waibao
/
NN2021040101


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517
							<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
 * Holds the PhpMyAdmin\Controllers\HomeController
 *
 * @package PhpMyAdmin\Controllers
 */
declare(strict_types=1);

namespace PhpMyAdmin\Controllers;

use PhpMyAdmin\Charsets;
use PhpMyAdmin\Charsets\Charset;
use PhpMyAdmin\Charsets\Collation;
use PhpMyAdmin\CheckUserPrivileges;
use PhpMyAdmin\Config;
use PhpMyAdmin\DatabaseInterface;
use PhpMyAdmin\Display\GitRevision;
use PhpMyAdmin\LanguageManager;
use PhpMyAdmin\Message;
use PhpMyAdmin\RecentFavoriteTable;
use PhpMyAdmin\Relation;
use PhpMyAdmin\Response;
use PhpMyAdmin\Server\Select;
use PhpMyAdmin\Template;
use PhpMyAdmin\ThemeManager;
use PhpMyAdmin\Url;
use PhpMyAdmin\UserPreferences;
use PhpMyAdmin\Util;

/**
 * Class HomeController
 * @package PhpMyAdmin\Controllers
 */
class HomeController extends AbstractController
{
    /**
     * @var Config
     */
    private $config;

    /**
     * @var ThemeManager
     */
    private $themeManager;

    /**
     * HomeController constructor.
     *
     * @param Response          $response     Response instance
     * @param DatabaseInterface $dbi          DatabaseInterface instance
     * @param Template          $template     Template object
     * @param Config            $config       Config instance
     * @param ThemeManager      $themeManager ThemeManager instance
     */
    public function __construct($response, $dbi, Template $template, $config, ThemeManager $themeManager)
    {
        parent::__construct($response, $dbi, $template);
        $this->config = $config;
        $this->themeManager = $themeManager;
    }


    /**
     * @return string HTML
     */
    public function index(): string
    {
        global $cfg, $server, $collation_connection, $message;

        $languageManager = LanguageManager::getInstance();

        if (! empty($message)) {
            $displayMessage = Util::getMessage($message);
            unset($message);
        }
        if (isset($_SESSION['partial_logout'])) {
            $partialLogout = Message::success(__(
                'You were logged out from one server, to logout completely '
                . 'from phpMyAdmin, you need to logout from all servers.'
            ))->getDisplay();
            unset($_SESSION['partial_logout']);
        }

        $syncFavoriteTables = RecentFavoriteTable::getInstance('favorite')
            ->getHtmlSyncFavoriteTables();

        $hasServer = $server > 0 || count($cfg['Servers']) > 1;
        if ($hasServer) {
            $hasServerSelection = $cfg['ServerDefault'] == 0
                || (! $cfg['NavigationDisplayServers']
                && (count($cfg['Servers']) > 1
                || ($server == 0 && count($cfg['Servers']) === 1)));
            if ($hasServerSelection) {
                $serverSelection = Select::render(true, true);
            }

            if ($server > 0) {
                $checkUserPrivileges = new CheckUserPrivileges($this->dbi);
                $checkUserPrivileges->getPrivileges();

                if (($cfg['Server']['auth_type'] != 'config') && $cfg['ShowChgPassword']) {
                    $changePassword = $this->template->render('list/item', [
                        'content' => Util::getImage('s_passwd') . ' ' . __(
                            'Change password'
                        ),
                        'id' => 'li_change_password',
                        'class' => 'no_bullets',
                        'url' => [
                            'href' => 'user_password.php' . Url::getCommon(),
                            'target' => null,
                            'id' => 'change_password_anchor',
                            'class' => 'ajax',
                        ],
                        'mysql_help_page' => null,
                    ]);
                }

                $charsets = Charsets::getCharsets($this->dbi, $cfg['Server']['DisableIS']);
                $collations = Charsets::getCollations($this->dbi, $cfg['Server']['DisableIS']);
                $charsetsList = [];
                /** @var Charset $charset */
                foreach ($charsets as $charset) {
                    $collationsList = [];
                    /** @var Collation $collation */
                    foreach ($collations[$charset->getName()] as $collation) {
                        $collationsList[] = [
                            'name' => $collation->getName(),
                            'description' => $collation->getDescription(),
                            'is_selected' => $collation_connection === $collation->getName(),
                        ];
                    }
                    $charsetsList[] = [
                        'name' => $charset->getName(),
                        'description' => $charset->getDescription(),
                        'collations' => $collationsList,
                    ];
                }

                $userPreferences = $this->template->render('list/item', [
                    'content' => Util::getImage('b_tblops') . ' ' . __(
                        'More settings'
                    ),
                    'id' => 'li_user_preferences',
                    'class' => 'no_bullets',
                    'url' => [
                        'href' => 'prefs_manage.php' . Url::getCommon(),
                        'target' => null,
                        'id' => null,
                        'class' => null,
                    ],
                    'mysql_help_page' => null,
                ]);
            }
        }

        $languageSelector = '';
        if (empty($cfg['Lang']) && $languageManager->hasChoice()) {
            $languageSelector = $languageManager->getSelectorDisplay($this->template);
        }

        $themeSelection = '';
        if ($cfg['ThemeManager']) {
            $themeSelection = $this->themeManager->getHtmlSelectBox();
        }

        $databaseServer = [];
        if ($server > 0 && $cfg['ShowServerInfo']) {
            $hostInfo = '';
            if (! empty($cfg['Server']['verbose'])) {
                $hostInfo .= $cfg['Server']['verbose'];
                if ($cfg['ShowServerInfo']) {
                    $hostInfo .= ' (';
                }
            }
            if ($cfg['ShowServerInfo'] || empty($cfg['Server']['verbose'])) {
                $hostInfo .= $this->dbi->getHostInfo();
            }
            if (! empty($cfg['Server']['verbose']) && $cfg['ShowServerInfo']) {
                $hostInfo .= ')';
            }

            $serverCharset = Charsets::getServerCharset($this->dbi, $cfg['Server']['DisableIS']);
            $databaseServer = [
                'host' => $hostInfo,
                'type' => Util::getServerType(),
                'connection' => Util::getServerSSL(),
                'version' => $this->dbi->getVersionString() . ' - ' . $this->dbi->getVersionComment(),
                'protocol' => $this->dbi->getProtoInfo(),
                'user' => $this->dbi->fetchValue('SELECT USER();'),
                'charset' => $serverCharset->getDescription() . ' (' . $serverCharset->getName() . ')',
            ];
        }

        $webServer = [];
        if ($cfg['ShowServerInfo']) {
            $webServer['software'] = $_SERVER['SERVER_SOFTWARE'];

            if ($server > 0) {
                $clientVersion = $this->dbi->getClientInfo();
                if (preg_match('#\d+\.\d+\.\d+#', $clientVersion)) {
                    $clientVersion = 'libmysql - ' . $clientVersion;
                }

                $webServer['database'] = $clientVersion;
                $webServer['php_extensions'] = Util::listPHPExtensions();
                $webServer['php_version'] = PHP_VERSION;
            }
        }
        if ($cfg['ShowPhpInfo']) {
            $phpInfo = $this->template->render('list/item', [
                'content' => __('Show PHP information'),
                'id' => 'li_phpinfo',
                'class' => null,
                'url' => [
                    'href' => 'phpinfo.php' . Url::getCommon(),
                    'target' => '_blank',
                    'id' => null,
                    'class' => null,
                ],
                'mysql_help_page' => null,
            ]);
        }

        $relation = new Relation($this->dbi);
        if ($server > 0) {
            $cfgRelation = $relation->getRelationsParam();
            if (! $cfgRelation['allworks']
                && $cfg['PmaNoRelation_DisableWarning'] == false
            ) {
                $messageText = __(
                    'The phpMyAdmin configuration storage is not completely '
                    . 'configured, some extended features have been deactivated. '
                    . '%sFind out why%s. '
                );
                if ($cfg['ZeroConf'] == true) {
                    $messageText .= '<br>' .
                        __(
                            'Or alternately go to \'Operations\' tab of any database '
                            . 'to set it up there.'
                        );
                }
                $messageInstance = Message::notice($messageText);
                $messageInstance->addParamHtml('<a href="./chk_rel.php" data-post="' . Url::getCommon() . '">');
                $messageInstance->addParamHtml('</a>');
                /* Show error if user has configured something, notice elsewhere */
                if (! empty($cfg['Servers'][$server]['pmadb'])) {
                    $messageInstance->isError(true);
                }
                $configStorageMessage = $messageInstance->getDisplay();
            }
        }

        $this->checkRequirements();

        return $this->template->render('home/index', [
            'message' => $displayMessage ?? '',
            'partial_logout' => $partialLogout ?? '',
            'is_git_revision' => $this->config->isGitRevision(),
            'server' => $server,
            'sync_favorite_tables' => $syncFavoriteTables,
            'has_server' => $hasServer,
            'is_demo' => $cfg['DBG']['demo'],
            'has_server_selection' => $hasServerSelection ?? false,
            'server_selection' => $serverSelection ?? '',
            'change_password' => $changePassword ?? '',
            'charsets' => $charsetsList ?? [],
            'language_selector' => $languageSelector,
            'theme_selection' => $themeSelection,
            'user_preferences' => $userPreferences ?? '',
            'database_server' => $databaseServer,
            'web_server' => $webServer,
            'php_info' => $phpInfo ?? '',
            'is_version_checked' => $cfg['VersionCheck'],
            'phpmyadmin_version' => PMA_VERSION,
            'config_storage_message' => $configStorageMessage ?? '',
        ]);
    }

    /**
     * @param array $params Request parameters
     * @return void
     */
    public function setTheme(array $params): void
    {
        $this->themeManager->setActiveTheme($params['set_theme']);
        $this->themeManager->setThemeCookie();

        $userPreferences = new UserPreferences();
        $preferences = $userPreferences->load();
        $preferences['config_data']['ThemeDefault'] = $params['set_theme'];
        $userPreferences->save($preferences['config_data']);
    }

    /**
     * @param array $params Request parameters
     * @return void
     */
    public function setCollationConnection(array $params): void
    {
        $this->config->setUserValue(
            null,
            'DefaultConnectionCollation',
            $params['collation_connection'],
            'utf8mb4_unicode_ci'
        );
    }

    /**
     * @return array JSON
     */
    public function reloadRecentTablesList(): array
    {
        return [
            'list' => RecentFavoriteTable::getInstance('recent')->getHtmlList(),
        ];
    }

    /**
     * @return string HTML
     */
    public function gitRevision(): string
    {
        return (new GitRevision(
            $this->response,
            $this->config,
            $this->template
        ))->display();
    }

    /**
     * @return void
     */
    private function checkRequirements(): void
    {
        global $cfg, $server, $lang;

        /**
         * mbstring is used for handling multibytes inside parser, so it is good
         * to tell user something might be broken without it, see bug #1063149.
         */
        if (! extension_loaded('mbstring')) {
            trigger_error(
                __(
                    'The mbstring PHP extension was not found and you seem to be using'
                    . ' a multibyte charset. Without the mbstring extension phpMyAdmin'
                    . ' is unable to split strings correctly and it may result in'
                    . ' unexpected results.'
                ),
                E_USER_WARNING
            );
        }

        /**
         * Missing functionality
         */
        if (! extension_loaded('curl') && ! ini_get('allow_url_fopen')) {
            trigger_error(
                __(
                    'The curl extension was not found and allow_url_fopen is '
                    . 'disabled. Due to this some features such as error reporting '
                    . 'or version check are disabled.'
                )
            );
        }

        if ($cfg['LoginCookieValidityDisableWarning'] == false) {
            /**
             * Check whether session.gc_maxlifetime limits session validity.
             */
            $gc_time = (int) ini_get('session.gc_maxlifetime');
            if ($gc_time < $cfg['LoginCookieValidity']) {
                trigger_error(
                    __(
                        'Your PHP parameter [a@https://secure.php.net/manual/en/session.' .
                        'configuration.php#ini.session.gc-maxlifetime@_blank]session.' .
                        'gc_maxlifetime[/a] is lower than cookie validity configured ' .
                        'in phpMyAdmin, because of this, your login might expire sooner ' .
                        'than configured in phpMyAdmin.'
                    ),
                    E_USER_WARNING
                );
            }
        }

        /**
         * Check whether LoginCookieValidity is limited by LoginCookieStore.
         */
        if ($cfg['LoginCookieStore'] != 0
            && $cfg['LoginCookieStore'] < $cfg['LoginCookieValidity']
        ) {
            trigger_error(
                __(
                    'Login cookie store is lower than cookie validity configured in ' .
                    'phpMyAdmin, because of this, your login will expire sooner than ' .
                    'configured in phpMyAdmin.'
                ),
                E_USER_WARNING
            );
        }

        /**
         * Warning if using the default MySQL controluser account
         */
        if ($server != 0
            && isset($cfg['Server']['controluser']) && $cfg['Server']['controluser'] == 'pma'
            && isset($cfg['Server']['controlpass']) && $cfg['Server']['controlpass'] == 'pmapass'
        ) {
            trigger_error(
                __(
                    'Your server is running with default values for the ' .
                    'controluser and password (controlpass) and is open to ' .
                    'intrusion; you really should fix this security weakness' .
                    ' by changing the password for controluser \'pma\'.'
                ),
                E_USER_WARNING
            );
        }

        /**
         * Check if user does not have defined blowfish secret and it is being used.
         */
        if (! empty($_SESSION['encryption_key'])) {
            if (empty($cfg['blowfish_secret'])) {
                trigger_error(
                    __(
                        'The configuration file now needs a secret passphrase (blowfish_secret).'
                    ),
                    E_USER_WARNING
                );
            } elseif (strlen($cfg['blowfish_secret']) < 32) {
                trigger_error(
                    __(
                        'The secret passphrase in configuration (blowfish_secret) is too short.'
                    ),
                    E_USER_WARNING
                );
            }
        }

        /**
         * Check for existence of config directory which should not exist in
         * production environment.
         */
        if (@file_exists(ROOT_PATH . 'config')) {
            trigger_error(
                __(
                    'Directory [code]config[/code], which is used by the setup script, ' .
                    'still exists in your phpMyAdmin directory. It is strongly ' .
                    'recommended to remove it once phpMyAdmin has been configured. ' .
                    'Otherwise the security of your server may be compromised by ' .
                    'unauthorized people downloading your configuration.'
                ),
                E_USER_WARNING
            );
        }

        /**
         * Warning about Suhosin only if its simulation mode is not enabled
         */
        if ($cfg['SuhosinDisableWarning'] == false
            && ini_get('suhosin.request.max_value_length')
            && ini_get('suhosin.simulation') == '0'
        ) {
            trigger_error(
                sprintf(
                    __(
                        'Server running with Suhosin. Please refer ' .
                        'to %sdocumentation%s for possible issues.'
                    ),
                    '[doc@faq1-38]',
                    '[/doc]'
                ),
                E_USER_WARNING
            );
        }

        /* Missing template cache */
        if ($this->config->getTempDir('twig') === null) {
            trigger_error(
                sprintf(
                    __(
                        'The $cfg[\'TempDir\'] (%s) is not accessible. ' .
                        'phpMyAdmin is not able to cache templates and will ' .
                        'be slow because of this.'
                    ),
                    $this->config->get('TempDir')
                ),
                E_USER_WARNING
            );
        }

        /**
         * Warning about incomplete translations.
         *
         * The data file is created while creating release by ./scripts/remove-incomplete-mo
         */
        if (@file_exists(ROOT_PATH . 'libraries/language_stats.inc.php')) {
            include ROOT_PATH . 'libraries/language_stats.inc.php';
            /*
             * This message is intentionally not translated, because we're
             * handling incomplete translations here and focus on english
             * speaking users.
             */
            if (isset($GLOBALS['language_stats'][$lang])
                && $GLOBALS['language_stats'][$lang] < $cfg['TranslationWarningThreshold']
            ) {
                trigger_error(
                    'You are using an incomplete translation, please help to make it '
                    . 'better by [a@https://www.phpmyadmin.net/translate/'
                    . '@_blank]contributing[/a].',
                    E_USER_NOTICE
                );
            }
        }
    }
}