diff --git a/ChangeLog b/ChangeLog index d636d4766..1bd2c5f83 100755 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,11 @@ phpMyAdmin - Changelog $Id$ $Source$ +2005-12-09 Michal Čihař + * libraries/auth/http.auth.lib.php: Simplify code, use getenv, support for + CGI (inspired by patch #1375495). + * Documentation.html: Clarify http auth description. + 2005-12-09 Sebastian Mendel * libraries/dbi: PMA_DBI_free_result() now accepts more than one resource to be freed diff --git a/Documentation.html b/Documentation.html index e016864df..6f3ec6b8a 100755 --- a/Documentation.html +++ b/Documentation.html @@ -370,10 +370,10 @@ GRANT SELECT, INSERT, UPDATE, DELETE ON <pma_db>.* TO 'pma'@'localhost';
  • Was called 'advanced' in versions before 2.2.3.
  • Introduced in 1.3.0, it uses Basic HTTP authentication method and allows you to login as any valid MySQL user.
    • -
  • Is supported with PHP running as an Apache module. For IIS (ISAPI) - support using CGI PHP, see FAQ 1.32.
    • -
  • See also FAQ 4.4 about not using the .htaccess mechanism along - with 'http' authentication mode.
    • +
  • Is supported with most PHP configurations. For IIS (ISAPI) support + using CGI PHP, see FAQ 1.32.
    • +
  • See also FAQ 4.4 about not using the + .htaccess mechanism along with 'http' authentication mode.

    • 'cookie' authentication mode

    diff --git a/libraries/auth/http.auth.lib.php b/libraries/auth/http.auth.lib.php index 7b49fd5a5..bc2fbe72a 100644 --- a/libraries/auth/http.auth.lib.php +++ b/libraries/auth/http.auth.lib.php @@ -73,8 +73,6 @@ function PMA_auth() { function PMA_auth_check() { global $PHP_AUTH_USER, $PHP_AUTH_PW; - global $REMOTE_USER, $AUTH_USER, $REMOTE_PASSWORD, $AUTH_PASSWORD; - global $HTTP_AUTHORIZATION; global $old_usr; // Grabs the $PHP_AUTH_USER variable whatever are the values of the @@ -84,25 +82,22 @@ function PMA_auth_check() if (!empty($_SERVER) && isset($_SERVER['PHP_AUTH_USER'])) { $PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER']; } - else if (isset($REMOTE_USER)) { - $PHP_AUTH_USER = $REMOTE_USER; - } - else if (!empty($_ENV) && isset($_ENV['REMOTE_USER'])) { - $PHP_AUTH_USER = $_ENV['REMOTE_USER']; - } + // CGI, might be encoded, see bellow else if (@getenv('REMOTE_USER')) { $PHP_AUTH_USER = getenv('REMOTE_USER'); } - // Fix from Matthias Fichtner for WebSite Professional - Part 1 - else if (isset($AUTH_USER)) { - $PHP_AUTH_USER = $AUTH_USER; - } - else if (!empty($_ENV) && isset($_ENV['AUTH_USER'])) { - $PHP_AUTH_USER = $_ENV['AUTH_USER']; - } + // WebSite Professional else if (@getenv('AUTH_USER')) { $PHP_AUTH_USER = getenv('AUTH_USER'); } + // IIS, might be encoded, see bellow + else if (@getenv('HTTP_AUTHORIZATION')) { + $PHP_AUTH_USER = getenv('HTTP_AUTHORIZATION'); + } + // FastCGI, might be encoded, see bellow + else if (@getenv('Authorization')) { + $PHP_AUTH_USER = getenv('Authorization'); + } } // Grabs the $PHP_AUTH_PW variable whatever are the values of the // 'register_globals' and the 'variables_order' directives @@ -111,56 +106,24 @@ function PMA_auth_check() if (!empty($_SERVER) && isset($_SERVER['PHP_AUTH_PW'])) { $PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW']; } - else if (isset($REMOTE_PASSWORD)) { - $PHP_AUTH_PW = $REMOTE_PASSWORD; - } - else if (!empty($_ENV) && isset($_ENV['REMOTE_PASSWORD'])) { - $PHP_AUTH_PW = $_ENV['REMOTE_PASSWORD']; - } + // Apache/CGI else if (@getenv('REMOTE_PASSWORD')) { $PHP_AUTH_PW = getenv('REMOTE_PASSWORD'); } - // Fix from Matthias Fichtner for WebSite Professional - Part 2 - else if (isset($AUTH_PASSWORD)) { - $PHP_AUTH_PW = $AUTH_PASSWORD; - } - else if (!empty($_ENV) && isset($_ENV['AUTH_PASSWORD'])) { - $PHP_AUTH_PW = $_ENV['AUTH_PASSWORD']; - } + // WebSite Professional else if (@getenv('AUTH_PASSWORD')) { $PHP_AUTH_PW = getenv('AUTH_PASSWORD'); } } - // Gets authenticated user settings with IIS - if (empty($PHP_AUTH_USER) && empty($PHP_AUTH_PW)) { - if (!empty($HTTP_AUTHORIZATION) - && substr($HTTP_AUTHORIZATION, 0, 6) == 'Basic ') { - list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', base64_decode(substr($HTTP_AUTHORIZATION, 6))); - } - else if (!empty($_ENV) - && isset($_ENV['HTTP_AUTHORIZATION']) - && substr($_ENV['HTTP_AUTHORIZATION'], 0, 6) == 'Basic ') { - list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', base64_decode(substr($_ENV['HTTP_AUTHORIZATION'], 6))); - } - else if (@getenv('HTTP_AUTHORIZATION') - && substr(getenv('HTTP_AUTHORIZATION'), 0, 6) == 'Basic ') { - list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', base64_decode(substr(getenv('HTTP_AUTHORIZATION'), 6))); - } - } // end IIS - // Gets authenticated user settings with FastCGI - // set FastCGI option '-pass-header Authorization' - if (empty($PHP_AUTH_USER) && empty($PHP_AUTH_PW)) { - if (!empty($_ENV) - && isset($_ENV['Authorization']) - && substr($_ENV['Authorization'], 0, 6) == 'Basic ') { - list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', base64_decode(substr($_ENV['Authorization'], 6))); + // Decode possibly encoded information (used by IIS/CGI/FastCGI) + if (empty($PHP_AUTH_PW) && substr($PHP_AUTH_USER, 0, 6) == 'Basic ') { + $usr_pass = base64_decode(substr($PMA_AUTH_USER, 6)); + if (!empty($usr_pass) && !(strpos($usr_pass, ':') === FALSE)) { + list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', $usr_pass); } - else if (@getenv('Authorization') - && substr(getenv('Authorization'), 0, 6) == 'Basic ') { - list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', base64_decode(substr(getenv('Authorization'), 6))); - } - } // end FastCGI + unset($usr_pass); + } // User logged out -> ensure the new username is not the same if (!empty($old_usr)