{
# phpmyadmin
  my $status = $phpmyadmin{'status'} || 'disabled';

    if ($status eq 'enabled') 
  {
    $OUT .="#-------------------------------------------------\n";
    $OUT .="# phpMyAdmin settings from smeserver-phpmyadmin\n";
    $OUT .="#-------------------------------------------------\n";
    $OUT .="\n";

  my $adminaccess = ($phpmyadmin{'adminaccess'} || 'enabled');
  my $multiaccess = ($phpmyadmin{'multiaccess'} || 'disabled');
    if (("$adminaccess" eq "enabled") || ("$multiaccess" eq "enabled"))
    {
      $OUT .= "Alias /phpmyadmin /usr/share/phpMyAdmin\n";
    }
    else
    {
      $OUT .= "# phpMyAdmin Admin access disabled\n";
    }

    if ("$multiaccess" eq "enabled")
    {
      $OUT .= "Alias /phpmyadmin-multi /usr/share/phpMyAdmin\n";
    }
    else
    {
      $OUT .= "# phpMyAdmin Multiuser access disabled\n";
    }

    # Location overrides Directory for access control and default is RequireAny
    # we need to repeat the Require ip section for both context to filter both admin and multiuser access.
    if ("$adminaccess" eq "enabled"){
    $OUT .= qq(
<Location /phpmyadmin>
    AuthName "phpmyadmin"
    AuthType Basic
    AuthBasicProvider external
    AuthExternal pwauth
    <RequireAll>
      require user admin
      );
    $OUT .= (($phpmyadmin{access} || 'private' ) eq "public" ) ?  "      Require all granted": "      Require ip $localAccess $externalSSLAccess";
    $OUT .= qq(
    </RequireAll>
</Location>) ;
    }

    $OUT .= qq(
<Directory /usr/share/phpMyAdmin>
    AddDefaultCharset UTF-8
    SSLRequireSSL
    Options -Indexes
    AllowOverride None
    <RequireAll>
    );
    $OUT .= (($phpmyadmin{access} || 'private' ) eq "public" ) ?  "      Require all granted": "      Require ip $localAccess $externalSSLAccess";
    $OUT .= qq(
    </RequireAll>
    );

    # we unset CSP from httpd to allow phpmyadmin to do its own 
    $OUT .= "    Header unset Content-Security-Policy\n";
    # we do not want people to mess with this for the moment
    my $version =  '83';

    $OUT .= qq(
    AddType application/x-httpd-php .php 
    <FilesMatch .php\$\>
      SetHandler "proxy:unix:/var/run/php-fpm/php$version-phpmyadmin.sock|fcgi://localhost"
    </FilesMatch>
    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=\$1
</Directory>


# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/setup/>
    Require all denied
</Directory>


<Directory /usr/share/phpMyAdmin/libraries/>
    Require all denied
</Directory>

<Directory /usr/share/phpMyAdmin/setup/lib/>
    Require all denied
</Directory>

<Directory /usr/share/phpMyAdmin/setup/frames/>
    Require all denied
</Directory>

# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc.  This may break your mod_security implementation.
<IfModule mod_security.c>
    <Directory /usr/share/phpMyAdmin/>
        SecRuleInheritance Off
    </Directory>
</IfModule>
);

  }
    else 
    {
      $OUT .= "# phpmyadmin is disabled";
    }
}

