$v) { unset($process[$key][$k]); if (is_array($v)) { $process[$key][stripslashes($k)] = $v; $process[] = &$process[$key][stripslashes($k)]; } else { $process[$key][stripslashes($k)] = ($filter ? $v : stripslashes($v)); } } } } } /** Escape or unescape string to use inside form [] * @param string * @param bool * @return string */ function bracket_escape($idf, $back = false) { // escape brackets inside name="x[]" static $trans = array(':' => ':1', ']' => ':2', '[' => ':3'); return strtr($idf, ($back ? array_flip($trans) : $trans)); } /** Escape for HTML * @param string * @return string */ function h($string) { return htmlspecialchars($string, ENT_QUOTES); } /** Escape for TD * @param string * @return string */ function nbsp($string) { return (trim($string) != "" ? h($string) : " "); } /** Convert \n to
* @param string * @return string */ function nl_br($string) { return str_replace("\n", "
", $string); // nl2br() uses XHTML before PHP 5.3 } /** Generate HTML checkbox * @param string * @param string * @param bool * @param string * @param string * @return string */ function checkbox($name, $value, $checked, $label = "", $onclick = "") { static $id = 0; $id++; $return = ""; return ($label != "" ? "$return" . h($label) . "" : $return); } /** Generate list of HTML options * @param array array of strings or arrays (creates optgroup) * @param mixed * @param bool always use array keys for value="", otherwise only string keys are used * @return string */ function optionlist($options, $selected = null, $use_keys = false) { $return = ""; foreach ($options as $k => $v) { if (is_array($v)) { $return .= ''; } foreach ((is_array($v) ? $v : array($k => $v)) as $key => $val) { $return .= '' . h($val); } if (is_array($v)) { $return .= ''; } } return $return; } /** Generate HTML radio list * @param string * @param array * @param string * @param string true for no onchange, false for radio * @return string */ function html_select($name, $options, $value = "", $onchange = true) { if ($onchange) { return ""; } $return = ""; foreach ($options as $key => $val) { $return .= "" . h($val) . ""; } return $return; } /** Get INI boolean value * @param string * @return bool */ function ini_bool($ini) { $val = ini_get($ini); return (eregi('^(on|true|yes)$', $val) || (int) $val); // boolean values set by php_value are strings } function q($string) { global $connection; return $connection->quote($string); } /** Get list of values from database * @param string * @param mixed * @return array */ function get_vals($query, $column = 0) { global $connection; $return = array(); $result = $connection->query($query); if (is_object($result)) { while ($row = $result->fetch_row()) { $return[] = $row[$column]; } } return $return; } /** Get keys from first column and values from second * @param string * @param Min_DB * @return array */ function get_key_vals($query, $connection2 = null) { global $connection; if (!is_object($connection2)) { $connection2 = $connection; } $return = array(); $result = $connection2->query($query); while ($row = $result->fetch_row()) { $return[$row[0]] = $row[1]; } return $return; } /** Get all rows of result * @param string * @return array associative */ function get_rows($query, $connection2 = null, $error = "

") { global $connection; if (!is_object($connection2)) { $connection2 = $connection; } $return = array(); $result = $connection2->query($query); if (is_object($result)) { // can return true while ($row = $result->fetch_assoc()) { $return[] = $row; } } elseif (!$result && $error && (headers_sent() || ob_get_level())) { echo $error . error() . "\n"; } return $return; } /** Find unique identifier of a row * @param array * @param array result of indexes() * @return array */ function unique_array($row, $indexes) { foreach ($indexes as $index) { if (ereg("PRIMARY|UNIQUE", $index["type"])) { $return = array(); foreach ($index["columns"] as $key) { if (!isset($row[$key])) { // NULL is ambiguous continue 2; } $return[$key] = $row[$key]; } return $return; } } $return = array(); foreach ($row as $key => $val) { if (!preg_match('~^(COUNT\$(\\*|(DISTINCT )?`(?:[^`]|``)+`)\$|(AVG|GROUP_CONCAT|MAX|MIN|SUM)\$`(?:[^`]|``)+`\$)$~', $key)) { //! columns looking like functions $return[$key] = $val; } } return $return; } /** Create SQL condition from parsed query string * @param array parsed query string * @return string */ function where($where) { global $jush; $return = array(); foreach ((array) $where["where"] as $key => $val) { $return[] = idf_escape(bracket_escape($key, 1)) // 1 - back . (ereg('\\.', $val) || $jush == "mssql" ? " LIKE " . exact_value(addcslashes($val, "%_")) : " = " . exact_value($val)) // LIKE because of floats, but slow with ints, in MS SQL because of text ; //! enum and set } foreach ((array) $where["null"] as $key) { $return[] = idf_escape($key) . " IS NULL"; } return implode(" AND ", $return); } /** Create SQL condition from query string * @param string * @return string */ function where_check($val) { parse_str($val, $check); remove_slashes(array(&$check)); return where($check); } /** Create query string where condition from value * @param int condition order * @param string column identifier * @param string * @return string * @return string */ function where_link($i, $column, $value, $operator = "=") { return "&where%5B$i%5D%5Bcol%5D=" . urlencode($column) . "&where%5B$i%5D%5Bop%5D=" . urlencode($operator) . "&where%5B$i%5D%5Bval%5D=" . urlencode($value); } /** Set cookie valid for 1 month * @param string * @param string * @return bool */ function cookie($name, $value) { global $HTTPS; $params = array( $name, (ereg("\n", $value) ? "" : $value), // HTTP Response Splitting protection in PHP < 5.1.2 time() + 2592000, // 2592000 - 30 days preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]), "", $HTTPS ); if (version_compare(PHP_VERSION, '5.2.0') >= 0) { $params[] = true; // HttpOnly } return call_user_func_array('setcookie', $params); } /** Restart stopped session * @return null */ function restart_session() { if (!ini_bool("session.use_cookies")) { session_start(); } } /** Get session variable for current server * @param string * @return mixed */ function &get_session($key) { return $_SESSION[$key][DRIVER][SERVER][$_GET["username"]]; } /** Set session variable for current server * @param string * @param mixed * @return mixed */ function set_session($key, $val) { $_SESSION[$key][DRIVER][SERVER][$_GET["username"]] = $val; // used also in auth.inc.php } /** Get authenticated URL * @param string * @param string * @param string * @return string */ function auth_url($driver, $server, $username) { global $drivers; preg_match('~([^?]*)\\??(.*)~', remove_from_uri(implode("|", array_keys($drivers)) . "|username|" . session_name()), $match); return "$match[1]?" . (SID && !$_COOKIE ? SID . "&" : "") . ($driver != "server" || $server != "" ? urlencode($driver) . "=" . urlencode($server) . "&" : "") . "username=" . urlencode($username) . ($match[2] ? "&$match[2]" : "") ; } /** Send Location header and exit * @param string null to only set a message * @param string * @return null */ function redirect($location, $message = null) { if (isset($message)) { restart_session(); $_SESSION["messages"][] = $message; } if (isset($location)) { header("Location: " . ($location != "" ? $location : ".")); exit; } } /** Execute query and redirect if successful * @param string * @param string * @param string * @param bool * @param bool * @param bool * @return bool */ function query_redirect($query, $location, $message, $redirect = true, $execute = true, $failed = false) { global $connection, $error, $adminer; if ($execute) { $failed = !$connection->query($query); } $sql = ""; if ($query) { $sql = $adminer->messageQuery($query); } if ($failed) { $error = error() . $sql; return false; } if ($redirect) { redirect($location, $message . $sql); } return true; } /** Execute and remember query * @param string null to return remembered queries * @return Min_Result */ function queries($query = null) { global $connection; static $queries = array(); if (!isset($query)) { // return executed queries without parameter return implode(";\n", $queries); } $queries[] = $query; return $connection->query($query); } /** Apply command to all array items * @param string * @param array * @param callback * @return bool */ function apply_queries($query, $tables, $escape = 'table') { foreach ($tables as $table) { if (!queries("$query " . $escape($table))) { return false; } } return true; } /** Redirect by remembered queries * @param string * @param string * @param bool * @return bool */ function queries_redirect($location, $message, $redirect) { return query_redirect(queries(), $location, $message, $redirect, false, !$redirect); } /** Remove parameter from query string * @param string * @return string */ function remove_from_uri($param = "") { return substr(preg_replace("~(?<=[?&])($param" . (SID ? "" : "|" . session_name()) . ")=[^&]*&~", '', "$_SERVER[REQUEST_URI]&"), 0, -1); } /** Generate page number for pagination * @param int * @return string */ function pagination($page, $current) { return " " . ($page == $current ? $page + 1 : '' . ($page + 1) . ""); } /** Get file contents from $_FILES * @param string * @param bool * @return mixed int for error, string otherwise */ function get_file($key, $decompress = false) { $file = $_FILES[$key]; if (!$file || $file["error"]) { return $file["error"]; } return file_get_contents($decompress && ereg('\\.gz$', $file["name"]) ? "compress.zlib://$file[tmp_name]" : ($decompress && ereg('\\.bz2$', $file["name"]) ? "compress.bzip2://$file[tmp_name]" : $file["tmp_name"] )); //! may not be reachable because of open_basedir } /** Determine upload error * @param int * @return string */ function upload_error($error) { $max_size = ($error == UPLOAD_ERR_INI_SIZE ? ini_get("upload_max_filesize") : null); // post_max_size is checked in index.php return ($error ? lang('Unable to upload a file.') . ($max_size ? " " . lang('Maximum allowed file size is %sB.', $max_size) : "") : lang('File does not exist.')); } /** Generate class for odd rows * @param string return this for odd rows, empty to reset counter * @return string */ function odd($return = ' class="odd"') { static $i = 0; if (!$return) { // reset counter $i = -1; } return ($i++ % 2 ? $return : ''); } /** Check whether the string is in UTF-8 * @param string * @return bool */ function is_utf8($val) { // don't print control chars except \t\r\n return (preg_match('~~u', $val) && !preg_match('~[\\0-\\x8\\xB\\xC\\xE-\\x1F]~', $val)); } /** Shorten UTF-8 string * @param string * @param int * @param string * @return string escaped string with appended ... */ function shorten_utf8($string, $length = 80, $suffix = "") { if (!preg_match("(^([\t\r\n -\x{FFFF}]{0,$length})($)?)u", $string, $match)) { // ~s causes trash in $match[2] under some PHP versions, (.|\n) is slow preg_match("(^([\t\r\n -~]{0,$length})($)?)", $string, $match); } return h($match[1]) . $suffix . (isset($match[2]) ? "" : "..."); } /** Generate friendly URL * @param string * @return string */ function friendly_url($val) { // used for blobs and export return preg_replace('~[^a-z0-9_]~i', '-', $val); } /** Print hidden fields * @param array * @param array * @return null */ function hidden_fields($process, $ignore = array()) { while (list($key, $val) = each($process)) { if (is_array($val)) { foreach ($val as $k => $v) { $process[$key . "[$k]"] = $v; } } elseif (!in_array($key, $ignore)) { echo ''; } } } /** Print hidden fields for GET forms * @return null */ function hidden_fields_get() { echo (SID && !$_COOKIE ? '' : ''); echo (SERVER !== null ? '' : ""); echo ''; } /** Find out foreign keys for each column * @param string * @return array array($col => array()) */ function column_foreign_keys($table) { $return = array(); foreach (foreign_keys($table) as $foreign_key) { foreach ($foreign_key["source"] as $val) { $return[$val][] = $foreign_key; } } return $return; } /** Print enum input field * @param string "radio"|"checkbox" * @param string * @param array * @param mixed int|string|array * @return null */ function enum_input($type, $attrs, $field, $value) { preg_match_all("~'((?:[^']|'')*)'~", $field["length"], $matches); foreach ($matches[1] as $i => $val) { $val = stripcslashes(str_replace("''", "'", $val)); $checked = (is_int($value) ? $value == $i+1 : (is_array($value) ? in_array($i+1, $value) : $value === $val)); echo " ' . h($val) . ''; } } /** Print edit input field * @param array one field from fields() * @param mixed * @param string * @return null */ function input($field, $value, $function) { global $types, $adminer, $jush; $name = h(bracket_escape($field["field"])); echo ""; $functions = (isset($_GET["select"]) ? array("orig" => lang('original')) : array()) + $adminer->editFunctions($field); $attrs = " name='fields[$name]'"; if ($field["type"] == "enum") { echo nbsp($functions[""]) . "" . ($functions["orig"] ? "$functions[orig] " : ""); echo $adminer->editInput($_GET["edit"], $field, $attrs, $value); enum_input("radio", $attrs, $field, $value); } else { $first = 0; foreach ($functions as $key => $val) { if ($key === "" || !$val) { break; } $first++; } $onchange = ($first ? " onchange=\"var f = this.form['function[" . addcslashes($name, "\r\n'\\") . "]']; if ($first > f.selectedIndex) f.selectedIndex = $first;\"" : ""); $attrs .= $onchange; echo (count($functions) > 1 ? html_select("function[$name]", $functions, !isset($function) || in_array($function, $functions) || isset($functions[$function]) ? $function : "") : nbsp(reset($functions))) . ''; $input = $adminer->editInput($_GET["edit"], $field, $attrs, $value); // usage in call is without a table if ($input != "") { echo $input; } elseif ($field["type"] == "set") { //! 64 bits preg_match_all("~'((?:[^']|'')*)'~", $field["length"], $matches); foreach ($matches[1] as $i => $val) { $val = stripcslashes(str_replace("''", "'", $val)); $checked = (is_int($value) ? ($value >> $i) & 1 : in_array($val, explode(",", $value), true)); echo " " . h($val) . ''; } } elseif (ereg('blob|bytea|raw|file', $field["type"]) && ini_bool("file_uploads")) { echo ""; } elseif (ereg('text|lob', $field["type"])) { echo "" . h($value) . ''; // 1.2em - line-height } else { // int(3) is only a display hint $maxlength = (!ereg('int', $field["type"]) && preg_match('~^([0-9]+)(,([0-9]+))?$~', $field["length"], $match) ? ((ereg("binary", $field["type"]) ? 2 : 1) * $match[1] + ($match[3] ? 1 : 0) + ($match[2] && !$field["unsigned"] ? 1 : 0)) : ($types[$field["type"]] ? $types[$field["type"]] + ($field["unsigned"] ? 0 : 1) : 0)); echo " 20 ? " size='40'" : "") . "$attrs>"; } } } /** Process edit input field * @param one field from fields() * @return string */ function process_input($field) { global $adminer; $idf = bracket_escape($field["field"]); $function = $_POST["function"][$idf]; $value = $_POST["fields"][$idf]; if ($field["type"] == "enum") { if ($value == -1) { return false; } if ($value == "") { return "NULL"; } return intval($value); } if ($field["auto_increment"] && $value == "") { return null; } if ($function == "orig") { return false; } if ($function == "NULL") { return "NULL"; } if ($field["type"] == "set") { return array_sum((array) $value); } if (ereg('blob|bytea|raw|file', $field["type"]) && ini_bool("file_uploads")) { $file = get_file("fields-$idf"); if (!is_string($file)) { return false; //! report errors } return q($file); } return $adminer->processInput($field, $value, $function); } /** Print results of search in all tables * @uses $_GET["where"][0] * @uses $_POST["tables"] * @return null */ function search_tables() { global $adminer, $connection; $_GET["where"][0]["op"] = "LIKE %%"; $_GET["where"][0]["val"] = $_POST["query"]; $found = false; foreach (table_status() as $table => $table_status) { $name = $adminer->tableName($table_status); if (isset($table_status["Engine"]) && $name != "" && (!$_POST["tables"] || in_array($table, $_POST["tables"]))) { $result = $connection->query("SELECT" . limit("1 FROM " . table($table), " WHERE " . implode(" AND ", $adminer->selectSearchProcess(fields($table), array())), 1)); if ($result->fetch_row()) { if (!$found) { echo "

" . h($name) . "\n"; } } } echo ($found ? "

" : "

" . lang('No tables.')) . "\n"; } /** Print CSV row * @param array * @return null */ function dump_csv($row) { foreach ($row as $key => $val) { if (preg_match("~[\"\n,;]~", $val) || $val === "") { $row[$key] = '"' . str_replace('"', '""', $val) . '"'; } } echo implode(($_POST["format"] == "csv" ? "," : ";"), $row) . "\n"; } /** Apply SQL function * @param string * @param string escaped column identifier * @return string */ function apply_sql_function($function, $column) { return ($function ? ($function == "unixepoch" ? "DATETIME($column, '$function')" : ($function == "count distinct" ? "COUNT(DISTINCT " : strtoupper("$function(")) . "$column)") : $column); } /** Read password from file adminer.key in temporary directory or create one * @return string or false if the file can not be created */ function password_file() { $dir = ini_get("upload_tmp_dir"); // session_save_path() may contain other storage path if (!$dir) { if (function_exists('sys_get_temp_dir')) { $dir = sys_get_temp_dir(); } else { $filename = @tempnam("", ""); // @ - temp directory can be disabled by open_basedir if (!$filename) { return false; } $dir = dirname($filename); unlink($filename); } } $filename = "$dir/adminer.key"; $return = @file_get_contents($filename); // @ - can not exist if ($return) { return $return; } $fp = @fopen($filename, "w"); // @ - can have insufficient rights //! is not atomic if ($fp) { $return = md5(uniqid(mt_rand(), true)); fwrite($fp, $return); fclose($fp); } return $return; } /** Check whether the string is e-mail address * @param string * @return bool */ function is_mail($email) { $atom = '[-a-z0-9!#$%&\'*+/=?^_`{|}~]'; // characters of local-name $domain = '[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])'; // one domain component $pattern = "$atom+(\\.$atom+)*@($domain?\\.)+$domain"; return preg_match("(^$pattern(,\\s*$pattern)*\$)i", $email); } /** Check whether the string is URL address * @param string * @return string "http", "https" or "" */ function is_url($string) { $domain = '[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])'; // one domain component //! IDN return (preg_match("~^(https?)://($domain?\\.)+$domain(:[0-9]+)?(/.*)?(\\?.*)?(#.*)?\$~i", $string, $match) ? strtolower($match[1]) : ""); //! restrict path, query and fragment characters } /** Print header for hidden fieldset (close by ) * @param string * @param string * @param bool * @return null */ function print_fieldset($id, $legend, $visible = false) { echo "

$legend