science-ation/super/backuprestore.php

243 lines
8.1 KiB
PHP

<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2008 James Grant <james@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
require("../common.inc.php");
require_once("../user.inc.php");
user_auth_required('committee', 'super');
//make sure backup/restore folder exists, and htaccess it to deny access
if(!file_exists("../data/backuprestore"))
mkdir("../data/backuprestore");
if(!file_exists("../data/backuprestore/.htaccess"))
file_put_contents("../data/backuprestore/.htaccess","Order Deny,Allow\r\nDeny From All\r\n");
if($_GET['action']=="backup") {
$ts=time();
$dump="#SFIAB SQL BACKUP: ".date("r",$ts)."\n";
$dump.="#SFIAB VERSION: ".$config['version']."\n";
$dump.="#SFIAB DB VERSION: ".$config['DBVERSION']."\n";
$dump.="#SFIAB FAIR NAME: ".$config['fairname']."\n";
$dump.="#-------------------------------------------------\n";
$tableq=mysql_query("SHOW TABLES FROM `$DBNAME`");
while($tr=mysql_fetch_row($tableq)) {
$table=$tr[0];
$dump.="#TABLE: $table\n";
$columnq=mysql_query("SHOW COLUMNS FROM `$table`");
$str="INSERT INTO `$table` (";
unset($fields);
$fields=array();
while($cr=mysql_fetch_object($columnq)) {
$str.="`".$cr->Field."`,";
$fields[]=$cr->Field;
}
$str=substr($str,0,-1);
$str.=") VALUES (";
$dataq=mysql_query("SELECT * FROM `$table` ORDER BY `{$fields[0]}`");
while($data=mysql_fetch_object($dataq)) {
$insertstr=$str;
foreach($fields AS $field) {
if(is_null($data->$field))
$insertstr.="NULL,";
else
{
$escaped=str_replace("\\","\\\\",$data->$field);
$escaped=str_replace("'","''",$escaped);
$escaped=str_replace("\n","\\n",$escaped);
$escaped=str_replace("\r","\\r",$escaped);
$insertstr.="'".$escaped."',";
}
}
$insertstr=substr($insertstr,0,-1);
$insertstr.=");";
$dump.=$insertstr."\n";
}
}
header("Content-Type: text/sql");
header("Content-Disposition: attachment; filename=sfiab_backup_".date("Y-m-d-H-i-s",$ts).".sql");
header("Content-Length: ".strlen($dump));
//Make IE with SSL work
header("Pragma: public");
echo $dump;
}
else if($_POST['action']=="restore") {
echo send_header("Database Backup/Restore",
array('Committee Main' => 'committee_main.php',
'System Setup' => 'super/index.php')
,"backup_restore"
);
echo i18n("Processing file: %1",array($_FILES['restore']['name']))."<br />\n";
echo "<br />\n";
do {
//hmm just some random filename
$tmpfilename=md5(rand().time().$_FILES['restore']['name']);
} while(file_exists("../data/backuprestore/$tmpfilename"));
move_uploaded_file($_FILES['restore']['tmp_name'],"../data/backuprestore/$tmpfilename");
$fp=fopen("../data/backuprestore/$tmpfilename","r");
for($x=0;$x<4;$x++) {
$line=fgets($fp,1024);
$hdr[$x]=split(":",trim($line),2);
}
fclose($fp);
if(trim($hdr[0][0])=="#SFIAB SQL BACKUP") {
echo "<table class=\"tableview\">\n";
$now=date("r");
echo "<tr><th>".i18n("Information")."</th><th>".i18n("Restore File")."</th><th>".i18n("Live System")."</th></tr>\n";
if(trim($hdr[0][1])<trim($now)) $cl="happy"; else { $cl="error"; $err=true; }
echo "<tr class=\"$cl\"><td>".i18n("Date/Time")."</td><td>".$hdr[0][1]."</td><td>$now</td></tr>\n";
if(version_compare(trim($hdr[1][1]),$config['version'])==0) $cl="happy"; else { $cl="error"; $err=true; }
echo "<tr class=\"$cl\"><td>".i18n("SFIAB Version")."</td><td>".$hdr[1][1]."</td><td>".$config['version']."</td></tr>\n";
if(version_compare(trim($hdr[2][1]),$config['DBVERSION'])==0) $cl="happy"; else { $cl="error"; $err=true; }
echo "<tr class=\"$cl\"><td>".i18n("Database Version")."</td><td>".$hdr[2][1]."</td><td>".$config['DBVERSION']."</td></tr>\n";
if(trim($hdr[3][1])==$config['fairname']) $cl="happy"; else { $cl="error"; $err=true; }
echo "<tr class=\"$cl\"><td>".i18n("Fair Name")."</td><td>".$hdr[3][1]."</td><td>".$config['fairname']."</td></tr>\n";
echo "</table>\n";
echo "<br />\n";
if($err) {
echo error(i18n("Warning, there are discrepencies between the restore file and your current live system. Proceed at your own risk!"));
}
echo "<form method=\"post\" action=\"backuprestore.php\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"restoreproceed\">\n";
echo "<input type=\"hidden\" name=\"filename\" value=\"".$_FILES['restore']['name']."\">\n";
echo "<input type=\"hidden\" name=\"realfilename\" value=\"$tmpfilename\">\n";
echo "<input type=\"submit\" value=\"".i18n("Proceed with Database Restore")."\">";
echo "</form>\n";
echo "<br />\n";
echo "<a href=\"backuprestore.php\">";
echo i18n("If you are not going to proceed, please click here to clean up the temporary files which may contain confidential information!");
echo "</a>\n";
}
else
{
echo error(i18n("This file is NOT a SFIAB SQL BACKUP file"));
echo i18n("Only backups created with the SFIAB Backup Creator can be used to restore from.");
echo "<br />\n";
}
send_footer();
}
else if($_POST['action']=="restoreproceed") {
echo send_header("Database Backup/Restore",
array('Committee Main' => 'committee_main.php',
'System Setup' => 'super/index.php')
,"backup_restore"
);
//make sure the filename's good before we used it
if(ereg("^[a-z0-9]{32}$",$_POST['realfilename']) && file_exists("../data/backuprestore/".$_POST['realfilename'])) {
$filename=$_POST['realfilename'];
echo i18n("Proceeding with database restore from %1",array($_POST['filename']))."...";
$lines=file("../data/backuprestore/$filename");
$err=false;
echo "<pre>";
foreach($lines AS $line) {
$line=trim($line);
if(ereg("^#TABLE: (.*)",$line,$args)) {
//empty out the table
$sql="TRUNCATE TABLE `".$args[1]."`";
// echo $sql."\n";
mysql_query($sql);
}
else if(ereg("^#",$line)) {
//just skip it
}
else
{
//insert the new data
mysql_query($line);
if(mysql_error()) {
echo $line."\n";
echo mysql_error()."\n";
$err=true;
}
}
}
echo "</pre>";
if($err) {
echo error(i18n("An error occured while importing the restore database"));
}
else
echo happy(i18n("Database successfully restored"));
unlink("../data/backuprestore/$filename");
}
else
echo error(i18n("Invalid filename"));
send_footer();
}
else
{
echo send_header("Database Backup/Restore",
array('Committee Main' => 'committee_main.php',
'System Setup' => 'super/index.php')
,"backup_restore"
);
//we try to remove temp files every time we load this page, who knows, maybe they navigated away
//last time instead of clicking the link to come back here
$dh=opendir("../data/backuprestore");
$removed=false;
while($fn=readdir($dh)) {
if(ereg("[a-z0-9]{32}",$fn)) {
unlink("../data/backuprestore/$fn");
$removed=true;
}
}
closedir($dh);
if($removed) {
echo happy(i18n("Temporary files successfully removed"));
}
echo "<h3>".i18n("Backup Database")."</h3>\n";
echo "<a href=\"backuprestore.php?action=backup\">".i18n("Create Database Backup File")."</a><br />\n";
echo "<br /><br />\n";
echo "<hr />\n";
echo "<h3>".i18n("Restore Database")."</h3>\n";
echo error(i18n("WARNING: Importing a backup will completely DESTROY all data currently in the database and replace it with what is in the backup file"));
echo "<form method=\"post\" action=\"backuprestore.php\" enctype=\"multipart/form-data\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"restore\">\n";
echo "<input type=\"file\" name=\"restore\">\n";
echo "<input type=\"submit\" value=\"".i18n("Upload Restore File")."\">\n";
echo "</form>\n";
send_footer();
}
?>