diff --git a/_compile.php b/_compile.php
index f685f7b2..c72ff115 100644
--- a/_compile.php
+++ b/_compile.php
@@ -76,7 +76,7 @@ function short_identifier($number, $chars) {
// Based on Dgx's PHP shrinker
function php_shrink($input) {
- $special_variables = array_flip(array('$TOKENS', '$this', '$GLOBALS', '$_GET', '$_POST', '$_FILES', '$_COOKIE', '$_SESSION', '$_SERVER'));
+ $special_variables = array_flip(array('$this', '$GLOBALS', '$_GET', '$_POST', '$_FILES', '$_COOKIE', '$_SESSION', '$_SERVER'));
static $short_variables = array();
$shortening = true;
$special_functions = array_flip(array('Min_MySQLi', 'Min_MySQLResult', '__construct'));
diff --git a/auth.inc.php b/auth.inc.php
index 5db786de..7a92b16f 100644
--- a/auth.inc.php
+++ b/auth.inc.php
@@ -8,6 +8,7 @@ if (isset($_POST["server"])) {
session_regenerate_id();
$_SESSION["usernames"][$_POST["server"]] = $_POST["username"];
$_SESSION["passwords"][$_POST["server"]] = $_POST["password"];
+ $_SESSION["tokens"][$_POST["server"]] = rand(1, 1e6);
if (count($_POST) == count($ignore)) {
$location = ((string) $_GET["server"] === $_POST["server"] ? remove_from_uri() : preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . (strlen($_POST["server"]) ? '?server=' . urlencode($_POST["server"]) : ''));
if (!isset($_COOKIE[session_name()])) {
@@ -16,10 +17,13 @@ if (isset($_POST["server"])) {
header("Location: " . (strlen($location) ? $location : "."));
exit;
}
+ if ($_POST["token"]) {
+ $_POST["token"] = $_SESSION["tokens"][$_POST["server"]];
+ }
}
$_GET["server"] = $_POST["server"];
} elseif (isset($_POST["logout"])) {
- if ($_POST["token"] != $_SESSION["tokens"][$_GET["server"]]["?logout"]) {
+ if ($_POST["token"] != $_SESSION["tokens"][$_GET["server"]]) {
page_header(lang('Logout'), lang('Invalid CSRF token. Send the form again.'));
page_footer("db");
exit;
@@ -27,7 +31,7 @@ if (isset($_POST["server"])) {
unset($_SESSION["usernames"][$_GET["server"]]);
unset($_SESSION["passwords"][$_GET["server"]]);
unset($_SESSION["databases"][$_GET["server"]]);
- $_SESSION["tokens"][$_GET["server"]] = array();
+ unset($_SESSION["tokens"][$_GET["server"]]);
redirect(substr($SELF, 0, -1), lang('Logout successful.'));
}
}
@@ -35,9 +39,6 @@ if (isset($_POST["server"])) {
function auth_error() {
global $ignore;
$username = $_SESSION["usernames"][$_GET["server"]];
- if ($_POST["token"] && !isset($username)) {
- $_POST["token"] = token();
- }
unset($_SESSION["usernames"][$_GET["server"]]);
page_header(lang('Login'), (isset($username) ? lang('Invalid credentials.') : (isset($_POST["server"]) ? lang('Sessions must be enabled.') : ($_POST ? lang('Session expired, please login again.') : ""))), null);
?>
diff --git a/design.inc.php b/design.inc.php
index 06b1eefc..41a92741 100644
--- a/design.inc.php
+++ b/design.inc.php
@@ -9,7 +9,7 @@ function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
-<?php echo $title . (strlen($title2) ? ": " . htmlspecialchars($title2) : "") . " - " . lang('phpMinAdmin') . " 1.10.1-dev"; ?>
+<?php echo $title . (strlen($title2) ? ": " . htmlspecialchars($title2) : "") . " - " . lang('phpMinAdmin') . " 1.10.2-dev"; ?>
" />
@@ -46,9 +46,6 @@ function toggle(id) {
echo "" . implode("
\n", $_SESSION["messages"]) . "
\n";
$_SESSION["messages"] = array();
}
- if (!$_SESSION["tokens"][$_GET["server"]]["?logout"]) {
- $_SESSION["tokens"][$_GET["server"]]["?logout"] = rand(1, 1e6);
- }
$databases = &$_SESSION["databases"][$_GET["server"]];
if (strlen($_GET["db"]) && $databases && !in_array($_GET["db"], $databases, true)) {
$databases = null;
@@ -74,7 +71,7 @@ function page_footer($missing = false) {
">
-" />
+" />
diff --git a/functions.inc.php b/functions.inc.php
index 83d324ed..c5a01df1 100644
--- a/functions.inc.php
+++ b/functions.inc.php
@@ -183,23 +183,10 @@ function collations() {
return $return;
}
-function token() {
- return ($GLOBALS["TOKENS"][] = rand(1, 1e6));
-}
-
-function token_delete() {
- if ($_POST["token"] && ($pos = array_search($_POST["token"], (array) $GLOBALS["TOKENS"])) !== false) {
- unset($GLOBALS["TOKENS"][$pos]);
- return true;
- }
- return false;
-}
-
function redirect($location, $message = null) {
if (isset($message)) {
$_SESSION["messages"][] = $message;
}
- token_delete();
if (strlen(SID)) {
$location .= (strpos($location, "?") === false ? "?" : "&") . SID;
}
diff --git a/index.php b/index.php
index e213d7ff..3e8d8814 100644
--- a/index.php
+++ b/index.php
@@ -45,7 +45,6 @@ if (get_magic_quotes_gpc()) {
}
set_magic_quotes_runtime(false);
$SELF = preg_replace('~^[^?]*/([^?]*).*~', '\\1?', $_SERVER["REQUEST_URI"]) . (strlen($_GET["server"]) ? 'server=' . urlencode($_GET["server"]) . '&' : '') . (strlen($_GET["db"]) ? 'db=' . urlencode($_GET["db"]) . '&' : '');
-$TOKENS = &$_SESSION["tokens"][$_GET["server"]][$_SERVER["REQUEST_URI"]];
include "./functions.inc.php";
include "./lang.inc.php";
@@ -88,14 +87,14 @@ if (isset($_GET["download"])) {
} elseif (isset($_GET["privileges"])) {
include "./privileges.inc.php";
} else { // uses CSRF token
+ $token = $_SESSION["tokens"][$_GET["server"]];
if ($_POST) {
- if (!in_array($_POST["token"], (array) $TOKENS)) {
+ if ($_POST["token"] != $token) {
$error = lang('Invalid CSRF token. Send the form again.');
}
} elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
$error = lang('Too big POST data. Reduce the data or increase the "post_max_size" configuration directive.');
}
- $token = ($_POST && !$error ? $_POST["token"] : token());
if (isset($_GET["default"])) {
$_GET["edit"] = $_GET["default"];
}