<?php

class BDD
	{
		private $session;

		private $reponse;

		var $database;

		var $num_rows;

		var $nodb;

    	function connexion($db=NULL,$h=NULL,$u=NULL,$p=NULL)
    		{
    			if($this->session) $this->deconnexion();

    			global $var___db,$config;

    			$u = empty($u)?$var___db['mysql']['login']:$u;

    			$p = empty($p)?$var___db['mysql']['password']:$p;

    			$h = empty($h)?$var___db['mysql']['host']:$h;

    			$this->session = @mysql_connect($h,$u,$p);

    			if (!$this->session)
    				{
    					if($config['db_log']) file_log('Erreur Mysql: Connexion à la base de donnée impossible : '.mysql_error(),2);

						if(!empty($this->nodb) && function_exists($this->nodb))
							{
								call_user_func($this->nodb);
							}
						elseif(array_key_exists('no_db',$config) && function_exists($config['no_db']))
							{
								call_user_func($config['no_db']);
							}
						else die('Erreur de connexion a la base de donnee');

    					return FALSE;
    				}

    			mysql_query('SET CHARACTER SET "utf8"',$this->session);

    			$db = empty($db)?$var___db['mysql']['db']:$db;

    			$dbl = mysql_select_db($db,$this->session);
    			if($dbl) $this->database = $db;

    			$this->reponse = NULL;
				$this->num_rows = NULL;
    		}

    	function deconnexion()
    		{
    			if($this->session)
    				{
    					$var = @mysql_close($this->session);
    					$this->session = FALSE;
    					return $var;
    				}
    			else return FALSE;
    		}

    	function erreur($flag=TRUE)
    		{
    			if($this->session)
    				{
    					$var = mysql_error($this->session);
    					if($flag) echo $var;
    					return($var);
    				}
    			else return FALSE;
    		}
    	function db($db=NULL)
    		{
      			if($this->session)
    				{
    					global $var___db;
    					$db = empty($db)?$var___db['mysql']['db']:$db;

    					$var = mysql_select_db($db,$this->session);
    					if($var) $this->database = $db;
    					return $var;
    				}
    			else return FALSE;
    		}

    	function escape(&$var)
    		{
    			if($this->session)
    				{
    					$var = mysql_real_escape_string($var,$this->session);
    					return $var;
    				}
    			else return FALSE;
    		}

    	function query($q)
    		{
    			if($this->session)
    				{
    					$this->reponse = mysql_query($q,$this->session);

    					global $config;
    					if($config['db_injection'] == '1') $this->injection($q);

    					if(!$this->reponse)
    						{
    							if($config['db_log'] == '1')
    								{
    									file_log('Erreur Mysql: " '.$this->erreur(FALSE).' ", avec la requète: { '.$q.' }.',1);
    								}
    							else
    								{
    									echo("Requete à la base de donnée invalide");
    								}
    							return FALSE;
    						}

    					$this->num_rows = @mysql_num_rows($this->reponse);

    					if($this->num_rows == 0)
    						{
    							return NULL;
    						}

    					elseif($this->num_rows >= 1)
    						{
    							for($i=0; $var = mysql_fetch_assoc($this->reponse); $i++)
    								{
    									$sortie[$i] = $var;
    								}
    							return $sortie;
    						}

    					else return FALSE;
    				}
    			else return FALSE;
    		}

    	function unique_query($q)
    		{
    			if($this->session)
    				{
    					$this->reponse = mysql_query($q,$this->session);

    					global $config;
    					if($config['db_injection'] == '1') $this->injection($q);

    					if(!$this->reponse)
    						{
    							if($config['db_log'] == '1')
    								{
    									file_log('Erreur Mysql: " '.$this->erreur(FALSE).' ", avec la requète: { '.$q.' }.',1);
    								}
    							else
    								{
    									echo("Requete à la base de donnée invalide");
    								}
    							return FALSE;
    						}

    					$this->num_rows = @mysql_num_rows($this->reponse);

    					if($this->num_rows == 0 || $this->num_rows > 1)
    						{
    							return NULL;
    						}

    					elseif($this->num_rows == 1)
    						{
    							return mysql_fetch_assoc($this->reponse);
    						}

    					else return FALSE;
    				}
    			else return FALSE;
    		}

    	function affected()
    		{
    			if($this->session)
    				{
    					$affected = mysql_affected_rows($this->session);
    					if($affected >= 0)
    						{
    							return $affected;
    						}
    					else return FALSE;
    				}
    			else return FALSE;
    		}

    	/*function check($table,$cond)
    		{
    			if($this->session && !empty($this->database))
    				{
    					$hashcheck = $this->unique_query("SELECT hash FROM $table WHERE $cond");

    					if($this->num_rows != 1) return FALSE;

    					$hashcheck = $hashcheck['hash'];

    					$columns = $this->query("SHOW COLUMNS FROM $table");

    					$i = 0;
    					$j = 0;

    					foreach($columns as $key => $value)
    						{
    							if($value['Field'] == 'hash' || $value['Field'] == 'active')
    								{
    									$i++;
    								}
    							else
    								{
    									$array[$j] = $value['Field'];
    									$j++;
    								}
    						}
    					if($i != 2) return FALSE;

    					$array = implode(",", $array);

    					$var = $this->unique_query("SELECT $array FROM $table WHERE $cond");

    					if($this->num_rows == 1)
    						{

    							$var = implode('',$var);

    							$hash = hash_var($var);

    							if($hashcheck === $hash)
    								{
    									return TRUE;
    								}
    							else;
    								{
    									$this->query("UPDATE $table SET active='0' WHERE $cond");
    									return FALSE;
    								}
    						}
    					else return FALSE;
    				}
    			else return FALSE;
    		}

    	function hash($table,$cond)
    		{
    			if($this->session && !empty($this->database))
    				{
    					$columns = $this->query("SHOW COLUMNS FROM $table");

    					$i = 0;
    					$j = 0;

    					foreach($columns as $key => $value)
    						{
    							if($value['Field'] == 'hash' || $value['Field'] == 'active')
    								{
    									$i++;
    								}
    							else
    								{
    									$array[$j] = $value['Field'];
    									$j++;
    								}
    						}
    					if($i != 2) return FALSE;

    					$array = implode(",", $array);

    					$var = $this->unique_query("SELECT $array FROM $table WHERE $cond");

    					if($this->num_rows == 1)
    						{

    							$var = implode('',$var);

    							$hash = hash_var($var);

    							$r = $this->query("UPDATE $table SET active='1', hash='$hash' WHERE $cond");

    							return $this->affected();
    						}
    					else return FALSE;
    				}
    			else return FALSE;
    		}

    	function control($table)
    		{
    			if($this->session && !empty($this->database))
    				{
    				$xid = $this->query("SELECT xid FROM $table");
    				if($this->num_rows != 0)
    					{
    						foreach($xid as $key => $value)
    							{
    								$vxid = $value['xid'];
    								$var = $this->check($table,"xid = '$vxid'");
    								if(!$var) return FALSE;
    							}
    						return TRUE;
    					}
    				else return FALSE;
    				}
    			else return FALSE;
    		}*/

    	private function injection($q)
			{
				$var = preg_replace('#(\'|")(.*?)(?<!\\\\)\\1#us','',$q);

				$find = array('union',
						'\\x',
						#'0x',
						'"',
						'\'',
						'1=1',
						'char(',
						'chr(',
						'/*',
						'#',
						'--',
						'ascii(',
						'x\'',
						'%',
						'hex(');

					foreach($find as $string)
						{
							if(stripos($var,$string) !== FALSE)
								{
									file_log("injection sql possible avec la requète: { $q }",1);
									return;
								}
						}
			}
	}
?>