remove todo, after upgrade PHPExcel
[phpmyadmin/arisferyanto.git] / libraries / auth / http.auth.lib.php
blob9ab2d2634252bbc0b9ee65904f628a21517c5ef6
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Set of functions used to run http authentication.
5 * NOTE: Requires PHP loaded as a Apache module.
7 * @package phpMyAdmin-Auth-HTTP
8 * @version $Id$
9 */
12 /**
13 * Displays authentication form
15 * @global string the font face to use in case of failure
16 * @global string the default font size to use in case of failure
17 * @global string the big font size to use in case of failure
19 * @return boolean always true (no return indeed)
21 * @access public
23 function PMA_auth()
25 /* Perform logout to custom URL */
26 if (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) {
27 PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']);
28 exit;
31 if (empty($GLOBALS['cfg']['Server']['verbose'])) {
32 $server_message = $GLOBALS['cfg']['Server']['host'];
33 } else {
34 $server_message = $GLOBALS['cfg']['Server']['verbose'];
36 // remove non US-ASCII to respect RFC2616
37 $server_message = preg_replace('/[^\x20-\x7e]/i', '', $server_message);
38 header('WWW-Authenticate: Basic realm="phpMyAdmin ' . $server_message . '"');
39 header('HTTP/1.0 401 Unauthorized');
40 if (php_sapi_name() !== 'cgi-fcgi') {
41 header('status: 401 Unauthorized');
44 // Defines the charset to be used
45 header('Content-Type: text/html; charset=' . $GLOBALS['charset']);
46 /* HTML header */
47 $page_title = $GLOBALS['strAccessDenied'];
48 require './libraries/header_meta_style.inc.php';
50 </head>
51 <body>
52 <?php
53 if (file_exists('./config.header.inc.php')) {
54 require './config.header.inc.php';
58 <br /><br />
59 <center>
60 <h1><?php echo sprintf($GLOBALS['strWelcome'], ' phpMyAdmin'); ?></h1>
61 </center>
62 <br />
64 <?php
65 PMA_Message::error('strWrongUser')->display();
67 if (file_exists('./config.footer.inc.php')) {
68 require './config.footer.inc.php';
72 </body>
73 </html>
74 <?php
75 exit();
76 } // end of the 'PMA_auth()' function
79 /**
80 * Gets advanced authentication settings
82 * @global string the username if register_globals is on
83 * @global string the password if register_globals is on
84 * @global array the array of server variables if register_globals is
85 * off
86 * @global array the array of environment variables if register_globals
87 * is off
88 * @global string the username for the ? server
89 * @global string the password for the ? server
90 * @global string the username for the WebSite Professional server
91 * @global string the password for the WebSite Professional server
92 * @global string the username of the user who logs out
94 * @return boolean whether we get authentication settings or not
96 * @access public
98 function PMA_auth_check()
100 global $PHP_AUTH_USER, $PHP_AUTH_PW;
101 global $old_usr;
103 // Grabs the $PHP_AUTH_USER variable whatever are the values of the
104 // 'register_globals' and the 'variables_order' directives
105 if (empty($PHP_AUTH_USER)) {
106 if (PMA_getenv('PHP_AUTH_USER')) {
107 $PHP_AUTH_USER = PMA_getenv('PHP_AUTH_USER');
108 } elseif (PMA_getenv('REMOTE_USER')) {
109 // CGI, might be encoded, see below
110 $PHP_AUTH_USER = PMA_getenv('REMOTE_USER');
111 } elseif (PMA_getenv('REDIRECT_REMOTE_USER')) {
112 // CGI, might be encoded, see below
113 $PHP_AUTH_USER = PMA_getenv('REDIRECT_REMOTE_USER');
114 } elseif (PMA_getenv('AUTH_USER')) {
115 // WebSite Professional
116 $PHP_AUTH_USER = PMA_getenv('AUTH_USER');
117 } elseif (PMA_getenv('HTTP_AUTHORIZATION')) {
118 // IIS, might be encoded, see below
119 $PHP_AUTH_USER = PMA_getenv('HTTP_AUTHORIZATION');
120 } elseif (PMA_getenv('Authorization')) {
121 // FastCGI, might be encoded, see below
122 $PHP_AUTH_USER = PMA_getenv('Authorization');
125 // Grabs the $PHP_AUTH_PW variable whatever are the values of the
126 // 'register_globals' and the 'variables_order' directives
127 if (empty($PHP_AUTH_PW)) {
128 if (PMA_getenv('PHP_AUTH_PW')) {
129 $PHP_AUTH_PW = PMA_getenv('PHP_AUTH_PW');
130 } elseif (PMA_getenv('REMOTE_PASSWORD')) {
131 // Apache/CGI
132 $PHP_AUTH_PW = PMA_getenv('REMOTE_PASSWORD');
133 } elseif (PMA_getenv('AUTH_PASSWORD')) {
134 // WebSite Professional
135 $PHP_AUTH_PW = PMA_getenv('AUTH_PASSWORD');
139 // Decode possibly encoded information (used by IIS/CGI/FastCGI)
140 // (do not use explode() because a user might have a colon in his password
141 if (strcmp(substr($PHP_AUTH_USER, 0, 6), 'Basic ') == 0) {
142 $usr_pass = base64_decode(substr($PHP_AUTH_USER, 6));
143 if (! empty($usr_pass)) {
144 $colon = strpos($usr_pass, ':');
145 if ($colon) {
146 $PHP_AUTH_USER = substr($usr_pass, 0, $colon);
147 $PHP_AUTH_PW = substr($usr_pass, $colon + 1);
149 unset($colon);
151 unset($usr_pass);
154 // User logged out -> ensure the new username is not the same
155 if (!empty($old_usr)
156 && (isset($PHP_AUTH_USER) && $old_usr == $PHP_AUTH_USER)) {
157 $PHP_AUTH_USER = '';
158 // -> delete user's choices that were stored in session
159 session_destroy();
162 // Returns whether we get authentication settings or not
163 if (empty($PHP_AUTH_USER)) {
164 return false;
165 } else {
166 return true;
168 } // end of the 'PMA_auth_check()' function
172 * Set the user and password after last checkings if required
174 * @global array the valid servers settings
175 * @global integer the id of the current server
176 * @global array the current server settings
177 * @global string the current username
178 * @global string the current password
180 * @return boolean always true
182 * @access public
184 function PMA_auth_set_user()
186 global $cfg, $server;
187 global $PHP_AUTH_USER, $PHP_AUTH_PW;
189 // Ensures valid authentication mode, 'only_db', bookmark database and
190 // table names and relation table name are used
191 if ($cfg['Server']['user'] != $PHP_AUTH_USER) {
192 $servers_cnt = count($cfg['Servers']);
193 for ($i = 1; $i <= $servers_cnt; $i++) {
194 if (isset($cfg['Servers'][$i])
195 && ($cfg['Servers'][$i]['host'] == $cfg['Server']['host'] && $cfg['Servers'][$i]['user'] == $PHP_AUTH_USER)) {
196 $server = $i;
197 $cfg['Server'] = $cfg['Servers'][$i];
198 break;
200 } // end for
201 } // end if
203 $cfg['Server']['user'] = $PHP_AUTH_USER;
204 $cfg['Server']['password'] = $PHP_AUTH_PW;
206 return true;
207 } // end of the 'PMA_auth_set_user()' function
211 * User is not allowed to login to MySQL -> authentication failed
213 * @return boolean always true (no return indeed)
215 * @access public
217 function PMA_auth_fails()
219 $error = PMA_DBI_getError();
220 if ($error && $GLOBALS['errno'] != 1045) {
221 PMA_fatalError($error);
222 } else {
223 PMA_auth();
224 return true;
227 } // end of the 'PMA_auth_fails()' function