From 1c0b801f6514cf9675efead98fcb41a052ffb0b8 Mon Sep 17 00:00:00 2001 From: Roland Haeder Date: Sat, 12 Sep 2015 23:36:46 +0200 Subject: [PATCH] Rewrote to MySQLi MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Roland Häder --- config/db_config.php.dist | 2 +- ctracker.php | 13 ++++--- libs/lib_connect.php | 81 +++++++++++++++++++++++---------------- libs/lib_general.php | 11 +++++- libs/lib_updates.php | 2 +- 5 files changed, 67 insertions(+), 42 deletions(-) diff --git a/config/db_config.php.dist b/config/db_config.php.dist index 19f98a4..51c04d8 100644 --- a/config/db_config.php.dist +++ b/config/db_config.php.dist @@ -35,7 +35,7 @@ $GLOBALS['ctracker_user'] = ''; $GLOBALS['ctracker_password'] = ''; // Debugging should be disabled by default -$GLOBALS['ctracker_debug_enabled'] = false; +$GLOBALS['ctracker_debug_enabled'] = FALSE; // Email recipient for all emails $GLOBALS['ctracker_email'] = 'you@domain.invalid'; diff --git a/ctracker.php b/ctracker.php index 4c8e357..f3770e1 100644 --- a/ctracker.php +++ b/ctracker.php @@ -29,12 +29,15 @@ * along with this program. If not, see . */ +// XDEBUG call +/* DEBUG: */ xdebug_start_trace(); + // Include files -include('config/db_config.php'); -include('libs/lib_general.php'); -include('libs/lib_detector.php'); -include('libs/lib_connect.php'); -include('libs/lib_updates.php'); +require('config/db_config.php'); +require('libs/lib_general.php'); +require('libs/lib_detector.php'); +require('libs/lib_connect.php'); +require('libs/lib_updates.php'); // Init initCrackerTrackerArrays(); diff --git a/libs/lib_connect.php b/libs/lib_connect.php index 8686ec5..c704fcf 100644 --- a/libs/lib_connect.php +++ b/libs/lib_connect.php @@ -27,16 +27,16 @@ function aquireCrackerTrackerDatabaseLink () { // Is the link up? if ((!isCrackerTrackerDatabaseLinkUp()) && (!empty($GLOBALS['ctracker_host'])) && (!empty($GLOBALS['ctracker_dbname'])) && (!empty($GLOBALS['ctracker_user']))) { // Then connect to the database - $GLOBALS['ctracker_link'] = mysql_connect($GLOBALS['ctracker_host'], $GLOBALS['ctracker_user'], $GLOBALS['ctracker_password']) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); + $GLOBALS['ctracker_link'] = mysqli_connect($GLOBALS['ctracker_host'], $GLOBALS['ctracker_user'], $GLOBALS['ctracker_password'], $GLOBALS['ctracker_dbname']) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); - // Select the database - if (!mysql_select_db($GLOBALS['ctracker_dbname'], $GLOBALS['ctracker_link'])) { - // Attempt has failed + // Check on connection and config table + if (!isCrackerTrackerDatabaseLinkUp()) { + // Connect didn't work crackerTrackerDatabaseError(__FUNCTION__, __LINE__); } elseif (isCrackerTrackerTableCreated('ctracker_config')) { // Load the config crackerTrackerLoadConfig(); - } + } // END - if } else { // Init fake config crackerTrackerInitFakeConfig(); @@ -53,7 +53,16 @@ function crackerTrackerInitFakeConfig () { // Checks if the link is up function isCrackerTrackerDatabaseLinkUp () { - return ((isset($GLOBALS['ctracker_link'])) && (is_resource($GLOBALS['ctracker_link']))); + // Is the instance at least set? + if (isset($GLOBALS['ctracker_link'])) { + // Debug message + //* DEBUG: */ error_log('isset='.intval(isset($GLOBALS['ctracker_link'])) . ',is_object=' . intval(is_object($GLOBALS['ctracker_link'])) . ',mysqli_connect_errno=' . mysqli_connect_errno()); + } else { + // Not set! + //* DEBUG: */ error_log('ctracker_link not set.'); + } + + return ((isset($GLOBALS['ctracker_link'])) && (is_object($GLOBALS['ctracker_link'])) && (mysqli_connect_errno() == 0)); } // Database error detected @@ -63,7 +72,11 @@ function crackerTrackerDatabaseError ($F, $L) { // Output error print 'Function : ' . $F . '
'; print 'Line : ' . $L . '
'; - print 'MySQL error : ' . mysql_error() . '
'; + if (isset($GLOBALS['ctracker_link'])) { + print 'MySQL error : ' . mysqli_error($GLOBALS['ctracker_link']) . '
'; + } else { + print 'No MySQLi available.
'; + } print 'Last SQL : '. $GLOBALS['ctracker_last_sql'] . '
'; } // END - if @@ -76,17 +89,11 @@ function crackerTrackerCloseDatabaseLink () { // Is the link up? if (isCrackerTrackerDatabaseLinkUp()) { // Did it work? - if (!mysql_close($GLOBALS['ctracker_link'])) { - // Remove all data from global space - unsetCtrackerData(); - + if (!mysqli_close($GLOBALS['ctracker_link'])) { // Attempt has failed crackerTrackerDatabaseError(__FUNCTION__, __LINE__); } // END - if } // END - if - - // Remove all data from global space - unsetCtrackerData(); } // Inserts given array, if IP/check_worm combination was not found @@ -109,7 +116,7 @@ function crackerTrackerInsertArray ($table, $rowData) { runCrackerTrackerSql($SQL, __FUNCTION__, __LINE__); // Remember the last insert id - $GLOBALS['ctracker_last_insert_id'] = mysql_insert_id($GLOBALS['ctracker_link']) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); + $GLOBALS['ctracker_last_insert_id'] = mysqli_insert_id($GLOBALS['ctracker_link']) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); } else { // Only update the entry updateCrackerTrackerEntry($rowData); @@ -131,21 +138,18 @@ function isCrackerTrackerEntryFound ($rowData) { $SQL = 'SELECT `id` FROM `ctracker_data` WHERE (`remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" OR `proxy_addr`="' . crackerTrackerEscapeString($rowData['proxy_addr']) . '") AND `check_worm` = "' . crackerTrackerEscapeString($rowData['check_worm']) . '" AND `server_name`="' . crackerTrackerEscapeString($rowData['server_name']) . '" LIMIT 1'; // Run the SQL and check if we have one line - return ((isCrackerTrackerDatabaseLinkUp()) && (mysql_num_rows(runCrackerTrackerSql($SQL, __FUNCTION__, __LINE__)) == 1)); + return ((isCrackerTrackerDatabaseLinkUp()) && (mysqli_num_rows(runCrackerTrackerSql($SQL, __FUNCTION__, __LINE__)) == 1)); } // Escapes the string function crackerTrackerEscapeString ($string) { // Is the link up? if (!isCrackerTrackerDatabaseLinkUp()) { - // Then we cant use mysql_real_escape_string! + // Then we cant use mysqli_real_escape_string! $string = addslashes($string); - } elseif (function_exists('mysql_real_escape_string')) { - // Use mysql_real_escape_string() - $string = mysql_real_escape_string($string, $GLOBALS['ctracker_link']); - } elseif (function_exists('mysql_escape_string')) { - // Use deprecated function - $string = mysql_escape_string($string, $GLOBALS['ctracker_link']); + } elseif (function_exists('mysqli_real_escape_string')) { + // Use mysqli_real_escape_string() + $string = mysqli_real_escape_string($GLOBALS['ctracker_link'], $string); } else { // Use fall-back (bad!) $string = addslashes($string); @@ -167,7 +171,7 @@ function runCrackerTrackerSql ($SQL, $F, $L) { $GLOBALS['ctracker_last_sql'] = $SQL; // Run the query - $GLOBALS['ctracker_last_result'] = mysql_query($SQL, $GLOBALS['ctracker_link']) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); + $GLOBALS['ctracker_last_result'] = mysqli_query($GLOBALS['ctracker_link'], $SQL) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); // And return it return $GLOBALS['ctracker_last_result']; @@ -182,7 +186,10 @@ function isCrackerTrackerTableCreated ($table) { $result = runCrackerTrackerSql('SHOW TABLES', __FUNCTION__, __LINE__); // Is our table there? - while (list($tab) = mysql_fetch_row($result)) { + while (list($tab) = mysqli_fetch_row($result)) { + // Debug message + //* NOISY-DEBUG: */ error_log('tab=' . $tab); + // Is the table there? if ($tab == $table) { // Okay, found. So abort @@ -192,7 +199,7 @@ function isCrackerTrackerTableCreated ($table) { } // END - if // Free result - mysql_free_result($result) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); + freeCrackerTrackerResult($result); // Return result return $found; @@ -279,10 +286,10 @@ function crackerTrackerLoadConfig () { $result = runCrackerTrackerSql('SELECT * FROM `ctracker_config` WHERE `ctracker_config`=1 LIMIT 1', __FUNCTION__, __LINE__); // And get it - $GLOBALS['ctracker_config'] = mysql_fetch_array($result); + $GLOBALS['ctracker_config'] = mysqli_fetch_array($result); // Free result - mysql_free_result($result) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); + freeCrackerTrackerResult($result); } // Getter for config @@ -315,7 +322,7 @@ function isCrackerTrackerIpSuspicious () { $result = runCrackerTrackerSql("SELECT COUNT(`id`) AS `cnt` FROM `ctracker_data` USE INDEX (`remote_proxy_last`) WHERE `remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' OR `proxy_addr`='" . getenv('REMOTE_ADDR') . "' LIMIT 1", __FUNCTION__, __LINE__); // Get row count - list($rows) = mysql_fetch_row($result); + list($rows) = mysqli_fetch_row($result); // Is there one entry? $found = ($rows > 0); @@ -326,11 +333,11 @@ function isCrackerTrackerIpSuspicious () { $result = runCrackerTrackerSql("SELECT SQL_SMALL_RESULT * FROM `ctracker_data` USE INDEX (`remote_proxy_last`) WHERE `remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' OR `proxy_addr`='" . getenv('REMOTE_ADDR') . "' ORDER BY `last_attempt` DESC LIMIT 1", __FUNCTION__, __LINE__); // Cache the entry - $GLOBALS['ctracker_last_suspicious_entry'] = mysql_fetch_array($result); + $GLOBALS['ctracker_last_suspicious_entry'] = mysqli_fetch_array($result); } // END - if // Free result - mysql_free_result($result) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); + freeCrackerTrackerResult($result); // Return the result return $found; @@ -342,16 +349,16 @@ function ifCrackerTrackerIpHasTicket () { $result = runCrackerTrackerSql("SELECT * FROM `ctracker_ticket` WHERE `ctracker_ticket_remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' OR `ctracker_ticket_proxy_addr`='" . getenv('REMOTE_ADDR') . "' LIMIT 1", __FUNCTION__, __LINE__); // Do we have a ticket? - $found = (mysql_num_rows($result) == 1); + $found = (mysqli_num_rows($result) == 1); // And again? if ($found === TRUE) { // Cache the ticket data - $GLOBALS['ctracker_last_ticket'] = mysql_fetch_array($result); + $GLOBALS['ctracker_last_ticket'] = mysqli_fetch_array($result); } // END - if // Free result - mysql_free_result($result) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__); + freeCrackerTrackerResult($result); // Return the result return $found; @@ -403,5 +410,11 @@ function addCrackerTrackerTicket (array $data) { } } +// Frees given result instance +function freeCrackerTrackerResult (mysqli_result $result) { + // Free result + $result->free(); +} + // [EOF] ?> diff --git a/libs/lib_general.php b/libs/lib_general.php index 21cd6ab..907b835 100644 --- a/libs/lib_general.php +++ b/libs/lib_general.php @@ -76,7 +76,13 @@ if (!function_exists('implode_secure')) { // Getter for ctracker_debug_enabled function isCrackerTrackerDebug () { // Is it set? - return ((isset($GLOBALS['ctracker_debug_enabled'])) && ($GLOBALS['ctracker_debug_enabled'] === TRUE)); + $result = ((isset($GLOBALS['ctracker_debug_enabled'])) && ($GLOBALS['ctracker_debug_enabled'] === TRUE)); + + // Debug message + //* DEBUG: */ error_log('result=' . intval($result)); + + // Return it + return $result; } // Determines the real remote address @@ -472,6 +478,9 @@ function crackerTrackerSendRawRedirect ($url) { // Removes all ctracker-related data from global space function unsetCtrackerData () { + // Debug message + //* DEBUG: */ error_log(__FUNCTION__ . ': CALLED!'); + // Unset all ctracker data foreach (array( 'ctracker_host', diff --git a/libs/lib_updates.php b/libs/lib_updates.php index a0ea51d..3c53dfb 100644 --- a/libs/lib_updates.php +++ b/libs/lib_updates.php @@ -70,7 +70,7 @@ FOREIGN KEY ( `ctracker_data_id` ) REFERENCES `' . $GLOBALS['ctracker_dbname'] . // Better key for always repeating query 4 => array( - 'ALTER TABLE `ctracker`.`ctracker_data` ADD INDEX `remote_proxy_last` ( `remote_addr`, `proxy_addr`, `last_attempt` DESC )', + 'ALTER TABLE `ctracker_data` ADD INDEX `remote_proxy_last` ( `remote_addr`, `proxy_addr`, `last_attempt` DESC )', ), ); } -- 2.39.5