From 6322f58c30093fac56c04d91666ba1d1b80cc3fc Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Thu, 8 Oct 2020 16:08:38 +0200
Subject: [PATCH 1/2] Update mysql_clientdb_plugin.inc.php

---
 .../mysql_clientdb_plugin.inc.php             | 51 +++++++++++--------
 1 file changed, 31 insertions(+), 20 deletions(-)

diff --git a/server/plugins-available/mysql_clientdb_plugin.inc.php b/server/plugins-available/mysql_clientdb_plugin.inc.php
index 75b6729760..aa09b3d81c 100644
--- a/server/plugins-available/mysql_clientdb_plugin.inc.php
+++ b/server/plugins-available/mysql_clientdb_plugin.inc.php
@@ -150,16 +150,21 @@ class mysql_clientdb_plugin {
 				$link->query("CREATE USER '".$link->escape_string($database_user)."'@'$db_host'");
 				$app->log("CREATE USER '".$link->escape_string($database_user)."'@'$db_host'", LOGLEVEL_DEBUG);
 
-				// set the password
-				// MySQL < 5.7 and MariadB 10
-				if(!$link->query("UPDATE mysql.user SET `Password` = '".$link->escape_string($database_password)."' WHERE `Host` = '".$db_host."' AND `User` = '".$link->escape_string($database_user)."'")) {
-					if($this->getDatabaseType($link) == 'mysql' && $this->getDatabaseVersion($link, true) >= 8) {
-						// for MySQL >= 8, we set authentication plugin to old mode to ensure that older additional php versions can still connect to the database
-						if(!$link->query("UPDATE mysql.user SET `authentication_string` = '".$link->escape_string($database_password)."', `plugin` = 'mysql_native_password' WHERE `Host` = '".$db_host."' AND `User` = '".$link->escape_string($database_user)."'")) $success = false;
-					} else {
-						// MySQL 5.7, the Password field has been renamed to authentication_string
-						if(!$link->query("UPDATE mysql.user SET `authentication_string` = '".$link->escape_string($database_password)."' WHERE `Host` = '".$db_host."' AND `User` = '".$link->escape_string($database_user)."'")) $success = false;
-					}
+				// mariadb or mysql < 5.7
+				if($this->getDatabaseType($link) == 'mariadb' || version_compare($this->getDatabaseVersion($link), '5.7', '<')) {
+					$query = sprintf("SET PASSWORD FOR '%s'@'%s' = '%s'",
+						$link->escape_string($data['new']['database_user']),
+						$db_host,
+						$link->escape_string($data['new']['database_password']));
+					if(!$link->query($query)) $success = false;
+				}
+				// mysql >= 5.7
+				else {
+					$query = sprintf("ALTER USER IF EXISTS '%s'@'%s' IDENTIFIED WITH mysql_native_password AS '%s'",
+						$link->escape_string($data['new']['database_user']),
+						$db_host,
+						$link->escape_string($data['new']['database_password']));
+					if(!$link->query($query)) $success = false;
 				}
 				
 				$app->log("PASSWORD SET FOR '".$link->escape_string($database_user)."'@'$db_host' success? " . ($success ? 'yes' : 'no'), LOGLEVEL_DEBUG);
@@ -182,15 +187,21 @@ class mysql_clientdb_plugin {
 				//if(!$link->query("SET PASSWORD FOR '".$link->escape_string($database_user)."'@'$db_host' = '".$link->escape_string($database_password)."'")) $success = false;
 				// SET PASSWORD for already hashed passwords is not supported by latest MySQL 5.7 anymore, so we have to set the hashed password directly
 				if(trim($database_password) != '') {
-					// MySQL < 5.7 and MariadB 10
-					if(!$link->query("UPDATE mysql.user SET `Password` = '".$link->escape_string($database_password)."' WHERE `Host` = '".$db_host."' AND `User` = '".$link->escape_string($database_user)."'")) {
-						if($this->getDatabaseType($link) == 'mysql' && $this->getDatabaseVersion($link, true) >= 8) {
-							// for MySQL >= 8, we set authentication plugin to old mode to ensure that older additional php versions can still connect to the database
-							if(!$link->query("UPDATE mysql.user SET `authentication_string` = '".$link->escape_string($database_password)."', `plugin` = 'mysql_native_password' WHERE `Host` = '".$db_host."' AND `User` = '".$link->escape_string($database_user)."'")) $success = false;
-						} else {
-							// MySQL 5.7, the Password field has been renamed to authentication_string
-							if(!$link->query("UPDATE mysql.user SET `authentication_string` = '".$link->escape_string($database_password)."' WHERE `Host` = '".$db_host."' AND `User` = '".$link->escape_string($database_user)."'")) $success = false;
-						}
+					// mariadb or mysql < 5.7
+					if($this->getDatabaseType($link) == 'mariadb' || version_compare($this->getDatabaseVersion($link), '5.7', '<')) {
+						$query = sprintf("SET PASSWORD FOR '%s'@'%s' = '%s'",
+							$link->escape_string($data['new']['database_user']),
+							$db_host,
+							$link->escape_string($data['new']['database_password']));
+						if(!$link->query($query)) $success = false;
+					}
+					// mysql >= 5.7
+					else {
+						$query = sprintf("ALTER USER IF EXISTS '%s'@'%s' IDENTIFIED WITH mysql_native_password AS '%s'",
+							$link->escape_string($data['new']['database_user']),
+							$db_host,
+							$link->escape_string($data['new']['database_password']));
+						if(!$link->query($query)) $success = false;
 					}
 					if($success == true) $link->query("FLUSH PRIVILEGES");
 				}
@@ -836,4 +847,4 @@ class mysql_clientdb_plugin {
 
 } // end class
 
-?>
+?>
\ No newline at end of file
-- 
GitLab


From 21b1c30c47cc5f0e45e493e84ff65532fcfce1a7 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Thu, 8 Oct 2020 16:19:04 +0200
Subject: [PATCH 2/2] Update mysql_clientdb_plugin.inc.php

---
 .../mysql_clientdb_plugin.inc.php                | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/server/plugins-available/mysql_clientdb_plugin.inc.php b/server/plugins-available/mysql_clientdb_plugin.inc.php
index aa09b3d81c..4d637ef37f 100644
--- a/server/plugins-available/mysql_clientdb_plugin.inc.php
+++ b/server/plugins-available/mysql_clientdb_plugin.inc.php
@@ -153,17 +153,17 @@ class mysql_clientdb_plugin {
 				// mariadb or mysql < 5.7
 				if($this->getDatabaseType($link) == 'mariadb' || version_compare($this->getDatabaseVersion($link), '5.7', '<')) {
 					$query = sprintf("SET PASSWORD FOR '%s'@'%s' = '%s'",
-						$link->escape_string($data['new']['database_user']),
+						$link->escape_string($database_user),
 						$db_host,
-						$link->escape_string($data['new']['database_password']));
+						$link->escape_string($database_password));
 					if(!$link->query($query)) $success = false;
 				}
 				// mysql >= 5.7
 				else {
 					$query = sprintf("ALTER USER IF EXISTS '%s'@'%s' IDENTIFIED WITH mysql_native_password AS '%s'",
-						$link->escape_string($data['new']['database_user']),
+						$link->escape_string($database_user),
 						$db_host,
-						$link->escape_string($data['new']['database_password']));
+						$link->escape_string($database_password));
 					if(!$link->query($query)) $success = false;
 				}
 				
@@ -190,17 +190,17 @@ class mysql_clientdb_plugin {
 					// mariadb or mysql < 5.7
 					if($this->getDatabaseType($link) == 'mariadb' || version_compare($this->getDatabaseVersion($link), '5.7', '<')) {
 						$query = sprintf("SET PASSWORD FOR '%s'@'%s' = '%s'",
-							$link->escape_string($data['new']['database_user']),
+							$link->escape_string($database_user),
 							$db_host,
-							$link->escape_string($data['new']['database_password']));
+							$link->escape_string($database_password));
 						if(!$link->query($query)) $success = false;
 					}
 					// mysql >= 5.7
 					else {
 						$query = sprintf("ALTER USER IF EXISTS '%s'@'%s' IDENTIFIED WITH mysql_native_password AS '%s'",
-							$link->escape_string($data['new']['database_user']),
+							$link->escape_string($database_user),
 							$db_host,
-							$link->escape_string($data['new']['database_password']));
+							$link->escape_string($database_password));
 						if(!$link->query($query)) $success = false;
 					}
 					if($success == true) $link->query("FLUSH PRIVILEGES");
-- 
GitLab