Documentation TYPO3 par Ameos

cookie.auth.lib.php

00001 <?php
00002 /* $Id: cookie.auth.lib.php,v 2.3 2003/11/26 22:52:24 rabus Exp $ */
00003 // vim: expandtab sw=4 ts=4 sts=4:
00004 
00005 
00006 // +--------------------------------------------------------------------------+
00007 // | Set of functions used to run cookie based authentication.                |
00008 // | Thanks to Piotr Roszatycki <d3xter at users.sourceforge.net> and         |
00009 // | Dan Wilson who builds this patch for the Debian package.                 |
00010 // +--------------------------------------------------------------------------+
00011 
00012 
00013 if (!isset($coming_from_common)) {
00014    exit();
00015 }
00016 
00017 require_once('./libraries/blowfish.php');
00018 
00019 // Gets the default font sizes
00020 PMA_setFontSizes();
00021 // Defines the cookie path and whether the server is using https or not
00022 $pma_uri_parts = parse_url($cfg['PmaAbsoluteUri']);
00023 $cookie_path   = substr($pma_uri_parts['path'], 0, strrpos($pma_uri_parts['path'], '/'));
00024 $is_https      = (isset($pma_uri_parts['scheme']) && $pma_uri_parts['scheme'] == 'https') ? 1 : 0;
00025 
00038 function full_str_pad($input, $pad_length, $pad_string = '', $pad_type = 0) {
00039     $str = '';
00040     $length = $pad_length - strlen($input);
00041     if ($length > 0) { // str_repeat doesn't like negatives
00042         if ($pad_type == STR_PAD_RIGHT) { // STR_PAD_RIGHT == 1
00043             $str = $input.str_repeat($pad_string, $length);
00044         } elseif ($pad_type == STR_PAD_BOTH) { // STR_PAD_BOTH == 2
00045             $str = str_repeat($pad_string, floor($length/2));
00046             $str .= $input;
00047             $str .= str_repeat($pad_string, ceil($length/2));
00048         } else { // defaults to STR_PAD_LEFT == 0
00049             $str = str_repeat($pad_string, $length).$input;
00050         }
00051     } else { // if $length is negative or zero we don't need to do anything
00052         $str = $input;
00053     }
00054     return $str;
00055 }
00056 
00069 function PMA_blowfish_encrypt($data, $secret) {
00070     $pma_cipher = new Horde_Cipher_blowfish;
00071     $encrypt = '';
00072     for ($i=0; $i<strlen($data); $i+=8) {
00073         $block = substr($data, $i, 8);
00074         if (strlen($block) < 8) {
00075             $block = full_str_pad($block,8,"\0", 1);
00076         }
00077         $encrypt .= $pma_cipher->encryptBlock($block, $secret);
00078     }
00079     return $encrypt;
00080 }
00081 
00094 function PMA_blowfish_decrypt($data, $secret) {
00095     $pma_cipher = new Horde_Cipher_blowfish;
00096     $decrypt = '';
00097     for ($i=0; $i<strlen($data); $i+=8) {
00098         $decrypt .= $pma_cipher->decryptBlock(substr($data, $i, 8), $secret);
00099     }
00100     return trim($decrypt);
00101 }
00102 
00113 function PMA_cookie_cmp(&$a, $b)
00114 {
00115     return (strcmp($a[1], $b[1]));
00116 } // end of the 'PMA_cmp()' function
00117 
00118 
00137 function PMA_auth()
00138 {
00139     global $right_font_family, $font_size, $font_bigger;
00140     global $cfg, $available_languages;
00141     global $lang, $server, $convcharset;
00142     global $conn_error;
00143 
00144     // Tries to get the username from cookie whatever are the values of the
00145     // 'register_globals' and the 'variables_order' directives if last login
00146     // should be recalled, else skip the IE autocomplete feature.
00147     if ($cfg['LoginCookieRecall']) {
00148         // username
00149         if (!empty($GLOBALS['pma_cookie_username'])) {
00150             $default_user = $GLOBALS['pma_cookie_username'];
00151         }
00152         else if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_username'])) {
00153             $default_user = $_COOKIE['pma_cookie_username'];
00154         }
00155 
00156         if (isset($default_user) && get_magic_quotes_gpc()) {
00157             $default_user = stripslashes($default_user);
00158         }
00159 
00160         // server name
00161         if (!empty($GLOBALS['pma_cookie_servername'])) {
00162             $default_server = $GLOBALS['pma_cookie_servername'];
00163         }
00164         else if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_servername'])) {
00165             $default_server = $_COOKIE['pma_cookie_servername'];
00166         }
00167         if (isset($default_server) && get_magic_quotes_gpc()) {
00168             $default_server = stripslashes($default_server);
00169         }
00170 
00171         $autocomplete     = '';
00172     }
00173     else {
00174         $default_user     = '';
00175         $autocomplete     = ' autocomplete="off"';
00176     }
00177 
00178     $cell_align = ($GLOBALS['text_dir'] == 'ltr') ? 'left' : 'right';
00179 
00180     // Defines the charset to be used
00181     header('Content-Type: text/html; charset=' . $GLOBALS['charset']);
00182 
00183     // Title
00184     ?>
00185 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
00186     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
00187 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo $GLOBALS['available_languages'][$GLOBALS['lang']][2]; ?>" lang="<?php echo $GLOBALS['available_languages'][$GLOBALS['lang']][2]; ?>" dir="<?php echo $GLOBALS['text_dir']; ?>">
00188 
00189 <head>
00190 <title>phpMyAdmin <?php echo PMA_VERSION; ?></title>
00191 <meta http-equiv="Content-Type" content="text/html; charset=<?php echo $GLOBALS['charset']; ?>" />
00192 <base href="<?php echo $cfg['PmaAbsoluteUri']; ?>" />
00193 <style type="text/css">
00194 <!--
00195 body            {font-family: <?php echo $right_font_family; ?>; font-size: <?php echo $font_size; ?>; color: #000000}
00196 td              {font-family: <?php echo $right_font_family; ?>; font-size: <?php echo $font_size; ?>; color: #000000}
00197 h1              {font-family: <?php echo $right_font_family; ?>; font-size: <?php echo $font_bigger; ?>; font-weight: bold}
00198 select          {font-family: <?php echo $right_font_family; ?>; font-size: <?php echo $font_size; ?>; background-color:#ffffff; color:#000000}
00199 input.textfield {font-family: <?php echo $right_font_family; ?>; font-size: <?php echo $font_size; ?>; background-color:#ffffff; color:#000000}
00200 .warning        {font-family: <?php echo $right_font_family; ?>; font-size: <?php echo $font_size; ?>; font-weight: bold; color: #FF0000}
00201 //-->
00202 </style>
00203 </head>
00204 
00205 <body bgcolor="<?php echo $cfg['RightBgColor']; ?>">
00206 <center>
00207 <a href="http://www.phpmyadmin.net" target="_blank"><img name="imLogo" id="imLogo" src="images/pma_logo.png" border="0" width="88" height="31" alt="phpMyAdmin" /></a>
00208 <h1><?php echo sprintf($GLOBALS['strWelcome'], ' phpMyAdmin ' . PMA_VERSION . ' - ' . $GLOBALS['strLogin']); ?></h1>
00209 <br />
00210 
00211     <?php
00212     // Displays the languages form
00213     if (empty($cfg['Lang'])) {
00214         echo "\n";
00215         ?>
00216 <!-- Language selection -->
00217 <form method="post" action="index.php">
00218     <input type="hidden" name="server" value="<?php echo $server; ?>" />
00219     <b>Language:&nbsp;</b>
00220     <select name="lang" dir="ltr" onchange="this.form.submit();">
00221         <?php
00222         echo "\n";
00223 
00224         uasort($available_languages, 'PMA_cookie_cmp');
00225         foreach($available_languages AS $id => $tmplang) {
00226             $lang_name = ucfirst(substr(strstr($tmplang[0], '|'), 1));
00227             if ($lang == $id) {
00228                 $selected = ' selected="selected"';
00229             } else {
00230                 $selected = '';
00231             }
00232             echo '        ';
00233             echo '<option value="' . $id . '"' . $selected . '>' . $lang_name . ' (' . $id . ')</option>' . "\n";
00234         } // end while
00235         ?>
00236     </select>
00237     <input type="submit" value="<?php echo $GLOBALS['strGo']; ?>" />
00238 </form>
00239 <br />
00240         <?php
00241     }
00242     echo "\n\n";
00243 
00244     // Displays the warning message and the login form
00245 
00246     if ($GLOBALS['cfg']['blowfish_secret']=='') {
00247     ?>
00248 <p class="warning"><?php echo $GLOBALS['strSecretRequired']; ?></p>
00249 </body>
00250 </html>
00251     <?php
00252     exit();
00253     }
00254     ?>
00255 <p><?php echo '(' . $GLOBALS['strCookiesRequired'] . ')'; ?></p>
00256 <br />
00257 
00258 
00259 <!-- Login form -->
00260 <form method="post" action="index.php" name="login_form"<?php echo $autocomplete; ?>>
00261     <table cellpadding="5">
00262 <?php if ($GLOBALS['cfg']['AllowArbitraryServer']) { ?>
00263     <tr>
00264         <td align="<?php echo $cell_align; ?>"><b><?php echo $GLOBALS['strLogServer']; ?>&nbsp;</b></td>
00265         <td align="<?php echo $cell_align; ?>">
00266             <input type="text" name="pma_servername" value="<?php echo (isset($default_server) ? $default_server : ''); ?>" size="24" class="textfield" onfocus="this.select()" />
00267         </td>
00268     </tr>
00269 <?php } ?>
00270     <tr>
00271         <td align="<?php echo $cell_align; ?>"><b><?php echo $GLOBALS['strLogUsername']; ?>&nbsp;</b></td>
00272         <td align="<?php echo $cell_align; ?>">
00273             <input type="text" name="pma_username" value="<?php echo (isset($default_user) ? $default_user : ''); ?>" size="24" class="textfield" onfocus="this.select()" />
00274         </td>
00275     </tr>
00276     <tr>
00277         <td align="<?php echo $cell_align; ?>"><b><?php echo $GLOBALS['strLogPassword']; ?>&nbsp;</b></td>
00278         <td align="<?php echo $cell_align; ?>">
00279             <input type="password" name="pma_password" value="" size="24" class="textfield" onfocus="this.select()" />
00280         </td>
00281     </tr>
00282     <?php
00283     if (count($cfg['Servers']) > 1) {
00284         echo "\n";
00285         ?>
00286     <tr>
00287         <td align="<?php echo $cell_align; ?>"><b><?php echo $GLOBALS['strServerChoice']; ?>&nbsp;:&nbsp;</b></td>
00288         <td align="<?php echo $cell_align; ?>">
00289             <select name="server"
00290             <?php
00291             if ($GLOBALS['cfg']['AllowArbitraryServer']) {
00292                 echo ' onchange="document.forms[\'login_form\'].elements[\'pma_servername\'].value = \'\'" ';
00293             }
00294             ?>
00295             >
00296         <?php
00297         echo "\n";
00298         // Displays the MySQL servers choice
00299         foreach($cfg['Servers'] AS $key => $val) {
00300             if (!empty($val['host']) || $val['auth_type'] == 'arbitrary') {
00301                 echo '                <option value="' . $key . '"';
00302                 if (!empty($server) && ($server == $key)) {
00303                     echo ' selected="selected"';
00304                 }
00305                 echo '>';
00306                 if ($val['verbose'] != '') {
00307                     echo $val['verbose'];
00308                 } elseif ($val['auth_type'] == 'arbitrary') {
00309                     echo $GLOBALS['strArbitrary'];
00310                 } else {
00311                     echo $val['host'];
00312                     if (!empty($val['port'])) {
00313                         echo ':' . $val['port'];
00314                     }
00315                     // loic1: skip this because it's not a so good idea to
00316                     //        display sockets used to everybody
00317                     // if (!empty($val['socket']) && PMA_PHP_INT_VERSION >= 30010) {
00318                     //     echo ':' . $val['socket'];
00319                     // }
00320                 }
00321                 // loic1: if 'only_db' is an array and there is more than one
00322                 //        value, displaying such informations may not be a so
00323                 //        good idea
00324                 if (!empty($val['only_db'])) {
00325                     echo ' - ' . (is_array($val['only_db']) ? implode(', ', $val['only_db']) : $val['only_db']);
00326                 }
00327                 if (!empty($val['user']) && ($val['auth_type'] == 'basic')) {
00328                     echo '  (' . $val['user'] . ')';
00329                 }
00330                 echo '&nbsp;</option>' . "\n";
00331             } // end if (!empty($val['host']))
00332         } // end while
00333         ?>
00334             </select>
00335         </td>
00336     </tr>
00337         <?php
00338     } // end if (server choice)
00339     echo "\n";
00340     if (!empty($conn_error)) {
00341         echo '<tr><td colspan="2" align="center"><p class="warning">'. $conn_error . '</p></td></tr>' . "\n";
00342     }
00343     ?>
00344     <tr>
00345         <td colspan="2" align="center">
00346     <?php
00347     if (count($cfg['Servers']) == 1) {
00348         echo '    <input type="hidden" name="server" value="' . $server . '" />';
00349     }
00350     echo "\n";
00351     ?>
00352             <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
00353             <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
00354             <input type="submit" value="<?php echo $GLOBALS['strLogin']; ?>" />
00355         </td>
00356     </tr>
00357     </table>
00358 </form>
00359 </center>
00360 
00361 <script type="text/javascript" language="javascript">
00362 <!--
00363 var uname = document.forms['login_form'].elements['pma_username'];
00364 var pword = document.forms['login_form'].elements['pma_password'];
00365 if (uname.value == '') {
00366     uname.focus();
00367 } else {
00368     pword.focus();
00369 }
00370 //-->
00371 </script>
00372 </body>
00373 
00374 </html>
00375     <?php
00376     exit();
00377 
00378     return TRUE;
00379 } // end of the 'PMA_auth()' function
00380 
00381 
00400 function PMA_auth_check()
00401 {
00402     global $PHP_AUTH_USER, $PHP_AUTH_PW, $pma_auth_server;
00403     global $pma_servername, $pma_username, $pma_password, $old_usr;
00404     global $from_cookie;
00405 
00406     // Initialization
00407     $PHP_AUTH_USER = $PHP_AUTH_PW = '';
00408     $from_cookie   = FALSE;
00409     $from_form     = FALSE;
00410 
00411     // The user wants to be logged out -> delete password cookie
00412     if (!empty($old_usr)) {
00413         setcookie('pma_cookie_password', '', 0, $GLOBALS['cookie_path'], '' , $GLOBALS['is_https']);
00414     }
00415 
00416     // The user just logged in
00417     else if (!empty($pma_username)) {
00418         $PHP_AUTH_USER = $pma_username;
00419         $PHP_AUTH_PW   = (empty($pma_password)) ? '' : $pma_password;
00420         if ($GLOBALS['cfg']['AllowArbitraryServer']) {
00421             $pma_auth_server = $pma_servername;
00422         }
00423         $from_form     = TRUE;
00424     }
00425 
00426     // At the end, try to set the $PHP_AUTH_USER & $PHP_AUTH_PW variables
00427     // from cookies whatever are the values of the 'register_globals' and
00428     // the 'variables_order' directives
00429     else {
00430         if ($GLOBALS['cfg']['AllowArbitraryServer']) {
00431             // servername
00432             if (!empty($pma_cookie_servername)) {
00433                 $pma_auth_server = $pma_cookie_servername;
00434                 $from_cookie   = TRUE;
00435             }
00436             else if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_servername'])) {
00437                 $pma_auth_server = $_COOKIE['pma_cookie_servername'];
00438                 $from_cookie   = TRUE;
00439             }
00440         }
00441         // username
00442         if (!empty($pma_cookie_username)) {
00443             $PHP_AUTH_USER = $pma_cookie_username;
00444             $from_cookie   = TRUE;
00445         }
00446         else if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_username'])) {
00447             $PHP_AUTH_USER = $_COOKIE['pma_cookie_username'];
00448             $from_cookie   = TRUE;
00449         }
00450         // password
00451         if (!empty($pma_cookie_password)) {
00452             $PHP_AUTH_PW   = $pma_cookie_password;
00453         }
00454         else if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_password'])) {
00455             $PHP_AUTH_PW   = $_COOKIE['pma_cookie_password'];
00456         }
00457         else {
00458             $from_cookie   = FALSE;
00459         }
00460         $PHP_AUTH_PW = base64_decode($PHP_AUTH_PW);
00461         $PHP_AUTH_PW = PMA_blowfish_decrypt($PHP_AUTH_PW,$GLOBALS['cfg']['blowfish_secret']);
00462 
00463         if ($PHP_AUTH_PW == "\xff(blank)") {
00464             $PHP_AUTH_PW   = '';
00465         }
00466     }
00467 
00468     // Returns whether we get authentication settings or not
00469     if (!$from_cookie && !$from_form) {
00470         return FALSE;
00471     } elseif ($from_cookie) {
00472         if (get_magic_quotes_gpc()) {
00473             $PHP_AUTH_USER = stripslashes($PHP_AUTH_USER);
00474             // no need to strip password as it is encrypted during transfer
00475         }
00476         return TRUE;
00477     } else {
00478         // we don't need to strip here, it is done in grab_globals
00479         return TRUE;
00480     }
00481 } // end of the 'PMA_auth_check()' function
00482 
00483 
00499 function PMA_auth_set_user()
00500 {
00501     global $cfg, $server;
00502     global $PHP_AUTH_USER, $PHP_AUTH_PW, $pma_auth_server;
00503     global $from_cookie;
00504 
00505     // Ensures valid authentication mode, 'only_db', bookmark database and
00506     // table names and relation table name are used
00507     if ($cfg['Server']['user'] != $PHP_AUTH_USER) {
00508         $servers_cnt = count($cfg['Servers']);
00509         for ($i = 1; $i <= $servers_cnt; $i++) {
00510             if (isset($cfg['Servers'][$i])
00511                 && ($cfg['Servers'][$i]['host'] == $cfg['Server']['host'] && $cfg['Servers'][$i]['user'] == $PHP_AUTH_USER)) {
00512                 $server        = $i;
00513                 $cfg['Server'] = $cfg['Servers'][$i];
00514                 break;
00515             }
00516         } // end for
00517     } // end if
00518 
00519     $pma_server_changed = FALSE;
00520     if ($GLOBALS['cfg']['AllowArbitraryServer']
00521             && isset($pma_auth_server) && !empty($pma_auth_server)
00522             && ($cfg['Server']['host'] != $pma_auth_server)
00523             ) {
00524         $cfg['Server']['host'] = $pma_auth_server;
00525         $pma_server_changed = TRUE;
00526     }
00527     $cfg['Server']['user']     = $PHP_AUTH_USER;
00528     $cfg['Server']['password'] = $PHP_AUTH_PW;
00529 
00530     // Set cookies if required (once per session) and, in this case, force
00531     // reload to ensure the client accepts cookies
00532     if (!$from_cookie) {
00533         if ($GLOBALS['cfg']['AllowArbitraryServer']) {
00534             if (isset($pma_auth_server) && !empty($pma_auth_server) && $pma_server_changed) {
00535                 // Duration = one month for serverrname
00536                 setcookie('pma_cookie_servername',
00537                     $cfg['Server']['host'],
00538                     time() + (60 * 60 * 24 * 30),
00539                     $GLOBALS['cookie_path'], '',
00540                     $GLOBALS['is_https']);
00541             } else {
00542                 // Delete servername cookie
00543                 setcookie('pma_cookie_servername', '', 0, $GLOBALS['cookie_path'], '' , $GLOBALS['is_https']);
00544             }
00545         }
00546         // Duration = one month for username
00547         setcookie('pma_cookie_username',
00548             $cfg['Server']['user'],
00549             time() + (60 * 60 * 24 * 30),
00550             $GLOBALS['cookie_path'], '',
00551             $GLOBALS['is_https']);
00552 
00553         // Duration = till the browser is closed for password
00554         // Some binary contents are now retrieved properly when stored
00555         // as a cookie, so we base64_encode()
00556         setcookie('pma_cookie_password',
00557             base64_encode(PMA_blowfish_encrypt(((!empty($cfg['Server']['password'])) ? $cfg['Server']['password'] : "\xff(blank)"), $GLOBALS['cfg']['blowfish_secret'])),
00558             0,
00559             $GLOBALS['cookie_path'], '',
00560             $GLOBALS['is_https']);
00561         // loic1: workaround against a IIS 5.0 bug
00562         if (empty($GLOBALS['SERVER_SOFTWARE'])) {
00563             if (isset($_SERVER) && !empty($_SERVER['SERVER_SOFTWARE'])) {
00564                 $GLOBALS['SERVER_SOFTWARE'] = $_SERVER['SERVER_SOFTWARE'];
00565             }
00566         } // end if
00567         if (!empty($GLOBALS['SERVER_SOFTWARE']) && $GLOBALS['SERVER_SOFTWARE'] == 'Microsoft-IIS/5.0') {
00568             header('Refresh: 0; url=' . $cfg['PmaAbsoluteUri'] . 'index.php?' . PMA_generate_common_url('', '', '&'));
00569         }
00570         else {
00571             header('Location: ' . $cfg['PmaAbsoluteUri'] . 'index.php?' . PMA_generate_common_url('', '', '&'));
00572         }
00573         exit();
00574     } // end if
00575 
00576     return TRUE;
00577 } // end of the 'PMA_auth_set_user()' function
00578 
00579 
00587 function PMA_auth_fails()
00588 {
00589 global $conn_error;
00590 
00591     // Deletes password cookie and displays the login form
00592     setcookie('pma_cookie_password', base64_encode(''), 0, $GLOBALS['cookie_path'], '' , $GLOBALS['is_https']);
00593 
00594     if (PMA_mysql_error()) {
00595         $conn_error = PMA_mysql_error();
00596     } else if (isset($php_errormsg)) {
00597         $conn_error = $php_errormsg;
00598     } else {
00599         $conn_error = $GLOBALS['strCannotLogin'];
00600     }
00601 
00602     PMA_auth();
00603 
00604     return TRUE;
00605 } // end of the 'PMA_auth_fails()' function
00606 
00607 ?>


Généré par Le spécialiste TYPO3 avec  doxygen 1.4.6