[adminer-svn] SF.net SVN: adminer:[1418] branches/sqlite/adminer
Database management in a single PHP file
Brought to you by:
jakubvrana
Menu
▾
▴
[adminer-svn] SF.net SVN: adminer:[1418] branches/sqlite/adminer
|
From: <jak...@us...> - 2010-04-12 08:18:38
|
Revision: 1418
http://adminer.svn.sourceforge.net/adminer/?rev=1418&view=rev
Author: jakubvrana
Date: 2010-04-12 08:18:31 +0000 (Mon, 12 Apr 2010)
Log Message:
-----------
Save driver in session
Modified Paths:
--------------
branches/sqlite/adminer/drivers/mssql.inc.php
branches/sqlite/adminer/drivers/mysql.inc.php
branches/sqlite/adminer/drivers/pgsql.inc.php
branches/sqlite/adminer/include/auth.inc.php
branches/sqlite/adminer/include/bootstrap.inc.php
branches/sqlite/adminer/include/design.inc.php
branches/sqlite/adminer/include/functions.inc.php
Modified: branches/sqlite/adminer/drivers/mssql.inc.php
===================================================================
--- branches/sqlite/adminer/drivers/mssql.inc.php 2010-04-11 00:02:01 UTC (rev 1417)
+++ branches/sqlite/adminer/drivers/mssql.inc.php 2010-04-12 08:18:31 UTC (rev 1418)
@@ -237,16 +237,8 @@
return $connection->error;
}
- function get_databases($flush = true) {
- $return = &get_session("databases");
- if (!isset($return)) {
- $return = get_vals("EXEC sp_databases");
- if ($flush) {
- ob_flush();
- flush();
- }
- }
- return $return;
+ function get_databases() {
+ return get_vals("EXEC sp_databases");
}
function limit($query, $limit, $offset = 0) {
Modified: branches/sqlite/adminer/drivers/mysql.inc.php
===================================================================
--- branches/sqlite/adminer/drivers/mysql.inc.php 2010-04-11 00:02:01 UTC (rev 1417)
+++ branches/sqlite/adminer/drivers/mysql.inc.php 2010-04-12 08:18:31 UTC (rev 1418)
@@ -246,12 +246,12 @@
// SHOW DATABASES can take a very long time so it is cached
$return = &get_session("databases");
if (!isset($return)) {
- restart_session();
- $return = get_vals("SHOW DATABASES");
if ($flush) {
+ restart_session();
ob_flush();
flush();
}
+ $return = get_vals("SHOW DATABASES");
}
return $return;
}
Modified: branches/sqlite/adminer/drivers/pgsql.inc.php
===================================================================
--- branches/sqlite/adminer/drivers/pgsql.inc.php 2010-04-11 00:02:01 UTC (rev 1417)
+++ branches/sqlite/adminer/drivers/pgsql.inc.php 2010-04-12 08:18:31 UTC (rev 1418)
@@ -150,16 +150,8 @@
return $connection->error;
}
- function get_databases($flush = true) {
- $return = &get_session("databases");
- if (!isset($return)) {
- $return = get_vals("SELECT datname FROM pg_database");
- if ($flush) {
- ob_flush();
- flush();
- }
- }
- return $return;
+ function get_databases() {
+ return get_vals("SELECT datname FROM pg_database");
}
function limit($query, $limit, $offset = 0) {
Modified: branches/sqlite/adminer/include/auth.inc.php
===================================================================
--- branches/sqlite/adminer/include/auth.inc.php 2010-04-11 00:02:01 UTC (rev 1417)
+++ branches/sqlite/adminer/include/auth.inc.php 2010-04-12 08:18:31 UTC (rev 1418)
@@ -7,6 +7,8 @@
exit;
}
+$_GET["server"] = $_GET[$_GET["driver"]]; // translate pgsql=localhost to driver=pgsql&server=localhost
+
if (isset($_POST["server"])) {
session_regenerate_id(); // defense against session fixation
$_SESSION["passwords"][$_POST["driver"]][$_POST["server"]][$_POST["username"]] = $_POST["password"];
@@ -18,10 +20,10 @@
. ":" . base64_encode($_POST["driver"])
);
}
- $same_connection = ((string) $_GET["driver"] === $_POST["driver"] && (string) $_GET["server"] === $_POST["server"] && $_GET["username"] === $_POST["username"]);
- if (count($_POST) == ($_POST["permanent"] ? 5 : 4) || !$same_connection) { // 4 - driver, server, username, password
+ $same_connection = ($_GET["driver"] == $_POST["driver"] && $_GET["server"] == $_POST["server"] && $_GET["username"] === $_POST["username"]); // === - "0" == "00"
+ if (!$same_connection || count($_POST) == ($_POST["permanent"] ? 5 : 4)) { // 4 - driver, server, username, password
$location = ($same_connection ? remove_from_uri(session_name()) : preg_replace('~\\?.*~', '', ME) . "?" . ($_POST["driver"] != "server" || $_POST["server"] != "" ? urlencode($_POST["driver"]) . "=" . urlencode($_POST["server"]) . "&" : "") . "username=" . urlencode($_POST["username"]));
- if (SID_FORM) {
+ if (SID) {
$location = substr_replace($location, SID . "&", strpos($location, '?') + 1, 0);
}
redirect($location);
@@ -36,15 +38,12 @@
foreach (array("passwords", "databases", "history") as $key) {
set_session($key, null);
}
- if (!$_SESSION["passwords"]) { // don't require login to logout
- $_SESSION["passwords"] = array();
- }
cookie("adminer_permanent", "");
redirect(substr(preg_replace('~(username|db)=[^&]*&~', '', ME), 0, -1), lang('Logout successful.'));
}
} elseif ($_COOKIE["adminer_permanent"]) {
list($server, $username, $cipher, $system) = array_map('base64_decode', explode(":", $_COOKIE["adminer_permanent"])); // $driver is a global variable
- if ($server == $_GET["server"] && $username == $_GET["username"] && $system == $_GET["driver"]) {
+ if ($server == $_GET["server"] && $username === $_GET["username"] && $system == $_GET["driver"]) {
session_regenerate_id(); // defense against session fixation
set_session("passwords", decrypt_string($cipher, $adminer->permanentLogin()));
}
@@ -53,10 +52,23 @@
function auth_error($exception = null) {
global $connection, $adminer;
$session_name = session_name();
- page_header(lang('Login'), (isset($_GET["username"]) ? h($exception ? $exception->getMessage() : (is_string($connection) ? $connection : lang('Invalid credentials.')))
- : (!$_COOKIE[$session_name] && $_GET[$session_name] && ini_get("session.use_only_cookies") ? lang('Session support must be enabled.')
- : (($_COOKIE[$session_name] || $_GET[$session_name]) && !isset($_SESSION["passwords"]) ? lang('Session expired, please login again.')
- : ""))), null);
+ $error = "";
+ if (!$_COOKIE[$session_name] && $_GET[$session_name] && ini_get("session.use_only_cookies")) {
+ $error = lang('Session support must be enabled.');
+ } elseif (isset($_GET["username"])) {
+ if (($_COOKIE[$session_name] || $_GET[$session_name]) && !isset($_SESSION["token"])) {
+ $error = lang('Session expired, please login again.');
+ } else {
+ $password = get_session("passwords");
+ if (isset($password)) {
+ $error = h($exception ? $exception->getMessage() : (is_string($connection) ? $connection : lang('Invalid credentials.')));
+ }
+ }
+ if (!$_SESSION["token"]) { // checked for existence of session
+ $_SESSION["token"] = rand(1, 1e6);
+ }
+ }
+ page_header(lang('Login'), $error, null);
echo "<form action='' method='post'>\n";
$adminer->loginForm();
echo "<div>";
Modified: branches/sqlite/adminer/include/bootstrap.inc.php
===================================================================
--- branches/sqlite/adminer/include/bootstrap.inc.php 2010-04-11 00:02:01 UTC (rev 1417)
+++ branches/sqlite/adminer/include/bootstrap.inc.php 2010-04-12 08:18:31 UTC (rev 1418)
@@ -75,6 +75,9 @@
}
@set_time_limit(0); // @ - can be disabled
+define("DB", $_GET["db"]); // for the sake of speed and size
+define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . '?' . (SID && !ini_get("session.use_only_cookies") ? SID . '&' : '') . (isset($_GET["server"]) ? urlencode($_GET["driver"]) . "=" . urlencode($_GET["server"]) . '&' : '') . (isset($_GET["username"]) ? "username=" . urlencode($_GET["username"]) . '&' : '') . (DB != "" ? 'db=' . urlencode(DB) . '&' : ''));
+
include "../adminer/include/functions.inc.php";
include "../adminer/include/lang.inc.php";
include "../adminer/lang/$LANG.inc.php";
@@ -83,12 +86,6 @@
include "../adminer/drivers/pgsql.inc.php";
include "../adminer/drivers/mssql.inc.php";
include "../adminer/drivers/mysql.inc.php"; // must be included as last driver
-
-$_GET["server"] = $_GET[$_GET["driver"]]; // translate pgsql=localhost to driver=pgsql&server=localhost
-define("DB", $_GET["db"]); // for the sake of speed and size
-define("SID_FORM", SID && !ini_get("session.use_only_cookies") ? '<input type="hidden" name="' . session_name() . '" value="' . h(session_id()) . '">' : '');
-define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . '?' . (SID_FORM ? SID . '&' : '') . (isset($_GET["server"]) ? urlencode($_GET["driver"]) . "=" . urlencode($_GET["server"]) . '&' : '') . (isset($_GET["username"]) ? "username=" . urlencode($_GET["username"]) . '&' : '') . (DB != "" ? 'db=' . urlencode(DB) . '&' : ''));
-
include "../adminer/include/version.inc.php";
include "./include/adminer.inc.php";
include "../adminer/include/design.inc.php";
Modified: branches/sqlite/adminer/include/design.inc.php
===================================================================
--- branches/sqlite/adminer/include/design.inc.php 2010-04-11 00:02:01 UTC (rev 1417)
+++ branches/sqlite/adminer/include/design.inc.php 2010-04-12 08:18:31 UTC (rev 1418)
@@ -59,9 +59,6 @@
echo "<div class='message'>" . implode("</div>\n<div class='message'>", $_SESSION["messages"]) . "</div>\n";
$_SESSION["messages"] = array();
}
- if (!$_POST && !isset($_SESSION["passwords"])) { // used in auth
- $_SESSION["passwords"] = array();
- }
$databases = &get_session("databases");
if (DB != "" && $databases && !in_array(DB, $databases, true)) {
$databases = null;
Modified: branches/sqlite/adminer/include/functions.inc.php
===================================================================
--- branches/sqlite/adminer/include/functions.inc.php 2010-04-11 00:02:01 UTC (rev 1417)
+++ branches/sqlite/adminer/include/functions.inc.php 2010-04-12 08:18:31 UTC (rev 1418)
@@ -443,7 +443,7 @@
* @return null
*/
function hidden_fields_get() {
- echo SID_FORM;
+ echo (SID ? '<input type="hidden" name="' . session_name() . '" value="' . h(session_id()) . '">' : '');
echo (isset($_GET["server"]) ? '<input type="hidden" name="' . h($_GET["driver"]) . '" value="' . h($_GET["server"]) . '">' : "");
echo '<input type="hidden" name="username" value="' . h($_GET["username"]) . '">';
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|