search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Remove broken link
[phpmyadmin.git] / libraries / common.inc.php
blobd039faa9345bc01d0d6cc2cefb1899f4a99c530a
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Misc stuff and REQUIRED by ALL the scripts.
5 * MUST be included by every script
6 *
7 * Among other things, it contains the advanced authentication work.
8 *
9 * Order of sections for common.inc.php:
10 *
11 * the authentication libraries must be before the connection to db
12 *
13 * ... so the required order is:
14 *
15 * LABEL_variables_init
16 * - initialize some variables always needed
17 * LABEL_parsing_config_file
18 * - parsing of the configuration file
19 * LABEL_loading_language_file
20 * - loading language file
21 * LABEL_setup_servers
22 * - check and setup configured servers
23 * LABEL_theme_setup
24 * - setting up themes
25 *
26 * - load of MySQL extension (if necessary)
27 * - loading of an authentication library
28 * - db connection
29 * - authentication work
30 *
31 * @package PhpMyAdmin
32 */
33 use PMA\libraries\Config;
34 use PMA\libraries\DatabaseInterface;
35 use PMA\libraries\ErrorHandler;
36 use PMA\libraries\Message;
37 use PMA\libraries\plugins\AuthenticationPlugin;
38 use PMA\libraries\DbList;
39 use PMA\libraries\ThemeManager;
40 use PMA\libraries\Tracker;
41 use PMA\libraries\Response;
42 use PMA\libraries\TypesMySQL;
43 use PMA\libraries\Util;
44 use PMA\libraries\LanguageManager;
45 use PMA\libraries\Logging;
46
47 /**
48 * block attempts to directly run this script
49 */
50 if (getcwd() == dirname(__FILE__)) {
51 die('Attack stopped');
52 }
53
54 /**
55 * Minimum PHP version; can't call PMA_fatalError() which uses a
56 * PHP 5 function, so cannot easily localize this message.
57 */
58 if (version_compare(PHP_VERSION, '5.5.0', 'lt')) {
59 die(
60 'PHP 5.5+ is required. <br /> Currently installed version is: '
61 . phpversion()
62 );
63 }
64
65 /**
66 * for verification in all procedural scripts under libraries
67 */
68 define('PHPMYADMIN', true);
69
70 /**
71 * Load vendor configuration.
72 */
73 require_once './libraries/vendor_config.php';
74
75 /**
76 * Activate autoloader
77 */
78 if (! @is_readable('./vendor/autoload.php')) {
79 die(
80 'File <tt>./vendor/autoload.php</tt> missing or not readable. <br />'
81 . 'Most likely you did not run Composer to '
82 . '<a href="https://docs.phpmyadmin.net/en/latest/setup.html#installing-from-git">install library files</a>.'
83 );
84 }
85 require_once './vendor/autoload.php';
86
87 /**
88 * Load gettext functions.
89 */
90 PhpMyAdmin\MoTranslator\Loader::loadFunctions();
91
92 /**
93 * initialize the error handler
94 */
95 $GLOBALS['error_handler'] = new ErrorHandler();
96
97 /**
98 * core functions
99 */
100 require './libraries/core.lib.php';
101
102 /**
103 * Warning about missing PHP extensions.
104 */
105 PMA_checkExtensions();
106
107 /**
108 * Set utf-8 encoding for PHP
109 */
110 ini_set('default_charset', 'utf-8');
111 mb_internal_encoding('utf-8');
112
113 /**
114 * Set precision to sane value, with higher values
115 * things behave slightly unexpectedly, for example
116 * round(1.2, 2) returns 1.199999999999999956.
117 */
118 ini_set('precision', 14);
119
120 /**
121 * the relation lib, tracker needs it
122 */
123 require './libraries/relation.lib.php';
124
125
126 /******************************************************************************/
127 /* start procedural code label_start_procedural */
128
129 PMA_cleanupPathInfo();
130
131 /**
132 * just to be sure there was no import (registering) before here
133 * we empty the global space (but avoid unsetting $variables_list
134 * and $key in the foreach (), we still need them!)
135 */
136 $variables_whitelist = array (
137 'GLOBALS',
138 '_SERVER',
139 '_GET',
140 '_POST',
141 '_REQUEST',
142 '_FILES',
143 '_ENV',
144 '_COOKIE',
145 '_SESSION',
146 'error_handler',
147 'PMA_PHP_SELF',
148 'variables_whitelist',
149 'key',
150 );
151
152 foreach (get_defined_vars() as $key => $value) {
153 if (! in_array($key, $variables_whitelist)) {
154 unset($$key);
155 }
156 }
157 unset($key, $value, $variables_whitelist);
158
159 /**
160 * Subforms - some functions need to be called by form, cause of the limited URL
161 * length, but if this functions inside another form you cannot just open a new
162 * form - so phpMyAdmin uses 'arrays' inside this form
163 *
164 * <code>
165 * <form ...>
166 * ... main form elements ...
167 * <input type="hidden" name="subform[action1][id]" value="1" />
168 * ... other subform data ...
169 * <input type="submit" name="usesubform[action1]" value="do action1" />
170 * ... other subforms ...
171 * <input type="hidden" name="subform[actionX][id]" value="X" />
172 * ... other subform data ...
173 * <input type="submit" name="usesubform[actionX]" value="do actionX" />
174 * ... main form elements ...
175 * <input type="submit" name="main_action" value="submit form" />
176 * </form>
177 * </code>
178 *
179 * so we now check if a subform is submitted
180 */
181 $__redirect = null;
182 if (isset($_POST['usesubform']) && ! defined('PMA_MINIMUM_COMMON')) {
183 // if a subform is present and should be used
184 // the rest of the form is deprecated
185 $subform_id = key($_POST['usesubform']);
186 $subform = $_POST['subform'][$subform_id];
187 $_POST = $subform;
188 $_REQUEST = $subform;
189 /**
190 * some subforms need another page than the main form, so we will just
191 * include this page at the end of this script - we use $__redirect to
192 * track this
193 */
194 if (isset($_POST['redirect'])
195 && $_POST['redirect'] != basename($PMA_PHP_SELF)
196 ) {
197 $__redirect = $_POST['redirect'];
198 unset($_POST['redirect']);
199 }
200 unset($subform_id, $subform);
201 } else {
202 // Note: here we overwrite $_REQUEST so that it does not contain cookies,
203 // because another application for the same domain could have set
204 // a cookie (with a compatible path) that overrides a variable
205 // we expect from GET or POST.
206 // We'll refer to cookies explicitly with the $_COOKIE syntax.
207 $_REQUEST = array_merge($_GET, $_POST);
208 }
209 // end check if a subform is submitted
210
211 /**
212 * check timezone setting
213 * this could produce an E_WARNING - but only once,
214 * if not done here it will produce E_WARNING on every date/time function
215 */
216 date_default_timezone_set(@date_default_timezone_get());
217
218 /******************************************************************************/
219 /* parsing configuration file LABEL_parsing_config_file */
220
221 /**
222 * @global Config $GLOBALS['PMA_Config']
223 * force reading of config file, because we removed sensitive values
224 * in the previous iteration
225 */
226 $GLOBALS['PMA_Config'] = new Config(CONFIG_FILE);
227
228 /**
229 * BC - enable backward compatibility
230 * exports all configuration settings into $GLOBALS ($GLOBALS['cfg'])
231 */
232 $GLOBALS['PMA_Config']->enableBc();
233
234 /**
235 * clean cookies on upgrade
236 * when changing something related to PMA cookies, increment the cookie version
237 */
238 $pma_cookie_version = 5;
239 if (isset($_COOKIE)) {
240 if (! isset($_COOKIE['pmaCookieVer'])
241 || $_COOKIE['pmaCookieVer'] != $pma_cookie_version
242 ) {
243 // delete all cookies
244 foreach ($_COOKIE as $cookie_name => $tmp) {
245 // We ignore cookies not with pma prefix
246 if (strncmp('pma', $cookie_name, 3) != 0) {
247 continue;
248 }
249 $GLOBALS['PMA_Config']->removeCookie($cookie_name);
250 }
251 $_COOKIE = array();
252 $GLOBALS['PMA_Config']->setCookie('pmaCookieVer', $pma_cookie_version);
253 }
254 }
255
256 /**
257 * include session handling after the globals, to prevent overwriting
258 */
259 require './libraries/session.inc.php';
260
261 /**
262 * init some variables LABEL_variables_init
263 */
264
265 /**
266 * holds parameters to be passed to next page
267 * @global array $GLOBALS['url_params']
268 */
269 $GLOBALS['url_params'] = array();
270
271 /**
272 * the whitelist for $GLOBALS['goto']
273 * @global array $goto_whitelist
274 */
275 $goto_whitelist = array(
276 'db_datadict.php',
277 'db_sql.php',
278 'db_events.php',
279 'db_export.php',
280 'db_importdocsql.php',
281 'db_qbe.php',
282 'db_structure.php',
283 'db_import.php',
284 'db_operations.php',
285 'db_search.php',
286 'db_routines.php',
287 'export.php',
288 'import.php',
289 'index.php',
290 'pdf_pages.php',
291 'pdf_schema.php',
292 'server_binlog.php',
293 'server_collations.php',
294 'server_databases.php',
295 'server_engines.php',
296 'server_export.php',
297 'server_import.php',
298 'server_privileges.php',
299 'server_sql.php',
300 'server_status.php',
301 'server_status_advisor.php',
302 'server_status_monitor.php',
303 'server_status_queries.php',
304 'server_status_variables.php',
305 'server_variables.php',
306 'sql.php',
307 'tbl_addfield.php',
308 'tbl_change.php',
309 'tbl_create.php',
310 'tbl_import.php',
311 'tbl_indexes.php',
312 'tbl_sql.php',
313 'tbl_export.php',
314 'tbl_operations.php',
315 'tbl_structure.php',
316 'tbl_relation.php',
317 'tbl_replace.php',
318 'tbl_row_action.php',
319 'tbl_select.php',
320 'tbl_zoom_select.php',
321 'transformation_overview.php',
322 'transformation_wrapper.php',
323 'user_password.php',
324 );
325
326 /**
327 * check $__redirect against whitelist
328 */
329 if (! PMA_checkPageValidity($__redirect, $goto_whitelist)) {
330 $__redirect = null;
331 }
332
333 /**
334 * holds page that should be displayed
335 * @global string $GLOBALS['goto']
336 */
337 $GLOBALS['goto'] = '';
338 // Security fix: disallow accessing serious server files via "?goto="
339 if (PMA_checkPageValidity($_REQUEST['goto'], $goto_whitelist)) {
340 $GLOBALS['goto'] = $_REQUEST['goto'];
341 $GLOBALS['url_params']['goto'] = $_REQUEST['goto'];
342 } else {
343 unset($_REQUEST['goto'], $_GET['goto'], $_POST['goto'], $_COOKIE['goto']);
344 }
345
346 /**
347 * returning page
348 * @global string $GLOBALS['back']
349 */
350 if (PMA_checkPageValidity($_REQUEST['back'], $goto_whitelist)) {
351 $GLOBALS['back'] = $_REQUEST['back'];
352 } else {
353 unset($_REQUEST['back'], $_GET['back'], $_POST['back'], $_COOKIE['back']);
354 }
355
356 /**
357 * Check whether user supplied token is valid, if not remove any possibly
358 * dangerous stuff from request.
359 *
360 * remember that some objects in the session with session_start and __wakeup()
361 * could access this variables before we reach this point
362 * f.e. PMA\libraries\Config: fontsize
363 *
364 * Check for token mismatch only if the Request method is POST
365 * GET Requests would never have token and therefore checking
366 * mis-match does not make sense
367 *
368 * @todo variables should be handled by their respective owners (objects)
369 * f.e. lang, server, collation_connection in PMA\libraries\Config
370 */
371
372 $token_mismatch = true;
373 $token_provided = false;
374
375 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
376 if (PMA_isValid($_POST['token'])) {
377 $token_provided = true;
378 $token_mismatch = ! @hash_equals($_SESSION[' PMA_token '], $_POST['token']);
379 }
380
381 if ($token_mismatch) {
382 /**
383 * We don't allow any POST operation parameters if the token is mismatched
384 * or is not provided
385 */
386 $whitelist = array('ajax_request');
387 PMA\libraries\Sanitize::removeRequestVars($whitelist);
388 }
389 }
390
391
392 /**
393 * current selected database
394 * @global string $GLOBALS['db']
395 */
396 PMA_setGlobalDbOrTable('db');
397
398 /**
399 * current selected table
400 * @global string $GLOBALS['table']
401 */
402 PMA_setGlobalDbOrTable('table');
403
404 /**
405 * Store currently selected recent table.
406 * Affect $GLOBALS['db'] and $GLOBALS['table']
407 */
408 if (PMA_isValid($_REQUEST['selected_recent_table'])) {
409 $recent_table = json_decode($_REQUEST['selected_recent_table'], true);
410
411 $GLOBALS['db']
412 = (array_key_exists('db', $recent_table) && is_string($recent_table['db'])) ?
413 $recent_table['db'] : '';
414 $GLOBALS['url_params']['db'] = $GLOBALS['db'];
415
416 $GLOBALS['table']
417 = (array_key_exists('table', $recent_table) && is_string($recent_table['table'])) ?
418 $recent_table['table'] : '';
419 $GLOBALS['url_params']['table'] = $GLOBALS['table'];
420 }
421
422 /**
423 * SQL query to be executed
424 * @global string $GLOBALS['sql_query']
425 */
426 $GLOBALS['sql_query'] = '';
427 if (PMA_isValid($_REQUEST['sql_query'])) {
428 $GLOBALS['sql_query'] = $_REQUEST['sql_query'];
429 }
430
431 //$_REQUEST['set_theme'] // checked later in this file LABEL_theme_setup
432 //$_REQUEST['server']; // checked later in this file
433 //$_REQUEST['lang']; // checked by LABEL_loading_language_file
434
435 /******************************************************************************/
436 /* loading language file LABEL_loading_language_file */
437
438 /**
439 * lang detection is done here
440 */
441 $language = LanguageManager::getInstance()->selectLanguage();
442 $language->activate();
443
444 // Defines the cell alignment values depending on text direction
445 if ($GLOBALS['text_dir'] == 'ltr') {
446 $GLOBALS['cell_align_left'] = 'left';
447 $GLOBALS['cell_align_right'] = 'right';
448 } else {
449 $GLOBALS['cell_align_left'] = 'right';
450 $GLOBALS['cell_align_right'] = 'left';
451 }
452
453 /**
454 * check for errors occurred while loading configuration
455 * this check is done here after loading language files to present errors in locale
456 */
457 $GLOBALS['PMA_Config']->checkPermissions();
458 $GLOBALS['PMA_Config']->checkErrors();
459
460 /**
461 * As we try to handle charsets by ourself, mbstring overloads just
462 * break it, see bug 1063821.
463 *
464 * We specifically use empty here as we are looking for anything else than
465 * empty value or 0.
466 */
467 if (@extension_loaded('mbstring') && !empty(@ini_get('mbstring.func_overload'))) {
468 PMA_fatalError(
469 __(
470 'You have enabled mbstring.func_overload in your PHP '
471 . 'configuration. This option is incompatible with phpMyAdmin '
472 . 'and might cause some data to be corrupted!'
473 )
474 );
475 }
476
477 /**
478 * The ini_set and ini_get functions can be disabled using
479 * disable_functions but we're relying quite a lot of them.
480 */
481 if (! function_exists('ini_get') || ! function_exists('ini_set')) {
482 PMA_fatalError(
483 __(
484 'You have disabled ini_get and/or ini_set in php.ini. '
485 . 'This option is incompatible with phpMyAdmin!'
486 )
487 );
488 }
489
490 /******************************************************************************/
491 /* setup servers LABEL_setup_servers */
492
493 /**
494 * current server
495 * @global integer $GLOBALS['server']
496 */
497 $GLOBALS['server'] = 0;
498
499 /**
500 * Servers array fixups.
501 * $default_server comes from PMA\libraries\Config::enableBc()
502 * @todo merge into PMA\libraries\Config
503 */
504 // Do we have some server?
505 if (! isset($cfg['Servers']) || count($cfg['Servers']) == 0) {
506 // No server => create one with defaults
507 $cfg['Servers'] = array(1 => $default_server);
508 } else {
509 // We have server(s) => apply default configuration
510 $new_servers = array();
511
512 foreach ($cfg['Servers'] as $server_index => $each_server) {
513
514 // Detect wrong configuration
515 if (!is_int($server_index) || $server_index < 1) {
516 trigger_error(
517 sprintf(__('Invalid server index: %s'), $server_index),
518 E_USER_ERROR
519 );
520 }
521
522 $each_server = array_merge($default_server, $each_server);
523
524 // Final solution to bug #582890
525 // If we are using a socket connection
526 // and there is nothing in the verbose server name
527 // or the host field, then generate a name for the server
528 // in the form of "Server 2", localized of course!
529 if (empty($each_server['host']) && empty($each_server['verbose'])) {
530 $each_server['verbose'] = sprintf(__('Server %d'), $server_index);
531 }
532
533 $new_servers[$server_index] = $each_server;
534 }
535 $cfg['Servers'] = $new_servers;
536 unset($new_servers, $server_index, $each_server);
537 }
538
539 // Cleanup
540 unset($default_server);
541
542
543 if (! defined('PMA_MINIMUM_COMMON')) {
544 /**
545 * Lookup server by name
546 * (see FAQ 4.8)
547 */
548 if (! empty($_REQUEST['server'])
549 && is_string($_REQUEST['server'])
550 && ! is_numeric($_REQUEST['server'])
551 ) {
552 foreach ($cfg['Servers'] as $i => $server) {
553 $verboseToLower = mb_strtolower($server['verbose']);
554 $serverToLower = mb_strtolower($_REQUEST['server']);
555 if ($server['host'] == $_REQUEST['server']
556 || $server['verbose'] == $_REQUEST['server']
557 || $verboseToLower == $serverToLower
558 || md5($verboseToLower) === $serverToLower
559 ) {
560 $_REQUEST['server'] = $i;
561 break;
562 }
563 }
564 if (is_string($_REQUEST['server'])) {
565 unset($_REQUEST['server']);
566 }
567 unset($i);
568 }
569 }
570
571 /**
572 * If no server is selected, make sure that $cfg['Server'] is empty (so
573 * that nothing will work), and skip server authentication.
574 * We do NOT exit here, but continue on without logging into any server.
575 * This way, the welcome page will still come up (with no server info) and
576 * present a choice of servers in the case that there are multiple servers
577 * and '$cfg['ServerDefault'] = 0' is set.
578 */
579
580 if (isset($_REQUEST['server'])
581 && (is_string($_REQUEST['server']) || is_numeric($_REQUEST['server']))
582 && ! empty($_REQUEST['server'])
583 && ! empty($cfg['Servers'][$_REQUEST['server']])
584 ) {
585 $GLOBALS['server'] = $_REQUEST['server'];
586 $cfg['Server'] = $cfg['Servers'][$GLOBALS['server']];
587 } else {
588 if (!empty($cfg['Servers'][$cfg['ServerDefault']])) {
589 $GLOBALS['server'] = $cfg['ServerDefault'];
590 $cfg['Server'] = $cfg['Servers'][$GLOBALS['server']];
591 } else {
592 $GLOBALS['server'] = 0;
593 $cfg['Server'] = array();
594 }
595 }
596 $GLOBALS['url_params']['server'] = $GLOBALS['server'];
597
598 /******************************************************************************/
599 /* setup themes LABEL_theme_setup */
600
601 ThemeManager::initializeTheme();
602
603 if (! defined('PMA_MINIMUM_COMMON')) {
604 /**
605 * save some settings in cookies
606 * @todo should be done in PMA\libraries\Config
607 */
608 $GLOBALS['PMA_Config']->setCookie('pma_lang', $GLOBALS['lang']);
609 if (isset($GLOBALS['collation_connection'])) {
610 $GLOBALS['PMA_Config']->setCookie(
611 'pma_collation_connection',
612 $GLOBALS['collation_connection']
613 );
614 }
615
616 ThemeManager::getInstance()->setThemeCookie();
617
618 if (! empty($cfg['Server'])) {
619
620 /**
621 * Loads the proper database interface for this server
622 */
623 include_once './libraries/database_interface.inc.php';
624
625 // get LoginCookieValidity from preferences cache
626 // no generic solution for loading preferences from cache as some settings
627 // need to be kept for processing in
628 // PMA\libraries\Config::loadUserPreferences()
629 $cache_key = 'server_' . $GLOBALS['server'];
630 if (isset($_SESSION['cache'][$cache_key]['userprefs']['LoginCookieValidity'])
631 ) {
632 $value
633 = $_SESSION['cache'][$cache_key]['userprefs']['LoginCookieValidity'];
634 $GLOBALS['PMA_Config']->set('LoginCookieValidity', $value);
635 $GLOBALS['cfg']['LoginCookieValidity'] = $value;
636 unset($value);
637 }
638 unset($cache_key);
639
640 // Gets the authentication library that fits the $cfg['Server'] settings
641 // and run authentication
642
643 // to allow HTTP or http
644 $cfg['Server']['auth_type']
645 = mb_strtolower($cfg['Server']['auth_type']);
646
647 /**
648 * the required auth type plugin
649 */
650 $auth_class = "Authentication" . ucfirst($cfg['Server']['auth_type']);
651 if (! @file_exists(
652 './libraries/plugins/auth/'
653 . $auth_class . '.php'
654 )) {
655 PMA_fatalError(
656 __('Invalid authentication method set in configuration:')
657 . ' ' . $cfg['Server']['auth_type']
658 );
659 }
660 if (isset($_REQUEST['pma_password']) && strlen($_REQUEST['pma_password']) > 256) {
661 $_REQUEST['pma_password'] = substr($_REQUEST['pma_password'], 0, 256);
662 }
663 $fqnAuthClass = 'PMA\libraries\plugins\auth\\' . $auth_class;
664 // todo: add plugin manager
665 $plugin_manager = null;
666 /** @var AuthenticationPlugin $auth_plugin */
667 $auth_plugin = new $fqnAuthClass($plugin_manager);
668
669 if (! $auth_plugin->authCheck()) {
670 /* Force generating of new session on login */
671 PMA_secureSession();
672 $auth_plugin->auth();
673 } else {
674 $auth_plugin->authSetUser();
675 }
676
677 // Check IP-based Allow/Deny rules as soon as possible to reject the
678 // user based on mod_access in Apache
679 if (isset($cfg['Server']['AllowDeny'])
680 && isset($cfg['Server']['AllowDeny']['order'])
681 ) {
682
683 /**
684 * ip based access library
685 */
686 include_once './libraries/ip_allow_deny.lib.php';
687
688 $allowDeny_forbidden = false; // default
689 if ($cfg['Server']['AllowDeny']['order'] == 'allow,deny') {
690 $allowDeny_forbidden = true;
691 if (PMA_allowDeny('allow')) {
692 $allowDeny_forbidden = false;
693 }
694 if (PMA_allowDeny('deny')) {
695 $allowDeny_forbidden = true;
696 }
697 } elseif ($cfg['Server']['AllowDeny']['order'] == 'deny,allow') {
698 if (PMA_allowDeny('deny')) {
699 $allowDeny_forbidden = true;
700 }
701 if (PMA_allowDeny('allow')) {
702 $allowDeny_forbidden = false;
703 }
704 } elseif ($cfg['Server']['AllowDeny']['order'] == 'explicit') {
705 if (PMA_allowDeny('allow') && ! PMA_allowDeny('deny')) {
706 $allowDeny_forbidden = false;
707 } else {
708 $allowDeny_forbidden = true;
709 }
710 } // end if ... elseif ... elseif
711
712 // Ejects the user if banished
713 if ($allowDeny_forbidden) {
714 Logging::logUser($cfg['Server']['user'], 'allow-denied');
715 $auth_plugin->authFails();
716 }
717 } // end if
718
719 // is root allowed?
720 if (! $cfg['Server']['AllowRoot'] && $cfg['Server']['user'] == 'root') {
721 $allowDeny_forbidden = true;
722 Logging::logUser($cfg['Server']['user'], 'root-denied');
723 $auth_plugin->authFails();
724 }
725
726 // is a login without password allowed?
727 if (! $cfg['Server']['AllowNoPassword']
728 && $cfg['Server']['password'] === ''
729 ) {
730 $login_without_password_is_forbidden = true;
731 Logging::logUser($cfg['Server']['user'], 'empty-denied');
732 $auth_plugin->authFails();
733 }
734
735 // Try to connect MySQL with the control user profile (will be used to
736 // get the privileges list for the current user but the true user link
737 // must be open after this one so it would be default one for all the
738 // scripts)
739 $controllink = false;
740 if ($cfg['Server']['controluser'] != '') {
741 $controllink = $GLOBALS['dbi']->connect(
742 DatabaseInterface::CONNECT_CONTROL
743 );
744 }
745
746 // Connects to the server (validates user's login)
747 /** @var DatabaseInterface $userlink */
748 $userlink = $GLOBALS['dbi']->connect(DatabaseInterface::CONNECT_USER);
749
750 // Set timestamp for the session, if required.
751 if ($cfg['Server']['SessionTimeZone'] != '') {
752 $sql_query_tz = 'SET ' . Util::backquote('time_zone') . ' = '
753 . '\''
754 . $GLOBALS['dbi']->escapeString($cfg['Server']['SessionTimeZone'])
755 . '\'';
756
757 if (! $userlink->query($sql_query_tz)) {
758 $error_message_tz = sprintf(
759 __(
760 'Unable to use timezone %1$s for server %2$d. '
761 . 'Please check your configuration setting for '
762 . '[em]$cfg[\'Servers\'][%3$d][\'SessionTimeZone\'][/em]. '
763 . 'phpMyAdmin is currently using the default time zone '
764 . 'of the database server.'
765 ),
766 $cfg['Servers'][$GLOBALS['server']]['SessionTimeZone'],
767 $GLOBALS['server'],
768 $GLOBALS['server']
769 );
770
771 $GLOBALS['error_handler']->addError(
772 $error_message_tz,
773 E_USER_WARNING,
774 '',
775 '',
776 false
777 );
778 }
779 }
780
781 if (! $controllink) {
782 /*
783 * Open separate connection for control queries, this is needed
784 * to avoid problems with table locking used in main connection
785 * and phpMyAdmin issuing queries to configuration storage, which
786 * is not locked by that time.
787 */
788 $controllink = $GLOBALS['dbi']->connect(DatabaseInterface::CONNECT_USER);
789 }
790
791 $auth_plugin->storeUserCredentials();
792
793 /* Log success */
794 Logging::logUser($cfg['Server']['user']);
795
796 if (PMA_MYSQL_INT_VERSION < $cfg['MysqlMinVersion']['internal']) {
797 PMA_fatalError(
798 __('You should upgrade to %s %s or later.'),
799 array('MySQL', $cfg['MysqlMinVersion']['human'])
800 );
801 }
802
803 /**
804 * Type handling object.
805 */
806 $GLOBALS['PMA_Types'] = new TypesMySQL();
807
808 // Loads closest context to this version.
809 PhpMyAdmin\SqlParser\Context::loadClosest('MySql' . PMA_MYSQL_INT_VERSION);
810
811 // Sets the default delimiter (if specified).
812 if (!empty($_REQUEST['sql_delimiter'])) {
813 PhpMyAdmin\SqlParser\Lexer::$DEFAULT_DELIMITER = $_REQUEST['sql_delimiter'];
814 }
815
816 // TODO: Set SQL modes too.
817
818 /**
819 * the DbList class as a stub for the ListDatabase class
820 */
821 $dblist = new DbList;
822 $dblist->userlink = $userlink;
823 $dblist->controllink = $controllink;
824
825 /**
826 * some resetting has to be done when switching servers
827 */
828 if (isset($_SESSION['tmpval']['previous_server'])
829 && $_SESSION['tmpval']['previous_server'] != $GLOBALS['server']
830 ) {
831 unset($_SESSION['tmpval']['navi_limit_offset']);
832 }
833 $_SESSION['tmpval']['previous_server'] = $GLOBALS['server'];
834
835 } else { // end server connecting
836 // No need to check for 'PMA_BYPASS_GET_INSTANCE' since this execution path
837 // applies only to initial login
838 $response = Response::getInstance();
839 $response->getHeader()->disableMenuAndConsole();
840 $response->getFooter()->setMinimal();
841 }
842
843 /**
844 * check if profiling was requested and remember it
845 * (note: when $cfg['ServerDefault'] = 0, constant is not defined)
846 */
847 if (isset($_REQUEST['profiling'])
848 && Util::profilingSupported()
849 ) {
850 $_SESSION['profiling'] = true;
851 } elseif (isset($_REQUEST['profiling_form'])) {
852 // the checkbox was unchecked
853 unset($_SESSION['profiling']);
854 }
855
856 // load user preferences
857 $GLOBALS['PMA_Config']->loadUserPreferences();
858
859 /**
860 * Inclusion of profiling scripts is needed on various
861 * pages like sql, tbl_sql, db_sql, tbl_select
862 */
863 if (! defined('PMA_BYPASS_GET_INSTANCE')) {
864 $response = Response::getInstance();
865 }
866 if (isset($response) && isset($_SESSION['profiling'])) {
867 $header = $response->getHeader();
868 $scripts = $header->getScripts();
869 $scripts->addFile('chart.js');
870 $scripts->addFile('jqplot/jquery.jqplot.js');
871 $scripts->addFile('jqplot/plugins/jqplot.pieRenderer.js');
872 $scripts->addFile('jqplot/plugins/jqplot.highlighter.js');
873 $scripts->addFile('jquery/jquery.tablesorter.js');
874 }
875
876 /*
877 * There is no point in even attempting to process
878 * an ajax request if there is a token mismatch
879 */
880 if (isset($response) && $response->isAjax() && $_SERVER['REQUEST_METHOD'] == 'POST' && $token_mismatch) {
881 $response->setRequestStatus(false);
882 $response->addJSON(
883 'message',
884 Message::error(__('Error: Token mismatch'))
885 );
886 exit;
887 }
888 } else { // end if !defined('PMA_MINIMUM_COMMON')
889 // load user preferences
890 $GLOBALS['PMA_Config']->loadUserPreferences();
891 }
892
893 // remove sensitive values from session
894 $GLOBALS['PMA_Config']->set('blowfish_secret', '');
895 $GLOBALS['PMA_Config']->set('Servers', '');
896 $GLOBALS['PMA_Config']->set('default_server', '');
897
898 /* Tell tracker that it can actually work */
899 Tracker::enable();
900
901 if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
902 PMA_fatalError(__("GLOBALS overwrite attempt"));
903 }
904
905 /**
906 * protect against possible exploits - there is no need to have so much variables
907 */
908 if (count($_REQUEST) > 1000) {
909 PMA_fatalError(__('possible exploit'));
910 }
911
912 // here, the function does not exist with this configuration:
913 // $cfg['ServerDefault'] = 0;
914 $GLOBALS['is_superuser']
915 = isset($GLOBALS['dbi']) && $GLOBALS['dbi']->isSuperuser();
916
917 if (!empty($__redirect) && in_array($__redirect, $goto_whitelist)) {
918 /**
919 * include subform target page
920 */
921 include $__redirect;
922 exit();
923 }
924
925 // If Zero configuration mode enabled, check PMA tables in current db.
926 if (! defined('PMA_MINIMUM_COMMON')
927 && ! empty($GLOBALS['server'])
928 && isset($GLOBALS['cfg']['ZeroConf'])
929 && $GLOBALS['cfg']['ZeroConf'] == true
930 ) {
931 if (! empty($GLOBALS['db'])) {
932 $cfgRelation = PMA_getRelationsParam();
933 if (empty($cfgRelation['db'])) {
934 PMA_fixPMATables($GLOBALS['db'], false);
935 }
936 }
937 $cfgRelation = PMA_getRelationsParam();
938 if (empty($cfgRelation['db'])) {
939 if ($GLOBALS['dblist']->databases->exists('phpmyadmin')) {
940 PMA_fixPMATables('phpmyadmin', false);
941 }
942 }
943 }
944
945 if (! defined('PMA_MINIMUM_COMMON')) {
946 include_once 'libraries/config/messages.inc.php';
947 include 'libraries/config/user_preferences.forms.php';
948 include_once 'libraries/config/page_settings.forms.php';
949 }
phpMyAdmin