Use namespace in login form
This commit is contained in:
parent
6591d485e9
commit
f595f9313e
|
@ -63,19 +63,19 @@ class Adminer {
|
||||||
global $drivers;
|
global $drivers;
|
||||||
?>
|
?>
|
||||||
<table cellspacing="0">
|
<table cellspacing="0">
|
||||||
<tr><th><?php echo lang('System'); ?><td><?php echo html_select("driver", $drivers, DRIVER, "loginDriver(this);"); ?>
|
<tr><th><?php echo lang('System'); ?><td><?php echo html_select("auth[driver]", $drivers, DRIVER, "loginDriver(this);"); ?>
|
||||||
<tr><th><?php echo lang('Server'); ?><td><input name="server" value="<?php echo h(SERVER); ?>" title="hostname[:port]">
|
<tr><th><?php echo lang('Server'); ?><td><input name="auth[server]" value="<?php echo h(SERVER); ?>" title="hostname[:port]">
|
||||||
<tr><th><?php echo lang('Username'); ?><td><input id="username" name="username" value="<?php echo h($_GET["username"]); ?>">
|
<tr><th><?php echo lang('Username'); ?><td><input id="username" name="auth[username]" value="<?php echo h($_GET["username"]); ?>">
|
||||||
<tr><th><?php echo lang('Password'); ?><td><input type="password" name="password">
|
<tr><th><?php echo lang('Password'); ?><td><input type="password" name="auth[password]">
|
||||||
</table>
|
</table>
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
var username = document.getElementById('username');
|
var username = document.getElementById('username');
|
||||||
username.focus();
|
username.focus();
|
||||||
username.form['driver'].onchange();
|
username.form['auth[driver]'].onchange();
|
||||||
</script>
|
</script>
|
||||||
<?php
|
<?php
|
||||||
echo "<p><input type='submit' value='" . lang('Login') . "'>\n";
|
echo "<p><input type='submit' value='" . lang('Login') . "'>\n";
|
||||||
echo checkbox("permanent", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
|
echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Authorize the user
|
/** Authorize the user
|
||||||
|
|
|
@ -14,21 +14,22 @@ if ($_COOKIE["adminer_permanent"]) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($_POST["server"])) {
|
$auth = $_POST["auth"];
|
||||||
|
if ($auth) {
|
||||||
session_regenerate_id(); // defense against session fixation
|
session_regenerate_id(); // defense against session fixation
|
||||||
$_SESSION["pwds"][$_POST["driver"]][$_POST["server"]][$_POST["username"]] = $_POST["password"];
|
$_SESSION["pwds"][$auth["driver"]][$auth["server"]][$auth["username"]] = $auth["password"];
|
||||||
if ($_POST["permanent"]) {
|
if ($auth["permanent"]) {
|
||||||
$key = base64_encode($_POST["driver"]) . "-" . base64_encode($_POST["server"]) . "-" . base64_encode($_POST["username"]);
|
$key = base64_encode($auth["driver"]) . "-" . base64_encode($auth["server"]) . "-" . base64_encode($auth["username"]);
|
||||||
$private = $adminer->permanentLogin();
|
$private = $adminer->permanentLogin();
|
||||||
$permanent[$key] = "$key:" . base64_encode($private ? encrypt_string($_POST["password"], $private) : "");
|
$permanent[$key] = "$key:" . base64_encode($private ? encrypt_string($auth["password"], $private) : "");
|
||||||
cookie("adminer_permanent", implode(" ", $permanent));
|
cookie("adminer_permanent", implode(" ", $permanent));
|
||||||
}
|
}
|
||||||
if (count($_POST) == ($_POST["permanent"] ? 5 : 4) // 4 - driver, server, username, password
|
if (count($_POST) == 1 // 1 - auth
|
||||||
|| DRIVER != $_POST["driver"]
|
|| DRIVER != $auth["driver"]
|
||||||
|| SERVER != $_POST["server"]
|
|| SERVER != $auth["server"]
|
||||||
|| $_GET["username"] !== $_POST["username"] // "0" == "00"
|
|| $_GET["username"] !== $auth["username"] // "0" == "00"
|
||||||
) {
|
) {
|
||||||
redirect(auth_url($_POST["driver"], $_POST["server"], $_POST["username"]));
|
redirect(auth_url($auth["driver"], $auth["server"], $auth["username"]));
|
||||||
}
|
}
|
||||||
} elseif ($_POST["logout"]) {
|
} elseif ($_POST["logout"]) {
|
||||||
if ($token && $_POST["token"] != $token) {
|
if ($token && $_POST["token"] != $token) {
|
||||||
|
@ -77,7 +78,7 @@ function auth_error($exception = null) {
|
||||||
echo "<form action='' method='post' onclick='eventStop(event);'>\n";
|
echo "<form action='' method='post' onclick='eventStop(event);'>\n";
|
||||||
$adminer->loginForm();
|
$adminer->loginForm();
|
||||||
echo "<div>";
|
echo "<div>";
|
||||||
hidden_fields($_POST, array("driver", "server", "username", "password", "permanent")); // expired session
|
hidden_fields($_POST, array("auth")); // expired session
|
||||||
echo "</div>\n";
|
echo "</div>\n";
|
||||||
echo "</form>\n";
|
echo "</form>\n";
|
||||||
page_footer("auth");
|
page_footer("auth");
|
||||||
|
@ -98,7 +99,7 @@ if (is_string($connection) || !$adminer->login($_GET["username"], get_session("p
|
||||||
}
|
}
|
||||||
|
|
||||||
$token = $_SESSION["token"]; ///< @var string CSRF protection
|
$token = $_SESSION["token"]; ///< @var string CSRF protection
|
||||||
if (isset($_POST["server"]) && $_POST["token"]) {
|
if ($auth && $_POST["token"]) {
|
||||||
$_POST["token"] = $token; // reset token after explicit login
|
$_POST["token"] = $token; // reset token after explicit login
|
||||||
}
|
}
|
||||||
$error = ($_POST ///< @var string
|
$error = ($_POST ///< @var string
|
||||||
|
|
|
@ -9,6 +9,7 @@ PostgreSQL: approximate row count in table overview
|
||||||
PostgreSQL: improve PDO support in SQL command
|
PostgreSQL: improve PDO support in SQL command
|
||||||
Oracle: schema, processlist, table overview numbers
|
Oracle: schema, processlist, table overview numbers
|
||||||
Simplify work with NULL values (customization)
|
Simplify work with NULL values (customization)
|
||||||
|
Use namespace in login form (customization)
|
||||||
Replace JSMin by better JavaScript minifier
|
Replace JSMin by better JavaScript minifier
|
||||||
Don't use AJAX links and forms
|
Don't use AJAX links and forms
|
||||||
Ukrainian translation
|
Ukrainian translation
|
||||||
|
|
|
@ -41,15 +41,15 @@ class Adminer {
|
||||||
function loginForm() {
|
function loginForm() {
|
||||||
?>
|
?>
|
||||||
<table cellspacing="0">
|
<table cellspacing="0">
|
||||||
<tr><th><?php echo lang('Username'); ?><td><input type="hidden" name="driver" value="server"><input type="hidden" name="server" value=""><input id="username" name="username" value="<?php echo h($_GET["username"]); ?>">
|
<tr><th><?php echo lang('Username'); ?><td><input type="hidden" name="auth[driver]" value="server"><input id="username" name="auth[username]" value="<?php echo h($_GET["username"]); ?>">
|
||||||
<tr><th><?php echo lang('Password'); ?><td><input type="password" name="password">
|
<tr><th><?php echo lang('Password'); ?><td><input type="password" name="auth[password]">
|
||||||
</table>
|
</table>
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
document.getElementById('username').focus();
|
document.getElementById('username').focus();
|
||||||
</script>
|
</script>
|
||||||
<?php
|
<?php
|
||||||
echo "<p><input type='submit' value='" . lang('Login') . "'>\n";
|
echo "<p><input type='submit' value='" . lang('Login') . "'>\n";
|
||||||
echo checkbox("permanent", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
|
echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
function login($login, $password) {
|
function login($login, $password) {
|
||||||
|
|
|
@ -37,13 +37,13 @@ class AdminerLoginServers {
|
||||||
function loginForm() {
|
function loginForm() {
|
||||||
?>
|
?>
|
||||||
<table cellspacing="0">
|
<table cellspacing="0">
|
||||||
<tr><th><?php echo lang('Server'); ?><td><input type="hidden" name="driver" value="<?php echo $this->driver; ?>"><select name="server"><?php echo optionlist($this->servers, SERVER); ?></select>
|
<tr><th><?php echo lang('Server'); ?><td><input type="hidden" name="auth[driver]" value="<?php echo $this->driver; ?>"><select name="auth[server]"><?php echo optionlist($this->servers, SERVER); ?></select>
|
||||||
<tr><th><?php echo lang('Username'); ?><td><input id="username" name="username" value="<?php echo h($_GET["username"]); ?>">
|
<tr><th><?php echo lang('Username'); ?><td><input id="username" name="auth[username]" value="<?php echo h($_GET["username"]); ?>">
|
||||||
<tr><th><?php echo lang('Password'); ?><td><input type="password" name="password">
|
<tr><th><?php echo lang('Password'); ?><td><input type="password" name="auth[password]">
|
||||||
</table>
|
</table>
|
||||||
<p><input type="submit" value="<?php echo lang('Login'); ?>">
|
<p><input type="submit" value="<?php echo lang('Login'); ?>">
|
||||||
<?php
|
<?php
|
||||||
echo checkbox("permanent", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
|
echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -18,8 +18,8 @@ class AdminerPasswordSha1 {
|
||||||
$this->login = $login;
|
$this->login = $login;
|
||||||
$this->passwordSha1 = $passwordSha1;
|
$this->passwordSha1 = $passwordSha1;
|
||||||
$this->credentials = $credentials;
|
$this->credentials = $credentials;
|
||||||
if (isset($_POST["password"])) {
|
if (isset($_POST["auth"])) {
|
||||||
$_POST["password"] = sha1($_POST["password"]);
|
$_POST["auth"]["password"] = sha1($_POST["auth"]["password"]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -32,7 +32,7 @@ class AdminerPasswordSha1 {
|
||||||
}
|
}
|
||||||
|
|
||||||
function permanentLogin() {
|
function permanentLogin() {
|
||||||
//! should save original $_POST["password"] and hash after load
|
//! should save original $_POST["auth"]["password"] and hash after load
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue