libraries/auth/signon.auth.lib.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * Set of functions used to run single signon authentication.
   5  *
   6  * @package phpMyAdmin-Auth-Signon
   7  */
   8
   9
  10 /**
  11  * Displays authentication form
  12  *
  13  * @global  string    the font face to use in case of failure
  14  * @global  string    the default font size to use in case of failure
  15  * @global  string    the big font size to use in case of failure
  16  *
  17  * @return  boolean   always true (no return indeed)
  18  *
  19  * @access  public
  20  */
  21 function PMA_auth() {
  22     if (empty($GLOBALS['cfg']['Server']['SignonURL'])) {
  23         PMA_fatalError('You must set SignonURL!');
  24     } elseif (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) {
  25         /* Perform logout to custom URL */
  26         PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']);
  27     } else {
  28         PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['SignonURL']);
  29     }
  30     exit();
  31 } // end of the 'PMA_auth()' function
  32
  33
  34 /**
  35  * Gets advanced authentication settings
  36  *
  37  * @global  string    the username if register_globals is on
  38  * @global  string    the password if register_globals is on
  39  * @global  array     the array of server variables if register_globals is
  40  *                    off
  41  * @global  array     the array of environment variables if register_globals
  42  *                    is off
  43  * @global  string    the username for the ? server
  44  * @global  string    the password for the ? server
  45  * @global  string    the username for the WebSite Professional server
  46  * @global  string    the password for the WebSite Professional server
  47  * @global  string    the username of the user who logs out
  48  *
  49  * @return  boolean   whether we get authentication settings or not
  50  *
  51  * @access  public
  52  */
  53 function PMA_auth_check()
  54 {
  55     global $PHP_AUTH_USER, $PHP_AUTH_PW;
  56
  57     /* Session name */
  58     $session_name = $GLOBALS['cfg']['Server']['SignonSession'];
  59
  60     /* Current host */
  61     $single_signon_host = $GLOBALS['cfg']['Server']['host'];
  62
  63     /* Current port */
  64     $single_signon_port = $GLOBALS['cfg']['Server']['port'];
  65
  66     /* No configuration updates */
  67     $single_signon_cfgupdate = array();
  68
  69     /* Are we requested to do logout? */
  70     $do_logout = !empty($_REQUEST['old_usr']);
  71
  72     /* Does session exist? */
  73     if (isset($_COOKIE[$session_name])) {
  74         /* End current session */
  75         $old_session = session_name();
  76         $old_id = session_id();
  77         session_write_close();
  78
  79         /* Load single signon session */
  80         session_name($session_name);
  81         session_id($_COOKIE[$session_name]);
  82         session_start();
  83
  84         /* Clear error message */
  85         unset($_SESSION['PMA_single_signon_error_message']);
  86
  87         /* Grab credentials if they exist */
  88         if (isset($_SESSION['PMA_single_signon_user'])) {
  89             if ($do_logout) {
  90                 $PHP_AUTH_USER = '';
  91             } else {
  92                 $PHP_AUTH_USER = $_SESSION['PMA_single_signon_user'];
  93             }
  94         }
  95         if (isset($_SESSION['PMA_single_signon_password'])) {
  96             if ($do_logout) {
  97                 $PHP_AUTH_PW = '';
  98             } else {
  99                 $PHP_AUTH_PW = $_SESSION['PMA_single_signon_password'];
 100             }
 101         }
 102         if (isset($_SESSION['PMA_single_signon_host'])) {
 103                 $single_signon_host = $_SESSION['PMA_single_signon_host'];
 104         }
 105
 106         if (isset($_SESSION['PMA_single_signon_port'])) {
 107             $single_signon_port = $_SESSION['PMA_single_signon_port'];
 108         }
 109
 110         if (isset($_SESSION['PMA_single_signon_cfgupdate'])) {
 111             $single_signon_cfgupdate = $_SESSION['PMA_single_signon_cfgupdate'];
 112         }
 113
 114
 115         /* Also get token as it is needed to access subpages */
 116         if (isset($_SESSION['PMA_single_signon_token'])) {
 117             /* No need to care about token on logout */
 118             $pma_token = $_SESSION['PMA_single_signon_token'];
 119         }
 120
 121         /* End single signon session */
 122         session_write_close();
 123
 124         /* Restart phpMyAdmin session */
 125         session_name($old_session);
 126         if (!empty($old_id)) {
 127             session_id($old_id);
 128         }
 129         session_start();
 130
 131         /* Set the single signon host */
 132         $GLOBALS['cfg']['Server']['host'] = $single_signon_host;
 133
 134         /* Set the single signon port */
 135         $GLOBALS['cfg']['Server']['port'] = $single_signon_port;
 136
 137         /* Configuration update */
 138         $GLOBALS['cfg']['Server'] = array_merge($GLOBALS['cfg']['Server'], $single_signon_cfgupdate);
 139
 140         /* Restore our token */
 141         if (!empty($pma_token)) {
 142             $_SESSION[' PMA_token '] = $pma_token;
 143         }
 144
 145         /**
 146          * Clear user cache.
 147          */
 148         PMA_clearUserCache();
 149     }
 150
 151     // Returns whether we get authentication settings or not
 152     if (empty($PHP_AUTH_USER)) {
 153         return false;
 154     } else {
 155         return true;
 156     }
 157 } // end of the 'PMA_auth_check()' function
 158
 159
 160 /**
 161  * Set the user and password after last checkings if required
 162  *
 163  * @global  array     the valid servers settings
 164  * @global  integer   the id of the current server
 165  * @global  array     the current server settings
 166  * @global  string    the current username
 167  * @global  string    the current password
 168  *
 169  * @return  boolean   always true
 170  *
 171  * @access  public
 172  */
 173 function PMA_auth_set_user()
 174 {
 175     global $cfg;
 176     global $PHP_AUTH_USER, $PHP_AUTH_PW;
 177
 178     $cfg['Server']['user']     = $PHP_AUTH_USER;
 179     $cfg['Server']['password'] = $PHP_AUTH_PW;
 180
 181     return true;
 182 } // end of the 'PMA_auth_set_user()' function
 183
 184
 185 /**
 186  * User is not allowed to login to MySQL -> authentication failed
 187  *
 188  * @return  boolean   always true (no return indeed)
 189  *
 190  * @access  public
 191  */
 192 function PMA_auth_fails()
 193 {
 194     if (! empty($GLOBALS['login_without_password_is_forbidden'])) {
 195         $_SESSION['PMA_single_signon_error_message'] = __('Login without a password is forbidden by configuration (see AllowNoPassword)');
 196     } elseif (! empty($GLOBALS['allowDeny_forbidden'])) {
 197         $_SESSION['PMA_single_signon_error_message'] = __('Access denied');
 198     } elseif (! empty($GLOBALS['no_activity'])) {
 199         $_SESSION['PMA_single_signon_error_message'] = sprintf(__('No activity within %s seconds; please log in again'), $GLOBALS['cfg']['LoginCookieValidity']);
 200     } elseif (PMA_DBI_getError()) {
 201         $_SESSION['PMA_single_signon_error_message'] = PMA_sanitize(PMA_DBI_getError());
 202     } elseif (isset($php_errormsg)) {
 203         $_SESSION['PMA_single_signon_error_message'] = $php_errormsg;
 204     } else {
 205         $_SESSION['PMA_single_signon_error_message'] = __('Cannot log in to the MySQL server');
 206     }
 207     PMA_auth();
 208 } // end of the 'PMA_auth_fails()' function
 209
 210 ?>