diff --git a/ChangeLog b/ChangeLog
index e36a2163e..bed386d23 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,10 @@ phpMyAdmin - Changelog
 $Id$
 $Source$
 
+2002-03-17 Loīc Chapeaux  <lolo@phpheaven.net>
+	* user_details.php3; user_password.php3: no long displays the true password
+	  on screen.
+
 2002-03-16 Loīc Chapeaux  <lolo@phpheaven.net>
 	* header.inc.php3, line 76; main.php3, lines 13-24; lang/*;
 	  libraries/common.lib.php3, lines 146-150 & 367-387: the
diff --git a/user_details.php3 b/user_details.php3
index b0e0f5ec6..c59a52704 100644
--- a/user_details.php3
+++ b/user_details.php3
@@ -1120,13 +1120,16 @@ else if (isset($submit_addUser)) {
         unset($list_priv);
 
         if (get_magic_quotes_gpc() && $pma_pw != '') {
-            $pma_pw = stripslashes($pma_pw);
+            $pma_pw   = stripslashes($pma_pw);
         }
 
-        $sql_query  = 'INSERT INTO mysql.user '
-                    . 'SET Host = \'' . PMA_sqlAddslashes($host) . '\', User = \'' . PMA_sqlAddslashes($pma_user) . '\', ' . $password_field . ' = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . PMA_sqlAddslashes($pma_pw) . '\')')
-                    . ', ' . $sql_query;
-        $result     = @mysql_query($sql_query) or PMA_mysqlDie('', '', FALSE, $err_url);
+        $local_query  = 'INSERT INTO mysql.user '
+                      . 'SET Host = \'' . PMA_sqlAddslashes($host) . '\', User = \'' . PMA_sqlAddslashes($pma_user) . '\', ' . $password_field . ' = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . PMA_sqlAddslashes($pma_pw) . '\')')
+                      . ', ' . $sql_query;
+        $sql_query    = 'INSERT INTO mysql.user '
+                      . 'SET Host = \'' . PMA_sqlAddslashes($host) . '\', User = \'' . PMA_sqlAddslashes($pma_user) . '\', ' . $password_field . ' = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . ereg_replace('.', '*', $pma_pw) . '\')')
+                      . ', ' . $sql_query;
+        $result       = @mysql_query($local_query) or PMA_mysqlDie('', '', FALSE, $err_url);
         unset($host);
         unset($pma_user);
         PMA_showMessage($strAddUserMessage . '<br />' . $strRememberReload);
@@ -1187,8 +1190,10 @@ else if (isset($submit_updProfile)) {
         echo '<p><b>' . $strError . '&nbsp;:&nbsp;' . $strPasswordNotSame . '</b></p>' . "\n";
     }
     else {
-        $sql_query = (empty($common_upd) ? '' : $common_upd . ', ')
-                   . $password_field . ' = ' . (($new_pw == '') ? '\'\'' : 'PASSWORD(\'' . PMA_sqlAddslashes($new_pw) . '\')');
+        $sql_query   = (empty($common_upd) ? '' : $common_upd . ', ')
+                     . $password_field . ' = ' . (($new_pw == '') ? '\'\'' : 'PASSWORD(\'' . ereg_replace('.', '*', $new_pw) . '\')');
+        $local_query = (empty($common_upd) ? '' : $common_upd . ', ')
+                     . $password_field . ' = ' . (($new_pw == '') ? '\'\'' : 'PASSWORD(\'' . PMA_sqlAddslashes($new_pw) . '\')');
     }
 
     if (!empty($sql_query)) {
@@ -1196,9 +1201,9 @@ else if (isset($submit_updProfile)) {
         $sql_query_cpy      = '';
 
         // Updates profile
-        $sql_query          = 'UPDATE user SET ' . $sql_query . $common_where;
-        $sql_query_cpy      = $sql_query;
-        $result             = @mysql_query($sql_query) or PMA_mysqlDie('', '', FALSE, $err_url . '&amp;host=' . urlencode($host) . '&amp;pma_user=' . urlencode($pma_user) . '&amp;edit=1');
+        $local_query        = 'UPDATE user SET ' . $local_query . $common_where;
+        $sql_query_cpy      = 'UPDATE user SET ' . $sql_query . $common_where;
+        $result             = @mysql_query($local_query) or PMA_mysqlDie('', '', FALSE, $err_url . '&amp;host=' . urlencode($host) . '&amp;pma_user=' . urlencode($pma_user) . '&amp;edit=1');
 
         // Updates grants
         if (isset($new_server) || isset($new_user)) {
diff --git a/user_password.php3 b/user_password.php3
index 4e8fd4f04..c0de14154 100644
--- a/user_password.php3
+++ b/user_password.php3
@@ -49,8 +49,9 @@ if (isset($nopass)) {
         $common_url_query = 'lang=' . $lang . '&amp;server=' . $server;
         $err_url          = 'user_password.php3?' . $common_url_query;
 
-        $sql_query        = 'SET password = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . $pma_pw . '\')');
-        $result           = @mysql_query($sql_query) or PMA_mysqlDie('', '', FALSE, $err_url);
+        $sql_query        = 'SET password = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . ereg_replace('.', '*', $pma_pw) . '\')');
+        $local_query      = 'SET password = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . PMA_sqlAddslashes($pma_pw) . '\')');
+        $result           = @mysql_query($local_query) or PMA_mysqlDie('', '', FALSE, $err_url);
 
         // Changes password cookie if required
         if ($cfgServer['auth_type'] == 'cookie') {
@@ -65,6 +66,7 @@ if (isset($nopass)) {
         // Displays the page
         include('./header.inc.php3');
         echo '<h1>' . $strChangePassword . '</h1>' . "\n\n";
+        $show_query = 'y';
         PMA_showMessage(get_magic_quotes_gpc() ? addslashes($strUpdateProfileMessage) : $strUpdateProfileMessage);
         ?>
         <a href="index.php3?<?php echo $common_url_query . $http_logout; ?>" target="_parent">
