" action= >" >
" action= >" >
     
> " onclick="checkFormElementInRange( this.form, 'pos', 0, )" >
" action= >" >
"; } function mysql_die($error = "") { global $strError,$strSQLQuery, $strMySQLSaid, $strBack, $sql_query; echo " $strError

"; if(isset($sql_query) && !empty($sql_query)) { echo "$strSQLQuery:

$sql_query

"; } if(empty($error)) echo $strMySQLSaid.mysql_error(); else echo $strMySQLSaid.$error; echo "
$strBack"; include("footer.inc.html"); exit; } function auth() { global $cfgServer; #$PHP_AUTH_USER = ""; No need to do this since err 401 allready clears that var Header("status: 401 Unauthorized"); Header("HTTP/1.0 401 Unauthorized"); Header("WWW-authenticate: basic realm=\"phpMySQLAdmin on " . $cfgServer['host'] . "\""); echo "" . $GLOBALS["strAccessDenied"] . "\n"; echo "

" . $GLOBALS["strWrongUser"] . "

\n"; echo "
"; exit; } // Use mysql_connect() or mysql_pconnect()? $connect_func = ($cfgPersistentConnections) ? "mysql_pconnect" : "mysql_connect"; $dblist = array(); reset($cfgServers); while(list($key, $val) = each($cfgServers)) { // Don't use servers with no hostname if (empty($val['host'])) unset($cfgServers[$key]); } if(empty($server) || !isset($cfgServers[$server]) || !is_array($cfgServers[$server])) $server = $cfgServerDefault; if($server == 0) { // If no server is selected, make sure that $cfgServer is empty // (so that nothing will work), and skip server authentication. // We do NOT exit here, but continue on without logging into // any server. This way, the welcome page will still come up // (with no server info) and present a choice of servers in the // case that there are multiple servers and '$cfgServerDefault = 0' // is set. $cfgServer = array(); } else { // Otherwise, set up $cfgServer and do the usual login stuff. $cfgServer = $cfgServers[$server]; if(isset($cfgServer['only_db']) && !empty($cfgServer['only_db'])) $dblist[] = $cfgServer['only_db']; if($cfgServer['adv_auth']) { if (empty($PHP_AUTH_USER) && isset($REMOTE_USER)) $PHP_AUTH_USER=$REMOTE_USER; if(empty($PHP_AUTH_PW) && isset($REMOTE_PASSWORD)) $PHP_AUTH_PW=$REMOTE_PASSWORD; if(!isset($old_usr)) { if(empty($PHP_AUTH_USER)) { $AUTH=TRUE; } else { $AUTH=FALSE; } } else { if($old_usr==$PHP_AUTH_USER) { $AUTH=TRUE; unset($old_usr); } else { $AUTH=FALSE; } } if($AUTH) { auth(); } else { if(empty($cfgServer['port'])) $dbh = $connect_func($cfgServer['host'],$cfgServer['stduser'],$cfgServer['stdpass']) or mysql_die(); else $dbh = $connect_func($cfgServer['host'].":".$cfgServer['port'],$cfgServer['stduser'],$cfgServer['stdpass']) or mysql_die(); $PHP_AUTH_USER = addslashes($PHP_AUTH_USER); $PHP_AUTH_PW = addslashes($PHP_AUTH_PW); $rs = mysql_db_query("mysql", "SELECT User, Password, Select_priv FROM user where User = '$PHP_AUTH_USER' AND Password = PASSWORD('$PHP_AUTH_PW')", $dbh) or mysql_die(); if(@mysql_numrows($rs) <= 0) { auth(); } else { $row = mysql_fetch_array($rs); if ($row["Select_priv"] != "Y") { //correction uva 19991215 --------------------------- //previous code assumed database "mysql" admin table "db" column "db" contains //literal name of user database, and works if so. mysql usage generally (and //uva usage specifically) allows this column to contain regular expressions. //(we have all databases owned by a given student/faculty/staff beginning with //user i.d. and governed by default by a single set of privileges with regular //expression as key. this breaks previous code. this maintenance is to fix code //to work correctly for regular expressions. //begin correction uva 19991215 pt. 1 --------------------------- //add "DISTINCT" to next line: need single row only $rs = mysql_db_query("mysql", "SELECT DISTINCT Db FROM db WHERE Select_priv = 'Y' AND User = '$PHP_AUTH_USER'") or mysql_die(); //end correction uva 19991215 pt. 1 ----------------------------- if (@mysql_numrows($rs) <= 0) { $rs = mysql_db_query("mysql", "SELECT Db FROM tables_priv WHERE Table_priv like '%Select%' AND User = '$PHP_AUTH_USER'") or mysql_die(); if (@mysql_numrows($rs) <= 0) { auth(); } else { while ($row = mysql_fetch_array($rs)) $dblist[] = $row["Db"]; } } else { //begin correction uva 19991215 pt. 2 --------------------------- //see pt. 1, above, for description of change $uva_mydbs = array(); // will use as associative array //of the following 2 code lines, // the 1st is the only line intact from before correction, pt. 2 // the 2nd replaces $dblist[] = $row["Db"]; //code following those 2 lines in correction, pt. 2, continues //populating $dblist[], as previous code did. but it is now populated with //actual database names instead of with regular expressions. while($row = mysql_fetch_array($rs)) $uva_mydbs[ $row["Db"] ] = 1; $uva_alldbs = mysql_list_dbs(); while($uva_row = mysql_fetch_array($uva_alldbs)) { $uva_db = $uva_row[0]; if (isset($uva_mydbs[$uva_db]) && 1 == $uva_mydbs[$uva_db]) { $dblist[] = $uva_db; $uva_mydbs[$uva_db] = 0; } else { reset($uva_mydbs); while (list($uva_matchpattern,$uva_value) = each($uva_mydbs)) { $uva_regex = ereg_replace("%",".+",$uva_matchpattern); if(ereg($uva_regex,$uva_db)) { $dblist[] = $uva_db; break; } } } } //end correction uva 19991215 pt. 2 ----------------------------- } } } } $cfgServer['user']=$PHP_AUTH_USER; $cfgServer['password']=$PHP_AUTH_PW; } if (empty($cfgServer['port'])) $link = $connect_func($cfgServer['host'], $cfgServer['user'], $cfgServer['password']) or mysql_die(); else $link = $connect_func($cfgServer['host'].":".$cfgServer['port'], $cfgServer['user'], $cfgServer['password']) or mysql_die(); $result = mysql_query("SELECT VERSION() AS version") or mysql_die(); $row = mysql_fetch_array($result); define("MYSQL_MAJOR_VERSION", substr($row["version"], 0, 4)); } // ----------------------------------------------------------------- function display_table ($dt_result) { global $cfgBorder, $cfgBgcolorOne, $cfgBgcolorTwo, $cfgMaxRows, $pos, $server, $db, $table, $sql_query, $sql_order, $cfgOrder, $cfgShowBlob, $goto; global $strShowingRecords,$strSelectNumRows,$SelectNumRows,$strTotal,$strEdit,$strPrevious,$strNext,$strDelete,$strDeleted,$strPos1,$strEnd; global $sessionMaxRows, $strGo, $strShow, $strRowsFrom; $cfgMaxRows = isset($sessionMaxRows) ? $sessionMaxRows : $cfgMaxRows; $sessionMaxRows = isset($sessionMaxRows) ? $sessionMaxRows : $cfgMaxRows; load_javascript(); $primary = false; if(!empty($table) && !empty($db)) { $result = mysql_db_query($db, "SELECT COUNT(*) as total FROM $table") or mysql_die(); $row = mysql_fetch_array($result); $total = $row["total"]; } if(!isset($pos)) $pos = 0; $pos_next = $pos + $cfgMaxRows; $pos_prev = $pos - $cfgMaxRows; if(isset($total) && $total>1) { if(isset($SelectNumRows) && $SelectNumRows!=$total) $selectstring = ", $SelectNumRows $strSelectNumRows"; else $selectstring = ""; $se = isset($se) ? $se : ""; $lastShownRec = $pos_next - 1; show_message("$strShowingRecords $pos - $lastShownRec ($se$total $strTotal$selectstring)"); } else { show_message($GLOBALS["strSQLQuery"]); } ?> table; mysql_field_seek($dt_result, 0); show_table_navigation($pos_next, $pos_prev, $dt_result); ?> 1) { $sort_order=urlencode(" order by $field->name $cfgOrder"); echo "\n"; } else { echo ""; } $table = $field->table; } echo "\n"; $foo = 0; while($row = mysql_fetch_row($dt_result)) { $primary_key = ""; //begin correction uva 19991216 --------------------------- //previous code assumed that all tables have keys, specifically //that only the phpMyAdmin GUI should support row delete/edit //only for such tables. although always using keys is arguably //the prescribed way of defining a relational table, it is not //required. this will in particular be violated by the novice. we //want to encourage phpMyAdmin usage by such novices. so the code //below has been changed to conditionally work as before when the //table being displayed has one or more keys; but to display delete/edit //options correctly for tables without keys. //begin correction uva 19991216 pt. 1 --------------------------- $uva_nonprimary_condition = ""; //end correction uva 19991216 pt. 1 ----------------------------- $bgcolor = $cfgBgcolorOne; $foo % 2 ? 0: $bgcolor = $cfgBgcolorTwo; echo ""; for($i=0; $inumeric == 1) { echo "\n"; if($sql_query == "SHOW PROCESSLIST") $Id = $row[$i]; } elseif($cfgShowBlob == false && eregi("BLOB", $primary->type)) { echo "\n"; } else { echo "\n"; } if($primary->primary_key > 0) $primary_key .= " $primary->name = '".addslashes($row[$i])."' AND"; //begin correction uva 19991216 pt. 2 --------------------------- //see pt. 1, above, for description of change $uva_nonprimary_condition .= " $primary->name = '".addslashes($row[$i])."' AND"; //end correction uva 19991216 pt. 2 ----------------------------- } //begin correction uva 19991216 pt. 3 --------------------------- //see pt. 1, above, for description of change //prefer primary keys for condition, but use conjunction of all values if no primary key if($primary_key) //use differently and include else $uva_condition = $primary_key; else $uva_condition = $uva_nonprimary_condition; // { code no longer conditional on $primary_key // $primary_key replaced with $uva_condition below $uva_condition = urlencode(ereg_replace("AND$", "", $uva_condition)); $query = "server=$server&db=$db&table=$table&pos=$pos"; $goto = (isset($goto) && !empty($goto) && empty($GLOBALS["QUERY_STRING"])) ? $goto : "sql.html"; echo ""; echo ""; // } code no longer condition on $primary_key //end correction uva 19991216 pt. 3 ----------------------------- if($sql_query == "SHOW PROCESSLIST") echo "\n"; echo "\n"; $foo++; } echo "
"; if(!eregi("SHOW VARIABLES|SHOW PROCESSLIST|SHOW STATUS", $sql_query)) echo ""; echo $field->name; if(!eregi("SHOW VARIABLES|SHOW PROCESSLIST|SHOW STATUS", $sql_query)) echo ""; echo "$field->name
 $row[$i]  [BLOB]  ".htmlspecialchars($row[$i])." ".$strEdit."".$strDelete."KILL
\n"; show_table_navigation($pos_next, $pos_prev, $dt_result); }//display_table // Return $table's CREATE definition // Returns a string containing the CREATE statement on success function get_table_def($db, $table, $crlf) { global $drop; $schema_create = ""; if(!empty($drop)) $schema_create .= "DROP TABLE IF EXISTS $table;$crlf"; $schema_create .= "CREATE TABLE $table ($crlf"; $result = mysql_db_query($db, "SHOW FIELDS FROM $table") or mysql_die(); while($row = mysql_fetch_array($result)) { $schema_create .= " $row[Field] $row[Type]"; if(isset($row["Default"]) && (!empty($row["Default"]) || $row["Default"] == "0")) $schema_create .= " DEFAULT '$row[Default]'"; if($row["Null"] != "YES") $schema_create .= " NOT NULL"; if($row["Extra"] != "") $schema_create .= " $row[Extra]"; $schema_create .= ",$crlf"; } $schema_create = ereg_replace(",".$crlf."$", "", $schema_create); $result = mysql_db_query($db, "SHOW KEYS FROM $table") or mysql_die(); while($row = mysql_fetch_array($result)) { $kname=$row['Key_name']; if(($kname != "PRIMARY") && ($row['Non_unique'] == 0)) $kname="UNIQUE|$kname"; if(!isset($index[$kname])) $index[$kname] = array(); $index[$kname][] = $row['Column_name']; } while(list($x, $columns) = @each($index)) { $schema_create .= ",$crlf"; if($x == "PRIMARY") $schema_create .= " PRIMARY KEY (" . implode($columns, ", ") . ")"; elseif (substr($x,0,6) == "UNIQUE") $schema_create .= " UNIQUE ".substr($x,7)." (" . implode($columns, ", ") . ")"; else $schema_create .= " KEY $x (" . implode($columns, ", ") . ")"; } $schema_create .= "$crlf)"; return (stripslashes($schema_create)); } // Get the content of $table as a series of INSERT statements. // After every row, a custom callback function $handler gets called. // $handler must accept one parameter ($sql_insert); function get_table_content($db, $table, $handler) { $result = mysql_db_query($db, "SELECT * FROM $table") or mysql_die(); $i = 0; while($row = mysql_fetch_row($result)) { set_time_limit(60); // HaRa $table_list = "("; for($j=0; $j$strDocu]"); } function show_message($message) { if(!empty($GLOBALS['reload']) && ($GLOBALS['reload'] == "true")) { // Reload the navigation frame via JavaScript ?>

", nl2br($GLOBALS['sql_query']); if (isset($GLOBALS["sql_order"])) echo " $GLOBALS[sql_order]"; if (isset($GLOBALS["pos"])) echo " LIMIT $GLOBALS[pos], $GLOBALS[cfgMaxRows]";?>