233 lines
8.6 KiB
PHP
233 lines
8.6 KiB
PHP
<?php
|
|
// version 1.1
|
|
ini_set("display_errors",1);
|
|
if((function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) || (ini_get('magic_quotes_sybase') && ( strtolower(ini_get('magic_quotes_sybase')) != "off" ))) {
|
|
foreach($_POST as $k => $v) {
|
|
if (is_array($_POST[$k])) {
|
|
foreach($_POST[$k] as $x => $y) {
|
|
$_POST[$k][$x] = stripslashes($y);
|
|
}
|
|
} else {
|
|
$_POST[$k] = stripslashes($v);
|
|
}
|
|
}
|
|
}
|
|
foreach($_POST as $k => $v) {
|
|
if (is_array($_POST[$k])) {
|
|
foreach($_POST[$k] as $x => $y) {
|
|
$_POST[$k][$x] = urldecode(base64_decode(stripslashes($y)));
|
|
}
|
|
} else {
|
|
$_POST[$k] = urldecode(base64_decode(stripslashes($v)));
|
|
}
|
|
}
|
|
|
|
if (!isset($_POST["od_in"]) || intval($_POST["od_in"]) != intval("@@RANDNUM@@")) die("<WADB_RESPONSE><WADB_ERROR code=\"1\"><![CDATA[No hacking, please. Your location has been logged and reported to the FBI. Please wait for the authorities to arrive.]]></WADB_ERROR></WADB_RESPONSE>");
|
|
if (!isset($_POST["ch_ew_y"]) || intval($_POST["ch_ew_y"]) != intval("@@TIMESTAMP@@")) die("<WADB_RESPONSE><WADB_ERROR code=\"2\"><![CDATA[No hacking, please. Your location has been logged and reported to the FBI. Please wait for the authorities to arrive.]]></WADB_ERROR></WADB_RESPONSE>");
|
|
$timestampExpires = intval("@@TSEXPIRES@@") / 1000;
|
|
$presTime = (intval("@@TIMESTAMP@@") / 1000);
|
|
$servTime = intval("@@SERVTIMESTAMP@@");
|
|
if ($servTime && (time() - $timestampExpires) >= $servTime) die("<WADB_RESPONSE><WADB_ERROR code=\"3\"><![CDATA[No hacking, please. Your location has been logged and reported to the FBI. Please wait for the authorities to arrive.]]></WADB_ERROR></WADB_RESPONSE>");
|
|
|
|
|
|
$connectionText = $_POST['connection'];
|
|
$host = $_POST['hostname'];
|
|
$user = $_POST['username'];
|
|
$pass = $_POST['password'];
|
|
$database = $_POST['databasename'];
|
|
|
|
if (strlen($pass) == 1 && ord($_POST['password']) == 0) {
|
|
$pass = NULL;
|
|
}
|
|
|
|
if (!extension_loaded('mysqli')) {
|
|
$connection = mysql_connect($host, $user, $pass, $database);
|
|
mysql_select_db($database,$connection);
|
|
} else {
|
|
$connection = new mysqli($host, $user, $pass, $database);
|
|
}
|
|
//die($host ."\n". $user."\n". $pass."\n". $database);
|
|
|
|
if ($connection->connect_errno) {
|
|
die("<WADB_RESPONSE><WADB_ERROR code=\"10\"><![CDATA[Failed to connect to MySQL: (" . $connection->connect_errno . ") " . $connection->connect_error ."]]></WADB_ERROR></WADB_RESPONSE>");
|
|
}
|
|
|
|
$_POST['action'] = ( (isset($_POST['action'])) ? $_POST['action'] : 'query' );
|
|
$columnString = "";
|
|
$valuesString = "";
|
|
$conditionString = "";
|
|
switch ($_POST['action']) {
|
|
case "insert":
|
|
if (isset($_POST['values'])) {
|
|
$valuesString = $_POST['values'];
|
|
if (is_array($valuesString)) {
|
|
$valuesString = implode(", ", $valuesString);
|
|
}
|
|
}
|
|
if (isset($_POST['conditions'])) {
|
|
$conditionString = $_POST['conditions'];
|
|
if (is_array($conditionString)) {
|
|
$conditionString = implode(" AND ", $conditionString);
|
|
}
|
|
}
|
|
//no break for columns string as the "query" case
|
|
case "query":
|
|
$columnString="*";
|
|
if (isset($_POST['column'])) {
|
|
$columnString = $_POST['column'];
|
|
if (is_array($columnString)) {
|
|
$columnString = implode(", ", $columnString);
|
|
}
|
|
}
|
|
break;
|
|
case "update":
|
|
if (isset($_POST['values']) && isset($_POST['column'])) {
|
|
$valuesString = $_POST['values'];
|
|
$columnString = $_POST['column'];
|
|
$fullString = "";
|
|
if (is_array($valuesString) && is_array($columnString)) {
|
|
for ($n=0; $n<sizeof($columnString); $n++) {
|
|
$fullString .= ( ($n != 0) ? ", " : "" ) . $columnString[$n] . "=" . $valuesString[$n];
|
|
}
|
|
}
|
|
else {
|
|
$fullString = $columnString . "=" . $valuesString;
|
|
}
|
|
}
|
|
break;
|
|
}
|
|
//connect to database
|
|
switch ($_POST['action']) {
|
|
case "create":
|
|
$db_query = $_POST['fullstatement'];
|
|
break;
|
|
case "sct":
|
|
$db_query = "SHOW CREATE TABLE `" . $_POST['table'] . "`";
|
|
break;
|
|
case "drop":
|
|
$db_query = "DROP TABLE `" . $_POST['table'] . "`";
|
|
break;
|
|
case "firstrow":
|
|
$db_query = "SELECT * FROM `" . $_POST['table'] . "` LIMIT 1";
|
|
$_POST['action'] = "query";
|
|
break;
|
|
case "insert":
|
|
if (!$conditionString || trim(strval($conditionString)) == "") {
|
|
$db_query = "INSERT INTO `" . $_POST['table'] . "` (" . $columnString . ") VALUES (" . $valuesString . ")";
|
|
} else {
|
|
$db_query = "INSERT INTO `" . $_POST['table'] . "` (" . $columnString . ") SELECT " . $valuesString . " FROM " . $_POST['table'] . " WHERE NOT EXISTS (SELECT " . $columnString . " FROM " . $_POST['table'] . " WHERE " . $conditionString . ") LIMIT 1";
|
|
}
|
|
break;
|
|
case "update":
|
|
$db_query = "UPDATE `" . $_POST['table'] . "` SET " . $fullString . "";
|
|
if (isset($_POST['filter'])) {
|
|
$db_query .= " " . $_POST['filter'];
|
|
}
|
|
break;
|
|
case "dbinfo":
|
|
$db_query = "SHOW FULL TABLES FROM `" . $_POST['databasename'] ."`";
|
|
break;
|
|
case "delete":
|
|
$db_query = "DELETE FROM `" . $_POST['table'] . "`";
|
|
if (isset($_POST['filter'])) {
|
|
$db_query .= " " . $_POST['filter'];
|
|
}
|
|
break;
|
|
case "query":
|
|
default:
|
|
$db_query = "SELECT ".$columnString." FROM `".$_POST['table'] . '` ';
|
|
if (isset($_POST['filter'])) {
|
|
$db_query .= " " . $_POST['filter'];
|
|
}
|
|
break;
|
|
}
|
|
echo "<WADB_RESPONSE>\n"."\t<WADB_INFO connection=\"".urlencode($connectionText)."\">\n";
|
|
if (isset($_POST['table'])) {
|
|
echo "\t\t<WADB_TABLE><![CDATA[".$_POST['table']."]]></WADB_TABLE>\n";
|
|
}
|
|
echo "\t\t<WADB_COLSTR><![CDATA[".$columnString."]]></WADB_COLSTR>\n".
|
|
"\t\t<WADB_VALSTR><![CDATA[".$valuesString."]]></WADB_VALSTR>\n";
|
|
if (isset($_POST['filter'])) {
|
|
echo "\t\t<WADB_FILTER><![CDATA[".$_POST['filter']."]]></WADB_FILTER>\n";
|
|
}
|
|
echo "\t\t<WADB_STATEMENT><![CDATA[".$db_query."]]></WADB_STATEMENT>\n"."\t</WADB_INFO>\n";
|
|
if (!extension_loaded('mysqli')) {
|
|
$dbcontent = mysql_query($db_query,$connection);
|
|
} else {
|
|
$dbcontent = $connection->query($db_query);
|
|
}
|
|
if ($connection->connect_errno) die("<WADB_RESPONSE><WADB_ERROR code=\"5\"><![CDATA[Failed to execute sql: (" . $connection->connect_errno . ") ".$db_query." : " . $connection->connect_error ."]]></WADB_ERROR></WADB_RESPONSE>");
|
|
|
|
switch ($_POST['action']) {
|
|
case "query":
|
|
case "sct":
|
|
|
|
if (!extension_loaded('mysqli')) {
|
|
while ($row_dbcontent = mysql_fetch_assoc($dbcontent)) {
|
|
echo("\t<WADB_DATA>\n");
|
|
foreach ($row_dbcontent as $key => $value) {
|
|
echo('\t\t<WADB_COLUMN name="'.urlencode($key).'"><![CDATA['.$value."]]></WADB_COLUMN>\n");
|
|
}
|
|
echo("\t</WADB_DATA>\n");
|
|
}
|
|
mysql_free_result($dbcontent);
|
|
} else {
|
|
while ($row_dbcontent = mysqli_fetch_assoc($dbcontent)) {
|
|
echo("\t<WADB_DATA>\n");
|
|
foreach ($row_dbcontent as $key => $value) {
|
|
echo('\t\t<WADB_COLUMN name="'.urlencode($key).'"><![CDATA['.$value."]]></WADB_COLUMN>\n");
|
|
}
|
|
echo("\t</WADB_DATA>\n");
|
|
}
|
|
mysqli_free_result($dbcontent);
|
|
}
|
|
break;
|
|
case "dbinfo":
|
|
if (extension_loaded('mysqli')) {
|
|
while ($row_dbcontent = mysqli_fetch_assoc($dbcontent)) {
|
|
echo("\t<WADB_DATA>\n");
|
|
foreach ($row_dbcontent as $key => $value) {
|
|
$dbcolcontent = $connection->query("SHOW COLUMNS FROM `" . $value . "`");
|
|
if ($connection->connect_errno) die("<WADB_RESPONSE><WADB_ERROR code=\"5\"><![CDATA[Failed to execute sql: (" . $connection->connect_errno . ") ".$db_query." : " . $connection->connect_error ."]]></WADB_ERROR></WADB_RESPONSE>");
|
|
|
|
$dballcols = array();
|
|
if ($dbcolcontent) while ($row = $dbcolcontent->fetch_array()) {
|
|
$dballcols[] = $row;
|
|
}
|
|
if ($dbcolcontent) mysqli_free_result($dbcolcontent);
|
|
echo('\t\t<WADB_COLUMN name="'.urlencode($value).'"><![CDATA['.json_encode($dballcols)."]]></WADB_COLUMN>\n");
|
|
break;
|
|
}
|
|
echo("\t</WADB_DATA>\n");
|
|
}
|
|
mysqli_free_result($dbcontent);
|
|
} else {
|
|
while ($row_dbcontent = mysql_fetch_assoc($dbcontent)) {
|
|
echo("\t<WADB_DATA>\n");
|
|
foreach ($row_dbcontent as $key => $value) {
|
|
$dbcolcontent = mysql_query("SHOW COLUMNS FROM `" . $value . "`",$connection);
|
|
if ($connection->connect_errno) die("<WADB_RESPONSE><WADB_ERROR code=\"5\"><![CDATA[Failed to execute sql: (" . $connection->connect_errno . ") ".$db_query." : " . $connection->connect_error ."]]></WADB_ERROR></WADB_RESPONSE>");
|
|
$dballcols = mysql_fetch_all($dbcolcontent);
|
|
mysql_free_result($dbcolcontent);
|
|
echo('\t\t<WADB_COLUMN name="'.urlencode($value).'"><![CDATA['.json_encode($dballcols)."]]></WADB_COLUMN>\n");
|
|
}
|
|
echo("\t</WADB_DATA>\n");
|
|
}
|
|
mysql_free_result($dbcontent);
|
|
}
|
|
break;
|
|
case "insert":
|
|
if (extension_loaded('mysqli')) {
|
|
echo("\t<WADB_DATA><![CDATA[".mysqli_insert_id($connection)."]]></WADB_DATA>\n");
|
|
} else {
|
|
echo("\t<WADB_DATA><![CDATA[".mysql_insert_id($connection)."]]></WADB_DATA>\n");
|
|
}
|
|
break;
|
|
case "create":
|
|
case "drop":
|
|
case "update":
|
|
default:
|
|
echo("\t<WADB_DATA><![CDATA[success]]></WADB_DATA>\n");
|
|
}
|
|
echo "</WADB_RESPONSE>";
|
|
?>
|