user_password.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * displays and handles the form where the user can change his password
   5  * linked from index.php
   6  *
   7  * @package PhpMyAdmin
   8  */
   9 declare(strict_types=1);
  10
  11 use PhpMyAdmin\DatabaseInterface;
  12 use PhpMyAdmin\Di\Container;
  13 use PhpMyAdmin\Display\ChangePassword;
  14 use PhpMyAdmin\Message;
  15 use PhpMyAdmin\Server\Privileges;
  16 use PhpMyAdmin\Relation;
  17 use PhpMyAdmin\RelationCleanup;
  18 use PhpMyAdmin\Response;
  19 use PhpMyAdmin\Template;
  20 use PhpMyAdmin\UserPassword;
  21
  22 if (! defined('ROOT_PATH')) {
  23     define('ROOT_PATH', __DIR__ . DIRECTORY_SEPARATOR);
  24 }
  25
  26 global $cfg;
  27
  28 require_once ROOT_PATH . 'libraries/common.inc.php';
  29
  30 $container = Container::getDefaultContainer();
  31 $container->set(Response::class, Response::getInstance());
  32
  33 /** @var Response $response */
  34 $response = $container->get(Response::class);
  35
  36 /** @var DatabaseInterface $dbi */
  37 $dbi = $container->get(DatabaseInterface::class);
  38
  39 $header = $response->getHeader();
  40 $scripts = $header->getScripts();
  41 $scripts->addFile('server_privileges.js');
  42 $scripts->addFile('vendor/zxcvbn.js');
  43
  44 /** @var Template $template */
  45 $template = $containerBuilder->get('template');
  46 /** @var Relation $relation */
  47 $relation = $containerBuilder->get('relation');
  48 $relationCleanup = new RelationCleanup($dbi, $relation);
  49 $serverPrivileges = new Privileges($template, $dbi, $relation, $relationCleanup);
  50 $userPassword = new UserPassword($serverPrivileges);
  51
  52 /**
  53  * Displays an error message and exits if the user isn't allowed to use this
  54  * script
  55  */
  56 if (! $cfg['ShowChgPassword']) {
  57     $cfg['ShowChgPassword'] = $dbi->selectDb('mysql');
  58 }
  59 if ($cfg['Server']['auth_type'] == 'config' || ! $cfg['ShowChgPassword']) {
  60     Message::error(
  61         __('You don\'t have sufficient privileges to be here right now!')
  62     )->display();
  63     exit;
  64 } // end if
  65
  66 /**
  67  * If the "change password" form has been submitted, checks for valid values
  68  * and submit the query or logout
  69  */
  70 if (isset($_POST['nopass'])) {
  71     if ($_POST['nopass'] == '1') {
  72         $password = '';
  73     } else {
  74         $password = $_POST['pma_pw'];
  75     }
  76     $change_password_message = $userPassword->setChangePasswordMsg();
  77     $msg = $change_password_message['msg'];
  78     if (! $change_password_message['error']) {
  79         $userPassword->changePassword($password, $msg, $change_password_message);
  80     } else {
  81         $userPassword->getChangePassMessage($change_password_message);
  82     }
  83 }
  84
  85 /**
  86  * If the "change password" form hasn't been submitted or the values submitted
  87  * aren't valid -> displays the form
  88  */
  89
  90 // Displays an error message if required
  91 if (isset($msg)) {
  92     $msg->display();
  93     unset($msg);
  94 }
  95
  96 echo ChangePassword::getHtml('change_pw', $username, $hostname);
  97 exit;