nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added pmadb table for preferences storage

Browse Source 
Removed some messages from messages.inc.php
This commit is contained in:
Crack
2010-06-18 17:53:53 +02:00
parent 02bb83cad3
commit b2e232b582
8 changed files with 123 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
libraries/config.default.php
View File

@@ -347,6 +347,15 @@ $cfg['Servers'][$i]['designer_coords'] = '';
*/
$cfg['Servers'][$i]['tracking'] = '';
/**
* table to store user preferences
* - leave blank to disable server storage
* SUGGESTED: 'pma_userconfig'
*
* @global string $cfg['Servers'][$i]['userconfig']
*/
$cfg['Servers'][$i]['userconfig'] = '';
/**
* set to false if you know that your pma_* tables are up to date.
* This prevents compatibility checks and thereby increases performance.

2
libraries/config/FormDisplay.tpl.php
View File

@@ -152,7 +152,7 @@ function display_input($path, $name, $description = '', $type, $value, $value_is
foreach ($opts['values'] as $opt_value => $opt_name) {
// set names for boolean values
if (is_bool($opt_name)) {
$opt_name = $GLOBALS['strSetup' . ($opt_value ? 'True' : 'False')];
$opt_name = $GLOBALS['strSetup' . ($opt_value ? __('Yes') : __('No'))];
}
// cast boolean values to integers
$display_value = is_bool($opt_value) ? (int) $opt_value : $opt_value;

37
libraries/config/messages.inc.php
View File

@@ -15,7 +15,6 @@ if (!function_exists('__')) {
$strSetupAllowAnywhereRecoding_name = __('Allow character set conversion');
$strSetupAllowArbitraryServer_desc = __('If enabled user can enter any MySQL server in login form for cookie auth');
$strSetupAllowArbitraryServerMsg = __('This [a@?page=form&formset=features#tab_Security]option[/a] should be disabled as it allows attackers to bruteforce login to any MySQL server. If you feel this is necessary, use [a@?page=form&formset=features#tab_Security]trusted proxies list[/a]. However, IP-based protection may not be reliable if your IP belongs to an ISP where thousands of users, including you, are connected to.');
$strSetupAllowArbitraryServer_name = __('Allow login to any MySQL server');
$strSetupAllowUserDropDatabase_name = __('Show "Drop database" link to normal users');
$strSetupblowfish_secret_desc = __('Secret passphrase used for encrypting cookies in [kbd]cookie[/kbd] authentication');
@@ -26,8 +25,6 @@ $strSetupBrowsePointerEnable_desc = __('Highlight row pointed by the mouse curso
$strSetupBrowsePointerEnable_name = __('Highlight pointer');
$strSetupBZipDump_desc = __('Enable [a@http://en.wikipedia.org/wiki/Bzip2]bzip2[/a] compression for import and export operations');
$strSetupBZipDump_name = __('Bzip2');
$strSetupCannotLoadConfig = __('Cannot load or save configuration');
$strSetupCannotLoadConfigMsg = __('Please create web server writable folder [em]config[/em] in phpMyAdmin top level directory as described in [a@Documentation.html#setup_script]documentation[/a]. Otherwise you will be only able to download or display it.');
$strSetupCharEditing_desc = __('Defines which type of editing controls should be used for CHAR and VARCHAR columns; [kbd]input[/kbd] - allows limiting of input length, [kbd]textarea[/kbd] - allows newlines in columns');
$strSetupCharEditing_name = __('CHAR columns editing');
$strSetupCharTextareaCols_desc = __('Number of columns for CHAR/VARCHAR textareas');
@@ -54,7 +51,6 @@ $strSetupDefaultTabServer_desc = __('Tab that is displayed when entering a serve
$strSetupDefaultTabServer_name = __('Default server tab');
$strSetupDefaultTabTable_desc = __('Tab that is displayed when entering a table');
$strSetupDefaultTabTable_name = __('Default table tab');
$strSetupDirectoryNotice = __('This value should be double checked to ensure that this directory is neither world accessible nor readable or writable by other users on your server.');
$strSetupDisplayBinaryAsHex_name = __('Show binary contents as HEX');
$strSetupDisplayBinaryAsHex_desc = __('Show binary contents as HEX by default');
$strSetupDisplayDatabasesList_desc = __('Show database listing as a list instead of a drop down');
@@ -81,9 +77,7 @@ $strSetupExport_format_name = __('Format');
$strSetupExport_onserver_name = __('Save on server');
$strSetupExport_onserver_overwrite_name = __('Overwrite existing file(s)');
$strSetupExport_remember_file_template_name = __('Remember file name template');
$strSetupFalse = __('no');
$strSetupForceSSL_desc = __('Force secured connection while using phpMyAdmin');
$strSetupForceSSLMsg = __('This [a@?page=form&formset=features#tab_Security]option[/a] should be enabled if your web server supports it');
$strSetupForceSSL_name = __('Force SSL connection');
$strSetupForeignKeyDropdownOrder_desc = __('Sort order for items in a foreign-key dropdown box; [kbd]content[/kbd] is the referenced data, [kbd]id[/kbd] is the key value');
$strSetupForeignKeyDropdownOrder_name = __('Foreign key dropdown order');
@@ -143,8 +137,6 @@ $strSetupForm_Tabs_desc = __('Choose how you want tabs to work');
$strSetupForm_Tabs = __('Tabs');
$strSetupGZipDump_desc = __('Enable [a@http://en.wikipedia.org/wiki/Gzip]gzip[/a] compression for import and export operations');
$strSetupGZipDump_name = __('GZip');
$strSetupGZipDumpWarning = __('[a@?page=form&formset=features#tab_Import_export]GZip compression and decompression[/a] requires functions (%s) which are unavailable on this system.');
$strSetupHomepageLink = __('phpMyAdmin homepage');
$strSetupIconvExtraParams_name = __('Extra parameters for iconv');
$strSetupIgnoreErrors = __('Ignore errors');
$strSetupIgnoreMultiSubmitErrors_desc = __('If enabled, phpMyAdmin continues computing multiple-statement queries even if one of the queries failed');
@@ -156,9 +148,6 @@ $strSetupImport_format_name = __('Format of imported file');
$strSetupImport_skip_queries_desc = __('Number of queries to skip from start');
$strSetupImport_skip_queries_name = __('Partial import: skip queries');
$strSetupInitialSlidersState_name = __('Initial state for sliders');
$strSetupInsecureConnection = __('Insecure connection');
$strSetupInsecureConnectionMsg1 = __('You are not using a secure connection; all data (including potentially sensitive information, like passwords) is transferred unencrypted!');
$strSetupInsecureConnectionMsg2 = __('If your server is also configured to accept HTTPS requests follow [a@%s]this link[/a] to use a secure connection.');
$strSetupInsertRows_desc = __('How many rows can be inserted at one time');
$strSetupInsertRows_name = __('Number of inserted rows');
$strSetupLeftDefaultTabTable_name = __('Target for quick access icon');
@@ -185,7 +174,6 @@ $strSetupLightTabs_desc = __('Use less graphically intense tabs');
$strSetupLightTabs_name = __('Light tabs');
$strSetupLimitChars_name = __('Limit column characters');
$strSetupLimitChars_desc = __('Maximum number of characters shown in any non-numeric column on browse view');
$strSetupLoad = __('Load');
$strSetupLoginCookieDeleteAll_desc = __('If TRUE, logout deletes cookies for all servers; when set to FALSE, logout only occurs for the current server. Setting this to FALSE makes it easy to forget to log out from other servers when connected to multiple servers.');
$strSetupLoginCookieDeleteAll_name = __('Delete all cookies on logout');
$strSetupLoginCookieRecall_desc = __('Define whether the previous login should be recalled or not in cookie authentication mode');
@@ -193,7 +181,6 @@ $strSetupLoginCookieRecall_name = __('Recall user name');
$strSetupLoginCookieStore_desc = __('Defines how long (in seconds) a login cookie should be stored in browser. The default of 0 means that it will be kept for the existing session only, and will be deleted as soon as you close the browser window. This is recommended for non-trusted environments.');
$strSetupLoginCookieStore_name = __('Login cookie store');
$strSetupLoginCookieValidity_desc = __('Define how long (in seconds) a login cookie is valid');
$strSetupLoginCookieValidityMsg = __('[a@?page=form&formset=features#tab_Security]Login cookie validity[/a] should be set to 1800 seconds (30 minutes) at most. Values larger than 1800 may pose a security risk such as impersonation.');
$strSetupLoginCookieValidity_name = __('Login cookie validity');
$strSetupLongtextDoubleTextarea_name = __('Bigger textarea for LONGTEXT');
$strSetupLongtextDoubleTextarea_desc = __('Double size of textarea for LONGTEXT fields');
@@ -214,14 +201,11 @@ $strSetupNaturalOrder_name = __('Natural order');
$strSetupNaturalOrder_desc = __('Use natural order for sorting table and database names');
$strSetupNavigationBarIconic_desc = __('Use only icons, only text or both');
$strSetupNavigationBarIconic_name = __('Iconic navigation bar');
$strSetupNewServer = __('New server');
$strSetupNoServers = __('There are no configured servers');
$strSetupOBGzip_desc = __('use GZip output buffering for increased speed in HTTP transfers');
$strSetupOBGzip_name = __('GZip output buffering');
$strSetupOptionNone = __('- none -');
$strSetupOrder_desc = __('[kbd]SMART[/kbd] - i.e. descending order for columns of type TIME, DATE, DATETIME and TIMESTAMP, ascending order otherwise');
$strSetupOrder_name = __('Default sorting order');
$strSetupOverview = __('Overview');
$strSetupPersistentConnections_desc = __('Use persistent connections to MySQL databases');
$strSetupPersistentConnections_name = __('Persistent connections');
$strSetupPropertiesIconic_desc = __('Use only icons, only text or both');
@@ -248,10 +232,6 @@ $strSetupRestoreDefaultValue = __('Restore default value');
$strSetupRevertErroneousFields = __('Try to revert erroneous fields to their default values');
$strSetupSaveDir_desc = __('Directory where exports can be saved on server');
$strSetupSaveDir_name = __('Save directory');
$strSetupServerAuthConfigMsg = __('You set the [kbd]config[/kbd] authentication type and included username and password for auto-login, which is not a desirable option for live hosts. Anyone who knows or guesses your phpMyAdmin URL can directly access your phpMyAdmin panel. Set [a@?page=servers&mode=edit&id=%1$d#tab_Server]authentication type[/a] to [kbd]cookie[/kbd] or [kbd]http[/kbd].');
$strSetupServerExtensionMsg = __('You should use mysqli for performance reasons');
$strSetupServerNoPasswordMsg = __('You allow for connecting to the server without a password.');
$strSetupServersAdd = __('Add a new server');
$strSetupServers_AllowDeny_order_desc = __('Leave blank if not used');
$strSetupServers_AllowDeny_order_name = __('Host authentication order');
$strSetupServers_AllowDeny_rules_desc = __('Leave blank for defaults');
@@ -281,7 +261,6 @@ $strSetupServers_designer_coords_desc = __('Leave blank for no Designer support,
$strSetupServers_designer_coords_name = __('Designer table');
$strSetupServers_DisableIS_desc = __('More information on [a@http://sf.net/support/tracker.php?aid=1849494]PMA bug tracker[/a] and [a@http://bugs.mysql.com/19588]MySQL Bugs[/a]');
$strSetupServers_DisableIS_name = __('Disable use of INFORMATION_SCHEMA');
$strSetupServerSecurityInfoMsg = __('If you feel this is necessary, use additional protection settings - [a@?page=servers&mode=edit&id=%1$d#tab_Server_config]host authentication[/a] settings and [a@?page=form&formset=features#tab_Security]trusted proxies list[/a]. However, IP-based protection may not be reliable if your IP belongs to an ISP where thousands of users, including you, are connected to.');
$strSetupServers_extension_desc = __('What PHP extension to use; you should use mysqli if supported');
$strSetupServers_extension_name = __('PHP extension to use');
$strSetupServers_hide_db_desc = __('Hide databases matching regular expression (PCRE)');
@@ -322,7 +301,6 @@ $strSetupServers_tracking_add_drop_table_desc = __('Whether a DROP TABLE IF EXIS
$strSetupServers_tracking_add_drop_table_name = __('Add DROP TABLE');
$strSetupServers_tracking_add_drop_database_desc = __('Whether a DROP DATABASE IF EXISTS statement will be added as first line to the log when creating a database.');
$strSetupServers_tracking_add_drop_database_name = __('Add DROP DATABASE');
$strSetupServerSslMsg = __('You should use SSL connections if your web server supports it');
$strSetupServers_socket_desc = __('Socket on which MySQL server is listening, leave empty for default');
$strSetupServers_socket_name = __('Server socket');
$strSetupServers_ssl_desc = __('Enable SSL for connection to MySQL server');
@@ -333,11 +311,12 @@ $strSetupServers_table_info_desc = __('Table to describe the display columns, le
$strSetupServers_table_info_name = __('Display columns table');
$strSetupServers_user_desc = __('Leave empty if not using config auth');
$strSetupServers_user_name = __('User for config auth');
$strSetupServers_userconfig_name = __('User preferences storage table');
$strSetupServers_userconfig_desc = __('Leave blank for no user preferences storage in database, suggested: [kbd]pma_config[/kbd]');
$strSetupServers_verbose_check_desc = __('Disable if you know that your pma_* tables are up to date. This prevents compatibility checks and thereby increases performance');
$strSetupServers_verbose_check_name = __('Verbose check');
$strSetupServers_verbose_desc = __('A user-friendly description of this server. Leave blank to display the hostname instead.');
$strSetupServers_verbose_name = __('Verbose name of this server');
$strSetupSetValue = __('Set value: %s');
$strSetupShowAll_desc = __('Whether a user should be displayed a "show all (rows)" button');
$strSetupShowAll_name = __('Allow to display all the rows');
$strSetupShowChgPassword_desc = __('Please note that enabling this has no effect with [kbd]config[/kbd] authentication mode because the password is hard coded in the configuration file; this does not limit the ability to execute the same command directly');
@@ -381,7 +360,6 @@ $strSetupTitleDatabase_name = __('Database');
$strSetupTitleDatabase_desc = __('Title of browser window when a database is selected');
$strSetupTitleServer_name = __('Server');
$strSetupTitleServer_desc = __('Title of browser window when a server is selected');
$strSetupTrue = __('yes');
$strSetupTrustedProxies_desc = __('Input proxies as [kbd]IP: trusted HTTP header[/kbd]. The following example specifies that phpMyAdmin should trust a HTTP_X_FORWARDED_FOR (X-Forwarded-For) header coming from the proxy 1.2.3.4:[br][kbd]1.2.3.4: HTTP_X_FORWARDED_FOR[/kbd]');
$strSetupTrustedProxies_name = __('List of trusted proxies for IP allow/deny');
$strSetupUploadDir_desc = __('Directory on server where you can upload files for import');
@@ -390,19 +368,8 @@ $strSetupUseDbSearch_desc = __('Allow for searching inside the entire database')
$strSetupUseDbSearch_name = __('Use database search');
$strSetupVerboseMultiSubmit_desc = __('Show affected rows of each statement on multiple-statement queries. See libraries/import.lib.php for defaults on how many queries a statement may contain.');
$strSetupVerboseMultiSubmit_name = __('Verbose multiple statements');
$strSetupVersionCheckDataError = __('Reading of version failed. Maybe you\'re offline or the upgrade server does not respond.');
$strSetupVersionCheckInvalid = __('Got invalid version string from server');
$strSetupVersionCheckLink = __('Check for latest version');
$strSetupVersionCheckNewAvailable = __('A newer version of phpMyAdmin is available and you should consider upgrading. The newest version is %s, released on %s.');
$strSetupVersionCheckNewAvailableSvn = __('You are using Git version, run [kbd]git pull[/kbd] :-)[br]The latest stable version is %s, released on %s.');
$strSetupVersionCheckNone = __('No newer stable version is available');
$strSetupVersionCheckUnparsable = __('Unparsable version string');
$strSetupVersionCheck = __('Version check');
$strSetupVersionCheckWrapperError = __('Neither URL wrapper nor CURL is available. Version check is not possible.');
$strSetupWarning = __('Warning');
$strSetupZipDump_desc = __('Enable [a@http://en.wikipedia.org/wiki/ZIP_(file_format)]ZIP[/a] compression for import and export operations');
$strSetupZipDumpExportWarning = __('[a@?page=form&formset=features#tab_Import_export]Zip compression[/a] requires functions (%s) which are unavailable on this system.');
$strSetupZipDumpImportWarning = __('[a@?page=form&formset=features#tab_Import_export]Zip decompression[/a] requires functions (%s) which are unavailable on this system.');
$strSetupZipDump_name = __('ZIP');
?>

6
phpmyadmin.css.php
View File

@@ -36,7 +36,11 @@ header('Content-Type: text/css; charset=UTF-8');
// Cache output in client - the nocache query parameter makes sure that this
// file is reloaded when config changes
// todo: restore header
//header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 3600) . ' GMT');
//header('Expires: ' . $GLOBALS['now']); // rfc2616 - Section 14.21
//header('Last-Modified: ' . $GLOBALS['now']);
header('Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0'); // HTTP/1.1
$_SESSION['PMA_Theme_Manager']->printCss(PMA_FRAME);
?>
?>

15
scripts/create_tables.sql
View File

@@ -192,3 +192,18 @@ CREATE TABLE IF NOT EXISTS `pma_tracking` (
`tracking_active` int(1) unsigned NOT NULL default '1',
PRIMARY KEY (`db_name`,`table_name`,`version`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin ROW_FORMAT=COMPACT;
-- --------------------------------------------------------
--
-- Table structure for table `pma_userconfig`
--
CREATE TABLE IF NOT EXISTS `pma_userconfig` (
`username` varchar(64) NOT NULL,
`timevalue` timestamp NOT NULL,
`config_data` text NOT NULL,
PRIMARY KEY (`username`)
)
ENGINE=MyISAM COMMENT='User preferences storage for phpMyAdmin'
DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;

11
setup/frames/index.inc.php
View File

@@ -48,7 +48,8 @@ $config_writable = false;
$config_exists = false;
check_config_rw($config_readable, $config_writable, $config_exists);
if (!$config_writable || !$config_readable) {
messages_set('error', 'config_rw', 'CannotLoadConfig', PMA_lang('CannotLoadConfigMsg'));
messages_set('error', 'config_rw', __('Cannot load or save configuration'),
PMA_lang(__('Please create web server writable folder [em]config[/em] in phpMyAdmin top level directory as described in [a@Documentation.html#setup_script]documentation[/a]. Otherwise you will be only able to download or display it.')));
}
//
// Check https connection
@@ -56,11 +57,13 @@ if (!$config_writable || !$config_readable) {
$is_https = !empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on';
if (!$is_https) {
$text = __('You are not using a secure connection; all data (including potentially sensitive information, like passwords) is transferred unencrypted!');
if (!empty($_SERVER['REQUEST_URI']) && !empty($_SERVER['HTTP_HOST'])) {
$text .= ' ' . PMA_lang('InsecureConnectionMsg2',
$strInsecureConnectionMsg2 = __('If your server is also configured to accept HTTPS requests follow [a@%s]this link[/a] to use a secure connection.');
$text .= ' ' . PMA_lang($strInsecureConnectionMsg2,
'https://' . htmlspecialchars($_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']));
}
messages_set('warning', 'no_https', 'InsecureConnection', $text);
messages_set('warning', 'no_https', __('Insecure connection'), $text);
}
?>
@@ -110,7 +113,7 @@ display_form_top('index.php', 'get', array(
<tr>
<th>#</th>
<th><?php echo __('Name') ?></th>
<th>Authentication type</th>
<th><?php echo __('Authentication type') ?></th>
<th colspan="2">DSN</th>
</tr>
<?php foreach ($_SESSION['ConfigFile']['Servers'] as $id => $server): ?>

5
setup/lib/forms.inc.php
View File

@@ -57,12 +57,13 @@ $forms['Server_pmadb'] = array('Servers' => array(1 => array(
'verbose_check',
'bookmarktable' => 'pma_bookmark',
'relation' => 'pma_relation',
'userconfig' => 'pma_userconfig',
'table_info' => 'pma_table_info',
'table_coords' => 'pma_table_coords',
'pdf_pages' => 'pma_pdf_pages',
'column_info' => 'pma_column_info',
'history' => 'pma_history',
'tracking' => 'pma_tracking',
'table_coords' => 'pma_table_coords',
'pdf_pages' => 'pma_pdf_pages',
'designer_coords' => 'pma_designer_coords')));
$forms['Server_tracking'] = array('Servers' => array(1 => array(
'tracking_version_auto_create',

139
setup/lib/index.lib.php
View File

@@ -49,7 +49,6 @@ function messages_begin()
function messages_set($type, $id, $title, $message)
{
$fresh = !isset($_SESSION['messages'][$type][$id]);
$title = PMA_lang($title);
$_SESSION['messages'][$type][$id] = array(
'fresh' => $fresh,
'active' => true,
@@ -123,15 +122,15 @@ function PMA_version_check()
$data = curl_exec($ch);
curl_close($ch);
} else {
messages_set('error', $message_id, 'VersionCheck',
PMA_lang('VersionCheckWrapperError'));
messages_set('error', $message_id, __('Version check'),
__('Neither URL wrapper nor CURL is available. Version check is not possible.'));
return;
}
}
if (empty($data)) {
messages_set('error', $message_id, 'VersionCheck',
PMA_lang('VersionCheckDataError'));
messages_set('error', $message_id, __('Version check'),
__('Reading of version failed. Maybe you\'re offline or the upgrade server does not respond.'));
return;
}
@@ -147,30 +146,30 @@ function PMA_version_check()
$version_upstream = version_to_int($version);
if ($version_upstream === false) {
messages_set('error', $message_id, 'VersionCheck',
PMA_lang('VersionCheckInvalid'));
messages_set('error', $message_id, __('Version check'),
__('Got invalid version string from server'));
return;
}
$version_local = version_to_int($GLOBALS['PMA_Config']->get('PMA_VERSION'));
if ($version_local === false) {
messages_set('error', $message_id, 'VersionCheck',
PMA_lang('VersionCheckUnparsable'));
messages_set('error', $message_id, __('Version check'),
__('Unparsable version string'));
return;
}
if ($version_upstream > $version_local) {
$version = htmlspecialchars($version);
$date = htmlspecialchars($date);
messages_set('notice', $message_id, 'VersionCheck',
PMA_lang('VersionCheckNewAvailable', $version, $date));
messages_set('notice', $message_id, __('Version check'),
sprintf(__('A newer version of phpMyAdmin is available and you should consider upgrading. The newest version is %s, released on %s.'), $version, $date));
} else {
if ($version_local % 100 == 0) {
messages_set('notice', $message_id, 'VersionCheck',
PMA_lang('VersionCheckNewAvailableSvn', $version, $date));
messages_set('notice', $message_id, __('Version check'),
PMA_sanitize(sprintf(__('You are using Git version, run [kbd]git pull[/kbd] :-)[br]The latest stable version is %s, released on %s.'), $version, $date)));
} else {
messages_set('notice', $message_id, 'VersionCheck',
PMA_lang('VersionCheckNone'));
messages_set('notice', $message_id, __('Version check'),
__('No newer stable version is available'));
}
}
}
@@ -205,7 +204,7 @@ function version_to_int($version)
$added = 0;
break;
default:
messages_set('notice', 'version_match', 'VersionCheck',
messages_set('notice', 'version_match', __('Version check'),
'Unknown version part: ' . htmlspecialchars($matches[6]));
$added = 0;
break;
@@ -254,6 +253,19 @@ function perform_config_checks()
$blowfish_secret = $cf->get('blowfish_secret');
$blowfish_secret_set = false;
$cookie_auth_used = false;
$strAllowArbitraryServerWarning = __('This [a@?page=form&amp;formset=features#tab_Security]option[/a] should be disabled as it allows attackers to bruteforce login to any MySQL server. If you feel this is necessary, use [a@?page=form&amp;formset=features#tab_Security]trusted proxies list[/a]. However, IP-based protection may not be reliable if your IP belongs to an ISP where thousands of users, including you, are connected to.');
$strBlowfishSecretMsg = __('You didn\'t have blowfish secret set and have enabled cookie authentication, so a key was automatically generated for you. It is used to encrypt cookies; you don\'t need to remember it.');
$strBZipDumpWarning = __('[a@?page=form&amp;formset=features#tab_Import_export]Bzip2 compression and decompression[/a] requires functions (%s) which are unavailable on this system.');
$strDirectoryNotice = __('This value should be double checked to ensure that this directory is neither world accessible nor readable or writable by other users on your server.');
$strForceSSLNotice = __('This [a@?page=form&amp;formset=features#tab_Security]option[/a] should be enabled if your web server supports it');
$strGZipDumpWarning = __('[a@?page=form&amp;formset=features#tab_Import_export]GZip compression and decompression[/a] requires functions (%s) which are unavailable on this system.');
$strLoginCookieValidityWarning = __('[a@?page=form&formset=features#tab_Security]Login cookie validity[/a] should be set to 1800 seconds (30 minutes) at most. Values larger than 1800 may pose a security risk such as impersonation.');
$strSecurityInfoMsg = __('If you feel this is necessary, use additional protection settings - [a@?page=servers&amp;mode=edit&amp;id=%1$d#tab_Server_config]host authentication[/a] settings and [a@?page=form&amp;formset=features#tab_Security]trusted proxies list[/a]. However, IP-based protection may not be reliable if your IP belongs to an ISP where thousands of users, including you, are connected to.');
$strServerAuthConfigMsg = __('You set the [kbd]config[/kbd] authentication type and included username and password for auto-login, which is not a desirable option for live hosts. Anyone who knows or guesses your phpMyAdmin URL can directly access your phpMyAdmin panel. Set [a@?page=servers&amp;mode=edit&amp;id=%1$d#tab_Server]authentication type[/a] to [kbd]cookie[/kbd] or [kbd]http[/kbd].');
$strZipDumpExportWarning = __('[a@?page=form&amp;formset=features#tab_Import_export]Zip compression[/a] requires functions (%s) which are unavailable on this system.');
$strZipDumpImportWarning = __('[a@?page=form&amp;formset=features#tab_Import_export]Zip decompression[/a] requires functions (%s) which are unavailable on this system.');
for ($i = 1, $server_cnt = $cf->getServerCount(); $i <= $server_cnt; $i++) {
$cookie_auth_server = ($cf->getValue("Servers/$i/auth_type") == 'cookie');
$cookie_auth_used |= $cookie_auth_server;
@@ -273,9 +285,9 @@ function perform_config_checks()
// should be enabled if possible
//
if (!$cf->getValue("Servers/$i/ssl")) {
$title = PMA_lang_name('Servers/1/ssl') . " ($server_name)";
$title = PMA_lang(PMA_lang_name('Servers/1/ssl')) . " ($server_name)";
messages_set('notice', "Servers/$i/ssl", $title,
PMA_lang('ServerSslMsg'));
__('You should use SSL connections if your web server supports it'));
}
//
@@ -283,9 +295,9 @@ function perform_config_checks()
// warn about using 'mysql'
//
if ($cf->getValue("Servers/$i/extension") == 'mysql') {
$title = PMA_lang_name('Servers/1/extension') . " ($server_name)";
$title = PMA_lang(PMA_lang_name('Servers/1/extension')) . " ($server_name)";
messages_set('notice', "Servers/$i/extension", $title,
PMA_lang('ServerExtensionMsg'));
__('You should use mysqli for performance reasons'));
}
//
@@ -293,12 +305,12 @@ function perform_config_checks()
// warn about full user credentials if 'auth_type' is 'config'
//
if ($cf->getValue("Servers/$i/auth_type") == 'config'
&& $cf->getValue("Servers/$i/user") != ''
&& $cf->getValue("Servers/$i/password") != '') {
$title = PMA_lang_name('Servers/1/auth_type') . " ($server_name)";
&& $cf->getValue("Servers/$i/user") != ''
&& $cf->getValue("Servers/$i/password") != '') {
$title = PMA_lang(PMA_lang_name('Servers/1/auth_type')) . " ($server_name)";
messages_set('warning', "Servers/$i/auth_type", $title,
PMA_lang('ServerAuthConfigMsg', $i) . ' ' .
PMA_lang('ServerSecurityInfoMsg', $i));
PMA_lang($strServerAuthConfigMsg, $i) . ' ' .
PMA_lang($strSecurityInfoMsg, $i));
}
//
@@ -307,11 +319,11 @@ function perform_config_checks()
// serious security flaw
//
if ($cf->getValue("Servers/$i/AllowRoot")
&& $cf->getValue("Servers/$i/AllowNoPassword")) {
$title = PMA_lang_name('Servers/1/AllowNoPassword') . " ($server_name)";
&& $cf->getValue("Servers/$i/AllowNoPassword")) {
$title = PMA_lang(PMA_lang_name('Servers/1/AllowNoPassword')) . " ($server_name)";
messages_set('warning', "Servers/$i/AllowNoPassword", $title,
PMA_lang('ServerNoPasswordMsg') . ' ' .
PMA_lang('ServerSecurityInfoMsg', $i));
__('You allow for connecting to the server without a password.') . ' ' .
PMA_lang($strSecurityInfoMsg, $i));
}
}
@@ -322,8 +334,9 @@ function perform_config_checks()
if ($cookie_auth_used) {
if ($blowfish_secret_set) {
// 'cookie' auth used, blowfish_secret was generated
messages_set('notice', 'blowfish_secret_created', 'blowfish_secret_name',
__('You didn\'t have blowfish secret set and have enabled cookie authentication, so a key was automatically generated for you. It is used to encrypt cookies; you don\'t need to remember it.'));
messages_set('notice', 'blowfish_secret_created',
PMA_lang(PMA_lang_name('blowfish_secret')),
$strBlowfishSecretMsg);
} else {
$blowfish_warnings = array();
// check length
@@ -336,11 +349,12 @@ function perform_config_checks()
$has_chars = (bool) preg_match('/\S/', $blowfish_secret);
$has_nonword = (bool) preg_match('/\W/', $blowfish_secret);
if (!$has_digits || !$has_chars || !$has_nonword) {
$blowfish_warnings[] = PMA_sanitize(__('Key should contain letters, numbers [em]and[/em] special characters'));
$blowfish_warnings[] = PMA_lang(__('Key should contain letters, numbers [em]and[/em] special characters'));
}
if (!empty($blowfish_warnings)) {
messages_set('warning', 'blowfish_warnings' . count($blowfish_warnings),
'blowfish_secret_name', implode("<br />", $blowfish_warnings));
PMA_lang(PMA_lang_name('blowfish_secret')),
implode("<br />", $blowfish_warnings));
}
}
}
@@ -350,8 +364,9 @@ function perform_config_checks()
// should be enabled if possible
//
if (!$cf->getValue('ForceSSL')) {
messages_set('notice', 'ForceSSL', 'ForceSSL_name',
PMA_lang('ForceSSLMsg'));
messages_set('notice', 'ForceSSL',
PMA_lang(PMA_lang_name('ForceSSL')),
PMA_lang($strForceSSLNotice));
}
//
@@ -359,8 +374,9 @@ function perform_config_checks()
// should be disabled
//
if ($cf->getValue('AllowArbitraryServer')) {
messages_set('warning', 'AllowArbitraryServer', 'AllowArbitraryServer_name',
PMA_lang('AllowArbitraryServerMsg'));
messages_set('warning', 'AllowArbitraryServer',
PMA_lang(PMA_lang_name('AllowArbitraryServer')),
PMA_lang($strAllowArbitraryServerWarning));
}
//
@@ -368,8 +384,9 @@ function perform_config_checks()
// should be at most 1800 (30 min)
//
if ($cf->getValue('LoginCookieValidity') > 1800) {
messages_set('warning', 'LoginCookieValidity', 'LoginCookieValidity_name',
PMA_lang('LoginCookieValidityMsg'));
messages_set('warning', 'LoginCookieValidity',
PMA_lang(PMA_lang_name('LoginCookieValidity')),
PMA_lang($strLoginCookieValidityWarning));
}
//
@@ -377,8 +394,9 @@ function perform_config_checks()
// should not be world-accessible
//
if ($cf->getValue('SaveDir') != '') {
messages_set('notice', 'SaveDir', 'SaveDir_name',
PMA_lang('DirectoryNotice'));
messages_set('notice', 'SaveDir',
PMA_lang(PMA_lang_name('SaveDir')),
PMA_lang($strDirectoryNotice));
}
//
@@ -386,8 +404,9 @@ function perform_config_checks()
// should not be world-accessible
//
if ($cf->getValue('TempDir') != '') {
messages_set('notice', 'TempDir', 'TempDir_name',
PMA_lang('DirectoryNotice'));
messages_set('notice', 'TempDir',
PMA_lang(PMA_lang_name('TempDir')),
PMA_lang($strDirectoryNotice));
}
//
@@ -395,9 +414,10 @@ function perform_config_checks()
// requires zlib functions
//
if ($cf->getValue('GZipDump')
&& (@!function_exists('gzopen') || @!function_exists('gzencode'))) {
messages_set('warning', 'GZipDump', 'GZipDump_name',
PMA_lang('GZipDumpWarning', 'gzencode'));
&& (@!function_exists('gzopen') || @!function_exists('gzencode'))) {
messages_set('warning', 'GZipDump',
PMA_lang(PMA_lang_name('GZipDump')),
PMA_lang($strGZipDumpWarning, 'gzencode'));
}
//
@@ -405,15 +425,16 @@ function perform_config_checks()
// requires bzip2 functions
//
if ($cf->getValue('BZipDump')
&& (!@function_exists('bzopen') || !@function_exists('bzcompress'))) {
&& (!@function_exists('bzopen') || !@function_exists('bzcompress'))) {
$functions = @function_exists('bzopen')
? '' :
'bzopen';
? '' :
'bzopen';
$functions .= @function_exists('bzcompress')
? ''
: ($functions ? ', ' : '') . 'bzcompress';
messages_set('warning', 'BZipDump', 'BZipDump_name',
PMA_sanitize(sprintf(__('[a@?page=form&amp;formset=features#tab_Import_export]Bzip2 compression and decompression[/a] requires functions (%s) which are unavailable on this system.'), $functions)));
? ''
: ($functions ? ', ' : '') . 'bzcompress';
messages_set('warning', 'BZipDump',
PMA_lang(PMA_lang_name('BZipDump')),
PMA_lang($strBZipDumpWarning, $functions));
}
//
@@ -421,8 +442,9 @@ function perform_config_checks()
// requires zip_open in import
//
if ($cf->getValue('ZipDump') && !@function_exists('zip_open')) {
messages_set('warning', 'ZipDump_import', 'ZipDump_name',
PMA_lang('ZipDumpImportWarning', 'zip_open'));
messages_set('warning', 'ZipDump_import',
PMA_lang(PMA_lang_name('ZipDump')),
PMA_lang($strZipDumpImportWarning, 'zip_open'));
}
//
@@ -430,8 +452,9 @@ function perform_config_checks()
// requires gzcompress in export
//
if ($cf->getValue('ZipDump') && !@function_exists('gzcompress')) {
messages_set('warning', 'ZipDump_export', 'ZipDump_name',
PMA_lang('ZipDumpExportWarning', 'gzcompress'));
messages_set('warning', 'ZipDump_export',
PMA_lang(PMA_lang_name('ZipDump')),
PMA_lang($strZipDumpExportWarning, 'gzcompress'));
}
}
?>
?>