3 * Misc stuff and REQUIRED by ALL the scripts.
4 * MUST be included by every script
6 * Among other things, it contains the advanced authentication work.
8 * Order of sections for common.inc.php:
10 * the authentication libraries must be before the connection to db
12 * ... so the required order is:
14 * LABEL_variables_init
15 * - initialize some variables always needed
16 * LABEL_parsing_config_file
17 * - parsing of the configuration file
18 * LABEL_loading_language_file
19 * - loading language file
21 * - check and setup configured servers
25 * - load of MySQL extension (if necessary)
26 * - loading of an authentication library
28 * - authentication work
31 declare(strict_types
=1);
33 use PhpMyAdmin\Config
;
35 use PhpMyAdmin\DatabaseInterface
;
36 use PhpMyAdmin\ErrorHandler
;
37 use PhpMyAdmin\LanguageManager
;
38 use PhpMyAdmin\Logging
;
39 use PhpMyAdmin\Message
;
40 use PhpMyAdmin\MoTranslator\Loader
;
41 use PhpMyAdmin\Plugins
;
42 use PhpMyAdmin\Profiling
;
43 use PhpMyAdmin\Response
;
44 use PhpMyAdmin\Routing
;
45 use PhpMyAdmin\Session
;
46 use PhpMyAdmin\SqlParser\Lexer
;
47 use PhpMyAdmin\ThemeManager
;
48 use PhpMyAdmin\Tracker
;
50 global $containerBuilder, $errorHandler, $config, $server, $dbi;
51 global $lang, $cfg, $isConfigLoading, $auth_plugin, $route, $theme;
52 global $urlParams, $goto, $back, $db, $table, $sql_query, $token_mismatch;
55 * block attempts to directly run this script
57 if (getcwd() == __DIR__
) {
58 die('Attack stopped');
62 * Minimum PHP version; can't call Core::fatalError() which uses a
63 * PHP 5 function, so cannot easily localize this message.
65 if (PHP_VERSION_ID
< 70205) {
67 '<p>PHP 7.2.5+ is required.</p>'
68 . '<p>Currently installed version is: ' . PHP_VERSION
. '</p>'
72 // phpcs:disable PSR1.Files.SideEffects
74 * for verification in all procedural scripts under libraries
76 define('PHPMYADMIN', true);
80 * Load vendor configuration.
82 require_once ROOT_PATH
. 'libraries/vendor_config.php';
87 if (! @is_readable
(AUTOLOAD_FILE
)) {
89 '<p>File <samp>' . AUTOLOAD_FILE
. '</samp> missing or not readable.</p>'
90 . '<p>Most likely you did not run Composer to '
91 . '<a href="https://docs.phpmyadmin.net/en/latest/setup.html#installing-from-git">'
92 . 'install library files</a>.</p>'
96 require_once AUTOLOAD_FILE
;
100 * Avoid referring to nonexistent files (causes warnings when open_basedir is used)
101 * This is defined to avoid the tcpdf code to search for a directory outside of open_basedir
102 * See: https://github.com/phpmyadmin/phpmyadmin/issues/16709
103 * This value if not used but is usefull, no header logic is used for PDF exports
105 if (! defined('K_PATH_IMAGES')) {
106 // phpcs:disable PSR1.Files.SideEffects
107 define('K_PATH_IMAGES', ROOT_PATH
);
111 $route = Routing
::getCurrentRoute();
113 if ($route === '/import-status') {
114 // phpcs:disable PSR1.Files.SideEffects
115 define('PMA_MINIMUM_COMMON', true);
119 $containerBuilder = Core
::getContainerBuilder();
122 * Load gettext functions.
124 Loader
::loadFunctions();
126 /** @var ErrorHandler $errorHandler */
127 $errorHandler = $containerBuilder->get('error_handler');
130 * Warning about missing PHP extensions.
132 Core
::checkExtensions();
135 * Configure required PHP settings.
139 /* start procedural code label_start_procedural */
141 Core
::cleanupPathInfo();
143 /* parsing configuration file LABEL_parsing_config_file */
145 /** @var bool $isConfigLoading Indication for the error handler */
146 $isConfigLoading = false;
149 * Force reading of config file, because we removed sensitive values
150 * in the previous iteration.
152 * @var Config $config
154 $config = $containerBuilder->get('config');
156 register_shutdown_function([Config
::class, 'fatalErrorHandler']);
159 * include session handling after the globals, to prevent overwriting
161 if (! defined('PMA_NO_SESSION')) {
162 Session
::setUp($config, $errorHandler);
166 * init some variables LABEL_variables_init
170 * holds parameters to be passed to next page
172 * @global array $urlParams
175 $containerBuilder->setParameter('url_params', $urlParams);
177 Core
::setGotoAndBackGlobals($containerBuilder, $config);
179 Core
::checkTokenRequestParam();
181 Core
::setDatabaseAndTableFromRequest($containerBuilder);
184 * SQL query to be executed
186 * @global string $sql_query
189 if (Core
::isValid($_POST['sql_query'])) {
190 $sql_query = $_POST['sql_query'];
193 $containerBuilder->setParameter('sql_query', $sql_query);
195 //$_REQUEST['set_theme'] // checked later in this file LABEL_theme_setup
196 //$_REQUEST['server']; // checked later in this file
197 //$_REQUEST['lang']; // checked by LABEL_loading_language_file
199 /* loading language file LABEL_loading_language_file */
202 * lang detection is done here
204 $language = LanguageManager
::getInstance()->selectLanguage();
205 $language->activate();
208 * check for errors occurred while loading configuration
209 * this check is done here after loading language files to present errors in locale
211 $config->checkPermissions();
212 $config->checkErrors();
214 /* Check server configuration */
215 Core
::checkConfiguration();
217 /* Check request for possible attacks */
218 Core
::checkRequest();
220 /* setup servers LABEL_setup_servers */
222 $config->checkServers();
227 * @global integer $server
229 $server = $config->selectServer();
230 $urlParams['server'] = $server;
231 $containerBuilder->setParameter('server', $server);
232 $containerBuilder->setParameter('url_params', $urlParams);
235 * BC - enable backward compatibility
236 * exports all configuration settings into globals ($cfg global)
240 /* setup themes LABEL_theme_setup */
242 $theme = ThemeManager
::initializeTheme();
244 /** @var DatabaseInterface $dbi */
247 if (defined('PMA_MINIMUM_COMMON')) {
248 $config->loadUserPreferences();
249 $containerBuilder->set('theme_manager', ThemeManager
::getInstance());
256 * save some settings in cookies
258 * @todo should be done in PhpMyAdmin\Config
260 $config->setCookie('pma_lang', (string) $lang);
262 ThemeManager
::getInstance()->setThemeCookie();
264 $dbi = DatabaseInterface
::load();
265 $containerBuilder->set(DatabaseInterface
::class, $dbi);
266 $containerBuilder->setAlias('dbi', DatabaseInterface
::class);
268 if (! empty($cfg['Server'])) {
269 $config->getLoginCookieValidityFromCache($server);
271 $auth_plugin = Plugins
::getAuthPlugin();
272 $auth_plugin->authenticate();
274 Core
::connectToDatabaseServer($dbi, $auth_plugin);
276 $auth_plugin->rememberCredentials();
278 $auth_plugin->checkTwoFactor();
281 Logging
::logUser($cfg['Server']['user']);
283 if ($dbi->getVersion() < $cfg['MysqlMinVersion']['internal']) {
285 __('You should upgrade to %s %s or later.'),
288 $cfg['MysqlMinVersion']['human'],
293 // Sets the default delimiter (if specified).
294 if (! empty($_REQUEST['sql_delimiter'])) {
295 Lexer
::$DEFAULT_DELIMITER = $_REQUEST['sql_delimiter'];
298 // TODO: Set SQL modes too.
299 } else { // end server connecting
300 $response = Response
::getInstance();
301 $response->getHeader()->disableMenuAndConsole();
302 $response->getFooter()->setMinimal();
305 $response = Response
::getInstance();
308 * There is no point in even attempting to process
309 * an ajax request if there is a token mismatch
311 if ($response->isAjax() && $_SERVER['REQUEST_METHOD'] === 'POST' && $token_mismatch) {
312 $response->setRequestStatus(false);
315 Message
::error(__('Error: Token mismatch'))
320 Profiling
::check($dbi, $response);
322 $containerBuilder->set('response', Response
::getInstance());
324 // load user preferences
325 $config->loadUserPreferences();
327 $containerBuilder->set('theme_manager', ThemeManager
::getInstance());
329 /* Tell tracker that it can actually work */
332 if (! empty($server) && isset($cfg['ZeroConf']) && $cfg['ZeroConf'] === true) {
333 $dbi->postConnectControl();