Improved and cleaned up http auth.

2005-12-09 11:11:44 +00:00
parent 12f1164148
commit c10246cc1e
3 changed files with 28 additions and 60 deletions
--- a/libraries/auth/http.auth.lib.php
+++ b/libraries/auth/http.auth.lib.php
@@ -73,8 +73,6 @@ function PMA_auth() {
 function PMA_auth_check()
 {
    global $PHP_AUTH_USER, $PHP_AUTH_PW;
-    global $REMOTE_USER, $AUTH_USER, $REMOTE_PASSWORD, $AUTH_PASSWORD;
-    global $HTTP_AUTHORIZATION;
    global $old_usr;

    // Grabs the $PHP_AUTH_USER variable whatever are the values of the
@@ -84,25 +82,22 @@ function PMA_auth_check()
        if (!empty($_SERVER) && isset($_SERVER['PHP_AUTH_USER'])) {
            $PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER'];
        }
-        else if (isset($REMOTE_USER)) {
-            $PHP_AUTH_USER = $REMOTE_USER;
-        }
-        else if (!empty($_ENV) && isset($_ENV['REMOTE_USER'])) {
-            $PHP_AUTH_USER = $_ENV['REMOTE_USER'];
-        }
+        // CGI, might be encoded, see bellow
        else if (@getenv('REMOTE_USER')) {
            $PHP_AUTH_USER = getenv('REMOTE_USER');
        }
-        // Fix from Matthias Fichtner for WebSite Professional - Part 1
-        else if (isset($AUTH_USER)) {
-            $PHP_AUTH_USER = $AUTH_USER;
-        }
-        else if (!empty($_ENV) && isset($_ENV['AUTH_USER'])) {
-            $PHP_AUTH_USER = $_ENV['AUTH_USER'];
-        }
+        // WebSite Professional
        else if (@getenv('AUTH_USER')) {
            $PHP_AUTH_USER = getenv('AUTH_USER');
        }
+        // IIS, might be encoded, see bellow
+        else if (@getenv('HTTP_AUTHORIZATION')) {
+            $PHP_AUTH_USER = getenv('HTTP_AUTHORIZATION');
+        }
+        // FastCGI, might be encoded, see bellow
+        else if (@getenv('Authorization')) {
+            $PHP_AUTH_USER = getenv('Authorization');
+        }
    }
    // Grabs the $PHP_AUTH_PW variable whatever are the values of the
    // 'register_globals' and the 'variables_order' directives
@@ -111,56 +106,24 @@ function PMA_auth_check()
        if (!empty($_SERVER) && isset($_SERVER['PHP_AUTH_PW'])) {
            $PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW'];
        }
-        else if (isset($REMOTE_PASSWORD)) {
-            $PHP_AUTH_PW = $REMOTE_PASSWORD;
-        }
-        else if (!empty($_ENV) && isset($_ENV['REMOTE_PASSWORD'])) {
-            $PHP_AUTH_PW = $_ENV['REMOTE_PASSWORD'];
-        }
+        // Apache/CGI
        else if (@getenv('REMOTE_PASSWORD')) {
            $PHP_AUTH_PW = getenv('REMOTE_PASSWORD');
        }
-        // Fix from Matthias Fichtner for WebSite Professional - Part 2
-        else if (isset($AUTH_PASSWORD)) {
-            $PHP_AUTH_PW = $AUTH_PASSWORD;
-        }
-        else if (!empty($_ENV) && isset($_ENV['AUTH_PASSWORD'])) {
-            $PHP_AUTH_PW = $_ENV['AUTH_PASSWORD'];
-        }
+        // WebSite Professional
        else if (@getenv('AUTH_PASSWORD')) {
            $PHP_AUTH_PW = getenv('AUTH_PASSWORD');
        }
    }
-    // Gets authenticated user settings with IIS
-    if (empty($PHP_AUTH_USER) && empty($PHP_AUTH_PW)) {
-        if (!empty($HTTP_AUTHORIZATION)
-            && substr($HTTP_AUTHORIZATION, 0, 6) == 'Basic ') {
-            list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', base64_decode(substr($HTTP_AUTHORIZATION, 6)));
-        }
-        else if (!empty($_ENV)
-             && isset($_ENV['HTTP_AUTHORIZATION'])
-             && substr($_ENV['HTTP_AUTHORIZATION'], 0, 6) == 'Basic ') {
-            list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', base64_decode(substr($_ENV['HTTP_AUTHORIZATION'], 6)));
-        }
-        else if (@getenv('HTTP_AUTHORIZATION')
-                 && substr(getenv('HTTP_AUTHORIZATION'), 0, 6) == 'Basic ') {
-            list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', base64_decode(substr(getenv('HTTP_AUTHORIZATION'), 6)));
-        }
-    } // end IIS

-    // Gets authenticated user settings with FastCGI
-    // set FastCGI option '-pass-header Authorization'
-    if (empty($PHP_AUTH_USER) && empty($PHP_AUTH_PW)) {
-        if (!empty($_ENV)
-            && isset($_ENV['Authorization'])
-            && substr($_ENV['Authorization'], 0, 6) == 'Basic ') {
-            list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', base64_decode(substr($_ENV['Authorization'], 6)));
+    // Decode possibly encoded information (used by IIS/CGI/FastCGI)
+    if (empty($PHP_AUTH_PW) && substr($PHP_AUTH_USER, 0, 6) == 'Basic ') {
+        $usr_pass = base64_decode(substr($PMA_AUTH_USER, 6));
+        if (!empty($usr_pass) && !(strpos($usr_pass, ':') === FALSE)) {
+            list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', $usr_pass);
        }
-        else if (@getenv('Authorization')
-                 && substr(getenv('Authorization'), 0, 6) == 'Basic ') {
-            list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', base64_decode(substr(getenv('Authorization'), 6)));
-        }
-    } // end FastCGI
+        unset($usr_pass);
+    }

    // User logged out -> ensure the new username is not the same
    if (!empty($old_usr)