function sql() { // General SQL Function session_start(); if (!$_GET['sqlf']) { style(); } if ($_POST['un'] && $_POST['pw']) { $_SESSION['sql_user'] = $_POST['un']; $_SESSION['sql_password'] = $_POST['pw']; } if ($_POST['host']) { $_SESSION['sql_host'] = $_POST['host']; } else { $_SESSION['sql_host'] = 'localhost'; } if ($_POST['port']) { $_SESSION['sql_port'] = $_POST['port']; } else { $_SESSION['sql_port'] = '3306'; } if ($_SESSION['sql_user'] && $_SESSION['sql_password']) { if (!($sqlcon = @mysql_connect($_SESSION['sql_host'] . ':' . $_SESSION['sql_port'], $_SESSION['sql_user'], $_SESSION['sql_password']))) { unset($_SESSION['sql_user'], $_SESSION['sql_password'], $_SESSION['sql_host'], $_SESSION['sql_port']); echo "Invalid credentials<br>\n"; die(sqllogin()); } else { $_SESSION['isloggedin'] = "true"; } } else { die(sqllogin()); } if ($_GET['db']) { mysql_select_db($_GET['db'], $sqlcon); if ($_GET['sqlquery']) { $dat = mysql_query($_GET['sqlquery'], $sqlcon) or die(mysql_error()); $num = mysql_num_rows($dat); for ($i = 0; $i < $num; $i++) { echo mysql_result($dat, $i) . "<br>\n"; } } else { if ($_GET['table'] && !$_GET['sqlf']) { echo "<a href='?act=sql&db=" . $_GET['db'] . "&table=" . $_GET['table'] . "&sqlf=ins'>Insert Row</a><br><br>\n"; echo "<table border='1'>"; $query = "SHOW COLUMNS FROM " . $_GET['table']; $result = mysql_query($query, $sqlcon) or die(mysql_error()); $i = 0; $fields = array(); while ($row = mysql_fetch_assoc($result)) { array_push($fields, $row['Field']); echo "<th>" . $fields[$i]; $i++; } $result = mysql_query("SELECT * FROM " . $_GET['table'], $sqlcon) or die(mysql_error()); $num_rows = mysql_num_rows($result) or die(mysql_error()); $y = 0; for ($x = 1; $x <= $num_rows + 1; $x++) { if (!$_GET['p']) { $_GET['p'] = 1; } if ($_GET['p']) { if ($y > 30 * ($_GET['p'] - 1) && $y <= 30 * $_GET['p']) { echo "<tr>"; for ($i = 0; $i < count($fields); $i++) { $query = "SELECT " . $fields[$i] . " FROM " . $_GET['table'] . " WHERE " . $fields[0] . " = '" . $x . "'"; $dat = mysql_query($query, $sqlcon) or die(mysql_error()); while ($row = mysql_fetch_row($dat)) { echo "<td>" . $row[0] . "</td>"; } } echo "</tr>\n"; } } $y++; } echo "</table>\n"; for ($z = 1; $z <= ceil($num_rows / 30); $z++) { echo "<a href='?act=sql&db=" . $_GET['db'] . "&table=" . $_GET['table'] . "&p=" . $z . "'>" . $z . "</a> | "; } } elseif ($_GET['table'] && $_GET['sqlf']) { switch ($_GET['sqlf']) { case "dl": sqldownload(); break; case "ins": sqlinsert(); break; default: $_GET['sqlf'] = ""; } } else { echo "<table>"; $query = "SHOW TABLES FROM " . $_GET['db']; $dat = mysql_query($query, $sqlcon) or die(mysql_error()); while ($row = mysql_fetch_row($dat)) { echo "<tr><td><a href='?act=sql&db=" . $_GET['db'] . "&table=" . $row[0] . "'>" . $row[0] . "</a></td><td>[<a href='?act=sql&db=" . $_GET['db'] . "&table=" . $row[0] . "&sqlf=dl'>Download</a>]</td></tr>\n"; } echo "</table>"; } } } else { $dbs = mysql_list_dbs($sqlcon); while ($row = mysql_fetch_object($dbs)) { echo "<a href='?act=sql&db=" . $row->Database . "'>" . $row->Database . "</a><br>\n"; } } mysql_close($sqlcon); }
/* execute multi query */ $sql = "SELECT * FROM users WHERE username='******' and password='******'"; if (@mysqli_multi_query($con1, $sql)) { /* store first result set */ if ($result = @mysqli_store_result($con1)) { if ($row = @mysqli_fetch_row($result)) { if ($row[1]) { return $row[1]; } else { return 0; } } } } } $login = sqllogin($host, $dbuser, $dbpass, $dbname); if (!$login == 0) { $_SESSION["username"] = $login; setcookie("Auth", 1, time() + 3600); /* expire in 15 Minutes */ header('Location: logged-in.php'); } else { ?> <tr><td colspan="2" style="text-align:center;"><br/><p style="color:#FF0000;"> <center> <img src="../images/slap1.jpg"> </center> </p></td></tr> <?php } ?>
function sqllogin() { $username = mysql_real_escape_string($_POST["login_user"]); $password = mysql_real_escape_string($_POST["login_password"]); $sql = "SELECT * FROM users WHERE username='******' and password='******'"; //$sql = "SELECT COUNT(*) FROM users WHERE username='******' and password='******'"; $res = mysql_query($sql) or die('You tried to be real smart, Try harder!!!! :( '); $row = mysql_fetch_row($res); //print_r($row) ; if ($row[1]) { return $row[1]; } else { return 0; } } $login = sqllogin(); if (!$login == 0) { $_SESSION["username"] = $login; setcookie("Auth", 1, time() + 3600); /* expire in 15 Minutes */ header('Location: logged-in.php'); } else { ?> <tr><td colspan="2" style="text-align:center;"><br/><p style="color:#FF0000;"> <center> <img src="../images/slap1.jpg"> </center> </p></td></tr> <?php } ?>