Files
nat-as-server/db_view.php
2026-03-24 10:22:01 +00:00

79 lines
3.0 KiB
PHP

<?php
// /var/www/html/db_view.php
require_once __DIR__ . '/common.php';
header('Content-Type: text/html; charset=UTF-8');
// ---- 1) Token prüfen (aus Authorization: Bearer <token>) ----
$auth = $_SERVER['HTTP_AUTHORIZATION'] ?? ($_SERVER['Authorization'] ?? '');
if (stripos($auth, 'Bearer ') !== 0) {
http_response_code(401); echo "Fehlender Bearer-Token"; exit;
}
$token = substr($auth, 7);
if (!token_is_valid($token)) {
http_response_code(403); echo "Ungültiger oder abgelaufener Token"; exit;
}
// ---- 2) Master-verschlüsselte DB laden & entschlüsseln ----
$dbPath = __DIR__ . '/uploads/questionnaire_database';
if (!file_exists($dbPath)) { http_response_code(404); echo "Datenbank nicht gefunden"; exit; }
$enc = file_get_contents($dbPath);
if ($enc === false) { http_response_code(500); echo "Lesefehler"; exit; }
try {
$plain = aes256_cbc_decrypt_bytes($enc, get_master_key_bytes());
} catch (Throwable $e) {
http_response_code(500); echo "Entschlüsselung fehlgeschlagen"; exit;
}
// ---- 3) In temporäre SQLite-Datei schreiben ----
$tmp = tempnam(sys_get_temp_dir(), 'qdb_');
file_put_contents($tmp, $plain);
// ---- 4) Tabellen lesen & als HTML ausgeben ----
try {
$pdo = new PDO("sqlite:$tmp");
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// Tabellenliste
$tables = [];
$rs = $pdo->query("SELECT name FROM sqlite_master WHERE type='table' AND name NOT LIKE 'sqlite_%' ORDER BY name");
foreach ($rs as $row) $tables[] = $row['name'];
// Ausgabe
echo "<style>h2{margin:24px 0 8px} table{border-collapse:collapse;width:100%} th,td{border:1px solid #ddd;padding:6px 8px;text-align:left} th{background:#f7f7f7}</style>";
echo "<p><b>Tabellen:</b> " . htmlspecialchars(implode(', ', $tables)) . "</p>";
foreach ($tables as $t) {
echo "<h2>" . htmlspecialchars($t) . "</h2>";
// Spaltenüberschriften via PRAGMA
$cols = [];
$cr = $pdo->query("PRAGMA table_info(" . $pdo->quote($t) . ")");
// PRAGMA table_info akzeptiert kein quote(..) direkt, also besser plain escapen:
// Workaround:
$t_esc = preg_replace('/[^A-Za-z0-9_]/', '', $t);
$cr = $pdo->query("PRAGMA table_info($t_esc)");
foreach ($cr as $c) $cols[] = $c['name'];
// Daten holen (ohne Limit; bei sehr großen Tabellen ggf. LIMIT einbauen)
$stmt = $pdo->query("SELECT * FROM $t_esc");
echo "<table><thead><tr>";
foreach ($cols as $c) echo "<th>" . htmlspecialchars($c) . "</th>";
echo "</tr></thead><tbody>";
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
echo "<tr>";
foreach ($cols as $c) {
$val = $row[$c];
if ($val === null) { echo "<td><em>NULL</em></td>"; }
else { echo "<td>" . htmlspecialchars((string)$val) . "</td>"; }
}
echo "</tr>";
}
echo "</tbody></table>";
}
} catch (Throwable $e) {
http_response_code(500); echo "SQLite-Fehler: " . htmlspecialchars($e->getMessage());
} finally {
@unlink($tmp);
}