kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'pdo_migration' into 20160515-secu 

Conflicts:
	bureau/class/config.php
	bureau/class/db_mysql.php
	bureau/class/m_action.php
	bureau/class/m_variables.php
This commit is contained in:
Emmanuel Monbroussou 2016-05-17 15:10:37 +02:00
parent 28f09e31e1 0dc8c4c71a
commit bc5c8f7e34
6 changed files with 344 additions and 476 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
bureau/class/config.php
View File

@ -114,34 +114,24 @@ require_once($root . "/class/db_mysql.php");
require_once($root . "/class/functions.php");
require_once($root . "/class/variables.php");
// child class of the phplib parent DB class
/**
* Class for MySQL management in the bureau
*
* This class heriting from the db class of the phplib manages
* the connection to the MySQL database.
*/
class DB_system extends DB_Sql {
var $Host = null;
var $Database = null;
var $User = null;
var $Password = null;
/**
* Creator
*/
function DB_system() {
global $L_MYSQL_HOST, $L_MYSQL_DATABASE, $L_MYSQL_LOGIN, $L_MYSQL_PWD;
$this->Host = $L_MYSQL_HOST;
$this->Database = $L_MYSQL_DATABASE;
$this->User = $L_MYSQL_LOGIN;
$this->Password = $L_MYSQL_PWD;
}
}
// Classe h<>rit<69>e de la classe db de la phplib.
/**
* Class for MySQL management in the bureau
*
* This class heriting from the db class of the phplib manages
* the connection to the MySQL database.
*/
class DB_system extends DB_Sql {
function __construct() {
global $L_MYSQL_HOST,$L_MYSQL_DATABASE,$L_MYSQL_LOGIN,$L_MYSQL_PWD;
parent::__construct($L_MYSQL_DATABASE, $L_MYSQL_HOST, $L_MYSQL_LOGIN, $L_MYSQL_PWD);
}
}
$db = new DB_system();
// $db = new Sql($L_MYSQL_DATABASE, $L_MYSQL_HOST, $L_MYSQL_LOGIN, $L_MYSQL_PWD);
// https: Redirection if not calling https://!fqdn or if https is forced
if ((variable_get('force_https', '0', "This variable is set to 0 (default) if users can access the management desktop through HTTP, otherwise we force HTTPS")&&(!isset($_SERVER["HTTPS"])|| ($_SERVER["HTTPS"] != "on")))

712
bureau/class/db_mysql.php
View File

@ -1,448 +1,350 @@
<?php
/**
* Session Management for PHP3
*
* Copyright (c) 1998-2000 NetUSE AG
* Boris Erdmann, Kristian Koehntopp
*
* $Id: db_mysql.php,v 1.3 2005/03/05 16:27:30 said Exp $
* Mysql Database class
*
* François - aka fser - Serman
*
* 2014/06/24
*/
class DB_Sql {
/* public: connection parameters */
/* public: connection parameters */
private $Host;
private $Database;
private $User;
private $Password;
var $Host = "";
var $Database = "";
var $User = "";
var $Password = "";
/* public: configuration parameters */
private $Auto_Free = False; // Set to True for automatic mysql_free_result()
private $Debug = False; // Set to 1 for debugging messages.
private $Halt_On_Error = "no"; // "yes" (halt with message), "no" (ignore errors quietly), "report" (ignore errror, but spit a warning)
private $Seq_Table = "db_sequence";
/* public: configuration parameters */
var $Auto_Free = 0; ## Set to 1 for automatic mysql_free_result()
var $Debug = 0; ## Set to 1 for debugging messages.
var $Halt_On_Error = "no"; ## "yes" (halt with message), "no" (ignore errors quietly), "report" (ignore errror, but spit a warning)
var $Seq_Table = "db_sequence";
/* public: result array and current row number */
public /* FIXME */ $Record = array();
private $Row = 0;
private $num_rows;
/* public: result array and current row number */
var $Record = array();
var $Row;
var $num_rows;
/* public: current error number and error text */
private $Errno;
private $Error;
/* public: current error number and error text */
var $Errno = 0;
var $Error = "";
/* public: this is an api revision, not a CVS revision. */
var $type = "mysql";
var $revision = "1.2";
/* private: link and query handles */
private $Query_String;
/* private: link and query handles */
var $Link_ID = 0;
var $Query_ID = 0;
var $Query_String = "";
/* PDO related variables */
private $pdo_instance = NULL;
private $pdo_query = NULL;
/**
* Constructor
*/
function DB_Sql($query = "") {
$this->query($query);
/**
* Constructor
*/
function __construct($db, $host, $user, $passwd) {
$dsn = sprintf('mysql:dbname=%s;host=%s', $db, $host);
try {
$this->pdo_instance = new PDO($dsn, $user, $passwd);
} catch (PDOException $e) {
echo "Mysql", "PDO instance", $e->getMessage();
return FALSE;
}
}
/**
* function for MySQL database connection management
*
* This function manages the connection to the MySQL database.
*
* @param $Database name of the database
* @param $Host DNS of the MySQL hosting server
* @param $User the user's name
* @param $Password the user's password
*
* @return the class variable $Link_ID
*/
function connect($Database = "", $Host = "", $User = "", $Password = "") {
global $err;
$this->halt('Mysql::connect() : This function should no longer be used');
/* Handle defaults */
if ("" == $Database)
$Database = $this->Database;
if ("" == $Host)
$Host = $this->Host;
if ("" == $User)
$User = $this->User;
if ("" == $Password)
$Password = $this->Password;
if (!$this->pdo_instance) {
$dsn = sprintf('mysql:dbname=%s;host=%s', $Database, $Host);
try {
$this->pdo_instance = new PDO($dsn, $User, $Password);
} catch (PDOException $e) {
$this->halt("Mysql::PDO_instance" . $e->getMessage());
return FALSE;
}
}
return True;
}
/**
* Discard the query result
*
* This function discards the last query result.
*/
function free() {
$this->pdo_query->closeCursor();
}
function is_connected() {
return $this->pdo_instance != FALSE;
}
function last_error() {
return $this->Error;
}
/**
* Perform a query
*
* This function performs the MySQL query described in the string parameter
*
* @param a string describing the MySQL query
* @param arguments is an optionnal array for future use with PDO parametrized requests
* @return the $Query_ID class variable (null if fails)
*/
function query($Query_String, $arguments = False) {
global $debug_alternc;
if (empty($Query_String) || !$this->is_connected())
return FALSE;
$this->Query_String = $Query_String;
if ($this->Debug)
printf("Debug: query = %s<br />\n", $Query_String);
$debug_chrono_start = microtime(true);
$this->pdo_query = $this->pdo_instance->prepare($this->Query_String);
$exec_state = ($arguments) ? $this->pdo_query->execute($arguments)
: $this->pdo_query->execute();
$debug_chrono_start = (microtime(true) - $debug_chrono_start)*1000;
$this->Row = 0;
if ($exec_state == FALSE) {
$this->Errno = $this->pdo_query->errorCode();
$this->Error = $this->pdo_query->errorInfo();
if( defined("THROW_EXCEPTIONS") && THROW_EXCEPTIONS ){
throw new \Exception("Mysql query failed : $this->Error");
}
$this->halt("SQL Error: ".$Query_String);
return FALSE;
}
if (isset($debug_alternc)) {
$debug_alternc->add("SQL Query : (".substr($debug_chrono_start,0,5)." ms)\t $Query_String");
$debug_alternc->nb_sql_query++;
$debug_alternc->tps_sql_query += $debug_chrono_start;
}
return TRUE;
}
/**
* walk result set
*
* This function tests if a new record is available in the current
* query result.
*
* @return TRUE if a new record is available
*/
function next_record() {
if (!$this->pdo_query) {
$this->halt("next_record called with no query pending.");
return FALSE;
}
$this->Record = $this->pdo_query->fetch(PDO::FETCH_BOTH);
$this->Row++;
$this->Errno = $this->pdo_query->errorCode();
$this->Error = $this->pdo_query->errorInfo();
if ($this->Record == FALSE) {
if ($this->Auto_Free)
$this->free();
return FALSE;
}
/**
* @return resource class variable Link_ID
*/
function link_id() {
return $this->Link_ID;
}
return TRUE;
}
/**
* @return integer class variable Query_ID
*/
function query_id() {
return $this->Query_ID;
}
/**
* function for MySQL database connection management
*
* This function manages the connection to the MySQL database.
*
* @param $Database name of the database
* @param $Host DNS of the MySQL hosting server
* @param $User the user's name
* @param $Password the user's password
*
* @return the class variable $Link_ID
*/
function connect($Database = "", $Host = "", $User = "", $Password = "") {
/* Handle defaults */
if ("" == $Database) {
$Database = $this->Database;
}
if ("" == $Host) {
$Host = $this->Host;
}
if ("" == $User) {
$User = $this->User;
}
if ("" == $Password) {
$Password = $this->Password;
/* public: table locking */
function lock($table, $mode="write") {
if (!$this->is_connected())
return FALSE;
$query="lock tables ";
if (is_array($table)) {
while (list($key,$value)=each($table)) {
if ($key=="read" && $key!=0) {
$query.="$value read, ";
} else {
$query.="$value $mode, ";
}
}
$query=substr($query,0,-2);
} else {
$query.="$table $mode";
}
/* establish connection, select database */
if (0 == $this->Link_ID) {
if (!$this->query($query)) {
$this->halt("lock($table, $mode) failed.");
return FALSE;
}
$this->Link_ID = mysql_pconnect($Host, $User, $Password);
if (!$this->Link_ID) {
$this->halt("pconnect($Host, $User, \$Password) failed.");
return 0;
}
return TRUE;
if (!@mysql_select_db($Database, $this->Link_ID)) {
$this->halt("cannot use database " . $this->Database);
return 0;
}
}
}
function unlock() {
if (!$this->is_connected())
return FALSE;
//persistent connection don't conserve database selection
//if needed do a correct database selection
$db_connected = @mysql_fetch_array(@mysql_query("SELECT DATABASE();", $this->Link_ID));
if ($db_connected[0] != $this->Database)
mysql_select_db($Database, $this->Link_ID);
if (!$this->query('unlock tables')) {
$this->halt("unlock() failed.");
return FALSE;
}
}
return $this->Link_ID;
}
/**
* Discard the query result
*
* This function discards the last query result.
*/
function free() {
@mysql_free_result($this->Query_ID);
$this->Query_ID = 0;
}
/* public: evaluate the result (size, width) */
function affected_rows() {
return $this->pdo_query->rowCount();
}
/**
* Perform a query
*
* This function performs the MySQL query described in the string parameter
*
* @param a string describing the MySQL query
* @return the $Query_ID class variable (null if fails)
*/
function query($Query_String) {
global $debug_alternc;
function num_rows() {
return $this->pdo_query->rowCount();
}
/* No empty queries, please, since PHP4 chokes on them. */
if ($Query_String == "") {
/* The empty query string is passed on from the constructor,
* when calling the class without a query, e.g. in situations
* like these: '$db = new DB_Sql_Subclass;'
*/
return 0;
}
function num_fields() {
return $this->pdo_query->columnCount();
}
if (!$this->connect()) {
return 0; /* we already complained in connect() about that. */
}
/* public: shorthand notation */
function nf() {
return $this->num_rows();
}
# New query, discard previous result.
if ($this->Query_ID) {
$this->free();
$this->Query_String = $Query_String;
}
function np() {
print $this->num_rows();
}
if ($this->Debug) {
printf("Debug: query = %s<br />\n", $Query_String);
}
/**
* @param string $Name
* @return integer
*/
function f($Name) {
if (isset($this->Record[$Name]))
return $this->Record[$Name];
else
return false;
}
$debug_chrono_start = microtime(true);
$this->Query_ID = @mysql_query($Query_String, $this->Link_ID);
$debug_chrono_start = (microtime(true) - $debug_chrono_start) * 1000;
$this->Row = 0;
$this->Errno = mysql_errno();
$this->Error = mysql_error();
if (0 != $this->Errno) {
if (defined("THROW_EXCEPTIONS") && THROW_EXCEPTIONS) {
throw new \Exception("Mysql query failed : $this->Error");
}
$this->halt("SQL Error: " . $Query_String);
return FALSE;
}
if (!$this->Query_ID) {
$this->halt("Invalid SQL: " . $Query_String);
}
function current_record() {
return $this->Record;
}
if (isset($debug_alternc)) {
$debug_alternc->add("SQL Query : (" . substr($debug_chrono_start, 0, 5) . " ms)\t $Query_String");
$debug_alternc->nb_sql_query++;
$debug_alternc->tps_sql_query += $debug_chrono_start;
}
function p($Name) {
print $this->Record[$Name];
}
# Will return nada if it fails. That's fine.
return $this->Query_ID;
}
function lastid() {
return $this->pdo_instance->lastInsertId();
}
/**
* walk result set
*
* This function tests if a new record is available in the current
* query result.
*
* @return TRUE if a new record is available
*/
function next_record() {
if (!$this->Query_ID) {
$this->halt("next_record called with no query pending.");
return 0;
}
/* public: sequence numbers */
function nextid($seq_name) {
if (!$this->is_connected())
return FALSE;
$this->Record = @mysql_fetch_array($this->Query_ID);
$this->Row += 1;
$this->Errno = mysql_errno();
$this->Error = mysql_error();
$stat = is_array($this->Record);
if (!$stat && $this->Auto_Free) {
$this->free();
}
return $stat;
}
/**
*
* public: position in result set
*/
function seek($pos = 0) {
$status = @mysql_data_seek($this->Query_ID, $pos);
if ($status) {
$this->Row = $pos;
if ($this->lock($this->Seq_Table)) {
/* get sequence number (locked) and increment */
$q = sprintf("select nextid from %s where seq_name = '%s'",
$this->Seq_Table,
$seq_name);
$this->query($q);
$this->next_record();
$id = $this->f('nextid');
/* No current value, make one */
if (!$id) {
$currentid = 0;
$q = sprintf("insert into %s values('%s', %s)",
$this->Seq_Table,
$seq_name,
$currentid);
$this->query($q);
} else {
$this->halt("seek($pos) failed: result has " . $this->num_rows() . " rows");
/* half assed attempt to save the day,
* but do not consider this documented or even
* desireable behaviour.
*/
@mysql_data_seek($this->Query_ID, $this->num_rows());
$this->Row = $this->num_rows;
return 0;
$currentid = $id;
}
$nextid = $currentid + 1;
$q = sprintf("update %s set nextid = '%s' where seq_name = '%s'",
$this->Seq_Table,
$nextid,
$seq_name);
$this->query($q);
$this->unlock();
} else {
$this->halt("cannot lock ".$this->Seq_Table." - has it been created?");
return FALSE;
}
return $nextid;
}
return 1;
}
/* public: return table metadata */
function metadata($table='',$full=false) {
global $err;
$err->raise('Mysql', 'function is no longer implemented (metadata())');
return FALSE;
}
/** public: table locking */
function lock($table, $mode = "write") {
$this->connect();
/* private: error handling */
function halt($msg) {
if ($this->Halt_On_Error == "no")
return;
$query = "lock tables ";
if (is_array($table)) {
while (list($key, $value) = each($table)) {
if ($key == "read" && $key != 0) {
$query.="$value read, ";
} else {
$query.="$value $mode, ";
}
}
$query = substr($query, 0, -2);
} else {
$query.="$table $mode";
}
$res = @mysql_query($query, $this->Link_ID);
if (!$res) {
$this->halt("lock($table, $mode) failed.");
return 0;
}
return $res;
}
$this->haltmsg($msg);
function unlock() {
$this->connect();
if ($this->Halt_On_Error != "report")
die("Session halted.");
}
$res = @mysql_query("unlock tables", $this->Link_ID);
if (!$res) {
$this->halt("unlock() failed.");
return 0;
}
return $res;
}
function haltmsg($msg) {
printf("</td></tr></table><b>Database error:</b> %s<br />\n", $msg);
printf("<b>MySQL Error</b>: %s (%s)<br />\n",
$this->Errno,
implode("\n", $this->Error));
}
/** public: evaluate the result (size, width) */
function affected_rows() {
return @mysql_affected_rows($this->Link_ID);
}
function num_rows() {
return @mysql_num_rows($this->Query_ID);
}
function num_fields() {
return @mysql_num_fields($this->Query_ID);
}
/** public: shorthand notation */
function nf() {
return $this->num_rows();
}
function np() {
print $this->num_rows();
}
/**
* @param string $Name
* @return integer
*/
function f($Name) {
if (isset($this->Record[$Name]))
return $this->Record[$Name];
else
return false;
}
function p($Name) {
print $this->Record[$Name];
}
function lastid() {
return @mysql_insert_id($this->Link_ID);
}
/** public: sequence numbers */
function nextid($seq_name) {
$this->connect();
if ($this->lock($this->Seq_Table)) {
/* get sequence number (locked) and increment */
$q = sprintf("select nextid from %s where seq_name = '%s'", $this->Seq_Table, $seq_name);
$id = @mysql_query($q, $this->Link_ID);
$res = @mysql_fetch_array($id);
/* No current value, make one */
if (!is_array($res)) {
$currentid = 0;
$q = sprintf("insert into %s values('%s', %s)", $this->Seq_Table, $seq_name, $currentid);
@mysql_query($q, $this->Link_ID);
} else {
$currentid = $res["nextid"];
}
$nextid = $currentid + 1;
$q = sprintf("update %s set nextid = '%s' where seq_name = '%s'", $this->Seq_Table, $nextid, $seq_name);
@mysql_query($q, $this->Link_ID);
$this->unlock();
} else {
$this->halt("cannot lock " . $this->Seq_Table . " - has it been created?");
return 0;
}
return $nextid;
}
/** public: return table metadata */
function metadata($table = '', $full = false) {
$res = array();
/*
* Due to compatibility problems with Table we changed the behavior
* of metadata();
* depending on $full, metadata returns the following values:
*
* - full is false (default):
* $result[]:
* [0]["table"] table name
* [0]["name"] field name
* [0]["type"] field type
* [0]["len"] field length
* [0]["flags"] field flags
*
* - full is true
* $result[]:
* ["num_fields"] number of metadata records
* [0]["table"] table name
* [0]["name"] field name
* [0]["type"] field type
* [0]["len"] field length
* [0]["flags"] field flags
* ["meta"][field name] index of field named "field name"
* The last one is used, if you have a field name, but no index.
* Test: if (isset($result['meta']['myfield'])) { ...
*/
// if no $table specified, assume that we are working with a query
// result
if ($table) {
$this->connect();
$id = @mysql_list_fields($this->Database, $table);
if (!$id)
$this->halt("Metadata query failed.");
} else {
$id = $this->Query_ID;
if (!$id)
$this->halt("No query specified.");
}
$count = @mysql_num_fields($id);
// made this IF due to performance (one if is faster than $count if's)
if (!$full) {
for ($i = 0; $i < $count; $i++) {
$res[$i]["table"] = @mysql_field_table($id, $i);
$res[$i]["name"] = @mysql_field_name($id, $i);
$res[$i]["type"] = @mysql_field_type($id, $i);
$res[$i]["len"] = @mysql_field_len($id, $i);
$res[$i]["flags"] = @mysql_field_flags($id, $i);
}
} else { // full
$res["num_fields"] = $count;
for ($i = 0; $i < $count; $i++) {
$res[$i]["table"] = @mysql_field_table($id, $i);
$res[$i]["name"] = @mysql_field_name($id, $i);
$res[$i]["type"] = @mysql_field_type($id, $i);
$res[$i]["len"] = @mysql_field_len($id, $i);
$res[$i]["flags"] = @mysql_field_flags($id, $i);
$res["meta"][$res[$i]["name"]] = $i;
}
}
// free the result only if we were called on a table
if ($table) {
@mysql_free_result($id);
}
return $res;
}
/** private: error handling */
function halt($msg) {
$this->Error = @mysql_error($this->Link_ID);
$this->Errno = @mysql_errno($this->Link_ID);
if ($this->Halt_On_Error == "no")
return;
$this->haltmsg($msg);
if ($this->Halt_On_Error != "report") {
die("Session halted.");
}
}
function haltmsg($msg) {
printf("</td></tr></table><b>Database error:</b> %s<br />\n", $msg);
printf("<b>MySQL Error</b>: %s (%s)<br />\n", $this->Errno, $this->Error);
}
function table_names() {
$this->query("SHOW TABLES");
$i = 0;
$return = array();
while ($info = mysql_fetch_row($this->Query_ID)) {
$return[$i]["table_name"] = $info[0];
$return[$i]["tablespace_name"] = $this->Database;
$return[$i]["database"] = $this->Database;
$i++;
}
return $return;
}
function table_names() {
$this->query("SHOW TABLES");
$return = array();
while ($this->next_record())
$return[] = array('table_name' => $this->p(0), 'tablespace_name' => $this->Database, 'database' => $this->Database);
return $return;
}
}
?>

42
bureau/class/m_action.php
View File

@ -196,34 +196,20 @@ class m_action {
global $db, $err;
$err->log("action", "set", $type);
$serialized = serialize($parameters);
switch ($type) {
case 'chmod':
$query = "insert into actions values ('','CHMOD','$serialized',now(),'','','$user','');";
break;
case 'create_file':
$query = "insert into actions values ('','CREATE_FILE','$serialized',now(),'','','$user','');";
break;
case 'create_dir':
$query = "insert into actions values ('','CREATE_DIR','$serialized',now(),'','','$user','');";
break;
case 'move':
$query = "insert into actions values ('','MOVE','$serialized',now(),'','','$user','');";
break;
case 'fix_user':
$query = "insert into actions values ('','FIX_USER','$serialized',now(),'','','$user','');";
break;
case 'fix_file':
$query = "insert into actions values ('','FIX_FILE','$serialized',now(),'','','$user','');";
break;
case 'fix_dir':
$query = "insert into actions values ('','FIX_DIR','$serialized',now(),'','','$user','');";
break;
case 'delete':
$query = "insert into actions values ('','DELETE','$serialized',now(),'','','$user','');";
break;
default:
return false;
}
$type = strtoupper($type);
if (in_array($type, array('CHMOD',
'CREATE_FILE',
'CREATE_DIR',
'MOVE',
'FIX_USER',
'FIX_FILE',
'FIX_DIR',
'DELETE'))) {
$query = "INSERT INTO `actions` (type, parameters, creation, user) VALUES('$type', '$serialized', now(), '$user');";
} else {
return False;
}
if (!$db->query($query)) {
$err->raise("action", _("Error setting actions"));
return false;

23
phpunit/bootstrap.php
View File

@ -1,5 +1,4 @@
<?php
// *****************************************************************************
//
// Alternc bootstrapping
@ -119,20 +118,11 @@ foreach ($mysqlConfigFile as $line) {
* This class heriting from the db class of the phplib manages
* the connection to the MySQL database.
*/
class DB_system extends DB_Sql {
var $Host,$Database,$User,$Password;
/**
* Constructor
*/
function DB_system($user,$database,$password) {
global $L_MYSQL_HOST,$L_MYSQL_DATABASE,$L_MYSQL_LOGIN,$L_MYSQL_PWD;
$this->Host = "127.0.0.1";
$this->Database = $database;
$this->User = $user;
$this->Password = $password;
}
}
class DB_system extends DB_Sql {
function __construct($database, $user, $password) {
parent::__construct($database, '127.0.0.1', $user, $password);
}
}
// Creates database from schema
// *********************************************
@ -151,8 +141,7 @@ foreach ($queryList as $exec_command) {
}
echo "*** In progress: mysql.sql imported\n";
$db = new \DB_system($user,$database,$password);
$db->connect();
$db = new \DB_system($database, $user, $password);
$cuid = 0;
$variables = new \m_variables();
$mem = new \m_mem();

2
phpunit/phpunit.xml
View File

@ -1,4 +1,4 @@
<phpunit
<phpunit backupGlobals="false"
bootstrap="bootstrap.php"
>
<testsuites>

1
phpunit/tests/bureau/class/m_actionTest.php
View File

@ -64,6 +64,7 @@ class m_actionTest extends AlterncTest {
*/
public function testDo_action() {
global $L_INOTIFY_DO_ACTION;
file_put_contents("/tmp/log_fser", "hello world from fser");
$result = $this->object->do_action();
$this->assertTrue($result);
$this->assertFileExists($L_INOTIFY_DO_ACTION);