openid.php 4.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171
  1. <?php
  2. /**
  3. * Single signon for phpMyAdmin using OpenID
  4. *
  5. * This is just example how to use single signon with phpMyAdmin, it is
  6. * not intended to be perfect code and look, only shows how you can
  7. * integrate this functionality in your application.
  8. *
  9. * It uses OpenID pear package, see https://pear.php.net/package/OpenID
  10. *
  11. * User first authenticates using OpenID and based on content of $AUTH_MAP
  12. * the login information is passed to phpMyAdmin in session data.
  13. */
  14. declare(strict_types=1);
  15. if (false === @include_once 'OpenID/RelyingParty.php') {
  16. exit;
  17. }
  18. /* Change this to true if using phpMyAdmin over https */
  19. $secure_cookie = false;
  20. /**
  21. * Map of authenticated users to MySQL user/password pairs.
  22. */
  23. $AUTH_MAP = [
  24. 'https://launchpad.net/~username' => [
  25. 'user' => 'root',
  26. 'password' => '',
  27. ],
  28. ];
  29. // phpcs:disable PSR1.Files.SideEffects,Squiz.Functions.GlobalFunction
  30. /**
  31. * Simple function to show HTML page with given content.
  32. *
  33. * @param string $contents Content to include in page
  34. */
  35. function Show_page($contents): void
  36. {
  37. header('Content-Type: text/html; charset=utf-8');
  38. echo '<?xml version="1.0" encoding="utf-8"?>' . "\n";
  39. echo '<!DOCTYPE HTML>
  40. <html lang="en" dir="ltr">
  41. <head>
  42. <link rel="icon" href="../favicon.ico" type="image/x-icon">
  43. <link rel="shortcut icon" href="../favicon.ico" type="image/x-icon">
  44. <meta charset="utf-8">
  45. <title>phpMyAdmin OpenID signon example</title>
  46. </head>
  47. <body>';
  48. if (isset($_SESSION['PMA_single_signon_error_message'])) {
  49. echo '<p class="error">' . $_SESSION['PMA_single_signon_message'] . '</p>';
  50. unset($_SESSION['PMA_single_signon_message']);
  51. }
  52. echo $contents;
  53. echo '</body></html>';
  54. }
  55. /**
  56. * Display error and exit
  57. *
  58. * @param Exception $e Exception object
  59. */
  60. function Die_error($e): void
  61. {
  62. $contents = "<div class='relyingparty_results'>\n";
  63. $contents .= '<pre>' . htmlspecialchars($e->getMessage()) . "</pre>\n";
  64. $contents .= "</div class='relyingparty_results'>";
  65. Show_page($contents);
  66. exit;
  67. }
  68. // phpcs:enable
  69. /* Need to have cookie visible from parent directory */
  70. session_set_cookie_params(0, '/', '', $secure_cookie, true);
  71. /* Create signon session */
  72. $session_name = 'SignonSession';
  73. session_name($session_name);
  74. @session_start();
  75. // Determine realm and return_to
  76. $base = 'http';
  77. if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') {
  78. $base .= 's';
  79. }
  80. $base .= '://' . $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT'];
  81. $realm = $base . '/';
  82. $returnTo = $base . dirname($_SERVER['PHP_SELF']);
  83. if ($returnTo[strlen($returnTo) - 1] !== '/') {
  84. $returnTo .= '/';
  85. }
  86. $returnTo .= 'openid.php';
  87. /* Display form */
  88. if ((! count($_GET) && ! count($_POST)) || isset($_GET['phpMyAdmin'])) {
  89. /* Show simple form */
  90. $content = '<form action="openid.php" method="post">
  91. OpenID: <input type="text" name="identifier"><br>
  92. <input type="submit" name="start">
  93. </form>';
  94. Show_page($content);
  95. exit;
  96. }
  97. /* Grab identifier */
  98. $identifier = null;
  99. if (isset($_POST['identifier']) && is_string($_POST['identifier'])) {
  100. $identifier = $_POST['identifier'];
  101. } elseif (isset($_SESSION['identifier']) && is_string($_SESSION['identifier'])) {
  102. $identifier = $_SESSION['identifier'];
  103. }
  104. /* Create OpenID object */
  105. try {
  106. $o = new OpenID_RelyingParty($returnTo, $realm, $identifier);
  107. } catch (Throwable $e) {
  108. Die_error($e);
  109. }
  110. /* Redirect to OpenID provider */
  111. if (isset($_POST['start'])) {
  112. try {
  113. $authRequest = $o->prepare();
  114. } catch (Throwable $e) {
  115. Die_error($e);
  116. }
  117. $url = $authRequest->getAuthorizeURL();
  118. header('Location: ' . $url);
  119. exit;
  120. }
  121. /* Grab query string */
  122. if (! count($_POST)) {
  123. [, $queryString] = explode('?', $_SERVER['REQUEST_URI']);
  124. } else {
  125. // Fetch the raw query body
  126. $queryString = file_get_contents('php://input');
  127. }
  128. /* Check reply */
  129. try {
  130. $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP);
  131. } catch (Throwable $e) {
  132. Die_error($e);
  133. }
  134. $id = $message->get('openid.claimed_id');
  135. if (empty($id) || ! isset($AUTH_MAP[$id])) {
  136. Show_page('<p>User not allowed!</p>');
  137. exit;
  138. }
  139. $_SESSION['PMA_single_signon_user'] = $AUTH_MAP[$id]['user'];
  140. $_SESSION['PMA_single_signon_password'] = $AUTH_MAP[$id]['password'];
  141. $_SESSION['PMA_single_signon_HMAC_secret'] = hash('sha1', uniqid(strval(random_int(0, mt_getrandmax())), true));
  142. session_write_close();
  143. /* Redirect to phpMyAdmin (should use absolute URL here!) */
  144. header('Location: ../index.php');