ufik / WebCMS2

auth_error($Ce=null){global$g,$o,$P;$Hc=session_name();$n="";if(!$_COOKIE[$Hc]&&$_GET[$Hc]&&ini_bool("session.use_only_cookies")){$n=lang(61);}elseif(isset($_GET["username"])){if(($_COOKIE[$Hc]||$_GET[$Hc])&&!$P){$n=lang(62);}else{$T=&get_session("pwds");if(isset($T)){$n=h($Ce?$Ce->getMessage():(is_string($g)?$g:lang(63)));$T=null;}}}page_header(lang(23),$n,null);echo"<form action='' method='post' onclick='eventStop(event);'>\n";$o->loginForm();echo"<div>";hidden_fields($_POST,array("driver","server","username","password","permanent"));echo"</div>\n","</form>\n";page_footer("auth");}if(isset($_GET["username"])){if(!class_exists("Min_DB")){unset($_SESSION["pwds"][DRIVER]);page_header(lang(64),lang(65,implode(", ",$kc)),false);page_footer("auth");exit;}$g=connect();}if(is_string($g)||!$o->login($_GET["username"],get_session("pwds"))){auth_error();exit;}$P=$_SESSION["token"];if(isset($_POST["server"])&&$_POST["token"]){$_POST["token"]=$P;}$n=($_POST?($_POST["token"]==$P?"":lang(59)):($_SERVER["REQUEST_METHOD"]!="POST"?"":lang(66,'"post_max_size"')));function

connect_error(){global$g,$P,$n,$pa;$_=array();if(DB!=""){page_header(lang(67).": ".h(DB),lang(68),true);}else{if($_POST["db"]&&!$n){queries_redirect(substr(ME,0,-1),lang(69),drop_databases($_POST["db"]));}page_header(lang(70),$n,false);echo"<p><a href='".h(ME)."database='>".lang(71)."</a>\n";foreach(array('privileges'=>lang(50),'processlist'=>lang(72),'variables'=>lang(73),'status'=>lang(74),)as$d=>$b){if(support($d)){echo"<a href='".h(ME)."$d='>$b</a>\n";}}echo"<p>".lang(75,$pa[DRIVER],"<b>$g->server_info</b>","<b>$g->extension</b>")."\n","<p>".lang(76,"<b>".h(logged_user())."</b>")."\n";if($_GET["refresh"]){set_session("dbs",null);}$_=get_databases();if($_){$Rd=support("scheme");$Z=collations();echo"<form action='' method='post'>\n","<table cellspacing='0' onclick='tableClick(event);'>\n","<thead><tr><td>&nbsp;<th>".lang(67)."<td>".lang(77)."<td>".lang(78)."</thead>\n";foreach($_

as$s){$Qd=h(ME)."db=".urlencode($s);echo"<tr".odd()."><td>".checkbox("db[]",$s,in_array($s,(array)$_POST["db"])),"<th><a href='$Qd'>".h($s)."</a>","<td><a href='$Qd".($Rd?"&amp;ns=":"")."&amp;database='>".nbsp(db_collation($s,$Z))."</a>","<td align='right'><a href='$Qd&amp;schema=' id='tables-".h($s)."'>?</a>","\n";}echo"</table>\n","<p><input type='submit' name='drop' value='".lang(79)."'".confirm("formChecked(this, /db/)",1).">\n";echo"<input type='hidden' name='token' value='$P'>\n","<a href='".h(ME)."refresh=1' onclick='eventStop(event);'>".lang(80)."</a>\n","</form>\n";}}page_footer("db");if($_){echo"<script type='text/javascript'>ajaxSetHtml('".js_escape(ME)."script=connect');</script>\n";}}if(isset($_GET["status"])){$_GET["variables"]=$_GET["status"];}if(!(DB!=""?$g->select_db(DB):isset($_GET["sql"])||isset($_GET["dump"])||isset($_GET["database"])||isset($_GET["processlist"])||isset($_GET["privileges"])||isset($_GET["user"])||isset($_GET["variables"])||$_GET["script"]=="connect")){if(DB!=""){set_session("dbs",null);}connect_error();exit;}if(support("scheme")&&DB!=""&&$_GET["ns"]!==""){if(!isset($_GET["ns"])){redirect(preg_replace('~ns=[^&]*&~','',ME)."ns=".get_schema());}if(!set_schema($_GET["ns"])){page_header(lang(81).": ".h($_GET["ns"]),lang(82),true);page_footer("ns");exit;}}function

select($j,$G=null,$Ic=""){$wa=array();$K=array();$B=array();$Xe=array();$S=array();odd('');for($l=0;$a=$j->fetch_row();$l++){if(!$l){echo"<table cellspacing='0' class='nowrap'>\n","<thead><tr>";for($oa=0;$oa<count($a);$oa++){$e=$j->fetch_field();$f=$e->name;$Ka=$e->orgtable;$Bc=$e->orgname;if($Ic){$wa[$oa]=($f=="table"?"table=":($f=="possible_keys"?"indexes=":null));}elseif($Ka!=""){if(!isset($K[$Ka])){$K[$Ka]=array();foreach(indexes($Ka,$G)as$w){if($w["type"]=="PRIMARY"){$K[$Ka]=array_flip($w["columns"]);break;}}$B[$Ka]=$K[$Ka];}if(isset($B[$Ka][$Bc])){unset($B[$Ka][$Bc]);$K[$Ka][$Bc]=$oa;$wa[$oa]=$Ka;}}if($e->charsetnr==63){$Xe[$oa]=true;}$S[$oa]=$e->type;$f=h($f);echo"<th".($Ka!=""||$e->name!=$Bc?" title='".h(($Ka!=""?"$Ka.":"").$Bc)."'":"").">".($Ic?"<a href='$Ic".strtolower($f)."' target='_blank' rel='noreferrer'>$f</a>":$f);}echo"</thead>\n";}echo"<tr".odd().">";foreach($a

as$d=>$b){if(!isset($b)){$b="<i>NULL</i>";}elseif($Xe[$d]&&!is_utf8($b)){$b="<i>".lang(32,strlen($b))."</i>";}elseif(!strlen($b)){$b="&nbsp;";}else{$b=h($b);if($S[$d]==254){$b="<code>$b</code>";}}if(isset($wa[$d])&&!$B[$wa[$d]]){if($Ic){$x=$wa[$d].urlencode($a[array_search("table=",$wa)]);}else{$x="edit=".urlencode($wa[$d]);foreach($K[$wa[$d]]as$Qc=>$oa){$x.="&where".urlencode("[".bracket_escape($Qc)."]")."=".urlencode($a[$oa]);}}$b="<a href='".h(ME.$x)."'>$b</a>";}echo"<td>$b";}}echo($l?"</table>":"<p class='message'>".lang(83))."\n";}function

referencable_primary($Mf){$c=array();foreach(table_status()as$Ia=>$h){if($Ia!=$Mf&&fk_support($h)){foreach(fields($Ia)as$e){if($e["primary"]){if($c[$Ia]){unset($c[$Ia]);break;}$c[$Ia]=$e;}}}}return$c;}function

textarea($f,$q,$H=10,$ob=80){echo"<textarea name='$f' rows='$H' cols='$ob' class='sqlarea' spellcheck='false' wrap='off' onkeydown='return textareaKeydown(this, event);'>";if(is_array($q)){foreach($q

';if(support("kill")){echo($l+1)."/".lang(223,$g->result("SELECT @@max_connections")),"<p><input type='submit' value='".lang(224)."'>\n";}echo'<input type="hidden" name="token" value="',$P,'">

</form>

';}elseif(isset($_GET["select"])){$m=$_GET["select"];$E=table_status($m);$K=indexes($m);$p=fields($m);$ga=column_foreign_keys($m);if($E["Oid"]=="t"){$K[]=array("type"=>"PRIMARY","columns"=>array("oid"));}parse_str($_COOKIE["adminer_import"],$hd);$ie=array();$B=array();$Vb=null;foreach($p

as$d=>$e){$f=$o->fieldName($e);if(isset($e["privileges"]["select"])&&$f!=""){$B[$d]=html_entity_decode(strip_tags($f));if(ereg('text|lob',$e["type"])){$Vb=$o->selectLengthProcess();}}$ie+=$e["privileges"];}list($J,$sa)=$o->selectColumnsProcess($B,$K);$t=$o->selectSearchProcess($p,$K);$gb=$o->selectOrderProcess($p,$K);$L=$o->selectLimitProcess();$cc=($J?implode(", ",$J):($E["Oid"]=="t"?"oid, ":"")."*")."\nFROM ".table($m);$qd=($sa&&count($sa)<count($J)?"\nGROUP BY ".implode(", ",$sa):"").($gb?"\nORDER BY ".implode(", ",$gb):"");if($_GET["val"]&&is_ajax()){header("Content-Type: text/plain; charset=utf-8");foreach($_GET["val"]as$ab=>$a){echo$g->result("SELECT".limit(idf_escape(key($a))." FROM ".table($m)," WHERE ".where_check($ab).($t?" AND ".implode(" AND ",$t):"").($gb?" ORDER BY ".implode(", ",$gb):""),1));}exit;}if($_POST&&!$n){$ke="(".implode(") OR (",array_map('where_check',(array)$_POST["check"])).")";$Ma=$_c=null;foreach($K

as$w){if($w["type"]=="PRIMARY"){$Ma=array_flip($w["columns"]);$_c=($J?$Ma:array());break;}}foreach((array)$_c

as$d=>$b){if(in_array(idf_escape($d),$J)){unset($_c[$d]);}}if($_POST["export"]){cookie("adminer_import","output=".urlencode($_POST["output"])."&format=".urlencode($_POST["format"]));dump_headers($m);$o->dumpTable($m,"");if(!is_array($_POST["check"])||$_c===array()){$bc=$t;if(is_array($_POST["check"])){$bc[]="($ke)";}$i="SELECT $cc".($bc?"\nWHERE ".implode(" AND ",$bc):"").$qd;}else{$je=array();foreach($_POST["check"]as$b){$je[]="(SELECT".limit($cc,"\nWHERE ".($t?implode(" AND ",$t)." AND ":"").where_check($b).$qd,1).")";}$i=implode(" UNION ALL ",$je);}$o->dumpData($m,"table",$i);exit;}if(!$o->selectEmailProcess($t,$ga)){if($_POST["save"]||$_POST["delete"]){$j=true;$sb=0;$i=table($m);$r=array();if(!$_POST["delete"]){foreach($B

as$f=>$b){$b=process_input($p[$f]);if($b!==null){if($_POST["clone"]){$r[idf_escape($f)]=($b!==false?$b:idf_escape($f));}elseif($b!==false){$r[]=idf_escape($f)." = $b";}}}$i.=($_POST["clone"]?" (".implode(", ",array_keys($r)).")\nSELECT ".implode(", ",$r)."\nFROM ".table($m):" SET\n".implode(",\n",$r));}if($_POST["delete"]||$r){$gd="UPDATE";if($_POST["delete"]){$gd="DELETE";$i="FROM $i";}if($_POST["clone"]){$gd="INSERT";$i="INTO $i";}if($_POST["all"]||($_c===array()&&$_POST["check"])||count($sa)<count($J)){$j=queries($gd." $i".($_POST["all"]?($t?"\nWHERE ".implode(" AND ",$t):""):"\nWHERE $ke"));$sb=$g->affected_rows;}else{foreach((array)$_POST["check"]as$b){$j=queries($gd.limit1($i,"\nWHERE ".where_check($b)));if(!$j){break;}$sb+=$g->affected_rows;}}}queries_redirect(remove_from_uri("page"),lang(225,$sb),$j);}elseif(!$_POST["import"]){if(!$_POST["val"]){$n=lang(226);}else{$j=true;$sb=0;foreach($_POST["val"]as$ab=>$a){$r=array();foreach($a

as$d=>$b){$d=bracket_escape($d,1);$r[]=idf_escape($d)." = ".(ereg('char|text',$p[$d]["type"])||$b!=""?$o->processInput($p[$d],$b):"NULL");}$i=table($m)." SET ".implode(", ",$r);$bc=" WHERE ".where_check($ab).($t?" AND ".implode(" AND ",$t):"");$j=queries("UPDATE".(count($sa)<count($J)?" $i$bc":limit1($i,$bc)));if(!$j){break;}$sb+=$g->affected_rows;}queries_redirect(remove_from_uri(),lang(225,$sb),$j);}}elseif(is_string($Fa=get_file("csv_file",true))){cookie("adminer_import","output=".urlencode($hd["output"])."&format=".urlencode($_POST["separator"]));$j=true;$ob=array_keys($p);preg_match_all('~(?>"[^"]*"|[^"\\r\\n]+)+~',$Fa,$ta);$sb=count($ta[0]);begin();$fb=($_POST["separator"]=="csv"?",":($_POST["separator"]=="tsv"?"\t":";"));foreach($ta[0]as$d=>$b){preg_match_all("~((\"[^\"]*\")+|[^$fb]*)$fb~",$b.$fb,$Kd);if(!$d&&!array_diff($Kd[1],$ob)){$ob=$Kd[1];$sb--;}else{$r=array();foreach($Kd[1]as$l=>$Qc){$r[idf_escape($ob[$l])]=($Qc==""&&$p[$ob[$l]]["null"]?"NULL":q(str_replace('""','"',preg_replace('~^"|"$~','',$Qc))));}$j=insert_update($m,$r,$Ma);if(!$j){break;}}}if($j){queries("COMMIT");}queries_redirect(remove_from_uri("page"),lang(227,$sb),$j);queries("ROLLBACK");}else{$n=upload_error($Fa);}}}$Ia=$o->tableName($E);page_header(lang(33).": $Ia",$n);session_write_close();$r=null;if(isset($ie["insert"])){$r="";foreach((array)$_GET["where"]as$b){if(count($ga[$b["col"]])==1&&($b["op"]=="="||(!$b["op"]&&!ereg('[_%]',$b["val"])))){$r.="&set".urlencode("[".bracket_escape($b["col"])."]")."=".urlencode($b["val"]);}}}$o->selectLinks($E,$r);if(!$B){echo"<p class='error'>".lang(228).($p?".":": ".error())."\n";}else{echo"<form action='' id='form'>\n","<div style='display: none;'>";hidden_fields_get();echo(DB!=""?'<input type="hidden" name="db" value="'.h(DB).'">'.(isset($_GET["ns"])?'<input type="hidden" name="ns" value="'.h($_GET["ns"]).'">':""):"");echo'<input type="hidden" name="select" value="'.h($m).'">',"</div>\n";$o->selectColumnsPrint($J,$B);$o->selectSearchPrint($t,$B,$K);$o->selectOrderPrint($gb,$B,$K);$o->selectLimitPrint($L);$o->selectLengthPrint($Vb);$o->selectActionPrint();echo"</form>\n";$aa=$_GET["page"];if($aa=="last"){$Xa=$g->result("SELECT COUNT(*) FROM ".table($m).($t?" WHERE ".implode(" AND ",$t):""));$aa=floor(max(0,$Xa-1)/$L);}$i="SELECT".limit((+$L&&$sa&&count($sa)<count($J)&&$u=="sql"?"SQL_CALC_FOUND_ROWS ":"").$cc,($t?"\nWHERE ".implode(" AND ",$t):"").$qd,($L!=""?+$L:null),($aa?$L*$aa:0),"\n");echo$o->selectQuery($i);$j=$g->query($i);if(!$j){echo"<p class='error'>".error()."\n";}else{if($u=="mssql"){$j->seek($L*$aa);}$bd=array();echo"<form action='' method='post' enctype='multipart/form-data'>\n";$H=array();while($a=$j->fetch_assoc()){if($aa&&$u=="oracle"){unset($a["RNUM"]);}$H[]=$a;}if($_GET["page"]!="last"){$Xa=(+$L&&$sa&&count($sa)<count($J)?($u=="sql"?$g->result(" SELECT FOUND_ROWS()"):$g->result("SELECT COUNT(*) FROM ($i) x")):count($H));}if(!$H){echo"<p class='message'>".lang(83)."\n";}else{$Od=$o->backwardKeys($m,$Ia);echo"<table cellspacing='0' class='nowrap' onclick='tableClick(event);' onkeydown='return editingKeydown(event);'>\n","<thead><tr>".(!$sa&&$J?"":"<td><input type='checkbox' id='all-page' onclick='formCheck(this, /check/);'> <a href='".h($_GET["modify"]?remove_from_uri("modify"):$_SERVER["REQUEST_URI"]."&modify=1")."'>".lang(119)."</a>");$Id=array();$ca=array();reset($J);$ce=1;foreach($H[0]as$d=>$b){if($E["Oid"]!="t"||$d!="oid"){$b=$_GET["columns"][key($J)];$e=$p[$J?($b?$b["col"]:current($J)):$d];$f=($e?$o->fieldName($e,$ce):"*");if($f!=""){$ce++;$Id[$d]=$f;$C=idf_escape($d);echo'<th><a href="'.h(remove_from_uri('(order|desc)[^=]*|page').'&order%5B0%5D='.urlencode($d).($gb[0]==$C||$gb[0]==$d||(!$gb&&count($sa)<count($J)&&$sa[0]==$C)?'&desc%5B0%5D=1':'')).'">'.(!$J||$b?apply_sql_function($b["fun"],$f):h(current($J)))."</a>";}$ca[$d]=$b["fun"];next($J);}}$dc=array();if($_GET["modify"]){foreach($H