📄 cookie.auth.lib.php
字号:
// good idea if (!empty($val['only_db'])) { echo ' - ' . (is_array($val['only_db']) ? implode(', ', $val['only_db']) : $val['only_db']); } if (!empty($val['user']) && ($val['auth_type'] == 'basic')) { echo ' (' . $val['user'] . ')'; } echo ' </option>' . "\n"; } // end if (!empty($val['host'])) } // end while ?> </select> </td> </tr> <?php } // end if (server choice) echo "\n"; if (!empty($conn_error)) { echo '<tr><td colspan="2" height="5"></td></tr>'; echo '<tr><th colspan="2" align="left" class="tblHeadError"><div class="errorhead">' . $GLOBALS['strError'] . '</div></th></tr>' . "\n"; echo '<tr><td colspan="2" align="left" class="tblError">'. $conn_error . '</td></tr>' . "\n"; } ?> <tr> <td colspan="2" align="right"> <?php if (count($cfg['Servers']) == 1) { echo ' <input type="hidden" name="server" value="' . $server . '" />'; } echo "\n"; ?> <input type="hidden" name="lang" value="<?php echo $lang; ?>" /> <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" /> <?php if (isset($GLOBALS['db'])) { echo ' <input type="hidden" name="db" value="' . htmlspecialchars($GLOBALS['db']) . '" />' . "\n"; } ?> <input type="submit" value="<?php echo $GLOBALS['strLogin']; ?>" id="buttonYes" /> </td> </tr> </table></form></center><script type="text/javascript" language="javascript"><!--var uname = document.forms['login_form'].elements['pma_username'];var pword = document.forms['login_form'].elements['pma_password'];if (uname.value == '') { uname.focus();} else { pword.focus();}//--></script><?php include('./config.footer.inc.php'); ?></body></html> <?php exit(); return TRUE;} // end of the 'PMA_auth()' function/** * Gets advanced authentication settings * * @global string the username if register_globals is on * @global string the password if register_globals is on * @global array the array of cookie variables if register_globals is * off * @global string the servername sent by the login form * @global string the username sent by the login form * @global string the password sent by the login form * @global string the username of the user who logs out * @global boolean whether the login/password pair is grabbed from a * cookie or not * * @return boolean whether we get authentication settings or not * * @access public */function PMA_auth_check(){ global $PHP_AUTH_USER, $PHP_AUTH_PW, $pma_auth_server; global $pma_servername, $pma_username, $pma_password, $old_usr, $server; global $from_cookie; // Initialization $PHP_AUTH_USER = $PHP_AUTH_PW = ''; $from_cookie = FALSE; $from_form = FALSE; // The user wants to be logged out -> delete password cookie if (!empty($old_usr)) { setcookie('pma_cookie_password-' . $server, '', 0, $GLOBALS['cookie_path'], '' , $GLOBALS['is_https']); } // The user just logged in else if (!empty($pma_username)) { $PHP_AUTH_USER = $pma_username; $PHP_AUTH_PW = (empty($pma_password)) ? '' : $pma_password; if ($GLOBALS['cfg']['AllowArbitraryServer']) { $pma_auth_server = $pma_servername; } $from_form = TRUE; } // At the end, try to set the $PHP_AUTH_USER & $PHP_AUTH_PW variables // from cookies whatever are the values of the 'register_globals' and // the 'variables_order' directives else { if ($GLOBALS['cfg']['AllowArbitraryServer']) { // servername if (!empty($pma_cookie_servername)) { $pma_auth_server = $pma_cookie_servername; $from_cookie = TRUE; } else if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_servername-' . $server])) { $pma_auth_server = $_COOKIE['pma_cookie_servername-' . $server]; $from_cookie = TRUE; } } // username if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_username-' . $server])) { $PHP_AUTH_USER = $_COOKIE['pma_cookie_username-' . $server]; $from_cookie = TRUE; } $decrypted_user = PMA_blowfish_decrypt($PHP_AUTH_USER, $GLOBALS['cfg']['blowfish_secret']); $pos = strrpos($decrypted_user, ':'); $PHP_AUTH_USER = substr($decrypted_user, 0, $pos); $decrypted_time = (int)substr($decrypted_user, $pos + 1); // User inactive too long if ($decrypted_time > 0 && $decrypted_time < $GLOBALS['current_time'] - $GLOBALS['cfg']['LoginCookieValidity']) { // Display an error message only if the inactivity has lasted // less than 4 times the timeout value. This is to avoid // alerting users with a error after "much" time has passed, // for example next morning. if ($decrypted_time > $GLOBALS['current_time'] - ($GLOBALS['cfg']['LoginCookieValidity'] * 4)) { $GLOBALS['no_activity'] = TRUE; PMA_auth_fails(); } return FALSE; } // password if (!empty($pma_cookie_password)) { $PHP_AUTH_PW = $pma_cookie_password; } else if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_password-' . $server])) { $PHP_AUTH_PW = $_COOKIE['pma_cookie_password-' . $server]; } else { $from_cookie = FALSE; } $PHP_AUTH_PW = PMA_blowfish_decrypt($PHP_AUTH_PW, $GLOBALS['cfg']['blowfish_secret'] . $decrypted_time); if ($PHP_AUTH_PW == "\xff(blank)") { $PHP_AUTH_PW = ''; } } // Returns whether we get authentication settings or not if (!$from_cookie && !$from_form) { return FALSE; } elseif ($from_cookie) { return TRUE; } else { // we don't need to strip here, it is done in grab_globals return TRUE; }} // end of the 'PMA_auth_check()' function/** * Set the user and password after last checkings if required * * @global array the valid servers settings * @global integer the id of the current server * @global array the current server settings * @global string the current username * @global string the current password * @global boolean whether the login/password pair has been grabbed from * a cookie or not * * @return boolean always true * * @access public */function PMA_auth_set_user(){ global $cfg, $server; global $PHP_AUTH_USER, $PHP_AUTH_PW, $pma_auth_server; global $from_cookie; // Ensures valid authentication mode, 'only_db', bookmark database and // table names and relation table name are used if ($cfg['Server']['user'] != $PHP_AUTH_USER) { $servers_cnt = count($cfg['Servers']); for ($i = 1; $i <= $servers_cnt; $i++) { if (isset($cfg['Servers'][$i]) && ($cfg['Servers'][$i]['host'] == $cfg['Server']['host'] && $cfg['Servers'][$i]['user'] == $PHP_AUTH_USER)) { $server = $i; $cfg['Server'] = $cfg['Servers'][$i]; break; } } // end for } // end if $pma_server_changed = FALSE; if ($GLOBALS['cfg']['AllowArbitraryServer'] && isset($pma_auth_server) && !empty($pma_auth_server) && ($cfg['Server']['host'] != $pma_auth_server) ) { $cfg['Server']['host'] = $pma_auth_server; $pma_server_changed = TRUE; } $cfg['Server']['user'] = $PHP_AUTH_USER; $cfg['Server']['password'] = $PHP_AUTH_PW; // Name and password cookies needs to be refreshed each time // Duration = one month for username setcookie('pma_cookie_username-' . $server, PMA_blowfish_encrypt($cfg['Server']['user'] . ':' . $GLOBALS['current_time'], $GLOBALS['cfg']['blowfish_secret']), time() + (60 * 60 * 24 * 30), $GLOBALS['cookie_path'], '', $GLOBALS['is_https']); // Duration = till the browser is closed for password (we don't want this to be saved) setcookie('pma_cookie_password-' . $server, PMA_blowfish_encrypt(!empty($cfg['Server']['password']) ? $cfg['Server']['password'] : "\xff(blank)", $GLOBALS['cfg']['blowfish_secret'] . $GLOBALS['current_time']), 0, $GLOBALS['cookie_path'], '', $GLOBALS['is_https']); // Set server cookies if required (once per session) and, in this case, force // reload to ensure the client accepts cookies if (!$from_cookie) { if ($GLOBALS['cfg']['AllowArbitraryServer']) { if (isset($pma_auth_server) && !empty($pma_auth_server) && $pma_server_changed) { // Duration = one month for serverrname setcookie('pma_cookie_servername-' . $server, $cfg['Server']['host'], time() + (60 * 60 * 24 * 30), $GLOBALS['cookie_path'], '', $GLOBALS['is_https']); } else { // Delete servername cookie setcookie('pma_cookie_servername-' . $server, '', 0, $GLOBALS['cookie_path'], '' , $GLOBALS['is_https']); } } // loic1: workaround against a IIS 5.0 bug // lem9: here, PMA_sendHeaderLocation() has not yet been defined, // so use the workaround if (empty($GLOBALS['SERVER_SOFTWARE'])) { if (isset($_SERVER) && !empty($_SERVER['SERVER_SOFTWARE'])) { $GLOBALS['SERVER_SOFTWARE'] = $_SERVER['SERVER_SOFTWARE']; } } // end if if (!empty($GLOBALS['SERVER_SOFTWARE']) && $GLOBALS['SERVER_SOFTWARE'] == 'Microsoft-IIS/5.0') { header('Refresh: 0; url=' . $cfg['PmaAbsoluteUri'] . 'index.php?' . PMA_generate_common_url('', '', '&')); } else { header('Location: ' . $cfg['PmaAbsoluteUri'] . 'index.php?' . PMA_generate_common_url('', '', '&')); } exit(); } // end if return TRUE;} // end of the 'PMA_auth_set_user()' function/** * User is not allowed to login to MySQL -> authentication failed * * @return boolean always true (no return indeed) * * @access public */function PMA_auth_fails(){global $conn_error, $server; // Deletes password cookie and displays the login form setcookie('pma_cookie_password-' . $server, '', 0, $GLOBALS['cookie_path'], '' , $GLOBALS['is_https']); if (isset($GLOBALS['allowDeny_forbidden']) && $GLOBALS['allowDeny_forbidden']) { $conn_error = $GLOBALS['strAccessDenied']; } else if (isset($GLOBALS['no_activity']) && $GLOBALS['no_activity']) { $conn_error = sprintf($GLOBALS['strNoActivity'],$GLOBALS['cfg']['LoginCookieValidity']); } else if (PMA_DBI_getError()) { $conn_error = PMA_DBI_getError(); } else if (isset($php_errormsg)) { $conn_error = $php_errormsg; } else { $conn_error = $GLOBALS['strCannotLogin']; } PMA_auth(); return TRUE;} // end of the 'PMA_auth_fails()' function?>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -