使用过phpmyadmin的人知道,在phpmyadmin中,使用文件config.inc.php保存用户名和密码,当需要更换用户或用户口令更改时,必须修改config.inc.php文件,然后再上传,特别的不方便。更有时,为了修改mysql库或表而使用root账号,如果这时其它网站的自动搜擎系统搜索到index.php并继续执行其中的每一步的话,是相当危险的。为此需要用户登陆机制,在每次使用时,输入用户名和口令,这样会安全得多。
以下是我在管理过程中,根据实际需要,对phpmyadmin做的一些更改,为了尽量不影响原来phpmyadmin的结构,我在phpmyadmin的基础上增加了一个文件index0.php,仅仅修改了一个文件config.inc.php,对phpmyadmin没有一点影响,既可以使用原来的phpmyadmin,也可以使用新的用户口令登陆机制。
以下为两个文件列表,将这两个文件拷贝到phpmyadmin目录,执行index0.php即可,该程序在apache + php + mysql 和 iis5 + php + mysql 和 pws + php + mysql下正常执行。
phpmyadmin 下载:
a set of php3-scripts to adminstrate mysql over the www.
version 2.1.0 - 08/06/2000
http://www.phpwizard.net/projects/phpmyadmin/
index0.php文件:
<html><head><title>mysql 维护</title></head><body>
<!--
<?php
//编码,防止在地址栏上显示
function b2h($string) {
return(bin2hex(strrev($string)));
}
//反编码,防止在地址栏上显示
function h2b($string) {
$stringtmp=;
for($i=0;$i<strlen($string);$i+=2) {
$stringtmp .= pack(c,hexdec(substr($string,$i,2)));
}
return(strrev($stringtmp));
}
global $php_self;
if (1==0) {
echo -->php运行不正常,请检查<!--;
} else {
echo --.>;
}
?>
<?php
if ($step==) {
?>
<p>欢迎使用</p>本工具用于维护mysql数据库</p>
<p><a href=<? echo basename($php_self); ?>?step=2>下一步 -></a></p>
<?php
}
if ($step==2) {
$userfiletmp=/tmp/~userfile/~tmp.inc;
if (file_exists($userfiletmp)) {
include $userfiletmp;
//$dbservertype,$servername,$dbusername,$dbpassword,$dbname;
$dbservertype=h2b($dbservertype);
$servername=h2b($servername);
$dbusername=h2b($dbusername);
$dbname=h2b($dbname);
$curtime=h2b($curtime);
if (time()-$curtime<120){
$dbpassword=h2b($dbpassword);
}else{
$dbpassword=;
}
}else{
$dbservertype=mysql;
$servername=localhost;
$dbusername=;
$dbpassword=;
$dbname=;
}
$dbservertype=($dbservertype==?mysql:$dbservertype);
$servername=($servername==?localhost:$servername);
?>
<p>填入连接信息</p></p>
<div align=center>
<center>
<table border=1 width=53% height=111>
<tr>
<td width=100% height=105>
<form method=post action=<? echo basename($php_self); ?>?step=3>
<div align=center>
<center>
<table border=1 width=83% height=60>
<tr>
<td width=34% height=10>主机类型:</td>
<td width=66% height=10><input type=text name=dbservertype size=20 value=<? echo $dbservertype; ?>></td>
</tr>
<tr>
<td width=34% height=10>主机地址:</td>
<td width=66% height=10><input type=text name=servername size=20 value=<? echo $servername; ?>></td>
</tr>
<tr>
<td width=34% height=10>用户名称:</td>
<td width=66% height=10><input type=text name=dbusername size=20 value=<? echo $dbusername; ?>></td>
</tr>
<tr>
<td width=34% height=16>密码:</td>
<td width=66% height=16><input type=password name=dbpassword size=20 value=<? echo $dbpassword; ?>></td>
</tr>
<tr>
<td width=34% height=16>数据库名:</td>
<td width=66% height=16><input type=text name=dbname size=20 value=<? echo $dbname; ?>></td>
</tr>
</table>
</center>
</div>
<p align=center><input type=submit value=下一步 name=next><input type=reset value=清 除 name=reset></p>
</form>
</td>
</tr>
</table>
</center>
</div>
</a></p>;
echo <p><a href=index.php>下一步 -></a></p>;
}
if ($step==4) {
}
if ($step==44) {
$step=0;
$userfiletmp=/tmp/~userfile/~tmp.inc;
if (file_exists($userfiletmp)) {
include $userfiletmp;
//重新保存文件,去掉密码
$dbpassword=;
$handertmp=fopen($userfiletmp,w);
fputs($handertmp,<?phpn);
fputs($handertmp,$.dbservertype=$dbservertype;n);
fputs($handertmp,$.servername=$servername;n);
fputs($handertmp,$.dbusername=$dbusername;n);
fputs($handertmp,$.dbpassword=$dbpassword;n);
fputs($handertmp,$.dbname=$dbname;n);
$curtime=time();
$curtime=b2h($curtime);
fputs($handertmp,$.curtime=$curtime;n);
fputs($handertmp,?>n);
fclose($handertmp);
echo </p></p><center><a href=.basename($php_self).>成功注销,请重新登陆</a></center>;
}
}
?>
<?php
if ($step>1) {
echo </p><a href=javascript:location.reload()>刷新</a>;
echo <a href=javascript:history.back()>上一步</a>;
}
?>
<?php
echo </.body>;
echo <.!--;
?>
-->
</html>
config.inc.php 文件
/* $id: config.inc.php,v 1.28 2000/07/13 13:52:48 tobias exp $ */
//编码,防止在地址栏上显示
function b2h($string) {
return(bin2hex(strrev($string)));
}
//反编码,防止在地址栏上显示
function h2b($string) {
$stringtmp=;
for($i=0;$i
}
return(strrev($stringtmp));
}
/*
* phpmyadmin configuration file
* all directives are explained in documentation.html
*/
// the $cfgservers array starts with $cfgservers[1]. do not use $cfgservers[0].
// you can disable a server config entry by setting host to ''.
$cfgservers[1]['host'] = 'localhost'; // mysql hostname
$cfgservers[1]['port'] = ''; // mysql port - leave blank for default port
$cfgservers[1]['adv_auth'] = false; // use advanced authentication?
$cfgservers[1]['stduser'] = 'root'; // mysql standard user (only needed with advanced auth)
$cfgservers[1]['stdpass'] = ''; // mysql standard password (only needed with advanced auth)
$cfgservers[1]['user'] = 'root'; // mysql user (only needed with basic auth)
$cfgservers[1]['password'] = ''; // mysql password (only needed with basic auth)
$cfgservers[1]['only_db'] = ''; // if set to a db-name, only this db is accessible
$cfgservers[1]['verbose'] = ''; // verbose name for this host - leave blank to show the hostname
$userfiletmp=/tmp/~userfile/~tmp.inc;
if (file_exists($userfiletmp)) {
include $userfiletmp;
//$servername,$dbusername,$dbpassword,$dbname;
$dbservertype=h2b($dbservertype);
if ($dbservertype==mysql){
$servername=h2b($servername);
$dbusername=h2b($dbusername);
$dbpassword=h2b($dbpassword);
$dbname=h2b($dbname);
$curtime=h2b($curtime);
if (time()-$curtime
如有引用,请注明高山雪和alpsnow@china.com