Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2025-12-24 12:48:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2324bf5078ff85afef71ffab358e7b8191dafbcc
web/api_db.php
DL6ER af9a6f3444 Merge branch 'devel' into new/nonfatal-dnsmasq-warnings 
Signed-off-by: DL6ER <dl6er@dl6er.de>
2022-03-20 09:00:57 +01:00

431 lines
12 KiB
PHP
Raw Blame History

<?php
/* Pi-hole: A black hole for Internet advertisements
* (c) 2017 Pi-hole, LLC (https://pi-hole.net)
* Network-wide ad blocking via your own hardware.
*
* This file is copyright under the latest version of the EUPL.
* Please see LICENSE file for your rights under this license */
$api = true;
header('Content-type: application/json');
require("scripts/pi-hole/php/database.php");
require("scripts/pi-hole/php/password.php");
require("scripts/pi-hole/php/auth.php");
require_once("scripts/pi-hole/php/func.php");
check_cors();
// Set maximum execution time to 10 minutes
ini_set("max_execution_time","600");
$data = array();
// Needs package php5-sqlite, e.g.
// sudo apt-get install php5-sqlite
$QUERYDB = getQueriesDBFilename();
$db = SQLite3_connect($QUERYDB);
if(isset($_GET["network"]) && $auth)
{
$network = array();
$results = $db->query('SELECT * FROM network');
while($results !== false && $res = $results->fetchArray(SQLITE3_ASSOC))
{
$id = intval($res["id"]);
// Get IP addresses and host names for this device
$res["ip"] = array();
$res["name"] = array();
$network_addresses = $db->query("SELECT ip,name FROM network_addresses WHERE network_id = $id ORDER BY lastSeen DESC");
while($network_addresses !== false && $network_address = $network_addresses->fetchArray(SQLITE3_ASSOC))
{
array_push($res["ip"],$network_address["ip"]);
if($network_address["name"] !== null)
array_push($res["name"],utf8_encode($network_address["name"]));
else
array_push($res["name"],"");
}
$network_addresses->finalize();
// UTF-8 encode vendor
$res["macVendor"] = utf8_encode($res["macVendor"]);
array_push($network, $res);
}
$results->finalize();
$data = array_merge($data, array('network' => $network));
}
if (isset($_GET['getAllQueries']) && $auth)
{
$allQueries = array();
if($_GET['getAllQueries'] !== "empty")
{
$from = intval($_GET["from"]);
$until = intval($_GET["until"]);
$dbquery = "SELECT timestamp, type, domain, client, status, forward FROM queries WHERE timestamp >= :from AND timestamp <= :until ";
if(isset($_GET["types"]))
{
$types = $_GET["types"];
if(preg_match("/^[0-9]+(?:,[0-9]+)*$/", $types) === 1)
{
// Append selector to DB query. The used regex ensures
// that only numbers, separated by commas are accepted
// to avoid code injection and other malicious things
// We accept only valid lists like "1,2,3"
// We reject ",2,3", "1,2," and similar arguments
$dbquery .= "AND status IN (".$types.") ";
}
else
{
die("Error. Selector types specified using an invalid format.");
}
}
$dbquery .= "ORDER BY timestamp ASC";
$stmt = $db->prepare($dbquery);
$stmt->bindValue(":from", intval($from), SQLITE3_INTEGER);
$stmt->bindValue(":until", intval($until), SQLITE3_INTEGER);
$results = $stmt->execute();
if (!is_bool($results)) {
// Start the JSON string
echo '{"data":[';
$first = true;
while ($row = $results->fetchArray()) {
// Insert a comma before the next record (except on the first one)
if (!$first) {
echo ",";
} else {
$first = false;
}
// Convert query type ID to name, encode domain, encode destination
$query_type = getQueryTypeStr($row[1]);
$domain = utf8_encode(str_replace("~"," ",$row[2]));
$destination = utf8_encode($row[5]);
// Insert into array and output it in JSON format
// array: time type domain client status upstream destination
echo json_encode([$row[0], $query_type, $domain, $row[3], $row[4], $destination]);
}
// Finish the JSON string
echo ']}';
}
// exit at the end
exit();
}
// only used if getAllQueries==empty
$result = array('data' => $allQueries);
$data = array_merge($data, $result);
}
if (isset($_GET['topClients']) && $auth)
{
// $from = intval($_GET["from"]);
$limit = "";
if(isset($_GET["from"]) && isset($_GET["until"]))
{
$limit = "WHERE timestamp >= :from AND timestamp <= :until";
}
elseif(isset($_GET["from"]) && !isset($_GET["until"]))
{
$limit = "WHERE timestamp >= :from";
}
elseif(!isset($_GET["from"]) && isset($_GET["until"]))
{
$limit = "WHERE timestamp <= :until";
}
$stmt = $db->prepare('SELECT client,count(client) FROM queries '.$limit.' GROUP by client order by count(client) desc limit 20');
$stmt->bindValue(":from", intval($_GET['from']), SQLITE3_INTEGER);
$stmt->bindValue(":until", intval($_GET['until']), SQLITE3_INTEGER);
$results = $stmt->execute();
$clientnums = array();
if(!is_bool($results))
while ($row = $results->fetchArray())
{
// $row[0] is the client IP
if(array_key_exists($row[0], $clientnums))
{
// Entry already exists, add to it (might appear multiple times due to mixed capitalization in the database)
$clientnums[$row[0]] += intval($row[1]);
}
else
{
// Entry does not yet exist
$clientnums[$row[0]] = intval($row[1]);
}
}
// Sort by number of hits
arsort($clientnums);
// Extract only the first ten entries
$clientnums = array_slice($clientnums, 0, 10);
$result = array('top_sources' => $clientnums);
$data = array_merge($data, $result);
}
if (isset($_GET['topDomains']) && $auth)
{
$limit = "";
if(isset($_GET["from"]) && isset($_GET["until"]))
{
$limit = " AND timestamp >= :from AND timestamp <= :until";
}
elseif(isset($_GET["from"]) && !isset($_GET["until"]))
{
$limit = " AND timestamp >= :from";
}
elseif(!isset($_GET["from"]) && isset($_GET["until"]))
{
$limit = " AND timestamp <= :until";
}
// Select top permitted domains only
$stmt = $db->prepare('SELECT domain,count(domain) FROM queries WHERE status IN (2,3,12,13,14)'.$limit.' GROUP by domain order by count(domain) desc limit 20');
$stmt->bindValue(":from", intval($_GET['from']), SQLITE3_INTEGER);
$stmt->bindValue(":until", intval($_GET['until']), SQLITE3_INTEGER);
$results = $stmt->execute();
$domains = array();
if(!is_bool($results))
while ($row = $results->fetchArray())
{
// Convert domain to lower case UTF-8
$c = utf8_encode(strtolower($row[0]));
if(array_key_exists($c, $domains))
{
// Entry already exists, add to it (might appear multiple times due to mixed capitalization in the database)
$domains[$c] += intval($row[1]);
}
else
{
// Entry does not yet exist
$domains[$c] = intval($row[1]);
}
}
// Sort by number of hits
arsort($domains);
// Extract only the first ten entries
$domains = array_slice($domains, 0, 10);
$result = array('top_domains' => $domains);
$data = array_merge($data, $result);
}
if (isset($_GET['topAds']) && $auth)
{
$limit = "";
if(isset($_GET["from"]) && isset($_GET["until"]))
{
$limit = " AND timestamp >= :from AND timestamp <= :until";
}
elseif(isset($_GET["from"]) && !isset($_GET["until"]))
{
$limit = " AND timestamp >= :from";
}
elseif(!isset($_GET["from"]) && isset($_GET["until"]))
{
$limit = " AND timestamp <= :until";
}
$stmt = $db->prepare('SELECT domain,count(domain) FROM queries WHERE status IN (1,4,5,6,7,8,9,10,11)'.$limit.' GROUP by domain order by count(domain) desc limit 10');
$stmt->bindValue(":from", intval($_GET['from']), SQLITE3_INTEGER);
$stmt->bindValue(":until", intval($_GET['until']), SQLITE3_INTEGER);
$results = $stmt->execute();
$addomains = array();
if(!is_bool($results))
while ($row = $results->fetchArray())
{
$addomains[utf8_encode($row[0])] = intval($row[1]);
}
$result = array('top_ads' => $addomains);
$data = array_merge($data, $result);
}
if (isset($_GET['getMinTimestamp']) && $auth)
{
$results = $db->query('SELECT MIN(timestamp) FROM queries');
if(!is_bool($results))
$result = array('mintimestamp' => $results->fetchArray()[0]);
else
$result = array();
$data = array_merge($data, $result);
}
if (isset($_GET['getMaxTimestamp']) && $auth)
{
$results = $db->query('SELECT MAX(timestamp) FROM queries');
if(!is_bool($results))
$result = array('maxtimestamp' => $results->fetchArray()[0]);
else
$result = array();
$data = array_merge($data, $result);
}
if (isset($_GET['getQueriesCount']) && $auth)
{
$results = $db->query('SELECT COUNT(timestamp) FROM queries');
if(!is_bool($results))
$result = array('count' => $results->fetchArray()[0]);
else
$result = array();
$data = array_merge($data, $result);
}
if (isset($_GET['getDBfilesize']) && $auth)
{
$filesize = filesize("/etc/pihole/pihole-FTL.db");
$result = array('filesize' => $filesize);
$data = array_merge($data, $result);
}
if (isset($_GET['getGraphData']) && $auth)
{
$limit = "";
if(isset($_GET["from"]) && isset($_GET["until"]))
{
$limit = " AND timestamp >= :from AND timestamp <= :until";
}
elseif(isset($_GET["from"]) && !isset($_GET["until"]))
{
$limit = " AND timestamp >= :from";
}
elseif(!isset($_GET["from"]) && isset($_GET["until"]))
{
$limit = " AND timestamp <= :until";
}
$interval = 600;
if(isset($_GET["interval"]))
{
$q = intval($_GET["interval"]);
if($q >= 10)
$interval = $q;
}
// Round $from and $until to match the requested $interval
$from = intval((intval($_GET['from'])/$interval)*$interval);
$until = intval((intval($_GET['until'])/$interval)*$interval);
// Count permitted queries in intervals
$stmt = $db->prepare('SELECT (timestamp/:interval)*:interval interval, COUNT(*) FROM queries WHERE (status != 0 )'.$limit.' GROUP by interval ORDER by interval');
$stmt->bindValue(":from", $from, SQLITE3_INTEGER);
$stmt->bindValue(":until", $until, SQLITE3_INTEGER);
$stmt->bindValue(":interval", $interval, SQLITE3_INTEGER);
$results = $stmt->execute();
// Parse the DB result into graph data, filling in missing interval sections with zero
function parseDBData($results, $interval, $from, $until) {
$data = array();
$first_db_timestamp = -1;
if(!is_bool($results)) {
// Read in the data
while($row = $results->fetchArray()) {
// $data[timestamp] = value_in_this_interval
$data[$row[0]] = intval($row[1]);
if($first_db_timestamp === -1)
$first_db_timestamp = intval($row[0]);
}
}
// It is unpredictable what the first timestamp returned by the database
// will be. This depends on live data. Hence, we re-align the FROM
// timestamp to avoid unaligned holes appearing as additional
// (incorrect) data points
$aligned_from = $from + (($first_db_timestamp - $from) % $interval);
// Fill gaps in returned data
for($i = $aligned_from; $i < $until; $i += $interval) {
if(!array_key_exists($i, $data))
$data[$i] = 0;
}
return $data;
}
$domains = parseDBData($results, $interval, $from, $until);
$result = array('domains_over_time' => $domains);
$data = array_merge($data, $result);
// Count blocked queries in intervals
$stmt = $db->prepare('SELECT (timestamp/:interval)*:interval interval, COUNT(*) FROM queries WHERE status IN (1,4,5,6,7,8,9,10,11)'.$limit.' GROUP by interval ORDER by interval');
$stmt->bindValue(":from", $from, SQLITE3_INTEGER);
$stmt->bindValue(":until", $until, SQLITE3_INTEGER);
$stmt->bindValue(":interval", $interval, SQLITE3_INTEGER);
$results = $stmt->execute();
$addomains = parseDBData($results, $interval, $from, $until);
$result = array('ads_over_time' => $addomains);
$data = array_merge($data, $result);
}
if (isset($_GET['status']))
{
$extra = ";";
if(isset($_GET["ignore"]) && $_GET["ignore"] === 'DNSMASQ_WARN')
$extra = "WHERE type != 'DNSMASQ_WARN';";
$results = $db->query('SELECT COUNT(*) FROM message '.$extra);
if(!is_bool($results))
$result = array('message_count' => $results->fetchArray()[0]);
else
$result = array();
$data = array_merge($data, $result);
}
if(isset($_GET["messages"]) && $auth)
{
$extra = ";";
if(isset($_GET["ignore"]) && $_GET["ignore"] === 'DNSMASQ_WARN')
$extra = "WHERE type != 'DNSMASQ_WARN';";
$messages = array();
$results = $db->query('SELECT * FROM message '.$extra);
while($results !== false && $res = $results->fetchArray(SQLITE3_ASSOC))
{
// Convert string to to UTF-8 encoding to ensure php-json can handle it.
// Furthermore, convert special characters to HTML entities to prevent XSS attacks.
foreach ($res as $key => $value) {
if (is_string($value))
$res[$key] = htmlspecialchars(utf8_encode($value));
}
array_push($messages, $res);
}
$data = array_merge($data, array('messages' => $messages));
}
if(isset($_GET["jsonForceObject"]))
{
echo json_encode($data, JSON_FORCE_OBJECT);
}
else
{
echo json_encode($data);
}
Reference in New Issue View Git Blame Copy Permalink