initial upload
This commit is contained in:
78
db_view.php
Normal file
78
db_view.php
Normal file
@ -0,0 +1,78 @@
|
||||
<?php
|
||||
// /var/www/html/db_view.php
|
||||
require_once __DIR__ . '/common.php';
|
||||
header('Content-Type: text/html; charset=UTF-8');
|
||||
|
||||
// ---- 1) Token prüfen (aus Authorization: Bearer <token>) ----
|
||||
$auth = $_SERVER['HTTP_AUTHORIZATION'] ?? ($_SERVER['Authorization'] ?? '');
|
||||
if (stripos($auth, 'Bearer ') !== 0) {
|
||||
http_response_code(401); echo "Fehlender Bearer-Token"; exit;
|
||||
}
|
||||
$token = substr($auth, 7);
|
||||
if (!token_is_valid($token)) {
|
||||
http_response_code(403); echo "Ungültiger oder abgelaufener Token"; exit;
|
||||
}
|
||||
|
||||
// ---- 2) Master-verschlüsselte DB laden & entschlüsseln ----
|
||||
$dbPath = __DIR__ . '/uploads/questionnaire_database';
|
||||
if (!file_exists($dbPath)) { http_response_code(404); echo "Datenbank nicht gefunden"; exit; }
|
||||
$enc = file_get_contents($dbPath);
|
||||
if ($enc === false) { http_response_code(500); echo "Lesefehler"; exit; }
|
||||
|
||||
try {
|
||||
$plain = aes256_cbc_decrypt_bytes($enc, get_master_key_bytes());
|
||||
} catch (Throwable $e) {
|
||||
http_response_code(500); echo "Entschlüsselung fehlgeschlagen"; exit;
|
||||
}
|
||||
|
||||
// ---- 3) In temporäre SQLite-Datei schreiben ----
|
||||
$tmp = tempnam(sys_get_temp_dir(), 'qdb_');
|
||||
file_put_contents($tmp, $plain);
|
||||
|
||||
// ---- 4) Tabellen lesen & als HTML ausgeben ----
|
||||
try {
|
||||
$pdo = new PDO("sqlite:$tmp");
|
||||
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
|
||||
// Tabellenliste
|
||||
$tables = [];
|
||||
$rs = $pdo->query("SELECT name FROM sqlite_master WHERE type='table' AND name NOT LIKE 'sqlite_%' ORDER BY name");
|
||||
foreach ($rs as $row) $tables[] = $row['name'];
|
||||
|
||||
// Ausgabe
|
||||
echo "<style>h2{margin:24px 0 8px} table{border-collapse:collapse;width:100%} th,td{border:1px solid #ddd;padding:6px 8px;text-align:left} th{background:#f7f7f7}</style>";
|
||||
echo "<p><b>Tabellen:</b> " . htmlspecialchars(implode(', ', $tables)) . "</p>";
|
||||
|
||||
foreach ($tables as $t) {
|
||||
echo "<h2>" . htmlspecialchars($t) . "</h2>";
|
||||
|
||||
// Spaltenüberschriften via PRAGMA
|
||||
$cols = [];
|
||||
$cr = $pdo->query("PRAGMA table_info(" . $pdo->quote($t) . ")");
|
||||
// PRAGMA table_info akzeptiert kein quote(..) direkt, also besser plain escapen:
|
||||
// Workaround:
|
||||
$t_esc = preg_replace('/[^A-Za-z0-9_]/', '', $t);
|
||||
$cr = $pdo->query("PRAGMA table_info($t_esc)");
|
||||
foreach ($cr as $c) $cols[] = $c['name'];
|
||||
|
||||
// Daten holen (ohne Limit; bei sehr großen Tabellen ggf. LIMIT einbauen)
|
||||
$stmt = $pdo->query("SELECT * FROM $t_esc");
|
||||
echo "<table><thead><tr>";
|
||||
foreach ($cols as $c) echo "<th>" . htmlspecialchars($c) . "</th>";
|
||||
echo "</tr></thead><tbody>";
|
||||
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
|
||||
echo "<tr>";
|
||||
foreach ($cols as $c) {
|
||||
$val = $row[$c];
|
||||
if ($val === null) { echo "<td><em>NULL</em></td>"; }
|
||||
else { echo "<td>" . htmlspecialchars((string)$val) . "</td>"; }
|
||||
}
|
||||
echo "</tr>";
|
||||
}
|
||||
echo "</tbody></table>";
|
||||
}
|
||||
} catch (Throwable $e) {
|
||||
http_response_code(500); echo "SQLite-Fehler: " . htmlspecialchars($e->getMessage());
|
||||
} finally {
|
||||
@unlink($tmp);
|
||||
}
|
||||
Reference in New Issue
Block a user