Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
JRSweets
Worker
Worker


Joined: Aug 06, 2004
Posts: 192

PostPosted: Tue Jan 11, 2005 7:41 am Reply with quote

I have a statistics module that displays forum statistics. It also writes to an html file output like this:
Code:
Query:   SELECT COUNT(user_id) AS total

   FROM ****_users
   WHERE user_id <> -1

Time before:  0.28508710861206
Time after:   0.2854700088501
Elapsed time: 0.00038290023803711

Query:   SELECT SUM(forum_topics) AS topic_total, SUM(forum_posts) AS post_total
   FROM ****_bbforums

Time before:  0.28567290306091
Time after:   0.28595590591431
Elapsed time: 0.00028300285339355

Query:   SELECT user_id, username
   FROM ****_users
   WHERE user_id <> -1
   ORDER BY user_id DESC
   LIMIT 1

Time before:  0.28615188598633
Time after:   0.28641510009766
Elapsed time: 0.00026321411132812



It there any way to make nuke do the same so I can see all the queries running on a certain page, specifically the main page?


Last edited by JRSweets on Tue Jan 11, 2005 9:53 am; edited 1 time in total 
View user's profile Send private message
JRSweets
PostPosted: Tue Jan 11, 2005 9:49 am Reply with quote

Ok I have progressed to get a html page out with all the sql queries on it. The only problem is its would be hard to tell what page they are from on real busy sites.

First I opened up mysql.php and mysql4.php and looked for this code:
Code:
var $db_connect_id;


After add:
Code:
var $sql_report = '';


Then find this:
Code:
$this->query_result = @mysql_query($query, $this->db_connect_id);


After I added:
Code:
//*************

$this->sql_report .= "<pre>Query:\t" . htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n\t", $query)) . "\n\n";
//*************


Open footer.php and inside

Code:
function foot() {... }


Right before the
Code:
die();


I added:
Code:
$test = time();

$fp = fopen('****/e' . $test . '.html', 'wt');
fwrite($fp, $db->sql_report);
fclose($fp);


Replace the '***' with the location to the directory of your chosing. You have to chmod the directory to 777 the file can be created. You will then get an html file to display all the sql queries run on a page.

I still have to figure out how to specify what page they are comming from, however you can basically make it out based on what queries are being run.

Also be very careful using this as the html report could could contain sensitive data. I would suggest writing the files to a hidden and protected directory, or above the web root.
 
JRSweets
PostPosted: Tue Jan 11, 2005 9:51 am Reply with quote

Your output will be similar to this:
Code:
Query:   SELECT msg_id, title, message, showpage , auth, width, images, ordr, bbcode_uid,

   startdate, enddate, users_timezone
   FROM ****_board_message
   WHERE ((showpage <> '-9999'
   AND showpage = '-4' )
   OR showpage = '9999')
   AND MID(days,3,1) = '1'
   AND auth = 0 AND startdate <= 1105439501 AND enddate >= 1105439501 AND ordr <
   ORDER BY ordr DESC, msg_id ASC
   LIMIT 1

Query:   SELECT msg_id, title, message, showpage , auth, width, images, ordr, bbcode_uid,
   startdate, enddate, users_timezone
   FROM ****_board_message
   WHERE ((showpage <> '-9999'
   AND showpage = '-4' )
   OR showpage = '9999')
   AND MID(days,3,1) = '1'
   AND auth = 0 AND startdate <= 1105439501 AND enddate >= 1105439501 AND ordr >
   ORDER BY ordr ASC, msg_id ASC
   LIMIT 1

Query:   SELECT *
   FROM ****_bbqotm_config

Query:   DELETE FROM ****_serverload WHERE time < 1105457201

Query:   INSERT INTO ****_serverload (time) VALUES (1105457501)

Query:   SELECT time FROM ****_serverload

Query:   SELECT cid, lid, title, hits from ****_downloads_downloads WHERE ns_disable='0' order by date DESC limit 0,30

Query:   SELECT lid, title, hits from ****_links_links order by date DESC limit 0,30
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©