Viewing file:  index.lib.php (13.5 KB) -rw-r--r--
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?php
/**
* Various checks and message functions used on index page.
*
* Security checks are the idea of Aung Khant <aungkhant[at]yehg.net>, http://yehg.net/lab
* Version check taken from the old setup script by Michal Čihař <michal@cihar.com>
*
* @package phpMyAdmin-setup
* @author Piotr Przybylski <piotrprz@gmail.com>
* @license http://www.gnu.org/licenses/gpl.html GNU GPL 2.0
* @version $Id$
*/
if (!defined('PHPMYADMIN')) {
exit;
}
/**
* Load vendor config.
*/
require_once('./libraries/vendor_config.php');
/**
* Initializes message list
*/
function messages_begin()
{
if (!isset($_SESSION['messages']) || !is_array($_SESSION['messages'])) {
$_SESSION['messages'] = array('error' => array(), 'warning' => array(), 'notice' => array());
} else {
// reset message states
foreach ($_SESSION['messages'] as &$messages) {
foreach ($messages as &$msg) {
$msg['fresh'] = false;
$msg['active'] = false;
}
}
}
}
/**
* Adds a new message to message list
*
* @param string $id unique message identifier
* @param string $type one of: notice, warning, error
* @param string $title language string id (in $str array)
* @param string $message message text
*/
function messages_set($type, $id, $title, $message)
{
$fresh = !isset($_SESSION['messages'][$type][$id]);
$title = PMA_lang($title);
$_SESSION['messages'][$type][$id] = array(
'fresh' => $fresh,
'active' => true,
'title' => $title,
'message' => $message);
}
/**
* Cleans up message list
*/
function messages_end()
{
foreach ($_SESSION['messages'] as &$messages) {
$remove_ids = array();
foreach ($messages as $id => &$msg) {
if ($msg['active'] == false) {
$remove_ids[] = $id;
}
}
foreach ($remove_ids as $id) {
unset($messages[$id]);
}
}
}
/**
* Prints message list, must be called after messages_end()
*/
function messages_show_html()
{
$old_ids = array();
foreach ($_SESSION['messages'] as $type => $messages) {
foreach ($messages as $id => $msg) {
echo '<div class="' . $type . '" id="' . $id . '">' . '<h4>' . $msg['title'] . '</h4>' . $msg['message'] . '</div>';
if (!$msg['fresh'] && $type != 'error') {
$old_ids[] = $id;
}
}
}
echo "\n" . '<script type="text/javascript">';
foreach ($old_ids as $id) {
echo "\nhiddenMessages.push('$id');";
}
echo "\n</script>\n";
}
/**
* Checks for newest phpMyAdmin version and sets result as a new notice
*/
function PMA_version_check()
{
// version check messages should always be visible so let's make
// a unique message id each time we run it
$message_id = uniqid('version_check');
// wait 3s at most for server response, it's enough to get information
// from a working server
$connection_timeout = 3;
$url = 'http://phpmyadmin.net/home_page/version.php';
$context = stream_context_create(array(
'http' => array(
'timeout' => $connection_timeout)));
$data = @file_get_contents($url, null, $context);
if ($data === false) {
if (function_exists('curl_init')) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, $connection_timeout);
$data = curl_exec($ch);
curl_close($ch);
} else {
messages_set('error', $message_id, 'VersionCheck',
PMA_lang('VersionCheckWrapperError'));
return;
}
}
if (empty($data)) {
messages_set('error', $message_id, 'VersionCheck',
PMA_lang('VersionCheckDataError'));
return;
}
/* Format: version\ndate\n(download\n)* */
$data_list = explode("\n", $data);
if (count($data_list) > 1) {
$version = $data_list[0];
$date = $data_list[1];
} else {
$version = $date = '';
}
$version_upstream = version_to_int($version);
if ($version_upstream === false) {
messages_set('error', $message_id, 'VersionCheck',
PMA_lang('VersionCheckInvalid'));
return;
}
$version_local = version_to_int($_SESSION['PMA_Config']->get('PMA_VERSION'));
if ($version_local === false) {
messages_set('error', $message_id, 'VersionCheck',
PMA_lang('VersionCheckUnparsable'));
return;
}
if ($version_upstream > $version_local) {
$version = htmlspecialchars($version);
$date = htmlspecialchars($date);
messages_set('notice', $message_id, 'VersionCheck',
PMA_lang('VersionCheckNewAvailable', $version, $date));
} else {
if ($version_local % 100 == 0) {
messages_set('notice', $message_id, 'VersionCheck',
PMA_lang('VersionCheckNewAvailableSvn', $version, $date));
} else {
messages_set('notice', $message_id, 'VersionCheck',
PMA_lang('VersionCheckNone'));
}
}
}
/**
* Calculates numerical equivalent of phpMyAdmin version string
*
* @param string version
* @return mixed false on failure, integer on success
*/
function version_to_int($version)
{
$matches = array();
if (!preg_match('/^(\d+)\.(\d+)\.(\d+)((\.|-(pl|rc|dev|beta|alpha))(\d+)?)?$/', $version, $matches)) {
return false;
}
if (!empty($matches[6])) {
switch ($matches[6]) {
case 'pl':
$added = 60;
break;
case 'rc':
$added = 30;
break;
case 'beta':
$added = 20;
break;
case 'alpha':
$added = 10;
break;
case 'dev':
$added = 0;
break;
default:
messages_set('notice', 'version_match', 'VersionCheck',
'Unknown version part: ' . htmlspecialchars($matches[6]));
$added = 0;
break;
}
} else {
$added = 50; // for final
}
if (!empty($matches[7])) {
$added = $added + $matches[7];
}
return $matches[1] * 1000000 + $matches[2] * 10000 + $matches[3] * 100 + $added;
}
/**
* Checks whether config file is readable/writable
*
* @param bool &$is_readable
* @param bool &$is_writable
* @param bool &$file_exists
*/
function check_config_rw(&$is_readable, &$is_writable, &$file_exists)
{
$file_path = ConfigFile::getInstance()->getFilePath();
$file_dir = dirname($file_path);
$is_readable = true;
$is_writable = is_dir($file_dir);
if (SETUP_DIR_WRITABLE) {
$is_writable = $is_writable && is_writable($file_dir);
}
$file_exists = file_exists($file_path);
if ($file_exists) {
$is_readable = is_readable($file_path);
$is_writable = $is_writable && is_writable($file_path);
}
}
/**
* Performs various compatibility, security and consistency checks on current config
*
* Outputs results to message list, must be called between messages_begin()
* and messages_end()
*/
function perform_config_checks()
{
$cf = ConfigFile::getInstance();
$blowfish_secret = $cf->get('blowfish_secret');
$blowfish_secret_set = false;
$cookie_auth_used = false;
for ($i = 1, $server_cnt = $cf->getServerCount(); $i <= $server_cnt; $i++) {
$cookie_auth_server = ($cf->getValue("Servers/$i/auth_type") == 'cookie');
$cookie_auth_used |= $cookie_auth_server;
$server_name = $cf->getServerName($i);
if ($server_name == 'localhost') {
$server_name .= " [$i]";
}
if ($cookie_auth_server && $blowfish_secret === null) {
$blowfish_secret = uniqid('', true);
$blowfish_secret_set = true;
$cf->set('blowfish_secret', $blowfish_secret);
}
//
// $cfg['Servers'][$i]['ssl']
// should be enabled if possible
//
if (!$cf->getValue("Servers/$i/ssl")) {
$title = PMA_lang_name('Servers/1/ssl') . " ($server_name)";
messages_set('notice', "Servers/$i/ssl", $title,
PMA_lang('ServerSslMsg'));
}
//
// $cfg['Servers'][$i]['extension']
// warn about using 'mysql'
//
if ($cf->getValue("Servers/$i/extension") == 'mysql') {
$title = PMA_lang_name('Servers/1/extension') . " ($server_name)";
messages_set('notice', "Servers/$i/extension", $title,
PMA_lang('ServerExtensionMsg'));
}
//
// $cfg['Servers'][$i]['auth_type']
// warn about full user credentials if 'auth_type' is 'config'
//
if ($cf->getValue("Servers/$i/auth_type") == 'config'
&& $cf->getValue("Servers/$i/user") != ''
&& $cf->getValue("Servers/$i/password") != '') {
$title = PMA_lang_name('Servers/1/auth_type') . " ($server_name)";
messages_set('warning', "Servers/$i/auth_type", $title,
PMA_lang('ServerAuthConfigMsg', $i) . ' ' .
PMA_lang('ServerSecurityInfoMsg', $i));
}
//
// $cfg['Servers'][$i]['AllowRoot']
// $cfg['Servers'][$i]['AllowNoPassword']
// serious security flaw
//
if ($cf->getValue("Servers/$i/AllowRoot")
&& $cf->getValue("Servers/$i/AllowNoPassword")) {
$title = PMA_lang_name('Servers/1/AllowNoPassword') . " ($server_name)";
messages_set('warning', "Servers/$i/AllowNoPassword", $title,
PMA_lang('ServerNoPasswordMsg') . ' ' .
PMA_lang('ServerSecurityInfoMsg', $i));
}
}
//
// $cfg['blowfish_secret']
// it's required for 'cookie' authentication
//
if ($cookie_auth_used) {
if ($blowfish_secret_set) {
// 'cookie' auth used, blowfish_secret was generated
messages_set('notice', 'blowfish_secret_created', 'blowfish_secret_name',
PMA_lang('BlowfishSecretMsg'));
} else {
$blowfish_warnings = array();
// check length
if (strlen($blowfish_secret) < 8) {
// too short key
$blowfish_warnings[] = PMA_lang('BlowfishSecretLengthMsg');
}
// check used characters
$has_digits = (bool) preg_match('/\d/', $blowfish_secret);
$has_chars = (bool) preg_match('/\S/', $blowfish_secret);
$has_nonword = (bool) preg_match('/\W/', $blowfish_secret);
if (!$has_digits || !$has_chars || !$has_nonword) {
$blowfish_warnings[] = PMA_lang('BlowfishSecretCharsMsg');
}
if (!empty($blowfish_warnings)) {
messages_set('warning', 'blowfish_warnings' . count($blowfish_warnings),
'blowfish_secret_name', implode("<br />", $blowfish_warnings));
}
}
}
//
// $cfg['ForceSSL']
// should be enabled if possible
//
if (!$cf->getValue('ForceSSL')) {
messages_set('notice', 'ForceSSL', 'ForceSSL_name',
PMA_lang('ForceSSLMsg'));
}
//
// $cfg['AllowArbitraryServer']
// should be disabled
//
if ($cf->getValue('AllowArbitraryServer')) {
messages_set('warning', 'AllowArbitraryServer', 'AllowArbitraryServer_name',
PMA_lang('AllowArbitraryServerMsg'));
}
//
// $cfg['LoginCookieValidity']
// should be at most 1800 (30 min)
//
if ($cf->getValue('LoginCookieValidity') > 1800) {
messages_set('warning', 'LoginCookieValidity', 'LoginCookieValidity_name',
PMA_lang('LoginCookieValidityMsg'));
}
//
// $cfg['SaveDir']
// should not be world-accessible
//
if ($cf->getValue('SaveDir') != '') {
messages_set('notice', 'SaveDir', 'SaveDir_name',
PMA_lang('DirectoryNotice'));
}
//
// $cfg['TempDir']
// should not be world-accessible
//
if ($cf->getValue('TempDir') != '') {
messages_set('notice', 'TempDir', 'TempDir_name',
PMA_lang('DirectoryNotice'));
}
//
// $cfg['GZipDump']
// requires zlib functions
//
if ($cf->getValue('GZipDump')
&& (@!function_exists('gzopen') || @!function_exists('gzencode'))) {
messages_set('warning', 'GZipDump', 'GZipDump_name',
PMA_lang('GZipDumpWarning', 'gzencode'));
}
//
// $cfg['BZipDump']
// requires bzip2 functions
//
if ($cf->getValue('BZipDump')
&& (!@function_exists('bzopen') || !@function_exists('bzcompress'))) {
$functions = @function_exists('bzopen')
? '' :
'bzopen';
$functions .= @function_exists('bzcompress')
? ''
: ($functions ? ', ' : '') . 'bzcompress';
messages_set('warning', 'BZipDump', 'BZipDump_name',
PMA_lang('BZipDumpWarning', $functions));
}
//
// $cfg['ZipDump']
// requires zip_open in import
//
if ($cf->getValue('ZipDump') && !@function_exists('zip_open')) {
messages_set('warning', 'ZipDump_import', 'ZipDump_name',
PMA_lang('ZipDumpImportWarning', 'zip_open'));
}
//
// $cfg['ZipDump']
// requires gzcompress in export
//
if ($cf->getValue('ZipDump') && !@function_exists('gzcompress')) {
messages_set('warning', 'ZipDump_export', 'ZipDump_name',
PMA_lang('ZipDumpExportWarning', 'gzcompress'));
}
}
?>
|