/** * Gets advanced authentication settings * * @global string the username if register_globals is on * @global string the password if register_globals is on * @global array the array of server variables if register_globals is * off * @global array the array of environment variables if register_globals * is off * @global string the username for the ? server * @global string the password for the ? server * @global string the username for the WebSite Professional server * @global string the password for the WebSite Professional server * @global string the username of the user who logs out * * @return boolean whether we get authentication settings or not * * @access public */ function PMA_auth_check() { global $PHP_AUTH_USER, $PHP_AUTH_PW; /* Check if we're using same sigon server */ if (isset($_SESSION['LAST_SIGNON_URL']) && $_SESSION['LAST_SIGNON_URL'] != $GLOBALS['cfg']['Server']['SignonURL']) { return false; } /* Session name */ $session_name = $GLOBALS['cfg']['Server']['SignonSession']; /* Login URL */ $signon_url = $GLOBALS['cfg']['Server']['SignonURL']; /* Current host */ $single_signon_host = $GLOBALS['cfg']['Server']['host']; /* Current port */ $single_signon_port = $GLOBALS['cfg']['Server']['port']; /* No configuration updates */ $single_signon_cfgupdate = array(); /* Are we requested to do logout? */ $do_logout = !empty($_REQUEST['old_usr']); /* Does session exist? */ if (isset($_COOKIE[$session_name])) { /* End current session */ $old_session = session_name(); $old_id = session_id(); session_write_close(); /* Load single signon session */ session_name($session_name); session_id($_COOKIE[$session_name]); session_start(); /* Clear error message */ unset($_SESSION['PMA_single_signon_error_message']); /* Grab credentials if they exist */ if (isset($_SESSION['PMA_single_signon_user'])) { if ($do_logout) { $PHP_AUTH_USER = ''; } else { $PHP_AUTH_USER = $_SESSION['PMA_single_signon_user']; } } if (isset($_SESSION['PMA_single_signon_password'])) { if ($do_logout) { $PHP_AUTH_PW = ''; } else { $PHP_AUTH_PW = $_SESSION['PMA_single_signon_password']; } } if (isset($_SESSION['PMA_single_signon_host'])) { $single_signon_host = $_SESSION['PMA_single_signon_host']; } if (isset($_SESSION['PMA_single_signon_port'])) { $single_signon_port = $_SESSION['PMA_single_signon_port']; } if (isset($_SESSION['PMA_single_signon_cfgupdate'])) { $single_signon_cfgupdate = $_SESSION['PMA_single_signon_cfgupdate']; } /* Also get token as it is needed to access subpages */ if (isset($_SESSION['PMA_single_signon_token'])) { /* No need to care about token on logout */ $pma_token = $_SESSION['PMA_single_signon_token']; } /* End single signon session */ session_write_close(); /* Restart phpMyAdmin session */ session_name($old_session); if (!empty($old_id)) { session_id($old_id); } session_start(); /* Set the single signon host */ $GLOBALS['cfg']['Server']['host'] = $single_signon_host; /* Set the single signon port */ $GLOBALS['cfg']['Server']['port'] = $single_signon_port; /* Configuration update */ $GLOBALS['cfg']['Server'] = array_merge($GLOBALS['cfg']['Server'], $single_signon_cfgupdate); /* Restore our token */ if (!empty($pma_token)) { $_SESSION[' PMA_token '] = $pma_token; } /** * Clear user cache. */ PMA_clearUserCache(); } // Returns whether we get authentication settings or not if (empty($PHP_AUTH_USER)) { unset($_SESSION['LAST_SIGNON_URL']); return false; } else { $_SESSION['LAST_SIGNON_URL'] = $GLOBALS['cfg']['Server']['SignonURL']; return true; } }
/** * Set the user and password after last checkings if required * * @return boolean always true * * @access public */ function PMA_auth_set_user() { global $cfg; // Ensures valid authentication mode, 'only_db', bookmark database and // table names and relation table name are used if ($cfg['Server']['user'] != $GLOBALS['PHP_AUTH_USER']) { foreach ($cfg['Servers'] as $idx => $current) { if ($current['host'] == $cfg['Server']['host'] && $current['port'] == $cfg['Server']['port'] && $current['socket'] == $cfg['Server']['socket'] && $current['ssl'] == $cfg['Server']['ssl'] && $current['connect_type'] == $cfg['Server']['connect_type'] && $current['user'] == $GLOBALS['PHP_AUTH_USER']) { $GLOBALS['server'] = $idx; $cfg['Server'] = $current; break; } } // end foreach } // end if if ($GLOBALS['cfg']['AllowArbitraryServer'] && !empty($GLOBALS['pma_auth_server'])) { /* Allow to specify 'host port' */ $parts = explode(' ', $GLOBALS['pma_auth_server']); if (count($parts) == 2) { $tmp_host = $parts[0]; $tmp_port = $parts[1]; } else { $tmp_host = $GLOBALS['pma_auth_server']; $tmp_port = ''; } if ($cfg['Server']['host'] != $GLOBALS['pma_auth_server']) { $cfg['Server']['host'] = $tmp_host; if (!empty($tmp_port)) { $cfg['Server']['port'] = $tmp_port; } } unset($tmp_host, $tmp_port, $parts); } $cfg['Server']['user'] = $GLOBALS['PHP_AUTH_USER']; $cfg['Server']['password'] = $GLOBALS['PHP_AUTH_PW']; // Avoid showing the password in phpinfo()'s output unset($GLOBALS['PHP_AUTH_PW']); unset($_SERVER['PHP_AUTH_PW']); $_SESSION['last_access_time'] = time(); // Name and password cookies need to be refreshed each time // Duration = one month for username $GLOBALS['PMA_Config']->setCookie('pmaUser-' . $GLOBALS['server'], PMA_blowfish_encrypt($cfg['Server']['user'], PMA_get_blowfish_secret())); // Duration = as configured $GLOBALS['PMA_Config']->setCookie('pmaPass-' . $GLOBALS['server'], PMA_blowfish_encrypt(!empty($cfg['Server']['password']) ? $cfg['Server']['password'] : "******", PMA_get_blowfish_secret()), null, $GLOBALS['cfg']['LoginCookieStore']); // Set server cookies if required (once per session) and, in this case, force // reload to ensure the client accepts cookies if (!$GLOBALS['from_cookie']) { if ($GLOBALS['cfg']['AllowArbitraryServer']) { if (!empty($GLOBALS['pma_auth_server'])) { // Duration = one month for servername $GLOBALS['PMA_Config']->setCookie('pmaServer-' . $GLOBALS['server'], $cfg['Server']['host']); } else { // Delete servername cookie $GLOBALS['PMA_Config']->removeCookie('pmaServer-' . $GLOBALS['server']); } } // URL where to go: $redirect_url = $cfg['PmaAbsoluteUri'] . 'index.php'; // any parameters to pass? $url_params = array(); if (strlen($GLOBALS['db'])) { $url_params['db'] = $GLOBALS['db']; } if (strlen($GLOBALS['table'])) { $url_params['table'] = $GLOBALS['table']; } // any target to pass? if (!empty($GLOBALS['target']) && $GLOBALS['target'] != 'index.php') { $url_params['target'] = $GLOBALS['target']; } /** * whether we come from a fresh cookie login */ define('PMA_COMING_FROM_COOKIE_LOGIN', true); /** * Clear user cache. */ PMA_clearUserCache(); PMA_sendHeaderLocation($redirect_url . PMA_generate_common_url($url_params, '&')); exit; } // end if return true; }
/** * Test clearing user cache */ public function testClearUserCache() { $GLOBALS['server'] = 'server'; PMA_cacheSet('is_superuser', 'yes', true); $this->assertEquals('yes', $_SESSION['cache']['server_server']['is_superuser']); PMA_clearUserCache(); $this->assertArrayNotHasKey('is_superuser', $_SESSION['cache']['server_server']); }