Permalink
Browse files

per user servers, logout button

  • Loading branch information...
1 parent 90d1bb4 commit b0f45785be2489d175e2854d4f7afdeeb5d870bd @erikdubbelboer committed Aug 3, 2011
Showing with 78 additions and 4 deletions.
  1. +19 −1 common.inc.php
  2. +7 −1 config.inc.php
  3. BIN images/logout.png
  4. +3 −0 index.php
  5. +4 −0 js/index.js
  6. +5 −2 login.inc.php
  7. +40 −0 logout.php
View
20 common.inc.php
@@ -56,7 +56,12 @@
-$i = 0;
+if (isset($login['servers'])) {
+ $i = current($login['servers']);
+} else {
+ $i = 0;
+}
+
if (isset($_GET['s']) && is_numeric($_GET['s']) && ($_GET['s'] < count($config['servers']))) {
$i = $_GET['s'];
@@ -66,6 +71,19 @@
$server['id'] = $i;
+if (isset($login, $login['servers'])) {
+ if (array_search($i, $login['servers']) === false) {
+ die('You are not allowed to access this database.');
+ }
+
+ foreach ($config['servers'] as $key => $ignore) {
+ if (array_search($key, $login['servers']) === false) {
+ unset($config['servers'][$key]);
+ }
+ }
+}
+
+
if (!isset($server['db'])) {
$server['db'] = 0;
}
View
8 config.inc.php
@@ -36,7 +36,13 @@
/*'login' => array(
// Username => Password
// Multiple combinations can be used
- 'username' => 'password'
+ 'admin' => array(
+ 'password' => 'adminpassword',
+ ),
+ 'guest' => array(
+ 'password' => '',
+ 'servers' => array(1) // Optional list of servers this user can access.
+ )
),*/
View
BIN images/logout.png
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
View
3 index.php
@@ -169,6 +169,9 @@ function print_namespace($item, $name, $fullkey, $islast) {
</p>
<p>
+<?php if (isset($login)) { ?>
+<a href="logout.php"><img src="images/logout.png" width="16" height="16" title="Logout" alt="[L]"></a>
+<?php } ?>
<a href="?info&amp;s=<?php echo $server['id']?>"><img src="images/info.png" width="16" height="16" title="Info" alt="[I]"></a>
<a href="?export&amp;s=<?php echo $server['id']?>"><img src="images/export.png" width="16" height="16" title="Export" alt="[E]"></a>
<a href="?import&amp;s=<?php echo $server['id']?>"><img src="images/import.png" width="16" height="16" title="Import" alt="[I]"></a>
View
4 js/index.js
@@ -1,6 +1,10 @@
$(function() {
$('#sidebar a').click(function(e) {
+ if (e.currentTarget.href.indexOf('/?') == -1) {
+ return;
+ }
+
e.preventDefault();
var href;
View
7 login.inc.php
@@ -9,7 +9,7 @@
$opaque = md5('phpRedisAdmin'.$_SERVER['HTTP_USER_AGENT'].$_SERVER['REMOTE_ADDR']);
-if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
+if (!isset($_SERVER['PHP_AUTH_DIGEST']) || empty($_SERVER['PHP_AUTH_DIGEST'])) {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="'.$realm.'",qop="auth",nonce="'.uniqid().'",opaque="'.$opaque.'"');
die;
@@ -47,7 +47,10 @@
die('Invalid username and/or password combination.');
}
-$password = md5($data['username'].':'.$realm.':'.$config['login'][$data['username']]);
+$login = $config['login'][$data['username']];
+$login['name'] = $data['username'];
+
+$password = md5($login['name'].':'.$realm.':'.$login['password']);
$response = md5($password.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']));
View
40 logout.php
@@ -0,0 +1,40 @@
+<?php
+
+
+$needed_parts = array(
+ 'nonce' => 1,
+ 'nc' => 1,
+ 'cnonce' => 1,
+ 'qop' => 1,
+ 'username' => 1,
+ 'uri' => 1,
+ 'response' => 1
+ );
+
+$data = array();
+$keys = implode('|', array_keys($needed_parts));
+
+preg_match_all('/('.$keys.')=(?:([\'"])([^\2]+?)\2|([^\s,]+))/', $_SERVER['PHP_AUTH_DIGEST'], $matches, PREG_SET_ORDER);
+
+foreach ($matches as $m) {
+ $data[$m[1]] = $m[3] ? $m[3] : $m[4];
+ unset($needed_parts[$m[1]]);
+}
+
+
+if (!isset($_GET['nonce'])) {
+ header('Location: logout.php?nonce='.$data['nonce']);
+ die;
+}
+
+
+if ($data['nonce'] == $_GET['nonce']) {
+ unset($_SERVER['PHP_AUTH_DIGEST']);
+
+ require 'login.inc.php';
+}
+
+
+header('Location: '.substr($_SERVER['REQUEST_URI'], 0, strpos($_SERVER['REQUEST_URI'], 'logout.php')));
+
+?>

0 comments on commit b0f4578

Please sign in to comment.