/**
* @return string
* @param MySqlConnection $conn
* @param string $s_text
* @param bool $allow_html
* @desc Protect and quote string going into the db from SQL injection attacks. Assumes Magic Quotes are not in use.
*/
public static function ProtectString(MySqlConnection $conn, $s_text, $allow_html = true)
{
# no need for htmlspecialchars() because htmlentities() is applied to all data coming in
if (!$allow_html) {
$s_text = strip_tags($s_text);
}
return "'" . $conn->EscapeString($s_text) . "'";
}
/**
* Updates the index by running first queued deletions, then queued additions
*/
public function CommitChanges()
{
foreach ($this->delete_queue as $sql) {
$this->connection->query($sql);
}
foreach ($this->index_queue as $sql) {
$this->connection->query($sql);
}
}
public static function getInstance()
{
if (is_null(self::$instance)) {
self::$instance = new MYSQLConnection();
}
return self::$instance;
}
public function __construct($server, $username, $password, $database)
{
if (!$this->is_connected()) {
MySqlConnection::$db = mysql_pconnect($server, $username, $password);
mysql_select_db($database, MySqlConnection::$db);
}
return MySqlConnection::$db;
}
/**
* Gets the id of a user using an up-to-date auto-sign-in cookie if one is found
* @return int User id if the cookie is found, null otherwise
*/
public function TryAutoSignIn()
{
if (isset($_COOKIE['user']) and is_string($_COOKIE['user']) and $_COOKIE['user']) {
$cookie = $this->ParseAutoSignInCookie($_COOKIE['user']);
# Don't assume 'user' cookie was set by this site. Could be hacker value.
if (isset($cookie['device']) and $cookie['device'] and isset($cookie['token']) and $cookie['token']) {
$sql = "SELECT COUNT(user_id) AS total, user_id FROM nsa_auto_sign_in \r\n WHERE device = " . Sql::ProtectNumeric($cookie['device']) . " \r\n AND token = " . Sql::ProtectString($this->connection, $cookie['token']) . "\r\n AND expires >= " . gmdate('U');
$result = $this->connection->query($sql);
$row = $result->fetch();
if ($row and $row->total == 1) {
return (int) $row->user_id;
}
}
}
return null;
}
<?php
if (extension_loaded("mbstring")) {
$acceptCharsetHeader = "Accept-Charset: " . mb_internal_encoding();
header($acceptCharsetHeader);
$head = "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . mb_http_output() . "'></head>";
echo $head;
}
// Build connection object
//if ($connType == "MYSQL")
if ($_POST['Type'] == "MYSQL") {
require "./mysql.php";
$oConn = new MySqlConnection($_POST['ConnectionString'], $_POST['Timeout'], $_POST['Host'], $_POST['Database'], $_POST['UserName'], $_POST['Password']);
}
// Process opCode
if ($oConn) {
$oConn->Open();
if ($_POST['opCode'] == "IsOpen") {
echo $oConn->TestOpen();
} elseif ($oConn->connectionId && $oConn->isOpen) {
if ($_POST['opCode'] == "GetTables") {
echo $oConn->GetTables();
} elseif ($_POST['opCode'] == "GetColsOfTable") {
echo $oConn->GetColumnsOfTable($_POST['TableName']);
} elseif ($_POST['opCode'] == "ExecuteSQL") {
echo $oConn->ExecuteSQL($_POST['SQL'], $_POST['MaxRows']);
} elseif ($_POST['opCode'] == "GetODBCDSNs") {
echo $oConn->GetDatabaseList();
} elseif ($_POST['opCode'] == "SupportsProcedure") {
echo $oConn->SupportsProcedure();
} elseif ($_POST['opCode'] == "GetProviderTypes") {
ini_set("display_errors", "off");
ini_set("html_errors", "off");
ini_set("log_errors", "on");
ini_set("ignore_repeated_errors", "off");
ini_set("ignore_repeated_source", "off");
ini_set("report_memleaks", "on");
ini_set("track_errors", "on");
ini_set("docref_root", "0");
ini_set("docref_ext", "0");
ini_set("error_reporting", "-1");
ini_set("log_errors_max_len", "0");
ini_set("error_log", $_SERVER['DOCUMENT_ROOT'] . "/php-errors.log");
}
# set up INI options
date_default_timezone_set('Europe/London');
$database = new MySqlConnection($settings->DatabaseHost(), $settings->DatabaseUser(), $settings->DatabasePassword(), $settings->DatabaseName());
$manager = new MatchManager($settings, $database);
# get matches
$i_one_day = 86400;
# from yesterday
$i_start = gmdate('U') - $i_one_day * 1;
# in the next year, or as specified
$days = isset($_GET['days']) ? (int) $_GET['days'] : 365;
$i_end = gmdate('U') + $i_one_day * $days;
# Check for player type
$player_type = null;
$player_types = null;
if (isset($_GET['player'])) {
$player_type = PlayerType::Parse($_GET['player']);
if (!is_null($player_type)) {
$player_types = array($player_type);
<?php
ini_set('include_path', ini_get('include_path') . PATH_SEPARATOR . $_SERVER['DOCUMENT_ROOT'] . '/../classes/' . PATH_SEPARATOR . $_SERVER['DOCUMENT_ROOT'] . "/../");
require_once 'context/stoolball-settings.class.php';
require_once 'data/mysql-connection.class.php';
require_once 'http/short-url-manager.class.php';
$settings = new StoolballSettings();
$db = new MySqlConnection($settings->DatabaseHost(), $settings->DatabaseUser(), $settings->DatabasePassword(), $settings->DatabaseName());
$short_url_manager = new ShortUrlManager($settings, $db);
$real_url = $short_url_manager->ParseRequestUrl();
$db->Disconnect();
if (is_array($real_url)) {
$hidden_get_vars = array_combine($real_url['param_names'], $real_url['param_values']);
$_GET = array_merge($_GET, $hidden_get_vars);
$_SERVER['PHP_SELF'] = '/' . $real_url['script'];
require $real_url['script'];
} else {
# Hard-coded URLs which redirect to WordPress and so can't be in .htaccess
if (strtolower(trim($_SERVER['REQUEST_URI'], '/')) == "insurance") {
header("Location: /manage/insurance/");
exit;
}
# If page requested starting with /news, make WordPress think it was /category/news
if (substr(strtolower(trim($_SERVER['REQUEST_URI'], '/')), 0, 4) == "news") {
if ($_SERVER['REQUEST_URI'] == "/news") {
$_SERVER['REQUEST_URI'] = "/news/";
}
# Keeps the /category bit invisible if just /news requested
$_SERVER['REQUEST_URI'] = "/category" . $_SERVER['REQUEST_URI'];
}
# Does it look suspicious?