Database Admin support thread

[azer]

http://www.oscommerce.com/community/contributions,4182

 

The Database Manager permits you to access your MySQL database directly through the oscommerce admin panel.

 

Add, Alter, Drop, and Optimize Database tables from one file.

 

All the code is self-contained within the script

 

------------------------

 

 

i have installed this contibution , it is very usefull cause u could bypass phpmyadmin

but i think it should restric to the database used by the shop , not all databases , for me it is a security danger

 

and by the way , i have installed several shop on the server , i dont want to make any mistake selecting the wrong one

 

do you guys don't think i t would be possible to restrict the contribution ?

[dr_lucas]

Love this contribution! So simple to install and so effective! Exactly what I was looking for. Huge props to the author!!! :)

 

My only wish for this one, if possible, is to add checkboxes near the table names and allow multiple modifications on the checked tables (ie. drop, empty etc.) as in phpmyadmin.

Thanks again!

Edited April 24, 2006 by dr_lucas

[Guest]

I've just added a new release to this excellent contribution. Here are the changes:

 

This version of database_admin.php does not allow to select another database than the one from the store.

The list of databases will show only the database of the store and it is not possible to select another one from the URL.

 

However, it is still possible to create and drop other databases by typing the corresponding query and executing it...

 

- Rigadin

[azer]

This version of database_admin.php does not allow to select another database than the one from the store.

 

thanks rigadin , i m gonna test that right now

 

Contrib TODOLIST : Move all hard coded engsih to variable :-"

[azer]

rigadin

i see it limited to the database used, but could we remove the need to click it ?

 

did u manage to make some changemetn to the database, i tried in the query field, but i didnt do any change with an error message

[Guest]

So far I've been able to execute queries that I type myself as well as queries from a sql file. I have created databases and navigate through tables without problem. The only error I got is when trying to export datas, I got the "Header already sent" error.

 

For me the click on the database name and the english version are not a big deal, the most important is that this contribution is working. The code is well structured and probably someone else can do some more tricks in there.

 

- Rigadin

[insomniac2]

I think this is an Awesome Contribution ... but also a dangerous one.

 

What I would suggest is adding some kind of an admin / password sequence in order to access the database administration page even though you already have to log into your normal administration.

 

If anyone ever got past your admin .htaccess or whatever your using .. they would have total control and access to all database information.

[Guest]

If someone reaches you admin section, you are anyway in big trouble as other tools allows to see/edit files and also backup the database.

 

One security would be to rename the file to whatever name and not provide any link from the left column, so the only way to reach this tool would be by URL.

[demonangel]

That is why I recommend using an admin Contribution, like the one found here:

 

http://www.oscommerce.com/community/contributions,1174

 

that way you can permit/deny access to the file by assigning an admin (if you have several) to an authorized Admin Group.

[Guest]

if someone bypasses the admin security makes no difference if you have this contribution installed or not.

 

Even if you removed completely the tools section (which obviously can be used to upload/edit whatever scripts), there are ways to upload scripts and access/manipulate the database. Like for instance from the upload products image facility. Or through other entries that are stored in the dbase.

 

Also forms can be posted from other scripts not necessarily through those you're trying to protect/hide. Given the fact the osc source code is open.

Edited May 2, 2006 by enigma1

[demonangel]

Hey Everyone,

Thanks for making additions to the Contribution, and especially for creating language variables.

I appreciate everyone's help and added support for this contribution, and as of lately, I've got a ton of projects to undergo so I'm not readily available for help, as i hoped i would be.

 

But Again, Thanks to everyone that has been helping make this contribution even better, and for the support lent in the forum!

[Irin]

Hello everyone,

 

I have a problem with executing an SQL query to the database at admin side. It always says that execution has failed. Am I the only one who has this problem?

 

Thanks.

[demonangel]

Hello everyone,

 

I have a problem with executing an SQL query to the database at admin side. It always says that execution has failed. Am I the only one who has this problem?

 

Thanks.

 

I have noticed that sometime (not all the time) that if you copied and pasted a query from a phpmyAdmin file and it has the "#" or the "---" Characters the db admin will return an error that states the query failed.

 

I know that it is a major inconvience, and hopefully on the next release I'll have that issue taken care of, just that at the moment my time is limited (Perhaps one of the great people that use this contrib and offer support in the forum might be able to work on a fix too).

 

I would suggest removing all the # and --- characters from your queries and .sql files if you're using the query from file feature.

 

I hope that helps

Edited June 23, 2006 by demonangel

[Irin]

I have noticed that sometime (not all the time) that if you copied and pasted a query from a phpmyAdmin file and it has the "#" or the "---" Characters the db admin will return an error that states the query failed.

 

I know that it is a major inconvience, and hopefully on the next release I'll have that issue taken care of, just that at the moment my time is limited (Perhaps one of the great people that use this contrib and offer support in the forum might be able to work on a fix too).

 

I would suggest removing all the # and --- characters from your queries and .sql files if you're using the query from file feature.

 

I hope that helps

Thanks for the suggestion, demonangel. I'll try it next time. It would be great if that were a fix for executing sql queries. Otherwise, great contribution and very convenient.

 

Thanks.

[Guest]

So far I've been able to execute queries that I type myself as well as queries from a sql file. I have created databases and navigate through tables without problem. The only error I got is when trying to export datas, I got the "Header already sent" error.

 

For me the click on the database name and the english version are not a big deal, the most important is that this contribution is working. The code is well structured and probably someone else can do some more tricks in there.

 

- Rigadin

 

Yes, I have the same problem. So export is a problem:

When I clicked "Export", error message appears like this:

 

Warning: Cannot modify header information - headers already sent by (output started at /home/username/public_html/shop/admin/database_admin.php:19) in /home/username/public_html/shop/admin/database_admin.php on line 138

 

Warning: Cannot modify header information - headers already sent by (output started at /home/username/public_html/shop/admin/database_admin.php:19) in /home/username/public_html/shop/admin/database_admin.php on line 139

 

Anyone has a clue?

 

Regards

 

James

Edited July 9, 2006 by booksfarm

[ruchkin]

Unfortunaley, this contribution doesn't work.

 

When I click on database name I got the following error.

 

Security Alert! The PHP CGI cannot be accessed directly.

 

This PHP CGI binary was compiled with force-cgi-redirect enabled. This means that a page will only be served up if the REDIRECT_STATUS CGI variable is set, e.g. via an Apache Action directive.

 

For more information as to why this behaviour exists, see the manual page for CGI security.

 

For more information about changing this behaviour or re-enabling this webserver, consult the installation file that came with this distribution, or visit the manual page.

 

Anyone knows how to fix it.

 

Thanks

[ruboo]

Did anyone got Warning: set_time_limit(): Cannot set time limit in safe mode in /home//public_html/admin/database_admin.php on line 58 error?

Can it be corrected?

[demonangel]

ruchkin:

 

It sounds like your hosting company has your website running in safemode. You might want to contact them and see why it is running in safe mode. Secondly, who are you hosting with? It almost sounds as if they're restricting third-party scripts from accessing the database...

[azer]

this contrib is very usefull but i dont understand why some insert work with phpmyadmin and not with this contrib i gve you an exemple :

 

INSERT INTO `configuration` (`configuration_id`, `configuration_title`, `configuration_key`, `configuration_value`, `configuration_description`, `configuration_group_id`, `sort_order`, `last_modified`, `date_added`, `use_function`, `set_function`) VALUES  
 ('', 'Activer Affiliate', 'AZERCA_AFFILIATE', 'true', 'AZERCA_AFFILIATE', 500, 100, '0000-00-00', '2006-03-04', NULL, 'tep_cfg_select_option(array(\'true\', \'false\'),');

 INSERT INTO `configuration` (`configuration_id`, `configuration_title`, `configuration_key`, `configuration_value`, `configuration_description`, `configuration_group_id`, `sort_order`, `last_modified`, `date_added`, `use_function`, `set_function`) VALUES  
 ('', 'Activer Support Ticket', 'AZERCA_TICKETS', 'true', 'AZERCA_TICKETS', 500, 100, '0000-00-00', '2006-03-04', NULL, 'tep_cfg_select_option(array(\'true\', \'false\'),');

 

and here is the failed message :

 

 

Query results:

 

FAILED! - INSERT INTO `configuration` (`configuration_id`, `configuration_title`, `configuration_key`, `configuration_value`, `configuration_description`, `configuration_group_id`, `sort_order`, `last_modified`, `date_added`, `use_function`, `set_function`) VALUES ('', 'Activer Affiliate', 'AZERCA_AFFILIATE', 'true', 'AZERCA_AFFILIATE', 500, 100, '0000-00-00', '2006-03-04', NULL, 'tep_cfg_select_option(array('true', 'false'),');

 

>> Show tables

[azer]

when i click broswe , i had by default 20 lignes only shown , i changed this line to get more :

 

// bo if(!$_SESSION[RPP]) $_SESSION[RPP]=20;   
if(!$_SESSION[RPP]) $_SESSION[RPP]=100;

 

hope it helps!

 

is there any futur plan for this awesome contribtuion ?

[TheExterminator]

Hey.

 

I get this error when i will upload 'Error: Destination not writeable.'

 

Someone now why ???

[TheExterminator]

Someone have get this to work ???

I have same probs.

 

So far I've been able to execute queries that I type myself as well as queries from a sql file. I have created databases and navigate through tables without problem. The only error I got is when trying to export datas, I got the "Header already sent" error.

 

For me the click on the database name and the english version are not a big deal, the most important is that this contribution is working. The code is well structured and probably someone else can do some more tricks in there.

 

- Rigadin

[Irin]

I trying to use this add-on with osc v2.3.2 and php 5.3.16, but getting the following error:

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /admin/database_admin.php on line 160

Here is my code around line 160:

if($_SESSION[DBN]) {
mysql_select_db($_SESSION[DBN],$dbl);
$rs=mysql_query($_SESSION[DBN],$dbl);
for($i=0;$i<mysql_num_rows($rs);$i++) {
 $tbn=mysql_tablename($rs,$i);
 $TABLES.="<option value='$tbn' ".(($tbn==$_SESSION[TBN])?"selected":"").">$tbn</option>";
}
} elseif ($_REQUEST[op]!="999") unset($_REQUEST[op]);

How do I change the code to fix the error?

 

Thanks in advance.

[reflex-ocasion]

I trying to use this add-on with osc v2.3.2 and php 5.3.16, but getting the following error:

 

Here is my code around line 160:

if($_SESSION[DBN]) {
mysql_select_db($_SESSION[DBN],$dbl);
$rs=mysql_query($_SESSION[DBN],$dbl);
for($i=0;$i<mysql_num_rows($rs);$i++) {
$tbn=mysql_tablename($rs,$i);
$TABLES.="<option value='$tbn' ".(($tbn==$_SESSION[TBN])?"selected":"").">$tbn</option>";
}
} elseif ($_REQUEST[op]!="999") unset($_REQUEST[op]);

How do I change the code to fix the error?

 

Thanks in advance.

 

Me too gave me this error when changing hosting. After much searching the internet I found the solution and I have published as a new version.

 

 

Also I have to say that the error that can not be written in the header is not such error itself. When an update is made, for example to change the status of the order, usually leaves a message on the header type messageStack right? because if you can not make that update whatever reason leave the error message warning that you can not modify the header because it is not established a specific error message in such cases, leaves the error message that causes us concern and we does try to solve a problem that does not exist as such.

 

 

Sorry for my bad English, use a translator does not always work correctly.

[Irin]

With the new version it's not showing a database at all and is also giving the following error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1