PMA\libraries\plugins\auth\AuthenticationCookie::authCheck PHP Method

AuthenticationCookie Class Documentation Usage Examples Of PMA\libraries\plugins\auth\AuthenticationCookie::authCheck Show file Open project: phpmyadmin/phpmyadmin

authCheck() public method

this function DOES NOT check authentication - it just checks/provides authentication credentials required to connect to the MySQL server usually with $GLOBALS['dbi']->connect() it returns false if something is missing - which usually leads to auth() which displays login form it returns true if all seems ok which usually leads to auth_set_user() it directly switches to authFails() if user inactivity timeout is reached
public authCheck ( ) : boolean
return boolean whether we get authentication settings or not 
    public function authCheck()
    {
        global $conn_error;
        // Initialization
        /**
         * @global $GLOBALS['pma_auth_server'] the user provided server to
         * connect to
         */
        $GLOBALS['pma_auth_server'] = '';
        $GLOBALS['PHP_AUTH_USER'] = $GLOBALS['PHP_AUTH_PW'] = '';
        $GLOBALS['from_cookie'] = false;
        if (!empty($_REQUEST['pma_username'])) {
            // Verify Captcha if it is required.
            if (!empty($GLOBALS['cfg']['CaptchaLoginPrivateKey']) && !empty($GLOBALS['cfg']['CaptchaLoginPublicKey'])) {
                if (!empty($_POST["g-recaptcha-response"])) {
                    if (function_exists('curl_init')) {
                        $reCaptcha = new ReCaptcha\ReCaptcha($GLOBALS['cfg']['CaptchaLoginPrivateKey'], new ReCaptcha\RequestMethod\CurlPost());
                    } else {
                        if (ini_get('allow_url_fopen')) {
                            $reCaptcha = new ReCaptcha\ReCaptcha($GLOBALS['cfg']['CaptchaLoginPrivateKey'], new ReCaptcha\RequestMethod\Post());
                        } else {
                            $reCaptcha = new ReCaptcha\ReCaptcha($GLOBALS['cfg']['CaptchaLoginPrivateKey'], new ReCaptcha\RequestMethod\SocketPost());
                        }
                    }
                    // verify captcha status.
                    $resp = $reCaptcha->verify($_POST["g-recaptcha-response"], PMA_getIp());
                    // Check if the captcha entered is valid, if not stop the login.
                    if ($resp == null || !$resp->isSuccess()) {
                        $conn_error = __('Entered captcha is wrong, try again!');
                        return false;
                    }
                } else {
                    $conn_error = __('Please enter correct captcha!');
                    return false;
                }
            }
            // The user just logged in
            $GLOBALS['PHP_AUTH_USER'] = PMA_sanitizeMySQLUser($_REQUEST['pma_username']);
            $GLOBALS['PHP_AUTH_PW'] = $_REQUEST['pma_password'];
            if ($GLOBALS['cfg']['AllowArbitraryServer'] && isset($_REQUEST['pma_servername'])) {
                if ($GLOBALS['cfg']['ArbitraryServerRegexp']) {
                    $parts = explode(' ', $_REQUEST['pma_servername']);
                    if (count($parts) == 2) {
                        $tmp_host = $parts[0];
                    } else {
                        $tmp_host = $_REQUEST['pma_servername'];
                    }
                    $match = preg_match($GLOBALS['cfg']['ArbitraryServerRegexp'], $tmp_host);
                    if (!$match) {
                        $conn_error = __('You are not allowed to log in to this MySQL server!');
                        return false;
                    }
                }
                $GLOBALS['pma_auth_server'] = PMA_sanitizeMySQLHost($_REQUEST['pma_servername']);
            }
            PMA_secureSession();
            return true;
        }
        // At the end, try to set the $GLOBALS['PHP_AUTH_USER']
        // and $GLOBALS['PHP_AUTH_PW'] variables from cookies
        // check cookies
        if (empty($_COOKIE['pmaUser-' . $GLOBALS['server']])) {
            return false;
        }
        $GLOBALS['PHP_AUTH_USER'] = $this->cookieDecrypt($_COOKIE['pmaUser-' . $GLOBALS['server']], $this->_getEncryptionSecret());
        // user was never logged in since session start
        if (empty($_SESSION['last_access_time'])) {
            return false;
        }
        // User inactive too long
        $last_access_time = time() - $GLOBALS['cfg']['LoginCookieValidity'];
        if ($_SESSION['last_access_time'] < $last_access_time) {
            Util::cacheUnset('is_create_db_priv');
            Util::cacheUnset('is_reload_priv');
            Util::cacheUnset('db_to_create');
            Util::cacheUnset('dbs_where_create_table_allowed');
            Util::cacheUnset('dbs_to_test');
            Util::cacheUnset('db_priv');
            Util::cacheUnset('col_priv');
            Util::cacheUnset('table_priv');
            Util::cacheUnset('proc_priv');
            $GLOBALS['no_activity'] = true;
            $this->authFails();
            if (!defined('TESTSUITE')) {
                exit;
            } else {
                return false;
            }
        }
        // check password cookie
        if (empty($_COOKIE['pmaAuth-' . $GLOBALS['server']])) {
            return false;
        }
        $auth_data = json_decode($this->cookieDecrypt($_COOKIE['pmaAuth-' . $GLOBALS['server']], $this->_getSessionEncryptionSecret()), true);
        if (!is_array($auth_data) || !isset($auth_data['password'])) {
            return false;
        }
        $GLOBALS['PHP_AUTH_PW'] = $auth_data['password'];
        if ($GLOBALS['cfg']['AllowArbitraryServer'] && !empty($auth_data['server'])) {
            $GLOBALS['pma_auth_server'] = $auth_data['server'];
        }
        $GLOBALS['from_cookie'] = true;
        return true;
    }

Usage Example

Example #1
0
 /**
  * Test for PMA\libraries\plugins\auth\AuthenticationConfig::authCheck (mocking the object itself)
  *
  * @return void
  */
 public function testAuthCheckAuthFails()
 {
     $GLOBALS['server'] = 1;
     $_REQUEST['old_usr'] = '';
     $_REQUEST['pma_username'] = '';
     $_COOKIE['pmaServer-1'] = 'pmaServ1';
     $_COOKIE['pmaUser-1'] = 'pmaUser1';
     $_COOKIE['pma_iv-1'] = base64_encode('testiv09testiv09');
     $GLOBALS['cfg']['blowfish_secret'] = 'secret';
     $_SESSION['last_access_time'] = 1;
     $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = '';
     $GLOBALS['cfg']['CaptchaLoginPublicKey'] = '';
     $GLOBALS['cfg']['LoginCookieValidity'] = 0;
     $_SESSION['last_access_time'] = -1;
     // mock for blowfish function
     $this->object = $this->getMockBuilder('PMA\\libraries\\plugins\\auth\\AuthenticationCookie')->disableOriginalConstructor()->setMethods(array('authFails'))->getMock();
     $this->object->expects($this->once())->method('authFails');
     $this->assertFalse($this->object->authCheck());
     $this->assertTrue($GLOBALS['no_activity']);
 }
AuthenticationCookie
_getEncryptionSecret
_getSessionEncryptionSecret
auth
authCheck
authFails
authSetUser
cookieDecrypt
cookieEncrypt
createIV
enlargeSecret
getAESSecret
getIVSize
getMACSecret
handlePasswordChange
logOut
setIV
storePasswordCookie
storeUserCredentials
storeUsernameCookie
useOpenSSL