2 /* vim: set expandtab sw=4 ts=4 sts=4: */
4 * Set of functions used to run single signon authentication.
6 * @package phpMyAdmin-Auth-Signon
11 * Displays authentication form
13 * @global string the font face to use in case of failure
14 * @global string the default font size to use in case of failure
15 * @global string the big font size to use in case of failure
17 * @return boolean always true (no return indeed)
22 if (empty($GLOBALS['cfg']['Server']['SignonURL'])) {
23 PMA_fatalError('You must set SignonURL!');
24 } elseif (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) {
25 /* Perform logout to custom URL */
26 PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']);
28 PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['SignonURL']);
31 } // end of the 'PMA_auth()' function
35 * Gets advanced authentication settings
37 * @global string the username if register_globals is on
38 * @global string the password if register_globals is on
39 * @global array the array of server variables if register_globals is
41 * @global array the array of environment variables if register_globals
43 * @global string the username for the ? server
44 * @global string the password for the ? server
45 * @global string the username for the WebSite Professional server
46 * @global string the password for the WebSite Professional server
47 * @global string the username of the user who logs out
49 * @return boolean whether we get authentication settings or not
53 function PMA_auth_check()
55 global $PHP_AUTH_USER, $PHP_AUTH_PW;
58 $session_name = $GLOBALS['cfg']['Server']['SignonSession'];
61 $single_signon_host = $GLOBALS['cfg']['Server']['host'];
64 $single_signon_port = $GLOBALS['cfg']['Server']['port'];
66 /* Are we requested to do logout? */
67 $do_logout = !empty($_REQUEST['old_usr']);
69 /* Does session exist? */
70 if (isset($_COOKIE[$session_name])) {
71 /* End current session */
72 $old_session = session_name();
73 $old_id = session_id();
74 session_write_close();
76 /* Load single signon session */
77 session_name($session_name);
78 session_id($_COOKIE[$session_name]);
81 /* Clear error message */
82 unset($_SESSION['PMA_single_signon_error_message']);
84 /* Grab credentials if they exist */
85 if (isset($_SESSION['PMA_single_signon_user'])) {
89 $PHP_AUTH_USER = $_SESSION['PMA_single_signon_user'];
92 if (isset($_SESSION['PMA_single_signon_password'])) {
96 $PHP_AUTH_PW = $_SESSION['PMA_single_signon_password'];
99 if (isset($_SESSION['PMA_single_signon_host'])) {
100 $single_signon_host = $_SESSION['PMA_single_signon_host'];
103 if (isset($_SESSION['PMA_single_signon_port'])) {
104 $single_signon_port = $_SESSION['PMA_single_signon_port'];
108 /* Also get token as it is needed to access subpages */
109 if (isset($_SESSION['PMA_single_signon_token'])) {
110 /* No need to care about token on logout */
111 $pma_token = $_SESSION['PMA_single_signon_token'];
114 /* End single signon session */
115 session_write_close();
117 /* Restart phpMyAdmin session */
118 session_name($old_session);
119 if (!empty($old_id)) {
124 /* Set the single signon host */
125 $GLOBALS['cfg']['Server']['host'] = $single_signon_host;
127 /* Set the single signon port */
128 $GLOBALS['cfg']['Server']['port'] = $single_signon_port;
130 /* Restore our token */
131 if (!empty($pma_token)) {
132 $_SESSION[' PMA_token '] = $pma_token;
136 // Returns whether we get authentication settings or not
137 if (empty($PHP_AUTH_USER)) {
142 } // end of the 'PMA_auth_check()' function
146 * Set the user and password after last checkings if required
148 * @global array the valid servers settings
149 * @global integer the id of the current server
150 * @global array the current server settings
151 * @global string the current username
152 * @global string the current password
154 * @return boolean always true
158 function PMA_auth_set_user()
161 global $PHP_AUTH_USER, $PHP_AUTH_PW;
163 $cfg['Server']['user'] = $PHP_AUTH_USER;
164 $cfg['Server']['password'] = $PHP_AUTH_PW;
167 } // end of the 'PMA_auth_set_user()' function
171 * User is not allowed to login to MySQL -> authentication failed
173 * @return boolean always true (no return indeed)
177 function PMA_auth_fails()
179 if (! empty($GLOBALS['login_without_password_is_forbidden'])) {
180 $_SESSION['PMA_single_signon_error_message'] = __('Login without a password is forbidden by configuration (see AllowNoPassword)');
181 } elseif (! empty($GLOBALS['allowDeny_forbidden'])) {
182 $_SESSION['PMA_single_signon_error_message'] = __('Access denied');
183 } elseif (! empty($GLOBALS['no_activity'])) {
184 $_SESSION['PMA_single_signon_error_message'] = sprintf(__('No activity within %s seconds; please log in again'), $GLOBALS['cfg']['LoginCookieValidity']);
185 } elseif (PMA_DBI_getError()) {
186 $_SESSION['PMA_single_signon_error_message'] = PMA_sanitize(PMA_DBI_getError());
187 } elseif (isset($php_errormsg)) {
188 $_SESSION['PMA_single_signon_error_message'] = $php_errormsg;
190 $_SESSION['PMA_single_signon_error_message'] = __('Cannot log in to the MySQL server');
193 } // end of the 'PMA_auth_fails()' function