nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed an infinite loop problem with cookie auth mode

Browse Source
This commit is contained in:
Loïc Chapeaux
2002-05-04 13:25:44 +00:00
parent 337e654b55
commit 0cd849d854
2 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@@ -8,6 +8,8 @@ $Source$
2002-05-04 Lo<4C>c Chapeaux <lolo@phpheaven.net> 2002-05-04 Lo<4C>c Chapeaux <lolo@phpheaven.net>
* user_details.php3, line 984: do not use "mysql_result" if the query * user_details.php3, line 984: do not use "mysql_result" if the query
fails. fails.
* libraries/auth/cookie.auth.lib.php3: fixed an infinite loop problem.
* tbl_qbe.php3: cleaned up a bit.
2002-05-03 Lo<4C>c Chapeaux <lolo@phpheaven.net> 2002-05-03 Lo<4C>c Chapeaux <lolo@phpheaven.net>
* lang/italian.inc.php3: updated, thanks to Pietro Danesi. * lang/italian.inc.php3: updated, thanks to Pietro Danesi.

16
libraries/auth/cookie.auth.lib.php3
View File

@@ -278,6 +278,7 @@ if (uname.value == '') {
// Initialization // Initialization
$PHP_AUTH_USER = $PHP_AUTH_PW = ''; $PHP_AUTH_USER = $PHP_AUTH_PW = '';
$from_cookie = FALSE; $from_cookie = FALSE;
$from_form = FALSE;
// The user wants to be logged out -> delete password cookie // The user wants to be logged out -> delete password cookie
if (!empty($old_usr)) { if (!empty($old_usr)) {
@@ -288,6 +289,7 @@ if (uname.value == '') {
else if (!empty($pma_username)) { else if (!empty($pma_username)) {
$PHP_AUTH_USER = $pma_username; $PHP_AUTH_USER = $pma_username;
$PHP_AUTH_PW = (empty($pma_password)) ? '' : $pma_password; $PHP_AUTH_PW = (empty($pma_password)) ? '' : $pma_password;
$from_form = TRUE;
} }
// At the end, try to set the $PHP_AUTH_USER & $PHP_AUTH_PW variables // At the end, try to set the $PHP_AUTH_USER & $PHP_AUTH_PW variables
@@ -318,7 +320,7 @@ if (uname.value == '') {
} }
// Returns whether we get authentication settings or not // Returns whether we get authentication settings or not
if (empty($PHP_AUTH_USER)) { if (!$from_cookie && !$from_form) {
return FALSE; return FALSE;
} else { } else {
if (get_magic_quotes_gpc()) { if (get_magic_quotes_gpc()) {
@@ -351,7 +353,8 @@ if (uname.value == '') {
global $PHP_AUTH_USER, $PHP_AUTH_PW; global $PHP_AUTH_USER, $PHP_AUTH_PW;
global $from_cookie; global $from_cookie;
// Ensures the valid 'only_db' setting is used // Ensures valid authentication mode, 'only_db', bookmark database and
// table names and relation table name are used
if ($cfg['Server']['user'] != $PHP_AUTH_USER) { if ($cfg['Server']['user'] != $PHP_AUTH_USER) {
$servers_cnt = count($cfg['Servers']); $servers_cnt = count($cfg['Servers']);
for ($i = 1; $i <= $servers_cnt; $i++) { for ($i = 1; $i <= $servers_cnt; $i++) {
@@ -367,7 +370,8 @@ if (uname.value == '') {
$cfg['Server']['user'] = $PHP_AUTH_USER; $cfg['Server']['user'] = $PHP_AUTH_USER;
$cfg['Server']['password'] = $PHP_AUTH_PW; $cfg['Server']['password'] = $PHP_AUTH_PW;
// Set cookies if required (once per session) // Set cookies if required (once per session) and, in this case, force
// reload to ensure the client accepts cookies
if (!$from_cookie) { if (!$from_cookie) {
// Duration = one month for username // Duration = one month for username
setcookie('pma_cookie_username', setcookie('pma_cookie_username',
@@ -381,14 +385,10 @@ if (uname.value == '') {
0, 0,
$GLOBALS['cookie_path'], '', $GLOBALS['cookie_path'], '',
$GLOBALS['is_https']); $GLOBALS['is_https']);
} // end if
// Force reload when cookies are created for the first time to ensure
// the client accept cookies
if (!$from_cookie) {
header('Location: ' . $cfg['PmaAbsoluteUri'] . 'index.php3?lang=' . $GLOBALS['lang'] . '&server=' . $server); header('Location: ' . $cfg['PmaAbsoluteUri'] . 'index.php3?lang=' . $GLOBALS['lang'] . '&server=' . $server);
exit(); exit();
} } // end if
return TRUE; return TRUE;
} // end of the 'PMA_auth_set_user()' function } // end of the 'PMA_auth_set_user()' function