function PMA_DBI_connect($user, $password, $is_controluser = FALSE)
{
global $cfg, $php_errormsg;
$server_port = empty($cfg['Server']['port']) ? '' : ':' . $cfg['Server']['port'];
if (strtolower($cfg['Server']['connect_type']) == 'tcp') {
$cfg['Server']['socket'] = '';
}
$server_socket = empty($cfg['Server']['socket']) ? '' : ':' . $cfg['Server']['socket'];
if (PMA_PHP_INT_VERSION >= 40300 && PMA_MYSQL_CLIENT_API >= 32349) {
$client_flags = $cfg['Server']['compress'] && defined('MYSQL_CLIENT_COMPRESS') ? MYSQL_CLIENT_COMPRESS : 0;
// always use CLIENT_LOCAL_FILES as defined in mysql_com.h
// for the case where the client library was not compiled
// with --enable-local-infile
$client_flags |= 128;
}
$link = PMA_DBI_real_connect($cfg['Server']['host'] . $server_port . $server_socket, $user, $password, empty($client_flags) ? NULL : $client_flags);
// Retry with empty password if we're allowed to
if (empty($link) && $cfg['Server']['nopassword'] && !$is_controluser) {
$link = PMA_DBI_real_connect($cfg['Server']['host'] . $server_port . $server_socket, $user, '', empty($client_flags) ? NULL : $client_flags);
}
if (empty($link)) {
PMA_auth_fails();
}
// end if
PMA_DBI_postConnect($link, $is_controluser);
return $link;
}
function PMA_DBI_connect($user, $password)
{
global $cfg, $php_errormsg;
$server_port = empty($cfg['Server']['port']) ? '' : ':' . $cfg['Server']['port'];
if (strtolower($cfg['Server']['connect_type']) == 'tcp') {
$cfg['Server']['socket'] = '';
}
$server_socket = empty($cfg['Server']['socket']) ? '' : ':' . $cfg['Server']['socket'];
if (PMA_PHP_INT_VERSION >= 40300 && PMA_MYSQL_CLIENT_API >= 32349) {
$client_flags = $cfg['Server']['compress'] && defined('MYSQL_CLIENT_COMPRESS') ? MYSQL_CLIENT_COMPRESS : 0;
// always use CLIENT_LOCAL_FILES as defined in mysql_com.h
// for the case where the client library was not compiled
// with --enable-local-infile
$client_flags |= 128;
}
if (empty($client_flags)) {
$connect_func = 'mysql_' . ($cfg['PersistentConnections'] ? 'p' : '') . 'connect';
$link = @$connect_func($cfg['Server']['host'] . $server_port . $server_socket, $user, $password);
} else {
if ($cfg['PersistentConnections']) {
$link = @mysql_pconnect($cfg['Server']['host'] . $server_port . $server_socket, $user, $password, $client_flags);
} else {
$link = @mysql_connect($cfg['Server']['host'] . $server_port . $server_socket, $user, $password, FALSE, $client_flags);
}
}
if (empty($link)) {
PMA_auth_fails();
}
// end if
PMA_DBI_postConnect($link);
return $link;
}
/**
* connects to the database server
*
* @uses $GLOBALS['cfg']['Server']
* @uses PMA_auth_fails()
* @uses PMA_DBI_postConnect()
* @uses MYSQLI_CLIENT_COMPRESS
* @uses MYSQLI_OPT_LOCAL_INFILE
* @uses strtolower()
* @uses mysqli_init()
* @uses mysqli_options()
* @uses mysqli_real_connect()
* @uses defined()
* @param string $user mysql user name
* @param string $password mysql user password
* @param boolean $is_controluser
* @return mixed false on error or a mysqli object on success
*/
function PMA_DBI_connect($user, $password, $is_controluser = false)
{
$server_port = empty($GLOBALS['cfg']['Server']['port']) ? false : (int) $GLOBALS['cfg']['Server']['port'];
if (strtolower($GLOBALS['cfg']['Server']['connect_type']) == 'tcp') {
$GLOBALS['cfg']['Server']['socket'] = '';
}
// NULL enables connection to the default socket
$server_socket = empty($GLOBALS['cfg']['Server']['socket']) ? null : $GLOBALS['cfg']['Server']['socket'];
$link = mysqli_init();
mysqli_options($link, MYSQLI_OPT_LOCAL_INFILE, true);
$client_flags = 0;
/* Optionally compress connection */
if ($GLOBALS['cfg']['Server']['compress'] && defined('MYSQLI_CLIENT_COMPRESS')) {
$client_flags |= MYSQLI_CLIENT_COMPRESS;
}
/* Optionally enable SSL */
if ($GLOBALS['cfg']['Server']['ssl'] && defined('MYSQLI_CLIENT_SSL')) {
$client_flags |= MYSQLI_CLIENT_SSL;
}
$return_value = mysqli_real_connect($link, $GLOBALS['cfg']['Server']['host'], $user, $password, false, $server_port, $server_socket, $client_flags);
// Retry with empty password if we're allowed to
if ($return_value == false && isset($cfg['Server']['nopassword']) && $cfg['Server']['nopassword'] && !$is_controluser) {
$return_value = mysqli_real_connect($link, $GLOBALS['cfg']['Server']['host'], $user, '', false, $server_port, $server_socket, $client_flags);
}
if ($return_value == false) {
if ($is_controluser) {
trigger_error($GLOBALS['strControluserFailed'], E_USER_WARNING);
return false;
}
PMA_auth_fails();
}
// end if
PMA_DBI_postConnect($link, $is_controluser);
return $link;
}
function PMA_DBI_connect($user, $password, $is_controluser = FALSE)
{
global $cfg, $php_errormsg;
$server_port = empty($cfg['Server']['port']) ? FALSE : (int) $cfg['Server']['port'];
if (strtolower($cfg['Server']['connect_type']) == 'tcp') {
$cfg['Server']['socket'] = '';
}
// NULL enables connection to the default socket
$server_socket = empty($cfg['Server']['socket']) ? null : $cfg['Server']['socket'];
$link = mysqli_init();
mysqli_options($link, MYSQLI_OPT_LOCAL_INFILE, TRUE);
$client_flags = $cfg['Server']['compress'] && defined('MYSQLI_CLIENT_COMPRESS') ? MYSQLI_CLIENT_COMPRESS : 0;
$return_value = @mysqli_real_connect($link, $cfg['Server']['host'], $user, $password, FALSE, $server_port, $server_socket, $client_flags);
if ($return_value == FALSE) {
PMA_auth_fails();
}
// end if
PMA_DBI_postConnect($link, $is_controluser);
return $link;
}
function PMA_DBI_connect($user, $password, $is_controluser = false)
{
global $cfg, $php_errormsg;
$server_port = empty($cfg['Server']['port']) ? '' : ':' . $cfg['Server']['port'];
if (strtolower($cfg['Server']['connect_type']) == 'tcp') {
$cfg['Server']['socket'] = '';
}
$server_socket = empty($cfg['Server']['socket']) ? '' : ':' . $cfg['Server']['socket'];
$client_flags = 0;
// always use CLIENT_LOCAL_FILES as defined in mysql_com.h
// for the case where the client library was not compiled
// with --enable-local-infile
$client_flags |= 128;
/* Optionally compress connection */
if (defined('MYSQL_CLIENT_COMPRESS') && $cfg['Server']['compress']) {
$client_flags |= MYSQL_CLIENT_COMPRESS;
}
/* Optionally enable SSL */
if (defined('MYSQL_CLIENT_SSL') && $cfg['Server']['ssl']) {
$client_flags |= MYSQL_CLIENT_SSL;
}
$link = PMA_DBI_real_connect($cfg['Server']['host'] . $server_port . $server_socket, $user, $password, empty($client_flags) ? NULL : $client_flags);
// Retry with empty password if we're allowed to
if (empty($link) && $cfg['Server']['nopassword'] && !$is_controluser) {
$link = PMA_DBI_real_connect($cfg['Server']['host'] . $server_port . $server_socket, $user, '', empty($client_flags) ? NULL : $client_flags);
}
if (empty($link)) {
if ($is_controluser) {
trigger_error($GLOBALS['strControluserFailed'], E_USER_WARNING);
return false;
}
PMA_log_user($user, 'mysql-denied');
PMA_auth_fails();
}
// end if
PMA_DBI_postConnect($link, $is_controluser);
return $link;
}
/**
* @param string $user mysql user name
* @param string $password mysql user password
* @param boolean $is_controluser
* @param array $server host/port/socket/persistant
* @param boolean $auxiliary_connection (when true, don't go back to login if connection fails)
* @return mixed false on error or a mysqli object on success
*/
function PMA_DBI_connect($user, $password, $is_controluser = false, $server = null, $auxiliary_connection = false)
{
global $cfg, $php_errormsg;
if ($server) {
$server_port = empty($server['port']) ? '' : ':' . (int) $server['port'];
$server_socket = empty($server['socket']) ? '' : ':' . $server['socket'];
$server_persistant = empty($server['persistant']) ? false : true;
} else {
$server_port = empty($cfg['Server']['port']) ? '' : ':' . (int) $cfg['Server']['port'];
$server_socket = empty($cfg['Server']['socket']) ? '' : ':' . $cfg['Server']['socket'];
}
if (strtolower($cfg['Server']['connect_type']) == 'tcp') {
$cfg['Server']['socket'] = '';
}
$client_flags = 0;
// always use CLIENT_LOCAL_FILES as defined in mysql_com.h
// for the case where the client library was not compiled
// with --enable-local-infile
$client_flags |= 128;
/* Optionally compress connection */
if (defined('MYSQL_CLIENT_COMPRESS') && $cfg['Server']['compress']) {
$client_flags |= MYSQL_CLIENT_COMPRESS;
}
/* Optionally enable SSL */
if (defined('MYSQL_CLIENT_SSL') && $cfg['Server']['ssl']) {
$client_flags |= MYSQL_CLIENT_SSL;
}
if (!$server) {
$link = PMA_DBI_real_connect($cfg['Server']['host'] . $server_port . $server_socket, $user, $password, empty($client_flags) ? NULL : $client_flags);
// Retry with empty password if we're allowed to
if (empty($link) && $cfg['Server']['nopassword'] && !$is_controluser) {
$link = PMA_DBI_real_connect($cfg['Server']['host'] . $server_port . $server_socket, $user, '', empty($client_flags) ? NULL : $client_flags);
}
} else {
if (!isset($server['host'])) {
$link = PMA_DBI_real_connect($server_socket, $user, $password, NULL, $server_persistant);
} else {
$link = PMA_DBI_real_connect($server['host'] . $server_port . $server_socket, $user, $password, NULL, $server_persistant);
}
}
if (empty($link)) {
if ($is_controluser) {
trigger_error($GLOBALS['strControluserFailed'], E_USER_WARNING);
return false;
}
// we could be calling PMA_DBI_connect() to connect to another
// server, for example in the Synchronize feature, so do not
// go back to main login if it fails
if (!$auxiliary_connection) {
PMA_log_user($user, 'mysql-denied');
PMA_auth_fails();
} else {
return false;
}
}
// end if
if (!$server) {
PMA_DBI_postConnect($link, $is_controluser);
}
return $link;
}
}
}
}
// end if... else if... else if
// Ejects the user if banished
if ($allowDeny_forbidden) {
PMA_auth_fails();
}
unset($allowDeny_forbidden);
//Clean up after you!
}
// end if
// is root allowed?
if (!$cfg['Server']['AllowRoot'] && $cfg['Server']['user'] == 'root') {
$allowDeny_forbidden = TRUE;
PMA_auth_fails();
unset($allowDeny_forbidden);
//Clean up after you!
}
// The user can work with only some databases
if (isset($cfg['Server']['only_db']) && $cfg['Server']['only_db'] != '') {
if (is_array($cfg['Server']['only_db'])) {
$dblist = $cfg['Server']['only_db'];
} else {
$dblist[] = $cfg['Server']['only_db'];
}
}
// end if
$bkp_track_err = @ini_set('track_errors', 1);
// Try to connect MySQL with the control user profile (will be used to
// get the privileges list for the current user but the true user link
/**
* Gets advanced authentication settings
*
* this function DOES NOT check authentication - it just checks/provides
* authentication credentials required to connect to the MySQL server
* usually with PMA_DBI_connect()
*
* it returns false if something is missing - which usually leads to
* PMA_auth() which displays login form
*
* it returns true if all seems ok which usually leads to PMA_auth_set_user()
*
* it directly switches to PMA_auth_fails() if user inactivity timout is reached
*
* @todo AllowArbitraryServer on does not imply that the user wants an
* arbitrary server, or? so we should also check if this is filled and
* not only if allowed
*
* @return boolean whether we get authentication settings or not
*
* @access public
*/
function PMA_auth_check()
{
// Initialization
/**
* @global $GLOBALS['pma_auth_server'] the user provided server to connect to
*/
$GLOBALS['pma_auth_server'] = '';
$GLOBALS['PHP_AUTH_USER'] = $GLOBALS['PHP_AUTH_PW'] = '';
$GLOBALS['from_cookie'] = false;
// BEGIN Swekey Integration
if (!Swekey_auth_check()) {
return false;
}
// END Swekey Integration
if (defined('PMA_CLEAR_COOKIES')) {
foreach ($GLOBALS['cfg']['Servers'] as $key => $val) {
$GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $key);
$GLOBALS['PMA_Config']->removeCookie('pmaServer-' . $key);
$GLOBALS['PMA_Config']->removeCookie('pmaUser-' . $key);
}
return false;
}
if (!empty($_REQUEST['old_usr'])) {
// The user wants to be logged out
// -> delete his choices that were stored in session
// according to the PHP manual we should do this before the destroy:
//$_SESSION = array();
// but we still need some parts of the session information
// in libraries/header_meta_style.inc.php
session_destroy();
// -> delete password cookie(s)
if ($GLOBALS['cfg']['LoginCookieDeleteAll']) {
foreach ($GLOBALS['cfg']['Servers'] as $key => $val) {
$GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $key);
if (isset($_COOKIE['pmaPass-' . $key])) {
unset($_COOKIE['pmaPass-' . $key]);
}
}
} else {
$GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $GLOBALS['server']);
if (isset($_COOKIE['pmaPass-' . $GLOBALS['server']])) {
unset($_COOKIE['pmaPass-' . $GLOBALS['server']]);
}
}
}
if (!empty($_REQUEST['pma_username'])) {
// The user just logged in
$GLOBALS['PHP_AUTH_USER'] = $_REQUEST['pma_username'];
$GLOBALS['PHP_AUTH_PW'] = empty($_REQUEST['pma_password']) ? '' : $_REQUEST['pma_password'];
if ($GLOBALS['cfg']['AllowArbitraryServer'] && isset($_REQUEST['pma_servername'])) {
$GLOBALS['pma_auth_server'] = $_REQUEST['pma_servername'];
}
return true;
}
// At the end, try to set the $GLOBALS['PHP_AUTH_USER']
// and $GLOBALS['PHP_AUTH_PW'] variables from cookies
// servername
if ($GLOBALS['cfg']['AllowArbitraryServer'] && !empty($_COOKIE['pmaServer-' . $GLOBALS['server']])) {
$GLOBALS['pma_auth_server'] = $_COOKIE['pmaServer-' . $GLOBALS['server']];
}
// username
if (empty($_COOKIE['pmaUser-' . $GLOBALS['server']])) {
return false;
}
$GLOBALS['PHP_AUTH_USER'] = PMA_blowfish_decrypt($_COOKIE['pmaUser-' . $GLOBALS['server']], PMA_get_blowfish_secret());
// user was never logged in since session start
if (empty($_SESSION['last_access_time'])) {
return false;
}
// User inactive too long
if ($_SESSION['last_access_time'] < time() - $GLOBALS['cfg']['LoginCookieValidity']) {
PMA_cacheUnset('is_create_db_priv', true);
PMA_cacheUnset('is_process_priv', true);
PMA_cacheUnset('is_reload_priv', true);
PMA_cacheUnset('db_to_create', true);
PMA_cacheUnset('dbs_where_create_table_allowed', true);
$GLOBALS['no_activity'] = true;
PMA_auth_fails();
exit;
}
// password
if (empty($_COOKIE['pmaPass-' . $GLOBALS['server']])) {
return false;
}
$GLOBALS['PHP_AUTH_PW'] = PMA_blowfish_decrypt($_COOKIE['pmaPass-' . $GLOBALS['server']], PMA_get_blowfish_secret());
if ($GLOBALS['PHP_AUTH_PW'] == "ÿ(blank)") {
$GLOBALS['PHP_AUTH_PW'] = '';
}
$GLOBALS['from_cookie'] = true;
return true;
}
/**
* connects to the database server
*
* @param string $user mysql user name
* @param string $password mysql user password
* @param bool $is_controluser
* @param array $server host/port/socket
* @param bool $auxiliary_connection (when true, don't go back to login if connection fails)
* @return mixed false on error or a mysqli object on success
*/
function PMA_DBI_connect($user, $password, $is_controluser = false, $server = null, $auxiliary_connection = false)
{
global $cfg;
if ($server) {
$server_port = empty($server['port']) ? false : (int) $server['port'];
$server_socket = empty($server['socket']) ? '' : $server['socket'];
$server['host'] = empty($server['host']) ? 'localhost' : $server['host'];
} else {
$server_port = empty($cfg['Server']['port']) ? false : (int) $cfg['Server']['port'];
$server_socket = empty($cfg['Server']['socket']) ? null : $cfg['Server']['socket'];
}
// NULL enables connection to the default socket
$link = mysqli_init();
mysqli_options($link, MYSQLI_OPT_LOCAL_INFILE, true);
$client_flags = 0;
/* Optionally compress connection */
if ($cfg['Server']['compress'] && defined('MYSQLI_CLIENT_COMPRESS')) {
$client_flags |= MYSQLI_CLIENT_COMPRESS;
}
/* Optionally enable SSL */
if ($cfg['Server']['ssl'] && defined('MYSQLI_CLIENT_SSL')) {
$client_flags |= MYSQLI_CLIENT_SSL;
}
if (!$server) {
$return_value = @PMA_DBI_real_connect($link, $cfg['Server']['host'], $user, $password, false, $server_port, $server_socket, $client_flags);
// Retry with empty password if we're allowed to
if ($return_value == false && isset($cfg['Server']['nopassword']) && $cfg['Server']['nopassword'] && !$is_controluser) {
$return_value = @PMA_DBI_real_connect($link, $cfg['Server']['host'], $user, '', false, $server_port, $server_socket, $client_flags);
}
} else {
$return_value = @PMA_DBI_real_connect($link, $server['host'], $user, $password, false, $server_port, $server_socket);
}
if ($return_value == false) {
if ($is_controluser) {
trigger_error(__('Connection for controluser as defined in your configuration failed.'), E_USER_WARNING);
return false;
}
// we could be calling PMA_DBI_connect() to connect to another
// server, for example in the Synchronize feature, so do not
// go back to main login if it fails
if (!$auxiliary_connection) {
PMA_log_user($user, 'mysql-denied');
PMA_auth_fails();
} else {
return false;
}
} else {
PMA_DBI_postConnect($link, $is_controluser);
}
return $link;
}
/**
* connects to the database server
*
* @param string $user drizzle user name
* @param string $password drizzle user password
* @param bool $is_controluser
* @param array $server host/port/socket
* @param bool $auxiliary_connection (when true, don't go back to login if connection fails)
* @return mixed false on error or a mysqli object on success
*/
function PMA_DBI_connect($user, $password, $is_controluser = false, $server = null, $auxiliary_connection = false)
{
global $cfg;
if ($server) {
$server_port = empty($server['port']) ? false : (int) $server['port'];
$server_socket = empty($server['socket']) ? '' : $server['socket'];
$server['host'] = empty($server['host']) ? 'localhost' : $server['host'];
} else {
$server_port = empty($cfg['Server']['port']) ? false : (int) $cfg['Server']['port'];
$server_socket = empty($cfg['Server']['socket']) ? null : $cfg['Server']['socket'];
}
if (strtolower($GLOBALS['cfg']['Server']['connect_type']) == 'tcp') {
$GLOBALS['cfg']['Server']['socket'] = '';
}
$drizzle = new PMA_Drizzle();
$client_flags = 0;
/* Optionally compress connection */
if ($GLOBALS['cfg']['Server']['compress']) {
$client_flags |= DRIZZLE_CAPABILITIES_COMPRESS;
}
/* Optionally enable SSL */
if ($GLOBALS['cfg']['Server']['ssl']) {
$client_flags |= DRIZZLE_CAPABILITIES_SSL;
}
if (!$server) {
$link = @PMA_DBI_real_connect($drizzle, $cfg['Server']['host'], $server_port, $server_socket, $user, $password, false, $client_flags);
// Retry with empty password if we're allowed to
if ($link == false && isset($cfg['Server']['nopassword']) && $cfg['Server']['nopassword'] && !$is_controluser) {
$link = @PMA_DBI_real_connect($drizzle, $cfg['Server']['host'], $server_port, $server_socket, $user, null, false, $client_flags);
}
} else {
$link = @PMA_DBI_real_connect($drizzle, $server['host'], $server_port, $server_socket, $user, $password);
}
if ($link == false) {
if ($is_controluser) {
trigger_error(__('Connection for controluser as defined in your configuration failed.'), E_USER_WARNING);
return false;
}
// we could be calling PMA_DBI_connect() to connect to another
// server, for example in the Synchronize feature, so do not
// go back to main login if it fails
if (!$auxiliary_connection) {
PMA_log_user($user, 'drizzle-denied');
PMA_auth_fails();
} else {
return false;
}
} else {
PMA_DBI_postConnect($link, $is_controluser);
}
return $link;
}
/**
* Gets advanced authentication settings
*
* @global string the username if register_globals is on
* @global string the password if register_globals is on
* @global array the array of cookie variables if register_globals is
* off
* @global string the servername sent by the login form
* @global string the username sent by the login form
* @global string the password sent by the login form
* @global string the username of the user who logs out
* @global boolean whether the login/password pair is grabbed from a
* cookie or not
*
* @return boolean whether we get authentication settings or not
*
* @access public
*/
function PMA_auth_check()
{
global $PHP_AUTH_USER, $PHP_AUTH_PW, $pma_auth_server;
global $pma_servername, $pma_username, $pma_password, $old_usr, $server;
global $from_cookie;
// avoid an error in mcrypt
if (empty($GLOBALS['cfg']['blowfish_secret'])) {
return false;
}
// Initialization
$PHP_AUTH_USER = $PHP_AUTH_PW = '';
$from_cookie = false;
$from_form = false;
// The user wants to be logged out -> delete password cookie(s)
if (!empty($old_usr)) {
if ($GLOBALS['cfg']['LoginCookieDeleteAll']) {
foreach ($GLOBALS['cfg']['Servers'] as $key => $val) {
PMA_removeCookie('pma_cookie_password-' . $key);
}
} else {
PMA_removeCookie('pma_cookie_password-' . $server);
}
} elseif (!empty($pma_username)) {
$PHP_AUTH_USER = $pma_username;
$PHP_AUTH_PW = empty($pma_password) ? '' : $pma_password;
if ($GLOBALS['cfg']['AllowArbitraryServer']) {
$pma_auth_server = $pma_servername;
}
$from_form = true;
} else {
if ($GLOBALS['cfg']['AllowArbitraryServer']) {
// servername
if (!empty($pma_cookie_servername)) {
$pma_auth_server = $pma_cookie_servername;
$from_cookie = true;
} elseif (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_servername-' . $server])) {
$pma_auth_server = $_COOKIE['pma_cookie_servername-' . $server];
$from_cookie = true;
}
}
// username
if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_username-' . $server])) {
$PHP_AUTH_USER = $_COOKIE['pma_cookie_username-' . $server];
$from_cookie = true;
}
$decrypted_user = PMA_blowfish_decrypt($PHP_AUTH_USER, $GLOBALS['cfg']['blowfish_secret']);
if (!empty($decrypted_user)) {
$pos = strrpos($decrypted_user, ':');
$PHP_AUTH_USER = substr($decrypted_user, 0, $pos);
$decrypted_time = (int) substr($decrypted_user, $pos + 1);
} else {
$decrypted_time = 0;
}
// User inactive too long
if ($decrypted_time > 0 && $decrypted_time < $GLOBALS['current_time'] - $GLOBALS['cfg']['LoginCookieValidity']) {
// Display an error message only if the inactivity has lasted
// less than 4 times the timeout value. This is to avoid
// alerting users with a error after "much" time has passed,
// for example next morning.
if ($decrypted_time > $GLOBALS['current_time'] - $GLOBALS['cfg']['LoginCookieValidity'] * 4) {
$GLOBALS['no_activity'] = true;
PMA_auth_fails();
}
return false;
}
// password
if (!empty($pma_cookie_password)) {
$PHP_AUTH_PW = $pma_cookie_password;
} elseif (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_password-' . $server])) {
$PHP_AUTH_PW = $_COOKIE['pma_cookie_password-' . $server];
} else {
$from_cookie = false;
}
$PHP_AUTH_PW = PMA_blowfish_decrypt($PHP_AUTH_PW, $GLOBALS['cfg']['blowfish_secret'] . $decrypted_time);
if ($PHP_AUTH_PW == "ÿ(blank)") {
$PHP_AUTH_PW = '';
}
}
// Returns whether we get authentication settings or not
if (!$from_cookie && !$from_form) {
return false;
} elseif ($from_cookie) {
return true;
} else {
// we don't need to strip here, it is done in grab_globals
return true;
}
}
/**
* Gets advanced authentication settings
*
* this function DOES NOT check authentication - it just checks/provides
* authentication credentials required to connect to the MySQL server
* usally with PMA_DBI_connect()
*
* it returns false if there is missing something - which usally leads to
* PMA_auth() which displays login form
*
* it returns true if all seems ok which usally leads to PMA_auth_set_user()
*
* it directly switches to PMA_auth_fails() if user inactivity timout is reached
*
* @todo AllowArbitraryServer on does not imply that the user wnats an
* arbitrary server, or? so we should also check if this is filled and
* not only if allowed
* @uses $GLOBALS['PHP_AUTH_USER']
* @uses $GLOBALS['PHP_AUTH_PW']
* @uses $GLOBALS['no_activity']
* @uses $GLOBALS['server']
* @uses $GLOBALS['from_cookie']
* @uses $GLOBALS['pma_auth_server']
* @uses $cfg['blowfish_secret']
* @uses $cfg['AllowArbitraryServer']
* @uses $cfg['LoginCookieValidity']
* @uses $cfg['Servers']
* @uses $_REQUEST['old_usr'] from logout link
* @uses $_REQUEST['pma_username'] from login form
* @uses $_REQUEST['pma_password'] from login form
* @uses $_REQUEST['pma_servername'] from login form
* @uses $_COOKIE
* @uses $_SESSION['last_access_time']
* @uses PMA_removeCookie()
* @uses PMA_blowfish_decrypt()
* @uses PMA_auth_fails()
* @uses time()
*
* @return boolean whether we get authentication settings or not
*
* @access public
*/
function PMA_auth_check()
{
// Initialization
/**
* @global $GLOBALS['pma_auth_server'] the user provided server to connect to
*/
$GLOBALS['pma_auth_server'] = '';
$GLOBALS['PHP_AUTH_USER'] = $GLOBALS['PHP_AUTH_PW'] = '';
$GLOBALS['from_cookie'] = false;
// avoid an error in mcrypt
if (empty($GLOBALS['cfg']['blowfish_secret'])) {
return false;
}
if (defined('PMA_CLEAR_COOKIES')) {
foreach ($GLOBALS['cfg']['Servers'] as $key => $val) {
PMA_removeCookie('pmaPass-' . $key);
PMA_removeCookie('pmaServer-' . $key);
PMA_removeCookie('pmaUser-' . $key);
}
return false;
}
if (!empty($_REQUEST['old_usr'])) {
// The user wants to be logged out
// -> delete his choices that were stored in session
session_destroy();
// -> delete password cookie(s)
if ($GLOBALS['cfg']['LoginCookieDeleteAll']) {
foreach ($GLOBALS['cfg']['Servers'] as $key => $val) {
PMA_removeCookie('pmaPass-' . $key);
if (isset($_COOKIE['pmaPass-' . $key])) {
unset($_COOKIE['pmaPass-' . $key]);
}
}
} else {
PMA_removeCookie('pmaPass-' . $GLOBALS['server']);
if (isset($_COOKIE['pmaPass-' . $GLOBALS['server']])) {
unset($_COOKIE['pmaPass-' . $GLOBALS['server']]);
}
}
}
if (!empty($_REQUEST['pma_username'])) {
// The user just logged in
$GLOBALS['PHP_AUTH_USER'] = $_REQUEST['pma_username'];
$GLOBALS['PHP_AUTH_PW'] = empty($_REQUEST['pma_password']) ? '' : $_REQUEST['pma_password'];
if ($GLOBALS['cfg']['AllowArbitraryServer'] && isset($_REQUEST['pma_servername'])) {
$GLOBALS['pma_auth_server'] = $_REQUEST['pma_servername'];
}
return true;
}
// At the end, try to set the $GLOBALS['PHP_AUTH_USER']
// and $GLOBALS['PHP_AUTH_PW'] variables from cookies
// servername
if ($GLOBALS['cfg']['AllowArbitraryServer'] && !empty($_COOKIE['pmaServer-' . $GLOBALS['server']])) {
$GLOBALS['pma_auth_server'] = $_COOKIE['pmaServer-' . $GLOBALS['server']];
}
// username
if (empty($_COOKIE['pmaUser-' . $GLOBALS['server']])) {
return false;
}
$GLOBALS['PHP_AUTH_USER'] = PMA_blowfish_decrypt($_COOKIE['pmaUser-' . $GLOBALS['server']], $GLOBALS['cfg']['blowfish_secret']);
// user was never logged in since session start
if (empty($_SESSION['last_access_time'])) {
return false;
}
// User inactive too long
if ($_SESSION['last_access_time'] < time() - $GLOBALS['cfg']['LoginCookieValidity']) {
$GLOBALS['no_activity'] = true;
PMA_auth_fails();
exit;
}
// password
if (empty($_COOKIE['pmaPass-' . $GLOBALS['server']])) {
return false;
}
$GLOBALS['PHP_AUTH_PW'] = PMA_blowfish_decrypt($_COOKIE['pmaPass-' . $GLOBALS['server']], $GLOBALS['cfg']['blowfish_secret']);
if ($GLOBALS['PHP_AUTH_PW'] == "ÿ(blank)") {
$GLOBALS['PHP_AUTH_PW'] = '';
}
$GLOBALS['from_cookie'] = true;
return true;
}
