Comments

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@729 7c3ca157-0c34-0410-bff1-cbf682f78f5c

adminer/include/auth.inc.php

@@ -6,10 +6,10 @@ if (ini_get("session.use_trans_sid") && isset($_POST[$session_name])) {
 }
 if (isset($_POST["server"])) {
 	if (isset($_COOKIE[$session_name]) || isset($_POST[$session_name])) {
-		session_regenerate_id();
+		session_regenerate_id(); // defense against session fixation
 		$_SESSION["usernames"][$_POST["server"]] = $_POST["username"];
 		$_SESSION["passwords"][$_POST["server"]] = $_POST["password"];
-		$_SESSION["tokens"][$_POST["server"]] = rand(1, 1e6);
+		$_SESSION["tokens"][$_POST["server"]] = rand(1, 1e6); // defense against cross-site request forgery
 		if (count($_POST) == count($ignore)) {
 			$location = ((string) $_GET["server"] === $_POST["server"] ? remove_from_uri() : preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . (strlen($_POST["server"]) ? '?server=' . urlencode($_POST["server"]) : ''));
 			if (!isset($_COOKIE[$session_name])) {
@@ -66,7 +66,7 @@ function auth_error($exception = null) {
 
 $username = &$_SESSION["usernames"][$_GET["server"]];
 if (!isset($username)) {
-	$username = $_GET["username"];
+	$username = $_GET["username"]; // default username can be passed in URL
 }
 $dbh = (isset($username) ? connect() : '');
 unset($username);