Notify user about expired master password for permanent login
This commit is contained in:
parent
64297aea60
commit
f29a7cb140
|
@ -20,10 +20,11 @@ class Adminer {
|
|||
}
|
||||
|
||||
/** Get key used for permanent login
|
||||
* @return string cryptic string which gets combined with password
|
||||
* @param bool
|
||||
* @return string cryptic string which gets combined with password or false in case of an error
|
||||
*/
|
||||
function permanentLogin() {
|
||||
return password_file();
|
||||
function permanentLogin($create = false) {
|
||||
return password_file($create);
|
||||
}
|
||||
|
||||
/** Identifier of selected database
|
||||
|
|
|
@ -21,7 +21,7 @@ if ($auth) {
|
|||
$_SESSION["db"][$auth["driver"]][$auth["server"]][$auth["username"]][$auth["db"]] = true;
|
||||
if ($auth["permanent"]) {
|
||||
$key = base64_encode($auth["driver"]) . "-" . base64_encode($auth["server"]) . "-" . base64_encode($auth["username"]) . "-" . base64_encode($auth["db"]);
|
||||
$private = $adminer->permanentLogin();
|
||||
$private = $adminer->permanentLogin(true);
|
||||
$permanent[$key] = "$key:" . base64_encode($private ? encrypt_string($auth["password"], $private) : "");
|
||||
cookie("adminer_permanent", implode(" ", $permanent));
|
||||
}
|
||||
|
@ -49,7 +49,7 @@ if ($auth) {
|
|||
|
||||
} elseif ($permanent && !$_SESSION["pwds"]) {
|
||||
session_regenerate_id();
|
||||
$private = $adminer->permanentLogin(); // try to decode even if not set
|
||||
$private = $adminer->permanentLogin();
|
||||
foreach ($permanent as $key => $val) {
|
||||
list(, $cipher) = explode(":", $val);
|
||||
list($driver, $server, $username, $db) = array_map('base64_decode', explode("-", $key));
|
||||
|
@ -82,6 +82,9 @@ function auth_error($exception = null) {
|
|||
$password = &get_session("pwds");
|
||||
if ($password !== null) {
|
||||
$error = h($exception ? $exception->getMessage() : (is_string($connection) ? $connection : lang('Invalid credentials.')));
|
||||
if ($password === false) {
|
||||
$error .= '<br>' . lang('Master password expired. <a href="http://www.adminer.org/en/extension/" target="_blank">Implement</a> <code>permanentLogin()</code> method to make it permanent.');
|
||||
}
|
||||
$password = null;
|
||||
}
|
||||
unset_permanent();
|
||||
|
|
|
@ -912,9 +912,10 @@ function apply_sql_function($function, $column) {
|
|||
}
|
||||
|
||||
/** Read password from file adminer.key in temporary directory or create one
|
||||
* @param bool
|
||||
* @return string or false if the file can not be created
|
||||
*/
|
||||
function password_file() {
|
||||
function password_file($create) {
|
||||
$dir = ini_get("upload_tmp_dir"); // session_save_path() may contain other storage path
|
||||
if (!$dir) {
|
||||
if (function_exists('sys_get_temp_dir')) {
|
||||
|
@ -930,7 +931,7 @@ function password_file() {
|
|||
}
|
||||
$filename = "$dir/adminer.key";
|
||||
$return = @file_get_contents($filename); // @ - can not exist
|
||||
if ($return) {
|
||||
if ($return || !$create) {
|
||||
return $return;
|
||||
}
|
||||
$fp = @fopen($filename, "w"); // @ - can have insufficient rights //! is not atomic
|
||||
|
|
|
@ -79,6 +79,9 @@ function decrypt_string($str, $key) {
|
|||
if ($str == "") {
|
||||
return "";
|
||||
}
|
||||
if (!$key) {
|
||||
return false;
|
||||
}
|
||||
$key = array_values(unpack("V*", pack("H*", md5($key))));
|
||||
$v = str2long($str, false);
|
||||
$n = count($v) - 1;
|
||||
|
|
|
@ -11,6 +11,7 @@ $translations = array(
|
|||
'Logged as: %s' => 'Přihlášen jako: %s',
|
||||
'Logout successful.' => 'Odhlášení proběhlo v pořádku.',
|
||||
'Invalid credentials.' => 'Neplatné přihlašovací údaje.',
|
||||
'Master password expired. <a href="http://www.adminer.org/en/extension/" target="_blank">Implement</a> <code>permanentLogin()</code> method to make it permanent.' => 'Platnost hlavního hesla vypršela. <a href="http://www.adminer.org/cs/extension/" target="_blank">Implementujte</a> metodu <code>permanentLogin()</code>, aby platilo stále.',
|
||||
'Language' => 'Jazyk',
|
||||
'Invalid CSRF token. Send the form again.' => 'Neplatný token CSRF. Odešlete formulář znovu.',
|
||||
'No extension' => 'Žádné rozšíření',
|
||||
|
|
|
@ -11,6 +11,7 @@ $translations = array(
|
|||
'Logged as: %s' => 'xx',
|
||||
'Logout successful.' => 'xx',
|
||||
'Invalid credentials.' => 'xx',
|
||||
'Master password expired. <a href="http://www.adminer.org/en/extension/" target="_blank">Implement</a> <code>permanentLogin()</code> method to make it permanent.' => 'xx',
|
||||
'Language' => 'xx',
|
||||
'Invalid CSRF token. Send the form again.' => 'xx',
|
||||
'No extension' => 'xx',
|
||||
|
|
|
@ -5,6 +5,7 @@ Don't use LIMIT 1 if inline updating unique row
|
|||
Don't check previous checkbox on added column in create table (bug #3614245)
|
||||
Order table list by name
|
||||
Verify UTF-8 encoding of CSV import
|
||||
Notify user about expired master password for permanent login
|
||||
MySQL: Speed up updating rows without numeric or UTF-8 primary key
|
||||
PostgreSQL: Fix detecting oid column in PDO
|
||||
PostgreSQL: Handle timestamp types (bug #3614086)
|
||||
|
|
|
@ -13,8 +13,8 @@ class Adminer {
|
|||
return array(SERVER, $_GET["username"], get_session("pwds"));
|
||||
}
|
||||
|
||||
function permanentLogin() {
|
||||
return password_file();
|
||||
function permanentLogin($create = false) {
|
||||
return password_file($create);
|
||||
}
|
||||
|
||||
function database() {
|
||||
|
|
Loading…
Reference in a new issue