Disallow using password-less databases

2018-05-04 16:52:41 +02:00 · 2018-05-04 16:52:41 +02:00 · 60d1b7b3b4
parent db11fa4c1a
commit 60d1b7b3b4
15 changed files with 47 additions and 24 deletions
--- a/adminer/drivers/elastic.inc.php
+++ b/adminer/drivers/elastic.inc.php
@ -227,8 +227,11 @@ if (isset($_GET["elastic"])) {
 	function connect() {
 		global $adminer;
 		$connection = new Min_DB;
-		$credentials = $adminer->credentials();
-		if ($connection->connect($credentials[0], $credentials[1], $credentials[2])) {
+		list($server, $username, $password) = $adminer->credentials();
+		if ($password != "" && $connection->connect($server, $username, "")) {
+			return lang('Database does not support password.');
+		}
+		if ($connection->connect($server, $username, $password)) {
 			return $connection;
 		}
 		return $connection->error;
--- a/adminer/drivers/mongo.inc.php
+++ b/adminer/drivers/mongo.inc.php
@ -610,7 +610,7 @@ if (isset($_GET["mongo"])) {
 		$connection = new Min_DB;
 		list($server, $username, $password) = $adminer->credentials();
 		$options = array();
-		if ($username != "") {
+		if ($username . $password != "") {
 			$options["username"] = $username;
 			$options["password"] = $password;
 		}
@ -620,6 +620,15 @@ if (isset($_GET["mongo"])) {
 		}
 		try {
 			$connection->_link = $connection->connect("mongodb://$server", $options);
+			if ($password != "") {
+				$options["password"] = "";
+				try {
+					$connection->connect("mongodb://$server", $options);
+					return lang('Database does not support password.');
+				} catch (Exception $ex) {
+					// this is what we want
+				}
+			}
 			return $connection;
 		} catch (Exception $ex) {
 			return $ex->getMessage();
--- a/adminer/drivers/simpledb.inc.php
+++ b/adminer/drivers/simpledb.inc.php
@ -248,6 +248,11 @@ if (isset($_GET["simpledb"])) {


 	function connect() {
+		global $adminer;
+		list(, , $password) = $adminer->credentials();
+		if ($password != "") {
+			return lang('Database does not support password.');
+		}
 		return new Min_DB;
 	}

--- a/adminer/drivers/sqlite.inc.php
+++ b/adminer/drivers/sqlite.inc.php
@ -240,6 +240,11 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) {
 	}

 	function connect() {
+		global $adminer;
+		list(, , $password) = $adminer->credentials();
+		if ($password != "") {
+			return lang('Database does not support password.');
+		}
 		return new Min_DB;
 	}

--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@ -145,9 +145,8 @@ class Adminer {
 	* @return mixed true for success, string for error message, false for unknown error
 	*/
 	function login($login, $password) {
-		global $jush;
-		if ($jush == "sqlite") {
-			return lang('<a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to use SQLite.', target_blank(), '<code>login()</code>');
+		if ($password == "") { //! password is optional in Elastic and Mongo
+			return lang('<a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to use password-less database.', target_blank(), '<code>login()</code>');
 		}
 		return true;
 	}
--- a/adminer/lang/cs.inc.php
+++ b/adminer/lang/cs.inc.php
@ -12,7 +12,8 @@ $translations = array(
 	'Logout successful.' => 'Odhlášení proběhlo v pořádku.',
 	'Thanks for using Adminer, consider <a href="%s">donating</a>.' => 'Díky za použití Admineru, <a href="%s">příspějte</a> na vývoj.',
 	'Invalid credentials.' => 'Neplatné přihlašovací údaje.',
-	'<a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to use SQLite.' => 'Pro přihlášení k SQLite <a href="https://www.adminer.org/cs/extension/"%s>implementujte</a> metodu %s.',
+	'<a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to use password-less database.' => 'Pro přihlášení bez hesla <a href="https://www.adminer.org/cs/extension/"%s>implementujte</a> metodu %s.',
+	'Database does not support password.' => 'Databáze nepodporuje heslo.',
 	'Too many unsuccessful logins, try again in %d minute(s).' => array('Příliš mnoho pokusů o přihlášení, zkuste to znovu za %d minutu.', 'Příliš mnoho pokusů o přihlášení, zkuste to znovu za %d minuty.', 'Příliš mnoho pokusů o přihlášení, zkuste to znovu za %d minut.'),
 	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => 'Platnost hlavního hesla vypršela. <a href="https://www.adminer.org/cs/extension/"%s>Implementujte</a> metodu %s, aby platilo stále.',
 	'Language' => 'Jazyk',
--- a/adminer/lang/he.inc.php
+++ b/adminer/lang/he.inc.php
@ -276,7 +276,6 @@ $translations = array(
 	'ATTACH queries are not supported.' => 'שאילתת ATTACH אינה נתמכת',
 	'%d / ' => '%d / ',
 	'Limit rows' => 'הגבל שורות',
-	'<a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to use SQLite.' => '<a href="https://www.adminer.org/en/extension/"%s>התקן</a> את תוסף SQLite בשביל להתחבר',
 	'Default value' => 'ערך ברירת מחדל',
 	'Full table scan' => 'סריקה טבלה מלאה',
 	'Too many unsuccessful logins, try again in %d minute(s).' => 'יותר מידי נסיונות כניסה נכשלו, אנא נסה עוד %d דקות',
--- a/adminer/lang/ms.inc.php
+++ b/adminer/lang/ms.inc.php
@ -12,7 +12,6 @@ $translations = array(
 	'Logout successful.' => 'Log keluar berjaya.',
 	'Thanks for using Adminer, consider <a href="%s">donating</a>.' => 'Terima kasih kerana menggunakan Adminer, pertimbangkan untuk <a href="%s">menderma</a>.',
 	'Invalid credentials.' => 'Akses tidak sah.',
-	'<a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to use SQLite.' => '<a href="https://www.adminer.org/en/extension/"%s>Gunakan</a> cara %s untuk menggunakan SQLite.',
 	'Too many unsuccessful logins, try again in %d minute(s).' => 'Terlalu banyak percubaan log masuk yang gagal, sila cuba lagi dalam masa %d minit.',
 	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => 'Kata laluan utama telah luput. <a href="https://www.adminer.org/en/extension/"%s>Gunakan</a> cara %s untuk mengekalkannya.',
 	'Language' => 'Bahasa',
--- a/adminer/lang/pl.inc.php
+++ b/adminer/lang/pl.inc.php
@ -12,7 +12,6 @@ $translations = array(
 	'Logout successful.' => 'Wylogowano pomyślnie.',
 	'Thanks for using Adminer, consider <a href="%s">donating</a>.' => 'Dziękujemy za używanie Adminera, rozważ proszę <a href="%s">dotację</a>.',
 	'Invalid credentials.' => 'Nieprawidłowe dane logowania.',
-	'<a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to use SQLite.' => '<a href="https://www.adminer.org/pl/extension/"%s>Zaimplementuj</a> metodę %s aby użyć SQLite.',
 	'Too many unsuccessful logins, try again in %d minute(s).' => array('Za dużo nieudanych prób logowania, spróbuj ponownie za %d minutę.', 'Za dużo nieudanych prób logowania, spróbuj ponownie za %d minuty.', 'Za dużo nieudanych prób logowania, spróbuj ponownie za %d minut.'),
 	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => 'Ważność hasła głównego wygasła. <a href="https://www.adminer.org/pl/extension/"%s>Zaimplementuj</a> własną metodę %s, aby ustawić je na stałe.',
 	'Language' => 'Język',
--- a/adminer/lang/ru.inc.php
+++ b/adminer/lang/ru.inc.php
@ -276,7 +276,6 @@ $translations = array(
 	'ATTACH queries are not supported.' => 'ATTACH-запросы не поддерживаются.',
 	'%d / ' => '%d / ',
 	'Limit rows' => 'Лимит строк',
-	'<a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to use SQLite.' => '<a href="https://www.adminer.org/en/extension/"%s>Реализуйте</a> метод %s, чтобы использовать SQLite.',
 	'Default value' => 'Значение по умолчанию',
 	'Full table scan' => 'Анализ полной таблицы',
 	'Too many unsuccessful logins, try again in %d minute(s).' => array('Слишком много неудачных попыток входа. Попробуйте снова через %d минуту.', 'Слишком много неудачных попыток входа. Попробуйте снова через %d минуты.', 'Слишком много неудачных попыток входа. Попробуйте снова через %d минут.'),
--- a/adminer/lang/tr.inc.php
+++ b/adminer/lang/tr.inc.php
@ -12,7 +12,6 @@ $translations = array(
 	'Logout successful.' => 'Oturum başarıyla sonlandı.',
 	'Thanks for using Adminer, consider <a href="%s">donating</a>.' => 'Adminer kullandığınız için teşekkür ederiz <a href="%s">bağış yapmayı düşünün</a>.',
 	'Invalid credentials.' => 'Geçersiz kimlik bilgileri.',
-	'<a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to use SQLite.' => 'SQLite kullanmak için <a href="https://www.adminer.org/en/extension/"%s>%s metodunu</a> kullanın.',
 	'Too many unsuccessful logins, try again in %d minute(s).' => array('Çok fazla oturum açma denemesi yapıldı.', '%d Dakika sonra tekrar deneyiniz.'),
 	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => 'Ana şifrenin süresi doldu. Kalıcı olması için <a href="https://www.adminer.org/en/extension/"%s>%s medodunu</a> kullanın.',
 	'Language' => 'Dil',
--- a/adminer/lang/xx.inc.php
+++ b/adminer/lang/xx.inc.php
@ -12,7 +12,8 @@ $translations = array(
 	'Logout successful.' => 'Xx.',
 	'Thanks for using Adminer, consider <a href="%s">donating</a>.' => 'Xx <a href="%s">xx</a>.',
 	'Invalid credentials.' => 'Xx.',
-	'<a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to use SQLite.' => '<a href="https://www.adminer.org/en/extension/"%s>Xx</a> %s xx.',
+	'<a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to use password-less database.' => '<a href="https://www.adminer.org/en/extension/"%s>Xx</a> %s xx.',
+	'Database does not support password.' => 'Xx.',
 	'Too many unsuccessful logins, try again in %d minute(s).' => array('Xx %d.', 'Xx %d.'),
 	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => '<a href="https://www.adminer.org/en/extension/"%s>Xx</a> %s xx.',
 	'Language' => 'Xx',
--- a/adminer/sqlite.php
+++ b/adminer/sqlite.php
@ -1,8 +1,10 @@
 <?php
 function adminer_object() {
 	include_once "../plugins/plugin.php";
-	include_once "../plugins/login-sqlite.php";
-	return new AdminerPlugin(array(new AdminerLoginSqlite("admin", password_hash("", PASSWORD_DEFAULT))));
+	include_once "../plugins/login-password-less.php";
+	return new AdminerPlugin(array(
+		new AdminerLoginPasswordLess(password_hash("YOUR_PASSWORD_HERE", PASSWORD_DEFAULT)),
+	));
 }

 include "./index.php";
--- a/changes.txt
+++ b/changes.txt
@ -1,4 +1,5 @@
 Adminer 4.6.3-dev:
+Disallow using password-less databases
 Stop session before connecting
 Simplify running slow queries
 Decrease timeout for running slow queries from 5 seconds to 2 seconds
--- a/plugins/login-password-less.php
+++ b/plugins/login-password-less.php
@ -1,29 +1,31 @@
 <?php

-/** Enable login for SQLite
+/** Enable login for password-less database
 * @link https://www.adminer.org/plugins/#use
 * @author Jakub Vrana, https://www.vrana.cz/
 * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
 * @license https://www.gnu.org/licenses/gpl-2.0.html GNU General Public License, version 2 (one or other)
 */
-class AdminerLoginSqlite {
+class AdminerLoginPasswordLess {
 	/** @access protected */
-	var $login, $password_hash;
+	var $password_hash;
 	
-	/** Set allowed credentials
-	* @param string
+	/** Set allowed password
 	* @param string result of password_hash
 	*/
-	function __construct($login, $password_hash) {
-		$this->login = $login;
+	function __construct($password_hash) {
 		$this->password_hash = $password_hash;
 	}
+
+	function credentials() {
+		$password = get_password();
+		return array(SERVER, $_GET["username"], (password_verify($password, $this->password_hash) ? "" : $password));
+	}
 	
 	function login($login, $password) {
-		if (DRIVER != "sqlite" && DRIVER != "sqlite2") {
+		if ($password != "") {
 			return true;
 		}
-		return $this->login == $login && password_verify($password, $this->password_hash);
 	}

 }