mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-09 16:17:48 +02:00
Code Issues Releases Wiki Activity

Send 403 for auth error

Browse Source
This commit is contained in:
Jakub Vrana
2014-09-13 12:03:13 -07:00
parent 7a370e7885
commit 594085c6f5
2 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
adminer/include/auth.inc.php
View File

@@ -117,9 +117,8 @@ function unset_permanent() {
function auth_error($error) {
global $adminer, $has_token;
$session_name = session_name();
if (!$_COOKIE[$session_name] && $_GET[$session_name] && ini_bool("session.use_only_cookies")) {
$error = lang('Session support must be enabled.');
} elseif (isset($_GET["username"])) {
if (isset($_GET["username"])) {
header("HTTP/1.1 403 Forbidden"); // 401 requires sending WWW-Authenticate header
if (($_COOKIE[$session_name] || $_GET[$session_name]) && !$has_token) {
$error = lang('Session expired, please login again.');
} else {
@@ -134,6 +133,9 @@ function auth_error($error) {
unset_permanent();
}
}
if (!$_COOKIE[$session_name] && $_GET[$session_name] && ini_bool("session.use_only_cookies")) {
$error = lang('Session support must be enabled.');
}
$params = session_get_cookie_params();
cookie("adminer_key", ($_COOKIE["adminer_key"] ? $_COOKIE["adminer_key"] : rand_string()), $params["lifetime"]);
page_header(lang('Login'), $error, null);