includes/dbal.php
changeset 215 58477ab3937f
parent 205 62ee6685ad18
child 218 e0ec986c0af3
equal deleted inserted replaced
214:43add2be1371 215:58477ab3937f
   119                       Most recent SQL query:</p>
   119                       Most recent SQL query:</p>
   120                       <pre>'.$bt.'</pre>';
   120                       <pre>'.$bt.'</pre>';
   121     return $internal_text;
   121     return $internal_text;
   122   }
   122   }
   123   
   123   
   124   function connect() {
   124   function connect()
   125     $this->enable_errorhandler();
   125   {
       
   126     $this->enable_errorhandler();
       
   127     
   126     dc_here('dbal: trying to connect....');
   128     dc_here('dbal: trying to connect....');
   127     @include(ENANO_ROOT.'/config.php');
   129     
   128     if(isset($crypto_key))
   130     if ( defined('IN_ENANO_INSTALL') )
       
   131     {
       
   132       @include(ENANO_ROOT.'/config.new.php');
       
   133     }
       
   134     else
       
   135     {
       
   136       @include(ENANO_ROOT.'/config.php');
       
   137     }
       
   138       
       
   139     if ( isset($crypto_key) )
   129       unset($crypto_key); // Get this sucker out of memory fast
   140       unset($crypto_key); // Get this sucker out of memory fast
   130     if(!defined('ENANO_INSTALLED') && !defined('MIDGET_INSTALLED') && !defined('IN_ENANO_INSTALL') )
   141     
       
   142     if ( !defined('ENANO_INSTALLED') && !defined('MIDGET_INSTALLED') && !defined('IN_ENANO_INSTALL') )
   131     {
   143     {
   132       dc_here('dbal: oops, looks like Enano isn\'t set up. Constants ENANO_INSTALLED, MIDGET_INSTALLED, and IN_ENANO_INSTALL are all undefined.');
   144       dc_here('dbal: oops, looks like Enano isn\'t set up. Constants ENANO_INSTALLED, MIDGET_INSTALLED, and IN_ENANO_INSTALL are all undefined.');
   133       header('Location: install.php'); 
   145       header('Location: install.php'); 
   134       exit;
   146       exit;
   135     }
   147     }
   136     $this->_conn = @mysql_connect($dbhost, $dbuser, $dbpasswd);
   148     $this->_conn = @mysql_connect($dbhost, $dbuser, $dbpasswd);
   137     unset($dbuser);
   149     unset($dbuser);
   138     unset($dbpasswd); // Security
   150     unset($dbpasswd); // Security
   139     if(!$this->_conn) { dc_here('dbal: uhoh!<br />'.mysql_error()); grinding_halt('Enano is having a problem', '<p>Error: couldn\'t connect to MySQL.<br />'.mysql_error().'</p>'); }
   151     
       
   152     if ( !$this->_conn )
       
   153     {
       
   154       dc_here('dbal: uhoh!<br />'.mysql_error());
       
   155       grinding_halt('Enano is having a problem', '<p>Error: couldn\'t connect to MySQL.<br />'.mysql_error().'</p>');
       
   156     }
       
   157     
       
   158     // Reset some variables
   140     $this->query_backtrace = '';
   159     $this->query_backtrace = '';
   141     $this->num_queries = 0;
   160     $this->num_queries = 0;
       
   161     
   142     dc_here('dbal: we\'re in, selecting database...');
   162     dc_here('dbal: we\'re in, selecting database...');
   143     $q = $this->sql_query('USE `'.$dbname.'`;');
   163     $q = $this->sql_query('USE `'.$dbname.'`;');
   144     if(!$q) $this->_die('The database could not be selected.');
   164     
       
   165     if ( !$q )
       
   166       $this->_die('The database could not be selected.');
       
   167     
       
   168     // We're in!
   145     dc_here('dbal: connected to MySQL');
   169     dc_here('dbal: connected to MySQL');
   146     $this->disable_errorhandler();
   170     
   147   }
   171     $this->disable_errorhandler();
   148   
   172     return true;
   149   function sql_query($q) {
   173   }
       
   174   
       
   175   function sql_query($q)
       
   176   {
   150     $this->enable_errorhandler();
   177     $this->enable_errorhandler();
   151     $this->num_queries++;
   178     $this->num_queries++;
   152     $this->query_backtrace .= $q."\n";
   179     $this->query_backtrace .= $q . "\n";
   153     $this->latest_query = $q;
   180     $this->latest_query = $q;
   154     dc_here('dbal: making SQL query:<br /><tt>'.$q.'</tt>');
   181     dc_here('dbal: making SQL query:<br /><tt>'.$q.'</tt>');
   155     if(!$this->_conn) $this->_die('A database connection has not yet been established.');
   182     // First make sure we have a connection
   156     if(!$this->check_query($q))
   183     if ( !$this->_conn )
       
   184     {
       
   185       $this->_die('A database connection has not yet been established.');
       
   186     }
       
   187     // Does this query look malicious?
       
   188     if ( !$this->check_query($q) )
   157     {
   189     {
   158       $this->report_query($q);
   190       $this->report_query($q);
   159       grinding_halt('SQL Injection attempt', '<p>Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.</p><p>Query was:</p><pre>'.htmlspecialchars($q).'</pre>');
   191       grinding_halt('SQL Injection attempt', '<p>Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.</p><p>Query was:</p><pre>'.htmlspecialchars($q).'</pre>');
   160     }
   192     }
       
   193     
   161     $r = mysql_query($q, $this->_conn);
   194     $r = mysql_query($q, $this->_conn);
   162     $this->latest_result = $r;
   195     $this->latest_result = $r;
   163     $this->disable_errorhandler();
   196     $this->disable_errorhandler();
   164     return $r;
   197     return $r;
   165   }
   198   }
   166   
   199   
   167   function sql_unbuffered_query($q) {
   200   function sql_unbuffered_query($q)
       
   201   {
   168     $this->enable_errorhandler();
   202     $this->enable_errorhandler();
   169     $this->num_queries++;
   203     $this->num_queries++;
   170     $this->query_backtrace .= '(UNBUFFERED) ' . $q."\n";
   204     $this->query_backtrace .= '(UNBUFFERED) ' . $q."\n";
   171     $this->latest_query = $q;
   205     $this->latest_query = $q;
   172     dc_here('dbal: making SQL query:<br /><tt>'.$q.'</tt>');
   206     dc_here('dbal: making SQL query:<br /><tt>'.$q.'</tt>');
   173     if(!$this->_conn) $this->_die('A database connection has not yet been established.');
   207     // First make sure we have a connection
   174     if(!$this->check_query($q))
   208     if ( !$this->_conn )
       
   209     {
       
   210       $this->_die('A database connection has not yet been established.');
       
   211     }
       
   212     // Does this query look malicious?
       
   213     if ( !$this->check_query($q) )
   175     {
   214     {
   176       $this->report_query($q);
   215       $this->report_query($q);
   177       grinding_halt('SQL Injection attempt', '<p>Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.</p><p>Query was:</p><pre>'.htmlspecialchars($q).'</pre>');
   216       grinding_halt('SQL Injection attempt', '<p>Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.</p><p>Query was:</p><pre>'.htmlspecialchars($q).'</pre>');
   178     }
   217     }
       
   218     
   179     $r = mysql_unbuffered_query($q, $this->_conn);
   219     $r = mysql_unbuffered_query($q, $this->_conn);
   180     $this->latest_result = $r;
   220     $this->latest_result = $r;
   181     $this->disable_errorhandler();
   221     $this->disable_errorhandler();
   182     return $r;
   222     return $r;
   183   }
   223   }