File: 1.00.3a/server/web/admin.sql.php (View as HTML)

  1: <?php
  2: /* -------------------------------------------------------------
  3: This file is part of FreeNATS
  4: 
  5: FreeNATS is (C) Copyright 2008 PurplePixie Systems
  6: 
  7: FreeNATS is free software: you can redistribute it and/or modify
  8: it under the terms of the GNU General Public License as published by
  9: the Free Software Foundation, either version 3 of the License, or
 10: (at your option) any later version.
 11: 
 12: FreeNATS is distributed in the hope that it will be useful,
 13: but WITHOUT ANY WARRANTY; without even the implied warranty of
 14: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 15: GNU General Public License for more details.
 16: 
 17: You should have received a copy of the GNU General Public License
 18: along with FreeNATS.  If not, see www.gnu.org/licenses
 19: 
 20: For more information see www.purplepixie.org/freenats
 21: -------------------------------------------------------------- */
 22: 
 23: ob_start();
 24: require("include.php");
 25: $NATS->Start();
 26: if (!$NATS_Session->Check($NATS->DB))
 27: 	{
 28: 	header("Location: ./?login_msg=Invalid+Or+Expired+Session");
 29: 	exit();
 30: 	}
 31: if ($NATS_Session->userlevel<9) UL_Error("Admin SQL Interface");
 32: if ($NATS->Cfg->Get("site.enable.adminsql",0)!=1)
 33: 	{
 34: 	header("Location: main.php?message=Admin+SQL+Console+Disabled");
 35: 	exit();
 36: 	}
 37: 
 38: 
 39: 
 40: ob_end_flush();
 41: Screen_Header("Admin SQL Interface",1);
 42: echo "<b>WARNING: This is advanced and unprotected functionality - proceed with caution!</b><br><br>";
 43: 
 44: echo "<form action=admin.sql.php method=post>";
 45: echo "<input type=hidden name=action value=sql>";
 46: if (isset($_REQUEST['query'])) $t=htmlspecialchars($_REQUEST['query']);
 47: else $t="SELECT * FROM fnnode LIMIT 0,10";
 48: echo "<textarea cols=70 rows=3 name=query>".$t."</textarea><br>";
 49: echo "<input type=submit value=\"Execute Query\"> <input type=checkbox name=show_data value=1 checked> Show Data | <a href=admin.php>Abandon / Return to Admin Page</a>";
 50: echo "</form><br>";
 51: 
 52: if ( (isset($_REQUEST['action'])) && ($_REQUEST['action']=="sql") )
 53: 	{
 54: 	$q=$_REQUEST['query'];
 55: 	$type=strtoupper(substr($q,0,strpos($q," ")));
 56: 	echo "<b>Query: </b>".$q."<br>";
 57: 	
 58: 	// sod the NATS-specific DB stuff here...
 59: 	echo "<b>Executing: </b>";
 60: 	$res=mysql_query($q);
 61: 	if (mysql_errno()==0)
 62: 		{
 63: 		echo "Success";
 64: 		$ok=true;
 65: 		}
 66: 	else
 67: 		{
 68: 		echo "Error: ".mysql_error()." (".mysql_errno().")";
 69: 		$ok=false;
 70: 		}
 71: 	echo "<br><br>";
 72: 
 73: 
 74: 	if ($ok)
 75: 		{
 76: 		if (($type=="SELECT")||($type=="SHOW")||($type=="DESCRIBE"))
 77: 			{
 78: 			echo "<b>Returned: </b>";
 79: 			echo mysql_num_rows($res);
 80: 			echo " Rows<br><br>";
 81: 			if (isset($_REQUEST['show_data']))
 82: 				{
 83: 				// show the data here
 84: 				echo "<table width=100% border=1>";
 85: 				$first=true;
 86: 				$keys=array();
 87: 				while ($row=mysql_fetch_array($res))
 88: 					{
 89: 					if ($first)
 90: 						{
 91: 						echo "<tr>";
 92: 						foreach($row as $key => $value)
 93: 							{
 94: 							if (!is_numeric($key))
 95: 								{
 96: 								echo "<td><b>".$key."</b></td>";
 97: 								$keys[]=$key;
 98: 								}
 99: 							}
100: 						echo "</tr>";
101: 						$first=false;
102: 						}
103: 					echo "<tr>";
104: 					foreach($keys as $key)
105: 						{
106: 						echo "<td>".$row[$key]."</td>";
107: 						}
108: 					echo "</tr>";
109: 					}
110: 				echo "</table>";
111: 					
112: 				}
113: 			}
114: 		else
115: 			{
116: 			echo "<b>Affected: </b>";
117: 			echo mysql_affected_rows();
118: 			echo " Rows<br><br>";
119: 			}
120: 		}
121: 	
122: 	}
123: Screen_Footer();
124: ?>
125: