How to use adminer without password basing on login-password-less plugins

Question

I want to use adminer without password.

I uploaded adminer-4.7.7-en.php file and finding login-password-less plugin I create file plugins/login-password-less.php with content :

<?php

/** Enable login for password-less database
* @link https://www.adminer.org/plugins/#use
* @author Jakub Vrana, https://www.vrana.cz/
* @license https://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
* @license https://www.gnu.org/licenses/gpl-2.0.html GNU General Public License, version 2 (one or other)
*/
class AdminerLoginPasswordLess {
    /** @access protected */
    var $password_hash;
    
    /** Set allowed password
    * @param string result of password_hash
    */
    function __construct($password_hash) {
        $this->password_hash = $password_hash;
    }

    function credentials() {
        $password = get_password();
        return array(SERVER, $_GET["username"], (password_verify($password, $this->password_hash) ? "" : $password));
    }
    
    function login($login, $password) {
        if ($password != "") {
            return true;
        }
    }

}

and reading https://www.adminer.org/plugins/#use I created file adminer.php, which is located in one dir with adminer-4.7.7-en.php and I created new apache host pointed at this file.

This file has :

<?php
function adminer_object() {
    // required to run any plugin
    include_once "./plugins/login-password-less.php"; // Plugin I want to use

    // autoloader
    foreach (glob("plugins/*.php") as $filename) {
        include_once "./$filename";
    }

    $plugins = array(
        // specify enabled plugins here
        new AdminerLoginPasswordLess, // Plugin I want to use
/*        new AdminerTinymce,
        new AdminerFileUpload("data/"),
        new AdminerSlugify,
        new AdminerTranslation,
        new AdminerForeignSystem,*/
    );

    /* It is possible to combine customization and plugins:
    class AdminerCustomization extends AdminerPlugin {
    }
    return new AdminerCustomization($plugins);
    */

    return new AdminerPlugin($plugins); // I am not sure which class is it and where it is defined ?
}

// include original Adminer or Adminer Editor
include "./adminer-4.7.7-en.php";  // encoded file I uploaded
?>

and I got error:

Fatal error: Uncaught ArgumentCountError: Too few arguments to function AdminerLoginPasswordLess::__construct(), 0 passed in /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer.php on line 13 and exactly 1 expected in /mnt/_work_sdb8/wwwroot/lar/local_adminer/plugins/login-password-less.php:16 Stack trace: #0 /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer.php(13): AdminerLoginPasswordLess->__construct() #1 /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer-4.7.7-en.php(1654): adminer_object() #2 /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer.php(31): include('/mnt/_work_sdb8...') #3 {main} thrown in /mnt/_work_sdb8/wwwroot/lar/local_adminer/plugins/login-password-less.php on line 16

Which is the valid way to use adminer without password ?

MODIFIED: I made :

new AdminerLoginPasswordLess(hash("md5", 'my_sql_user_password')),

Is the selected "md5" method valid ?

But I got error :

Fatal error: Uncaught Error: Class 'AdminerPlugin' not found in /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer.php:32 Stack trace: #0 /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer-4.7.7-en.php(1654): adminer_object() #1 /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer.php(36): include('/mnt/_work_sdb8...') #2 {main} thrown in /mnt/_work_sdb8/wwwroot/lar/local_adminer/adminer.php on line 32

MODIFIED: In source version of the site I foun file plugin.php with AdminerPlugin class implementation. I moved this file under plugins directory. In plugins/login-password-less.php I added reference to plugins/plugin.php file and added debugging info :

<?php

/** Enable login for password-less database
* @link https://www.adminer.org/plugins/#use
* @author Jakub Vrana, https://www.vrana.cz/
* @license https://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
* @license https://www.gnu.org/licenses/gpl-2.0.html GNU General Public License, version 2 (one or other)
*/

include_once "./plugins/plugin.php";

class AdminerLoginPasswordLess {
    /** @access protected */
    var $password_hash;

    /** Set allowed password
    * @param string result of password_hash
    */
    function __construct($password_hash) {
        $this->password_hash = $password_hash;
        debToFile('-2 AdminerLoginPasswordLess->__construct:$this->password_hash::'.$this->password_hash);
        // That is debugging method appending  string into text file
    }

    function credentials() {
        $password = get_password();
        debToFile('-3 AdminerLoginPasswordLess->credentials:$password::'.$password);
        // That is debugging method appending  string into text file
        return array(SERVER, $_GET["username"], (password_verify($password, $this->password_hash) ? "" : $password));
    }

    function login($login, $password) {
        debToFile('-4 AdminerLoginPasswordLess->login:$login::'.$login);
        if ($password != "") {
            debToFile('-5 TRUE AdminerLoginPasswordLess->login:$login::'.$login);
        // That is debugging method appending  string into text file
            return true;
        }
        debToFile('-5 false AdminerLoginPasswordLess->login:$login::'.$login);
    }

}

and in adminer.php I added debugging line:

$plugins = array(
    new AdminerLoginPasswordLess(hash("md5", 'm8y2s8q&L')),

);
debToFile('-1After:AdminerLoginPasswordLess');

I loggin file I see:

<pre>::-2 AdminerLoginPasswordLess->__construct:$this->password_hash::c61d49aaab35ca428e60d764ff05159d</pre>
<pre>::-1After:AdminerLoginPasswordLess</pre>

It means that methods credentials and login of AdminerLoginPasswordLess class are not triggered. I run in browser as : http://local-adminer.com/?username=mysql_login_user

or http://local-adminer.com // host in apache config

and I have no errors, but I still have to enter password for mysql_login_user.

Did I miss some options/plugins?

Thanks!

Answer 1

Years later I wanted to something similar again, but this time I needed to support multiple databases ("dev db" and "stage db" and "prod db"). Seems Adminer doesn't support it for more than 1 db, so this time i ended up with a little hack instead: make index.php

if (!empty($_GET['loadCredentialsInjector'])) {
    header("Content-Type: text/javascript");
?>
    function togglePredefinedCreds(profile) {
    let $$ = document.querySelectorAll.bind(document);
    let creds = {};
    if (profile === "stage") {
    creds.host = "stage-db.com";
    creds.dbuser = 'stage-username';
    creds.dbpass = 'stage-password';
    creds.dbname = "stage-dbname";
    }
    else if(profile === "prod") {
    creds.host = "prod-db.com";
    creds.dbuser = 'prod-username';
    creds.dbpass = 'prod-password';
    creds.dbname = "prod-dbname";
    }
    $$("input[name='auth[server]']")[0].value = creds.host;
    $$("input[name='auth[username]']")[0].value = creds.dbuser;
    $$("input[name='auth[password]']")[0].value = creds.dbpass;
    $$("input[name='auth[db]']")[0].value = creds.dbname;
    }
    {
    let loadStageButtonReference = loadStageButton;
    let loadProdButtonReference = loadProdButton;
    loadStageButton.parentNode.removeChild(loadStageButton);
    loadProdButton.parentNode.removeChild(loadProdButton);
    document.body.insertBefore(loadStageButtonReference, document.body.firstChild);
    document.body.insertBefore(document.createTextNode("   "), document.body.firstChild);
    document.body.insertBefore(loadProdButtonReference, document.body.firstChild);
    loadStageButtonReference.addEventListener("click", function () {togglePredefinedCreds("stage");});
    loadProdButtonReference.addEventListener("click", function () {togglePredefinedCreds("prod");});
    }
    <?php
    die();
}
if (empty($_POST) &&  in_array($_SERVER['REQUEST_URI'], array("/adminer/", "/adminer", "/adminer/index.php"), true)) {
    register_shutdown_function(function () {
        $nonce = explode("nonce-", print_r(headers_list(), true))[1];
        $nonce = substr($nonce, 0, strpos($nonce, "'"));
    ?>
        <button id="loadStageButton">load Stage</button>
        <button id="loadProdButton">load Prod</button>
        <script src="?loadCredentialsInjector=1" type="text/javascript" nonce="<?php echo $nonce; ?>"></script>
<?php
    });
}
require("adminer.php");

then in the top-left corner you get buttons to load your desired database on the log-in screen :)

Answer 2

It often saves time if you can bypass small time consuming tasks. I tried above methods but did not work for me so I did the following which works in 2021 for Adminer 4.7.9.
WARNING: Please note that its only for your local machine & not advised for online databases.:
Step-1: Download Adminer source from Github, this link.
Step-2: Open adminer-master\adminer\include\auth.inc.php
Step-3: Edit the following at lines 55 to 57 & replace my_username & my_password with your MySQL credentials:

$server = "localhost";  //$auth["server"];
$username = "my_username";    //$auth["username"];
$password = "my_password"; //(string) $auth["password"];

Step-4: Save & now open Adminer by pointing your browser to "adminer-master\adminer"
Step-5: Just click Login button & you will login without entering anything.
Hope it will work for you.

Answer 3

first do

mkdir -p plugins;
wget -O plugins/plugin.php https://raw.githubusercontent.com/vrana/adminer/master/plugins/plugin.php;
nano plugins/passwordless_login.php

then write

<?php
class AdminerLoginPasswordLess {
    public function credentials() {
        return array("mysql_hostname", "mysql_username", "mysql_password");
    }
    function login($login, $password) {
            return true;
    }
}

then save and exit, then run nano adminer_with_plugins.php and write:

<?php
function adminer_object() {
    // required to run any plugin
    include_once "./plugins/plugin.php";
    
    // "autoloader"
    foreach (glob("plugins/*.php") as $filename) {
        include_once "./$filename";
    }
    
    $plugins = array(
        // specify enabled plugins here
        new AdminerLoginPasswordLess,
        //new AdminerDumpXml,
        //new AdminerTinymce,
        //new AdminerFileUpload("data/"),
        //new AdminerSlugify,
        //new AdminerTranslation,
        //new AdminerForeignSystem,
    );
    return new AdminerPlugin($plugins);
}

// include original Adminer or Adminer Editor
include "./adminer.php";

then save & exit; then point your web-browser to adminer_with_plugins.php instead of adminer.php, now you have effectively disabled adminer's ability to login with different usernames/passwords/hosts, no matter what credentials you try to login with, it will always login with the mysql_hostname/mysql_username/mysql_password written in the source code, ignoring the user input credentials.

needless to say, this is quite a security-sensitive operation.