Fixes bug causing MySQL user accounts to be corrupted when resetting a password via the panel.

closes pterodactyl#352

Author: DaneEveritt

CHANGELOG.md

@@ -22,6 +22,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
 * `[pre.4]` — Fixes server listing on frontend not displaying a page selector when more than 10 servers exist.
 * `[pre.4]` — Fixes non-admin users being unable to create personal API keys.
 * Fixes bug where daemon was unable to register that certain games had fully booted and were ready to play on.
+* Fixes bug causing MySQL user accounts to be corrupted when resetting a password via the panel.
 
 ### Added
 * Ability to assign multiple allocations at once when creating a new server.

app/Http/Controllers/Server/ServerController.php

@@ -239,15 +239,14 @@ public function getDatabases(Request $request, $uuid)
     {
         $server = Models\Server::byUuid($uuid);
         $this->authorize('view-databases', $server);
+
+        $server->load('node', 'databases.host');
         $server->js();
 
         return view('server.settings.databases', [
             'server' => $server,
             'node' => $server->node,
-            'databases' => Models\Database::select('databases.*', 'database_servers.host as a_host', 'database_servers.port as a_port')
-                ->where('server_id', $server->id)
-                ->join('database_servers', 'database_servers.id', '=', 'databases.db_server')
-                ->get(),
+            'databases' => $server->databases,
         ]);
     }
 

app/Models/Database.php

@@ -68,7 +68,7 @@ class Database extends Model
       */
      public function host()
      {
-         return $this->belongsTo(DatabaseHost::class);
+         return $this->belongsTo(DatabaseHost::class, 'database_host_id');
      }
 
      /**

app/Repositories/DatabaseRepository.php

@@ -48,10 +48,10 @@ class DatabaseRepository
      */
     public function create($id, array $data)
     {
-        $server = Server::findOrFail($server);
+        $server = Server::findOrFail($id);
 
         $validator = Validator::make($data, [
-            'host' => 'required|exists:database_servers,id',
+            'host' => 'required|exists:database_hosts,id',
             'database' => 'required|regex:/^\w{1,100}$/',
             'connection' => 'required|regex:/^[0-9%.]{1,15}$/',
         ]);
@@ -64,7 +64,7 @@ public function create($id, array $data)
         DB::beginTransaction();
 
         try {
-            $database = Models\Database::firstOrNew([
+            $database = Database::firstOrNew([
                 'server_id' => $server->id,
                 'database_host_id' => $data['host'],
                 'database' => sprintf('s%d_%s', $server->id, $data['database']),
@@ -131,10 +131,12 @@ public function create($id, array $data)
      * @param  int    $id
      * @param  string $password
      * @return void
+     *
+     * @todo   Fix logic behind resetting passwords.
      */
     public function password($id, $password)
     {
-        $database = Models\Database::with('host')->findOrFail($id);
+        $database = Database::with('host')->findOrFail($id);
 
         DB::transaction(function () use ($database, $password) {
             $database->password = Crypt::encrypt($password);
@@ -150,10 +152,20 @@ public function password($id, $password)
                 'collation' => 'utf8_unicode_ci',
             ]);
 
+            // We have to do the whole delete user, create user thing rather than
+            // SET PASSWORD ... because MariaDB and PHP statements ends up inserting
+            // a corrupted password. A way around this is strtoupper(sha1(sha1($password, true)))
+            // but no garuntees that will work correctly with every system.
+            DB::connection('dynamic')->statement(sprintf('DROP USER IF EXISTS `%s`@`%s`', $database->username, $database->remote));
             DB::connection('dynamic')->statement(sprintf(
-                'SET PASSWORD FOR `%s`@`%s` = PASSWORD(\'%s\')',
+                'CREATE USER `%s`@`%s` IDENTIFIED BY \'%s\'',
                 $database->username, $database->remote, $password
             ));
+            DB::connection('dynamic')->statement(sprintf(
+                'GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, INDEX ON `%s`.* TO `%s`@`%s`',
+                $database->database, $database->username, $database->remote
+            ));
+            DB::connection('dynamic')->statement('FLUSH PRIVILEGES');
 
             $database->save();
         });

resources/themes/pterodactyl/server/settings/databases.blade.php

@@ -56,7 +56,7 @@
                                     <td class="middle">{{ $database->database }}</td>
                                     <td class="middle">{{ $database->username }}</td>
                                     <td class="middle"><code data-attr="set-password">{{ Crypt::decrypt($database->password) }}</code></td>
-                                    <td class="middle"><code>{{ $database->a_host }}:{{ $database->a_port }}</code></td>
+                                    <td class="middle"><code>{{ $database->host->host }}:{{ $database->host->port }}</code></td>
                                     @can('reset-db-password', $server)
                                         <td>
                                             <button class="btn btn-xs btn-primary pull-right" data-action="reset-password" data-id="{{ $database->id }}"><i class="fa fa-fw fa-refresh"></i> @lang('server.config.database.reset_password')</button>