| [ Index ] |
|
Code source de phpMyAdmin 2.10.3 |
1 <?php 2 /* $Id: cookie.auth.lib.php 10471 2007-07-03 00:28:32Z lem9 $ */ 3 // vim: expandtab sw=4 ts=4 sts=4: 4 5 // +--------------------------------------------------------------------------+ 6 // | Set of functions used to run cookie based authentication. | 7 // | Thanks to Piotr Roszatycki <d3xter at users.sourceforge.net> and | 8 // | Dan Wilson who built this patch for the Debian package. | 9 // +--------------------------------------------------------------------------+ 10 11 12 if (!isset($coming_from_common)) { 13 exit; 14 } 15 16 // timestamp for login timeout 17 $current_time = time(); 18 19 // Uses faster mcrypt library if available 20 if (function_exists('mcrypt_encrypt') || PMA_dl('mcrypt')) { 21 require_once './libraries/mcrypt.lib.php'; 22 } else { 23 require_once './libraries/blowfish.php'; 24 // for main.php: 25 define('PMA_WARN_FOR_MCRYPT',1); 26 } 27 28 29 /** 30 * Displays authentication form 31 * 32 * @global string the font face to use 33 * @global string the default font size to use 34 * @global string the big font size to use 35 * @global array the list of servers settings 36 * @global array the list of available translations 37 * @global string the current language 38 * @global integer the current server id 39 * @global string the currect charset for MySQL 40 * @global array the array of cookie variables if register_globals is 41 * off 42 * 43 * @return boolean always true (no return indeed) 44 * 45 * @access public 46 */ 47 function PMA_auth() 48 { 49 global $cfg, $lang, $server, $convcharset, $conn_error; 50 51 /* Perform logout to custom URL */ 52 if (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) { 53 PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']); 54 exit; 55 } 56 57 // Tries to get the username from cookie whatever are the values of the 58 // 'register_globals' and the 'variables_order' directives if last login 59 // should be recalled, else skip the IE autocomplete feature. 60 if ($cfg['LoginCookieRecall'] && !empty($GLOBALS['cfg']['blowfish_secret'])) { 61 // username 62 // do not try to use pma_cookie_username as it was encoded differently 63 // in previous versions and would produce an undefined offset in blowfish 64 if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_username-' . $server])) { 65 $default_user = $_COOKIE['pma_cookie_username-' . $server]; 66 } 67 $decrypted_user = isset($default_user) ? PMA_blowfish_decrypt($default_user, $GLOBALS['cfg']['blowfish_secret']) : ''; 68 if (!empty($decrypted_user)) { 69 $pos = strrpos($decrypted_user, ':'); 70 $default_user = substr($decrypted_user, 0, $pos); 71 } else { 72 $default_user = ''; 73 } 74 // server name 75 if (!empty($GLOBALS['pma_cookie_servername'])) { 76 $default_server = $GLOBALS['pma_cookie_servername']; 77 } elseif (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_servername-' . $server])) { 78 $default_server = $_COOKIE['pma_cookie_servername-' . $server]; 79 } 80 81 $autocomplete = ''; 82 } else { 83 $default_user = ''; 84 $autocomplete = ' autocomplete="off"'; 85 } 86 87 $cell_align = ($GLOBALS['text_dir'] == 'ltr') ? 'left' : 'right'; 88 89 // Defines the charset to be used 90 header('Content-Type: text/html; charset=' . $GLOBALS['charset']); 91 // Defines the "item" image depending on text direction 92 $item_img = $GLOBALS['pmaThemeImage'] . 'item_ltr.png'; 93 94 /* HTML header */ 95 $page_title = 'phpMyAdmin ' . PMA_VERSION; 96 require './libraries/header_meta_style.inc.php'; 97 ?> 98 <script type="text/javascript" language="javascript"> 99 //<![CDATA[ 100 // show login form in top frame 101 if (top != self) { 102 window.top.location.href=location; 103 } 104 //]]> 105 </script> 106 </head> 107 108 <body class="loginform"> 109 110 <?php if (file_exists('./config.header.inc.php')) { 111 require ('./config.header.inc.php'); 112 } 113 ?> 114 115 <div class="container"> 116 <a href="http://www.phpmyadmin.net" target="_blank" class="logo"><?php 117 $logo_image = $GLOBALS['pmaThemeImage'] . 'logo_right.png'; 118 if (@file_exists($logo_image)) { 119 echo '<img src="' . $logo_image . '" id="imLogo" name="imLogo" alt="phpMyAdmin" border="0" />'; 120 } else { 121 echo '<img name="imLogo" id="imLogo" src="' . $GLOBALS['pmaThemeImage'] . 'pma_logo.png' . '" ' 122 . 'border="0" width="88" height="31" alt="phpMyAdmin" />'; 123 } 124 ?></a> 125 <h1> 126 <?php 127 echo sprintf( $GLOBALS['strWelcome'], 128 '<bdo dir="ltr" xml:lang="en">phpMyAdmin ' . PMA_VERSION . '</bdo>'); 129 ?> 130 </h1> 131 <?php 132 133 // Show error message 134 if ( !empty($conn_error)) { 135 echo '<div class="error"><h1>' . $GLOBALS['strError'] . '</h1>' . "\n"; 136 echo $conn_error . '</div>' . "\n"; 137 } 138 139 // Displays the languages form 140 if (empty($cfg['Lang'])) { 141 echo "\n"; 142 require_once './libraries/display_select_lang.lib.php'; 143 PMA_select_language(true); 144 } 145 echo "\n\n"; 146 147 // Displays the warning message and the login form 148 149 if (empty($GLOBALS['cfg']['blowfish_secret'])) { 150 ?> 151 <div class="error"><h1><?php echo $GLOBALS['strError']; ?></h1> 152 <?php echo $GLOBALS['strSecretRequired']; ?> 153 </div> 154 <?php 155 echo '</div>' . "\n"; 156 if (file_exists('./config.footer.inc.php')) { 157 require ('./config.footer.inc.php'); 158 } 159 160 echo ' </body>' . "\n" 161 . '</html>'; 162 exit(); 163 } 164 ?> 165 <br /> 166 <!-- Login form --> 167 <form method="post" action="index.php" name="login_form"<?php echo $autocomplete; ?> target="_top" class="login"> 168 <fieldset> 169 <legend><?php echo $GLOBALS['strLogin']; ?></legend> 170 171 <?php if ($GLOBALS['cfg']['AllowArbitraryServer']) { ?> 172 <div class="item"> 173 <label for="input_servername"><?php echo $GLOBALS['strLogServer']; ?></label> 174 <input type="text" name="pma_servername" id="input_servername" value="<?php echo (isset($default_server) ? htmlspecialchars($default_server) : ''); ?>" size="24" class="textfield" /> 175 </div> 176 <?php } ?> 177 <div class="item"> 178 <label for="input_username"><?php echo $GLOBALS['strLogUsername']; ?></label> 179 <input type="text" name="pma_username" id="input_username" value="<?php echo (isset($default_user) ? htmlspecialchars($default_user) : ''); ?>" size="24" class="textfield" /> 180 </div> 181 <div class="item"> 182 <label for="input_password"><?php echo $GLOBALS['strLogPassword']; ?></label> 183 <input type="password" name="pma_password" id="input_password" value="" size="24" class="textfield" /> 184 </div> 185 <?php 186 if (count($cfg['Servers']) > 1) { 187 echo "\n"; 188 ?> 189 <div class="item"> 190 <label for="select_server"><?php echo $GLOBALS['strServerChoice']; ?>:</label> 191 <select name="server" id="select_server" 192 <?php 193 if ($GLOBALS['cfg']['AllowArbitraryServer']) { 194 echo ' onchange="document.forms[\'login_form\'].elements[\'pma_servername\'].value = \'\'" '; 195 } 196 ?> 197 > 198 <?php 199 require_once './libraries/select_server.lib.php'; 200 PMA_select_server(false, false); 201 ?> 202 </select> 203 </div> 204 <?php 205 } else { 206 echo ' <input type="hidden" name="server" value="' . $server . '" />'; 207 } // end if (server choice) 208 ?> 209 </fieldset> 210 <fieldset class="tblFooters"> 211 <input value="<?php echo $GLOBALS['strGo']; ?>" type="submit" /> 212 <input type="hidden" name="lang" value="<?php echo $lang; ?>" /> 213 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" /> 214 <?php 215 if (!empty($GLOBALS['target'])) { 216 echo ' <input type="hidden" name="target" value="' . htmlspecialchars($GLOBALS['target']) . '" />' . "\n"; 217 } 218 if (!empty($GLOBALS['db'])) { 219 echo ' <input type="hidden" name="db" value="' . htmlspecialchars($GLOBALS['db']) . '" />' . "\n"; 220 } 221 if (!empty($GLOBALS['table'])) { 222 echo ' <input type="hidden" name="table" value="' . htmlspecialchars($GLOBALS['table']) . '" />' . "\n"; 223 } 224 ?> 225 </fieldset> 226 </form> 227 228 <?php 229 // show the "Cookies required" message only if cookies are disabled 230 // (we previously tried to set some cookies) 231 if (empty($_COOKIE)) { 232 echo '<div class="notice">' . $GLOBALS['strCookiesRequired'] . '</div>' . "\n"; 233 } 234 if ( ! empty( $GLOBALS['PMA_errors'] ) && is_array( $GLOBALS['PMA_errors'] ) ) { 235 foreach ( $GLOBALS['PMA_errors'] as $error ) { 236 echo '<div class="error">' . $error . '</div>' . "\n"; 237 } 238 } 239 ?> 240 241 <script type="text/javascript" language="javascript"> 242 <!-- 243 var uname = document.forms['login_form'].elements['pma_username']; 244 var pword = document.forms['login_form'].elements['pma_password']; 245 if (uname.value == '') { 246 uname.focus(); 247 } else { 248 pword.focus(); 249 } 250 //--> 251 </script> 252 </div> 253 254 <?php if (file_exists('./config.footer.inc.php')) { 255 require ('./config.footer.inc.php'); 256 } 257 ?> 258 259 </body> 260 261 </html> 262 <?php 263 exit(); 264 265 return true; 266 } // end of the 'PMA_auth()' function 267 268 269 /** 270 * Gets advanced authentication settings 271 * 272 * @global string the username if register_globals is on 273 * @global string the password if register_globals is on 274 * @global array the array of cookie variables if register_globals is 275 * off 276 * @global string the servername sent by the login form 277 * @global string the username sent by the login form 278 * @global string the password sent by the login form 279 * @global string the username of the user who logs out 280 * @global boolean whether the login/password pair is grabbed from a 281 * cookie or not 282 * 283 * @return boolean whether we get authentication settings or not 284 * 285 * @access public 286 */ 287 function PMA_auth_check() 288 { 289 global $PHP_AUTH_USER, $PHP_AUTH_PW, $pma_auth_server; 290 global $pma_servername, $pma_username, $pma_password, $old_usr, $server; 291 global $from_cookie; 292 293 // avoid an error in mcrypt 294 if (empty($GLOBALS['cfg']['blowfish_secret'])) { 295 return false; 296 } 297 298 // Initialization 299 $PHP_AUTH_USER = $PHP_AUTH_PW = ''; 300 $from_cookie = false; 301 $from_form = false; 302 303 // The user wants to be logged out -> delete password cookie(s) 304 if (!empty($old_usr)) { 305 if ($GLOBALS['cfg']['LoginCookieDeleteAll']) { 306 foreach($GLOBALS['cfg']['Servers'] as $key => $val) { 307 PMA_removeCookie('pma_cookie_password-' . $key); 308 } 309 } else { 310 PMA_removeCookie('pma_cookie_password-' . $server); 311 } 312 } 313 314 // The user just logged in 315 elseif (!empty($pma_username)) { 316 $PHP_AUTH_USER = $pma_username; 317 $PHP_AUTH_PW = (empty($pma_password)) ? '' : $pma_password; 318 if ($GLOBALS['cfg']['AllowArbitraryServer']) { 319 $pma_auth_server = $pma_servername; 320 } 321 $from_form = true; 322 } 323 324 // At the end, try to set the $PHP_AUTH_USER & $PHP_AUTH_PW variables 325 // from cookies whatever are the values of the 'register_globals' and 326 // the 'variables_order' directives 327 else { 328 if ($GLOBALS['cfg']['AllowArbitraryServer']) { 329 // servername 330 if (!empty($pma_cookie_servername)) { 331 $pma_auth_server = $pma_cookie_servername; 332 $from_cookie = true; 333 } elseif (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_servername-' . $server])) { 334 $pma_auth_server = $_COOKIE['pma_cookie_servername-' . $server]; 335 $from_cookie = true; 336 } 337 } 338 339 // username 340 if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_username-' . $server])) { 341 $PHP_AUTH_USER = $_COOKIE['pma_cookie_username-' . $server]; 342 $from_cookie = true; 343 } 344 $decrypted_user = PMA_blowfish_decrypt($PHP_AUTH_USER, $GLOBALS['cfg']['blowfish_secret']); 345 if (!empty($decrypted_user)) { 346 $pos = strrpos($decrypted_user, ':'); 347 $PHP_AUTH_USER = substr($decrypted_user, 0, $pos); 348 $decrypted_time = (int)substr($decrypted_user, $pos + 1); 349 } else { 350 $decrypted_time = 0; 351 } 352 353 // User inactive too long 354 if ($decrypted_time > 0 && $decrypted_time < $GLOBALS['current_time'] - $GLOBALS['cfg']['LoginCookieValidity']) { 355 // Display an error message only if the inactivity has lasted 356 // less than 4 times the timeout value. This is to avoid 357 // alerting users with a error after "much" time has passed, 358 // for example next morning. 359 if ($decrypted_time > $GLOBALS['current_time'] - ($GLOBALS['cfg']['LoginCookieValidity'] * 4)) { 360 $GLOBALS['no_activity'] = true; 361 PMA_auth_fails(); 362 } 363 return false; 364 } 365 366 // password 367 if (!empty($pma_cookie_password)) { 368 $PHP_AUTH_PW = $pma_cookie_password; 369 } elseif (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_password-' . $server])) { 370 $PHP_AUTH_PW = $_COOKIE['pma_cookie_password-' . $server]; 371 } else { 372 $from_cookie = false; 373 } 374 $PHP_AUTH_PW = PMA_blowfish_decrypt($PHP_AUTH_PW, $GLOBALS['cfg']['blowfish_secret'] . $decrypted_time); 375 376 if ($PHP_AUTH_PW == "\xff(blank)") { 377 $PHP_AUTH_PW = ''; 378 } 379 } 380 381 // Returns whether we get authentication settings or not 382 if (!$from_cookie && !$from_form) { 383 return false; 384 } elseif ($from_cookie) { 385 return true; 386 } else { 387 // we don't need to strip here, it is done in grab_globals 388 return true; 389 } 390 } // end of the 'PMA_auth_check()' function 391 392 393 /** 394 * Set the user and password after last checkings if required 395 * 396 * @global array the valid servers settings 397 * @global integer the id of the current server 398 * @global array the current server settings 399 * @global string the current username 400 * @global string the current password 401 * @global boolean whether the login/password pair has been grabbed from 402 * a cookie or not 403 * 404 * @return boolean always true 405 * 406 * @access public 407 */ 408 function PMA_auth_set_user() 409 { 410 global $cfg, $server; 411 global $PHP_AUTH_USER, $PHP_AUTH_PW, $pma_auth_server; 412 global $from_cookie; 413 414 // Ensures valid authentication mode, 'only_db', bookmark database and 415 // table names and relation table name are used 416 if ($cfg['Server']['user'] != $PHP_AUTH_USER) { 417 foreach ($cfg['Servers'] as $idx => $current) { 418 if ($current['host'] == $cfg['Server']['host'] 419 && $current['port'] == $cfg['Server']['port'] 420 && $current['socket'] == $cfg['Server']['socket'] 421 && $current['ssl'] == $cfg['Server']['ssl'] 422 && $current['connect_type'] == $cfg['Server']['connect_type'] 423 && $current['user'] == $PHP_AUTH_USER) { 424 $server = $idx; 425 $cfg['Server'] = $current; 426 break; 427 } 428 } // end foreach 429 } // end if 430 431 $pma_server_changed = false; 432 if ($GLOBALS['cfg']['AllowArbitraryServer'] 433 && isset($pma_auth_server) && !empty($pma_auth_server) 434 && ($cfg['Server']['host'] != $pma_auth_server) 435 ) { 436 $cfg['Server']['host'] = $pma_auth_server; 437 $pma_server_changed = true; 438 } 439 $cfg['Server']['user'] = $PHP_AUTH_USER; 440 $cfg['Server']['password'] = $PHP_AUTH_PW; 441 442 // Name and password cookies needs to be refreshed each time 443 // Duration = one month for username 444 PMA_setCookie('pma_cookie_username-' . $server, PMA_blowfish_encrypt($cfg['Server']['user'] . ':' . $GLOBALS['current_time'], $GLOBALS['cfg']['blowfish_secret'])); 445 446 // Duration = as configured 447 PMA_setCookie('pma_cookie_password-' . $server, 448 PMA_blowfish_encrypt(!empty($cfg['Server']['password']) ? $cfg['Server']['password'] : "\xff(blank)", 449 $GLOBALS['cfg']['blowfish_secret'] . $GLOBALS['current_time']), 450 null, 451 $GLOBALS['cfg']['LoginCookieStore']); 452 453 // Set server cookies if required (once per session) and, in this case, force 454 // reload to ensure the client accepts cookies 455 if (!$from_cookie) { 456 if ($GLOBALS['cfg']['AllowArbitraryServer']) { 457 if (isset($pma_auth_server) && !empty($pma_auth_server) && $pma_server_changed) { 458 // Duration = one month for serverrname 459 PMA_setCookie('pma_cookie_servername-' . $server, $cfg['Server']['host']); 460 } else { 461 // Delete servername cookie 462 PMA_removeCookie('pma_cookie_servername-' . $server); 463 } 464 } 465 466 // URL where to go: 467 $redirect_url = $cfg['PmaAbsoluteUri'] . 'index.php'; 468 469 // any parameters to pass? 470 $url_params = array(); 471 if ( isset($GLOBALS['db']) && strlen($GLOBALS['db']) ) { 472 $url_params['db'] = $GLOBALS['db']; 473 } 474 if ( isset($GLOBALS['table']) && strlen($GLOBALS['table']) ) { 475 $url_params['table'] = $GLOBALS['table']; 476 } 477 // Language change from the login panel needs to be remembered 478 if ( ! empty($GLOBALS['lang']) ) { 479 $url_params['lang'] = $GLOBALS['lang']; 480 } 481 // any target to pass? 482 if ( ! empty($GLOBALS['target']) && $GLOBALS['target'] != 'index.php' ) { 483 $url_params['target'] = $GLOBALS['target']; 484 } 485 486 define('PMA_COMING_FROM_COOKIE_LOGIN',1); 487 PMA_sendHeaderLocation( $redirect_url . PMA_generate_common_url( $url_params, '&' ) ); 488 exit(); 489 } // end if 490 491 return true; 492 } // end of the 'PMA_auth_set_user()' function 493 494 495 /** 496 * User is not allowed to login to MySQL -> authentication failed 497 * 498 * @return boolean always true (no return indeed) 499 * 500 * @access public 501 */ 502 function PMA_auth_fails() 503 { 504 global $conn_error, $server; 505 506 // Deletes password cookie and displays the login form 507 PMA_removeCookie('pma_cookie_password-' . $server); 508 509 if (isset($GLOBALS['allowDeny_forbidden']) && $GLOBALS['allowDeny_forbidden']) { 510 $conn_error = $GLOBALS['strAccessDenied']; 511 } elseif (isset($GLOBALS['no_activity']) && $GLOBALS['no_activity']) { 512 $conn_error = sprintf($GLOBALS['strNoActivity'], $GLOBALS['cfg']['LoginCookieValidity']); 513 // Remember where we got timeout to return on same place 514 if (PMA_getenv('SCRIPT_NAME')) { 515 $GLOBALS['target'] = basename(PMA_getenv('SCRIPT_NAME')); 516 } 517 } elseif (PMA_DBI_getError()) { 518 $conn_error = PMA_sanitize(PMA_DBI_getError()); 519 } elseif (isset($php_errormsg)) { 520 $conn_error = $php_errormsg; 521 } else { 522 $conn_error = $GLOBALS['strCannotLogin']; 523 } 524 525 PMA_auth(); 526 527 return true; 528 } // end of the 'PMA_auth_fails()' function 529 530 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Mon Nov 26 15:18:20 2007 | par Balluche grâce à PHPXref 0.7 |
|
|