Skip to content

K
kiosqueip
Switch branch/tag
Find file
Normal viewHistoryPermalink
ChangePassword.php 6.41 KB
Newer Older
Hamza Arfaoui's avatar
CAFI kiosque ip
9a0f04a1
 
Hamza Arfaoui committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
 * Displays form for password change
 *
 * @package PhpMyAdmin
 */
namespace PhpMyAdmin\Display;

use PhpMyAdmin\Message;
use PhpMyAdmin\Server\Privileges;
use PhpMyAdmin\Url;
use PhpMyAdmin\Util;

/**
 * Displays form for password change
 *
 * @package PhpMyAdmin
 */
class ChangePassword
{
    /**
      * Get HTML for the Change password dialog
      *
      * @param string $mode     where is the function being called?
      *                         values : 'change_pw' or 'edit_other'
      * @param string $username username
      * @param string $hostname hostname
      *
      * @return string html snippet
      */
    public static function getHtml($mode, $username, $hostname)
    {
        /**
         * autocomplete feature of IE kills the "onchange" event handler and it
         * must be replaced by the "onpropertychange" one in this case
         */
        $chg_evt_handler = 'onchange';

        $is_privileges = basename($_SERVER['SCRIPT_NAME']) === 'server_privileges.php';

        $html = '<form method="post" id="change_password_form" '
            . 'action="' . basename($GLOBALS['PMA_PHP_SELF']) . '" '
            . 'name="chgPassword" '
            . 'class="' . ($is_privileges ? 'submenu-item' : '') . '">';

        $html .= Url::getHiddenInputs();

        if (strpos($GLOBALS['PMA_PHP_SELF'], 'server_privileges') !== false) {
            $html .= '<input type="hidden" name="username" '
                . 'value="' . htmlspecialchars($username) . '" />'
                . '<input type="hidden" name="hostname" '
                . 'value="' . htmlspecialchars($hostname) . '" />';
        }
        $html .= '<fieldset id="fieldset_change_password">'
            . '<legend'
            . ($is_privileges
                ? ' data-submenu-label="' . __('Change password') . '"'
                : ''
            )
            . '>' . __('Change password') . '</legend>'
            . '<table class="data noclick">'
            . '<tr>'
            . '<td colspan="2">'
            . '<input type="radio" name="nopass" value="1" id="nopass_1" '
            . 'onclick="pma_pw.value = \'\'; pma_pw2.value = \'\'; '
            . 'this.checked = true" />'
            . '<label for="nopass_1">' . __('No Password') . '</label>'
            . '</td>'
            . '</tr>'
            . '<tr class="vmiddle">'
            . '<td>'
            . '<input type="radio" name="nopass" value="0" id="nopass_0" '
            . 'onclick="document.getElementById(\'text_pma_change_pw\').focus();" '
            . 'checked="checked" />'
            . '<label for="nopass_0">' . __('Password:') . '&nbsp;</label>'
            . '</td>'
            . '<td>'
            . __('Enter:') . '&nbsp;&nbsp;&nbsp;&nbsp;&nbsp'
            . '<input type="password" name="pma_pw" id="text_pma_change_pw" size="10" '
            . 'class="textfield"'
            . 'onkeyup="checkPasswordStrength($(this).val(), $(\'#change_password_strength_meter\'), meter_obj_label = $(\'#change_password_strength\'), PMA_commonParams.get(\'user\'));" '
            . $chg_evt_handler . '="nopass[1].checked = true" />'
            . '<span>Strength:</span> '
            . '<meter max="4" id="change_password_strength_meter" name="pw_meter"></meter> '
            . '<span id="change_password_strength" name="pw_strength">Good</span>'
            . '<br>' . __('Re-type:') . '&nbsp;'
            . '<input type="password" name="pma_pw2" id="text_pma_change_pw2" size="10" '
            . 'class="textfield"'
            . $chg_evt_handler . '="nopass[1].checked = true" />'
            . '</td>'
            . '</tr>';

        $serverType = Util::getServerType();
        $serverVersion = $GLOBALS['dbi']->getVersion();
        $orig_auth_plugin = Privileges::getCurrentAuthenticationPlugin(
            'change',
            $username,
            $hostname
        );

        if (($serverType == 'MySQL'
            && $serverVersion >= 50507)
            || ($serverType == 'MariaDB'
            && $serverVersion >= 50200)
        ) {
            // Provide this option only for 5.7.6+
            // OR for privileged users in 5.5.7+
            if (($serverType == 'MySQL'
                && $serverVersion >= 50706)
                || ($GLOBALS['dbi']->isSuperuser() && $mode == 'edit_other')
            ) {
                $auth_plugin_dropdown = Privileges::getHtmlForAuthPluginsDropdown(
                    $orig_auth_plugin, 'change_pw', 'new'
                );

                $html .= '<tr class="vmiddle">'
                    . '<td>' . __('Password Hashing:') . '</td><td>';
                $html .= $auth_plugin_dropdown;
                $html .= '</td></tr>'
                    . '<tr id="tr_element_before_generate_password"></tr>'
                    . '</table>';

                $html .= '<div'
                    . ($orig_auth_plugin != 'sha256_password'
                        ? ' class="hide"'
                        : '')
                    . ' id="ssl_reqd_warning_cp">'
                    . Message::notice(
                        __(
                            'This method requires using an \'<i>SSL connection</i>\' '
                            . 'or an \'<i>unencrypted connection that encrypts the '
                            . 'password using RSA</i>\'; while connecting to the server.'
                        )
                        . Util::showMySQLDocu(
                            'sha256-authentication-plugin'
                        )
                    )
                        ->getDisplay()
                    . '</div>';
            } else {
                $html .= '<tr id="tr_element_before_generate_password"></tr>'
                    . '</table>';
            }
        } else {
            $auth_plugin_dropdown = Privileges::getHtmlForAuthPluginsDropdown(
                $orig_auth_plugin, 'change_pw', 'old'
            );

            $html .= '<tr class="vmiddle">'
                . '<td>' . __('Password Hashing:') . '</td><td>';
            $html .= $auth_plugin_dropdown . '</td></tr>'
                . '<tr id="tr_element_before_generate_password"></tr>'
                . '</table>';
        }

        $html .= '</fieldset>'
            . '<fieldset id="fieldset_change_password_footer" class="tblFooters">'
            . '<input type="hidden" name="change_pw" value="1" />'
            . '<input type="submit" value="' . __('Go') . '" />'
            . '</fieldset>'
            . '</form>';
        return $html;
    }
}