/** * Stores user credentials after successful login. * * @return void|bool */ public function storeUserCredentials() { global $cfg; // Name and password cookies need to be refreshed each time // Duration = one month for username $this->storeUsernameCookie($cfg['Server']['user']); // Duration = as configured // Do not store password cookie on password change as we will // set the cookie again after password has been changed if (!isset($_POST['change_pw'])) { $this->storePasswordCookie($cfg['Server']['password']); } // Set server cookies if required (once per session) and, in this case, // force reload to ensure the client accepts cookies if (!$GLOBALS['from_cookie']) { // URL where to go: $redirect_url = './index.php'; // any parameters to pass? $url_params = array(); if (mb_strlen($GLOBALS['db'])) { $url_params['db'] = $GLOBALS['db']; } if (mb_strlen($GLOBALS['table'])) { $url_params['table'] = $GLOBALS['table']; } // any target to pass? if (!empty($GLOBALS['target']) && $GLOBALS['target'] != 'index.php') { $url_params['target'] = $GLOBALS['target']; } /** * Clear user cache. */ Util::clearUserCache(); Response::getInstance()->disable(); PMA_sendHeaderLocation($redirect_url . PMA_URL_getCommon($url_params, 'text'), true); if (!defined('TESTSUITE')) { exit; } else { return false; } } // end if return true; }
/** * Gets advanced authentication settings * * @global string $PHP_AUTH_USER the username * @global string $PHP_AUTH_PW the password * * @return boolean whether we get authentication settings or not */ public function authCheck() { global $PHP_AUTH_USER, $PHP_AUTH_PW; /* Check if we're using same signon server */ $signon_url = $GLOBALS['cfg']['Server']['SignonURL']; if (isset($_SESSION['LAST_SIGNON_URL']) && $_SESSION['LAST_SIGNON_URL'] != $signon_url) { return false; } /* Script name */ $script_name = $GLOBALS['cfg']['Server']['SignonScript']; /* Session name */ $session_name = $GLOBALS['cfg']['Server']['SignonSession']; /* Login URL */ $signon_url = $GLOBALS['cfg']['Server']['SignonURL']; /* Current host */ $single_signon_host = $GLOBALS['cfg']['Server']['host']; /* Current port */ $single_signon_port = $GLOBALS['cfg']['Server']['port']; /* No configuration updates */ $single_signon_cfgupdate = array(); /* Are we requested to do logout? */ $do_logout = !empty($_REQUEST['old_usr']); /* Handle script based auth */ if (!empty($script_name)) { if (!file_exists($script_name)) { PMA_fatalError(__('Can not find signon authentication script:') . ' ' . $script_name); } include $script_name; list($PHP_AUTH_USER, $PHP_AUTH_PW) = get_login_credentials($GLOBALS['cfg']['Server']['user']); } elseif (isset($_COOKIE[$session_name])) { /* Does session exist? */ /* End current session */ $old_session = session_name(); $old_id = session_id(); if (!defined('TESTSUITE')) { session_write_close(); } /* Load single signon session */ session_name($session_name); session_id($_COOKIE[$session_name]); if (!defined('TESTSUITE')) { session_start(); } /* Clear error message */ unset($_SESSION['PMA_single_signon_error_message']); /* Grab credentials if they exist */ if (isset($_SESSION['PMA_single_signon_user'])) { if ($do_logout) { $PHP_AUTH_USER = ''; } else { $PHP_AUTH_USER = $_SESSION['PMA_single_signon_user']; } } if (isset($_SESSION['PMA_single_signon_password'])) { if ($do_logout) { $PHP_AUTH_PW = ''; } else { $PHP_AUTH_PW = $_SESSION['PMA_single_signon_password']; } } if (isset($_SESSION['PMA_single_signon_host'])) { $single_signon_host = $_SESSION['PMA_single_signon_host']; } if (isset($_SESSION['PMA_single_signon_port'])) { $single_signon_port = $_SESSION['PMA_single_signon_port']; } if (isset($_SESSION['PMA_single_signon_cfgupdate'])) { $single_signon_cfgupdate = $_SESSION['PMA_single_signon_cfgupdate']; } /* Also get token as it is needed to access subpages */ if (isset($_SESSION['PMA_single_signon_token'])) { /* No need to care about token on logout */ $pma_token = $_SESSION['PMA_single_signon_token']; } /* End single signon session */ if (!defined('TESTSUITE')) { session_write_close(); } /* Restart phpMyAdmin session */ session_name($old_session); if (!empty($old_id)) { session_id($old_id); } if (!defined('TESTSUITE')) { session_start(); } /* Set the single signon host */ $GLOBALS['cfg']['Server']['host'] = $single_signon_host; /* Set the single signon port */ $GLOBALS['cfg']['Server']['port'] = $single_signon_port; /* Configuration update */ $GLOBALS['cfg']['Server'] = array_merge($GLOBALS['cfg']['Server'], $single_signon_cfgupdate); /* Restore our token */ if (!empty($pma_token)) { $_SESSION[' PMA_token '] = $pma_token; } /** * Clear user cache. */ PMA\libraries\Util::clearUserCache(); } // Returns whether we get authentication settings or not if (empty($PHP_AUTH_USER)) { unset($_SESSION['LAST_SIGNON_URL']); return false; } else { $_SESSION['LAST_SIGNON_URL'] = $GLOBALS['cfg']['Server']['SignonURL']; return true; } }
/** * Stores user credentials after successful login. * * @return void|bool */ public function storeUserCredentials() { global $cfg; $this->createIV(); // Name and password cookies need to be refreshed each time // Duration = one month for username $this->storeUsernameCookie($cfg['Server']['user']); // Duration = as configured $this->storePasswordCookie($cfg['Server']['password']); // Set server cookies if required (once per session) and, in this case, // force reload to ensure the client accepts cookies if (!$GLOBALS['from_cookie']) { if ($GLOBALS['cfg']['AllowArbitraryServer']) { if (!empty($GLOBALS['pma_auth_server'])) { // Duration = one month for servername $GLOBALS['PMA_Config']->setCookie('pmaServer-' . $GLOBALS['server'], $cfg['Server']['host']); } else { // Delete servername cookie $GLOBALS['PMA_Config']->removeCookie('pmaServer-' . $GLOBALS['server']); } } // URL where to go: $redirect_url = $cfg['PmaAbsoluteUri'] . 'index.php'; // any parameters to pass? $url_params = array(); if (mb_strlen($GLOBALS['db'])) { $url_params['db'] = $GLOBALS['db']; } if (mb_strlen($GLOBALS['table'])) { $url_params['table'] = $GLOBALS['table']; } // any target to pass? if (!empty($GLOBALS['target']) && $GLOBALS['target'] != 'index.php') { $url_params['target'] = $GLOBALS['target']; } /** * Clear user cache. */ Util::clearUserCache(); Response::getInstance()->disable(); PMA_sendHeaderLocation($redirect_url . PMA_URL_getCommon($url_params, 'text'), true); if (!defined('TESTSUITE')) { exit; } else { return false; } } // end if return true; }