patch #525250 - Added 'Change Password' to phpMyAdmin, thanks to Taco Scargo

ChangeLog

@@ -5,6 +5,12 @@ phpMyAdmin - Changelog
 $Id$
 $Source$
 
+2002-03-09 Lo<4C>c Chapeaux  <lolo@phpheaven.net>
+	* config.inc.php3, lines 127-130; Documentation.html, lines 677-701;
+	  main.php3; user_password.php3 (new script); lang/*;
+	  libraries/user_details.js: patch #525250 - Added 'Change Password' to
+	  phpMyAdmin, thanks to Taco Scargo <tscargo at users.sourceforge.net>.
+
 2002-03-08 Lo<4C>c Chapeaux  <lolo@phpheaven.net>
 	* Documentation.html: little changes (<tt> is for code, <i> for pathes,
 	  quotations...).

Documentation.html

@@ -677,18 +677,26 @@
     <dt>
         <b>$cfgShowMysqlInfo </b>boolean<br />
         <b>$cfgShowMysqlVars </b>boolean<br />
-        <b>$cfgShowPhpInfo </b>boolean
+        <b>$cfgShowPhpInfo </b>boolean<br />
+        <b>$cfgShowChgPassword </b>boolean
     </dt>
     <dd>
         Defines whether to display the &quot;MySQL runtime information&quot;,
-        &quot;MySQL system variables&quot; and &quot;PHP information&quot;
-        links or not for simple users at the starting main (right) frame.
-        This setting does not check MySQL commands entered directly.
+        &quot;MySQL system variables&quot;, &quot;PHP information&quot; and
+        &quot;Change password &quot; links or not for simple users at the
+        starting main (right) frame. This setting does not check MySQL commands
+        entered directly.
         <br /><br />
 
         Please note that to block the usage of phpinfo() in scripts, you
         have to put this in your php.ini:<br />
-        <tt>disable_functions = phpinfo()</tt>
+        &nbsp;&nbsp;&nbsp;&nbsp;<tt>disable_functions = phpinfo()</tt>
+        <br /><br />
+
+        Also note that enabling the &quot;Change password &quot; link has no
+        effect with &quot;config&quot; authentication mode: because of the hard
+        coded password value in the configuration file, end users can't be
+        allowed to change their passwords.
         <br /><br />
     </dd>
 

config.inc.php3

@@ -125,8 +125,9 @@ $cfgLeftFrameLight        = TRUE;   // use a select-based menu and display only
 
 // In the main frame, at startup...
 $cfgShowMysqlInfo         = FALSE;  // whether to display the "MySQL runtime
-$cfgShowMysqlVars         = FALSE;  // information", "MySQL system variables" and "PHP
-$cfgShowPhpInfo           = FALSE;  // information" links for simple users or not
+$cfgShowMysqlVars         = FALSE;  // information", "MySQL system variables", "PHP
+$cfgShowPhpInfo           = FALSE;  // information" and "change password" links for
+$cfgShowChgPassword       = FALSE;  // simple users or not
 
 // In browse mode...
 $cfgShowBlob              = FALSE;  // display blob field contents

lang/arabic.inc.php3

@@ -340,6 +340,7 @@ $strZip = '"zipped" "
 
 // To translate
 $strCardinality = 'Cardinality';
+$strChangePassword = 'Change password';
 $strCookiesRequired = 'Cookies must be enabled past this point.';
 $strLogin = 'Login';
 $strLogPassword = 'Password:';

lang/brazilian_portuguese.inc.php3

@@ -301,6 +301,7 @@ $strYes = 'Sim';
 $strAfterInsertBack = 'Return';
 $strAfterInsertNewInsert = 'Insert a new record';
 $strBookmarkDeleted = 'The bookmark has been deleted.';
+$strChangePassword = 'Change password';
 $strCookiesRequired = 'Cookies must be enabled past this point.';
 $strCopyTable = 'Copy table to (database<b>.</b>table):';
 $strDatabaseHasBeenDropped = 'Database %s has been dropped.';  //to translate

lang/bulgarian-koi8.inc.php3

@@ -346,5 +346,6 @@ $strYes = '
 $strZip = '"zip-<2D><><EFBFBD><EFBFBD>"';
 
 // To translate
+$strChangePassword = 'Change password';
 $strDatabaseWildcard = 'Database (wildcards allowed):';  //to translate
 ?>

lang/bulgarian-win1251.inc.php3

@@ -346,5 +346,6 @@ $strYes = '
 $strZip = '"zip-<2D><><EFBFBD><EFBFBD>"';
 
 // To translate
+$strChangePassword = 'Change password';
 $strDatabaseWildcard = 'Database (wildcards allowed):';  //to translate
 ?>

lang/catala.inc.php3

@@ -346,4 +346,5 @@ $strYes = 'Si';
 $strZip = '"comprimit amb zip"';
 
 // To translate
+$strChangePassword = 'Change password';
 ?>

lang/chinese_big5.inc.php3

@@ -347,5 +347,6 @@ $strYes = '
 $strZip = '"zipped"';
 
 // To translate
+$strChangePassword = 'Change password';
 $strDatabaseWildcard = 'Database (wildcards allowed):';  //to translate
 ?>

lang/chinese_gb.inc.php3

@@ -269,6 +269,7 @@ $strAfterInsertNewInsert = 'Insert a new record';
 $strAnIndex = 'An index has been added on %s';//to translate
 $strAPrimaryKey = 'A primary key has been added on %s';//to translate
 $strBookmarkDeleted = 'The bookmark has been deleted.';
+$strChangePassword = 'Change password';
 $strCookiesRequired = 'Cookies must be enabled past this point.';
 $strCopyTable = 'Copy table to (database<b>.</b>table):';
 $strDatabaseHasBeenDropped = 'Database %s has been dropped.';  //to translate

lang/czech-iso.inc.php3

@@ -344,6 +344,8 @@ $strWrongUser = '
 $strYes = 'Ano';
 
 $strZip = '"zazipov<6F>no"';
-// To translate
 
+
+// To translate
+$strChangePassword = 'Change password';
 ?>

lang/czech-win1250.inc.php3

@@ -345,7 +345,8 @@ $strYes = 'Ano';
 
 $strZip = '"zazipov<6F>no"';
 
-// To translate
 
+// To translate
+$strChangePassword = 'Change password';
 ?>
 

lang/danish.inc.php3

@@ -339,6 +339,7 @@ $strZip = '"zipped"'; //to translate
 // To translate
 $strAddToIndex = 'Add to index  %s column(s)';
 $strCantRenameIdxToPrimary = 'Can\'t rename index to PRIMARY!';
+$strChangePassword = 'Change password';
 $strCreateIndex = 'Create an index on %s columns';
 $strNoIndexPartsDefined = 'No index parts defined!';
 $strPrimaryKeyWarning = '("PRIMARY" <b>must</b> be the name of and <b>only of</b> a primary key!)';

lang/dutch.inc.php3

@@ -286,6 +286,7 @@ $strAnIndex = 'An index has been added on %s';//to translate
 $strAPrimaryKey = 'A primary key has been added on %s';//to translate
 $strBookmarkDeleted = 'The bookmark has been deleted.';
 $strBzip = '"bzipped"'; //to translate
+$strChangePassword = 'Change password';
 $strCookiesRequired = 'Cookies must be enabled past this point.';
 $strCopyTable = 'Copy table to (database<b>.</b>table):';
 $strDatabaseHasBeenDropped = 'Database %s has been dropped.';  //to translate

lang/english.inc.php3

@@ -64,6 +64,7 @@ $strCantRenameIdxToPrimary = 'Can\'t rename index to PRIMARY!';
 $strCardinality = 'Cardinality';
 $strCarriage = 'Carriage return: \\r';
 $strChange = 'Change';
+$strChangePassword = 'Change password';
 $strCheckAll = 'Check All';
 $strCheckDbPriv = 'Check Database Privileges';
 $strCheckTable = 'Check table';

lang/finnish.inc.php3

@@ -350,4 +350,5 @@ $strYes = 'Kyll
 $strZip = '"zip-pakattu"';
 
 // To translate
+$strChangePassword = 'Change password';
 ?>

lang/french.inc.php3

@@ -64,6 +64,7 @@ $strCantRenameIdxToPrimary = 'La clef ne peut
 $strCardinality = 'Cardinalit<69>';
 $strCarriage = 'Retour de chariot : \\r';
 $strChange = 'Modifier';
+$strChangePassword = 'Modifier le mot de passe';
 $strCheckAll = 'Tout cocher';
 $strCheckDbPriv = 'Afficher les privil<69>ges sur';
 $strCheckTable = 'V<>rifier la table';

lang/galician.inc.php3

@@ -347,6 +347,7 @@ $strZip = 'comprimido no formato "zipped"';
 
 // To translate
 $strCardinality = 'Cardinality';
+$strChangePassword = 'Change password';
 $strLogin = 'Login';
 $strLogPassword = 'Password:';
 $strLogUsername = 'Username:';

lang/german.inc.php3

@@ -346,5 +346,5 @@ $strYes = 'Ja';
 $strZip = '"Zip komprimiert"';
 
 // To translate
-
+$strChangePassword = 'Change password';
 ?>

lang/greek.inc.php3

@@ -293,6 +293,7 @@ $strAfterInsertNewInsert = 'Insert a new record';
 $strAPrimaryKey = 'A primary key has been added on %s';//to translate
 $strAnIndex = 'An index has been added on %s';//to translate
 $strBookmarkDeleted = 'The bookmark has been deleted.';
+$strChangePassword = 'Change password';
 $strCookiesRequired = 'Cookies must be enabled past this point.';
 $strCopyTable = 'Copy table to (database<b>.</b>table):';
 $strDatabaseHasBeenDropped = 'Database %s has been dropped.';  //to translate

lang/hebrew.inc.php3

@@ -346,4 +346,5 @@ $strYes = '
 $strZip = '"Zipped"';
 
 // To translate
+$strChangePassword = 'Change password';
 ?>

lang/hungarian.inc.php3

@@ -347,4 +347,5 @@ $strYes = 'Igen';
 $strZip = '"zippel t<>m<EFBFBD>r<EFBFBD>tve"';
 
 // To translate
+$strChangePassword = 'Change password';
 ?>

lang/italian.inc.php3

@@ -349,4 +349,5 @@ $strZip = '"compresso con zip"';
 
 
 // To translate
+$strChangePassword = 'Change password';
 ?>

lang/japanese-euc.inc.php3

@@ -350,5 +350,6 @@ $strKanjiEncodConvert = '
 $strXkana = '<27><><EFBFBD>ѥ<EFBFBD><D1A5>ʤ<EFBFBD><CAA4>Ѵ<EFBFBD><D1B4><EFBFBD><EFBFBD><EFBFBD>'; // convert to X208-kana
 
 // To translate
+$strChangePassword = 'Change password';
 $strDatabaseWildcard = 'Database (wildcards allowed):';  //to translate
 ?>

lang/japanese-sjis.inc.php3

@@ -350,5 +350,6 @@ $strKanjiEncodConvert = '
 $strXkana = '<27>S<EFBFBD>p<EFBFBD>J<EFBFBD>i<EFBFBD>֕ϊ<D695><CF8A><EFBFBD><EFBFBD><EFBFBD>'; // convert to X208-kana
 
 // To translate
+$strChangePassword = 'Change password';
 $strDatabaseWildcard = 'Database (wildcards allowed):';  //to translate
 ?>

lang/korean.inc.php3

@@ -268,6 +268,7 @@ $strAfterInsertNewInsert = 'Insert a new record';
 $strAnIndex = 'An index has been added on %s';//to translate
 $strAPrimaryKey = 'A primary key has been added on %s';//to translate
 $strBookmarkDeleted = 'The bookmark has been deleted.';
+$strChangePassword = 'Change password';
 $strCookiesRequired = 'Cookies must be enabled past this point.';
 $strCopyTable = 'Copy table to (database<b>.</b>table):';
 $strDatabaseHasBeenDropped = 'Database %s has been dropped.';  //to translate

lang/norwegian.inc.php3

@@ -345,4 +345,5 @@ $strYes = 'Ja';
 $strZip = '"komprimert (zip)"';
 
 // To translate
+$strChangePassword = 'Change password';
 ?>

lang/polish.inc.php3

@@ -346,4 +346,5 @@ $strYes = 'Tak';
 $strZip = '".zip"';
 
 // To translate
+$strChangePassword = 'Change password';
 ?>

lang/portuguese.inc.php3

@@ -343,6 +343,7 @@ $strYes = 'Sim';
 
 // To translate
 $strBzip = '"bzipped"';  //to translate
+$strChangePassword = 'Change password';
 $strGzip = '"gzipped"';  //to translate
 $strHomepageSourceforge = 'Sourceforge phpMyAdmin Download Page'; //to translate
 $strZip = '"zipped"';  //to translate

lang/romanian.inc.php3

@@ -346,5 +346,6 @@ $strYes = 'Da';
 $strZip = '"zipped"';
 
 // To translate
+$strChangePassword = 'Change password';
 $strDatabaseWildcard = 'Database (wildcards allowed):';  //to translate
 ?>

lang/russian-koi8.inc.php3

@@ -345,5 +345,6 @@ $strYes = '
 $strZip = '<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> "zip"';
 
 // To translate
+$strChangePassword = 'Change password';
 $strDatabaseWildcard = 'Database (wildcards allowed):';  //to translate
 ?>

lang/russian-win1251.inc.php3

@@ -345,5 +345,6 @@ $strYes = '
 $strZip = '<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> "zip"';
 
 // To translate
+$strChangePassword = 'Change password';
 $strDatabaseWildcard = 'Database (wildcards allowed):';  //to translate
 ?>

lang/slovak-iso.inc.php3

@@ -349,4 +349,5 @@ $strZip = '"zo zipovan
 
 
 // To translate
+$strChangePassword = 'Change password';
 ?>

lang/slovak-win1250.inc.php3

@@ -345,6 +345,6 @@ $strZip = '"zozipovan
 
 
 // To translate
-
+$strChangePassword = 'Change password';
 $strDatabaseWildcard = 'Database (wildcards allowed):';  //to translate
 ?>

lang/spanish.inc.php3

@@ -318,6 +318,7 @@ $strYes = 'Si';
 // To translate
 $strAfterInsertBack = 'Return';
 $strBzip = '"bzipped"';
+$strChangePassword = 'Change password';
 $strFlushTable = 'Flush the table ("FLUSH")';
 $strFullText = 'Full Texts';
 $strGzip = '"gzipped"';

lang/swedish.inc.php3

@@ -346,4 +346,5 @@ $strYes = 'Ja';
 $strZip = '"zippad"';
 
 // To translate
+$strChangePassword = 'Change password';
 ?>

lang/thai.inc.php3

@@ -268,6 +268,7 @@ $strAfterInsertNewInsert = 'Insert a new record';
 $strAnIndex = 'An index has been added on %s';//to translate
 $strAPrimaryKey = 'A primary key has been added on %s';//to translate
 $strBookmarkDeleted = 'The bookmark has been deleted.';
+$strChangePassword = 'Change password';
 $strCookiesRequired = 'Cookies must be enabled past this point.';
 $strCopyTable = 'Copy table to (database<b>.</b>table):';
 $strDatabaseHasBeenDropped = 'Database %s has been dropped.';  //to translate

lang/turkish.inc.php3

@@ -346,4 +346,5 @@ $strYes = 'Evet';
 $strZip = '"ziplenmi<6D>"';
 
 // To translate
+$strChangePassword = 'Change password';
 ?>

lang/ukrainian-win1251.inc.php3

@@ -345,5 +345,6 @@ $strYes = '
 $strZip = '<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> "zip"';
 
 // To translate
+$strChangePassword = 'Change password';
 $strDatabaseWildcard = 'Database (wildcards allowed):';  //to translate
 ?>

libraries/user_details.js

@@ -11,7 +11,7 @@
 function checkPassword(the_form)
 {
     // Gets the elements pointers
-    if (the_form.name == 'addUserForm') {
+    if (the_form.name == 'addUserForm' || the_form.name == 'chgPassword') {
         var pswd_index = 1;
         var pswd1_name = 'pma_pw';
         var pswd2_name = 'pma_pw2';

main.php3

@@ -212,10 +212,20 @@ if ($server > 0) {
 
     $common_url_query = 'lang=' . $lang . '&server=' . $server;
 
+    if ($is_superuser) {
+        $cfgShowMysqlInfo   = TRUE;
+        $cfgShowMysqlVars   = TRUE;
+        $cfgShowChgPassword = TRUE;
+    }
+    if ($cfgServer['auth_type'] == 'config') {
+        $cfgShowChgPassword = FALSE;
+    }
+
     // loic1: Displays the MySQL column only if at least one feature has to be
     //        displayed
     if ($is_superuser || $is_create_priv || $is_process_priv || $is_reload_priv
-        || $cfgShowMysqlInfo || $cfgShowMysqlVars || $cfgServer['auth_type'] != 'config') {
+        || $cfgShowMysqlInfo || $cfgShowMysqlVars || $cfgShowChgPassword
+        || $cfgServer['auth_type'] != 'config') {
         ?>
     <!-- MySQL server related links -->
     <td valign="top" align="<?php echo $cell_align_left; ?>">
@@ -250,7 +260,7 @@ if ($server > 0) {
         ?>
         <!-- server-related links -->
         <?php
-        if ($is_superuser || $cfgShowMysqlInfo) {
+        if ($cfgShowMysqlInfo) {
             echo "\n";
             ?>
         <tr>
@@ -263,7 +273,7 @@ if ($server > 0) {
         </tr>
             <?php
         } // end if
-        if ($is_superuser || $cfgShowMysqlVars) {
+        if ($cfgShowMysqlVars) {
             echo "\n";
             ?>
         <tr>
@@ -331,6 +341,20 @@ if ($server > 0) {
             }
         }
 
+        // Change password (needs another message)
+        if ($cfgShowChgPassword) {
+            echo "\n";
+            ?>
+        <tr>
+            <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
+            <td>
+                <a href="user_password.php3?<?php echo $common_url_query; ?>">
+                    <?php echo ($strChangePassword); ?></a>
+            </td>
+        </tr>
+            <?php
+        } // end if
+
         // Logout for advanced authentication
         if ($cfgServer['auth_type'] != 'config') {
             $http_logout = ($cfgServer['auth_type'] == 'http')

user_password.php3

@@ -0,0 +1,131 @@
+<?php
+/* $Id$ */
+
+
+/**
+ * Gets some core libraries
+ */
+require('./libraries/grab_globals.lib.php3');
+require('./libraries/common.lib.php3');
+
+
+/**
+ * Displays an error message and exits if the user isn't allowed to use this
+ * script
+ */
+if ($cfgServer['auth_type'] == 'config' || !$cfgShowChgPassword) {
+    include('./header.inc.php3');
+    echo '<p><b>' . $strError . '</b></p>' . "\n";
+    echo '<p>&nbsp;&nbsp;&nbsp;&nbsp;' .  $strNoRights . '</p>' . "\n";
+    include('./footer.inc.php3');
+    exit();
+} // end if
+
+
+/**
+ * If the "change password" form has been submitted, checks for valid values
+ * and submit the query or logout
+ */
+if (isset($nopass)) {
+    $error_msg = '';
+
+    if ($nopass == 0 && isset($pma_pw) && isset($pma_pw2)) {
+        if ($pma_pw != $pma_pw2) {
+        	$error_msg = $strPasswordNotSame;
+        }
+        if (empty($pma_pw) || empty($pma_pw2)) {
+        	$error_msg = $strPasswordEmpty;
+        }
+    } // end if
+
+    // here $nopass could be == 1
+    if (empty($error_msg)) {
+
+        if (get_magic_quotes_gpc() && $pma_pw != '') {
+            $pma_pw = stripslashes($pma_pw);
+        }
+
+        // Defines the url to return to in case of error in the sql statement
+        $common_url_query = 'lang=' . $lang . '&amp;server=' . $server;
+        $err_url          = 'user_password.php3?' . $common_url_query;
+
+        $sql_query        = 'SET password = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . $pma_pw . '\')');
+        $result           = @mysql_query($sql_query) or PMA_mysqlDie('', '', FALSE, $err_url);
+
+        // Changes password cookie if required
+        if ($cfgServer['auth_type'] == 'cookie') {
+            setcookie('pma_cookie_password', $pma_pw, 0, $cookie_path, '', $is_https);
+        } // end if
+        // For http auth. mode, the "back" link will also enforce new
+        // authentication
+        $http_logout = ($cfgServer['auth_type'] == 'http')
+                     ? '&amp;old_usr=relog'
+                     : '';
+
+        // Displays the page
+        include('./header.inc.php3');
+        echo '<h1>' . $strChangePassword . '</h1>' . "\n\n";
+        PMA_showMessage(get_magic_quotes_gpc() ? addslashes($strUpdateProfileMessage) : $strUpdateProfileMessage);
+        ?>
+        <a href="index.php3?<?php echo $common_url_query . $http_logout; ?>" target="_parent">
+            <b><?php echo $strBack; ?></b></a>
+        <?php
+        exit();
+    } // end if
+} // end if 
+
+
+/**
+ * If the "change password" form hasn't been submitted or the values submitted
+ * aren't valid -> displays the form
+ */
+// Loads the headers
+$js_to_run = 'user_details.js';
+require('./header.inc.php3');
+echo '<h1>' . $strChangePassword . '</h1>' . "\n\n";
+
+// Displays an error message if required
+if (!empty($error_msg)) {
+    echo '<p><b>' . $strError . '&nbsp;:&nbsp;' . $error_msg . '</b></p>' . "\n";
+}
+
+// Displays the form
+?>
+<form method="post" action="./user_password.php3" name="chgPassword" onsubmit="return checkPassword(this)">
+    <table border="0">
+    <tr>
+        <td colspan="2">
+            <input type="radio" name="nopass" value="1" onclick="pma_pw.value = ''; pma_pw2.value = ''" />
+            <?php echo $GLOBALS['strNoPassword'] . "\n"; ?>
+        </td>
+    </tr>
+    <tr>
+        <td>
+            <input type="radio" name="nopass" value="0" checked="checked " />
+            <?php echo $GLOBALS['strPassword']; ?>&nbsp;:&nbsp;
+        </td>
+        <td>
+            <input type="password" name="pma_pw" size="10" onchange="nopass[1].checked = true" />
+            &nbsp;&nbsp;
+            <?php echo $GLOBALS['strReType']; ?>&nbsp;:&nbsp;
+            <input type="password" name="pma_pw2" size="10" onchange="nopass[1].checked = true" />
+        </td>
+    </tr>
+    <tr>
+        <td colspan="2">&nbsp;</td>
+    </tr>
+    <tr>
+        <td colspan="2">
+            <input type="submit" value="<?php echo($strChange); ?>" />
+        </td>
+    </tr>
+    </table>
+</form>
+
+<?php
+/**
+ * Displays the footer
+ */
+echo "\n";
+require('./footer.inc.php3');
+?>