diff --git a/_compile.php b/_compile.php index 00ee2236..55e223a3 100644 --- a/_compile.php +++ b/_compile.php @@ -38,6 +38,7 @@ $file = preg_replace_callback('~(<\\?php)?\\s*(include|require)(_once)? "([^"]*) if ($_SESSION["lang"]) { $file = preg_replace_callback("~(<\\?php\\s*echo )?lang\\('((?:[^\\\\']*|\\\\.)+)'\\)(;\\s*\\?>)?~s", 'remove_lang', $file); $file = str_replace("\n", "", $file); + $file = str_replace("", $_SESSION["lang"], $file); } //! remove spaces and comments file_put_contents($filename, $file); diff --git a/_lang.php b/_lang.php index e0a717d3..f82324cb 100644 --- a/_lang.php +++ b/_lang.php @@ -4,17 +4,18 @@ if ($_SERVER["argc"] > 1) { exit(1); } -$messages = array(); +$messages_all = array(); foreach (glob("*.php") as $filename) { $file = file_get_contents($filename); - preg_match_all("~lang\\(('(?:[^\\\\']*|\\\\.)+')\\)~s", $file, $matches); - $messages += array_flip($matches[1]); + preg_match_all("~lang\\(('(?:[^\\\\']*|\\\\.)+')[),]~s", $file, $matches); + $messages_all += array_flip($matches[1]); } $file = file_get_contents("lang.inc.php"); -preg_match_all("~\n\t\t'.*' => array\\(\n(.*\n)\t\t\\)~sU", $file, $translations, PREG_OFFSET_CAPTURE); -foreach ($translations[1] as $translation) { - preg_match_all("~^(\\s*(?:// )?)(('(?:[^\\\\']*|\\\\.)+') => .*[^,\n]),?~m", $translation[0], $matches, PREG_SET_ORDER); +preg_match_all("~\n\t\t'(.*)' => array\\(\n(.*\n)\t\t\\)~sU", $file, $translations, PREG_OFFSET_CAPTURE); +foreach (array_reverse($translations[2], true) as $key => $translation) { + $messages = $messages_all; + preg_match_all("~^(\\s*)(?:// )?(('(?:[^\\\\']*|\\\\.)+') => .*[^,\n]),?~m", $translation[0], $matches, PREG_SET_ORDER); $s = ""; foreach ($matches as $match) { if (isset($messages[$match[3]])) { @@ -24,8 +25,10 @@ foreach ($translations[1] as $translation) { $s .= "$match[1]// $match[2],\n"; } } - foreach($messages as $key => $val) { - $s .= "\t\t\t$key => '',\n"; + if ($translations[1][$key][0] != 'en') { + foreach($messages as $key => $val) { + $s .= "\t\t\t$key => '',\n"; + } } $file = substr_replace($file, $s, $translation[1], strlen($translation[0])); } diff --git a/auth.inc.php b/auth.inc.php index 7a5a74ef..e15ec934 100644 --- a/auth.inc.php +++ b/auth.inc.php @@ -11,6 +11,7 @@ if (isset($_POST["server"])) { } elseif (isset($_GET["logout"])) { unset($_SESSION["usernames"][$_GET["server"]]); unset($_SESSION["passwords"][$_GET["server"]]); + $_SESSION["tokens"][$_GET["server"]] = array(); } $username = $_SESSION["usernames"][$_GET["server"]]; @@ -18,8 +19,9 @@ $password = $_SESSION["passwords"][$_GET["server"]]; if (isset($_GET["logout"]) || !@mysql_connect( (strlen($_GET["server"]) ? $_GET["server"] : ini_get("mysql.default_host")), (strlen("$_GET[server]$username") ? $username : ini_get("mysql.default_user")), - (strlen("$_GET[server]$username$password") ? $password : ini_get("mysql.default_password"))) -) { + (strlen("$_GET[server]$username$password") ? $password : ini_get("mysql.default_password")), + false, 131072 // CLIENT_MULTI_RESULTS for CALL +)) { page_header(lang('Login')); if (isset($_GET["logout"])) { echo "

" . lang('Logout successful.') . "

\n"; @@ -30,17 +32,17 @@ if (isset($_GET["logout"]) || !@mysql_connect(
- +
:" maxlength="60" />
:" maxlength="16" />
:
:
$val) { // expired session if (is_array($val)) { foreach ($val as $key2 => $val2) { if (!is_array($val2)) { - echo ''; + echo ''; } else { foreach ($val2 as $key3 => $val3) { - echo ''; + echo ''; } } } @@ -48,6 +50,9 @@ if (isset($_GET["logout"]) || !@mysql_connect( echo ''; } } + foreach ($_FILES as $key => $val) { + echo ''; + } ?>
diff --git a/connect.inc.php b/connect.inc.php index 6136c77c..33deffb2 100644 --- a/connect.inc.php +++ b/connect.inc.php @@ -10,4 +10,3 @@ if (!(strlen($_GET["db"]) ? mysql_select_db($_GET["db"]) : isset($_GET["sql"]) | exit; } mysql_query("SET CHARACTER SET utf8"); -mysql_query("SET SQL_QUOTE_SHOW_CREATE=1"); diff --git a/create.inc.php b/create.inc.php index 2c0d6877..7605e4d0 100644 --- a/create.inc.php +++ b/create.inc.php @@ -1,7 +1,7 @@ " . lang('Unable to operate table') . ": " . htmlspecialchars($error) . "

\n"; } $row = $_POST; + if ($row["auto_increment"]) { + $row["fields"][$row["auto_increment"]]["auto_increment"] = true; + } } elseif (strlen($_GET["create"])) { $row = mysql_fetch_assoc(mysql_query("SHOW TABLE STATUS LIKE '" . mysql_real_escape_string($_GET["create"]) . "'")); $row["name"] = $_GET["create"]; @@ -64,7 +71,9 @@ if ($_POST) { } else { $row = array("fields" => array()); } -//! default, comments +if (!$_POST || $_POST["add"]) { + $row["fields"][] = array(); +} $collations = collations(); ?>
@@ -74,46 +83,53 @@ $collations = collations();

- + + ?> - + + - - - - - - - -
" />" maxlength="64" /> " size="3" /> checked="checked" /> checked="checked" /> checked="checked" />" maxlength="255" />
+

: " maxlength="60" /> +

+

diff --git a/database.inc.php b/database.inc.php index 1d0b4531..911c9684 100644 --- a/database.inc.php +++ b/database.inc.php @@ -1,5 +1,5 @@
+
diff --git a/design.inc.php b/design.inc.php index 89eae22f..e89ff01e 100644 --- a/design.inc.php +++ b/design.inc.php @@ -3,7 +3,7 @@ function page_header($title) { header("Content-Type: text/html; charset=utf-8"); ?> - + <?php echo lang('phpMinAdmin') . " - $title"; ?> @@ -14,7 +14,7 @@ A:visited { color: Navy; } H1 { font-size: 150%; margin: 0; } H2 { font-size: 150%; margin-top: 0; } FIELDSET { float: left; padding: .5em; margin: 0; } -PRE { margin: 0; font-family: serif; } +PRE { margin: 0; margin: .12em 0; } .error { color: Red; } .message { color: Green; } #menu { position: absolute; top: 8px; left: 8px; width: 15em; overflow: auto; white-space: nowrap; } @@ -63,18 +63,18 @@ function page_footer($missing = false) { " . lang('No tables.') . "

\n"; } else { echo "

\n"; - while ($row = mysql_fetch_row($result)) { - echo '' . lang('select') . ' '; - echo '' . htmlspecialchars($row[0]) . "
\n"; //! views + while ($row = mysql_fetch_assoc($result)) { + echo '' . lang('select') . ' '; + echo '' . htmlspecialchars($row["Name"]) . "
\n"; } echo "

\n"; } - echo '

' . lang('Create new table') . "

\n"; //! rights + echo '

' . lang('Create new table') . "

\n"; mysql_free_result($result); } } diff --git a/download.inc.php b/download.inc.php new file mode 100644 index 00000000..6d4748e0 --- /dev/null +++ b/download.inc.php @@ -0,0 +1,3 @@ + $val) { - $where[] = idf_escape($key) . " = BINARY '" . mysql_real_escape_string($val) . "'"; //! enum and set +$where = where(); +$fields = array(); +foreach (fields($_GET["edit"]) as $name => $field) { + if (isset($_GET["default"]) ? !$field["auto_increment"] : isset($field["privileges"][$where ? "update" : "insert"])) { + $fields[$name] = $field; + } } -foreach ((array) $_GET["null"] as $key) { - $where[] = idf_escape($key) . " IS NULL"; -} -if ($_POST) { +if ($_POST && !$error) { if (isset($_POST["delete"])) { + $set = true; $query = "DELETE FROM " . idf_escape($_GET["edit"]) . " WHERE " . implode(" AND ", $where) . " LIMIT 1"; $message = lang('Item has been deleted.'); } else { $set = array(); - foreach ($_POST["fields"] as $key => $val) { - $name = bracket_escape($key, "back"); - $field = $fields[$name]; - if (preg_match('~char|text|set~', $field["type"]) ? $_POST["null"][$key] : !strlen($val)) { + foreach ($fields as $name => $field) { + $key = bracket_escape($name); + $val = $_POST["fields"][$key]; + if (preg_match('~char|text|set|binary|blob~', $field["type"]) ? $_POST["null"][$key] : !strlen($val)) { $val = "NULL"; } elseif ($field["type"] == "enum") { - $val = intval($val); + $val = (isset($_GET["default"]) && preg_match_all("~'((?:[^']*|'')+)'~", $field["length"], $matches) ? "'" . $matches[1][$val-1] . "'" : intval($val)); } elseif ($field["type"] == "set") { - $val = array_sum((array) $val); + if (!isset($_GET["default"])) { + $val = array_sum((array) $val); + } else { + preg_match_all("~'((?:[^']*|'')+)'~", $field["length"], $matches); + $value = array(); + foreach ((array) $val as $key => $v) { + $value[] = $matches[1][$key]; + } + $val = "'" . implode(",", $value) . "'"; + } + } elseif (preg_match('~binary|blob~', $field["type"])) { + $file = get_file($key); + if (!is_string($file) && !$field["null"]) { + continue; //! report errors, also empty $_POST - not only because of file upload + } + $val = "_binary'" . (is_string($file) ? mysql_real_escape_string($file) : "") . "'"; } else { $val = "'" . mysql_real_escape_string($val) . "'"; } - $set[] = idf_escape($name) . " = $val"; + $set[] = idf_escape($name) . (isset($_GET["default"]) ? ($val == "NULL" ? " DROP DEFAULT" : " SET DEFAULT $val") : " = $val"); } - if ($where) { + if (isset($_GET["default"])) { + $query = "ALTER TABLE " . idf_escape($_GET["edit"]) . " ALTER " . implode(", ALTER ", $set); + $message = lang('Default values has been set.'); + } elseif ($where) { $query = "UPDATE " . idf_escape($_GET["edit"]) . " SET " . implode(", ", $set) . " WHERE " . implode(" AND ", $where) . " LIMIT 1"; $message = lang('Item has been updated.'); } else { @@ -35,69 +53,82 @@ if ($_POST) { $message = lang('Item has been inserted.'); } } - if (mysql_query($query)) { - redirect($SELF . ($_POST["insert"] ? "edit=" : "select=") . urlencode($_GET["edit"]), $message); + if (!$set || mysql_query($query)) { + redirect($SELF . (isset($_GET["default"]) ? "table=" : ($_POST["insert"] ? "edit=" : "select=")) . urlencode($_GET["edit"]), ($set ? $message : null)); } $error = mysql_error(); } -page_header(($_GET["where"] ? lang('Edit') : lang('Insert')) . ": " . htmlspecialchars($_GET["edit"])); +page_header((isset($_GET["default"]) ? lang('Default values') : ($_GET["where"] ? lang('Edit') : lang('Insert'))) . ": " . htmlspecialchars($_GET["edit"])); if ($_POST) { echo "

" . lang('Error during saving') . ": " . htmlspecialchars($error) . "

\n"; - $data = $_POST["fields"]; - foreach ($_POST["null"] as $key => $val) { + $data = (array) $_POST["fields"]; + foreach ((array) $_POST["null"] as $key => $val) { $data[$key] = null; } } elseif ($where) { $select = array(); foreach ($fields as $name => $field) { - if (in_array("select", $field["privileges"]) && in_array(($where ? "update" : "insert"), $field["privileges"])) { + if (isset($field["privileges"]["select"]) && !preg_match('~binary|blob~', $field["type"])) { $select[] = ($field["type"] == "enum" || $field["type"] == "set" ? "1*" . idf_escape($name) . " AS " : "") . idf_escape($name); } } $data = ($select ? mysql_fetch_assoc(mysql_query("SELECT " . implode(", ", $select) . " FROM " . idf_escape($_GET["edit"]) . " WHERE " . implode(" AND ", $where) . " LIMIT 1")) : array()); } else { - $data = array(); + unset($data); } ?> -
+ $field) { - if (in_array(($where ? "update" : "insert"), $field["privileges"])) { - echo "\n"; + if ($field["null"]) { + $id = "field-$name-"; + echo ' '; + } + } elseif ($field["type"] == "set") { //! 64 bits + preg_match_all("~'((?:[^']*|'')+)'~", $field["length"], $matches); + foreach ($matches[1] as $i => $val) { + $id = "$name-" . ($i+1); + $checked = (isset($data) ? ($value >> $i) & 1 : in_array(str_replace("''", "'", $val), explode(",", $field["default"]), true)); + echo ' '; + } + } elseif (strpos($field["type"], "text") !== false) { + echo ''; + } elseif (preg_match('~binary|blob~', $field["type"])) { + echo (ini_get("file_uploads") ? '' : lang('File uploads are disabled.') . ' '); + } else { //! binary + echo ''; } + if ($field["null"] && preg_match('~char|text|set|binary|blob~', $field["type"])) { + echo ''; + } + echo "\n"; } ?>
" . htmlspecialchars($name) . ""; - $value = ($data ? $data[$name] : $field["default"]); - $name = htmlspecialchars(bracket_escape($name)); - if ($field["type"] == "enum") { + $save_possible = true; + echo "
" . htmlspecialchars($name) . ""; + $value = (isset($data) ? $data[$name] : $field["default"]); + $name = htmlspecialchars($_POST ? $name : bracket_escape($name)); + if ($field["type"] == "enum") { + if (!isset($_GET["default"])) { echo ''; - preg_match_all("~'((?:[^']*|'')+)'~", $field["length"], $matches); - foreach ($matches[1] as $i => $val) { - $id = "field-$name-" . ($i+1); - echo ' '; - } - if ($field["null"]) { - $id = "field-$name-"; - echo ' '; - } - } elseif ($field["type"] == "set") { //! 64 bits - preg_match_all("~'((?:[^']*|'')+)'~", $field["length"], $matches); - foreach ($matches[1] as $i => $val) { - $id = "$name-" . ($i+1); - echo ' > $i) & 1 ? ' checked="checked"' : '') . ' />'; - } - } elseif (strpos($field["type"], "text") !== false) { - echo ''; - } else { //! binary - echo ''; } - if ($field["null"] && preg_match('~char|text|set~', $field["type"])) { - echo ''; + preg_match_all("~'((?:[^']*|'')+)'~", $field["length"], $matches); + foreach ($matches[1] as $i => $val) { + $id = "field-$name-" . ($i+1); + $checked = (isset($data) ? $value == $i+1 : $val === $field["default"]); + echo ' '; } - echo "
-

+

+ + + + + + +

diff --git a/functions.inc.php b/functions.inc.php index 764667cd..cb588213 100644 --- a/functions.inc.php +++ b/functions.inc.php @@ -42,9 +42,10 @@ function fields($table) { "unsigned" => ltrim($match[3] . $match[4]), "default" => $row["Default"], "null" => ($row["Null"] == "YES"), - "extra" => $row["Extra"], + "auto_increment" => ($row["Extra"] == "auto_increment"), "collation" => $row["Collation"], - "privileges" => explode(",", $row["Privileges"]), + "privileges" => array_flip(explode(",", $row["Privileges"])), + "comment" => $row["Comment"], ); } mysql_free_result($result); @@ -88,14 +89,25 @@ function unique_idf($row, $indexes) { if (!isset($row[$key])) { continue 2; } - $return[] = urlencode("where[$key]") . "=" . urlencode($row[$key]); + $return[] = urlencode("where[" . bracket_escape($key) . "]") . "=" . urlencode($row[$key]); } return $return; } } $return = array(); foreach ($row as $key => $val) { - $return[] = (isset($val) ? urlencode("where[$key]") . "=" . urlencode($val) : "null%5B%5D=" . urlencode($key)); + $return[] = (isset($val) ? urlencode("where[" . bracket_escape($key) . "]") . "=" . urlencode($val) : "null%5B%5D=" . urlencode($key)); + } + return $return; +} + +function where() { + $return = array(); + foreach ((array) $_GET["where"] as $key => $val) { + $return[] = idf_escape(bracket_escape($key, "back")) . " = BINARY '" . mysql_real_escape_string($val) . "'"; //! enum and set + } + foreach ((array) $_GET["null"] as $key) { + $return[] = idf_escape(bracket_escape($key, "back")) . " IS NULL"; } return $return; } @@ -122,17 +134,6 @@ function engines() { return $return; } -function redirect($location, $message = null) { - if (isset($message)) { - $_SESSION["message"] = $message; - } - if (strlen(SID)) { - $location .= (strpos($location, "?") === false ? "?" : "&") . SID; - } - header("Location: " . (strlen($location) ? $location : ".")); - exit; -} - function types() { return array( "tinyint" => 3, "smallint" => 5, "mediumint" => 8, "int" => 10, "bigint" => 20, @@ -146,6 +147,97 @@ function types() { ); } +function token() { + return ($GLOBALS["TOKENS"][] = rand(1, 1e6)); +} + +function token_delete() { + if ($_POST["token"] && ($pos = array_search($_POST["token"], (array) $GLOBALS["TOKENS"])) !== false) { + unset($GLOBALS["TOKENS"][$pos]); + return true; + } + return false; +} + +function redirect($location, $message = null) { + if (isset($message)) { + $_SESSION["message"] = $message; + } + token_delete(); + if (strlen(SID)) { + $location .= (strpos($location, "?") === false ? "?" : "&") . SID; + } + header("Location: " . (strlen($location) ? $location : ".")); + exit; +} + +function get_file($key) { + if (isset($_POST["files"][$key])) { + $length = strlen($_POST["files"][$key]); + return ($length & $length < 4 ? intval($_POST["files"][$key]) : base64_decode($_POST["files"][$key])); + } + return (!$_FILES[$key] || $_FILES[$key]["error"] ? $_FILES[$key]["error"] : file_get_contents($_FILES[$key]["tmp_name"])); +} + +function select($result) { + if (!mysql_num_rows($result)) { + echo "

" . lang('No rows.') . "

\n"; + } else { + echo "\n"; + for ($i=0; $row = mysql_fetch_row($result); $i++) { + if (!$i) { + echo ""; + $links = array(); + $indexes = array(); + $columns = array(); + $blobs = array(); + for ($j=0; $j < count($row); $j++) { + $field = mysql_fetch_field($result, $j); + if (strlen($field->table) && $field->primary_key) { + $links[$j] = $field->table; + if (!isset($indexes[$field->table])) { + $indexes[$field->table] = array(); + foreach (indexes($field->table) as $index) { + if ($index["type"] == "PRIMARY") { + $indexes[$field->table] = array_flip($index["columns"]); + break; + } + } + $columns[$field->table] = $indexes[$field->table]; + } + unset($columns[$field->table][$field->name]); + $indexes[$field->table][$field->name] = $j; + $links[$j] = $field->table; + } + if ($field->blob) { + $blobs[$j] = true; + } + echo ""; + } + echo "\n"; + } + echo ""; + foreach ($row as $key => $val) { + if (!isset($val)) { + $val = "NULL"; + } else { + $val = ($blobs[$key] && preg_match('~[\\x80-\\xFF]~', $val) ? "" . lang('%d byte(s)', strlen($val)) . "" : (trim($val) ? nl2br(htmlspecialchars($val)) : " ")); + if (isset($links[$key]) && !$columns[$links[$key]]) { + $link = "edit=" . urlencode($links[$key]); + foreach ($indexes[$links[$key]] as $col => $j) { + $link .= "&where" . urlencode("[" . bracket_escape($col) . "]") . "=" . urlencode($row[$j]); + } + $val = '' . $val . ''; + } + } + echo ""; + } + echo "\n"; + } + echo "
" . htmlspecialchars($field->name) . "
$val
\n"; + } +} + if (get_magic_quotes_gpc()) { $process = array(&$_GET, &$_POST); while (list($key, $val) = each($process)) { diff --git a/index.php b/index.php index 2e6ecf17..17cf21de 100644 --- a/index.php +++ b/index.php @@ -4,6 +4,7 @@ session_start(); error_reporting(E_ALL & ~E_NOTICE); $SELF = preg_replace('~^[^?]*/([^?]*).*~', '\\1?', $_SERVER["REQUEST_URI"]) . (strlen($_GET["server"]) ? 'server=' . urlencode($_GET["server"]) . '&' : '') . (strlen($_GET["db"]) ? 'db=' . urlencode($_GET["db"]) . '&' : ''); +$TOKENS = &$_SESSION["tokens"][$_GET["server"]][preg_replace('~([?&]sql=)upload~', '\\1', $_SERVER["REQUEST_URI"])]; include "./lang.inc.php"; include "./functions.inc.php"; include "./design.inc.php"; @@ -12,6 +13,8 @@ include "./connect.inc.php"; if (isset($_GET["dump"])) { include "./dump.inc.php"; +} elseif (isset($_GET["download"])) { + include "./download.inc.php"; } else { if (isset($_GET["table"])) { include "./table.inc.php"; @@ -20,16 +23,10 @@ if (isset($_GET["dump"])) { } elseif (isset($_GET["view"])) { include "./view.inc.php"; } else { - $params = preg_replace('~.*\\?~', '', $_SERVER["REQUEST_URI"]); if ($_POST) { - $error = (in_array($_POST["token"], (array) $_SESSION["tokens"][$params]) ? "" : lang('Invalid CSRF token.')); - } - if ($_POST && !$error) { - $token = $_POST["token"]; - } else { - $token = rand(1, 1e6); - $_SESSION["tokens"][$params][] = $token; + $error = (in_array($_POST["token"], (array) $TOKENS) ? "" : lang('Invalid CSRF token. Send the form again.')); } + $token = ($_POST && !$error ? $_POST["token"] : token()); if (isset($_GET["sql"])) { include "./sql.inc.php"; } elseif (isset($_GET["edit"])) { @@ -41,7 +38,7 @@ if (isset($_GET["dump"])) { } elseif (isset($_GET["database"])) { include "./database.inc.php"; } else { - unset($_SESSION["tokens"][$params]); + $TOKENS = array(); page_header(htmlspecialchars(lang('Database') . ": " . $_GET["db"])); echo '

' . lang('Alter database') . "

\n"; if (mysql_get_server_info() >= 5) { @@ -52,7 +49,7 @@ if (isset($_GET["dump"])) { while ($row = mysql_fetch_assoc($result)) { echo ""; echo "" . htmlspecialchars($row["ROUTINE_TYPE"]) . ""; - echo "" . htmlspecialchars($row["ROUTINE_NAME"]) . ""; //! parameters from SHOW CREATE {PROCEDURE|FUNCTION} + echo "" . htmlspecialchars($row["ROUTINE_NAME"]) . ""; //! parameters from SHOW CREATE {PROCEDURE|FUNCTION} echo "
" . htmlspecialchars($row["ROUTINE_DEFINITION"]) . "
"; echo "\n"; } diff --git a/indexes.inc.php b/indexes.inc.php index 494d3afd..40048226 100644 --- a/indexes.inc.php +++ b/indexes.inc.php @@ -2,7 +2,7 @@ $index_types = array("PRIMARY", "UNIQUE", "INDEX", "FULLTEXT"); $indexes = indexes($_GET["indexes"]); $fields = array_keys(fields($_GET["indexes"])); -if ($_POST && !$_POST["add"]) { +if ($_POST && !$error && !$_POST["add"]) { $alter = array(); foreach ($_POST["indexes"] as $index) { if (in_array($index["type"], $index_types)) { @@ -66,6 +66,6 @@ foreach ($row["indexes"] as $index) { ?> -

+

diff --git a/lang.inc.php b/lang.inc.php index d39ceade..644e6d00 100644 --- a/lang.inc.php +++ b/lang.inc.php @@ -1,7 +1,25 @@ array(), + 'en' => array( + 'Query executed OK, %d row(s) affected.' => array('Query executed OK, %d row affected.', 'Query executed OK, %d rows affected.'), + '%d byte(s)' => array('%d byte', '%d bytes'), + ), 'cs' => array( 'Login' => 'Přihlásit se', 'phpMinAdmin' => 'phpMinAdmin', @@ -26,7 +44,7 @@ function lang($idf = null) { 'Type' => 'Typ', 'Length' => 'Délka', 'NULL' => 'NULL', - 'Auto-increment' => 'Auto-increment', + 'Auto Increment' => 'Auto Increment', 'Options' => 'Volby', 'Add row' => 'Přidat řádek', 'Save' => 'Uložit', @@ -72,7 +90,7 @@ function lang($idf = null) { 'Action' => 'Akce', 'edit' => 'upravit', 'Page' => 'Stránka', - 'Query executed OK, %d row(s) affected.' => 'Příkaz proběhl v pořádku, bylo změněno %d záznam(ů).', + 'Query executed OK, %d row(s) affected.' => array('Příkaz proběhl v pořádku, byl změněn %d záznam.', 'Příkaz proběhl v pořádku, byly změněny %d záznamy.', 'Příkaz proběhl v pořádku, bylo změněno %d záznamů.'), 'Error in query' => 'Chyba v dotazu', 'Execute' => 'Provést', 'Table' => 'Tabulka', @@ -81,23 +99,34 @@ function lang($idf = null) { 'View' => 'Pohled', 'Unable to select the table' => 'Nepodařilo se vypsat tabulku', 'Unable to show the table definition' => 'Nepodařilo se získat strukturu tabulky', + 'Invalid CSRF token. Send the form again.' => 'Neplatný token CSRF. Odešlete formulář znovu.', + 'Comment' => 'Komentář', + 'Default values has been set.' => 'Výchozí hodnoty byly nastaveny.', + 'Default values' => 'Výchozí hodnoty', + 'BOOL' => 'BOOL', + 'Show column comments' => 'Zobrazit komentáře sloupců', + '%d byte(s)' => array('%d bajt', '%d bajty', '%d bajtů'), + 'No commands to execute.' => 'Žádné příkazy k vykonání.', + 'Unable to upload a file.' => 'Nepodařilo se nahrát soubor.', + 'File upload' => 'Nahrání souboru', + 'File uploads are disabled.' => 'Nahrávání souborů není povoleno.', ), ); if (!isset($idf)) { return array_keys($translations); } - if (strlen($_SESSION["lang"])) { - $lang = $_SESSION["lang"]; - } else { - $lang = preg_replace('~[,;].*~', '', $_SERVER["HTTP_ACCEPT_LANGUAGE"]); - if (!isset($translations[$lang])) { //! try next languages - $lang = preg_replace('~-.*~', '', $lang); - if (!isset($translations[$lang])) { - $lang = "en"; - } + $lang = get_lang(); + $translation = $translations[$lang][$idf]; + $args = func_get_args(); + if (is_array($translation)) { + switch ($lang) { + case 'cs': $pos = ($args[1] == 1 ? 0 : (!$args[1] || $args[1] >= 5 ? 2 : 1)); break; + default: $pos = ($args[1] == 1 ? 0 : 1); } + $translation = $translation[$pos]; } - return (strlen($translations[$lang][$idf]) ? $translations[$lang][$idf] : $idf); + $args[0] = (strlen($translation) ? $translation : $idf); + return call_user_func_array('sprintf', $args); } function switch_lang() { diff --git a/select.inc.php b/select.inc.php index e70ca4d0..b3a2acfb 100644 --- a/select.inc.php +++ b/select.inc.php @@ -1,18 +1,23 @@ ' . lang('New item') . "

\n"; $fields = fields($_GET["select"]); +$rights = array(); $columns = array(); foreach ($fields as $key => $field) { - if (in_array("select", $field["privileges"])) { + if (isset($field["privileges"]["select"])) { $columns[] = $key; } + $rights += $field["privileges"]; +} + +if (isset($rights["insert"])) { + echo '

' . lang('New item') . "

\n"; } if (!$columns) { echo "

" . lang('Unable to select the table') . ($fields ? "" : ": " . mysql_error()) . ".

\n"; } else { + $indexes = indexes($_GET["select"]); echo "
\n
" . lang('Search') . "\n"; if (strlen($_GET["server"])) { echo ''; @@ -22,6 +27,17 @@ if (!$columns) { echo "\n"; $where = array(); + foreach ($indexes as $i => $index) { + if ($index["type"] == "FULLTEXT") { + if (strlen($_GET["fulltext"][$i])) { + $where[] = "MATCH (" . implode(", ", array_map('idf_escape', $index["columns"])) . ") AGAINST ('" . mysql_real_escape_string($_GET["fulltext"][$i]) . "'" . (isset($_GET["boolean"][$i]) ? " IN BOOLEAN MODE" : "") . ")"; + } + echo "(" . implode(", ", $index["columns"]) . ") AGAINST"; + echo ' '; + echo ""; + echo "
\n"; + } + } $operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "REGEXP", "IS NULL"); $i = 0; foreach ((array) $_GET["where"] as $val) { @@ -48,7 +64,6 @@ for (var i=0; > i; i++) { echo "
"; echo ""; echo "
\n"; //! JavaScript for adding next - //! fulltext search echo "
\n"; echo "
" . lang('Sort') . "\n"; @@ -56,15 +71,14 @@ for (var i=0; > i; i++) { $i = 0; foreach ((array) $_GET["order"] as $key => $val) { if (in_array($val, $columns, true)) { - $desc = in_array($key, (array) $_GET["desc"]); - $order[] = idf_escape($val) . ($desc ? " DESC" : ""); + $order[] = idf_escape($val) . (isset($_GET["desc"][$key]) ? " DESC" : ""); echo "
"; - echo "
\n"; + echo "\n"; $i++; } } echo "
"; - echo "
\n"; + echo "\n"; echo "
\n"; echo "
" . lang('Limit') . "\n"; @@ -81,22 +95,24 @@ for (var i=0; > i; i++) { echo "

" . lang('No rows.') . "

\n"; } else { $found_rows = mysql_result(mysql_query(" SELECT FOUND_ROWS()"), 0); // space for mysql.trace_mode - $indexes = indexes($_GET["select"]); $foreign_keys = array(); foreach (foreign_keys($_GET["select"]) as $foreign_key) { foreach ($foreign_key[2] as $val) { $foreign_keys[$val][] = $foreign_key; } } - $childs = array(); //! use foreign_keys() in MySQL < 5 - $result1 = mysql_query("SELECT * FROM information_schema.KEY_COLUMN_USAGE WHERE REFERENCED_TABLE_SCHEMA = '" . mysql_real_escape_string($_GET["db"]) . "' AND REFERENCED_TABLE_NAME = '" . mysql_real_escape_string($_GET["select"]) . "' ORDER BY ORDINAL_POSITION"); - while ($row1 = mysql_fetch_assoc($result1)) { - $childs[$row1["CONSTRAINT_NAME"]][0] = $row1["TABLE_SCHEMA"]; - $childs[$row1["CONSTRAINT_NAME"]][1] = $row1["TABLE_NAME"]; - $childs[$row1["CONSTRAINT_NAME"]][2][] = $row1["REFERENCED_COLUMN_NAME"]; - $childs[$row1["CONSTRAINT_NAME"]][3][] = $row1["COLUMN_NAME"]; + $childs = array(); + if (mysql_get_server_info() >= 5) { + // would be possible in earlier versions too, but only by examining all tables (in all databases) + $result1 = mysql_query("SELECT * FROM information_schema.KEY_COLUMN_USAGE WHERE REFERENCED_TABLE_SCHEMA = '" . mysql_real_escape_string($_GET["db"]) . "' AND REFERENCED_TABLE_NAME = '" . mysql_real_escape_string($_GET["select"]) . "' ORDER BY ORDINAL_POSITION"); + while ($row1 = mysql_fetch_assoc($result1)) { + $childs[$row1["CONSTRAINT_NAME"]][0] = $row1["TABLE_SCHEMA"]; + $childs[$row1["CONSTRAINT_NAME"]][1] = $row1["TABLE_NAME"]; + $childs[$row1["CONSTRAINT_NAME"]][2][] = $row1["REFERENCED_COLUMN_NAME"]; + $childs[$row1["CONSTRAINT_NAME"]][3][] = $row1["COLUMN_NAME"]; + } + mysql_free_result($result1); } - mysql_free_result($result1); echo "\n"; for ($j=0; $row = mysql_fetch_assoc($result); $j++) { @@ -104,16 +120,19 @@ for (var i=0; > i; i++) { echo "\n"; } echo ""; + $unique_idf = '&' . implode('&', unique_idf($row, $indexes)); foreach ($row as $key => $val) { if (!isset($val)) { $val = "NULL"; + } elseif (preg_match('~blob|binary~', $fields[$key]["type"]) && preg_match('~[\\x80-\\xFF]~', $val)) { + $val = '' . lang('%d byte(s)', strlen($val)) . ''; } else { $val = (strlen(trim($val)) ? nl2br(htmlspecialchars($val)) : " "); foreach ((array) $foreign_keys[$key] as $foreign_key) { if (count($foreign_keys[$key]) == 1 || count($foreign_key[2]) == 1) { $val = '">' . "$val"; foreach ($foreign_key[2] as $i => $source) { - $val = "&where[$i][col]=" . urlencode($foreign_key[3][$i]) . "&where[$i][op]=%3D&where[$i][val]=" . urlencode($row[$source]) . $val; + $val = "&where%5B$i%5D%5Bcol%5D=" . urlencode($foreign_key[3][$i]) . "&where%5B$i%5D%5Bop%5D=%3D&where%5B$i%5D%5Bval%5D=" . urlencode($row[$source]) . $val; } $val = '$val"; } - echo '"; + echo ''; echo "\n"; } echo "
" . implode("", array_map('htmlspecialchars', array_keys($row))) . "" . lang('Action') . "
' . lang('edit') . ''; //! views can be unupdatable + echo '' . lang('edit') . ''; foreach ($childs as $child) { echo ' ' . htmlspecialchars($child[1]) . ''; } - echo "
\n"; diff --git a/sql.inc.php b/sql.inc.php index 1ff69a5a..2fb600fc 100644 --- a/sql.inc.php +++ b/sql.inc.php @@ -1,38 +1,61 @@ " . lang('Error in query') . ": " . htmlspecialchars($error) . "

\n"; - } else { - if (!mysql_num_rows($result)) { - echo "

" . lang('No rows.') . "

\n"; - } else { - echo "\n"; - for ($i=0; $row = mysql_fetch_assoc($result); $i++) { - if (!$i) { - echo "\n"; +if ($_POST && $error) { + echo "

$error

\n"; +} elseif ($_POST && is_string($query = (isset($_POST["query"]) ? $_POST["query"] : get_file("sql_file")))) { + $delimiter = ";"; + $offset = 0; + $empty = true; + while (rtrim($query)) { + if (!$offset && preg_match('~^\\s*DELIMITER\\s+(.+)~i', $query, $match)) { + $delimiter = preg_quote($match[1], '~'); + $query = substr($query, strlen($match[0])); + } elseif (preg_match("~$delimiter|['`\"]|\$~", $query, $match, PREG_OFFSET_CAPTURE, $offset)) { + if ($match[0][0] && $match[0][0] != $delimiter) { + preg_match('~\\G([^\\\\' . $match[0][0] . ']*|\\\\.)+(' . $match[0][0] . '|$)~s', $query, $match, PREG_OFFSET_CAPTURE, $match[0][1] + 1); + $offset = $match[0][1] + strlen($match[0][0]); + } else { + $empty = false; + echo "
" . htmlspecialchars(substr($query, 0, $match[0][1])) . "
\n"; + $result = mysql_query(substr($query, 0, $match[0][1])); + $query = substr($query, $match[0][1] + strlen($match[0][0])); + $offset = 0; + if (!$result) { + echo "

" . lang('Error in query') . ": " . htmlspecialchars(mysql_error()) . "

\n"; + } elseif ($result === true) { + //~ if (token_delete()) { + //~ $token = token(); + //~ } + echo "

" . lang('Query executed OK, %d row(s) affected.', mysql_affected_rows()) . "

\n"; + } else { + select($result); + mysql_free_result($result); } - echo ""; - foreach ($row as $val) { - echo ""; - } - echo "\n"; } - echo "
" . implode("", array_map('htmlspecialchars', array_keys($row))) . "
" . (isset($val) ? nl2br(htmlspecialchars($val)) : "NULL") . "
\n"; } - mysql_free_result($result); } + if ($empty) { + echo "

" . lang('No commands to execute.') . "

\n"; + } +} elseif ($_GET["sql"] == "upload") { + echo "

" . lang('Unable to upload a file.') . "

\n"; } ?> - +

-

+

+ +" . lang('File uploads are disabled.') . "

\n"; +} else { ?> +
+

+: + + +

+
+ diff --git a/table.inc.php b/table.inc.php index 7cfac1a1..b4e04e71 100644 --- a/table.inc.php +++ b/table.inc.php @@ -5,13 +5,21 @@ $result = mysql_query("SHOW COLUMNS FROM " . idf_escape($_GET["table"])); if (!$result) { echo "

" . lang('Unable to show the table definition') . ": " . mysql_error() . ".

\n"; } else { + $auto_increment_only = true; echo "\n"; while ($row = mysql_fetch_assoc($result)) { + if (!$row["auto_increment"]) { + $auto_increment_only = false; + } echo "\n"; } echo "
" . htmlspecialchars($row["Field"]) . "$row[Type]" . ($row["Null"] == "YES" ? " NULL" : "") . "
\n"; mysql_free_result($result); - echo '

' . lang('Alter table') . "

\n"; + + echo "

"; + echo '' . lang('Alter table') . ''; + echo ($auto_increment_only ? '' : ' \n"; echo "

" . lang('Indexes') . "

\n"; $indexes = indexes($_GET["table"]); @@ -30,7 +38,7 @@ if (!$result) { echo "

" . lang('Foreign keys') . "

\n"; echo "\n"; foreach ($foreign_keys as $foreign_key) { - echo "\n"; + echo "\n"; } echo "
" . implode(", ", $foreign_key[2]) . "" . (strlen($foreign_key[0]) && $foreign_key[0] !== $_GET["db"] ? "" . htmlspecialchars($foreign_key[0]) . "." : "") . htmlspecialchars($foreign_key[1]) . "(" . implode(", ", $foreign_key[3]) . ")
" . implode(", ", $foreign_key[2]) . "" . (strlen($foreign_key[0]) && $foreign_key[0] !== $_GET["db"] ? "" . htmlspecialchars($foreign_key[0]) . "." : "") . htmlspecialchars($foreign_key[1]) . "(" . implode(", ", $foreign_key[3]) . ")
\n"; } diff --git a/view.inc.php b/view.inc.php index 3c1cae23..d72359b5 100644 --- a/view.inc.php +++ b/view.inc.php @@ -1,3 +1,3 @@ " . htmlspecialchars(mysql_result(mysql_query("SHOW CREATE VIEW " . idf_escape($_GET["view"])), 0, 1)) . "\n";