]> git.joonet.de Git - adminer.git/commitdiff
projects / adminer.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d7982e0)
Stop session before connecting (thanks to Kareem Zidane)
authorJakub Vrana <jakub@vrana.cz>
Tue, 20 Feb 2018 22:10:05 +0000 (23:10 +0100)
committerJakub Vrana <jakub@vrana.cz>
Tue, 20 Feb 2018 22:11:05 +0000 (23:11 +0100)
adminer/include/auth.inc.php patch | blob | history
adminer/include/bootstrap.inc.php patch | blob | history
changes.txt patch | blob | history

diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php
index f18fa4cc5ef3686831fa261ca66303aa1847a77b..c25dc33ff763821a3186ba84408864c1fff627b7 100644 (file)
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -120,6 +120,7 @@ function auth_error($error) {
                if (($_COOKIE[$session_name] || $_GET[$session_name]) && !$has_token) {
                        $error = lang('Session expired, please login again.');
                } else {
+                       restart_session();
                        add_invalid_login();
                        $password = get_password();
                        if ($password !== null) {
@@ -149,14 +150,19 @@ function auth_error($error) {
        exit;
 }
 
+if (isset($_GET["username"]) && !class_exists("Min_DB")) {
+       unset($_SESSION["pwds"][DRIVER]);
+       unset_permanent();
+       page_header(lang('No extension'), lang('None of the supported PHP extensions (%s) are available.', implode(", ", $possible_drivers)), false);
+       page_footer("auth");
+       exit;
+}
+
+if (!ini_bool("session.use_cookies") || @ini_set("session.use_cookies", false) !== false) { // @ - may be disabled
+       session_write_close(); // improves concurrency if a user opens several pages at once, may be restarted later
+}
+
 if (isset($_GET["username"])) {
-       if (!class_exists("Min_DB")) {
-               unset($_SESSION["pwds"][DRIVER]);
-               unset_permanent();
-               page_header(lang('No extension'), lang('None of the supported PHP extensions (%s) are available.', implode(", ", $possible_drivers)), false);
-               page_footer("auth");
-               exit;
-       }
        list($host, $port) = explode(":", SERVER, 2);
        if (is_numeric($port) && $port < 1024) {
                auth_error(lang('Connecting to privileged ports is not allowed.'));
diff --git a/adminer/include/bootstrap.inc.php b/adminer/include/bootstrap.inc.php
index 2ae17f9c50caf7b0c1dd69cd5e4bbbe181b6a8b9..76c4543f56ab45d21fa1b13a12a883ddb4c33519 100644 (file)
--- a/adminer/include/bootstrap.inc.php
+++ b/adminer/include/bootstrap.inc.php
@@ -95,11 +95,6 @@ include "./include/adminer.inc.php";
 include "../adminer/include/design.inc.php";
 include "../adminer/include/xxtea.inc.php";
 include "../adminer/include/auth.inc.php";
-
-if (!ini_bool("session.use_cookies") || @ini_set("session.use_cookies", false) !== false) { // @ - may be disabled
-       session_write_close(); // improves concurrency if a user opens several pages at once, may be restarted later
-}
-
 include "./include/editing.inc.php";
 include "./include/connect.inc.php";
 
diff --git a/changes.txt b/changes.txt
index d62c16e419af460930a4d637eb5d9e987826b867..3e83fd8c4210cfb0dca0c8e49cc69438be6bf878 100644 (file)
--- a/changes.txt
+++ b/changes.txt
@@ -1,4 +1,5 @@
 Adminer 4.6.3-dev:
+Stop session before connecting
 PDO: Support binary fields download
 
 Adminer 4.6.2 (released 2018-02-20):
Sources of adminer, a webclient for database management systems.