-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathacp_service_db.php
50 lines (47 loc) · 1.68 KB
/
acp_service_db.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
<?php
require_once("includes/global_req_login.php");
require_once("includes/header.php");
if ($xrf_myulevel < 4)
{
xrf_go_redir("index.php","Invalid permissions.",2);
}
else
{
$do = $_GET['do'] ?? '';
if ($do == "execute")
{
$sqltoexecute = $_POST['sqltoexecute'];
if(isset($_POST['confirm']))
{
$confirm = 1;
}
else
{
$confirm = 0;
}
if ($confirm == 1)
{
$result=mysqli_multi_query($xrf_db, $sqltoexecute);
// prevent the next query from failing
while(mysqli_more_results($xrf_db)) { mysqli_next_result($xrf_db); }
$query="INSERT INTO g_log (uid, date, event) VALUES ('$xrf_myid',NOW(),'Executed arbitrary SQL servicing.')";
mysqli_query($xrf_db, $query);
xrf_go_redir("acp.php","Servicing complete.",2);
}
else
xrf_go_redir("acp.php","Servicing not performed.",2);
}
else
{
echo "
<p><b>Service Database</b></p>
<p align=\"left\"><b><font color=\"red\">WARNING!</font> This page runs unprotected SQL queries against the database. You can irreparabily and unrecoverably damage the information in this system.</b></p>
<p align=\"left\">SQL entered into the box below will be executed in full against the database. This can be useful for bulk operations not supported by the user interface, or to repair issues with tables or records. You should not use this unless you are well-versed in the table formats used by XRF, or so instructed by support.</p>
<form action=\"acp_service_db.php?do=execute\" method=\"POST\">
<textarea name=\"sqltoexecute\" rows=\"20\" cols=\"80\"></textarea><p>
<input type=\"checkbox\" name=\"confirm\"> Confirm intent to send.<br><input type=\"submit\" value=\"Send!\">
</form>";
}
}
require_once("includes/footer.php");
?>