WebSVN – MLAB – Blame – /Web/Maintenance/phpMyAdmin/user

250

kaklik

1

<?php

2

/* $Id: user_password.php,v 2.10 2005/11/24 09:12:16 nijel Exp $ */

3

// vim: expandtab sw=4 ts=4 sts=4:

4

5

6

/**

7

* Gets some core libraries

8

*/

9

require_once('./libraries/common.lib.php');

10

11

/**

12

* Displays an error message and exits if the user isn't allowed to use this

13

* script

14

*/

15

if (!$cfg['ShowChgPassword']) {

16

$cfg['ShowChgPassword'] = PMA_DBI_select_db('mysql');

17

}

18

if ($cfg['Server']['auth_type'] == 'config' || !$cfg['ShowChgPassword']) {

19

require_once('./libraries/header.inc.php');

20

echo '<p><b>' . $strError . '</b></p>' . "\n"

21

. '<p>    ' . $strNoRights . '</p>' . "\n";

22

require_once('./libraries/footer.inc.php');

23

} // end if

24

25

26

/**

27

* If the "change password" form has been submitted, checks for valid values

28

* and submit the query or logout

29

*/

30

if (isset($nopass)) {

31

$error_msg = '';

32

33

if ($nopass == 0 && isset($pma_pw) && isset($pma_pw2)) {

34

if ($pma_pw != $pma_pw2) {

35

$error_msg = $strPasswordNotSame;

36

}

37

if (empty($pma_pw) || empty($pma_pw2)) {

38

$error_msg = $strPasswordEmpty;

39

}

40

} // end if

41

42

// here $nopass could be == 1

43

if (empty($error_msg)) {

44

45

// Defines the url to return to in case of error in the sql statement

46

$common_url_query = PMA_generate_common_url();

47

48

$err_url = 'user_password.php?' . $common_url_query;

49

$hashing_function = (PMA_MYSQL_INT_VERSION >= 40102 && !empty($pw_hash) && $pw_hash == 'old' ? 'OLD_' : '')

50

. 'PASSWORD';

51

52

        $sql_query        = 'SET password = ' . (($pma_pw == '') ? '\'\'' : $hashing_function . '(\'' . preg_replace('@.@s', '*', $pma_pw) . '\')');

53

        $local_query      = 'SET password = ' . (($pma_pw == '') ? '\'\'' : $hashing_function . '(\'' . PMA_sqlAddslashes($pma_pw) . '\')');

54

        $result           = @PMA_DBI_try_query($local_query) or PMA_mysqlDie(PMA_DBI_getError(), $sql_query, FALSE, $err_url);

55

56

// Changes password cookie if required

57

// Duration = till the browser is closed for password (we don't want this to be saved)

58

if ($cfg['Server']['auth_type'] == 'cookie') {

59

60

setcookie('pma_cookie_password-' . $server,

61

PMA_blowfish_encrypt($pma_pw,

62

$GLOBALS['cfg']['blowfish_secret'] . $GLOBALS['current_time']),

63

0,

64

$GLOBALS['cookie_path'], '',

65

$GLOBALS['is_https']);

66

67

} // end if

68

// For http auth. mode, the "back" link will also enforce new

69

// authentication

70

$http_logout = ($cfg['Server']['auth_type'] == 'http')

71

? '&old_usr=relog'

72

: '';

73

74

// Displays the page

75

require_once('./libraries/header.inc.php');

76

echo '<h1>' . $strChangePassword . '</h1>' . "\n\n";

77

$show_query = 'y';

78

PMA_showMessage($strUpdateProfileMessage);

79

?>

80

<a href="index.php?<?php echo $common_url_query . $http_logout; ?>" target="_parent">

81

<b><?php echo $strBack; ?></b></a>

82

<?php

83

exit();

84

} // end if

85

} // end if

86

87

88

/**

89

* If the "change password" form hasn't been submitted or the values submitted

90

* aren't valid -> displays the form

91

*/

92

// Loads the headers

93

$js_to_run = 'user_password.js';

94

require_once('./libraries/header.inc.php');

95

echo '<h1>' . $strChangePassword . '</h1>' . "\n\n";

96

97

// Displays an error message if required

98

if (!empty($error_msg)) {

99

echo '<p><b>' . $strError . ': ' . $error_msg . '</b></p>' . "\n";

100

}

101

102

// loic1: autocomplete feature of IE kills the "onchange" event handler and it

103

// must be replaced by the "onpropertychange" one in this case

104

$chg_evt_handler = (PMA_USR_BROWSER_AGENT == 'IE' && PMA_USR_BROWSER_VER >= 5)

105

? 'onpropertychange'

106

: 'onchange';

107

108

// Displays the form

109

?>

110

<form method="post" action="./user_password.php" name="chgPassword" onsubmit="return checkPassword(this)">

111

<?php echo PMA_generate_common_hidden_inputs(); ?>

112

<table border="0">

113

<tr>

114

<td colspan="2">

115

            <input type="radio" name="nopass" value="1" onclick="pma_pw.value = ''; pma_pw2.value = ''; this.checked = true" />

116

<?php echo $GLOBALS['strNoPassword'] . "\n"; ?>

117

</td>

118

</tr>

119

<tr>

120

<td>

121

<input type="radio" name="nopass" value="0" checked="checked " />

122

<?php echo $GLOBALS['strPassword']; ?>: 

123

</td>

124

<td>

125

            <input type="password" name="pma_pw" size="10" class="textfield" <?php echo $chg_evt_handler; ?>="nopass[1].checked = true" />

126

  

127

<?php echo $GLOBALS['strReType']; ?>: 

128

            <input type="password" name="pma_pw2" size="10" class="textfield" <?php echo $chg_evt_handler; ?>="nopass[1].checked = true" />

129

</td>

130

</tr>

131

<?php

132

133

if (PMA_MYSQL_INT_VERSION >= 40102) {

134

?>

135

<tr>

136

<td>

137

<?php echo $strPasswordHashing; ?>:

138

</td>

139

<td>

140

<input type="radio" name="pw_hash" id="radio_pw_hash_new" value="new" checked="checked" />

141

<label for="radio_pw_hash_new">

142

MySQL 4.1

143

</label>

144

</td>

145

</tr>

146

<tr>

147

<td> </td>

148

<td>

149

<input type="radio" name="pw_hash" id="radio_pw_hash_old" value="old" />

150

<label for="radio_pw_hash_old">

151

<?php echo $strCompatibleHashing; ?>

152

</label>

153

</td>

154

</tr>

155

<?php

156

}

157

158

?>

159

<tr>

160

<td colspan="2"> </td>

161

</tr>

162

<tr>

163

<td colspan="2">

164

<input type="submit" value="<?php echo($strChange); ?>" />

165

</td>

166

</tr>

167

</table>

168

</form>

169

170

<?php

171

/**

172

* Displays the footer

173

*/

174

require_once('./libraries/footer.inc.php');

175

?>

Subversion Repositories – MLAB

(root)/Web/Maintenance/phpMyAdmin/user_password.php @ 541

Rev