diff --git a/databases/static/databases/databases.js b/databases/static/databases/databases.js
index 57cf96187..d924674ce 100755
--- a/databases/static/databases/databases.js
+++ b/databases/static/databases/databases.js
@@ -589,8 +589,34 @@ app.controller('phpMyAdmin', function ($scope, $http, $window) {
function ListInitialDatas(response) {
$scope.cyberPanelLoading = true;
if (response.data.status === 1) {
- var rUrl = '/phpmyadmin/phpmyadminsignin.php?username=' + response.data.username + '&token=' + response.data.token;
- $window.location.href = rUrl;
+ //var rUrl = '/phpmyadmin/phpmyadminsignin.php?username=' + response.data.username + '&token=' + response.data.token;
+ //$window.location.href = rUrl;
+
+ var form = document.createElement('form');
+ form.method = 'post';
+ form.action = '/phpmyadmin/phpmyadminsignin.php';
+
+// Create input elements for username and token
+ var usernameInput = document.createElement('input');
+ usernameInput.type = 'hidden';
+ usernameInput.name = 'username';
+ usernameInput.value = response.data.username;
+
+ var tokenInput = document.createElement('input');
+ tokenInput.type = 'hidden';
+ tokenInput.name = 'token';
+ tokenInput.value = response.data.token;
+
+// Append input elements to the form
+ form.appendChild(usernameInput);
+ form.appendChild(tokenInput);
+
+// Append the form to the body
+ document.body.appendChild(form);
+
+// Submit the form
+ form.submit();
+
} else {
}
diff --git a/databases/templates/databases/AutoLogin.html b/databases/templates/databases/AutoLogin.html
new file mode 100644
index 000000000..f8a897fb4
--- /dev/null
+++ b/databases/templates/databases/AutoLogin.html
@@ -0,0 +1,44 @@
+
+
+
+
+ Auto login for {{ url }}
+
+
+
+{{ userName }}
+{{ password }}
+
+
+
+
\ No newline at end of file
diff --git a/databases/views.py b/databases/views.py
index 19e924c7b..241adf44a 100755
--- a/databases/views.py
+++ b/databases/views.py
@@ -2,6 +2,7 @@
from django.shortcuts import redirect, HttpResponse
+from django.views.decorators.csrf import csrf_exempt
from cloudAPI.cloudManager import CloudManager
from loginSystem.views import loadLoginPage
@@ -251,7 +252,7 @@ def generateAccess(request):
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
-
+@csrf_exempt
def fetchDetailsPHPMYAdmin(request):
try:
@@ -259,8 +260,15 @@ def fetchDetailsPHPMYAdmin(request):
admin = Administrator.objects.get(id=userID)
currentACL = ACLManager.loadedACL(userID)
- token = request.GET.get('token')
- username = request.GET.get('username')
+
+
+ token = request.POST.get('token')
+ username = request.POST.get('username')
+
+ from plogical.httpProc import httpProc
+ proc = httpProc(request, None,
+ )
+ #return proc.ajax(0, str(request.POST.get('token')))
if username != admin.userName:
return redirect(loadLoginPage)
@@ -280,20 +288,37 @@ def fetchDetailsPHPMYAdmin(request):
mysqluser = jsonData['mysqluser']
password = jsonData['mysqlpassword']
- returnURL = '/phpmyadmin/phpmyadminsignin.php?username=%s&password=%s' % (
- mysqluser, password)
- return redirect(returnURL)
+ # returnURL = '/phpmyadmin/phpmyadminsignin.php?username=%s&password=%s' % (
+ # mysqluser, password)
+ # return redirect(returnURL)
+ data = {}
+ data['userName'] = mysqluser
+ data['password'] = password
- except BaseException:
+
+ proc = httpProc(request, 'databases/AutoLogin.html',
+ data, 'admin')
+ return proc.render()
+
+ except BaseException as msg:
f = open(passFile)
data = f.read()
password = data.split('\n', 1)[0]
password = password.strip('\n').strip('\r')
- returnURL = '/phpmyadmin/phpmyadminsignin.php?username=%s&password=%s' % (
- 'root', password)
- return redirect(returnURL)
+ data = {}
+ data['userName'] = 'root'
+ data['password'] = password
+ # return redirect(returnURL)
+
+ proc = httpProc(request, 'databases/AutoLogin.html',
+ data, 'admin')
+ return proc.render()
+
+ # returnURL = '/phpmyadmin/phpmyadminsignin.php?username=%s&password=%s' % (
+ # 'root', password)
+ # return redirect(returnURL)
keySavePath = '/home/cyberpanel/phpmyadmin_%s' % (admin.userName)
key = ProcessUtilities.outputExecutioner('cat %s' % (keySavePath)).strip('\n').encode()
@@ -306,8 +331,17 @@ def fetchDetailsPHPMYAdmin(request):
for db in site.databases_set.all():
mysqlUtilities.addUserToDB(db.dbName, admin.userName, password.decode(), 0)
- returnURL = '/phpmyadmin/phpmyadminsignin.php?username=%s&password=%s' % (admin.userName, password.decode())
- return redirect(returnURL)
+ data = {}
+ data['userName'] = admin.userName
+ data['password'] = password.decode()
+ # return redirect(returnURL)
+
+ proc = httpProc(request, 'databases/AutoLogin.html',
+ data, 'admin')
+ return proc.render()
+
+ # returnURL = '/phpmyadmin/phpmyadminsignin.php?username=%s&password=%s' % (admin.userName, password.decode())
+ # return redirect(returnURL)
else:
return redirect(loadLoginPage)
diff --git a/plogical/phpmyadminsignin.php b/plogical/phpmyadminsignin.php
index d12408d1a..7e386ec3d 100644
--- a/plogical/phpmyadminsignin.php
+++ b/plogical/phpmyadminsignin.php
@@ -3,52 +3,57 @@
define("PMA_SIGNON_INDEX", 1);
-try{
+try {
+ define('PMA_SIGNON_SESSIONNAME', 'SignonSession');
+ define('PMA_DISABLE_SSL_PEER_VALIDATION', TRUE);
-define('PMA_SIGNON_SESSIONNAME', 'SignonSession');
-define('PMA_DISABLE_SSL_PEER_VALIDATION', TRUE);
+ if (isset($_POST['token'])) {
-if(isset($_GET['token'])){
+ ### Get credentials using the token
- ### Get credentials using the token
+ $token = $_POST['token'];
+ $username = $_POST['username'];
- $token = $_GET['token'];
- $username = $_GET['username'];
+ //$url = "/dataBases/fetchDetailsPHPMYAdmin?token=" . $token . '&username=' . $username;
+ $url = "/dataBases/fetchDetailsPHPMYAdmin";
- $url = "/dataBases/fetchDetailsPHPMYAdmin?token=" . $token . '&username=' . $username;
+ // header('Location: ' . $url);
- header('Location: ' . $url);
+ // Redirect with POST data
-}
-else if(isset($_GET['logout'])){
- $params = session_get_cookie_params();
- setcookie(session_name(), '', time() - 86400, $params["path"], $params["domain"], $params["secure"], $params["httponly"] );
- session_destroy();
- header('Location: /dataBases/phpMyAdmin');
- return;
-}
-else if(isset($_GET['password'])){
+ echo '';
+ echo '';
- session_name(PMA_SIGNON_SESSIONNAME);
- @session_start();
+ } else if (isset($_POST['logout'])) {
+ $params = session_get_cookie_params();
+ setcookie(session_name(), '', time() - 86400, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
+ session_destroy();
+ header('Location: /base/');
+ return;
+ } else if (isset($_POST['password'])) {
- $username = $_GET['username'];
- $password = $_GET['password'];
+ session_name(PMA_SIGNON_SESSIONNAME);
+ @session_start();
- $_SESSION['PMA_single_signon_user'] = $username;
- $_SESSION['PMA_single_signon_password'] = $password;
- $_SESSION['PMA_single_signon_host'] = 'localhost';
+ $username = $_POST['username'];
+ $password = $_POST['password'];
+ $_SESSION['PMA_single_signon_user'] = $username;
+ $_SESSION['PMA_single_signon_password'] = $password;
+ $_SESSION['PMA_single_signon_host'] = 'localhost';
- @session_write_close();
+ @session_write_close();
- header('Location: /phpmyadmin/index.php?server=' . PMA_SIGNON_INDEX);
-}
-}catch (Exception $e) {
- echo 'Caught exception: ', $e->getMessage(), "\n";
+ header('Location: /phpmyadmin/index.php?server=' . PMA_SIGNON_INDEX);
+ }
+} catch (Exception $e) {
+ echo 'Caught exception: ', $e->getMessage(), "\n";
$params = session_get_cookie_params();
- setcookie(session_name(), '', time() - 86400, $params["path"], $params["domain"], $params["secure"], $params["httponly"] );
+ setcookie(session_name(), '', time() - 86400, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
session_destroy();
header('Location: /dataBases/phpMyAdmin');
return;
-}
\ No newline at end of file
+}