To manually create the file, simply use your text editor to create the file config.inc.php (in this case we just copy config.sample.inc.php to config.inc.php to get minimal configuration file) in the main (top-level) phpmyadmin directory (the one that contains index.php).
phpmyadmin first loads libraries/config.default.php and then overrides those values with anything found in config.inc.php. If the default value is okay for a particular setting, there is no need to include it in config.inc.php.
Open config.inc.php in Windows WordPad. You'll need a few modifications to get phpmyadmin working; a simple configuration may look like the following:
<?php$cfg['blowfish_secret'] = 'ajrkt4l6fv92j800'; // use here a value of your choice$i=0;$i++;$cfg['Servers'][$i]['auth_type'] = 'cookie';?>
Or, if you prefer to not be prompted every time you log in, modify the config file as follows (we skip this step at this stage). However, using MySQL root user is not recommended. You need to create new MySQL user with appropriate permissions to be used by phpmyadmin (shown later).
<?php$i=0;$i++;$cfg['Servers'][$i]['user'] = 'root';$cfg['Servers'][$i]['password'] = 'xxxxxxx'; // use here your password$cfg['Servers'][$i]['auth_type'] = 'config';?>
For a full explanation of possible configuration values, see the Configuration Section of the phpmyadmin documentation.
Instead of manually editing config.inc.php, you can use the Setup Script. First you must manually create a folder named config in the phpmyadmin directory. This is a security measure. On a Linux/Unix system you can use the following commands:
cd phpMyAdminmkdir config # create directory for savingchmod o+rw config # give it world writable permissions
On other platforms, simply create the folder and ensure that your web server has read and write access to it. For Windows you can configure the folder properties (chmod) through Security page. Right-click on the phpmyadmin folder and choose Properties. Under the tab Security, click on "Add" and select the user "IUSR_machine" from the list. Now set his permissions and it should work.
You can verify the Internet account through Computer Management snap-in.
For Unix/Linux, to edit an existing configuration, copy it over first:
cp config.inc.php config/ # copy current configuration for editingchmod o+w config/config.inc.php # give it world writable permissions
Next, open setup/ in your browser. Note that changes are not saved to disk until explicitly choose Save from the Configuration area of the screen. Normally the script saves the new config.inc.php to the config directory, but if the web server does not have the proper permissions you may see the error "Cannot load or save configuration" Ensure that the config directory exists and has the proper permissions or upload (via FTP or some similar means) to the proper location. Once the file has been saved, it must be moved out of the config directory and the permissions must be reset, again as a security measure:
mv config/config.inc.php . # move file to current directorychmod o-rw config.inc.php # remove world read and write permissionsrm -rf config # remove the unneeded directory
For Windows as in this case, just delete the config folder. Now the file is ready to be used. You can choose to review or edit the file with your favorite editor, if you prefer to set some advanced options which the setup script does not provide.
If you are using the auth_type "config", it is suggested that you protect the phpmyadmin installation directory because using config does not require a user to enter a password to access the phpmyadmin installation. Use of an alternate authentication method is recommended, for example with HTTP–AUTH in a .htaccess file or switch to using auth_type cookie or http.
Open the main phpmyadmin directory in your browser. phpmyadmin should now display a welcome screen and your databases, or a login dialog if using HTTP or cookie authentication mode. You should deny access to the ./libraries and ./setup/lib subfolders in your web server configuration.
For Apache you can use supplied .htaccess file in that folder, for other webservers, you should configure this yourself. Such configuration prevents from possible path exposure and cross side scripting vulnerabilities that might happen to be found in that code. It is generally good idea to protect public phpmyadmin installation against access by robots as they usually cannot do anything good there. You can do this using robots.txt file in root of your webserver or limit access by web server configuration. You can find example .htaccess file which can help you achieve this in contrib directory in phpmyadmin.