diff --git a/adminer/include/adminer.inc.php b/adminer/include/adminer.inc.php
index 75c71c4a..81fd02be 100644
--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@@ -63,19 +63,19 @@ class Adminer {
global $drivers;
?>
\n";
- echo checkbox("permanent", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
+ echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
}
/** Authorize the user
diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php
index 4b1fd0f7..a8f04d9d 100644
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -14,21 +14,22 @@ if ($_COOKIE["adminer_permanent"]) {
}
}
-if (isset($_POST["server"])) {
+$auth = $_POST["auth"];
+if ($auth) {
session_regenerate_id(); // defense against session fixation
- $_SESSION["pwds"][$_POST["driver"]][$_POST["server"]][$_POST["username"]] = $_POST["password"];
- if ($_POST["permanent"]) {
- $key = base64_encode($_POST["driver"]) . "-" . base64_encode($_POST["server"]) . "-" . base64_encode($_POST["username"]);
+ $_SESSION["pwds"][$auth["driver"]][$auth["server"]][$auth["username"]] = $auth["password"];
+ if ($auth["permanent"]) {
+ $key = base64_encode($auth["driver"]) . "-" . base64_encode($auth["server"]) . "-" . base64_encode($auth["username"]);
$private = $adminer->permanentLogin();
- $permanent[$key] = "$key:" . base64_encode($private ? encrypt_string($_POST["password"], $private) : "");
+ $permanent[$key] = "$key:" . base64_encode($private ? encrypt_string($auth["password"], $private) : "");
cookie("adminer_permanent", implode(" ", $permanent));
}
- if (count($_POST) == ($_POST["permanent"] ? 5 : 4) // 4 - driver, server, username, password
- || DRIVER != $_POST["driver"]
- || SERVER != $_POST["server"]
- || $_GET["username"] !== $_POST["username"] // "0" == "00"
+ if (count($_POST) == 1 // 1 - auth
+ || DRIVER != $auth["driver"]
+ || SERVER != $auth["server"]
+ || $_GET["username"] !== $auth["username"] // "0" == "00"
) {
- redirect(auth_url($_POST["driver"], $_POST["server"], $_POST["username"]));
+ redirect(auth_url($auth["driver"], $auth["server"], $auth["username"]));
}
} elseif ($_POST["logout"]) {
if ($token && $_POST["token"] != $token) {
@@ -77,7 +78,7 @@ function auth_error($exception = null) {
echo "\n";
page_footer("auth");
@@ -98,7 +99,7 @@ if (is_string($connection) || !$adminer->login($_GET["username"], get_session("p
}
$token = $_SESSION["token"]; ///< @var string CSRF protection
-if (isset($_POST["server"]) && $_POST["token"]) {
+if ($auth && $_POST["token"]) {
$_POST["token"] = $token; // reset token after explicit login
}
$error = ($_POST ///< @var string
diff --git a/changes.txt b/changes.txt
index cecc5176..4462ad91 100644
--- a/changes.txt
+++ b/changes.txt
@@ -9,6 +9,7 @@ PostgreSQL: approximate row count in table overview
PostgreSQL: improve PDO support in SQL command
Oracle: schema, processlist, table overview numbers
Simplify work with NULL values (customization)
+Use namespace in login form (customization)
Replace JSMin by better JavaScript minifier
Don't use AJAX links and forms
Ukrainian translation
diff --git a/editor/include/adminer.inc.php b/editor/include/adminer.inc.php
index fdfbdf16..9c69c98d 100644
--- a/editor/include/adminer.inc.php
+++ b/editor/include/adminer.inc.php
@@ -41,15 +41,15 @@ class Adminer {
function loginForm() {
?>
\n";
- echo checkbox("permanent", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
+ echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
}
function login($login, $password) {
diff --git a/plugins/login-servers.php b/plugins/login-servers.php
index 872836cd..b5fa573b 100644
--- a/plugins/login-servers.php
+++ b/plugins/login-servers.php
@@ -37,13 +37,13 @@ class AdminerLoginServers {
function loginForm() {
?>
login = $login;
$this->passwordSha1 = $passwordSha1;
$this->credentials = $credentials;
- if (isset($_POST["password"])) {
- $_POST["password"] = sha1($_POST["password"]);
+ if (isset($_POST["auth"])) {
+ $_POST["auth"]["password"] = sha1($_POST["auth"]["password"]);
}
}
@@ -32,7 +32,7 @@ class AdminerPasswordSha1 {
}
function permanentLogin() {
- //! should save original $_POST["password"] and hash after load
+ //! should save original $_POST["auth"]["password"] and hash after load
}
}