2 /* vim: set expandtab sw=4 ts=4 sts=4: */
4 * Set of functions used to run http authentication.
5 * NOTE: Requires PHP loaded as a Apache module.
7 * @package phpMyAdmin-Auth-HTTP
12 * Displays authentication form
14 * @global string the font face to use in case of failure
15 * @global string the default font size to use in case of failure
16 * @global string the big font size to use in case of failure
18 * @return boolean always true (no return indeed)
24 /* Perform logout to custom URL */
25 if (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) {
26 PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']);
30 if (empty($GLOBALS['cfg']['Server']['auth_http_realm'])) {
31 if (empty($GLOBALS['cfg']['Server']['verbose'])) {
32 $server_message = $GLOBALS['cfg']['Server']['host'];
34 $server_message = $GLOBALS['cfg']['Server']['verbose'];
36 $realm_message = 'phpMyAdmin ' . $server_message;
38 $realm_message = $GLOBALS['cfg']['Server']['auth_http_realm'];
40 // remove non US-ASCII to respect RFC2616
41 $realm_message = preg_replace('/[^\x20-\x7e]/i', '', $realm_message);
42 header('WWW-Authenticate: Basic realm="' . $realm_message . '"');
43 header('HTTP/1.0 401 Unauthorized');
44 if (php_sapi_name() !== 'cgi-fcgi') {
45 header('status: 401 Unauthorized');
48 // Defines the charset to be used
49 header('Content-Type: text/html; charset=utf-8');
51 $page_title = __('Access denied');
52 require './libraries/header_meta_style.inc.php';
57 if (file_exists(CUSTOM_HEADER_FILE
)) {
58 require CUSTOM_HEADER_FILE
;
64 <h1
><?php
echo sprintf(__('Welcome to %s'), ' phpMyAdmin'); ?
></h1
>
69 PMA_Message
::error(__('Wrong username/password. Access denied.'))->display();
71 if (file_exists(CUSTOM_FOOTER_FILE
)) {
72 require CUSTOM_FOOTER_FILE
;
80 } // end of the 'PMA_auth()' function
84 * Gets advanced authentication settings
86 * @global string the username if register_globals is on
87 * @global string the password if register_globals is on
88 * @global array the array of server variables if register_globals is
90 * @global array the array of environment variables if register_globals
92 * @global string the username for the ? server
93 * @global string the password for the ? server
94 * @global string the username for the WebSite Professional server
95 * @global string the password for the WebSite Professional server
96 * @global string the username of the user who logs out
98 * @return boolean whether we get authentication settings or not
102 function PMA_auth_check()
104 global $PHP_AUTH_USER, $PHP_AUTH_PW;
107 // Grabs the $PHP_AUTH_USER variable whatever are the values of the
108 // 'register_globals' and the 'variables_order' directives
109 if (empty($PHP_AUTH_USER)) {
110 if (PMA_getenv('PHP_AUTH_USER')) {
111 $PHP_AUTH_USER = PMA_getenv('PHP_AUTH_USER');
112 } elseif (PMA_getenv('REMOTE_USER')) {
113 // CGI, might be encoded, see below
114 $PHP_AUTH_USER = PMA_getenv('REMOTE_USER');
115 } elseif (PMA_getenv('REDIRECT_REMOTE_USER')) {
116 // CGI, might be encoded, see below
117 $PHP_AUTH_USER = PMA_getenv('REDIRECT_REMOTE_USER');
118 } elseif (PMA_getenv('AUTH_USER')) {
119 // WebSite Professional
120 $PHP_AUTH_USER = PMA_getenv('AUTH_USER');
121 } elseif (PMA_getenv('HTTP_AUTHORIZATION')) {
122 // IIS, might be encoded, see below
123 $PHP_AUTH_USER = PMA_getenv('HTTP_AUTHORIZATION');
124 } elseif (PMA_getenv('Authorization')) {
125 // FastCGI, might be encoded, see below
126 $PHP_AUTH_USER = PMA_getenv('Authorization');
129 // Grabs the $PHP_AUTH_PW variable whatever are the values of the
130 // 'register_globals' and the 'variables_order' directives
131 if (empty($PHP_AUTH_PW)) {
132 if (PMA_getenv('PHP_AUTH_PW')) {
133 $PHP_AUTH_PW = PMA_getenv('PHP_AUTH_PW');
134 } elseif (PMA_getenv('REMOTE_PASSWORD')) {
136 $PHP_AUTH_PW = PMA_getenv('REMOTE_PASSWORD');
137 } elseif (PMA_getenv('AUTH_PASSWORD')) {
138 // WebSite Professional
139 $PHP_AUTH_PW = PMA_getenv('AUTH_PASSWORD');
143 // Decode possibly encoded information (used by IIS/CGI/FastCGI)
144 // (do not use explode() because a user might have a colon in his password
145 if (strcmp(substr($PHP_AUTH_USER, 0, 6), 'Basic ') == 0) {
146 $usr_pass = base64_decode(substr($PHP_AUTH_USER, 6));
147 if (! empty($usr_pass)) {
148 $colon = strpos($usr_pass, ':');
150 $PHP_AUTH_USER = substr($usr_pass, 0, $colon);
151 $PHP_AUTH_PW = substr($usr_pass, $colon +
1);
158 // User logged out -> ensure the new username is not the same
160 && (isset($PHP_AUTH_USER) && $old_usr == $PHP_AUTH_USER)) {
162 // -> delete user's choices that were stored in session
166 // Returns whether we get authentication settings or not
167 if (empty($PHP_AUTH_USER)) {
172 } // end of the 'PMA_auth_check()' function
176 * Set the user and password after last checkings if required
178 * @global array the valid servers settings
179 * @global integer the id of the current server
180 * @global array the current server settings
181 * @global string the current username
182 * @global string the current password
184 * @return boolean always true
188 function PMA_auth_set_user()
190 global $cfg, $server;
191 global $PHP_AUTH_USER, $PHP_AUTH_PW;
193 // Ensures valid authentication mode, 'only_db', bookmark database and
194 // table names and relation table name are used
195 if ($cfg['Server']['user'] != $PHP_AUTH_USER) {
196 $servers_cnt = count($cfg['Servers']);
197 for ($i = 1; $i <= $servers_cnt; $i++
) {
198 if (isset($cfg['Servers'][$i])
199 && ($cfg['Servers'][$i]['host'] == $cfg['Server']['host'] && $cfg['Servers'][$i]['user'] == $PHP_AUTH_USER)) {
201 $cfg['Server'] = $cfg['Servers'][$i];
207 $cfg['Server']['user'] = $PHP_AUTH_USER;
208 $cfg['Server']['password'] = $PHP_AUTH_PW;
211 } // end of the 'PMA_auth_set_user()' function
215 * User is not allowed to login to MySQL -> authentication failed
217 * @return boolean always true (no return indeed)
221 function PMA_auth_fails()
223 $error = PMA_DBI_getError();
224 if ($error && $GLOBALS['errno'] != 1045) {
225 PMA_fatalError($error);
231 } // end of the 'PMA_auth_fails()' function