wwwroot/inc/database.inc

   1 <?php
   2 require ("result.inc");
   3
   4 class CLASS_DATABASE {
   5
   6 /*
   7 var $Database="";
   8 var $User="";
   9 var $Password="";
  10 var $Url="";
  11 */
  12
  13 var $Master = true;
  14 var $_linkId = false;
  15 var $_url = "";
  16 var $_user = "";
  17 var $_password = "";
  18 var $_database = "";
  19 var $_halt_on_error = true;
  20
  21 /*
  22 function CLASS_DATABASE ($database=DB_DATABASE,$user=DB_USER,$password=DB_PASS,$url=DB_HOST) {
  23         $this->Database=$database;
  24         $this->Password=$password;
  25         $this->User=$user;
  26         $this->Url=$url;
  27 */
  28
  29 function CLASS_DATABASE() {
  30         $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
  31 }
  32
  33 function connect($url,$user,$password,$database, $halt_on_error = true) {
  34                 global $error;
  35                 $this->_halt_on_error = $halt_on_error;
  36                 if ($this->_linkId == false) {
  37                         $this->_linkId=mysql_connect($url, $user, $password);
  38                         if ($this->_linkId == false) {
  39                                 $error='chcipla databaza';
  40                                 $this->exception($error);
  41                                 return false;
  42                                 //die();
  43                         }// else {
  44                          //     mysql_query('set character set utf8');
  45                          //}
  46                         $this->_url=$url;
  47                         $this->_user=$user;
  48                         $this->_password=$password;
  49
  50                         if ($this->_linkId == false || mysql_select_db($database, $this->_linkId) == false) {
  51                                 $this->exception("1Database failed.");
  52                                 return false;
  53                                 die();
  54                         }
  55                         $this->_database=$database;
  56                 }
  57                 return true;
  58 }
  59
  60 /* DEPRECATED!
  61 function closeMysql() {
  62         mysql_close($this->_linkId);
  63 }
  64 */
  65
  66 function query($sql) {
  67
  68         $this->_linkId = false;
  69         $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
  70         $this->Master = true;
  71
  72         // Simple IDS, against automats
  73         // When possible attack is detected,
  74         // query & session information is stored into log
  75         // Looking for following string in SQL query:
  76         // - "user()" (get cur. user)
  77         // - "@@version" (get mysql version)
  78         // - "AND 1=1" (blind sqli) (too many false positives?)
  79         // - "information_schema" (for listing of tables, columns...)
  80
  81         // - "/*" (comment) (too many false positives?)
  82         // - "--" (comment) (too many false positives?)
  83
  84         if (preg_match('/user\(\)/',$sql) || preg_match('/@@version/',$sql)
  85         || preg_match('/information_schema/',$sql)|| preg_match('/AND 1=1/',$sql)
  86         ) {
  87                 logger::log('SQL ALARM',$sql);
  88
  89         }
  90
  91         $this->_queryId = mysql_query($sql,$this->_linkId);
  92
  93         if ((isset($_SESSION['debugging']) && $_SESSION['debugging'])) {
  94                 echo $sql;
  95                 global $timer_start;
  96                 echo "<BR>".SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
  97         }
  98
  99         if ($this->_queryId == false) {
 100                 $this->exception("query failed ::$sql::");
 101         }
 102
 103         return new result($this->_queryId, $sql);
 104 }
 105
 106 /* DEPRECATED!
 107 function executequery($sql) { //same as query()!
 108         return($this->query($sql));
 109 }
 110
 111 function executetransaction($queries) {
 112         $this->executequery("set autocommit=0");
 113         if (is_array($queries)) {
 114                 foreach ($queries as $query) {
 115                         $this->executequery($query);
 116                 }
 117         }
 118         $this->executequery("commit");
 119         $this->executequery("set autocommit=1");
 120 }
 121
 122 function executeupdate($sql) {
 123         return($this->update($sql));
 124 }
 125 */
 126
 127 function update($sql) {
 128         if (!$this->Master) {
 129                 $this->_linkId = false;
 130                 $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
 131                 $this->Master = true;
 132         }
 133
 134         $this->_queryId = @mysql_db_query($this->_database,$sql,$this->_linkId);
 135                 if ($this->_queryId == false) {
 136                         $this->exception("update failed.");
 137                 }
 138                 $rows=@mysql_affected_rows($this->_linkId);
 139                 return($rows);
 140 }
 141
 142 function getLastInsertId() {
 143                 return(@mysql_insert_id($this->_linkId));
 144 }
 145
 146 function exception($errorMessage) { //Internal only!
 147
 148         echo "<!-- ";
 149         echo @mysql_error($this->_linkId)," (",@mysql_errno($this->_linkId),")";
 150         echo "-->";
 151
 152         if ($this->_halt_on_error) {
 153                 die("<pre>".$errorMessage."</pre>");
 154                 } else {
 155                         echo $errorMessage."<br>";
 156                         return false;
 157                 }
 158         }
 159 }
 160 ?>