From f078203136a450f694c9083c2c12450d5f60faeb Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Thu, 3 Apr 2025 15:01:47 -0400
Subject: [PATCH] Fix Database Export, was not properly exporting utf8, html
 data and such. Also disable foreign key contraint check in the export then
 renable it in the end. This fixes the issue with importing the database into
 phpmyadmin or using the mysql command

---
 post/admin/admin_backup.php | 108 +++++++++++++++---------------------
 1 file changed, 46 insertions(+), 62 deletions(-)

diff --git a/post/admin/admin_backup.php b/post/admin/admin_backup.php
index dfb0509a..7ad9fde8 100644
--- a/post/admin/admin_backup.php
+++ b/post/admin/admin_backup.php
@@ -7,84 +7,68 @@
 defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
 
 if (isset($_GET['download_database'])) {
-
     validateCSRFToken($_GET['csrf_token']);
 
-    // Get All Table Names From the Database
-    $tables = array();
-    $sql = "SHOW TABLES";
-    $result = mysqli_query($mysqli, $sql);
+    global $mysqli, $database;
 
-    while ($row = mysqli_fetch_row($result)) {
+    $backupFileName = date('Y-m-d_H-i-s') . '_backup.sql';
+
+    header('Content-Type: application/sql');
+    header('Content-Disposition: attachment; filename="' . $backupFileName . '"');
+    header('Cache-Control: no-store, no-cache, must-revalidate');
+    header('Pragma: no-cache');
+    header('Expires: 0');
+
+    if (ob_get_level()) ob_end_clean();
+    flush();
+
+    // Start of dump file — charset declaration
+    echo "-- UTF-8 + Foreign Key Safe Dump\n";
+    echo "SET NAMES 'utf8mb4';\n";
+    echo "SET foreign_key_checks = 0;\n\n";
+
+    // Get all tables
+    $tables = [];
+    $res = $mysqli->query("SHOW TABLES");
+    while ($row = $res->fetch_row()) {
         $tables[] = $row[0];
     }
 
-    $sqlScript = "";
     foreach ($tables as $table) {
+        // Table structure
+        $createRes = $mysqli->query("SHOW CREATE TABLE `$table`");
+        $createRow = $createRes->fetch_assoc();
+        $createSQL = array_values($createRow)[1];
 
-        // Prepare SQLscript for creating table structure
-        $query = "SHOW CREATE TABLE $table";
-        $result = mysqli_query($mysqli, $query);
-        $row = mysqli_fetch_row($result);
+        echo "\n-- ----------------------------\n";
+        echo "-- Table structure for `$table`\n";
+        echo "-- ----------------------------\n";
+        echo "DROP TABLE IF EXISTS `$table`;\n";
+        echo $createSQL . ";\n\n";
 
-        $sqlScript .= "\n\n" . $row[1] . ";\n\n";
+        // Table data
+        $dataRes = $mysqli->query("SELECT * FROM `$table`");
+        if ($dataRes->num_rows > 0) {
+            echo "-- Dumping data for table `$table`\n";
+            while ($row = $dataRes->fetch_assoc()) {
+                $columns = array_map(fn($col) => '`' . $mysqli->real_escape_string($col) . '`', array_keys($row));
+                $values = array_map(function ($val) use ($mysqli) {
+                    if (is_null($val)) return "NULL";
+                    return "'" . $mysqli->real_escape_string($val) . "'";
+                }, array_values($row));
 
-
-        $query = "SELECT * FROM $table";
-        $result = mysqli_query($mysqli, $query);
-
-        $columnCount = mysqli_num_fields($result);
-
-        // Prepare SQLscript for dumping data for each table
-        for ($i = 0; $i < $columnCount; $i ++) {
-            while ($row = mysqli_fetch_row($result)) {
-                $sqlScript .= "INSERT INTO $table VALUES(";
-                for ($j = 0; $j < $columnCount; $j ++) {
-
-                    if (isset($row[$j])) {
-                        $sqlScript .= '"' . $row[$j] . '"';
-                    } else {
-                        $sqlScript .= '""';
-                    }
-                    if ($j < ($columnCount - 1)) {
-                        $sqlScript .= ',';
-                    }
-                }
-                $sqlScript .= ");\n";
+                echo "INSERT INTO `$table` (" . implode(", ", $columns) . ") VALUES (" . implode(", ", $values) . ");\n";
             }
+            echo "\n";
         }
-
-        $sqlScript .= "\n";
     }
 
-    if (!empty($sqlScript)) {
-
-        $company_name = $session_company_name;
-        // Save the SQL script to a backup file
-        $backup_file_name = date('Y-m-d') . '_ITFlow_backup.sql';
-        $fileHandler = fopen($backup_file_name, 'w+');
-        $number_of_lines = fwrite($fileHandler, $sqlScript);
-        fclose($fileHandler);
-
-        // Download the SQL backup file to the browser
-        header('Content-Description: File Transfer');
-        header('Content-Type: application/octet-stream');
-        header('Content-Disposition: attachment; filename=' . basename($backup_file_name));
-        header('Content-Transfer-Encoding: binary');
-        header('Expires: 0');
-        header('Cache-Control: must-revalidate');
-        header('Pragma: public');
-        header('Content-Length: ' . filesize($backup_file_name));
-        ob_clean();
-        flush();
-        readfile($backup_file_name);
-        exec('rm ' . $backup_file_name);
-    }
-
-    // Logging
-    logAction("Database", "Download", "$session_name downloaded the database");
+    //FINAL STEP: Re-enable foreign key checks
+    echo "\nSET foreign_key_checks = 1;\n";
 
+    logAction("Database", "Download", "$session_name downloaded the database.");
     $_SESSION['alert_message'] = "Database downloaded";
+    exit;
 }
 
 if (isset($_POST['backup_master_key'])) {