Fixed an infinite loop problem with cookie auth mode

2002-05-04 13:25:44 +00:00
parent 337e654b55
commit 0cd849d854
2 changed files with 11 additions and 9 deletions
--- a/2
+++ b/2
@@ -8,6 +8,8 @@ $Source$
 2002-05-04 Lo<4C>c Chapeaux  <lolo@phpheaven.net>
    * user_details.php3, line 984: do not use "mysql_result" if the query
      fails.
+    * libraries/auth/cookie.auth.lib.php3: fixed an infinite loop problem.
+    * tbl_qbe.php3: cleaned up a bit.

 2002-05-03 Lo<4C>c Chapeaux  <lolo@phpheaven.net>
    * lang/italian.inc.php3: updated, thanks to Pietro Danesi.
--- a/libraries/auth/cookie.auth.lib.php3
+++ b/libraries/auth/cookie.auth.lib.php3
@@ -278,6 +278,7 @@ if (uname.value == '') {
        // Initialization
        $PHP_AUTH_USER = $PHP_AUTH_PW = '';
        $from_cookie   = FALSE;
+        $from_form     = FALSE;

        // The user wants to be logged out -> delete password cookie
        if (!empty($old_usr)) {
@@ -288,6 +289,7 @@ if (uname.value == '') {
        else if (!empty($pma_username)) {
            $PHP_AUTH_USER = $pma_username;
            $PHP_AUTH_PW   = (empty($pma_password)) ? '' : $pma_password;
+            $from_form     = TRUE;
        }

        // At the end, try to set the $PHP_AUTH_USER & $PHP_AUTH_PW variables
@@ -318,7 +320,7 @@ if (uname.value == '') {
        }

        // Returns whether we get authentication settings or not
-        if (empty($PHP_AUTH_USER)) {
+        if (!$from_cookie && !$from_form) {
            return FALSE;
        } else {
            if (get_magic_quotes_gpc()) {
@@ -351,13 +353,14 @@ if (uname.value == '') {
        global $PHP_AUTH_USER, $PHP_AUTH_PW;
        global $from_cookie;

-        // Ensures the valid 'only_db' setting is used
+        // Ensures valid authentication mode, 'only_db', bookmark database and
+        // table names and relation table name are used
        if ($cfg['Server']['user'] != $PHP_AUTH_USER) {
            $servers_cnt = count($cfg['Servers']);
            for ($i = 1; $i <= $servers_cnt; $i++) {
                if (isset($cfg['Servers'][$i])
                    && ($cfg['Servers'][$i]['host'] == $cfg['Server']['host'] && $cfg['Servers'][$i]['user'] == $PHP_AUTH_USER)) {
-                    $server    = $i;
+                    $server        = $i;
                    $cfg['Server'] = $cfg['Servers'][$i];
                    break;
                }
@@ -367,7 +370,8 @@ if (uname.value == '') {
        $cfg['Server']['user']     = $PHP_AUTH_USER;
        $cfg['Server']['password'] = $PHP_AUTH_PW;

-        // Set cookies if required (once per session)
+        // Set cookies if required (once per session) and, in this case, force
+        // reload to ensure the client accepts cookies
        if (!$from_cookie) {
            // Duration = one month for username
            setcookie('pma_cookie_username',
@@ -381,14 +385,10 @@ if (uname.value == '') {
                0,
                $GLOBALS['cookie_path'], '',
                $GLOBALS['is_https']);
-        } // end if

-        // Force reload when cookies are created for the first time to ensure
-        // the client accept cookies
-        if (!$from_cookie) {
            header('Location: ' . $cfg['PmaAbsoluteUri'] . 'index.php3?lang=' . $GLOBALS['lang'] . '&server=' . $server);
            exit();
-        }
+        } // end if

        return TRUE;
    } // end of the 'PMA_auth_set_user()' function