/**
  * Validates and saves form data to session
  *
  * @uses ConfigFile::get()
  * @uses ConfigFile::getInstance()
  * @uses ConfigFile::getServerCount()
  * @uses ConfigFile::set()
  * @uses Form::getOptionType()
  * @uses Form::getOptionValueList()
  * @uses PMA_lang_name()
  * @param  array|string  $forms               array of form names
  * @param  bool          $allow_partial_save  allows for partial form saving on failed validation
  * @return boolean  true on success (no errors and all saved)
  */
 public function save($forms, $allow_partial_save = true)
 {
     $result = true;
     $cf = ConfigFile::getInstance();
     $forms = (array) $forms;
     $values = array();
     $to_save = array();
     $is_setup_script = defined('PMA_SETUP');
     if ($is_setup_script) {
         $this->_loadUserprefsInfo();
     }
     $this->errors = array();
     foreach ($forms as $form) {
         /* @var $form Form */
         if (isset($this->forms[$form])) {
             $form = $this->forms[$form];
         } else {
             continue;
         }
         // get current server id
         $change_index = $form->index === 0 ? $cf->getServerCount() + 1 : false;
         // grab POST values
         foreach ($form->fields as $field => $system_path) {
             $work_path = array_search($system_path, $this->system_paths);
             $key = $this->translated_paths[$work_path];
             $type = $form->getOptionType($field);
             // skip groups
             if ($type == 'group') {
                 continue;
             }
             // ensure the value is set
             if (!isset($_POST[$key])) {
                 // checkboxes aren't set by browsers if they're off
                 if ($type == 'boolean') {
                     $_POST[$key] = false;
                 } else {
                     $this->errors[$form->name][] = sprintf(__('Missing data for %s'), '<i>' . PMA_lang_name($system_path) . '</i>');
                     $result = false;
                     continue;
                 }
             }
             // user preferences allow/disallow
             if ($is_setup_script && isset($this->userprefs_keys[$system_path])) {
                 if (isset($this->userprefs_disallow[$system_path]) && isset($_POST[$key . '-userprefs-allow'])) {
                     unset($this->userprefs_disallow[$system_path]);
                 } else {
                     if (!isset($_POST[$key . '-userprefs-allow'])) {
                         $this->userprefs_disallow[$system_path] = true;
                     }
                 }
             }
             // cast variables to correct type
             switch ($type) {
                 case 'double':
                     settype($_POST[$key], 'float');
                     break;
                 case 'boolean':
                 case 'integer':
                     if ($_POST[$key] !== '') {
                         settype($_POST[$key], $type);
                     }
                     break;
                 case 'select':
                     // special treatment for NavigationBarIconic and PropertiesIconic
                     if ($key === 'NavigationBarIconic' || $key === 'PropertiesIconic') {
                         if ($_POST[$key] !== 'both') {
                             settype($_POST[$key], 'boolean');
                         }
                     }
                     if (!$this->_validateSelect($_POST[$key], $form->getOptionValueList($system_path))) {
                         $this->errors[$work_path][] = __('Incorrect value');
                         $result = false;
                         continue;
                     }
                     break;
                 case 'string':
                 case 'short_string':
                     $_POST[$key] = trim($_POST[$key]);
                     break;
                 case 'array':
                     // eliminate empty values and ensure we have an array
                     $post_values = is_array($_POST[$key]) ? $_POST[$key] : explode("\n", $_POST[$key]);
                     $_POST[$key] = array();
                     foreach ($post_values as $v) {
                         $v = trim($v);
                         if ($v !== '') {
                             $_POST[$key][] = $v;
                         }
                     }
                     break;
             }
             // now we have value with proper type
             $values[$system_path] = $_POST[$key];
             if ($change_index !== false) {
                 $work_path = str_replace("Servers/{$form->index}/", "Servers/{$change_index}/", $work_path);
             }
             $to_save[$work_path] = $system_path;
         }
     }
     // save forms
     if ($allow_partial_save || empty($this->errors)) {
         foreach ($to_save as $work_path => $path) {
             // TrustedProxies requires changes before saving
             if ($path == 'TrustedProxies') {
                 $proxies = array();
                 $i = 0;
                 foreach ($values[$path] as $value) {
                     $matches = array();
                     if (preg_match("/^(.+):(?:[ ]?)(\\w+)\$/", $value, $matches)) {
                         // correct 'IP: HTTP header' pair
                         $ip = trim($matches[1]);
                         $proxies[$ip] = trim($matches[2]);
                     } else {
                         // save also incorrect values
                         $proxies["-{$i}"] = $value;
                         $i++;
                     }
                 }
                 $values[$path] = $proxies;
             }
             $cf->set($work_path, $values[$path], $path);
         }
         if ($is_setup_script) {
             $cf->set('UserprefsDisallow', array_keys($this->userprefs_disallow));
         }
     }
     // don't look for non-critical errors
     $this->_validate();
     return $result;
 }
Example #2
0
/**
 * Performs various compatibility, security and consistency checks on current config
 *
 * Outputs results to message list, must be called between messages_begin()
 * and messages_end()
 */
function perform_config_checks()
{
    $cf = ConfigFile::getInstance();
    $blowfish_secret = $cf->get('blowfish_secret');
    $blowfish_secret_set = false;
    $cookie_auth_used = false;

    $strAllowArbitraryServerWarning = __('This %soption%s should be disabled as it allows attackers to bruteforce login to any MySQL server. If you feel this is necessary, use %strusted proxies list%s. However, IP-based protection may not be reliable if your IP belongs to an ISP where thousands of users, including you, are connected to.');
    $strAllowArbitraryServerWarning = sprintf($strAllowArbitraryServerWarning, '[a@?page=form&amp;formset=Features#tab_Security]', '[/a]', '[a@?page=form&amp;formset=Features#tab_Security]', '[/a]');
    $strBlowfishSecretMsg = __('You didn\'t have blowfish secret set and have enabled cookie authentication, so a key was automatically generated for you. It is used to encrypt cookies; you don\'t need to remember it.');
    $strBZipDumpWarning = __('%sBzip2 compression and decompression%s requires functions (%s) which are unavailable on this system.');
    $strBZipDumpWarning = sprintf($strBZipDumpWarning, '[a@?page=form&amp;formset=Features#tab_Import_export]', '[/a]', '%s');
    $strDirectoryNotice = __('This value should be double checked to ensure that this directory is neither world accessible nor readable or writable by other users on your server.');
    $strForceSSLNotice = __('This %soption%s should be enabled if your web server supports it.');
    $strForceSSLNotice = sprintf($strForceSSLNotice, '[a@?page=form&amp;formset=Features#tab_Security]', '[/a]');
    $strGZipDumpWarning = __('%sGZip compression and decompression%s requires functions (%s) which are unavailable on this system.');
    $strGZipDumpWarning = sprintf($strGZipDumpWarning, '[a@?page=form&amp;formset=Features#tab_Import_export]', '[/a]', '%s');
    $strLoginCookieValidityWarning = __('%sLogin cookie validity%s greater than 1440 seconds may cause random session invalidation if %ssession.gc_maxlifetime%s is lower than its value (currently %d).');
    $strLoginCookieValidityWarning = sprintf($strLoginCookieValidityWarning, '[a@?page=form&amp;formset=Features#tab_Security]', '[/a]', '[a@' . PMA_getPHPDocLink('session.configuration.php#ini.session.gc-maxlifetime') . ']', '[/a]', ini_get('session.gc_maxlifetime'));
    $strLoginCookieValidityWarning2 = __('%sLogin cookie validity%s should be set to 1800 seconds (30 minutes) at most. Values larger than 1800 may pose a security risk such as impersonation.');
    $strLoginCookieValidityWarning2 = sprintf($strLoginCookieValidityWarning2, '[a@?page=form&amp;formset=Features#tab_Security]', '[/a]');
    $strLoginCookieValidityWarning3 = __('If using cookie authentication and %sLogin cookie store%s is not 0, %sLogin cookie validity%s must be set to a value less or equal to it.');
    $strLoginCookieValidityWarning3 = sprintf($strLoginCookieValidityWarning3, '[a@?page=form&amp;formset=Features#tab_Security]', '[/a]', '[a@?page=form&amp;formset=Features#tab_Security]', '[/a]');
    $strSecurityInfoMsg = __('If you feel this is necessary, use additional protection settings - %shost authentication%s settings and %strusted proxies list%s. However, IP-based protection may not be reliable if your IP belongs to an ISP where thousands of users, including you, are connected to.');
    $strSecurityInfoMsg = sprintf($strSecurityInfoMsg, '[a@?page=servers&amp;mode=edit&amp;id=%1$d#tab_Server_config]', '[/a]', '[a@?page=form&amp;formset=Features#tab_Security]', '[/a]');
    $strServerAuthConfigMsg = __('You set the [kbd]config[/kbd] authentication type and included username and password for auto-login, which is not a desirable option for live hosts. Anyone who knows or guesses your phpMyAdmin URL can directly access your phpMyAdmin panel. Set %sauthentication type%s to [kbd]cookie[/kbd] or [kbd]http[/kbd].');
    $strServerAuthConfigMsg = sprintf($strServerAuthConfigMsg, '[a@?page=servers&amp;mode=edit&amp;id=%1$d#tab_Server]', '[/a]');
    $strZipDumpExportWarning = __('%sZip compression%s requires functions (%s) which are unavailable on this system.');
    $strZipDumpExportWarning = sprintf($strZipDumpExportWarning, '[a@?page=form&amp;formset=Features#tab_Import_export]', '[/a]', '%s');
    $strZipDumpImportWarning = __('%sZip decompression%s requires functions (%s) which are unavailable on this system.');
    $strZipDumpImportWarning = sprintf($strZipDumpImportWarning, '[a@?page=form&amp;formset=Features#tab_Import_export]', '[/a]', '%s');

    for ($i = 1, $server_cnt = $cf->getServerCount(); $i <= $server_cnt; $i++) {
        $cookie_auth_server = ($cf->getValue("Servers/$i/auth_type") == 'cookie');
        $cookie_auth_used |= $cookie_auth_server;
        $server_name = $cf->getServerName($i);
        if ($server_name == 'mysql.com') {
            $server_name .=  " [$i]";
        }
        $server_name = htmlspecialchars($server_name);

        if ($cookie_auth_server && $blowfish_secret === null) {
            $blowfish_secret = uniqid('', true);
            $blowfish_secret_set = true;
            $cf->set('blowfish_secret', $blowfish_secret);
        }

        //
        // $cfg['Servers'][$i]['ssl']
        // should be enabled if possible
        //
        if (!$cf->getValue("Servers/$i/ssl")) {
            $title = PMA_lang(PMA_lang_name('Servers/1/ssl')) . " ($server_name)";
            messages_set(
                'notice',
                "Servers/$i/ssl",
                $title,
                __('You should use SSL connections if your database server supports it.'));
        }

        //
        // $cfg['Servers'][$i]['extension']
        // warn about using 'mysql'
        //
        if ($cf->getValue("Servers/$i/extension") == 'mysql') {
            $title = PMA_lang(PMA_lang_name('Servers/1/extension')) . " ($server_name)";
            messages_set(
                'notice',
                "Servers/$i/extension",
                $title,
                __('You should use mysqli for performance reasons.'));
        }

        //
        // $cfg['Servers'][$i]['auth_type']
        // warn about full user credentials if 'auth_type' is 'config'
        //
        if ($cf->getValue("Servers/$i/auth_type") == 'config'
                && $cf->getValue("Servers/$i/user") != ''
                && $cf->getValue("Servers/$i/password") != '') {
            $title = PMA_lang(PMA_lang_name('Servers/1/auth_type')) . " ($server_name)";
            messages_set(
                'notice',
                "Servers/$i/auth_type",
                $title,
                PMA_lang($strServerAuthConfigMsg, $i) . ' ' .
                    PMA_lang($strSecurityInfoMsg, $i));
        }

        //
        // $cfg['Servers'][$i]['AllowRoot']
        // $cfg['Servers'][$i]['AllowNoPassword']
        // serious security flaw
        //
        if ($cf->getValue("Servers/$i/AllowRoot")
                && $cf->getValue("Servers/$i/AllowNoPassword")) {
            $title = PMA_lang(PMA_lang_name('Servers/1/AllowNoPassword')) . " ($server_name)";
            messages_set(
                'notice',
                "Servers/$i/AllowNoPassword",
                $title,
                __('You allow for connecting to the server without a password.') . ' ' .
                    PMA_lang($strSecurityInfoMsg, $i));
        }
    }

    //
    // $cfg['blowfish_secret']
    // it's required for 'cookie' authentication
    //
    if ($cookie_auth_used) {
        if ($blowfish_secret_set) {
            // 'cookie' auth used, blowfish_secret was generated
            messages_set(
                'notice',
                'blowfish_secret_created',
                PMA_lang(PMA_lang_name('blowfish_secret')),
                $strBlowfishSecretMsg);
        } else {
            $blowfish_warnings = array();
            // check length
            if (strlen($blowfish_secret) < 8) {
                // too short key
                $blowfish_warnings[] = __('Key is too short, it should have at least 8 characters.');
            }
            // check used characters
            $has_digits = (bool) preg_match('/\d/', $blowfish_secret);
            $has_chars = (bool) preg_match('/\S/', $blowfish_secret);
            $has_nonword = (bool) preg_match('/\W/', $blowfish_secret);
            if (!$has_digits || !$has_chars || !$has_nonword) {
                $blowfish_warnings[] = PMA_lang(__('Key should contain letters, numbers [em]and[/em] special characters.'));
            }
            if (!empty($blowfish_warnings)) {
                messages_set(
                    'error',
                    'blowfish_warnings' . count($blowfish_warnings),
                    PMA_lang(PMA_lang_name('blowfish_secret')),
                    implode('<br />', $blowfish_warnings));
            }
        }
    }

    //
    // $cfg['ForceSSL']
    // should be enabled if possible
    //
    if (!$cf->getValue('ForceSSL')) {
        messages_set(
            'notice',
            'ForceSSL',
            PMA_lang(PMA_lang_name('ForceSSL')),
            PMA_lang($strForceSSLNotice));
    }

    //
    // $cfg['AllowArbitraryServer']
    // should be disabled
    //
    if ($cf->getValue('AllowArbitraryServer')) {
        messages_set(
            'notice',
            'AllowArbitraryServer',
            PMA_lang(PMA_lang_name('AllowArbitraryServer')),
            PMA_lang($strAllowArbitraryServerWarning));
    }

    //
    // $cfg['LoginCookieValidity']
    // value greater than session.gc_maxlifetime will cause random session invalidation after that time
    //
    if ($cf->getValue('LoginCookieValidity') > 1440
            || $cf->getValue('LoginCookieValidity') > ini_get('session.gc_maxlifetime')) {
        $message_type = $cf->getValue('LoginCookieValidity') > ini_get('session.gc_maxlifetime')
            ? 'error'
            : 'notice';
        messages_set(
            $message_type,
            'LoginCookieValidity',
            PMA_lang(PMA_lang_name('LoginCookieValidity')),
            PMA_lang($strLoginCookieValidityWarning));
    }

    //
    // $cfg['LoginCookieValidity']
    // should be at most 1800 (30 min)
    //
    if ($cf->getValue('LoginCookieValidity') > 1800) {
        messages_set(
            'notice',
            'LoginCookieValidity',
            PMA_lang(PMA_lang_name('LoginCookieValidity')),
            PMA_lang($strLoginCookieValidityWarning2));
    }

    //
    // $cfg['LoginCookieValidity']
    // $cfg['LoginCookieStore']
    // LoginCookieValidity must be less or equal to LoginCookieStore
    //
    if ($cf->getValue('LoginCookieStore') != 0 && $cf->getValue('LoginCookieValidity') > $cf->getValue('LoginCookieStore')) {
        messages_set(
            'error',
            'LoginCookieValidity',
            PMA_lang(PMA_lang_name('LoginCookieValidity')),
            PMA_lang($strLoginCookieValidityWarning3));
    }

    //
    // $cfg['SaveDir']
    // should not be world-accessible
    //
    if ($cf->getValue('SaveDir') != '') {
        messages_set(
            'notice',
            'SaveDir',
            PMA_lang(PMA_lang_name('SaveDir')),
            PMA_lang($strDirectoryNotice));
    }

    //
    // $cfg['TempDir']
    // should not be world-accessible
    //
    if ($cf->getValue('TempDir') != '') {
        messages_set(
            'notice',
            'TempDir',
            PMA_lang(PMA_lang_name('TempDir')),
            PMA_lang($strDirectoryNotice));
    }

    //
    // $cfg['GZipDump']
    // requires zlib functions
    //
    if ($cf->getValue('GZipDump')
            && (@!function_exists('gzopen') || @!function_exists('gzencode'))) {
        messages_set(
            'error',
            'GZipDump',
            PMA_lang(PMA_lang_name('GZipDump')),
            PMA_lang($strGZipDumpWarning, 'gzencode'));
    }

    //
    // $cfg['BZipDump']
    // requires bzip2 functions
    //
    if ($cf->getValue('BZipDump')
            && (!@function_exists('bzopen') || !@function_exists('bzcompress'))) {
        $functions = @function_exists('bzopen')
                ? '' :
                'bzopen';
        $functions .= @function_exists('bzcompress')
                ? ''
                : ($functions ? ', ' : '') . 'bzcompress';
        messages_set(
            'error',
            'BZipDump',
            PMA_lang(PMA_lang_name('BZipDump')),
            PMA_lang($strBZipDumpWarning, $functions));
    }

    //
    // $cfg['ZipDump']
    // requires zip_open in import
    //
    if ($cf->getValue('ZipDump') && !@function_exists('zip_open')) {
        messages_set(
            'error',
            'ZipDump_import',
            PMA_lang(PMA_lang_name('ZipDump')),
            PMA_lang($strZipDumpImportWarning, 'zip_open'));
    }

    //
    // $cfg['ZipDump']
    // requires gzcompress in export
    //
    if ($cf->getValue('ZipDump') && !@function_exists('gzcompress')) {
        messages_set(
            'error',
            'ZipDump_export',
            PMA_lang(PMA_lang_name('ZipDump')),
            PMA_lang($strZipDumpExportWarning, 'gzcompress'));
    }
}
 /**
  * Validates and saves form data to session
  *
  * @param  array|string  $forms               array of form names
  * @param  bool          $allow_partial_save  allows for partial form saving on failed validation
  * @return boolean  true on success (no errors and all saved)
  */
 public function save($forms, $allow_partial_save = true)
 {
     $result = true;
     $cf = ConfigFile::getInstance();
     $forms = (array) $forms;
     $values = array();
     $to_save = array();
     $this->errors = array();
     foreach ($forms as $form) {
         /* @var $form Form */
         if (isset($this->forms[$form])) {
             $form = $this->forms[$form];
         } else {
             continue;
         }
         // get current server id
         $change_index = $form->index === 0 ? $cf->getServerCount() + 1 : false;
         // grab POST values
         foreach ($form->fields as $field => $system_path) {
             $work_path = array_search($system_path, $this->system_paths);
             $key = $this->translated_paths[$work_path];
             // ensure the value is set
             if (!isset($_POST[$key])) {
                 // checkboxes aren't set by browsers if they're off
                 if ($form->getOptionType($field) == 'boolean') {
                     $_POST[$key] = false;
                 } else {
                     $this->errors[$form->name][] = PMA_lang('error_missing_field_data', '<i>' . PMA_lang_name($system_path) . '</i>');
                     $result = false;
                     continue;
                 }
             }
             // cast variables to correct type
             $type = $form->getOptionType($field);
             switch ($type) {
                 case 'double':
                     settype($_POST[$key], 'float');
                     break;
                 case 'boolean':
                 case 'integer':
                     if ($_POST[$key] !== '') {
                         settype($_POST[$key], $type);
                     }
                     break;
                 case 'select':
                     if (!$this->_validateSelect($_POST[$key], $form->getOptionValueList($system_path))) {
                         $this->errors[$work_path][] = $GLOBALS["strstrSetuperror_incorrect_value"];
                         $result = false;
                         continue;
                     }
                     break;
                 case 'string':
                     $_POST[$key] = trim($_POST[$key]);
                     break;
                 case 'array':
                     // eliminate empty values and ensure we have an array
                     $post_values = explode("\n", $_POST[$key]);
                     $_POST[$key] = array();
                     foreach ($post_values as $v) {
                         $v = trim($v);
                         if ($v !== '') {
                             $_POST[$key][] = $v;
                         }
                     }
                     break;
             }
             // now we have value with proper type
             $values[$system_path] = $_POST[$key];
             if ($change_index !== false) {
                 $work_path = str_replace("Servers/{$form->index}/", "Servers/{$change_index}/", $work_path);
             }
             $to_save[$work_path] = $system_path;
         }
     }
     // save forms
     if ($allow_partial_save || empty($this->errors)) {
         foreach ($to_save as $work_path => $path) {
             // TrustedProxies requires changes before saving
             if ($path == 'TrustedProxies') {
                 $proxies = array();
                 $i = 0;
                 foreach ($values[$path] as $value) {
                     $matches = array();
                     if (preg_match("/^(.+):(?:[ ]?)(\\w+)\$/", $value, $matches)) {
                         // correct 'IP: HTTP header' pair
                         $ip = trim($matches[1]);
                         $proxies[$ip] = trim($matches[2]);
                     } else {
                         // save also incorrect values
                         $proxies["-{$i}"] = $value;
                         $i++;
                     }
                 }
                 $values[$path] = $proxies;
             }
             $cf->set($work_path, $values[$path], $path);
         }
     }
     // don't look for non-critical errors
     $this->_validate();
     return $result;
 }
/**
 * Performs various compatibility, security and consistency checks on current config
 *
 * Outputs results to message list, must be called between messages_begin()
 * and messages_end()
 */
function perform_config_checks()
{
    $cf = ConfigFile::getInstance();
    $blowfish_secret = $cf->get('blowfish_secret');
    $blowfish_secret_set = false;
    $cookie_auth_used = false;
    for ($i = 1, $server_cnt = $cf->getServerCount(); $i <= $server_cnt; $i++) {
        $cookie_auth_server = $cf->getValue("Servers/{$i}/auth_type") == 'cookie';
        $cookie_auth_used |= $cookie_auth_server;
        $server_name = $cf->getServerName($i);
        if ($server_name == 'localhost') {
            $server_name .= " [{$i}]";
        }
        if ($cookie_auth_server && $blowfish_secret === null) {
            $blowfish_secret = uniqid('', true);
            $blowfish_secret_set = true;
            $cf->set('blowfish_secret', $blowfish_secret);
        }
        //
        // $cfg['Servers'][$i]['ssl']
        // should be enabled if possible
        //
        if (!$cf->getValue("Servers/{$i}/ssl")) {
            $title = PMA_lang_name('Servers/1/ssl') . " ({$server_name})";
            messages_set('notice', "Servers/{$i}/ssl", $title, PMA_lang('ServerSslMsg'));
        }
        //
        // $cfg['Servers'][$i]['extension']
        // warn about using 'mysql'
        //
        if ($cf->getValue("Servers/{$i}/extension") == 'mysql') {
            $title = PMA_lang_name('Servers/1/extension') . " ({$server_name})";
            messages_set('notice', "Servers/{$i}/extension", $title, PMA_lang('ServerExtensionMsg'));
        }
        //
        // $cfg['Servers'][$i]['auth_type']
        // warn about full user credentials if 'auth_type' is 'config'
        //
        if ($cf->getValue("Servers/{$i}/auth_type") == 'config' && $cf->getValue("Servers/{$i}/user") != '' && $cf->getValue("Servers/{$i}/password") != '') {
            $title = PMA_lang_name('Servers/1/auth_type') . " ({$server_name})";
            messages_set('warning', "Servers/{$i}/auth_type", $title, PMA_lang('ServerAuthConfigMsg', $i) . ' ' . PMA_lang('ServerSecurityInfoMsg', $i));
        }
        //
        // $cfg['Servers'][$i]['AllowRoot']
        // $cfg['Servers'][$i]['AllowNoPassword']
        // serious security flaw
        //
        if ($cf->getValue("Servers/{$i}/AllowRoot") && $cf->getValue("Servers/{$i}/AllowNoPassword")) {
            $title = PMA_lang_name('Servers/1/AllowNoPassword') . " ({$server_name})";
            messages_set('warning', "Servers/{$i}/AllowNoPassword", $title, PMA_lang('ServerNoPasswordMsg') . ' ' . PMA_lang('ServerSecurityInfoMsg', $i));
        }
    }
    //
    // $cfg['blowfish_secret']
    // it's required for 'cookie' authentication
    //
    if ($cookie_auth_used) {
        if ($blowfish_secret_set) {
            // 'cookie' auth used, blowfish_secret was generated
            messages_set('notice', 'blowfish_secret_created', 'blowfish_secret_name', PMA_lang('BlowfishSecretMsg'));
        } else {
            $blowfish_warnings = array();
            // check length
            if (strlen($blowfish_secret) < 8) {
                // too short key
                $blowfish_warnings[] = PMA_lang('BlowfishSecretLengthMsg');
            }
            // check used characters
            $has_digits = (bool) preg_match('/\\d/', $blowfish_secret);
            $has_chars = (bool) preg_match('/\\S/', $blowfish_secret);
            $has_nonword = (bool) preg_match('/\\W/', $blowfish_secret);
            if (!$has_digits || !$has_chars || !$has_nonword) {
                $blowfish_warnings[] = PMA_lang('BlowfishSecretCharsMsg');
            }
            if (!empty($blowfish_warnings)) {
                messages_set('warning', 'blowfish_warnings' . count($blowfish_warnings), 'blowfish_secret_name', implode("<br />", $blowfish_warnings));
            }
        }
    }
    //
    // $cfg['ForceSSL']
    // should be enabled if possible
    //
    if (!$cf->getValue('ForceSSL')) {
        messages_set('notice', 'ForceSSL', 'ForceSSL_name', PMA_lang('ForceSSLMsg'));
    }
    //
    // $cfg['AllowArbitraryServer']
    // should be disabled
    //
    if ($cf->getValue('AllowArbitraryServer')) {
        messages_set('warning', 'AllowArbitraryServer', 'AllowArbitraryServer_name', PMA_lang('AllowArbitraryServerMsg'));
    }
    //
    // $cfg['LoginCookieValidity']
    // should be at most 1800 (30 min)
    //
    if ($cf->getValue('LoginCookieValidity') > 1800) {
        messages_set('warning', 'LoginCookieValidity', 'LoginCookieValidity_name', PMA_lang('LoginCookieValidityMsg'));
    }
    //
    // $cfg['SaveDir']
    // should not be world-accessible
    //
    if ($cf->getValue('SaveDir') != '') {
        messages_set('notice', 'SaveDir', 'SaveDir_name', PMA_lang('DirectoryNotice'));
    }
    //
    // $cfg['TempDir']
    // should not be world-accessible
    //
    if ($cf->getValue('TempDir') != '') {
        messages_set('notice', 'TempDir', 'TempDir_name', PMA_lang('DirectoryNotice'));
    }
    //
    // $cfg['GZipDump']
    // requires zlib functions
    //
    if ($cf->getValue('GZipDump') && (@(!function_exists('gzopen')) || @(!function_exists('gzencode')))) {
        messages_set('warning', 'GZipDump', 'GZipDump_name', PMA_lang('GZipDumpWarning', 'gzencode'));
    }
    //
    // $cfg['BZipDump']
    // requires bzip2 functions
    //
    if ($cf->getValue('BZipDump') && (!@function_exists('bzopen') || !@function_exists('bzcompress'))) {
        $functions = @function_exists('bzopen') ? '' : 'bzopen';
        $functions .= @function_exists('bzcompress') ? '' : ($functions ? ', ' : '') . 'bzcompress';
        messages_set('warning', 'BZipDump', 'BZipDump_name', PMA_lang('BZipDumpWarning', $functions));
    }
    //
    // $cfg['ZipDump']
    // requires zip_open in import
    //
    if ($cf->getValue('ZipDump') && !@function_exists('zip_open')) {
        messages_set('warning', 'ZipDump_import', 'ZipDump_name', PMA_lang('ZipDumpImportWarning', 'zip_open'));
    }
    //
    // $cfg['ZipDump']
    // requires gzcompress in export
    //
    if ($cf->getValue('ZipDump') && !@function_exists('gzcompress')) {
        messages_set('warning', 'ZipDump_export', 'ZipDump_name', PMA_lang('ZipDumpExportWarning', 'gzcompress'));
    }
}