search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Upgraded phpmyadmin to 4.0.4 (All Languages) - No modifications yet
[openemr.git] / phpmyadmin / setup / lib / index.lib.php
blobfe82b1ee95953ba3e8f0f6ffed6b632017be6d37
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Various checks and message functions used on index page.
5 *
6 * @package PhpMyAdmin-Setup
7 */
8
9 if (!defined('PHPMYADMIN')) {
10 exit;
11 }
12
13 /**
14 * Initializes message list
15 *
16 * @return void
17 */
18 function messages_begin()
19 {
20 if (! isset($_SESSION['messages']) || !is_array($_SESSION['messages'])) {
21 $_SESSION['messages'] = array('error' => array(), 'notice' => array());
22 } else {
23 // reset message states
24 foreach ($_SESSION['messages'] as &$messages) {
25 foreach ($messages as &$msg) {
26 $msg['fresh'] = false;
27 $msg['active'] = false;
28 }
29 }
30 }
31 }
32
33 /**
34 * Adds a new message to message list
35 *
36 * @param string $type one of: notice, error
37 * @param string $id unique message identifier
38 * @param string $title language string id (in $str array)
39 * @param string $message message text
40 *
41 * @return void
42 */
43 function messages_set($type, $id, $title, $message)
44 {
45 $fresh = ! isset($_SESSION['messages'][$type][$id]);
46 $_SESSION['messages'][$type][$id] = array(
47 'fresh' => $fresh,
48 'active' => true,
49 'title' => $title,
50 'message' => $message);
51 }
52
53 /**
54 * Cleans up message list
55 *
56 * @return void
57 */
58 function messages_end()
59 {
60 foreach ($_SESSION['messages'] as &$messages) {
61 $remove_ids = array();
62 foreach ($messages as $id => &$msg) {
63 if ($msg['active'] == false) {
64 $remove_ids[] = $id;
65 }
66 }
67 foreach ($remove_ids as $id) {
68 unset($messages[$id]);
69 }
70 }
71 }
72
73 /**
74 * Prints message list, must be called after messages_end()
75 *
76 * @return void
77 */
78 function messages_show_html()
79 {
80 $old_ids = array();
81 foreach ($_SESSION['messages'] as $type => $messages) {
82 foreach ($messages as $id => $msg) {
83 echo '<div class="' . $type . '" id="' . $id . '">'
84 . '<h4>' . $msg['title'] . '</h4>'
85 . $msg['message'] . '</div>';
86 if (!$msg['fresh'] && $type != 'error') {
87 $old_ids[] = $id;
88 }
89 }
90 }
91
92 echo "\n" . '<script type="text/javascript">';
93 foreach ($old_ids as $id) {
94 echo "\nhiddenMessages.push('$id');";
95 }
96 echo "\n</script>\n";
97 }
98
99 /**
100 * Checks for newest phpMyAdmin version and sets result as a new notice
101 *
102 * @return void
103 */
104 function PMA_version_check()
105 {
106 // version check messages should always be visible so let's make
107 // a unique message id each time we run it
108 $message_id = uniqid('version_check');
109 // wait 3s at most for server response, it's enough to get information
110 // from a working server
111 $connection_timeout = 3;
112
113 $url = 'http://phpmyadmin.net/home_page/version.php';
114 $context = stream_context_create(
115 array(
116 'http' => array('timeout' => $connection_timeout)
117 )
118 );
119 $data = @file_get_contents($url, null, $context);
120 if ($data === false) {
121 if (function_exists('curl_init')) {
122 $ch = curl_init($url);
123 curl_setopt($ch, CURLOPT_HEADER, false);
124 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
125 curl_setopt($ch, CURLOPT_TIMEOUT, $connection_timeout);
126 $data = curl_exec($ch);
127 curl_close($ch);
128 } else {
129 messages_set(
130 'error',
131 $message_id,
132 __('Version check'),
133 __('Neither URL wrapper nor CURL is available. Version check is not possible.')
134 );
135 return;
136 }
137 }
138
139 if (empty($data)) {
140 messages_set(
141 'error',
142 $message_id,
143 __('Version check'),
144 __('Reading of version failed. Maybe you\'re offline or the upgrade server does not respond.')
145 );
146 return;
147 }
148
149 /* Format: version\ndate\n(download\n)* */
150 $data_list = explode("\n", $data);
151
152 if (count($data_list) > 1) {
153 $version = $data_list[0];
154 $date = $data_list[1];
155 } else {
156 $version = $date = '';
157 }
158
159 $version_upstream = version_to_int($version);
160 if ($version_upstream === false) {
161 messages_set(
162 'error',
163 $message_id,
164 __('Version check'),
165 __('Got invalid version string from server')
166 );
167 return;
168 }
169
170 $version_local = version_to_int($GLOBALS['PMA_Config']->get('PMA_VERSION'));
171 if ($version_local === false) {
172 messages_set(
173 'error',
174 $message_id,
175 __('Version check'),
176 __('Unparsable version string')
177 );
178 return;
179 }
180
181 if ($version_upstream > $version_local) {
182 $version = htmlspecialchars($version);
183 $date = htmlspecialchars($date);
184 messages_set(
185 'notice',
186 $message_id,
187 __('Version check'),
188 sprintf(__('A newer version of phpMyAdmin is available and you should consider upgrading. The newest version is %s, released on %s.'), $version, $date)
189 );
190 } else {
191 if ($version_local % 100 == 0) {
192 messages_set(
193 'notice',
194 $message_id,
195 __('Version check'),
196 PMA_sanitize(sprintf(__('You are using Git version, run [kbd]git pull[/kbd] :-)[br]The latest stable version is %s, released on %s.'), $version, $date))
197 );
198 } else {
199 messages_set(
200 'notice',
201 $message_id,
202 __('Version check'),
203 __('No newer stable version is available')
204 );
205 }
206 }
207 }
208
209 /**
210 * Calculates numerical equivalent of phpMyAdmin version string
211 *
212 * @param string $version version
213 *
214 * @return mixed false on failure, integer on success
215 */
216 function version_to_int($version)
217 {
218 $matches = array();
219 if (!preg_match('/^(\d+)\.(\d+)\.(\d+)((\.|-(pl|rc|dev|beta|alpha))(\d+)?(-dev)?)?$/', $version, $matches)) {
220 return false;
221 }
222 if (!empty($matches[6])) {
223 switch ($matches[6]) {
224 case 'pl':
225 $added = 60;
226 break;
227 case 'rc':
228 $added = 30;
229 break;
230 case 'beta':
231 $added = 20;
232 break;
233 case 'alpha':
234 $added = 10;
235 break;
236 case 'dev':
237 $added = 0;
238 break;
239 default:
240 messages_set(
241 'notice',
242 'version_match',
243 __('Version check'),
244 'Unknown version part: ' . htmlspecialchars($matches[6])
245 );
246 $added = 0;
247 break;
248 }
249 } else {
250 $added = 50; // for final
251 }
252 if (!empty($matches[7])) {
253 $added = $added + $matches[7];
254 }
255 return $matches[1] * 1000000 + $matches[2] * 10000 + $matches[3] * 100 + $added;
256 }
257
258 /**
259 * Checks whether config file is readable/writable
260 *
261 * @param bool &$is_readable
262 * @param bool &$is_writable
263 * @param bool &$file_exists
264 *
265 * @return void
266 */
267 function check_config_rw(&$is_readable, &$is_writable, &$file_exists)
268 {
269 $file_path = ConfigFile::getInstance()->getFilePath();
270 $file_dir = dirname($file_path);
271 $is_readable = true;
272 $is_writable = is_dir($file_dir);
273 if (SETUP_DIR_WRITABLE) {
274 $is_writable = $is_writable && is_writable($file_dir);
275 }
276 $file_exists = file_exists($file_path);
277 if ($file_exists) {
278 $is_readable = is_readable($file_path);
279 $is_writable = $is_writable && is_writable($file_path);
280 }
281 }
282
283 /**
284 * Performs various compatibility, security and consistency checks on current config
285 *
286 * Outputs results to message list, must be called between messages_begin()
287 * and messages_end()
288 *
289 * @return void
290 */
291 function perform_config_checks()
292 {
293 $cf = ConfigFile::getInstance();
294 $blowfish_secret = $cf->get('blowfish_secret');
295 $blowfish_secret_set = false;
296 $cookie_auth_used = false;
297
298 $strAllowArbitraryServerWarning = __('This %soption%s should be disabled as it allows attackers to bruteforce login to any MySQL server. If you feel this is necessary, use %strusted proxies list%s. However, IP-based protection may not be reliable if your IP belongs to an ISP where thousands of users, including you, are connected to.');
299 $strAllowArbitraryServerWarning = sprintf($strAllowArbitraryServerWarning, '[a@?page=form&amp;formset=Features#tab_Security]', '[/a]', '[a@?page=form&amp;formset=Features#tab_Security]', '[/a]');
300 $strBlowfishSecretMsg = __('You didn\'t have blowfish secret set and have enabled cookie authentication, so a key was automatically generated for you. It is used to encrypt cookies; you don\'t need to remember it.');
301 $strBZipDumpWarning = __('%sBzip2 compression and decompression%s requires functions (%s) which are unavailable on this system.');
302 $strBZipDumpWarning = sprintf($strBZipDumpWarning, '[a@?page=form&amp;formset=Features#tab_Import_export]', '[/a]', '%s');
303 $strDirectoryNotice = __('This value should be double checked to ensure that this directory is neither world accessible nor readable or writable by other users on your server.');
304 $strForceSSLNotice = __('This %soption%s should be enabled if your web server supports it.');
305 $strForceSSLNotice = sprintf($strForceSSLNotice, '[a@?page=form&amp;formset=Features#tab_Security]', '[/a]');
306 $strGZipDumpWarning = __('%sGZip compression and decompression%s requires functions (%s) which are unavailable on this system.');
307 $strGZipDumpWarning = sprintf($strGZipDumpWarning, '[a@?page=form&amp;formset=Features#tab_Import_export]', '[/a]', '%s');
308 $strLoginCookieValidityWarning = __('%sLogin cookie validity%s greater than 1440 seconds may cause random session invalidation if %ssession.gc_maxlifetime%s is lower than its value (currently %d).');
309 $strLoginCookieValidityWarning = sprintf($strLoginCookieValidityWarning, '[a@?page=form&amp;formset=Features#tab_Security]', '[/a]', '[a@' . PMA_getPHPDocLink('session.configuration.php#ini.session.gc-maxlifetime') . ']', '[/a]', ini_get('session.gc_maxlifetime'));
310 $strLoginCookieValidityWarning2 = __('%sLogin cookie validity%s should be set to 1800 seconds (30 minutes) at most. Values larger than 1800 may pose a security risk such as impersonation.');
311 $strLoginCookieValidityWarning2 = sprintf($strLoginCookieValidityWarning2, '[a@?page=form&amp;formset=Features#tab_Security]', '[/a]');
312 $strLoginCookieValidityWarning3 = __('If using cookie authentication and %sLogin cookie store%s is not 0, %sLogin cookie validity%s must be set to a value less or equal to it.');
313 $strLoginCookieValidityWarning3 = sprintf($strLoginCookieValidityWarning3, '[a@?page=form&amp;formset=Features#tab_Security]', '[/a]', '[a@?page=form&amp;formset=Features#tab_Security]', '[/a]');
314 $strSecurityInfoMsg = __('If you feel this is necessary, use additional protection settings - %shost authentication%s settings and %strusted proxies list%s. However, IP-based protection may not be reliable if your IP belongs to an ISP where thousands of users, including you, are connected to.');
315 $strSecurityInfoMsg = sprintf($strSecurityInfoMsg, '[a@?page=servers&amp;mode=edit&amp;id=%1$d#tab_Server_config]', '[/a]', '[a@?page=form&amp;formset=Features#tab_Security]', '[/a]');
316 $strServerAuthConfigMsg = __('You set the [kbd]config[/kbd] authentication type and included username and password for auto-login, which is not a desirable option for live hosts. Anyone who knows or guesses your phpMyAdmin URL can directly access your phpMyAdmin panel. Set %sauthentication type%s to [kbd]cookie[/kbd] or [kbd]http[/kbd].');
317 $strServerAuthConfigMsg = sprintf($strServerAuthConfigMsg, '[a@?page=servers&amp;mode=edit&amp;id=%1$d#tab_Server]', '[/a]');
318 $strZipDumpExportWarning = __('%sZip compression%s requires functions (%s) which are unavailable on this system.');
319 $strZipDumpExportWarning = sprintf($strZipDumpExportWarning, '[a@?page=form&amp;formset=Features#tab_Import_export]', '[/a]', '%s');
320 $strZipDumpImportWarning = __('%sZip decompression%s requires functions (%s) which are unavailable on this system.');
321 $strZipDumpImportWarning = sprintf($strZipDumpImportWarning, '[a@?page=form&amp;formset=Features#tab_Import_export]', '[/a]', '%s');
322
323 for ($i = 1, $server_cnt = $cf->getServerCount(); $i <= $server_cnt; $i++) {
324 $cookie_auth_server = ($cf->getValue("Servers/$i/auth_type") == 'cookie');
325 $cookie_auth_used |= $cookie_auth_server;
326 $server_name = $cf->getServerName($i);
327 if ($server_name == 'localhost') {
328 $server_name .= " [$i]";
329 }
330 $server_name = htmlspecialchars($server_name);
331
332 if ($cookie_auth_server && $blowfish_secret === null) {
333 $blowfish_secret = uniqid('', true);
334 $blowfish_secret_set = true;
335 $cf->set('blowfish_secret', $blowfish_secret);
336 }
337
338 //
339 // $cfg['Servers'][$i]['ssl']
340 // should be enabled if possible
341 //
342 if (!$cf->getValue("Servers/$i/ssl")) {
343 $title = PMA_lang(PMA_lang_name('Servers/1/ssl')) . " ($server_name)";
344 messages_set(
345 'notice',
346 "Servers/$i/ssl",
347 $title,
348 __('You should use SSL connections if your database server supports it.')
349 );
350 }
351
352 //
353 // $cfg['Servers'][$i]['extension']
354 // warn about using 'mysql'
355 //
356 if ($cf->getValue("Servers/$i/extension") == 'mysql') {
357 $title = PMA_lang(PMA_lang_name('Servers/1/extension'))
358 . " ($server_name)";
359 messages_set(
360 'notice',
361 "Servers/$i/extension",
362 $title,
363 __('You should use mysqli for performance reasons.')
364 );
365 }
366
367 //
368 // $cfg['Servers'][$i]['auth_type']
369 // warn about full user credentials if 'auth_type' is 'config'
370 //
371 if ($cf->getValue("Servers/$i/auth_type") == 'config'
372 && $cf->getValue("Servers/$i/user") != ''
373 && $cf->getValue("Servers/$i/password") != ''
374 ) {
375 $title = PMA_lang(PMA_lang_name('Servers/1/auth_type'))
376 . " ($server_name)";
377 messages_set(
378 'notice',
379 "Servers/$i/auth_type",
380 $title,
381 PMA_lang($strServerAuthConfigMsg, $i) . ' '
382 . PMA_lang($strSecurityInfoMsg, $i)
383 );
384 }
385
386 //
387 // $cfg['Servers'][$i]['AllowRoot']
388 // $cfg['Servers'][$i]['AllowNoPassword']
389 // serious security flaw
390 //
391 if ($cf->getValue("Servers/$i/AllowRoot")
392 && $cf->getValue("Servers/$i/AllowNoPassword")
393 ) {
394 $title = PMA_lang(PMA_lang_name('Servers/1/AllowNoPassword'))
395 . " ($server_name)";
396 messages_set(
397 'notice',
398 "Servers/$i/AllowNoPassword",
399 $title,
400 __('You allow for connecting to the server without a password.') . ' '
401 . PMA_lang($strSecurityInfoMsg, $i)
402 );
403 }
404 }
405
406 //
407 // $cfg['blowfish_secret']
408 // it's required for 'cookie' authentication
409 //
410 if ($cookie_auth_used) {
411 if ($blowfish_secret_set) {
412 // 'cookie' auth used, blowfish_secret was generated
413 messages_set(
414 'notice',
415 'blowfish_secret_created',
416 PMA_lang(PMA_lang_name('blowfish_secret')),
417 $strBlowfishSecretMsg
418 );
419 } else {
420 $blowfish_warnings = array();
421 // check length
422 if (strlen($blowfish_secret) < 8) {
423 // too short key
424 $blowfish_warnings[] = __('Key is too short, it should have at least 8 characters.');
425 }
426 // check used characters
427 $has_digits = (bool) preg_match('/\d/', $blowfish_secret);
428 $has_chars = (bool) preg_match('/\S/', $blowfish_secret);
429 $has_nonword = (bool) preg_match('/\W/', $blowfish_secret);
430 if (!$has_digits || !$has_chars || !$has_nonword) {
431 $blowfish_warnings[] = PMA_lang(__('Key should contain letters, numbers [em]and[/em] special characters.'));
432 }
433 if (!empty($blowfish_warnings)) {
434 messages_set(
435 'error',
436 'blowfish_warnings' . count($blowfish_warnings),
437 PMA_lang(PMA_lang_name('blowfish_secret')),
438 implode('<br />', $blowfish_warnings)
439 );
440 }
441 }
442 }
443
444 //
445 // $cfg['ForceSSL']
446 // should be enabled if possible
447 //
448 if (!$cf->getValue('ForceSSL')) {
449 messages_set(
450 'notice',
451 'ForceSSL',
452 PMA_lang(PMA_lang_name('ForceSSL')),
453 PMA_lang($strForceSSLNotice)
454 );
455 }
456
457 //
458 // $cfg['AllowArbitraryServer']
459 // should be disabled
460 //
461 if ($cf->getValue('AllowArbitraryServer')) {
462 messages_set(
463 'notice',
464 'AllowArbitraryServer',
465 PMA_lang(PMA_lang_name('AllowArbitraryServer')),
466 PMA_lang($strAllowArbitraryServerWarning)
467 );
468 }
469
470 //
471 // $cfg['LoginCookieValidity']
472 // value greater than session.gc_maxlifetime will cause
473 // random session invalidation after that time
474 if ($cf->getValue('LoginCookieValidity') > 1440
475 || $cf->getValue('LoginCookieValidity') > ini_get('session.gc_maxlifetime')
476 ) {
477 $message_type = $cf->getValue('LoginCookieValidity') > ini_get('session.gc_maxlifetime')
478 ? 'error'
479 : 'notice';
480 messages_set(
481 $message_type,
482 'LoginCookieValidity',
483 PMA_lang(PMA_lang_name('LoginCookieValidity')),
484 PMA_lang($strLoginCookieValidityWarning)
485 );
486 }
487
488 //
489 // $cfg['LoginCookieValidity']
490 // should be at most 1800 (30 min)
491 //
492 if ($cf->getValue('LoginCookieValidity') > 1800) {
493 messages_set(
494 'notice',
495 'LoginCookieValidity',
496 PMA_lang(PMA_lang_name('LoginCookieValidity')),
497 PMA_lang($strLoginCookieValidityWarning2)
498 );
499 }
500
501 //
502 // $cfg['LoginCookieValidity']
503 // $cfg['LoginCookieStore']
504 // LoginCookieValidity must be less or equal to LoginCookieStore
505 //
506 if ($cf->getValue('LoginCookieStore') != 0
507 && $cf->getValue('LoginCookieValidity') > $cf->getValue('LoginCookieStore')
508 ) {
509 messages_set(
510 'error',
511 'LoginCookieValidity',
512 PMA_lang(PMA_lang_name('LoginCookieValidity')),
513 PMA_lang($strLoginCookieValidityWarning3)
514 );
515 }
516
517 //
518 // $cfg['SaveDir']
519 // should not be world-accessible
520 //
521 if ($cf->getValue('SaveDir') != '') {
522 messages_set(
523 'notice',
524 'SaveDir',
525 PMA_lang(PMA_lang_name('SaveDir')),
526 PMA_lang($strDirectoryNotice)
527 );
528 }
529
530 //
531 // $cfg['TempDir']
532 // should not be world-accessible
533 //
534 if ($cf->getValue('TempDir') != '') {
535 messages_set(
536 'notice',
537 'TempDir',
538 PMA_lang(PMA_lang_name('TempDir')),
539 PMA_lang($strDirectoryNotice)
540 );
541 }
542
543 //
544 // $cfg['GZipDump']
545 // requires zlib functions
546 //
547 if ($cf->getValue('GZipDump')
548 && (@!function_exists('gzopen') || @!function_exists('gzencode'))
549 ) {
550 messages_set(
551 'error',
552 'GZipDump',
553 PMA_lang(PMA_lang_name('GZipDump')),
554 PMA_lang($strGZipDumpWarning, 'gzencode')
555 );
556 }
557
558 //
559 // $cfg['BZipDump']
560 // requires bzip2 functions
561 //
562 if ($cf->getValue('BZipDump')
563 && (!@function_exists('bzopen') || !@function_exists('bzcompress'))
564 ) {
565 $functions = @function_exists('bzopen')
566 ? '' :
567 'bzopen';
568 $functions .= @function_exists('bzcompress')
569 ? ''
570 : ($functions ? ', ' : '') . 'bzcompress';
571 messages_set(
572 'error',
573 'BZipDump',
574 PMA_lang(PMA_lang_name('BZipDump')),
575 PMA_lang($strBZipDumpWarning, $functions)
576 );
577 }
578
579 //
580 // $cfg['ZipDump']
581 // requires zip_open in import
582 //
583 if ($cf->getValue('ZipDump') && !@function_exists('zip_open')) {
584 messages_set(
585 'error',
586 'ZipDump_import',
587 PMA_lang(PMA_lang_name('ZipDump')),
588 PMA_lang($strZipDumpImportWarning, 'zip_open')
589 );
590 }
591
592 //
593 // $cfg['ZipDump']
594 // requires gzcompress in export
595 //
596 if ($cf->getValue('ZipDump') && !@function_exists('gzcompress')) {
597 messages_set(
598 'error',
599 'ZipDump_export',
600 PMA_lang(PMA_lang_name('ZipDump')),
601 PMA_lang($strZipDumpExportWarning, 'gzcompress')
602 );
603 }
604 }
605 ?>
Mirror of official OpenEMR Sourceforge repository