phpBB

Code Changes

File: includes/acp/acp_database.php

  Unmodified   Added   Modified   Removed
Line 21Line 21
*/
class acp_database
{

*/
class acp_database
{

 
	var $db_tools;

	var $u_action;

function main($id, $mode)
{

	var $u_action;

function main($id, $mode)
{

		global $db, $user, $auth, $template, $table_prefix;

		global $cache, $db, $user, $auth, $template, $table_prefix;

		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;

		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;

 

if (!class_exists('phpbb_db_tools'))
{
require($phpbb_root_path . 'includes/db/db_tools.' . $phpEx);
}
$this->db_tools = new phpbb_db_tools($db);

		
$user->add_lang('acp/database');


		
$user->add_lang('acp/database');


Line 50Line 57
				{
case 'download':
$type = request_var('type', '');

				{
case 'download':
$type = request_var('type', '');

						$table	= request_var('table', array(''));

						$table	= array_intersect($this->db_tools->sql_list_tables(), request_var('table', array('')));

						$format	= request_var('method', '');
$where = request_var('where', '');


						$format	= request_var('method', '');
$where = request_var('where', '');


Line 82Line 89
						}

@set_time_limit(1200);

						}

@set_time_limit(1200);

 
						@set_time_limit(0);


$time = time();



$time = time();


Line 108Line 116

case 'mssql':
case 'mssql_odbc':


case 'mssql':
case 'mssql_odbc':

 
							case 'mssqlnative':

								$extractor = new mssql_extractor($download, $store, $format, $filename, $time);
break;


								$extractor = new mssql_extractor($download, $store, $format, $filename, $time);
break;


Line 137Line 146

case 'mssql':
case 'mssql_odbc':


case 'mssql':
case 'mssql_odbc':

 
									case 'mssqlnative':

										$extractor->flush('TRUNCATE TABLE ' . $table_name . "GO\n");
break;

case 'oracle':

										$extractor->flush('TRUNCATE TABLE ' . $table_name . "GO\n");
break;

case 'oracle':

										$extractor->flush('TRUNCATE TABLE ' . $table_name . "\\\n");

										$extractor->flush('TRUNCATE TABLE ' . $table_name . "/\n");

									break;

default:

									break;

default:

Line 158Line 168
						}

$extractor->write_end();

						}

$extractor->write_end();

 

add_log('admin', 'LOG_DB_BACKUP');


if ($download == true)
{
exit;
}



if ($download == true)
{
exit;
}


						add_log('admin', 'LOG_DB_BACKUP');

 
						trigger_error($user->lang['BACKUP_SUCCESS'] . adm_back_link($this->u_action));
break;

default:

						trigger_error($user->lang['BACKUP_SUCCESS'] . adm_back_link($this->u_action));
break;

default:

						include($phpbb_root_path . 'includes/functions_install.' . $phpEx);
$tables = get_tables($db);

						$tables = $this->db_tools->sql_list_tables();
asort($tables);

						foreach ($tables as $table_name)
{
if (strlen($table_prefix) === 0 || stripos($table_name, $table_prefix) === 0)

						foreach ($tables as $table_name)
{
if (strlen($table_prefix) === 0 || stripos($table_name, $table_prefix) === 0)

Line 216Line 227
					case 'submit':
$delete = request_var('delete', '');
$file = request_var('file', '');

					case 'submit':
$delete = request_var('delete', '');
$file = request_var('file', '');

 
						$download = request_var('download', '');


if (!preg_match('#^backup_\d{10,}_[a-z\d]{16}\.(sql(?:\.(?:gz|bz2))?)$#', $file, $matches))
{


if (!preg_match('#^backup_\d{10,}_[a-z\d]{16}\.(sql(?:\.(?:gz|bz2))?)$#', $file, $matches))
{

Line 242Line 254
								confirm_box(false, $user->lang['DELETE_SELECTED_BACKUP'], build_hidden_fields(array('delete' => $delete, 'file' => $file)));
}
}

								confirm_box(false, $user->lang['DELETE_SELECTED_BACKUP'], build_hidden_fields(array('delete' => $delete, 'file' => $file)));
}
}

						else

						else if ($download || confirm_box(true))

						{

						{

							$download = request_var('download', '');


 
							if ($download)
{
$name = $matches[0];

							if ($download)
{
$name = $matches[0];

Line 341Line 351
								break;

case 'postgres':

								break;

case 'postgres':

 
									$delim = ";\n";

									while (($sql = $fgetd($fp, $delim, $read, $seek, $eof)) !== false)
{
$query = trim($sql);

									while (($sql = $fgetd($fp, $delim, $read, $seek, $eof)) !== false)
{
$query = trim($sql);

 

if (substr($query, 0, 13) == 'CREATE DOMAIN')
{
list(, , $domain) = explode(' ', $query);
$sql = "SELECT domain_name
FROM information_schema.domains
WHERE domain_name = '$domain';";
$result = $db->sql_query($sql);
if (!$db->sql_fetchrow($result))
{

										$db->sql_query($query);

										$db->sql_query($query);

 
											}
$db->sql_freeresult($result);
}
else
{
$db->sql_query($query);
}


										if (substr($query, 0, 4) == 'COPY')
{
while (($sub = $fgetd($fp, "\n", $read, $seek, $eof)) !== '\.')

										if (substr($query, 0, 4) == 'COPY')
{
while (($sub = $fgetd($fp, "\n", $read, $seek, $eof)) !== '\.')

Line 370Line 399

case 'mssql':
case 'mssql_odbc':


case 'mssql':
case 'mssql_odbc':

 
								case 'mssqlnative':

									while (($sql = $fgetd($fp, "GO\n", $read, $seek, $eof)) !== false)
{
$db->sql_query($sql);

									while (($sql = $fgetd($fp, "GO\n", $read, $seek, $eof)) !== false)
{
$db->sql_query($sql);

Line 378Line 408
							}

$close($fp);

							}

$close($fp);

 

// Purge the cache due to updated data
$cache->purge();


add_log('admin', 'LOG_DB_RESTORE');
trigger_error($user->lang['RESTORE_SUCCESS'] . adm_back_link($this->u_action));
break;


add_log('admin', 'LOG_DB_RESTORE');
trigger_error($user->lang['RESTORE_SUCCESS'] . adm_back_link($this->u_action));
break;

 
						}
else if (!$download)
{
confirm_box(false, $user->lang['RESTORE_SELECTED_BACKUP'], build_hidden_fields(array('file' => $file)));

						}

default:

						}

default:

Line 399Line 436

$dir = $phpbb_root_path . 'store/';
$dh = @opendir($dir);


$dir = $phpbb_root_path . 'store/';
$dh = @opendir($dir);

 

$backup_files = array();


if ($dh)
{


if ($dh)
{

Line 406Line 445
							{
if (preg_match('#^backup_(\d{10,})_[a-z\d]{16}\.(sql(?:\.(?:gz|bz2))?)$#', $file, $matches))
{

							{
if (preg_match('#^backup_(\d{10,})_[a-z\d]{16}\.(sql(?:\.(?:gz|bz2))?)$#', $file, $matches))
{

									$supported = in_array($matches[2], $methods);








									if (in_array($matches[2], $methods))
{
$backup_files[(int) $matches[1]] = $file;
}
}
}
closedir($dh);
}





									if ($supported == 'true')





						if (!empty($backup_files))
{
krsort($backup_files);

foreach ($backup_files as $name => $file)

									{
$template->assign_block_vars('files', array(
'FILE' => $file,

									{
$template->assign_block_vars('files', array(
'FILE' => $file,

											'NAME'		=> gmdate("d-m-Y H:i:s", $matches[1]),
'SUPPORTED' => $supported

									'NAME'		=> $user->format_date($name, 'd-m-Y H:i:s', true),
'SUPPORTED' => true,

										));
}

										));
}

								}
}
closedir($dh);

 
						}

$template->assign_vars(array(

						}

$template->assign_vars(array(

Line 513Line 560
	
if (!$this->fp)
{

	
if (!$this->fp)
{

				trigger_error('Unable to write temporary file to storage folder', E_USER_ERROR);

				trigger_error('FILE_WRITE_FAIL', E_USER_ERROR);

			}
}
}

			}
}
}

Line 521Line 568
	function write_end()
{
static $close;

	function write_end()
{
static $close;

 


		if ($this->store)
{
if ($close === null)

		if ($this->store)
{
if ($close === null)

Line 596Line 644

if ($new_extract === null)
{


if ($new_extract === null)
{

			if ($db->sql_layer === 'mysqli' || version_compare($db->mysql_version, '3.23.20', '>='))

			if ($db->sql_layer === 'mysqli' || version_compare($db->sql_server_info(true), '3.23.20', '>='))

			{
$new_extract = true;
}

			{
$new_extract = true;
}

Line 1086Line 1134
		}

$sql_data = '-- Table: ' . $table_name . "\n";

		}

$sql_data = '-- Table: ' . $table_name . "\n";

		//$sql_data .= "DROP TABLE $table_name;\n";

		$sql_data .= "DROP TABLE $table_name;\n";

		// PGSQL does not "tightly" bind sequences and tables, we must guess...
$sql = "SELECT relname
FROM pg_class

		// PGSQL does not "tightly" bind sequences and tables, we must guess...
$sql = "SELECT relname
FROM pg_class

Line 1121Line 1169
					AND (c.oid = d.adrelid)
AND d.adnum = " . $row['attnum'];
$def_res = $db->sql_query($sql_get_default);

					AND (c.oid = d.adrelid)
AND d.adnum = " . $row['attnum'];
$def_res = $db->sql_query($sql_get_default);

 
			$def_row = $db->sql_fetchrow($def_res);
$db->sql_freeresult($def_res);





			if (!$def_res)

			if (empty($def_row))

			{
unset($row['rowdefault']);
}
else
{

			{
unset($row['rowdefault']);
}
else
{

				$row['rowdefault'] = $db->sql_fetchfield('rowdefault', false, $def_res);

				$row['rowdefault'] = $def_row['rowdefault'];

			}

			}

			$db->sql_freeresult($def_res);

 

if ($row['type'] == 'bpchar')
{


if ($row['type'] == 'bpchar')
{

Line 1155Line 1204
				$line .= ')';
}


				$line .= ')';
}


			if (!empty($row['rowdefault']))

			if (isset($row['rowdefault']))

			{
$line .= ' DEFAULT ' . $row['rowdefault'];
}

			{
$line .= ' DEFAULT ' . $row['rowdefault'];
}

Line 1471Line 1520
		if ($db->sql_layer === 'mssql')
{
$this->write_data_mssql($table_name);

		if ($db->sql_layer === 'mssql')
{
$this->write_data_mssql($table_name);

 
		}
else if($db->sql_layer === 'mssqlnative')
{
$this->write_data_mssqlnative($table_name);

		}
else
{

		}
else
{

Line 1566Line 1619
		$db->sql_freeresult($result);

if ($retrieved_data && $ident_set)

		$db->sql_freeresult($result);

if ($retrieved_data && $ident_set)

 
		{
$sql_data .= "\nSET IDENTITY_INSERT $table_name OFF\nGO\n";
}
$this->flush($sql_data);
}

function write_data_mssqlnative($table_name)
{
global $db;
$ary_type = $ary_name = array();
$ident_set = false;
$sql_data = '';

// Grab all of the data from current table.
$sql = "SELECT * FROM $table_name";
$db->mssqlnative_set_query_options(array('Scrollable' => SQLSRV_CURSOR_STATIC));
$result = $db->sql_query($sql);

$retrieved_data = $db->mssqlnative_num_rows($result);

if (!$retrieved_data)
{
$db->sql_freeresult($result);
return;
}

$sql = "SELECT * FROM $table_name";
$result_fields = $db->sql_query_limit($sql, 1);

$row = new result_mssqlnative($result_fields);
$i_num_fields = $row->num_fields();

for ($i = 0; $i < $i_num_fields; $i++)
{
$ary_type[$i] = $row->field_type($i);
$ary_name[$i] = $row->field_name($i);
}
$db->sql_freeresult($result_fields);

$sql = "SELECT 1 as has_identity
FROM INFORMATION_SCHEMA.COLUMNS
WHERE COLUMNPROPERTY(object_id('$table_name'), COLUMN_NAME, 'IsIdentity') = 1";
$result2 = $db->sql_query($sql);
$row2 = $db->sql_fetchrow($result2);

if (!empty($row2['has_identity']))
{
$sql_data .= "\nSET IDENTITY_INSERT $table_name ON\nGO\n";
$ident_set = true;
}
$db->sql_freeresult($result2);

while ($row = $db->sql_fetchrow($result))
{
$schema_vals = $schema_fields = array();

// Build the SQL statement to recreate the data.
for ($i = 0; $i < $i_num_fields; $i++)
{
$str_val = $row[$ary_name[$i]];

// defaults to type number - better quote just to be safe, so check for is_int too
if (is_int($ary_type[$i]) || preg_match('#char|text|bool|varbinary#i', $ary_type[$i]))
{
$str_quote = '';
$str_empty = "''";
$str_val = sanitize_data_mssql(str_replace("'", "''", $str_val));
}
else if (preg_match('#date|timestamp#i', $ary_type[$i]))
{
if (empty($str_val))
{
$str_quote = '';
}
else
{
$str_quote = "'";
}
}
else
{
$str_quote = '';
$str_empty = 'NULL';
}

if (empty($str_val) && $str_val !== '0' && !(is_int($str_val) || is_float($str_val)))
{
$str_val = $str_empty;
}

$schema_vals[$i] = $str_quote . $str_val . $str_quote;
$schema_fields[$i] = $ary_name[$i];
}

// Take the ordered fields and their associated data and build it
// into a valid sql statement to recreate that field in the data.
$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES (' . implode(', ', $schema_vals) . ");\nGO\n";

$this->flush($sql_data);
$sql_data = '';
}
$db->sql_freeresult($result);

if ($ident_set)

		{
$sql_data .= "\nSET IDENTITY_INSERT $table_name OFF\nGO\n";
}

		{
$sql_data .= "\nSET IDENTITY_INSERT $table_name OFF\nGO\n";
}

Line 1679Line 1836
	{
global $db;
$sql_data = '-- Table: ' . $table_name . "\n";

	{
global $db;
$sql_data = '-- Table: ' . $table_name . "\n";

		$sql_data .= "DROP TABLE $table_name;\n";
$sql_data .= '\\' . "\n";

		$sql_data .= "DROP TABLE $table_name\n/\n";


		$sql_data .= "\nCREATE TABLE $table_name (\n";

$sql = "SELECT COLUMN_NAME, DATA_TYPE, DATA_PRECISION, DATA_LENGTH, NULLABLE, DATA_DEFAULT

		$sql_data .= "\nCREATE TABLE $table_name (\n";

$sql = "SELECT COLUMN_NAME, DATA_TYPE, DATA_PRECISION, DATA_LENGTH, NULLABLE, DATA_DEFAULT

Line 1695Line 1851

if ($row['data_type'] !== 'CLOB')
{


if ($row['data_type'] !== 'CLOB')
{

				if ($row['data_type'] !== 'VARCHAR2')

				if ($row['data_type'] !== 'VARCHAR2' && $row['data_type'] !== 'CHAR')

				{
$line .= '(' . $row['data_precision'] . ')';
}

				{
$line .= '(' . $row['data_precision'] . ')';
}

Line 1725Line 1881
				AND A.TABLE_NAME = '{$table_name}'";
$result = $db->sql_query($sql);


				AND A.TABLE_NAME = '{$table_name}'";
$result = $db->sql_query($sql);


 
		$primary_key = array();
$contraint_name = '';

		while ($row = $db->sql_fetchrow($result))
{

		while ($row = $db->sql_fetchrow($result))
{

			$rows[] = "  CONSTRAINT {$row['constraint_name']} PRIMARY KEY ({$row['column_name']})";


			$constraint_name = '"' . $row['constraint_name'] . '"';
$primary_key[] = '"' . $row['column_name'] . '"';

		}
$db->sql_freeresult($result);

		}
$db->sql_freeresult($result);

 

if (sizeof($primary_key))
{
$rows[] = " CONSTRAINT {$constraint_name} PRIMARY KEY (" . implode(', ', $primary_key) . ')';
}


$sql = "SELECT A.CONSTRAINT_NAME, A.COLUMN_NAME
FROM USER_CONS_COLUMNS A, USER_CONSTRAINTS B


$sql = "SELECT A.CONSTRAINT_NAME, A.COLUMN_NAME
FROM USER_CONS_COLUMNS A, USER_CONSTRAINTS B

Line 1738Line 1902
				AND A.TABLE_NAME = '{$table_name}'";
$result = $db->sql_query($sql);


				AND A.TABLE_NAME = '{$table_name}'";
$result = $db->sql_query($sql);


 
		$unique = array();
$contraint_name = '';

		while ($row = $db->sql_fetchrow($result))
{

		while ($row = $db->sql_fetchrow($result))
{

			$rows[] = "  CONSTRAINT {$row['constraint_name']} UNIQUE ({$row['column_name']})";


			$constraint_name = '"' . $row['constraint_name'] . '"';
$unique[] = '"' . $row['column_name'] . '"';

		}
$db->sql_freeresult($result);

		}
$db->sql_freeresult($result);

 

if (sizeof($unique))
{
$rows[] = " CONSTRAINT {$constraint_name} UNIQUE (" . implode(', ', $unique) . ')';
}


$sql_data .= implode(",\n", $rows);


$sql_data .= implode(",\n", $rows);

		$sql_data .= "\n)\n\\";

		$sql_data .= "\n)\n/\n";





		$sql = "SELECT A.REFERENCED_NAME
FROM USER_DEPENDENCIES A, USER_TRIGGERS B

		$sql = "SELECT A.REFERENCED_NAME, C.*
FROM USER_DEPENDENCIES A, USER_TRIGGERS B, USER_SEQUENCES C

			WHERE A.REFERENCED_TYPE = 'SEQUENCE'
AND A.NAME = B.TRIGGER_NAME

			WHERE A.REFERENCED_TYPE = 'SEQUENCE'
AND A.NAME = B.TRIGGER_NAME

				AND B. TABLE_NAME = '{$table_name}'";


				AND B.TABLE_NAME = '{$table_name}'
AND C.SEQUENCE_NAME = A.REFERENCED_NAME";

		$result = $db->sql_query($sql);

		$result = $db->sql_query($sql);

 

$type = request_var('type', '');


		while ($row = $db->sql_fetchrow($result))
{

		while ($row = $db->sql_fetchrow($result))
{

			$sql_data .= "\nCREATE SEQUENCE {$row['referenced_name']}\\\n";









			$sql_data .= "\nDROP SEQUENCE \"{$row['referenced_name']}\"\n/\n";
$sql_data .= "\nCREATE SEQUENCE \"{$row['referenced_name']}\"";

if ($type == 'full')
{
$sql_data .= ' START WITH ' . $row['last_number'];
}

$sql_data .= "\n/\n";

		}
$db->sql_freeresult($result);


		}
$db->sql_freeresult($result);


Line 1765Line 1949
		$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{

		$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{

			$sql_data .= "\nCREATE OR REPLACE TRIGGER {$row['description']}WHEN ({$row['when_clause']})\n{$row['trigger_body']}\\";

			$sql_data .= "\nCREATE OR REPLACE TRIGGER {$row['description']}WHEN ({$row['when_clause']})\n{$row['trigger_body']}\n/\n";

		}
$db->sql_freeresult($result);


		}
$db->sql_freeresult($result);


Line 1785Line 1969

foreach ($index as $index_name => $column_names)
{


foreach ($index as $index_name => $column_names)
{

			$sql_data .= "\nCREATE INDEX $index_name ON $table_name(" . implode(', ', $column_names) . ")\n\\";

			$sql_data .= "\nCREATE INDEX $index_name ON $table_name(" . implode(', ', $column_names) . ")\n/\n";

		}
$db->sql_freeresult($result);
$this->flush($sql_data);

		}
$db->sql_freeresult($result);
$this->flush($sql_data);

Line 1818Line 2002
			// Build the SQL statement to recreate the data.
for ($i = 0; $i < $i_num_fields; $i++)
{

			// Build the SQL statement to recreate the data.
for ($i = 0; $i < $i_num_fields; $i++)
{

				$str_val = $row[$ary_name[$i]];


				// Oracle uses uppercase - we use lowercase
$str_val = $row[strtolower($ary_name[$i])];





				if (preg_match('#char|text|bool|raw#i', $ary_type[$i]))

				if (preg_match('#char|text|bool|raw|clob#i', $ary_type[$i]))

				{
$str_quote = '';
$str_empty = "''";

				{
$str_quote = '';
$str_empty = "''";

Line 1849Line 2034
				}

$schema_vals[$i] = $str_quote . $str_val . $str_quote;

				}

$schema_vals[$i] = $str_quote . $str_val . $str_quote;

				$schema_fields[$i] = '"' . $ary_name[$i] . "'";

				$schema_fields[$i] = '"' . $ary_name[$i] . '"';

			}

// Take the ordered fields and their associated data and build it
// into a valid sql statement to recreate that field in the data.

			}

// Take the ordered fields and their associated data and build it
// into a valid sql statement to recreate that field in the data.

			$sql_data = "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES (' . implode(', ', $schema_vals) . ");\n";

			$sql_data = "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES (' . implode(', ', $schema_vals) . ")\n/\n";


$this->flush($sql_data);
}


$this->flush($sql_data);
}

Line 2173Line 2358

function sanitize_data_oracle($text)
{


function sanitize_data_oracle($text)
{

	$data = preg_split('/[\0\n\t\r\b\f\'"\\\]/', $text);
preg_match_all('/[\0\n\t\r\b\f\'"\\\]/', $text, $matches);



//	$data = preg_split('/[\0\n\t\r\b\f\'"\/\\\]/', $text);
// preg_match_all('/[\0\n\t\r\b\f\'"\/\\\]/', $text, $matches);
$data = preg_split('/[\0\b\f\'\/]/', $text);
preg_match_all('/[\0\r\b\f\'\/]/', $text, $matches);


$val = array();



$val = array();