remove todo, after upgrade PHPExcel
[phpmyadmin/arisferyanto.git] / setup / lib / index.lib.php
blob108b1b704e1cc68fc47a769f55a92b0346c6df3a
1 <?php
3 /**
4 * Various checks and message functions used on index page.
6 * Security checks are the idea of Aung Khant <aungkhant[at]yehg.net>, http://yehg.net/lab
7 * Version check taken from the old setup script by Michal Čihař <michal@cihar.com>
9 * @package phpMyAdmin-setup
10 * @author Piotr Przybylski <piotrprz@gmail.com>
11 * @license http://www.gnu.org/licenses/gpl.html GNU GPL 2.0
12 * @version $Id$
15 if (!defined('PHPMYADMIN')) {
16 exit;
19 /**
20 * Load vendor config.
22 require_once('./libraries/vendor_config.php');
24 /**
25 * Initializes message list
27 function messages_begin()
29 if (!isset($_SESSION['messages']) || !is_array($_SESSION['messages'])) {
30 $_SESSION['messages'] = array('error' => array(), 'warning' => array(), 'notice' => array());
31 } else {
32 // reset message states
33 foreach ($_SESSION['messages'] as &$messages) {
34 foreach ($messages as &$msg) {
35 $msg['fresh'] = false;
36 $msg['active'] = false;
42 /**
43 * Adds a new message to message list
45 * @param string $id unique message identifier
46 * @param string $type one of: notice, warning, error
47 * @param string $title language string id (in $str array)
48 * @param string $message message text
50 function messages_set($type, $id, $title, $message)
52 $fresh = !isset($_SESSION['messages'][$type][$id]);
53 $title = PMA_lang($title);
54 $_SESSION['messages'][$type][$id] = array(
55 'fresh' => $fresh,
56 'active' => true,
57 'title' => $title,
58 'message' => $message);
61 /**
62 * Cleans up message list
64 function messages_end()
66 foreach ($_SESSION['messages'] as &$messages) {
67 $remove_ids = array();
68 foreach ($messages as $id => &$msg) {
69 if ($msg['active'] == false) {
70 $remove_ids[] = $id;
73 foreach ($remove_ids as $id) {
74 unset($messages[$id]);
79 /**
80 * Prints message list, must be called after messages_end()
82 function messages_show_html()
84 $old_ids = array();
85 foreach ($_SESSION['messages'] as $type => $messages) {
86 foreach ($messages as $id => $msg) {
87 echo '<div class="' . $type . '" id="' . $id . '">' . '<h4>' . $msg['title'] . '</h4>' . $msg['message'] . '</div>';
88 if (!$msg['fresh'] && $type != 'error') {
89 $old_ids[] = $id;
94 echo "\n" . '<script type="text/javascript">';
95 foreach ($old_ids as $id) {
96 echo "\nhiddenMessages.push('$id');";
98 echo "\n</script>\n";
102 * Checks for newest phpMyAdmin version and sets result as a new notice
104 function PMA_version_check()
106 // version check messages should always be visible so let's make
107 // a unique message id each time we run it
108 $message_id = uniqid('version_check');
109 // wait 3s at most for server response, it's enough to get information
110 // from a working server
111 $connection_timeout = 3;
113 $url = 'http://phpmyadmin.net/home_page/version.php';
114 $context = stream_context_create(array(
115 'http' => array(
116 'timeout' => $connection_timeout)));
117 $data = @file_get_contents($url, null, $context);
118 if ($data === false) {
119 if (function_exists('curl_init')) {
120 $ch = curl_init($url);
121 curl_setopt($ch, CURLOPT_HEADER, false);
122 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
123 curl_setopt($ch, CURLOPT_TIMEOUT, $connection_timeout);
124 $data = curl_exec($ch);
125 curl_close($ch);
126 } else {
127 messages_set('error', $message_id, 'VersionCheck',
128 PMA_lang('VersionCheckWrapperError'));
129 return;
133 if (empty($data)) {
134 messages_set('error', $message_id, 'VersionCheck',
135 PMA_lang('VersionCheckDataError'));
136 return;
139 /* Format: version\ndate\n(download\n)* */
140 $data_list = explode("\n", $data);
142 if (count($data_list) > 1) {
143 $version = $data_list[0];
144 $date = $data_list[1];
145 } else {
146 $version = $date = '';
149 $version_upstream = version_to_int($version);
150 if ($version_upstream === false) {
151 messages_set('error', $message_id, 'VersionCheck',
152 PMA_lang('VersionCheckInvalid'));
153 return;
156 $version_local = version_to_int($_SESSION['PMA_Config']->get('PMA_VERSION'));
157 if ($version_local === false) {
158 messages_set('error', $message_id, 'VersionCheck',
159 PMA_lang('VersionCheckUnparsable'));
160 return;
163 if ($version_upstream > $version_local) {
164 $version = htmlspecialchars($version);
165 $date = htmlspecialchars($date);
166 messages_set('notice', $message_id, 'VersionCheck',
167 PMA_lang('VersionCheckNewAvailable', $version, $date));
168 } else {
169 if ($version_local % 100 == 0) {
170 messages_set('notice', $message_id, 'VersionCheck',
171 PMA_lang('VersionCheckNewAvailableSvn', $version, $date));
172 } else {
173 messages_set('notice', $message_id, 'VersionCheck',
174 PMA_lang('VersionCheckNone'));
180 * Calculates numerical equivalent of phpMyAdmin version string
182 * @param string version
183 * @return mixed false on failure, integer on success
185 function version_to_int($version)
187 $matches = array();
188 if (!preg_match('/^(\d+)\.(\d+)\.(\d+)((\.|-(pl|rc|dev|beta|alpha))(\d+)?)?$/', $version, $matches)) {
189 return false;
191 if (!empty($matches[6])) {
192 switch ($matches[6]) {
193 case 'pl':
194 $added = 60;
195 break;
196 case 'rc':
197 $added = 30;
198 break;
199 case 'beta':
200 $added = 20;
201 break;
202 case 'alpha':
203 $added = 10;
204 break;
205 case 'dev':
206 $added = 0;
207 break;
208 default:
209 messages_set('notice', 'version_match', 'VersionCheck',
210 'Unknown version part: ' . htmlspecialchars($matches[6]));
211 $added = 0;
212 break;
214 } else {
215 $added = 50; // for final
217 if (!empty($matches[7])) {
218 $added = $added + $matches[7];
220 return $matches[1] * 1000000 + $matches[2] * 10000 + $matches[3] * 100 + $added;
224 * Checks whether config file is readable/writable
226 * @param bool &$is_readable
227 * @param bool &$is_writable
228 * @param bool &$file_exists
230 function check_config_rw(&$is_readable, &$is_writable, &$file_exists)
232 $file_path = ConfigFile::getInstance()->getFilePath();
233 $file_dir = dirname($file_path);
234 $is_readable = true;
235 $is_writable = is_dir($file_dir);
236 if (SETUP_DIR_WRITABLE) {
237 $is_writable = $is_writable && is_writable($file_dir);
239 $file_exists = file_exists($file_path);
240 if ($file_exists) {
241 $is_readable = is_readable($file_path);
242 $is_writable = $is_writable && is_writable($file_path);
247 * Performs various compatibility, security and consistency checks on current config
249 * Outputs results to message list, must be called between messages_begin()
250 * and messages_end()
252 function perform_config_checks()
254 $cf = ConfigFile::getInstance();
255 $blowfish_secret = $cf->get('blowfish_secret');
256 $blowfish_secret_set = false;
257 $cookie_auth_used = false;
258 for ($i = 1, $server_cnt = $cf->getServerCount(); $i <= $server_cnt; $i++) {
259 $cookie_auth_server = ($cf->getValue("Servers/$i/auth_type") == 'cookie');
260 $cookie_auth_used |= $cookie_auth_server;
261 $server_name = $cf->getServerName($i);
262 if ($server_name == 'localhost') {
263 $server_name .= " [$i]";
266 if ($cookie_auth_server && $blowfish_secret === null) {
267 $blowfish_secret = uniqid('', true);
268 $blowfish_secret_set = true;
269 $cf->set('blowfish_secret', $blowfish_secret);
273 // $cfg['Servers'][$i]['ssl']
274 // should be enabled if possible
276 if (!$cf->getValue("Servers/$i/ssl")) {
277 $title = PMA_lang_name('Servers/1/ssl') . " ($server_name)";
278 messages_set('notice', "Servers/$i/ssl", $title,
279 PMA_lang('ServerSslMsg'));
283 // $cfg['Servers'][$i]['extension']
284 // warn about using 'mysql'
286 if ($cf->getValue("Servers/$i/extension") == 'mysql') {
287 $title = PMA_lang_name('Servers/1/extension') . " ($server_name)";
288 messages_set('notice', "Servers/$i/extension", $title,
289 PMA_lang('ServerExtensionMsg'));
293 // $cfg['Servers'][$i]['auth_type']
294 // warn about full user credentials if 'auth_type' is 'config'
296 if ($cf->getValue("Servers/$i/auth_type") == 'config'
297 && $cf->getValue("Servers/$i/user") != ''
298 && $cf->getValue("Servers/$i/password") != '') {
299 $title = PMA_lang_name('Servers/1/auth_type') . " ($server_name)";
300 messages_set('warning', "Servers/$i/auth_type", $title,
301 PMA_lang('ServerAuthConfigMsg', $i) . ' ' .
302 PMA_lang('ServerSecurityInfoMsg', $i));
306 // $cfg['Servers'][$i]['AllowRoot']
307 // $cfg['Servers'][$i]['AllowNoPassword']
308 // serious security flaw
310 if ($cf->getValue("Servers/$i/AllowRoot")
311 && $cf->getValue("Servers/$i/AllowNoPassword")) {
312 $title = PMA_lang_name('Servers/1/AllowNoPassword') . " ($server_name)";
313 messages_set('warning', "Servers/$i/AllowNoPassword", $title,
314 PMA_lang('ServerNoPasswordMsg') . ' ' .
315 PMA_lang('ServerSecurityInfoMsg', $i));
320 // $cfg['blowfish_secret']
321 // it's required for 'cookie' authentication
323 if ($cookie_auth_used) {
324 if ($blowfish_secret_set) {
325 // 'cookie' auth used, blowfish_secret was generated
326 messages_set('notice', 'blowfish_secret_created', 'blowfish_secret_name',
327 PMA_lang('BlowfishSecretMsg'));
328 } else {
329 $blowfish_warnings = array();
330 // check length
331 if (strlen($blowfish_secret) < 8) {
332 // too short key
333 $blowfish_warnings[] = PMA_lang('BlowfishSecretLengthMsg');
335 // check used characters
336 $has_digits = (bool) preg_match('/\d/', $blowfish_secret);
337 $has_chars = (bool) preg_match('/\S/', $blowfish_secret);
338 $has_nonword = (bool) preg_match('/\W/', $blowfish_secret);
339 if (!$has_digits || !$has_chars || !$has_nonword) {
340 $blowfish_warnings[] = PMA_lang('BlowfishSecretCharsMsg');
342 if (!empty($blowfish_warnings)) {
343 messages_set('warning', 'blowfish_warnings' . count($blowfish_warnings),
344 'blowfish_secret_name', implode("<br />", $blowfish_warnings));
350 // $cfg['ForceSSL']
351 // should be enabled if possible
353 if (!$cf->getValue('ForceSSL')) {
354 messages_set('notice', 'ForceSSL', 'ForceSSL_name',
355 PMA_lang('ForceSSLMsg'));
359 // $cfg['AllowArbitraryServer']
360 // should be disabled
362 if ($cf->getValue('AllowArbitraryServer')) {
363 messages_set('warning', 'AllowArbitraryServer', 'AllowArbitraryServer_name',
364 PMA_lang('AllowArbitraryServerMsg'));
368 // $cfg['LoginCookieValidity']
369 // should be at most 1800 (30 min)
371 if ($cf->getValue('LoginCookieValidity') > 1800) {
372 messages_set('warning', 'LoginCookieValidity', 'LoginCookieValidity_name',
373 PMA_lang('LoginCookieValidityMsg'));
377 // $cfg['SaveDir']
378 // should not be world-accessible
380 if ($cf->getValue('SaveDir') != '') {
381 messages_set('notice', 'SaveDir', 'SaveDir_name',
382 PMA_lang('DirectoryNotice'));
386 // $cfg['TempDir']
387 // should not be world-accessible
389 if ($cf->getValue('TempDir') != '') {
390 messages_set('notice', 'TempDir', 'TempDir_name',
391 PMA_lang('DirectoryNotice'));
395 // $cfg['GZipDump']
396 // requires zlib functions
398 if ($cf->getValue('GZipDump')
399 && (@!function_exists('gzopen') || @!function_exists('gzencode'))) {
400 messages_set('warning', 'GZipDump', 'GZipDump_name',
401 PMA_lang('GZipDumpWarning', 'gzencode'));
405 // $cfg['BZipDump']
406 // requires bzip2 functions
408 if ($cf->getValue('BZipDump')
409 && (!@function_exists('bzopen') || !@function_exists('bzcompress'))) {
410 $functions = @function_exists('bzopen')
411 ? '' :
412 'bzopen';
413 $functions .= @function_exists('bzcompress')
414 ? ''
415 : ($functions ? ', ' : '') . 'bzcompress';
416 messages_set('warning', 'BZipDump', 'BZipDump_name',
417 PMA_lang('BZipDumpWarning', $functions));
421 // $cfg['ZipDump']
422 // requires zip_open in import
424 if ($cf->getValue('ZipDump') && !@function_exists('zip_open')) {
425 messages_set('warning', 'ZipDump_import', 'ZipDump_name',
426 PMA_lang('ZipDumpImportWarning', 'zip_open'));
430 // $cfg['ZipDump']
431 // requires gzcompress in export
433 if ($cf->getValue('ZipDump') && !@function_exists('gzcompress')) {
434 messages_set('warning', 'ZipDump_export', 'ZipDump_name',
435 PMA_lang('ZipDumpExportWarning', 'gzcompress'));