xwtk
July 6, 2021, 12:45pm
1
This is a serious issue. After updating to a new version of Hestia CP, PhpMyAdmin suddenly looses 2FA settings and can be logged in without the 2FA code.
I wouldnt call it as “serious”, 2FA is an additional protection layer. Serious would be if you could login with a user
If you can’t find the bug, please open it in github: Sign in to GitHub · GitHub
eris
July 6, 2021, 12:51pm
3
We currently delete the phpmyadmin folder and setup a new one. Probally we should update it.
xwtk
July 6, 2021, 1:06pm
4
Aha so that’s where the issue is coming from. I hope you can fix it in 1.4.6 because I literally had heart attacks when I saw PhpMyAdmin not have 2FA 2 times. Then figured out that it came from the updates.
xwtk
July 6, 2021, 1:06pm
5
Or getting admin access from a standard user
eris
July 6, 2021, 1:11pm
6
# Display upgrade information
echo "[ * ] Upgrading phpMyAdmin to version v$pma_v..."
[ -d /usr/share/phpmyadmin ] || mkdir -p /usr/share/phpmyadmin
# Download latest phpMyAdmin release
wget --quiet https://files.phpmyadmin.net/phpMyAdmin/$pma_v/phpMyAdmin-$pma_v-all-languages.tar.gz
# Unpack files
tar xzf phpMyAdmin-$pma_v-all-languages.tar.gz
# Delete file to prevent error
rm -rf /usr/share/phpmyadmin/doc/html
# Overwrite old files
cp -rf phpMyAdmin-$pma_v-all-languages/* /usr/share/phpmyadmin
# Set config and log directory
sed -i "s|define('CONFIG_DIR', ROOT_PATH);|define('CONFIG_DIR', '/etc/phpmyadmin/');|" /usr/share/phpmyadmin/libraries/vendor_config.php
sed -i "s|define('TEMP_DIR', ROOT_PATH . 'tmp/');|define('TEMP_DIR', '/var/lib/phpmyadmin/tmp/');|" /usr/share/phpmyadmin/libraries/vendor_config.php
This file has been truncated. show original
We just overwrite it. I don’t know what config is changed but it should be the one located in /etc/phpmyadmin/
eris
July 6, 2021, 1:15pm
8
We should not delete the database only upgrade it after installation.
eris
July 6, 2021, 1:26pm
9
If you are using Nginx + apache2 try
v-change-sys-db-alias ‘pma’ “phpmyadmin”
.