, http://yehg.net/lab * Version check taken from the old setup script by Michal Čihař * * @package phpMyAdmin-setup * @author Piotr Przybylski * @license http://www.gnu.org/licenses/gpl.html GNU GPL 2.0 * @version $Id: index.lib.php 11646 2008-10-09 16:50:11Z crackpl $ */ /** * Initializes message list */ function messages_begin() { if (!isset($_SESSION['messages']) || !is_array($_SESSION['messages'])) { $_SESSION['messages'] = array('error' => array(), 'warning' => array(), 'notice' => array()); } else { // reset message states foreach ($_SESSION['messages'] as &$messages) { foreach ($messages as &$msg) { $msg['fresh'] = false; $msg['active'] = false; } } } } /** * Adds a new message to message list * * @param string $id unique message identifier * @param string $type one of: notice, warning, error * @param string $title language string id (in $str array) * @param string $message message text */ function messages_set($type, $id, $title, $message) { $fresh = !isset($_SESSION['messages'][$type][$id]); $title = PMA_lang($title); $_SESSION['messages'][$type][$id] = array( 'fresh' => $fresh, 'active' => true, 'title' => $title, 'message' => $message); } /** * Cleans up message list */ function messages_end() { foreach ($_SESSION['messages'] as &$messages) { $remove_ids = array(); foreach ($messages as $id => &$msg) { if ($msg['active'] == false) { $remove_ids[] = $id; } } foreach ($remove_ids as $id) { unset($messages[$id]); } } } /** * Prints message list, must be called after messages_end() */ function messages_show_html() { $old_ids = array(); foreach ($_SESSION['messages'] as $type => $messages) { foreach ($messages as $id => $msg) { echo '

' . '

' . $msg['title'] . '

' . $msg['message'] . '

'; if (!$msg['fresh'] && $type != 'error') { $old_ids[] = $id; } } } echo "\n" . '\n"; } /** * Checks for newest phpMyAdmin version and sets result as a new notice */ function PMA_version_check() { // version check messages should always be visible so let's make // a unique message id each time we run it $message_id = uniqid('version_check'); // wait 3s at most for server response, it's enough to get information // from a working server $connection_timeout = 3; $url = 'http://phpmyadmin.net/home_page/version.php'; $context = stream_context_create(array( 'http' => array( 'timeout' => $connection_timeout))); $data = @file_get_contents($url, null, $context); if ($data === false) { if (function_exists('curl_init')) { $ch = curl_init($url); curl_setopt($ch, CURLOPT_HEADER, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, $connection_timeout); $data = curl_exec($ch); curl_close($ch); } else { messages_set('error', $message_id, 'VersionCheck', PMA_lang('VersionCheckWrapperError')); return; } } if (empty($data)) { messages_set('error', $message_id, 'VersionCheck', PMA_lang('VersionCheckDataError')); return; } /* Format: version\ndate\n(download\n)* */ $data_list = explode("\n", $data); if (count($data_list) > 1) { $version = $data_list[0]; $date = $data_list[1]; } else { $version = $date = ''; } $version_upstream = version_to_int($version); if ($version_upstream === false) { messages_set('error', $message_id, 'VersionCheck', PMA_lang('VersionCheckInvalid')); return; } $version_local = version_to_int($_SESSION['PMA_Config']->get('PMA_VERSION')); if ($version_local === false) { messages_set('error', $message_id, 'VersionCheck', PMA_lang('VersionCheckUnparsable')); return; } if ($version_upstream > $version_local) { $version = htmlspecialchars($version); $date = htmlspecialchars($date); messages_set('notice', $message_id, 'VersionCheck', PMA_lang('VersionCheckNewAvailable', $version, $date)); } else { if ($version_local % 100 == 0) { messages_set('notice', $message_id, 'VersionCheck', PMA_lang('VersionCheckNewAvailableSvn', $version, $date)); } else { messages_set('notice', $message_id, 'VersionCheck', PMA_lang('VersionCheckNone')); } } } /** * Calculates numerical equivalent of phpMyAdmin version string * * @param string version * @return mixed false on failure, integer on success */ function version_to_int($version) { $matches = array(); if (!preg_match('/^(\d+)\.(\d+)\.(\d+)((\.|-(pl|rc|dev|beta|alpha))(\d+)?)?$/', $version, $matches)) { return false; } if (!empty($matches[6])) { switch ($matches[6]) { case 'pl': $added = 60; break; case 'rc': $added = 30; break; case 'beta': $added = 20; break; case 'alpha': $added = 10; break; case 'dev': $added = 0; break; default: messages_set('notice', 'version_match', 'VersionCheck', 'Unknown version part: ' . htmlspecialchars($matches[6])); $added = 0; break; } } else { $added = 50; // for final } if (!empty($matches[7])) { $added = $added + $matches[7]; } return $matches[1] * 1000000 + $matches[2] * 10000 + $matches[3] * 100 + $added; } /** * Checks whether config file is readable/writable * * @param bool &$is_readable * @param bool &$is_writable * @param bool &$file_exists */ function check_config_rw(&$is_readable, &$is_writable, &$file_exists) { $file_path = ConfigFile::getInstance()->getFilePath(); $file_dir = dirname($file_path); $is_readable = true; $is_writable = is_dir($file_dir) && is_writable($file_dir); $file_exists = file_exists($file_path); if ($file_exists) { $is_readable = is_readable($file_path); $is_writable = $is_writable && is_writable($file_path); } } /** * Performs various compatibility, security and consistency checks on current config * * Outputs results to message list, must be called between messages_begin() * and messages_end() */ function perform_config_checks() { $cf = ConfigFile::getInstance(); $blowfish_secret = $cf->get('blowfish_secret'); $blowfish_secret_set = false; $cookie_auth_used = false; for ($i = 1; $i <= $cf->getServerCount(); $i++) { $cookie_auth_server = ($cf->getValue("Servers/$i/auth_type") == 'cookie'); $cookie_auth_used |= $cookie_auth_server; $server_name = $cf->getServerName($i); if ($server_name == 'localhost') { $server_name .= " [$i]"; } if ($cookie_auth_server && $blowfish_secret === null) { $blowfish_secret = uniqid('', true); $blowfish_secret_set = true; $cf->set('blowfish_secret', $blowfish_secret); } // // $cfg['Servers'][$i]['ssl'] // should be enabled if possible // if (!$cf->getValue("Servers/$i/ssl")) { $title = PMA_lang_name('Servers/1/ssl') . " ($server_name)"; messages_set('notice', "Servers/$i/ssl", $title, PMA_lang('ServerSslMsg')); } // // $cfg['Servers'][$i]['extension'] // warn about using 'mysql' // if ($cf->getValue("Servers/$i/extension") == 'mysql') { $title = PMA_lang_name('Servers/1/extension') . " ($server_name)"; messages_set('notice', "Servers/$i/extension", $title, PMA_lang('ServerExtensionMsg')); } // // $cfg['Servers'][$i]['auth_type'] // warn about full user credentials if 'auth_type' is 'config' // if ($cf->getValue("Servers/$i/auth_type") == 'config' && $cf->getValue("Servers/$i/user") != '' && $cf->getValue("Servers/$i/password") != '') { $title = PMA_lang_name('Servers/1/auth_type') . " ($server_name)"; messages_set('warning', "Servers/$i/auth_type", $title, PMA_lang('ServerAuthConfigMsg', $i) . ' ' . PMA_lang('ServerSecurityInfoMsg', $i)); } // // $cfg['Servers'][$i]['AllowRoot'] // $cfg['Servers'][$i]['AllowNoPasswordRoot'] // serious security flaw // if ($cf->getValue("Servers/$i/AllowRoot") && $cf->getValue("Servers/$i/AllowNoPasswordRoot")) { $title = PMA_lang_name('Servers/1/AllowNoPasswordRoot') . " ($server_name)"; messages_set('warning', "Servers/$i/AllowNoPasswordRoot", $title, PMA_lang('ServerNoPasswordRootMsg') . ' ' . PMA_lang('ServerSecurityInfoMsg', $i)); } } // // $cfg['blowfish_secret'] // it's required for 'cookie' authentication // if ($cookie_auth_used) { if ($blowfish_secret_set) { // 'cookie' auth used, blowfish_secret was generated messages_set('notice', 'blowfish_secret_created', 'blowfish_secret_name', PMA_lang('BlowfishSecretMsg')); } else { $blowfish_warnings = array(); // check length if (strlen($blowfish_secret) < 8) { // too short key $blowfish_warnings[] = PMA_lang('BlowfishSecretLengthMsg'); } // check used characters $has_digits = (bool) preg_match('/\d/', $blowfish_secret); $has_chars = (bool) preg_match('/\S/', $blowfish_secret); $has_nonword = (bool) preg_match('/\W/', $blowfish_secret); if (!$has_digits || !$has_chars || !$has_nonword) { $blowfish_warnings[] = PMA_lang('BlowfishSecretCharsMsg'); } if (!empty($blowfish_warnings)) { messages_set('warning', 'blowfish_warnings' . count($blowfish_warnings), 'blowfish_secret_name', implode("
", $blowfish_warnings)); } } } // // $cfg['ForceSSL'] // should be enabled if possible // if (!$cf->getValue('ForceSSL')) { messages_set('notice', 'ForceSSL', 'ForceSSL_name', PMA_lang('ForceSSLMsg')); } // // $cfg['AllowArbitraryServer'] // should be disabled // if ($cf->getValue('AllowArbitraryServer')) { messages_set('warning', 'AllowArbitraryServer', 'AllowArbitraryServer_name', PMA_lang('AllowArbitraryServerMsg')); } // // $cfg['LoginCookieValidity'] // should be at most 1800 (30 min) // if ($cf->getValue('LoginCookieValidity') > 1800) { messages_set('warning', 'LoginCookieValidity', 'LoginCookieValidity_name', PMA_lang('LoginCookieValidityMsg')); } // // $cfg['SaveDir'] // should not be world-accessible // if ($cf->getValue('SaveDir') != '') { messages_set('notice', 'SaveDir', 'SaveDir_name', PMA_lang('DirectoryNotice')); } // // $cfg['TempDir'] // should not be world-accessible // if ($cf->getValue('TempDir') != '') { messages_set('notice', 'TempDir', 'TempDir_name', PMA_lang('DirectoryNotice')); } // // $cfg['GZipDump'] // requires zlib functions // if ($cf->getValue('GZipDump') && (@!function_exists('gzopen') || @!function_exists('gzencode'))) { messages_set('warning', 'GZipDump', 'GZipDump_name', PMA_lang('GZipDumpWarning', 'gzencode')); } // // $cfg['BZipDump'] // requires bzip2 functions // if ($cf->getValue('BZipDump') && (!@function_exists('bzopen') || !@function_exists('bzcompress'))) { $functions = @function_exists('bzopen') ? '' : 'bzopen'; $functions .= @function_exists('bzcompress') ? '' : ($functions ? ', ' : '') . 'bzcompress'; messages_set('warning', 'BZipDump', 'BZipDump_name', PMA_lang('BZipDumpWarning', $functions)); } // // $cfg['ZipDump'] // requires zip_open in import // if ($cf->getValue('ZipDump') && !@function_exists('zip_open')) { messages_set('warning', 'ZipDump_import', 'ZipDump_name', PMA_lang('ZipDumpImportWarning', 'zip_open')); } // // $cfg['ZipDump'] // requires gzcompress in export // if ($cf->getValue('ZipDump') && !@function_exists('gzcompress')) { messages_set('warning', 'ZipDump_export', 'ZipDump_name', PMA_lang('ZipDumpExportWarning', 'gzcompress')); } } ?>