2007-07-02 05:51:26 +00:00
< ? php
2008-01-08 13:55:52 +00:00
$ignore = array ( " server " , " username " , " password " );
2007-07-11 05:54:36 +00:00
if ( ini_get ( " session.use_trans_sid " ) && isset ( $_POST [ session_name ()])) {
$ignore [] = session_name ();
}
2007-07-02 05:51:26 +00:00
if ( isset ( $_POST [ " server " ])) {
2007-07-10 15:09:07 +00:00
if ( isset ( $_REQUEST [ session_name ()])) {
session_regenerate_id ();
$_SESSION [ " usernames " ][ $_POST [ " server " ]] = $_POST [ " username " ];
$_SESSION [ " passwords " ][ $_POST [ " server " ]] = $_POST [ " password " ];
2007-07-11 05:54:36 +00:00
if ( count ( $_POST ) == count ( $ignore )) {
2008-07-10 15:39:24 +00:00
$location = (( string ) $_GET [ " server " ] === $_POST [ " server " ] ? remove_from_uri () : preg_replace ( '~^[^?]*/([^?]*).*~' , '\\1' , $_SERVER [ " REQUEST_URI " ]) . ( strlen ( $_POST [ " server " ]) ? '?server=' . urlencode ( $_POST [ " server " ]) : '' ));
2007-07-28 22:36:24 +00:00
if ( ! isset ( $_COOKIE [ session_name ()])) {
2007-07-10 15:09:07 +00:00
$location .= ( strpos ( $location , " ? " ) === false ? " ? " : " & " ) . SID ;
}
header ( " Location: " . ( strlen ( $location ) ? $location : " . " ));
exit ;
}
2007-07-06 15:24:49 +00:00
}
$_GET [ " server " ] = $_POST [ " server " ];
2008-04-10 15:10:10 +00:00
} elseif ( isset ( $_POST [ " logout " ])) {
if ( $_POST [ " token " ] != $_SESSION [ " tokens " ][ $_GET [ " server " ]][ " ?logout " ]) {
page_header ( lang ( 'Logout' ), lang ( 'Invalid CSRF token. Send the form again.' ));
page_footer ( " db " );
exit ;
} else {
unset ( $_SESSION [ " usernames " ][ $_GET [ " server " ]]);
unset ( $_SESSION [ " passwords " ][ $_GET [ " server " ]]);
unset ( $_SESSION [ " databases " ][ $_GET [ " server " ]]);
$_SESSION [ " tokens " ][ $_GET [ " server " ]] = array ();
redirect ( substr ( $SELF , 0 , - 1 ), lang ( 'Logout successful.' ));
}
2007-07-02 05:51:26 +00:00
}
2007-07-23 11:57:26 +00:00
function auth_error () {
2007-07-25 17:30:59 +00:00
global $ignore ;
2007-07-23 11:57:26 +00:00
$username = $_SESSION [ " usernames " ][ $_GET [ " server " ]];
2007-07-17 05:14:43 +00:00
if ( $_POST [ " token " ] && ! isset ( $username )) {
2007-07-11 08:03:08 +00:00
$_POST [ " token " ] = token ();
}
2007-07-17 05:14:43 +00:00
unset ( $_SESSION [ " usernames " ][ $_GET [ " server " ]]);
2008-04-10 14:37:10 +00:00
page_header ( lang ( 'Login' ), ( isset ( $username ) ? lang ( 'Invalid credentials.' ) : ( isset ( $_POST [ " server " ]) ? lang ( 'Sessions must be enabled.' ) : ( $_POST ? lang ( 'Session expired, please login again.' ) : " " ))), null );
2007-07-02 05:51:26 +00:00
?>
< form action = " " method = " post " >
< table border = " 0 " cellspacing = " 0 " cellpadding = " 2 " >
2007-09-02 08:05:36 +00:00
< tr >< th >< ? php echo lang ( 'Server' ); ?> :</th><td><input name="server" value="<?php echo htmlspecialchars($_GET["server"]); ?>" /></td></tr>
< tr >< th >< ? php echo lang ( 'Username' ); ?> :</th><td><input name="username" value="<?php echo htmlspecialchars($username); ?>" /></td></tr>
2007-07-02 05:51:26 +00:00
< tr >< th >< ? php echo lang ( 'Password' ); ?> :</th><td><input type="password" name="password" /></td></tr>
2007-08-09 15:01:43 +00:00
</ table >
< p >
< ? php
2007-08-10 10:35:09 +00:00
$process = $_POST ; // expired session
while ( list ( $key , $val ) = each ( $process )) {
2007-07-06 15:24:49 +00:00
if ( is_array ( $val )) {
2007-08-10 10:35:09 +00:00
foreach ( $val as $k => $v ) {
$process [ $key . " [ $k ] " ] = $v ;
2007-07-02 05:51:26 +00:00
}
2007-07-11 05:54:36 +00:00
} elseif ( ! in_array ( $key , $ignore )) {
2007-07-06 15:24:49 +00:00
echo '<input type="hidden" name="' . htmlspecialchars ( $key ) . '" value="' . htmlspecialchars ( $val ) . '" />' ;
2007-07-02 05:51:26 +00:00
}
}
2007-07-09 06:12:22 +00:00
foreach ( $_FILES as $key => $val ) {
echo '<input type="hidden" name="files[' . htmlspecialchars ( $key ) . ']" value="' . ( $val [ " error " ] ? $val [ " error " ] : base64_encode ( file_get_contents ( $val [ " tmp_name " ]))) . '" />' ;
}
2007-08-09 15:01:43 +00:00
?>
< input type = " submit " value = " <?php echo lang('Login'); ?> " />
</ p >
2007-07-02 05:51:26 +00:00
</ form >
2007-08-09 15:01:43 +00:00
< ? php
2007-07-02 05:51:26 +00:00
page_footer ( " auth " );
2007-07-23 11:57:26 +00:00
}
2008-08-27 16:43:30 +00:00
$username = & $_SESSION [ " usernames " ][ $_GET [ " server " ]];
if ( ! isset ( $username )) {
$username = $_GET [ " username " ];
}
2007-11-08 12:20:18 +00:00
if ( ! isset ( $username ) || ! $mysql -> connect ( $_GET [ " server " ], $username , $_SESSION [ " passwords " ][ $_GET [ " server " ]])) {
2007-07-23 11:57:26 +00:00
auth_error ();
2007-07-02 05:51:26 +00:00
exit ;
}
2008-08-27 16:43:30 +00:00
unset ( $username );