<?php/* $Id: lib.inc.php3,v 1.62 2000/07/20 11:15:11 tobias Exp $ */require("config.inc.php3");function show_table_navigation($pos_next, $pos_prev, $dt_result){    global $pos, $cfgMaxRows, $server, $db, $table, $sql_query, $sql_order, $sessionMaxRows, $SelectNumRows, $goto;    global $strPos1, $strPrevious, $strShow, $strRowsFrom, $strEnd;    ?>     <!--  beginning of table navigation bar -->     <table border=0><tr>        <td>        <form method=post          onsubmit ="return <?php  echo ( $pos >= $cfgMaxRows ? "true" : "false" ); ?>"          action=<?php echo          "\"sql.php3?server=$server&db=$db&table=$table&sql_query=".urlencode($sql_query)."&sql_order=".urlencode($sql_order)."&pos=0&sessionMaxRows=$sessionMaxRows\"";?>        ><input type=submit value="<?php echo $strPos1 . " &lt;&lt;" ; ?>" >        </form>        </td>        <td>        <form method=post onsubmit="return <?php  echo ( $pos >= $cfgMaxRows ? "true" : "false" ); ?>"          action=<?php echo          "\"sql.php3?server=$server&db=$db&table=$table&sql_query=".urlencode($sql_query)."&sql_order=".urlencode($sql_order)."&pos=$pos_prev&sessionMaxRows=$sessionMaxRows\"";?>        ><input type=submit value="<?php echo $strPrevious ." &lt;" ; ?>"  >        </form>        </td>    <td>    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;    </td>    <td>        <table><tr><td>          <form method=post onsubmit="return isFormElementInRange;"            action=<?php echo                "\"sql.php3?server=$server&db=$db&table=$table&sql_query=".urlencode($sql_query)."&sql_order=".urlencode($sql_order)."&pos=$pos&sessionMaxRows=$sessionMaxRows\"";?>          >              <input type=submit value="<?php echo "&gt; ". $strShow ; ?>"                 onclick="checkFormElementInRange( this.form, 'pos', 0, <?php echo ( $SelectNumRows - 1 ); ?> )"              >              <input type="text" name="sessionMaxRows" size="3" value="<?php echo $sessionMaxRows ; ?>">              <?php echo $strRowsFrom ?> <input name="pos" type="text" size="3"                      value="<?php echo ( $pos_next >= $SelectNumRows ? '' : $pos_next )  ; ?>">          </form>        </td></tr></table>    </td>    <td>        <form method=post          onsubmit="return <?php  echo          ( isset($SelectNumRows) && $pos + $sessionMaxRows < $SelectNumRows && mysql_num_rows($dt_result) >= $sessionMaxRows  ?                    "true" : "false" ); ?>"          action=<?php printf (          "\"sql.php3?server=$server&db=$db&table=$table&sql_query=%s&sql_order=%s&pos=%d&sessionMaxRows=%d&goto=%s\"", urlencode($sql_query),urlencode($sql_order),$SelectNumRows - $sessionMaxRows, $sessionMaxRows, $goto);?>        ><input type=submit value="<?php echo "&gt;&gt; " . $strEnd  ; ?>"  >        </form>        </td>    </tr></table>    <!--  end of table navigation bar -->    <?php}function load_javascript (){    echo "\n<script language=\"javascript\" src=\"functions.js\" > </script>";}function mysql_die($error = ""){    global $strError,$strSQLQuery, $strMySQLSaid, $strBack, $sql_query;    echo "<b> $strError </b><p>";    if(isset($sql_query) && !empty($sql_query))    {        echo "$strSQLQuery: <pre>$sql_query</pre><p>";    }    if(empty($error))        echo $strMySQLSaid.mysql_error();    else        echo $strMySQLSaid.$error;    echo "<br><a href=\"javascript:history.go(-1)\">$strBack</a>";    include("footer.inc.php3");    exit;}function auth(){    global $cfgServer;    #$PHP_AUTH_USER = ""; No need to do this since err 401 allready clears that var    Header("status: 401 Unauthorized");    Header("HTTP/1.0 401 Unauthorized");    Header("WWW-authenticate: basic realm=\"phpMySQLAdmin on " . $cfgServer['host'] . "\"");    echo "<HTML><HEAD><TITLE>" . $GLOBALS["strAccessDenied"] . "</TITLE></HEAD>\n";    echo "<BODY BGCOLOR=#FFFFFF><BR><BR><CENTER><H1>" . $GLOBALS["strWrongUser"] . "</H1>\n";    echo "</CENTER></BODY></HTML>";    exit;}// Use mysql_connect() or mysql_pconnect()?$connect_func = ($cfgPersistentConnections) ? "mysql_pconnect" : "mysql_connect";$dblist = array();reset($cfgServers);while(list($key, $val) = each($cfgServers)){    // Don't use servers with no hostname    if (empty($val['host']))        unset($cfgServers[$key]);}if(empty($server) || !isset($cfgServers[$server]) || !is_array($cfgServers[$server]))   $server = $cfgServerDefault;if($server == 0){    // If no server is selected, make sure that $cfgServer is empty    // (so that nothing will work), and skip server authentication.    // We do NOT exit here, but continue on without logging into    // any server.  This way, the welcome page will still come up    // (with no server info) and present a choice of servers in the    // case that there are multiple servers and '$cfgServerDefault = 0'    // is set.    $cfgServer = array();}else{    // Otherwise, set up $cfgServer and do the usual login stuff.    $cfgServer = $cfgServers[$server];    if(isset($cfgServer['only_db']) && !empty($cfgServer['only_db']))        $dblist[] = $cfgServer['only_db'];    if($cfgServer['adv_auth'])    {        if (empty($PHP_AUTH_USER) && isset($REMOTE_USER))            $PHP_AUTH_USER=$REMOTE_USER;        if(empty($PHP_AUTH_PW) && isset($REMOTE_PASSWORD))            $PHP_AUTH_PW=$REMOTE_PASSWORD;        if(!isset($old_usr))        {            if(empty($PHP_AUTH_USER))            {                $AUTH=TRUE;            }            else            {                $AUTH=FALSE;            }        }        else        {            if($old_usr==$PHP_AUTH_USER)            {                $AUTH=TRUE;                unset($old_usr);            }            else            {                $AUTH=FALSE;            }        }        if($AUTH)        {            auth();        }        else        {            if(empty($cfgServer['port']))                $dbh = $connect_func($cfgServer['host'],$cfgServer['stduser'],$cfgServer['stdpass']) or mysql_die();            else                $dbh = $connect_func($cfgServer['host'].":".$cfgServer['port'],$cfgServer['stduser'],$cfgServer['stdpass']) or mysql_die();            $PHP_AUTH_USER = addslashes($PHP_AUTH_USER);            $PHP_AUTH_PW = addslashes($PHP_AUTH_PW);            $rs = mysql_db_query("mysql", "SELECT User, Password, Select_priv FROM user where User = '$PHP_AUTH_USER' AND Password = PASSWORD('$PHP_AUTH_PW')", $dbh) or mysql_die();            if(@mysql_numrows($rs) <= 0)            {                auth();            }            else            {                $row = mysql_fetch_array($rs);                if ($row["Select_priv"] != "Y")                {                    //correction uva 19991215 ---------------------------                    //previous code assumed database "mysql" admin table "db" column "db" contains                    //literal name of user database, and works if so.  mysql usage generally (and                    //uva usage specifically) allows this column to contain regular expressions.                    //(we have all databases owned by a given student/faculty/staff beginning with                    //user i.d. and governed by default by a single set of privileges with regular                    //expression as key.  this breaks previous code.  this maintenance is to fix code                    //to work correctly for regular expressions.                    //begin correction uva 19991215 pt. 1 ---------------------------                    //add "DISTINCT" to next line:  need single row only                    $rs = mysql_db_query("mysql", "SELECT DISTINCT Db FROM db WHERE Select_priv = 'Y' AND User = '$PHP_AUTH_USER'") or mysql_die();                    //end correction uva 19991215 pt. 1 -----------------------------                    if (@mysql_numrows($rs) <= 0)                    {                        $rs = mysql_db_query("mysql", "SELECT Db FROM tables_priv WHERE Table_priv like '%Select%' AND User = '$PHP_AUTH_USER'") or mysql_die();                        if (@mysql_numrows($rs) <= 0) {                            auth();                        }                        else                        {                            while ($row = mysql_fetch_array($rs))                                $dblist[] = $row["Db"];                        }                    }                    else                    {                        //begin correction uva 19991215 pt. 2 ---------------------------                        //see pt. 1, above, for description of change                        $uva_mydbs = array(); // will use as associative array                        //of the following 2 code lines,                        //    the 1st is the only line intact from before correction, pt. 2                        //    the 2nd replaces $dblist[] = $row["Db"];                        //code following those 2 lines in correction, pt. 2, continues                        //populating $dblist[], as previous code did.  but it is now populated with                        //actual database names instead of with regular expressions.                        while($row = mysql_fetch_array($rs))                            $uva_mydbs[ $row["Db"] ] = 1;                        $uva_alldbs = mysql_list_dbs();                        while($uva_row = mysql_fetch_array($uva_alldbs))                        {                            $uva_db = $uva_row[0];                            if (isset($uva_mydbs[$uva_db]) && 1 == $uva_mydbs[$uva_db])                            {                                $dblist[] = $uva_db;                                $uva_mydbs[$uva_db] = 0;                            }                            else                            {                                reset($uva_mydbs);                                while (list($uva_matchpattern,$uva_value) = each($uva_mydbs))                                {                                    $uva_regex = ereg_replace("%",".+",$uva_matchpattern);                                    if(ereg($uva_regex,$uva_db))                                    {                                        $dblist[] = $uva_db;                                        break;                                    }                                }                            }                        }                        //end correction uva 19991215 pt. 2 -----------------------------                    }                }            }        }        $cfgServer['user']=$PHP_AUTH_USER;        $cfgServer['password']=$PHP_AUTH_PW;    }    if (empty($cfgServer['port']))        $link = $connect_func($cfgServer['host'], $cfgServer['user'], $cfgServer['password']) or mysql_die();    else        $link = $connect_func($cfgServer['host'].":".$cfgServer['port'], $cfgServer['user'], $cfgServer['password']) or mysql_die();    $result = mysql_query("SELECT VERSION() AS version") or mysql_die();    $row = mysql_fetch_array($result);    define("MYSQL_MAJOR_VERSION", substr($row["version"], 0, 4));}// -----------------------------------------------------------------function display_table ($dt_result){    global $cfgBorder, $cfgBgcolorOne, $cfgBgcolorTwo, $cfgMaxRows, $pos, $server, $db, $table, $sql_query, $sql_order, $cfgOrder, $cfgShowBlob, $goto;    global $strShowingRecords,$strSelectNumRows,$SelectNumRows,$strTotal,$strEdit,$strPrevious,$strNext,$strDelete,$strDeleted,$strPos1,$strEnd;    global $sessionMaxRows, $strGo, $strShow, $strRowsFrom;    $cfgMaxRows = isset($sessionMaxRows) ? $sessionMaxRows : $cfgMaxRows;    $sessionMaxRows = isset($sessionMaxRows) ? $sessionMaxRows : $cfgMaxRows;    load_javascript();    $primary = false;    if(!empty($table) && !empty($db))    {        $result = mysql_db_query($db, "SELECT COUNT(*) as total FROM $table") or mysql_die();        $row = mysql_fetch_array($result);        $total = $row["total"];    }    if(!isset($pos))        $pos = 0;    $pos_next = $pos + $cfgMaxRows;    $pos_prev = $pos - $cfgMaxRows;    if(isset($total) && $total>1)    {        if(isset($SelectNumRows) && $SelectNumRows!=$total)            $selectstring = ", $SelectNumRows $strSelectNumRows";        else            $selectstring = "";    $se = isset($se) ? $se : "";    $lastShownRec = $pos_next  - 1;    show_message("$strShowingRecords $pos - $lastShownRec  ($se$total $strTotal$selectstring)");    }    else    {        show_message($GLOBALS["strSQLQuery"]);    }    ?>    </td>    <?php    $field = mysql_fetch_field($dt_result);    $table = $field->table;    mysql_field_seek($dt_result, 0);    show_table_navigation($pos_next, $pos_prev, $dt_result);    ?>