184 lines
5.7 KiB
PHP
184 lines
5.7 KiB
PHP
<!DOCTYPE html>
|
||
<html lang="en">
|
||
<head>
|
||
<meta charset="UTF-8">
|
||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||
<title>Execute Query</title>
|
||
<script>
|
||
// JavaScript function to populate the textarea with the clicked query
|
||
function populateQuery(query) {
|
||
document.getElementById('query').value = query;
|
||
}
|
||
</script>
|
||
<style>
|
||
table { border: 1px solid grey; border-collapse: collapse; }
|
||
</style>
|
||
</head>
|
||
<body>
|
||
|
||
<?php
|
||
// Allowed IP address
|
||
$allowed_ip1 = '47.45.92.162';
|
||
$ip2 = '207.62.201.30';
|
||
|
||
function get_client_ip() {
|
||
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
||
// It may contain multiple IPs separated by commas, so we take the first one
|
||
$ip_list = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
|
||
$ip = trim($ip_list[0]);
|
||
} elseif (isset($_SERVER['HTTP_X_REAL_IP'])) {
|
||
// Some proxies may use this header
|
||
$ip = $_SERVER['HTTP_X_REAL_IP'];
|
||
} else {
|
||
// Fallback to REMOTE_ADDR
|
||
$ip = $_SERVER['REMOTE_ADDR'];
|
||
}
|
||
return $ip;
|
||
}
|
||
|
||
// Get client IP address
|
||
$client_ip = get_client_ip();
|
||
|
||
// Check if the incoming IP address matches the allowed IP
|
||
if ($client_ip !== $allowed_ip1 && $client_ip !== $ip2) {
|
||
die("Access denied. Unauthorized IP address.");
|
||
}
|
||
?>
|
||
|
||
<h2>Execute Query</h2>
|
||
<form method="post" action="">
|
||
<textarea id="query" name="query" rows="4" cols="50" placeholder="Enter your MySQL query here"><?php
|
||
echo isset($_POST['query']) ? htmlspecialchars($_POST['query']) : '';
|
||
?></textarea><br><br>
|
||
|
||
<label>
|
||
<input type="checkbox" name="csv_output" value="1" <?php
|
||
echo !empty($_POST['csv_output']) ? 'checked' : '';
|
||
?>>
|
||
CSV output
|
||
</label>
|
||
<br><br>
|
||
|
||
<button type="submit" name="submit">Execute Query</button>
|
||
</form>
|
||
|
||
<h3>Available Queries</h3>
|
||
<ul>
|
||
<?php
|
||
$file = 'queries.txt';
|
||
|
||
if (file_exists($file)) {
|
||
$queries = file($file, FILE_IGNORE_NEW_LINES);
|
||
echo '<select id="querySelect" onchange="populateQuery(this.value)">';
|
||
echo '<option value="">Select a query...</option>';
|
||
foreach ($queries as $line) {
|
||
list($label, $query) = explode('|', $line, 2);
|
||
echo '<option value="' . htmlspecialchars($query) . '">' . htmlspecialchars($label) . '</option>';
|
||
}
|
||
echo '</select>';
|
||
} else {
|
||
echo "<p>{$file} file not found.</p>";
|
||
}
|
||
?>
|
||
</ul>
|
||
|
||
<?php
|
||
if (isset($_POST['submit'])) {
|
||
// Connection parameters (adjust for your MySQL server)
|
||
include_once("peter_db.php");
|
||
$peter_db = new peter_db();
|
||
$conn = $peter_db->getConnection();
|
||
|
||
if ($conn->connect_error) {
|
||
die("Connection failed: " . $conn->connect_error);
|
||
}
|
||
|
||
$query = $_POST['query'] ?? '';
|
||
$as_csv = !empty($_POST['csv_output']);
|
||
|
||
// Helper: CSV line builder (RFC 4180 style quoting)
|
||
$csv_line = function(array $vals): string {
|
||
$out = [];
|
||
foreach ($vals as $v) {
|
||
if ($v === null) {
|
||
$out[] = '';
|
||
continue;
|
||
}
|
||
$s = (string)$v;
|
||
// Normalize line breaks
|
||
$s = str_replace(["\r\n", "\r"], "\n", $s);
|
||
// Escape double quotes by doubling them
|
||
if (strpbrk($s, ",\"\n") !== false) {
|
||
$s = '"' . str_replace('"', '""', $s) . '"';
|
||
}
|
||
$out[] = $s;
|
||
}
|
||
return implode(',', $out);
|
||
};
|
||
|
||
// Split on semicolons (simple splitter; won’t handle semicolons inside strings)
|
||
$queries = array_filter(array_map('trim', explode(';', $query)));
|
||
|
||
foreach ($queries as $sql) {
|
||
if ($sql === '') { continue; }
|
||
|
||
echo "<p><code>" . htmlspecialchars($sql) . "</code></p>";
|
||
|
||
$result = $conn->query($sql);
|
||
|
||
if ($result === FALSE) {
|
||
echo "<p>Error: " . htmlspecialchars($conn->error) . "</p>";
|
||
} elseif ($result === TRUE) {
|
||
echo "<p>Query executed successfully.</p>";
|
||
} else {
|
||
// SELECT-like result
|
||
if ($as_csv) {
|
||
// Build header
|
||
$fields = $result->fetch_fields();
|
||
$headers = array_map(fn($f) => $f->name, $fields);
|
||
$csv = [];
|
||
$csv[] = $csv_line($headers);
|
||
|
||
// Rows
|
||
while ($row = $result->fetch_assoc()) {
|
||
// Preserve column order per $headers
|
||
$vals = [];
|
||
foreach ($headers as $h) { $vals[] = $row[$h]; }
|
||
$csv[] = $csv_line($vals);
|
||
}
|
||
|
||
$csv_text = implode("\n", $csv) . "\n";
|
||
|
||
// Show in a textarea for easy copy without HTML escaping issues
|
||
// Adjust rows/cols as you like
|
||
$rows = min(40, max(10, count($csv) + 2));
|
||
echo '<textarea readonly rows="' . $rows . '" cols="120">'
|
||
. htmlspecialchars($csv_text)
|
||
. '</textarea><br><br>';
|
||
} else {
|
||
// HTML table
|
||
echo "<table border='1'><tr>";
|
||
$fields = $result->fetch_fields();
|
||
foreach ($fields as $field) {
|
||
echo "<th>" . htmlspecialchars($field->name) . "</th>";
|
||
}
|
||
echo "</tr>";
|
||
|
||
while ($row = $result->fetch_assoc()) {
|
||
echo "<tr>";
|
||
foreach ($row as $value) {
|
||
echo "<td>" . htmlspecialchars((string)$value) . "</td>";
|
||
}
|
||
echo "</tr>";
|
||
}
|
||
echo "</table><br><br>";
|
||
}
|
||
}
|
||
}
|
||
|
||
$conn->close();
|
||
}
|
||
?>
|
||
</body>
|
||
</html>
|