nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use one cookie set for each server, not just one global (patch #952917, bug #687009).

Browse Source
This commit is contained in:
Michal Čihař
2004-05-14 10:05:15 +00:00
parent ad8470c4ba
commit 22b5117239
2 changed files with 22 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@@ -5,6 +5,10 @@ phpMyAdmin - Changelog
$Id$ $Id$
$Source$ $Source$
2004-05-14 Michal Čihař <michal@cihar.com>
* libraries/auth/cookie.auth.lib.php: Use one cookie set for each server,
not just one global (patch #952917, bug #687009).
2004-05-13 Michal Čihař <michal@cihar.com> 2004-05-13 Michal Čihař <michal@cihar.com>
* libraries/export/sql.php: Minor optimalisations. * libraries/export/sql.php: Minor optimalisations.
* sql.php, tbl_replace.php, libraries/display_tbl.lib.php: Use same code * sql.php, tbl_replace.php, libraries/display_tbl.lib.php: Use same code

36
libraries/auth/cookie.auth.lib.php
View File

@@ -151,8 +151,8 @@ function PMA_auth()
if (!empty($GLOBALS['pma_cookie_username'])) { if (!empty($GLOBALS['pma_cookie_username'])) {
$default_user = $GLOBALS['pma_cookie_username']; $default_user = $GLOBALS['pma_cookie_username'];
} }
else if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_username'])) { else if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_username-' . $server])) {
$default_user = $_COOKIE['pma_cookie_username']; $default_user = $_COOKIE['pma_cookie_username-' . $server];
} }
$decrypted_user = isset($default_user) ? PMA_blowfish_decrypt($default_user, $GLOBALS['cfg']['blowfish_secret']) : ''; $decrypted_user = isset($default_user) ? PMA_blowfish_decrypt($default_user, $GLOBALS['cfg']['blowfish_secret']) : '';
$pos = strrpos($decrypted_user, ':'); $pos = strrpos($decrypted_user, ':');
@@ -162,8 +162,8 @@ function PMA_auth()
if (!empty($GLOBALS['pma_cookie_servername'])) { if (!empty($GLOBALS['pma_cookie_servername'])) {
$default_server = $GLOBALS['pma_cookie_servername']; $default_server = $GLOBALS['pma_cookie_servername'];
} }
else if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_servername'])) { else if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_servername-' . $server])) {
$default_server = $_COOKIE['pma_cookie_servername']; $default_server = $_COOKIE['pma_cookie_servername-' . $server];
} }
if (isset($default_server) && get_magic_quotes_gpc()) { if (isset($default_server) && get_magic_quotes_gpc()) {
$default_server = stripslashes($default_server); $default_server = stripslashes($default_server);
@@ -410,7 +410,7 @@ if (uname.value == '') {
function PMA_auth_check() function PMA_auth_check()
{ {
global $PHP_AUTH_USER, $PHP_AUTH_PW, $pma_auth_server; global $PHP_AUTH_USER, $PHP_AUTH_PW, $pma_auth_server;
global $pma_servername, $pma_username, $pma_password, $old_usr; global $pma_servername, $pma_username, $pma_password, $old_usr, $server;
global $from_cookie; global $from_cookie;
// Initialization // Initialization
@@ -420,7 +420,7 @@ function PMA_auth_check()
// The user wants to be logged out -> delete password cookie // The user wants to be logged out -> delete password cookie
if (!empty($old_usr)) { if (!empty($old_usr)) {
setcookie('pma_cookie_password', '', 0, $GLOBALS['cookie_path'], '' , $GLOBALS['is_https']); setcookie('pma_cookie_password-' . $server, '', 0, $GLOBALS['cookie_path'], '' , $GLOBALS['is_https']);
} }
// The user just logged in // The user just logged in
@@ -443,8 +443,8 @@ function PMA_auth_check()
$pma_auth_server = $pma_cookie_servername; $pma_auth_server = $pma_cookie_servername;
$from_cookie = TRUE; $from_cookie = TRUE;
} }
else if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_servername'])) { else if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_servername-' . $server])) {
$pma_auth_server = $_COOKIE['pma_cookie_servername']; $pma_auth_server = $_COOKIE['pma_cookie_servername-' . $server];
$from_cookie = TRUE; $from_cookie = TRUE;
} }
} }
@@ -454,8 +454,8 @@ function PMA_auth_check()
$PHP_AUTH_USER = $pma_cookie_username; $PHP_AUTH_USER = $pma_cookie_username;
$from_cookie = TRUE; $from_cookie = TRUE;
} }
else if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_username'])) { else if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_username-' . $server])) {
$PHP_AUTH_USER = $_COOKIE['pma_cookie_username']; $PHP_AUTH_USER = $_COOKIE['pma_cookie_username-' . $server];
$from_cookie = TRUE; $from_cookie = TRUE;
} }
$decrypted_user = PMA_blowfish_decrypt($PHP_AUTH_USER, $GLOBALS['cfg']['blowfish_secret']); $decrypted_user = PMA_blowfish_decrypt($PHP_AUTH_USER, $GLOBALS['cfg']['blowfish_secret']);
@@ -474,8 +474,8 @@ function PMA_auth_check()
if (!empty($pma_cookie_password)) { if (!empty($pma_cookie_password)) {
$PHP_AUTH_PW = $pma_cookie_password; $PHP_AUTH_PW = $pma_cookie_password;
} }
else if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_password'])) { else if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_password-' . $server])) {
$PHP_AUTH_PW = $_COOKIE['pma_cookie_password']; $PHP_AUTH_PW = $_COOKIE['pma_cookie_password-' . $server];
} }
else { else {
$from_cookie = FALSE; $from_cookie = FALSE;
@@ -547,7 +547,7 @@ function PMA_auth_set_user()
// Name and password cookies needs to be refreshed each time // Name and password cookies needs to be refreshed each time
// Duration = one month for username // Duration = one month for username
setcookie('pma_cookie_username', setcookie('pma_cookie_username-' . $server,
PMA_blowfish_encrypt($cfg['Server']['user'] . ':' . $GLOBALS['current_time'], PMA_blowfish_encrypt($cfg['Server']['user'] . ':' . $GLOBALS['current_time'],
$GLOBALS['cfg']['blowfish_secret']), $GLOBALS['cfg']['blowfish_secret']),
time() + (60 * 60 * 24 * 30), time() + (60 * 60 * 24 * 30),
@@ -555,7 +555,7 @@ function PMA_auth_set_user()
$GLOBALS['is_https']); $GLOBALS['is_https']);
// Duration = till the browser is closed for password (we don't want this to be saved) // Duration = till the browser is closed for password (we don't want this to be saved)
setcookie('pma_cookie_password', setcookie('pma_cookie_password-' . $server,
PMA_blowfish_encrypt(!empty($cfg['Server']['password']) ? $cfg['Server']['password'] : "\xff(blank)", PMA_blowfish_encrypt(!empty($cfg['Server']['password']) ? $cfg['Server']['password'] : "\xff(blank)",
$GLOBALS['cfg']['blowfish_secret'] . $GLOBALS['current_time']), $GLOBALS['cfg']['blowfish_secret'] . $GLOBALS['current_time']),
0, 0,
@@ -568,14 +568,14 @@ function PMA_auth_set_user()
if ($GLOBALS['cfg']['AllowArbitraryServer']) { if ($GLOBALS['cfg']['AllowArbitraryServer']) {
if (isset($pma_auth_server) && !empty($pma_auth_server) && $pma_server_changed) { if (isset($pma_auth_server) && !empty($pma_auth_server) && $pma_server_changed) {
// Duration = one month for serverrname // Duration = one month for serverrname
setcookie('pma_cookie_servername', setcookie('pma_cookie_servername-' . $server,
$cfg['Server']['host'], $cfg['Server']['host'],
time() + (60 * 60 * 24 * 30), time() + (60 * 60 * 24 * 30),
$GLOBALS['cookie_path'], '', $GLOBALS['cookie_path'], '',
$GLOBALS['is_https']); $GLOBALS['is_https']);
} else { } else {
// Delete servername cookie // Delete servername cookie
setcookie('pma_cookie_servername', '', 0, $GLOBALS['cookie_path'], '' , $GLOBALS['is_https']); setcookie('pma_cookie_servername-' . $server, '', 0, $GLOBALS['cookie_path'], '' , $GLOBALS['is_https']);
} }
} }
@@ -609,10 +609,10 @@ function PMA_auth_set_user()
*/ */
function PMA_auth_fails() function PMA_auth_fails()
{ {
global $conn_error; global $conn_error, $server;
// Deletes password cookie and displays the login form // Deletes password cookie and displays the login form
setcookie('pma_cookie_password', '', 0, $GLOBALS['cookie_path'], '' , $GLOBALS['is_https']); setcookie('pma_cookie_password-' . $server, '', 0, $GLOBALS['cookie_path'], '' , $GLOBALS['is_https']);
if (PMA_DBI_getError()) { if (PMA_DBI_getError()) {
$conn_error = PMA_DBI_getError(); $conn_error = PMA_DBI_getError();