3 * Misc stuff and REQUIRED by ALL the scripts.
4 * MUST be included by every script
6 * Among other things, it contains the advanced authentication work.
8 * Order of sections for common.inc.php:
10 * the authentication libraries must be before the connection to db
12 * ... so the required order is:
14 * LABEL_variables_init
15 * - initialize some variables always needed
16 * LABEL_parsing_config_file
17 * - parsing of the configuration file
18 * LABEL_loading_language_file
19 * - loading language file
21 * - check and setup configured servers
25 * - load of MySQL extension (if necessary)
26 * - loading of an authentication library
28 * - authentication work
31 declare(strict_types
=1);
33 use PhpMyAdmin\Config
;
35 use PhpMyAdmin\DatabaseInterface
;
36 use PhpMyAdmin\ErrorHandler
;
37 use PhpMyAdmin\LanguageManager
;
38 use PhpMyAdmin\Logging
;
39 use PhpMyAdmin\Message
;
40 use PhpMyAdmin\MoTranslator\Loader
;
41 use PhpMyAdmin\Plugins
;
42 use PhpMyAdmin\Profiling
;
43 use PhpMyAdmin\Response
;
44 use PhpMyAdmin\Routing
;
45 use PhpMyAdmin\Session
;
46 use PhpMyAdmin\SqlParser\Lexer
;
47 use PhpMyAdmin\ThemeManager
;
48 use PhpMyAdmin\Tracker
;
50 global $containerBuilder, $error_handler, $PMA_Config, $server, $dbi;
51 global $lang, $cfg, $isConfigLoading, $auth_plugin, $route, $PMA_Theme;
52 global $url_params, $goto, $back, $db, $table, $sql_query, $token_mismatch;
55 * block attempts to directly run this script
57 if (getcwd() == __DIR__
) {
58 die('Attack stopped');
62 * Minimum PHP version; can't call Core::fatalError() which uses a
63 * PHP 5 function, so cannot easily localize this message.
65 if (PHP_VERSION_ID
< 70103) {
67 '<p>PHP 7.1.3+ is required.</p>'
68 . '<p>Currently installed version is: ' . PHP_VERSION
. '</p>'
72 // phpcs:disable PSR1.Files.SideEffects
74 * for verification in all procedural scripts under libraries
76 define('PHPMYADMIN', true);
80 * Load vendor configuration.
82 require_once ROOT_PATH
. 'libraries/vendor_config.php';
87 if (! @is_readable
(AUTOLOAD_FILE
)) {
89 '<p>File <samp>' . AUTOLOAD_FILE
. '</samp> missing or not readable.</p>'
90 . '<p>Most likely you did not run Composer to '
91 . '<a href="https://docs.phpmyadmin.net/en/latest/setup.html#installing-from-git">'
92 . 'install library files</a>.</p>'
95 require_once AUTOLOAD_FILE
;
99 * Avoid referring to nonexistent files (causes warnings when open_basedir is used)
100 * This is defined to avoid the tcpdf code to search for a directory outside of open_basedir
101 * See: https://github.com/phpmyadmin/phpmyadmin/issues/16709
102 * This value if not used but is usefull, no header logic is used for PDF exports
104 if (! defined('K_PATH_IMAGES')) {
105 // phpcs:disable PSR1.Files.SideEffects
106 define('K_PATH_IMAGES', ROOT_PATH
);
110 $route = Routing
::getCurrentRoute();
112 if ($route === '/import-status') {
113 // phpcs:disable PSR1.Files.SideEffects
114 define('PMA_MINIMUM_COMMON', true);
118 $containerBuilder = Core
::getContainerBuilder();
121 * Load gettext functions.
123 Loader
::loadFunctions();
125 /** @var ErrorHandler $error_handler */
126 $error_handler = $containerBuilder->get('error_handler');
129 * Warning about missing PHP extensions.
131 Core
::checkExtensions();
134 * Configure required PHP settings.
138 /* start procedural code label_start_procedural */
140 Core
::cleanupPathInfo();
142 /* parsing configuration file LABEL_parsing_config_file */
144 /** @var bool $isConfigLoading Indication for the error handler */
145 $isConfigLoading = false;
148 * Force reading of config file, because we removed sensitive values
149 * in the previous iteration.
151 * @var Config $PMA_Config
153 $PMA_Config = $containerBuilder->get('config');
155 register_shutdown_function([Config
::class, 'fatalErrorHandler']);
158 * include session handling after the globals, to prevent overwriting
160 if (! defined('PMA_NO_SESSION')) {
161 Session
::setUp($PMA_Config, $error_handler);
165 * init some variables LABEL_variables_init
169 * holds parameters to be passed to next page
171 * @global array $url_params
174 $containerBuilder->setParameter('url_params', $url_params);
176 Core
::setGotoAndBackGlobals($containerBuilder, $PMA_Config);
178 Core
::checkTokenRequestParam();
180 Core
::setDatabaseAndTableFromRequest($containerBuilder);
183 * SQL query to be executed
185 * @global string $sql_query
188 if (Core
::isValid($_POST['sql_query'])) {
189 $sql_query = $_POST['sql_query'];
191 $containerBuilder->setParameter('sql_query', $sql_query);
193 //$_REQUEST['set_theme'] // checked later in this file LABEL_theme_setup
194 //$_REQUEST['server']; // checked later in this file
195 //$_REQUEST['lang']; // checked by LABEL_loading_language_file
197 /* loading language file LABEL_loading_language_file */
200 * lang detection is done here
202 $language = LanguageManager
::getInstance()->selectLanguage();
203 $language->activate();
206 * check for errors occurred while loading configuration
207 * this check is done here after loading language files to present errors in locale
209 $PMA_Config->checkPermissions();
210 $PMA_Config->checkErrors();
212 /* Check server configuration */
213 Core
::checkConfiguration();
215 /* Check request for possible attacks */
216 Core
::checkRequest();
218 /* setup servers LABEL_setup_servers */
220 $PMA_Config->checkServers();
225 * @global integer $server
227 $server = $PMA_Config->selectServer();
228 $url_params['server'] = $server;
229 $containerBuilder->setParameter('server', $server);
230 $containerBuilder->setParameter('url_params', $url_params);
233 * BC - enable backward compatibility
234 * exports all configuration settings into globals ($cfg global)
236 $PMA_Config->enableBc();
238 /* setup themes LABEL_theme_setup */
240 $PMA_Theme = ThemeManager
::initializeTheme();
242 /** @var DatabaseInterface $dbi */
245 if (! defined('PMA_MINIMUM_COMMON')) {
247 * save some settings in cookies
249 * @todo should be done in PhpMyAdmin\Config
251 $PMA_Config->setCookie('pma_lang', (string) $lang);
253 ThemeManager
::getInstance()->setThemeCookie();
255 $dbi = DatabaseInterface
::load();
256 $containerBuilder->set(DatabaseInterface
::class, $dbi);
257 $containerBuilder->setAlias('dbi', DatabaseInterface
::class);
259 if (! empty($cfg['Server'])) {
260 $PMA_Config->getLoginCookieValidityFromCache($server);
262 $auth_plugin = Plugins
::getAuthPlugin();
263 $auth_plugin->authenticate();
265 Core
::connectToDatabaseServer($dbi, $auth_plugin);
267 $auth_plugin->rememberCredentials();
269 $auth_plugin->checkTwoFactor();
272 Logging
::logUser($cfg['Server']['user']);
274 if ($dbi->getVersion() < $cfg['MysqlMinVersion']['internal']) {
276 __('You should upgrade to %s %s or later.'),
279 $cfg['MysqlMinVersion']['human'],
284 // Sets the default delimiter (if specified).
285 if (! empty($_REQUEST['sql_delimiter'])) {
286 Lexer
::$DEFAULT_DELIMITER = $_REQUEST['sql_delimiter'];
289 // TODO: Set SQL modes too.
290 } else { // end server connecting
291 $response = Response
::getInstance();
292 $response->getHeader()->disableMenuAndConsole();
293 $response->getFooter()->setMinimal();
296 $response = Response
::getInstance();
298 Profiling
::check($dbi, $response);
301 * There is no point in even attempting to process
302 * an ajax request if there is a token mismatch
304 if ($response->isAjax() && $_SERVER['REQUEST_METHOD'] === 'POST' && $token_mismatch) {
305 $response->setRequestStatus(false);
308 Message
::error(__('Error: Token mismatch'))
313 $containerBuilder->set('response', Response
::getInstance());
316 // load user preferences
317 $PMA_Config->loadUserPreferences();
319 $containerBuilder->set('theme_manager', ThemeManager
::getInstance());
321 /* Tell tracker that it can actually work */
324 if (! defined('PMA_MINIMUM_COMMON')
326 && isset($cfg['ZeroConf'])
327 && $cfg['ZeroConf'] == true
329 $dbi->postConnectControl();