-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
Expand file tree
/
Copy pathUserPasswordController.php
More file actions
124 lines (98 loc) · 4.38 KB
/
UserPasswordController.php
File metadata and controls
124 lines (98 loc) · 4.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
<?php
declare(strict_types=1);
namespace PhpMyAdmin\Controllers;
use PhpMyAdmin\Config;
use PhpMyAdmin\Dbal\DatabaseInterface;
use PhpMyAdmin\Exceptions\UserPasswordUpdateFailure;
use PhpMyAdmin\Html\Generator;
use PhpMyAdmin\Http\Response;
use PhpMyAdmin\Http\ServerRequest;
use PhpMyAdmin\Message;
use PhpMyAdmin\MessageType;
use PhpMyAdmin\ResponseRenderer;
use PhpMyAdmin\Routing\Route;
use PhpMyAdmin\Url;
use PhpMyAdmin\UserPassword;
use function __;
/**
* Displays and handles the form where the user can change their password.
*/
#[Route('/user-password', ['GET', 'POST'])]
final readonly class UserPasswordController implements InvocableController
{
public function __construct(
private ResponseRenderer $response,
private UserPassword $userPassword,
private DatabaseInterface $dbi,
private Config $config,
) {
}
public function __invoke(ServerRequest $request): Response
{
$this->response->addScriptFiles(['server/privileges.js', 'vendor/zxcvbn-ts.js']);
/**
* Displays an error message and exits if the user isn't allowed to use this
* script
*/
$hasAccessPrivilege = $this->config->config->ShowChgPassword || $this->dbi->selectDb('mysql');
if ($this->config->selectedServer['auth_type'] === 'config' || ! $hasAccessPrivilege) {
$this->response->addHTML(Message::error(
__('You don\'t have sufficient privileges to be here right now!'),
)->getDisplay());
return $this->response->response();
}
$noPass = $request->getParsedBodyParamAsStringOrNull('nopass');
/**
* If the "change password" form has been submitted, checks for valid values
* and submit the query or logout
*/
if ($noPass !== null) {
$pmaPw = $request->getParsedBodyParamAsString('pma_pw');
$pmaPw2 = $request->getParsedBodyParamAsString('pma_pw2');
$password = $noPass === '1' ? '' : $pmaPw;
$changePasswordMessage = $this->userPassword->setChangePasswordMsg($pmaPw, $pmaPw2, $noPass === '1');
$message = $changePasswordMessage['msg'];
if (! $changePasswordMessage['error']) {
try {
$sqlQuery = $this->userPassword->changePassword(
$password,
$request->getParsedBodyParamAsStringOrNull('authentication_plugin'),
);
} catch (UserPasswordUpdateFailure $exception) {
if ($request->isAjax()) {
$this->response->setRequestStatus(false);
$this->response->addJSON('message', $exception->getMessage());
return $this->response->response();
}
$backUrlHtml = Generator::getBackUrlHtml(Url::getFromRoute('/user-password'));
$this->response->addHTML($exception->getMessage() . $backUrlHtml);
return $this->response->response();
}
if ($request->isAjax()) {
$sqlQuery = Generator::getMessage($changePasswordMessage['msg'], $sqlQuery, MessageType::Success);
$this->response->addJSON('message', $sqlQuery);
return $this->response->response();
}
$this->response->addHTML('<h1>' . __('Change password') . '</h1>' . "\n\n");
$this->response->addHTML(Generator::getMessage($message, $sqlQuery, MessageType::Success));
$this->response->render('user_password', []);
return $this->response->response();
}
if ($request->isAjax()) {
$this->response->addJSON('message', $changePasswordMessage['msg']);
$this->response->setRequestStatus(false);
return $this->response->response();
}
}
/**
* If the "change password" form hasn't been submitted or the values submitted
* aren't valid -> displays the form
*/
// Displays an error message if required
if (isset($message)) {
$this->response->addHTML($message->getDisplay());
}
$this->response->addHTML($this->userPassword->getFormForChangePassword('', '', $request->getRoute()));
return $this->response->response();
}
}