[mirrors/Kyberia-bloodline.git] / wwwroot / inc / database.inc

<?php
require ("result.inc");

class CLASS_DATABASE {

/*
var $Database="";
var $User="";
var $Password="";
var $Url="";
*/

var $Master = true;
var $_linkId = false;
var $_url = "";
var $_user = "";
var $_password = "";
var $_database = "";
var $_halt_on_error = true;

/*
function CLASS_DATABASE ($database=DB_DATABASE,$user=DB_USER,$password=DB_PASS,$url=DB_HOST) {
	$this->Database=$database;
	$this->Password=$password;
	$this->User=$user;
	$this->Url=$url;
*/

function CLASS_DATABASE() {
	$this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
}

function connect($url,$user,$password,$database, $halt_on_error = true) {
		global $error;
		$this->_halt_on_error = $halt_on_error;
		if ($this->_linkId == false) {
			$this->_linkId=mysql_connect($url, $user, $password);
			if ($this->_linkId == false) {
				$error='chcipla databaza';
				$this->exception($error);
				return false;
				//die();
			}// else {
		 	 //	mysql_query('set character set utf8');
			 //}
			$this->_url=$url;
			$this->_user=$user;
			$this->_password=$password;

			if ($this->_linkId == false || mysql_select_db($database, $this->_linkId) == false) {
				$this->exception("1Database failed.");
				return false;
				die();
			}
			$this->_database=$database;
		}
		return true;
}

function closeMysql() {
	mysql_close($this->_linkId);
}

function query($sql) {

	$this->_linkId = false;
	$this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
	$this->Master = true;

	// Simple IDS, against automats
	// When possible attack is detected, 
	// query & session information is stored into log
	// Looking for following string in SQL query:
	// - "user()" (get cur. user)
	// - "@@version" (get mysql version)
	// - "AND 1=1" (blind sqli) (too many false positives?)
	// - "information_schema" (for listing of tables, columns...)

	// - "/*" (comment) (too many false positives?)
	// - "--" (comment) (too many false positives?)

	if (preg_match('/user\(\)/',$sql) || preg_match('/@@version/',$sql)
	|| preg_match('/information_schema/',$sql)|| preg_match('/AND 1=1/',$sql)
	) {
		logger::log('SQL ALARM',$sql);
		
	}

	$this->_queryId = mysql_query($sql,$this->_linkId);

	if ((isset($_SESSION['debugging']) && $_SESSION['debugging'])) {
		echo $sql;
		global $timer_start;
		echo "<BR>".SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
	}

	if ($this->_queryId == false) {
      		$this->exception("query failed ::$sql::");
	}

	return new result($this->_queryId, $sql);
}


function executequery($sql) {
	return($this->query($sql));
}

function executetransaction($queries) {
	$this->executequery("set autocommit=0");
	if (is_array($queries)) {
		foreach ($queries as $query) {
			$this->executequery($query);
		}
	}
	$this->executequery("commit");
	$this->executequery("set autocommit=1");
}

function executeupdate($sql) {
	return($this->update($sql));
}

function update($sql) {
	if (!$this->Master) {
		$this->_linkId = false;
		$this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
                $this->Master = true;
	}

	$this->_queryId = @mysql_db_query($this->_database,$sql,$this->_linkId);
		if ($this->_queryId == false) {
			$this->exception("update failed.");
		}
		$rows=@mysql_affected_rows($this->_linkId);
		return($rows);
}

function getLastInsertId() {
		return(@mysql_insert_id($this->_linkId));
}

function exception($errorMessage) {

	echo "<!-- ";
	echo @mysql_error($this->_linkId)," (",@mysql_errno($this->_linkId),")";
	echo "-->";

	if ($this->_halt_on_error) {
		die("<pre>".$errorMessage."</pre>");
		} else {
			echo $errorMessage."<br>";
			return false;
		}
	}
}
?>
Commit	Line	Data
51ff3226	1	<?php
	2	require ("result.inc");
	3
	4	class CLASS_DATABASE {
	5
	6	/*
	7	var $Database="";
	8	var $User="";
	9	var $Password="";
	10	var $Url="";
	11	*/
	12
	13	var $Master = true;
	14	var $_linkId = false;
	15	var $_url = "";
	16	var $_user = "";
	17	var $_password = "";
	18	var $_database = "";
	19	var $_halt_on_error = true;
	20
	21	/*
	22	function CLASS_DATABASE ($database=DB_DATABASE,$user=DB_USER,$password=DB_PASS,$url=DB_HOST) {
	23	$this->Database=$database;
	24	$this->Password=$password;
	25	$this->User=$user;
	26	$this->Url=$url;
	27	*/
	28
	29	function CLASS_DATABASE() {
	30	$this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
	31	}
	32
	33	function connect($url,$user,$password,$database, $halt_on_error = true) {
	34	global $error;
	35	$this->_halt_on_error = $halt_on_error;
	36	if ($this->_linkId == false) {
	37	$this->_linkId=mysql_connect($url, $user, $password);
	38	if ($this->_linkId == false) {
	39	$error='chcipla databaza';
	40	$this->exception($error);
	41	return false;
	42	//die();
	43	}// else {
	44	// mysql_query('set character set utf8');
	45	//}
	46	$this->_url=$url;
	47	$this->_user=$user;
	48	$this->_password=$password;
	49
	50	if ($this->_linkId == false \|\| mysql_select_db($database, $this->_linkId) == false) {
	51	$this->exception("1Database failed.");
	52	return false;
	53	die();
	54	}
	55	$this->_database=$database;
	56	}
	57	return true;
	58	}
	59
	60	function closeMysql() {
	61	mysql_close($this->_linkId);
	62	}
	63
	64	function query($sql) {
65
704b65a2	66	$this->_linkId = false;
	67	$this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
	68	$this->Master = true;
	69
	70	// Simple IDS, against automats
	71	// When possible attack is detected,
	72	// query & session information is stored into log
	73	// Looking for following string in SQL query:
	74	// - "user()" (get cur. user)
	75	// - "@@version" (get mysql version)
	76	// - "AND 1=1" (blind sqli) (too many false positives?)
	77	// - "information_schema" (for listing of tables, columns...)
	78
	79	// - "/*" (comment) (too many false positives?)
	80	// - "--" (comment) (too many false positives?)
	81
	82	if (preg_match('/user\(\)/',$sql) \|\| preg_match('/@@version/',$sql)
	83	\|\| preg_match('/information_schema/',$sql)\|\| preg_match('/AND 1=1/',$sql)
	84	) {
	85	logger::log('SQL ALARM',$sql);
	86
	87	}
51ff3226	88
704b65a2	89	$this->_queryId = mysql_query($sql,$this->_linkId);
51ff3226	90
57029afa	91	if ((isset($_SESSION['debugging']) && $_SESSION['debugging'])) {
704b65a2	92	echo $sql;
	93	global $timer_start;
	94	echo "<BR>".SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
	95	}
51ff3226	96
704b65a2	97	if ($this->_queryId == false) {
704b65a2	98	$this->exception("query failed ::$sql::");
51ff3226	99	}
51ff3226	100
704b65a2	101	return new result($this->_queryId, $sql);
	102	}
	103
51ff3226	104
	105	function executequery($sql) {
	106	return($this->query($sql));
	107	}
	108
	109	function executetransaction($queries) {
	110	$this->executequery("set autocommit=0");
	111	if (is_array($queries)) {
	112	foreach ($queries as $query) {
	113	$this->executequery($query);
	114	}
	115	}
	116	$this->executequery("commit");
	117	$this->executequery("set autocommit=1");
	118	}
	119
	120	function executeupdate($sql) {
	121	return($this->update($sql));
	122	}
	123
	124	function update($sql) {
	125	if (!$this->Master) {
	126	$this->_linkId = false;
	127	$this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
	128	$this->Master = true;
	129	}
	130
	131	$this->_queryId = @mysql_db_query($this->_database,$sql,$this->_linkId);
	132	if ($this->_queryId == false) {
	133	$this->exception("update failed.");
	134	}
	135	$rows=@mysql_affected_rows($this->_linkId);
	136	return($rows);
	137	}
	138
	139	function getLastInsertId() {
	140	return(@mysql_insert_id($this->_linkId));
	141	}
	142
	143	function exception($errorMessage) {
	144
	145	echo "<!-- ";
	146	echo @mysql_error($this->_linkId)," (",@mysql_errno($this->_linkId),")";
	147	echo "-->";
	148
	149	if ($this->_halt_on_error) {
	150	die("<pre>".$errorMessage."</pre>");
	151	} else {
	152	echo $errorMessage."<br>";
	153	return false;
	154	}
	155	}
	156	}
	157	?>