public function testIsHttps()
{
$this->object->set('PmaAbsoluteUri', 'http://some_host.com/phpMyAdmin');
$this->assertFalse($this->object->isHttps());
$this->object->set('PmaAbsoluteUri', 'https://some_host.com/phpMyAdmin');
$this->assertFalse($this->object->isHttps());
}
// (do not use & for parameters sent by header)
header('Location: ' . (defined('PMA_SETUP') ? '../' : '') . 'error.php' . '?lang=' . urlencode($available_languages[$lang][2]) . '&dir=' . urlencode($text_dir) . '&type=' . urlencode($strError) . '&error=' . urlencode(sprintf($strCantLoad, 'session')));
exit;
} elseif (ini_get('session.auto_start') == true && session_name() != 'phpMyAdmin') {
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
PMA_removeCookie(session_name());
}
session_unset();
@session_destroy();
}
// disable starting of sessions before all settings are done
// does not work, besides how it is written in php manual
//ini_set('session.auto_start', 0);
// session cookie settings
session_set_cookie_params(0, PMA_Config::getCookiePath() . '; HttpOnly', '', PMA_Config::isHttps());
// cookies are safer
ini_set('session.use_cookies', true);
// but not all user allow cookies
ini_set('session.use_only_cookies', false);
ini_set('session.use_trans_sid', true);
ini_set('url_rewriter.tags', 'a=href,frame=src,input=src,form=fakeentry,fieldset=');
//ini_set('arg_separator.output', '&');
// delete session/cookies when browser is closed
ini_set('session.cookie_lifetime', 0);
// warn but dont work with bug
ini_set('session.bug_compat_42', false);
ini_set('session.bug_compat_warn', true);
// use more secure session ids (with PHP 5)
if (version_compare(PHP_VERSION, '5.0.0', 'ge') && substr(PHP_OS, 0, 3) != 'WIN') {
ini_set('session.hash_function', 1);
/**
* sets cookie if value is different from current cokkie value,
* or removes if value is equal to default
*
* @uses PMA_Config::isHttps()
* @uses PMA_Config::getCookiePath()
* @uses $_COOKIE
* @uses PMA_removeCookie()
* @uses setcookie()
* @uses time()
* @param string $cookie name of cookie to remove
* @param mixed $value new cookie value
* @param string $default default value
* @param int $validity validity of cookie in seconds (default is one month)
* @param bool $httponlt whether cookie is only for HTTP (and not for scripts)
* @return boolean result of setcookie()
*/
function PMA_setCookie($cookie, $value, $default = null, $validity = null, $httponly = true)
{
if ($validity == null) {
$validity = 2592000;
}
if (strlen($value) && null !== $default && $value === $default && isset($_COOKIE[$cookie])) {
// remove cookie, default value is used
return PMA_removeCookie($cookie);
}
if (!strlen($value) && isset($_COOKIE[$cookie])) {
// remove cookie, value is empty
return PMA_removeCookie($cookie);
}
if (!isset($_COOKIE[$cookie]) || $_COOKIE[$cookie] !== $value) {
// set cookie with new value
/* Calculate cookie validity */
if ($validity == 0) {
$v = 0;
} else {
$v = time() + $validity;
}
return setcookie($cookie, $value, $v, PMA_Config::getCookiePath(), '', PMA_Config::isHttps(), $httponly);
}
// cookie has already $value as value
return true;
}
/**
* check for https
*/
function checkIsHttps()
{
$this->set('is_https', PMA_Config::isHttps());
}
if (!@function_exists('session_name')) {
PMA_fatalError('strCantLoad', 'session');
} elseif (ini_get('session.auto_start') == true && session_name() != 'phpMyAdmin') {
// Do not delete the existing session, it might be used by other
// applications; instead just close it.
session_write_close();
}
// disable starting of sessions before all settings are done
// does not work, besides how it is written in php manual
//ini_set('session.auto_start', 0);
// session cookie settings
session_set_cookie_params(0, PMA_Config::getCookiePath() . '; HttpOnly',
'', PMA_Config::isHttps());
// cookies are safer (use @ini_set() in case this function is disabled)
@ini_set('session.use_cookies', true);
// but not all user allow cookies
@ini_set('session.use_only_cookies', false);
@ini_set('session.use_trans_sid', true);
@ini_set('url_rewriter.tags',
'a=href,frame=src,input=src,form=fakeentry,fieldset=');
//ini_set('arg_separator.output', '&');
// delete session/cookies when browser is closed
@ini_set('session.cookie_lifetime', 0);
// warn but dont work with bug
/**
* sets cookie if value is different from current cokkie value,
* or removes if value is equal to default
*
* @uses PMA_Config::isHttps()
* @uses PMA_Config::getCookiePath()
* @uses $_COOKIE
* @uses PMA_removeCookie()
* @uses setcookie()
* @uses time()
* @param string $cookie name of cookie to remove
* @param mixed $value new cookie value
* @param string $default default value
* @return boolean result of setcookie()
*/
function PMA_setCookie($cookie, $value, $default = null)
{
if (strlen($value) && null !== $default && $value === $default && isset($_COOKIE[$cookie])) {
// remove cookie, default value is used
return PMA_removeCookie($cookie);
}
if (!strlen($value) && isset($_COOKIE[$cookie])) {
// remove cookie, value is empty
return PMA_removeCookie($cookie);
}
if (!isset($_COOKIE[$cookie]) || $_COOKIE[$cookie] !== $value) {
// set cookie with new value
return setcookie($cookie, $value, time() + 60 * 60 * 24 * 30, PMA_Config::getCookiePath(), '', PMA_Config::isHttps());
}
// cookie has already $value as value
return true;
}
/**
* sets cookie if value is different from current cokkie value,
* or removes if value is equal to default
*
* @uses PMA_Config::isHttps()
* @uses PMA_Config::getCookiePath()
* @uses $_COOKIE
* @uses PMA_removeCookie()
* @uses setcookie()
* @uses time()
* @param string $cookie name of cookie to remove
* @param mixed $value new cookie value
* @param string $default default value
* @param int $validity validity of cookie in seconds (default is one month)
* @param bool $httponlt whether cookie is only for HTTP (and not for scripts)
* @return boolean result of setcookie()
*/
function PMA_setCookie($cookie, $value, $default = null, $validity = null, $httponly = true)
{
if ($validity == null) {
$validity = 2592000;
}
if (strlen($value) && null !== $default && $value === $default && isset($_COOKIE[$cookie])) {
// remove cookie, default value is used
return PMA_removeCookie($cookie);
}
if (!strlen($value) && isset($_COOKIE[$cookie])) {
// remove cookie, value is empty
return PMA_removeCookie($cookie);
}
if (!isset($_COOKIE[$cookie]) || $_COOKIE[$cookie] !== $value) {
// set cookie with new value
/* Calculate cookie validity */
if ($validity == 0) {
$v = 0;
} else {
$v = time() + $validity;
}
/* Use native support for httponly cookies if available */
if (version_compare(PHP_VERSION, '5.2.0', 'ge')) {
return setcookie($cookie, $value, $v, PMA_Config::getCookiePath(), '', PMA_Config::isHttps(), $httponly);
} else {
return setcookie($cookie, $value, $v, PMA_Config::getCookiePath() . ($httponly ? '; HttpOnly' : ''), '', PMA_Config::isHttps());
}
}
// cookie has already $value as value
return true;
}
