<?php

// Pandora FMS - https://pandorafms.com
// ==================================================
// Copyright (c) 2005-2023 Pandora FMS
// Please see https://pandorafms.com/community/ for full contribution list
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; version 2
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
use PandoraFMS\Enterprise\Metaconsole\Node;


function dbmanager_query($sql, &$error, $dbconnection)
{
    global $config;

    $retval = [];

    if ($sql == '') {
        return false;
    }

    $sql = html_entity_decode($sql, ENT_QUOTES);

    // Extract the text in quotes to add html entities before query db.
    $patttern = '/(?:"|\')+([^"\']*)(?:"|\')+/m';
    $sql = preg_replace_callback(
        $patttern,
        function ($matches) {
            return '"'.io_safe_input($matches[1]).'"';
        },
        $sql
    );

    if ($config['mysqli']) {
        $result = mysqli_query($dbconnection, $sql);
        if ($result === false) {
            $backtrace = debug_backtrace();
            $error = mysqli_error($dbconnection);
            return false;
        }
    }

    if ($result === true) {
        if ($config['mysqli']) {
            return mysqli_affected_rows($dbconnection);
        }
    }

    if ($config['mysqli']) {
        while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
            array_push($retval, $row);
        }
    }

    if ($config['mysqli']) {
        mysqli_free_result($result);
    }

    if (! empty($retval)) {
        return $retval;
    }

    // Return false, check with === or !== .
    return 'Empty';
}


function dbmgr_extension_main()
{
    ui_require_css_file('dbmanager', 'extensions/dbmanager/');

    global $config;

    if (!is_user_admin($config['id_user'])) {
        db_pandora_audit(
            AUDIT_LOG_ACL_VIOLATION,
            'Trying to access Setup Management'
        );
        include 'general/noaccess.php';
        return;
    }

    $sql = (string) get_parameter('sql');
    $node_id = (int) get_parameter('node_id', -1);

    // Header.
    ui_print_standard_header(
        __('Database interface'),
        'images/gm_db.png',
        false,
        '',
        true,
        [],
        [
            [
                'link'  => '',
                'label' => __('Extensions'),
            ],
        ]
    );

    if (is_metaconsole() === true) {
        $img = '../../images/warning_modern.png';
    } else {
        $img = 'images/warning_modern.png';
    }

    $msg = '<div id="err_msg_centralised">'.html_print_image(
        $img,
        true
    );
    $msg .= '<div>'.__(
        'Warning, you are accessing the database directly. You can leave the system inoperative if you run an inappropriate SQL statement'
    ).'</div></div>';

    $warning_message = '<script type="text/javascript">
        $(document).ready(function () {
            infoMessage({
                title: \''.__('Warning').'\',
                text: \''.$msg.'\'    ,
                simple: true,
            })
        })
    </script>';

    if (empty($sql) === true) {
        echo $warning_message;
    }

    ui_print_warning_message(
        __(
            "This is an advanced extension to interface with %s database directly from WEB console
            using native SQL sentences. Please note that <b>you can damage</b> your %s installation
            if you don't know </b>exactly</b> what you are doing,
            this means that you can severily damage your setup using this extension.
            This extension is intended to be used <b>only by experienced users</b>
            with a depth knowledge of %s internals.",
            get_product_name(),
            get_product_name(),
            get_product_name()
        )
    );

    echo "<form method='post' action=''>";

    $table = new stdClass();
    $table->id = 'db_interface';
    $table->class = 'databox no_border filter-table-adv';
    $table->width = '100%';
    $table->data = [];
    $table->colspan = [];
    $table->style[0] = 'width: 30%;';
    $table->style[1] = 'width: 70%;';

    $table->colspan[1][0] = 2;

    $data[0][0] = "<b>Some samples of usage:</b> <blockquote><em>SHOW STATUS;<br />DESCRIBE tagente<br />SELECT * FROM tserver<br />UPDATE tagente SET id_grupo = 15 WHERE nombre LIKE '%194.179%'</em></blockquote>";
    $data[0][0] = html_print_label_input_block(
        __('Some samples of usage:'),
        "<blockquote><em>SHOW STATUS;<br />DESCRIBE tagente<br />SELECT * FROM tserver<br />UPDATE tagente SET id_grupo = 15 WHERE nombre LIKE '%194.179%'</em></blockquote>"
    );

    if (is_metaconsole() === true) {
        // Get the servers.
        \enterprise_include_once('include/functions_metaconsole.php');
        $servers = \metaconsole_get_servers();
        if (is_array($servers) === true) {
            $servers = array_reduce(
                $servers,
                function ($carry, $item) {
                    $carry[$item['id']] = $item['server_name'];
                    return $carry;
                }
            );
        } else {
            $servers = [];
        }

        $data[0][1] = html_print_label_input_block(
            __('Select query target'),
            html_print_select(
                $servers,
                'node_id',
                $node_id,
                '',
                __('This metaconsole'),
                -1,
                true,
                false,
                false,
                'w40p',
                false,
                'width: 40%;'
            )
        );
    }

    $data[1][0] = html_print_textarea(
        'sql',
        3,
        50,
        html_entity_decode($sql, ENT_QUOTES),
        'placeholder="'.__('Type your query here...').'"',
        true,
        'w100p'
    );

    $execute_button = html_print_submit_button(
        __('Execute SQL'),
        '',
        false,
        [ 'icon' => 'cog' ],
        true
    );

    $table->data = $data;
    // html_print_table($table);
    html_print_action_buttons($execute_button);
    ui_toggle(
        html_print_table($table, true),
        '<span class="subsection_header_title">'.__('SQL query').'</span>',
        __('SQL query'),
        'query',
        false,
        false,
        '',
        'white-box-content no_border',
        'box-flat white_table_graph fixed_filter_bar'
    );
    echo '</form>';

    // Processing SQL Code.
    if ($sql == '') {
        return;
    }

    try {
        if (\is_metaconsole() === true && $node_id !== -1) {
            $node = new Node($node_id);
                $dbconnection = @get_dbconnection(
                    [
                        'dbhost' => $node->dbhost(),
                        'dbport' => $node->dbport(),
                        'dbname' => $node->dbname(),
                        'dbuser' => $node->dbuser(),
                        'dbpass' => io_output_password($node->dbpass()),
                    ]
                );
                $error = '';
                $result = dbmanager_query($sql, $error, $dbconnection);
        } else {
            $dbconnection = $config['dbconnection'];
            $error = '';
            $result = dbmanager_query($sql, $error, $dbconnection);
        }
    } catch (\Exception $e) {
        $error = __('Error querying database node');
        $result = false;
    }

    if ($result === false) {
        echo '<strong>An error has occured when querying the database.</strong><br />';
        echo $error;

        db_pandora_audit(
            AUDIT_LOG_SYSTEM,
            'DB Interface Extension. Error in SQL',
            false,
            false,
            $sql
        );

        return;
    }

    if (is_array($result) === false) {
        echo '<strong>Output: <strong>'.$result;

        db_pandora_audit(
            AUDIT_LOG_SYSTEM,
            'DB Interface Extension. SQL',
            false,
            false,
            $sql
        );

        return;
    }

    echo "<div class='overflow'>";
    $table = new stdClass();
    $table->width = '100%';
    $table->class = 'info_table';
    $table->head = array_keys($result[0]);

    $table->data = $result;

    html_print_table($table);
    echo '</div>';

}


if (is_metaconsole() === true) {
    // This adds a option in the operation menu.
    extensions_add_meta_menu_option(
        __('DB interface'),
        'PM',
        'gextensions',
        'database.png',
        'v1r1'
    );

    extensions_add_meta_function('dbmgr_extension_main');
}

// This adds a option in the operation menu.
extensions_add_godmode_menu_option(__('DB interface'), 'PM', 'gextensions', 'dbmanager/icon.png', 'v1r1', 'gdbman');

// This sets the function to be called when the extension is selected in the operation menu.
extensions_add_godmode_function('dbmgr_extension_main');