If you want to add a verification code to phpMyAdmin but can not find the verification of the place, please inform

Want to add a verification code to phpMyAdmin?? But can not find the verification of the place, could you tell me.



After all, no verification code can easily be social workers. At the same time I also want to JS encryption password, and then use PHP decryption.

Know to inform. Thank you.

Reply to discussion (solution)

Set it up, let it log in before you can access it.

Set it up, let it log in before you can access it.

Can you say to be more careful?? Not very clear.
I would like to add a verification code or encrypt the password will be OK.

Oh, then you have to change the source of phpMyAdmin.

It comes with a login function

Oh, then you have to change the source of phpMyAdmin.

It comes with a login function

This I know ah, but it verifies the user each with the password place where, I looked for a long time, just cannot find.

is the user name and password

To a master, in the end there to modify it???

The login form is near libraries/auth/cookie.auth.lib.php 240.
The operation for the user name is near the 450 line of the file

    if (! empty ($_request[' pma_username ')) {        //the user just logged in        $GLOBALS [' php_auth_user '] = $_request[' Pma_ Username '];        $GLOBALS [' php_auth_pw ']   = Empty ($_request[' Pma_password ')? ": $_request[' Pma_password ');        if ($GLOBALS [' cfg '] [' allowarbitraryserver '] && isset ($_request[' pma_servername ')) {            $GLOBALS [' Pma_ Auth_server '] = $_request[' pma_servername '];        }        return true;    }

Phpmysqladmin itself does not need to verify the authenticity of the user name and password
Because the user name and password is for MySQL, the wrong connection is not on the database

@xuzuning Moderators

phpMyAdmin does not connect MySQL how to operate the things in the database? I think it's a wonder. Where did you pass this information to MySQL?

@xuzuning Moderators

Many online talk about how to use phpMyAdmin to connect to MySQL, but does not explain how to modify the phpMyAdmin plus verification code to enhance security.

Otherwise, someone kept sweeping, under normal circumstances, a small rookie, two or three days, estimated also swept out.

phpMyAdmin does not connect MySQL how to operate the things in the database? I think it's a wonder. Where did you pass this information to MySQL? You misunderstood what I meant.
phpMyAdmin itself is not required to log in
You need to enter the user name and password to access the database
Therefore, phpMyAdmin does not provide authentication and cannot determine whether the username and password for login MySQL are legal

If you even open the entrance to your phpmyadmin, worry about what they are doing.

Reference 8 Floor BLUEWJZHHR reply: phpMyAdmin do not connect MySQL how to operate the database of things? I think it's a wonder. Where did you pass this information to MySQL? You misunderstood what I meant.
phpMyAdmin itself is not required to log in
You need to enter the user name and password to access the database
Therefore, phpMyAdmin does not provide authentication and cannot determine whether the username and password for login MySQL are legal

If you can't even ...

Moderator, not my initiative to open, perhaps the hacker detected by some means.

And yes:

if (! empty ($_request[' pma_username ')) {        //the user just logged in        $GLOBALS [' php_auth_user '] = $_request[' Pma_ Username '];        $GLOBALS [' php_auth_pw ']   = Empty ($_request[' Pma_password ')? ": $_request[' Pma_password ');        if ($GLOBALS [' cfg '] [' allowarbitraryserver '] && isset ($_request[' pma_servername ')) {            $GLOBALS [' Pma_ Auth_server '] = $_request[' pma_servername '];        }        return true;    }

I think this is not to verify the user name Login place ah?? Is it somewhere else??

You change the phpmyadmin of the entrance and even the directory, you can not be exempt from the "attack" of the barrier?
I didn't say it was user authentication, was it? I'm just saying that it's related to the login name, right?
Moreover, I have repeatedly said, phpMyAdmin is not required to log in, the user login is only for the purpose of connecting to MySQL

This I understand that knowing that the user is logged in is designed to connect MySQL, and you know where to proceed:

"SELECT * from user where user= '". $user. "' and password= '". $password. "'";

???

This I understand that knowing that the user is logged in is designed to connect MySQL, and you know where to proceed:

"SELECT * from user where user= '". $user. "' and password= '". $password. "'";

???

I think the moderator means that phpMyAdmin simply provides an interface to the MySQL user name and password to connect. So you should find out where to perform mysql_connect (XX,XX,XX) and then judge the status of the connection. As you say the execution of this SQL, should be performed within the MySQL database, perhaps MySQL itself has a table is used to put the user information.

Reference 13 Floor BLUEWJZHHR reply: This I understand, know user login is in order to connect MySQL design, you know where to proceed:

"SELECT * from user where user= '". $user. "' and password= '". $password. "'";

???

I think the moderator means that phpMyAdmin just provides an interface for incoming MySQL username and password ...


I know the moderator's meaning, is my statement is not clear.

For three nights, there was still no result. Want to give phpMyAdmin add a verification code, miscellaneous is so difficult?????

This post was last edited by xuzuning on 2012-12-20 16:46:41
The login form is near libraries/auth/cookie.auth.lib.php 240.
For a user name operation near the 450 line of the file, PHP code?123456789 if (! empty ($_request[' pma_username '))) {...

Reference 7 Floor Xuzuning's reply: This post was last edited by xuzuning on 2012-12-20 16:46:41
The login form is near libraries/auth/cookie.auth.lib.php 240.
For a user name operation near the 450 line of the file, PHP code?123456789 if (! empty ($_request[' P ...


found that the encryption method of MySQL for SHA1 (Unhex ("SHA1 (' xxx '))) such, I directly in the JS front-end encryption, then pass back, and then direct password comparison on the line. This is not safer????????

Do not believe such a password, who cracked the. There is no need to worry about other plaintext transmission of password problems.

It's a simple question. Submit page and Display page add something to it.

It's a simple question. Submit page and Display page add something to it.

The key is the phpMyAdmin where the code is verified, not found!!!!!!

The key is the phpMyAdmin where the code is verified, not found!!!!!!
The problem is that PhpMyAdmin does not verify the password because the password is for MySQL and cannot be verified in PHP
How many times do I have to say it?

The user name and password are generally written in the config file when using PhpMyAdmin.

If the user name or password is wrong, you cannot connect to MySQL, and MySQL will give you the appropriate error message.
This and you to the bank to withdraw money is a reason, the teller accepts your business, the password must be lost by you, the wrong he will tell you wrong

Inaccurate statement, please understand the moderator

PhpMyAdmin always go to MySQL to find the user name and password exist in the record bar, do not go to MySQL search, how to know that there is this user?

I want to know how phpmyadmin the username and password to MySQL.

Got it:
In the common.inc.php, it's probably the No. 945 line:

Connects to the server (validates user ' s login)
$userlink = Pma_dbi_connect ($cfg [' Server '] [' user '], $cfg [' Server '] [' Password '], false);

Thanks for the moderator.

I already told you before.
$GLOBALS [' php_auth_user '] = $_request[' pma_username ');
$GLOBALS [' php_auth_pw '] = Empty ($_request[' Pma_password ')? ": $_request[' Pma_password ');
This is the cache of incoming user names and passwords.
There are, of course, several similar places.

When you connect to MySQL you need to perform mysql_connect (' localhost ', $username, $parssword); Is that right?
Is this $username and $parssword not an incoming or a preset username and password?
This is the user name and password and password that phpMyAdmin lets you enter, which is used to connect to the database.
When the database is not connected, phpmydamin how to find the user name and password in MySQL?
So what's the use of verifying this user name and password if the database is already connected?
Of course, when you connect, MySQL itself goes to the user table to verify the username and password, but you can't intervene.

This is not the same as your application system, the user name and password of your application is really to verify the user name and password in the table after the connection to MySQL
Guess you're confusing the two.

@xuzuning
There is a strange thing to ask: The verification code added, but the verification code generated by the session or cookie is not phpmyadmin inside, in other words: phpMyAdmin should be somewhere to write off the session. At present, the verification code can be displayed normally, but cannot be used.

Who's got it, then? I'm going to die.

Foggy's.
Whining ...

