Notify user about expired master password for permanent login

diff --git a/adminer/include/adminer.inc.php b/adminer/include/adminer.inc.php
index 4d6658712ea5db206561a84b0dc2aaf04008392e..f170abacd2b7e22e684d7f796f0caeb0d92dd5e2 100644 (file)
--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@@ -20,10 +20,11 @@ class Adminer {
        }
        
        /** Get key used for permanent login
-       * @return string cryptic string which gets combined with password
+       * @param bool
+       * @return string cryptic string which gets combined with password or false in case of an error
        */
-       function permanentLogin() {
-               return password_file();
+       function permanentLogin($create = false) {
+               return password_file($create);
        }
        
        /** Identifier of selected database

diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php
index c289b9063f409ed1b697e2c011ea41b6d9657d9d..e8d6c8289dc551e1ec130721d9dfc0a8a00d057a 100644 (file)
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -21,7 +21,7 @@ if ($auth) {
        $_SESSION["db"][$auth["driver"]][$auth["server"]][$auth["username"]][$auth["db"]] = true;
        if ($auth["permanent"]) {
                $key = base64_encode($auth["driver"]) . "-" . base64_encode($auth["server"]) . "-" . base64_encode($auth["username"]) . "-" . base64_encode($auth["db"]);
-               $private = $adminer->permanentLogin();
+               $private = $adminer->permanentLogin(true);
                $permanent[$key] = "$key:" . base64_encode($private ? encrypt_string($auth["password"], $private) : "");
                cookie("adminer_permanent", implode(" ", $permanent));
        }
@@ -49,7 +49,7 @@ if ($auth) {
        
 } elseif ($permanent && !$_SESSION["pwds"]) {
        session_regenerate_id();
-       $private = $adminer->permanentLogin(); // try to decode even if not set
+       $private = $adminer->permanentLogin();
        foreach ($permanent as $key => $val) {
                list(, $cipher) = explode(":", $val);
                list($driver, $server, $username, $db) = array_map('base64_decode', explode("-", $key));
@@ -82,6 +82,9 @@ function auth_error($exception = null) {
                        $password = &get_session("pwds");
                        if ($password !== null) {
                                $error = h($exception ? $exception->getMessage() : (is_string($connection) ? $connection : lang('Invalid credentials.')));
+                               if ($password === false) {
+                                       $error .= '<br>' . lang('Master password expired. <a href="http://www.adminer.org/en/extension/" target="_blank">Implement</a> <code>permanentLogin()</code> method to make it permanent.');
+                               }
                                $password = null;
                        }
                        unset_permanent();

diff --git a/adminer/include/functions.inc.php b/adminer/include/functions.inc.php
index c27ac3300e8835d3328dde5b478c2e88889c5e3d..f9918a6d386689398bb4ae57411a46a251843b5d 100644 (file)
--- a/adminer/include/functions.inc.php
+++ b/adminer/include/functions.inc.php
@@ -912,9 +912,10 @@ function apply_sql_function($function, $column) {
 }
 
 /** Read password from file adminer.key in temporary directory or create one
+* @param bool
 * @return string or false if the file can not be created
 */
-function password_file() {
+function password_file($create) {
        $dir = ini_get("upload_tmp_dir"); // session_save_path() may contain other storage path
        if (!$dir) {
                if (function_exists('sys_get_temp_dir')) {
@@ -930,7 +931,7 @@ function password_file() {
        }
        $filename = "$dir/adminer.key";
        $return = @file_get_contents($filename); // @ - can not exist
-       if ($return) {
+       if ($return || !$create) {
                return $return;
        }
        $fp = @fopen($filename, "w"); // @ - can have insufficient rights //! is not atomic

diff --git a/adminer/include/xxtea.inc.php b/adminer/include/xxtea.inc.php
index 7467a0da852ef981b3762cce064028ae4bf59da6..bc83580359e5760bcf23dfe9099c5fd722dd9459 100644 (file)
--- a/adminer/include/xxtea.inc.php
+++ b/adminer/include/xxtea.inc.php
@@ -79,6 +79,9 @@ function decrypt_string($str, $key) {
        if ($str == "") {
                return "";
        }
+       if (!$key) {
+               return false;
+       }
        $key = array_values(unpack("V*", pack("H*", md5($key))));
        $v = str2long($str, false);
        $n = count($v) - 1;

diff --git a/adminer/lang/cs.inc.php b/adminer/lang/cs.inc.php
index cb40f20ee81142b25ac3a4ba358124c8ee46b34d..eb09ca6468fe0d10f9c7eedecaa9447d0fc94e52 100644 (file)
--- a/adminer/lang/cs.inc.php
+++ b/adminer/lang/cs.inc.php
@@ -11,6 +11,7 @@ $translations = array(
        'Logged as: %s' => 'Přihlášen jako: %s',
        'Logout successful.' => 'Odhlášení proběhlo v pořádku.',
        'Invalid credentials.' => 'Neplatné přihlašovací údaje.',
+       'Master password expired. <a href="http://www.adminer.org/en/extension/" target="_blank">Implement</a> <code>permanentLogin()</code> method to make it permanent.' => 'Platnost hlavního hesla vypršela. <a href="http://www.adminer.org/cs/extension/" target="_blank">Implementujte</a> metodu <code>permanentLogin()</code>, aby platilo stále.',
        'Language' => 'Jazyk',
        'Invalid CSRF token. Send the form again.' => 'Neplatný token CSRF. Odešlete formulář znovu.',
        'No extension' => 'Žádné rozšíření',

diff --git a/adminer/lang/xx.inc.php b/adminer/lang/xx.inc.php
index a100759bfacdf466f1b0075eb1b230cc4535020c..db2089dfea7fd54b9757d6cb52ab00ad2279a02b 100644 (file)
--- a/adminer/lang/xx.inc.php
+++ b/adminer/lang/xx.inc.php
@@ -11,6 +11,7 @@ $translations = array(
        'Logged as: %s' => 'xx',
        'Logout successful.' => 'xx',
        'Invalid credentials.' => 'xx',
+       'Master password expired. <a href="http://www.adminer.org/en/extension/" target="_blank">Implement</a> <code>permanentLogin()</code> method to make it permanent.' => 'xx',
        'Language' => 'xx',
        'Invalid CSRF token. Send the form again.' => 'xx',
        'No extension' => 'xx',

diff --git a/changes.txt b/changes.txt
index 9db1bb72ca3755ce4dc98b11a4381326d77db246..dff0412467a5ae3b1fec089ff4d44dbbdf7a6cc8 100644 (file)
--- a/changes.txt
+++ b/changes.txt
@@ -5,6 +5,7 @@ Don't use LIMIT 1 if inline updating unique row
 Don't check previous checkbox on added column in create table (bug #3614245)
 Order table list by name
 Verify UTF-8 encoding of CSV import
+Notify user about expired master password for permanent login
 MySQL: Speed up updating rows without numeric or UTF-8 primary key
 PostgreSQL: Fix detecting oid column in PDO
 PostgreSQL: Handle timestamp types (bug #3614086)

diff --git a/editor/include/adminer.inc.php b/editor/include/adminer.inc.php
index 81c92c1b90fbbf6e1a887b549f05ca49f985239f..2e1acad695214daa29a26d15276796d39ac08000 100644 (file)
--- a/editor/include/adminer.inc.php
+++ b/editor/include/adminer.inc.php
@@ -13,8 +13,8 @@ class Adminer {
                return array(SERVER, $_GET["username"], get_session("pwds"));
        }
        
-       function permanentLogin() {
-               return password_file();
+       function permanentLogin($create = false) {
+               return password_file($create);
        }
        
        function database() {