X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=libs%2Flib_connect.php;h=952445486d1b0429e97be130b96ddeb6c5e00daf;hb=3f5cd5b92d3ea339f3d099c3fa8e65b0bc0f1533;hp=800b07eb6b497c8e23192276ec37e0a2c1151bef;hpb=378878d64bce3f2bf0c32a7b47d5a6406d46b81a;p=ctracker.git diff --git a/libs/lib_connect.php b/libs/lib_connect.php index 800b07e..9524454 100644 --- a/libs/lib_connect.php +++ b/libs/lib_connect.php @@ -2,11 +2,11 @@ /** * Database connection library * - * @author Roland Haeder + * @author Roland Haeder * @version 3.0.0 - * @copyright Copyright (c) 2009 Cracker Tracker Team + * @copyright Copyright (c) 2009 - 2017 Cracker Tracker Team * @license GNU GPL 3.0 or any newer version - * @link http://www.ship-simu.org + * @link http://www.shipsimu.org * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -25,21 +25,44 @@ // Function to aquire a database link function aquireCrackerTrackerDatabaseLink () { // Is the link up? - if (!isCrackerTrackerDatabaseLinkUp()) { + if ((!isCrackerTrackerDatabaseLinkUp()) && (!empty($GLOBALS['ctracker_host'])) && (!empty($GLOBALS['ctracker_dbname'])) && (!empty($GLOBALS['ctracker_user']))) { // Then connect to the database - $GLOBALS['ctracker_link'] = mysql_connect($GLOBALS['ctracker_host'], $GLOBALS['ctracker_user'], $GLOBALS['ctracker_password']) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); + $GLOBALS['ctracker_link'] = mysqli_connect($GLOBALS['ctracker_host'], $GLOBALS['ctracker_user'], $GLOBALS['ctracker_password'], $GLOBALS['ctracker_dbname']) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); - // Select the database - if (!mysql_select_db($GLOBALS['ctracker_dbname'], $GLOBALS['ctracker_link'])) { - // Attempt has failed + // Check on connection and config table + if (!isCrackerTrackerDatabaseLinkUp()) { + // Connect didn't work crackerTrackerDatabaseError(__FUNCTION__, __LINE__); + } elseif (isCrackerTrackerTableCreated('ctracker_config')) { + // Load the config + crackerTrackerLoadConfig(); } // END - if - } // END - if + } else { + // Init fake config + crackerTrackerInitFakeConfig(); + } +} + +// Inits a fake configurtation +function crackerTrackerInitFakeConfig () { + // Set the array + $GLOBALS['ctracker_config'] = [ + 'ctracker_alert_user' => 'Y', + ]; } // Checks if the link is up function isCrackerTrackerDatabaseLinkUp () { - return ((isset($GLOBALS['ctracker_link'])) && (is_resource($GLOBALS['ctracker_link']))); + // Is the instance at least set? + if (isset($GLOBALS['ctracker_link'])) { + // Debug message + //* DEBUG: */ error_log('isset='.intval(isset($GLOBALS['ctracker_link'])) . ',is_object=' . intval(is_object($GLOBALS['ctracker_link'])) . ',mysqli_connect_errno=' . mysqli_connect_errno()); + } else { + // Not set! + //* DEBUG: */ error_log('ctracker_link not set.'); + } + + return ((isset($GLOBALS['ctracker_link'])) && (is_object($GLOBALS['ctracker_link'])) && (mysqli_connect_errno() == 0)); } // Database error detected @@ -49,7 +72,11 @@ function crackerTrackerDatabaseError ($F, $L) { // Output error print 'Function : ' . $F . '
'; print 'Line : ' . $L . '
'; - print 'MySQL error : ' . mysql_error() . '
'; + if (isset($GLOBALS['ctracker_link'])) { + print 'MySQL error : ' . mysqli_error($GLOBALS['ctracker_link']) . '
'; + } else { + print 'No MySQLi available.
'; + } print 'Last SQL : '. $GLOBALS['ctracker_last_sql'] . '
'; } // END - if @@ -62,32 +89,34 @@ function crackerTrackerCloseDatabaseLink () { // Is the link up? if (isCrackerTrackerDatabaseLinkUp()) { // Did it work? - if (!mysql_close($GLOBALS['ctracker_link'])) { - // Remove the link from global array - unset($GLOBALS['ctracker_link']); - + if (!mysqli_close($GLOBALS['ctracker_link'])) { // Attempt has failed crackerTrackerDatabaseError(__FUNCTION__, __LINE__); } // END - if } // END - if - - // Remove the link from global array - unset($GLOBALS['ctracker_link']); } -// Inserts given array, if IP/check_worm combination was not found -function crackerTrackerInsertArray ($rowData) { +// Inserts given array, if IP/check_get combination was not found +function crackerTrackerInsertArray ($table, $rowData) { + // Is there a link up? + if (!isCrackerTrackerDatabaseLinkUp()) { + // Abort silently here + return FALSE; + } // END - if + // Is it found? if (!isCrackerTrackerEntryFound($rowData)) { - // Insert first attempt stamp - $rowData['first_attempt'] = 'NOW()'; - $rowData['count'] = '1'; - // Prepare SQL - $SQL = 'INSERT INTO `ctracker_data` (`' . implode('`,`', array_keys($rowData)) . '`) VALUES(' . implode_secure($rowData) . ')'; + $sqlString = 'INSERT INTO `' . $table . '` (`' . implode('`,`', array_keys($rowData)) . '`) VALUES(' . implode_secure($rowData) . ')'; + + // Reset insert id + $GLOBALS['ctracker_last_insert_id'] = FALSE; // Run it - runCrackerTrackerSql($SQL, __FUNCTION__, __LINE__); + runCrackerTrackerSql($sqlString, __FUNCTION__, __LINE__); + + // Remember the last insert id + $GLOBALS['ctracker_last_insert_id'] = mysqli_insert_id($GLOBALS['ctracker_link']) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); } else { // Only update the entry updateCrackerTrackerEntry($rowData); @@ -95,35 +124,32 @@ function crackerTrackerInsertArray ($rowData) { } // Updates a given entry by just counting it up -function updateCrackerTrackerEntry ($rowData) { +function updateCrackerTrackerEntry (array $rowData) { // Construct the SELECT query - $SQL = 'UPDATE `ctracker_data` SET `count`=`count`+1 WHERE `remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" AND `check_worm` = "' . crackerTrackerEscapeString($rowData['check_worm']) . '" LIMIT 1'; + $sqlString = 'UPDATE `ctracker_data` SET `count`=`count`+1 WHERE (`remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" OR `proxy_addr`="' . crackerTrackerEscapeString($rowData['proxy_addr']) . '") AND `` = "' . crackerTrackerEscapeString($rowData['']) . '" LIMIT 1'; // Run the SQL and check if we have one line - runCrackerTrackerSql($SQL, __FUNCTION__, __LINE__); + runCrackerTrackerSql($sqlString, __FUNCTION__, __LINE__); } -// Checks if an entry with IP/check_worm combination is there -function isCrackerTrackerEntryFound ($rowData) { +// Checks if an entry with IP/check_get/domain combination is there +function isCrackerTrackerEntryFound (array $rowData) { // Construct the SELECT query - $SQL = 'SELECT `id` FROM `ctracker_data` WHERE `remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" AND `check_worm` = "' . crackerTrackerEscapeString($rowData['check_worm']) . '" LIMIT 1'; + $sqlString = 'SELECT `id` FROM `ctracker_data` WHERE (`remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" OR `proxy_addr`="' . crackerTrackerEscapeString($rowData['proxy_addr']) . '") AND `check_get` = "' . crackerTrackerEscapeString($rowData['check_get']) . '" AND `server_name`="' . crackerTrackerEscapeString($rowData['server_name']) . '" LIMIT 1'; // Run the SQL and check if we have one line - return (mysql_num_rows(runCrackerTrackerSql($SQL, __FUNCTION__, __LINE__)) == 1); + return ((isCrackerTrackerDatabaseLinkUp()) && (mysqli_num_rows(runCrackerTrackerSql($sqlString, __FUNCTION__, __LINE__)) == 1)); } // Escapes the string function crackerTrackerEscapeString ($string) { // Is the link up? if (!isCrackerTrackerDatabaseLinkUp()) { - // Then we cant use mysql_real_escape_string! + // Then we cant use mysqli_real_escape_string! $string = addslashes($string); - } elseif (function_exists('mysql_real_escape_string')) { - // Use mysql_real_escape_string() - $string = mysql_real_escape_string($string, $GLOBALS['ctracker_link']); - } elseif (function_exists('mysql_escape_string')) { - // Use deprecated function - $string = mysql_escape_string($string, $GLOBALS['ctracker_link']); + } elseif (function_exists('mysqli_real_escape_string')) { + // Use mysqli_real_escape_string() + $string = mysqli_real_escape_string($GLOBALS['ctracker_link'], $string); } else { // Use fall-back (bad!) $string = addslashes($string); @@ -134,7 +160,7 @@ function crackerTrackerEscapeString ($string) { } // END - if // Runs an SQL query and checks for errors -function runCrackerTrackerSql ($SQL, $F, $L) { +function runCrackerTrackerSql ($sqlString, $function, $line) { // Is the link up? if (!isCrackerTrackerDatabaseLinkUp()) { // Abort here @@ -142,14 +168,250 @@ function runCrackerTrackerSql ($SQL, $F, $L) { } // END - if // Remember last SQL - $GLOBALS['ctracker_last_sql'] = $SQL; + $GLOBALS['ctracker_last_sql'] = $sqlString; // Run the query - $GLOBALS['ctracker_last_result'] = mysql_query($SQL, $GLOBALS['ctracker_link']) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); + $GLOBALS['ctracker_last_result'] = mysqli_query($GLOBALS['ctracker_link'], $sqlString) or crackerTrackerDatabaseError($function, $line); // And return it return $GLOBALS['ctracker_last_result']; } -// [EOF] -?> +// Checks wether a table was found +function isCrackerTrackerTableCreated ($table) { + // Default is not found + $found = FALSE; + + // Run the query + $result = runCrackerTrackerSql('SHOW TABLES', __FUNCTION__, __LINE__); + + // Is our table there? + while (list($tab) = mysqli_fetch_row($result)) { + // Debug message + //* NOISY-DEBUG: */ error_log('tab=' . $tab); + + // Is the table there? + if ($tab == $table) { + // Okay, found. So abort + $found = TRUE; + break; + } // END - if + } // END - if + + // Free result + freeCrackerTrackerResult($result); + + // Return result + return $found; +} + +// Creates the given table with columns +function crackerTrackerCreateTable ($table, array $columns, array $keys) { + // Begin the SQL + $sqlString = 'CREATE TABLE IF NOT EXISTS `' . $table . '` ('; + + // Add table name as first column + $sqlString .= '`' . $table . '` BIGINT ( 20 ) UNSIGNED NOT NULL AUTO_INCREMENT, '; + + // Add all columns + foreach ($columns as $column=>$type) { + // Add this entry + $sqlString .= '`' . $column . '` ' . $type . ', '; + } // END - foreach + + // Add table name as primary key + $sqlString .= 'PRIMARY KEY (`' . $table . '`), '; + + // Add keys + foreach ($keys as $key=>$type) { + // Add this entry + $sqlString .= '' . $type . ' (`' . $key . '`), '; + } // END - foreach + + // Finish SQL + $sqlString = substr($sqlString, 0, -2) . ') TYPE=InnoDB'; + + // And run it + runCrackerTrackerSql($sqlString); +} + +// Inits a table by inserting +function crackerTrackerInitTable ($table) { + // Prepare SQL and run it + runCrackerTrackerSql('INSERT INTO `' . $table . '` (`' . $table . '`) VALUES (NULL)'); +} + +// Updates the database scheme automatically +function crackerTrackerUpdateDatabaseScheme () { + // Is a link there? + if (!isCrackerTrackerDatabaseLinkUp()) { + // Abort here silently + return; + } // END - if + + // Is the main config table there? + if (!isCrackerTrackerTableCreated('ctracker_config')) { + // Then do it for us + crackerTrackerCreateTable('ctracker_config', array( + 'ctracker_db_version' => 'BIGINT ( 20 ) UNSIGNED NOT NULL DEFAULT 0', + 'ctracker_min_sleep' => 'SMALLINT ( 5 ) UNSIGNED NOT NULL DEFAULT 10', + 'ctracker_max_sleep' => 'SMALLINT ( 5 ) UNSIGNED NOT NULL DEFAULT 30', + 'ctracker_alert_user' => "ENUM('Y','N') NOT NULL DEFAULT 'Y'", + 'ctracker_language' => "CHAR ( 2) NOT NULL DEFAULT 'en'" + ), array()); + + // Init that table + crackerTrackerInitTable('ctracker_config'); + } // END - if + + // Init update array here + crackerTrackerInitUpdates(); + + // Run any SQL updates recursively + while (isset($GLOBALS['ctracker_updates'][getCrackerTrackerConfig('ctracker_db_version')])) { + // Run that updates + runCrackerTrackerUpdates(getCrackerTrackerConfig('ctracker_db_version')); + + // Update config + runCrackerTrackerSql('UPDATE `ctracker_config` SET `ctracker_db_version`=`ctracker_db_version`+1 WHERE `ctracker_config`=1 LIMIT 1', __FUNCTION__, __LINE__); + + // And count it up in the config array + $GLOBALS['ctracker_config']['ctracker_db_version']++; + } // END - if +} + +// Load the configuration +function crackerTrackerLoadConfig () { + // Construct SQL command and run it + $result = runCrackerTrackerSql('SELECT * FROM `ctracker_config` WHERE `ctracker_config`=1 LIMIT 1', __FUNCTION__, __LINE__); + + // And get it + $GLOBALS['ctracker_config'] = mysqli_fetch_array($result); + + // Free result + freeCrackerTrackerResult($result); +} + +// Getter for config +function getCrackerTrackerConfig ($entry) { + // Is the config entry there? + if (!isset($GLOBALS['ctracker_config'][$entry])) { + // Then better die here, else we may have an endless loop + if (isCrackerTrackerDebug()) { + // Nicer message in debug mode + die('Configuration entry ' . $entry . ' missing!'); + } else { + // die() on production systems + die(); + } + } // END - if + + // Return it + return $GLOBALS['ctracker_config'][$entry]; +} + +// Did the current IP already generated blocked attempts? +function isCrackerTrackerIpSuspicious () { + // Skip this silently if we have not config + if (!isCrackerTrackerDatabaseLinkUp()) { + // Skip this step silently, all is not suspicious + return FALSE; + } // END - if + + // Check if an entry is there + $result = runCrackerTrackerSql("SELECT COUNT(`id`) AS `cnt` FROM `ctracker_data` USE INDEX (`remote_proxy_last`) WHERE `remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' OR `proxy_addr`='" . getenv('REMOTE_ADDR') . "' LIMIT 1", __FUNCTION__, __LINE__); + + // Get row count + list($rows) = mysqli_fetch_row($result); + + // Is there one entry? + $found = ($rows > 0); + + // And again? + if ($found === TRUE) { + // Yes, one is found, then load it + $result = runCrackerTrackerSql("SELECT SQL_SMALL_RESULT * FROM `ctracker_data` USE INDEX (`remote_proxy_last`) WHERE `remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' OR `proxy_addr`='" . getenv('REMOTE_ADDR') . "' ORDER BY `last_attempt` DESC LIMIT 1", __FUNCTION__, __LINE__); + + // Cache the entry + $GLOBALS['ctracker_last_suspicious_entry'] = mysqli_fetch_array($result); + } // END - if + + // Free result + freeCrackerTrackerResult($result); + + // Return the result + return $found; +} + +// Does the current IP have a ticket? +function ifCrackerTrackerIpHasTicket () { + // We only give one ticket per IP! + $result = runCrackerTrackerSql("SELECT * FROM `ctracker_ticket` WHERE `ctracker_ticket_remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' OR `ctracker_ticket_proxy_addr`='" . getenv('REMOTE_ADDR') . "' LIMIT 1", __FUNCTION__, __LINE__); + + // Do we have a ticket? + $found = (mysqli_num_rows($result) == 1); + + // And again? + if ($found === TRUE) { + // Cache the ticket data + $GLOBALS['ctracker_last_ticket'] = mysqli_fetch_array($result); + } // END - if + + // Free result + freeCrackerTrackerResult($result); + + // Return the result + return $found; +} + +// Adds a ticket based on given (mostly $_POST) data +function addCrackerTrackerTicket (array $data) { + // Prepare the array + $GLOBALS['ctracker_last_ticket'] = [ + 'ctracker_ticket_remote_addr' => determineCrackerTrackerRealRemoteAddress(), + 'ctracker_ticket_proxy_addr' => getenv('REMOTE_ADDR'), + 'ctracker_ticket_user_agent' => crackerTrackerUserAgent(), + 'ctracker_ticket_name' => crackerTrackerSecureString($data['name']), + 'ctracker_ticket_email' => crackerTrackerSecureString($data['email']), + 'ctracker_ticket_comment' => crackerTrackerSecureString($data['comment']) + ]; + + // Insert it + crackerTrackerInsertArray('ctracker_ticket', $GLOBALS['ctracker_last_ticket']); + + // Is there an entry? + if ((isset($GLOBALS['ctracker_last_insert_id'])) && ($GLOBALS['ctracker_last_insert_id'] > 0)) { + // All fine, so prepare the link between ticket<->data + $data = [ + 'ctracker_ticket_id' => $GLOBALS['ctracker_last_insert_id'], + 'ctracker_data_id' => $GLOBALS['ctracker_last_suspicious_entry']['id'] + ]; + + // And insert it as well + crackerTrackerInsertArray('ctracker_ticket_data', $data); + + // Add ticket id again + $GLOBALS['ctracker_ticket'] = $data['ctracker_ticket_id']; + + // Merge all data for emails + $GLOBALS['ctracker_last_ticket'] = array_merge($GLOBALS['ctracker_last_ticket'], $data); + + // Is this also there? + if ((isset($GLOBALS['ctracker_last_insert_id'])) && ($GLOBALS['ctracker_last_insert_id'] > 0)) { + // All fine, so display "thank you page" + crackerTrackerLoadTemplate('add_ticket_thanks'); + } else { + // Did not insert + crackerTrackerDie(); + } + } else { + // Did not insert + crackerTrackerDie(); + } +} + +// Frees given result instance +function freeCrackerTrackerResult (mysqli_result $result) { + // Free result + $result->free(); +}