nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

No long displays the true password on screen

Browse Source
This commit is contained in:
Loïc Chapeaux
2002-03-17 09:29:41 +00:00
parent 99bfd938fa
commit 7d0e59b8e9
3 changed files with 23 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@@ -5,6 +5,10 @@ phpMyAdmin - Changelog
$Id$ $Id$
$Source$ $Source$
2002-03-17 Lo<4C>c Chapeaux <lolo@phpheaven.net>
* user_details.php3; user_password.php3: no long displays the true password
on screen.
2002-03-16 Lo<4C>c Chapeaux <lolo@phpheaven.net> 2002-03-16 Lo<4C>c Chapeaux <lolo@phpheaven.net>
* header.inc.php3, line 76; main.php3, lines 13-24; lang/*; * header.inc.php3, line 76; main.php3, lines 13-24; lang/*;
libraries/common.lib.php3, lines 146-150 & 367-387: the libraries/common.lib.php3, lines 146-150 & 367-387: the

25
user_details.php3
View File

@@ -1120,13 +1120,16 @@ else if (isset($submit_addUser)) {
unset($list_priv); unset($list_priv);
if (get_magic_quotes_gpc() && $pma_pw != '') { if (get_magic_quotes_gpc() && $pma_pw != '') {
$pma_pw = stripslashes($pma_pw); $pma_pw = stripslashes($pma_pw);
} }
$sql_query = 'INSERT INTO mysql.user ' $local_query = 'INSERT INTO mysql.user '
. 'SET Host = \'' . PMA_sqlAddslashes($host) . '\', User = \'' . PMA_sqlAddslashes($pma_user) . '\', ' . $password_field . ' = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . PMA_sqlAddslashes($pma_pw) . '\')') . 'SET Host = \'' . PMA_sqlAddslashes($host) . '\', User = \'' . PMA_sqlAddslashes($pma_user) . '\', ' . $password_field . ' = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . PMA_sqlAddslashes($pma_pw) . '\')')
. ', ' . $sql_query; . ', ' . $sql_query;
$result = @mysql_query($sql_query) or PMA_mysqlDie('', '', FALSE, $err_url); $sql_query = 'INSERT INTO mysql.user '
. 'SET Host = \'' . PMA_sqlAddslashes($host) . '\', User = \'' . PMA_sqlAddslashes($pma_user) . '\', ' . $password_field . ' = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . ereg_replace('.', '*', $pma_pw) . '\')')
. ', ' . $sql_query;
$result = @mysql_query($local_query) or PMA_mysqlDie('', '', FALSE, $err_url);
unset($host); unset($host);
unset($pma_user); unset($pma_user);
PMA_showMessage($strAddUserMessage . '<br />' . $strRememberReload); PMA_showMessage($strAddUserMessage . '<br />' . $strRememberReload);
@@ -1187,8 +1190,10 @@ else if (isset($submit_updProfile)) {
echo '<p><b>' . $strError . '&nbsp;:&nbsp;' . $strPasswordNotSame . '</b></p>' . "\n"; echo '<p><b>' . $strError . '&nbsp;:&nbsp;' . $strPasswordNotSame . '</b></p>' . "\n";
} }
else { else {
$sql_query = (empty($common_upd) ? '' : $common_upd . ', ') $sql_query = (empty($common_upd) ? '' : $common_upd . ', ')
. $password_field . ' = ' . (($new_pw == '') ? '\'\'' : 'PASSWORD(\'' . PMA_sqlAddslashes($new_pw) . '\')'); . $password_field . ' = ' . (($new_pw == '') ? '\'\'' : 'PASSWORD(\'' . ereg_replace('.', '*', $new_pw) . '\')');
$local_query = (empty($common_upd) ? '' : $common_upd . ', ')
. $password_field . ' = ' . (($new_pw == '') ? '\'\'' : 'PASSWORD(\'' . PMA_sqlAddslashes($new_pw) . '\')');
} }
if (!empty($sql_query)) { if (!empty($sql_query)) {
@@ -1196,9 +1201,9 @@ else if (isset($submit_updProfile)) {
$sql_query_cpy = ''; $sql_query_cpy = '';
// Updates profile // Updates profile
$sql_query = 'UPDATE user SET ' . $sql_query . $common_where; $local_query = 'UPDATE user SET ' . $local_query . $common_where;
$sql_query_cpy = $sql_query; $sql_query_cpy = 'UPDATE user SET ' . $sql_query . $common_where;
$result = @mysql_query($sql_query) or PMA_mysqlDie('', '', FALSE, $err_url . '&amp;host=' . urlencode($host) . '&amp;pma_user=' . urlencode($pma_user) . '&amp;edit=1'); $result = @mysql_query($local_query) or PMA_mysqlDie('', '', FALSE, $err_url . '&amp;host=' . urlencode($host) . '&amp;pma_user=' . urlencode($pma_user) . '&amp;edit=1');
// Updates grants // Updates grants
if (isset($new_server) || isset($new_user)) { if (isset($new_server) || isset($new_user)) {

6
user_password.php3
View File

@@ -49,8 +49,9 @@ if (isset($nopass)) {
$common_url_query = 'lang=' . $lang . '&amp;server=' . $server; $common_url_query = 'lang=' . $lang . '&amp;server=' . $server;
$err_url = 'user_password.php3?' . $common_url_query; $err_url = 'user_password.php3?' . $common_url_query;
$sql_query = 'SET password = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . $pma_pw . '\')'); $sql_query = 'SET password = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . ereg_replace('.', '*', $pma_pw) . '\')');
$result = @mysql_query($sql_query) or PMA_mysqlDie('', '', FALSE, $err_url); $local_query = 'SET password = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . PMA_sqlAddslashes($pma_pw) . '\')');
$result = @mysql_query($local_query) or PMA_mysqlDie('', '', FALSE, $err_url);
// Changes password cookie if required // Changes password cookie if required
if ($cfgServer['auth_type'] == 'cookie') { if ($cfgServer['auth_type'] == 'cookie') {
@@ -65,6 +66,7 @@ if (isset($nopass)) {
// Displays the page // Displays the page
include('./header.inc.php3'); include('./header.inc.php3');
echo '<h1>' . $strChangePassword . '</h1>' . "\n\n"; echo '<h1>' . $strChangePassword . '</h1>' . "\n\n";
$show_query = 'y';
PMA_showMessage(get_magic_quotes_gpc() ? addslashes($strUpdateProfileMessage) : $strUpdateProfileMessage); PMA_showMessage(get_magic_quotes_gpc() ? addslashes($strUpdateProfileMessage) : $strUpdateProfileMessage);
?> ?>
<a href="index.php3?<?php echo $common_url_query . $http_logout; ?>" target="_parent"> <a href="index.php3?<?php echo $common_url_query . $http_logout; ?>" target="_parent">