Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

uapi mysql create_user password issues

Discussion in 'cPanel Developers' started by katmai, Jun 7, 2019.

  1. katmai

    katmai Well-Known Member

    Joined:
    Mar 13, 2006
    Messages:
    558
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    Brno, Czech Republic
    It seems like the uapi password function doesn't properly sanitize the password input. If i create an account with this complex password:

    uapi --user=katmai Mysql create_user name=katmai_user password=__87%smiled%TASTE%fiji%13__

    ill get an access denied trying to login to the database.

    If i make the password slightly less complex such as:
    uapi --user=katmai Mysql create_user name=katmai_user [email protected]

    it all works just fine.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,466
    Likes Received:
    505
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @katmai

    This is because you're not properly URI encoding the password. The % is a reserved character and needs to be represented as %25 when creating the password. So on creation it should look as follows:

    Code:
    __87%25smiled%25TASTE%25fiji%2513__
    Then when logging in you can use the password as you originally intended:


    Code:
    __87%smiled%TASTE%fiji%13__
    
    I tested this on my server and it worked without issues

    Code:
    [[email protected] ~]# uapi --user=myuser Mysql create_user name=myuser_atest3 password="__87%25smiled%25TASTE%25fiji%2513__"
    [2019-06-10 12:34:51 -0500] info [uapi] ---debug_hooks---
    [2019-06-10 12:34:51 -0500] info [uapi]             msg: No hooks found for traversed context
    [2019-06-10 12:34:51 -0500] info [uapi]         context: Cpanel::UAPI::Mysql::create_user
    [2019-06-10 12:34:51 -0500] info [uapi]           stage: pre
    [2019-06-10 12:34:51 -0500] info [uapi] ---debug_hooks---
    [2019-06-10 12:34:51 -0500] info [uapi]             msg: No hooks found for traversed context
    [2019-06-10 12:34:51 -0500] info [uapi]         context: Cpanel::UAPI::Mysql::create_user
    [2019-06-10 12:34:51 -0500] info [uapi]           stage: post
    ---
    apiversion: 3
    func: create_user
    module: Mysql
    result:
      data: ~
      errors: ~
      messages: ~
      metadata: {}
    
      status: 1
      warnings: ~
    Then logged in:

    Code:
    [[email protected] ~]# mysql -u myuser_atest3 -p
    Enter password:
    Welcome to the MariaDB monitor.  Commands end with ; or \g.
    Your MariaDB connection id is 351215
    Server version: 10.3.13-MariaDB MariaDB Server
    
    Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
    
    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
    
    MariaDB [(none)]>
    This is noted in the UAPI documentation here: UAPI Functions - Mysql::create_user - Developer Documentation - cPanel Documentation

     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice