-
Notifications
You must be signed in to change notification settings - Fork 2
/
dbqueries.php
115 lines (99 loc) · 3.14 KB
/
dbqueries.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
<?php
$work_dir= "/var/www/htdocs/selfservice";
$storage_dir = $work_dir."/storage/";
if(!defined('sugarEntry'))define('sugarEntry', true);
require_once('/var/www/htdocs/sales/salesconnect/config_override.php');
$date = new DateTime();
$database = 'SALECONN';
$hostname = $sugar_config['db']['reports']['db_host_name'];
$port = $sugar_config['db']['reports']['db_port']; // also tried 50000
$conn_string = "DATABASE=SALECONN;HOSTNAME=".$hostname.";PORT=".$port.";PROTOCOL=TCPIP;[email protected];PWD=passw0rd";
$conn = db2_connect($conn_string, '', '');
#$sql = "select name from sctid.upgrade_history";
$message = "Dont use SELECT * type queries .The query attempted to use a data types which cannot be used in queries against a read-enabled HADR standby database.(LOB * )";
$query = $_POST["sql"];
$query = htmlspecialchars($query);
$type = $_POST["sqltype"];
$format = $_POST["format"];
if ($type == "select"){
$sql = $query;
} else {
$sql = "call SYSPROC.ADMIN_CMD('".$query."')";
}
$ip = $_SERVER['REMOTE_ADDR'];
$log_info = $date->format('Y-m-d H:i:s')."---".$ip."---".$sql."\n";
file_put_contents('/var/www/htdocs/QueryLogging.txt', $log_info, FILE_APPEND);
if ($conn) {
$stmt = db2_prepare($conn, $sql);
if ($stmt) {
$success = db2_execute($stmt);
if (!$success) {
$result[]= "exec errormsg1: " .db2_stmt_errormsg($stmt);
$stringy = implode(' ',$result); ?>
<script>
window.alert(' <?php echo $stringy; ?>');
</script>
<?php
}
else
{
while ($row = db2_fetch_array($stmt)) {
if ($format == "human"){
$result[] = implode(" ", $row);
} else {
$result[] = implode(",", $row);
}
}
$filename = 'db2_query.'.$date->getTimestamp().'.txt';
file_put_contents ('/var/www/htdocs/selfservice/storage/'.$filename , implode("\r\n", $result));
$handle = '/var/www/htdocs/selfservice/storage/'.$filename;
fclose($handle);
if ( 0 == filesize( $handle ) )
{
?>
<script>
window.alert('No results returned, Sorry ! \n It is possible you tried to query LOB data which is not allowed ');
</script>
<?php
}
else{
downloadFile($filename,$storage_dir);
}
}
} else {
$result[]= "exec errormsg2: " .db2_stmt_errormsg($stmt);
$stringy = implode(' ',$result); ?>
<script>
window.alert(' <?php echo "did you enter a query ?::".$stringy; ?>');
</script>
<?php
}
db2_close($conn);
} else {
echo "failed ".db2_conn_errormsg();
}
?>
<?php
function downloadFile($file, $storage_dir) {
$file = trim($file);
$fullPath = $storage_dir.$file;
if (file_exists($fullPath)) { ## doesn't work
echo "the file exits";
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($storage_dir.$file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($storage_dir.$file));
ob_clean();
flush();
readfile($storage_dir.$file);
exit;
}
else {
echo "the file wasn't found";
}
}
?>