diff options
-rw-r--r-- | libraries/server_privileges.lib.php | 42 | ||||
-rw-r--r-- | user_password.php | 21 |
2 files changed, 46 insertions, 17 deletions
diff --git a/libraries/server_privileges.lib.php b/libraries/server_privileges.lib.php index e3b1bdb0cc..8669c11013 100644 --- a/libraries/server_privileges.lib.php +++ b/libraries/server_privileges.lib.php @@ -1786,19 +1786,37 @@ function PMA_updatePassword($err_url, $username, $hostname) . 'PASSWORD'; // in $sql_query which will be displayed, hide the password - $sql_query = 'SET PASSWORD FOR \'' - . PMA_Util::sqlAddSlashes($username) - . '\'@\'' . PMA_Util::sqlAddSlashes($hostname) . '\' = ' - . (($_POST['pma_pw'] == '') - ? '\'\'' - : $hashing_function . '(\'' - . preg_replace('@.@s', '*', $_POST['pma_pw']) . '\')'); + if (PMA_Util::getServerType() === 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706) { + $sql_query = 'ALTER USER \'' + . PMA_Util::sqlAddSlashes($username) + . '\'@\'' . PMA_Util::sqlAddSlashes($hostname) . '\' IDENTIFIED BY \'' + . (($_POST['pma_pw'] == '') + ? '\'' + : preg_replace('@.@s', '*', $_POST['pma_pw']) . '\''); + } else { + $sql_query = 'SET PASSWORD FOR \'' + . PMA_Util::sqlAddSlashes($username) + . '\'@\'' . PMA_Util::sqlAddSlashes($hostname) . '\' = ' + . (($_POST['pma_pw'] == '') + ? '\'\'' + : $hashing_function . '(\'' + . preg_replace('@.@s', '*', $_POST['pma_pw']) . '\')'); + } - $local_query = 'SET PASSWORD FOR \'' - . PMA_Util::sqlAddSlashes($username) - . '\'@\'' . PMA_Util::sqlAddSlashes($hostname) . '\' = ' - . (($_POST['pma_pw'] == '') ? '\'\'' : $hashing_function - . '(\'' . PMA_Util::sqlAddSlashes($_POST['pma_pw']) . '\')'); + if (PMA_Util::getServerType() === 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706) { + $local_query = 'ALTER USER \'' + . PMA_Util::sqlAddSlashes($username) + . '\'@\'' . PMA_Util::sqlAddSlashes($hostname) . '\' IDENTIFIED BY \'' + . (($_POST['pma_pw'] == '') + ? '\'' + : PMA_Util::sqlAddSlashes($_POST['pma_pw']) . '\''); + } else { + $local_query = 'SET PASSWORD FOR \'' + . PMA_Util::sqlAddSlashes($username) + . '\'@\'' . PMA_Util::sqlAddSlashes($hostname) . '\' = ' + . (($_POST['pma_pw'] == '') ? '\'\'' : $hashing_function + . '(\'' . PMA_Util::sqlAddSlashes($_POST['pma_pw']) . '\')'); + } $GLOBALS['dbi']->tryQuery($local_query) or PMA_Util::mysqlDie( diff --git a/user_password.php b/user_password.php index c9313fc500..44dbc37637 100644 --- a/user_password.php +++ b/user_password.php @@ -131,8 +131,13 @@ function PMA_changePassword($password, $message, $change_password_message) global $auth_plugin; $hashing_function = PMA_changePassHashingFunction(); - $sql_query = 'SET password = ' - . (($password == '') ? '\'\'' : $hashing_function . '(\'***\')'); + if (PMA_Util::getServerType() === 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706) { + $sql_query = 'ALTER USER USER() IDENTIFIED BY ' + . (($password == '') ? '\'\'' : '\'***\''); + } else { + $sql_query = 'SET password = ' + . (($password == '') ? '\'\'' : $hashing_function . '(\'***\')'); + } PMA_changePassUrlParamsAndSubmitQuery( $password, $sql_query, $hashing_function ); @@ -170,9 +175,15 @@ function PMA_changePassUrlParamsAndSubmitQuery( $password, $sql_query, $hashing_function ) { $err_url = 'user_password.php' . PMA_URL_getCommon(); - $local_query = 'SET password = ' . (($password == '') - ? '\'\'' - : $hashing_function . '(\'' . PMA_Util::sqlAddSlashes($password) . '\')'); + if (PMA_Util::getServerType() === 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706) { + $local_query = 'ALTER USER USER() IDENTIFIED BY ' . (($password == '') + ? '\'\'' + : '\'' . PMA_Util::sqlAddSlashes($password) . '\''); + } else { + $local_query = 'SET password = ' . (($password == '') + ? '\'\'' + : $hashing_function . '(\'' . PMA_Util::sqlAddSlashes($password) . '\')'); + } if (! @$GLOBALS['dbi']->tryQuery($local_query)) { PMA_Util::mysqlDie($GLOBALS['dbi']->getError(), $sql_query, false, $err_url); } |