wwwroot/inc/database.inc

   1 <?php
   2 require ("result.inc");
   3
   4 class CLASS_DATABASE {
   5
   6 /*
   7 var $Database="";
   8 var $User="";
   9 var $Password="";
  10 var $Url="";
  11 */
  12
  13 var $Master = true;
  14 var $_linkId = false;
  15 var $_url = "";
  16 var $_user = "";
  17 var $_password = "";
  18 var $_database = "";
  19 var $_halt_on_error = true;
  20
  21 /*
  22 function CLASS_DATABASE ($database=DB_DATABASE,$user=DB_USER,$password=DB_PASS,$url=DB_HOST) {
  23         $this->Database=$database;
  24         $this->Password=$password;
  25         $this->User=$user;
  26         $this->Url=$url;
  27 */
  28
  29 function CLASS_DATABASE() {
  30         $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
  31 }
  32
  33 function connect($url,$user,$password,$database, $halt_on_error = true) {
  34                 global $error;
  35                 $this->_halt_on_error = $halt_on_error;
  36                 if ($this->_linkId == false) {
  37                         $this->_linkId=mysql_connect($url, $user, $password);
  38                         if ($this->_linkId == false) {
  39                                 $error='chcipla databaza';
  40                                 $this->exception($error);
  41                                 return false;
  42                                 //die();
  43                         }// else {
  44                          //     mysql_query('set character set utf8');
  45                          //}
  46                         $this->_url=$url;
  47                         $this->_user=$user;
  48                         $this->_password=$password;
  49
  50                         if ($this->_linkId == false || mysql_select_db($database, $this->_linkId) == false) {
  51                                 $this->exception("1Database failed.");
  52                                 return false;
  53                                 die();
  54                         }
  55                         $this->_database=$database;
  56                 }
  57                 return true;
  58 }
  59
  60 function closeMysql() {
  61         mysql_close($this->_linkId);
  62 }
  63
  64 function query($sql) {
  65
  66         $this->_linkId = false;
  67         $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
  68         $this->Master = true;
  69
  70         // Simple IDS, against automats
  71         // When possible attack is detected,
  72         // query & session information is stored into log
  73         // Looking for following string in SQL query:
  74         // - "user()" (get cur. user)
  75         // - "@@version" (get mysql version)
  76         // - "AND 1=1" (blind sqli) (too many false positives?)
  77         // - "information_schema" (for listing of tables, columns...)
  78
  79         // - "/*" (comment) (too many false positives?)
  80         // - "--" (comment) (too many false positives?)
  81
  82         if (preg_match('/user\(\)/',$sql) || preg_match('/@@version/',$sql)
  83         || preg_match('/information_schema/',$sql)|| preg_match('/AND 1=1/',$sql)
  84         ) {
  85                 logger::log('SQL ALARM',$sql);
  86
  87         }
  88
  89         $this->_queryId = mysql_query($sql,$this->_linkId);
  90
  91         if ((isset($_SESSION['debugging']) && $_SESSION['debugging'])) {
  92                 echo $sql;
  93                 global $timer_start;
  94                 echo "<BR>".SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
  95         }
  96
  97         if ($this->_queryId == false) {
  98                 $this->exception("query failed ::$sql::");
  99         }
 100
 101         return new result($this->_queryId, $sql);
 102 }
 103
 104
 105 function executequery($sql) {
 106         return($this->query($sql));
 107 }
 108
 109 function executetransaction($queries) {
 110         $this->executequery("set autocommit=0");
 111         if (is_array($queries)) {
 112                 foreach ($queries as $query) {
 113                         $this->executequery($query);
 114                 }
 115         }
 116         $this->executequery("commit");
 117         $this->executequery("set autocommit=1");
 118 }
 119
 120 function executeupdate($sql) {
 121         return($this->update($sql));
 122 }
 123
 124 function update($sql) {
 125         if (!$this->Master) {
 126                 $this->_linkId = false;
 127                 $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
 128                 $this->Master = true;
 129         }
 130
 131         $this->_queryId = @mysql_db_query($this->_database,$sql,$this->_linkId);
 132                 if ($this->_queryId == false) {
 133                         $this->exception("update failed.");
 134                 }
 135                 $rows=@mysql_affected_rows($this->_linkId);
 136                 return($rows);
 137 }
 138
 139 function getLastInsertId() {
 140                 return(@mysql_insert_id($this->_linkId));
 141 }
 142
 143 function exception($errorMessage) {
 144
 145         echo "<!-- ";
 146         echo @mysql_error($this->_linkId)," (",@mysql_errno($this->_linkId),")";
 147         echo "-->";
 148
 149         if ($this->_halt_on_error) {
 150                 die("<pre>".$errorMessage."</pre>");
 151                 } else {
 152                         echo $errorMessage."<br>";
 153                         return false;
 154                 }
 155         }
 156 }
 157 ?>