api.mysql.php 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520
  1. <?php
  2. ////////////////////////////////////////////////////////////////////////////////
  3. // //
  4. // This program is distributed in the hope that it will be useful, //
  5. // but WITHOUT ANY WARRANTY, without even the implied warranty of //
  6. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. //
  7. // //
  8. // This product released under GNU General Public License v2 //
  9. ////////////////////////////////////////////////////////////////////////////////
  10. /**
  11. * Debug mode on/off here
  12. */
  13. define('SQL_DEBUG_LOG', 'exports/sqldebug.log');
  14. $mysqlDatabaseConfig = @parse_ini_file('config/mysql.ini');
  15. $mysqlDebugBuffer = array();
  16. $query_counter = 0;
  17. $ubillingDatabaseDriver = 'none';
  18. define('SQL_DEBUG_QUERY_EOL', 'UBSQEOL');
  19. if (@$mysqlDatabaseConfig['debug']) {
  20. switch ($mysqlDatabaseConfig['debug']) {
  21. case 1:
  22. define('SQL_DEBUG', 1);
  23. break;
  24. case 2:
  25. define('SQL_DEBUG', 2);
  26. break;
  27. }
  28. } else {
  29. define('SQL_DEBUG', 0);
  30. }
  31. if (!extension_loaded('mysql')) {
  32. $ubillingDatabaseDriver = 'mysqli';
  33. /**
  34. * MySQLi database layer
  35. */
  36. if (!($db_config = @parse_ini_file('config/mysql.ini'))) {
  37. print('Cannot load mysql configuration');
  38. exit;
  39. }
  40. $dbport = (empty($db_config['port'])) ? 3306 : $db_config['port'];
  41. $loginDB = new mysqli($db_config['server'], $db_config['username'], $db_config['password'], $db_config['db'], $dbport);
  42. if ($loginDB->connect_error) {
  43. die('Connection error (' . $loginDB->connect_errno . ') '
  44. . $loginDB->connect_error);
  45. } else {
  46. $loginDB->query("set character_set_client='" . $db_config['character'] . "'");
  47. $loginDB->query("set character_set_results='" . $db_config['character'] . "'");
  48. $loginDB->query("set collation_connection='" . $db_config['character'] . "_general_ci'");
  49. }
  50. /**
  51. * Escapes special characters in a string for use in an SQL statement, taking into account the current charset of the connection
  52. *
  53. * @global object $loginDB
  54. * @param string $parametr data to filter
  55. *
  56. * @return string
  57. */
  58. function loginDB_real_escape_string($parametr) {
  59. global $loginDB;
  60. $result = $loginDB->real_escape_string($parametr);
  61. return($result);
  62. }
  63. if (!function_exists('mysql_real_escape_string')) {
  64. /**
  65. * Escapes special characters in a string for use in an SQL statement, taking into account the current charset of the connection
  66. *
  67. * @param string $data
  68. *
  69. * @return string
  70. */
  71. function mysql_real_escape_string($data) {
  72. return(loginDB_real_escape_string($data));
  73. }
  74. }
  75. /**
  76. * Executing query and returns result as array
  77. *
  78. * @global int $query_counter
  79. * @param string $query
  80. *
  81. * @return array
  82. */
  83. function simple_queryall($query) {
  84. global $loginDB, $query_counter;
  85. if (SQL_DEBUG) {
  86. zb_SqlDebugOutput($query);
  87. }
  88. $result = array();
  89. $queried = $loginDB->query($query) or die('wrong data input: ' . $query);
  90. while ($row = mysqli_fetch_assoc($queried)) {
  91. $result[] = $row;
  92. }
  93. $query_counter++;
  94. return($result);
  95. }
  96. /**
  97. * Executing query and returns array of first result
  98. *
  99. * @global int $query_counter
  100. * @param string $query
  101. * @return array
  102. */
  103. function simple_query($query) {
  104. global $loginDB, $query_counter;
  105. if (SQL_DEBUG) {
  106. zb_SqlDebugOutput($query);
  107. }
  108. $queried = $loginDB->query($query) or die('wrong data input: ' . $query);
  109. $result = mysqli_fetch_assoc($queried);
  110. $query_counter++;
  111. return($result);
  112. }
  113. /**
  114. * Updates single field in table with where expression
  115. *
  116. * @param string $tablename
  117. * @param string $field
  118. * @param string $value
  119. * @param string $where
  120. * @param bool $NoQuotesAroundValue
  121. *
  122. * @return void
  123. */
  124. function simple_update_field($tablename, $field, $value, $where = '', $NoQuotesAroundValue = false) {
  125. $tablename = loginDB_real_escape_string($tablename);
  126. $value = loginDB_real_escape_string($value);
  127. $field = loginDB_real_escape_string($field);
  128. if ($NoQuotesAroundValue) {
  129. $query = "UPDATE `" . $tablename . "` SET `" . $field . "` = " . $value . " " . $where . "";
  130. } else {
  131. $query = "UPDATE `" . $tablename . "` SET `" . $field . "` = '" . $value . "' " . $where . "";
  132. }
  133. nr_query($query);
  134. }
  135. /**
  136. * Returns last used `id` field available in some table
  137. *
  138. * @param string $tablename
  139. *
  140. * @return int
  141. */
  142. function simple_get_lastid($tablename) {
  143. $tablename = loginDB_real_escape_string($tablename);
  144. $query = "SELECT `id` from `" . $tablename . "` ORDER BY `id` DESC LIMIT 1";
  145. $result = simple_query($query);
  146. return($result['id']);
  147. }
  148. /**
  149. * Just executing single query
  150. *
  151. * @global int $query_counter
  152. * @param string $query
  153. *
  154. * @return mixed
  155. */
  156. function nr_query($query) {
  157. global $loginDB, $query_counter;
  158. if (SQL_DEBUG) {
  159. zb_SqlDebugOutput($query);
  160. }
  161. $queried = $loginDB->query($query) or die('wrong data input: ' . $query);
  162. $query_counter++;
  163. return($queried);
  164. }
  165. } else {
  166. $ubillingDatabaseDriver = 'mysql';
  167. /**
  168. * MySQL database old driver abstraction class. Used for PHP <7 legacy.
  169. */
  170. class MySQLDB {
  171. var $connection;
  172. var $last_query_num = 0;
  173. var $db_config = array();
  174. /**
  175. * last query result id
  176. *
  177. * @var MySQL result
  178. */
  179. var $lastresult;
  180. /**
  181. * last query assoc value
  182. *
  183. * @var bool
  184. */
  185. var $assoc = true;
  186. /**
  187. * Initialises connection with MySQL database server and selects needed db
  188. *
  189. * @param MySQL Connection Id $connection
  190. * @return MySQLDB
  191. */
  192. public function __construct($connection = false) {
  193. if ($connection)
  194. $this->connection = $connection;
  195. else {
  196. if (!($this->db_config = @parse_ini_file('config/' . 'mysql.ini'))) {
  197. print(('Cannot load mysql configuration'));
  198. return false;
  199. }
  200. if (!extension_loaded('mysql')) {
  201. print(('Unable to load module for database server "mysql": PHP mysql extension not available!'));
  202. return false;
  203. }
  204. $dbport = (empty($this->db_config['port'])) ? 3306 : $this->db_config['port'];
  205. $this->connection = @mysql_connect($this->db_config['server'] . ':' . $dbport, $this->db_config['username'], $this->db_config['password']);
  206. }
  207. if (empty($this->connection)) {
  208. print(('Unable to connect to database server!'));
  209. return false;
  210. } else if (!@mysql_select_db($this->db_config['db'], $this->connection)) {
  211. $this->db_error();
  212. return false;
  213. }
  214. mysql_query("set character_set_client='" . $this->db_config['character'] . "'");
  215. mysql_query("set character_set_results='" . $this->db_config['character'] . "'");
  216. mysql_query("set collation_connection='" . $this->db_config['character'] . "_general_ci'");
  217. return true;
  218. }
  219. /**
  220. * Executes query and returns result identifier
  221. *
  222. * @param string $query
  223. * @return MySQL result
  224. */
  225. public function query($query) {
  226. // use escape/vf function for input data.
  227. $result = @mysql_query($query, $this->connection) or $this->db_error(0, $query);
  228. $this->last_query_num++;
  229. return $result;
  230. }
  231. /**
  232. * Executes query and makes abstract data read available
  233. *
  234. * @param string $query
  235. * @param bool $assoc
  236. */
  237. public function ExecuteReader($query, $assoc = true) {
  238. $this->lastresult = $this->query($query);
  239. $this->assoc = $assoc;
  240. }
  241. /**
  242. * Link to query method
  243. *
  244. * @param string $query
  245. * @return MySQL result
  246. */
  247. public function ExecuteNonQuery($query) {
  248. $result = $this->query($query);
  249. return (mysql_affected_rows() == 0 ? false : $result);
  250. }
  251. /**
  252. * Returns array with from the current query result
  253. *
  254. * @return array
  255. */
  256. public function Read() {
  257. if ($this->assoc) {
  258. $result = @mysql_fetch_assoc($this->lastresult) or false;
  259. } else {
  260. $result = @mysql_fetch_row($this->lastresult) or false;
  261. }
  262. return $result;
  263. }
  264. /**
  265. * Returns one row from the current query result
  266. *
  267. * @param int $row
  268. *
  269. * @return string
  270. */
  271. public function ReadSingleRow($row) {
  272. return mysql_result($this->lastresult, $row) or false;
  273. }
  274. /**
  275. * Prints MySQL error message; switching DEBUG, prints MySQL error description or sends it to administrator
  276. *
  277. * @return void
  278. */
  279. public function db_error($show = 0, $query = '') {
  280. global $system;
  281. if (!in_array(mysql_errno(), array(1062, 1065, 1191))) { // Errcodes in array are handled at another way :)
  282. if (SQL_DEBUG == 1 || $show == 1) {
  283. $warning = '<br><b>' . ('MySQL Error') . ':</b><br><i>';
  284. $warning .= mysql_errno() . ' : ' . mysql_error() . (empty($query) ? '</i>' : '<br>In query: <textarea cols="50" rows="7">' . $query . '</textarea></i>');
  285. print($warning) or print($warning);
  286. } else {
  287. print('An error occured. Please, try again later. Thank You !');
  288. @$message .= mysql_errno() . ':' . mysql_error() . "\r\n";
  289. $message .= (empty($query) ? '' : "In query: \r\n" . $query . "\r\n");
  290. die('MySQL error ' . $message);
  291. }
  292. }
  293. }
  294. /**
  295. * Escapes string to use in SQL query
  296. *
  297. * @param string $string
  298. *
  299. * @return string
  300. */
  301. public function escape($string) {
  302. if (!get_magic_quotes_gpc())
  303. return mysql_real_escape_string($string, $this->connection);
  304. else
  305. return mysql_real_escape_string(stripslashes($string), $this->connection);
  306. }
  307. /**
  308. * Disconnects from database server
  309. *
  310. * @return void
  311. */
  312. public function disconnect() {
  313. @mysql_close($this->connection);
  314. }
  315. }
  316. /**
  317. * Executing query and returns result as array
  318. *
  319. * @global int $query_counter
  320. * @param string $query
  321. *
  322. * @return array
  323. */
  324. function simple_queryall($query) {
  325. global $query_counter;
  326. if (SQL_DEBUG) {
  327. zb_SqlDebugOutput($query);
  328. }
  329. $result = '';
  330. $queried = mysql_query($query) or die('wrong data input: ' . $query);
  331. while ($row = mysql_fetch_assoc($queried)) {
  332. $result[] = $row;
  333. }
  334. $query_counter++;
  335. return($result);
  336. }
  337. /**
  338. * Executing query and returns array of first result
  339. *
  340. * @global int $query_counter
  341. * @param string $query
  342. *
  343. * @return array
  344. */
  345. function simple_query($query) {
  346. global $query_counter;
  347. if (SQL_DEBUG) {
  348. zb_SqlDebugOutput($query);
  349. }
  350. $queried = mysql_query($query) or die('wrong data input: ' . $query);
  351. $result = mysql_fetch_assoc($queried);
  352. $query_counter++;
  353. return($result);
  354. }
  355. /**
  356. * Updates single field in table with where expression
  357. *
  358. * @param string $tablename
  359. * @param string $field
  360. * @param string $value
  361. * @param string $where
  362. * @param bool $NoQuotesAroundValue
  363. *
  364. * @return void
  365. */
  366. function simple_update_field($tablename, $field, $value, $where = '', $NoQuotesAroundValue = false) {
  367. $tablename = mysql_real_escape_string($tablename);
  368. $value = mysql_real_escape_string($value);
  369. $field = mysql_real_escape_string($field);
  370. if ($NoQuotesAroundValue) {
  371. $query = "UPDATE `" . $tablename . "` SET `" . $field . "` = " . $value . " " . $where . "";
  372. } else {
  373. $query = "UPDATE `" . $tablename . "` SET `" . $field . "` = '" . $value . "' " . $where . "";
  374. }
  375. nr_query($query);
  376. }
  377. /**
  378. * Returns last used `id` field available in some table
  379. *
  380. * @param string $tablename
  381. *
  382. * @return int
  383. */
  384. function simple_get_lastid($tablename) {
  385. $tablename = mysql_real_escape_string($tablename);
  386. $query = "SELECT `id` from `" . $tablename . "` ORDER BY `id` DESC LIMIT 1";
  387. $result = simple_query($query);
  388. return ($result['id']);
  389. }
  390. /**
  391. * Just executing single query
  392. *
  393. * @global int $query_counter
  394. * @param string $query
  395. *
  396. * @return mixed
  397. */
  398. function nr_query($query) {
  399. global $query_counter;
  400. if (SQL_DEBUG) {
  401. zb_SqlDebugOutput($query);
  402. }
  403. $queried = mysql_query($query) or die('wrong data input: ' . $query);
  404. $query_counter++;
  405. return($queried);
  406. }
  407. //creating mysql connection object instance
  408. $db = new MySQLDB();
  409. }
  410. /**
  411. * Returns cutted down data entry
  412. * Available modes:
  413. * 1 - digits, letters
  414. * 2 - only letters
  415. * 3 - only digits
  416. * 4 - digits, letters, "-", "_", "."
  417. * 5 - current lang alphabet + digits + punctuation
  418. * default - filter only blacklist chars
  419. *
  420. * @param string $data
  421. * @param int $mode
  422. *
  423. * @return string
  424. */
  425. function vf($data, $mode = 0) {
  426. switch ($mode) {
  427. case 1:
  428. return preg_replace("#[^a-z0-9A-Z]#Uis", '', $data); // digits, letters
  429. break;
  430. case 2:
  431. return preg_replace("#[^a-zA-Z]#Uis", '', $data); // letters
  432. break;
  433. case 3:
  434. return preg_replace("#[^0-9]#Uis", '', $data); // digits
  435. break;
  436. case 4:
  437. return preg_replace("#[^a-z0-9A-Z\-_\.]#Uis", '', $data); // digits, letters, "-", "_", "."
  438. break;
  439. case 5:
  440. return preg_replace("#[^ [:punct:]" . ('a-zA-Z') . "0-9]#Uis", '', $data); // current lang alphabet + digits + punctuation
  441. break;
  442. default:
  443. return preg_replace("#[~@\+\?\%\/\;=\*\>\<\"\'\-]#Uis", '', $data); // black list anyway
  444. break;
  445. }
  446. }
  447. /**
  448. * Performs MySQL API debug output if enabled
  449. *
  450. * @param string $data
  451. *
  452. * @return void
  453. */
  454. function zb_SqlDebugOutput($data) {
  455. global $mysqlDebugBuffer;
  456. if (SQL_DEBUG) {
  457. switch (SQL_DEBUG) {
  458. case 1:
  459. $timestamp = curdatetime();
  460. $cleanData = trim($data);
  461. $logData = $timestamp . ' ' . $cleanData;
  462. $mysqlDebugBuffer[] = $logData;
  463. file_put_contents(SQL_DEBUG_LOG, $logData . SQL_DEBUG_QUERY_EOL . PHP_EOL, FILE_APPEND);
  464. break;
  465. case 2:
  466. print($data . PHP_EOL);
  467. break;
  468. }
  469. }
  470. }