From 0f08592bc0551cb4ce66659d50e50baf888efa50 Mon Sep 17 00:00:00 2001
From: Jakub Vrana <jakub@vrana.cz>
Date: Thu, 13 Sep 2018 16:08:57 +0200
Subject: [PATCH] Warn when using password with leading or trailing spaces

---
 adminer/include/auth.inc.php | 3 ++-
 adminer/lang/cs.inc.php      | 1 +
 adminer/lang/xx.inc.php      | 1 +
 changes.txt                  | 1 +
 4 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php
index 2e76bf0d..fef6b629 100644
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -172,7 +172,8 @@ if (isset($_GET["username"])) {
 
 $login = null;
 if (!is_object($connection) || ($login = $adminer->login($_GET["username"], get_password())) !== true) {
-	auth_error((is_string($connection) ? h($connection) : (is_string($login) ? $login : lang('Invalid credentials.'))));
+	$error = (is_string($connection) ? h($connection) : (is_string($login) ? $login : lang('Invalid credentials.')));
+	auth_error($error . (preg_match('~^ | $~', get_password()) ? '<br>' . lang('There is a space in the input password which might be the cause.') : ''));
 }
 
 if ($auth && $_POST["token"]) {
diff --git a/adminer/lang/cs.inc.php b/adminer/lang/cs.inc.php
index 52e09e7a..c515202d 100644
--- a/adminer/lang/cs.inc.php
+++ b/adminer/lang/cs.inc.php
@@ -12,6 +12,7 @@ $translations = array(
 	'Logout successful.' => 'Odhlášení proběhlo v pořádku.',
 	'Thanks for using Adminer, consider <a href="https://www.adminer.org/en/donation/">donating</a>.' => 'Díky za použití Admineru, <a href="https://www.adminer.org/cs/donation/">přispějte</a> na vývoj.',
 	'Invalid credentials.' => 'Neplatné přihlašovací údaje.',
+	'There is a space in the input password which might be the cause.' => 'Problém může být, že je v zadaném hesle mezera.',
 	'Adminer does not support accessing a database without a password, <a href="https://www.adminer.org/en/password/"%s>more information</a>.' => 'Adminer nepodporuje přístup k databázi bez hesla, <a href="https://www.adminer.org/cs/password/"%s>více informací</a>.',
 	'Database does not support password.' => 'Databáze nepodporuje heslo.',
 	'Too many unsuccessful logins, try again in %d minute(s).' => array('Příliš mnoho pokusů o přihlášení, zkuste to znovu za %d minutu.', 'Příliš mnoho pokusů o přihlášení, zkuste to znovu za %d minuty.', 'Příliš mnoho pokusů o přihlášení, zkuste to znovu za %d minut.'),
diff --git a/adminer/lang/xx.inc.php b/adminer/lang/xx.inc.php
index e9e0940e..25baa12a 100644
--- a/adminer/lang/xx.inc.php
+++ b/adminer/lang/xx.inc.php
@@ -12,6 +12,7 @@ $translations = array(
 	'Logout successful.' => 'Xx.',
 	'Thanks for using Adminer, consider <a href="https://www.adminer.org/en/donation/">donating</a>.' => 'Xx <a href="https://www.adminer.org/en/donation/">xx</a>.',
 	'Invalid credentials.' => 'Xx.',
+	'There is a space in the input password which might be the cause.' => 'Xx.',
 	'Adminer does not support accessing a database without a password, <a href="https://www.adminer.org/en/password/"%s>more information</a>.' => 'Xx, <a href="https://www.adminer.org/en/password/"%s>xx</a>.',
 	'Database does not support password.' => 'Xx.',
 	'Too many unsuccessful logins, try again in %d minute(s).' => array('Xx %d.', 'Xx %d.'),
diff --git a/changes.txt b/changes.txt
index 1676a5c2..82f0c242 100644
--- a/changes.txt
+++ b/changes.txt
@@ -1,4 +1,5 @@
 Adminer 4.6.4-dev:
+Warn when using password with leading or trailing spaces
 Fix inline editing of empty cells (regression from 4.6.3)
 Allow adding more than two indexes and forign key columns at a time (regression from 4.4.0)
 Fix function change with set data type