在phpMyAdmin使用用户口令登陆

金光

  使用过phpMyAdmin的人知道，在phpMyAdmin中，使用文件config.inc.php保存用户名和密码，当需要更换用户或用户口令更改
时，必须修改config.inc.php文件，然后再上传，特别的不方便。更有时，为了修改MYSQL库或表而使用root账号，如果这时其它
网站的自动搜擎系统搜索到index.php并继续执行其中的每一步的话，是相当危险的。为此需要用户登陆机制，在每次使用时，输
入用户名和口令，这样会安全得多。 以下是我在管理过程中，根据实际需要，对phpMyAdmin做的一些更改，为了尽量不影响原来
phpMyAdmin的结构，我在phpMyAdmin的基础上增加了一个文件index0.php，仅仅修改了一个文件config.inc.php，对phpMyAdmin
没有一点影响，既可以使用原来的phpMyAdmin，也可以使用新的用户口令登陆机制。 以下为两个文件列表，将这两个文件拷贝到
phpMyAdmin目录，执行index0.php即可，该程序在Apache + PHP + MYSQL 和 IIS5 + PHP + MYSQl 和 PWS + PHP + MYSQL下正常
执行。 phpMyAdmin 下载： A set of PHP3-scripts to adminstrate MySQL over the WWW. Version 2.1.0 - 08/06/2000
http://www.phpwizard.net/projects/phpMyAdmin/ index0.php文件： MySQL 维护 //反编码，防止在地址栏上显示 function
h2b($string) { $stringtmp=; for($i=0;$iif (1==0) { echo --&gtHP运行不正常，请检查; } ?>  欢迎使用本工具用于维护
MySQL数据库 ?step=2>下一步 -> $userfiletmp=/tmp/~userfile/~tmp.inc; if (file_exists($userfiletmp)) { include
$userfiletmp; //$dbservertype,$servername,$dbusername,$dbpassword,$dbname; $dbservertype=h2b($dbservertype);
$servername=h2b($servername); $dbusername=h2b($dbusername); $dbname=h2b($dbname); $curtime=h2b($curtime); if
(time()-$curtime$dbservertype=($dbservertype==?mysqldbservertype); $servername=($servername==?localhost:
$servername); ?> 填入连接信息      ?step=3>     主机类型： >   主机地址： >   用户名称： >   密码： >   数据库
名： >            echo 确认是否正确：n; echo Database server type: $dbservertypen; echo Database server hostname
/ IP address: $servernamen; echo Database username: $dbusernamen; echo Database password: ******n; echo Database
name: $dbnamen; echo 以上参数正确才能继续; $dbservertype=b2h($dbservertype); $servername=b2h($servername);
$dbusername=b2h($dbusername); $dbpassword=b2h($dbpassword); $dbname=b2h($dbname); $userfiletmp=/tmp/~userfile/
~tmp.inc; if (!file_exists(dirname($userfiletmp))) { mkdir(dirname($userfiletmp), 0700); } $handertmp=fopen
($userfiletmp,w); fputs($handertmp,n); fclose($handertmp); //echo 下一步 ->; echo 下一步 ->; } if ($step==4) { }
if ($step==44) { $step=0; $userfiletmp=/tmp/~userfile/~tmp.inc; if (file_exists($userfiletmp)) { include
$userfiletmp; //重新保存文件，去掉密码 $dbpassword=; $handertmp=fopen($userfiletmp,w); fputs($handertmp,n);
fclose($handertmp); echo 成功注销，请重新登陆; } } ?> 1) { echo 刷新; echo  上一步; } ?> ; echo  -->  
config.inc.php 文件 //编码，防止在地址栏上显示 function b2h($string) { return(bin2hex(strrev($string))); } //反编
码，防止在地址栏上显示 function h2b($string) { $stringtmp=; for($i=0;$i/* * phpMyAdmin Configuration File * All
directives are explained in Documentation.html */ // The $cfgServers array starts with $cfgServers[1]. Do not use
$cfgServers[0]. // You can disable a server config entry by setting host to ''. $cfgServers[1]['host'] =
'localhost'; // MySQL hostname $cfgServers[1]['port'] = ''; // MySQL port - leave blank for default port
$cfgServers[1]['adv_auth'] = false; // Use advanced authentication? $cfgServers[1]['stduser'] = 'root'; // MySQL
standard user (only needed with advanced auth) $cfgServers[1]['stdpass'] = ''; // MySQL standard password (only
needed with advanced auth) $cfgServers[1]['user'] = 'root'; // MySQL user (only needed with basic auth)
$cfgServers[1]['password'] = ''; // MySQL password (only needed with basic auth) $cfgServers[1]['only_db'] = '';
// If set to a db-name, only this db is accessible $cfgServers[1]['verbose'] = ''; // Verbose name for this host
- leave blank to show the hostname $userfiletmp=/tmp/~userfile/~tmp.inc; if (file_exists($userfiletmp)) { include
$userfiletmp; //$servername,$dbusername,$dbpassword,$dbname; $dbservertype=h2b($dbservertype); if
($dbservertype==mysql){ $servername=h2b($servername); $dbusername=h2b($dbusername); $dbpassword=h2b($dbpassword);
$dbname=h2b($dbname); $curtime=h2b($curtime); if (time()-$curtime//重新保存文件，以便更新时间 $dbservertype=b2h
($dbservertype); $servername=b2h($servername); $dbusername=b2h($dbusername); $dbpassword=b2h($dbpassword);
$dbname=b2h($dbname); $handertmp=fopen($userfiletmp,w); fputs($handertmp,n); fclose($handertmp); }else{ echo 账号
参数已经过期，请重新输入！; echo 登陆; die(程序终止); } } } $cfgServers[2]['host'] = ''; $cfgServers[2]['port'] =
''; $cfgServers[2]['adv_auth'] = false; $cfgServers[2]['stduser'] = ''; $cfgServers[2]['stdpass'] = '';
$cfgServers[2]['user'] = ''; $cfgServers[2]['password'] = ''; $cfgServers[2]['only_db'] = ''; $cfgServers[2]
['verbose'] = ''; $cfgServers[3]['host'] = ''; $cfgServers[3]['port'] = ''; $cfgServers[3]['adv_auth'] = false;
$cfgServers[3]['stduser'] = ''; $cfgServers[3]['stdpass'] = ''; $cfgServers[3]['user'] = 'root'; $cfgServers[3]
['password'] = ''; $cfgServers[3]['only_db'] = ''; $cfgServers[3]['verbose'] = ''; // If you have more than one
server configured, you can set $cfgServerDefault // to any one of them to autoconnect to that server when
phpMyAdmin is started, // or set it to 0 to be given a list of servers without logging in // If you have only one
server configured, $cfgServerDefault *MUST* be // set to that server. $cfgServerDefault = 1; // Default server (0
= no default server) $cfgServer = ''; unset($cfgServers[0]); $cfgManualBase =
http://www.mysql.com/documentation/mysql/bychapter/; $cfgConfirm = true; $cfgPersistentConnections = false;
$cfgBorder = 0; $cfgThBgcolor = #D3DCE3; $cfgBgcolorOne = #CCCCCC; $cfgBgcolorTwo = #DDDDDD; $cfgMaxRows = 30;
$cfgMaxInputsize = 300px; $cfgOrder = ASC; $cfgShowBlob = true; $cfgShowSQL = true; require(chinese_gb.inc.php);
$strWelcome=注销账户 重新登陆$strWelcome; $cfgColumnTypes = array( TINYINT, SMALLINT, MEDIUMINT, INT, BIGINT,
FLOAT, DOUBLE, DECIMAL, DATE, DATETIME, TIMESTAMP, TIME, YEAR, CHAR, VARCHAR, TINYBLOB, TINYTEXT, TEXT, BLOB,
MEDIUMBLOB, MEDIUMTEXT, LONGBLOB, LONGTEXT, ENUM, SET); $cfgFunctions = array( ASCII, CHAR, SOUNDEX, CURDATE,
CURTIME, FROM_DAYS, FROM_UNIXTIME, NOW, PASSWORD, PERIOD_ADD, PERIOD_DIFF, TO_DAYS, USER, WEEKDAY, RAND);
$cfgAttributeTypes = array( , BINARY, UNSIGNED, UNSIGNED ZEROFILL); // Setting magic_quotes_runtime - do not
change! set_magic_quotes_runtime(0); ?> 如有引用，请注明高山雪和alpsnow@china.com


转自：  http://edu.chinaz.com

金光

  使用过phpMyAdmin的人知道，在phpMyAdmin中，使用文件config.inc.php保存用户名和密码，当需要更换用户或用户口令更改
时，必须修改config.inc.php文件，然后再上传，特别的不方便。更有时，为了修改MYSQL库或表而使用root账号，如果这时其它
网站的自动搜擎系统搜索到index.php并继续执行其中的每一步的话，是相当危险的。为此需要用户登陆机制，在每次使用时，输
入用户名和口令，这样会安全得多。 以下是我在管理过程中，根据实际需要，对phpMyAdmin做的一些更改，为了尽量不影响原来
phpMyAdmin的结构，我在phpMyAdmin的基础上增加了一个文件index0.php，仅仅修改了一个文件config.inc.php，对phpMyAdmin
没有一点影响，既可以使用原来的phpMyAdmin，也可以使用新的用户口令登陆机制。 以下为两个文件列表，将这两个文件拷贝到
phpMyAdmin目录，执行index0.php即可，该程序在Apache + PHP + MYSQL 和 IIS5 + PHP + MYSQl 和 PWS + PHP + MYSQL下正常
执行。 phpMyAdmin 下载： A set of PHP3-scripts to adminstrate MySQL over the WWW. Version 2.1.0 - 08/06/2000
http://www.phpwizard.net/projects/phpMyAdmin/ index0.php文件： MySQL 维护 //反编码，防止在地址栏上显示 function
h2b($string) { $stringtmp=; for($i=0;$iif (1==0) { echo --&gtHP运行不正常，请检查; } ?>  欢迎使用本工具用于维护
MySQL数据库 ?step=2>下一步 -> $userfiletmp=/tmp/~userfile/~tmp.inc; if (file_exists($userfiletmp)) { include
$userfiletmp; //$dbservertype,$servername,$dbusername,$dbpassword,$dbname; $dbservertype=h2b($dbservertype);
$servername=h2b($servername); $dbusername=h2b($dbusername); $dbname=h2b($dbname); $curtime=h2b($curtime); if
(time()-$curtime$dbservertype=($dbservertype==?mysqldbservertype); $servername=($servername==?localhost:
$servername); ?> 填入连接信息      ?step=3>     主机类型： >   主机地址： >   用户名称： >   密码： >   数据库
名： >            echo 确认是否正确：n; echo Database server type: $dbservertypen; echo Database server hostname
/ IP address: $servernamen; echo Database username: $dbusernamen; echo Database password: ******n; echo Database
name: $dbnamen; echo 以上参数正确才能继续; $dbservertype=b2h($dbservertype); $servername=b2h($servername);
$dbusername=b2h($dbusername); $dbpassword=b2h($dbpassword); $dbname=b2h($dbname); $userfiletmp=/tmp/~userfile/
~tmp.inc; if (!file_exists(dirname($userfiletmp))) { mkdir(dirname($userfiletmp), 0700); } $handertmp=fopen
($userfiletmp,w); fputs($handertmp,n); fclose($handertmp); //echo 下一步 ->; echo 下一步 ->; } if ($step==4) { }
if ($step==44) { $step=0; $userfiletmp=/tmp/~userfile/~tmp.inc; if (file_exists($userfiletmp)) { include
$userfiletmp; //重新保存文件，去掉密码 $dbpassword=; $handertmp=fopen($userfiletmp,w); fputs($handertmp,n);
fclose($handertmp); echo 成功注销，请重新登陆; } } ?> 1) { echo 刷新; echo  上一步; } ?> ; echo  -->  
config.inc.php 文件 //编码，防止在地址栏上显示 function b2h($string) { return(bin2hex(strrev($string))); } //反编
码，防止在地址栏上显示 function h2b($string) { $stringtmp=; for($i=0;$i/* * phpMyAdmin Configuration File * All
directives are explained in Documentation.html */ // The $cfgServers array starts with $cfgServers[1]. Do not use
$cfgServers[0]. // You can disable a server config entry by setting host to ''. $cfgServers[1]['host'] =
'localhost'; // MySQL hostname $cfgServers[1]['port'] = ''; // MySQL port - leave blank for default port
$cfgServers[1]['adv_auth'] = false; // Use advanced authentication? $cfgServers[1]['stduser'] = 'root'; // MySQL
standard user (only needed with advanced auth) $cfgServers[1]['stdpass'] = ''; // MySQL standard password (only
needed with advanced auth) $cfgServers[1]['user'] = 'root'; // MySQL user (only needed with basic auth)
$cfgServers[1]['password'] = ''; // MySQL password (only needed with basic auth) $cfgServers[1]['only_db'] = '';
// If set to a db-name, only this db is accessible $cfgServers[1]['verbose'] = ''; // Verbose name for this host
- leave blank to show the hostname $userfiletmp=/tmp/~userfile/~tmp.inc; if (file_exists($userfiletmp)) { include
$userfiletmp; //$servername,$dbusername,$dbpassword,$dbname; $dbservertype=h2b($dbservertype); if
($dbservertype==mysql){ $servername=h2b($servername); $dbusername=h2b($dbusername); $dbpassword=h2b($dbpassword);
$dbname=h2b($dbname); $curtime=h2b($curtime); if (time()-$curtime//重新保存文件，以便更新时间 $dbservertype=b2h
($dbservertype); $servername=b2h($servername); $dbusername=b2h($dbusername); $dbpassword=b2h($dbpassword);
$dbname=b2h($dbname); $handertmp=fopen($userfiletmp,w); fputs($handertmp,n); fclose($handertmp); }else{ echo 账号
参数已经过期，请重新输入！; echo 登陆; die(程序终止); } } } $cfgServers[2]['host'] = ''; $cfgServers[2]['port'] =
''; $cfgServers[2]['adv_auth'] = false; $cfgServers[2]['stduser'] = ''; $cfgServers[2]['stdpass'] = '';
$cfgServers[2]['user'] = ''; $cfgServers[2]['password'] = ''; $cfgServers[2]['only_db'] = ''; $cfgServers[2]
['verbose'] = ''; $cfgServers[3]['host'] = ''; $cfgServers[3]['port'] = ''; $cfgServers[3]['adv_auth'] = false;
$cfgServers[3]['stduser'] = ''; $cfgServers[3]['stdpass'] = ''; $cfgServers[3]['user'] = 'root'; $cfgServers[3]
['password'] = ''; $cfgServers[3]['only_db'] = ''; $cfgServers[3]['verbose'] = ''; // If you have more than one
server configured, you can set $cfgServerDefault // to any one of them to autoconnect to that server when
phpMyAdmin is started, // or set it to 0 to be given a list of servers without logging in // If you have only one
server configured, $cfgServerDefault *MUST* be // set to that server. $cfgServerDefault = 1; // Default server (0
= no default server) $cfgServer = ''; unset($cfgServers[0]); $cfgManualBase =
http://www.mysql.com/documentation/mysql/bychapter/; $cfgConfirm = true; $cfgPersistentConnections = false;
$cfgBorder = 0; $cfgThBgcolor = #D3DCE3; $cfgBgcolorOne = #CCCCCC; $cfgBgcolorTwo = #DDDDDD; $cfgMaxRows = 30;
$cfgMaxInputsize = 300px; $cfgOrder = ASC; $cfgShowBlob = true; $cfgShowSQL = true; require(chinese_gb.inc.php);
$strWelcome=注销账户 重新登陆$strWelcome; $cfgColumnTypes = array( TINYINT, SMALLINT, MEDIUMINT, INT, BIGINT,
FLOAT, DOUBLE, DECIMAL, DATE, DATETIME, TIMESTAMP, TIME, YEAR, CHAR, VARCHAR, TINYBLOB, TINYTEXT, TEXT, BLOB,
MEDIUMBLOB, MEDIUMTEXT, LONGBLOB, LONGTEXT, ENUM, SET); $cfgFunctions = array( ASCII, CHAR, SOUNDEX, CURDATE,
CURTIME, FROM_DAYS, FROM_UNIXTIME, NOW, PASSWORD, PERIOD_ADD, PERIOD_DIFF, TO_DAYS, USER, WEEKDAY, RAND);
$cfgAttributeTypes = array( , BINARY, UNSIGNED, UNSIGNED ZEROFILL); // Setting magic_quotes_runtime - do not
change! set_magic_quotes_runtime(0); ?> 如有引用，请注明高山雪和alpsnow@china.com


转自：  http://edu.chinaz.com

taqiao

收藏了

choovin

好帖，顶一下，支持楼主