__ __ __ __ _____ _ _ _____ _ _ _ | \/ | \ \ / / | __ \ (_) | | / ____| | | | | | \ / |_ __\ V / | |__) | __ ___ ____ _| |_ ___ | (___ | |__ ___| | | | |\/| | '__|> < | ___/ '__| \ \ / / _` | __/ _ \ \___ \| '_ \ / _ \ | | | | | | |_ / . \ | | | | | |\ V / (_| | || __/ ____) | | | | __/ | | |_| |_|_(_)_/ \_\ |_| |_| |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1 if you need WebShell for Seo everyday contact me on Telegram Telegram Address : @jackleetFor_More_Tools:
<?php
/**
* Session handling
*
* @see https://www.php.net/manual/en/features.sessions.php
*/
declare(strict_types=1);
namespace PhpMyAdmin;
use function function_exists;
use function htmlspecialchars;
use function implode;
use function ini_get;
use function ini_set;
use function preg_replace;
use function session_abort;
use function session_cache_limiter;
use function session_destroy;
use function session_id;
use function session_name;
use function session_regenerate_id;
use function session_save_path;
use function session_set_cookie_params;
use function session_start;
use function session_status;
use function session_unset;
use function session_write_close;
use function setcookie;
use const PHP_SESSION_ACTIVE;
use const PHP_VERSION_ID;
/**
* Session class
*/
class Session
{
/**
* Generates PMA_token session variable.
*/
private static function generateToken(): void
{
$_SESSION[' PMA_token '] = Util::generateRandom(16, true);
$_SESSION[' HMAC_secret '] = Util::generateRandom(16);
/**
* Check if token is properly generated (the generation can fail, for example
* due to missing /dev/random for openssl).
*/
if (! empty($_SESSION[' PMA_token '])) {
return;
}
Core::fatalError('Failed to generate random CSRF token!');
}
/**
* tries to secure session from hijacking and fixation
* should be called before login and after successful login
* (only required if sensitive information stored in session)
*/
public static function secure(): void
{
// prevent session fixation and XSS
if (session_status() === PHP_SESSION_ACTIVE) {
session_regenerate_id(true);
}
// continue with empty session
session_unset();
self::generateToken();
}
/**
* Session failed function
*
* @param array $errors PhpMyAdmin\ErrorHandler array
*/
private static function sessionFailed(array $errors): void
{
$messages = [];
foreach ($errors as $error) {
/*
* Remove path from open() in error message to avoid path disclossure
*
* This can happen with PHP 5 when nonexisting session ID is provided,
* since PHP 7, session existence is checked first.
*
* This error can also happen in case of session backed error (eg.
* read only filesystem) on any PHP version.
*
* The message string is currently hardcoded in PHP, so hopefully it
* will not change in future.
*/
$messages[] = preg_replace(
'/open\(.*, O_RDWR\)/',
'open(SESSION_FILE, O_RDWR)',
htmlspecialchars($error->getMessage())
);
}
/*
* Session initialization is done before selecting language, so we
* can not use translations here.
*/
Core::fatalError(
'Error during session start; please check your PHP and/or '
. 'webserver log file and configure your PHP '
. 'installation properly. Also ensure that cookies are enabled '
. 'in your browser.'
. '<br><br>'
. implode('<br><br>', $messages)
);
}
/**
* Set up session
*
* @param Config $config Configuration handler
* @param ErrorHandler $errorHandler Error handler
*/
public static function setUp(Config $config, ErrorHandler $errorHandler): void
{
// verify if PHP supports session, die if it does not
if (! function_exists('session_name')) {
Core::warnMissingExtension('session', true);
} elseif (! empty(ini_get('session.auto_start')) && session_name() !== 'phpMyAdmin' && ! empty(session_id())) {
// Do not delete the existing non empty session, it might be used by
// other applications; instead just close it.
if (empty($_SESSION)) {
// Ignore errors as this might have been destroyed in other
// request meanwhile
@session_destroy();
} else {
// do not use session_write_close, see issue #13392
session_abort();
}
}
/** @psalm-var 'Lax'|'Strict'|'None' $cookieSameSite */
$cookieSameSite = $config->get('CookieSameSite') ?? 'Strict';
$cookiePath = $config->getRootPath();
if (PHP_VERSION_ID < 70300) {
$cookiePath .= '; SameSite=' . $cookieSameSite;
}
// session cookie settings
session_set_cookie_params(
0,
$cookiePath,
'',
$config->isHttps(),
true
);
// cookies are safer (use ini_set() in case this function is disabled)
ini_set('session.use_cookies', 'true');
// optionally set session_save_path
$path = $config->get('SessionSavePath');
if (! empty($path)) {
session_save_path($path);
// We can not do this unconditionally as this would break
// any more complex setup (eg. cluster), see
// https://github.com/phpmyadmin/phpmyadmin/issues/8346
ini_set('session.save_handler', 'files');
}
// use cookies only
ini_set('session.use_only_cookies', '1');
// strict session mode (do not accept random string as session ID)
ini_set('session.use_strict_mode', '1');
// make the session cookie HttpOnly
ini_set('session.cookie_httponly', '1');
if (PHP_VERSION_ID >= 70300) {
// add SameSite to the session cookie
ini_set('session.cookie_samesite', $cookieSameSite);
}
// do not force transparent session ids
ini_set('session.use_trans_sid', '0');
// delete session/cookies when browser is closed
ini_set('session.cookie_lifetime', '0');
// some pages (e.g. stylesheet) may be cached on clients, but not in shared
// proxy servers
session_cache_limiter('private');
$httpCookieName = $config->getCookieName('phpMyAdmin');
@session_name($httpCookieName);
// Restore correct session ID (it might have been reset by auto started session
if ($config->issetCookie('phpMyAdmin')) {
session_id($config->getCookie('phpMyAdmin'));
}
// on first start of session we check for errors
// f.e. session dir cannot be accessed - session file not created
$orig_error_count = $errorHandler->countErrors(false);
$session_result = session_start();
if ($session_result !== true || $orig_error_count != $errorHandler->countErrors(false)) {
setcookie($httpCookieName, '', 1);
$errors = $errorHandler->sliceErrors($orig_error_count);
self::sessionFailed($errors);
}
unset($orig_error_count, $session_result);
/**
* Disable setting of session cookies for further session_start() calls.
*/
if (session_status() !== PHP_SESSION_ACTIVE) {
ini_set('session.use_cookies', 'true');
}
/**
* Token which is used for authenticating access queries.
* (we use "space PMA_token space" to prevent overwriting)
*/
if (! empty($_SESSION[' PMA_token '])) {
return;
}
self::generateToken();
/**
* Check for disk space on session storage by trying to write it.
*
* This seems to be most reliable approach to test if sessions are working,
* otherwise the check would fail with custom session backends.
*/
$orig_error_count = $errorHandler->countErrors();
session_write_close();
if ($errorHandler->countErrors() > $orig_error_count) {
$errors = $errorHandler->sliceErrors($orig_error_count);
self::sessionFailed($errors);
}
session_start();
if (! empty($_SESSION[' PMA_token '])) {
return;
}
Core::fatalError('Failed to store CSRF token in session! Probably sessions are not working properly.');
}
}
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| Charsets | Folder | 0755 |
|
|
| Command | Folder | 0755 |
|
|
| Config | Folder | 0755 |
|
|
| ConfigStorage | Folder | 0755 |
|
|
| Controllers | Folder | 0755 |
|
|
| Crypto | Folder | 0755 |
|
|
| Database | Folder | 0755 |
|
|
| Dbal | Folder | 0755 |
|
|
| Display | Folder | 0755 |
|
|
| Engines | Folder | 0755 |
|
|
| Exceptions | Folder | 0755 |
|
|
| Export | Folder | 0755 |
|
|
| Gis | Folder | 0755 |
|
|
| Html | Folder | 0755 |
|
|
| Http | Folder | 0755 |
|
|
| Image | Folder | 0755 |
|
|
| Import | Folder | 0755 |
|
|
| Navigation | Folder | 0755 |
|
|
| Partitioning | Folder | 0755 |
|
|
| Plugins | Folder | 0755 |
|
|
| Properties | Folder | 0755 |
|
|
| Providers | Folder | 0755 |
|
|
| Query | Folder | 0755 |
|
|
| Server | Folder | 0755 |
|
|
| Setup | Folder | 0755 |
|
|
| Table | Folder | 0755 |
|
|
| Twig | Folder | 0755 |
|
|
| Utils | Folder | 0755 |
|
|
| WebAuthn | Folder | 0755 |
|
|
| Advisor.php | File | 12.32 KB | 0644 |
|
| Bookmark.php | File | 9.19 KB | 0644 |
|
| BrowseForeigners.php | File | 10.63 KB | 0644 |
|
| Cache.php | File | 1.5 KB | 0644 |
|
| Charsets.php | File | 6.82 KB | 0644 |
|
| CheckUserPrivileges.php | File | 11.3 KB | 0644 |
|
| Common.php | File | 19.4 KB | 0644 |
|
| Config.php | File | 41.65 KB | 0644 |
|
| Console.php | File | 3.25 KB | 0644 |
|
| Core.php | File | 28.91 KB | 0644 |
|
| CreateAddField.php | File | 15.83 KB | 0644 |
|
| DatabaseInterface.php | File | 71.73 KB | 0644 |
|
| DbTableExists.php | File | 2.86 KB | 0644 |
|
| Encoding.php | File | 8.41 KB | 0644 |
|
| Error.php | File | 13.63 KB | 0644 |
|
| ErrorHandler.php | File | 18.31 KB | 0644 |
|
| ErrorReport.php | File | 8.99 KB | 0644 |
|
| Export.php | File | 45.7 KB | 0644 |
|
| FieldMetadata.php | File | 11.11 KB | 0644 |
|
| File.php | File | 19.75 KB | 0644 |
|
| FileListing.php | File | 2.88 KB | 0644 |
|
| FlashMessages.php | File | 1.22 KB | 0644 |
|
| Font.php | File | 5.58 KB | 0644 |
|
| Footer.php | File | 8.06 KB | 0644 |
|
| Git.php | File | 18 KB | 0644 |
|
| Header.php | File | 20 KB | 0644 |
|
| Import.php | File | 48.72 KB | 0644 |
|
| Index.php | File | 14.83 KB | 0644 |
|
| IndexColumn.php | File | 4.75 KB | 0644 |
|
| InsertEdit.php | File | 89.05 KB | 0644 |
|
| InternalRelations.php | File | 17.31 KB | 0644 |
|
| IpAllowDeny.php | File | 9.13 KB | 0644 |
|
| Language.php | File | 4.47 KB | 0644 |
|
| LanguageManager.php | File | 22.74 KB | 0644 |
|
| Linter.php | File | 4.99 KB | 0644 |
|
| ListAbstract.php | File | 1.67 KB | 0644 |
|
| ListDatabase.php | File | 4.11 KB | 0644 |
|
| Logging.php | File | 2.69 KB | 0644 |
|
| Menu.php | File | 20.4 KB | 0644 |
|
| Message.php | File | 18.68 KB | 0644 |
|
| Mime.php | File | 927 B | 0644 |
|
| Normalization.php | File | 41.53 KB | 0644 |
|
| OpenDocument.php | File | 8.62 KB | 0644 |
|
| Operations.php | File | 35.11 KB | 0644 |
|
| OutputBuffering.php | File | 4.1 KB | 0644 |
|
| ParseAnalyze.php | File | 2.34 KB | 0644 |
|
| Pdf.php | File | 4.17 KB | 0644 |
|
| Plugins.php | File | 21.83 KB | 0644 |
|
| Profiling.php | File | 2.16 KB | 0644 |
|
| RecentFavoriteTable.php | File | 11.44 KB | 0644 |
|
| Replication.php | File | 4.81 KB | 0644 |
|
| ReplicationGui.php | File | 21.24 KB | 0644 |
|
| ReplicationInfo.php | File | 4.79 KB | 0644 |
|
| ResponseRenderer.php | File | 13.5 KB | 0644 |
|
| Routing.php | File | 6.55 KB | 0644 |
|
| Sanitize.php | File | 11.98 KB | 0644 |
|
| SavedSearches.php | File | 11.33 KB | 0644 |
|
| Scripts.php | File | 3.74 KB | 0644 |
|
| Session.php | File | 8.16 KB | 0644 |
|
| Sql.php | File | 64.01 KB | 0644 |
|
| SqlQueryForm.php | File | 6.74 KB | 0644 |
|
| StorageEngine.php | File | 15.71 KB | 0644 |
|
| SystemDatabase.php | File | 3.98 KB | 0644 |
|
| Table.php | File | 90.33 KB | 0644 |
|
| Template.php | File | 4.5 KB | 0644 |
|
| Theme.php | File | 7.32 KB | 0644 |
|
| ThemeManager.php | File | 7 KB | 0644 |
|
| Tracker.php | File | 30.34 KB | 0644 |
|
| Tracking.php | File | 36.11 KB | 0644 |
|
| Transformations.php | File | 16.31 KB | 0644 |
|
| TwoFactor.php | File | 7.5 KB | 0644 |
|
| Types.php | File | 25.85 KB | 0644 |
|
| Url.php | File | 10.61 KB | 0644 |
|
| UrlRedirector.php | File | 1.74 KB | 0644 |
|
| UserPassword.php | File | 6.86 KB | 0644 |
|
| UserPreferences.php | File | 10.49 KB | 0644 |
|
| Util.php | File | 86.45 KB | 0644 |
|
| Version.php | File | 556 B | 0644 |
|
| VersionInformation.php | File | 7.3 KB | 0644 |
|
| ZipExtension.php | File | 10.33 KB | 0644 |
|