nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ensured:

Browse Source 
* the same rules apply whatever is the authentication mode
* and that the cfgServers[i]['only_db'] is really used.
This commit is contained in:
Loïc Chapeaux
2001-10-22 21:14:45 +00:00
parent 9f09953f2e
commit a8d212b571
2 changed files with 164 additions and 170 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@@ -8,6 +8,8 @@ $Source$
2001-10-22 Lo<4C>c Chapeaux <lolo@phpheaven.net> 2001-10-22 Lo<4C>c Chapeaux <lolo@phpheaven.net>
* Ducumentation.html, line 299: added some requirements for sockets. * Ducumentation.html, line 299: added some requirements for sockets.
* main.php3: ensured sockets aren't displayed and used if php < 3.0.10. * main.php3: ensured sockets aren't displayed and used if php < 3.0.10.
* libraries/common.lib.php3: ensured the same rules apply whatever is the
authentication mode and that the cfgServers[i]['only_db'] is really used.
2001-10-22 Robin Johnson <robbat2@users.sourceforge.net> 2001-10-22 Robin Johnson <robbat2@users.sourceforge.net>
* config.inc.php3: remove ENCODE, DECODE, ENCRYPT functions. * config.inc.php3: remove ENCODE, DECODE, ENCRYPT functions.

166
libraries/common.lib.php3
View File

@@ -23,6 +23,8 @@ if (!defined('__LIB_COMMON__')){
* the include of libraries/defines.lib.php3 must be after the connection * the include of libraries/defines.lib.php3 must be after the connection
* to db to get the MySql version * to db to get the MySql version
* *
* the sql_addslashes() function must be before the connection to db
*
* the auth() function must be before the connection to db but after the * the auth() function must be before the connection to db but after the
* pmaIsInto() function * pmaIsInto() function
* *
@@ -36,6 +38,7 @@ if (!defined('__LIB_COMMON__')){
* - first load of the libraries/define.lib.php3 library (won't get the * - first load of the libraries/define.lib.php3 library (won't get the
* MySQL release number) * MySQL release number)
* - load of mysql extension (if necessary) * - load of mysql extension (if necessary)
* - definition of sql_addslashes()
* - definition of mysql_die() * - definition of mysql_die()
* - definition of pmaIsInto() * - definition of pmaIsInto()
* - db connection * - db connection
@@ -178,6 +181,31 @@ if (!defined('__LIB_COMMON__')){
} // end load mysql extension } // end load mysql extension
/**
* Add slashes before "'" and "\" characters so a value containing them can
* be used in a sql comparison.
*
* @param string the string to slash
* @param boolean whether the string will be used in a 'LIKE' clause
* (it then requires two more escaped sequences) or not
*
* @return string the slashed string
*
* @access public
*/
function sql_addslashes($a_string = '', $is_like = FALSE)
{
if ($is_like) {
$a_string = str_replace('\\', '\\\\\\\\', $a_string);
} else {
$a_string = str_replace('\\', '\\\\', $a_string);
}
$a_string = str_replace('\'', '\\\'', $a_string);
return $a_string;
} // end of the 'sql_addslashes()' function
/** /**
* Displays a MySQL error message in the right frame. * Displays a MySQL error message in the right frame.
* *
@@ -394,18 +422,29 @@ if (!defined('__LIB_COMMON__')){
} }
} }
// Calls the authentication window or validates user's login // Calls the authentication window or store user's login/password
if ($do_auth) { if ($do_auth) {
auth(); auth();
} else { } else {
$cfgServer['user'] = (get_magic_quotes_gpc() ? stripslashes($PHP_AUTH_USER) : $PHP_AUTH_USER);
$cfgServer['password'] = (get_magic_quotes_gpc() ? stripslashes($PHP_AUTH_PW) : $PHP_AUTH_PW);
}
} // end advanced authentication
// Connects to the server (validates user's login)
$bkp_track_err = (PHP_INT_VERSION >= 40000) ? @ini_set('track_errors', 1) : ''; $bkp_track_err = (PHP_INT_VERSION >= 40000) ? @ini_set('track_errors', 1) : '';
$dbh = @$connect_func( $dbh = @$connect_func(
$cfgServer['host'] . $server_port . $server_socket, $cfgServer['host'] . $server_port . $server_socket,
$cfgServer['stduser'], $cfgServer['user'],
$cfgServer['stdpass'] $cfgServer['password']
); );
if ($dbh == FALSE) { if ($dbh == FALSE) {
if (mysql_error()) { // Advanced authentication case
if ($cfgServer['adv_auth']) {
auth();
}
// Standard authentication case
else if (mysql_error()) {
$conn_error = mysql_error(); $conn_error = mysql_error();
} else if (isset($php_errormsg)) { } else if (isset($php_errormsg)) {
$conn_error = $php_errormsg; $conn_error = $php_errormsg;
@@ -417,78 +456,63 @@ if (!defined('__LIB_COMMON__')){
} }
$local_query = $connect_func . '(' $local_query = $connect_func . '('
. $cfgServer['host'] . $server_port . $server_socket . ', ' . $cfgServer['host'] . $server_port . $server_socket . ', '
. $cfgServer['stduser'] . ', ' . $cfgServer['user'] . ', '
. $cfgServer['stdpass'] . ')'; . $cfgServer['password'] . ')';
mysql_die($conn_error, $local_query, FALSE); mysql_die($conn_error, $local_query, FALSE);
} else if (PHP_INT_VERSION >= 40000) { } else if (PHP_INT_VERSION >= 40000) {
@ini_set('track_errors', $bkp_track_err); @ini_set('track_errors', $bkp_track_err);
} }
if (get_magic_quotes_gpc()) { // if 'only_db' is set for the current user, there is no need to checks for
$PHP_AUTH_USER = str_replace('\\"', '"', str_replace('\\\\', '\\', $PHP_AUTH_USER)); // available databases in the "mysql" db
$PHP_AUTH_PW = str_replace('\\"', '"', str_replace('\\\\', '\\', $PHP_AUTH_PW)); $do_get_dbs = (count($dblist) == 0);
} else { if ($do_get_dbs) {
$PHP_AUTH_USER = str_replace('\'', '\\\'', $PHP_AUTH_USER);
$PHP_AUTH_PW = str_replace('\'', '\\\'', $PHP_AUTH_PW);
}
$auth_query = 'SELECT User, Password, Select_priv ' $auth_query = 'SELECT User, Password, Select_priv '
. 'FROM mysql.user ' . 'FROM mysql.user '
. 'WHERE ' . 'WHERE '
. 'User = \'' . $PHP_AUTH_USER . '\' ' . 'User = \'' . sql_addslashes($cfgServer['user']) . '\' '
. 'AND Password = PASSWORD(\'' . $PHP_AUTH_PW . '\')'; . 'AND Password = PASSWORD(\'' . sql_addslashes($cfgServer['password']) . '\')';
$rs = mysql_query($auth_query, $dbh) or mysql_die('', $auth_query, FALSE); $rs = mysql_query($auth_query, $dbh); // Debug: or mysql_die('', $auth_query, FALSE);
} // end if
// Invalid login -> relog // Access to "mysql" db allowed -> gets the usable db list
if (@mysql_numrows($rs) <= 0) { if ($do_get_dbs && @mysql_numrows($rs)) {
auth();
}
// Seems to be a valid login...
else {
$row = mysql_fetch_array($rs); $row = mysql_fetch_array($rs);
mysql_free_result($rs); mysql_free_result($rs);
// Correction uva 19991215 // Correction uva 19991215
// Previous code assumed database "mysql" admin table "db" // Previous code assumed database "mysql" admin table "db" column
// column "db" contains literal name of user database, and // "db" contains literal name of user database, and works if so.
// works if so. // Mysql usage generally (and uva usage specifically) allows this
// Mysql usage generally (and uva usage specifically) // column to contain regular expressions (we have all databases
// allows this column to contain regular expressions (we // owned by a given student/faculty/staff beginning with user i.d.
// have all databases owned by a given // and governed by default by a single set of privileges with
// student/faculty/staff beginning with user i.d. and
// governed by default by a single set of privileges with
// regular expression as key). This breaks previous code. // regular expression as key). This breaks previous code.
// This maintenance is to fix code to work correctly for // This maintenance is to fix code to work correctly for regular
// regular expressions. // expressions.
if ($row['Select_priv'] != 'Y') { if ($row['Select_priv'] != 'Y') {
// lem9: User can be blank (anonymous user) // lem9: User can be blank (anonymous user)
$local_query = 'SELECT DISTINCT Db FROM mysql.db WHERE Select_priv = \'Y\' AND (User = \'' . $PHP_AUTH_USER . '\' OR User = \'\')'; $local_query = 'SELECT DISTINCT Db FROM mysql.db WHERE Select_priv = \'Y\' AND (User = \'' . sql_addslashes($cfgServer['user']) . '\' OR User = \'\')';
$rs = mysql_query($local_query) or mysql_die('', $local_query, FALSE); $rs = mysql_query($local_query); // Debug: or mysql_die('', $local_query, FALSE);
if (@mysql_numrows($rs) <= 0) { if (@mysql_numrows($rs) <= 0) {
$local_query = 'SELECT DISTINCT Db FROM mysql.tables_priv WHERE Table_priv LIKE \'%Select%\' AND User = \'' . $PHP_AUTH_USER . '\''; $local_query = 'SELECT DISTINCT Db FROM mysql.tables_priv WHERE Table_priv LIKE \'%Select%\' AND User = \'' . sql_addslashes($cfgServer['user']) . '\'';
$rs = mysql_query($local_query) or mysql_die('', $local_query, FALSE); $rs = mysql_query($local_query); // Debug: or mysql_die('', $local_query, FALSE);
if (@mysql_numrows($rs) <= 0) { if (@mysql_numrows($rs)) {
auth();
} else {
while ($row = mysql_fetch_array($rs)) { while ($row = mysql_fetch_array($rs)) {
// loic1: avoid multiple entries for dbs
if (pmaIsInto($row['Db'], $dblist) == -1) {
$dblist[] = $row['Db']; $dblist[] = $row['Db'];
} }
}
mysql_free_result($rs); mysql_free_result($rs);
} }
} else { } else {
// Will use as associative array of the following 2 // Will use as associative array of the following 2 code
// code lines: // lines:
// the 1st is the only line intact from before // the 1st is the only line intact from before
// correction, // correction,
// the 2nd replaces $dblist[] = $row['Db']; // the 2nd replaces $dblist[] = $row['Db'];
$uva_mydbs = array(); $uva_mydbs = array();
// Code following those 2 lines in correction // Code following those 2 lines in correction continues
// continues populating $dblist[], as previous code // populating $dblist[], as previous code did. But it is
// did. But it is now populated with actual // now populated with actual database names instead of
// database names instead of with regular // with regular expressions.
// expressions.
while ($row = mysql_fetch_array($rs)) { while ($row = mysql_fetch_array($rs)) {
// loic1: all databases cases - part 1 // loic1: all databases cases - part 1
if (empty($row['Db']) || $row['Db'] == '%') { if (empty($row['Db']) || $row['Db'] == '%') {
@@ -499,7 +523,7 @@ if (!defined('__LIB_COMMON__')){
if (!isset($uva_mydbs[$row['Db']])) { if (!isset($uva_mydbs[$row['Db']])) {
$uva_mydbs[$row['Db']] = 1; $uva_mydbs[$row['Db']] = 1;
} }
} } // end while
mysql_free_result($rs); mysql_free_result($rs);
$uva_alldbs = mysql_list_dbs(); $uva_alldbs = mysql_list_dbs();
// loic1: all databases cases - part 2 // loic1: all databases cases - part 2
@@ -518,9 +542,8 @@ if (!defined('__LIB_COMMON__')){
reset($uva_mydbs); reset($uva_mydbs);
while (list($uva_matchpattern, $uva_value) = each($uva_mydbs)) { while (list($uva_matchpattern, $uva_value) = each($uva_mydbs)) {
// loic1: fixed bad regexp // loic1: fixed bad regexp
// TODO: db names may contain // TODO: db names may contain characters
// characters that are regexp // that are regexp instructions
// instructions
$re = '(^|(\\\\\\\\)+|[^\])'; $re = '(^|(\\\\\\\\)+|[^\])';
$uva_regex = ereg_replace($re . '%', '\\1.*', ereg_replace($re . '_', '\\1.{1}', $uva_matchpattern)); $uva_regex = ereg_replace($re . '%', '\\1.*', ereg_replace($re . '_', '\\1.{1}', $uva_matchpattern));
// Fixed db name matching // Fixed db name matching
@@ -530,20 +553,14 @@ if (!defined('__LIB_COMMON__')){
break; break;
} }
} // end while } // end while
} // end if ... else if .... } // end if ... else if....
} // end while } // end while
} // end else } // end else
mysql_free_result($uva_alldbs); mysql_free_result($uva_alldbs);
unset($uva_mydbs); unset($uva_mydbs);
} // end else } // end else
} // end if } // end if
} // end else } // end building available dbs from the "mysql" db
}
// Validation achived -> store user's login/password
$cfgServer['user'] = $PHP_AUTH_USER;
$cfgServer['password'] = $PHP_AUTH_PW;
} // end Advanced authentication
// Do connect to the user's database // Do connect to the user's database
$bkp_track_err = (PHP_INT_VERSION >= 40000) ? @ini_set('track_errors', 1) : ''; $bkp_track_err = (PHP_INT_VERSION >= 40000) ? @ini_set('track_errors', 1) : '';
@@ -734,31 +751,6 @@ if (!defined('__LIB_COMMON__')){
} // end of the 'backquote()' function } // end of the 'backquote()' function
/**
* Add slashes before "'" and "\" characters so a value containing them can
* be used in a sql comparison.
*
* @param string the string to slash
* @param boolean whether the string will be used in a 'LIKE' clause
* (it then requires two more escaped sequences) or not
*
* @return string the slashed string
*
* @access public
*/
function sql_addslashes($a_string = '', $is_like = FALSE)
{
if ($is_like) {
$a_string = str_replace('\\', '\\\\\\\\', $a_string);
} else {
$a_string = str_replace('\\', '\\\\', $a_string);
}
$a_string = str_replace('\'', '\\\'', $a_string);
return $a_string;
} // end of the 'sql_addslashes()' function
/** /**
* Format a string so it can be passed to a javascript function. * Format a string so it can be passed to a javascript function.
* This function is used to displays a javascript confirmation box for * This function is used to displays a javascript confirmation box for