From b7e446b1cb749c9b5d045f681f7ba776ff1a3bbb Mon Sep 17 00:00:00 2001
From: jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
Date: Tue, 10 Jul 2007 15:09:07 +0000
Subject: [PATCH] Always require login Detect missing session

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@104 7c3ca157-0c34-0410-bff1-cbf682f78f5c
---
 auth.inc.php | 31 +++++++++++++++++++++----------
 1 file changed, 21 insertions(+), 10 deletions(-)

diff --git a/auth.inc.php b/auth.inc.php
index 1b622e2a..bf50f0f4 100644
--- a/auth.inc.php
+++ b/auth.inc.php
@@ -1,25 +1,36 @@
 <?php
 if (isset($_POST["server"])) {
-	session_regenerate_id();
-	$_SESSION["usernames"][$_POST["server"]] = $_POST["username"];
-	$_SESSION["passwords"][$_POST["server"]] = $_POST["password"];
-	if (count($_POST) == 3) {
-		header("Location: " . ((string) $_GET["server"] === $_POST["server"] ? preg_replace('~(\\?)logout=&|[?&]logout=~', '\\1', $_SERVER["REQUEST_URI"]) : preg_replace('~^[^?]*/([^?]*).*~', '\\1' . (strlen($_POST["server"]) ? '?server=' . urlencode($_POST["server"]) : '') . (strlen(SID) ? (strlen($_POST["server"]) ? "&" : "?") . SID : ""), $_SERVER["REQUEST_URI"])));
-		exit;
+	if (isset($_REQUEST[session_name()])) {
+		session_regenerate_id();
+		$_SESSION["usernames"][$_POST["server"]] = $_POST["username"];
+		$_SESSION["passwords"][$_POST["server"]] = $_POST["password"];
+		if (count($_POST) == ($_POST[session_name()] ? 4 : 3)) {
+			if ((string) $_GET["server"] === $_POST["server"]) {
+				$location = preg_replace('~(\\?)' . urlencode(session_name()) . '=[^&]*&|[?&]' . urlencode(session_name()) . '=[^&]*~', '\\1', $_SERVER["REQUEST_URI"]);
+			} else {
+				$location = preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . (strlen($_POST["server"]) ? '?server=' . urlencode($_POST["server"]) : '');
+			}
+			if (strlen(SID)) {
+				$location .= (strpos($location, "?") === false ? "?" : "&") . SID;
+			}
+			header("Location: " . (strlen($location) ? $location : "."));
+			exit;
+		}
 	}
 	$_GET["server"] = $_POST["server"];
 } elseif (isset($_GET["logout"])) {
 	unset($_SESSION["usernames"][$_GET["server"]]);
 	unset($_SESSION["passwords"][$_GET["server"]]);
 	$_SESSION["tokens"][$_GET["server"]] = array();
+	redirect(substr($SELF, 0, -1), lang('Logout successful.'));
 }
 
-if (isset($_GET["logout"]) || !$mysql->connect($_GET["server"], $_SESSION["usernames"][$_GET["server"]], $_SESSION["passwords"][$_GET["server"]])) {
+if (!isset($_SESSION["usernames"][$_GET["server"]]) || !$mysql->connect($_GET["server"], $_SESSION["usernames"][$_GET["server"]], $_SESSION["passwords"][$_GET["server"]])) {
 	page_header(lang('Login'));
-	if (isset($_GET["logout"])) {
-		echo "<p class='message'>" . lang('Logout successful.') . "</p>\n";
-	} elseif (isset($_SESSION["usernames"][$_GET["server"]])) {
+	if (isset($_SESSION["usernames"][$_GET["server"]])) {
 		echo "<p class='error'>" . lang('Invalid credentials.') . "</p>\n";
+	} elseif (isset($_POST["server"])) {
+		echo "<p class='error'>" . lang('Sessions must be enabled.') . "</p>\n";
 	}
 	?>
 	<form action="" method="post">