libraries/auth/signon.auth.lib.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * Set of functions used to run single signon authentication.
   5  *
   6  * @package phpMyAdmin-Auth-Signon
   7  */
   8
   9
  10 /**
  11  * Displays authentication form
  12  *
  13  * @global  string    the font face to use in case of failure
  14  * @global  string    the default font size to use in case of failure
  15  * @global  string    the big font size to use in case of failure
  16  *
  17  * @return  boolean   always true (no return indeed)
  18  *
  19  * @access  public
  20  */
  21 function PMA_auth() {
  22     if (empty($GLOBALS['cfg']['Server']['SignonURL'])) {
  23         PMA_fatalError('You must set SignonURL!');
  24     } elseif (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) {
  25         /* Perform logout to custom URL */
  26         PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']);
  27     } else {
  28         PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['SignonURL']);
  29     }
  30     exit();
  31 } // end of the 'PMA_auth()' function
  32
  33
  34 /**
  35  * Gets advanced authentication settings
  36  *
  37  * @global  string    the username if register_globals is on
  38  * @global  string    the password if register_globals is on
  39  * @global  array     the array of server variables if register_globals is
  40  *                    off
  41  * @global  array     the array of environment variables if register_globals
  42  *                    is off
  43  * @global  string    the username for the ? server
  44  * @global  string    the password for the ? server
  45  * @global  string    the username for the WebSite Professional server
  46  * @global  string    the password for the WebSite Professional server
  47  * @global  string    the username of the user who logs out
  48  *
  49  * @return  boolean   whether we get authentication settings or not
  50  *
  51  * @access  public
  52  */
  53 function PMA_auth_check()
  54 {
  55     global $PHP_AUTH_USER, $PHP_AUTH_PW;
  56
  57     /* Session name */
  58     $session_name = $GLOBALS['cfg']['Server']['SignonSession'];
  59
  60     /* Current host */
  61     $single_signon_host = $GLOBALS['cfg']['Server']['host'];
  62
  63     /* Current port */
  64     $single_signon_port = $GLOBALS['cfg']['Server']['port'];
  65
  66     /* Are we requested to do logout? */
  67     $do_logout = !empty($_REQUEST['old_usr']);
  68
  69     /* Does session exist? */
  70     if (isset($_COOKIE[$session_name])) {
  71         /* End current session */
  72         $old_session = session_name();
  73         $old_id = session_id();
  74         session_write_close();
  75
  76         /* Load single signon session */
  77         session_name($session_name);
  78         session_id($_COOKIE[$session_name]);
  79         session_start();
  80
  81         /* Clear error message */
  82         unset($_SESSION['PMA_single_signon_error_message']);
  83
  84         /* Grab credentials if they exist */
  85         if (isset($_SESSION['PMA_single_signon_user'])) {
  86             if ($do_logout) {
  87                 $PHP_AUTH_USER = '';
  88             } else {
  89                 $PHP_AUTH_USER = $_SESSION['PMA_single_signon_user'];
  90             }
  91         }
  92         if (isset($_SESSION['PMA_single_signon_password'])) {
  93             if ($do_logout) {
  94                 $PHP_AUTH_PW = '';
  95             } else {
  96                 $PHP_AUTH_PW = $_SESSION['PMA_single_signon_password'];
  97             }
  98         }
  99         if (isset($_SESSION['PMA_single_signon_host'])) {
 100                 $single_signon_host = $_SESSION['PMA_single_signon_host'];
 101         }
 102
 103         if (isset($_SESSION['PMA_single_signon_port'])) {
 104             $single_signon_port = $_SESSION['PMA_single_signon_port'];
 105         }
 106
 107
 108         /* Also get token as it is needed to access subpages */
 109         if (isset($_SESSION['PMA_single_signon_token'])) {
 110             /* No need to care about token on logout */
 111             $pma_token = $_SESSION['PMA_single_signon_token'];
 112         }
 113
 114         /* End single signon session */
 115         session_write_close();
 116
 117         /* Restart phpMyAdmin session */
 118         session_name($old_session);
 119         if (!empty($old_id)) {
 120             session_id($old_id);
 121         }
 122         session_start();
 123
 124         /* Set the single signon host */
 125         $GLOBALS['cfg']['Server']['host'] = $single_signon_host;
 126
 127         /* Set the single signon port */
 128         $GLOBALS['cfg']['Server']['port'] = $single_signon_port;
 129
 130         /* Restore our token */
 131         if (!empty($pma_token)) {
 132             $_SESSION[' PMA_token '] = $pma_token;
 133         }
 134     }
 135
 136     // Returns whether we get authentication settings or not
 137     if (empty($PHP_AUTH_USER)) {
 138         return false;
 139     } else {
 140         return true;
 141     }
 142 } // end of the 'PMA_auth_check()' function
 143
 144
 145 /**
 146  * Set the user and password after last checkings if required
 147  *
 148  * @global  array     the valid servers settings
 149  * @global  integer   the id of the current server
 150  * @global  array     the current server settings
 151  * @global  string    the current username
 152  * @global  string    the current password
 153  *
 154  * @return  boolean   always true
 155  *
 156  * @access  public
 157  */
 158 function PMA_auth_set_user()
 159 {
 160     global $cfg;
 161     global $PHP_AUTH_USER, $PHP_AUTH_PW;
 162
 163     $cfg['Server']['user']     = $PHP_AUTH_USER;
 164     $cfg['Server']['password'] = $PHP_AUTH_PW;
 165
 166     return true;
 167 } // end of the 'PMA_auth_set_user()' function
 168
 169
 170 /**
 171  * User is not allowed to login to MySQL -> authentication failed
 172  *
 173  * @return  boolean   always true (no return indeed)
 174  *
 175  * @access  public
 176  */
 177 function PMA_auth_fails()
 178 {
 179     if (! empty($GLOBALS['login_without_password_is_forbidden'])) {
 180         $_SESSION['PMA_single_signon_error_message'] = __('Login without a password is forbidden by configuration (see AllowNoPassword)');
 181     } elseif (! empty($GLOBALS['allowDeny_forbidden'])) {
 182         $_SESSION['PMA_single_signon_error_message'] = __('Access denied');
 183     } elseif (! empty($GLOBALS['no_activity'])) {
 184         $_SESSION['PMA_single_signon_error_message'] = sprintf(__('No activity within %s seconds; please log in again'), $GLOBALS['cfg']['LoginCookieValidity']);
 185     } elseif (PMA_DBI_getError()) {
 186         $_SESSION['PMA_single_signon_error_message'] = PMA_sanitize(PMA_DBI_getError());
 187     } elseif (isset($php_errormsg)) {
 188         $_SESSION['PMA_single_signon_error_message'] = $php_errormsg;
 189     } else {
 190         $_SESSION['PMA_single_signon_error_message'] = __('Cannot log in to the MySQL server');
 191     }
 192     PMA_auth();
 193 } // end of the 'PMA_auth_fails()' function
 194
 195 ?>