From 741c073c956bff428e1f40d996b514a230c751e1 Mon Sep 17 00:00:00 2001 From: Jakub Vrana Date: Sat, 8 Sep 2012 20:54:02 -0700 Subject: [PATCH] Unset wrong login from permanent logins --- adminer/include/auth.inc.php | 19 +++++++++++++------ adminer/include/bootstrap.inc.php | 2 +- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php index c683fb97..6a07e26e 100644 --- a/adminer/include/auth.inc.php +++ b/adminer/include/auth.inc.php @@ -41,11 +41,7 @@ if ($auth) { foreach (array("pwds", "dbs", "queries") as $key) { set_session($key, null); } - $key = base64_encode(DRIVER) . "-" . base64_encode(SERVER) . "-" . base64_encode($_GET["username"]); - if ($permanent[$key]) { - unset($permanent[$key]); - cookie("adminer_permanent", implode(" ", $permanent)); - } + unset_permanent(); redirect(substr(preg_replace('~(username|db|ns)=[^&]*&~', '', ME), 0, -1), lang('Logout successful.')); } } elseif ($permanent && !$_SESSION["pwds"]) { @@ -58,6 +54,15 @@ if ($auth) { } } +function unset_permanent() { + global $permanent; + $key = base64_encode(DRIVER) . "-" . base64_encode(SERVER) . "-" . base64_encode($_GET["username"]); + if ($permanent[$key]) { + unset($permanent[$key]); + cookie("adminer_permanent", implode(" ", $permanent)); + } +} + function auth_error($exception = null) { global $connection, $adminer, $token; $session_name = session_name(); @@ -73,6 +78,7 @@ function auth_error($exception = null) { $error = h($exception ? $exception->getMessage() : (is_string($connection) ? $connection : lang('Invalid credentials.'))); $password = null; } + unset_permanent(); } } page_header(lang('Login'), $error, null); @@ -87,7 +93,8 @@ function auth_error($exception = null) { if (isset($_GET["username"])) { if (!class_exists("Min_DB")) { - unset($_SESSION["pwds"][DRIVER]); //! remove also from adminer_permanent + unset($_SESSION["pwds"][DRIVER]); + unset_permanent(); page_header(lang('No extension'), lang('None of the supported PHP extensions (%s) are available.', implode(", ", $possible_drivers)), false); page_footer("auth"); exit; diff --git a/adminer/include/bootstrap.inc.php b/adminer/include/bootstrap.inc.php index 85cb9038..e8de1332 100644 --- a/adminer/include/bootstrap.inc.php +++ b/adminer/include/bootstrap.inc.php @@ -21,7 +21,7 @@ if (isset($_GET["file"])) { include "../adminer/include/functions.inc.php"; -global $adminer, $connection, $drivers, $edit_functions, $enum_length, $error, $functions, $grouping, $HTTPS, $inout, $jush, $LANG, $langs, $on_actions, $structured_types, $token, $translations, $types, $unsigned, $VERSION; // allows including Adminer inside a function +global $adminer, $connection, $drivers, $edit_functions, $enum_length, $error, $functions, $grouping, $HTTPS, $inout, $jush, $LANG, $langs, $on_actions, $permanent, $structured_types, $token, $translations, $types, $unsigned, $VERSION; // allows including Adminer inside a function if (!$_SERVER["REQUEST_URI"]) { // IIS 5 compatibility $_SERVER["REQUEST_URI"] = $_SERVER["ORIG_PATH_INFO"];