search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
UPDATE 4.4.0.0
[phpmyadmin.git] / index.php
bloba0d74f246339fc8699b4b884b93eca579e828e15
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Main loader script
5 *
6 * @package PhpMyAdmin
7 */
8
9 /**
10 * Gets some core libraries and displays a top message if required
11 */
12 require_once 'libraries/common.inc.php';
13
14 /**
15 * display Git revision if requested
16 */
17 require_once 'libraries/display_git_revision.lib.php';
18
19 /**
20 * pass variables to child pages
21 */
22 $drops = array(
23 'lang',
24 'server',
25 'collation_connection',
26 'db',
27 'table'
28 );
29 foreach ($drops as $each_drop) {
30 if (array_key_exists($each_drop, $_GET)) {
31 unset($_GET[$each_drop]);
32 }
33 }
34 unset($drops, $each_drop);
35
36 /*
37 * Black list of all scripts to which front-end must submit data.
38 * Such scripts must not be loaded on home page.
39 *
40 */
41 $target_blacklist = array (
42 'import.php', 'export.php'
43 );
44
45 // If we have a valid target, let's load that script instead
46 if (! empty($_REQUEST['target'])
47 && is_string($_REQUEST['target'])
48 && ! preg_match('/^index/', $_REQUEST['target'])
49 && ! in_array($_REQUEST['target'], $target_blacklist)
50 && in_array($_REQUEST['target'], $goto_whitelist)
51 ) {
52 include $_REQUEST['target'];
53 exit;
54 }
55
56 if (isset($_REQUEST['ajax_request']) && ! empty($_REQUEST['access_time'])) {
57 exit;
58 }
59
60 // See FAQ 1.34
61 if (! empty($_REQUEST['db'])) {
62 $page = null;
63 if (! empty($_REQUEST['table'])) {
64 $page = $GLOBALS['cfg']['DefaultTabTable'];
65 } else {
66 $page = $GLOBALS['cfg']['DefaultTabDatabase'];
67 }
68 include $page;
69 exit;
70 }
71
72 /**
73 * Check if it is an ajax request to reload the recent tables list.
74 */
75 require_once 'libraries/RecentFavoriteTable.class.php';
76 if ($GLOBALS['is_ajax_request'] && ! empty($_REQUEST['recent_table'])) {
77 $response = PMA_Response::getInstance();
78 $response->addJSON(
79 'list',
80 PMA_RecentFavoriteTable::getInstance('recent')->getHtmlList()
81 );
82 exit;
83 }
84
85 if ($GLOBALS['PMA_Config']->isGitRevision()) {
86 if (isset($_REQUEST['git_revision']) && $GLOBALS['is_ajax_request'] == true) {
87 PMA_printGitRevision();
88 exit;
89 }
90 echo '<div id="is_git_revision"></div>';
91 }
92
93 // Handles some variables that may have been sent by the calling script
94 $GLOBALS['db'] = '';
95 $GLOBALS['table'] = '';
96 $show_query = '1';
97
98 // Any message to display?
99 if (! empty($message)) {
100 echo PMA_Util::getMessage($message);
101 unset($message);
102 }
103
104 $common_url_query = PMA_URL_getCommon();
105 $mysql_cur_user_and_host = '';
106
107 // when $server > 0, a server has been chosen so we can display
108 // all MySQL-related information
109 if ($server > 0) {
110 include 'libraries/server_common.inc.php';
111 include 'libraries/StorageEngine.class.php';
112
113 // Use the verbose name of the server instead of the hostname
114 // if a value is set
115 $server_info = '';
116 if (! empty($cfg['Server']['verbose'])) {
117 $server_info .= htmlspecialchars($cfg['Server']['verbose']);
118 if ($GLOBALS['cfg']['ShowServerInfo']) {
119 $server_info .= ' (';
120 }
121 }
122 if ($GLOBALS['cfg']['ShowServerInfo'] || empty($cfg['Server']['verbose'])) {
123 $server_info .= $GLOBALS['dbi']->getHostInfo();
124 }
125 if (! empty($cfg['Server']['verbose']) && $GLOBALS['cfg']['ShowServerInfo']) {
126 $server_info .= ')';
127 }
128 $mysql_cur_user_and_host = $GLOBALS['dbi']->fetchValue('SELECT USER();');
129
130 // should we add the port info here?
131 $short_server_info = (!empty($GLOBALS['cfg']['Server']['verbose'])
132 ? $GLOBALS['cfg']['Server']['verbose']
133 : $GLOBALS['cfg']['Server']['host']);
134 }
135
136 echo '<div id="maincontainer">' . "\n";
137 // Anchor for favorite tables synchronization.
138 echo PMA_RecentFavoriteTable::getInstance('favorite')->getHtmlSyncFavoriteTables();
139 echo '<div id="main_pane_left">';
140 if ($server > 0 || count($cfg['Servers']) > 1
141 ) {
142 if ($cfg['DBG']['demo']) {
143 echo '<div class="group">';
144 echo '<h2>' . __('phpMyAdmin Demo Server') . '</h2>';
145 echo '<p style="margin: 0.5em 1em 0.5em 1em">';
146 printf(
147 __(
148 'You are using the demo server. You can do anything here, but '
149 . 'please do not change root, debian-sys-maint and pma users. '
150 . 'More information is available at %s.'
151 ),
152 '<a href="http://demo.phpmyadmin.net/">demo.phpmyadmin.net</a>'
153 );
154 echo '</p>';
155 echo '</div>';
156 }
157 echo '<div class="group">';
158 echo '<h2>' . __('General Settings') . '</h2>';
159 echo '<ul>';
160
161 /**
162 * Displays the MySQL servers choice form
163 */
164 if ($cfg['ServerDefault'] == 0
165 || (! $cfg['NavigationDisplayServers']
166 && (count($cfg['Servers']) > 1
167 || ($server == 0 && count($cfg['Servers']) == 1)))
168 ) {
169 echo '<li id="li_select_server" class="no_bullets" >';
170 include_once 'libraries/select_server.lib.php';
171 echo PMA_Util::getImage('s_host.png') . " " . PMA_selectServer(true, true);
172 echo '</li>';
173 }
174
175 /**
176 * Displays the mysql server related links
177 */
178 if ($server > 0 && ! PMA_DRIZZLE) {
179 include_once 'libraries/check_user_privileges.lib.php';
180
181 // Logout for advanced authentication
182 if ($cfg['Server']['auth_type'] != 'config') {
183 if ($cfg['ShowChgPassword']) {
184 $conditional_class = 'ajax';
185 PMA_printListItem(
186 PMA_Util::getImage('s_passwd.png') . " " . __('Change password'),
187 'li_change_password',
188 'user_password.php' . $common_url_query,
189 null,
190 null,
191 'change_password_anchor',
192 "no_bullets",
193 $conditional_class
194 );
195 }
196 } // end if
197 echo ' <li id="li_select_mysql_collation" class="no_bullets" >';
198 echo ' <form method="post" action="index.php">' . "\n"
199 . PMA_URL_getHiddenInputs(null, null, 4, 'collation_connection')
200 . ' <label for="select_collation_connection">' . "\n"
201 . ' ' . PMA_Util::getImage('s_asci.png') . " "
202 . __('Server connection collation') . "\n"
203 // put the doc link in the form so that it appears on the same line
204 . PMA_Util::showMySQLDocu('Charset-connection')
205 . ': ' . "\n"
206 . ' </label>' . "\n"
207
208 . PMA_generateCharsetDropdownBox(
209 PMA_CSDROPDOWN_COLLATION,
210 'collation_connection',
211 'select_collation_connection',
212 $collation_connection,
213 true,
214 true
215 )
216 . ' </form>' . "\n"
217 . ' </li>' . "\n";
218 } // end of if ($server > 0 && !PMA_DRIZZLE)
219 echo '</ul>';
220 echo '</div>';
221 }
222
223 echo '<div class="group">';
224 echo '<h2>' . __('Appearance Settings') . '</h2>';
225 echo ' <ul>';
226
227 // Displays language selection combo
228 if (empty($cfg['Lang']) && count($GLOBALS['available_languages']) > 1) {
229 echo '<li id="li_select_lang" class="no_bullets">';
230 include_once 'libraries/display_select_lang.lib.php';
231 echo PMA_Util::getImage('s_lang.png') . " " . PMA_getLanguageSelectorHtml();
232 echo '</li>';
233 }
234
235 // ThemeManager if available
236
237 if ($GLOBALS['cfg']['ThemeManager']) {
238 echo '<li id="li_select_theme" class="no_bullets">';
239 echo PMA_Util::getImage('s_theme.png') . " "
240 . $_SESSION['PMA_Theme_Manager']->getHtmlSelectBox();
241 echo '</li>';
242 }
243 echo '<li id="li_select_fontsize">';
244 echo PMA_Config::getFontsizeForm();
245 echo '</li>';
246
247 echo '</ul>';
248
249 // User preferences
250
251 if ($server > 0) {
252 echo '<ul>';
253 PMA_printListItem(
254 PMA_Util::getImage('b_tblops.png') . " " . __('More settings'),
255 'li_user_preferences',
256 'prefs_manage.php' . $common_url_query,
257 null,
258 null,
259 null,
260 "no_bullets"
261 );
262 echo '</ul>';
263 }
264
265 echo '</div>';
266
267
268 echo '</div>';
269 echo '<div id="main_pane_right">';
270
271
272 if ($server > 0 && $GLOBALS['cfg']['ShowServerInfo']) {
273
274 echo '<div class="group">';
275 echo '<h2>' . __('Database server') . '</h2>';
276 echo '<ul>' . "\n";
277 PMA_printListItem(
278 __('Server:') . ' ' . $server_info,
279 'li_server_info'
280 );
281 PMA_printListItem(
282 __('Server type:') . ' ' . PMA_Util::getServerType(),
283 'li_server_type'
284 );
285 PMA_printListItem(
286 __('Server version:')
287 . ' '
288 . PMA_MYSQL_STR_VERSION . ' - ' . PMA_MYSQL_VERSION_COMMENT,
289 'li_server_version'
290 );
291 PMA_printListItem(
292 __('Protocol version:') . ' ' . $GLOBALS['dbi']->getProtoInfo(),
293 'li_mysql_proto'
294 );
295 PMA_printListItem(
296 __('User:') . ' ' . htmlspecialchars($mysql_cur_user_and_host),
297 'li_user_info'
298 );
299
300 echo ' <li id="li_select_mysql_charset">';
301 echo ' ' . __('Server charset:') . ' '
302 . ' <span lang="en" dir="ltr">';
303 if (! PMA_DRIZZLE) {
304 echo ' '
305 . $mysql_charsets_descriptions[$mysql_charset_map['utf-8']];
306 }
307 echo ' (' . $mysql_charset_map['utf-8'] . ')'
308 . ' </span>'
309 . ' </li>'
310 . ' </ul>'
311 . ' </div>';
312 }
313
314 if ($GLOBALS['cfg']['ShowServerInfo'] || $GLOBALS['cfg']['ShowPhpInfo']) {
315 echo '<div class="group">';
316 echo '<h2>' . __('Web server') . '</h2>';
317 echo '<ul>';
318 if ($GLOBALS['cfg']['ShowServerInfo']) {
319 PMA_printListItem($_SERVER['SERVER_SOFTWARE'], 'li_web_server_software');
320
321 if ($server > 0) {
322 $client_version_str = $GLOBALS['dbi']->getClientInfo();
323 if (preg_match('#\d+\.\d+\.\d+#', $client_version_str)) {
324 $client_version_str = 'libmysql - ' . $client_version_str;
325 }
326 PMA_printListItem(
327 __('Database client version:') . ' ' . $client_version_str,
328 'li_mysql_client_version'
329 );
330
331 $php_ext_string = __('PHP extension:') . ' ';
332 if (PMA_DatabaseInterface::checkDbExtension('mysqli')) {
333 $extension = 'mysqli';
334 } else {
335 $extension = 'mysql';
336 }
337 $php_ext_string .= $extension . ' '
338 . PMA_Util::showPHPDocu('book.' . $extension . '.php');
339
340 PMA_printListItem(
341 $php_ext_string,
342 'li_used_php_extension'
343 );
344
345 $php_version_string = __('PHP version:') . ' ' . phpversion();
346
347 PMA_printListItem(
348 $php_version_string,
349 'li_used_php_version'
350 );
351 }
352 }
353
354 if ($cfg['ShowPhpInfo']) {
355 PMA_printListItem(
356 __('Show PHP information'),
357 'li_phpinfo',
358 'phpinfo.php' . $common_url_query,
359 null,
360 '_blank'
361 );
362 }
363 echo ' </ul>';
364 echo ' </div>';
365 }
366
367 echo '<div class="group pmagroup">';
368 echo '<h2>phpMyAdmin</h2>';
369 echo '<ul>';
370 $class = null;
371 // We rely on CSP to allow access to http://www.phpmyadmin.net, but IE lacks
372 // support here and does not allow request to http once using https.
373 if ($GLOBALS['cfg']['VersionCheck']
374 && (! $GLOBALS['PMA_Config']->get('is_https') || PMA_USR_BROWSER_AGENT != 'IE')
375 ) {
376 $class = 'jsversioncheck';
377 }
378 PMA_printListItem(
379 __('Version information:') . ' <span class="version">' . PMA_VERSION . '</span>',
380 'li_pma_version',
381 null,
382 null,
383 null,
384 null,
385 $class
386 );
387 PMA_printListItem(
388 __('Documentation'),
389 'li_pma_docs',
390 PMA_Util::getDocuLink('index'),
391 null,
392 '_blank'
393 );
394 PMA_printListItem(
395 __('Wiki'),
396 'li_pma_wiki',
397 PMA_linkURL('http://wiki.phpmyadmin.net/'),
398 null,
399 '_blank'
400 );
401
402 // does not work if no target specified, don't know why
403 PMA_printListItem(
404 __('Official Homepage'),
405 'li_pma_homepage',
406 PMA_linkURL('http://www.phpMyAdmin.net/'),
407 null,
408 '_blank'
409 );
410 PMA_printListItem(
411 __('Contribute'),
412 'li_pma_contribute',
413 PMA_linkURL('http://www.phpmyadmin.net/home_page/improve.php'),
414 null,
415 '_blank'
416 );
417 PMA_printListItem(
418 __('Get support'),
419 'li_pma_support',
420 PMA_linkURL('http://www.phpmyadmin.net/home_page/support.php'),
421 null,
422 '_blank'
423 );
424 PMA_printListItem(
425 __('List of changes'),
426 'li_pma_changes',
427 'changelog.php' . PMA_URL_getCommon(),
428 null,
429 '_blank'
430 );
431 echo ' </ul>';
432 echo ' </div>';
433
434 echo '</div>';
435
436 echo '</div>';
437
438 /**
439 * Warning if using the default MySQL privileged account
440 */
441 if ($server != 0
442 && $cfg['Server']['user'] == 'root'
443 && $cfg['Server']['password'] == ''
444 ) {
445 trigger_error(
446 __(
447 'You are connected as \'root\' with no password, which'
448 . ' corresponds to the default MySQL privileged account.'
449 . ' Your MySQL server is running with this default, is open to'
450 . ' intrusion, and you really should fix this security hole by'
451 . ' setting a password for user \'root\'.'
452 ),
453 E_USER_WARNING
454 );
455 }
456
457 /**
458 * As we try to handle charsets by ourself, mbstring overloads just
459 * break it, see bug 1063821.
460 */
461 if (@extension_loaded('mbstring') && @ini_get('mbstring.func_overload') > 1) {
462 trigger_error(
463 __(
464 'You have enabled mbstring.func_overload in your PHP '
465 . 'configuration. This option is incompatible with phpMyAdmin '
466 . 'and might cause some data to be corrupted!'
467 ),
468 E_USER_WARNING
469 );
470 }
471
472 /**
473 * mbstring is used for handling multibytes inside parser, so it is good
474 * to tell user something might be broken without it, see bug #1063149.
475 */
476 if (! @extension_loaded('mbstring')) {
477 trigger_error(
478 __(
479 'The mbstring PHP extension was not found and you seem to be using'
480 . ' a multibyte charset. Without the mbstring extension phpMyAdmin'
481 . ' is unable to split strings correctly and it may result in'
482 . ' unexpected results.'
483 ),
484 E_USER_WARNING
485 );
486 }
487
488 if ($cfg['LoginCookieValidityDisableWarning'] == false) {
489 /**
490 * Check whether session.gc_maxlifetime limits session validity.
491 */
492 $gc_time = (int)@ini_get('session.gc_maxlifetime');
493 if ($gc_time < $GLOBALS['cfg']['LoginCookieValidity'] ) {
494 trigger_error(
495 __('Your PHP parameter [a@http://php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime@_blank]session.gc_maxlifetime[/a] is lower than cookie validity configured in phpMyAdmin, because of this, your login might expire sooner than configured in phpMyAdmin.'),
496 E_USER_WARNING
497 );
498 }
499 }
500
501 /**
502 * Check whether LoginCookieValidity is limited by LoginCookieStore.
503 */
504 if ($GLOBALS['cfg']['LoginCookieStore'] != 0
505 && $GLOBALS['cfg']['LoginCookieStore'] < $GLOBALS['cfg']['LoginCookieValidity']
506 ) {
507 trigger_error(
508 __('Login cookie store is lower than cookie validity configured in phpMyAdmin, because of this, your login will expire sooner than configured in phpMyAdmin.'),
509 E_USER_WARNING
510 );
511 }
512
513 /**
514 * Check if user does not have defined blowfish secret and it is being used.
515 */
516 if (! empty($_SESSION['encryption_key'])
517 && empty($GLOBALS['cfg']['blowfish_secret'])
518 ) {
519 trigger_error(
520 __('The configuration file now needs a secret passphrase (blowfish_secret).'),
521 E_USER_WARNING
522 );
523 }
524
525 /**
526 * Check for existence of config directory which should not exist in
527 * production environment.
528 */
529 if (file_exists('config')) {
530 trigger_error(
531 __('Directory [code]config[/code], which is used by the setup script, still exists in your phpMyAdmin directory. It is strongly recommended to remove it once phpMyAdmin has been configured. Otherwise the security of your server may be compromised by unauthorized people downloading your configuration.'),
532 E_USER_WARNING
533 );
534 }
535
536 if ($server > 0) {
537 $cfgRelation = PMA_getRelationsParam();
538 if (! $cfgRelation['allworks']
539 && $cfg['PmaNoRelation_DisableWarning'] == false
540 ) {
541 $msg_text = __(
542 'The phpMyAdmin configuration storage is not completely '
543 . 'configured, some extended features have been deactivated. '
544 . '%sFind out why%s. '
545 );
546 if ($cfg['ZeroConf'] == true) {
547 $msg_text .= '<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;' .
548 __(
549 'Or alternately go to \'Operations\' tab of any database '
550 . 'to set it up there.'
551 );
552 }
553 $msg = PMA_Message::notice($msg_text);
554 $msg->addParam(
555 '<a href="' . $cfg['PmaAbsoluteUri'] . 'chk_rel.php'
556 . $common_url_query . '">',
557 false
558 );
559 $msg->addParam('</a>', false);
560 /* Show error if user has configured something, notice elsewhere */
561 if (!empty($cfg['Servers'][$server]['pmadb'])) {
562 $msg->isError(true);
563 }
564 $msg->display();
565 } // end if
566 }
567
568 /**
569 * Warning about different MySQL library and server version
570 * (a difference on the third digit does not count).
571 * If someday there is a constant that we can check about mysqlnd,
572 * we can use it instead of strpos().
573 * If no default server is set, $GLOBALS['dbi'] is not defined yet.
574 * Drizzle can speak MySQL protocol, so don't warn about version mismatch for
575 * Drizzle servers.
576 * We also do not warn if MariaDB is detected, as it has its own version
577 * numbering.
578 */
579 if (isset($GLOBALS['dbi'])
580 && !PMA_DRIZZLE
581 && $cfg['ServerLibraryDifference_DisableWarning'] == false
582 ) {
583 /** @var PMA_String $pmaString */
584 $pmaString = $GLOBALS['PMA_String'];
585
586 $_client_info = $GLOBALS['dbi']->getClientInfo();
587 if ($server > 0
588 && /*overload*/mb_strpos($_client_info, 'mysqlnd') === false
589 && /*overload*/mb_strpos(PMA_MYSQL_STR_VERSION, 'MariaDB') === false
590 && substr(PMA_MYSQL_CLIENT_API, 0, 3) != substr(
591 PMA_MYSQL_INT_VERSION, 0, 3
592 )
593 ) {
594 trigger_error(
595 PMA_sanitize(
596 sprintf(
597 __('Your PHP MySQL library version %s differs from your MySQL server version %s. This may cause unpredictable behavior.'),
598 $_client_info,
599 substr(
600 PMA_MYSQL_STR_VERSION,
601 0,
602 strpos(PMA_MYSQL_STR_VERSION . '-', '-')
603 )
604 )
605 ),
606 E_USER_NOTICE
607 );
608 }
609 unset($_client_info);
610 }
611
612 /**
613 * Warning about Suhosin only if its simulation mode is not enabled
614 */
615 if ($cfg['SuhosinDisableWarning'] == false
616 && @ini_get('suhosin.request.max_value_length')
617 && @ini_get('suhosin.simulation') == '0'
618 ) {
619 trigger_error(
620 sprintf(
621 __('Server running with Suhosin. Please refer to %sdocumentation%s for possible issues.'),
622 '[doc@faq1-38]',
623 '[/doc]'
624 ),
625 E_USER_WARNING
626 );
627 }
628
629 /**
630 * Warning about incomplete translations.
631 *
632 * The data file is created while creating release by ./scripts/remove-incomplete-mo
633 */
634 if (file_exists('libraries/language_stats.inc.php')) {
635 include 'libraries/language_stats.inc.php';
636 /*
637 * This message is intentionally not translated, because we're
638 * handling incomplete translations here and focus on english
639 * speaking users.
640 */
641 if (isset($GLOBALS['language_stats'][$lang])
642 && $GLOBALS['language_stats'][$lang] < $cfg['TranslationWarningThreshold']
643 ) {
644 trigger_error(
645 'You are using an incomplete translation, please help to make it '
646 . 'better by [a@http://www.phpmyadmin.net/home_page/improve.php'
647 . '#translate@_blank]contributing[/a].',
648 E_USER_NOTICE
649 );
650 }
651 }
652
653 /**
654 * prints list item for main page
655 *
656 * @param string $name displayed text
657 * @param string $listId id, used for css styles
658 * @param string $url make item as link with $url as target
659 * @param string $mysql_help_page display a link to MySQL's manual
660 * @param string $target special target for $url
661 * @param string $a_id id for the anchor,
662 * used for jQuery to hook in functions
663 * @param string $class class for the li element
664 * @param string $a_class class for the anchor element
665 *
666 * @return void
667 */
668 function PMA_printListItem($name, $listId = null, $url = null,
669 $mysql_help_page = null, $target = null, $a_id = null, $class = null,
670 $a_class = null
671 ) {
672 echo '<li id="' . $listId . '"';
673 if (null !== $class) {
674 echo ' class="' . $class . '"';
675 }
676 echo '>';
677 if (null !== $url) {
678 echo '<a href="' . $url . '"';
679 if (null !== $target) {
680 echo ' target="' . $target . '"';
681 }
682 if (null != $a_id) {
683 echo ' id="' . $a_id . '"';
684 }
685 if (null != $a_class) {
686 echo ' class="' . $a_class . '"';
687 }
688 echo '>';
689 }
690
691 echo $name;
692
693 if (null !== $url) {
694 echo '</a>' . "\n";
695 }
696 if (null !== $mysql_help_page) {
697 echo PMA_Util::showMySQLDocu($mysql_help_page);
698 }
699 echo '</li>';
700 }
701 ?>
phpMyAdmin