📄 cookie.auth.lib.php
字号:
<?php/* vim: set expandtab sw=4 ts=4 sts=4: *//** * Set of functions used to run cookie based authentication. * Thanks to Piotr Roszatycki <d3xter at users.sourceforge.net> and * Dan Wilson who built this patch for the Debian package. * * @version $Id: cookie.auth.lib.php 11634 2008-10-04 15:06:00Z lem9 $ */if (! defined('PHPMYADMIN')) { exit;}require './libraries/auth/swekey/swekey.auth.lib.php';if (function_exists('mcrypt_encrypt')) { /** * Uses faster mcrypt library if available * (as this is not called from anywhere else, put the code in-line * for faster execution) */ /** * Initialization * Store the initialization vector because it will be needed for * further decryption. I don't think necessary to have one iv * per server so I don't put the server number in the cookie name. */ if (empty($_COOKIE['pma_mcrypt_iv']) || false === ($iv = base64_decode($_COOKIE['pma_mcrypt_iv'], true))) { srand((double) microtime() * 1000000); $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_CBC), MCRYPT_RAND); PMA_setCookie('pma_mcrypt_iv', base64_encode($iv)); } /** * Encryption using blowfish algorithm (mcrypt) * * @param string original data * @param string the secret * * @return string the encrypted result * * @access public * * @author lem9 */ function PMA_blowfish_encrypt($data, $secret) { global $iv; return base64_encode(mcrypt_encrypt(MCRYPT_BLOWFISH, $secret, $data, MCRYPT_MODE_CBC, $iv)); } /** * Decryption using blowfish algorithm (mcrypt) * * @param string encrypted data * @param string the secret * * @return string original data * * @access public * * @author lem9 */ function PMA_blowfish_decrypt($encdata, $secret) { global $iv; return trim(mcrypt_decrypt(MCRYPT_BLOWFISH, $secret, base64_decode($encdata), MCRYPT_MODE_CBC, $iv)); }} else { require_once './libraries/blowfish.php'; trigger_error(PMA_sanitize(sprintf($strCantLoad, 'mcrypt')), E_USER_WARNING);}/** * Returns blowfish secret or generates one if needed. * @uses $cfg['blowfish_secret'] * @uses $_SESSION['auto_blowfish_secret'] * * @access public */function PMA_get_blowfish_secret() { if (empty($GLOBALS['cfg']['blowfish_secret'])) { if (empty($_SESSION['auto_blowfish_secret'])) { $_SESSION['auto_blowfish_secret'] = uniqid('', true); } return $_SESSION['auto_blowfish_secret']; } else { return $GLOBALS['cfg']['blowfish_secret']; }}/** * Displays authentication form * * this function MUST exit/quit the application * * @uses $GLOBALS['server'] * @uses $GLOBALS['PHP_AUTH_USER'] * @uses $GLOBALS['pma_auth_server'] * @uses $GLOBALS['text_dir'] * @uses $GLOBALS['pmaThemeImage'] * @uses $GLOBALS['charset'] * @uses $GLOBALS['target'] * @uses $GLOBALS['db'] * @uses $GLOBALS['table'] * @uses $GLOBALS['strWelcome'] * @uses $GLOBALS['strSecretRequired'] * @uses $GLOBALS['strError'] * @uses $GLOBALS['strLogin'] * @uses $GLOBALS['strLogServer'] * @uses $GLOBALS['strLogUsername'] * @uses $GLOBALS['strLogPassword'] * @uses $GLOBALS['strServerChoice'] * @uses $GLOBALS['strGo'] * @uses $GLOBALS['strCookiesRequired'] * @uses $GLOBALS['strPmaDocumentation'] * @uses $GLOBALS['pmaThemeImage'] * @uses $cfg['Servers'] * @uses $cfg['LoginCookieRecall'] * @uses $cfg['Lang'] * @uses $cfg['Server'] * @uses $cfg['ReplaceHelpImg'] * @uses $cfg['blowfish_secret'] * @uses $cfg['AllowArbitraryServer'] * @uses $_COOKIE * @uses $_REQUEST['old_usr'] * @uses PMA_sendHeaderLocation() * @uses PMA_select_language() * @uses PMA_select_server() * @uses file_exists() * @uses sprintf() * @uses count() * @uses htmlspecialchars() * @uses is_array() * @global string the last connection error * * @access public */function PMA_auth(){ global $conn_error; /* Perform logout to custom URL */ if (! empty($_REQUEST['old_usr']) && ! empty($GLOBALS['cfg']['Server']['LogoutURL'])) { PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']); exit; } /* No recall if blowfish secret is not configured as it would produce garbage */ if ($GLOBALS['cfg']['LoginCookieRecall'] && !empty($GLOBALS['cfg']['blowfish_secret'])) { $default_user = $GLOBALS['PHP_AUTH_USER']; $default_server = $GLOBALS['pma_auth_server']; $autocomplete = ''; } else { $default_user = ''; $default_server = ''; // skip the IE autocomplete feature. $autocomplete = ' autocomplete="off"'; } $cell_align = ($GLOBALS['text_dir'] == 'ltr') ? 'left' : 'right'; // Defines the charset to be used header('Content-Type: text/html; charset=' . $GLOBALS['charset']); // Defines the "item" image depending on text direction $item_img = $GLOBALS['pmaThemeImage'] . 'item_' . $GLOBALS['text_dir'] . '.png'; /* HTML header; do not show here the PMA version to improve security */ $page_title = 'phpMyAdmin '; require './libraries/header_meta_style.inc.php'; ?><script type="text/javascript">//<![CDATA[// show login form in top frameif (top != self) { window.top.location.href=location;}//]]></script></head><body class="loginform"> <?php if (file_exists('./config.header.inc.php')) { require './config.header.inc.php'; } ?><div class="container"><a href="http://www.phpmyadmin.net" target="_blank" class="logo"><?php $logo_image = $GLOBALS['pmaThemeImage'] . 'logo_right.png'; if (@file_exists($logo_image)) { echo '<img src="' . $logo_image . '" id="imLogo" name="imLogo" alt="phpMyAdmin" border="0" />'; } else { echo '<img name="imLogo" id="imLogo" src="' . $GLOBALS['pmaThemeImage'] . 'pma_logo.png' . '" ' . 'border="0" width="88" height="31" alt="phpMyAdmin" />'; } ?></a><h1> <?php echo sprintf($GLOBALS['strWelcome'], '<bdo dir="ltr" xml:lang="en">' . $page_title . '</bdo>'); ?></h1> <?php // Show error message if (! empty($conn_error)) { PMA_Message::rawError($conn_error)->display(); } // Displays the languages form if (empty($GLOBALS['cfg']['Lang'])) { require_once './libraries/display_select_lang.lib.php'; // use fieldset, don't show doc link PMA_select_language(true, false); } ?><br /><!-- Login form --><form method="post" action="index.php" name="login_form"<?php echo $autocomplete; ?> target="_top" class="login"> <fieldset> <legend><?php echo $GLOBALS['strLogin']; // no real need to put a link to doc here, and it would reveal the // version number?></legend><?php if ($GLOBALS['cfg']['AllowArbitraryServer']) { ?> <div class="item"> <label for="input_servername" title="<?php echo $GLOBALS['strLogServerHelp']; ?>"><?php echo $GLOBALS['strLogServer']; ?></label> <input type="text" name="pma_servername" id="input_servername" value="<?php echo htmlspecialchars($default_server); ?>" size="24" class="textfield" title="<?php echo $GLOBALS['strLogServerHelp']; ?>" /> </div><?php } ?> <div class="item"> <label for="input_username"><?php echo $GLOBALS['strLogUsername']; ?></label> <input type="text" name="pma_username" id="input_username" value="<?php echo htmlspecialchars($default_user); ?>" size="24" class="textfield"/> </div> <div class="item"> <label for="input_password"><?php echo $GLOBALS['strLogPassword']; ?></label> <input type="password" name="pma_password" id="input_password" value="" size="24" class="textfield" /> </div> <?php if (count($GLOBALS['cfg']['Servers']) > 1) { ?> <div class="item"> <label for="select_server"><?php echo $GLOBALS['strServerChoice']; ?>:</label> <select name="server" id="select_server" <?php if ($GLOBALS['cfg']['AllowArbitraryServer']) { echo ' onchange="document.forms[\'login_form\'].elements[\'pma_servername\'].value = \'\'" '; } echo '>'; require_once './libraries/select_server.lib.php'; PMA_select_server(false, false); echo '</select></div>'; } else { echo ' <input type="hidden" name="server" value="' . $GLOBALS['server'] . '" />'; } // end if (server choice) ?> </fieldset> <fieldset class="tblFooters"> <input value="<?php echo $GLOBALS['strGo']; ?>" type="submit" id="input_go" /> <?php $_form_params = array(); if (! empty($GLOBALS['target'])) { $_form_params['target'] = $GLOBALS['target']; } if (! empty($GLOBALS['db'])) { $_form_params['db'] = $GLOBALS['db']; } if (! empty($GLOBALS['table'])) { $_form_params['table'] = $GLOBALS['table']; } // do not generate a "server" hidden field as we want the "server" // drop-down to have priority echo PMA_generate_common_hidden_inputs($_form_params, '', 0, 'server'); ?> </fieldset></form> <?php // BEGIN Swekey Integration Swekey_login('input_username', 'input_go'); // END Swekey Integration // show the "Cookies required" message only if cookies are disabled // (we previously tried to set some cookies) if (empty($_COOKIE)) { trigger_error($GLOBALS['strCookiesRequired'], E_USER_NOTICE); } if ($GLOBALS['error_handler']->hasDisplayErrors()) { echo '<div>'; $GLOBALS['error_handler']->dispErrors(); echo '</div>'; } ?></div><script type="text/javascript">// <![CDATA[function PMA_focusInput(){ var input_username = document.getElementById('input_username'); var input_password = document.getElementById('input_password'); if (input_username.value == '') { input_username.focus(); } else { input_password.focus(); }}window.setTimeout('PMA_focusInput()', 500);// ]]></script> <?php if (file_exists('./config.footer.inc.php')) { require './config.footer.inc.php'; } ?></body></html> <?php exit;} // end of the 'PMA_auth()' function⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -