📄 common.lib.php
字号:
<?php/* $Id: common.lib.php,v 2.266.2.27.2.1 2006/08/01 14:18:28 lem9 Exp $ */// vim: expandtab sw=4 ts=4 sts=4:/** * Misc stuff and functions used by almost all the scripts. * Among other things, it contains the advanced authentication work. *//** * Order of sections for common.lib.php: * * the include of libraries/defines_mysql.lib.php must be after the connection * to db to get the MySql version * * the authentication libraries must be before the connection to db * * ... so the required order is: * * LABEL_definition_of_functions * - definition of functions * LABEL_variables_init * - init some variables always needed * LABEL_parsing_config_file * - parsing of the config file * LABEL_loading_language_file * - loading language file * LABEL_theme_setup * - setting up themes * * - load of mysql extension (if necessary) label_loading_mysql * - loading of an authentication library label_ * - db connection * - authentication work * - load of the libraries/defines_mysql.lib.php library to get the MySQL * release number *//** * For now, avoid warnings of E_STRICT mode * (this must be done before function definitions) */if (defined('E_STRICT')) { $old_error_reporting = error_reporting(0); if ($old_error_reporting & E_STRICT) { error_reporting($old_error_reporting ^ E_STRICT); } else { error_reporting($old_error_reporting); } unset($old_error_reporting);}/** * Avoid object cloning errors */@ini_set('zend.ze1_compatibility_mode',false);/******************************************************************************//* definition of functions LABEL_definition_of_functions *//** * Removes insecure parts in a path; used before include() or * require() when a part of the path comes from an insecure source * like a cookie or form. * * @param string The path to check * * @return string The secured path * * @access public * @author Marc Delisle (lem9@users.sourceforge.net) */function PMA_securePath($path){ // change .. to . $path = preg_replace('@\.\.*@', '.', $path); return $path;} // end function/** * returns array with dbs grouped with extended infos * * @uses $GLOBALS['dblist'] from PMA_availableDatabases() * @uses $GLOBALS['num_dbs'] from PMA_availableDatabases() * @uses $GLOBALS['cfgRelation']['commwork'] * @uses $GLOBALS['cfg']['ShowTooltip'] * @uses $GLOBALS['cfg']['LeftFrameDBTree'] * @uses $GLOBALS['cfg']['LeftFrameDBSeparator'] * @uses $GLOBALS['cfg']['ShowTooltipAliasDB'] * @uses PMA_availableDatabases() * @uses PMA_getTableCount() * @uses PMA_getComments() * @uses PMA_availableDatabases() * @uses is_array() * @uses implode() * @uses strstr() * @uses explode() * @return array db list */function PMA_getDbList(){ if (empty($GLOBALS['dblist'])) { PMA_availableDatabases(); } $dblist = $GLOBALS['dblist']; $dbgroups = array(); $parts = array(); foreach ($dblist as $key => $db) { // garvin: Get comments from PMA comments table $db_tooltip = ''; if ($GLOBALS['cfg']['ShowTooltip'] && $GLOBALS['cfgRelation']['commwork']) { $_db_tooltip = PMA_getComments($db); if (is_array($_db_tooltip)) { $db_tooltip = implode(' ', $_db_tooltip); } } if ($GLOBALS['cfg']['LeftFrameDBTree'] && $GLOBALS['cfg']['LeftFrameDBSeparator'] && strstr($db, $GLOBALS['cfg']['LeftFrameDBSeparator'])) { $pos = strrpos($db, $GLOBALS['cfg']['LeftFrameDBSeparator']); $group = substr($db, 0, $pos); $disp_name_cut = substr($db, $pos); } else { $group = $db; $disp_name_cut = $db; } $disp_name = $db; if ($db_tooltip && $GLOBALS['cfg']['ShowTooltipAliasDB']) { $disp_name = $db_tooltip; $disp_name_cut = $db_tooltip; $db_tooltip = $db; } $dbgroups[$group][$db] = array( 'name' => $db, 'disp_name_cut' => $disp_name_cut, 'disp_name' => $disp_name, 'comment' => $db_tooltip, 'num_tables' => PMA_getTableCount($db), ); } // end foreach ($dblist as $db) return $dbgroups;}/** * returns html code for select form element with dbs * * @return string html code select */function PMA_getHtmlSelectDb($selected = ''){ $dblist = PMA_getDbList(); // TODO: IE can not handle different text directions in select boxes // so, as mostly names will be in english, we set the whole selectbox to LTR // and EN $return = '<select name="db" id="lightm_db" xml:lang="en" dir="ltr"' .' onchange="if (this.value != \'\') window.parent.openDb(this.value);">' . "\n" .'<option value="" dir="' . $GLOBALS['text_dir'] . '">(' . $GLOBALS['strDatabases'] . ') ...</option>' ."\n"; foreach ($dblist as $group => $dbs) { if (count($dbs) > 1) { $return .= '<optgroup label="' . htmlspecialchars($group) . '">' . "\n"; // wether display db_name cuted by the group part $cut = true; } else { // .. or full $cut = false; } foreach ($dbs as $db) { $return .= '<option value="' . $db['name'] . '"' .' title="' . $db['comment'] . '"'; if ($db['name'] == $selected) { $return .= ' selected="selected"'; } $return .= '>' . ($cut ? $db['disp_name_cut'] : $db['disp_name']) .' (' . $db['num_tables'] . ')</option>' . "\n"; } if (count($dbs) > 1) { $return .= '</optgroup>' . "\n"; } } $return .= '</select>'; return $return;}/** * returns count of tables in given db * * @param string $db database to count tables for * @return integer count of tables in $db */function PMA_getTableCount($db){ $tables = PMA_DBI_try_query( 'SHOW TABLES FROM ' . PMA_backquote($db) . ';', null, PMA_DBI_QUERY_STORE); if ($tables) { $num_tables = PMA_DBI_num_rows($tables); PMA_DBI_free_result($tables); } else { $num_tables = 0; } return $num_tables;}/** * Get the complete list of Databases a user can access * * @param boolean whether to include check on failed 'only_db' operations * @param resource database handle (superuser) * @param integer amount of databases inside the 'only_db' container * @param resource possible resource from a failed previous query * @param resource database handle (user) * @param array configuration * @param array previous list of databases * * @return array all databases a user has access to * * @access private */function PMA_safe_db_list($only_db_check, $controllink, $dblist_cnt, $userlink, $cfg, $dblist){ if ($only_db_check == false) { // try to get the available dbs list // use userlink by default $dblist = PMA_DBI_get_dblist(); $dblist_cnt = count($dblist); // PMA_DBI_get_dblist() relies on the ability to run "SHOW DATABASES". // On servers started with --skip-show-database, this is not possible // so we have here a fallback method, which relies on the controluser // being able to access the "mysql" db, as explained in the doc. if (!$dblist_cnt) { $auth_query = 'SELECT User, Select_priv ' . 'FROM mysql.user ' . 'WHERE User = \'' . PMA_sqlAddslashes($cfg['Server']['user']) . '\''; $rs = PMA_DBI_try_query($auth_query, $controllink); } // end } // Access to "mysql" db allowed and dblist still empty -> gets the // usable db list if (!$dblist_cnt && ($rs && @PMA_DBI_num_rows($rs))) { $row = PMA_DBI_fetch_assoc($rs); PMA_DBI_free_result($rs); // Correction uva 19991215 // Previous code assumed database "mysql" admin table "db" column // "db" contains literal name of user database, and works if so. // Mysql usage generally (and uva usage specifically) allows this // column to contain regular expressions (we have all databases // owned by a given student/faculty/staff beginning with user i.d. // and governed by default by a single set of privileges with // regular expression as key). This breaks previous code. // This maintenance is to fix code to work correctly for regular // expressions. if ($row['Select_priv'] != 'Y') { // 1. get allowed dbs from the "mysql.db" table // lem9: User can be blank (anonymous user) $local_query = 'SELECT DISTINCT Db FROM mysql.db WHERE Select_priv = \'Y\' AND (User = \'' . PMA_sqlAddslashes($cfg['Server']['user']) . '\' OR User = \'\')'; $rs = PMA_DBI_try_query($local_query, $controllink); if ($rs && @PMA_DBI_num_rows($rs)) { // Will use as associative array of the following 2 code // lines: // the 1st is the only line intact from before // correction, // the 2nd replaces $dblist[] = $row['Db']; $uva_mydbs = array(); // Code following those 2 lines in correction continues // populating $dblist[], as previous code did. But it is // now populated with actual database names instead of // with regular expressions. while ($row = PMA_DBI_fetch_assoc($rs)) { // loic1: all databases cases - part 1 if ( !isset($row['Db']) || ! strlen($row['Db']) || $row['Db'] == '%') { $uva_mydbs['%'] = 1; break; } // loic1: avoid multiple entries for dbs if (!isset($uva_mydbs[$row['Db']])) { $uva_mydbs[$row['Db']] = 1; } } // end while PMA_DBI_free_result($rs); $uva_alldbs = PMA_DBI_query('SHOW DATABASES;', $GLOBALS['controllink']); // loic1: all databases cases - part 2 if (isset($uva_mydbs['%'])) { while ($uva_row = PMA_DBI_fetch_row($uva_alldbs)) { $dblist[] = $uva_row[0]; } // end while } else { while ($uva_row = PMA_DBI_fetch_row($uva_alldbs)) { $uva_db = $uva_row[0]; if (isset($uva_mydbs[$uva_db]) && $uva_mydbs[$uva_db] == 1) { $dblist[] = $uva_db; $uva_mydbs[$uva_db] = 0; } elseif (!isset($dblist[$uva_db])) { foreach ($uva_mydbs AS $uva_matchpattern => $uva_value) { // loic1: fixed bad regexp // TODO: db names may contain characters // that are regexp instructions $re = '(^|(\\\\\\\\)+|[^\])'; $uva_regex = ereg_replace($re . '%', '\\1.*', ereg_replace($re . '_', '\\1.{1}', $uva_matchpattern)); // Fixed db name matching // 2000-08-28 -- Benjamin Gandon if (ereg('^' . $uva_regex . '$', $uva_db)) { $dblist[] = $uva_db; break; } } // end while } // end if ... elseif ... } // end while } // end else PMA_DBI_free_result($uva_alldbs); unset($uva_mydbs); } // end if // 2. get allowed dbs from the "mysql.tables_priv" table $local_query = 'SELECT DISTINCT Db FROM mysql.tables_priv WHERE Table_priv LIKE \'%Select%\' AND User = \'' . PMA_sqlAddslashes($cfg['Server']['user']) . '\''; $rs = PMA_DBI_try_query($local_query, $controllink); if ($rs && @PMA_DBI_num_rows($rs)) { while ($row = PMA_DBI_fetch_assoc($rs)) { if (!in_array($row['Db'], $dblist)) { $dblist[] = $row['Db']; } } // end while PMA_DBI_free_result($rs); } // end if } // end if } // end building available dbs from the "mysql" db return $dblist;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -