From f595f9313e851dbcd40b008f263a6f70a6508320 Mon Sep 17 00:00:00 2001 From: Jakub Vrana Date: Mon, 14 May 2012 00:08:32 -0700 Subject: [PATCH] Use namespace in login form --- adminer/include/adminer.inc.php | 12 ++++++------ adminer/include/auth.inc.php | 25 +++++++++++++------------ changes.txt | 1 + editor/include/adminer.inc.php | 6 +++--- plugins/login-servers.php | 8 ++++---- plugins/password-sha1.php | 6 +++--- 6 files changed, 30 insertions(+), 28 deletions(-) diff --git a/adminer/include/adminer.inc.php b/adminer/include/adminer.inc.php index 75c71c4a..81fd02be 100644 --- a/adminer/include/adminer.inc.php +++ b/adminer/include/adminer.inc.php @@ -63,19 +63,19 @@ class Adminer { global $drivers; ?> -
-
-
"> -
+
+
+
"> +
\n"; - echo checkbox("permanent", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n"; + echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n"; } /** Authorize the user diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php index 4b1fd0f7..a8f04d9d 100644 --- a/adminer/include/auth.inc.php +++ b/adminer/include/auth.inc.php @@ -14,21 +14,22 @@ if ($_COOKIE["adminer_permanent"]) { } } -if (isset($_POST["server"])) { +$auth = $_POST["auth"]; +if ($auth) { session_regenerate_id(); // defense against session fixation - $_SESSION["pwds"][$_POST["driver"]][$_POST["server"]][$_POST["username"]] = $_POST["password"]; - if ($_POST["permanent"]) { - $key = base64_encode($_POST["driver"]) . "-" . base64_encode($_POST["server"]) . "-" . base64_encode($_POST["username"]); + $_SESSION["pwds"][$auth["driver"]][$auth["server"]][$auth["username"]] = $auth["password"]; + if ($auth["permanent"]) { + $key = base64_encode($auth["driver"]) . "-" . base64_encode($auth["server"]) . "-" . base64_encode($auth["username"]); $private = $adminer->permanentLogin(); - $permanent[$key] = "$key:" . base64_encode($private ? encrypt_string($_POST["password"], $private) : ""); + $permanent[$key] = "$key:" . base64_encode($private ? encrypt_string($auth["password"], $private) : ""); cookie("adminer_permanent", implode(" ", $permanent)); } - if (count($_POST) == ($_POST["permanent"] ? 5 : 4) // 4 - driver, server, username, password - || DRIVER != $_POST["driver"] - || SERVER != $_POST["server"] - || $_GET["username"] !== $_POST["username"] // "0" == "00" + if (count($_POST) == 1 // 1 - auth + || DRIVER != $auth["driver"] + || SERVER != $auth["server"] + || $_GET["username"] !== $auth["username"] // "0" == "00" ) { - redirect(auth_url($_POST["driver"], $_POST["server"], $_POST["username"])); + redirect(auth_url($auth["driver"], $auth["server"], $auth["username"])); } } elseif ($_POST["logout"]) { if ($token && $_POST["token"] != $token) { @@ -77,7 +78,7 @@ function auth_error($exception = null) { echo "
\n"; $adminer->loginForm(); echo "
"; - hidden_fields($_POST, array("driver", "server", "username", "password", "permanent")); // expired session + hidden_fields($_POST, array("auth")); // expired session echo "
\n"; echo "
\n"; page_footer("auth"); @@ -98,7 +99,7 @@ if (is_string($connection) || !$adminer->login($_GET["username"], get_session("p } $token = $_SESSION["token"]; ///< @var string CSRF protection -if (isset($_POST["server"]) && $_POST["token"]) { +if ($auth && $_POST["token"]) { $_POST["token"] = $token; // reset token after explicit login } $error = ($_POST ///< @var string diff --git a/changes.txt b/changes.txt index cecc5176..4462ad91 100644 --- a/changes.txt +++ b/changes.txt @@ -9,6 +9,7 @@ PostgreSQL: approximate row count in table overview PostgreSQL: improve PDO support in SQL command Oracle: schema, processlist, table overview numbers Simplify work with NULL values (customization) +Use namespace in login form (customization) Replace JSMin by better JavaScript minifier Don't use AJAX links and forms Ukrainian translation diff --git a/editor/include/adminer.inc.php b/editor/include/adminer.inc.php index fdfbdf16..9c69c98d 100644 --- a/editor/include/adminer.inc.php +++ b/editor/include/adminer.inc.php @@ -41,15 +41,15 @@ class Adminer { function loginForm() { ?> -
"> -
+
"> +
\n"; - echo checkbox("permanent", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n"; + echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n"; } function login($login, $password) { diff --git a/plugins/login-servers.php b/plugins/login-servers.php index 872836cd..b5fa573b 100644 --- a/plugins/login-servers.php +++ b/plugins/login-servers.php @@ -37,13 +37,13 @@ class AdminerLoginServers { function loginForm() { ?> -
-
"> -
+
+
"> +

login = $login; $this->passwordSha1 = $passwordSha1; $this->credentials = $credentials; - if (isset($_POST["password"])) { - $_POST["password"] = sha1($_POST["password"]); + if (isset($_POST["auth"])) { + $_POST["auth"]["password"] = sha1($_POST["auth"]["password"]); } } @@ -32,7 +32,7 @@ class AdminerPasswordSha1 { } function permanentLogin() { - //! should save original $_POST["password"] and hash after load + //! should save original $_POST["auth"]["password"] and hash after load } }