/**
* Test clearing cached values
*
* @return void
*/
public function testCacheUnSet()
{
$GLOBALS['server'] = 'server';
PMA_Util::cacheSet('test_data', 25, true);
PMA_Util::cacheSet('test_data_2', 25, true);
PMA_Util::cacheUnset('test_data', true);
$this->assertArrayNotHasKey('test_data', $_SESSION['cache']['server_server']);
PMA_Util::cacheUnset('test_data_2', true);
$this->assertArrayNotHasKey('test_data_2', $_SESSION['cache']['server_server']);
}
/**
* Gets advanced authentication settings
*
* this function DOES NOT check authentication - it just checks/provides
* authentication credentials required to connect to the MySQL server
* usually with $GLOBALS['dbi']->connect()
*
* it returns false if something is missing - which usually leads to
* auth() which displays login form
*
* it returns true if all seems ok which usually leads to auth_set_user()
*
* it directly switches to authFails() if user inactivity timout is reached
*
* @todo AllowArbitraryServer on does not imply that the user wants an
* arbitrary server, or? so we should also check if this is filled
* and not only if allowed
*
* @return boolean whether we get authentication settings or not
*/
public function authCheck()
{
global $conn_error;
// Initialization
/**
* @global $GLOBALS['pma_auth_server'] the user provided server to
* connect to
*/
$GLOBALS['pma_auth_server'] = '';
$GLOBALS['PHP_AUTH_USER'] = $GLOBALS['PHP_AUTH_PW'] = '';
$GLOBALS['from_cookie'] = false;
// BEGIN Swekey Integration
if (!Swekey_Auth_check()) {
return false;
}
// END Swekey Integration
if (defined('PMA_CLEAR_COOKIES')) {
foreach ($GLOBALS['cfg']['Servers'] as $key => $val) {
$GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $key);
$GLOBALS['PMA_Config']->removeCookie('pmaServer-' . $key);
$GLOBALS['PMA_Config']->removeCookie('pmaUser-' . $key);
}
return false;
}
// We already have one correct captcha.
$skip = false;
if (isset($_SESSION['last_valid_captcha']) && $_SESSION['last_valid_captcha']) {
$skip = true;
}
// Verify Captcha if it is required.
if (!empty($GLOBALS['cfg']['CaptchaLoginPrivateKey']) && !empty($GLOBALS['cfg']['CaptchaLoginPublicKey']) && !$skip) {
if (!empty($_POST["recaptcha_challenge_field"]) && !empty($_POST["recaptcha_response_field"])) {
include_once 'libraries/plugins/auth/recaptchalib.php';
// Use private key to verify captcha status.
$resp = recaptcha_check_answer($GLOBALS['cfg']['CaptchaLoginPrivateKey'], $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
// Check if the captcha entered is valid, if not stop the login.
if (!$resp->is_valid) {
$conn_error = __('Entered captcha is wrong, try again!');
$_SESSION['last_valid_captcha'] = false;
return false;
} else {
$_SESSION['last_valid_captcha'] = true;
}
} elseif (!empty($_POST["recaptcha_challenge_field"]) && empty($_POST["recaptcha_response_field"])) {
$conn_error = __('Please enter correct captcha!');
return false;
} else {
if (!isset($_SESSION['last_valid_captcha']) || !$_SESSION['last_valid_captcha']) {
return false;
}
}
}
if (!empty($_REQUEST['old_usr'])) {
// The user wants to be logged out
// -> delete his choices that were stored in session
// according to the PHP manual we should do this before the destroy:
//$_SESSION = array();
if (!defined('TESTSUITE')) {
session_destroy();
// $_SESSION array is not immediately emptied
$_SESSION['last_valid_captcha'] = false;
}
// -> delete password cookie(s)
if ($GLOBALS['cfg']['LoginCookieDeleteAll']) {
foreach ($GLOBALS['cfg']['Servers'] as $key => $val) {
$GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $key);
if (isset($_COOKIE['pmaPass-' . $key])) {
unset($_COOKIE['pmaPass-' . $key]);
}
}
} else {
$GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $GLOBALS['server']);
if (isset($_COOKIE['pmaPass-' . $GLOBALS['server']])) {
unset($_COOKIE['pmaPass-' . $GLOBALS['server']]);
}
}
}
if (!empty($_REQUEST['pma_username'])) {
// The user just logged in
$GLOBALS['PHP_AUTH_USER'] = $_REQUEST['pma_username'];
$GLOBALS['PHP_AUTH_PW'] = empty($_REQUEST['pma_password']) ? '' : $_REQUEST['pma_password'];
if ($GLOBALS['cfg']['AllowArbitraryServer'] && isset($_REQUEST['pma_servername'])) {
$GLOBALS['pma_auth_server'] = $_REQUEST['pma_servername'];
}
return true;
}
// At the end, try to set the $GLOBALS['PHP_AUTH_USER']
// and $GLOBALS['PHP_AUTH_PW'] variables from cookies
// servername
if ($GLOBALS['cfg']['AllowArbitraryServer'] && !empty($_COOKIE['pmaServer-' . $GLOBALS['server']])) {
$GLOBALS['pma_auth_server'] = $_COOKIE['pmaServer-' . $GLOBALS['server']];
}
// check cookies
if (empty($_COOKIE['pmaUser-' . $GLOBALS['server']]) || empty($_COOKIE['pma_mcrypt_iv'])) {
return false;
}
$GLOBALS['PHP_AUTH_USER'] = $this->blowfishDecrypt($_COOKIE['pmaUser-' . $GLOBALS['server']], $this->_getBlowfishSecret());
// user was never logged in since session start
if (empty($_SESSION['last_access_time'])) {
return false;
}
// User inactive too long
$last_access_time = time() - $GLOBALS['cfg']['LoginCookieValidity'];
if ($_SESSION['last_access_time'] < $last_access_time) {
PMA_Util::cacheUnset('is_create_db_priv', null);
PMA_Util::cacheUnset('is_process_priv', null);
PMA_Util::cacheUnset('is_reload_priv', null);
PMA_Util::cacheUnset('db_to_create', null);
PMA_Util::cacheUnset('dbs_where_create_table_allowed', null);
$GLOBALS['no_activity'] = true;
$this->authFails();
if (!defined('TESTSUITE')) {
exit;
} else {
return false;
}
}
// check password cookie
if (empty($_COOKIE['pmaPass-' . $GLOBALS['server']])) {
return false;
}
$GLOBALS['PHP_AUTH_PW'] = $this->blowfishDecrypt($_COOKIE['pmaPass-' . $GLOBALS['server']], $this->_getBlowfishSecret());
if ($GLOBALS['PHP_AUTH_PW'] == "ÿ(blank)") {
$GLOBALS['PHP_AUTH_PW'] = '';
}
$GLOBALS['from_cookie'] = true;
return true;
}
/**
* Gets advanced authentication settings
*
* this function DOES NOT check authentication - it just checks/provides
* authentication credentials required to connect to the MySQL server
* usually with $GLOBALS['dbi']->connect()
*
* it returns false if something is missing - which usually leads to
* auth() which displays login form
*
* it returns true if all seems ok which usually leads to auth_set_user()
*
* it directly switches to authFails() if user inactivity timeout is reached
*
* @return boolean whether we get authentication settings or not
*/
public function authCheck()
{
global $conn_error;
// Initialization
/**
* @global $GLOBALS['pma_auth_server'] the user provided server to
* connect to
*/
$GLOBALS['pma_auth_server'] = '';
$GLOBALS['PHP_AUTH_USER'] = $GLOBALS['PHP_AUTH_PW'] = '';
$GLOBALS['from_cookie'] = false;
// BEGIN Swekey Integration
if (!Swekey_Auth_check()) {
return false;
}
// END Swekey Integration
if (defined('PMA_CLEAR_COOKIES')) {
foreach ($GLOBALS['cfg']['Servers'] as $key => $val) {
$GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $key);
$GLOBALS['PMA_Config']->removeCookie('pmaServer-' . $key);
$GLOBALS['PMA_Config']->removeCookie('pmaUser-' . $key);
}
return false;
}
if (!empty($_REQUEST['old_usr'])) {
// The user wants to be logged out
// -> delete his choices that were stored in session
// according to the PHP manual we should do this before the destroy:
//$_SESSION = array();
if (!defined('TESTSUITE')) {
session_destroy();
}
// -> delete password cookie(s)
if ($GLOBALS['cfg']['LoginCookieDeleteAll']) {
foreach ($GLOBALS['cfg']['Servers'] as $key => $val) {
$GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $key);
if (isset($_COOKIE['pmaPass-' . $key])) {
unset($_COOKIE['pmaPass-' . $key]);
}
}
} else {
$GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $GLOBALS['server']);
if (isset($_COOKIE['pmaPass-' . $GLOBALS['server']])) {
unset($_COOKIE['pmaPass-' . $GLOBALS['server']]);
}
}
}
if (!empty($_REQUEST['pma_username'])) {
// Verify Captcha if it is required.
if (!empty($GLOBALS['cfg']['CaptchaLoginPrivateKey']) && !empty($GLOBALS['cfg']['CaptchaLoginPublicKey'])) {
if (!empty($_POST["g-recaptcha-response"])) {
include_once 'libraries/plugins/auth/recaptcha/autoload.php';
$reCaptcha = new \ReCaptcha\ReCaptcha($GLOBALS['cfg']['CaptchaLoginPrivateKey']);
// verify captcha status.
$resp = $reCaptcha->verify($_POST["g-recaptcha-response"], $_SERVER["REMOTE_ADDR"]);
// Check if the captcha entered is valid, if not stop the login.
if ($resp == null || !$resp->isSuccess()) {
$conn_error = __('Entered captcha is wrong, try again!');
return false;
}
} else {
$conn_error = __('Please enter correct captcha!');
return false;
}
}
// The user just logged in
$GLOBALS['PHP_AUTH_USER'] = $_REQUEST['pma_username'];
$GLOBALS['PHP_AUTH_PW'] = empty($_REQUEST['pma_password']) ? '' : $_REQUEST['pma_password'];
if ($GLOBALS['cfg']['AllowArbitraryServer'] && isset($_REQUEST['pma_servername'])) {
if ($GLOBALS['cfg']['ArbitraryServerRegexp']) {
$parts = explode(' ', $_REQUEST['pma_servername']);
if (count($parts) == 2) {
$tmp_host = $parts[0];
} else {
$tmp_host = $_REQUEST['pma_servername'];
}
$match = preg_match($GLOBALS['cfg']['ArbitraryServerRegexp'], $tmp_host);
if (!$match) {
$conn_error = __('You are not allowed to log in to this MySQL server!');
return false;
}
}
$GLOBALS['pma_auth_server'] = $_REQUEST['pma_servername'];
}
return true;
}
// At the end, try to set the $GLOBALS['PHP_AUTH_USER']
// and $GLOBALS['PHP_AUTH_PW'] variables from cookies
// servername
if ($GLOBALS['cfg']['AllowArbitraryServer'] && !empty($_COOKIE['pmaServer-' . $GLOBALS['server']])) {
$GLOBALS['pma_auth_server'] = $_COOKIE['pmaServer-' . $GLOBALS['server']];
}
// check cookies
if (empty($_COOKIE['pmaUser-' . $GLOBALS['server']]) || empty($_COOKIE['pma_iv-' . $GLOBALS['server']])) {
return false;
}
$GLOBALS['PHP_AUTH_USER'] = $this->cookieDecrypt($_COOKIE['pmaUser-' . $GLOBALS['server']], $this->_getEncryptionSecret());
// user was never logged in since session start
if (empty($_SESSION['last_access_time'])) {
return false;
}
// User inactive too long
$last_access_time = time() - $GLOBALS['cfg']['LoginCookieValidity'];
if ($_SESSION['last_access_time'] < $last_access_time) {
PMA_Util::cacheUnset('is_create_db_priv');
PMA_Util::cacheUnset('is_reload_priv');
PMA_Util::cacheUnset('db_to_create');
PMA_Util::cacheUnset('dbs_where_create_table_allowed');
PMA_Util::cacheUnset('dbs_to_test');
$GLOBALS['no_activity'] = true;
$this->authFails();
if (!defined('TESTSUITE')) {
exit;
} else {
return false;
}
}
// check password cookie
if (empty($_COOKIE['pmaPass-' . $GLOBALS['server']])) {
return false;
}
$GLOBALS['PHP_AUTH_PW'] = $this->cookieDecrypt($_COOKIE['pmaPass-' . $GLOBALS['server']], $this->_getSessionEncryptionSecret());
if ($GLOBALS['PHP_AUTH_PW'] == "ÿ(blank)") {
$GLOBALS['PHP_AUTH_PW'] = '';
}
$GLOBALS['from_cookie'] = true;
return true;
}
/**
* Gets advanced authentication settings
*
* this function DOES NOT check authentication - it just checks/provides
* authentication credentials required to connect to the MySQL server
* usually with PMA_DBI_connect()
*
* it returns false if something is missing - which usually leads to
* auth() which displays login form
*
* it returns true if all seems ok which usually leads to auth_set_user()
*
* it directly switches to authFails() if user inactivity timout is reached
*
* @todo AllowArbitraryServer on does not imply that the user wants an
* arbitrary server, or? so we should also check if this is filled
* and not only if allowed
*
* @return boolean whether we get authentication settings or not
*/
public function authCheck()
{
// Initialization
/**
* @global $GLOBALS['pma_auth_server'] the user provided server to
* connect to
*/
$GLOBALS['pma_auth_server'] = '';
$GLOBALS['PHP_AUTH_USER'] = $GLOBALS['PHP_AUTH_PW'] = '';
$GLOBALS['from_cookie'] = false;
// BEGIN Swekey Integration
if (!Swekey_auth_check()) {
return false;
}
// END Swekey Integration
if (defined('PMA_CLEAR_COOKIES')) {
foreach ($GLOBALS['cfg']['Servers'] as $key => $val) {
$GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $key);
$GLOBALS['PMA_Config']->removeCookie('pmaServer-' . $key);
$GLOBALS['PMA_Config']->removeCookie('pmaUser-' . $key);
}
return false;
}
if (!empty($_REQUEST['old_usr'])) {
// The user wants to be logged out
// -> delete his choices that were stored in session
// according to the PHP manual we should do this before the destroy:
//$_SESSION = array();
session_destroy();
// -> delete password cookie(s)
if ($GLOBALS['cfg']['LoginCookieDeleteAll']) {
foreach ($GLOBALS['cfg']['Servers'] as $key => $val) {
$GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $key);
if (isset($_COOKIE['pmaPass-' . $key])) {
unset($_COOKIE['pmaPass-' . $key]);
}
}
} else {
$GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $GLOBALS['server']);
if (isset($_COOKIE['pmaPass-' . $GLOBALS['server']])) {
unset($_COOKIE['pmaPass-' . $GLOBALS['server']]);
}
}
}
if (!empty($_REQUEST['pma_username'])) {
// The user just logged in
$GLOBALS['PHP_AUTH_USER'] = $_REQUEST['pma_username'];
$GLOBALS['PHP_AUTH_PW'] = empty($_REQUEST['pma_password']) ? '' : $_REQUEST['pma_password'];
if ($GLOBALS['cfg']['AllowArbitraryServer'] && isset($_REQUEST['pma_servername'])) {
$GLOBALS['pma_auth_server'] = $_REQUEST['pma_servername'];
}
return true;
}
// At the end, try to set the $GLOBALS['PHP_AUTH_USER']
// and $GLOBALS['PHP_AUTH_PW'] variables from cookies
// servername
if ($GLOBALS['cfg']['AllowArbitraryServer'] && !empty($_COOKIE['pmaServer-' . $GLOBALS['server']])) {
$GLOBALS['pma_auth_server'] = $_COOKIE['pmaServer-' . $GLOBALS['server']];
}
// username
if (empty($_COOKIE['pmaUser-' . $GLOBALS['server']])) {
return false;
}
$GLOBALS['PHP_AUTH_USER'] = $this->blowfishDecrypt($_COOKIE['pmaUser-' . $GLOBALS['server']], $this->_getBlowfishSecret());
// user was never logged in since session start
if (empty($_SESSION['last_access_time'])) {
return false;
}
// User inactive too long
$last_access_time = time() - $GLOBALS['cfg']['LoginCookieValidity'];
if ($_SESSION['last_access_time'] < $last_access_time) {
PMA_Util::cacheUnset('is_create_db_priv', true);
PMA_Util::cacheUnset('is_process_priv', true);
PMA_Util::cacheUnset('is_reload_priv', true);
PMA_Util::cacheUnset('db_to_create', true);
PMA_Util::cacheUnset('dbs_where_create_table_allowed', true);
$GLOBALS['no_activity'] = true;
$this->authFails();
exit;
}
// password
if (empty($_COOKIE['pmaPass-' . $GLOBALS['server']])) {
return false;
}
$GLOBALS['PHP_AUTH_PW'] = $this->blowfishDecrypt($_COOKIE['pmaPass-' . $GLOBALS['server']], $this->_getBlowfishSecret());
if ($GLOBALS['PHP_AUTH_PW'] == "ÿ(blank)") {
$GLOBALS['PHP_AUTH_PW'] = '';
}
$GLOBALS['from_cookie'] = true;
return true;
}
