Fix for issue #291
[openemr.git] / phpmyadmin / index.php
blob17b0e7aa2144f9bfba0a5a40f5b17c92afa052ad
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Main loader script
6 * @package PhpMyAdmin
7 */
9 /**
10 * Gets some core libraries and displays a top message if required
12 require_once 'libraries/common.inc.php';
14 /**
15 * display Git revision if requested
17 require_once 'libraries/display_git_revision.lib.php';
18 require_once 'libraries/Template.class.php';
20 /**
21 * pass variables to child pages
23 $drops = array(
24 'lang',
25 'server',
26 'collation_connection',
27 'db',
28 'table'
30 foreach ($drops as $each_drop) {
31 if (array_key_exists($each_drop, $_GET)) {
32 unset($_GET[$each_drop]);
35 unset($drops, $each_drop);
38 * Black list of all scripts to which front-end must submit data.
39 * Such scripts must not be loaded on home page.
42 $target_blacklist = array (
43 'import.php', 'export.php'
46 // If we have a valid target, let's load that script instead
47 if (! empty($_REQUEST['target'])
48 && is_string($_REQUEST['target'])
49 && ! preg_match('/^index/', $_REQUEST['target'])
50 && ! in_array($_REQUEST['target'], $target_blacklist)
51 && in_array($_REQUEST['target'], $goto_whitelist)
52 ) {
53 include $_REQUEST['target'];
54 exit;
57 if (isset($_REQUEST['ajax_request']) && ! empty($_REQUEST['access_time'])) {
58 exit;
61 // See FAQ 1.34
62 if (! empty($_REQUEST['db'])) {
63 $page = null;
64 if (! empty($_REQUEST['table'])) {
65 $page = PMA_Util::getScriptNameForOption(
66 $GLOBALS['cfg']['DefaultTabTable'], 'table'
68 } else {
69 $page = PMA_Util::getScriptNameForOption(
70 $GLOBALS['cfg']['DefaultTabDatabase'], 'database'
73 include $page;
74 exit;
77 /**
78 * Check if it is an ajax request to reload the recent tables list.
80 require_once 'libraries/RecentFavoriteTable.class.php';
81 if ($GLOBALS['is_ajax_request'] && ! empty($_REQUEST['recent_table'])) {
82 $response = PMA_Response::getInstance();
83 $response->addJSON(
84 'list',
85 PMA_RecentFavoriteTable::getInstance('recent')->getHtmlList()
87 exit;
90 if ($GLOBALS['PMA_Config']->isGitRevision()) {
91 if (isset($_REQUEST['git_revision']) && $GLOBALS['is_ajax_request'] == true) {
92 PMA_printGitRevision();
93 exit;
95 echo '<div id="is_git_revision"></div>';
98 // Handles some variables that may have been sent by the calling script
99 $GLOBALS['db'] = '';
100 $GLOBALS['table'] = '';
101 $show_query = '1';
103 // Any message to display?
104 if (! empty($message)) {
105 echo PMA_Util::getMessage($message);
106 unset($message);
109 $common_url_query = PMA_URL_getCommon();
110 $mysql_cur_user_and_host = '';
112 // when $server > 0, a server has been chosen so we can display
113 // all MySQL-related information
114 if ($server > 0) {
115 include 'libraries/server_common.inc.php';
116 include 'libraries/StorageEngine.class.php';
118 // Use the verbose name of the server instead of the hostname
119 // if a value is set
120 $server_info = '';
121 if (! empty($cfg['Server']['verbose'])) {
122 $server_info .= htmlspecialchars($cfg['Server']['verbose']);
123 if ($GLOBALS['cfg']['ShowServerInfo']) {
124 $server_info .= ' (';
127 if ($GLOBALS['cfg']['ShowServerInfo'] || empty($cfg['Server']['verbose'])) {
128 $server_info .= $GLOBALS['dbi']->getHostInfo();
130 if (! empty($cfg['Server']['verbose']) && $GLOBALS['cfg']['ShowServerInfo']) {
131 $server_info .= ')';
133 $mysql_cur_user_and_host = $GLOBALS['dbi']->fetchValue('SELECT USER();');
135 // should we add the port info here?
136 $short_server_info = (!empty($GLOBALS['cfg']['Server']['verbose'])
137 ? $GLOBALS['cfg']['Server']['verbose']
138 : $GLOBALS['cfg']['Server']['host']);
141 echo '<div id="maincontainer">' . "\n";
142 // Anchor for favorite tables synchronization.
143 echo PMA_RecentFavoriteTable::getInstance('favorite')->getHtmlSyncFavoriteTables();
144 echo '<div id="main_pane_left">';
145 if ($server > 0 || count($cfg['Servers']) > 1
147 if ($cfg['DBG']['demo']) {
148 echo '<div class="group">';
149 echo '<h2>' . __('phpMyAdmin Demo Server') . '</h2>';
150 echo '<p style="margin: 0.5em 1em 0.5em 1em">';
151 printf(
153 'You are using the demo server. You can do anything here, but '
154 . 'please do not change root, debian-sys-maint and pma users. '
155 . 'More information is available at %s.'
157 '<a href="http://demo.phpmyadmin.net/">demo.phpmyadmin.net</a>'
159 echo '</p>';
160 echo '</div>';
162 echo '<div class="group">';
163 echo '<h2>' . __('General settings') . '</h2>';
164 echo '<ul>';
167 * Displays the MySQL servers choice form
169 if ($cfg['ServerDefault'] == 0
170 || (! $cfg['NavigationDisplayServers']
171 && (count($cfg['Servers']) > 1
172 || ($server == 0 && count($cfg['Servers']) == 1)))
174 echo '<li id="li_select_server" class="no_bullets" >';
175 include_once 'libraries/select_server.lib.php';
176 echo PMA_Util::getImage('s_host.png') . " " . PMA_selectServer(true, true);
177 echo '</li>';
181 * Displays the mysql server related links
183 if ($server > 0 && ! PMA_DRIZZLE) {
184 include_once 'libraries/check_user_privileges.lib.php';
186 // Logout for advanced authentication
187 if ($cfg['Server']['auth_type'] != 'config') {
188 if ($cfg['ShowChgPassword']) {
189 $conditional_class = 'ajax';
190 PMA_printListItem(
191 PMA_Util::getImage('s_passwd.png') . "&nbsp;" . __('Change password'),
192 'li_change_password',
193 'user_password.php' . $common_url_query,
194 null,
195 null,
196 'change_password_anchor',
197 "no_bullets",
198 $conditional_class
201 } // end if
202 echo ' <li id="li_select_mysql_collation" class="no_bullets" >';
203 echo ' <form method="post" action="index.php">' . "\n"
204 . PMA_URL_getHiddenInputs(null, null, 4, 'collation_connection')
205 . ' <label for="select_collation_connection">' . "\n"
206 . ' ' . PMA_Util::getImage('s_asci.png') . "&nbsp;"
207 . __('Server connection collation') . "\n"
208 // put the doc link in the form so that it appears on the same line
209 . PMA_Util::showMySQLDocu('Charset-connection')
210 . ': ' . "\n"
211 . ' </label>' . "\n"
213 . PMA_generateCharsetDropdownBox(
214 PMA_CSDROPDOWN_COLLATION,
215 'collation_connection',
216 'select_collation_connection',
217 $collation_connection,
218 true,
219 true
221 . ' </form>' . "\n"
222 . ' </li>' . "\n";
223 } // end of if ($server > 0 && !PMA_DRIZZLE)
224 echo '</ul>';
225 echo '</div>';
228 echo '<div class="group">';
229 echo '<h2>' . __('Appearance settings') . '</h2>';
230 echo ' <ul>';
232 // Displays language selection combo
233 if (empty($cfg['Lang']) && count($GLOBALS['available_languages']) > 1) {
234 echo '<li id="li_select_lang" class="no_bullets">';
235 include_once 'libraries/display_select_lang.lib.php';
236 echo PMA_Util::getImage('s_lang.png') . " " . PMA_getLanguageSelectorHtml();
237 echo '</li>';
240 // ThemeManager if available
242 if ($GLOBALS['cfg']['ThemeManager']) {
243 echo '<li id="li_select_theme" class="no_bullets">';
244 echo PMA_Util::getImage('s_theme.png') . " "
245 . $_SESSION['PMA_Theme_Manager']->getHtmlSelectBox();
246 echo '</li>';
248 echo '<li id="li_select_fontsize">';
249 echo PMA_Config::getFontsizeForm();
250 echo '</li>';
252 echo '</ul>';
254 // User preferences
256 if ($server > 0) {
257 echo '<ul>';
258 PMA_printListItem(
259 PMA_Util::getImage('b_tblops.png') . "&nbsp;" . __('More settings'),
260 'li_user_preferences',
261 'prefs_manage.php' . $common_url_query,
262 null,
263 null,
264 null,
265 "no_bullets"
267 echo '</ul>';
270 echo '</div>';
273 echo '</div>';
274 echo '<div id="main_pane_right">';
277 if ($server > 0 && $GLOBALS['cfg']['ShowServerInfo']) {
279 echo '<div class="group">';
280 echo '<h2>' . __('Database server') . '</h2>';
281 echo '<ul>' . "\n";
282 PMA_printListItem(
283 __('Server:') . ' ' . $server_info,
284 'li_server_info'
286 PMA_printListItem(
287 __('Server type:') . ' ' . PMA_Util::getServerType(),
288 'li_server_type'
290 PMA_printListItem(
291 __('Server version:')
292 . ' '
293 . PMA_MYSQL_STR_VERSION . ' - ' . PMA_MYSQL_VERSION_COMMENT,
294 'li_server_version'
296 PMA_printListItem(
297 __('Protocol version:') . ' ' . $GLOBALS['dbi']->getProtoInfo(),
298 'li_mysql_proto'
300 PMA_printListItem(
301 __('User:') . ' ' . htmlspecialchars($mysql_cur_user_and_host),
302 'li_user_info'
305 echo ' <li id="li_select_mysql_charset">';
306 echo ' ' . __('Server charset:') . ' '
307 . ' <span lang="en" dir="ltr">';
308 if (! PMA_DRIZZLE) {
309 echo ' '
310 . $mysql_charsets_descriptions[$mysql_charset_map['utf-8']];
312 echo ' (' . $mysql_charset_map['utf-8'] . ')'
313 . ' </span>'
314 . ' </li>'
315 . ' </ul>'
316 . ' </div>';
319 if ($GLOBALS['cfg']['ShowServerInfo'] || $GLOBALS['cfg']['ShowPhpInfo']) {
320 echo '<div class="group">';
321 echo '<h2>' . __('Web server') . '</h2>';
322 echo '<ul>';
323 if ($GLOBALS['cfg']['ShowServerInfo']) {
324 PMA_printListItem($_SERVER['SERVER_SOFTWARE'], 'li_web_server_software');
326 if ($server > 0) {
327 $client_version_str = $GLOBALS['dbi']->getClientInfo();
328 if (preg_match('#\d+\.\d+\.\d+#', $client_version_str)) {
329 $client_version_str = 'libmysql - ' . $client_version_str;
331 PMA_printListItem(
332 __('Database client version:') . ' ' . $client_version_str,
333 'li_mysql_client_version'
336 $php_ext_string = __('PHP extension:') . ' ';
337 if (PMA_DatabaseInterface::checkDbExtension('mysqli')) {
338 $extension = 'mysqli';
339 } else {
340 $extension = 'mysql';
342 $php_ext_string .= $extension . ' '
343 . PMA_Util::showPHPDocu('book.' . $extension . '.php');
345 PMA_printListItem(
346 $php_ext_string,
347 'li_used_php_extension'
350 $php_version_string = __('PHP version:') . ' ' . phpversion();
352 PMA_printListItem(
353 $php_version_string,
354 'li_used_php_version'
359 if ($cfg['ShowPhpInfo']) {
360 PMA_printListItem(
361 __('Show PHP information'),
362 'li_phpinfo',
363 'phpinfo.php' . $common_url_query,
364 null,
365 '_blank'
368 echo ' </ul>';
369 echo ' </div>';
372 echo '<div class="group pmagroup">';
373 echo '<h2>phpMyAdmin</h2>';
374 echo '<ul>';
375 $class = null;
376 // We rely on CSP to allow access to http://www.phpmyadmin.net, but IE lacks
377 // support here and does not allow request to http once using https.
378 if ($GLOBALS['cfg']['VersionCheck']
379 && (! $GLOBALS['PMA_Config']->get('is_https') || PMA_USR_BROWSER_AGENT != 'IE')
381 $class = 'jsversioncheck';
383 PMA_printListItem(
384 __('Version information:') . ' <span class="version">' . PMA_VERSION . '</span>',
385 'li_pma_version',
386 null,
387 null,
388 null,
389 null,
390 $class
392 PMA_printListItem(
393 __('Documentation'),
394 'li_pma_docs',
395 PMA_Util::getDocuLink('index'),
396 null,
397 '_blank'
399 PMA_printListItem(
400 __('Wiki'),
401 'li_pma_wiki',
402 PMA_linkURL('http://wiki.phpmyadmin.net/'),
403 null,
404 '_blank'
407 // does not work if no target specified, don't know why
408 PMA_printListItem(
409 __('Official Homepage'),
410 'li_pma_homepage',
411 PMA_linkURL('http://www.phpMyAdmin.net/'),
412 null,
413 '_blank'
415 PMA_printListItem(
416 __('Contribute'),
417 'li_pma_contribute',
418 PMA_linkURL('https://www.phpmyadmin.net/contribute/'),
419 null,
420 '_blank'
422 PMA_printListItem(
423 __('Get support'),
424 'li_pma_support',
425 PMA_linkURL('https://www.phpmyadmin.net/support/'),
426 null,
427 '_blank'
429 PMA_printListItem(
430 __('List of changes'),
431 'li_pma_changes',
432 'changelog.php' . PMA_URL_getCommon(),
433 null,
434 '_blank'
436 echo ' </ul>';
437 echo ' </div>';
439 echo '</div>';
441 echo '</div>';
444 * Warning if using the default MySQL privileged account
446 if ($server != 0
447 && $cfg['Server']['user'] == 'root'
448 && $cfg['Server']['password'] == ''
450 trigger_error(
452 'You are connected as \'root\' with no password, which'
453 . ' corresponds to the default MySQL privileged account.'
454 . ' Your MySQL server is running with this default, is open to'
455 . ' intrusion, and you really should fix this security hole by'
456 . ' setting a password for user \'root\'.'
458 E_USER_WARNING
463 * As we try to handle charsets by ourself, mbstring overloads just
464 * break it, see bug 1063821.
466 if (@extension_loaded('mbstring') && @ini_get('mbstring.func_overload') > 1) {
467 trigger_error(
469 'You have enabled mbstring.func_overload in your PHP '
470 . 'configuration. This option is incompatible with phpMyAdmin '
471 . 'and might cause some data to be corrupted!'
473 E_USER_WARNING
478 * mbstring is used for handling multibytes inside parser, so it is good
479 * to tell user something might be broken without it, see bug #1063149.
481 if (! @extension_loaded('mbstring')) {
482 trigger_error(
484 'The mbstring PHP extension was not found and you seem to be using'
485 . ' a multibyte charset. Without the mbstring extension phpMyAdmin'
486 . ' is unable to split strings correctly and it may result in'
487 . ' unexpected results.'
489 E_USER_WARNING
493 if ($cfg['LoginCookieValidityDisableWarning'] == false) {
495 * Check whether session.gc_maxlifetime limits session validity.
497 $gc_time = (int)@ini_get('session.gc_maxlifetime');
498 if ($gc_time < $GLOBALS['cfg']['LoginCookieValidity'] ) {
499 trigger_error(
501 'Your PHP parameter [a@http://php.net/manual/en/session.' .
502 'configuration.php#ini.session.gc-maxlifetime@_blank]session.' .
503 'gc_maxlifetime[/a] is lower than cookie validity configured ' .
504 'in phpMyAdmin, because of this, your login might expire sooner ' .
505 'than configured in phpMyAdmin.'
507 E_USER_WARNING
513 * Check whether LoginCookieValidity is limited by LoginCookieStore.
515 if ($GLOBALS['cfg']['LoginCookieStore'] != 0
516 && $GLOBALS['cfg']['LoginCookieStore'] < $GLOBALS['cfg']['LoginCookieValidity']
518 trigger_error(
520 'Login cookie store is lower than cookie validity configured in ' .
521 'phpMyAdmin, because of this, your login will expire sooner than ' .
522 'configured in phpMyAdmin.'
524 E_USER_WARNING
529 * Check if user does not have defined blowfish secret and it is being used.
531 if (! empty($_SESSION['encryption_key'])
532 && empty($GLOBALS['cfg']['blowfish_secret'])
534 trigger_error(
536 'The configuration file now needs a secret passphrase (blowfish_secret).'
538 E_USER_WARNING
543 * Check for existence of config directory which should not exist in
544 * production environment.
546 if (file_exists('config')) {
547 trigger_error(
549 'Directory [code]config[/code], which is used by the setup script, ' .
550 'still exists in your phpMyAdmin directory. It is strongly ' .
551 'recommended to remove it once phpMyAdmin has been configured. ' .
552 'Otherwise the security of your server may be compromised by ' .
553 'unauthorized people downloading your configuration.'
555 E_USER_WARNING
559 if ($server > 0) {
560 $cfgRelation = PMA_getRelationsParam();
561 if (! $cfgRelation['allworks']
562 && $cfg['PmaNoRelation_DisableWarning'] == false
564 $msg_text = __(
565 'The phpMyAdmin configuration storage is not completely '
566 . 'configured, some extended features have been deactivated. '
567 . '%sFind out why%s. '
569 if ($cfg['ZeroConf'] == true) {
570 $msg_text .= '<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;' .
572 'Or alternately go to \'Operations\' tab of any database '
573 . 'to set it up there.'
576 $msg = PMA_Message::notice($msg_text);
577 $msg->addParam(
578 '<a href="' . $cfg['PmaAbsoluteUri'] . 'chk_rel.php'
579 . $common_url_query . '">',
580 false
582 $msg->addParam('</a>', false);
583 /* Show error if user has configured something, notice elsewhere */
584 if (!empty($cfg['Servers'][$server]['pmadb'])) {
585 $msg->isError(true);
587 $msg->display();
588 } // end if
592 * Warning about different MySQL library and server version
593 * (a difference on the third digit does not count).
594 * If someday there is a constant that we can check about mysqlnd,
595 * we can use it instead of strpos().
596 * If no default server is set, $GLOBALS['dbi'] is not defined yet.
597 * Drizzle can speak MySQL protocol, so don't warn about version mismatch for
598 * Drizzle servers.
599 * We also do not warn if MariaDB is detected, as it has its own version
600 * numbering.
602 if (isset($GLOBALS['dbi'])
603 && !PMA_DRIZZLE
604 && $cfg['ServerLibraryDifference_DisableWarning'] == false
606 /** @var PMA_String $pmaString */
607 $pmaString = $GLOBALS['PMA_String'];
609 $_client_info = $GLOBALS['dbi']->getClientInfo();
610 if ($server > 0
611 && /*overload*/mb_strpos($_client_info, 'mysqlnd') === false
612 && /*overload*/mb_strpos(PMA_MYSQL_STR_VERSION, 'MariaDB') === false
613 && substr(PMA_MYSQL_CLIENT_API, 0, 3) != substr(
614 PMA_MYSQL_INT_VERSION, 0, 3
617 trigger_error(
618 PMA_sanitize(
619 sprintf(
621 'Your PHP MySQL library version %s differs from your ' .
622 'MySQL server version %s. This may cause unpredictable ' .
623 'behavior.'
625 $_client_info,
626 substr(
627 PMA_MYSQL_STR_VERSION,
629 strpos(PMA_MYSQL_STR_VERSION . '-', '-')
633 E_USER_NOTICE
636 unset($_client_info);
640 * Warning about Suhosin only if its simulation mode is not enabled
642 if ($cfg['SuhosinDisableWarning'] == false
643 && @ini_get('suhosin.request.max_value_length')
644 && @ini_get('suhosin.simulation') == '0'
646 trigger_error(
647 sprintf(
649 'Server running with Suhosin. Please refer to %sdocumentation%s ' .
650 'for possible issues.'
652 '[doc@faq1-38]',
653 '[/doc]'
655 E_USER_WARNING
660 * Warning about incomplete translations.
662 * The data file is created while creating release by ./scripts/remove-incomplete-mo
664 if (file_exists('libraries/language_stats.inc.php')) {
665 include 'libraries/language_stats.inc.php';
667 * This message is intentionally not translated, because we're
668 * handling incomplete translations here and focus on english
669 * speaking users.
671 if (isset($GLOBALS['language_stats'][$lang])
672 && $GLOBALS['language_stats'][$lang] < $cfg['TranslationWarningThreshold']
674 trigger_error(
675 'You are using an incomplete translation, please help to make it '
676 . 'better by [a@https://www.phpmyadmin.net/translate/'
677 . '@_blank]contributing[/a].',
678 E_USER_NOTICE
684 * prints list item for main page
686 * @param string $name displayed text
687 * @param string $listId id, used for css styles
688 * @param string $url make item as link with $url as target
689 * @param string $mysql_help_page display a link to MySQL's manual
690 * @param string $target special target for $url
691 * @param string $a_id id for the anchor,
692 * used for jQuery to hook in functions
693 * @param string $class class for the li element
694 * @param string $a_class class for the anchor element
696 * @return void
698 function PMA_printListItem($name, $listId = null, $url = null,
699 $mysql_help_page = null, $target = null, $a_id = null, $class = null,
700 $a_class = null
702 echo PMA\Template::get('list/item')
703 ->render(
704 array(
705 'content' => $name,
706 'id' => $listId,
707 'class' => $class,
708 'url' => array(
709 'href' => $url,
710 'target' => $target,
711 'id' => $a_id,
712 'class' => $a_class,
714 'mysql_help_page' => $mysql_help_page,