class AuthenticationCookie extends AuthenticationPlugin

Handles the cookie authentication method

Properties

string $user Username from AuthenticationPlugin
string $password Password from AuthenticationPlugin
protected IpAllowDeny $ipAllowDeny from AuthenticationPlugin
Template $template from AuthenticationPlugin

Methods

__construct()

Constructor

boolean
showLoginForm()

Displays authentication form

boolean
readCredentials()

Gets authentication credentials

boolean
storeCredentials()

Set the user and password after last checkings if required

void
rememberCredentials()

Stores user credentials after successful login.

void
showFailure(string $failure)

User is not allowed to login to MySQL -> authentication failed

void
logOut()

Perform logout

string
getLoginFormURL()

Returns URL for login form.

string
getErrorMessage(string $failure)

Returns error message for failed authentication.

void
handlePasswordChange(string $password)

Callback when user changes password.

void
setSessionAccessTime()

Store session access time in session.

void
authenticate()

High level authentication interface

void
checkRules()

Check configuration defined restrictions for authentication

boolean|void
checkTwoFactor()

Checks whether two factor authentication is active for given user and performs it.

void
setUseOpenSSL(boolean $use)

Forces (not)using of openSSL

void
storeUsernameCookie(string $username)

Stores username in a cookie.

void
storePasswordCookie(string $password)

Stores password in a cookie.

string
enlargeSecret(string $secret)

Concatenates secret in order to make it 16 bytes log

string
getMACSecret(string $secret)

Derives MAC secret from encryption secret.

string
getAESSecret(string $secret)

Derives AES secret from encryption secret.

void
cleanSSLErrors()

Cleans any SSL errors

string
cookieEncrypt(string $data, string $secret)

Encryption using openssl's AES or phpseclib's AES (phpseclib uses mcrypt when it is available)

string|false
cookieDecrypt(string $encdata, string $secret)

Decryption using openssl's AES or phpseclib's AES (phpseclib uses mcrypt when it is available)

int
getIVSize()

Returns size of IV for encryption.

string
createIV()

Initialization Store the initialization vector because it will be needed for further decryption. I don't think necessary to have one iv per server so I don't put the server number in the cookie name.

void
setIV(string $vector)

Sets encryption IV to use

Details

at line 47
__construct()

Constructor

at line 74
boolean showLoginForm()

Displays authentication form

this function MUST exit/quit the application

Return Value

boolean

at line 233
boolean readCredentials()

Gets authentication credentials

this function DOES NOT check authentication - it just checks/provides authentication credentials required to connect to the MySQL server usually with $GLOBALS['dbi']->connect()

it returns false if something is missing - which usually leads to showLoginForm() which displays login form

it returns true if all seems ok which usually leads to auth_set_user()

it directly switches to showFailure() if user inactivity timeout is reached

Return Value

boolean

at line 407
boolean storeCredentials()

Set the user and password after last checkings if required

Return Value

boolean

at line 440
void rememberCredentials()

Stores user credentials after successful login.

Return Value

void

at line 573
void showFailure(string $failure)

User is not allowed to login to MySQL -> authentication failed

prepares error message and switches to showLoginForm() which display the error and the login form

this function MUST exit/quit the application, currently done by call to showLoginForm()

Parameters

string $failure String describing why authentication has failed

Return Value

void

at line 860
void logOut()

Perform logout

Return Value

void

in AuthenticationPlugin at line 171
string getLoginFormURL()

Returns URL for login form.

Return Value

string

in AuthenticationPlugin at line 183
string getErrorMessage(string $failure)

Returns error message for failed authentication.

Parameters

string $failure String describing why authentication has failed

Return Value

string

at line 850
void handlePasswordChange(string $password)

Callback when user changes password.

Parameters

string $password New password to set

Return Value

void

in AuthenticationPlugin at line 229
void setSessionAccessTime()

Store session access time in session.

Tries to workaround PHP 5 session garbage collection which looks at the session file's last modified time

Return Value

void

in AuthenticationPlugin at line 256
void authenticate()

High level authentication interface

Gets the credentials or shows login form if necessary

Return Value

void

in AuthenticationPlugin at line 278
void checkRules()

Check configuration defined restrictions for authentication

Return Value

void

in AuthenticationPlugin at line 334
boolean|void checkTwoFactor()

Checks whether two factor authentication is active for given user and performs it.

Return Value

boolean|void

at line 60
void setUseOpenSSL(boolean $use)

Forces (not)using of openSSL

Parameters

boolean $use The flag

Return Value

void

at line 522
void storeUsernameCookie(string $username)

Stores username in a cookie.

Parameters

string $username User name

Return Value

void

at line 542
void storePasswordCookie(string $password)

Stores password in a cookie.

Parameters

string $password Password

Return Value

void

at line 634
string enlargeSecret(string $secret)

Concatenates secret in order to make it 16 bytes log

This doesn't add any security, just ensures the secret is long enough by copying it.

Parameters

string $secret Original secret

Return Value

string

at line 649
string getMACSecret(string $secret)

Derives MAC secret from encryption secret.

Parameters

string $secret the secret

Return Value

string the MAC secret

at line 669
string getAESSecret(string $secret)

Derives AES secret from encryption secret.

Parameters

string $secret the secret

Return Value

string the AES secret

at line 695
void cleanSSLErrors()

Cleans any SSL errors

This can happen from corrupted cookies, by invalid encryption parameters used in older phpMyAdmin versions or by wrong openSSL configuration.

In neither case the error is useful to user, but we need to clear the error buffer as otherwise the errors would pop up later, for example during MySQL SSL setup.

Return Value

void

at line 713
string cookieEncrypt(string $data, string $secret)

Encryption using openssl's AES or phpseclib's AES (phpseclib uses mcrypt when it is available)

Parameters

string $data original data
string $secret the secret

Return Value

string the encrypted result

at line 752
string|false cookieDecrypt(string $encdata, string $secret)

Decryption using openssl's AES or phpseclib's AES (phpseclib uses mcrypt when it is available)

Parameters

string $encdata encrypted data
string $secret the secret

Return Value

string|false original data, false on error

at line 796
int getIVSize()

Returns size of IV for encryption.

Return Value

int

at line 812
string createIV()

Initialization Store the initialization vector because it will be needed for further decryption. I don't think necessary to have one iv per server so I don't put the server number in the cookie name.

Return Value

string

at line 838
void setIV(string $vector)

Sets encryption IV to use

This is for testing only!

Parameters

string $vector The IV

Return Value

void