| [ Index ] |
|
Code source de phpMyAdmin 2.10.3 |
1 <?php 2 /* $Id: http.auth.lib.php 9352 2006-08-24 12:39:16Z nijel $ */ 3 // vim: expandtab sw=4 ts=4 sts=4: 4 5 // +--------------------------------------------------------------------------+ 6 // | Set of functions used to run http authentication. | 7 // | NOTE: Requires PHP loaded as a Apache module. | 8 // +--------------------------------------------------------------------------+ 9 10 11 /** 12 * Displays authentication form 13 * 14 * @global string the font face to use in case of failure 15 * @global string the default font size to use in case of failure 16 * @global string the big font size to use in case of failure 17 * 18 * @return boolean always true (no return indeed) 19 * 20 * @access public 21 */ 22 function PMA_auth() { 23 24 /* Perform logout to custom URL */ 25 if (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) { 26 PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']); 27 exit; 28 } 29 30 header('WWW-Authenticate: Basic realm="phpMyAdmin ' . sprintf($GLOBALS['strRunning'], (empty($GLOBALS['cfg']['Server']['verbose']) ? str_replace('\'', '\\\'', $GLOBALS['cfg']['Server']['host']) : str_replace('\'', '\\\'', $GLOBALS['cfg']['Server']['verbose']))) . '"'); 31 header('HTTP/1.0 401 Unauthorized'); 32 header('status: 401 Unauthorized'); 33 34 // Defines the charset to be used 35 header('Content-Type: text/html; charset=' . $GLOBALS['charset']); 36 /* HTML header */ 37 $page_title = $GLOBALS['strAccessDenied']; 38 require './libraries/header_meta_style.inc.php'; 39 ?> 40 </head> 41 <body> 42 <?php if (file_exists('./config.header.inc.php')) { 43 require ('./config.header.inc.php'); 44 } 45 ?> 46 47 <br /><br /> 48 <center> 49 <h1><?php echo sprintf($GLOBALS['strWelcome'], ' phpMyAdmin ' . PMA_VERSION); ?></h1> 50 </center> 51 <br /> 52 <div class="warning"><?php echo $GLOBALS['strWrongUser']; ?></div> 53 54 <?php if (file_exists('./config.footer.inc.php')) { 55 require ('./config.footer.inc.php'); 56 } 57 ?> 58 59 </body> 60 </html> 61 <?php 62 exit(); 63 } // end of the 'PMA_auth()' function 64 65 66 /** 67 * Gets advanced authentication settings 68 * 69 * @global string the username if register_globals is on 70 * @global string the password if register_globals is on 71 * @global array the array of server variables if register_globals is 72 * off 73 * @global array the array of environment variables if register_globals 74 * is off 75 * @global string the username for the ? server 76 * @global string the password for the ? server 77 * @global string the username for the WebSite Professional server 78 * @global string the password for the WebSite Professional server 79 * @global string the username of the user who logs out 80 * 81 * @return boolean whether we get authentication settings or not 82 * 83 * @access public 84 */ 85 function PMA_auth_check() 86 { 87 global $PHP_AUTH_USER, $PHP_AUTH_PW; 88 global $old_usr; 89 90 // Grabs the $PHP_AUTH_USER variable whatever are the values of the 91 // 'register_globals' and the 'variables_order' directives 92 // loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+ 93 if (empty($PHP_AUTH_USER)) { 94 if (PMA_getenv('PHP_AUTH_USER')) { 95 $PHP_AUTH_USER = PMA_getenv('PHP_AUTH_USER'); 96 } elseif (PMA_getenv('REMOTE_USER')) { 97 // CGI, might be encoded, see bellow 98 $PHP_AUTH_USER = PMA_getenv('REMOTE_USER'); 99 } elseif (PMA_getenv('AUTH_USER')) { 100 // WebSite Professional 101 $PHP_AUTH_USER = PMA_getenv('AUTH_USER'); 102 } elseif (PMA_getenv('HTTP_AUTHORIZATION')) { 103 // IIS, might be encoded, see bellow 104 $PHP_AUTH_USER = PMA_getenv('HTTP_AUTHORIZATION'); 105 } elseif (PMA_getenv('Authorization')) { 106 // FastCGI, might be encoded, see bellow 107 $PHP_AUTH_USER = PMA_getenv('Authorization'); 108 } 109 } 110 // Grabs the $PHP_AUTH_PW variable whatever are the values of the 111 // 'register_globals' and the 'variables_order' directives 112 // loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+ 113 if (empty($PHP_AUTH_PW)) { 114 if (PMA_getenv('PHP_AUTH_PW')) { 115 $PHP_AUTH_PW = PMA_getenv('PHP_AUTH_PW'); 116 } elseif (PMA_getenv('REMOTE_PASSWORD')) { 117 // Apache/CGI 118 $PHP_AUTH_PW = PMA_getenv('REMOTE_PASSWORD'); 119 } elseif (PMA_getenv('AUTH_PASSWORD')) { 120 // WebSite Professional 121 $PHP_AUTH_PW = PMA_getenv('AUTH_PASSWORD'); 122 } 123 } 124 125 // Decode possibly encoded information (used by IIS/CGI/FastCGI) 126 if (strcmp(substr($PHP_AUTH_USER, 0, 6), 'Basic ') == 0) { 127 $usr_pass = base64_decode(substr($PHP_AUTH_USER, 6)); 128 if (!empty($usr_pass) && strpos($usr_pass, ':') !== false) { 129 list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', $usr_pass); 130 } 131 unset($usr_pass); 132 } 133 134 // User logged out -> ensure the new username is not the same 135 if (!empty($old_usr) 136 && (isset($PHP_AUTH_USER) && $old_usr == $PHP_AUTH_USER)) { 137 $PHP_AUTH_USER = ''; 138 } 139 140 // Returns whether we get authentication settings or not 141 if (empty($PHP_AUTH_USER)) { 142 return false; 143 } else { 144 return true; 145 } 146 } // end of the 'PMA_auth_check()' function 147 148 149 /** 150 * Set the user and password after last checkings if required 151 * 152 * @global array the valid servers settings 153 * @global integer the id of the current server 154 * @global array the current server settings 155 * @global string the current username 156 * @global string the current password 157 * 158 * @return boolean always true 159 * 160 * @access public 161 */ 162 function PMA_auth_set_user() 163 { 164 global $cfg, $server; 165 global $PHP_AUTH_USER, $PHP_AUTH_PW; 166 167 // Ensures valid authentication mode, 'only_db', bookmark database and 168 // table names and relation table name are used 169 if ($cfg['Server']['user'] != $PHP_AUTH_USER) { 170 $servers_cnt = count($cfg['Servers']); 171 for ($i = 1; $i <= $servers_cnt; $i++) { 172 if (isset($cfg['Servers'][$i]) 173 && ($cfg['Servers'][$i]['host'] == $cfg['Server']['host'] && $cfg['Servers'][$i]['user'] == $PHP_AUTH_USER)) { 174 $server = $i; 175 $cfg['Server'] = $cfg['Servers'][$i]; 176 break; 177 } 178 } // end for 179 } // end if 180 181 $cfg['Server']['user'] = $PHP_AUTH_USER; 182 $cfg['Server']['password'] = $PHP_AUTH_PW; 183 184 return true; 185 } // end of the 'PMA_auth_set_user()' function 186 187 188 /** 189 * User is not allowed to login to MySQL -> authentication failed 190 * 191 * @return boolean always true (no return indeed) 192 * 193 * @access public 194 */ 195 function PMA_auth_fails() 196 { 197 $error = PMA_DBI_getError(); 198 if ($error && $GLOBALS['errno'] != 1045) { 199 PMA_sendHeaderLocation('error.php?error=' . urlencode($error)); 200 exit; 201 } else { 202 PMA_auth(); 203 return true; 204 } 205 206 } // end of the 'PMA_auth_fails()' function 207 208 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Mon Nov 26 15:18:20 2007 | par Balluche grâce à PHPXref 0.7 |
|
|