Codice PHP:
<?php
//error_reporting(E_ALL);
include "../connect.inc.php";
//==================================================================
$cfgExecTimeLimit = 300; // maximum execution time in seconds (0 for no limit)
function sostituisci($sql){
preg_match_all('/\{([^}]*)\}/', $sql, $matches);
$risultati = $matches[1];
foreach ($risultati as $ris){
$key="\{".$ris."\}";
// per i tag template nell'oggetto, mostra il tag per quelli protetti
// per gli altri invece mostra una text area.
global $tbl,$sottocartella;
switch ($ris){
case "w3kml";
$sql = eregi_replace("$key",$tbl["newsletters"],$sql);
break;
case "identities";
$sql = eregi_replace("$key",$tbl["identities"],$sql);
break;
case "w3kutenti";
$sql = eregi_replace("$key",$tbl["subcriptions"],$sql);
break;
case "w3ktmpl";
$sql = eregi_replace("$key",$tbl["templates"],$sql);
break;
case "sec_users";
$sql = eregi_replace("$key",$tbl["users"],$sql);
break;
case "sec_profiles";
$sql = eregi_replace("$key",$tbl["profiles"],$sql);
break;
case "sec_pages";
$sql = eregi_replace("$key",$tbl["pages"],$sql);
break;
case "sec_settings";
$sql = eregi_replace("$key",$tbl["settings"],$sql);
break;
case "w3kinvii";
$sql = eregi_replace("$key",$tbl["sendings"],$sql);
break;
case "w3kattivazioni";
$sql = eregi_replace("$key", $tbl["activations"],$sql);
break;
case "w3kurl";
$sql = eregi_replace("$key", $tbl["urls"],$sql);
break;
case "w3klog";
$sql = eregi_replace("$key", $tbl["logs"],$sql);
break;
case "images";
$sql = eregi_replace("$key", $tbl["images"],$sql);
break;
case "images_folder";
$sql = eregi_replace("$key", $tbl["images_folder"],$sql);
break;
case "subdir";
if ($_POST["overw3s"]==true)
$sottoc="administration/".$sottocartella;
else
$sottoc=$sottocartella;
$sql = eregi_replace("$key", $sottoc,$sql);
break;
case "permissions";
$sqlx="select max(id) as biggest from ".$tbl["pages"]."";
$resx=mysql_query($sqlx);
$bigger=mysql_fetch_array($resx);
$permissions="a:".$bigger["biggest"].":{";
for ($i=1;$i<=$bigger["biggest"];$i++){
$permissions.="i:".$i.";s:1:\"1\";";
}
$permissions.="}";
$sql = eregi_replace("$key",$permissions,$sql);
break;
}
}
return $sql;
}
function PMA_splitSqlFile(&$ret, $sql, $release){
$sql = trim($sql);
$sql_len = strlen($sql);
$char = '';
$string_start = '';
$in_string = FALSE;
$time0 = time();
for ($i = 0; $i < $sql_len; ++$i) {
$char = $sql[$i];
// We are in a string, check for not escaped end of strings except for
// backquotes that can't be escaped
if ($in_string) {
for (;;) {
$i = strpos($sql, $string_start, $i);
// No end of string found -> add the current substring to the
// returned array
if (!$i) {
$ret[] = $sql;
return TRUE;
}
// Backquotes or no backslashes before quotes: it's indeed the
// end of the string -> exit the loop
else if ($string_start == '`' || $sql[$i-1] != '\\') {
$string_start = '';
$in_string = FALSE;
break;
}
// one or more Backslashes before the presumed end of string...
else {
// ... first checks for escaped backslashes
$j = 2;
$escaped_backslash = FALSE;
while ($i-$j > 0 && $sql[$i-$j] == '\\') {
$escaped_backslash = !$escaped_backslash;
$j++;
}
// ... if escaped backslashes: it's really the end of the
// string -> exit the loop
if ($escaped_backslash) {
$string_start = '';
$in_string = FALSE;
break;
}
// ... else loop
else {
$i++;
}
} // end if...elseif...else
} // end for
} // end if (in string)
// We are not in a string, first check for delimiter...
else if ($char == ';') {
// if delimiter found, add the parsed part to the returned array
$ret[] = substr($sql, 0, $i);
$sql = ltrim(substr($sql, min($i + 1, $sql_len)));
$sql_len = strlen($sql);
if ($sql_len) {
$i = -1;
} else {
// The submited statement(s) end(s) here
return TRUE;
}
} // end else if (is delimiter)
// ... then check for start of a string,...
else if (($char == '"') || ($char == '\'') || ($char == '`')) {
$in_string = TRUE;
$string_start = $char;
} // end else if (is start of string)
// ... for start of a comment (and remove this comment if found)...
else if ($char == '#'
|| ($char == ' ' && $i > 1 && $sql[$i-2] . $sql[$i-1] == '--')) {
// starting position of the comment depends on the comment type
$start_of_comment = (($sql[$i] == '#') ? $i : $i-2);
// if no "\n" exits in the remaining string, checks for "\r"
// (Mac eol style)
$end_of_comment = (strpos(' ' . $sql, "\012", $i+2))
? strpos(' ' . $sql, "\012", $i+2)
: strpos(' ' . $sql, "\015", $i+2);
if (!$end_of_comment) {
// no eol found after '#', add the parsed part to the returned
// array if required and exit
if ($start_of_comment > 0) {
$ret[] = trim(substr($sql, 0, $start_of_comment));
}
return TRUE;
} else {
$sql = substr($sql, 0, $start_of_comment)
. ltrim(substr($sql, $end_of_comment));
$sql_len = strlen($sql);
$i--;
} // end if...else
} // end else if (is comment)
// ... and finally disactivate the "" syntax if MySQL < 3.22.07
else if ($release < 32270
&& ($char == '!' && $i > 1 && $sql[$i-2] . $sql[$i-1] == '/*')) {
$sql[$i] = ' ';
} // end else if
// loic1: send a fake header each 30 sec. to bypass browser timeout
$time1 = time();
if ($time1 >= $time0 + 30) {
$time0 = $time1;
header('X-pmaPing: Pong');
} // end if
} // end for
// add any rest to the returned array
if (!empty($sql) && ereg('[^[:space:]]+', $sql)) {
$ret[] = $sql;
}
return TRUE;
} // end of the 'PMA_splitSqlFile()' function
function importaSql ($sql_file=""){
/**
* Increases the max. allowed time to run a script
*/
@set_time_limit($cfgExecTimeLimit);
$goto = 'setup.php';
$err_url = $goto."?errore=1";
/**
* Set up default values for some variables
*/
$view_bookmark = 0;
$sql_bookmark = isset($sql_bookmark) ? $sql_bookmark : '';
$sql_query = isset($sql_query) ? $sql_query : '';
$sql_file = !empty($sql_file) ? $sql_file : 'none';
/**
* Prepares the sql query
*/
// Gets the query from a file if required
if ($sql_file != 'none') {
if (file_exists($sql_file)) {
$open_basedir = '';
if (PMA_PHP_INT_VERSION >= 40000 ) {
$open_basedir = @ini_get('open_basedir');
}
if (empty($open_basedir)) {
$open_basedir = @get_cfg_var('open_basedir');
}
// If we are on a server with open_basedir, we must move the file
// before opening it. The doc explains how to create the "./tmp"
// directory
if (!empty($open_basedir)) {
// check if '.' is in open_basedir
$pos = strpos(' ' . $open_basedir, '.');
// from the PHP annotated manual
if (!$pos) {
// if no '.' in openbasedir, do not move the file, force the
// error and let PHP report it
error_reporting(E_ALL);
$sql_query = fread(fopen($sql_file, 'r'), filesize($sql_file));
} else {
$sql_file_new = './tmp/' . basename($sql_file);
if (PMA_PHP_INT_VERSION < 40003) {
copy($sql_file, $sql_file_new);
} else {
move_uploaded_file($sql_file, $sql_file_new);
}
$sql_query = fread(fopen($sql_file_new, 'r'), filesize($sql_file_new));
unlink($sql_file_new);
}
} else {
// read from the normal upload dir
$sql_file;
$sql_query = fread(fopen($sql_file, 'r'), filesize($sql_file));
}
if (get_magic_quotes_runtime() == 1) {
$sql_query = stripslashes($sql_query);
}
}
} else if (empty($id_bookmark) && get_magic_quotes_gpc() == 1) {
$sql_query = stripslashes($sql_query);
}
$sql_query = trim($sql_query);
$pieces = array();
PMA_splitSqlFile($pieces, $sql_query, PMA_MYSQL_INT_VERSION);
$pieces_count = count($pieces);
for ($i = 0; $i < $pieces_count; $i++) {
$a_sql_query = $pieces[$i];
$a_sql_query = sostituisci($a_sql_query);
$result = mysql_query($a_sql_query);
if ($result == FALSE) { // readdump failed
$my_die = $a_sql_query;
print "<div class='sqlerror'>".$a_sql_query."</div>\n";
// break;
}else{
print "<div class='sql'>".$a_sql_query."</div>\n";
}
if (!isset($reload) && eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $a_sql_query)) {
$reload = 1;
}
} // end for
unset($pieces);
}
//==================================================================
if ($_POST["complete"]==true){
importaSQL("web3news.sql");
}elseif ($_POST["updateto098"]==true){
echo "QUO";
importaSQL("update097-098.sql");
}elseif ($_POST["overw3s"]==true){
importaSQL("addw3s.sql");
}
?>
..... vedete dove è richiamata la funzione..
Rispondi quotando