list($key) = explode(":", $val);
        $permanent[$key] = $val;
    }
}
if (isset($_POST["server"])) {
    session_regenerate_id();
    // defense against session fixation
    $_SESSION["pwds"][$_POST["driver"]][$_POST["server"]][$_POST["username"]] = $_POST["password"];
    if ($_POST["permanent"]) {
        $key = base64_encode($_POST["driver"]) . "-" . base64_encode($_POST["server"]) . "-" . base64_encode($_POST["username"]);
        $private = $adminer->permanentLogin();
        $permanent[$key] = "{$key}:" . base64_encode($private ? encrypt_string($_POST["password"], $private) : "");
        cookie("adminer_permanent", implode(" ", $permanent));
    }
    if (count($_POST) == ($_POST["permanent"] ? 5 : 4) || DRIVER != $_POST["driver"] || SERVER != $_POST["server"] || $_GET["username"] !== $_POST["username"]) {
        redirect(auth_url($_POST["driver"], $_POST["server"], $_POST["username"]));
    }
} elseif ($_POST["logout"]) {
    if ($token && $_POST["token"] != $token) {
        page_header(lang('Logout'), lang('Invalid CSRF token. Send the form again.'));
        page_footer("db");
        exit;
    } else {
        foreach (array("pwds", "dbs", "queries") as $key) {
            set_session($key, null);
        }
        $key = base64_encode(DRIVER) . "-" . base64_encode(SERVER) . "-" . base64_encode($_GET["username"]);
        if ($permanent[$key]) {
            unset($permanent[$key]);
            cookie("adminer_permanent", implode(" ", $permanent));
        }
Example #2
0
    /** Prints navigation after Adminer title
     * @param string can be "auth" if there is no database connection, "db" if there is no database selected, "ns" with invalid schema
     * @return null
     */
    function navigation($missing)
    {
        global $VERSION, $jush, $drivers, $connection;
        ?>
<h1>
<?php 
        echo $this->name();
        ?>
 <span class="version"><?php 
        echo $VERSION;
        ?>
</span>
<a href="http://www.adminer.org/#download" target="_blank" id="version"><?php 
        echo version_compare($VERSION, $_COOKIE["adminer_version"]) < 0 ? h($_COOKIE["adminer_version"]) : "";
        ?>
</a>
</h1>
<?php 
        if ($missing == "auth") {
            $first = true;
            foreach ((array) $_SESSION["pwds"] as $vendor => $servers) {
                foreach ($servers as $server => $usernames) {
                    foreach ($usernames as $username => $password) {
                        if ($password !== null) {
                            if ($first) {
                                echo "<p id='logins' onmouseover='menuOver(this, event);' onmouseout='menuOut(this);'>\n";
                                $first = false;
                            }
                            $dbs = $_SESSION["db"][$vendor][$server][$username];
                            foreach ($dbs ? array_keys($dbs) : array("") as $db) {
                                echo "<a href='" . h(auth_url($vendor, $server, $username, $db)) . "'>({$drivers[$vendor]}) " . h($username . ($server != "" ? "@{$server}" : "") . ($db != "" ? " - {$db}" : "")) . "</a><br>\n";
                            }
                        }
                    }
                }
            }
        } else {
            if ($_GET["ns"] !== "" && !$missing && DB != "") {
                $connection->select_db(DB);
                $tables = table_status('', true);
            }
            if (support("sql")) {
                ?>
<script type="text/javascript" src="../externals/jush/modules/jush.js"></script>
<script type="text/javascript" src="../externals/jush/modules/jush-textarea.js"></script>
<script type="text/javascript" src="../externals/jush/modules/jush-txt.js"></script>
<script type="text/javascript" src="../externals/jush/modules/jush-<?php 
                echo $jush;
                ?>
.js"></script>
<script type="text/javascript">
<?php 
                if ($tables) {
                    $links = array();
                    foreach ($tables as $table => $type) {
                        $links[] = preg_quote($table, '/');
                    }
                    echo "var jushLinks = { {$jush}: [ '" . js_escape(ME) . (support("table") ? "table=" : "select=") . "\$&', /\\b(" . implode("|", $links) . ")\\b/g ] };\n";
                    foreach (array("bac", "bra", "sqlite_quo", "mssql_bra") as $val) {
                        echo "jushLinks.{$val} = jushLinks.{$jush};\n";
                    }
                }
                ?>
bodyLoad('<?php 
                echo is_object($connection) ? substr($connection->server_info, 0, 3) : "";
                ?>
');
</script>
<?php 
            }
            $this->databasesPrint($missing);
            if (DB == "" || !$missing) {
                echo "<p class='links'>" . (support("sql") ? "<a href='" . h(ME) . "sql='" . bold(isset($_GET["sql"]) && !isset($_GET["import"])) . ">" . lang('SQL command') . "</a>\n<a href='" . h(ME) . "import='" . bold(isset($_GET["import"])) . ">" . lang('Import') . "</a>\n" : "") . "";
                if (support("dump")) {
                    echo "<a href='" . h(ME) . "dump=" . urlencode(isset($_GET["table"]) ? $_GET["table"] : $_GET["select"]) . "' id='dump'" . bold(isset($_GET["dump"])) . ">" . lang('Export') . "</a>\n";
                }
            }
            if ($_GET["ns"] !== "" && !$missing && DB != "") {
                echo '<a href="' . h(ME) . 'create="' . bold($_GET["create"] === "") . ">" . lang('Create table') . "</a>\n";
                if (!$tables) {
                    echo "<p class='message'>" . lang('No tables.') . "\n";
                } else {
                    $this->tablesPrint($tables);
                }
            }
        }
    }
Example #3
0
    // defense against session fixation
    $vendor = $auth["driver"];
    $server = $auth["server"];
    $username = $auth["username"];
    $password = (string) $auth["password"];
    $db = $auth["db"];
    set_password($vendor, $server, $username, $password);
    $_SESSION["db"][$vendor][$server][$username][$db] = true;
    if ($auth["permanent"]) {
        $key = base64_encode($vendor) . "-" . base64_encode($server) . "-" . base64_encode($username) . "-" . base64_encode($db);
        $private = $adminer->permanentLogin(true);
        $permanent[$key] = "{$key}:" . base64_encode($private ? encrypt_string($password, $private) : "");
        cookie("adminer_permanent", implode(" ", $permanent));
    }
    if (count($_POST) == 1 || DRIVER != $vendor || SERVER != $server || $_GET["username"] !== $username || DB != $db) {
        redirect(auth_url($vendor, $server, $username, $db));
    }
} elseif ($_POST["logout"]) {
    if ($has_token && !verify_token()) {
        page_header(lang('Logout'), lang('Invalid CSRF token. Send the form again.'));
        page_footer("db");
        exit;
    } else {
        foreach (array("pwds", "db", "dbs", "queries") as $key) {
            set_session($key, null);
        }
        unset_permanent();
        redirect(substr(preg_replace('~\\b(username|db|ns)=[^&]*&~', '', ME), 0, -1), lang('Logout successful.'));
    }
} elseif ($permanent && !$_SESSION["pwds"]) {
    session_regenerate_id();
Example #4
0
    /** Prints navigation after Adminer title
     * @param string can be "auth" if there is no database connection, "db" if there is no database selected, "ns" with invalid schema
     * @return null
     */
    function navigation($missing)
    {
        global $VERSION, $jush, $drivers, $connection;
        ?>
			<!-- ACERCA DE -->
			<div class='well well-sm well-info' align=center>
				<?php 
        echo $this->name();
        ?>
 <span class="version"><?php 
        echo $VERSION;
        ?>
</span>
				<?php 
        switch_lang();
        ?>
			</div>

<?php 
        if ($missing == "auth") {
            $first = true;
            foreach ((array) $_SESSION["pwds"] as $vendor => $servers) {
                foreach ($servers as $server => $usernames) {
                    foreach ($usernames as $username => $password) {
                        if ($password !== null) {
                            if ($first) {
                                echo "<p id='logins' onmouseover='menuOver(this, event);' onmouseout='menuOut(this);'>\n";
                                $first = false;
                            }
                            $dbs = $_SESSION["db"][$vendor][$server][$username];
                            foreach ($dbs ? array_keys($dbs) : array("") as $db) {
                                echo "<a href='" . h(auth_url($vendor, $server, $username, $db)) . "'>({$drivers[$vendor]}) " . h($username . ($server != "" ? "@{$server}" : "") . ($db != "" ? " - {$db}" : "")) . "</a><br>\n";
                            }
                        }
                    }
                }
            }
        } else {
            if ($_GET["ns"] !== "" && !$missing && DB != "") {
                $connection->select_db(DB);
                $tables = table_status('', true);
            }
            if (support("sql")) {
                ?>
								<script type="text/javascript" src="../externals/jush/modules/jush.js"></script>
								<script type="text/javascript" src="../externals/jush/modules/jush-textarea.js"></script>
								<script type="text/javascript" src="../externals/jush/modules/jush-txt.js"></script>
								<script type="text/javascript" src="../externals/jush/modules/jush-<?php 
                echo $jush;
                ?>
.js"></script>
								<script type="text/javascript">
								<?php 
                if ($tables) {
                    $links = array();
                    foreach ($tables as $table => $type) {
                        $links[] = preg_quote($table, '/');
                    }
                    echo "var jushLinks = { {$jush}: [ '" . js_escape(ME) . (support("table") ? "table=" : "select=") . "\$&', /\\b(" . implode("|", $links) . ")\\b/g ] };\n";
                    foreach (array("bac", "bra", "sqlite_quo", "mssql_bra") as $val) {
                        echo "jushLinks.{$val} = jushLinks.{$jush};\n";
                    }
                }
                ?>
							bodyLoad('<?php 
                echo is_object($connection) ? substr($connection->server_info, 0, 3) : "";
                ?>
');
							</script>
						<?php 
            }
            echo "<div align=center>";
            $this->databasesPrint($missing);
            echo "<br>";
            if (DB == "" || !$missing) {
                echo (support("sql") ? "\n\t\t\t\t\t\t\t<a href='" . h(ME) . "sql='" . bold(isset($_GET["sql"]) && !isset($_GET["import"])) . " class='btn btn-info btn-xs'><i class='fa fa-terminal fa-fw'></i>  " . lang('SQL command') . "</a>\n\n\t\t\t\t\t\t\t<a href='" . h(ME) . "import='" . bold(isset($_GET["import"])) . " class='btn btn-warning btn-xs'><i class='fa fa-download fa-fw'></i> " . lang('Import') . "</a>\n" : "") . "";
                if (support("dump")) {
                    echo "<a href='" . h(ME) . "dump=" . urlencode(isset($_GET["table"]) ? $_GET["table"] : $_GET["select"]) . "' id='dump'" . bold(isset($_GET["dump"])) . " class='btn btn-danger btn-xs'><i class='fa fa-floppy-o fa-fw'></i> " . lang('Export') . "</a>\n";
                }
            }
            if ($_GET["ns"] !== "" && !$missing && DB != "") {
                echo '<a href="' . h(ME) . 'create="' . bold($_GET["create"] === "") . " class='btn btn-success btn-xs'><i class='fa fa-plus fa-fw'></i> " . lang('Create table') . "</a>\n";
                if (!$tables) {
                    //Imprime mensaje indicando que no hay tablas
                    echo "<br><br><div class='alert alert-warning' role='alert'>" . lang('No tables.') . "</div>\n";
                } else {
                    //Imprime la lista de tablas cuando hay al menos una en la BD
                    echo "<div align=left>";
                    $this->tablesPrint($tables);
                    echo "</div>";
                }
            }
            echo "</div>";
        }
    }
Example #5
0
    // defense against session fixation
    $driver = $auth["driver"];
    $server = $auth["server"];
    $username = $auth["username"];
    $password = $auth["password"];
    $db = $auth["db"];
    set_password($driver, $server, $username, $password);
    $_SESSION["db"][$driver][$server][$username][$db] = true;
    if ($auth["permanent"]) {
        $key = base64_encode($driver) . "-" . base64_encode($server) . "-" . base64_encode($username) . "-" . base64_encode($db);
        $private = $adminer->permanentLogin(true);
        $permanent[$key] = "{$key}:" . base64_encode($private ? encrypt_string($password, $private) : "");
        cookie("adminer_permanent", implode(" ", $permanent));
    }
    if (count($_POST) == 1 || DRIVER != $driver || SERVER != $server || $_GET["username"] !== $username || DB != $db) {
        redirect(auth_url($driver, $server, $username, $db));
    }
} elseif ($_POST["logout"]) {
    if ($has_token && !verify_token()) {
        page_header(lang('Logout'), lang('Invalid CSRF token. Send the form again.'));
        page_footer("db");
        exit;
    } else {
        foreach (array("pwds", "db", "dbs", "queries") as $key) {
            set_session($key, null);
        }
        unset_permanent();
        redirect(substr(preg_replace('~\\b(username|db|ns)=[^&]*&~', '', ME), 0, -1), lang('Logout successful.'));
    }
} elseif ($permanent && !$_SESSION["pwds"]) {
    session_regenerate_id();
Example #6
0
    }
}
$auth = $_POST["auth"];
if ($auth) {
    session_regenerate_id();
    // defense against session fixation
    $_SESSION["pwds"][$auth["driver"]][$auth["server"]][$auth["username"]] = $auth["password"];
    $_SESSION["db"][$auth["driver"]][$auth["server"]][$auth["username"]][$auth["db"]] = true;
    if ($auth["permanent"]) {
        $key = base64_encode($auth["driver"]) . "-" . base64_encode($auth["server"]) . "-" . base64_encode($auth["username"]) . "-" . base64_encode($auth["db"]);
        $private = $adminer->permanentLogin();
        $permanent[$key] = "{$key}:" . base64_encode($private ? encrypt_string($auth["password"], $private) : "");
        cookie("adminer_permanent", implode(" ", $permanent));
    }
    if (count($_POST) == 1 || DRIVER != $auth["driver"] || SERVER != $auth["server"] || $_GET["username"] !== $auth["username"] || DB != $auth["db"]) {
        redirect(auth_url($auth["driver"], $auth["server"], $auth["username"], $auth["db"]));
    }
} elseif ($_POST["logout"]) {
    if ($token && $_POST["token"] != $token) {
        page_header(lang('Logout'), lang('Invalid CSRF token. Send the form again.'));
        page_footer("db");
        exit;
    } else {
        foreach (array("pwds", "db", "dbs", "queries") as $key) {
            set_session($key, null);
        }
        unset_permanent();
        redirect(substr(preg_replace('~(username|db|ns)=[^&]*&~', '', ME), 0, -1), lang('Logout successful.'));
    }
} elseif ($permanent && !$_SESSION["pwds"]) {
    session_regenerate_id();
    /** Prints navigation after Adminer title
     * @param string can be "auth" if there is no database connection, "db" if there is no database selected, "ns" with invalid schema
     * @return null
     */
    function navigation($missing)
    {
        global $VERSION, $connection, $token, $jush, $drivers;
        ?>
<h1>
<?php 
        echo $this->name();
        ?>
 <span class="version"><?php 
        echo $VERSION;
        ?>
</span>
<a href="http://www.adminer.org/#download" id="version"><?php 
        echo version_compare($VERSION, $_COOKIE["adminer_version"]) < 0 ? h($_COOKIE["adminer_version"]) : "";
        ?>
</a>
</h1>
<?php 
        if ($missing == "auth") {
            $first = true;
            foreach ((array) $_SESSION["pwds"] as $driver => $servers) {
                foreach ($servers as $server => $usernames) {
                    foreach ($usernames as $username => $password) {
                        if (isset($password)) {
                            if ($first) {
                                echo "<p onclick='eventStop(event);'>\n";
                                $first = false;
                            }
                            echo "<a href='" . h(auth_url($driver, $server, $username)) . "'>({$drivers[$driver]}) " . h($username . ($server != "" ? "@{$server}" : "")) . "</a><br>\n";
                        }
                    }
                }
            }
        } else {
            $databases = get_databases();
            ?>
<form action="" method="post">
<p class="logout">
<?php 
            if (DB == "" || !$missing) {
                echo "<a href='" . h(ME) . "sql='" . bold(isset($_GET["sql"])) . ">" . lang('SQL command') . "</a>\n";
                if (support("dump")) {
                    echo "<a href='" . h(ME) . "dump=" . urlencode(isset($_GET["table"]) ? $_GET["table"] : $_GET["select"]) . "' id='dump'" . bold(isset($_GET["dump"])) . ">" . lang('Dump') . "</a>\n";
                }
            }
            ?>
<input type="submit" name="logout" value="<?php 
            echo lang('Logout');
            ?>
" onclick="eventStop(event);">
<input type="hidden" name="token" value="<?php 
            echo $token;
            ?>
">
</p>
</form>
<form action="">
<p>
<?php 
            hidden_fields_get();
            echo $databases ? html_select("db", array("" => "(" . lang('database') . ")") + $databases, DB, "this.form.submit();") : '<input name="db" value="' . h(DB) . '">';
            ?>
<input type="submit" value="<?php 
            echo lang('Use');
            ?>
"<?php 
            echo $databases ? " class='hidden'" : "";
            ?>
 onclick="eventStop(event);">
<?php 
            if ($missing != "db" && DB != "" && $connection->select_db(DB)) {
                if (support("scheme")) {
                    echo "<br>" . html_select("ns", array("" => "(" . lang('schema') . ")") + schemas(), $_GET["ns"], "this.form.submit();");
                    if ($_GET["ns"] != "") {
                        set_schema($_GET["ns"]);
                    }
                }
                if ($_GET["ns"] !== "" && !$missing) {
                    echo '<p><a href="' . h(ME) . 'create="' . bold($_GET["create"] === "") . ">" . lang('Create new table') . "</a>\n";
                    $tables = tables_list();
                    if (!$tables) {
                        echo "<p class='message'>" . lang('No tables.') . "\n";
                    } else {
                        $this->tablesPrint($tables);
                        $links = array();
                        foreach ($tables as $table => $type) {
                            $links[] = preg_quote($table, '/');
                        }
                        echo "<script type='text/javascript'>\n";
                        echo "var jushLinks = { {$jush}: [ '" . js_adminer_escape(ME) . "table=\$&', /\\b(" . implode("|", $links) . ")\\b/g ] };\n";
                        foreach (array("bac", "bra", "sqlite_quo", "mssql_bra") as $val) {
                            echo "jushLinks.{$val} = jushLinks.{$jush};\n";
                        }
                        echo "</script>\n";
                    }
                }
            }
            echo isset($_GET["sql"]) ? '<input type="hidden" name="sql" value="">' : (isset($_GET["schema"]) ? '<input type="hidden" name="schema" value="">' : (isset($_GET["dump"]) ? '<input type="hidden" name="dump" value="">' : ""));
            echo "</p></form>\n";
        }
    }