and * Dan Wilson who built this patch for the Debian package. * * @version $Id$ */ if (! defined('PMA_COMING_FROM_COMMON')) { exit; } if (function_exists('mcrypt_encrypt') || PMA_dl('mcrypt')) { /** * Uses faster mcrypt library if available * (as this is not called from anywhere else, put the code in-line * for faster execution) */ /** * Initialization * Store the initialization vector because it will be needed for * further decryption. I don't think necessary to have one iv * per server so I don't put the server number in the cookie name. */ if (!isset($_COOKIE['pma_mcrypt_iv'])) { srand((double) microtime() * 1000000); $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_CBC), MCRYPT_RAND); PMA_setCookie('pma_mcrypt_iv', base64_encode($iv)); } else { $iv = base64_decode($_COOKIE['pma_mcrypt_iv']); } /** * String padding * * @param string input string * @param integer length of the result * @param string the filling string * @param integer padding mode * * @return string the padded string * * @access public */ function full_str_pad($input, $pad_length, $pad_string = '', $pad_type = 0) { $str = ''; $length = $pad_length - strlen($input); if ($length > 0) { // str_repeat doesn't like negatives if ($pad_type == STR_PAD_RIGHT) { // STR_PAD_RIGHT == 1 $str = $input.str_repeat($pad_string, $length); } elseif ($pad_type == STR_PAD_BOTH) { // STR_PAD_BOTH == 2 $str = str_repeat($pad_string, floor($length/2)); $str .= $input; $str .= str_repeat($pad_string, ceil($length/2)); } else { // defaults to STR_PAD_LEFT == 0 $str = str_repeat($pad_string, $length).$input; } } else { // if $length is negative or zero we don't need to do anything $str = $input; } return $str; } /** * Encryption using blowfish algorithm (mcrypt) * * @param string original data * @param string the secret * * @return string the encrypted result * * @access public * * @author lem9 */ function PMA_blowfish_encrypt($data, $secret) { global $iv; // Seems we don't need the padding. Anyway if we need it, // we would have to replace 8 by the next 8-byte boundary. //$data = full_str_pad($data, 8, "\0", STR_PAD_RIGHT); return base64_encode(mcrypt_encrypt(MCRYPT_BLOWFISH, $secret, $data, MCRYPT_MODE_CBC, $iv)); } /** * Decryption using blowfish algorithm (mcrypt) * * @param string encrypted data * @param string the secret * * @return string original data * * @access public * * @author lem9 */ function PMA_blowfish_decrypt($encdata, $secret) { global $iv; return trim(mcrypt_decrypt(MCRYPT_BLOWFISH, $secret, base64_decode($encdata), MCRYPT_MODE_CBC, $iv)); } } else { require_once './libraries/blowfish.php'; /** * display warning in main.php */ define('PMA_WARN_FOR_MCRYPT', 1); } /** * Displays authentication form * * this function MUST exit/quit the application * * @uses $GLOBALS['server'] * @uses $GLOBALS['PHP_AUTH_USER'] * @uses $GLOBALS['pma_auth_server'] * @uses $GLOBALS['text_dir'] * @uses $GLOBALS['pmaThemeImage'] * @uses $GLOBALS['charset'] * @uses $GLOBALS['target'] * @uses $GLOBALS['db'] * @uses $GLOBALS['table'] * @uses $GLOBALS['PMA_errors'] * @uses $GLOBALS['convcharset'] * @uses $GLOBALS['lang'] * @uses $GLOBALS['strWelcome'] * @uses $GLOBALS['strSecretRequired'] * @uses $GLOBALS['strError'] * @uses $GLOBALS['strLogin'] * @uses $GLOBALS['strLogServer'] * @uses $GLOBALS['strLogUsername'] * @uses $GLOBALS['strLogPassword'] * @uses $GLOBALS['strServerChoice'] * @uses $GLOBALS['strGo'] * @uses $GLOBALS['strCookiesRequired'] * @uses $GLOBALS['strPmaDocumentation'] * @uses $GLOBALS['pmaThemeImage'] * @uses $cfg['Servers'] * @uses $cfg['LoginCookieRecall'] * @uses $cfg['Lang'] * @uses $cfg['Server'] * @uses $cfg['ReplaceHelpImg'] * @uses $cfg['blowfish_secret'] * @uses $cfg['AllowArbitraryServer'] * @uses $_COOKIE * @uses $_REQUEST['old_usr'] * @uses PMA_sendHeaderLocation() * @uses PMA_select_language() * @uses PMA_select_server() * @uses PMA_VERSION * @uses file_exists() * @uses sprintf() * @uses count() * @uses htmlspecialchars() * @uses is_array() * @global string the last connection error * * @access public */ function PMA_auth() { global $conn_error; /* Perform logout to custom URL */ if (! empty($_REQUEST['old_usr']) && ! empty($GLOBALS['cfg']['Server']['LogoutURL'])) { PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']); exit; } if ($GLOBALS['cfg']['LoginCookieRecall']) { $default_user = $GLOBALS['PHP_AUTH_USER']; $default_server = $GLOBALS['pma_auth_server']; $autocomplete = ''; } else { $default_user = ''; $default_server = ''; // skip the IE autocomplete feature. $autocomplete = ' autocomplete="off"'; } $cell_align = ($GLOBALS['text_dir'] == 'ltr') ? 'left' : 'right'; // Defines the charset to be used header('Content-Type: text/html; charset=' . $GLOBALS['charset']); // Defines the "item" image depending on text direction $item_img = $GLOBALS['pmaThemeImage'] . 'item_' . $GLOBALS['text_dir'] . '.png'; /* HTML header */ $page_title = 'phpMyAdmin ' . PMA_VERSION; require './libraries/header_meta_style.inc.php'; ?>

' . $page_title . ''); ?>

' . $GLOBALS['strError'] . '

' . "\n"; echo $conn_error . '
' . "\n"; } // Displays the languages form if (empty($GLOBALS['cfg']['Lang'])) { require_once './libraries/display_select_lang.lib.php'; PMA_select_language(true); } // Displays the warning message and the login form if (empty($GLOBALS['cfg']['blowfish_secret'])) { ?>

' . "\n"; if (file_exists('./config.footer.inc.php')) { require './config.footer.inc.php'; } echo ''; exit; } ?>
target="_top" class="login">
'; if ($GLOBALS['cfg']['ReplaceHelpImg']) { echo '' . $GLOBALS['strPmaDocumentation'] . ''; } else { echo '(*)'; } echo ''; ?>
1) { ?>
'; } else { echo ' '; } // end if (server choice) ?>
' . "\n"; } if (!empty($GLOBALS['db'])) { echo ' ' . "\n"; } if (!empty($GLOBALS['table'])) { echo ' ' . "\n"; } ?>
' . $GLOBALS['strCookiesRequired'] . '' . "\n"; } if (! empty($GLOBALS['PMA_errors']) && is_array($GLOBALS['PMA_errors'])) { foreach ($GLOBALS['PMA_errors'] as $error) { echo '
' . $error . '
' . "\n"; } } ?> $val) { PMA_removeCookie('pmaPass-' . $key); PMA_removeCookie('pmaServer-' . $key); PMA_removeCookie('pmaUser-' . $key); } return false; } if (! empty($_REQUEST['old_usr'])) { // The user wants to be logged out // -> delete his choices that were stored in session session_destroy(); // -> delete password cookie(s) if ($GLOBALS['cfg']['LoginCookieDeleteAll']) { foreach($GLOBALS['cfg']['Servers'] as $key => $val) { PMA_removeCookie('pmaPass-' . $key); if (isset($_COOKIE['pmaPass-' . $key])) { unset($_COOKIE['pmaPass-' . $key]); } } } else { PMA_removeCookie('pmaPass-' . $GLOBALS['server']); if (isset($_COOKIE['pmaPass-' . $GLOBALS['server']])) { unset($_COOKIE['pmaPass-' . $GLOBALS['server']]); } } } if (! empty($_REQUEST['pma_username'])) { // The user just logged in $GLOBALS['PHP_AUTH_USER'] = $_REQUEST['pma_username']; $GLOBALS['PHP_AUTH_PW'] = empty($_REQUEST['pma_password']) ? '' : $_REQUEST['pma_password']; if ($GLOBALS['cfg']['AllowArbitraryServer']) { $GLOBALS['pma_auth_server'] = $_REQUEST['pma_servername']; } return true; } // At the end, try to set the $GLOBALS['PHP_AUTH_USER'] // and $GLOBALS['PHP_AUTH_PW'] variables from cookies // servername if ($GLOBALS['cfg']['AllowArbitraryServer'] && ! empty($_COOKIE['pmaServer-' . $GLOBALS['server']])) { $GLOBALS['pma_auth_server'] = $_COOKIE['pmaServer-' . $GLOBALS['server']]; } // username if (empty($_COOKIE['pmaUser-' . $GLOBALS['server']])) { return false; } $GLOBALS['PHP_AUTH_USER'] = PMA_blowfish_decrypt( $_COOKIE['pmaUser-' . $GLOBALS['server']], $GLOBALS['cfg']['blowfish_secret']); // user was never logged in since session start if (empty($_SESSION['last_access_time'])) { return false; } // User inactive too long if ($_SESSION['last_access_time'] < time() - $GLOBALS['cfg']['LoginCookieValidity']) { $GLOBALS['no_activity'] = true; PMA_auth_fails(); exit; } // password if (empty($_COOKIE['pmaPass-' . $GLOBALS['server']])) { return false; } $GLOBALS['PHP_AUTH_PW'] = PMA_blowfish_decrypt( $_COOKIE['pmaPass-' . $GLOBALS['server']], $GLOBALS['cfg']['blowfish_secret'] /* . $_SESSION['last_access_time'] */); if ($GLOBALS['PHP_AUTH_PW'] == "\xff(blank)") { $GLOBALS['PHP_AUTH_PW'] = ''; } $GLOBALS['from_cookie'] = true; return true; } // end of the 'PMA_auth_check()' function /** * Set the user and password after last checkings if required * * @uses $GLOBALS['PHP_AUTH_USER'] * @uses $GLOBALS['PHP_AUTH_PW'] * @uses $GLOBALS['server'] * @uses $GLOBALS['from_cookie'] * @uses $GLOBALS['pma_auth_server'] * @uses $cfg['Server'] * @uses $cfg['AllowArbitraryServer'] * @uses $cfg['blowfish_secret'] * @uses $cfg['LoginCookieStore'] * @uses $cfg['PmaAbsoluteUri'] * @uses $_SESSION['last_access_time'] * @uses PMA_COMING_FROM_COOKIE_LOGIN * @uses PMA_setCookie() * @uses PMA_blowfish_encrypt() * @uses PMA_removeCookie() * @uses PMA_sendHeaderLocation() * @uses time() * @uses define() * @return boolean always true * * @access public */ function PMA_auth_set_user() { global $cfg; // Ensures valid authentication mode, 'only_db', bookmark database and // table names and relation table name are used if ($cfg['Server']['user'] != $GLOBALS['PHP_AUTH_USER']) { foreach ($cfg['Servers'] as $idx => $current) { if ($current['host'] == $cfg['Server']['host'] && $current['port'] == $cfg['Server']['port'] && $current['socket'] == $cfg['Server']['socket'] && $current['ssl'] == $cfg['Server']['ssl'] && $current['connect_type'] == $cfg['Server']['connect_type'] && $current['user'] == $GLOBALS['PHP_AUTH_USER']) { $GLOBALS['server'] = $idx; $cfg['Server'] = $current; break; } } // end foreach } // end if $pma_server_changed = false; if ($GLOBALS['cfg']['AllowArbitraryServer'] && ! empty($GLOBALS['pma_auth_server']) && $cfg['Server']['host'] != $GLOBALS['pma_auth_server']) { $cfg['Server']['host'] = $GLOBALS['pma_auth_server']; $pma_server_changed = true; } $cfg['Server']['user'] = $GLOBALS['PHP_AUTH_USER']; $cfg['Server']['password'] = $GLOBALS['PHP_AUTH_PW']; $_SESSION['last_access_time'] = time(); // Name and password cookies needs to be refreshed each time // Duration = one month for username PMA_setCookie('pmaUser-' . $GLOBALS['server'], PMA_blowfish_encrypt($cfg['Server']['user'], $GLOBALS['cfg']['blowfish_secret'])); // Duration = as configured PMA_setCookie('pmaPass-' . $GLOBALS['server'], PMA_blowfish_encrypt(!empty($cfg['Server']['password']) ? $cfg['Server']['password'] : "\xff(blank)", $GLOBALS['cfg']['blowfish_secret'] /* . $_SESSION['last_access_time'] */), null, $GLOBALS['cfg']['LoginCookieStore']); // Set server cookies if required (once per session) and, in this case, force // reload to ensure the client accepts cookies if (! $GLOBALS['from_cookie']) { if ($GLOBALS['cfg']['AllowArbitraryServer']) { if (! empty($GLOBALS['pma_auth_server'])) { // Duration = one month for serverrname PMA_setCookie('pmaServer-' . $GLOBALS['server'], $cfg['Server']['host']); } else { // Delete servername cookie PMA_removeCookie('pmaServer-' . $GLOBALS['server']); } } // URL where to go: $redirect_url = $cfg['PmaAbsoluteUri'] . 'index.php'; // any parameters to pass? $url_params = array(); if (strlen($GLOBALS['db'])) { $url_params['db'] = $GLOBALS['db']; } if (strlen($GLOBALS['table'])) { $url_params['table'] = $GLOBALS['table']; } // Language change from the login panel needs to be remembered if (! empty($GLOBALS['lang'])) { $url_params['lang'] = $GLOBALS['lang']; } // any target to pass? if (! empty($GLOBALS['target']) && $GLOBALS['target'] != 'index.php') { $url_params['target'] = $GLOBALS['target']; } /** * whether we come from a fresh cookie login */ define('PMA_COMING_FROM_COOKIE_LOGIN', true); PMA_sendHeaderLocation($redirect_url . PMA_generate_common_url($url_params, '&')); exit(); } // end if return true; } // end of the 'PMA_auth_set_user()' function /** * User is not allowed to login to MySQL -> authentication failed * * prepares error message and switches to PMA_auth() which display the error * and the login form * * this function MUST exit/quit the application, * currently doen by call to PMA_auth() * * @todo $php_errormsg is invalid here!? it will never be set in this scope * @uses $GLOBALS['server'] * @uses $GLOBALS['allowDeny_forbidden'] * @uses $GLOBALS['strAccessDenied'] * @uses $GLOBALS['strNoActivity'] * @uses $GLOBALS['strCannotLogin'] * @uses $GLOBALS['no_activity'] * @uses $cfg['LoginCookieValidity'] * @uses PMA_removeCookie() * @uses PMA_getenv() * @uses PMA_DBI_getError() * @uses PMA_sanitize() * @uses PMA_auth() * @uses sprintf() * @uses basename() * @access public */ function PMA_auth_fails() { global $conn_error; // Deletes password cookie and displays the login form PMA_removeCookie('pmaPass-' . $GLOBALS['server']); if (! empty($GLOBALS['allowDeny_forbidden'])) { $conn_error = $GLOBALS['strAccessDenied']; } elseif (! empty($GLOBALS['no_activity'])) { $conn_error = sprintf($GLOBALS['strNoActivity'], $GLOBALS['cfg']['LoginCookieValidity']); // Remember where we got timeout to return on same place if (PMA_getenv('SCRIPT_NAME')) { $GLOBALS['target'] = basename(PMA_getenv('SCRIPT_NAME')); } } elseif (PMA_DBI_getError()) { $conn_error = PMA_sanitize(PMA_DBI_getError()); } elseif (isset($php_errormsg)) { $conn_error = $php_errormsg; } else { $conn_error = $GLOBALS['strCannotLogin']; } PMA_auth(); } // end of the 'PMA_auth_fails()' function ?>