Ticket #1195

Changement des mots de passe des users mysql

.gitattributes

@@ -251,8 +251,10 @@ bureau/admin/sql_restore.php -text
 bureau/admin/sql_users_add.php -text
 bureau/admin/sql_users_del.php -text
 bureau/admin/sql_users_doadd.php -text
+bureau/admin/sql_users_dopassword.php -text
 bureau/admin/sql_users_dorights.php -text
 bureau/admin/sql_users_list.php -text
+bureau/admin/sql_users_password.php -text
 bureau/admin/sql_users_rights.php -text
 bureau/admin/sta2_add_raw.php -text
 bureau/admin/sta2_del_raw.php -text

bureau/admin/hta_edit.php

@@ -68,7 +68,7 @@ for($i=0;$i<count($r);$i++){
 	$col=3-$col;
 ?>
 	<tr class="lst<?php echo $col; ?>">
-		<td align="center"><input type="checkbox" class="inc" name="d[]"" value="<?php echo $r[$i]?>" /></td>
+		<td align="center"><input type="checkbox" class="inc" name="d[]" value="<?php echo $r[$i]?>" /></td>
 		<td>
 <div class="ina"><a href="hta_edituser.php?user=<?php echo $r[$i]?>&amp;dir=<?php echo $dir?>"><img src="icon/encrypted.png" alt="<?php __("Change this user's password"); ?>" /><?php __("Change this user's password"); ?></a></div>
 </td>

bureau/admin/sql_users_dopassword.php

@@ -0,0 +1,42 @@
+<?php
+/*
+ $Id: sql_users_rights.php,v 1.8 2006/02/16 16:26:28 nahuel Exp $
+ ----------------------------------------------------------------------
+ AlternC - Web Hosting System
+ Copyright (C) 2002 by the AlternC Development Team.
+ http://alternc.org/
+ ----------------------------------------------------------------------
+ Based on:
+ Valentin Lacambre's web hosting softwares: http://altern.org/
+ ----------------------------------------------------------------------
+ LICENSE
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License (GPL)
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ To read the license please visit http://www.gnu.org/copyleft/gpl.html
+ ----------------------------------------------------------------------
+ Original Author of file: Nahuel ANGELINETTI
+ Purpose of file: Manage the MySQL users of a member
+ ----------------------------------------------------------------------
+*/
+require_once("../class/config.php");
+$fields = array (
+	"id"              => array ("request", "string", ""),
+	"password"        => array ("request", "string", ""),
+	"passwordconf"    => array ("request", "string", ""),
+);
+getFields($fields);
+
+$mysql->change_user_password($id,$password,$passwordconf);
+
+include("sql_users_list.php");
+
+?>

bureau/admin/sql_users_list.php

@@ -49,7 +49,7 @@ echo "<p>"._("help_sql_users_list_ok")."</p>";
 
 <form method="post" action="sql_users_del.php">
 <table cellspacing="0" cellpadding="4">
-   <tr><th>&nbsp;</th><th><?php __("User"); ?></th><th><?php __("Rights"); ?></th></tr>
+   <tr><th>&nbsp;</th><th><?php __("User"); ?></th><th><?php __("Rights"); ?></th><th><?php __("Password");?></th></tr>
 <?php
 $col=1;
 for($i=0;$i<count($r);$i++) {
@@ -62,6 +62,7 @@ for($i=0;$i<count($r);$i++) {
           </td>
 	  <td><label for="del_<?php echo $val["name"]; ?>"><?php echo $mem->user["login"]."_".$val["name"]; ?></label></td>
 	  <td><span class="ina"><a href="sql_users_rights.php?id=<?php echo $val["name"] ?>"><?php __("Manage the rights"); ?></a></span></td>
+	  <td><span class="ina"><a href="sql_users_password.php?id=<?php echo $val["name"] ?>"><?php __("Password change"); ?></a></span></td>
 	</tr>
 <?php
 

bureau/admin/sql_users_password.php

@@ -0,0 +1,71 @@
+<?php
+/*
+ $Id: sql_users_rights.php,v 1.8 2006/02/16 16:26:28 nahuel Exp $
+ ----------------------------------------------------------------------
+ AlternC - Web Hosting System
+ Copyright (C) 2002 by the AlternC Development Team.
+ http://alternc.org/
+ ----------------------------------------------------------------------
+ Based on:
+ Valentin Lacambre's web hosting softwares: http://altern.org/
+ ----------------------------------------------------------------------
+ LICENSE
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License (GPL)
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ To read the license please visit http://www.gnu.org/copyleft/gpl.html
+ ----------------------------------------------------------------------
+ Original Author of file: Nahuel ANGELINETTI
+ Purpose of file: Manage the MySQL users of a member
+ ----------------------------------------------------------------------
+*/
+require_once("../class/config.php");
+include_once("head.php");
+
+$fields = array (
+	"id" => array ("request", "string", ""),
+);
+getFields($fields);
+
+$r=$mysql->get_user_dblist($id);
+
+?>
+<h3><?php __("Change this user's password"); echo " - ".$mem->user["login"]."_".$id ?></h3>
+<hr id="topbar"/>
+<br />
+<?php
+	if ($error) {
+		echo "<p class=\"error\">$error</p><p>&nbsp;</p>";
+	}
+
+?>
+
+<form method="post" action="sql_users_dopassword.php">
+<input type="hidden" name="id" value="<?php echo $id; ?>" />
+<table cellspacing="0" cellpadding="4">
+  <tr>
+    <td><label for="password"><?php __("Password"); ?></label></td>
+    <td><input type="password" class="int" name="password" id="password" value="" size="20" maxlength="64" /></td>
+  </tr>
+  <tr>
+    <td><label for="passwordconf"><?php __("Confirm password"); ?></label></td>
+    <td><input type="password" class="int" name="passwordconf" id="passwordconf" value="" size="20" maxlength="64" /></td>
+  </tr>
+  <tr>
+    <td>
+      <input type="button" class="inb" name="cancel" value="<?php __("Cancel"); ?>" onclick="document.location='sql_users_list.php'"/>
+      <input type="submit" class="inb" value="<?php __("Confirm"); ?>" />
+    </td>
+  </tr>
+</table>
+</form>
+
+<?php include_once("foot.php"); ?>

bureau/class/m_mysql.php

@@ -477,6 +477,38 @@ class m_mysql {
     return true;
   }
 
+  /* ------------------------------------------------------------ */
+  /** 
+   * Change a user's MySQL password
+   * @param $usern the username 
+   * @param $password The password for this username
+   * @param $passconf The password confirmation
+   * @return TRUE if the password has been changed in MySQL or FALSE if an error occurred
+   **/
+  function change_user_password($usern,$password,$passconf) {
+    global $db,$err,$quota,$mem,$cuid,$admin;
+    $err->log("mysql","add_user",$usern);
+
+    $usern=trim($usern);
+    $user=addslashes($mem->user["login"]."_".$usern);
+    $pass=addslashes($password);
+    if ($password != $passconf || !$password) {
+      $err->raise("mysql",17);
+      return false;
+    }
+
+    // Check this password against the password policy using common API : 
+    if (is_callable(array($admin,"checkPolicy"))) {
+      if (!$admin->checkPolicy("mysql",$user,$password)) {
+    	return false; // The error has been raised by checkPolicy()
+      }
+    }
+
+    $db->query("SET PASSWORD FOR '$user'@'$this->client' = PASSWORD('$pass')");
+    return true;
+  }
+
+
 
   /* ------------------------------------------------------------ */
   /**