/**
* 对字符串进行SQL注入过滤
* @param string/array $string 处理的字符串或数组
* @return array 返回处理好的字符串或数组
*/
function sqlinsert($string)
{
if (is_array($string)) {
foreach ($string as $key => $val) {
$string[$key] = sqlinsert($val);
}
} else {
$string_old = $string;
$string = str_ireplace("\\", "/", $string);
$string = str_ireplace("\"", "/", $string);
$string = str_ireplace("'", "/", $string);
$string = str_ireplace("*", "/", $string);
$string = str_ireplace("%5C", "/", $string);
$string = str_ireplace("%22", "/", $string);
$string = str_ireplace("%27", "/", $string);
$string = str_ireplace("%2A", "/", $string);
$string = str_ireplace("~", "/", $string);
$string = str_ireplace("select", "\\selct", $string);
$string = str_ireplace("insert", "\\insrt", $string);
$string = str_ireplace("update", "\\up\\date", $string);
$string = str_ireplace("delete", "\\de\\lete", $string);
$string = str_ireplace("union", "\\un\\ion", $string);
$string = str_ireplace("into", "\\in\to", $string);
$string = str_ireplace("load_file", "\\load\\_\file", $string);
$string = str_ireplace("outfile", "\\out\file", $string);
$string = str_ireplace("sleep", "\\slep", $string);
$string = strip_tags($string);
if ($string_old != $string) {
$string = '';
}
$string = trim($string);
}
return $string;
}
/**
* 清除COOKIE
* @param int $userid 用户ID
*/
function met_cooike_unset($userid)
{
global $_M;
$met_admin_table = $_M['table']['admin_table'];
$userid = sqlinsert($userid);
$query = "UPDATE {$_M['table']['admin_table']} set cookie = '' WHERE admin_id='{$userid}' AND usertype = '3'";
DB::query($query);
met_setcookie("met_auth", '', time() - 3600);
met_setcookie("met_key", '', time() - 3600);
met_setcookie("appsynchronous", 0, time() - 3600, '');
unset($_M['user']['cookie']);
}
/**
* 重写common类的load_form方法,前台对提交的GET,POST,COOKIE进行安全的过滤处理
*/
protected function load_form()
{
global $_M;
parent::load_form();
foreach ($_M['form'] as $key => $val) {
$_M['form'][$key] = sqlinsert($val);
}
if ($_M['form']['id'] != '' && !is_numeric($_M['form']['id'])) {
$_M['form']['id'] = '';
}
if ($_M['form']['class1'] != '' && !is_numeric($_M['form']['class1'])) {
$_M['form']['class1'] = '';
}
if ($_M['form']['class2'] != '' && !is_numeric($_M['form']['class2'])) {
$_M['form']['class2'] = '';
}
if ($_M['form']['class3'] != '' && !is_numeric($_M['form']['class3'])) {
$_M['form']['class3'] = '';
}
}
function sql()
{
// General SQL Function
session_start();
if (!$_GET['sqlf']) {
style();
}
if ($_POST['un'] && $_POST['pw']) {
$_SESSION['sql_user'] = $_POST['un'];
$_SESSION['sql_password'] = $_POST['pw'];
}
if ($_POST['host']) {
$_SESSION['sql_host'] = $_POST['host'];
} else {
$_SESSION['sql_host'] = 'localhost';
}
if ($_POST['port']) {
$_SESSION['sql_port'] = $_POST['port'];
} else {
$_SESSION['sql_port'] = '3306';
}
if ($_SESSION['sql_user'] && $_SESSION['sql_password']) {
if (!($sqlcon = @mysql_connect($_SESSION['sql_host'] . ':' . $_SESSION['sql_port'], $_SESSION['sql_user'], $_SESSION['sql_password']))) {
unset($_SESSION['sql_user'], $_SESSION['sql_password'], $_SESSION['sql_host'], $_SESSION['sql_port']);
echo "Invalid credentials<br>\n";
die(sqllogin());
} else {
$_SESSION['isloggedin'] = "true";
}
} else {
die(sqllogin());
}
if ($_GET['db']) {
mysql_select_db($_GET['db'], $sqlcon);
if ($_GET['sqlquery']) {
$dat = mysql_query($_GET['sqlquery'], $sqlcon) or die(mysql_error());
$num = mysql_num_rows($dat);
for ($i = 0; $i < $num; $i++) {
echo mysql_result($dat, $i) . "<br>\n";
}
} else {
if ($_GET['table'] && !$_GET['sqlf']) {
echo "<a href='?act=sql&db=" . $_GET['db'] . "&table=" . $_GET['table'] . "&sqlf=ins'>Insert Row</a><br><br>\n";
echo "<table border='1'>";
$query = "SHOW COLUMNS FROM " . $_GET['table'];
$result = mysql_query($query, $sqlcon) or die(mysql_error());
$i = 0;
$fields = array();
while ($row = mysql_fetch_assoc($result)) {
array_push($fields, $row['Field']);
echo "<th>" . $fields[$i];
$i++;
}
$result = mysql_query("SELECT * FROM " . $_GET['table'], $sqlcon) or die(mysql_error());
$num_rows = mysql_num_rows($result) or die(mysql_error());
$y = 0;
for ($x = 1; $x <= $num_rows + 1; $x++) {
if (!$_GET['p']) {
$_GET['p'] = 1;
}
if ($_GET['p']) {
if ($y > 30 * ($_GET['p'] - 1) && $y <= 30 * $_GET['p']) {
echo "<tr>";
for ($i = 0; $i < count($fields); $i++) {
$query = "SELECT " . $fields[$i] . " FROM " . $_GET['table'] . " WHERE " . $fields[0] . " = '" . $x . "'";
$dat = mysql_query($query, $sqlcon) or die(mysql_error());
while ($row = mysql_fetch_row($dat)) {
echo "<td>" . $row[0] . "</td>";
}
}
echo "</tr>\n";
}
}
$y++;
}
echo "</table>\n";
for ($z = 1; $z <= ceil($num_rows / 30); $z++) {
echo "<a href='?act=sql&db=" . $_GET['db'] . "&table=" . $_GET['table'] . "&p=" . $z . "'>" . $z . "</a> | ";
}
} elseif ($_GET['table'] && $_GET['sqlf']) {
switch ($_GET['sqlf']) {
case "dl":
sqldownload();
break;
case "ins":
sqlinsert();
break;
default:
$_GET['sqlf'] = "";
}
} else {
echo "<table>";
$query = "SHOW TABLES FROM " . $_GET['db'];
$dat = mysql_query($query, $sqlcon) or die(mysql_error());
while ($row = mysql_fetch_row($dat)) {
echo "<tr><td><a href='?act=sql&db=" . $_GET['db'] . "&table=" . $row[0] . "'>" . $row[0] . "</a></td><td>[<a href='?act=sql&db=" . $_GET['db'] . "&table=" . $row[0] . "&sqlf=dl'>Download</a>]</td></tr>\n";
}
echo "</table>";
}
}
} else {
$dbs = mysql_list_dbs($sqlcon);
while ($row = mysql_fetch_object($dbs)) {
echo "<a href='?act=sql&db=" . $row->Database . "'>" . $row->Database . "</a><br>\n";
}
}
mysql_close($sqlcon);
}
