common.lib.php

架設ROSE私服必備之物 ROSE數據庫

<?php
/* $Id: common.lib.php 9728 2006-11-18 19:33:17Z nijel $ */
// vim: expandtab sw=4 ts=4 sts=4:

/**
 * Misc stuff and functions used by almost all the scripts.
 * Among other things, it contains the advanced authentication work.
 */

/**
 * Order of sections for common.lib.php:
 *
 * the include of libraries/defines_mysql.lib.php must be after the connection
 * to db to get the MySql version
 *
 * the authentication libraries must be before the connection to db
 *
 * ... so the required order is:
 *
 * LABEL_definition_of_functions
 *  - definition of functions
 * LABEL_variables_init
 *  - init some variables always needed
 * LABEL_parsing_config_file
 *  - parsing of the config file
 * LABEL_loading_language_file
 *  - loading language file
 * LABEL_theme_setup
 *  - setting up themes
 *
 * - load of mysql extension (if necessary) label_loading_mysql
 * - loading of an authentication library label_
 * - db connection
 * - authentication work
 * - load of the libraries/defines_mysql.lib.php library to get the MySQL
 *   release number
 */

/**
 * For now, avoid warnings of E_STRICT mode
 * (this must be done before function definitions)
 */

if (defined('E_STRICT')) {
    $old_error_reporting = error_reporting(0);
    if ($old_error_reporting & E_STRICT) {
        error_reporting($old_error_reporting ^ E_STRICT);
    } else {
        error_reporting($old_error_reporting);
    }
    unset($old_error_reporting);
}

/**
 * Avoid object cloning errors
 */

@ini_set('zend.ze1_compatibility_mode',false);


/******************************************************************************/
/* definition of functions         LABEL_definition_of_functions              */
/**
 * Removes insecure parts in a path; used before include() or
 * require() when a part of the path comes from an insecure source
 * like a cookie or form.
 *
 * @param    string  The path to check
 *
 * @return   string  The secured path
 *
 * @access  public
 * @author  Marc Delisle (lem9@users.sourceforge.net)
 */
function PMA_securePath($path)
{
    // change .. to .
    $path = preg_replace('@\.\.*@', '.', $path);

    return $path;
} // end function

/**
 * returns array with dbs grouped with extended infos
 *
 * @uses    $GLOBALS['dblist'] from PMA_availableDatabases()
 * @uses    $GLOBALS['num_dbs'] from PMA_availableDatabases()
 * @uses    $GLOBALS['cfgRelation']['commwork']
 * @uses    $GLOBALS['cfg']['ShowTooltip']
 * @uses    $GLOBALS['cfg']['LeftFrameDBTree']
 * @uses    $GLOBALS['cfg']['LeftFrameDBSeparator']
 * @uses    $GLOBALS['cfg']['ShowTooltipAliasDB']
 * @uses    PMA_availableDatabases()
 * @uses    PMA_getTableCount()
 * @uses    PMA_getComments()
 * @uses    PMA_availableDatabases()
 * @uses    is_array()
 * @uses    implode()
 * @uses    strstr()
 * @uses    explode()
 * @return  array   db list
 */
function PMA_getDbList()
{
    if (empty($GLOBALS['dblist'])) {
        PMA_availableDatabases();
    }
    $dblist     = $GLOBALS['dblist'];
    $dbgroups   = array();
    $parts      = array();
    foreach ($dblist as $key => $db) {
        // garvin: Get comments from PMA comments table
        $db_tooltip = '';
        if ($GLOBALS['cfg']['ShowTooltip']
          && $GLOBALS['cfgRelation']['commwork']) {
            $_db_tooltip = PMA_getComments($db);
            if (is_array($_db_tooltip)) {
                $db_tooltip = implode(' ', $_db_tooltip);
            }
        }

        if ($GLOBALS['cfg']['LeftFrameDBTree']
            && $GLOBALS['cfg']['LeftFrameDBSeparator']
            && strstr($db, $GLOBALS['cfg']['LeftFrameDBSeparator']))
        {
            // use strpos instead of strrpos; it seems more common to
            // have the db name, the separator, then the rest which
            // might contain a separator
            // like dbname_the_rest
            $pos            = strpos($db, $GLOBALS['cfg']['LeftFrameDBSeparator']);
            $group          = substr($db, 0, $pos);
            $disp_name_cut  = substr($db, $pos);
        } else {
            $group          = $db;
            $disp_name_cut  = $db;
        }

        $disp_name  = $db;
        if ($db_tooltip && $GLOBALS['cfg']['ShowTooltipAliasDB']) {
            $disp_name      = $db_tooltip;
            $disp_name_cut  = $db_tooltip;
            $db_tooltip     = $db;
        }

        $dbgroups[$group][$db] = array(
            'name'          => $db,
            'disp_name_cut' => $disp_name_cut,
            'disp_name'     => $disp_name,
            'comment'       => $db_tooltip,
            'num_tables'    => PMA_getTableCount($db),
       );
    } // end foreach ($dblist as $db)
    return $dbgroups;
}

/**
 * returns html code for select form element with dbs
 *
 * @return  string  html code select
 */
function PMA_getHtmlSelectDb($selected = '')
{
    $dblist = PMA_getDbList();
    // TODO: IE can not handle different text directions in select boxes
    // so, as mostly names will be in english, we set the whole selectbox to LTR
    // and EN
    $return = '<select name="db" id="lightm_db" xml:lang="en" dir="ltr"'
        .' onchange="if (this.value != \'\') window.parent.openDb(this.value);">' . "\n"
        .'<option value="" dir="' . $GLOBALS['text_dir'] . '">(' . $GLOBALS['strDatabases'] . ') ...</option>'
        ."\n";
    foreach ($dblist as $group => $dbs) {
        if (count($dbs) > 1) {
            $return .= '<optgroup label="' . htmlspecialchars($group)
                . '">' . "\n";
            // wether display db_name cuted by the group part
            $cut = true;
        } else {
            // .. or full
            $cut = false;
        }
        foreach ($dbs as $db) {
            $return .= '<option value="' . $db['name'] . '"'
                .' title="' . htmlspecialchars($db['comment']) . '"';
            if ($db['name'] == $selected) {
                $return .= ' selected="selected"';
            }
            $return .= '>' . htmlspecialchars($cut ? $db['disp_name_cut'] : $db['disp_name'])
                .' (' . $db['num_tables'] . ')</option>' . "\n";
        }
        if (count($dbs) > 1) {
            $return .= '</optgroup>' . "\n";
        }
    }
    $return .= '</select>';

    return $return;
}

/**
 * returns count of tables in given db
 *
 * @param   string  $db database to count tables for
 * @return  integer count of tables in $db
 */
function PMA_getTableCount($db)
{
    $tables = PMA_DBI_try_query(
        'SHOW TABLES FROM ' . PMA_backquote($db) . ';',
        null, PMA_DBI_QUERY_STORE);
    if ($tables) {
        $num_tables = PMA_DBI_num_rows($tables);
        PMA_DBI_free_result($tables);
    } else {
        $num_tables = 0;
    }

    return $num_tables;
}


/**
 * Get the complete list of Databases a user can access
 *
 * @param   boolean   whether to include check on failed 'only_db' operations
 * @param   resource  database handle (superuser)
 * @param   integer   amount of databases inside the 'only_db' container
 * @param   resource  possible resource from a failed previous query
 * @param   resource  database handle (user)
 * @param   array     configuration
 * @param   array     previous list of databases
 *
 * @return  array     all databases a user has access to
 *
 * @access  private
 */
function PMA_safe_db_list($only_db_check, $controllink, $dblist_cnt, $userlink,
    $cfg, $dblist)
{
    if ($only_db_check == false) {
        // try to get the available dbs list
        // use userlink by default
        $dblist = PMA_DBI_get_dblist();
        $dblist_cnt   = count($dblist);

        // PMA_DBI_get_dblist() relies on the ability to run "SHOW DATABASES".
        // On servers started with --skip-show-database, this is not possible
        // so we have here a fallback method, which relies on the controluser
        // being able to access the "mysql" db, as explained in the doc.

        if (!$dblist_cnt) {
            $auth_query   = 'SELECT User, Select_priv '
                          . 'FROM mysql.user '
                          . 'WHERE User = \'' . PMA_sqlAddslashes($cfg['Server']['user']) . '\'';
            $rs           = PMA_DBI_try_query($auth_query, $controllink);
        } // end
    }

    // Access to "mysql" db allowed and dblist still empty -> gets the
    // usable db list
    if (!$dblist_cnt && ($rs && @PMA_DBI_num_rows($rs))) {
        $row = PMA_DBI_fetch_assoc($rs);
        PMA_DBI_free_result($rs);
        // Correction uva 19991215
        // Previous code assumed database "mysql" admin table "db" column
        // "db" contains literal name of user database, and works if so.
        // Mysql usage generally (and uva usage specifically) allows this
        // column to contain regular expressions (we have all databases
        // owned by a given student/faculty/staff beginning with user i.d.
        // and governed by default by a single set of privileges with
        // regular expression as key). This breaks previous code.
        // This maintenance is to fix code to work correctly for regular
        // expressions.
        if ($row['Select_priv'] != 'Y') {

            // 1. get allowed dbs from the "mysql.db" table
            // lem9: User can be blank (anonymous user)
            $local_query = 'SELECT DISTINCT Db FROM mysql.db WHERE Select_priv = \'Y\' AND (User = \'' . PMA_sqlAddslashes($cfg['Server']['user']) . '\' OR User = \'\')';
            $rs          = PMA_DBI_try_query($local_query, $controllink);
            if ($rs && @PMA_DBI_num_rows($rs)) {
                // Will use as associative array of the following 2 code
                // lines:
                //   the 1st is the only line intact from before
                //     correction,
                //   the 2nd replaces $dblist[] = $row['Db'];
                $uva_mydbs = array();
                // Code following those 2 lines in correction continues
                // populating $dblist[], as previous code did. But it is
                // now populated with actual database names instead of
                // with regular expressions.
                while ($row = PMA_DBI_fetch_assoc($rs)) {
                    // loic1: all databases cases - part 1
                    if ( !isset($row['Db']) || ! strlen($row['Db']) || $row['Db'] == '%') {
                        $uva_mydbs['%'] = 1;
                        break;
                    }
                    // loic1: avoid multiple entries for dbs
                    if (!isset($uva_mydbs[$row['Db']])) {
                        $uva_mydbs[$row['Db']] = 1;
                    }
                } // end while
                PMA_DBI_free_result($rs);
                $uva_alldbs = PMA_DBI_query('SHOW DATABASES;', $GLOBALS['controllink']);
                // loic1: all databases cases - part 2
                if (isset($uva_mydbs['%'])) {
                    while ($uva_row = PMA_DBI_fetch_row($uva_alldbs)) {
                        $dblist[] = $uva_row[0];
                    } // end while
                } else {
                    while ($uva_row = PMA_DBI_fetch_row($uva_alldbs)) {
                        $uva_db = $uva_row[0];
                        if (isset($uva_mydbs[$uva_db]) && $uva_mydbs[$uva_db] == 1) {
                            $dblist[]           = $uva_db;
                            $uva_mydbs[$uva_db] = 0;
                        } elseif (!isset($dblist[$uva_db])) {
                            foreach ($uva_mydbs as $uva_matchpattern => $uva_value) {
                                // loic1: fixed bad regexp
                                // TODO: db names may contain characters
                                //       that are regexp instructions
                                $re        = '(^|(\\\\\\\\)+|[^\])';
                                $uva_regex = ereg_replace($re . '%', '\\1.*', ereg_replace($re . '_', '\\1.{1}', $uva_matchpattern));
                                // Fixed db name matching
                                // 2000-08-28 -- Benjamin Gandon
                                if (ereg('^' . $uva_regex . '$', $uva_db)) {
                                    $dblist[] = $uva_db;
                                    break;
                                }
                            } // end while
                        } // end if ... elseif ...
                    } // end while
                } // end else
                PMA_DBI_free_result($uva_alldbs);
                unset($uva_mydbs);
            } // end if

            // 2. get allowed dbs from the "mysql.tables_priv" table
            $local_query = 'SELECT DISTINCT Db FROM mysql.tables_priv WHERE Table_priv LIKE \'%Select%\' AND User = \'' . PMA_sqlAddslashes($cfg['Server']['user']) . '\'';
            $rs          = PMA_DBI_try_query($local_query, $controllink);
            if ($rs && @PMA_DBI_num_rows($rs)) {
                while ($row = PMA_DBI_fetch_assoc($rs)) {
                    if (!in_array($row['Db'], $dblist)) {
                        $dblist[] = $row['Db'];
                    }
                } // end while
                PMA_DBI_free_result($rs);
            } // end if
        } // end if
    } // end building available dbs from the "mysql" db

    return $dblist;