Returns the error message otherwise.
| public static mysqlDie ( string | boolean $server_msg = '', string $sql_query = '', boolean $is_modify_link = true, string $back_url = '', boolean $exit = true ) : string | ||
| $server_msg | string | boolean | Server's error message. |
| $sql_query | string | The SQL query that failed. |
| $is_modify_link | boolean | Whether to show a "modify" link or not. |
| $back_url | string | URL for the "back" link (full path is not required). |
| $exit | boolean | Whether execution should be stopped or the error message should be returned. |
| return | string | |
/**
* Handles the whole import logic
*
* @param array &$sql_data 2-element array with sql data
*
* @return void
*/
public function doImport(&$sql_data = array())
{
global $db, $table, $csv_terminated, $csv_enclosed, $csv_escaped, $csv_new_line, $csv_columns, $err_url;
// $csv_replace and $csv_ignore should have been here,
// but we use directly from $_POST
global $error, $timeout_passed, $finished, $message;
$replacements = array('\\n' => "\n", '\\t' => "\t", '\\r' => "\r");
$csv_terminated = strtr($csv_terminated, $replacements);
$csv_enclosed = strtr($csv_enclosed, $replacements);
$csv_escaped = strtr($csv_escaped, $replacements);
$csv_new_line = strtr($csv_new_line, $replacements);
$param_error = false;
if (mb_strlen($csv_terminated) < 1) {
$message = PMA\libraries\Message::error(__('Invalid parameter for CSV import: %s'));
$message->addParam(__('Columns terminated with'), false);
$error = true;
$param_error = true;
// The default dialog of MS Excel when generating a CSV produces a
// semi-colon-separated file with no chance of specifying the
// enclosing character. Thus, users who want to import this file
// tend to remove the enclosing character on the Import dialog.
// I could not find a test case where having no enclosing characters
// confuses this script.
// But the parser won't work correctly with strings so we allow just
// one character.
} elseif (mb_strlen($csv_enclosed) > 1) {
$message = PMA\libraries\Message::error(__('Invalid parameter for CSV import: %s'));
$message->addParam(__('Columns enclosed with'), false);
$error = true;
$param_error = true;
// I could not find a test case where having no escaping characters
// confuses this script.
// But the parser won't work correctly with strings so we allow just
// one character.
} elseif (mb_strlen($csv_escaped) > 1) {
$message = PMA\libraries\Message::error(__('Invalid parameter for CSV import: %s'));
$message->addParam(__('Columns escaped with'), false);
$error = true;
$param_error = true;
} elseif (mb_strlen($csv_new_line) != 1 && $csv_new_line != 'auto') {
$message = PMA\libraries\Message::error(__('Invalid parameter for CSV import: %s'));
$message->addParam(__('Lines terminated with'), false);
$error = true;
$param_error = true;
}
// If there is an error in the parameters entered,
// indicate that immediately.
if ($param_error) {
PMA\libraries\Util::mysqlDie($message->getMessage(), '', false, $err_url);
}
$buffer = '';
$required_fields = 0;
if (!$this->_getAnalyze()) {
$sql_template = 'INSERT';
if (isset($_POST['csv_ignore'])) {
$sql_template .= ' IGNORE';
}
$sql_template .= ' INTO ' . PMA\libraries\Util::backquote($table);
$tmp_fields = $GLOBALS['dbi']->getColumns($db, $table);
if (empty($csv_columns)) {
$fields = $tmp_fields;
} else {
$sql_template .= ' (';
$fields = array();
$tmp = preg_split('/,( ?)/', $csv_columns);
foreach ($tmp as $key => $val) {
if (count($fields) > 0) {
$sql_template .= ', ';
}
/* Trim also `, if user already included backquoted fields */
$val = trim($val, " \t\r\n\v`");
$found = false;
foreach ($tmp_fields as $field) {
if ($field['Field'] == $val) {
$found = true;
break;
}
}
if (!$found) {
$message = PMA\libraries\Message::error(__('Invalid column (%s) specified! Ensure that columns' . ' names are spelled correctly, separated by commas' . ', and not enclosed in quotes.'));
$message->addParam($val);
$error = true;
break;
}
$fields[] = $field;
$sql_template .= PMA\libraries\Util::backquote($val);
}
$sql_template .= ') ';
}
$required_fields = count($fields);
$sql_template .= ' VALUES (';
}
// Defaults for parser
$i = 0;
$len = 0;
$lastlen = null;
$line = 1;
$lasti = -1;
$values = array();
$csv_finish = false;
$tempRow = array();
$rows = array();
$col_names = array();
$tables = array();
$col_count = 0;
$max_cols = 0;
$csv_terminated_len = mb_strlen($csv_terminated);
while (!($finished && $i >= $len) && !$error && !$timeout_passed) {
$data = PMA_importGetNextChunk();
if ($data === false) {
// subtract data we didn't handle yet and stop processing
$GLOBALS['offset'] -= strlen($buffer);
break;
} elseif ($data === true) {
// Handle rest of buffer
} else {
// Append new data to buffer
$buffer .= $data;
unset($data);
// Force a trailing new line at EOF to prevent parsing problems
if ($finished && $buffer) {
$finalch = mb_substr($buffer, -1);
if ($csv_new_line == 'auto' && $finalch != "\r" && $finalch != "\n") {
$buffer .= "\n";
} elseif ($csv_new_line != 'auto' && $finalch != $csv_new_line) {
$buffer .= $csv_new_line;
}
}
// Do not parse string when we're not at the end
// and don't have new line inside
if ($csv_new_line == 'auto' && mb_strpos($buffer, "\r") === false && mb_strpos($buffer, "\n") === false || $csv_new_line != 'auto' && mb_strpos($buffer, $csv_new_line) === false) {
continue;
}
}
// Current length of our buffer
$len = mb_strlen($buffer);
// Currently parsed char
$ch = mb_substr($buffer, $i, 1);
if ($csv_terminated_len > 1 && $ch == $csv_terminated[0]) {
$ch = $this->readCsvTerminatedString($buffer, $ch, $i, $csv_terminated_len);
$i += $csv_terminated_len - 1;
}
while ($i < $len) {
// Deadlock protection
if ($lasti == $i && $lastlen == $len) {
$message = PMA\libraries\Message::error(__('Invalid format of CSV input on line %d.'));
$message->addParam($line);
$error = true;
break;
}
$lasti = $i;
$lastlen = $len;
// This can happen with auto EOL and \r at the end of buffer
if (!$csv_finish) {
// Grab empty field
if ($ch == $csv_terminated) {
if ($i == $len - 1) {
break;
}
$values[] = '';
$i++;
$ch = mb_substr($buffer, $i, 1);
if ($csv_terminated_len > 1 && $ch == $csv_terminated[0]) {
$ch = $this->readCsvTerminatedString($buffer, $ch, $i, $csv_terminated_len);
$i += $csv_terminated_len - 1;
}
continue;
}
// Grab one field
$fallbacki = $i;
if ($ch == $csv_enclosed) {
if ($i == $len - 1) {
break;
}
$need_end = true;
$i++;
$ch = mb_substr($buffer, $i, 1);
if ($csv_terminated_len > 1 && $ch == $csv_terminated[0]) {
$ch = $this->readCsvTerminatedString($buffer, $ch, $i, $csv_terminated_len);
$i += $csv_terminated_len - 1;
}
} else {
$need_end = false;
}
$fail = false;
$value = '';
while ($need_end && ($ch != $csv_enclosed || $csv_enclosed == $csv_escaped) || !$need_end && !($ch == $csv_terminated || $ch == $csv_new_line || $csv_new_line == 'auto' && ($ch == "\r" || $ch == "\n"))) {
if ($ch == $csv_escaped) {
if ($i == $len - 1) {
$fail = true;
break;
}
$i++;
$ch = mb_substr($buffer, $i, 1);
if ($csv_terminated_len > 1 && $ch == $csv_terminated[0]) {
$ch = $this->readCsvTerminatedString($buffer, $ch, $i, $csv_terminated_len);
$i += $csv_terminated_len - 1;
}
if ($csv_enclosed == $csv_escaped && ($ch == $csv_terminated || $ch == $csv_new_line || $csv_new_line == 'auto' && ($ch == "\r" || $ch == "\n"))) {
break;
}
}
$value .= $ch;
if ($i == $len - 1) {
if (!$finished) {
$fail = true;
}
break;
}
$i++;
$ch = mb_substr($buffer, $i, 1);
if ($csv_terminated_len > 1 && $ch == $csv_terminated[0]) {
$ch = $this->readCsvTerminatedString($buffer, $ch, $i, $csv_terminated_len);
$i += $csv_terminated_len - 1;
}
}
// unquoted NULL string
if (false === $need_end && $value === 'NULL') {
$value = null;
}
if ($fail) {
$i = $fallbacki;
$ch = mb_substr($buffer, $i, 1);
if ($csv_terminated_len > 1 && $ch == $csv_terminated[0]) {
$i += $csv_terminated_len - 1;
}
break;
}
// Need to strip trailing enclosing char?
if ($need_end && $ch == $csv_enclosed) {
if ($finished && $i == $len - 1) {
$ch = null;
} elseif ($i == $len - 1) {
$i = $fallbacki;
$ch = mb_substr($buffer, $i, 1);
if ($csv_terminated_len > 1 && $ch == $csv_terminated[0]) {
$i += $csv_terminated_len - 1;
}
break;
} else {
$i++;
$ch = mb_substr($buffer, $i, 1);
if ($csv_terminated_len > 1 && $ch == $csv_terminated[0]) {
$ch = $this->readCsvTerminatedString($buffer, $ch, $i, $csv_terminated_len);
$i += $csv_terminated_len - 1;
}
}
}
// Are we at the end?
if ($ch == $csv_new_line || $csv_new_line == 'auto' && ($ch == "\r" || $ch == "\n") || $finished && $i == $len - 1) {
$csv_finish = true;
}
// Go to next char
if ($ch == $csv_terminated) {
if ($i == $len - 1) {
$i = $fallbacki;
$ch = mb_substr($buffer, $i, 1);
if ($csv_terminated_len > 1 && $ch == $csv_terminated[0]) {
$i += $csv_terminated_len - 1;
}
break;
}
$i++;
$ch = mb_substr($buffer, $i, 1);
if ($csv_terminated_len > 1 && $ch == $csv_terminated[0]) {
$ch = $this->readCsvTerminatedString($buffer, $ch, $i, $csv_terminated_len);
$i += $csv_terminated_len - 1;
}
}
// If everything went okay, store value
$values[] = $value;
}
// End of line
if ($csv_finish || $ch == $csv_new_line || $csv_new_line == 'auto' && ($ch == "\r" || $ch == "\n")) {
if ($csv_new_line == 'auto' && $ch == "\r") {
// Handle "\r\n"
if ($i >= $len - 2 && !$finished) {
break;
// We need more data to decide new line
}
if (mb_substr($buffer, $i + 1, 1) == "\n") {
$i++;
}
}
// We didn't parse value till the end of line, so there was
// empty one
if (!$csv_finish) {
$values[] = '';
}
if ($this->_getAnalyze()) {
foreach ($values as $val) {
$tempRow[] = $val;
++$col_count;
}
if ($col_count > $max_cols) {
$max_cols = $col_count;
}
$col_count = 0;
$rows[] = $tempRow;
$tempRow = array();
} else {
// Do we have correct count of values?
if (count($values) != $required_fields) {
// Hack for excel
if ($values[count($values) - 1] == ';') {
unset($values[count($values) - 1]);
} else {
$message = PMA\libraries\Message::error(__('Invalid column count in CSV input' . ' on line %d.'));
$message->addParam($line);
$error = true;
break;
}
}
$first = true;
$sql = $sql_template;
foreach ($values as $key => $val) {
if (!$first) {
$sql .= ', ';
}
if ($val === null) {
$sql .= 'NULL';
} else {
$sql .= '\'' . PMA\libraries\Util::sqlAddSlashes($val) . '\'';
}
$first = false;
}
$sql .= ')';
if (isset($_POST['csv_replace'])) {
$sql .= " ON DUPLICATE KEY UPDATE ";
foreach ($fields as $field) {
$fieldName = PMA\libraries\Util::backquote($field['Field']);
$sql .= $fieldName . " = VALUES(" . $fieldName . "), ";
}
$sql = rtrim($sql, ', ');
}
/**
* @todo maybe we could add original line to verbose
* SQL in comment
*/
PMA_importRunQuery($sql, $sql, $sql_data);
}
$line++;
$csv_finish = false;
$values = array();
$buffer = mb_substr($buffer, $i + 1);
$len = mb_strlen($buffer);
$i = 0;
$lasti = -1;
$ch = mb_substr($buffer, 0, 1);
}
}
// End of parser loop
}
// End of import loop
if ($this->_getAnalyze()) {
/* Fill out all rows */
$num_rows = count($rows);
for ($i = 0; $i < $num_rows; ++$i) {
for ($j = count($rows[$i]); $j < $max_cols; ++$j) {
$rows[$i][] = 'NULL';
}
}
if (isset($_REQUEST['csv_col_names'])) {
$col_names = array_splice($rows, 0, 1);
$col_names = $col_names[0];
// MySQL column names can't end with a space character.
foreach ($col_names as $key => $col_name) {
$col_names[$key] = rtrim($col_name);
}
}
if (isset($col_names) && count($col_names) != $max_cols || !isset($col_names)) {
// Fill out column names
for ($i = 0; $i < $max_cols; ++$i) {
$col_names[] = 'COL ' . ($i + 1);
}
}
if (mb_strlen($db)) {
$result = $GLOBALS['dbi']->fetchResult('SHOW TABLES');
$tbl_name = 'TABLE ' . (count($result) + 1);
} else {
$tbl_name = 'TBL_NAME';
}
$tables[] = array($tbl_name, $col_names, $rows);
/* Obtain the best-fit MySQL types for each column */
$analyses = array();
$analyses[] = PMA_analyzeTable($tables[0]);
/**
* string $db_name (no backquotes)
*
* array $table = array(table_name, array() column_names, array()() rows)
* array $tables = array of "$table"s
*
* array $analysis = array(array() column_types, array() column_sizes)
* array $analyses = array of "$analysis"s
*
* array $create = array of SQL strings
*
* array $options = an associative array of options
*/
/* Set database name to the currently selected one, if applicable */
list($db_name, $options) = $this->getDbnameAndOptions($db, 'CSV_DB');
/* Non-applicable parameters */
$create = null;
/* Created and execute necessary SQL statements from data */
PMA_buildSQL($db_name, $tables, $analyses, $create, $options, $sql_data);
unset($tables);
unset($analyses);
}
// Commit any possible data in buffers
PMA_importRunQuery('', '', $sql_data);
if (count($values) != 0 && !$error) {
$message = PMA\libraries\Message::error(__('Invalid format of CSV input on line %d.'));
$message->addParam($line);
$error = true;
}
}
/**
* returns array with databases containing extended infos about them
*
* @param string $database database
* @param boolean $force_stats retrieve stats also for MySQL < 5
* @param object $link mysql link
* @param string $sort_by column to order by
* @param string $sort_order ASC or DESC
* @param integer $limit_offset starting offset for LIMIT
* @param bool|int $limit_count row count for LIMIT or true
* for $GLOBALS['cfg']['MaxDbList']
*
* @todo move into ListDatabase?
*
* @return array $databases
*/
public function getDatabasesFull($database = null, $force_stats = false, $link = null, $sort_by = 'SCHEMA_NAME', $sort_order = 'ASC', $limit_offset = 0, $limit_count = false)
{
$sort_order = strtoupper($sort_order);
if (true === $limit_count) {
$limit_count = $GLOBALS['cfg']['MaxDbList'];
}
$apply_limit_and_order_manual = true;
if (!$GLOBALS['cfg']['Server']['DisableIS']) {
/**
* if $GLOBALS['cfg']['NaturalOrder'] is enabled, we cannot use LIMIT
* cause MySQL does not support natural ordering,
* we have to do it afterward
*/
$limit = '';
if (!$GLOBALS['cfg']['NaturalOrder']) {
if ($limit_count) {
$limit = ' LIMIT ' . $limit_count . ' OFFSET ' . $limit_offset;
}
$apply_limit_and_order_manual = false;
}
// get table information from information_schema
if (!empty($database)) {
$sql_where_schema = 'WHERE `SCHEMA_NAME` LIKE \'' . Util::sqlAddSlashes($database) . '\'';
} else {
$sql_where_schema = '';
}
$sql = 'SELECT *,
CAST(BIN_NAME AS CHAR CHARACTER SET utf8) AS SCHEMA_NAME
FROM (';
$sql .= 'SELECT
BINARY s.SCHEMA_NAME AS BIN_NAME,
s.DEFAULT_COLLATION_NAME';
if ($force_stats) {
$sql .= ',
COUNT(t.TABLE_SCHEMA) AS SCHEMA_TABLES,
SUM(t.TABLE_ROWS) AS SCHEMA_TABLE_ROWS,
SUM(t.DATA_LENGTH) AS SCHEMA_DATA_LENGTH,
SUM(t.MAX_DATA_LENGTH) AS SCHEMA_MAX_DATA_LENGTH,
SUM(t.INDEX_LENGTH) AS SCHEMA_INDEX_LENGTH,
SUM(t.DATA_LENGTH + t.INDEX_LENGTH)
AS SCHEMA_LENGTH,
SUM(t.DATA_FREE) AS SCHEMA_DATA_FREE';
}
$sql .= '
FROM `information_schema`.SCHEMATA s';
if ($force_stats) {
$sql .= '
LEFT JOIN `information_schema`.TABLES t
ON BINARY t.TABLE_SCHEMA = BINARY s.SCHEMA_NAME';
}
$sql .= $sql_where_schema . '
GROUP BY BINARY s.SCHEMA_NAME, s.DEFAULT_COLLATION_NAME
ORDER BY ';
if ($sort_by == 'SCHEMA_NAME' || $sort_by == 'DEFAULT_COLLATION_NAME') {
$sql .= 'BINARY ';
}
$sql .= Util::backquote($sort_by) . ' ' . $sort_order . $limit;
$sql .= ') a';
$databases = $this->fetchResult($sql, 'SCHEMA_NAME', null, $link);
$mysql_error = $this->getError($link);
if (!count($databases) && $GLOBALS['errno']) {
Util::mysqlDie($mysql_error, $sql);
}
// display only databases also in official database list
// f.e. to apply hide_db and only_db
$drops = array_diff(array_keys($databases), (array) $GLOBALS['pma']->databases);
foreach ($drops as $drop) {
unset($databases[$drop]);
}
} else {
$databases = array();
foreach ($GLOBALS['pma']->databases as $database_name) {
// MySQL forward compatibility
// so pma could use this array as if every server is of version >5.0
// todo : remove and check the rest of the code for usage,
// MySQL 5.0 or higher is required for current PMA version
$databases[$database_name]['SCHEMA_NAME'] = $database_name;
include_once './libraries/mysql_charsets.inc.php';
$databases[$database_name]['DEFAULT_COLLATION_NAME'] = PMA_getDbCollation($database_name);
if (!$force_stats) {
continue;
}
// get additional info about tables
$databases[$database_name]['SCHEMA_TABLES'] = 0;
$databases[$database_name]['SCHEMA_TABLE_ROWS'] = 0;
$databases[$database_name]['SCHEMA_DATA_LENGTH'] = 0;
$databases[$database_name]['SCHEMA_MAX_DATA_LENGTH'] = 0;
$databases[$database_name]['SCHEMA_INDEX_LENGTH'] = 0;
$databases[$database_name]['SCHEMA_LENGTH'] = 0;
$databases[$database_name]['SCHEMA_DATA_FREE'] = 0;
$res = $this->query('SHOW TABLE STATUS FROM ' . Util::backquote($database_name) . ';');
if ($res === false) {
unset($res);
continue;
}
while ($row = $this->fetchAssoc($res)) {
$databases[$database_name]['SCHEMA_TABLES']++;
$databases[$database_name]['SCHEMA_TABLE_ROWS'] += $row['Rows'];
$databases[$database_name]['SCHEMA_DATA_LENGTH'] += $row['Data_length'];
$databases[$database_name]['SCHEMA_MAX_DATA_LENGTH'] += $row['Max_data_length'];
$databases[$database_name]['SCHEMA_INDEX_LENGTH'] += $row['Index_length'];
// for InnoDB, this does not contain the number of
// overhead bytes but the total free space
if ('InnoDB' != $row['Engine']) {
$databases[$database_name]['SCHEMA_DATA_FREE'] += $row['Data_free'];
}
$databases[$database_name]['SCHEMA_LENGTH'] += $row['Data_length'] + $row['Index_length'];
}
$this->freeResult($res);
unset($res);
}
}
/**
* apply limit and order manually now
* (caused by older MySQL < 5 or $GLOBALS['cfg']['NaturalOrder'])
*/
if ($apply_limit_and_order_manual) {
$GLOBALS['callback_sort_order'] = $sort_order;
$GLOBALS['callback_sort_by'] = $sort_by;
usort($databases, array('PMA\\libraries\\DatabaseInterface', '_usortComparisonCallback'));
unset($GLOBALS['callback_sort_order'], $GLOBALS['callback_sort_by']);
/**
* now apply limit
*/
if ($limit_count) {
$databases = array_slice($databases, $limit_offset, $limit_count);
}
}
return $databases;
}
/**
* Parse and analyze the query
*/
require_once 'libraries/parse_analyze.lib.php';
list($analyzed_sql_results, $db, $table) = PMA_parseAnalyze($sql_query, $db);
// @todo: possibly refactor
extract($analyzed_sql_results);
/**
* Check rights in case of DROP DATABASE
*
* This test may be bypassed if $is_js_confirmed = 1 (already checked with js)
* but since a malicious user may pass this variable by url/form, we don't take
* into account this case.
*/
if (PMA_hasNoRightsToDropDatabase($analyzed_sql_results, $cfg['AllowUserDropDatabase'], $is_superuser)) {
Util::mysqlDie(__('"DROP DATABASE" statements are disabled.'), '', false, $err_url);
}
// end if
/**
* Need to find the real end of rows?
*/
if (isset($find_real_end) && $find_real_end) {
$unlim_num_rows = PMA_findRealEndOfRows($db, $table);
}
/**
* Bookmark add
*/
if (isset($_POST['store_bkm'])) {
PMA_addBookmark($goto);
// script has exited at this point
}
/**
* Update password and get message for password updating
*
* @param string $err_url error url
* @param string $username username
* @param string $hostname hostname
*
* @return string $message success or error message after updating password
*/
function PMA_updatePassword($err_url, $username, $hostname)
{
// similar logic in user_password.php
$message = '';
$is_superuser = $GLOBALS['dbi']->isSuperuser();
if (empty($_REQUEST['nopass']) && isset($_POST['pma_pw']) && isset($_POST['pma_pw2'])) {
if ($_POST['pma_pw'] != $_POST['pma_pw2']) {
$message = Message::error(__('The passwords aren\'t the same!'));
} elseif (empty($_POST['pma_pw']) || empty($_POST['pma_pw2'])) {
$message = Message::error(__('The password is empty!'));
}
}
// here $nopass could be == 1
if (empty($message)) {
$hashing_function = 'PASSWORD';
$serverType = Util::getServerType();
$authentication_plugin = isset($_REQUEST['authentication_plugin']) ? $_REQUEST['authentication_plugin'] : PMA_getCurrentAuthenticationPlugin('change', $username, $hostname);
// Use 'ALTER USER ...' syntax for MySQL 5.7.6+
if ($serverType == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706) {
if ($authentication_plugin != 'mysql_old_password') {
$query_prefix = "ALTER USER '" . Util::sqlAddSlashes($username) . "'@'" . Util::sqlAddSlashes($hostname) . "'" . " IDENTIFIED WITH " . $authentication_plugin . " BY '";
} else {
$query_prefix = "ALTER USER '" . Util::sqlAddSlashes($username) . "'@'" . Util::sqlAddSlashes($hostname) . "'" . " IDENTIFIED BY '";
}
// in $sql_query which will be displayed, hide the password
$sql_query = $query_prefix . "*'";
$local_query = $query_prefix . Util::sqlAddSlashes($_POST['pma_pw']) . "'";
} else {
if ($serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200 && $is_superuser) {
// Use 'UPDATE `mysql`.`user` ...' Syntax for MariaDB 5.2+
if ($authentication_plugin == 'mysql_native_password') {
// Set the hashing method used by PASSWORD()
// to be 'mysql_native_password' type
$GLOBALS['dbi']->tryQuery('SET old_passwords = 0;');
} else {
if ($authentication_plugin == 'sha256_password') {
// Set the hashing method used by PASSWORD()
// to be 'sha256_password' type
$GLOBALS['dbi']->tryQuery('SET `old_passwords` = 2;');
}
}
$hashedPassword = PMA_getHashedPassword($_POST['pma_pw']);
$sql_query = 'SET PASSWORD FOR \'' . Util::sqlAddSlashes($username) . '\'@\'' . Util::sqlAddSlashes($hostname) . '\' = ' . ($_POST['pma_pw'] == '' ? '\'\'' : $hashing_function . '(\'' . preg_replace('@.@s', '*', $_POST['pma_pw']) . '\')');
$local_query = "UPDATE `mysql`.`user` SET " . " `authentication_string` = '" . $hashedPassword . "', `Password` = '', " . " `plugin` = '" . $authentication_plugin . "'" . " WHERE `User` = '" . $username . "' AND Host = '" . $hostname . "';";
$GLOBALS['dbi']->tryQuery("FLUSH PRIVILEGES;");
} else {
// USE 'SET PASSWORD ...' syntax for rest of the versions
// Backup the old value, to be reset later
$row = $GLOBALS['dbi']->fetchSingleRow('SELECT @@old_passwords;');
$orig_value = $row['@@old_passwords'];
$update_plugin_query = "UPDATE `mysql`.`user` SET" . " `plugin` = '" . $authentication_plugin . "'" . " WHERE `User` = '" . $username . "' AND Host = '" . $hostname . "';";
// Update the plugin for the user
if (!$GLOBALS['dbi']->tryQuery($update_plugin_query)) {
Util::mysqlDie($GLOBALS['dbi']->getError(), $update_plugin_query, false, $err_url);
}
$GLOBALS['dbi']->tryQuery("FLUSH PRIVILEGES;");
if ($authentication_plugin == 'mysql_native_password') {
// Set the hashing method used by PASSWORD()
// to be 'mysql_native_password' type
$GLOBALS['dbi']->tryQuery('SET old_passwords = 0;');
} else {
if ($authentication_plugin == 'sha256_password') {
// Set the hashing method used by PASSWORD()
// to be 'sha256_password' type
$GLOBALS['dbi']->tryQuery('SET `old_passwords` = 2;');
}
}
$sql_query = 'SET PASSWORD FOR \'' . Util::sqlAddSlashes($username) . '\'@\'' . Util::sqlAddSlashes($hostname) . '\' = ' . ($_POST['pma_pw'] == '' ? '\'\'' : $hashing_function . '(\'' . preg_replace('@.@s', '*', $_POST['pma_pw']) . '\')');
$local_query = 'SET PASSWORD FOR \'' . Util::sqlAddSlashes($username) . '\'@\'' . Util::sqlAddSlashes($hostname) . '\' = ' . ($_POST['pma_pw'] == '' ? '\'\'' : $hashing_function . '(\'' . Util::sqlAddSlashes($_POST['pma_pw']) . '\')');
}
}
if (!$GLOBALS['dbi']->tryQuery($local_query)) {
Util::mysqlDie($GLOBALS['dbi']->getError(), $sql_query, false, $err_url);
}
$message = Message::success(__('The password for %s was changed successfully.'));
$message->addParam('\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'');
if (isset($orig_value)) {
$GLOBALS['dbi']->tryQuery('SET `old_passwords` = ' . $orig_value . ';');
}
}
return $message;
}
/**
* User is not allowed to login to MySQL -> authentication failed
*
* @return boolean always true (no return indeed)
*/
public function authFails()
{
$conn_error = $GLOBALS['dbi']->getError();
if (!$conn_error) {
$conn_error = __('Cannot connect: invalid settings.');
}
/* HTML header */
$response = PMA\libraries\Response::getInstance();
$response->getFooter()->setMinimal();
$header = $response->getHeader();
$header->setBodyId('loginform');
$header->setTitle(__('Access denied!'));
$header->disableMenuAndConsole();
echo '<br /><br />
<center>
<h1>';
echo sprintf(__('Welcome to %s'), ' phpMyAdmin ');
echo '</h1>
</center>
<br />
<table cellpadding="0" cellspacing="3" style="margin: 0 auto" width="80%">
<tr>
<td>';
if (isset($GLOBALS['allowDeny_forbidden']) && $GLOBALS['allowDeny_forbidden']) {
trigger_error(__('Access denied!'), E_USER_NOTICE);
} else {
// Check whether user has configured something
if ($GLOBALS['PMA_Config']->source_mtime == 0) {
echo '<p>', sprintf(__('You probably did not create a configuration file.' . ' You might want to use the %1$ssetup script%2$s to' . ' create one.'), '<a href="setup/">', '</a>'), '</p>', "\n";
} elseif (!isset($GLOBALS['errno']) || isset($GLOBALS['errno']) && $GLOBALS['errno'] != 2002 && $GLOBALS['errno'] != 2003) {
// if we display the "Server not responding" error, do not confuse
// users by telling them they have a settings problem
// (note: it's true that they could have a badly typed host name,
// but anyway the current message tells that the server
// rejected the connection, which is not really what happened)
// 2002 is the error given by mysqli
// 2003 is the error given by mysql
trigger_error(__('phpMyAdmin tried to connect to the MySQL server, and the' . ' server rejected the connection. You should check the' . ' host, username and password in your configuration and' . ' make sure that they correspond to the information given' . ' by the administrator of the MySQL server.'), E_USER_WARNING);
}
echo PMA\libraries\Util::mysqlDie($conn_error, '', true, '', false);
}
$GLOBALS['error_handler']->dispUserErrors();
echo '</td>
</tr>
<tr>
<td>', "\n";
echo '<a href="', PMA\libraries\Util::getScriptNameForOption($GLOBALS['cfg']['DefaultTabServer'], 'server'), URL::getCommon(), '" class="button disableAjax">', __('Retry to connect'), '</a>', "\n";
echo '</td>
</tr>', "\n";
if (count($GLOBALS['cfg']['Servers']) > 1) {
// offer a chance to login to other servers if the current one failed
include_once './libraries/select_server.lib.php';
echo '<tr>', "\n";
echo ' <td>', "\n";
echo PMA_selectServer(true, true);
echo ' </td>', "\n";
echo '</tr>', "\n";
}
echo '</table>', "\n";
if (!defined('TESTSUITE')) {
exit;
}
return true;
}
/**
* Function to handle foreign key updates
*
* @param array $destination_foreign_db destination foreign database
* @param array $multi_edit_columns_name multi edit column names
* @param array $destination_foreign_table destination foreign table
* @param array $destination_foreign_column destination foreign column
* @param array $options_array options array
* @param string $table current table
* @param array $existrel_foreign db, table, column
*
* @return array
*/
public function updateForeignKeys($destination_foreign_db, $multi_edit_columns_name, $destination_foreign_table, $destination_foreign_column, $options_array, $table, $existrel_foreign)
{
$html_output = '';
$preview_sql_data = '';
$display_query = '';
$seen_error = false;
foreach ($destination_foreign_db as $master_field_md5 => $foreign_db) {
$create = false;
$drop = false;
// Map the fieldname's md5 back to its real name
$master_field = $multi_edit_columns_name[$master_field_md5];
$foreign_table = $destination_foreign_table[$master_field_md5];
$foreign_field = $destination_foreign_column[$master_field_md5];
if (isset($existrel_foreign[$master_field_md5]['ref_db_name'])) {
$ref_db_name = $existrel_foreign[$master_field_md5]['ref_db_name'];
} else {
$ref_db_name = $GLOBALS['db'];
}
$empty_fields = false;
foreach ($master_field as $key => $one_field) {
if (!empty($one_field) && empty($foreign_field[$key]) || empty($one_field) && !empty($foreign_field[$key])) {
$empty_fields = true;
}
if (empty($one_field) && empty($foreign_field[$key])) {
unset($master_field[$key]);
unset($foreign_field[$key]);
}
}
if (!empty($foreign_db) && !empty($foreign_table) && !$empty_fields) {
if (isset($existrel_foreign[$master_field_md5])) {
$constraint_name = $existrel_foreign[$master_field_md5]['constraint'];
$on_delete = !empty($existrel_foreign[$master_field_md5]['on_delete']) ? $existrel_foreign[$master_field_md5]['on_delete'] : 'RESTRICT';
$on_update = !empty($existrel_foreign[$master_field_md5]['on_update']) ? $existrel_foreign[$master_field_md5]['on_update'] : 'RESTRICT';
if ($ref_db_name != $foreign_db || $existrel_foreign[$master_field_md5]['ref_table_name'] != $foreign_table || $existrel_foreign[$master_field_md5]['ref_index_list'] != $foreign_field || $existrel_foreign[$master_field_md5]['index_list'] != $master_field || $_REQUEST['constraint_name'][$master_field_md5] != $constraint_name || $_REQUEST['on_delete'][$master_field_md5] != $on_delete || $_REQUEST['on_update'][$master_field_md5] != $on_update) {
// another foreign key is already defined for this field
// or an option has been changed for ON DELETE or ON UPDATE
$drop = true;
$create = true;
}
// end if... else....
} else {
// no key defined for this field(s)
$create = true;
}
} elseif (isset($existrel_foreign[$master_field_md5])) {
$drop = true;
}
// end if... else....
$tmp_error_drop = false;
if ($drop) {
$drop_query = 'ALTER TABLE ' . Util::backquote($table) . ' DROP FOREIGN KEY ' . Util::backquote($existrel_foreign[$master_field_md5]['constraint']) . ';';
if (!isset($_REQUEST['preview_sql'])) {
$display_query .= $drop_query . "\n";
$this->_dbi->tryQuery($drop_query);
$tmp_error_drop = $this->_dbi->getError();
if (!empty($tmp_error_drop)) {
$seen_error = true;
$html_output .= Util::mysqlDie($tmp_error_drop, $drop_query, false, '', false);
continue;
}
} else {
$preview_sql_data .= $drop_query . "\n";
}
}
$tmp_error_create = false;
if (!$create) {
continue;
}
$create_query = $this->_getSQLToCreateForeignKey($table, $master_field, $foreign_db, $foreign_table, $foreign_field, $_REQUEST['constraint_name'][$master_field_md5], $options_array[$_REQUEST['on_delete'][$master_field_md5]], $options_array[$_REQUEST['on_update'][$master_field_md5]]);
if (!isset($_REQUEST['preview_sql'])) {
$display_query .= $create_query . "\n";
$this->_dbi->tryQuery($create_query);
$tmp_error_create = $this->_dbi->getError();
if (!empty($tmp_error_create)) {
$seen_error = true;
if (substr($tmp_error_create, 1, 4) == '1005') {
$message = Message::error(__('Error creating foreign key on %1$s (check data ' . 'types)'));
$message->addParam(implode(', ', $master_field));
$html_output .= $message->getDisplay();
} else {
$html_output .= Util::mysqlDie($tmp_error_create, $create_query, false, '', false);
}
$html_output .= Util::showMySQLDocu('InnoDB_foreign_key_constraints') . "\n";
}
} else {
$preview_sql_data .= $create_query . "\n";
}
// this is an alteration and the old constraint has been dropped
// without creation of a new one
if ($drop && $create && empty($tmp_error_drop) && !empty($tmp_error_create)) {
// a rollback may be better here
$sql_query_recreate = '# Restoring the dropped constraint...' . "\n";
$sql_query_recreate .= $this->_getSQLToCreateForeignKey($table, $master_field, $existrel_foreign[$master_field_md5]['ref_db_name'], $existrel_foreign[$master_field_md5]['ref_table_name'], $existrel_foreign[$master_field_md5]['ref_index_list'], $existrel_foreign[$master_field_md5]['constraint'], $options_array[$existrel_foreign[$master_field_md5]['on_delete']], $options_array[$existrel_foreign[$master_field_md5]['on_update']]);
if (!isset($_REQUEST['preview_sql'])) {
$display_query .= $sql_query_recreate . "\n";
$this->_dbi->tryQuery($sql_query_recreate);
} else {
$preview_sql_data .= $sql_query_recreate;
}
}
}
// end foreach
return array($html_output, $preview_sql_data, $display_query, $seen_error);
}
/**
* Update the table's structure based on $_REQUEST
*
* @return boolean $regenerate true if error occurred
*
*/
protected function updateColumns()
{
$err_url = 'tbl_structure.php' . PMA_URL_getCommon(array('db' => $this->db, 'table' => $this->table));
$regenerate = false;
$field_cnt = count($_REQUEST['field_name']);
$changes = array();
$adjust_privileges = array();
for ($i = 0; $i < $field_cnt; $i++) {
if (!$this->columnNeedsAlterTable($i)) {
continue;
}
$changes[] = 'CHANGE ' . Table::generateAlter(Util_lib\get($_REQUEST, "field_orig.{$i}", ''), $_REQUEST['field_name'][$i], $_REQUEST['field_type'][$i], $_REQUEST['field_length'][$i], $_REQUEST['field_attribute'][$i], Util_lib\get($_REQUEST, "field_collation.{$i}", ''), Util_lib\get($_REQUEST, "field_null.{$i}", 'NOT NULL'), $_REQUEST['field_default_type'][$i], $_REQUEST['field_default_value'][$i], Util_lib\get($_REQUEST, "field_extra.{$i}", false), Util_lib\get($_REQUEST, "field_comments.{$i}", ''), Util_lib\get($_REQUEST, "field_virtuality.{$i}", ''), Util_lib\get($_REQUEST, "field_expression.{$i}", ''), Util_lib\get($_REQUEST, "field_move_to.{$i}", ''));
// find the remembered sort expression
$sorted_col = $this->table_obj->getUiProp(Table::PROP_SORTED_COLUMN);
// if the old column name is part of the remembered sort expression
if (mb_strpos($sorted_col, Util::backquote($_REQUEST['field_orig'][$i])) !== false) {
// delete the whole remembered sort expression
$this->table_obj->removeUiProp(Table::PROP_SORTED_COLUMN);
}
if (isset($_REQUEST['field_adjust_privileges'][$i]) && !empty($_REQUEST['field_adjust_privileges'][$i]) && $_REQUEST['field_orig'][$i] != $_REQUEST['field_name'][$i]) {
$adjust_privileges[$_REQUEST['field_orig'][$i]] = $_REQUEST['field_name'][$i];
}
}
// end for
if (count($changes) > 0 || isset($_REQUEST['preview_sql'])) {
// Builds the primary keys statements and updates the table
$key_query = '';
/**
* this is a little bit more complex
*
* @todo if someone selects A_I when altering a column we need to check:
* - no other column with A_I
* - the column has an index, if not create one
*
*/
// To allow replication, we first select the db to use
// and then run queries on this db.
if (!$this->dbi->selectDb($this->db)) {
Util::mysqlDie($this->dbi->getError(), 'USE ' . Util::backquote($this->db) . ';', false, $err_url);
}
$sql_query = 'ALTER TABLE ' . Util::backquote($this->table) . ' ';
$sql_query .= implode(', ', $changes) . $key_query;
$sql_query .= ';';
// If there is a request for SQL previewing.
if (isset($_REQUEST['preview_sql'])) {
PMA_previewSQL(count($changes) > 0 ? $sql_query : '');
}
$columns_with_index = $this->dbi->getTable($this->db, $this->table)->getColumnsWithIndex(PMA_Index::PRIMARY | PMA_Index::UNIQUE | PMA_Index::INDEX | PMA_Index::SPATIAL | PMA_Index::FULLTEXT);
$changedToBlob = array();
// While changing the Column Collation
// First change to BLOB
for ($i = 0; $i < $field_cnt; $i++) {
if (isset($_REQUEST['field_collation'][$i]) && isset($_REQUEST['field_collation_orig'][$i]) && $_REQUEST['field_collation'][$i] !== $_REQUEST['field_collation_orig'][$i] && !in_array($_REQUEST['field_orig'][$i], $columns_with_index)) {
$secondary_query = 'ALTER TABLE ' . Util::backquote($this->table) . ' CHANGE ' . Util::backquote($_REQUEST['field_orig'][$i]) . ' ' . Util::backquote($_REQUEST['field_orig'][$i]) . ' BLOB;';
$this->dbi->query($secondary_query);
$changedToBlob[$i] = true;
} else {
$changedToBlob[$i] = false;
}
}
// Then make the requested changes
$result = $this->dbi->tryQuery($sql_query);
if ($result !== false) {
$changed_privileges = $this->adjustColumnPrivileges($adjust_privileges);
if ($changed_privileges) {
$message = Message::success(__('Table %1$s has been altered successfully. Privileges ' . 'have been adjusted.'));
} else {
$message = Message::success(__('Table %1$s has been altered successfully.'));
}
$message->addParam($this->table);
$this->response->addHTML(Util::getMessage($message, $sql_query, 'success'));
} else {
// An error happened while inserting/updating a table definition
// Save the Original Error
$orig_error = $this->dbi->getError();
$changes_revert = array();
// Change back to Original Collation and data type
for ($i = 0; $i < $field_cnt; $i++) {
if ($changedToBlob[$i]) {
$changes_revert[] = 'CHANGE ' . Table::generateAlter(Util_lib\get($_REQUEST, "field_orig.{$i}", ''), $_REQUEST['field_name'][$i], $_REQUEST['field_type_orig'][$i], $_REQUEST['field_length_orig'][$i], $_REQUEST['field_attribute_orig'][$i], Util_lib\get($_REQUEST, "field_collation_orig.{$i}", ''), Util_lib\get($_REQUEST, "field_null_orig.{$i}", 'NOT NULL'), $_REQUEST['field_default_type_orig'][$i], $_REQUEST['field_default_value_orig'][$i], Util_lib\get($_REQUEST, "field_extra_orig.{$i}", false), Util_lib\get($_REQUEST, "field_comments_orig.{$i}", ''), Util_lib\get($_REQUEST, "field_virtuality_orig.{$i}", ''), Util_lib\get($_REQUEST, "field_expression_orig.{$i}", ''), Util_lib\get($_REQUEST, "field_move_to_orig.{$i}", ''));
}
}
$revert_query = 'ALTER TABLE ' . Util::backquote($this->table) . ' ';
$revert_query .= implode(', ', $changes_revert) . '';
$revert_query .= ';';
// Column reverted back to original
$this->dbi->query($revert_query);
$this->response->setRequestStatus(false);
$this->response->addJSON('message', Message::rawError(__('Query error') . ':<br />' . $orig_error));
$regenerate = true;
}
}
// update field names in relation
if (isset($_REQUEST['field_orig']) && is_array($_REQUEST['field_orig'])) {
foreach ($_REQUEST['field_orig'] as $fieldindex => $fieldcontent) {
if ($_REQUEST['field_name'][$fieldindex] != $fieldcontent) {
PMA_REL_renameField($this->db, $this->table, $fieldcontent, $_REQUEST['field_name'][$fieldindex]);
}
}
}
// update mime types
if (isset($_REQUEST['field_mimetype']) && is_array($_REQUEST['field_mimetype']) && $GLOBALS['cfg']['BrowseMIME']) {
foreach ($_REQUEST['field_mimetype'] as $fieldindex => $mimetype) {
if (isset($_REQUEST['field_name'][$fieldindex]) && mb_strlen($_REQUEST['field_name'][$fieldindex])) {
PMA_setMIME($this->db, $this->table, $_REQUEST['field_name'][$fieldindex], $mimetype, $_REQUEST['field_transformation'][$fieldindex], $_REQUEST['field_transformation_options'][$fieldindex], $_REQUEST['field_input_transformation'][$fieldindex], $_REQUEST['field_input_transformation_options'][$fieldindex]);
}
}
}
return $regenerate;
}
/**
* Update password and get message for password updating
*
* @param string $err_url error url
* @param string $username username
* @param string $hostname hostname
*
* @return string $message success or error message after updating password
*/
function PMA_updatePassword($err_url, $username, $hostname)
{
// similar logic in user_password.php
$message = '';
if (empty($_REQUEST['nopass']) && isset($_POST['pma_pw']) && isset($_POST['pma_pw2'])) {
if ($_POST['pma_pw'] != $_POST['pma_pw2']) {
$message = Message::error(__('The passwords aren\'t the same!'));
} elseif (empty($_POST['pma_pw']) || empty($_POST['pma_pw2'])) {
$message = Message::error(__('The password is empty!'));
}
}
// here $nopass could be == 1
if (empty($message)) {
if (Util::getServerType() == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706) {
if (!empty($_REQUEST['pw_hash']) && $_REQUEST['pw_hash'] != 'old') {
$query_prefix = "ALTER USER '" . Util::sqlAddSlashes($username) . "'@'" . Util::sqlAddSlashes($hostname) . "'" . " IDENTIFIED WITH " . $_REQUEST['pw_hash'] . " BY '";
} else {
$query_prefix = "ALTER USER '" . Util::sqlAddSlashes($username) . "'@'" . Util::sqlAddSlashes($hostname) . "'" . " IDENTIFIED BY '";
}
// in $sql_query which will be displayed, hide the password
$sql_query = $query_prefix . "*'";
$local_query = $query_prefix . Util::sqlAddSlashes($_POST['pma_pw']) . "'";
} else {
if (!empty($_REQUEST['pw_hash']) && $_REQUEST['pw_hash'] == 'old') {
$hashing_function = 'OLD_PASSWORD';
} elseif (!empty($_REQUEST['pw_hash']) && $_REQUEST['pw_hash'] == 'sha256_password') {
$hashing_function = 'PASSWORD';
// Backup the old value, to be reset later
$row = $GLOBALS['dbi']->fetchSingleRow('SELECT @@old_passwords;');
$orig_value = $row['@@old_passwords'];
// Set the hashing method used by PASSWORD()
// to be 'sha256_password' type
$GLOBALS['dbi']->tryQuery('SET old_passwords = 2;');
} else {
$hashing_function = 'PASSWORD';
}
$sql_query = 'SET PASSWORD FOR \'' . Util::sqlAddSlashes($username) . '\'@\'' . Util::sqlAddSlashes($hostname) . '\' = ' . ($_POST['pma_pw'] == '' ? '\'\'' : $hashing_function . '(\'' . preg_replace('@.@s', '*', $_POST['pma_pw']) . '\')');
$local_query = 'SET PASSWORD FOR \'' . Util::sqlAddSlashes($username) . '\'@\'' . Util::sqlAddSlashes($hostname) . '\' = ' . ($_POST['pma_pw'] == '' ? '\'\'' : $hashing_function . '(\'' . Util::sqlAddSlashes($_POST['pma_pw']) . '\')');
}
$GLOBALS['dbi']->tryQuery($local_query) or Util::mysqlDie($GLOBALS['dbi']->getError(), $sql_query, false, $err_url);
$message = Message::success(__('The password for %s was changed successfully.'));
$message->addParam('\'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'');
if (isset($orig_value)) {
$GLOBALS['dbi']->tryQuery('SET `old_passwords` = ' . $orig_value . ';');
}
}
return $message;
}
/**
* Function to execute the column creation statement
*
* @param string $db current database
* @param string $table current table
* @param string $err_url error page url
*
* @return array
*/
function PMA_tryColumnCreationQuery($db, $table, $err_url)
{
// get column addition statements
$sql_statement = PMA_getColumnCreationStatements(false);
// To allow replication, we first select the db to use and then run queries
// on this db.
if (!$GLOBALS['dbi']->selectDb($db)) {
PMA\libraries\Util::mysqlDie($GLOBALS['dbi']->getError(), 'USE ' . PMA\libraries\Util::backquote($db), false, $err_url);
}
$sql_query = 'ALTER TABLE ' . PMA\libraries\Util::backquote($table) . ' ' . $sql_statement . ';';
// If there is a request for SQL previewing.
if (isset($_REQUEST['preview_sql'])) {
PMA_previewSQL($sql_query);
}
return array($GLOBALS['dbi']->tryQuery($sql_query), $sql_query);
}
