diff -r 43add2be1371 -r 58477ab3937f includes/dbal.php --- a/includes/dbal.php Sat Nov 17 22:56:26 2007 -0500 +++ b/includes/dbal.php Sat Nov 17 23:09:12 2007 -0500 @@ -121,13 +121,25 @@ return $internal_text; } - function connect() { + function connect() + { $this->enable_errorhandler(); + dc_here('dbal: trying to connect....'); - @include(ENANO_ROOT.'/config.php'); - if(isset($crypto_key)) + + if ( defined('IN_ENANO_INSTALL') ) + { + @include(ENANO_ROOT.'/config.new.php'); + } + else + { + @include(ENANO_ROOT.'/config.php'); + } + + if ( isset($crypto_key) ) unset($crypto_key); // Get this sucker out of memory fast - if(!defined('ENANO_INSTALLED') && !defined('MIDGET_INSTALLED') && !defined('IN_ENANO_INSTALL') ) + + if ( !defined('ENANO_INSTALLED') && !defined('MIDGET_INSTALLED') && !defined('IN_ENANO_INSTALL') ) { dc_here('dbal: oops, looks like Enano isn\'t set up. Constants ENANO_INSTALLED, MIDGET_INSTALLED, and IN_ENANO_INSTALL are all undefined.'); header('Location: install.php'); @@ -136,46 +148,74 @@ $this->_conn = @mysql_connect($dbhost, $dbuser, $dbpasswd); unset($dbuser); unset($dbpasswd); // Security - if(!$this->_conn) { dc_here('dbal: uhoh!
'.mysql_error()); grinding_halt('Enano is having a problem', '

Error: couldn\'t connect to MySQL.
'.mysql_error().'

'); } + + if ( !$this->_conn ) + { + dc_here('dbal: uhoh!
'.mysql_error()); + grinding_halt('Enano is having a problem', '

Error: couldn\'t connect to MySQL.
'.mysql_error().'

'); + } + + // Reset some variables $this->query_backtrace = ''; $this->num_queries = 0; + dc_here('dbal: we\'re in, selecting database...'); $q = $this->sql_query('USE `'.$dbname.'`;'); - if(!$q) $this->_die('The database could not be selected.'); + + if ( !$q ) + $this->_die('The database could not be selected.'); + + // We're in! dc_here('dbal: connected to MySQL'); + $this->disable_errorhandler(); + return true; } - function sql_query($q) { + function sql_query($q) + { $this->enable_errorhandler(); $this->num_queries++; - $this->query_backtrace .= $q."\n"; + $this->query_backtrace .= $q . "\n"; $this->latest_query = $q; dc_here('dbal: making SQL query:
'.$q.''); - if(!$this->_conn) $this->_die('A database connection has not yet been established.'); - if(!$this->check_query($q)) + // First make sure we have a connection + if ( !$this->_conn ) + { + $this->_die('A database connection has not yet been established.'); + } + // Does this query look malicious? + if ( !$this->check_query($q) ) { $this->report_query($q); grinding_halt('SQL Injection attempt', '

Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.

Query was:

'.htmlspecialchars($q).'
'); } + $r = mysql_query($q, $this->_conn); $this->latest_result = $r; $this->disable_errorhandler(); return $r; } - function sql_unbuffered_query($q) { + function sql_unbuffered_query($q) + { $this->enable_errorhandler(); $this->num_queries++; $this->query_backtrace .= '(UNBUFFERED) ' . $q."\n"; $this->latest_query = $q; dc_here('dbal: making SQL query:
'.$q.''); - if(!$this->_conn) $this->_die('A database connection has not yet been established.'); - if(!$this->check_query($q)) + // First make sure we have a connection + if ( !$this->_conn ) + { + $this->_die('A database connection has not yet been established.'); + } + // Does this query look malicious? + if ( !$this->check_query($q) ) { $this->report_query($q); grinding_halt('SQL Injection attempt', '

Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.

Query was:

'.htmlspecialchars($q).'
'); } + $r = mysql_unbuffered_query($q, $this->_conn); $this->latest_result = $r; $this->disable_errorhandler();