3 declare(strict_types
=1);
5 namespace PhpMyAdmin\Controllers
;
8 use PhpMyAdmin\DatabaseInterface
;
9 use PhpMyAdmin\Html\Generator
;
10 use PhpMyAdmin\Http\ServerRequest
;
11 use PhpMyAdmin\Message
;
12 use PhpMyAdmin\ResponseRenderer
;
13 use PhpMyAdmin\Template
;
14 use PhpMyAdmin\UserPassword
;
19 * Displays and handles the form where the user can change their password.
21 class UserPasswordController
extends AbstractController
23 public function __construct(
24 ResponseRenderer
$response,
26 private UserPassword
$userPassword,
27 private DatabaseInterface
$dbi,
29 parent
::__construct($response, $template);
32 public function __invoke(ServerRequest
$request): void
34 $GLOBALS['hostname'] ??
= null;
35 $GLOBALS['username'] ??
= null;
36 $GLOBALS['change_password_message'] ??
= null;
37 $GLOBALS['msg'] ??
= null;
39 $this->addScriptFiles(['server/privileges.js', 'vendor/zxcvbn-ts.js']);
41 $config = Config
::getInstance();
43 * Displays an error message and exits if the user isn't allowed to use this
46 if (! $config->settings
['ShowChgPassword']) {
47 $config->settings
['ShowChgPassword'] = $this->dbi
->selectDb('mysql');
50 if ($config->selectedServer
['auth_type'] === 'config' ||
! $config->settings
['ShowChgPassword']) {
51 $this->response
->addHTML(Message
::error(
52 __('You don\'t have sufficient privileges to be here right now!'),
58 $noPass = $request->getParsedBodyParam('nopass');
59 $pmaPw = $request->getParsedBodyParam('pma_pw');
60 $pmaPw2 = $request->getParsedBodyParam('pma_pw2');
63 * If the "change password" form has been submitted, checks for valid values
64 * and submit the query or logout
66 if ($noPass !== null) {
67 $password = $noPass == '1' ?
'' : $pmaPw;
68 $GLOBALS['change_password_message'] = $this->userPassword
->setChangePasswordMsg(
73 $GLOBALS['msg'] = $GLOBALS['change_password_message']['msg'];
75 if (! $GLOBALS['change_password_message']['error']) {
76 $sqlQuery = $this->userPassword
->changePassword(
78 $request->getParsedBodyParam('authentication_plugin'),
81 if ($request->isAjax()) {
82 $sqlQuery = Generator
::getMessage($GLOBALS['change_password_message']['msg'], $sqlQuery, 'success');
83 $this->response
->addJSON('message', $sqlQuery);
88 $this->response
->addHTML('<h1>' . __('Change password') . '</h1>' . "\n\n");
89 $this->response
->addHTML(Generator
::getMessage($GLOBALS['msg'], $sqlQuery, 'success'));
90 $this->render('user_password');
95 if ($request->isAjax()) {
96 $this->response
->addJSON('message', $GLOBALS['change_password_message']['msg']);
97 $this->response
->setRequestStatus(false);
104 * If the "change password" form hasn't been submitted or the values submitted
105 * aren't valid -> displays the form
108 // Displays an error message if required
109 if (isset($GLOBALS['msg'])) {
110 $this->response
->addHTML($GLOBALS['msg']->getDisplay());
113 $this->response
->addHTML($this->userPassword
->getFormForChangePassword(
114 $GLOBALS['username'],
115 $GLOBALS['hostname'],
116 $request->getRoute(),