681 lines
19 KiB
PHP
Raw Normal View History

2016-10-22 16:57:10 +02:00
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* Main loader script
*
* @package PhpMyAdmin
*/
2018-04-14 11:18:00 +02:00
use PhpMyAdmin\Charsets;
use PhpMyAdmin\Config;
use PhpMyAdmin\Core;
use PhpMyAdmin\Display\GitRevision;
use PhpMyAdmin\LanguageManager;
use PhpMyAdmin\Message;
use PhpMyAdmin\RecentFavoriteTable;
use PhpMyAdmin\Relation;
use PhpMyAdmin\Response;
use PhpMyAdmin\Sanitize;
use PhpMyAdmin\Server\Select;
use PhpMyAdmin\ThemeManager;
use PhpMyAdmin\Url;
use PhpMyAdmin\Util;
2016-10-22 16:57:10 +02:00
/**
* Gets some core libraries and displays a top message if required
*/
require_once 'libraries/common.inc.php';
/**
* pass variables to child pages
*/
$drops = array(
'lang',
'server',
'collation_connection',
'db',
'table'
);
foreach ($drops as $each_drop) {
if (array_key_exists($each_drop, $_GET)) {
unset($_GET[$each_drop]);
}
}
unset($drops, $each_drop);
/*
* Black list of all scripts to which front-end must submit data.
* Such scripts must not be loaded on home page.
*
*/
$target_blacklist = array (
'import.php', 'export.php'
);
// If we have a valid target, let's load that script instead
if (! empty($_REQUEST['target'])
&& is_string($_REQUEST['target'])
&& ! preg_match('/^index/', $_REQUEST['target'])
&& ! in_array($_REQUEST['target'], $target_blacklist)
2018-04-14 11:18:00 +02:00
&& Core::checkPageValidity($_REQUEST['target'])
2016-10-22 16:57:10 +02:00
) {
include $_REQUEST['target'];
exit;
}
if (isset($_REQUEST['ajax_request']) && ! empty($_REQUEST['access_time'])) {
exit;
}
2018-04-14 11:18:00 +02:00
// user selected font size
if (isset($_POST['set_fontsize']) && preg_match('/^[0-9.]+(px|em|pt|\%)$/', $_POST['set_fontsize'])) {
$GLOBALS['PMA_Config']->setUserValue(
null,
'FontSize',
$_POST['set_fontsize'],
'82%'
);
header('Location: index.php' . Url::getCommonRaw());
exit();
}
// if user selected a theme
if (isset($_POST['set_theme'])) {
$tmanager = ThemeManager::getInstance();
$tmanager->setActiveTheme($_POST['set_theme']);
$tmanager->setThemeCookie();
header('Location: index.php' . Url::getCommonRaw());
exit();
}
// Change collation connection
if (isset($_POST['collation_connection'])) {
$GLOBALS['PMA_Config']->setUserValue(
null,
'DefaultConnectionCollation',
$_POST['collation_connection'],
'utf8mb4_unicode_ci'
);
header('Location: index.php' . Url::getCommonRaw());
exit();
}
2016-10-22 16:57:10 +02:00
// See FAQ 1.34
if (! empty($_REQUEST['db'])) {
$page = null;
if (! empty($_REQUEST['table'])) {
2018-04-14 11:18:00 +02:00
$page = Util::getScriptNameForOption(
2016-10-22 16:57:10 +02:00
$GLOBALS['cfg']['DefaultTabTable'], 'table'
);
} else {
2018-04-14 11:18:00 +02:00
$page = Util::getScriptNameForOption(
2016-10-22 16:57:10 +02:00
$GLOBALS['cfg']['DefaultTabDatabase'], 'database'
);
}
include $page;
exit;
}
$response = Response::getInstance();
2016-10-22 16:57:10 +02:00
/**
* Check if it is an ajax request to reload the recent tables list.
*/
if ($response->isAjax() && ! empty($_REQUEST['recent_table'])) {
2016-10-22 16:57:10 +02:00
$response->addJSON(
'list',
RecentFavoriteTable::getInstance('recent')->getHtmlList()
);
exit;
}
if ($GLOBALS['PMA_Config']->isGitRevision()) {
if (isset($_REQUEST['git_revision']) && $response->isAjax()) {
2018-04-14 11:18:00 +02:00
GitRevision::display();
2016-10-22 16:57:10 +02:00
exit;
}
echo '<div id="is_git_revision"></div>';
}
// Handles some variables that may have been sent by the calling script
$GLOBALS['db'] = '';
$GLOBALS['table'] = '';
$show_query = '1';
// Any message to display?
if (! empty($message)) {
2018-04-14 11:18:00 +02:00
echo Util::getMessage($message);
2016-10-22 16:57:10 +02:00
unset($message);
}
2018-04-14 11:18:00 +02:00
if (isset($_SESSION['partial_logout'])) {
Message::success(
__('You were logged out from one server, to logout completely from phpMyAdmin, you need to logout from all servers.')
)->display();
unset($_SESSION['partial_logout']);
}
2016-10-22 16:57:10 +02:00
2018-04-14 11:18:00 +02:00
$common_url_query = Url::getCommon();
2016-10-22 16:57:10 +02:00
$mysql_cur_user_and_host = '';
// when $server > 0, a server has been chosen so we can display
// all MySQL-related information
if ($server > 0) {
include 'libraries/server_common.inc.php';
// Use the verbose name of the server instead of the hostname
// if a value is set
$server_info = '';
if (! empty($cfg['Server']['verbose'])) {
$server_info .= htmlspecialchars($cfg['Server']['verbose']);
if ($GLOBALS['cfg']['ShowServerInfo']) {
$server_info .= ' (';
}
}
if ($GLOBALS['cfg']['ShowServerInfo'] || empty($cfg['Server']['verbose'])) {
$server_info .= $GLOBALS['dbi']->getHostInfo();
}
if (! empty($cfg['Server']['verbose']) && $GLOBALS['cfg']['ShowServerInfo']) {
$server_info .= ')';
}
$mysql_cur_user_and_host = $GLOBALS['dbi']->fetchValue('SELECT USER();');
// should we add the port info here?
$short_server_info = (!empty($GLOBALS['cfg']['Server']['verbose'])
? $GLOBALS['cfg']['Server']['verbose']
: $GLOBALS['cfg']['Server']['host']);
}
echo '<div id="maincontainer">' , "\n";
// Anchor for favorite tables synchronization.
echo RecentFavoriteTable::getInstance('favorite')->getHtmlSyncFavoriteTables();
echo '<div id="main_pane_left">';
if ($server > 0 || count($cfg['Servers']) > 1
) {
if ($cfg['DBG']['demo']) {
echo '<div class="group">';
echo '<h2>' , __('phpMyAdmin Demo Server') , '</h2>';
2018-04-14 11:18:00 +02:00
echo '<p class="cfg_dbg_demo">';
2016-10-22 16:57:10 +02:00
printf(
__(
'You are using the demo server. You can do anything here, but '
. 'please do not change root, debian-sys-maint and pma users. '
. 'More information is available at %s.'
),
'<a href="url.php?url=https://demo.phpmyadmin.net/" target="_blank" rel="noopener noreferrer">demo.phpmyadmin.net</a>'
2016-10-22 16:57:10 +02:00
);
echo '</p>';
echo '</div>';
}
echo '<div class="group">';
echo '<h2>' , __('General settings') , '</h2>';
echo '<ul>';
/**
* Displays the MySQL servers choice form
*/
if ($cfg['ServerDefault'] == 0
|| (! $cfg['NavigationDisplayServers']
&& (count($cfg['Servers']) > 1
|| ($server == 0 && count($cfg['Servers']) == 1)))
) {
echo '<li id="li_select_server" class="no_bullets" >';
2018-04-14 11:18:00 +02:00
echo Util::getImage('s_host') , " "
, Select::render(true, true);
2016-10-22 16:57:10 +02:00
echo '</li>';
}
/**
* Displays the mysql server related links
*/
if ($server > 0) {
2018-04-14 11:18:00 +02:00
include_once 'libraries/check_user_privileges.inc.php';
2016-10-22 16:57:10 +02:00
// Logout for advanced authentication
if ($cfg['Server']['auth_type'] != 'config') {
if ($cfg['ShowChgPassword']) {
$conditional_class = 'ajax';
2018-04-14 11:18:00 +02:00
Core::printListItem(
Util::getImage('s_passwd') . "&nbsp;" . __(
2016-10-22 16:57:10 +02:00
'Change password'
),
'li_change_password',
'user_password.php' . $common_url_query,
null,
null,
'change_password_anchor',
"no_bullets",
$conditional_class
);
}
} // end if
echo ' <li id="li_select_mysql_collation" class="no_bullets" >';
2018-04-14 11:18:00 +02:00
echo ' <form class="disableAjax" method="post" action="index.php">' , "\n"
. Url::getHiddenInputs(null, null, 4, 'collation_connection')
2016-10-22 16:57:10 +02:00
. ' <label for="select_collation_connection">' . "\n"
2018-04-14 11:18:00 +02:00
. ' ' . Util::getImage('s_asci')
2016-10-22 16:57:10 +02:00
. "&nbsp;" . __('Server connection collation') . "\n"
// put the doc link in the form so that it appears on the same line
2018-04-14 11:18:00 +02:00
. Util::showMySQLDocu('Charset-connection')
2016-10-22 16:57:10 +02:00
. ': ' . "\n"
. ' </label>' . "\n"
. Charsets::getCollationDropdownBox(
2018-04-14 11:18:00 +02:00
$GLOBALS['dbi'],
$GLOBALS['cfg']['Server']['DisableIS'],
2016-10-22 16:57:10 +02:00
'collation_connection',
'select_collation_connection',
$collation_connection,
true,
true
)
. ' </form>' . "\n"
. ' </li>' . "\n";
} // end of if ($server > 0)
echo '</ul>';
echo '</div>';
}
echo '<div class="group">';
echo '<h2>' , __('Appearance settings') , '</h2>';
echo ' <ul>';
// Displays language selection combo
$language_manager = LanguageManager::getInstance();
if (empty($cfg['Lang']) && $language_manager->hasChoice()) {
2016-10-22 16:57:10 +02:00
echo '<li id="li_select_lang" class="no_bullets">';
2018-04-14 11:18:00 +02:00
echo Util::getImage('s_lang') , " "
, $language_manager->getSelectorDisplay();
2016-10-22 16:57:10 +02:00
echo '</li>';
}
// ThemeManager if available
if ($GLOBALS['cfg']['ThemeManager']) {
echo '<li id="li_select_theme" class="no_bullets">';
2018-04-14 11:18:00 +02:00
echo Util::getImage('s_theme') , " "
, ThemeManager::getInstance()->getHtmlSelectBox();
2016-10-22 16:57:10 +02:00
echo '</li>';
}
echo '<li id="li_select_fontsize">';
2018-04-14 11:18:00 +02:00
echo Config::getFontsizeForm();
2016-10-22 16:57:10 +02:00
echo '</li>';
echo '</ul>';
// User preferences
if ($server > 0) {
echo '<ul>';
2018-04-14 11:18:00 +02:00
Core::printListItem(
Util::getImage('b_tblops') . "&nbsp;" . __(
2016-10-22 16:57:10 +02:00
'More settings'
),
'li_user_preferences',
'prefs_manage.php' . $common_url_query,
null,
null,
null,
"no_bullets"
);
echo '</ul>';
}
echo '</div>';
echo '</div>';
echo '<div id="main_pane_right">';
if ($server > 0 && $GLOBALS['cfg']['ShowServerInfo']) {
echo '<div class="group">';
echo '<h2>' , __('Database server') , '</h2>';
echo '<ul>' , "\n";
2018-04-14 11:18:00 +02:00
Core::printListItem(
2016-10-22 16:57:10 +02:00
__('Server:') . ' ' . $server_info,
'li_server_info'
);
2018-04-14 11:18:00 +02:00
Core::printListItem(
__('Server type:') . ' ' . Util::getServerType(),
'li_server_type'
);
Core::printListItem(
__('Server connection:') . ' ' . Util::getServerSSL(),
2016-10-22 16:57:10 +02:00
'li_server_type'
);
2018-04-14 11:18:00 +02:00
Core::printListItem(
2016-10-22 16:57:10 +02:00
__('Server version:')
. ' '
2018-04-14 11:18:00 +02:00
. $GLOBALS['dbi']->getVersionString() . ' - ' . $GLOBALS['dbi']->getVersionComment(),
2016-10-22 16:57:10 +02:00
'li_server_version'
);
2018-04-14 11:18:00 +02:00
Core::printListItem(
2016-10-22 16:57:10 +02:00
__('Protocol version:') . ' ' . $GLOBALS['dbi']->getProtoInfo(),
'li_mysql_proto'
);
2018-04-14 11:18:00 +02:00
Core::printListItem(
2016-10-22 16:57:10 +02:00
__('User:') . ' ' . htmlspecialchars($mysql_cur_user_and_host),
'li_user_info'
);
echo ' <li id="li_select_mysql_charset">';
echo ' ' , __('Server charset:') , ' '
. ' <span lang="en" dir="ltr">';
$unicode = Charsets::$mysql_charset_map['utf-8'];
2018-04-14 11:18:00 +02:00
$charsets = Charsets::getMySQLCharsetsDescriptions(
$GLOBALS['dbi'],
$GLOBALS['cfg']['Server']['DisableIS']
);
echo ' ' , $charsets[$unicode], ' (' . $unicode, ')';
echo ' </span>'
2016-10-22 16:57:10 +02:00
. ' </li>'
. ' </ul>'
. ' </div>';
}
if ($GLOBALS['cfg']['ShowServerInfo'] || $GLOBALS['cfg']['ShowPhpInfo']) {
2016-10-22 16:57:10 +02:00
echo '<div class="group">';
echo '<h2>' , __('Web server') , '</h2>';
echo '<ul>';
if ($GLOBALS['cfg']['ShowServerInfo']) {
2018-04-14 11:18:00 +02:00
Core::printListItem($_SERVER['SERVER_SOFTWARE'], 'li_web_server_software');
2016-10-22 16:57:10 +02:00
if ($server > 0) {
$client_version_str = $GLOBALS['dbi']->getClientInfo();
if (preg_match('#\d+\.\d+\.\d+#', $client_version_str)) {
$client_version_str = 'libmysql - ' . $client_version_str;
}
2018-04-14 11:18:00 +02:00
Core::printListItem(
2016-10-22 16:57:10 +02:00
__('Database client version:') . ' ' . $client_version_str,
'li_mysql_client_version'
);
$php_ext_string = __('PHP extension:') . ' ';
2018-04-14 11:18:00 +02:00
$extensions = Util::listPHPExtensions();
2016-10-22 16:57:10 +02:00
foreach ($extensions as $extension) {
$php_ext_string .= ' ' . $extension
2018-04-14 11:18:00 +02:00
. Util::showPHPDocu('book.' . $extension . '.php');
2016-10-22 16:57:10 +02:00
}
2018-04-14 11:18:00 +02:00
Core::printListItem(
2016-10-22 16:57:10 +02:00
$php_ext_string,
'li_used_php_extension'
);
$php_version_string = __('PHP version:') . ' ' . phpversion();
2018-04-14 11:18:00 +02:00
Core::printListItem(
2016-10-22 16:57:10 +02:00
$php_version_string,
'li_used_php_version'
);
}
}
if ($cfg['ShowPhpInfo']) {
2018-04-14 11:18:00 +02:00
Core::printListItem(
__('Show PHP information'),
'li_phpinfo',
'phpinfo.php' . $common_url_query,
null,
'_blank'
);
}
2016-10-22 16:57:10 +02:00
echo ' </ul>';
echo ' </div>';
}
echo '<div class="group pmagroup">';
echo '<h2>phpMyAdmin</h2>';
echo '<ul>';
$class = null;
if ($GLOBALS['cfg']['VersionCheck']) {
$class = 'jsversioncheck';
}
2018-04-14 11:18:00 +02:00
Core::printListItem(
2016-10-22 16:57:10 +02:00
__('Version information:') . ' <span class="version">' . PMA_VERSION . '</span>',
'li_pma_version',
null,
null,
null,
null,
$class
);
2018-04-14 11:18:00 +02:00
Core::printListItem(
2016-10-22 16:57:10 +02:00
__('Documentation'),
'li_pma_docs',
2018-04-14 11:18:00 +02:00
Util::getDocuLink('index'),
2016-10-22 16:57:10 +02:00
null,
'_blank'
);
// does not work if no target specified, don't know why
2018-04-14 11:18:00 +02:00
Core::printListItem(
2016-10-22 16:57:10 +02:00
__('Official Homepage'),
'li_pma_homepage',
2018-04-14 11:18:00 +02:00
Core::linkURL('https://www.phpmyadmin.net/'),
2016-10-22 16:57:10 +02:00
null,
'_blank'
);
2018-04-14 11:18:00 +02:00
Core::printListItem(
2016-10-22 16:57:10 +02:00
__('Contribute'),
'li_pma_contribute',
2018-04-14 11:18:00 +02:00
Core::linkURL('https://www.phpmyadmin.net/contribute/'),
2016-10-22 16:57:10 +02:00
null,
'_blank'
);
2018-04-14 11:18:00 +02:00
Core::printListItem(
2016-10-22 16:57:10 +02:00
__('Get support'),
'li_pma_support',
2018-04-14 11:18:00 +02:00
Core::linkURL('https://www.phpmyadmin.net/support/'),
2016-10-22 16:57:10 +02:00
null,
'_blank'
);
2018-04-14 11:18:00 +02:00
Core::printListItem(
2016-10-22 16:57:10 +02:00
__('List of changes'),
'li_pma_changes',
2018-04-14 11:18:00 +02:00
'changelog.php' . Url::getCommon(),
2016-10-22 16:57:10 +02:00
null,
'_blank'
);
2018-04-14 11:18:00 +02:00
Core::printListItem(
2016-10-22 16:57:10 +02:00
__('License'),
'li_pma_license',
2018-04-14 11:18:00 +02:00
'license.php' . Url::getCommon(),
2016-10-22 16:57:10 +02:00
null,
'_blank'
);
echo ' </ul>';
echo ' </div>';
echo '</div>';
echo '</div>';
/**
* mbstring is used for handling multibytes inside parser, so it is good
* to tell user something might be broken without it, see bug #1063149.
*/
2018-04-14 11:18:00 +02:00
if (! extension_loaded('mbstring')) {
2016-10-22 16:57:10 +02:00
trigger_error(
__(
'The mbstring PHP extension was not found and you seem to be using'
. ' a multibyte charset. Without the mbstring extension phpMyAdmin'
. ' is unable to split strings correctly and it may result in'
. ' unexpected results.'
),
E_USER_WARNING
);
}
/**
* Missing functionality
*/
if (! extension_loaded('curl') && ! ini_get('allow_url_fopen')) {
trigger_error(
__(
'The curl extension was not found and allow_url_fopen is '
. 'disabled. Due to this some features such as error reporting '
. 'or version check are disabled.'
)
);
}
if ($cfg['LoginCookieValidityDisableWarning'] == false) {
/**
* Check whether session.gc_maxlifetime limits session validity.
*/
2018-04-14 11:18:00 +02:00
$gc_time = (int)ini_get('session.gc_maxlifetime');
2016-10-22 16:57:10 +02:00
if ($gc_time < $GLOBALS['cfg']['LoginCookieValidity'] ) {
trigger_error(
__(
'Your PHP parameter [a@https://secure.php.net/manual/en/session.' .
2016-10-22 16:57:10 +02:00
'configuration.php#ini.session.gc-maxlifetime@_blank]session.' .
'gc_maxlifetime[/a] is lower than cookie validity configured ' .
'in phpMyAdmin, because of this, your login might expire sooner ' .
'than configured in phpMyAdmin.'
),
E_USER_WARNING
);
}
}
/**
* Check whether LoginCookieValidity is limited by LoginCookieStore.
*/
if ($GLOBALS['cfg']['LoginCookieStore'] != 0
&& $GLOBALS['cfg']['LoginCookieStore'] < $GLOBALS['cfg']['LoginCookieValidity']
) {
trigger_error(
__(
'Login cookie store is lower than cookie validity configured in ' .
'phpMyAdmin, because of this, your login will expire sooner than ' .
'configured in phpMyAdmin.'
),
E_USER_WARNING
);
}
/**
* Check if user does not have defined blowfish secret and it is being used.
*/
if (! empty($_SESSION['encryption_key'])) {
if (empty($GLOBALS['cfg']['blowfish_secret'])) {
trigger_error(
__(
'The configuration file now needs a secret passphrase (blowfish_secret).'
),
E_USER_WARNING
);
} elseif (strlen($GLOBALS['cfg']['blowfish_secret']) < 32) {
2016-10-22 16:57:10 +02:00
trigger_error(
__(
'The secret passphrase in configuration (blowfish_secret) is too short.'
),
E_USER_WARNING
);
}
}
/**
* Check for existence of config directory which should not exist in
* production environment.
*/
if (@file_exists('config')) {
trigger_error(
__(
'Directory [code]config[/code], which is used by the setup script, ' .
'still exists in your phpMyAdmin directory. It is strongly ' .
'recommended to remove it once phpMyAdmin has been configured. ' .
'Otherwise the security of your server may be compromised by ' .
'unauthorized people downloading your configuration.'
),
E_USER_WARNING
);
}
2018-04-14 11:18:00 +02:00
$relation = new Relation();
2016-10-22 16:57:10 +02:00
if ($server > 0) {
2018-04-14 11:18:00 +02:00
$cfgRelation = $relation->getRelationsParam();
2016-10-22 16:57:10 +02:00
if (! $cfgRelation['allworks']
&& $cfg['PmaNoRelation_DisableWarning'] == false
) {
$msg_text = __(
'The phpMyAdmin configuration storage is not completely '
. 'configured, some extended features have been deactivated. '
. '%sFind out why%s. '
);
if ($cfg['ZeroConf'] == true) {
$msg_text .= '<br>' .
__(
'Or alternately go to \'Operations\' tab of any database '
. 'to set it up there.'
);
}
2018-04-14 11:18:00 +02:00
$msg = Message::notice($msg_text);
$msg->addParamHtml('<a href="./chk_rel.php' . $common_url_query . '">');
$msg->addParamHtml('</a>');
2016-10-22 16:57:10 +02:00
/* Show error if user has configured something, notice elsewhere */
if (!empty($cfg['Servers'][$server]['pmadb'])) {
$msg->isError(true);
}
$msg->display();
} // end if
}
/**
* Warning about Suhosin only if its simulation mode is not enabled
*/
if ($cfg['SuhosinDisableWarning'] == false
2018-04-14 11:18:00 +02:00
&& ini_get('suhosin.request.max_value_length')
&& ini_get('suhosin.simulation') == '0'
2016-10-22 16:57:10 +02:00
) {
trigger_error(
sprintf(
__(
'Server running with Suhosin. Please refer to %sdocumentation%s ' .
'for possible issues.'
),
'[doc@faq1-38]',
'[/doc]'
),
E_USER_WARNING
);
}
2018-04-14 11:18:00 +02:00
/* Missing template cache */
if (is_null($GLOBALS['PMA_Config']->getTempDir('twig'))) {
trigger_error(
sprintf(
__('The $cfg[\'TempDir\'] (%s) is not accessible. phpMyAdmin is not able to cache templates and will be slow because of this.'),
$GLOBALS['PMA_Config']->get('TempDir')
),
E_USER_WARNING
);
}
2016-10-22 16:57:10 +02:00
/**
* Warning about incomplete translations.
*
* The data file is created while creating release by ./scripts/remove-incomplete-mo
*/
if (@file_exists('libraries/language_stats.inc.php')) {
include 'libraries/language_stats.inc.php';
/*
* This message is intentionally not translated, because we're
* handling incomplete translations here and focus on english
* speaking users.
*/
if (isset($GLOBALS['language_stats'][$lang])
&& $GLOBALS['language_stats'][$lang] < $cfg['TranslationWarningThreshold']
) {
trigger_error(
'You are using an incomplete translation, please help to make it '
. 'better by [a@https://www.phpmyadmin.net/translate/'
. '@_blank]contributing[/a].',
E_USER_NOTICE
);
}
}