libraries/auth/http.auth.lib.php

   1 <?php
   2 /* $Id$ */
   3 // vim: expandtab sw=4 ts=4 sts=4:
   4
   5 // +--------------------------------------------------------------------------+
   6 // | Set of functions used to run http authentication.                        |
   7 // | NOTE: Requires PHP loaded as a Apache module.                            |
   8 // +--------------------------------------------------------------------------+
   9
  10
  11 /**
  12  * Displays authentication form
  13  *
  14  * @global  string    the font face to use in case of failure
  15  * @global  string    the default font size to use in case of failure
  16  * @global  string    the big font size to use in case of failure
  17  *
  18  * @return  boolean   always true (no return indeed)
  19  *
  20  * @access  public
  21  */
  22 function PMA_auth() {
  23
  24     /* Perform logout to custom URL */
  25     if (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) {
  26         PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']);
  27         exit;
  28     }
  29
  30     header('WWW-Authenticate: Basic realm="phpMyAdmin ' . sprintf($GLOBALS['strRunning'], (empty($GLOBALS['cfg']['Server']['verbose']) ? str_replace('\'', '\\\'', $GLOBALS['cfg']['Server']['host']) : str_replace('\'', '\\\'', $GLOBALS['cfg']['Server']['verbose']))) .  '"');
  31     header('HTTP/1.0 401 Unauthorized');
  32     header('status: 401 Unauthorized');
  33
  34     // Defines the charset to be used
  35     header('Content-Type: text/html; charset=' . $GLOBALS['charset']);
  36     /* HTML header */
  37     $page_title = $GLOBALS['strAccessDenied'];
  38     require './libraries/header_meta_style.inc.php';
  39     ?>
  40 </head>
  41 <body>
  42 <?php if (file_exists('./config.header.inc.php')) {
  43           require('./config.header.inc.php');
  44       }
  45  ?>
  46
  47 <br /><br />
  48 <center>
  49     <h1><?php echo sprintf($GLOBALS['strWelcome'], ' phpMyAdmin ' . PMA_VERSION); ?></h1>
  50 </center>
  51 <br />
  52 <div class="warning"><?php echo $GLOBALS['strWrongUser']; ?></div>
  53
  54 <?php if (file_exists('./config.footer.inc.php')) {
  55          require('./config.footer.inc.php');
  56       }
  57  ?>
  58
  59 </body>
  60 </html>
  61     <?php
  62     exit();
  63 } // end of the 'PMA_auth()' function
  64
  65
  66 /**
  67  * Gets advanced authentication settings
  68  *
  69  * @global  string    the username if register_globals is on
  70  * @global  string    the password if register_globals is on
  71  * @global  array     the array of server variables if register_globals is
  72  *                    off
  73  * @global  array     the array of environment variables if register_globals
  74  *                    is off
  75  * @global  string    the username for the ? server
  76  * @global  string    the password for the ? server
  77  * @global  string    the username for the WebSite Professional server
  78  * @global  string    the password for the WebSite Professional server
  79  * @global  string    the username of the user who logs out
  80  *
  81  * @return  boolean   whether we get authentication settings or not
  82  *
  83  * @access  public
  84  */
  85 function PMA_auth_check()
  86 {
  87     global $PHP_AUTH_USER, $PHP_AUTH_PW;
  88     global $old_usr;
  89
  90     // Grabs the $PHP_AUTH_USER variable whatever are the values of the
  91     // 'register_globals' and the 'variables_order' directives
  92     // loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+
  93     if (empty($PHP_AUTH_USER)) {
  94         if (PMA_getenv('PHP_AUTH_USER')) {
  95             $PHP_AUTH_USER = PMA_getenv('PHP_AUTH_USER');
  96         } elseif (PMA_getenv('REMOTE_USER')) {
  97             // CGI, might be encoded, see bellow
  98             $PHP_AUTH_USER = PMA_getenv('REMOTE_USER');
  99         } elseif (PMA_getenv('AUTH_USER')) {
 100             // WebSite Professional
 101             $PHP_AUTH_USER = PMA_getenv('AUTH_USER');
 102         } elseif (PMA_getenv('HTTP_AUTHORIZATION')) {
 103             // IIS, might be encoded, see bellow
 104             $PHP_AUTH_USER = PMA_getenv('HTTP_AUTHORIZATION');
 105         } elseif (PMA_getenv('Authorization')) {
 106             // FastCGI, might be encoded, see bellow
 107             $PHP_AUTH_USER = PMA_getenv('Authorization');
 108         }
 109     }
 110     // Grabs the $PHP_AUTH_PW variable whatever are the values of the
 111     // 'register_globals' and the 'variables_order' directives
 112     // loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+
 113     if (empty($PHP_AUTH_PW)) {
 114         if (PMA_getenv('PHP_AUTH_PW')) {
 115             $PHP_AUTH_PW = PMA_getenv('PHP_AUTH_PW');
 116         } elseif (PMA_getenv('REMOTE_PASSWORD')) {
 117             // Apache/CGI
 118             $PHP_AUTH_PW = PMA_getenv('REMOTE_PASSWORD');
 119         } elseif (PMA_getenv('AUTH_PASSWORD')) {
 120             // WebSite Professional
 121             $PHP_AUTH_PW = PMA_getenv('AUTH_PASSWORD');
 122         }
 123     }
 124
 125     // Decode possibly encoded information (used by IIS/CGI/FastCGI)
 126     if (strcmp(substr($PHP_AUTH_USER, 0, 6), 'Basic ') == 0) {
 127         $usr_pass = base64_decode(substr($PHP_AUTH_USER, 6));
 128         if (!empty($usr_pass) && strpos($usr_pass, ':') !== false) {
 129             list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', $usr_pass);
 130         }
 131         unset($usr_pass);
 132     }
 133
 134     // User logged out -> ensure the new username is not the same
 135     if (!empty($old_usr)
 136         && (isset($PHP_AUTH_USER) && $old_usr == $PHP_AUTH_USER)) {
 137         $PHP_AUTH_USER = '';
 138     }
 139
 140     // Returns whether we get authentication settings or not
 141     if (empty($PHP_AUTH_USER)) {
 142         return false;
 143     } else {
 144         return true;
 145     }
 146 } // end of the 'PMA_auth_check()' function
 147
 148
 149 /**
 150  * Set the user and password after last checkings if required
 151  *
 152  * @global  array     the valid servers settings
 153  * @global  integer   the id of the current server
 154  * @global  array     the current server settings
 155  * @global  string    the current username
 156  * @global  string    the current password
 157  *
 158  * @return  boolean   always true
 159  *
 160  * @access  public
 161  */
 162 function PMA_auth_set_user()
 163 {
 164     global $cfg, $server;
 165     global $PHP_AUTH_USER, $PHP_AUTH_PW;
 166
 167     // Ensures valid authentication mode, 'only_db', bookmark database and
 168     // table names and relation table name are used
 169     if ($cfg['Server']['user'] != $PHP_AUTH_USER) {
 170         $servers_cnt = count($cfg['Servers']);
 171         for ($i = 1; $i <= $servers_cnt; $i++) {
 172             if (isset($cfg['Servers'][$i])
 173                 && ($cfg['Servers'][$i]['host'] == $cfg['Server']['host'] && $cfg['Servers'][$i]['user'] == $PHP_AUTH_USER)) {
 174                 $server        = $i;
 175                 $cfg['Server'] = $cfg['Servers'][$i];
 176                 break;
 177             }
 178         } // end for
 179     } // end if
 180
 181     $cfg['Server']['user']     = $PHP_AUTH_USER;
 182     $cfg['Server']['password'] = $PHP_AUTH_PW;
 183
 184     return true;
 185 } // end of the 'PMA_auth_set_user()' function
 186
 187
 188 /**
 189  * User is not allowed to login to MySQL -> authentication failed
 190  *
 191  * @return  boolean   always true (no return indeed)
 192  *
 193  * @access  public
 194  */
 195 function PMA_auth_fails()
 196 {
 197     $error = PMA_DBI_getError();
 198     if ($error && $GLOBALS['errno'] != 1045) {
 199         PMA_sendHeaderLocation('error.php?error=' . urlencode($error));
 200         exit;
 201     } else {
 202         PMA_auth();
 203         return true;
 204     }
 205
 206 } // end of the 'PMA_auth_fails()' function
 207
 208 ?>