search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Initial import.
[openemr.git] / interface / main / myadmin / read_dump.php
bloba8e9771b840f230a7334082db12b8ee28075546b
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
4
5 /**
6 * Gets some core libraries
7 */
8 require_once('./libraries/read_dump.lib.php');
9 require_once('./libraries/grab_globals.lib.php');
10 require_once('./libraries/common.lib.php');
11
12 if (!isset($db)) {
13 $db = '';
14 }
15
16 /**
17 * Increases the max. allowed time to run a script
18 */
19 @set_time_limit($cfg['ExecTimeLimit']);
20
21
22 /**
23 * Defines the url to return to in case of error in a sql statement
24 */
25 if (!isset($goto) || !preg_match('@^(db_details|tbl_properties)(_[a-z]*)?\.php$@i', $goto)) {
26 $goto = 'db_details.php';
27 }
28 $err_url = $goto
29 . '?' . PMA_generate_common_url($db)
30 . (preg_match('@^tbl_properties(_[a-z]*)?\.php$@', $goto) ? '&amp;table=' . urlencode($table) : '');
31
32
33 /**
34 * Set up default values for some variables
35 */
36 $view_bookmark = 0;
37 $sql_bookmark = isset($sql_bookmark) ? $sql_bookmark : '';
38 $sql_query = isset($sql_query) ? $sql_query : '';
39 if (!empty($sql_localfile) && !empty($cfg['UploadDir'])) {
40 if (substr($cfg['UploadDir'], -1) != '/') {
41 $cfg['UploadDir'] .= '/';
42 }
43 $sql_file = $cfg['UploadDir'] . $sql_localfile;
44 } else if (empty($sql_file)) {
45 $sql_file = 'none';
46 }
47
48 /**
49 * Bookmark Support: get a query back from bookmark if required
50 */
51 if (!empty($id_bookmark)) {
52 require_once('./libraries/bookmark.lib.php');
53 switch ($action_bookmark) {
54 case 0: // bookmarked query that have to be run
55 $sql_query = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark);
56 if (isset($bookmark_variable) && !empty($bookmark_variable)) {
57 $sql_query = preg_replace('|/\*(.*)\[VARIABLE\](.*)\*/|imsU', '${1}' . PMA_sqlAddslashes($bookmark_variable) . '${2}', $sql_query);
58 }
59 break;
60 case 1: // bookmarked query that have to be displayed
61 $sql_query = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark);
62 $view_bookmark = 1;
63 break;
64 case 2: // bookmarked query that have to be deleted
65 $sql_query = PMA_deleteBookmarks($db, $cfg['Bookmark'], $id_bookmark);
66 break;
67 }
68 } // end if
69
70
71 /**
72 * Prepares the sql query
73 */
74 // Gets the query from a file if required
75 if ($sql_file != 'none') {
76 // loic1 : fixed a security issue
77 // if ((file_exists($sql_file) && is_uploaded_file($sql_file))
78 // || file_exists($cfg['UploadDir'] . $sql_localfile)) {
79 if (file_exists($sql_file)
80 && ((isset($sql_localfile) && $sql_file == $cfg['UploadDir'] . $sql_localfile) || is_uploaded_file($sql_file))) {
81 $open_basedir = @ini_get('open_basedir');
82
83 if (!isset($sql_file_compression)) $sql_file_compression = '';
84
85 // If we are on a server with open_basedir, we must move the file
86 // before opening it. The doc explains how to create the "./tmp"
87 // directory
88
89 if (!empty($open_basedir)) {
90
91 $tmp_subdir = (PMA_IS_WINDOWS ? '.\\tmp\\' : './tmp/');
92
93 // function is_writeable() is valid on PHP3 and 4
94 if (!is_writeable($tmp_subdir)) {
95 $sql_query = PMA_readFile($sql_file, $sql_file_compression);
96 if ($sql_query == FALSE) {
97 $message = $strFileCouldNotBeRead;
98 }
99 }
100 else {
101 $sql_file_new = $tmp_subdir . basename($sql_file);
102 move_uploaded_file($sql_file, $sql_file_new);
103 $sql_query = PMA_readFile($sql_file_new, $sql_file_compression);
104 if ($sql_query == FALSE) {
105 $message = $strFileCouldNotBeRead;
106 }
107 unlink($sql_file_new);
108 }
109 }
110 else {
111 // read from the normal upload dir
112 $sql_query = PMA_readFile($sql_file, $sql_file_compression);
113 if ($sql_query == FALSE) {
114 $message = $strFileCouldNotBeRead;
115 }
116 }
117
118 // Convert the file's charset if necessary
119 if ($cfg['AllowAnywhereRecoding'] && $allow_recoding
120 && isset($charset_of_file) && $charset_of_file != $charset) {
121 $sql_query = PMA_convert_string($charset_of_file, $charset, $sql_query);
122 }
123 } // end uploaded file stuff
124 }
125
126 // Kanji convert SQL textfile 2002/1/4 by Y.Kawada
127 if (@function_exists('PMA_kanji_str_conv')) {
128 $sql_tmp = trim($sql_query);
129 PMA_change_enc_order();
130 $sql_query = PMA_kanji_str_conv($sql_tmp, $knjenc, isset($xkana) ? $xkana : '');
131 PMA_change_enc_order();
132 } else {
133 $sql_query = trim($sql_query);
134 }
135
136 // $sql_query come from the query textarea, if it's a reposted query gets its
137 // 'true' value
138 if (!empty($prev_sql_query)) {
139 $prev_sql_query = urldecode($prev_sql_query);
140 if ($sql_query == trim(htmlspecialchars($prev_sql_query))) {
141 $sql_query = $prev_sql_query;
142 }
143 }
144
145 // Drop database is not allowed -> ensure the query can be run
146 if (!$cfg['AllowUserDropDatabase']
147 && preg_match('@DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE @i', $sql_query)) {
148 // Checks if the user is a Superuser
149 // TODO: set a global variable with this information
150 // loic1: optimized query
151 $result = @PMA_mysql_query('USE mysql');
152 if (PMA_mysql_error()) {
153 require_once('./header.inc.php');
154 PMA_mysqlDie($strNoDropDatabases, '', '', $err_url);
155 }
156 }
157 define('PMA_CHK_DROP', 1);
158
159 /**
160 * Store a query as a bookmark before executing it?
161 */
162 if (isset($SQLbookmark) && $sql_query != '') {
163 require_once('./libraries/bookmark.lib.php');
164 $bfields = array(
165 'dbase' => $db,
166 'user' => $cfg['Bookmark']['user'],
167 'query' => urlencode($sql_query),
168 'label' => $bkm_label
169 );
170
171 PMA_addBookmarks($bfields, $cfg['Bookmark'], (isset($bkm_all_users) && $bkm_all_users == 'true' ? true : false));
172 }
173
174 /**
175 * Executes the query
176 */
177 if ($sql_query != '') {
178 $pieces = array();
179 PMA_splitSqlFile($pieces, $sql_query, PMA_MYSQL_INT_VERSION);
180 $pieces_count = count($pieces);
181 if ($pieces_count > 1) {
182 $is_multiple = TRUE;
183 }
184
185 // Copy of the cleaned sql statement for display purpose only (see near the
186 // beginning of "db_details.php" & "tbl_properties.php")
187
188 // You can either
189 // * specify the amount of maximum pieces per query (having max_*_length set to 0!) or
190 // * specify the amount of maximum chars per query (having max_*_pieces set to 0!)
191 // - max_nofile_* is used for any queries submitted via copy&paste in the textarea
192 // - max_file_* is used for any file-submitted query
193 if (!$cfg['VerboseMultiSubmit']) {
194 // Here be the values if the Verbose-Mode (see config.inc.php) is NOT activated
195 $max_nofile_length = 500;
196 $max_nofile_pieces = 0;
197 // Nijel: Here must be some limit, as extended inserts can be really
198 // huge and parsing them eats megabytes of memory
199 $max_file_length = 10000;
200 $max_file_pieces = 10;
201 } else {
202 // Values for verbose-mode
203 $max_nofile_length = 0;
204 $max_nofile_pieces = 50;
205 // Nijel: Here must be some limit, as extended inserts can be really
206 // huge and parsing them eats megabytes of memory
207 $max_file_length = 50000;
208 $max_file_pieces = 50;
209 }
210
211 if ($sql_file != 'none' &&
212 (($max_file_pieces != 0 && ($pieces_count > $max_file_pieces))
213 ||
214 ($max_file_length != 0 && (strlen($sql_query) > $max_file_length)))) {
215 // Be nice with bandwidth...
216 $sql_query_cpy = $sql_query = '';
217 $save_bandwidth = TRUE;
218 $save_bandwidth_length = $max_file_length;
219 $save_bandwidth_pieces = $max_file_pieces;
220 } else {
221
222 $sql_query_cpy = implode(";\n", $pieces) . ';';
223 // Be nice with bandwidth... for now, an arbitrary limit of 500,
224 // could be made configurable but probably not necessary
225 if (($max_nofile_length != 0 && (strlen($sql_query_cpy) > $max_nofile_length))
226 || ($max_nofile_pieces != 0 && $pieces_count > $max_nofile_pieces)) {
227 $sql_query_cpy = $sql_query = '';
228 $save_bandwidth = TRUE;
229 $save_bandwidth_length = $max_nofile_length;
230 $save_bandwidth_pieces = $max_nofile_pieces;
231 }
232 }
233
234 // really run the query?
235 if ($view_bookmark == 0) {
236 // Only one query to run
237 if ($pieces_count == 1 && !empty($pieces[0])) {
238 $sql_query = $pieces[0];
239 if (preg_match('@^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)@i', $sql_query)) {
240 $reload = 1;
241 }
242 require('./sql.php');
243 }
244
245 // Runs multiple queries
246 else if (PMA_mysql_select_db($db)) {
247 $mult = TRUE;
248 $info_msg = '';
249 $info_count = 0;
250
251 for ($i = 0; $i < $pieces_count; $i++) {
252 $a_sql_query = $pieces[$i];
253 if ($i == $pieces_count - 1 && preg_match('@^(SELECT|SHOW)@i', $a_sql_query)) {
254 $complete_query = $sql_query;
255 $display_query = $sql_query;
256 $sql_query = $a_sql_query;
257 require('./sql.php');
258 }
259
260 $result = PMA_mysql_query($a_sql_query);
261 if ($result == FALSE) { // readdump failed
262 if (isset($my_die) && $cfg['IgnoreMultiSubmitErrors']) {
263 $my_die[] = "\n\n" . $a_sql_query;
264 } elseif ($cfg['IgnoreMultiSubmitErrors']) {
265 $my_die = array();
266 $my_die[] = $a_sql_query;
267 } else {
268 $my_die = $a_sql_query;
269 }
270
271 if ($cfg['VerboseMultiSubmit']) {
272 $info_msg .= $a_sql_query . '; # ' . $strError . "\n";
273 $info_count++;
274 }
275
276 if (!$cfg['IgnoreMultiSubmitErrors']) {
277 break;
278 }
279 } else if ($cfg['VerboseMultiSubmit']) {
280 $a_num_rows = (int)@mysql_num_rows($result);
281 $a_aff_rows = (int)@mysql_affected_rows();
282 if ($a_num_rows > 0) {
283 $a_rows = $a_num_rows;
284 $a_switch = $strRows . ': ';
285 } elseif ($a_aff_rows > 0) {
286 $a_rows = $a_aff_rows;
287 $a_switch = $strAffectedRows;;
288 } else {
289 $a_rows = '';
290 $a_switch = $strEmptyResultSet;
291 }
292
293 $info_msg .= $a_sql_query . "; # " . $a_switch . $a_rows . "\n";
294 $info_count++;
295 }
296
297 if (!isset($reload) && preg_match('@^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)@i', $a_sql_query)) {
298 $reload = 1;
299 }
300 } // end for
301
302 if ($cfg['VerboseMultiSubmit'] && strlen($info_msg) > 0 &&
303 ((!isset($save_bandwidth) || $save_bandwidth == FALSE) ||
304 ($save_bandwidth_pieces == 0 && strlen($info_msg) < $save_bandwidth_length) ||
305 ($save_bandwidth_length == 0 && $info_count < $save_bandwidth_pieces))) {
306 $sql_query = $info_msg;
307 }
308
309 } // end else if
310 } // end if (really run the query)
311 unset($pieces);
312 } // end if
313
314
315
316 /**
317 * MySQL error
318 */
319 if (isset($my_die)) {
320 $js_to_run = 'functions.js';
321 require_once('./header.inc.php');
322 if (is_array($my_die)) {
323 foreach($my_die AS $key => $die_string) {
324 PMA_mysqlDie('', $die_string, '', $err_url, FALSE);
325 echo '<hr />';
326 }
327 } else {
328 PMA_mysqlDie('', $my_die, '', $err_url, TRUE);
329 }
330 }
331
332
333 /**
334 * Go back to the calling script
335 */
336 // Checks for a valid target script
337 if (isset($table) && $table == '') {
338 unset($table);
339 }
340 if (isset($db) && $db == '') {
341 unset($db);
342 }
343
344 $is_db = $is_table = FALSE;
345 if ($goto == 'tbl_properties.php') {
346 if (!isset($table)) {
347 $goto = 'db_details.php';
348 } else {
349 PMA_mysql_select_db($db);
350 $is_table = @PMA_mysql_query('SHOW TABLES LIKE \'' . PMA_sqlAddslashes($table, TRUE) . '\'');
351 if (!($is_table && @mysql_numrows($is_table))) {
352 $goto = 'db_details.php';
353 unset($table);
354 }
355 } // end if... else...
356 }
357 if ($goto == 'db_details.php') {
358 if (isset($table)) {
359 unset($table);
360 }
361 if (!isset($db)) {
362 $goto = 'main.php';
363 } else {
364 $is_db = @PMA_mysql_select_db($db);
365 if (!$is_db) {
366 $goto = 'main.php';
367 unset($db);
368 }
369 } // end if... else...
370 }
371 // Defines the message to be displayed
372 if (!empty($id_bookmark) && $action_bookmark == 2) {
373 $message = $strBookmarkDeleted;
374 } else if (!isset($sql_query_cpy)) {
375 if (empty($message)) {
376 $message = $strNoQuery;
377 }
378 } else if ($sql_query_cpy == '') {
379 $message = "$strSuccess&nbsp;:<br />$strTheContent ($pieces_count $strInstructions)&nbsp;";
380 } else {
381 $message = $strSuccess;
382 }
383 // Loads to target script
384 if ($goto == 'db_details.php' || $goto == 'tbl_properties.php') {
385 $js_to_run = 'functions.js';
386 }
387 if ($goto != 'main.php') {
388 require_once('./header.inc.php');
389 }
390 $active_page = $goto;
391 require('./' . $goto);
392 ?>
Mirror of official OpenEMR Sourceforge repository