mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-08 15:47:00 +02:00
Code Issues Releases Wiki Activity

Auth: Set token after unsuccessful login

Browse Source 
Broken by d59830c
This commit is contained in:
Jakub Vrana
2025-03-31 18:39:42 +02:00
parent 5b095e9f4e
commit 63ab8561be
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
adminer/include/auth.inc.php
View File

@@ -146,6 +146,9 @@ function auth_error(string $error, array &$permanent) {
}
$params = session_get_cookie_params();
cookie("adminer_key", ($_COOKIE["adminer_key"] ?: rand_string()), $params["lifetime"]);
if (!$_SESSION["token"]) {
$_SESSION["token"] = rand(1, 1e6); // this is for next attempt
}
page_header(lang('Login'), $error, null);
echo "<form action='' method='post'>\n";
echo "<div>";
@@ -187,11 +190,9 @@ if (isset($_GET["username"]) && is_string(get_password())) {
$login = null;
if (!is_object($connection) || ($login = adminer()->login($_GET["username"], get_password())) !== true) {
$error = (is_string($connection) ? nl_br(h($connection)) : (is_string($login) ? $login : lang('Invalid credentials.')));
auth_error(
$error . (preg_match('~^ | $~', get_password()) ? '<br>' . lang('There is a space in the input password which might be the cause.') : ''),
$permanent
);
$error = (is_string($connection) ? nl_br(h($connection)) : (is_string($login) ? $login : lang('Invalid credentials.')))
. (preg_match('~^ | $~', get_password()) ? '<br>' . lang('There is a space in the input password which might be the cause.') : '');
auth_error($error, $permanent);
}
if ($_POST["logout"] && $_SESSION["token"] && !verify_token()) {