Viewing File server/web/admin.sql.php of 0.02.67a
|
1: <?php 2: /* ------------------------------------------------------------- 3: This file is part of FreeNATS 4: 5: FreeNATS is (C) Copyright 2008 PurplePixie Systems 6: 7: FreeNATS is free software: you can redistribute it and/or modify 8: it under the terms of the GNU General Public License as published by 9: the Free Software Foundation, either version 3 of the License, or 10: (at your option) any later version. 11: 12: FreeNATS is distributed in the hope that it will be useful, 13: but WITHOUT ANY WARRANTY; without even the implied warranty of 14: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15: GNU General Public License for more details. 16: 17: You should have received a copy of the GNU General Public License 18: along with FreeNATS. If not, see www.gnu.org/licenses 19: 20: For more information see www.purplepixie.org/freenats 21: -------------------------------------------------------------- */ 22: 23: ob_start(); 24: require("include.php"); 25: $NATS->Start(); 26: if (!$NATS_Session->Check($NATS->DB)) 27: { 28: header("Location: ./?login_msg=Invalid+Or+Expired+Session"); 29: exit(); 30: } 31: if ($NATS_Session->userlevel<9) UL_Error("Admin SQL Interface"); 32: if ($NATS->Cfg->Get("site.enable.adminsql",0)!=1) 33: { 34: header("Location: main.php?message=Admin+SQL+Console+Disabled"); 35: exit(); 36: } 37: 38: 39: 40: ob_end_flush(); 41: Screen_Header("Admin SQL Interface",1); 42: echo "<b>WARNING: This is advanced and unprotected functionality - proceed with caution!</b><br><br>"; 43: 44: echo "<form action=admin.sql.php method=post>"; 45: echo "<input type=hidden name=action value=sql>"; 46: if (isset($_REQUEST['query'])) $t=htmlspecialchars($_REQUEST['query']); 47: else $t="SELECT * FROM fnnode LIMIT 0,10"; 48: echo "<textarea cols=70 rows=3 name=query>".$t."</textarea><br>"; 49: echo "<input type=submit value=\"Execute Query\"> <input type=checkbox name=show_data value=1 checked> Show Data | <a href=admin.php>Abandon / Return to Admin Page</a>"; 50: echo "</form><br>"; 51: 52: if ( (isset($_REQUEST['action'])) && ($_REQUEST['action']=="sql") ) 53: { 54: $q=$_REQUEST['query']; 55: $type=strtoupper(substr($q,0,strpos($q," "))); 56: echo "<b>Query: </b>".$q."<br>"; 57: 58: // sod the NATS-specific DB stuff here... 59: echo "<b>Executing: </b>"; 60: $res=mysql_query($q); 61: if (mysql_errno()==0) 62: { 63: echo "Success"; 64: $ok=true; 65: } 66: else 67: { 68: echo "Error: ".mysql_error()." (".mysql_errno().")"; 69: $ok=false; 70: } 71: echo "<br><br>"; 72: 73: 74: if ($ok) 75: { 76: if (($type=="SELECT")||($type=="SHOW")||($type=="DESCRIBE")) 77: { 78: echo "<b>Returned: </b>"; 79: echo mysql_num_rows($res); 80: echo " Rows<br><br>"; 81: if (isset($_REQUEST['show_data'])) 82: { 83: // show the data here 84: echo "<table width=100% border=1>"; 85: $first=true; 86: $keys=array(); 87: while ($row=mysql_fetch_array($res)) 88: { 89: if ($first) 90: { 91: echo "<tr>"; 92: foreach($row as $key => $value) 93: { 94: if (!is_numeric($key)) 95: { 96: echo "<td><b>".$key."</b></td>"; 97: $keys[]=$key; 98: } 99: } 100: echo "</tr>"; 101: $first=false; 102: } 103: echo "<tr>"; 104: foreach($keys as $key) 105: { 106: echo "<td>".$row[$key]."</td>"; 107: } 108: echo "</tr>"; 109: } 110: echo "</table>"; 111: 112: } 113: } 114: else 115: { 116: echo "<b>Affected: </b>"; 117: echo mysql_affected_rows(); 118: echo " Rows<br><br>"; 119: } 120: } 121: 122: } 123: Screen_Footer(); 124: ?> 125: