db_mysql.inc.php 34.4 KB
Newer Older
tbrehm's avatar
tbrehm committed
1
2
<?php
/*
3
4
   Copyright (c) 2005, Till Brehm, projektfarm Gmbh
   All rights reserved.
tbrehm's avatar
tbrehm committed
5

6
7
   Redistribution and use in source and binary forms, with or without modification,
   are permitted provided that the following conditions are met:
tbrehm's avatar
tbrehm committed
8

9
10
11
12
13
14
15
16
 * Redistributions of source code must retain the above copyright notice,
 this list of conditions and the following disclaimer.
 * Redistributions in binary form must reproduce the above copyright notice,
 this list of conditions and the following disclaimer in the documentation
 and/or other materials provided with the distribution.
 * Neither the name of ISPConfig nor the names of its contributors
 may be used to endorse or promote products derived from this software without
 specific prior written permission.
tbrehm's avatar
tbrehm committed
17

18
19
20
21
22
23
24
25
26
27
28
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
 OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
tbrehm's avatar
tbrehm committed
29

30
31
class db extends mysqli
{
32
33
34
35
36
37
	/**#@+
     * @access private
     */
	private $_iQueryId;
	private $_iConnId;

38
	private $dbHost = '';  // hostname of the MySQL server
39
	private $dbPort = '';  // port of the MySQL server
40
41
42
43
44
45
	private $dbName = '';  // logical database name on that server
	private $dbUser = '';  // database authorized user
	private $dbPass = '';  // user's password
	private $dbCharset = 'utf8';// Database charset
	private $dbNewLink = false; // Return a new linkID when connect is called again
	private $dbClientFlags = 0; // MySQL Client falgs
46
47
48
49
50
51
	/**#@-*/

	public $show_error_messages = false; // false in server, true in interface


	/* old things - unused now ////
52
53
54
55
56
57
	private $linkId = 0;  // last result of mysqli_connect()
	private $queryId = 0;  // last result of mysqli_query()
	private $record = array(); // last record fetched
	private $autoCommit = 1;    // Autocommit Transactions
	private $currentRow;  // current row number
	private $errorNumber = 0; // last error number
Marius Cramer's avatar
Marius Cramer committed
58
	*/
59
	public $errorMessage = ''; // last error message
Marius Cramer's avatar
Marius Cramer committed
60
	/*
61
62
	private $errorLocation = '';// last error location
	private $isConnected = false; // needed to know if we have a valid mysqli object from the constructor
63
64
	////
	*/
65
66
67
68
69
70

	// constructor
	public function __construct($prefix = '') {
		global $conf;
		if($prefix != '') $prefix .= '_';
		$this->dbHost = $conf[$prefix.'db_host'];
71
		$this->dbPort = $conf[$prefix.'db_port'];
72
73
74
75
76
77
		$this->dbName = $conf[$prefix.'db_database'];
		$this->dbUser = $conf[$prefix.'db_user'];
		$this->dbPass = $conf[$prefix.'db_password'];
		$this->dbCharset = $conf[$prefix.'db_charset'];
		$this->dbNewLink = $conf[$prefix.'db_new_link'];
		$this->dbClientFlags = $conf[$prefix.'db_client_flags'];
78

Marius Cramer's avatar
Marius Cramer committed
79
		$this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass, '', (int)$this->dbPort);
80
		$try = 0;
81
		while((!is_object($this->_iConnId) || mysqli_connect_error()) && $try < 5) {
82
83
84
			if($try > 0) sleep(1);

			$try++;
Marius Cramer's avatar
Marius Cramer committed
85
			$this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass, '', (int)$this->dbPort);
86
		}
87

88
89
90
91
92
		if(!is_object($this->_iConnId) || mysqli_connect_error()) {
			$this->_iConnId = null;
			$this->_sqlerror('Zugriff auf Datenbankserver fehlgeschlagen! / Database server not accessible!');
			return false;
		}
93
		if(!((bool)mysqli_query( $this->_iConnId, 'USE `' . $this->dbName . '`'))) {
94
95
96
97
			$this->close();
			$this->_sqlerror('Datenbank nicht gefunden / Database not found');
			return false;
		}
98

99
		$this->_setCharset();
100
101
102
	}

	public function __destruct() {
103
		if($this->_iConnId) mysqli_close($this->_iConnId);
104
105
	}

106
107
108
109
	public function close() {
		if($this->_iConnId) mysqli_close($this->_iConnId);
		$this->_iConnId = null;
	}
110

111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
	public function _build_query_string($sQuery = '') {
		$iArgs = func_num_args();
		if($iArgs > 1) {
			$aArgs = func_get_args();

			if($iArgs == 3 && $aArgs[1] === true && is_array($aArgs[2])) {
				$aArgs = $aArgs[2];
				$iArgs = count($aArgs);
			} else {
				array_shift($aArgs); // delete the query string that is the first arg!
			}

			$iPos = 0;
			$iPos2 = 0;
			foreach($aArgs as $sKey => $sValue) {
				$iPos2 = strpos($sQuery, '??', $iPos2);
				$iPos = strpos($sQuery, '?', $iPos);
128

129
				if($iPos === false && $iPos2 === false) break;
130

131
132
				if($iPos2 !== false && ($iPos === false || $iPos2 <= $iPos)) {
					$sTxt = $this->escape($sValue);
133
134
					
					$sTxt = str_replace('`', '', $sTxt);
135
136
137
138
					if(strpos($sTxt, '.') !== false) {
						$sTxt = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $sTxt);
						$sTxt = str_replace('.`*`', '.*', $sTxt);
					} else $sTxt = '`' . $sTxt . '`';
139
140
141
142
143
144
145

					$sQuery = substr_replace($sQuery, $sTxt, $iPos2, 2);
					$iPos2 += strlen($sTxt);
					$iPos = $iPos2;
				} else {
					if(is_int($sValue) || is_float($sValue)) {
						$sTxt = $sValue;
146
					} elseif(is_null($sValue) || (is_string($sValue) && (strcmp($sValue, '#NULL#') == 0))) {
147
148
						$sTxt = 'NULL';
					} elseif(is_array($sValue)) {
149
150
151
152
153
154
155
156
						if(isset($sValue['SQL'])) {
							$sTxt = $sValue['SQL'];
						} else {
							$sTxt = '';
							foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';
							$sTxt = '(' . substr($sTxt, 1) . ')';
							if($sTxt == '()') $sTxt = '(0)';
						}
157
158
159
160
161
162
163
					} else {
						$sTxt = '\'' . $this->escape($sValue) . '\'';
					}

					$sQuery = substr_replace($sQuery, $sTxt, $iPos, 1);
					$iPos += strlen($sTxt);
					$iPos2 = $iPos;
164
				}
165
			}
166
		}
167
168

		return $sQuery;
169
	}
170

171
172
173
174
175
176
177
178
179
	/**#@-*/


	/**#@+
     * @access private
     */
	private function _setCharset() {
		mysqli_query($this->_iConnId, 'SET NAMES '.$this->dbCharset);
		mysqli_query($this->_iConnId, "SET character_set_results = '".$this->dbCharset."', character_set_client = '".$this->dbCharset."', character_set_connection = '".$this->dbCharset."', character_set_database = '".$this->dbCharset."', character_set_server = '".$this->dbCharset."'");
180
	}
181
182
183
184
185
186
187
188
189
190
191
	
	private function securityScan($string) {
		global $app, $conf;
		
		// get security config
		if(isset($app)) {
			$app->uses('getconf');
			$ids_config = $app->getconf->get_security_config('ids');
			
			if($ids_config['sql_scan_enabled'] == 'yes') {
				
192
193
194
195
196
				// Remove whitespace
				$string = trim($string);
				if(substr($string,-1) == ';') $string = substr($string,0,-1);
				
				// Save original string
197
198
199
				$string_orig = $string;
				
				//echo $string;
200
				$chars = array(';', '#', '/*', '*/', '--', '\\\'', '\\"');
201
202
		
				$string = str_replace('\\\\', '', $string);
203
204
				$string = preg_replace('/(^|[^\\\])([\'"])\\2/is', '$1', $string);
				$string = preg_replace('/(^|[^\\\])([\'"])(.*?[^\\\])\\2/is', '$1', $string);
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
				$ok = true;

				if(substr_count($string, "`") % 2 != 0 || substr_count($string, "'") % 2 != 0 || substr_count($string, '"') % 2 != 0) {
					$app->log("SQL injection warning (" . $string_orig . ")",2);
					$ok = false;
				} else {
					foreach($chars as $char) {
						if(strpos($string, $char) !== false) {
							$ok = false;
							$app->log("SQL injection warning (" . $string_orig . ")",2);
							break;
						}
					}
				}
				if($ok == true) {
					return true;
				} else {
					if($ids_config['sql_scan_action'] == 'warn') {
						// we return false in warning level.
						return false;
					} else {
						// if sql action = 'block' or anything else then stop here.
						$app->error('Possible SQL injection. All actions have been logged.');
					}
				}
			}
		}
	}
233

234
235
236
237
238
239
240
241
	private function _query($sQuery = '') {
		global $app;

		if ($sQuery == '') {
			$this->_sqlerror('Keine Anfrage angegeben / No query given');
			return false;
		}

242
243
244
		$try = 0;
		do {
			$try++;
245
			$ok = mysqli_ping($this->_iConnId);
246
			if(!$ok) {
247
				if(!mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass, $this->dbName, (int)$this->dbPort)) {
248
					if($try > 4) {
249
						$this->_sqlerror('DB::query -> reconnect');
250
251
252
253
254
						return false;
					} else {
						sleep(1);
					}
				} else {
255
					$this->_setCharset();
256
257
258
259
					$ok = true;
				}
			}
		} while($ok == false);
260
261
262

		$aArgs = func_get_args();
		$sQuery = call_user_func_array(array(&$this, '_build_query_string'), $aArgs);
Marius Cramer's avatar
Marius Cramer committed
263
		$this->securityScan($sQuery);
264

265
		$this->_iQueryId = @mysqli_query($this->_iConnId, $sQuery);
266
		if (!$this->_iQueryId) {
Marius Cramer's avatar
Marius Cramer committed
267
			$this->_sqlerror('Falsche Anfrage / Wrong Query', 'SQL-Query = ' . $sQuery);
268
269
			return false;
		}
270
271

		return is_bool($this->_iQueryId) ? $this->_iQueryId : new db_result($this->_iQueryId, $this->_iConnId);
272
	}
273

274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
	/**#@-*/





	/**
	 * Executes a query
	 *
	 * Executes a given query string, has a variable amount of parameters:
	 * - 1 parameter
	 *   executes the given query
	 * - 2 parameters
	 *   executes the given query, replaces the first ? in the query with the second parameter
	 * - 3 parameters
	 *   if the 2nd parameter is a boolean true, the 3rd parameter has to be an array containing all the replacements for every occuring ? in the query, otherwise the second parameter replaces the first ?, the third parameter replaces the second ? in the query
	 * - 4 or more parameters
	 *   all ? in the query are replaced from left to right by the parameters 2 to x
	 *
	 * @access public
	 * @param string  $sQuery query string
	 * @param mixed   ... one or more parameters
	 * @return db_result the result object of the query
	 */


	public function query($sQuery = '') {
		$aArgs = func_get_args();
		return call_user_func_array(array(&$this, '_query'), $aArgs);
	}

	/**
	 * Execute a query and get first result array
	 *
	 * Executes a query and returns the first result row as an array
	 * This is like calling $result = $db->query(),  $result->get(), $result->free()
	 * Use of this function @see query
	 *
	 * @access public
	 * @param string  $sQuery query to execute
	 * @param ...     further params (see query())
	 * @return array result row or NULL if none found
	 */
	public function queryOneRecord($sQuery = '') {
		if(!preg_match('/limit \d+\s*,\s*\d+$/i', $sQuery)) $sQuery .= ' LIMIT 0,1';

		$aArgs = func_get_args();
		$oResult = call_user_func_array(array(&$this, 'query'), $aArgs);
		if(!$oResult) return null;

		$aReturn = $oResult->get();
		$oResult->free();

		return $aReturn;
	}

	public function queryOne($sQuery = '') {
331
		return call_user_func_array(array(&$this, 'queryOneRecord'), func_get_args());
332
333
334
	}

	public function query_one($sQuery = '') {
335
		return call_user_func_array(array(&$this, 'queryOneRecord'), func_get_args());
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
	}

	/**
	 * Execute a query and return all rows
	 *
	 * Executes a query and returns all result rows in an array
	 * <strong>Use this with extreme care!!!</strong> Uses lots of memory on big result sets.
	 *
	 * @access public
	 * @param string  $sQuery query to execute
	 * @param ...     further params (see query())
	 * @return array all the rows in the result set
	 */
	public function queryAllRecords($sQuery = '') {
		$aArgs = func_get_args();
		$oResult = call_user_func_array(array(&$this, 'query'), $aArgs);
		if(!$oResult) return array();

		$aResults = array();
		while($aRow = $oResult->get()) {
			$aResults[] = $aRow;
357
		}
358
359
360
		$oResult->free();

		return $aResults;
361
362
	}

363
	public function queryAll($sQuery = '') {
364
		return call_user_func_array(array(&$this, 'queryAllRecords'), func_get_args());
365
366
367
	}

	public function query_all($sQuery = '') {
368
		return call_user_func_array(array(&$this, 'queryAllRecords'), func_get_args());
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
	}

	/**
	 * Execute a query and return all rows as simple array
	 *
	 * Executes a query and returns all result rows in an array with elements
	 * <strong>Only first column is returned</strong> Uses lots of memory on big result sets.
	 *
	 * @access public
	 * @param string  $sQuery query to execute
	 * @param ...     further params (see query())
	 * @return array all the rows in the result set
	 */
	public function queryAllArray($sQuery = '') {
		$aArgs = func_get_args();
		$oResult = call_user_func_array(array(&$this, 'query'), $aArgs);
		if(!$oResult) return array();

		$aResults = array();
		while($aRow = $oResult->get()) {
			$aResults[] = reset($aRow);
390
		}
391
392
393
		$oResult->free();

		return $aResults;
394
395
	}

396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
	public function query_all_array($sQuery = '') {
		return $this->queryAllArray($sQuery);
	}



	/**
	 * Get id of last inserted row
	 *
	 * Gives you the id of the last inserted row in a table with an auto-increment primary key
	 *
	 * @access public
	 * @return int id of last inserted row or 0 if none
	 */
	public function insert_id() {
		$iRes = mysqli_query($this->_iConnId, 'SELECT LAST_INSERT_ID() as `newid`');
		if(!is_object($iRes)) return false;

		$aReturn = mysqli_fetch_assoc($iRes);
		mysqli_free_result($iRes);

		return $aReturn['newid'];
	}



	/**
	 * get affected row count
	 *
	 * Gets the amount of rows affected by the previous query
	 *
	 * @access public
	 * @return int affected rows
	 */
	public function affected() {
		if(!is_object($this->_iConnId)) return 0;
		$iRows = mysqli_affected_rows($this->_iConnId);
		if(!$iRows) $iRows = 0;
		return $iRows;
	}


438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
	/**
	 * check if a utf8 string is valid
	 *
	 * @access public
	 * @param string  $string the string to check
	 * @return bool true if it is valid utf8, false otherwise
	 */
	private function check_utf8($str) {
		$len = strlen($str);
		for($i = 0; $i < $len; $i++){
			$c = ord($str[$i]);
			if ($c > 128) {
				if (($c > 247)) return false;
				elseif ($c > 239) $bytes = 4;
				elseif ($c > 223) $bytes = 3;
				elseif ($c > 191) $bytes = 2;
				else return false;
				if (($i + $bytes) > $len) return false;
				while ($bytes > 1) {
					$i++;
					$b = ord($str[$i]);
					if ($b < 128 || $b > 191) return false;
					$bytes--;
				}
			}
		}
		return true;
	} // end of check_utf8
466
467
468
469
470
471
472
473
474
475
476
477

	/**
	 * Escape a string for usage in a query
	 *
	 * @access public
	 * @param string  $sString query string to escape
	 * @return string escaped string
	 */
	public function escape($sString) {
		global $app;
		if(!is_string($sString) && !is_numeric($sString)) {
			$app->log('NON-String given in escape function! (' . gettype($sString) . ')', LOGLEVEL_INFO);
478
			//$sAddMsg = getDebugBacktrace();
479
480
			$app->log($sAddMsg, LOGLEVEL_DEBUG);
			$sString = '';
481
		}
482

483
		$cur_encoding = mb_detect_encoding($sString);
484
485
		if($cur_encoding != "UTF-8") {
			if($cur_encoding != 'ASCII') {
Marius Cramer's avatar
Marius Cramer committed
486
				if(is_object($app) && method_exists($app, 'log')) $app->log('String ' . substr($sString, 0, 25) . '... is ' . $cur_encoding . '.', LOGLEVEL_INFO);
487
488
489
				if($cur_encoding) $sString = mb_convert_encoding($sString, 'UTF-8', $cur_encoding);
				else $sString = mb_convert_encoding($sString, 'UTF-8');
			}
490
		} elseif(!$this->check_utf8($sString)) {
491
			$sString = utf8_encode($sString);
492
		}
493
494
495

		if($this->_iConnId) return mysqli_real_escape_string($this->_iConnId, $sString);
		else return addslashes($sString);
496
497
	}

498
499
500
501
502
503
504
505
506
507
	/**
	 *
	 *
	 * @access private
	 */
	private function _sqlerror($sErrormsg = 'Unbekannter Fehler', $sAddMsg = '') {
		global $app, $conf;

		$mysql_error = (is_object($this->_iConnId) ? mysqli_error($this->_iConnId) : mysqli_connect_error());
		$mysql_errno = (is_object($this->_iConnId) ? mysqli_errno($this->_iConnId) : mysqli_connect_errno());
Marius Cramer's avatar
Marius Cramer committed
508
		$this->errorMessage = $mysql_error;
509

510
		//$sAddMsg .= getDebugBacktrace();
511
512
513
514

		if($this->show_error_messages && $conf['demo_mode'] === false) {
			echo $sErrormsg . $sAddMsg;
		} else if(is_object($app) && method_exists($app, 'log')) {
Marius Cramer's avatar
Marius Cramer committed
515
				$app->log($sErrormsg . $sAddMsg . ' -> ' . $mysql_errno . ' (' . $mysql_error . ')', LOGLEVEL_WARN);
516
			}
517
518
519
	}

	public function affectedRows() {
520
		return $this->affected();
521
	}
522

523
524
	// returns mySQL insert id
	public function insertID() {
525
		return $this->insert_id();
526
527
528
529
530
	}


	//* Function to quote strings
	public function quote($formfield) {
531
		return $this->escape($formfield);
532
	}
533

534
535
536
537
538
539
540
541
542
543
544
545
546
547
	//* Function to unquotae strings
	public function unquote($formfield) {
		return stripslashes($formfield);
	}

	public function toLower($record) {
		if(is_array($record)) {
			foreach($record as $key => $val) {
				$key = strtolower($key);
				$out[$key] = $val;
			}
		}
		return $out;
	}
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
	
	public function insertFromArray($tablename, $data) {
		if(!is_array($data)) return false;
		
		$k_query = '';
		$v_query = '';
		
		$params = array($tablename);
		$v_params = array();
		
		foreach($data as $key => $value) {
			$k_query .= ($k_query != '' ? ', ' : '') . '??';
			$v_query .= ($v_query != '' ? ', ' : '') . '?';
			$params[] = $key;
			$v_params[] = $value;
		}
		
		$query = 'INSERT INTO ?? (' . $k_query . ') VALUES (' . $v_query . ')';
		return $this->query($query, true, $params + $v_params);
	}
	
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
	public function diffrec($record_old, $record_new) {
		$diffrec_full = array();
		$diff_num = 0;

		if(is_array($record_old) && count($record_old) > 0) {
			foreach($record_old as $key => $val) {
				// if(!isset($record_new[$key]) || $record_new[$key] != $val) {
				if(@$record_new[$key] != $val) {
					// Record has changed
					$diffrec_full['old'][$key] = $val;
					$diffrec_full['new'][$key] = @$record_new[$key];
					$diff_num++;
				} else {
					$diffrec_full['old'][$key] = $val;
					$diffrec_full['new'][$key] = $val;
				}
			}
		} elseif(is_array($record_new)) {
			foreach($record_new as $key => $val) {
				if(isset($record_new[$key]) && @$record_old[$key] != $val) {
					// Record has changed
					$diffrec_full['new'][$key] = $val;
					$diffrec_full['old'][$key] = @$record_old[$key];
					$diff_num++;
				} else {
					$diffrec_full['new'][$key] = $val;
					$diffrec_full['old'][$key] = $val;
				}
			}
		}

		return array('diff_num' => $diff_num, 'diff_rec' => $diffrec_full);

	}

	//** Function to fill the datalog with a full differential record.
	public function datalogSave($db_table, $action, $primary_field, $primary_id, $record_old, $record_new, $force_update = false) {
		global $app, $conf;

608
		// Check fields
Till Brehm's avatar
Till Brehm committed
609
		if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$db_table)) $app->error('Invalid table name '.$db_table);
610
		if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$primary_field)) $app->error('Invalid primary field '.$primary_field.' in table '.$db_table);
611
612
		
		$primary_id = intval($primary_id);
613

614
615
		if($force_update == true) {
			//* We force a update even if no record has changed
616
			$diffrec_full = array('new' => $record_new, 'old' => $record_old);
617
618
619
620
621
622
623
624
			$diff_num = count($record_new);
		} else {
			//* get the difference record between old and new record
			$tmp = $this->diffrec($record_old, $record_new);
			$diffrec_full = $tmp['diff_rec'];
			$diff_num = $tmp['diff_num'];
			unset($tmp);
		}
625

626
627
628
		// Insert the server_id, if the record has a server_id
		$server_id = (isset($record_old['server_id']) && $record_old['server_id'] > 0)?$record_old['server_id']:0;
		if(isset($record_new['server_id'])) $server_id = $record_new['server_id'];
629

630

631
632
633
		if($diff_num > 0) {
			//print_r($diff_num);
			//print_r($diffrec_full);
634
635
			$diffstr = serialize($diffrec_full);
			$username = $_SESSION['s']['user']['username'];
636
			$dbidx = $primary_field.':'.$primary_id;
637

638
639
640
			if($action == 'INSERT') $action = 'i';
			if($action == 'UPDATE') $action = 'u';
			if($action == 'DELETE') $action = 'd';
641
642
			$sql = "INSERT INTO sys_datalog (dbtable,dbidx,server_id,action,tstamp,user,data) VALUES (?, ?, ?, ?, ?, ?, ?)";
			$app->db->query($sql, $db_table, $dbidx, $server_id, $action, time(), $username, $diffstr);
643
		}
644

645
646
		return true;
	}
647

648
649
650
	//** Inserts a record and saves the changes into the datalog
	public function datalogInsert($tablename, $insert_data, $index_field) {
		global $app;
651
		
652
		// Check fields
Till Brehm's avatar
Till Brehm committed
653
		if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
654
		if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename);
655
		
656
		if(is_array($insert_data)) {
657
658
			$key_str = '';
			$val_str = '';
659
660
			$params = array($tablename);
			$v_params = array();
661
			foreach($insert_data as $key => $val) {
662
				$key_str .= '??,';
663
664
665
666
				$params[] = $key;
				
				$val_str .= '?,';
				$v_params[] = $val;
667
			}
668
669
			$key_str = substr($key_str, 0, -1);
			$val_str = substr($val_str, 0, -1);
670
			$insert_data_str = '('.$key_str.') VALUES ('.$val_str.')';
671
			$this->query("INSERT INTO ?? $insert_data_str", true, array_merge($params, $v_params));
672
		} else {
673
			/* TODO: deprecate this method! */
674
			$insert_data_str = $insert_data;
675
			$this->query("INSERT INTO ?? $insert_data_str", $tablename);
676
			$app->log("deprecated use of passing values to datalogInsert() - table " . $tablename, 1);
677
		}
678
		
679
680
		$old_rec = array();
		$index_value = $this->insertID();
Marius Cramer's avatar
Marius Cramer committed
681
		$new_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
682
		$this->datalogSave($tablename, 'INSERT', $index_field, $index_value, $old_rec, $new_rec);
683

684
685
		return $index_value;
	}
686

687
688
	//** Updates a record and saves the changes into the datalog
	public function datalogUpdate($tablename, $update_data, $index_field, $index_value, $force_update = false) {
689
		global $app;
690

691
		// Check fields
Till Brehm's avatar
Till Brehm committed
692
		if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
693
		if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename);
694
		
695
		$old_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
696
697

		if(is_array($update_data)) {
698
			$params = array($tablename);
699
700
			$update_data_str = '';
			foreach($update_data as $key => $val) {
701
702
703
				$update_data_str .= '?? = ?,';
				$params[] = $key;
				$params[] = $val;
704
			}
705
706
			$params[] = $index_field;
			$params[] = $index_value;
707
			$update_data_str = substr($update_data_str, 0, -1);
708
			$this->query("UPDATE ?? SET $update_data_str WHERE ?? = ?", true, $params);
709
		} else {
710
			/* TODO: deprecate this method! */
711
			$update_data_str = $update_data;
712
			$this->query("UPDATE ?? SET $update_data_str WHERE ?? = ?", $tablename, $index_field, $index_value);
713
			$app->log("deprecated use of passing values to datalogUpdate() - table " . $tablename, 1);
714
		}
715

716
		$new_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
717
		$this->datalogSave($tablename, 'UPDATE', $index_field, $index_value, $old_rec, $new_rec, $force_update);
718

719
720
		return true;
	}
721

722
723
724
	//** Deletes a record and saves the changes into the datalog
	public function datalogDelete($tablename, $index_field, $index_value) {
		global $app;
725

726
		// Check fields
Till Brehm's avatar
Till Brehm committed
727
		if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
728
		if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename);
729
		
730
731
		$old_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
		$this->query("DELETE FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
732
733
		$new_rec = array();
		$this->datalogSave($tablename, 'DELETE', $index_field, $index_value, $old_rec, $new_rec);
734

735
736
		return true;
	}
737

738
739
740
	//* get the current datalog status for the specified login (or currently logged in user)
	public function datalogStatus($login = '') {
		global $app;
741

742
743
		$return = array('count' => 0, 'entries' => array());
		if($_SESSION['s']['user']['typ'] == 'admin') return $return; // these information should not be displayed to admin users
744

745
746
747
		if($login == '' && isset($_SESSION['s']['user'])) {
			$login = $_SESSION['s']['user']['username'];
		}
748

749
		$result = $this->queryAllRecords("SELECT COUNT( * ) AS cnt, sys_datalog.action, sys_datalog.dbtable FROM sys_datalog, server WHERE server.server_id = sys_datalog.server_id AND sys_datalog.user = ? AND sys_datalog.datalog_id > server.updated GROUP BY sys_datalog.dbtable, sys_datalog.action", $login);
750
751
752
753
754
755
		foreach($result as $row) {
			if(!$row['dbtable'] || in_array($row['dbtable'], array('aps_instances', 'aps_instances_settings', 'mail_access', 'mail_content_filter'))) continue; // ignore some entries, maybe more to come
			$return['entries'][] = array('table' => $row['dbtable'], 'action' => $row['action'], 'count' => $row['cnt'], 'text' => $app->lng('datalog_status_' . $row['action'] . '_' . $row['dbtable']));
			$return['count'] += $row['cnt'];
		}
		unset($result);
756

757
758
759
760
		return $return;
	}

	/*
761
762
763
764
765
766
767
768
769
770
771
772
773
       $columns = array(action =>   add | alter | drop
       name =>     Spaltenname
       name_new => neuer Spaltenname, nur bei 'alter' belegt
       type =>     42go-Meta-Type: int16, int32, int64, double, char, varchar, text, blob
       typeValue => Wert z.B. bei Varchar
       defaultValue =>  Default Wert
       notNull =>   true | false
       autoInc =>   true | false
       option =>   unique | primary | index)


     */

774
775
	public function createTable($table_name, $columns) {
		$index = '';
776
		$sql = "CREATE TABLE ?? (";
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
		foreach($columns as $col){
			$sql .= $col['name'].' '.$this->mapType($col['type'], $col['typeValue']).' ';

			if($col['defaultValue'] != '') $sql .= "DEFAULT '".$col['defaultValue']."' ";
			if($col['notNull'] == true) {
				$sql .= 'NOT NULL ';
			} else {
				$sql .= 'NULL ';
			}
			if($col['autoInc'] == true) $sql .= 'auto_increment ';
			$sql.= ',';
			// key Definitionen
			if($col['option'] == 'primary') $index .= 'PRIMARY KEY ('.$col['name'].'),';
			if($col['option'] == 'index') $index .= 'INDEX ('.$col['name'].'),';
			if($col['option'] == 'unique') $index .= 'UNIQUE ('.$col['name'].'),';
		}
		$sql .= $index;
		$sql = substr($sql, 0, -1);
		$sql .= ')';
796
797
		/* TODO: secure parameters */
		$this->query($sql, $table_name);
798
		return true;
799
800
	}

801
	/*
802
803
804
805
806
807
808
809
810
811
812
813
       $columns = array(action =>   add | alter | drop
       name =>     Spaltenname
       name_new => neuer Spaltenname, nur bei 'alter' belegt
       type =>     42go-Meta-Type: int16, int32, int64, double, char, varchar, text, blob
       typeValue => Wert z.B. bei Varchar
       defaultValue =>  Default Wert
       notNull =>   true | false
       autoInc =>   true | false
       option =>   unique | primary | index)


     */
814
815
	public function alterTable($table_name, $columns) {
		$index = '';
816
		$sql = "ALTER TABLE ?? ";
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
		foreach($columns as $col){
			if($col['action'] == 'add') {
				$sql .= 'ADD '.$col['name'].' '.$this->mapType($col['type'], $col['typeValue']).' ';
			} elseif ($col['action'] == 'alter') {
				$sql .= 'CHANGE '.$col['name'].' '.$col['name_new'].' '.$this->mapType($col['type'], $col['typeValue']).' ';
			} elseif ($col['action'] == 'drop') {
				$sql .= 'DROP '.$col['name'].' ';
			}
			if($col['action'] != 'drop') {
				if($col['defaultValue'] != '') $sql .= "DEFAULT '".$col['defaultValue']."' ";
				if($col['notNull'] == true) {
					$sql .= 'NOT NULL ';
				} else {
					$sql .= 'NULL ';
				}
				if($col['autoInc'] == true) $sql .= 'auto_increment ';
				$sql.= ',';
				// Index definitions
				if($col['option'] == 'primary') $index .= 'PRIMARY KEY ('.$col['name'].'),';
				if($col['option'] == 'index') $index .= 'INDEX ('.$col['name'].'),';
				if($col['option'] == 'unique') $index .= 'UNIQUE ('.$col['name'].'),';
			}
		}
		$sql .= $index;
		$sql = substr($sql, 0, -1);
842
		/* TODO: secure parameters */
843
		//die($sql);
844
		$this->query($sql, $table_name);
845
846
		return true;
	}
847

848
849
	public function dropTable($table_name) {
		$this->check($table_name);
850
851
		$sql = "DROP TABLE ??";
		return $this->query($sql, $table_name);
852
	}
853

854
855
	// gibt Array mit Tabellennamen zur�ck
	public function getTables($database_name = '') {
856
		if(!is_object($this->_iConnId)) return false;
857
		if($database_name == '') $database_name = $this->dbName;
858
		$tb_names = $this->queryAllArray("SHOW TABLES FROM ??", $database_name);
859
860
		return $tb_names;
	}
861

862
863
	// gibt Feldinformationen zur Tabelle zur�ck
	/*
864
865
866
867
868
869
870
871
872
873
874
875
876
       $columns = array(action =>   add | alter | drop
       name =>     Spaltenname
       name_new => neuer Spaltenname, nur bei 'alter' belegt
       type =>     42go-Meta-Type: int16, int32, int64, double, char, varchar, text, blob
       typeValue => Wert z.B. bei Varchar
       defaultValue =>  Default Wert
       notNull =>   true | false
       autoInc =>   true | false
       option =>   unique | primary | index)


     */

877
	function tableInfo($table_name) {
878

879
880
		global $go_api, $go_info, $app;
		// Tabellenfelder einlesen
881

882
		if($rows = $app->db->queryAllRecords('SHOW FIELDS FROM ??', $table_name)){
883
884
			foreach($rows as $row) {
				/*
885
886
887
888
889
890
	  $name = $row[0];
	  $default = $row[4];
	  $key = $row[3];
	  $extra = $row[5];
	  $isnull = $row[2];
	  $type = $row[1];
891
	  */
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946

				$name = $row['Field'];
				$default = $row['Default'];
				$key = $row['Key'];
				$extra = $row['Extra'];
				$isnull = $row['Null'];
				$type = $row['Type'];


				$column = array();

				$column['name'] = $name;
				//$column['type'] = $type;
				$column['defaultValue'] = $default;
				if(stristr($key, 'PRI')) $column['option'] = 'primary';
				if(stristr($isnull, 'YES')) {
					$column['notNull'] = false;
				} else {
					$column['notNull'] = true;
				}
				if($extra == 'auto_increment') $column['autoInc'] = true;


				// Type in Metatype umsetzen

				if(stristr($type, 'int(')) $metaType = 'int32';
				if(stristr($type, 'bigint')) $metaType = 'int64';
				if(stristr($type, 'char')) {
					$metaType = 'char';
					$tmp_typeValue = explode('(', $type);
					$column['typeValue'] = substr($tmp_typeValue[1], 0, -1);
				}
				if(stristr($type, 'varchar')) {
					$metaType = 'varchar';
					$tmp_typeValue = explode('(', $type);
					$column['typeValue'] = substr($tmp_typeValue[1], 0, -1);
				}
				if(stristr($type, 'text')) $metaType = 'text';
				if(stristr($type, 'double')) $metaType = 'double';
				if(stristr($type, 'blob')) $metaType = 'blob';


				$column['type'] = $metaType;

				$columns[] = $column;
			}
			return $columns;
		} else {
			return false;
		}


		//$this->createTable('tester',$columns);

		/*
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
	 $result = mysql_list_fields($go_info["server"]["db_name"],$table_name);
	 $fields = mysql_num_fields ($result);
	 $i = 0;
	 $table = mysql_field_table ($result, $i);
	 while ($i < $fields) {
	 $name  = mysql_field_name  ($result, $i);
	 $type  = mysql_field_type  ($result, $i);
	 $len   = mysql_field_len   ($result, $i);
	 $flags = mysql_field_flags ($result, $i);
	 print_r($flags);

	 $columns = array(name => $name,
	 type =>     "",
	 defaultValue =>  "",
	 isnull =>   1,
	 option =>   "");
	 $returnvar[] = $columns;

	 $i++;
	 }
       */



971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
	}

	public function mapType($metaType, $typeValue) {
		global $go_api;
		$metaType = strtolower($metaType);
		switch ($metaType) {
		case 'int16':
			return 'smallint';
			break;
		case 'int32':
			return 'int';
			break;
		case 'int64':
			return 'bigint';
			break;
		case 'double':
			return 'double';
			break;
		case 'char':
			return 'char';
			break;
		case 'varchar':
			if($typeValue < 1) die('Database failure: Lenght required for these data types.');
			return 'varchar('.$typeValue.')';
			break;
		case 'text':
			return 'text';
			break;
		case 'blob':
			return 'blob';