]> andersk Git - sql-web.git/blobdiff - tpl/main.php
andersk / sql-web.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix XSS vulnerabilities
[sql-web.git] / tpl / main.php
diff --git a/tpl/main.php b/tpl/main.php
index cbf42503130655898fd4b167d494c09daf473dc7..89b0432de92fe5ce0030d1d053130558d8e0ac60 100644 (file)
--- a/tpl/main.php
+++ b/tpl/main.php
@@ -2,26 +2,65 @@
 
 include 'head.php';
 
+if (isset($i_dropask)) {
+       $dropdbs = array_keys($i_dropask);
+       echo '<form method="post" action="', $URI,'">';
+       foreach($dropdbs as $dbname) {
+               $msg1[] = 'Are you sure you want to drop `'.htmlentities($dbname).'`? <input style="position:absolute; right:20px;" type="submit" name="drop['.htmlentities($dbname).']" value="Yes">';
+       }
+       echo '</form>';
+}
+
 ?>
-<h2>Databases</h2>
-
-<?php printErrors($err); ?>
-
-<? if (!DEVEL) { ?>
-<p>
-Thanks for signing up.  This interface is nearly ready.  We will e-mail you as soon as this portion of the site is ready.
-<br />
-<br />
-- The MIT SQL Team
-</p>
-<? } else { ?>
-
-<form method="post">
-<p><span style="width: 150px;"><label for="p1">new database:</label></span> <input type="text" name="newdb">
-<input type=submit value="Add"></p>
+<h3>Databases</h3>
+
+<form method="post" action="<?=$URI?>">
+<?php printErrors($err1); ?>
+<?php printMsgs($msg1); ?>
 </form>
 
-<? } ?>
+<table width="100%">
+<form method="post" action="<?=$URI?>">
+<?php
+       $bytes = $User->getBytes();
+       $usage = $bytes['nBytes'];
+       $total = $bytes['nBytesHard'];
+       if (!count($myDBs)) {
+               echo '<tr><td width="100%"><em>You have no databases. Add one below.</em></td></tr>';
+       } else
+       foreach($myDBs as $db) {
+               echo '<tr><td width="100%">';
+               if ($total>0)
+                       $percentage = $db['nBytes']/$total;
+               else $percentage = 0;
+               echo printBar($percentage, $db['Name'], str_replace(' ', '&nbsp;', sprintSize($db['nBytes'])));
+               echo '</td><td>';
+               echo '<input type="submit" name="dropask[',htmlentities($db['Name']),']" value="drop">';
+               echo '</td></tr>';
+       }
+       if ($total>0) {
+               $percentage = $usage/$total;
+       } else {
+               $percentage = 0;
+       }
+       echo '<tr><td colspan=2>';
+       echo '<hr />';
+       echo '</td></tr>';
+       echo '<tr><td colspan=2>';
+       echo printBar($percentage, '<b>TOTAL&nbsp;USED</b>', str_replace(' ', '&nbsp;', sprintSize($usage).' of '.sprintSize($total)));
+       echo '</td></tr>';
+?>
+</form>
+</table>
+
+<form method="post" action="<?=$URI?>">
+<p align="right"><span style="width: 150px; font-style: italic;"><label for="p1">new database:</label></span> <?=$Login->getUsername()?>+<input type="text" name="newdb">
+<input type=submit value="add"></p>
+</form>
+
+<h3>Manage Data</h3>
+<p>One interface we recommend for managing SQL data is <a href="https://scripts.mit.edu/~sql/phpMyAdmin/" target="_blank">phpMyAdmin</a>. Feel free to use it after you've created your databases.</p>
+
 <?php
 
 include 'foot.php';
Unnamed repository; edit this file 'description' to name the repository.
This page took 0.106994 seconds and 4 git commands to generate.