nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improved and cleaned up http auth.

Browse Source
This commit is contained in:
Michal Čihař
2005-12-09 11:11:44 +00:00
parent 12f1164148
commit c10246cc1e
3 changed files with 28 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@@ -5,6 +5,11 @@ phpMyAdmin - Changelog
$Id$
$Source$
2005-12-09 Michal Čihař <michal@cihar.com>
* libraries/auth/http.auth.lib.php: Simplify code, use getenv, support for
CGI (inspired by patch #1375495).
* Documentation.html: Clarify http auth description.
2005-12-09 Sebastian Mendel <cybot_tm@users.sourceforge.net>
* libraries/dbi:
PMA_DBI_free_result() now accepts more than one resource to be freed

8
Documentation.html
View File

@@ -370,10 +370,10 @@ GRANT SELECT, INSERT, UPDATE, DELETE ON &lt;pma_db&gt;.* TO 'pma'@'localhost';
<li>Was called 'advanced' in versions before 2.2.3.</li>
<li>Introduced in 1.3.0, it uses Basic HTTP authentication method and
allows you to login as any valid MySQL user.</li>
<li>Is supported with PHP running as an Apache module. For IIS (ISAPI)
support using CGI PHP, see <a href="#faq1_32">FAQ 1.32</a>.</li>
<li>See also <a href="#faq4_4">FAQ 4.4</a> about not using the <i>.htaccess</i> mechanism along
with 'http' authentication mode.</li>
<li>Is supported with most PHP configurations. For IIS (ISAPI) support
using CGI PHP, see <a href="#faq1_32">FAQ 1.32</a>.</li>
<li>See also <a href="#faq4_4">FAQ 4.4</a> about not using the
<i>.htaccess</i> mechanism along with 'http' authentication mode.</li>
</ul>
<h4>'cookie' authentication mode</h4>

75
libraries/auth/http.auth.lib.php
View File

@@ -73,8 +73,6 @@ function PMA_auth() {
function PMA_auth_check()
{
global $PHP_AUTH_USER, $PHP_AUTH_PW;
global $REMOTE_USER, $AUTH_USER, $REMOTE_PASSWORD, $AUTH_PASSWORD;
global $HTTP_AUTHORIZATION;
global $old_usr;
// Grabs the $PHP_AUTH_USER variable whatever are the values of the
@@ -84,25 +82,22 @@ function PMA_auth_check()
if (!empty($_SERVER) && isset($_SERVER['PHP_AUTH_USER'])) {
$PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER'];
}
else if (isset($REMOTE_USER)) {
$PHP_AUTH_USER = $REMOTE_USER;
}
else if (!empty($_ENV) && isset($_ENV['REMOTE_USER'])) {
$PHP_AUTH_USER = $_ENV['REMOTE_USER'];
}
// CGI, might be encoded, see bellow
else if (@getenv('REMOTE_USER')) {
$PHP_AUTH_USER = getenv('REMOTE_USER');
}
// Fix from Matthias Fichtner for WebSite Professional - Part 1
else if (isset($AUTH_USER)) {
$PHP_AUTH_USER = $AUTH_USER;
}
else if (!empty($_ENV) && isset($_ENV['AUTH_USER'])) {
$PHP_AUTH_USER = $_ENV['AUTH_USER'];
}
// WebSite Professional
else if (@getenv('AUTH_USER')) {
$PHP_AUTH_USER = getenv('AUTH_USER');
}
// IIS, might be encoded, see bellow
else if (@getenv('HTTP_AUTHORIZATION')) {
$PHP_AUTH_USER = getenv('HTTP_AUTHORIZATION');
}
// FastCGI, might be encoded, see bellow
else if (@getenv('Authorization')) {
$PHP_AUTH_USER = getenv('Authorization');
}
}
// Grabs the $PHP_AUTH_PW variable whatever are the values of the
// 'register_globals' and the 'variables_order' directives
@@ -111,56 +106,24 @@ function PMA_auth_check()
if (!empty($_SERVER) && isset($_SERVER['PHP_AUTH_PW'])) {
$PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW'];
}
else if (isset($REMOTE_PASSWORD)) {
$PHP_AUTH_PW = $REMOTE_PASSWORD;
}
else if (!empty($_ENV) && isset($_ENV['REMOTE_PASSWORD'])) {
$PHP_AUTH_PW = $_ENV['REMOTE_PASSWORD'];
}
// Apache/CGI
else if (@getenv('REMOTE_PASSWORD')) {
$PHP_AUTH_PW = getenv('REMOTE_PASSWORD');
}
// Fix from Matthias Fichtner for WebSite Professional - Part 2
else if (isset($AUTH_PASSWORD)) {
$PHP_AUTH_PW = $AUTH_PASSWORD;
}
else if (!empty($_ENV) && isset($_ENV['AUTH_PASSWORD'])) {
$PHP_AUTH_PW = $_ENV['AUTH_PASSWORD'];
}
// WebSite Professional
else if (@getenv('AUTH_PASSWORD')) {
$PHP_AUTH_PW = getenv('AUTH_PASSWORD');
}
}
// Gets authenticated user settings with IIS
if (empty($PHP_AUTH_USER) && empty($PHP_AUTH_PW)) {
if (!empty($HTTP_AUTHORIZATION)
&& substr($HTTP_AUTHORIZATION, 0, 6) == 'Basic ') {
list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', base64_decode(substr($HTTP_AUTHORIZATION, 6)));
}
else if (!empty($_ENV)
&& isset($_ENV['HTTP_AUTHORIZATION'])
&& substr($_ENV['HTTP_AUTHORIZATION'], 0, 6) == 'Basic ') {
list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', base64_decode(substr($_ENV['HTTP_AUTHORIZATION'], 6)));
}
else if (@getenv('HTTP_AUTHORIZATION')
&& substr(getenv('HTTP_AUTHORIZATION'), 0, 6) == 'Basic ') {
list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', base64_decode(substr(getenv('HTTP_AUTHORIZATION'), 6)));
}
} // end IIS
// Gets authenticated user settings with FastCGI
// set FastCGI option '-pass-header Authorization'
if (empty($PHP_AUTH_USER) && empty($PHP_AUTH_PW)) {
if (!empty($_ENV)
&& isset($_ENV['Authorization'])
&& substr($_ENV['Authorization'], 0, 6) == 'Basic ') {
list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', base64_decode(substr($_ENV['Authorization'], 6)));
// Decode possibly encoded information (used by IIS/CGI/FastCGI)
if (empty($PHP_AUTH_PW) && substr($PHP_AUTH_USER, 0, 6) == 'Basic ') {
$usr_pass = base64_decode(substr($PMA_AUTH_USER, 6));
if (!empty($usr_pass) && !(strpos($usr_pass, ':') === FALSE)) {
list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', $usr_pass);
}
else if (@getenv('Authorization')
&& substr(getenv('Authorization'), 0, 6) == 'Basic ') {
list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', base64_decode(substr(getenv('Authorization'), 6)));
}
} // end FastCGI
unset($usr_pass);
}
// User logged out -> ensure the new username is not the same
if (!empty($old_usr)