usky-website/web/phpMyAdmin/libraries/classes/Tracking.php

<?php
/**
 * Functions used for database and table tracking
 */

declare(strict_types=1);

namespace PhpMyAdmin;

use PhpMyAdmin\Html\Generator;
use const SORT_ASC;
use function array_key_exists;
use function array_merge;
use function array_multisort;
use function count;
use function date;
use function htmlspecialchars;
use function in_array;
use function ini_set;
use function intval;
use function is_array;
use function is_object;
use function mb_strstr;
use function preg_replace;
use function rtrim;
use function sprintf;
use function strlen;
use function strtotime;

/**
 * PhpMyAdmin\Tracking class
 */
class Tracking
{
    /** @var SqlQueryForm */
    private $sqlQueryForm;

    /** @var Template */
    public $template;

    /** @var Relation */
    protected $relation;

    /**
     * @param SqlQueryForm $sqlQueryForm SqlQueryForm instance
     * @param Template     $template     Template instance
     * @param Relation     $relation     Relation instance
     */
    public function __construct(SqlQueryForm $sqlQueryForm, Template $template, Relation $relation)
    {
        $this->sqlQueryForm = $sqlQueryForm;
        $this->template = $template;
        $this->relation = $relation;
    }

    /**
     * Filters tracking entries
     *
     * @param array  $data           the entries to filter
     * @param string $filter_ts_from "from" date
     * @param string $filter_ts_to   "to" date
     * @param array  $filter_users   users
     *
     * @return array filtered entries
     */
    public function filter(
        array $data,
        $filter_ts_from,
        $filter_ts_to,
        array $filter_users
    ): array {
        $tmp_entries = [];
        $id = 0;
        foreach ($data as $entry) {
            $timestamp = strtotime($entry['date']);
            $filtered_user = in_array($entry['username'], $filter_users);
            if ($timestamp >= $filter_ts_from
                && $timestamp <= $filter_ts_to
                && (in_array('*', $filter_users) || $filtered_user)
            ) {
                $tmp_entries[] = [
                    'id'        => $id,
                    'timestamp' => $timestamp,
                    'username'  => $entry['username'],
                    'statement' => $entry['statement'],
                ];
            }
            $id++;
        }

        return $tmp_entries;
    }

    /**
     * Function to get the list versions of the table
     *
     * @return object|false
     */
    public function getListOfVersionsOfTable()
    {
        global $dbi, $db, $table;

        $cfgRelation = $this->relation->getRelationsParam();
        $query = sprintf(
            'SELECT * FROM %s.%s WHERE db_name = \'%s\' AND table_name = \'%s\' ORDER BY version DESC',
            Util::backquote($cfgRelation['db']),
            Util::backquote($cfgRelation['tracking']),
            $dbi->escapeString($db),
            $dbi->escapeString($table)
        );

        return $dbi->query($query, DatabaseInterface::CONNECT_CONTROL, 0, false);
    }

    /**
     * Function to get html for main page parts that do not use $_REQUEST
     *
     * @param array  $urlParams      url parameters
     * @param string $themeImagePath path to theme's image folder
     * @param string $textDir        text direction
     * @param int    $lastVersion    last tracking version
     *
     * @return string
     */
    public function getHtmlForMainPage(
        $urlParams,
        $themeImagePath,
        $textDir,
        $lastVersion = null
    ) {
        global $dbi;

        $selectableTablesSqlResult = $this->getSqlResultForSelectableTables();
        $selectableTablesEntries = [];
        while ($entry = $dbi->fetchArray($selectableTablesSqlResult)) {
            $entry['is_tracked'] = Tracker::isTracked(
                $entry['db_name'],
                $entry['table_name']
            );
            $selectableTablesEntries[] = $entry;
        }
        $selectableTablesNumRows = $dbi->numRows($selectableTablesSqlResult);

        $versionSqlResult = $this->getListOfVersionsOfTable();
        if ($lastVersion === null && $versionSqlResult !== false) {
            $lastVersion = $this->getTableLastVersionNumber($versionSqlResult);
        }
        $dbi->dataSeek($versionSqlResult, 0);
        $versions = [];
        while ($version = $dbi->fetchArray($versionSqlResult)) {
            $versions[] = $version;
        }

        $type = $dbi->getTable($GLOBALS['db'], $GLOBALS['table'])
           ->isView() ? 'view' : 'table';

        return $this->template->render('table/tracking/main', [
            'url_params' => $urlParams,
            'db' => $GLOBALS['db'],
            'table' => $GLOBALS['table'],
            'selectable_tables_num_rows' => $selectableTablesNumRows,
            'selectable_tables_entries' => $selectableTablesEntries,
            'selected_table' => $_POST['table'] ?? null,
            'last_version' => $lastVersion,
            'versions' => $versions,
            'type' => $type,
            'default_statements' => $GLOBALS['cfg']['Server']['tracking_default_statements'],
            'theme_image_path' => $themeImagePath,
            'text_dir' => $textDir,
        ]);
    }

    /**
     * Function to get the last version number of a table
     *
     * @param object $sql_result sql result
     *
     * @return int
     */
    public function getTableLastVersionNumber($sql_result)
    {
        global $dbi;

        $maxversion = $dbi->fetchArray($sql_result);

        return intval(is_array($maxversion) ? $maxversion['version'] : null);
    }

    /**
     * Function to get sql results for selectable tables
     *
     * @return mixed
     */
    public function getSqlResultForSelectableTables()
    {
        global $dbi;

        $relation = $this->relation;
        $cfgRelation = $relation->getRelationsParam();

        $sql_query = ' SELECT DISTINCT db_name, table_name FROM ' .
            Util::backquote($cfgRelation['db']) . '.' .
            Util::backquote($cfgRelation['tracking']) .
            " WHERE db_name = '" . $dbi->escapeString($GLOBALS['db']) .
            "' " .
            ' ORDER BY db_name, table_name';

        return $relation->queryAsControlUser($sql_query);
    }

    /**
     * Function to get html for tracking report and tracking report export
     *
     * @param array $data             data
     * @param array $url_params       url params
     * @param bool  $selection_schema selection schema
     * @param bool  $selection_data   selection data
     * @param bool  $selection_both   selection both
     * @param int   $filter_ts_to     filter time stamp from
     * @param int   $filter_ts_from   filter time stamp tp
     * @param array $filter_users     filter users
     *
     * @return string
     */
    public function getHtmlForTrackingReport(
        array $data,
        array $url_params,
        $selection_schema,
        $selection_data,
        $selection_both,
        $filter_ts_to,
        $filter_ts_from,
        array $filter_users
    ) {
        $html = '<h3>' . __('Tracking report')
            . '  [<a href="' . Url::getFromRoute('/table/tracking', $url_params) . '">' . __('Close')
            . '</a>]</h3>';

        $html .= '<small>' . __('Tracking statements') . ' '
            . htmlspecialchars($data['tracking']) . '</small><br>';
        $html .= '<br>';

        [$str1, $str2, $str3, $str4, $str5] = $this->getHtmlForElementsOfTrackingReport(
            $selection_schema,
            $selection_data,
            $selection_both
        );

        // Prepare delete link content here
        $drop_image_or_text = '';
        if (Util::showIcons('ActionLinksMode')) {
            $drop_image_or_text .= Generator::getImage(
                'b_drop',
                __('Delete tracking data row from report')
            );
        }
        if (Util::showText('ActionLinksMode')) {
            $drop_image_or_text .= __('Delete');
        }

        /*
         *  First, list tracked data definition statements
         */
        if (count($data['ddlog']) == 0 && count($data['dmlog']) === 0) {
            $msg = Message::notice(__('No data'));
            echo $msg->getDisplay();
        }

        $html .= $this->getHtmlForTrackingReportExportForm1(
            $data,
            $url_params,
            $selection_schema,
            $selection_data,
            $selection_both,
            $filter_ts_to,
            $filter_ts_from,
            $filter_users,
            $str1,
            $str2,
            $str3,
            $str4,
            $str5,
            $drop_image_or_text
        );

        $html .= $this->getHtmlForTrackingReportExportForm2(
            $url_params,
            $str1,
            $str2,
            $str3,
            $str4,
            $str5
        );

        $html .= "<br><br><hr><br>\n";

        return $html;
    }

    /**
     * Generate HTML element for report form
     *
     * @param bool $selection_schema selection schema
     * @param bool $selection_data   selection data
     * @param bool $selection_both   selection both
     *
     * @return array
     */
    public function getHtmlForElementsOfTrackingReport(
        $selection_schema,
        $selection_data,
        $selection_both
    ) {
        $str1 = '<select name="logtype">'
            . '<option value="schema"'
            . ($selection_schema ? ' selected="selected"' : '') . '>'
            . __('Structure only') . '</option>'
            . '<option value="data"'
            . ($selection_data ? ' selected="selected"' : '') . '>'
            . __('Data only') . '</option>'
            . '<option value="schema_and_data"'
            . ($selection_both ? ' selected="selected"' : '') . '>'
            . __('Structure and data') . '</option>'
            . '</select>';
        $str2 = '<input type="text" name="date_from" value="'
            . htmlspecialchars($_POST['date_from']) . '" size="19">';
        $str3 = '<input type="text" name="date_to" value="'
            . htmlspecialchars($_POST['date_to']) . '" size="19">';
        $str4 = '<input type="text" name="users" value="'
            . htmlspecialchars($_POST['users']) . '">';
        $str5 = '<input type="hidden" name="list_report" value="1">'
            . '<input class="btn btn-primary" type="submit" value="' . __('Go') . '">';

        return [
            $str1,
            $str2,
            $str3,
            $str4,
            $str5,
        ];
    }

    /**
     * Generate HTML for export form
     *
     * @param array  $data               data
     * @param array  $url_params         url params
     * @param bool   $selection_schema   selection schema
     * @param bool   $selection_data     selection data
     * @param bool   $selection_both     selection both
     * @param int    $filter_ts_to       filter time stamp from
     * @param int    $filter_ts_from     filter time stamp tp
     * @param array  $filter_users       filter users
     * @param string $str1               HTML for logtype select
     * @param string $str2               HTML for "from date"
     * @param string $str3               HTML for "to date"
     * @param string $str4               HTML for user
     * @param string $str5               HTML for "list report"
     * @param string $drop_image_or_text HTML for image or text
     *
     * @return string HTML for form
     */
    public function getHtmlForTrackingReportExportForm1(
        array $data,
        array $url_params,
        $selection_schema,
        $selection_data,
        $selection_both,
        $filter_ts_to,
        $filter_ts_from,
        array $filter_users,
        $str1,
        $str2,
        $str3,
        $str4,
        $str5,
        $drop_image_or_text
    ) {
        $ddlog_count = 0;

        $html = '<form method="post" action="' . Url::getFromRoute('/table/tracking') . '">';
        $html .= Url::getHiddenInputs($url_params + [
            'report' => 'true',
            'version' => $_POST['version'],
        ]);

        $html .= sprintf(
            __('Show %1$s with dates from %2$s to %3$s by user %4$s %5$s'),
            $str1,
            $str2,
            $str3,
            $str4,
            $str5
        );

        if ($selection_schema || $selection_both && count($data['ddlog']) > 0) {
            [$temp, $ddlog_count] = $this->getHtmlForDataDefinitionStatements(
                $data,
                $filter_users,
                $filter_ts_from,
                $filter_ts_to,
                $url_params,
                $drop_image_or_text
            );
            $html .= $temp;
            unset($temp);
        }

        /*
         *  Secondly, list tracked data manipulation statements
         */
        if (($selection_data || $selection_both) && count($data['dmlog']) > 0) {
            $html .= $this->getHtmlForDataManipulationStatements(
                $data,
                $filter_users,
                $filter_ts_from,
                $filter_ts_to,
                $url_params,
                $ddlog_count,
                $drop_image_or_text
            );
        }
        $html .= '</form>';

        return $html;
    }

    /**
     * Generate HTML for export form
     *
     * @param array  $url_params Parameters
     * @param string $str1       HTML for logtype select
     * @param string $str2       HTML for "from date"
     * @param string $str3       HTML for "to date"
     * @param string $str4       HTML for user
     * @param string $str5       HTML for "list report"
     *
     * @return string HTML for form
     */
    public function getHtmlForTrackingReportExportForm2(
        array $url_params,
        $str1,
        $str2,
        $str3,
        $str4,
        $str5
    ) {
        $html = '<form method="post" action="' . Url::getFromRoute('/table/tracking') . '">';
        $html .= Url::getHiddenInputs($url_params + [
            'report' => 'true',
            'version' => $_POST['version'],
        ]);

        $html .= sprintf(
            __('Show %1$s with dates from %2$s to %3$s by user %4$s %5$s'),
            $str1,
            $str2,
            $str3,
            $str4,
            $str5
        );
        $html .= '</form>';

        $html .= '<form class="disableAjax" method="post" action="' . Url::getFromRoute('/table/tracking') . '">';
        $html .= Url::getHiddenInputs($url_params + [
            'report' => 'true',
            'version' => $_POST['version'],
            'logtype' => $_POST['logtype'],
            'date_from' => $_POST['date_from'],
            'date_to' => $_POST['date_to'],
            'users' => $_POST['users'],
            'report_export' => 'true',
        ]);

        $str_export1 = '<select name="export_type">'
            . '<option value="sqldumpfile">' . __('SQL dump (file download)')
            . '</option>'
            . '<option value="sqldump">' . __('SQL dump') . '</option>'
            . '<option value="execution" onclick="alert(\''
            . Sanitize::escapeJsString(
                __('This option will replace your table and contained data.')
            )
            . '\')">' . __('SQL execution') . '</option></select>';

        $str_export2 = '<input class="btn btn-primary" type="submit" value="' . __('Go') . '">';

        $html .= '<br>' . sprintf(__('Export as %s'), $str_export1)
            . $str_export2 . '<br>';
        $html .= '</form>';

        return $html;
    }

    /**
     * Function to get html for data manipulation statements
     *
     * @param array  $data               data
     * @param array  $filter_users       filter users
     * @param int    $filter_ts_from     filter time staml from
     * @param int    $filter_ts_to       filter time stamp to
     * @param array  $url_params         url parameters
     * @param int    $ddlog_count        data definition log count
     * @param string $drop_image_or_text drop image or text
     *
     * @return string
     */
    public function getHtmlForDataManipulationStatements(
        array $data,
        array $filter_users,
        $filter_ts_from,
        $filter_ts_to,
        array $url_params,
        $ddlog_count,
        $drop_image_or_text
    ) {
        // no need for the second returned parameter
        [$html] = $this->getHtmlForDataStatements(
            $data,
            $filter_users,
            $filter_ts_from,
            $filter_ts_to,
            $url_params,
            $drop_image_or_text,
            'dmlog',
            __('Data manipulation statement'),
            $ddlog_count,
            'dml_versions'
        );

        return $html;
    }

    /**
     * Function to get html for data definition statements in schema snapshot
     *
     * @param array  $data               data
     * @param array  $filter_users       filter users
     * @param int    $filter_ts_from     filter time stamp from
     * @param int    $filter_ts_to       filter time stamp to
     * @param array  $url_params         url parameters
     * @param string $drop_image_or_text drop image or text
     *
     * @return array
     */
    public function getHtmlForDataDefinitionStatements(
        array $data,
        array $filter_users,
        $filter_ts_from,
        $filter_ts_to,
        array $url_params,
        $drop_image_or_text
    ) {
        [$html, $line_number] = $this->getHtmlForDataStatements(
            $data,
            $filter_users,
            $filter_ts_from,
            $filter_ts_to,
            $url_params,
            $drop_image_or_text,
            'ddlog',
            __('Data definition statement'),
            1,
            'ddl_versions'
        );

        return [
            $html,
            $line_number,
        ];
    }

    /**
     * Function to get html for data statements in schema snapshot
     *
     * @param array  $data            data
     * @param array  $filterUsers     filter users
     * @param int    $filterTsFrom    filter time stamp from
     * @param int    $filterTsTo      filter time stamp to
     * @param array  $urlParams       url parameters
     * @param string $dropImageOrText drop image or text
     * @param string $whichLog        dmlog|ddlog
     * @param string $headerMessage   message for this section
     * @param int    $lineNumber      line number
     * @param string $tableId         id for the table element
     *
     * @return array [$html, $lineNumber]
     */
    private function getHtmlForDataStatements(
        array $data,
        array $filterUsers,
        $filterTsFrom,
        $filterTsTo,
        array $urlParams,
        $dropImageOrText,
        $whichLog,
        $headerMessage,
        $lineNumber,
        $tableId
    ) {
        $offset = $lineNumber;
        $entries = [];
        foreach ($data[$whichLog] as $entry) {
            $timestamp = strtotime($entry['date']);
            if ($timestamp >= $filterTsFrom
                && $timestamp <= $filterTsTo
                && (in_array('*', $filterUsers)
                || in_array($entry['username'], $filterUsers))
            ) {
                $entry['formated_statement'] = Generator::formatSql($entry['statement'], true);
                $deleteParam = 'delete_' . $whichLog;
                $entry['url_params'] = Url::getCommon($urlParams + [
                    'report' => 'true',
                    'version' => $_POST['version'],
                    $deleteParam => $lineNumber - $offset,
                ], '');
                $entry['line_number'] = $lineNumber;
                $entries[] = $entry;
            }
            $lineNumber++;
        }

        $html = $this->template->render('table/tracking/report_table', [
            'table_id' => $tableId,
            'header_message' => $headerMessage,
            'entries' => $entries,
            'drop_image_or_text' => $dropImageOrText,
        ]);

        return [
            $html,
            $lineNumber,
        ];
    }

    /**
     * Function to get html for schema snapshot
     *
     * @param array $params url parameters
     */
    public function getHtmlForSchemaSnapshot(array $params): string
    {
        $html = '<h3>' . __('Structure snapshot')
            . '  [<a href="' . Url::getFromRoute('/table/tracking', $params) . '">' . __('Close')
            . '</a>]</h3>';
        $data = Tracker::getTrackedData(
            $_POST['db'],
            $_POST['table'],
            $_POST['version']
        );

        // Get first DROP TABLE/VIEW and CREATE TABLE/VIEW statements
        $drop_create_statements = $data['ddlog'][0]['statement'];

        if (mb_strstr($data['ddlog'][0]['statement'], 'DROP TABLE')
            || mb_strstr($data['ddlog'][0]['statement'], 'DROP VIEW')
        ) {
            $drop_create_statements .= $data['ddlog'][1]['statement'];
        }
        // Print SQL code
        $html .= Generator::getMessage(
            sprintf(
                __('Version %s snapshot (SQL code)'),
                htmlspecialchars($_POST['version'])
            ),
            $drop_create_statements
        );

        // Unserialize snapshot
        $temp = Core::safeUnserialize($data['schema_snapshot']);
        if ($temp === null) {
            $temp = [
                'COLUMNS' => [],
                'INDEXES' => [],
            ];
        }
        $columns = $temp['COLUMNS'];
        $indexes = $temp['INDEXES'];
        $html .= $this->getHtmlForColumns($columns);

        if (count($indexes) > 0) {
            $html .= $this->getHtmlForIndexes($indexes);
        }
        $html .= '<br><hr><br>';

        return $html;
    }

    /**
     * Function to get html for displaying columns in the schema snapshot
     *
     * @param array $columns columns
     *
     * @return string
     */
    public function getHtmlForColumns(array $columns)
    {
        return $this->template->render('table/tracking/structure_snapshot_columns', ['columns' => $columns]);
    }

    /**
     * Function to get html for the indexes in schema snapshot
     *
     * @param array $indexes indexes
     *
     * @return string
     */
    public function getHtmlForIndexes(array $indexes)
    {
        return $this->template->render('table/tracking/structure_snapshot_indexes', ['indexes' => $indexes]);
    }

    /**
     * Function to handle the tracking report
     *
     * @param array $data tracked data
     *
     * @return string HTML for the message
     */
    public function deleteTrackingReportRows(array &$data)
    {
        $html = '';
        if (isset($_POST['delete_ddlog'])) {
            // Delete ddlog row data
            $html .= $this->deleteFromTrackingReportLog(
                $data,
                'ddlog',
                'DDL',
                __('Tracking data definition successfully deleted')
            );
        }

        if (isset($_POST['delete_dmlog'])) {
            // Delete dmlog row data
            $html .= $this->deleteFromTrackingReportLog(
                $data,
                'dmlog',
                'DML',
                __('Tracking data manipulation successfully deleted')
            );
        }

        return $html;
    }

    /**
     * Function to delete from a tracking report log
     *
     * @param array  $data      tracked data
     * @param string $which_log ddlog|dmlog
     * @param string $type      DDL|DML
     * @param string $message   success message
     *
     * @return string HTML for the message
     */
    public function deleteFromTrackingReportLog(array &$data, $which_log, $type, $message)
    {
        $html = '';
        $delete_id = $_POST['delete_' . $which_log];

        // Only in case of valid id
        if ($delete_id == (int) $delete_id) {
            unset($data[$which_log][$delete_id]);

            $successfullyDeleted = Tracker::changeTrackingData(
                $GLOBALS['db'],
                $GLOBALS['table'],
                $_POST['version'],
                $type,
                $data[$which_log]
            );
            if ($successfullyDeleted) {
                $msg = Message::success($message);
            } else {
                $msg = Message::rawError(__('Query error'));
            }
            $html .= $msg->getDisplay();
        }

        return $html;
    }

    /**
     * Function to export as sql dump
     *
     * @param array $entries entries
     *
     * @return string HTML SQL query form
     */
    public function exportAsSqlDump(array $entries)
    {
        $html = '';
        $new_query = '# '
            . __(
                'You can execute the dump by creating and using a temporary database. '
                . 'Please ensure that you have the privileges to do so.'
            )
            . "\n"
            . '# ' . __('Comment out these two lines if you do not need them.') . "\n"
            . "\n"
            . "CREATE database IF NOT EXISTS pma_temp_db; \n"
            . "USE pma_temp_db; \n"
            . "\n";

        foreach ($entries as $entry) {
            $new_query .= $entry['statement'];
        }
        $msg = Message::success(
            __('SQL statements exported. Please copy the dump or execute it.')
        );
        $html .= $msg->getDisplay();

        $db_temp = $GLOBALS['db'];
        $table_temp = $GLOBALS['table'];

        $GLOBALS['db'] = $GLOBALS['table'] = '';

        $html .= $this->sqlQueryForm->getHtml($new_query, 'sql');

        $GLOBALS['db'] = $db_temp;
        $GLOBALS['table'] = $table_temp;

        return $html;
    }

    /**
     * Function to export as sql execution
     *
     * @param array $entries entries
     *
     * @return array
     */
    public function exportAsSqlExecution(array $entries)
    {
        global $dbi;

        $sql_result = [];
        foreach ($entries as $entry) {
            $sql_result = $dbi->query("/*NOTRACK*/\n" . $entry['statement']);
        }

        return $sql_result;
    }

    /**
     * Function to export as entries
     *
     * @param array $entries entries
     *
     * @return void
     */
    public function exportAsFileDownload(array $entries)
    {
        ini_set('url_rewriter.tags', '');

        // Replace all multiple whitespaces by a single space
        $table = htmlspecialchars(preg_replace('/\s+/', ' ', $_POST['table']));
        $dump = '# ' . sprintf(
            __('Tracking report for table `%s`'),
            $table
        )
        . "\n" . '# ' . date('Y-m-d H:i:s') . "\n";
        foreach ($entries as $entry) {
            $dump .= $entry['statement'];
        }
        $filename = 'log_' . $table . '.sql';
        Response::getInstance()->disable();
        Core::downloadHeader(
            $filename,
            'text/x-sql',
            strlen($dump)
        );
        echo $dump;

        exit;
    }

    /**
     * Function to activate or deactivate tracking
     *
     * @param string $action activate|deactivate
     *
     * @return string HTML for the success message
     */
    public function changeTracking($action)
    {
        $html = '';
        if ($action === 'activate') {
            $method = 'activateTracking';
            $message = __('Tracking for %1$s was activated at version %2$s.');
        } else {
            $method = 'deactivateTracking';
            $message = __('Tracking for %1$s was deactivated at version %2$s.');
        }
        $status = Tracker::$method(
            $GLOBALS['db'],
            $GLOBALS['table'],
            $_POST['version']
        );
        if ($status) {
            $msg = Message::success(
                sprintf(
                    $message,
                    htmlspecialchars($GLOBALS['db'] . '.' . $GLOBALS['table']),
                    htmlspecialchars($_POST['version'])
                )
            );
            $html .= $msg->getDisplay();
        }

        return $html;
    }

    /**
     * Function to get tracking set
     *
     * @return string
     */
    public function getTrackingSet()
    {
        $tracking_set = '';

        // a key is absent from the request if it has been removed from
        // tracking_default_statements in the config
        if (isset($_POST['alter_table']) && $_POST['alter_table'] == true) {
            $tracking_set .= 'ALTER TABLE,';
        }
        if (isset($_POST['rename_table']) && $_POST['rename_table'] == true) {
            $tracking_set .= 'RENAME TABLE,';
        }
        if (isset($_POST['create_table']) && $_POST['create_table'] == true) {
            $tracking_set .= 'CREATE TABLE,';
        }
        if (isset($_POST['drop_table']) && $_POST['drop_table'] == true) {
            $tracking_set .= 'DROP TABLE,';
        }
        if (isset($_POST['alter_view']) && $_POST['alter_view'] == true) {
            $tracking_set .= 'ALTER VIEW,';
        }
        if (isset($_POST['create_view']) && $_POST['create_view'] == true) {
            $tracking_set .= 'CREATE VIEW,';
        }
        if (isset($_POST['drop_view']) && $_POST['drop_view'] == true) {
            $tracking_set .= 'DROP VIEW,';
        }
        if (isset($_POST['create_index']) && $_POST['create_index'] == true) {
            $tracking_set .= 'CREATE INDEX,';
        }
        if (isset($_POST['drop_index']) && $_POST['drop_index'] == true) {
            $tracking_set .= 'DROP INDEX,';
        }
        if (isset($_POST['insert']) && $_POST['insert'] == true) {
            $tracking_set .= 'INSERT,';
        }
        if (isset($_POST['update']) && $_POST['update'] == true) {
            $tracking_set .= 'UPDATE,';
        }
        if (isset($_POST['delete']) && $_POST['delete'] == true) {
            $tracking_set .= 'DELETE,';
        }
        if (isset($_POST['truncate']) && $_POST['truncate'] == true) {
            $tracking_set .= 'TRUNCATE,';
        }
        $tracking_set = rtrim($tracking_set, ',');

        return $tracking_set;
    }

    /**
     * Deletes a tracking version
     *
     * @param string $version tracking version
     *
     * @return string HTML of the success message
     */
    public function deleteTrackingVersion($version)
    {
        $html = '';
        $versionDeleted = Tracker::deleteTracking(
            $GLOBALS['db'],
            $GLOBALS['table'],
            $version
        );
        if ($versionDeleted) {
            $msg = Message::success(
                sprintf(
                    __('Version %1$s of %2$s was deleted.'),
                    htmlspecialchars($version),
                    htmlspecialchars($GLOBALS['db'] . '.' . $GLOBALS['table'])
                )
            );
            $html .= $msg->getDisplay();
        }

        return $html;
    }

    /**
     * Function to create the tracking version
     *
     * @return string HTML of the success message
     */
    public function createTrackingVersion()
    {
        global $dbi;

        $html = '';
        $tracking_set = $this->getTrackingSet();

        $versionCreated = Tracker::createVersion(
            $GLOBALS['db'],
            $GLOBALS['table'],
            $_POST['version'],
            $tracking_set,
            $dbi->getTable($GLOBALS['db'], $GLOBALS['table'])->isView()
        );
        if ($versionCreated) {
            $msg = Message::success(
                sprintf(
                    __('Version %1$s was created, tracking for %2$s is active.'),
                    htmlspecialchars($_POST['version']),
                    htmlspecialchars($GLOBALS['db'] . '.' . $GLOBALS['table'])
                )
            );
            $html .= $msg->getDisplay();
        }

        return $html;
    }

    /**
     * Create tracking version for multiple tables
     *
     * @param array $selected list of selected tables
     *
     * @return void
     */
    public function createTrackingForMultipleTables(array $selected)
    {
        global $dbi;

        $tracking_set = $this->getTrackingSet();

        foreach ($selected as $selected_table) {
            Tracker::createVersion(
                $GLOBALS['db'],
                $selected_table,
                $_POST['version'],
                $tracking_set,
                $dbi->getTable($GLOBALS['db'], $selected_table)->isView()
            );
        }
    }

    /**
     * Function to get the entries
     *
     * @param array $data           data
     * @param int   $filter_ts_from filter time stamp from
     * @param int   $filter_ts_to   filter time stamp to
     * @param array $filter_users   filter users
     *
     * @return array
     */
    public function getEntries(array $data, $filter_ts_from, $filter_ts_to, array $filter_users)
    {
        $entries = [];
        // Filtering data definition statements
        if ($_POST['logtype'] === 'schema'
            || $_POST['logtype'] === 'schema_and_data'
        ) {
            $entries = array_merge(
                $entries,
                $this->filter(
                    $data['ddlog'],
                    $filter_ts_from,
                    $filter_ts_to,
                    $filter_users
                )
            );
        }

        // Filtering data manipulation statements
        if ($_POST['logtype'] === 'data'
            || $_POST['logtype'] === 'schema_and_data'
        ) {
            $entries = array_merge(
                $entries,
                $this->filter(
                    $data['dmlog'],
                    $filter_ts_from,
                    $filter_ts_to,
                    $filter_users
                )
            );
        }

        // Sort it
        $ids = $timestamps = $usernames = $statements = [];
        foreach ($entries as $key => $row) {
            $ids[$key]        = $row['id'];
            $timestamps[$key] = $row['timestamp'];
            $usernames[$key]  = $row['username'];
            $statements[$key] = $row['statement'];
        }

        array_multisort(
            $timestamps,
            SORT_ASC,
            $ids,
            SORT_ASC,
            $usernames,
            SORT_ASC,
            $statements,
            SORT_ASC,
            $entries
        );

        return $entries;
    }

    /**
     * Get HTML for tracked and untracked tables
     *
     * @param string $db             current database
     * @param array  $urlParams      url parameters
     * @param string $themeImagePath path to theme's image folder
     * @param string $textDir        text direction
     *
     * @return string HTML
     */
    public function getHtmlForDbTrackingTables(
        string $db,
        array $urlParams,
        string $themeImagePath,
        string $textDir
    ) {
        global $dbi;

        $relation = $this->relation;
        $cfgRelation = $relation->getRelationsParam();

        // Prepare statement to get HEAD version
        $allTablesQuery = ' SELECT table_name, MAX(version) as version FROM ' .
            Util::backquote($cfgRelation['db']) . '.' .
            Util::backquote($cfgRelation['tracking']) .
            ' WHERE db_name = \'' . $dbi->escapeString($db) .
            '\' ' .
            ' GROUP BY table_name' .
            ' ORDER BY table_name ASC';

        $allTablesResult = $relation->queryAsControlUser($allTablesQuery);
        $untrackedTables = $this->getUntrackedTables($db);

        // If a HEAD version exists
        $versions = [];
        $headVersionExists = is_object($allTablesResult)
            && $dbi->numRows($allTablesResult) > 0;
        if ($headVersionExists) {
            while ($oneResult = $dbi->fetchArray($allTablesResult)) {
                [$tableName, $versionNumber] = $oneResult;
                $tableQuery = ' SELECT * FROM ' .
                     Util::backquote($cfgRelation['db']) . '.' .
                     Util::backquote($cfgRelation['tracking']) .
                     ' WHERE `db_name` = \''
                     . $dbi->escapeString($db)
                     . '\' AND `table_name`  = \''
                     . $dbi->escapeString($tableName)
                     . '\' AND `version` = \'' . $versionNumber . '\'';

                $tableResult = $relation->queryAsControlUser($tableQuery);
                $versions[] = $dbi->fetchArray($tableResult);
            }
        }

        return $this->template->render('database/tracking/tables', [
            'db' => $db,
            'head_version_exists' => $headVersionExists,
            'untracked_tables_exists' => count($untrackedTables) > 0,
            'versions' => $versions,
            'url_params' => $urlParams,
            'text_dir' => $textDir,
            'untracked_tables' => $untrackedTables,
            'theme_image_path' => $themeImagePath,
        ]);
    }

    /**
     * Helper function: Recursive function for getting table names from $table_list
     *
     * @param array  $table_list Table list
     * @param string $db         Current database
     * @param bool   $testing    Testing
     *
     * @return array
     */
    public function extractTableNames(array $table_list, $db, $testing = false)
    {
        $untracked_tables = [];
        $sep = $GLOBALS['cfg']['NavigationTreeTableSeparator'];

        foreach ($table_list as $key => $value) {
            if (is_array($value) && array_key_exists('is' . $sep . 'group', $value)
                && $value['is' . $sep . 'group']
            ) {
                // Recursion step
                $untracked_tables = array_merge($this->extractTableNames($value, $db, $testing), $untracked_tables);
            } else {
                if (is_array($value) && ($testing || Tracker::getVersion($db, $value['Name']) == -1)) {
                    $untracked_tables[] = $value['Name'];
                }
            }
        }

        return $untracked_tables;
    }

    /**
     * Get untracked tables
     *
     * @param string $db current database
     *
     * @return array
     */
    public function getUntrackedTables($db)
    {
        $table_list = Util::getTableList($db);

        //Use helper function to get table list recursively.
        return $this->extractTableNames($table_list, $db);
    }
}