introducing sessions
This commit is contained in:
Sebastian Mendel
@@ -14,6 +14,9 @@ $Source$
|
|||||||
* libraries/sql_query_form.lib.php: completed function docblocks
|
* libraries/sql_query_form.lib.php: completed function docblocks
|
||||||
* css/phpmyadmin.css.php:
|
* css/phpmyadmin.css.php:
|
||||||
partially fixed bug: odd display of navtabs in Gecko-Browsers
|
partially fixed bug: odd display of navtabs in Gecko-Browsers
|
||||||
|
* libraries/session.inc.php, libraries/grab_globals.lib.php,
|
||||||
|
libraries/common.lib.php, libraries/auth/cookie.auth.lib.php:
|
||||||
|
introducing sessions
|
||||||
|
|
||||||
2005-09-27 Michal Čihař <michal@cihar.com>
|
2005-09-27 Michal Čihař <michal@cihar.com>
|
||||||
* lang/czech: Update.
|
* lang/czech: Update.
|
||||||
|
|||||||
@@ -598,7 +598,8 @@ function PMA_auth_set_user()
|
|||||||
header('Refresh: 0; url=' . $cfg['PmaAbsoluteUri'] . 'index.php?' . PMA_generate_common_url('', '', '&'));
|
header('Refresh: 0; url=' . $cfg['PmaAbsoluteUri'] . 'index.php?' . PMA_generate_common_url('', '', '&'));
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
header('Location: ' . $cfg['PmaAbsoluteUri'] . 'index.php?' . PMA_generate_common_url('', '', '&'));
|
header( 'Location: ' . $cfg['PmaAbsoluteUri'] . 'index.php?'
|
||||||
|
. PMA_generate_common_url('', '', '&') . '&' . SID );
|
||||||
}
|
}
|
||||||
exit();
|
exit();
|
||||||
} // end if
|
} // end if
|
||||||
|
|||||||
@@ -107,7 +107,10 @@ if (file_exists('./config.inc.php')) {
|
|||||||
. '&char=' . urlencode( $charset )
|
. '&char=' . urlencode( $charset )
|
||||||
. '&dir=' . urlencode( $text_dir )
|
. '&dir=' . urlencode( $text_dir )
|
||||||
. '&type=' . urlencode( $strError )
|
. '&type=' . urlencode( $strError )
|
||||||
. '&error=' . urlencode( strtr($strConfigFileError, array('<br />' => '[br]')) . '[br][br]' . '[a@./config.inc.php@_blank]config.inc.php[/a]' )
|
. '&error=' . urlencode(
|
||||||
|
strtr( $strConfigFileError, array( '<br />' => '[br]' ) )
|
||||||
|
. '[br][br]' . '[a@./config.inc.php@_blank]config.inc.php[/a]' )
|
||||||
|
. '&' . SID
|
||||||
);
|
);
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
@@ -129,7 +132,10 @@ if (!function_exists('preg_replace')) {
|
|||||||
. '&char=' . urlencode( $charset )
|
. '&char=' . urlencode( $charset )
|
||||||
. '&dir=' . urlencode( $text_dir )
|
. '&dir=' . urlencode( $text_dir )
|
||||||
. '&type=' . urlencode( $strError )
|
. '&type=' . urlencode( $strError )
|
||||||
. '&error=' . urlencode( strtr(sprintf($strCantLoad, 'pcre'), array('<br />' => '[br]')))
|
. '&error=' . urlencode(
|
||||||
|
strtr( sprintf( $strCantLoad, 'pcre' ),
|
||||||
|
array('<br />' => '[br]') ) )
|
||||||
|
. '&' . SID
|
||||||
);
|
);
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
@@ -1166,7 +1172,10 @@ if ($is_minimum_common == FALSE) {
|
|||||||
. '&char=' . urlencode( $charset )
|
. '&char=' . urlencode( $charset )
|
||||||
. '&dir=' . urlencode( $text_dir )
|
. '&dir=' . urlencode( $text_dir )
|
||||||
. '&type=' . urlencode( $strError )
|
. '&type=' . urlencode( $strError )
|
||||||
. '&error=' . urlencode( strtr($strPmaUriError, array('<tt>' => '[tt]', '</tt>' => '[/tt]')))
|
. '&error=' . urlencode(
|
||||||
|
strtr( $strPmaUriError,
|
||||||
|
array( '<tt>' => '[tt]', '</tt>' => '[/tt]' ) ) )
|
||||||
|
. '&' . SID
|
||||||
);
|
);
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
@@ -1241,7 +1250,14 @@ if ($is_minimum_common == FALSE) {
|
|||||||
|
|
||||||
//
|
//
|
||||||
if ($cfg['ForceSLL'] && !$is_https) {
|
if ($cfg['ForceSLL'] && !$is_https) {
|
||||||
header('Location: ' . preg_replace('/^http/', 'https', $cfg['PmaAbsoluteUri']) . (isset($_SERVER['REQUEST_URI']) ? preg_replace('@' . $pma_uri_parts['path'] . '@', '', $_SERVER['REQUEST_URI']) : '' ));
|
header(
|
||||||
|
'Location: ' . preg_replace(
|
||||||
|
'/^http/', 'https', $cfg['PmaAbsoluteUri'] )
|
||||||
|
. ( isset( $_SERVER['REQUEST_URI'] )
|
||||||
|
? preg_replace( '@' . $pma_uri_parts['path'] . '@',
|
||||||
|
'', $_SERVER['REQUEST_URI'] )
|
||||||
|
: '' )
|
||||||
|
. '&' . SID );
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1308,7 +1324,10 @@ if ($is_minimum_common == FALSE) {
|
|||||||
. '&char=' . urlencode( $charset )
|
. '&char=' . urlencode( $charset )
|
||||||
. '&dir=' . urlencode( $text_dir )
|
. '&dir=' . urlencode( $text_dir )
|
||||||
. '&type=' . urlencode( $strError )
|
. '&type=' . urlencode( $strError )
|
||||||
. '&error=' . urlencode( $strInvalidAuthMethod . ' ' . $cfg['Server']['auth_type'] )
|
. '&error=' . urlencode(
|
||||||
|
$strInvalidAuthMethod . ' '
|
||||||
|
. $cfg['Server']['auth_type'] )
|
||||||
|
. '&' . SID
|
||||||
);
|
);
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
@@ -1508,7 +1527,7 @@ if ($is_minimum_common == FALSE) {
|
|||||||
echo '</script></body></html>' . "\n";
|
echo '</script></body></html>' . "\n";
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
header('Location: ' . $uri);
|
header( 'Location: ' . $uri . '&' . SID );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -12,6 +12,8 @@
|
|||||||
* loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+
|
* loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
require_once './libraries/session.inc.php';
|
||||||
|
|
||||||
function PMA_gpc_extract($array, &$target, $sanitize = TRUE) {
|
function PMA_gpc_extract($array, &$target, $sanitize = TRUE) {
|
||||||
if (!is_array($array)) {
|
if (!is_array($array)) {
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|||||||
54
libraries/session.inc.php
Normal file
54
libraries/session.inc.php
Normal file
@@ -0,0 +1,54 @@
|
|||||||
|
<?php
|
||||||
|
/* $Id$ */
|
||||||
|
// vim: expandtab sw=4 ts=4 sts=4:
|
||||||
|
/**
|
||||||
|
* session handling
|
||||||
|
*
|
||||||
|
* @see http://www.php.net/session
|
||||||
|
* @uses session_name()
|
||||||
|
* @uses session_start()
|
||||||
|
* @uses session_regenerate_id()
|
||||||
|
* @uses session_id()
|
||||||
|
* @uses strip_tags()
|
||||||
|
* @uses ini_set()
|
||||||
|
* @uses version_compare()
|
||||||
|
* @uses PHP_VERSION
|
||||||
|
*/
|
||||||
|
|
||||||
|
// disable starting of sessions before all setings are done
|
||||||
|
ini_set( 'session.auto_start', false );
|
||||||
|
|
||||||
|
// cookies are safer
|
||||||
|
ini_set( 'session.use_cookies', true );
|
||||||
|
|
||||||
|
// but not all user allow cookies
|
||||||
|
ini_set( 'session.use_only_cookies', false );
|
||||||
|
ini_set( 'session.use_trans_sid', true );
|
||||||
|
ini_set( 'url_rewriter.tags',
|
||||||
|
'a=href,frame=src,input=src,form=fakeentry,fieldset=' );
|
||||||
|
ini_set( 'arg_separator.output' , '&' );
|
||||||
|
|
||||||
|
// delete session/cookies when browser is closed
|
||||||
|
ini_set( 'session.cookie_lifetime', 0 );
|
||||||
|
|
||||||
|
// warn but dont work with bug
|
||||||
|
ini_set( 'session.bug_compat_42', false );
|
||||||
|
ini_set( 'session.bug_compat_warn', true );
|
||||||
|
|
||||||
|
// use more secure session ids (with PHP 5)
|
||||||
|
if ( version_compare( PHP_VERSION, '5.0.0', 'ge' ) ) {
|
||||||
|
ini_set( 'session.hash_function', 1 );
|
||||||
|
ini_set( 'session.hash_bits_per_character', 6 );
|
||||||
|
}
|
||||||
|
|
||||||
|
// start the session
|
||||||
|
session_name( 'phpMyAdmin' );
|
||||||
|
session_start();
|
||||||
|
|
||||||
|
// prevent session fixation and XSS
|
||||||
|
if ( function_exists( 'session_regenerate_id' ) ) {
|
||||||
|
session_regenerate_id( true );
|
||||||
|
} else {
|
||||||
|
session_id( strip_tags( session_id() ) );
|
||||||
|
}
|
||||||
|
?>
|
||||||
Reference in New Issue
Block a user