Fix phpMyAdmin SSO login and harden SSO/security posture
phpMyAdmin login was broken because phpmyadmin_install.sh never wired the private phpMyAdmin copy into the web server: no Apache Alias was registered via DirectAdmin CustomBuild, so the SSO redirect target was unreachable. Add configure_apache_alias()/apply_apache_alias() (Alias + Directory blocks, ./build rewrite_confs, httpd reload), detect the real Apache group instead of hardcoding diradmin:diradmin, stop silently swallowing chown/chmod failures, and verify an optional SHA256 for the downloaded phpMyAdmin tarball. Extend phpmyadmin_health_check.sh to detect a missing/incorrect Apache alias and to probe HTTP reachability. Security hardening: scope temporary phpMyAdmin SSO MySQL roles to 127.0.0.1 instead of '%', tighten SSO ticket file permissions to 0640 (they contain a plaintext MySQL password), and log MySQL connection failures for diagnosis instead of swallowing them silently. Bump version to 1.2.12 and rebuild the release archive.
This commit is contained in:
@@ -58,6 +58,17 @@ return static function (AppContext $ctx): void {
|
||||
$ensurePhpMyAdminReady();
|
||||
} catch (Throwable $e) {
|
||||
$message = 'Nie można przygotować phpMyAdmin: ' . $e->getMessage();
|
||||
@error_log(
|
||||
sprintf(
|
||||
"[%s] PHPMYADMIN_PROVISION_FAIL user=%s remote=%s message=%s\n",
|
||||
date('c'),
|
||||
$ctx->daUser->username(),
|
||||
Http::server('REMOTE_ADDR'),
|
||||
$e->getMessage()
|
||||
),
|
||||
3,
|
||||
PLUGIN_ROOT . '/error.log'
|
||||
);
|
||||
if ($rawMode) {
|
||||
echo "HTTP/1.1 500 Internal Server Error\r\n";
|
||||
echo "Content-Type: text/plain; charset=UTF-8\r\n\r\n";
|
||||
|
||||
Reference in New Issue
Block a user