and | // | Dan Wilson who built this patch for the Debian package. | // +--------------------------------------------------------------------------+ if (!isset($coming_from_common)) { exit; } // timestamp for login timeout $current_time = time(); // Uses faster mcrypt library if available if (function_exists('mcrypt_encrypt') || PMA_dl('mcrypt')) { require_once './libraries/mcrypt.lib.php'; } else { require_once './libraries/blowfish.php'; // for main.php: define('PMA_WARN_FOR_MCRYPT',1); } /** * Displays authentication form * * @global string the font face to use * @global string the default font size to use * @global string the big font size to use * @global array the list of servers settings * @global array the list of available translations * @global string the current language * @global integer the current server id * @global string the currect charset for MySQL * @global array the array of cookie variables if register_globals is * off * * @return boolean always true (no return indeed) * * @access public */ function PMA_auth() { global $cfg, $lang, $server, $convcharset, $conn_error; /* Perform logout to custom URL */ if (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) { PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']); exit; } // Tries to get the username from cookie whatever are the values of the // 'register_globals' and the 'variables_order' directives if last login // should be recalled, else skip the IE autocomplete feature. if ($cfg['LoginCookieRecall'] && !empty($GLOBALS['cfg']['blowfish_secret'])) { // username // do not try to use pma_cookie_username as it was encoded differently // in previous versions and would produce an undefined offset in blowfish if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_username-' . $server])) { $default_user = $_COOKIE['pma_cookie_username-' . $server]; } $decrypted_user = isset($default_user) ? PMA_blowfish_decrypt($default_user, $GLOBALS['cfg']['blowfish_secret']) : ''; if (!empty($decrypted_user)) { $pos = strrpos($decrypted_user, ':'); $default_user = substr($decrypted_user, 0, $pos); } else { $default_user = ''; } // server name if (!empty($GLOBALS['pma_cookie_servername'])) { $default_server = $GLOBALS['pma_cookie_servername']; } elseif (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_servername-' . $server])) { $default_server = $_COOKIE['pma_cookie_servername-' . $server]; } $autocomplete = ''; } else { $default_user = ''; $autocomplete = ' autocomplete="off"'; } $cell_align = ($GLOBALS['text_dir'] == 'ltr') ? 'left' : 'right'; // Defines the charset to be used header('Content-Type: text/html; charset=' . $GLOBALS['charset']); // Defines the "item" image depending on text direction $item_img = $GLOBALS['pmaThemeImage'] . 'item_ltr.png'; /* HTML header */ $page_title = 'phpMyAdmin ' . PMA_VERSION; require './libraries/header_meta_style.inc.php'; ?>

phpMyAdmin ' . PMA_VERSION . ''); ?>

' . $GLOBALS['strError'] . '

' . "\n"; echo $conn_error . '
' . "\n"; } // Displays the languages form if (empty($cfg['Lang'])) { echo "\n"; require_once './libraries/display_select_lang.lib.php'; PMA_select_language(true); } echo "\n\n"; // Displays the warning message and the login form if (empty($GLOBALS['cfg']['blowfish_secret'])) { ?>

' . "\n"; if (file_exists('./config.footer.inc.php')) { require('./config.footer.inc.php'); } echo ' ' . "\n" . ''; exit(); } ?>
target="_top" class="login">
1) { echo "\n"; ?>
'; } // end if (server choice) ?>
' . "\n"; } if (!empty($GLOBALS['db'])) { echo ' ' . "\n"; } if (!empty($GLOBALS['table'])) { echo ' ' . "\n"; } ?>
' . $GLOBALS['strCookiesRequired'] . '' . "\n"; } if ( ! empty( $GLOBALS['PMA_errors'] ) && is_array( $GLOBALS['PMA_errors'] ) ) { foreach ( $GLOBALS['PMA_errors'] as $error ) { echo '
' . $error . '
' . "\n"; } } ?> delete password cookie(s) if (!empty($old_usr)) { if ($GLOBALS['cfg']['LoginCookieDeleteAll']) { foreach($GLOBALS['cfg']['Servers'] as $key => $val) { PMA_removeCookie('pma_cookie_password-' . $key); } } else { PMA_removeCookie('pma_cookie_password-' . $server); } } // The user just logged in elseif (!empty($pma_username)) { $PHP_AUTH_USER = $pma_username; $PHP_AUTH_PW = (empty($pma_password)) ? '' : $pma_password; if ($GLOBALS['cfg']['AllowArbitraryServer']) { $pma_auth_server = $pma_servername; } $from_form = true; } // At the end, try to set the $PHP_AUTH_USER & $PHP_AUTH_PW variables // from cookies whatever are the values of the 'register_globals' and // the 'variables_order' directives else { if ($GLOBALS['cfg']['AllowArbitraryServer']) { // servername if (!empty($pma_cookie_servername)) { $pma_auth_server = $pma_cookie_servername; $from_cookie = true; } elseif (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_servername-' . $server])) { $pma_auth_server = $_COOKIE['pma_cookie_servername-' . $server]; $from_cookie = true; } } // username if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_username-' . $server])) { $PHP_AUTH_USER = $_COOKIE['pma_cookie_username-' . $server]; $from_cookie = true; } $decrypted_user = PMA_blowfish_decrypt($PHP_AUTH_USER, $GLOBALS['cfg']['blowfish_secret']); if (!empty($decrypted_user)) { $pos = strrpos($decrypted_user, ':'); $PHP_AUTH_USER = substr($decrypted_user, 0, $pos); $decrypted_time = (int)substr($decrypted_user, $pos + 1); } else { $decrypted_time = 0; } // User inactive too long if ($decrypted_time > 0 && $decrypted_time < $GLOBALS['current_time'] - $GLOBALS['cfg']['LoginCookieValidity']) { // Display an error message only if the inactivity has lasted // less than 4 times the timeout value. This is to avoid // alerting users with a error after "much" time has passed, // for example next morning. if ($decrypted_time > $GLOBALS['current_time'] - ($GLOBALS['cfg']['LoginCookieValidity'] * 4)) { $GLOBALS['no_activity'] = true; PMA_auth_fails(); } return false; } // password if (!empty($pma_cookie_password)) { $PHP_AUTH_PW = $pma_cookie_password; } elseif (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_password-' . $server])) { $PHP_AUTH_PW = $_COOKIE['pma_cookie_password-' . $server]; } else { $from_cookie = false; } $PHP_AUTH_PW = PMA_blowfish_decrypt($PHP_AUTH_PW, $GLOBALS['cfg']['blowfish_secret'] . $decrypted_time); if ($PHP_AUTH_PW == "\xff(blank)") { $PHP_AUTH_PW = ''; } } // Returns whether we get authentication settings or not if (!$from_cookie && !$from_form) { return false; } elseif ($from_cookie) { return true; } else { // we don't need to strip here, it is done in grab_globals return true; } } // end of the 'PMA_auth_check()' function /** * Set the user and password after last checkings if required * * @global array the valid servers settings * @global integer the id of the current server * @global array the current server settings * @global string the current username * @global string the current password * @global boolean whether the login/password pair has been grabbed from * a cookie or not * * @return boolean always true * * @access public */ function PMA_auth_set_user() { global $cfg, $server; global $PHP_AUTH_USER, $PHP_AUTH_PW, $pma_auth_server; global $from_cookie; // Ensures valid authentication mode, 'only_db', bookmark database and // table names and relation table name are used if ($cfg['Server']['user'] != $PHP_AUTH_USER) { foreach ($cfg['Servers'] as $idx => $current) { if ($current['host'] == $cfg['Server']['host'] && $current['port'] == $cfg['Server']['port'] && $current['socket'] == $cfg['Server']['socket'] && $current['ssl'] == $cfg['Server']['ssl'] && $current['connect_type'] == $cfg['Server']['connect_type'] && $current['user'] == $PHP_AUTH_USER) { $server = $idx; $cfg['Server'] = $current; break; } } // end foreach } // end if $pma_server_changed = false; if ($GLOBALS['cfg']['AllowArbitraryServer'] && isset($pma_auth_server) && !empty($pma_auth_server) && ($cfg['Server']['host'] != $pma_auth_server) ) { $cfg['Server']['host'] = $pma_auth_server; $pma_server_changed = true; } $cfg['Server']['user'] = $PHP_AUTH_USER; $cfg['Server']['password'] = $PHP_AUTH_PW; // Name and password cookies needs to be refreshed each time // Duration = one month for username PMA_setCookie('pma_cookie_username-' . $server, PMA_blowfish_encrypt($cfg['Server']['user'] . ':' . $GLOBALS['current_time'], $GLOBALS['cfg']['blowfish_secret'])); // Duration = as configured PMA_setCookie('pma_cookie_password-' . $server, PMA_blowfish_encrypt(!empty($cfg['Server']['password']) ? $cfg['Server']['password'] : "\xff(blank)", $GLOBALS['cfg']['blowfish_secret'] . $GLOBALS['current_time']), null, $GLOBALS['cfg']['LoginCookieStore']); // Set server cookies if required (once per session) and, in this case, force // reload to ensure the client accepts cookies if (!$from_cookie) { if ($GLOBALS['cfg']['AllowArbitraryServer']) { if (isset($pma_auth_server) && !empty($pma_auth_server) && $pma_server_changed) { // Duration = one month for serverrname PMA_setCookie('pma_cookie_servername-' . $server, $cfg['Server']['host']); } else { // Delete servername cookie PMA_removeCookie('pma_cookie_servername-' . $server); } } // URL where to go: $redirect_url = $cfg['PmaAbsoluteUri'] . 'index.php'; // any parameters to pass? $url_params = array(); if ( isset($GLOBALS['db']) && strlen($GLOBALS['db']) ) { $url_params['db'] = $GLOBALS['db']; } if ( isset($GLOBALS['table']) && strlen($GLOBALS['table']) ) { $url_params['table'] = $GLOBALS['table']; } // Language change from the login panel needs to be remembered if ( ! empty($GLOBALS['lang']) ) { $url_params['lang'] = $GLOBALS['lang']; } // any target to pass? if ( ! empty($GLOBALS['target']) && $GLOBALS['target'] != 'index.php' ) { $url_params['target'] = $GLOBALS['target']; } define('PMA_COMING_FROM_COOKIE_LOGIN',1); PMA_sendHeaderLocation( $redirect_url . PMA_generate_common_url( $url_params, '&' ) ); exit(); } // end if return true; } // end of the 'PMA_auth_set_user()' function /** * User is not allowed to login to MySQL -> authentication failed * * @return boolean always true (no return indeed) * * @access public */ function PMA_auth_fails() { global $conn_error, $server; // Deletes password cookie and displays the login form PMA_removeCookie('pma_cookie_password-' . $server); if (isset($GLOBALS['allowDeny_forbidden']) && $GLOBALS['allowDeny_forbidden']) { $conn_error = $GLOBALS['strAccessDenied']; } elseif (isset($GLOBALS['no_activity']) && $GLOBALS['no_activity']) { $conn_error = sprintf($GLOBALS['strNoActivity'], $GLOBALS['cfg']['LoginCookieValidity']); // Remember where we got timeout to return on same place if (PMA_getenv('SCRIPT_NAME')) { $GLOBALS['target'] = basename(PMA_getenv('SCRIPT_NAME')); } } elseif (PMA_DBI_getError()) { $conn_error = PMA_sanitize(PMA_DBI_getError()); } elseif (isset($php_errormsg)) { $conn_error = $php_errormsg; } else { $conn_error = $GLOBALS['strCannotLogin']; } PMA_auth(); return true; } // end of the 'PMA_auth_fails()' function ?>