HB/onyx/bdd.postgresql.class.php

<?php

class BDD
	{
		private $session;

		private $reponse;

		var $database;

		var $num_rows;

		var $nodb;

    	function connexion($db=NULL,$h=NULL,$u=NULL,$p=NULL)
    		{
    			if($this->session) $this->deconnexion();

    			global $var___db,$config;

    			$u = pg_escape_string( empty($u)?$var___db['postgresql']['login']:$u );

    			$p = pg_escape_string( empty($p)?$var___db['postgresql']['password']:$p );

    			$h = pg_escape_string( empty($h)?$var___db['postgresql']['host']:$h );

    			$db = pg_escape_string( empty($db)?$var___db['postgresql']['db']:$db );

    			$this->session = @pg_connect("host='$h' port=5432 dbname='$db' user='$u' password='$p'");

    			if (!$this->session)
    				{
    					if($config['db_log']) file_log('Erreur PostgreSQL: Connexion à la base de donnée impossible.',2);

						if(!empty($this->nodb) && function_exists($this->nodb))
							{
								call_user_func($this->nodb);
							}
						elseif(array_key_exists('no_db',$config) && function_exists($config['no_db']))
							{
								call_user_func($config['no_db']);
							}
						else die('Erreur de connexion a la base de donnee');

    					return FALSE;
    				}

    			pg_setclientencoding($this->session,'UTF8');

			$this->reponse = NULL;
			$this->num_rows = NULL;
    			$this->database = $db;
    		}

    	function deconnexion()
    		{
    			if($this->session)
    				{
    					$var = @pg_close($this->session);
    					$this->session = FALSE;
    					return $var;
    				}
    			else return FALSE;
    		}

    	function erreur($flag=TRUE)
    		{
    			if($this->session)
    				{
    					$var = pg_last_error($this->session);
    					if($flag) echo $var;
    					return($var);
    				}
    			else return FALSE;
    		}
    	function db($db=NULL)
    		{
      			if($this->session)
    				{
    					global $var___db;
    					$db = pg_escape_string( empty($db)?$var___db['postgresql']['db']:$db );

    					$var = pg_query("\\connect $db");
    					if($var) $this->database = $db;
    					return $var;
    				}
    			else return FALSE;
    		}

    	function escape(&$var)
    		{
    			if($this->session)
    				{
    					$var = pg_escape_string($this->session,$var);
    					return $var;
    				}
    			else return FALSE;
    		}

    	function query($q)
    		{
    			if($this->session)
    				{
    					$this->reponse = pg_query($this->session,$q);

    					global $config;
    					if($config['db_injection'] == '1') $this->injection($q);

    					if(!$this->reponse)
    						{
    							if($config['db_log'] == '1')
    								{
    									file_log('Erreur PostgreSQL: " '.$this->erreur(FALSE).' ", avec la requète: { '.$q.' }.',1);
    								}
    							else
    								{
    									echo("Requete à la base de donnée invalide");
    								}
    							return FALSE;
    						}

    					$this->num_rows = @pg_num_rows($this->reponse);

    					if($this->num_rows == 0)
    						{
    							return NULL;
    						}

    					elseif($this->num_rows >= 1)
    						{
    							for($i=0; $var = pg_fetch_assoc($this->reponse); $i++)
    								{
    									$sortie[$i] = $var;
    								}
    							return $sortie;
    						}

    					else return FALSE;
    				}
    			else return FALSE;
    		}

    	function unique_query($q)
    		{
    			if($this->session)
    				{
    					$this->reponse = pg_query($this->session,$q);

    					global $config;
    					if($config['db_injection'] == '1') $this->injection($q);

    					if(!$this->reponse)
    						{
    							if($config['db_log'] == '1')
    								{
    									file_log('Erreur PostgreSQL: " '.$this->erreur(FALSE).' ", avec la requète: { '.$q.' }.',1);
    								}
    							else
    								{
    									echo("Requete à la base de donnée invalide");
    								}
    							return FALSE;
    						}

    					$this->num_rows = @pg_num_rows($this->reponse);

    					if($this->num_rows == 0 || $this->num_rows > 1)
    						{
    							return NULL;
    						}

    					elseif($this->num_rows == 1)
    						{
    							return pg_fetch_assoc($this->reponse);
    						}

    					else return FALSE;
    				}
    			else return FALSE;
    		}

    	function affected()
    		{
    			if($this->session)
    				{
    					$affected = pg_affected_rows($this->session);
    					if($affected >= 0)
    						{
    							return $affected;
    						}
    					else return FALSE;
    				}
    			else return FALSE;
    		}

    	private function injection($q)
			{
				$var = preg_replace('#(\'|")(.*?)(?<!\\\\)\\1#us','',$q);

				$find = array('union',
						'\\x',
						#'0x',
						'"',
						'\'',
						'1=1',
						'char(',
						'chr(',
						'/*',
						'#',
						'--',
						'ascii(',
						'x\'',
						'%',
						'hex(');

					foreach($find as $string)
						{
							if(stripos($var,$string) !== FALSE)
								{
									file_log("injection sql possible avec la requète: { $q }",1);
									return;
								}
						}
			}
	}
?>
Version 1.0a 2008-11-17 11:00:00 +00:00			`<?php`

Version 1.9a 2008-09-20 10:00:00 +00:00			`class BDD`
Version 1.0a 2008-11-17 11:00:00 +00:00			`{`
			`private $session;`
Version 1.7i 2008-11-16 11:00:00 +00:00
Version 1.0a 2008-11-17 11:00:00 +00:00			`private $reponse;`
Version 1.7i 2008-11-16 11:00:00 +00:00
Version 1.0a 2008-11-17 11:00:00 +00:00			`var $database;`
Version 1.7i 2008-11-16 11:00:00 +00:00
Version 1.0a 2008-11-17 11:00:00 +00:00			`var $num_rows;`
Version 1.7i 2008-11-16 11:00:00 +00:00
Version 1.7b 2008-11-04 11:00:00 +00:00			`var $nodb;`
Version 1.0a 2008-11-17 11:00:00 +00:00
Version 1.7b 2008-11-04 11:00:00 +00:00			`function connexion($db=NULL,$h=NULL,$u=NULL,$p=NULL)`
Version 1.0a 2008-11-17 11:00:00 +00:00			`{`
Version 1.9a 2008-09-20 10:00:00 +00:00			`if($this->session) $this->deconnexion();`
Version 1.7i 2008-11-16 11:00:00 +00:00
Version 1.7b 2008-11-04 11:00:00 +00:00			`global $var___db,$config;`
Version 1.7i 2008-11-16 11:00:00 +00:00
Version 1.9a 2008-09-20 10:00:00 +00:00			`$u = pg_escape_string( empty($u)?$var___db['postgresql']['login']:$u );`
Version 1.7i 2008-11-16 11:00:00 +00:00
Version 1.9a 2008-09-20 10:00:00 +00:00			`$p = pg_escape_string( empty($p)?$var___db['postgresql']['password']:$p );`
Version 1.7i 2008-11-16 11:00:00 +00:00
Version 1.9a 2008-09-20 10:00:00 +00:00			`$h = pg_escape_string( empty($h)?$var___db['postgresql']['host']:$h );`
Version 1.7i 2008-11-16 11:00:00 +00:00
Version 1.9a 2008-09-20 10:00:00 +00:00			`$db = pg_escape_string( empty($db)?$var___db['postgresql']['db']:$db );`
Version 1.7i 2008-11-16 11:00:00 +00:00
Version 1.9a 2008-09-20 10:00:00 +00:00			`$this->session = @pg_connect("host='$h' port=5432 dbname='$db' user='$u' password='$p'");`
Version 1.7i 2008-11-16 11:00:00 +00:00
Version 1.0a 2008-11-17 11:00:00 +00:00			`if (!$this->session)`
			`{`
Version 1.9a 2008-09-20 10:00:00 +00:00			`if($config['db_log']) file_log('Erreur PostgreSQL: Connexion à la base de donnée impossible.',2);`
Version 1.7i 2008-11-16 11:00:00 +00:00
			`if(!empty($this->nodb) && function_exists($this->nodb))`
			`{`
			`call_user_func($this->nodb);`
			`}`
			`elseif(array_key_exists('no_db',$config) && function_exists($config['no_db']))`
			`{`
			`call_user_func($config['no_db']);`
			`}`
			`else die('Erreur de connexion a la base de donnee');`

Version 1.7b 2008-11-04 11:00:00 +00:00			`return FALSE;`
Version 1.0a 2008-11-17 11:00:00 +00:00			`}`
Version 1.9a 2008-09-20 10:00:00 +00:00
			`pg_setclientencoding($this->session,'UTF8');`

			`$this->reponse = NULL;`
			`$this->num_rows = NULL;`
			`$this->database = $db;`
Version 1.0a 2008-11-17 11:00:00 +00:00			`}`
Version 1.7i 2008-11-16 11:00:00 +00:00
Version 1.0a 2008-11-17 11:00:00 +00:00			`function deconnexion()`
			`{`
			`if($this->session)`
			`{`
Version 1.7i 2008-11-16 11:00:00 +00:00			`$var = @pg_close($this->session);`
Version 1.0a 2008-11-17 11:00:00 +00:00			`$this->session = FALSE;`
			`return $var;`
			`}`
			`else return FALSE;`
			`}`
Version 1.7i 2008-11-16 11:00:00 +00:00
Version 1.0a 2008-11-17 11:00:00 +00:00			`function erreur($flag=TRUE)`
			`{`
			`if($this->session)`
			`{`
Version 1.9a 2008-09-20 10:00:00 +00:00			`$var = pg_last_error($this->session);`
Version 1.0a 2008-11-17 11:00:00 +00:00			`if($flag) echo $var;`
Version 1.7b 2008-11-04 11:00:00 +00:00			`return($var);`
Version 1.0a 2008-11-17 11:00:00 +00:00			`}`
			`else return FALSE;`
			`}`
			`function db($db=NULL)`
			`{`
			`if($this->session)`
			`{`
Version 1.7b 2008-11-04 11:00:00 +00:00			`global $var___db;`
Version 1.9a 2008-09-20 10:00:00 +00:00			`$db = pg_escape_string( empty($db)?$var___db['postgresql']['db']:$db );`
Version 1.7i 2008-11-16 11:00:00 +00:00
Version 1.9a 2008-09-20 10:00:00 +00:00			`$var = pg_query("\\connect $db");`
Version 1.0a 2008-11-17 11:00:00 +00:00			`if($var) $this->database = $db;`
			`return $var;`
			`}`
			`else return FALSE;`
			`}`
Version 1.7i 2008-11-16 11:00:00 +00:00
Version 1.0a 2008-11-17 11:00:00 +00:00			`function escape(&$var)`
			`{`
			`if($this->session)`
			`{`
Version 1.7i 2008-11-16 11:00:00 +00:00			`$var = pg_escape_string($this->session,$var);`
Version 1.9a 2008-09-20 10:00:00 +00:00			`return $var;`
Version 1.0a 2008-11-17 11:00:00 +00:00			`}`
			`else return FALSE;`
			`}`
Version 1.7i 2008-11-16 11:00:00 +00:00
Version 1.0a 2008-11-17 11:00:00 +00:00			`function query($q)`
			`{`
			`if($this->session)`
			`{`
Version 1.7i 2008-11-16 11:00:00 +00:00			`$this->reponse = pg_query($this->session,$q);`

Version 1.7b 2008-11-04 11:00:00 +00:00			`global $config;`
Version 1.7i 2008-11-16 11:00:00 +00:00			`if($config['db_injection'] == '1') $this->injection($q);`

Version 1.0a 2008-11-17 11:00:00 +00:00			`if(!$this->reponse)`
			`{`
Version 1.7b 2008-11-04 11:00:00 +00:00			`if($config['db_log'] == '1')`
			`{`
Version 1.9a 2008-09-20 10:00:00 +00:00			`file_log('Erreur PostgreSQL: " '.$this->erreur(FALSE).' ", avec la requète: { '.$q.' }.',1);`
Version 1.7b 2008-11-04 11:00:00 +00:00			`}`
			`else`
			`{`
			`echo("Requete à la base de donnée invalide");`
			`}`
Version 1.0a 2008-11-17 11:00:00 +00:00			`return FALSE;`
			`}`
Version 1.7i 2008-11-16 11:00:00 +00:00
			`$this->num_rows = @pg_num_rows($this->reponse);`

Version 1.0a 2008-11-17 11:00:00 +00:00			`if($this->num_rows == 0)`
			`{`
			`return NULL;`
			`}`
Version 1.7i 2008-11-16 11:00:00 +00:00
Version 1.0a 2008-11-17 11:00:00 +00:00			`elseif($this->num_rows >= 1)`
			`{`
Version 1.7i 2008-11-16 11:00:00 +00:00			`for($i=0; $var = pg_fetch_assoc($this->reponse); $i++)`
Version 1.0a 2008-11-17 11:00:00 +00:00			`{`
			`$sortie[$i] = $var;`
			`}`
			`return $sortie;`
			`}`
Version 1.7i 2008-11-16 11:00:00 +00:00
Version 1.0a 2008-11-17 11:00:00 +00:00			`else return FALSE;`
			`}`
			`else return FALSE;`
			`}`
Version 1.7i 2008-11-16 11:00:00 +00:00
Version 1.0a 2008-11-17 11:00:00 +00:00			`function unique_query($q)`
			`{`
			`if($this->session)`
			`{`
Version 1.7i 2008-11-16 11:00:00 +00:00			`$this->reponse = pg_query($this->session,$q);`

Version 1.7b 2008-11-04 11:00:00 +00:00			`global $config;`
Version 1.7i 2008-11-16 11:00:00 +00:00			`if($config['db_injection'] == '1') $this->injection($q);`

Version 1.0a 2008-11-17 11:00:00 +00:00			`if(!$this->reponse)`
			`{`
Version 1.7b 2008-11-04 11:00:00 +00:00			`if($config['db_log'] == '1')`
			`{`
Version 1.9a 2008-09-20 10:00:00 +00:00			`file_log('Erreur PostgreSQL: " '.$this->erreur(FALSE).' ", avec la requète: { '.$q.' }.',1);`
Version 1.7b 2008-11-04 11:00:00 +00:00			`}`
			`else`
			`{`
			`echo("Requete à la base de donnée invalide");`
			`}`
Version 1.0a 2008-11-17 11:00:00 +00:00			`return FALSE;`
			`}`
Version 1.7i 2008-11-16 11:00:00 +00:00
			`$this->num_rows = @pg_num_rows($this->reponse);`

Version 1.0a 2008-11-17 11:00:00 +00:00			`if($this->num_rows == 0 \|\| $this->num_rows > 1)`
			`{`
			`return NULL;`
			`}`
Version 1.7i 2008-11-16 11:00:00 +00:00
Version 1.0a 2008-11-17 11:00:00 +00:00			`elseif($this->num_rows == 1)`
			`{`
Version 1.7i 2008-11-16 11:00:00 +00:00			`return pg_fetch_assoc($this->reponse);`
Version 1.0a 2008-11-17 11:00:00 +00:00			`}`
Version 1.7i 2008-11-16 11:00:00 +00:00
Version 1.0a 2008-11-17 11:00:00 +00:00			`else return FALSE;`
			`}`
			`else return FALSE;`
			`}`
Version 1.7i 2008-11-16 11:00:00 +00:00
Version 1.0a 2008-11-17 11:00:00 +00:00			`function affected()`
			`{`
			`if($this->session)`
			`{`
Version 1.9a 2008-09-20 10:00:00 +00:00			`$affected = pg_affected_rows($this->session);`
			`if($affected >= 0)`
Version 1.0a 2008-11-17 11:00:00 +00:00			`{`
			`return $affected;`
			`}`
			`else return FALSE;`
			`}`
			`else return FALSE;`
			`}`
Version 1.7i 2008-11-16 11:00:00 +00:00
Version 1.9a 2008-09-20 10:00:00 +00:00			`private function injection($q)`
Version 1.7i 2008-11-16 11:00:00 +00:00			`{`
			`$var = preg_replace('#(\'\|")(.*?)(?<!\\\\)\\1#us','',$q);`

			`$find = array('union',`
			`'\\x',`
Version 1.9a 2008-09-20 10:00:00 +00:00			`#'0x',`
Version 1.7i 2008-11-16 11:00:00 +00:00			`'"',`
			`'\'',`
			`'1=1',`
			`'char(',`
			`'chr(',`
			`'/*',`
			`'#',`
			`'--',`
			`'ascii(',`
			`'x\'',`
			`'%',`
			`'hex(');`

			`foreach($find as $string)`
			`{`
			`if(stripos($var,$string) !== FALSE)`
			`{`
			`file_log("injection sql possible avec la requète: { $q }",1);`
			`return;`
			`}`
			`}`
			`}`
Version 1.0a 2008-11-17 11:00:00 +00:00			`}`
			`?>`