X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=libs%2Flib_connect.php;h=e21af93b19c58c802414bb6e2bd2d12998ac0041;hb=5ba4cfd551ee9582b1d64605d92e3e4ee7b9de3b;hp=3b3a97f9ea8c1a4f1e91dc3d565f0ad065599e7c;hpb=6336abe6767fe5df58a4fb1f3373e6319886ee73;p=ctracker.git diff --git a/libs/lib_connect.php b/libs/lib_connect.php index 3b3a97f..e21af93 100644 --- a/libs/lib_connect.php +++ b/libs/lib_connect.php @@ -2,11 +2,11 @@ /** * Database connection library * - * @author Roland Haeder + * @author Roland Haeder * @version 3.0.0 - * @copyright Copyright (c) 2009, 2010 Cracker Tracker Team + * @copyright Copyright (c) 2009 - 2011 Cracker Tracker Team * @license GNU GPL 3.0 or any newer version - * @link http://www.ship-simu.org + * @link http://www.shipsimu.org * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -27,16 +27,16 @@ function aquireCrackerTrackerDatabaseLink () { // Is the link up? if ((!isCrackerTrackerDatabaseLinkUp()) && (!empty($GLOBALS['ctracker_host'])) && (!empty($GLOBALS['ctracker_dbname'])) && (!empty($GLOBALS['ctracker_user']))) { // Then connect to the database - $GLOBALS['ctracker_link'] = mysql_connect($GLOBALS['ctracker_host'], $GLOBALS['ctracker_user'], $GLOBALS['ctracker_password']) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); + $GLOBALS['ctracker_link'] = mysqli_connect($GLOBALS['ctracker_host'], $GLOBALS['ctracker_user'], $GLOBALS['ctracker_password'], $GLOBALS['ctracker_dbname']) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); - // Select the database - if (!mysql_select_db($GLOBALS['ctracker_dbname'], $GLOBALS['ctracker_link'])) { - // Attempt has failed + // Check on connection and config table + if (!isCrackerTrackerDatabaseLinkUp()) { + // Connect didn't work crackerTrackerDatabaseError(__FUNCTION__, __LINE__); } elseif (isCrackerTrackerTableCreated('ctracker_config')) { // Load the config crackerTrackerLoadConfig(); - } + } // END - if } else { // Init fake config crackerTrackerInitFakeConfig(); @@ -46,14 +46,23 @@ function aquireCrackerTrackerDatabaseLink () { // Inits a fake configurtation function crackerTrackerInitFakeConfig () { // Set the array - $GLOBALS['ctracker_config'] = array( + $GLOBALS['ctracker_config'] = [ 'ctracker_alert_user' => 'Y', - ); + ]; } // Checks if the link is up function isCrackerTrackerDatabaseLinkUp () { - return ((isset($GLOBALS['ctracker_link'])) && (is_resource($GLOBALS['ctracker_link']))); + // Is the instance at least set? + if (isset($GLOBALS['ctracker_link'])) { + // Debug message + //* DEBUG: */ error_log('isset='.intval(isset($GLOBALS['ctracker_link'])) . ',is_object=' . intval(is_object($GLOBALS['ctracker_link'])) . ',mysqli_connect_errno=' . mysqli_connect_errno()); + } else { + // Not set! + //* DEBUG: */ error_log('ctracker_link not set.'); + } + + return ((isset($GLOBALS['ctracker_link'])) && (is_object($GLOBALS['ctracker_link'])) && (mysqli_connect_errno() == 0)); } // Database error detected @@ -63,7 +72,11 @@ function crackerTrackerDatabaseError ($F, $L) { // Output error print 'Function : ' . $F . '
'; print 'Line : ' . $L . '
'; - print 'MySQL error : ' . mysql_error() . '
'; + if (isset($GLOBALS['ctracker_link'])) { + print 'MySQL error : ' . mysqli_error($GLOBALS['ctracker_link']) . '
'; + } else { + print 'No MySQLi available.
'; + } print 'Last SQL : '. $GLOBALS['ctracker_last_sql'] . '
'; } // END - if @@ -76,40 +89,34 @@ function crackerTrackerCloseDatabaseLink () { // Is the link up? if (isCrackerTrackerDatabaseLinkUp()) { // Did it work? - if (!mysql_close($GLOBALS['ctracker_link'])) { - // Remove the link from global array - unset($GLOBALS['ctracker_link']); - + if (!mysqli_close($GLOBALS['ctracker_link'])) { // Attempt has failed crackerTrackerDatabaseError(__FUNCTION__, __LINE__); } // END - if } // END - if - - // Remove the link from global array - unset($GLOBALS['ctracker_link']); } -// Inserts given array, if IP/check_worm combination was not found +// Inserts given array, if IP/check_get combination was not found function crackerTrackerInsertArray ($table, $rowData) { // Is there a link up? if (!isCrackerTrackerDatabaseLinkUp()) { // Abort silently here - return false; + return FALSE; } // END - if // Is it found? if (!isCrackerTrackerEntryFound($rowData)) { // Prepare SQL - $SQL = 'INSERT INTO `' . $table . '` (`' . implode('`,`', array_keys($rowData)) . '`) VALUES(' . implode_secure($rowData) . ')'; + $sqlString = 'INSERT INTO `' . $table . '` (`' . implode('`,`', array_keys($rowData)) . '`) VALUES(' . implode_secure($rowData) . ')'; // Reset insert id - $GLOBALS['ctracker_last_insert_id'] = false; + $GLOBALS['ctracker_last_insert_id'] = FALSE; // Run it - runCrackerTrackerSql($SQL, __FUNCTION__, __LINE__); + runCrackerTrackerSql($sqlString, __FUNCTION__, __LINE__); // Remember the last insert id - $GLOBALS['ctracker_last_insert_id'] = mysql_insert_id($GLOBALS['ctracker_link']) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); + $GLOBALS['ctracker_last_insert_id'] = mysqli_insert_id($GLOBALS['ctracker_link']) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); } else { // Only update the entry updateCrackerTrackerEntry($rowData); @@ -117,35 +124,32 @@ function crackerTrackerInsertArray ($table, $rowData) { } // Updates a given entry by just counting it up -function updateCrackerTrackerEntry ($rowData) { +function updateCrackerTrackerEntry (array $rowData) { // Construct the SELECT query - $SQL = 'UPDATE `ctracker_data` SET `count`=`count`+1 WHERE `remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" AND `check_worm` = "' . crackerTrackerEscapeString($rowData['check_worm']) . '" LIMIT 1'; + $sqlString = 'UPDATE `ctracker_data` SET `count`=`count`+1 WHERE (`remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" OR `proxy_addr`="' . crackerTrackerEscapeString($rowData['proxy_addr']) . '") AND `` = "' . crackerTrackerEscapeString($rowData['']) . '" LIMIT 1'; // Run the SQL and check if we have one line - runCrackerTrackerSql($SQL, __FUNCTION__, __LINE__); + runCrackerTrackerSql($sqlString, __FUNCTION__, __LINE__); } -// Checks if an entry with IP/check_worm/domain combination is there -function isCrackerTrackerEntryFound ($rowData) { +// Checks if an entry with IP/check_get/domain combination is there +function isCrackerTrackerEntryFound (array $rowData) { // Construct the SELECT query - $SQL = 'SELECT `id` FROM `ctracker_data` WHERE `remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" AND `check_worm` = "' . crackerTrackerEscapeString($rowData['check_worm']) . '" AND `server_name`="' . crackerTrackerEscapeString($rowData['server_name']) . '" LIMIT 1'; + $sqlString = 'SELECT `id` FROM `ctracker_data` WHERE (`remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" OR `proxy_addr`="' . crackerTrackerEscapeString($rowData['proxy_addr']) . '") AND `check_get` = "' . crackerTrackerEscapeString($rowData['check_get']) . '" AND `server_name`="' . crackerTrackerEscapeString($rowData['server_name']) . '" LIMIT 1'; // Run the SQL and check if we have one line - return ((isCrackerTrackerDatabaseLinkUp()) && (mysql_num_rows(runCrackerTrackerSql($SQL, __FUNCTION__, __LINE__)) == 1)); + return ((isCrackerTrackerDatabaseLinkUp()) && (mysqli_num_rows(runCrackerTrackerSql($sqlString, __FUNCTION__, __LINE__)) == 1)); } // Escapes the string function crackerTrackerEscapeString ($string) { // Is the link up? if (!isCrackerTrackerDatabaseLinkUp()) { - // Then we cant use mysql_real_escape_string! + // Then we cant use mysqli_real_escape_string! $string = addslashes($string); - } elseif (function_exists('mysql_real_escape_string')) { - // Use mysql_real_escape_string() - $string = mysql_real_escape_string($string, $GLOBALS['ctracker_link']); - } elseif (function_exists('mysql_escape_string')) { - // Use deprecated function - $string = mysql_escape_string($string, $GLOBALS['ctracker_link']); + } elseif (function_exists('mysqli_real_escape_string')) { + // Use mysqli_real_escape_string() + $string = mysqli_real_escape_string($GLOBALS['ctracker_link'], $string); } else { // Use fall-back (bad!) $string = addslashes($string); @@ -156,7 +160,7 @@ function crackerTrackerEscapeString ($string) { } // END - if // Runs an SQL query and checks for errors -function runCrackerTrackerSql ($SQL, $F, $L) { +function runCrackerTrackerSql ($sqlString, $function, $line) { // Is the link up? if (!isCrackerTrackerDatabaseLinkUp()) { // Abort here @@ -164,10 +168,10 @@ function runCrackerTrackerSql ($SQL, $F, $L) { } // END - if // Remember last SQL - $GLOBALS['ctracker_last_sql'] = $SQL; + $GLOBALS['ctracker_last_sql'] = $sqlString; // Run the query - $GLOBALS['ctracker_last_result'] = mysql_query($SQL, $GLOBALS['ctracker_link']) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); + $GLOBALS['ctracker_last_result'] = mysqli_query($GLOBALS['ctracker_link'], $sqlString) or crackerTrackerDatabaseError($function, $line); // And return it return $GLOBALS['ctracker_last_result']; @@ -176,23 +180,26 @@ function runCrackerTrackerSql ($SQL, $F, $L) { // Checks wether a table was found function isCrackerTrackerTableCreated ($table) { // Default is not found - $found = false; + $found = FALSE; // Run the query $result = runCrackerTrackerSql('SHOW TABLES', __FUNCTION__, __LINE__); // Is our table there? - while (list($tab) = mysql_fetch_row($result)) { + while (list($tab) = mysqli_fetch_row($result)) { + // Debug message + //* NOISY-DEBUG: */ error_log('tab=' . $tab); + // Is the table there? if ($tab == $table) { // Okay, found. So abort - $found = true; + $found = TRUE; break; } // END - if } // END - if // Free result - mysql_free_result($result) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); + freeCrackerTrackerResult($result); // Return result return $found; @@ -201,31 +208,31 @@ function isCrackerTrackerTableCreated ($table) { // Creates the given table with columns function crackerTrackerCreateTable ($table, array $columns, array $keys) { // Begin the SQL - $SQL = 'CREATE TABLE IF NOT EXISTS `' . $table . '` ('; + $sqlString = 'CREATE TABLE IF NOT EXISTS `' . $table . '` ('; // Add table name as first column - $SQL .= '`' . $table . '` BIGINT ( 20 ) UNSIGNED NOT NULL AUTO_INCREMENT, '; + $sqlString .= '`' . $table . '` BIGINT ( 20 ) UNSIGNED NOT NULL AUTO_INCREMENT, '; // Add all columns foreach ($columns as $column=>$type) { // Add this entry - $SQL .= '`' . $column . '` ' . $type . ', '; + $sqlString .= '`' . $column . '` ' . $type . ', '; } // END - foreach // Add table name as primary key - $SQL .= 'PRIMARY KEY (`' . $table . '`), '; + $sqlString .= 'PRIMARY KEY (`' . $table . '`), '; // Add keys foreach ($keys as $key=>$type) { // Add this entry - $SQL .= '' . $type . ' (`' . $key . '`), '; + $sqlString .= '' . $type . ' (`' . $key . '`), '; } // END - foreach // Finish SQL - $SQL = substr($SQL, 0, -2) . ') TYPE=InnoDB'; + $sqlString = substr($sqlString, 0, -2) . ') TYPE=InnoDB'; // And run it - runCrackerTrackerSql($SQL); + runCrackerTrackerSql($sqlString); } // Inits a table by inserting @@ -279,10 +286,10 @@ function crackerTrackerLoadConfig () { $result = runCrackerTrackerSql('SELECT * FROM `ctracker_config` WHERE `ctracker_config`=1 LIMIT 1', __FUNCTION__, __LINE__); // And get it - $GLOBALS['ctracker_config'] = mysql_fetch_array($result); + $GLOBALS['ctracker_config'] = mysqli_fetch_array($result); // Free result - mysql_free_result($result) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); + freeCrackerTrackerResult($result); } // Getter for config @@ -308,23 +315,29 @@ function isCrackerTrackerIpSuspicious () { // Skip this silently if we have not config if (!isCrackerTrackerDatabaseLinkUp()) { // Skip this step silently, all is not suspicious - return false; + return FALSE; } // END - if - // We only need the very last attempt to get! - $result = runCrackerTrackerSql("SELECT * FROM `ctracker_data` WHERE `remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' ORDER BY `last_attempt` DESC LIMIT 1", __FUNCTION__, __LINE__); + // Check if an entry is there + $result = runCrackerTrackerSql("SELECT COUNT(`id`) AS `cnt` FROM `ctracker_data` USE INDEX (`remote_proxy_last`) WHERE `remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' OR `proxy_addr`='" . getenv('REMOTE_ADDR') . "' LIMIT 1", __FUNCTION__, __LINE__); + + // Get row count + list($rows) = mysqli_fetch_row($result); - // Do we have entries? - $found = (mysql_num_rows($result) == 1); + // Is there one entry? + $found = ($rows > 0); // And again? - if ($found === true) { + if ($found === TRUE) { + // Yes, one is found, then load it + $result = runCrackerTrackerSql("SELECT SQL_SMALL_RESULT * FROM `ctracker_data` USE INDEX (`remote_proxy_last`) WHERE `remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' OR `proxy_addr`='" . getenv('REMOTE_ADDR') . "' ORDER BY `last_attempt` DESC LIMIT 1", __FUNCTION__, __LINE__); + // Cache the entry - $GLOBALS['ctracker_last_suspicious_entry'] = mysql_fetch_array($result); + $GLOBALS['ctracker_last_suspicious_entry'] = mysqli_fetch_array($result); } // END - if // Free result - mysql_free_result($result) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); + freeCrackerTrackerResult($result); // Return the result return $found; @@ -333,19 +346,19 @@ function isCrackerTrackerIpSuspicious () { // Does the current IP have a ticket? function ifCrackerTrackerIpHasTicket () { // We only give one ticket per IP! - $result = runCrackerTrackerSql("SELECT * FROM `ctracker_ticket` WHERE `ctracker_ticket_remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' LIMIT 1", __FUNCTION__, __LINE__); + $result = runCrackerTrackerSql("SELECT * FROM `ctracker_ticket` WHERE `ctracker_ticket_remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' OR `ctracker_ticket_proxy_addr`='" . getenv('REMOTE_ADDR') . "' LIMIT 1", __FUNCTION__, __LINE__); // Do we have a ticket? - $found = (mysql_num_rows($result) == 1); + $found = (mysqli_num_rows($result) == 1); // And again? - if ($found === true) { + if ($found === TRUE) { // Cache the ticket data - $GLOBALS['ctracker_last_ticket'] = mysql_fetch_array($result); + $GLOBALS['ctracker_last_ticket'] = mysqli_fetch_array($result); } // END - if // Free result - mysql_free_result($result) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); + freeCrackerTrackerResult($result); // Return the result return $found; @@ -354,13 +367,14 @@ function ifCrackerTrackerIpHasTicket () { // Adds a ticket based on given (mostly $_POST) data function addCrackerTrackerTicket (array $data) { // Prepare the array - $GLOBALS['ctracker_last_ticket'] = array( + $GLOBALS['ctracker_last_ticket'] = [ 'ctracker_ticket_remote_addr' => determineCrackerTrackerRealRemoteAddress(), + 'ctracker_ticket_proxy_addr' => getenv('REMOTE_ADDR'), 'ctracker_ticket_user_agent' => crackerTrackerUserAgent(), 'ctracker_ticket_name' => crackerTrackerSecureString($data['name']), 'ctracker_ticket_email' => crackerTrackerSecureString($data['email']), 'ctracker_ticket_comment' => crackerTrackerSecureString($data['comment']) - ); + ]; // Insert it crackerTrackerInsertArray('ctracker_ticket', $GLOBALS['ctracker_last_ticket']); @@ -368,10 +382,10 @@ function addCrackerTrackerTicket (array $data) { // Is there an entry? if ((isset($GLOBALS['ctracker_last_insert_id'])) && ($GLOBALS['ctracker_last_insert_id'] > 0)) { // All fine, so prepare the link between ticket<->data - $data = array( + $data = [ 'ctracker_ticket_id' => $GLOBALS['ctracker_last_insert_id'], 'ctracker_data_id' => $GLOBALS['ctracker_last_suspicious_entry']['id'] - ); + ]; // And insert it as well crackerTrackerInsertArray('ctracker_ticket_data', $data); @@ -396,5 +410,8 @@ function addCrackerTrackerTicket (array $data) { } } -// [EOF] -?> +// Frees given result instance +function freeCrackerTrackerResult (mysqli_result $result) { + // Free result + $result->free(); +}