search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
3.2.3 release
[phpmyadmin/crack.git] / libraries / common.inc.php
blob1ebbb88d0a9fdd9f1a1c96f55bf475f2e0ebae90
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Misc stuff and REQUIRED by ALL the scripts.
5 * MUST be included by every script
6 *
7 * Among other things, it contains the advanced authentication work.
8 *
9 * Order of sections for common.inc.php:
10 *
11 * the authentication libraries must be before the connection to db
12 *
13 * ... so the required order is:
14 *
15 * LABEL_variables_init
16 * - initialize some variables always needed
17 * LABEL_parsing_config_file
18 * - parsing of the configuration file
19 * LABEL_loading_language_file
20 * - loading language file
21 * LABEL_setup_servers
22 * - check and setup configured servers
23 * LABEL_theme_setup
24 * - setting up themes
25 *
26 * - load of MySQL extension (if necessary)
27 * - loading of an authentication library
28 * - db connection
29 * - authentication work
30 *
31 * @version $Id$
32 * @package phpMyAdmin
33 */
34
35 /**
36 * Minimum PHP version; can't call PMA_fatalError() which uses a
37 * PHP 5 function, so cannot easily localize this message.
38 */
39 if (version_compare(PHP_VERSION, '5.2.0', 'lt')) {
40 die('PHP 5.2+ is required');
41 }
42
43 /**
44 * Backward compatibility for PHP 5.2
45 */
46 if (!defined('E_DEPRECATED')) {
47 define('E_DEPRECATED', 8192);
48 }
49
50 /**
51 * the error handler
52 */
53 require_once './libraries/Error_Handler.class.php';
54
55 /**
56 * initialize the error handler
57 */
58 $GLOBALS['error_handler'] = new PMA_Error_Handler();
59 $cfg['Error_Handler']['display'] = TRUE;
60
61 // at this point PMA_PHP_INT_VERSION is not yet defined
62 if (version_compare(phpversion(), '6', 'lt')) {
63 /**
64 * Avoid object cloning errors
65 */
66 @ini_set('zend.ze1_compatibility_mode', false);
67
68 /**
69 * Avoid problems with magic_quotes_runtime
70 */
71 @ini_set('magic_quotes_runtime', false);
72 }
73
74 /**
75 * for verification in all procedural scripts under libraries
76 */
77 define('PHPMYADMIN', true);
78
79 /**
80 * core functions
81 */
82 require_once './libraries/core.lib.php';
83
84 /**
85 * Input sanitizing
86 */
87 require_once './libraries/sanitizing.lib.php';
88
89 /**
90 * the PMA_Theme class
91 */
92 require_once './libraries/Theme.class.php';
93
94 /**
95 * the PMA_Theme_Manager class
96 */
97 require_once './libraries/Theme_Manager.class.php';
98
99 /**
100 * the PMA_Config class
101 */
102 require_once './libraries/Config.class.php';
103
104 /**
105 * the PMA_Table class
106 */
107 require_once './libraries/Table.class.php';
108
109 if (!defined('PMA_MINIMUM_COMMON')) {
110 /**
111 * common functions
112 */
113 require_once './libraries/common.lib.php';
114
115 /**
116 * Java script escaping.
117 */
118 require_once './libraries/js_escape.lib.php';
119
120 /**
121 * Include URL/hidden inputs generating.
122 */
123 require_once './libraries/url_generating.lib.php';
124 }
125
126 /******************************************************************************/
127 /* start procedural code label_start_procedural */
128
129 /**
130 * protect against possible exploits - there is no need to have so much variables
131 */
132 if (count($_REQUEST) > 1000) {
133 die('possible exploit');
134 }
135
136 /**
137 * Check for numeric keys
138 * (if register_globals is on, numeric key can be found in $GLOBALS)
139 */
140 foreach ($GLOBALS as $key => $dummy) {
141 if (is_numeric($key)) {
142 die('numeric key detected');
143 }
144 }
145 unset($dummy);
146
147 /**
148 * PATH_INFO could be compromised if set, so remove it from PHP_SELF
149 * and provide a clean PHP_SELF here
150 */
151 $PMA_PHP_SELF = PMA_getenv('PHP_SELF');
152 $_PATH_INFO = PMA_getenv('PATH_INFO');
153 if (! empty($_PATH_INFO) && ! empty($PMA_PHP_SELF)) {
154 $path_info_pos = strrpos($PMA_PHP_SELF, $_PATH_INFO);
155 if ($path_info_pos + strlen($_PATH_INFO) === strlen($PMA_PHP_SELF)) {
156 $PMA_PHP_SELF = substr($PMA_PHP_SELF, 0, $path_info_pos);
157 }
158 }
159 $PMA_PHP_SELF = htmlspecialchars($PMA_PHP_SELF);
160
161
162 /**
163 * just to be sure there was no import (registering) before here
164 * we empty the global space (but avoid unsetting $variables_list
165 * and $key in the foreach(), we still need them!)
166 */
167 $variables_whitelist = array (
168 'GLOBALS',
169 '_SERVER',
170 '_GET',
171 '_POST',
172 '_REQUEST',
173 '_FILES',
174 '_ENV',
175 '_COOKIE',
176 '_SESSION',
177 'error_handler',
178 'PMA_PHP_SELF',
179 'variables_whitelist',
180 'key'
181 );
182
183 foreach (get_defined_vars() as $key => $value) {
184 if (! in_array($key, $variables_whitelist)) {
185 unset($$key);
186 }
187 }
188 unset($key, $value, $variables_whitelist);
189
190
191 /**
192 * Subforms - some functions need to be called by form, cause of the limited URL
193 * length, but if this functions inside another form you cannot just open a new
194 * form - so phpMyAdmin uses 'arrays' inside this form
195 *
196 * <code>
197 * <form ...>
198 * ... main form elments ...
199 * <input type="hidden" name="subform[action1][id]" value="1" />
200 * ... other subform data ...
201 * <input type="submit" name="usesubform[action1]" value="do action1" />
202 * ... other subforms ...
203 * <input type="hidden" name="subform[actionX][id]" value="X" />
204 * ... other subform data ...
205 * <input type="submit" name="usesubform[actionX]" value="do actionX" />
206 * ... main form elments ...
207 * <input type="submit" name="main_action" value="submit form" />
208 * </form>
209 * </code>
210 *
211 * so we now check if a subform is submitted
212 */
213 $__redirect = null;
214 if (isset($_POST['usesubform'])) {
215 // if a subform is present and should be used
216 // the rest of the form is deprecated
217 $subform_id = key($_POST['usesubform']);
218 $subform = $_POST['subform'][$subform_id];
219 $_POST = $subform;
220 $_REQUEST = $subform;
221 /**
222 * some subforms need another page than the main form, so we will just
223 * include this page at the end of this script - we use $__redirect to
224 * track this
225 */
226 if (isset($_POST['redirect'])
227 && $_POST['redirect'] != basename($PMA_PHP_SELF)) {
228 $__redirect = $_POST['redirect'];
229 unset($_POST['redirect']);
230 }
231 unset($subform_id, $subform);
232 } else {
233 // Note: here we overwrite $_REQUEST so that it does not contain cookies,
234 // because another application for the same domain could have set
235 // a cookie (with a compatible path) that overrides a variable
236 // we expect from GET or POST.
237 // We'll refer to cookies explicitly with the $_COOKIE syntax.
238 $_REQUEST = array_merge($_GET, $_POST);
239 }
240 // end check if a subform is submitted
241
242 // remove quotes added by php
243 if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
244 PMA_arrayWalkRecursive($_GET, 'stripslashes', true);
245 PMA_arrayWalkRecursive($_POST, 'stripslashes', true);
246 PMA_arrayWalkRecursive($_COOKIE, 'stripslashes', true);
247 PMA_arrayWalkRecursive($_REQUEST, 'stripslashes', true);
248 }
249
250 /**
251 * clean cookies on upgrade
252 * when changing something related to PMA cookies, increment the cookie version
253 */
254 $pma_cookie_version = 4;
255 if (isset($_COOKIE)
256 && (isset($_COOKIE['pmaCookieVer'])
257 && $_COOKIE['pmaCookieVer'] < $pma_cookie_version)) {
258 // delete all cookies
259 foreach($_COOKIE as $cookie_name => $tmp) {
260 PMA_removeCookie($cookie_name);
261 }
262 $_COOKIE = array();
263 PMA_setCookie('pmaCookieVer', $pma_cookie_version);
264 }
265
266 /**
267 * include deprecated grab_globals only if required
268 */
269 if (empty($__redirect) && !defined('PMA_NO_VARIABLES_IMPORT')) {
270 require './libraries/grab_globals.lib.php';
271 }
272
273 /**
274 * check timezone setting
275 * this could produce an E_STRICT - but only once,
276 * if not done here it will produce E_STRICT on every date/time function
277 *
278 * @todo need to decide how we should handle this (without @)
279 */
280 date_default_timezone_set(@date_default_timezone_get());
281
282 /**
283 * include session handling after the globals, to prevent overwriting
284 */
285 require_once './libraries/session.inc.php';
286
287 /**
288 * init some variables LABEL_variables_init
289 */
290
291 /**
292 * holds parameters to be passed to next page
293 * @global array $GLOBALS['url_params']
294 */
295 $GLOBALS['url_params'] = array();
296
297 /**
298 * the whitelist for $GLOBALS['goto']
299 * @global array $goto_whitelist
300 */
301 $goto_whitelist = array(
302 //'browse_foreigners.php',
303 //'calendar.php',
304 //'changelog.php',
305 //'chk_rel.php',
306 'db_create.php',
307 'db_datadict.php',
308 'db_sql.php',
309 'db_export.php',
310 'db_importdocsql.php',
311 'db_qbe.php',
312 'db_structure.php',
313 'db_import.php',
314 'db_operations.php',
315 'db_printview.php',
316 'db_search.php',
317 //'Documentation.html',
318 //'error.php',
319 'export.php',
320 'import.php',
321 //'index.php',
322 //'navigation.php',
323 //'license.php',
324 'main.php',
325 'pdf_pages.php',
326 'pdf_schema.php',
327 //'phpinfo.php',
328 'querywindow.php',
329 //'readme.php',
330 'server_binlog.php',
331 'server_collations.php',
332 'server_databases.php',
333 'server_engines.php',
334 'server_export.php',
335 'server_import.php',
336 'server_privileges.php',
337 'server_processlist.php',
338 'server_sql.php',
339 'server_status.php',
340 'server_variables.php',
341 'sql.php',
342 'tbl_addfield.php',
343 'tbl_alter.php',
344 'tbl_change.php',
345 'tbl_create.php',
346 'tbl_import.php',
347 'tbl_indexes.php',
348 'tbl_move_copy.php',
349 'tbl_printview.php',
350 'tbl_sql.php',
351 'tbl_export.php',
352 'tbl_operations.php',
353 'tbl_structure.php',
354 'tbl_relation.php',
355 'tbl_replace.php',
356 'tbl_row_action.php',
357 'tbl_select.php',
358 //'themes.php',
359 'transformation_overview.php',
360 'transformation_wrapper.php',
361 'translators.html',
362 'user_password.php',
363 );
364
365 /**
366 * check $__redirect against whitelist
367 */
368 if (! PMA_checkPageValidity($__redirect, $goto_whitelist)) {
369 $__redirect = null;
370 }
371
372 /**
373 * holds page that should be displayed
374 * @global string $GLOBALS['goto']
375 */
376 $GLOBALS['goto'] = '';
377 // Security fix: disallow accessing serious server files via "?goto="
378 if (PMA_checkPageValidity($_REQUEST['goto'], $goto_whitelist)) {
379 $GLOBALS['goto'] = $_REQUEST['goto'];
380 $GLOBALS['url_params']['goto'] = $_REQUEST['goto'];
381 } else {
382 unset($_REQUEST['goto'], $_GET['goto'], $_POST['goto'], $_COOKIE['goto']);
383 }
384
385 /**
386 * returning page
387 * @global string $GLOBALS['back']
388 */
389 if (PMA_checkPageValidity($_REQUEST['back'], $goto_whitelist)) {
390 $GLOBALS['back'] = $_REQUEST['back'];
391 } else {
392 unset($_REQUEST['back'], $_GET['back'], $_POST['back'], $_COOKIE['back']);
393 }
394
395 /**
396 * Check whether user supplied token is valid, if not remove any possibly
397 * dangerous stuff from request.
398 *
399 * remember that some objects in the session with session_start and __wakeup()
400 * could access this variables before we reach this point
401 * f.e. PMA_Config: fontsize
402 *
403 * @todo variables should be handled by their respective owners (objects)
404 * f.e. lang, server, convcharset, collation_connection in PMA_Config
405 */
406 if (! PMA_isValid($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) {
407 /**
408 * List of parameters which are allowed from unsafe source
409 */
410 $allow_list = array(
411 /* needed for direct access, see FAQ 1.34
412 * also, server needed for cookie login screen (multi-server)
413 */
414 'server', 'db', 'table', 'target',
415 /* Session ID */
416 'phpMyAdmin',
417 /* Cookie preferences */
418 'pma_lang', 'pma_charset', 'pma_collation_connection',
419 /* Possible login form */
420 'pma_servername', 'pma_username', 'pma_password',
421 /* rajk - for playing blobstreamable media */
422 'media_type', 'custom_type', 'bs_reference',
423 /* rajk - for changing BLOB repository file MIME type */
424 'bs_db', 'bs_table', 'bs_ref', 'bs_new_mime_type'
425 );
426 /**
427 * Require cleanup functions
428 */
429 require_once './libraries/cleanup.lib.php';
430 /**
431 * Do actual cleanup
432 */
433 PMA_remove_request_vars($allow_list);
434
435 }
436
437
438 /**
439 * @global string $GLOBALS['convcharset']
440 * @see select_lang.lib.php
441 */
442 if (isset($_REQUEST['convcharset'])) {
443 $GLOBALS['convcharset'] = strip_tags($_REQUEST['convcharset']);
444 }
445
446 /**
447 * current selected database
448 * @global string $GLOBALS['db']
449 */
450 $GLOBALS['db'] = '';
451 if (PMA_isValid($_REQUEST['db'])) {
452 // can we strip tags from this?
453 // only \ and / is not allowed in db names for MySQL
454 $GLOBALS['db'] = $_REQUEST['db'];
455 $GLOBALS['url_params']['db'] = $GLOBALS['db'];
456 }
457
458 /**
459 * current selected table
460 * @global string $GLOBALS['table']
461 */
462 $GLOBALS['table'] = '';
463 if (PMA_isValid($_REQUEST['table'])) {
464 // can we strip tags from this?
465 // only \ and / is not allowed in table names for MySQL
466 $GLOBALS['table'] = $_REQUEST['table'];
467 $GLOBALS['url_params']['table'] = $GLOBALS['table'];
468 }
469
470 /**
471 * SQL query to be executed
472 * @global string $GLOBALS['sql_query']
473 */
474 $GLOBALS['sql_query'] = '';
475 if (PMA_isValid($_REQUEST['sql_query'])) {
476 $GLOBALS['sql_query'] = $_REQUEST['sql_query'];
477 }
478
479 /**
480 * avoid problems in phpmyadmin.css.php in some cases
481 * @global string $js_frame
482 */
483 $_REQUEST['js_frame'] = PMA_ifSetOr($_REQUEST['js_frame'], '');
484
485 //$_REQUEST['set_theme'] // checked later in this file LABEL_theme_setup
486 //$_REQUEST['server']; // checked later in this file
487 //$_REQUEST['lang']; // checked by LABEL_loading_language_file
488
489
490 /**
491 * holds name of JavaScript files to be included in HTML header
492 * @global array $js_include
493 */
494 $GLOBALS['js_include'] = array();
495
496 /**
497 * holds locale messages required by JavaScript function
498 * @global array $js_messages
499 */
500 $GLOBALS['js_messages'] = array();
501
502 /**
503 * JavaScript events that will be registered
504 * @global array $js_events
505 */
506 $GLOBALS['js_events'] = array();
507
508 /**
509 * footnotes to be displayed ot the page bottom
510 * @global array $footnotes
511 */
512 $GLOBALS['footnotes'] = array();
513
514 /******************************************************************************/
515 /* parsing configuration file LABEL_parsing_config_file */
516
517 /**
518 * We really need this one!
519 */
520 if (! function_exists('preg_replace')) {
521 PMA_fatalError('strCantLoad', 'pcre');
522 }
523
524 /**
525 * @global PMA_Config $_SESSION['PMA_Config']
526 * force reading of config file, because we removed sensitive values
527 * in the previous iteration
528 */
529 $_SESSION['PMA_Config'] = new PMA_Config('./config.inc.php');
530
531 if (!defined('PMA_MINIMUM_COMMON')) {
532 $_SESSION['PMA_Config']->checkPmaAbsoluteUri();
533 }
534
535 /**
536 * BC - enable backward compatibility
537 * exports all configuration settings into $GLOBALS ($GLOBALS['cfg'])
538 */
539 $_SESSION['PMA_Config']->enableBc();
540
541
542 /**
543 * check HTTPS connection
544 */
545 if ($_SESSION['PMA_Config']->get('ForceSSL')
546 && !$_SESSION['PMA_Config']->get('is_https')) {
547 PMA_sendHeaderLocation(
548 preg_replace('/^http/', 'https',
549 $_SESSION['PMA_Config']->get('PmaAbsoluteUri'))
550 . PMA_generate_common_url($_GET, 'text'));
551 // delete the current session, otherwise we get problems (see bug #2397877)
552 PMA_removeCookie($GLOBALS['session_name']);
553 exit;
554 }
555
556
557 /******************************************************************************/
558 /* loading language file LABEL_loading_language_file */
559
560 /**
561 * Added messages while developing:
562 */
563 if (file_exists('./lang/added_messages.php')) {
564 include './lang/added_messages.php';
565 }
566
567 /**
568 * lang detection is done here
569 */
570 require_once './libraries/select_lang.lib.php';
571
572 /**
573 * check for errors occurred while loading configuration
574 * this check is done here after loading language files to present errors in locale
575 */
576 if ($_SESSION['PMA_Config']->error_config_file) {
577 $error = $strConfigFileError
578 . '<br /><br />'
579 . ($_SESSION['PMA_Config']->getSource() == './config.inc.php' ?
580 '<a href="show_config_errors.php"'
581 .' target="_blank">' . $_SESSION['PMA_Config']->getSource() . '</a>'
582 :
583 '<a href="' . $_SESSION['PMA_Config']->getSource() . '"'
584 .' target="_blank">' . $_SESSION['PMA_Config']->getSource() . '</a>');
585 trigger_error($error, E_USER_ERROR);
586 }
587 if ($_SESSION['PMA_Config']->error_config_default_file) {
588 $error = sprintf($strConfigDefaultFileError,
589 $_SESSION['PMA_Config']->default_source);
590 trigger_error($error, E_USER_ERROR);
591 }
592 if ($_SESSION['PMA_Config']->error_pma_uri) {
593 trigger_error($strPmaUriError, E_USER_ERROR);
594 }
595
596
597 /******************************************************************************/
598 /* setup servers LABEL_setup_servers */
599
600 /**
601 * current server
602 * @global integer $GLOBALS['server']
603 */
604 $GLOBALS['server'] = 0;
605
606 /**
607 * Servers array fixups.
608 * $default_server comes from PMA_Config::enableBc()
609 * @todo merge into PMA_Config
610 */
611 // Do we have some server?
612 if (!isset($cfg['Servers']) || count($cfg['Servers']) == 0) {
613 // No server => create one with defaults
614 $cfg['Servers'] = array(1 => $default_server);
615 } else {
616 // We have server(s) => apply default configuration
617 $new_servers = array();
618
619 foreach ($cfg['Servers'] as $server_index => $each_server) {
620
621 // Detect wrong configuration
622 if (!is_int($server_index) || $server_index < 1) {
623 trigger_error(sprintf($strInvalidServerIndex, $server_index), E_USER_ERROR);
624 }
625
626 $each_server = array_merge($default_server, $each_server);
627
628 // Don't use servers with no hostname
629 if ($each_server['connect_type'] == 'tcp' && empty($each_server['host'])) {
630 trigger_error(sprintf($strInvalidServerHostname, $server_index), E_USER_ERROR);
631 }
632
633 // Final solution to bug #582890
634 // If we are using a socket connection
635 // and there is nothing in the verbose server name
636 // or the host field, then generate a name for the server
637 // in the form of "Server 2", localized of course!
638 if ($each_server['connect_type'] == 'socket' && empty($each_server['host']) && empty($each_server['verbose'])) {
639 $each_server['verbose'] = $GLOBALS['strServer'] . $server_index;
640 }
641
642 $new_servers[$server_index] = $each_server;
643 }
644 $cfg['Servers'] = $new_servers;
645 unset($new_servers, $server_index, $each_server);
646 }
647
648 // Cleanup
649 unset($default_server);
650
651
652 /******************************************************************************/
653 /* setup themes LABEL_theme_setup */
654
655 if (isset($_REQUEST['custom_color_reset'])) {
656 unset($_SESSION['userconf']['custom_color']);
657 unset($_SESSION['userconf']['custom_color_rgb']);
658 } elseif (isset($_REQUEST['custom_color'])) {
659 $_SESSION['userconf']['custom_color'] = $_REQUEST['custom_color'];
660 $_SESSION['userconf']['custom_color_rgb'] = $_REQUEST['custom_color_rgb'];
661 }
662 /**
663 * @global PMA_Theme_Manager $_SESSION['PMA_Theme_Manager']
664 */
665 if (! isset($_SESSION['PMA_Theme_Manager'])) {
666 $_SESSION['PMA_Theme_Manager'] = new PMA_Theme_Manager;
667 } else {
668 /**
669 * @todo move all __wakeup() functionality into session.inc.php
670 */
671 $_SESSION['PMA_Theme_Manager']->checkConfig();
672 }
673
674 // for the theme per server feature
675 if (isset($_REQUEST['server']) && !isset($_REQUEST['set_theme'])) {
676 $GLOBALS['server'] = $_REQUEST['server'];
677 $tmp = $_SESSION['PMA_Theme_Manager']->getThemeCookie();
678 if (empty($tmp)) {
679 $tmp = $_SESSION['PMA_Theme_Manager']->theme_default;
680 }
681 $_SESSION['PMA_Theme_Manager']->setActiveTheme($tmp);
682 unset($tmp);
683 }
684 /**
685 * @todo move into PMA_Theme_Manager::__wakeup()
686 */
687 if (isset($_REQUEST['set_theme'])) {
688 // if user selected a theme
689 $_SESSION['PMA_Theme_Manager']->setActiveTheme($_REQUEST['set_theme']);
690 }
691
692 /**
693 * the theme object
694 * @global PMA_Theme $_SESSION['PMA_Theme']
695 */
696 $_SESSION['PMA_Theme'] = $_SESSION['PMA_Theme_Manager']->theme;
697
698 // BC
699 /**
700 * the active theme
701 * @global string $GLOBALS['theme']
702 */
703 $GLOBALS['theme'] = $_SESSION['PMA_Theme']->getName();
704 /**
705 * the theme path
706 * @global string $GLOBALS['pmaThemePath']
707 */
708 $GLOBALS['pmaThemePath'] = $_SESSION['PMA_Theme']->getPath();
709 /**
710 * the theme image path
711 * @global string $GLOBALS['pmaThemeImage']
712 */
713 $GLOBALS['pmaThemeImage'] = $_SESSION['PMA_Theme']->getImgPath();
714
715 /**
716 * load layout file if exists
717 */
718 if (@file_exists($_SESSION['PMA_Theme']->getLayoutFile())) {
719 include $_SESSION['PMA_Theme']->getLayoutFile();
720 /**
721 * @todo remove if all themes are update use Navi instead of Left as frame name
722 */
723 if (! isset($GLOBALS['cfg']['NaviWidth'])
724 && isset($GLOBALS['cfg']['LeftWidth'])) {
725 $GLOBALS['cfg']['NaviWidth'] = $GLOBALS['cfg']['LeftWidth'];
726 }
727 }
728
729 if (! defined('PMA_MINIMUM_COMMON')) {
730 /**
731 * Character set conversion.
732 */
733 require_once './libraries/charset_conversion.lib.php';
734
735 /**
736 * String handling
737 */
738 require_once './libraries/string.lib.php';
739
740 /**
741 * Lookup server by name
742 * by Arnold - Helder Hosting
743 * (see FAQ 4.8)
744 */
745 if (! empty($_REQUEST['server']) && is_string($_REQUEST['server'])
746 && ! is_numeric($_REQUEST['server'])) {
747 foreach ($cfg['Servers'] as $i => $server) {
748 if ($server['host'] == $_REQUEST['server']) {
749 $_REQUEST['server'] = $i;
750 break;
751 }
752 }
753 if (is_string($_REQUEST['server'])) {
754 unset($_REQUEST['server']);
755 }
756 unset($i);
757 }
758
759 /**
760 * If no server is selected, make sure that $cfg['Server'] is empty (so
761 * that nothing will work), and skip server authentication.
762 * We do NOT exit here, but continue on without logging into any server.
763 * This way, the welcome page will still come up (with no server info) and
764 * present a choice of servers in the case that there are multiple servers
765 * and '$cfg['ServerDefault'] = 0' is set.
766 */
767
768 if (isset($_REQUEST['server']) && (is_string($_REQUEST['server']) || is_numeric($_REQUEST['server'])) && ! empty($_REQUEST['server']) && ! empty($cfg['Servers'][$_REQUEST['server']])) {
769 $GLOBALS['server'] = $_REQUEST['server'];
770 $cfg['Server'] = $cfg['Servers'][$GLOBALS['server']];
771 } else {
772 if (!empty($cfg['Servers'][$cfg['ServerDefault']])) {
773 $GLOBALS['server'] = $cfg['ServerDefault'];
774 $cfg['Server'] = $cfg['Servers'][$GLOBALS['server']];
775 } else {
776 $GLOBALS['server'] = 0;
777 $cfg['Server'] = array();
778 }
779 }
780 $GLOBALS['url_params']['server'] = $GLOBALS['server'];
781
782 /**
783 * Kanji encoding convert feature appended by Y.Kawada (2002/2/20)
784 */
785 if (function_exists('mb_convert_encoding')
786 && strpos($lang, 'ja-') !== false) {
787 require_once './libraries/kanji-encoding.lib.php';
788 /**
789 * enable multibyte string support
790 */
791 define('PMA_MULTIBYTE_ENCODING', 1);
792 } // end if
793
794 /**
795 * save some settings in cookies
796 * @todo should be done in PMA_Config
797 */
798 PMA_setCookie('pma_lang', $GLOBALS['lang']);
799 PMA_setCookie('pma_charset', $GLOBALS['convcharset']);
800 PMA_setCookie('pma_collation_connection', $GLOBALS['collation_connection']);
801
802 $_SESSION['PMA_Theme_Manager']->setThemeCookie();
803
804 if (! empty($cfg['Server'])) {
805
806 /**
807 * Loads the proper database interface for this server
808 */
809 require_once './libraries/database_interface.lib.php';
810
811 require_once './libraries/logging.lib.php';
812
813 // Gets the authentication library that fits the $cfg['Server'] settings
814 // and run authentication
815
816 // to allow HTTP or http
817 $cfg['Server']['auth_type'] = strtolower($cfg['Server']['auth_type']);
818 if (! file_exists('./libraries/auth/' . $cfg['Server']['auth_type'] . '.auth.lib.php')) {
819 PMA_fatalError($strInvalidAuthMethod . ' ' . $cfg['Server']['auth_type']);
820 }
821 /**
822 * the required auth type plugin
823 */
824 require_once './libraries/auth/' . $cfg['Server']['auth_type'] . '.auth.lib.php';
825
826 if (!PMA_auth_check()) {
827 PMA_auth();
828 } else {
829 PMA_auth_set_user();
830 }
831
832 // Check IP-based Allow/Deny rules as soon as possible to reject the
833 // user
834 // Based on mod_access in Apache:
835 // http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/aaa/mod_access.c?rev=1.37&content-type=text/vnd.viewcvs-markup
836 // Look at: "static int check_dir_access(request_rec *r)"
837 // Robbat2 - May 10, 2002
838 if (isset($cfg['Server']['AllowDeny'])
839 && isset($cfg['Server']['AllowDeny']['order'])) {
840
841 /**
842 * ip based access library
843 */
844 require_once './libraries/ip_allow_deny.lib.php';
845
846 $allowDeny_forbidden = false; // default
847 if ($cfg['Server']['AllowDeny']['order'] == 'allow,deny') {
848 $allowDeny_forbidden = true;
849 if (PMA_allowDeny('allow')) {
850 $allowDeny_forbidden = false;
851 }
852 if (PMA_allowDeny('deny')) {
853 $allowDeny_forbidden = true;
854 }
855 } elseif ($cfg['Server']['AllowDeny']['order'] == 'deny,allow') {
856 if (PMA_allowDeny('deny')) {
857 $allowDeny_forbidden = true;
858 }
859 if (PMA_allowDeny('allow')) {
860 $allowDeny_forbidden = false;
861 }
862 } elseif ($cfg['Server']['AllowDeny']['order'] == 'explicit') {
863 if (PMA_allowDeny('allow')
864 && !PMA_allowDeny('deny')) {
865 $allowDeny_forbidden = false;
866 } else {
867 $allowDeny_forbidden = true;
868 }
869 } // end if ... elseif ... elseif
870
871 // Ejects the user if banished
872 if ($allowDeny_forbidden) {
873 PMA_log_user($cfg['Server']['user'], 'allow-denied');
874 PMA_auth_fails();
875 }
876 unset($allowDeny_forbidden); //Clean up after you!
877 } // end if
878
879 // is root allowed?
880 if (!$cfg['Server']['AllowRoot'] && $cfg['Server']['user'] == 'root') {
881 $allowDeny_forbidden = true;
882 PMA_log_user($cfg['Server']['user'], 'root-denied');
883 PMA_auth_fails();
884 unset($allowDeny_forbidden); //Clean up after you!
885 }
886
887 // is a login without password allowed?
888 if (!$cfg['Server']['AllowNoPassword'] && $cfg['Server']['password'] == '') {
889 $login_without_password_is_forbidden = true;
890 PMA_log_user($cfg['Server']['user'], 'empty-denied');
891 PMA_auth_fails();
892 unset($login_without_password_is_forbidden); //Clean up after you!
893 }
894
895 // Try to connect MySQL with the control user profile (will be used to
896 // get the privileges list for the current user but the true user link
897 // must be open after this one so it would be default one for all the
898 // scripts)
899 $controllink = false;
900 if ($cfg['Server']['controluser'] != '') {
901 $controllink = PMA_DBI_connect($cfg['Server']['controluser'],
902 $cfg['Server']['controlpass'], true);
903 }
904
905 // Connects to the server (validates user's login)
906 $userlink = PMA_DBI_connect($cfg['Server']['user'],
907 $cfg['Server']['password'], false);
908
909 if (! $controllink) {
910 $controllink = $userlink;
911 }
912
913 /* Log success */
914 PMA_log_user($cfg['Server']['user']);
915
916 /**
917 * with phpMyAdmin 3 we support MySQL >=5
918 * but only production releases:
919 * - > 5.0.15
920 */
921 if (PMA_MYSQL_INT_VERSION < 50015) {
922 PMA_fatalError('strUpgrade', array('MySQL', '5.0.15'));
923 }
924
925 /**
926 * SQL Parser code
927 */
928 require_once './libraries/sqlparser.lib.php';
929
930 /**
931 * SQL Validator interface code
932 */
933 require_once './libraries/sqlvalidator.lib.php';
934
935 /**
936 * the PMA_List_Database class
937 */
938 require_once './libraries/PMA.php';
939 $pma = new PMA;
940 $pma->userlink = $userlink;
941 $pma->controllink = $controllink;
942
943 /**
944 * some resetting has to be done when switching servers
945 */
946 if (isset($_SESSION['userconf']['previous_server']) && $_SESSION['userconf']['previous_server'] != $GLOBALS['server']) {
947 unset($_SESSION['userconf']['navi_limit_offset']);
948 }
949 $_SESSION['userconf']['previous_server'] = $GLOBALS['server'];
950
951 } // end server connecting
952
953 /**
954 * check if profiling was requested and remember it
955 * (note: when $cfg['ServerDefault'] = 0, constant is not defined)
956 */
957 if (isset($_REQUEST['profiling']) && PMA_profilingSupported()) {
958 $_SESSION['profiling'] = true;
959 } elseif (isset($_REQUEST['profiling_form'])) {
960 // the checkbox was unchecked
961 unset($_SESSION['profiling']);
962 }
963
964 // rajk - library file for blobstreaming
965 require_once './libraries/blobstreaming.lib.php';
966
967 // rajk - checks for blobstreaming plugins and databases that support
968 // blobstreaming (by having the necessary tables for blobstreaming)
969 if (checkBLOBStreamingPlugins())
970 checkBLOBStreamableDatabases();
971 } // end if !defined('PMA_MINIMUM_COMMON')
972
973 // remove sensitive values from session
974 $_SESSION['PMA_Config']->set('blowfish_secret', '');
975 $_SESSION['PMA_Config']->set('Servers', '');
976 $_SESSION['PMA_Config']->set('default_server', '');
977
978 if (!empty($__redirect) && in_array($__redirect, $goto_whitelist)) {
979 /**
980 * include subform target page
981 */
982 require $__redirect;
983 exit();
984 }
985 ?>
Drizzle / GSOC 2011