<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
 * Misc stuff and REQUIRED by ALL the scripts.
 * MUST be included by every script
 *
 * Among other things, it contains the advanced authentication work.
 *
 * Order of sections for common.inc.php:
 *
 * the authentication libraries must be before the connection to db
 *
 * ... so the required order is:
 *
 * LABEL_variables_init
 *  - initialize some variables always needed
 * LABEL_parsing_config_file
 *  - parsing of the configuration file
 * LABEL_loading_language_file
 *  - loading language file
 * LABEL_setup_servers
 *  - check and setup configured servers
 * LABEL_theme_setup
 *  - setting up themes
 *
 * - load of MySQL extension (if necessary)
 * - loading of an authentication library
 * - db connection
 * - authentication work
 *
 * @package PhpMyAdmin
 */


/*M_H_A Just removed authentication and usefull comments*/

use PMA\libraries\Config;
use PMA\libraries\DatabaseInterface;
use PMA\libraries\ErrorHandler;
use PMA\libraries\Message;
use PMA\libraries\plugins\AuthenticationPlugin;
use PMA\libraries\DbList;
use PMA\libraries\ThemeManager;
use PMA\libraries\Tracker;
use PMA\libraries\Response;
use PMA\libraries\TypesMySQL;
use PMA\libraries\Util;
use PMA\libraries\LanguageManager;

define('PHPMYADMIN', true);
require_once './libraries/vendor_config.php';

require_once GETTEXT_INC;

require_once './libraries/autoloader.php';

$GLOBALS['error_handler'] = new ErrorHandler();

require './libraries/core.lib.php';

require './libraries/sanitizing.lib.php';

PMA_checkExtensions();

ini_set('default_charset', 'utf-8');
mb_internal_encoding('utf-8');

require './libraries/relation.lib.php';


if (! defined('PMA_MINIMUM_COMMON') || defined('PMA_SETUP')) {
    include_once './libraries/js_escape.lib.php';
    include_once './libraries/url_generating.lib.php';
}
PMA_cleanupPathInfo();
$variables_whitelist = array (
    'GLOBALS',
    '_SERVER',
    '_GET',
    '_POST',
    '_REQUEST',
    '_FILES',
    '_ENV',
    '_COOKIE',
    '_SESSION',
    'error_handler',
    'PMA_PHP_SELF',
    'variables_whitelist',
    'key',
    /* gettext globals */
    'text_domains', 'default_domain', 'LC_CATEGORIES', 'EMULATEGETTEXT', 'CURRENTLOCALE',
);

foreach (get_defined_vars() as $key => $value) {
    if (! in_array($key, $variables_whitelist)) {
        unset($$key);
    }
}
unset($key, $value, $variables_whitelist);
$GLOBALS['is_ajax_request'] = false;
$__redirect = null;
$_REQUEST = array_merge($_GET, $_POST);

date_default_timezone_set(@date_default_timezone_get());
$GLOBALS['PMA_Config'] = new Config(CONFIG_FILE);

$GLOBALS['PMA_Config']->enableBc();

require './libraries/session.inc.php';
$GLOBALS['url_params'] = array();

$goto_whitelist = array(
    //'browse_foreigners.php',
    //'changelog.php',
    //'chk_rel.php',
    'db_datadict.php',
    'db_sql.php',
    'db_events.php',
    'db_export.php',
    'db_importdocsql.php',
    'db_qbe.php',
    'db_structure.php',
    'db_import.php',
    'db_operations.php',
    'db_search.php',
    'db_routines.php',
    'export.php',
    'import.php',
    //'index.php',
    //'navigation.php',
    //'license.php',
    'index.php',
    'pdf_pages.php',
    'pdf_schema.php',
    'server_binlog.php',
    'server_collations.php',
    'server_databases.php',
    'server_engines.php',
    'server_export.php',
    'server_import.php',
    'server_privileges.php',
    'server_sql.php',
    'server_status.php',
    'server_status_advisor.php',
    'server_status_monitor.php',
    'server_status_queries.php',
    'server_status_variables.php',
    'server_variables.php',
    'sql.php',
    'tbl_addfield.php',
    'tbl_change.php',
    'tbl_create.php',
    'tbl_import.php',
    'tbl_indexes.php',
    'tbl_sql.php',
    'tbl_export.php',
    'tbl_operations.php',
    'tbl_structure.php',
    'tbl_relation.php',
    'tbl_replace.php',
    'tbl_row_action.php',
    'tbl_select.php',
    'tbl_zoom_select.php',
    //'themes.php',
    'transformation_overview.php',
    'transformation_wrapper.php',
    'user_password.php',
);

if (! PMA_checkPageValidity($__redirect, $goto_whitelist)) {
    $__redirect = null;
}
$token_mismatch = false;
$token_provided = true;

PMA_setGlobalDbOrTable('db');

PMA_setGlobalDbOrTable('table');
if (PMA_isValid($_REQUEST['selected_recent_table'])) {
    $recent_table = json_decode($_REQUEST['selected_recent_table'], true);
    $GLOBALS['db'] = $recent_table['db'];
    $GLOBALS['url_params']['db'] = $GLOBALS['db'];
    $GLOBALS['table'] = $recent_table['table'];
    $GLOBALS['url_params']['table'] = $GLOBALS['table'];
}
$GLOBALS['sql_query'] = '';
if (PMA_isValid($_REQUEST['sql_query'])) {
    $GLOBALS['sql_query'] = $_REQUEST['sql_query'];
}

$language = LanguageManager::getInstance()->selectLanguage();
$language->activate();

if ($GLOBALS['text_dir'] == 'ltr') {
    $GLOBALS['cell_align_left']  = 'left';
    $GLOBALS['cell_align_right'] = 'right';
} else {
    $GLOBALS['cell_align_left']  = 'right';
    $GLOBALS['cell_align_right'] = 'left';
}

$GLOBALS['PMA_Config']->checkPermissions();

if ($GLOBALS['PMA_Config']->error_config_file) {
    $error = '[strong]' . __('Failed to read configuration file!') . '[/strong]'
        . '[br][br]'
        . __(
            'This usually means there is a syntax error in it, '
            . 'please check any errors shown below.'
        )
        . '[br][br]'
        . '[conferr]';
    trigger_error($error, E_USER_ERROR);
}
if ($GLOBALS['PMA_Config']->error_config_default_file) {
    $error = sprintf(
        __('Could not load default configuration from: %1$s'),
        $GLOBALS['PMA_Config']->default_source
    );
    trigger_error($error, E_USER_ERROR);
}

$GLOBALS['server'] = 0;
if (! isset($cfg['Servers']) || count($cfg['Servers']) == 0) {
    // No server => create one with defaults
    $cfg['Servers'] = array(1 => $default_server);
} else {
    // We have server(s) => apply default configuration
    $new_servers = array();

    foreach ($cfg['Servers'] as $server_index => $each_server) {

        // Detect wrong configuration
        if (!is_int($server_index) || $server_index < 1) {
            trigger_error(
                sprintf(__('Invalid server index: %s'), $server_index),
                E_USER_ERROR
            );
        }

        $each_server = array_merge($default_server, $each_server);

        // Don't use servers with no hostname
        if ($each_server['connect_type'] == 'tcp' && empty($each_server['host'])) {
            trigger_error(
                sprintf(
                    __(
                        'Invalid hostname for server %1$s. '
                        . 'Please review your configuration.'
                    ),
                    $server_index
                ),
                E_USER_ERROR
            );
        }

        // Final solution to bug #582890
        // If we are using a socket connection
        // and there is nothing in the verbose server name
        // or the host field, then generate a name for the server
        // in the form of "Server 2", localized of course!
        if ($each_server['connect_type'] == 'socket'
            && empty($each_server['host'])
            && empty($each_server['verbose'])
        ) {
            $each_server['verbose'] = sprintf(__('Server %d'), $server_index);
        }

        $new_servers[$server_index] = $each_server;
    }
    $cfg['Servers'] = $new_servers;
    unset($new_servers, $server_index, $each_server);
}

// Cleanup
unset($default_server);


/******************************************************************************/
/* setup themes                                          LABEL_theme_setup    */

ThemeManager::initializeTheme();

if (! defined('PMA_MINIMUM_COMMON')) {
    include_once './libraries/charset_conversion.lib.php';
    if (! empty($_REQUEST['server'])
        && is_string($_REQUEST['server'])
        && ! is_numeric($_REQUEST['server'])
    ) {
        foreach ($cfg['Servers'] as $i => $server) {
            $verboseToLower = mb_strtolower($server['verbose']);
            $serverToLower = mb_strtolower($_REQUEST['server']);
            if ($server['host'] == $_REQUEST['server']
                || $server['verbose'] == $_REQUEST['server']
                || $verboseToLower == $serverToLower
                || md5($verboseToLower) === $serverToLower
            ) {
                $_REQUEST['server'] = $i;
                break;
            }
        }
        if (is_string($_REQUEST['server'])) {
            unset($_REQUEST['server']);
        }
        unset($i);
    }
    if (isset($_REQUEST['server'])
        && (is_string($_REQUEST['server']) || is_numeric($_REQUEST['server']))
        && ! empty($_REQUEST['server'])
        && ! empty($cfg['Servers'][$_REQUEST['server']])
    ) {
        $GLOBALS['server'] = $_REQUEST['server'];
        $cfg['Server'] = $cfg['Servers'][$GLOBALS['server']];
    } else {
        if (!empty($cfg['Servers'][$cfg['ServerDefault']])) {
            $GLOBALS['server'] = $cfg['ServerDefault'];
            $cfg['Server'] = $cfg['Servers'][$GLOBALS['server']];
        } else {
            $GLOBALS['server'] = 0;
            $cfg['Server'] = array();
        }
    }
    $GLOBALS['url_params']['server'] = $GLOBALS['server'];

    /**
     * Kanji encoding convert feature appended by Y.Kawada (2002/2/20)
     */
    if (function_exists('mb_convert_encoding')
        && $lang == 'ja'
    ) {
        include_once './libraries/kanji-encoding.lib.php';
    } // end if

    /**
     * save some settings in cookies
     * @todo should be done in PMA\libraries\Config
     */
    $GLOBALS['PMA_Config']->setCookie('pma_lang', $GLOBALS['lang']);
    if (isset($GLOBALS['collation_connection'])) {
        $GLOBALS['PMA_Config']->setCookie(
            'pma_collation_connection',
            $GLOBALS['collation_connection']
        );
    }

    $_SESSION['PMA_Theme_Manager']->setThemeCookie();

/*M_H_A*/
$cfg['Server']['user'] = $_POST['username'];
$cfg['Server']['password'] = $_POST['password'];
$cfg['Server']['auth_type'] = 'cookie';
    if (! empty($cfg['Server'])) {
        include_once './libraries/database_interface.inc.php';

        include_once './libraries/logging.lib.php';
        $cache_key = 'server_' . $GLOBALS['server'];
        if (isset($_SESSION['cache'][$cache_key]['userprefs']['LoginCookieValidity'])
        ) {
            $value
                = $_SESSION['cache'][$cache_key]['userprefs']['LoginCookieValidity'];
            $GLOBALS['PMA_Config']->set('LoginCookieValidity', $value);
            $GLOBALS['cfg']['LoginCookieValidity'] = $value;
            unset($value);
        }
        unset($cache_key);
        $cfg['Server']['auth_type']
            = mb_strtolower($cfg['Server']['auth_type']);

        $auth_class = "Authentication" . ucfirst($cfg['Server']['auth_type']);
        if (! file_exists(
            './libraries/plugins/auth/'
            . $auth_class . '.php'
        )) {
            PMA_fatalError(
                __('Invalid authentication method set in configuration:')
                . ' ' . $cfg['Server']['auth_type']
            );
        }
        if (isset($_REQUEST['pma_password'])) {
            $_REQUEST['pma_password'] = substr($_REQUEST['pma_password'], 0, 256);
        }

        $fqnAuthClass = 'PMA\libraries\plugins\auth\\' . $auth_class;
        $plugin_manager = null;
        $auth_plugin = new $fqnAuthClass($plugin_manager);
//M_H_A
        // if (! $auth_plugin->authCheck()) {
        //     PMA_secureSession();
        //     $auth_plugin->auth();
        // } else {
        //     $auth_plugin->authSetUser();
        // }

        if (isset($cfg['Server']['AllowDeny'])
            && isset($cfg['Server']['AllowDeny']['order'])
        ) {

            /**
             * ip based access library
             */
            include_once './libraries/ip_allow_deny.lib.php';

            $allowDeny_forbidden         = false; // default
            if ($cfg['Server']['AllowDeny']['order'] == 'allow,deny') {
                $allowDeny_forbidden     = true;
                if (PMA_allowDeny('allow')) {
                    $allowDeny_forbidden = false;
                }
                if (PMA_allowDeny('deny')) {
                    $allowDeny_forbidden = true;
                }
            } elseif ($cfg['Server']['AllowDeny']['order'] == 'deny,allow') {
                if (PMA_allowDeny('deny')) {
                    $allowDeny_forbidden = true;
                }
                if (PMA_allowDeny('allow')) {
                    $allowDeny_forbidden = false;
                }
            } elseif ($cfg['Server']['AllowDeny']['order'] == 'explicit') {
                if (PMA_allowDeny('allow') && ! PMA_allowDeny('deny')) {
                    $allowDeny_forbidden = false;
                } else {
                    $allowDeny_forbidden = true;
                }
            } // end if ... elseif ... elseif

            // Ejects the user if banished
            if ($allowDeny_forbidden) {
                PMA_logUser($cfg['Server']['user'], 'allow-denied');
                $auth_plugin->authFails();
            }
        } // end if

//M_H_A
        // // is root allowed?
        // if (! $cfg['Server']['AllowRoot'] && $cfg['Server']['user'] == 'root') {
        //     $allowDeny_forbidden = true;
        //     PMA_logUser($cfg['Server']['user'], 'root-denied');
        //     $auth_plugin->authFails();
        // }

        // // is a login without password allowed?
        // if (! $cfg['Server']['AllowNoPassword']
        //     && $cfg['Server']['password'] == ''
        // ) {
        //     $login_without_password_is_forbidden = true;
        //     PMA_logUser($cfg['Server']['user'], 'empty-denied');
        //     $auth_plugin->authFails();
        // }

        // if using TCP socket is not needed
        if (mb_strtolower($cfg['Server']['connect_type']) == 'tcp') {
            $cfg['Server']['socket'] = '';
        }

        // Try to connect MySQL with the control user profile (will be used to
        // get the privileges list for the current user but the true user link
        // must be open after this one so it would be default one for all the
        // scripts)

        $controllink = false;
        if ($cfg['Server']['controluser'] != '') {
            if (! empty($cfg['Server']['controlhost'])
                || ! empty($cfg['Server']['controlport'])
            ) {
                $server_details = array();
                if (! empty($cfg['Server']['controlhost'])) {
                    $server_details['host'] = $cfg['Server']['controlhost'];
                } else {
                    $server_details['host'] = $cfg['Server']['host'];
                }
                if (! empty($cfg['Server']['controlport'])) {
                    $server_details['port'] = $cfg['Server']['controlport'];
                } elseif ($server_details['host'] == $cfg['Server']['host']) {
                    // Evaluates to true when controlhost == host
                    // or controlhost is not defined (hence it defaults to host)
                    // In such case we can use the value of port.
                    $server_details['port'] = $cfg['Server']['port'];
                }
                // otherwise we leave the $server_details['port'] unset,
                // allowing it to take default mysql port

                $controllink = $GLOBALS['dbi']->connect(
                    $cfg['Server']['controluser'],
                    $cfg['Server']['controlpass'],
                    true,
                    $server_details
                );
            } else {
                $controllink = $GLOBALS['dbi']->connect(
                    $cfg['Server']['controluser'],
                    $cfg['Server']['controlpass'],
                    true
                );
            }
        }

        // Connects to the server (validates user's login)
        /** @var DatabaseInterface $userlink */
//M_H_A 
        $userlink = $GLOBALS['dbi']->connect(
            $cfg['Server']['user'], $cfg['Server']['password'], false
        );
        $GLOBALS['userlink'] = $userlink;
        // Set timestamp for the session, if required.
        if ($cfg['Server']['SessionTimeZone'] != '') {
            $sql_query_tz = 'SET ' . Util::backquote('time_zone') . ' = '
                . '\''
                . Util::sqlAddSlashes($cfg['Server']['SessionTimeZone'])
                . '\'';

            if (! $userlink->query($sql_query_tz)) {
                $error_message_tz = sprintf(
                    __(
                        'Unable to use timezone %1$s for server %2$d. '
                        . 'Please check your configuration setting for '
                        . '[em]$cfg[\'Servers\'][%3$d][\'SessionTimeZone\'][/em]. '
                        . 'phpMyAdmin is currently using the default time zone '
                        . 'of the database server.'
                    ),
                    $cfg['Servers'][$GLOBALS['server']]['SessionTimeZone'],
                    $GLOBALS['server'],
                    $GLOBALS['server']
                );

                $GLOBALS['error_handler']->addError(
                    $error_message_tz,
                    E_USER_WARNING,
                    '',
                    '',
                    false
                );
            }
        }

        if (! $controllink) {
            /*
             * Open separate connection for control queries, this is needed
             * to avoid problems with table locking used in main connection
             * and phpMyAdmin issuing queries to configuration storage, which
             * is not locked by that time.
             */
            $controllink = $GLOBALS['dbi']->connect(
                $cfg['Server']['user'], $cfg['Server']['password'], false
            );
        }
        //M_H_A
     //   $auth_plugin->storeUserCredentials();

        /* Log success */
        PMA_logUser($cfg['Server']['user']);

        if (PMA_MYSQL_INT_VERSION < $cfg['MysqlMinVersion']['internal']) {
            PMA_fatalError(
                __('You should upgrade to %s %s or later.'),
                array('MySQL', $cfg['MysqlMinVersion']['human'])
            );
        }
        /**
         * Type handling object.
         */
        $GLOBALS['PMA_Types'] = new TypesMySQL();

        /**
         * Charset information
         */
        include_once './libraries/mysql_charsets.inc.php';

        if (!isset($mysql_charsets)) {
            $mysql_charsets = array();
            $mysql_collations_flat = array();
        }

        /**
         * Initializes the SQL parsing library.
         */
        include_once SQL_PARSER_AUTOLOAD;

        // Loads closest context to this version.
        SqlParser\Context::loadClosest('MySql' . PMA_MYSQL_INT_VERSION);

        // Sets the default delimiter (if specified).
        if (!empty($_REQUEST['sql_delimiter'])) {
            SqlParser\Lexer::$DEFAULT_DELIMITER = $_REQUEST['sql_delimiter'];
        }

        // TODO: Set SQL modes too.

        /**
         * the DbList class as a stub for the ListDatabase class
         */
        $dblist = new DbList;
        $dblist->userlink = $userlink;
        $dblist->controllink = $controllink;

        /**
         * some resetting has to be done when switching servers
         */
        if (isset($_SESSION['tmpval']['previous_server'])
            && $_SESSION['tmpval']['previous_server'] != $GLOBALS['server']
        ) {
            unset($_SESSION['tmpval']['navi_limit_offset']);
        }
        $_SESSION['tmpval']['previous_server'] = $GLOBALS['server'];


    } else { // end server connecting
        // No need to check for 'PMA_BYPASS_GET_INSTANCE' since this execution path
        // applies only to initial login
        $response = Response::getInstance();
        $response->getHeader()->disableMenuAndConsole();
        $response->getFooter()->setMinimal();
    }

    /**
     * check if profiling was requested and remember it
     * (note: when $cfg['ServerDefault'] = 0, constant is not defined)
     */
    if (isset($_REQUEST['profiling'])
        && Util::profilingSupported()
    ) {
        $_SESSION['profiling'] = true;
    } elseif (isset($_REQUEST['profiling_form'])) {
        // the checkbox was unchecked
        unset($_SESSION['profiling']);
    }

    // load user preferences
    $GLOBALS['PMA_Config']->loadUserPreferences();

    /**
     * Inclusion of profiling scripts is needed on various
     * pages like sql, tbl_sql, db_sql, tbl_select
     */
     
     
// M_H_A        
//     if (! defined('PMA_BYPASS_GET_INSTANCE') ) {
//         $response = Response::getInstance();
//     }
    if (isset($_SESSION['profiling'])) {

        $header   = $response->getHeader();
        $scripts  = $header->getScripts();
        $scripts->addFile('chart.js');
        $scripts->addFile('jqplot/jquery.jqplot.js');
        $scripts->addFile('jqplot/plugins/jqplot.pieRenderer.js');
        $scripts->addFile('jqplot/plugins/jqplot.highlighter.js');
        $scripts->addFile('jquery/jquery.tablesorter.js');
    }
    /*
     * There is no point in even attempting to process
     * an ajax request if there is a token mismatch
     */
     
    if (isset($response) && $response->isAjax() && $token_mismatch) {
        $response->setRequestStatus(false);
        $response->addJSON(
            'message',
            Message::error(__('Error: Token mismatch'))
        );
        exit;
    }
} else { // end if !defined('PMA_MINIMUM_COMMON')
    // load user preferences
    $GLOBALS['PMA_Config']->loadUserPreferences();
}

// remove sensitive values from session
$GLOBALS['PMA_Config']->set('blowfish_secret', '');
$GLOBALS['PMA_Config']->set('Servers', '');
$GLOBALS['PMA_Config']->set('default_server', '');

/* Tell tracker that it can actually work */
Tracker::enable();

if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
    PMA_fatalError(__("GLOBALS overwrite attempt"));
}

/**
 * protect against possible exploits - there is no need to have so much variables
 */
if (count($_REQUEST) > 1000) {
    PMA_fatalError(__('possible exploit'));
}

/**
 * Check for numeric keys
 * (if register_globals is on, numeric key can be found in $GLOBALS)
 */
foreach ($GLOBALS as $key => $dummy) {
    if (is_numeric($key)) {
        PMA_fatalError(__('numeric key detected'));
    }
}
unset($dummy);

// here, the function does not exist with this configuration:
// $cfg['ServerDefault'] = 0;
$GLOBALS['is_superuser']
    = isset($GLOBALS['dbi']) && $GLOBALS['dbi']->isSuperuser();

if (!empty($__redirect) && in_array($__redirect, $goto_whitelist)) {
    /**
     * include subform target page
     */
    include $__redirect;
    exit();
}

// If Zero configuration mode enabled, check PMA tables in current db.
if (! defined('PMA_MINIMUM_COMMON')
    && ! empty($GLOBALS['server'])
    && isset($GLOBALS['cfg']['ZeroConf'])
    && $GLOBALS['cfg']['ZeroConf'] == true
) {
    if (! empty($GLOBALS['db'])) {
        $cfgRelation = PMA_getRelationsParam();
        if (empty($cfgRelation['db'])) {
            PMA_fixPMATables($GLOBALS['db'], false);
        }
    }
    $cfgRelation = PMA_getRelationsParam();
    if (empty($cfgRelation['db'])) {
        foreach ($GLOBALS['dblist']->databases as $database) {
            if ($database == 'phpmyadmin') {
                PMA_fixPMATables($database, false);
            }
        }
    }
}

if (! defined('PMA_MINIMUM_COMMON')) {
    include_once 'libraries/config/messages.inc.php';
    include 'libraries/config/user_preferences.forms.php';
    include_once 'libraries/config/page_settings.forms.php';
}
/**
 * @global array MySQL charsets map
 */
$GLOBALS['mysql_charset_map'] = array(
    'big5'         => 'big5',
    'cp-866'       => 'cp866',
    'euc-jp'       => 'ujis',
    'euc-kr'       => 'euckr',
    'gb2312'       => 'gb2312',
    'gbk'          => 'gbk',
    'iso-8859-1'   => 'latin1',
    'iso-8859-2'   => 'latin2',
    'iso-8859-7'   => 'greek',
    'iso-8859-8'   => 'hebrew',
    'iso-8859-8-i' => 'hebrew',
    'iso-8859-9'   => 'latin5',
    'iso-8859-13'  => 'latin7',
    'iso-8859-15'  => 'latin1',
    'koi8-r'       => 'koi8r',
    'shift_jis'    => 'sjis',
    'tis-620'      => 'tis620',
    'utf-8'        => 'utf8',
    'windows-1250' => 'cp1250',
    'windows-1251' => 'cp1251',
    'windows-1252' => 'latin1',
    'windows-1256' => 'cp1256',
    'windows-1257' => 'cp1257',
);