source: mysql/libraries/auth/cookie.auth.lib.php@ 5

Last change on this file since 5 was 5, checked in by george, 18 years ago

import
File size: 18.7 KB
Line 
1<?php
2/* $Id: cookie.auth.lib.php 9991 2007-02-14 21:18:38Z lem9 $ */
3// vim: expandtab sw=4 ts=4 sts=4:
4
5// +--------------------------------------------------------------------------+
6// | Set of functions used to run cookie based authentication. |
7// | Thanks to Piotr Roszatycki <d3xter at users.sourceforge.net> and |
8// | Dan Wilson who built this patch for the Debian package. |
9// +--------------------------------------------------------------------------+
10
11
12if (!isset($coming_from_common)) {
13 exit;
14}
15
16// timestamp for login timeout
17$current_time = time();
18
19// Uses faster mcrypt library if available
20// (Note: mcrypt.lib.php needs $cookie_path and $is_https)
21if (function_exists('mcrypt_encrypt') || PMA_dl('mcrypt')) {
22 require_once './libraries/mcrypt.lib.php';
23} else {
24 require_once './libraries/blowfish.php';
25 // for main.php:
26 define('PMA_WARN_FOR_MCRYPT',1);
27}
28
29
30/**
31 * Displays authentication form
32 *
33 * @global string the font face to use
34 * @global string the default font size to use
35 * @global string the big font size to use
36 * @global array the list of servers settings
37 * @global array the list of available translations
38 * @global string the current language
39 * @global integer the current server id
40 * @global string the currect charset for MySQL
41 * @global array the array of cookie variables if register_globals is
42 * off
43 *
44 * @return boolean always true (no return indeed)
45 *
46 * @access public
47 */
48function PMA_auth()
49{
50 global $cfg, $lang, $server, $convcharset, $conn_error;
51
52 /* Perform logout to custom URL */
53 if (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) {
54 PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']);
55 exit;
56 }
57
58 // Tries to get the username from cookie whatever are the values of the
59 // 'register_globals' and the 'variables_order' directives if last login
60 // should be recalled, else skip the IE autocomplete feature.
61 if ($cfg['LoginCookieRecall'] && !empty($GLOBALS['cfg']['blowfish_secret'])) {
62 // username
63 // do not try to use pma_cookie_username as it was encoded differently
64 // in previous versions and would produce an undefined offset in blowfish
65 if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_username-' . $server])) {
66 $default_user = $_COOKIE['pma_cookie_username-' . $server];
67 }
68 $decrypted_user = isset($default_user) ? PMA_blowfish_decrypt($default_user, $GLOBALS['cfg']['blowfish_secret']) : '';
69 if (!empty($decrypted_user)) {
70 $pos = strrpos($decrypted_user, ':');
71 $default_user = substr($decrypted_user, 0, $pos);
72 } else {
73 $default_user = '';
74 }
75 // server name
76 if (!empty($GLOBALS['pma_cookie_servername'])) {
77 $default_server = $GLOBALS['pma_cookie_servername'];
78 } elseif (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_servername-' . $server])) {
79 $default_server = $_COOKIE['pma_cookie_servername-' . $server];
80 }
81
82 $autocomplete = '';
83 } else {
84 $default_user = '';
85 $autocomplete = ' autocomplete="off"';
86 }
87
88 $cell_align = ($GLOBALS['text_dir'] == 'ltr') ? 'left' : 'right';
89
90 // Defines the charset to be used
91 header('Content-Type: text/html; charset=' . $GLOBALS['charset']);
92 // Defines the "item" image depending on text direction
93 $item_img = $GLOBALS['pmaThemeImage'] . 'item_ltr.png';
94
95 /* HTML header */
96 $page_title = 'phpMyAdmin ' . PMA_VERSION;
97 require './libraries/header_meta_style.inc.php';
98 ?>
99<script type="text/javascript" language="javascript">
100//<![CDATA[
101// show login form in top frame
102if (top != self) {
103 window.top.location.href=location;
104}
105//]]>
106</script>
107</head>
108
109<body class="loginform">
110
111<?php if (file_exists('./config.header.inc.php')) {
112 require('./config.header.inc.php');
113 }
114?>
115
116<div class="container">
117<a href="http://www.phpmyadmin.net" target="_blank" class="logo"><?php
118 $logo_image = $GLOBALS['pmaThemeImage'] . 'logo_right.png';
119 if (@file_exists($logo_image)) {
120 echo '<img src="' . $logo_image . '" id="imLogo" name="imLogo" alt="phpMyAdmin" border="0" />';
121 } else {
122 echo '<img name="imLogo" id="imLogo" src="' . $GLOBALS['pmaThemeImage'] . 'pma_logo.png' . '" '
123 . 'border="0" width="88" height="31" alt="phpMyAdmin" />';
124 }
125?></a>
126<h1>
127<?php
128echo sprintf( $GLOBALS['strWelcome'],
129 '<bdo dir="ltr" xml:lang="en">phpMyAdmin ' . PMA_VERSION . '</bdo>');
130?>
131</h1>
132 <?php
133
134 // Show error message
135 if ( !empty($conn_error)) {
136 echo '<div class="error"><h1>' . $GLOBALS['strError'] . '</h1>' . "\n";
137 echo $conn_error . '</div>' . "\n";
138 }
139
140 // Displays the languages form
141 if (empty($cfg['Lang'])) {
142 echo "\n";
143 require_once './libraries/display_select_lang.lib.php';
144 PMA_select_language(true);
145 }
146 echo "\n\n";
147
148 // Displays the warning message and the login form
149
150 if (empty($GLOBALS['cfg']['blowfish_secret'])) {
151 ?>
152 <div class="error"><h1><?php echo $GLOBALS['strError']; ?></h1>
153 <?php echo $GLOBALS['strSecretRequired']; ?>
154 </div>
155<?php
156 echo '</div>' . "\n";
157 if (file_exists('./config.footer.inc.php')) {
158 require('./config.footer.inc.php');
159 }
160
161 echo ' </body>' . "\n"
162 . '</html>';
163 exit();
164 }
165?>
166<br />
167<!-- Login form -->
168<form method="post" action="index.php" name="login_form"<?php echo $autocomplete; ?> target="_top" class="login">
169 <fieldset>
170 <legend><?php echo $GLOBALS['strLogin']; ?></legend>
171
172<?php if ($GLOBALS['cfg']['AllowArbitraryServer']) { ?>
173 <div class="item">
174 <label for="input_servername"><?php echo $GLOBALS['strLogServer']; ?></label>
175 <input type="text" name="pma_servername" id="input_servername" value="<?php echo (isset($default_server) ? htmlspecialchars($default_server) : ''); ?>" size="24" class="textfield" />
176 </div>
177<?php } ?>
178 <div class="item">
179 <label for="input_username"><?php echo $GLOBALS['strLogUsername']; ?></label>
180 <input type="text" name="pma_username" id="input_username" value="<?php echo (isset($default_user) ? htmlspecialchars($default_user) : ''); ?>" size="24" class="textfield" />
181 </div>
182 <div class="item">
183 <label for="input_password"><?php echo $GLOBALS['strLogPassword']; ?></label>
184 <input type="password" name="pma_password" id="input_password" value="" size="24" class="textfield" />
185 </div>
186 <?php
187 if (count($cfg['Servers']) > 1) {
188 echo "\n";
189 ?>
190 <div class="item">
191 <label for="select_server"><?php echo $GLOBALS['strServerChoice']; ?>:</label>
192 <select name="server" id="select_server"
193 <?php
194 if ($GLOBALS['cfg']['AllowArbitraryServer']) {
195 echo ' onchange="document.forms[\'login_form\'].elements[\'pma_servername\'].value = \'\'" ';
196 }
197 ?>
198 >
199 <?php
200 require_once './libraries/select_server.lib.php';
201 PMA_select_server(false, false);
202 ?>
203 </select>
204 </div>
205 <?php
206 } else {
207 echo ' <input type="hidden" name="server" value="' . $server . '" />';
208 } // end if (server choice)
209 ?>
210 </fieldset>
211 <fieldset class="tblFooters">
212 <input value="<?php echo $GLOBALS['strGo']; ?>" type="submit" />
213 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
214 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
215 <?php
216 if (!empty($GLOBALS['target'])) {
217 echo ' <input type="hidden" name="target" value="' . htmlspecialchars($GLOBALS['target']) . '" />' . "\n";
218 }
219 if (!empty($GLOBALS['db'])) {
220 echo ' <input type="hidden" name="db" value="' . htmlspecialchars($GLOBALS['db']) . '" />' . "\n";
221 }
222 if (!empty($GLOBALS['table'])) {
223 echo ' <input type="hidden" name="table" value="' . htmlspecialchars($GLOBALS['table']) . '" />' . "\n";
224 }
225 ?>
226 </fieldset>
227</form>
228
229<?php
230// show the "Cookies required" message only if cookies are disabled
231// (we previously tried to set some cookies)
232if (empty($_COOKIE)) {
233 echo '<div class="notice">' . $GLOBALS['strCookiesRequired'] . '</div>' . "\n";
234}
235if ( ! empty( $GLOBALS['PMA_errors'] ) && is_array( $GLOBALS['PMA_errors'] ) ) {
236 foreach ( $GLOBALS['PMA_errors'] as $error ) {
237 echo '<div class="error">' . $error . '</div>' . "\n";
238 }
239}
240?>
241
242<script type="text/javascript" language="javascript">
243<!--
244var uname = document.forms['login_form'].elements['pma_username'];
245var pword = document.forms['login_form'].elements['pma_password'];
246if (uname.value == '') {
247 uname.focus();
248} else {
249 pword.focus();
250}
251//-->
252</script>
253</div>
254
255<?php if (file_exists('./config.footer.inc.php')) {
256 require('./config.footer.inc.php');
257 }
258 ?>
259
260</body>
261
262</html>
263 <?php
264 exit();
265
266 return true;
267} // end of the 'PMA_auth()' function
268
269
270/**
271 * Gets advanced authentication settings
272 *
273 * @global string the username if register_globals is on
274 * @global string the password if register_globals is on
275 * @global array the array of cookie variables if register_globals is
276 * off
277 * @global string the servername sent by the login form
278 * @global string the username sent by the login form
279 * @global string the password sent by the login form
280 * @global string the username of the user who logs out
281 * @global boolean whether the login/password pair is grabbed from a
282 * cookie or not
283 *
284 * @return boolean whether we get authentication settings or not
285 *
286 * @access public
287 */
288function PMA_auth_check()
289{
290 global $PHP_AUTH_USER, $PHP_AUTH_PW, $pma_auth_server;
291 global $pma_servername, $pma_username, $pma_password, $old_usr, $server;
292 global $from_cookie;
293
294 // avoid an error in mcrypt
295 if (empty($GLOBALS['cfg']['blowfish_secret'])) {
296 return false;
297 }
298
299 // Initialization
300 $PHP_AUTH_USER = $PHP_AUTH_PW = '';
301 $from_cookie = false;
302 $from_form = false;
303
304 // The user wants to be logged out -> delete password cookie(s)
305 if (!empty($old_usr)) {
306 if ($GLOBALS['cfg']['LoginCookieDeleteAll']) {
307 foreach($GLOBALS['cfg']['Servers'] as $key => $val) {
308 PMA_removeCookie('pma_cookie_password-' . $key);
309 }
310 } else {
311 PMA_removeCookie('pma_cookie_password-' . $server);
312 }
313 }
314
315 // The user just logged in
316 elseif (!empty($pma_username)) {
317 $PHP_AUTH_USER = $pma_username;
318 $PHP_AUTH_PW = (empty($pma_password)) ? '' : $pma_password;
319 if ($GLOBALS['cfg']['AllowArbitraryServer']) {
320 $pma_auth_server = $pma_servername;
321 }
322 $from_form = true;
323 }
324
325 // At the end, try to set the $PHP_AUTH_USER & $PHP_AUTH_PW variables
326 // from cookies whatever are the values of the 'register_globals' and
327 // the 'variables_order' directives
328 else {
329 if ($GLOBALS['cfg']['AllowArbitraryServer']) {
330 // servername
331 if (!empty($pma_cookie_servername)) {
332 $pma_auth_server = $pma_cookie_servername;
333 $from_cookie = true;
334 } elseif (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_servername-' . $server])) {
335 $pma_auth_server = $_COOKIE['pma_cookie_servername-' . $server];
336 $from_cookie = true;
337 }
338 }
339
340 // username
341 if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_username-' . $server])) {
342 $PHP_AUTH_USER = $_COOKIE['pma_cookie_username-' . $server];
343 $from_cookie = true;
344 }
345 $decrypted_user = PMA_blowfish_decrypt($PHP_AUTH_USER, $GLOBALS['cfg']['blowfish_secret']);
346 if (!empty($decrypted_user)) {
347 $pos = strrpos($decrypted_user, ':');
348 $PHP_AUTH_USER = substr($decrypted_user, 0, $pos);
349 $decrypted_time = (int)substr($decrypted_user, $pos + 1);
350 } else {
351 $decrypted_time = 0;
352 }
353
354 // User inactive too long
355 if ($decrypted_time > 0 && $decrypted_time < $GLOBALS['current_time'] - $GLOBALS['cfg']['LoginCookieValidity']) {
356 // Display an error message only if the inactivity has lasted
357 // less than 4 times the timeout value. This is to avoid
358 // alerting users with a error after "much" time has passed,
359 // for example next morning.
360 if ($decrypted_time > $GLOBALS['current_time'] - ($GLOBALS['cfg']['LoginCookieValidity'] * 4)) {
361 $GLOBALS['no_activity'] = true;
362 PMA_auth_fails();
363 }
364 return false;
365 }
366
367 // password
368 if (!empty($pma_cookie_password)) {
369 $PHP_AUTH_PW = $pma_cookie_password;
370 } elseif (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_password-' . $server])) {
371 $PHP_AUTH_PW = $_COOKIE['pma_cookie_password-' . $server];
372 } else {
373 $from_cookie = false;
374 }
375 $PHP_AUTH_PW = PMA_blowfish_decrypt($PHP_AUTH_PW, $GLOBALS['cfg']['blowfish_secret'] . $decrypted_time);
376
377 if ($PHP_AUTH_PW == "\xff(blank)") {
378 $PHP_AUTH_PW = '';
379 }
380 }
381
382 // Returns whether we get authentication settings or not
383 if (!$from_cookie && !$from_form) {
384 return false;
385 } elseif ($from_cookie) {
386 return true;
387 } else {
388 // we don't need to strip here, it is done in grab_globals
389 return true;
390 }
391} // end of the 'PMA_auth_check()' function
392
393
394/**
395 * Set the user and password after last checkings if required
396 *
397 * @global array the valid servers settings
398 * @global integer the id of the current server
399 * @global array the current server settings
400 * @global string the current username
401 * @global string the current password
402 * @global boolean whether the login/password pair has been grabbed from
403 * a cookie or not
404 *
405 * @return boolean always true
406 *
407 * @access public
408 */
409function PMA_auth_set_user()
410{
411 global $cfg, $server;
412 global $PHP_AUTH_USER, $PHP_AUTH_PW, $pma_auth_server;
413 global $from_cookie;
414
415 // Ensures valid authentication mode, 'only_db', bookmark database and
416 // table names and relation table name are used
417 if ($cfg['Server']['user'] != $PHP_AUTH_USER) {
418 foreach ($cfg['Servers'] as $idx => $current) {
419 if ($current['host'] == $cfg['Server']['host']
420 && $current['port'] == $cfg['Server']['port']
421 && $current['socket'] == $cfg['Server']['socket']
422 && $current['ssl'] == $cfg['Server']['ssl']
423 && $current['connect_type'] == $cfg['Server']['connect_type']
424 && $current['user'] == $PHP_AUTH_USER) {
425 $server = $idx;
426 $cfg['Server'] = $current;
427 break;
428 }
429 } // end foreach
430 } // end if
431
432 $pma_server_changed = false;
433 if ($GLOBALS['cfg']['AllowArbitraryServer']
434 && isset($pma_auth_server) && !empty($pma_auth_server)
435 && ($cfg['Server']['host'] != $pma_auth_server)
436 ) {
437 $cfg['Server']['host'] = $pma_auth_server;
438 $pma_server_changed = true;
439 }
440 $cfg['Server']['user'] = $PHP_AUTH_USER;
441 $cfg['Server']['password'] = $PHP_AUTH_PW;
442
443 // Name and password cookies needs to be refreshed each time
444 // Duration = one month for username
445 PMA_setCookie('pma_cookie_username-' . $server, PMA_blowfish_encrypt($cfg['Server']['user'] . ':' . $GLOBALS['current_time'], $GLOBALS['cfg']['blowfish_secret']));
446
447 // Duration = as configured
448 PMA_setCookie('pma_cookie_password-' . $server,
449 PMA_blowfish_encrypt(!empty($cfg['Server']['password']) ? $cfg['Server']['password'] : "\xff(blank)",
450 $GLOBALS['cfg']['blowfish_secret'] . $GLOBALS['current_time']),
451 null,
452 $GLOBALS['cfg']['LoginCookieStore']);
453
454 // Set server cookies if required (once per session) and, in this case, force
455 // reload to ensure the client accepts cookies
456 if (!$from_cookie) {
457 if ($GLOBALS['cfg']['AllowArbitraryServer']) {
458 if (isset($pma_auth_server) && !empty($pma_auth_server) && $pma_server_changed) {
459 // Duration = one month for serverrname
460 PMA_setCookie('pma_cookie_servername-' . $server, $cfg['Server']['host']);
461 } else {
462 // Delete servername cookie
463 PMA_removeCookie('pma_cookie_servername-' . $server);
464 }
465 }
466
467 // URL where to go:
468 $redirect_url = $cfg['PmaAbsoluteUri'] . 'index.php';
469
470 // any parameters to pass?
471 $url_params = array();
472 if ( isset($GLOBALS['db']) && strlen($GLOBALS['db']) ) {
473 $url_params['db'] = $GLOBALS['db'];
474 }
475 if ( isset($GLOBALS['table']) && strlen($GLOBALS['table']) ) {
476 $url_params['table'] = $GLOBALS['table'];
477 }
478 // Language change from the login panel needs to be remembered
479 if ( ! empty($GLOBALS['lang']) ) {
480 $url_params['lang'] = $GLOBALS['lang'];
481 }
482 // any target to pass?
483 if ( ! empty($GLOBALS['target']) && $GLOBALS['target'] != 'index.php' ) {
484 $url_params['target'] = $GLOBALS['target'];
485 }
486
487 define('PMA_COMING_FROM_COOKIE_LOGIN',1);
488 PMA_sendHeaderLocation( $redirect_url . PMA_generate_common_url( $url_params, '&' ) );
489 exit();
490 } // end if
491
492 return true;
493} // end of the 'PMA_auth_set_user()' function
494
495
496/**
497 * User is not allowed to login to MySQL -> authentication failed
498 *
499 * @return boolean always true (no return indeed)
500 *
501 * @access public
502 */
503function PMA_auth_fails()
504{
505 global $conn_error, $server;
506
507 // Deletes password cookie and displays the login form
508 PMA_removeCookie('pma_cookie_password-' . $server);
509
510 if (isset($GLOBALS['allowDeny_forbidden']) && $GLOBALS['allowDeny_forbidden']) {
511 $conn_error = $GLOBALS['strAccessDenied'];
512 } elseif (isset($GLOBALS['no_activity']) && $GLOBALS['no_activity']) {
513 $conn_error = sprintf($GLOBALS['strNoActivity'], $GLOBALS['cfg']['LoginCookieValidity']);
514 // Remember where we got timeout to return on same place
515 if (PMA_getenv('SCRIPT_NAME')) {
516 $GLOBALS['target'] = basename(PMA_getenv('SCRIPT_NAME'));
517 }
518 } elseif (PMA_DBI_getError()) {
519 $conn_error = PMA_sanitize(PMA_DBI_getError());
520 } elseif (isset($php_errormsg)) {
521 $conn_error = $php_errormsg;
522 } else {
523 $conn_error = $GLOBALS['strCannotLogin'];
524 }
525
526 PMA_auth();
527
528 return true;
529} // end of the 'PMA_auth_fails()' function
530
531?>
Note: See TracBrowser for help on using the repository browser.