mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-09 08:06:59 +02:00
Code Issues Releases Wiki Activity

Auth: Set token after unsuccessful login

Browse Source 
Broken by d59830c
This commit is contained in:
Jakub Vrana
2025-03-31 18:39:42 +02:00
parent 5b095e9f4e
commit 63ab8561be
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
adminer/include/auth.inc.php
View File

@@ -146,6 +146,9 @@ function auth_error(string $error, array &$permanent) {
} }
$params = session_get_cookie_params(); $params = session_get_cookie_params();
cookie("adminer_key", ($_COOKIE["adminer_key"] ?: rand_string()), $params["lifetime"]); cookie("adminer_key", ($_COOKIE["adminer_key"] ?: rand_string()), $params["lifetime"]);
if (!$_SESSION["token"]) {
$_SESSION["token"] = rand(1, 1e6); // this is for next attempt
}
page_header(lang('Login'), $error, null); page_header(lang('Login'), $error, null);
echo "<form action='' method='post'>\n"; echo "<form action='' method='post'>\n";
echo "<div>"; echo "<div>";
@@ -187,11 +190,9 @@ if (isset($_GET["username"]) && is_string(get_password())) {
$login = null; $login = null;
if (!is_object($connection) || ($login = adminer()->login($_GET["username"], get_password())) !== true) { if (!is_object($connection) || ($login = adminer()->login($_GET["username"], get_password())) !== true) {
$error = (is_string($connection) ? nl_br(h($connection)) : (is_string($login) ? $login : lang('Invalid credentials.'))); $error = (is_string($connection) ? nl_br(h($connection)) : (is_string($login) ? $login : lang('Invalid credentials.')))
auth_error( . (preg_match('~^ | $~', get_password()) ? '<br>' . lang('There is a space in the input password which might be the cause.') : '');
$error . (preg_match('~^ | $~', get_password()) ? '<br>' . lang('There is a space in the input password which might be the cause.') : ''), auth_error($error, $permanent);
$permanent
);
} }
if ($_POST["logout"] && $_SESSION["token"] && !verify_token()) { if ($_POST["logout"] && $_SESSION["token"] && !verify_token()) {