introducing sessions
This commit is contained in:
Sebastian Mendel
@@ -14,6 +14,9 @@ $Source$
|
||||
* libraries/sql_query_form.lib.php: completed function docblocks
|
||||
* css/phpmyadmin.css.php:
|
||||
partially fixed bug: odd display of navtabs in Gecko-Browsers
|
||||
* libraries/session.inc.php, libraries/grab_globals.lib.php,
|
||||
libraries/common.lib.php, libraries/auth/cookie.auth.lib.php:
|
||||
introducing sessions
|
||||
|
||||
2005-09-27 Michal Čihař <michal@cihar.com>
|
||||
* lang/czech: Update.
|
||||
|
||||
@@ -598,7 +598,8 @@ function PMA_auth_set_user()
|
||||
header('Refresh: 0; url=' . $cfg['PmaAbsoluteUri'] . 'index.php?' . PMA_generate_common_url('', '', '&'));
|
||||
}
|
||||
else {
|
||||
header('Location: ' . $cfg['PmaAbsoluteUri'] . 'index.php?' . PMA_generate_common_url('', '', '&'));
|
||||
header( 'Location: ' . $cfg['PmaAbsoluteUri'] . 'index.php?'
|
||||
. PMA_generate_common_url('', '', '&') . '&' . SID );
|
||||
}
|
||||
exit();
|
||||
} // end if
|
||||
|
||||
@@ -107,7 +107,10 @@ if (file_exists('./config.inc.php')) {
|
||||
. '&char=' . urlencode( $charset )
|
||||
. '&dir=' . urlencode( $text_dir )
|
||||
. '&type=' . urlencode( $strError )
|
||||
. '&error=' . urlencode( strtr($strConfigFileError, array('<br />' => '[br]')) . '[br][br]' . '[a@./config.inc.php@_blank]config.inc.php[/a]' )
|
||||
. '&error=' . urlencode(
|
||||
strtr( $strConfigFileError, array( '<br />' => '[br]' ) )
|
||||
. '[br][br]' . '[a@./config.inc.php@_blank]config.inc.php[/a]' )
|
||||
. '&' . SID
|
||||
);
|
||||
exit();
|
||||
}
|
||||
@@ -129,7 +132,10 @@ if (!function_exists('preg_replace')) {
|
||||
. '&char=' . urlencode( $charset )
|
||||
. '&dir=' . urlencode( $text_dir )
|
||||
. '&type=' . urlencode( $strError )
|
||||
. '&error=' . urlencode( strtr(sprintf($strCantLoad, 'pcre'), array('<br />' => '[br]')))
|
||||
. '&error=' . urlencode(
|
||||
strtr( sprintf( $strCantLoad, 'pcre' ),
|
||||
array('<br />' => '[br]') ) )
|
||||
. '&' . SID
|
||||
);
|
||||
exit();
|
||||
}
|
||||
@@ -1166,7 +1172,10 @@ if ($is_minimum_common == FALSE) {
|
||||
. '&char=' . urlencode( $charset )
|
||||
. '&dir=' . urlencode( $text_dir )
|
||||
. '&type=' . urlencode( $strError )
|
||||
. '&error=' . urlencode( strtr($strPmaUriError, array('<tt>' => '[tt]', '</tt>' => '[/tt]')))
|
||||
. '&error=' . urlencode(
|
||||
strtr( $strPmaUriError,
|
||||
array( '<tt>' => '[tt]', '</tt>' => '[/tt]' ) ) )
|
||||
. '&' . SID
|
||||
);
|
||||
exit();
|
||||
}
|
||||
@@ -1241,7 +1250,14 @@ if ($is_minimum_common == FALSE) {
|
||||
|
||||
//
|
||||
if ($cfg['ForceSLL'] && !$is_https) {
|
||||
header('Location: ' . preg_replace('/^http/', 'https', $cfg['PmaAbsoluteUri']) . (isset($_SERVER['REQUEST_URI']) ? preg_replace('@' . $pma_uri_parts['path'] . '@', '', $_SERVER['REQUEST_URI']) : '' ));
|
||||
header(
|
||||
'Location: ' . preg_replace(
|
||||
'/^http/', 'https', $cfg['PmaAbsoluteUri'] )
|
||||
. ( isset( $_SERVER['REQUEST_URI'] )
|
||||
? preg_replace( '@' . $pma_uri_parts['path'] . '@',
|
||||
'', $_SERVER['REQUEST_URI'] )
|
||||
: '' )
|
||||
. '&' . SID );
|
||||
exit;
|
||||
}
|
||||
|
||||
@@ -1308,7 +1324,10 @@ if ($is_minimum_common == FALSE) {
|
||||
. '&char=' . urlencode( $charset )
|
||||
. '&dir=' . urlencode( $text_dir )
|
||||
. '&type=' . urlencode( $strError )
|
||||
. '&error=' . urlencode( $strInvalidAuthMethod . ' ' . $cfg['Server']['auth_type'] )
|
||||
. '&error=' . urlencode(
|
||||
$strInvalidAuthMethod . ' '
|
||||
. $cfg['Server']['auth_type'] )
|
||||
. '&' . SID
|
||||
);
|
||||
exit();
|
||||
}
|
||||
@@ -1508,7 +1527,7 @@ if ($is_minimum_common == FALSE) {
|
||||
echo '</script></body></html>' . "\n";
|
||||
|
||||
} else {
|
||||
header('Location: ' . $uri);
|
||||
header( 'Location: ' . $uri . '&' . SID );
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -12,6 +12,8 @@
|
||||
* loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+
|
||||
*/
|
||||
|
||||
require_once './libraries/session.inc.php';
|
||||
|
||||
function PMA_gpc_extract($array, &$target, $sanitize = TRUE) {
|
||||
if (!is_array($array)) {
|
||||
return FALSE;
|
||||
|
||||
54
libraries/session.inc.php
Normal file
54
libraries/session.inc.php
Normal file
@@ -0,0 +1,54 @@
|
||||
<?php
|
||||
/* $Id$ */
|
||||
// vim: expandtab sw=4 ts=4 sts=4:
|
||||
/**
|
||||
* session handling
|
||||
*
|
||||
* @see http://www.php.net/session
|
||||
* @uses session_name()
|
||||
* @uses session_start()
|
||||
* @uses session_regenerate_id()
|
||||
* @uses session_id()
|
||||
* @uses strip_tags()
|
||||
* @uses ini_set()
|
||||
* @uses version_compare()
|
||||
* @uses PHP_VERSION
|
||||
*/
|
||||
|
||||
// disable starting of sessions before all setings are done
|
||||
ini_set( 'session.auto_start', false );
|
||||
|
||||
// cookies are safer
|
||||
ini_set( 'session.use_cookies', true );
|
||||
|
||||
// but not all user allow cookies
|
||||
ini_set( 'session.use_only_cookies', false );
|
||||
ini_set( 'session.use_trans_sid', true );
|
||||
ini_set( 'url_rewriter.tags',
|
||||
'a=href,frame=src,input=src,form=fakeentry,fieldset=' );
|
||||
ini_set( 'arg_separator.output' , '&' );
|
||||
|
||||
// delete session/cookies when browser is closed
|
||||
ini_set( 'session.cookie_lifetime', 0 );
|
||||
|
||||
// warn but dont work with bug
|
||||
ini_set( 'session.bug_compat_42', false );
|
||||
ini_set( 'session.bug_compat_warn', true );
|
||||
|
||||
// use more secure session ids (with PHP 5)
|
||||
if ( version_compare( PHP_VERSION, '5.0.0', 'ge' ) ) {
|
||||
ini_set( 'session.hash_function', 1 );
|
||||
ini_set( 'session.hash_bits_per_character', 6 );
|
||||
}
|
||||
|
||||
// start the session
|
||||
session_name( 'phpMyAdmin' );
|
||||
session_start();
|
||||
|
||||
// prevent session fixation and XSS
|
||||
if ( function_exists( 'session_regenerate_id' ) ) {
|
||||
session_regenerate_id( true );
|
||||
} else {
|
||||
session_id( strip_tags( session_id() ) );
|
||||
}
|
||||
?>
|
||||
Reference in New Issue
Block a user