Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2026-06-23 18:09:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: LPMA launch routes in secMiddleware; strict sign-on + lpma_policy_read

Browse Source 
- secMiddleware: allow Limited phpMyAdmin launch URLs and phpmyadminsignin
  without JSON-body filtering that breaks sign-on POSTs
- plogical/public phpmyadminsignin: lpma_policy_read.inc.php, strict cookie helpers
- webmail: section header comments only
This commit is contained in:
master3395
2026-03-27 21:54:17 +01:00
parent 1c6ab7a188
commit bbcfec196d
6 changed files with 228 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
public/phpmyadmin/phpmyadminsignin.php
View File

@@ -3,10 +3,39 @@
define("PMA_SIGNON_INDEX", 1);
// Policy helper ships in plogical/ (same layout as phpmyadmin index.php)
$_lpma_policy = dirname(dirname(__DIR__)) . '/plogical/lpma_policy_read.inc.php';
if (is_readable($_lpma_policy)) {
require_once $_lpma_policy;
} elseif (is_readable(__DIR__ . '/lpma_policy_read.inc.php')) {
require_once __DIR__ . '/lpma_policy_read.inc.php';
} else {
http_response_code(500);
header('Content-Type: text/plain; charset=utf-8');
echo 'phpMyAdmin sign-on is misconfigured: lpma_policy_read.inc.php is missing.';
exit;
}
try {
define('PMA_SIGNON_SESSIONNAME', 'SignonSession');
define('PMA_DISABLE_SSL_PEER_VALIDATION', TRUE);
function lpma_set_strict_cookie($enabled) {
$opts = array(
'expires' => $enabled ? (time() + 86400) : (time() - 86400),
'path' => '/phpmyadmin/',
'secure' => isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off',
'httponly' => true,
'samesite' => 'Lax',
);
setcookie('PMA_LPMA_STRICT', $enabled ? '1' : '', $opts);
}
function lpma_global_strict_mode_enabled() {
$p = lpma_read_limited_policy();
return ! empty($p['strict_mode']);
}
// Handle both GET and POST parameters for token and username
$token = isset($_POST['token']) ? $_POST['token'] : (isset($_GET['token']) ? $_GET['token'] : null);
$username = isset($_POST['username']) ? $_POST['username'] : (isset($_GET['username']) ? $_GET['username'] : null);
@@ -32,6 +61,7 @@ try {
echo '<script>document.getElementById("redirectForm").submit();</script>';
} else if (isset($_POST['logout']) || isset($_GET['logout'])) {
lpma_set_strict_cookie(false);
session_name(PMA_SIGNON_SESSIONNAME);
@session_start();
$_SESSION = array();
@@ -47,9 +77,14 @@ try {
$username = htmlspecialchars($_POST['username'], ENT_QUOTES, 'UTF-8');
$password = $_POST['password'];
$strictMode = (isset($_POST['lpma_strict']) && $_POST['lpma_strict'] === '1');
$isLimitedUser = (strpos($username, 'cpma_') === 0);
$host = isset($_POST['host']) ? trim($_POST['host']) : '127.0.0.1';
if ($host === 'localhost') { $host = '127.0.0.1'; }
$effectiveStrictMode = ($strictMode || lpma_global_strict_mode_enabled()) && $isLimitedUser;
lpma_set_strict_cookie($effectiveStrictMode);
$_SESSION['PMA_single_signon_user'] = $username;
$_SESSION['PMA_single_signon_password'] = $password;
$_SESSION['PMA_single_signon_host'] = $host;