From 7990f8881b085279269d35cf9dd2787b88ae1c08 Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Tue, 27 Nov 2012 14:47:43 -0500
Subject: [PATCH] Bugfix: _ispconfig_pw_crypted was ignored (stripped off in encoding method)
---
interface/web/sites/database_phpmyadmin.php | 58 +++++++++++++++++++++++-----------------------------------
1 files changed, 23 insertions(+), 35 deletions(-)
diff --git a/interface/web/sites/database_phpmyadmin.php b/interface/web/sites/database_phpmyadmin.php
index 481a654..0bd379d 100644
--- a/interface/web/sites/database_phpmyadmin.php
+++ b/interface/web/sites/database_phpmyadmin.php
@@ -34,57 +34,45 @@
//* Check permissions for module
$app->auth->check_module_permissions('sites');
-/* get the id of the database (must be int!) */
+/*
+ * get the id of the database (must be int!)
+ */
if (!isset($_GET['id'])){
die ("No DB selected!");
}
-$databaseId = intval($_GET['id']);
+$databaseId = $app->functions->intval($_GET['id']);
/*
* Get the data to connect to the database
*/
-$dbData = $app->db->queryOneRecord(
- "SELECT sys_userid, sys_groupid, sys_perm_user, sys_perm_group, server_id, database_name, database_user, database_password FROM web_database WHERE database_id = " .
- $databaseId);
-
-/*
- * We also need the data of the server
- */
-$serverId = intval($dbData['server_id']);
+$dbData = $app->db->queryOneRecord("SELECT server_id, database_name FROM web_database WHERE database_id = " . $databaseId);
+$serverId = $app->functions->intval($dbData['server_id']);
if ($serverId == 0){
die ("No DB-Server found!");
}
-
$serverData = $app->db->queryOneRecord(
"SELECT server_name FROM server WHERE server_id = " .
$serverId);
+
+$app->uses('getconf');
+$global_config = $app->getconf->get_global_config('sites');
+$web_config = $app->getconf->get_server_config($serverId,'web');
/*
- * Check if the user has the right to open phpmyadmin with this database
- * (we will check only users, not admins)
+ * We only redirect to the login-form, so there is no need, to check any rights
*/
-if($_SESSION["s"]["user"]["typ"] == 'user') {
- /* Get the group of the client */
- $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
- /* compare both */
- if ($dbData['sys_groupid'] != $client_group_id){
- die ("You don't have the right to access this db!");
+
+if($global_config['phpmyadmin_url'] != '') {
+ $phpmyadmin_url = $global_config['phpmyadmin_url'];
+ $phpmyadmin_url = str_replace(array('[SERVERNAME]', '[DATABASENAME]'),array($serverData['server_name'], $dbData['database_name']),$phpmyadmin_url);
+ header('Location:'.$phpmyadmin_url);
+} else {
+ isset($_SERVER['HTTPS'])? $http = 'https' : $http = 'http';
+ if($web_config['server_type'] == 'nginx') {
+ header('location:' . $http . '://' . $serverData['server_name'] . ':8081/phpmyadmin');
+ } else {
+ header('location:' . $http . '://' . $serverData['server_name'] . '/phpmyadmin');
}
}
-
-/*
- * Now generate the login-Form
- */
-isset($_SERVER['HTTPS'])? $http = 'https' : $http = 'http';
-echo '
-starting phpMyAdmin...<br>
-<form method="post" action="' . $http . '://' . $serverData['server_name'] . '/phpmyadmin/index.php" name="login_form" target="_top" style="visibility:hidden">
- <input type="text" name="pma_username" id="input_username" value="' . $dbData['database_user'] . '" />
- <input type="password" name="pma_password" id="input_password" value="' . $dbData['database_password'] . '" size="24" class="textfield" />
-</form>
-<script type="text/javascript" language="javascript">
-<!--
-document.forms["login_form"].submit();
-//-->
-</script>';
+exit;
?>
\ No newline at end of file
--
Gitblit v1.9.1