diff --git a/ChangeLog b/ChangeLog index 74fc66532..9c4d0fb10 100755 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,11 @@ phpMyAdmin - Changelog $Id$ $Source$ +2003-07-07 Marc Delisle + * libraries/auth/cookie.auth.lib.php3, config.inc.php3, user_password.php3, + Documentation.html: only one blowfish secret is necessary for + all servers, thanks to Alexander M. Turek + 2003-07-06 Michal Cihar * lang/czech: Updated. * css/phpmyadmin.css.php3: url() should not contain quotes. diff --git a/Documentation.html b/Documentation.html index d2b2aff86..20288444c 100755 --- a/Documentation.html +++ b/Documentation.html @@ -402,6 +402,15 @@ $cfg['PmaAbsoluteUri'] = (!empty($_SERVER['HTTPS']) ? 'https' : 'http') . '://'

+
$cfg['blowfish_secret'] string
+
+ Starting with version 2.5.2, the 'cookie' auth_type uses blowfish + algorithm to encrypt the password. +
+ If at least one server configuration uses 'cookie' auth_type, + enter here a passphrase that will be used by blowfish. +
+
$cfg['Servers'] array
Since version 1.4.2, phpMyAdmin supports the administration of multiple @@ -517,14 +526,6 @@ $cfg['PmaAbsoluteUri'] = (!empty($_SERVER['HTTPS']) ? 'https' : 'http') . '://'

-
- $cfg['Servers'][$i]['blowfish_secret'] string
-
-
- If your are using "cookie" auth_type, enter here - a secret passphrase which will be used by the blowfish encryption - mecanism to protect the password stored in the temporary cookie. -
$cfg['Servers'][$i]['user'] string
$cfg['Servers'][$i]['password'] string diff --git a/config.inc.php3 b/config.inc.php3 index 92e3af9c2..1549b936a 100755 --- a/config.inc.php3 +++ b/config.inc.php3 @@ -52,6 +52,12 @@ $cfg['PmaAbsoluteUri_DisableWarning'] = FALSE; */ $cfg['PmaNoRelation_DisableWarning'] = FALSE; +/** + * The 'cookie' auth_type uses blowfish algorithm to encrypt the password. + * If at least one server configuration uses 'cookie' auth_type, + * enter here a passphrase that will be used by blowfish. + */ +$cfg['blowfish_secret'] = ''; /** * Server(s) configuration @@ -71,9 +77,6 @@ $cfg['Servers'][$i]['controluser'] = ''; // MySQL control user settin $cfg['Servers'][$i]['controlpass'] = ''; // access to the "mysql/user" // and "mysql/db" tables) $cfg['Servers'][$i]['auth_type'] = 'config'; // Authentication method (config, http or cookie based)? -$cfg['Servers'][$i]['blowfish_secret'] = ''; // Secret key used by - // blowfish encryption - // (if auth_type='cookie') $cfg['Servers'][$i]['user'] = 'root'; // MySQL user $cfg['Servers'][$i]['password'] = ''; // MySQL password (only needed // with 'config' auth_type) @@ -127,7 +130,6 @@ $cfg['Servers'][$i]['compress'] = FALSE; $cfg['Servers'][$i]['controluser'] = ''; $cfg['Servers'][$i]['controlpass'] = ''; $cfg['Servers'][$i]['auth_type'] = 'config'; -$cfg['Servers'][$i]['blowfish_secret'] = ''; $cfg['Servers'][$i]['user'] = 'root'; $cfg['Servers'][$i]['password'] = ''; $cfg['Servers'][$i]['only_db'] = ''; @@ -155,7 +157,6 @@ $cfg['Servers'][$i]['compress'] = FALSE; $cfg['Servers'][$i]['controluser'] = ''; $cfg['Servers'][$i]['controlpass'] = ''; $cfg['Servers'][$i]['auth_type'] = 'config'; -$cfg['Servers'][$i]['blowfish_secret'] = ''; $cfg['Servers'][$i]['user'] = 'root'; $cfg['Servers'][$i]['password'] = ''; $cfg['Servers'][$i]['only_db'] = ''; diff --git a/libraries/auth/cookie.auth.lib.php3 b/libraries/auth/cookie.auth.lib.php3 index fb61845ea..6b11f143c 100644 --- a/libraries/auth/cookie.auth.lib.php3 +++ b/libraries/auth/cookie.auth.lib.php3 @@ -242,7 +242,7 @@ input.textfield {font-family: ; font-size:

@@ -435,7 +435,7 @@ if (uname.value == '') { $from_cookie = FALSE; } $PHP_AUTH_PW = base64_decode($PHP_AUTH_PW); - $PHP_AUTH_PW = PMA_blowfish_decrypt($PHP_AUTH_PW,$GLOBALS['cfg']['Server']['blowfish_secret']); + $PHP_AUTH_PW = PMA_blowfish_decrypt($PHP_AUTH_PW,$GLOBALS['cfg']['blowfish_secret']); if ($PHP_AUTH_PW == "\xff(blank)") { $PHP_AUTH_PW = ''; @@ -507,7 +507,7 @@ if (uname.value == '') { // Some binary contents are now retrieved properly when stored // as a cookie, so we base64_encode() setcookie('pma_cookie_password', - base64_encode(PMA_blowfish_encrypt(((!empty($cfg['Server']['password'])) ? $cfg['Server']['password'] : "\xff(blank)"), $GLOBALS['cfg']['Server']['blowfish_secret'])), + base64_encode(PMA_blowfish_encrypt(((!empty($cfg['Server']['password'])) ? $cfg['Server']['password'] : "\xff(blank)"), $GLOBALS['cfg']['blowfish_secret'])), 0, $GLOBALS['cookie_path'], '', $GLOBALS['is_https']); diff --git a/user_password.php3 b/user_password.php3 index b58e8a7e9..bd76f4046 100644 --- a/user_password.php3 +++ b/user_password.php3 @@ -55,7 +55,7 @@ if (isset($nopass)) { // Changes password cookie if required if ($cfg['Server']['auth_type'] == 'cookie') { - setcookie('pma_cookie_password', base64_encode(PMA_blowfish_encrypt($pma_pw,$GLOBALS['cfg']['Server']['blowfish_secret'])), 0, $cookie_path, '', $is_https); + setcookie('pma_cookie_password', base64_encode(PMA_blowfish_encrypt($pma_pw,$GLOBALS['cfg']['blowfish_secret'])), 0, $cookie_path, '', $is_https); } // end if // For http auth. mode, the "back" link will also enforce new // authentication