bug 722791
[phpmyadmin/crack.git] / main.php3
blobe03df64fb58aba2808fa1f8c6ceb70bdfe1727ab
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
5 /**
6 * Don't display the page heading
7 */
8 define('PMA_DISPLAY_HEADING', 0);
10 /**
11 * Gets some core libraries and displays a top message if required
13 if (!defined('PMA_GRAB_GLOBALS_INCLUDED')) {
14 include('./libraries/grab_globals.lib.php3');
16 if (!defined('PMA_COMMON_LIB_INCLUDED')) {
17 include('./libraries/common.lib.php3');
19 // Puts the language to use in a cookie that will expire in 30 days
20 if (!isset($pma_uri_parts)) {
21 $pma_uri_parts = parse_url($cfg['PmaAbsoluteUri']);
22 $cookie_path = substr($pma_uri_parts['path'], 0, strrpos($pma_uri_parts['path'], '/'));
23 $is_https = ($pma_uri_parts['scheme'] == 'https') ? 1 : 0;
25 setcookie('lang', $lang, time() + 60*60*24*30, $cookie_path, '', $is_https);
26 // Defines the "item" image depending on text direction
27 $item_img = 'images/item_' . $text_dir . '.png';
28 // Handles some variables that may have been sent by the calling script
29 if (isset($db)) {
30 unset($db);
32 if (isset($table)) {
33 unset($table);
35 $show_query = '1';
36 require('./header.inc.php3');
37 if (isset($message)) {
38 PMA_showMessage($message);
40 else if (isset($reload) && $reload) {
41 // Reloads the navigation frame via JavaScript if required
42 echo "\n";
44 <script type="text/javascript" language="javascript1.2">
45 <!--
46 window.parent.frames['nav'].location.replace('./left.php3?<?php echo PMA_generate_common_url('', '', '&'); ?>');
47 //-->
48 </script>
49 <?php
51 echo "\n";
54 /**
55 * Displays the welcome message and the server informations
58 <h1><?php echo sprintf($strWelcome, ' phpMyAdmin ' . PMA_VERSION); ?></h1>
60 <?php
61 // Don't display server info if $server == 0 (no server selected)
62 // loic1: modified in order to have a valid words order whatever is the
63 // language used
64 if ($server > 0) {
65 // robbat2: Use the verbose name of the server instead of the hostname
66 // if a value is set
67 if(!empty($cfg['Server']['verbose'])) {
68 $server_info = $cfg['Server']['verbose'];
69 } else {
70 $server_info = $cfg['Server']['host'];
72 $server_info .= (empty($cfg['Server']['port']) ? '' : ':' . $cfg['Server']['port']);
73 // loic1: skip this because it's not a so good idea to display sockets
74 // used to everybody
75 // if (!empty($cfg['Server']['socket']) && PMA_PHP_INT_VERSION >= 30010) {
76 // $server_info .= ':' . $cfg['Server']['socket'];
77 // }
78 $local_query = 'SELECT VERSION() as version, USER() as user';
79 $res = PMA_mysql_query($local_query) or PMA_mysqlDie('', $local_query, FALSE, '');
80 $mysql_cur_user_and_host = PMA_mysql_result($res, 0, 'user');
81 $mysql_cur_user = substr($mysql_cur_user_and_host, 0, strrpos($mysql_cur_user_and_host, '@'));
83 $full_string = str_replace('%pma_s1%', PMA_mysql_result($res, 0, 'version'), $strMySQLServerProcess);
84 $full_string = str_replace('%pma_s2%', $server_info, $full_string);
85 $full_string = str_replace('%pma_s3%', $mysql_cur_user_and_host, $full_string);
87 echo '<p><b>' . $full_string . '</b></p><br />' . "\n";
88 } // end if
91 /**
92 * Reload mysql (flush privileges)
94 if (($server > 0) && isset($mode) && ($mode == 'reload')) {
95 $result = PMA_mysql_query('FLUSH PRIVILEGES'); // Debug: or PMA_mysqlDie('', 'FLUSH PRIVILEGES', FALSE, 'main.php3?' . PMA_generate_common_url());
96 echo '<p><b>';
97 if ($result != 0) {
98 echo $strMySQLReloaded;
99 } else {
100 echo $strReloadFailed;
102 echo '</b></p>' . "\n\n";
107 * Displays the MySQL servers choice form
109 if ($server == 0 || count($cfg['Servers']) > 1) {
111 <!-- MySQL servers choice form -->
112 <table>
113 <tr>
114 <th><?php echo $strServerChoice; ?></th>
115 </tr>
116 <tr>
117 <td>
118 <form method="post" action="index.php3" target="_parent">
119 <select name="server">
120 <?php
121 echo "\n";
122 reset($cfg['Servers']);
123 while (list($key, $val) = each($cfg['Servers'])) {
124 if (!empty($val['host'])) {
125 echo ' <option value="' . $key . '"';
126 if (!empty($server) && ($server == $key)) {
127 echo ' selected="selected"';
129 echo '>';
130 if (!empty($val['verbose'])) {
131 echo $val['verbose'];
132 } else {
133 echo $val['host'];
134 if (!empty($val['port'])) {
135 echo ':' . $val['port'];
137 // loic1: skip this because it's not a so good idea to display
138 // sockets used to everybody
139 // if (!empty($val['socket']) && PMA_PHP_INT_VERSION >= 30010) {
140 // echo ':' . $val['socket'];
141 // }
143 // loic1: if 'only_db' is an array and there is more than one
144 // value, displaying such informations may not be a so good
145 // idea
146 if (!empty($val['only_db'])) {
147 echo ' - ' . (is_array($val['only_db']) ? implode(', ', $val['only_db']) : $val['only_db']);
149 if (!empty($val['user']) && ($val['auth_type'] == 'config')) {
150 echo ' (' . $val['user'] . ')';
152 echo '&nbsp;</option>' . "\n";
153 } // end if (!empty($val['host']))
154 } // end while
156 </select>
157 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
158 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
159 <input type="submit" value="<?php echo $strGo; ?>" />
160 </form>
161 </td>
162 </tr>
163 </table>
164 <br />
165 <?php
166 } // end of the servers choice form
169 <!-- MySQL and phpMyAdmin related links -->
170 <table>
171 <tr>
173 <?php
175 * Displays the mysql server related links
177 $is_superuser = FALSE;
178 if ($server > 0) {
179 // Get user's global privileges ($dbh and $userlink are links to MySQL
180 // defined in the "common.lib.php3" library)
181 $is_create_priv = FALSE;
182 $is_process_priv = TRUE;
183 $is_reload_priv = FALSE;
185 // We were checking privileges with 'USE mysql' but users with the global
186 // priv CREATE TEMPORARY TABLES or LOCK TABLES can do a 'USE mysql'
187 // (even if they cannot see the tables)
188 $is_superuser = @PMA_mysql_query('SELECT COUNT(*) FROM mysql.user', $userlink);
189 if ($dbh) {
190 $local_query = 'SELECT Create_priv, Process_priv, Reload_priv FROM mysql.user WHERE User = \'' . PMA_sqlAddslashes($mysql_cur_user) . '\'';
191 $rs_usr = PMA_mysql_query($local_query, $dbh); // Debug: or PMA_mysqlDie('', $local_query, FALSE);
192 if ($rs_usr) {
193 while ($result_usr = PMA_mysql_fetch_array($rs_usr)) {
194 if (!$is_create_priv) {
195 $is_create_priv = ($result_usr['Create_priv'] == 'Y');
197 /* 02-12-09 rabus: Every user has access to the process list -
198 at least to its own :-)
199 if (!$is_process_priv) {
200 $is_process_priv = ($result_usr['Process_priv'] == 'Y');
203 if (!$is_reload_priv) {
204 $is_reload_priv = ($result_usr['Reload_priv'] == 'Y');
206 } // end while
207 mysql_free_result($rs_usr);
208 } // end if
209 } // end if
211 // If the user has Create priv on a inexistant db, show him in the dialog
212 // the first inexistant db name that we find, in most cases it's probably
213 // the one he just dropped :)
214 if (!$is_create_priv) {
215 $local_query = 'SELECT DISTINCT Db FROM mysql.db WHERE Create_priv = \'Y\' AND User = \'' . PMA_sqlAddslashes($mysql_cur_user) . '\'';
216 $rs_usr = PMA_mysql_query($local_query, $dbh); // Debug: or PMA_mysqlDie('', $local_query, FALSE);
217 if ($rs_usr) {
218 $re0 = '(^|(\\\\\\\\)+|[^\])'; // non-escaped wildcards
219 $re1 = '(^|[^\])(\\\)+'; // escaped wildcards
220 while ($row = PMA_mysql_fetch_array($rs_usr)) {
221 if (ereg($re0 . '(%|_)', $row['Db'])
222 || (!PMA_mysql_select_db(ereg_replace($re1 . '(%|_)', '\\1\\3', $row['Db']), $userlink) && @mysql_errno() != 1044)) {
223 $db_to_create = ereg_replace($re0 . '%', '\\1...', ereg_replace($re0 . '_', '\\1?', $row['Db']));
224 $db_to_create = ereg_replace($re1 . '(%|_)', '\\1\\3', $db_to_create);
225 $is_create_priv = TRUE;
226 break;
227 } // end if
228 } // end while
229 mysql_free_result($rs_usr);
230 } // end if
231 else if (PMA_MYSQL_INT_VERSION >= 32304) {
232 // Finally, let's try to get the user's privileges by using SHOW
233 // GRANTS...
234 // Maybe we'll find a little CREATE priv there :)
235 $local_query = 'SHOW GRANTS FOR ' . $mysql_cur_user_and_host;
236 $rs_usr = PMA_mysql_query($local_query, $dbh);
237 if (!$rs_usr) {
238 // OK, now we'd have to guess the user's hostname, but we
239 // only try out the 'username'@'%' case.
240 $local_query = 'SHOW GRANTS FOR ' . $mysql_cur_user;
241 $rs_usr = PMA_mysql_query($local_query, $dbh);
243 if ($rs_usr) {
244 $re0 = '(^|(\\\\\\\\)+|[^\])'; // non-escaped wildcards
245 $re1 = '(^|[^\])(\\\)+'; // escaped wildcards
246 while ($row = PMA_mysql_fetch_row($rs_usr)) {
247 $show_grants_dbname = substr($row[0], strpos($row[0], ' ON ') + 4,(strpos($row[0], '.', strpos($row[0], ' ON ')) - strpos($row[0], ' ON ') - 4));
248 $show_grants_str = substr($row[0],6,(strpos($row[0],' ON ')-6));
249 if (($show_grants_str == 'ALL') || ($show_grants_str == 'ALL PRIVILEGES') || ($show_grants_str == 'CREATE') || strpos($show_grants_str, 'CREATE')) {
250 if ($show_grants_dbname == '*') {
251 $is_create_priv = TRUE;
252 $db_to_create = '';
253 break;
254 } // end if
255 else if (ereg($re0 . '%|_', $show_grants_dbname) || !PMA_mysql_select_db($show_grants_dbname, $userlink) && @mysql_errno() != 1044) {
256 $db_to_create = ereg_replace($re0 . '%', '\\1...', ereg_replace($re0 . '_', '\\1?', $show_grants_dbname));
257 $db_to_create = ereg_replace($re1 . '(%|_)', '\\1\\3', $db_to_create);
258 $is_create_priv = TRUE;
259 break;
260 } // end elseif
261 } // end if
262 } // end while
263 unset($show_grants_dbname);
264 unset($show_grants_str);
265 mysql_free_result($rs_usr);
266 } // end if
267 } // end elseif
268 } // end if
269 else {
270 $db_to_create = '';
271 } // end else
273 if (!$cfg['SuggestDBName']) {
274 $db_to_create = '';
277 $common_url_query = PMA_generate_common_url();
279 if ($is_superuser) {
280 $cfg['ShowMysqlInfo'] = TRUE;
281 $cfg['ShowMysqlVars'] = TRUE;
282 $cfg['ShowChgPassword'] = TRUE;
284 if ($cfg['Server']['auth_type'] == 'config') {
285 $cfg['ShowChgPassword'] = FALSE;
288 // loic1: Displays the MySQL column only if at least one feature has to be
289 // displayed
290 if ($is_superuser || $is_create_priv || $is_process_priv || $is_reload_priv
291 || $cfg['ShowMysqlInfo'] || $cfg['ShowMysqlVars'] || $cfg['ShowChgPassword']
292 || $cfg['Server']['auth_type'] != 'config') {
294 <!-- MySQL server related links -->
295 <td valign="top" align="<?php echo $cell_align_left; ?>">
296 <table>
297 <tr>
298 <th colspan="2">&nbsp;&nbsp;MySQL</th>
299 </tr>
300 <?php
301 // The user is allowed to create a db
302 if ($is_create_priv) {
303 echo "\n";
305 <!-- db creation form -->
306 <tr>
307 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
308 <td>
309 <form method="post" action="db_create.php3">
310 <?php echo $strCreateNewDatabase . '&nbsp;' . PMA_showMySQLDocu('Reference', 'CREATE_DATABASE'); ?><br />
311 <?php echo PMA_generate_common_hidden_inputs(); ?>
312 <input type="hidden" name="reload" value="1" />
313 <input type="text" name="db" value="<?php echo $db_to_create; ?>" maxlength="64" class="textfield" />
314 <input type="submit" value="<?php echo $strCreate; ?>" />
315 </form>
316 </td>
317 </tr>
318 <?php
319 } else {
320 echo "\n";
322 <!-- db creation no privileges message -->
323 <tr>
324 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
325 <td>
326 <?php echo $strCreateNewDatabase . ':&nbsp;' . PMA_showMySQLDocu('Reference', 'CREATE_DATABASE'); ?><br />
327 <?php echo '<i>' . $strNoPrivileges .'</i>'; ?><br />
328 </td>
329 </tr>
330 <?php
331 } // end create db form or message
332 echo "\n";
334 // Server related links
336 <!-- server-related links -->
337 <?php
338 if ($cfg['ShowMysqlInfo']) {
339 echo "\n";
341 <tr>
342 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
343 <td>
344 <a href="./server_status.php3?<?php echo $common_url_query; ?>">
345 <?php echo $strMySQLShowStatus . "\n"; ?>
346 </a>
347 </td>
348 </tr>
349 <?php
350 } // end if
351 if ($cfg['ShowMysqlVars']) {
352 echo "\n";
354 <tr>
355 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
356 <td>
357 <a href="./server_variables.php3?<?php echo $common_url_query; ?>">
358 <?php echo $strMySQLShowVars;?></a>&nbsp;
359 <?php echo PMA_showMySQLDocu('MySQL_Database_Administration', 'SHOW_VARIABLES') . "\n"; ?>
360 </td>
361 </tr>
362 <?php
365 // if ($is_process_priv) {
366 echo "\n";
368 <tr>
369 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
370 <td>
371 <a href="./server_processlist.php3?<?php echo $common_url_query; ?>">
372 <?php echo $strMySQLShowProcess; ?></a>&nbsp;
373 <?php echo PMA_showMySQLDocu('MySQL_Database_Administration', 'SHOW_PROCESSLIST') . "\n"; ?>
374 </td>
375 </tr>
376 <?php
377 // } // end if
379 if ($is_reload_priv) {
380 echo "\n";
382 <tr>
383 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
384 <td>
385 <a href="main.php3?<?php echo $common_url_query; ?>&amp;mode=reload">
386 <?php echo $strReloadMySQL; ?></a>&nbsp;
387 <?php echo PMA_showMySQLDocu('MySQL_Database_Administration', 'FLUSH') . "\n"; ?>
388 </td>
389 </tr>
390 <?php
393 if ($is_superuser) {
394 echo "\n";
396 <tr>
397 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
398 <td>
399 <a href="server_privileges.php3?<?php echo $common_url_query; ?>">
400 <?php echo $strPrivileges; ?></a>&nbsp;
401 </td>
402 </tr>
403 <?php
406 <tr>
407 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
408 <td>
409 <a href="./server_databases.php3?<?php echo $common_url_query; ?>">
410 <?php echo $strDatabases; ?></a>
411 </td>
412 </tr>
413 <?php
415 // Change password (needs another message)
416 if ($cfg['ShowChgPassword']) {
417 echo "\n";
419 <tr>
420 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
421 <td>
422 <a href="user_password.php3?<?php echo $common_url_query; ?>">
423 <?php echo ($strChangePassword); ?></a>
424 </td>
425 </tr>
426 <?php
427 } // end if
429 // Logout for advanced authentication
430 if ($cfg['Server']['auth_type'] != 'config') {
431 $http_logout = ($cfg['Server']['auth_type'] == 'http')
432 ? "\n" . ' <a href="./Documentation.html#login_bug" target="documentation">(*)</a>'
433 : '';
434 echo "\n";
436 <tr>
437 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
438 <td>
439 <a href="index.php3?<?php echo $common_url_query; ?>&amp;old_usr=<?php echo urlencode($PHP_AUTH_USER); ?>" target="_parent">
440 <b><?php echo $strLogout; ?></b></a>&nbsp;<?php echo $http_logout . "\n"; ?>
441 </td>
442 </tr>
443 <?php
444 } // end if
445 echo "\n";
447 </table>
448 </td>
450 <td>&nbsp;&nbsp;&nbsp;&nbsp;</td>
451 <?php
452 } // end if
453 } // end of if ($server > 0)
454 echo "\n";
458 * Displays the phpMyAdmin related links
462 <!-- phpMyAdmin related links -->
463 <td valign="top" align="<?php echo $cell_align_left; ?>">
464 <table>
465 <tr>
466 <th colspan="2">&nbsp;&nbsp;phpMyAdmin</th>
467 </tr>
469 <?php
470 // Displays language selection combo
471 if (empty($cfg['Lang'])) {
473 <!-- Language Selection -->
474 <tr>
475 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
476 <td nowrap="nowrap">
477 <form method="post" action="index.php3" target="_parent">
478 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
479 <input type="hidden" name="server" value="<?php echo $server; ?>" />
480 Language <a href="./translators.html" target="documentation">(*)</a>:
481 <select name="lang" dir="ltr" onchange="this.form.submit();">
482 <?php
483 echo "\n";
486 * Sorts available languages by their true names
488 * @param array the array to be sorted
489 * @param mixed a required parameter
491 * @return the sorted array
493 * @access private
495 function PMA_cmp(&$a, $b)
497 return (strcmp($a[1], $b[1]));
498 } // end of the 'PMA_cmp()' function
500 uasort($available_languages, 'PMA_cmp');
501 reset($available_languages);
502 while (list($id, $tmplang) = each($available_languages)) {
503 $lang_name = ucfirst(substr(strstr($tmplang[0], '|'), 1));
504 if ($lang == $id) {
505 $selected = ' selected="selected"';
506 } else {
507 $selected = '';
509 echo ' ';
510 echo '<option value="' . $id . '"' . $selected . '>' . $lang_name . ' (' . $id . ')</option>' . "\n";
513 </select>
514 <noscript><input type="submit" value="Go" /></noscript>
515 </form>
516 </td>
517 </tr>
518 <?php
521 if (isset($cfg['AllowAnywhereRecoding']) && $cfg['AllowAnywhereRecoding']
522 && $allow_recoding) {
523 echo "\n";
525 <!-- Charset Selection -->
526 <tr>
527 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
528 <td nowrap="nowrap">
529 <form method="post" action="index.php3" target="_parent">
530 <input type="hidden" name="server" value="<?php echo $server; ?>" />
531 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
532 <?php echo $strMySQLCharset;?>:
533 <select name="convcharset" dir="ltr" onchange="this.form.submit();">
534 <?php
535 echo "\n";
536 reset($cfg['AvailableCharsets']);
537 while (list($id, $tmpcharset) = each($cfg['AvailableCharsets'])) {
538 if ($convcharset == $tmpcharset) {
539 $selected = ' selected="selected"';
540 } else {
541 $selected = '';
543 echo ' ';
544 echo '<option value="' . $tmpcharset . '"' . $selected . '>' . $tmpcharset . '</option>' . "\n";
547 </select>
548 <noscript><input type="submit" value="Go" /></noscript>
549 </form>
550 </td>
551 </tr>
552 <?php
554 echo "\n";
557 <!-- Documentation -->
558 <tr>
559 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
560 <td>
561 <a href="Documentation.html" target="documentation"><b><?php echo $strPmaDocumentation; ?></b></a>
562 </td>
563 </tr>
565 <?php
566 if ($is_superuser || $cfg['ShowPhpInfo']) {
568 <!-- PHP Information -->
569 <tr>
570 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
571 <td>
572 <a href="phpinfo.php3" target="_new"><?php echo $strShowPHPInfo; ?></a>
573 </td>
574 </tr>
575 <?php
577 echo "\n";
580 <!-- phpMyAdmin related urls -->
581 <tr>
582 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
583 <td>
584 <a href="http://www.phpMyAdmin.net/" target="_new"><?php echo $strHomepageOfficial; ?></a><br />
585 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[<a href="ChangeLog" target="_new">ChangeLog</a>]
586 &nbsp;&nbsp;&nbsp;[<a href="http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/phpmyadmin/phpMyAdmin/" target="_new">CVS</a>]
587 &nbsp;&nbsp;&nbsp;[<a href="http://sourceforge.net/mail/?group_id=23067" target="_new">Lists</a>]
588 </td>
589 </tr>
590 </table>
591 </td>
593 </tr>
594 </table>
597 <?php
599 * Displays the "empty $cfg['PmaAbsoluteUri'] warning"
601 if ($display_pmaAbsoluteUri_warning) {
602 echo '<p class="warning">' . $strPmaUriError . '</p>' . "\n";
606 * Warning if using the default MySQL privileged account
608 if ($server != 0
609 && $cfg['Server']['user'] == 'root'
610 && $cfg['Server']['password'] == '') {
611 echo '<p class="warning">' . $strInsecureMySQL . '</p>' . "\n";
615 * Warning for PHP 4.2.3
618 if (PMA_PHP_INT_VERSION == 40203 && @extension_loaded('mbstring')) {
619 echo '<p class="warning">' . $strPHP40203 . '</p>' . "\n";
623 * Displays the footer
625 echo "\n";
626 require('./footer.inc.php3');