/**
* Gets advanced authentication settings
*
* @global string the username if register_globals is on
* @global string the password if register_globals is on
* @global array the array of server variables if register_globals is
* off
* @global array the array of environment variables if register_globals
* is off
* @global string the username for the ? server
* @global string the password for the ? server
* @global string the username for the WebSite Professional server
* @global string the password for the WebSite Professional server
* @global string the username of the user who logs out
*
* @return boolean whether we get authentication settings or not
*
* @access public
*/
function PMA_auth_check()
{
global $PHP_AUTH_USER, $PHP_AUTH_PW;
/* Check if we're using same sigon server */
if (isset($_SESSION['LAST_SIGNON_URL']) && $_SESSION['LAST_SIGNON_URL'] != $GLOBALS['cfg']['Server']['SignonURL']) {
return false;
}
/* Session name */
$session_name = $GLOBALS['cfg']['Server']['SignonSession'];
/* Login URL */
$signon_url = $GLOBALS['cfg']['Server']['SignonURL'];
/* Current host */
$single_signon_host = $GLOBALS['cfg']['Server']['host'];
/* Current port */
$single_signon_port = $GLOBALS['cfg']['Server']['port'];
/* No configuration updates */
$single_signon_cfgupdate = array();
/* Are we requested to do logout? */
$do_logout = !empty($_REQUEST['old_usr']);
/* Does session exist? */
if (isset($_COOKIE[$session_name])) {
/* End current session */
$old_session = session_name();
$old_id = session_id();
session_write_close();
/* Load single signon session */
session_name($session_name);
session_id($_COOKIE[$session_name]);
session_start();
/* Clear error message */
unset($_SESSION['PMA_single_signon_error_message']);
/* Grab credentials if they exist */
if (isset($_SESSION['PMA_single_signon_user'])) {
if ($do_logout) {
$PHP_AUTH_USER = '';
} else {
$PHP_AUTH_USER = $_SESSION['PMA_single_signon_user'];
}
}
if (isset($_SESSION['PMA_single_signon_password'])) {
if ($do_logout) {
$PHP_AUTH_PW = '';
} else {
$PHP_AUTH_PW = $_SESSION['PMA_single_signon_password'];
}
}
if (isset($_SESSION['PMA_single_signon_host'])) {
$single_signon_host = $_SESSION['PMA_single_signon_host'];
}
if (isset($_SESSION['PMA_single_signon_port'])) {
$single_signon_port = $_SESSION['PMA_single_signon_port'];
}
if (isset($_SESSION['PMA_single_signon_cfgupdate'])) {
$single_signon_cfgupdate = $_SESSION['PMA_single_signon_cfgupdate'];
}
/* Also get token as it is needed to access subpages */
if (isset($_SESSION['PMA_single_signon_token'])) {
/* No need to care about token on logout */
$pma_token = $_SESSION['PMA_single_signon_token'];
}
/* End single signon session */
session_write_close();
/* Restart phpMyAdmin session */
session_name($old_session);
if (!empty($old_id)) {
session_id($old_id);
}
session_start();
/* Set the single signon host */
$GLOBALS['cfg']['Server']['host'] = $single_signon_host;
/* Set the single signon port */
$GLOBALS['cfg']['Server']['port'] = $single_signon_port;
/* Configuration update */
$GLOBALS['cfg']['Server'] = array_merge($GLOBALS['cfg']['Server'], $single_signon_cfgupdate);
/* Restore our token */
if (!empty($pma_token)) {
$_SESSION[' PMA_token '] = $pma_token;
}
/**
* Clear user cache.
*/
PMA_clearUserCache();
}
// Returns whether we get authentication settings or not
if (empty($PHP_AUTH_USER)) {
unset($_SESSION['LAST_SIGNON_URL']);
return false;
} else {
$_SESSION['LAST_SIGNON_URL'] = $GLOBALS['cfg']['Server']['SignonURL'];
return true;
}
}
/**
* Set the user and password after last checkings if required
*
* @return boolean always true
*
* @access public
*/
function PMA_auth_set_user()
{
global $cfg;
// Ensures valid authentication mode, 'only_db', bookmark database and
// table names and relation table name are used
if ($cfg['Server']['user'] != $GLOBALS['PHP_AUTH_USER']) {
foreach ($cfg['Servers'] as $idx => $current) {
if ($current['host'] == $cfg['Server']['host'] && $current['port'] == $cfg['Server']['port'] && $current['socket'] == $cfg['Server']['socket'] && $current['ssl'] == $cfg['Server']['ssl'] && $current['connect_type'] == $cfg['Server']['connect_type'] && $current['user'] == $GLOBALS['PHP_AUTH_USER']) {
$GLOBALS['server'] = $idx;
$cfg['Server'] = $current;
break;
}
}
// end foreach
}
// end if
if ($GLOBALS['cfg']['AllowArbitraryServer'] && !empty($GLOBALS['pma_auth_server'])) {
/* Allow to specify 'host port' */
$parts = explode(' ', $GLOBALS['pma_auth_server']);
if (count($parts) == 2) {
$tmp_host = $parts[0];
$tmp_port = $parts[1];
} else {
$tmp_host = $GLOBALS['pma_auth_server'];
$tmp_port = '';
}
if ($cfg['Server']['host'] != $GLOBALS['pma_auth_server']) {
$cfg['Server']['host'] = $tmp_host;
if (!empty($tmp_port)) {
$cfg['Server']['port'] = $tmp_port;
}
}
unset($tmp_host, $tmp_port, $parts);
}
$cfg['Server']['user'] = $GLOBALS['PHP_AUTH_USER'];
$cfg['Server']['password'] = $GLOBALS['PHP_AUTH_PW'];
// Avoid showing the password in phpinfo()'s output
unset($GLOBALS['PHP_AUTH_PW']);
unset($_SERVER['PHP_AUTH_PW']);
$_SESSION['last_access_time'] = time();
// Name and password cookies need to be refreshed each time
// Duration = one month for username
$GLOBALS['PMA_Config']->setCookie('pmaUser-' . $GLOBALS['server'], PMA_blowfish_encrypt($cfg['Server']['user'], PMA_get_blowfish_secret()));
// Duration = as configured
$GLOBALS['PMA_Config']->setCookie('pmaPass-' . $GLOBALS['server'], PMA_blowfish_encrypt(!empty($cfg['Server']['password']) ? $cfg['Server']['password'] : "******", PMA_get_blowfish_secret()), null, $GLOBALS['cfg']['LoginCookieStore']);
// Set server cookies if required (once per session) and, in this case, force
// reload to ensure the client accepts cookies
if (!$GLOBALS['from_cookie']) {
if ($GLOBALS['cfg']['AllowArbitraryServer']) {
if (!empty($GLOBALS['pma_auth_server'])) {
// Duration = one month for servername
$GLOBALS['PMA_Config']->setCookie('pmaServer-' . $GLOBALS['server'], $cfg['Server']['host']);
} else {
// Delete servername cookie
$GLOBALS['PMA_Config']->removeCookie('pmaServer-' . $GLOBALS['server']);
}
}
// URL where to go:
$redirect_url = $cfg['PmaAbsoluteUri'] . 'index.php';
// any parameters to pass?
$url_params = array();
if (strlen($GLOBALS['db'])) {
$url_params['db'] = $GLOBALS['db'];
}
if (strlen($GLOBALS['table'])) {
$url_params['table'] = $GLOBALS['table'];
}
// any target to pass?
if (!empty($GLOBALS['target']) && $GLOBALS['target'] != 'index.php') {
$url_params['target'] = $GLOBALS['target'];
}
/**
* whether we come from a fresh cookie login
*/
define('PMA_COMING_FROM_COOKIE_LOGIN', true);
/**
* Clear user cache.
*/
PMA_clearUserCache();
PMA_sendHeaderLocation($redirect_url . PMA_generate_common_url($url_params, '&'));
exit;
}
// end if
return true;
}
/**
* Test clearing user cache
*/
public function testClearUserCache()
{
$GLOBALS['server'] = 'server';
PMA_cacheSet('is_superuser', 'yes', true);
$this->assertEquals('yes', $_SESSION['cache']['server_server']['is_superuser']);
PMA_clearUserCache();
$this->assertArrayNotHasKey('is_superuser', $_SESSION['cache']['server_server']);
}
