The branch, master has been updated via cf6312f5278f922ab420d501200b175eba987c5e (commit) via 72886c3c8a6cf2a01ea40f01c7d7c4c981a3a4e7 (commit) from db07b65c657162ce04c50ec1164390f0fb68b905 (commit)
- Log ----------------------------------------------------------------- commit cf6312f5278f922ab420d501200b175eba987c5e Author: Michal Čihař mcihar@novell.com Date: Mon Jun 6 17:08:35 2011 +0200
Clarify documentation
commit 72886c3c8a6cf2a01ea40f01c7d7c4c981a3a4e7 Author: Michal Čihař mcihar@novell.com Date: Mon Jun 6 17:08:02 2011 +0200
Add option to call extenal script from signon method
-----------------------------------------------------------------------
Summary of changes: Documentation.html | 28 +++++++++++++++++++++------- libraries/auth/signon.auth.lib.php | 14 +++++++++++++- libraries/config.default.php | 7 +++++++ scripts/signon.php | 6 +++--- 4 files changed, 44 insertions(+), 11 deletions(-)
diff --git a/Documentation.html b/Documentation.html index 6e98747..6f66b64 100644 --- a/Documentation.html +++ b/Documentation.html @@ -759,13 +759,17 @@ since this link provides funding for phpMyAdmin. <li>'signon' authentication mode (<tt>$auth_type = 'signon'</tt>) as introduced in 2.10.0 allows you to log in from prepared PHP - session data. This is useful for implementing single signon - from another application. Sample way how to seed session is in - signon example: <code>scripts/signon.php</code>. There is also - alternative example using OpenID - - <code>scripts/openid.php</code>. You need to + session data or using supplied PHP script. This is useful for implementing single signon + from another application. + + Sample way how to seed session is in signon example: <code>scripts/signon.php</code>. + There is also alternative example using OpenID - <code>scripts/openid.php</code> and + example for scripts based solution - <code>scripts/signon-script.php</code>. + + You need to configure <a href="#cfg_Servers_SignonSession" - class="configrule">session name</a> and <a + class="configrule">session name</a> or <a href="#cfg_Servers_SignonScript" + class="configrule">script to be executed</a> and <a href="#cfg_Servers_SignonURL" class="configrule">signon URL</a> to use this authentication method.</li> </ul> @@ -1320,10 +1324,20 @@ CREATE DATABASE,ALTER DATABASE,DROP DATABASE</pre> <dt><span id="cfg_Servers_CountTables">$cfg['Servers'][$i]['CountTables']</span> boolean</dt> <dd>Whether to count the number of tables for each database when preparing the list of databases for the navigation frame. </dd> + <dt><span id="cfg_Servers_SignonScript">$cfg['Servers'][$i]['SignonScript']</span> string</dt> + <dd>Name of PHP script to be sourced and executed to obtain + login credentials. This is alternative approach to session based single + signon. The script needs to provide function + <code>get_login_credentials</code> which returns list of username and + pasword, accepting single parameter of existing username (can be empty). + See <code>scripts/signon-script.php</code> for an example. + </dd> <dt><span id="cfg_Servers_SignonSession">$cfg['Servers'][$i]['SignonSession']</span> string</dt> <dd>Name of session which will be used for signon authentication method. You should use something different than <code>phpMyAdmin</code>, because - this is session which phpMyAdmin uses internally. + this is session which phpMyAdmin uses internally. Takes effect only if + <a href="#cfg_Servers_SignonScript" class="configrule">SignonScript</a> + is not configured. </dd> <dt><span id="cfg_Servers_SignonURL">$cfg['Servers'][$i]['SignonURL']</span> string</dt> <dd>URL where user will be redirected to log in for signon authentication method. Should be absolute including protocol. diff --git a/libraries/auth/signon.auth.lib.php b/libraries/auth/signon.auth.lib.php index 0735020..e095829 100644 --- a/libraries/auth/signon.auth.lib.php +++ b/libraries/auth/signon.auth.lib.php @@ -60,6 +60,9 @@ function PMA_auth_check() return false; }
+ /* Script name */ + $script_name = $GLOBALS['cfg']['Server']['SignonScript']; + /* Session name */ $session_name = $GLOBALS['cfg']['Server']['SignonSession'];
@@ -78,8 +81,17 @@ function PMA_auth_check() /* Are we requested to do logout? */ $do_logout = !empty($_REQUEST['old_usr']);
+ /* Handle script based auth */ + if (!empty($script_name)) { + if (! file_exists($script_name)) { + PMA_fatalError(__('Can not find signon authentication script:') . ' ' . $script_name); + } + require $script_name; + + list ($PHP_AUTH_USER, $PHP_AUTH_PW) = get_login_credentials($cfg['Server']['user']); + /* Does session exist? */ - if (isset($_COOKIE[$session_name])) { + } elseif (isset($_COOKIE[$session_name])) { /* End current session */ $old_session = session_name(); $old_id = session_id(); diff --git a/libraries/config.default.php b/libraries/config.default.php index d6e47c2..1a478b7 100644 --- a/libraries/config.default.php +++ b/libraries/config.default.php @@ -213,6 +213,13 @@ $cfg['Servers'][$i]['password'] = ''; $cfg['Servers'][$i]['SignonSession'] = '';
/** + * PHP script to use for 'signon' authentication method + * + * @global string $cfg['Servers'][$i]['SignonScript'] + */ +$cfg['Servers'][$i]['SignonScript'] = ''; + +/** * URL where to redirect user to login for 'signon' authentication method * * @global string $cfg['Servers'][$i]['SignonURL'] diff --git a/scripts/signon.php b/scripts/signon.php index e585625..d80c1cf 100644 --- a/scripts/signon.php +++ b/scripts/signon.php @@ -3,9 +3,9 @@ /** * Single signon for phpMyAdmin * - * This is just example how to use single signon with phpMyAdmin, it is - * not intended to be perfect code and look, only shows how you can - * integrate this functionality in your application. + * This is just example how to use session based single signon with + * phpMyAdmin, it is not intended to be perfect code and look, only + * shows how you can integrate this functionality in your application. * * @package phpMyAdmin * @subpackage Example
hooks/post-receive