PageRenderTime 104ms CodeModel.GetById 42ms RepoModel.GetById 5ms app.codeStats 0ms

/website/db.inc

https://bitbucket.org/matthewsomerville/publicwhip-v1
Pascal | 289 lines | 80 code | 38 blank | 171 comment | 7 complexity | 7c9cfd45ec6250695467cae417d3dae3 MD5 | raw file
Possible License(s): AGPL-1.0, BSD-3-Clause
  1. <?php
  2. # $Id: db.inc,v 1.33 2011/06/12 20:44:44 publicwhip Exp $
  3. # Database access wrapper. Calls mysql.
  4. # The Public Whip, Copyright (C) 2003 Francis Irving and Julian Todd
  5. # This is free software, and you are welcome to redistribute it under
  6. # certain conditions. However, it comes with ABSOLUTELY NO WARRANTY.
  7. # For details see the file LICENSE.html in the top level of the source.
  8. $pwpdo = new PWPDO();
  9. $pwpdo2 = new PWPDO();
  10. $db=new DB(); // needed for calls to mysql_real_escape_string
  11. # debug setting which prints out all the statements in the SQL calls
  12. $bdebug = 0;
  13. function db_scrub($text)
  14. {
  15. return mysql_real_escape_string($text);
  16. }
  17. function html_scrub($text)
  18. {
  19. return htmlentities(html_entity_decode(stripslashes($text), ENT_COMPAT, 'UTF-8'), ENT_COMPAT, 'UTF-8');
  20. }
  21. function isrobot()
  22. {
  23. $useragent = $_SERVER["HTTP_USER_AGENT"];
  24. return preg_match(
  25. "/(Google|Slurp|msnbot|robot|Gigabot|Teoma|VoilaBot|searchme|ia_archiver|Crawler|MSNBOT|MLBot|Wget|Yandex)/",
  26. $useragent
  27. );
  28. }
  29. function possiblexss($string) {
  30. $requesturi = (isset($_SERVER['REQUEST_URI']) === true ? $_SERVER['REQUEST_URI'] : '[no url]');
  31. error_log('Possible XSS: === [' . $string . '] === on page ' . $requesturi);
  32. }
  33. function disabled($string) {
  34. $requesturi = (isset($_SERVER['REQUEST_URI']) === true ? $_SERVER['REQUEST_URI'] : '[no url]');
  35. error_log('Disabled function called: === [' . $string . '] === on page ' . $requesturi);
  36. }
  37. class PWPDO
  38. {
  39. public $pdo;
  40. public $currentstatement;
  41. private function logfail(Exception $e,$message,$query,$placeholders=array()) {
  42. $requesturi = (isset($_SERVER['REQUEST_URI']) === true ? $_SERVER['REQUEST_URI'] : '[no url]');
  43. error_log($message.' : '.$e->getMessage().' when running '.$query.' '.print_r($placeholders,TRUE).' on '.$requesturi);
  44. trigger_error('Database error '.$e->getMessage().' : '.$message,E_USER_ERROR);
  45. }
  46. public function __construct()
  47. {
  48. global $pw_host, $pw_user, $pw_password, $pw_database;
  49. try {
  50. $this->pdo = new PDO(
  51. 'mysql:dbname=' . $pw_database .
  52. ';host=' . $pw_host, $pw_user,
  53. $pw_password,
  54. array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"));
  55. $this->pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  56. } catch (Exception $e) {
  57. die('Unable to access database:' . $e->getMessage());
  58. }
  59. }
  60. private function prepare($query)
  61. {
  62. //error_log('new:'.$query);
  63. try {
  64. return $this->pdo->prepare($query);
  65. } catch (Exception $e) {
  66. $this->logfail($e,'Unable to prepare query',$query);
  67. }
  68. }
  69. function get_single_row($query, $placeholders)
  70. {
  71. $statement = $this->prepare($query);
  72. try {
  73. $statement->execute($placeholders);
  74. } catch (Exception $e) {
  75. $this->logfail($e,'Unable to run get_single_row',$query,$placeholders);
  76. }
  77. $data = $statement->fetch(PDO::FETCH_ASSOC);
  78. if (is_array($data) === false) {
  79. return null;
  80. }
  81. $test = $statement->fetch(PDO::FETCH_ASSOC);
  82. if (is_array($test) === true && count($test)>0) {
  83. $this->logfail(new Exception(),'get_single_row got more than 1 row',$query);
  84. }
  85. return $data;
  86. }
  87. public function fetch_all_rows($query, $placeholders)
  88. {
  89. try {
  90. $statement = $this->prepare($query);
  91. $statement->execute($placeholders);
  92. } catch (Exception $e) {
  93. $this->logfail($e,'fetch_all_rows',$query,$placeholders);
  94. }
  95. return $statement->fetchAll(PDO::FETCH_ASSOC);
  96. }
  97. public function query($query, $placeholders)
  98. {
  99. try {
  100. $this->statement = $this->prepare($query);
  101. $this->statement->execute($placeholders);
  102. } catch (Exception $e) {
  103. $this->logfail($e,'query',$query,$placeholders);
  104. }
  105. }
  106. public function fetch_row()
  107. {
  108. try {
  109. return $this->statement->fetch(PDO::FETCH_ASSOC);
  110. } catch (Exception $e) {
  111. $this->logfail($e,'fetch_row','');
  112. }
  113. }
  114. public function quote($string) {
  115. return $this->pdo->quote($string);
  116. }
  117. }
  118. class DB
  119. {
  120. var $link;
  121. var $result;
  122. public function __construct()
  123. {
  124. $this->connect();
  125. }
  126. function connect()
  127. {
  128. global $pw_host, $pw_user, $pw_password, $pw_database;
  129. $this->link = mysql_connect($pw_host, $pw_user, $pw_password)
  130. or trigger_error("Could not connect : " . mysql_error(), E_USER_ERROR);
  131. mysql_query("SET NAMES 'utf8'", $this->link);
  132. mysql_select_db($pw_database, $this->link)
  133. or trigger_error("Could not select database : " . mysql_error(), E_USER_ERROR);
  134. }
  135. function query($query)
  136. {
  137. $requesturi = (isset($_SERVER['REQUEST_URI']) === true ? $_SERVER['REQUEST_URI'] : '[no url]');
  138. error_log('Old query: == ' . $query . ' == on page ' . $requesturi);
  139. $x = mysql_query($query, $this->link)
  140. or trigger_error("Query failed : " . mysql_error(), E_USER_ERROR);
  141. $this->result = $x;
  142. }
  143. function query_errcheck($query)
  144. {
  145. $this->result = mysql_query($query, $this->link);
  146. return $this->result;
  147. }
  148. function fetch_row()
  149. {
  150. return mysql_fetch_row($this->result);
  151. }
  152. function fetch_row_assoc()
  153. {
  154. return mysql_fetch_assoc($this->result);
  155. }
  156. function fetch_row_both()
  157. {
  158. return mysql_fetch_array($this->result, MYSQL_BOTH);
  159. }
  160. function fetch_rows_assoc()
  161. {
  162. $ret = array();
  163. while ($row = mysql_fetch_assoc($this->result)) {
  164. array_push($ret, $row);
  165. }
  166. return $ret;
  167. }
  168. function rows()
  169. {
  170. if (gettype($this->result) == "boolean") {
  171. return $this->result;
  172. }
  173. return mysql_num_rows($this->result);
  174. }
  175. function query_one_row($query)
  176. {
  177. $this->query($query);
  178. if ($this->rows() != 1) {
  179. trigger_error(
  180. "query_one_row: Single row query didn't get one row, got " . $this->rows() . " on query: " . $query,
  181. E_USER_ERROR
  182. );
  183. }
  184. $row = $this->fetch_row();
  185. return $row;
  186. }
  187. function query_onez_row($query)
  188. {
  189. $this->query($query);
  190. if ($this->rows() == 0) {
  191. return null;
  192. }
  193. if ($this->rows() != 1) {
  194. trigger_error(
  195. "query_one_row: Single row query didn't get one row, got " . $this->rows() . " on query: " . $query,
  196. E_USER_ERROR
  197. );
  198. }
  199. $row = $this->fetch_row();
  200. return $row;
  201. }
  202. function query_one_row_assoc($query)
  203. {
  204. $this->query($query);
  205. if ($this->rows() != 1) {
  206. trigger_error(
  207. "query_one_row_assoc: Single row query didn't get one row, got " . $this->rows(
  208. ) . " on query: " . $query,
  209. E_USER_ERROR
  210. );
  211. }
  212. $row = $this->fetch_row_assoc();
  213. return $row;
  214. }
  215. function query_onez_row_assoc($query)
  216. {
  217. $this->query($query);
  218. $rows = $this->rows();
  219. if ($rows == 0) {
  220. return null;
  221. }
  222. if ($rows != 1) {
  223. trigger_error(
  224. "query_onez_row_assoc: Single row query didn't get one row, got " . $rows . " on query: " . $query,
  225. E_USER_ERROR
  226. );
  227. }
  228. $row = $this->fetch_row_assoc();
  229. return $row;
  230. }
  231. function query_one_value($query)
  232. {
  233. $row = $this->query_one_row($query);
  234. if (count(row) != 1) {
  235. trigger_error(
  236. "Single value query didn't get one value, got " . count(row) . " on query: " . $query,
  237. E_USER_ERROR
  238. );
  239. }
  240. return $row[0];
  241. }
  242. function disconnect()
  243. {
  244. mysql_close($this->link);
  245. }
  246. }