Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

phpMyAdmin Login with IIS 6.0

Posted on 2006-06-15
2
Medium Priority
?
308 Views
Last Modified: 2013-12-12
I have a secure website setup where users have to enter a username and password to enter the site. The password protection is setup in IIS. Some of my users use phpMyAdmin. Is there a way to login to phpMyAdmin automatically with the username and password they supplied when they logged into the site? Or, is there a way to retrieve the username and password they entered using php? Thanks.
0
Comment
Question by:rbichon
2 Comments
 
LVL 9

Accepted Solution

by:
LinuxNubb earned 1000 total points
ID: 16916087
You could look for $_SERVER['AUTH_USER'], and if it's a valid username it means the user authenticated.  This variable only works with IIS.  You would then have to do a type of 'hidden' login where you basically force a session on phpmyadmin.  So, if this variable is set, find the routine in phpmyadmin that validates a login and redirects to the phpmyadmin homepage.  
0
 
LVL 1

Author Comment

by:rbichon
ID: 16919322
I see what you mean. I could probably alter the config.inc.php file, which dictates how it should login, to search for the username and apply that along with the password. The only trick would be to encrypt the passwords.

I found another way of authenticating but it isn't run through IIS. In the config.inc.php file, you set $cfg['Servers'][$i]['auth_type'] = 'http'; which causes php to handle the authentication. The only problem is that this doesn't provide any directory security. Do you think this way posses any security issues? Keep in mind that we have a secure certificate in place and users have to connect through a secure connection.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question