Beispiel #1
0
 public static function request2($sqlStatement, $checkSession, $config = null, $useDbOperator = false)
 {
     if ($config === null) {
         // loads the mysql server config from file
         $config = parse_ini_file('config.ini', TRUE);
     }
     //ini_set('mysql.connect_timeout','60');
     // creates a new connection to database
     if (!isset($config['ZV']['zv_type']) || isset($config['ZV']['zv_type']) && $config['ZV']['zv_type'] == 'local') {
         $path = strpos($config['PL']['urlExtern'], $config['DB']['db_path']) === false ? $config['DB']['db_path'] : 'localhost';
     } else {
         $path = $config['DB']['db_path'];
     }
     if (!$useDbOperator) {
         $dbconn = @mysqli_connect($path, $config['DB']['db_user'], $config['DB']['db_passwd'], $config['DB']['db_name']);
     } else {
         $dbconn = @mysqli_connect($path, $config['DB']['db_user_operator'], $config['DB']['db_passwd_operator'], $config['DB']['db_name']);
     }
     if (!$dbconn) {
         $query_result['errno'] = 10;
         return $query_result;
     }
     // use UTF8
     mysqli_set_charset($dbconn, "utf8");
     $currentTime = $_SERVER['REQUEST_TIME'];
     // check session
     ///if (error_reporting() & E_NOTICE)
     $checkSession = false;
     // remove the comment this line to disable the session examination
     // Storing whether or not a session condition is not satisfied
     $sessionFail = false;
     if ($checkSession === true) {
         Logger::Log('starts session validation', LogLevel::DEBUG);
         if (isset($_SERVER['HTTP_SESSION']) && isset($_SERVER['HTTP_USER']) && isset($_SERVER['HTTP_DATE']) && ctype_digit($_SERVER['HTTP_USER']) && (int) $_SERVER['REQUEST_TIME'] <= (int) $_SERVER['HTTP_DATE'] + 45 * 60) {
             $content = mysqli_query($dbconn, 'select SE_sessionID from Session where U_id = ' . $_SERVER['HTTP_USER']);
             // evaluates the session
             $errno = mysqli_errno($dbconn);
             if ($errno == 0 && gettype($content) != 'boolean') {
                 $data = DBJson::getRows2($content);
                 if ($data != null && $data[0]['SE_sessionID'] == $_SERVER['HTTP_SESSION']) {
                     $sessionFail = false;
                 } else {
                     $sessionFail = true;
                 }
             } else {
                 $sessionFail = true;
             }
         } else {
             $sessionFail = true;
         }
     }
     // if a condition is not met, the request is invalid
     if ($sessionFail == true) {
         $query_result['content'] = '';
         $query_result['errno'] = 401;
         $query_result['error'] = 'access denied';
         $query_result['numRows'] = 0;
         mysqli_close($dbconn);
         $dbconn = null;
         return array($query_result);
     }
     // performs the request
     $answ = mysqli_multi_query($dbconn, $sqlStatement);
     $query_result = array();
     if ($answ === false) {
         $result = array();
         $result['affectedRows'] = mysqli_affected_rows($dbconn);
         $result['insertId'] = mysqli_insert_id($dbconn);
         $result['errno'] = mysqli_errno($dbconn);
         $result['error'] = mysqli_error($dbconn);
         $query_result[] = $result;
     } else {
         do {
             $result = array();
             $res = null;
             if ($res = mysqli_use_result($dbconn)) {
                 $hash = '';
                 $result['content'] = DBJson::getRows2($res, $hash);
                 $result['hash'] = $hash;
                 $result['numRows'] = count($result['content']);
                 // evaluates the request
                 $result['affectedRows'] = mysqli_affected_rows($dbconn);
                 $result['insertId'] = mysqli_insert_id($dbconn);
                 $result['errno'] = mysqli_errno($dbconn);
                 $result['error'] = mysqli_error($dbconn);
                 mysqli_free_result($res);
             } else {
                 $hash = '';
                 $result['content'] = null;
                 $result['hash'] = $hash;
                 $result['affectedRows'] = mysqli_affected_rows($dbconn);
                 $result['insertId'] = mysqli_insert_id($dbconn);
                 $result['errno'] = mysqli_errno($dbconn);
                 $result['error'] = mysqli_error($dbconn);
             }
             $query_result[] = $result;
         } while (mysqli_more_results($dbconn) && mysqli_next_result($dbconn));
     }
     // closes the connection and returns the result
     mysqli_close($dbconn);
     $dbconn = null;
     return $query_result;
 }