fixes for backslash in password/username
This commit is contained in:
Michal Čihař
@@ -5,6 +5,12 @@ phpMyAdmin - Changelog
|
||||
$Id$
|
||||
$Source$
|
||||
|
||||
2003-07-09 Michal Cihar <nijel@users.sourceforge.net>
|
||||
* libraries/auth/cookie.auth.lib.php3: Fixed broken login with backslash
|
||||
in password/username (bug #747020).
|
||||
* server_privileges.php3: Fixed escaping when backslash in
|
||||
password/username.
|
||||
|
||||
2003-07-09 Garvin Hicking <me@supergarv.de>
|
||||
* Documentation.html, config.inc.php3, libraries/common.lib.php3,
|
||||
libraries/config_import.lib.php3, header.inc.php3: Created auto-detection
|
||||
|
||||
@@ -445,12 +445,15 @@ if (uname.value == '') {
|
||||
// Returns whether we get authentication settings or not
|
||||
if (!$from_cookie && !$from_form) {
|
||||
return FALSE;
|
||||
} else {
|
||||
} elseif ($from_cookie) {
|
||||
if (get_magic_quotes_gpc()) {
|
||||
$PHP_AUTH_USER = stripslashes($PHP_AUTH_USER);
|
||||
$PHP_AUTH_PW = stripslashes($PHP_AUTH_PW);
|
||||
// no need to strip password as it is encrypted during transfer
|
||||
}
|
||||
return TRUE;
|
||||
} else {
|
||||
// we don't need to strip here, it is done in grab_globals
|
||||
return TRUE;
|
||||
}
|
||||
} // end of the 'PMA_auth_check()' function
|
||||
|
||||
|
||||
@@ -155,11 +155,11 @@ function PMA_displayPrivTable($db = '*', $table = '*', $submit = TRUE, $indent =
|
||||
$username = $GLOBALS['username'];
|
||||
$hostname = $GLOBALS['hostname'];
|
||||
if ($db == '*') {
|
||||
$sql_query = 'SELECT * FROM `user` WHERE `User` = "' . $username . '" AND `Host` = "' . $hostname . '";';
|
||||
$sql_query = 'SELECT * FROM `user` WHERE `User` = "' . PMA_sqlAddslashes($username) . '" AND `Host` = "' . $hostname . '";';
|
||||
} else if ($table == '*') {
|
||||
$sql_query = 'SELECT * FROM `db` WHERE `User` = "' . $username . '" AND `Host` = "' . $hostname . '" AND `Db` = "' . $db . '";';
|
||||
$sql_query = 'SELECT * FROM `db` WHERE `User` = "' . PMA_sqlAddslashes($username) . '" AND `Host` = "' . $hostname . '" AND `Db` = "' . $db . '";';
|
||||
} else {
|
||||
$sql_query = 'SELECT `Table_priv` FROM `tables_priv` WHERE `User` = "' . $username . '" AND `Host` = "' . $hostname . '" AND `Db` = "' . $db . '" AND `Table_name` = "' . $table . '";';
|
||||
$sql_query = 'SELECT `Table_priv` FROM `tables_priv` WHERE `User` = "' . PMA_sqlAddslashes($username) . '" AND `Host` = "' . $hostname . '" AND `Db` = "' . $db . '" AND `Table_name` = "' . $table . '";';
|
||||
}
|
||||
$res = PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $sql_query);
|
||||
if ($res) {
|
||||
@@ -220,7 +220,7 @@ function PMA_displayPrivTable($db = '*', $table = '*', $submit = TRUE, $indent =
|
||||
}
|
||||
}
|
||||
if (!empty($columns)) {
|
||||
$sql_query = 'SELECT `Column_name`, `Column_priv` FROM `columns_priv` WHERE `User` = "' . $username . '" AND `Host` = "' . $hostname . '" AND `Db` = "' . $db . '" AND `Table_name` = "' . $table . '";';
|
||||
$sql_query = 'SELECT `Column_name`, `Column_priv` FROM `columns_priv` WHERE `User` = "' . PMA_sqlAddslashes($username) . '" AND `Host` = "' . $hostname . '" AND `Db` = "' . $db . '" AND `Table_name` = "' . $table . '";';
|
||||
$res = PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $sql_query);
|
||||
while ($row1 = PMA_mysql_fetch_row($res)) {
|
||||
$row1[1] = explode(',', $row1[1]);
|
||||
@@ -555,7 +555,7 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0)
|
||||
* Changes / copies a user, part I
|
||||
*/
|
||||
if (!empty($change_copy)) {
|
||||
$local_query = 'SELECT * FROM `mysql`.`user` WHERE `User` = "' . $old_username . '" AND `Host` = "' . $old_hostname . '";';
|
||||
$local_query = 'SELECT * FROM `mysql`.`user` WHERE `User` = "' . PMA_sqlAddslashes($old_username) . '" AND `Host` = "' . $old_hostname . '";';
|
||||
$res = PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $local_query);
|
||||
if (!$res) {
|
||||
$message = $strNoUsersFound;
|
||||
@@ -597,7 +597,7 @@ if (!empty($adduser_submit) || !empty($change_copy)) {
|
||||
unset($row);
|
||||
break;
|
||||
}
|
||||
$local_query = 'SELECT "foo" FROM `user` WHERE `User` = "' . $username . '" AND `Host` = "' . $hostname . '";';
|
||||
$local_query = 'SELECT "foo" FROM `user` WHERE `User` = "' . PMA_sqlAddslashes($username) . '" AND `Host` = "' . $hostname . '";';
|
||||
$res = PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $local_query);
|
||||
unset($local_query);
|
||||
if (mysql_affected_rows($userlink) == 1) {
|
||||
@@ -605,7 +605,7 @@ if (!empty($adduser_submit) || !empty($change_copy)) {
|
||||
$adduser = 1;
|
||||
} else {
|
||||
if (PMA_MYSQL_INT_VERSION >= 32211) {
|
||||
$real_sql_query = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON *.* TO "' . $username . '"@"' . $hostname . '"';
|
||||
$real_sql_query = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON *.* TO "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '"';
|
||||
if ($pred_password != 'none' && $pred_password != 'keep') {
|
||||
$pma_pw_hidden = '';
|
||||
for ($i = 0; $i < strlen($pma_pw); $i++) {
|
||||
@@ -650,7 +650,7 @@ if (!empty($adduser_submit) || !empty($change_copy)) {
|
||||
unset($real_sql_query);
|
||||
} else {
|
||||
$privileges = PMA_extractPrivInfo();
|
||||
$real_sql_query = 'INSERT INTO `user` SET `Host` = "' . $hostname . '", `User` = "' . $username . '"';
|
||||
$real_sql_query = 'INSERT INTO `user` SET `Host` = "' . $hostname . '", `User` = "' . PMA_sqlAddslashes($username) . '"';
|
||||
if ($pred_password != 'none') {
|
||||
$pma_pw_hidden = '';
|
||||
for ($i = 0; $i < strlen($pma_pw); $i++) {
|
||||
@@ -679,16 +679,16 @@ if (!empty($adduser_submit) || !empty($change_copy)) {
|
||||
* Changes / copies a user, part III
|
||||
*/
|
||||
if (!empty($change_copy)) {
|
||||
$local_query = 'SELECT * FROM `mysql`.`db` WHERE `User` = "' . $old_username . '" AND `Host` = "' . $old_hostname . '";';
|
||||
$local_query = 'SELECT * FROM `mysql`.`db` WHERE `User` = "' . PMA_sqlAddslashes($old_username) . '" AND `Host` = "' . $old_hostname . '";';
|
||||
$res = PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $local_query);
|
||||
while ($row = PMA_mysql_fetch_array($res, MYSQL_ASSOC)) {
|
||||
$queries[] = 'GRANT ' . join(', ', PMA_extractPrivInfo($row)) . ' ON `' . $row['Db'] . '`.* TO "' . $username . '"@"' . $hostname . '"' . ($row['Grant_priv'] == 'Y' ? ' WITH GRANT OPTION' : '') . ';';
|
||||
$queries[] = 'GRANT ' . join(', ', PMA_extractPrivInfo($row)) . ' ON `' . $row['Db'] . '`.* TO "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '"' . ($row['Grant_priv'] == 'Y' ? ' WITH GRANT OPTION' : '') . ';';
|
||||
}
|
||||
mysql_free_result($res);
|
||||
$local_query = 'SELECT `Db`, `Table_name`, `Table_priv` FROM `mysql`.`tables_priv` WHERE `User` = "' . $old_username . '" AND `Host` = "' . $old_hostname . '";';
|
||||
$local_query = 'SELECT `Db`, `Table_name`, `Table_priv` FROM `mysql`.`tables_priv` WHERE `User` = "' . PMA_sqlAddslashes($old_username) . '" AND `Host` = "' . $old_hostname . '";';
|
||||
$res = PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $local_query);
|
||||
while ($row = PMA_mysql_fetch_array($res, MYSQL_ASSOC)) {
|
||||
$local_query = 'SELECT `Column_name`, `Column_priv` FROM `mysql`.`columns_priv` WHERE `User` = "' . $old_username . '" AND `Host` = "' . $old_hostname . '" AND `Db` = "' . $row['Db'] . '";';
|
||||
$local_query = 'SELECT `Column_name`, `Column_priv` FROM `mysql`.`columns_priv` WHERE `User` = "' . PMA_sqlAddslashes($old_username) . '" AND `Host` = "' . $old_hostname . '" AND `Db` = "' . $row['Db'] . '";';
|
||||
$res2 = PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $local_query);
|
||||
$tmp_privs1 = PMA_extractPrivInfo($row);
|
||||
$tmp_privs2 = array(
|
||||
@@ -726,7 +726,7 @@ if (!empty($change_copy)) {
|
||||
$tmp_privs1[] = 'REFERENCES (`' . join(', ', $tmp_privs2['References']) . '`)';
|
||||
}
|
||||
unset($tmp_privs2);
|
||||
$queries[] = 'GRANT ' . join(', ', $tmp_privs1) . ' ON `' . $row['Db'] . '`.`' . $row['Table_name'] . '` TO "' . $username . '"@"' . $hostname . '"' . (in_array('Grant', explode(',', $row['Table_priv'])) ? ' WITH GRANT OPTION' : '') . ';';
|
||||
$queries[] = 'GRANT ' . join(', ', $tmp_privs1) . ' ON `' . $row['Db'] . '`.`' . $row['Table_name'] . '` TO "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '"' . (in_array('Grant', explode(',', $row['Table_priv'])) ? ' WITH GRANT OPTION' : '') . ';';
|
||||
}
|
||||
}
|
||||
|
||||
@@ -737,9 +737,9 @@ if (!empty($change_copy)) {
|
||||
if (!empty($update_privs)) {
|
||||
if (PMA_MYSQL_INT_VERSION >= 32211) {
|
||||
$db_and_table = empty($dbname) ? '*.*' : PMA_backquote($dbname) . '.' . (empty($tablename) ? '*' : PMA_backquote($tablename));
|
||||
$sql_query0 = 'REVOKE ALL PRIVILEGES ON ' . $db_and_table . ' FROM "' . $username . '"@"' . $hostname . '";';
|
||||
$sql_query1 = 'REVOKE GRANT OPTION ON ' . $db_and_table . ' FROM "' . $username . '"@"' . $hostname . '";';
|
||||
$sql_query2 = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON ' . $db_and_table . ' TO "' . $username . '"@"' . $hostname . '"';
|
||||
$sql_query0 = 'REVOKE ALL PRIVILEGES ON ' . $db_and_table . ' FROM "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '";';
|
||||
$sql_query1 = 'REVOKE GRANT OPTION ON ' . $db_and_table . ' FROM "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '";';
|
||||
$sql_query2 = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON ' . $db_and_table . ' TO "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '"';
|
||||
if ((isset($Grant_priv) && $Grant_priv == 'Y') || (empty($dbname) && (isset($max_questions) || isset($max_connections) || isset($max_updates)))) {
|
||||
$sql_query2 .= 'WITH';
|
||||
if (isset($Grant_priv) && $Grant_priv == 'Y') {
|
||||
@@ -818,8 +818,8 @@ if (!empty($change_pw)) {
|
||||
for ($i = 0; $i < strlen($pma_pw); $i++) {
|
||||
$hidden_pw .= '*';
|
||||
}
|
||||
$local_query = 'SET PASSWORD FOR "' . $username . '"@"' . $hostname . '" = PASSWORD("' . $pma_pw . '")';
|
||||
$sql_query = 'SET PASSWORD FOR "' . $username . '"@"' . $hostname . '" = PASSWORD("' . $hidden_pw . '")';
|
||||
$local_query = 'SET PASSWORD FOR "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '" = PASSWORD("' . PMA_sqlAddslashes($pma_pw) . '")';
|
||||
$sql_query = 'SET PASSWORD FOR "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '" = PASSWORD("' . $hidden_pw . '")';
|
||||
PMA_mysql_query($local_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink));
|
||||
$message = sprintf($strPasswordChanged, '\'' . $username . '\'@\'' . $hostname . '\'');
|
||||
}
|
||||
@@ -842,14 +842,14 @@ if (!empty($delete) || (!empty($change_copy) && $mode < 4)) {
|
||||
if ($mode == 2) {
|
||||
// The SHOW GRANTS query may fail if the user has not been loaded
|
||||
// into memory
|
||||
$res = PMA_mysql_query('SHOW GRANTS FOR "' . $this_user . '"@"' . $this_host . '";', $userlink);
|
||||
$res = PMA_mysql_query('SHOW GRANTS FOR "' . PMA_sqlAddslashes($this_user) . '"@"' . $this_host . '";', $userlink);
|
||||
if ($res) {
|
||||
$queries[] = 'REVOKE ALL PRIVILEGES ON *.* FROM "' . $this_user . '"@"' . $this_host . '";';
|
||||
$queries[] = 'REVOKE ALL PRIVILEGES ON *.* FROM "' . PMA_sqlAddslashes($this_user) . '"@"' . $this_host . '";';
|
||||
while ($row = PMA_mysql_fetch_row($res)) {
|
||||
$this_table = substr($row[0], (strpos($row[0], 'ON') + 3), (strpos($row[0], ' TO ') - strpos($row[0], 'ON') - 3));
|
||||
if ($this_table != '*.*') {
|
||||
$queries[] = 'REVOKE ALL PRIVILEGES ON ' . $this_table . ' FROM "' . $this_user . '"@"' . $this_host . '";';
|
||||
$queries[] = 'REVOKE GRANT OPTION ON ' . $this_table . ' FROM "' . $this_user . '"@"' . $this_host . '";';
|
||||
$queries[] = 'REVOKE ALL PRIVILEGES ON ' . $this_table . ' FROM "' . PMA_sqlAddslashes($this_user) . '"@"' . $this_host . '";';
|
||||
$queries[] = 'REVOKE GRANT OPTION ON ' . $this_table . ' FROM "' . PMA_sqlAddslashes($this_user) . '"@"' . $this_host . '";';
|
||||
}
|
||||
unset($this_table);
|
||||
}
|
||||
@@ -857,13 +857,13 @@ if (!empty($delete) || (!empty($change_copy) && $mode < 4)) {
|
||||
}
|
||||
unset($res);
|
||||
}
|
||||
$queries[] = 'DELETE FROM `user` WHERE `User` = "' . $this_user . '" AND `Host` = "' . $this_host . '";';
|
||||
$queries[] = 'DELETE FROM `user` WHERE `User` = "' . PMA_sqlAddslashes($this_user) . '" AND `Host` = "' . $this_host . '";';
|
||||
if ($mode != 2) {
|
||||
// If we REVOKE the table grants, we should not need to modify the
|
||||
// `db`, `tables_priv` and `columns_priv` tables manually...
|
||||
$queries[] = 'DELETE FROM `db` WHERE `User` = "' . $this_user . '" AND `Host` = "' . $this_host . '";';
|
||||
$queries[] = 'DELETE FROM `tables_priv` WHERE `User` = "' . $this_user . '" AND `Host` = "' . $this_host . '";';
|
||||
$queries[] = 'DELETE FROM `columns_priv` WHERE `User` = "' . $this_user . '" AND `Host` = "' . $this_host . '";';
|
||||
$queries[] = 'DELETE FROM `db` WHERE `User` = "' . PMA_sqlAddslashes($this_user) . '" AND `Host` = "' . $this_host . '";';
|
||||
$queries[] = 'DELETE FROM `tables_priv` WHERE `User` = "' . PMA_sqlAddslashes($this_user) . '" AND `Host` = "' . $this_host . '";';
|
||||
$queries[] = 'DELETE FROM `columns_priv` WHERE `User` = "' . PMA_sqlAddslashes($this_user) . '" AND `Host` = "' . $this_host . '";';
|
||||
}
|
||||
if (!empty($drop_users_db)) {
|
||||
$queries[] = 'DROP DATABASE IF EXISTS ' . PMA_backquote($this_user) . ';';
|
||||
@@ -1056,7 +1056,7 @@ if (empty($adduser) && empty($checkprivs)) {
|
||||
}
|
||||
}
|
||||
echo '</h2>' . "\n";
|
||||
$res = PMA_mysql_query('SELECT "foo" FROM `user` WHERE `User` = "' . $username . '" AND `Host` = "' . $hostname . '";', $userlink);
|
||||
$res = PMA_mysql_query('SELECT "foo" FROM `user` WHERE `User` = "' . PMA_sqlAddslashes($username) . '" AND `Host` = "' . $hostname . '";', $userlink);
|
||||
if (mysql_affected_rows($userlink) <= 0) {
|
||||
echo $strUserNotFound;
|
||||
include('./footer.inc.php3');
|
||||
@@ -1094,9 +1094,9 @@ if (empty($adduser) && empty($checkprivs)) {
|
||||
. ' <th colspan="2"> ' . $strAction . ' </th>' . "\n"
|
||||
. ' </tr>' . "\n";
|
||||
if (empty($dbname)) {
|
||||
$sql_query = 'SELECT * FROM `db` WHERE `Host` = "' . $hostname . '" AND `User` = "' . $username . '" ORDER BY `Db` ASC;';
|
||||
$sql_query = 'SELECT * FROM `db` WHERE `Host` = "' . $hostname . '" AND `User` = "' . PMA_sqlAddslashes($username) . '" ORDER BY `Db` ASC;';
|
||||
} else {
|
||||
$sql_query = 'SELECT `Table_name`, `Table_priv`, IF(`Column_priv` = "", 0, 1) AS "Column_priv" FROM `tables_priv` WHERE `Host` = "' . $hostname . '" AND `User` = "' . $username . '" AND `Db` = "' . $dbname . '" ORDER BY `Table_name` ASC;';
|
||||
$sql_query = 'SELECT `Table_name`, `Table_priv`, IF(`Column_priv` = "", 0, 1) AS "Column_priv" FROM `tables_priv` WHERE `Host` = "' . $hostname . '" AND `User` = "' . PMA_sqlAddslashes($username) . '" AND `Db` = "' . $dbname . '" ORDER BY `Table_name` ASC;';
|
||||
}
|
||||
$res = PMA_mysql_query($sql_query, $userlink) or PMA_mysqlDie(PMA_mysql_error($userlink), $sql_query);
|
||||
if (mysql_affected_rows($userlink) == 0) {
|
||||
@@ -1106,7 +1106,7 @@ if (empty($adduser) && empty($checkprivs)) {
|
||||
} else {
|
||||
$useBgcolorOne = TRUE;
|
||||
if (empty($dbname)) {
|
||||
$res2 = PMA_mysql_query('SELECT `Db` FROM `tables_priv` WHERE `Host` = "' . $hostname . '" AND `User` = "' . $username . '" GROUP BY `Db` ORDER BY `Db` ASC;') or PMA_mysqlDie(PMA_mysql_error($userlink), 'SELECT `Db` FROM `tables_priv` WHERE `Host` = "' . $hostname . '" AND `User` = "' . $username . '" GROUP BY `Db` ORDER BY `Db` ASC;');
|
||||
$res2 = PMA_mysql_query('SELECT `Db` FROM `tables_priv` WHERE `Host` = "' . $hostname . '" AND `User` = "' . PMA_sqlAddslashes($username) . '" GROUP BY `Db` ORDER BY `Db` ASC;') or PMA_mysqlDie(PMA_mysql_error($userlink), 'SELECT `Db` FROM `tables_priv` WHERE `Host` = "' . $hostname . '" AND `User` = "' . PMA_sqlAddslashes($username) . '" GROUP BY `Db` ORDER BY `Db` ASC;');
|
||||
$row2 = PMA_mysql_fetch_array($res2, MYSQL_ASSOC);
|
||||
}
|
||||
$found_rows = array();
|
||||
|
||||
Reference in New Issue
Block a user