/**
* Database connection library
*
- * @author Roland Haeder <webmaster@ship-simu.org>
+ * @author Roland Haeder <webmaster@shipsimu.org>
* @version 3.0.0
- * @copyright Copyright (c) 2009, 2010 Cracker Tracker Team
+ * @copyright Copyright (c) 2009 - 2017 Cracker Tracker Team
* @license GNU GPL 3.0 or any newer version
- * @link http://www.ship-simu.org
+ * @link http://www.shipsimu.org
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
// Is the link up?
if ((!isCrackerTrackerDatabaseLinkUp()) && (!empty($GLOBALS['ctracker_host'])) && (!empty($GLOBALS['ctracker_dbname'])) && (!empty($GLOBALS['ctracker_user']))) {
// Then connect to the database
- $GLOBALS['ctracker_link'] = mysql_connect($GLOBALS['ctracker_host'], $GLOBALS['ctracker_user'], $GLOBALS['ctracker_password']) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__);
+ $GLOBALS['ctracker_link'] = mysqli_connect($GLOBALS['ctracker_host'], $GLOBALS['ctracker_user'], $GLOBALS['ctracker_password'], $GLOBALS['ctracker_dbname']) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__);
- // Select the database
- if (!mysql_select_db($GLOBALS['ctracker_dbname'], $GLOBALS['ctracker_link'])) {
- // Attempt has failed
+ // Check on connection and config table
+ if (!isCrackerTrackerDatabaseLinkUp()) {
+ // Connect didn't work
crackerTrackerDatabaseError(__FUNCTION__, __LINE__);
} elseif (isCrackerTrackerTableCreated('ctracker_config')) {
// Load the config
crackerTrackerLoadConfig();
- }
- } // END - if
+ } // END - if
+ } else {
+ // Init fake config
+ crackerTrackerInitFakeConfig();
+ }
+}
+
+// Inits a fake configurtation
+function crackerTrackerInitFakeConfig () {
+ // Set the array
+ $GLOBALS['ctracker_config'] = [
+ 'ctracker_alert_user' => 'Y',
+ ];
}
// Checks if the link is up
function isCrackerTrackerDatabaseLinkUp () {
- return ((isset($GLOBALS['ctracker_link'])) && (is_resource($GLOBALS['ctracker_link'])));
+ // Is the instance at least set?
+ if (isset($GLOBALS['ctracker_link'])) {
+ // Debug message
+ //* DEBUG: */ error_log('isset='.intval(isset($GLOBALS['ctracker_link'])) . ',is_object=' . intval(is_object($GLOBALS['ctracker_link'])) . ',mysqli_connect_errno=' . mysqli_connect_errno());
+ } else {
+ // Not set!
+ //* DEBUG: */ error_log('ctracker_link not set.');
+ }
+
+ return ((isset($GLOBALS['ctracker_link'])) && (is_object($GLOBALS['ctracker_link'])) && (mysqli_connect_errno() == 0));
}
// Database error detected
// Output error
print 'Function : ' . $F . '<br />';
print 'Line : ' . $L . '<br />';
- print 'MySQL error : ' . mysql_error() . '<br />';
+ if (isset($GLOBALS['ctracker_link'])) {
+ print 'MySQL error : ' . mysqli_error($GLOBALS['ctracker_link']) . '<br />';
+ } else {
+ print 'No MySQLi available.<br />';
+ }
print 'Last SQL : '. $GLOBALS['ctracker_last_sql'] . '<br />';
} // END - if
// Is the link up?
if (isCrackerTrackerDatabaseLinkUp()) {
// Did it work?
- if (!mysql_close($GLOBALS['ctracker_link'])) {
- // Remove the link from global array
- unset($GLOBALS['ctracker_link']);
-
+ if (!mysqli_close($GLOBALS['ctracker_link'])) {
// Attempt has failed
crackerTrackerDatabaseError(__FUNCTION__, __LINE__);
} // END - if
} // END - if
-
- // Remove the link from global array
- unset($GLOBALS['ctracker_link']);
}
-// Inserts given array, if IP/check_worm combination was not found
+// Inserts given array, if IP/check_get combination was not found
function crackerTrackerInsertArray ($table, $rowData) {
// Is there a link up?
if (!isCrackerTrackerDatabaseLinkUp()) {
// Abort silently here
- return false;
+ return FALSE;
} // END - if
// Is it found?
if (!isCrackerTrackerEntryFound($rowData)) {
// Prepare SQL
- $SQL = 'INSERT INTO `' . $table . '` (`' . implode('`,`', array_keys($rowData)) . '`) VALUES(' . implode_secure($rowData) . ')';
+ $sqlString = 'INSERT INTO `' . $table . '` (`' . implode('`,`', array_keys($rowData)) . '`) VALUES(' . implode_secure($rowData) . ')';
// Reset insert id
- $GLOBALS['ctracker_last_insert_id'] = false;
+ $GLOBALS['ctracker_last_insert_id'] = FALSE;
// Run it
- runCrackerTrackerSql($SQL, __FUNCTION__, __LINE__);
+ runCrackerTrackerSql($sqlString, __FUNCTION__, __LINE__);
// Remember the last insert id
- $GLOBALS['ctracker_last_insert_id'] = mysql_insert_id($GLOBALS['ctracker_link']) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__);
+ $GLOBALS['ctracker_last_insert_id'] = mysqli_insert_id($GLOBALS['ctracker_link']) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__);
} else {
// Only update the entry
updateCrackerTrackerEntry($rowData);
}
// Updates a given entry by just counting it up
-function updateCrackerTrackerEntry ($rowData) {
+function updateCrackerTrackerEntry (array $rowData) {
// Construct the SELECT query
- $SQL = 'UPDATE `ctracker_data` SET `count`=`count`+1 WHERE `remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" AND `check_worm` = "' . crackerTrackerEscapeString($rowData['check_worm']) . '" LIMIT 1';
+ $sqlString = 'UPDATE `ctracker_data` SET `count`=`count`+1 WHERE (`remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" OR `proxy_addr`="' . crackerTrackerEscapeString($rowData['proxy_addr']) . '") AND `` = "' . crackerTrackerEscapeString($rowData['']) . '" LIMIT 1';
// Run the SQL and check if we have one line
- runCrackerTrackerSql($SQL, __FUNCTION__, __LINE__);
+ runCrackerTrackerSql($sqlString, __FUNCTION__, __LINE__);
}
-// Checks if an entry with IP/check_worm/domain combination is there
-function isCrackerTrackerEntryFound ($rowData) {
+// Checks if an entry with IP/check_get/domain combination is there
+function isCrackerTrackerEntryFound (array $rowData) {
// Construct the SELECT query
- $SQL = 'SELECT `id` FROM `ctracker_data` WHERE `remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" AND `check_worm` = "' . crackerTrackerEscapeString($rowData['check_worm']) . '" AND `server_name`="' . crackerTrackerEscapeString($rowData['server_name']) . '" LIMIT 1';
+ $sqlString = 'SELECT `id` FROM `ctracker_data` WHERE (`remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" OR `proxy_addr`="' . crackerTrackerEscapeString($rowData['proxy_addr']) . '") AND `check_get` = "' . crackerTrackerEscapeString($rowData['check_get']) . '" AND `server_name`="' . crackerTrackerEscapeString($rowData['server_name']) . '" LIMIT 1';
// Run the SQL and check if we have one line
- return ((isCrackerTrackerDatabaseLinkUp()) && (mysql_num_rows(runCrackerTrackerSql($SQL, __FUNCTION__, __LINE__)) == 1));
+ return ((isCrackerTrackerDatabaseLinkUp()) && (mysqli_num_rows(runCrackerTrackerSql($sqlString, __FUNCTION__, __LINE__)) == 1));
}
// Escapes the string
function crackerTrackerEscapeString ($string) {
// Is the link up?
if (!isCrackerTrackerDatabaseLinkUp()) {
- // Then we cant use mysql_real_escape_string!
+ // Then we cant use mysqli_real_escape_string!
$string = addslashes($string);
- } elseif (function_exists('mysql_real_escape_string')) {
- // Use mysql_real_escape_string()
- $string = mysql_real_escape_string($string, $GLOBALS['ctracker_link']);
- } elseif (function_exists('mysql_escape_string')) {
- // Use deprecated function
- $string = mysql_escape_string($string, $GLOBALS['ctracker_link']);
+ } elseif (function_exists('mysqli_real_escape_string')) {
+ // Use mysqli_real_escape_string()
+ $string = mysqli_real_escape_string($GLOBALS['ctracker_link'], $string);
} else {
// Use fall-back (bad!)
$string = addslashes($string);
} // END - if
// Runs an SQL query and checks for errors
-function runCrackerTrackerSql ($SQL, $F, $L) {
+function runCrackerTrackerSql ($sqlString, $function, $line) {
// Is the link up?
if (!isCrackerTrackerDatabaseLinkUp()) {
// Abort here
} // END - if
// Remember last SQL
- $GLOBALS['ctracker_last_sql'] = $SQL;
+ $GLOBALS['ctracker_last_sql'] = $sqlString;
// Run the query
- $GLOBALS['ctracker_last_result'] = mysql_query($SQL, $GLOBALS['ctracker_link']) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__);
+ $GLOBALS['ctracker_last_result'] = mysqli_query($GLOBALS['ctracker_link'], $sqlString) or crackerTrackerDatabaseError($function, $line);
// And return it
return $GLOBALS['ctracker_last_result'];
// Checks wether a table was found
function isCrackerTrackerTableCreated ($table) {
// Default is not found
- $found = false;
+ $found = FALSE;
// Run the query
$result = runCrackerTrackerSql('SHOW TABLES', __FUNCTION__, __LINE__);
// Is our table there?
- while (list($tab) = mysql_fetch_row($result)) {
+ while (list($tab) = mysqli_fetch_row($result)) {
+ // Debug message
+ //* NOISY-DEBUG: */ error_log('tab=' . $tab);
+
// Is the table there?
if ($tab == $table) {
// Okay, found. So abort
- $found = true;
+ $found = TRUE;
break;
} // END - if
} // END - if
// Free result
- mysql_free_result($result) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__);
+ freeCrackerTrackerResult($result);
// Return result
return $found;
// Creates the given table with columns
function crackerTrackerCreateTable ($table, array $columns, array $keys) {
// Begin the SQL
- $SQL = 'CREATE TABLE IF NOT EXISTS `' . $table . '` (';
+ $sqlString = 'CREATE TABLE IF NOT EXISTS `' . $table . '` (';
// Add table name as first column
- $SQL .= '`' . $table . '` BIGINT ( 20 ) UNSIGNED NOT NULL AUTO_INCREMENT, ';
+ $sqlString .= '`' . $table . '` BIGINT ( 20 ) UNSIGNED NOT NULL AUTO_INCREMENT, ';
// Add all columns
foreach ($columns as $column=>$type) {
// Add this entry
- $SQL .= '`' . $column . '` ' . $type . ', ';
+ $sqlString .= '`' . $column . '` ' . $type . ', ';
} // END - foreach
// Add table name as primary key
- $SQL .= 'PRIMARY KEY (`' . $table . '`), ';
+ $sqlString .= 'PRIMARY KEY (`' . $table . '`), ';
// Add keys
foreach ($keys as $key=>$type) {
// Add this entry
- $SQL .= '' . $type . ' (`' . $key . '`), ';
+ $sqlString .= '' . $type . ' (`' . $key . '`), ';
} // END - foreach
// Finish SQL
- $SQL = substr($SQL, 0, -2) . ') TYPE=InnoDB';
+ $sqlString = substr($sqlString, 0, -2) . ') TYPE=InnoDB';
// And run it
- runCrackerTrackerSql($SQL);
+ runCrackerTrackerSql($sqlString);
}
// Inits a table by inserting
$result = runCrackerTrackerSql('SELECT * FROM `ctracker_config` WHERE `ctracker_config`=1 LIMIT 1', __FUNCTION__, __LINE__);
// And get it
- $GLOBALS['ctracker_config'] = mysql_fetch_array($result);
+ $GLOBALS['ctracker_config'] = mysqli_fetch_array($result);
// Free result
- mysql_free_result($result) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__);
+ freeCrackerTrackerResult($result);
}
// Getter for config
// Did the current IP already generated blocked attempts?
function isCrackerTrackerIpSuspicious () {
- // We only need the very last attempt to get!
- $result = runCrackerTrackerSql("SELECT * FROM `ctracker_data` WHERE `remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' ORDER BY `last_attempt` DESC LIMIT 1", __FUNCTION__, __LINE__);
+ // Skip this silently if we have not config
+ if (!isCrackerTrackerDatabaseLinkUp()) {
+ // Skip this step silently, all is not suspicious
+ return FALSE;
+ } // END - if
- // Do we have entries?
- $found = (mysql_num_rows($result) == 1);
+ // Check if an entry is there
+ $result = runCrackerTrackerSql("SELECT COUNT(`id`) AS `cnt` FROM `ctracker_data` USE INDEX (`remote_proxy_last`) WHERE `remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' OR `proxy_addr`='" . getenv('REMOTE_ADDR') . "' LIMIT 1", __FUNCTION__, __LINE__);
+
+ // Get row count
+ list($rows) = mysqli_fetch_row($result);
+
+ // Is there one entry?
+ $found = ($rows > 0);
// And again?
- if ($found === true) {
+ if ($found === TRUE) {
+ // Yes, one is found, then load it
+ $result = runCrackerTrackerSql("SELECT SQL_SMALL_RESULT * FROM `ctracker_data` USE INDEX (`remote_proxy_last`) WHERE `remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' OR `proxy_addr`='" . getenv('REMOTE_ADDR') . "' ORDER BY `last_attempt` DESC LIMIT 1", __FUNCTION__, __LINE__);
+
// Cache the entry
- $GLOBALS['ctracker_last_suspicious_entry'] = mysql_fetch_array($result);
+ $GLOBALS['ctracker_last_suspicious_entry'] = mysqli_fetch_array($result);
} // END - if
// Free result
- mysql_free_result($result) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__);
+ freeCrackerTrackerResult($result);
// Return the result
return $found;
// Does the current IP have a ticket?
function ifCrackerTrackerIpHasTicket () {
// We only give one ticket per IP!
- $result = runCrackerTrackerSql("SELECT * FROM `ctracker_ticket` WHERE `ctracker_ticket_remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' LIMIT 1", __FUNCTION__, __LINE__);
+ $result = runCrackerTrackerSql("SELECT * FROM `ctracker_ticket` WHERE `ctracker_ticket_remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' OR `ctracker_ticket_proxy_addr`='" . getenv('REMOTE_ADDR') . "' LIMIT 1", __FUNCTION__, __LINE__);
// Do we have a ticket?
- $found = (mysql_num_rows($result) == 1);
+ $found = (mysqli_num_rows($result) == 1);
// And again?
- if ($found === true) {
+ if ($found === TRUE) {
// Cache the ticket data
- $GLOBALS['ctracker_last_ticket'] = mysql_fetch_array($result);
+ $GLOBALS['ctracker_last_ticket'] = mysqli_fetch_array($result);
} // END - if
// Free result
- mysql_free_result($result) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__);
+ freeCrackerTrackerResult($result);
// Return the result
return $found;
// Adds a ticket based on given (mostly $_POST) data
function addCrackerTrackerTicket (array $data) {
// Prepare the array
- $GLOBALS['ctracker_last_ticket'] = array(
+ $GLOBALS['ctracker_last_ticket'] = [
'ctracker_ticket_remote_addr' => determineCrackerTrackerRealRemoteAddress(),
+ 'ctracker_ticket_proxy_addr' => getenv('REMOTE_ADDR'),
'ctracker_ticket_user_agent' => crackerTrackerUserAgent(),
'ctracker_ticket_name' => crackerTrackerSecureString($data['name']),
'ctracker_ticket_email' => crackerTrackerSecureString($data['email']),
'ctracker_ticket_comment' => crackerTrackerSecureString($data['comment'])
- );
+ ];
// Insert it
crackerTrackerInsertArray('ctracker_ticket', $GLOBALS['ctracker_last_ticket']);
// Is there an entry?
if ((isset($GLOBALS['ctracker_last_insert_id'])) && ($GLOBALS['ctracker_last_insert_id'] > 0)) {
// All fine, so prepare the link between ticket<->data
- $data = array(
+ $data = [
'ctracker_ticket_id' => $GLOBALS['ctracker_last_insert_id'],
'ctracker_data_id' => $GLOBALS['ctracker_last_suspicious_entry']['id']
- );
+ ];
// And insert it as well
crackerTrackerInsertArray('ctracker_ticket_data', $data);
}
}
-// [EOF]
-?>
+// Frees given result instance
+function freeCrackerTrackerResult (mysqli_result $result) {
+ // Free result
+ $result->free();
+}