lang
[phpmyadmin/crack.git] / main.php3
blobdfeb3ddf52478d7ef52c9e88e39a902a25428034
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
5 /**
6 * Don't display the page heading
7 */
8 define('PMA_DISPLAY_HEADING', 0);
10 /**
11 * Gets some core libraries and displays a top message if required
13 if (!defined('PMA_GRAB_GLOBALS_INCLUDED')) {
14 include('./libraries/grab_globals.lib.php3');
16 if (!defined('PMA_COMMON_LIB_INCLUDED')) {
17 include('./libraries/common.lib.php3');
19 // Puts the language to use in a cookie that will expire in 30 days
20 if (!isset($pma_uri_parts)) {
21 $pma_uri_parts = parse_url($cfg['PmaAbsoluteUri']);
22 $cookie_path = substr($pma_uri_parts['path'], 0, strrpos($pma_uri_parts['path'], '/'));
23 $is_https = (isset($pma_uri_parts['scheme']) && $pma_uri_parts['scheme'] == 'https') ? 1 : 0;
25 setcookie('lang', $lang, time() + 60*60*24*30, $cookie_path, '', $is_https);
26 // Defines the "item" image depending on text direction
27 $item_img = 'images/item_' . $text_dir . '.png';
28 // Handles some variables that may have been sent by the calling script
29 if (isset($db)) {
30 unset($db);
32 if (isset($table)) {
33 unset($table);
35 $show_query = '1';
36 require('./header.inc.php3');
37 if (isset($message)) {
38 PMA_showMessage($message);
40 else if (isset($reload) && $reload) {
41 // Reloads the navigation frame via JavaScript if required
42 echo "\n";
44 <script type="text/javascript" language="javascript1.2">
45 <!--
46 window.parent.frames['nav'].location.replace('./left.php3?<?php echo PMA_generate_common_url('', '', '&');?>&hash=' + <?php echo (($cfg['QueryFrame'] && $cfg['QueryFrameJS']) ? 'window.parent.frames[\'queryframe\'].document.hashform.hash.value' : "'" . md5($cfg['PmaAbsoluteUri']) . "'"); ?>););
47 //-->
48 </script>
49 <?php
51 echo "\n";
54 /**
55 * Displays the welcome message and the server informations
58 <h1><?php echo sprintf($strWelcome, ' phpMyAdmin ' . PMA_VERSION); ?></h1>
60 <?php
61 // Don't display server info if $server == 0 (no server selected)
62 // loic1: modified in order to have a valid words order whatever is the
63 // language used
64 if ($server > 0) {
65 // robbat2: Use the verbose name of the server instead of the hostname
66 // if a value is set
67 if(!empty($cfg['Server']['verbose'])) {
68 $server_info = $cfg['Server']['verbose'];
69 } else {
70 $server_info = $cfg['Server']['host'];
72 $server_info .= (empty($cfg['Server']['port']) ? '' : ':' . $cfg['Server']['port']);
73 // loic1: skip this because it's not a so good idea to display sockets
74 // used to everybody
75 // if (!empty($cfg['Server']['socket']) && PMA_PHP_INT_VERSION >= 30010) {
76 // $server_info .= ':' . $cfg['Server']['socket'];
77 // }
78 $local_query = 'SELECT VERSION() as version, USER() as user';
79 $res = PMA_mysql_query($local_query) or PMA_mysqlDie('', $local_query, FALSE, '');
80 $mysql_cur_user_and_host = PMA_mysql_result($res, 0, 'user');
81 $mysql_cur_user = substr($mysql_cur_user_and_host, 0, strrpos($mysql_cur_user_and_host, '@'));
83 $full_string = str_replace('%pma_s1%', PMA_mysql_result($res, 0, 'version'), $strMySQLServerProcess);
84 $full_string = str_replace('%pma_s2%', $server_info, $full_string);
85 $full_string = str_replace('%pma_s3%', $mysql_cur_user_and_host, $full_string);
87 echo '<p><b>' . $full_string . '</b></p><br />' . "\n";
88 } // end if
91 /**
92 * Reload mysql (flush privileges)
94 if (($server > 0) && isset($mode) && ($mode == 'reload')) {
95 $result = PMA_mysql_query('FLUSH PRIVILEGES'); // Debug: or PMA_mysqlDie('', 'FLUSH PRIVILEGES', FALSE, 'main.php3?' . PMA_generate_common_url());
96 echo '<p><b>';
97 if ($result != 0) {
98 echo $strMySQLReloaded;
99 } else {
100 echo $strReloadFailed;
102 echo '</b></p>' . "\n\n";
107 * Displays the MySQL servers choice form
109 if ($server == 0 || count($cfg['Servers']) > 1) {
111 <!-- MySQL servers choice form -->
112 <table>
113 <tr>
114 <th><?php echo $strServerChoice; ?></th>
115 </tr>
116 <tr>
117 <td>
118 <form method="post" action="index.php3" target="_parent">
119 <select name="server">
120 <?php
121 echo "\n";
122 reset($cfg['Servers']);
123 while (list($key, $val) = each($cfg['Servers'])) {
124 if (!empty($val['host'])) {
125 echo ' <option value="' . $key . '"';
126 if (!empty($server) && ($server == $key)) {
127 echo ' selected="selected"';
129 echo '>';
130 if (!empty($val['verbose'])) {
131 echo $val['verbose'];
132 } else {
133 echo $val['host'];
134 if (!empty($val['port'])) {
135 echo ':' . $val['port'];
137 // loic1: skip this because it's not a so good idea to display
138 // sockets used to everybody
139 // if (!empty($val['socket']) && PMA_PHP_INT_VERSION >= 30010) {
140 // echo ':' . $val['socket'];
141 // }
143 // loic1: if 'only_db' is an array and there is more than one
144 // value, displaying such informations may not be a so good
145 // idea
146 if (!empty($val['only_db'])) {
147 echo ' - ' . (is_array($val['only_db']) ? implode(', ', $val['only_db']) : $val['only_db']);
149 if (!empty($val['user']) && ($val['auth_type'] == 'config')) {
150 echo ' (' . $val['user'] . ')';
152 echo '&nbsp;</option>' . "\n";
153 } // end if (!empty($val['host']))
154 } // end while
156 </select>
157 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
158 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
159 <input type="submit" value="<?php echo $strGo; ?>" />
160 </form>
161 </td>
162 </tr>
163 </table>
164 <br />
165 <?php
166 } // end of the servers choice form
169 <!-- MySQL and phpMyAdmin related links -->
170 <table>
171 <tr>
173 <?php
175 * Displays the mysql server related links
177 $is_superuser = FALSE;
178 if ($server > 0) {
179 // Get user's global privileges ($dbh and $userlink are links to MySQL
180 // defined in the "common.lib.php3" library)
181 $is_create_priv = FALSE;
182 $is_process_priv = TRUE;
183 $is_reload_priv = FALSE;
185 // We were checking privileges with 'USE mysql' but users with the global
186 // priv CREATE TEMPORARY TABLES or LOCK TABLES can do a 'USE mysql'
187 // (even if they cannot see the tables)
188 $is_superuser = @PMA_mysql_query('SELECT COUNT(*) FROM mysql.user', $userlink);
189 if ($dbh) {
190 $local_query = 'SELECT Create_priv, Process_priv, Reload_priv FROM mysql.user WHERE User = \'' . PMA_sqlAddslashes($mysql_cur_user) . '\'';
191 $rs_usr = PMA_mysql_query($local_query, $dbh); // Debug: or PMA_mysqlDie('', $local_query, FALSE);
192 if ($rs_usr) {
193 while ($result_usr = PMA_mysql_fetch_array($rs_usr)) {
194 if (!$is_create_priv) {
195 $is_create_priv = ($result_usr['Create_priv'] == 'Y');
197 /* 02-12-09 rabus: Every user has access to the process list -
198 at least to its own :-)
199 if (!$is_process_priv) {
200 $is_process_priv = ($result_usr['Process_priv'] == 'Y');
203 if (!$is_reload_priv) {
204 $is_reload_priv = ($result_usr['Reload_priv'] == 'Y');
206 } // end while
207 mysql_free_result($rs_usr);
208 } // end if
209 } // end if
211 // If the user has Create priv on a inexistant db, show him in the dialog
212 // the first inexistant db name that we find, in most cases it's probably
213 // the one he just dropped :)
214 if (!$is_create_priv) {
215 $local_query = 'SELECT DISTINCT Db FROM mysql.db WHERE Create_priv = \'Y\' AND User = \'' . PMA_sqlAddslashes($mysql_cur_user) . '\'';
216 $rs_usr = PMA_mysql_query($local_query, $dbh); // Debug: or PMA_mysqlDie('', $local_query, FALSE);
217 if ($rs_usr) {
218 $re0 = '(^|(\\\\\\\\)+|[^\])'; // non-escaped wildcards
219 $re1 = '(^|[^\])(\\\)+'; // escaped wildcards
220 while ($row = PMA_mysql_fetch_array($rs_usr)) {
221 if (ereg($re0 . '(%|_)', $row['Db'])
222 || (!PMA_mysql_select_db(ereg_replace($re1 . '(%|_)', '\\1\\3', $row['Db']), $userlink) && @mysql_errno() != 1044)) {
223 $db_to_create = ereg_replace($re0 . '%', '\\1...', ereg_replace($re0 . '_', '\\1?', $row['Db']));
224 $db_to_create = ereg_replace($re1 . '(%|_)', '\\1\\3', $db_to_create);
225 $is_create_priv = TRUE;
226 break;
227 } // end if
228 } // end while
229 mysql_free_result($rs_usr);
230 } // end if
231 else if (PMA_MYSQL_INT_VERSION >= 32304) {
232 // Finally, let's try to get the user's privileges by using SHOW
233 // GRANTS...
234 // Maybe we'll find a little CREATE priv there :)
235 $local_query = 'SHOW GRANTS FOR ' . $mysql_cur_user_and_host;
236 $rs_usr = PMA_mysql_query($local_query, $dbh);
237 if (!$rs_usr) {
238 // OK, now we'd have to guess the user's hostname, but we
239 // only try out the 'username'@'%' case.
240 $local_query = 'SHOW GRANTS FOR ' . $mysql_cur_user;
241 $rs_usr = PMA_mysql_query($local_query, $dbh);
243 if ($rs_usr) {
244 $re0 = '(^|(\\\\\\\\)+|[^\])'; // non-escaped wildcards
245 $re1 = '(^|[^\])(\\\)+'; // escaped wildcards
246 while ($row = PMA_mysql_fetch_row($rs_usr)) {
247 $show_grants_dbname = substr($row[0], strpos($row[0], ' ON ') + 4,(strpos($row[0], '.', strpos($row[0], ' ON ')) - strpos($row[0], ' ON ') - 4));
248 $show_grants_str = substr($row[0],6,(strpos($row[0],' ON ')-6));
249 if (($show_grants_str == 'ALL') || ($show_grants_str == 'ALL PRIVILEGES') || ($show_grants_str == 'CREATE') || strpos($show_grants_str, 'CREATE')) {
250 if ($show_grants_dbname == '*') {
251 $is_create_priv = TRUE;
252 $db_to_create = '';
253 break;
254 } // end if
255 else if (ereg($re0 . '%|_', $show_grants_dbname) || !PMA_mysql_select_db($show_grants_dbname, $userlink) && @mysql_errno() != 1044) {
256 $db_to_create = ereg_replace($re0 . '%', '\\1...', ereg_replace($re0 . '_', '\\1?', $show_grants_dbname));
257 $db_to_create = ereg_replace($re1 . '(%|_)', '\\1\\3', $db_to_create);
258 $is_create_priv = TRUE;
259 break;
260 } // end elseif
261 } // end if
262 } // end while
263 unset($show_grants_dbname);
264 unset($show_grants_str);
265 mysql_free_result($rs_usr);
266 } // end if
267 } // end elseif
268 } // end if
269 else {
270 $db_to_create = '';
271 } // end else
273 if (!$cfg['SuggestDBName']) {
274 $db_to_create = '';
277 $common_url_query = PMA_generate_common_url();
279 if ($is_superuser) {
280 $cfg['ShowMysqlInfo'] = TRUE;
281 $cfg['ShowMysqlVars'] = TRUE;
282 $cfg['ShowChgPassword'] = TRUE;
284 if ($cfg['Server']['auth_type'] == 'config') {
285 $cfg['ShowChgPassword'] = FALSE;
288 // loic1: Displays the MySQL column only if at least one feature has to be
289 // displayed
290 if ($is_superuser || $is_create_priv || $is_process_priv || $is_reload_priv
291 || $cfg['ShowMysqlInfo'] || $cfg['ShowMysqlVars'] || $cfg['ShowChgPassword']
292 || $cfg['Server']['auth_type'] != 'config') {
294 <!-- MySQL server related links -->
295 <td valign="top" align="<?php echo $cell_align_left; ?>">
296 <table>
297 <tr>
298 <th colspan="2">&nbsp;&nbsp;MySQL</th>
299 </tr>
300 <?php
301 // The user is allowed to create a db
302 if ($is_create_priv) {
303 echo "\n";
305 <!-- db creation form -->
306 <tr>
307 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
308 <td>
309 <form method="post" action="db_create.php3">
310 <?php echo $strCreateNewDatabase . '&nbsp;' . PMA_showMySQLDocu('Reference', 'CREATE_DATABASE'); ?><br />
311 <?php echo PMA_generate_common_hidden_inputs(); ?>
312 <input type="hidden" name="reload" value="1" />
313 <input type="text" name="db" value="<?php echo $db_to_create; ?>" maxlength="64" class="textfield" />
314 <input type="submit" value="<?php echo $strCreate; ?>" />
315 </form>
316 </td>
317 </tr>
318 <?php
319 } else {
320 echo "\n";
322 <!-- db creation no privileges message -->
323 <tr>
324 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
325 <td>
326 <?php echo $strCreateNewDatabase . ':&nbsp;' . PMA_showMySQLDocu('Reference', 'CREATE_DATABASE'); ?><br />
327 <?php echo '<i>' . $strNoPrivileges .'</i>'; ?><br />
328 </td>
329 </tr>
330 <?php
331 } // end create db form or message
332 echo "\n";
334 // Server related links
336 <!-- server-related links -->
337 <?php
338 if ($cfg['ShowMysqlInfo']) {
339 echo "\n";
341 <tr>
342 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
343 <td>
344 <a href="./server_status.php3?<?php echo $common_url_query; ?>">
345 <?php echo $strMySQLShowStatus . "\n"; ?>
346 </a>
347 </td>
348 </tr>
349 <?php
350 } // end if
351 if ($cfg['ShowMysqlVars']) {
352 echo "\n";
354 <tr>
355 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
356 <td>
357 <a href="./server_variables.php3?<?php echo $common_url_query; ?>">
358 <?php echo $strMySQLShowVars;?></a>&nbsp;
359 <?php echo PMA_showMySQLDocu('MySQL_Database_Administration', 'SHOW_VARIABLES') . "\n"; ?>
360 </td>
361 </tr>
362 <?php
365 // if ($is_process_priv) {
366 echo "\n";
368 <tr>
369 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
370 <td>
371 <a href="./server_processlist.php3?<?php echo $common_url_query; ?>">
372 <?php echo $strMySQLShowProcess; ?></a>&nbsp;
373 <?php echo PMA_showMySQLDocu('MySQL_Database_Administration', 'SHOW_PROCESSLIST') . "\n"; ?>
374 </td>
375 </tr>
376 <?php
377 // } // end if
379 if ($is_reload_priv) {
380 echo "\n";
382 <tr>
383 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
384 <td>
385 <a href="main.php3?<?php echo $common_url_query; ?>&amp;mode=reload">
386 <?php echo $strReloadMySQL; ?></a>&nbsp;
387 <?php echo PMA_showMySQLDocu('MySQL_Database_Administration', 'FLUSH') . "\n"; ?>
388 </td>
389 </tr>
390 <?php
393 if ($is_superuser) {
394 echo "\n";
396 <tr>
397 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
398 <td>
399 <a href="server_privileges.php3?<?php echo $common_url_query; ?>">
400 <?php echo $strPrivileges; ?></a>&nbsp;
401 </td>
402 </tr>
403 <?php
406 <tr>
407 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
408 <td>
409 <a href="./server_databases.php3?<?php echo $common_url_query; ?>">
410 <?php echo $strDatabases; ?></a>
411 </td>
412 </tr>
413 <tr>
414 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
415 <td>
416 <a href="./server_export.php3?<?php echo $common_url_query; ?>">
417 <?php echo $strExport; ?></a>
418 </td>
419 </tr>
420 <?php
422 // Change password (needs another message)
423 if ($cfg['ShowChgPassword']) {
424 echo "\n";
426 <tr>
427 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
428 <td>
429 <a href="user_password.php3?<?php echo $common_url_query; ?>">
430 <?php echo ($strChangePassword); ?></a>
431 </td>
432 </tr>
433 <?php
434 } // end if
436 // Logout for advanced authentication
437 if ($cfg['Server']['auth_type'] != 'config') {
438 $http_logout = ($cfg['Server']['auth_type'] == 'http')
439 ? "\n" . ' <a href="./Documentation.html#login_bug" target="documentation">(*)</a>'
440 : '';
441 echo "\n";
443 <tr>
444 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
445 <td>
446 <a href="index.php3?<?php echo $common_url_query; ?>&amp;old_usr=<?php echo urlencode($PHP_AUTH_USER); ?>" target="_parent">
447 <b><?php echo $strLogout; ?></b></a>&nbsp;<?php echo $http_logout . "\n"; ?>
448 </td>
449 </tr>
450 <?php
451 } // end if
452 echo "\n";
454 </table>
455 </td>
457 <td>&nbsp;&nbsp;&nbsp;&nbsp;</td>
458 <?php
459 } // end if
460 } // end of if ($server > 0)
461 echo "\n";
465 * Displays the phpMyAdmin related links
469 <!-- phpMyAdmin related links -->
470 <td valign="top" align="<?php echo $cell_align_left; ?>">
471 <table>
472 <tr>
473 <th colspan="2">&nbsp;&nbsp;phpMyAdmin</th>
474 </tr>
476 <?php
477 // Displays language selection combo
478 if (empty($cfg['Lang'])) {
480 <!-- Language Selection -->
481 <tr>
482 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
483 <td nowrap="nowrap">
484 <form method="post" action="index.php3" target="_parent">
485 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
486 <input type="hidden" name="server" value="<?php echo $server; ?>" />
487 Language <a href="./translators.html" target="documentation">(*)</a>:
488 <select name="lang" dir="ltr" onchange="this.form.submit();">
489 <?php
490 echo "\n";
493 * Sorts available languages by their true names
495 * @param array the array to be sorted
496 * @param mixed a required parameter
498 * @return the sorted array
500 * @access private
502 function PMA_cmp(&$a, $b)
504 return (strcmp($a[1], $b[1]));
505 } // end of the 'PMA_cmp()' function
507 uasort($available_languages, 'PMA_cmp');
508 reset($available_languages);
509 while (list($id, $tmplang) = each($available_languages)) {
510 $lang_name = ucfirst(substr(strstr($tmplang[0], '|'), 1));
511 if ($lang == $id) {
512 $selected = ' selected="selected"';
513 } else {
514 $selected = '';
516 echo ' ';
517 echo '<option value="' . $id . '"' . $selected . '>' . $lang_name . ' (' . $id . ')</option>' . "\n";
520 </select>
521 <noscript><input type="submit" value="Go" /></noscript>
522 </form>
523 </td>
524 </tr>
525 <?php
528 if (isset($cfg['AllowAnywhereRecoding']) && $cfg['AllowAnywhereRecoding']
529 && $allow_recoding) {
530 echo "\n";
532 <!-- Charset Selection -->
533 <tr>
534 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
535 <td nowrap="nowrap">
536 <form method="post" action="index.php3" target="_parent">
537 <input type="hidden" name="server" value="<?php echo $server; ?>" />
538 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
539 <?php echo $strMySQLCharset;?>:
540 <select name="convcharset" dir="ltr" onchange="this.form.submit();">
541 <?php
542 echo "\n";
543 reset($cfg['AvailableCharsets']);
544 while (list($id, $tmpcharset) = each($cfg['AvailableCharsets'])) {
545 if ($convcharset == $tmpcharset) {
546 $selected = ' selected="selected"';
547 } else {
548 $selected = '';
550 echo ' ';
551 echo '<option value="' . $tmpcharset . '"' . $selected . '>' . $tmpcharset . '</option>' . "\n";
554 </select>
555 <noscript><input type="submit" value="Go" /></noscript>
556 </form>
557 </td>
558 </tr>
559 <?php
561 echo "\n";
564 <!-- Documentation -->
565 <tr>
566 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
567 <td>
568 <a href="Documentation.html" target="documentation"><b><?php echo $strPmaDocumentation; ?></b></a>
569 </td>
570 </tr>
572 <?php
573 if ($is_superuser || $cfg['ShowPhpInfo']) {
575 <!-- PHP Information -->
576 <tr>
577 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
578 <td>
579 <a href="phpinfo.php3?<?php echo PMA_generate_common_url(); ?>" target="_blank"><?php echo $strShowPHPInfo; ?></a>
580 </td>
581 </tr>
582 <?php
584 echo "\n";
587 <!-- phpMyAdmin related urls -->
588 <tr>
589 <td valign="baseline"><img src="<?php echo $item_img; ?>" width="7" height="7" alt="item" /></td>
590 <td>
591 <a href="http://www.phpMyAdmin.net/" target="_blank"><?php echo $strHomepageOfficial; ?></a><br />
592 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[<a href="ChangeLog" target="_blank">ChangeLog</a>]
593 &nbsp;&nbsp;&nbsp;[<a href="http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/phpmyadmin/phpMyAdmin/" target="_blank">CVS</a>]
594 &nbsp;&nbsp;&nbsp;[<a href="http://sourceforge.net/mail/?group_id=23067" target="_blank">Lists</a>]
595 </td>
596 </tr>
597 </table>
598 </td>
600 </tr>
601 </table>
604 <?php
606 * Displays the "empty $cfg['PmaAbsoluteUri'] warning"
608 if ($display_pmaAbsoluteUri_warning) {
609 echo '<p class="warning">' . $strPmaUriError . '</p>' . "\n";
613 * Warning if using the default MySQL privileged account
615 if ($server != 0
616 && $cfg['Server']['user'] == 'root'
617 && $cfg['Server']['password'] == '') {
618 echo '<p class="warning">' . $strInsecureMySQL . '</p>' . "\n";
622 * Warning for PHP 4.2.3
625 if (PMA_PHP_INT_VERSION == 40203 && @extension_loaded('mbstring')) {
626 echo '<p class="warning">' . $strPHP40203 . '</p>' . "\n";
630 * Displays the footer
632 echo "\n";
633 require('./footer.inc.php3');