/**
* Displays authentication form
*
* @global string the font face to use in case of failure
* @global string the default font size to use in case of failure
* @global string the big font size to use in case of failure
*
* @return boolean always true (no return indeed)
*
* @access public
*/
function PMA_auth()
{
/* Perform logout to custom URL */
if (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) {
PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']);
exit;
}
if (empty($GLOBALS['cfg']['Server']['auth_http_realm'])) {
if (empty($GLOBALS['cfg']['Server']['verbose'])) {
$server_message = $GLOBALS['cfg']['Server']['host'];
} else {
$server_message = $GLOBALS['cfg']['Server']['verbose'];
}
$realm_message = 'phpMyAdmin ' . $server_message;
} else {
$realm_message = $GLOBALS['cfg']['Server']['auth_http_realm'];
}
// remove non US-ASCII to respect RFC2616
$realm_message = preg_replace('/[^\\x20-\\x7e]/i', '', $realm_message);
header('WWW-Authenticate: Basic realm="' . $realm_message . '"');
header('HTTP/1.0 401 Unauthorized');
if (php_sapi_name() !== 'cgi-fcgi') {
header('status: 401 Unauthorized');
}
// Defines the charset to be used
header('Content-Type: text/html; charset=utf-8');
/* HTML header */
$page_title = __('Access denied');
include './libraries/header_meta_style.inc.php';
?>
</head>
<body>
<?php
if (file_exists(CUSTOM_HEADER_FILE)) {
include CUSTOM_HEADER_FILE;
}
?>
<br /><br />
<center>
<h1><?php
echo sprintf(__('Welcome to %s'), ' phpMyAdmin');
?>
</h1>
</center>
<br />
<?php
PMA_Message::error(__('Wrong username/password. Access denied.'))->display();
if (file_exists(CUSTOM_FOOTER_FILE)) {
include CUSTOM_FOOTER_FILE;
}
?>
</body>
</html>
<?php
exit;
}
/**
* Displays authentication form
*
* @global string the font face to use in case of failure
* @global string the default font size to use in case of failure
* @global string the big font size to use in case of failure
*
* @return boolean always true (no return indeed)
*
* @access public
*/
function PMA_auth()
{
/* Perform logout to custom URL */
if (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) {
PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']);
exit;
}
if (empty($GLOBALS['cfg']['Server']['verbose'])) {
$server_message = $GLOBALS['cfg']['Server']['host'];
} else {
$server_message = $GLOBALS['cfg']['Server']['verbose'];
}
// remove non US-ASCII to respect RFC2616
$server_message = preg_replace('/[^\\x20-\\x7e]/i', '', $server_message);
header('WWW-Authenticate: Basic realm="phpMyAdmin ' . $server_message . '"');
header('HTTP/1.0 401 Unauthorized');
if (php_sapi_name() !== 'cgi-fcgi') {
header('status: 401 Unauthorized');
}
// Defines the charset to be used
header('Content-Type: text/html; charset=' . $GLOBALS['charset']);
/* HTML header */
$page_title = $GLOBALS['strAccessDenied'];
require './libraries/header_meta_style.inc.php';
?>
</head>
<body>
<?php
if (file_exists('./config.header.inc.php')) {
require './config.header.inc.php';
}
?>
<br /><br />
<center>
<h1><?php
echo sprintf($GLOBALS['strWelcome'], ' phpMyAdmin ' . PMA_VERSION);
?>
</h1>
</center>
<br />
<div class="warning"><?php
echo $GLOBALS['strWrongUser'];
?>
</div>
<?php
if (file_exists('./config.footer.inc.php')) {
require './config.footer.inc.php';
}
?>
</body>
</html>
<?php
exit;
}
/**
* Displays authentication form
*
* @global string the font face to use in case of failure
* @global string the default font size to use in case of failure
* @global string the big font size to use in case of failure
*
* @return boolean always true (no return indeed)
*
* @access public
*/
function PMA_auth() {
if (empty($GLOBALS['cfg']['Server']['SignonURL'])) {
PMA_fatalError('You must set SignonURL!');
} elseif (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) {
/* Perform logout to custom URL */
PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']);
} else {
PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['SignonURL']);
}
exit();
} // end of the 'PMA_auth()' function
/**
* Displays authentication form
*
* @global string the font face to use in case of failure
* @global string the default font size to use in case of failure
* @global string the big font size to use in case of failure
*
* @return boolean always true (no return indeed)
*
* @access public
*/
function PMA_auth()
{
unset($_SESSION['LAST_SIGNON_URL']);
if (empty($GLOBALS['cfg']['Server']['SignonURL'])) {
PMA_fatalError('You must set SignonURL!');
} elseif (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) {
/* Perform logout to custom URL */
PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']);
} else {
PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['SignonURL']);
}
exit;
}
/**
* Displays authentication form
*
* @return boolean
*/
public function authForm()
{
/* Perform logout to custom URL */
if (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) {
PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']);
if (!defined('TESTSUITE')) {
exit;
} else {
return false;
}
}
if (empty($GLOBALS['cfg']['Server']['auth_http_realm'])) {
if (empty($GLOBALS['cfg']['Server']['verbose'])) {
$server_message = $GLOBALS['cfg']['Server']['host'];
} else {
$server_message = $GLOBALS['cfg']['Server']['verbose'];
}
$realm_message = 'phpMyAdmin ' . $server_message;
} else {
$realm_message = $GLOBALS['cfg']['Server']['auth_http_realm'];
}
$response = Response::getInstance();
// remove non US-ASCII to respect RFC2616
$realm_message = preg_replace('/[^\\x20-\\x7e]/i', '', $realm_message);
$response->header('WWW-Authenticate: Basic realm="' . $realm_message . '"');
$response->header('HTTP/1.0 401 Unauthorized');
if (php_sapi_name() !== 'cgi-fcgi') {
$response->header('status: 401 Unauthorized');
}
/* HTML header */
$footer = $response->getFooter();
$footer->setMinimal();
$header = $response->getHeader();
$header->setTitle(__('Access denied!'));
$header->disableMenuAndConsole();
$header->setBodyId('loginform');
$response->addHTML('<h1>');
$response->addHTML(sprintf(__('Welcome to %s'), ' phpMyAdmin'));
$response->addHTML('</h1>');
$response->addHTML('<h3>');
$response->addHTML(Message::error(__('Wrong username/password. Access denied.')));
$response->addHTML('</h3>');
if (@file_exists(CUSTOM_FOOTER_FILE)) {
include CUSTOM_FOOTER_FILE;
}
if (!defined('TESTSUITE')) {
exit;
} else {
return false;
}
}
/**
* Displays authentication form
*
* @return boolean always true (no return indeed)
*/
public function auth()
{
unset($_SESSION['LAST_SIGNON_URL']);
if (empty($GLOBALS['cfg']['Server']['SignonURL'])) {
PMA_fatalError('You must set SignonURL!');
} else {
PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['SignonURL']);
}
if (!defined('TESTSUITE')) {
exit;
} else {
return false;
}
}
/**
* Displays authentication form
*
* @global string the font face to use in case of failure
* @global string the default font size to use in case of failure
* @global string the big font size to use in case of failure
*
* @return boolean always true (no return indeed)
*/
public function auth()
{
/* Perform logout to custom URL */
if (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) {
PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']);
exit;
}
if (empty($GLOBALS['cfg']['Server']['auth_http_realm'])) {
if (empty($GLOBALS['cfg']['Server']['verbose'])) {
$server_message = $GLOBALS['cfg']['Server']['host'];
} else {
$server_message = $GLOBALS['cfg']['Server']['verbose'];
}
$realm_message = 'phpMyAdmin ' . $server_message;
} else {
$realm_message = $GLOBALS['cfg']['Server']['auth_http_realm'];
}
// remove non US-ASCII to respect RFC2616
$realm_message = preg_replace('/[^\\x20-\\x7e]/i', '', $realm_message);
header('WWW-Authenticate: Basic realm="' . $realm_message . '"');
header('HTTP/1.0 401 Unauthorized');
if (php_sapi_name() !== 'cgi-fcgi') {
header('status: 401 Unauthorized');
}
/* HTML header */
$response = PMA_Response::getInstance();
$response->getFooter()->setMinimal();
$header = $response->getHeader();
$header->setTitle(__('Access denied'));
$header->disableMenu();
echo '
<br /><br />
<center>
<h1>';
echo sprintf(__('Welcome to %s'), ' phpMyAdmin');
echo ' </h1>
</center>
<br />' . PMA_Message::error(__('Wrong username/password. Access denied.'))->display();
if (file_exists(CUSTOM_FOOTER_FILE)) {
include CUSTOM_FOOTER_FILE;
}
exit;
}
/**
* Perform logout
*
* @return void
*/
public function logOut()
{
global $PHP_AUTH_USER, $PHP_AUTH_PW;
/* Obtain redirect URL (before doing logout) */
if (!empty($GLOBALS['cfg']['Server']['LogoutURL'])) {
$redirect_url = $GLOBALS['cfg']['Server']['LogoutURL'];
} else {
$redirect_url = $this->getLoginFormURL();
}
/* Clear credentials */
$PHP_AUTH_USER = '';
$PHP_AUTH_PW = '';
/* delete user's choices that were stored in session */
$_SESSION = array();
if (!defined('TESTSUITE')) {
session_destroy();
}
/* Redirect to login form (or configured URL) */
PMA_sendHeaderLocation($redirect_url);
}
PMA_BS_DropTables($db);
}
break;
// repair BLOB repository
// repair BLOB repository
case "repair":
// check if a blobstreaming table is missing
foreach ($bs_tables as $table_key => $tbl) {
if (!$bs_tables[$table_key]['Exists']) {
PMA_DBI_select_db($db);
PMA_DBI_query(PMA_BS_GetTableStruct($table_key));
}
}
}
// refresh side menu
PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . 'db_operations.php?' . PMA_generate_common_url('', '', '&') . (isset($db) ? '&db=' . urlencode($db) : '') . (isset($token) ? '&token=' . urlencode($token) : '') . (isset($goto) ? '&goto=' . urlencode($goto) : '') . 'reload=1&purge=1');
}
// end if ($PMA_Config->get('BLOBSTREAMING_PLUGINS_EXIST'))
}
// end if ($PMA_Config->get('PBXT_NAME') !== strtolower($db))
}
}
/**
* Settings for relations stuff
*/
require_once './libraries/relation.lib.php';
$cfgRelation = PMA_getRelationsParam();
/**
* Check if comments were updated
* (must be done before displaying the menu tabs)
*/
/**
* Test for PMA_sendHeaderLocation
*
* @return void
*/
public function testSendHeaderLocationIisLongUri()
{
if (defined('PMA_IS_IIS') && PMA_HAS_RUNKIT) {
runkit_constant_redefine('PMA_IS_IIS', true);
} elseif (!defined('PMA_IS_IIS')) {
define('PMA_IS_IIS', true);
} else {
$this->markTestSkipped('Cannot redefine constant/function - missing runkit extension');
}
// over 600 chars
$testUri = 'http://testurl.com/test.php?testlonguri=over600chars&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test';
$testUri_html = htmlspecialchars($testUri);
$testUri_js = PMA_escapeJsString($testUri);
$header = "<html><head><title>- - -</title>\n <meta http-equiv=\"expires\" content=\"0\">" . "<meta http-equiv=\"Pragma\" content=\"no-cache\">" . "<meta http-equiv=\"Cache-Control\" content=\"no-cache\">" . "<meta http-equiv=\"Refresh\" content=\"0;url=" . $testUri_html . "\">" . "<script type=\"text/javascript\">//<![CDATA[\n setTimeout(\"window.location = decodeURI('" . $testUri_js . "')\", 2000);\n //]]></script></head>\n<body><script type=\"text/javascript\">//<![CDATA[\n document.write('<p><a href=\"" . $testUri_html . "\">" . __('Go') . "</a></p>');\n //]]></script></body></html>";
$this->expectOutputString($header);
PMA_sendHeaderLocation($testUri);
}
// Parse current URL
$parsed = parse_url($url);
// In case parsing has failed do stupid string replacement
if ($parsed === false) {
// Replace http protocol
$url = preg_replace('@^http:@', 'https:', $url);
} else {
if ($GLOBALS['PMA_Config']->get('SSLPort')) {
$port_number = $GLOBALS['PMA_Config']->get('SSLPort');
} else {
$port_number = 443;
}
$url = 'https://' . $parsed['host'] . ':' . $port_number . $parsed['path'];
}
// Actually redirect
PMA_sendHeaderLocation($url . PMA_generate_common_url($_GET, 'text'));
// delete the current session, otherwise we get problems (see bug #2397877)
$GLOBALS['PMA_Config']->removeCookie($GLOBALS['session_name']);
exit;
}
/**
* include session handling after the globals, to prevent overwriting
*/
require './libraries/session.inc.php';
/**
* init some variables LABEL_variables_init
*/
/**
* holds parameters to be passed to next page
* @global array $GLOBALS['url_params']
*/
/**
* Stores user credentials after successful login.
*
* @return void|bool
*/
public function storeUserCredentials()
{
global $cfg;
$this->createIV();
// Name and password cookies need to be refreshed each time
// Duration = one month for username
$this->storeUsernameCookie($cfg['Server']['user']);
// Duration = as configured
$this->storePasswordCookie($cfg['Server']['password']);
// Set server cookies if required (once per session) and, in this case,
// force reload to ensure the client accepts cookies
if (!$GLOBALS['from_cookie']) {
if ($GLOBALS['cfg']['AllowArbitraryServer']) {
if (!empty($GLOBALS['pma_auth_server'])) {
// Duration = one month for servername
$GLOBALS['PMA_Config']->setCookie('pmaServer-' . $GLOBALS['server'], $cfg['Server']['host']);
} else {
// Delete servername cookie
$GLOBALS['PMA_Config']->removeCookie('pmaServer-' . $GLOBALS['server']);
}
}
// URL where to go:
$redirect_url = $cfg['PmaAbsoluteUri'] . 'index.php';
// any parameters to pass?
$url_params = array();
if (mb_strlen($GLOBALS['db'])) {
$url_params['db'] = $GLOBALS['db'];
}
if (mb_strlen($GLOBALS['table'])) {
$url_params['table'] = $GLOBALS['table'];
}
// any target to pass?
if (!empty($GLOBALS['target']) && $GLOBALS['target'] != 'index.php') {
$url_params['target'] = $GLOBALS['target'];
}
/**
* Clear user cache.
*/
PMA_Util::clearUserCache();
PMA_Response::getInstance()->disable();
PMA_sendHeaderLocation($redirect_url . PMA_URL_getCommon($url_params, 'text'), true);
if (!defined('TESTSUITE')) {
exit;
} else {
return false;
}
}
// end if
return true;
}
if (isset($message)) {
$uri_params['message'] = $message;
}
PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . 'main.php' . PMA_generate_common_url($uri_params, '&'));
exit;
}
// Not a valid table name -> back to the default db_details sub-page
if (isset($table) && strlen($table)) {
$is_table = PMA_DBI_query('SHOW TABLES LIKE \'' . PMA_sqlAddslashes($table, TRUE) . '\'', null, PMA_DBI_QUERY_STORE);
}
if (!isset($table) || !strlen($table) || !($is_table && PMA_DBI_num_rows($is_table))) {
$uri_params = array('reload' => '1', 'db' => $db);
if (isset($message)) {
$uri_params['message'] = $message;
}
PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . $cfg['DefaultTabDatabase'] . PMA_generate_common_url($uri_params, '&'));
exit;
} elseif (isset($is_table)) {
PMA_DBI_free_result($is_table);
}
// Displays headers (if needed)
$js_to_run = isset($index) && isset($do_save_data) ? 'functions.js' : 'indexes.js';
require_once './libraries/header.inc.php';
}
// end if
/**
* Gets fields and indexes informations
*/
if (!defined('PMA_IDX_INCLUDED')) {
$err_url_0 = 'db_details.php?' . PMA_generate_common_url($db);
}
$response = PMA_Response::getInstance();
if ($response->isAjax()) {
$response->setRequestStatus(false);
$response->addJSON('message', PMA_Message::error(__('No databases selected.')));
} else {
$url_params = array('reload' => 1);
if (isset($message)) {
$url_params['message'] = $message;
}
if (!empty($sql_query)) {
$url_params['sql_query'] = $sql_query;
}
if (isset($show_as_php)) {
$url_params['show_as_php'] = $show_as_php;
}
PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . 'index.php' . PMA_URL_getCommon($url_params, 'text'));
}
exit;
}
}
}
// end if (ensures db exists)
if (empty($is_table) && !defined('PMA_SUBMIT_MULT') && !defined('TABLE_MAY_BE_ABSENT')) {
// Not a valid table name -> back to the db_sql.php
if (mb_strlen($table)) {
$is_table = $GLOBALS['dbi']->getCachedTableContent("{$db}.{$table}", false);
if (!$is_table) {
$_result = $GLOBALS['dbi']->tryQuery('SHOW TABLES LIKE \'' . PMA_Util::sqlAddSlashes($table, true) . '\';', null, PMA_DatabaseInterface::QUERY_STORE);
$is_table = @$GLOBALS['dbi']->numRows($_result);
$GLOBALS['dbi']->freeResult($_result);
}
/**
* Function to add a bookmark
*
* @param String $pmaAbsoluteUri absolute URI
* @param String $goto goto page URL
*
* @return void
*/
function PMA_addBookmark($pmaAbsoluteUri, $goto)
{
$result = PMA_Bookmark_save($_POST['bkm_fields'], isset($_POST['bkm_all_users']) && $_POST['bkm_all_users'] == 'true' ? true : false);
$response = PMA_Response::getInstance();
if ($response->isAjax()) {
if ($result) {
$msg = PMA_message::success(__('Bookmark %s has been created.'));
$msg->addParam($_POST['bkm_fields']['bkm_label']);
$response->addJSON('message', $msg);
} else {
$msg = PMA_message::error(__('Bookmark not created!'));
$response->isSuccess(false);
$response->addJSON('message', $msg);
}
exit;
} else {
// go back to sql.php to redisplay query; do not use & in this case:
/**
* @todo In which scenario does this happen?
*/
PMA_sendHeaderLocation($pmaAbsoluteUri . $goto . '&label=' . $_POST['bkm_fields']['bkm_label']);
}
}
/**
* Test for PMA_sendHeaderLocation
*
* @return void
*/
public function testSendHeaderLocationIisLongUri()
{
$GLOBALS['PMA_Config']->set('PMA_IS_IIS', true);
// over 600 chars
$testUri = 'http://testurl.com/test.php?testlonguri=over600chars&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test';
$testUri_html = htmlspecialchars($testUri);
$testUri_js = PMA_escapeJsString($testUri);
$header = "<html><head><title>- - -</title>\n <meta http-equiv=\"expires\" content=\"0\">" . "<meta http-equiv=\"Pragma\" content=\"no-cache\">" . "<meta http-equiv=\"Cache-Control\" content=\"no-cache\">" . "<meta http-equiv=\"Refresh\" content=\"0;url=" . $testUri_html . "\">" . "<script type=\"text/javascript\">//<![CDATA[\n setTimeout(\"window.location = decodeURI('" . $testUri_js . "')\", 2000);\n //]]></script></head>\n<body><script type=\"text/javascript\">//<![CDATA[\n document.write('<p><a href=\"" . $testUri_html . "\">" . __('Go') . "</a></p>');\n //]]></script></body></html>\n";
$this->expectOutputString($header);
$restoreInstance = PMA\libraries\Response::getInstance();
$mockResponse = $this->getMockBuilder('PMA\\libraries\\Response')->disableOriginalConstructor()->setMethods(array('disable', 'header', 'headersSent'))->getMock();
$mockResponse->expects($this->once())->method('disable');
$mockResponse->expects($this->any())->method('headersSent')->with()->will($this->returnValue(false));
$attrInstance = new ReflectionProperty('PMA\\libraries\\Response', '_instance');
$attrInstance->setAccessible(true);
$attrInstance->setValue($mockResponse);
PMA_sendHeaderLocation($testUri);
$attrInstance->setValue($restoreInstance);
}
* when changing something related to PMA cookies, increment the cookie version
*/
$pma_cookie_version = 4;
if (isset($_COOKIE) && (isset($_COOKIE['pmaCookieVer']) && $_COOKIE['pmaCookieVer'] < $pma_cookie_version)) {
// delete all cookies
foreach ($_COOKIE as $cookie_name => $tmp) {
$GLOBALS['PMA_Config']->removeCookie($cookie_name);
}
$_COOKIE = array();
$GLOBALS['PMA_Config']->setCookie('pmaCookieVer', $pma_cookie_version);
}
/**
* check HTTPS connection
*/
if ($GLOBALS['PMA_Config']->get('ForceSSL') && !$GLOBALS['PMA_Config']->get('is_https')) {
PMA_sendHeaderLocation(preg_replace('/^http/', 'https', $GLOBALS['PMA_Config']->get('PmaAbsoluteUri')) . PMA_generate_common_url($_GET, 'text'));
// delete the current session, otherwise we get problems (see bug #2397877)
$GLOBALS['PMA_Config']->removeCookie($GLOBALS['session_name']);
exit;
}
/**
* include session handling after the globals, to prevent overwriting
*/
require './libraries/session.inc.php';
/**
* init some variables LABEL_variables_init
*/
/**
* holds parameters to be passed to next page
* @global array $GLOBALS['url_params']
*/
/**
* Set the user and password after last checkings if required
*
* @return boolean always true
*
* @access public
*/
function PMA_auth_set_user()
{
global $cfg;
// Ensures valid authentication mode, 'only_db', bookmark database and
// table names and relation table name are used
if ($cfg['Server']['user'] != $GLOBALS['PHP_AUTH_USER']) {
foreach ($cfg['Servers'] as $idx => $current) {
if ($current['host'] == $cfg['Server']['host'] && $current['port'] == $cfg['Server']['port'] && $current['socket'] == $cfg['Server']['socket'] && $current['ssl'] == $cfg['Server']['ssl'] && $current['connect_type'] == $cfg['Server']['connect_type'] && $current['user'] == $GLOBALS['PHP_AUTH_USER']) {
$GLOBALS['server'] = $idx;
$cfg['Server'] = $current;
break;
}
}
// end foreach
}
// end if
if ($GLOBALS['cfg']['AllowArbitraryServer'] && !empty($GLOBALS['pma_auth_server'])) {
/* Allow to specify 'host port' */
$parts = explode(' ', $GLOBALS['pma_auth_server']);
if (count($parts) == 2) {
$tmp_host = $parts[0];
$tmp_port = $parts[1];
} else {
$tmp_host = $GLOBALS['pma_auth_server'];
$tmp_port = '';
}
if ($cfg['Server']['host'] != $GLOBALS['pma_auth_server']) {
$cfg['Server']['host'] = $tmp_host;
if (!empty($tmp_port)) {
$cfg['Server']['port'] = $tmp_port;
}
}
unset($tmp_host, $tmp_port, $parts);
}
$cfg['Server']['user'] = $GLOBALS['PHP_AUTH_USER'];
$cfg['Server']['password'] = $GLOBALS['PHP_AUTH_PW'];
// Avoid showing the password in phpinfo()'s output
unset($GLOBALS['PHP_AUTH_PW']);
unset($_SERVER['PHP_AUTH_PW']);
$_SESSION['last_access_time'] = time();
// Name and password cookies need to be refreshed each time
// Duration = one month for username
$GLOBALS['PMA_Config']->setCookie('pmaUser-' . $GLOBALS['server'], PMA_blowfish_encrypt($cfg['Server']['user'], PMA_get_blowfish_secret()));
// Duration = as configured
$GLOBALS['PMA_Config']->setCookie('pmaPass-' . $GLOBALS['server'], PMA_blowfish_encrypt(!empty($cfg['Server']['password']) ? $cfg['Server']['password'] : "******", PMA_get_blowfish_secret()), null, $GLOBALS['cfg']['LoginCookieStore']);
// Set server cookies if required (once per session) and, in this case, force
// reload to ensure the client accepts cookies
if (!$GLOBALS['from_cookie']) {
if ($GLOBALS['cfg']['AllowArbitraryServer']) {
if (!empty($GLOBALS['pma_auth_server'])) {
// Duration = one month for servername
$GLOBALS['PMA_Config']->setCookie('pmaServer-' . $GLOBALS['server'], $cfg['Server']['host']);
} else {
// Delete servername cookie
$GLOBALS['PMA_Config']->removeCookie('pmaServer-' . $GLOBALS['server']);
}
}
// URL where to go:
$redirect_url = $cfg['PmaAbsoluteUri'] . 'index.php';
// any parameters to pass?
$url_params = array();
if (strlen($GLOBALS['db'])) {
$url_params['db'] = $GLOBALS['db'];
}
if (strlen($GLOBALS['table'])) {
$url_params['table'] = $GLOBALS['table'];
}
// any target to pass?
if (!empty($GLOBALS['target']) && $GLOBALS['target'] != 'index.php') {
$url_params['target'] = $GLOBALS['target'];
}
/**
* whether we come from a fresh cookie login
*/
define('PMA_COMING_FROM_COOKIE_LOGIN', true);
/**
* Clear user cache.
*/
PMA_clearUserCache();
PMA_sendHeaderLocation($redirect_url . PMA_generate_common_url($url_params, '&'));
exit;
}
// end if
return true;
}
/**
* handle control requests
*
* @return NULL
*/
function PMA_handleControlRequest()
{
if (isset($_REQUEST['sr_take_action'])) {
$refresh = false;
$result = null;
$messageSuccess = null;
$messageError = null;
if (isset($_REQUEST['slave_changemaster'])) {
$result = PMA_handleRequestForSlaveChangeMaster();
} elseif (isset($_REQUEST['sr_slave_server_control'])) {
$result = PMA_handleRequestForSlaveServerControl();
$refresh = true;
switch ($_REQUEST['sr_slave_action']) {
case 'start':
$messageSuccess = __('Replication started successfully.');
$messageError = __('Error starting replication.');
break;
case 'stop':
$messageSuccess = __('Replication stopped successfully.');
$messageError = __('Error stopping replication.');
break;
case 'reset':
$messageSuccess = __('Replication resetting successfully.');
$messageError = __('Error resetting replication.');
break;
default:
$messageSuccess = __('Success.');
$messageError = __('Error.');
break;
}
} elseif (isset($_REQUEST['sr_slave_skip_error'])) {
$result = PMA_handleRequestForSlaveSkipError();
}
if ($refresh) {
$response = PMA_Response::getInstance();
if ($response->isAjax()) {
$response->isSuccess($result);
$response->addJSON('message', $result ? PMA_Message::success($messageSuccess) : PMA_Message::error($messageError));
} else {
PMA_sendHeaderLocation($GLOBALS['cfg']['PmaAbsoluteUri'] . 'server_replication.php' . PMA_URL_getCommon($GLOBALS['url_params'], 'text'));
}
}
unset($refresh);
}
}
/**
* Gets core libraries and defines some variables
*/
define('PMA_MINIMUM_COMMON', true);
require_once './libraries/common.inc.php';
// Only output the http headers
$response = Response::getInstance();
$response->getHeader()->sendHttpHeaders();
$response->disable();
if (! PMA_isValid($_REQUEST['url'])
|| ! preg_match('/^https:\/\/[^\n\r]*$/', $_REQUEST['url'])
|| ! PMA_isAllowedDomain($_REQUEST['url'])
) {
PMA_sendHeaderLocation('./');
} else {
// JavaScript redirection is necessary. Because if header() is used
// then web browser sometimes does not change the HTTP_REFERER
// field and so with old URL as Referer, token also goes to
// external site.
echo "<script type='text/javascript'>
window.onload=function(){
window.location='" , Sanitize::escapeJsString($_REQUEST['url']) , "';
}
</script>";
// Display redirecting msg on screen.
// Do not display the value of $_REQUEST['url'] to avoid showing injected content
echo __('Taking you to the target site.');
}
die();
*/
if (!defined('PMA_IDX_INCLUDED')) {
// Not a valid db name -> back to the welcome page
if (!empty($db)) {
$is_db = PMA_DBI_select_db($db);
}
if (empty($db) || !$is_db) {
PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . 'main.php?' . PMA_generate_common_url('', '', '&') . (isset($message) ? '&message=' . urlencode($message) : '') . '&reload=1');
exit;
}
// Not a valid table name -> back to the default db_details sub-page
if (!empty($table)) {
$is_table = PMA_DBI_query('SHOW TABLES LIKE \'' . PMA_sqlAddslashes($table, TRUE) . '\'', NULL, PMA_DBI_QUERY_STORE);
}
if (empty($table) || !($is_table && PMA_DBI_num_rows($is_table))) {
PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . $cfg['DefaultTabDatabase'] . '?' . PMA_generate_common_url($db, '', '&') . (isset($message) ? '&message=' . urlencode($message) : '') . '&reload=1');
exit;
} else {
if (isset($is_table)) {
PMA_DBI_free_result($is_table);
}
}
// Displays headers (if needed)
$js_to_run = isset($index) && isset($do_save_data) ? 'functions.js' : 'indexes.js';
require_once './header.inc.php';
}
// end if
/**
* Gets fields and indexes informations
*/
if (!defined('PMA_IDX_INCLUDED')) {
$form_param = array_shift($forms_keys);
}
$form_display = new FormDisplay();
foreach ($forms[$form_param] as $form_name => $form) {
// skip Developer form if no setting is available
if ($form_name == 'Developer' && !$GLOBALS['cfg']['UserprefsDeveloperTab']) {
continue;
}
$form_display->registerForm($form_name, $form, 1);
}
if (isset($_POST['revert'])) {
// revert erroneous fields to their default values
$form_display->fixErrors();
// redirect
$url_params = array('form' => $form_param);
PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . 'prefs_forms.php' . PMA_generate_common_url($url_params, '&'));
exit;
}
$error = null;
if ($form_display->process(false) && !$form_display->hasErrors()) {
// save settings
$old_settings = PMA_load_userprefs();
$result = PMA_save_userprefs(ConfigFile::getInstance()->getConfigArray());
if ($result === true) {
// reload config
$GLOBALS['PMA_Config']->loadUserPreferences();
$hash = ltrim(filter_input(INPUT_POST, 'tab_hash'), '#');
PMA_userprefs_redirect($forms, $old_settings, 'prefs_forms.php', array('form' => $form_param), $hash);
exit;
} else {
$error = $result;
/**
* Stores user credentials after successful login.
*
* @return void|bool
*/
public function storeUserCredentials()
{
global $cfg;
// Name and password cookies need to be refreshed each time
// Duration = one month for username
$this->storeUsernameCookie($cfg['Server']['user']);
// Duration = as configured
// Do not store password cookie on password change as we will
// set the cookie again after password has been changed
if (!isset($_POST['change_pw'])) {
$this->storePasswordCookie($cfg['Server']['password']);
}
// Set server cookies if required (once per session) and, in this case,
// force reload to ensure the client accepts cookies
if (!$GLOBALS['from_cookie']) {
// URL where to go:
$redirect_url = './index.php';
// any parameters to pass?
$url_params = array();
if (mb_strlen($GLOBALS['db'])) {
$url_params['db'] = $GLOBALS['db'];
}
if (mb_strlen($GLOBALS['table'])) {
$url_params['table'] = $GLOBALS['table'];
}
// any target to pass?
if (!empty($GLOBALS['target']) && $GLOBALS['target'] != 'index.php') {
$url_params['target'] = $GLOBALS['target'];
}
/**
* Clear user cache.
*/
Util::clearUserCache();
Response::getInstance()->disable();
PMA_sendHeaderLocation($redirect_url . PMA_URL_getCommon($url_params, 'text'), true);
if (!defined('TESTSUITE')) {
exit;
} else {
return false;
}
}
// end if
return true;
}
* in the previous iteration
*/
$_SESSION['PMA_Config'] = new PMA_Config('./config.inc.php');
if (!defined('PMA_MINIMUM_COMMON')) {
$_SESSION['PMA_Config']->checkPmaAbsoluteUri();
}
/**
* BC - enable backward compatibility
* exports all configuration settings into $GLOBALS ($GLOBALS['cfg'])
*/
$_SESSION['PMA_Config']->enableBc();
/**
* check HTTPS connection
*/
if ($_SESSION['PMA_Config']->get('ForceSSL') && !$_SESSION['PMA_Config']->get('is_https')) {
PMA_sendHeaderLocation(preg_replace('/^http/', 'https', $_SESSION['PMA_Config']->get('PmaAbsoluteUri')) . PMA_generate_common_url($_GET));
exit;
}
/******************************************************************************/
/* loading language file LABEL_loading_language_file */
/**
* Added messages while developing:
*/
if (file_exists('./lang/added_messages.php')) {
include './lang/added_messages.php';
}
/**
* Includes the language file if it hasn't been included yet
*/
require './libraries/language.lib.php';
/**
*/
$err_url_0 = 'main.php?' . PMA_generate_common_url();
$err_url = $cfg['DefaultTabDatabase'] . '?' . PMA_generate_common_url($db);
/**
* Ensures the database exists (else move to the "parent" script) and displays
* headers
*/
if (!isset($is_db) || !$is_db) {
// Not a valid db name -> back to the welcome page
if (strlen($db)) {
$is_db = PMA_DBI_select_db($db);
}
if (! strlen($db) || !$is_db) {
PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . 'main.php?' . PMA_generate_common_url('', '', '&') . (isset($message) ? '&message=' . urlencode($message) : '') . '&reload=1');
exit;
}
} // end if (ensures db exists)
/**
* Changes database charset if requested by the user
*/
if (isset($submitcollation) && !empty($db_collation)) {
list($db_charset) = explode('_', $db_collation);
$sql_query = 'ALTER DATABASE ' . PMA_backquote($db) . ' DEFAULT' . PMA_generateCharsetQueryPart($db_collation);
$result = PMA_DBI_query($sql_query);
$message = PMA_Message::success();
unset($db_charset, $db_collation);
}
if ($GLOBALS['dbi']->getError() && $GLOBALS['errno'] == 2014) {
$is_db = true;
unset($GLOBALS['errno']);
}
} else {
$is_db = false;
}
// Not a valid db name -> back to the welcome page
$uri = $cfg['PmaAbsoluteUri'] . 'index.php' . PMA_URL_getCommon(array(), 'text') . (isset($message) ? '&message=' . urlencode($message) : '') . '&reload=1';
if (!mb_strlen($db) || !$is_db) {
$response = PMA\libraries\Response::getInstance();
if ($response->isAjax()) {
$response->setRequestStatus(false);
$response->addJSON('message', Message::error(__('No databases selected.')));
} else {
PMA_sendHeaderLocation($uri);
}
exit;
}
}
// end if (ensures db exists)
/**
* Changes database charset if requested by the user
*/
if (isset($_REQUEST['submitcollation']) && isset($_REQUEST['db_collation']) && !empty($_REQUEST['db_collation'])) {
list($db_charset) = explode('_', $_REQUEST['db_collation']);
$sql_query = 'ALTER DATABASE ' . PMA\libraries\Util::backquote($db) . ' DEFAULT' . PMA_generateCharsetQueryPart($_REQUEST['db_collation']);
$result = $GLOBALS['dbi']->query($sql_query);
$message = Message::success();
unset($db_charset);
/**
PMA_DBI_free_result($result);
unset($result);
}
if ($total_affected_rows != 0) {
$message .= $total_affected_rows;
} else {
$message .= $strModifications;
}
$message .= $last_message;
if (!empty($warning_message)) {
// TODO: use a <div class="warning"> in PMA_showMessage()
// for this part of the message
$message .= '[br]' . $warning_message;
}
if ($is_gotofile) {
if ($goto == 'db_details.php' && isset($table)) {
unset($table);
}
$js_to_run = 'functions.js';
$active_page = $goto;
require_once './libraries/header.inc.php';
require './' . PMA_securePath($goto);
} else {
// if we have seen binary,
// we do not append the query to the Location so it won't be displayed
// on the resulting page
// Nijel: we also need to limit size of url...
$add_query = !$seen_binary && strlen($sql_query) < 1024 ? '&disp_query=' . urlencode($sql_query) : '';
PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . $goto . '&disp_message=' . urlencode($message) . $add_query);
}
exit;
/**
* Redirects after saving new user preferences
*
* @param string $file_name Filename
* @param array $params URL parameters
* @param string $hash Hash value
*
* @return void
*/
function PMA_userprefsRedirect($file_name, $params = null, $hash = null)
{
// redirect
$url_params = array('saved' => 1);
if (is_array($params)) {
$url_params = array_merge($params, $url_params);
}
if ($hash) {
$hash = '#' . urlencode($hash);
}
PMA_sendHeaderLocation('./' . $file_name . PMA_URL_getCommon($url_params, '&') . $hash);
}
foreach ($_COOKIE as $cookie_name => $tmp) {
$GLOBALS['PMA_Config']->removeCookie($cookie_name);
}
$_COOKIE = array();
$GLOBALS['PMA_Config']->setCookie('pmaCookieVer', $pma_cookie_version);
}
}
/**
* check HTTPS connection
*/
if ($GLOBALS['PMA_Config']->get('ForceSSL') && !$GLOBALS['PMA_Config']->detectHttps()) {
require './libraries/select_lang.lib.php';
// grab SSL URL
$url = $GLOBALS['PMA_Config']->getSSLUri();
// Actually redirect
PMA_sendHeaderLocation($url . PMA_URL_getCommon($_GET, 'text'));
// delete the current session, otherwise we get problems (see bug #2397877)
$GLOBALS['PMA_Config']->removeCookie($GLOBALS['session_name']);
exit;
}
/**
* include session handling after the globals, to prevent overwriting
*/
require './libraries/session.inc.php';
/**
* init some variables LABEL_variables_init
*/
/**
* holds parameters to be passed to next page
* @global array $GLOBALS['url_params']
*/
$db = '';
}
$goto = 'main.php';
}
// Loads to target script
if ($goto != 'main.php') {
include_once 'libraries/header.inc.php';
}
$active_page = $goto;
include '' . $goto;
} else {
// avoid a redirect loop when last record was deleted
if (0 == $num_rows && 'sql.php' == $cfg['DefaultTabTable']) {
$goto = str_replace('sql.php', 'tbl_structure.php', $goto);
}
PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . str_replace('&', '&', $goto) . '&message=' . urlencode($message));
} // end else
exit();
// end no rows returned
} else {
// At least one row is returned -> displays a table with results
//If we are retrieving the full value of a truncated field or the original
// value of a transformed field, show it here and exit
if ($GLOBALS['grid_edit'] == true && $GLOBALS['cfg']['AjaxEnable']) {
$row = PMA_DBI_fetch_row($result);
$extra_data = array();
$extra_data['value'] = $row[0];
PMA_ajaxResponse(null, true, $extra_data);
}
if (isset($_REQUEST['ajax_request']) && isset($_REQUEST['table_maintenance'])) {