File: 1.10.3a/server/web/admin.sql.php (View as HTML)

  1: <?php
  2: /* -------------------------------------------------------------
  3: This file is part of FreeNATS
  4: 
  5: FreeNATS is (C) Copyright 2008 PurplePixie Systems
  6: 
  7: FreeNATS is free software: you can redistribute it and/or modify
  8: it under the terms of the GNU General Public License as published by
  9: the Free Software Foundation, either version 3 of the License, or
 10: (at your option) any later version.
 11: 
 12: FreeNATS is distributed in the hope that it will be useful,
 13: but WITHOUT ANY WARRANTY; without even the implied warranty of
 14: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 15: GNU General Public License for more details.
 16: 
 17: You should have received a copy of the GNU General Public License
 18: along with FreeNATS.  If not, see www.gnu.org/licenses
 19: 
 20: For more information see www.purplepixie.org/freenats
 21: -------------------------------------------------------------- */
 22: 
 23: ob_start();
 24: require("include.php");
 25: $NATS->Start();
 26: if (!$NATS_Session->Check($NATS->DB))
 27: 	{
 28: 	header("Location: ./?login_msg=Invalid+Or+Expired+Session");
 29: 	exit();
 30: 	}
 31: if ($NATS_Session->userlevel<9) UL_Error("Admin SQL Interface");
 32: if ($NATS->Cfg->Get("site.enable.adminsql",0)!=1)
 33: 	{
 34: 	header("Location: main.php?message=Admin+SQL+Console+Disabled");
 35: 	exit();
 36: 	}
 37: 
 38: 
 39: 
 40: ob_end_flush();
 41: Screen_Header("Admin SQL Interface",1);
 42: echo "<b>WARNING: This is advanced and unprotected functionality - proceed with caution!</b><br><br>";
 43: 
 44: if (isset($_REQUEST['query'])) $query=$NATS->StripGPC($_REQUEST['query']);
 45: else $query="";
 46: 
 47: echo "<form action=admin.sql.php method=post>";
 48: echo "<input type=hidden name=action value=sql>";
 49: if ($query!="") $t=htmlspecialchars($query);
 50: else $t="SELECT * FROM fnnode LIMIT 0,10";
 51: echo "<textarea cols=70 rows=3 name=query>".$t."</textarea><br>";
 52: echo "<input type=submit value=\"Execute Query\"> <input type=checkbox name=show_data value=1 checked> Show Data | <a href=admin.php>Abandon / Return to Admin Page</a>";
 53: echo "</form><br>";
 54: 
 55: if ( (isset($_REQUEST['action'])) && ($_REQUEST['action']=="sql") )
 56: 	{
 57: 	$q=$query;
 58: 	$type=strtoupper(substr($q,0,strpos($q," ")));
 59: 	echo "<b>Query: </b>".$q."<br>";
 60: 	
 61: 	// sod the NATS-specific DB stuff here...
 62: 	echo "<b>Executing: </b>";
 63: 	$res=mysql_query($q);
 64: 	if (mysql_errno()==0)
 65: 		{
 66: 		echo "Success";
 67: 		$ok=true;
 68: 		}
 69: 	else
 70: 		{
 71: 		echo "Error: ".mysql_error()." (".mysql_errno().")";
 72: 		$ok=false;
 73: 		}
 74: 	echo "<br><br>";
 75: 
 76: 
 77: 	if ($ok)
 78: 		{
 79: 		if (($type=="SELECT")||($type=="SHOW")||($type=="DESCRIBE"))
 80: 			{
 81: 			echo "<b>Returned: </b>";
 82: 			echo mysql_num_rows($res);
 83: 			echo " Rows<br><br>";
 84: 			if (isset($_REQUEST['show_data']))
 85: 				{
 86: 				// show the data here
 87: 				echo "<table width=100% border=1>";
 88: 				$first=true;
 89: 				$keys=array();
 90: 				while ($row=mysql_fetch_array($res))
 91: 					{
 92: 					if ($first)
 93: 						{
 94: 						echo "<tr>";
 95: 						foreach($row as $key => $value)
 96: 							{
 97: 							if (!is_numeric($key))
 98: 								{
 99: 								echo "<td><b>".$key."</b></td>";
100: 								$keys[]=$key;
101: 								}
102: 							}
103: 						echo "</tr>";
104: 						$first=false;
105: 						}
106: 					echo "<tr>";
107: 					foreach($keys as $key)
108: 						{
109: 						echo "<td>".$row[$key]."</td>";
110: 						}
111: 					echo "</tr>";
112: 					}
113: 				echo "</table>";
114: 					
115: 				}
116: 			}
117: 		else
118: 			{
119: 			echo "<b>Affected: </b>";
120: 			echo mysql_affected_rows();
121: 			echo " Rows<br><br>";
122: 			}
123: 		}
124: 	
125: 	}
126: Screen_Footer();
127: ?>
128: