]> andersk Git - sql-web.git/blob - tpl/main.php
andersk / sql-web.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix CSRF vulnerabilities
[sql-web.git] / tpl / main.php
1 <?php
2
3 include 'head.php';
4
5 if (isset($i_dropask)) {
6         $dropdbs = array_keys($i_dropask);
7         echo '<form method="post" action="', $URI,'">';
8         foreach($dropdbs as $dbname) {
9                 $msg1[] = 'Are you sure you want to drop `'.htmlentities($dbname).'`? <input style="position:absolute; right:20px;" type="submit" name="drop['.htmlentities($dbname).']" value="Yes">';
10         }
11         echo '</form>';
12 }
13
14 ?>
15 <h3>Databases</h3>
16
17 <form method="post" action="<?=$URI?>">
18 <input type='hidden' name='csrf_token' value='<?php echo $_SESSION['csrf_token']; ?>'>
19 <?php printErrors($err1); ?>
20 <?php printMsgs($msg1); ?>
21 </form>
22
23 <table width="100%">
24 <form method="post" action="<?=$URI?>">
25 <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
26 <?php
27         $bytes = $User->getBytes();
28         $usage = $bytes['nBytes'];
29         $total = $bytes['nBytesHard'];
30         if (!count($myDBs)) {
31                 echo '<tr><td width="100%"><em>You have no databases. Add one below.</em></td></tr>';
32         } else
33         foreach($myDBs as $db) {
34                 echo '<tr><td width="100%">';
35                 if ($total>0)
36                         $percentage = $db['nBytes']/$total;
37                 else $percentage = 0;
38                 echo printBar($percentage, htmlentities($db['Name']), str_replace(' ', '&nbsp;', sprintSize($db['nBytes'])));
39                 echo '</td><td>';
40                 echo '<input type="submit" name="dropask[',htmlentities($db['Name']),']" value="drop">';
41                 echo '</td></tr>';
42         }
43         if ($total>0) {
44                 $percentage = $usage/$total;
45         } else {
46                 $percentage = 0;
47         }
48         echo '<tr><td colspan=2>';
49         echo '<hr />';
50         echo '</td></tr>';
51         echo '<tr><td colspan=2>';
52         echo printBar($percentage, '<b>TOTAL&nbsp;USED</b>', str_replace(' ', '&nbsp;', sprintSize($usage).' of '.sprintSize($total)));
53         echo '</td></tr>';
54 ?>
55 </form>
56 </table>
57
58 <form method="post" action="<?=$URI?>">
59 <p align="right"><span style="width: 150px; font-style: italic;"><label for="p1">new database:</label></span> <?=$Login->getUsername()?>+<input type="text" name="newdb">
60 <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
61 <input type=submit value="add"></p>
62 </form>
63
64 <h3>Manage Data</h3>
65 <p>One interface we recommend for managing SQL data is <a href="https://scripts.mit.edu/~sql/phpMyAdmin/" target="_blank">phpMyAdmin</a>. Feel free to use it after you've created your databases.</p>
66
67 <?php
68
69 include 'foot.php';
70
71 ?>
Unnamed repository; edit this file 'description' to name the repository.
This page took 0.043401 seconds and 5 git commands to generate.