如何基于免登录密码插件使用无密码管理员
How to use adminer without password basing on login-password-less plugins
我想使用无密码管理员。
我上传了 adminer-4.7.7-en.php 文件并找到了无需登录密码的插件
我创建文件 plugins/login-password-less.php 内容为:
<?php
/** Enable login for password-less database
* @link https://www.adminer.org/plugins/#use
* @author Jakub Vrana, https://www.vrana.cz/
* @license https://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
* @license https://www.gnu.org/licenses/gpl-2.0.html GNU General Public License, version 2 (one or other)
*/
class AdminerLoginPasswordLess {
/** @access protected */
var $password_hash;
/** Set allowed password
* @param string result of password_hash
*/
function __construct($password_hash) {
$this->password_hash = $password_hash;
}
function credentials() {
$password = get_password();
return array(SERVER, $_GET["username"], (password_verify($password, $this->password_hash) ? "" : $password));
}
function login($login, $password) {
if ($password != "") {
return true;
}
}
}
并阅读 https://www.adminer.org/plugins/#use 我创建了文件 adminer.php,它是
位于 adminer-4.7.7-en.php 的一个目录中,我创建了指向此文件的新 apache 主机。
此文件有:
<?php
function adminer_object() {
// required to run any plugin
include_once "./plugins/login-password-less.php"; // Plugin I want to use
// autoloader
foreach (glob("plugins/*.php") as $filename) {
include_once "./$filename";
}
$plugins = array(
// specify enabled plugins here
new AdminerLoginPasswordLess, // Plugin I want to use
/* new AdminerTinymce,
new AdminerFileUpload("data/"),
new AdminerSlugify,
new AdminerTranslation,
new AdminerForeignSystem,*/
);
/* It is possible to combine customization and plugins:
class AdminerCustomization extends AdminerPlugin {
}
return new AdminerCustomization($plugins);
*/
return new AdminerPlugin($plugins); // I am not sure which class is it and where it is defined ?
}
// include original Adminer or Adminer Editor
include "./adminer-4.7.7-en.php"; // encoded file I uploaded
?>
我得到错误:
Fatal error: Uncaught ArgumentCountError: Too few arguments to function AdminerLoginPasswordLess::__construct(), 0 passed in /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer.php on line 13 and exactly 1 expected in /mnt/_work_sdb8/wwwroot/lar/local_adminer/plugins/login-password-less.php:16 Stack trace: #0 /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer.php(13): AdminerLoginPasswordLess->__construct() #1 /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer-4.7.7-en.php(1654): adminer_object() #2 /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer.php(31): include('/mnt/_work_sdb8...') #3 {main} thrown in /mnt/_work_sdb8/wwwroot/lar/local_adminer/plugins/login-password-less.php on line 16
没有密码使用管理员的有效方法是什么?
修改:
我做了 :
new AdminerLoginPasswordLess(hash("md5", 'my_sql_user_password')),
所选的“md5”方法是否有效?
但是我得到了错误:
Fatal error: Uncaught Error: Class 'AdminerPlugin' not found in /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer.php:32 Stack trace: #0 /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer-4.7.7-en.php(1654): adminer_object() #1 /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer.php(36): include('/mnt/_work_sdb8...') #2 {main} thrown in /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer.php on line 32
修改:
在站点的源版本中,我找到了文件 plugin.php 和 AdminerPlugin class 实现。
我把这个文件移到了 plugins 目录下。
在 plugins/login-password-less.php 我添加了对 plugins/plugin.php 文件的引用并添加了调试信息:
<?php
/** Enable login for password-less database
* @link https://www.adminer.org/plugins/#use
* @author Jakub Vrana, https://www.vrana.cz/
* @license https://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
* @license https://www.gnu.org/licenses/gpl-2.0.html GNU General Public License, version 2 (one or other)
*/
include_once "./plugins/plugin.php";
class AdminerLoginPasswordLess {
/** @access protected */
var $password_hash;
/** Set allowed password
* @param string result of password_hash
*/
function __construct($password_hash) {
$this->password_hash = $password_hash;
debToFile('-2 AdminerLoginPasswordLess->__construct:$this->password_hash::'.$this->password_hash);
// That is debugging method appending string into text file
}
function credentials() {
$password = get_password();
debToFile('-3 AdminerLoginPasswordLess->credentials:$password::'.$password);
// That is debugging method appending string into text file
return array(SERVER, $_GET["username"], (password_verify($password, $this->password_hash) ? "" : $password));
}
function login($login, $password) {
debToFile('-4 AdminerLoginPasswordLess->login:$login::'.$login);
if ($password != "") {
debToFile('-5 TRUE AdminerLoginPasswordLess->login:$login::'.$login);
// That is debugging method appending string into text file
return true;
}
debToFile('-5 false AdminerLoginPasswordLess->login:$login::'.$login);
}
}
并在 adminer.php 中添加了调试行:
$plugins = array(
new AdminerLoginPasswordLess(hash("md5", 'm8y2s8q&L')),
);
debToFile('-1After:AdminerLoginPasswordLess');
我登录我看到的文件:
<pre>::-2 AdminerLoginPasswordLess->__construct:$this->password_hash::c61d49aaab35ca428e60d764ff05159d</pre>
<pre>::-1After:AdminerLoginPasswordLess</pre>
这意味着 AdminerLoginPasswordLess class 的方法凭据和登录未被触发。
我在浏览器中 运行 为:
http://local-adminer.com/?username=mysql_login_user
或
http://local-adminer.com // apache 配置中的主机
我没有错误,但我仍然需要输入 mysql_login_user 的密码。
我是不是漏掉了一些 options/plugins?
谢谢!
先做
mkdir -p plugins;
wget -O plugins/plugin.php https://raw.githubusercontent.com/vrana/adminer/master/plugins/plugin.php;
nano plugins/passwordless_login.php
然后写
<?php
class AdminerLoginPasswordLess {
public function credentials() {
return array("mysql_hostname", "mysql_username", "mysql_password");
}
function login($login, $password) {
return true;
}
}
然后保存退出,然后运行nano adminer_with_plugins.php
写:
<?php
function adminer_object() {
// required to run any plugin
include_once "./plugins/plugin.php";
// "autoloader"
foreach (glob("plugins/*.php") as $filename) {
include_once "./$filename";
}
$plugins = array(
// specify enabled plugins here
new AdminerLoginPasswordLess,
//new AdminerDumpXml,
//new AdminerTinymce,
//new AdminerFileUpload("data/"),
//new AdminerSlugify,
//new AdminerTranslation,
//new AdminerForeignSystem,
);
return new AdminerPlugin($plugins);
}
// include original Adminer or Adminer Editor
include "./adminer.php";
然后保存退出;
然后将你的 web-browser 指向 adminer_with_plugins.php
而不是 adminer.php
,现在你已经有效地禁用了管理员使用不同 usernames/passwords/hosts 登录的能力,无论你尝试使用什么凭据登录,它将始终使用源代码中编写的 mysql_hostname/mysql_username/mysql_password 登录,忽略用户输入的凭据。
不用说了,这是相当security-sensitive的操作。
如果您可以绕过一些耗时的小任务,通常会节省时间。我尝试了上述方法,但对我不起作用,所以我执行了以下操作,该操作在 2021 年适用于 Adminer 4.7.9。
警告:请注意,它仅适用于您的本地计算机,不建议用于联机数据库。:
第 1 步:从 Github 下载 Adminer 源代码,此 link.
第 2 步:打开 adminer-master\adminer\include\auth.inc.php
第 3 步:在第 55 至 57 行编辑以下内容,并将 my_username 和 my_password 替换为您的 MySQL 凭据:
$server = "localhost"; //$auth["server"];
$username = "my_username"; //$auth["username"];
$password = "my_password"; //(string) $auth["password"];
第 4 步:将浏览器指向“adminer-master\adminer”
,保存并打开 Adminer
第 5 步:只需单击“登录”按钮,无需输入任何内容即可登录。
希望对你有用。
我想使用无密码管理员。
我上传了 adminer-4.7.7-en.php 文件并找到了无需登录密码的插件 我创建文件 plugins/login-password-less.php 内容为:
<?php
/** Enable login for password-less database
* @link https://www.adminer.org/plugins/#use
* @author Jakub Vrana, https://www.vrana.cz/
* @license https://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
* @license https://www.gnu.org/licenses/gpl-2.0.html GNU General Public License, version 2 (one or other)
*/
class AdminerLoginPasswordLess {
/** @access protected */
var $password_hash;
/** Set allowed password
* @param string result of password_hash
*/
function __construct($password_hash) {
$this->password_hash = $password_hash;
}
function credentials() {
$password = get_password();
return array(SERVER, $_GET["username"], (password_verify($password, $this->password_hash) ? "" : $password));
}
function login($login, $password) {
if ($password != "") {
return true;
}
}
}
并阅读 https://www.adminer.org/plugins/#use 我创建了文件 adminer.php,它是 位于 adminer-4.7.7-en.php 的一个目录中,我创建了指向此文件的新 apache 主机。
此文件有:
<?php
function adminer_object() {
// required to run any plugin
include_once "./plugins/login-password-less.php"; // Plugin I want to use
// autoloader
foreach (glob("plugins/*.php") as $filename) {
include_once "./$filename";
}
$plugins = array(
// specify enabled plugins here
new AdminerLoginPasswordLess, // Plugin I want to use
/* new AdminerTinymce,
new AdminerFileUpload("data/"),
new AdminerSlugify,
new AdminerTranslation,
new AdminerForeignSystem,*/
);
/* It is possible to combine customization and plugins:
class AdminerCustomization extends AdminerPlugin {
}
return new AdminerCustomization($plugins);
*/
return new AdminerPlugin($plugins); // I am not sure which class is it and where it is defined ?
}
// include original Adminer or Adminer Editor
include "./adminer-4.7.7-en.php"; // encoded file I uploaded
?>
我得到错误:
Fatal error: Uncaught ArgumentCountError: Too few arguments to function AdminerLoginPasswordLess::__construct(), 0 passed in /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer.php on line 13 and exactly 1 expected in /mnt/_work_sdb8/wwwroot/lar/local_adminer/plugins/login-password-less.php:16 Stack trace: #0 /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer.php(13): AdminerLoginPasswordLess->__construct() #1 /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer-4.7.7-en.php(1654): adminer_object() #2 /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer.php(31): include('/mnt/_work_sdb8...') #3 {main} thrown in /mnt/_work_sdb8/wwwroot/lar/local_adminer/plugins/login-password-less.php on line 16
没有密码使用管理员的有效方法是什么?
修改: 我做了 :
new AdminerLoginPasswordLess(hash("md5", 'my_sql_user_password')),
所选的“md5”方法是否有效?
但是我得到了错误:
Fatal error: Uncaught Error: Class 'AdminerPlugin' not found in /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer.php:32 Stack trace: #0 /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer-4.7.7-en.php(1654): adminer_object() #1 /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer.php(36): include('/mnt/_work_sdb8...') #2 {main} thrown in /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer.php on line 32
修改: 在站点的源版本中,我找到了文件 plugin.php 和 AdminerPlugin class 实现。 我把这个文件移到了 plugins 目录下。 在 plugins/login-password-less.php 我添加了对 plugins/plugin.php 文件的引用并添加了调试信息:
<?php
/** Enable login for password-less database
* @link https://www.adminer.org/plugins/#use
* @author Jakub Vrana, https://www.vrana.cz/
* @license https://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
* @license https://www.gnu.org/licenses/gpl-2.0.html GNU General Public License, version 2 (one or other)
*/
include_once "./plugins/plugin.php";
class AdminerLoginPasswordLess {
/** @access protected */
var $password_hash;
/** Set allowed password
* @param string result of password_hash
*/
function __construct($password_hash) {
$this->password_hash = $password_hash;
debToFile('-2 AdminerLoginPasswordLess->__construct:$this->password_hash::'.$this->password_hash);
// That is debugging method appending string into text file
}
function credentials() {
$password = get_password();
debToFile('-3 AdminerLoginPasswordLess->credentials:$password::'.$password);
// That is debugging method appending string into text file
return array(SERVER, $_GET["username"], (password_verify($password, $this->password_hash) ? "" : $password));
}
function login($login, $password) {
debToFile('-4 AdminerLoginPasswordLess->login:$login::'.$login);
if ($password != "") {
debToFile('-5 TRUE AdminerLoginPasswordLess->login:$login::'.$login);
// That is debugging method appending string into text file
return true;
}
debToFile('-5 false AdminerLoginPasswordLess->login:$login::'.$login);
}
}
并在 adminer.php 中添加了调试行:
$plugins = array(
new AdminerLoginPasswordLess(hash("md5", 'm8y2s8q&L')),
);
debToFile('-1After:AdminerLoginPasswordLess');
我登录我看到的文件:
<pre>::-2 AdminerLoginPasswordLess->__construct:$this->password_hash::c61d49aaab35ca428e60d764ff05159d</pre>
<pre>::-1After:AdminerLoginPasswordLess</pre>
这意味着 AdminerLoginPasswordLess class 的方法凭据和登录未被触发。 我在浏览器中 运行 为: http://local-adminer.com/?username=mysql_login_user
或 http://local-adminer.com // apache 配置中的主机
我没有错误,但我仍然需要输入 mysql_login_user 的密码。
我是不是漏掉了一些 options/plugins?
谢谢!
先做
mkdir -p plugins;
wget -O plugins/plugin.php https://raw.githubusercontent.com/vrana/adminer/master/plugins/plugin.php;
nano plugins/passwordless_login.php
然后写
<?php
class AdminerLoginPasswordLess {
public function credentials() {
return array("mysql_hostname", "mysql_username", "mysql_password");
}
function login($login, $password) {
return true;
}
}
然后保存退出,然后运行nano adminer_with_plugins.php
写:
<?php
function adminer_object() {
// required to run any plugin
include_once "./plugins/plugin.php";
// "autoloader"
foreach (glob("plugins/*.php") as $filename) {
include_once "./$filename";
}
$plugins = array(
// specify enabled plugins here
new AdminerLoginPasswordLess,
//new AdminerDumpXml,
//new AdminerTinymce,
//new AdminerFileUpload("data/"),
//new AdminerSlugify,
//new AdminerTranslation,
//new AdminerForeignSystem,
);
return new AdminerPlugin($plugins);
}
// include original Adminer or Adminer Editor
include "./adminer.php";
然后保存退出;
然后将你的 web-browser 指向 adminer_with_plugins.php
而不是 adminer.php
,现在你已经有效地禁用了管理员使用不同 usernames/passwords/hosts 登录的能力,无论你尝试使用什么凭据登录,它将始终使用源代码中编写的 mysql_hostname/mysql_username/mysql_password 登录,忽略用户输入的凭据。
不用说了,这是相当security-sensitive的操作。
如果您可以绕过一些耗时的小任务,通常会节省时间。我尝试了上述方法,但对我不起作用,所以我执行了以下操作,该操作在 2021 年适用于 Adminer 4.7.9。
警告:请注意,它仅适用于您的本地计算机,不建议用于联机数据库。:
第 1 步:从 Github 下载 Adminer 源代码,此 link.
第 2 步:打开 adminer-master\adminer\include\auth.inc.php
第 3 步:在第 55 至 57 行编辑以下内容,并将 my_username 和 my_password 替换为您的 MySQL 凭据:
$server = "localhost"; //$auth["server"];
$username = "my_username"; //$auth["username"];
$password = "my_password"; //(string) $auth["password"];
第 4 步:将浏览器指向“adminer-master\adminer”
,保存并打开 Adminer
第 5 步:只需单击“登录”按钮,无需输入任何内容即可登录。
希望对你有用。