PageRenderTime 50ms CodeModel.GetById 15ms RepoModel.GetById 0ms app.codeStats 1ms

/phpmyadmin/libraries/common.inc.php

https://bitbucket.org/graaaf/garant
PHP | 1084 lines | 486 code | 125 blank | 473 comment | 137 complexity | 0a5b625ff75bbb8e0378e23d73969eb2 MD5 | raw file
Possible License(s): GPL-2.0, Apache-2.0
  1. <?php
  2. /* vim: set expandtab sw=4 ts=4 sts=4: */
  3. /**
  4. * Misc stuff and REQUIRED by ALL the scripts.
  5. * MUST be included by every script
  6. *
  7. * Among other things, it contains the advanced authentication work.
  8. *
  9. * Order of sections for common.inc.php:
  10. *
  11. * the authentication libraries must be before the connection to db
  12. *
  13. * ... so the required order is:
  14. *
  15. * LABEL_variables_init
  16. * - initialize some variables always needed
  17. * LABEL_parsing_config_file
  18. * - parsing of the configuration file
  19. * LABEL_loading_language_file
  20. * - loading language file
  21. * LABEL_setup_servers
  22. * - check and setup configured servers
  23. * LABEL_theme_setup
  24. * - setting up themes
  25. *
  26. * - load of MySQL extension (if necessary)
  27. * - loading of an authentication library
  28. * - db connection
  29. * - authentication work
  30. *
  31. * @package PhpMyAdmin
  32. */
  33. /**
  34. * Minimum PHP version; can't call PMA_fatalError() which uses a
  35. * PHP 5 function, so cannot easily localize this message.
  36. */
  37. if (version_compare(PHP_VERSION, '5.2.0', 'lt')) {
  38. die('PHP 5.2+ is required');
  39. }
  40. /**
  41. * Backward compatibility for PHP 5.2
  42. */
  43. if (!defined('E_DEPRECATED')) {
  44. define('E_DEPRECATED', 8192);
  45. }
  46. /**
  47. * the error handler
  48. */
  49. require './libraries/Error_Handler.class.php';
  50. /**
  51. * initialize the error handler
  52. */
  53. $GLOBALS['error_handler'] = new PMA_Error_Handler();
  54. $cfg['Error_Handler']['display'] = true;
  55. /*
  56. * This setting was removed in PHP 5.3. But at this point PMA_PHP_INT_VERSION
  57. * is not yet defined so we use another way to find out the PHP version.
  58. */
  59. if (version_compare(phpversion(), '5.3', 'lt')) {
  60. /**
  61. * Avoid object cloning errors
  62. */
  63. @ini_set('zend.ze1_compatibility_mode', false);
  64. }
  65. /**
  66. * This setting was removed in PHP 5.4. But at this point PMA_PHP_INT_VERSION
  67. * is not yet defined so we use another way to find out the PHP version.
  68. */
  69. if (version_compare(phpversion(), '5.4', 'lt')) {
  70. /**
  71. * Avoid problems with magic_quotes_runtime
  72. */
  73. @ini_set('magic_quotes_runtime', false);
  74. }
  75. /**
  76. * for verification in all procedural scripts under libraries
  77. */
  78. define('PHPMYADMIN', true);
  79. /**
  80. * core functions
  81. */
  82. require './libraries/core.lib.php';
  83. /**
  84. * Input sanitizing
  85. */
  86. require './libraries/sanitizing.lib.php';
  87. /**
  88. * the PMA_Theme class
  89. */
  90. require './libraries/Theme.class.php';
  91. /**
  92. * the PMA_Theme_Manager class
  93. */
  94. require './libraries/Theme_Manager.class.php';
  95. /**
  96. * the PMA_Config class
  97. */
  98. require './libraries/Config.class.php';
  99. /**
  100. * the relation lib, tracker needs it
  101. */
  102. require './libraries/relation.lib.php';
  103. /**
  104. * the PMA_Tracker class
  105. */
  106. require './libraries/Tracker.class.php';
  107. /**
  108. * the PMA_Table class
  109. */
  110. require './libraries/Table.class.php';
  111. if (!defined('PMA_MINIMUM_COMMON')) {
  112. /**
  113. * common functions
  114. */
  115. include_once './libraries/common.lib.php';
  116. /**
  117. * Java script escaping.
  118. */
  119. include_once './libraries/js_escape.lib.php';
  120. /**
  121. * Include URL/hidden inputs generating.
  122. */
  123. include_once './libraries/url_generating.lib.php';
  124. }
  125. /******************************************************************************/
  126. /* start procedural code label_start_procedural */
  127. /**
  128. * protect against possible exploits - there is no need to have so much variables
  129. */
  130. if (count($_REQUEST) > 1000) {
  131. die(__('possible exploit'));
  132. }
  133. /**
  134. * Check for numeric keys
  135. * (if register_globals is on, numeric key can be found in $GLOBALS)
  136. */
  137. foreach ($GLOBALS as $key => $dummy) {
  138. if (is_numeric($key)) {
  139. die(__('numeric key detected'));
  140. }
  141. }
  142. unset($dummy);
  143. /**
  144. * PATH_INFO could be compromised if set, so remove it from PHP_SELF
  145. * and provide a clean PHP_SELF here
  146. */
  147. $PMA_PHP_SELF = PMA_getenv('PHP_SELF');
  148. $_PATH_INFO = PMA_getenv('PATH_INFO');
  149. if (! empty($_PATH_INFO) && ! empty($PMA_PHP_SELF)) {
  150. $path_info_pos = strrpos($PMA_PHP_SELF, $_PATH_INFO);
  151. if ($path_info_pos + strlen($_PATH_INFO) === strlen($PMA_PHP_SELF)) {
  152. $PMA_PHP_SELF = substr($PMA_PHP_SELF, 0, $path_info_pos);
  153. }
  154. }
  155. $PMA_PHP_SELF = htmlspecialchars($PMA_PHP_SELF);
  156. /**
  157. * just to be sure there was no import (registering) before here
  158. * we empty the global space (but avoid unsetting $variables_list
  159. * and $key in the foreach (), we still need them!)
  160. */
  161. $variables_whitelist = array (
  162. 'GLOBALS',
  163. '_SERVER',
  164. '_GET',
  165. '_POST',
  166. '_REQUEST',
  167. '_FILES',
  168. '_ENV',
  169. '_COOKIE',
  170. '_SESSION',
  171. 'error_handler',
  172. 'PMA_PHP_SELF',
  173. 'variables_whitelist',
  174. 'key'
  175. );
  176. foreach (get_defined_vars() as $key => $value) {
  177. if (! in_array($key, $variables_whitelist)) {
  178. unset($$key);
  179. }
  180. }
  181. unset($key, $value, $variables_whitelist);
  182. /**
  183. * Subforms - some functions need to be called by form, cause of the limited URL
  184. * length, but if this functions inside another form you cannot just open a new
  185. * form - so phpMyAdmin uses 'arrays' inside this form
  186. *
  187. * <code>
  188. * <form ...>
  189. * ... main form elments ...
  190. * <input type="hidden" name="subform[action1][id]" value="1" />
  191. * ... other subform data ...
  192. * <input type="submit" name="usesubform[action1]" value="do action1" />
  193. * ... other subforms ...
  194. * <input type="hidden" name="subform[actionX][id]" value="X" />
  195. * ... other subform data ...
  196. * <input type="submit" name="usesubform[actionX]" value="do actionX" />
  197. * ... main form elments ...
  198. * <input type="submit" name="main_action" value="submit form" />
  199. * </form>
  200. * </code>
  201. *
  202. * so we now check if a subform is submitted
  203. */
  204. $__redirect = null;
  205. if (isset($_POST['usesubform'])) {
  206. // if a subform is present and should be used
  207. // the rest of the form is deprecated
  208. $subform_id = key($_POST['usesubform']);
  209. $subform = $_POST['subform'][$subform_id];
  210. $_POST = $subform;
  211. $_REQUEST = $subform;
  212. /**
  213. * some subforms need another page than the main form, so we will just
  214. * include this page at the end of this script - we use $__redirect to
  215. * track this
  216. */
  217. if (isset($_POST['redirect'])
  218. && $_POST['redirect'] != basename($PMA_PHP_SELF)) {
  219. $__redirect = $_POST['redirect'];
  220. unset($_POST['redirect']);
  221. }
  222. unset($subform_id, $subform);
  223. } else {
  224. // Note: here we overwrite $_REQUEST so that it does not contain cookies,
  225. // because another application for the same domain could have set
  226. // a cookie (with a compatible path) that overrides a variable
  227. // we expect from GET or POST.
  228. // We'll refer to cookies explicitly with the $_COOKIE syntax.
  229. $_REQUEST = array_merge($_GET, $_POST);
  230. }
  231. // end check if a subform is submitted
  232. /**
  233. * This setting was removed in PHP 5.4. But at this point PMA_PHP_INT_VERSION
  234. * is not yet defined so we use another way to find out the PHP version.
  235. */
  236. if (version_compare(phpversion(), '5.4', 'lt')) {
  237. // remove quotes added by PHP
  238. if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
  239. PMA_arrayWalkRecursive($_GET, 'stripslashes', true);
  240. PMA_arrayWalkRecursive($_POST, 'stripslashes', true);
  241. PMA_arrayWalkRecursive($_COOKIE, 'stripslashes', true);
  242. PMA_arrayWalkRecursive($_REQUEST, 'stripslashes', true);
  243. }
  244. }
  245. /**
  246. * include deprecated grab_globals only if required
  247. */
  248. if (empty($__redirect) && !defined('PMA_NO_VARIABLES_IMPORT')) {
  249. include './libraries/grab_globals.lib.php';
  250. }
  251. /**
  252. * check timezone setting
  253. * this could produce an E_STRICT - but only once,
  254. * if not done here it will produce E_STRICT on every date/time function
  255. *
  256. * @todo need to decide how we should handle this (without @)
  257. */
  258. date_default_timezone_set(@date_default_timezone_get());
  259. /******************************************************************************/
  260. /* parsing configuration file LABEL_parsing_config_file */
  261. /**
  262. * We really need this one!
  263. */
  264. if (! function_exists('preg_replace')) {
  265. PMA_warnMissingExtension('pcre', true);
  266. }
  267. /**
  268. * @global PMA_Config $GLOBALS['PMA_Config']
  269. * force reading of config file, because we removed sensitive values
  270. * in the previous iteration
  271. */
  272. $GLOBALS['PMA_Config'] = new PMA_Config(CONFIG_FILE);
  273. if (!defined('PMA_MINIMUM_COMMON')) {
  274. $GLOBALS['PMA_Config']->checkPmaAbsoluteUri();
  275. }
  276. /**
  277. * BC - enable backward compatibility
  278. * exports all configuration settings into $GLOBALS ($GLOBALS['cfg'])
  279. */
  280. $GLOBALS['PMA_Config']->enableBc();
  281. /**
  282. * clean cookies on upgrade
  283. * when changing something related to PMA cookies, increment the cookie version
  284. */
  285. $pma_cookie_version = 4;
  286. if (isset($_COOKIE)
  287. && (isset($_COOKIE['pmaCookieVer'])
  288. && $_COOKIE['pmaCookieVer'] < $pma_cookie_version)) {
  289. // delete all cookies
  290. foreach ($_COOKIE as $cookie_name => $tmp) {
  291. $GLOBALS['PMA_Config']->removeCookie($cookie_name);
  292. }
  293. $_COOKIE = array();
  294. $GLOBALS['PMA_Config']->setCookie('pmaCookieVer', $pma_cookie_version);
  295. }
  296. /**
  297. * check HTTPS connection
  298. */
  299. if ($GLOBALS['PMA_Config']->get('ForceSSL')
  300. && ! $GLOBALS['PMA_Config']->get('is_https')
  301. ) {
  302. // grab current URL
  303. $url = $GLOBALS['PMA_Config']->get('PmaAbsoluteUri');
  304. // Parse current URL
  305. $parsed = parse_url($url);
  306. // In case parsing has failed do stupid string replacement
  307. if ($parsed === false) {
  308. // Replace http protocol
  309. $url = preg_replace('@^http:@', 'https:', $url);
  310. } else {
  311. if($GLOBALS['PMA_Config']->get('SSLPort')) {
  312. $port_number = $GLOBALS['PMA_Config']->get('SSLPort');
  313. } else {
  314. $port_number = 443;
  315. }
  316. $url = 'https://' . $parsed['host'] . ':' . $port_number . $parsed['path'];
  317. }
  318. // Actually redirect
  319. PMA_sendHeaderLocation($url . PMA_generate_common_url($_GET, 'text'));
  320. // delete the current session, otherwise we get problems (see bug #2397877)
  321. $GLOBALS['PMA_Config']->removeCookie($GLOBALS['session_name']);
  322. exit;
  323. }
  324. /**
  325. * include session handling after the globals, to prevent overwriting
  326. */
  327. require './libraries/session.inc.php';
  328. /**
  329. * init some variables LABEL_variables_init
  330. */
  331. /**
  332. * holds parameters to be passed to next page
  333. * @global array $GLOBALS['url_params']
  334. */
  335. $GLOBALS['url_params'] = array();
  336. /**
  337. * the whitelist for $GLOBALS['goto']
  338. * @global array $goto_whitelist
  339. */
  340. $goto_whitelist = array(
  341. //'browse_foreigners.php',
  342. //'calendar.php',
  343. //'changelog.php',
  344. //'chk_rel.php',
  345. 'db_create.php',
  346. 'db_datadict.php',
  347. 'db_sql.php',
  348. 'db_events.php',
  349. 'db_export.php',
  350. 'db_importdocsql.php',
  351. 'db_qbe.php',
  352. 'db_structure.php',
  353. 'db_import.php',
  354. 'db_operations.php',
  355. 'db_printview.php',
  356. 'db_search.php',
  357. 'db_routines.php',
  358. //'Documentation.html',
  359. 'export.php',
  360. 'import.php',
  361. //'index.php',
  362. //'navigation.php',
  363. //'license.php',
  364. 'main.php',
  365. 'pdf_pages.php',
  366. 'pdf_schema.php',
  367. //'phpinfo.php',
  368. 'querywindow.php',
  369. //'readme.php',
  370. 'server_binlog.php',
  371. 'server_collations.php',
  372. 'server_databases.php',
  373. 'server_engines.php',
  374. 'server_export.php',
  375. 'server_import.php',
  376. 'server_privileges.php',
  377. 'server_processlist.php',
  378. 'server_sql.php',
  379. 'server_status.php',
  380. 'server_variables.php',
  381. 'sql.php',
  382. 'tbl_addfield.php',
  383. 'tbl_alter.php',
  384. 'tbl_change.php',
  385. 'tbl_create.php',
  386. 'tbl_import.php',
  387. 'tbl_indexes.php',
  388. 'tbl_move_copy.php',
  389. 'tbl_printview.php',
  390. 'tbl_sql.php',
  391. 'tbl_export.php',
  392. 'tbl_operations.php',
  393. 'tbl_structure.php',
  394. 'tbl_relation.php',
  395. 'tbl_replace.php',
  396. 'tbl_row_action.php',
  397. 'tbl_select.php',
  398. 'tbl_zoom_select.php',
  399. //'themes.php',
  400. 'transformation_overview.php',
  401. 'transformation_wrapper.php',
  402. 'user_password.php',
  403. );
  404. /**
  405. * check $__redirect against whitelist
  406. */
  407. if (! PMA_checkPageValidity($__redirect, $goto_whitelist)) {
  408. $__redirect = null;
  409. }
  410. /**
  411. * holds page that should be displayed
  412. * @global string $GLOBALS['goto']
  413. */
  414. $GLOBALS['goto'] = '';
  415. // Security fix: disallow accessing serious server files via "?goto="
  416. if (PMA_checkPageValidity($_REQUEST['goto'], $goto_whitelist)) {
  417. $GLOBALS['goto'] = $_REQUEST['goto'];
  418. $GLOBALS['url_params']['goto'] = $_REQUEST['goto'];
  419. } else {
  420. unset($_REQUEST['goto'], $_GET['goto'], $_POST['goto'], $_COOKIE['goto']);
  421. }
  422. /**
  423. * returning page
  424. * @global string $GLOBALS['back']
  425. */
  426. if (PMA_checkPageValidity($_REQUEST['back'], $goto_whitelist)) {
  427. $GLOBALS['back'] = $_REQUEST['back'];
  428. } else {
  429. unset($_REQUEST['back'], $_GET['back'], $_POST['back'], $_COOKIE['back']);
  430. }
  431. /**
  432. * Check whether user supplied token is valid, if not remove any possibly
  433. * dangerous stuff from request.
  434. *
  435. * remember that some objects in the session with session_start and __wakeup()
  436. * could access this variables before we reach this point
  437. * f.e. PMA_Config: fontsize
  438. *
  439. * @todo variables should be handled by their respective owners (objects)
  440. * f.e. lang, server, collation_connection in PMA_Config
  441. */
  442. if (! PMA_isValid($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) {
  443. /**
  444. * List of parameters which are allowed from unsafe source
  445. */
  446. $allow_list = array(
  447. /* needed for direct access, see FAQ 1.34
  448. * also, server needed for cookie login screen (multi-server)
  449. */
  450. 'server', 'db', 'table', 'target', 'lang',
  451. /* Session ID */
  452. 'phpMyAdmin',
  453. /* Cookie preferences */
  454. 'pma_lang', 'pma_collation_connection',
  455. /* Possible login form */
  456. 'pma_servername', 'pma_username', 'pma_password',
  457. /* for playing blobstreamable media */
  458. 'media_type', 'custom_type', 'bs_reference',
  459. /* for changing BLOB repository file MIME type */
  460. 'bs_db', 'bs_table', 'bs_ref', 'bs_new_mime_type',
  461. );
  462. /**
  463. * Require cleanup functions
  464. */
  465. include './libraries/cleanup.lib.php';
  466. /**
  467. * Do actual cleanup
  468. */
  469. PMA_remove_request_vars($allow_list);
  470. }
  471. /**
  472. * current selected database
  473. * @global string $GLOBALS['db']
  474. */
  475. $GLOBALS['db'] = '';
  476. if (PMA_isValid($_REQUEST['db'])) {
  477. // can we strip tags from this?
  478. // only \ and / is not allowed in db names for MySQL
  479. $GLOBALS['db'] = $_REQUEST['db'];
  480. $GLOBALS['url_params']['db'] = $GLOBALS['db'];
  481. }
  482. /**
  483. * current selected table
  484. * @global string $GLOBALS['table']
  485. */
  486. $GLOBALS['table'] = '';
  487. if (PMA_isValid($_REQUEST['table'])) {
  488. // can we strip tags from this?
  489. // only \ and / is not allowed in table names for MySQL
  490. $GLOBALS['table'] = $_REQUEST['table'];
  491. $GLOBALS['url_params']['table'] = $GLOBALS['table'];
  492. }
  493. /**
  494. * Store currently selected recent table.
  495. * Affect $GLOBALS['db'] and $GLOBALS['table']
  496. */
  497. if (PMA_isValid($_REQUEST['selected_recent_table'])) {
  498. $recent_table = json_decode($_REQUEST['selected_recent_table'], true);
  499. $GLOBALS['db'] = $recent_table['db'];
  500. $GLOBALS['url_params']['db'] = $GLOBALS['db'];
  501. $GLOBALS['table'] = $recent_table['table'];
  502. $GLOBALS['url_params']['table'] = $GLOBALS['table'];
  503. }
  504. /**
  505. * SQL query to be executed
  506. * @global string $GLOBALS['sql_query']
  507. */
  508. $GLOBALS['sql_query'] = '';
  509. if (PMA_isValid($_REQUEST['sql_query'])) {
  510. $GLOBALS['sql_query'] = $_REQUEST['sql_query'];
  511. }
  512. /**
  513. * avoid problems in phpmyadmin.css.php in some cases
  514. * @global string $js_frame
  515. */
  516. $_REQUEST['js_frame'] = PMA_ifSetOr($_REQUEST['js_frame'], '');
  517. //$_REQUEST['set_theme'] // checked later in this file LABEL_theme_setup
  518. //$_REQUEST['server']; // checked later in this file
  519. //$_REQUEST['lang']; // checked by LABEL_loading_language_file
  520. /**
  521. * holds name of JavaScript files to be included in HTML header
  522. * @global array $js_include
  523. */
  524. $GLOBALS['js_include'] = array();
  525. $GLOBALS['js_include'][] = 'jquery/jquery-1.6.2.js';
  526. $GLOBALS['js_include'][] = 'jquery/jquery-ui-1.8.16.custom.js';
  527. $GLOBALS['js_include'][] = 'update-location.js';
  528. /**
  529. * holds an array of javascript code snippets to be included in the HTML header
  530. * Can be used with PMA_AddJSCode() to pass on js variables to the browser.
  531. * @global array $js_script
  532. */
  533. $GLOBALS['js_script'] = array();
  534. /**
  535. * Add common jQuery functions script here if necessary.
  536. */
  537. /**
  538. * JavaScript events that will be registered
  539. * @global array $js_events
  540. */
  541. $GLOBALS['js_events'] = array();
  542. /**
  543. * footnotes to be displayed ot the page bottom
  544. * @global array $footnotes
  545. */
  546. $GLOBALS['footnotes'] = array();
  547. /******************************************************************************/
  548. /* loading language file LABEL_loading_language_file */
  549. /**
  550. * lang detection is done here
  551. */
  552. require './libraries/select_lang.lib.php';
  553. /**
  554. * check for errors occurred while loading configuration
  555. * this check is done here after loading language files to present errors in locale
  556. */
  557. $GLOBALS['PMA_Config']->checkPermissions();
  558. if ($GLOBALS['PMA_Config']->error_config_file) {
  559. $error = '<h1>' . __('Failed to read configuration file') . '</h1>'
  560. . _('This usually means there is a syntax error in it, please check any errors shown below.')
  561. . '<br />'
  562. . '<br />'
  563. . '<iframe src="show_config_errors.php" />';
  564. trigger_error($error, E_USER_ERROR);
  565. }
  566. if ($GLOBALS['PMA_Config']->error_config_default_file) {
  567. $error = sprintf(__('Could not load default configuration from: %1$s'),
  568. $GLOBALS['PMA_Config']->default_source);
  569. trigger_error($error, E_USER_ERROR);
  570. }
  571. if ($GLOBALS['PMA_Config']->error_pma_uri) {
  572. trigger_error(__('The <tt>$cfg[\'PmaAbsoluteUri\']</tt> directive MUST be set in your configuration file!'), E_USER_ERROR);
  573. }
  574. /******************************************************************************/
  575. /* setup servers LABEL_setup_servers */
  576. /**
  577. * current server
  578. * @global integer $GLOBALS['server']
  579. */
  580. $GLOBALS['server'] = 0;
  581. /**
  582. * Servers array fixups.
  583. * $default_server comes from PMA_Config::enableBc()
  584. * @todo merge into PMA_Config
  585. */
  586. // Do we have some server?
  587. if (! isset($cfg['Servers']) || count($cfg['Servers']) == 0) {
  588. // No server => create one with defaults
  589. $cfg['Servers'] = array(1 => $default_server);
  590. } else {
  591. // We have server(s) => apply default configuration
  592. $new_servers = array();
  593. foreach ($cfg['Servers'] as $server_index => $each_server) {
  594. // Detect wrong configuration
  595. if (!is_int($server_index) || $server_index < 1) {
  596. trigger_error(sprintf(__('Invalid server index: %s'), $server_index), E_USER_ERROR);
  597. }
  598. $each_server = array_merge($default_server, $each_server);
  599. // Don't use servers with no hostname
  600. if ($each_server['connect_type'] == 'tcp' && empty($each_server['host'])) {
  601. trigger_error(sprintf(__('Invalid hostname for server %1$s. Please review your configuration.'), $server_index), E_USER_ERROR);
  602. }
  603. // Final solution to bug #582890
  604. // If we are using a socket connection
  605. // and there is nothing in the verbose server name
  606. // or the host field, then generate a name for the server
  607. // in the form of "Server 2", localized of course!
  608. if ($each_server['connect_type'] == 'socket' && empty($each_server['host']) && empty($each_server['verbose'])) {
  609. $each_server['verbose'] = __('Server') . $server_index;
  610. }
  611. $new_servers[$server_index] = $each_server;
  612. }
  613. $cfg['Servers'] = $new_servers;
  614. unset($new_servers, $server_index, $each_server);
  615. }
  616. // Cleanup
  617. unset($default_server);
  618. /******************************************************************************/
  619. /* setup themes LABEL_theme_setup */
  620. /**
  621. * @global PMA_Theme_Manager $_SESSION['PMA_Theme_Manager']
  622. */
  623. if (! isset($_SESSION['PMA_Theme_Manager'])) {
  624. $_SESSION['PMA_Theme_Manager'] = new PMA_Theme_Manager;
  625. } else {
  626. /**
  627. * @todo move all __wakeup() functionality into session.inc.php
  628. */
  629. $_SESSION['PMA_Theme_Manager']->checkConfig();
  630. }
  631. // for the theme per server feature
  632. if (isset($_REQUEST['server']) && ! isset($_REQUEST['set_theme'])) {
  633. $GLOBALS['server'] = $_REQUEST['server'];
  634. $tmp = $_SESSION['PMA_Theme_Manager']->getThemeCookie();
  635. if (empty($tmp)) {
  636. $tmp = $_SESSION['PMA_Theme_Manager']->theme_default;
  637. }
  638. $_SESSION['PMA_Theme_Manager']->setActiveTheme($tmp);
  639. unset($tmp);
  640. }
  641. /**
  642. * @todo move into PMA_Theme_Manager::__wakeup()
  643. */
  644. if (isset($_REQUEST['set_theme'])) {
  645. // if user selected a theme
  646. $_SESSION['PMA_Theme_Manager']->setActiveTheme($_REQUEST['set_theme']);
  647. }
  648. /**
  649. * the theme object
  650. * @global PMA_Theme $_SESSION['PMA_Theme']
  651. */
  652. $_SESSION['PMA_Theme'] = $_SESSION['PMA_Theme_Manager']->theme;
  653. // BC
  654. /**
  655. * the active theme
  656. * @global string $GLOBALS['theme']
  657. */
  658. $GLOBALS['theme'] = $_SESSION['PMA_Theme']->getName();
  659. /**
  660. * the theme path
  661. * @global string $GLOBALS['pmaThemePath']
  662. */
  663. $GLOBALS['pmaThemePath'] = $_SESSION['PMA_Theme']->getPath();
  664. /**
  665. * the theme image path
  666. * @global string $GLOBALS['pmaThemeImage']
  667. */
  668. $GLOBALS['pmaThemeImage'] = $_SESSION['PMA_Theme']->getImgPath();
  669. /**
  670. * load layout file if exists
  671. */
  672. if (@file_exists($_SESSION['PMA_Theme']->getLayoutFile())) {
  673. include $_SESSION['PMA_Theme']->getLayoutFile();
  674. /**
  675. * @todo remove if all themes are update use Navi instead of Left as frame name
  676. */
  677. if (! isset($GLOBALS['cfg']['NaviWidth'])
  678. && isset($GLOBALS['cfg']['LeftWidth'])) {
  679. $GLOBALS['cfg']['NaviWidth'] = $GLOBALS['cfg']['LeftWidth'];
  680. }
  681. }
  682. if (! defined('PMA_MINIMUM_COMMON')) {
  683. /**
  684. * Character set conversion.
  685. */
  686. include_once './libraries/charset_conversion.lib.php';
  687. /**
  688. * String handling
  689. */
  690. include_once './libraries/string.lib.php';
  691. /**
  692. * Lookup server by name
  693. * (see FAQ 4.8)
  694. */
  695. if (! empty($_REQUEST['server']) && is_string($_REQUEST['server'])
  696. && ! is_numeric($_REQUEST['server'])) {
  697. foreach ($cfg['Servers'] as $i => $server) {
  698. if ($server['host'] == $_REQUEST['server']) {
  699. $_REQUEST['server'] = $i;
  700. break;
  701. }
  702. }
  703. if (is_string($_REQUEST['server'])) {
  704. unset($_REQUEST['server']);
  705. }
  706. unset($i);
  707. }
  708. /**
  709. * If no server is selected, make sure that $cfg['Server'] is empty (so
  710. * that nothing will work), and skip server authentication.
  711. * We do NOT exit here, but continue on without logging into any server.
  712. * This way, the welcome page will still come up (with no server info) and
  713. * present a choice of servers in the case that there are multiple servers
  714. * and '$cfg['ServerDefault'] = 0' is set.
  715. */
  716. if (isset($_REQUEST['server']) && (is_string($_REQUEST['server']) || is_numeric($_REQUEST['server'])) && ! empty($_REQUEST['server']) && ! empty($cfg['Servers'][$_REQUEST['server']])) {
  717. $GLOBALS['server'] = $_REQUEST['server'];
  718. $cfg['Server'] = $cfg['Servers'][$GLOBALS['server']];
  719. } else {
  720. if (!empty($cfg['Servers'][$cfg['ServerDefault']])) {
  721. $GLOBALS['server'] = $cfg['ServerDefault'];
  722. $cfg['Server'] = $cfg['Servers'][$GLOBALS['server']];
  723. } else {
  724. $GLOBALS['server'] = 0;
  725. $cfg['Server'] = array();
  726. }
  727. }
  728. $GLOBALS['url_params']['server'] = $GLOBALS['server'];
  729. /**
  730. * Kanji encoding convert feature appended by Y.Kawada (2002/2/20)
  731. */
  732. if (function_exists('mb_convert_encoding')
  733. && $lang == 'ja') {
  734. include_once './libraries/kanji-encoding.lib.php';
  735. } // end if
  736. /**
  737. * save some settings in cookies
  738. * @todo should be done in PMA_Config
  739. */
  740. $GLOBALS['PMA_Config']->setCookie('pma_lang', $GLOBALS['lang']);
  741. if (isset($GLOBALS['collation_connection'])) {
  742. $GLOBALS['PMA_Config']->setCookie(
  743. 'pma_collation_connection',
  744. $GLOBALS['collation_connection']);
  745. }
  746. $_SESSION['PMA_Theme_Manager']->setThemeCookie();
  747. if (! empty($cfg['Server'])) {
  748. /**
  749. * Loads the proper database interface for this server
  750. */
  751. include_once './libraries/database_interface.lib.php';
  752. include_once './libraries/logging.lib.php';
  753. // get LoginCookieValidity from preferences cache
  754. // no generic solution for loading preferences from cache as some settings need to be kept
  755. // for processing in PMA_Config::loadUserPreferences()
  756. $cache_key = 'server_' . $GLOBALS['server'];
  757. if (isset($_SESSION['cache'][$cache_key]['userprefs']['LoginCookieValidity'])) {
  758. $value = $_SESSION['cache'][$cache_key]['userprefs']['LoginCookieValidity'];
  759. $GLOBALS['PMA_Config']->set('LoginCookieValidity', $value);
  760. $GLOBALS['cfg']['LoginCookieValidity'] = $value;
  761. unset($value);
  762. }
  763. unset($cache_key);
  764. // Gets the authentication library that fits the $cfg['Server'] settings
  765. // and run authentication
  766. // to allow HTTP or http
  767. $cfg['Server']['auth_type'] = strtolower($cfg['Server']['auth_type']);
  768. if (! file_exists('./libraries/auth/' . $cfg['Server']['auth_type'] . '.auth.lib.php')) {
  769. PMA_fatalError(__('Invalid authentication method set in configuration:') . ' ' . $cfg['Server']['auth_type']);
  770. }
  771. /**
  772. * the required auth type plugin
  773. */
  774. include_once './libraries/auth/' . $cfg['Server']['auth_type'] . '.auth.lib.php';
  775. if (!PMA_auth_check()) {
  776. /* Force generating of new session on login */
  777. PMA_secureSession();
  778. PMA_auth();
  779. } else {
  780. PMA_auth_set_user();
  781. }
  782. // Check IP-based Allow/Deny rules as soon as possible to reject the
  783. // user
  784. // Based on mod_access in Apache:
  785. // http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/aaa/mod_access.c?rev=1.37&content-type=text/vnd.viewcvs-markup
  786. // Look at: "static int check_dir_access(request_rec *r)"
  787. if (isset($cfg['Server']['AllowDeny'])
  788. && isset($cfg['Server']['AllowDeny']['order'])) {
  789. /**
  790. * ip based access library
  791. */
  792. include_once './libraries/ip_allow_deny.lib.php';
  793. $allowDeny_forbidden = false; // default
  794. if ($cfg['Server']['AllowDeny']['order'] == 'allow,deny') {
  795. $allowDeny_forbidden = true;
  796. if (PMA_allowDeny('allow')) {
  797. $allowDeny_forbidden = false;
  798. }
  799. if (PMA_allowDeny('deny')) {
  800. $allowDeny_forbidden = true;
  801. }
  802. } elseif ($cfg['Server']['AllowDeny']['order'] == 'deny,allow') {
  803. if (PMA_allowDeny('deny')) {
  804. $allowDeny_forbidden = true;
  805. }
  806. if (PMA_allowDeny('allow')) {
  807. $allowDeny_forbidden = false;
  808. }
  809. } elseif ($cfg['Server']['AllowDeny']['order'] == 'explicit') {
  810. if (PMA_allowDeny('allow')
  811. && !PMA_allowDeny('deny')) {
  812. $allowDeny_forbidden = false;
  813. } else {
  814. $allowDeny_forbidden = true;
  815. }
  816. } // end if ... elseif ... elseif
  817. // Ejects the user if banished
  818. if ($allowDeny_forbidden) {
  819. PMA_log_user($cfg['Server']['user'], 'allow-denied');
  820. PMA_auth_fails();
  821. }
  822. unset($allowDeny_forbidden); //Clean up after you!
  823. } // end if
  824. // is root allowed?
  825. if (!$cfg['Server']['AllowRoot'] && $cfg['Server']['user'] == 'root') {
  826. $allowDeny_forbidden = true;
  827. PMA_log_user($cfg['Server']['user'], 'root-denied');
  828. PMA_auth_fails();
  829. unset($allowDeny_forbidden); //Clean up after you!
  830. }
  831. // is a login without password allowed?
  832. if (!$cfg['Server']['AllowNoPassword'] && $cfg['Server']['password'] == '') {
  833. $login_without_password_is_forbidden = true;
  834. PMA_log_user($cfg['Server']['user'], 'empty-denied');
  835. PMA_auth_fails();
  836. unset($login_without_password_is_forbidden); //Clean up after you!
  837. }
  838. // if using TCP socket is not needed
  839. if (strtolower($cfg['Server']['connect_type']) == 'tcp') {
  840. $cfg['Server']['socket'] = '';
  841. }
  842. // Try to connect MySQL with the control user profile (will be used to
  843. // get the privileges list for the current user but the true user link
  844. // must be open after this one so it would be default one for all the
  845. // scripts)
  846. $controllink = false;
  847. if ($cfg['Server']['controluser'] != '') {
  848. if (! empty($cfg['Server']['controlhost'])) {
  849. $controllink = PMA_DBI_connect($cfg['Server']['controluser'],
  850. $cfg['Server']['controlpass'], true,
  851. array('host' => $cfg['Server']['controlhost'])
  852. );
  853. } else {
  854. $controllink = PMA_DBI_connect($cfg['Server']['controluser'],
  855. $cfg['Server']['controlpass'], true);
  856. }
  857. }
  858. // Connects to the server (validates user's login)
  859. $userlink = PMA_DBI_connect($cfg['Server']['user'],
  860. $cfg['Server']['password'], false);
  861. if (! $controllink) {
  862. $controllink = $userlink;
  863. }
  864. /* Log success */
  865. PMA_log_user($cfg['Server']['user']);
  866. /**
  867. * with phpMyAdmin 3 we support MySQL >=5
  868. * but only production releases:
  869. * - > 5.0.15
  870. */
  871. if (PMA_MYSQL_INT_VERSION < 50015) {
  872. PMA_fatalError(__('You should upgrade to %s %s or later.'), array('MySQL', '5.0.15'));
  873. }
  874. if (PMA_DRIZZLE) {
  875. // DisableIS must be set to false for Drizzle, it maps SHOW commands
  876. // to INFORMATION_SCHEMA queries anyway so it's fast on large servers
  877. $cfg['Server']['DisableIS'] = false;
  878. // SHOW OPEN TABLES is not supported by Drizzle
  879. $cfg['SkipLockedTables'] = false;
  880. }
  881. /**
  882. * SQL Parser code
  883. */
  884. include_once './libraries/sqlparser.lib.php';
  885. /**
  886. * SQL Validator interface code
  887. */
  888. include_once './libraries/sqlvalidator.lib.php';
  889. /**
  890. * the PMA_List_Database class
  891. */
  892. include_once './libraries/PMA.php';
  893. $pma = new PMA;
  894. $pma->userlink = $userlink;
  895. $pma->controllink = $controllink;
  896. /**
  897. * some resetting has to be done when switching servers
  898. */
  899. if (isset($_SESSION['tmp_user_values']['previous_server']) && $_SESSION['tmp_user_values']['previous_server'] != $GLOBALS['server']) {
  900. unset($_SESSION['tmp_user_values']['navi_limit_offset']);
  901. }
  902. $_SESSION['tmp_user_values']['previous_server'] = $GLOBALS['server'];
  903. } // end server connecting
  904. /**
  905. * check if profiling was requested and remember it
  906. * (note: when $cfg['ServerDefault'] = 0, constant is not defined)
  907. */
  908. if (isset($_REQUEST['profiling']) && PMA_profilingSupported()) {
  909. $_SESSION['profiling'] = true;
  910. } elseif (isset($_REQUEST['profiling_form'])) {
  911. // the checkbox was unchecked
  912. unset($_SESSION['profiling']);
  913. }
  914. // library file for blobstreaming
  915. include_once './libraries/blobstreaming.lib.php';
  916. // checks for blobstreaming plugins and databases that support
  917. // blobstreaming (by having the necessary tables for blobstreaming)
  918. checkBLOBStreamingPlugins();
  919. } // end if !defined('PMA_MINIMUM_COMMON')
  920. // load user preferences
  921. $GLOBALS['PMA_Config']->loadUserPreferences();
  922. // remove sensitive values from session
  923. $GLOBALS['PMA_Config']->set('blowfish_secret', '');
  924. $GLOBALS['PMA_Config']->set('Servers', '');
  925. $GLOBALS['PMA_Config']->set('default_server', '');
  926. /* Tell tracker that it can actually work */
  927. PMA_Tracker::enable();
  928. /**
  929. * @global boolean $GLOBALS['is_ajax_request']
  930. * @todo should this be moved to the variables init section above?
  931. *
  932. * Check if the current request is an AJAX request, and set is_ajax_request
  933. * accordingly. Suppress headers, footers and unnecessary output if set to
  934. * true
  935. */
  936. if (isset($_REQUEST['ajax_request']) && $_REQUEST['ajax_request'] == true) {
  937. $GLOBALS['is_ajax_request'] = true;
  938. } else {
  939. $GLOBALS['is_ajax_request'] = false;
  940. }
  941. /**
  942. * @global boolean $GLOBALS['grid_edit']
  943. *
  944. * Set to true if this is a request made during an grid edit process. This
  945. * request is made to retrieve the non-truncated/transformed values.
  946. */
  947. if (isset($_REQUEST['grid_edit']) && $_REQUEST['grid_edit'] == true) {
  948. $GLOBALS['grid_edit'] = true;
  949. } else {
  950. $GLOBALS['grid_edit'] = false;
  951. }
  952. if (!empty($__redirect) && in_array($__redirect, $goto_whitelist)) {
  953. /**
  954. * include subform target page
  955. */
  956. include $__redirect;
  957. exit();
  958. }
  959. ?>