-
Notifications
You must be signed in to change notification settings - Fork 13
Expand file tree
/
Copy pathrawsql.php
More file actions
109 lines (99 loc) · 4.17 KB
/
rawsql.php
File metadata and controls
109 lines (99 loc) · 4.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
<?php
declare(strict_types=1);
use Lotgd\MySQL\Database;
use Lotgd\Translator;
use Lotgd\SuAccess;
use Lotgd\Nav\SuperuserNav;
use Lotgd\Nav;
use Lotgd\Page\Header;
use Lotgd\Page\Footer;
use Lotgd\Http;
use Lotgd\Modules\HookHandler;
use Lotgd\Settings;
// translator ready
// addnews ready
// mail ready
use Lotgd\Output;
require_once __DIR__ . '/common.php';
$settings = Settings::getInstance();
$output = Output::getInstance();
Translator::getInstance()->setSchema("rawsql");
SuAccess::check(SU_RAW_SQL);
Header::pageHeader('Raw SQL/PHP execution');
SuperuserNav::render();
Nav::add('Execution');
Nav::add('SQL', 'rawsql.php');
Nav::add('PHP', 'rawsql.php?op=php');
$op = (string) Http::get('op');
if ($op == "" || $op == "sql") {
$sql = (string) Http::post('sql');
if ($sql != "") {
$sql = stripslashes($sql);
HookHandler::hook("rawsql-execsql", array("sql" => $sql));
$r = Database::query($sql, false);
if (!$r) {
$output->output("`\$SQL Error:`& %s`0`n`n", Database::error($r));
} else {
if (Database::affectedRows() > 0) {
$output->output("`&%s rows affected.`n`n", Database::affectedRows());
} else {
$output->output("No rows have been changed.`n`n");
}
$output->rawOutput("<table cellspacing='1' cellpadding='2' border='0' bgcolor='#999999'>");
if ($r !== true) {
// if $r===true, it was an UPDATE or DELETE statement, which obviously has no result lines
$number = Database::numRows($r);
for ($i = 0; $i < $number; $i++) {
$row = Database::fetchAssoc($r);
if ($i == 0) {
$output->rawOutput("<tr class='trhead'>");
$keys = array_keys($row);
foreach ($keys as $value) {
$output->rawOutput("<td>$value</td>");
}
$output->rawOutput("</tr>");
}
$output->rawOutput("<tr class='" . ($i % 2 == 0 ? "trlight" : "trdark") . "'>");
foreach ($keys as $value) {
$output->rawOutput("<td valign='top'>{$row[$value]}</td>");
}
$output->rawOutput("</tr>");
}
}
$output->rawOutput("</table>");
}
}
$output->output("Type your query");
$execute = Translator::translate("Execute");
$ret = HookHandler::hook("rawsql-modsql", array("sql" => $sql));
$sql = $ret['sql'];
$output->rawOutput("<form action='rawsql.php' method='post'>");
$output->rawOutput("<textarea name='sql' class='input' cols='60' rows='10'>" . htmlentities($sql, ENT_COMPAT, $settings->getSetting('charset', 'UTF-8')) . "</textarea><br>");
$output->rawOutput("<input type='submit' class='button' value='$execute'>");
$output->rawOutput("</form>");
Nav::add('', 'rawsql.php');
} else {
$php = stripslashes((string) Http::post('php'));
$source = Translator::translate("Source:");
$execute = Translator::translate("Execute");
if ($php > "") {
$output->rawOutput("<div style='background-color: #FFFFFF; color: #000000; width: 100%'><b>$source</b><br>");
$output->rawOutput(highlight_string("<?php\n$php\n?>", true));
$output->rawOutput("</div>");
$output->output("`bResults:`b`n");
HookHandler::hook("rawsql-execphp", array("php" => $php));
ob_start();
eval($php);
$output->output(ob_get_contents(), true);
ob_end_clean();
}
$output->output("`n`nType your code:");
$ret = HookHandler::hook("rawsql-modphp", array("php" => $php));
$php = $ret['php'];
$output->rawOutput("<form action='rawsql.php?op=php' method='post'>");
$output->rawOutput("<?php<br><textarea name='php' class='input' cols='60' rows='10'>" . htmlentities($php, ENT_COMPAT, $settings->getSetting('charset', 'UTF-8')) . "</textarea><br>?><br>");
$output->rawOutput("<input type='submit' class='button' value='$execute'>");
$output->rawOutput("</form>");
Nav::add('', 'rawsql.php?op=php');
}
Footer::pageFooter();