beenull/adminerevo
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Cottage homework

Browse source 
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@77 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
jakubvrana 2007-07-09 06:12:22 +00:00
parent 505b79d82c
commit 430034c38a
18 changed files with 420 additions and 191 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
_compile.php
View file

@ -38,6 +38,7 @@ $file = preg_replace_callback('~(<\\?php)?\\s*(include|require)(_once)? "([^"]*)
if ($_SESSION["lang"]) {
$file = preg_replace_callback("~(<\\?php\\s*echo )?lang\\('((?:[^\\\\']*|\\\\.)+)'\\)(;\\s*\\?>)?~s", 'remove_lang', $file);
$file = str_replace("<?php switch_lang(); ?>\n", "", $file);
$file = str_replace("<?php echo get_lang(); ?>", $_SESSION["lang"], $file);
}
//! remove spaces and comments
file_put_contents($filename, $file);

19
_lang.php
View file

@ -4,17 +4,18 @@ if ($_SERVER["argc"] > 1) {
exit(1);
}
$messages = array();
$messages_all = array();
foreach (glob("*.php") as $filename) {
$file = file_get_contents($filename);
preg_match_all("~lang\\(('(?:[^\\\\']*|\\\\.)+')\\)~s", $file, $matches);
$messages += array_flip($matches[1]);
preg_match_all("~lang\\(('(?:[^\\\\']*|\\\\.)+')[),]~s", $file, $matches);
$messages_all += array_flip($matches[1]);
}
$file = file_get_contents("lang.inc.php");
preg_match_all("~\n\t\t'.*' => array\\(\n(.*\n)\t\t\\)~sU", $file, $translations, PREG_OFFSET_CAPTURE);
foreach ($translations[1] as $translation) {
preg_match_all("~^(\\s*(?:// )?)(('(?:[^\\\\']*|\\\\.)+') => .*[^,\n]),?~m", $translation[0], $matches, PREG_SET_ORDER);
preg_match_all("~\n\t\t'(.*)' => array\\(\n(.*\n)\t\t\\)~sU", $file, $translations, PREG_OFFSET_CAPTURE);
foreach (array_reverse($translations[2], true) as $key => $translation) {
$messages = $messages_all;
preg_match_all("~^(\\s*)(?:// )?(('(?:[^\\\\']*|\\\\.)+') => .*[^,\n]),?~m", $translation[0], $matches, PREG_SET_ORDER);
$s = "";
foreach ($matches as $match) {
if (isset($messages[$match[3]])) {
@ -24,8 +25,10 @@ foreach ($translations[1] as $translation) {
$s .= "$match[1]// $match[2],\n";
}
}
foreach($messages as $key => $val) {
$s .= "\t\t\t$key => '',\n";
if ($translations[1][$key][0] != 'en') {
foreach($messages as $key => $val) {
$s .= "\t\t\t$key => '',\n";
}
}
$file = substr_replace($file, $s, $translation[1], strlen($translation[0]));
}

15
auth.inc.php
View file

@ -11,6 +11,7 @@ if (isset($_POST["server"])) {
} elseif (isset($_GET["logout"])) {
unset($_SESSION["usernames"][$_GET["server"]]);
unset($_SESSION["passwords"][$_GET["server"]]);
$_SESSION["tokens"][$_GET["server"]] = array();
}
$username = $_SESSION["usernames"][$_GET["server"]];
@ -18,8 +19,9 @@ $password = $_SESSION["passwords"][$_GET["server"]];
if (isset($_GET["logout"]) || !@mysql_connect(
(strlen($_GET["server"]) ? $_GET["server"] : ini_get("mysql.default_host")),
(strlen("$_GET[server]$username") ? $username : ini_get("mysql.default_user")),
(strlen("$_GET[server]$username$password") ? $password : ini_get("mysql.default_password")))
) {
(strlen("$_GET[server]$username$password") ? $password : ini_get("mysql.default_password")),
false, 131072 // CLIENT_MULTI_RESULTS for CALL
)) {
page_header(lang('Login'));
if (isset($_GET["logout"])) {
echo "<p class='message'>" . lang('Logout successful.') . "</p>\n";
@ -30,17 +32,17 @@ if (isset($_GET["logout"]) || !@mysql_connect(
<form action="" method="post">
<table border="0" cellspacing="0" cellpadding="2">
<tr><th><?php echo lang('Server'); ?>:</th><td><input name="server" value="<?php echo htmlspecialchars($_GET["server"]); ?>" maxlength="60" /></td></tr>
<tr><th><?php echo lang('Username'); ?>:</th><td><input name="username" value="<?php echo htmlspecialchars($_SESSION["usernames"][$_GET["server"]]); ?>" maxlength="16" /></td></tr>
<tr><th><?php echo lang('Username'); ?>:</th><td><input name="username" value="<?php echo htmlspecialchars($username); ?>" maxlength="16" /></td></tr>
<tr><th><?php echo lang('Password'); ?>:</th><td><input type="password" name="password" /></td></tr>
<tr><th><?php
foreach ($_POST as $key => $val) { // expired session
if (is_array($val)) {
foreach ($val as $key2 => $val2) {
if (!is_array($val2)) {
echo '<input type="hidden" name="' . htmlspecialchars($key . "[$key2]") . ' value="' . htmlspecialchars($val2) . '" />';
echo '<input type="hidden" name="' . htmlspecialchars($key . "[$key2]") . '" value="' . htmlspecialchars($val2) . '" />';
} else {
foreach ($val2 as $key3 => $val3) {
echo '<input type="hidden" name="' . htmlspecialchars($key . "[$key2][$key3]") . ' value="' . htmlspecialchars($val3) . '" />';
echo '<input type="hidden" name="' . htmlspecialchars($key . "[$key2][$key3]") . '" value="' . htmlspecialchars($val3) . '" />';
}
}
}
@ -48,6 +50,9 @@ if (isset($_GET["logout"]) || !@mysql_connect(
echo '<input type="hidden" name="' . htmlspecialchars($key) . '" value="' . htmlspecialchars($val) . '" />';
}
}
foreach ($_FILES as $key => $val) {
echo '<input type="hidden" name="files[' . htmlspecialchars($key) . ']" value="' . ($val["error"] ? $val["error"] : base64_encode(file_get_contents($val["tmp_name"]))) . '" />';
}
?></th><td><input type="submit" value="<?php echo lang('Login'); ?>" /></td></tr>
</table>
</form>

1
connect.inc.php
View file

@ -10,4 +10,3 @@ if (!(strlen($_GET["db"]) ? mysql_select_db($_GET["db"]) : isset($_GET["sql"]) |
exit;
}
mysql_query("SET CHARACTER SET utf8");
mysql_query("SET SQL_QUOTE_SHOW_CREATE=1");

54
create.inc.php
View file

@ -1,7 +1,7 @@
<?php
$types = types();
$unsigned = array("", "unsigned", "zerofill", "unsigned zerofill");
if ($_POST && !$_POST["add"]) {
if ($_POST && !$error && !$_POST["add"]) {
if ($_POST["drop"]) {
$query = "DROP TABLE " . idf_escape($_GET["create"]);
$message = lang('Table has been dropped.');
@ -28,15 +28,19 @@ if ($_POST && !$_POST["add"]) {
. idf_escape($field["field"]) . " $field[type]"
. ($field["length"] ? "($field[length])" : "")
. (preg_match('~int|float|double|decimal~', $field["type"]) && in_array($field["unsigned"], $unsigned) ? " $field[unsigned]" : "")
. (preg_match('~char|text~', $field["type"]) && $field["collation"] ? " COLLATE '" . mysql_real_escape_string($field["collation"]) . "'" : "")
. (preg_match('~char|text|enum|set~', $field["type"]) && $field["collation"] ? " COLLATE '" . mysql_real_escape_string($field["collation"]) . "'" : "")
. ($field["null"] ? "" : " NOT NULL")
. ($key == $_POST["auto_increment"] ? " AUTO_INCREMENT$auto_increment_index" : "")
. " COMMENT '" . mysql_real_escape_string($field["comment"]) . "'"
;
} elseif (strlen($field["orig"])) {
$fields[] = "DROP " . idf_escape($field["orig"]);
}
}
$status = ($_POST["Engine"] ? " ENGINE='" . mysql_real_escape_string($_POST["Engine"]) . "'" : "") . ($_POST["Collation"] ? " COLLATE '" . mysql_real_escape_string($_POST["Collation"]) . "'" : "");
$status = ($_POST["Engine"] ? " ENGINE='" . mysql_real_escape_string($_POST["Engine"]) . "'" : "")
. ($_POST["Collation"] ? " COLLATE '" . mysql_real_escape_string($_POST["Collation"]) . "'" : "")
. " COMMENT='" . mysql_real_escape_string($_POST["Comment"]) . "'"
;
if (strlen($_GET["create"])) {
$query = "ALTER TABLE " . idf_escape($_GET["create"]) . " " . implode(", ", $fields) . ", RENAME TO " . idf_escape($_POST["name"]) . ", $status";
$message = lang('Table has been altered.');
@ -57,6 +61,9 @@ if ($_POST) {
echo "<p class='error'>" . lang('Unable to operate table') . ": " . htmlspecialchars($error) . "</p>\n";
}
$row = $_POST;
if ($row["auto_increment"]) {
$row["fields"][$row["auto_increment"]]["auto_increment"] = true;
}
} elseif (strlen($_GET["create"])) {
$row = mysql_fetch_assoc(mysql_query("SHOW TABLE STATUS LIKE '" . mysql_real_escape_string($_GET["create"]) . "'"));
$row["name"] = $_GET["create"];
@ -64,7 +71,9 @@ if ($_POST) {
} else {
$row = array("fields" => array());
}
//! default, comments
if (!$_POST || $_POST["add"]) {
$row["fields"][] = array();
}
$collations = collations();
?>
<form action="" method="post" id="form">
@ -74,46 +83,53 @@ $collations = collations();
<select name="Collation"><option value="">(<?php echo lang('collation'); ?>)</option><?php echo optionlist($collations, $row["Collation"], "not_vals"); ?></select>
</p>
<table border="0" cellspacing="0" cellpadding="2">
<thead><tr><th><?php echo lang('Name'); ?></th><td><?php echo lang('Type'); ?></td><td><?php echo lang('Length'); ?></td><td><?php echo lang('Options'); ?></td><td><?php echo lang('NULL'); ?></td><td><input type="radio" name="auto_increment" value="" /><?php echo lang('Auto-increment'); ?></td></tr></thead>
<thead><tr><th><?php echo lang('Name'); ?></th><td><?php echo lang('Type'); ?></td><td><?php echo lang('Length'); ?></td><td><?php echo lang('Options'); ?></td><td><?php echo lang('NULL'); ?></td><td><input type="radio" name="auto_increment" value="" /><?php echo lang('Auto Increment'); ?></td><td id="comment-0"><?php echo lang('Comment'); ?></td></tr></thead>
<?php
$i=1;
$column_comments = false;
foreach ($row["fields"] as $field) {
if (strlen($field["field"]) || strlen($field["orig"])) {
?>
?>
<tr>
<th><input type="hidden" name="fields[<?php echo $i; ?>][orig]" value="<?php echo htmlspecialchars($field[($_POST ? "orig" : "field")]); ?>" /><input name="fields[<?php echo $i; ?>][field]" value="<?php echo htmlspecialchars($field["field"]); ?>" maxlength="64" /></th>
<td><select name="fields[<?php echo $i; ?>][type]" onchange="type_change(this);"><?php echo optionlist(array_keys($types), $field["type"], "not_vals"); ?></select></td>
<td><input name="fields[<?php echo $i; ?>][length]" value="<?php echo htmlspecialchars($field["length"]); ?>" size="3" /></td>
<td><select name="fields[<?php echo $i; ?>][collation]"><option value="">(<?php echo lang('collation'); ?>)</option><?php echo optionlist($collations, $field["collation"], "not_vals"); ?></select> <select name="fields[<?php echo $i; ?>][unsigned]"><?php echo optionlist($unsigned, $field["unsigned"], "not_vals"); ?></select></td>
<td><input type="checkbox" name="fields[<?php echo $i; ?>][null]" value="1"<?php if ($field["null"]) { ?> checked="checked"<?php } ?> /></td>
<td><input type="radio" name="auto_increment" value="<?php echo $i; ?>"<?php if ($row["auto_increment"] == $i || $field["extra"] == "auto_increment") { ?> checked="checked"<?php } ?> /></td>
<td><input type="radio" name="auto_increment" value="<?php echo $i; ?>"<?php if ($field["auto_increment"]) { ?> checked="checked"<?php } ?> /></td>
<td id="comment-<?php echo $i; ?>"><input name="fields[<?php echo $i; ?>][comment]" value="<?php echo htmlspecialchars($field["comment"]); ?>" maxlength="255" /></td>
</tr>
<?php
$i++;
if (strlen($field["comment"])) {
$column_comments = true;
}
$i++;
}
//! JavaScript for next rows
?>
<tr>
<th><input name="fields[<?php echo $i; ?>][field]" maxlength="64" /></th>
<td><select name="fields[<?php echo $i; ?>][type]" onchange="type_change(this);"><?php echo optionlist(array_keys($types), array(), "not_vals"); ?></select></td>
<td><input name="fields[<?php echo $i; ?>][length]" size="3" /></td>
<td><select name="fields[<?php echo $i; ?>][collation]"><option value="">(<?php echo lang('collation'); ?>)</option><?php echo optionlist($collations, array(), "not_vals"); ?></select> <select name="fields[<?php echo $i; ?>][unsigned]"><?php echo optionlist($unsigned, array(), "not_vals"); ?></select></td>
<td><input type="checkbox" name="fields[<?php echo $i; ?>][null]" value="1" /></td>
<td><input type="radio" name="auto_increment" value="<?php echo $i; ?>" /></td>
</tr>
</table>
<p><?php echo lang('Comment'); ?>: <input name="Comment" value="<?php echo htmlspecialchars($row["Comment"]); ?>" maxlength="60" />
<script type="text/javascript">
function type_change(type) {
var name = type.name.substr(0, type.name.length - 6);
type.form[name + '[collation]'].style.display = (/char|text/.test(type.form[name + '[type]'].value) ? '' : 'none');
type.form[name + '[collation]'].style.display = (/char|text|enum|set/.test(type.form[name + '[type]'].value) ? '' : 'none');
type.form[name + '[unsigned]'].style.display = (/int|float|double|decimal/.test(type.form[name + '[type]'].value) ? '' : 'none');
}
for (var i=1; <?php echo $i; ?> >= i; i++) {
for (var i=1; <?php echo $i; ?> > i; i++) {
document.getElementById('form')['fields[' + i + '][type]'].onchange();
}
document.write('<input type="checkbox" id="column_comments"<?php if ($column_comments) { ?> checked="checked"<?php } ?> onclick="column_comments_click(this.checked);" /><label for="column_comments"><?php echo lang('Show column comments'); ?></label>');
function column_comments_click(checked) {
for (var i=0; <?php echo $i; ?> > i; i++) {
document.getElementById('comment-' + i).style.display = (checked ? '' : 'none');
}
}
<?php if (!$column_comments) { ?>column_comments_click(false);<?php } ?>
</script>
</p>
<p>
<input type="hidden" name="token" value="<?php echo $token; ?>" />
<input type="submit" value="<?php echo lang('Save'); ?>" />
<?php if (strlen($_GET["create"])) { ?><input type="submit" name="drop" value="<?php echo lang('Drop'); ?>" /><?php } ?>
</p>

3
database.inc.php
View file

@ -1,5 +1,5 @@
<?php
if ($_POST) {
if ($_POST && !$error) {
if ($_POST["drop"]) {
if (mysql_query("DROP DATABASE " . idf_escape($_GET["db"]))) {
redirect(substr(preg_replace('~(\\?)db=[^&]*&|&db=[^&]*~', '\\1', $SELF), 0, -1), lang('Database has been dropped.'));
@ -47,6 +47,7 @@ if ($_POST) {
<form action="" method="post"><div>
<input name="name" value="<?php echo htmlspecialchars($name); ?>" maxlength="64" />
<select name="collation"><option value="">(<?php echo lang('collation'); ?>)</option><?php echo optionlist(collations(), $collate, "not_vals"); ?></select>
<input type="hidden" name="token" value="<?php echo $token; ?>" />
<input type="submit" value="<?php echo lang('Save'); ?>" />
<?php if (strlen($_GET["db"])) { ?><input type="submit" name="drop" value="<?php echo lang('Drop'); ?>" /><?php } ?>
</div></form>

14
design.inc.php
View file

@ -3,7 +3,7 @@ function page_header($title) {
header("Content-Type: text/html; charset=utf-8");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="cs">
<html xmlns="http://www.w3.org/1999/xhtml" lang="<?php echo get_lang(); ?>">
<head>
<title><?php echo lang('phpMinAdmin') . " - $title"; ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
@ -14,7 +14,7 @@ A:visited { color: Navy; }
H1 { font-size: 150%; margin: 0; }
H2 { font-size: 150%; margin-top: 0; }
FIELDSET { float: left; padding: .5em; margin: 0; }
PRE { margin: 0; font-family: serif; }
PRE { margin: 0; margin: .12em 0; }
.error { color: Red; }
.message { color: Green; }
#menu { position: absolute; top: 8px; left: 8px; width: 15em; overflow: auto; white-space: nowrap; }
@ -63,18 +63,18 @@ function page_footer($missing = false) {
</form>
<?php
if ($missing != "db" && strlen($_GET["db"])) {
$result = mysql_query("SHOW TABLES");
$result = mysql_query("SHOW TABLE STATUS");
if (!mysql_num_rows($result)) {
echo "<p class='message'>" . lang('No tables.') . "</p>\n";
} else {
echo "<p>\n";
while ($row = mysql_fetch_row($result)) {
echo '<a href="' . htmlspecialchars($SELF) . 'select=' . urlencode($row[0]) . '">' . lang('select') . '</a> ';
echo '<a href="' . htmlspecialchars($SELF) . 'table=' . urlencode($row[0]) . '">' . htmlspecialchars($row[0]) . "</a><br />\n"; //! views
while ($row = mysql_fetch_assoc($result)) {
echo '<a href="' . htmlspecialchars($SELF) . 'select=' . urlencode($row["Name"]) . '">' . lang('select') . '</a> ';
echo '<a href="' . htmlspecialchars($SELF) . (isset($row["Engine"]) ? 'table' : 'view') . '=' . urlencode($row["Name"]) . '">' . htmlspecialchars($row["Name"]) . "</a><br />\n";
}
echo "</p>\n";
}
echo '<p><a href="' . htmlspecialchars($SELF) . 'create=">' . lang('Create new table') . "</a></p>\n"; //! rights
echo '<p><a href="' . htmlspecialchars($SELF) . 'create=">' . lang('Create new table') . "</a></p>\n";
mysql_free_result($result);
}
}

3
download.inc.php Normal file
View file

@ -0,0 +1,3 @@
<?php
header("Content-Type: application/octet-stream");
echo mysql_result(mysql_query("SELECT " . idf_escape($_GET["field"]) . " FROM " . idf_escape($_GET["download"]) . " WHERE " . implode(" AND ", where()) . " LIMIT 1"), 0);

18
dump.inc.php
View file

@ -27,18 +27,20 @@ function dump($db) {
}
echo "USE " . idf_escape($db) . ";\n";
echo "SET CHARACTER SET utf8;\n\n";
$result = mysql_query("SHOW TABLES");
while ($row = mysql_fetch_row($result)) {
$result1 = mysql_query("SHOW CREATE TABLE " . idf_escape($row[0]));
$result = mysql_query("SHOW TABLE STATUS");
while ($row = mysql_fetch_assoc($result)) {
$result1 = mysql_query("SHOW CREATE TABLE " . idf_escape($row["Name"]));
if ($result1) {
echo mysql_result($result1, 0, 1) . ";\n";
mysql_free_result($result1);
$result1 = mysql_query("SELECT * FROM " . idf_escape($row[0])); //! except views //! enum and set as numbers
if ($result1) {
while ($row1 = mysql_fetch_row($result1)) {
echo "INSERT INTO " . idf_escape($row[0]) . " VALUES ('" . implode("', '", array_map('mysql_real_escape_string', $row1)) . "');\n";
if (isset($row["Engine"])) {
$result1 = mysql_query("SELECT * FROM " . idf_escape($row["Name"])); //! enum and set as numbers
if ($result1) {
while ($row1 = mysql_fetch_row($result1)) {
echo "INSERT INTO " . idf_escape($row["Name"]) . " VALUES ('" . implode("', '", array_map('mysql_real_escape_string', $row1)) . "');\n";
}
mysql_free_result($result1);
}
mysql_free_result($result1);
}
echo "\n";
}

135
edit.inc.php
View file

@ -1,33 +1,51 @@
<?php
$fields = fields($_GET["edit"]);
$where = array();
foreach ((array) $_GET["where"] as $key => $val) {
$where[] = idf_escape($key) . " = BINARY '" . mysql_real_escape_string($val) . "'"; //! enum and set
$where = where();
$fields = array();
foreach (fields($_GET["edit"]) as $name => $field) {
if (isset($_GET["default"]) ? !$field["auto_increment"] : isset($field["privileges"][$where ? "update" : "insert"])) {
$fields[$name] = $field;
}
}
foreach ((array) $_GET["null"] as $key) {
$where[] = idf_escape($key) . " IS NULL";
}
if ($_POST) {
if ($_POST && !$error) {
if (isset($_POST["delete"])) {
$set = true;
$query = "DELETE FROM " . idf_escape($_GET["edit"]) . " WHERE " . implode(" AND ", $where) . " LIMIT 1";
$message = lang('Item has been deleted.');
} else {
$set = array();
foreach ($_POST["fields"] as $key => $val) {
$name = bracket_escape($key, "back");
$field = $fields[$name];
if (preg_match('~char|text|set~', $field["type"]) ? $_POST["null"][$key] : !strlen($val)) {
foreach ($fields as $name => $field) {
$key = bracket_escape($name);
$val = $_POST["fields"][$key];
if (preg_match('~char|text|set|binary|blob~', $field["type"]) ? $_POST["null"][$key] : !strlen($val)) {
$val = "NULL";
} elseif ($field["type"] == "enum") {
$val = intval($val);
$val = (isset($_GET["default"]) && preg_match_all("~'((?:[^']*|'')+)'~", $field["length"], $matches) ? "'" . $matches[1][$val-1] . "'" : intval($val));
} elseif ($field["type"] == "set") {
$val = array_sum((array) $val);
if (!isset($_GET["default"])) {
$val = array_sum((array) $val);
} else {
preg_match_all("~'((?:[^']*|'')+)'~", $field["length"], $matches);
$value = array();
foreach ((array) $val as $key => $v) {
$value[] = $matches[1][$key];
}
$val = "'" . implode(",", $value) . "'";
}
} elseif (preg_match('~binary|blob~', $field["type"])) {
$file = get_file($key);
if (!is_string($file) && !$field["null"]) {
continue; //! report errors, also empty $_POST - not only because of file upload
}
$val = "_binary'" . (is_string($file) ? mysql_real_escape_string($file) : "") . "'";
} else {
$val = "'" . mysql_real_escape_string($val) . "'";
}
$set[] = idf_escape($name) . " = $val";
$set[] = idf_escape($name) . (isset($_GET["default"]) ? ($val == "NULL" ? " DROP DEFAULT" : " SET DEFAULT $val") : " = $val");
}
if ($where) {
if (isset($_GET["default"])) {
$query = "ALTER TABLE " . idf_escape($_GET["edit"]) . " ALTER " . implode(", ALTER ", $set);
$message = lang('Default values has been set.');
} elseif ($where) {
$query = "UPDATE " . idf_escape($_GET["edit"]) . " SET " . implode(", ", $set) . " WHERE " . implode(" AND ", $where) . " LIMIT 1";
$message = lang('Item has been updated.');
} else {
@ -35,69 +53,82 @@ if ($_POST) {
$message = lang('Item has been inserted.');
}
}
if (mysql_query($query)) {
redirect($SELF . ($_POST["insert"] ? "edit=" : "select=") . urlencode($_GET["edit"]), $message);
if (!$set || mysql_query($query)) {
redirect($SELF . (isset($_GET["default"]) ? "table=" : ($_POST["insert"] ? "edit=" : "select=")) . urlencode($_GET["edit"]), ($set ? $message : null));
}
$error = mysql_error();
}
page_header(($_GET["where"] ? lang('Edit') : lang('Insert')) . ": " . htmlspecialchars($_GET["edit"]));
page_header((isset($_GET["default"]) ? lang('Default values') : ($_GET["where"] ? lang('Edit') : lang('Insert'))) . ": " . htmlspecialchars($_GET["edit"]));
if ($_POST) {
echo "<p class='error'>" . lang('Error during saving') . ": " . htmlspecialchars($error) . "</p>\n";
$data = $_POST["fields"];
foreach ($_POST["null"] as $key => $val) {
$data = (array) $_POST["fields"];
foreach ((array) $_POST["null"] as $key => $val) {
$data[$key] = null;
}
} elseif ($where) {
$select = array();
foreach ($fields as $name => $field) {
if (in_array("select", $field["privileges"]) && in_array(($where ? "update" : "insert"), $field["privileges"])) {
if (isset($field["privileges"]["select"]) && !preg_match('~binary|blob~', $field["type"])) {
$select[] = ($field["type"] == "enum" || $field["type"] == "set" ? "1*" . idf_escape($name) . " AS " : "") . idf_escape($name);
}
}
$data = ($select ? mysql_fetch_assoc(mysql_query("SELECT " . implode(", ", $select) . " FROM " . idf_escape($_GET["edit"]) . " WHERE " . implode(" AND ", $where) . " LIMIT 1")) : array());
} else {
$data = array();
unset($data);
}
?>
<form action="" method="post">
<form action="" method="post" enctype="multipart/form-data">
<table border="0" cellspacing="0" cellpadding="2">
<?php
$types = types();
$save_possible = false;
foreach ($fields as $name => $field) {
if (in_array(($where ? "update" : "insert"), $field["privileges"])) {
echo "<tr><th>" . htmlspecialchars($name) . "</th><td>";
$value = ($data ? $data[$name] : $field["default"]);
$name = htmlspecialchars(bracket_escape($name));
if ($field["type"] == "enum") {
$save_possible = true;
echo "<tr><th>" . htmlspecialchars($name) . "</th><td>";
$value = (isset($data) ? $data[$name] : $field["default"]);
$name = htmlspecialchars($_POST ? $name : bracket_escape($name));
if ($field["type"] == "enum") {
if (!isset($_GET["default"])) {
echo '<input type="radio" name="fields[' . $name . ']" value="0"' . ($value == "0" ? ' checked="checked"' : '') . ' />';
preg_match_all("~'((?:[^']*|'')+)'~", $field["length"], $matches);
foreach ($matches[1] as $i => $val) {
$id = "field-$name-" . ($i+1);
echo ' <input type="radio" name="fields[' . $name . ']" id="' . $id . '" value="' . ($i+1) . '"' . ($value == $i+1 ? ' checked="checked"' : '') . ' /><label for="' . $id . '">' . htmlspecialchars(str_replace("''", "'", $val)) . '</label>';
}
if ($field["null"]) {
$id = "field-$name-";
echo '<input type="radio" name="fields[' . $name . ']" id="' . $id . '" value=""' . (strlen($value) ? '' : ' checked="checked"') . ' /><label for="' . $id . '">' . lang('NULL') . '</label> ';
}
} elseif ($field["type"] == "set") { //! 64 bits
preg_match_all("~'((?:[^']*|'')+)'~", $field["length"], $matches);
foreach ($matches[1] as $i => $val) {
$id = "$name-" . ($i+1);
echo ' <input type="checkbox" name="fields[' . $name . '][]" id="' . $id . '" value="' . (1 << $i) . '"' . (($value >> $i) & 1 ? ' checked="checked"' : '') . ' /><label for="' . $id . '">' . htmlspecialchars(str_replace("''", "'", $val)) . '</label>';
}
} elseif (strpos($field["type"], "text") !== false) {
echo '<textarea name="fields[' . $name . ']" cols="50" rows="12">' . htmlspecialchars($value) . '</textarea>';
} else { //! binary
echo '<input name="fields[' . $name . ']" value="' . htmlspecialchars($value) . '"' . (strlen($field["length"]) ? " maxlength='$field[length]'" : ($types[$field["type"]] ? " maxlength='" . $types[$field["type"]] . "'" : '')) . ' />';
}
if ($field["null"] && preg_match('~char|text|set~', $field["type"])) {
echo '<input type="checkbox" name="null[' . $name . ']" value="1" id="null-' . $name . '"' . (isset($value) ? '' : ' checked="checked"') . ' /><label for="null-' . $name . '">' . lang('NULL') . '</label>';
preg_match_all("~'((?:[^']*|'')+)'~", $field["length"], $matches);
foreach ($matches[1] as $i => $val) {
$id = "field-$name-" . ($i+1);
$checked = (isset($data) ? $value == $i+1 : $val === $field["default"]);
echo ' <input type="radio" name="fields[' . $name . ']" id="' . $id . '" value="' . ($i+1) . '"' . ($checked ? ' checked="checked"' : '') . ' /><label for="' . $id . '">' . htmlspecialchars(str_replace("''", "'", $val)) . '</label>';
}
echo "</td></tr>\n";
if ($field["null"]) {
$id = "field-$name-";
echo '<input type="radio" name="fields[' . $name . ']" id="' . $id . '" value=""' . (strlen($value) ? '' : ' checked="checked"') . ' /><label for="' . $id . '">' . lang('NULL') . '</label> ';
}
} elseif ($field["type"] == "set") { //! 64 bits
preg_match_all("~'((?:[^']*|'')+)'~", $field["length"], $matches);
foreach ($matches[1] as $i => $val) {
$id = "$name-" . ($i+1);
$checked = (isset($data) ? ($value >> $i) & 1 : in_array(str_replace("''", "'", $val), explode(",", $field["default"]), true));
echo ' <input type="checkbox" name="fields[' . $name . '][' . $i . ']" id="' . $id . '" value="' . (1 << $i) . '"' . ($checked ? ' checked="checked"' : '') . ' /><label for="' . $id . '">' . htmlspecialchars(str_replace("''", "'", $val)) . '</label>';
}
} elseif (strpos($field["type"], "text") !== false) {
echo '<textarea name="fields[' . $name . ']" cols="50" rows="12">' . htmlspecialchars($value) . '</textarea>';
} elseif (preg_match('~binary|blob~', $field["type"])) {
echo (ini_get("file_uploads") ? '<input type="file" name="' . $name . '" />' : lang('File uploads are disabled.') . ' ');
} else { //! binary
echo '<input name="fields[' . $name . ']" value="' . htmlspecialchars($value) . '"' . (strlen($field["length"]) ? " maxlength='$field[length]'" : ($types[$field["type"]] ? " maxlength='" . $types[$field["type"]] . "'" : '')) . ' />';
}
if ($field["null"] && preg_match('~char|text|set|binary|blob~', $field["type"])) {
echo '<input type="checkbox" name="null[' . $name . ']" value="1" id="null-' . $name . '"' . (isset($value) ? '' : ' checked="checked"') . ' /><label for="null-' . $name . '">' . lang('NULL') . '</label>';
}
echo "</td></tr>\n";
}
?>
</table>
<p><input type="hidden" name="sent" value="1" /></th><td><input type="submit" value="<?php echo lang('Save'); ?>" /> <input type="submit" name="insert" value="<?php echo lang('Save and insert'); ?>" /><?php if ($where) { ?> <input type="submit" name="delete" value="<?php echo lang('Delete'); ?>" /><?php } ?></p>
<p>
<input type="hidden" name="token" value="<?php echo $token; ?>" />
<?php if ($save_possible) { ?>
<input type="submit" value="<?php echo lang('Save'); ?>" />
<?php if (!isset($_GET["default"])) { ?><input type="submit" name="insert" value="<?php echo lang('Save and insert'); ?>" /><?php } ?>
<?php } ?>
<?php if ($where) { ?> <input type="submit" name="delete" value="<?php echo lang('Delete'); ?>" /><?php } ?>
</p>
</form>

122
functions.inc.php
View file

@ -42,9 +42,10 @@ function fields($table) {
"unsigned" => ltrim($match[3] . $match[4]),
"default" => $row["Default"],
"null" => ($row["Null"] == "YES"),
"extra" => $row["Extra"],
"auto_increment" => ($row["Extra"] == "auto_increment"),
"collation" => $row["Collation"],
"privileges" => explode(",", $row["Privileges"]),
"privileges" => array_flip(explode(",", $row["Privileges"])),
"comment" => $row["Comment"],
);
}
mysql_free_result($result);
@ -88,14 +89,25 @@ function unique_idf($row, $indexes) {
if (!isset($row[$key])) {
continue 2;
}
$return[] = urlencode("where[$key]") . "=" . urlencode($row[$key]);
$return[] = urlencode("where[" . bracket_escape($key) . "]") . "=" . urlencode($row[$key]);
}
return $return;
}
}
$return = array();
foreach ($row as $key => $val) {
$return[] = (isset($val) ? urlencode("where[$key]") . "=" . urlencode($val) : "null%5B%5D=" . urlencode($key));
$return[] = (isset($val) ? urlencode("where[" . bracket_escape($key) . "]") . "=" . urlencode($val) : "null%5B%5D=" . urlencode($key));
}
return $return;
}
function where() {
$return = array();
foreach ((array) $_GET["where"] as $key => $val) {
$return[] = idf_escape(bracket_escape($key, "back")) . " = BINARY '" . mysql_real_escape_string($val) . "'"; //! enum and set
}
foreach ((array) $_GET["null"] as $key) {
$return[] = idf_escape(bracket_escape($key, "back")) . " IS NULL";
}
return $return;
}
@ -122,17 +134,6 @@ function engines() {
return $return;
}
function redirect($location, $message = null) {
if (isset($message)) {
$_SESSION["message"] = $message;
}
if (strlen(SID)) {
$location .= (strpos($location, "?") === false ? "?" : "&") . SID;
}
header("Location: " . (strlen($location) ? $location : "."));
exit;
}
function types() {
return array(
"tinyint" => 3, "smallint" => 5, "mediumint" => 8, "int" => 10, "bigint" => 20,
@ -146,6 +147,97 @@ function types() {
);
}
function token() {
return ($GLOBALS["TOKENS"][] = rand(1, 1e6));
}
function token_delete() {
if ($_POST["token"] && ($pos = array_search($_POST["token"], (array) $GLOBALS["TOKENS"])) !== false) {
unset($GLOBALS["TOKENS"][$pos]);
return true;
}
return false;
}
function redirect($location, $message = null) {
if (isset($message)) {
$_SESSION["message"] = $message;
}
token_delete();
if (strlen(SID)) {
$location .= (strpos($location, "?") === false ? "?" : "&") . SID;
}
header("Location: " . (strlen($location) ? $location : "."));
exit;
}
function get_file($key) {
if (isset($_POST["files"][$key])) {
$length = strlen($_POST["files"][$key]);
return ($length & $length < 4 ? intval($_POST["files"][$key]) : base64_decode($_POST["files"][$key]));
}
return (!$_FILES[$key] || $_FILES[$key]["error"] ? $_FILES[$key]["error"] : file_get_contents($_FILES[$key]["tmp_name"]));
}
function select($result) {
if (!mysql_num_rows($result)) {
echo "<p class='message'>" . lang('No rows.') . "</p>\n";
} else {
echo "<table border='1' cellspacing='0' cellpadding='2'>\n";
for ($i=0; $row = mysql_fetch_row($result); $i++) {
if (!$i) {
echo "<thead><tr>";
$links = array();
$indexes = array();
$columns = array();
$blobs = array();
for ($j=0; $j < count($row); $j++) {
$field = mysql_fetch_field($result, $j);
if (strlen($field->table) && $field->primary_key) {
$links[$j] = $field->table;
if (!isset($indexes[$field->table])) {
$indexes[$field->table] = array();
foreach (indexes($field->table) as $index) {
if ($index["type"] == "PRIMARY") {
$indexes[$field->table] = array_flip($index["columns"]);
break;
}
}
$columns[$field->table] = $indexes[$field->table];
}
unset($columns[$field->table][$field->name]);
$indexes[$field->table][$field->name] = $j;
$links[$j] = $field->table;
}
if ($field->blob) {
$blobs[$j] = true;
}
echo "<th>" . htmlspecialchars($field->name) . "</th>";
}
echo "</tr></thead>\n";
}
echo "<tr>";
foreach ($row as $key => $val) {
if (!isset($val)) {
$val = "<i>NULL</i>";
} else {
$val = ($blobs[$key] && preg_match('~[\\x80-\\xFF]~', $val) ? "<i>" . lang('%d byte(s)', strlen($val)) . "</i>" : (trim($val) ? nl2br(htmlspecialchars($val)) : "&nbsp;"));
if (isset($links[$key]) && !$columns[$links[$key]]) {
$link = "edit=" . urlencode($links[$key]);
foreach ($indexes[$links[$key]] as $col => $j) {
$link .= "&amp;where" . urlencode("[" . bracket_escape($col) . "]") . "=" . urlencode($row[$j]);
}
$val = '<a href="' . htmlspecialchars($SELF) . $link . '">' . $val . '</a>';
}
}
echo "<td>$val</td>";
}
echo "</tr>\n";
}
echo "</table>\n";
}
}
if (get_magic_quotes_gpc()) {
$process = array(&$_GET, &$_POST);
while (list($key, $val) = each($process)) {

17
index.php
View file

@ -4,6 +4,7 @@
session_start();
error_reporting(E_ALL & ~E_NOTICE);
$SELF = preg_replace('~^[^?]*/([^?]*).*~', '\\1?', $_SERVER["REQUEST_URI"]) . (strlen($_GET["server"]) ? 'server=' . urlencode($_GET["server"]) . '&' : '') . (strlen($_GET["db"]) ? 'db=' . urlencode($_GET["db"]) . '&' : '');
$TOKENS = &$_SESSION["tokens"][$_GET["server"]][preg_replace('~([?&]sql=)upload~', '\\1', $_SERVER["REQUEST_URI"])];
include "./lang.inc.php";
include "./functions.inc.php";
include "./design.inc.php";
@ -12,6 +13,8 @@ include "./connect.inc.php";
if (isset($_GET["dump"])) {
include "./dump.inc.php";
} elseif (isset($_GET["download"])) {
include "./download.inc.php";
} else {
if (isset($_GET["table"])) {
include "./table.inc.php";
@ -20,16 +23,10 @@ if (isset($_GET["dump"])) {
} elseif (isset($_GET["view"])) {
include "./view.inc.php";
} else {
$params = preg_replace('~.*\\?~', '', $_SERVER["REQUEST_URI"]);
if ($_POST) {
$error = (in_array($_POST["token"], (array) $_SESSION["tokens"][$params]) ? "" : lang('Invalid CSRF token.'));
}
if ($_POST && !$error) {
$token = $_POST["token"];
} else {
$token = rand(1, 1e6);
$_SESSION["tokens"][$params][] = $token;
$error = (in_array($_POST["token"], (array) $TOKENS) ? "" : lang('Invalid CSRF token. Send the form again.'));
}
$token = ($_POST && !$error ? $_POST["token"] : token());
if (isset($_GET["sql"])) {
include "./sql.inc.php";
} elseif (isset($_GET["edit"])) {
@ -41,7 +38,7 @@ if (isset($_GET["dump"])) {
} elseif (isset($_GET["database"])) {
include "./database.inc.php";
} else {
unset($_SESSION["tokens"][$params]);
$TOKENS = array();
page_header(htmlspecialchars(lang('Database') . ": " . $_GET["db"]));
echo '<p><a href="' . htmlspecialchars($SELF) . 'database=">' . lang('Alter database') . "</a></p>\n";
if (mysql_get_server_info() >= 5) {
@ -52,7 +49,7 @@ if (isset($_GET["dump"])) {
while ($row = mysql_fetch_assoc($result)) {
echo "<tr valign='top'>";
echo "<th>" . htmlspecialchars($row["ROUTINE_TYPE"]) . "</th>";
echo "<th>" . htmlspecialchars($row["ROUTINE_NAME"]) . "</th>"; //! parameters from SHOW CREATE {PROCEDURE|FUNCTION}
echo "<td>" . htmlspecialchars($row["ROUTINE_NAME"]) . "</td>"; //! parameters from SHOW CREATE {PROCEDURE|FUNCTION}
echo "<td><pre>" . htmlspecialchars($row["ROUTINE_DEFINITION"]) . "</pre></td>";
echo "</tr>\n";
}

4
indexes.inc.php
View file

@ -2,7 +2,7 @@
$index_types = array("PRIMARY", "UNIQUE", "INDEX", "FULLTEXT");
$indexes = indexes($_GET["indexes"]);
$fields = array_keys(fields($_GET["indexes"]));
if ($_POST && !$_POST["add"]) {
if ($_POST && !$error && !$_POST["add"]) {
$alter = array();
foreach ($_POST["indexes"] as $index) {
if (in_array($index["type"], $index_types)) {
@ -66,6 +66,6 @@ foreach ($row["indexes"] as $index) {
?>
<tr><td><select name="indexes[<?php echo $j; ?>][type]"><option></option><?php echo optionlist($index_types, array(), "not_vals"); ?></select></td><td><select name="indexes[<?php echo $j; ?>][columns][1]"><option></option><?php echo optionlist($fields, array(), "not_vals"); ?></select></td></tr>
</table>
<p><input type="submit" value="<?php echo lang('Alter indexes'); ?>" /></p>
<p><input type="hidden" name="token" value="<?php echo $token; ?>" /><input type="submit" value="<?php echo lang('Alter indexes'); ?>" /></p>
<p><input type="submit" name="add" value="<?php echo lang('Add next'); ?>" /></p>
</form>

55
lang.inc.php
View file

@ -1,7 +1,25 @@
<?php
function get_lang() {
if (strlen($_SESSION["lang"])) {
return $_SESSION["lang"];
}
$langs = lang();
$return = preg_replace('~[,;].*~', '', $_SERVER["HTTP_ACCEPT_LANGUAGE"]);
if (!in_array($return, $langs)) { //! try next languages
$return = preg_replace('~-.*~', '', $return);
if (!in_array($return, $langs)) {
$return = "en";
}
}
return $return;
}
function lang($idf = null) {
static $translations = array(
'en' => array(),
'en' => array(
'Query executed OK, %d row(s) affected.' => array('Query executed OK, %d row affected.', 'Query executed OK, %d rows affected.'),
'%d byte(s)' => array('%d byte', '%d bytes'),
),
'cs' => array(
'Login' => 'Přihlásit se',
'phpMinAdmin' => 'phpMinAdmin',
@ -26,7 +44,7 @@ function lang($idf = null) {
'Type' => 'Typ',
'Length' => 'Délka',
'NULL' => 'NULL',
'Auto-increment' => 'Auto-increment',
'Auto Increment' => 'Auto Increment',
'Options' => 'Volby',
'Add row' => 'Přidat řádek',
'Save' => 'Uložit',
@ -72,7 +90,7 @@ function lang($idf = null) {
'Action' => 'Akce',
'edit' => 'upravit',
'Page' => 'Stránka',
'Query executed OK, %d row(s) affected.' => 'Příkaz proběhl v pořádku, bylo změněno %d záznam(ů).',
'Query executed OK, %d row(s) affected.' => array('Příkaz proběhl v pořádku, byl změněn %d záznam.', 'Příkaz proběhl v pořádku, byly změněny %d záznamy.', 'Příkaz proběhl v pořádku, bylo změněno %d záznamů.'),
'Error in query' => 'Chyba v dotazu',
'Execute' => 'Provést',
'Table' => 'Tabulka',
@ -81,23 +99,34 @@ function lang($idf = null) {
'View' => 'Pohled',
'Unable to select the table' => 'Nepodařilo se vypsat tabulku',
'Unable to show the table definition' => 'Nepodařilo se získat strukturu tabulky',
'Invalid CSRF token. Send the form again.' => 'Neplatný token CSRF. Odešlete formulář znovu.',
'Comment' => 'Komentář',
'Default values has been set.' => 'Výchozí hodnoty byly nastaveny.',
'Default values' => 'Výchozí hodnoty',
'BOOL' => 'BOOL',
'Show column comments' => 'Zobrazit komentáře sloupců',
'%d byte(s)' => array('%d bajt', '%d bajty', '%d bajtů'),
'No commands to execute.' => 'Žádné příkazy k vykonání.',
'Unable to upload a file.' => 'Nepodařilo se nahrát soubor.',
'File upload' => 'Nahrání souboru',
'File uploads are disabled.' => 'Nahrávání souborů není povoleno.',
),
);
if (!isset($idf)) {
return array_keys($translations);
}
if (strlen($_SESSION["lang"])) {
$lang = $_SESSION["lang"];
} else {
$lang = preg_replace('~[,;].*~', '', $_SERVER["HTTP_ACCEPT_LANGUAGE"]);
if (!isset($translations[$lang])) { //! try next languages
$lang = preg_replace('~-.*~', '', $lang);
if (!isset($translations[$lang])) {
$lang = "en";
}
$lang = get_lang();
$translation = $translations[$lang][$idf];
$args = func_get_args();
if (is_array($translation)) {
switch ($lang) {
case 'cs': $pos = ($args[1] == 1 ? 0 : (!$args[1] || $args[1] >= 5 ? 2 : 1)); break;
default: $pos = ($args[1] == 1 ? 0 : 1);
}
$translation = $translation[$pos];
}
return (strlen($translations[$lang][$idf]) ? $translations[$lang][$idf] : $idf);
$args[0] = (strlen($translation) ? $translation : $idf);
return call_user_func_array('sprintf', $args);
}
function switch_lang() {

59
select.inc.php
View file

@ -1,18 +1,23 @@
<?php
page_header(lang('Select') . ": " . htmlspecialchars($_GET["select"]));
echo '<p><a href="' . htmlspecialchars($SELF) . 'edit=' . urlencode($_GET['select']) . '">' . lang('New item') . "</a></p>\n";
$fields = fields($_GET["select"]);
$rights = array();
$columns = array();
foreach ($fields as $key => $field) {
if (in_array("select", $field["privileges"])) {
if (isset($field["privileges"]["select"])) {
$columns[] = $key;
}
$rights += $field["privileges"];
}
if (isset($rights["insert"])) {
echo '<p><a href="' . htmlspecialchars($SELF) . 'edit=' . urlencode($_GET['select']) . '">' . lang('New item') . "</a></p>\n";
}
if (!$columns) {
echo "<p class='error'>" . lang('Unable to select the table') . ($fields ? "" : ": " . mysql_error()) . ".</p>\n";
} else {
$indexes = indexes($_GET["select"]);
echo "<form action='' id='form'>\n<fieldset><legend>" . lang('Search') . "</legend>\n";
if (strlen($_GET["server"])) {
echo '<input type="hidden" name="server" value="' . htmlspecialchars($_GET["server"]) . '" />';
@ -22,6 +27,17 @@ if (!$columns) {
echo "\n";
$where = array();
foreach ($indexes as $i => $index) {
if ($index["type"] == "FULLTEXT") {
if (strlen($_GET["fulltext"][$i])) {
$where[] = "MATCH (" . implode(", ", array_map('idf_escape', $index["columns"])) . ") AGAINST ('" . mysql_real_escape_string($_GET["fulltext"][$i]) . "'" . (isset($_GET["boolean"][$i]) ? " IN BOOLEAN MODE" : "") . ")";
}
echo "(<i>" . implode("</i>, <i>", $index["columns"]) . "</i>) AGAINST";
echo ' <input name="fulltext[' . $i . ']" value="' . htmlspecialchars($_GET["fulltext"][$i]) . '" />';
echo "<input type='checkbox' name='boolean[$i]' value='1' id='boolean-$i'" . (isset($_GET["boolean"][$i]) ? " checked='checked'" : "") . " /><label for='boolean-$i'>" . lang('BOOL') . "</label>";
echo "<br />\n";
}
}
$operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "REGEXP", "IS NULL");
$i = 0;
foreach ((array) $_GET["where"] as $val) {
@ -48,7 +64,6 @@ for (var i=0; <?php echo $i; ?> > i; i++) {
echo "<div><select name='where[$i][col]'><option></option>" . optionlist($columns, array(), "not_vals") . "</select>";
echo "<select name='where[$i][op]' onchange=\"where_change(this);\">" . optionlist($operators, array(), "not_vals") . "</select>";
echo "<input name='where[$i][val]' /></div>\n"; //! JavaScript for adding next
//! fulltext search
echo "</fieldset>\n";
echo "<fieldset><legend>" . lang('Sort') . "</legend>\n";
@ -56,15 +71,14 @@ for (var i=0; <?php echo $i; ?> > i; i++) {
$i = 0;
foreach ((array) $_GET["order"] as $key => $val) {
if (in_array($val, $columns, true)) {
$desc = in_array($key, (array) $_GET["desc"]);
$order[] = idf_escape($val) . ($desc ? " DESC" : "");
$order[] = idf_escape($val) . (isset($_GET["desc"][$key]) ? " DESC" : "");
echo "<div><select name='order[$i]'><option></option>" . optionlist($columns, $val, "not_vals") . "</select>";
echo "<input type='checkbox' name='desc[]' value='$i' id='desc-$i'" . ($desc ? " checked='checked'" : "") . " /><label for='desc-$i'>" . lang('DESC') . "</label></div>\n";
echo "<input type='checkbox' name='desc[$i]' value='1' id='desc-$i'" . (isset($_GET["desc"][$key]) ? " checked='checked'" : "") . " /><label for='desc-$i'>" . lang('DESC') . "</label></div>\n";
$i++;
}
}
echo "<div><select name='order[$i]'><option></option>" . optionlist($columns, array(), "not_vals") . "</select>";
echo "<input type='checkbox' name='desc[]' value='$i' id='desc-$i' /><label for='desc-$i'>" . lang('DESC') . "</label></div>\n";
echo "<input type='checkbox' name='desc[$i]' value='1' id='desc-$i' /><label for='desc-$i'>" . lang('DESC') . "</label></div>\n";
echo "</fieldset>\n";
echo "<fieldset><legend>" . lang('Limit') . "</legend>\n";
@ -81,22 +95,24 @@ for (var i=0; <?php echo $i; ?> > i; i++) {
echo "<p class='message'>" . lang('No rows.') . "</p>\n";
} else {
$found_rows = mysql_result(mysql_query(" SELECT FOUND_ROWS()"), 0); // space for mysql.trace_mode
$indexes = indexes($_GET["select"]);
$foreign_keys = array();
foreach (foreign_keys($_GET["select"]) as $foreign_key) {
foreach ($foreign_key[2] as $val) {
$foreign_keys[$val][] = $foreign_key;
}
}
$childs = array(); //! use foreign_keys() in MySQL < 5
$result1 = mysql_query("SELECT * FROM information_schema.KEY_COLUMN_USAGE WHERE REFERENCED_TABLE_SCHEMA = '" . mysql_real_escape_string($_GET["db"]) . "' AND REFERENCED_TABLE_NAME = '" . mysql_real_escape_string($_GET["select"]) . "' ORDER BY ORDINAL_POSITION");
while ($row1 = mysql_fetch_assoc($result1)) {
$childs[$row1["CONSTRAINT_NAME"]][0] = $row1["TABLE_SCHEMA"];
$childs[$row1["CONSTRAINT_NAME"]][1] = $row1["TABLE_NAME"];
$childs[$row1["CONSTRAINT_NAME"]][2][] = $row1["REFERENCED_COLUMN_NAME"];
$childs[$row1["CONSTRAINT_NAME"]][3][] = $row1["COLUMN_NAME"];
$childs = array();
if (mysql_get_server_info() >= 5) {
// would be possible in earlier versions too, but only by examining all tables (in all databases)
$result1 = mysql_query("SELECT * FROM information_schema.KEY_COLUMN_USAGE WHERE REFERENCED_TABLE_SCHEMA = '" . mysql_real_escape_string($_GET["db"]) . "' AND REFERENCED_TABLE_NAME = '" . mysql_real_escape_string($_GET["select"]) . "' ORDER BY ORDINAL_POSITION");
while ($row1 = mysql_fetch_assoc($result1)) {
$childs[$row1["CONSTRAINT_NAME"]][0] = $row1["TABLE_SCHEMA"];
$childs[$row1["CONSTRAINT_NAME"]][1] = $row1["TABLE_NAME"];
$childs[$row1["CONSTRAINT_NAME"]][2][] = $row1["REFERENCED_COLUMN_NAME"];
$childs[$row1["CONSTRAINT_NAME"]][3][] = $row1["COLUMN_NAME"];
}
mysql_free_result($result1);
}
mysql_free_result($result1);
echo "<table border='1' cellspacing='0' cellpadding='2'>\n";
for ($j=0; $row = mysql_fetch_assoc($result); $j++) {
@ -104,16 +120,19 @@ for (var i=0; <?php echo $i; ?> > i; i++) {
echo "<thead><tr><th>" . implode("</th><th>", array_map('htmlspecialchars', array_keys($row))) . "</th><th>" . lang('Action') . "</th></tr></thead>\n";
}
echo "<tr>";
$unique_idf = '&amp;' . implode('&amp;', unique_idf($row, $indexes));
foreach ($row as $key => $val) {
if (!isset($val)) {
$val = "<i>NULL</i>";
} elseif (preg_match('~blob|binary~', $fields[$key]["type"]) && preg_match('~[\\x80-\\xFF]~', $val)) {
$val = '<a href="' . htmlspecialchars($SELF) . 'download=' . urlencode($_GET["select"]) . '&amp;field=' . urlencode($key) . $unique_idf . '">' . lang('%d byte(s)', strlen($val)) . '</a>';
} else {
$val = (strlen(trim($val)) ? nl2br(htmlspecialchars($val)) : "&nbsp;");
foreach ((array) $foreign_keys[$key] as $foreign_key) {
if (count($foreign_keys[$key]) == 1 || count($foreign_key[2]) == 1) {
$val = '">' . "$val</a>";
foreach ($foreign_key[2] as $i => $source) {
$val = "&amp;where[$i][col]=" . urlencode($foreign_key[3][$i]) . "&amp;where[$i][op]=%3D&amp;where[$i][val]=" . urlencode($row[$source]) . $val;
$val = "&amp;where%5B$i%5D%5Bcol%5D=" . urlencode($foreign_key[3][$i]) . "&amp;where%5B$i%5D%5Bop%5D=%3D&amp;where%5B$i%5D%5Bval%5D=" . urlencode($row[$source]) . $val;
}
$val = '<a href="' . htmlspecialchars(strlen($foreign_key[0]) ? preg_replace('~([?&]db=)[^&]+~', '\\1' . urlencode($foreign_key[0]), $SELF) : $SELF) . 'select=' . htmlspecialchars($foreign_key[1]) . $val; // InnoDB support non-UNIQUE keys
break;
@ -122,7 +141,7 @@ for (var i=0; <?php echo $i; ?> > i; i++) {
}
echo "<td>$val</td>";
}
echo '<td><a href="' . htmlspecialchars($SELF) . 'edit=' . urlencode($_GET['select']) . '&amp;' . implode('&amp;', unique_idf($row, $indexes)) . '">' . lang('edit') . '</a>'; //! views can be unupdatable
echo '<td><a href="' . htmlspecialchars($SELF) . 'edit=' . urlencode($_GET['select']) . $unique_idf . '">' . lang('edit') . '</a>';
foreach ($childs as $child) {
echo ' <a href="' . htmlspecialchars(strlen($child[0]) ? preg_replace('~([?&]db=)[^&]+~', '\\1' . urlencode($child[0]), $SELF) : $SELF) . 'select=' . urlencode($child[1]);
foreach ($child[2] as $i => $source) {
@ -130,7 +149,7 @@ for (var i=0; <?php echo $i; ?> > i; i++) {
}
echo '">' . htmlspecialchars($child[1]) . '</a>';
}
echo "</td>";
echo '</td>';
echo "</tr>\n";
}
echo "</table>\n";

77
sql.inc.php
View file

@ -1,38 +1,61 @@
<?php
if ($_POST) {
$result = mysql_query($_POST["query"]); //! multiple commands
if ($result === true) {
redirect($SELF . "sql=", sprintf(lang('Query executed OK, %d row(s) affected.'), mysql_affected_rows()));
}
$error = mysql_error();
}
page_header(lang('SQL command'));
if ($_POST) {
if (!$result) {
echo "<p class='error'>" . lang('Error in query') . ": " . htmlspecialchars($error) . "</p>\n";
} else {
if (!mysql_num_rows($result)) {
echo "<p class='message'>" . lang('No rows.') . "</p>\n";
} else {
echo "<table border='1' cellspacing='0' cellpadding='2'>\n";
for ($i=0; $row = mysql_fetch_assoc($result); $i++) {
if (!$i) {
echo "<thead><tr><th>" . implode("</th><th>", array_map('htmlspecialchars', array_keys($row))) . "</th></tr></thead>\n";
if ($_POST && $error) {
echo "<p class='error'>$error</p>\n";
} elseif ($_POST && is_string($query = (isset($_POST["query"]) ? $_POST["query"] : get_file("sql_file")))) {
$delimiter = ";";
$offset = 0;
$empty = true;
while (rtrim($query)) {
if (!$offset && preg_match('~^\\s*DELIMITER\\s+(.+)~i', $query, $match)) {
$delimiter = preg_quote($match[1], '~');
$query = substr($query, strlen($match[0]));
} elseif (preg_match("~$delimiter|['`\"]|\$~", $query, $match, PREG_OFFSET_CAPTURE, $offset)) {
if ($match[0][0] && $match[0][0] != $delimiter) {
preg_match('~\\G([^\\\\' . $match[0][0] . ']*|\\\\.)+(' . $match[0][0] . '|$)~s', $query, $match, PREG_OFFSET_CAPTURE, $match[0][1] + 1);
$offset = $match[0][1] + strlen($match[0][0]);
} else {
$empty = false;
echo "<pre>" . htmlspecialchars(substr($query, 0, $match[0][1])) . "</pre>\n";
$result = mysql_query(substr($query, 0, $match[0][1]));
$query = substr($query, $match[0][1] + strlen($match[0][0]));
$offset = 0;
if (!$result) {
echo "<p class='error'>" . lang('Error in query') . ": " . htmlspecialchars(mysql_error()) . "</p>\n";
} elseif ($result === true) {
//~ if (token_delete()) {
//~ $token = token();
//~ }
echo "<p class='message'>" . lang('Query executed OK, %d row(s) affected.', mysql_affected_rows()) . "</p>\n";
} else {
select($result);
mysql_free_result($result);
}
echo "<tr>";
foreach ($row as $val) {
echo "<td>" . (isset($val) ? nl2br(htmlspecialchars($val)) : "<i>NULL</i>") . "</td>";
}
echo "</tr>\n";
}
echo "</table>\n";
}
mysql_free_result($result);
}
if ($empty) {
echo "<p class='message'>" . lang('No commands to execute.') . "</p>\n";
}
} elseif ($_GET["sql"] == "upload") {
echo "<p class='error'>" . lang('Unable to upload a file.') . "</p>\n";
}
?>
<form action="" method="post">
<form action="<?php echo htmlspecialchars($SELF); ?>sql=" method="post">
<p><textarea name="query" rows="20" cols="80"><?php echo htmlspecialchars($_POST["query"]); ?></textarea></p>
<p><input type="submit" value="<?php echo lang('Execute'); ?>" /></p>
<p><input type="hidden" name="token" value="<?php echo $token; ?>" /><input type="submit" value="<?php echo lang('Execute'); ?>" /></p>
</form>
<?php
if (!ini_get("file_uploads")) {
echo "<p>" . lang('File uploads are disabled.') . "</p>\n";
} else { ?>
<form action="<?php echo htmlspecialchars($SELF); ?>sql=upload" method="post" enctype="multipart/form-data">
<p>
<?php echo lang('File upload'); ?>: <input type="file" name="sql_file" />
<input type="hidden" name="token" value="<?php echo $token; ?>" />
<input type="submit" value="<?php echo lang('Execute'); ?>" />
</p>
</form>
<?php } ?>

12
table.inc.php
View file

@ -5,13 +5,21 @@ $result = mysql_query("SHOW COLUMNS FROM " . idf_escape($_GET["table"]));
if (!$result) {
echo "<p class='error'>" . lang('Unable to show the table definition') . ": " . mysql_error() . ".</p>\n";
} else {
$auto_increment_only = true;
echo "<table border='1' cellspacing='0' cellpadding='2'>\n";
while ($row = mysql_fetch_assoc($result)) {
if (!$row["auto_increment"]) {
$auto_increment_only = false;
}
echo "<tr><th>" . htmlspecialchars($row["Field"]) . "</th><td>$row[Type]" . ($row["Null"] == "YES" ? " <i>NULL</i>" : "") . "</td></tr>\n";
}
echo "</table>\n";
mysql_free_result($result);
echo '<p><a href="' . htmlspecialchars($SELF) . 'create=' . urlencode($_GET["table"]) . '">' . lang('Alter table') . "</a></p>\n";
echo "<p>";
echo '<a href="' . htmlspecialchars($SELF) . 'create=' . urlencode($_GET["table"]) . '">' . lang('Alter table') . '</a>';
echo ($auto_increment_only ? '' : ' <a href="' . htmlspecialchars($SELF) . 'edit=' . urlencode($_GET["table"]) . '&amp;default=">' . lang('Default values') . '</a>');
echo "</p>\n";
echo "<h3>" . lang('Indexes') . "</h3>\n";
$indexes = indexes($_GET["table"]);
@ -30,7 +38,7 @@ if (!$result) {
echo "<h3>" . lang('Foreign keys') . "</h3>\n";
echo "<table border='1' cellspacing='0' cellpadding='2'>\n";
foreach ($foreign_keys as $foreign_key) {
echo "<tr><td><em>" . implode("</em>, <em>", $foreign_key[2]) . "</em></td><td>" . (strlen($foreign_key[0]) && $foreign_key[0] !== $_GET["db"] ? "<strong>" . htmlspecialchars($foreign_key[0]) . "</strong>." : "") . htmlspecialchars($foreign_key[1]) . "(<em>" . implode("</em>, <em>", $foreign_key[3]) . "</em>)</td></tr>\n";
echo "<tr><td><i>" . implode("</i>, <i>", $foreign_key[2]) . "</i></td><td>" . (strlen($foreign_key[0]) && $foreign_key[0] !== $_GET["db"] ? "<strong>" . htmlspecialchars($foreign_key[0]) . "</strong>." : "") . htmlspecialchars($foreign_key[1]) . "(<em>" . implode("</em>, <em>", $foreign_key[3]) . "</em>)</td></tr>\n";
}
echo "</table>\n";
}

2
view.inc.php
View file

@ -1,3 +1,3 @@
<?php
page_header(lang('View') . ": " . htmlspecialchars($_GET["view"]));
echo htmlspecialchars(mysql_result(mysql_query("SHOW CREATE VIEW " . idf_escape($_GET["view"])), 0, 1));
echo "<pre>" . htmlspecialchars(mysql_result(mysql_query("SHOW CREATE VIEW " . idf_escape($_GET["view"])), 0, 1)) . "</pre>\n";