user_password.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * displays and handles the form where the user can change his password
   5  * linked from index.php
   6  *
   7  * @package PhpMyAdmin
   8  */
   9 declare(strict_types=1);
  10
  11 use PhpMyAdmin\DatabaseInterface;
  12 use PhpMyAdmin\Display\ChangePassword;
  13 use PhpMyAdmin\Message;
  14 use PhpMyAdmin\Response;
  15 use PhpMyAdmin\UserPassword;
  16
  17 if (! defined('ROOT_PATH')) {
  18     define('ROOT_PATH', __DIR__ . DIRECTORY_SEPARATOR);
  19 }
  20
  21 global $cfg;
  22
  23 require_once ROOT_PATH . 'libraries/common.inc.php';
  24
  25 /** @var Response $response */
  26 $response = $containerBuilder->get(Response::class);
  27
  28 /** @var DatabaseInterface $dbi */
  29 $dbi = $containerBuilder->get(DatabaseInterface::class);
  30
  31 $header = $response->getHeader();
  32 $scripts = $header->getScripts();
  33 $scripts->addFile('server/privileges.js');
  34 $scripts->addFile('vendor/zxcvbn.js');
  35
  36 /** @var UserPassword $userPassword */
  37 $userPassword = $containerBuilder->get('user_password');
  38
  39 /**
  40  * Displays an error message and exits if the user isn't allowed to use this
  41  * script
  42  */
  43 if (! $cfg['ShowChgPassword']) {
  44     $cfg['ShowChgPassword'] = $dbi->selectDb('mysql');
  45 }
  46 if ($cfg['Server']['auth_type'] == 'config' || ! $cfg['ShowChgPassword']) {
  47     Message::error(
  48         __('You don\'t have sufficient privileges to be here right now!')
  49     )->display();
  50     exit;
  51 } // end if
  52
  53 /**
  54  * If the "change password" form has been submitted, checks for valid values
  55  * and submit the query or logout
  56  */
  57 if (isset($_POST['nopass'])) {
  58     if ($_POST['nopass'] == '1') {
  59         $password = '';
  60     } else {
  61         $password = $_POST['pma_pw'];
  62     }
  63     $change_password_message = $userPassword->setChangePasswordMsg();
  64     $msg = $change_password_message['msg'];
  65     if (! $change_password_message['error']) {
  66         $userPassword->changePassword($password, $msg, $change_password_message);
  67     } else {
  68         $userPassword->getChangePassMessage($change_password_message);
  69     }
  70 }
  71
  72 /**
  73  * If the "change password" form hasn't been submitted or the values submitted
  74  * aren't valid -> displays the form
  75  */
  76
  77 // Displays an error message if required
  78 if (isset($msg)) {
  79     $msg->display();
  80     unset($msg);
  81 }
  82
  83 echo ChangePassword::getHtml('change_pw', $username, $hostname);
  84 exit;