Prepare for crypting passwords stored in session
This commit is contained in:
Jakub Vrana
parent
37c97a18ca
commit
c0fe3a6ff7
|
|
@ -16,7 +16,7 @@ class Adminer {
|
||||||
* @return array ($server, $username, $password)
|
* @return array ($server, $username, $password)
|
||||||
*/
|
*/
|
||||||
function credentials() {
|
function credentials() {
|
||||||
return array(SERVER, $_GET["username"], get_session("pwds"));
|
return array(SERVER, $_GET["username"], get_password());
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Get key used for permanent login
|
/** Get key used for permanent login
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@ if ($_COOKIE["adminer_permanent"]) {
|
||||||
$auth = $_POST["auth"];
|
$auth = $_POST["auth"];
|
||||||
if ($auth) {
|
if ($auth) {
|
||||||
session_regenerate_id(); // defense against session fixation
|
session_regenerate_id(); // defense against session fixation
|
||||||
$_SESSION["pwds"][$auth["driver"]][$auth["server"]][$auth["username"]] = $auth["password"];
|
set_password($auth["driver"], $auth["server"], $auth["username"], $auth["password"]);
|
||||||
$_SESSION["db"][$auth["driver"]][$auth["server"]][$auth["username"]][$auth["db"]] = true;
|
$_SESSION["db"][$auth["driver"]][$auth["server"]][$auth["username"]][$auth["db"]] = true;
|
||||||
if ($auth["permanent"]) {
|
if ($auth["permanent"]) {
|
||||||
$key = base64_encode($auth["driver"]) . "-" . base64_encode($auth["server"]) . "-" . base64_encode($auth["username"]) . "-" . base64_encode($auth["db"]);
|
$key = base64_encode($auth["driver"]) . "-" . base64_encode($auth["server"]) . "-" . base64_encode($auth["username"]) . "-" . base64_encode($auth["db"]);
|
||||||
|
|
@ -53,7 +53,7 @@ if ($auth) {
|
||||||
foreach ($permanent as $key => $val) {
|
foreach ($permanent as $key => $val) {
|
||||||
list(, $cipher) = explode(":", $val);
|
list(, $cipher) = explode(":", $val);
|
||||||
list($vendor, $server, $username, $db) = array_map('base64_decode', explode("-", $key));
|
list($vendor, $server, $username, $db) = array_map('base64_decode', explode("-", $key));
|
||||||
$_SESSION["pwds"][$vendor][$server][$username] = decrypt_string(base64_decode($cipher), $private);
|
set_password($vendor, $server, $username, decrypt_string(base64_decode($cipher), $private));
|
||||||
$_SESSION["db"][$vendor][$server][$username][$db] = true;
|
$_SESSION["db"][$vendor][$server][$username][$db] = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -79,13 +79,13 @@ function auth_error($exception = null) {
|
||||||
if (($_COOKIE[$session_name] || $_GET[$session_name]) && !$token) {
|
if (($_COOKIE[$session_name] || $_GET[$session_name]) && !$token) {
|
||||||
$error = lang('Session expired, please login again.');
|
$error = lang('Session expired, please login again.');
|
||||||
} else {
|
} else {
|
||||||
$password = &get_session("pwds");
|
$password = get_password();
|
||||||
if ($password !== null) {
|
if ($password !== null) {
|
||||||
$error = h($exception ? $exception->getMessage() : (is_string($connection) ? $connection : lang('Invalid credentials.')));
|
$error = h($exception ? $exception->getMessage() : (is_string($connection) ? $connection : lang('Invalid credentials.')));
|
||||||
if ($password === false) {
|
if ($password === false) {
|
||||||
$error .= '<br>' . lang('Master password expired. <a href="http://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to make it permanent.', '<code>permanentLogin()</code>');
|
$error .= '<br>' . lang('Master password expired. <a href="http://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to make it permanent.', '<code>permanentLogin()</code>');
|
||||||
}
|
}
|
||||||
$password = null;
|
set_password(DRIVER, SERVER, $_GET["username"], null);
|
||||||
}
|
}
|
||||||
unset_permanent();
|
unset_permanent();
|
||||||
}
|
}
|
||||||
|
|
@ -100,6 +100,14 @@ function auth_error($exception = null) {
|
||||||
page_footer("auth");
|
page_footer("auth");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function set_password($vendor, $server, $username, $password) {
|
||||||
|
$_SESSION["pwds"][$vendor][$server][$username] = $password;
|
||||||
|
}
|
||||||
|
|
||||||
|
function get_password() {
|
||||||
|
return get_session("pwds");
|
||||||
|
}
|
||||||
|
|
||||||
if (isset($_GET["username"])) {
|
if (isset($_GET["username"])) {
|
||||||
if (!class_exists("Min_DB")) {
|
if (!class_exists("Min_DB")) {
|
||||||
unset($_SESSION["pwds"][DRIVER]);
|
unset($_SESSION["pwds"][DRIVER]);
|
||||||
|
|
@ -111,7 +119,7 @@ if (isset($_GET["username"])) {
|
||||||
$connection = connect();
|
$connection = connect();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (is_string($connection) || !$adminer->login($_GET["username"], get_session("pwds"))) {
|
if (is_string($connection) || !$adminer->login($_GET["username"], get_password())) {
|
||||||
auth_error();
|
auth_error();
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ class Adminer {
|
||||||
//! driver, ns
|
//! driver, ns
|
||||||
|
|
||||||
function credentials() {
|
function credentials() {
|
||||||
return array(SERVER, $_GET["username"], get_session("pwds"));
|
return array(SERVER, $_GET["username"], get_password());
|
||||||
}
|
}
|
||||||
|
|
||||||
function permanentLogin($create = false) {
|
function permanentLogin($create = false) {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue