From 783af80a1e105f283fb278237478342a434e3935 Mon Sep 17 00:00:00 2001 From: Usman Nasir Date: Fri, 4 Sep 2020 10:08:03 +0500 Subject: [PATCH] regenerate credentials upon failed login --- databases/views.py | 43 ++++++++++++++++++++++++++++++++++- plogical/mysqlUtilities.py | 9 ++++++-- plogical/phpmyadminsignin.php | 2 +- 3 files changed, 50 insertions(+), 4 deletions(-) diff --git a/databases/views.py b/databases/views.py index e6cf14852..48e679a43 100755 --- a/databases/views.py +++ b/databases/views.py @@ -216,9 +216,50 @@ def fetchDetailsPHPMYAdmin(request): admin = Administrator.objects.get(id = userID) currentACL = ACLManager.loadedACL(userID) - username = request.GET.get('username') token = request.GET.get('token') + if token == 'FailedLogin': + keySavePath = '/home/cyberpanel/phpmyadmin_%s' % (admin.userName) + GlobalUserDB.objects.get(username=admin.userName).delete() + + command = 'rm -f %s' % (keySavePath) + ProcessUtilities.executioner(command) + + key = Fernet.generate_key() + + writeToFile = open(keySavePath, 'w') + writeToFile.write(key.decode()) + writeToFile.close() + + command = 'chown root:root %s' % (keySavePath) + ProcessUtilities.executioner(command) + + command = 'chmod 600 %s' % (keySavePath) + ProcessUtilities.executioner(command) + + ## + + password = randomPassword.generate_pass() + token = randomPassword.generate_pass() + f = Fernet(key) + GlobalUserDB(username=admin.userName, password=f.encrypt(password.encode('utf-8')).decode(), + token=token).save() + + sites = ACLManager.findWebsiteObjects(currentACL, userID) + createUser = 1 + + for site in sites: + for db in site.databases_set.all(): + mysqlUtilities.addUserToDB(db.dbName, admin.userName, password, createUser) + createUser = 0 + + returnURL = '/phpmyadmin/phpmyadminsignin.php?username=%s&password=%s' % (admin.userName, password) + return redirect(returnURL) + + + username = request.GET.get('username') + + if username != admin.userName: return redirect(loadLoginPage) diff --git a/plogical/mysqlUtilities.py b/plogical/mysqlUtilities.py index 708784260..c3fe06abd 100755 --- a/plogical/mysqlUtilities.py +++ b/plogical/mysqlUtilities.py @@ -930,8 +930,13 @@ skip-name-resolve return 0 if createUser: - cursor.execute( - "CREATE USER '" + user + "'@'%s' IDENTIFIED BY '" % (mysqlUtilities.LOCALHOST) + password + "'") + try: + cursor.execute( + "CREATE USER '" + user + "'@'%s' IDENTIFIED BY '" % (mysqlUtilities.LOCALHOST) + password + "'") + except: + cursor.execute("DROP USER '%s'@'%s'" % (user, mysqlUtilities.LOCALHOST)) + cursor.execute( + "CREATE USER '" + user + "'@'%s' IDENTIFIED BY '" % (mysqlUtilities.LOCALHOST) + password + "'") if mysqlUtilities.RDS == 0: cursor.execute( diff --git a/plogical/phpmyadminsignin.php b/plogical/phpmyadminsignin.php index ea9524608..715d7f141 100644 --- a/plogical/phpmyadminsignin.php +++ b/plogical/phpmyadminsignin.php @@ -44,4 +44,4 @@ else if(isset($_GET['password'])){ header('Location: /phpmyadmin/index.php?server=' . PMA_SIGNON_INDEX); } -echo 'Failed login'; \ No newline at end of file +$url = "/dataBases/fetchDetailsPHPMYAdmin?token=FailedLogin"; \ No newline at end of file