PHP zen_check_database_privs Examples

Example #1

File: header_php.php Project: dalinhuang/cameras

 if (ZC_UPG_DEBUG == true) {
     echo 'configure.php file exists<br />';
 }
 @(require_once DIR_WS_INCLUDES . 'configure.php');
 require DIR_WS_INCLUDES . 'classes/db/' . DB_TYPE . '/query_factory.php';
 //open database connection to run queries against it
 $db_test = new queryFactory();
 $db_test->Connect(DB_SERVER, DB_SERVER_USERNAME, DB_SERVER_PASSWORD, DB_DATABASE) or die("Unable to connect to database");
 //check to see if a database_table_prefix has been defined.  If not, set it to blank.
 if (!defined('DB_PREFIX') || DB_PREFIX == 'DB_PREFIX' || "'" . DB_PREFIX . "'" == 'DB_PREFIX') {
     define('DB_PREFIX', '');
 }
 // Now check the database for what version it's at, if found
 require 'includes/classes/class.installer_version_manager.php';
 $dbinfo = new versionManager();
 $privs_array = explode('|||', zen_check_database_privs('', '', true));
 $db_priv_ok = $privs_array[0];
 $zdb_privs_list = $privs_array[1];
 $privs_found_text = '';
 if (ZC_UPG_DEBUG == true) {
     echo 'privs_list_to_parse=' . $db_priv_ok . '|||' . $zdb_privs_list;
 }
 foreach (array('ALL PRIVILEGES', 'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'CREATE', 'ALTER', 'INDEX', 'DROP') as $value) {
     if (in_array($value, explode(', ', $zdb_privs_list))) {
         $privs_found_text .= $value . ', ';
     }
 }
 $zdb_privs = str_replace(',  ', ' ', $privs_found_text . ' ');
 if (!zen_not_null($zdb_privs)) {
     $zdb_privs = $zdb_privs_list;
 }

Example #2

File: general.php Project: HIroyaKusui/zc-v1-series

function zen_check_alter_command($param)
{
    global $db;
    if (!zen_not_null($param)) {
        return "Empty SQL Statement";
    }
    if (!($checkprivs = zen_check_database_privs('ALTER'))) {
        return sprintf(REASON_NO_PRIVILEGES, DB_SERVER_USERNAME, DB_SERVER, 'ALTER');
    }
    if (!($tbl_exists = zen_table_exists($param[2]))) {
        return sprintf(REASON_TABLE_NOT_FOUND, $param[2]) . ' CHECK PREFIXES!';
    }
    switch (strtoupper($param[3])) {
        case "ADD":
            if (strtoupper($param[4]) == 'INDEX') {
                // check that the index to be added doesn't already exist
                $index = $param[5];
                $sql = "show index from " . DB_PREFIX . $param[2];
                $result = $db->Execute($sql);
                while (!$result->EOF) {
                    if (ZC_UPG_DEBUG3 == true) {
                        echo 'KEY: ' . $result->fields['Key_name'] . '<br />';
                    }
                    if ($result->fields['Key_name'] == $index) {
                        return sprintf(REASON_INDEX_ALREADY_EXISTS, $index, $param[2]);
                    }
                    $result->MoveNext();
                }
            } elseif (strtoupper($param[4]) == 'PRIMARY') {
                // check that the primary key to be added doesn't exist
                if ($param[5] != 'KEY') {
                    return;
                }
                $sql = "show index from " . DB_PREFIX . $param[2];
                $result = $db->Execute($sql);
                while (!$result->EOF) {
                    if (ZC_UPG_DEBUG3 == true) {
                        echo $result->fields['Key_name'] . '<br />';
                    }
                    if ($result->fields['Key_name'] == 'PRIMARY') {
                        return sprintf(REASON_PRIMARY_KEY_ALREADY_EXISTS, $param[2]);
                    }
                    $result->MoveNext();
                }
            } elseif (!in_array(strtoupper($param[4]), array('CONSTRAINT', 'UNIQUE', 'PRIMARY', 'FULLTEXT', 'FOREIGN', 'SPATIAL'))) {
                // check that the column to be added does not exist
                $colname = $param[4] == 'COLUMN' ? $param[5] : $param[4];
                $sql = "show fields from " . DB_PREFIX . $param[2];
                $result = $db->Execute($sql);
                while (!$result->EOF) {
                    if (ZC_UPG_DEBUG3 == true) {
                        echo $result->fields['Field'] . '<br />';
                    }
                    if ($result->fields['Field'] == $colname) {
                        return sprintf(REASON_COLUMN_ALREADY_EXISTS, $colname);
                    }
                    $result->MoveNext();
                }
            } elseif (strtoupper($param[5]) == 'AFTER') {
                // check that the requested "after" field actually exists
                $colname = $param[6] == 'COLUMN' ? $param[7] : $param[6];
                $sql = "show fields from " . DB_PREFIX . $param[2];
                $result = $db->Execute($sql);
                while (!$result->EOF) {
                    if (ZC_UPG_DEBUG3 == true) {
                        echo $result->fields['Field'] . '<br />';
                    }
                    if ($result->fields['Field'] == $colname) {
                        return;
                        // exists, so return with no error
                    }
                    $result->MoveNext();
                }
            } elseif (strtoupper($param[6]) == 'AFTER') {
                // check that the requested "after" field actually exists
                $colname = $param[7] == 'COLUMN' ? $param[8] : $param[7];
                $sql = "show fields from " . DB_PREFIX . $param[2];
                $result = $db->Execute($sql);
                while (!$result->EOF) {
                    if (ZC_UPG_DEBUG3 == true) {
                        echo $result->fields['Field'] . '<br />';
                    }
                    if ($result->fields['Field'] == $colname) {
                        return;
                        // exists, so return with no error
                    }
                    $result->MoveNext();
                }
                /*
                 * @TODO -- add check for FIRST parameter, to check that the FIRST colname specified actually exists
                 */
            }
            break;
        case "DROP":
            if (strtoupper($param[4]) == 'INDEX') {
                // check that the index to be dropped exists
                $index = $param[5];
                $sql = "show index from " . DB_PREFIX . $param[2];
                $result = $db->Execute($sql);
                while (!$result->EOF) {
                    if (ZC_UPG_DEBUG3 == true) {
                        echo $result->fields['Key_name'] . '<br />';
                    }
                    if ($result->fields['Key_name'] == $index) {
                        return;
                        // exists, so return with no error
                    }
                    $result->MoveNext();
                }
                // if we get here, then the index didn't exist
                return sprintf(REASON_INDEX_DOESNT_EXIST_TO_DROP, $index, $param[2]);
            } elseif (strtoupper($param[4]) == 'PRIMARY') {
                // check that the primary key to be dropped exists
                if ($param[5] != 'KEY') {
                    return;
                }
                $sql = "show index from " . DB_PREFIX . $param[2];
                $result = $db->Execute($sql);
                while (!$result->EOF) {
                    if (ZC_UPG_DEBUG3 == true) {
                        echo $result->fields['Key_name'] . '<br />';
                    }
                    if ($result->fields['Key_name'] == 'PRIMARY') {
                        return;
                        // exists, so return with no error
                    }
                    $result->MoveNext();
                }
                // if we get here, then the primary key didn't exist
                return sprintf(REASON_PRIMARY_KEY_DOESNT_EXIST_TO_DROP, $param[2]);
            } elseif (!in_array(strtoupper($param[4]), array('CONSTRAINT', 'UNIQUE', 'PRIMARY', 'FULLTEXT', 'FOREIGN', 'SPATIAL'))) {
                // check that the column to be dropped exists
                $colname = $param[4] == 'COLUMN' ? $param[5] : $param[4];
                $sql = "show fields from " . DB_PREFIX . $param[2];
                $result = $db->Execute($sql);
                while (!$result->EOF) {
                    if (ZC_UPG_DEBUG3 == true) {
                        echo $result->fields['Field'] . '<br />';
                    }
                    if ($result->fields['Field'] == $colname) {
                        return;
                        // exists, so return with no error
                    }
                    $result->MoveNext();
                }
                // if we get here, then the column didn't exist
                return sprintf(REASON_COLUMN_DOESNT_EXIST_TO_DROP, $colname);
            }
            //endif 'DROP'
            break;
        case "ALTER":
        case "MODIFY":
        case "CHANGE":
            // just check that the column to be changed 'exists'
            $colname = $param[4] == 'COLUMN' ? $param[5] : $param[4];
            $sql = "show fields from " . DB_PREFIX . $param[2];
            $result = $db->Execute($sql);
            while (!$result->EOF) {
                if (ZC_UPG_DEBUG3 == true) {
                    echo 'Field: ' . $result->fields['Field'] . '<br />';
                }
                if ($result->fields['Field'] == $colname) {
                    if (ZC_UPG_DEBUG3 == true) {
                        echo '**FOUND**<br />';
                    }
                    return;
                    // exists, so return with no error
                }
                $result->MoveNext();
            }
            if (ZC_UPG_DEBUG3 == true) {
                echo '******NOT FOUND (' . $colname . ') ******<br />';
            }
            // if we get here, then the column didn't exist
            return sprintf(REASON_COLUMN_DOESNT_EXIST_TO_CHANGE, $colname);
            break;
        default:
            // if we get here, then we're processing an ALTER command other than what we're checking for, so let it be processed.
            return;
            break;
    }
    //end switch
}

Example #3

File: header_php.php Project: severnaya99/Sg-2010

    $register_globals = "<span class='errors'>" . ON . '</span>';
    $this_class = 'WARN';
}
$status_check[] = array('Importance' => 'Info', 'Title' => LABEL_REGISTER_GLOBALS, 'Status' => $register_globals, 'Class' => $this_class, 'HelpURL' => ERROR_CODE_REGISTER_GLOBALS_ON, 'HelpLabel' => ERROR_TEXT_REGISTER_GLOBALS_ON);
//Check MySQL version
$mysql_support = function_exists('mysql_connect') ? ON : OFF;
$mysql_version = function_exists('mysql_get_server_info') ? @mysql_get_server_info() : UNKNOWN;
$mysql_version = $mysql_version == '' ? UNKNOWN : $mysql_version;
//if (is_object($db_test)) $mysql_qry=$db_test->get_server_info();
$mysql_ver_class = $mysql_version < '3.23.00' || $mysql_version > '5.0' ? 'FAIL' : 'OK';
$mysql_ver_class = $mysql_version == UNKNOWN ? 'WARN' : $mysql_ver_class;
$status_check[] = array('Importance' => 'Critical', 'Title' => LABEL_MYSQL_AVAILABLE, 'Status' => $mysql_support, 'Class' => $mysql_support == ON ? 'OK' : 'FAIL', 'HelpURL' => ERROR_CODE_DB_NOTSUPPORTED, 'HelpLabel' => ERROR_TEXT_DB_NOTSUPPORTED);
$status_check[] = array('Importance' => 'Info', 'Title' => LABEL_MYSQL_VER, 'Status' => $mysql_version, 'Class' => $mysql_ver_class, 'HelpURL' => ERROR_CODE_DB_VER_UNKNOWN, 'HelpLabel' => ERROR_TEXT_DB_VER_UNKNOWN);
//DB Privileges
if ($zen_cart_database_connect_OK) {
    $zdb_privs_list = zen_check_database_privs('', '', true);
    $privs_array = explode('|||', $zdb_privs_list);
    $db_priv_ok = $privs_array[0];
    $zdb_privs = $privs_array[1];
    if (ZC_UPG_DEBUG == true) {
        echo 'privs_list_to_parse=' . $db_priv_ok . '|||' . $zdb_privs;
    }
    //  $granted_db = str_replace('`','',substr($zdb_privs,strpos($zdb_privs,' ON ')+4) );
    //  $db_priv_ok = ($granted_db == '*.*' || $granted_db==DB_DATABASE.'.*' || $granted_db==DB_DATABASE.'.'.$table) ? true : false;
    //  $zdb_privs = substr($zdb_privs,0,strpos($zdb_privs,' ON ')); //remove the "ON..." portion
    $zdb_privs_class = 'FAIL';
    $privs_matched = 0;
    if (substr_count($zdb_privs, 'ALL PRIVILEGES') > 0) {
        $zdb_privs_class = 'OK';
    }
    foreach (array('SELECT', 'INSERT', 'UPDATE', 'DELETE', 'CREATE', 'ALTER', 'INDEX', 'DROP') as $value) {