search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
bug #2042032 Cannot detect PmaAbsoluteUri correctly on Windows
[phpmyadmin/madhuracj.git] / libraries / auth / cookie.auth.lib.php
blobf81710e05ab10481d713c0e2c5abf2d8b4e178ad
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Set of functions used to run cookie based authentication.
5 * Thanks to Piotr Roszatycki <d3xter at users.sourceforge.net> and
6 * Dan Wilson who built this patch for the Debian package.
7 *
8 * @package phpMyAdmin-Auth-Cookie
9 * @version $Id$
10 */
11
12 if (! defined('PHPMYADMIN')) {
13 exit;
14 }
15
16 /**
17 * Swekey authentication functions.
18 */
19 require './libraries/auth/swekey/swekey.auth.lib.php';
20
21 if (function_exists('mcrypt_encrypt')) {
22 /**
23 * Uses faster mcrypt library if available
24 * (as this is not called from anywhere else, put the code in-line
25 * for faster execution)
26 */
27
28 /**
29 * Initialization
30 * Store the initialization vector because it will be needed for
31 * further decryption. I don't think necessary to have one iv
32 * per server so I don't put the server number in the cookie name.
33 */
34 if (empty($_COOKIE['pma_mcrypt_iv'])
35 || false === ($iv = base64_decode($_COOKIE['pma_mcrypt_iv'], true))) {
36 srand((double) microtime() * 1000000);
37 $td = mcrypt_module_open(MCRYPT_BLOWFISH, '', MCRYPT_MODE_CBC, '');
38 if ($td === false) {
39 trigger_error(PMA_sanitize(sprintf($strCantLoad, 'mcrypt')), E_USER_WARNING);
40 }
41 $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
42 PMA_setCookie('pma_mcrypt_iv', base64_encode($iv));
43 }
44
45 /**
46 * Encryption using blowfish algorithm (mcrypt)
47 *
48 * @param string original data
49 * @param string the secret
50 *
51 * @return string the encrypted result
52 *
53 * @access public
54 *
55 * @author lem9
56 */
57 function PMA_blowfish_encrypt($data, $secret)
58 {
59 global $iv;
60 return base64_encode(mcrypt_encrypt(MCRYPT_BLOWFISH, $secret, $data, MCRYPT_MODE_CBC, $iv));
61 }
62
63 /**
64 * Decryption using blowfish algorithm (mcrypt)
65 *
66 * @param string encrypted data
67 * @param string the secret
68 *
69 * @return string original data
70 *
71 * @access public
72 *
73 * @author lem9
74 */
75 function PMA_blowfish_decrypt($encdata, $secret)
76 {
77 global $iv;
78 return trim(mcrypt_decrypt(MCRYPT_BLOWFISH, $secret, base64_decode($encdata), MCRYPT_MODE_CBC, $iv));
79 }
80
81 } else {
82 require_once './libraries/blowfish.php';
83 if (!$GLOBALS['cfg']['McryptDisableWarning']) {
84 trigger_error(PMA_sanitize(sprintf($strCantLoad, 'mcrypt')), E_USER_WARNING);
85 }
86 }
87
88 /**
89 * Returns blowfish secret or generates one if needed.
90 * @uses $cfg['blowfish_secret']
91 * @uses $_SESSION['auto_blowfish_secret']
92 *
93 * @access public
94 */
95 function PMA_get_blowfish_secret() {
96 if (empty($GLOBALS['cfg']['blowfish_secret'])) {
97 if (empty($_SESSION['auto_blowfish_secret'])) {
98 // this returns 23 characters
99 $_SESSION['auto_blowfish_secret'] = uniqid('', true);
100 }
101 return $_SESSION['auto_blowfish_secret'];
102 } else {
103 // apply md5() to work around too long secrets (returns 32 characters)
104 return md5($GLOBALS['cfg']['blowfish_secret']);
105 }
106 }
107
108 /**
109 * Displays authentication form
110 *
111 * this function MUST exit/quit the application
112 *
113 * @uses $GLOBALS['server']
114 * @uses $GLOBALS['PHP_AUTH_USER']
115 * @uses $GLOBALS['pma_auth_server']
116 * @uses $GLOBALS['text_dir']
117 * @uses $GLOBALS['pmaThemeImage']
118 * @uses $GLOBALS['charset']
119 * @uses $GLOBALS['target']
120 * @uses $GLOBALS['db']
121 * @uses $GLOBALS['table']
122 * @uses $GLOBALS['strWelcome']
123 * @uses $GLOBALS['strSecretRequired']
124 * @uses $GLOBALS['strError']
125 * @uses $GLOBALS['strLogin']
126 * @uses $GLOBALS['strLogServer']
127 * @uses $GLOBALS['strLogUsername']
128 * @uses $GLOBALS['strLogPassword']
129 * @uses $GLOBALS['strServerChoice']
130 * @uses $GLOBALS['strGo']
131 * @uses $GLOBALS['strCookiesRequired']
132 * @uses $GLOBALS['strPmaDocumentation']
133 * @uses $GLOBALS['pmaThemeImage']
134 * @uses $cfg['Servers']
135 * @uses $cfg['LoginCookieRecall']
136 * @uses $cfg['Lang']
137 * @uses $cfg['Server']
138 * @uses $cfg['ReplaceHelpImg']
139 * @uses $cfg['blowfish_secret']
140 * @uses $cfg['AllowArbitraryServer']
141 * @uses $_COOKIE
142 * @uses $_REQUEST['old_usr']
143 * @uses PMA_sendHeaderLocation()
144 * @uses PMA_select_language()
145 * @uses PMA_select_server()
146 * @uses file_exists()
147 * @uses sprintf()
148 * @uses count()
149 * @uses htmlspecialchars()
150 * @uses is_array()
151 * @global string the last connection error
152 *
153 * @access public
154 */
155 function PMA_auth()
156 {
157 global $conn_error;
158
159 /* Perform logout to custom URL */
160 if (! empty($_REQUEST['old_usr'])
161 && ! empty($GLOBALS['cfg']['Server']['LogoutURL'])) {
162 PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']);
163 exit;
164 }
165
166 /* No recall if blowfish secret is not configured as it would produce garbage */
167 if ($GLOBALS['cfg']['LoginCookieRecall'] && !empty($GLOBALS['cfg']['blowfish_secret'])) {
168 $default_user = $GLOBALS['PHP_AUTH_USER'];
169 $default_server = $GLOBALS['pma_auth_server'];
170 $autocomplete = '';
171 } else {
172 $default_user = '';
173 $default_server = '';
174 // skip the IE autocomplete feature.
175 $autocomplete = ' autocomplete="off"';
176 }
177
178 $cell_align = ($GLOBALS['text_dir'] == 'ltr') ? 'left' : 'right';
179
180 // Defines the charset to be used
181 header('Content-Type: text/html; charset=' . $GLOBALS['charset']);
182 // Defines the "item" image depending on text direction
183 $item_img = $GLOBALS['pmaThemeImage'] . 'item_' . $GLOBALS['text_dir'] . '.png';
184
185 /* HTML header; do not show here the PMA version to improve security */
186 $page_title = 'phpMyAdmin ';
187 require './libraries/header_meta_style.inc.php';
188 ?>
189 <script type="text/javascript">
190 //<![CDATA[
191 // show login form in top frame
192 if (top != self) {
193 window.top.location.href=location;
194 }
195 //]]>
196 </script>
197 </head>
198
199 <body class="loginform">
200
201 <?php
202 if (file_exists('./config.header.inc.php')) {
203 require './config.header.inc.php';
204 }
205 ?>
206
207 <div class="container">
208 <a href="http://www.phpmyadmin.net" target="_blank" class="logo"><?php
209 $logo_image = $GLOBALS['pmaThemeImage'] . 'logo_right.png';
210 if (@file_exists($logo_image)) {
211 echo '<img src="' . $logo_image . '" id="imLogo" name="imLogo" alt="phpMyAdmin" border="0" />';
212 } else {
213 echo '<img name="imLogo" id="imLogo" src="' . $GLOBALS['pmaThemeImage'] . 'pma_logo.png' . '" '
214 . 'border="0" width="88" height="31" alt="phpMyAdmin" />';
215 }
216 ?></a>
217 <h1>
218 <?php
219 echo sprintf($GLOBALS['strWelcome'],
220 '<bdo dir="ltr" xml:lang="en">' . $page_title . '</bdo>');
221 ?>
222 </h1>
223 <?php
224
225 // Show error message
226 if (! empty($conn_error)) {
227 PMA_Message::rawError($conn_error)->display();
228 }
229
230 // Displays the languages form
231 if (empty($GLOBALS['cfg']['Lang'])) {
232 require_once './libraries/display_select_lang.lib.php';
233 // use fieldset, don't show doc link
234 PMA_select_language(true, false);
235 }
236
237 ?>
238 <br />
239 <!-- Login form -->
240 <form method="post" action="index.php" name="login_form"<?php echo $autocomplete; ?> target="_top" class="login">
241 <fieldset>
242 <legend>
243 <?php
244 echo $GLOBALS['strLogin'];
245 echo '<a href="./Documentation.html" target="documentation" ' .
246 'title="' . $GLOBALS['strPmaDocumentation'] . '">';
247 if ($GLOBALS['cfg']['ReplaceHelpImg']) {
248 echo '<img class="icon" src="' . $GLOBALS['pmaThemeImage'] . 'b_help.png" width="11" height="11" alt="' . $GLOBALS['strPmaDocumentation'] . '" />';
249 } else {
250 echo '(*)';
251 }
252 echo '</a>';
253 ?>
254 </legend>
255
256 <?php if ($GLOBALS['cfg']['AllowArbitraryServer']) { ?>
257 <div class="item">
258 <label for="input_servername" title="<?php echo $GLOBALS['strLogServerHelp']; ?>"><?php echo $GLOBALS['strLogServer']; ?></label>
259 <input type="text" name="pma_servername" id="input_servername" value="<?php echo htmlspecialchars($default_server); ?>" size="24" class="textfield" title="<?php echo $GLOBALS['strLogServerHelp']; ?>" />
260 </div>
261 <?php } ?>
262 <div class="item">
263 <label for="input_username"><?php echo $GLOBALS['strLogUsername']; ?></label>
264 <input type="text" name="pma_username" id="input_username" value="<?php echo htmlspecialchars($default_user); ?>" size="24" class="textfield"/>
265 </div>
266 <div class="item">
267 <label for="input_password"><?php echo $GLOBALS['strLogPassword']; ?></label>
268 <input type="password" name="pma_password" id="input_password" value="" size="24" class="textfield" />
269 </div>
270 <?php
271 if (count($GLOBALS['cfg']['Servers']) > 1) {
272 ?>
273 <div class="item">
274 <label for="select_server"><?php echo $GLOBALS['strServerChoice']; ?>:</label>
275 <select name="server" id="select_server"
276 <?php
277 if ($GLOBALS['cfg']['AllowArbitraryServer']) {
278 echo ' onchange="document.forms[\'login_form\'].elements[\'pma_servername\'].value = \'\'" ';
279 }
280 echo '>';
281
282 require_once './libraries/select_server.lib.php';
283 PMA_select_server(false, false);
284
285 echo '</select></div>';
286 } else {
287 echo ' <input type="hidden" name="server" value="' . $GLOBALS['server'] . '" />';
288 } // end if (server choice)
289 ?>
290 </fieldset>
291 <fieldset class="tblFooters">
292 <input value="<?php echo $GLOBALS['strGo']; ?>" type="submit" id="input_go" />
293 <?php
294 $_form_params = array();
295 if (! empty($GLOBALS['target'])) {
296 $_form_params['target'] = $GLOBALS['target'];
297 }
298 if (! empty($GLOBALS['db'])) {
299 $_form_params['db'] = $GLOBALS['db'];
300 }
301 if (! empty($GLOBALS['table'])) {
302 $_form_params['table'] = $GLOBALS['table'];
303 }
304 // do not generate a "server" hidden field as we want the "server"
305 // drop-down to have priority
306 echo PMA_generate_common_hidden_inputs($_form_params, '', 0, 'server');
307 ?>
308 </fieldset>
309 </form>
310
311 <?php
312
313 // BEGIN Swekey Integration
314 Swekey_login('input_username', 'input_go');
315 // END Swekey Integration
316
317 // show the "Cookies required" message only if cookies are disabled
318 // (we previously tried to set some cookies)
319 if (empty($_COOKIE)) {
320 trigger_error($GLOBALS['strCookiesRequired'], E_USER_NOTICE);
321 }
322 if ($GLOBALS['error_handler']->hasDisplayErrors()) {
323 echo '<div>';
324 $GLOBALS['error_handler']->dispErrors();
325 echo '</div>';
326 }
327 ?>
328 </div>
329 <script type="text/javascript">
330 // <![CDATA[
331 function PMA_focusInput()
332 {
333 var input_username = document.getElementById('input_username');
334 var input_password = document.getElementById('input_password');
335 if (input_username.value == '') {
336 input_username.focus();
337 } else {
338 input_password.focus();
339 }
340 }
341
342 window.setTimeout('PMA_focusInput()', 500);
343 // ]]>
344 </script>
345 <?php
346 if (file_exists('./config.footer.inc.php')) {
347 require './config.footer.inc.php';
348 }
349 ?>
350 </body>
351 </html>
352 <?php
353 exit;
354 } // end of the 'PMA_auth()' function
355
356
357
358 /**
359 * Gets advanced authentication settings
360 *
361 * this function DOES NOT check authentication - it just checks/provides
362 * authentication credentials required to connect to the MySQL server
363 * usually with PMA_DBI_connect()
364 *
365 * it returns false if something is missing - which usually leads to
366 * PMA_auth() which displays login form
367 *
368 * it returns true if all seems ok which usually leads to PMA_auth_set_user()
369 *
370 * it directly switches to PMA_auth_fails() if user inactivity timout is reached
371 *
372 * @todo AllowArbitraryServer on does not imply that the user wants an
373 * arbitrary server, or? so we should also check if this is filled and
374 * not only if allowed
375 * @uses $GLOBALS['PHP_AUTH_USER']
376 * @uses $GLOBALS['PHP_AUTH_PW']
377 * @uses $GLOBALS['no_activity']
378 * @uses $GLOBALS['server']
379 * @uses $GLOBALS['from_cookie']
380 * @uses $GLOBALS['pma_auth_server']
381 * @uses $cfg['AllowArbitraryServer']
382 * @uses $cfg['LoginCookieValidity']
383 * @uses $cfg['Servers']
384 * @uses $_REQUEST['old_usr'] from logout link
385 * @uses $_REQUEST['pma_username'] from login form
386 * @uses $_REQUEST['pma_password'] from login form
387 * @uses $_REQUEST['pma_servername'] from login form
388 * @uses $_COOKIE
389 * @uses $_SESSION['last_access_time']
390 * @uses PMA_removeCookie()
391 * @uses PMA_blowfish_decrypt()
392 * @uses PMA_auth_fails()
393 * @uses time()
394 *
395 * @return boolean whether we get authentication settings or not
396 *
397 * @access public
398 */
399 function PMA_auth_check()
400 {
401 // Initialization
402 /**
403 * @global $GLOBALS['pma_auth_server'] the user provided server to connect to
404 */
405 $GLOBALS['pma_auth_server'] = '';
406
407 $GLOBALS['PHP_AUTH_USER'] = $GLOBALS['PHP_AUTH_PW'] = '';
408 $GLOBALS['from_cookie'] = false;
409
410 // BEGIN Swekey Integration
411 if (! Swekey_auth_check()) {
412 return false;
413 }
414 // END Swekey Integration
415
416 if (defined('PMA_CLEAR_COOKIES')) {
417 foreach($GLOBALS['cfg']['Servers'] as $key => $val) {
418 PMA_removeCookie('pmaPass-' . $key);
419 PMA_removeCookie('pmaServer-' . $key);
420 PMA_removeCookie('pmaUser-' . $key);
421 }
422 return false;
423 }
424
425 if (! empty($_REQUEST['old_usr'])) {
426 // The user wants to be logged out
427 // -> delete his choices that were stored in session
428
429 // according to the PHP manual we should do this before the destroy:
430 //$_SESSION = array();
431 // but we still need some parts of the session information
432 // in libraries/header_meta_style.inc.php
433
434 session_destroy();
435 // -> delete password cookie(s)
436 if ($GLOBALS['cfg']['LoginCookieDeleteAll']) {
437 foreach($GLOBALS['cfg']['Servers'] as $key => $val) {
438 PMA_removeCookie('pmaPass-' . $key);
439 if (isset($_COOKIE['pmaPass-' . $key])) {
440 unset($_COOKIE['pmaPass-' . $key]);
441 }
442 }
443 } else {
444 PMA_removeCookie('pmaPass-' . $GLOBALS['server']);
445 if (isset($_COOKIE['pmaPass-' . $GLOBALS['server']])) {
446 unset($_COOKIE['pmaPass-' . $GLOBALS['server']]);
447 }
448 }
449 }
450
451 if (! empty($_REQUEST['pma_username'])) {
452 // The user just logged in
453 $GLOBALS['PHP_AUTH_USER'] = $_REQUEST['pma_username'];
454 $GLOBALS['PHP_AUTH_PW'] = empty($_REQUEST['pma_password']) ? '' : $_REQUEST['pma_password'];
455 if ($GLOBALS['cfg']['AllowArbitraryServer'] && isset($_REQUEST['pma_servername'])) {
456 $GLOBALS['pma_auth_server'] = $_REQUEST['pma_servername'];
457 }
458 return true;
459 }
460
461 // At the end, try to set the $GLOBALS['PHP_AUTH_USER']
462 // and $GLOBALS['PHP_AUTH_PW'] variables from cookies
463
464 // servername
465 if ($GLOBALS['cfg']['AllowArbitraryServer']
466 && ! empty($_COOKIE['pmaServer-' . $GLOBALS['server']])) {
467 $GLOBALS['pma_auth_server'] = $_COOKIE['pmaServer-' . $GLOBALS['server']];
468 }
469
470 // username
471 if (empty($_COOKIE['pmaUser-' . $GLOBALS['server']])) {
472 return false;
473 }
474
475 $GLOBALS['PHP_AUTH_USER'] = PMA_blowfish_decrypt(
476 $_COOKIE['pmaUser-' . $GLOBALS['server']],
477 PMA_get_blowfish_secret());
478
479 // user was never logged in since session start
480 if (empty($_SESSION['last_access_time'])) {
481 return false;
482 }
483
484 // User inactive too long
485 if ($_SESSION['last_access_time'] < time() - $GLOBALS['cfg']['LoginCookieValidity']) {
486 PMA_cacheUnset('is_create_db_priv', true);
487 PMA_cacheUnset('is_process_priv', true);
488 PMA_cacheUnset('is_reload_priv', true);
489 PMA_cacheUnset('db_to_create', true);
490 PMA_cacheUnset('dbs_where_create_table_allowed', true);
491 $GLOBALS['no_activity'] = true;
492 PMA_auth_fails();
493 exit;
494 }
495
496 // password
497 if (empty($_COOKIE['pmaPass-' . $GLOBALS['server']])) {
498 return false;
499 }
500
501 $GLOBALS['PHP_AUTH_PW'] = PMA_blowfish_decrypt(
502 $_COOKIE['pmaPass-' . $GLOBALS['server']],
503 PMA_get_blowfish_secret());
504
505 if ($GLOBALS['PHP_AUTH_PW'] == "\xff(blank)") {
506 $GLOBALS['PHP_AUTH_PW'] = '';
507 }
508
509 $GLOBALS['from_cookie'] = true;
510
511 return true;
512 } // end of the 'PMA_auth_check()' function
513
514
515 /**
516 * Set the user and password after last checkings if required
517 *
518 * @uses $GLOBALS['PHP_AUTH_USER']
519 * @uses $GLOBALS['PHP_AUTH_PW']
520 * @uses $GLOBALS['server']
521 * @uses $GLOBALS['from_cookie']
522 * @uses $GLOBALS['pma_auth_server']
523 * @uses $cfg['Server']
524 * @uses $cfg['AllowArbitraryServer']
525 * @uses $cfg['LoginCookieStore']
526 * @uses $cfg['PmaAbsoluteUri']
527 * @uses $_SESSION['last_access_time']
528 * @uses PMA_COMING_FROM_COOKIE_LOGIN
529 * @uses PMA_setCookie()
530 * @uses PMA_blowfish_encrypt()
531 * @uses PMA_removeCookie()
532 * @uses PMA_sendHeaderLocation()
533 * @uses time()
534 * @uses define()
535 * @return boolean always true
536 *
537 * @access public
538 */
539 function PMA_auth_set_user()
540 {
541 global $cfg;
542
543 // Ensures valid authentication mode, 'only_db', bookmark database and
544 // table names and relation table name are used
545 if ($cfg['Server']['user'] != $GLOBALS['PHP_AUTH_USER']) {
546 foreach ($cfg['Servers'] as $idx => $current) {
547 if ($current['host'] == $cfg['Server']['host']
548 && $current['port'] == $cfg['Server']['port']
549 && $current['socket'] == $cfg['Server']['socket']
550 && $current['ssl'] == $cfg['Server']['ssl']
551 && $current['connect_type'] == $cfg['Server']['connect_type']
552 && $current['user'] == $GLOBALS['PHP_AUTH_USER']) {
553 $GLOBALS['server'] = $idx;
554 $cfg['Server'] = $current;
555 break;
556 }
557 } // end foreach
558 } // end if
559
560 if ($GLOBALS['cfg']['AllowArbitraryServer']
561 && ! empty($GLOBALS['pma_auth_server'])) {
562 /* Allow to specify 'host port' */
563 $parts = explode(' ', $GLOBALS['pma_auth_server']);
564 if (count($parts) == 2) {
565 $tmp_host = $parts[0];
566 $tmp_port = $parts[1];
567 } else {
568 $tmp_host = $GLOBALS['pma_auth_server'];
569 $tmp_port = '';
570 }
571 if ($cfg['Server']['host'] != $GLOBALS['pma_auth_server']) {
572 $cfg['Server']['host'] = $tmp_host;
573 if (!empty($tmp_port)) {
574 $cfg['Server']['port'] = $tmp_port;
575 }
576 }
577 unset($tmp_host, $tmp_port, $parts);
578 }
579 $cfg['Server']['user'] = $GLOBALS['PHP_AUTH_USER'];
580 $cfg['Server']['password'] = $GLOBALS['PHP_AUTH_PW'];
581
582 $_SESSION['last_access_time'] = time();
583
584 // Name and password cookies need to be refreshed each time
585 // Duration = one month for username
586 PMA_setCookie('pmaUser-' . $GLOBALS['server'],
587 PMA_blowfish_encrypt($cfg['Server']['user'],
588 PMA_get_blowfish_secret()));
589
590 // Duration = as configured
591 PMA_setCookie('pmaPass-' . $GLOBALS['server'],
592 PMA_blowfish_encrypt(!empty($cfg['Server']['password']) ? $cfg['Server']['password'] : "\xff(blank)",
593 PMA_get_blowfish_secret()),
594 null,
595 $GLOBALS['cfg']['LoginCookieStore']);
596
597 // Set server cookies if required (once per session) and, in this case, force
598 // reload to ensure the client accepts cookies
599 if (! $GLOBALS['from_cookie']) {
600 if ($GLOBALS['cfg']['AllowArbitraryServer']) {
601 if (! empty($GLOBALS['pma_auth_server'])) {
602 // Duration = one month for servername
603 PMA_setCookie('pmaServer-' . $GLOBALS['server'], $cfg['Server']['host']);
604 } else {
605 // Delete servername cookie
606 PMA_removeCookie('pmaServer-' . $GLOBALS['server']);
607 }
608 }
609
610 // URL where to go:
611 $redirect_url = $cfg['PmaAbsoluteUri'] . 'index.php';
612
613 // any parameters to pass?
614 $url_params = array();
615 if (strlen($GLOBALS['db'])) {
616 $url_params['db'] = $GLOBALS['db'];
617 }
618 if (strlen($GLOBALS['table'])) {
619 $url_params['table'] = $GLOBALS['table'];
620 }
621 // any target to pass?
622 if (! empty($GLOBALS['target']) && $GLOBALS['target'] != 'index.php') {
623 $url_params['target'] = $GLOBALS['target'];
624 }
625
626 /**
627 * whether we come from a fresh cookie login
628 */
629 define('PMA_COMING_FROM_COOKIE_LOGIN', true);
630 PMA_sendHeaderLocation($redirect_url . PMA_generate_common_url($url_params, '&'));
631 exit();
632 } // end if
633
634 return true;
635 } // end of the 'PMA_auth_set_user()' function
636
637
638 /**
639 * User is not allowed to login to MySQL -> authentication failed
640 *
641 * prepares error message and switches to PMA_auth() which display the error
642 * and the login form
643 *
644 * this function MUST exit/quit the application,
645 * currently doen by call to PMA_auth()
646 *
647 * @todo $php_errormsg is invalid here!? it will never be set in this scope
648 * @uses $GLOBALS['server']
649 * @uses $GLOBALS['allowDeny_forbidden']
650 * @uses $GLOBALS['strAccessDenied']
651 * @uses $GLOBALS['strNoActivity']
652 * @uses $GLOBALS['strCannotLogin']
653 * @uses $GLOBALS['no_activity']
654 * @uses $cfg['LoginCookieValidity']
655 * @uses PMA_removeCookie()
656 * @uses PMA_getenv()
657 * @uses PMA_DBI_getError()
658 * @uses PMA_sanitize()
659 * @uses PMA_auth()
660 * @uses sprintf()
661 * @uses basename()
662 * @access public
663 */
664 function PMA_auth_fails()
665 {
666 global $conn_error;
667
668 // Deletes password cookie and displays the login form
669 PMA_removeCookie('pmaPass-' . $GLOBALS['server']);
670
671 if (! empty($GLOBALS['login_without_password_is_forbidden'])) {
672 $conn_error = $GLOBALS['strLoginWithoutPassword'];
673 } elseif (! empty($GLOBALS['allowDeny_forbidden'])) {
674 $conn_error = $GLOBALS['strAccessDenied'];
675 } elseif (! empty($GLOBALS['no_activity'])) {
676 $conn_error = sprintf($GLOBALS['strNoActivity'], $GLOBALS['cfg']['LoginCookieValidity']);
677 // Remember where we got timeout to return on same place
678 if (PMA_getenv('SCRIPT_NAME')) {
679 $GLOBALS['target'] = basename(PMA_getenv('SCRIPT_NAME'));
680 // avoid "missing parameter: field" on re-entry
681 if ('tbl_alter.php' == $GLOBALS['target']) {
682 $GLOBALS['target'] = 'tbl_structure.php';
683 }
684 }
685 } elseif (PMA_DBI_getError()) {
686 $conn_error = PMA_sanitize(PMA_DBI_getError());
687 } elseif (isset($php_errormsg)) {
688 $conn_error = $php_errormsg;
689 } else {
690 $conn_error = $GLOBALS['strCannotLogin'];
691 }
692
693 // needed for PHP-CGI (not need for FastCGI or mod-php)
694 header('Cache-Control: no-store, no-cache, must-revalidate');
695 header('Pragma: no-cache');
696
697 PMA_auth();
698 } // end of the 'PMA_auth_fails()' function
699
700 ?>
OpenGIS support for phpMyAdmin, GSoC 2011