2 /* vim: set expandtab sw=4 ts=4 sts=4: */
4 * Misc stuff and REQUIRED by ALL the scripts.
5 * MUST be included by every script
7 * Among other things, it contains the advanced authentication work.
9 * Order of sections for common.inc.php:
11 * the authentication libraries must be before the connection to db
13 * ... so the required order is:
15 * LABEL_variables_init
16 * - initialize some variables always needed
17 * LABEL_parsing_config_file
18 * - parsing of the configuration file
19 * LABEL_loading_language_file
20 * - loading language file
22 * - check and setup configured servers
26 * - load of MySQL extension (if necessary)
27 * - loading of an authentication library
29 * - authentication work
35 * block attempts to directly run this script
37 if (getcwd() == dirname(__FILE__
)) {
38 die('Attack stopped');
42 * Minimum PHP version; can't call PMA_fatalError() which uses a
43 * PHP 5 function, so cannot easily localize this message.
45 if (version_compare(PHP_VERSION
, '5.3.0', 'lt')) {
46 die('PHP 5.3+ is required');
50 * for verification in all procedural scripts under libraries
52 define('PHPMYADMIN', true);
56 * String handling (security)
58 require_once './libraries/String.class.php';
59 $PMA_String = new PMA_String();
64 require './libraries/Error_Handler.class.php';
67 * initialize the error handler
69 $GLOBALS['error_handler'] = new PMA_Error_Handler();
72 * This setting was removed in PHP 5.4. But at this point PMA_PHP_INT_VERSION
73 * is not yet defined so we use another way to find out the PHP version.
75 if (version_compare(phpversion(), '5.4', 'lt')) {
77 * Avoid problems with magic_quotes_runtime
79 @ini_set
('magic_quotes_runtime', 'false');
85 require './libraries/core.lib.php';
90 require './libraries/sanitizing.lib.php';
93 * Warning about mbstring.
95 if (! function_exists('mb_detect_encoding')) {
96 PMA_warnMissingExtension('mbstring', $fatal = true);
100 * the PMA_Theme class
102 require './libraries/Theme.class.php';
105 * the PMA_Theme_Manager class
107 require './libraries/Theme_Manager.class.php';
110 * the PMA_Config class
112 require './libraries/Config.class.php';
115 * the relation lib, tracker needs it
117 require './libraries/relation.lib.php';
120 * the PMA_Tracker class
122 require './libraries/Tracker.class.php';
125 * the PMA_Table class
127 require './libraries/Table.class.php';
130 * the PMA_Types class
132 require './libraries/Types.class.php';
134 if (! defined('PMA_MINIMUM_COMMON')) {
138 include_once './libraries/Util.class.php';
141 * JavaScript escaping.
143 include_once './libraries/js_escape.lib.php';
146 * Include URL/hidden inputs generating.
148 include_once './libraries/url_generating.lib.php';
151 * Used to generate the page
153 include_once 'libraries/Response.class.php';
156 /******************************************************************************/
157 /* start procedural code label_start_procedural */
160 * PATH_INFO could be compromised if set, so remove it from PHP_SELF
161 * and provide a clean PHP_SELF here
163 $PMA_PHP_SELF = PMA_getenv('PHP_SELF');
164 $_PATH_INFO = PMA_getenv('PATH_INFO');
165 if (! empty($_PATH_INFO) && ! empty($PMA_PHP_SELF)) {
166 $path_info_pos = /*overload*/mb_strrpos($PMA_PHP_SELF, $_PATH_INFO);
167 $pathLength = $path_info_pos +
/*overload*/mb_strlen($_PATH_INFO);
168 if ($pathLength === /*overload*/mb_strlen($PMA_PHP_SELF)) {
169 $PMA_PHP_SELF = /*overload*/mb_substr($PMA_PHP_SELF, 0, $path_info_pos);
172 $PMA_PHP_SELF = htmlspecialchars($PMA_PHP_SELF);
176 * just to be sure there was no import (registering) before here
177 * we empty the global space (but avoid unsetting $variables_list
178 * and $key in the foreach (), we still need them!)
180 $variables_whitelist = array (
192 'variables_whitelist',
197 foreach (get_defined_vars() as $key => $value) {
198 if (! in_array($key, $variables_whitelist)) {
202 unset($key, $value, $variables_whitelist);
206 * Subforms - some functions need to be called by form, cause of the limited URL
207 * length, but if this functions inside another form you cannot just open a new
208 * form - so phpMyAdmin uses 'arrays' inside this form
212 * ... main form elements ...
213 * <input type="hidden" name="subform[action1][id]" value="1" />
214 * ... other subform data ...
215 * <input type="submit" name="usesubform[action1]" value="do action1" />
216 * ... other subforms ...
217 * <input type="hidden" name="subform[actionX][id]" value="X" />
218 * ... other subform data ...
219 * <input type="submit" name="usesubform[actionX]" value="do actionX" />
220 * ... main form elements ...
221 * <input type="submit" name="main_action" value="submit form" />
225 * so we now check if a subform is submitted
228 if (isset($_POST['usesubform'])) {
229 // if a subform is present and should be used
230 // the rest of the form is deprecated
231 $subform_id = key($_POST['usesubform']);
232 $subform = $_POST['subform'][$subform_id];
234 $_REQUEST = $subform;
236 * some subforms need another page than the main form, so we will just
237 * include this page at the end of this script - we use $__redirect to
240 if (isset($_POST['redirect'])
241 && $_POST['redirect'] != basename($PMA_PHP_SELF)
243 $__redirect = $_POST['redirect'];
244 unset($_POST['redirect']);
246 unset($subform_id, $subform);
248 // Note: here we overwrite $_REQUEST so that it does not contain cookies,
249 // because another application for the same domain could have set
250 // a cookie (with a compatible path) that overrides a variable
251 // we expect from GET or POST.
252 // We'll refer to cookies explicitly with the $_COOKIE syntax.
253 $_REQUEST = array_merge($_GET, $_POST);
255 // end check if a subform is submitted
258 * This setting was removed in PHP 5.4, but get_magic_quotes_gpc
259 * always returns False since then.
261 if (get_magic_quotes_gpc()) {
262 PMA_arrayWalkRecursive($_GET, 'stripslashes', true);
263 PMA_arrayWalkRecursive($_POST, 'stripslashes', true);
264 PMA_arrayWalkRecursive($_COOKIE, 'stripslashes', true);
265 PMA_arrayWalkRecursive($_REQUEST, 'stripslashes', true);
269 * check timezone setting
270 * this could produce an E_STRICT - but only once,
271 * if not done here it will produce E_STRICT on every date/time function
272 * (starting with PHP 5.3, this code can produce E_WARNING rather than
276 date_default_timezone_set(@date_default_timezone_get
());
278 /******************************************************************************/
279 /* parsing configuration file LABEL_parsing_config_file */
282 * We really need this one!
284 if (! function_exists('preg_replace')) {
285 PMA_warnMissingExtension('pcre', true);
289 * JSON is required in several places.
291 if (! function_exists('json_encode')) {
292 PMA_warnMissingExtension('json', true);
296 * @global PMA_Config $GLOBALS['PMA_Config']
297 * force reading of config file, because we removed sensitive values
298 * in the previous iteration
300 $GLOBALS['PMA_Config'] = new PMA_Config(CONFIG_FILE
);
302 if (!defined('PMA_MINIMUM_COMMON')) {
303 $GLOBALS['PMA_Config']->checkPmaAbsoluteUri();
307 * BC - enable backward compatibility
308 * exports all configuration settings into $GLOBALS ($GLOBALS['cfg'])
310 $GLOBALS['PMA_Config']->enableBc();
313 * clean cookies on upgrade
314 * when changing something related to PMA cookies, increment the cookie version
316 $pma_cookie_version = 4;
318 && (isset($_COOKIE['pmaCookieVer'])
319 && $_COOKIE['pmaCookieVer'] < $pma_cookie_version)
321 // delete all cookies
322 foreach ($_COOKIE as $cookie_name => $tmp) {
323 $GLOBALS['PMA_Config']->removeCookie($cookie_name);
326 $GLOBALS['PMA_Config']->setCookie('pmaCookieVer', $pma_cookie_version);
331 * check HTTPS connection
333 if ($GLOBALS['PMA_Config']->get('ForceSSL')
334 && ! $GLOBALS['PMA_Config']->detectHttps()
337 $url = $GLOBALS['PMA_Config']->getSSLUri();
339 PMA_sendHeaderLocation($url . PMA_URL_getCommon($_GET, 'text'));
340 // delete the current session, otherwise we get problems (see bug #2397877)
341 $GLOBALS['PMA_Config']->removeCookie($GLOBALS['session_name']);
347 * include session handling after the globals, to prevent overwriting
349 require './libraries/session.inc.php';
352 * init some variables LABEL_variables_init
356 * holds parameters to be passed to next page
357 * @global array $GLOBALS['url_params']
359 $GLOBALS['url_params'] = array();
362 * the whitelist for $GLOBALS['goto']
363 * @global array $goto_whitelist
365 $goto_whitelist = array(
366 //'browse_foreigners.php',
374 'db_importdocsql.php',
392 'server_collations.php',
393 'server_databases.php',
394 'server_engines.php',
397 'server_privileges.php',
400 'server_status_advisor.php',
401 'server_status_monitor.php',
402 'server_status_queries.php',
403 'server_status_variables.php',
404 'server_variables.php',
414 'tbl_operations.php',
418 'tbl_row_action.php',
420 'tbl_zoom_select.php',
422 'transformation_overview.php',
423 'transformation_wrapper.php',
428 * check $__redirect against whitelist
430 if (! PMA_checkPageValidity($__redirect, $goto_whitelist)) {
435 * holds page that should be displayed
436 * @global string $GLOBALS['goto']
438 $GLOBALS['goto'] = '';
439 // Security fix: disallow accessing serious server files via "?goto="
440 if (PMA_checkPageValidity($_REQUEST['goto'], $goto_whitelist)) {
441 $GLOBALS['goto'] = $_REQUEST['goto'];
442 $GLOBALS['url_params']['goto'] = $_REQUEST['goto'];
444 unset($_REQUEST['goto'], $_GET['goto'], $_POST['goto'], $_COOKIE['goto']);
449 * @global string $GLOBALS['back']
451 if (PMA_checkPageValidity($_REQUEST['back'], $goto_whitelist)) {
452 $GLOBALS['back'] = $_REQUEST['back'];
454 unset($_REQUEST['back'], $_GET['back'], $_POST['back'], $_COOKIE['back']);
458 * Check whether user supplied token is valid, if not remove any possibly
459 * dangerous stuff from request.
461 * remember that some objects in the session with session_start and __wakeup()
462 * could access this variables before we reach this point
463 * f.e. PMA_Config: fontsize
465 * @todo variables should be handled by their respective owners (objects)
466 * f.e. lang, server, collation_connection in PMA_Config
468 $token_mismatch = true;
469 $token_provided = false;
470 if (PMA_isValid($_REQUEST['token'])) {
471 $token_provided = true;
472 $token_mismatch = ($_SESSION[' PMA_token '] != $_REQUEST['token']);
475 if ($token_mismatch) {
477 * List of parameters which are allowed from unsafe source
480 /* needed for direct access, see FAQ 1.34
481 * also, server needed for cookie login screen (multi-server)
483 'server', 'db', 'table', 'target', 'lang',
486 /* Cookie preferences */
487 'pma_lang', 'pma_collation_connection',
488 /* Possible login form */
489 'pma_servername', 'pma_username', 'pma_password',
490 'g-recaptcha-response',
491 /* Needed to send the correct reply */
493 /* Permit to log out even if there is a token mismatch */
495 /* Permit redirection with token-mismatch in url.php */
497 /* Permit session expiry flag */
500 'scripts', 'call_done'
503 * Allow changing themes in test/theme.php
505 if (defined('PMA_TEST_THEME')) {
506 $allow_list[] = 'set_theme';
509 * Require cleanup functions
511 include './libraries/cleanup.lib.php';
515 PMA_removeRequestVars($allow_list);
521 * current selected database
522 * @global string $GLOBALS['db']
524 PMA_setGlobalDbOrTable('db');
527 * current selected table
528 * @global string $GLOBALS['table']
530 PMA_setGlobalDbOrTable('table');
533 * Store currently selected recent table.
534 * Affect $GLOBALS['db'] and $GLOBALS['table']
536 if (PMA_isValid($_REQUEST['selected_recent_table'])) {
537 $recent_table = json_decode($_REQUEST['selected_recent_table'], true);
538 $GLOBALS['db'] = $recent_table['db'];
539 $GLOBALS['url_params']['db'] = $GLOBALS['db'];
540 $GLOBALS['table'] = $recent_table['table'];
541 $GLOBALS['url_params']['table'] = $GLOBALS['table'];
545 * SQL query to be executed
546 * @global string $GLOBALS['sql_query']
548 $GLOBALS['sql_query'] = '';
549 if (PMA_isValid($_REQUEST['sql_query'])) {
550 $GLOBALS['sql_query'] = $_REQUEST['sql_query'];
553 //$_REQUEST['set_theme'] // checked later in this file LABEL_theme_setup
554 //$_REQUEST['server']; // checked later in this file
555 //$_REQUEST['lang']; // checked by LABEL_loading_language_file
557 /******************************************************************************/
558 /* loading language file LABEL_loading_language_file */
561 * lang detection is done here
563 require './libraries/select_lang.lib.php';
565 // Defines the cell alignment values depending on text direction
566 if ($GLOBALS['text_dir'] == 'ltr') {
567 $GLOBALS['cell_align_left'] = 'left';
568 $GLOBALS['cell_align_right'] = 'right';
570 $GLOBALS['cell_align_left'] = 'right';
571 $GLOBALS['cell_align_right'] = 'left';
575 * check for errors occurred while loading configuration
576 * this check is done here after loading language files to present errors in locale
578 $GLOBALS['PMA_Config']->checkPermissions();
580 if ($GLOBALS['PMA_Config']->error_config_file
) {
581 $error = '[strong]' . __('Failed to read configuration file!') . '[/strong]'
583 . __('This usually means there is a syntax error in it, please check any errors shown below.')
586 trigger_error($error, E_USER_ERROR
);
588 if ($GLOBALS['PMA_Config']->error_config_default_file
) {
590 __('Could not load default configuration from: %1$s'),
591 $GLOBALS['PMA_Config']->default_source
593 trigger_error($error, E_USER_ERROR
);
595 if ($GLOBALS['PMA_Config']->error_pma_uri
) {
598 'The [code]$cfg[\'PmaAbsoluteUri\'][/code]'
599 . ' directive MUST be set in your configuration file!'
606 /******************************************************************************/
607 /* setup servers LABEL_setup_servers */
611 * @global integer $GLOBALS['server']
613 $GLOBALS['server'] = 0;
616 * Servers array fixups.
617 * $default_server comes from PMA_Config::enableBc()
618 * @todo merge into PMA_Config
620 // Do we have some server?
621 if (! isset($cfg['Servers']) ||
count($cfg['Servers']) == 0) {
622 // No server => create one with defaults
623 $cfg['Servers'] = array(1 => $default_server);
625 // We have server(s) => apply default configuration
626 $new_servers = array();
628 foreach ($cfg['Servers'] as $server_index => $each_server) {
630 // Detect wrong configuration
631 if (!is_int($server_index) ||
$server_index < 1) {
633 sprintf(__('Invalid server index: %s'), $server_index),
638 $each_server = array_merge($default_server, $each_server);
640 // Don't use servers with no hostname
641 if ($each_server['connect_type'] == 'tcp' && empty($each_server['host'])) {
644 __('Invalid hostname for server %1$s. Please review your configuration.'),
651 // Final solution to bug #582890
652 // If we are using a socket connection
653 // and there is nothing in the verbose server name
654 // or the host field, then generate a name for the server
655 // in the form of "Server 2", localized of course!
656 if ($each_server['connect_type'] == 'socket'
657 && empty($each_server['host'])
658 && empty($each_server['verbose'])
660 $each_server['verbose'] = sprintf(__('Server %d'), $server_index);
663 $new_servers[$server_index] = $each_server;
665 $cfg['Servers'] = $new_servers;
666 unset($new_servers, $server_index, $each_server);
670 unset($default_server);
673 /******************************************************************************/
674 /* setup themes LABEL_theme_setup */
677 * @global PMA_Theme_Manager $_SESSION['PMA_Theme_Manager']
679 if (! isset($_SESSION['PMA_Theme_Manager'])) {
680 $_SESSION['PMA_Theme_Manager'] = new PMA_Theme_Manager
;
683 * @todo move all __wakeup() functionality into session.inc.php
685 $_SESSION['PMA_Theme_Manager']->checkConfig();
688 // for the theme per server feature
689 if (isset($_REQUEST['server']) && ! isset($_REQUEST['set_theme'])) {
690 $GLOBALS['server'] = $_REQUEST['server'];
691 $tmp = $_SESSION['PMA_Theme_Manager']->getThemeCookie();
693 $tmp = $_SESSION['PMA_Theme_Manager']->theme_default
;
695 $_SESSION['PMA_Theme_Manager']->setActiveTheme($tmp);
699 * @todo move into PMA_Theme_Manager::__wakeup()
701 if (isset($_REQUEST['set_theme'])) {
702 // if user selected a theme
703 $_SESSION['PMA_Theme_Manager']->setActiveTheme($_REQUEST['set_theme']);
708 * @global PMA_Theme $_SESSION['PMA_Theme']
710 $_SESSION['PMA_Theme'] = $_SESSION['PMA_Theme_Manager']->theme
;
715 * @global string $GLOBALS['theme']
717 $GLOBALS['theme'] = $_SESSION['PMA_Theme']->getName();
720 * @global string $GLOBALS['pmaThemePath']
722 $GLOBALS['pmaThemePath'] = $_SESSION['PMA_Theme']->getPath();
724 * the theme image path
725 * @global string $GLOBALS['pmaThemeImage']
727 $GLOBALS['pmaThemeImage'] = $_SESSION['PMA_Theme']->getImgPath();
730 * load layout file if exists
732 if (@file_exists
($_SESSION['PMA_Theme']->getLayoutFile())) {
733 include $_SESSION['PMA_Theme']->getLayoutFile();
736 if (! defined('PMA_MINIMUM_COMMON')) {
738 * Character set conversion.
740 include_once './libraries/charset_conversion.lib.php';
743 * Lookup server by name
746 if (! empty($_REQUEST['server'])
747 && is_string($_REQUEST['server'])
748 && ! is_numeric($_REQUEST['server'])
750 foreach ($cfg['Servers'] as $i => $server) {
751 $verboseToLower = /*overload*/mb_strtolower($server['verbose']);
752 $serverToLower = /*overload*/mb_strtolower($_REQUEST['server']);
753 if ($server['host'] == $_REQUEST['server']
754 ||
$server['verbose'] == $_REQUEST['server']
755 ||
$verboseToLower == $serverToLower
756 ||
md5($verboseToLower) == $serverToLower
758 $_REQUEST['server'] = $i;
762 if (is_string($_REQUEST['server'])) {
763 unset($_REQUEST['server']);
769 * If no server is selected, make sure that $cfg['Server'] is empty (so
770 * that nothing will work), and skip server authentication.
771 * We do NOT exit here, but continue on without logging into any server.
772 * This way, the welcome page will still come up (with no server info) and
773 * present a choice of servers in the case that there are multiple servers
774 * and '$cfg['ServerDefault'] = 0' is set.
777 if (isset($_REQUEST['server'])
778 && (is_string($_REQUEST['server']) ||
is_numeric($_REQUEST['server']))
779 && ! empty($_REQUEST['server'])
780 && ! empty($cfg['Servers'][$_REQUEST['server']])
782 $GLOBALS['server'] = $_REQUEST['server'];
783 $cfg['Server'] = $cfg['Servers'][$GLOBALS['server']];
785 if (!empty($cfg['Servers'][$cfg['ServerDefault']])) {
786 $GLOBALS['server'] = $cfg['ServerDefault'];
787 $cfg['Server'] = $cfg['Servers'][$GLOBALS['server']];
789 $GLOBALS['server'] = 0;
790 $cfg['Server'] = array();
793 $GLOBALS['url_params']['server'] = $GLOBALS['server'];
796 * Kanji encoding convert feature appended by Y.Kawada (2002/2/20)
798 if (function_exists('mb_convert_encoding')
801 include_once './libraries/kanji-encoding.lib.php';
805 * save some settings in cookies
806 * @todo should be done in PMA_Config
808 $GLOBALS['PMA_Config']->setCookie('pma_lang', $GLOBALS['lang']);
809 if (isset($GLOBALS['collation_connection'])) {
810 $GLOBALS['PMA_Config']->setCookie(
811 'pma_collation_connection',
812 $GLOBALS['collation_connection']
816 $_SESSION['PMA_Theme_Manager']->setThemeCookie();
818 if (! empty($cfg['Server'])) {
821 * Loads the proper database interface for this server
823 include_once './libraries/database_interface.inc.php';
825 include_once './libraries/logging.lib.php';
827 // get LoginCookieValidity from preferences cache
828 // no generic solution for loading preferences from cache as some settings
829 // need to be kept for processing in PMA_Config::loadUserPreferences()
830 $cache_key = 'server_' . $GLOBALS['server'];
831 if (isset($_SESSION['cache'][$cache_key]['userprefs']['LoginCookieValidity'])
834 = $_SESSION['cache'][$cache_key]['userprefs']['LoginCookieValidity'];
835 $GLOBALS['PMA_Config']->set('LoginCookieValidity', $value);
836 $GLOBALS['cfg']['LoginCookieValidity'] = $value;
841 // Gets the authentication library that fits the $cfg['Server'] settings
842 // and run authentication
844 // to allow HTTP or http
845 $cfg['Server']['auth_type']
846 = /*overload*/mb_strtolower($cfg['Server']['auth_type']);
849 * the required auth type plugin
851 $auth_class = "Authentication" . ucfirst($cfg['Server']['auth_type']);
853 './libraries/plugins/auth/'
854 . $auth_class . '.class.php'
857 __('Invalid authentication method set in configuration:')
858 . ' ' . $cfg['Server']['auth_type']
861 if (isset($_REQUEST['pma_password'])) {
862 $_REQUEST['pma_password'] = substr($_REQUEST['pma_password'], 0, 256);
864 include_once './libraries/plugins/auth/' . $auth_class . '.class.php';
865 // todo: add plugin manager
866 $plugin_manager = null;
867 $auth_plugin = new $auth_class($plugin_manager);
869 if (! $auth_plugin->authCheck()) {
870 /* Force generating of new session on login */
872 $auth_plugin->auth();
874 $auth_plugin->authSetUser();
877 // Check IP-based Allow/Deny rules as soon as possible to reject the
878 // user based on mod_access in Apache
879 if (isset($cfg['Server']['AllowDeny'])
880 && isset($cfg['Server']['AllowDeny']['order'])
884 * ip based access library
886 include_once './libraries/ip_allow_deny.lib.php';
888 $allowDeny_forbidden = false; // default
889 if ($cfg['Server']['AllowDeny']['order'] == 'allow,deny') {
890 $allowDeny_forbidden = true;
891 if (PMA_allowDeny('allow')) {
892 $allowDeny_forbidden = false;
894 if (PMA_allowDeny('deny')) {
895 $allowDeny_forbidden = true;
897 } elseif ($cfg['Server']['AllowDeny']['order'] == 'deny,allow') {
898 if (PMA_allowDeny('deny')) {
899 $allowDeny_forbidden = true;
901 if (PMA_allowDeny('allow')) {
902 $allowDeny_forbidden = false;
904 } elseif ($cfg['Server']['AllowDeny']['order'] == 'explicit') {
905 if (PMA_allowDeny('allow') && ! PMA_allowDeny('deny')) {
906 $allowDeny_forbidden = false;
908 $allowDeny_forbidden = true;
910 } // end if ... elseif ... elseif
912 // Ejects the user if banished
913 if ($allowDeny_forbidden) {
914 PMA_logUser($cfg['Server']['user'], 'allow-denied');
915 $auth_plugin->authFails();
920 if (! $cfg['Server']['AllowRoot'] && $cfg['Server']['user'] == 'root') {
921 $allowDeny_forbidden = true;
922 PMA_logUser($cfg['Server']['user'], 'root-denied');
923 $auth_plugin->authFails();
926 // is a login without password allowed?
927 if (! $cfg['Server']['AllowNoPassword']
928 && $cfg['Server']['password'] == ''
930 $login_without_password_is_forbidden = true;
931 PMA_logUser($cfg['Server']['user'], 'empty-denied');
932 $auth_plugin->authFails();
935 // if using TCP socket is not needed
936 if (/*overload*/mb_strtolower($cfg['Server']['connect_type']) == 'tcp') {
937 $cfg['Server']['socket'] = '';
940 // Try to connect MySQL with the control user profile (will be used to
941 // get the privileges list for the current user but the true user link
942 // must be open after this one so it would be default one for all the
944 $controllink = false;
945 if ($cfg['Server']['controluser'] != '') {
946 if (! empty($cfg['Server']['controlhost'])
947 ||
! empty($cfg['Server']['controlport'])
949 $server_details = array();
950 if (! empty($cfg['Server']['controlhost'])) {
951 $server_details['host'] = $cfg['Server']['controlhost'];
953 $server_details['host'] = $cfg['Server']['host'];
955 if (! empty($cfg['Server']['controlport'])) {
956 $server_details['port'] = $cfg['Server']['controlport'];
957 } elseif ($server_details['host'] == $cfg['Server']['host']) {
958 // Evaluates to true when controlhost == host
959 // or controlhost is not defined (hence it defaults to host)
960 // In such case we can use the value of port.
961 $server_details['port'] = $cfg['Server']['port'];
963 // otherwise we leave the $server_details['port'] unset,
964 // allowing it to take default mysql port
966 $controllink = $GLOBALS['dbi']->connect(
967 $cfg['Server']['controluser'],
968 $cfg['Server']['controlpass'],
973 $controllink = $GLOBALS['dbi']->connect(
974 $cfg['Server']['controluser'],
975 $cfg['Server']['controlpass'],
981 // Connects to the server (validates user's login)
982 $userlink = $GLOBALS['dbi']->connect(
983 $cfg['Server']['user'], $cfg['Server']['password'], false
986 // Set timestamp for the session, if required.
987 if ($cfg['Server']['SessionTimeZone'] != '') {
988 $sql_query_tz = 'SET ' . PMA_Util
::backquote('time_zone') . ' = '
989 . '\'' . PMA_Util
::sqlAddSlashes($cfg['Server']['SessionTimeZone']) . '\'';
991 if(! $userlink->query($sql_query_tz)) {
992 $error_message_tz = sprintf(__('Unable to use timezone %1$s for server %2$d. '
993 . 'Please check your configuration setting for '
994 . '[em]$cfg[\'Servers\'][%3$d][\'SessionTimeZone\'][/em]. '
995 . 'phpMyAdmin is currently using the default time zone of the database server.'),
996 $cfg['Servers'][$GLOBALS['server']]['SessionTimeZone'],
1001 $GLOBALS['error_handler']->addError(
1011 if (! $controllink) {
1012 $controllink = $userlink;
1015 $auth_plugin->storeUserCredentials();
1018 PMA_logUser($cfg['Server']['user']);
1020 if (PMA_MYSQL_INT_VERSION
< 50500) {
1022 __('You should upgrade to %s %s or later.'),
1023 array('MySQL', '5.5.0')
1028 * Type handling object.
1031 $GLOBALS['PMA_Types'] = new PMA_Types_Drizzle();
1033 $GLOBALS['PMA_Types'] = new PMA_Types_MySQL();
1037 // DisableIS must be set to false for Drizzle, it maps SHOW commands
1038 // to INFORMATION_SCHEMA queries anyway so it's fast on large servers
1039 $cfg['Server']['DisableIS'] = false;
1040 // SHOW OPEN TABLES is not supported by Drizzle
1041 $cfg['SkipLockedTables'] = false;
1047 include_once './libraries/sqlparser.lib.php';
1050 * the PMA_List_Database class
1052 include_once './libraries/PMA.php';
1054 $pma->userlink
= $userlink;
1055 $pma->controllink
= $controllink;
1058 * some resetting has to be done when switching servers
1060 if (isset($_SESSION['tmpval']['previous_server'])
1061 && $_SESSION['tmpval']['previous_server'] != $GLOBALS['server']
1063 unset($_SESSION['tmpval']['navi_limit_offset']);
1065 $_SESSION['tmpval']['previous_server'] = $GLOBALS['server'];
1067 } else { // end server connecting
1068 // No need to check for 'PMA_BYPASS_GET_INSTANCE' since this execution path
1069 // applies only to initial login
1070 $response = PMA_Response
::getInstance();
1071 $response->getHeader()->disableMenuAndConsole();
1072 $response->getFooter()->setMinimal();
1076 * check if profiling was requested and remember it
1077 * (note: when $cfg['ServerDefault'] = 0, constant is not defined)
1079 if (isset($_REQUEST['profiling'])
1080 && PMA_Util
::profilingSupported()
1082 $_SESSION['profiling'] = true;
1083 } elseif (isset($_REQUEST['profiling_form'])) {
1084 // the checkbox was unchecked
1085 unset($_SESSION['profiling']);
1088 // load user preferences
1089 $GLOBALS['PMA_Config']->loadUserPreferences();
1092 * Inclusion of profiling scripts is needed on various
1093 * pages like sql, tbl_sql, db_sql, tbl_select
1095 if (! defined('PMA_BYPASS_GET_INSTANCE')) {
1096 $response = PMA_Response
::getInstance();
1098 if (isset($_SESSION['profiling'])) {
1099 $header = $response->getHeader();
1100 $scripts = $header->getScripts();
1101 $scripts->addFile('jqplot/jquery.jqplot.js');
1102 $scripts->addFile('jqplot/plugins/jqplot.pieRenderer.js');
1103 $scripts->addFile('jqplot/plugins/jqplot.highlighter.js');
1104 $scripts->addFile('canvg/canvg.js');
1105 $scripts->addFile('jquery/jquery.tablesorter.js');
1109 * There is no point in even attempting to process
1110 * an ajax request if there is a token mismatch
1112 if (isset($response) && $response->isAjax() && $token_mismatch) {
1113 $response->isSuccess(false);
1116 PMA_Message
::error(__('Error: Token mismatch'))
1120 } else { // end if !defined('PMA_MINIMUM_COMMON')
1121 // load user preferences
1122 $GLOBALS['PMA_Config']->loadUserPreferences();
1125 // remove sensitive values from session
1126 $GLOBALS['PMA_Config']->set('blowfish_secret', '');
1127 $GLOBALS['PMA_Config']->set('Servers', '');
1128 $GLOBALS['PMA_Config']->set('default_server', '');
1130 /* Tell tracker that it can actually work */
1131 PMA_Tracker
::enable();
1134 * @global boolean $GLOBALS['is_ajax_request']
1135 * @todo should this be moved to the variables init section above?
1137 * Check if the current request is an AJAX request, and set is_ajax_request
1138 * accordingly. Suppress headers, footers and unnecessary output if set to
1141 if (isset($_REQUEST['ajax_request']) && $_REQUEST['ajax_request'] == true) {
1142 $GLOBALS['is_ajax_request'] = true;
1144 $GLOBALS['is_ajax_request'] = false;
1147 if (isset($_REQUEST['GLOBALS']) ||
isset($_FILES['GLOBALS'])) {
1148 PMA_fatalError(__("GLOBALS overwrite attempt"));
1152 * protect against possible exploits - there is no need to have so much variables
1154 if (count($_REQUEST) > 1000) {
1155 PMA_fatalError(__('possible exploit'));
1159 * Check for numeric keys
1160 * (if register_globals is on, numeric key can be found in $GLOBALS)
1162 foreach ($GLOBALS as $key => $dummy) {
1163 if (is_numeric($key)) {
1164 PMA_fatalError(__('numeric key detected'));
1169 // here, the function does not exist with this configuration:
1170 // $cfg['ServerDefault'] = 0;
1171 $GLOBALS['is_superuser']
1172 = isset($GLOBALS['dbi']) && $GLOBALS['dbi']->isSuperuser();
1174 if (!empty($__redirect) && in_array($__redirect, $goto_whitelist)) {
1176 * include subform target page
1178 include $__redirect;
1182 // If Zero configuration mode enabled, check PMA tables in current db.
1183 if (! defined('PMA_MINIMUM_COMMON')
1184 && ! empty($GLOBALS['server'])
1185 && isset($GLOBALS['cfg']['ZeroConf'])
1186 && $GLOBALS['cfg']['ZeroConf'] == true
1188 if (! empty($GLOBALS['db'])) {
1189 $cfgRelation = PMA_getRelationsParam();
1190 if (empty($cfgRelation['db'])) {
1191 PMA_fixPMATables($GLOBALS['db'], false);
1194 $cfgRelation = PMA_getRelationsParam();
1195 if (empty($cfgRelation['db'])) {
1196 foreach ($GLOBALS['pma']->databases
as $database) {
1197 if ($database == 'phpmyadmin') {
1198 PMA_fixPMATables($database, false);