<?php
if (!$error && $_POST["export"]) {
dump_headers("sql");
$adminer->dumpTable("", "");
$adminer->dumpData("", "table", $_POST["query"]);
exit;
}
restart_session();
$history_all =& get_session("queries");
$history =& $history_all[DB];
if (!$error && $_POST["clear"]) {
$history = array();
adminer_redirect(remove_from_uri("history"));
}
page_header(isset($_GET["import"]) ? lang('Import') : lang('SQL command'), $error);
if (!$error && $_POST) {
$fp = false;
if (!isset($_GET["import"])) {
$query = $_POST["query"];
} elseif ($_POST["webfile"]) {
$fp = @fopen(file_exists("adminer.sql") ? "adminer.sql" : "compress.zlib://adminer.sql.gz", "rb");
$query = $fp ? fread($fp, 1000000.0) : false;
} else {
$query = get_file("sql_file", true);
}
if (is_string($query)) {
// get_file() returns error as number, fread() as false
if (function_exists('memory_get_usage')) {
@ini_set("memory_limit", max(ini_bytes("memory_limit"), 2 * strlen($query) + memory_get_usage() + 8000000.0));
// @ - may be disabled, 2 - substr and trim, 8e6 - other variables
global $LANG, $langs;
echo "<form action='' method='post'>\n<div id='lang'>";
echo lang('Language') . ": " . html_select("lang", $langs, $LANG, "this.form.submit();");
echo " <input type='submit' value='" . lang('Use') . "' class='hidden'>\n";
echo "<input type='hidden' name='token' value='" . get_token() . "'>\n";
// $token may be empty in auth.inc.php
echo "</div>\n</form>\n";
}
if (isset($_POST["lang"]) && verify_token()) {
// $error not yet available
cookie("adminer_lang", $_POST["lang"]);
$_SESSION["lang"] = $_POST["lang"];
// cookies may be disabled
$_SESSION["translations"] = array();
// used in compiled version
adminer_redirect(remove_from_uri());
}
$LANG = "en";
if (isset($langs[$_COOKIE["adminer_lang"]])) {
cookie("adminer_lang", $_COOKIE["adminer_lang"]);
$LANG = $_COOKIE["adminer_lang"];
} elseif (isset($langs[$_SESSION["lang"]])) {
$LANG = $_SESSION["lang"];
} else {
$accept_language = array();
preg_match_all('~([-a-z]+)(;q=([0-9.]+))?~', str_replace("_", "-", strtolower($_SERVER["HTTP_ACCEPT_LANGUAGE"])), $matches, PREG_SET_ORDER);
foreach ($matches as $match) {
$accept_language[$match[1]] = isset($match[3]) ? $match[3] : 1;
}
arsort($accept_language);
foreach ($accept_language as $key => $q) {
/** Execute query and redirect if successful
* @param string
* @param string
* @param string
* @param bool
* @param bool
* @param bool
* @return bool
*/
function query_adminer_redirect($query, $location, $message, $redirect = true, $execute = true, $failed = false, $time = "")
{
global $connection, $error, $adminer;
if ($execute) {
$start = microtime(true);
$failed = !$connection->query($query);
$time = format_time($start);
}
$sql = "";
if ($query) {
// filter query via plugin fct.
$query = AdminerForWP::array_map_recursive('stripslashes', $query);
$sql = $adminer->messageQuery($query, $time);
}
if ($failed) {
$error = error() . $sql;
return false;
}
if ($redirect) {
adminer_redirect($location, $message . $sql);
}
return true;
}
$last = "";
foreach ($databases as $db) {
if (count($databases) == 1 || $db != "") {
// ignore empty lines but always try to create single database
if (!create_database($db, $row["collation"])) {
$success = false;
}
$last = $db;
}
}
queries_adminer_redirect(ME . "db=" . urlencode($last), lang('Database has been created.'), $success);
}
} else {
// alter database
if (!$row["collation"]) {
adminer_redirect(substr(ME, 0, -1));
}
query_adminer_redirect("ALTER DATABASE " . idf_escape($name) . (preg_match('~^[a-z0-9_]+$~i', $row["collation"]) ? " COLLATE {$row['collation']}" : ""), substr(ME, 0, -1), lang('Database has been altered.'));
}
}
page_header(DB != "" ? lang('Alter database') : lang('Create database'), $error, array(), h(DB));
$collations = collations();
$name = DB;
if ($_POST) {
$name = $row["name"];
} elseif (DB != "") {
$row["collation"] = db_collation(DB, $collations);
} elseif ($jush == "sql") {
// propose database name with limited privileges
foreach (get_vals("SHOW GRANTS") as $grant) {
if (preg_match('~ ON (`(([^\\\\`]|``|\\\\.)*)%`\\.\\*)?~', $grant, $match) && $match[1]) {
$row = $_POST;
if ($_POST && !$error) {
$link = preg_replace('~ns=[^&]*&~', '', ME) . "ns=";
if ($_POST["drop"]) {
query_adminer_redirect("DROP SCHEMA " . idf_escape($_GET["ns"]), $link, lang('Schema has been dropped.'));
} else {
$name = trim($row["name"]);
$link .= urlencode($name);
if ($_GET["ns"] == "") {
query_adminer_redirect("CREATE SCHEMA " . idf_escape($name), $link, lang('Schema has been created.'));
} elseif ($_GET["ns"] != $name) {
query_adminer_redirect("ALTER SCHEMA " . idf_escape($_GET["ns"]) . " RENAME TO " . idf_escape($name), $link, lang('Schema has been altered.'));
//! sp_rename in MS SQL
} else {
adminer_redirect($link);
}
}
}
page_header($_GET["ns"] != "" ? lang('Alter schema') : lang('Create schema'), $error);
if (!$row) {
$row["name"] = $_GET["ns"];
}
?>
<form action="" method="post">
<p><input name="name" id="name" value="<?php
echo h($row["name"]);
?>
" autocapitalize="off">
<script type='text/javascript'>focus(document.getElementById('name'));</script>
$indexes = indexes($TABLE);
$unique_array = unique_array($_GET["where"], $indexes);
$query_where = "\nWHERE {$where}";
if (isset($_POST["delete"])) {
queries_adminer_redirect($location, lang('Item has been deleted.'), $driver->delete($TABLE, $query_where, !$unique_array));
} else {
$set = array();
foreach ($fields as $name => $field) {
$val = process_input($field);
if ($val !== false && $val !== null) {
$set[idf_escape($name)] = $val;
}
}
if ($update) {
if (!$set) {
adminer_redirect($location);
}
queries_adminer_redirect($location, lang('Item has been updated.'), $driver->update($TABLE, $set, $query_where, !$unique_array));
if (is_adminer_ajax()) {
page_headers();
page_messages($error);
exit;
}
} else {
$result = $driver->insert($TABLE, $set);
$last_id = $result ? last_id() : 0;
queries_adminer_redirect($location, lang('Item%s has been inserted.', $last_id ? " {$last_id}" : ""), $result);
//! link
}
}
}
if ($index["type"] == $existing["type"] && array_values($existing["columns"]) === $columns && (!$existing["lengths"] || array_values($existing["lengths"]) === $lengths) && array_values($existing["descs"]) === $descs) {
// skip existing index
unset($indexes[$name]);
continue;
}
}
$alter[] = array($index["type"], $name, $set);
}
}
}
// drop removed indexes
foreach ($indexes as $name => $existing) {
$alter[] = array($existing["type"], $name, "DROP");
}
if (!$alter) {
adminer_redirect(ME . "table=" . urlencode($TABLE));
}
queries_adminer_redirect(ME . "table=" . urlencode($TABLE), lang('Indexes have been altered.'), alter_indexes($TABLE, $alter));
}
page_header(lang('Indexes'), $error, array("table" => $TABLE), h($TABLE));
$fields = array_keys(fields($TABLE));
if ($_POST["add"]) {
foreach ($row["indexes"] as $key => $index) {
if ($index["columns"][count($index["columns"])] != "") {
$row["indexes"][$key]["columns"][] = "";
}
}
$index = end($row["indexes"]);
if ($index["type"] || array_filter($index["columns"], 'strlen')) {
$row["indexes"][] = array("columns" => array(1 => ""));
}
echo "</form>\n";
}
}
page_footer("db");
}
if (isset($_GET["status"])) {
$_GET["variables"] = $_GET["status"];
}
if (isset($_GET["import"])) {
$_GET["sql"] = $_GET["import"];
}
if (!(DB != "" ? $connection->select_db(DB) : isset($_GET["sql"]) || isset($_GET["dump"]) || isset($_GET["database"]) || isset($_GET["processlist"]) || isset($_GET["privileges"]) || isset($_GET["user"]) || isset($_GET["variables"]) || $_GET["script"] == "connect" || $_GET["script"] == "kill")) {
if (DB != "" || $_GET["refresh"]) {
restart_session();
set_session("dbs", null);
}
connect_error();
// separate function to catch SQLite error
exit;
}
if (support("scheme") && DB != "" && $_GET["ns"] !== "") {
if (!isset($_GET["ns"])) {
adminer_redirect(preg_replace('~ns=[^&]*&~', '', ME) . "ns=" . get_schema());
}
if (!set_schema($_GET["ns"])) {
header("HTTP/1.1 404 Not Found");
page_header(lang('Schema') . ": " . h($_GET["ns"]), lang('Invalid schema.'), true);
page_footer("ns");
exit;
}
}
cookie("adminer_permanent", implode(" ", $permanent));
}
if (count($_POST) == 1 || DRIVER != $vendor || SERVER != $server || $_GET["username"] !== $username || DB != $db) {
adminer_redirect(auth_url($vendor, $server, $username, $db));
}
} elseif ($_POST["logout"]) {
if ($has_token && !verify_token()) {
page_header(lang('Logout'), lang('Invalid CSRF token. Send the form again.'));
page_footer("db");
exit;
} else {
foreach (array("pwds", "db", "dbs", "queries") as $key) {
set_session($key, null);
}
unset_permanent();
adminer_redirect(substr(preg_replace('~\\b(username|db|ns)=[^&]*&~', '', ME), 0, -1), lang('Logout successful.'));
}
} elseif ($permanent && !$_SESSION["pwds"]) {
session_regenerate_id();
$private = $adminer->permanentLogin();
foreach ($permanent as $key => $val) {
list(, $cipher) = explode(":", $val);
list($vendor, $server, $username, $db) = array_map('base64_decode', explode("-", $key));
set_password($vendor, $server, $username, decrypt_string(base64_decode($cipher), $private));
$_SESSION["db"][$vendor][$server][$username][$db] = true;
}
}
function unset_permanent()
{
global $permanent;
foreach ($permanent as $key => $val) {
