per user servers, logout button

Author: erikdubbelboer

common.inc.php

@@ -56,7 +56,12 @@
 
 
 
-$i = 0;
+if (isset($login['servers'])) {
+  $i = current($login['servers']);
+} else {
+  $i = 0;
+}
+
 
 if (isset($_GET['s']) && is_numeric($_GET['s']) && ($_GET['s'] < count($config['servers']))) {
   $i = $_GET['s'];
@@ -66,6 +71,19 @@
 $server['id'] = $i;
 
 
+if (isset($login, $login['servers'])) {
+  if (array_search($i, $login['servers']) === false) {
+    die('You are not allowed to access this database.');
+  }
+
+  foreach ($config['servers'] as $key => $ignore) {
+    if (array_search($key, $login['servers']) === false) {
+      unset($config['servers'][$key]);
+    }
+  }
+}
+
+
 if (!isset($server['db'])) {
   $server['db'] = 0;
 }

config.inc.php

@@ -36,7 +36,13 @@
   /*'login' => array(
     // Username => Password
     // Multiple combinations can be used
-    'username' => 'password'
+    'admin' => array(
+      'password' => 'adminpassword',
+    ),
+    'guest' => array(
+      'password' => '',
+      'servers'  => array(1) // Optional list of servers this user can access.
+    )
   ),*/
 
 

images/logout.png

@@ -169,6 +169,9 @@ function print_namespace($item, $name, $fullkey, $islast) {
 </p>
 
 <p>
+<?php if (isset($login)) { ?>
+<a href="logout.php"><img src="images/logout.png" width="16" height="16" title="Logout" alt="[L]"></a>
+<?php } ?>
 <a href="?info&amp;s=<?php echo $server['id']?>"><img src="images/info.png" width="16" height="16" title="Info" alt="[I]"></a>
 <a href="?export&amp;s=<?php echo $server['id']?>"><img src="images/export.png" width="16" height="16" title="Export" alt="[E]"></a>
 <a href="?import&amp;s=<?php echo $server['id']?>"><img src="images/import.png" width="16" height="16" title="Import" alt="[I]"></a>

index.php

@@ -1,6 +1,10 @@
 
 $(function() {
   $('#sidebar a').click(function(e) {
+    if (e.currentTarget.href.indexOf('/?') == -1) {
+      return;
+    }
+
     e.preventDefault();
 
     var href;

js/index.js

@@ -9,7 +9,7 @@
 $opaque = md5('phpRedisAdmin'.$_SERVER['HTTP_USER_AGENT'].$_SERVER['REMOTE_ADDR']);
 
 
-if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
+if (!isset($_SERVER['PHP_AUTH_DIGEST']) || empty($_SERVER['PHP_AUTH_DIGEST'])) {
   header('HTTP/1.1 401 Unauthorized');
   header('WWW-Authenticate: Digest realm="'.$realm.'",qop="auth",nonce="'.uniqid().'",opaque="'.$opaque.'"');
   die;
@@ -47,7 +47,10 @@
   die('Invalid username and/or password combination.');
 }
 
-$password = md5($data['username'].':'.$realm.':'.$config['login'][$data['username']]);
+$login         = $config['login'][$data['username']];
+$login['name'] = $data['username'];
+
+$password = md5($login['name'].':'.$realm.':'.$login['password']);
 
 $response = md5($password.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']));
 

login.inc.php

@@ -0,0 +1,40 @@
+<?php
+
+
+$needed_parts = array(
+  'nonce'    => 1,
+  'nc'       => 1,
+  'cnonce'   => 1,
+  'qop'      => 1,
+  'username' => 1,
+  'uri'      => 1,
+  'response' => 1
+ );
+
+$data = array();
+$keys = implode('|', array_keys($needed_parts));
+
+preg_match_all('/('.$keys.')=(?:([\'"])([^\2]+?)\2|([^\s,]+))/', $_SERVER['PHP_AUTH_DIGEST'], $matches, PREG_SET_ORDER);
+
+foreach ($matches as $m) {
+  $data[$m[1]] = $m[3] ? $m[3] : $m[4];
+  unset($needed_parts[$m[1]]);
+}
+
+
+if (!isset($_GET['nonce'])) {
+  header('Location: logout.php?nonce='.$data['nonce']);
+  die;
+}
+
+
+if ($data['nonce'] == $_GET['nonce']) {
+  unset($_SERVER['PHP_AUTH_DIGEST']);
+
+  require 'login.inc.php';
+}
+
+
+header('Location: '.substr($_SERVER['REQUEST_URI'], 0, strpos($_SERVER['REQUEST_URI'], 'logout.php')));
+
+?>