diff -r 917dcc6c4ceb -r f088805540ae includes/dbal.php
--- a/includes/dbal.php Sat Nov 17 22:25:37 2007 -0500
+++ b/includes/dbal.php Sun Nov 18 20:37:08 2007 -0500
@@ -121,13 +121,25 @@
return $internal_text;
}
- function connect() {
+ function connect()
+ {
$this->enable_errorhandler();
+
dc_here('dbal: trying to connect....');
- @include(ENANO_ROOT.'/config.php');
- if(isset($crypto_key))
+
+ if ( defined('IN_ENANO_INSTALL') )
+ {
+ @include(ENANO_ROOT.'/config.new.php');
+ }
+ else
+ {
+ @include(ENANO_ROOT.'/config.php');
+ }
+
+ if ( isset($crypto_key) )
unset($crypto_key); // Get this sucker out of memory fast
- if(!defined('ENANO_INSTALLED') && !defined('MIDGET_INSTALLED') && !defined('IN_ENANO_INSTALL') )
+
+ if ( !defined('ENANO_INSTALLED') && !defined('MIDGET_INSTALLED') && !defined('IN_ENANO_INSTALL') )
{
dc_here('dbal: oops, looks like Enano isn\'t set up. Constants ENANO_INSTALLED, MIDGET_INSTALLED, and IN_ENANO_INSTALL are all undefined.');
header('Location: install.php');
@@ -136,46 +148,74 @@
$this->_conn = @mysql_connect($dbhost, $dbuser, $dbpasswd);
unset($dbuser);
unset($dbpasswd); // Security
- if(!$this->_conn) { dc_here('dbal: uhoh!
'.mysql_error()); grinding_halt('Enano is having a problem', 'Error: couldn\'t connect to MySQL.
'.mysql_error().'
'); }
+
+ if ( !$this->_conn )
+ {
+ dc_here('dbal: uhoh!
'.mysql_error());
+ grinding_halt('Enano is having a problem', 'Error: couldn\'t connect to MySQL.
'.mysql_error().'
');
+ }
+
+ // Reset some variables
$this->query_backtrace = '';
$this->num_queries = 0;
+
dc_here('dbal: we\'re in, selecting database...');
$q = $this->sql_query('USE `'.$dbname.'`;');
- if(!$q) $this->_die('The database could not be selected.');
+
+ if ( !$q )
+ $this->_die('The database could not be selected.');
+
+ // We're in!
dc_here('dbal: connected to MySQL');
+
$this->disable_errorhandler();
+ return true;
}
- function sql_query($q) {
+ function sql_query($q)
+ {
$this->enable_errorhandler();
$this->num_queries++;
- $this->query_backtrace .= $q."\n";
+ $this->query_backtrace .= $q . "\n";
$this->latest_query = $q;
dc_here('dbal: making SQL query:
'.$q.'');
- if(!$this->_conn) $this->_die('A database connection has not yet been established.');
- if(!$this->check_query($q))
+ // First make sure we have a connection
+ if ( !$this->_conn )
+ {
+ $this->_die('A database connection has not yet been established.');
+ }
+ // Does this query look malicious?
+ if ( !$this->check_query($q) )
{
$this->report_query($q);
grinding_halt('SQL Injection attempt', 'Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.
Query was:
'.htmlspecialchars($q).'
');
}
+
$r = mysql_query($q, $this->_conn);
$this->latest_result = $r;
$this->disable_errorhandler();
return $r;
}
- function sql_unbuffered_query($q) {
+ function sql_unbuffered_query($q)
+ {
$this->enable_errorhandler();
$this->num_queries++;
$this->query_backtrace .= '(UNBUFFERED) ' . $q."\n";
$this->latest_query = $q;
dc_here('dbal: making SQL query:
'.$q.'');
- if(!$this->_conn) $this->_die('A database connection has not yet been established.');
- if(!$this->check_query($q))
+ // First make sure we have a connection
+ if ( !$this->_conn )
+ {
+ $this->_die('A database connection has not yet been established.');
+ }
+ // Does this query look malicious?
+ if ( !$this->check_query($q) )
{
$this->report_query($q);
grinding_halt('SQL Injection attempt', 'Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.
Query was:
'.htmlspecialchars($q).'
');
}
+
$r = mysql_unbuffered_query($q, $this->_conn);
$this->latest_result = $r;
$this->disable_errorhandler();