From 2109f5b423bb535aca2e9a5929cd8e4e550996fc Mon Sep 17 00:00:00 2001 From: Anthony Date: Wed, 27 Aug 2025 00:26:33 +0800 Subject: [PATCH] phpMyadmin instant login --- mbadmin.jps | 30 ++++++++ scripts/dbreset.sh | 68 ++++++++++++++++++ scripts/pma-gateway/create_pma_gateway.sh | 86 +++++++++++++++++++++++ 3 files changed, 184 insertions(+) create mode 100644 scripts/dbreset.sh create mode 100644 scripts/pma-gateway/create_pma_gateway.sh diff --git a/mbadmin.jps b/mbadmin.jps index 903abda..8e4836c 100644 --- a/mbadmin.jps +++ b/mbadmin.jps @@ -16,6 +16,7 @@ onInstall: - mkdir -p /home/litespeed/mbmanager/relay - mkdir -p /home/litespeed/mbmanager/ssl-manager - mkdir -p /home/litespeed/mbmanager/scripts + - mkdir -p /home/litespeed/mbmanager/pma-gateway # Download OPCache scripts with verification - cd /home/litespeed/mbmanager/scripts - curl -OL https://deploy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/check_opcache.php @@ -82,6 +83,10 @@ onInstall: - if [ ! -f ssl_remover.sh ]; then echo "Failed to download ssl_remover.sh"; exit 1; fi - curl -OL https://deploy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/ssl-manager/xmlchecker.sh - if [ ! -f xmlchecker.sh ]; then echo "Failed to download xmlchecker.sh"; exit 1; fi + # Download phpMyAdmin gateway script + - cd /home/litespeed/mbmanager/pma-gateway + - curl -OL https://deploy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/pma-gateway/create_pma_gateway.sh + - if [ ! -f create_pma_gateway.sh ]; then echo "Failed to download create_pma_gateway.sh"; exit 1; fi - chmod +x *.sh # Install Certbot for AlmaLinux with memory constraints - echo "Installing Certbot... (this may take a few minutes)" @@ -329,6 +334,12 @@ menu: action: install_wordpress settings: wpInstallConfig successText: "WordPress installed successfully with the provided credentials." + - confirmText: Access phpMyAdmin via secure gateway? + loadingText: Generating secure gateway... + caption: Create phpMyAdmin Gateway + action: create_pma_gateway + settings: pmaGatewayConfig + successText: "${response.out}" settings: checkDomainConfig: @@ -544,6 +555,17 @@ settings: caption: WordPress Admin Email default: "admin@example.com" required: true + pmaGatewayConfig: + submitUnchanged: true + fields: + - name: validity + type: text + caption: Validity (minutes) + default: "30" + - name: slug + type: text + caption: Custom Alias (optional) + required: false actions: dynamic_wp_cli: @@ -981,6 +1003,14 @@ actions: - return: type: info message: "${response.out}" + create_pma_gateway: + - cmd[cp]: + user: root + commands: + - bash /home/litespeed/mbmanager/pma-gateway/create_pma_gateway.sh --validity="${settings.validity}" $( [ -n "${settings.slug}" ] && echo --slug="${settings.slug}") + - return: + type: info + message: "Gateway URL: ${response.out}" responses: enableSuccess: diff --git a/scripts/dbreset.sh b/scripts/dbreset.sh new file mode 100644 index 0000000..502f277 --- /dev/null +++ b/scripts/dbreset.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +# Generate a secure password +new_password=$(openssl rand -base64 12) +echo "🔐 New MariaDB root password will be: $new_password" + +# Stop MariaDB +echo "🛑 Stopping MariaDB service..." +sudo systemctl stop mariadb +sleep 3 + +# Start MariaDB in safe mode +echo "🔧 Starting MariaDB in safe mode (skip-grant-tables)..." +sudo mysqld_safe --skip-grant-tables --skip-networking --skip-name-resolve & +sleep 5 + +# Check if mysqld is running +if ! pgrep mysqld > /dev/null; then + echo "❌ Failed to start mysqld_safe. Exiting." + exit 1 +fi + +# Reset root password +echo "🔄 Resetting root password..." +mysql -u root << EOF +FLUSH PRIVILEGES; +ALTER USER 'root'@'localhost' IDENTIFIED BY '$new_password'; +ALTER USER 'root'@'127.0.0.1' IDENTIFIED BY '$new_password'; +FLUSH PRIVILEGES; +EOF + +# Check if reset succeeded +if [ $? -ne 0 ]; then + echo "❌ Failed to reset password. Cleaning up..." + sudo pkill -f mysqld + exit 1 +fi + +# Stop safe mode +echo "🛑 Stopping safe mode..." +sudo pkill -f mysqld_safe +sudo pkill -f mysqld +sleep 3 + +# Start MariaDB normally +echo "🟢 Starting MariaDB normally..." +sudo systemctl start mariadb + +if sudo systemctl is-active --quiet mariadb; then + echo "✅ MariaDB is running." + echo "🔐 Root password has been reset to: $new_password" + echo "" + echo "📌 IMPORTANT:" + echo " 1. Update /etc/phpMyAdmin/config.inc.php:" + echo " \$cfg['Servers'][\$i]['user'] = 'root';" + echo " \$cfg['Servers'][\$i]['password'] = '$new_password';" + echo " \$cfg['Servers'][\$i]['auth_type'] = 'config';" + echo "" + echo " 2. Restart the database node in the Virtuozzo control panel!" + echo " This ensures Apache/phpMyAdmin can reconnect." +else + echo "❌ Failed to start MariaDB. Run: sudo systemctl status mariadb" + exit 1 +fi + +sudo sed -i "s/\(\['password'\]\s*=\s*'\)[^']*'/\1$new_password'/" /etc/phpMyAdmin/config.inc.php +sudo sed -i "s/\(\['auth_type'\]\s*=\s*'\)[^']*'/\1config'/" /etc/phpMyAdmin/config.inc.php +sudo sed -i "s/\(\['user'\]\s*=\s*'\)[^']*'/\1root'/" /etc/phpMyAdmin/config.inc.php \ No newline at end of file diff --git a/scripts/pma-gateway/create_pma_gateway.sh b/scripts/pma-gateway/create_pma_gateway.sh new file mode 100644 index 0000000..2acc157 --- /dev/null +++ b/scripts/pma-gateway/create_pma_gateway.sh @@ -0,0 +1,86 @@ +#!/bin/bash +# ============================================================================== +# Script: create_pma_gateway.sh +# Purpose: Create a time-limited gateway URL for phpMyAdmin on Virtuozzo LLSMP. +# Usage: create_pma_gateway.sh --validity=30 [--slug=myalias] +# Outputs: Prints the generated URL. +# ============================================================================== +set -euo pipefail + +SLUG="" +VALIDITY=30 # minutes + +for arg in "$@"; do + case $arg in + --slug=*) SLUG="${arg#*=}" ;; + --validity=*) VALIDITY="${arg#*=}" ;; + *) echo "Unknown argument $arg"; exit 1 ;; + esac +done + +if [[ -z "$SLUG" ]]; then + SLUG=$(openssl rand -hex 4) # 8-char random +fi + +# Determine environment public host (no node prefix) +if [[ -n "${JELASTIC_ENV_DOMAIN:-}" ]]; then + ENV_HOST="$JELASTIC_ENV_DOMAIN" +else + ENV_HOST=$(hostname -f) + ENV_HOST=${ENV_HOST#node*-} # strip nodeXXXX- +fi + +PMADB_DIR="/usr/share/phpMyAdmin" +GATEWAY_FILE="$PMADB_DIR/access-db-$SLUG.php" + +SECRET_FILE="/var/lib/jelastic/keys/mbadmin_secret" +sudo mkdir -p "$(dirname $SECRET_FILE)" +if [[ ! -f "$SECRET_FILE" ]]; then + sudo sh -c "openssl rand -hex 32 > $SECRET_FILE" + sudo chmod 600 "$SECRET_FILE" +fi +SECRET=$(sudo cat "$SECRET_FILE") + +now=$(date +%s) +expires=$((now + VALIDITY*60)) +# token = base64("$SLUG:$expires") . '.' . HMAC_SHA256(secret, data) +data="$SLUG:$expires" +base=$(printf "%s" "$data" | base64 -w0) +mac=$(printf "%s" "$data" | openssl dgst -sha256 -hmac "$SECRET" | cut -d' ' -f2) +token="$base.$mac" + +sudo tee "$GATEWAY_FILE" >/dev/null <intval($exp)){fail();} +$secret = trim(file_get_contents('$SECRET_FILE')); +if (hash_equals($sig, hash_hmac('sha256', $data, $secret)) === false){fail();} +// set auth cookie then redirect +setcookie('pma_token', $sig, intval($exp), '/', '', true, true); +header('Location: /'); +exit; +?> +PHP + +sudo chmod 640 "$GATEWAY_FILE" + +URL="https://$ENV_HOST:8443/access-db-$SLUG.php?token=$token" +echo "$URL"