Use one token for all
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@601 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
parent
55a12f4bd8
commit
815eb26e57
|
@ -76,7 +76,7 @@ function short_identifier($number, $chars) {
|
||||||
|
|
||||||
// Based on Dgx's PHP shrinker
|
// Based on Dgx's PHP shrinker
|
||||||
function php_shrink($input) {
|
function php_shrink($input) {
|
||||||
$special_variables = array_flip(array('$TOKENS', '$this', '$GLOBALS', '$_GET', '$_POST', '$_FILES', '$_COOKIE', '$_SESSION', '$_SERVER'));
|
$special_variables = array_flip(array('$this', '$GLOBALS', '$_GET', '$_POST', '$_FILES', '$_COOKIE', '$_SESSION', '$_SERVER'));
|
||||||
static $short_variables = array();
|
static $short_variables = array();
|
||||||
$shortening = true;
|
$shortening = true;
|
||||||
$special_functions = array_flip(array('Min_MySQLi', 'Min_MySQLResult', '__construct'));
|
$special_functions = array_flip(array('Min_MySQLi', 'Min_MySQLResult', '__construct'));
|
||||||
|
|
11
auth.inc.php
11
auth.inc.php
|
@ -8,6 +8,7 @@ if (isset($_POST["server"])) {
|
||||||
session_regenerate_id();
|
session_regenerate_id();
|
||||||
$_SESSION["usernames"][$_POST["server"]] = $_POST["username"];
|
$_SESSION["usernames"][$_POST["server"]] = $_POST["username"];
|
||||||
$_SESSION["passwords"][$_POST["server"]] = $_POST["password"];
|
$_SESSION["passwords"][$_POST["server"]] = $_POST["password"];
|
||||||
|
$_SESSION["tokens"][$_POST["server"]] = rand(1, 1e6);
|
||||||
if (count($_POST) == count($ignore)) {
|
if (count($_POST) == count($ignore)) {
|
||||||
$location = ((string) $_GET["server"] === $_POST["server"] ? remove_from_uri() : preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . (strlen($_POST["server"]) ? '?server=' . urlencode($_POST["server"]) : ''));
|
$location = ((string) $_GET["server"] === $_POST["server"] ? remove_from_uri() : preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . (strlen($_POST["server"]) ? '?server=' . urlencode($_POST["server"]) : ''));
|
||||||
if (!isset($_COOKIE[session_name()])) {
|
if (!isset($_COOKIE[session_name()])) {
|
||||||
|
@ -16,10 +17,13 @@ if (isset($_POST["server"])) {
|
||||||
header("Location: " . (strlen($location) ? $location : "."));
|
header("Location: " . (strlen($location) ? $location : "."));
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
if ($_POST["token"]) {
|
||||||
|
$_POST["token"] = $_SESSION["tokens"][$_POST["server"]];
|
||||||
|
}
|
||||||
}
|
}
|
||||||
$_GET["server"] = $_POST["server"];
|
$_GET["server"] = $_POST["server"];
|
||||||
} elseif (isset($_POST["logout"])) {
|
} elseif (isset($_POST["logout"])) {
|
||||||
if ($_POST["token"] != $_SESSION["tokens"][$_GET["server"]]["?logout"]) {
|
if ($_POST["token"] != $_SESSION["tokens"][$_GET["server"]]) {
|
||||||
page_header(lang('Logout'), lang('Invalid CSRF token. Send the form again.'));
|
page_header(lang('Logout'), lang('Invalid CSRF token. Send the form again.'));
|
||||||
page_footer("db");
|
page_footer("db");
|
||||||
exit;
|
exit;
|
||||||
|
@ -27,7 +31,7 @@ if (isset($_POST["server"])) {
|
||||||
unset($_SESSION["usernames"][$_GET["server"]]);
|
unset($_SESSION["usernames"][$_GET["server"]]);
|
||||||
unset($_SESSION["passwords"][$_GET["server"]]);
|
unset($_SESSION["passwords"][$_GET["server"]]);
|
||||||
unset($_SESSION["databases"][$_GET["server"]]);
|
unset($_SESSION["databases"][$_GET["server"]]);
|
||||||
$_SESSION["tokens"][$_GET["server"]] = array();
|
unset($_SESSION["tokens"][$_GET["server"]]);
|
||||||
redirect(substr($SELF, 0, -1), lang('Logout successful.'));
|
redirect(substr($SELF, 0, -1), lang('Logout successful.'));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -35,9 +39,6 @@ if (isset($_POST["server"])) {
|
||||||
function auth_error() {
|
function auth_error() {
|
||||||
global $ignore;
|
global $ignore;
|
||||||
$username = $_SESSION["usernames"][$_GET["server"]];
|
$username = $_SESSION["usernames"][$_GET["server"]];
|
||||||
if ($_POST["token"] && !isset($username)) {
|
|
||||||
$_POST["token"] = token();
|
|
||||||
}
|
|
||||||
unset($_SESSION["usernames"][$_GET["server"]]);
|
unset($_SESSION["usernames"][$_GET["server"]]);
|
||||||
page_header(lang('Login'), (isset($username) ? lang('Invalid credentials.') : (isset($_POST["server"]) ? lang('Sessions must be enabled.') : ($_POST ? lang('Session expired, please login again.') : ""))), null);
|
page_header(lang('Login'), (isset($username) ? lang('Invalid credentials.') : (isset($_POST["server"]) ? lang('Sessions must be enabled.') : ($_POST ? lang('Session expired, please login again.') : ""))), null);
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -9,7 +9,7 @@ function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
|
||||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||||
<meta http-equiv="Content-Script-Type" content="text/javascript" />
|
<meta http-equiv="Content-Script-Type" content="text/javascript" />
|
||||||
<meta name="robots" content="noindex" />
|
<meta name="robots" content="noindex" />
|
||||||
<title><?php echo $title . (strlen($title2) ? ": " . htmlspecialchars($title2) : "") . " - " . lang('phpMinAdmin') . " 1.10.1-dev"; ?></title>
|
<title><?php echo $title . (strlen($title2) ? ": " . htmlspecialchars($title2) : "") . " - " . lang('phpMinAdmin') . " 1.10.2-dev"; ?></title>
|
||||||
<link rel="shortcut icon" type="image/x-icon" href="favicon.ico" />
|
<link rel="shortcut icon" type="image/x-icon" href="favicon.ico" />
|
||||||
<link rel="stylesheet" type="text/css" href="<?php echo (file_exists("phpMinAdmin.css") ? "phpMinAdmin.css" : "default.css"); // Ondrej Valka, http://valka.info ?>" />
|
<link rel="stylesheet" type="text/css" href="<?php echo (file_exists("phpMinAdmin.css") ? "phpMinAdmin.css" : "default.css"); // Ondrej Valka, http://valka.info ?>" />
|
||||||
</head>
|
</head>
|
||||||
|
@ -46,9 +46,6 @@ function toggle(id) {
|
||||||
echo "<p class='message'>" . implode("</p>\n<p class='message'>", $_SESSION["messages"]) . "</p>\n";
|
echo "<p class='message'>" . implode("</p>\n<p class='message'>", $_SESSION["messages"]) . "</p>\n";
|
||||||
$_SESSION["messages"] = array();
|
$_SESSION["messages"] = array();
|
||||||
}
|
}
|
||||||
if (!$_SESSION["tokens"][$_GET["server"]]["?logout"]) {
|
|
||||||
$_SESSION["tokens"][$_GET["server"]]["?logout"] = rand(1, 1e6);
|
|
||||||
}
|
|
||||||
$databases = &$_SESSION["databases"][$_GET["server"]];
|
$databases = &$_SESSION["databases"][$_GET["server"]];
|
||||||
if (strlen($_GET["db"]) && $databases && !in_array($_GET["db"], $databases, true)) {
|
if (strlen($_GET["db"]) && $databases && !in_array($_GET["db"], $databases, true)) {
|
||||||
$databases = null;
|
$databases = null;
|
||||||
|
@ -74,7 +71,7 @@ function page_footer($missing = false) {
|
||||||
<p>
|
<p>
|
||||||
<a href="<?php echo htmlspecialchars($SELF); ?>sql="><?php echo lang('SQL command'); ?></a>
|
<a href="<?php echo htmlspecialchars($SELF); ?>sql="><?php echo lang('SQL command'); ?></a>
|
||||||
<a href="<?php echo htmlspecialchars($SELF); ?>dump=<?php echo urlencode(isset($_GET["table"]) ? $_GET["table"] : $_GET["select"]); ?>"><?php echo lang('Dump'); ?></a>
|
<a href="<?php echo htmlspecialchars($SELF); ?>dump=<?php echo urlencode(isset($_GET["table"]) ? $_GET["table"] : $_GET["select"]); ?>"><?php echo lang('Dump'); ?></a>
|
||||||
<input type="hidden" name="token" value="<?php echo $_SESSION["tokens"][$_GET["server"]]["?logout"]; ?>" />
|
<input type="hidden" name="token" value="<?php echo $_SESSION["tokens"][$_GET["server"]]; ?>" />
|
||||||
<input type="submit" name="logout" value="<?php echo lang('Logout'); ?>" />
|
<input type="submit" name="logout" value="<?php echo lang('Logout'); ?>" />
|
||||||
</p>
|
</p>
|
||||||
</form>
|
</form>
|
||||||
|
|
|
@ -183,23 +183,10 @@ function collations() {
|
||||||
return $return;
|
return $return;
|
||||||
}
|
}
|
||||||
|
|
||||||
function token() {
|
|
||||||
return ($GLOBALS["TOKENS"][] = rand(1, 1e6));
|
|
||||||
}
|
|
||||||
|
|
||||||
function token_delete() {
|
|
||||||
if ($_POST["token"] && ($pos = array_search($_POST["token"], (array) $GLOBALS["TOKENS"])) !== false) {
|
|
||||||
unset($GLOBALS["TOKENS"][$pos]);
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
function redirect($location, $message = null) {
|
function redirect($location, $message = null) {
|
||||||
if (isset($message)) {
|
if (isset($message)) {
|
||||||
$_SESSION["messages"][] = $message;
|
$_SESSION["messages"][] = $message;
|
||||||
}
|
}
|
||||||
token_delete();
|
|
||||||
if (strlen(SID)) {
|
if (strlen(SID)) {
|
||||||
$location .= (strpos($location, "?") === false ? "?" : "&") . SID;
|
$location .= (strpos($location, "?") === false ? "?" : "&") . SID;
|
||||||
}
|
}
|
||||||
|
|
|
@ -45,7 +45,6 @@ if (get_magic_quotes_gpc()) {
|
||||||
}
|
}
|
||||||
set_magic_quotes_runtime(false);
|
set_magic_quotes_runtime(false);
|
||||||
$SELF = preg_replace('~^[^?]*/([^?]*).*~', '\\1?', $_SERVER["REQUEST_URI"]) . (strlen($_GET["server"]) ? 'server=' . urlencode($_GET["server"]) . '&' : '') . (strlen($_GET["db"]) ? 'db=' . urlencode($_GET["db"]) . '&' : '');
|
$SELF = preg_replace('~^[^?]*/([^?]*).*~', '\\1?', $_SERVER["REQUEST_URI"]) . (strlen($_GET["server"]) ? 'server=' . urlencode($_GET["server"]) . '&' : '') . (strlen($_GET["db"]) ? 'db=' . urlencode($_GET["db"]) . '&' : '');
|
||||||
$TOKENS = &$_SESSION["tokens"][$_GET["server"]][$_SERVER["REQUEST_URI"]];
|
|
||||||
|
|
||||||
include "./functions.inc.php";
|
include "./functions.inc.php";
|
||||||
include "./lang.inc.php";
|
include "./lang.inc.php";
|
||||||
|
@ -88,14 +87,14 @@ if (isset($_GET["download"])) {
|
||||||
} elseif (isset($_GET["privileges"])) {
|
} elseif (isset($_GET["privileges"])) {
|
||||||
include "./privileges.inc.php";
|
include "./privileges.inc.php";
|
||||||
} else { // uses CSRF token
|
} else { // uses CSRF token
|
||||||
|
$token = $_SESSION["tokens"][$_GET["server"]];
|
||||||
if ($_POST) {
|
if ($_POST) {
|
||||||
if (!in_array($_POST["token"], (array) $TOKENS)) {
|
if ($_POST["token"] != $token) {
|
||||||
$error = lang('Invalid CSRF token. Send the form again.');
|
$error = lang('Invalid CSRF token. Send the form again.');
|
||||||
}
|
}
|
||||||
} elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
|
} elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||||||
$error = lang('Too big POST data. Reduce the data or increase the "post_max_size" configuration directive.');
|
$error = lang('Too big POST data. Reduce the data or increase the "post_max_size" configuration directive.');
|
||||||
}
|
}
|
||||||
$token = ($_POST && !$error ? $_POST["token"] : token());
|
|
||||||
if (isset($_GET["default"])) {
|
if (isset($_GET["default"])) {
|
||||||
$_GET["edit"] = $_GET["default"];
|
$_GET["edit"] = $_GET["default"];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue