#596 Generating cookies outside of phpMyAdmin

closed
Marc Delisle
None
5
2005-03-05
2004-12-22
R. West
No

Similar to support request #818481 (bug in cookies-auth
(blowfish.php)?), I too am generating the cookies via
another login page for our multi user system via:

setcookie("lang","en-iso-8859-1",time()+86400,"/phpMyAdmin","our.host.name",
1);
setcookie("pma_cookie_username","$dbuser",time()+86400,"/phpMyAdmin","our.host.name",
1);
setcookie("pma_cookie_password",base64_encode(PMA_blowfish_encrypt($dbpasswd,
"ourpasswordkey")),time()+86400,"/phpMyAdmin","our.host.name",
1);

This worked great under 2.5.4. Due to a MySQL server
upgrade to the 4.1 branch, we decided to upgrade
phpMyAdmin as well. However, the above code does not
seem to do the trick.

After some analysis, it seems that some additional
cookies are getting set in the new version, as well as
having the username encoded in some way.

We've currently got:

setcookie("lang","en-iso-8859-1",time()+86400,"/phpMyAdmin-2.6.0-pl3","",
1);
setcookie("pma_theme","original",time()+86400,"/phpMyAdmin-2.6.0-pl3","",
1);
setcookie("pma_collation_connection-1","utf8_general_ci",time()+86400,"/phpMyAdmin-2.6.0-pl3","",
1);
setcookie("pma_cookie_username-1",PMA_blowfish_encrypt($dbuser,
"ourpasswordkey"),time()+86400,"/phpMyAdmin-2.6.0-pl3","",
1);
setcookie("pma_cookie_password",base64_encode(PMA_blowfish_encrypt($dbpasswd,
"ourpasswordkey")),time()+86400,"/phpMyAdmin-2.6.0-pl3","",
1);

I've tried to sync it up with what is getting from
phpMyAdmin, but something is not right since it keeps
prompting for a username/password..

Discussion

  • Logged In: YES
    user_id=418833

    Well, if you have an external authentification, maybe you
    should rather write an authentification plugin for
    phpMyAdmin that does this job. This should be much more
    compatible that emulating our cookies.

     
  • R. West
    R. West
    2004-12-23

    Logged In: YES
    user_id=770099

    The external authentication is really a single sign-on
    situation. Admin users log in to the web environment to
    manage their group's web site information, change user
    account information, create accounts, manage their sub
    domain's DNS, etc. From there, they can also go directly to
    phpMyAdmin (if they choose to use it) to manage their database.

    With the previous version of phpMyAdmin, we simply have the
    username and password stored in a table in the database.
    When that user logs on, it sets up the cookies they need in
    order to get in to phpMyAdmin without having to supply an
    additional username/password combination.

    Also, because different departments have different
    requirements, this allows us to control who has access to
    what table..

     
  • R. West
    R. West
    2004-12-23

    Logged In: YES
    user_id=770099

    Err.. replace "table" with "database".

    "..this allows us to control who has access to what database.."

     
  • Marc Delisle
    Marc Delisle
    2004-12-31

    • assigned_to: nobody --> lem9
     
  • Marc Delisle
    Marc Delisle
    2004-12-31

    Logged In: YES
    user_id=210714

    I think you need to set pma_cookie_password-1.

     
  • Marc Delisle
    Marc Delisle
    2005-03-05

    Logged In: YES
    user_id=210714

    No reply from user -> closed.

     
  • Marc Delisle
    Marc Delisle
    2005-03-05

    • status: open --> closed