regenerate credentials upon failed login

2025-11-12 00:06:09 +01:00 · 2020-09-04 10:08:03 +05:00
parent 55e225ec3b
commit 783af80a1e
3 changed files with 50 additions and 4 deletions
--- a/databases/views.py
+++ b/databases/views.py
@@ -216,9 +216,50 @@ def fetchDetailsPHPMYAdmin(request):
        admin = Administrator.objects.get(id = userID)
        currentACL = ACLManager.loadedACL(userID)

-        username = request.GET.get('username')
        token = request.GET.get('token')

+        if token == 'FailedLogin':
+            keySavePath = '/home/cyberpanel/phpmyadmin_%s' % (admin.userName)
+            GlobalUserDB.objects.get(username=admin.userName).delete()
+
+            command = 'rm -f %s' % (keySavePath)
+            ProcessUtilities.executioner(command)
+
+            key = Fernet.generate_key()
+
+            writeToFile = open(keySavePath, 'w')
+            writeToFile.write(key.decode())
+            writeToFile.close()
+
+            command = 'chown root:root %s' % (keySavePath)
+            ProcessUtilities.executioner(command)
+
+            command = 'chmod 600 %s' % (keySavePath)
+            ProcessUtilities.executioner(command)
+
+            ##
+
+            password = randomPassword.generate_pass()
+            token = randomPassword.generate_pass()
+            f = Fernet(key)
+            GlobalUserDB(username=admin.userName, password=f.encrypt(password.encode('utf-8')).decode(),
+                         token=token).save()
+
+            sites = ACLManager.findWebsiteObjects(currentACL, userID)
+            createUser = 1
+
+            for site in sites:
+                for db in site.databases_set.all():
+                    mysqlUtilities.addUserToDB(db.dbName, admin.userName, password, createUser)
+                    createUser = 0
+
+            returnURL = '/phpmyadmin/phpmyadminsignin.php?username=%s&password=%s' % (admin.userName, password)
+            return redirect(returnURL)
+
+
+        username = request.GET.get('username')
+
+
        if username != admin.userName:
            return redirect(loadLoginPage)

--- a/plogical/mysqlUtilities.py
+++ b/plogical/mysqlUtilities.py
@@ -930,6 +930,11 @@ skip-name-resolve
                return 0

            if createUser:
+                try:
+                    cursor.execute(
+                        "CREATE USER '" + user + "'@'%s' IDENTIFIED BY '" % (mysqlUtilities.LOCALHOST) + password + "'")
+                except:
+                    cursor.execute("DROP USER '%s'@'%s'" % (user, mysqlUtilities.LOCALHOST))
                    cursor.execute(
                        "CREATE USER '" + user + "'@'%s' IDENTIFIED BY '" % (mysqlUtilities.LOCALHOST) + password + "'")

--- a/plogical/phpmyadminsignin.php
+++ b/plogical/phpmyadminsignin.php
@@ -44,4 +44,4 @@ else if(isset($_GET['password'])){
    header('Location: /phpmyadmin/index.php?server=' . PMA_SIGNON_INDEX);
 }

-echo 'Failed login';
+$url = "/dataBases/fetchDetailsPHPMYAdmin?token=FailedLogin";