/**
* Creates config file
*
* @return string
*/
public static function getConfigFile()
{
$cf = ConfigFile::getInstance();
$crlf = (isset($_SESSION['eol']) && $_SESSION['eol'] == 'win') ? "\r\n" : "\n";
$c = $cf->getConfig();
// header
$ret = '<?php' . $crlf
. '/*' . $crlf
. ' * Generated configuration file' . $crlf
. ' * Generated by: phpMyAdmin '
. $GLOBALS['PMA_Config']->get('PMA_VERSION')
. ' setup script' . $crlf
. ' * Date: ' . date(DATE_RFC1123) . $crlf
. ' */' . $crlf . $crlf;
// servers
if ($cf->getServerCount() > 0) {
$ret .= "/* Servers configuration */$crlf\$i = 0;" . $crlf . $crlf;
foreach ($c['Servers'] as $id => $server) {
$ret .= '/* Server: ' . strtr($cf->getServerName($id) . " [$id] ", '*/', '-') . "*/" . $crlf
. '$i++;' . $crlf;
foreach ($server as $k => $v) {
$k = preg_replace('/[^A-Za-z0-9_]/', '_', $k);
$ret .= "\$cfg['Servers'][\$i]['$k'] = "
. (is_array($v) && self::_isZeroBasedArray($v)
? self::_exportZeroBasedArray($v, $crlf)
: var_export($v, true))
. ';' . $crlf;
}
$ret .= $crlf;
}
$ret .= '/* End of servers configuration */' . $crlf . $crlf;
}
unset($c['Servers']);
// other settings
$persistKeys = $cf->getPersistKeysMap();
foreach ($c as $k => $v) {
$k = preg_replace('/[^A-Za-z0-9_]/', '_', $k);
$ret .= self::_getVarExport($k, $v, $crlf);
if (isset($persistKeys[$k])) {
unset($persistKeys[$k]);
}
}
// keep 1d array keys which are present in $persist_keys (config.values.php)
foreach (array_keys($persistKeys) as $k) {
if (strpos($k, '/') === false) {
$k = preg_replace('/[^A-Za-z0-9_]/', '_', $k);
$ret .= self::_getVarExport($k, $cf->getDefault($k), $crlf);
}
}
$ret .= '?>';
return $ret;
}
/**
* Runs validation $validator_id on values $values and returns error list.
*
* Return values:
* o array, keys - field path or formset id, values - array of errors
* when $isPostSource is true values is an empty array to allow for error list
* cleanup in HTML documen
* o false - when no validators match name(s) given by $validator_id
*
* @param string|array $validator_id ID of validator(s) to run
* @param array $values Values to validate
* @param bool $isPostSource tells whether $values are directly from
* POST request
*
* @return bool|array
*/
function PMA_config_validate($validator_id, &$values, $isPostSource)
{
// find validators
$validator_id = (array) $validator_id;
$validators = PMA_config_get_validators();
$vids = array();
$cf = ConfigFile::getInstance();
foreach ($validator_id as &$vid) {
$vid = $cf->getCanonicalPath($vid);
if (isset($validators[$vid])) {
$vids[] = $vid;
}
}
if (empty($vids)) {
return false;
}
// create argument list with canonical paths and remember path mapping
$arguments = array();
$key_map = array();
foreach ($values as $k => $v) {
$k2 = $isPostSource ? str_replace('-', '/', $k) : $k;
$k2 = strpos($k2, '/') ? $cf->getCanonicalPath($k2) : $k2;
$key_map[$k2] = $k;
$arguments[$k2] = $v;
}
// validate
$result = array();
foreach ($vids as $vid) {
// call appropriate validation functions
foreach ((array) $validators[$vid] as $validator) {
$vdef = (array) $validator;
$vname = array_shift($vdef);
$args = array_merge(array($vid, &$arguments), $vdef);
$r = call_user_func_array($vname, $args);
// merge results
if (is_array($r)) {
foreach ($r as $key => $error_list) {
// skip empty values if $isPostSource is false
if (!$isPostSource && empty($error_list)) {
continue;
}
if (!isset($result[$key])) {
$result[$key] = array();
}
$result[$key] = array_merge($result[$key], (array) $error_list);
}
}
}
}
// restore original paths
$new_result = array();
foreach ($result as $k => $v) {
$k2 = isset($key_map[$k]) ? $key_map[$k] : $k;
$new_result[$k2] = $v;
}
return empty($new_result) ? true : $new_result;
}
/**
* Common initialization for user preferences modification pages
*
* @return void
*/
function PMA_userprefsPageInit()
{
$forms_all_keys = PMA_readUserprefsFieldNames($GLOBALS['forms']);
$cf = ConfigFile::getInstance();
$cf->resetConfigData();
// start with a clean instance
$cf->setAllowedKeys($forms_all_keys);
$cf->setCfgUpdateReadMapping(array('Server/hide_db' => 'Servers/1/hide_db', 'Server/only_db' => 'Servers/1/only_db'));
$cf->updateWithGlobalConfig($GLOBALS['cfg']);
}
/**
* Returns config file contents depending on GET type value:
* o session - uses ConfigFile::getConfigFile()
* o post - uses POST textconfig value
*
* @return string
*/
function get_config()
{
$type = PMA_ifSetOr($_GET['type'], 'session');
if ($type == 'session') {
$config = ConfigFile::getInstance()->getConfigFile();
} else {
$config = PMA_ifSetOr($_POST['textconfig'], '');
// make sure our eol is \n
$config = str_replace("\r\n", "\n", $config);
if ($_SESSION['eol'] == 'win') {
$config = str_replace("\n", "\r\n", $config);
}
}
return $config;
}
/**
* Processes forms registered in $form_display, handles error correction
*
* @param FormDisplay $form_display
*/
function process_formset(FormDisplay $form_display)
{
if (filter_input(INPUT_GET, 'mode') == 'revert') {
// revert erroneous fields to their default values
$form_display->fixErrors();
// drop post data
header('HTTP/1.1 303 See Other');
header('Location: index.php');
exit;
}
if (!$form_display->process(false)) {
// handle form view and failed POST
$form_display->display(true, true);
} else {
// check for form errors
if ($form_display->hasErrors()) {
// form has errors, show warning
$separator = PMA_get_arg_separator('html');
$page = filter_input(INPUT_GET, 'page');
$formset = filter_input(INPUT_GET, 'formset');
$formset = $formset ? "{$separator}formset=$formset" : '';
$id = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT);
if ($id === null && $page == 'servers') {
// we've just added a new server, get it's id
$id = ConfigFile::getInstance()->getServerCount();
}
$id = $id ? "{$separator}id=$id" : '';
?>
<div class="error">
<h4><?php echo __('Warning') ?></h4>
<?php echo __('Submitted form contains errors') ?><br />
<a href="?page=<?php echo $page . $formset . $id . $separator ?>mode=revert"><?php echo __('Try to revert erroneous fields to their default values') ?></a>
</div>
<?php $form_display->displayErrors() ?>
<a class="btn" href="index.php"><?php echo __('Ignore errors') ?></a>
<a class="btn" href="?page=<?php echo $page . $formset . $id . $separator ?>mode=edit"><?php echo __('Show form') ?></a>
<?php
} else {
// drop post data
header('HTTP/1.1 303 See Other');
header('Location: index.php');
exit;
}
}
}
/**
* Validates and saves form data to session
*
* @param array|string $forms array of form names
* @param bool $allow_partial_save allows for partial form saving on failed validation
* @return boolean true on success (no errors and all saved)
*/
public function save($forms, $allow_partial_save = true)
{
$result = true;
$cf = ConfigFile::getInstance();
$forms = (array) $forms;
$values = array();
$to_save = array();
$this->errors = array();
foreach ($forms as $form) {
/* @var $form Form */
if (isset($this->forms[$form])) {
$form = $this->forms[$form];
} else {
continue;
}
// get current server id
$change_index = $form->index === 0 ? $cf->getServerCount() + 1 : false;
// grab POST values
foreach ($form->fields as $field => $system_path) {
$work_path = array_search($system_path, $this->system_paths);
$key = $this->translated_paths[$work_path];
// ensure the value is set
if (!isset($_POST[$key])) {
// checkboxes aren't set by browsers if they're off
if ($form->getOptionType($field) == 'boolean') {
$_POST[$key] = false;
} else {
$this->errors[$form->name][] = PMA_lang('error_missing_field_data', '<i>' . PMA_lang_name($system_path) . '</i>');
$result = false;
continue;
}
}
// cast variables to correct type
$type = $form->getOptionType($field);
switch ($type) {
case 'double':
settype($_POST[$key], 'float');
break;
case 'boolean':
case 'integer':
if ($_POST[$key] !== '') {
settype($_POST[$key], $type);
}
break;
case 'select':
if (!$this->_validateSelect($_POST[$key], $form->getOptionValueList($system_path))) {
$this->errors[$work_path][] = $GLOBALS["strstrSetuperror_incorrect_value"];
$result = false;
continue;
}
break;
case 'string':
$_POST[$key] = trim($_POST[$key]);
break;
case 'array':
// eliminate empty values and ensure we have an array
$post_values = explode("\n", $_POST[$key]);
$_POST[$key] = array();
foreach ($post_values as $v) {
$v = trim($v);
if ($v !== '') {
$_POST[$key][] = $v;
}
}
break;
}
// now we have value with proper type
$values[$system_path] = $_POST[$key];
if ($change_index !== false) {
$work_path = str_replace("Servers/{$form->index}/", "Servers/{$change_index}/", $work_path);
}
$to_save[$work_path] = $system_path;
}
}
// save forms
if ($allow_partial_save || empty($this->errors)) {
foreach ($to_save as $work_path => $path) {
// TrustedProxies requires changes before saving
if ($path == 'TrustedProxies') {
$proxies = array();
$i = 0;
foreach ($values[$path] as $value) {
$matches = array();
if (preg_match("/^(.+):(?:[ ]?)(\\w+)\$/", $value, $matches)) {
// correct 'IP: HTTP header' pair
$ip = trim($matches[1]);
$proxies[$ip] = trim($matches[2]);
} else {
// save also incorrect values
$proxies["-{$i}"] = $value;
$i++;
}
}
$values[$path] = $proxies;
}
$cf->set($work_path, $values[$path], $path);
}
}
// don't look for non-critical errors
$this->_validate();
return $result;
}
header('HTTP/1.1 303 See Other');
header('Location: index.php');
exit;
} elseif (PMA_ifSetOr($_POST['submit_download'], '')) {
//
// Output generated config file
//
header('Content-Type: text/plain');
header('Content-Disposition: attachment; filename="config.inc.php"');
echo ConfigFile::getInstance()->getConfigFile();
exit;
} elseif (PMA_ifSetOr($_POST['submit_save'], '')) {
//
// Save generated config file on the server
//
file_put_contents($config_file_path, ConfigFile::getInstance()->getConfigFile());
header('HTTP/1.1 303 See Other');
header('Location: index.php');
exit;
} elseif (PMA_ifSetOr($_POST['submit_load'], '')) {
//
// Load config file from the server
//
$cfg = array();
require_once $config_file_path;
$_SESSION['ConfigFile'] = $cfg;
header('HTTP/1.1 303 See Other');
header('Location: index.php');
exit;
} elseif (PMA_ifSetOr($_POST['submit_delete'], '')) {
//
exit;
} elseif (PMA_ifSetOr($_POST['submit_save'], '')) {
//
// Save generated config file on the server
//
file_put_contents($config_file_path, ConfigGenerator::getConfigFile());
header('HTTP/1.1 303 See Other');
header('Location: index.php?action_done=config_saved');
exit;
} elseif (PMA_ifSetOr($_POST['submit_load'], '')) {
//
// Load config file from the server
//
$cfg = array();
include_once $config_file_path;
ConfigFile::getInstance()->setConfigData($cfg);
header('HTTP/1.1 303 See Other');
header('Location: index.php');
exit;
} elseif (PMA_ifSetOr($_POST['submit_delete'], '')) {
//
// Delete config file on the server
//
@unlink($config_file_path);
header('HTTP/1.1 303 See Other');
header('Location: index.php');
exit;
} else {
//
// Show generated config file in a <textarea>
//
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* Loads libraries/common.inc.php and preforms some additional actions
*
* @package PhpMyAdmin-setup
*/
/**
* Do not include full common.
* @ignore
*/
define('PMA_MINIMUM_COMMON', true);
define('PMA_SETUP', true);
chdir('..');
if (!file_exists('./libraries/common.inc.php')) {
die('Bad invocation!');
}
require_once './libraries/common.inc.php';
require_once './libraries/config/config_functions.lib.php';
require_once './libraries/config/messages.inc.php';
require_once './libraries/config/ConfigFile.class.php';
require_once './libraries/url_generating.lib.php';
require_once './libraries/user_preferences.lib.php';
// use default error handler
restore_error_handler();
// Save current language in a cookie, required since we use PMA_MINIMUM_COMMON
$GLOBALS['PMA_Config']->setCookie('pma_lang', $GLOBALS['lang']);
ConfigFile::getInstance()->setPersistKeys(array('DefaultLang', 'ServerDefault', 'UploadDir', 'SaveDir', 'Servers/1/verbose', 'Servers/1/host', 'Servers/1/port', 'Servers/1/socket', 'Servers/1/extension', 'Servers/1/connect_type', 'Servers/1/auth_type', 'Servers/1/user', 'Servers/1/password'));
// allows for redirection even after sending some data
ob_start();
/**
* Fills out {@link userprefs_keys} and {@link userprefs_disallow}
*
* @uses PMA_read_userprefs_fieldnames()
*/
private function _loadUserprefsInfo()
{
if ($this->userprefs_keys === null) {
$this->userprefs_keys = array_flip(PMA_read_userprefs_fieldnames());
// read real config for user preferences display
$userprefs_disallow = defined('PMA_SETUP') ? ConfigFile::getInstance()->get('UserprefsDisallow', array()) : $GLOBALS['cfg']['UserprefsDisallow'];
$this->userprefs_disallow = array_flip($userprefs_disallow);
}
}
/**
* Performs various compatibility, security and consistency checks on current config
*
* Outputs results to message list, must be called between messages_begin()
* and messages_end()
*/
function perform_config_checks()
{
$cf = ConfigFile::getInstance();
$blowfish_secret = $cf->get('blowfish_secret');
$blowfish_secret_set = false;
$cookie_auth_used = false;
$strAllowArbitraryServerWarning = __('This %soption%s should be disabled as it allows attackers to bruteforce login to any MySQL server. If you feel this is necessary, use %strusted proxies list%s. However, IP-based protection may not be reliable if your IP belongs to an ISP where thousands of users, including you, are connected to.');
$strAllowArbitraryServerWarning = sprintf($strAllowArbitraryServerWarning, '[a@?page=form&formset=Features#tab_Security]', '[/a]', '[a@?page=form&formset=Features#tab_Security]', '[/a]');
$strBlowfishSecretMsg = __('You didn\'t have blowfish secret set and have enabled cookie authentication, so a key was automatically generated for you. It is used to encrypt cookies; you don\'t need to remember it.');
$strBZipDumpWarning = __('%sBzip2 compression and decompression%s requires functions (%s) which are unavailable on this system.');
$strBZipDumpWarning = sprintf($strBZipDumpWarning, '[a@?page=form&formset=Features#tab_Import_export]', '[/a]', '%s');
$strDirectoryNotice = __('This value should be double checked to ensure that this directory is neither world accessible nor readable or writable by other users on your server.');
$strForceSSLNotice = __('This %soption%s should be enabled if your web server supports it.');
$strForceSSLNotice = sprintf($strForceSSLNotice, '[a@?page=form&formset=Features#tab_Security]', '[/a]');
$strGZipDumpWarning = __('%sGZip compression and decompression%s requires functions (%s) which are unavailable on this system.');
$strGZipDumpWarning = sprintf($strGZipDumpWarning, '[a@?page=form&formset=Features#tab_Import_export]', '[/a]', '%s');
$strLoginCookieValidityWarning = __('%sLogin cookie validity%s greater than 1440 seconds may cause random session invalidation if %ssession.gc_maxlifetime%s is lower than its value (currently %d).');
$strLoginCookieValidityWarning = sprintf($strLoginCookieValidityWarning, '[a@?page=form&formset=Features#tab_Security]', '[/a]', '[a@' . PMA_getPHPDocLink('session.configuration.php#ini.session.gc-maxlifetime') . ']', '[/a]', ini_get('session.gc_maxlifetime'));
$strLoginCookieValidityWarning2 = __('%sLogin cookie validity%s should be set to 1800 seconds (30 minutes) at most. Values larger than 1800 may pose a security risk such as impersonation.');
$strLoginCookieValidityWarning2 = sprintf($strLoginCookieValidityWarning2, '[a@?page=form&formset=Features#tab_Security]', '[/a]');
$strLoginCookieValidityWarning3 = __('If using cookie authentication and %sLogin cookie store%s is not 0, %sLogin cookie validity%s must be set to a value less or equal to it.');
$strLoginCookieValidityWarning3 = sprintf($strLoginCookieValidityWarning3, '[a@?page=form&formset=Features#tab_Security]', '[/a]', '[a@?page=form&formset=Features#tab_Security]', '[/a]');
$strSecurityInfoMsg = __('If you feel this is necessary, use additional protection settings - %shost authentication%s settings and %strusted proxies list%s. However, IP-based protection may not be reliable if your IP belongs to an ISP where thousands of users, including you, are connected to.');
$strSecurityInfoMsg = sprintf($strSecurityInfoMsg, '[a@?page=servers&mode=edit&id=%1$d#tab_Server_config]', '[/a]', '[a@?page=form&formset=Features#tab_Security]', '[/a]');
$strServerAuthConfigMsg = __('You set the [kbd]config[/kbd] authentication type and included username and password for auto-login, which is not a desirable option for live hosts. Anyone who knows or guesses your phpMyAdmin URL can directly access your phpMyAdmin panel. Set %sauthentication type%s to [kbd]cookie[/kbd] or [kbd]http[/kbd].');
$strServerAuthConfigMsg = sprintf($strServerAuthConfigMsg, '[a@?page=servers&mode=edit&id=%1$d#tab_Server]', '[/a]');
$strZipDumpExportWarning = __('%sZip compression%s requires functions (%s) which are unavailable on this system.');
$strZipDumpExportWarning = sprintf($strZipDumpExportWarning, '[a@?page=form&formset=Features#tab_Import_export]', '[/a]', '%s');
$strZipDumpImportWarning = __('%sZip decompression%s requires functions (%s) which are unavailable on this system.');
$strZipDumpImportWarning = sprintf($strZipDumpImportWarning, '[a@?page=form&formset=Features#tab_Import_export]', '[/a]', '%s');
for ($i = 1, $server_cnt = $cf->getServerCount(); $i <= $server_cnt; $i++) {
$cookie_auth_server = ($cf->getValue("Servers/$i/auth_type") == 'cookie');
$cookie_auth_used |= $cookie_auth_server;
$server_name = $cf->getServerName($i);
if ($server_name == 'mysql.com') {
$server_name .= " [$i]";
}
$server_name = htmlspecialchars($server_name);
if ($cookie_auth_server && $blowfish_secret === null) {
$blowfish_secret = uniqid('', true);
$blowfish_secret_set = true;
$cf->set('blowfish_secret', $blowfish_secret);
}
//
// $cfg['Servers'][$i]['ssl']
// should be enabled if possible
//
if (!$cf->getValue("Servers/$i/ssl")) {
$title = PMA_lang(PMA_lang_name('Servers/1/ssl')) . " ($server_name)";
messages_set(
'notice',
"Servers/$i/ssl",
$title,
__('You should use SSL connections if your database server supports it.'));
}
//
// $cfg['Servers'][$i]['extension']
// warn about using 'mysql'
//
if ($cf->getValue("Servers/$i/extension") == 'mysql') {
$title = PMA_lang(PMA_lang_name('Servers/1/extension')) . " ($server_name)";
messages_set(
'notice',
"Servers/$i/extension",
$title,
__('You should use mysqli for performance reasons.'));
}
//
// $cfg['Servers'][$i]['auth_type']
// warn about full user credentials if 'auth_type' is 'config'
//
if ($cf->getValue("Servers/$i/auth_type") == 'config'
&& $cf->getValue("Servers/$i/user") != ''
&& $cf->getValue("Servers/$i/password") != '') {
$title = PMA_lang(PMA_lang_name('Servers/1/auth_type')) . " ($server_name)";
messages_set(
'notice',
"Servers/$i/auth_type",
$title,
PMA_lang($strServerAuthConfigMsg, $i) . ' ' .
PMA_lang($strSecurityInfoMsg, $i));
}
//
// $cfg['Servers'][$i]['AllowRoot']
// $cfg['Servers'][$i]['AllowNoPassword']
// serious security flaw
//
if ($cf->getValue("Servers/$i/AllowRoot")
&& $cf->getValue("Servers/$i/AllowNoPassword")) {
$title = PMA_lang(PMA_lang_name('Servers/1/AllowNoPassword')) . " ($server_name)";
messages_set(
'notice',
"Servers/$i/AllowNoPassword",
$title,
__('You allow for connecting to the server without a password.') . ' ' .
PMA_lang($strSecurityInfoMsg, $i));
}
}
//
// $cfg['blowfish_secret']
// it's required for 'cookie' authentication
//
if ($cookie_auth_used) {
if ($blowfish_secret_set) {
// 'cookie' auth used, blowfish_secret was generated
messages_set(
'notice',
'blowfish_secret_created',
PMA_lang(PMA_lang_name('blowfish_secret')),
$strBlowfishSecretMsg);
} else {
$blowfish_warnings = array();
// check length
if (strlen($blowfish_secret) < 8) {
// too short key
$blowfish_warnings[] = __('Key is too short, it should have at least 8 characters.');
}
// check used characters
$has_digits = (bool) preg_match('/\d/', $blowfish_secret);
$has_chars = (bool) preg_match('/\S/', $blowfish_secret);
$has_nonword = (bool) preg_match('/\W/', $blowfish_secret);
if (!$has_digits || !$has_chars || !$has_nonword) {
$blowfish_warnings[] = PMA_lang(__('Key should contain letters, numbers [em]and[/em] special characters.'));
}
if (!empty($blowfish_warnings)) {
messages_set(
'error',
'blowfish_warnings' . count($blowfish_warnings),
PMA_lang(PMA_lang_name('blowfish_secret')),
implode('<br />', $blowfish_warnings));
}
}
}
//
// $cfg['ForceSSL']
// should be enabled if possible
//
if (!$cf->getValue('ForceSSL')) {
messages_set(
'notice',
'ForceSSL',
PMA_lang(PMA_lang_name('ForceSSL')),
PMA_lang($strForceSSLNotice));
}
//
// $cfg['AllowArbitraryServer']
// should be disabled
//
if ($cf->getValue('AllowArbitraryServer')) {
messages_set(
'notice',
'AllowArbitraryServer',
PMA_lang(PMA_lang_name('AllowArbitraryServer')),
PMA_lang($strAllowArbitraryServerWarning));
}
//
// $cfg['LoginCookieValidity']
// value greater than session.gc_maxlifetime will cause random session invalidation after that time
//
if ($cf->getValue('LoginCookieValidity') > 1440
|| $cf->getValue('LoginCookieValidity') > ini_get('session.gc_maxlifetime')) {
$message_type = $cf->getValue('LoginCookieValidity') > ini_get('session.gc_maxlifetime')
? 'error'
: 'notice';
messages_set(
$message_type,
'LoginCookieValidity',
PMA_lang(PMA_lang_name('LoginCookieValidity')),
PMA_lang($strLoginCookieValidityWarning));
}
//
// $cfg['LoginCookieValidity']
// should be at most 1800 (30 min)
//
if ($cf->getValue('LoginCookieValidity') > 1800) {
messages_set(
'notice',
'LoginCookieValidity',
PMA_lang(PMA_lang_name('LoginCookieValidity')),
PMA_lang($strLoginCookieValidityWarning2));
}
//
// $cfg['LoginCookieValidity']
// $cfg['LoginCookieStore']
// LoginCookieValidity must be less or equal to LoginCookieStore
//
if ($cf->getValue('LoginCookieStore') != 0 && $cf->getValue('LoginCookieValidity') > $cf->getValue('LoginCookieStore')) {
messages_set(
'error',
'LoginCookieValidity',
PMA_lang(PMA_lang_name('LoginCookieValidity')),
PMA_lang($strLoginCookieValidityWarning3));
}
//
// $cfg['SaveDir']
// should not be world-accessible
//
if ($cf->getValue('SaveDir') != '') {
messages_set(
'notice',
'SaveDir',
PMA_lang(PMA_lang_name('SaveDir')),
PMA_lang($strDirectoryNotice));
}
//
// $cfg['TempDir']
// should not be world-accessible
//
if ($cf->getValue('TempDir') != '') {
messages_set(
'notice',
'TempDir',
PMA_lang(PMA_lang_name('TempDir')),
PMA_lang($strDirectoryNotice));
}
//
// $cfg['GZipDump']
// requires zlib functions
//
if ($cf->getValue('GZipDump')
&& (@!function_exists('gzopen') || @!function_exists('gzencode'))) {
messages_set(
'error',
'GZipDump',
PMA_lang(PMA_lang_name('GZipDump')),
PMA_lang($strGZipDumpWarning, 'gzencode'));
}
//
// $cfg['BZipDump']
// requires bzip2 functions
//
if ($cf->getValue('BZipDump')
&& (!@function_exists('bzopen') || !@function_exists('bzcompress'))) {
$functions = @function_exists('bzopen')
? '' :
'bzopen';
$functions .= @function_exists('bzcompress')
? ''
: ($functions ? ', ' : '') . 'bzcompress';
messages_set(
'error',
'BZipDump',
PMA_lang(PMA_lang_name('BZipDump')),
PMA_lang($strBZipDumpWarning, $functions));
}
//
// $cfg['ZipDump']
// requires zip_open in import
//
if ($cf->getValue('ZipDump') && !@function_exists('zip_open')) {
messages_set(
'error',
'ZipDump_import',
PMA_lang(PMA_lang_name('ZipDump')),
PMA_lang($strZipDumpImportWarning, 'zip_open'));
}
//
// $cfg['ZipDump']
// requires gzcompress in export
//
if ($cf->getValue('ZipDump') && !@function_exists('gzcompress')) {
messages_set(
'error',
'ZipDump_export',
PMA_lang(PMA_lang_name('ZipDump')),
PMA_lang($strZipDumpExportWarning, 'gzcompress'));
}
}
/**
* Reads fields' types to $this->fieldsTypes
*
* @uses ConfigFile::getDbEntry()
* @uses ConfigFile::getDefault()
* @uses ConfigFile::getInstance()
*/
protected function readTypes()
{
$cf = ConfigFile::getInstance();
foreach ($this->fields as $name => $path) {
if (strpos($name, ':group:') === 0) {
$this->fieldsTypes[$name] = 'group';
continue;
}
$v = $cf->getDbEntry($path);
if ($v !== null) {
$type = is_array($v) ? 'select' : $v;
} else {
$type = gettype($cf->getDefault($path));
}
$this->fieldsTypes[$name] = $type;
}
}
/**
* Performs various compatibility, security and consistency checks on current config
*
* Outputs results to message list, must be called between messages_begin()
* and messages_end()
*/
function perform_config_checks()
{
$cf = ConfigFile::getInstance();
$blowfish_secret = $cf->get('blowfish_secret');
$blowfish_secret_set = false;
$cookie_auth_used = false;
for ($i = 1, $server_cnt = $cf->getServerCount(); $i <= $server_cnt; $i++) {
$cookie_auth_server = $cf->getValue("Servers/{$i}/auth_type") == 'cookie';
$cookie_auth_used |= $cookie_auth_server;
$server_name = $cf->getServerName($i);
if ($server_name == 'localhost') {
$server_name .= " [{$i}]";
}
if ($cookie_auth_server && $blowfish_secret === null) {
$blowfish_secret = uniqid('', true);
$blowfish_secret_set = true;
$cf->set('blowfish_secret', $blowfish_secret);
}
//
// $cfg['Servers'][$i]['ssl']
// should be enabled if possible
//
if (!$cf->getValue("Servers/{$i}/ssl")) {
$title = PMA_lang_name('Servers/1/ssl') . " ({$server_name})";
messages_set('notice', "Servers/{$i}/ssl", $title, PMA_lang('ServerSslMsg'));
}
//
// $cfg['Servers'][$i]['extension']
// warn about using 'mysql'
//
if ($cf->getValue("Servers/{$i}/extension") == 'mysql') {
$title = PMA_lang_name('Servers/1/extension') . " ({$server_name})";
messages_set('notice', "Servers/{$i}/extension", $title, PMA_lang('ServerExtensionMsg'));
}
//
// $cfg['Servers'][$i]['auth_type']
// warn about full user credentials if 'auth_type' is 'config'
//
if ($cf->getValue("Servers/{$i}/auth_type") == 'config' && $cf->getValue("Servers/{$i}/user") != '' && $cf->getValue("Servers/{$i}/password") != '') {
$title = PMA_lang_name('Servers/1/auth_type') . " ({$server_name})";
messages_set('warning', "Servers/{$i}/auth_type", $title, PMA_lang('ServerAuthConfigMsg', $i) . ' ' . PMA_lang('ServerSecurityInfoMsg', $i));
}
//
// $cfg['Servers'][$i]['AllowRoot']
// $cfg['Servers'][$i]['AllowNoPassword']
// serious security flaw
//
if ($cf->getValue("Servers/{$i}/AllowRoot") && $cf->getValue("Servers/{$i}/AllowNoPassword")) {
$title = PMA_lang_name('Servers/1/AllowNoPassword') . " ({$server_name})";
messages_set('warning', "Servers/{$i}/AllowNoPassword", $title, PMA_lang('ServerNoPasswordMsg') . ' ' . PMA_lang('ServerSecurityInfoMsg', $i));
}
}
//
// $cfg['blowfish_secret']
// it's required for 'cookie' authentication
//
if ($cookie_auth_used) {
if ($blowfish_secret_set) {
// 'cookie' auth used, blowfish_secret was generated
messages_set('notice', 'blowfish_secret_created', 'blowfish_secret_name', PMA_lang('BlowfishSecretMsg'));
} else {
$blowfish_warnings = array();
// check length
if (strlen($blowfish_secret) < 8) {
// too short key
$blowfish_warnings[] = PMA_lang('BlowfishSecretLengthMsg');
}
// check used characters
$has_digits = (bool) preg_match('/\\d/', $blowfish_secret);
$has_chars = (bool) preg_match('/\\S/', $blowfish_secret);
$has_nonword = (bool) preg_match('/\\W/', $blowfish_secret);
if (!$has_digits || !$has_chars || !$has_nonword) {
$blowfish_warnings[] = PMA_lang('BlowfishSecretCharsMsg');
}
if (!empty($blowfish_warnings)) {
messages_set('warning', 'blowfish_warnings' . count($blowfish_warnings), 'blowfish_secret_name', implode("<br />", $blowfish_warnings));
}
}
}
//
// $cfg['ForceSSL']
// should be enabled if possible
//
if (!$cf->getValue('ForceSSL')) {
messages_set('notice', 'ForceSSL', 'ForceSSL_name', PMA_lang('ForceSSLMsg'));
}
//
// $cfg['AllowArbitraryServer']
// should be disabled
//
if ($cf->getValue('AllowArbitraryServer')) {
messages_set('warning', 'AllowArbitraryServer', 'AllowArbitraryServer_name', PMA_lang('AllowArbitraryServerMsg'));
}
//
// $cfg['LoginCookieValidity']
// should be at most 1800 (30 min)
//
if ($cf->getValue('LoginCookieValidity') > 1800) {
messages_set('warning', 'LoginCookieValidity', 'LoginCookieValidity_name', PMA_lang('LoginCookieValidityMsg'));
}
//
// $cfg['SaveDir']
// should not be world-accessible
//
if ($cf->getValue('SaveDir') != '') {
messages_set('notice', 'SaveDir', 'SaveDir_name', PMA_lang('DirectoryNotice'));
}
//
// $cfg['TempDir']
// should not be world-accessible
//
if ($cf->getValue('TempDir') != '') {
messages_set('notice', 'TempDir', 'TempDir_name', PMA_lang('DirectoryNotice'));
}
//
// $cfg['GZipDump']
// requires zlib functions
//
if ($cf->getValue('GZipDump') && (@(!function_exists('gzopen')) || @(!function_exists('gzencode')))) {
messages_set('warning', 'GZipDump', 'GZipDump_name', PMA_lang('GZipDumpWarning', 'gzencode'));
}
//
// $cfg['BZipDump']
// requires bzip2 functions
//
if ($cf->getValue('BZipDump') && (!@function_exists('bzopen') || !@function_exists('bzcompress'))) {
$functions = @function_exists('bzopen') ? '' : 'bzopen';
$functions .= @function_exists('bzcompress') ? '' : ($functions ? ', ' : '') . 'bzcompress';
messages_set('warning', 'BZipDump', 'BZipDump_name', PMA_lang('BZipDumpWarning', $functions));
}
//
// $cfg['ZipDump']
// requires zip_open in import
//
if ($cf->getValue('ZipDump') && !@function_exists('zip_open')) {
messages_set('warning', 'ZipDump_import', 'ZipDump_name', PMA_lang('ZipDumpImportWarning', 'zip_open'));
}
//
// $cfg['ZipDump']
// requires gzcompress in export
//
if ($cf->getValue('ZipDump') && !@function_exists('gzcompress')) {
messages_set('warning', 'ZipDump_export', 'ZipDump_name', PMA_lang('ZipDumpExportWarning', 'gzcompress'));
}
}
}
require_once './libraries/common.inc.php';
require_once './libraries/config/config_functions.lib.php';
require_once './libraries/config/messages.inc.php';
require_once './libraries/config/ConfigFile.class.php';
require_once './libraries/url_generating.lib.php';
require_once './libraries/user_preferences.lib.php';
// use default error handler
restore_error_handler();
// Save current language in a cookie, required since we use PMA_MINIMUM_COMMON
$GLOBALS['PMA_Config']->setCookie('pma_lang', $GLOBALS['lang']);
ConfigFile::getInstance()->setPersistKeys(
array(
'DefaultLang',
'ServerDefault',
'UploadDir',
'SaveDir',
'Servers/1/verbose',
'Servers/1/host',
'Servers/1/port',
'Servers/1/socket',
'Servers/1/extension',
'Servers/1/connect_type',
'Servers/1/auth_type',
'Servers/1/user',
'Servers/1/password'
)
?>
</h2>
<?php
display_form_top('config.php?type=post');
?>
<input type="hidden" name="eol" value="<?php
echo htmlspecialchars(PMA_ifSetOr($_GET['eol'], 'unix'));
?>
" />
<?php
display_fieldset_top('', '', null, array('class' => 'simple'));
?>
<tr>
<td>
<textarea cols="50" rows="20" name="textconfig" id="textconfig" spellcheck="false"><?php
echo htmlspecialchars(ConfigFile::getInstance()->getConfigFile());
?>
</textarea>
</td>
</tr>
<tr>
<td class="lastrow" style="text-align: left">
<input type="submit" name="submit_download" value="<?php
echo $GLOBALS['strSetupDownload'];
?>
" class="green" />
<input type="submit" name="submit_save" value="<?php
echo $GLOBALS['strSave'];
?>
"<?php
if (!$config_writable) {
}
$form_display->registerForm($form_name, $form, 1);
}
if (isset($_POST['revert'])) {
// revert erroneous fields to their default values
$form_display->fixErrors();
// redirect
$url_params = array('form' => $form_param);
PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . 'prefs_forms.php' . PMA_generate_common_url($url_params, '&'));
exit;
}
$error = null;
if ($form_display->process(false) && !$form_display->hasErrors()) {
// save settings
$old_settings = PMA_load_userprefs();
$result = PMA_save_userprefs(ConfigFile::getInstance()->getConfigArray());
if ($result === true) {
// reload config
$GLOBALS['PMA_Config']->loadUserPreferences();
$hash = ltrim(filter_input(INPUT_POST, 'tab_hash'), '#');
PMA_userprefs_redirect($forms, $old_settings, 'prefs_forms.php', array('form' => $form_param), $hash);
exit;
} else {
$error = $result;
}
}
// display forms
$GLOBALS['js_include'][] = 'config.js';
require './libraries/header.inc.php';
require './libraries/user_preferences.inc.php';
if ($error) {
/**
* Redirects after saving new user preferences
*
* @uses ConfigFile::getConfigArray()
* @uses ConfigFile::getInstance()
* @uses PMA_generate_common_url()
* @uses PMA_sendHeaderLocation()
* @param array $forms
* @param array $old_settings
* @param string $file_name
* @param array $params
* @param string $hash
*/
function PMA_userprefs_redirect(array $forms, array $old_settings, $file_name, $params = null, $hash = null)
{
$reload_left_frame = isset($params['reload_left_frame']) && $params['reload_left_frame'];
if (!$reload_left_frame) {
// compute differences and check whether left frame should be refreshed
$old_settings = isset($old_settings['config_data']) ? $old_settings['config_data'] : array();
$new_settings = ConfigFile::getInstance()->getConfigArray();
$diff_keys = array_keys(array_diff_assoc($old_settings, $new_settings) + array_diff_assoc($new_settings, $old_settings));
$check_keys = array('NaturalOrder', 'MainPageIconic', 'DefaultTabDatabase', 'Server/hide_db', 'Server/only_db');
$check_keys = array_merge($check_keys, $forms['Left_frame']['Left_frame'], $forms['Left_frame']['Left_databases']);
$diff = array_intersect($check_keys, $diff_keys);
$reload_left_frame = !empty($diff);
}
// redirect
$url_params = array('saved' => 1, 'reload_left_frame' => $reload_left_frame);
if (is_array($params)) {
$url_params = array_merge($params, $url_params);
}
if ($hash) {
$hash = '#' . urlencode($hash);
}
PMA_sendHeaderLocation($GLOBALS['cfg']['PmaAbsoluteUri'] . $file_name . PMA_generate_common_url($url_params, '&') . $hash);
}
if (!defined('PHPMYADMIN')) {
exit;
}
/**
* Core libraries.
*/
require_once './libraries/display_select_lang.lib.php';
require_once './libraries/config/FormDisplay.class.php';
require_once './setup/lib/index.lib.php';
// prepare unfiltered language list
$all_languages = PMA_langList();
uasort($all_languages, 'PMA_language_cmp');
$cf = ConfigFile::getInstance();
$separator = PMA_get_arg_separator('html');
// message handling
messages_begin();
//
// Check phpMyAdmin version
//
if (isset($_GET['version_check'])) {
PMA_version_check();
}
//
// Perform various security, compatibility and consistency checks
//
/**
* Processes forms registered in $form_display, handles error correction
*
* @param FormDisplay $form_display
*
* @return void
*/
function process_formset(FormDisplay $form_display)
{
if (isset($_GET['mode']) && $_GET['mode'] == 'revert') {
// revert erroneous fields to their default values
$form_display->fixErrors();
// drop post data
header('HTTP/1.1 303 See Other');
header('Location: index.php');
exit;
}
if (!$form_display->process(false)) {
// handle form view and failed POST
$form_display->display(true, true);
} else {
// check for form errors
if ($form_display->hasErrors()) {
// form has errors, show warning
$separator = PMA_get_arg_separator('html');
$page = isset($_GET['page']) ? $_GET['page'] : null;
$formset = isset($_GET['formset']) ? $_GET['formset'] : null;
$formset = $formset ? "{$separator}formset={$formset}" : '';
$id = PMA_isValid($_GET['id'], 'numeric') ? $_GET['id'] : null;
if ($id === null && $page == 'servers') {
// we've just added a new server, get it's id
$id = ConfigFile::getInstance()->getServerCount();
}
$id = $id ? "{$separator}id={$id}" : '';
?>
<div class="error">
<h4><?php
echo __('Warning');
?>
</h4>
<?php
echo __('Submitted form contains errors');
?>
<br />
<a href="?page=<?php
echo $page . $formset . $id . $separator . PMA_generate_common_url() . $separator;
?>
mode=revert"><?php
echo __('Try to revert erroneous fields to their default values');
?>
</a>
</div>
<?php
$form_display->displayErrors();
?>
<a class="btn" href="index.php?<?php
echo PMA_generate_common_url();
?>
"><?php
echo __('Ignore errors');
?>
</a>
<a class="btn" href="?page=<?php
echo $page . $formset . $id . $separator . PMA_generate_common_url() . $separator;
?>
mode=edit"><?php
echo __('Show form');
?>
</a>
<?php
} else {
// drop post data
header('HTTP/1.1 303 See Other');
header('Location: index.php');
exit;
}
}
}
