Here, we will learn how to prepare and use the configuration file containing the parameters to connect to MySQL, and which can be customized as per our requirements.
Note
Before configuring, we can rename the directory phpMyAdmin-3.3.2-all-languages to something like phpMyAdmin or just something easier to remember. This way, we and our users can visit an easily-remembered URL to start phpMyAdmin. On most servers, the directory part of URLs is case-sensitive, so we should communicate the exact URL to our users. We can also use a symbolic link if our server supports this feature.
This file contains valid PHP code that defines the majority of the parameters (expressed by PHP variables) that we can change in order to tune phpMyAdmin to our own needs. There are also normal PHP comments in it, and we can comment our changes.
Note
Be careful not to add any blank lines at the beginning or end of the file; doing so would hamper the execution of phpMyAdmin.
Note that phpMyAdmin looks for this file in the first level directory the same one where index.php is located.
In versions before 2.8.0, a generic config.inc.php file was included in the downloaded kit. Since 2.8.0, this file is no longer present in the directory structure. Since version 2.9.0, a config.sample.inc.php file is included, and this can be copied and renamed to config.inc.php to act as a starting point. However, it is recommended that you use the web-based setup script (explained in this chapter) instead, for a more comfortable configuration interface.
There is another file layout.inc.php that contains some configuration information. Because phpMyAdmin offers theme management, this file contains the theme-specific colors and settings. There is one layout.inc.php file per theme, located in themes/themename, for example, themes/original. We will cover modifying some of those parameters in Chapter 4, Taking First Steps, under the Customizing the browse mode section.
In its normal behavior, phpMyAdmin verifies that the permissions on this file do not allow everyone to modify it. This means that the file should not be writable to the world. Also, it displays a warning if the permissions are not correct. However, in some situations (for example, an NTFS file system mounted on a non-Windows server), the permission detection fails. In these cases, you should set the following parameter to false:
$cfg['CheckConfigurationPermissions'] = false;
The following sections explain various methods for adding or changing a parameter in the config.inc.php file.
phpMyAdmin's behavior, given that no configuration file is present, has changed in version 3.1.0. In versions 3.0 and earlier, the application used its default settings as defined in libraries/config.default.php and tried to connect to a MySQL server on localhost the same machine where the web server is running with user as root and no password. This is the default set-up produced by most MySQL installation procedures, even though it is not really secure. Therefore, if our freshly-installed MySQL server were still to have the default root account, we would have logged on automatically and would have seen a warning given by phpMyAdmin about such lack of security.
Note
If the notion of a MySQL root user eludes you, now might be the time to browse http://dev.mysql.com/doc/refman/5.1/en/privilege-system.html, in order to learn the basics about MySQL's privilege system.
Since version 3.1.0, the development team has wanted to promote a more flexible login panel. This is why, with the lack of a configuration file, phpMyAdmin displays the cookie-based login panel by default (more details on this in Chapter 2, Configuring Authentication and Security, which explains that with the default configuration, it's not possible to log in with an empty password):
 |
We can verify this fact by visiting http://www.mydomain.com/phpMyAdmin and substituting the appropriate values for the domain part and the directory part. If we are able to log in, it means that there is a MySQL server running on the same host as the web server (localhost) and we've just made a connection to it. However, not having created a configuration file means that we would not be able to manage other hosts via our installation of phpMyAdmin. Moreover, many advanced phpMyAdmin features (for example, query bookmarks, full relational support, column transformation, and so on) would not be activated.
The cookie-based authentication method uses Blowfish encryption for storing credentials in browser cookies. If no configuration file exists, a Blowfish secret key is generated and stored in session data, which can open the door to security issues. This is why the following warning message is displayed: The configuration file now needs a secret passphrase (blowfish_secret).
At this point, we have some choices:
Use phpMyAdmin without a configuration file
Use the web-based setup script to generate a
config.inc.phpfileCreate a
config.inc.phpfile manually
These options are presented in the following sections. We should note that even if we use the web-based setup script, we should familiarize ourselves with the config.inc.php file format, because the setup script does not cover all of the possible configuration options.
The web-based setup mechanism is strongly recommended in order to avoid syntax errors that could result from the manual creation of the configuration file. Also, because this file must respect PHP's syntax, it's common for new users to experience problems in this phase of the installation.
Note
A warning is in order here: The current version has only a limited number of translation languages for the setup interface.
To access the setup script, we must visit http://www.mydomain.com/phpmyadmin/setup. Here is what appears upon initial execution:
 |
In most cases, the icons beside each parameter point to the respective phpMyAdmin official wiki and to their documentation, providing you with more information about this parameter and its possible values.
If Show hidden messages appears and we click on this link, messages that might have been displayed earlier are revealed:
 |
There are three warnings here. As taking care of the first message will require more manipulations, we will handle it in a moment. Let's cover the second message Insecure connection. This message appears if we are accessing the web server over HTTP an insecure protocol. As we are possibly going to input confidential information, such as the username and password, in the setup phase, it's recommended that you communicate over HTTPS, at least for this phase. HTTPS uses Secure Socket Layer (SSL) to encrypt the communication and make eavesdropping on the line impossible. If our web server supports HTTPS, we can simply follow the proposed link. This will restart the setup process, this time over HTTPS. We have made this assumption in our example.
The third warning encourages you to use the ForceSSL option, which will automatically switch to HTTPS when using phpMyAdmin (not related to the setup phase).
The first warning tells us that phpMyAdmin did not find a writable directory with the name config. This is normal as it was not present in the downloaded kit. Also, as the directory is not yet there, we observe that the Save, Load, and Delete buttons in the interface are gray. In this config directory, we can:
Save the working version of the configuration file during the setup process
Load a previously-prepared
config.inc.phpfile
It's not absolutely necessary that we create this configuration directory, as we can download the config.inc.php file produced by the setup procedure to our client machine. We can then upload it to phpMyAdmin in the first-level directory via the same mechanism (say FTP) that we used to upload phpMyAdmin. In any case, we'll create this directory.
The principle here is that the web server must be able to write to this directory. There is more than one way to achieve this. Here is one that would work on a Linux server adding read, write, and execute permissions for everyone on this directory:
cd phpMyAdmin mkdir config chmod 777 config
Having done that, we refresh the page in our browser and we see:
 |
In the configuration dialog, a drop-down menu permits the user to choose the proper end-of-line format. We should choose the format that corresponds to the platform (UNIX/Linux or Windows) on which we will open later, with a text editor, the config.inc.php file.
A single copy of phpMyAdmin can be used to manage many MySQL servers, but for now we will define parameters describing our first MySQL server. We click New server, and the server configuration panel is shown.
A complete explanation of these parameters can be found in the following sections of this chapter, and also in Chapter 10, Benefiting from the Relational System. For now, we notice that the setup process has detected that PHP also supports the mysqli extension. Therefore, this is the one that is chosen by default. This extension is the programming library used by PHP to communicate with MySQL.
It's recommended you abide by the philosophy proposed by the interface, and keep cookie as the Authentication type. We assume that our MySQL server is located on localhost. Hence, we keep this value, and all of the proposed values intact, except for the following:
Verbose name of this server: We enter my server
User for config auth: We remove root and leave it empty
You can see that any parameter that is changed from its default value appears in a different color. Moreover, a small arrow becomes available, the purpose of which is to restore a field to its default value. Hence, you can feel free to experiment with changing parameters, knowing that you can easily revert to the proposed value. At this point, the panel should look like this:
 |
We then click on Save and are brought back to the Overview panel. This save operation did not yet save anything to disk; changes were saved in memory. We are warned that a Blowfish secret key was generated. However, we don't have to remember it, as it's not keyed in during login process, but is used internally. For the curious, you can switch to the Features panel and click on the Security tab to see which secret key was generated. Back to the Overview panel. Now our setup process knows about one MySQL server, and there are links that enable us to Edit or Delete these server settings:
 |
We can have a look at the generated configuration lines by using the Display button; and then we can analyze these parameters using the explanations given in the Description of some configuration parameters section later in this chapter.
At this point, this configuration is still just in memory, so we need to save it. This is done via the Save button on the Overview panel. It saves config.inc.php in the special config directory that we created previously. This is a directory strictly used for configuration purposes. If, for any reason, it was not possible to create this config directory, you just have to Download the file and upload it to the web server directory where phpMyAdmin is installed.
The last step is to copy config.inc.php from the config directory to the top-level directory the one that contains index.php. By copying this file, it becomes owned by the user instead of by the web server, ensuring that further modifications are possible. This copy can be done via FTP or through commands such as:
cd config cp config.inc.php ..
Note
As a security measure and until the configuration steps are completed, it's recommended that you change the permission on the config directory for example, with the chmod ugo-rwx config command. This is to block any unauthorized reading and writing in this directory.
Other configuration parameters can be set with these web-based setup pages. To do so, we would have to:
1. Enable read and write access to the
configdirectory2. Copy the
config.inc.phpto this directory3. Ensure that read and write access are provided to this file for the web server
4. Start the web-based setup tool
After the configuration steps are done, it's recommended that you completely remove the config directory, as this directory is only used by the web-based setup script. Since version 3.2.0, phpMyAdmin displays the following warning on the home page (see Chapter 3, Over Viewing the Interface) if it detects that this directory still exists:
Directory config, which is used by the setup script, still exists in your phpMyAdmin directory. You should remove it once phpMyAdmin has been configured.
You are invited to peruse the remaining menus to get a sense of the available configuration possibilities, either now or later when we cover a related subject.
In order to keep this book's text lighter, we will only refer to the parameters' textual values in the following chapters.
We can create this text file from scratch by using our favorite text editor, or by using config.sample.inc.php as a starting point. The exact procedure depends upon which client operating system we are using. We can refer to the next section for further information.
The default values for all possible configuration parameters that can be located inside config.inc.php are defined in libraries/config.default.php. We can take a look at this file to see the syntax used, as well as further comments about configuration. See the important note about this file in the Upgrading phpMyAdmin section later in this chapter.
This file contains special characters (Unix-style end of lines). Hence, we must open it with a text editor that understands this format. If we use the wrong text editor, this file will be displayed with very long lines. The best choice is a standard PHP editor such as NetBeans or Zend Studio for Eclipse. Another choice would be WordPad, metapad, or UltraEdit.
Every time the config.inc.php file is modified, it will have to be transferred to our webspace again. This transfer is done via an FTP or an SFTP client. You have the option to use a standalone FTP/SFTP client such as FileZilla, or save it directly via FTP/SFTP, if your PHP editor supports this feature.
In this chapter and the next one, we will concentrate on the parameters that deal with connection and authentication. Other parameters will be discussed in the chapters where the corresponding features are explained.
The first parameter we will look at is: $cfg['PmaAbsoluteUri'] = '';.
PMA is a familiar abbreviation for phpMyAdmin. For configuration parameters, the chosen convention is to capitalize the first letter, producing Pma in this case. At some places in its code, phpMyAdmin sends an HTTP Location header and must know the absolute URI of its installation point. Using an absolute URI in this case is required by RFC 2616, section 14.30.
In most cases, we can leave this one empty, as phpMyAdmin tries to auto-detect the correct value. If we browse a table later, and then edit a row and click on Save, we will receive an error message from our browser saying, for example, This document does not exist. This means that the absolute URI that phpMyAdmin built in order to reach the intended page was wrong, indicating that we must manually put the correct value in this parameter.
For example, we would change it to:
$cfg['PmaAbsoluteUri'] = 'http://www.mydomain.com/phpMyAdmin/';
The next section of the file contains server-specific configurations, each starting with:
$i++; $cfg['Servers'][$i]['host'] = '';
If we examine only the normal server parameters (other parameters will be covered starting in Chapter 10, Benefiting from the Relational System), we see a section that looks like the following for each server:
$i++; $cfg['Servers'][$i]['host'] = ''; $cfg['Servers'][$i]['port'] = ''; $cfg['Servers'][$i]['socket'] = ''; $cfg['Servers'][$i]['connect_type'] = 'tcp'; $cfg['Servers'][$i]['extension'] = 'mysqli'; $cfg['Servers'][$i]['compress'] = FALSE; $cfg['Servers'][$i]['controluser'] = ''; $cfg['Servers'][$i]['controlpass'] = ''; $cfg['Servers'][$i]['auth_type'] = 'cookie'; $cfg['Servers'][$i]['user'] = ''; $cfg['Servers'][$i]['password'] = ''; $cfg['Servers'][$i]['only_db'] = ''; $cfg['Servers'][$i]['hide_db'] = ''; $cfg['Servers'][$i]['verbose'] = '';
In this section, we have to enter in $cfg['Servers'][$i]['host'], either the hostname or IP address of the MySQL server for example, mysql.mydomain.com or localhost. If this server is running on a non-standard port or socket, we need to enter the correct values in $cfg['Servers'][$i]['port'] or $cfg['Servers'][$i]['socket']. See the section on connect_type for more details about sockets.
The displayed server name inside phpMyAdmin's interface will be the one entered in'host' (unless we enter a non-blank value in the following parameter). For example:
$cfg['Servers'][$i]['verbose'] = 'Test server';
This feature can thus be used to display a different server hostname as seen by the users on the login panel and on the main page, although the real server name can be seen as part of the user definition (for example, root@localhost) on the main page.
The traditional mechanism PHP uses to communicate with a MySQL server, as available in PHP before version 5, is the mysql extension. This extension is still available in PHP 5. However, a new extension called mysqli has been developed and should be preferred for PHP 5, because of its improved performance and its support of the full functionality of the MySQL family 4.1.x. This extension is designed to work with MySQL version 4.1.3 and higher. As phpMyAdmin supports both extensions, we can choose either one for a particular server. We indicate the extension we want to use in $cfg['Servers'][$i]['extension'].
Both the mysql and mysqli extensions automatically use a socket to connect to MySQL if the server is on localhost. Consider this configuration:
$cfg['Servers'][$i]['host'] = 'localhost'; $cfg['Servers'][$i]['port'] = ''; $cfg['Servers'][$i]['socket'] = ''; $cfg['Servers'][$i]['connect_type'] = 'tcp'; $cfg['Servers'][$i]['extension'] = 'mysql';
The default value for connect_type is tcp. However, the extension will use a socket because it concludes that this is more efficient as the host is localhost. So in this case, we can use tcp or socket as the connect_type. To force a real TCP connection, we can specify 127.0.0.1 instead of localhost in the host parameter. Because the socket parameter is empty, the extension will try the default socket. If this default socket, as defined in php.ini, does not correspond to the real socket assigned to the MySQL server, we have to put the socket name (for example, /tmp/mysql.sock) in $cfg['Servers'][$i]['socket'].
If the hostname is not localhost, a TCP connection will occur here, on the special port 3307. However, leaving the port value empty would use the default 3306 port:
$cfg['Servers'][$i]['host'] = 'mysql.mydomain.com'; $cfg['Servers'][$i]['port'] = '3307'; $cfg['Servers'][$i]['socket'] = ''; $cfg['Servers'][$i]['connect_type'] = 'tcp'; $cfg['Servers'][$i]['extension'] = 'mysql';
Another important parameter (which is not server-specific but applies to all server definitions) is $cfg['PersistentConnections']. For every server we connect to using the mysql extension, this parameter, when set to TRUE, instructs PHP to keep the connection to the MySQL server open. This speeds up the interaction between PHP and MySQL. However, it is set to FALSE by default in config.inc.php because persistent connections are often a cause of resource depletion on servers. So you will find MySQL refusing new connections. For this reason, the option is not even available for the mysqli extension. Hence, setting it to TRUE here would have no effect if you are connecting with this extension.