在phpMyAdmin使用用户口令登陆

使用过phpMyAdmin的人知道,在phpMyAdmin中,使用文件config.inc.php保存用户名和密码,当需要更换用户或用户口令更改时,必须修改config.inc.php文件,然后再上传,特别的不方便。更有时,为了修改MYSQL库或表而使用root账号,如果这时其它网站的自动搜擎系统搜索到index.php并继续执行其中的每一步的话,是相当危险的。为此需要用户登陆机制,在每次使用时,输入用户名和口令,这样会安全得多。
以下是我在管理过程中,根据实际需要,对phpMyAdmin做的一些更改,为了尽量不影响原来phpMyAdmin的结构,我在phpMyAdmin的基础上增加了一个文件index0.php,仅仅修改了一个文件config.inc.php,对phpMyAdmin没有一点影响,既可以使用原来的phpMyAdmin,也可以使用新的用户口令登陆机制。
以下为两个文件列表,将这两个文件拷贝到phpMyAdmin目录,执行index0.php即可,该程序在Apache + PHP + MYSQL 和 IIS5 + PHP + MYSQl 和 PWS + PHP + MYSQL下正常执行。
phpMyAdmin 下载:
A set of PHP3-scripts to adminstrate MySQL over the WWW.
Version 2.1.0 - 08/06/2000
http://www.phpwizard.net/projects/phpMyAdmin/

index0.php文件:

1<html><head><title>MySQL 维护</title></head><body>
2<!--

//编码,防止在地址栏上显示
function b2h($string) {
return(bin2hex(strrev($string)));
}

//反编码,防止在地址栏上显示
function h2b($string) {
$stringtmp="";
for($i=0;$i<strlen($string);$i+=2) {
$stringtmp .= pack("C",hexdec(substr($string,$i,2)));
}
return(strrev($stringtmp));
}
global $PHP_SELF;

if (1==0) {
echo "-->PHP运行不正常,请检查<!--";
} else {
echo "--".">";
}

if ($step=="") {

1
2<p>欢迎使用</p>本工具用于维护MySQL数据库</p>   
3<p><a href="<? echo basename($PHP_SELF); ?>?step=2">下一步 -></a></p>

}
if ($step==2) {

$userfiletmp="/tmp/~userfile/~tmp.inc";
if (file_exists($userfiletmp)) {
include $userfiletmp;
//$dbservertype,$servername,$dbusername,$dbpassword,$dbname;
$dbservertype=h2b($dbservertype);
$servername=h2b($servername);
$dbusername=h2b($dbusername);
$dbname=h2b($dbname);
$curtime=h2b($curtime);
if (time()-$curtime<120){
$dbpassword=h2b($dbpassword);
}else{
$dbpassword="";
}
}else{
$dbservertype="mysql";
$servername="localhost";
$dbusername="";
$dbpassword="";
$dbname="";
}

$dbservertype=($dbservertype==""?"mysql":$dbservertype);
$servername=($servername==""?"localhost":$servername);

 1
 2<p>填入连接信息</p></p>   
 3<div align="center">   
 4<center>   
 5<table border="1" width="53%" height="111">   
 6<tr>   
 7<td width="100%" height="105">
 8
 9<form method="POST" action="<? echo basename($PHP_SELF); ?>?step=3">
10
11<div align="center">   
12<center>   
13<table border="1" width="83%" height="60">   
14<tr>   
15<td width="34%" height="10">主机类型:</td>   
16<td width="66%" height="10"><input type="text" name="dbservertype" size="20" value="<? echo $dbservertype; ?>"></td>   
17</tr>   
18<tr>   
19<td width="34%" height="10">主机地址:</td>   
20<td width="66%" height="10"><input type="text" name="servername" size="20" value="<? echo $servername; ?>"></td>   
21</tr>   
22<tr>   
23<td width="34%" height="10">用户名称:</td>   
24<td width="66%" height="10"><input type="text" name="dbusername" size="20" value="<? echo $dbusername; ?>"></td>   
25</tr>   
26<tr>   
27<td width="34%" height="16">密码:</td>   
28<td width="66%" height="16"><input type="password" name="dbpassword" size="20" value="<? echo $dbpassword; ?>"></td>   
29</tr>   
30<tr>   
31<td width="34%" height="16">数据库名:</td>   
32<td width="66%" height="16"><input type="text" name="dbname" size="20" value="<? echo $dbname; ?>"></td>   
33</tr>   
34</table>   
35</center>   
36</div>   
37<p align="center"><input type="submit" value="下一步" name="next"><input type="reset" value="清 除" name="reset"></p>   
38</form>   
39</td>   
40</tr>   
41</table>   
42</center>   
43</div>

}
if ($step==3) {
$dbservertype=trim($dbservertype);
$servername=trim($servername);
$dbusername=trim($dbusername);
$dbpassword=trim($dbpassword);
$dbname=trim($dbname);

echo "<p>确认是否正确:</p>n";
echo "<p><b>Database server type:</b> $dbservertype</p>n";
echo "<p><b>Database server hostname / IP address:</b> $servername</p>n";
echo "<p><b>Database username:</b> $dbusername</p>n";
echo "<p><b>Database password:</b> ******</p>n";
echo "<p><b>Database name:</b> $dbname</p>n";
echo "<p>以上参数正确才能继续</p>";

$dbservertype=b2h($dbservertype);
$servername=b2h($servername);
$dbusername=b2h($dbusername);
$dbpassword=b2h($dbpassword);
$dbname=b2h($dbname);

$userfiletmp="/tmp/~userfile/~tmp.inc";
if (!file_exists(dirname($userfiletmp))) {
mkdir(dirname($userfiletmp), 0700);
}
$handertmp=fopen($userfiletmp,"w");
fputs($handertmp,"<?phpn");
fputs($handertmp,"$"."dbservertype="$dbservertype";n");
fputs($handertmp,"$"."servername="$servername";n");
fputs($handertmp,"$"."dbusername="$dbusername";n");
fputs($handertmp,"$"."dbpassword="$dbpassword";n");
fputs($handertmp,"$"."dbname="$dbname";n");
$curtime=time();
$curtime=b2h($curtime);
fputs($handertmp,"$"."curtime="$curtime";n");
fputs($handertmp,"

 1fclose($handertmp);   
 2
 3
 4//echo "<p><a href="".basename($PHP_SELF)."?step=4&servername=$servername&dbusername=$dbusername&dbpassword=$dbpassword&dbname=$dbname">下一步 -></a></p>";   
 5echo "<p><a href="index.php">下一步 -></a></p>";   
 6} 
 7
 8if ($step==4) {   
 9} 
10
11if ($step==44) {   
12$step=0;   
13$userfiletmp="/tmp/~userfile/~tmp.inc";   
14if (file_exists($userfiletmp)) {   
15include $userfiletmp;   
16//重新保存文件,去掉密码   
17$dbpassword="";   
18$handertmp=fopen($userfiletmp,"w");   
19fputs($handertmp,"```
20n");   
21fputs($handertmp,"$"."dbservertype="$dbservertype";n");   
22fputs($handertmp,"$"."servername="$servername";n");   
23fputs($handertmp,"$"."dbusername="$dbusername";n");   
24fputs($handertmp,"$"."dbpassword="$dbpassword";n");   
25fputs($handertmp,"$"."dbname="$dbname";n");   
26$curtime=time();   
27$curtime=b2h($curtime);   
28fputs($handertmp,"$"."curtime="$curtime";n");   
29fputs($handertmp,"
30```n");   
31fclose($handertmp);   
32echo "</p></p><center><a href="".basename($PHP_SELF)."">成功注销,请重新登陆</a></center>";   
33}   
34}   
35?>

if ($step>1) {
echo "</p><a href=javascript:location.reload()>刷新</a>";
echo " <a href=javascript:history.back()>上一步</a>";
}

echo "</"."body>";
echo "<"."!--";

1
2\-->
3</body></html>

config.inc.php 文件

 1   
 2/* $Id: config.inc.php,v 1.28 2000/07/13 13:52:48 tobias Exp $ */ 
 3
 4//编码,防止在地址栏上显示   
 5function b2h($string) {   
 6return(bin2hex(strrev($string)));   
 7} 
 8
 9//反编码,防止在地址栏上显示   
10function h2b($string) {   
11$stringtmp="";   
12for($i=0;$i

<strlen($string);$i+=2) "<="" $cfgservers="" $cfgservers[0].="" $cfgservers[1].="" $cfgservers[1]['adv_auth']="false;" $cfgservers[1]['host']="$servername;" $cfgservers[1]['only_db']="$dbname;" $cfgservers[1]['password']="$dbpassword;" $cfgservers[1]['port']="" $cfgservers[1]['stdpass']="" $cfgservers[1]['stduser']="root" $cfgservers[1]['user']="$dbusername;" $cfgservers[1]['verbose']="" $curtime="b2h($curtime);" $dbname="b2h($dbname);" $dbpassword="b2h($dbpassword);" $dbservertype="b2h($dbservertype);" $dbusername="b2h($dbusername);" $handertmp='fopen($userfiletmp,"w");' $servername="b2h($servername);" $servername,$dbusername,$dbpassword,$dbname;="" $stringtmp="" $userfiletmp="/tmp/~userfile/~tmp.inc" $userfiletmp;="" ''.="" ($dbservertype="mysql" (file_exists($userfiletmp))="" (only="" (time()-$curtime<600){="" ){="" *="" -="" .='pack("C",hexdec(substr($string,$i,2)));' ;="" ;n");="" ```n");="" a="" accessible="" advanced="" all="" are="" array="" auth)="" authentication?="" basic="" blank="" by="" can="" config="" configuration="" db="" db-name,="" default="" directives="" disable="" do="" documentation.html="" echo="" entry="" explained="" fclose($handertmp);="" file="" for="" fputs($handertmp,"="" fputs($handertmp,"$"."curtime="$curtime" fputs($handertmp,"$"."dbname="$dbname" fputs($handertmp,"$"."dbpassword="$dbpassword" fputs($handertmp,"$"."dbservertype="$dbservertype" fputs($handertmp,"$"."dbusername="$dbusername" fputs($handertmp,"$"."servername="$servername" fputs($handertmp,"<?phpn");="" host="" hostname="" if="" in="" include="" is="" leave="" mysql="" name="" needed="" not="" only="" p="" password="" phpmyadmin="" port="" return(strrev($stringtmp));="" server="" set="" setting="" show="" standard="" starts="" the="" this="" to="" use="" user="" verbose="" with="" you="" {="" }="" }else{="" 重新保存文件,以便更新时间="">账号参数已经过期,请重新输入!";
echo "登陆";
die("程序终止");
}
}
}

$cfgServers[2]['host'] = '';
$cfgServers[2]['port'] = '';
$cfgServers[2]['adv_auth'] = false;
$cfgServers[2]['stduser'] = '';
$cfgServers[2]['stdpass'] = '';
$cfgServers[2]['user'] = '';
$cfgServers[2]['password'] = '';
$cfgServers[2]['only_db'] = '';
$cfgServers[2]['verbose'] = '';

$cfgServers[3]['host'] = '';
$cfgServers[3]['port'] = '';
$cfgServers[3]['adv_auth'] = false;
$cfgServers[3]['stduser'] = '';
$cfgServers[3]['stdpass'] = '';
$cfgServers[3]['user'] = 'root';
$cfgServers[3]['password'] = '';
$cfgServers[3]['only_db'] = '';
$cfgServers[3]['verbose'] = '';

// If you have more than one server configured, you can set $cfgServerDefault
// to any one of them to autoconnect to that server when phpMyAdmin is started,
// or set it to 0 to be given a list of servers without logging in
// If you have only one server configured, $cfgServerDefault MUST be
// set to that server.
$cfgServerDefault = 1; // Default server (0 = no default server)
$cfgServer = '';
unset($cfgServers[0]);

$cfgManualBase = "http://www.mysql.com/documentation/mysql/bychapter/";

$cfgConfirm = true;
$cfgPersistentConnections = false;

$cfgBorder = "0";
$cfgThBgcolor = "#D3DCE3";
$cfgBgcolorOne = "#CCCCCC";
$cfgBgcolorTwo = "#DDDDDD";
$cfgMaxRows = 30;
$cfgMaxInputsize = "300px";
$cfgOrder = "ASC";
$cfgShowBlob = true;
$cfgShowSQL = true;

require("chinese_gb.inc.php");

$strWelcome="注销账户 重新登陆$strWelcome";

$cfgColumnTypes = array(
"TINYINT",
"SMALLINT",
"MEDIUMINT",
"INT",
"BIGINT",
"FLOAT",
"DOUBLE",
"DECIMAL",
"DATE",
"DATETIME",
"TIMESTAMP",
"TIME",
"YEAR",
"CHAR",
"VARCHAR",
"TINYBLOB",
"TINYTEXT",
"TEXT",
"BLOB",
"MEDIUMBLOB",
"MEDIUMTEXT",
"LONGBLOB",
"LONGTEXT",
"ENUM",
"SET");

$cfgFunctions = array(
"ASCII",
"CHAR",
"SOUNDEX",
"CURDATE",
"CURTIME",
"FROM_DAYS",
"FROM_UNIXTIME",
"NOW",
"PASSWORD",
"PERIOD_ADD",
"PERIOD_DIFF",
"TO_DAYS",
"USER",
"WEEKDAY",
"RAND");

$cfgAttributeTypes = array(
"",
"BINARY",
"UNSIGNED",
"UNSIGNED ZEROFILL");

// Setting magic_quotes_runtime - do not change!
set_magic_quotes_runtime(0);
?>

如有引用,请注明高山雪和[email protected]</strlen($string);$i+=2)>

Published At
Categories with 数据库类
comments powered by Disqus