1<?php 2/* vim: set expandtab sw=4 ts=4 sts=4: */ 3/** 4 * Displays form for password change 5 * 6 * @package PhpMyAdmin 7 */ 8namespace PhpMyAdmin\Display; 9 10use PhpMyAdmin\Message; 11use PhpMyAdmin\Server\Privileges; 12use PhpMyAdmin\Url; 13use PhpMyAdmin\Util; 14 15/** 16 * Displays form for password change 17 * 18 * @package PhpMyAdmin 19 */ 20class ChangePassword 21{ 22 /** 23 * Get HTML for the Change password dialog 24 * 25 * @param string $mode where is the function being called? 26 * values : 'change_pw' or 'edit_other' 27 * @param string $username username 28 * @param string $hostname hostname 29 * 30 * @return string html snippet 31 */ 32 public static function getHtml($mode, $username, $hostname) 33 { 34 /** 35 * autocomplete feature of IE kills the "onchange" event handler and it 36 * must be replaced by the "onpropertychange" one in this case 37 */ 38 $chg_evt_handler = 'onchange'; 39 40 $is_privileges = basename($_SERVER['SCRIPT_NAME']) === 'server_privileges.php'; 41 42 $html = '<form method="post" id="change_password_form" ' 43 . 'action="' . basename($GLOBALS['PMA_PHP_SELF']) . '" ' 44 . 'name="chgPassword" ' 45 . 'class="' . ($is_privileges ? 'submenu-item' : '') . '">'; 46 47 $html .= Url::getHiddenInputs(); 48 49 if (strpos($GLOBALS['PMA_PHP_SELF'], 'server_privileges') !== false) { 50 $html .= '<input type="hidden" name="username" ' 51 . 'value="' . htmlspecialchars($username) . '" />' 52 . '<input type="hidden" name="hostname" ' 53 . 'value="' . htmlspecialchars($hostname) . '" />'; 54 } 55 $html .= '<fieldset id="fieldset_change_password">' 56 . '<legend' 57 . ($is_privileges 58 ? ' data-submenu-label="' . __('Change password') . '"' 59 : '' 60 ) 61 . '>' . __('Change password') . '</legend>' 62 . '<table class="data noclick">' 63 . '<tr>' 64 . '<td colspan="2">' 65 . '<input type="radio" name="nopass" value="1" id="nopass_1" ' 66 . 'onclick="pma_pw.value = \'\'; pma_pw2.value = \'\'; ' 67 . 'this.checked = true" />' 68 . '<label for="nopass_1">' . __('No Password') . '</label>' 69 . '</td>' 70 . '</tr>' 71 . '<tr class="vmiddle">' 72 . '<td>' 73 . '<input type="radio" name="nopass" value="0" id="nopass_0" ' 74 . 'onclick="document.getElementById(\'text_pma_change_pw\').focus();" ' 75 . 'checked="checked" />' 76 . '<label for="nopass_0">' . __('Password:') . ' </label>' 77 . '</td>' 78 . '<td>' 79 . __('Enter:') . '  ' 80 . '<input type="password" name="pma_pw" id="text_pma_change_pw" size="10" ' 81 . 'class="textfield"' 82 . 'onkeyup="checkPasswordStrength($(this).val(), $(\'#change_password_strength_meter\'), meter_obj_label = $(\'#change_password_strength\'), PMA_commonParams.get(\'user\'));" ' 83 . $chg_evt_handler . '="nopass[1].checked = true" />' 84 . '<span>Strength:</span> ' 85 . '<meter max="4" id="change_password_strength_meter" name="pw_meter"></meter> ' 86 . '<span id="change_password_strength" name="pw_strength">Good</span>' 87 . '<br>' . __('Re-type:') . ' ' 88 . '<input type="password" name="pma_pw2" id="text_pma_change_pw2" size="10" ' 89 . 'class="textfield"' 90 . $chg_evt_handler . '="nopass[1].checked = true" />' 91 . '</td>' 92 . '</tr>'; 93 94 $serverType = Util::getServerType(); 95 $serverVersion = $GLOBALS['dbi']->getVersion(); 96 $orig_auth_plugin = Privileges::getCurrentAuthenticationPlugin( 97 'change', 98 $username, 99 $hostname 100 ); 101 102 if (($serverType == 'MySQL' 103 && $serverVersion >= 50507) 104 || ($serverType == 'MariaDB' 105 && $serverVersion >= 50200) 106 ) { 107 // Provide this option only for 5.7.6+ 108 // OR for privileged users in 5.5.7+ 109 if (($serverType == 'MySQL' 110 && $serverVersion >= 50706) 111 || ($GLOBALS['dbi']->isSuperuser() && $mode == 'edit_other') 112 ) { 113 $auth_plugin_dropdown = Privileges::getHtmlForAuthPluginsDropdown( 114 $orig_auth_plugin, 'change_pw', 'new' 115 ); 116 117 $html .= '<tr class="vmiddle">' 118 . '<td>' . __('Password Hashing:') . '</td><td>'; 119 $html .= $auth_plugin_dropdown; 120 $html .= '</td></tr>' 121 . '<tr id="tr_element_before_generate_password"></tr>' 122 . '</table>'; 123 124 $html .= '<div' 125 . ($orig_auth_plugin != 'sha256_password' 126 ? ' class="hide"' 127 : '') 128 . ' id="ssl_reqd_warning_cp">' 129 . Message::notice( 130 __( 131 'This method requires using an \'<i>SSL connection</i>\' ' 132 . 'or an \'<i>unencrypted connection that encrypts the ' 133 . 'password using RSA</i>\'; while connecting to the server.' 134 ) 135 . Util::showMySQLDocu( 136 'sha256-authentication-plugin' 137 ) 138 ) 139 ->getDisplay() 140 . '</div>'; 141 } else { 142 $html .= '<tr id="tr_element_before_generate_password"></tr>' 143 . '</table>'; 144 } 145 } else { 146 $auth_plugin_dropdown = Privileges::getHtmlForAuthPluginsDropdown( 147 $orig_auth_plugin, 'change_pw', 'old' 148 ); 149 150 $html .= '<tr class="vmiddle">' 151 . '<td>' . __('Password Hashing:') . '</td><td>'; 152 $html .= $auth_plugin_dropdown . '</td></tr>' 153 . '<tr id="tr_element_before_generate_password"></tr>' 154 . '</table>'; 155 } 156 157 $html .= '</fieldset>' 158 . '<fieldset id="fieldset_change_password_footer" class="tblFooters">' 159 . '<input type="hidden" name="change_pw" value="1" />' 160 . '<input type="submit" value="' . __('Go') . '" />' 161 . '</fieldset>' 162 . '</form>'; 163 return $html; 164 } 165} 166