$register_globals = "<span class='errors'>" . ON . '</span>';
    $this_class = 'FAIL';
}
$status_check[] = array('Importance' => 'Info', 'Title' => LABEL_REGISTER_GLOBALS, 'Status' => $register_globals, 'Class' => $this_class, 'HelpURL' => ERROR_CODE_REGISTER_GLOBALS_ON, 'HelpLabel' => ERROR_TEXT_REGISTER_GLOBALS_ON);
//Check MySQL version
$mysql_support = function_exists('mysql_connect') ? ON : OFF;
$mysql_version = function_exists('mysql_get_server_info') ? @mysql_get_server_info() : UNKNOWN;
$mysql_version = $mysql_version == '' ? UNKNOWN : $mysql_version;
//if (is_object($db_test)) $mysql_qry=$db_test->get_server_info();
$mysql_ver_class = $mysql_version < '3.23.00' || $mysql_version > '5.0' ? 'FAIL' : 'OK';
$mysql_ver_class = $mysql_version == UNKNOWN ? 'WARN' : $mysql_ver_class;
$status_check[] = array('Importance' => 'Critical', 'Title' => LABEL_MYSQL_AVAILABLE, 'Status' => $mysql_support, 'Class' => $mysql_support == ON ? 'OK' : 'FAIL', 'HelpURL' => ERROR_CODE_DB_NOTSUPPORTED, 'HelpLabel' => ERROR_TEXT_DB_NOTSUPPORTED);
$status_check[] = array('Importance' => 'Info', 'Title' => LABEL_MYSQL_VER, 'Status' => $mysql_version, 'Class' => $mysql_ver_class, 'HelpURL' => ERROR_CODE_DB_VER_UNKNOWN, 'HelpLabel' => ERROR_TEXT_DB_VER_UNKNOWN);
//DB Privileges
if ($phreebooks_database_connect_OK) {
    $zdb_privs_list = db_check_database_privs('', '', true);
    $privs_array = explode('|||', $zdb_privs_list);
    $db_priv_ok = $privs_array[0];
    $zdb_privs = $privs_array[1];
    //  $granted_db = str_replace('`','',substr($zdb_privs,strpos($zdb_privs,' ON ')+4) );
    //  $db_priv_ok = ($granted_db == '*.*' || $granted_db==DB_DATABASE.'.*' || $granted_db==DB_DATABASE.'.'.$table) ? true : false;
    //  $zdb_privs = substr($zdb_privs,0,strpos($zdb_privs,' ON ')); //remove the "ON..." portion
    $zdb_privs_class = 'FAIL';
    $privs_matched = 0;
    if (substr_count($zdb_privs, 'ALL PRIVILEGES') > 0) {
        $zdb_privs_class = 'OK';
    }
    foreach (array('SELECT', 'INSERT', 'UPDATE', 'DELETE', 'CREATE', 'ALTER', 'INDEX', 'DROP') as $value) {
        if (in_array($value, explode(', ', $zdb_privs))) {
            $privs_matched++;
            $privs_found_text .= $value . ', ';
Example #2
0
function db_executeSql($sql_file, $database, $table_prefix = '', $isupgrade = false)
{
    if (!defined('DB_PREFIX')) {
        define('DB_PREFIX', $table_prefix);
    }
    //echo 'start SQL execute';
    global $db;
    $ignored_count = 0;
    // prepare for upgrader processing
    //    if ($isupgrade) gen_create_upgrader_table(); // only creates table if doesn't already exist
    if (!get_cfg_var('safe_mode')) {
        @set_time_limit(1200);
    }
    $lines = file($sql_file);
    //echo 'read number of lines = ' . count($lines) . '<br />';
    $newline = '';
    foreach ($lines as $line) {
        $line = trim($line);
        $keep_together = 1;
        // count of number of lines to treat as a single command
        // split the line into words ... starts at $param[0] and so on.  Also remove the ';' from end of last param if exists
        $param = explode(" ", substr($line, -1) == ';' ? substr($line, 0, strlen($line) - 1) : $line);
        // The following command checks to see if we're asking for a block of commands to be run at once.
        // Syntax: #NEXT_X_ROWS_AS_ONE_COMMAND:6     for running the next 6 commands together (commands denoted by a ;)
        if (substr($line, 0, 28) == '#NEXT_X_ROWS_AS_ONE_COMMAND:') {
            $keep_together = substr($line, 28);
        }
        if (substr($line, 0, 1) != '#' && substr($line, 0, 1) != '-' && $line != '') {
            $line_upper = strtoupper($line);
            switch (true) {
                case substr($line_upper, 0, 21) == 'DROP TABLE IF EXISTS ':
                    $line = 'DROP TABLE IF EXISTS ' . $table_prefix . substr($line, 21);
                    break;
                case substr($line_upper, 0, 11) == 'DROP TABLE ' && $param[2] != 'IF':
                    if (!($checkprivs = db_check_database_privs('DROP'))) {
                        $result = sprintf(REASON_NO_PRIVILEGES, 'DROP');
                    }
                    if (!install_table_exists($param[2]) || gen_not_null($result)) {
                        install_write_to_upgrade_exceptions_table($line, gen_not_null($result) ? $result : sprintf(REASON_TABLE_DOESNT_EXIST, $param[2]), $sql_file);
                        $ignore_line = true;
                        $result = gen_not_null($result) ? $result : sprintf(REASON_TABLE_DOESNT_EXIST, $param[2]);
                        //duplicated here for on-screen error-reporting
                        break;
                    } else {
                        $line = 'DROP TABLE ' . $table_prefix . substr($line, 11);
                    }
                    break;
                case substr($line_upper, 0, 13) == 'CREATE TABLE ':
                    // check to see if table exists
                    $table = strtoupper($param[2] . ' ' . $param[3] . ' ' . $param[4]) == 'IF NOT EXISTS' ? $param[5] : $param[2];
                    $result = install_table_exists($table);
                    if ($result == true) {
                        install_write_to_upgrade_exceptions_table($line, sprintf(REASON_TABLE_ALREADY_EXISTS, $table), $sql_file);
                        $ignore_line = true;
                        $result = sprintf(REASON_TABLE_ALREADY_EXISTS, $table);
                        //duplicated here for on-screen error-reporting
                        break;
                    } else {
                        $line = strtoupper($param[2] . ' ' . $param[3] . ' ' . $param[4]) == 'IF NOT EXISTS' ? 'CREATE TABLE IF NOT EXISTS ' . $table_prefix . substr($line, 27) : 'CREATE TABLE ' . $table_prefix . substr($line, 13);
                    }
                    break;
                case substr($line_upper, 0, 12) == 'INSERT INTO ':
                    //check to see if table prefix is going to match
                    $param[2] = str_replace('`', '', $param[2]);
                    if (!($tbl_exists = install_table_exists($param[2]))) {
                        $result = sprintf(REASON_TABLE_NOT_FOUND, $param[2]) . ' CHECK PREFIXES!';
                    }
                    // check to see if INSERT command may be safely executed for "configuration" or "product_type_layout" tables
                    if ($param[2] == 'configuration' && ($result = install_check_config_key($line)) or !$tbl_exists) {
                        install_write_to_upgrade_exceptions_table($line, $result, $sql_file);
                        $ignore_line = true;
                        break;
                    } else {
                        $line = 'INSERT INTO ' . $table_prefix . substr($line, 12);
                    }
                    break;
                case substr($line_upper, 0, 12) == 'ALTER TABLE ':
                    // check to see if ALTER command may be safely executed
                    if ($result = install_check_alter_command($param)) {
                        install_write_to_upgrade_exceptions_table($line, $result, $sql_file);
                        $ignore_line = true;
                        break;
                    } else {
                        $line = 'ALTER TABLE ' . $table_prefix . substr($line, 12);
                    }
                    break;
                case substr($line_upper, 0, 13) == 'RENAME TABLE ':
                    // RENAME TABLE command cannot be parsed to insert table prefixes, so skip if using prefixes
                    if (gen_not_null(DB_PREFIX)) {
                        install_write_to_upgrade_exceptions_table($line, 'RENAME TABLE command not supported by upgrader. Please use phpMyAdmin instead.', $sql_file);
                        $ignore_line = true;
                    }
                    break;
                case substr($line_upper, 0, 7) == 'UPDATE ':
                    //check to see if table prefix is going to match
                    if (!($tbl_exists = install_table_exists($param[1]))) {
                        install_write_to_upgrade_exceptions_table($line, sprintf(REASON_TABLE_NOT_FOUND, $param[1]) . ' CHECK PREFIXES!', $sql_file);
                        $result = sprintf(REASON_TABLE_NOT_FOUND, $param[1]) . ' CHECK PREFIXES!';
                        $ignore_line = true;
                        break;
                    } else {
                        $line = 'UPDATE ' . $table_prefix . substr($line, 7);
                    }
                    break;
                case substr($line_upper, 0, 12) == 'DELETE FROM ':
                    $line = 'DELETE FROM ' . $table_prefix . substr($line, 12);
                    break;
                case substr($line_upper, 0, 11) == 'DROP INDEX ':
                    // check to see if DROP INDEX command may be safely executed
                    if ($result = install_drop_index_command($param)) {
                        install_write_to_upgrade_exceptions_table($line, $result, $sql_file);
                        $ignore_line = true;
                        break;
                    } else {
                        $line = 'DROP INDEX ' . $param[2] . ' ON ' . $table_prefix . $param[4];
                    }
                    break;
                case substr($line_upper, 0, 13) == 'CREATE INDEX ' || strtoupper($param[0]) == 'CREATE' && strtoupper($param[2]) == 'INDEX':
                    // check to see if CREATE INDEX command may be safely executed
                    if ($result = install_create_index_command($param)) {
                        install_write_to_upgrade_exceptions_table($line, $result, $sql_file);
                        $ignore_line = true;
                        break;
                    } else {
                        if (strtoupper($param[1]) == 'INDEX') {
                            $line = trim('CREATE INDEX ' . $param[2] . ' ON ' . $table_prefix . implode(' ', array($param[4], $param[5], $param[6], $param[7], $param[8], $param[9], $param[10], $param[11], $param[12], $param[13]))) . ';';
                            // add the ';' back since it was removed from $param at start
                        } else {
                            $line = trim('CREATE ' . $param[1] . ' INDEX ' . $param[3] . ' ON ' . $table_prefix . implode(' ', array($param[5], $param[6], $param[7], $param[8], $param[9], $param[10], $param[11], $param[12], $param[13])));
                            // add the ';' back since it was removed from $param at start
                        }
                    }
                    break;
                case substr($line_upper, 0, 8) == 'SELECT (' && substr_count($line, 'FROM ') > 0:
                    $line = str_replace('FROM ', 'FROM ' . $table_prefix, $line);
                    break;
                case substr($line_upper, 0, 10) == 'LEFT JOIN ':
                    $line = 'LEFT JOIN ' . $table_prefix . substr($line, 10);
                    break;
                case substr($line_upper, 0, 5) == 'FROM ':
                    if (substr_count($line, ',') > 0) {
                        // contains FROM and a comma, thus must parse for multiple tablenames
                        $tbl_list = explode(',', substr($line, 5));
                        $line = 'FROM ';
                        foreach ($tbl_list as $val) {
                            $line .= $table_prefix . trim($val) . ',';
                            // add prefix and comma
                        }
                        //end foreach
                        if (substr($line, -1) == ',') {
                            $line = substr($line, 0, strlen($line) - 1);
                        }
                        // remove trailing ','
                    } else {
                        //didn't have a comma, but starts with "FROM ", so insert table prefix
                        $line = str_replace('FROM ', 'FROM ' . $table_prefix, $line);
                    }
                    //endif substr_count(,)
                    break;
                default:
                    break;
            }
            //end switch
            $newline .= $line . ' ';
            if (substr($line, -1) == ';') {
                //found a semicolon, so treat it as a full command, incrementing counter of rows to process at once
                if (substr($newline, -1) == ' ') {
                    $newline = substr($newline, 0, strlen($newline) - 1);
                }
                $lines_to_keep_together_counter++;
                if ($lines_to_keep_together_counter == $keep_together) {
                    // if all grouped rows have been loaded, go to execute.
                    $complete_line = true;
                    $lines_to_keep_together_counter = 0;
                } else {
                    $complete_line = false;
                }
            }
            //endif found ';'
            if ($complete_line) {
                if ($debug == true) {
                    echo (!$ignore_line ? '<br />About to execute.' : 'Ignoring statement. This command WILL NOT be executed.') . '<br />Debug info:<br />$ line=' . $line . '<br />$ complete_line=' . $complete_line . '<br />$ keep_together=' . $keep_together . '<br />SQL=' . $newline . '<br /><br />';
                }
                if (get_magic_quotes_runtime() > 0) {
                    $newline = stripslashes($newline);
                }
                if (trim(str_replace(';', '', $newline)) != '' && !$ignore_line) {
                    $output = $db->Execute($newline);
                }
                $results++;
                $string .= $newline . '<br />';
                $return_output[] = $output;
                if (gen_not_null($result)) {
                    $errors[] = $result;
                }
                // reset var's
                $newline = '';
                $keep_together = 1;
                $complete_line = false;
                if ($ignore_line) {
                    $ignored_count++;
                }
                $ignore_line = false;
                // show progress bar
                global $zc_show_progress;
                if ($zc_show_progress == 'yes') {
                    $counter++;
                    if ($counter / 5 == (int) ($counter / 5)) {
                        echo '~ ';
                    }
                    if ($counter > 200) {
                        echo '<br /><br />';
                        $counter = 0;
                    }
                    @ob_flush();
                    @flush();
                }
            }
            //endif $complete_line
        }
        //endif ! # or -
    }
    // end foreach $lines
    return array('queries' => $results, 'string' => $string, 'output' => $return_output, 'ignored' => $ignored_count, 'errors' => $errors);
}
Example #3
0
function install_check_alter_command($param)
{
    global $db;
    if (!gen_not_null($param)) {
        return "Empty SQL Statement";
    }
    if (!($checkprivs = db_check_database_privs('ALTER'))) {
        return sprintf(REASON_NO_PRIVILEGES, DB_SERVER_USERNAME, DB_SERVER, 'ALTER');
    }
    switch (strtoupper($param[3])) {
        case "ADD":
            if (strtoupper($param[4]) == 'INDEX') {
                // check that the index to be added doesn't already exist
                $index = $param[5];
                $sql = "show index from " . DB_PREFIX . $param[2];
                $result = $db->Execute($sql);
                while (!$result->EOF) {
                    if (ZC_UPG_DEBUG3 == true) {
                        echo 'KEY: ' . $result->fields['Key_name'] . '<br />';
                    }
                    if ($result->fields['Key_name'] == $index) {
                        return sprintf(REASON_INDEX_ALREADY_EXISTS, $index, $param[2]);
                    }
                    $result->MoveNext();
                }
            } elseif (strtoupper($param[4]) == 'PRIMARY') {
                // check that the primary key to be added doesn't exist
                if ($param[5] != 'KEY') {
                    return;
                }
                $sql = "show index from " . DB_PREFIX . $param[2];
                $result = $db->Execute($sql);
                while (!$result->EOF) {
                    if (ZC_UPG_DEBUG3 == true) {
                        echo $result->fields['Key_name'] . '<br />';
                    }
                    if ($result->fields['Key_name'] == 'PRIMARY') {
                        return sprintf(REASON_PRIMARY_KEY_ALREADY_EXISTS, $param[2]);
                    }
                    $result->MoveNext();
                }
            } elseif (!in_array(strtoupper($param[4]), array('CONSTRAINT', 'UNIQUE', 'PRIMARY', 'FULLTEXT', 'FOREIGN', 'SPATIAL'))) {
                // check that the column to be added does not exist
                $colname = $param[4] == 'COLUMN' ? $param[5] : $param[4];
                $sql = "show fields from " . DB_PREFIX . $param[2];
                $result = $db->Execute($sql);
                while (!$result->EOF) {
                    if (ZC_UPG_DEBUG3 == true) {
                        echo $result->fields['Field'] . '<br />';
                    }
                    if ($result->fields['Field'] == $colname) {
                        return sprintf(REASON_COLUMN_ALREADY_EXISTS, $colname);
                    }
                    $result->MoveNext();
                }
                //endif COLUMN
                /* 
                 * @TODO -- add check for AFTER parameter, to check that the AFTER colname specified actually exists first
                 *       -- same with FIRST
                 */
            }
            break;
        case "DROP":
            if (strtoupper($param[4]) == 'INDEX') {
                // check that the index to be dropped exists
                $index = $param[5];
                $sql = "show index from " . DB_PREFIX . $param[2];
                $result = $db->Execute($sql);
                while (!$result->EOF) {
                    if (ZC_UPG_DEBUG3 == true) {
                        echo $result->fields['Key_name'] . '<br />';
                    }
                    if ($result->fields['Key_name'] == $index) {
                        return;
                        // exists, so return with no error
                    }
                    $result->MoveNext();
                }
                // if we get here, then the index didn't exist
                return sprintf(REASON_INDEX_DOESNT_EXIST_TO_DROP, $index, $param[2]);
            } elseif (strtoupper($param[4]) == 'PRIMARY') {
                // check that the primary key to be dropped exists
                if ($param[5] != 'KEY') {
                    return;
                }
                $sql = "show index from " . DB_PREFIX . $param[2];
                $result = $db->Execute($sql);
                while (!$result->EOF) {
                    if (ZC_UPG_DEBUG3 == true) {
                        echo $result->fields['Key_name'] . '<br />';
                    }
                    if ($result->fields['Key_name'] == 'PRIMARY') {
                        return;
                        // exists, so return with no error
                    }
                    $result->MoveNext();
                }
                // if we get here, then the primary key didn't exist
                return sprintf(REASON_PRIMARY_KEY_DOESNT_EXIST_TO_DROP, $param[2]);
            } elseif (!in_array(strtoupper($param[4]), array('CONSTRAINT', 'UNIQUE', 'PRIMARY', 'FULLTEXT', 'FOREIGN', 'SPATIAL'))) {
                // check that the column to be dropped exists
                $colname = $param[4] == 'COLUMN' ? $param[5] : $param[4];
                $sql = "show fields from " . DB_PREFIX . $param[2];
                $result = $db->Execute($sql);
                while (!$result->EOF) {
                    if (ZC_UPG_DEBUG3 == true) {
                        echo $result->fields['Field'] . '<br />';
                    }
                    if ($result->fields['Field'] == $colname) {
                        return;
                        // exists, so return with no error
                    }
                    $result->MoveNext();
                }
                // if we get here, then the column didn't exist
                return sprintf(REASON_COLUMN_DOESNT_EXIST_TO_DROP, $colname);
            }
            //endif 'DROP'
            break;
        case "ALTER":
        case "MODIFY":
        case "CHANGE":
            // just check that the column to be changed 'exists'
            $colname = $param[4] == 'COLUMN' ? $param[5] : $param[4];
            $sql = "show fields from " . DB_PREFIX . $param[2];
            $result = $db->Execute($sql);
            while (!$result->EOF) {
                if (ZC_UPG_DEBUG3 == true) {
                    echo $result->fields['Field'] . '<br />';
                }
                if ($result->fields['Field'] == $colname) {
                    return;
                    // exists, so return with no error
                }
                $result->MoveNext();
            }
            // if we get here, then the column didn't exist
            return sprintf(REASON_COLUMN_DOESNT_EXIST_TO_CHANGE, $colname);
            break;
        default:
            // if we get here, then we're processing an ALTER command other than what we're checking for, so let it be processed.
            return;
            break;
    }
    //end switch
}