| 0,0 → 1,524 |
|---|
| <?php |
| /* $Id: cookie.auth.lib.php,v 2.55.2.1.4.1 2006/08/21 11:45:16 lem9 Exp $ */ |
| // vim: expandtab sw=4 ts=4 sts=4: |
| |
| // +--------------------------------------------------------------------------+ |
| // | Set of functions used to run cookie based authentication. | |
| // | Thanks to Piotr Roszatycki <d3xter at users.sourceforge.net> and | |
| // | Dan Wilson who built this patch for the Debian package. | |
| // +--------------------------------------------------------------------------+ |
| |
| |
| if (!isset($coming_from_common)) { |
| exit; |
| } |
| |
| // timestamp for login timeout |
| $current_time = time(); |
| |
| // Uses faster mcrypt library if available |
| // (Note: mcrypt.lib.php needs $cookie_path and $is_https) |
| if (function_exists('mcrypt_encrypt') || PMA_dl('mcrypt')) { |
| require_once('./libraries/mcrypt.lib.php'); |
| } else { |
| require_once('./libraries/blowfish.php'); |
| } |
| |
| /** |
| * Sorts available languages by their true names |
| * |
| * @param array the array to be sorted |
| * @param mixed a required parameter |
| * |
| * @return the sorted array |
| * |
| * @access private |
| */ |
| function PMA_cookie_cmp(&$a, $b) |
| { |
| return (strcmp($a[1], $b[1])); |
| } // end of the 'PMA_cmp()' function |
| |
| |
| /** |
| * Displays authentication form |
| * |
| * @global string the font face to use |
| * @global string the default font size to use |
| * @global string the big font size to use |
| * @global array the list of servers settings |
| * @global array the list of available translations |
| * @global string the current language |
| * @global integer the current server id |
| * @global string the currect charset for MySQL |
| * @global array the array of cookie variables if register_globals is |
| * off |
| * |
| * @return boolean always true (no return indeed) |
| * |
| * @access public |
| */ |
| function PMA_auth() |
| { |
| global $cfg, $lang, $server, $convcharset, $conn_error; |
| |
| // Tries to get the username from cookie whatever are the values of the |
| // 'register_globals' and the 'variables_order' directives if last login |
| // should be recalled, else skip the IE autocomplete feature. |
| if ($cfg['LoginCookieRecall'] && !empty($GLOBALS['cfg']['blowfish_secret'])) { |
| // username |
| // do not try to use pma_cookie_username as it was encoded differently |
| // in previous versions and would produce an undefined offset in blowfish |
| if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_username-' . $server])) { |
| $default_user = $_COOKIE['pma_cookie_username-' . $server]; |
| } |
| $decrypted_user = isset($default_user) ? PMA_blowfish_decrypt($default_user, $GLOBALS['cfg']['blowfish_secret']) : ''; |
| if (!empty($decrypted_user)) { |
| $pos = strrpos($decrypted_user, ':'); |
| $default_user = substr($decrypted_user, 0, $pos); |
| } else { |
| $default_user = ''; |
| } |
| // server name |
| if (!empty($GLOBALS['pma_cookie_servername'])) { |
| $default_server = $GLOBALS['pma_cookie_servername']; |
| } elseif (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_servername-' . $server])) { |
| $default_server = $_COOKIE['pma_cookie_servername-' . $server]; |
| } |
| |
| $autocomplete = ''; |
| } else { |
| $default_user = ''; |
| $autocomplete = ' autocomplete="off"'; |
| } |
| |
| $cell_align = ($GLOBALS['text_dir'] == 'ltr') ? 'left' : 'right'; |
| |
| // Defines the charset to be used |
| header('Content-Type: text/html; charset=' . $GLOBALS['charset']); |
| // Defines the "item" image depending on text direction |
| $item_img = $GLOBALS['pmaThemeImage'] . 'item_ltr.png'; |
| |
| /* HTML header */ |
| $page_title = 'phpMyAdmin ' . PMA_VERSION; |
| require('./libraries/header_meta_style.inc.php'); |
| ?> |
| <script type="text/javascript" language="javascript"> |
| //<![CDATA[ |
| // show login form in top frame |
| if (top != self) { |
| window.top.location.href=location; |
| } |
| //]]> |
| </script> |
| </head> |
| |
| <body class="loginform"> |
| |
| <?php require('./libraries/header_custom.inc.php'); ?> |
| |
| <a href="http://www.phpmyadmin.net" target="_blank" class="logo"><?php |
| $logo_image = $GLOBALS['pmaThemeImage'] . 'logo_right.png'; |
| if (@file_exists($logo_image)) { |
| echo '<img src="' . $logo_image . '" id="imLogo" name="imLogo" alt="phpMyAdmin" border="0" />'; |
| } else { |
| echo '<img name="imLogo" id="imLogo" src="' . $GLOBALS['pmaThemeImage'] . 'pma_logo.png' . '" ' |
| . 'border="0" width="88" height="31" alt="phpMyAdmin" />'; |
| } |
| ?></a> |
| <h1> |
| <?php |
| echo sprintf( $GLOBALS['strWelcome'], |
| '<bdo dir="ltr" xml:lang="en">phpMyAdmin ' . PMA_VERSION . '</bdo>'); |
| ?> |
| </h1> |
| <?php |
| |
| // Show error message |
| if ( !empty($conn_error)) { |
| echo '<div class="error"><h1>' . $GLOBALS['strError'] . '</h1>' . "\n"; |
| echo $conn_error . '</div>' . "\n"; |
| } |
| |
| // Displays the languages form |
| if (empty($cfg['Lang'])) { |
| echo "\n"; |
| require_once('./libraries/display_select_lang.lib.php'); |
| PMA_select_language(TRUE); |
| } |
| echo "\n\n"; |
| |
| // Displays the warning message and the login form |
| |
| if (empty($GLOBALS['cfg']['blowfish_secret'])) { |
| ?> |
| <div class="error"><h1><?php echo $GLOBALS['strError']; ?></h1> |
| <?php echo $GLOBALS['strSecretRequired']; ?> |
| </div> |
| <?php |
| require('./libraries/footer_custom.inc.php'); |
| echo ' </body>' . "\n" |
| . '</html>'; |
| exit(); |
| } |
| ?> |
| <br /> |
| <!-- Login form --> |
| <form method="post" action="index.php" name="login_form"<?php echo $autocomplete; ?> target="_top" class="login"> |
| <fieldset> |
| <legend><?php echo $GLOBALS['strLogin']; ?></legend> |
| |
| <?php if ($GLOBALS['cfg']['AllowArbitraryServer']) { ?> |
| <div class="item"> |
| <label for="input_servername"><?php echo $GLOBALS['strLogServer']; ?></label> |
| <input type="text" name="pma_servername" id="input_servername" value="<?php echo (isset($default_server) ? htmlspecialchars($default_server) : ''); ?>" size="24" class="textfield" /> |
| </div> |
| <?php } ?> |
| <div class="item"> |
| <label for="input_username"><?php echo $GLOBALS['strLogUsername']; ?></label> |
| <input type="text" name="pma_username" id="input_username" value="<?php echo (isset($default_user) ? htmlspecialchars($default_user) : ''); ?>" size="24" class="textfield" /> |
| </div> |
| <div class="item"> |
| <label for="input_password"><?php echo $GLOBALS['strLogPassword']; ?></label> |
| <input type="password" name="pma_password" id="input_password" value="" size="24" class="textfield" /> |
| </div> |
| <?php |
| if (count($cfg['Servers']) > 1) { |
| echo "\n"; |
| ?> |
| <div class="item"> |
| <label for="select_server"><?php echo $GLOBALS['strServerChoice']; ?>:</label> |
| <select name="server" id="select_server" |
| <?php |
| if ($GLOBALS['cfg']['AllowArbitraryServer']) { |
| echo ' onchange="document.forms[\'login_form\'].elements[\'pma_servername\'].value = \'\'" '; |
| } |
| ?> |
| > |
| <?php |
| require_once('./libraries/select_server.lib.php'); |
| PMA_select_server(FALSE, FALSE); |
| ?> |
| </select> |
| </div> |
| <?php |
| } else { |
| echo ' <input type="hidden" name="server" value="' . $server . '" />'; |
| } // end if (server choice) |
| ?> |
| </fieldset> |
| <fieldset class="tblFooters"> |
| <input value="<?php echo $GLOBALS['strGo']; ?>" type="submit" /> |
| <input type="hidden" name="lang" value="<?php echo $lang; ?>" /> |
| <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" /> |
| <?php |
| if (isset($GLOBALS['target'])) { |
| echo ' <input type="hidden" name="target" value="' . htmlspecialchars($GLOBALS['target']) . '" />' . "\n"; |
| } |
| if (isset($GLOBALS['db'])) { |
| echo ' <input type="hidden" name="db" value="' . htmlspecialchars($GLOBALS['db']) . '" />' . "\n"; |
| } |
| if (isset($GLOBALS['table'])) { |
| echo ' <input type="hidden" name="table" value="' . htmlspecialchars($GLOBALS['table']) . '" />' . "\n"; |
| } |
| ?> |
| </fieldset> |
| </form> |
| |
| <div class="notice"><?php echo $GLOBALS['strCookiesRequired']; ?></div> |
| |
| <?php |
| if ( ! empty( $GLOBALS['PMA_errors'] ) && is_array( $GLOBALS['PMA_errors'] ) ) { |
| foreach ( $GLOBALS['PMA_errors'] as $error ) { |
| echo '<div class="error">' . $error . '</div>' . "\n"; |
| } |
| } |
| ?> |
| |
| <script type="text/javascript" language="javascript"> |
| <!-- |
| var uname = document.forms['login_form'].elements['pma_username']; |
| var pword = document.forms['login_form'].elements['pma_password']; |
| if (uname.value == '') { |
| uname.focus(); |
| } else { |
| pword.focus(); |
| } |
| //--> |
| </script> |
| |
| <?php require('./libraries/footer_custom.inc.php'); ?> |
| |
| </body> |
| |
| </html> |
| <?php |
| exit(); |
| |
| return TRUE; |
| } // end of the 'PMA_auth()' function |
| |
| |
| /** |
| * Gets advanced authentication settings |
| * |
| * @global string the username if register_globals is on |
| * @global string the password if register_globals is on |
| * @global array the array of cookie variables if register_globals is |
| * off |
| * @global string the servername sent by the login form |
| * @global string the username sent by the login form |
| * @global string the password sent by the login form |
| * @global string the username of the user who logs out |
| * @global boolean whether the login/password pair is grabbed from a |
| * cookie or not |
| * |
| * @return boolean whether we get authentication settings or not |
| * |
| * @access public |
| */ |
| function PMA_auth_check() |
| { |
| global $PHP_AUTH_USER, $PHP_AUTH_PW, $pma_auth_server; |
| global $pma_servername, $pma_username, $pma_password, $old_usr, $server; |
| global $from_cookie; |
| |
| // avoid an error in mcrypt |
| if (empty($GLOBALS['cfg']['blowfish_secret'])) { |
| return FALSE; |
| } |
| |
| // Initialization |
| $PHP_AUTH_USER = $PHP_AUTH_PW = ''; |
| $from_cookie = FALSE; |
| $from_form = FALSE; |
| |
| // The user wants to be logged out -> delete password cookie |
| if (!empty($old_usr)) { |
| setcookie('pma_cookie_password-' . $server, '', 0, $GLOBALS['cookie_path'], '', $GLOBALS['is_https']); |
| } |
| |
| // The user just logged in |
| elseif (!empty($pma_username)) { |
| $PHP_AUTH_USER = $pma_username; |
| $PHP_AUTH_PW = (empty($pma_password)) ? '' : $pma_password; |
| if ($GLOBALS['cfg']['AllowArbitraryServer']) { |
| $pma_auth_server = $pma_servername; |
| } |
| $from_form = TRUE; |
| } |
| |
| // At the end, try to set the $PHP_AUTH_USER & $PHP_AUTH_PW variables |
| // from cookies whatever are the values of the 'register_globals' and |
| // the 'variables_order' directives |
| else { |
| if ($GLOBALS['cfg']['AllowArbitraryServer']) { |
| // servername |
| if (!empty($pma_cookie_servername)) { |
| $pma_auth_server = $pma_cookie_servername; |
| $from_cookie = TRUE; |
| } elseif (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_servername-' . $server])) { |
| $pma_auth_server = $_COOKIE['pma_cookie_servername-' . $server]; |
| $from_cookie = TRUE; |
| } |
| } |
| |
| // username |
| if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_username-' . $server])) { |
| $PHP_AUTH_USER = $_COOKIE['pma_cookie_username-' . $server]; |
| $from_cookie = TRUE; |
| } |
| $decrypted_user = PMA_blowfish_decrypt($PHP_AUTH_USER, $GLOBALS['cfg']['blowfish_secret']); |
| if (!empty($decrypted_user)) { |
| $pos = strrpos($decrypted_user, ':'); |
| $PHP_AUTH_USER = substr($decrypted_user, 0, $pos); |
| $decrypted_time = (int)substr($decrypted_user, $pos + 1); |
| } else { |
| $decrypted_time = 0; |
| } |
| |
| // User inactive too long |
| if ($decrypted_time > 0 && $decrypted_time < $GLOBALS['current_time'] - $GLOBALS['cfg']['LoginCookieValidity']) { |
| // Display an error message only if the inactivity has lasted |
| // less than 4 times the timeout value. This is to avoid |
| // alerting users with a error after "much" time has passed, |
| // for example next morning. |
| if ($decrypted_time > $GLOBALS['current_time'] - ($GLOBALS['cfg']['LoginCookieValidity'] * 4)) { |
| $GLOBALS['no_activity'] = TRUE; |
| PMA_auth_fails(); |
| } |
| return FALSE; |
| } |
| |
| // password |
| if (!empty($pma_cookie_password)) { |
| $PHP_AUTH_PW = $pma_cookie_password; |
| } elseif (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_password-' . $server])) { |
| $PHP_AUTH_PW = $_COOKIE['pma_cookie_password-' . $server]; |
| } else { |
| $from_cookie = FALSE; |
| } |
| $PHP_AUTH_PW = PMA_blowfish_decrypt($PHP_AUTH_PW, $GLOBALS['cfg']['blowfish_secret'] . $decrypted_time); |
| |
| if ($PHP_AUTH_PW == "\xff(blank)") { |
| $PHP_AUTH_PW = ''; |
| } |
| } |
| |
| // Returns whether we get authentication settings or not |
| if (!$from_cookie && !$from_form) { |
| return FALSE; |
| } elseif ($from_cookie) { |
| return TRUE; |
| } else { |
| // we don't need to strip here, it is done in grab_globals |
| return TRUE; |
| } |
| } // end of the 'PMA_auth_check()' function |
| |
| |
| /** |
| * Set the user and password after last checkings if required |
| * |
| * @global array the valid servers settings |
| * @global integer the id of the current server |
| * @global array the current server settings |
| * @global string the current username |
| * @global string the current password |
| * @global boolean whether the login/password pair has been grabbed from |
| * a cookie or not |
| * |
| * @return boolean always true |
| * |
| * @access public |
| */ |
| function PMA_auth_set_user() |
| { |
| global $cfg, $server; |
| global $PHP_AUTH_USER, $PHP_AUTH_PW, $pma_auth_server; |
| global $from_cookie; |
| |
| // Ensures valid authentication mode, 'only_db', bookmark database and |
| // table names and relation table name are used |
| if ($cfg['Server']['user'] != $PHP_AUTH_USER) { |
| $servers_cnt = count($cfg['Servers']); |
| for ($i = 1; $i <= $servers_cnt; $i++) { |
| if (isset($cfg['Servers'][$i]) |
| && ($cfg['Servers'][$i]['host'] == $cfg['Server']['host'] && $cfg['Servers'][$i]['user'] == $PHP_AUTH_USER)) { |
| $server = $i; |
| $cfg['Server'] = $cfg['Servers'][$i]; |
| break; |
| } |
| } // end for |
| } // end if |
| |
| $pma_server_changed = FALSE; |
| if ($GLOBALS['cfg']['AllowArbitraryServer'] |
| && isset($pma_auth_server) && !empty($pma_auth_server) |
| && ($cfg['Server']['host'] != $pma_auth_server) |
| ) { |
| $cfg['Server']['host'] = $pma_auth_server; |
| $pma_server_changed = TRUE; |
| } |
| $cfg['Server']['user'] = $PHP_AUTH_USER; |
| $cfg['Server']['password'] = $PHP_AUTH_PW; |
| |
| // Name and password cookies needs to be refreshed each time |
| // Duration = one month for username |
| setcookie('pma_cookie_username-' . $server, |
| PMA_blowfish_encrypt($cfg['Server']['user'] . ':' . $GLOBALS['current_time'], |
| $GLOBALS['cfg']['blowfish_secret']), |
| time() + (60 * 60 * 24 * 30), |
| $GLOBALS['cookie_path'], '', |
| $GLOBALS['is_https']); |
| |
| // Duration = till the browser is closed for password (we don't want this to be saved) |
| setcookie('pma_cookie_password-' . $server, |
| PMA_blowfish_encrypt(!empty($cfg['Server']['password']) ? $cfg['Server']['password'] : "\xff(blank)", |
| $GLOBALS['cfg']['blowfish_secret'] . $GLOBALS['current_time']), |
| 0, |
| $GLOBALS['cookie_path'], '', |
| $GLOBALS['is_https']); |
| |
| // Set server cookies if required (once per session) and, in this case, force |
| // reload to ensure the client accepts cookies |
| if (!$from_cookie) { |
| if ($GLOBALS['cfg']['AllowArbitraryServer']) { |
| if (isset($pma_auth_server) && !empty($pma_auth_server) && $pma_server_changed) { |
| // Duration = one month for serverrname |
| setcookie('pma_cookie_servername-' . $server, |
| $cfg['Server']['host'], |
| time() + (60 * 60 * 24 * 30), |
| $GLOBALS['cookie_path'], '', |
| $GLOBALS['is_https']); |
| } else { |
| // Delete servername cookie |
| setcookie('pma_cookie_servername-' . $server, '', 0, $GLOBALS['cookie_path'], '', $GLOBALS['is_https']); |
| } |
| } |
| |
| // URL where to go: |
| $redirect_url = $cfg['PmaAbsoluteUri'] . 'index.php'; |
| |
| // any parameters to pass? |
| $url_params = array(); |
| if ( isset($GLOBALS['db']) && strlen($GLOBALS['db']) ) { |
| $url_params['db'] = $GLOBALS['db']; |
| } |
| if ( isset($GLOBALS['table']) && strlen($GLOBALS['table']) ) { |
| $url_params['table'] = $GLOBALS['table']; |
| } |
| // Language change from the login panel needs to be remembered |
| if ( ! empty($GLOBALS['lang']) ) { |
| $url_params['lang'] = $GLOBALS['lang']; |
| } |
| // any target to pass? |
| if ( ! empty($GLOBALS['target']) && $GLOBALS['target'] != 'index.php' ) { |
| $url_params['target'] = $GLOBALS['target']; |
| } |
| |
| define('PMA_COMING_FROM_COOKIE_LOGIN',1); |
| PMA_sendHeaderLocation( $redirect_url . PMA_generate_common_url( $url_params, '&' ) ); |
| exit(); |
| } // end if |
| |
| return TRUE; |
| } // end of the 'PMA_auth_set_user()' function |
| |
| |
| /** |
| * User is not allowed to login to MySQL -> authentication failed |
| * |
| * @return boolean always true (no return indeed) |
| * |
| * @access public |
| */ |
| function PMA_auth_fails() |
| { |
| global $conn_error, $server; |
| |
| // Deletes password cookie and displays the login form |
| setcookie('pma_cookie_password-' . $server, '', 0, $GLOBALS['cookie_path'], '', $GLOBALS['is_https']); |
| |
| if (isset($GLOBALS['allowDeny_forbidden']) && $GLOBALS['allowDeny_forbidden']) { |
| $conn_error = $GLOBALS['strAccessDenied']; |
| } elseif (isset($GLOBALS['no_activity']) && $GLOBALS['no_activity']) { |
| $conn_error = sprintf($GLOBALS['strNoActivity'], $GLOBALS['cfg']['LoginCookieValidity']); |
| // Remember where we got timeout to return on same place |
| if (PMA_getenv('SCRIPT_NAME')) { |
| $GLOBALS['target'] = basename(PMA_getenv('SCRIPT_NAME')); |
| } |
| } elseif (PMA_DBI_getError()) { |
| $conn_error = PMA_sanitize(PMA_DBI_getError()); |
| } elseif (isset($php_errormsg)) { |
| $conn_error = $php_errormsg; |
| } else { |
| $conn_error = $GLOBALS['strCannotLogin']; |
| } |
| |
| PMA_auth(); |
| |
| return TRUE; |
| } // end of the 'PMA_auth_fails()' function |
| |
| ?> |