nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* moved all the authentication work in libraries so it will be easier to add new authentication modes;

Browse Source 
* started merging patch #463127 - Cookie based authentication, thanks to Piotr Roszatycki & Dan Wilson.
This commit is contained in:
Loïc Chapeaux
2001-12-09 21:16:04 +00:00
parent b05cd810ce
commit 69b348a2dd
38 changed files with 863 additions and 237 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
libraries/auth/basic.auth.lib.php3 Normal file
View File

@@ -0,0 +1,115 @@
<?php
/* $Id$ */
// +--------------------------------------------------------------------------+
// | Set of functions used to run basic authentication (ie no |
// | authentication). |
// +--------------------------------------------------------------------------+
if (!defined('PMA_BASIC_AUTH_INCLUDED')) {
define('PMA_BASIC_AUTH_INCLUDED', 1);
/**
* Displays authentication form
*
* @return boolean always true
*
* @access public
*/
function PMA_auth()
{
return TRUE;
} // end of the 'PMA_auth()' function
/**
* Gets advanced authentication settings
*
* @return boolean always true
*
* @access public
*/
function PMA_auth_check()
{
return TRUE;
} // end of the 'PMA_auth_check()' function
/**
* Set the user and password after last checkings if required
*
* @return boolean always true
*
* @access public
*/
function PMA_auth_set_user()
{
return TRUE;
} // end of the 'PMA_auth_set_user()' function
/**
* User is not allowed to login to MySQL -> authentication failed
*
* @global string the MySQL error message PHP returns
* @global string the connection type (persitent or not)
* @global string the MySQL server port to use
* @global string the MySQL socket port to use
* @global array the current server settings
* @global string the font face to use in case of failure
* @global string the default font size to use in case of failure
* @global string the big font size to use in case of failure
*
* @return boolean always true (no return indeed)
*
* @access public
*/
function PMA_auth_fails()
{
global $php_errormsg;
global $connect_func, $server_port, $server_socket, $cfgServer;
global $right_font_family, $font_size, $font_bigger;
if (mysql_error()) {
$conn_error = mysql_error();
} else if (isset($php_errormsg)) {
$conn_error = $php_errormsg;
} else {
$conn_error = 'Cannot connect: invalid settings.';
}
$local_query = $connect_func . '('
. $cfgServer['host'] . $server_port . $server_socket . ', '
. $cfgServer['user'] . ', '
. $cfgServer['password'] . ')';
?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo $GLOBALS['available_languages'][$GLOBALS['lang']][2]; ?>" lang="<?php echo $GLOBALS['available_languages'][$GLOBALS['lang']][2]; ?>" dir="<?php echo $GLOBALS['text_dir']; ?>">
<head>
<title><?php echo $GLOBALS['strAccessDenied']; ?></title>
<style type="text/css">
<!--
body {font-family: <?php echo $right_font_family; ?>; font-size: <?php echo $font_size; ?>; color: #000000}
h1 {font-family: <?php echo $right_font_family; ?>; font-size: <?php echo $font_bigger; ?>; font-weight: bold}
//-->
</style>
</head>
<body bgcolor="<?php echo $GLOBALS['cfgRightBgColor']; ?>">
<br /><br />
<center>
<h1><?php echo sprintf($GLOBALS['strWelcome'], ' phpMyAdmin ' . PMA_VERSION); ?></h1>
</center>
<br />
?>
echo "\n";
PMA_mysqlDie($conn_error, $local_query, FALSE);
return TRUE;
} // end of the 'PMA_auth()' function
} // $__PMA_BASIC_AUTH_LIB__
?>

354
libraries/auth/cookie.auth.lib.php3 Normal file
View File

@@ -0,0 +1,354 @@
<?php
/* $Id$ */
// +--------------------------------------------------------------------------+
// | Set of functions used to run cookie based authentication. |
// | Thanks to Piotr Roszatycki <d3xter at users.sourceforge.net> and |
// | Dan Wilson who builds this patch for the Debian package. |
// +--------------------------------------------------------------------------+
if (!defined('PMA_COOKIE_AUTH_INCLUDED')) {
define('PMA_COOKIE_AUTH_INCLUDED', 1);
/**
* Sorts available languages by their true names
*
* @param array the array to be sorted
* @param mixed a required parameter
*
* @return the sorted array
*
* @access private
*/
function PMA_cookie_cmp(&$a, $b)
{
return (strcmp($a[1], $b[1]));
} // end of the 'PMA_cmp()' function
/**
* Displays authentication form
*
* @global string the font face to use
* @global string the default font size to use
* @global string the big font size to use
* @global array the list of servers settings
* @global array the list of available translations
* @global string the current language
* @global integer the current server id
* @global array the array of cookie variables if register_globals is
* off
*
* @return boolean always true (no return indeed)
*
* @access public
*/
function PMA_auth()
{
global $right_font_family, $font_size, $font_bigger;
global $cfgServers, $available_languages;
global $lang, $server;
global $HTTP_COOKIE_VARS;
// Tries to get the username from cookie whatever are the values of the
// 'register_globals' and the 'variables_order' directives
if (!empty($GLOBALS['pma_cookie_username'])) {
$default_user = $GLOBALS['pma_cookie_username'];
}
else if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_username'])) {
$default_user = $_COOKIE['pma_cookie_username'];
}
else if (!empty($HTTP_COOKIE_VARS) && isset($HTTP_COOKIE_VARS['pma_cookie_username'])) {
$default_user = $HTTP_COOKIE_VARS['pma_cookie_username'];
}
$cell_align = ($GLOBALS['text_dir'] == 'ltr') ? 'left' : 'right';
// Title
?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo $GLOBALS['available_languages'][$GLOBALS['lang']][2]; ?>" lang="<?php echo $GLOBALS['available_languages'][$GLOBALS['lang']][2]; ?>" dir="<?php echo $GLOBALS['text_dir']; ?>">
<head>
<title><?php echo 'phpMyAdmin ' . PMA_VERSION . ' - ' . $GLOBALS['strLogin']; ?></title>
<style type="text/css">
<!--
body {font-family: <?php echo $right_font_family; ?>; font-size: <?php echo $font_size; ?>; color: #000000}
form {font-family: <?php echo $right_font_family; ?>; font-size: <?php echo $font_size; ?>; font-weight: bold}
h1 {font-family: <?php echo $right_font_family; ?>; font-size: <?php echo $font_bigger; ?>; font-weight: bold}
.warning {font-family: <?php echo $right_font_family; ?>; font-size: <?php echo $font_size; ?>; font-weight: bold; color: #FF0000}
//-->
</style>
</head>
<body bgcolor="<?php echo $GLOBALS['cfgRightBgColor']; ?>">
<center>
<h1><?php echo sprintf($GLOBALS['strWelcome'], ' phpMyAdmin ' . PMA_VERSION); ?></h1>
<br />
<?php
// Displays the languages form
if (empty($cfgLang)) {
echo "\n";
?>
<!-- Language selection -->
<form method="post" action="index.php3">
<input type="hidden" name="server" value="<?php echo $server; ?>" />
Language:
<select name="lang" dir="ltr" onchange="this.form.submit();">
<?php
echo "\n";
uasort($available_languages, 'PMA_cookie_cmp');
reset($available_languages);
while (list($id, $tmplang) = each($available_languages)) {
$lang_name = ucfirst(substr(strstr($tmplang[0], '|'), 1));
if ($lang == $id) {
$selected = ' selected="selected"';
} else {
$selected = '';
}
echo ' ';
echo '<option value="' . $id . '"' . $selected . '>' . $lang_name . ' (' . $id . ')</option>' . "\n";
} // end while
?>
</select>
<input type="submit" value="Go" />
</form>
<br />
<?php
}
echo "\n\n";
// Displays the warning message and the login form
?>
<p class="warning"><?php echo $GLOBALS['strCookiesRequired']; ?></p>
<br />
<!-- Login form -->
<form method="post" action="index.php3">
<table cellpadding="5">
<tr>
<td align="<?php echo $cell_align; ?>"><?php echo $GLOBALS['strLogUsername']; ?>&nbsp;</td>
<td align="<?php echo $cell_align; ?>">
<input type="text" name="pma_username" value="<?php echo (isset($default_user) ? $default_user : ''); ?>" size="24" />
</td>
</tr>
<tr>
<td align="<?php echo $cell_align; ?>"><?php echo $GLOBALS['strLogPassword']; ?>&nbsp;</td>
<td align="<?php echo $cell_align; ?>">
<input type="text" name="pma_password" value="" size="24" />
</td>
</tr>
<tr>
<td align="<?php echo $cell_align; ?>"><?php echo $GLOBALS['strServerChoice']; ?>&nbsp;:&nbsp;</td>
<td align="<?php echo $cell_align; ?>">
<select name="server">
<?php
echo "\n";
// Displays the MySQL servers choice
reset($cfgServers);
while (list($key, $val) = each($cfgServers)) {
if (!empty($val['host'])) {
echo ' <option value="' . $key . '"';
if (!empty($server) && ($server == $key)) {
echo ' selected="selected"';
}
echo '>';
if ($val['verbose'] != '') {
echo $val['verbose'];
} else {
echo $val['host'];
if (!empty($val['port'])) {
echo ':' . $val['port'];
}
// loic1: skip this because it's not a so good idea to
// display sockets used to everybody
// if (!empty($val['socket']) && PMA_PHP_INT_VERSION >= 30010) {
// echo ':' . $val['socket'];
// }
}
// loic1: if 'only_db' is an array and there is more than one
// value, displaying such informations may not be a so
// good idea
if (!empty($val['only_db'])) {
echo ' - ' . (is_array($val['only_db']) ? implode(', ', $val['only_db']) : $val['only_db']);
}
if (!empty($val['user']) && ($val['auth_type'] == 'basic')) {
echo ' (' . $val['user'] . ')';
}
echo '&nbsp;</option>' . "\n";
} // end if (!empty($val['host']))
} // end while
?>
</select>
</td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="submit" value="<?php echo $GLOBALS['strLogin']; ?>" />
</td>
</tr>
</table>
</form>
</center>
</body>
</html>
<?php
exit();
return TRUE;
} // end of the 'PMA_auth()' function
/**
* Gets advanced authentication settings
*
* @global string the username if register_globals is on
* @global string the password if register_globals is on
* @global array the array of cookie variables if register_globals is
* off
* @global string the username sent by the login form
* @global string the password sent by the login form
* @global string the username of the user who logs out
* @global boolean whether the login/password pair is grabbed from a
* cookie or not
*
* @return boolean whether we get authentication settings or not
*
* @access public
*/
function PMA_auth_check()
{
global $PHP_AUTH_USER, $PHP_AUTH_PW;
global $HTTP_COOKIE_VARS;
global $pma_username, $pma_password, $old_usr;
global $from_cookie;
// Initialization
$PHP_AUTH_USER = $PHP_AUTH_PW = '';
$from_cookie = FALSE;
// The user wants to be logged out -> delete password cookie
if (!empty($old_usr)) {
setcookie('pma_cookie_password', '');
}
// The user just logged in
else if (!empty($pma_username)) {
$PHP_AUTH_USER = $pma_username;
$PHP_AUTH_PW = (empty($pma_password)) ? '' : $pma_password;
}
// At the end, try to set the $PHP_AUTH_USER & $PHP_AUTH_PW variables
// from cookies whatever are the values of the 'register_globals' and
// the 'variables_order' directives
else {
if (!empty($pma_cookie_username)) {
$PHP_AUTH_USER = $pma_cookie_username;
}
else if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_username'])) {
$PHP_AUTH_USER = $_COOKIE['pma_cookie_username'];
}
else if (!empty($HTTP_COOKIE_VARS) && isset($HTTP_COOKIE_VARS['pma_cookie_username'])) {
$PHP_AUTH_USER = $HTTP_COOKIE_VARS['pma_cookie_username'];
}
if (!empty($pma_cookie_password)) {
$PHP_AUTH_PW = $pma_cookie_password;
$from_cookie = TRUE;
}
else if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_password'])) {
$PHP_AUTH_PW = $_COOKIE['pma_cookie_password'];
$from_cookie = TRUE;
}
else if (!empty($HTTP_COOKIE_VARS) && isset($HTTP_COOKIE_VARS['pma_cookie_password'])) {
$PHP_AUTH_PW = $HTTP_COOKIE_VARS['pma_cookie_password'];
$from_cookie = TRUE;
}
}
// Returns whether we get authentication settings or not
if (empty($PHP_AUTH_USER)) {
return FALSE;
} else {
if (get_magic_quotes_gpc()) {
$PHP_AUTH_USER = stripslashes($PHP_AUTH_USER);
$PHP_AUTH_PW = stripslashes($PHP_AUTH_PW);
}
return TRUE;
}
} // end of the 'PMA_auth_check()' function
/**
* Set the user and password after last checkings if required
*
* @global array the valid servers settings
* @global integer the id of the current server
* @global array the current server settings
* @global string the current username
* @global string the current password
* @global boolean whether the login/password pair has been grabbed from
* a cookie or not
*
* @return boolean always true
*
* @access public
*/
function PMA_auth_set_user()
{
global $cfgServers, $server, $cfgServer;
global $PHP_AUTH_USER, $PHP_AUTH_PW;
global $from_cookie;
// Ensures the valid 'only_db' setting is used
if ($cfgServer['user'] != $PHP_AUTH_USER) {
$servers_cnt = count($cfgServers);
for ($i = 1; $i <= $servers_cnt; $i++) {
if (isset($cfgServers[$i])
&& ($cfgServers[$i]['host'] == $cfgServer['host'] && $cfgServers[$i]['user'] == $PHP_AUTH_USER)) {
$server = $i;
$cfgServer = $cfgServers[$i];
break;
}
} // end for
} // end if
$cfgServer['user'] = $PHP_AUTH_USER;
$cfgServer['password'] = $PHP_AUTH_PW;
// Set cookies if required (once per session)
if (!$from_cookie) {
// Duration = one month for username
setcookie('pma_cookie_username', $cfgServer['user'], time() + (60 * 60 * 24 * 30));
// Duration = till the browser is closed for password
setcookie('pma_cookie_password', $cfgServer['password']);
}
return TRUE;
} // end of the 'PMA_auth_set_user()' function
/**
* User is not allowed to login to MySQL -> authentication failed
*
* @return boolean always true (no return indeed)
*
* @access public
*/
function PMA_auth_fails()
{
// Deletes password cookie and displays the login form
setcookie('pma_cookie_password', '');
PMA_auth();
return TRUE;
} // end of the 'PMA_auth()' function
} // $__PMA_COOKIE_AUTH_LIB__
?>

236
libraries/auth/http.auth.lib.php3 Normal file
View File

@@ -0,0 +1,236 @@
<?php
/* $Id$ */
// +--------------------------------------------------------------------------+
// | Set of functions used to run http authentication. |
// | NOTE: Requires Apache loaded as a php module. |
// +--------------------------------------------------------------------------+
if (!defined('PMA_HTTP_AUTH_INCLUDED')) {
define('PMA_HTTP_AUTH_INCLUDED', 1);
/**
* Displays authentication form
*
* @global string the font face to use in case of failure
* @global string the default font size to use in case of failure
* @global string the big font size to use in case of failure
*
* @return boolean always true (no return indeed)
*
* @access public
*/
function PMA_auth()
{
global $right_font_family, $font_size, $font_bigger;
header('WWW-Authenticate: Basic realm="phpMyAdmin ' . sprintf($GLOBALS['strRunning'], (empty($GLOBALS['cfgServer']['verbose']) ? str_replace('\'', '\\\'',$GLOBALS['cfgServer']['host']) : str_replace('\'', '\\\'', $GLOBALS['cfgServer']['verbose']))) . '"');
header('HTTP/1.0 401 Unauthorized');
header('status: 401 Unauthorized');
?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo $GLOBALS['available_languages'][$GLOBALS['lang']][2]; ?>" lang="<?php echo $GLOBALS['available_languages'][$GLOBALS['lang']][2]; ?>" dir="<?php echo $GLOBALS['text_dir']; ?>">
<head>
<title><?php echo $GLOBALS['strAccessDenied']; ?></title>
<style type="text/css">
<!--
body {font-family: <?php echo $right_font_family; ?>; font-size: <?php echo $font_size; ?>; color: #000000}
h1 {font-family: <?php echo $right_font_family; ?>; font-size: <?php echo $font_bigger; ?>; font-weight: bold}
//-->
</style>
</head>
<body bgcolor="<?php echo $GLOBALS['cfgRightBgColor']; ?>">
<br /><br />
<center>
<h1><?php echo sprintf($GLOBALS['strWelcome'], ' phpMyAdmin ' . PMA_VERSION); ?></h1>
</center>
<br />
<p><?php echo $GLOBALS['strWrongUser']; ?></p>
</body>
</html>
<?php
echo "\n";
exit();
return TRUE;
} // end of the 'PMA_auth()' function
/**
* Gets advanced authentication settings
*
* @global string the username if register_globals is on
* @global string the password if register_globals is on
* @global array the array of server variables if register_globals is
* off
* @global array the array of environment variables if register_globals
* is off
* @global string the username for the ? server
* @global string the password for the ? server
* @global string the username for the WebSite Professional server
* @global string the password for the WebSite Professional server
* @global string the username of the user who logs out
*
* @return boolean whether we get authentication settings or not
*
* @access public
*/
function PMA_auth_check()
{
global $PHP_AUTH_USER, $PHP_AUTH_PW;
global $HTTP_SERVER_VARS, $HTTP_ENV_VARS;
global $REMOTE_USER, $AUTH_USER, $REMOTE_PASSWORD, $AUTH_PASSWORD;
global $old_usr;
// Grabs the $PHP_AUTH_USER variable whatever are the values of the
// 'register_globals' and the 'variables_order' directives
// loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+
if (empty($PHP_AUTH_USER)) {
if (!empty($_SERVER) && isset($_SERVER['PHP_AUTH_USER'])) {
$PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER'];
}
else if (!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['PHP_AUTH_USER'])) {
$PHP_AUTH_USER = $HTTP_SERVER_VARS['PHP_AUTH_USER'];
}
else if (isset($REMOTE_USER)) {
$PHP_AUTH_USER = $REMOTE_USER;
}
else if (!empty($_ENV) && isset($_ENV['REMOTE_USER'])) {
$PHP_AUTH_USER = $_ENV['REMOTE_USER'];
}
else if (!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['REMOTE_USER'])) {
$PHP_AUTH_USER = $HTTP_ENV_VARS['REMOTE_USER'];
}
else if (@getenv('REMOTE_USER')) {
$PHP_AUTH_USER = getenv('REMOTE_USER');
}
// Fix from Matthias Fichtner for WebSite Professional - Part 1
else if (isset($AUTH_USER)) {
$PHP_AUTH_USER = $AUTH_USER;
}
else if (!empty($_ENV) && isset($_ENV['AUTH_USER'])) {
$PHP_AUTH_USER = $_ENV['AUTH_USER'];
}
else if (!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['AUTH_USER'])) {
$PHP_AUTH_USER = $HTTP_ENV_VARS['AUTH_USER'];
}
else if (@getenv('AUTH_USER')) {
$PHP_AUTH_USER = getenv('AUTH_USER');
}
}
// Grabs the $PHP_AUTH_PW variable whatever are the values of the
// 'register_globals' and the 'variables_order' directives
// loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+
if (empty($PHP_AUTH_PW)) {
if (!empty($_SERVER) && isset($_SERVER['PHP_AUTH_PW'])) {
$PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW'];
}
else if (!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['PHP_AUTH_PW'])) {
$PHP_AUTH_PW = $HTTP_SERVER_VARS['PHP_AUTH_PW'];
}
else if (isset($REMOTE_PASSWORD)) {
$PHP_AUTH_PW = $REMOTE_PASSWORD;
}
else if (!empty($_ENV) && isset($_ENV['REMOTE_PASSWORD'])) {
$PHP_AUTH_PW = $_ENV['REMOTE_PASSWORD'];
}
else if (!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['REMOTE_PASSWORD'])) {
$PHP_AUTH_PW = $HTTP_ENV_VARS['REMOTE_PASSWORD'];
}
else if (@getenv('REMOTE_PASSWORD')) {
$PHP_AUTH_PW = getenv('REMOTE_PASSWORD');
}
// Fix from Matthias Fichtner for WebSite Professional - Part 2
else if (isset($AUTH_PASSWORD)) {
$PHP_AUTH_PW = $AUTH_PASSWORD;
}
else if (!empty($_ENV) && isset($_ENV['AUTH_PASSWORD'])) {
$PHP_AUTH_PW = $_ENV['AUTH_PASSWORD'];
}
else if (!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['AUTH_PASSWORD'])) {
$PHP_AUTH_PW = $HTTP_ENV_VARS['AUTH_PASSWORD'];
}
else if (@getenv('AUTH_PASSWORD')) {
$PHP_AUTH_PW = getenv('AUTH_PASSWORD');
}
}
// User logged out -> ensure the new username is not the same
if (!empty($old_usr)
&& (isset($PHP_AUTH_USER) && $old_usr == $PHP_AUTH_USER)) {
$PHP_AUTH_USER = '';
}
// Returns whether we get authentication settings or not
if (empty($PHP_AUTH_USER)) {
return FALSE;
} else {
if (get_magic_quotes_gpc()) {
$PHP_AUTH_USER = stripslashes($PHP_AUTH_USER);
$PHP_AUTH_PW = stripslashes($PHP_AUTH_PW);
}
return TRUE;
}
} // end of the 'PMA_auth_check()' function
/**
* Set the user and password after last checkings if required
*
* @global array the valid servers settings
* @global integer the id of the current server
* @global array the current server settings
* @global string the current username
* @global string the current password
*
* @return boolean always true
*
* @access public
*/
function PMA_auth_set_user()
{
global $cfgServers, $server, $cfgServer;
global $PHP_AUTH_USER, $PHP_AUTH_PW;
// Ensures the valid 'only_db' setting is used
if ($cfgServer['user'] != $PHP_AUTH_USER) {
$servers_cnt = count($cfgServers);
for ($i = 1; $i <= $servers_cnt; $i++) {
if (isset($cfgServers[$i])
&& ($cfgServers[$i]['host'] == $cfgServer['host'] && $cfgServers[$i]['user'] == $PHP_AUTH_USER)) {
$server = $i;
$cfgServer = $cfgServers[$i];
break;
}
} // end for
} // end if
$cfgServer['user'] = $PHP_AUTH_USER;
$cfgServer['password'] = $PHP_AUTH_PW;
return TRUE;
} // end of the 'PMA_auth_set_user()' function
/**
* User is not allowed to login to MySQL -> authentication failed
*
* @return boolean always true (no return indeed)
*
* @access public
*/
function PMA_auth_fails()
{
PMA_auth();
return TRUE;
} // end of the 'PMA_auth()' function
} // $__PMA_HTTP_AUTH_LIB__
?>

203
libraries/common.lib.php3
View File

@@ -25,15 +25,14 @@ if (!defined('PMA_COMMON_LIB_INCLUDED')){
*
* the PMA_sqlAddslashes() function must be before the connection to db
*
* the PMA_auth() function must be before the connection to db but after
* the PMA_isInto() function
* the authentication libraries must be before the connection to db but
* after the PMA_isInto() function
*
* the PMA_mysqlDie() function must be before the connection to db but after
* mysql extension has been loaded
*
* ... so the required order is:
*
* - definition of PMA_auth()
* - parsing of the configuration file
* - first load of the libraries/define.lib.php3 library (won't get the
* MySQL release number)
@@ -41,8 +40,9 @@ if (!defined('PMA_COMMON_LIB_INCLUDED')){
* - definition of PMA_sqlAddslashes()
* - definition of PMA_mysqlDie()
* - definition of PMA_isInto()
* - loading of an authentication library
* - db connection
* - advanced authentication work if required
* - authentication work
* - second load of the libraries/define.lib.php3 library to get the MySQL
* release number)
* - other functions, respecting dependencies
@@ -60,43 +60,6 @@ if (!defined('PMA_COMMON_LIB_INCLUDED')){
}
/**
* Advanced authentication work
*
* Requires Apache loaded as a php module.
*
* @access public
*/
function PMA_auth()
{
// header('WWW-Authenticate: Basic realm="phpMyAdmin ' . trim($GLOBALS['strRunning']) . ' ' . $GLOBALS['cfgServer']['host'] . '"');
header('WWW-Authenticate: Basic realm="phpMyAdmin ' . sprintf($GLOBALS['strRunning'], (empty($GLOBALS['cfgServer']['verbose']) ? str_replace('\'', '\\\'',$GLOBALS['cfgServer']['host']) : str_replace('\'', '\\\'', $GLOBALS['cfgServer']['verbose']))) . '"');
header('HTTP/1.0 401 Unauthorized');
header('status: 401 Unauthorized');
?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo $GLOBALS['available_languages'][$GLOBALS['lang']][2]; ?>" lang="<?php echo $GLOBALS['available_languages'][$GLOBALS['lang']][2]; ?>" dir="<?php echo $GLOBALS['text_dir']; ?>">
<head>
<title><?php echo $GLOBALS['strAccessDenied']; ?></title>
</head>
<body bgcolor="#FFFFFF">
<br /><br />
<center>
<h1><?php echo $GLOBALS['strWrongUser']; ?></h1>
</center>
</body>
</html>
<?php
echo "\n";
exit();
} // end of the 'PMA_auth()' function
/**
* Parses the configuration file and gets some constants used to define
* versions of phpMyAdmin/php/mysql...
@@ -175,7 +138,6 @@ if (!defined('PMA_COMMON_LIB_INCLUDED')){
}
/**
* Loads the mysql extensions if it is not loaded yet
* staybyte - 26. June 2001
@@ -357,137 +319,14 @@ if (!defined('PMA_COMMON_LIB_INCLUDED')){
? ''
: ':' . $cfgServer['socket'];
// Advanced authentication is required
if ($cfgServer['adv_auth']) {
// Grabs the $PHP_AUTH_USER variable whatever are the values of the
// 'register_globals' and the 'variables_order' directives
// loic1 - 2001/25/11: use the new globals arrays defined with
// php 4.1+
if (empty($PHP_AUTH_USER)) {
if (!empty($_SERVER) && isset($_SERVER['PHP_AUTH_USER'])) {
$PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER'];
}
else if (!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['PHP_AUTH_USER'])) {
$PHP_AUTH_USER = $HTTP_SERVER_VARS['PHP_AUTH_USER'];
}
else if (isset($REMOTE_USER)) {
$PHP_AUTH_USER = $REMOTE_USER;
}
else if (!empty($_ENV) && isset($_ENV['REMOTE_USER'])) {
$PHP_AUTH_USER = $_ENV['REMOTE_USER'];
}
else if (!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['REMOTE_USER'])) {
$PHP_AUTH_USER = $HTTP_ENV_VARS['REMOTE_USER'];
}
else if (@getenv('REMOTE_USER')) {
$PHP_AUTH_USER = getenv('REMOTE_USER');
}
// Fix from Matthias Fichtner for WebSite Professional - Part 1
else if (isset($AUTH_USER)) {
$PHP_AUTH_USER = $AUTH_USER;
}
else if (!empty($_ENV) && isset($_ENV['AUTH_USER'])) {
$PHP_AUTH_USER = $_ENV['AUTH_USER'];
}
else if (!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['AUTH_USER'])) {
$PHP_AUTH_USER = $HTTP_ENV_VARS['AUTH_USER'];
}
else if (@getenv('AUTH_USER')) {
$PHP_AUTH_USER = getenv('AUTH_USER');
}
}
// Grabs the $PHP_AUTH_PW variable whatever are the values of the
// 'register_globals' and the 'variables_order' directives
// loic1 - 2001/25/11: use the new globals arrays defined with
// php 4.1+
if (empty($PHP_AUTH_PW)) {
if (!empty($_SERVER) && isset($_SERVER['PHP_AUTH_PW'])) {
$PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW'];
}
else if (!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['PHP_AUTH_PW'])) {
$PHP_AUTH_PW = $HTTP_SERVER_VARS['PHP_AUTH_PW'];
}
else if (isset($REMOTE_PASSWORD)) {
$PHP_AUTH_PW = $REMOTE_PASSWORD;
}
else if (!empty($_ENV) && isset($_ENV['REMOTE_PASSWORD'])) {
$PHP_AUTH_PW = $_ENV['REMOTE_PASSWORD'];
}
else if (!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['REMOTE_PASSWORD'])) {
$PHP_AUTH_PW = $HTTP_ENV_VARS['REMOTE_PASSWORD'];
}
else if (@getenv('REMOTE_PASSWORD')) {
$PHP_AUTH_PW = getenv('REMOTE_PASSWORD');
}
// Fix from Matthias Fichtner for WebSite Professional - Part 2
else if (isset($AUTH_PASSWORD)) {
$PHP_AUTH_PW = $AUTH_PASSWORD;
}
else if (!empty($_ENV) && isset($_ENV['AUTH_PASSWORD'])) {
$PHP_AUTH_PW = $_ENV['AUTH_PASSWORD'];
}
else if (!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['AUTH_PASSWORD'])) {
$PHP_AUTH_PW = $HTTP_ENV_VARS['AUTH_PASSWORD'];
}
else if (@getenv('AUTH_PASSWORD')) {
$PHP_AUTH_PW = getenv('AUTH_PASSWORD');
}
}
// Grabs the $old_usr variable whatever are the values of the
// 'register_globals' and the 'variables_order' directives
// loic1 - 2001/25/11: use the new globals arrays defined with
// php 4.1+
if (empty($old_usr)) {
if (!empty($_GET) && isset($_GET['old_usr'])) {
$old_usr = $_GET['old_usr'];
}
else if (!empty($HTTP_GET_VARS) && isset($HTTP_GET_VARS['old_usr'])) {
$old_usr = $HTTP_GET_VARS['old_usr'];
}
}
// First load -> checks if authentication is required
if (!isset($old_usr)) {
if (empty($PHP_AUTH_USER)) {
$do_auth = TRUE;
} else {
$do_auth = FALSE;
}
}
// Else ensure the username is not the same
else {
// force user to enter a different username
if (isset($PHP_AUTH_USER) && $old_usr == $PHP_AUTH_USER) {
$do_auth = TRUE;
} else {
$do_auth = FALSE;
}
}
// Calls the authentication window or store user's login/password
if ($do_auth) {
PMA_auth();
} else {
if (get_magic_quotes_gpc()) {
$PHP_AUTH_USER = stripslashes($PHP_AUTH_USER);
$PHP_AUTH_PW = stripslashes($PHP_AUTH_PW);
}
// Ensures the valid 'only_db' setting is used
if ($cfgServer['user'] != $PHP_AUTH_USER) {
$servers_cnt = count($cfgServers);
for ($i = 1; $i <= $servers_cnt; $i++) {
if (isset($cfgServers[$i])
&& ($cfgServers[$i]['host'] == $cfgServer['host'] && $cfgServers[$i]['user'] == $PHP_AUTH_USER)) {
$server = $i;
$cfgServer = $cfgServers[$i];
break;
}
} // end for
} // end if
$cfgServer['user'] = $PHP_AUTH_USER;
$cfgServer['password'] = $PHP_AUTH_PW;
} // end else
} // end advanced authentication
// Gets the authentication library that fits the cfgServer settings
// and run authentication
include('./libraries/auth/' . $cfgServer['auth_type'] . '.auth.lib.php3');
if (!PMA_auth_check()) {
PMA_auth();
} else {
PMA_auth_set_user();
}
// The user can work with only some databases
if (isset($cfgServer['only_db']) && $cfgServer['only_db'] != '') {
@@ -535,23 +374,7 @@ if (!defined('PMA_COMMON_LIB_INCLUDED')){
$cfgServer['password']
);
if ($userlink == FALSE) {
// Advanced authentication case
if ($cfgServer['adv_auth']) {
PMA_auth();
}
// Standard authentication case
else if (mysql_error()) {
$conn_error = mysql_error();
} else if (isset($php_errormsg)) {
$conn_error = $php_errormsg;
} else {
$conn_error = 'Cannot connect: invalid settings.';
}
$local_query = $connect_func . '('
. $cfgServer['host'] . $server_port . $server_socket . ', '
. $cfgServer['user'] . ', '
. $cfgServer['password'] . ')';
PMA_mysqlDie($conn_error, $local_query, FALSE);
PMA_auth_fails();
} // end if
if (PMA_PHP_INT_VERSION >= 40000) {