From: jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
Date: Wed, 27 Aug 2008 16:43:30 +0000 (+0000)
Subject: Access without login - accept ?username=
X-Git-Tag: v3.0.0~1058
X-Git-Url: https://git.joonet.de/?a=commitdiff_plain;h=206a3caef783724a41204cec64321d0df1977526;p=adminer.git

Access without login - accept ?username=

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@459 7c3ca157-0c34-0410-bff1-cbf682f78f5c
---

diff --git a/auth.inc.php b/auth.inc.php
index 592b23ef..92a177a8 100644
--- a/auth.inc.php
+++ b/auth.inc.php
@@ -70,8 +70,12 @@ function auth_error() {
 	page_footer("auth");
 }
 
-$username = $_SESSION["usernames"][$_GET["server"]];
+$username = &$_SESSION["usernames"][$_GET["server"]];
+if (!isset($username)) {
+	$username = $_GET["username"];
+}
 if (!isset($username) || !$mysql->connect($_GET["server"], $username, $_SESSION["passwords"][$_GET["server"]])) {
 	auth_error();
 	exit;
 }
+unset($username);
diff --git a/todo.txt b/todo.txt
index 334558b9..669d32d1 100644
--- a/todo.txt
+++ b/todo.txt
@@ -9,7 +9,6 @@ Bulk update - leave original, set to value, set to NULL
 Save uploaded files after error to session variable instead of hidden field
 Transactions in export
 Compress export and import
-Access without login - accept $_GET
 ? Query print
 ? Execution time in sql.inc.php
 ? Save token also to cookie - for session expiration and login in other window