search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Translated using Weblate (Hindi)
[phpmyadmin.git] / libraries / common.inc.php
blob8a96f8480a64c33d22e17478967aa310f2cf3477
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Misc stuff and REQUIRED by ALL the scripts.
5 * MUST be included by every script
6 *
7 * Among other things, it contains the advanced authentication work.
8 *
9 * Order of sections for common.inc.php:
10 *
11 * the authentication libraries must be before the connection to db
12 *
13 * ... so the required order is:
14 *
15 * LABEL_variables_init
16 * - initialize some variables always needed
17 * LABEL_parsing_config_file
18 * - parsing of the configuration file
19 * LABEL_loading_language_file
20 * - loading language file
21 * LABEL_setup_servers
22 * - check and setup configured servers
23 * LABEL_theme_setup
24 * - setting up themes
25 *
26 * - load of MySQL extension (if necessary)
27 * - loading of an authentication library
28 * - db connection
29 * - authentication work
30 *
31 * @package PhpMyAdmin
32 */
33
34 /**
35 * block attempts to directly run this script
36 */
37 if (getcwd() == dirname(__FILE__)) {
38 die('Attack stopped');
39 }
40
41 /**
42 * Minimum PHP version; can't call PMA_fatalError() which uses a
43 * PHP 5 function, so cannot easily localize this message.
44 */
45 if (version_compare(PHP_VERSION, '5.3.0', 'lt')) {
46 die('PHP 5.3+ is required');
47 }
48
49 /**
50 * for verification in all procedural scripts under libraries
51 */
52 define('PHPMYADMIN', true);
53
54
55 /**
56 * String handling (security)
57 */
58 require_once './libraries/String.class.php';
59 $PMA_String = new PMA_String();
60
61 /**
62 * the error handler
63 */
64 require './libraries/Error_Handler.class.php';
65
66 /**
67 * initialize the error handler
68 */
69 $GLOBALS['error_handler'] = new PMA_Error_Handler();
70
71 /**
72 * This setting was removed in PHP 5.4. But at this point PMA_PHP_INT_VERSION
73 * is not yet defined so we use another way to find out the PHP version.
74 */
75 if (version_compare(phpversion(), '5.4', 'lt')) {
76 /**
77 * Avoid problems with magic_quotes_runtime
78 */
79 @ini_set('magic_quotes_runtime', 'false');
80 }
81
82 /**
83 * core functions
84 */
85 require './libraries/core.lib.php';
86
87 /**
88 * Input sanitizing
89 */
90 require './libraries/sanitizing.lib.php';
91
92 /**
93 * Warning about mbstring.
94 */
95 if (! function_exists('mb_detect_encoding')) {
96 PMA_warnMissingExtension('mbstring', $fatal = true);
97 }
98
99 /**
100 * the PMA_Theme class
101 */
102 require './libraries/Theme.class.php';
103
104 /**
105 * the PMA_Theme_Manager class
106 */
107 require './libraries/Theme_Manager.class.php';
108
109 /**
110 * the PMA_Config class
111 */
112 require './libraries/Config.class.php';
113
114 /**
115 * the relation lib, tracker needs it
116 */
117 require './libraries/relation.lib.php';
118
119 /**
120 * the PMA_Tracker class
121 */
122 require './libraries/Tracker.class.php';
123
124 /**
125 * the PMA_Table class
126 */
127 require './libraries/Table.class.php';
128
129 /**
130 * the PMA_Types class
131 */
132 require './libraries/Types.class.php';
133
134 if (! defined('PMA_MINIMUM_COMMON')) {
135 /**
136 * common functions
137 */
138 include_once './libraries/Util.class.php';
139
140 /**
141 * JavaScript escaping.
142 */
143 include_once './libraries/js_escape.lib.php';
144
145 /**
146 * Include URL/hidden inputs generating.
147 */
148 include_once './libraries/url_generating.lib.php';
149
150 /**
151 * Used to generate the page
152 */
153 include_once 'libraries/Response.class.php';
154 }
155
156 /******************************************************************************/
157 /* start procedural code label_start_procedural */
158
159 /**
160 * PATH_INFO could be compromised if set, so remove it from PHP_SELF
161 * and provide a clean PHP_SELF here
162 */
163 $PMA_PHP_SELF = PMA_getenv('PHP_SELF');
164 $_PATH_INFO = PMA_getenv('PATH_INFO');
165 if (! empty($_PATH_INFO) && ! empty($PMA_PHP_SELF)) {
166 $path_info_pos = /*overload*/mb_strrpos($PMA_PHP_SELF, $_PATH_INFO);
167 $pathLength = $path_info_pos + /*overload*/mb_strlen($_PATH_INFO);
168 if ($pathLength === /*overload*/mb_strlen($PMA_PHP_SELF)) {
169 $PMA_PHP_SELF = /*overload*/mb_substr($PMA_PHP_SELF, 0, $path_info_pos);
170 }
171 }
172 $PMA_PHP_SELF = htmlspecialchars($PMA_PHP_SELF);
173
174
175 /**
176 * just to be sure there was no import (registering) before here
177 * we empty the global space (but avoid unsetting $variables_list
178 * and $key in the foreach (), we still need them!)
179 */
180 $variables_whitelist = array (
181 'GLOBALS',
182 '_SERVER',
183 '_GET',
184 '_POST',
185 '_REQUEST',
186 '_FILES',
187 '_ENV',
188 '_COOKIE',
189 '_SESSION',
190 'error_handler',
191 'PMA_PHP_SELF',
192 'variables_whitelist',
193 'key',
194 'PMA_String'
195 );
196
197 foreach (get_defined_vars() as $key => $value) {
198 if (! in_array($key, $variables_whitelist)) {
199 unset($$key);
200 }
201 }
202 unset($key, $value, $variables_whitelist);
203
204
205 /**
206 * Subforms - some functions need to be called by form, cause of the limited URL
207 * length, but if this functions inside another form you cannot just open a new
208 * form - so phpMyAdmin uses 'arrays' inside this form
209 *
210 * <code>
211 * <form ...>
212 * ... main form elements ...
213 * <input type="hidden" name="subform[action1][id]" value="1" />
214 * ... other subform data ...
215 * <input type="submit" name="usesubform[action1]" value="do action1" />
216 * ... other subforms ...
217 * <input type="hidden" name="subform[actionX][id]" value="X" />
218 * ... other subform data ...
219 * <input type="submit" name="usesubform[actionX]" value="do actionX" />
220 * ... main form elements ...
221 * <input type="submit" name="main_action" value="submit form" />
222 * </form>
223 * </code>
224 *
225 * so we now check if a subform is submitted
226 */
227 $__redirect = null;
228 if (isset($_POST['usesubform'])) {
229 // if a subform is present and should be used
230 // the rest of the form is deprecated
231 $subform_id = key($_POST['usesubform']);
232 $subform = $_POST['subform'][$subform_id];
233 $_POST = $subform;
234 $_REQUEST = $subform;
235 /**
236 * some subforms need another page than the main form, so we will just
237 * include this page at the end of this script - we use $__redirect to
238 * track this
239 */
240 if (isset($_POST['redirect'])
241 && $_POST['redirect'] != basename($PMA_PHP_SELF)
242 ) {
243 $__redirect = $_POST['redirect'];
244 unset($_POST['redirect']);
245 }
246 unset($subform_id, $subform);
247 } else {
248 // Note: here we overwrite $_REQUEST so that it does not contain cookies,
249 // because another application for the same domain could have set
250 // a cookie (with a compatible path) that overrides a variable
251 // we expect from GET or POST.
252 // We'll refer to cookies explicitly with the $_COOKIE syntax.
253 $_REQUEST = array_merge($_GET, $_POST);
254 }
255 // end check if a subform is submitted
256
257 /**
258 * This setting was removed in PHP 5.4, but get_magic_quotes_gpc
259 * always returns False since then.
260 */
261 if (get_magic_quotes_gpc()) {
262 PMA_arrayWalkRecursive($_GET, 'stripslashes', true);
263 PMA_arrayWalkRecursive($_POST, 'stripslashes', true);
264 PMA_arrayWalkRecursive($_COOKIE, 'stripslashes', true);
265 PMA_arrayWalkRecursive($_REQUEST, 'stripslashes', true);
266 }
267
268 /**
269 * check timezone setting
270 * this could produce an E_STRICT - but only once,
271 * if not done here it will produce E_STRICT on every date/time function
272 * (starting with PHP 5.3, this code can produce E_WARNING rather than
273 * E_STRICT)
274 *
275 */
276 date_default_timezone_set(@date_default_timezone_get());
277
278 /******************************************************************************/
279 /* parsing configuration file LABEL_parsing_config_file */
280
281 /**
282 * We really need this one!
283 */
284 if (! function_exists('preg_replace')) {
285 PMA_warnMissingExtension('pcre', true);
286 }
287
288 /**
289 * JSON is required in several places.
290 */
291 if (! function_exists('json_encode')) {
292 PMA_warnMissingExtension('json', true);
293 }
294
295 /**
296 * @global PMA_Config $GLOBALS['PMA_Config']
297 * force reading of config file, because we removed sensitive values
298 * in the previous iteration
299 */
300 $GLOBALS['PMA_Config'] = new PMA_Config(CONFIG_FILE);
301
302 if (!defined('PMA_MINIMUM_COMMON')) {
303 $GLOBALS['PMA_Config']->checkPmaAbsoluteUri();
304 }
305
306 /**
307 * BC - enable backward compatibility
308 * exports all configuration settings into $GLOBALS ($GLOBALS['cfg'])
309 */
310 $GLOBALS['PMA_Config']->enableBc();
311
312 /**
313 * clean cookies on upgrade
314 * when changing something related to PMA cookies, increment the cookie version
315 */
316 $pma_cookie_version = 4;
317 if (isset($_COOKIE)
318 && (isset($_COOKIE['pmaCookieVer'])
319 && $_COOKIE['pmaCookieVer'] < $pma_cookie_version)
320 ) {
321 // delete all cookies
322 foreach ($_COOKIE as $cookie_name => $tmp) {
323 $GLOBALS['PMA_Config']->removeCookie($cookie_name);
324 }
325 $_COOKIE = array();
326 $GLOBALS['PMA_Config']->setCookie('pmaCookieVer', $pma_cookie_version);
327 }
328
329
330 /**
331 * check HTTPS connection
332 */
333 if ($GLOBALS['PMA_Config']->get('ForceSSL')
334 && ! $GLOBALS['PMA_Config']->detectHttps()
335 ) {
336 // grab SSL URL
337 $url = $GLOBALS['PMA_Config']->getSSLUri();
338 // Actually redirect
339 PMA_sendHeaderLocation($url . PMA_URL_getCommon($_GET, 'text'));
340 // delete the current session, otherwise we get problems (see bug #2397877)
341 $GLOBALS['PMA_Config']->removeCookie($GLOBALS['session_name']);
342 exit;
343 }
344
345
346 /**
347 * include session handling after the globals, to prevent overwriting
348 */
349 require './libraries/session.inc.php';
350
351 /**
352 * init some variables LABEL_variables_init
353 */
354
355 /**
356 * holds parameters to be passed to next page
357 * @global array $GLOBALS['url_params']
358 */
359 $GLOBALS['url_params'] = array();
360
361 /**
362 * the whitelist for $GLOBALS['goto']
363 * @global array $goto_whitelist
364 */
365 $goto_whitelist = array(
366 //'browse_foreigners.php',
367 //'changelog.php',
368 //'chk_rel.php',
369 'db_create.php',
370 'db_datadict.php',
371 'db_sql.php',
372 'db_events.php',
373 'db_export.php',
374 'db_importdocsql.php',
375 'db_qbe.php',
376 'db_structure.php',
377 'db_import.php',
378 'db_operations.php',
379 'db_printview.php',
380 'db_search.php',
381 'db_routines.php',
382 'export.php',
383 'import.php',
384 //'index.php',
385 //'navigation.php',
386 //'license.php',
387 'index.php',
388 'pdf_pages.php',
389 'pdf_schema.php',
390 //'phpinfo.php',
391 'server_binlog.php',
392 'server_collations.php',
393 'server_databases.php',
394 'server_engines.php',
395 'server_export.php',
396 'server_import.php',
397 'server_privileges.php',
398 'server_sql.php',
399 'server_status.php',
400 'server_status_advisor.php',
401 'server_status_monitor.php',
402 'server_status_queries.php',
403 'server_status_variables.php',
404 'server_variables.php',
405 'sql.php',
406 'tbl_addfield.php',
407 'tbl_change.php',
408 'tbl_create.php',
409 'tbl_import.php',
410 'tbl_indexes.php',
411 'tbl_printview.php',
412 'tbl_sql.php',
413 'tbl_export.php',
414 'tbl_operations.php',
415 'tbl_structure.php',
416 'tbl_relation.php',
417 'tbl_replace.php',
418 'tbl_row_action.php',
419 'tbl_select.php',
420 'tbl_zoom_select.php',
421 //'themes.php',
422 'transformation_overview.php',
423 'transformation_wrapper.php',
424 'user_password.php',
425 );
426
427 /**
428 * check $__redirect against whitelist
429 */
430 if (! PMA_checkPageValidity($__redirect, $goto_whitelist)) {
431 $__redirect = null;
432 }
433
434 /**
435 * holds page that should be displayed
436 * @global string $GLOBALS['goto']
437 */
438 $GLOBALS['goto'] = '';
439 // Security fix: disallow accessing serious server files via "?goto="
440 if (PMA_checkPageValidity($_REQUEST['goto'], $goto_whitelist)) {
441 $GLOBALS['goto'] = $_REQUEST['goto'];
442 $GLOBALS['url_params']['goto'] = $_REQUEST['goto'];
443 } else {
444 unset($_REQUEST['goto'], $_GET['goto'], $_POST['goto'], $_COOKIE['goto']);
445 }
446
447 /**
448 * returning page
449 * @global string $GLOBALS['back']
450 */
451 if (PMA_checkPageValidity($_REQUEST['back'], $goto_whitelist)) {
452 $GLOBALS['back'] = $_REQUEST['back'];
453 } else {
454 unset($_REQUEST['back'], $_GET['back'], $_POST['back'], $_COOKIE['back']);
455 }
456
457 /**
458 * Check whether user supplied token is valid, if not remove any possibly
459 * dangerous stuff from request.
460 *
461 * remember that some objects in the session with session_start and __wakeup()
462 * could access this variables before we reach this point
463 * f.e. PMA_Config: fontsize
464 *
465 * @todo variables should be handled by their respective owners (objects)
466 * f.e. lang, server, collation_connection in PMA_Config
467 */
468 $token_mismatch = true;
469 $token_provided = false;
470 if (PMA_isValid($_REQUEST['token'])) {
471 $token_provided = true;
472 $token_mismatch = ($_SESSION[' PMA_token '] != $_REQUEST['token']);
473 }
474
475 if ($token_mismatch) {
476 /**
477 * List of parameters which are allowed from unsafe source
478 */
479 $allow_list = array(
480 /* needed for direct access, see FAQ 1.34
481 * also, server needed for cookie login screen (multi-server)
482 */
483 'server', 'db', 'table', 'target', 'lang',
484 /* Session ID */
485 'phpMyAdmin',
486 /* Cookie preferences */
487 'pma_lang', 'pma_collation_connection',
488 /* Possible login form */
489 'pma_servername', 'pma_username', 'pma_password',
490 'g-recaptcha-response',
491 /* Needed to send the correct reply */
492 'ajax_request',
493 /* Permit to log out even if there is a token mismatch */
494 'old_usr',
495 /* Permit redirection with token-mismatch in url.php */
496 'url',
497 /* Permit session expiry flag */
498 'session_expired',
499 /* JS loading */
500 'scripts', 'call_done'
501 );
502 /**
503 * Allow changing themes in test/theme.php
504 */
505 if (defined('PMA_TEST_THEME')) {
506 $allow_list[] = 'set_theme';
507 }
508 /**
509 * Require cleanup functions
510 */
511 include './libraries/cleanup.lib.php';
512 /**
513 * Do actual cleanup
514 */
515 PMA_removeRequestVars($allow_list);
516
517 }
518
519
520 /**
521 * current selected database
522 * @global string $GLOBALS['db']
523 */
524 PMA_setGlobalDbOrTable('db');
525
526 /**
527 * current selected table
528 * @global string $GLOBALS['table']
529 */
530 PMA_setGlobalDbOrTable('table');
531
532 /**
533 * Store currently selected recent table.
534 * Affect $GLOBALS['db'] and $GLOBALS['table']
535 */
536 if (PMA_isValid($_REQUEST['selected_recent_table'])) {
537 $recent_table = json_decode($_REQUEST['selected_recent_table'], true);
538 $GLOBALS['db'] = $recent_table['db'];
539 $GLOBALS['url_params']['db'] = $GLOBALS['db'];
540 $GLOBALS['table'] = $recent_table['table'];
541 $GLOBALS['url_params']['table'] = $GLOBALS['table'];
542 }
543
544 /**
545 * SQL query to be executed
546 * @global string $GLOBALS['sql_query']
547 */
548 $GLOBALS['sql_query'] = '';
549 if (PMA_isValid($_REQUEST['sql_query'])) {
550 $GLOBALS['sql_query'] = $_REQUEST['sql_query'];
551 }
552
553 //$_REQUEST['set_theme'] // checked later in this file LABEL_theme_setup
554 //$_REQUEST['server']; // checked later in this file
555 //$_REQUEST['lang']; // checked by LABEL_loading_language_file
556
557 /******************************************************************************/
558 /* loading language file LABEL_loading_language_file */
559
560 /**
561 * lang detection is done here
562 */
563 require './libraries/select_lang.lib.php';
564
565 // Defines the cell alignment values depending on text direction
566 if ($GLOBALS['text_dir'] == 'ltr') {
567 $GLOBALS['cell_align_left'] = 'left';
568 $GLOBALS['cell_align_right'] = 'right';
569 } else {
570 $GLOBALS['cell_align_left'] = 'right';
571 $GLOBALS['cell_align_right'] = 'left';
572 }
573
574 /**
575 * check for errors occurred while loading configuration
576 * this check is done here after loading language files to present errors in locale
577 */
578 $GLOBALS['PMA_Config']->checkPermissions();
579
580 if ($GLOBALS['PMA_Config']->error_config_file) {
581 $error = '[strong]' . __('Failed to read configuration file!') . '[/strong]'
582 . '[br][br]'
583 . __('This usually means there is a syntax error in it, please check any errors shown below.')
584 . '[br][br]'
585 . '[conferr]';
586 trigger_error($error, E_USER_ERROR);
587 }
588 if ($GLOBALS['PMA_Config']->error_config_default_file) {
589 $error = sprintf(
590 __('Could not load default configuration from: %1$s'),
591 $GLOBALS['PMA_Config']->default_source
592 );
593 trigger_error($error, E_USER_ERROR);
594 }
595 if ($GLOBALS['PMA_Config']->error_pma_uri) {
596 trigger_error(
597 __(
598 'The [code]$cfg[\'PmaAbsoluteUri\'][/code]'
599 . ' directive MUST be set in your configuration file!'
600 ),
601 E_USER_ERROR
602 );
603 }
604
605
606 /******************************************************************************/
607 /* setup servers LABEL_setup_servers */
608
609 /**
610 * current server
611 * @global integer $GLOBALS['server']
612 */
613 $GLOBALS['server'] = 0;
614
615 /**
616 * Servers array fixups.
617 * $default_server comes from PMA_Config::enableBc()
618 * @todo merge into PMA_Config
619 */
620 // Do we have some server?
621 if (! isset($cfg['Servers']) || count($cfg['Servers']) == 0) {
622 // No server => create one with defaults
623 $cfg['Servers'] = array(1 => $default_server);
624 } else {
625 // We have server(s) => apply default configuration
626 $new_servers = array();
627
628 foreach ($cfg['Servers'] as $server_index => $each_server) {
629
630 // Detect wrong configuration
631 if (!is_int($server_index) || $server_index < 1) {
632 trigger_error(
633 sprintf(__('Invalid server index: %s'), $server_index),
634 E_USER_ERROR
635 );
636 }
637
638 $each_server = array_merge($default_server, $each_server);
639
640 // Don't use servers with no hostname
641 if ($each_server['connect_type'] == 'tcp' && empty($each_server['host'])) {
642 trigger_error(
643 sprintf(
644 __('Invalid hostname for server %1$s. Please review your configuration.'),
645 $server_index
646 ),
647 E_USER_ERROR
648 );
649 }
650
651 // Final solution to bug #582890
652 // If we are using a socket connection
653 // and there is nothing in the verbose server name
654 // or the host field, then generate a name for the server
655 // in the form of "Server 2", localized of course!
656 if ($each_server['connect_type'] == 'socket'
657 && empty($each_server['host'])
658 && empty($each_server['verbose'])
659 ) {
660 $each_server['verbose'] = sprintf(__('Server %d'), $server_index);
661 }
662
663 $new_servers[$server_index] = $each_server;
664 }
665 $cfg['Servers'] = $new_servers;
666 unset($new_servers, $server_index, $each_server);
667 }
668
669 // Cleanup
670 unset($default_server);
671
672
673 /******************************************************************************/
674 /* setup themes LABEL_theme_setup */
675
676 /**
677 * @global PMA_Theme_Manager $_SESSION['PMA_Theme_Manager']
678 */
679 if (! isset($_SESSION['PMA_Theme_Manager'])) {
680 $_SESSION['PMA_Theme_Manager'] = new PMA_Theme_Manager;
681 } else {
682 /**
683 * @todo move all __wakeup() functionality into session.inc.php
684 */
685 $_SESSION['PMA_Theme_Manager']->checkConfig();
686 }
687
688 // for the theme per server feature
689 if (isset($_REQUEST['server']) && ! isset($_REQUEST['set_theme'])) {
690 $GLOBALS['server'] = $_REQUEST['server'];
691 $tmp = $_SESSION['PMA_Theme_Manager']->getThemeCookie();
692 if (empty($tmp)) {
693 $tmp = $_SESSION['PMA_Theme_Manager']->theme_default;
694 }
695 $_SESSION['PMA_Theme_Manager']->setActiveTheme($tmp);
696 unset($tmp);
697 }
698 /**
699 * @todo move into PMA_Theme_Manager::__wakeup()
700 */
701 if (isset($_REQUEST['set_theme'])) {
702 // if user selected a theme
703 $_SESSION['PMA_Theme_Manager']->setActiveTheme($_REQUEST['set_theme']);
704 }
705
706 /**
707 * the theme object
708 * @global PMA_Theme $_SESSION['PMA_Theme']
709 */
710 $_SESSION['PMA_Theme'] = $_SESSION['PMA_Theme_Manager']->theme;
711
712 // BC
713 /**
714 * the active theme
715 * @global string $GLOBALS['theme']
716 */
717 $GLOBALS['theme'] = $_SESSION['PMA_Theme']->getName();
718 /**
719 * the theme path
720 * @global string $GLOBALS['pmaThemePath']
721 */
722 $GLOBALS['pmaThemePath'] = $_SESSION['PMA_Theme']->getPath();
723 /**
724 * the theme image path
725 * @global string $GLOBALS['pmaThemeImage']
726 */
727 $GLOBALS['pmaThemeImage'] = $_SESSION['PMA_Theme']->getImgPath();
728
729 /**
730 * load layout file if exists
731 */
732 if (@file_exists($_SESSION['PMA_Theme']->getLayoutFile())) {
733 include $_SESSION['PMA_Theme']->getLayoutFile();
734 }
735
736 if (! defined('PMA_MINIMUM_COMMON')) {
737 /**
738 * Character set conversion.
739 */
740 include_once './libraries/charset_conversion.lib.php';
741
742 /**
743 * Lookup server by name
744 * (see FAQ 4.8)
745 */
746 if (! empty($_REQUEST['server'])
747 && is_string($_REQUEST['server'])
748 && ! is_numeric($_REQUEST['server'])
749 ) {
750 foreach ($cfg['Servers'] as $i => $server) {
751 $verboseToLower = /*overload*/mb_strtolower($server['verbose']);
752 $serverToLower = /*overload*/mb_strtolower($_REQUEST['server']);
753 if ($server['host'] == $_REQUEST['server']
754 || $server['verbose'] == $_REQUEST['server']
755 || $verboseToLower == $serverToLower
756 || md5($verboseToLower) == $serverToLower
757 ) {
758 $_REQUEST['server'] = $i;
759 break;
760 }
761 }
762 if (is_string($_REQUEST['server'])) {
763 unset($_REQUEST['server']);
764 }
765 unset($i);
766 }
767
768 /**
769 * If no server is selected, make sure that $cfg['Server'] is empty (so
770 * that nothing will work), and skip server authentication.
771 * We do NOT exit here, but continue on without logging into any server.
772 * This way, the welcome page will still come up (with no server info) and
773 * present a choice of servers in the case that there are multiple servers
774 * and '$cfg['ServerDefault'] = 0' is set.
775 */
776
777 if (isset($_REQUEST['server'])
778 && (is_string($_REQUEST['server']) || is_numeric($_REQUEST['server']))
779 && ! empty($_REQUEST['server'])
780 && ! empty($cfg['Servers'][$_REQUEST['server']])
781 ) {
782 $GLOBALS['server'] = $_REQUEST['server'];
783 $cfg['Server'] = $cfg['Servers'][$GLOBALS['server']];
784 } else {
785 if (!empty($cfg['Servers'][$cfg['ServerDefault']])) {
786 $GLOBALS['server'] = $cfg['ServerDefault'];
787 $cfg['Server'] = $cfg['Servers'][$GLOBALS['server']];
788 } else {
789 $GLOBALS['server'] = 0;
790 $cfg['Server'] = array();
791 }
792 }
793 $GLOBALS['url_params']['server'] = $GLOBALS['server'];
794
795 /**
796 * Kanji encoding convert feature appended by Y.Kawada (2002/2/20)
797 */
798 if (function_exists('mb_convert_encoding')
799 && $lang == 'ja'
800 ) {
801 include_once './libraries/kanji-encoding.lib.php';
802 } // end if
803
804 /**
805 * save some settings in cookies
806 * @todo should be done in PMA_Config
807 */
808 $GLOBALS['PMA_Config']->setCookie('pma_lang', $GLOBALS['lang']);
809 if (isset($GLOBALS['collation_connection'])) {
810 $GLOBALS['PMA_Config']->setCookie(
811 'pma_collation_connection',
812 $GLOBALS['collation_connection']
813 );
814 }
815
816 $_SESSION['PMA_Theme_Manager']->setThemeCookie();
817
818 if (! empty($cfg['Server'])) {
819
820 /**
821 * Loads the proper database interface for this server
822 */
823 include_once './libraries/database_interface.inc.php';
824
825 include_once './libraries/logging.lib.php';
826
827 // get LoginCookieValidity from preferences cache
828 // no generic solution for loading preferences from cache as some settings
829 // need to be kept for processing in PMA_Config::loadUserPreferences()
830 $cache_key = 'server_' . $GLOBALS['server'];
831 if (isset($_SESSION['cache'][$cache_key]['userprefs']['LoginCookieValidity'])
832 ) {
833 $value
834 = $_SESSION['cache'][$cache_key]['userprefs']['LoginCookieValidity'];
835 $GLOBALS['PMA_Config']->set('LoginCookieValidity', $value);
836 $GLOBALS['cfg']['LoginCookieValidity'] = $value;
837 unset($value);
838 }
839 unset($cache_key);
840
841 // Gets the authentication library that fits the $cfg['Server'] settings
842 // and run authentication
843
844 // to allow HTTP or http
845 $cfg['Server']['auth_type']
846 = /*overload*/mb_strtolower($cfg['Server']['auth_type']);
847
848 /**
849 * the required auth type plugin
850 */
851 $auth_class = "Authentication" . ucfirst($cfg['Server']['auth_type']);
852 if (! file_exists(
853 './libraries/plugins/auth/'
854 . $auth_class . '.class.php'
855 )) {
856 PMA_fatalError(
857 __('Invalid authentication method set in configuration:')
858 . ' ' . $cfg['Server']['auth_type']
859 );
860 }
861 if (isset($_REQUEST['pma_password'])) {
862 $_REQUEST['pma_password'] = substr($_REQUEST['pma_password'], 0, 256);
863 }
864 include_once './libraries/plugins/auth/' . $auth_class . '.class.php';
865 // todo: add plugin manager
866 $plugin_manager = null;
867 $auth_plugin = new $auth_class($plugin_manager);
868
869 if (! $auth_plugin->authCheck()) {
870 /* Force generating of new session on login */
871 PMA_secureSession();
872 $auth_plugin->auth();
873 } else {
874 $auth_plugin->authSetUser();
875 }
876
877 // Check IP-based Allow/Deny rules as soon as possible to reject the
878 // user based on mod_access in Apache
879 if (isset($cfg['Server']['AllowDeny'])
880 && isset($cfg['Server']['AllowDeny']['order'])
881 ) {
882
883 /**
884 * ip based access library
885 */
886 include_once './libraries/ip_allow_deny.lib.php';
887
888 $allowDeny_forbidden = false; // default
889 if ($cfg['Server']['AllowDeny']['order'] == 'allow,deny') {
890 $allowDeny_forbidden = true;
891 if (PMA_allowDeny('allow')) {
892 $allowDeny_forbidden = false;
893 }
894 if (PMA_allowDeny('deny')) {
895 $allowDeny_forbidden = true;
896 }
897 } elseif ($cfg['Server']['AllowDeny']['order'] == 'deny,allow') {
898 if (PMA_allowDeny('deny')) {
899 $allowDeny_forbidden = true;
900 }
901 if (PMA_allowDeny('allow')) {
902 $allowDeny_forbidden = false;
903 }
904 } elseif ($cfg['Server']['AllowDeny']['order'] == 'explicit') {
905 if (PMA_allowDeny('allow') && ! PMA_allowDeny('deny')) {
906 $allowDeny_forbidden = false;
907 } else {
908 $allowDeny_forbidden = true;
909 }
910 } // end if ... elseif ... elseif
911
912 // Ejects the user if banished
913 if ($allowDeny_forbidden) {
914 PMA_logUser($cfg['Server']['user'], 'allow-denied');
915 $auth_plugin->authFails();
916 }
917 } // end if
918
919 // is root allowed?
920 if (! $cfg['Server']['AllowRoot'] && $cfg['Server']['user'] == 'root') {
921 $allowDeny_forbidden = true;
922 PMA_logUser($cfg['Server']['user'], 'root-denied');
923 $auth_plugin->authFails();
924 }
925
926 // is a login without password allowed?
927 if (! $cfg['Server']['AllowNoPassword']
928 && $cfg['Server']['password'] == ''
929 ) {
930 $login_without_password_is_forbidden = true;
931 PMA_logUser($cfg['Server']['user'], 'empty-denied');
932 $auth_plugin->authFails();
933 }
934
935 // if using TCP socket is not needed
936 if (/*overload*/mb_strtolower($cfg['Server']['connect_type']) == 'tcp') {
937 $cfg['Server']['socket'] = '';
938 }
939
940 // Try to connect MySQL with the control user profile (will be used to
941 // get the privileges list for the current user but the true user link
942 // must be open after this one so it would be default one for all the
943 // scripts)
944 $controllink = false;
945 if ($cfg['Server']['controluser'] != '') {
946 if (! empty($cfg['Server']['controlhost'])
947 || ! empty($cfg['Server']['controlport'])
948 ) {
949 $server_details = array();
950 if (! empty($cfg['Server']['controlhost'])) {
951 $server_details['host'] = $cfg['Server']['controlhost'];
952 } else {
953 $server_details['host'] = $cfg['Server']['host'];
954 }
955 if (! empty($cfg['Server']['controlport'])) {
956 $server_details['port'] = $cfg['Server']['controlport'];
957 } elseif ($server_details['host'] == $cfg['Server']['host']) {
958 // Evaluates to true when controlhost == host
959 // or controlhost is not defined (hence it defaults to host)
960 // In such case we can use the value of port.
961 $server_details['port'] = $cfg['Server']['port'];
962 }
963 // otherwise we leave the $server_details['port'] unset,
964 // allowing it to take default mysql port
965
966 $controllink = $GLOBALS['dbi']->connect(
967 $cfg['Server']['controluser'],
968 $cfg['Server']['controlpass'],
969 true,
970 $server_details
971 );
972 } else {
973 $controllink = $GLOBALS['dbi']->connect(
974 $cfg['Server']['controluser'],
975 $cfg['Server']['controlpass'],
976 true
977 );
978 }
979 }
980
981 // Connects to the server (validates user's login)
982 $userlink = $GLOBALS['dbi']->connect(
983 $cfg['Server']['user'], $cfg['Server']['password'], false
984 );
985
986 // Set timestamp for the session, if required.
987 if ($cfg['Server']['SessionTimeZone'] != '') {
988 $sql_query_tz = 'SET ' . PMA_Util::backquote('time_zone') . ' = '
989 . '\'' . PMA_Util::sqlAddSlashes($cfg['Server']['SessionTimeZone']) . '\'';
990
991 if(! $userlink->query($sql_query_tz)) {
992 $error_message_tz = sprintf(__('Unable to use timezone %1$s for server %2$d. '
993 . 'Please check your configuration setting for '
994 . '[em]$cfg[\'Servers\'][%3$d][\'SessionTimeZone\'][/em]. '
995 . 'phpMyAdmin is currently using the default time zone of the database server.'),
996 $cfg['Servers'][$GLOBALS['server']]['SessionTimeZone'],
997 $GLOBALS['server'],
998 $GLOBALS['server']
999 );
1000
1001 $GLOBALS['error_handler']->addError(
1002 $error_message_tz,
1003 E_USER_WARNING,
1004 '',
1005 '',
1006 false
1007 );
1008 }
1009 }
1010
1011 if (! $controllink) {
1012 $controllink = $userlink;
1013 }
1014
1015 $auth_plugin->storeUserCredentials();
1016
1017 /* Log success */
1018 PMA_logUser($cfg['Server']['user']);
1019
1020 if (PMA_MYSQL_INT_VERSION < 50500) {
1021 PMA_fatalError(
1022 __('You should upgrade to %s %s or later.'),
1023 array('MySQL', '5.5.0')
1024 );
1025 }
1026
1027 /**
1028 * Type handling object.
1029 */
1030 if (PMA_DRIZZLE) {
1031 $GLOBALS['PMA_Types'] = new PMA_Types_Drizzle();
1032 } else {
1033 $GLOBALS['PMA_Types'] = new PMA_Types_MySQL();
1034 }
1035
1036 if (PMA_DRIZZLE) {
1037 // DisableIS must be set to false for Drizzle, it maps SHOW commands
1038 // to INFORMATION_SCHEMA queries anyway so it's fast on large servers
1039 $cfg['Server']['DisableIS'] = false;
1040 // SHOW OPEN TABLES is not supported by Drizzle
1041 $cfg['SkipLockedTables'] = false;
1042 }
1043
1044 /**
1045 * SQL Parser code
1046 */
1047 include_once './libraries/sqlparser.lib.php';
1048
1049 /**
1050 * the PMA_List_Database class
1051 */
1052 include_once './libraries/PMA.php';
1053 $pma = new PMA;
1054 $pma->userlink = $userlink;
1055 $pma->controllink = $controllink;
1056
1057 /**
1058 * some resetting has to be done when switching servers
1059 */
1060 if (isset($_SESSION['tmpval']['previous_server'])
1061 && $_SESSION['tmpval']['previous_server'] != $GLOBALS['server']
1062 ) {
1063 unset($_SESSION['tmpval']['navi_limit_offset']);
1064 }
1065 $_SESSION['tmpval']['previous_server'] = $GLOBALS['server'];
1066
1067 } else { // end server connecting
1068 // No need to check for 'PMA_BYPASS_GET_INSTANCE' since this execution path
1069 // applies only to initial login
1070 $response = PMA_Response::getInstance();
1071 $response->getHeader()->disableMenuAndConsole();
1072 $response->getFooter()->setMinimal();
1073 }
1074
1075 /**
1076 * check if profiling was requested and remember it
1077 * (note: when $cfg['ServerDefault'] = 0, constant is not defined)
1078 */
1079 if (isset($_REQUEST['profiling'])
1080 && PMA_Util::profilingSupported()
1081 ) {
1082 $_SESSION['profiling'] = true;
1083 } elseif (isset($_REQUEST['profiling_form'])) {
1084 // the checkbox was unchecked
1085 unset($_SESSION['profiling']);
1086 }
1087
1088 // load user preferences
1089 $GLOBALS['PMA_Config']->loadUserPreferences();
1090
1091 /**
1092 * Inclusion of profiling scripts is needed on various
1093 * pages like sql, tbl_sql, db_sql, tbl_select
1094 */
1095 if (! defined('PMA_BYPASS_GET_INSTANCE')) {
1096 $response = PMA_Response::getInstance();
1097 }
1098 if (isset($_SESSION['profiling'])) {
1099 $header = $response->getHeader();
1100 $scripts = $header->getScripts();
1101 $scripts->addFile('jqplot/jquery.jqplot.js');
1102 $scripts->addFile('jqplot/plugins/jqplot.pieRenderer.js');
1103 $scripts->addFile('jqplot/plugins/jqplot.highlighter.js');
1104 $scripts->addFile('canvg/canvg.js');
1105 $scripts->addFile('jquery/jquery.tablesorter.js');
1106 }
1107
1108 /*
1109 * There is no point in even attempting to process
1110 * an ajax request if there is a token mismatch
1111 */
1112 if (isset($response) && $response->isAjax() && $token_mismatch) {
1113 $response->isSuccess(false);
1114 $response->addJSON(
1115 'message',
1116 PMA_Message::error(__('Error: Token mismatch'))
1117 );
1118 exit;
1119 }
1120 } else { // end if !defined('PMA_MINIMUM_COMMON')
1121 // load user preferences
1122 $GLOBALS['PMA_Config']->loadUserPreferences();
1123 }
1124
1125 // remove sensitive values from session
1126 $GLOBALS['PMA_Config']->set('blowfish_secret', '');
1127 $GLOBALS['PMA_Config']->set('Servers', '');
1128 $GLOBALS['PMA_Config']->set('default_server', '');
1129
1130 /* Tell tracker that it can actually work */
1131 PMA_Tracker::enable();
1132
1133 /**
1134 * @global boolean $GLOBALS['is_ajax_request']
1135 * @todo should this be moved to the variables init section above?
1136 *
1137 * Check if the current request is an AJAX request, and set is_ajax_request
1138 * accordingly. Suppress headers, footers and unnecessary output if set to
1139 * true
1140 */
1141 if (isset($_REQUEST['ajax_request']) && $_REQUEST['ajax_request'] == true) {
1142 $GLOBALS['is_ajax_request'] = true;
1143 } else {
1144 $GLOBALS['is_ajax_request'] = false;
1145 }
1146
1147 if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
1148 PMA_fatalError(__("GLOBALS overwrite attempt"));
1149 }
1150
1151 /**
1152 * protect against possible exploits - there is no need to have so much variables
1153 */
1154 if (count($_REQUEST) > 1000) {
1155 PMA_fatalError(__('possible exploit'));
1156 }
1157
1158 /**
1159 * Check for numeric keys
1160 * (if register_globals is on, numeric key can be found in $GLOBALS)
1161 */
1162 foreach ($GLOBALS as $key => $dummy) {
1163 if (is_numeric($key)) {
1164 PMA_fatalError(__('numeric key detected'));
1165 }
1166 }
1167 unset($dummy);
1168
1169 // here, the function does not exist with this configuration:
1170 // $cfg['ServerDefault'] = 0;
1171 $GLOBALS['is_superuser']
1172 = isset($GLOBALS['dbi']) && $GLOBALS['dbi']->isSuperuser();
1173
1174 if (!empty($__redirect) && in_array($__redirect, $goto_whitelist)) {
1175 /**
1176 * include subform target page
1177 */
1178 include $__redirect;
1179 exit();
1180 }
1181
1182 // If Zero configuration mode enabled, check PMA tables in current db.
1183 if (! defined('PMA_MINIMUM_COMMON')
1184 && ! empty($GLOBALS['server'])
1185 && isset($GLOBALS['cfg']['ZeroConf'])
1186 && $GLOBALS['cfg']['ZeroConf'] == true
1187 ) {
1188 if (! empty($GLOBALS['db'])) {
1189 $cfgRelation = PMA_getRelationsParam();
1190 if (empty($cfgRelation['db'])) {
1191 PMA_fixPMATables($GLOBALS['db'], false);
1192 }
1193 }
1194 $cfgRelation = PMA_getRelationsParam();
1195 if (empty($cfgRelation['db'])) {
1196 foreach ($GLOBALS['pma']->databases as $database) {
1197 if ($database == 'phpmyadmin') {
1198 PMA_fixPMATables($database, false);
1199 }
1200 }
1201 }
1202 }
1203 ?>
phpMyAdmin