Refactor user_password functions to static methods

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>

1 files changed, 6 insertions, 235 deletions

diff --git a/user_password.php b/user_password.php
index 7eaba6db7c..e51f887f97 100644
--- a/user_password.php
+++ b/user_password.php
@@ -7,11 +7,10 @@
  * @package PhpMyAdmin
  */
 
-use PhpMyAdmin\Core;
 use PhpMyAdmin\Display\ChangePassword;
+use PhpMyAdmin\Message;
 use PhpMyAdmin\Response;
-use PhpMyAdmin\Server\Privileges;
-use PhpMyAdmin\Url;
+use PhpMyAdmin\UserPassword;
 
 /**
  * Gets some core libraries
@@ -32,7 +31,7 @@ if (! $GLOBALS['cfg']['ShowChgPassword']) {
     $GLOBALS['cfg']['ShowChgPassword'] = $GLOBALS['dbi']->selectDb('mysql');
 }
 if ($cfg['Server']['auth_type'] == 'config' || ! $cfg['ShowChgPassword']) {
-    PhpMyAdmin\Message::error(
+    Message::error(
         __('You don\'t have sufficient privileges to be here right now!')
     )->display();
     exit;
@@ -48,12 +47,12 @@ if (isset($_REQUEST['nopass'])) {
     } else {
         $password = $_REQUEST['pma_pw'];
     }
-    $change_password_message = PMA_setChangePasswordMsg();
+    $change_password_message = UserPassword::setChangePasswordMsg();
     $msg = $change_password_message['msg'];
     if (! $change_password_message['error']) {
-        PMA_changePassword($password, $msg, $change_password_message);
+        UserPassword::changePassword($password, $msg, $change_password_message);
     } else {
-        PMA_getChangePassMessage($change_password_message);
+        UserPassword::getChangePassMessage($change_password_message);
     }
 }
 
@@ -70,231 +69,3 @@ if (isset($msg)) {
 
 echo ChangePassword::getHtml('change_pw', $username, $hostname);
 exit;
-
-/**
- * Send the message as an ajax request
- *
- * @param array  $change_password_message Message to display
- * @param string $sql_query               SQL query executed
- *
- * @return void
- */
-function PMA_getChangePassMessage($change_password_message, $sql_query = '')
-{
-    $response = Response::getInstance();
-    if ($response->isAjax()) {
-        /**
-         * If in an Ajax request, we don't need to show the rest of the page
-         */
-        if ($change_password_message['error']) {
-            $response->addJSON('message', $change_password_message['msg']);
-            $response->setRequestStatus(false);
-        } else {
-            $sql_query = PhpMyAdmin\Util::getMessage(
-                $change_password_message['msg'],
-                $sql_query,
-                'success'
-            );
-            $response->addJSON('message', $sql_query);
-        }
-        exit;
-    }
-}
-
-/**
- * Generate the message
- *
- * @return array   error value and message
- */
-function PMA_setChangePasswordMsg()
-{
-    $error = false;
-    $message = PhpMyAdmin\Message::success(__('The profile has been updated.'));
-
-    if (($_REQUEST['nopass'] != '1')) {
-        if (strlen($_REQUEST['pma_pw']) === 0 || strlen($_REQUEST['pma_pw2']) === 0) {
-            $message = PhpMyAdmin\Message::error(__('The password is empty!'));
-            $error = true;
-        } elseif ($_REQUEST['pma_pw'] !== $_REQUEST['pma_pw2']) {
-            $message = PhpMyAdmin\Message::error(
-                __('The passwords aren\'t the same!')
-            );
-            $error = true;
-        } elseif (strlen($_REQUEST['pma_pw']) > 256) {
-            $message = PMA_Message::error(__('Password is too long!'));
-            $error = true;
-        }
-    }
-    return array('error' => $error, 'msg' => $message);
-}
-
-/**
- * Change the password
- *
- * @param string $password                New password
- * @param string $message                 Message
- * @param array  $change_password_message Message to show
- *
- * @return void
- */
-function PMA_changePassword($password, $message, $change_password_message)
-{
-    global $auth_plugin;
-
-    $hashing_function = PMA_changePassHashingFunction();
-
-    list($username, $hostname) = $GLOBALS['dbi']->getCurrentUserAndHost();
-
-    $serverType = PhpMyAdmin\Util::getServerType();
-    $serverVersion = $GLOBALS['dbi']->getVersion();
-
-    if (isset($_REQUEST['authentication_plugin'])
-        && ! empty($_REQUEST['authentication_plugin'])
-    ) {
-        $orig_auth_plugin = $_REQUEST['authentication_plugin'];
-    } else {
-        $orig_auth_plugin = Privileges::getCurrentAuthenticationPlugin(
-            'change', $username, $hostname
-        );
-    }
-
-    $sql_query = 'SET password = '
-        . (($password == '') ? '\'\'' : $hashing_function . '(\'***\')');
-
-    if ($serverType == 'MySQL'
-        && $serverVersion >= 50706
-    ) {
-        $sql_query = 'ALTER USER \'' . $username . '\'@\'' . $hostname
-            . '\' IDENTIFIED WITH ' . $orig_auth_plugin . ' BY '
-            . (($password == '') ? '\'\'' : '\'***\'');
-    } else if (($serverType == 'MySQL'
-        && $serverVersion >= 50507)
-        || ($serverType == 'MariaDB'
-        && $serverVersion >= 50200)
-    ) {
-        // For MySQL versions 5.5.7+ and MariaDB versions 5.2+,
-        // explicitly set value of `old_passwords` so that
-        // it does not give an error while using
-        // the PASSWORD() function
-        if ($orig_auth_plugin == 'sha256_password') {
-            $value = 2;
-        } else {
-            $value = 0;
-        }
-        $GLOBALS['dbi']->tryQuery('SET `old_passwords` = ' . $value . ';');
-    }
-
-    PMA_changePassUrlParamsAndSubmitQuery(
-        $username, $hostname, $password,
-        $sql_query, $hashing_function, $orig_auth_plugin
-    );
-
-    $auth_plugin->handlePasswordChange($password);
-    PMA_getChangePassMessage($change_password_message, $sql_query);
-    PMA_changePassDisplayPage($message, $sql_query);
-}
-
-/**
- * Generate the hashing function
- *
- * @return string  $hashing_function
- */
-function PMA_changePassHashingFunction()
-{
-    if (Core::isValid(
-        $_REQUEST['authentication_plugin'], 'identical', 'mysql_old_password'
-    )) {
-        $hashing_function = 'OLD_PASSWORD';
-    } else {
-        $hashing_function = 'PASSWORD';
-    }
-    return $hashing_function;
-}
-
-/**
- * Changes password for a user
- *
- * @param string $username         Username
- * @param string $hostname         Hostname
- * @param string $password         Password
- * @param string $sql_query        SQL query
- * @param string $hashing_function Hashing function
- * @param string $orig_auth_plugin Original Authentication Plugin
- *
- * @return void
- */
-function PMA_changePassUrlParamsAndSubmitQuery(
-    $username, $hostname, $password, $sql_query, $hashing_function, $orig_auth_plugin
-) {
-    $err_url = 'user_password.php' . Url::getCommon();
-
-    $serverType = PhpMyAdmin\Util::getServerType();
-    $serverVersion = $GLOBALS['dbi']->getVersion();
-
-    if ($serverType == 'MySQL' && $serverVersion >= 50706) {
-        $local_query = 'ALTER USER \'' . $username . '\'@\'' . $hostname . '\''
-            . ' IDENTIFIED with ' . $orig_auth_plugin . ' BY '
-            . (($password == '')
-            ? '\'\''
-            : '\'' . $GLOBALS['dbi']->escapeString($password) . '\'');
-    } else if ($serverType == 'MariaDB'
-        && $serverVersion >= 50200
-        && $serverVersion < 100100
-        && $orig_auth_plugin !== ''
-    ) {
-        if ($orig_auth_plugin == 'mysql_native_password') {
-            // Set the hashing method used by PASSWORD()
-            // to be 'mysql_native_password' type
-            $GLOBALS['dbi']->tryQuery('SET old_passwords = 0;');
-        } else if ($orig_auth_plugin == 'sha256_password') {
-            // Set the hashing method used by PASSWORD()
-            // to be 'sha256_password' type
-            $GLOBALS['dbi']->tryQuery('SET `old_passwords` = 2;');
-        }
-
-        $hashedPassword = Privileges::getHashedPassword($_POST['pma_pw']);
-
-        $local_query = "UPDATE `mysql`.`user` SET"
-            . " `authentication_string` = '" . $hashedPassword
-            . "', `Password` = '', "
-            . " `plugin` = '" . $orig_auth_plugin . "'"
-            . " WHERE `User` = '" . $username . "' AND Host = '"
-            . $hostname . "';";
-    } else {
-        $local_query = 'SET password = ' . (($password == '')
-            ? '\'\''
-            : $hashing_function . '(\''
-                . $GLOBALS['dbi']->escapeString($password) . '\')');
-    }
-    if (! @$GLOBALS['dbi']->tryQuery($local_query)) {
-        PhpMyAdmin\Util::mysqlDie(
-            $GLOBALS['dbi']->getError(),
-            $sql_query,
-            false,
-            $err_url
-        );
-    }
-
-    // Flush privileges after successful password change
-    $GLOBALS['dbi']->tryQuery("FLUSH PRIVILEGES;");
-}
-
-/**
- * Display the page
- *
- * @param string $message   Message
- * @param string $sql_query SQL query
- *
- * @return void
- */
-function PMA_changePassDisplayPage($message, $sql_query)
-{
-    echo '<h1>' , __('Change password') , '</h1>' , "\n\n";
-    echo PhpMyAdmin\Util::getMessage(
-        $message, $sql_query, 'success'
-    );
-    echo '<a href="index.php' , Url::getCommon()
-        , ' target="_parent">' , "\n"
-        , '<strong>' , __('Back') , '</strong></a>';
-    exit;
-}