api.php 5.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161
  1. <?php
  2. // MYSQL default bugs:bugs
  3. ini_set('memory_limit','5120M');
  4. set_time_limit(0);
  5. function remove_comments(&$output){
  6. $lines = explode("\n",$output);
  7. $output = "";
  8. // try to keep mem. use down
  9. $linecount = count($lines);
  10. $in_comment = false;
  11. for($i = 0; $i < $linecount; $i++){
  12. if(preg_match("/^\/\*/",preg_quote($lines[$i]))){
  13. $in_comment = true;
  14. }
  15. if(!$in_comment){
  16. $output .= $lines[$i] . "\n";
  17. }
  18. if(preg_match("/\*\/$/",preg_quote($lines[$i]))){
  19. $in_comment = false;
  20. }
  21. }
  22. unset($lines);
  23. return $output;
  24. }
  25. function remove_remarks($sql){
  26. $lines = explode("\n", $sql);
  27. // try to keep mem. use down
  28. $sql = "";
  29. $linecount = count($lines);
  30. $output = "";
  31. for ($i = 0; $i < $linecount; $i++){
  32. if (($i != ($linecount - 1)) || (strlen($lines[$i]) > 0)){
  33. if (isset($lines[$i][0]) && $lines[$i][0] != "#"){
  34. $output .= $lines[$i] . "\n";
  35. }else{
  36. $output .= "\n";
  37. }
  38. // Trading a bit of speed for lower mem. use here.
  39. $lines[$i] = "";
  40. }
  41. }
  42. return $output;
  43. }
  44. function split_sql_file($sql, $delimiter){
  45. // Split up our string into "possible" SQL statements.
  46. $tokens = explode($delimiter, $sql);
  47. // try to save mem.
  48. $sql = "";
  49. $output = array();
  50. // we don't actually care about the matches preg gives us.
  51. $matches = array();
  52. // this is faster than calling count($oktens) every time thru the loop.
  53. $token_count = count($tokens);
  54. for ($i = 0; $i < $token_count; $i++){
  55. // Don't wanna add an empty string as the last thing in the array.
  56. if(($i != ($token_count - 1)) || (strlen($tokens[$i] > 0))){
  57. // This is the total number of single quotes in the token.
  58. $total_quotes = preg_match_all("/'/", $tokens[$i], $matches);
  59. // Counts single quotes that are preceded by an odd number of backslashes,
  60. // which means they're escaped quotes.
  61. $escaped_quotes = preg_match_all("/(?<!\\\\)(\\\\\\\\)*\\\\'/", $tokens[$i], $matches);
  62. $unescaped_quotes = $total_quotes - $escaped_quotes;
  63. // If the number of unescaped quotes is even, then the delimiter did NOT occur inside a string literal.
  64. if(($unescaped_quotes % 2) == 0){
  65. // It's a complete sql statement.
  66. $output[] = $tokens[$i];
  67. // save memory.
  68. $tokens[$i] = "";
  69. }else{
  70. // incomplete sql statement. keep adding tokens until we have a complete one.
  71. // $temp will hold what we have so far.
  72. $temp = $tokens[$i] . $delimiter;
  73. // save memory..
  74. $tokens[$i] = "";
  75. // Do we have a complete statement yet?
  76. $complete_stmt = false;
  77. for ($j = $i + 1; (!$complete_stmt && ($j < $token_count)); $j++){
  78. // This is the total number of single quotes in the token.
  79. $total_quotes = preg_match_all("/'/", $tokens[$j], $matches);
  80. // Counts single quotes that are preceded by an odd number of backslashes,
  81. // which means they're escaped quotes.
  82. $escaped_quotes = preg_match_all("/(?<!\\\\)(\\\\\\\\)*\\\\'/", $tokens[$j], $matches);
  83. $unescaped_quotes = $total_quotes - $escaped_quotes;
  84. if(($unescaped_quotes % 2) == 1){
  85. // odd number of unescaped quotes. In combination with the previous incomplete
  86. // statement(s), we now have a complete statement. (2 odds always make an even)
  87. $output[] = $temp . $tokens[$j];
  88. // save memory.
  89. $tokens[$j] = "";
  90. $temp = "";
  91. // exit the loop.
  92. $complete_stmt = true;
  93. // make sure the outer loop continues at the right point.
  94. $i = $j;
  95. }else{
  96. // even number of unescaped quotes. We still don't have a complete statement.
  97. // (1 odd and 1 even always make an odd)
  98. $temp .= $tokens[$j] . $delimiter;
  99. // save memory.
  100. $tokens[$j] = "";
  101. }
  102. } // for..
  103. } // else
  104. }
  105. }
  106. return $output;
  107. }
  108. // TODO - Add API handling.
  109. $method = $_SERVER['REQUEST_METHOD'];
  110. if(isset($_GET['type'])){
  111. if(isset($_GET['id'])){
  112. $id = $_GET['id'];
  113. switch($_GET['type']){
  114. case 'install':
  115. if($id == "run"){
  116. $path = realpath(dirname(__FILE__));
  117. if(isset($_GET['dbuser'])&&isset($_GET['dbpass'])&&isset($_GET['dbname'])&&isset($_GET['dbhost'])&&isset($_GET['dbtemplate'])&&isset($_GET['email'])){
  118. global $mysqli;
  119. $dbuser = $_GET['dbuser'];
  120. $dbpass = $_GET['dbpass'];
  121. $dbname = $_GET['dbname'];
  122. $dbhost = $_GET['dbhost'];
  123. $email = $_GET['email'];
  124. $dbms_schema = $_GET['dbtemplate'].'.sql';
  125. $sql_query = @fread(@fopen($dbms_schema, 'r'), @filesize($dbms_schema)) or die("Can't access template: ".$_GET['dbtemplate'].".sql");
  126. $sql_query = remove_comments($sql_query);
  127. $sql_query = remove_remarks($sql_query);
  128. $sql_query = split_sql_file($sql_query, ';');
  129. file_put_contents('../config.default.json',"{\"host\":\"{$dbhost}\",\"user\":\"{$dbuser}\",\"password\":\"{$dbpass}\",\"database\":\"{$dbname}\",\"expire\":86400,\"email\":\"{$email}\"}");
  130. require_once('../php/database.php');
  131. foreach($sql_query as $sql){
  132. query($sql) or die('Error in query: '.$mysqli->error);
  133. }
  134. echo 'pass';
  135. }else{
  136. echo "Please don't leave any fields blank";
  137. }
  138. }elseif($id=='config'){
  139. echo file_get_contents('index.template.html');
  140. }elseif($id='cleanup'){
  141. $files = scandir($path);
  142. foreach($files as $file){
  143. if($file != '.' && $file != '..'){
  144. @unlink($path.'/'.$file);
  145. }
  146. }
  147. @rmdir($path);
  148. }else{
  149. die('Invalid id');
  150. }
  151. break;
  152. default:
  153. require_once('../api.php');
  154. }
  155. }else{
  156. die("id missing");
  157. }
  158. }else{
  159. die("type missing");
  160. }
  161. ?>