Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Use namespace in login form

  • Loading branch information...
commit f595f9313e851dbcd40b008f263a6f70a6508320 1 parent 6591d48
@vrana authored
View
12 adminer/include/adminer.inc.php
@@ -63,19 +63,19 @@ function loginForm() {
global $drivers;
?>
<table cellspacing="0">
-<tr><th><?php echo lang('System'); ?><td><?php echo html_select("driver", $drivers, DRIVER, "loginDriver(this);"); ?>
-<tr><th><?php echo lang('Server'); ?><td><input name="server" value="<?php echo h(SERVER); ?>" title="hostname[:port]">
-<tr><th><?php echo lang('Username'); ?><td><input id="username" name="username" value="<?php echo h($_GET["username"]); ?>">
-<tr><th><?php echo lang('Password'); ?><td><input type="password" name="password">
+<tr><th><?php echo lang('System'); ?><td><?php echo html_select("auth[driver]", $drivers, DRIVER, "loginDriver(this);"); ?>
+<tr><th><?php echo lang('Server'); ?><td><input name="auth[server]" value="<?php echo h(SERVER); ?>" title="hostname[:port]">
+<tr><th><?php echo lang('Username'); ?><td><input id="username" name="auth[username]" value="<?php echo h($_GET["username"]); ?>">
+<tr><th><?php echo lang('Password'); ?><td><input type="password" name="auth[password]">
</table>
<script type="text/javascript">
var username = document.getElementById('username');
username.focus();
-username.form['driver'].onchange();
+username.form['auth[driver]'].onchange();
</script>
<?php
echo "<p><input type='submit' value='" . lang('Login') . "'>\n";
- echo checkbox("permanent", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
+ echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
}
/** Authorize the user
View
25 adminer/include/auth.inc.php
@@ -14,21 +14,22 @@
}
}
-if (isset($_POST["server"])) {
+$auth = $_POST["auth"];
+if ($auth) {
session_regenerate_id(); // defense against session fixation
- $_SESSION["pwds"][$_POST["driver"]][$_POST["server"]][$_POST["username"]] = $_POST["password"];
- if ($_POST["permanent"]) {
- $key = base64_encode($_POST["driver"]) . "-" . base64_encode($_POST["server"]) . "-" . base64_encode($_POST["username"]);
+ $_SESSION["pwds"][$auth["driver"]][$auth["server"]][$auth["username"]] = $auth["password"];
+ if ($auth["permanent"]) {
+ $key = base64_encode($auth["driver"]) . "-" . base64_encode($auth["server"]) . "-" . base64_encode($auth["username"]);
$private = $adminer->permanentLogin();
- $permanent[$key] = "$key:" . base64_encode($private ? encrypt_string($_POST["password"], $private) : "");
+ $permanent[$key] = "$key:" . base64_encode($private ? encrypt_string($auth["password"], $private) : "");
cookie("adminer_permanent", implode(" ", $permanent));
}
- if (count($_POST) == ($_POST["permanent"] ? 5 : 4) // 4 - driver, server, username, password
- || DRIVER != $_POST["driver"]
- || SERVER != $_POST["server"]
- || $_GET["username"] !== $_POST["username"] // "0" == "00"
+ if (count($_POST) == 1 // 1 - auth
+ || DRIVER != $auth["driver"]
+ || SERVER != $auth["server"]
+ || $_GET["username"] !== $auth["username"] // "0" == "00"
) {
- redirect(auth_url($_POST["driver"], $_POST["server"], $_POST["username"]));
+ redirect(auth_url($auth["driver"], $auth["server"], $auth["username"]));
}
} elseif ($_POST["logout"]) {
if ($token && $_POST["token"] != $token) {
@@ -77,7 +78,7 @@ function auth_error($exception = null) {
echo "<form action='' method='post' onclick='eventStop(event);'>\n";
$adminer->loginForm();
echo "<div>";
- hidden_fields($_POST, array("driver", "server", "username", "password", "permanent")); // expired session
+ hidden_fields($_POST, array("auth")); // expired session
echo "</div>\n";
echo "</form>\n";
page_footer("auth");
@@ -98,7 +99,7 @@ function auth_error($exception = null) {
}
$token = $_SESSION["token"]; ///< @var string CSRF protection
-if (isset($_POST["server"]) && $_POST["token"]) {
+if ($auth && $_POST["token"]) {
$_POST["token"] = $token; // reset token after explicit login
}
$error = ($_POST ///< @var string
View
1  changes.txt
@@ -9,6 +9,7 @@ PostgreSQL: approximate row count in table overview
PostgreSQL: improve PDO support in SQL command
Oracle: schema, processlist, table overview numbers
Simplify work with NULL values (customization)
+Use namespace in login form (customization)
Replace JSMin by better JavaScript minifier
Don't use AJAX links and forms
Ukrainian translation
View
6 editor/include/adminer.inc.php
@@ -41,15 +41,15 @@ function head() {
function loginForm() {
?>
<table cellspacing="0">
-<tr><th><?php echo lang('Username'); ?><td><input type="hidden" name="driver" value="server"><input type="hidden" name="server" value=""><input id="username" name="username" value="<?php echo h($_GET["username"]); ?>">
-<tr><th><?php echo lang('Password'); ?><td><input type="password" name="password">
+<tr><th><?php echo lang('Username'); ?><td><input type="hidden" name="auth[driver]" value="server"><input id="username" name="auth[username]" value="<?php echo h($_GET["username"]); ?>">
+<tr><th><?php echo lang('Password'); ?><td><input type="password" name="auth[password]">
</table>
<script type="text/javascript">
document.getElementById('username').focus();
</script>
<?php
echo "<p><input type='submit' value='" . lang('Login') . "'>\n";
- echo checkbox("permanent", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
+ echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
}
function login($login, $password) {
View
8 plugins/login-servers.php
@@ -37,13 +37,13 @@ function login($login, $password) {
function loginForm() {
?>
<table cellspacing="0">
-<tr><th><?php echo lang('Server'); ?><td><input type="hidden" name="driver" value="<?php echo $this->driver; ?>"><select name="server"><?php echo optionlist($this->servers, SERVER); ?></select>
-<tr><th><?php echo lang('Username'); ?><td><input id="username" name="username" value="<?php echo h($_GET["username"]); ?>">
-<tr><th><?php echo lang('Password'); ?><td><input type="password" name="password">
+<tr><th><?php echo lang('Server'); ?><td><input type="hidden" name="auth[driver]" value="<?php echo $this->driver; ?>"><select name="auth[server]"><?php echo optionlist($this->servers, SERVER); ?></select>
+<tr><th><?php echo lang('Username'); ?><td><input id="username" name="auth[username]" value="<?php echo h($_GET["username"]); ?>">
+<tr><th><?php echo lang('Password'); ?><td><input type="password" name="auth[password]">
</table>
<p><input type="submit" value="<?php echo lang('Login'); ?>">
<?php
- echo checkbox("permanent", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
+ echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
return true;
}
View
6 plugins/password-sha1.php
@@ -18,8 +18,8 @@ function AdminerPasswordSha1($login, $passwordSha1, $credentials) {
$this->login = $login;
$this->passwordSha1 = $passwordSha1;
$this->credentials = $credentials;
- if (isset($_POST["password"])) {
- $_POST["password"] = sha1($_POST["password"]);
+ if (isset($_POST["auth"])) {
+ $_POST["auth"]["password"] = sha1($_POST["auth"]["password"]);
}
}
@@ -32,7 +32,7 @@ function credentials() {
}
function permanentLogin() {
- //! should save original $_POST["password"] and hash after load
+ //! should save original $_POST["auth"]["password"] and hash after load
}
}

0 comments on commit f595f93

Please sign in to comment.
Something went wrong with that request. Please try again.