Skip to content

Commit 801feca

Browse files
osalabsosalabs
committed
session work in $_SESSION['phpMiniAdmin']
1 parent 817626a commit 801feca

File tree

3 files changed

+37
-27
lines changed

3 files changed

+37
-27
lines changed

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,7 @@ In the directory samples you'll find phpminiconfig.php for known OpenSource pack
4242
### changes in phpMiniAdmin 1.9.251125 (latest)
4343
- reverted back from str_starts_with to strpos to support PHP 7
4444
- fix if does not have permission to run SHOW DATABASES
45+
- moved work with session under $_SESSION['phpMiniAdmin'], so it does not conflict with other applications sessions
4546

4647
### changes in phpMiniAdmin 1.9.240801
4748
- fixed one php short open tag

changelog.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
### changes in phpMiniAdmin 1.9.251125 (latest)
22
- reverted back from str_starts_with to strpos to support PHP 7
33
- fix if does not have permission to run SHOW DATABASES
4+
- moved work with session under $_SESSION['phpMiniAdmin'], so it does not conflict with other applications sessions
45

56
### changes in phpMiniAdmin 1.9.240801
67
- fixed one php short open tag

phpminiadmin.php

Lines changed: 35 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -49,8 +49,14 @@
4949
ini_set('session.use_only_cookies', 1);
5050
@session_start();
5151

52-
if (!isset($_SESSION['XSS'])) $_SESSION['XSS']=get_rand_str(16);
53-
$xurl='XSS='.$_SESSION['XSS'];
52+
if (!isset($_SESSION['phpMiniAdmin'])) $_SESSION['phpMiniAdmin']=[];
53+
function sget($k,$d=NULL){return $_SESSION['phpMiniAdmin'][$k]??$d;}
54+
function sset($k,$v){$_SESSION['phpMiniAdmin'][$k]=$v;}
55+
function sdel($k){unset($_SESSION['phpMiniAdmin'][$k]);}
56+
function sclear(){$_SESSION['phpMiniAdmin']=[];}
57+
58+
if (!sget('XSS')) sset('XSS', get_rand_str(16));
59+
$xurl='XSS='.sget('XSS');
5460

5561
ini_set('display_errors',0); #turn on to debug db or script issues
5662
error_reporting(E_ALL ^ E_NOTICE);
@@ -61,26 +67,25 @@
6167
if ($_REQUEST['pwd']!=$ACCESS_PWD){
6268
$err_msg="Invalid password. Try again";
6369
}else{
64-
$_SESSION['is_logged']=true;
70+
sset('is_logged',true);
6571
loadcfg();
6672
}
6773
}
6874

6975
if(isset($_REQUEST['logoff'])){
7076
check_xss();
71-
$_SESSION=[];
77+
sclear();
7278
savecfg();
73-
session_destroy();
7479
$url=$self;
7580
if (!$ACCESS_PWD) $url='/';
7681
header("location: $url");
7782
exit;
7883
}
7984

80-
if (!isset($_SESSION['is_logged'])){
85+
if (!sget('is_logged')){
8186
if (empty($ACCESS_PWD)){
8287
if (isTrusted()){
83-
$_SESSION['is_logged']=true;
88+
sset('is_logged',true);
8489
loadcfg();
8590
}else{
8691
die("Set ACCESS_PWD to protect your database.");
@@ -464,13 +469,13 @@ function sht(f){
464469
</head>
465470
<body onload="after_load()">
466471
<form method="post" name="DF" id="DF" action="<?php eo($self)?>" enctype="multipart/form-data">
467-
<input type="hidden" name="XSS" value="<?php eo($_SESSION['XSS'])?>">
472+
<input type="hidden" name="XSS" value="<?php eo(sget('XSS'))?>">
468473
<input type="hidden" name="refresh" value="">
469474
<input type="hidden" name="p" value="">
470475

471476
<div class="inv">
472477
<a href="http://phpminiadmin.sourceforge.net/" target="_blank"><b>phpMiniAdmin <?php eo($VERSION)?></b></a>
473-
<?php if ($_SESSION['is_logged'] && $dbh){
478+
<?php if (sget('is_logged') && $dbh){
474479
if ($DBSERVERS){?>
475480
| Servers: <select name="srv" onChange="frefresh()"><option value=''>- select/refresh -</option>
476481
<?php echo @sel($DBSERVERS,'iname',$SRV)?></select>
@@ -486,7 +491,7 @@ function sht(f){
486491
<?php } ?>
487492
| <a href="?showcfg=1">Settings</a>
488493
<?php } ?>
489-
<?php if ($_SESSION['is_logged']){?> | <a href="?<?php eo($xurl)?>&logoff=1" onclick="logoff()">Logoff</a> <?php }?>
494+
<?php if (sget('is_logged')){?> | <a href="?<?php eo($xurl)?>&logoff=1" onclick="logoff()">Logoff</a> <?php }?>
490495
| <a href="?pi=1">phpinfo</a>
491496
</div>
492497

@@ -674,28 +679,27 @@ function get_identity($dbh1=NULL){
674679

675680
function get_db_select($sel=''){
676681
global $DB,$SHOW_D;
677-
if (is_array($_SESSION['sql_sd']??0) && ($_REQUEST['db']??'')!='*'){//check cache
678-
$arr=$_SESSION['sql_sd'];
682+
$arr=sget('sql_sd');
683+
if (is_array($arr) && ($_REQUEST['db']??'')!='*'){
679684
}else{
680685
$arr=db_array($SHOW_D,NULL,1);
681686
if (!is_array($arr) || !$arr){
682687
$cur=db_value("SELECT DATABASE()",NULL,1);
683688
if (!$cur) $cur=$DB['db'];
684689
$arr=[['Database'=>$cur]];
685690
}
686-
$_SESSION['sql_sd']=$arr;
691+
sset('sql_sd',$arr);
687692
}
688693
return @sel($arr,'Database',$sel);
689694
}
690695

691696
function chset_select($sel=''){
692697
global $DBDEF;
693-
if (isset($_SESSION['sql_chset'])){
694-
$arr=$_SESSION['sql_chset'];
695-
}else{
698+
$arr=sget('sql_chset');
699+
if (!$arr){
696700
$arr=db_array("show character set",NULL,1);
697701
if (!is_array($arr)) $arr=[['Charset'=>$DBDEF['chset']]];
698-
$_SESSION['sql_chset']=$arr;
702+
sset('sql_chset',$arr);
699703
}
700704

701705
return @sel($arr,'Charset',$sel);
@@ -789,8 +793,8 @@ function savecfg(){
789793
$v=$_REQUEST['v']??[];
790794
if(!is_array($v))$v=[];
791795
unset($v['ssl_ca']);unset($v['ssl_key']);unset($v['ssl_cert']);#don't allow override ssl paths from web
792-
$_SESSION['DB']=array_merge($DBDEF,$v);
793-
unset($_SESSION['sql_sd']);
796+
sset('DB',array_merge($DBDEF,$v));
797+
sdel('sql_sd');
794798

795799
if ($_REQUEST['rmb']??0){
796800
$tm=time()+60*60*24*30;
@@ -820,18 +824,22 @@ function loadcfg(){
820824
global $DBDEF;
821825

822826
if( isset($_COOKIE['conn']) ){
823-
$_SESSION['DB']=array_merge($DBDEF,$_COOKIE['conn']);
827+
sset('DB',array_merge($DBDEF,$_COOKIE['conn']));
824828
}else{
825-
$_SESSION['DB']=$DBDEF;
829+
sset('DB',$DBDEF);
830+
}
831+
$cfg=sget('DB');
832+
if (!strlen($cfg['chset']??'')){
833+
$cfg['chset']=$DBDEF['chset'];
834+
sset('DB',$cfg);
826835
}
827-
if (!strlen($_SESSION['DB']['chset'])) $_SESSION['DB']['chset']=$DBDEF['chset'];#don't allow empty charset
828836
}
829837

830838
//each time - from session to $DB_*
831839
function loadsess(){
832840
global $SRV,$DBSERVERS,$DB,$is_sm;
833841

834-
$DB=$_SESSION['DB'];
842+
$DB=sget('DB',[]);
835843
$rdb=$_REQUEST['db']??'';
836844
if ($rdb=='*') $rdb='';
837845

@@ -850,8 +858,8 @@ function loadsess(){
850858
if ($rdb) {
851859
$DB['db']=$rdb;
852860
}
853-
if($_REQUEST['GoSQL']??'') $_SESSION['is_sm']=intval($_REQUEST['is_sm']??0);
854-
$is_sm=intval($_SESSION['is_sm']??0);
861+
if($_REQUEST['GoSQL']??'') sset('is_sm',intval($_REQUEST['is_sm']??0));
862+
$is_sm=intval(sget('is_sm'));
855863
}
856864

857865
function print_export(){
@@ -1284,8 +1292,8 @@ function get_rand_str($len){
12841292

12851293
function check_xss(){
12861294
global $self;
1287-
if ($_SESSION['XSS']!=trim($_REQUEST['XSS'])){
1288-
unset($_SESSION['XSS']);
1295+
if (sget('XSS')!=trim($_REQUEST['XSS'])){
1296+
sdel('XSS');
12891297
header("location: $self");
12901298
exit;
12911299
}

0 commit comments

Comments
 (0)