[mirrors/Kyberia-bloodline.git] / wwwroot / inc / database.inc

<?php
require ("result.inc");

class CLASS_DATABASE {

/*
var $Database="";
var $User="";
var $Password="";
var $Url="";
*/

var $Master = true;
var $_linkId = false;
var $_url = "";
var $_user = "";
var $_password = "";
var $_database = "";
var $_halt_on_error = true;

/*
function CLASS_DATABASE ($database=DB_DATABASE,$user=DB_USER,$password=DB_PASS,$url=DB_HOST) {
	$this->Database=$database;
	$this->Password=$password;
	$this->User=$user;
	$this->Url=$url;
*/

function CLASS_DATABASE() {
	$this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
}

function connect($url,$user,$password,$database, $halt_on_error = true) {
		global $error;
		$this->_halt_on_error = $halt_on_error;
		if ($this->_linkId == false) {
			$this->_linkId=mysql_connect($url, $user, $password);
			if ($this->_linkId == false) {
				$error='chcipla databaza';
				$this->exception($error);
				return false;
				//die();
			}// else {
		 	 //	mysql_query('set character set utf8');
			 //}
			$this->_url=$url;
			$this->_user=$user;
			$this->_password=$password;

			if ($this->_linkId == false || mysql_select_db($database, $this->_linkId) == false) {
				$this->exception("1Database failed.");
				return false;
				die();
			}
			$this->_database=$database;
		}
		return true;
}

/* DEPRECATED!
function closeMysql() {
	mysql_close($this->_linkId);
}
*/

function query($sql) {

	$this->_linkId = false;
	$this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
	$this->Master = true;

	// Simple IDS, against automats
	// When possible attack is detected, 
	// query & session information is stored into log
	// Looking for following string in SQL query:
	// - "user()" (get cur. user)
	// - "@@version" (get mysql version)
	// - "AND 1=1" (blind sqli) (too many false positives?)
	// - "information_schema" (for listing of tables, columns...)

	// - "/*" (comment) (too many false positives?)
	// - "--" (comment) (too many false positives?)

	if (preg_match('/user\(\)/',$sql) || preg_match('/@@version/',$sql)
	|| preg_match('/information_schema/',$sql)|| preg_match('/AND 1=1/',$sql)
	) {
		logger::log('SQL ALARM',$sql);
		
	}

	$this->_queryId = mysql_query($sql,$this->_linkId);

	if ((isset($_SESSION['debugging']) && $_SESSION['debugging'])) {
		echo $sql;
		global $timer_start;
		echo "<BR>".SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
	}

	if ($this->_queryId == false) {
      		$this->exception("query failed ::$sql::");
	}

	return new result($this->_queryId, $sql);
}

/* DEPRECATED!
function executequery($sql) { //same as query()!
	return($this->query($sql));
}

function executetransaction($queries) {
	$this->executequery("set autocommit=0");
	if (is_array($queries)) {
		foreach ($queries as $query) {
			$this->executequery($query);
		}
	}
	$this->executequery("commit");
	$this->executequery("set autocommit=1");
}

function executeupdate($sql) {
	return($this->update($sql));
}
*/

function update($sql) {
	if (!$this->Master) {
		$this->_linkId = false;
		$this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
                $this->Master = true;
	}

	$this->_queryId = @mysql_db_query($this->_database,$sql,$this->_linkId);
		if ($this->_queryId == false) {
			$this->exception("update failed.");
		}
		$rows=@mysql_affected_rows($this->_linkId);
		return($rows);
}

function getLastInsertId() {
		return(@mysql_insert_id($this->_linkId));
}

function exception($errorMessage) { //Internal only!

	echo "<!-- ";
	echo @mysql_error($this->_linkId)," (",@mysql_errno($this->_linkId),")";
	echo "-->";

	if ($this->_halt_on_error) {
		die("<pre>".$errorMessage."</pre>");
		} else {
			echo $errorMessage."<br>";
			return false;
		}
	}
}
?>
Commit	Line	Data
51ff3226	1	<?php
	2	require ("result.inc");
	3
	4	class CLASS_DATABASE {
	5
	6	/*
	7	var $Database="";
	8	var $User="";
	9	var $Password="";
	10	var $Url="";
	11	*/
	12
	13	var $Master = true;
	14	var $_linkId = false;
	15	var $_url = "";
	16	var $_user = "";
	17	var $_password = "";
	18	var $_database = "";
	19	var $_halt_on_error = true;
	20
	21	/*
	22	function CLASS_DATABASE ($database=DB_DATABASE,$user=DB_USER,$password=DB_PASS,$url=DB_HOST) {
	23	$this->Database=$database;
	24	$this->Password=$password;
	25	$this->User=$user;
	26	$this->Url=$url;
	27	*/
	28
	29	function CLASS_DATABASE() {
	30	$this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
	31	}
	32
	33	function connect($url,$user,$password,$database, $halt_on_error = true) {
	34	global $error;
	35	$this->_halt_on_error = $halt_on_error;
	36	if ($this->_linkId == false) {
	37	$this->_linkId=mysql_connect($url, $user, $password);
	38	if ($this->_linkId == false) {
	39	$error='chcipla databaza';
	40	$this->exception($error);
	41	return false;
	42	//die();
	43	}// else {
	44	// mysql_query('set character set utf8');
	45	//}
	46	$this->_url=$url;
	47	$this->_user=$user;
	48	$this->_password=$password;
	49
	50	if ($this->_linkId == false \|\| mysql_select_db($database, $this->_linkId) == false) {
	51	$this->exception("1Database failed.");
	52	return false;
	53	die();
	54	}
	55	$this->_database=$database;
	56	}
	57	return true;
	58	}
	59
d068d94b	60	/* DEPRECATED!
51ff3226	61	function closeMysql() {
	62	mysql_close($this->_linkId);
	63	}
d068d94b	64	*/
51ff3226	65
	66	function query($sql) {
	67
704b65a2	68	$this->_linkId = false;
	69	$this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
	70	$this->Master = true;
	71
	72	// Simple IDS, against automats
	73	// When possible attack is detected,
	74	// query & session information is stored into log
	75	// Looking for following string in SQL query:
	76	// - "user()" (get cur. user)
	77	// - "@@version" (get mysql version)
	78	// - "AND 1=1" (blind sqli) (too many false positives?)
	79	// - "information_schema" (for listing of tables, columns...)
	80
	81	// - "/*" (comment) (too many false positives?)
	82	// - "--" (comment) (too many false positives?)
	83
	84	if (preg_match('/user\(\)/',$sql) \|\| preg_match('/@@version/',$sql)
	85	\|\| preg_match('/information_schema/',$sql)\|\| preg_match('/AND 1=1/',$sql)
	86	) {
	87	logger::log('SQL ALARM',$sql);
	88
	89	}
51ff3226	90
704b65a2	91	$this->_queryId = mysql_query($sql,$this->_linkId);
51ff3226	92
57029afa	93	if ((isset($_SESSION['debugging']) && $_SESSION['debugging'])) {
704b65a2	94	echo $sql;
	95	global $timer_start;
	96	echo "<BR>".SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
	97	}
51ff3226	98
704b65a2	99	if ($this->_queryId == false) {
704b65a2	100	$this->exception("query failed ::$sql::");
51ff3226	101	}
51ff3226	102
704b65a2	103	return new result($this->_queryId, $sql);
	104	}
	105
d068d94b H	106	/* DEPRECATED!
d068d94b H	107	function executequery($sql) { //same as query()!
51ff3226	108	return($this->query($sql));
	109	}
	110
	111	function executetransaction($queries) {
	112	$this->executequery("set autocommit=0");
	113	if (is_array($queries)) {
	114	foreach ($queries as $query) {
	115	$this->executequery($query);
	116	}
	117	}
	118	$this->executequery("commit");
	119	$this->executequery("set autocommit=1");
	120	}
	121
	122	function executeupdate($sql) {
	123	return($this->update($sql));
	124	}
d068d94b	125	*/
51ff3226	126
	127	function update($sql) {
	128	if (!$this->Master) {
	129	$this->_linkId = false;
	130	$this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
	131	$this->Master = true;
	132	}
	133
	134	$this->_queryId = @mysql_db_query($this->_database,$sql,$this->_linkId);
	135	if ($this->_queryId == false) {
	136	$this->exception("update failed.");
	137	}
	138	$rows=@mysql_affected_rows($this->_linkId);
	139	return($rows);
	140	}
	141
	142	function getLastInsertId() {
	143	return(@mysql_insert_id($this->_linkId));
	144	}
	145
d068d94b	146	function exception($errorMessage) { //Internal only!
51ff3226	147
	148	echo "<!-- ";
	149	echo @mysql_error($this->_linkId)," (",@mysql_errno($this->_linkId),")";
	150	echo "-->";
	151
	152	if ($this->_halt_on_error) {
	153	die("<pre>".$errorMessage."</pre>");
	154	} else {
	155	echo $errorMessage."<br>";
	156	return false;
	157	}
	158	}
	159	}
	160	?>