Koozali.org: home of the SME Server

[CONTRIB UPDATE] phpmyadmin-multiuser


Offline william_syd

  • ****
  • 1,608
  • +0/-0
  • Nothing to see here.
    • http://www.magicwilly.info
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #1 on: November 03, 2006, 11:55:03 AM »
Quote
Announcement-ID: PMASA-2006-6
Date: 2006-11-01

Summary:
XSS vulnerability

Description:
We received a security advisory from Stefan Esser (sesser@hardened-php.net) and we wish to thank him for his work.

It was possible to produce XSS via a special URL containing UTF-7 codes

Severity:
We consider this vulnerability to be serious.

Affected versions:
2.6.4 to 2.9.0.2.

Solution:
Upgrade to phpMyAdmin 2.9.0.3 or newer.

For further information and in case of questions, please contact the phpMyAdmin team. Our website is http://www.phpmyadmin.net/.
Regards,
William

IF I give advise.. It's only if it was me....





Offline sandoz

  • **
  • 47
  • +0/-0
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #6 on: November 23, 2006, 09:38:58 PM »
whats the difference with the non multiuser phpmyadmin?

Offline william_syd

  • ****
  • 1,608
  • +0/-0
  • Nothing to see here.
    • http://www.magicwilly.info
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #7 on: November 23, 2006, 11:09:14 PM »
phpmyadmin is phpmyadmin.

The difference is the way it's setup to log you in.

Code: [Select]
$cfg['Servers'][$i]['auth_type'] string ['HTTP'|'cookie'|'config']
    Whether config or cookie or HTTP authentication should be used for this server.

        * 'config' authentication ($auth_type = 'config') is the plain old way: username and password are stored in config.inc.php.
        * 'cookie' authentication mode ($auth_type = 'cookie') as introduced in 2.2.3 allows you to log in as any valid MySQL user with the help of cookies. Username and password are stored in cookies during the session and password is deleted when it ends. This can also allow you to log in in arbitrary server if $cfg['AllowArbitraryServer'] enabled.
        * 'HTTP' authentication (was called 'advanced' in older versions) ($auth_type = 'HTTP') as introduced in 1.3.0 allows you to log in as any valid MySQL user via HTTP-Auth.
        * 'signon' authentication mode ($auth_type = 'signon') as introduced in 2.10.0 allows you to log in from prepared PHP session data. This is useful for implementing single signon from another application. Sample way how to seed session is in signon example: scripts/signon.php. You need to configure session name and signon URL to use this authentication method.

    Please see the install section on "Using authentication modes" for more information.
Regards,
William

IF I give advise.. It's only if it was me....

Offline sandoz

  • **
  • 47
  • +0/-0
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #8 on: November 24, 2006, 03:42:46 PM »
i must be stupid, but i am not able to change the admin password

when i use the change password field, the password is not changed at all

when i add a 2nd admin, and try to tedelte the first i get
SQL-query:
DROP USER 'admin'@ 'localhost';
#1268 - Can't drop one or more of the requested users

Offline MasterSleepy

  • *
  • 386
  • +0/-0
    • http://www.vanhees.cc
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #9 on: November 24, 2006, 09:10:57 PM »
Hello,

Try the following command as root at command line:
Code: [Select]
 mysql --execute="grant all privileges on *.* to admin@localhost identified by 'admin' WITH GRANT OPTION"
  mysql --execute="flush privileges"

After that command, admin password should be 'admin'.


Regards.

Offline Teviot

  • *
  • 610
  • +0/-0
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #10 on: November 27, 2006, 01:36:07 AM »
I have just installed this version on SME 7.  I noticed at the bottom the following message.

Code: [Select]
You have enabled mbstring.func_overload in your PHP configuration. This option is incompatible with phpMyAdmin and might cause some data to be corrupted!

Is this easy to fix and how would i go about it?
Regards
M0GLJ
......................................................
I am new to SAIL SME Server v8b6 and have been using SME for many years.
I have already done some research and only ask questions if I still can't work it out.

Offline william_syd

  • ****
  • 1,608
  • +0/-0
  • Nothing to see here.
    • http://www.magicwilly.info
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #11 on: November 27, 2006, 02:03:29 AM »
I wouldn't think this contrib is responsible for that.

Look in /etc/php.ini

If it's in there, find out how it got there

/etc/e-smith/templates/etc/php.ini

or

/etc/e-smith/templates-custom/etc/php.ini

and why.

You may also find it in /etc/httpd/conf/httpd.conf but according to the php manual
Quote
Note:  It is not recommended to use the function overloading option in the per-directory context, because it's not confirmed yet to be stable enough in a production environment and may lead to undefined behaviour.
Regards,
William

IF I give advise.. It's only if it was me....

Offline Teviot

  • *
  • 610
  • +0/-0
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #12 on: November 27, 2006, 02:32:11 AM »
would it be best just to leave it for the moment
Regards
M0GLJ
......................................................
I am new to SAIL SME Server v8b6 and have been using SME for many years.
I have already done some research and only ask questions if I still can't work it out.

Offline MasterSleepy

  • *
  • 386
  • +0/-0
    • http://www.vanhees.cc
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #13 on: November 27, 2006, 05:03:56 AM »
Hello,

You can also edit file
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/86PhpmyadminmultiAlias
and add the line
Code: [Select]
php_admin_value mbstring.func_overload 0
at the last section.

Regards.

Offline william_syd

  • ****
  • 1,608
  • +0/-0
  • Nothing to see here.
    • http://www.magicwilly.info
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #14 on: January 10, 2007, 05:13:34 AM »
Quote from: "MasterSleepy"
Hello,

You can also edit file
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/86PhpmyadminmultiAlias
and add the line
Code: [Select]
php_admin_value mbstring.func_overload 0
at the last section.

Regards.


Hello MasterSleepy,

You might have to change the location of your template.
http://forums.contribs.org/index.php?topic=35156.0

Check with
Code: [Select]
/sbin/e-smith/audittools/templates
Regards,
William

IF I give advise.. It's only if it was me....

Offline MasterSleepy

  • *
  • 386
  • +0/-0
    • http://www.vanhees.cc
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #15 on: January 10, 2007, 09:44:43 AM »
Hello william,

Ok I'll made a new version of this contrib asap.

Regards.

Offline william_syd

  • ****
  • 1,608
  • +0/-0
  • Nothing to see here.
    • http://www.magicwilly.info
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #16 on: January 10, 2007, 10:43:43 AM »
Quote from: "MasterSleepy"
asap.



No need to rush... :)

Thank You.
Regards,
William

IF I give advise.. It's only if it was me....

Offline MasterSleepy

  • *
  • 386
  • +0/-0
    • http://www.vanhees.cc
[UPDATED] smeserver-phpmyadmin-multiuser-2.9.2-1
« Reply #17 on: January 19, 2007, 08:48:16 AM »
Hello all,

I've updated phpmyadmin-multiuser contrib to use lastest version(2.9.2) of it.
It also correct template problem.


RPM :
http://www.vanhees.cc/modules.php?op=modload&name=CmodsDownload&file=index&req=viewdownloaddetails&lid=296&ttitle=smeserver-phpmyadmin-multiuser-2.9.2-1.noarch.rpm

sRPM :
http://www.vanhees.cc/modules.php?op=modload&name=CmodsDownload&file=index&req=viewdownloaddetails&lid=297&ttitle=smeserver-phpmyadmin-multiuser-2.9.2-1.src.rpm

Install instruction:
Code: [Select]
wget "http://www.vanhees.cc/index.php?name=CmodsDownload&file=index&req=getit&lid=296"
rpm -Uvh smeserver-phpmyadmin-multiuser-2.9.2-1.noarch.rpm


Regards.

Beast

Unable to login as admin
« Reply #18 on: January 29, 2007, 11:40:09 AM »
Have installed the contrib but the logon screen tells me that the logon/password is wrong - using admin. Have also tried root and users etc.

What can be wrong?

NB: New installation of 7.1

Offline william_syd

  • ****
  • 1,608
  • +0/-0
  • Nothing to see here.
    • http://www.magicwilly.info
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #19 on: January 29, 2007, 11:41:51 AM »
Username: admin
Password: admin
Regards,
William

IF I give advise.. It's only if it was me....

Beast

[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #20 on: January 29, 2007, 11:44:42 AM »
:lol:

Beast

[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #21 on: January 29, 2007, 11:47:29 AM »
How do i change this easy password?

In the user table of MySQL as allways?

Offline william_syd

  • ****
  • 1,608
  • +0/-0
  • Nothing to see here.
    • http://www.magicwilly.info
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #22 on: January 29, 2007, 11:55:02 AM »
Quote from: "Beast"
How do i change this easy password?

In the user table of MySQL as allways?


In keeping with the easy theme...

Edit /opt/administration/phpmyadminmulti/config.inc.php and change this bit. Save and login to phpmyadmin and you will have a change password prompt on the fist screen.

 
Code: [Select]
// In the main frame, at startup...
$cfg['ShowStats']             = TRUE;   // allow to display statistics and space usage in
                                        // the pages about database details and table
                                        // properties
$cfg['ShowMysqlInfo']         = TRUE;  // whether to display the "MySQL runtime
$cfg['ShowMysqlVars']         = TRUE;  // information", "MySQL system variables", "PHP
$cfg['ShowPhpInfo']           = TRUE;  // information" and "change password" links for
$cfg['ShowChgPassword']       = TRUE;  // simple users or not
$cfg['SuggestDBName']         = TRUE;   // suggest a new DB name if possible (false = keep empty)
Regards,
William

IF I give advise.. It's only if it was me....

Offline MasterSleepy

  • *
  • 386
  • +0/-0
    • http://www.vanhees.cc
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #23 on: January 29, 2007, 02:09:07 PM »
Quote from: "Beast"
How do i change this easy password?

In the user table of MySQL as allways?

Hello,

You can use phpmyadmin to change it!
Take a look at "privileges" option in main screen of phpmyadmin.

Regards.

Beast

[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #24 on: January 29, 2007, 02:57:35 PM »
There is something I do not understand here!

If I change a password in the user table or by the privileges screen it is not reflected when I try to access the DB again.

The only thing that work is the admin/admin combination.

This is really not good!

I have tried to create new users and access the DB from PHP, but only admin/admin work (and I have even changed the password for the admin user)


???????????????????????????????

Beast

[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #25 on: January 29, 2007, 03:09:38 PM »
Just found out how to update privileges !!!!!

 :oops:

Offline MasterSleepy

  • *
  • 386
  • +0/-0
    • http://www.vanhees.cc
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #26 on: January 29, 2007, 03:13:45 PM »
Try launching the following commands:
Code: [Select]

update user set Password=PASSWORD('theoneyouwant') WHERE host='localhost' and user='admin';
flush privileges;

You have to been connected to mysql database

Regards.

pnmls

Can't access users-panel in phpmyadmin
« Reply #27 on: January 30, 2007, 11:54:58 PM »
Hi,
I'm new to this, so I'll try to explain the best I can!!!

I've SME server installed and upgraded till v.7.1
I've installed phpmyadmin v.2.9.2 and phpmyadmin-multiuser and followed the directives posted here.

Now accessing users-panel (priveligies???) in phpmyadmin I get this:
"Warning: Your privilege table structure seems to be older than this MySQL version!
Please run the script mysql_fix_privilege_tables that should be included in your MySQL server distribution to solve this problem!"

The MySQL version is 4.1.2 and problem is I can't find the script "mysql_fix_privilege_tables".
Do you know how to get it or what can I do to get over this?!?!?!

Thanks,
Pedro Silva

livinginx

[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #28 on: January 31, 2007, 02:01:15 AM »
Same as the guy above me,
But, when I run
Code: [Select]
mysql_fix_privilege_tables

It returns:
Code: [Select]
Got a failure from command:
cat /usr/share/mysql/mysql_fix_privilege_tables.sql | /usr/bin/mysql --no-defaults --force --user=root --host=localhost --database=mysql
Please check the above output and try again.

Running the script with the --verbose option may give you some information
of what went wrong.

If you get an 'Access denied' error, you should run this script again and
give the MySQL root user password as an argument with the --password= option


So, now I am lost.  Any ideas?

livinginx

[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #29 on: January 31, 2007, 03:51:15 AM »
Bah, I solved it.
I ran:
Code: [Select]
mysql_fix_privilege_tables --user=admin --password=admin --verbose

There were a couple errors, but now I can access the privileges section of myadmin.

pnmls

Thanks livinginx
« Reply #30 on: January 31, 2007, 12:33:01 PM »
I'm  :oops: ! That was to easy!!!!

Offline arnoldob

  • *
  • 183
  • +0/-0
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #31 on: February 09, 2007, 03:55:54 PM »
Is this package available via a yum repository?
Tampa, FL USA


Offline jjcuk

  • *
  • 90
  • +0/-0
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #33 on: March 20, 2007, 05:58:58 PM »
just done a yum localinstall with the latest rpm (2.10.0.2-1) and am getting the following in the php my admin page

Cannot load mcrypt extension. Please check your PHP configuration

any ideas please?
Regards
Jim C

Offline bpivk

  • *
  • 908
  • +0/-0
    • http://www.bezigrad.com
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #34 on: March 20, 2007, 06:28:17 PM »
Did you try to locate php.ini and do this?

;extension=php_mbstring.dll
;extension=php_mcrypt.dll
The semi-colon in front of these lines comments them out. Delete the semi-colons, save the file, then restart your web server. Then try phpMyAdmin again and see if you are still getting errors.

This is from google so try it and if it doesn't work just undo what you did.
"It should just work" if it doesn't report it. Thanks!

Offline jjcuk

  • *
  • 90
  • +0/-0
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #35 on: March 20, 2007, 07:07:03 PM »
yeah thanks bpivk
I found that via google and am trying to locate php.ini as we speak
Regards
Jim C

Offline bpivk

  • *
  • 908
  • +0/-0
    • http://www.bezigrad.com
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #36 on: March 20, 2007, 07:10:49 PM »
I haven't tryed it but this could work...
mkdir /etc/e-smith/templates-custom/etc/
mkdir /etc/e-smith/templates-custom/etc/php.ini/
vi /etc/e-smith/templates-custom/etc/php.ini/80mbExtension

add the line:
extension=php_mbstring.dll

/sbin/e-smith/expand-template /etc/php.ini
/etc/rc.d/rc7.d/S86httpd-e-smith restart
"It should just work" if it doesn't report it. Thanks!

Offline jjcuk

  • *
  • 90
  • +0/-0
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #37 on: March 20, 2007, 07:17:46 PM »
can only guess

/etc/e-smith/events/bootstrap-console-save/templates2expand/etc/php.ini
/etc/e-smith/events/console-save/templates2expand/etc/php.ini
/etc/e-smith/templates/etc/php.ini
/etc/e-smith/templates/etc/php.ini/00PHP
/etc/e-smith/templates/etc/php.ini/30ErrorHandling
/etc/e-smith/templates/etc/php.ini/40DataHandling
/etc/e-smith/templates/etc/php.ini/60FileUploads
/etc/e-smith/templates/etc/php.ini/80ModuleSettings
/etc/e-smith/templates/etc/php.ini/50PathsDirectories
/etc/e-smith/templates/etc/php.ini/10LanguageOptions
/etc/e-smith/templates/etc/php.ini/20ResourceLimits
/etc/e-smith/templates/etc/php.ini/template-begin
/etc/e-smith/templates/etc/php.ini/65FopenWrappers
/etc/php.ini
Regards
Jim C

Offline bpivk

  • *
  • 908
  • +0/-0
    • http://www.bezigrad.com
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #38 on: March 20, 2007, 07:21:47 PM »
This won't work and i give up.  :?
"It should just work" if it doesn't report it. Thanks!

Offline jjcuk

  • *
  • 90
  • +0/-0
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #39 on: March 20, 2007, 08:23:07 PM »
yep thanks for the effort bpivk
cant get it myself, hopefully will get some new ideas
and will keep googling
Regards
Jim C

Offline MasterSleepy

  • *
  • 386
  • +0/-0
    • http://www.vanhees.cc
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #40 on: March 20, 2007, 08:36:23 PM »
Hello,

I've also that error, but phpmyadmin is working properly.

For php version 4.x.x there is no package in yum for installing mcrypt.

Regards.

Offline jjcuk

  • *
  • 90
  • +0/-0
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #41 on: March 20, 2007, 09:04:26 PM »
Hi MasterSleepy

yes mine seems to be functioning fine with the error as well
thanks for confirmation

regards
Jim
Regards
Jim C

Offline bpivk

  • *
  • 908
  • +0/-0
    • http://www.bezigrad.com
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #42 on: March 20, 2007, 09:33:06 PM »
Just to explain things.
This is a package that supports a few extras in phpmyadmin and is not needed. I just wanted to check it out for the sake of argument.  :D
"It should just work" if it doesn't report it. Thanks!

Offline jjcuk

  • *
  • 90
  • +0/-0
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #43 on: March 21, 2007, 12:21:03 AM »
Thanks again bpivk
checked it out myself as well
good to keep the thread updated though
Regards
Jim C


Offline gixmo

  • **
  • 63
  • +0/-0
    • http://www.gixmo.nl
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #45 on: May 25, 2007, 07:33:00 PM »
I've just installed your latest rpm. But when i try to login i get this error :
Quote
#1045 - Access denied for user 'admin'@'localhost' (using password: YES)

I've used the right password for admin.
The previous version worked just fine. What can i do?

Offline MasterSleepy

  • *
  • 386
  • +0/-0
    • http://www.vanhees.cc
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #46 on: May 25, 2007, 09:18:11 PM »
Hello,

Have you try your old password?
It should work with your password.

If it doesn't try the following line at command line with root:
Code: [Select]
mysql --execute="grant all privileges on *.* to admin@localhost identified by 'admin' WITH GRANT OPTION"
mysql --execute="flush privileges"


Regards.

Offline gixmo

  • **
  • 63
  • +0/-0
    • http://www.gixmo.nl
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #47 on: May 26, 2007, 10:52:56 AM »
No that didn't work, now al my sites using mysql are not available anymore!
How can i reset the password?

Offline electroman00

  • ****
  • 491
  • +0/-0
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #48 on: May 26, 2007, 06:09:50 PM »
Just loaded on fresh 7.1 upgraded to 7.3 sme

smeserver-phpmyadmin-multiuser-2.10.1-1.noarch.rpm

I get the following error on first opening of myadmin.


Code: [Select]
Cannot load mcrypt extension. Please check your PHP configuration.

Offline electroman00

  • ****
  • 491
  • +0/-0
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #49 on: May 26, 2007, 06:18:45 PM »
Da....I now see this was already posted.

Sorry...

Offline electroman00

  • ****
  • 491
  • +0/-0
[CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #50 on: May 26, 2007, 06:21:30 PM »
Da....I now see this was already posted.

Sorry...

Offline mazkot

  • **
  • 59
  • +0/-0
Re: [CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #51 on: August 31, 2007, 07:35:45 AM »
installed 2.11.

and have this error  on the main page after logon

Cannot load mcrypt extension. Please check your PHP configuration.

is there a  fix for this error ?

Offline MasterSleepy

  • *
  • 386
  • +0/-0
    • http://www.vanhees.cc
Re: [CONTRIB UPDATE] phpmyadmin-multiuser
« Reply #52 on: September 03, 2007, 11:12:39 AM »
Hello mazkot,

This message is normal.
There is no mcrypt package for sme server.
This package is not vital for phpmyadmin.

Regards.
MasterSleepy.