diff --git a/htdocs/sql/libraries/auth/cookie.auth.lib.php b/htdocs/sql/libraries/auth/cookie.auth.lib.php new file mode 100755 --- /dev/null +++ b/htdocs/sql/libraries/auth/cookie.auth.lib.php @@ -0,0 +1,603 @@ + and + * Dan Wilson who built this patch for the Debian package. + * + * @version $Id: cookie.auth.lib.php 11449 2008-08-01 19:00:36Z lem9 $ + */ + +if (! defined('PHPMYADMIN')) { + exit; +} + +if (function_exists('mcrypt_encrypt') || PMA_dl('mcrypt')) { + /** + * Uses faster mcrypt library if available + */ + require_once './libraries/mcrypt.lib.php'; +} else { + require_once './libraries/blowfish.php'; + /** + * display warning in main.php + */ + define('PMA_WARN_FOR_MCRYPT', 1); +} + + +/** + * Displays authentication form + * + * this function MUST exit/quit the application + * + * @uses $GLOBALS['server'] + * @uses $GLOBALS['PHP_AUTH_USER'] + * @uses $GLOBALS['pma_auth_server'] + * @uses $GLOBALS['text_dir'] + * @uses $GLOBALS['pmaThemeImage'] + * @uses $GLOBALS['charset'] + * @uses $GLOBALS['target'] + * @uses $GLOBALS['db'] + * @uses $GLOBALS['table'] + * @uses $GLOBALS['PMA_errors'] + * @uses $GLOBALS['convcharset'] + * @uses $GLOBALS['lang'] + * @uses $GLOBALS['strWelcome'] + * @uses $GLOBALS['strSecretRequired'] + * @uses $GLOBALS['strError'] + * @uses $GLOBALS['strLogin'] + * @uses $GLOBALS['strLogServer'] + * @uses $GLOBALS['strLogUsername'] + * @uses $GLOBALS['strLogPassword'] + * @uses $GLOBALS['strServerChoice'] + * @uses $GLOBALS['strGo'] + * @uses $GLOBALS['strCookiesRequired'] + * @uses $GLOBALS['strPmaDocumentation'] + * @uses $GLOBALS['pmaThemeImage'] + * @uses $cfg['Servers'] + * @uses $cfg['LoginCookieRecall'] + * @uses $cfg['Lang'] + * @uses $cfg['Server'] + * @uses $cfg['ReplaceHelpImg'] + * @uses $cfg['blowfish_secret'] + * @uses $cfg['AllowArbitraryServer'] + * @uses $_COOKIE + * @uses $_REQUEST['old_usr'] + * @uses PMA_sendHeaderLocation() + * @uses PMA_select_language() + * @uses PMA_select_server() + * @uses file_exists() + * @uses sprintf() + * @uses count() + * @uses htmlspecialchars() + * @uses is_array() + * @global string the last connection error + * + * @access public + */ +function PMA_auth() +{ + global $conn_error; + + /* Perform logout to custom URL */ + if (! empty($_REQUEST['old_usr']) + && ! empty($GLOBALS['cfg']['Server']['LogoutURL'])) { + PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']); + exit; + } + + if ($GLOBALS['cfg']['LoginCookieRecall']) { + $default_user = $GLOBALS['PHP_AUTH_USER']; + $default_server = $GLOBALS['pma_auth_server']; + $autocomplete = ''; + } else { + $default_user = ''; + $default_server = ''; + // skip the IE autocomplete feature. + $autocomplete = ' autocomplete="off"'; + } + + $cell_align = ($GLOBALS['text_dir'] == 'ltr') ? 'left' : 'right'; + + // Defines the charset to be used + header('Content-Type: text/html; charset=' . $GLOBALS['charset']); + // Defines the "item" image depending on text direction + $item_img = $GLOBALS['pmaThemeImage'] . 'item_' . $GLOBALS['text_dir'] . '.png'; + + /* HTML header; do not show here the PMA version to improve security */ + $page_title = 'phpMyAdmin '; + require './libraries/header_meta_style.inc.php'; + ?> + + + + + + + +

+ ' . $page_title . ''); + ?> +

' . $GLOBALS['strError'] . '

' . "\n"; + echo $conn_error . '

' . "\n"; + } + + // Displays the languages form + if (empty($GLOBALS['cfg']['Lang'])) { + require_once './libraries/display_select_lang.lib.php'; + // use fieldset, don't show doc link + PMA_select_language(true, false); + } + + // Displays the warning message and the login form + if (empty($GLOBALS['cfg']['blowfish_secret'])) { + ?> +

+ +

+ ' . "\n"; + if (file_exists('./config.footer.inc.php')) { + require './config.footer.inc.php'; + } + echo ''; + exit; + } + ?> +
+ + + ' . $GLOBALS['strCookiesRequired'] . '' . "\n"; + } + if (! empty($GLOBALS['PMA_errors']) && is_array($GLOBALS['PMA_errors'])) { + foreach ($GLOBALS['PMA_errors'] as $error) { + echo '

' . $error . '

' . "\n"; + } + } + // the warning is also displayed on main page but show it also here, + // because on some PHP versions running on 64-bit, the blowfish library + // does not work and this would prevent login + if (defined('PMA_WARN_FOR_MCRYPT')) { + echo '

' . PMA_sanitize(sprintf($GLOBALS['strCantLoad'], 'mcrypt')) . '

' . "\n"; + } + ?> + + + + + $val) { + PMA_removeCookie('pmaPass-' . $key); + PMA_removeCookie('pmaServer-' . $key); + PMA_removeCookie('pmaUser-' . $key); + } + return false; + } + + if (! empty($_REQUEST['old_usr'])) { + // The user wants to be logged out + // -> delete his choices that were stored in session + session_destroy(); + // -> delete password cookie(s) + if ($GLOBALS['cfg']['LoginCookieDeleteAll']) { + foreach($GLOBALS['cfg']['Servers'] as $key => $val) { + PMA_removeCookie('pmaPass-' . $key); + if (isset($_COOKIE['pmaPass-' . $key])) { + unset($_COOKIE['pmaPass-' . $key]); + } + } + } else { + PMA_removeCookie('pmaPass-' . $GLOBALS['server']); + if (isset($_COOKIE['pmaPass-' . $GLOBALS['server']])) { + unset($_COOKIE['pmaPass-' . $GLOBALS['server']]); + } + } + } + + if (! empty($_REQUEST['pma_username'])) { + // The user just logged in + $GLOBALS['PHP_AUTH_USER'] = $_REQUEST['pma_username']; + $GLOBALS['PHP_AUTH_PW'] = empty($_REQUEST['pma_password']) ? '' : $_REQUEST['pma_password']; + if ($GLOBALS['cfg']['AllowArbitraryServer'] && isset($_REQUEST['pma_servername'])) { + $GLOBALS['pma_auth_server'] = $_REQUEST['pma_servername']; + } + return true; + } + + // At the end, try to set the $GLOBALS['PHP_AUTH_USER'] + // and $GLOBALS['PHP_AUTH_PW'] variables from cookies + + // servername + if ($GLOBALS['cfg']['AllowArbitraryServer'] + && ! empty($_COOKIE['pmaServer-' . $GLOBALS['server']])) { + $GLOBALS['pma_auth_server'] = $_COOKIE['pmaServer-' . $GLOBALS['server']]; + } + + // username + if (empty($_COOKIE['pmaUser-' . $GLOBALS['server']])) { + return false; + } + + $GLOBALS['PHP_AUTH_USER'] = PMA_blowfish_decrypt( + $_COOKIE['pmaUser-' . $GLOBALS['server']], + $GLOBALS['cfg']['blowfish_secret']); + + // user was never logged in since session start + if (empty($_SESSION['last_access_time'])) { + return false; + } + + // User inactive too long + if ($_SESSION['last_access_time'] < time() - $GLOBALS['cfg']['LoginCookieValidity']) { + $GLOBALS['no_activity'] = true; + PMA_auth_fails(); + exit; + } + + // password + if (empty($_COOKIE['pmaPass-' . $GLOBALS['server']])) { + return false; + } + + $GLOBALS['PHP_AUTH_PW'] = PMA_blowfish_decrypt( + $_COOKIE['pmaPass-' . $GLOBALS['server']], + $GLOBALS['cfg']['blowfish_secret'] /* . $_SESSION['last_access_time'] */); + + if ($GLOBALS['PHP_AUTH_PW'] == "\xff(blank)") { + $GLOBALS['PHP_AUTH_PW'] = ''; + } + + $GLOBALS['from_cookie'] = true; + + return true; +} // end of the 'PMA_auth_check()' function + + +/** + * Set the user and password after last checkings if required + * + * @uses $GLOBALS['PHP_AUTH_USER'] + * @uses $GLOBALS['PHP_AUTH_PW'] + * @uses $GLOBALS['server'] + * @uses $GLOBALS['from_cookie'] + * @uses $GLOBALS['pma_auth_server'] + * @uses $cfg['Server'] + * @uses $cfg['AllowArbitraryServer'] + * @uses $cfg['blowfish_secret'] + * @uses $cfg['LoginCookieStore'] + * @uses $cfg['PmaAbsoluteUri'] + * @uses $_SESSION['last_access_time'] + * @uses PMA_COMING_FROM_COOKIE_LOGIN + * @uses PMA_setCookie() + * @uses PMA_blowfish_encrypt() + * @uses PMA_removeCookie() + * @uses PMA_sendHeaderLocation() + * @uses time() + * @uses define() + * @return boolean always true + * + * @access public + */ +function PMA_auth_set_user() +{ + global $cfg; + + // Ensures valid authentication mode, 'only_db', bookmark database and + // table names and relation table name are used + if ($cfg['Server']['user'] != $GLOBALS['PHP_AUTH_USER']) { + foreach ($cfg['Servers'] as $idx => $current) { + if ($current['host'] == $cfg['Server']['host'] + && $current['port'] == $cfg['Server']['port'] + && $current['socket'] == $cfg['Server']['socket'] + && $current['ssl'] == $cfg['Server']['ssl'] + && $current['connect_type'] == $cfg['Server']['connect_type'] + && $current['user'] == $GLOBALS['PHP_AUTH_USER']) { + $GLOBALS['server'] = $idx; + $cfg['Server'] = $current; + break; + } + } // end foreach + } // end if + + $pma_server_changed = false; + if ($GLOBALS['cfg']['AllowArbitraryServer'] + && ! empty($GLOBALS['pma_auth_server']) + && $cfg['Server']['host'] != $GLOBALS['pma_auth_server']) { + $cfg['Server']['host'] = $GLOBALS['pma_auth_server']; + $pma_server_changed = true; + } + $cfg['Server']['user'] = $GLOBALS['PHP_AUTH_USER']; + $cfg['Server']['password'] = $GLOBALS['PHP_AUTH_PW']; + + $_SESSION['last_access_time'] = time(); + + // Name and password cookies needs to be refreshed each time + // Duration = one month for username + PMA_setCookie('pmaUser-' . $GLOBALS['server'], + PMA_blowfish_encrypt($cfg['Server']['user'], + $GLOBALS['cfg']['blowfish_secret'])); + + // Duration = as configured + PMA_setCookie('pmaPass-' . $GLOBALS['server'], + PMA_blowfish_encrypt(!empty($cfg['Server']['password']) ? $cfg['Server']['password'] : "\xff(blank)", + $GLOBALS['cfg']['blowfish_secret'] /* . $_SESSION['last_access_time'] */), + null, + $GLOBALS['cfg']['LoginCookieStore']); + + // Set server cookies if required (once per session) and, in this case, force + // reload to ensure the client accepts cookies + if (! $GLOBALS['from_cookie']) { + if ($GLOBALS['cfg']['AllowArbitraryServer']) { + if (! empty($GLOBALS['pma_auth_server'])) { + // Duration = one month for serverrname + PMA_setCookie('pmaServer-' . $GLOBALS['server'], $cfg['Server']['host']); + } else { + // Delete servername cookie + PMA_removeCookie('pmaServer-' . $GLOBALS['server']); + } + } + + // URL where to go: + $redirect_url = $cfg['PmaAbsoluteUri'] . 'index.php'; + + // any parameters to pass? + $url_params = array(); + if (strlen($GLOBALS['db'])) { + $url_params['db'] = $GLOBALS['db']; + } + if (strlen($GLOBALS['table'])) { + $url_params['table'] = $GLOBALS['table']; + } + // Language change from the login panel needs to be remembered + if (! empty($GLOBALS['lang'])) { + $url_params['lang'] = $GLOBALS['lang']; + } + // any target to pass? + if (! empty($GLOBALS['target']) && $GLOBALS['target'] != 'index.php') { + $url_params['target'] = $GLOBALS['target']; + } + + /** + * whether we come from a fresh cookie login + */ + define('PMA_COMING_FROM_COOKIE_LOGIN', true); + PMA_sendHeaderLocation($redirect_url . PMA_generate_common_url($url_params, '&')); + exit(); + } // end if + + return true; +} // end of the 'PMA_auth_set_user()' function + + +/** + * User is not allowed to login to MySQL -> authentication failed + * + * prepares error message and switches to PMA_auth() which display the error + * and the login form + * + * this function MUST exit/quit the application, + * currently doen by call to PMA_auth() + * + * @todo $php_errormsg is invalid here!? it will never be set in this scope + * @uses $GLOBALS['server'] + * @uses $GLOBALS['allowDeny_forbidden'] + * @uses $GLOBALS['strAccessDenied'] + * @uses $GLOBALS['strNoActivity'] + * @uses $GLOBALS['strCannotLogin'] + * @uses $GLOBALS['no_activity'] + * @uses $cfg['LoginCookieValidity'] + * @uses PMA_removeCookie() + * @uses PMA_getenv() + * @uses PMA_DBI_getError() + * @uses PMA_sanitize() + * @uses PMA_auth() + * @uses sprintf() + * @uses basename() + * @access public + */ +function PMA_auth_fails() +{ + global $conn_error; + + // Deletes password cookie and displays the login form + PMA_removeCookie('pmaPass-' . $GLOBALS['server']); + + if (! empty($GLOBALS['allowDeny_forbidden'])) { + $conn_error = $GLOBALS['strAccessDenied']; + } elseif (! empty($GLOBALS['no_activity'])) { + $conn_error = sprintf($GLOBALS['strNoActivity'], $GLOBALS['cfg']['LoginCookieValidity']); + // Remember where we got timeout to return on same place + if (PMA_getenv('SCRIPT_NAME')) { + $GLOBALS['target'] = basename(PMA_getenv('SCRIPT_NAME')); + // avoid "missing parameter: field" on re-entry + if ('tbl_alter.php' == $GLOBALS['target']) { + $GLOBALS['target'] = 'tbl_structure.php'; + } + } + } elseif (PMA_DBI_getError()) { + $conn_error = PMA_sanitize(PMA_DBI_getError()); + } elseif (isset($php_errormsg)) { + $conn_error = $php_errormsg; + } else { + $conn_error = $GLOBALS['strCannotLogin']; + } + + PMA_auth(); +} // end of the 'PMA_auth_fails()' function + +?>