Home Explore Help
Sign In
other
/
pma
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 95e2ed6005
Branches Tags
pma
/
libraries
/
classes
/
UserPassword.php

UserPassword.php 8.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256 
  1. <?php
    2. 

  2. 

  3. declare(strict_types=1);
    4. 

  4. 

  5. namespace PhpMyAdmin;
    6. 

  6. 

  7. use PhpMyAdmin\Html\Generator;
    8. 

  8. use PhpMyAdmin\Query\Compatibility;
    9. 

  9. use PhpMyAdmin\Server\Privileges;
    10. 

  10. 

  11. use function __;
    12. 

  12. use function strlen;
    13. 

  13. 

  14. /**
    15. 

  15.  * Functions for user password
    16. 

  16.  */
    17. 

  17. class UserPassword
    18. 

  18. {
    19. 

  19.     /** @var Privileges */
    20. 

  20.     private $serverPrivileges;
    21. 

  21. 

  22.     /**
    23. 

  23.      * @param Privileges $serverPrivileges Privileges object
    24. 

  24.      */
    25. 

  25.     public function __construct(Privileges $serverPrivileges)
    26. 

  26.     {
    27. 

  27.         $this->serverPrivileges = $serverPrivileges;
    28. 

  28.     }
    29. 

  29. 

  30.     /**
    31. 

  31.      * Generate the message
    32. 

  32.      *
    33. 

  33.      * @return array   error value and message
    34. 

  34.      */
    35. 

  35.     public function setChangePasswordMsg()
    36. 

  36.     {
    37. 

  37.         $error = false;
    38. 

  38.         $message = Message::success(__('The profile has been updated.'));
    39. 

  39. 

  40.         if ($_POST['nopass'] != '1') {
    41. 

  41.             if (strlen($_POST['pma_pw']) === 0 || strlen($_POST['pma_pw2']) === 0) {
    42. 

  42.                 $message = Message::error(__('The password is empty!'));
    43. 

  43.                 $error = true;
    44. 

  44.             } elseif ($_POST['pma_pw'] !== $_POST['pma_pw2']) {
    45. 

  45.                 $message = Message::error(
    46. 

  46.                     __('The passwords aren\'t the same!')
    47. 

  47.                 );
    48. 

  48.                 $error = true;
    49. 

  49.             } elseif (strlen($_POST['pma_pw']) > 256) {
    50. 

  50.                 $message = Message::error(__('Password is too long!'));
    51. 

  51.                 $error = true;
    52. 

  52.             }
    53. 

  53.         }
    54. 

  54. 

  55.         return [
    56. 

  56.             'error' => $error,
    57. 

  57.             'msg' => $message,
    58. 

  58.         ];
    59. 

  59.     }
    60. 

  60. 

  61.     /**
    62. 

  62.      * Change the password
    63. 

  63.      *
    64. 

  64.      * @param string $password New password
    65. 

  65.      */
    66. 

  66.     public function changePassword($password): string
    67. 

  67.     {
    68. 

  68.         global $auth_plugin, $dbi;
    69. 

  69. 

  70.         $hashing_function = $this->changePassHashingFunction();
    71. 

  71. 

  72.         [$username, $hostname] = $dbi->getCurrentUserAndHost();
    73. 

  73. 

  74.         $serverVersion = $dbi->getVersion();
    75. 

  75. 

  76.         $orig_auth_plugin = $this->serverPrivileges->getCurrentAuthenticationPlugin('change', $username, $hostname);
    77. 

  77.         $authPluginChanged = false;
    78. 

  78. 

  79.         if (isset($_POST['authentication_plugin']) && ! empty($_POST['authentication_plugin'])) {
    80. 

  80.             if ($orig_auth_plugin !== $_POST['authentication_plugin']) {
    81. 

  81.                 $authPluginChanged = true;
    82. 

  82.             }
    83. 

  83. 

  84.             $orig_auth_plugin = $_POST['authentication_plugin'];
    85. 

  85.         }
    86. 

  86. 

  87.         $sql_query = 'SET password = '
    88. 

  88.             . ($password == '' ? '\'\'' : $hashing_function . '(\'***\')');
    89. 

  89. 

  90.         $isPerconaOrMySql = Compatibility::isMySqlOrPerconaDb();
    91. 

  91.         if ($isPerconaOrMySql && $serverVersion >= 50706) {
    92. 

  92.             $sql_query = $this->getChangePasswordQueryAlterUserMySQL(
    93. 

  93.                 $serverVersion,
    94. 

  94.                 $username,
    95. 

  95.                 $hostname,
    96. 

  96.                 $orig_auth_plugin,
    97. 

  97.                 $password === '' ? '' : '***', // Mask it, preview mode
    98. 

  98.                 $authPluginChanged
    99. 

  99.             );
    100. 

  100.         } elseif (
    101. 

  101.             ($isPerconaOrMySql && $serverVersion >= 50507)
    102. 

  102.             || (Compatibility::isMariaDb() && $serverVersion >= 50200)
    103. 

  103.         ) {
    104. 

  104.             // For MySQL and Percona versions 5.5.7+ and MariaDB versions 5.2+,
    105. 

  105.             // explicitly set value of `old_passwords` so that
    106. 

  106.             // it does not give an error while using
    107. 

  107.             // the PASSWORD() function
    108. 

  108.             if ($orig_auth_plugin === 'sha256_password') {
    109. 

  109.                 $value = 2;
    110. 

  110.             } else {
    111. 

  111.                 $value = 0;
    112. 

  112.             }
    113. 

  113. 

  114.             $dbi->tryQuery('SET `old_passwords` = ' . $value . ';');
    115. 

  115.         }
    116. 

  116. 

  117.         $this->changePassUrlParamsAndSubmitQuery(
    118. 

  118.             $username,
    119. 

  119.             $hostname,
    120. 

  120.             $password,
    121. 

  121.             $sql_query,
    122. 

  122.             $hashing_function,
    123. 

  123.             $orig_auth_plugin,
    124. 

  124.             $authPluginChanged
    125. 

  125.         );
    126. 

  126. 

  127.         $auth_plugin->handlePasswordChange($password);
    128. 

  128. 

  129.         return $sql_query;
    130. 

  130.     }
    131. 

  131. 

  132.     private function getChangePasswordQueryAlterUserMySQL(
    133. 

  133.         int $serverVersion,
    134. 

  134.         string $username,
    135. 

  135.         string $hostname,
    136. 

  136.         string $authPlugin,
    137. 

  137.         string $password,
    138. 

  138.         bool $authPluginChanged
    139. 

  139.     ): string {
    140. 

  140.         global $dbi;
    141. 

  141. 

  142.         // Starting with MySQL 5.7.37 the security check changed
    143. 

  143.         // See: https://github.com/mysql/mysql-server/commit/b31a8a5d7805834ca2d25629c0e584d2c53b1a5b
    144. 

  144.         // See: https://github.com/phpmyadmin/phpmyadmin/issues/17654
    145. 

  145.         // That means that you should not try to change or state a plugin using IDENTIFIED WITH
    146. 

  146.         // Or it will say: Access denied; you need (at least one of) the CREATE USER privilege(s) for this operation
    147. 

  147.         // So let's avoid stating a plugin if it's not needed/changed
    148. 

  148. 

  149.         if ($serverVersion >= 50706 && $serverVersion < 50737) {
    150. 

  150.             return 'ALTER USER \'' . $dbi->escapeString($username)
    151. 

  151.                 . '\'@\'' . $dbi->escapeString($hostname)
    152. 

  152.                 . '\' IDENTIFIED WITH ' . $authPlugin . ' BY '
    153. 

  153.                 . ($password === '' ? '\'\'' : '\'' . $dbi->escapeString($password) . '\'');
    154. 

  154.         }
    155. 

  155. 

  156.         $sql_query = 'ALTER USER \'' . $dbi->escapeString($username)
    157. 

  157.             . '\'@\'' . $dbi->escapeString($hostname) . '\' IDENTIFIED';
    158. 

  158. 

  159.         if ($authPluginChanged) {
    160. 

  160.             $sql_query .= ' WITH ' . $authPlugin;
    161. 

  161.         }
    162. 

  162. 

  163.         return $sql_query . ' BY ' . ($password === '' ? '\'\'' : '\'' . $dbi->escapeString($password) . '\'');
    164. 

  164.     }
    165. 

  165. 

  166.     /**
    167. 

  167.      * Generate the hashing function
    168. 

  168.      */
    169. 

  169.     private function changePassHashingFunction(): string
    170. 

  170.     {
    171. 

  171.         if (isset($_POST['authentication_plugin']) && $_POST['authentication_plugin'] === 'mysql_old_password') {
    172. 

  172.             $hashing_function = 'OLD_PASSWORD';
    173. 

  173.         } else {
    174. 

  174.             $hashing_function = 'PASSWORD';
    175. 

  175.         }
    176. 

  176. 

  177.         return $hashing_function;
    178. 

  178.     }
    179. 

  179. 

  180.     /**
    181. 

  181.      * Changes password for a user
    182. 

  182.      */
    183. 

  183.     private function changePassUrlParamsAndSubmitQuery(
    184. 

  184.         string $username,
    185. 

  185.         string $hostname,
    186. 

  186.         string $password,
    187. 

  187.         string $sql_query,
    188. 

  188.         string $hashing_function,
    189. 

  189.         string $orig_auth_plugin,
    190. 

  190.         bool $authPluginChanged
    191. 

  191.     ): void {
    192. 

  192.         global $dbi;
    193. 

  193. 

  194.         $err_url = Url::getFromRoute('/user-password');
    195. 

  195. 

  196.         $serverVersion = $dbi->getVersion();
    197. 

  197.         $isPerconaOrMySql = Compatibility::isMySqlOrPerconaDb();
    198. 

  198. 

  199.         if ($isPerconaOrMySql && $serverVersion >= 50706) {
    200. 

  200.             $local_query = $this->getChangePasswordQueryAlterUserMySQL(
    201. 

  201.                 $serverVersion,
    202. 

  202.                 $username,
    203. 

  203.                 $hostname,
    204. 

  204.                 $orig_auth_plugin,
    205. 

  205.                 $password,
    206. 

  206.                 $authPluginChanged
    207. 

  207.             );
    208. 

  208.         } elseif (
    209. 

  209.             Compatibility::isMariaDb()
    210. 

  210.             && $serverVersion >= 50200
    211. 

  211.             && $serverVersion < 100100
    212. 

  212.             && $orig_auth_plugin !== ''
    213. 

  213.         ) {
    214. 

  214.             if ($orig_auth_plugin === 'mysql_native_password') {
    215. 

  215.                 // Set the hashing method used by PASSWORD()
    216. 

  216.                 // to be 'mysql_native_password' type
    217. 

  217.                 $dbi->tryQuery('SET old_passwords = 0;');
    218. 

  218.             } elseif ($orig_auth_plugin === 'sha256_password') {
    219. 

  219.                 // Set the hashing method used by PASSWORD()
    220. 

  220.                 // to be 'sha256_password' type
    221. 

  221.                 $dbi->tryQuery('SET `old_passwords` = 2;');
    222. 

  222.             }
    223. 

  223. 

  224.             $hashedPassword = $this->serverPrivileges->getHashedPassword($_POST['pma_pw']);
    225. 

  225. 

  226.             $local_query = 'UPDATE `mysql`.`user` SET'
    227. 

  227.                 . " `authentication_string` = '" . $hashedPassword
    228. 

  228.                 . "', `Password` = '', "
    229. 

  229.                 . " `plugin` = '" . $orig_auth_plugin . "'"
    230. 

  230.                 . " WHERE `User` = '" . $dbi->escapeString($username)
    231. 

  231.                 . "' AND Host = '" . $dbi->escapeString($hostname) . "';";
    232. 

  232.         } else {
    233. 

  233.             $local_query = 'SET password = ' . ($password == ''
    234. 

  234.                 ? '\'\''
    235. 

  235.                 : $hashing_function . '(\''
    236. 

  236.                     . $dbi->escapeString($password) . '\')');
    237. 

  237.         }
    238. 

  238. 

  239.         if (! @$dbi->tryQuery($local_query)) {
    240. 

  240.             Generator::mysqlDie(
    241. 

  241.                 $dbi->getError(),
    242. 

  242.                 $sql_query,
    243. 

  243.                 false,
    244. 

  244.                 $err_url
    245. 

  245.             );
    246. 

  246.         }
    247. 

  247. 

  248.         // Flush privileges after successful password change
    249. 

  249.         $dbi->tryQuery('FLUSH PRIVILEGES;');
    250. 

  250.     }
    251. 

  251. 

  252.     public function getFormForChangePassword(?string $username, ?string $hostname): string
    253. 

  253.     {
    254. 

  254.         return $this->serverPrivileges->getFormForChangePassword($username ?? '', $hostname ?? '', false);
    255. 

  255.     }
    256. 

  256. }
    257.