2 /* vim: set expandtab sw=4 ts=4 sts=4: */
4 * Set of functions used to run single signon authentication.
6 * @package phpMyAdmin-Auth-Signon
11 * Displays authentication form
13 * @global string the font face to use in case of failure
14 * @global string the default font size to use in case of failure
15 * @global string the big font size to use in case of failure
17 * @return boolean always true (no return indeed)
23 unset($_SESSION['LAST_SIGNON_URL']);
24 if (empty($GLOBALS['cfg']['Server']['SignonURL'])) {
25 PMA_fatalError('You must set SignonURL!');
26 } elseif (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) {
27 /* Perform logout to custom URL */
28 PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']);
30 PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['SignonURL']);
33 } // end of the 'PMA_auth()' function
37 * Gets advanced authentication settings
39 * @global string the username if register_globals is on
40 * @global string the password if register_globals is on
41 * @global array the array of server variables if register_globals is
43 * @global array the array of environment variables if register_globals
45 * @global string the username for the ? server
46 * @global string the password for the ? server
47 * @global string the username for the WebSite Professional server
48 * @global string the password for the WebSite Professional server
49 * @global string the username of the user who logs out
51 * @return boolean whether we get authentication settings or not
55 function PMA_auth_check()
57 global $PHP_AUTH_USER, $PHP_AUTH_PW;
59 /* Check if we're using same sigon server */
60 if (isset($_SESSION['LAST_SIGNON_URL']) && $_SESSION['LAST_SIGNON_URL'] != $GLOBALS['cfg']['Server']['SignonURL']) {
65 $script_name = $GLOBALS['cfg']['Server']['SignonScript'];
68 $session_name = $GLOBALS['cfg']['Server']['SignonSession'];
71 $signon_url = $GLOBALS['cfg']['Server']['SignonURL'];
74 $single_signon_host = $GLOBALS['cfg']['Server']['host'];
77 $single_signon_port = $GLOBALS['cfg']['Server']['port'];
79 /* No configuration updates */
80 $single_signon_cfgupdate = array();
82 /* Are we requested to do logout? */
83 $do_logout = !empty($_REQUEST['old_usr']);
85 /* Handle script based auth */
86 if (!empty($script_name)) {
87 if (! file_exists($script_name)) {
88 PMA_fatalError(__('Can not find signon authentication script:') . ' ' . $script_name);
92 list ($PHP_AUTH_USER, $PHP_AUTH_PW) = get_login_credentials($cfg['Server']['user']);
94 /* Does session exist? */
95 } elseif (isset($_COOKIE[$session_name])) {
96 /* End current session */
97 $old_session = session_name();
98 $old_id = session_id();
99 session_write_close();
101 /* Load single signon session */
102 session_name($session_name);
103 session_id($_COOKIE[$session_name]);
106 /* Clear error message */
107 unset($_SESSION['PMA_single_signon_error_message']);
109 /* Grab credentials if they exist */
110 if (isset($_SESSION['PMA_single_signon_user'])) {
114 $PHP_AUTH_USER = $_SESSION['PMA_single_signon_user'];
117 if (isset($_SESSION['PMA_single_signon_password'])) {
121 $PHP_AUTH_PW = $_SESSION['PMA_single_signon_password'];
124 if (isset($_SESSION['PMA_single_signon_host'])) {
125 $single_signon_host = $_SESSION['PMA_single_signon_host'];
128 if (isset($_SESSION['PMA_single_signon_port'])) {
129 $single_signon_port = $_SESSION['PMA_single_signon_port'];
132 if (isset($_SESSION['PMA_single_signon_cfgupdate'])) {
133 $single_signon_cfgupdate = $_SESSION['PMA_single_signon_cfgupdate'];
137 /* Also get token as it is needed to access subpages */
138 if (isset($_SESSION['PMA_single_signon_token'])) {
139 /* No need to care about token on logout */
140 $pma_token = $_SESSION['PMA_single_signon_token'];
143 /* End single signon session */
144 session_write_close();
146 /* Restart phpMyAdmin session */
147 session_name($old_session);
148 if (!empty($old_id)) {
153 /* Set the single signon host */
154 $GLOBALS['cfg']['Server']['host'] = $single_signon_host;
156 /* Set the single signon port */
157 $GLOBALS['cfg']['Server']['port'] = $single_signon_port;
159 /* Configuration update */
160 $GLOBALS['cfg']['Server'] = array_merge($GLOBALS['cfg']['Server'], $single_signon_cfgupdate);
162 /* Restore our token */
163 if (!empty($pma_token)) {
164 $_SESSION[' PMA_token '] = $pma_token;
170 PMA_clearUserCache();
173 // Returns whether we get authentication settings or not
174 if (empty($PHP_AUTH_USER)) {
175 unset($_SESSION['LAST_SIGNON_URL']);
178 $_SESSION['LAST_SIGNON_URL'] = $GLOBALS['cfg']['Server']['SignonURL'];
181 } // end of the 'PMA_auth_check()' function
185 * Set the user and password after last checkings if required
187 * @global array the valid servers settings
188 * @global integer the id of the current server
189 * @global array the current server settings
190 * @global string the current username
191 * @global string the current password
193 * @return boolean always true
197 function PMA_auth_set_user()
200 global $PHP_AUTH_USER, $PHP_AUTH_PW;
202 $cfg['Server']['user'] = $PHP_AUTH_USER;
203 $cfg['Server']['password'] = $PHP_AUTH_PW;
206 } // end of the 'PMA_auth_set_user()' function
210 * User is not allowed to login to MySQL -> authentication failed
212 * @return boolean always true (no return indeed)
216 function PMA_auth_fails()
219 $session_name = $GLOBALS['cfg']['Server']['SignonSession'];
221 /* Does session exist? */
222 if (isset($_COOKIE[$session_name])) {
223 /* End current session */
224 $old_session = session_name();
225 $old_id = session_id();
226 session_write_close();
228 /* Load single signon session */
229 session_name($session_name);
230 session_id($_COOKIE[$session_name]);
233 /* Set error message */
234 if (! empty($GLOBALS['login_without_password_is_forbidden'])) {
235 $_SESSION['PMA_single_signon_error_message'] = __('Login without a password is forbidden by configuration (see AllowNoPassword)');
236 } elseif (! empty($GLOBALS['allowDeny_forbidden'])) {
237 $_SESSION['PMA_single_signon_error_message'] = __('Access denied');
238 } elseif (! empty($GLOBALS['no_activity'])) {
239 $_SESSION['PMA_single_signon_error_message'] = sprintf(__('No activity within %s seconds; please log in again'), $GLOBALS['cfg']['LoginCookieValidity']);
240 } elseif (PMA_DBI_getError()) {
241 $_SESSION['PMA_single_signon_error_message'] = PMA_sanitize(PMA_DBI_getError());
243 $_SESSION['PMA_single_signon_error_message'] = __('Cannot log in to the MySQL server');
247 } // end of the 'PMA_auth_fails()' function