Merge remote-tracking branch 'origin/master'
[phpmyadmin.git] / index.php
blob4bbedf2839163f830f6a10543d4d03e6817d2562
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Main loader script
6 * @package PhpMyAdmin
7 */
9 /**
10 * Gets some core libraries and displays a top message if required
12 require_once 'libraries/common.inc.php';
14 /**
15 * display Git revision if requested
17 require_once 'libraries/display_git_revision.lib.php';
19 /**
20 * pass variables to child pages
22 $drops = array(
23 'lang',
24 'server',
25 'collation_connection',
26 'db',
27 'table'
29 foreach ($drops as $each_drop) {
30 if (array_key_exists($each_drop, $_GET)) {
31 unset($_GET[$each_drop]);
34 unset($drops, $each_drop);
37 * Black list of all scripts to which front-end must submit data.
38 * Such scripts must not be loaded on home page.
41 $target_blacklist = array (
42 'import.php', 'export.php'
45 // If we have a valid target, let's load that script instead
46 if (! empty($_REQUEST['target'])
47 && is_string($_REQUEST['target'])
48 && ! preg_match('/^index/', $_REQUEST['target'])
49 && ! in_array($_REQUEST['target'], $target_blacklist)
50 && in_array($_REQUEST['target'], $goto_whitelist)
51 ) {
52 include $_REQUEST['target'];
53 exit;
56 if (isset($_REQUEST['ajax_request']) && ! empty($_REQUEST['access_time'])) {
57 exit;
60 // See FAQ 1.34
61 if (! empty($_REQUEST['db'])) {
62 $page = null;
63 if (! empty($_REQUEST['table'])) {
64 $page = $GLOBALS['cfg']['DefaultTabTable'];
65 } else {
66 $page = $GLOBALS['cfg']['DefaultTabDatabase'];
68 include $page;
69 exit;
72 /**
73 * Check if it is an ajax request to reload the recent tables list.
75 require_once 'libraries/RecentFavoriteTable.class.php';
76 if ($GLOBALS['is_ajax_request'] && ! empty($_REQUEST['recent_table'])) {
77 $response = PMA_Response::getInstance();
78 $response->addJSON(
79 'list',
80 PMA_RecentFavoriteTable::getInstance('recent')->getHtmlList()
82 exit;
85 if ($GLOBALS['PMA_Config']->isGitRevision()) {
86 if (isset($_REQUEST['git_revision']) && $GLOBALS['is_ajax_request'] == true) {
87 PMA_printGitRevision();
88 exit;
90 echo '<div id="is_git_revision"></div>';
93 // Handles some variables that may have been sent by the calling script
94 $GLOBALS['db'] = '';
95 $GLOBALS['table'] = '';
96 $show_query = '1';
98 // Any message to display?
99 if (! empty($message)) {
100 echo PMA_Util::getMessage($message);
101 unset($message);
104 $common_url_query = PMA_URL_getCommon();
105 $mysql_cur_user_and_host = '';
107 // when $server > 0, a server has been chosen so we can display
108 // all MySQL-related information
109 if ($server > 0) {
110 include 'libraries/server_common.inc.php';
111 include 'libraries/StorageEngine.class.php';
113 // Use the verbose name of the server instead of the hostname
114 // if a value is set
115 $server_info = '';
116 if (! empty($cfg['Server']['verbose'])) {
117 $server_info .= htmlspecialchars($cfg['Server']['verbose']);
118 if ($GLOBALS['cfg']['ShowServerInfo']) {
119 $server_info .= ' (';
122 if ($GLOBALS['cfg']['ShowServerInfo'] || empty($cfg['Server']['verbose'])) {
123 $server_info .= $GLOBALS['dbi']->getHostInfo();
125 if (! empty($cfg['Server']['verbose']) && $GLOBALS['cfg']['ShowServerInfo']) {
126 $server_info .= ')';
128 $mysql_cur_user_and_host = $GLOBALS['dbi']->fetchValue('SELECT USER();');
130 // should we add the port info here?
131 $short_server_info = (!empty($GLOBALS['cfg']['Server']['verbose'])
132 ? $GLOBALS['cfg']['Server']['verbose']
133 : $GLOBALS['cfg']['Server']['host']);
136 echo '<div id="maincontainer">' . "\n";
137 // Anchor for favorite tables synchronization.
138 echo PMA_RecentFavoriteTable::getInstance('favorite')->getHtmlSyncFavoriteTables();
139 echo '<div id="main_pane_left">';
140 if ($server > 0 || count($cfg['Servers']) > 1
142 if ($cfg['DBG']['demo']) {
143 echo '<div class="group">';
144 echo '<h2>' . __('phpMyAdmin Demo Server') . '</h2>';
145 echo '<p style="margin: 0.5em 1em 0.5em 1em">';
146 printf(
148 'You are using the demo server. You can do anything here, but '
149 . 'please do not change root, debian-sys-maint and pma users. '
150 . 'More information is available at %s.'
152 '<a href="http://demo.phpmyadmin.net/">demo.phpmyadmin.net</a>'
154 echo '</p>';
155 echo '</div>';
157 echo '<div class="group">';
158 echo '<h2>' . __('General Settings') . '</h2>';
159 echo '<ul>';
162 * Displays the MySQL servers choice form
164 if ($cfg['ServerDefault'] == 0
165 || (! $cfg['NavigationDisplayServers']
166 && (count($cfg['Servers']) > 1
167 || ($server == 0 && count($cfg['Servers']) == 1)))
169 echo '<li id="li_select_server" class="no_bullets" >';
170 include_once 'libraries/select_server.lib.php';
171 echo PMA_Util::getImage('s_host.png') . " " . PMA_selectServer(true, true);
172 echo '</li>';
176 * Displays the mysql server related links
178 if ($server > 0 && ! PMA_DRIZZLE) {
179 include_once 'libraries/check_user_privileges.lib.php';
181 // Logout for advanced authentication
182 if ($cfg['Server']['auth_type'] != 'config') {
183 if ($cfg['ShowChgPassword']) {
184 $conditional_class = 'ajax';
185 PMA_printListItem(
186 PMA_Util::getImage('s_passwd.png') . " " . __('Change password'),
187 'li_change_password',
188 'user_password.php' . $common_url_query,
189 null,
190 null,
191 'change_password_anchor',
192 "no_bullets",
193 $conditional_class
196 } // end if
197 echo ' <li id="li_select_mysql_collation" class="no_bullets" >';
198 echo ' <form method="post" action="index.php">' . "\n"
199 . PMA_URL_getHiddenInputs(null, null, 4, 'collation_connection')
200 . ' <label for="select_collation_connection">' . "\n"
201 . ' ' . PMA_Util::getImage('s_asci.png') . " "
202 . __('Server connection collation') . "\n"
203 // put the doc link in the form so that it appears on the same line
204 . PMA_Util::showMySQLDocu('Charset-connection')
205 . ': ' . "\n"
206 . ' </label>' . "\n"
208 . PMA_generateCharsetDropdownBox(
209 PMA_CSDROPDOWN_COLLATION,
210 'collation_connection',
211 'select_collation_connection',
212 $collation_connection,
213 true,
214 true
216 . ' </form>' . "\n"
217 . ' </li>' . "\n";
218 } // end of if ($server > 0 && !PMA_DRIZZLE)
219 echo '</ul>';
220 echo '</div>';
223 echo '<div class="group">';
224 echo '<h2>' . __('Appearance Settings') . '</h2>';
225 echo ' <ul>';
227 // Displays language selection combo
228 if (empty($cfg['Lang']) && count($GLOBALS['available_languages']) > 1) {
229 echo '<li id="li_select_lang" class="no_bullets">';
230 include_once 'libraries/display_select_lang.lib.php';
231 echo PMA_Util::getImage('s_lang.png') . " " . PMA_getLanguageSelectorHtml();
232 echo '</li>';
235 // ThemeManager if available
237 if ($GLOBALS['cfg']['ThemeManager']) {
238 echo '<li id="li_select_theme" class="no_bullets">';
239 echo PMA_Util::getImage('s_theme.png') . " "
240 . $_SESSION['PMA_Theme_Manager']->getHtmlSelectBox();
241 echo '</li>';
243 echo '<li id="li_select_fontsize">';
244 echo PMA_Config::getFontsizeForm();
245 echo '</li>';
247 echo '</ul>';
249 // User preferences
251 if ($server > 0) {
252 echo '<ul>';
253 PMA_printListItem(
254 PMA_Util::getImage('b_tblops.png') . " " . __('More settings'),
255 'li_user_preferences',
256 'prefs_manage.php' . $common_url_query,
257 null,
258 null,
259 null,
260 "no_bullets"
262 echo '</ul>';
265 echo '</div>';
268 echo '</div>';
269 echo '<div id="main_pane_right">';
272 if ($server > 0 && $GLOBALS['cfg']['ShowServerInfo']) {
274 echo '<div class="group">';
275 echo '<h2>' . __('Database server') . '</h2>';
276 echo '<ul>' . "\n";
277 PMA_printListItem(
278 __('Server:') . ' ' . $server_info,
279 'li_server_info'
281 PMA_printListItem(
282 __('Server type:') . ' ' . PMA_Util::getServerType(),
283 'li_server_type'
285 PMA_printListItem(
286 __('Server version:')
287 . ' '
288 . PMA_MYSQL_STR_VERSION . ' - ' . PMA_MYSQL_VERSION_COMMENT,
289 'li_server_version'
291 PMA_printListItem(
292 __('Protocol version:') . ' ' . $GLOBALS['dbi']->getProtoInfo(),
293 'li_mysql_proto'
295 PMA_printListItem(
296 __('User:') . ' ' . htmlspecialchars($mysql_cur_user_and_host),
297 'li_user_info'
300 echo ' <li id="li_select_mysql_charset">';
301 echo ' ' . __('Server charset:') . ' '
302 . ' <span lang="en" dir="ltr">';
303 if (! PMA_DRIZZLE) {
304 echo ' '
305 . $mysql_charsets_descriptions[$mysql_charset_map['utf-8']];
307 echo ' (' . $mysql_charset_map['utf-8'] . ')'
308 . ' </span>'
309 . ' </li>'
310 . ' </ul>'
311 . ' </div>';
314 if ($GLOBALS['cfg']['ShowServerInfo'] || $GLOBALS['cfg']['ShowPhpInfo']) {
315 echo '<div class="group">';
316 echo '<h2>' . __('Web server') . '</h2>';
317 echo '<ul>';
318 if ($GLOBALS['cfg']['ShowServerInfo']) {
319 PMA_printListItem($_SERVER['SERVER_SOFTWARE'], 'li_web_server_software');
321 if ($server > 0) {
322 $client_version_str = $GLOBALS['dbi']->getClientInfo();
323 if (preg_match('#\d+\.\d+\.\d+#', $client_version_str)) {
324 $client_version_str = 'libmysql - ' . $client_version_str;
326 PMA_printListItem(
327 __('Database client version:') . ' ' . $client_version_str,
328 'li_mysql_client_version'
331 $php_ext_string = __('PHP extension:') . ' ';
332 if (PMA_DatabaseInterface::checkDbExtension('mysqli')) {
333 $extension = 'mysqli';
334 } else {
335 $extension = 'mysql';
337 $php_ext_string .= $extension . ' '
338 . PMA_Util::showPHPDocu('book.' . $extension . '.php');
340 PMA_printListItem(
341 $php_ext_string,
342 'li_used_php_extension'
347 if ($cfg['ShowPhpInfo']) {
348 PMA_printListItem(
349 __('Show PHP information'),
350 'li_phpinfo',
351 'phpinfo.php' . $common_url_query,
352 null,
353 '_blank'
356 echo ' </ul>';
357 echo ' </div>';
360 echo '<div class="group pmagroup">';
361 echo '<h2>phpMyAdmin</h2>';
362 echo '<ul>';
363 $class = null;
364 // We rely on CSP to allow access to http://www.phpmyadmin.net, but IE lacks
365 // support here and does not allow request to http once using https.
366 if ($GLOBALS['cfg']['VersionCheck']
367 && (! $GLOBALS['PMA_Config']->get('is_https') || PMA_USR_BROWSER_AGENT != 'IE')
369 $class = 'jsversioncheck';
371 PMA_printListItem(
372 __('Version information:') . ' <span class="version">' . PMA_VERSION . '</span>',
373 'li_pma_version',
374 null,
375 null,
376 null,
377 null,
378 $class
380 PMA_printListItem(
381 __('Documentation'),
382 'li_pma_docs',
383 PMA_Util::getDocuLink('index'),
384 null,
385 '_blank'
387 PMA_printListItem(
388 __('Wiki'),
389 'li_pma_wiki',
390 PMA_linkURL('http://wiki.phpmyadmin.net/'),
391 null,
392 '_blank'
395 // does not work if no target specified, don't know why
396 PMA_printListItem(
397 __('Official Homepage'),
398 'li_pma_homepage',
399 PMA_linkURL('http://www.phpMyAdmin.net/'),
400 null,
401 '_blank'
403 PMA_printListItem(
404 __('Contribute'),
405 'li_pma_contribute',
406 PMA_linkURL('http://www.phpmyadmin.net/home_page/improve.php'),
407 null,
408 '_blank'
410 PMA_printListItem(
411 __('Get support'),
412 'li_pma_support',
413 PMA_linkURL('http://www.phpmyadmin.net/home_page/support.php'),
414 null,
415 '_blank'
417 PMA_printListItem(
418 __('List of changes'),
419 'li_pma_changes',
420 PMA_linkURL('changelog.php'),
421 null,
422 '_blank'
424 echo ' </ul>';
425 echo ' </div>';
427 echo '</div>';
429 echo '</div>';
432 * Warning if using the default MySQL privileged account
434 if ($server != 0
435 && $cfg['Server']['user'] == 'root'
436 && $cfg['Server']['password'] == ''
438 trigger_error(
440 'Your configuration file contains settings (root with no password)'
441 . ' that correspond to the default MySQL privileged account.'
442 . ' Your MySQL server is running with this default, is open to'
443 . ' intrusion, and you really should fix this security hole by'
444 . ' setting a password for user \'root\'.'
446 E_USER_WARNING
451 * As we try to handle charsets by ourself, mbstring overloads just
452 * break it, see bug 1063821.
454 if (@extension_loaded('mbstring') && @ini_get('mbstring.func_overload') > 1) {
455 trigger_error(
457 'You have enabled mbstring.func_overload in your PHP '
458 . 'configuration. This option is incompatible with phpMyAdmin '
459 . 'and might cause some data to be corrupted!'
461 E_USER_WARNING
466 * mbstring is used for handling multibytes inside parser, so it is good
467 * to tell user something might be broken without it, see bug #1063149.
469 if (! @extension_loaded('mbstring')) {
470 trigger_error(
472 'The mbstring PHP extension was not found and you seem to be using'
473 . ' a multibyte charset. Without the mbstring extension phpMyAdmin'
474 . ' is unable to split strings correctly and it may result in'
475 . ' unexpected results.'
477 E_USER_WARNING
482 * Check whether session.gc_maxlifetime limits session validity.
484 $gc_time = (int)@ini_get('session.gc_maxlifetime');
485 if ($gc_time < $GLOBALS['cfg']['LoginCookieValidity'] ) {
486 trigger_error(
487 __('Your PHP parameter [a@http://php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime@_blank]session.gc_maxlifetime[/a] is lower than cookie validity configured in phpMyAdmin, because of this, your login will expire sooner than configured in phpMyAdmin.'),
488 E_USER_WARNING
493 * Check whether LoginCookieValidity is limited by LoginCookieStore.
495 if ($GLOBALS['cfg']['LoginCookieStore'] != 0
496 && $GLOBALS['cfg']['LoginCookieStore'] < $GLOBALS['cfg']['LoginCookieValidity']
498 trigger_error(
499 __('Login cookie store is lower than cookie validity configured in phpMyAdmin, because of this, your login will expire sooner than configured in phpMyAdmin.'),
500 E_USER_WARNING
505 * Check if user does not have defined blowfish secret and it is being used.
507 if (! empty($_SESSION['encryption_key'])
508 && empty($GLOBALS['cfg']['blowfish_secret'])
510 trigger_error(
511 __('The configuration file now needs a secret passphrase (blowfish_secret).'),
512 E_USER_WARNING
517 * Check for existence of config directory which should not exist in
518 * production environment.
520 if (file_exists('config')) {
521 trigger_error(
522 __('Directory [code]config[/code], which is used by the setup script, still exists in your phpMyAdmin directory. It is strongly recommended to remove it once phpMyAdmin has been configured. Otherwise the security of your server may be compromised by unauthorized people downloading your configuration.'),
523 E_USER_WARNING
527 if ($server > 0) {
528 $cfgRelation = PMA_getRelationsParam();
529 if (! $cfgRelation['allworks']
530 && $cfg['PmaNoRelation_DisableWarning'] == false
532 $msg_text = __(
533 'The phpMyAdmin configuration storage is not completely '
534 . 'configured, some extended features have been deactivated. '
535 . '%sFind out why%s. '
537 if ($cfg['ZeroConf'] == true) {
538 $msg_text .= '<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;' .
540 'Or alternately go to \'Operations\' tab of any database '
541 . 'to set it up there.'
544 $msg = PMA_Message::notice($msg_text);
545 $msg->addParam(
546 '<a href="' . $cfg['PmaAbsoluteUri'] . 'chk_rel.php'
547 . $common_url_query . '">',
548 false
550 $msg->addParam('</a>', false);
551 /* Show error if user has configured something, notice elsewhere */
552 if (!empty($cfg['Servers'][$server]['pmadb'])) {
553 $msg->isError(true);
555 $msg->display();
556 } // end if
560 * Warning about different MySQL library and server version
561 * (a difference on the third digit does not count).
562 * If someday there is a constant that we can check about mysqlnd,
563 * we can use it instead of strpos().
564 * If no default server is set, $GLOBALS['dbi'] is not defined yet.
565 * Drizzle can speak MySQL protocol, so don't warn about version mismatch for
566 * Drizzle servers.
568 if (isset($GLOBALS['dbi'])
569 && !PMA_DRIZZLE
570 && $cfg['ServerLibraryDifference_DisableWarning'] == false
572 /** @var PMA_String $pmaString */
573 $pmaString = $GLOBALS['PMA_String'];
575 $_client_info = $GLOBALS['dbi']->getClientInfo();
576 if ($server > 0
577 && /*overload*/mb_strpos($_client_info, 'mysqlnd') === false
578 && substr(PMA_MYSQL_CLIENT_API, 0, 3) != substr(
579 PMA_MYSQL_INT_VERSION, 0, 3
582 trigger_error(
583 PMA_sanitize(
584 sprintf(
585 __('Your PHP MySQL library version %s differs from your MySQL server version %s. This may cause unpredictable behavior.'),
586 $_client_info,
587 substr(
588 PMA_MYSQL_STR_VERSION,
590 strpos(PMA_MYSQL_STR_VERSION . '-', '-')
594 E_USER_NOTICE
597 unset($_client_info);
601 * Warning about Suhosin only if its simulation mode is not enabled
603 if ($cfg['SuhosinDisableWarning'] == false
604 && @ini_get('suhosin.request.max_value_length')
605 && @ini_get('suhosin.simulation') == '0'
607 trigger_error(
608 sprintf(
609 __('Server running with Suhosin. Please refer to %sdocumentation%s for possible issues.'),
610 '[doc@faq1-38]',
611 '[/doc]'
613 E_USER_WARNING
618 * Warning about incomplete translations.
620 * The data file is created while creating release by ./scripts/remove-incomplete-mo
622 if (file_exists('libraries/language_stats.inc.php')) {
623 include 'libraries/language_stats.inc.php';
625 * This message is intentionally not translated, because we're
626 * handling incomplete translations here and focus on english
627 * speaking users.
629 if (isset($GLOBALS['language_stats'][$lang])
630 && $GLOBALS['language_stats'][$lang] < $cfg['TranslationWarningThreshold']
632 trigger_error(
633 'You are using an incomplete translation, please help to make it '
634 . 'better by [a@http://www.phpmyadmin.net/home_page/improve.php'
635 . '#translate@_blank]contributing[/a].',
636 E_USER_NOTICE
642 * prints list item for main page
644 * @param string $name displayed text
645 * @param string $listId id, used for css styles
646 * @param string $url make item as link with $url as target
647 * @param string $mysql_help_page display a link to MySQL's manual
648 * @param string $target special target for $url
649 * @param string $a_id id for the anchor,
650 * used for jQuery to hook in functions
651 * @param string $class class for the li element
652 * @param string $a_class class for the anchor element
654 * @return void
656 function PMA_printListItem($name, $listId = null, $url = null,
657 $mysql_help_page = null, $target = null, $a_id = null, $class = null,
658 $a_class = null
660 echo '<li id="' . $listId . '"';
661 if (null !== $class) {
662 echo ' class="' . $class . '"';
664 echo '>';
665 if (null !== $url) {
666 echo '<a href="' . $url . '"';
667 if (null !== $target) {
668 echo ' target="' . $target . '"';
670 if (null != $a_id) {
671 echo ' id="' . $a_id . '"';
673 if (null != $a_class) {
674 echo ' class="' . $a_class . '"';
676 echo '>';
679 echo $name;
681 if (null !== $url) {
682 echo '</a>' . "\n";
684 if (null !== $mysql_help_page) {
685 echo PMA_Util::showMySQLDocu($mysql_help_page);
687 echo '</li>';