nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

one blowfish secret is enough

Browse Source
This commit is contained in:
Marc Delisle
2003-07-07 11:12:24 +00:00
parent a5144a9b29
commit 7ad32db10f
5 changed files with 24 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@@ -5,6 +5,11 @@ phpMyAdmin - Changelog
$Id$
$Source$
2003-07-07 Marc Delisle <lem9@users.sourceforge.net>
* libraries/auth/cookie.auth.lib.php3, config.inc.php3, user_password.php3,
Documentation.html: only one blowfish secret is necessary for
all servers, thanks to Alexander M. Turek
2003-07-06 Michal Cihar <nijel@users.sourceforge.net>
* lang/czech: Updated.
* css/phpmyadmin.css.php3: url() should not contain quotes.

17
Documentation.html
View File

@@ -402,6 +402,15 @@ $cfg['PmaAbsoluteUri'] = (!empty($_SERVER['HTTPS']) ? 'https' : 'http') . '://'
<br /><br />
</dd>
<dt><b>$cfg['blowfish_secret']</b> string</dt>
<dd>
Starting with version 2.5.2, the 'cookie' auth_type uses blowfish
algorithm to encrypt the password.
<br />
If at least one server configuration uses 'cookie' auth_type,
enter here a passphrase that will be used by blowfish.
</dd>
<dt><b>$cfg['Servers']</b> array</dt>
<dd>
Since version 1.4.2, phpMyAdmin supports the administration of multiple
@@ -517,14 +526,6 @@ $cfg['PmaAbsoluteUri'] = (!empty($_SERVER['HTTPS']) ? 'https' : 'http') . '://'
<br /><br />
</dd>
<dt>
<b>$cfg['Servers'][$i]['blowfish_secret']</b> string<br />
</dt>
<dd>
If your are using &quot;cookie&quot; auth_type, enter here
a secret passphrase which will be used by the blowfish encryption
mecanism to protect the password stored in the temporary cookie.
</dd>
<dt>
<b>$cfg['Servers'][$i]['user']</b> string<br />
<b>$cfg['Servers'][$i]['password']</b> string

11
config.inc.php3
View File

@@ -52,6 +52,12 @@ $cfg['PmaAbsoluteUri_DisableWarning'] = FALSE;
*/
$cfg['PmaNoRelation_DisableWarning'] = FALSE;
/**
* The 'cookie' auth_type uses blowfish algorithm to encrypt the password.
* If at least one server configuration uses 'cookie' auth_type,
* enter here a passphrase that will be used by blowfish.
*/
$cfg['blowfish_secret'] = '';
/**
* Server(s) configuration
@@ -71,9 +77,6 @@ $cfg['Servers'][$i]['controluser'] = ''; // MySQL control user settin
$cfg['Servers'][$i]['controlpass'] = ''; // access to the "mysql/user"
// and "mysql/db" tables)
$cfg['Servers'][$i]['auth_type'] = 'config'; // Authentication method (config, http or cookie based)?
$cfg['Servers'][$i]['blowfish_secret'] = ''; // Secret key used by
// blowfish encryption
// (if auth_type='cookie')
$cfg['Servers'][$i]['user'] = 'root'; // MySQL user
$cfg['Servers'][$i]['password'] = ''; // MySQL password (only needed
// with 'config' auth_type)
@@ -127,7 +130,6 @@ $cfg['Servers'][$i]['compress'] = FALSE;
$cfg['Servers'][$i]['controluser'] = '';
$cfg['Servers'][$i]['controlpass'] = '';
$cfg['Servers'][$i]['auth_type'] = 'config';
$cfg['Servers'][$i]['blowfish_secret'] = '';
$cfg['Servers'][$i]['user'] = 'root';
$cfg['Servers'][$i]['password'] = '';
$cfg['Servers'][$i]['only_db'] = '';
@@ -155,7 +157,6 @@ $cfg['Servers'][$i]['compress'] = FALSE;
$cfg['Servers'][$i]['controluser'] = '';
$cfg['Servers'][$i]['controlpass'] = '';
$cfg['Servers'][$i]['auth_type'] = 'config';
$cfg['Servers'][$i]['blowfish_secret'] = '';
$cfg['Servers'][$i]['user'] = 'root';
$cfg['Servers'][$i]['password'] = '';
$cfg['Servers'][$i]['only_db'] = '';

6
libraries/auth/cookie.auth.lib.php3
View File

@@ -242,7 +242,7 @@ input.textfield {font-family: <?php echo $right_font_family; ?>; font-size: <?ph
// Displays the warning message and the login form
if ($GLOBALS['cfg']['Server']['blowfish_secret']=='') {
if ($GLOBALS['cfg']['blowfish_secret']=='') {
?>
<p class="warning"><?php echo $GLOBALS['strSecretRequired']; ?></p>
</body>
@@ -435,7 +435,7 @@ if (uname.value == '') {
$from_cookie = FALSE;
}
$PHP_AUTH_PW = base64_decode($PHP_AUTH_PW);
$PHP_AUTH_PW = PMA_blowfish_decrypt($PHP_AUTH_PW,$GLOBALS['cfg']['Server']['blowfish_secret']);
$PHP_AUTH_PW = PMA_blowfish_decrypt($PHP_AUTH_PW,$GLOBALS['cfg']['blowfish_secret']);
if ($PHP_AUTH_PW == "\xff(blank)") {
$PHP_AUTH_PW = '';
@@ -507,7 +507,7 @@ if (uname.value == '') {
// Some binary contents are now retrieved properly when stored
// as a cookie, so we base64_encode()
setcookie('pma_cookie_password',
base64_encode(PMA_blowfish_encrypt(((!empty($cfg['Server']['password'])) ? $cfg['Server']['password'] : "\xff(blank)"), $GLOBALS['cfg']['Server']['blowfish_secret'])),
base64_encode(PMA_blowfish_encrypt(((!empty($cfg['Server']['password'])) ? $cfg['Server']['password'] : "\xff(blank)"), $GLOBALS['cfg']['blowfish_secret'])),
0,
$GLOBALS['cookie_path'], '',
$GLOBALS['is_https']);

2
user_password.php3
View File

@@ -55,7 +55,7 @@ if (isset($nopass)) {
// Changes password cookie if required
if ($cfg['Server']['auth_type'] == 'cookie') {
setcookie('pma_cookie_password', base64_encode(PMA_blowfish_encrypt($pma_pw,$GLOBALS['cfg']['Server']['blowfish_secret'])), 0, $cookie_path, '', $is_https);
setcookie('pma_cookie_password', base64_encode(PMA_blowfish_encrypt($pma_pw,$GLOBALS['cfg']['blowfish_secret'])), 0, $cookie_path, '', $is_https);
} // end if
// For http auth. mode, the "back" link will also enforce new
// authentication