Auth

Michal Čihař edited this page May 16, 2016 · 4 revisions
Clone this wiki locally

Basics

To implement your own authentication scheme, all you need is to write a PHP class for handling it, place it as libraries/plugins/auth/Authentication[Name].class.php and select its use in configuration.

The class needs to implement following methods:

auth()

Function to display authentication form. You can check if user has just logged out by looking at $_REQUEST['old_usr'] variable, which contains user name of logged out user in this case. The login form should post to index.php.

authCheck()

Function to obtain credentials from the login POST or from SESSION and store them in global variables PHP_AUTH_USER and PHP_AUTH_PW. Core phpMyAdmin code then verifies whether user can connect to the MySQL server.

authSetUser()

After provided credentials are successfully verified against MySQL, this function is called. It needs to store the credentials to be available for further usage. At least it has to do following:

$GLOBALS['cfg']['Server']['user'] = $GLOBALS['PHP_AUTH_USER']; $GLOBALS['cfg']['Server']['password'] = $GLOBALS['PHP_AUTH_PW'];

But it might also store login information in cookies or whatever other storage.

authFails()

Called when authentication against MySQL fails. At the end it should call auth(), but meanwhile it could check for cause of failure (check libraries/plugins/auth/AuthenticationCookie.class.php for example) and show some meaningful error messages to user.

A