/**
* Test database connection
*
* @param string $connect_type 'tcp' or 'socket'
* @param string $host host name
* @param string $port tcp port to use
* @param string $socket socket to use
* @param string $user username to use
* @param string $pass password to use
* @param string $error_key key to use in return array
*
* @return bool|array
*/
public static function testDBConnection($connect_type, $host, $port, $socket, $user, $pass = null, $error_key = 'Server')
{
// static::testPHPErrorMsg();
$error = null;
$host = PMA_sanitizeMySQLHost($host);
if (DatabaseInterface::checkDbExtension('mysqli')) {
$socket = empty($socket) || $connect_type == 'tcp' ? null : $socket;
$port = empty($port) || $connect_type == 'socket' ? null : $port;
$extension = 'mysqli';
} else {
$socket = empty($socket) || $connect_type == 'tcp' ? null : ':' . ($socket[0] == '/' ? '' : '/') . $socket;
$port = empty($port) || $connect_type == 'socket' ? null : ':' . $port;
$extension = 'mysql';
}
if ($extension == 'mysql') {
$conn = @mysql_connect($host . $port . $socket, $user, $pass);
if (!$conn) {
$error = __('Could not connect to the database server!');
} else {
mysql_close($conn);
}
} else {
$conn = @mysqli_connect($host, $user, $pass, null, $port, $socket);
if (!$conn) {
$error = __('Could not connect to the database server!');
} else {
mysqli_close($conn);
}
}
// static::testPHPErrorMsg(false);
if (isset($php_errormsg)) {
$error .= " - {$php_errormsg}";
}
return is_null($error) ? true : array($error_key => $error);
}
/**
* Gets advanced authentication settings
*
* this function DOES NOT check authentication - it just checks/provides
* authentication credentials required to connect to the MySQL server
* usually with $GLOBALS['dbi']->connect()
*
* it returns false if something is missing - which usually leads to
* auth() which displays login form
*
* it returns true if all seems ok which usually leads to auth_set_user()
*
* it directly switches to authFails() if user inactivity timeout is reached
*
* @return boolean whether we get authentication settings or not
*/
public function authCheck()
{
global $conn_error;
// Initialization
/**
* @global $GLOBALS['pma_auth_server'] the user provided server to
* connect to
*/
$GLOBALS['pma_auth_server'] = '';
$GLOBALS['PHP_AUTH_USER'] = $GLOBALS['PHP_AUTH_PW'] = '';
$GLOBALS['from_cookie'] = false;
if (!empty($_REQUEST['pma_username'])) {
// Verify Captcha if it is required.
if (!empty($GLOBALS['cfg']['CaptchaLoginPrivateKey']) && !empty($GLOBALS['cfg']['CaptchaLoginPublicKey'])) {
if (!empty($_POST["g-recaptcha-response"])) {
include_once 'libraries/plugins/auth/recaptcha/autoload.php';
$reCaptcha = new ReCaptcha($GLOBALS['cfg']['CaptchaLoginPrivateKey']);
// verify captcha status.
$resp = $reCaptcha->verify($_POST["g-recaptcha-response"], $_SERVER["REMOTE_ADDR"]);
// Check if the captcha entered is valid, if not stop the login.
if ($resp == null || !$resp->isSuccess()) {
$conn_error = __('Entered captcha is wrong, try again!');
return false;
}
} else {
$conn_error = __('Please enter correct captcha!');
return false;
}
}
// The user just logged in
$GLOBALS['PHP_AUTH_USER'] = PMA_sanitizeMySQLUser($_REQUEST['pma_username']);
$GLOBALS['PHP_AUTH_PW'] = empty($_REQUEST['pma_password']) ? '' : $_REQUEST['pma_password'];
if ($GLOBALS['cfg']['AllowArbitraryServer'] && isset($_REQUEST['pma_servername'])) {
if ($GLOBALS['cfg']['ArbitraryServerRegexp']) {
$parts = explode(' ', $_REQUEST['pma_servername']);
if (count($parts) == 2) {
$tmp_host = $parts[0];
} else {
$tmp_host = $_REQUEST['pma_servername'];
}
$match = preg_match($GLOBALS['cfg']['ArbitraryServerRegexp'], $tmp_host);
if (!$match) {
$conn_error = __('You are not allowed to log in to this MySQL server!');
return false;
}
}
$GLOBALS['pma_auth_server'] = PMA_sanitizeMySQLHost($_REQUEST['pma_servername']);
}
PMA_secureSession();
return true;
}
// At the end, try to set the $GLOBALS['PHP_AUTH_USER']
// and $GLOBALS['PHP_AUTH_PW'] variables from cookies
// check cookies
if (empty($_COOKIE['pmaUser-' . $GLOBALS['server']])) {
return false;
}
$GLOBALS['PHP_AUTH_USER'] = $this->cookieDecrypt($_COOKIE['pmaUser-' . $GLOBALS['server']], $this->_getEncryptionSecret());
// user was never logged in since session start
if (empty($_SESSION['last_access_time'])) {
return false;
}
// User inactive too long
$last_access_time = time() - $GLOBALS['cfg']['LoginCookieValidity'];
if ($_SESSION['last_access_time'] < $last_access_time) {
Util::cacheUnset('is_create_db_priv');
Util::cacheUnset('is_reload_priv');
Util::cacheUnset('db_to_create');
Util::cacheUnset('dbs_where_create_table_allowed');
Util::cacheUnset('dbs_to_test');
Util::cacheUnset('db_priv');
Util::cacheUnset('col_priv');
Util::cacheUnset('table_priv');
Util::cacheUnset('proc_priv');
$GLOBALS['no_activity'] = true;
$this->authFails();
if (!defined('TESTSUITE')) {
exit;
} else {
return false;
}
}
// check password cookie
if (empty($_COOKIE['pmaAuth-' . $GLOBALS['server']])) {
return false;
}
$auth_data = json_decode($this->cookieDecrypt($_COOKIE['pmaAuth-' . $GLOBALS['server']], $this->_getSessionEncryptionSecret()), true);
if (!is_array($auth_data) || !isset($auth_data['password'])) {
return false;
}
$GLOBALS['PHP_AUTH_PW'] = $auth_data['password'];
if ($GLOBALS['cfg']['AllowArbitraryServer'] && !empty($auth_data['server'])) {
$GLOBALS['pma_auth_server'] = $auth_data['server'];
}
$GLOBALS['from_cookie'] = true;
return true;
}
/**
* This function provides connection to remote mysql server
*
* @param string $user mysql username
* @param string $password password for the user
* @param string $host mysql server's hostname or IP
* @param int $port mysql remote port
* @param string $socket path to unix socket
*
* @return mixed $link mysql link on success
*/
function PMA_Replication_connectToMaster($user, $password, $host = null, $port = null, $socket = null)
{
$server = array();
$server["host"] = PMA_sanitizeMySQLHost($host);
$server["port"] = $port;
$server["socket"] = $socket;
// 5th parameter set to true means that it's an auxiliary connection
// and we must not go back to login page if it fails
return $GLOBALS['dbi']->connect($user, $password, false, $server, true);
}
/**
* Test for MySQL host sanitizing
*
* @param string $host Test host name
* @param string $expected Expected result
*
* @return void
*
* @dataProvider provideMySQLHosts
*/
function testSanitizeMySQLHost($host, $expected)
{
$this->assertEquals($expected, PMA_sanitizeMySQLHost($host));
}
/**
* This function provides connection to remote mysql server
*
* @param string $user mysql username
* @param string $password password for the user
* @param string $host mysql server's hostname or IP
* @param int $port mysql remote port
* @param string $socket path to unix socket
*
* @return mixed $link mysql link on success
*/
function PMA_Replication_connectToMaster($user, $password, $host = null, $port = null, $socket = null)
{
$server = array();
$server['user'] = $user;
$server['password'] = $password;
$server["host"] = PMA_sanitizeMySQLHost($host);
$server["port"] = $port;
$server["socket"] = $socket;
// 5th parameter set to true means that it's an auxiliary connection
// and we must not go back to login page if it fails
return $GLOBALS['dbi']->connect(DatabaseInterface::CONNECT_AUXILIARY, $server);
}
