<?php
    /*
        PHP MySQL Querier - Aspektas 2009.
        Released under the Creative Commons Attribution License 3.0 Unported,
        As specified by http://creativecommons.org/licenses/by/3.0/
        This notice, id est the file up to this line, must remain intact.
        That is all.
    */
    session_start();
    if (isset($_POST['query'])) {
        $_POST['query'] = str_replace("\\", "", $_POST['query']);
    }
    $conn_error_msg = "";
    if (isset($_GET['logout'])) {
        session_destroy();
        header("location: querier.php");
    }
    if (isset($_POST['username'])) {
        $test_con = @mysql_connect($_POST['host'], $_POST['username'], $_POST['password']);
        if (!mysql_error()) {
            $_SESSION['host'] = $_POST['host'];
            $_SESSION['username'] = $_POST['username'];
            $_SESSION['password'] = $_POST['password'];
            mysql_close($test_con);
        } else {
            $conn_error_msg = "The host, username or password is incorrect!";
        }
    }
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
        <title>MySQL Querier</title>
        <style type="text/css">
            body, input, textarea {
                font-family:Verdana, Arial, Helvetica, sans-serif;
                font-size:10pt;
            }
            body, input {
                font-family:Verdana, Arial, Helvetica, sans-serif;
            }
            textarea {
                font-family:"Courier New", monospace;
            }
            body {
                padding:20px;
            }
            h2 {
                margin-top:0px;
            }
            div.success {
                background-color:#00EE00;
                font-weight:bold;
                border:1px solid #009900;
                width:490px;
                padding:5px;
            }
            div.failure {
                background-color:#EE3333;
                font-weight:bold;
                border:1px solid #990000;
                width:490px;
                padding:5px;
            }
            img {
                border:0;
            }
            div.login {
                margin-bottom:3px;
            }
            div.login input {
                width:100px;
            }
            div.login input[TYPE="submit"] {
                width:auto;
            }
        </style>
        <script type="text/javascript">
            function show_tables() {
                document.getElementById('query').value = "SHOW tables";
                document.forms.queryform.submit();
            }
        </script>
    </head>
    
    <body>
    <?php
        function posted($var) {
            if (isset($_POST[$var])) {
                echo $_POST[$var];
                return true;
            } else {
                return false;
            }
        }
        if (!isset($_SESSION['username'])) {
            echo "<div style=\"text-align:center; \">";
            echo "<h2 style=\"margin-top:100px; \">MySQL Querier</h2>";
            if ($conn_error_msg != "") echo "<div class=\"failure\" style=\"margin:auto; \">$conn_error_msg</div><br />\n";
            ?>
            <form action="" method="post">
                <div class="login">
                    Host: <input type="host" name="host" value="<?php if (!posted("host")) { echo "localhost"; } ?>" />
                    Username: <input type="text" name="username" value="<?php posted("username"); ?>" />
                    Password: <input type="password" name="password" value="<?php posted("password"); ?>" /> <input type="submit" value="Login" />
                </div>
            </form>
            <br />
            <?php 
        } else {
            $con = mysql_connect($_SESSION['host'], $_SESSION['username'], $_SESSION['password']);
        ?>
        <h2>MySQL Querier</h2>
        <form action="" method="post" style="margin-bottom:10px; " name="queryform">
            <div class="login">
                <textarea name="query" id="query" cols="90" style="width:500px; " rows="4"><?php if (isset($_POST['query'])) { echo $_POST['query']; } ?></textarea></div>
                Database: <select name="dbname">
                <?php
                    $dbs = mysql_list_dbs($con);
                    while($dbname = mysql_fetch_assoc($dbs)) {
                        echo "<option";
                        if (isset($_POST['dbname'])) {
                            if ($_POST['dbname'] == $dbname['Database']) {
                                echo " selected=\"selected\"";
                            }
                        }
                        echo ">{$dbname['Database']}</option>";
                    }
                ?>
                </select>
                <input type="submit" value="Query" />
                <input type="button" value="Show Tables" onclick="show_tables()" />
                <input type="button" value="Logout" onclick="window.location = 'querier.php?logout=1'; " />
            </div>
        </form>
        <?php
            if (isset($_POST['query'])) {
                mysql_select_db($_POST['dbname']);
                $result = mysql_query($_POST['query']);
                if (mysql_error()) {
                    echo "<div class=\"failure\">" . mysql_error() . "</div>";
                } else {
                    echo "<div class=\"success\">Your query was successful!</div>";
                    if (strtoupper(substr($_POST['query'],0,6)) == "SELECT" || strtoupper(substr($_POST['query'],0,4)) == "SHOW") {
                        echo "<br />";
                        if (mysql_num_rows($result) == 0) {
                            echo "<div class=\"failure\">There are no records</div>";
                        } else {
                            echo "<table border=\"1\" cellpadding=\"3\" valign=\"top\" style=\"border-collapse:collapse; \">\n";
                            $heading = 1;
                            while ($row = mysql_fetch_assoc($result)) {
                                echo "<tr>";
                                if ($heading == 1) {
                                    $heading = 0;
                                    foreach ($row as $heading => $value) {
                                        echo "<th>$heading</th>";
                                    }
                                    echo "</tr>\n<tr>";
                                }
                                foreach ($row as $heading => $value) {
                                    echo "<td>" . nl2br(htmlspecialchars($value)) . "</td>";
                                }
                                echo "</tr>\n";
                            }
                            echo "</table>";
                        }
                    }
                }
            }
        }
    ?>
    

</body>
</html>