
    61. 

  61.             . '>' . __('Change password') . '</legend>'
    62. 

  62.             . '<table class="data noclick">'
    63. 

  63.             . '<tr>'
    64. 

  64.             . '<td colspan="2">'
    65. 

  65.             . '<input type="radio" name="nopass" value="1" id="nopass_1" '
    66. 

  66.             . 'onclick="pma_pw.value = \'\'; pma_pw2.value = \'\'; '
    67. 

  67.             . 'this.checked = true" />'
    68. 

  68.             . '<label for="nopass_1">' . __('No Password') . '</label>'
    69. 

  69.             . '</td>'
    70. 

  70.             . '</tr>'
    71. 

  71.             . '<tr class="vmiddle">'
    72. 

  72.             . '<td>'
    73. 

  73.             . '<input type="radio" name="nopass" value="0" id="nopass_0" '
    74. 

  74.             . 'onclick="document.getElementById(\'text_pma_change_pw\').focus();" '
    75. 

  75.             . 'checked="checked" />'
    76. 

  76.             . '<label for="nopass_0">' . __('Password:') . '&nbsp;</label>'
    77. 

  77.             . '</td>'
    78. 

  78.             . '<td>'
    79. 

  79.             . __('Enter:') . '&nbsp;&nbsp;&nbsp;&nbsp;&nbsp'
    80. 

  80.             . '<input type="password" name="pma_pw" id="text_pma_change_pw" size="10" '
    81. 

  81.             . 'class="textfield"'
    82. 

  82.             . 'onkeyup="checkPasswordStrength($(this).val(), $(\'#change_password_strength_meter\'), meter_obj_label = $(\'#change_password_strength\'), PMA_commonParams.get(\'user\'));" '
    83. 

  83.             . $chg_evt_handler . '="nopass[1].checked = true" />'
    84. 

  84.             . '<span>Strength:</span> '
    85. 

  85.             . '<meter max="4" id="change_password_strength_meter" name="pw_meter"></meter> '
    86. 

  86.             . '<span id="change_password_strength" name="pw_strength">Good</span>'
    87. 

  87.             . '<br>' . __('Re-type:') . '&nbsp;'
    88. 

  88.             . '<input type="password" name="pma_pw2" id="text_pma_change_pw2" size="10" '
    89. 

  89.             . 'class="textfield"'
    90. 

  90.             . $chg_evt_handler . '="nopass[1].checked = true" />'
    91. 

  91.             . '</td>'
    92. 

  92.             . '</tr>';
    93. 

  93. 

  94.         $serverType = Util::getServerType();
    95. 

  95.         $serverVersion = $GLOBALS['dbi']->getVersion();
    96. 

  96.         $orig_auth_plugin = Privileges::getCurrentAuthenticationPlugin(
    97. 

  97.             'change',
    98. 

  98.             $username,
    99. 

  99.             $hostname
    100. 

  100.         );
    101. 

  101. 

  102.         if (($serverType == 'MySQL'
    103. 

  103.             && $serverVersion >= 50507)
    104. 

  104.             || ($serverType == 'MariaDB'
    105. 

  105.             && $serverVersion >= 50200)
    106. 

  106.         ) {
    107. 

  107.             // Provide this option only for 5.7.6+
    108. 

  108.             // OR for privileged users in 5.5.7+
    109. 

  109.             if (($serverType == 'MySQL'
    110. 

  110.                 && $serverVersion >= 50706)
    111. 

  111.                 || ($GLOBALS['dbi']->isSuperuser() && $mode == 'edit_other')
    112. 

  112.             ) {
    113. 

  113.                 $auth_plugin_dropdown = Privileges::getHtmlForAuthPluginsDropdown(
    114. 

  114.                     $orig_auth_plugin, 'change_pw', 'new'
    115. 

  115.                 );
    116. 

  116. 

  117.                 $html .= '<tr class="vmiddle">'
    118. 

  118.                     . '<td>' . __('Password Hashing:') . '</td><td>';
    119. 

  119.                 $html .= $auth_plugin_dropdown;
    120. 

  120.                 $html .= '</td></tr>'
    121. 

  121.                     . '<tr id="tr_element_before_generate_password"></tr>'
    122. 

  122.                     . '</table>';
    123. 

  123. 

  124.                 $html .= '<div'
    125. 

  125.                     . ($orig_auth_plugin != 'sha256_password'
    126. 

  126.                         ? ' class="hide"'
    127. 

  127.                         : '')
    128. 

  128.                     . ' id="ssl_reqd_warning_cp">'
    129. 

  129.                     . Message::notice(
    130. 

  130.                         __(
    131. 

  131.                             'This method requires using an \'<i>SSL connection</i>\' '
    132. 

  132.                             . 'or an \'<i>unencrypted connection that encrypts the '
    133. 

  133.                             . 'password using RSA</i>\'; while connecting to the server.'
    134. 

  134.                         )
    135. 

  135.                         . Util::showMySQLDocu(
    136. 

  136.                             'sha256-authentication-plugin'
    137. 

  137.                         )
    138. 

  138.                     )
    139. 

  139.                         ->getDisplay()
    140. 

  140.                     . '</div>';
    141. 

  141.             } else {
    142. 

  142.                 $html .= '<tr id="tr_element_before_generate_password"></tr>'
    143. 

  143.                     . '</table>';
    144. 

  144.             }
    145. 

  145.         } else {
    146. 

  146.             $auth_plugin_dropdown = Privileges::getHtmlForAuthPluginsDropdown(
    147. 

  147.                 $orig_auth_plugin, 'change_pw', 'old'
    148. 

  148.             );
    149. 

  149. 

  150.             $html .= '<tr class="vmiddle">'
    151. 

  151.                 . '<td>' . __('Password Hashing:') . '</td><td>';
    152. 

  152.             $html .= $auth_plugin_dropdown . '</td></tr>'
    153. 

  153.                 . '<tr id="tr_element_before_generate_password"></tr>'
    154. 

  154.                 . '</table>';
    155. 

  155.         }
    156. 

  156. 

  157.         $html .= '</fieldset>'
    158. 

  158.             . '<fieldset id="fieldset_change_password_footer" class="tblFooters">'
    159. 

  159.             . '<input type="hidden" name="change_pw" value="1" />'
    160. 

  160.             . '<input type="submit" value="' . __('Go') . '" />'
    161. 

  161.             . '</fieldset>'
    162. 

  162.             . '</form>';
    163. 

  163.         return $html;
    164. 

  164.     }
    165. 

  165. }
    166.