From 2faa08cd150fce9eab47b42db72872df0e86f495 Mon Sep 17 00:00:00 2001
From: jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
Date: Tue, 21 Jul 2009 12:19:25 +0000
Subject: [PATCH] Customize login and login form

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@860 7c3ca157-0c34-0410-bff1-cbf682f78f5c
---
 adminer/include/adminer.inc.php   | 25 +++++++++++++++++++++++++
 adminer/include/auth.inc.php      | 18 ++++++------------
 adminer/include/bootstrap.inc.php |  2 +-
 editor/include/adminer.inc.php    | 15 +++++++++++++++
 editor/include/auth.inc.php       | 12 ------------
 examples/editor-cds/index.php     |  4 ++++
 6 files changed, 51 insertions(+), 25 deletions(-)
 delete mode 100644 editor/include/auth.inc.php

diff --git a/adminer/include/adminer.inc.php b/adminer/include/adminer.inc.php
index ad8c1be2..8368d8ae 100644
--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@@ -21,6 +21,31 @@ function adminer_database() {
 	return call_adminer('database', $_GET["db"]);
 }
 
+/** Print login form
+* @param string
+* @return bool whether to display default login form
+*/
+function adminer_login_form($username) {
+	if (call_adminer('login_form', true, $username)) {
+		?>
+		<table cellspacing="0">
+		<tr><th><?php echo lang('Server'); ?><td><input name="server" value="<?php echo htmlspecialchars($_GET["server"]); ?>">
+		<tr><th><?php echo lang('Username'); ?><td><input name="username" value="<?php echo htmlspecialchars($username); ?>">
+		<tr><th><?php echo lang('Password'); ?><td><input type="password" name="password">
+		</table>
+<?php
+	}
+}
+
+/** Authorize the user
+* @param string
+* @param string
+* @return bool
+*/
+function adminer_login($login, $password) {
+	return call_adminer('login', true, $login, $password);
+}
+
 /** Table caption used in navigation and headings
 * @param array result of SHOW TABLE STATUS
 * @return string
diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php
index 79eb61b2..b7adace0 100644
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -40,16 +40,10 @@ function auth_error($exception = null) {
 	global $ignore, $dbh;
 	$username = $_SESSION["usernames"][$_GET["server"]];
 	unset($_SESSION["usernames"][$_GET["server"]]);
-	page_header(lang('Login'), (isset($username) ? htmlspecialchars($exception ? $exception->getMessage() : ($dbh ? $dbh : lang('Invalid credentials.'))) : (isset($_POST["server"]) ? lang('Sessions must be enabled.') : ($_POST ? lang('Session expired, please login again.') : ""))), null);
-	?>
-	<form action="" method="post">
-	<table cellspacing="0">
-	<tr><th><?php echo lang('Server'); ?><td><input name="server" value="<?php echo htmlspecialchars($_GET["server"]); ?>">
-	<tr><th><?php echo lang('Username'); ?><td><input name="username" value="<?php echo htmlspecialchars($username); ?>">
-	<tr><th><?php echo lang('Password'); ?><td><input type="password" name="password">
-	</table>
-	<p>
-<?php
+	page_header(lang('Login'), (isset($username) ? htmlspecialchars($exception ? $exception->getMessage() : (is_string($dbh) ? $dbh : lang('Invalid credentials.'))) : (isset($_POST["server"]) ? lang('Sessions must be enabled.') : ($_POST ? lang('Session expired, please login again.') : ""))), null);
+	echo "<form action='' method='post'>\n";
+	adminer_login_form($login);
+	echo "<p>\n";
 	hidden_fields($_POST, $ignore); // expired session
 	foreach ($_FILES as $key => $val) {
 		echo '<input type="hidden" name="files[' . htmlspecialchars($key) . ']" value="' . ($val["error"] ? $val["error"] : base64_encode(file_get_contents($val["tmp_name"]))) . '">';
@@ -67,8 +61,8 @@ if (!isset($username)) {
 	$username = $_GET["username"]; // default username can be passed in URL
 }
 $dbh = (isset($username) ? connect() : '');
-unset($username);
-if (is_string($dbh)) {
+if (is_string($dbh) || !adminer_login($username, $_SESSION["passwords"][$_GET["server"]])) {
 	auth_error();
 	exit;
 }
+unset($username);
diff --git a/adminer/include/bootstrap.inc.php b/adminer/include/bootstrap.inc.php
index 2941bf1d..daa26a00 100644
--- a/adminer/include/bootstrap.inc.php
+++ b/adminer/include/bootstrap.inc.php
@@ -91,7 +91,7 @@ if (isset($_GET["coverage"])) {
 }
 include "../adminer/include/pdo.inc.php";
 include "../adminer/include/mysql.inc.php";
-include "./include/auth.inc.php";
+include "../adminer/include/auth.inc.php";
 include "./include/connect.inc.php";
 include "./include/editing.inc.php";
 include "./include/export.inc.php";
diff --git a/editor/include/adminer.inc.php b/editor/include/adminer.inc.php
index 0f6f4507..ff082f32 100644
--- a/editor/include/adminer.inc.php
+++ b/editor/include/adminer.inc.php
@@ -12,6 +12,21 @@ function adminer_database() {
 	return call_adminer('database', (count($dbs) == 1 ? $dbs[0] : (count($dbs) == 2 && information_schema($dbs[0]) ? $dbs[1] : 'test')));
 }
 
+function adminer_login_form($username) {
+	if (call_adminer('login_form', true, $username)) {
+		?>
+		<table cellspacing="0">
+		<tr><th><?php echo lang('Username'); ?><td><input type="hidden" name="server" value="" /><input name="username" value="<?php echo htmlspecialchars($username); ?>">
+		<tr><th><?php echo lang('Password'); ?><td><input type="password" name="password">
+		</table>
+<?php
+	}
+}
+
+function adminer_login($login, $password) {
+	return call_adminer('login', true, $login, $password);
+}
+
 function adminer_table_name($row) {
 	table_comment($row);
 	return call_adminer('table_name', htmlspecialchars(strlen($row["Comment"]) ? $row["Comment"] : $row["Name"]), $row);
diff --git a/editor/include/auth.inc.php b/editor/include/auth.inc.php
deleted file mode 100644
index f3d5096e..00000000
--- a/editor/include/auth.inc.php
+++ /dev/null
@@ -1,12 +0,0 @@
-<?php
-function auth_error($exception = null) {
-	page_header(lang('Login'), htmlspecialchars(lang('Invalid credentials.'), null));
-	page_footer("auth");
-}
-
-$dbh = connect();
-if (is_string($dbh)) {
-	auth_error();
-	exit;
-}
-$_SESSION["tokens"][$_GET["server"]] = rand(1, 1e6); // defense against cross-site request forgery
diff --git a/examples/editor-cds/index.php b/examples/editor-cds/index.php
index 72dfd743..9166163b 100644
--- a/examples/editor-cds/index.php
+++ b/examples/editor-cds/index.php
@@ -19,6 +19,10 @@ class Adminer {
 		return 'cds';
 	}
 	
+	function login($login, $password) {
+		return ($login == 'admin');
+	}
+	
 }
 
 include "./editor.php";