X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fdb%2Flib-mysql3.php;h=61aaa980cd7a7498ee0e30e7c1f8abb78fca6a4a;hb=7770a9545292d628afd2be4f58f86da5c9139619;hp=2f75170617703453414e1df7de6a24971acdd448;hpb=8a9324b2d931f54f54f4319fd7234910af77012c;p=mailer.git

diff --git a/inc/db/lib-mysql3.php b/inc/db/lib-mysql3.php
index 2f75170617..fd86300e36 100644
--- a/inc/db/lib-mysql3.php
+++ b/inc/db/lib-mysql3.php
@@ -1,19 +1,23 @@
 <?php
 /************************************************************************
- * MXChange v0.2.1                                    Start: 08/29/2004 *
- * ===============                              Last change: 08/29/2004 *
+ * Mailer v0.2.1-FINAL                                Start: 08/29/2004 *
+ * ===================                          Last change: 08/29/2004 *
  *                                                                      *
  * -------------------------------------------------------------------- *
- * File              : lib.php                                          *
+ * File              : lib-mysql3.php                                   *
  * -------------------------------------------------------------------- *
- * Short description :                                                  *
+ * Short description : Database layer for MySQL 3/4/5 server            *
  * -------------------------------------------------------------------- *
- * Kurzbeschreibung  :                                                  *
+ * Kurzbeschreibung  : Datenbankschicht fuer MySQL 3/4/5 Server         *
  * -------------------------------------------------------------------- *
- *                                                                      *
+ * $Revision::                                                        $ *
+ * $Date::                                                            $ *
+ * $Tag:: 0.2.1-FINAL                                                 $ *
+ * $Author::                                                          $ *
  * -------------------------------------------------------------------- *
- * Copyright (c) 2003 - 2008 by Roland Haeder                           *
- * For more information visit: http://www.mxchange.org                  *
+ * Copyright (c) 2003 - 2009 by Roland Haeder                           *
+ * Copyright (c) 2009 - 2013 by Mailer Developer Team                   *
+ * For more information visit: http://mxchange.org                      *
  *                                                                      *
  * This program is free software; you can redistribute it and/or modify *
  * it under the terms of the GNU General Public License as published by *
@@ -32,244 +36,364 @@
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
-	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
-	require($INC);
-}
+if (!defined('__SECURITY')) {
+	die();
+} // END - if
 
 // SQL queries
-function SQL_QUERY($sql_string, $F, $L)
-{
-	global $link, $CSS, $CONFIG, $OK;
+function sqlQuery ($sqlString, $file, $line, $enableCodes = TRUE) {
+	// Is there cache?
+	if (!isset($GLOBALS[__FUNCTION__][$sqlString])) {
+		//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Called: ' . $sqlString);
 
-	// Run SQL command
-	$result = @mysql_query($sql_string, $link)
-	 or ADD_FATAL($F." (".$L."):".mysql_error()."<br />
-".MYSQL_QUERY_STRING."<br />
-".$sql_string);
-
-	if (($CSS != "1") && ($CSS != "-1") && (DEBUG_MODE) && (DEBUG_SQL))
-	{
-		//
-		// Debugging stuff...
-		//
-		$fp = @fopen(PATH."debug.log", 'a') or mxchange_die("Cannot write debug.log!");
-		if (!isset($OK)) {
-			// Write first entry
-			fwrite($fp, "Module=".$GLOBALS['module']."\n");
-			$OK = true;
+		// Trim SQL string
+		$sqlStringModified = trim($sqlString);
+
+		// Empty query string or link is not up?
+		if (empty($sqlStringModified)) {
+			// Empty SQL string!
+			reportBug(__FUNCTION__, __LINE__, sprintf('SQL string is empty, please fix this: file=%s, line=%s',
+				basename($file),
+				$line
+			));
+		} elseif (!isSqlLinkUp()) {
+			// We should not quietly ignore this
+			reportBug(__FUNCTION__, __LINE__, sprintf('Cannot query database: sqlString=%s,file=%s,line=%s',
+				$sqlStringModified,
+				basename($file),
+				$line
+			));
 		}
-		fwrite($fp, $F."(LINE=".$L."|NUM=".SQL_NUMROWS($result)."|AFFECTED=".SQL_AFFECTEDROWS()."): ".str_replace('\r', '', str_replace('\n', " ", $sql_string))."\n");
-		fclose($fp);
-	}
 
-	// Count DB hits
-	if (!isset($CONFIG['db_hits']))
-	{
-		// Count in dummy variable
-		$CONFIG['db_hits'] = 0;
-	}
-	 else
-	{
-		// Count to config array
-		$CONFIG['db_hits']++;
+		// Remove \t, \n and \r from queries they may confuse some MySQL versions
+		$sqlStringModified = str_replace(array(chr(9), PHP_EOL, chr(13)), array(' ', ' ', ' '), $sqlStringModified);
+
+		// Compile config entries out
+		$sqlStringModified = sqlPrepareQueryString($sqlStringModified, $enableCodes);
+
+		// Cache it and remember as last SQL query
+		$GLOBALS[__FUNCTION__][$sqlString] = $sqlStringModified;
+		$GLOBALS['last_sql']               = $sqlStringModified;
+		//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Stored cache: ' . $sqlStringModified);
+	} elseif (!isSqlLinkUp()) {
+		// Link went down while using cached SQL
+		reportBug(__FUNCTION__, __LINE__, 'Link went down while using cached SQL: sqlString=' . $sqlString . ',file=' . basename($file) . ',line=' . $line . ',enableCodes=' . intval($enableCodes));
+	} else {
+		//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Cache used: ' . $sqlString);
+
+		// Use cache (to save a lot function calls
+		$GLOBALS['last_sql'] = $GLOBALS[__FUNCTION__][$sqlString];
+
+		//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Cache is: ' . $sqlString);
 	}
+
+	// Starting time
+	$querytimeBefore = microtime(TRUE);
+
+	// Run SQL command
+	//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'file=' . basename($file) . ',line=' . $line . ',sql=' . $GLOBALS['last_sql']);
+	$result = mysql_query($GLOBALS['last_sql'], getSqlLink())
+		or sqlError($file, $line, 'file='. basename($file) . ',line=' . $line . ':mysql_error()=' . mysql_error() . ',last_query=' . $GLOBALS['last_sql']);
+	//* DEBUG: */ logDebugMessage($file, $line, 'sql=' . $GLOBALS['last_sql'] . ',affected=' . sqlAffectedRows() . ',numRows='.(isValidSqlLink($result) ? sqlNumRows($result) : gettype($result)));
+
+	// Calculate query time
+	$queryTime = microtime(TRUE) - $querytimeBefore;
+
+	// Add this query to array including timing
+	addSqlToDebug($result, $GLOBALS['last_sql'], $queryTime, $file, $line);
+
+	// Save last successfull query
+	setConfigEntry('db_last_query', $GLOBALS['last_sql']);
+
+	// Count all query times
+	incrementConfigEntry('sql_time', $queryTime);
+
+	// Count this query
+	incrementConfigEntry('sql_count');
+
+	// Debug output
+	if (isSqlDebugEnabled()) {
+		// Is this the first call?
+		if (!isset($GLOBALS['sql_first_entry'])) {
+			// Write first entry
+			appendLineToFile(getCachePath() . 'mysql.log', 'Module=' . getModule());
+			$GLOBALS['sql_first_entry'] = TRUE;
+		} // END - if
+
+		// Append debug line
+		appendLineToFile(getCachePath() . 'mysql.log', basename($file) . '|LINE=' . $line . '|NUM=' . (isValidSqlLink($result) ? sqlNumRows($result) : 'false') . '|AFFECTED=' . sqlAffectedRows() . '|QUERYTIME:' . ($queryTime * 1000) . 'ms): ' . str_replace(array(chr(13), PHP_EOL), array('', ' '), $GLOBALS['last_sql']));
+	} // END - if
+
+	// Increment stats entry
+	incrementStatsEntry('db_hits');
+
+	// Return the result
 	return $result;
 }
 
 // SQL num rows
-function SQL_NUMROWS($result)
-{
-	if ($result != false)
-	{
-		$lines = @mysql_num_rows($result);
-		if (empty($lines)) $lines = "0";
+function sqlNumRows ($resource) {
+	// Valid link resource?
+	if (!isSqlLinkUp()) return FALSE;
 
+	// Link is not up, no rows by default
+	$lines = FALSE;
+
+	// Is the result a valid resource?
+	if (isset($GLOBALS['sql_numrows'][intval($resource)])) {
+		// Use cache
+		$lines = $GLOBALS['sql_numrows'][intval($resource)];
+	} elseif (isValidSqlLink($resource)) {
+		// Get the count of rows from database
+		$lines = mysql_num_rows($resource);
+
+		// Remember it in cache
+		$GLOBALS['sql_numrows'][intval($resource)] = $lines;
+	} else {
+		// No resource given, please fix this
+		reportBug(__FUNCTION__, __LINE__, 'No resource given! result[]=' . gettype($resource) . ',last_sql=' .  $GLOBALS['last_sql']);
 	}
-	 else
-	{
-		// No resource given, no lines found!
-		$lines = "0";
-	}
+
+	// Return lines
 	return $lines;
 }
 
 // SQL affected rows
-function SQL_AFFECTEDROWS($lnk="x", $F="dummy", $L="dummy")
-{
-	global $link;
-	// $lnk will be ignored for now!
-	$lines = @mysql_affected_rows($link);
+function sqlAffectedRows () {
+	// Valid link resource?
+	if (!isSqlLinkUp()) return FALSE;
+
+	// Get affected rows
+	$lines = mysql_affected_rows(getSqlLink());
+
+	// Return it
 	return $lines;
 }
 
 // SQL fetch row
-function SQL_FETCHROW($result)
-{
-	$DATA = array();
-	$DATA = @mysql_fetch_row($result);
-	return $DATA;
+function sqlFetchRow ($resource) {
+	// Is $resource valid?
+	if ((!isValidSqlLink($resource)) || (!isSqlLinkUp())) return FALSE;
+
+	// Fetch the data and return it
+	return mysql_fetch_row($resource);
 }
 
 // SQL fetch array
-function SQL_FETCHARRAY($res=false, $nr=0, $remove_numerical=true)
-{
-	// Is a result resource set?
-	if (!$res) return false;
-
-	// Initialize array
-	$row = array();
+function sqlFetchArray ($resource) {
+	// Is $resource valid?
+	if ((!isValidSqlLink($resource)) || (!isSqlLinkUp())) return FALSE;
 
-	// Load row from database
-	$row = @mysql_fetch_array($res);
+	// Load row as array from database
+	$row = mysql_fetch_assoc($resource);
 
 	// Return only arrays here
-	if (is_array($row))
-	{
-		// Shall we remove numerical data here automatically?
-		if ($remove_numerical)
-		{
-		   	// So let's remove all numerical elements to save memory!
-			$max = count($row);
-			for ($idx = 0; $idx < ($max / 2); $idx++)
-			{
-				// Remove entry
-				unset($row[$idx]);
-			}
-		}
-
+	if (is_array($row)) {
 		// Return row
 		return $row;
-	}
-	 else
-	{
-		// Return a false here...
-		return false;
+	} else {
+		// Return a false, else some loops would go endless...
+		return FALSE;
 	}
 }
 
 // SQL result
-function SQL_RESULT($res, $row, $field)
-{
-	$result = @mysql_result($res, $row, $field);
+function sqlResult ($resource, $row, $field = '0') {
+	// Is $resource valid?
+	if ((!isValidSqlLink($resource)) || (!isSqlLinkUp())) return FALSE;
+
+	// Run the result command
+	$result = mysql_result($resource, $row, $field);
+
+	// ... and return the result
 	return $result;
 }
+
 // SQL connect
-function SQL_CONNECT($host, $login, $password, $F, $L)
-{
-	$connect = @mysql_connect($host, $login, $password) or ADD_FATAL($F." (".$L."):".mysql_error());
-	return $connect;
+function sqlConnectToDatabase ($host, $login, $password, $file, $line) {
+	// Try to connect
+	$linkResource = mysql_connect($host, $login, $password) or sqlError($file, $line,  mysql_error());
+
+	// Set the link resource
+	if (isValidSqlLink($linkResource)) {
+		/*
+		 * A non-resource (boolean) may happen on installation phase which
+		 * shall not be set here. Only valid link resources shall be set so
+		 * isSqlLinkUp() will only return 'true' if there is really a
+		 * working database link.
+		 */
+		setSqlLink($file . ':' . __FUNCTION__, $line . ':' . __LINE__, $linkResource);
+
+		// Init charsets (UTF-8 is default now)
+		sqlQuery("SET
+	`character_set_results`='utf8',
+	`character_set_client`='utf8',
+	`character_set_connection`='utf8',
+	`character_set_database`='utf8',
+	`character_set_server`='utf8'", $file . ':' . __FUNCTION__, $line . ':' . __LINE__);
+
+		// Disallow subtraction for unsigned columns
+		sqlQuery("SET `sql_mode`='NO_UNSIGNED_SUBTRACTION'", $file . ':' . __FUNCTION__, $line . ':' . __LINE__);
+	} // END - if
+
+	// Return the resource
+	//* DEBUG: */ logDebugMessage($file . ':' . __FUNCTION__, $line . ':' . __LINE__, 'linkResource[]=' . gettype($linkResource));
+	return $linkResource;
 }
+
 // SQL select database
-function SQL_SELECT_DB($DB, $link, $F, $L)
-{
-	$DB = @mysql_select_db($DB, $link) or ADD_FATAL($F." (".$L."):".mysql_error());
-	return $DB;
+function sqlSelectDatabase ($dbName, $file, $line) {
+	// Is there still a valid link? If not, skip it.
+	if (!isSqlLinkUp()) return FALSE;
+
+	// Return the result
+	//* DEBUG: */ logDebugMessage($file . ':' . __FUNCTION__, $line . ':' . __LINE__, 'Selecting database ' . $dbName);
+	return mysql_select_db($dbName, getSqlLink()) or sqlError($file, $line,  mysql_error());
 }
+
 // SQL close link
-function SQL_CLOSE($link, $F, $L)
-{
-	global $CONFIG, $CACHE, $CFG_CACHE;
-	if ((GET_EXT_VERSION("cache") >= "0.0.7") && (isset($CONFIG['db_hits'])) && (isset($CONFIG['cache_hits'])) && (is_object($CACHE)))
-	{
-		// Update counter for db/cache
-		$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET db_hits=%d, cache_hits=%d WHERE config='0' LIMIT 1",
-			array(bigintval($CONFIG['db_hits']), bigintval($CONFIG['cache_hits'])), __FILE__, __LINE__);
-
-		// Update cache here
-		if (GET_EXT_VERSION("cache") >= "0.1.2")
-		{
-			if ($CACHE->cache_file("config", true))
-			{
-				// Replace data
-				$CACHE->cache_replace("cache_hits", $CONFIG['cache_hits'], "0", $CFG_CACHE);
-				$CACHE->cache_replace("db_hits"   , $CONFIG['db_hits']   , "0", $CFG_CACHE);
-			}
-		}
-	}
+function sqlCloseLink ($file, $line) {
+	// Is the link up?
+	if (!isSqlLinkUp()) {
+		// Skip double close
+		//* DEBUG: */ logDebugMessage($file . ':' . __FUNCTION__, $line . ':' . __LINE__, 'Called but no link is open.');
+		return FALSE;
+	} // END - if
+
+	// Close database link and forget the link
+	$close = mysql_close(getSqlLink()) or sqlError($file . ':' . __FUNCTION__, $line . ':' . __LINE__, mysql_error());
 
-	// Close database link
-	$close = @mysql_close($link) or ADD_FATAL($F." (".$L."):".mysql_error());
+	// Close link in this layer
+	unsetSqlLinkUp(__FUNCTION__, __LINE__);
+
+	// Return the result
+	//* DEBUG: */ logDebugMessage($file . ':' . __FUNCTION__, $line . ':' . __LINE__, 'close[' . gettype($close) . ']=' . intval($close));
 	return $close;
 }
+
 // SQL free result
-function SQL_FREERESULT($result)
-{
-	$res = @mysql_free_result($result);
+function sqlFreeResult ($resource) {
+	if ((!isValidSqlLink($resource)) || (!isSqlLinkUp())) {
+		// Abort here
+		return FALSE;
+	} // END - if
+
+	// Free result
+	$res = mysql_free_result($resource);
+
+	// And return that result of freeing it...
 	return $res;
 }
-// SQL string escaping
-function SQL_QUERY_ESC($qstring, $data, $file, $line, $run=true, $strip=true)
-{
-	global $link;
-	$eval = "\$query = sprintf(\"".$qstring."\"";
-	foreach ($data as $var)
-	{
-		if (!empty($var))
-		{
-			if ($strip) {
-				$eval .= ", SQL_ESCAPE(\"".strip_tags($var)."\")";
-			} else {
-				$eval .= ", SQL_ESCAPE(\"".$var."\")";
-			}
-		}
-		 else
-		{
-			$eval .= ", ''";
-		}
-	}
-	$eval .= ");";
-	//
-	// Debugging
-	//
-	//$fp = fopen(PATH."escape_debug.log", 'a') or mxchange_die("Cannot write debug.log!");
-	//fwrite($fp, $file."(".$line."): ".str_replace('\r', '', str_replace('\n', " ", $eval))."\n");
-	//fclose($fp);
-	eval($eval);
-	if ($run)
-	{
-		// Run SQL query (default)
-		return SQL_QUERY($query, $file, $line);
-	}
-	 else
-	{
-		// Return secured string
-		return $query;
-	}
-}
-// Get ID from last INSERT command
-function SQL_INSERTID()
-{
-	return @mysql_insert_id();
+
+// Get id from last INSERT command and secure id
+function getSqlInsertId () {
+	if (!isSqlLinkUp()) return FALSE;
+	return bigintval(mysql_insert_id());
 }
+
 // Escape a string for the database
-function SQL_ESCAPE($str)
-{
-	global $link;
-	if (!is_resource($link)) {
-		// Fall-back to addslashes() when there is no link
-		return addslashes($str);
-	}
+function sqlEscapeString ($str, $secureString = TRUE, $strip = TRUE) {
+	// Is there cache?
+	if (!isset($GLOBALS['sql_escapes']['' . $str . ''])) {
+		// Debug message
+		//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ' - BEFORE!');
+
+		// Prepare the string here
+		$str = sqlPrepareQueryString($str);
+
+		// Debug message
+		//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ' - AFTER!');
+
+		// Secure string first? (which is the default behaviour!)
+		if ($secureString === TRUE) {
+			// Debug message
+			//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ',strip=' . intval($strip) . ' - BEFORE!');
+
+			// Then do it here
+			$str = secureString($str, $strip);
+
+			// Debug message
+			//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ',strip=' . intval($strip) . ' - AFTER!');
+		} // END - if
+
+		// Init (invalid) value
+		$ret = '!INVALID!';
+
+		if (!isSqlLinkUp()) {
+			// Fall-back to escapeQuotes() when there is no link
+			$ret = escapeQuotes($str);
+		} elseif (function_exists('mysql_real_escape_string')) {
+			// Debug message
+			//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str);
+
+			// The new and improved version
+			$ret = mysql_real_escape_string($str, getSqlLink());
+
+			// Debug message
+			//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ',ret=' . $ret);
+		} elseif (function_exists('mysql_escape_string')) {
+			// The obsolete function
+			$ret = mysql_escape_string($str, getSqlLink());
+		} else {
+			// If nothing else works, fall back to escapeQuotes() again
+			$ret = escapeQuotes($str);
+		}
 
-	if (function_exists('mysql_real_escape_string')) {
-		// The new and improved version
-		return mysql_real_escape_string($str, $link);
-	} elseif (function_exists('mysql_escape_string')) {
-		// The obsulete function
-		return mysql_escape_string($str, $link);
+		// Log message
+		//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ',ret=' . $ret);
+
+		// Cache result
+		$GLOBALS['sql_escapes']['' . $str . ''] = $ret;
+	} // END - if
+
+	// Log message
+	//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ',sql_escapes=' . $GLOBALS['sql_escapes']['' . $str . '']);
+
+	// Return it
+	return $GLOBALS['sql_escapes']['' . $str . ''];
+}
+
+// Log SQL errors to debug.log in installation phase or call reportBug()
+function sqlError ($file, $line, $message) {
+	// Remember plain error in last_sql_error
+	$GLOBALS['last_sql_error'] = mysql_error();
+
+	// Is login set?
+	if (!empty($GLOBALS['mysql']['login'])) {
+		// Secure login name in message
+		$message = str_replace($GLOBALS['mysql']['login'], '***', $message);
+	} // END - if
+
+	// Is database password set?
+	if (!empty($GLOBALS['mysql']['password'])) {
+		// Secure password in message
+		$message = str_replace($GLOBALS['mysql']['password'], '***', $message);
+	} // END - if
+
+	// Is database name set?
+	if (!empty($GLOBALS['mysql']['dbase'])) {
+		// Secure database name in message
+		$message = str_replace($GLOBALS['mysql']['dbase'], '***', $message);
+	} // END - if
+
+	// Is there installation phase?
+	if (isInstaller()) {
+		/*
+		 * In installation phase, we don't want SQL errors abort e.g. connection
+		 * tests, so just log it away.
+		 */
+		logDebugMessage($file, $line, $message);
 	} else {
-		// If nothing else works
-		return addslashes($str);
+		// Regular mode, then call reportBug()
+		reportBug($file, $line, $message);
 	}
 }
-// SELECT query string from table, columns and so on... ;-)
-function SQL_RESULT_FROM_ARRAY ($table, $columns, $idRow, $id) {
-	// Prepare the SQL statement
-	$SQL = "SELECT ".implode(", ", $columns)." FROM "._MYSQL_PREFIX."_".$table." WHERE ".$idRow."=%d LIMIT 1";
 
-	// Return the result
-	return SQL_QUERY_ESC($SQL, array(bigintval($id)), __FILE__, __LINE__);
+// Checks whether given link is a valid SQL link
+function isValidSqlLink ($linkResource) {
+	// Is it a resource?
+	return is_resource($linkResource);
 }
-//
+
+// [EOF]
 ?>