-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathPasswordProtection.php
More file actions
96 lines (84 loc) · 2.38 KB
/
PasswordProtection.php
File metadata and controls
96 lines (84 loc) · 2.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<?php
/**
* The expected Password as SHA1 String
* Replace the second parameter with your SHA1 hashed password
*/
define('SHA1PASSWORD', 'b1a176653e9bf09e7aec98dae84b78a97d83466b');
/**
* Class PasswordProtection
* Password Protection Plugin for Adminer
* Replaces or better extends Adminers LoginForm() Method
* @author Florian Brinker
*/
class PasswordProtection {
/**
* Load the current session variable at startup
*/
public function __construct() {
$this->authed = false;
if(isset($_SESSION['PasswordProtection']) && isset($_SESSION['PasswordProtection']['authed'])) {
$this->authed = (bool)$_SESSION['PasswordProtection']['authed'];
}
}
/**
* Update the Session variable
* @param $val
*/
private function ppUpdateSession($val) {
$_SESSION['PasswordProtection']['authed'] = $val;
}
/**
* Auth the current user session
*/
private function ppLogin() {
$this->authed = true;
$this->ppUpdateSession(true);
}
/**
* Deauth the current session
*/
private function ppLogoff() {
$this->authed = false;
$this->ppUpdateSession(false);
}
/**
* Echo the login form
*/
private function ppEchoLoginForm() {
echo '<div style="text-align: center; padding: 50px; border: 1px solid #999; margin: 0px 30px 0px 20px;">
<form name="ppLoginForm" method="POST">
<h3 style="margin: 0px 0px 25px;">Password Protected Area</h3>
<label for="ppPassword">Password:</label>
<input type="password" id="ppPassword" name="ppPassword">
<button type="submit">Login</button>
</form>
<script type="text/javascript" language="JavaScript">
window.onload = function() {
document.getElementById("ppPassword").focus();
}
</script>
</div>';
}
/**
* Change Adminers LoginForm Method
* LoginForm returns null, so the output isn't replacable, so the exit is neccessary to stop the
* original LoginForm() method
*/
public function loginForm() {
if(!$this->authed) {
// not authenticated
if(!isset($_POST['ppPassword']) || (isset($_POST['ppPassword']) && sha1($_POST['ppPassword']) !== SHA1PASSWORD)) {
$this->ppEchoLoginForm();
exit(); // needed to prevent echoing the normal LoginForm() output
}
else { // password is okay, continue as expected
$this->ppLogin();
unset($_POST['ppPassword']);
}
}
else {
// returning to the login screen? possibly triggered by a logoff or a new user
$this->ppLogoff();
}
}
}