7

I am running a server which hosts both a MySQL instance (with several databases) and some SQLite files. I would like to use Adminer to manage all of them, provided that valid credentials are given by the users. Also, a list of databases should be populated.

In case of MySQL, valid database users can be used and the connection works out of the box. However, SQLite support must be added explicitly. Adminer gives this error:

Implement login() method to use SQLite.
  • How do I extend the Adminer class to enable SQLite login?
  • What should I do to fill a list of valid databases?
Andrea Lazzarotto
  • 2,471
  • 1
  • 22
  • 38

1 Answers1

6

This answer applies to Adminer version 4.2.5. Unfortunately, it is not valid for Adminer 4.3.x.

You need to override the login and databases methods of the Adminer class, making sure you do it only for the SQLite driver, not in other cases. The following code achieves a basic login system with a list of databases:

<?php
function adminer_object() {
    class AdminerSoftware extends Adminer {
        function login($login, $password) {
            global $jush;
            if ($jush == "sqlite")
                return ($login === 'admin') && ($password === 'changeme');
            return true;
        }
        function databases($flush = true) {
            if (isset($_GET['sqlite']))
                return ["/path/to/first.db", "/path/to/second.db"];
            return get_databases($flush);
        }
    }
    return new AdminerSoftware;
}
include "./adminer-4.2.5.php";

The code could be adapted to support multiple users. Save the file as index.php in the same directory where adminer-4.2.5.php is located. Make sure to tweak the username, password and paths to the databases.

Here are some important remarks:

  • the login method is not properly named, it is an initial check performed by Adminer
  • for databases that have built-in user functionality, e.g. MySQL, this method should always return true like the original class does
  • SQLite files do not have built-in authentication, therefore we define an artificial check to prevent unauthorized access

Result

List of SQLite databases shown by Adminer

Andrea Lazzarotto
  • 2,471
  • 1
  • 22
  • 38
  • So the login for any database except SQLite always returns `true`? – CL. Sep 13 '17 at 07:19
  • @CL yes, as you can see from the original Adminer source code. That's an initial login check. For MySQL, for instance, the credentials are then inserted into the connection string sent to the driver. However, SQLite doesn't have an integrated login function therefore that artificial login is added to ensure security for SQLite. – Andrea Lazzarotto Sep 13 '17 at 09:44
  • To be precise, the original Adminer class login returns `true` for every driver except SQLite where it throws an error to warn the user that it needs to be extended. – Andrea Lazzarotto Sep 13 '17 at 09:47
  • 1
    That deserves a comment. Anyway, it appears 4.3 [has some built-in support](https://github.com/vrana/adminer/commit/56b6590a4f8271ae3b40b4b135d825b92de08820). – CL. Sep 13 '17 at 10:48
  • @CL. you raised a good point, thanks. I will update the answer to address what the counterintuitively named method `login` does. Regarding 4.3, I spent more than an hour trying to extend it in a similar fashion but it complained that the function cannot be redefined (unlike 4.2.5). :( – Andrea Lazzarotto Sep 13 '17 at 11:38