libraries/auth/signon.auth.lib.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * Set of functions used to run single signon authentication.
   5  *
   6  * @package phpMyAdmin-Auth-Signon
   7  */
   8
   9
  10 /**
  11  * Displays authentication form
  12  *
  13  * @global  string    the font face to use in case of failure
  14  * @global  string    the default font size to use in case of failure
  15  * @global  string    the big font size to use in case of failure
  16  *
  17  * @return  boolean   always true (no return indeed)
  18  *
  19  * @access  public
  20  */
  21 function PMA_auth() {
  22     if (empty($GLOBALS['cfg']['Server']['SignonURL'])) {
  23         PMA_fatalError('You must set SignonURL!');
  24     } elseif (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) {
  25         /* Perform logout to custom URL */
  26         PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']);
  27     } else {
  28         PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['SignonURL']);
  29     }
  30     exit();
  31 } // end of the 'PMA_auth()' function
  32
  33
  34 /**
  35  * Gets advanced authentication settings
  36  *
  37  * @global  string    the username if register_globals is on
  38  * @global  string    the password if register_globals is on
  39  * @global  array     the array of server variables if register_globals is
  40  *                    off
  41  * @global  array     the array of environment variables if register_globals
  42  *                    is off
  43  * @global  string    the username for the ? server
  44  * @global  string    the password for the ? server
  45  * @global  string    the username for the WebSite Professional server
  46  * @global  string    the password for the WebSite Professional server
  47  * @global  string    the username of the user who logs out
  48  *
  49  * @return  boolean   whether we get authentication settings or not
  50  *
  51  * @access  public
  52  */
  53 function PMA_auth_check()
  54 {
  55     global $PHP_AUTH_USER, $PHP_AUTH_PW;
  56
  57     /* Session name */
  58     $session_name = $GLOBALS['cfg']['Server']['SignonSession'];
  59
  60     /* Current host */
  61     $single_signon_host = $GLOBALS['cfg']['Server']['host'];
  62
  63     /* Current port */
  64     $single_signon_port = $GLOBALS['cfg']['Server']['port'];
  65
  66     /* Are we requested to do logout? */
  67     $do_logout = !empty($_REQUEST['old_usr']);
  68
  69     /* Does session exist? */
  70     if (isset($_COOKIE[$session_name])) {
  71         /* End current session */
  72         $old_session = session_name();
  73         $old_id = session_id();
  74         session_write_close();
  75
  76         /* Load single signon session */
  77         session_name($session_name);
  78         session_id($_COOKIE[$session_name]);
  79         session_start();
  80
  81         /* Clear error message */
  82         unset($_SESSION['PMA_single_signon_error_message']);
  83
  84         /* Grab credentials if they exist */
  85         if (isset($_SESSION['PMA_single_signon_user'])) {
  86             if ($do_logout) {
  87                 $PHP_AUTH_USER = '';
  88             } else {
  89                 $PHP_AUTH_USER = $_SESSION['PMA_single_signon_user'];
  90             }
  91         }
  92         if (isset($_SESSION['PMA_single_signon_password'])) {
  93             if ($do_logout) {
  94                 $PHP_AUTH_PW = '';
  95             } else {
  96                 $PHP_AUTH_PW = $_SESSION['PMA_single_signon_password'];
  97             }
  98         }
  99         if (isset($_SESSION['PMA_single_signon_host'])) {
 100                 $single_signon_host = $_SESSION['PMA_single_signon_host'];
 101         }
 102
 103         if (isset($_SESSION['PMA_single_signon_port'])) {
 104             $single_signon_port = $_SESSION['PMA_single_signon_port'];
 105         }
 106
 107
 108         /* Also get token as it is needed to access subpages */
 109         if (isset($_SESSION['PMA_single_signon_token'])) {
 110             /* No need to care about token on logout */
 111             $pma_token = $_SESSION['PMA_single_signon_token'];
 112         }
 113
 114         /* End single signon session */
 115         session_write_close();
 116
 117         /* Restart phpMyAdmin session */
 118         session_name($old_session);
 119         if (!empty($old_id)) {
 120             session_id($old_id);
 121         }
 122         session_start();
 123
 124         /* Set the single signon host */
 125         $GLOBALS['cfg']['Server']['host'] = $single_signon_host;
 126
 127         /* Set the single signon port */
 128         $GLOBALS['cfg']['Server']['port'] = $single_signon_port;
 129
 130         /* Restore our token */
 131         if (!empty($pma_token)) {
 132             $_SESSION[' PMA_token '] = $pma_token;
 133         }
 134
 135         /**
 136          * Clear user cache.
 137          */
 138         PMA_clearUserCache();
 139     }
 140
 141     // Returns whether we get authentication settings or not
 142     if (empty($PHP_AUTH_USER)) {
 143         return false;
 144     } else {
 145         return true;
 146     }
 147 } // end of the 'PMA_auth_check()' function
 148
 149
 150 /**
 151  * Set the user and password after last checkings if required
 152  *
 153  * @global  array     the valid servers settings
 154  * @global  integer   the id of the current server
 155  * @global  array     the current server settings
 156  * @global  string    the current username
 157  * @global  string    the current password
 158  *
 159  * @return  boolean   always true
 160  *
 161  * @access  public
 162  */
 163 function PMA_auth_set_user()
 164 {
 165     global $cfg;
 166     global $PHP_AUTH_USER, $PHP_AUTH_PW;
 167
 168     $cfg['Server']['user']     = $PHP_AUTH_USER;
 169     $cfg['Server']['password'] = $PHP_AUTH_PW;
 170
 171     return true;
 172 } // end of the 'PMA_auth_set_user()' function
 173
 174
 175 /**
 176  * User is not allowed to login to MySQL -> authentication failed
 177  *
 178  * @return  boolean   always true (no return indeed)
 179  *
 180  * @access  public
 181  */
 182 function PMA_auth_fails()
 183 {
 184     if (! empty($GLOBALS['login_without_password_is_forbidden'])) {
 185         $_SESSION['PMA_single_signon_error_message'] = __('Login without a password is forbidden by configuration (see AllowNoPassword)');
 186     } elseif (! empty($GLOBALS['allowDeny_forbidden'])) {
 187         $_SESSION['PMA_single_signon_error_message'] = __('Access denied');
 188     } elseif (! empty($GLOBALS['no_activity'])) {
 189         $_SESSION['PMA_single_signon_error_message'] = sprintf(__('No activity within %s seconds; please log in again'), $GLOBALS['cfg']['LoginCookieValidity']);
 190     } elseif (PMA_DBI_getError()) {
 191         $_SESSION['PMA_single_signon_error_message'] = PMA_sanitize(PMA_DBI_getError());
 192     } elseif (isset($php_errormsg)) {
 193         $_SESSION['PMA_single_signon_error_message'] = $php_errormsg;
 194     } else {
 195         $_SESSION['PMA_single_signon_error_message'] = __('Cannot log in to the MySQL server');
 196     }
 197     PMA_auth();
 198 } // end of the 'PMA_auth_fails()' function
 199
 200 ?>