' . h($e->getMessage()) . '', 'Fehler beim Start'); exit; } // App-Logout if ((string)($_GET['auth'] ?? '') === 'logout') { adminer_app_logout(); header('Location: /adminer', true, 302); exit; } $appPage = (string)($_GET['page'] ?? 'login'); $appError = null; $appRegError = null; $appRegOk = null; // Login POST if ($_SERVER['REQUEST_METHOD'] === 'POST' && (string)($_POST['action'] ?? '') === 'app_login') { $res = adminer_app_try_login((string)($_POST['username'] ?? ''), (string)($_POST['password'] ?? '')); if (!empty($res['ok'])) { header('Location: /adminer', true, 302); exit; } $appError = (string)($res['error'] ?? 'Login fehlgeschlagen.'); $appPage = 'login'; } // Register POST if ($_SERVER['REQUEST_METHOD'] === 'POST' && (string)($_POST['action'] ?? '') === 'app_register') { $res = adminer_app_try_register( (string)($_POST['username'] ?? ''), (string)($_POST['password'] ?? ''), (string)($_POST['password2'] ?? '') ); if (!empty($res['ok'])) { $appRegOk = 'Konto erstellt. Bitte lasse dich von einem Server-Administrator verifizieren, bevor du dich anmelden kannst.'; $appPage = 'login'; } else { $appRegError = (string)($res['error'] ?? 'Registrierung fehlgeschlagen.'); $appPage = 'register'; } } // ── LOGIN / REGISTER SEITE ──────────────────────────────────────────────── if (!adminer_app_is_logged_in()) { $canReg = adminer_app_allow_register(); $isReg = ($appPage === 'register'); $body = '
'; // Tabs $body .= '
'; $body .= 'Login'; if ($canReg) $body .= 'Registrieren'; $body .= '
'; $body .= '
'; if ($appRegOk) $body .= '
' . h($appRegOk) . '
'; if ($appError) $body .= '
' . h($appError) . '
'; if ($appRegError)$body .= '
' . h($appRegError) . '
'; if ($isReg && $canReg) { // ── Registrierungsformular ────────────────────────────────────── $body .= '
' . '' . '
' . '
' . '
' . '' . '
'; $body .= '

Bereits ein Konto? Login

'; } else { // ── Login-Formular ────────────────────────────────────────────── $body .= '
' . '' . '
' . '
' . '' . '
'; if ($canReg) $body .= '

Noch kein Konto? Registrieren

'; } $body .= '
'; $body .= '
'; admin_layout('DB-Verwaltung', $body, $isReg ? 'Neues Konto erstellen' : 'Bitte einloggen'); exit; } // ── DB-VERBINDUNGS-LOGIN ────────────────────────────────────────────────── require_once __DIR__ . '/auth.php'; admin_session_start(); if ((string)($_GET['a'] ?? '') === 'logout') { admin_logout(); header('Location: /adminer', true, 302); exit; } if (!isset($_SESSION['db_admin_select'])) $_SESSION['db_admin_select'] = []; $selectError = null; $selectMsg = null; // Probe: Datenbanken laden if ($_SERVER['REQUEST_METHOD'] === 'POST' && (string)($_POST['action'] ?? '') === 'probe') { $host = trim((string)($_POST['host'] ?? '')); $port = (int)($_POST['port'] ?? 3306); $user = trim((string)($_POST['user'] ?? '')); $pass = (string)($_POST['pass'] ?? ''); if ($host === '' || $port <= 0 || $user === '') { $selectError = 'Bitte Host, Port und Benutzer angeben.'; } else { try { $pdo = new PDO(sprintf('mysql:host=%s;port=%d;charset=utf8mb4', $host, $port), $user, $pass, [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, ]); $dbs = $pdo->query('SHOW DATABASES')->fetchAll(PDO::FETCH_COLUMN, 0); $_SESSION['db_admin_select'] = compact('host', 'port', 'user', 'pass', 'dbs'); $selectMsg = 'Datenbanken geladen – bitte unten eine auswählen.'; } catch (Throwable $e) { $selectError = 'Fehler: ' . $e->getMessage(); } } } // DB-Login $dbError = null; if ($_SERVER['REQUEST_METHOD'] === 'POST' && (string)($_POST['action'] ?? '') === 'login') { $res = admin_try_login( trim((string)($_POST['host'] ?? '')), (int)($_POST['port'] ?? 3306), trim((string)($_POST['user'] ?? '')), (string)($_POST['pass'] ?? ''), trim((string)($_POST['db'] ?? '')) ); if ($res['ok']) { header('Location: /adminer', true, 302); exit; } $dbError = (string)($res['error'] ?? 'Login fehlgeschlagen.'); } $defaults = admin_default_creds(); $selectState = is_array($_SESSION['db_admin_select']) ? $_SESSION['db_admin_select'] : []; $prefHost = isset($selectState['host']) ? (string)$selectState['host'] : (string)$defaults['host']; $prefPort = isset($selectState['port']) ? (int)$selectState['port'] : (int)$defaults['port']; $prefUser = isset($selectState['user']) ? (string)$selectState['user'] : (string)$defaults['user']; $prefPass = isset($selectState['pass']) ? (string)$selectState['pass'] : ''; $dbList = isset($selectState['dbs']) && is_array($selectState['dbs']) ? $selectState['dbs'] : []; if (!admin_is_logged_in()) { $body = '
'; if ($selectMsg) $body .= '
' . h($selectMsg) . '
'; if ($selectError)$body .= '
' . h($selectError) . '
'; if ($dbError) $body .= '
' . h($dbError) . '
'; // Step 1 $body .= '

1 · Server verbinden

'; $body .= '
' . '' . '
' . '
' . '
' . '
' . '' . '
'; $body .= '
'; // Step 2 $body .= '

2 · Datenbank auswählen & einloggen

'; $body .= '
' . '' . '' . '' . '' . '' . '
'; if (!empty($dbList)) { $body .= ''; } else { $body .= ''; } $body .= '
' . '' . '
'; $body .= '
'; admin_layout('DB-Verwaltung', $body, 'Datenbankverbindung'); exit; } // ── DB-VERWALTUNG (eingeloggt) ──────────────────────────────────────────── try { $pdo = admin_pdo(); $table = (string)($_GET['t'] ?? ''); $page = max(1, (int)($_GET['p'] ?? 1)); $limit = 50; $offset = ($page - 1) * $limit; $msg = null; $queryResultHtml = ''; // SQL Query ausführen if ($_SERVER['REQUEST_METHOD'] === 'POST' && (string)($_POST['action'] ?? '') === 'query') { $sql = trim((string)($_POST['sql'] ?? '')); if ($sql !== '') { if (preg_match('/;\s*\S/', $sql)) { $msg = ['ok' => false, 'text' => 'Nur ein Statement ausführen (kein zweites Semikolon).']; } else { try { $stmt = $pdo->query($sql); if ($stmt instanceof PDOStatement) { $rows = $stmt->fetchAll(); $queryResultHtml = '

Ergebnis

' . admin_render_table($rows); $msg = ['ok' => true, 'text' => 'Query ausgeführt (' . count($rows) . ' Zeilen).']; } else { $msg = ['ok' => true, 'text' => 'Statement ausgeführt.']; } } catch (Throwable $e) { $msg = ['ok' => false, 'text' => $e->getMessage()]; } } } } // Datensatz löschen if ($_SERVER['REQUEST_METHOD'] === 'POST' && (string)($_POST['action'] ?? '') === 'delete_row') { $delTable = (string)($_POST['table'] ?? ''); $pkCol = (string)($_POST['pk_col'] ?? ''); $pkVal = (string)($_POST['pk_val'] ?? ''); if (!preg_match('/^[A-Za-z0-9_]+$/', $delTable) || !preg_match('/^[A-Za-z0-9_]+$/', $pkCol)) { $msg = ['ok' => false, 'text' => 'Ungültige Parameter für Löschen.']; } else { try { // PK-Spalte gegen echte PK-Spalte validieren $realPk = admin_get_primary_key_column($pdo, $delTable); if ($realPk === null || $realPk !== $pkCol) { $msg = ['ok' => false, 'text' => 'Löschen ist nur über eine echte Primary-Key-Spalte möglich.']; } else { $stmt = $pdo->prepare('DELETE FROM `' . $delTable . '` WHERE `' . $pkCol . '` = :v LIMIT 1'); $stmt->execute([':v' => $pkVal]); $msg = ['ok' => true, 'text' => 'Datensatz gelöscht.']; // Wenn wir gerade diese Tabelle anzeigen: auf Seite 1 zurück, damit man nicht auf leerer Seite landet if ($table === $delTable) { $page = 1; $offset = 0; } } } catch (Throwable $e) { $msg = ['ok' => false, 'text' => $e->getMessage()]; } } } // Datensatz hinzufügen if ($_SERVER['REQUEST_METHOD'] === 'POST' && (string)($_POST['action'] ?? '') === 'insert_row') { $insTable = (string)($_POST['table'] ?? ''); if (!preg_match('/^[A-Za-z0-9_]+$/', $insTable)) { $msg = ['ok' => false, 'text' => 'Ungültiger Tabellenname für Insert.']; } else { try { $colsMeta = admin_get_table_columns($pdo, $insTable); if (empty($colsMeta)) { $msg = ['ok' => false, 'text' => 'Keine Spalten gefunden.']; } else { $fields = []; foreach ($colsMeta as $c) { $name = (string)$c['Field']; // Nur Spalten zulassen, die wirklich existieren if (!array_key_exists('col_' . $name, $_POST)) continue; $raw = (string)($_POST['col_' . $name] ?? ''); $isNull = ((string)($_POST['null_' . $name] ?? '') === '1'); $fields[] = [ 'name' => $name, 'value' => $isNull ? null : ($raw === '' ? null : $raw), 'forceNull' => $isNull, ]; } // Leere Submits verhindern if (empty($fields)) { $msg = ['ok' => false, 'text' => 'Keine Felder zum Einfügen übergeben.']; } else { $colNames = []; $placeholders = []; $params = []; foreach ($fields as $f) { $colNames[] = '`' . $f['name'] . '`'; $ph = ':c_' . $f['name']; $placeholders[] = $ph; $params[$ph] = $f['value']; } $sql = 'INSERT INTO `' . $insTable . '` (' . implode(',', $colNames) . ') VALUES (' . implode(',', $placeholders) . ')'; $stmt = $pdo->prepare($sql); $stmt->execute($params); $msg = ['ok' => true, 'text' => 'Datensatz hinzugefügt.']; // Nach Insert wieder zur Tabelle springen $table = $insTable; $page = 1; $offset = 0; } } } catch (Throwable $e) { $msg = ['ok' => false, 'text' => $e->getMessage()]; } } } $tables = $pdo->query('SHOW TABLES')->fetchAll(PDO::FETCH_NUM); // ── TOP BAR ────────────────────────────────────────────────────────── $dbName = (string)($_SESSION['db_admin']['db'] ?? ''); $uname = (string)($_SESSION['adminer_app']['username'] ?? ''); $body = '
' . '
' . '' . h($dbName) . '' . ($uname ? '' . h($uname) . '' : '') . '
' . '
' . 'DB-Logout' . 'Account-Logout' . '
' . '
'; // ── GRID: TABELLENLISTE + CONTENT ───────────────────────────────────── $body .= '
'; // Linke Spalte: Tabellenliste $body .= '
'; $body .= '

Tabellen

'; if (empty($tables)) { $body .= '

Keine Tabellen gefunden.

'; } else { $body .= ''; } $body .= '
'; // Rechte Spalte: Browse + Query $body .= '
'; // Notices if ($msg) { $cls = $msg['ok'] ? 'notice-ok' : 'notice-err'; $body .= '
' . h($msg['text']) . '
'; } // Browse if ($table !== '') { if (!preg_match('/^[A-Za-z0-9_]+$/', $table)) { $body .= '
Ungültiger Tabellenname.
'; } else { $pkCol = admin_get_primary_key_column($pdo, $table); $stmt = $pdo->query('SELECT * FROM `' . $table . '` LIMIT ' . (int)$limit . ' OFFSET ' . (int)$offset); $rows = $stmt->fetchAll(); $body .= '
'; $body .= '
' . '

' . h($table) . '

' . '+ Datensatz' . '
'; $body .= admin_render_table($rows, $table, $pkCol); $body .= ''; $body .= '
'; // Add form if ((string)($_GET['add'] ?? '') === '1') { $colsMeta = admin_get_table_columns($pdo, $table); $body .= '
'; $body .= '

Datensatz hinzufügen

'; $body .= '
' . '' . ''; foreach ($colsMeta as $c) { $col = (string)$c['Field']; $extra = (string)($c['Extra'] ?? ''); $nullOk = ((string)($c['Null'] ?? 'NO') === 'YES'); // auto_increment standardmäßig nicht anfassen if (stripos($extra, 'auto_increment') !== false) { $body .= '
' . '' . '' . '
'; continue; } $body .= '
' . '' . ''; if ($nullOk) { $body .= '
' . '' . '' . '
'; } $body .= '
'; } $body .= '
' . '' . 'Abbrechen' . '
' . '
'; $body .= '
'; } } } // SQL Query Box $body .= '
'; $body .= '

SQL Query

'; $body .= '
' . '' . '
' . '' . '
'; $body .= $queryResultHtml; $body .= '
'; $body .= '
'; // right col $body .= '
'; // admin-grid admin_layout('DB-Verwaltung', $body, h($dbName), 'wrap--full'); } catch (Throwable $e) { admin_logout(); admin_layout('DB-Verwaltung', '
' . h($e->getMessage()) . '
' . '

Zurück zum Login

', 'Fehler', 'wrap--wide' ); } function admin_render_table(array $rows, string $table = '', ?string $pkCol = null): string { if (empty($rows)) return '

(keine Zeilen)

'; $cols = array_keys((array)$rows[0]); $hasActions = ($table !== '' && $pkCol !== null && in_array($pkCol, $cols, true)); $html = '
'; foreach ($cols as $c) $html .= ''; if ($hasActions) $html .= ''; $html .= ''; foreach ($rows as $r) { $html .= ''; foreach ($cols as $c) { $v = $r[$c] ?? null; $cell = $v === null ? 'NULL' : (strlen((string)$v) > 300 ? h(substr((string)$v, 0, 300)) . '…' : h((string)$v)); $html .= ''; } if ($hasActions) { $pkVal = $r[$pkCol] ?? null; $safePkVal = $pkVal === null ? '' : (string)$pkVal; $html .= ''; } $html .= ''; } $html .= '
' . h((string)$c) . 'Aktionen
' . $cell . '' . '
' . '' . '' . '' . '' . '' . '
' . '
'; return $html; } function admin_get_primary_key_column(PDO $pdo, string $table): ?string { if (!preg_match('/^[A-Za-z0-9_]+$/', $table)) return null; $stmt = $pdo->prepare( "SELECT COLUMN_NAME\n" . "FROM INFORMATION_SCHEMA.KEY_COLUMN_USAGE\n" . "WHERE TABLE_SCHEMA = DATABASE()\n" . " AND TABLE_NAME = :t\n" . " AND CONSTRAINT_NAME = 'PRIMARY'\n" . "ORDER BY ORDINAL_POSITION\n" . "LIMIT 1" ); $stmt->execute([':t' => $table]); $pk = $stmt->fetchColumn(); return $pk !== false ? (string)$pk : null; } function admin_get_table_columns(PDO $pdo, string $table): array { if (!preg_match('/^[A-Za-z0-9_]+$/', $table)) return []; $stmt = $pdo->query('SHOW COLUMNS FROM `' . $table . '`'); $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); return is_array($rows) ? $rows : []; }