<?php // Pandora FMS - http://pandorafms.com // ================================================== // Copyright (c) 2005-2011 Artica Soluciones Tecnologicas // Please see http://pandorafms.org for full contribution list // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License // as published by the Free Software Foundation; version 2 // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. function dbmanager_query($sql, &$error, $dbconnection) { global $config; $retval = []; if ($sql == '') { return false; } $sql = html_entity_decode($sql, ENT_QUOTES); // Extract the text in quotes to add html entities before query db. $patttern = '/(?:"|\')+([^"\']*)(?:"|\')+/m'; $sql = preg_replace_callback( $patttern, function ($matches) { return '"'.io_safe_input($matches[1]).'"'; }, $sql ); if ($config['mysqli']) { $result = mysqli_query($dbconnection, $sql); if ($result === false) { $backtrace = debug_backtrace(); $error = mysqli_error($dbconnection); return false; } } else { $result = mysql_query($sql, $dbconnection); if ($result === false) { $backtrace = debug_backtrace(); $error = mysql_error(); return false; } } if ($result === true) { if ($config['mysqli']) { return mysqli_affected_rows($dbconnection); } else { return mysql_affected_rows(); } } if ($config['mysqli']) { while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { array_push($retval, $row); } } else { while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { array_push($retval, $row); } } if ($config['mysqli']) { mysqli_free_result($result); } else { mysql_free_result($result); } if (! empty($retval)) { return $retval; } // Return false, check with === or !== return 'Empty'; } function dbmgr_extension_main() { ui_require_css_file('dbmanager', 'extensions/dbmanager/'); global $config; if (!is_user_admin($config['id_user'])) { db_pandora_audit('ACL Violation', 'Trying to access Setup Management'); include 'general/noaccess.php'; return; } $sql = (string) get_parameter('sql'); ui_print_page_header(__('Database interface'), 'images/gm_db.png', false, false, true); echo '<div class="notify">'; echo __( "This is an advanced extension to interface with %s database directly from WEB console using native SQL sentences. Please note that <b>you can damage</b> your %s installation if you don't know </b>exactly</b> what are you are doing, this means that you can severily damage your setup using this extension. This extension is intended to be used <b>only by experienced users</b> with a depth knowledge of %s internals.", get_product_name(), get_product_name(), get_product_name() ); echo '</div>'; echo '<br />'; echo "Some samples of usage: <blockquote><em>SHOW STATUS;<br />DESCRIBE tagente<br />SELECT * FROM tserver<br />UPDATE tagente SET id_grupo = 15 WHERE nombre LIKE '%194.179%'</em></blockquote>"; echo '<br /><br />'; echo "<form method='post' action=''>"; html_print_textarea('sql', 5, 50, html_entity_decode($sql, ENT_QUOTES)); echo '<br />'; echo '<div class="action-buttons" style="width: 100%">'; echo '<br />'; html_print_submit_button(__('Execute SQL'), '', false, 'class="sub next"'); echo '</div>'; echo '</form>'; // Processing SQL Code if ($sql == '') { return; } echo '<br />'; echo '<hr />'; echo '<br />'; $dbconnection = $config['dbconnection']; $error = ''; $result = dbmanager_query($sql, $error, $dbconnection); if ($result === false) { echo '<strong>An error has occured when querying the database.</strong><br />'; echo $error; db_pandora_audit('DB Interface Extension', 'Error in SQL', false, false, $sql); return; } if (! is_array($result)) { echo '<strong>Output: <strong>'.$result; db_pandora_audit('DB Interface Extension', 'SQL', false, false, $sql); return; } echo "<div style='overflow: auto;'>"; $table = new stdClass(); $table->width = '100%'; $table->class = 'info_table'; $table->head = array_keys($result[0]); $table->data = $result; html_print_table($table); echo '</div>'; } // This adds a option in the operation menu extensions_add_godmode_menu_option(__('DB interface'), 'PM', 'gextensions', 'dbmanager/icon.png', 'v1r1', 'gdbman'); // This sets the function to be called when the extension is selected in the operation menu extensions_add_godmode_function('dbmgr_extension_main');