[auth] Fixed error handling for signon auth method.

The message is now stored in caller session data and properly displayed in example script.
2011-05-23 10:33:14 +02:00
parent e936257d44
commit adc6de0685
3 changed files with 38 additions and 19 deletions
--- a/1
+++ b/1
@@ -8,6 +8,7 @@
 - bug #3305606 [interface] Show all button wraps on privileges page
 - bug #3305517 [config] Config for export compression not used
 - bug #3305883 [interface] Table is dropped regardless of confirmation
+- [auth] Fixed error handling for signon auth method.

 3.4.1.0 (2011-05-20)
 - bug #3301108 [interface] Synchronize and already configured host
--- a/libraries/auth/signon.auth.lib.php
+++ b/libraries/auth/signon.auth.lib.php
@@ -202,6 +202,22 @@ function PMA_auth_set_user()
 */
 function PMA_auth_fails()
 {
+    /* Session name */
+    $session_name = $GLOBALS['cfg']['Server']['SignonSession'];
+
+    /* Does session exist? */
+    if (isset($_COOKIE[$session_name])) {
+        /* End current session */
+        $old_session = session_name();
+        $old_id = session_id();
+        session_write_close();
+
+        /* Load single signon session */
+        session_name($session_name);
+        session_id($_COOKIE[$session_name]);
+        session_start();
+
+        /* Set error message */
        if (! empty($GLOBALS['login_without_password_is_forbidden'])) {
            $_SESSION['PMA_single_signon_error_message'] = __('Login without a password is forbidden by configuration (see AllowNoPassword)');
        } elseif (! empty($GLOBALS['allowDeny_forbidden'])) {
@@ -215,6 +231,7 @@ function PMA_auth_fails()
        } else {
            $_SESSION['PMA_single_signon_error_message'] = __('Cannot log in to the MySQL server');
        }
+    }
    PMA_auth();
 } // end of the 'PMA_auth_fails()' function

--- a/scripts/signon.php
+++ b/scripts/signon.php
@@ -11,14 +11,15 @@
 * @subpackage Example
 */

+/* Need to have cookie visible from parent directory */
+session_set_cookie_params(0, '/', '', 0);
+/* Create signon session */
+$session_name = 'SignonSession';
+session_name($session_name);
+session_start();
+
 /* Was data posted? */
 if (isset($_POST['user'])) {
-    /* Need to have cookie visible from parent directory */
-    session_set_cookie_params(0, '/', '', 0);
-    /* Create signon session */
-    $session_name = 'SignonSession';
-    session_name($session_name);
-    session_start();
    /* Store there credentials */
    $_SESSION['PMA_single_signon_user'] = $_POST['user'];
    $_SESSION['PMA_single_signon_password'] = $_POST['password'];
@@ -47,7 +48,7 @@ if (isset($_POST['user'])) {
 <body>
 <?php
 if (isset($_SESSION['PMA_single_signon_error_message'])) {
-    echo '<p class="error">' . $_SESSION['PMA_single_signon_message'] . '</p>';
+    echo '<p class="error">' . $_SESSION['PMA_single_signon_error_message'] . '</p>';
 }
 ?>
 <form action="signon.php" method="post">