search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Translated using Weblate (Slovenian)
[phpmyadmin.git] / index.php
blob74cbf767d5457e5a9af8d005c60b6e643626ae46
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Main loader script
5 *
6 * @package PhpMyAdmin
7 */
8 declare(strict_types=1);
9
10 use PhpMyAdmin\Charsets;
11 use PhpMyAdmin\CheckUserPrivileges;
12 use PhpMyAdmin\Config;
13 use PhpMyAdmin\Core;
14 use PhpMyAdmin\Display\GitRevision;
15 use PhpMyAdmin\LanguageManager;
16 use PhpMyAdmin\Message;
17 use PhpMyAdmin\RecentFavoriteTable;
18 use PhpMyAdmin\Relation;
19 use PhpMyAdmin\Response;
20 use PhpMyAdmin\Sanitize;
21 use PhpMyAdmin\Server\Select;
22 use PhpMyAdmin\ThemeManager;
23 use PhpMyAdmin\Url;
24 use PhpMyAdmin\Util;
25 use PhpMyAdmin\UserPreferences;
26
27 if (! defined('ROOT_PATH')) {
28 define('ROOT_PATH', __DIR__ . DIRECTORY_SEPARATOR);
29 }
30
31 /**
32 * Gets some core libraries and displays a top message if required
33 */
34 require_once ROOT_PATH . 'libraries/common.inc.php';
35
36 /**
37 * pass variables to child pages
38 */
39 $drops = [
40 'lang',
41 'server',
42 'collation_connection',
43 'db',
44 'table',
45 ];
46 foreach ($drops as $each_drop) {
47 if (array_key_exists($each_drop, $_GET)) {
48 unset($_GET[$each_drop]);
49 }
50 }
51 unset($drops, $each_drop);
52
53 /*
54 * Black list of all scripts to which front-end must submit data.
55 * Such scripts must not be loaded on home page.
56 *
57 */
58 $target_blacklist = [
59 'import.php',
60 'export.php',
61 ];
62
63 // If we have a valid target, let's load that script instead
64 if (! empty($_REQUEST['target'])
65 && is_string($_REQUEST['target'])
66 && 0 !== strpos($_REQUEST['target'], "index")
67 && ! in_array($_REQUEST['target'], $target_blacklist)
68 && Core::checkPageValidity($_REQUEST['target'], [], true)
69 ) {
70 include ROOT_PATH . $_REQUEST['target'];
71 exit;
72 }
73
74 if (isset($_REQUEST['ajax_request']) && ! empty($_REQUEST['access_time'])) {
75 exit;
76 }
77
78 // if user selected a theme
79 if (isset($_POST['set_theme'])) {
80 $tmanager = ThemeManager::getInstance();
81 $tmanager->setActiveTheme($_POST['set_theme']);
82 $tmanager->setThemeCookie();
83
84 $userPreferences = new UserPreferences();
85 $prefs = $userPreferences->load();
86 $prefs["config_data"]["ThemeDefault"] = $_POST['set_theme'];
87 $userPreferences->save($prefs["config_data"]);
88
89 header('Location: index.php' . Url::getCommonRaw());
90 exit();
91 }
92 // Change collation connection
93 if (isset($_POST['collation_connection'])) {
94 $GLOBALS['PMA_Config']->setUserValue(
95 null,
96 'DefaultConnectionCollation',
97 $_POST['collation_connection'],
98 'utf8mb4_unicode_ci'
99 );
100 header('Location: index.php' . Url::getCommonRaw());
101 exit();
102 }
103
104
105 // See FAQ 1.34
106 if (! empty($_REQUEST['db'])) {
107 $page = null;
108 if (! empty($_REQUEST['table'])) {
109 $page = Util::getScriptNameForOption(
110 $GLOBALS['cfg']['DefaultTabTable'],
111 'table'
112 );
113 } else {
114 $page = Util::getScriptNameForOption(
115 $GLOBALS['cfg']['DefaultTabDatabase'],
116 'database'
117 );
118 }
119 include ROOT_PATH . $page;
120 exit;
121 }
122
123 $response = Response::getInstance();
124 /**
125 * Check if it is an ajax request to reload the recent tables list.
126 */
127 if ($response->isAjax() && ! empty($_REQUEST['recent_table'])) {
128 $response->addJSON(
129 'list',
130 RecentFavoriteTable::getInstance('recent')->getHtmlList()
131 );
132 exit;
133 }
134
135 if ($GLOBALS['PMA_Config']->isGitRevision()) {
136 // If ajax request to get revision
137 if (isset($_REQUEST['git_revision']) && $response->isAjax()) {
138 GitRevision::display();
139 exit;
140 }
141 // Else show empty html
142 echo '<div id="is_git_revision"></div>';
143 }
144
145 // Handles some variables that may have been sent by the calling script
146 $GLOBALS['db'] = '';
147 $GLOBALS['table'] = '';
148 $show_query = '1';
149
150 // Any message to display?
151 if (! empty($message)) {
152 echo Util::getMessage($message);
153 unset($message);
154 }
155 if (isset($_SESSION['partial_logout'])) {
156 Message::success(
157 __('You were logged out from one server, to logout completely from phpMyAdmin, you need to logout from all servers.')
158 )->display();
159 unset($_SESSION['partial_logout']);
160 }
161
162 $common_url_query = Url::getCommon();
163 $mysql_cur_user_and_host = '';
164
165 // when $server > 0, a server has been chosen so we can display
166 // all MySQL-related information
167 if ($server > 0) {
168 include ROOT_PATH . 'libraries/server_common.inc.php';
169
170 // Use the verbose name of the server instead of the hostname
171 // if a value is set
172 $server_info = '';
173 if (! empty($cfg['Server']['verbose'])) {
174 $server_info .= htmlspecialchars($cfg['Server']['verbose']);
175 if ($GLOBALS['cfg']['ShowServerInfo']) {
176 $server_info .= ' (';
177 }
178 }
179 if ($GLOBALS['cfg']['ShowServerInfo'] || empty($cfg['Server']['verbose'])) {
180 $server_info .= $GLOBALS['dbi']->getHostInfo();
181 }
182 if (! empty($cfg['Server']['verbose']) && $GLOBALS['cfg']['ShowServerInfo']) {
183 $server_info .= ')';
184 }
185 $mysql_cur_user_and_host = $GLOBALS['dbi']->fetchValue('SELECT USER();');
186
187 // should we add the port info here?
188 $short_server_info = (! empty($GLOBALS['cfg']['Server']['verbose'])
189 ? $GLOBALS['cfg']['Server']['verbose']
190 : $GLOBALS['cfg']['Server']['host']);
191 }
192
193 echo '<div id="maincontainer">' , "\n";
194 // Anchor for favorite tables synchronization.
195 echo RecentFavoriteTable::getInstance('favorite')->getHtmlSyncFavoriteTables();
196 echo '<div id="main_pane_left">';
197 if ($server > 0 || count($cfg['Servers']) > 1
198 ) {
199 if ($cfg['DBG']['demo']) {
200 echo '<div class="group">';
201 echo '<h2>' , __('phpMyAdmin Demo Server') , '</h2>';
202 echo '<p class="cfg_dbg_demo">';
203 printf(
204 __(
205 'You are using the demo server. You can do anything here, but '
206 . 'please do not change root, debian-sys-maint and pma users. '
207 . 'More information is available at %s.'
208 ),
209 '<a href="url.php?url=https://demo.phpmyadmin.net/" target="_blank" rel="noopener noreferrer">demo.phpmyadmin.net</a>'
210 );
211 echo '</p>';
212 echo '</div>';
213 }
214 echo '<div class="group">';
215 echo '<h2>' , __('General settings') , '</h2>';
216 echo '<ul>';
217
218 /**
219 * Displays the MySQL servers choice form
220 */
221 if ($cfg['ServerDefault'] == 0
222 || (! $cfg['NavigationDisplayServers']
223 && (count($cfg['Servers']) > 1
224 || ($server == 0 && count($cfg['Servers']) == 1)))
225 ) {
226 echo '<li id="li_select_server" class="no_bullets" >';
227 echo Util::getImage('s_host') , " "
228 , Select::render(true, true);
229 echo '</li>';
230 }
231
232 /**
233 * Displays the mysql server related links
234 */
235 if ($server > 0) {
236 $checkUserPrivileges = new CheckUserPrivileges($GLOBALS['dbi']);
237 $checkUserPrivileges->getPrivileges();
238
239 // Logout for advanced authentication
240 if (($cfg['Server']['auth_type'] != 'config') && $cfg['ShowChgPassword']) {
241 $conditional_class = 'ajax';
242 Core::printListItem(
243 Util::getImage('s_passwd') . "&nbsp;" . __(
244 'Change password'
245 ),
246 'li_change_password',
247 'user_password.php' . $common_url_query,
248 null,
249 null,
250 'change_password_anchor',
251 "no_bullets",
252 $conditional_class
253 );
254 } // end if
255 echo ' <li id="li_select_mysql_collation" class="no_bullets" >';
256 echo ' <form class="disableAjax" method="post" action="index.php">' , "\n"
257 . Url::getHiddenInputs(null, null, 4, 'collation_connection')
258 . ' <label for="select_collation_connection">' . "\n"
259 . ' ' . Util::getImage('s_asci')
260 . "&nbsp;" . __('Server connection collation') . "\n"
261 // put the doc link in the form so that it appears on the same line
262 . Util::showMySQLDocu('Charset-connection')
263 . ': ' . "\n"
264 . ' </label>' . "\n"
265
266 . Charsets::getCollationDropdownBox(
267 $GLOBALS['dbi'],
268 $GLOBALS['cfg']['Server']['DisableIS'],
269 'collation_connection',
270 'select_collation_connection',
271 $collation_connection,
272 true,
273 true
274 )
275 . ' </form>' . "\n"
276 . ' </li>' . "\n";
277 } // end of if ($server > 0)
278 echo '</ul>';
279 echo '</div>';
280 }
281
282 echo '<div class="group">';
283 echo '<h2>' , __('Appearance settings') , '</h2>';
284 echo ' <ul>';
285
286 // Displays language selection combo
287 $language_manager = LanguageManager::getInstance();
288 if (empty($cfg['Lang']) && $language_manager->hasChoice()) {
289 echo '<li id="li_select_lang" class="no_bullets">';
290
291 echo Util::getImage('s_lang') , " "
292 , $language_manager->getSelectorDisplay();
293 echo '</li>';
294 }
295
296 // ThemeManager if available
297
298 if ($GLOBALS['cfg']['ThemeManager']) {
299 echo '<li id="li_select_theme" class="no_bullets">';
300 echo Util::getImage('s_theme') , " "
301 , ThemeManager::getInstance()->getHtmlSelectBox();
302 echo '</li>';
303 }
304
305 echo '</ul>';
306
307 // User preferences
308
309 if ($server > 0) {
310 echo '<ul>';
311 Core::printListItem(
312 Util::getImage('b_tblops') . "&nbsp;" . __(
313 'More settings'
314 ),
315 'li_user_preferences',
316 'prefs_manage.php' . $common_url_query,
317 null,
318 null,
319 null,
320 "no_bullets"
321 );
322 echo '</ul>';
323 }
324
325 echo '</div>';
326
327
328 echo '</div>';
329 echo '<div id="main_pane_right">';
330
331
332 if ($server > 0 && $GLOBALS['cfg']['ShowServerInfo']) {
333 echo '<div class="group">';
334 echo '<h2>' , __('Database server') , '</h2>';
335 echo '<ul>' , "\n";
336 Core::printListItem(
337 __('Server:') . ' ' . $server_info,
338 'li_server_info'
339 );
340 Core::printListItem(
341 __('Server type:') . ' ' . Util::getServerType(),
342 'li_server_type'
343 );
344 Core::printListItem(
345 __('Server connection:') . ' ' . Util::getServerSSL(),
346 'li_server_type'
347 );
348 Core::printListItem(
349 __('Server version:')
350 . ' '
351 . $GLOBALS['dbi']->getVersionString() . ' - ' . $GLOBALS['dbi']->getVersionComment(),
352 'li_server_version'
353 );
354 Core::printListItem(
355 __('Protocol version:') . ' ' . $GLOBALS['dbi']->getProtoInfo(),
356 'li_mysql_proto'
357 );
358 Core::printListItem(
359 __('User:') . ' ' . htmlspecialchars($mysql_cur_user_and_host),
360 'li_user_info'
361 );
362
363 echo ' <li id="li_select_mysql_charset">';
364 echo ' ' , __('Server charset:') , ' '
365 . ' <span lang="en" dir="ltr">';
366 $unicode = Charsets::$mysql_charset_map['utf-8'];
367 $charsets = Charsets::getMySQLCharsetsDescriptions(
368 $GLOBALS['dbi'],
369 $GLOBALS['cfg']['Server']['DisableIS']
370 );
371 echo ' ' , $charsets[$unicode], ' (' . $unicode, ')';
372 echo ' </span>'
373 . ' </li>'
374 . ' </ul>'
375 . ' </div>';
376 }
377
378 if ($GLOBALS['cfg']['ShowServerInfo'] || $GLOBALS['cfg']['ShowPhpInfo']) {
379 echo '<div class="group">';
380 echo '<h2>' , __('Web server') , '</h2>';
381 echo '<ul>';
382 if ($GLOBALS['cfg']['ShowServerInfo']) {
383 Core::printListItem($_SERVER['SERVER_SOFTWARE'], 'li_web_server_software');
384
385 if ($server > 0) {
386 $client_version_str = $GLOBALS['dbi']->getClientInfo();
387 if (preg_match('#\d+\.\d+\.\d+#', $client_version_str)) {
388 $client_version_str = 'libmysql - ' . $client_version_str;
389 }
390 Core::printListItem(
391 __('Database client version:') . ' ' . $client_version_str,
392 'li_mysql_client_version'
393 );
394
395 $php_ext_string = __('PHP extension:') . ' ';
396
397 $extensions = Util::listPHPExtensions();
398
399 foreach ($extensions as $extension) {
400 $php_ext_string .= ' ' . $extension
401 . Util::showPHPDocu('book.' . $extension . '.php');
402 }
403
404 Core::printListItem(
405 $php_ext_string,
406 'li_used_php_extension'
407 );
408
409 $php_version_string = __('PHP version:') . ' ' . phpversion();
410
411 Core::printListItem(
412 $php_version_string,
413 'li_used_php_version'
414 );
415 }
416 }
417
418 if ($cfg['ShowPhpInfo']) {
419 Core::printListItem(
420 __('Show PHP information'),
421 'li_phpinfo',
422 'phpinfo.php' . $common_url_query,
423 null,
424 '_blank'
425 );
426 }
427 echo ' </ul>';
428 echo ' </div>';
429 }
430
431 echo '<div class="group pmagroup">';
432 echo '<h2>phpMyAdmin</h2>';
433 echo '<ul>';
434 $class = null;
435 if ($GLOBALS['cfg']['VersionCheck']) {
436 $class = 'jsversioncheck';
437 }
438 Core::printListItem(
439 __('Version information:') . ' <span class="version">' . PMA_VERSION . '</span>',
440 'li_pma_version',
441 null,
442 null,
443 null,
444 null,
445 $class
446 );
447 Core::printListItem(
448 __('Documentation'),
449 'li_pma_docs',
450 Util::getDocuLink('index'),
451 null,
452 '_blank'
453 );
454
455 // does not work if no target specified, don't know why
456 Core::printListItem(
457 __('Official Homepage'),
458 'li_pma_homepage',
459 Core::linkURL('https://www.phpmyadmin.net/'),
460 null,
461 '_blank'
462 );
463 Core::printListItem(
464 __('Contribute'),
465 'li_pma_contribute',
466 Core::linkURL('https://www.phpmyadmin.net/contribute/'),
467 null,
468 '_blank'
469 );
470 Core::printListItem(
471 __('Get support'),
472 'li_pma_support',
473 Core::linkURL('https://www.phpmyadmin.net/support/'),
474 null,
475 '_blank'
476 );
477 Core::printListItem(
478 __('List of changes'),
479 'li_pma_changes',
480 'changelog.php' . Url::getCommon(),
481 null,
482 '_blank'
483 );
484 Core::printListItem(
485 __('License'),
486 'li_pma_license',
487 'license.php' . Url::getCommon(),
488 null,
489 '_blank'
490 );
491 echo ' </ul>';
492 echo ' </div>';
493
494 echo '</div>';
495
496 echo '</div>';
497
498 /**
499 * mbstring is used for handling multibytes inside parser, so it is good
500 * to tell user something might be broken without it, see bug #1063149.
501 */
502 if (! extension_loaded('mbstring')) {
503 trigger_error(
504 __(
505 'The mbstring PHP extension was not found and you seem to be using'
506 . ' a multibyte charset. Without the mbstring extension phpMyAdmin'
507 . ' is unable to split strings correctly and it may result in'
508 . ' unexpected results.'
509 ),
510 E_USER_WARNING
511 );
512 }
513
514 /**
515 * Missing functionality
516 */
517 if (! extension_loaded('curl') && ! ini_get('allow_url_fopen')) {
518 trigger_error(
519 __(
520 'The curl extension was not found and allow_url_fopen is '
521 . 'disabled. Due to this some features such as error reporting '
522 . 'or version check are disabled.'
523 )
524 );
525 }
526
527 if ($cfg['LoginCookieValidityDisableWarning'] == false) {
528 /**
529 * Check whether session.gc_maxlifetime limits session validity.
530 */
531 $gc_time = (int) ini_get('session.gc_maxlifetime');
532 if ($gc_time < $GLOBALS['cfg']['LoginCookieValidity']) {
533 trigger_error(
534 __(
535 'Your PHP parameter [a@https://secure.php.net/manual/en/session.' .
536 'configuration.php#ini.session.gc-maxlifetime@_blank]session.' .
537 'gc_maxlifetime[/a] is lower than cookie validity configured ' .
538 'in phpMyAdmin, because of this, your login might expire sooner ' .
539 'than configured in phpMyAdmin.'
540 ),
541 E_USER_WARNING
542 );
543 }
544 }
545
546 /**
547 * Check whether LoginCookieValidity is limited by LoginCookieStore.
548 */
549 if ($GLOBALS['cfg']['LoginCookieStore'] != 0
550 && $GLOBALS['cfg']['LoginCookieStore'] < $GLOBALS['cfg']['LoginCookieValidity']
551 ) {
552 trigger_error(
553 __(
554 'Login cookie store is lower than cookie validity configured in ' .
555 'phpMyAdmin, because of this, your login will expire sooner than ' .
556 'configured in phpMyAdmin.'
557 ),
558 E_USER_WARNING
559 );
560 }
561
562 /**
563 * Warning if using the default MySQL controluser account
564 */
565 if ($server != 0
566 && isset($GLOBALS['cfg']['Server']['controluser']) && $GLOBALS['cfg']['Server']['controluser'] == 'pma'
567 && isset($GLOBALS['cfg']['Server']['controlpass']) && $GLOBALS['cfg']['Server']['controlpass'] == 'pmapass'
568 ) {
569 trigger_error(
570 __('Your server is running with default values for the controluser and password (controlpass) and is open to intrusion; you really should fix this security weakness by changing the password for controluser \'pma\'.'),
571 E_USER_WARNING
572 );
573 }
574
575
576 /**
577 * Check if user does not have defined blowfish secret and it is being used.
578 */
579 if (! empty($_SESSION['encryption_key'])) {
580 if (empty($GLOBALS['cfg']['blowfish_secret'])) {
581 trigger_error(
582 __(
583 'The configuration file now needs a secret passphrase (blowfish_secret).'
584 ),
585 E_USER_WARNING
586 );
587 } elseif (strlen($GLOBALS['cfg']['blowfish_secret']) < 32) {
588 trigger_error(
589 __(
590 'The secret passphrase in configuration (blowfish_secret) is too short.'
591 ),
592 E_USER_WARNING
593 );
594 }
595 }
596
597 /**
598 * Check for existence of config directory which should not exist in
599 * production environment.
600 */
601 if (@file_exists(ROOT_PATH . 'config')) {
602 trigger_error(
603 __(
604 'Directory [code]config[/code], which is used by the setup script, ' .
605 'still exists in your phpMyAdmin directory. It is strongly ' .
606 'recommended to remove it once phpMyAdmin has been configured. ' .
607 'Otherwise the security of your server may be compromised by ' .
608 'unauthorized people downloading your configuration.'
609 ),
610 E_USER_WARNING
611 );
612 }
613
614 $relation = new Relation($GLOBALS['dbi']);
615
616 if ($server > 0) {
617 $cfgRelation = $relation->getRelationsParam();
618 if (! $cfgRelation['allworks']
619 && $cfg['PmaNoRelation_DisableWarning'] == false
620 ) {
621 $msg_text = __(
622 'The phpMyAdmin configuration storage is not completely '
623 . 'configured, some extended features have been deactivated. '
624 . '%sFind out why%s. '
625 );
626 if ($cfg['ZeroConf'] == true) {
627 $msg_text .= '<br>' .
628 __(
629 'Or alternately go to \'Operations\' tab of any database '
630 . 'to set it up there.'
631 );
632 }
633 $msg = Message::notice($msg_text);
634 $msg->addParamHtml('<a href="./chk_rel.php" data-post="' . $common_url_query . '">');
635 $msg->addParamHtml('</a>');
636 /* Show error if user has configured something, notice elsewhere */
637 if (! empty($cfg['Servers'][$server]['pmadb'])) {
638 $msg->isError(true);
639 }
640 $msg->display();
641 } // end if
642 }
643
644 /**
645 * Warning about Suhosin only if its simulation mode is not enabled
646 */
647 if ($cfg['SuhosinDisableWarning'] == false
648 && ini_get('suhosin.request.max_value_length')
649 && ini_get('suhosin.simulation') == '0'
650 ) {
651 trigger_error(
652 sprintf(
653 __(
654 'Server running with Suhosin. Please refer to %sdocumentation%s ' .
655 'for possible issues.'
656 ),
657 '[doc@faq1-38]',
658 '[/doc]'
659 ),
660 E_USER_WARNING
661 );
662 }
663
664 /* Missing template cache */
665 if (is_null($GLOBALS['PMA_Config']->getTempDir('twig'))) {
666 trigger_error(
667 sprintf(
668 __('The $cfg[\'TempDir\'] (%s) is not accessible. phpMyAdmin is not able to cache templates and will be slow because of this.'),
669 $GLOBALS['PMA_Config']->get('TempDir')
670 ),
671 E_USER_WARNING
672 );
673 }
674
675 /**
676 * Warning about incomplete translations.
677 *
678 * The data file is created while creating release by ./scripts/remove-incomplete-mo
679 */
680 if (@file_exists(ROOT_PATH . 'libraries/language_stats.inc.php')) {
681 include ROOT_PATH . 'libraries/language_stats.inc.php';
682 /*
683 * This message is intentionally not translated, because we're
684 * handling incomplete translations here and focus on english
685 * speaking users.
686 */
687 if (isset($GLOBALS['language_stats'][$lang])
688 && $GLOBALS['language_stats'][$lang] < $cfg['TranslationWarningThreshold']
689 ) {
690 trigger_error(
691 'You are using an incomplete translation, please help to make it '
692 . 'better by [a@https://www.phpmyadmin.net/translate/'
693 . '@_blank]contributing[/a].',
694 E_USER_NOTICE
695 );
696 }
697 }
phpMyAdmin