search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Translated using Weblate (Estonian)
[phpmyadmin.git] / libraries / common.inc.php
blob750151df74e3368aa0493a15ce0564ca0847c02d
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Misc stuff and REQUIRED by ALL the scripts.
5 * MUST be included by every script
6 *
7 * Among other things, it contains the advanced authentication work.
8 *
9 * Order of sections for common.inc.php:
10 *
11 * the authentication libraries must be before the connection to db
12 *
13 * ... so the required order is:
14 *
15 * LABEL_variables_init
16 * - initialize some variables always needed
17 * LABEL_parsing_config_file
18 * - parsing of the configuration file
19 * LABEL_loading_language_file
20 * - loading language file
21 * LABEL_setup_servers
22 * - check and setup configured servers
23 * LABEL_theme_setup
24 * - setting up themes
25 *
26 * - load of MySQL extension (if necessary)
27 * - loading of an authentication library
28 * - db connection
29 * - authentication work
30 *
31 * @package PhpMyAdmin
32 */
33
34 use PhpMyAdmin\Config;
35 use PhpMyAdmin\Core;
36 use PhpMyAdmin\DatabaseInterface;
37 use PhpMyAdmin\DbList;
38 use PhpMyAdmin\ErrorHandler;
39 use PhpMyAdmin\LanguageManager;
40 use PhpMyAdmin\Logging;
41 use PhpMyAdmin\Message;
42 use PhpMyAdmin\Plugins\AuthenticationPlugin;
43 use PhpMyAdmin\Relation;
44 use PhpMyAdmin\Response;
45 use PhpMyAdmin\Session;
46 use PhpMyAdmin\ThemeManager;
47 use PhpMyAdmin\Tracker;
48 use PhpMyAdmin\TypesMySQL;
49 use PhpMyAdmin\Util;
50
51 /**
52 * block attempts to directly run this script
53 */
54 if (getcwd() == dirname(__FILE__)) {
55 die('Attack stopped');
56 }
57
58 /**
59 * Minimum PHP version; can't call Core::fatalError() which uses a
60 * PHP 5 function, so cannot easily localize this message.
61 */
62 if (version_compare(PHP_VERSION, '5.5.0', 'lt')) {
63 die(
64 'PHP 5.5+ is required. <br /> Currently installed version is: '
65 . phpversion()
66 );
67 }
68
69 /**
70 * for verification in all procedural scripts under libraries
71 */
72 define('PHPMYADMIN', true);
73
74 /**
75 * Load vendor configuration.
76 */
77 require_once './libraries/vendor_config.php';
78
79 /**
80 * Load hash polyfill.
81 */
82 require_once './libraries/hash.lib.php';
83
84 /**
85 * Activate autoloader
86 */
87 if (! @is_readable(AUTOLOAD_FILE)) {
88 die(
89 'File <tt>' . AUTOLOAD_FILE . '</tt> missing or not readable. <br />'
90 . 'Most likely you did not run Composer to '
91 . '<a href="https://docs.phpmyadmin.net/en/latest/setup.html#installing-from-git">install library files</a>.'
92 );
93 }
94 require_once AUTOLOAD_FILE;
95
96 /**
97 * Load gettext functions.
98 */
99 PhpMyAdmin\MoTranslator\Loader::loadFunctions();
100
101 /**
102 * initialize the error handler
103 */
104 $GLOBALS['error_handler'] = new ErrorHandler();
105
106 /**
107 * Warning about missing PHP extensions.
108 */
109 Core::checkExtensions();
110
111 /**
112 * Configure required PHP settings.
113 */
114 Core::configure();
115
116 /******************************************************************************/
117 /* start procedural code label_start_procedural */
118
119 Core::cleanupPathInfo();
120
121 /**
122 * just to be sure there was no import (registering) before here
123 * we empty the global space (but avoid unsetting $variables_list
124 * and $key in the foreach (), we still need them!)
125 */
126 $variables_whitelist = array (
127 'GLOBALS',
128 '_SERVER',
129 '_GET',
130 '_POST',
131 '_REQUEST',
132 '_FILES',
133 '_ENV',
134 '_COOKIE',
135 '_SESSION',
136 'error_handler',
137 'PMA_PHP_SELF',
138 'variables_whitelist',
139 'key',
140 );
141
142 foreach (get_defined_vars() as $key => $value) {
143 if (! in_array($key, $variables_whitelist)) {
144 unset($$key);
145 }
146 }
147 unset($key, $value, $variables_whitelist);
148
149 /**
150 * Subforms - some functions need to be called by form, cause of the limited URL
151 * length, but if this functions inside another form you cannot just open a new
152 * form - so phpMyAdmin uses 'arrays' inside this form
153 *
154 * <code>
155 * <form ...>
156 * ... main form elements ...
157 * <input type="hidden" name="subform[action1][id]" value="1" />
158 * ... other subform data ...
159 * <input type="submit" name="usesubform[action1]" value="do action1" />
160 * ... other subforms ...
161 * <input type="hidden" name="subform[actionX][id]" value="X" />
162 * ... other subform data ...
163 * <input type="submit" name="usesubform[actionX]" value="do actionX" />
164 * ... main form elements ...
165 * <input type="submit" name="main_action" value="submit form" />
166 * </form>
167 * </code>
168 *
169 * so we now check if a subform is submitted
170 */
171 $__redirect = null;
172 if (isset($_POST['usesubform']) && ! defined('PMA_MINIMUM_COMMON')) {
173 // if a subform is present and should be used
174 // the rest of the form is deprecated
175 $subform_id = key($_POST['usesubform']);
176 $subform = $_POST['subform'][$subform_id];
177 $_POST = $subform;
178 $_REQUEST = $subform;
179 /**
180 * some subforms need another page than the main form, so we will just
181 * include this page at the end of this script - we use $__redirect to
182 * track this
183 */
184 if (isset($_POST['redirect'])
185 && $_POST['redirect'] != basename($PMA_PHP_SELF)
186 ) {
187 $__redirect = $_POST['redirect'];
188 unset($_POST['redirect']);
189 }
190 unset($subform_id, $subform);
191 } else {
192 // Note: here we overwrite $_REQUEST so that it does not contain cookies,
193 // because another application for the same domain could have set
194 // a cookie (with a compatible path) that overrides a variable
195 // we expect from GET or POST.
196 // We'll refer to cookies explicitly with the $_COOKIE syntax.
197 $_REQUEST = array_merge($_GET, $_POST);
198 }
199 // end check if a subform is submitted
200
201
202 /******************************************************************************/
203 /* parsing configuration file LABEL_parsing_config_file */
204
205 /**
206 * @global Config $GLOBALS['PMA_Config']
207 * force reading of config file, because we removed sensitive values
208 * in the previous iteration
209 */
210 $GLOBALS['PMA_Config'] = new Config(CONFIG_FILE);
211
212 /**
213 * BC - enable backward compatibility
214 * exports all configuration settings into $GLOBALS ($GLOBALS['cfg'])
215 */
216 $GLOBALS['PMA_Config']->enableBc();
217
218 /**
219 * clean cookies on upgrade
220 * when changing something related to PMA cookies, increment the cookie version
221 */
222 $pma_cookie_version = 5;
223 if (isset($_COOKIE)) {
224 if (! isset($_COOKIE['pmaCookieVer'])
225 || $_COOKIE['pmaCookieVer'] != $pma_cookie_version
226 ) {
227 // delete all cookies
228 foreach ($_COOKIE as $cookie_name => $tmp) {
229 // We ignore cookies not with pma prefix
230 if (strncmp('pma', $cookie_name, 3) != 0) {
231 continue;
232 }
233 $GLOBALS['PMA_Config']->removeCookie($cookie_name);
234 }
235 $_COOKIE = array();
236 $GLOBALS['PMA_Config']->setCookie('pmaCookieVer', $pma_cookie_version);
237 }
238 }
239
240 /**
241 * include session handling after the globals, to prevent overwriting
242 */
243 Session::setUp($GLOBALS['PMA_Config'], $GLOBALS['error_handler']);
244
245 /**
246 * init some variables LABEL_variables_init
247 */
248
249 /**
250 * holds parameters to be passed to next page
251 * @global array $GLOBALS['url_params']
252 */
253 $GLOBALS['url_params'] = array();
254
255 /**
256 * the whitelist for $GLOBALS['goto']
257 * @global array $goto_whitelist
258 */
259 $goto_whitelist = array(
260 'db_datadict.php',
261 'db_sql.php',
262 'db_events.php',
263 'db_export.php',
264 'db_importdocsql.php',
265 'db_multi_table_query.php',
266 'db_structure.php',
267 'db_import.php',
268 'db_operations.php',
269 'db_search.php',
270 'db_routines.php',
271 'export.php',
272 'import.php',
273 'index.php',
274 'pdf_pages.php',
275 'pdf_schema.php',
276 'server_binlog.php',
277 'server_collations.php',
278 'server_databases.php',
279 'server_engines.php',
280 'server_export.php',
281 'server_import.php',
282 'server_privileges.php',
283 'server_sql.php',
284 'server_status.php',
285 'server_status_advisor.php',
286 'server_status_monitor.php',
287 'server_status_queries.php',
288 'server_status_variables.php',
289 'server_variables.php',
290 'sql.php',
291 'tbl_addfield.php',
292 'tbl_change.php',
293 'tbl_create.php',
294 'tbl_import.php',
295 'tbl_indexes.php',
296 'tbl_sql.php',
297 'tbl_export.php',
298 'tbl_operations.php',
299 'tbl_structure.php',
300 'tbl_relation.php',
301 'tbl_replace.php',
302 'tbl_row_action.php',
303 'tbl_select.php',
304 'tbl_zoom_select.php',
305 'transformation_overview.php',
306 'transformation_wrapper.php',
307 'user_password.php',
308 );
309
310 /**
311 * check $__redirect against whitelist
312 */
313 if (! Core::checkPageValidity($__redirect, $goto_whitelist)) {
314 $__redirect = null;
315 }
316
317 /**
318 * holds page that should be displayed
319 * @global string $GLOBALS['goto']
320 */
321 $GLOBALS['goto'] = '';
322 // Security fix: disallow accessing serious server files via "?goto="
323 if (Core::checkPageValidity($_REQUEST['goto'], $goto_whitelist)) {
324 $GLOBALS['goto'] = $_REQUEST['goto'];
325 $GLOBALS['url_params']['goto'] = $_REQUEST['goto'];
326 } else {
327 unset($_REQUEST['goto'], $_GET['goto'], $_POST['goto'], $_COOKIE['goto']);
328 }
329
330 /**
331 * returning page
332 * @global string $GLOBALS['back']
333 */
334 if (Core::checkPageValidity($_REQUEST['back'], $goto_whitelist)) {
335 $GLOBALS['back'] = $_REQUEST['back'];
336 } else {
337 unset($_REQUEST['back'], $_GET['back'], $_POST['back'], $_COOKIE['back']);
338 }
339
340 /**
341 * Check whether user supplied token is valid, if not remove any possibly
342 * dangerous stuff from request.
343 *
344 * remember that some objects in the session with session_start and __wakeup()
345 * could access this variables before we reach this point
346 * f.e. PhpMyAdmin\Config: fontsize
347 *
348 * Check for token mismatch only if the Request method is POST
349 * GET Requests would never have token and therefore checking
350 * mis-match does not make sense
351 *
352 * @todo variables should be handled by their respective owners (objects)
353 * f.e. lang, server, collation_connection in PhpMyAdmin\Config
354 */
355
356 $token_mismatch = true;
357 $token_provided = false;
358
359 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
360 if (Core::isValid($_POST['token'])) {
361 $token_provided = true;
362 $token_mismatch = ! @hash_equals($_SESSION[' PMA_token '], $_POST['token']);
363 }
364
365 if ($token_mismatch) {
366 /**
367 * We don't allow any POST operation parameters if the token is mismatched
368 * or is not provided
369 */
370 $whitelist = array('ajax_request');
371 PhpMyAdmin\Sanitize::removeRequestVars($whitelist);
372 }
373 }
374
375
376 /**
377 * current selected database
378 * @global string $GLOBALS['db']
379 */
380 Core::setGlobalDbOrTable('db');
381
382 /**
383 * current selected table
384 * @global string $GLOBALS['table']
385 */
386 Core::setGlobalDbOrTable('table');
387
388 /**
389 * Store currently selected recent table.
390 * Affect $GLOBALS['db'] and $GLOBALS['table']
391 */
392 if (Core::isValid($_REQUEST['selected_recent_table'])) {
393 $recent_table = json_decode($_REQUEST['selected_recent_table'], true);
394
395 $GLOBALS['db']
396 = (array_key_exists('db', $recent_table) && is_string($recent_table['db'])) ?
397 $recent_table['db'] : '';
398 $GLOBALS['url_params']['db'] = $GLOBALS['db'];
399
400 $GLOBALS['table']
401 = (array_key_exists('table', $recent_table) && is_string($recent_table['table'])) ?
402 $recent_table['table'] : '';
403 $GLOBALS['url_params']['table'] = $GLOBALS['table'];
404 }
405
406 /**
407 * SQL query to be executed
408 * @global string $GLOBALS['sql_query']
409 */
410 $GLOBALS['sql_query'] = '';
411 if (Core::isValid($_REQUEST['sql_query'])) {
412 $GLOBALS['sql_query'] = $_REQUEST['sql_query'];
413 }
414
415 //$_REQUEST['set_theme'] // checked later in this file LABEL_theme_setup
416 //$_REQUEST['server']; // checked later in this file
417 //$_REQUEST['lang']; // checked by LABEL_loading_language_file
418
419 /******************************************************************************/
420 /* loading language file LABEL_loading_language_file */
421
422 /**
423 * lang detection is done here
424 */
425 $language = LanguageManager::getInstance()->selectLanguage();
426 $language->activate();
427
428 // Defines the cell alignment values depending on text direction
429 if ($GLOBALS['text_dir'] == 'ltr') {
430 $GLOBALS['cell_align_left'] = 'left';
431 $GLOBALS['cell_align_right'] = 'right';
432 } else {
433 $GLOBALS['cell_align_left'] = 'right';
434 $GLOBALS['cell_align_right'] = 'left';
435 }
436
437 /**
438 * check for errors occurred while loading configuration
439 * this check is done here after loading language files to present errors in locale
440 */
441 $GLOBALS['PMA_Config']->checkPermissions();
442 $GLOBALS['PMA_Config']->checkErrors();
443
444 Core::checkConfiguration();
445
446 /******************************************************************************/
447 /* setup servers LABEL_setup_servers */
448
449 /**
450 * current server
451 * @global integer $GLOBALS['server']
452 */
453 $GLOBALS['server'] = 0;
454
455 /**
456 * Servers array fixups.
457 * $default_server comes from PhpMyAdmin\Config::enableBc()
458 * @todo merge into PhpMyAdmin\Config
459 */
460 // Do we have some server?
461 if (! isset($cfg['Servers']) || count($cfg['Servers']) == 0) {
462 // No server => create one with defaults
463 $cfg['Servers'] = array(1 => $default_server);
464 } else {
465 // We have server(s) => apply default configuration
466 $new_servers = array();
467
468 foreach ($cfg['Servers'] as $server_index => $each_server) {
469
470 // Detect wrong configuration
471 if (!is_int($server_index) || $server_index < 1) {
472 trigger_error(
473 sprintf(__('Invalid server index: %s'), $server_index),
474 E_USER_ERROR
475 );
476 }
477
478 $each_server = array_merge($default_server, $each_server);
479
480 // Final solution to bug #582890
481 // If we are using a socket connection
482 // and there is nothing in the verbose server name
483 // or the host field, then generate a name for the server
484 // in the form of "Server 2", localized of course!
485 if (empty($each_server['host']) && empty($each_server['verbose'])) {
486 $each_server['verbose'] = sprintf(__('Server %d'), $server_index);
487 }
488
489 $new_servers[$server_index] = $each_server;
490 }
491 $cfg['Servers'] = $new_servers;
492 unset($new_servers, $server_index, $each_server);
493 }
494
495 // Cleanup
496 unset($default_server);
497
498
499 if (! defined('PMA_MINIMUM_COMMON')) {
500 /**
501 * Lookup server by name
502 * (see FAQ 4.8)
503 */
504 if (! empty($_REQUEST['server'])
505 && is_string($_REQUEST['server'])
506 && ! is_numeric($_REQUEST['server'])
507 ) {
508 foreach ($cfg['Servers'] as $i => $server) {
509 $verboseToLower = mb_strtolower($server['verbose']);
510 $serverToLower = mb_strtolower($_REQUEST['server']);
511 if ($server['host'] == $_REQUEST['server']
512 || $server['verbose'] == $_REQUEST['server']
513 || $verboseToLower == $serverToLower
514 || md5($verboseToLower) === $serverToLower
515 ) {
516 $_REQUEST['server'] = $i;
517 break;
518 }
519 }
520 if (is_string($_REQUEST['server'])) {
521 unset($_REQUEST['server']);
522 }
523 unset($i);
524 }
525 }
526
527 /**
528 * If no server is selected, make sure that $cfg['Server'] is empty (so
529 * that nothing will work), and skip server authentication.
530 * We do NOT exit here, but continue on without logging into any server.
531 * This way, the welcome page will still come up (with no server info) and
532 * present a choice of servers in the case that there are multiple servers
533 * and '$cfg['ServerDefault'] = 0' is set.
534 */
535
536 if (isset($_REQUEST['server'])
537 && (is_string($_REQUEST['server']) || is_numeric($_REQUEST['server']))
538 && ! empty($_REQUEST['server'])
539 && ! empty($cfg['Servers'][$_REQUEST['server']])
540 ) {
541 $GLOBALS['server'] = $_REQUEST['server'];
542 $cfg['Server'] = $cfg['Servers'][$GLOBALS['server']];
543 } else {
544 if (!empty($cfg['Servers'][$cfg['ServerDefault']])) {
545 $GLOBALS['server'] = $cfg['ServerDefault'];
546 $cfg['Server'] = $cfg['Servers'][$GLOBALS['server']];
547 } else {
548 $GLOBALS['server'] = 0;
549 $cfg['Server'] = array();
550 }
551 }
552 $GLOBALS['url_params']['server'] = $GLOBALS['server'];
553
554 /******************************************************************************/
555 /* setup themes LABEL_theme_setup */
556
557 ThemeManager::initializeTheme();
558
559 if (! defined('PMA_MINIMUM_COMMON')) {
560 /**
561 * save some settings in cookies
562 * @todo should be done in PhpMyAdmin\Config
563 */
564 $GLOBALS['PMA_Config']->setCookie('pma_lang', $GLOBALS['lang']);
565 if (isset($GLOBALS['collation_connection'])) {
566 $GLOBALS['PMA_Config']->setCookie(
567 'pma_collation_connection',
568 $GLOBALS['collation_connection']
569 );
570 }
571
572 ThemeManager::getInstance()->setThemeCookie();
573
574 if (! empty($cfg['Server'])) {
575
576 /**
577 * Loads the proper database interface for this server
578 */
579 DatabaseInterface::load();
580
581 // get LoginCookieValidity from preferences cache
582 // no generic solution for loading preferences from cache as some settings
583 // need to be kept for processing in
584 // PhpMyAdmin\Config::loadUserPreferences()
585 $cache_key = 'server_' . $GLOBALS['server'];
586 if (isset($_SESSION['cache'][$cache_key]['userprefs']['LoginCookieValidity'])
587 ) {
588 $value
589 = $_SESSION['cache'][$cache_key]['userprefs']['LoginCookieValidity'];
590 $GLOBALS['PMA_Config']->set('LoginCookieValidity', $value);
591 $GLOBALS['cfg']['LoginCookieValidity'] = $value;
592 unset($value);
593 }
594 unset($cache_key);
595
596 // Gets the authentication library that fits the $cfg['Server'] settings
597 // and run authentication
598
599 // to allow HTTP or http
600 $cfg['Server']['auth_type']
601 = mb_strtolower($cfg['Server']['auth_type']);
602
603 /**
604 * the required auth type plugin
605 */
606 $auth_class = "Authentication" . ucfirst($cfg['Server']['auth_type']);
607 if (! @file_exists(
608 './libraries/classes/Plugins/Auth/'
609 . $auth_class . '.php'
610 )) {
611 Core::fatalError(
612 __('Invalid authentication method set in configuration:')
613 . ' ' . $cfg['Server']['auth_type']
614 );
615 }
616 if (isset($_REQUEST['pma_password']) && strlen($_REQUEST['pma_password']) > 256) {
617 $_REQUEST['pma_password'] = substr($_REQUEST['pma_password'], 0, 256);
618 }
619 $fqnAuthClass = 'PhpMyAdmin\Plugins\Auth\\' . $auth_class;
620 // todo: add plugin manager
621 $plugin_manager = null;
622 /** @var AuthenticationPlugin $auth_plugin */
623 $auth_plugin = new $fqnAuthClass($plugin_manager);
624
625 if (! $auth_plugin->authCheck()) {
626 /* Force generating of new session on login */
627 Session::secure();
628 $auth_plugin->auth();
629 } else {
630 $auth_plugin->authSetUser();
631 }
632
633 // Check IP-based Allow/Deny rules as soon as possible to reject the
634 // user based on mod_access in Apache
635 if (isset($cfg['Server']['AllowDeny'])
636 && isset($cfg['Server']['AllowDeny']['order'])
637 ) {
638
639 /**
640 * ip based access library
641 */
642 include_once './libraries/ip_allow_deny.lib.php';
643
644 $allowDeny_forbidden = false; // default
645 if ($cfg['Server']['AllowDeny']['order'] == 'allow,deny') {
646 $allowDeny_forbidden = true;
647 if (PMA_allowDeny('allow')) {
648 $allowDeny_forbidden = false;
649 }
650 if (PMA_allowDeny('deny')) {
651 $allowDeny_forbidden = true;
652 }
653 } elseif ($cfg['Server']['AllowDeny']['order'] == 'deny,allow') {
654 if (PMA_allowDeny('deny')) {
655 $allowDeny_forbidden = true;
656 }
657 if (PMA_allowDeny('allow')) {
658 $allowDeny_forbidden = false;
659 }
660 } elseif ($cfg['Server']['AllowDeny']['order'] == 'explicit') {
661 if (PMA_allowDeny('allow') && ! PMA_allowDeny('deny')) {
662 $allowDeny_forbidden = false;
663 } else {
664 $allowDeny_forbidden = true;
665 }
666 } // end if ... elseif ... elseif
667
668 // Ejects the user if banished
669 if ($allowDeny_forbidden) {
670 Logging::logUser($cfg['Server']['user'], 'allow-denied');
671 $auth_plugin->authFails();
672 }
673 } // end if
674
675 // is root allowed?
676 if (! $cfg['Server']['AllowRoot'] && $cfg['Server']['user'] == 'root') {
677 $allowDeny_forbidden = true;
678 Logging::logUser($cfg['Server']['user'], 'root-denied');
679 $auth_plugin->authFails();
680 }
681
682 // is a login without password allowed?
683 if (! $cfg['Server']['AllowNoPassword']
684 && $cfg['Server']['password'] === ''
685 ) {
686 $login_without_password_is_forbidden = true;
687 Logging::logUser($cfg['Server']['user'], 'empty-denied');
688 $auth_plugin->authFails();
689 }
690
691 // Try to connect MySQL with the control user profile (will be used to
692 // get the privileges list for the current user but the true user link
693 // must be open after this one so it would be default one for all the
694 // scripts)
695 $controllink = false;
696 if ($cfg['Server']['controluser'] != '') {
697 $controllink = $GLOBALS['dbi']->connect(
698 DatabaseInterface::CONNECT_CONTROL
699 );
700 }
701
702 // Connects to the server (validates user's login)
703 /** @var DatabaseInterface $userlink */
704 $userlink = $GLOBALS['dbi']->connect(DatabaseInterface::CONNECT_USER);
705
706 if ($userlink === false) {
707 Logging::logUser($cfg['Server']['user'], 'mysql-denied');
708 $GLOBALS['auth_plugin']->authFails();
709 }
710
711 // Set timestamp for the session, if required.
712 if ($cfg['Server']['SessionTimeZone'] != '') {
713 $sql_query_tz = 'SET ' . Util::backquote('time_zone') . ' = '
714 . '\''
715 . $GLOBALS['dbi']->escapeString($cfg['Server']['SessionTimeZone'])
716 . '\'';
717
718 if (! $userlink->query($sql_query_tz)) {
719 $error_message_tz = sprintf(
720 __(
721 'Unable to use timezone %1$s for server %2$d. '
722 . 'Please check your configuration setting for '
723 . '[em]$cfg[\'Servers\'][%3$d][\'SessionTimeZone\'][/em]. '
724 . 'phpMyAdmin is currently using the default time zone '
725 . 'of the database server.'
726 ),
727 $cfg['Servers'][$GLOBALS['server']]['SessionTimeZone'],
728 $GLOBALS['server'],
729 $GLOBALS['server']
730 );
731
732 $GLOBALS['error_handler']->addError(
733 $error_message_tz,
734 E_USER_WARNING,
735 '',
736 '',
737 false
738 );
739 }
740 }
741
742 if (! $controllink) {
743 /*
744 * Open separate connection for control queries, this is needed
745 * to avoid problems with table locking used in main connection
746 * and phpMyAdmin issuing queries to configuration storage, which
747 * is not locked by that time.
748 */
749 $controllink = $GLOBALS['dbi']->connect(DatabaseInterface::CONNECT_USER);
750 }
751
752 $auth_plugin->storeUserCredentials();
753
754 /* Log success */
755 Logging::logUser($cfg['Server']['user']);
756
757 if ($GLOBALS['dbi']->getVersion() < $cfg['MysqlMinVersion']['internal']) {
758 Core::fatalError(
759 __('You should upgrade to %s %s or later.'),
760 array('MySQL', $cfg['MysqlMinVersion']['human'])
761 );
762 }
763
764 /**
765 * Type handling object.
766 */
767 $GLOBALS['PMA_Types'] = new TypesMySQL();
768
769 // Loads closest context to this version.
770 PhpMyAdmin\SqlParser\Context::loadClosest(
771 ($GLOBALS['dbi']->isMariaDB() ? 'MariaDb' : 'MySql') . $GLOBALS['dbi']->getVersion()
772 );
773
774 // Sets the default delimiter (if specified).
775 if (!empty($_REQUEST['sql_delimiter'])) {
776 PhpMyAdmin\SqlParser\Lexer::$DEFAULT_DELIMITER = $_REQUEST['sql_delimiter'];
777 }
778
779 // TODO: Set SQL modes too.
780
781 /**
782 * the DbList class as a stub for the ListDatabase class
783 */
784 $dblist = new DbList;
785 $dblist->userlink = $userlink;
786 $dblist->controllink = $controllink;
787
788 /**
789 * some resetting has to be done when switching servers
790 */
791 if (isset($_SESSION['tmpval']['previous_server'])
792 && $_SESSION['tmpval']['previous_server'] != $GLOBALS['server']
793 ) {
794 unset($_SESSION['tmpval']['navi_limit_offset']);
795 }
796 $_SESSION['tmpval']['previous_server'] = $GLOBALS['server'];
797
798 } else { // end server connecting
799 // No need to check for 'PMA_BYPASS_GET_INSTANCE' since this execution path
800 // applies only to initial login
801 $response = Response::getInstance();
802 $response->getHeader()->disableMenuAndConsole();
803 $response->getFooter()->setMinimal();
804 }
805
806 /**
807 * check if profiling was requested and remember it
808 * (note: when $cfg['ServerDefault'] = 0, constant is not defined)
809 */
810 if (isset($_REQUEST['profiling'])
811 && Util::profilingSupported()
812 ) {
813 $_SESSION['profiling'] = true;
814 } elseif (isset($_REQUEST['profiling_form'])) {
815 // the checkbox was unchecked
816 unset($_SESSION['profiling']);
817 }
818
819 // load user preferences
820 $GLOBALS['PMA_Config']->loadUserPreferences();
821
822 /**
823 * Inclusion of profiling scripts is needed on various
824 * pages like sql, tbl_sql, db_sql, tbl_select
825 */
826 if (! defined('PMA_BYPASS_GET_INSTANCE')) {
827 $response = Response::getInstance();
828 }
829 if (isset($response) && isset($_SESSION['profiling'])) {
830 $header = $response->getHeader();
831 $scripts = $header->getScripts();
832 $scripts->addFile('chart.js');
833 $scripts->addFile('vendor/jqplot/jquery.jqplot.js');
834 $scripts->addFile('vendor/jqplot/plugins/jqplot.pieRenderer.js');
835 $scripts->addFile('vendor/jqplot/plugins/jqplot.highlighter.js');
836 $scripts->addFile('vendor/jquery/jquery.tablesorter.js');
837 }
838
839 /*
840 * There is no point in even attempting to process
841 * an ajax request if there is a token mismatch
842 */
843 if (isset($response) && $response->isAjax() && $_SERVER['REQUEST_METHOD'] == 'POST' && $token_mismatch) {
844 $response->setRequestStatus(false);
845 $response->addJSON(
846 'message',
847 Message::error(__('Error: Token mismatch'))
848 );
849 exit;
850 }
851 } else { // end if !defined('PMA_MINIMUM_COMMON')
852 // load user preferences
853 $GLOBALS['PMA_Config']->loadUserPreferences();
854 }
855
856 /* Tell tracker that it can actually work */
857 Tracker::enable();
858
859 if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
860 Core::fatalError(__("GLOBALS overwrite attempt"));
861 }
862
863 /**
864 * protect against possible exploits - there is no need to have so much variables
865 */
866 if (count($_REQUEST) > 1000) {
867 Core::fatalError(__('possible exploit'));
868 }
869
870 // here, the function does not exist with this configuration:
871 // $cfg['ServerDefault'] = 0;
872 $GLOBALS['is_superuser']
873 = isset($GLOBALS['dbi']) && $GLOBALS['dbi']->isSuperuser();
874
875 if (!empty($__redirect) && in_array($__redirect, $goto_whitelist)) {
876 /**
877 * include subform target page
878 */
879 include $__redirect;
880 exit();
881 }
882
883 // If Zero configuration mode enabled, check PMA tables in current db.
884 if (! defined('PMA_MINIMUM_COMMON')
885 && ! empty($GLOBALS['server'])
886 && isset($GLOBALS['cfg']['ZeroConf'])
887 && $GLOBALS['cfg']['ZeroConf'] == true
888 ) {
889 if (! empty($GLOBALS['db'])) {
890 $cfgRelation = Relation::getRelationsParam();
891 if (empty($cfgRelation['db'])) {
892 Relation::fixPmaTables($GLOBALS['db'], false);
893 }
894 }
895 $cfgRelation = Relation::getRelationsParam();
896 if (empty($cfgRelation['db'])) {
897 if ($GLOBALS['dblist']->databases->exists('phpmyadmin')) {
898 Relation::fixPmaTables('phpmyadmin', false);
899 }
900 }
901 }
phpMyAdmin