Fixed #4191 Updating database user password on MySQL 5.7 leads to "double hash"

Till Brehm · Till Brehm · commit c8667c4d9cdc · 2016-09-20T16:10:52.000+02:00
How to reproduce issue
diff --git a/server/plugins-available/mysql_clientdb_plugin.inc.php b/server/plugins-available/mysql_clientdb_plugin.inc.php
@@ -140,7 +140,10 @@ function process_host_list($action, $database_name, $database_user, $database_pa
 			} elseif($action == 'RENAME') {
 				if(!$link->query("RENAME USER '".$link->escape_string($database_user)."'@'$db_host' TO '".$link->escape_string($database_rename_user)."'@'$db_host'")) $success = false;
 			} elseif($action == 'PASSWORD') {
-				if(!$link->query("SET PASSWORD FOR '".$link->escape_string($database_user)."'@'$db_host' = '".$link->escape_string($database_password)."'")) $success = false;
+				//if(!$link->query("SET PASSWORD FOR '".$link->escape_string($database_user)."'@'$db_host' = '".$link->escape_string($database_password)."'")) $success = false;
+				// SET PASSWORD for already hashed passwords is not supported by latest MySQL 5.7 anymore, so we set it directly
+				if(!$link->query("UPDATE mysql.user SET `Password` = '".$link->escape_string($database_password)."' WHERE `Host` = '".$db_host."' AND `User` = '".$link->escape_string($database_user)."'")) $success = false;
+				if($success == true) $link->query("FLUSH PRIVILEGES");
 			}
 		}
 

Original file line number	Diff line number	Diff line change
`@@ -140,7 +140,10 @@ function process_host_list($action, $database_name, $database_user, $database_pa`
`140`	`140`	`} elseif($action == 'RENAME') {`
`141`	`141`	`if(!$link->query("RENAME USER '".$link->escape_string($database_user)."'@'$db_host' TO '".$link->escape_string($database_rename_user)."'@'$db_host'")) $success = false;`
`142`	`142`	`} elseif($action == 'PASSWORD') {`
`143`		`- if(!$link->query("SET PASSWORD FOR '".$link->escape_string($database_user)."'@'$db_host' = '".$link->escape_string($database_password)."'")) $success = false;`
	`143`	`+ //if(!$link->query("SET PASSWORD FOR '".$link->escape_string($database_user)."'@'$db_host' = '".$link->escape_string($database_password)."'")) $success = false;`
	`144`	`+ // SET PASSWORD for already hashed passwords is not supported by latest MySQL 5.7 anymore, so we set it directly`
	`145`	+ if(!$link->query("UPDATE mysql.user SET `Password` = '".$link->escape_string($database_password)."' WHERE `Host` = '".$db_host."' AND `User` = '".$link->escape_string($database_user)."'")) $success = false;
	`146`	`+ if($success == true) $link->query("FLUSH PRIVILEGES");`
`144`	`147`	`}`
`145`	`148`	`}`
`146`	`149`