search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Refactored ConfigFile class so that it is no longer a singleton
[phpmyadmin.git] / index.php
blob61328fd68c7f61e76834a31f69ec2d9a27991c49
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Main loader script
5 *
6 * @package PhpMyAdmin
7 */
8
9 /**
10 * Gets some core libraries and displays a top message if required
11 */
12 require_once 'libraries/common.inc.php';
13
14 /**
15 * display Git revision if requested
16 */
17 require_once 'libraries/display_git_revision.lib.php';
18
19 /**
20 * pass variables to child pages
21 */
22 $drops = array(
23 'lang',
24 'server',
25 'collation_connection',
26 'db',
27 'table'
28 );
29 foreach ($drops as $each_drop) {
30 if (array_key_exists($each_drop, $_GET)) {
31 unset($_GET[$each_drop]);
32 }
33 }
34 unset($drops, $each_drop);
35
36 // If we have a valid target, let's load that script instead
37 if (! empty($_REQUEST['target'])
38 && is_string($_REQUEST['target'])
39 && ! preg_match('/^index/', $_REQUEST['target'])
40 && in_array($_REQUEST['target'], $goto_whitelist)
41 ) {
42 include $_REQUEST['target'];
43 exit;
44 }
45
46 /**
47 * Check if it is an ajax request to reload the recent tables list.
48 */
49 require_once 'libraries/RecentTable.class.php';
50 if ($GLOBALS['is_ajax_request'] && ! empty($_REQUEST['recent_table'])) {
51 $response = PMA_Response::getInstance();
52 $response->addJSON(
53 'options',
54 PMA_RecentTable::getInstance()->getHtmlSelectOption()
55 );
56 exit;
57 }
58
59 if ($GLOBALS['PMA_Config']->isGitRevision()) {
60 if (isset($_REQUEST['git_revision']) && $GLOBALS['is_ajax_request'] == true) {
61 PMA_printGitRevision();
62 exit;
63 }
64 echo '<div id="is_git_revision"></div>';
65 }
66
67 // Handles some variables that may have been sent by the calling script
68 $GLOBALS['db'] = '';
69 $GLOBALS['table'] = '';
70 $show_query = '1';
71
72 // Any message to display?
73 if (! empty($message)) {
74 echo PMA_Util::getMessage($message);
75 unset($message);
76 }
77
78 $common_url_query = PMA_URL_getCommon('', '');
79
80 // when $server > 0, a server has been chosen so we can display
81 // all MySQL-related information
82 if ($server > 0) {
83 include 'libraries/server_common.inc.php';
84 include 'libraries/StorageEngine.class.php';
85
86 // Use the verbose name of the server instead of the hostname
87 // if a value is set
88 $server_info = '';
89 if (! empty($cfg['Server']['verbose'])) {
90 $server_info .= htmlspecialchars($cfg['Server']['verbose']);
91 if ($GLOBALS['cfg']['ShowServerInfo']) {
92 $server_info .= ' (';
93 }
94 }
95 if ($GLOBALS['cfg']['ShowServerInfo'] || empty($cfg['Server']['verbose'])) {
96 $server_info .= $GLOBALS['dbi']->getHostInfo();
97 }
98 if (! empty($cfg['Server']['verbose']) && $GLOBALS['cfg']['ShowServerInfo']) {
99 $server_info .= ')';
100 }
101 $mysql_cur_user_and_host = $GLOBALS['dbi']->fetchValue('SELECT USER();');
102
103 // should we add the port info here?
104 $short_server_info = (!empty($GLOBALS['cfg']['Server']['verbose'])
105 ? $GLOBALS['cfg']['Server']['verbose']
106 : $GLOBALS['cfg']['Server']['host']);
107 }
108
109 echo '<div id="maincontainer">' . "\n";
110 echo '<div id="main_pane_left">';
111 if ($server > 0 || count($cfg['Servers']) > 1
112 ) {
113 if ($cfg['DBG']['demo']) {
114 echo '<div class="group">';
115 echo '<h2>' . __('phpMyAdmin Demo Server') . '</h2>';
116 echo '<p style="margin: 0.5em 1em 0.5em 1em">';
117 printf(
118 __(
119 'You are using the demo server. You can do anything here, but '
120 . 'please do not change root, debian-sys-maint and pma users. '
121 . 'More information is available at %s.'
122 ),
123 '<a href="http://demo.phpmyadmin.net/">demo.phpmyadmin.net</a>'
124 );
125 echo '</p>';
126 echo '</div>';
127 }
128 echo '<div class="group">';
129 echo '<h2>' . __('General Settings') . '</h2>';
130 echo '<ul>';
131
132 /**
133 * Displays the MySQL servers choice form
134 */
135 if ($cfg['ServerDefault'] == 0
136 || (! $cfg['NavigationDisplayServers']
137 && (count($cfg['Servers']) > 1
138 || ($server == 0 && count($cfg['Servers']) == 1)))
139 ) {
140 echo '<li id="li_select_server" class="no_bullets" >';
141 include_once 'libraries/select_server.lib.php';
142 echo PMA_Util::getImage('s_host.png') . " " . PMA_selectServer(true, true);
143 echo '</li>';
144 }
145
146 /**
147 * Displays the mysql server related links
148 */
149 if ($server > 0 && ! PMA_DRIZZLE) {
150 include_once 'libraries/check_user_privileges.lib.php';
151
152 // Logout for advanced authentication
153 if ($cfg['Server']['auth_type'] != 'config') {
154 if ($cfg['ShowChgPassword']) {
155 $conditional_class = 'ajax';
156 PMA_printListItem(
157 PMA_Util::getImage('s_passwd.png') . " " . __('Change password'),
158 'li_change_password',
159 'user_password.php?' . $common_url_query,
160 null,
161 null,
162 'change_password_anchor',
163 "no_bullets",
164 $conditional_class
165 );
166 }
167 } // end if
168 echo ' <li id="li_select_mysql_collation" class="no_bullets" >';
169 echo ' <form method="post" action="index.php">' . "\n"
170 . PMA_URL_getHiddenInputs(null, null, 4, 'collation_connection')
171 . ' <label for="select_collation_connection">' . "\n"
172 . ' '. PMA_Util::getImage('s_asci.png') . " "
173 . __('Server connection collation') . "\n"
174 // put the doc link in the form so that it appears on the same line
175 . PMA_Util::showMySQLDocu('Charset-connection')
176 . ': ' . "\n"
177 . ' </label>' . "\n"
178
179 . PMA_generateCharsetDropdownBox(
180 PMA_CSDROPDOWN_COLLATION,
181 'collation_connection',
182 'select_collation_connection',
183 $collation_connection,
184 true,
185 4,
186 true
187 )
188 . ' </form>' . "\n"
189 . ' </li>' . "\n";
190 } // end of if ($server > 0 && !PMA_DRIZZLE)
191 echo '</ul>';
192 echo '</div>';
193 }
194
195 echo '<div class="group">';
196 echo '<h2>' . __('Appearance Settings') . '</h2>';
197 echo ' <ul>';
198
199 // Displays language selection combo
200 if (empty($cfg['Lang']) && count($GLOBALS['available_languages']) > 1) {
201 echo '<li id="li_select_lang" class="no_bullets">';
202 include_once 'libraries/display_select_lang.lib.php';
203 echo PMA_Util::getImage('s_lang.png') . " " . PMA_getLanguageSelectorHtml();
204 echo '</li>';
205 }
206
207 // ThemeManager if available
208
209 if ($GLOBALS['cfg']['ThemeManager']) {
210 echo '<li id="li_select_theme" class="no_bullets">';
211 echo PMA_Util::getImage('s_theme.png') . " "
212 . $_SESSION['PMA_Theme_Manager']->getHtmlSelectBox();
213 echo '</li>';
214 }
215 echo '<li id="li_select_fontsize">';
216 echo PMA_Config::getFontsizeForm();
217 echo '</li>';
218
219 echo '</ul>';
220
221 // User preferences
222
223 if ($server > 0) {
224 echo '<ul>';
225 PMA_printListItem(
226 PMA_Util::getImage('b_tblops.png')." " .__('More settings'),
227 'li_user_preferences',
228 'prefs_manage.php?' . $common_url_query,
229 null,
230 null,
231 null,
232 "no_bullets"
233 );
234 echo '</ul>';
235 }
236
237 echo '</div>';
238
239
240 echo '</div>';
241 echo '<div id="main_pane_right">';
242
243
244 if ($server > 0 && $GLOBALS['cfg']['ShowServerInfo']) {
245
246 echo '<div class="group">';
247 echo '<h2>' . __('Database server') . '</h2>';
248 echo '<ul>' . "\n";
249 PMA_printListItem(
250 __('Server:') . ' ' . $server_info,
251 'li_server_info'
252 );
253 PMA_printListItem(
254 __('Server type:') . ' ' . PMA_Util::getServerType(),
255 'li_server_type'
256 );
257 PMA_printListItem(
258 __('Server version:')
259 . ' '
260 . PMA_MYSQL_STR_VERSION . ' - ' . PMA_MYSQL_VERSION_COMMENT,
261 'li_server_version'
262 );
263 PMA_printListItem(
264 __('Protocol version:') . ' ' . $GLOBALS['dbi']->getProtoInfo(),
265 'li_mysql_proto'
266 );
267 PMA_printListItem(
268 __('User:') . ' ' . htmlspecialchars($mysql_cur_user_and_host),
269 'li_user_info'
270 );
271
272 echo ' <li id="li_select_mysql_charset">';
273 echo ' ' . __('Server charset:') . ' '
274 . ' <span lang="en" dir="ltr">';
275 if (! PMA_DRIZZLE) {
276 echo ' ' . $mysql_charsets_descriptions[$mysql_charset_map['utf-8']];
277 }
278 echo ' (' . $mysql_charset_map['utf-8'] . ')'
279 . ' </span>'
280 . ' </li>'
281 . ' </ul>'
282 . ' </div>';
283 }
284
285 if ($GLOBALS['cfg']['ShowServerInfo'] || $GLOBALS['cfg']['ShowPhpInfo']) {
286 echo '<div class="group">';
287 echo '<h2>' . __('Web server') . '</h2>';
288 echo '<ul>';
289 if ($GLOBALS['cfg']['ShowServerInfo']) {
290 PMA_printListItem($_SERVER['SERVER_SOFTWARE'], 'li_web_server_software');
291
292 if ($server > 0) {
293 $client_version_str = $GLOBALS['dbi']->getClientInfo();
294 if (preg_match('#\d+\.\d+\.\d+#', $client_version_str)
295 && in_array(
296 $GLOBALS['cfg']['Server']['extension'],
297 array('mysql', 'mysqli')
298 )
299 ) {
300 $client_version_str = 'libmysql - ' . $client_version_str;
301 }
302 PMA_printListItem(
303 __('Database client version:') . ' ' . $client_version_str,
304 'li_mysql_client_version'
305 );
306
307 $php_ext_string = __('PHP extension:') . ' '
308 . $GLOBALS['cfg']['Server']['extension'] . ' '
309 . PMA_Util::showPHPDocu(
310 'book.' . $GLOBALS['cfg']['Server']['extension'] . '.php'
311 );
312 PMA_printListItem(
313 $php_ext_string,
314 'li_used_php_extension'
315 );
316 }
317 }
318
319 if ($cfg['ShowPhpInfo']) {
320 PMA_printListItem(
321 __('Show PHP information'),
322 'li_phpinfo',
323 'phpinfo.php?' . $common_url_query,
324 null,
325 '_blank'
326 );
327 }
328 echo ' </ul>';
329 echo ' </div>';
330 }
331
332 echo '<div class="group pmagroup">';
333 echo '<h2>phpMyAdmin</h2>';
334 echo '<ul>';
335 $class = null;
336 // We rely on CSP to allow access to http://www.phpmyadmin.net, but IE lacks
337 // support here and does not allow request to http once using https.
338 if ($GLOBALS['cfg']['VersionCheck']
339 && (! $GLOBALS['PMA_Config']->get('is_https') || PMA_USR_BROWSER_AGENT != 'IE')
340 ) {
341 $class = 'jsversioncheck';
342 }
343 PMA_printListItem(
344 __('Version information:') . ' ' . PMA_VERSION,
345 'li_pma_version',
346 null,
347 null,
348 null,
349 null,
350 $class
351 );
352 PMA_printListItem(
353 __('Documentation'),
354 'li_pma_docs',
355 PMA_Util::getDocuLink('index'),
356 null,
357 '_blank'
358 );
359 PMA_printListItem(
360 __('Wiki'),
361 'li_pma_wiki',
362 PMA_linkURL('http://wiki.phpmyadmin.net/'),
363 null,
364 '_blank'
365 );
366
367 // does not work if no target specified, don't know why
368 PMA_printListItem(
369 __('Official Homepage'),
370 'li_pma_homepage',
371 PMA_linkURL('http://www.phpMyAdmin.net/'),
372 null,
373 '_blank'
374 );
375 PMA_printListItem(
376 __('Contribute'),
377 'li_pma_contribute',
378 PMA_linkURL('http://www.phpmyadmin.net/home_page/improve.php'),
379 null,
380 '_blank'
381 );
382 PMA_printListItem(
383 __('Get support'),
384 'li_pma_support',
385 PMA_linkURL('http://www.phpmyadmin.net/home_page/support.php'),
386 null,
387 '_blank'
388 );
389 PMA_printListItem(
390 __('List of changes'),
391 'li_pma_changes',
392 PMA_linkURL('changelog.php'),
393 null,
394 '_blank'
395 );
396 echo ' </ul>';
397 echo ' </div>';
398
399 echo '</div>';
400
401 echo '</div>';
402
403 /**
404 * Warning if using the default MySQL privileged account
405 */
406 if ($server != 0
407 && $cfg['Server']['user'] == 'root'
408 && $cfg['Server']['password'] == ''
409 ) {
410 trigger_error(
411 __(
412 'Your configuration file contains settings (root with no password)'
413 . ' that correspond to the default MySQL privileged account.'
414 . ' Your MySQL server is running with this default, is open to'
415 . ' intrusion, and you really should fix this security hole by'
416 . ' setting a password for user \'root\'.'
417 ),
418 E_USER_WARNING
419 );
420 }
421
422 /**
423 * As we try to handle charsets by ourself, mbstring overloads just
424 * break it, see bug 1063821.
425 */
426 if (@extension_loaded('mbstring') && @ini_get('mbstring.func_overload') > 1) {
427 trigger_error(
428 __(
429 'You have enabled mbstring.func_overload in your PHP '
430 . 'configuration. This option is incompatible with phpMyAdmin '
431 . 'and might cause some data to be corrupted!'
432 ),
433 E_USER_WARNING
434 );
435 }
436
437 /**
438 * mbstring is used for handling multibyte inside parser, so it is good
439 * to tell user something might be broken without it, see bug #1063149.
440 */
441 if (! @extension_loaded('mbstring')) {
442 trigger_error(
443 __(
444 'The mbstring PHP extension was not found and you seem to be using'
445 . ' a multibyte charset. Without the mbstring extension phpMyAdmin'
446 . ' is unable to split strings correctly and it may result in'
447 . ' unexpected results.'
448 ),
449 E_USER_WARNING
450 );
451 }
452
453 /**
454 * Check whether session.gc_maxlifetime limits session validity.
455 */
456 $gc_time = (int)@ini_get('session.gc_maxlifetime');
457 if ($gc_time < $GLOBALS['cfg']['LoginCookieValidity'] ) {
458 trigger_error(
459 __('Your PHP parameter [a@http://php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime@_blank]session.gc_maxlifetime[/a] is lower than cookie validity configured in phpMyAdmin, because of this, your login will expire sooner than configured in phpMyAdmin.'),
460 E_USER_WARNING
461 );
462 }
463
464 /**
465 * Check whether LoginCookieValidity is limited by LoginCookieStore.
466 */
467 if ($GLOBALS['cfg']['LoginCookieStore'] != 0
468 && $GLOBALS['cfg']['LoginCookieStore'] < $GLOBALS['cfg']['LoginCookieValidity']
469 ) {
470 trigger_error(
471 __('Login cookie store is lower than cookie validity configured in phpMyAdmin, because of this, your login will expire sooner than configured in phpMyAdmin.'),
472 E_USER_WARNING
473 );
474 }
475
476 /**
477 * Check if user does not have defined blowfish secret and it is being used.
478 */
479 if (! empty($_SESSION['auto_blowfish_secret'])
480 && empty($GLOBALS['cfg']['blowfish_secret'])
481 ) {
482 trigger_error(
483 __('The configuration file now needs a secret passphrase (blowfish_secret).'),
484 E_USER_WARNING
485 );
486 }
487
488 /**
489 * Check for existence of config directory which should not exist in
490 * production environment.
491 */
492 if (file_exists('config')) {
493 trigger_error(
494 __('Directory [code]config[/code], which is used by the setup script, still exists in your phpMyAdmin directory. It is strongly recommended to remove it once phpMyAdmin has been configured. Otherwise the security of your server may be compromised by unauthorized people downloading your configuration.'),
495 E_USER_WARNING
496 );
497 }
498
499 if ($server > 0) {
500 $cfgRelation = PMA_getRelationsParam();
501 if (! $cfgRelation['allworks']
502 && $cfg['PmaNoRelation_DisableWarning'] == false
503 ) {
504 $msg = PMA_Message::notice(__('The phpMyAdmin configuration storage is not completely configured, some extended features have been deactivated. To find out why click %shere%s.'));
505 $msg->addParam(
506 '<a href="' . $cfg['PmaAbsoluteUri'] . 'chk_rel.php?'
507 . $common_url_query . '">',
508 false
509 );
510 $msg->addParam('</a>', false);
511 /* Show error if user has configured something, notice elsewhere */
512 if (!empty($cfg['Servers'][$server]['pmadb'])) {
513 $msg->isError(true);
514 }
515 $msg->display();
516 } // end if
517 }
518
519 /**
520 * Warning about different MySQL library and server version
521 * (a difference on the third digit does not count).
522 * If someday there is a constant that we can check about mysqlnd,
523 * we can use it instead of strpos().
524 * If no default server is set, $GLOBALS['dbi'] is not defined yet.
525 * Drizzle can speak MySQL protocol, so don't warn about version mismatch for
526 * Drizzle servers.
527 */
528 if (isset($GLOBALS['dbi'])
529 && !PMA_DRIZZLE
530 && $cfg['ServerLibraryDifference_DisableWarning'] == false
531 ) {
532 $_client_info = $GLOBALS['dbi']->getClientInfo();
533 if ($server > 0
534 && strpos($_client_info, 'mysqlnd') === false
535 && substr(PMA_MYSQL_CLIENT_API, 0, 3) != substr(PMA_MYSQL_INT_VERSION, 0, 3)
536 ) {
537 trigger_error(
538 PMA_sanitize(
539 sprintf(
540 __('Your PHP MySQL library version %s differs from your MySQL server version %s. This may cause unpredictable behavior.'),
541 $_client_info,
542 substr(
543 PMA_MYSQL_STR_VERSION,
544 0,
545 strpos(PMA_MYSQL_STR_VERSION . '-', '-')
546 )
547 )
548 ),
549 E_USER_NOTICE
550 );
551 }
552 unset($_client_info);
553 }
554
555 /**
556 * Warning about Suhosin only if its simulation mode is not enabled
557 */
558 if ($cfg['SuhosinDisableWarning'] == false
559 && @ini_get('suhosin.request.max_value_length')
560 && @ini_get('suhosin.simulation') == '0'
561 ) {
562 trigger_error(
563 sprintf(
564 __('Server running with Suhosin. Please refer to %sdocumentation%s for possible issues.'),
565 '[doc@faq1-38]',
566 '[/doc]'
567 ),
568 E_USER_WARNING
569 );
570 }
571
572 /**
573 * Warning about mcrypt.
574 */
575 if (! function_exists('mcrypt_encrypt')
576 && ! $GLOBALS['cfg']['McryptDisableWarning']
577 ) {
578 PMA_warnMissingExtension('mcrypt');
579 }
580
581 /**
582 * Warning about incomplete translations.
583 *
584 * The data file is created while creating release by ./scripts/remove-incomplete-mo
585 */
586 if (file_exists('libraries/language_stats.inc.php')) {
587 include 'libraries/language_stats.inc.php';
588 /*
589 * This message is intentionally not translated, because we're
590 * handling incomplete translations here and focus on english
591 * speaking users.
592 */
593 if (isset($GLOBALS['language_stats'][$lang])
594 && $GLOBALS['language_stats'][$lang] < $cfg['TranslationWarningThreshold']
595 ) {
596 trigger_error(
597 'You are using an incomplete translation, please help to make it '
598 . 'better by [a@http://www.phpmyadmin.net/home_page/improve.php'
599 . '#translate@_blank]contributing[/a].',
600 E_USER_NOTICE
601 );
602 }
603 }
604
605 /**
606 * prints list item for main page
607 *
608 * @param string $name displayed text
609 * @param string $id id, used for css styles
610 * @param string $url make item as link with $url as target
611 * @param string $mysql_help_page display a link to MySQL's manual
612 * @param string $target special target for $url
613 * @param string $a_id id for the anchor,
614 * used for jQuery to hook in functions
615 * @param string $class class for the li element
616 * @param string $a_class class for the anchor element
617 *
618 * @return void
619 */
620 function PMA_printListItem($name, $id = null, $url = null,
621 $mysql_help_page = null, $target = null, $a_id = null, $class = null,
622 $a_class = null
623 ) {
624 echo '<li id="' . $id . '"';
625 if (null !== $class) {
626 echo ' class="' . $class . '"';
627 }
628 echo '>';
629 if (null !== $url) {
630 echo '<a href="' . $url . '"';
631 if (null !== $target) {
632 echo ' target="' . $target . '"';
633 }
634 if (null != $a_id) {
635 echo ' id="' . $a_id .'"';
636 }
637 if (null != $a_class) {
638 echo ' class="' . $a_class .'"';
639 }
640 echo '>';
641 }
642
643 echo $name;
644
645 if (null !== $url) {
646 echo '</a>' . "\n";
647 }
648 if (null !== $mysql_help_page) {
649 echo PMA_Util::showMySQLDocu($mysql_help_page);
650 }
651 echo '</li>';
652 }
653 ?>
phpMyAdmin