diff --git a/htdocs/sql/libraries/auth/cookie.auth.lib.php b/htdocs/sql/libraries/auth/cookie.auth.lib.php deleted file mode 100755 --- a/htdocs/sql/libraries/auth/cookie.auth.lib.php +++ /dev/null @@ -1,603 +0,0 @@ - and - * Dan Wilson who built this patch for the Debian package. - * - * @version $Id: cookie.auth.lib.php 11449 2008-08-01 19:00:36Z lem9 $ - */ - -if (! defined('PHPMYADMIN')) { - exit; -} - -if (function_exists('mcrypt_encrypt') || PMA_dl('mcrypt')) { - /** - * Uses faster mcrypt library if available - */ - require_once './libraries/mcrypt.lib.php'; -} else { - require_once './libraries/blowfish.php'; - /** - * display warning in main.php - */ - define('PMA_WARN_FOR_MCRYPT', 1); -} - - -/** - * Displays authentication form - * - * this function MUST exit/quit the application - * - * @uses $GLOBALS['server'] - * @uses $GLOBALS['PHP_AUTH_USER'] - * @uses $GLOBALS['pma_auth_server'] - * @uses $GLOBALS['text_dir'] - * @uses $GLOBALS['pmaThemeImage'] - * @uses $GLOBALS['charset'] - * @uses $GLOBALS['target'] - * @uses $GLOBALS['db'] - * @uses $GLOBALS['table'] - * @uses $GLOBALS['PMA_errors'] - * @uses $GLOBALS['convcharset'] - * @uses $GLOBALS['lang'] - * @uses $GLOBALS['strWelcome'] - * @uses $GLOBALS['strSecretRequired'] - * @uses $GLOBALS['strError'] - * @uses $GLOBALS['strLogin'] - * @uses $GLOBALS['strLogServer'] - * @uses $GLOBALS['strLogUsername'] - * @uses $GLOBALS['strLogPassword'] - * @uses $GLOBALS['strServerChoice'] - * @uses $GLOBALS['strGo'] - * @uses $GLOBALS['strCookiesRequired'] - * @uses $GLOBALS['strPmaDocumentation'] - * @uses $GLOBALS['pmaThemeImage'] - * @uses $cfg['Servers'] - * @uses $cfg['LoginCookieRecall'] - * @uses $cfg['Lang'] - * @uses $cfg['Server'] - * @uses $cfg['ReplaceHelpImg'] - * @uses $cfg['blowfish_secret'] - * @uses $cfg['AllowArbitraryServer'] - * @uses $_COOKIE - * @uses $_REQUEST['old_usr'] - * @uses PMA_sendHeaderLocation() - * @uses PMA_select_language() - * @uses PMA_select_server() - * @uses file_exists() - * @uses sprintf() - * @uses count() - * @uses htmlspecialchars() - * @uses is_array() - * @global string the last connection error - * - * @access public - */ -function PMA_auth() -{ - global $conn_error; - - /* Perform logout to custom URL */ - if (! empty($_REQUEST['old_usr']) - && ! empty($GLOBALS['cfg']['Server']['LogoutURL'])) { - PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']); - exit; - } - - if ($GLOBALS['cfg']['LoginCookieRecall']) { - $default_user = $GLOBALS['PHP_AUTH_USER']; - $default_server = $GLOBALS['pma_auth_server']; - $autocomplete = ''; - } else { - $default_user = ''; - $default_server = ''; - // skip the IE autocomplete feature. - $autocomplete = ' autocomplete="off"'; - } - - $cell_align = ($GLOBALS['text_dir'] == 'ltr') ? 'left' : 'right'; - - // Defines the charset to be used - header('Content-Type: text/html; charset=' . $GLOBALS['charset']); - // Defines the "item" image depending on text direction - $item_img = $GLOBALS['pmaThemeImage'] . 'item_' . $GLOBALS['text_dir'] . '.png'; - - /* HTML header; do not show here the PMA version to improve security */ - $page_title = 'phpMyAdmin '; - require './libraries/header_meta_style.inc.php'; - ?> - - - - - - - -

- ' . $page_title . ''); - ?> -

' . $GLOBALS['strError'] . '

' . "\n"; - echo $conn_error . '

' . "\n"; - } - - // Displays the languages form - if (empty($GLOBALS['cfg']['Lang'])) { - require_once './libraries/display_select_lang.lib.php'; - // use fieldset, don't show doc link - PMA_select_language(true, false); - } - - // Displays the warning message and the login form - if (empty($GLOBALS['cfg']['blowfish_secret'])) { - ?> -

- -

- ' . "\n"; - if (file_exists('./config.footer.inc.php')) { - require './config.footer.inc.php'; - } - echo ''; - exit; - } - ?> -
- - - ' . $GLOBALS['strCookiesRequired'] . '' . "\n"; - } - if (! empty($GLOBALS['PMA_errors']) && is_array($GLOBALS['PMA_errors'])) { - foreach ($GLOBALS['PMA_errors'] as $error) { - echo '

' . $error . '

' . "\n"; - } - } - // the warning is also displayed on main page but show it also here, - // because on some PHP versions running on 64-bit, the blowfish library - // does not work and this would prevent login - if (defined('PMA_WARN_FOR_MCRYPT')) { - echo '

' . PMA_sanitize(sprintf($GLOBALS['strCantLoad'], 'mcrypt')) . '

' . "\n"; - } - ?> - - - - - $val) { - PMA_removeCookie('pmaPass-' . $key); - PMA_removeCookie('pmaServer-' . $key); - PMA_removeCookie('pmaUser-' . $key); - } - return false; - } - - if (! empty($_REQUEST['old_usr'])) { - // The user wants to be logged out - // -> delete his choices that were stored in session - session_destroy(); - // -> delete password cookie(s) - if ($GLOBALS['cfg']['LoginCookieDeleteAll']) { - foreach($GLOBALS['cfg']['Servers'] as $key => $val) { - PMA_removeCookie('pmaPass-' . $key); - if (isset($_COOKIE['pmaPass-' . $key])) { - unset($_COOKIE['pmaPass-' . $key]); - } - } - } else { - PMA_removeCookie('pmaPass-' . $GLOBALS['server']); - if (isset($_COOKIE['pmaPass-' . $GLOBALS['server']])) { - unset($_COOKIE['pmaPass-' . $GLOBALS['server']]); - } - } - } - - if (! empty($_REQUEST['pma_username'])) { - // The user just logged in - $GLOBALS['PHP_AUTH_USER'] = $_REQUEST['pma_username']; - $GLOBALS['PHP_AUTH_PW'] = empty($_REQUEST['pma_password']) ? '' : $_REQUEST['pma_password']; - if ($GLOBALS['cfg']['AllowArbitraryServer'] && isset($_REQUEST['pma_servername'])) { - $GLOBALS['pma_auth_server'] = $_REQUEST['pma_servername']; - } - return true; - } - - // At the end, try to set the $GLOBALS['PHP_AUTH_USER'] - // and $GLOBALS['PHP_AUTH_PW'] variables from cookies - - // servername - if ($GLOBALS['cfg']['AllowArbitraryServer'] - && ! empty($_COOKIE['pmaServer-' . $GLOBALS['server']])) { - $GLOBALS['pma_auth_server'] = $_COOKIE['pmaServer-' . $GLOBALS['server']]; - } - - // username - if (empty($_COOKIE['pmaUser-' . $GLOBALS['server']])) { - return false; - } - - $GLOBALS['PHP_AUTH_USER'] = PMA_blowfish_decrypt( - $_COOKIE['pmaUser-' . $GLOBALS['server']], - $GLOBALS['cfg']['blowfish_secret']); - - // user was never logged in since session start - if (empty($_SESSION['last_access_time'])) { - return false; - } - - // User inactive too long - if ($_SESSION['last_access_time'] < time() - $GLOBALS['cfg']['LoginCookieValidity']) { - $GLOBALS['no_activity'] = true; - PMA_auth_fails(); - exit; - } - - // password - if (empty($_COOKIE['pmaPass-' . $GLOBALS['server']])) { - return false; - } - - $GLOBALS['PHP_AUTH_PW'] = PMA_blowfish_decrypt( - $_COOKIE['pmaPass-' . $GLOBALS['server']], - $GLOBALS['cfg']['blowfish_secret'] /* . $_SESSION['last_access_time'] */); - - if ($GLOBALS['PHP_AUTH_PW'] == "\xff(blank)") { - $GLOBALS['PHP_AUTH_PW'] = ''; - } - - $GLOBALS['from_cookie'] = true; - - return true; -} // end of the 'PMA_auth_check()' function - - -/** - * Set the user and password after last checkings if required - * - * @uses $GLOBALS['PHP_AUTH_USER'] - * @uses $GLOBALS['PHP_AUTH_PW'] - * @uses $GLOBALS['server'] - * @uses $GLOBALS['from_cookie'] - * @uses $GLOBALS['pma_auth_server'] - * @uses $cfg['Server'] - * @uses $cfg['AllowArbitraryServer'] - * @uses $cfg['blowfish_secret'] - * @uses $cfg['LoginCookieStore'] - * @uses $cfg['PmaAbsoluteUri'] - * @uses $_SESSION['last_access_time'] - * @uses PMA_COMING_FROM_COOKIE_LOGIN - * @uses PMA_setCookie() - * @uses PMA_blowfish_encrypt() - * @uses PMA_removeCookie() - * @uses PMA_sendHeaderLocation() - * @uses time() - * @uses define() - * @return boolean always true - * - * @access public - */ -function PMA_auth_set_user() -{ - global $cfg; - - // Ensures valid authentication mode, 'only_db', bookmark database and - // table names and relation table name are used - if ($cfg['Server']['user'] != $GLOBALS['PHP_AUTH_USER']) { - foreach ($cfg['Servers'] as $idx => $current) { - if ($current['host'] == $cfg['Server']['host'] - && $current['port'] == $cfg['Server']['port'] - && $current['socket'] == $cfg['Server']['socket'] - && $current['ssl'] == $cfg['Server']['ssl'] - && $current['connect_type'] == $cfg['Server']['connect_type'] - && $current['user'] == $GLOBALS['PHP_AUTH_USER']) { - $GLOBALS['server'] = $idx; - $cfg['Server'] = $current; - break; - } - } // end foreach - } // end if - - $pma_server_changed = false; - if ($GLOBALS['cfg']['AllowArbitraryServer'] - && ! empty($GLOBALS['pma_auth_server']) - && $cfg['Server']['host'] != $GLOBALS['pma_auth_server']) { - $cfg['Server']['host'] = $GLOBALS['pma_auth_server']; - $pma_server_changed = true; - } - $cfg['Server']['user'] = $GLOBALS['PHP_AUTH_USER']; - $cfg['Server']['password'] = $GLOBALS['PHP_AUTH_PW']; - - $_SESSION['last_access_time'] = time(); - - // Name and password cookies needs to be refreshed each time - // Duration = one month for username - PMA_setCookie('pmaUser-' . $GLOBALS['server'], - PMA_blowfish_encrypt($cfg['Server']['user'], - $GLOBALS['cfg']['blowfish_secret'])); - - // Duration = as configured - PMA_setCookie('pmaPass-' . $GLOBALS['server'], - PMA_blowfish_encrypt(!empty($cfg['Server']['password']) ? $cfg['Server']['password'] : "\xff(blank)", - $GLOBALS['cfg']['blowfish_secret'] /* . $_SESSION['last_access_time'] */), - null, - $GLOBALS['cfg']['LoginCookieStore']); - - // Set server cookies if required (once per session) and, in this case, force - // reload to ensure the client accepts cookies - if (! $GLOBALS['from_cookie']) { - if ($GLOBALS['cfg']['AllowArbitraryServer']) { - if (! empty($GLOBALS['pma_auth_server'])) { - // Duration = one month for serverrname - PMA_setCookie('pmaServer-' . $GLOBALS['server'], $cfg['Server']['host']); - } else { - // Delete servername cookie - PMA_removeCookie('pmaServer-' . $GLOBALS['server']); - } - } - - // URL where to go: - $redirect_url = $cfg['PmaAbsoluteUri'] . 'index.php'; - - // any parameters to pass? - $url_params = array(); - if (strlen($GLOBALS['db'])) { - $url_params['db'] = $GLOBALS['db']; - } - if (strlen($GLOBALS['table'])) { - $url_params['table'] = $GLOBALS['table']; - } - // Language change from the login panel needs to be remembered - if (! empty($GLOBALS['lang'])) { - $url_params['lang'] = $GLOBALS['lang']; - } - // any target to pass? - if (! empty($GLOBALS['target']) && $GLOBALS['target'] != 'index.php') { - $url_params['target'] = $GLOBALS['target']; - } - - /** - * whether we come from a fresh cookie login - */ - define('PMA_COMING_FROM_COOKIE_LOGIN', true); - PMA_sendHeaderLocation($redirect_url . PMA_generate_common_url($url_params, '&')); - exit(); - } // end if - - return true; -} // end of the 'PMA_auth_set_user()' function - - -/** - * User is not allowed to login to MySQL -> authentication failed - * - * prepares error message and switches to PMA_auth() which display the error - * and the login form - * - * this function MUST exit/quit the application, - * currently doen by call to PMA_auth() - * - * @todo $php_errormsg is invalid here!? it will never be set in this scope - * @uses $GLOBALS['server'] - * @uses $GLOBALS['allowDeny_forbidden'] - * @uses $GLOBALS['strAccessDenied'] - * @uses $GLOBALS['strNoActivity'] - * @uses $GLOBALS['strCannotLogin'] - * @uses $GLOBALS['no_activity'] - * @uses $cfg['LoginCookieValidity'] - * @uses PMA_removeCookie() - * @uses PMA_getenv() - * @uses PMA_DBI_getError() - * @uses PMA_sanitize() - * @uses PMA_auth() - * @uses sprintf() - * @uses basename() - * @access public - */ -function PMA_auth_fails() -{ - global $conn_error; - - // Deletes password cookie and displays the login form - PMA_removeCookie('pmaPass-' . $GLOBALS['server']); - - if (! empty($GLOBALS['allowDeny_forbidden'])) { - $conn_error = $GLOBALS['strAccessDenied']; - } elseif (! empty($GLOBALS['no_activity'])) { - $conn_error = sprintf($GLOBALS['strNoActivity'], $GLOBALS['cfg']['LoginCookieValidity']); - // Remember where we got timeout to return on same place - if (PMA_getenv('SCRIPT_NAME')) { - $GLOBALS['target'] = basename(PMA_getenv('SCRIPT_NAME')); - // avoid "missing parameter: field" on re-entry - if ('tbl_alter.php' == $GLOBALS['target']) { - $GLOBALS['target'] = 'tbl_structure.php'; - } - } - } elseif (PMA_DBI_getError()) { - $conn_error = PMA_sanitize(PMA_DBI_getError()); - } elseif (isset($php_errormsg)) { - $conn_error = $php_errormsg; - } else { - $conn_error = $GLOBALS['strCannotLogin']; - } - - PMA_auth(); -} // end of the 'PMA_auth_fails()' function - -?>