search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fix regular expression validation when phpMyAdmin custom error handler is set
[phpmyadmin.git] / main.php
blob8c658c7c87bfd1a1a16448bef473b9a36f726ecd
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 *
5 * @package phpMyAdmin
6 */
7
8 /**
9 * Gets some core libraries and displays a top message if required
10 */
11 define('PMA_COLORPICKER', true);
12 require_once './libraries/common.inc.php';
13
14 $GLOBALS['js_include'][] = 'colorpicker/js/colorpicker.js';
15 $GLOBALS['js_include'][] = 'main_custom_color.js';
16
17 // Handles some variables that may have been sent by the calling script
18 $GLOBALS['db'] = '';
19 $GLOBALS['table'] = '';
20 $show_query = '1';
21 require_once './libraries/header.inc.php';
22
23 // Any message to display?
24 if (! empty($message)) {
25 PMA_showMessage($message);
26 unset($message);
27 }
28
29 $common_url_query = PMA_generate_common_url('', '');
30
31 // when $server > 0, a server has been chosen so we can display
32 // all MySQL-related information
33 if ($server > 0) {
34 require './libraries/server_common.inc.php';
35 require './libraries/StorageEngine.class.php';
36 require './libraries/server_links.inc.php';
37
38 // Use the verbose name of the server instead of the hostname
39 // if a value is set
40 $server_info = '';
41 if (! empty($cfg['Server']['verbose'])) {
42 $server_info .= htmlspecialchars($cfg['Server']['verbose']);
43 if ($GLOBALS['cfg']['ShowServerInfo']) {
44 $server_info .= ' (';
45 }
46 }
47 if ($GLOBALS['cfg']['ShowServerInfo'] || empty($cfg['Server']['verbose'])) {
48 $server_info .= PMA_DBI_get_host_info();
49 }
50 if (! empty($cfg['Server']['verbose']) && $GLOBALS['cfg']['ShowServerInfo']) {
51 $server_info .= ')';
52 }
53 $mysql_cur_user_and_host = PMA_DBI_fetch_value('SELECT USER();');
54
55 // should we add the port info here?
56 $short_server_info = (!empty($GLOBALS['cfg']['Server']['verbose'])
57 ? $GLOBALS['cfg']['Server']['verbose']
58 : $GLOBALS['cfg']['Server']['host']);
59 }
60
61 echo '<div id="maincontainer">' . "\n";
62 echo '<div id="main_pane_left">';
63
64 if ($server > 0
65 || (! $cfg['LeftDisplayServers'] && count($cfg['Servers']) > 1)) {
66 echo '<div class="group">';
67 echo '<h2>' . __('Actions') . '</h2>';
68 echo '<ul>';
69
70 /**
71 * Displays the MySQL servers choice form
72 */
73 if (! $cfg['LeftDisplayServers']
74 && (count($cfg['Servers']) > 1 || $server == 0 && count($cfg['Servers']) == 1)) {
75 echo '<li id="li_select_server">';
76 require_once './libraries/select_server.lib.php';
77 PMA_select_server(true, true);
78 echo '</li>';
79 }
80
81 /**
82 * Displays the mysql server related links
83 */
84 if ($server > 0) {
85 require_once './libraries/check_user_privileges.lib.php';
86
87 // Logout for advanced authentication
88 if ($cfg['Server']['auth_type'] != 'config') {
89 if ($cfg['ShowChgPassword']) {
90 PMA_printListItem(__('Change password'), 'li_change_password',
91 './user_password.php?' . $common_url_query);
92 }
93
94 $http_logout = ($cfg['Server']['auth_type'] == 'http')
95 ? '<a href="./Documentation.html#login_bug" target="documentation">'
96 . ($cfg['ReplaceHelpImg'] ? '<img class="icon" src="' . $pmaThemeImage . 'b_info.png" width="11" height="11" alt="Info" />' : '(*)') . '</a>'
97 : '';
98 PMA_printListItem('<strong>' . __('Log out') . '</strong> ' . $http_logout,
99 'li_log_out',
100 './index.php?' . $common_url_query . '&amp;old_usr=' . urlencode($PHP_AUTH_USER), null, '_parent');
101 } // end if
102 } // end of if ($server > 0)
103
104 echo '</ul>';
105 echo '</div>';
106 }
107
108
109 if ($server > 0) {
110 echo '<div class="group">';
111 echo '<h2>MySQL ' . $short_server_info . '</h2>';
112 echo '<ul>' . "\n";
113
114 if ($cfg['ShowCreateDb']) {
115 echo '<li id="li_create_database">';
116 require './libraries/display_create_database.lib.php';
117 echo '</li>' . "\n";
118 }
119
120 echo ' <li id="li_select_mysql_collation">';
121 echo ' <form method="post" action="index.php" target="_parent">' . "\n"
122 . PMA_generate_common_hidden_inputs(null, null, 4, 'collation_connection')
123 . ' <label for="select_collation_connection">' . "\n"
124 . ' ' . __('MySQL connection collation') . ': ' . "\n"
125 . ' </label>' . "\n"
126 . PMA_generateCharsetDropdownBox(PMA_CSDROPDOWN_COLLATION, 'collation_connection', 'select_collation_connection', $collation_connection, true, 4, true)
127 . ' <noscript><input type="submit" value="' . __('Go') . '" /></noscript>' . "\n"
128 // put the doc link in the form so that it appears on the same line
129 . PMA_showMySQLDocu('MySQL_Database_Administration', 'Charset-connection') . "\n"
130 . ' </form>' . "\n"
131 . ' </li>' . "\n";
132
133 echo ' </ul>';
134 echo ' </div>';
135 }
136
137 echo '<div class="group">';
138 echo '<h2>' . __('Interface') . '</h2>';
139 echo ' <ul>';
140
141 // Displays language selection combo
142 if (empty($cfg['Lang'])) {
143 echo '<li id="li_select_lang">';
144 require_once './libraries/display_select_lang.lib.php';
145 PMA_select_language();
146 echo '</li>';
147 }
148
149 // ThemeManager if available
150
151 if ($GLOBALS['cfg']['ThemeManager']) {
152 echo '<li id="li_select_theme">';
153 echo $_SESSION['PMA_Theme_Manager']->getHtmlSelectBox();
154 echo '</li>';
155
156 // see js/main_custom_color.js
157 echo '<li id="li_custom_color" class="hide">';
158 echo PMA_escapeJsString(__('Custom color')) . ': ';
159 echo '<form name="colorform" id="colorform" method="post" action="index.php" target="_parent">';
160 echo PMA_generate_common_hidden_inputs();
161 echo '<input type="hidden" id="custom_color" name="custom_color" value="" />';
162 echo '<input type="submit" name="custom_color_reset" value="' . __('Reset') . '" />';
163 echo '</form>';
164 echo '<div id="colorSelector">';
165 echo '</div>';
166 echo '</li>';
167 }
168 echo '<li id="li_select_fontsize">';
169 echo PMA_Config::getFontsizeForm();
170 echo '</li>';
171
172 echo '</ul>';
173
174 // User preferences
175
176 echo '<ul>';
177 echo PMA_printListItem(__('More settings'), 'li_user_preferences',
178 './prefs_manage.php?' . $common_url_query);
179 echo '<ul>';
180
181 echo '</div>';
182
183
184 echo '</div>';
185 echo '<div id="main_pane_right">';
186
187
188 if ($server > 0 && $GLOBALS['cfg']['ShowServerInfo']) {
189 echo '<div class="group">';
190 echo '<h2>MySQL</h2>';
191 echo '<ul>' . "\n";
192 PMA_printListItem(__('Server') . ': ' . $server_info, 'li_server_info');
193 PMA_printListItem(__('Server version') . ': ' . PMA_MYSQL_STR_VERSION, 'li_server_version');
194 PMA_printListItem(__('Protocol version') . ': ' . PMA_DBI_get_proto_info(),
195 'li_mysql_proto');
196 PMA_printListItem(__('User') . ': ' . htmlspecialchars($mysql_cur_user_and_host),
197 'li_user_info');
198
199 echo ' <li id="li_select_mysql_charset">';
200 echo ' ' . __('MySQL charset') . ': '
201 . ' <span xml:lang="en" dir="ltr">'
202 . ' ' . $mysql_charsets_descriptions[$mysql_charset_map[strtolower($charset)]] . "\n"
203 . ' (' . $mysql_charset_map[strtolower($charset)] . ')' . "\n"
204 . ' </span>' . "\n"
205 . ' </li>' . "\n";
206 echo ' </ul>';
207 echo ' </div>';
208 }
209
210 if ($GLOBALS['cfg']['ShowServerInfo'] || $GLOBALS['cfg']['ShowPhpInfo']) {
211 echo '<div class="group">';
212 echo '<h2>' . __('Web server') . '</h2>';
213 echo '<ul>';
214 if ($GLOBALS['cfg']['ShowServerInfo']) {
215 PMA_printListItem($_SERVER['SERVER_SOFTWARE'], 'li_web_server_software');
216
217 if ($server > 0) {
218 PMA_printListItem(__('MySQL client version') . ': ' . PMA_DBI_get_client_info(),
219 'li_mysql_client_version');
220 PMA_printListItem(__('PHP extension') . ': ' . $GLOBALS['cfg']['Server']['extension'],
221 'li_used_php_extension');
222 }
223 }
224
225 if ($cfg['ShowPhpInfo']) {
226 PMA_printListItem(__('Show PHP information'), 'li_phpinfo', './phpinfo.php?' . $common_url_query);
227 }
228 echo ' </ul>';
229 echo ' </div>';
230 }
231
232 echo '<div class="group">';
233 echo '<h2>phpMyAdmin</h2>';
234 echo '<ul>';
235 PMA_printListItem(__('Version information') . ': ' . PMA_VERSION, 'li_pma_version');
236 PMA_printListItem(__('Documentation'), 'li_pma_docs', 'Documentation.html', null, '_blank');
237 PMA_printListItem(__('Wiki'), 'li_pma_wiki', 'http://wiki.phpmyadmin.net', null, '_blank');
238
239 // does not work if no target specified, don't know why
240 PMA_printListItem(__('Official Homepage'), 'li_pma_homepage', 'http://www.phpMyAdmin.net/', null, '_blank');
241 ?>
242 <li><bdo xml:lang="en" dir="ltr">
243 [<a href="changelog.php" target="_blank">ChangeLog</a>]
244 [<a href="http://phpmyadmin.git.sourceforge.net/git/gitweb-index.cgi"
245 target="_blank">Git</a>]
246 [<a href="http://sourceforge.net/mail/?group_id=23067"
247 target="_blank">Lists</a>]
248 </bdo>
249 </li>
250 </ul>
251 </div>
252
253 </div>
254
255 <?php
256 /**
257 * BUG: MSIE needs two <br /> here, otherwise it will not extend the outer div to the
258 * full height of the inner divs
259 */
260 ?>
261 <br class="clearfloat" />
262 <br class="clearfloat" />
263 </div>
264
265 <?php
266 /**
267 * Warning if using the default MySQL privileged account
268 * modified: 2004-05-05 mkkeck
269 */
270 if ($server != 0
271 && $cfg['Server']['user'] == 'root'
272 && $cfg['Server']['password'] == '') {
273 trigger_error(__('Your configuration file contains settings (root with no password) that correspond to the default MySQL privileged account. Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole by setting a password for user \'root\'.'), E_USER_WARNING);
274 }
275
276 /**
277 * Nijel: As we try to handle charsets by ourself, mbstring overloads just
278 * break it, see bug 1063821.
279 */
280 if (@extension_loaded('mbstring') && @ini_get('mbstring.func_overload') > 1) {
281 trigger_error(__('You have enabled mbstring.func_overload in your PHP configuration. This option is incompatible with phpMyAdmin and might cause some data to be corrupted!'), E_USER_WARNING);
282 }
283
284 /**
285 * Nijel: mbstring is used for handling multibyte inside parser, so it is good
286 * to tell user something might be broken without it, see bug #1063149.
287 */
288 if (! @extension_loaded('mbstring')) {
289 trigger_error(__('The mbstring PHP extension was not found and you seem to be using a multibyte charset. Without the mbstring extension phpMyAdmin is unable to split strings correctly and it may result in unexpected results.'), E_USER_WARNING);
290 }
291
292 /**
293 * Check whether session.gc_maxlifetime limits session validity.
294 */
295 $gc_time = (int)@ini_get('session.gc_maxlifetime');
296 if ($gc_time < $GLOBALS['cfg']['LoginCookieValidity'] ) {
297 trigger_error(PMA_Message::decodeBB(__('Your PHP parameter [a@http://php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime@]session.gc_maxlifetime[/a] is lower that cookie validity configured in phpMyAdmin, because of this, your login will expire sooner than configured in phpMyAdmin.')), E_USER_WARNING);
298 }
299
300 /**
301 * Check if user does not have defined blowfish secret and it is being used.
302 */
303 if (!empty($_SESSION['auto_blowfish_secret']) &&
304 empty($GLOBALS['cfg']['blowfish_secret'])) {
305 trigger_error(__('The configuration file now needs a secret passphrase (blowfish_secret).'), E_USER_WARNING);
306 }
307
308 /**
309 * Check for existence of config directory which should not exist in
310 * production environment.
311 */
312 if (file_exists('./config')) {
313 trigger_error(__('Directory [code]config[/code], which is used by the setup script, still exists in your phpMyAdmin directory. You should remove it once phpMyAdmin has been configured.'), E_USER_WARNING);
314 }
315
316 /**
317 * Check whether relations are supported.
318 */
319 if ($server > 0) {
320 $cfgRelation = PMA_getRelationsParam();
321 if(!$cfgRelation['allworks'] && $cfg['PmaNoRelation_DisableWarning'] == false) {
322 $message = PMA_Message::notice(__('The additional features for working with linked tables have been deactivated. To find out why click %shere%s.'));
323 $message->addParam('<a href="' . $cfg['PmaAbsoluteUri'] . 'chk_rel.php?' . $common_url_query . '">', false);
324 $message->addParam('</a>', false);
325 /* Show error if user has configured something, notice elsewhere */
326 if (!empty($cfg['Servers'][$server]['pmadb'])) {
327 $message->isError(true);
328 }
329 $message->display();
330 } // end if
331 }
332
333 /**
334 * Show warning when javascript support is missing.
335 */
336 echo '<noscript>';
337 $message = PMA_Message::notice(__('Javascript support is missing or disabled in your browser, some phpMyAdmin functionality will be missing. For example navigation frame will not refresh automatically.'));
338 $message->isError(true);
339 $message->display();
340 echo '</noscript>';
341
342 /**
343 * Warning about different MySQL library and server version
344 * (a difference on the third digit does not count).
345 * If someday there is a constant that we can check about mysqlnd, we can use it instead
346 * of strpos().
347 * If no default server is set, PMA_DBI_get_client_info() is not defined yet.
348 */
349 if (function_exists('PMA_DBI_get_client_info')) {
350 $_client_info = PMA_DBI_get_client_info();
351 if ($server > 0 && strpos($_client_info, 'mysqlnd') === false && substr(PMA_MYSQL_CLIENT_API, 0, 3) != substr(PMA_MYSQL_INT_VERSION, 0, 3)) {
352 trigger_error(PMA_sanitize(sprintf(__('Your PHP MySQL library version %s differs from your MySQL server version %s. This may cause unpredictable behavior.'),
353 $_client_info,
354 substr(PMA_MYSQL_STR_VERSION, 0, strpos(PMA_MYSQL_STR_VERSION . '-', '-')))),
355 E_USER_NOTICE);
356 }
357 unset($_client_info);
358 }
359
360 /**
361 * Warning about Suhosin
362 */
363 if ($cfg['SuhosinDisableWarning'] == false && @ini_get('suhosin.request.max_value_length')) {
364 trigger_error(PMA_sanitize(sprintf(__('Server running with Suhosin. Please refer to %sdocumentation%s for possible issues.'), '[a@./Documentation.html#faq1_38@_blank]', '[/a]')), E_USER_WARNING);
365 }
366
367 /**
368 * prints list item for main page
369 *
370 * @param string $name displayed text
371 * @param string $id id, used for css styles
372 * @param string $url make item as link with $url as target
373 * @param string $mysql_help_page display a link to MySQL's manual
374 * @param string $target special target for $url
375 */
376 function PMA_printListItem($name, $id = null, $url = null, $mysql_help_page = null, $target = null)
377 {
378 echo '<li id="' . $id . '">';
379 if (null !== $url) {
380 echo '<a href="' . $url . '"';
381 if (null !== $target) {
382 echo ' target="' . $target . '"';
383 }
384 echo '>';
385 }
386
387 echo $name;
388
389 if (null !== $url) {
390 echo '</a>' . "\n";
391 }
392 if (null !== $mysql_help_page) {
393 echo PMA_showMySQLDocu('', $mysql_help_page);
394 }
395 echo '</li>';
396 }
397
398 /**
399 * Displays the footer
400 */
401 require './libraries/footer.inc.php';
402 ?>
phpMyAdmin