phpMyAdmin does not apply any special security methods to the MySQL
database server. It is still the system administrator’s job to grant
permissions on the MySQL databases properly. phpMyAdmin’s Users
page can be used for this.
Linux distributions
phpMyAdmin is included in most Linux distributions. It is recommended to use
distribution packages when possible — they usually provide integration to your
distribution and you will automatically get security updates from your distribution.
Debian and Ubuntu
Most Debian and Ubuntu versions include a phpMyAdmin package, but be aware that
the configuration file is maintained in /etc/phpmyadmin and may differ in
some ways from the official phpMyAdmin documentation. Specifically, it does:
-
Configuration of a web server (works for Apache and lighttpd).
-
Creating of phpMyAdmin configuration storage using dbconfig-common.
-
Securing setup script, see Setup script on Debian, Ubuntu and derivatives.
More specific details about installing Debian or Ubuntu packages are available
in our wiki.
See also
More information can be found in README.Debian
(it is installed as /usr/share/doc/phpmyadmin/README.Debian with the package).
OpenSUSE
OpenSUSE already comes with phpMyAdmin package, just install packages from
the openSUSE Build Service.
Gentoo
Gentoo ships the phpMyAdmin package, both in a near-stock configuration as well
as in a webapp-config configuration. Use emerge dev-db/phpmyadmin to
install.
Mandriva
Mandriva ships the phpMyAdmin package in their contrib branch and can be
installed via the usual Control Center.
Fedora
Fedora ships the phpMyAdmin package, but be aware that the configuration file
is maintained in /etc/phpMyAdmin/ and may differ in some ways from the
official phpMyAdmin documentation.
Red Hat Enterprise Linux
Red Hat Enterprise Linux itself and thus derivatives like CentOS don’t
ship phpMyAdmin, but the Fedora-driven repository
Extra Packages for Enterprise Linux (EPEL)
is doing so, if it’s
enabled.
But be aware that the configuration file is maintained in
/etc/phpMyAdmin/ and may differ in some ways from the
official phpMyAdmin documentation.
Installing on Windows
The easiest way to get phpMyAdmin on Windows is using third party products
which include phpMyAdmin together with a database and web server such as
XAMPP.
You can find more of such options at Wikipedia.
Installing from Git
In order to install from Git, you’ll need a few supporting applications:
-
Git to download the source, or you can download the most recent source directly from Github
-
Composer
-
Node.js (version 12 or higher)
-
Yarn
You can clone current phpMyAdmin source from
https://github.com/phpmyadmin/phpmyadmin.git:
git clone https://github.com/phpmyadmin/phpmyadmin.git
Additionally you need to install dependencies using Composer:
If you do not intend to develop, you can skip the installation of developer tools
by invoking:
Finally, you’ll need to use Yarn to install some JavaScript dependencies:
yarn install --production
Installing using Composer
You can install phpMyAdmin using the Composer tool, since 4.7.0 the releases
are automatically mirrored to the default Packagist repository.
Note
The content of the Composer repository is automatically generated
separately from the releases, so the content doesn’t have to be
100% same as when you download the tarball. There should be no
functional differences though.
To install phpMyAdmin simply run:
composer create-project phpmyadmin/phpmyadmin
Alternatively you can use our own composer repository, which contains
the release tarballs and is available at
<https://www.phpmyadmin.net/packages.json>:
composer create-project phpmyadmin/phpmyadmin --repository-url=https://www.phpmyadmin.net/packages.json --no-dev
Installing using Docker
phpMyAdmin comes with a Docker official image, which you can easily deploy. You can
download it using:
The phpMyAdmin server will listen on port 80. It supports several ways of
configuring the link to the database server, either by Docker’s link feature
by linking your database container to db for phpMyAdmin (by specifying
--link your_db_host:db) or by environment variables (in this case it’s up
to you to set up networking in Docker to allow the phpMyAdmin container to access
the database container over the network).
Docker environment variables
You can configure several phpMyAdmin features using environment variables:
- PMA_ARBITRARY
-
Allows you to enter a database server hostname on login form.
- PMA_HOST
-
Hostname or IP address of the database server to use.
- PMA_HOSTS
-
Comma-separated hostnames or IP addresses of the database servers to use.
Note
Used only if
PMA_HOSTis empty.
- PMA_VERBOSE
-
Verbose name of the database server.
- PMA_VERBOSES
-
Comma-separated verbose name of the database servers.
Note
Used only if
PMA_VERBOSEis empty.
- PMA_USER
-
User name to use for Config authentication mode.
- PMA_PASSWORD
-
Password to use for Config authentication mode.
- PMA_PORT
-
Port of the database server to use.
- PMA_PORTS
-
Comma-separated ports of the database server to use.
Note
Used only if
PMA_PORTis empty.
- PMA_SOCKET
-
Socket file for the database connection.
- PMA_SOCKETS
-
Comma-separated list of socket files for the database connections.
Note
Used only if
PMA_SOCKETis empty.
- PMA_ABSOLUTE_URI
-
The fully-qualified path (
https://pma.example.net/) where the reverse
proxy makes phpMyAdmin available.
- PMA_QUERYHISTORYDB
-
When set to true, enables storing SQL history to
$cfg['Servers'][$i]['pmadb'].
When false, history is stored in the browser and is cleared when logging out.
- PMA_QUERYHISTORYMAX
-
When set to an integer, controls the number of history items.
- PMA_CONTROLHOST
-
When set, this points to an alternate database host used for storing the “phpMyAdmin configuration storage” database.
- PMA_CONTROLUSER
-
Defines the username for phpMyAdmin to use for the “phpMyAdmin configuration storage” database.
- PMA_CONTROLPASS
-
Defines the password for phpMyAdmin to use for the “phpMyAdmin configuration storage” database.
- PMA_CONTROLPORT
-
When set, will override the default port (3306) for connecting to the control host.
- PMA_PMADB
-
When set, define the name of the database to be used for the “phpMyAdmin configuration storage” database.
When not set, the advanced features are not enabled by default: they can still potentially be enabled by the user when logging in with the Zero configuration feature.Note
Suggested values: phpmyadmin or pmadb
- HIDE_PHP_VERSION
-
If defined, this option will hide the PHP version (expose_php = Off).
Set to any value (such as HIDE_PHP_VERSION=true).
- UPLOAD_LIMIT
-
If set, this option will override the default value for apache and php-fpm (this will change
upload_max_filesizeandpost_max_sizevalues).Note
Format as [0-9+](K,M,G) default value is 2048K
- MEMORY_LIMIT
-
If set, this option will override the phpMyAdmin memory limit
$cfg['MemoryLimit']and PHP’s memory_limit.Note
Format as [0-9+](K,M,G) where K is for Kilobytes, M for Megabytes, G for Gigabytes and 1K = 1024 bytes. Default value is 512M.
- MAX_EXECUTION_TIME
-
If set, this option will override the maximum execution time in seconds for phpMyAdmin
$cfg['ExecTimeLimit']and PHP’s max_execution_time.Note
Format as [0-9+]. Default value is 600.
- PMA_CONFIG_BASE64
-
If set, this option will override the default config.inc.php with the base64 decoded contents of the variable.
- PMA_USER_CONFIG_BASE64
-
If set, this option will override the default config.user.inc.php with the base64 decoded contents of the variable.
- PMA_UPLOADDIR
-
If set, this option will set the path where files can be saved to be available to import (
$cfg['UploadDir'])
- PMA_SAVEDIR
-
If set, this option will set the path where exported files can be saved (
$cfg['SaveDir'])
- APACHE_PORT
-
If set, this option will change the default Apache port from 80 in case you want it to run on a different port like an unprivileged port. Set to any port value (such as APACHE_PORT=8090).
- PMA_SSL_DIR
-
Define the path used for SSL files generated from environment variables, default value is /etc/phpmyadmin/ssl.
- PMA_SSL
-
When set to 1, defines SSL usage for the MySQL connection.
- PMA_SSLS
-
Comma-separated list of 0 and 1 defining SSL usage for the corresponding MySQL connections.
- PMA_SSL_VERIFY
-
When set to 1, enables SSL certificate verification for the MySQL connection.
- PMA_SSL_VERIFIES
-
Comma-separated list of 0 and 1 to enable or disable SSL certificate verification for multiple MySQL connections.
- PMA_SSL_CA
-
In the context of mutual TLS security, allows setting your CA file as a string inside the default config.inc.php.
- PMA_SSL_CAS
-
In the context of mutual TLS security, allows setting multiple CA files as a comma-separated list of strings inside the default config.inc.php.
- PMA_SSL_CA_BASE64
-
In the context of mutual TLS security, allows setting your CA file as a base64 string inside the default config.inc.php.
- PMA_SSL_CAS_BASE64
-
In the context of mutual TLS security, allows setting multiple CA files as a comma-separated list of base64 strings inside the default config.inc.php.
- PMA_SSL_CERT
-
In the context of mutual TLS security, allows setting your CERT file as a string inside the default config.inc.php.
- PMA_SSL_CERTS
-
In the context of mutual TLS security, allows setting multiple CERT files as a comma-separated list of strings inside the default config.inc.php.
- PMA_SSL_CERT_BASE64
-
In the context of mutual TLS security, allows setting your CERT file as a base64 string inside the default config.inc.php.
- PMA_SSL_CERTS_BASE64
-
In the context of mutual TLS security, allows setting multiple CERT files as a comma-separated list of base64 strings inside the default config.inc.php.
- PMA_SSL_KEY
-
In the context of mutual TLS security, allows setting your KEY file as a string inside the default config.inc.php.
- PMA_SSL_KEYS
-
In the context of mutual TLS security, allows setting multiple KEY files as a comma-separated list of strings inside the default config.inc.php.
- PMA_SSL_KEY_BASE64
-
In the context of mutual TLS security, allows setting your KEY file as a base64 string inside the default config.inc.php.
- PMA_SSL_KEYS_BASE64
-
In the context of mutual TLS security, allows setting multiple KEY files as a comma-separated list of base64 strings inside the default config.inc.php.
- TZ
-
If defined, this option will change the default PHP date.timezone from UTC.
By default, Cookie authentication mode is used, but if PMA_USER and
PMA_PASSWORD are set, it is switched to Config authentication mode.
Note
The credentials you need to log in are stored in the MySQL server, in case
of Docker image, there are various ways to set it (for example
MYSQL_ROOT_PASSWORD when starting the MySQL container). Please check
documentation for MariaDB container
or MySQL container.
Customizing configuration
Additionally configuration can be tweaked by /etc/phpmyadmin/config.user.inc.php. If
this file exists, it will be loaded after configuration is generated from above
environment variables, so you can override any configuration variable. This
configuration can be added as a volume when invoking docker using
-v /some/local/directory/config.user.inc.php:/etc/phpmyadmin/config.user.inc.php parameters.
Note that the supplied configuration file is applied after Docker environment variables,
but you can override any of the values.
For example to change the default behavior of CSV export you can use the following
configuration file:
<?php $cfg['Export']['csv_columns'] = true;
You can also use it to define server configuration instead of using the
environment variables listed in Docker environment variables:
<?php /* Override Servers array */ $cfg['Servers'] = [ 1 => [ 'auth_type' => 'cookie', 'host' => 'mydb1', 'port' => 3306, 'verbose' => 'Verbose name 1', ], 2 => [ 'auth_type' => 'cookie', 'host' => 'mydb2', 'port' => 3306, 'verbose' => 'Verbose name 2', ], ];
See also
See Configuration for detailed description of configuration options.
Docker Volumes
You can use the following volumes to customize image behavior:
/etc/phpmyadmin/config.user.inc.php
Can be used for additional settings, see the previous chapter for more details.
/sessions/
Directory where PHP sessions are stored. You might want to share this
for example when using Signon authentication mode.
/www/themes/
Directory where phpMyAdmin looks for themes. By default only those shipped
with phpMyAdmin are included, but you can include additional phpMyAdmin
themes (see Custom Themes) by using Docker volumes.
Docker Examples
To connect phpMyAdmin to a given server use:
docker run --name phpmyadmin -d -e PMA_HOST=dbhost -p 8080:80 phpmyadmin:latest
To connect phpMyAdmin to more servers use:
docker run --name phpmyadmin -d -e PMA_HOSTS=dbhost1,dbhost2,dbhost3 -p 8080:80 phpmyadmin:latest
To use arbitrary server option:
docker run --name phpmyadmin -d --link mysql_db_server:db -p 8080:80 -e PMA_ARBITRARY=1 phpmyadmin:latest
You can also link the database container using Docker:
docker run --name phpmyadmin -d --link mysql_db_server:db -p 8080:80 phpmyadmin:latest
Running with additional configuration:
docker run --name phpmyadmin -d --link mysql_db_server:db -p 8080:80 -v /some/local/directory/config.user.inc.php:/etc/phpmyadmin/config.user.inc.php phpmyadmin:latest
Running with additional themes:
docker run --name phpmyadmin -d --link mysql_db_server:db -p 8080:80 -v /some/local/directory/custom/phpmyadmin/themeName/:/var/www/html/themes/themeName/ phpmyadmin:latest
Using docker-compose
Alternatively, you can also use docker-compose with the docker-compose.yml from
<https://github.com/phpmyadmin/docker>. This will run phpMyAdmin with an
arbitrary server — allowing you to specify MySQL/MariaDB server on the login page.
Customizing configuration file using docker-compose
You can use an external file to customize phpMyAdmin configuration and pass it
using the volumes directive:
phpmyadmin: image: phpmyadmin:latest container_name: phpmyadmin environment: - PMA_ARBITRARY=1 restart: always ports: - 8080:80 volumes: - /sessions - ~/docker/phpmyadmin/config.user.inc.php:/etc/phpmyadmin/config.user.inc.php - /custom/phpmyadmin/theme/:/www/themes/theme/
Running behind haproxy in a subdirectory
When you want to expose phpMyAdmin running in a Docker container in a
subdirectory, you need to rewrite the request path in the server proxying the
requests.
For example, using haproxy it can be done as:
frontend http
bind *:80
option forwardfor
option http-server-close
### NETWORK restriction
acl LOCALNET src 10.0.0.0/8 192.168.0.0/16 172.16.0.0/12
# /phpmyadmin
acl phpmyadmin path_dir /phpmyadmin
use_backend phpmyadmin if phpmyadmin LOCALNET
backend phpmyadmin
mode http
reqirep ^(GET|POST|HEAD)\ /phpmyadmin/(.*) \1\ /\2
# phpMyAdmin container IP
server localhost 172.30.21.21:80
When using traefik, something like following should work:
defaultEntryPoints = ["http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
regex = "(http:\\/\\/[^\\/]+\\/([^\\?\\.]+)[^\\/])$"
replacement = "$1/"
[backends]
[backends.myadmin]
[backends.myadmin.servers.myadmin]
url="http://internal.address.to.pma"
[frontends]
[frontends.myadmin]
backend = "myadmin"
passHostHeader = true
[frontends.myadmin.routes.default]
rule="PathPrefixStrip:/phpmyadmin/;AddPrefix:/"
You then should specify PMA_ABSOLUTE_URI in the docker-compose
configuration:
version: '2' services: phpmyadmin: restart: always image: phpmyadmin:latest container_name: phpmyadmin hostname: phpmyadmin domainname: example.com ports: - 8000:80 environment: - PMA_HOSTS=172.26.36.7,172.26.36.8,172.26.36.9,172.26.36.10 - PMA_VERBOSES=production-db1,production-db2,dev-db1,dev-db2 - PMA_USER=root - PMA_PASSWORD= - PMA_ABSOLUTE_URI=http://example.com/phpmyadmin/
IBM Cloud
One of our users has created a helpful guide for installing phpMyAdmin on the
IBM Cloud platform.
Quick Install
-
Choose an appropriate distribution kit from the phpmyadmin.net
Downloads page. Some kits contain only the English messages, others
contain all languages. We’ll assume you chose a kit whose name
looks likephpMyAdmin-x.x.x-all-languages.tar.gz. -
Ensure you have downloaded a genuine archive, see Verifying phpMyAdmin releases.
-
Untar or unzip the distribution (be sure to unzip the subdirectories):
tar -xzvf phpMyAdmin_x.x.x-all-languages.tar.gzin your
webserver’s document root. If you don’t have direct access to your
document root, put the files in a directory on your local machine,
and, after step 4, transfer the directory on your web server using,
for example, FTP. -
Ensure that all the scripts have the appropriate owner (if PHP is
running in safe mode, having some scripts with an owner different from
the owner of other scripts will be a problem). See 4.2 What’s the preferred way of making phpMyAdmin secure against evil access? and
1.26 I just installed phpMyAdmin in my document root of IIS but I get the error “No input file specified” when trying to run phpMyAdmin. for suggestions. -
Now you must configure your installation. There are two methods that
can be used. Traditionally, users have hand-edited a copy of
config.inc.php, but now a wizard-style setup script is provided
for those who prefer a graphical installation. Creating a
config.inc.phpis still a quick way to get started and needed for
some advanced features.
Manually creating the file
To manually create the file, simply use your text editor to create the
file config.inc.php (you can copy config.sample.inc.php to get
a minimal configuration file) in the main (top-level) phpMyAdmin
directory (the one that contains index.php). phpMyAdmin first
loads the default configuration values and then overrides those values
with anything found in config.inc.php. If the default value is
okay for a particular setting, there is no need to include it in
config.inc.php. You’ll probably need only a few directives to get going; a
simple configuration may look like this:
<?php // The string is a hexadecimal representation of a 32-bytes long string of random bytes. $cfg['blowfish_secret'] = sodium_hex2bin('f16ce59f45714194371b48fe362072dc3b019da7861558cd4ad29e4d6fb13851'); $i=0; $i++; $cfg['Servers'][$i]['auth_type'] = 'cookie'; // if you insist on "root" having no password: // $cfg['Servers'][$i]['AllowNoPassword'] = true;
Or, if you prefer to not be prompted every time you log in:
<?php $i=0; $i++; $cfg['Servers'][$i]['user'] = 'root'; $cfg['Servers'][$i]['password'] = 'changeme'; // use here your password $cfg['Servers'][$i]['auth_type'] = 'config';
Warning
Storing passwords in the configuration is insecure as anybody can then
manipulate your database.
For a full explanation of possible configuration values, see the
Configuration of this document.
Using the Setup script
Instead of manually editing config.inc.php, you can use phpMyAdmin’s
setup feature. The file can be generated using the setup and you can download it
for upload to the server.
Next, open your browser and visit the location where you installed phpMyAdmin,
with the /setup suffix. The changes are not saved to the server, you need to
use the Download button to save them to your computer and then upload
to the server.
Now the file is ready to be used. You can choose to review or edit the
file with your favorite editor, if you prefer to set some advanced
options that the setup script does not provide.
-
If you are using the
auth_type“config”, it is suggested that you
protect the phpMyAdmin installation directory because using config
does not require a user to enter a password to access the phpMyAdmin
installation. Use of an alternate authentication method is
recommended, for example with HTTP–AUTH in a .htaccess file or switch to using
auth_typecookie or http. See the ISPs, multi-user installations
for additional information, especially 4.4 phpMyAdmin always gives “Access denied” when using HTTP authentication.. -
Open the main phpMyAdmin directory in your browser.
phpMyAdmin should now display a welcome screen and your databases, or
a login dialog if using HTTP or
cookie authentication mode.
Setup script on Debian, Ubuntu and derivatives
Debian and Ubuntu have changed the way in which the setup script is enabled and disabled, in a way
that single command has to be executed for either of these.
To allow editing configuration invoke:
To block editing configuration invoke:
Setup script on openSUSE
Some openSUSE releases do not include setup script in the package. In case you
want to generate configuration on these you can either download original
package from <https://www.phpmyadmin.net/> or use setup script on our demo
server: <https://demo.phpmyadmin.net/master/setup/>.
Verifying phpMyAdmin releases
Since July 2015 all phpMyAdmin releases are cryptographically signed by the
releasing developer, who through January 2016 was Marc Delisle. His key id is
0xFEFC65D181AF644A, his PGP fingerprint is:
436F F188 4B1A 0C3F DCBF 0D79 FEFC 65D1 81AF 644A
and you can get more identification information from <https://keybase.io/lem9>.
Beginning in January 2016, the release manager is Isaac Bennetch. His key id is
0xCE752F178259BD92, and his PGP fingerprint is:
3D06 A59E CE73 0EB7 1B51 1C17 CE75 2F17 8259 BD92
and you can get more identification information from <https://keybase.io/ibennetch>.
Some additional downloads (for example themes) might be signed by Michal Čihař. His key id is
0x9C27B31342B7511D, and his PGP fingerprint is:
63CB 1DF1 EF12 CF2A C0EE 5A32 9C27 B313 42B7 511D
and you can get more identification information from <https://keybase.io/nijel>.
You should verify that the signature matches the archive you have downloaded.
This way you can be sure that you are using the same code that was released.
You should also verify the date of the signature to make sure that you
downloaded the latest version.
Each archive is accompanied by .asc files which contain the PGP signature
for it. Once you have both of them in the same folder, you can verify the signature:
$ gpg --verify phpMyAdmin-4.5.4.1-all-languages.zip.asc gpg: Signature made Fri 29 Jan 2016 08:59:37 AM EST using RSA key ID 8259BD92 gpg: Can't check signature: public key not found
As you can see gpg complains that it does not know the public key. At this
point, you should do one of the following steps:
-
Download the keyring from our download server, then import it with:
$ gpg --import phpmyadmin.keyring
-
Download and import the key from one of the key servers:
$ gpg --keyserver hkp://pgp.mit.edu --recv-keys 3D06A59ECE730EB71B511C17CE752F178259BD92 gpg: requesting key 8259BD92 from hkp server pgp.mit.edu gpg: key 8259BD92: public key "Isaac Bennetch <bennetch@gmail.com>" imported gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)
This will improve the situation a bit — at this point, you can verify that the
signature from the given key is correct but you still can not trust the name used
in the key:
$ gpg --verify phpMyAdmin-4.5.4.1-all-languages.zip.asc gpg: Signature made Fri 29 Jan 2016 08:59:37 AM EST using RSA key ID 8259BD92 gpg: Good signature from "Isaac Bennetch <bennetch@gmail.com>" gpg: aka "Isaac Bennetch <isaac@bennetch.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 3D06 A59E CE73 0EB7 1B51 1C17 CE75 2F17 8259 BD92
The problem here is that anybody could issue the key with this name. You need to
ensure that the key is actually owned by the mentioned person. The GNU Privacy
Handbook covers this topic in the chapter Validating other keys on your public
keyring. The most reliable method is to meet the developer in person and
exchange key fingerprints, however, you can also rely on the web of trust. This way
you can trust the key transitively though signatures of others, who have met
the developer in person.
Once the key is trusted, the warning will not occur:
$ gpg --verify phpMyAdmin-4.5.4.1-all-languages.zip.asc gpg: Signature made Fri 29 Jan 2016 08:59:37 AM EST using RSA key ID 8259BD92 gpg: Good signature from "Isaac Bennetch <bennetch@gmail.com>" [full]
Should the signature be invalid (the archive has been changed), you would get a
clear error regardless of the fact that the key is trusted or not:
$ gpg --verify phpMyAdmin-4.5.4.1-all-languages.zip.asc gpg: Signature made Fri 29 Jan 2016 08:59:37 AM EST using RSA key ID 8259BD92 gpg: BAD signature from "Isaac Bennetch <bennetch@gmail.com>" [unknown]
phpMyAdmin configuration storage
Changed in version 3.4.0: Prior to phpMyAdmin 3.4.0 this was called Linked Tables Infrastructure, but
the name was changed due to the extended scope of the storage.
For a whole set of additional features (Bookmarks, comments, SQL-history,
tracking mechanism, PDF-generation, Transformations, Relations
etc.) you need to create a set of special tables. Those tables can be located
in your own database, or in a central database for a multi-user installation
(this database would then be accessed by the controluser, so no other user
should have rights to it).
Zero configuration
In many cases, this database structure can be automatically created and
configured. This is called “Zero Configuration” mode and can be particularly
useful in shared hosting situations. “Zeroconf” mode is on by default, to
disable set $cfg['ZeroConf'] to false.
The following three scenarios are covered by the Zero Configuration mode:
-
When entering a database where the configuration storage tables are not
present, phpMyAdmin offers to create them from the Operations tab. -
When entering a database where the tables do already exist, the software
automatically detects this and begins using them. This is the most common
situation; after the tables are initially created automatically they are
continually used without disturbing the user; this is also most useful on
shared hosting where the user is not able to editconfig.inc.phpand
usually the user only has access to one database. -
When having access to multiple databases, if the user first enters the
database containing the configuration storage tables then switches to
another database,
phpMyAdmin continues to use the tables from the first database; the user is
not prompted to create more tables in the new database.
Manual configuration
Please look at your ./sql/ directory, where you should find a
file called create_tables.sql. (If you are using a Windows server,
pay special attention to 1.23 I’m running MySQL on a Win32 machine. Each time I create a new table the table and column names are changed to lowercase!).
If you already had this infrastructure and:
-
upgraded to MySQL 4.1.2 or newer, please use
sql/upgrade_tables_mysql_4_1_2+.sql. -
upgraded to phpMyAdmin 4.3.0 or newer from 2.5.0 or newer (<= 4.2.x),
please usesql/upgrade_column_info_4_3_0+.sql. -
upgraded to phpMyAdmin 4.7.0 or newer from 4.3.0 or newer,
please usesql/upgrade_tables_4_7_0+.sql.
and then create new tables by importing sql/create_tables.sql.
You can use your phpMyAdmin to create the tables for you. Please be
aware that you may need special (administrator) privileges to create
the database and tables, and that the script may need some tuning,
depending on the database name.
After having imported the sql/create_tables.sql file, you
should specify the table names in your config.inc.php file. The
directives used for that can be found in the Configuration.
You will also need to have a controluser
($cfg['Servers'][$i]['controluser'] and
$cfg['Servers'][$i]['controlpass'] settings)
with the proper rights to those tables. For example you can create it
using following statement:
And for any MariaDB version:
CREATE USER 'pma'@'localhost' IDENTIFIED VIA mysql_native_password USING 'pmapass'; GRANT SELECT, INSERT, UPDATE, DELETE ON `<pma_db>`.* TO 'pma'@'localhost';
For MySQL 8.0 and newer:
CREATE USER 'pma'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'pmapass'; GRANT SELECT, INSERT, UPDATE, DELETE ON <pma_db>.* TO 'pma'@'localhost';
For MySQL older than 8.0:
CREATE USER 'pma'@'localhost' IDENTIFIED WITH mysql_native_password AS 'pmapass'; GRANT SELECT, INSERT, UPDATE, DELETE ON <pma_db>.* TO 'pma'@'localhost';
Note that MySQL installations with PHP older than 7.4 and MySQL newer than 8.0 may require
using the mysql_native_password authentication as a workaround, see
1.45 I get an error message about unknown authentication method caching_sha2_password when trying to log in for details.
Upgrading from an older version
Warning
Never extract the new version over an existing installation of
phpMyAdmin, always first remove the old files keeping just the
configuration.
This way, you will not leave any old or outdated files in the directory,
which can have severe security implications or can cause various breakages.
Simply copy config.inc.php from your previous installation into
the newly unpacked one. Configuration files from old versions may
require some tweaking as some options have been changed or removed.
For compatibility with PHP 5.3 and later, remove a
set_magic_quotes_runtime(0); statement that you might find near
the end of your configuration file.
The complete upgrade can be performed in a few simple steps:
-
Download the latest phpMyAdmin version from <https://www.phpmyadmin.net/downloads/>.
-
Rename existing phpMyAdmin folder (for example to
phpmyadmin-old). -
Unpack freshly downloaded phpMyAdmin to the desired location (for example
phpmyadmin). -
Copy
config.inc.php`from old location (phpmyadmin-old) to the new one (phpmyadmin). -
Test that everything works properly.
-
Remove backup of a previous version (
phpmyadmin-old).
If you have upgraded your MySQL server from a version previous to 4.1.2 to
version 5.x or newer and if you use the phpMyAdmin configuration storage, you
should run the SQL script found in
sql/upgrade_tables_mysql_4_1_2+.sql.
If you have upgraded your phpMyAdmin to 4.3.0 or newer from 2.5.0 or
newer (<= 4.2.x) and if you use the phpMyAdmin configuration storage, you
should run the SQL script found in
sql/upgrade_column_info_4_3_0+.sql.
Do not forget to clear the browser cache and to empty the old session by
logging out and logging in again.
Using authentication modes
HTTP and cookie authentication modes are recommended in a multi-user
environment where you want to give users access to their own database and
don’t want them to play around with others. Nevertheless, be aware that MS
Internet Explorer seems to be really buggy about cookies, at least till version
6. Even in a single-user environment, you might prefer to use HTTP
or cookie mode so that your user/password pair are not in clear in the
configuration file.
HTTP and cookie authentication
modes are more secure: the MySQL login information does not need to be
set in the phpMyAdmin configuration file (except possibly for the
$cfg['Servers'][$i]['controluser']).
However, keep in mind that the password travels in plain text unless
you are using the HTTPS protocol. In cookie mode, the password is
stored, encrypted with the AES algorithm, in a temporary cookie.
Then each of the true users should be granted a set of privileges
on a set of particular databases. Normally you shouldn’t give global
privileges to an ordinary user unless you understand the impact of those
privileges (for example, you are creating a superuser).
For example, to grant the user real_user with all privileges on
the database user_base:
GRANT ALL PRIVILEGES ON user_base.* TO 'real_user'@localhost IDENTIFIED BY 'real_password';
What the user may now do is controlled entirely by the MySQL user management
system. With HTTP or cookie authentication mode, you don’t need to fill the
user/password fields inside the $cfg['Servers'].
HTTP authentication mode
-
Uses HTTP Basic authentication
method and allows you to log in as any valid MySQL user. -
Is supported with most PHP configurations. For IIS (ISAPI)
support using CGI PHP see 1.32 Can I use HTTP authentication with IIS?, for using with Apache
CGI see 1.35 Can I use HTTP authentication with Apache CGI?. -
When PHP is running under Apache’s mod_proxy_fcgi (e.g. with PHP-FPM),
Authorizationheaders are not passed to the underlying FCGI application,
such that your credentials will not reach the application. In this case, you can
add the following configuration directive:SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
-
See also 4.4 phpMyAdmin always gives “Access denied” when using HTTP authentication. about not using the .htaccess mechanism along with
‘HTTP’ authentication mode.
Note
There is no way to do proper logout in HTTP authentication, most browsers
will remember credentials until there is no different successful
authentication. Because of this, this method has a limitation that you can not
login with the same user after logout.
Cookie authentication mode
-
Username and password are stored in cookies during the session and password
is deleted when it ends. -
With this mode, the user can truly log out of phpMyAdmin and log
back in with the same username (this is not possible with HTTP authentication mode). -
If you want to allow users to enter any hostname to connect (rather than only
servers that are configured inconfig.inc.php),
see the$cfg['AllowArbitraryServer']directive. -
As mentioned in the Requirements section, having the
opensslextension
will speed up access considerably, but is not required.
Signon authentication mode
-
This mode is a convenient way of using credentials from another
application to authenticate to phpMyAdmin to implement a single signon
solution. -
The other application has to store login information into session
data (see$cfg['Servers'][$i]['SignonSession']and
$cfg['Servers'][$i]['SignonCookieParams']) or you
need to implement script to return the credentials (see
$cfg['Servers'][$i]['SignonScript']). -
When no credentials are available, the user is being redirected to
$cfg['Servers'][$i]['SignonURL'], where you should handle
the login process.
The very basic example of saving credentials in a session is available as
examples/signon.php:
<?php /** * Single signon for phpMyAdmin * * This is just example how to use session based single signon with * phpMyAdmin, it is not intended to be perfect code and look, only * shows how you can integrate this functionality in your application. */ declare(strict_types=1); /* Use cookies for session */ ini_set('session.use_cookies', 'true'); /* Change this to true if using phpMyAdmin over https */ $secure_cookie = false; /* Need to have cookie visible from parent directory */ session_set_cookie_params(0, '/', '', $secure_cookie, true); /* Create signon session */ $session_name = 'SignonSession'; session_name($session_name); // Uncomment and change the following line to match your $cfg['SessionSavePath'] //session_save_path('/foobar'); @session_start(); /* Was data posted? */ if (isset($_POST['user'])) { /* Store there credentials */ $_SESSION['PMA_single_signon_user'] = $_POST['user']; $_SESSION['PMA_single_signon_password'] = $_POST['password']; $_SESSION['PMA_single_signon_host'] = $_POST['host']; $_SESSION['PMA_single_signon_port'] = $_POST['port']; /* Update another field of server configuration */ $_SESSION['PMA_single_signon_cfgupdate'] = ['verbose' => 'Signon test']; $_SESSION['PMA_single_signon_HMAC_secret'] = hash('sha1', uniqid(strval(random_int(0, mt_getrandmax())), true)); $id = session_id(); /* Close that session */ @session_write_close(); /* Redirect to phpMyAdmin (should use absolute URL here!) */ header('Location: ../index.php'); } else { /* Show simple form */ header('Content-Type: text/html; charset=utf-8'); echo '<?xml version="1.0" encoding="utf-8"?>' . "\n"; echo '<!DOCTYPE HTML> <html lang="en" dir="ltr"> <head> <link rel="icon" href="../favicon.ico" type="image/x-icon"> <link rel="shortcut icon" href="../favicon.ico" type="image/x-icon"> <meta charset="utf-8"> <title>phpMyAdmin single signon example</title> </head> <body>'; if (isset($_SESSION['PMA_single_signon_error_message'])) { echo '<p class="error">'; echo $_SESSION['PMA_single_signon_error_message']; echo '</p>'; } echo '<form action="signon.php" method="post"> Username: <input type="text" name="user" autocomplete="username" spellcheck="false"><br> Password: <input type="password" name="password" autocomplete="current-password" spellcheck="false"><br> Host: (will use the one from config.inc.php by default) <input type="text" name="host"><br> Port: (will use the one from config.inc.php by default) <input type="text" name="port"><br> <input type="submit"> </form> </body> </html>'; }
Alternatively, you can also use this way to integrate with OpenID as shown
in examples/openid.php:
<?php /** * Single signon for phpMyAdmin using OpenID * * This is just example how to use single signon with phpMyAdmin, it is * not intended to be perfect code and look, only shows how you can * integrate this functionality in your application. * * It uses OpenID pear package, see https://pear.php.net/package/OpenID * * User first authenticates using OpenID and based on content of $AUTH_MAP * the login information is passed to phpMyAdmin in session data. */ declare(strict_types=1); if (false === @include_once 'OpenID/RelyingParty.php') { exit; } /* Change this to true if using phpMyAdmin over https */ $secure_cookie = false; /** * Map of authenticated users to MySQL user/password pairs. */ $AUTH_MAP = [ 'https://launchpad.net/~username' => [ 'user' => 'root', 'password' => '', ], ]; // phpcs:disable PSR1.Files.SideEffects,Squiz.Functions.GlobalFunction /** * Simple function to show HTML page with given content. * * @param string $contents Content to include in page */ function Show_page($contents): void { header('Content-Type: text/html; charset=utf-8'); echo '<?xml version="1.0" encoding="utf-8"?>' . "\n"; echo '<!DOCTYPE HTML> <html lang="en" dir="ltr"> <head> <link rel="icon" href="../favicon.ico" type="image/x-icon"> <link rel="shortcut icon" href="../favicon.ico" type="image/x-icon"> <meta charset="utf-8"> <title>phpMyAdmin OpenID signon example</title> </head> <body>'; if (isset($_SESSION['PMA_single_signon_error_message'])) { echo '<p class="error">' . $_SESSION['PMA_single_signon_message'] . '</p>'; unset($_SESSION['PMA_single_signon_message']); } echo $contents; echo '</body></html>'; } /** * Display error and exit * * @param Exception $e Exception object */ function Die_error($e): void { $contents = "<div class='relyingparty_results'>\n"; $contents .= '<pre>' . htmlspecialchars($e->getMessage()) . "</pre>\n"; $contents .= "</div class='relyingparty_results'>"; Show_page($contents); exit; } // phpcs:enable /* Need to have cookie visible from parent directory */ session_set_cookie_params(0, '/', '', $secure_cookie, true); /* Create signon session */ $session_name = 'SignonSession'; session_name($session_name); @session_start(); // Determine realm and return_to $base = 'http'; if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') { $base .= 's'; } $base .= '://' . $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT']; $realm = $base . '/'; $returnTo = $base . dirname($_SERVER['PHP_SELF']); if ($returnTo[strlen($returnTo) - 1] !== '/') { $returnTo .= '/'; } $returnTo .= 'openid.php'; /* Display form */ if ((! count($_GET) && ! count($_POST)) || isset($_GET['phpMyAdmin'])) { /* Show simple form */ $content = '<form action="openid.php" method="post"> OpenID: <input type="text" name="identifier"><br> <input type="submit" name="start"> </form>'; Show_page($content); exit; } /* Grab identifier */ $identifier = null; if (isset($_POST['identifier']) && is_string($_POST['identifier'])) { $identifier = $_POST['identifier']; } elseif (isset($_SESSION['identifier']) && is_string($_SESSION['identifier'])) { $identifier = $_SESSION['identifier']; } /* Create OpenID object */ try { $o = new OpenID_RelyingParty($returnTo, $realm, $identifier); } catch (Throwable $e) { Die_error($e); } /* Redirect to OpenID provider */ if (isset($_POST['start'])) { try { $authRequest = $o->prepare(); } catch (Throwable $e) { Die_error($e); } $url = $authRequest->getAuthorizeURL(); header('Location: ' . $url); exit; } /* Grab query string */ if (! count($_POST)) { [, $queryString] = explode('?', $_SERVER['REQUEST_URI']); } else { // Fetch the raw query body $queryString = file_get_contents('php://input'); } /* Check reply */ try { $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP); } catch (Throwable $e) { Die_error($e); } $id = $message->get('openid.claimed_id'); if (empty($id) || ! isset($AUTH_MAP[$id])) { Show_page('<p>User not allowed!</p>'); exit; } $_SESSION['PMA_single_signon_user'] = $AUTH_MAP[$id]['user']; $_SESSION['PMA_single_signon_password'] = $AUTH_MAP[$id]['password']; $_SESSION['PMA_single_signon_HMAC_secret'] = hash('sha1', uniqid(strval(random_int(0, mt_getrandmax())), true)); session_write_close(); /* Redirect to phpMyAdmin (should use absolute URL here!) */ header('Location: ../index.php');
If you intend to pass the credentials using some other means than, you have to
implement wrapper in PHP to get that data and set it to
$cfg['Servers'][$i]['SignonScript']. There is a very minimal example
in examples/signon-script.php:
<?php /** * Single signon for phpMyAdmin * * This is just example how to use script based single signon with * phpMyAdmin, it is not intended to be perfect code and look, only * shows how you can integrate this functionality in your application. */ declare(strict_types=1); // phpcs:disable Squiz.Functions.GlobalFunction /** * This function returns username and password. * * It can optionally use configured username as parameter. * * @param string $user User name * * @return array */ function get_login_credentials($user) { /* Optionally we can use passed username */ if (! empty($user)) { return [ $user, 'password', ]; } /* Here we would retrieve the credentials */ return [ 'root', '', ]; }
Config authentication mode
-
This mode is sometimes the less secure one because it requires you to fill the
$cfg['Servers'][$i]['user']and
$cfg['Servers'][$i]['password']
fields (and as a result, anyone who can read yourconfig.inc.php
can discover your username and password). -
In the ISPs, multi-user installations section, there is an entry explaining how
to protect your configuration file. -
For additional security in this mode, you may wish to consider the
Host authentication$cfg['Servers'][$i]['AllowDeny']['order']
and$cfg['Servers'][$i]['AllowDeny']['rules']configuration directives. -
Unlike cookie and http, does not require a user to log in when first
loading the phpMyAdmin site. This is by design but could allow any
user to access your installation. Use of some restriction method is
suggested, perhaps a .htaccess file with the HTTP-AUTH directive or disallowing
incoming HTTP requests at one’s router or firewall will suffice (both
of which are beyond the scope of this manual but easily searchable
with Google).
Securing your phpMyAdmin installation
The phpMyAdmin team tries hard to make the application secure, however there
are always ways to make your installation more secure:
-
Follow our Security announcements and upgrade
phpMyAdmin whenever new vulnerability is published. -
Serve phpMyAdmin on HTTPS only. Preferably, you should use HSTS as well, so that
you’re protected from protocol downgrade attacks. -
Ensure your PHP setup follows recommendations for production sites, for example
display_errors
should be disabled. -
Remove the
testdirectory from phpMyAdmin, unless you are developing and need a test suite. -
Remove the
setupdirectory from phpMyAdmin, you will probably not
use it after the initial setup. -
Properly choose an authentication method — Cookie authentication mode
is probably the best choice for shared hosting. -
Deny access to auxiliary files in
./libraries/or
./templates/subfolders in your webserver configuration.
Such configuration prevents from possible path exposure and cross side
scripting vulnerabilities that might happen to be found in that code. For the
Apache webserver, this is often accomplished with a .htaccess file in
those directories. -
Deny access to temporary files, see
$cfg['TempDir'](if that
is placed inside your web root, see also Web server upload/save/import directories. -
It is generally a good idea to protect a public phpMyAdmin installation
against access by robots as they usually can not do anything good there. You
can do this usingrobots.txtfile in the root of your webserver or limit
access by web server configuration, see 1.42 How can I prevent robots from accessing phpMyAdmin?. -
In case you don’t want all MySQL users to be able to access
phpMyAdmin, you can use$cfg['Servers'][$i]['AllowDeny']['rules']to limit them
or$cfg['Servers'][$i]['AllowRoot']to deny root user access. -
Enable Two-factor authentication for your account.
-
Consider hiding phpMyAdmin behind an authentication proxy, so that
users need to authenticate prior to providing MySQL credentials
to phpMyAdmin. You can achieve this by configuring your web server to request
HTTP authentication. For example in Apache this can be done with:AuthType Basic AuthName "Restricted Access" AuthUserFile /usr/share/phpmyadmin/passwd Require valid-user
Once you have changed the configuration, you need to create a list of users which
can authenticate. This can be done using the htpasswd utility:htpasswd -c /usr/share/phpmyadmin/passwd username
-
If you are afraid of automated attacks, enabling Captcha by
$cfg['CaptchaLoginPublicKey']and
$cfg['CaptchaLoginPrivateKey']might be an option. -
Failed login attempts are logged to syslog (if available, see
$cfg['AuthLog']). This can allow using a tool such as
fail2ban to block brute-force attempts. Note that the log file used by syslog
is not the same as the Apache error or access log files. -
In case you’re running phpMyAdmin together with other PHP applications, it is
generally advised to use separate session storage for phpMyAdmin to avoid
possible session-based attacks against it. You can use
$cfg['SessionSavePath']to achieve this.
Using SSL for connection to database server
It is recommended to use SSL when connecting to remote database server. There
are several configuration options involved in the SSL setup:
$cfg['Servers'][$i]['ssl']-
Defines whether to use SSL at all. If you enable only this, the connection
will be encrypted, but there is not authentication of the connection — you
can not verify that you are talking to the right server. $cfg['Servers'][$i]['ssl_key']and$cfg['Servers'][$i]['ssl_cert']-
This is used for authentication of client to the server.
$cfg['Servers'][$i]['ssl_ca']and$cfg['Servers'][$i]['ssl_ca_path']-
The certificate authorities you trust for server certificates.
This is used to ensure that you are talking to a trusted server. $cfg['Servers'][$i]['ssl_verify']-
This configuration disables server certificate verification. Use with
caution.
When the database server is using a local connection or private network and SSL can not be configured
you can use $cfg['MysqlSslWarningSafeHosts'] to explicitly list the hostnames that are considered secure.
Known issues
Users with column-specific privileges are unable to “Browse”
If a user has only column-specific privileges on some (but not all) columns in a table, “Browse”
will fail with an error message.
As a workaround, a bookmarked query with the same name as the table can be created, this will
run when using the “Browse” link instead. Issue 11922.
Trouble logging back in after logging out using ‘http’ authentication
When using the ‘http’ auth_type, it can be impossible to log back in (when the logout comes
manually or after a period of inactivity). Issue 11898.
Загрузить PDF
Загрузить PDF
Из данной статьи вы узнаете, как установить phpMyAdmin на компьютере под управлением Windows. С помощью phpMyAdmin можно управлять сервером MySQL через веб-браузер, но перед этим необходимо настроить сервер MySQL на компьютере. Также можно воспользоваться бесплатной программой WAMP, чтобы автоматически установить phpMyAdmin на сервере.
-
Установите и настройте Apache, PHP и MySQL на компьютере. Они необходимы, чтобы установить phpMyAdmin.
-
Перейдите на страницу https://www.phpmyadmin.net/ в браузере.
-
Это зеленая кнопка в верхней правой части страницы. Запустится процесс скачивания архива (ZIP-файла).
- Справа от «Download» вы найдете версию phpMyAdmin (например, чтобы скачать версию phpMyAdmin, выпущенную в декабре 2017 года, нажмите «Download 4.7.7»).
-
Вы вернетесь на страницу phpMyAdmin.
-
Для этого дважды щелкните по загруженному ZIP-файлу.
-
Щелкните по папке с phpMyAdmin в окне распакованного архива, а затем нажмите Ctrl+C.
-
Она находится в папке «Apache», которая расположена на диске «C:».
- В папке «htdocs» вы найдете текстовый файл «index.php» (или что-то подобное).
- Чтобы быстро открыть указанную папку, щелкните по «Этот компьютер» в левой части окна, дважды щелкните по папке «Apache», а затем дважды щелкните по папке «htdocs» (или аналогичной).
-
Нажмите Ctrl+V, чтобы вставить скопированную папку «phpMyAdmin» в папку «htdocs».
-
Щелкните по папке «phpMyAdmin», нажмите «Главная», на панели инструментов выберите «Переименовать», введите phpmyadmin в поле с именем папки, а затем нажмите ↵ Enter.
-
Эта папка находится на диске «C:» (как и папка «Apache»). Дважды щелкните по папке «РНР», чтобы открыть ее.
-
Измените имя этого файла на php.ini.[1]
-
Он откроется в текстовом редакторе, который используется по умолчанию (например, в Блокноте); в некоторых случаях вам придется выбрать Блокнот в открывшемся списке, а затем нажать «ОК».
-
Точку с запятой вы найдете слева от этой строки.
- Нажмите Ctrl+F, чтобы открыть окно «Найти», а затем введите указанный текст, чтобы быстро перейти к нему.
-
Так вы настроите сервер phpMyAdmin.
-
Нажмите Ctrl+S, чтобы сохранить внесенные изменения, а затем нажмите «X» в верхнем правом углу окна Блокнота, чтобы закрыть Блокнот.
-
Откройте командную строку от имени администратора; для этого щелкните правой кнопкой мыши по «Пуск» «
, выберите «Командная строка (Администратор)» и нажмите «Да», когда появится запрос. Теперь выполните следующие действия:
- введите cd /Apache24/bin и нажмите ↵ Enter (замените «Apache24» на имя своей папки с Apache);
- введите httpd -k restart и нажмите ↵ Enter.
-
Откройте веб-браузер, в адресной строке введите http://localhost и нажмите ↵ Enter. Должна открыться страница авторизации phpMyAdmin.
Реклама
-
С помощью WAMP можно управлять существующим сервером с компьютера, но не создавать новые серверы.
-
-
-
Версися зависит от разрядности вашей операционной системы. Откроется всплывающее окно.
-
Она находится в верхней правой части всплывающего окна. Откроется страница Source Forge, на которой можно скачать выбранную версию WAMP.
-
Эта зеленая кнопка находится в верхней части страницы. Начнется процесс скачивания WAMP.
- Этот процесс займет несколько минут.
-
Дважды щелкните по скачанному установочному файлу WAMP, а затем выполните следующие действия:
- нажмите «Да», когда будет предложено;
- выберите язык и нажмите «OK»;
- поставьте флажок у «I accept the agreement» (Я принимаю условия соглашения) и нажмите «Next» (Далее);
- нажмите «Next» (Далее) три раза;
- нажмите «Install» (Установить).
-
На это уйдет несколько минут.
-
Нажмите «Yes» (Да), найдите EXE-файл нужного браузера, щелкните по нему и нажмите «Открыть».
- Например, чтобы выбрать Chrome, найдите и щелкните по папке «Google» в левой части окна Проводника, затем дважды щелкните по папке «Chrome» и выберите значок Chrome.
- Если вы предпочитаете использовать Internet Explorer, нажмите «No» (Нет).
-
Если вы не хотите использовать Блокнот в качестве текстового редактора сервера, нажмите «Yes» (Да), когда появится запрос, затем найдите EXE-файл нужного текстового редактора, щелкните по нему и нажмите «Открыть».
- Нажмите «No» (Нет), если вы хотите оставить Блокнот текстовым редактором по умолчанию.
-
Нажмите «Next» (Далее), а затем нажмите «Finish» (Готово) в последнем окне мастера установки.
-
Дважды щелкните по розовому значку «Wampserver» на рабочем столе, а затем нажмите «Да», когда появится запрос. Сервер будет запущен.
-
В правой части панели инструментов Windows вы увидите оранжевый или зеленый значок WAMP. Если нажать на этот значок, откроется всплывающее меню.
- Возможно, сначала нужно щелкнуть по значку в виде направленной вверх стрелки, чтобы отобразить значок WAMP.
-
Эта опция находится в верхней части всплывающего меню. Если сервер настроен соответствующим образом, в браузере откроется страница авторизации phpMyAdmin.
Реклама
Советы
- Если вы создали и настроили сервер с помощью другого сервиса (а не Apache), установите phpMyAdmin и скопируйте папку «phpMyAdmin» в корневую папку этого сервиса. Имя папки зависит от сервиса.
Реклама
Предупреждения
- phpMyAdmin нельзя запустить на компьютере, на котором нет соответствующих служб, связанных с сервером (например, службы Apache).
Реклама
Об этой статье
Эту страницу просматривали 123 719 раз.
Была ли эта статья полезной?
С помощью phpMyAdmin можно создавать, настраивать, редактировать, удалять базы данных и объекты баз данных на сервере под управлением MySQL. Для работы веб-приложения phpMyAdmin, на сервере уже должны быть установлены и настроены веб-сервер IIS, работающий в связке с PHP и сервер баз данных MySQL.Если указанные приложения не установлены, можно воспользоваться инструкциями: Как установить и настроить PHP на Windows Server, Как установить и настроить веб-сервер IIS на Windows Server, Как установить и настроить MySQL на Windows Server.
Для выполнения всех дальнейших действий, предполагается, что программы IIS, PHP, MySQL уже установлены и работают.
Приступим к установке.
1. В папке C:\inetpub\wwwroot создайте папку phpmyadmin
2. Перейдите на страницу Download phpMyAdmin и скачайте мультиязычный пакет *.all-languages.zip
3. Разархивируйте скачанный архив в ранее созданную папку C:\inetpub\wwwroot\phpmyadmin
4. Установка завершена. Откройте страницу http://localhost/phpmyadmin/, должна отобразиться стандартная форма входа в панель phpmyadmin
4.1 Примечание к установке.
На этом этапе при открытии страницы http://localhost/phpmyadmin/, возможны такие ошибки:
4.1.1 Ошибка 1. Не найден обработчик. При этом страница с ошибкой выглядит так:
Решение: создать обработчик php файлов для веб-сервера. На скриншотах ниже указано как это можно сделать.
4.1.2 Ошибка 2. Не найдено PHP расширение (модуль). Например, mysqli (как на скриншоте)
Решение: включить необходимое расширение в файле php.ini и перезапустить веб-сервер IIS. Файл php.ini находится в папке, куда ранее был установлен PHP (в нашем примере это папка C:\php\). Для включения необходимого расширения, необходимо найти его по названию в файле php.ini и раскомментировать (убрать вначале строки символ ; ) строку с именем расширения.
После сохранения файла php.ini необходимо перезапустить веб-сервер
5. В корневой папке phpmyadmin необходимо найти файл config.sample.inc.php и переименовать его в config.inc.php. Далее откройте config.inc.php в блокноте или другом тектовом редакторе (рекомендуем Notepad++) и раскомментируйте (уберите вначале строки символы //) такие строки:
$cfg[‘Servers’][$i][‘pmadb’] = ‘phpmyadmin’;
$cfg[‘Servers’][$i][‘bookmarktable’] = ‘pma__bookmark’;
$cfg[‘Servers’][$i][‘relation’] = ‘pma__relation’;
$cfg[‘Servers’][$i][‘table_info’] = ‘pma__table_info’;
$cfg[‘Servers’][$i][‘table_coords’] = ‘pma__table_coords’;
$cfg[‘Servers’][$i][‘pdf_pages’] = ‘pma__pdf_pages’;
$cfg[‘Servers’][$i][‘column_info’] = ‘pma__column_info’;
$cfg[‘Servers’][$i][‘history’] = ‘pma__history’;
$cfg[‘Servers’][$i][‘table_uiprefs’] = ‘pma__table_uiprefs’;
$cfg[‘Servers’][$i][‘tracking’] = ‘pma__tracking’;
Дополнительно замените слово localhost на 127.0.0.1
Сохраните файл config.inc.php.
6. В браузере переходим на страницу http://127.0.0.1/phpmyadmin и логинимся с учетными данными пользователя root, пароль которого был создан при установке на сервер MySQL.
7. Для хранения служебной информации, phpmyadmin использует собственную базу данных, которую мы сейчас создадим. Также создадим пользователя с полными правами на данную базу данных. Для создания базы данных, воспользуемся готовым дампом, предоставленным разработчиками в файле create_tables.sql. Данный файл находится в подпапке sql. Для импорта данного дампа, находясь на главной странице phpmyadmin перейдите на вкладку Импорт
выберите файл create_tables.sql
нажмите кнопку Import (в самом низу формы) и дождитесь завершения импорта базы данных.
Теперь в списке должна появиться база данных phpmyadmin
Теперь создадим учетную запись MySQL и предоставим права доступа на только что созданную базу данных. Для этого перейдите в базу данных phpmyadmin и нажмите Привелегии / Privileges — Добавить пользователя / Add user account
Заполните поля формы, как указано на скриншоте
В файле config.inc.php необходимо раскомментировать строки и прописать данные доступа ранее созданного пользователя pma
$cfg[‘Servers’][$i][‘controluser’] = ‘pma’;
$cfg[‘Servers’][$i][‘controlpass’] = ‘pmapass’;
pmapass — пароль пользователя pma
В данной статье мы научились устанавливать phpMyAdmin на Windows Server.
Table of Contents
- Introduction
- Prerequisites
- Installation on Windows
- Installation on Mac OS
- Installation on Ubuntu
- Secure Your phpMyAdmin Instance
- Update and Upgrade phpMyAdmin
- Advanced Configuration
- Connecting to Multiple Servers
- Enabling Advanced Features
- Custom Themes
- Conclusion
Introduction
phpMyAdmin is a free and open-source administration tool for MySQL and MariaDB. With a robust web interface, it allows users to interact with their database servers, providing a user-friendly environment for managing databases, tables, columns, relations, indexes, users, permissions, and much more. This tutorial guides you through the steps of setting up phpMyAdmin on Windows, Mac OS, and Ubuntu systems. We will start with the basics and move towards more advanced configurations, including security settings and custom configurations.
Prerequisites
Before we begin, ensure that you have:
- A running web server (Apache/Nginx).
- MySQL or MariaDB installed.
- PHP installed with necessary extensions (mbstring, zip, and gd).
Installation on Windows
For Windows users, the easiest way to get phpMyAdmin up and running is through a software bundle like XAMPP:
- 1. Download XAMPP from https://www.apachefriends.org/index.html
- 2. Run the installer and select Apache, MySQL, PHP, and phpMyAdmin
- 3. Follow the on-screen instructions to complete the installation
- 4. Start Apache and MySQL from the XAMPP control panel
Once the servers are running, you can access phpMyAdmin at http://localhost/phpmyadmin.
Installation on Mac OS
Mac users can install phpMyAdmin with Homebrew:
1. Install Homebrew (if not installed):
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" 2. Update Homebrew:
brew update 3. Install phpMyAdmin:
brew install phpmyadminFollow the prompts, and configure your webserver to use the phpMyAdmin install, which is usually in /usr/local/share/phpmyadmin. You’ll then be able to access it at http://localhost/phpmyadmin.
Installation on Ubuntu
Ubuntu users can install phpMyAdmin from the official package repositories:
1. Update your system package repository:
sudo apt update 2. Install phpMyAdmin and its dependencies:
sudo apt install phpmyadmin php-mbstring php-zip php-gdYou’ll be asked to choose a web server; select Apache. When the installation is complete, enable the PHP extensions and restart your web server:
sudo phpenmod mbstring
sudo systemctl restart apache2Access phpMyAdmin at http://your_server_ip/phpmyadmin to manage your databases.
Secure Your phpMyAdmin Instance
After installing phpMyAdmin, it’s crucial to secure your instance. Update the default configuration file to enhance security:
<Directory /usr/share/phpmyadmin>
Options FollowSymLinks
DirectoryIndex index.php
<IfModule mod_php5.c>
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/tmp/
</IfModule>
</Directory>
# Secure phpMyAdmin using .htaccess
<Directory /usr/share/phpmyadmin>
AllowOverride All
</Directory>
# Restrict by IP address (Change 'your_IP_address' with your actual IP)
Order Deny,Allow
Deny from All
Allow from your_IP_addressRemember, always use strong, unique passwords for your accounts, and consider setting up Two-Factor Authentication (2FA) for an extra layer of security.
Update and Upgrade phpMyAdmin
Keeping phpMyAdmin up-to-date is crucial for your database’s security. To update:
# For Ubuntu systems:
sudo apt update
sudo apt upgrade phpmyadmin
# For systems with Homebrew:
brew update
brew upgrade phpmyadmin
# For Windows (via XAMPP), typically you would download a newer version of the XAMPP installer or update the phpMyAdmin directory manuallyAlways make sure to back up your configurations and databases before performing an upgrade.
Advanced Configuration
For advanced users, configuring phpMyAdmin to recognize multiple servers, enable advanced features, and set up themes can be done by editing the config.inc.php file, usually located within the installation directory.
Connecting to Multiple Servers
$cfg['Servers'][$i]['host'] = 'localhost'; // MySQL hostname
$cfg['Servers'][$i]['port'] = ''; // MySQL port
$cfg['Servers'][$i]['connect_type'] = 'tcp'; // Connection type
$cfg['Servers'][$i]['compress'] = false; // Use compression for the MySQL connection
$cfg['Servers'][$i]['auth_type'] = 'cookie'; // Authentication method (config, http or cookie based)?Enabling Advanced Features
Enabling features like bookmarking queries, browsing history, and designer settings can be done as follows:
$cfg['Bookmark']['enabled'] = true;
$cfg['History']['enabled'] = true;
$cfg['Designer']['enabled'] = true;Custom Themes
phpMyAdmin supports themes, which can be downloaded from the official website. After downloading and extracting a theme, place the theme directory in ./themes/ within your phpMyAdmin directory. Change the theme by selecting it within the phpMyAdmin interface under the ‘Appearance Settings’ section.
Conclusion
This tutorial provided a comprehensive guide to setting up phpMyAdmin on various operating systems including Windows, Mac OS, and Ubuntu. Remember, security should be your top priority when configuring phpMyAdmin, and always keep your instance well-maintained by applying the latest updates and upgrades.
phpMyAdmin – простое приложение с открытым исходным кодом, позволяющее управлять базами данных MySQL. С его помощью можно администрировать пользователей, создавать и редактировать таблицы, а также проводить экспорт и импорт данных в них. Удобство состоит в том, что все эти операции можно проводить в веб-интерфейсе. Я расскажу, как установить phpMyAdmin на компьютер и на сервер.
Установка phpMyAdmin на компьютер
Прежде чем начать установку phpMyAdmin, убедитесь, что у вас установлены и настроены сервер Apache, PHP и базы данных MySQL. Еще нужно соединение с сервером по защищенному туннелю SSH. Этот способ скорее можно назвать ручным.
Сперва советуем скачать архив приложения с официального русскоязычного сайта. Выбираем любую удобную версию и жмем по ссылке для начала загрузки.
Как только процесс загрузки завершится, распакуем архив. Затем переходим в папку htdocs, расположенную на системном диске в директории «Apache». Сюда вставляем папку из архива, потом переименовываем ее в phpmyadmin.
Теперь открываем папку «PHP» и находим в ней файл «php.ini-production». Переименовываем его в php.ini, а потом открываем с помощью «Блокнота». Находим в тексте строчки «extension=php_mysqli.dll» и «extension=php_mbstring.dll» и удаляем в них символ точки с запятой. Сохраняем изменения, выходим из блокнота.
Если все сделано правильно, то после введения в адресной строке браузера запроса http://localhost будет открываться страница авторизации phpMyAdmin.
Комьюнити теперь в Телеграм
Подпишитесь и будьте в курсе последних IT-новостей
Подписаться
Установка phpMyAdmin на сервер
Процедура установки инструмента phpMyAdmin на сервер отличается для разных операционных систем. Требования примерно те же – соединение по защищенному туннелю SSH, предустановленное программное обеспечение PHP, MySQL, Nginx или Apache.
Ubuntu
Перед установкой phpMyAdmin на сервере с ОС Ubuntu прежде всего необходимо проверить, имеется ли расширение PHP для редактирования текстовых строк в формате юникода. Для этого в командной строке вводим вот такой запрос:
sudo apt install php-mbstring
После завершения обновления можно приступать к установке нужного нам инструмента на сервер.
sudo apt install phpmyadmin
Как только данная команда активируется, откроется установщик. В нем будет предложен выбор веб-сервера для работы с приложением в дальнейшем. С помощью пробела выбираем пункт «apache», потом отмечаем кнопку ОК для применения изменений.
Если на вашем сервере установлен Nginx, на этом моменте просто выберите соответствующий пункт.
Далее будет предложено создание баз данных для данного ПО, в которой будет вся служебная информация. Соглашаемся, нажав на кнопку «Да», и идем дальше.
Следующий этап – создание пароля для собственного профиля. Можно придумать новый или оставить поле пустым, чтобы сервис сгенерировал случайную комбинацию. Потом, если мы все же придумали свой пароль, его следует подтвердить.
Но установка phpMyAdmin на сервер не завершена. Нам необходимо включить расширения PHP mcrypt и mbstring, используя для этого нижеуказанные команды:
sudo phpenmod mcrypt sudo phpenmod mbstring
Чтобы применить все изменения, перезапускаем сервер Apache с помощью специального запроса:
sudo systemctl restart apache2
Debian
В случае с Debian был заранее предустановлен стек LEMP, включающий NGINX, MySQL и PHP. Но если что-то из всего этого на сервере отсутствует, можно задать в терминале вот такую команду:
apt install nginx php-fpm mysql-server
Ждем завершения скачивания и установки всех пакетов. Еще для защиты аутентификации рекомендуется установить сертификат SSL/TLS для передачи зашифрованного трафика.
Так как в Debian большинство программ в репозиториях отсутствует, необходимо будет вручную добавить пункт с phpMyAdmin. Сперва открываем файл «sources.list» в редакторе вот такой командой:
nano /etc/apt/sources.list
Теперь вносим кое-какие изменения в самом конце файла, добавив следующие строчки:
deb http://deb.debian.org/debian/ stretch main contrib non-free deb-src http://deb.debian.org/debian/ stretch main contrib non-free
Сохраняем изменения и выходим из редактора. Теперь надо обновить базы данных в терминале с помощью такого запроса:
apt-get update
А вот теперь можно приступать непосредственно к скачиванию нужного нам приложения. Вписываем следующую команду:
apt-get install phpmyadmin
Так как у нас заранее предустановлен Nginx, в момент настройки нам не нужно будет выбирать веб-сервер. Просто пропускаем этот пункт, нажав на кнопку «Tab», а затем кликнув на ОК.
Выйдет новое окно в мастере установки, запрашивающее разрешение на использование «dbconfig-common». Данный параметр позволит настроить базу данных и пользователя с правами администратора для программы phpMyAdmin. Поэтому выбираем пункт «Да» и идем дальше.
Точно так же, как было описано ранее, создаем собственный пароль или оставляем поле пустым для генерации случайного. Теперь ждем, когда все пакеты ПО будут до конца установлены. Для проверки в адресной строке браузера вбиваем адрес http://доменное_имя или IP/phpmyadmin.
CentOS
Здесь тоже заранее инсталлированы модули PHP и Apache. Чтобы установить phpMyAdmin на CentOS, прежде всего понадобится скачать расширенный репозиторий EPEL. Для этого мы задаем вот такую команду:
yum install epel-release
Если указанный репозиторий не скачать, командная строка может дать ошибку типа «пакета с названием phpmyadmin не найдено».
Скачивание пакета завершено, теперь можем приступать к скачиванию самой программы, и даем для этого следующий запрос:
yum install phpmyadmin
Потом устанавливаем модули PHP для нормальной работы панели управления базами данных, и делается это одним запросом:
yum install php-json php-mbstring php-mysqli
Возможно, они уже были установлены ранее, но все же стоит дополнительно выполнить проверку. Потом перезапускаем сервер для принятия всех внесенных изменений.
systemctl restart httpd
Понадобится настроить виртуальный домен, создав для этого специальный конфигурационный файл.
vi /etc/httpd/conf.d/phpMyAdmin.conf
Содержание его при этом должно быть таково:
<VirtualHost *:80>
Define root_domain phpmyadmin.dmosk.local
Define root_path /usr/share/phpMyAdmin
ServerName ${root_domain}
ServerAlias www.${root_domain}
DocumentRoot ${root_path}
<Directory /usr/share/phpMyAdmin>
AllowOverride All
Options Indexes ExecCGI FollowSymLinks
Require all granted
</Directory>
</VirtualHost>
Сохраняем изменения и закрываем редактор. Затем проверяем корректность настроек вот такой командой:
apachectl configtest
Если ошибки не возникли, перезапускаем сервер. Если же возникли, заново вносим изменения в только что созданный файл.
Дополнительно можно еще создать отдельный каталог для хранения временных файлов с помощью такого запроса:
mkdir /usr/share/phpMyAdmin/tmp
Потом потребуется задать для нее владельца и соответствующие права специальными командами:
chown apache:apache /usr/share/phpMyAdmin/tmp chmod 755 /usr/share/phpMyAdmin/tmp
Настройка завершена. Теперь можно открыть страницу с виртуальным доменом. В результате мы должны попасть на страницу с формой для ввода имени пользователя и пароля.