Commit 762a62a4 authored by Till Brehm's avatar Till Brehm

Merge branch 'stable-3.1' into 'stable-3.1'

merge db_mysql.inc.php from server/ and interface/

See merge request ispconfig/ispconfig3!815
parents b5d44399 0e8a6d59
......@@ -62,7 +62,11 @@ class app {
$this->_conf = $conf;
if($this->_conf['start_db'] == true) {
$this->load('db_'.$this->_conf['db_type']);
$this->db = new db;
try {
$this->db = new db;
} catch (Exception $e) {
$this->db = false;
}
}
//* Start the session
......
<?php
/*
* db_mysql.inc.php: ISPConfig mysql db interface
*
* Note! When making changes to this file, put a copy in both locations:
* interface/lib/classes/db_mysql.inc.php
* server/lib/classes/db_mysql.inc.php
*/
/*
Copyright (c) 2005, Till Brehm, projektfarm Gmbh
All rights reserved.
......@@ -27,7 +35,8 @@
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
class db {
class db
{
/**#@+
* @access private
*/
......@@ -40,12 +49,10 @@ class db {
private $dbUser = ''; // database authorized user
private $dbPass = ''; // user's password
private $dbCharset = 'utf8';// Database charset
private $dbNewLink = false; // Return a new linkID when connect is called again
private $dbClientFlags = 0; // MySQL Client falgs
/**#@-*/
public $show_error_messages = false; // false in server, true in interface
public $show_error_messages = false; // false in server, interface sets true when generating templates
/* old things - unused now ////
private $linkId = 0; // last result of mysqli_connect()
......@@ -53,8 +60,8 @@ class db {
private $record = array(); // last record fetched
private $autoCommit = 1; // Autocommit Transactions
private $currentRow; // current row number
private $errorNumber = 0; // last error number
*/
public $errorNumber = 0; // last error number
public $errorMessage = ''; // last error message
/*
private $errorLocation = '';// last error location
......@@ -63,34 +70,38 @@ class db {
*/
// constructor
public function __construct($prefix = '') {
global $conf;
if($prefix != '') $prefix .= '_';
$this->dbHost = $conf[$prefix.'db_host'];
$this->dbPort = $conf[$prefix.'db_port'];
$this->dbName = $conf[$prefix.'db_database'];
$this->dbUser = $conf[$prefix.'db_user'];
$this->dbPass = $conf[$prefix.'db_password'];
$this->dbCharset = $conf[$prefix.'db_charset'];
$this->dbNewLink = $conf[$prefix.'db_new_link'];
$this->dbClientFlags = $conf[$prefix.'db_client_flags'];
public function __construct($host = NULL , $user = NULL, $pass = NULL, $database = NULL, $port = NULL, $flags = NULL) {
global $app, $conf;
$this->dbHost = $host ? $host : $conf['db_host'];
$this->dbPort = $port ? $port : $conf['db_port'];
$this->dbName = $database ? $database : $conf['db_database'];
$this->dbUser = $user ? $user : $conf['db_user'];
$this->dbPass = $pass ? $pass : $conf['db_password'];
$this->dbCharset = $conf['db_charset'];
$this->dbClientFlags = ($flags !== NULL) ? $flags : $conf['db_client_flags'];
$this->_iConnId = mysqli_init();
mysqli_real_connect($this->_iConnId, $this->dbHost, $this->dbUser, $this->dbPass, '', (int)$this->dbPort, NULL, $this->dbClientFlags);
for($try=0;(!is_object($this->_iConnId) || mysqli_connect_error()) && $try < 5;++$try) {
for($try=0;(!is_object($this->_iConnId) || mysqli_connect_errno()) && $try < 5;++$try) {
sleep($try);
mysqli_real_connect($this->_iConnId, $this->dbHost, $this->dbUser, $this->dbPass, '', (int)$this->dbPort, NULL, $this->dbClientFlags);
if(!is_object($this->_iConnId)) {
$this->_iConnId = mysqli_init();
}
if(!mysqli_real_connect($this->_iConnId, $this->dbHost, $this->dbUser, $this->dbPass, '', (int)$this->dbPort, NULL, $this->dbClientFlags)) {
$this->_sqlerror('Database connection failed');
}
}
if(!is_object($this->_iConnId) || mysqli_connect_error()) {
if(!is_object($this->_iConnId) || mysqli_connect_errno()) {
$this->_iConnId = null;
$this->_sqlerror('Zugriff auf Datenbankserver fehlgeschlagen! / Database server not accessible!');
return false;
$this->_sqlerror('Zugriff auf Datenbankserver fehlgeschlagen! / Database server not accessible!', '', true); // sets errorMessage
throw new Exception($this->errorMessage);
}
if(!((bool)mysqli_query( $this->_iConnId, 'USE `' . $this->dbName . '`'))) {
$this->close();
$this->_sqlerror('Datenbank nicht gefunden / Database not found');
return false;
$this->_sqlerror('Datenbank nicht gefunden / Database not found', '', true); // sets errorMessage
throw new Exception($this->errorMessage);
}
$this->_setCharset();
......@@ -105,6 +116,23 @@ class db {
$this->_iConnId = null;
}
/*
* Test mysql connection.
*
* @return boolean returns true if db connection is good.
*/
public function testConnection() {
if(mysqli_connect_errno()) {
return false;
}
return (boolean)(is_object($this->_iConnId) && mysqli_ping($this->_iConnId));
}
/* This allows our private variables to be "read" out side of the class */
public function __get($var) {
return isset($this->$var) ? $this->$var : NULL;
}
public function _build_query_string($sQuery = '') {
$iArgs = func_num_args();
if($iArgs > 1) {
......@@ -127,7 +155,7 @@ class db {
if($iPos2 !== false && ($iPos === false || $iPos2 <= $iPos)) {
$sTxt = $this->escape($sValue);
$sTxt = str_replace('`', '', $sTxt);
if(strpos($sTxt, '.') !== false) {
$sTxt = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $sTxt);
......@@ -169,33 +197,33 @@ class db {
/**#@+
* @access private
*/
* @access private
*/
private function _setCharset() {
mysqli_query($this->_iConnId, 'SET NAMES '.$this->dbCharset);
mysqli_query($this->_iConnId, "SET character_set_results = '".$this->dbCharset."', character_set_client = '".$this->dbCharset."', character_set_connection = '".$this->dbCharset."', character_set_database = '".$this->dbCharset."', character_set_server = '".$this->dbCharset."'");
$this->query('SET NAMES '.$this->dbCharset);
$this->query("SET character_set_results = '".$this->dbCharset."', character_set_client = '".$this->dbCharset."', character_set_connection = '".$this->dbCharset."', character_set_database = '".$this->dbCharset."', character_set_server = '".$this->dbCharset."'");
}
private function securityScan($string) {
global $app, $conf;
// get security config
if(isset($app)) {
$app->uses('getconf');
$ids_config = $app->getconf->get_security_config('ids');
if($ids_config['sql_scan_enabled'] == 'yes') {
// Remove whitespace
$string = trim($string);
if(substr($string,-1) == ';') $string = substr($string,0,-1);
// Save original string
$string_orig = $string;
//echo $string;
$chars = array(';', '#', '/*', '*/', '--', '\\\'', '\\"');
$string = str_replace('\\\\', '', $string);
$string = preg_replace('/(^|[^\\\])([\'"])\\2/is', '$1', $string);
$string = preg_replace('/(^|[^\\\])([\'"])(.*?[^\\\])\\2/is', '$1', $string);
......@@ -239,14 +267,28 @@ class db {
$try = 0;
do {
$try++;
$ok = mysqli_ping($this->_iConnId);
$ok = (is_object($this->_iConnId)) ? mysqli_ping($this->_iConnId) : false;
if(!$ok) {
if(!mysqli_real_connect(mysqli_init(), $this->dbHost, $this->dbUser, $this->dbPass, $this->dbName, (int)$this->dbPort, NULL, $this->dbClientFlags)) {
if($try > 4) {
$this->_sqlerror('DB::query -> reconnect');
if(!is_object($this->_iConnId)) {
$this->_iConnId = mysqli_init();
}
if(!mysqli_real_connect($this->_isConnId, $this->dbHost, $this->dbUser, $this->dbPass, $this->dbName, (int)$this->dbPort, NULL, $this->dbClientFlags)) {
if(mysqli_connect_errno() == '111') {
// server is not available
if($try > 9) {
if(isset($app) && isset($app->forceErrorExit)) {
$app->forceErrorExit('Database connection failure!');
}
// if we reach this, the app object is missing or has no exit method, so we continue as normal
}
sleep(30); // additional seconds, please!
}
if($try > 9) {
$this->_sqlerror('db::_query -> reconnect', '', true);
return false;
} else {
sleep(1);
sleep(($try > 7 ? 5 : 1));
}
} else {
$this->_setCharset();
......@@ -258,7 +300,7 @@ class db {
$aArgs = func_get_args();
$sQuery = call_user_func_array(array(&$this, '_build_query_string'), $aArgs);
$this->securityScan($sQuery);
$this->_iQueryId = @mysqli_query($this->_iConnId, $sQuery);
$this->_iQueryId = mysqli_query($this->_iConnId, $sQuery);
if (!$this->_iQueryId) {
$this->_sqlerror('Falsche Anfrage / Wrong Query', 'SQL-Query = ' . $sQuery);
return false;
......@@ -390,7 +432,7 @@ class db {
}
public function query_all_array($sQuery = '') {
return $this->queryAllArray($sQuery);
return call_user_func_array(array(&$this, 'queryAllArray'), func_get_args());
}
......@@ -404,13 +446,14 @@ class db {
* @return int id of last inserted row or 0 if none
*/
public function insert_id() {
$iRes = mysqli_query($this->_iConnId, 'SELECT LAST_INSERT_ID() as `newid`');
if(!is_object($iRes)) return false;
$aReturn = mysqli_fetch_assoc($iRes);
mysqli_free_result($iRes);
return $aReturn['newid'];
$oResult = $this->query('SELECT LAST_INSERT_ID() as `newid`');
if(!$oResult) {
$this->_sqlerror('Unable to select last_insert_id()');
return false;
}
$aReturn = $oResult->get();
$oResult->free();
return isset($aReturn['newid']) ? $aReturn['newid'] : 0;
}
......@@ -431,6 +474,7 @@ class db {
}
/**
* check if a utf8 string is valid
*
......@@ -470,7 +514,7 @@ class db {
public function escape($sString) {
global $app;
if(!is_string($sString) && !is_numeric($sString)) {
$app->log('NON-String given in escape function! (' . gettype($sString) . ')', LOGLEVEL_DEBUG);
$app->log('NON-String given in escape function! (' . gettype($sString) . ')', LOGLEVEL_INFO);
//$sAddMsg = getDebugBacktrace();
$app->log($sAddMsg, LOGLEVEL_DEBUG);
$sString = '';
......@@ -479,7 +523,7 @@ class db {
$cur_encoding = mb_detect_encoding($sString);
if($cur_encoding != "UTF-8") {
if($cur_encoding != 'ASCII') {
if(is_object($app) && method_exists($app, 'log')) $app->log('String ' . substr($sString, 0, 25) . '... is ' . $cur_encoding . '.', LOGLEVEL_DEBUG);
if(is_object($app) && method_exists($app, 'log')) $app->log('String ' . substr($sString, 0, 25) . '... is ' . $cur_encoding . '.', LOGLEVEL_INFO);
if($cur_encoding) $sString = mb_convert_encoding($sString, 'UTF-8', $cur_encoding);
else $sString = mb_convert_encoding($sString, 'UTF-8');
}
......@@ -496,20 +540,27 @@ class db {
*
* @access private
*/
private function _sqlerror($sErrormsg = 'Unbekannter Fehler', $sAddMsg = '') {
private function _sqlerror($sErrormsg = 'Unbekannter Fehler', $sAddMsg = '', $bNoLog = false) {
global $app, $conf;
$mysql_error = (is_object($this->_iConnId) ? mysqli_error($this->_iConnId) : mysqli_connect_error());
$mysql_errno = (is_object($this->_iConnId) ? mysqli_errno($this->_iConnId) : mysqli_connect_errno());
$mysql_errno = mysqli_connect_errno();
$mysql_error = mysqli_connect_error();
if ($mysql_errno === 0 && is_object($this->_iConnId)) {
$mysql_errno = mysqli_errno($this->_iConnId);
$mysql_error = mysqli_error($this->_iConnId);
}
$this->errorNumber = $mysql_error;
$this->errorMessage = $mysql_error;
//$sAddMsg .= getDebugBacktrace();
if($this->show_error_messages && $conf['demo_mode'] === false) {
echo $sErrormsg . $sAddMsg;
} else if(is_object($app) && method_exists($app, 'log')) {
$app->log($sErrormsg . $sAddMsg . ' -> ' . $mysql_errno . ' (' . $mysql_error . ')', LOGLEVEL_WARN);
}
} elseif(is_object($app) && method_exists($app, 'log') && $bNoLog == false) {
$app->log($sErrormsg . $sAddMsg . ' -> ' . $mysql_errno . ' (' . $mysql_error . ')', LOGLEVEL_WARN, false);
} elseif(php_sapi_name() == 'cli') {
echo $sErrormsg . $sAddMsg;
}
}
public function affectedRows() {
......@@ -541,27 +592,27 @@ class db {
}
return $out;
}
public function insertFromArray($tablename, $data) {
if(!is_array($data)) return false;
$k_query = '';
$v_query = '';
$params = array($tablename);
$v_params = array();
foreach($data as $key => $value) {
$k_query .= ($k_query != '' ? ', ' : '') . '??';
$v_query .= ($v_query != '' ? ', ' : '') . '?';
$params[] = $key;
$v_params[] = $value;
}
$query = 'INSERT INTO ?? (' . $k_query . ') VALUES (' . $v_query . ')';
return $this->query($query, true, array_merge($params, $v_params));
}
public function diffrec($record_old, $record_new) {
$diffrec_full = array();
$diff_num = 0;
......@@ -597,15 +648,36 @@ class db {
}
/**
* Function to get the database-size
* @param string $database_name
* @return int - database-size in bytes
*/
public function getDatabaseSize($database_name) {
global $app;
require_once 'lib/mysql_clientdb.conf';
$result = $this->_query("SELECT SUM(data_length+index_length) FROM information_schema.TABLES WHERE table_schema='".$this->escape($database_name)."'");
if(!$result) {
$this->_sqlerror('Unable to determine the size of database ' . $database_name);
return;
}
$database_size = $result->getAsRow();
$result->free();
return $database_size[0] ? $database_size[0] : 0;
}
//** Function to fill the datalog with a full differential record.
public function datalogSave($db_table, $action, $primary_field, $primary_id, $record_old, $record_new, $force_update = false) {
global $app, $conf;
global $app;
// Check fields
if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$db_table)) $app->error('Invalid table name '.$db_table);
if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$primary_field)) $app->error('Invalid primary field '.$primary_field.' in table '.$db_table);
$primary_id = intval($primary_id);
// Insert backticks only for incomplete table names.
if(stristr($db_table, '.')) {
$escape = '';
} else {
$escape = '`';
}
if($force_update == true) {
//* We force a update even if no record has changed
......@@ -625,12 +697,13 @@ class db {
if($diff_num > 0) {
//print_r($diff_num);
//print_r($diffrec_full);
$diffstr = serialize($diffrec_full);
$username = $_SESSION['s']['user']['username'];
if(isset($_SESSION)) {
$username = $_SESSION['s']['user']['username'];
} else {
$username = 'admin';
}
$dbidx = $primary_field.':'.$primary_id;
if(trim($username) == '') $username = 'none';
if($action == 'INSERT') $action = 'i';
if($action == 'UPDATE') $action = 'u';
......@@ -645,11 +718,11 @@ class db {
//** Inserts a record and saves the changes into the datalog
public function datalogInsert($tablename, $insert_data, $index_field) {
global $app;
// Check fields
if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename);
if(is_array($insert_data)) {
$key_str = '';
$val_str = '';
......@@ -688,7 +761,7 @@ class db {
// Check fields
if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename);
$old_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
if(is_array($update_data)) {
......@@ -723,7 +796,7 @@ class db {
// Check fields
if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename);
$old_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
$this->query("DELETE FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
$new_rec = array();
......@@ -732,13 +805,20 @@ class db {
return true;
}
//** Deletes a record and saves the changes into the datalog
public function datalogError($errormsg) {
global $app;
if(isset($app->modules->current_datalog_id) && $app->modules->current_datalog_id > 0) $this->query("UPDATE sys_datalog set error = ? WHERE datalog_id = ?", $errormsg, $app->modules->current_datalog_id);
return true;
}
//* get the current datalog status for the specified login (or currently logged in user)
public function datalogStatus($login = '') {
global $app;
$return = array('count' => 0, 'entries' => array());
//if($_SESSION['s']['user']['typ'] == 'admin') return $return; // these information should not be displayed to admin users
// removed in favor of new non intrusive datalogstatus notification header
if($login == '' && isset($_SESSION['s']['user'])) {
$login = $_SESSION['s']['user']['username'];
......@@ -747,14 +827,24 @@ class db {
$result = $this->queryAllRecords("SELECT COUNT( * ) AS cnt, sys_datalog.action, sys_datalog.dbtable FROM sys_datalog, server WHERE server.server_id = sys_datalog.server_id AND sys_datalog.user = ? AND sys_datalog.datalog_id > server.updated GROUP BY sys_datalog.dbtable, sys_datalog.action", $login);
foreach($result as $row) {
if(!$row['dbtable'] || in_array($row['dbtable'], array('aps_instances', 'aps_instances_settings', 'mail_access', 'mail_content_filter'))) continue; // ignore some entries, maybe more to come
$return['entries'][] = array('table' => $row['dbtable'], 'action' => $row['action'], 'count' => $row['cnt'], 'text' => $app->lng('datalog_status_' . $row['action'] . '_' . $row['dbtable']));
$return['count'] += $row['cnt'];
$return['entries'][] = array('table' => $row['dbtable'], 'action' => $row['action'], 'count' => $row['cnt'], 'text' => $app->lng('datalog_status_' . $row['action'] . '_' . $row['dbtable'])); $return['count'] += $row['cnt'];
}
unset($result);
return $return;
}
public function freeResult($query)
{
if(is_object($query) && (get_class($query) == "mysqli_result")) {
$query->free();
return true;
} else {
return false;
}
}
/*
$columns = array(action => add | alter | drop
name => Spaltenname
......@@ -879,15 +969,6 @@ class db {
if($rows = $app->db->queryAllRecords('SHOW FIELDS FROM ??', $table_name)){
foreach($rows as $row) {
/*
$name = $row[0];
$default = $row[4];
$key = $row[3];
$extra = $row[5];
$isnull = $row[2];
$type = $row[1];
*/
$name = $row['Field'];
$default = $row['Default'];
$key = $row['Key'];
......@@ -988,7 +1069,7 @@ class db {
return 'char';
break;
case 'varchar':
if($typeValue < 1) die('Database failure: Lenght required for these data types.');
if($typeValue < 1) die('Database failure: Length required for these data types.');
return 'varchar('.$typeValue.')';
break;
case 'text':
......
......@@ -36,7 +36,11 @@ class session {
private $permanent = false;
function __construct($session_timeout = 0) {
$this->db = new db;
try {
$this->db = new db;
} catch (Exception $e) {
$this->db = false;
}
$this->timeout = $session_timeout;
}
......
......@@ -25,6 +25,9 @@ body {
.form-group input[type='checkbox'] {
margin-top: 10px; }
.form-group .checkbox-inline input[type='checkbox'] {
margin-top: 4px; }
.control-label {
font-weight: normal; }
.control-label:after {
......
......@@ -25,6 +25,9 @@ body
.form-group input[type='checkbox']
margin-top: 10px
.form-group .checkbox-inline input[type='checkbox']
margin-top: 4px
.control-label
font-weight: normal
......@@ -311,4 +314,4 @@ thead.dark
.input-group-field:last-child
border-top-left-radius: 0
border-bottom-left-radius: 0
\ No newline at end of file
border-bottom-left-radius: 0
......@@ -49,32 +49,27 @@ if(isset($_POST['start']) && $_POST['start'] == 1) {
//* CSRF Check
$app->auth->csrf_token_check();
//* Set variable sin template
//* Set variables in template
$app->tpl->setVar('dbhost', $_POST['dbhost'], true);
$app->tpl->setVar('dbname', $_POST['dbname'], true);
$app->tpl->setVar('dbuser', $_POST['dbuser'], true);
$app->tpl->setVar('dbpassword', $_POST['dbpassword'], true);
$app->tpl->setVar('dbssl', 'true', true);
//* Establish connection to external database
$msg .= 'Connecting to external database...<br />';
//* Backup DB login details
/*$conf_bak['db_host'] = $conf['db_host'];
$conf_bak['db_database'] = $conf['db_database'];
$conf_bak['db_user'] = $conf['db_user'];
$conf_bak['db_password'] = $conf['db_password'];*/
//* Set external db client flags
$db_client_flags = 0;
if(isset($_POST['dbssl']) && $_POST['dbssl'] == 1) $db_client_flags |= MYSQLI_CLIENT_SSL;
//* Set external Login details
$conf['imp_db_host'] = $_POST['dbhost'];
$conf['imp_db_database'] = $_POST['dbname'];
$conf['imp_db_user'] = $_POST['dbuser'];
$conf['imp_db_password'] = $_POST['dbpassword'];
$conf['imp_db_charset'] = $conf['db_charset'];
$conf['imp_db_new_link'] = $conf['db_new_link'];
$conf['imp_db_client_flags'] = $conf['db_client_flags'];
//* create new db object
$exdb = new db('imp');
//* create new db object with external login details
try {
$exdb =