<?php
/***************************************************************************
* admin_db_utilities.php
* -------------------
* begin : Thu May 31, 2001
* copyright : (C) 2001 The phpBB Group
* email : [email protected]
*
* $Id: admin_db_utilities.php,v 1.42.2.14 2006/02/10 20:35:40 grahamje Exp $
*
****************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
/***************************************************************************
* We will attempt to create a file based backup of all of the data in the
* users phpBB database. The resulting file should be able to be imported by
* the db_restore.php function, or by using the mysql command_line
*
* Some functions are adapted from the upgrade_20.php script and others
* adapted from the unoficial phpMyAdmin 2.2.0.
***************************************************************************/
define('IN_PHPBB', 1);
if( !empty($setmodules) )
{
$filename = basename(__FILE__);
$module['General']['Backup_DB'] = $filename . "?perform=backup";
$file_uploads = (@phpversion() >= '4.0.0') ? @ini_get('file_uploads') : @get_cfg_var('file_uploads');
if( (empty($file_uploads) || $file_uploads != 0) && (strtolower($file_uploads) != 'off') && (@phpversion() != '4.0.4pl1') )
{
$module['General']['Restore_DB'] = $filename . "?perform=restore";
}
return;
}
//
// Load default header
//
$no_page_header = TRUE;
$phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
require('./pagestart.' . $phpEx);
include($phpbb_root_path . 'includes/sql_parse.'.$phpEx);
//
// Set VERBOSE to 1 for debugging info..
//
define("VERBOSE", 0);
//
// Increase maximum execution time, but don't complain about it if it isn't
// allowed.
//
@set_time_limit(1200);
// -----------------------
// The following functions are adapted from phpMyAdmin and upgrade_20.php
//
function gzip_PrintFourChars($Val)
{
for ($i = 0; $i < 4; $i ++)
{
$return .= chr($Val % 256);
$Val = floor($Val / 256);
}
return $return;
}
//
// This function is used for grabbing the sequences for postgres...
//
function pg_get_sequences($crlf, $backup_type)
{
global $db;
$get_seq_sql = "SELECT relname FROM pg_class WHERE NOT relname ~ 'pg_.*'
AND relkind = 'S' ORDER BY relname";
$seq = $db->sql_query($get_seq_sql);
if( !$num_seq = $db->sql_numrows($seq) )
{
$return_val = "# No Sequences Found $crlf";
}
else
{
$return_val = "# Sequences $crlf";
$i_seq = 0;
while($i_seq < $num_seq)
{
$row = $db->sql_fetchrow($seq);
$sequence = $row['relname'];
$get_props_sql = "SELECT * FROM $sequence";
$seq_props = $db->sql_query($get_props_sql);
if($db->sql_numrows($seq_props) > 0)
{
$row1 = $db->sql_fetchrow($seq_props);
if($backup_type == 'structure')
{
$row['last_value'] = 1;
}
$return_val .= "CREATE SEQUENCE $sequence start " . $row['last_value'] . ' increment ' . $row['increment_by'] . ' maxvalue ' . $row['max_value'] . ' minvalue ' . $row['min_value'] . ' cache ' . $row['cache_value'] . "; $crlf";
} // End if numrows > 0
if(($row['last_value'] > 1) && ($backup_type != 'structure'))
{
$return_val .= "SELECT NEXTVALE('$sequence'); $crlf";
unset($row['last_value']);
}
$i_seq++;
} // End while..
} // End else...
return $returnval;
} // End function...
//
// The following functions will return the "CREATE TABLE syntax for the
// varying DBMS's
//
// This function returns, will return the table def's for postgres...
//
function get_table_def_postgresql($table, $crlf)
{
global $drop, $db;
$schema_create = "";
//
// Get a listing of the fields, with their associated types, etc.
//
$field_query = "SELECT a.attnum, a.attname AS field, t.typname as type, a.attlen AS length, a.atttypmod as lengthvar, a.attnotnull as notnull
FROM pg_class c, pg_attribute a, pg_type t
WHERE c.relname = '$table'
AND a.attnum > 0
AND a.attrelid = c.oid
AND a.atttypid = t.oid
ORDER BY a.attnum";
$result = $db->sql_query($field_query);
if(!$result)
{
message_die(GENERAL_ERROR, "Failed in get_table_def (show fields)", "", __LINE__, __FILE__, $field_query);
} // end if..
if ($drop == 1)
{
$schema_create .= "DROP TABLE $table;$crlf";
} // end if
//
// Ok now we actually start building the SQL statements to restore the tables
//
$schema_create .= "CREATE TABLE $table($crlf";
while ($row = $db->sql_fetchrow($result))
{
//
// Get the data from the table
//
$sql_get_default = "SELECT d.adsrc AS rowdefault
FROM pg_attrdef d, pg_class c
WHERE (c.relname = '$table')
AND (c.oid = d.adrelid)
AND d.adnum = " . $row['attnum'];
$def_res = $db->sql_query($sql_get_default);
if (!$def_res)
{
unset($row['rowdefault']);
}
else
{
$row['rowdefault'] = @pg_result($def_res, 0, 'rowdefault');
}
if ($row['type'] == 'bpchar')
{
// Internally stored as bpchar, but isn't accepted in a CREATE TABLE statement.
$row['type'] = 'char';
}
$schema_create .= ' ' . $row['field'] . ' ' . $row['type'];
if (eregi('char', $row['type']))
{
if ($row['lengthvar'] > 0)
{
$schema_create .= '(' . ($row['lengthvar'] -4) . ')';
}
}
if (eregi('numeric', $row['type']))
{
$schema_create .= '(';
$schema_create .= sprintf("%s,%s", (($row['lengthvar'] >> 16) & 0xffff), (($row['lengthvar'] - 4) & 0xffff));
$schema_create .= ')';
}
if (!empty($row['rowdefault']))
{
$schema_create .= ' DEFAULT ' . $row['rowdefault'];
}
if ($row['notnull'] == 't')
{
$schema_create .= ' NOT NULL';
}
$schema_create .= ",$crlf";
}
//
// Get the listing of primary keys.
//
$sql_pri_keys = "SELECT ic.relname AS index_name, bc.relname AS tab_name, ta.attname AS column_name, i.indisunique AS unique_key, i.indisprimary AS primary_key
FROM pg_class bc, pg_class ic, pg_index i, pg_attribute ta, pg_attribute ia
WHERE (bc.oid = i.indrelid)
AND (ic.oid = i.indexrelid)
AND (ia.attrelid = i.indexrelid)
AND (ta.attrelid = bc.oid)
AND (bc.relname = '$table')
AND (ta.attrelid = i.indrelid)
AND (ta.attnum = i.indkey[ia.attnum-1])
ORDER BY index_name, tab_name, column_name ";
$result = $db->sql_query($sql_pri_keys);
if(!$result)
{
message_die(GENERAL_ERROR, "Failed in get_table_def (show fields)", "", __LINE__, __FILE__, $sql_pri_keys);
}
while ( $row = $db->sql_fetchrow($result))
{
if ($row['primary_key'] == 't')
{
if (!empty($primary_key))
{
$primary_key .= ', ';
}
$primary_key .= $row['column_name'];
$primary_key_name = $row['index_name'];
}
else
{
//
// We have to store this all this info because it is possible to have a multi-column key...
// we can loop through it again and build the statement
//
$index_rows[$row['index_name']]['table'] = $table;
$index_rows[$row['index_name']]['unique'] = ($row['unique_key'] == 't') ? ' UNIQUE ' : '';
$index_rows[$row['index_name']]['column_names'] .= $row['column_name'] . ', ';
}
}
if (!empty($index_rows))
{
while(list($idx_name, $props) = each($index_rows))
{
$props['column_names'] = ereg_replace(", $", "" , $props['column_names']);
$index_create .= 'CREATE ' . $props['unique'] . " INDEX $idx_name ON $table (" . $props['column_names'] . ");$crlf";
}
}
if (!empty($primary_key))
{
$schema_create .= " CONSTRAINT $primary_key_name PRIMARY KEY ($primary_key),$crlf";
}
//
// Generate constraint clauses for CHECK constraints
//
$sql_checks = "SELECT rcname as index_name, rcsrc
FROM pg_relcheck, pg_class bc
WHERE rcrelid = bc.oid
AND bc.relname = '$table'
AND NOT EXISTS (
SELECT *
FROM pg_relcheck as c, pg_inherits as i
WHERE i.inhrelid = pg_relcheck.rcrelid
AND c.rcname = pg_relcheck.rcname
AND c.rcsrc = pg_relcheck.rcsrc
AND c.rcrelid = i.inhparent
)";
$result = $db->sql_query($sql_checks);
if (!$result)
{
message_die(GENERAL_ERROR, "Failed in get_table_def (show fields)", "", __LINE__, __FILE__, $sql_checks);
}
//
// Add the constraints to the sql file.
//
while ($row = $db->sql_fetchrow($result))
{
$schema_create .= ' CONSTRAINT ' . $row['index_name'] . ' CHECK ' . $row['rcsrc'] . ",$crlf";
}
$schema_create = ereg_replace(',' . $crlf . '$', '', $schema_create);
$index_create = ereg_replace(',' . $crlf . '$', '', $index_create);
$schema_create .= "$crlf);$crlf";
if (!empty($index_create))
{
$schema_create .= $index_create;
}
//
// Ok now we've built all the sql return it to the calling function.
//
return (stripslashes($schema_create));
}
//
// This function returns the "CREATE TABLE" syntax for mysql dbms...
//
function get_table_def_mysql($table, $crlf)
{
global $drop, $db;
$schema_create = "";
$field_query = "SHOW FIELDS FROM $table";
$key_query = "SHOW KEYS FROM $table";
//
// If the user has selected to drop existing tables when doing a restore.
// Then we add the statement to drop the tables....
//
if ($drop == 1)
{
$schema_create .= "DROP TABLE IF EXISTS $table;$crlf";
}
$schema_create .= "CREATE TABLE $table($crlf";
//
// Ok lets grab the fields...
//
$result = $db->sql_query($field_query);
if(!$result)
{
message_die(GENERAL_ERROR, "Failed in get_table_def (show fields)", "", __LINE__, __FILE__, $field_query);
}
while ($row = $db->sql_fetchrow($result))
{
$schema_create .= ' ' . $row['Field'] . ' ' . $row['Type'];
if(!empty($row['Default']))
{
$schema_create .= ' DEFAULT \'' . $row['Default'] . '\'';
}
if($row['Null'] != "YES")
{
$schema_create .= ' NOT NULL';
}
if($row['Extra'] != "")
{
$schema_create .= ' ' . $row['Extra'];
}
$schema_create .= ",$crlf";
}
//
// Drop the last ',$crlf' off ;)
//
$schema_create = ereg_replace(',' . $crlf . '$', "", $schema_create);
//
// Get any Indexed fields from the database...
//
$result = $db->sql_query($key_query);
if(!$result)
{
message_die(GENERAL_ERROR, "FAILED IN get_table_def (show keys)", "", __LINE__, __FILE__, $key_query);
}
while($row = $db->sql_fetchrow($result))
{
$kname = $row['Key_name'];
if(($kname != 'PRIMARY') && ($row['Non_unique'] == 0))
{
$kname = "UNIQUE|$kname";
}
if(!is_array($index[$kname]))
{
$index[$kname] = array();
}
$index[$kname][] = $row['Column_name'];
}
while(list($x, $columns) = @each($index))
{
$schema_create .= ", $crlf";
if($x == 'PRIMARY')
{
$schema_create .= ' PRIMARY KEY (' . implode($columns, ', ') . ')';
}
elseif (substr($x,0,6) == 'UNIQUE')
{
$schema_create .= ' UNIQUE ' . substr($x,7) . ' (' . implode($columns, ', ') . ')';
}
else
{
$schema_create .= " KEY $x (" . implode($columns, ', ') . ')';
}
}
$schema_create .= "$crlf);";
if(get_magic_quotes_runtime())
{
return(stripslashes($schema_create));
}
else
{
return($schema_create);
}
} // End get_table_def_mysql
//
// This fuction will return a tables create definition to be used as an sql
// statement.
//
//
// The following functions Get the data from the tables and format it as a
// series of INSERT statements, for each different DBMS...
// After every row a custom callback function $handler gets called.
// $handler must accept one parameter ($sql_insert);
//
//
// Here is the function for postgres...
//
function get_table_content_postgresql($table, $handler)
{
global $db;
//
// Grab all of the data from current table.
//
$result = $db->sql_query("SELECT * FROM $table");
if (!$result)
{
message_die(GENERAL_ERROR, "Failed in get_table_content (select *)", "", __LINE__, __FILE__, "SELECT * FROM $table");
}
$i_num_fields = $db->sql_numfields($result);
for ($i = 0; $i < $i_num_fields; $i++)
{
$aryType[] = $db->sql_fieldtype($i, $result);
$aryName[] = $db->sql_fieldname($i, $result);
}
$iRec = 0;
while($row = $db->sql_fetchrow($result))
{
$schema_vals = '';
$schema_fields = '';
$schema_insert = '';
//
// Build the SQL statement to recreate the data.
//
for($i = 0; $i < $i_num_fields; $i++)
{
$strVal = $row[$aryName[$i]];
if (eregi("char|text|bool", $aryType[$i]))
{
$strQuote = "'";
$strEmpty = "";
$strVal = addslashes($strVal);
}
elseif (eregi("date|timestamp", $aryType[$i]))
{
if (empty($strVal))
{
$strQuote = "";
}
else
{
$strQuote = "'";
}
}
else
{
$strQuote = "";
$strEmpty = "NULL";
}
if (empty($strVal) && $strVal != "0")
{
$strVal = $strEmpty;
}
$schema_vals .= " $strQuote$strVal$strQuote,";
$schema_fields .= " $aryName[$i],";
}
$schema_vals = ereg_replace(",$", "", $schema_vals);
$schema_vals = ereg_replace("^ ", "", $schema_vals);
$schema_fields = ereg_replace(",$", "", $schema_fields);
$schema_fields = ereg_replace("^ ", "", $schema_fields);
//
// Take the ordered fields and their associated data and build it
// into a valid sql statement to recreate that field in the data.
//
$schema_insert = "INSERT INTO $table ($schema_fields) VALUES($schema_vals);";
$handler(trim($schema_insert));
}
return(true);
}// end function get_table_content_postgres...
//
// This function is for getting the data from a mysql table.
//
function get_table_content_mysql($table, $handler)
{
global $db;
// Grab the data from the table.
if (!($result = $db->sql_query("SELECT * FROM $table")))
{
message_die(GENERAL_ERROR, "Failed in get_table_content (select *)", "", __LINE__, __FILE__, "SELECT * FROM $table");
}
// Loop through the resulting rows and build the sql statement.
if ($row = $db->sql_fetchrow($result))
{
$handler("\n#\n# Table Data for $table\n#\n");
$field_names = array();
// Grab the list of field names.
$num_fields = $db->sql_numfields($result);
$table_list = '(';
for ($j = 0; $j < $num_fields; $j++)
{
$field_names[$j] = $db->sql_fieldname($j, $result);
$table_list .= (($j > 0) ? ', ' : '') . $field_names[$j];
}
$table_list .= ')';
do
{
// Start building the SQL statement.
$schema_insert = "INSERT INTO $table $table_list VALUES(";
// Loop through the rows and fill in data for each column
for ($j = 0; $j < $num_fields; $j++)
{
$schema_insert .= ($j > 0) ? ', ' : '';
if(!isset($row[$field_names[$j]]))
{
//
// If there is no data for the column set it to null.
// There was a problem here with an extra space causing the
// sql file not to reimport if the last column was null in
// any table. Should be fixed now :) JLH
//
$schema_insert .= 'NULL';
}
elseif ($row[$field_names[$j]] != '')
{
$schema_insert .= '\'' . addslashes($row[$field_names[$j]]) . '\'';
}
else
{
$schema_insert .= '\'\'';
}
}
$schema_insert .= ');';
// Go ahead and send the insert statement to the handler function.
$handler(trim($schema_insert));
}
while ($row = $db->sql_fetchrow($result));
}
return(true);
}
function output_table_content($content)
{
global $tempfile;
//fwrite($tempfile, $content . "\n");
//$backup_sql .= $content . "\n";
echo $content ."\n";
return;
}
//
// End Functions
// -------------
//
// Begin program proper
//
if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) )
{
$perform = (isset($HTTP_POST_VARS['perform'])) ? $HTTP_POST_VARS['perform'] : $HTTP_GET_VARS['perform'];
switch($perform)
{
case 'backup':
$error = false;
switch(SQL_LAYER)
{
case 'oracle':
$error = true;
break;
case 'db2':
$error = true;
break;
case 'msaccess':
$error = true;
break;
case 'mssql':
case 'mssql-odbc':
$error = true;
break;
}
if ($error)
{
include('./page_header_admin.'.$phpEx);
$template->set_filenames(array(
"body" => "admin/admin_message_body.tpl")
);
$template->assign_vars(array(
"MESSAGE_TITLE" => $lang['Information'],
"MESSAGE_TEXT" => $lang['Backups_not_supported'])
);
$template->pparse("body");
include('./page_footer_admin.'.$phpEx);
}
$tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words', 'confirm', 'sessions_keys', 'reputation', 'reputation_text', 'post_reports');
$additional_tables = (isset($HTTP_POST_VARS['additional_tables'])) ? $HTTP_POST_VARS['additional_tables'] : ( (isset($HTTP_GET_VARS['additional_tables'])) ? $HTTP_GET_VARS['additional_tables'] : "" );
$backup_type = (isset($HTTP_POST_VARS['backup_type'])) ? $HTTP_POST_VARS['backup_type'] : ( (isset($HTTP_GET_VARS['backup_type'])) ? $HTTP_GET_VARS['backup_type'] : "" );
$gzipcompress = (!empty($HTTP_POST_VARS['gzipcompress'])) ? $HTTP_POST_VARS['gzipcompress'] : ( (!empty($HTTP_GET_VARS['gzipcompress'])) ? $HTTP_GET_VARS['gzipcompress'] : 0 );
$drop = (!empty($HTTP_POST_VARS['drop'])) ? intval($HTTP_POST_VARS['drop']) : ( (!empty($HTTP_GET_VARS['drop'])) ? intval($HTTP_GET_VARS['drop']) : 0 );
if(!empty($additional_tables))
{
if(ereg(",", $additional_tables))
{
$additional_tables = split(",", $additional_tables);
for($i = 0; $i < count($additional_tables); $i++)
{
$tables[] = trim($additional_tables[$i]);
}
}
else
{
$tables[] = trim($additional_tables);
}
}
if( !isset($HTTP_POST_VARS['backupstart']) && !isset($HTTP_GET_VARS['backupstart']))
{
include('./page_header_admin.'.$phpEx);
$template->set_filenames(array(
"body" => "admin/db_utils_backup_body.tpl")
);
$s_hidden_fields = "<input type=\"hidden\" name=\"perform\" value=\"backup\" /><input type=\"hidden\" name=\"drop\" value=\"1\" /><input type=\"hidden\" name=\"perform\" value=\"$perform\" />";
$template->assign_vars(array(
"L_DATABASE_BACKUP" => $lang['Database_Utilities'] . " : " . $lang['Backup'],
"L_BACKUP_EXPLAIN" => $lang['Backup_explain'],
"L_FULL_BACKUP" => $lang['Full_backup'],
"L_STRUCTURE_BACKUP" => $lang['Structure_backup'],
"L_DATA_BACKUP" => $lang['Data_backup'],
"L_ADDITIONAL_TABLES" => $lang['Additional_tables'],
"L_START_BACKUP" => $lang['Start_backup'],
"L_BACKUP_OPTIONS" => $lang['Backup_options'],
"L_GZIP_COMPRESS" => $lang['Gzip_compress'],
"L_NO" => $lang['No'],
"L_YES" => $lang['Yes'],
"S_HIDDEN_FIELDS" => $s_hidden_fields,
"S_DBUTILS_ACTION" => append_sid("admin_db_utilities.$phpEx"))
);
$template->pparse("body");
break;
}
else if( !isset($HTTP_POST_VARS['startdownload']) && !isset($HTTP_GET_VARS['startdownload']) )
{
if(is_array($additional_tables))
{
$additional_tables = implode(',', $additional_tables);
}
$template->set_filenames(array(
"body" => "admin/admin_message_body.tpl")
);
$template->assign_vars(array(
"META" => '<meta http-equiv="refresh" content="2;url=' . append_sid("admin_db_utilities.$phpEx?perform=backup&additional_tables=" . quotemeta($additional_tables) . "&backup_type=$backup_type&drop=1&backupstart=1&gzipcompress=$gzipcompress&startdownload=1") . '">',
"MESSAGE_TITLE" => $lang['Database_Utilities'] . " : " . $lang['Backup'],
"MESSAGE_TEXT" => $lang['Backup_download'])
);
include('./page_header_admin.'.$phpEx);
$template->pparse("body");
include('./page_footer_admin.'.$phpEx);
}
header("Pragma: no-cache");
$do_gzip_compress = FALSE;
if( $gzipcompress )
{
$phpver = phpversion();
if($phpver >= "4.0")
{
if(extension_loaded("zlib"))
{
$do_gzip_compress = TRUE;
}
}
}
if($do_gzip_compress)
{
@ob_start();
@ob_implicit_flush(0);
header("Content-Type: application/x-gzip; name=\"phpbb_db_backup.sql.gz\"");
header("Content-disposition: attachment; filename=phpbb_db_backup.sql.gz");
}
else
{
header("Content-Type: text/x-delimtext; name=\"phpbb_db_backup.sql\"");
header("Content-disposition: attachment; filename=phpbb_db_backup.sql");
}
//
// Build the sql script file...
//
echo "#\n";
echo "# phpBB Backup Script\n";
echo "# Dump of tables for $dbname\n";
echo "#\n# DATE : " . gmdate("d-m-Y H:i:s", time()) . " GMT\n";
echo "#\n";
if(SQL_LAYER == 'postgresql')
{
echo "\n" . pg_get_sequences("\n", $backup_type);
}
for($i = 0; $i < count($tables); $i++)
{
$table_name = $tables[$i];
switch (SQL_LAYER)
{
case 'postgresql':
$table_def_function = "get_table_def_postgresql";
$table_content_function = "get_table_content_postgresql";
break;
case 'mysql':
case 'mysql4':
$table_def_function = "get_table_def_mysql";
$table_content_function = "get_table_content_mysql";
break;
}
if($backup_type != 'data')
{
echo "#\n# TABLE: " . $table_prefix . $table_name . "\n#\n";
echo $table_def_function($table_prefix . $table_name, "\n") . "\n";
}
if($backup_type != 'structure')
{
$table_content_function($table_prefix . $table_name, "output_table_content");
}
}
if($do_gzip_compress)
{
$Size = ob_get_length();
$Crc = crc32(ob_get_contents());
$contents = gzcompress(ob_get_contents());
ob_end_clean();
echo "\x1f\x8b\x08\x00\x00\x00\x00\x00".substr($contents, 0, strlen($contents) - 4).gzip_PrintFourChars($Crc).gzip_PrintFourChars($Size);
}
exit;
break;
case 'restore':
if(!isset($HTTP_POST_VARS['restore_start']))
{
//
// Define Template files...
//
include('./page_header_admin.'.$phpEx);
$template->set_filenames(array(
"body" => "admin/db_utils_restore_body.tpl")
);
$s_hidden_fields = "<input type=\"hidden\" name=\"perform\" value=\"restore\" /><input type=\"hidden\" name=\"perform\" value=\"$perform\" />";
$template->assign_vars(array(
"L_DATABASE_RESTORE" => $lang['Database_Utilities'] . " : " . $lang['Restore'],
"L_RESTORE_EXPLAIN" => $lang['Restore_explain'],
"L_SELECT_FILE" => $lang['Select_file'],
"L_START_RESTORE" => $lang['Start_Restore'],
"S_DBUTILS_ACTION" => append_sid("admin_db_utilities.$phpEx"),
"S_HIDDEN_FIELDS" => $s_hidden_fields)
);
$template->pparse("body");
break;
}
else
{
//
// Handle the file upload ....
// If no file was uploaded report an error...
//
$backup_file_name = (!empty($HTTP_POST_FILES['backup_file']['name'])) ? $HTTP_POST_FILES['backup_file']['name'] : "";
$backup_file_tmpname = ($HTTP_POST_FILES['backup_file']['tmp_name'] != "none") ? $HTTP_POST_FILES['backup_file']['tmp_name'] : "";
$backup_file_type = (!empty($HTTP_POST_FILES['backup_file']['type'])) ? $HTTP_POST_FILES['backup_file']['type'] : "";
if($backup_file_tmpname == "" || $backup_file_name == "")
{
message_die(GENERAL_MESSAGE, $lang['Restore_Error_no_file']);
}
//
// If I file was actually uploaded, check to make sure that we
// are actually passed the name of an uploaded file, and not
// a hackers attempt at getting us to process a local system
// file.
//
if( file_exists(phpbb_realpath($backup_file_tmpname)) )
{
if( preg_match("/^(text\/[a-zA-Z]+)|(application\/(x\-)?gzip(\-compressed)?)|(application\/octet-stream)$/is", $backup_file_type) )
{
if( preg_match("/\.gz$/is",$backup_file_name) )
{
$do_gzip_compress = FALSE;
$phpver = phpversion();
if($phpver >= "4.0")
{
if(extension_loaded("zlib"))
{
$do_gzip_compress = TRUE;
}
}
if($do_gzip_compress)
{
$gz_ptr = gzopen($backup_file_tmpname, 'rb');
$sql_query = "";
while( !gzeof($gz_ptr) )
{
$sql_query .= gzgets($gz_ptr, 100000);
}
}
else
{
message_die(GENERAL_ERROR, $lang['Restore_Error_decompress']);
}
}
else
{
$sql_query = fread(fopen($backup_file_tmpname, 'r'), filesize($backup_file_tmpname));
}
//
// Comment this line out to see if this fixes the stuff...
//
//$sql_query = stripslashes($sql_query);
}
else
{
message_die(GENERAL_ERROR, $lang['Restore_Error_filename'] ." $backup_file_type $backup_file_name");
}
}
else
{
message_die(GENERAL_ERROR, $lang['Restore_Error_uploading']);
}
if($sql_query != "")
{
// Strip out sql comments...
$sql_query = remove_remarks($sql_query);
$pieces = split_sql_file($sql_query, ";");
$sql_count = count($pieces);
for($i = 0; $i < $sql_count; $i++)
{
$sql = trim($pieces[$i]);
if(!empty($sql) and $sql[0] != "#")
{
if(VERBOSE == 1)
{
echo "Executing: $sql\n<br>";
flush();
}
$result = $db->sql_query($sql);
if(!$result && ( !(SQL_LAYER == 'postgresql' && eregi("drop table", $sql) ) ) )
{
message_die(GENERAL_ERROR, "Error importing backup file", "", __LINE__, __FILE__, $sql);
}
}
}
}
include('./page_header_admin.'.$phpEx);
$template->set_filenames(array(
"body" => "admin/admin_message_body.tpl")
);
$message = $lang['Restore_success'];
$template->assign_vars(array(
"MESSAGE_TITLE" => $lang['Database_Utilities'] . " : " . $lang['Restore'],
"MESSAGE_TEXT" => $message)
);
$template->pparse("body");
break;
}
break;
}
}
include('./page_footer_admin.'.$phpEx);
?>