search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
*** empty log message ***
[phpmyadmin/crack.git] / sql.php3
blob0c81268c9541899a10921bbabbd5028559082a6c
1 <?php
2 /* $Id$ */
3
4
5 /**
6 * Gets some core libraries
7 */
8 require('./grab_globals.inc.php3');
9 require('./lib.inc.php3');
10
11
12 /**
13 * Check rights in case of DROP DATABASE
14 */
15 if (!defined('PMA_CHK_DROP')
16 && !$cfgAllowUserDropDatabase
17 && eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE ', $sql_query)) {
18 // Checks if the user is a Superuser
19 // TODO: set a global variable with this information
20 // loic1: optimized query
21 $result = @mysql_query('USE mysql');
22 if (mysql_error()) {
23 include('./header.inc.php3');
24 mysql_die($strNoDropDatabases);
25 } // end if
26 } // end if
27
28
29 /**
30 * Bookmark add
31 */
32 if (isset($store_bkm)) {
33 if (get_magic_quotes_gpc()) {
34 $fields['label'] = stripslashes($fields['label']);
35 }
36 add_bookmarks($fields, $cfgBookmark);
37 header('Location: ' . $cfgPmaAbsoluteUri . $goto);
38 }
39
40
41 /**
42 * Gets the true sql query
43 */
44 // $sql_query has been urlencoded in the confirmation form for drop/delete
45 // queries or in the navigation bar for browsing among records
46 if (isset($btnDrop) || isset($navig)) {
47 $sql_query = urldecode($sql_query);
48 }
49
50
51 /**
52 * Go back to further page if table should not be dropped
53 */
54 if (isset($goto) && $goto == 'sql.php3') {
55 $goto = 'sql.php3'
56 . '?lang=' . $lang
57 . '&server=' . $server
58 . '&db=' . urlencode($db)
59 . '&table=' . urlencode($table)
60 . '&pos=' . $pos
61 . '&sql_query=' . urlencode($sql_query);
62 }
63 if (isset($btnDrop) && $btnDrop == $strNo) {
64 if (!empty($back)) {
65 $goto = $back;
66 }
67 if (file_exists('./' . $goto)) {
68 if ($goto == 'db_details.php3' && !empty($table)) {
69 unset($table);
70 }
71 include('./' . ereg_replace('\.\.*', '.', $goto));
72 } else {
73 header('Location: ' . $cfgPmaAbsoluteUri . $goto);
74 }
75 exit();
76 } // end if
77
78
79 /**
80 * Displays the confirm page if required
81 */
82 $do_confirm = ($cfgConfirm
83 && !isset($btnDrop)
84 && eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)|ALTER TABLE +[[:alnum:]_`]* +DROP|DELETE FROM', $sql_query));
85 if ($do_confirm) {
86 if (get_magic_quotes_gpc()) {
87 $stripped_sql_query = stripslashes($sql_query);
88 } else {
89 $stripped_sql_query = $sql_query;
90 }
91 include('./header.inc.php3');
92 echo $strDoYouReally . '&nbsp;:<br />' . "\n";
93 echo '<tt>' . htmlspecialchars($stripped_sql_query) . '</tt>&nbsp;?<br/>';
94 ?>
95 <form action="sql.php3" method="post" enctype="application/x-www-form-urlencoded">
96 <input type="hidden" name="sql_query" value="<?php echo urlencode($sql_query); ?>" />
97 <input type="hidden" name="server" value="<?php echo $server; ?>" />
98 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
99 <input type="hidden" name="db" value="<?php echo $db; ?>" />
100 <input type="hidden" name="zero_rows" value="<?php echo isset($zero_rows) ? $zero_rows : ''; ?>" />
101 <input type="hidden" name="table" value="<?php echo isset($table) ? $table : ''; ?>" />
102 <input type="hidden" name="goto" value="<?php echo isset($goto) ? $goto : ''; ?>" />
103 <input type="hidden" name="back" value="<?php echo isset($back) ? $back : ''; ?>" />
104 <input type="hidden" name="reload" value="<?php echo isset($reload) ? $reload : ''; ?>" />
105 <input type="hidden" name="show_query" value="<?php echo isset($show_query) ? $show_query : ''; ?>" />
106 <input type="submit" name="btnDrop" value="<?php echo $strYes; ?>" />
107 <input type="submit" name="btnDrop" value="<?php echo $strNo; ?>" />
108 </form>
109 <?php
110 echo "\n";
111 } // end if
112
113
114 /**
115 * Executes the query and displays results
116 */
117 else {
118 if (!isset($sql_query)) {
119 $sql_query = '';
120 } else if (get_magic_quotes_gpc()) {
121 $sql_query = stripslashes($sql_query);
122 }
123
124 // Defines some variables
125 // loic1: A table have to be created -> left frame should be reloaded
126 if (!empty($reload) && eregi('^CREATE TABLE (.*)', $sql_query)) {
127 $reload = 'true';
128 }
129 if (isset($sessionMaxRows)) {
130 $cfgMaxRows = $sessionMaxRows;
131 }
132
133 $is_select = $is_count = $is_delete = $is_insert = $is_affected = FALSE;
134 if (eregi('^SELECT ', $sql_query)) {
135 $is_select = TRUE;
136 $is_count = (eregi('^SELECT COUNT\((.*\.+)?\*\) FROM ', $sql_query));
137 } else if (eregi('^DELETE ', $sql_query)) {
138 $is_delete = TRUE;
139 $is_affected = TRUE;
140 } else if (eregi('^(INSERT|LOAD DATA) ', $sql_query)) {
141 $is_insert = TRUE;
142 $is_affected = TRUE;
143 } else if (eregi('^UPDATE ', $sql_query)) {
144 $is_affected = TRUE;
145 }
146
147 $sql_limit_to_append = (isset($pos)
148 && ($is_select && !$is_count)
149 && !eregi(' LIMIT[ 0-9,]+$', $sql_query))
150 ? " LIMIT $pos, $cfgMaxRows"
151 : '';
152 if (eregi('(.*)( PROCEDURE (.*)| FOR UPDATE| LOCK IN SHARE MODE)$', $sql_query, $regs)) {
153 $full_sql_query = $regs[1] . $sql_limit_to_append . $regs[2];
154 } else {
155 $full_sql_query = $sql_query . $sql_limit_to_append;
156 }
157
158 mysql_select_db($db);
159
160 // If the query is a DELETE query with no WHERE clause, get the number of
161 // rows that will be deleted (mysql_affected_rows will always return 0 in
162 // this case)
163 if ($is_delete
164 && eregi('^DELETE( .+)?( FROM (.+))$', $sql_query, $parts)
165 && !eregi(' WHERE ', $parts[3])) {
166 $OPresult = @mysql_query('SELECT COUNT(*) as count' . $parts[2]);
167 if ($OPresult) {
168 $num_rows = mysql_result($OPresult, 0, 'count');
169 } else {
170 $num_rows = 0;
171 }
172 }
173
174 // Executes the query
175 $result = @mysql_query($full_sql_query);
176
177 // Displays an error message if required and stop parsing the script
178 if (mysql_error()) {
179 $error = mysql_error();
180 include('./header.inc.php3');
181 mysql_die($error, $full_sql_query);
182 }
183
184 // Gets the number of rows affected/returned
185 if (!$is_affected) {
186 $num_rows = @mysql_num_rows($result);
187 } else if (!isset($num_rows)) {
188 $num_rows = @mysql_affected_rows();
189 }
190
191 // Counts the total number of rows for the same 'SELECT' query without the
192 // 'LIMIT' clause that may have been programatically added
193 if (empty($sql_limit_to_append)) {
194 $SelectNumRows = $num_rows;
195 }
196 else if ($is_select) {
197 // reads only the from-part of the query...
198 $array = split(' from | FROM | order | ORDER | having | HAVING | limit | LIMIT | group by | GROUP BY', $sql_query);
199 if (!empty($array[1])) {
200 // ... and makes a count(*) to count the entries
201 $count_query = 'SELECT COUNT(*) AS count FROM ' . $array[1];
202 $OPresult = mysql_query($count_query);
203 if ($OPresult) {
204 $SelectNumRows = mysql_result($OPresult, 0, 'count');
205 }
206 } else {
207 $SelectNumRows = 0;
208 }
209 } // end rows total count
210
211 // No rows returned -> move back to the calling page
212 if ($num_rows < 1 || $is_affected) {
213 if (isset($strYes)) {
214 if (isset($table)
215 && (eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?TABLE[[:space:]]+`?' . $table . '`?[[:space:]]*$', $sql_query))) {
216 unset($table);
217 }
218 if (isset($db)
219 && (eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE[[:space:]]+`?' . $db . '`?[[:space:]]*$', $sql_query))) {
220 unset($db);
221 }
222 }
223 if (file_exists('./' . $goto)) {
224 if ($is_delete) {
225 $message = $strDeletedRows . '&nbsp;' . $num_rows;
226 } else if ($is_insert) {
227 $message = $strInsertedRows . '&nbsp;' . $num_rows;
228 } else if ($is_affected) {
229 $message = $strAffectedRows . '&nbsp;' . $num_rows;
230 } else if (!empty($zero_rows)) {
231 $message = $zero_rows;
232 } else {
233 $message = $strEmptyResultSet;
234 }
235 $goto = ereg_replace('\.\.*', '.', $goto);
236 if ($goto != 'main.php3') {
237 include('./header.inc.php3');
238 }
239 if ($goto == 'db_details.php3' && !empty($table)) {
240 unset($table);
241 }
242 include('./' . $goto);
243 } // end if file_exist
244 else {
245 $message = $zero_rows;
246 header('Location: ' . $cfgPmaAbsoluteUri . $goto);
247 } // end else
248 exit();
249 } // end no rows returned
250
251 // At least one row is returned -> displays a table with results
252 else {
253 // Displays the headers
254 if (isset($show_query)) {
255 unset($show_query);
256 }
257 include('./header.inc.php3');
258 // Defines the display mode if it wasn't passed by url
259 if ($is_count) {
260 $display = 'simple';
261 }
262 if (!isset($display)) {
263 $display = eregi('^((SHOW (VARIABLES|PROCESSLIST|STATUS|TABLE|GRANTS|CREATE|LOGS))|((CHECK|ANALYZE|REPAIR|OPTIMIZE) TABLE ))', $sql_query, $which);
264 if (!empty($which[2]) && !empty($which[3])) {
265 $display = 'simple';
266 } else if (!empty($which[4]) && !empty($which[5])) {
267 $display = 'bkmOnly';
268 }
269 }
270
271 // Displays the results in a table
272 display_table($result, ($display == 'simple' || $display == 'bkmOnly'));
273
274 if ($display != 'simple') {
275 // Insert a new row
276 if ($display != 'bkmOnly') {
277 $url_query = 'lang=' . $lang
278 . '&server=' . $server
279 . '&db=' . urlencode($db)
280 . '&table=' . urlencode($table)
281 . '&pos=' . $pos
282 . '&sql_query=' . urlencode($sql_query)
283 . '&goto=' . urlencode($goto);
284 echo "\n\n";
285 echo '<!-- Insert a new row -->' . "\n";
286 echo '<p>' . "\n";
287 echo ' <a href="tbl_change.php3?' . $url_query . '">' . $strInsertNewRow . '</a>' . "\n";
288 echo '</p>' . "\n";
289 } // end insert row
290
291 // Bookmark Support
292 if ($cfgBookmark['db'] && $cfgBookmark['table'] && empty($id_bookmark)
293 && !empty($sql_query)) {
294 echo "\n";
295 ?>
296 <!-- Bookmark the query -->
297 <script type="text/javascript" language="javascript">
298 <!--
299 var errorMsg0 = '<?php echo(str_replace('\'', '\\\'', $strFormEmpty)); ?>';
300 //-->
301 </script>
302 <form method="post" action="sql.php3" onsubmit="return emptyFormElements(this, 'fields[label]');">
303 <?php
304 echo "\n";
305 if ($display != 'bkmOnly') {
306 echo ' <i>' . $strOr . '</i>' . "\n";
307 }
308 echo ' <br /><br />' . "\n";
309 echo ' ' . $strBookmarkLabel . '&nbsp;:' . "\n";
310 $goto = 'sql.php3'
311 . '?lang=' . $lang
312 . '&server=' . $server
313 . '&db=' . urlencode($db)
314 . '&table=' . urlencode($table)
315 . '&pos=' . $pos
316 . '&sql_query=' . urlencode($sql_query)
317 . '&id_bookmark=1';
318 ?>
319 <input type="hidden" name="goto" value="<?php echo $goto; ?>" />
320 <input type="hidden" name="fields[dbase]" value="<?php echo $db; ?>" />
321 <input type="hidden" name="fields[user]" value="<?php echo $cfgBookmark['user']; ?>" />
322 <input type="hidden" name="fields[query]" value="<?php echo urlencode($sql_query); ?>" />
323 <input type="text" name="fields[label]" value="" />
324 <input type="submit" name="store_bkm" value="<?php echo $strBookmarkThis; ?>" />
325 </form>
326 <?php
327 } // end bookmark support
328 } // end display != simple
329 } // end rows returned
330 } // end executes the query
331 echo "\n\n";
332
333
334 /**
335 * Displays the footer
336 */
337 require('./footer.inc.php3');
338 ?>
Drizzle / GSOC 2011