51ff3226 |
1 | <?php |
2 | require ("result.inc"); |
3 | |
4 | class CLASS_DATABASE { |
5 | |
6 | /* |
7 | var $Database=""; |
8 | var $User=""; |
9 | var $Password=""; |
10 | var $Url=""; |
11 | */ |
12 | |
13 | var $Master = true; |
14 | var $_linkId = false; |
15 | var $_url = ""; |
16 | var $_user = ""; |
17 | var $_password = ""; |
18 | var $_database = ""; |
19 | var $_halt_on_error = true; |
20 | |
21 | /* |
22 | function CLASS_DATABASE ($database=DB_DATABASE,$user=DB_USER,$password=DB_PASS,$url=DB_HOST) { |
23 | $this->Database=$database; |
24 | $this->Password=$password; |
25 | $this->User=$user; |
26 | $this->Url=$url; |
27 | */ |
28 | |
29 | function CLASS_DATABASE() { |
30 | $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE); |
31 | } |
32 | |
33 | function connect($url,$user,$password,$database, $halt_on_error = true) { |
34 | global $error; |
35 | $this->_halt_on_error = $halt_on_error; |
36 | if ($this->_linkId == false) { |
37 | $this->_linkId=mysql_connect($url, $user, $password); |
38 | if ($this->_linkId == false) { |
39 | $error='chcipla databaza'; |
40 | $this->exception($error); |
41 | return false; |
42 | //die(); |
43 | }// else { |
44 | // mysql_query('set character set utf8'); |
45 | //} |
46 | $this->_url=$url; |
47 | $this->_user=$user; |
48 | $this->_password=$password; |
49 | |
50 | if ($this->_linkId == false || mysql_select_db($database, $this->_linkId) == false) { |
51 | $this->exception("1Database failed."); |
52 | return false; |
53 | die(); |
54 | } |
55 | $this->_database=$database; |
56 | } |
57 | return true; |
58 | } |
59 | |
60 | function closeMysql() { |
61 | mysql_close($this->_linkId); |
62 | } |
63 | |
64 | function query($sql) { |
65 | |
704b65a2 |
66 | $this->_linkId = false; |
67 | $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE); |
68 | $this->Master = true; |
69 | |
70 | // Simple IDS, against automats |
71 | // When possible attack is detected, |
72 | // query & session information is stored into log |
73 | // Looking for following string in SQL query: |
74 | // - "user()" (get cur. user) |
75 | // - "@@version" (get mysql version) |
76 | // - "AND 1=1" (blind sqli) (too many false positives?) |
77 | // - "information_schema" (for listing of tables, columns...) |
78 | |
79 | // - "/*" (comment) (too many false positives?) |
80 | // - "--" (comment) (too many false positives?) |
81 | |
82 | if (preg_match('/user\(\)/',$sql) || preg_match('/@@version/',$sql) |
83 | || preg_match('/information_schema/',$sql)|| preg_match('/AND 1=1/',$sql) |
84 | ) { |
85 | logger::log('SQL ALARM',$sql); |
86 | |
87 | } |
51ff3226 |
88 | |
704b65a2 |
89 | $this->_queryId = mysql_query($sql,$this->_linkId); |
51ff3226 |
90 | |
57029afa |
91 | if ((isset($_SESSION['debugging']) && $_SESSION['debugging'])) { |
704b65a2 |
92 | echo $sql; |
93 | global $timer_start; |
94 | echo "<BR>".SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7); |
95 | } |
51ff3226 |
96 | |
704b65a2 |
97 | if ($this->_queryId == false) { |
98 | $this->exception("query failed ::$sql::"); |
51ff3226 |
99 | } |
100 | |
704b65a2 |
101 | return new result($this->_queryId, $sql); |
102 | } |
103 | |
51ff3226 |
104 | |
105 | function executequery($sql) { |
106 | return($this->query($sql)); |
107 | } |
108 | |
109 | function executetransaction($queries) { |
110 | $this->executequery("set autocommit=0"); |
111 | if (is_array($queries)) { |
112 | foreach ($queries as $query) { |
113 | $this->executequery($query); |
114 | } |
115 | } |
116 | $this->executequery("commit"); |
117 | $this->executequery("set autocommit=1"); |
118 | } |
119 | |
120 | function executeupdate($sql) { |
121 | return($this->update($sql)); |
122 | } |
123 | |
124 | function update($sql) { |
125 | if (!$this->Master) { |
126 | $this->_linkId = false; |
127 | $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE); |
128 | $this->Master = true; |
129 | } |
130 | |
131 | $this->_queryId = @mysql_db_query($this->_database,$sql,$this->_linkId); |
132 | if ($this->_queryId == false) { |
133 | $this->exception("update failed."); |
134 | } |
135 | $rows=@mysql_affected_rows($this->_linkId); |
136 | return($rows); |
137 | } |
138 | |
139 | function getLastInsertId() { |
140 | return(@mysql_insert_id($this->_linkId)); |
141 | } |
142 | |
143 | function exception($errorMessage) { |
144 | |
145 | echo "<!-- "; |
146 | echo @mysql_error($this->_linkId)," (",@mysql_errno($this->_linkId),")"; |
147 | echo "-->"; |
148 | |
149 | if ($this->_halt_on_error) { |
150 | die("<pre>".$errorMessage."</pre>"); |
151 | } else { |
152 | echo $errorMessage."<br>"; |
153 | return false; |
154 | } |
155 | } |
156 | } |
157 | ?> |