halo-battle/game
1
0
Fork 1
Code Issues Pull Requests Projects Releases Activity
d028822d0b
game/onyx/bdd.mysql.class.php

346 lines
7.6 KiB
PHP
Raw Blame History

<?php
class BDD
{
private $session;
private $reponse;
var $database;
var $num_rows;
var $nodb;
function connexion($db=NULL,$h=NULL,$u=NULL,$p=NULL)
{
if($this->session) $this->deconnexion();
global $var___db,$config;
$u = empty($u)?$var___db['mysql']['login']:$u;
$p = empty($p)?$var___db['mysql']['password']:$p;
$h = empty($h)?$var___db['mysql']['host']:$h;
$this->session = @mysql_connect($h,$u,$p);
if (!$this->session)
{
if($config['db_log']) file_log('Erreur Mysql: Connexion à la base de donnée impossible : '.mysql_error(),2);
if(!empty($this->nodb) && function_exists($this->nodb))
{
call_user_func($this->nodb);
}
elseif(array_key_exists('no_db',$config) && function_exists($config['no_db']))
{
call_user_func($config['no_db']);
}
else die('Erreur de connexion a la base de donnee');
return FALSE;
}
mysql_query('SET CHARACTER SET "utf8"',$this->session);
$db = empty($db)?$var___db['mysql']['db']:$db;
$dbl = mysql_select_db($db,$this->session);
if($dbl) $this->database = $db;
$this->reponse = NULL;
$this->num_rows = NULL;
}
function deconnexion()
{
if($this->session)
{
$var = @mysql_close($this->session);
$this->session = FALSE;
return $var;
}
else return FALSE;
}
function erreur($flag=TRUE)
{
if($this->session)
{
$var = mysql_error($this->session);
if($flag) echo $var;
return($var);
}
else return FALSE;
}
function db($db=NULL)
{
if($this->session)
{
global $var___db;
$db = empty($db)?$var___db['mysql']['db']:$db;
$var = mysql_select_db($db,$this->session);
if($var) $this->database = $db;
return $var;
}
else return FALSE;
}
function escape(&$var)
{
if($this->session)
{
$var = mysql_real_escape_string($var,$this->session);
return $var;
}
else return FALSE;
}
function query($q)
{
if($this->session)
{
$this->reponse = mysql_query($q,$this->session);
global $config;
if($config['db_injection'] == '1') $this->injection($q);
if(!$this->reponse)
{
if($config['db_log'] == '1')
{
file_log('Erreur Mysql: " '.$this->erreur(FALSE).' ", avec la requète: { '.$q.' }.',1);
}
else
{
echo("Requete à la base de donnée invalide");
}
return FALSE;
}
$this->num_rows = @mysql_num_rows($this->reponse);
if($this->num_rows == 0)
{
return NULL;
}
elseif($this->num_rows >= 1)
{
for($i=0; $var = mysql_fetch_assoc($this->reponse); $i++)
{
$sortie[$i] = $var;
}
return $sortie;
}
else return FALSE;
}
else return FALSE;
}
function unique_query($q)
{
if($this->session)
{
$this->reponse = mysql_query($q,$this->session);
global $config;
if($config['db_injection'] == '1') $this->injection($q);
if(!$this->reponse)
{
if($config['db_log'] == '1')
{
file_log('Erreur Mysql: " '.$this->erreur(FALSE).' ", avec la requète: { '.$q.' }.',1);
}
else
{
echo("Requete à la base de donnée invalide");
}
return FALSE;
}
$this->num_rows = @mysql_num_rows($this->reponse);
if($this->num_rows == 0 || $this->num_rows > 1)
{
return NULL;
}
elseif($this->num_rows == 1)
{
return mysql_fetch_assoc($this->reponse);
}
else return FALSE;
}
else return FALSE;
}
function affected()
{
if($this->session)
{
$affected = mysql_affected_rows($this->session);
if($affected >= 0)
{
return $affected;
}
else return FALSE;
}
else return FALSE;
}
/*function check($table,$cond)
{
if($this->session && !empty($this->database))
{
$hashcheck = $this->unique_query("SELECT hash FROM $table WHERE $cond");
if($this->num_rows != 1) return FALSE;
$hashcheck = $hashcheck['hash'];
$columns = $this->query("SHOW COLUMNS FROM $table");
$i = 0;
$j = 0;
foreach($columns as $key => $value)
{
if($value['Field'] == 'hash' || $value['Field'] == 'active')
{
$i++;
}
else
{
$array[$j] = $value['Field'];
$j++;
}
}
if($i != 2) return FALSE;
$array = implode(",", $array);
$var = $this->unique_query("SELECT $array FROM $table WHERE $cond");
if($this->num_rows == 1)
{
$var = implode('',$var);
$hash = hash_var($var);
if($hashcheck === $hash)
{
return TRUE;
}
else;
{
$this->query("UPDATE $table SET active='0' WHERE $cond");
return FALSE;
}
}
else return FALSE;
}
else return FALSE;
}
function hash($table,$cond)
{
if($this->session && !empty($this->database))
{
$columns = $this->query("SHOW COLUMNS FROM $table");
$i = 0;
$j = 0;
foreach($columns as $key => $value)
{
if($value['Field'] == 'hash' || $value['Field'] == 'active')
{
$i++;
}
else
{
$array[$j] = $value['Field'];
$j++;
}
}
if($i != 2) return FALSE;
$array = implode(",", $array);
$var = $this->unique_query("SELECT $array FROM $table WHERE $cond");
if($this->num_rows == 1)
{
$var = implode('',$var);
$hash = hash_var($var);
$r = $this->query("UPDATE $table SET active='1', hash='$hash' WHERE $cond");
return $this->affected();
}
else return FALSE;
}
else return FALSE;
}
function control($table)
{
if($this->session && !empty($this->database))
{
$xid = $this->query("SELECT xid FROM $table");
if($this->num_rows != 0)
{
foreach($xid as $key => $value)
{
$vxid = $value['xid'];
$var = $this->check($table,"xid = '$vxid'");
if(!$var) return FALSE;
}
return TRUE;
}
else return FALSE;
}
else return FALSE;
}*/
private function injection($q)
{
$var = preg_replace('#(\'|")(.*?)(?<!\\\\)\\1#us','',$q);
$find = array('union',
'\\x',
#'0x',
'"',
'\'',
'1=1',
'char(',
'chr(',
'/*',
'#',
'--',
'ascii(',
'x\'',
'%',
'hex(');
foreach($find as $string)
{
if(stripos($var,$string) !== FALSE)
{
file_log("injection sql possible avec la requète: { $q }",1);
return;
}
}
}
}
?>
Reference in New Issue View Git Blame Copy Permalink