Example #1
0
function sql()
{
    // General SQL Function
    session_start();
    if (!$_GET['sqlf']) {
        style();
    }
    if ($_POST['un'] && $_POST['pw']) {
        $_SESSION['sql_user'] = $_POST['un'];
        $_SESSION['sql_password'] = $_POST['pw'];
    }
    if ($_POST['host']) {
        $_SESSION['sql_host'] = $_POST['host'];
    } else {
        $_SESSION['sql_host'] = 'localhost';
    }
    if ($_POST['port']) {
        $_SESSION['sql_port'] = $_POST['port'];
    } else {
        $_SESSION['sql_port'] = '3306';
    }
    if ($_SESSION['sql_user'] && $_SESSION['sql_password']) {
        if (!($sqlcon = @mysql_connect($_SESSION['sql_host'] . ':' . $_SESSION['sql_port'], $_SESSION['sql_user'], $_SESSION['sql_password']))) {
            unset($_SESSION['sql_user'], $_SESSION['sql_password'], $_SESSION['sql_host'], $_SESSION['sql_port']);
            echo "Invalid credentials<br>\n";
            die(sqllogin());
        } else {
            $_SESSION['isloggedin'] = "true";
        }
    } else {
        die(sqllogin());
    }
    if ($_GET['db']) {
        mysql_select_db($_GET['db'], $sqlcon);
        if ($_GET['sqlquery']) {
            $dat = mysql_query($_GET['sqlquery'], $sqlcon) or die(mysql_error());
            $num = mysql_num_rows($dat);
            for ($i = 0; $i < $num; $i++) {
                echo mysql_result($dat, $i) . "<br>\n";
            }
        } else {
            if ($_GET['table'] && !$_GET['sqlf']) {
                echo "<a href='?act=sql&db=" . $_GET['db'] . "&table=" . $_GET['table'] . "&sqlf=ins'>Insert Row</a><br><br>\n";
                echo "<table border='1'>";
                $query = "SHOW COLUMNS FROM " . $_GET['table'];
                $result = mysql_query($query, $sqlcon) or die(mysql_error());
                $i = 0;
                $fields = array();
                while ($row = mysql_fetch_assoc($result)) {
                    array_push($fields, $row['Field']);
                    echo "<th>" . $fields[$i];
                    $i++;
                }
                $result = mysql_query("SELECT * FROM " . $_GET['table'], $sqlcon) or die(mysql_error());
                $num_rows = mysql_num_rows($result) or die(mysql_error());
                $y = 0;
                for ($x = 1; $x <= $num_rows + 1; $x++) {
                    if (!$_GET['p']) {
                        $_GET['p'] = 1;
                    }
                    if ($_GET['p']) {
                        if ($y > 30 * ($_GET['p'] - 1) && $y <= 30 * $_GET['p']) {
                            echo "<tr>";
                            for ($i = 0; $i < count($fields); $i++) {
                                $query = "SELECT " . $fields[$i] . " FROM " . $_GET['table'] . " WHERE " . $fields[0] . " = '" . $x . "'";
                                $dat = mysql_query($query, $sqlcon) or die(mysql_error());
                                while ($row = mysql_fetch_row($dat)) {
                                    echo "<td>" . $row[0] . "</td>";
                                }
                            }
                            echo "</tr>\n";
                        }
                    }
                    $y++;
                }
                echo "</table>\n";
                for ($z = 1; $z <= ceil($num_rows / 30); $z++) {
                    echo "<a href='?act=sql&db=" . $_GET['db'] . "&table=" . $_GET['table'] . "&p=" . $z . "'>" . $z . "</a> | ";
                }
            } elseif ($_GET['table'] && $_GET['sqlf']) {
                switch ($_GET['sqlf']) {
                    case "dl":
                        sqldownload();
                        break;
                    case "ins":
                        sqlinsert();
                        break;
                    default:
                        $_GET['sqlf'] = "";
                }
            } else {
                echo "<table>";
                $query = "SHOW TABLES FROM " . $_GET['db'];
                $dat = mysql_query($query, $sqlcon) or die(mysql_error());
                while ($row = mysql_fetch_row($dat)) {
                    echo "<tr><td><a href='?act=sql&db=" . $_GET['db'] . "&table=" . $row[0] . "'>" . $row[0] . "</a></td><td>[<a href='?act=sql&db=" . $_GET['db'] . "&table=" . $row[0] . "&sqlf=dl'>Download</a>]</td></tr>\n";
                }
                echo "</table>";
            }
        }
    } else {
        $dbs = mysql_list_dbs($sqlcon);
        while ($row = mysql_fetch_object($dbs)) {
            echo "<a href='?act=sql&db=" . $row->Database . "'>" . $row->Database . "</a><br>\n";
        }
    }
    mysql_close($sqlcon);
}
Example #2
0
    /* execute multi query */
    $sql = "SELECT * FROM users WHERE username='******' and password='******'";
    if (@mysqli_multi_query($con1, $sql)) {
        /* store first result set */
        if ($result = @mysqli_store_result($con1)) {
            if ($row = @mysqli_fetch_row($result)) {
                if ($row[1]) {
                    return $row[1];
                } else {
                    return 0;
                }
            }
        }
    }
}
$login = sqllogin($host, $dbuser, $dbpass, $dbname);
if (!$login == 0) {
    $_SESSION["username"] = $login;
    setcookie("Auth", 1, time() + 3600);
    /* expire in 15 Minutes */
    header('Location: logged-in.php');
} else {
    ?>
<tr><td colspan="2" style="text-align:center;"><br/><p style="color:#FF0000;">
<center>
<img src="../images/slap1.jpg">
</center>
</p></td></tr>
<?php 
}
?>
Example #3
0
function sqllogin()
{
    $username = mysql_real_escape_string($_POST["login_user"]);
    $password = mysql_real_escape_string($_POST["login_password"]);
    $sql = "SELECT * FROM users WHERE username='******' and password='******'";
    //$sql = "SELECT COUNT(*) FROM users WHERE username='******' and password='******'";
    $res = mysql_query($sql) or die('You tried to be real smart, Try harder!!!! :( ');
    $row = mysql_fetch_row($res);
    //print_r($row) ;
    if ($row[1]) {
        return $row[1];
    } else {
        return 0;
    }
}
$login = sqllogin();
if (!$login == 0) {
    $_SESSION["username"] = $login;
    setcookie("Auth", 1, time() + 3600);
    /* expire in 15 Minutes */
    header('Location: logged-in.php');
} else {
    ?>
<tr><td colspan="2" style="text-align:center;"><br/><p style="color:#FF0000;">
<center>
<img src="../images/slap1.jpg">
</center>
</p></td></tr>
<?php 
}
?>