/** * This function is called from one of the other functions in this file * and it completes the handling of the export functionality. * * @param string $item_name The name of the item that we are exporting * @param string $export_data The SQL query to create the requested item * * @return void */ function PMA_RTE_handleExport($item_name, $export_data) { global $db; $item_name = htmlspecialchars(PMA_Util::backquote($_GET['item_name'])); if ($export_data !== false) { $export_data = '<textarea cols="40" rows="15" style="width: 100%;">' . htmlspecialchars(trim($export_data)) . '</textarea>'; $title = sprintf(PMA_RTE_getWord('export'), $item_name); if ($GLOBALS['is_ajax_request'] == true) { $response = PMA_Response::getInstance(); $response->addJSON('message', $export_data); $response->addJSON('title', $title); exit; } else { echo "<fieldset>\n" . "<legend>{$title}</legend>\n" . $export_data . "</fieldset>\n"; } } else { $_db = htmlspecialchars(PMA_Util::backquote($db)); $message = __('Error in processing request:') . ' ' . sprintf(PMA_RTE_getWord('not_found'), $item_name, $_db); $response = PMA_message::error($message); if ($GLOBALS['is_ajax_request'] == true) { $response = PMA_Response::getInstance(); $response->isSuccess(false); $response->addJSON('message', $message); exit; } else { $response->display(); } } }
/** * Send TRI or EVN editor via ajax or by echoing. * * @param string $type TRI or EVN * @param string $mode Editor mode 'add' or 'edit' * @param array $item Data necessary to create the editor * @param string $title Title of the editor * @param string $db Database * @param string $operation Operation 'change' or '' * * @return void */ function PMA_RTE_sendEditor($type, $mode, $item, $title, $db, $operation = null) { if ($item !== false) { // Show form if ($type == 'TRI') { $editor = PMA_TRI_getEditorForm($mode, $item); } else { // EVN $editor = PMA_EVN_getEditorForm($mode, $operation, $item); } if ($GLOBALS['is_ajax_request']) { $response = PMA_Response::getInstance(); $response->addJSON('message', $editor); $response->addJSON('title', $title); } else { echo "\n\n<h2>{$title}</h2>\n\n{$editor}"; unset($_POST); } exit; } else { $message = __('Error in processing request:') . ' '; $message .= sprintf(PMA_RTE_getWord('not_found'), htmlspecialchars(PMA_Util::backquote($_REQUEST['item_name'])), htmlspecialchars(PMA_Util::backquote($db))); $message = PMA_message::error($message); if ($GLOBALS['is_ajax_request']) { $response = PMA_Response::getInstance(); $response->isSuccess(false); $response->addJSON('message', $message); exit; } else { $message->display(); } } }
/** * This function is called from one of the other functions in this file * and it completes the handling of the export functionality. * * @param string $item_name The name of the item that we are exporting * @param string $export_data The SQL query to create the requested item */ function PMA_RTE_handleExport($item_name, $export_data) { global $db; $item_name = htmlspecialchars(PMA_backquote($_GET['item_name'])); if ($export_data !== false) { $export_data = '<textarea cols="40" rows="15" style="width: 100%;">' . htmlspecialchars(trim($export_data)) . '</textarea>'; $title = sprintf(PMA_RTE_getWord('export'), $item_name); if ($GLOBALS['is_ajax_request'] == true) { $extra_data = array('title' => $title); PMA_ajaxResponse($export_data, true, $extra_data); } else { echo "<fieldset>\n" . "<legend>{$title}</legend>\n" . $export_data . "</fieldset>\n"; } } else { $_db = htmlspecialchars(PMA_backquote($db)); $response = __('Error in Processing Request') . ' : ' . sprintf(PMA_RTE_getWord('not_found'), $item_name, $_db); $response = PMA_message::error($response); if ($GLOBALS['is_ajax_request'] == true) { PMA_ajaxResponse($response, false); } else { $response->display(); } } }
/** * Returns some warnings to be displayed at the top of the page * * @return string The warnings */ private function _getWarnings() { $retval = ''; if ($this->_warningsEnabled) { $retval .= "<noscript>"; $retval .= PMA_message::error(__("Javascript must be enabled past this point!"))->getDisplay(); $retval .= "</noscript>"; } return $retval; }
/** * Handles requests for executing a routine * * @return Does not return */ function PMA_RTN_handleExecute() { global $_GET, $_POST, $_REQUEST, $GLOBALS, $db; /** * Handle all user requests other than the default of listing routines */ if (!empty($_REQUEST['execute_routine']) && !empty($_REQUEST['item_name'])) { // Build the queries $routine = PMA_RTN_getDataFromName($_REQUEST['item_name'], $_REQUEST['item_type'], false); if ($routine !== false) { $queries = array(); $end_query = array(); $args = array(); $all_functions = $GLOBALS['PMA_Types']->getAllFunctions(); for ($i = 0; $i < $routine['item_num_params']; $i++) { if (isset($_REQUEST['params'][$routine['item_param_name'][$i]])) { $value = $_REQUEST['params'][$routine['item_param_name'][$i]]; if (is_array($value)) { // is SET type $value = implode(',', $value); } $value = PMA_Util::sqlAddSlashes($value); if (!empty($_REQUEST['funcs'][$routine['item_param_name'][$i]]) && in_array($_REQUEST['funcs'][$routine['item_param_name'][$i]], $all_functions)) { $queries[] = "SET @p{$i}={$_REQUEST['funcs'][$routine['item_param_name'][$i]]}('{$value}');\n"; } else { $queries[] = "SET @p{$i}='{$value}';\n"; } $args[] = "@p{$i}"; } else { $args[] = "@p{$i}"; } if ($routine['item_type'] == 'PROCEDURE') { if ($routine['item_param_dir'][$i] == 'OUT' || $routine['item_param_dir'][$i] == 'INOUT') { $end_query[] = "@p{$i} AS " . PMA_Util::backquote($routine['item_param_name'][$i]); } } } if ($routine['item_type'] == 'PROCEDURE') { $queries[] = "CALL " . PMA_Util::backquote($routine['item_name']) . "(" . implode(', ', $args) . ");\n"; if (count($end_query)) { $queries[] = "SELECT " . implode(', ', $end_query) . ";\n"; } } else { $queries[] = "SELECT " . PMA_Util::backquote($routine['item_name']) . "(" . implode(', ', $args) . ") " . "AS " . PMA_Util::backquote($routine['item_name']) . ";\n"; } // Get all the queries as one SQL statement $multiple_query = implode("", $queries); $outcome = true; $affected = 0; // Execute query if (!PMA_DBI_try_multi_query($multiple_query)) { $outcome = false; } // Generate output if ($outcome) { // Pass the SQL queries through the "pretty printer" $output = '<code class="sql" style="margin-bottom: 1em;">'; $output .= PMA_SQP_formatHtml(PMA_SQP_parse(implode($queries))); $output .= '</code>'; // Display results $output .= "<fieldset><legend>"; $output .= sprintf(__('Execution results of routine %s'), PMA_Util::backquote(htmlspecialchars($routine['item_name']))); $output .= "</legend>"; $num_of_rusults_set_to_display = 0; do { $result = PMA_DBI_store_result(); $num_rows = PMA_DBI_num_rows($result); if ($result !== false && $num_rows > 0) { $output .= "<table><tr>"; foreach (PMA_DBI_get_fields_meta($result) as $key => $field) { $output .= "<th>"; $output .= htmlspecialchars($field->name); $output .= "</th>"; } $output .= "</tr>"; $color_class = 'odd'; while ($row = PMA_DBI_fetch_assoc($result)) { $output .= "<tr>"; foreach ($row as $key => $value) { if ($value === null) { $value = '<i>NULL</i>'; } else { $value = htmlspecialchars($value); } $output .= "<td class='" . $color_class . "'>" . $value . "</td>"; } $output .= "</tr>"; $color_class = $color_class == 'odd' ? 'even' : 'odd'; } $output .= "</table>"; $num_of_rusults_set_to_display++; $affected = $num_rows; } if (!PMA_DBI_more_results()) { break; } $output .= "<br/>"; PMA_DBI_free_result($result); } while (PMA_DBI_next_result()); $output .= "</fieldset>"; $message = __('Your SQL query has been executed successfully'); if ($routine['item_type'] == 'PROCEDURE') { $message .= '<br />'; // TODO : message need to be modified according to the // output from the routine $message .= sprintf(_ngettext('%d row affected by the last statement inside the procedure', '%d rows affected by the last statement inside the procedure', $affected), $affected); } $message = PMA_message::success($message); if ($num_of_rusults_set_to_display == 0) { $notice = __('MySQL returned an empty result set (i.e. zero rows).'); $output .= PMA_message::notice($notice)->getDisplay(); } } else { $output = ''; $message = PMA_message::error(sprintf(__('The following query has failed: "%s"'), htmlspecialchars($query)) . '<br /><br />' . __('MySQL said: ') . PMA_DBI_getError(null)); } // Print/send output if ($GLOBALS['is_ajax_request']) { $response = PMA_Response::getInstance(); $response->isSuccess($message->isSuccess()); $response->addJSON('message', $message->getDisplay() . $output); $response->addJSON('dialog', false); exit; } else { echo $message->getDisplay() . $output; if ($message->isError()) { // At least one query has failed, so shouldn't // execute any more queries, so we quit. exit; } unset($_POST); // Now deliberately fall through to displaying the routines list } } else { $message = __('Error in processing request') . ' : '; $message .= sprintf(PMA_RTE_getWord('not_found'), htmlspecialchars(PMA_Util::backquote($_REQUEST['item_name'])), htmlspecialchars(PMA_Util::backquote($db))); $message = PMA_message::error($message); if ($GLOBALS['is_ajax_request']) { $response = PMA_Response::getInstance(); $response->isSuccess(false); $response->addJSON('message', $message); exit; } else { echo $message->getDisplay(); unset($_POST); } } } else { if (!empty($_GET['execute_dialog']) && !empty($_GET['item_name'])) { /** * Display the execute form for a routine. */ $routine = PMA_RTN_getDataFromName($_GET['item_name'], $_GET['item_type'], true); if ($routine !== false) { $form = PMA_RTN_getExecuteForm($routine); if ($GLOBALS['is_ajax_request'] == true) { $title = __("Execute routine") . " " . PMA_Util::backquote(htmlentities($_GET['item_name'], ENT_QUOTES)); $response = PMA_Response::getInstance(); $response->addJSON('message', $form); $response->addJSON('title', $title); $response->addJSON('dialog', true); } else { echo "\n\n<h2>" . __("Execute routine") . "</h2>\n\n"; echo $form; } exit; } else { if ($GLOBALS['is_ajax_request'] == true) { $message = __('Error in processing request') . ' : '; $message .= sprintf(PMA_RTE_getWord('not_found'), htmlspecialchars(PMA_Util::backquote($_REQUEST['item_name'])), htmlspecialchars(PMA_Util::backquote($db))); $message = PMA_message::error($message); $response = PMA_Response::getInstance(); $response->isSuccess(false); $response->addJSON('message', $message); exit; } } } } }
/** * Function to add a bookmark * * @param String $pmaAbsoluteUri absolute URI * @param String $goto goto page URL * * @return void */ function PMA_addBookmark($pmaAbsoluteUri, $goto) { $result = PMA_Bookmark_save($_POST['bkm_fields'], isset($_POST['bkm_all_users']) && $_POST['bkm_all_users'] == 'true' ? true : false); $response = PMA_Response::getInstance(); if ($response->isAjax()) { if ($result) { $msg = PMA_message::success(__('Bookmark %s has been created.')); $msg->addParam($_POST['bkm_fields']['bkm_label']); $response->addJSON('message', $msg); } else { $msg = PMA_message::error(__('Bookmark not created!')); $response->isSuccess(false); $response->addJSON('message', $msg); } exit; } else { // go back to sql.php to redisplay query; do not use & in this case: /** * @todo In which scenario does this happen? */ PMA_sendHeaderLocation($pmaAbsoluteUri . $goto . '&label=' . $_POST['bkm_fields']['bkm_label']); } }
/** * Displays authentication form * * this function MUST exit/quit the application * * @global string $conn_error the last connection error * * @return boolean|void */ public function auth() { global $conn_error; $response = PMA_Response::getInstance(); if ($response->isAjax()) { $response->setRequestStatus(false); // redirect_flag redirects to the login page $response->addJSON('redirect_flag', '1'); if (defined('TESTSUITE')) { return true; } else { exit; } } /* Perform logout to custom URL */ if (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) { PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']); if (defined('TESTSUITE')) { return true; } else { exit; } } // No recall if blowfish secret is not configured as it would produce // garbage if ($GLOBALS['cfg']['LoginCookieRecall'] && !empty($GLOBALS['cfg']['blowfish_secret'])) { $default_user = $GLOBALS['PHP_AUTH_USER']; $default_server = $GLOBALS['pma_auth_server']; $autocomplete = ''; } else { $default_user = ''; $default_server = ''; // skip the IE autocomplete feature. $autocomplete = ' autocomplete="off"'; } $response->getFooter()->setMinimal(); $header = $response->getHeader(); $header->setBodyId('loginform'); $header->setTitle('phpMyAdmin'); $header->disableMenuAndConsole(); $header->disableWarnings(); if (file_exists(CUSTOM_HEADER_FILE)) { include CUSTOM_HEADER_FILE; } echo ' <div class="container"> <a href="'; echo PMA_linkURL('https://www.phpmyadmin.net/'); echo '" target="_blank" class="logo">'; $logo_image = $GLOBALS['pmaThemeImage'] . 'logo_right.png'; if (@file_exists($logo_image)) { echo '<img src="' . $logo_image . '" id="imLogo" name="imLogo" alt="phpMyAdmin" border="0" />'; } else { echo '<img name="imLogo" id="imLogo" src="' . $GLOBALS['pmaThemeImage'] . 'pma_logo.png' . '" ' . 'border="0" width="88" height="31" alt="phpMyAdmin" />'; } echo '</a> <h1>'; echo sprintf(__('Welcome to %s'), '<bdo dir="ltr" lang="en">phpMyAdmin</bdo>'); echo "</h1>"; // Show error message if (!empty($conn_error)) { PMA_Message::rawError($conn_error)->display(); } elseif (isset($_GET['session_expired']) && intval($_GET['session_expired']) == 1) { PMA_Message::rawError(__('Your session has expired. Please log in again.'))->display(); } echo "<noscript>\n"; PMA_message::error(__("Javascript must be enabled past this point!"))->display(); echo "</noscript>\n"; echo "<div class='hide js-show'>"; // Displays the languages form if (empty($GLOBALS['cfg']['Lang'])) { include_once './libraries/display_select_lang.lib.php'; // use fieldset, don't show doc link echo PMA_getLanguageSelectorHtml(true, false); } echo '</div> <br /> <!-- Login form --> <form method="post" action="index.php" name="login_form"' . $autocomplete . ' class="disableAjax login hide js-show"> <fieldset> <legend>'; echo __('Log in'); echo PMA_Util::showDocu('index'); echo '</legend>'; if ($GLOBALS['cfg']['AllowArbitraryServer']) { echo ' <div class="item"> <label for="input_servername" title="'; echo __('You can enter hostname/IP address and port separated by space.'); echo '">'; echo __('Server:'); echo '</label> <input type="text" name="pma_servername" id="input_servername"'; echo ' value="'; echo htmlspecialchars($default_server); echo '" size="24" class="textfield" title="'; echo __('You can enter hostname/IP address and port separated by space.'); echo '" /> </div>'; } echo '<div class="item"> <label for="input_username">' . __('Username:'******'</label> <input type="text" name="pma_username" id="input_username" ' . 'value="' . htmlspecialchars($default_user) . '" size="24"' . ' class="textfield"/> </div> <div class="item"> <label for="input_password">' . __('Password:'******'</label> <input type="password" name="pma_password" id="input_password"' . ' value="" size="24" class="textfield" /> </div>'; if (count($GLOBALS['cfg']['Servers']) > 1) { echo '<div class="item"> <label for="select_server">' . __('Server Choice:') . '</label> <select name="server" id="select_server"'; if ($GLOBALS['cfg']['AllowArbitraryServer']) { echo ' onchange="document.forms[\'login_form\'].' . 'elements[\'pma_servername\'].value = \'\'" '; } echo '>'; include_once './libraries/select_server.lib.php'; echo PMA_selectServer(false, false); echo '</select></div>'; } else { echo ' <input type="hidden" name="server" value="' . $GLOBALS['server'] . '" />'; } // end if (server choice) // Add captcha input field if reCaptcha is enabled if (!empty($GLOBALS['cfg']['CaptchaLoginPrivateKey']) && !empty($GLOBALS['cfg']['CaptchaLoginPublicKey'])) { // If enabled show captcha to the user on the login screen. echo '<script src="https://www.google.com/recaptcha/api.js?hl=' . $GLOBALS['lang'] . '" async defer></script>'; echo '<div class="g-recaptcha" data-sitekey="' . $GLOBALS['cfg']['CaptchaLoginPublicKey'] . '"></div>'; } echo '</fieldset> <fieldset class="tblFooters"> <input value="' . __('Go') . '" type="submit" id="input_go" />'; $_form_params = array(); if (!empty($GLOBALS['target'])) { $_form_params['target'] = $GLOBALS['target']; } if (!empty($GLOBALS['db'])) { $_form_params['db'] = $GLOBALS['db']; } if (!empty($GLOBALS['table'])) { $_form_params['table'] = $GLOBALS['table']; } // do not generate a "server" hidden field as we want the "server" // drop-down to have priority echo PMA_URL_getHiddenInputs($_form_params, '', 0, 'server'); echo '</fieldset> </form>'; // BEGIN Swekey Integration Swekey_login('input_username', 'input_go'); // END Swekey Integration if ($GLOBALS['error_handler']->hasDisplayErrors()) { echo '<div id="pma_errors">'; $GLOBALS['error_handler']->dispErrors(); echo '</div>'; } echo '</div>'; if (file_exists(CUSTOM_FOOTER_FILE)) { include CUSTOM_FOOTER_FILE; } if (!defined('TESTSUITE')) { exit; } else { return true; } }
/** * Handles requests for executing a routine */ function PMA_RTN_handleExecute() { global $_GET, $_POST, $_REQUEST, $GLOBALS, $db, $cfg; /** * Handle all user requests other than the default of listing routines */ if (!empty($_REQUEST['execute_routine']) && !empty($_REQUEST['item_name'])) { // Build the queries $routine = PMA_RTN_getDataFromName($_REQUEST['item_name'], $_REQUEST['item_type'], false); if ($routine !== false) { $queries = array(); $end_query = array(); $args = array(); for ($i = 0; $i < $routine['item_num_params']; $i++) { if (isset($_REQUEST['params'][$routine['item_param_name'][$i]])) { $value = $_REQUEST['params'][$routine['item_param_name'][$i]]; if (is_array($value)) { // is SET type $value = implode(',', $value); } $value = PMA_sqlAddSlashes($value); if (!empty($_REQUEST['funcs'][$routine['item_param_name'][$i]]) && in_array($_REQUEST['funcs'][$routine['item_param_name'][$i]], $cfg['Functions'])) { $queries[] = "SET @p{$i}={$_REQUEST['funcs'][$routine['item_param_name'][$i]]}('{$value}');\n"; } else { $queries[] = "SET @p{$i}='{$value}';\n"; } $args[] = "@p{$i}"; } else { $args[] = "@p{$i}"; } if ($routine['item_type'] == 'PROCEDURE') { if ($routine['item_param_dir'][$i] == 'OUT' || $routine['item_param_dir'][$i] == 'INOUT') { $end_query[] = "@p{$i} AS " . PMA_backquote($routine['item_param_name'][$i]); } } } if ($routine['item_type'] == 'PROCEDURE') { $queries[] = "CALL " . PMA_backquote($routine['item_name']) . "(" . implode(', ', $args) . ");\n"; if (count($end_query)) { $queries[] = "SELECT " . implode(', ', $end_query) . ";\n"; } } else { $queries[] = "SELECT " . PMA_backquote($routine['item_name']) . "(" . implode(', ', $args) . ") " . "AS " . PMA_backquote($routine['item_name']) . ";\n"; } // Execute the queries $affected = 0; $result = null; $outcome = true; foreach ($queries as $query) { $resource = PMA_DBI_try_query($query); if ($resource === false) { $outcome = false; break; } while (true) { if (!PMA_DBI_more_results()) { break; } PMA_DBI_next_result(); } if (substr($query, 0, 6) == 'SELECT') { $result = $resource; } else { if (substr($query, 0, 4) == 'CALL') { $result = $resource ? $resource : $result; $affected = PMA_DBI_affected_rows() - PMA_DBI_num_rows($resource); } } } // Generate output if ($outcome) { $message = __('Your SQL query has been executed successfully'); if ($routine['item_type'] == 'PROCEDURE') { $message .= '<br />'; $message .= sprintf(_ngettext('%d row affected by the last statement inside the procedure', '%d rows affected by the last statement inside the procedure', $affected), $affected); } $message = PMA_message::success($message); // Pass the SQL queries through the "pretty printer" $output = '<code class="sql" style="margin-bottom: 1em;">'; $output .= PMA_SQP_formatHtml(PMA_SQP_parse(implode($queries))); $output .= '</code>'; // Display results if ($result) { $output .= "<fieldset><legend>"; $output .= sprintf(__('Execution results of routine %s'), PMA_backquote(htmlspecialchars($routine['item_name']))); $output .= "</legend>"; $output .= "<table><tr>"; foreach (PMA_DBI_get_fields_meta($result) as $key => $field) { $output .= "<th>"; $output .= htmlspecialchars($field->name); $output .= "</th>"; } $output .= "</tr>"; // Stored routines can only ever return ONE ROW. $data = PMA_DBI_fetch_single_row($result); foreach ($data as $key => $value) { if ($value === null) { $value = '<i>NULL</i>'; } else { $value = htmlspecialchars($value); } $output .= "<td class='odd'>" . $value . "</td>"; } $output .= "</table></fieldset>"; } else { $notice = __('MySQL returned an empty result set (i.e. zero rows).'); $output .= PMA_message::notice($notice)->getDisplay(); } } else { $output = ''; $message = PMA_message::error(sprintf(__('The following query has failed: "%s"'), $query) . '<br /><br />' . __('MySQL said: ') . PMA_DBI_getError(null)); } // Print/send output if ($GLOBALS['is_ajax_request']) { $extra_data = array('dialog' => false); PMA_ajaxResponse($message->getDisplay() . $output, $message->isSuccess(), $extra_data); } else { echo $message->getDisplay() . $output; if ($message->isError()) { // At least one query has failed, so shouldn't // execute any more queries, so we quit. exit; } unset($_POST); // Now deliberately fall through to displaying the routines list } } else { $message = __('Error in processing request') . ' : '; $message .= sprintf(PMA_RTE_getWord('not_found'), htmlspecialchars(PMA_backquote($_REQUEST['item_name'])), htmlspecialchars(PMA_backquote($db))); $message = PMA_message::error($message); if ($GLOBALS['is_ajax_request']) { PMA_ajaxResponse($message, $message->isSuccess()); } else { echo $message->getDisplay(); unset($_POST); } } } else { if (!empty($_GET['execute_dialog']) && !empty($_GET['item_name'])) { /** * Display the execute form for a routine. */ $routine = PMA_RTN_getDataFromName($_GET['item_name'], $_GET['item_type'], true); if ($routine !== false) { $form = PMA_RTN_getExecuteForm($routine); if ($GLOBALS['is_ajax_request'] == true) { $extra_data = array(); $extra_data['dialog'] = true; $extra_data['title'] = __("Execute routine") . " "; $extra_data['title'] .= PMA_backquote(htmlentities($_GET['item_name'], ENT_QUOTES)); PMA_ajaxResponse($form, true, $extra_data); } else { echo "\n\n<h2>" . __("Execute routine") . "</h2>\n\n"; echo $form; include './libraries/footer.inc.php'; // exit; } } else { if ($GLOBALS['is_ajax_request'] == true) { $message = __('Error in processing request') . ' : '; $message .= sprintf(PMA_RTE_getWord('not_found'), htmlspecialchars(PMA_backquote($_REQUEST['item_name'])), htmlspecialchars(PMA_backquote($db))); $message = PMA_message::error($message); PMA_ajaxResponse($message, false); } } } } }
/** * Handles editor requests for adding or editing an item * * @return void */ function PMA_TRI_handleEditor() { global $_REQUEST, $_POST, $errors, $db, $table; if (!empty($_REQUEST['editor_process_add']) || !empty($_REQUEST['editor_process_edit'])) { $sql_query = ''; $item_query = PMA_TRI_getQueryFromRequest(); if (!count($errors)) { // set by PMA_RTN_getQueryFromRequest() // Execute the created query if (!empty($_REQUEST['editor_process_edit'])) { // Backup the old trigger, in case something goes wrong $trigger = PMA_TRI_getDataFromName($_REQUEST['item_original_name']); $create_item = $trigger['create']; $drop_item = $trigger['drop'] . ';'; $result = PMA_DBI_try_query($drop_item); if (!$result) { $errors[] = sprintf(__('The following query has failed: "%s"'), htmlspecialchars($drop_item)) . '<br />' . __('MySQL said: ') . PMA_DBI_getError(null); } else { $result = PMA_DBI_try_query($item_query); if (!$result) { $errors[] = sprintf(__('The following query has failed: "%s"'), htmlspecialchars($item_query)) . '<br />' . __('MySQL said: ') . PMA_DBI_getError(null); // We dropped the old item, but were unable to create the new one // Try to restore the backup query $result = PMA_DBI_try_query($create_item); if (!$result) { // OMG, this is really bad! We dropped the query, // failed to create a new one // and now even the backup query does not execute! // This should not happen, but we better handle // this just in case. $errors[] = __('Sorry, we failed to restore the dropped trigger.') . '<br />' . __('The backed up query was:') . "\"" . htmlspecialchars($create_item) . "\"" . '<br />' . __('MySQL said: ') . PMA_DBI_getError(null); } } else { $message = PMA_Message::success(__('Trigger %1$s has been modified.')); $message->addParam(PMA_Util::backquote($_REQUEST['item_name'])); $sql_query = $drop_item . $item_query; } } } else { // 'Add a new item' mode $result = PMA_DBI_try_query($item_query); if (!$result) { $errors[] = sprintf(__('The following query has failed: "%s"'), htmlspecialchars($item_query)) . '<br /><br />' . __('MySQL said: ') . PMA_DBI_getError(null); } else { $message = PMA_Message::success(__('Trigger %1$s has been created.')); $message->addParam(PMA_Util::backquote($_REQUEST['item_name'])); $sql_query = $item_query; } } } if (count($errors)) { $message = PMA_Message::error(__('<b>One or more errors have occured while processing your request:</b>')); $message->addString('<ul>'); foreach ($errors as $string) { $message->addString('<li>' . $string . '</li>'); } $message->addString('</ul>'); } $output = PMA_Util::getMessage($message, $sql_query); if ($GLOBALS['is_ajax_request']) { $response = PMA_Response::getInstance(); if ($message->isSuccess()) { $items = PMA_DBI_get_triggers($db, $table, ''); $trigger = false; foreach ($items as $value) { if ($value['name'] == $_REQUEST['item_name']) { $trigger = $value; } } $insert = false; if (empty($table) || $trigger !== false && $table == $trigger['table']) { $insert = true; $response->addJSON('new_row', PMA_TRI_getRowForList($trigger)); $response->addJSON('name', htmlspecialchars(strtoupper($_REQUEST['item_name']))); } $response->addJSON('insert', $insert); $response->addJSON('message', $output); } else { $response->addJSON('message', $message); $response->isSuccess(false); } exit; } } /** * Display a form used to add/edit a trigger, if necessary */ if (count($errors) || empty($_REQUEST['editor_process_add']) && empty($_REQUEST['editor_process_edit']) && (!empty($_REQUEST['add_item']) || !empty($_REQUEST['edit_item']))) { // Get the data for the form (if any) if (!empty($_REQUEST['add_item'])) { $title = PMA_RTE_getWord('add'); $item = PMA_TRI_getDataFromRequest(); $mode = 'add'; } else { if (!empty($_REQUEST['edit_item'])) { $title = __("Edit trigger"); if (!empty($_REQUEST['item_name']) && empty($_REQUEST['editor_process_edit'])) { $item = PMA_TRI_getDataFromName($_REQUEST['item_name']); if ($item !== false) { $item['item_original_name'] = $item['item_name']; } } else { $item = PMA_TRI_getDataFromRequest(); } $mode = 'edit'; } } if ($item !== false) { // Show form $editor = PMA_TRI_getEditorForm($mode, $item); if ($GLOBALS['is_ajax_request']) { $response = PMA_Response::getInstance(); $response->addJSON('message', $editor); $response->addJSON('title', $title); } else { echo "\n\n<h2>{$title}</h2>\n\n{$editor}"; unset($_POST); } exit; } else { $message = __('Error in processing request') . ' : '; $message .= sprintf(PMA_RTE_getWord('not_found'), htmlspecialchars(PMA_Util::backquote($_REQUEST['item_name'])), htmlspecialchars(PMA_Util::backquote($db))); $message = PMA_message::error($message); if ($GLOBALS['is_ajax_request']) { $response = PMA_Response::getInstance(); $response->isSuccess(false); $response->addJSON('message', $message); exit; } else { $message->display(); } } } }
/** * Displays authentication form * * this function MUST exit/quit the application * * @global string the last connection error * * @access public */ function PMA_auth() { global $conn_error; /* Perform logout to custom URL */ if (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) { PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']); exit; } /* No recall if blowfish secret is not configured as it would produce garbage */ if ($GLOBALS['cfg']['LoginCookieRecall'] && !empty($GLOBALS['cfg']['blowfish_secret'])) { $default_user = $GLOBALS['PHP_AUTH_USER']; $default_server = $GLOBALS['pma_auth_server']; $autocomplete = ''; } else { $default_user = ''; $default_server = ''; // skip the IE autocomplete feature. $autocomplete = ' autocomplete="off"'; } $cell_align = $GLOBALS['text_dir'] == 'ltr' ? 'left' : 'right'; // Defines the charset to be used header('Content-Type: text/html; charset=utf-8'); /* HTML header; do not show here the PMA version to improve security */ $page_title = 'phpMyAdmin '; include './libraries/header_meta_style.inc.php'; // if $page_title is set, this script uses it as the title: include './libraries/header_scripts.inc.php'; ?> </head> <body class="loginform"> <?php if (file_exists(CUSTOM_HEADER_FILE)) { include CUSTOM_HEADER_FILE; } ?> <div class="container"> <a href="<?php echo PMA_linkURL('http://www.phpmyadmin.net/'); ?> " target="_blank" class="logo"><?php $logo_image = $GLOBALS['pmaThemeImage'] . 'logo_right.png'; if (@file_exists($logo_image)) { echo '<img src="' . $logo_image . '" id="imLogo" name="imLogo" alt="phpMyAdmin" border="0" />'; } else { echo '<img name="imLogo" id="imLogo" src="' . $GLOBALS['pmaThemeImage'] . 'pma_logo.png' . '" ' . 'border="0" width="88" height="31" alt="phpMyAdmin" />'; } ?> </a> <h1> <?php echo sprintf(__('Welcome to %s'), '<bdo dir="ltr" lang="en">' . $page_title . '</bdo>'); ?> </h1> <?php // Show error message if (!empty($conn_error)) { PMA_Message::rawError($conn_error)->display(); } echo "<noscript>\n"; PMA_message::error(__("Javascript must be enabled past this point"))->display(); echo "</noscript>\n"; echo "<div class='hide js-show'>"; // Displays the languages form if (empty($GLOBALS['cfg']['Lang'])) { include_once './libraries/display_select_lang.lib.php'; // use fieldset, don't show doc link PMA_select_language(true, false); } echo "</div>"; ?> <br /> <!-- Login form --> <form method="post" action="index.php" name="login_form"<?php echo $autocomplete; ?> target="_top" class="login hide js-show"> <fieldset> <legend> <?php echo __('Log in'); echo PMA_showDocu(''); ?> </legend> <?php if ($GLOBALS['cfg']['AllowArbitraryServer']) { ?> <div class="item"> <label for="input_servername" title="<?php echo __('You can enter hostname/IP address and port separated by space.'); ?> "><?php echo __('Server:'); ?> </label> <input type="text" name="pma_servername" id="input_servername" value="<?php echo htmlspecialchars($default_server); ?> " size="24" class="textfield" title="<?php echo __('You can enter hostname/IP address and port separated by space.'); ?> " /> </div> <?php } ?> <div class="item"> <label for="input_username"><?php echo __('Username:'******'Password:'******'cfg']['Servers']) > 1) { ?> <div class="item"> <label for="select_server"><?php echo __('Server Choice'); ?> :</label> <select name="server" id="select_server" <?php if ($GLOBALS['cfg']['AllowArbitraryServer']) { echo ' onchange="document.forms[\'login_form\'].elements[\'pma_servername\'].value = \'\'" '; } echo '>'; include_once './libraries/select_server.lib.php'; PMA_select_server(false, false); echo '</select></div>'; } else { echo ' <input type="hidden" name="server" value="' . $GLOBALS['server'] . '" />'; } // end if (server choice) ?> </fieldset> <fieldset class="tblFooters"> <input value="<?php echo __('Go'); ?> " type="submit" id="input_go" /> <?php $_form_params = array(); if (!empty($GLOBALS['target'])) { $_form_params['target'] = $GLOBALS['target']; } if (!empty($GLOBALS['db'])) { $_form_params['db'] = $GLOBALS['db']; } if (!empty($GLOBALS['table'])) { $_form_params['table'] = $GLOBALS['table']; } // do not generate a "server" hidden field as we want the "server" // drop-down to have priority echo PMA_generate_common_hidden_inputs($_form_params, '', 0, 'server'); ?> </fieldset> </form> <?php // BEGIN Swekey Integration Swekey_login('input_username', 'input_go'); // END Swekey Integration // show the "Cookies required" message only if cookies are disabled // (we previously tried to set some cookies) if (empty($_COOKIE)) { trigger_error(__('Cookies must be enabled past this point.'), E_USER_NOTICE); } if ($GLOBALS['error_handler']->hasDisplayErrors()) { echo '<div>'; $GLOBALS['error_handler']->dispErrors(); echo '</div>'; } ?> </div> <?php if (file_exists(CUSTOM_FOOTER_FILE)) { include CUSTOM_FOOTER_FILE; } ?> <script type="text/javascript"> //<![CDATA[ // show login form in top frame. if (top != self || document.body.className != 'loginform') { window.top.location.href=location; } //]]> </script> </body> </html> <?php exit; }
/** * Handles editor requests for adding or editing an item */ function PMA_EVN_handleEditor() { global $_REQUEST, $_POST, $errors, $db; if (!empty($_REQUEST['editor_process_add']) || !empty($_REQUEST['editor_process_edit'])) { $sql_query = ''; $item_query = PMA_EVN_getQueryFromRequest(); if (!count($errors)) { // set by PMA_RTN_getQueryFromRequest() // Execute the created query if (!empty($_REQUEST['editor_process_edit'])) { // Backup the old trigger, in case something goes wrong $create_item = PMA_DBI_get_definition($db, 'EVENT', $_REQUEST['item_original_name']); $drop_item = "DROP EVENT " . PMA_backquote($_REQUEST['item_original_name']) . ";\n"; $result = PMA_DBI_try_query($drop_item); if (!$result) { $errors[] = sprintf(__('The following query has failed: "%s"'), $drop_item) . '<br />' . __('MySQL said: ') . PMA_DBI_getError(null); } else { $result = PMA_DBI_try_query($item_query); if (!$result) { $errors[] = sprintf(__('The following query has failed: "%s"'), $item_query) . '<br />' . __('MySQL said: ') . PMA_DBI_getError(null); // We dropped the old item, but were unable to create the new one // Try to restore the backup query $result = PMA_DBI_try_query($create_item); if (!$result) { // OMG, this is really bad! We dropped the query, failed to create a new one // and now even the backup query does not execute! // This should not happen, but we better handle this just in case. $errors[] = __('Sorry, we failed to restore the dropped event.') . '<br />' . __('The backed up query was:') . "\"{$create_item}\"" . '<br />' . __('MySQL said: ') . PMA_DBI_getError(null); } } else { $message = PMA_Message::success(__('Event %1$s has been modified.')); $message->addParam(PMA_backquote($_REQUEST['item_name'])); $sql_query = $drop_item . $item_query; } } } else { // 'Add a new item' mode $result = PMA_DBI_try_query($item_query); if (!$result) { $errors[] = sprintf(__('The following query has failed: "%s"'), $item_query) . '<br /><br />' . __('MySQL said: ') . PMA_DBI_getError(null); } else { $message = PMA_Message::success(__('Event %1$s has been created.')); $message->addParam(PMA_backquote($_REQUEST['item_name'])); $sql_query = $item_query; } } } if (count($errors)) { $message = PMA_Message::error(__('<b>One or more errors have occured while processing your request:</b>')); $message->addString('<ul>'); foreach ($errors as $string) { $message->addString('<li>' . $string . '</li>'); } $message->addString('</ul>'); } $output = PMA_showMessage($message, $sql_query); if ($GLOBALS['is_ajax_request']) { $extra_data = array(); if ($message->isSuccess()) { $columns = "`EVENT_NAME`, `EVENT_TYPE`, `STATUS`"; $where = "EVENT_SCHEMA='" . PMA_sqlAddSlashes($db) . "' " . "AND EVENT_NAME='" . PMA_sqlAddSlashes($_REQUEST['item_name']) . "'"; $query = "SELECT {$columns} FROM `INFORMATION_SCHEMA`.`EVENTS` WHERE {$where};"; $event = PMA_DBI_fetch_single_row($query); $extra_data['name'] = htmlspecialchars(strtoupper($_REQUEST['item_name'])); $extra_data['new_row'] = PMA_EVN_getRowForList($event); $extra_data['insert'] = !empty($event); $response = $output; } else { $response = $message; } PMA_ajaxResponse($response, $message->isSuccess(), $extra_data); } } /** * Display a form used to add/edit a trigger, if necessary */ if (count($errors) || empty($_REQUEST['editor_process_add']) && empty($_REQUEST['editor_process_edit']) && (!empty($_REQUEST['add_item']) || !empty($_REQUEST['edit_item']) || !empty($_REQUEST['item_changetype']))) { // FIXME: this must be simpler than that $operation = ''; if (!empty($_REQUEST['item_changetype'])) { $operation = 'change'; } // Get the data for the form (if any) if (!empty($_REQUEST['add_item'])) { $title = PMA_RTE_getWord('add'); $item = PMA_EVN_getDataFromRequest(); $mode = 'add'; } else { if (!empty($_REQUEST['edit_item'])) { $title = __("Edit event"); if (!empty($_REQUEST['item_name']) && empty($_REQUEST['editor_process_edit']) && empty($_REQUEST['item_changetype'])) { $item = PMA_EVN_getDataFromName($_REQUEST['item_name']); if ($item !== false) { $item['item_original_name'] = $item['item_name']; } } else { $item = PMA_EVN_getDataFromRequest(); } $mode = 'edit'; } } if ($item !== false) { // Show form $editor = PMA_EVN_getEditorForm($mode, $operation, $item); if ($GLOBALS['is_ajax_request']) { $extra_data = array('title' => $title); PMA_ajaxResponse($editor, true, $extra_data); } else { echo "\n\n<h2>{$title}</h2>\n\n{$editor}"; unset($_POST); include './libraries/footer.inc.php'; } // exit; } else { $message = __('Error in processing request') . ' : '; $message .= sprintf(PMA_RTE_getWord('not_found'), htmlspecialchars(PMA_backquote($_REQUEST['item_name'])), htmlspecialchars(PMA_backquote($db))); $message = PMA_message::error($message); if ($GLOBALS['is_ajax_request']) { PMA_ajaxResponse($message, false); } else { $message->display(); } } } }
$unlim_num_rows = PMA_Table::countRecords($db, $table, true); $_SESSION['tmp_user_values']['pos'] = @((ceil($unlim_num_rows / $_SESSION['tmp_user_values']['max_rows']) - 1) * $_SESSION['tmp_user_values']['max_rows']); } /** * Bookmark add */ if (isset($store_bkm)) { $result = PMA_Bookmark_save($fields, isset($bkm_all_users) && $bkm_all_users == 'true' ? true : false); $response = PMA_Response::getInstance(); if ($response->isAjax()) { if ($result) { $msg = PMA_message::success(__('Bookmark %s created')); $msg->addParam($fields['label']); $response->addJSON('message', $msg); } else { $msg = PMA_message::error(__('Bookmark not created')); $response->isSuccess(false); $response->addJSON('message', $msg); } exit; } else { // go back to sql.php to redisplay query; do not use & in this case: PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . $goto . '&label=' . $fields['label']); } } // end if /** * Parse and analyze the query */ require_once 'libraries/parse_analyze.lib.php'; /**
</head> <body> <?php // Include possible custom headers if (file_exists(CUSTOM_HEADER_FILE)) { include CUSTOM_HEADER_FILE; } // message of "Cookies required" displayed for auth_type http or config // note: here, the decoration won't work because without cookies, // our standard CSS is not operational if (empty($_COOKIE)) { PMA_Message::notice(__('Cookies must be enabled past this point.'))->display(); } echo "<noscript>\n"; PMA_message::error(__("Javascript must be enabled past this point"))->display(); echo "</noscript>\n"; // offer to load user preferences from localStorage if ($userprefs_offer_import) { include_once './libraries/user_preferences.lib.php'; PMA_userprefs_autoload_header(); } // add recently used table and reload the navigation if (strlen($GLOBALS['table']) && $GLOBALS['cfg']['LeftRecentTable'] > 0) { PMA_addRecentTable($GLOBALS['db'], $GLOBALS['table']); } if (!defined('PMA_DISPLAY_HEADING')) { define('PMA_DISPLAY_HEADING', 1); } // pass configuration for hint tooltip display // (to be used by PMA_createqTip in js/functions.js)
/** * Displays authentication form * * this function MUST exit/quit the application * * @global string the last connection error * * @return void */ public function auth() { global $conn_error; $response = PMA_Response::getInstance(); if ($response->isAjax()) { $response->isSuccess(false); if (!empty($conn_error)) { $response->addJSON('message', PMA_Message::error($conn_error)); } else { $response->addJSON('message', PMA_Message::error(__('Your session has expired. Please login again.'))); } exit; } /* Perform logout to custom URL */ if (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) { PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']); exit; } // No recall if blowfish secret is not configured as it would produce // garbage if ($GLOBALS['cfg']['LoginCookieRecall'] && !empty($GLOBALS['cfg']['blowfish_secret'])) { $default_user = $GLOBALS['PHP_AUTH_USER']; $default_server = $GLOBALS['pma_auth_server']; $autocomplete = ''; } else { $default_user = ''; $default_server = ''; // skip the IE autocomplete feature. $autocomplete = ' autocomplete="off"'; } $cell_align = $GLOBALS['text_dir'] == 'ltr' ? 'left' : 'right'; $response->getFooter()->setMinimal(); $header = $response->getHeader(); $header->setBodyId('loginform'); $header->setTitle('phpMyAdmin'); $header->disableMenu(); $header->disableWarnings(); if (file_exists(CUSTOM_HEADER_FILE)) { include CUSTOM_HEADER_FILE; } echo ' <div class="container"> <a href="'; echo PMA_linkURL('http://www.phpmyadmin.net/'); echo '" target="_blank" class="logo">'; $logo_image = $GLOBALS['pmaThemeImage'] . 'logo_right.png'; if (@file_exists($logo_image)) { echo '<img src="' . $logo_image . '" id="imLogo" name="imLogo" alt="phpMyAdmin" border="0" />'; } else { echo '<img name="imLogo" id="imLogo" src="' . $GLOBALS['pmaThemeImage'] . 'pma_logo.png' . '" ' . 'border="0" width="88" height="31" alt="phpMyAdmin" />'; } echo '</a> <h1>'; echo sprintf(__('Welcome to %s'), '<bdo dir="ltr" lang="en">phpMyAdmin</bdo>'); echo "</h1>"; // Show error message if (!empty($conn_error)) { PMA_Message::rawError($conn_error)->display(); } echo "<noscript>\n"; PMA_message::error(__("Javascript must be enabled past this point"))->display(); echo "</noscript>\n"; echo "<div class='hide js-show'>"; // Displays the languages form if (empty($GLOBALS['cfg']['Lang'])) { include_once './libraries/display_select_lang.lib.php'; // use fieldset, don't show doc link PMA_Language_select(true, false); } echo '</div> <br /> <!-- Login form --> <form method="post" action="index.php" name="login_form"' . $autocomplete . ' target="_top" class="login hide js-show"> <fieldset> <legend>'; echo __('Log in'); echo PMA_Util::showDocu(''); echo '</legend>'; if ($GLOBALS['cfg']['AllowArbitraryServer']) { echo ' <div class="item"> <label for="input_servername" title="'; echo __('You can enter hostname/IP address and port separated by space.'); echo '">'; echo __('Server:'); echo '</label> <input type="text" name="pma_servername" id="input_servername"'; echo ' value="'; echo htmlspecialchars($default_server); echo '" size="24" class="textfield" title="'; echo __('You can enter hostname/IP address and port separated by space.'); echo '" /> </div>'; } echo '<div class="item"> <label for="input_username">' . __('Username:'******'</label> <input type="text" name="pma_username" id="input_username" ' . 'value="' . htmlspecialchars($default_user) . '" size="24"' . ' class="textfield"/> </div> <div class="item"> <label for="input_password">' . __('Password:'******'</label> <input type="password" name="pma_password" id="input_password"' . ' value="" size="24" class="textfield" /> </div>'; if (count($GLOBALS['cfg']['Servers']) > 1) { echo '<div class="item"> <label for="select_server">' . __('Server Choice') . ':</label> <select name="server" id="select_server"'; if ($GLOBALS['cfg']['AllowArbitraryServer']) { echo ' onchange="document.forms[\'login_form\'].' . 'elements[\'pma_servername\'].value = \'\'" '; } echo '>'; include_once './libraries/select_server.lib.php'; PMA_selectServer(false, false); echo '</select></div>'; } else { echo ' <input type="hidden" name="server" value="' . $GLOBALS['server'] . '" />'; } // end if (server choice) echo '</fieldset> <fieldset class="tblFooters"> <input value="' . __('Go') . '" type="submit" id="input_go" />'; $_form_params = array(); if (!empty($GLOBALS['target'])) { $_form_params['target'] = $GLOBALS['target']; } if (!empty($GLOBALS['db'])) { $_form_params['db'] = $GLOBALS['db']; } if (!empty($GLOBALS['table'])) { $_form_params['table'] = $GLOBALS['table']; } // do not generate a "server" hidden field as we want the "server" // drop-down to have priority echo PMA_generate_common_hidden_inputs($_form_params, '', 0, 'server'); echo '</fieldset> </form>'; // BEGIN Swekey Integration Swekey_login('input_username', 'input_go'); // END Swekey Integration // show the "Cookies required" message only if cookies are disabled // (we previously tried to set some cookies) if (empty($_COOKIE)) { trigger_error(__('Cookies must be enabled past this point.'), E_USER_NOTICE); } if ($GLOBALS['error_handler']->hasDisplayErrors()) { echo '<div>'; $GLOBALS['error_handler']->dispErrors(); echo '</div>'; } echo '</div>'; if (file_exists(CUSTOM_FOOTER_FILE)) { include CUSTOM_FOOTER_FILE; } echo ' <script type="text/javascript"> //<![CDATA[ // show login form in top frame. if (top != self || ! $(\'body#loginform\').length) { window.top.location.href=location; } //]]> </script>'; exit; }
/** * Returns some warnings to be displayed at the top of the page * * @return string The warnings */ private function _getWarnings() { $retval = ''; if ($this->_warningsEnabled) { // message of "Cookies required" displayed for auth_type http or config // note: here, the decoration won't work because without cookies, // our standard CSS is not operational if (empty($_COOKIE)) { $retval .= PMA_Message::notice(__('Cookies must be enabled past this point.'))->getDisplay(); } $retval .= "<noscript>"; $retval .= PMA_message::error(__("Javascript must be enabled past this point"))->getDisplay(); $retval .= "</noscript>"; } return $retval; }