<?php /* vim: set expandtab sw=4 ts=4 sts=4: */ /** * session handling * * @todo add an option to use mm-module for session handler * * @package PhpMyAdmin * @see https://www.php.net/session */ if (! defined('PHPMYADMIN')) { exit; } // verify if PHP supports session, die if it does not if (!@function_exists('session_name')) { PMA_warnMissingExtension('session', true); } elseif (ini_get('session.auto_start') !== '' && session_name() != 'phpMyAdmin') { // Do not delete the existing session, it might be used by other // applications; instead just close it. session_write_close(); } // disable starting of sessions before all settings are done // does not work, besides how it is written in php manual //ini_set('session.auto_start', '0'); // session cookie settings session_set_cookie_params( 0, $GLOBALS['PMA_Config']->getRootPath(), '', $GLOBALS['PMA_Config']->isHttps(), true ); // cookies are safer (use @ini_set() in case this function is disabled) @ini_set('session.use_cookies', 'true'); // optionally set session_save_path $path = $GLOBALS['PMA_Config']->get('SessionSavePath'); if (!empty($path)) { session_save_path($path); } // use cookies only @ini_set('session.use_only_cookies', '1'); // strict session mode (do not accept random string as session ID) @ini_set('session.use_strict_mode', '1'); // make the session cookie HttpOnly @ini_set('session.cookie_httponly', '1'); // do not force transparent session ids @ini_set('session.use_trans_sid', '0'); // delete session/cookies when browser is closed @ini_set('session.cookie_lifetime', '0'); // warn but don't work with bug @ini_set('session.bug_compat_42', 'false'); @ini_set('session.bug_compat_warn', 'true'); // use more secure session ids @ini_set('session.hash_function', '1'); // some pages (e.g. stylesheet) may be cached on clients, but not in shared // proxy servers session_cache_limiter('private'); // start the session // on some servers (for example, sourceforge.net), we get a permission error // on the session data directory, so I add some "@" function PMA_sessionFailed($errors) { $messages = array(); foreach ($errors as $error) { /* * Remove path from open() in error message to avoid path disclossure * * This can happen with PHP 5 when nonexisting session ID is provided, * since PHP 7, session existence is checked first. * * This error can also happen in case of session backed error (eg. * read only filesystem) on any PHP version. * * The message string is currently hardcoded in PHP, so hopefully it * will not change in future. */ $messages[] = preg_replace( '/open\(.*, O_RDWR\)/', 'open(SESSION_FILE, O_RDWR)', htmlspecialchars($error->getMessage()) ); } /* * Session initialization is done before selecting language, so we * can not use translations here. */ PMA_fatalError( 'Error during session start; please check your PHP and/or ' . 'webserver log file and configure your PHP ' . 'installation properly. Also ensure that cookies are enabled ' . 'in your browser.' . '<br /><br />' . implode('<br /><br />', $messages) ); } // See bug #1538132. This would block normal behavior on a cluster //ini_set('session.save_handler', 'files'); $session_name = 'phpMyAdmin'; @session_name($session_name); // on first start of session we check for errors // f.e. session dir cannot be accessed - session file not created $orig_error_count = $GLOBALS['error_handler']->countErrors(false); $session_result = session_start(); if ($session_result !== true || $orig_error_count != $GLOBALS['error_handler']->countErrors(false) ) { setcookie($session_name, '', 1); $errors = $GLOBALS['error_handler']->sliceErrors($orig_error_count); PMA_sessionFailed($errors); } unset($orig_error_count, $session_result); /** * Disable setting of session cookies for further session_start() calls. */ @ini_set('session.use_cookies', 'true'); /** * Token which is used for authenticating access queries. * (we use "space PMA_token space" to prevent overwriting) */ if (! isset($_SESSION[' PMA_token '])) { if (! function_exists('openssl_random_pseudo_bytes')) { $_SESSION[' PMA_token '] = bin2hex(phpseclib\Crypt\Random::string(16)); } else { $_SESSION[' PMA_token '] = bin2hex(openssl_random_pseudo_bytes(16)); } /** * Check for disk space on session storage by trying to write it. * * This seems to be most reliable approach to test if sessions are working, * otherwise the check would fail with custom session backends. */ $orig_error_count = $GLOBALS['error_handler']->countErrors(); session_write_close(); if ($GLOBALS['error_handler']->countErrors() > $orig_error_count) { $errors = $GLOBALS['error_handler']->sliceErrors($orig_error_count); PMA_sessionFailed($errors); } session_start(); } /** * Check if token is properly generated (both above functions can return false). */ if (empty($_SESSION[' PMA_token '])) { PMA_fatalError( 'Failed to generate random CSRF token!' ); } require_once 'libraries/session.lib.php';
Name | Type | Size | Permission | Actions |
---|---|---|---|---|
bfShapeFiles | Folder | 0755 |
|
|
config | Folder | 0755 |
|
|
controllers | Folder | 0755 |
|
|
dbi | Folder | 0755 |
|
|
di | Folder | 0755 |
|
|
engines | Folder | 0755 |
|
|
gis | Folder | 0755 |
|
|
navigation | Folder | 0755 |
|
|
plugins | Folder | 0755 |
|
|
properties | Folder | 0755 |
|
|
rte | Folder | 0755 |
|
|
sql-parser | Folder | 0755 |
|
|
Advisor.php | File | 15.13 KB | 0644 |
|
Config.php | File | 54.7 KB | 0644 |
|
Console.php | File | 14.82 KB | 0644 |
|
DatabaseInterface.php | File | 95.6 KB | 0644 |
|
DbList.php | File | 1.9 KB | 0644 |
|
DbQbe.php | File | 68.87 KB | 0644 |
|
DbSearch.php | File | 17.21 KB | 0644 |
|
DisplayResults.php | File | 206 KB | 0644 |
|
Error.php | File | 12.7 KB | 0644 |
|
ErrorHandler.php | File | 16.48 KB | 0644 |
|
File.php | File | 18.82 KB | 0644 |
|
Font.php | File | 4.24 KB | 0644 |
|
Footer.php | File | 10.52 KB | 0644 |
|
Header.php | File | 25.34 KB | 0644 |
|
Index.php | File | 23.79 KB | 0644 |
|
IndexColumn.php | File | 4.46 KB | 0644 |
|
Language.php | File | 4.27 KB | 0644 |
|
LanguageManager.php | File | 20.75 KB | 0644 |
|
Linter.php | File | 5.02 KB | 0644 |
|
ListAbstract.php | File | 3.15 KB | 0644 |
|
ListDatabase.php | File | 4.62 KB | 0644 |
|
Menu.php | File | 21.14 KB | 0644 |
|
Message.php | File | 18.67 KB | 0644 |
|
OutputBuffering.php | File | 3.59 KB | 0644 |
|
PDF.php | File | 3.94 KB | 0644 |
|
Partition.php | File | 7.26 KB | 0644 |
|
Psr4Autoloader.php | File | 4.85 KB | 0644 |
|
RecentFavoriteTable.php | File | 11.78 KB | 0644 |
|
Response.php | File | 12.61 KB | 0644 |
|
SavedSearches.php | File | 11.67 KB | 0644 |
|
Scripts.php | File | 7.38 KB | 0644 |
|
ServerStatusData.php | File | 15.72 KB | 0644 |
|
StorageEngine.php | File | 13.61 KB | 0644 |
|
SubPartition.php | File | 3.52 KB | 0644 |
|
SysInfo.php | File | 799 B | 0644 |
|
SysInfoLinux.php | File | 1.92 KB | 0644 |
|
SysInfoSunOS.php | File | 1.86 KB | 0644 |
|
SysInfoWINNT.php | File | 3.08 KB | 0644 |
|
SystemDatabase.php | File | 3.66 KB | 0644 |
|
Table.php | File | 88.12 KB | 0644 |
|
Template.php | File | 4.45 KB | 0644 |
|
Theme.php | File | 11.34 KB | 0644 |
|
ThemeManager.php | File | 12.91 KB | 0644 |
|
Tracker.php | File | 30.35 KB | 0644 |
|
Types.php | File | 6.08 KB | 0644 |
|
TypesMySQL.php | File | 17.26 KB | 0644 |
|
Util.php | File | 172.46 KB | 0644 |
|
VersionInformation.php | File | 7.87 KB | 0644 |
|
ZipFile.php | File | 6.63 KB | 0644 |
|
advisor.lib.php | File | 1.6 KB | 0644 |
|
advisory_rules.txt | File | 25.94 KB | 0644 |
|
autoloader.php | File | 450 B | 0644 |
|
bookmark.lib.php | File | 8.5 KB | 0644 |
|
browse_foreigners.lib.php | File | 9.83 KB | 0644 |
|
central_columns.lib.php | File | 49.38 KB | 0644 |
|
charset_conversion.lib.php | File | 3.54 KB | 0644 |
|
check_user_privileges.lib.php | File | 10.65 KB | 0644 |
|
cleanup.lib.php | File | 1.29 KB | 0644 |
|
common.inc.php | File | 34.38 KB | 0644 |
|
config.default.php | File | 66.5 KB | 0644 |
|
config.values.php | File | 10.17 KB | 0644 |
|
core.lib.php | File | 29.94 KB | 0644 |
|
create_addfield.lib.php | File | 15.68 KB | 0644 |
|
database_interface.inc.php | File | 2.63 KB | 0644 |
|
db_common.inc.php | File | 3.12 KB | 0644 |
|
db_designer.lib.php | File | 10.4 KB | 0644 |
|
db_table_exists.lib.php | File | 3.21 KB | 0644 |
|
display_change_password.lib.php | File | 5.45 KB | 0644 |
|
display_create_table.lib.php | File | 1.53 KB | 0644 |
|
display_export.lib.php | File | 38.11 KB | 0644 |
|
display_git_revision.lib.php | File | 3.04 KB | 0644 |
|
display_import.lib.php | File | 24.34 KB | 0644 |
|
display_import_ajax.lib.php | File | 3.13 KB | 0644 |
|
display_select_lang.lib.php | File | 2.36 KB | 0644 |
|
error.inc.php | File | 1.21 KB | 0644 |
|
error_report.lib.php | File | 10.25 KB | 0644 |
|
export.lib.php | File | 35.16 KB | 0644 |
|
file_listing.lib.php | File | 2.37 KB | 0644 |
|
iconv_wrapper.lib.php | File | 3.88 KB | 0644 |
|
import.lib.php | File | 50.64 KB | 0644 |
|
index.lib.php | File | 1.37 KB | 0644 |
|
information_schema_relations.lib.php | File | 10.95 KB | 0644 |
|
insert_edit.lib.php | File | 112.79 KB | 0644 |
|
ip_allow_deny.lib.php | File | 9.35 KB | 0644 |
|
js_escape.lib.php | File | 4.43 KB | 0644 |
|
kanji-encoding.lib.php | File | 4.46 KB | 0644 |
|
language_stats.inc.php | File | 1.45 KB | 0644 |
|
logging.lib.php | File | 521 B | 0644 |
|
mime.lib.php | File | 704 B | 0644 |
|
mult_submits.inc.php | File | 10.64 KB | 0644 |
|
mult_submits.lib.php | File | 20.44 KB | 0644 |
|
mysql_charsets.inc.php | File | 4.09 KB | 0644 |
|
mysql_charsets.lib.php | File | 10.47 KB | 0644 |
|
mysql_relations.lib.php | File | 5.12 KB | 0644 |
|
normalization.lib.php | File | 33.98 KB | 0644 |
|
opendocument.lib.php | File | 7.94 KB | 0644 |
|
operations.lib.php | File | 73.64 KB | 0644 |
|
parse_analyze.lib.php | File | 2.12 KB | 0644 |
|
plugin_interface.lib.php | File | 19.69 KB | 0644 |
|
plugin_interface.lib.php.bak | File | 19.69 KB | 0644 |
|
pmd_common.php | File | 24.2 KB | 0644 |
|
relation.lib.php | File | 68.41 KB | 0644 |
|
relation_cleanup.lib.php | File | 13.84 KB | 0644 |
|
replication.inc.php | File | 8.82 KB | 0644 |
|
replication_gui.lib.php | File | 37.45 KB | 0644 |
|
sanitizing.lib.php | File | 6.3 KB | 0644 |
|
select_server.lib.php | File | 3.4 KB | 0644 |
|
server_common.inc.php | File | 1.22 KB | 0644 |
|
server_common.lib.php | File | 1.92 KB | 0644 |
|
server_privileges.lib.php | File | 179.22 KB | 0644 |
|
server_status.lib.php | File | 9.92 KB | 0644 |
|
server_status_advisor.lib.php | File | 1.89 KB | 0644 |
|
server_status_monitor.lib.php | File | 26.22 KB | 0644 |
|
server_status_processes.lib.php | File | 9.57 KB | 0644 |
|
server_status_queries.lib.php | File | 4.86 KB | 0644 |
|
server_status_variables.lib.php | File | 28.95 KB | 0644 |
|
server_user_groups.lib.php | File | 12.8 KB | 0644 |
|
server_users.lib.php | File | 1.35 KB | 0644 |
|
session.inc.php | File | 5.22 KB | 0644 |
|
session.lib.php | File | 735 B | 0644 |
|
special_schema_links.lib.php | File | 17.51 KB | 0644 |
|
sql.lib.php | File | 77.51 KB | 0644 |
|
sql.lib.php.bak | File | 77.51 KB | 0644 |
|
sql_query_form.lib.php | File | 15.71 KB | 0644 |
|
string.lib.php | File | 800 B | 0644 |
|
stringMb.lib.php | File | 1.86 KB | 0644 |
|
stringNative.lib.php | File | 6.82 KB | 0644 |
|
sysinfo.lib.php | File | 1.34 KB | 0644 |
|
tbl_columns_definition_form.inc.php | File | 13.55 KB | 0644 |
|
tbl_common.inc.php | File | 1.3 KB | 0644 |
|
tbl_info.inc.php | File | 3.54 KB | 0644 |
|
tbl_partition_definition.inc.php | File | 5.55 KB | 0644 |
|
tracking.lib.php | File | 54.93 KB | 0644 |
|
transformations.lib.php | File | 14.63 KB | 0644 |
|
url_generating.lib.php | File | 6.77 KB | 0644 |
|
user_preferences.inc.php | File | 2.38 KB | 0644 |
|
user_preferences.lib.php | File | 8.17 KB | 0644 |
|
util.lib.php | File | 749 B | 0644 |
|
vendor_config.php | File | 2.49 KB | 0644 |
|
zip_extension.lib.php | File | 5.38 KB | 0644 |
|