Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/mis2222/xmigratex/ drwxr-xr-x |
Viewing file: Select action/file-type: <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <link rel="stylesheet" type="text/css" href="style.css" /> <?php include_once "special_fld.php"; set_time_limit(0); function findIndex($arr, $v){ $sf = sizeof($arr); $index = 0; for($i=0;i<$sf;$i++){ echo $arr[$i]; // if(strcmp($arr[$i],$v)==0){ // $rt[$index] = $i; // $index++; // } } return $rt; } $ts=microtime(true); /* if(empty($_GET)) echo "No GET variables"; else print_r($_GET); */ $dbreg = $_POST["dbreg"]; $dbmoreg = $_POST["dbmoreg"]; $dbppc = $_POST["dbppc"]; $localhost_s = $_POST["localhost_s"]; $localhost_u = $_POST["localhost_u"]; $localhost_p = $_POST["localhost_p"]; $dbNo = $_POST["dbNo"]; $path_mysql = $_POST["path_mysql"]; if($dbNo==1) { $oDB = "regpbri"; $moDB = $dbmoreg; include_once "arr_pbri.php"; }elseif($dbNo==2) { $oDB = $dbreg; $moDB = $dbmoreg; //$path_mysql = '/opt/mysql/bin/mysql';//'mysql'; include_once "arr_reg.php"; }elseif($dbNo==3) { $oDB = $dbreg; $moDB = $dbppc; include_once "arr_people.php"; } // ------------ connect $ln_info = mysql_connect($localhost_s, $localhost_u, $localhost_p); if (!$ln_info) { echo "<font color='#FF0000'>$source_s"; die(' ไม่สามารถเชื่อมต่อฐานข้อมูลได้ ตรวจสอบชื่อ server, user และpassword ให้ถูกต้อง: ' . mysql_error()); echo "</font >"; }else{ //echo "Connected $source_s successfully<br>"; } $ln_reg = mysql_connect($localhost_s, $localhost_u, $localhost_p, true); if (!$ln_reg) { echo "<font color='#FF0000'>$source_s"; die(' ไม่สามารถเชื่อมต่อฐานข้อมูลได้ ตรวจสอบชื่อ server, user และpassword ให้ถูกต้อง: ' . mysql_error()); echo "</font >"; }else{ //echo "Connected $source_s successfully<br>"; } $ln_mo = mysql_connect($localhost_s, $localhost_u, $localhost_p, true); if (!$ln_mo) { echo "<font color='#FF0000'>$local_s"; die(' ไม่สามารถเชื่อมต่อฐานข้อมูลได้ ตรวจสอบชื่อ server, user และpassword ให้ถูกต้อง: ' . mysql_error()); echo "</font >"; }else{ //echo "Connected $local_s successfully<br>"; } // -------------- select DB $db_info = mysql_select_db('information_schema', $ln_info); //mysql_query("SET NAMES 'utf8'", $ln_info); if (!$db_info) { die ('ไม่สามารถเชื่อมต่อฐานข้อมูล information_schema ได้: ' . mysql_error()); }else{ //echo 'db_information_schema successfully<br>'; } $db_reg = mysql_select_db($oDB, $ln_reg); mysql_query("SET NAMES 'utf8'", $ln_reg); if (!$db_reg) { die ("ไม่สามารถเชื่อมต่อฐานข้อมูล $oDB ได้ โปรดตรวจสอบชื่อฐานข้อมูลอีกครั้ง : " . mysql_error()); }else{ echo "เชื่อมต่อฐานข้อมูล $oDB สำเร็จ<br>"; } $db_mo = mysql_select_db($moDB, $ln_mo); mysql_query("SET NAMES utf8", $ln_mo); mysql_query("SET collation_connection = 'utf8_general_ci' ", $ln_mo); if (!$db_mo) { die ("ไม่สามารถเชื่อมต่อฐานข้อมูล $moDB ได้ โปรดตรวจสอบชื่อฐานข้อมูลอีกครั้ง: " . mysql_error()); }else{ echo "เชื่อมต่อ $moDB สำเร็จ<br><br>"; } // --------------end select DB if($dbNo==2) { $ad = "$path_mysql -h '$localhost_s' -u '$localhost_u' -p'$localhost_p' -e 'DROP TABLE $dbmoreg.`rg_RealStudentAd` ; CREATE TABLE $dbmoreg.`rg_RealStudentAd` AS SELECT * FROM $dbreg.`rg_RealStudentAd`; '"; $last_line = system($ad, $retval); if($retval){ echo "<font color='#FF0000'>ย้ายข้อมูล `rg_RealStudentAd` เกิดข้อผิดพลาด"; echo $retval.' <br>sql : '.$ad; echo "</font><br>"; } $de = "$path_mysql -h '$localhost_s' -u '$localhost_u' -p'$localhost_p' -e 'DROP TABLE $dbmoreg.`rg_RealStudentDe` ; CREATE TABLE $dbmoreg.`rg_RealStudentDe` AS SELECT * FROM $dbreg.`rg_RealStudentDe`; '"; $last_line = system($de, $retval); if($retval){ echo "<font color='#FF0000'>ย้ายข้อมูล `rg_RealStudentDe` เกิดข้อผิดพลาด"; echo $retval.' <br>sql : '.$de; echo "</font><br>"; } unset($ad); unset($de); // -- ตัดเว้นวรรคในชื่อ ที่เกิน 1 ช่อง $mo_name = "UPDATE $dbreg.`StudentBio` SET parentName = REPLACE(REPLACE(REPLACE(parentName ,'นาย','นาย '),'นาง','นาง '),'นางสาว','นางสาว ') ,parentName = REPLACE(REPLACE(REPLACE(parentName ,SPACE(4),SPACE(1)) ,SPACE(3),SPACE(1)),SPACE(2),SPACE(1)) ,parentName = TRIM(parentName) ,fatherName = REPLACE(REPLACE(REPLACE(fatherName ,SPACE(4),SPACE(1)) ,SPACE(3),SPACE(1)),SPACE(2),SPACE(1)) ,fatherName = REPLACE(REPLACE(REPLACE(fatherName ,'นาย ','นาย'),'นาง ','นาง'),'นางสาว ','นางสาว') ,fatherName = TRIM(fatherName) ,motherName = REPLACE(REPLACE(REPLACE(motherName ,SPACE(4),SPACE(1)) ,SPACE(3),SPACE(1)),SPACE(2),SPACE(1)) ,motherName = REPLACE(REPLACE(REPLACE(motherName ,'นาย ','นาย'),'นาง ','นาง'),'นางสาว ','นางสาว') ,motherName = TRIM(motherName)"; $rs = mysql_query($mo_name, $ln_reg); if (!$rs) { $message = 'Invalid query: ' . mysql_error() . "\n"; $message .= 'Whole query: ' . $import_query; die($message); } } //echo '+++++++++++++++++++++++++++++++++++++<br><br>'; $sizeoftb = sizeof($sm); echo $sizeoftb.'ตาราง <br>'; $records = 0; $affected_records = 0; ?> <table class='tb_1' width='100%' > <tr align='center'> <th width=20 rowspan='2'></th> <th colspan='4'>ฐานข้อมูล <? echo $oDB;?></th> <th colspan='4'>ฐานข้อมูล <? echo $moDB;?></th> <th rowspan='2'>ฟิลด์ที่<br />เปลี่ยนแปลง</th> </tr> <tr align='center'> <td class='h2'>ชื่อตาราง</td> <td class='h2'>จำนวนฟิลด์<br />ที่พบ</td> <td class='h2'>จำนวนฟิลด์ที่<br />คัดลอกข้อมูล</td> <td class='h2'>จำนวน<br />แถวข้อมูล</td> <td class='h2'>ตาราง<br /><? echo $moDB;?></td> <td class='h2'>จำนวนฟิลด์<br />ที่พบ</td> <td class='h2'>จำนวนฟิลด์<br />ที่จัดเก็บข้อมูล</td> <td class='h2'>จำนวน<br />แถวข้อมูล</td> </tr> <? for($tb_num=0; $tb_num < $sizeoftb; $tb_num++){ $otb_name = $sm[$tb_num]['old']['name']; $motb_name = $sm[$tb_num]['new']['name']; if($otb_name!='-'){ // หาจำนวนฟิลด์ จาก ฐานข้อมูล $oQuery = "SELECT * FROM `COLUMNS` WHERE `TABLE_SCHEMA` LIKE '".$oDB."' AND `TABLE_NAME` LIKE '".$otb_name."'"; $moQuery = "SELECT * FROM `COLUMNS` WHERE `TABLE_SCHEMA` LIKE '$moDB' AND `TABLE_NAME` LIKE '".$motb_name."'"; $oRS = mysql_query($oQuery, $ln_info); if (!$oRS) { $message = 'Invalid query: ' . mysql_error() . "\n"; $message .= 'Whole query: ' . $oQuery; die($message); } $oFld_num = mysql_num_rows($oRS); $moRS = mysql_query($moQuery, $ln_info); if (!$moRS) { $message = 'Invalid query: ' . mysql_error() . "\n"; $message .= 'Whole query: ' . $moQuery; die($message); } $moFld_num = mysql_num_rows($moRS); // ความแตกต่างระหว่างฟิลด $plus = sizeof($sm[$tb_num]['plus']); $minus = sizeof($sm[$tb_num]['minus']); $oFld_numA = sizeof($sm[$tb_num]['old']['fld']) - $plus; $moFld_numA = sizeof($sm[$tb_num]['new']['fld']) - $minus ; $Fld_diff = ''; if( $plus != 0 ){ $Fld_diff .= "+ $plus<br>"; } if( $minus != 0 ){ $Fld_diff .= " - $minus"; //$rt = findIndex($sm[$tb_num]['new']['fld'], '-'); } ?> <? $num_row=-1; if(1){//($plus == 0){ // normal $query = "SELECT * FROM `$otb_name` WHERE 1;"; // echo $query.'<br>'; $result = mysql_query($query, $ln_reg); $num_row = mysql_num_rows($result); $message = ""; $affected = 0; if ($num_row==0) { // $message = 'Invalid query: ' . mysql_error() . "\n"; // $message = 'Whole query: ' . $query; // echo "<td>$message</td>"; $num_row=0; // die($message); $num=1; }else{ // Insert to $nFld_name = ""; $oFld_name = ""; $fld_num = 0; for($nfld=0; $nfld<sizeof($sm[$tb_num]['new']['fld']); $nfld++){ if(!in_array($nfld,$sm[$tb_num]['minus'])){ $fld_num++; $nFld_name .= '`'.$sm[$tb_num]['new']['fld'][$nfld].'`'; $oFld_name .= '`'.$sm[$tb_num]['old']['fld'][$nfld].'`'; if( $fld_num < $moFld_numA ){ $nFld_name .= ', '; $oFld_name .= ', '; } } } if($sm[$tb_num]['sql']=='-'){ $import_query = 'INSERT INTO `'.$moDB.'`.`'.$motb_name.'` ('.$nFld_name.') '; $import_query.= 'SELECT '.$oFld_name.' FROM `'.$oDB.'`.`'.$otb_name.'`;'; }elseif(isset($sm[$tb_num]['qry'])){ $import_query = 'INSERT INTO `'.$moDB.'`.`'.$motb_name.'` ('.$nFld_name.') '; $import_query.= $sm[$tb_num]['qry']; //echo "<font size='1'>".$import_query."</font><br>"; }else{ $num=1; while ($row = mysql_fetch_assoc($result)) { $getdata=true; // เงื่อนไขเฉพาะ ไม่เอาแถวนี้ ถ้า StudentMaster.officerId1 = NULL if($motb_name == 'rg_Adviser'){ // sm.officerId1 = NULL if($row['officerId1'] == ''){ $getdata=false; } } if($getdata){ //if($otb_name == 'ProgramConfig') echo $row['programConfId'].'<br>'; // อาจเพิ่ม TRUNCATE TABLE $motb_name ลบข้อมูลของตาราง โดยไม่ลบโครงสร้าง if($num==1){ $import_query = 'INSERT INTO `'.$motb_name.'` ('.$nFld_name.') VALUES '; //}elseif($num==100){ // $import_query.= '; INSERT INTO `'.$motb_name.'` ('.$nFld_name.') VALUES '; // $num=2; }else{ $import_query .= ','; } $import_query .= '('; $fld_num = 0; for($i=0;$i<sizeof($sm[$tb_num]['new']['fld']);$i++){ if(!in_array($i,$sm[$tb_num]['minus'])){ $fld_num++; $fld_name = $sm[$tb_num]['old']['fld'][$i]; $def_cond = $sm[$tb_num]['def']['fld'][$i]; //if($fld_name=='fatherName') //{ echo " :$otb_name.$fld_name:$def_cond <br><br>"; } // ฟิลด์ใหม่อ้างอิงจากไหน $fld_name_pk = $sm[$tb_num]['old']['fld'][0]; $ref = $sm[$tb_num]['ref']['fld'][$i]; if($ref != '-'){ list($ref_tb,$ref_pk,$ref_fld) = preg_split("[-]",$ref); if($ref_tb!=$otb_name){ $qref = "SELECT $ref_fld FROM `$otb_name` JOIN `$ref_tb` ON $otb_name.$ref_pk = $ref_tb.$ref_pk WHERE $otb_name.$ref_pk = $row[$ref_pk] ;"; }else{ $qref = "SELECT $ref_fld FROM `$ref_tb` WHERE $ref_pk = $row[$fld_name_pk] ;"; } //echo "<td>$ref_tb</td>"; $rsRef = mysql_query($qref, $ln_reg); if(mysql_num_rows($rsRef)>0){ $rref = mysql_fetch_assoc($rsRef); if($rref[$ref_fld]!='') { //if($fld_name=='fatherName') //{ echo $rref[$ref_fld]." :$otb_name.$fld_name:$def_cond <br><br>"; } // ค่าที่ได้จากการอ้างอิงมีค่ามา if($def_cond!='-'){ //ตัดนามสกุล ใน studentBio $import_query .= special_field($row,$ln_reg, $def_cond,$rref[$ref_fld]); }else{ $data = (is_null($rref[$ref_fld]))?'NULL':$rref[$ref_fld]; $import_query .= "'".addslashes($data)."'"; //$import_query .= "'".addslashes($rref[$ref_fld])."'"; } }elseif($def_cond!='-'){ $import_query .= special_field($row,$ln_reg, $def_cond); }else{ $import_query .= "''"; } }else{ //echo " fld_name :$fld_name ,ref : $ref ,def_cond : $def_cond<br>"; $rref=($fld_name!='-')?$row[$fld_name]:''; if($def_cond!='-'){ $import_query .= special_field($row,$ln_reg, $def_cond,$rref); }else{ $import_query .= "''"; } } //echo "$def_p ,".addslashes($row[$def_fld]).'<br>'; //} }else{ // หาค่า default $rref=($fld_name!='-')?$row[$fld_name]:''; if($def_cond!='-'){ //echo " fld_name :$fld_name ,ref : $ref ,def_cond : $def_cond<br>"; $import_query .= special_field($row,$ln_reg, $def_cond,$rref); // if($def_cond=='default/1/'){ echo $import_query.'<br>';} }else{ //$import_query .= "''"; // ฟิลด์ใหม่ ข้อมูลเดิม $data = (is_null($row[$fld_name]))?'NULL':"'".addslashes($row[$fld_name])."'"; $import_query .= $data; } } if( $fld_num < $moFld_numA ) $import_query .= ', '; } }//END for $import_query .= ')'; $num++; } // getdata } //while } //else isset sql //echo $import_query.'<br><br>'; // Insert คำสั่งลงตาราง //if($num_row>1){ $rs = mysql_query($import_query, $ln_mo); if (!$rs) { $message = 'Invalid query: ' . mysql_error() . "\n"; $message .= 'Whole query: ' . $import_query; die($message); }else{ $affected = mysql_affected_rows(); } } // end !$result } //$plus + $minus ?> <tr> <td><?=$tb_num+1?></td> <td><?=$otb_name?></td> <td><?=$oFld_num?></td> <td><?=$oFld_numA?></td> <td><?=$num_row;?></td> <td><?=$motb_name?></td> <td><?=$moFld_num?></td> <td><?=$moFld_numA?></td> <td><?=$affected;?></td> <td><?=$Fld_diff;?></td> <td><?=$message;?></td> </tr> <? $records+=$num_row; $affected_records+=$affected; }else{ $moQuery = "SELECT * FROM `COLUMNS` WHERE `TABLE_SCHEMA` LIKE '$moDB' AND `TABLE_NAME` LIKE '".$motb_name."'"; $moRS = mysql_query($moQuery, $ln_info); if (!$moRS) { $message = 'Invalid query: ' . mysql_error() . "\n"; $message .= 'Whole query: ' . $moQuery; die($message); } $moFld_num = mysql_num_rows($moRS); $moQuery = "SELECT * FROM `$motb_name`"; $moRS = mysql_query($moQuery, $ln_mo); if (!$moRS) { $message = 'Invalid query: ' . mysql_error() . "\n"; $message .= 'Whole query: ' . $moQuery; die($message); } $affected = mysql_num_rows($moRS); ?> <tr><td><?=$tb_num+1?></td> <td><?=$otb_name?> </td> <td>-</td> <td>-</td> <td>-</td> <td><?=$motb_name?></td> <td><?=$moFld_num?></td> <td>-</td> <td><?=$affected?></td> <td>-</td> </tr> <? }// END if != '-' } // END for $tb_num $te=microtime(true); $tt=($te-$ts)/60; echo "<tr><td colspan=4></td><td >".$records."</td>"; echo "<td colspan=3></td><td >".$affected_records."</td><td ></td></tr>"; //echo "<td colspan=4>เวลา : $tt</td></tr>"; mysql_close($ln_info); mysql_close($ln_reg); mysql_close($ln_mo); set_time_limit(30); ?> </table> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0065 ]-- |