diff --git a/htdocs/sql/user_password.php b/htdocs/sql/user_password.php new file mode 100755 --- /dev/null +++ b/htdocs/sql/user_password.php @@ -0,0 +1,106 @@ +' . $strError . '

' . "\n" + . '

    ' . $strNoRights . '

' . "\n"; + require_once './libraries/footer.inc.php'; +} // end if + + +/** + * If the "change password" form has been submitted, checks for valid values + * and submit the query or logout + */ +if (isset($nopass)) { + // similar logic in server_privileges.php + $error_msg = ''; + + if ($nopass == 0 && isset($pma_pw) && isset($pma_pw2)) { + if ($pma_pw != $pma_pw2) { + $error_msg = $strPasswordNotSame; + } + if (empty($pma_pw) || empty($pma_pw2)) { + $error_msg = $strPasswordEmpty; + } + } // end if + + // here $nopass could be == 1 + if (empty($error_msg)) { + + // Defines the url to return to in case of error in the sql statement + $common_url_query = PMA_generate_common_url(); + + $err_url = 'user_password.php?' . $common_url_query; + $hashing_function = (PMA_MYSQL_INT_VERSION >= 40102 && !empty($pw_hash) && $pw_hash == 'old' ? 'OLD_' : '') + . 'PASSWORD'; + + $sql_query = 'SET password = ' . (($pma_pw == '') ? '\'\'' : $hashing_function . '(\'' . preg_replace('@.@s', '*', $pma_pw) . '\')'); + $local_query = 'SET password = ' . (($pma_pw == '') ? '\'\'' : $hashing_function . '(\'' . PMA_sqlAddslashes($pma_pw) . '\')'); + $result = @PMA_DBI_try_query($local_query) or PMA_mysqlDie(PMA_DBI_getError(), $sql_query, FALSE, $err_url); + + // Changes password cookie if required + // Duration = till the browser is closed for password (we don't want this to be saved) + if ($cfg['Server']['auth_type'] == 'cookie') { + + PMA_setCookie('pmaPass-' . $server, PMA_blowfish_encrypt($pma_pw, $GLOBALS['cfg']['blowfish_secret'])); + + } // end if + // For http auth. mode, the "back" link will also enforce new + // authentication + $http_logout = ($cfg['Server']['auth_type'] == 'http') + ? '&old_usr=relog' + : ''; + + // Displays the page + require_once './libraries/header.inc.php'; + echo '

' . $strChangePassword . '

' . "\n\n"; + $show_query = 'y'; + PMA_showMessage($strUpdateProfileMessage); + ?> + + + displays the form + */ +// Loads the headers +$js_to_run = 'user_password.js'; +require_once './libraries/header.inc.php'; +echo '

' . $strChangePassword . '

' . "\n\n"; + +// Displays an error message if required +if (!empty($error_msg)) { + echo '

' . $strError . ': ' . $error_msg . '

' . "\n"; +} + +require_once './libraries/display_change_password.lib.php'; + +/** + * Displays the footer + */ +require_once './libraries/footer.inc.php'; +?>