Menu
▾
▴
#341 (ok 2.10.0) broken cookie login in multiserver configuration
this patch repairs a broken cookie login attempt in multiserver configurations where a wrong server is selected after sending user and pw data.
libraries/auth/cookie.auth.lib.php Revision 9333
Mon Aug 21 11:55:32 2006 UTC by lem9
line 409 ...
if ($cfg['Server']['user'] != $PHP_AUTH_USER) {
$servers_cnt = count($cfg['Servers']);
+ if ( isset($_REQUEST['server']) && 0 < $_REQUEST['server'] && $_REQUEST['server'] <= $servers_cnt ) {
+ $server = $_REQUEST['server'];
+ $cfg['Server'] = $cfg['Servers'][$server];
+ }
+ else
for ($i = 1; $i <= $servers_cnt; $i++) {
if (isset($cfg['Servers'][$i])
...
to reproduce see attached config.inc.php
demo config.inc.php
Logged In: YES
user_id=1383652
Originator: YES
Same problem in pma 2.10 trunc, but reproducable only with real users, not contained in the demo config.inc.php (tested with FF and IE6 ). Seems to be dependent on actual setting of $cfg['Servers'][$i]['user'] . without the patch the for loop stops randomly at any matching host/user combination. Maybe some additional security measures are needed ( like "intval($_POST['server']" or some such).
Logged In: YES
user_id=192186
Originator: NO
The idea behind this code was if user logins under same condition as some preconfigured server, it will be automatically switched. The problem with current code is that it only compares hostname and username, while it should probably compare all configuration options.
I'm more inclined to completely removing this autodetection, as I don't see real need for it.
Logged In: YES
user_id=192186
Originator: NO
After more looking into code, it should be used for setting eg. different pmadb for some user. So I will only improve checking matching server to match really same servers.
Logged In: YES
user_id=192186
Originator: NO
I implemented fix in SVN trunk, can you please verify it works okay?
Logged In: YES
user_id=1383652
Originator: YES
i tested "trunk" with my problematic config.inc.php -
now it works like exspected :)