From 8fb267930eebb72e0f5eb23044ac439c950461e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <mcihar@novell.com>
Date: Fri, 18 Mar 2011 16:12:16 +0100
Subject: [PATCH] bug #3039384 [auth] Force signon auth on signon URL change.

---
 ChangeLog                          |  1 +
 libraries/auth/signon.auth.lib.php | 11 +++++++++++
 2 files changed, 12 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 89736735a..d9897e86d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -149,6 +149,7 @@
 - bug #3206876 [core] Work without mbstring installed.
 - rfe #3196075, patch #3212068 [interface] Add links to variables documentation.
 - bug #3208723 [import] Fix import of utf-8 XML files.
+- bug #3039384 [auth] Force signon auth on signon URL change.
 
 3.3.10.0 (not yet released)
 - patch #3147400 [structure] Aria table size printed as unknown,
diff --git a/libraries/auth/signon.auth.lib.php b/libraries/auth/signon.auth.lib.php
index 6eb0ead93..3e0d64bce 100644
--- a/libraries/auth/signon.auth.lib.php
+++ b/libraries/auth/signon.auth.lib.php
@@ -19,6 +19,7 @@
  * @access  public
  */
 function PMA_auth() {
+    unset($_SESSION['LAST_SIGNON_URL']);
     if (empty($GLOBALS['cfg']['Server']['SignonURL'])) {
         PMA_fatalError('You must set SignonURL!');
     } elseif (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) {
@@ -54,9 +55,17 @@ function PMA_auth_check()
 {
     global $PHP_AUTH_USER, $PHP_AUTH_PW;
 
+    /* Check if we're using same sigon server */
+    if (isset($_SESSION['LAST_SIGNON_URL']) && $_SESSION['LAST_SIGNON_URL'] != $GLOBALS['cfg']['Server']['SignonURL']) {
+        return false;
+    }
+
     /* Session name */
     $session_name = $GLOBALS['cfg']['Server']['SignonSession'];
 
+    /* Login URL */
+    $signon_url = $GLOBALS['cfg']['Server']['SignonURL'];
+
     /* Current host */
     $single_signon_host = $GLOBALS['cfg']['Server']['host'];
 
@@ -150,8 +159,10 @@ function PMA_auth_check()
 
     // Returns whether we get authentication settings or not
     if (empty($PHP_AUTH_USER)) {
+        unset($_SESSION['LAST_SIGNON_URL']);
         return false;
     } else {
+        $_SESSION['LAST_SIGNON_URL'] = $GLOBALS['cfg']['Server']['SignonURL'];
         return true;
     }
 } // end of the 'PMA_auth_check()' function