search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'origin/master'
[phpmyadmin.git] / index.php
blob64a808df61d7050f8b7f3a49f7b0d6d7dcfb50fe
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Main loader script
5 *
6 * @package PhpMyAdmin
7 */
8
9 /**
10 * Gets some core libraries and displays a top message if required
11 */
12 require_once 'libraries/common.inc.php';
13
14 /**
15 * display Git revision if requested
16 */
17 require_once 'libraries/display_git_revision.lib.php';
18
19 /**
20 * pass variables to child pages
21 */
22 $drops = array(
23 'lang',
24 'server',
25 'collation_connection',
26 'db',
27 'table'
28 );
29 foreach ($drops as $each_drop) {
30 if (array_key_exists($each_drop, $_GET)) {
31 unset($_GET[$each_drop]);
32 }
33 }
34 unset($drops, $each_drop);
35
36 // If we have a valid target, let's load that script instead
37 if (! empty($_REQUEST['target'])
38 && is_string($_REQUEST['target'])
39 && ! preg_match('/^index/', $_REQUEST['target'])
40 && in_array($_REQUEST['target'], $goto_whitelist)
41 ) {
42 include $_REQUEST['target'];
43 exit;
44 }
45
46 /**
47 * Check if it is an ajax request to reload the recent tables list.
48 */
49 require_once 'libraries/RecentTable.class.php';
50 if ($GLOBALS['is_ajax_request'] && ! empty($_REQUEST['recent_table'])) {
51 $response = PMA_Response::getInstance();
52 $response->addJSON(
53 'options',
54 PMA_RecentTable::getInstance()->getHtmlSelectOption()
55 );
56 exit;
57 }
58
59 if ($GLOBALS['PMA_Config']->isGitRevision()) {
60 if (isset($_REQUEST['git_revision']) && $GLOBALS['is_ajax_request'] == true) {
61 PMA_printGitRevision();
62 exit;
63 }
64 echo '<div id="is_git_revision"></div>';
65 }
66
67 // Handles some variables that may have been sent by the calling script
68 $GLOBALS['db'] = '';
69 $GLOBALS['table'] = '';
70 $show_query = '1';
71
72 // Any message to display?
73 if (! empty($message)) {
74 echo PMA_Util::getMessage($message);
75 unset($message);
76 }
77
78 $common_url_query = PMA_URL_getCommon('', '');
79
80 // when $server > 0, a server has been chosen so we can display
81 // all MySQL-related information
82 if ($server > 0) {
83 include 'libraries/server_common.inc.php';
84 include 'libraries/StorageEngine.class.php';
85
86 // Use the verbose name of the server instead of the hostname
87 // if a value is set
88 $server_info = '';
89 if (! empty($cfg['Server']['verbose'])) {
90 $server_info .= htmlspecialchars($cfg['Server']['verbose']);
91 if ($GLOBALS['cfg']['ShowServerInfo']) {
92 $server_info .= ' (';
93 }
94 }
95 if ($GLOBALS['cfg']['ShowServerInfo'] || empty($cfg['Server']['verbose'])) {
96 $server_info .= $GLOBALS['dbi']->getHostInfo();
97 }
98 if (! empty($cfg['Server']['verbose']) && $GLOBALS['cfg']['ShowServerInfo']) {
99 $server_info .= ')';
100 }
101 $mysql_cur_user_and_host = $GLOBALS['dbi']->fetchValue('SELECT USER();');
102
103 // should we add the port info here?
104 $short_server_info = (!empty($GLOBALS['cfg']['Server']['verbose'])
105 ? $GLOBALS['cfg']['Server']['verbose']
106 : $GLOBALS['cfg']['Server']['host']);
107 }
108
109 echo '<div id="maincontainer">' . "\n";
110 echo '<div id="main_pane_left">';
111 if ($server > 0 || count($cfg['Servers']) > 1
112 ) {
113 if ($cfg['DBG']['demo']) {
114 echo '<div class="group">';
115 echo '<h2>' . __('phpMyAdmin Demo Server') . '</h2>';
116 echo '<p style="margin: 0.5em 1em 0.5em 1em">';
117 printf(
118 __(
119 'You are using the demo server. You can do anything here, but '
120 . 'please do not change root, debian-sys-maint and pma users. '
121 . 'More information is available at %s.'
122 ),
123 '<a href="http://demo.phpmyadmin.net/">demo.phpmyadmin.net</a>'
124 );
125 echo '</p>';
126 echo '</div>';
127 }
128 echo '<div class="group">';
129 echo '<h2>' . __('General Settings') . '</h2>';
130 echo '<ul>';
131
132 /**
133 * Displays the MySQL servers choice form
134 */
135 if ($cfg['ServerDefault'] == 0
136 || (! $cfg['NavigationDisplayServers']
137 && (count($cfg['Servers']) > 1
138 || ($server == 0 && count($cfg['Servers']) == 1)
139 )
140 )
141 ) {
142 echo '<li id="li_select_server" class="no_bullets" >';
143 include_once 'libraries/select_server.lib.php';
144 echo PMA_Util::getImage('s_host.png') . " " . PMA_selectServer(true, true);
145 echo '</li>';
146 }
147
148 /**
149 * Displays the mysql server related links
150 */
151 if ($server > 0 && ! PMA_DRIZZLE) {
152 include_once 'libraries/check_user_privileges.lib.php';
153
154 // Logout for advanced authentication
155 if ($cfg['Server']['auth_type'] != 'config') {
156 if ($cfg['ShowChgPassword']) {
157 $conditional_class = 'ajax';
158 PMA_printListItem(
159 PMA_Util::getImage('s_passwd.png') . " " . __('Change password'),
160 'li_change_password',
161 'user_password.php?' . $common_url_query,
162 null,
163 null,
164 'change_password_anchor',
165 "no_bullets",
166 $conditional_class
167 );
168 }
169 } // end if
170 echo ' <li id="li_select_mysql_collation" class="no_bullets" >';
171 echo ' <form method="post" action="index.php">' . "\n"
172 . PMA_URL_getHiddenInputs(null, null, 4, 'collation_connection')
173 . ' <label for="select_collation_connection">' . "\n"
174 . ' '. PMA_Util::getImage('s_asci.png') . " "
175 . __('Server connection collation') . "\n"
176 // put the doc link in the form so that it appears on the same line
177 . PMA_Util::showMySQLDocu('Charset-connection')
178 . ': ' . "\n"
179 . ' </label>' . "\n"
180
181 . PMA_generateCharsetDropdownBox(
182 PMA_CSDROPDOWN_COLLATION,
183 'collation_connection',
184 'select_collation_connection',
185 $collation_connection,
186 true,
187 4,
188 true
189 )
190 . ' </form>' . "\n"
191 . ' </li>' . "\n";
192 } // end of if ($server > 0 && !PMA_DRIZZLE)
193 echo '</ul>';
194 echo '</div>';
195 }
196
197 echo '<div class="group">';
198 echo '<h2>' . __('Appearance Settings') . '</h2>';
199 echo ' <ul>';
200
201 // Displays language selection combo
202 if (empty($cfg['Lang']) && count($GLOBALS['available_languages']) > 1) {
203 echo '<li id="li_select_lang" class="no_bullets">';
204 include_once 'libraries/display_select_lang.lib.php';
205 echo PMA_Util::getImage('s_lang.png') . " " . PMA_getLanguageSelectorHtml();
206 echo '</li>';
207 }
208
209 // ThemeManager if available
210
211 if ($GLOBALS['cfg']['ThemeManager']) {
212 echo '<li id="li_select_theme" class="no_bullets">';
213 echo PMA_Util::getImage('s_theme.png') . " "
214 . $_SESSION['PMA_Theme_Manager']->getHtmlSelectBox();
215 echo '</li>';
216 }
217 echo '<li id="li_select_fontsize">';
218 echo PMA_Config::getFontsizeForm();
219 echo '</li>';
220
221 echo '</ul>';
222
223 // User preferences
224
225 if ($server > 0) {
226 echo '<ul>';
227 PMA_printListItem(
228 PMA_Util::getImage('b_tblops.png')." " .__('More settings'),
229 'li_user_preferences',
230 'prefs_manage.php?' . $common_url_query,
231 null,
232 null,
233 null,
234 "no_bullets"
235 );
236 echo '</ul>';
237 }
238
239 echo '</div>';
240
241
242 echo '</div>';
243 echo '<div id="main_pane_right">';
244
245
246 if ($server > 0 && $GLOBALS['cfg']['ShowServerInfo']) {
247
248 echo '<div class="group">';
249 echo '<h2>' . __('Database server') . '</h2>';
250 echo '<ul>' . "\n";
251 PMA_printListItem(
252 __('Server:') . ' ' . $server_info,
253 'li_server_info'
254 );
255 PMA_printListItem(
256 __('Server type:') . ' ' . PMA_Util::getServerType(),
257 'li_server_type'
258 );
259 PMA_printListItem(
260 __('Server version:') . ' ' . PMA_MYSQL_STR_VERSION . ' - ' . PMA_MYSQL_VERSION_COMMENT,
261 'li_server_version'
262 );
263 PMA_printListItem(
264 __('Protocol version:') . ' ' . $GLOBALS['dbi']->getProtoInfo(),
265 'li_mysql_proto'
266 );
267 PMA_printListItem(
268 __('User:') . ' ' . htmlspecialchars($mysql_cur_user_and_host),
269 'li_user_info'
270 );
271
272 echo ' <li id="li_select_mysql_charset">';
273 echo ' ' . __('Server charset:') . ' '
274 . ' <span lang="en" dir="ltr">'
275 . ' ' . $mysql_charsets_descriptions[$mysql_charset_map['utf-8']] . "\n"
276 . ' (' . $mysql_charset_map['utf-8'] . ')' . "\n"
277 . ' </span>' . "\n"
278 . ' </li>' . "\n";
279 echo ' </ul>';
280 echo ' </div>';
281 }
282
283 if ($GLOBALS['cfg']['ShowServerInfo'] || $GLOBALS['cfg']['ShowPhpInfo']) {
284 echo '<div class="group">';
285 echo '<h2>' . __('Web server') . '</h2>';
286 echo '<ul>';
287 if ($GLOBALS['cfg']['ShowServerInfo']) {
288 PMA_printListItem($_SERVER['SERVER_SOFTWARE'], 'li_web_server_software');
289
290 if ($server > 0) {
291 $client_version_str = $GLOBALS['dbi']->getClientInfo();
292 if (preg_match('#\d+\.\d+\.\d+#', $client_version_str)
293 && in_array($GLOBALS['cfg']['Server']['extension'], array('mysql', 'mysqli'))
294 ) {
295 $client_version_str = 'libmysql - ' . $client_version_str;
296 }
297 PMA_printListItem(
298 __('Database client version:') . ' ' . $client_version_str,
299 'li_mysql_client_version'
300 );
301
302 $php_ext_string = __('PHP extension:') . ' '
303 . $GLOBALS['cfg']['Server']['extension'] . ' '
304 . PMA_Util::showPHPDocu(
305 'book.' . $GLOBALS['cfg']['Server']['extension'] . '.php'
306 );
307 PMA_printListItem(
308 $php_ext_string,
309 'li_used_php_extension'
310 );
311 }
312 }
313
314 if ($cfg['ShowPhpInfo']) {
315 PMA_printListItem(
316 __('Show PHP information'),
317 'li_phpinfo',
318 'phpinfo.php?' . $common_url_query,
319 null,
320 '_blank'
321 );
322 }
323 echo ' </ul>';
324 echo ' </div>';
325 }
326
327 echo '<div class="group pmagroup">';
328 echo '<h2>phpMyAdmin</h2>';
329 echo '<ul>';
330 $class = null;
331 // We rely on CSP to allow access to http://www.phpmyadmin.net, but IE lacks
332 // support here and does not allow request to http once using https.
333 if ($GLOBALS['cfg']['VersionCheck']
334 && (! $GLOBALS['PMA_Config']->get('is_https') || PMA_USR_BROWSER_AGENT != 'IE')
335 ) {
336 $class = 'jsversioncheck';
337 }
338 PMA_printListItem(
339 __('Version information:') . ' ' . PMA_VERSION,
340 'li_pma_version',
341 null,
342 null,
343 null,
344 null,
345 $class
346 );
347 PMA_printListItem(
348 __('Documentation'),
349 'li_pma_docs',
350 PMA_Util::getDocuLink('index'),
351 null,
352 '_blank'
353 );
354 PMA_printListItem(
355 __('Wiki'),
356 'li_pma_wiki',
357 PMA_linkURL('http://wiki.phpmyadmin.net/'),
358 null,
359 '_blank'
360 );
361
362 // does not work if no target specified, don't know why
363 PMA_printListItem(
364 __('Official Homepage'),
365 'li_pma_homepage',
366 PMA_linkURL('http://www.phpMyAdmin.net/'),
367 null,
368 '_blank'
369 );
370 PMA_printListItem(
371 __('Contribute'),
372 'li_pma_contribute',
373 PMA_linkURL('http://www.phpmyadmin.net/home_page/improve.php'),
374 null,
375 '_blank'
376 );
377 PMA_printListItem(
378 __('Get support'),
379 'li_pma_support',
380 PMA_linkURL('http://www.phpmyadmin.net/home_page/support.php'),
381 null,
382 '_blank'
383 );
384 PMA_printListItem(
385 __('List of changes'),
386 'li_pma_changes',
387 PMA_linkURL('changelog.php'),
388 null,
389 '_blank'
390 );
391 ?>
392 </ul>
393 </div>
394
395 </div>
396
397 </div>
398
399 <?php
400 /**
401 * Warning if using the default MySQL privileged account
402 */
403 if ($server != 0
404 && $cfg['Server']['user'] == 'root'
405 && $cfg['Server']['password'] == ''
406 ) {
407 trigger_error(
408 __(
409 'Your configuration file contains settings (root with no password)'
410 . ' that correspond to the default MySQL privileged account.'
411 . ' Your MySQL server is running with this default, is open to'
412 . ' intrusion, and you really should fix this security hole by'
413 . ' setting a password for user \'root\'.'
414 ),
415 E_USER_WARNING
416 );
417 }
418
419 /**
420 * As we try to handle charsets by ourself, mbstring overloads just
421 * break it, see bug 1063821.
422 */
423 if (@extension_loaded('mbstring') && @ini_get('mbstring.func_overload') > 1) {
424 trigger_error(
425 __(
426 'You have enabled mbstring.func_overload in your PHP '
427 . 'configuration. This option is incompatible with phpMyAdmin '
428 . 'and might cause some data to be corrupted!'
429 ),
430 E_USER_WARNING
431 );
432 }
433
434 /**
435 * mbstring is used for handling multibyte inside parser, so it is good
436 * to tell user something might be broken without it, see bug #1063149.
437 */
438 if (! @extension_loaded('mbstring')) {
439 trigger_error(
440 __(
441 'The mbstring PHP extension was not found and you seem to be using'
442 . ' a multibyte charset. Without the mbstring extension phpMyAdmin'
443 . ' is unable to split strings correctly and it may result in'
444 . ' unexpected results.'
445 ),
446 E_USER_WARNING
447 );
448 }
449
450 /**
451 * Check whether session.gc_maxlifetime limits session validity.
452 */
453 $gc_time = (int)@ini_get('session.gc_maxlifetime');
454 if ($gc_time < $GLOBALS['cfg']['LoginCookieValidity'] ) {
455 trigger_error(
456 __('Your PHP parameter [a@http://php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime@_blank]session.gc_maxlifetime[/a] is lower than cookie validity configured in phpMyAdmin, because of this, your login will expire sooner than configured in phpMyAdmin.'),
457 E_USER_WARNING
458 );
459 }
460
461 /**
462 * Check whether LoginCookieValidity is limited by LoginCookieStore.
463 */
464 if ($GLOBALS['cfg']['LoginCookieStore'] != 0
465 && $GLOBALS['cfg']['LoginCookieStore'] < $GLOBALS['cfg']['LoginCookieValidity']
466 ) {
467 trigger_error(
468 __('Login cookie store is lower than cookie validity configured in phpMyAdmin, because of this, your login will expire sooner than configured in phpMyAdmin.'),
469 E_USER_WARNING
470 );
471 }
472
473 /**
474 * Check if user does not have defined blowfish secret and it is being used.
475 */
476 if (! empty($_SESSION['auto_blowfish_secret'])
477 && empty($GLOBALS['cfg']['blowfish_secret'])
478 ) {
479 trigger_error(
480 __('The configuration file now needs a secret passphrase (blowfish_secret).'),
481 E_USER_WARNING
482 );
483 }
484
485 /**
486 * Check for existence of config directory which should not exist in
487 * production environment.
488 */
489 if (file_exists('config')) {
490 trigger_error(
491 __('Directory [code]config[/code], which is used by the setup script, still exists in your phpMyAdmin directory. It is strongly recommended to remove it once phpMyAdmin has been configured. Otherwise the security of your server may be compromised by unauthorized people downloading your configuration.'),
492 E_USER_WARNING
493 );
494 }
495
496 if ($server > 0) {
497 $cfgRelation = PMA_getRelationsParam();
498 if (! $cfgRelation['allworks']
499 && $cfg['PmaNoRelation_DisableWarning'] == false
500 ) {
501 $msg = PMA_Message::notice(__('The phpMyAdmin configuration storage is not completely configured, some extended features have been deactivated. To find out why click %shere%s.'));
502 $msg->addParam(
503 '<a href="' . $cfg['PmaAbsoluteUri'] . 'chk_rel.php?' . $common_url_query . '">',
504 false
505 );
506 $msg->addParam('</a>', false);
507 /* Show error if user has configured something, notice elsewhere */
508 if (!empty($cfg['Servers'][$server]['pmadb'])) {
509 $msg->isError(true);
510 }
511 $msg->display();
512 } // end if
513 }
514
515 /**
516 * Warning about different MySQL library and server version
517 * (a difference on the third digit does not count).
518 * If someday there is a constant that we can check about mysqlnd,
519 * we can use it instead of strpos().
520 * If no default server is set, $GLOBALS['dbi'] is not defined yet.
521 * Drizzle can speak MySQL protocol, so don't warn about version mismatch for
522 * Drizzle servers.
523 */
524 if (isset($GLOBALS['dbi']) && !PMA_DRIZZLE) {
525 $_client_info = $GLOBALS['dbi']->getClientInfo();
526 if ($server > 0
527 && strpos($_client_info, 'mysqlnd') === false
528 && substr(PMA_MYSQL_CLIENT_API, 0, 3) != substr(PMA_MYSQL_INT_VERSION, 0, 3)
529 ) {
530 trigger_error(
531 PMA_sanitize(
532 sprintf(
533 __('Your PHP MySQL library version %s differs from your MySQL server version %s. This may cause unpredictable behavior.'),
534 $_client_info,
535 substr(
536 PMA_MYSQL_STR_VERSION,
537 0,
538 strpos(PMA_MYSQL_STR_VERSION . '-', '-')
539 )
540 )
541 ),
542 E_USER_NOTICE
543 );
544 }
545 unset($_client_info);
546 }
547
548 /**
549 * Warning about Suhosin only if its simulation mode is not enabled
550 */
551 if ($cfg['SuhosinDisableWarning'] == false
552 && @ini_get('suhosin.request.max_value_length')
553 && @ini_get('suhosin.simulation') == '0'
554 ) {
555 trigger_error(
556 sprintf(
557 __('Server running with Suhosin. Please refer to %sdocumentation%s for possible issues.'),
558 '[doc@faq1-38]',
559 '[/doc]'
560 ),
561 E_USER_WARNING
562 );
563 }
564
565 /**
566 * Warning about mcrypt.
567 */
568 if (! function_exists('mcrypt_encrypt')
569 && ! $GLOBALS['cfg']['McryptDisableWarning']
570 ) {
571 PMA_warnMissingExtension('mcrypt');
572 }
573
574 /**
575 * Warning about incomplete translations.
576 *
577 * The data file is created while creating release by ./scripts/remove-incomplete-mo
578 */
579 if (file_exists('libraries/language_stats.inc.php')) {
580 include 'libraries/language_stats.inc.php';
581 /*
582 * This message is intentionally not translated, because we're
583 * handling incomplete translations here and focus on english
584 * speaking users.
585 */
586 if (isset($GLOBALS['language_stats'][$lang])
587 && $GLOBALS['language_stats'][$lang] < $cfg['TranslationWarningThreshold']
588 ) {
589 trigger_error(
590 'You are using an incomplete translation, please help to make it better by [a@http://www.phpmyadmin.net/home_page/improve.php#translate@_blank]contributing[/a].',
591 E_USER_NOTICE
592 );
593 }
594 }
595
596 /**
597 * prints list item for main page
598 *
599 * @param string $name displayed text
600 * @param string $id id, used for css styles
601 * @param string $url make item as link with $url as target
602 * @param string $mysql_help_page display a link to MySQL's manual
603 * @param string $target special target for $url
604 * @param string $a_id id for the anchor,
605 * used for jQuery to hook in functions
606 * @param string $class class for the li element
607 * @param string $a_class class for the anchor element
608 *
609 * @return void
610 */
611 function PMA_printListItem($name, $id = null, $url = null,
612 $mysql_help_page = null, $target = null, $a_id = null, $class = null,
613 $a_class = null
614 ) {
615 echo '<li id="' . $id . '"';
616 if (null !== $class) {
617 echo ' class="' . $class . '"';
618 }
619 echo '>';
620 if (null !== $url) {
621 echo '<a href="' . $url . '"';
622 if (null !== $target) {
623 echo ' target="' . $target . '"';
624 }
625 if (null != $a_id) {
626 echo ' id="' . $a_id .'"';
627 }
628 if (null != $a_class) {
629 echo ' class="' . $a_class .'"';
630 }
631 echo '>';
632 }
633
634 echo $name;
635
636 if (null !== $url) {
637 echo '</a>' . "\n";
638 }
639 if (null !== $mysql_help_page) {
640 echo PMA_Util::showMySQLDocu($mysql_help_page);
641 }
642 echo '</li>';
643 }
644 ?>
phpMyAdmin