1 | <?php |
||
2 | /** |
||
3 | * Single signon for phpMyAdmin using OpenID |
||
4 | * |
||
5 | * This is just example how to use single signon with phpMyAdmin, it is |
||
6 | * not intended to be perfect code and look, only shows how you can |
||
7 | * integrate this functionality in your application. |
||
8 | * |
||
9 | * It uses OpenID pear package, see https://pear.php.net/package/OpenID |
||
10 | * |
||
11 | * User first authenticates using OpenID and based on content of $AUTH_MAP |
||
12 | * the login information is passed to phpMyAdmin in session data. |
||
13 | */ |
||
14 | |||
15 | declare(strict_types=1); |
||
16 | |||
17 | if (false === @include_once 'OpenID/RelyingParty.php') { |
||
18 | exit; |
||
19 | } |
||
20 | |||
21 | /* Change this to true if using phpMyAdmin over https */ |
||
22 | $secureCookie = false; |
||
23 | |||
24 | /** |
||
25 | * Map of authenticated users to MySQL user/password pairs. |
||
26 | */ |
||
27 | $authMap = ['https://launchpad.net/~username' => ['user' => 'root', 'password' => '']]; |
||
28 | |||
29 | // phpcs:disable PSR1.Files.SideEffects,Squiz.Functions.GlobalFunction |
||
30 | |||
31 | /** |
||
32 | * Simple function to show HTML page with given content. |
||
33 | * |
||
34 | * @param string $contents Content to include in page |
||
35 | */ |
||
36 | function Show_page(string $contents): void |
||
37 | { |
||
38 | header('Content-Type: text/html; charset=utf-8'); |
||
39 | |||
40 | echo '<?xml version="1.0" encoding="utf-8"?>' . "\n"; |
||
41 | echo '<!DOCTYPE HTML> |
||
42 | <html lang="en" dir="ltr"> |
||
43 | <head> |
||
44 | <link rel="icon" href="../favicon.ico" type="image/x-icon"> |
||
45 | <link rel="shortcut icon" href="../favicon.ico" type="image/x-icon"> |
||
46 | <meta charset="utf-8"> |
||
47 | <title>phpMyAdmin OpenID signon example</title> |
||
48 | </head> |
||
49 | <body>'; |
||
50 | |||
51 | if (isset($_SESSION['PMA_single_signon_error_message'])) { |
||
52 | echo '<p class="error">' . $_SESSION['PMA_single_signon_message'] . '</p>'; |
||
53 | unset($_SESSION['PMA_single_signon_message']); |
||
54 | } |
||
55 | |||
56 | echo $contents; |
||
57 | echo '</body></html>'; |
||
58 | } |
||
59 | |||
60 | /** |
||
61 | * Display error and exit |
||
62 | * |
||
63 | * @param Exception $e Exception object |
||
64 | */ |
||
65 | function Die_error(Throwable $e): void |
||
66 | { |
||
67 | $contents = "<div class='relyingparty_results'>\n"; |
||
68 | $contents .= '<pre>' . htmlspecialchars($e->getMessage()) . "</pre>\n"; |
||
69 | $contents .= "</div class='relyingparty_results'>"; |
||
70 | Show_page($contents); |
||
71 | exit; |
||
0 ignored issues
–
show
|
|||
72 | } |
||
73 | |||
74 | // phpcs:enable |
||
75 | |||
76 | /* Need to have cookie visible from parent directory */ |
||
77 | session_set_cookie_params(0, '/', '', $secureCookie, true); |
||
78 | /* Create signon session */ |
||
79 | $sessionName = 'SignonSession'; |
||
80 | session_name($sessionName); |
||
81 | @session_start(); |
||
82 | |||
83 | // Determine realm and return_to |
||
84 | $base = 'http'; |
||
85 | if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') { |
||
86 | $base .= 's'; |
||
87 | } |
||
88 | |||
89 | $base .= '://' . $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT']; |
||
90 | |||
91 | $realm = $base . '/'; |
||
92 | $returnTo = $base . dirname($_SERVER['PHP_SELF']); |
||
93 | if ($returnTo[strlen($returnTo) - 1] !== '/') { |
||
94 | $returnTo .= '/'; |
||
95 | } |
||
96 | |||
97 | $returnTo .= 'openid.php'; |
||
98 | |||
99 | /* Display form */ |
||
100 | if ((! count($_GET) && ! count($_POST)) || isset($_GET['phpMyAdmin'])) { |
||
101 | /* Show simple form */ |
||
102 | $content = '<form action="openid.php" method="post"> |
||
103 | OpenID: <input type="text" name="identifier"><br> |
||
104 | <input type="submit" name="start"> |
||
105 | </form>'; |
||
106 | Show_page($content); |
||
107 | exit; |
||
108 | } |
||
109 | |||
110 | /* Grab identifier */ |
||
111 | $identifier = null; |
||
112 | if (isset($_POST['identifier']) && is_string($_POST['identifier'])) { |
||
113 | $identifier = $_POST['identifier']; |
||
114 | } elseif (isset($_SESSION['identifier']) && is_string($_SESSION['identifier'])) { |
||
115 | $identifier = $_SESSION['identifier']; |
||
116 | } |
||
117 | |||
118 | /* Create OpenID object */ |
||
119 | try { |
||
120 | $o = new OpenID_RelyingParty($returnTo, $realm, $identifier); |
||
0 ignored issues
–
show
The type
OpenID_RelyingParty was not found. Maybe you did not declare it correctly or list all dependencies?
The issue could also be caused by a filter entry in the build configuration.
If the path has been excluded in your configuration, e.g. filter:
dependency_paths: ["lib/*"]
For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths
Loading history...
|
|||
121 | } catch (Throwable $e) { |
||
122 | Die_error($e); |
||
123 | } |
||
124 | |||
125 | /* Redirect to OpenID provider */ |
||
126 | if (isset($_POST['start'])) { |
||
127 | try { |
||
128 | $authRequest = $o->prepare(); |
||
129 | } catch (Throwable $e) { |
||
130 | Die_error($e); |
||
131 | } |
||
132 | |||
133 | $url = $authRequest->getAuthorizeURL(); |
||
134 | |||
135 | header('Location: ' . $url); |
||
136 | exit; |
||
137 | } |
||
138 | |||
139 | /* Grab query string */ |
||
140 | if (! count($_POST)) { |
||
141 | [, $queryString] = explode('?', $_SERVER['REQUEST_URI']); |
||
142 | } else { |
||
143 | // Fetch the raw query body |
||
144 | $queryString = file_get_contents('php://input'); |
||
145 | } |
||
146 | |||
147 | /* Check reply */ |
||
148 | try { |
||
149 | $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP); |
||
0 ignored issues
–
show
The type
OpenID_Message was not found. Maybe you did not declare it correctly or list all dependencies?
The issue could also be caused by a filter entry in the build configuration.
If the path has been excluded in your configuration, e.g. filter:
dependency_paths: ["lib/*"]
For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths
Loading history...
|
|||
150 | } catch (Throwable $e) { |
||
151 | Die_error($e); |
||
152 | } |
||
153 | |||
154 | $id = $message->get('openid.claimed_id'); |
||
155 | |||
156 | if (empty($id) || ! isset($authMap[$id])) { |
||
157 | Show_page('<p>User not allowed!</p>'); |
||
158 | exit; |
||
159 | } |
||
160 | |||
161 | $_SESSION['PMA_single_signon_user'] = $authMap[$id]['user']; |
||
162 | $_SESSION['PMA_single_signon_password'] = $authMap[$id]['password']; |
||
163 | $_SESSION['PMA_single_signon_HMAC_secret'] = hash('sha1', uniqid(strval(random_int(0, mt_getrandmax())), true)); |
||
164 | session_write_close(); |
||
165 | /* Redirect to phpMyAdmin (should use absolute URL here!) */ |
||
166 | header('Location: ../index.php'); |
||
167 |
In general, usage of exit should be done with care and only when running in a scripting context like a CLI script.