Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Use namespace in login form

  • Loading branch information...
commit f595f9313e851dbcd40b008f263a6f70a6508320 1 parent 6591d48
Jakub Vrána authored
12 adminer/include/adminer.inc.php
@@ -63,19 +63,19 @@ function loginForm() {
63 63 global $drivers;
64 64 ?>
65 65 <table cellspacing="0">
66   -<tr><th><?php echo lang('System'); ?><td><?php echo html_select("driver", $drivers, DRIVER, "loginDriver(this);"); ?>
67   -<tr><th><?php echo lang('Server'); ?><td><input name="server" value="<?php echo h(SERVER); ?>" title="hostname[:port]">
68   -<tr><th><?php echo lang('Username'); ?><td><input id="username" name="username" value="<?php echo h($_GET["username"]); ?>">
69   -<tr><th><?php echo lang('Password'); ?><td><input type="password" name="password">
  66 +<tr><th><?php echo lang('System'); ?><td><?php echo html_select("auth[driver]", $drivers, DRIVER, "loginDriver(this);"); ?>
  67 +<tr><th><?php echo lang('Server'); ?><td><input name="auth[server]" value="<?php echo h(SERVER); ?>" title="hostname[:port]">
  68 +<tr><th><?php echo lang('Username'); ?><td><input id="username" name="auth[username]" value="<?php echo h($_GET["username"]); ?>">
  69 +<tr><th><?php echo lang('Password'); ?><td><input type="password" name="auth[password]">
70 70 </table>
71 71 <script type="text/javascript">
72 72 var username = document.getElementById('username');
73 73 username.focus();
74   -username.form['driver'].onchange();
  74 +username.form['auth[driver]'].onchange();
75 75 </script>
76 76 <?php
77 77 echo "<p><input type='submit' value='" . lang('Login') . "'>\n";
78   - echo checkbox("permanent", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
  78 + echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
79 79 }
80 80
81 81 /** Authorize the user
25 adminer/include/auth.inc.php
@@ -14,21 +14,22 @@
14 14 }
15 15 }
16 16
17   -if (isset($_POST["server"])) {
  17 +$auth = $_POST["auth"];
  18 +if ($auth) {
18 19 session_regenerate_id(); // defense against session fixation
19   - $_SESSION["pwds"][$_POST["driver"]][$_POST["server"]][$_POST["username"]] = $_POST["password"];
20   - if ($_POST["permanent"]) {
21   - $key = base64_encode($_POST["driver"]) . "-" . base64_encode($_POST["server"]) . "-" . base64_encode($_POST["username"]);
  20 + $_SESSION["pwds"][$auth["driver"]][$auth["server"]][$auth["username"]] = $auth["password"];
  21 + if ($auth["permanent"]) {
  22 + $key = base64_encode($auth["driver"]) . "-" . base64_encode($auth["server"]) . "-" . base64_encode($auth["username"]);
22 23 $private = $adminer->permanentLogin();
23   - $permanent[$key] = "$key:" . base64_encode($private ? encrypt_string($_POST["password"], $private) : "");
  24 + $permanent[$key] = "$key:" . base64_encode($private ? encrypt_string($auth["password"], $private) : "");
24 25 cookie("adminer_permanent", implode(" ", $permanent));
25 26 }
26   - if (count($_POST) == ($_POST["permanent"] ? 5 : 4) // 4 - driver, server, username, password
27   - || DRIVER != $_POST["driver"]
28   - || SERVER != $_POST["server"]
29   - || $_GET["username"] !== $_POST["username"] // "0" == "00"
  27 + if (count($_POST) == 1 // 1 - auth
  28 + || DRIVER != $auth["driver"]
  29 + || SERVER != $auth["server"]
  30 + || $_GET["username"] !== $auth["username"] // "0" == "00"
30 31 ) {
31   - redirect(auth_url($_POST["driver"], $_POST["server"], $_POST["username"]));
  32 + redirect(auth_url($auth["driver"], $auth["server"], $auth["username"]));
32 33 }
33 34 } elseif ($_POST["logout"]) {
34 35 if ($token && $_POST["token"] != $token) {
@@ -77,7 +78,7 @@ function auth_error($exception = null) {
77 78 echo "<form action='' method='post' onclick='eventStop(event);'>\n";
78 79 $adminer->loginForm();
79 80 echo "<div>";
80   - hidden_fields($_POST, array("driver", "server", "username", "password", "permanent")); // expired session
  81 + hidden_fields($_POST, array("auth")); // expired session
81 82 echo "</div>\n";
82 83 echo "</form>\n";
83 84 page_footer("auth");
@@ -98,7 +99,7 @@ function auth_error($exception = null) {
98 99 }
99 100
100 101 $token = $_SESSION["token"]; ///< @var string CSRF protection
101   -if (isset($_POST["server"]) && $_POST["token"]) {
  102 +if ($auth && $_POST["token"]) {
102 103 $_POST["token"] = $token; // reset token after explicit login
103 104 }
104 105 $error = ($_POST ///< @var string
1  changes.txt
@@ -9,6 +9,7 @@ PostgreSQL: approximate row count in table overview
9 9 PostgreSQL: improve PDO support in SQL command
10 10 Oracle: schema, processlist, table overview numbers
11 11 Simplify work with NULL values (customization)
  12 +Use namespace in login form (customization)
12 13 Replace JSMin by better JavaScript minifier
13 14 Don't use AJAX links and forms
14 15 Ukrainian translation
6 editor/include/adminer.inc.php
@@ -41,15 +41,15 @@ function head() {
41 41 function loginForm() {
42 42 ?>
43 43 <table cellspacing="0">
44   -<tr><th><?php echo lang('Username'); ?><td><input type="hidden" name="driver" value="server"><input type="hidden" name="server" value=""><input id="username" name="username" value="<?php echo h($_GET["username"]); ?>">
45   -<tr><th><?php echo lang('Password'); ?><td><input type="password" name="password">
  44 +<tr><th><?php echo lang('Username'); ?><td><input type="hidden" name="auth[driver]" value="server"><input id="username" name="auth[username]" value="<?php echo h($_GET["username"]); ?>">
  45 +<tr><th><?php echo lang('Password'); ?><td><input type="password" name="auth[password]">
46 46 </table>
47 47 <script type="text/javascript">
48 48 document.getElementById('username').focus();
49 49 </script>
50 50 <?php
51 51 echo "<p><input type='submit' value='" . lang('Login') . "'>\n";
52   - echo checkbox("permanent", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
  52 + echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
53 53 }
54 54
55 55 function login($login, $password) {
8 plugins/login-servers.php
@@ -37,13 +37,13 @@ function login($login, $password) {
37 37 function loginForm() {
38 38 ?>
39 39 <table cellspacing="0">
40   -<tr><th><?php echo lang('Server'); ?><td><input type="hidden" name="driver" value="<?php echo $this->driver; ?>"><select name="server"><?php echo optionlist($this->servers, SERVER); ?></select>
41   -<tr><th><?php echo lang('Username'); ?><td><input id="username" name="username" value="<?php echo h($_GET["username"]); ?>">
42   -<tr><th><?php echo lang('Password'); ?><td><input type="password" name="password">
  40 +<tr><th><?php echo lang('Server'); ?><td><input type="hidden" name="auth[driver]" value="<?php echo $this->driver; ?>"><select name="auth[server]"><?php echo optionlist($this->servers, SERVER); ?></select>
  41 +<tr><th><?php echo lang('Username'); ?><td><input id="username" name="auth[username]" value="<?php echo h($_GET["username"]); ?>">
  42 +<tr><th><?php echo lang('Password'); ?><td><input type="password" name="auth[password]">
43 43 </table>
44 44 <p><input type="submit" value="<?php echo lang('Login'); ?>">
45 45 <?php
46   - echo checkbox("permanent", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
  46 + echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
47 47 return true;
48 48 }
49 49
6 plugins/password-sha1.php
@@ -18,8 +18,8 @@ function AdminerPasswordSha1($login, $passwordSha1, $credentials) {
18 18 $this->login = $login;
19 19 $this->passwordSha1 = $passwordSha1;
20 20 $this->credentials = $credentials;
21   - if (isset($_POST["password"])) {
22   - $_POST["password"] = sha1($_POST["password"]);
  21 + if (isset($_POST["auth"])) {
  22 + $_POST["auth"]["password"] = sha1($_POST["auth"]["password"]);
23 23 }
24 24 }
25 25
@@ -32,7 +32,7 @@ function credentials() {
32 32 }
33 33
34 34 function permanentLogin() {
35   - //! should save original $_POST["password"] and hash after load
  35 + //! should save original $_POST["auth"]["password"] and hash after load
36 36 }
37 37
38 38 }

0 comments on commit f595f93

Please sign in to comment.
Something went wrong with that request. Please try again.