我想使用不带密码的adminer。
我上传了adminer-4.7.7-en.php文件并找到了无密码登录插件我创建的文件插件/login-password-less.php的内容:
<?php
/** Enable login for password-less database
* @link https://www.adminer.org/plugins/#use
* @author Jakub Vrana, https://www.vrana.cz/
* @license https://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
* @license https://www.gnu.org/licenses/gpl-2.0.html GNU General Public License, version 2 (one or other)
*/
class AdminerLoginPasswordLess {
/** @access protected */
var $password_hash;
/** Set allowed password
* @param string result of password_hash
*/
function __construct($password_hash) {
$this->password_hash = $password_hash;
}
function credentials() {
$password = get_password();
return array(SERVER, $_GET["username"], (password_verify($password, $this->password_hash) ? "" : $password));
}
function login($login, $password) {
if ($password != "") {
return true;
}
}
}
和阅读https://www.adminer.org/plugins/#use我创建了adminer.php文件位于adminer-4.7.7-en.php的一个目录中,我创建了指向该文件的新apache主机。
此文件具有:
<?php
function adminer_object() {
// required to run any plugin
include_once "./plugins/login-password-less.php"; // Plugin I want to use
// autoloader
foreach (glob("plugins/*.php") as $filename) {
include_once "./$filename";
}
$plugins = array(
// specify enabled plugins here
new AdminerLoginPasswordLess, // Plugin I want to use
/* new AdminerTinymce,
new AdminerFileUpload("data/"),
new AdminerSlugify,
new AdminerTranslation,
new AdminerForeignSystem,*/
);
/* It is possible to combine customization and plugins:
class AdminerCustomization extends AdminerPlugin {
}
return new AdminerCustomization($plugins);
*/
return new AdminerPlugin($plugins); // I am not sure which class is it and where it is defined ?
}
// include original Adminer or Adminer Editor
include "./adminer-4.7.7-en.php"; // encoded file I uploaded
?>
我得到了错误:
Fatal error: Uncaught ArgumentCountError: Too few arguments to function AdminerLoginPasswordLess::__construct(), 0 passed in /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer.php on line 13 and exactly 1 expected in /mnt/_work_sdb8/wwwroot/lar/local_adminer/plugins/login-password-less.php:16 Stack trace: #0 /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer.php(13): AdminerLoginPasswordLess->__construct() #1 /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer-4.7.7-en.php(1654): adminer_object() #2 /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer.php(31): include('/mnt/_work_sdb8...') #3 {main} thrown in /mnt/_work_sdb8/wwwroot/lar/local_adminer/plugins/login-password-less.php on line 16
在没有密码的情况下使用adminer的有效方式是什么?
修改:我制作:
new AdminerLoginPasswordLess(hash("md5", 'my_sql_user_password')),
是选定的";md5";方法有效吗?
但我错了:
Fatal error: Uncaught Error: Class 'AdminerPlugin' not found in /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer.php:32 Stack trace: #0 /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer-4.7.7-en.php(1654): adminer_object() #1 /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer.php(36): include('/mnt/_work_sdb8...') #2 {main} thrown in /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer.php on line 32
修改:在站点的源版本中,我用AdminerPlugin类实现了文件plugin.php。我把这个文件移到了插件目录下。在plugins/login-password-less.php中,我添加了对plugins/plugin.php文件的引用,并添加了调试信息:
<?php
/** Enable login for password-less database
* @link https://www.adminer.org/plugins/#use
* @author Jakub Vrana, https://www.vrana.cz/
* @license https://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
* @license https://www.gnu.org/licenses/gpl-2.0.html GNU General Public License, version 2 (one or other)
*/
include_once "./plugins/plugin.php";
class AdminerLoginPasswordLess {
/** @access protected */
var $password_hash;
/** Set allowed password
* @param string result of password_hash
*/
function __construct($password_hash) {
$this->password_hash = $password_hash;
debToFile('-2 AdminerLoginPasswordLess->__construct:$this->password_hash::'.$this->password_hash);
// That is debugging method appending string into text file
}
function credentials() {
$password = get_password();
debToFile('-3 AdminerLoginPasswordLess->credentials:$password::'.$password);
// That is debugging method appending string into text file
return array(SERVER, $_GET["username"], (password_verify($password, $this->password_hash) ? "" : $password));
}
function login($login, $password) {
debToFile('-4 AdminerLoginPasswordLess->login:$login::'.$login);
if ($password != "") {
debToFile('-5 TRUE AdminerLoginPasswordLess->login:$login::'.$login);
// That is debugging method appending string into text file
return true;
}
debToFile('-5 false AdminerLoginPasswordLess->login:$login::'.$login);
}
}
在adminer.php中,我添加了调试行:
$plugins = array(
new AdminerLoginPasswordLess(hash("md5", 'm8y2s8q&L')),
);
debToFile('-1After:AdminerLoginPasswordLess');
我看到的日志文件:
<pre>::-2 AdminerLoginPasswordLess->__construct:$this->password_hash::c61d49aaab35ca428e60d764ff05159d</pre>
<pre>::-1After:AdminerLoginPasswordLess</pre>
这意味着不触发AdminerLoginPasswordLess类的方法凭据和登录。我在浏览器中以以下身份运行:http://local-adminer.com/?username=mysql_login_user
或http://local-adminer.com//apache配置中的主机
我没有错误,但我仍然需要为mysql_login_user输入密码。
我错过了一些选项/插件吗?
谢谢!
首先执行
mkdir -p plugins;
wget -O plugins/plugin.php https://raw.githubusercontent.com/vrana/adminer/master/plugins/plugin.php;
nano plugins/passwordless_login.php
然后写入
<?php
class AdminerLoginPasswordLess {
public function credentials() {
return array("mysql_hostname", "mysql_username", "mysql_password");
}
function login($login, $password) {
return true;
}
}
然后保存并退出,然后运行nano adminer_with_plugins.php并写入:
<?php
function adminer_object() {
// required to run any plugin
include_once "./plugins/plugin.php";
// "autoloader"
foreach (glob("plugins/*.php") as $filename) {
include_once "./$filename";
}
$plugins = array(
// specify enabled plugins here
new AdminerLoginPasswordLess,
//new AdminerDumpXml,
//new AdminerTinymce,
//new AdminerFileUpload("data/"),
//new AdminerSlugify,
//new AdminerTranslation,
//new AdminerForeignSystem,
);
return new AdminerPlugin($plugins);
}
// include original Adminer or Adminer Editor
include "./adminer.php";
然后保存&出口然后将您的web浏览器指向adminer_with_plugins.php而不是adminer.php,现在您已经有效地禁用了管理员使用不同用户名/密码/主机登录的能力,无论您尝试使用什么凭据登录,它都将始终使用源代码中编写的mysql_hostname/mysql_username/mysql_password登录,忽略用户输入凭据。
不用说,这是一个非常敏感的安全操作。
如果可以绕过耗时的小任务,通常可以节省时间。我尝试了以上方法,但对我不起作用,所以我做了以下操作,适用于2021年的管理员4.7.9。
警告:请注意,它只适用于您的本地机器&不建议用于在线数据库。:
Step-1:从Github下载Adminer源代码,此链接
第2步:打开adminer-masteradminerincludeauth.inc.php
第3步:在第55到57行编辑以下内容&替换my_username&带有MySQL凭据的my_password:
$server = "localhost"; //$auth["server"];
$username = "my_username"; //$auth["username"];
$password = "my_password"; //(string) $auth["password"];
步骤4:保存&现在通过将浏览器指向"来打开Adminer;adminer master\adminer">
步骤5:只需单击"登录"按钮&您将在不输入任何内容的情况下登录
希望它对你有用。
几年后,我又想做类似的事情,但这次我需要支持多个数据库("dev db"one_answers"stage db"以及"prod db"(。似乎Adminer不支持超过1db,所以这次我用了一个小技巧:使index.php
if (!empty($_GET['loadCredentialsInjector'])) {
header("Content-Type: text/javascript");
?>
function togglePredefinedCreds(profile) {
let $$ = document.querySelectorAll.bind(document);
let creds = {};
if (profile === "stage") {
creds.host = "stage-db.com";
creds.dbuser = 'stage-username';
creds.dbpass = 'stage-password';
creds.dbname = "stage-dbname";
}
else if(profile === "prod") {
creds.host = "prod-db.com";
creds.dbuser = 'prod-username';
creds.dbpass = 'prod-password';
creds.dbname = "prod-dbname";
}
$$("input[name='auth[server]']")[0].value = creds.host;
$$("input[name='auth[username]']")[0].value = creds.dbuser;
$$("input[name='auth[password]']")[0].value = creds.dbpass;
$$("input[name='auth[db]']")[0].value = creds.dbname;
}
{
let loadStageButtonReference = loadStageButton;
let loadProdButtonReference = loadProdButton;
loadStageButton.parentNode.removeChild(loadStageButton);
loadProdButton.parentNode.removeChild(loadProdButton);
document.body.insertBefore(loadStageButtonReference, document.body.firstChild);
document.body.insertBefore(document.createTextNode(" "), document.body.firstChild);
document.body.insertBefore(loadProdButtonReference, document.body.firstChild);
loadStageButtonReference.addEventListener("click", function () {togglePredefinedCreds("stage");});
loadProdButtonReference.addEventListener("click", function () {togglePredefinedCreds("prod");});
}
<?php
die();
}
if (empty($_POST) && in_array($_SERVER['REQUEST_URI'], array("/adminer/", "/adminer", "/adminer/index.php"), true)) {
register_shutdown_function(function () {
$nonce = explode("nonce-", print_r(headers_list(), true))[1];
$nonce = substr($nonce, 0, strpos($nonce, "'"));
?>
<button id="loadStageButton">load Stage</button>
<button id="loadProdButton">load Prod</button>
<script src="?loadCredentialsInjector=1" type="text/javascript" nonce="<?php echo $nonce; ?>"></script>
<?php
});
}
require("adminer.php");
然后在左上角,您可以在登录屏幕上获得加载所需数据库的按钮:(