Allow permanent login without customization

2010-05-06 15:45:34 +02:00 · 2010-05-06 15:45:34 +02:00 · 4ba2d85623
parent 605b09301b
commit 4ba2d85623
5 changed files with 38 additions and 10 deletions
--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@ -21,7 +21,7 @@ class Adminer {
 	* @return string cryptic string which gets combined with password
 	*/
 	function permanentLogin() {
-		return "";
+		return password_file();
 	}
 	
 	/** Identifier of selected database
@ -49,9 +49,7 @@ document.getElementById('username').focus();
 </script>
 <?php
 		echo "<p><input type='submit' value='" . lang('Login') . "'>\n";
-		if ($this->permanentLogin()) {
-			echo checkbox("permanent", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
-		}
+		echo checkbox("permanent", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
 	}
 	
 	/** Authorize the user
--- a/adminer/include/functions.inc.php
+++ b/adminer/include/functions.inc.php
@ -644,6 +644,37 @@ function apply_sql_function($function, $column) {
 	return ($function ? ($function == "unixepoch" ? "DATETIME($column, '$function')" : ($function == "count distinct" ? "COUNT(DISTINCT " : strtoupper("$function(")) . "$column)") : $column);
 }

+/** Read password from file adminer.key in temporary directory or create one
+* @return string or false if the file can not be created
+*/
+function password_file() {
+	$dir = ini_get("upload_tmp_dir"); // session_save_path() may contain other storage path
+	if (!$dir) {
+		if (function_exists('sys_get_temp_dir')) {
+			$dir = sys_get_temp_dir();
+		} else {
+			$filename = @tempnam("", ""); // @ - temp directory can be disabled by open_basedir
+			if (!$filename) {
+				return false;
+			}
+			$dir = dirname($filename);
+			unlink($filename);
+		}
+	}
+	$filename = "$dir/adminer.key";
+	$return = @file_get_contents($filename); // @ - can not exist
+	if ($return) {
+		return $return;
+	}
+	$fp = @fopen($filename, "w"); // @ - can have insufficient rights //! is not atomic
+	if ($fp) {
+		$return = md5(uniqid(mt_rand(), true));
+		fwrite($fp, $return);
+		fclose($fp);
+	}
+	return $return;
+}
+
 /** Check whether the string is e-mail address
 * @param string
 * @return bool
--- a/adminer/include/xxtea.inc.php
+++ b/adminer/include/xxtea.inc.php
@ -1,5 +1,5 @@
 <?php
-/** PHP implementation of XXTEA encryption algorithm.
+/** PHP implementation of XXTEA encryption algorithm
 * @author Ma Bingyao <andot@ujn.edu.cn>
 * @link http://www.coolcode.cn/?action=show&id=128
 */
--- a/changes.txt
+++ b/changes.txt
@ -1,6 +1,7 @@
 Adminer 3.0.0-dev:
 Drivers for MS SQL, SQLite, PostgreSQL
 Allow concurrent logins on the same server
+Allow permanent login without customization
 In-place editation in select
 Show number of tables in server overview
 Operator LIKE %%
--- a/editor/include/adminer.inc.php
+++ b/editor/include/adminer.inc.php
@ -7,14 +7,14 @@ class Adminer {
 		return lang('Editor');
 	}
 	
-	//! driver
+	//! driver, ns
 	
 	function credentials() {
 		return array(); // default INI settings
 	}
 	
 	function permanentLogin() {
-		return "";
+		return password_file();
 	}
 	
 	function database() {
@ -37,9 +37,7 @@ document.getElementById('username').focus();
 </script>
 <?php
 		echo "<p><input type='submit' value='" . lang('Login') . "'>\n";
-		if ($this->permanentLogin()) {
-			echo checkbox("permanent", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
-		}
+		echo checkbox("permanent", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
 	}
 	
 	function login($login, $password) {