/**
* Saves user preferences
*
* @param array $config_array configuration array
*
* @return true|PMA\libraries\Message
*/
function PMA_saveUserprefs(array $config_array)
{
$cfgRelation = PMA_getRelationsParam();
$server = isset($GLOBALS['server']) ? $GLOBALS['server'] : $GLOBALS['cfg']['ServerDefault'];
$cache_key = 'server_' . $server;
if (!$cfgRelation['userconfigwork']) {
// no pmadb table, use session storage
$_SESSION['userconfig'] = array('db' => $config_array, 'ts' => time());
if (isset($_SESSION['cache'][$cache_key]['userprefs'])) {
unset($_SESSION['cache'][$cache_key]['userprefs']);
}
return true;
}
// save configuration to pmadb
$query_table = PMA\libraries\Util::backquote($cfgRelation['db']) . '.' . PMA\libraries\Util::backquote($cfgRelation['userconfig']);
$query = 'SELECT `username` FROM ' . $query_table . ' WHERE `username` = \'' . PMA\libraries\Util::sqlAddSlashes($cfgRelation['user']) . '\'';
$has_config = $GLOBALS['dbi']->fetchValue($query, 0, 0, $GLOBALS['controllink']);
$config_data = json_encode($config_array);
if ($has_config) {
$query = 'UPDATE ' . $query_table . ' SET `timevalue` = NOW(), `config_data` = \'' . PMA\libraries\Util::sqlAddSlashes($config_data) . '\'' . ' WHERE `username` = \'' . PMA\libraries\Util::sqlAddSlashes($cfgRelation['user']) . '\'';
} else {
$query = 'INSERT INTO ' . $query_table . ' (`username`, `timevalue`,`config_data`) ' . 'VALUES (\'' . PMA\libraries\Util::sqlAddSlashes($cfgRelation['user']) . '\', NOW(), ' . '\'' . PMA\libraries\Util::sqlAddSlashes($config_data) . '\')';
}
if (isset($_SESSION['cache'][$cache_key]['userprefs'])) {
unset($_SESSION['cache'][$cache_key]['userprefs']);
}
if (!$GLOBALS['dbi']->tryQuery($query, $GLOBALS['controllink'])) {
$message = Message::error(__('Could not save configuration'));
$message->addMessage('<br /><br />');
$message->addMessage(Message::rawError($GLOBALS['dbi']->getError($GLOBALS['controllink'])));
return $message;
}
return true;
}
/**
* Retrieve IDs and names of schema pages
*
* @param string $db database name
*
* @return array array of schema page id and names
*/
function PMA_getPageIdsAndNames($db)
{
$cfgRelation = PMA_getRelationsParam();
$page_query = "SELECT `page_nr`, `page_descr` FROM " . PMA\libraries\Util::backquote($cfgRelation['db']) . "." . PMA\libraries\Util::backquote($cfgRelation['pdf_pages']) . " WHERE db_name = '" . PMA\libraries\Util::sqlAddSlashes($db) . "'" . " ORDER BY `page_descr`";
$page_rs = PMA_queryAsControlUser($page_query, false, PMA\libraries\DatabaseInterface::QUERY_STORE);
$result = array();
while ($curr_page = $GLOBALS['dbi']->fetchAssoc($page_rs)) {
$result[$curr_page['page_nr']] = $curr_page['page_descr'];
}
return $result;
}
/**
* sqlAddslashes test
*
* @return void
*/
public function testAddSlashes()
{
$string = "\\'test''\\''\\'\r\t\n";
$this->assertEquals("\\\\\\\\\\'test\\'\\'\\\\\\\\\\'\\'\\\\\\\\\\'\\r\\t\\n", PMA\libraries\Util::sqlAddSlashes($string, true, true, true));
$this->assertEquals("\\\\\\\\''test''''\\\\\\\\''''\\\\\\\\''\\r\\t\\n", PMA\libraries\Util::sqlAddSlashes($string, true, true, false));
$this->assertEquals("\\\\\\\\\\'test\\'\\'\\\\\\\\\\'\\'\\\\\\\\\\'\r\t\n", PMA\libraries\Util::sqlAddSlashes($string, true, false, true));
$this->assertEquals("\\\\\\\\''test''''\\\\\\\\''''\\\\\\\\''\r\t\n", PMA\libraries\Util::sqlAddSlashes($string, true, false, false));
$this->assertEquals("\\\\\\'test\\'\\'\\\\\\'\\'\\\\\\'\\r\\t\\n", PMA\libraries\Util::sqlAddSlashes($string, false, true, true));
$this->assertEquals("\\\\''test''''\\\\''''\\\\''\\r\\t\\n", PMA\libraries\Util::sqlAddSlashes($string, false, true, false));
$this->assertEquals("\\\\\\'test\\'\\'\\\\\\'\\'\\\\\\'\r\t\n", PMA\libraries\Util::sqlAddSlashes($string, false, false, true));
$this->assertEquals("\\\\''test''''\\\\''''\\\\''\r\t\n", PMA\libraries\Util::sqlAddSlashes($string, false, false, false));
}
/**
* Get Ajax return when $_REQUEST['type'] === 'setval'
*
* @param Array $variable_doc_links documentation links
*
* @return null
*/
function PMA_getAjaxReturnForSetVal($variable_doc_links)
{
$response = PMA\libraries\Response::getInstance();
$value = $_REQUEST['varValue'];
$matches = array();
if (isset($variable_doc_links[$_REQUEST['varName']][3]) && $variable_doc_links[$_REQUEST['varName']][3] == 'byte' && preg_match('/^\\s*(\\d+(\\.\\d+)?)\\s*(mb|kb|mib|kib|gb|gib)\\s*$/i', $value, $matches)) {
$exp = array('kb' => 1, 'kib' => 1, 'mb' => 2, 'mib' => 2, 'gb' => 3, 'gib' => 3);
$value = floatval($matches[1]) * PMA\libraries\Util::pow(1024, $exp[mb_strtolower($matches[3])]);
} else {
$value = PMA\libraries\Util::sqlAddSlashes($value);
}
if (!is_numeric($value)) {
$value = "'" . $value . "'";
}
if (!preg_match("/[^a-zA-Z0-9_]+/", $_REQUEST['varName']) && $GLOBALS['dbi']->query('SET GLOBAL ' . $_REQUEST['varName'] . ' = ' . $value)) {
// Some values are rounded down etc.
$varValue = $GLOBALS['dbi']->fetchSingleRow('SHOW GLOBAL VARIABLES WHERE Variable_name="' . PMA\libraries\Util::sqlAddSlashes($_REQUEST['varName']) . '";', 'NUM');
$response->addJSON('variable', PMA_formatVariable($_REQUEST['varName'], $varValue[1], $variable_doc_links));
} else {
$response->setRequestStatus(false);
$response->addJSON('error', __('Setting variable failed'));
}
}
exit;
}
/**
* get master replication from server
*/
$server_master_replication = $GLOBALS['dbi']->fetchResult('SHOW MASTER STATUS');
/**
* set selected master server
*/
if (!empty($_REQUEST['master_connection'])) {
/**
* check for multi-master replication functionality
*/
$server_slave_multi_replication = $GLOBALS['dbi']->fetchResult('SHOW ALL SLAVES STATUS');
if ($server_slave_multi_replication) {
$GLOBALS['dbi']->query("SET @@default_master_connection = '" . PMA\libraries\Util::sqlAddSlashes($_REQUEST['master_connection']) . "'");
$GLOBALS['url_params']['master_connection'] = $_REQUEST['master_connection'];
}
}
/**
* get slave replication from server
*/
$server_slave_replication = $GLOBALS['dbi']->fetchResult('SHOW SLAVE STATUS');
/**
* replication types
*/
$replication_types = array('master', 'slave');
/**
* define variables for master status
*/
$master_variables = array('File', 'Position', 'Binlog_Do_DB', 'Binlog_Ignore_DB');
/**
* Replace the placeholders in the bookmark query with variables
*
* @param string $query bookmarked query
*
* @return string query with variables applied
*/
function PMA_Bookmark_applyVariables($query)
{
// remove comments that encloses a variable placeholder
$query = preg_replace('|/\\*(.*\\[VARIABLE[0-9]*\\].*)\\*/|imsU', '${1}', $query);
// replace variable placeholders with values
$number_of_variables = PMA_Bookmark_getVariableCount($query);
for ($i = 1; $i <= $number_of_variables; $i++) {
$var = '';
if (!empty($_REQUEST['bookmark_variable'][$i])) {
$var = PMA\libraries\Util::sqlAddSlashes($_REQUEST['bookmark_variable'][$i]);
}
$query = str_replace('[VARIABLE' . $i . ']', $var, $query);
// backward compatibility
if ($i == 1) {
$query = str_replace('[VARIABLE]', $var, $query);
}
}
return $query;
}
if (!isset($_SESSION['is_multi_query'])) {
$_SESSION['is_multi_query'] = false;
}
$ajax_reload = array();
// Are we just executing plain query or sql file?
// (eg. non import, but query box/window run)
if (!empty($sql_query)) {
// apply values for parameters
if (!empty($_REQUEST['parameterized']) && !empty($_REQUEST['parameters']) && is_array($_REQUEST['parameters'])) {
$parameters = $_REQUEST['parameters'];
foreach ($parameters as $parameter => $replacement) {
$quoted = preg_quote($parameter);
// making sure that :param does not apply values to :param1
$sql_query = preg_replace('/' . $quoted . '([^a-zA-Z0-9_])/', PMA\libraries\Util::sqlAddSlashes($replacement) . '${1}', $sql_query);
// for parameters the appear at the end of the string
$sql_query = preg_replace('/' . $quoted . '$/', PMA\libraries\Util::sqlAddSlashes($replacement), $sql_query);
}
}
// run SQL query
$import_text = $sql_query;
$import_type = 'query';
$format = 'sql';
$_SESSION['sql_from_query_box'] = true;
// If there is a request to ROLLBACK when finished.
if (isset($_REQUEST['rollback_query'])) {
PMA_handleRollbackRequest($import_text);
}
// refresh navigation and main panels
if (preg_match('/^(DROP)\\s+(VIEW|TABLE|DATABASE|SCHEMA)\\s+/i', $sql_query)) {
$GLOBALS['reload'] = true;
$ajax_reload['reload'] = true;
/**
* Display tracked tables
*
* @param string $db current database
* @param object $all_tables_result result set of tracked tables
* @param string $url_query url query string
* @param string $pmaThemeImage path to theme's image folder
* @param string $text_dir text direction
* @param array $cfgRelation configuration storage info
*
* @return void
*/
function PMA_displayTrackedTables($db, $all_tables_result, $url_query, $pmaThemeImage, $text_dir, $cfgRelation)
{
?>
<div id="tracked_tables">
<h3><?php
echo __('Tracked tables');
?>
</h3>
<form method="post" action="db_tracking.php" name="trackedForm"
id="trackedForm" class="ajax">
<?php
echo URL::getHiddenInputs($db);
?>
<table id="versions" class="data">
<thead>
<tr>
<th></th>
<th><?php
echo __('Table');
?>
</th>
<th><?php
echo __('Last version');
?>
</th>
<th><?php
echo __('Created');
?>
</th>
<th><?php
echo __('Updated');
?>
</th>
<th><?php
echo __('Status');
?>
</th>
<th><?php
echo __('Action');
?>
</th>
<th><?php
echo __('Show');
?>
</th>
</tr>
</thead>
<tbody>
<?php
// Print out information about versions
$delete = PMA\libraries\Util::getIcon('b_drop.png', __('Delete tracking'));
$versions = PMA\libraries\Util::getIcon('b_versions.png', __('Versions'));
$report = PMA\libraries\Util::getIcon('b_report.png', __('Tracking report'));
$structure = PMA\libraries\Util::getIcon('b_props.png', __('Structure snapshot'));
$style = 'odd';
while ($one_result = $GLOBALS['dbi']->fetchArray($all_tables_result)) {
list($table_name, $version_number) = $one_result;
$table_query = ' SELECT * FROM ' . PMA\libraries\Util::backquote($cfgRelation['db']) . '.' . PMA\libraries\Util::backquote($cfgRelation['tracking']) . ' WHERE `db_name` = \'' . PMA\libraries\Util::sqlAddSlashes($_REQUEST['db']) . '\' AND `table_name` = \'' . PMA\libraries\Util::sqlAddSlashes($table_name) . '\' AND `version` = \'' . $version_number . '\'';
$table_result = PMA_queryAsControlUser($table_query);
$version_data = $GLOBALS['dbi']->fetchArray($table_result);
$tbl_link = 'tbl_tracking.php' . $url_query . '&table=' . htmlspecialchars($version_data['table_name']);
$delete_link = 'db_tracking.php' . $url_query . '&table=' . htmlspecialchars($version_data['table_name']) . '&delete_tracking=true&';
$checkbox_id = "selected_tbl_" . htmlspecialchars($version_data['table_name']);
?>
<tr class="<?php
echo $style;
?>
">
<td class="center">
<input type="checkbox" name="selected_tbl[]"
class="checkall" id="<?php
echo $checkbox_id;
?>
"
value="<?php
echo htmlspecialchars($version_data['table_name']);
?>
"/>
</td>
<th>
<label for="<?php
echo $checkbox_id;
?>
">
<?php
echo htmlspecialchars($version_data['table_name']);
?>
</label>
</th>
<td class="right"><?php
echo $version_data['version'];
?>
</td>
<td><?php
echo $version_data['date_created'];
?>
</td>
<td><?php
echo $version_data['date_updated'];
?>
</td>
<td>
<?php
PMA_displayStatusButton($version_data, $tbl_link);
?>
</td>
<td>
<a class="delete_tracking_anchor ajax"
href="<?php
echo $delete_link;
?>
" >
<?php
echo $delete;
?>
</a>
<?php
echo '</td>', '<td>', '<a href="', $tbl_link, '">', $versions, '</a>', ' ', '<a href="', $tbl_link, '&report=true&version=', $version_data['version'], '">', $report, '</a>', ' ', '<a href="' . $tbl_link, '&snapshot=true&version=', $version_data['version'], '">', $structure, '</a>', '</td>', '</tr>';
if ($style == 'even') {
$style = 'odd';
} else {
$style = 'even';
}
}
?>
</tbody>
</table>
<?php
echo PMA\libraries\Template::get('select_all')->render(array('pmaThemeImage' => $pmaThemeImage, 'text_dir' => $text_dir, 'formName' => 'trackedForm'));
echo PMA\libraries\Util::getButtonOrImage('submit_mult', 'mult_submit', __('Delete tracking'), 'b_drop.png', 'delete_tracking');
?>
</form>
</div>
<?php
}
if (isset($_REQUEST['templateAction']) && $cfgRelation['exporttemplateswork']) {
if (isset($_REQUEST['templateId'])) {
$templateId = $_REQUEST['templateId'];
$id = PMA\libraries\Util::sqlAddSlashes($templateId);
}
$templateTable = PMA\libraries\Util::backquote($cfgRelation['db']) . '.' . PMA\libraries\Util::backquote($cfgRelation['export_templates']);
$user = PMA\libraries\Util::sqlAddSlashes($GLOBALS['cfg']['Server']['user']);
switch ($_REQUEST['templateAction']) {
case 'create':
$query = "INSERT INTO " . $templateTable . "(" . " `username`, `export_type`," . " `template_name`, `template_data`" . ") VALUES (" . "'" . $user . "', " . "'" . PMA\libraries\Util::sqlAddSlashes($_REQUEST['exportType']) . "', " . "'" . PMA\libraries\Util::sqlAddSlashes($_REQUEST['templateName']) . "', " . "'" . PMA\libraries\Util::sqlAddSlashes($_REQUEST['templateData']) . "');";
break;
case 'load':
$query = "SELECT `template_data` FROM " . $templateTable . " WHERE `id` = " . $id . " AND `username` = '" . $user . "'";
break;
case 'update':
$query = "UPDATE " . $templateTable . " SET `template_data` = " . "'" . PMA\libraries\Util::sqlAddSlashes($_REQUEST['templateData']) . "'" . " WHERE `id` = " . $id . " AND `username` = '" . $user . "'";
break;
case 'delete':
$query = "DELETE FROM " . $templateTable . " WHERE `id` = " . $id . " AND `username` = '" . $user . "'";
break;
default:
break;
}
$result = PMA_queryAsControlUser($query, false);
$response = PMA\libraries\Response::getInstance();
if (!$result) {
$error = $GLOBALS['dbi']->getError($GLOBALS['controllink']);
$response->setRequestStatus(false);
$response->addJSON('message', $error);
exit;
}
/**
* Cleanup user related relation stuff
*
* @param string $username username
*
* @return void
*/
function PMA_relationsCleanupUser($username)
{
$cfgRelation = PMA_getRelationsParam();
if ($cfgRelation['bookmarkwork']) {
$remove_query = "DELETE FROM " . PMA\libraries\Util::backquote($cfgRelation['db']) . "." . PMA\libraries\Util::backquote($cfgRelation['bookmark']) . " WHERE `user` = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'";
PMA_queryAsControlUser($remove_query);
}
if ($cfgRelation['historywork']) {
$remove_query = "DELETE FROM " . PMA\libraries\Util::backquote($cfgRelation['db']) . "." . PMA\libraries\Util::backquote($cfgRelation['history']) . " WHERE `username` = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'";
PMA_queryAsControlUser($remove_query);
}
if ($cfgRelation['recentwork']) {
$remove_query = "DELETE FROM " . PMA\libraries\Util::backquote($cfgRelation['db']) . "." . PMA\libraries\Util::backquote($cfgRelation['recent']) . " WHERE `username` = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'";
PMA_queryAsControlUser($remove_query);
}
if ($cfgRelation['favoritework']) {
$remove_query = "DELETE FROM " . PMA\libraries\Util::backquote($cfgRelation['db']) . "." . PMA\libraries\Util::backquote($cfgRelation['favorite']) . " WHERE `username` = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'";
PMA_queryAsControlUser($remove_query);
}
if ($cfgRelation['uiprefswork']) {
$remove_query = "DELETE FROM " . PMA\libraries\Util::backquote($cfgRelation['db']) . "." . PMA\libraries\Util::backquote($cfgRelation['table_uiprefs']) . " WHERE `username` = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'";
PMA_queryAsControlUser($remove_query);
}
if ($cfgRelation['userconfigwork']) {
$remove_query = "DELETE FROM " . PMA\libraries\Util::backquote($cfgRelation['db']) . "." . PMA\libraries\Util::backquote($cfgRelation['userconfig']) . " WHERE `username` = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'";
PMA_queryAsControlUser($remove_query);
}
if ($cfgRelation['menuswork']) {
$remove_query = "DELETE FROM " . PMA\libraries\Util::backquote($cfgRelation['db']) . "." . PMA\libraries\Util::backquote($cfgRelation['users']) . " WHERE `username` = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'";
PMA_queryAsControlUser($remove_query);
}
if ($cfgRelation['navwork']) {
$remove_query = "DELETE FROM " . PMA\libraries\Util::backquote($cfgRelation['db']) . "." . PMA\libraries\Util::backquote($cfgRelation['navigationhiding']) . " WHERE `username` = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'";
PMA_queryAsControlUser($remove_query);
}
if ($cfgRelation['savedsearcheswork']) {
$remove_query = "DELETE FROM " . PMA\libraries\Util::backquote($cfgRelation['db']) . "." . PMA\libraries\Util::backquote($cfgRelation['savedsearches']) . " WHERE `username` = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'";
PMA_queryAsControlUser($remove_query);
}
if ($cfgRelation['designersettingswork']) {
$remove_query = "DELETE FROM " . PMA\libraries\Util::backquote($cfgRelation['db']) . "." . PMA\libraries\Util::backquote($cfgRelation['designer_settings']) . " WHERE `username` = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'";
PMA_queryAsControlUser($remove_query);
}
}
/**
* Changes password for a user
*
* @param string $username Username
* @param string $hostname Hostname
* @param string $password Password
* @param string $sql_query SQL query
* @param string $hashing_function Hashing function
* @param string $orig_auth_plugin Original Authentication Plugin
*
* @return void
*/
function PMA_changePassUrlParamsAndSubmitQuery($username, $hostname, $password, $sql_query, $hashing_function, $orig_auth_plugin)
{
$err_url = 'user_password.php' . PMA_URL_getCommon();
$serverType = PMA\libraries\Util::getServerType();
if ($serverType == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706) {
$local_query = 'ALTER USER \'' . $username . '\'@\'' . $hostname . '\'' . ' IDENTIFIED with ' . $orig_auth_plugin . ' BY ' . ($password == '' ? '\'\'' : '\'' . PMA\libraries\Util::sqlAddSlashes($password) . '\'');
} else {
if ($serverType == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 50200 && PMA_MYSQL_INT_VERSION < 100100 && $orig_auth_plugin !== '') {
if ($orig_auth_plugin == 'mysql_native_password') {
// Set the hashing method used by PASSWORD()
// to be 'mysql_native_password' type
$GLOBALS['dbi']->tryQuery('SET old_passwords = 0;');
} else {
if ($orig_auth_plugin == 'sha256_password') {
// Set the hashing method used by PASSWORD()
// to be 'sha256_password' type
$GLOBALS['dbi']->tryQuery('SET `old_passwords` = 2;');
}
}
$hashedPassword = PMA_getHashedPassword($_POST['pma_pw']);
$local_query = "UPDATE `mysql`.`user` SET" . " `authentication_string` = '" . $hashedPassword . "', `Password` = '', " . " `plugin` = '" . $orig_auth_plugin . "'" . " WHERE `User` = '" . $username . "' AND Host = '" . $hostname . "';";
} else {
$local_query = 'SET password = '******'' ? '\'\'' : $hashing_function . '(\'' . PMA\libraries\Util::sqlAddSlashes($password) . '\')');
}
}
if (!@$GLOBALS['dbi']->tryQuery($local_query)) {
PMA\libraries\Util::mysqlDie($GLOBALS['dbi']->getError(), $sql_query, false, $err_url);
}
// Flush privileges after successful password change
$GLOBALS['dbi']->tryQuery("FLUSH PRIVILEGES;");
}
/**
* Function to get the default sql query for browsing page
*
* @param String $db the current database
* @param String $table the current table
*
* @return String $sql_query the default $sql_query for browse page
*/
function PMA_getDefaultSqlQueryForBrowse($db, $table)
{
include_once 'libraries/bookmark.lib.php';
$book_sql_query = PMA_Bookmark_get($db, '\'' . PMA\libraries\Util::sqlAddSlashes($table) . '\'', 'label', false, true);
if (!empty($book_sql_query)) {
$GLOBALS['using_bookmark_message'] = Message::notice(__('Using bookmark "%s" as default browse query.'));
$GLOBALS['using_bookmark_message']->addParam($table);
$GLOBALS['using_bookmark_message']->addMessage(PMA\libraries\Util::showDocu('faq', 'faq6-22'));
$sql_query = $book_sql_query;
} else {
$defaultOrderByClause = '';
if (isset($GLOBALS['cfg']['TablePrimaryKeyOrder']) && $GLOBALS['cfg']['TablePrimaryKeyOrder'] !== 'NONE') {
$primaryKey = null;
$primary = PMA\libraries\Index::getPrimary($table, $db);
if ($primary !== false) {
$primarycols = $primary->getColumns();
foreach ($primarycols as $col) {
$primaryKey = $col->getName();
break;
}
if ($primaryKey != null) {
$defaultOrderByClause = ' ORDER BY ' . PMA\libraries\Util::backquote($table) . '.' . PMA\libraries\Util::backquote($primaryKey) . ' ' . $GLOBALS['cfg']['TablePrimaryKeyOrder'];
}
}
}
$sql_query = 'SELECT * FROM ' . PMA\libraries\Util::backquote($table) . $defaultOrderByClause;
}
unset($book_sql_query);
return $sql_query;
}
/**
* Generate the error url and submit the query
*
* @param string $username Username
* @param string $hostname Hostname
* @param string $password Password
* @param string $sql_query SQL query
* @param string $hashing_function Hashing function
* @param string $auth_plugin Authentication Plugin
*
* @return void
*/
function PMA_changePassUrlParamsAndSubmitQuery($username, $hostname, $password, $sql_query, $hashing_function, $auth_plugin)
{
$err_url = 'user_password.php' . PMA_URL_getCommon();
if (PMA\libraries\Util::getServerType() === 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706) {
$local_query = 'ALTER USER \'' . $username . '\'@\'' . $hostname . '\'' . ' IDENTIFIED with ' . $auth_plugin . ' BY ' . ($password == '' ? '\'\'' : '\'' . PMA\libraries\Util::sqlAddSlashes($password) . '\'');
} else {
$local_query = 'SET password = '******'' ? '\'\'' : $hashing_function . '(\'' . PMA\libraries\Util::sqlAddSlashes($password) . '\')');
}
if (!@$GLOBALS['dbi']->tryQuery($local_query)) {
PMA\libraries\Util::mysqlDie($GLOBALS['dbi']->getError(), $sql_query, false, $err_url);
}
}
if (isset($show_as_php)) {
$url_params['show_as_php'] = $show_as_php;
}
PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . 'index.php' . PMA_URL_getCommon($url_params, 'text'));
}
exit;
}
}
}
// end if (ensures db exists)
if (empty($is_table) && !defined('PMA_SUBMIT_MULT') && !defined('TABLE_MAY_BE_ABSENT')) {
// Not a valid table name -> back to the db_sql.php
if (mb_strlen($table)) {
$is_table = $GLOBALS['dbi']->getCachedTableContent("{$db}.{$table}", false);
if (!$is_table) {
$_result = $GLOBALS['dbi']->tryQuery('SHOW TABLES LIKE \'' . PMA\libraries\Util::sqlAddSlashes($table, true) . '\';', null, PMA\libraries\DatabaseInterface::QUERY_STORE);
$is_table = @$GLOBALS['dbi']->numRows($_result);
$GLOBALS['dbi']->freeResult($_result);
}
} else {
$is_table = false;
}
if (!$is_table) {
if (!defined('IS_TRANSFORMATION_WRAPPER')) {
if (mb_strlen($table)) {
// SHOW TABLES doesn't show temporary tables, so try select
// (as it can happen just in case temporary table, it should be
// fast):
/**
* @todo should this check really
* only happen if IS_TRANSFORMATION_WRAPPER?
/**
* Save value for a designer setting
*
* @param string $index setting
* @param string $value value
*
* @return bool whether the operation succeeded
*/
function PMA_saveDesignerSetting($index, $value)
{
$cfgRelation = PMA_getRelationsParam();
$cfgDesigner = array('user' => $GLOBALS['cfg']['Server']['user'], 'db' => $cfgRelation['db'], 'table' => $cfgRelation['designer_settings']);
$success = true;
if ($GLOBALS['cfgRelation']['designersettingswork']) {
$orig_data_query = "SELECT settings_data" . " FROM " . PMA\libraries\Util::backquote($cfgDesigner['db']) . "." . PMA\libraries\Util::backquote($cfgDesigner['table']) . " WHERE username = '******'user']) . "';";
$orig_data = $GLOBALS['dbi']->fetchSingleRow($orig_data_query, $GLOBALS['controllink']);
if (!empty($orig_data)) {
$orig_data = json_decode($orig_data['settings_data'], true);
$orig_data[$index] = $value;
$orig_data = json_encode($orig_data);
$save_query = "UPDATE " . PMA\libraries\Util::backquote($cfgDesigner['db']) . "." . PMA\libraries\Util::backquote($cfgDesigner['table']) . " SET settings_data = '" . $orig_data . "'" . " WHERE username = '******'user']) . "';";
$success = PMA_queryAsControlUser($save_query);
} else {
$save_data = array($index => $value);
$query = "INSERT INTO " . PMA\libraries\Util::backquote($cfgDesigner['db']) . "." . PMA\libraries\Util::backquote($cfgDesigner['table']) . " (username, settings_data)" . " VALUES('" . $cfgDesigner['user'] . "'," . " '" . json_encode($save_data) . "');";
$success = PMA_queryAsControlUser($query);
}
}
return (bool) $success;
}
/**
* Displays a form used to add/edit a trigger
*
* @param string $mode If the editor will be used to edit a trigger
* or add a new one: 'edit' or 'add'.
* @param array $item Data for the trigger returned by PMA_TRI_getDataFromRequest()
* or PMA_TRI_getDataFromName()
*
* @return string HTML code for the editor.
*/
function PMA_TRI_getEditorForm($mode, $item)
{
global $db, $table, $event_manipulations, $action_timings;
$modeToUpper = mb_strtoupper($mode);
// Escape special characters
$need_escape = array('item_original_name', 'item_name', 'item_definition', 'item_definer');
foreach ($need_escape as $key => $index) {
$item[$index] = htmlentities($item[$index], ENT_QUOTES, 'UTF-8');
}
$original_data = '';
if ($mode == 'edit') {
$original_data = "<input name='item_original_name' " . "type='hidden' value='{$item['item_original_name']}'/>\n";
}
$query = "SELECT `TABLE_NAME` FROM `INFORMATION_SCHEMA`.`TABLES` ";
$query .= "WHERE `TABLE_SCHEMA`='" . PMA\libraries\Util::sqlAddSlashes($db) . "' ";
$query .= "AND `TABLE_TYPE`='BASE TABLE'";
$tables = $GLOBALS['dbi']->fetchResult($query);
// Create the output
$retval = "";
$retval .= "<!-- START " . $modeToUpper . " TRIGGER FORM -->\n\n";
$retval .= "<form class='rte_form' action='db_triggers.php' method='post'>\n";
$retval .= "<input name='{$mode}_item' type='hidden' value='1' />\n";
$retval .= $original_data;
$retval .= PMA_URL_getHiddenInputs($db, $table) . "\n";
$retval .= "<fieldset>\n";
$retval .= "<legend>" . __('Details') . "</legend>\n";
$retval .= "<table class='rte_table' style='width: 100%'>\n";
$retval .= "<tr>\n";
$retval .= " <td style='width: 20%;'>" . __('Trigger name') . "</td>\n";
$retval .= " <td><input type='text' name='item_name' maxlength='64'\n";
$retval .= " value='{$item['item_name']}' /></td>\n";
$retval .= "</tr>\n";
$retval .= "<tr>\n";
$retval .= " <td>" . __('Table') . "</td>\n";
$retval .= " <td>\n";
$retval .= " <select name='item_table'>\n";
foreach ($tables as $key => $value) {
$selected = "";
if ($mode == 'add' && $value == $table) {
$selected = " selected='selected'";
} else {
if ($mode == 'edit' && $value == $item['item_table']) {
$selected = " selected='selected'";
}
}
$retval .= "<option{$selected}>";
$retval .= htmlspecialchars($value);
$retval .= "</option>\n";
}
$retval .= " </select>\n";
$retval .= " </td>\n";
$retval .= "</tr>\n";
$retval .= "<tr>\n";
$retval .= " <td>" . _pgettext('Trigger action time', 'Time') . "</td>\n";
$retval .= " <td><select name='item_timing'>\n";
foreach ($action_timings as $key => $value) {
$selected = "";
if (!empty($item['item_action_timing']) && $item['item_action_timing'] == $value) {
$selected = " selected='selected'";
}
$retval .= "<option{$selected}>{$value}</option>";
}
$retval .= " </select></td>\n";
$retval .= "</tr>\n";
$retval .= "<tr>\n";
$retval .= " <td>" . __('Event') . "</td>\n";
$retval .= " <td><select name='item_event'>\n";
foreach ($event_manipulations as $key => $value) {
$selected = "";
if (!empty($item['item_event_manipulation']) && $item['item_event_manipulation'] == $value) {
$selected = " selected='selected'";
}
$retval .= "<option{$selected}>{$value}</option>";
}
$retval .= " </select></td>\n";
$retval .= "</tr>\n";
$retval .= "<tr>\n";
$retval .= " <td>" . __('Definition') . "</td>\n";
$retval .= " <td><textarea name='item_definition' rows='15' cols='40'>";
$retval .= $item['item_definition'];
$retval .= "</textarea></td>\n";
$retval .= "</tr>\n";
$retval .= "<tr>\n";
$retval .= " <td>" . __('Definer') . "</td>\n";
$retval .= " <td><input type='text' name='item_definer'\n";
$retval .= " value='{$item['item_definer']}' /></td>\n";
$retval .= "</tr>\n";
$retval .= "</table>\n";
$retval .= "</fieldset>\n";
if ($GLOBALS['is_ajax_request']) {
$retval .= "<input type='hidden' name='editor_process_{$mode}'\n";
$retval .= " value='true' />\n";
$retval .= "<input type='hidden' name='ajax_request' value='true' />\n";
} else {
$retval .= "<fieldset class='tblFooters'>\n";
$retval .= " <input type='submit' name='editor_process_{$mode}'\n";
$retval .= " value='" . __('Go') . "' />\n";
$retval .= "</fieldset>\n";
}
$retval .= "</form>\n\n";
$retval .= "<!-- END " . $modeToUpper . " TRIGGER FORM -->\n\n";
return $retval;
}
/**
* Export at the database level
*
* @param string $db the database to export
* @param array $tables the tables to export
* @param string $whatStrucOrData structure or data or both
* @param array $table_structure whether to export structure for each table
* @param array $table_data whether to export data for each table
* @param ExportPlugin $export_plugin the selected export plugin
* @param string $crlf end of line character(s)
* @param string $err_url the URL in case of error
* @param string $export_type the export type
* @param bool $do_relation whether to export relation info
* @param bool $do_comments whether to add comments
* @param bool $do_mime whether to add MIME info
* @param bool $do_dates whether to add dates
* @param array $aliases Alias information for db/table/column
* @param string $separate_files whether it is a separate-files export
*
* @return void
*/
function PMA_exportDatabase($db, $tables, $whatStrucOrData, $table_structure, $table_data, $export_plugin, $crlf, $err_url, $export_type, $do_relation, $do_comments, $do_mime, $do_dates, $aliases, $separate_files)
{
$db_alias = !empty($aliases[$db]['alias']) ? $aliases[$db]['alias'] : '';
if (!$export_plugin->exportDBHeader($db, $db_alias)) {
return;
}
if (!$export_plugin->exportDBCreate($db, $export_type, $db_alias)) {
return;
}
if ($separate_files == 'database') {
PMA_saveObjectInBuffer('database', true);
}
if (($GLOBALS['sql_structure_or_data'] == 'structure' || $GLOBALS['sql_structure_or_data'] == 'structure_and_data') && isset($GLOBALS['sql_procedure_function'])) {
$export_plugin->exportRoutines($db, $aliases);
if ($separate_files == 'database') {
PMA_saveObjectInBuffer('routines');
}
}
$views = array();
foreach ($tables as $table) {
$_table = new Table($table, $db);
// if this is a view, collect it for later;
// views must be exported after the tables
$is_view = $_table->isView();
if ($is_view) {
$views[] = $table;
}
if (($whatStrucOrData == 'structure' || $whatStrucOrData == 'structure_and_data') && in_array($table, $table_structure)) {
// for a view, export a stand-in definition of the table
// to resolve view dependencies (only when it's a single-file export)
if ($is_view) {
if ($separate_files == '' && isset($GLOBALS['sql_create_view']) && !$export_plugin->exportStructure($db, $table, $crlf, $err_url, 'stand_in', $export_type, $do_relation, $do_comments, $do_mime, $do_dates, $aliases)) {
break;
}
} else {
if (isset($GLOBALS['sql_create_table'])) {
$table_size = $GLOBALS['maxsize'];
// Checking if the maximum table size constrain has been set
// And if that constrain is a valid number or not
if ($table_size !== '' && is_numeric($table_size)) {
// This obtains the current table's size
$query = 'SELECT data_length + index_length
from information_schema.TABLES
WHERE table_schema = "' . PMA\libraries\Util::sqlAddSlashes($db) . '"
AND table_name = "' . PMA\libraries\Util::sqlAddSlashes($table) . '"';
$size = $GLOBALS['dbi']->fetchValue($query);
//Converting the size to MB
$size = $size / 1024 / 1024;
if ($size > $table_size) {
continue;
}
}
if (!$export_plugin->exportStructure($db, $table, $crlf, $err_url, 'create_table', $export_type, $do_relation, $do_comments, $do_mime, $do_dates, $aliases)) {
break;
}
}
}
}
// if this is a view or a merge table, don't export data
if (($whatStrucOrData == 'data' || $whatStrucOrData == 'structure_and_data') && in_array($table, $table_data) && !$is_view) {
$local_query = 'SELECT * FROM ' . PMA\libraries\Util::backquote($db) . '.' . PMA\libraries\Util::backquote($table);
if (!$export_plugin->exportData($db, $table, $crlf, $err_url, $local_query, $aliases)) {
break;
}
}
// this buffer was filled, we save it and go to the next one
if ($separate_files == 'database') {
PMA_saveObjectInBuffer('table_' . $table);
}
// now export the triggers (needs to be done after the data because
// triggers can modify already imported tables)
if (isset($GLOBALS['sql_create_trigger']) && ($whatStrucOrData == 'structure' || $whatStrucOrData == 'structure_and_data') && in_array($table, $table_structure)) {
if (!$export_plugin->exportStructure($db, $table, $crlf, $err_url, 'triggers', $export_type, $do_relation, $do_comments, $do_mime, $do_dates, $aliases)) {
break;
}
if ($separate_files == 'database') {
PMA_saveObjectInBuffer('table_' . $table, true);
}
}
}
if (isset($GLOBALS['sql_create_view'])) {
foreach ($views as $view) {
// no data export for a view
if ($whatStrucOrData == 'structure' || $whatStrucOrData == 'structure_and_data') {
if (!$export_plugin->exportStructure($db, $view, $crlf, $err_url, 'create_view', $export_type, $do_relation, $do_comments, $do_mime, $do_dates, $aliases)) {
break;
}
if ($separate_files == 'database') {
PMA_saveObjectInBuffer('view_' . $view);
}
}
}
}
if (!$export_plugin->exportDBFooter($db)) {
return;
}
// export metadata related to this db
if (isset($GLOBALS['sql_metadata'])) {
// Types of metadata to export.
// In the future these can be allowed to be selected by the user
$metadataTypes = PMA_getMetadataTypesToExport();
$export_plugin->exportMetadata($db, $tables, $metadataTypes);
if ($separate_files == 'database') {
PMA_saveObjectInBuffer('metadata');
}
}
if ($separate_files == 'database') {
PMA_saveObjectInBuffer('extra');
}
if (($GLOBALS['sql_structure_or_data'] == 'structure' || $GLOBALS['sql_structure_or_data'] == 'structure_and_data') && isset($GLOBALS['sql_procedure_function'])) {
$export_plugin->exportEvents($db);
if ($separate_files == 'database') {
PMA_saveObjectInBuffer('events');
}
}
}
/**
* Copy database
*/
$response->addHTML(PMA_getHtmlForCopyDatabase($GLOBALS['db']));
/**
* Change database charset
*/
$response->addHTML(PMA_getHtmlForChangeDatabaseCharset($GLOBALS['db'], $table));
if (!$cfgRelation['allworks'] && $cfg['PmaNoRelation_DisableWarning'] == false) {
$message = PMA\libraries\Message::notice(__('The phpMyAdmin configuration storage has been deactivated. ' . '%sFind out why%s.'));
$message->addParam('<a href="' . './chk_rel.php' . $url_query . '">', false);
$message->addParam('</a>', false);
/* Show error if user has configured something, notice elsewhere */
if (!empty($cfg['Servers'][$server]['pmadb'])) {
$message->isError(true);
}
}
// end if
}
// end if (!$is_information_schema)
$response->addHTML('</div>');
// not sure about displaying the PDF dialog in case db is information_schema
if ($cfgRelation['pdfwork'] && $num_tables > 0) {
// We only show this if we find something in the new pdf_pages table
$test_query = '
SELECT *
FROM ' . PMA\libraries\Util::backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA\libraries\Util::backquote($cfgRelation['pdf_pages']) . '
WHERE db_name = \'' . PMA\libraries\Util::sqlAddSlashes($GLOBALS['db']) . '\'';
$test_rs = PMA_queryAsControlUser($test_query, false, PMA\libraries\DatabaseInterface::QUERY_STORE);
}
// end if
}
}
// Get tracked data about the database
$data = Tracker::getTrackedData($_REQUEST['db'], '', '1');
// No tables present and no log exist
if ($num_tables == 0 && count($data['ddlog']) == 0) {
echo '<p>', __('No tables found in database.'), '</p>', "\n";
if (empty($db_is_system_schema)) {
echo PMA_getHtmlForCreateTable($db);
}
exit;
}
// ---------------------------------------------------------------------------
$cfgRelation = PMA_getRelationsParam();
// Prepare statement to get HEAD version
$all_tables_query = ' SELECT table_name, MAX(version) as version FROM ' . PMA\libraries\Util::backquote($cfgRelation['db']) . '.' . PMA\libraries\Util::backquote($cfgRelation['tracking']) . ' WHERE db_name = \'' . PMA\libraries\Util::sqlAddSlashes($_REQUEST['db']) . '\' ' . ' GROUP BY table_name' . ' ORDER BY table_name ASC';
$all_tables_result = PMA_queryAsControlUser($all_tables_query);
// If a HEAD version exists
if (is_object($all_tables_result) && $GLOBALS['dbi']->numRows($all_tables_result) > 0) {
PMA_displayTrackedTables($GLOBALS['db'], $all_tables_result, $url_query, $pmaThemeImage, $text_dir, $cfgRelation);
}
$untracked_tables = PMA_getUntrackedTables($GLOBALS['db']);
// If untracked tables exist
if (count($untracked_tables) > 0) {
PMA_displayUntrackedTables($GLOBALS['db'], $untracked_tables, $url_query, $pmaThemeImage, $text_dir);
}
// If available print out database log
if (count($data['ddlog']) > 0) {
$log = '';
foreach ($data['ddlog'] as $entry) {
$log .= '# ' . $entry['date'] . ' ' . $entry['username'] . "\n" . $entry['statement'] . "\n";
/**
* Add/update a user group with allowed menu tabs.
*
* @param string $userGroup user group name
* @param boolean $new whether this is a new user group
*
* @return void
*/
function PMA_editUserGroup($userGroup, $new = false)
{
$tabs = PMA\libraries\Util::getMenuTabList();
$cfgRelation = PMA_getRelationsParam();
$groupTable = PMA\libraries\Util::backquote($cfgRelation['db']) . "." . PMA\libraries\Util::backquote($cfgRelation['usergroups']);
if (!$new) {
$sql_query = "DELETE FROM " . $groupTable . " WHERE `usergroup`='" . PMA\libraries\Util::sqlAddSlashes($userGroup) . "';";
PMA_queryAsControlUser($sql_query, true);
}
$sql_query = "INSERT INTO " . $groupTable . "(`usergroup`, `tab`, `allowed`)" . " VALUES ";
$first = true;
foreach ($tabs as $tabGroupName => $tabGroup) {
foreach ($tabGroup as $tab => $tabName) {
if (!$first) {
$sql_query .= ", ";
}
$tabName = $tabGroupName . '_' . $tab;
$allowed = isset($_REQUEST[$tabName]) && $_REQUEST[$tabName] == 'Y';
$sql_query .= "('" . PMA_Util::sqlAddSlashes($userGroup) . "', '" . $tabName . "', '" . ($allowed ? "Y" : "N") . "')";
$first = false;
}
}
$sql_query .= ";";
PMA_queryAsControlUser($sql_query, true);
}
/**
* handle control requests for Slave Change Master
*
* @return boolean
*/
function PMA_handleRequestForSlaveChangeMaster()
{
$sr = array();
$_SESSION['replication']['m_username'] = $sr['username'] = PMA\libraries\Util::sqlAddSlashes($_REQUEST['username']);
$_SESSION['replication']['m_password'] = $sr['pma_pw'] = PMA\libraries\Util::sqlAddSlashes($_REQUEST['pma_pw']);
$_SESSION['replication']['m_hostname'] = $sr['hostname'] = PMA\libraries\Util::sqlAddSlashes($_REQUEST['hostname']);
$_SESSION['replication']['m_port'] = $sr['port'] = PMA\libraries\Util::sqlAddSlashes($_REQUEST['text_port']);
$_SESSION['replication']['m_correct'] = '';
$_SESSION['replication']['sr_action_status'] = 'error';
$_SESSION['replication']['sr_action_info'] = __('Unknown error');
// Attempt to connect to the new master server
$link_to_master = PMA_Replication_connectToMaster($sr['username'], $sr['pma_pw'], $sr['hostname'], $sr['port']);
if (!$link_to_master) {
$_SESSION['replication']['sr_action_status'] = 'error';
$_SESSION['replication']['sr_action_info'] = sprintf(__('Unable to connect to master %s.'), htmlspecialchars($sr['hostname']));
} else {
// Read the current master position
$position = PMA_Replication_Slave_binLogMaster($link_to_master);
if (empty($position)) {
$_SESSION['replication']['sr_action_status'] = 'error';
$_SESSION['replication']['sr_action_info'] = __('Unable to read master log position. ' . 'Possible privilege problem on master.');
} else {
$_SESSION['replication']['m_correct'] = true;
if (!PMA_Replication_Slave_changeMaster($sr['username'], $sr['pma_pw'], $sr['hostname'], $sr['port'], $position, true, false)) {
$_SESSION['replication']['sr_action_status'] = 'error';
$_SESSION['replication']['sr_action_info'] = __('Unable to change master!');
} else {
$_SESSION['replication']['sr_action_status'] = 'success';
$_SESSION['replication']['sr_action_info'] = sprintf(__('Master server changed successfully to %s.'), htmlspecialchars($sr['hostname']));
}
}
}
return $_SESSION['replication']['sr_action_status'] === 'success';
}
/**
* Function to get table creation sql query
*
* @param string $db database name
* @param string $table table name
*
* @return string
*/
function PMA_getTableCreationQuery($db, $table)
{
// get column addition statements
$sql_statement = PMA_getColumnCreationStatements(true);
// Builds the 'create table' statement
$sql_query = 'CREATE TABLE ' . PMA\libraries\Util::backquote($db) . '.' . PMA\libraries\Util::backquote(trim($table)) . ' (' . $sql_statement . ')';
// Adds table type, character set, comments and partition definition
if (!empty($_REQUEST['tbl_storage_engine']) && $_REQUEST['tbl_storage_engine'] != 'Default') {
$sql_query .= ' ENGINE = ' . $_REQUEST['tbl_storage_engine'];
}
if (!empty($_REQUEST['tbl_collation'])) {
$sql_query .= PMA_generateCharsetQueryPart($_REQUEST['tbl_collation']);
}
if (!empty($_REQUEST['connection']) && !empty($_REQUEST['tbl_storage_engine']) && $_REQUEST['tbl_storage_engine'] == 'FEDERATED') {
$sql_query .= " CONNECTION = '" . PMA\libraries\Util::sqlAddSlashes($_REQUEST['connection']) . "'";
}
if (!empty($_REQUEST['comment'])) {
$sql_query .= ' COMMENT = \'' . PMA\libraries\Util::sqlAddSlashes($_REQUEST['comment']) . '\'';
}
$sql_query .= PMA_getPartitionsDefinition();
$sql_query .= ';';
return $sql_query;
}
/**
* Returns HTML for the options in teplate dropdown
*
* @param string $export_type export type - server, database, or table
*
* @return string HTML for the options in teplate dropdown
*/
function PMA_getOptionsForExportTemplates($export_type)
{
$ret = '<option value="">-- ' . __('Select a template') . ' --</option>';
// Get the relation settings
$cfgRelation = PMA_getRelationsParam();
$query = "SELECT `id`, `template_name` FROM " . PMA\libraries\Util::backquote($cfgRelation['db']) . '.' . PMA\libraries\Util::backquote($cfgRelation['export_templates']) . " WHERE `username` = " . "'" . PMA\libraries\Util::sqlAddSlashes($GLOBALS['cfg']['Server']['user']) . "'" . " AND `export_type` = '" . $export_type . "'" . " ORDER BY `template_name`;";
$result = PMA_queryAsControlUser($query);
if ($result) {
while ($row = $GLOBALS['dbi']->fetchAssoc($result, $GLOBALS['controllink'])) {
$ret .= '<option value="' . htmlspecialchars($row['id']) . '"';
if (!empty($_GET['template_id']) && $_GET['template_id'] == $row['id']) {
$ret .= ' selected="selected"';
}
$ret .= '>';
$ret .= htmlspecialchars($row['template_name']) . '</option>';
}
}
return $ret;
}
/**
* Get the current column value in the form for different data types
*
* @param string|false $possibly_uploaded_val uploaded file content
* @param string $key an md5 of the column name
* @param array $multi_edit_columns_type array of multi edit column types
* @param string $current_value current column value in the form
* @param array $multi_edit_auto_increment multi edit auto increment
* @param integer $rownumber index of where clause array
* @param array $multi_edit_columns_name multi edit column names array
* @param array $multi_edit_columns_null multi edit columns null array
* @param array $multi_edit_columns_null_prev multi edit columns previous null
* @param boolean $is_insert whether insert or not
* @param boolean $using_key whether editing or new row
* @param string $where_clause where clause
* @param string $table table name
*
* @return string $current_value current column value in the form
*/
function PMA_getCurrentValueForDifferentTypes($possibly_uploaded_val, $key, $multi_edit_columns_type, $current_value, $multi_edit_auto_increment, $rownumber, $multi_edit_columns_name, $multi_edit_columns_null, $multi_edit_columns_null_prev, $is_insert, $using_key, $where_clause, $table)
{
// Fetch the current values of a row to use in case we have a protected field
if ($is_insert && $using_key && isset($multi_edit_columns_type) && is_array($multi_edit_columns_type) && !empty($where_clause)) {
$protected_row = $GLOBALS['dbi']->fetchSingleRow('SELECT * FROM ' . PMA\libraries\Util::backquote($table) . ' WHERE ' . $where_clause . ';');
}
if (false !== $possibly_uploaded_val) {
$current_value = $possibly_uploaded_val;
} else {
// c o l u m n v a l u e i n t h e f o r m
if (isset($multi_edit_columns_type[$key])) {
$type = $multi_edit_columns_type[$key];
} else {
$type = '';
}
if ($type != 'protected' && $type != 'set' && 0 === mb_strlen($current_value)) {
// best way to avoid problems in strict mode
// (works also in non-strict mode)
if (isset($multi_edit_auto_increment) && isset($multi_edit_auto_increment[$key])) {
$current_value = 'NULL';
} else {
$current_value = "''";
}
} elseif ($type == 'set') {
if (!empty($_REQUEST['fields']['multi_edit'][$rownumber][$key])) {
$current_value = implode(',', $_REQUEST['fields']['multi_edit'][$rownumber][$key]);
$current_value = "'" . PMA\libraries\Util::sqlAddSlashes($current_value) . "'";
} else {
$current_value = "''";
}
} elseif ($type == 'protected') {
// here we are in protected mode (asked in the config)
// so tbl_change has put this special value in the
// columns array, so we do not change the column value
// but we can still handle column upload
// when in UPDATE mode, do not alter field's contents. When in INSERT
// mode, insert empty field because no values were submitted.
// If protected blobs where set, insert original fields content.
if (!empty($protected_row[$multi_edit_columns_name[$key]])) {
$current_value = '0x' . bin2hex($protected_row[$multi_edit_columns_name[$key]]);
} else {
$current_value = '';
}
} elseif ($type === 'hex') {
$current_value = '0x' . $current_value;
} elseif ($type == 'bit') {
$current_value = preg_replace('/[^01]/', '0', $current_value);
$current_value = "b'" . PMA\libraries\Util::sqlAddSlashes($current_value) . "'";
} elseif (!($type == 'datetime' || $type == 'timestamp') || $current_value != 'CURRENT_TIMESTAMP') {
$current_value = "'" . PMA\libraries\Util::sqlAddSlashes($current_value) . "'";
}
// Was the Null checkbox checked for this field?
// (if there is a value, we ignore the Null checkbox: this could
// be possible if Javascript is disabled in the browser)
if (!empty($multi_edit_columns_null[$key]) && ($current_value == "''" || $current_value == '')) {
$current_value = 'NULL';
}
// The Null checkbox was unchecked for this field
if (empty($current_value) && !empty($multi_edit_columns_null_prev[$key]) && !isset($multi_edit_columns_null[$key])) {
$current_value = "''";
}
}
// end else (column value in the form)
return $current_value;
}
/**
* Handles export template actions
*
* @param array $cfgRelation Relation configuration
*
* @return void
*/
function PMA_handleExportTemplateActions($cfgRelation)
{
if (isset($_REQUEST['templateId'])) {
$id = PMA\libraries\Util::sqlAddSlashes($_REQUEST['templateId']);
} else {
$id = '';
}
$templateTable = PMA\libraries\Util::backquote($cfgRelation['db']) . '.' . PMA\libraries\Util::backquote($cfgRelation['export_templates']);
$user = PMA\libraries\Util::sqlAddSlashes($GLOBALS['cfg']['Server']['user']);
switch ($_REQUEST['templateAction']) {
case 'create':
$query = "INSERT INTO " . $templateTable . "(" . " `username`, `export_type`," . " `template_name`, `template_data`" . ") VALUES (" . "'" . $user . "', " . "'" . PMA\libraries\Util::sqlAddSlashes($_REQUEST['exportType']) . "', '" . PMA\libraries\Util::sqlAddSlashes($_REQUEST['templateName']) . "', '" . PMA\libraries\Util::sqlAddSlashes($_REQUEST['templateData']) . "');";
break;
case 'load':
$query = "SELECT `template_data` FROM " . $templateTable . " WHERE `id` = " . $id . " AND `username` = '" . $user . "'";
break;
case 'update':
$query = "UPDATE " . $templateTable . " SET `template_data` = " . "'" . PMA\libraries\Util::sqlAddSlashes($_REQUEST['templateData']) . "'" . " WHERE `id` = " . $id . " AND `username` = '" . $user . "'";
break;
case 'delete':
$query = "DELETE FROM " . $templateTable . " WHERE `id` = " . $id . " AND `username` = '" . $user . "'";
break;
default:
$query = '';
break;
}
$result = PMA_queryAsControlUser($query, false);
$response = PMA\libraries\Response::getInstance();
if (!$result) {
$error = $GLOBALS['dbi']->getError($GLOBALS['controllink']);
$response->setRequestStatus(false);
$response->addJSON('message', $error);
exit;
}
$response->setRequestStatus(true);
if ('create' == $_REQUEST['templateAction']) {
$response->addJSON('data', PMA_getOptionsForExportTemplates($_REQUEST['exportType']));
} elseif ('load' == $_REQUEST['templateAction']) {
$data = null;
while ($row = $GLOBALS['dbi']->fetchAssoc($result, $GLOBALS['controllink'])) {
$data = $row['template_data'];
}
$response->addJSON('data', $data);
}
$GLOBALS['dbi']->freeResult($result);
}
/**
* Get child table references for a table column.
* This works only if 'DisableIS' is false. An empty array is returned otherwise.
*
* @param string $db name of master table db.
* @param string $table name of master table.
* @param string $column name of master table column.
*
* @return array $child_references
*/
function PMA_getChildReferences($db, $table, $column = '')
{
$child_references = array();
if (!$GLOBALS['cfg']['Server']['DisableIS']) {
$rel_query = "SELECT `column_name`, `table_name`," . " `table_schema`, `referenced_column_name`" . " FROM `information_schema`.`key_column_usage`" . " WHERE `referenced_table_name` = '" . PMA\libraries\Util::sqlAddSlashes($table) . "'" . " AND `referenced_table_schema` = '" . PMA\libraries\Util::sqlAddSlashes($db) . "'";
if ($column) {
$rel_query .= " AND `referenced_column_name` = '" . PMA\libraries\Util::sqlAddSlashes($column) . "'";
}
$child_references = $GLOBALS['dbi']->fetchResult($rel_query, array('referenced_column_name', null));
}
return $child_references;
}
/**
* Composes the query necessary to create an event from an HTTP request.
*
* @return string The CREATE EVENT query.
*/
function PMA_EVN_getQueryFromRequest()
{
global $_REQUEST, $errors, $event_status, $event_type, $event_interval;
$query = 'CREATE ';
if (!empty($_REQUEST['item_definer'])) {
if (mb_strpos($_REQUEST['item_definer'], '@') !== false) {
$arr = explode('@', $_REQUEST['item_definer']);
$query .= 'DEFINER=' . PMA\libraries\Util::backquote($arr[0]);
$query .= '@' . PMA\libraries\Util::backquote($arr[1]) . ' ';
} else {
$errors[] = __('The definer must be in the "username@hostname" format!');
}
}
$query .= 'EVENT ';
if (!empty($_REQUEST['item_name'])) {
$query .= PMA\libraries\Util::backquote($_REQUEST['item_name']) . ' ';
} else {
$errors[] = __('You must provide an event name!');
}
$query .= 'ON SCHEDULE ';
if (!empty($_REQUEST['item_type']) && in_array($_REQUEST['item_type'], $event_type)) {
if ($_REQUEST['item_type'] == 'RECURRING') {
if (!empty($_REQUEST['item_interval_value']) && !empty($_REQUEST['item_interval_field']) && in_array($_REQUEST['item_interval_field'], $event_interval)) {
$query .= 'EVERY ' . intval($_REQUEST['item_interval_value']) . ' ';
$query .= $_REQUEST['item_interval_field'] . ' ';
} else {
$errors[] = __('You must provide a valid interval value for the event.');
}
if (!empty($_REQUEST['item_starts'])) {
$query .= "STARTS '" . PMA\libraries\Util::sqlAddSlashes($_REQUEST['item_starts']) . "' ";
}
if (!empty($_REQUEST['item_ends'])) {
$query .= "ENDS '" . PMA\libraries\Util::sqlAddSlashes($_REQUEST['item_ends']) . "' ";
}
} else {
if (!empty($_REQUEST['item_execute_at'])) {
$query .= "AT '" . PMA\libraries\Util::sqlAddSlashes($_REQUEST['item_execute_at']) . "' ";
} else {
$errors[] = __('You must provide a valid execution time for the event.');
}
}
} else {
$errors[] = __('You must provide a valid type for the event.');
}
$query .= 'ON COMPLETION ';
if (empty($_REQUEST['item_preserve'])) {
$query .= 'NOT ';
}
$query .= 'PRESERVE ';
if (!empty($_REQUEST['item_status'])) {
foreach ($event_status['display'] as $key => $value) {
if ($value == $_REQUEST['item_status']) {
$query .= $event_status['query'][$key] . ' ';
break;
}
}
}
if (!empty($_REQUEST['item_comment'])) {
$query .= "COMMENT '" . PMA\libraries\Util::sqlAddslashes($_REQUEST['item_comment']) . "' ";
}
$query .= 'DO ';
if (!empty($_REQUEST['item_definition'])) {
$query .= $_REQUEST['item_definition'];
} else {
$errors[] = __('You must provide an event definition.');
}
return $query;
}
/**
* Test for PMA_getSqlQueryForDisplayPrivTable
*
* @return void
*/
public function testPMAGetSqlQueryForDisplayPrivTable()
{
$username = "******";
$db = '*';
$table = "pma_table";
$hostname = "pma_hostname";
//$db == '*'
$ret = PMA_getSqlQueryForDisplayPrivTable($db, $table, $username, $hostname);
$sql = "SELECT * FROM `mysql`.`user`" . " WHERE `User` = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'" . " AND `Host` = '" . PMA\libraries\Util::sqlAddSlashes($hostname) . "';";
$this->assertEquals($sql, $ret);
//$table == '*'
$db = "pma_db";
$table = "*";
$ret = PMA_getSqlQueryForDisplayPrivTable($db, $table, $username, $hostname);
$sql = "SELECT * FROM `mysql`.`db`" . " WHERE `User` = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'" . " AND `Host` = '" . PMA\libraries\Util::sqlAddSlashes($hostname) . "'" . " AND '" . PMA\libraries\Util::unescapeMysqlWildcards($db) . "'" . " LIKE `Db`;";
$this->assertEquals($sql, $ret);
//$table == 'pma_table'
$db = "pma_db";
$table = "pma_table";
$ret = PMA_getSqlQueryForDisplayPrivTable($db, $table, $username, $hostname);
$sql = "SELECT `Table_priv`" . " FROM `mysql`.`tables_priv`" . " WHERE `User` = '" . PMA\libraries\Util::sqlAddSlashes($username) . "'" . " AND `Host` = '" . PMA\libraries\Util::sqlAddSlashes($hostname) . "'" . " AND `Db` = '" . PMA\libraries\Util::unescapeMysqlWildcards($db) . "'" . " AND `Table_name` = '" . PMA\libraries\Util::sqlAddSlashes($table) . "';";
$this->assertEquals($sql, $ret);
}
/**
* Set a single mimetype to a certain value.
*
* @param string $db the name of the db
* @param string $table the name of the table
* @param string $key the name of the column
* @param string $mimetype the mimetype of the column
* @param string $transformation the transformation of the column
* @param string $transformationOpts the transformation options of the column
* @param string $inputTransform the input transformation of the column
* @param string $inputTransformOpts the input transformation options of the column
* @param boolean $forcedelete force delete, will erase any existing
* comments for this column
*
* @access public
*
* @return boolean true, if comment-query was made.
*/
function PMA_setMIME($db, $table, $key, $mimetype, $transformation, $transformationOpts, $inputTransform, $inputTransformOpts, $forcedelete = false)
{
$cfgRelation = PMA_getRelationsParam();
if (!$cfgRelation['commwork']) {
return false;
}
// lowercase mimetype & transformation
$mimetype = mb_strtolower($mimetype);
$transformation = mb_strtolower($transformation);
$test_qry = '
SELECT `mimetype`,
`comment`
FROM ' . PMA\libraries\Util::backquote($cfgRelation['db']) . '.' . PMA\libraries\Util::backquote($cfgRelation['column_info']) . '
WHERE `db_name` = \'' . PMA\libraries\Util::sqlAddSlashes($db) . '\'
AND `table_name` = \'' . PMA\libraries\Util::sqlAddSlashes($table) . '\'
AND `column_name` = \'' . PMA\libraries\Util::sqlAddSlashes($key) . '\'';
$test_rs = PMA_queryAsControlUser($test_qry, true, PMA\libraries\DatabaseInterface::QUERY_STORE);
if ($test_rs && $GLOBALS['dbi']->numRows($test_rs) > 0) {
$row = @$GLOBALS['dbi']->fetchAssoc($test_rs);
$GLOBALS['dbi']->freeResult($test_rs);
$transformationLength = mb_strlen($transformation);
if (!$forcedelete && (mb_strlen($mimetype) || $transformationLength || mb_strlen($transformationOpts) || mb_strlen($row['comment']))) {
$upd_query = 'UPDATE ' . PMA\libraries\Util::backquote($cfgRelation['db']) . '.' . PMA\libraries\Util::backquote($cfgRelation['column_info']) . ' SET ' . '`mimetype` = \'' . PMA\libraries\Util::sqlAddSlashes($mimetype) . '\', ' . '`transformation` = \'' . PMA\libraries\Util::sqlAddSlashes($transformation) . '\', ' . '`transformation_options` = \'' . PMA\libraries\Util::sqlAddSlashes($transformationOpts) . '\', ' . '`input_transformation` = \'' . PMA\libraries\Util::sqlAddSlashes($inputTransform) . '\', ' . '`input_transformation_options` = \'' . PMA\libraries\Util::sqlAddSlashes($inputTransformOpts) . '\'';
} else {
$upd_query = 'DELETE FROM ' . PMA\libraries\Util::backquote($cfgRelation['db']) . '.' . PMA\libraries\Util::backquote($cfgRelation['column_info']);
}
$upd_query .= '
WHERE `db_name` = \'' . PMA\libraries\Util::sqlAddSlashes($db) . '\'
AND `table_name` = \'' . PMA\libraries\Util::sqlAddSlashes($table) . '\'
AND `column_name` = \'' . PMA\libraries\Util::sqlAddSlashes($key) . '\'';
} elseif (mb_strlen($mimetype) || mb_strlen($transformation) || mb_strlen($transformationOpts)) {
$upd_query = 'INSERT INTO ' . PMA\libraries\Util::backquote($cfgRelation['db']) . '.' . PMA\libraries\Util::backquote($cfgRelation['column_info']) . ' (db_name, table_name, column_name, mimetype, ' . 'transformation, transformation_options, ' . 'input_transformation, input_transformation_options) ' . ' VALUES(' . '\'' . PMA\libraries\Util::sqlAddSlashes($db) . '\',' . '\'' . PMA\libraries\Util::sqlAddSlashes($table) . '\',' . '\'' . PMA\libraries\Util::sqlAddSlashes($key) . '\',' . '\'' . PMA\libraries\Util::sqlAddSlashes($mimetype) . '\',' . '\'' . PMA\libraries\Util::sqlAddSlashes($transformation) . '\',' . '\'' . PMA\libraries\Util::sqlAddSlashes($transformationOpts) . '\',' . '\'' . PMA\libraries\Util::sqlAddSlashes($inputTransform) . '\',' . '\'' . PMA\libraries\Util::sqlAddSlashes($inputTransformOpts) . '\')';
}
if (isset($upd_query)) {
return PMA_queryAsControlUser($upd_query);
} else {
return false;
}
}
