class AuthenticationCookie extends AuthenticationPlugin (View source)

Handles the cookie authentication method

Properties

string $user Username from  AuthenticationPlugin
string $password Password from  AuthenticationPlugin
protected IpAllowDeny $ipAllowDeny from  AuthenticationPlugin
Template $template from  AuthenticationPlugin

Methods

__construct()

No description

bool
showLoginForm()

Displays authentication form

bool
readCredentials()

Gets authentication credentials

bool
storeCredentials()

Set the user and password after last checkings if required

void
rememberCredentials()

Stores user credentials after successful login.

void
showFailure(string $failure)

User is not allowed to login to MySQL -> authentication failed

void
logOut()

Perform logout

string
getLoginFormURL()

Returns URL for login form.

string
getErrorMessage(string $failure)

Returns error message for failed authentication.

void
handlePasswordChange(string $password)

Callback when user changes password.

void
setSessionAccessTime()

Store session access time in session.

void
authenticate()

High level authentication interface

void
checkRules()

Check configuration defined restrictions for authentication

void
checkTwoFactor()

Checks whether two factor authentication is active for given user and performs it.

void
setUseOpenSSL(bool $use)

Forces (not)using of openSSL

void
storeUsernameCookie(string $username)

Stores username in a cookie.

void
storePasswordCookie(string $password)

Stores password in a cookie.

string
enlargeSecret(string $secret)

Concatenates secret in order to make it 16 bytes log

string
getMACSecret(string $secret)

Derives MAC secret from encryption secret.

string
getAESSecret(string $secret)

Derives AES secret from encryption secret.

void
cleanSSLErrors()

Cleans any SSL errors

string
cookieEncrypt(string $data, string $secret)

Encryption using openssl's AES or phpseclib's AES (phpseclib uses anoher extension when it is available)

string|false
cookieDecrypt(string $encdata, string $secret)

Decryption using openssl's AES or phpseclib's AES (phpseclib uses anoher extension when it is available)

int
getIVSize()

Returns size of IV for encryption.

string
createIV()

Initialization Store the initialization vector because it will be needed for further decryption. I don't think necessary to have one iv per server so I don't put the server number in the cookie name.

void
setIV(string $vector)

Sets encryption IV to use

Details

__construct()

bool showLoginForm()

Displays authentication form

this function MUST exit/quit the application

Return Value

bool

bool readCredentials()

Gets authentication credentials

this function DOES NOT check authentication - it just checks/provides authentication credentials required to connect to the MySQL server usually with $GLOBALS['dbi']->connect()

it returns false if something is missing - which usually leads to showLoginForm() which displays login form

it returns true if all seems ok which usually leads to auth_set_user()

it directly switches to showFailure() if user inactivity timeout is reached

Return Value

bool

bool storeCredentials()

Set the user and password after last checkings if required

Return Value

bool

void rememberCredentials()

Stores user credentials after successful login.

Return Value

void

void showFailure(string $failure)

User is not allowed to login to MySQL -> authentication failed

prepares error message and switches to showLoginForm() which display the error and the login form

this function MUST exit/quit the application, currently done by call to showLoginForm()

Parameters

string $failure String describing why authentication has failed

Return Value

void

void logOut()

Perform logout

Return Value

void

string getLoginFormURL()

Returns URL for login form.

Return Value

string

string getErrorMessage(string $failure)

Returns error message for failed authentication.

Parameters

string $failure String describing why authentication has failed

Return Value

string

void handlePasswordChange(string $password)

Callback when user changes password.

Parameters

string $password New password to set

Return Value

void

void setSessionAccessTime()

Store session access time in session.

Tries to workaround PHP 5 session garbage collection which looks at the session file's last modified time

Return Value

void

void authenticate()

High level authentication interface

Gets the credentials or shows login form if necessary

Return Value

void

void checkRules()

Check configuration defined restrictions for authentication

Return Value

void

void checkTwoFactor()

Checks whether two factor authentication is active for given user and performs it.

Return Value

void

void setUseOpenSSL(bool $use)

Forces (not)using of openSSL

Parameters

bool $use The flag

Return Value

void

void storeUsernameCookie(string $username)

Stores username in a cookie.

Parameters

string $username User name

Return Value

void

void storePasswordCookie(string $password)

Stores password in a cookie.

Parameters

string $password Password

Return Value

void

string enlargeSecret(string $secret)

Concatenates secret in order to make it 16 bytes log

This doesn't add any security, just ensures the secret is long enough by copying it.

Parameters

string $secret Original secret

Return Value

string

string getMACSecret(string $secret)

Derives MAC secret from encryption secret.

Parameters

string $secret the secret

Return Value

string the MAC secret

string getAESSecret(string $secret)

Derives AES secret from encryption secret.

Parameters

string $secret the secret

Return Value

string the AES secret

void cleanSSLErrors()

Cleans any SSL errors

This can happen from corrupted cookies, by invalid encryption parameters used in older phpMyAdmin versions or by wrong openSSL configuration.

In neither case the error is useful to user, but we need to clear the error buffer as otherwise the errors would pop up later, for example during MySQL SSL setup.

Return Value

void

string cookieEncrypt(string $data, string $secret)

Encryption using openssl's AES or phpseclib's AES (phpseclib uses anoher extension when it is available)

Parameters

string $data original data
string $secret the secret

Return Value

string the encrypted result

string|false cookieDecrypt(string $encdata, string $secret)

Decryption using openssl's AES or phpseclib's AES (phpseclib uses anoher extension when it is available)

Parameters

string $encdata encrypted data
string $secret the secret

Return Value

string|false original data, false on error

int getIVSize()

Returns size of IV for encryption.

Return Value

int

string createIV()

Initialization Store the initialization vector because it will be needed for further decryption. I don't think necessary to have one iv per server so I don't put the server number in the cookie name.

Return Value

string

void setIV(string $vector)

Sets encryption IV to use

This is for testing only!

Parameters

string $vector The IV

Return Value

void