| Version 30 <br> |
| <?php |
| $logfile = "/home/data/httpd/writable/community/commit-inserts.log"; |
| if( !preg_match( "/24.20.10.28/", $_SERVER['REMOTE_ADDR'] ) // Bjorn's home office |
| && !preg_match( "/168.103.234.47/", $_SERVER['REMOTE_ADDR'] ) // Eclipse Portland office |
| ) { |
| $log = fopen( $logfile, "a" ); |
| fwrite( $log, date('Y-m-d.H:i:s') . " " . $_SERVER['REMOTE_ADDR'] . " is an invalid caller of commit-execute-query\n" ); |
| fclose( $log ); |
| echo $_SERVER['REMOTE_ADDR'] . " is an invalid caller<br>\n"; |
| exit; |
| } |
| ?>include..<br><?php |
| /* |
| * Execute the query in the writable/community/query.txt file |
| * Check that it is owned by Bjorn and not group or world writable |
| * in order to prevent db attacks. |
| */ |
| include "/home/data/httpd/eclipse-php-classes/system/dbconnection_foundation_ro.class.php"; |
| |
| ?>exists..<br><?php |
| $filename = "/home/data/httpd/writable/community/query.txt"; |
| if( !file_exists( $filename ) ) { |
| echo "query.txt does not exist - exiting"; |
| exit; |
| } |
| ?>group..<br><?php |
| // $a = posix_getpwuid( fileowner( $filename )); |
| // if( $a['name'] != "bfreeman" ) { |
| // echo "query.txt is not owned by bfreeman - exiting"; |
| // exit; |
| // } |
| ?>permissions..<br><?php |
| $p = fileperms( $filename ); |
| if( ($p & 0x0012) != 0 ) { |
| echo "query.txt is group or world writable - exiting"; |
| exit; |
| } |
| ?>load..<br><?php |
| $q1 = file( $filename ); |
| $q2 = implode( "", $q1 ); |
| $q3 = explode( ";", $q2 ); |
| |
| $_dbc = new DBConnectionFoundation(); |
| $_dbh = $_dbc->connect(); |
| for( $j = 0; $j < count($q3); $j++ ) { |
| $_query = $q3[$j]; |
| $_query = rtrim( $_query ); |
| if( $_query == "" ) continue; |
| echo "<b>/$_query/</b><br>\n"; |
| flush(); |
| |
| $result = mysql_query($_query,$_dbh); |
| if (!$result) { |
| echo("MySQL Error: ".mysql_error()); |
| } else { |
| while( $row = mysql_fetch_array($result) ) { |
| for( $i = 0; $i < count($row); $i++ ) { |
| echo "/$row[$i]/\t"; |
| } |
| echo "<br>\n"; |
| } |
| } |
| } |
| ?> |
| <p> |
| End of query. |