[adminer-svn] SF.net SVN: adminer:[1418] branches/sqlite/adminer
Database management in a single PHP file
Brought to you by:
jakubvrana
From: <jak...@us...> - 2010-04-12 08:18:38
|
Revision: 1418 http://adminer.svn.sourceforge.net/adminer/?rev=1418&view=rev Author: jakubvrana Date: 2010-04-12 08:18:31 +0000 (Mon, 12 Apr 2010) Log Message: ----------- Save driver in session Modified Paths: -------------- branches/sqlite/adminer/drivers/mssql.inc.php branches/sqlite/adminer/drivers/mysql.inc.php branches/sqlite/adminer/drivers/pgsql.inc.php branches/sqlite/adminer/include/auth.inc.php branches/sqlite/adminer/include/bootstrap.inc.php branches/sqlite/adminer/include/design.inc.php branches/sqlite/adminer/include/functions.inc.php Modified: branches/sqlite/adminer/drivers/mssql.inc.php =================================================================== --- branches/sqlite/adminer/drivers/mssql.inc.php 2010-04-11 00:02:01 UTC (rev 1417) +++ branches/sqlite/adminer/drivers/mssql.inc.php 2010-04-12 08:18:31 UTC (rev 1418) @@ -237,16 +237,8 @@ return $connection->error; } - function get_databases($flush = true) { - $return = &get_session("databases"); - if (!isset($return)) { - $return = get_vals("EXEC sp_databases"); - if ($flush) { - ob_flush(); - flush(); - } - } - return $return; + function get_databases() { + return get_vals("EXEC sp_databases"); } function limit($query, $limit, $offset = 0) { Modified: branches/sqlite/adminer/drivers/mysql.inc.php =================================================================== --- branches/sqlite/adminer/drivers/mysql.inc.php 2010-04-11 00:02:01 UTC (rev 1417) +++ branches/sqlite/adminer/drivers/mysql.inc.php 2010-04-12 08:18:31 UTC (rev 1418) @@ -246,12 +246,12 @@ // SHOW DATABASES can take a very long time so it is cached $return = &get_session("databases"); if (!isset($return)) { - restart_session(); - $return = get_vals("SHOW DATABASES"); if ($flush) { + restart_session(); ob_flush(); flush(); } + $return = get_vals("SHOW DATABASES"); } return $return; } Modified: branches/sqlite/adminer/drivers/pgsql.inc.php =================================================================== --- branches/sqlite/adminer/drivers/pgsql.inc.php 2010-04-11 00:02:01 UTC (rev 1417) +++ branches/sqlite/adminer/drivers/pgsql.inc.php 2010-04-12 08:18:31 UTC (rev 1418) @@ -150,16 +150,8 @@ return $connection->error; } - function get_databases($flush = true) { - $return = &get_session("databases"); - if (!isset($return)) { - $return = get_vals("SELECT datname FROM pg_database"); - if ($flush) { - ob_flush(); - flush(); - } - } - return $return; + function get_databases() { + return get_vals("SELECT datname FROM pg_database"); } function limit($query, $limit, $offset = 0) { Modified: branches/sqlite/adminer/include/auth.inc.php =================================================================== --- branches/sqlite/adminer/include/auth.inc.php 2010-04-11 00:02:01 UTC (rev 1417) +++ branches/sqlite/adminer/include/auth.inc.php 2010-04-12 08:18:31 UTC (rev 1418) @@ -7,6 +7,8 @@ exit; } +$_GET["server"] = $_GET[$_GET["driver"]]; // translate pgsql=localhost to driver=pgsql&server=localhost + if (isset($_POST["server"])) { session_regenerate_id(); // defense against session fixation $_SESSION["passwords"][$_POST["driver"]][$_POST["server"]][$_POST["username"]] = $_POST["password"]; @@ -18,10 +20,10 @@ . ":" . base64_encode($_POST["driver"]) ); } - $same_connection = ((string) $_GET["driver"] === $_POST["driver"] && (string) $_GET["server"] === $_POST["server"] && $_GET["username"] === $_POST["username"]); - if (count($_POST) == ($_POST["permanent"] ? 5 : 4) || !$same_connection) { // 4 - driver, server, username, password + $same_connection = ($_GET["driver"] == $_POST["driver"] && $_GET["server"] == $_POST["server"] && $_GET["username"] === $_POST["username"]); // === - "0" == "00" + if (!$same_connection || count($_POST) == ($_POST["permanent"] ? 5 : 4)) { // 4 - driver, server, username, password $location = ($same_connection ? remove_from_uri(session_name()) : preg_replace('~\\?.*~', '', ME) . "?" . ($_POST["driver"] != "server" || $_POST["server"] != "" ? urlencode($_POST["driver"]) . "=" . urlencode($_POST["server"]) . "&" : "") . "username=" . urlencode($_POST["username"])); - if (SID_FORM) { + if (SID) { $location = substr_replace($location, SID . "&", strpos($location, '?') + 1, 0); } redirect($location); @@ -36,15 +38,12 @@ foreach (array("passwords", "databases", "history") as $key) { set_session($key, null); } - if (!$_SESSION["passwords"]) { // don't require login to logout - $_SESSION["passwords"] = array(); - } cookie("adminer_permanent", ""); redirect(substr(preg_replace('~(username|db)=[^&]*&~', '', ME), 0, -1), lang('Logout successful.')); } } elseif ($_COOKIE["adminer_permanent"]) { list($server, $username, $cipher, $system) = array_map('base64_decode', explode(":", $_COOKIE["adminer_permanent"])); // $driver is a global variable - if ($server == $_GET["server"] && $username == $_GET["username"] && $system == $_GET["driver"]) { + if ($server == $_GET["server"] && $username === $_GET["username"] && $system == $_GET["driver"]) { session_regenerate_id(); // defense against session fixation set_session("passwords", decrypt_string($cipher, $adminer->permanentLogin())); } @@ -53,10 +52,23 @@ function auth_error($exception = null) { global $connection, $adminer; $session_name = session_name(); - page_header(lang('Login'), (isset($_GET["username"]) ? h($exception ? $exception->getMessage() : (is_string($connection) ? $connection : lang('Invalid credentials.'))) - : (!$_COOKIE[$session_name] && $_GET[$session_name] && ini_get("session.use_only_cookies") ? lang('Session support must be enabled.') - : (($_COOKIE[$session_name] || $_GET[$session_name]) && !isset($_SESSION["passwords"]) ? lang('Session expired, please login again.') - : ""))), null); + $error = ""; + if (!$_COOKIE[$session_name] && $_GET[$session_name] && ini_get("session.use_only_cookies")) { + $error = lang('Session support must be enabled.'); + } elseif (isset($_GET["username"])) { + if (($_COOKIE[$session_name] || $_GET[$session_name]) && !isset($_SESSION["token"])) { + $error = lang('Session expired, please login again.'); + } else { + $password = get_session("passwords"); + if (isset($password)) { + $error = h($exception ? $exception->getMessage() : (is_string($connection) ? $connection : lang('Invalid credentials.'))); + } + } + if (!$_SESSION["token"]) { // checked for existence of session + $_SESSION["token"] = rand(1, 1e6); + } + } + page_header(lang('Login'), $error, null); echo "<form action='' method='post'>\n"; $adminer->loginForm(); echo "<div>"; Modified: branches/sqlite/adminer/include/bootstrap.inc.php =================================================================== --- branches/sqlite/adminer/include/bootstrap.inc.php 2010-04-11 00:02:01 UTC (rev 1417) +++ branches/sqlite/adminer/include/bootstrap.inc.php 2010-04-12 08:18:31 UTC (rev 1418) @@ -75,6 +75,9 @@ } @set_time_limit(0); // @ - can be disabled +define("DB", $_GET["db"]); // for the sake of speed and size +define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . '?' . (SID && !ini_get("session.use_only_cookies") ? SID . '&' : '') . (isset($_GET["server"]) ? urlencode($_GET["driver"]) . "=" . urlencode($_GET["server"]) . '&' : '') . (isset($_GET["username"]) ? "username=" . urlencode($_GET["username"]) . '&' : '') . (DB != "" ? 'db=' . urlencode(DB) . '&' : '')); + include "../adminer/include/functions.inc.php"; include "../adminer/include/lang.inc.php"; include "../adminer/lang/$LANG.inc.php"; @@ -83,12 +86,6 @@ include "../adminer/drivers/pgsql.inc.php"; include "../adminer/drivers/mssql.inc.php"; include "../adminer/drivers/mysql.inc.php"; // must be included as last driver - -$_GET["server"] = $_GET[$_GET["driver"]]; // translate pgsql=localhost to driver=pgsql&server=localhost -define("DB", $_GET["db"]); // for the sake of speed and size -define("SID_FORM", SID && !ini_get("session.use_only_cookies") ? '<input type="hidden" name="' . session_name() . '" value="' . h(session_id()) . '">' : ''); -define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . '?' . (SID_FORM ? SID . '&' : '') . (isset($_GET["server"]) ? urlencode($_GET["driver"]) . "=" . urlencode($_GET["server"]) . '&' : '') . (isset($_GET["username"]) ? "username=" . urlencode($_GET["username"]) . '&' : '') . (DB != "" ? 'db=' . urlencode(DB) . '&' : '')); - include "../adminer/include/version.inc.php"; include "./include/adminer.inc.php"; include "../adminer/include/design.inc.php"; Modified: branches/sqlite/adminer/include/design.inc.php =================================================================== --- branches/sqlite/adminer/include/design.inc.php 2010-04-11 00:02:01 UTC (rev 1417) +++ branches/sqlite/adminer/include/design.inc.php 2010-04-12 08:18:31 UTC (rev 1418) @@ -59,9 +59,6 @@ echo "<div class='message'>" . implode("</div>\n<div class='message'>", $_SESSION["messages"]) . "</div>\n"; $_SESSION["messages"] = array(); } - if (!$_POST && !isset($_SESSION["passwords"])) { // used in auth - $_SESSION["passwords"] = array(); - } $databases = &get_session("databases"); if (DB != "" && $databases && !in_array(DB, $databases, true)) { $databases = null; Modified: branches/sqlite/adminer/include/functions.inc.php =================================================================== --- branches/sqlite/adminer/include/functions.inc.php 2010-04-11 00:02:01 UTC (rev 1417) +++ branches/sqlite/adminer/include/functions.inc.php 2010-04-12 08:18:31 UTC (rev 1418) @@ -443,7 +443,7 @@ * @return null */ function hidden_fields_get() { - echo SID_FORM; + echo (SID ? '<input type="hidden" name="' . session_name() . '" value="' . h(session_id()) . '">' : ''); echo (isset($_GET["server"]) ? '<input type="hidden" name="' . h($_GET["driver"]) . '" value="' . h($_GET["server"]) . '">' : ""); echo '<input type="hidden" name="username" value="' . h($_GET["username"]) . '">'; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |