PageRenderTime 39ms CodeModel.GetById 12ms RepoModel.GetById 0ms app.codeStats 0ms

/manage/phpmyadminlite/libraries/auth/http.auth.lib.php

https://gitlab.com/albert925/lading-ach
PHP | 229 lines | 126 code | 23 blank | 80 comment | 33 complexity | caa92372a0f685ae94414fa4e6eda5de MD5 | raw file
    

  1. <?php
    2. 

  2. /* vim: set expandtab sw=4 ts=4 sts=4: */
    3. 

  3. /**
    4. 

  4.  * Set of functions used to run http authentication.
    5. 

  5.  * NOTE: Requires PHP loaded as a Apache module.
    6. 

  6.  *
    7. 

  7.  * @package phpMyAdmin-Auth-HTTP
    8. 

  8.  * @version $Id$
    9. 

  9.  */
    10. 

  10. 

  11. 

  12. /**
    13. 

  13.  * Displays authentication form
    14. 

  14.  *
    15. 

  15.  * @global  string    the font face to use in case of failure
    16. 

  16.  * @global  string    the default font size to use in case of failure
    17. 

  17.  * @global  string    the big font size to use in case of failure
    18. 

  18.  *
    19. 

  19.  * @return  boolean   always true (no return indeed)
    20. 

  20.  *
    21. 

  21.  * @access  public
    22. 

  22.  */
    23. 

  23. function PMA_auth()
    24. 

  24. {
    25. 

  25.     /* Perform logout to custom URL */
    26. 

  26.     if (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) {
    27. 

  27.         PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']);
    28. 

  28.         exit;
    29. 

  29.     }
    30. 

  30. 

  31.     if (empty($GLOBALS['cfg']['Server']['verbose'])) {
    32. 

  32.         $server_message = $GLOBALS['cfg']['Server']['host'];
    33. 

  33.     } else {
    34. 

  34.         $server_message = $GLOBALS['cfg']['Server']['verbose'];
    35. 

  35.     }
    36. 

  36.     // remove non US-ASCII to respect RFC2616
    37. 

  37.     $server_message = preg_replace('/[^\x20-\x7e]/i', '', $server_message);
    38. 

  38.     header('WWW-Authenticate: Basic realm="phpMyAdmin ' . $server_message .  '"');
    39. 

  39.     header('HTTP/1.0 401 Unauthorized');
    40. 

  40.     if (php_sapi_name() !== 'cgi-fcgi') {
    41. 

  41. 	header('status: 401 Unauthorized');
    42. 

  42.     }
    43. 

  43. 

  44.     // Defines the charset to be used
    45. 

  45.     header('Content-Type: text/html; charset=' . $GLOBALS['charset']);
    46. 

  46.     /* HTML header */
    47. 

  47.     $page_title = $GLOBALS['strAccessDenied'];
    48. 

  48.     require './libraries/header_meta_style.inc.php';
    49. 

  49.     ?>
    50. 

  50. </head>
    51. 

  51. <body>
    52. 

  52.     <?php
    53. 

  53.     if (file_exists('./config.header.inc.php')) {
    54. 

  54.         require './config.header.inc.php';
    55. 

  55.     }
    56. 

  56.     ?>
    57. 

  57. 

  58. <br /><br />
    59. 

  59. <center>
    60. 

  60.     <h1><?php echo sprintf($GLOBALS['strWelcome'], ' phpMyAdmin'); ?></h1>
    61. 

  61. </center>
    62. 

  62. <br />
    63. 

  63. 

  64.     <?php
    65. 

  65.     PMA_Message::error('strWrongUser')->display();
    66. 

  66. 

  67.     if (file_exists('./config.footer.inc.php')) {
    68. 

  68.         require './config.footer.inc.php';
    69. 

  69.     }
    70. 

  70.     ?>
    71. 

  71. 

  72. </body>
    73. 

  73. </html>
    74. 

  74.     <?php
    75. 

  75.     exit();
    76. 

  76. } // end of the 'PMA_auth()' function
    77. 

  77. 

  78. 

  79. /**
    80. 

  80.  * Gets advanced authentication settings
    81. 

  81.  *
    82. 

  82.  * @global  string    the username if register_globals is on
    83. 

  83.  * @global  string    the password if register_globals is on
    84. 

  84.  * @global  array     the array of server variables if register_globals is
    85. 

  85.  *                    off
    86. 

  86.  * @global  array     the array of environment variables if register_globals
    87. 

  87.  *                    is off
    88. 

  88.  * @global  string    the username for the ? server
    89. 

  89.  * @global  string    the password for the ? server
    90. 

  90.  * @global  string    the username for the WebSite Professional server
    91. 

  91.  * @global  string    the password for the WebSite Professional server
    92. 

  92.  * @global  string    the username of the user who logs out
    93. 

  93.  *
    94. 

  94.  * @return  boolean   whether we get authentication settings or not
    95. 

  95.  *
    96. 

  96.  * @access  public
    97. 

  97.  */
    98. 

  98. function PMA_auth_check()
    99. 

  99. {
    100. 

  100.     global $PHP_AUTH_USER, $PHP_AUTH_PW;
    101. 

  101.     global $old_usr;
    102. 

  102. 

  103.     // Grabs the $PHP_AUTH_USER variable whatever are the values of the
    104. 

  104.     // 'register_globals' and the 'variables_order' directives
    105. 

  105.     if (empty($PHP_AUTH_USER)) {
    106. 

  106.         if (PMA_getenv('PHP_AUTH_USER')) {
    107. 

  107.             $PHP_AUTH_USER = PMA_getenv('PHP_AUTH_USER');
    108. 

  108.         } elseif (PMA_getenv('REMOTE_USER')) {
    109. 

  109.             // CGI, might be encoded, see below
    110. 

  110.             $PHP_AUTH_USER = PMA_getenv('REMOTE_USER');
    111. 

  111.         } elseif (PMA_getenv('REDIRECT_REMOTE_USER')) {
    112. 

  112.             // CGI, might be encoded, see below
    113. 

  113.             $PHP_AUTH_USER = PMA_getenv('REDIRECT_REMOTE_USER');
    114. 

  114.         } elseif (PMA_getenv('AUTH_USER')) {
    115. 

  115.             // WebSite Professional
    116. 

  116.             $PHP_AUTH_USER = PMA_getenv('AUTH_USER');
    117. 

  117.         } elseif (PMA_getenv('HTTP_AUTHORIZATION')) {
    118. 

  118.             // IIS, might be encoded, see below
    119. 

  119.             $PHP_AUTH_USER = PMA_getenv('HTTP_AUTHORIZATION');
    120. 

  120.         } elseif (PMA_getenv('Authorization')) {
    121. 

  121.             // FastCGI, might be encoded, see below
    122. 

  122.             $PHP_AUTH_USER = PMA_getenv('Authorization');
    123. 

  123.         }
    124. 

  124.     }
    125. 

  125.     // Grabs the $PHP_AUTH_PW variable whatever are the values of the
    126. 

  126.     // 'register_globals' and the 'variables_order' directives
    127. 

  127.     if (empty($PHP_AUTH_PW)) {
    128. 

  128.         if (PMA_getenv('PHP_AUTH_PW')) {
    129. 

  129.             $PHP_AUTH_PW = PMA_getenv('PHP_AUTH_PW');
    130. 

  130.         } elseif (PMA_getenv('REMOTE_PASSWORD')) {
    131. 

  131.             // Apache/CGI
    132. 

  132.             $PHP_AUTH_PW = PMA_getenv('REMOTE_PASSWORD');
    133. 

  133.         } elseif (PMA_getenv('AUTH_PASSWORD')) {
    134. 

  134.             // WebSite Professional
    135. 

  135.             $PHP_AUTH_PW = PMA_getenv('AUTH_PASSWORD');
    136. 

  136.         }
    137. 

  137.     }
    138. 

  138. 

  139.     // Decode possibly encoded information (used by IIS/CGI/FastCGI)
    140. 

  140.     // (do not use explode() because a user might have a colon in his password
    141. 

  141.     if (strcmp(substr($PHP_AUTH_USER, 0, 6), 'Basic ') == 0) {
    142. 

  142.         $usr_pass = base64_decode(substr($PHP_AUTH_USER, 6));
    143. 

  143.         if (! empty($usr_pass)) {
    144. 

  144.             $colon = strpos($usr_pass, ':');
    145. 

  145.             if ($colon) {
    146. 

  146.                 $PHP_AUTH_USER = substr($usr_pass, 0, $colon);
    147. 

  147.                 $PHP_AUTH_PW = substr($usr_pass, $colon + 1);
    148. 

  148.             }
    149. 

  149.             unset($colon);
    150. 

  150.         }
    151. 

  151.         unset($usr_pass);
    152. 

  152.     }
    153. 

  153. 

  154.     // User logged out -> ensure the new username is not the same
    155. 

  155.     if (!empty($old_usr)
    156. 

  156.         && (isset($PHP_AUTH_USER) && $old_usr == $PHP_AUTH_USER)) {
    157. 

  157.         $PHP_AUTH_USER = '';
    158. 

  158.         // -> delete user's choices that were stored in session
    159. 

  159.         session_destroy();
    160. 

  160.     }
    161. 

  161. 

  162.     // Returns whether we get authentication settings or not
    163. 

  163.     if (empty($PHP_AUTH_USER)) {
    164. 

  164.         return false;
    165. 

  165.     } else {
    166. 

  166.         return true;
    167. 

  167.     }
    168. 

  168. } // end of the 'PMA_auth_check()' function
    169. 

  169. 

  170. 

  171. /**
    172. 

  172.  * Set the user and password after last checkings if required
    173. 

  173.  *
    174. 

  174.  * @global  array     the valid servers settings
    175. 

  175.  * @global  integer   the id of the current server
    176. 

  176.  * @global  array     the current server settings
    177. 

  177.  * @global  string    the current username
    178. 

  178.  * @global  string    the current password
    179. 

  179.  *
    180. 

  180.  * @return  boolean   always true
    181. 

  181.  *
    182. 

  182.  * @access  public
    183. 

  183.  */
    184. 

  184. function PMA_auth_set_user()
    185. 

  185. {
    186. 

  186.     global $cfg, $server;
    187. 

  187.     global $PHP_AUTH_USER, $PHP_AUTH_PW;
    188. 

  188. 

  189.     // Ensures valid authentication mode, 'only_db', bookmark database and
    190. 

  190.     // table names and relation table name are used
    191. 

  191.     if ($cfg['Server']['user'] != $PHP_AUTH_USER) {
    192. 

  192.         $servers_cnt = count($cfg['Servers']);
    193. 

  193.         for ($i = 1; $i <= $servers_cnt; $i++) {
    194. 

  194.             if (isset($cfg['Servers'][$i])
    195. 

  195.                 && ($cfg['Servers'][$i]['host'] == $cfg['Server']['host'] && $cfg['Servers'][$i]['user'] == $PHP_AUTH_USER)) {
    196. 

  196.                 $server        = $i;
    197. 

  197.                 $cfg['Server'] = $cfg['Servers'][$i];
    198. 

  198.                 break;
    199. 

  199.             }
    200. 

  200.         } // end for
    201. 

  201.     } // end if
    202. 

  202. 

  203.     $cfg['Server']['user']     = $PHP_AUTH_USER;
    204. 

  204.     $cfg['Server']['password'] = $PHP_AUTH_PW;
    205. 

  205. 

  206.     return true;
    207. 

  207. } // end of the 'PMA_auth_set_user()' function
    208. 

  208. 

  209. 

  210. /**
    211. 

  211.  * User is not allowed to login to MySQL -> authentication failed
    212. 

  212.  *
    213. 

  213.  * @return  boolean   always true (no return indeed)
    214. 

  214.  *
    215. 

  215.  * @access  public
    216. 

  216.  */
    217. 

  217. function PMA_auth_fails()
    218. 

  218. {
    219. 

  219.     $error = PMA_DBI_getError();
    220. 

  220.     if ($error && $GLOBALS['errno'] != 1045) {
    221. 

  221.         PMA_fatalError($error);
    222. 

  222.     } else {
    223. 

  223.         PMA_auth();
    224. 

  224.         return true;
    225. 

  225.     }
    226. 

  226. 

  227. } // end of the 'PMA_auth_fails()' function
    228. 

  228. 

  229. ?>
    230. 

  230.