/**
* Database object constructor
* @param string Database host
* @param string Database user name
* @param string Database user password
* @param string Database name
* @param string Common prefix for all tables
*/
function __construct($options)
{
//var_dump_pre($options);
$host = array_key_exists('host', $options) ? $options['host'] : 'localhost';
$user = array_key_exists('user', $options) ? $options['user'] : '';
$password = array_key_exists('password', $options) ? $options['password'] : '';
$database = array_key_exists('database', $options) ? $options['database'] : '';
$prefix = array_key_exists('prefix', $options) ? $options['prefix'] : 'jos_';
$select = array_key_exists('select', $options) ? $options['select'] : true;
// perform a number of fatality checks, then return gracefully
if (!function_exists('mssql_connect')) {
$this->_errorNum = 1;
$this->_errorMsg = 'The MSSQL adapter "mssql" is not available.';
return;
}
// connect to the server
if (!($this->_resource = @mssql_connect($host, $user, $password, true))) {
$this->_errorNum = 2;
$this->_errorMsg = 'Could not connect to MSSQL: ' . mssql_get_last_message();
print_r($this->_resource);
return;
} else {
$this->connected = true;
}
// finalize initializations
parent::__construct($options);
// select the database
if ($select) {
$this->select('[' . $database . ']');
}
}
function SetMSSQLError($scope, $error)
{
if (($last_error = mssql_get_last_message()) != "") {
$error .= ": " . $last_error;
}
return $this->SetError($scope, $error);
}
public function query($sql)
{
$resource = mssql_query($sql, $this->link);
if ($resource) {
if (is_resource($resource)) {
$i = 0;
$data = array();
while ($result = mssql_fetch_assoc($resource)) {
$data[$i] = $result;
$i++;
}
mssql_free_result($resource);
$query = new stdClass();
$query->row = isset($data[0]) ? $data[0] : array();
$query->rows = $data;
$query->num_rows = $i;
unset($data);
return $query;
} else {
return true;
}
} else {
trigger_error('Error: ' . mssql_get_last_message($this->link) . '<br />' . $sql);
exit;
}
}
/**
* Loads the columns for this table.
* @return void
*/
protected function initColumns()
{
include_once 'creole/metadata/ColumnInfo.php';
include_once 'creole/drivers/mssql/MSSQLTypes.php';
if (!@mssql_select_db($this->dbname, $this->conn->getResource())) {
throw new SQLException('No database selected');
}
$res = mssql_query("sp_columns " . $this->name, $this->conn->getResource());
if (!$res) {
throw new SQLException('Could not get column names', mssql_get_last_message());
}
while ($row = mssql_fetch_array($res)) {
$name = $row['COLUMN_NAME'];
$type = $row['TYPE_NAME'];
$length = $row['LENGTH'];
$is_nullable = $row['NULLABLE'];
$default = $row['COLUMN_DEF'];
$precision = $row['PRECISION'];
$scale = $row['SCALE'];
$identity = false;
if (strtolower($type) == "int identity") {
$identity = true;
}
$this->columns[$name] = new ColumnInfo($this, $name, MSSQLTypes::getType($type), $type, $length, $precision, $scale, $is_nullable, $default, $identity);
}
$this->colsLoaded = true;
}
function my_query($str_query, $conex)
{
global $conf_db_type, $conf_is_prod;
$queries2log = array('UPD', 'DEL', 'DRO', 'ALT', 'TRU');
if (in_array(strtoupper(substr($str_query, 0, 3)), $queries2log) && !$conf_is_prod) {
@write_log('db_trans', $str_query);
}
switch ($conf_db_type) {
case 'mysql':
$res = @mysql_query($str_query, $conex);
if ($res) {
return $res;
} else {
write_log('db_error', mysql_error() . " ----> " . $str_query);
}
break;
case 'mssql':
$res = @mssql_query($str_query, $conex);
if ($res) {
return $res;
} else {
write_log('db_error', mssql_get_last_message() . " ----> " . $str_query);
}
break;
}
}
function _catch($msg = "")
{
if (!($this->error = mssql_get_last_message())) {
return true;
}
$this->error($msg . "<br>{$this->query} \n {$this->error}");
}
function DriverMssqlExec($conn, $sql)
{
$result = mssql_query($sql, $conn);
if (!$result) {
throw new lmbDbException('MSSQL execute error happened: ' . mssql_get_last_message() . ". SQL: " . $sql);
}
}
/**
* @param $sql
*
* @return array
*/
public function query($sql)
{
//
$this->connection = $this->getConnection();
// Run query
$query = mssql_query($sql, $this->connection);
// On error
if ($query === false) {
Response::error(500, $_SERVER["SERVER_PROTOCOL"] . ' DB query failed (SQL): ' . mssql_get_last_message());
}
// E.g. boolean is returned if no rows (e.g. no resource found or on UPDATE)
if ($query === true) {
$response = $query;
} else {
// Response
$response = array();
//
// Loop rows and add to response array
if (mssql_num_rows($query) > 0) {
while ($row = mssql_fetch_assoc($query)) {
$response[] = $row;
}
}
// Free the query result
mssql_free_result($query);
}
// Close link
$this->closeConnection();
//
return $response;
}
function dbquery_func_old($connection_info, $query, $debug = "off")
{
if ($connection_info['db_type'] == "mysql") {
mysql_connect($connection_info['db_host'] . ":" . $connection_info['db_port'], $connection_info['username'], $connection_info['password']) or die("Unable to connect to " . $connection_info['db_host']);
mysql_select_db($connection_info['db_name']) or die("Unable to select database " . $connection_info['db_name']);
$return = mysql_query($query);
if ($debug == "on") {
$merror = mysql_error();
if (!empty($merror)) {
print "MySQL Error:<br />" . $merror . "<p />Query<br />: " . $query . "<br />";
}
print "Number of rows returned: " . mysql_num_rows($return) . "<br />";
}
} else {
if ($connection_info['db_type'] == "mssql") {
mssql_connect($connection_info['db_host'] . "," . $connection_info['db_port'], $connection_info['username'], $connection_info['password']) or die("Unable to connect to " . $connection_info['db_host'] . "<br />" . $query);
mssql_select_db($connection_info['db_name']) or die("Unable to select database " . $connection_info['db_name']);
$return = mssql_query($query);
if ($debug == "on") {
$merror = mssql_get_last_message();
if (!empty($merror)) {
print "MySQL Error: " . $merror . "<br />Query" . $query . "<br />";
}
print "Number of rows returned: " . mssql_num_rows($result) . "<br />";
}
}
}
return $return;
}
public function query($sql)
{
$resource = mssql_query($sql, $this->link);
if ($resource) {
if (is_resource($resource)) {
$i = 0;
$data = array();
while ($result = mssql_fetch_assoc($resource)) {
$data[$i] = $result;
$i++;
}
mssql_free_result($resource);
$query = new Object();
$row = isset(Arrays::first($data)) ? Arrays::first($data) : array();
$query->setRow($row)->setRows($data)->setNumRows($i);
unset($data);
return $query;
} else {
return true;
}
} else {
trigger_error('Error: ' . mssql_get_last_message($this->link) . '<br />' . $sql);
exit;
}
}
/**
* Creates a connection resource.
*/
protected function _connect()
{
if (is_resource($this->_connection)) {
// connection already exists
return;
}
if (!extension_loaded('mssql')) {
throw new Exception('The mssql extension is required for this adapter but the extension is not loaded');
}
$serverName = $this->_config['host'];
if (isset($this->_config['port'])) {
$port = (int) $this->_config['port'];
$serverName .= ', ' . $port;
}
$username = $password = '';
if (isset($this->_config['username']) && isset($this->_config['password'])) {
$username = $this->_config['username'];
$password = $this->_config['password'];
}
$this->_connection = mssql_connect($serverName, $username, $password);
if (!$this->_connection) {
throw new Exception('Mssql Connection Error: ' . mssql_get_last_message());
}
if (isset($this->_config['dbname']) && !mssql_select_db($this->_config['dbname'])) {
throw new Exception('Unable to connect or select database ' . $this->_config['dbname']);
}
}
function query($sql){
$res = mssql_query($sql, $this->conn);
if (!$res){
throw new Exception("Query error: " . mssql_get_last_message());
}
return new knjdb_result($this->knjdb, $this, $res);
}
/**
* Executes the SQL query.
* @param string SQL statement.
* @return IDibiResultDriver|NULL
* @throws DibiDriverException
*/
public function query($sql)
{
$this->resultSet = @mssql_query($sql, $this->connection);
// intentionally @
if ($this->resultSet === FALSE) {
throw new DibiDriverException(mssql_get_last_message(), 0, $sql);
}
return is_resource($this->resultSet) ? clone $this : NULL;
}
function throwSQLError($message, $query = '')
{
$output = ucfirst($message) . ', the error returned was:<br><br><font color="red">' . mssql_get_last_message();
if ($query != '') {
$output .= '<br>The query I attempted to execute was: ' . $query;
}
$output .= '</font><br><br>';
echo $output . '<br>';
}
/**
* Connects to the database.
*
* @param string $host
* @param string $username
* @param string $password
* @param string $db_name
* @return boolean TRUE, if connected, otherwise FALSE
*/
function connect($host, $user, $passwd, $db)
{
$this->conn = mssql_pconnect($host, $user, $passwd);
if (empty($db) or $this->conn == false) {
PMF_Db::errorPage(mssql_get_last_message());
die;
}
return mssql_select_db($db, $this->conn);
}
public function open()
{
$this->gp = mssql_connect($this->host, $this->user, $this->pass);
if ($this->gp === false) {
throw new \Exception("Error connecting to mssql server. " . mssql_get_last_message());
}
mssql_select_db($this->company, $this->gp);
$this->connected = true;
}
function halt($message = '', $sql = '')
{
$dberror = mssql_get_last_message();
if (DEBUG_MODE) {
echo "<div style=\"position:absolute;font-size:11px;font-family:verdana,arial;background:#EBEBEB;padding:0.5em;\">\n\t\t\t<b>MySQL Error</b><br>\n\t\t\t<b>Message</b>: {$message}<br>\n\t\t\t<b>SQL</b>: {$sql}<br>\n\t\t\t<b>Error</b>: {$dberror}<br>\n\t\t\t<b>Errno.</b>: {$dberrno}<br>\n\t\t\t</div>";
} else {
echo "<div style=\"position:absolute;font-size:11px;font-family:verdana,arial;background:#EBEBEB;padding:0.5em;\">\n\t\t<b>MySQL Error</b><br>\n\t\t<b>Message</b>: {$message}<br>\n\t\t</div>";
}
exit;
}
/**
* This function initializes the class.
*
* @access public
* @override
* @param DB_Connection_Driver $connection the connection to be used
* @param string $sql the SQL statement to be queried
* @param integer $mode the execution mode to be used
* @throws Throwable_SQL_Exception indicates that the query failed
*/
public function __construct(DB_Connection_Driver $connection, $sql, $mode = NULL)
{
$resource = $connection->get_resource();
$command = @mssql_query($sql, $resource);
if ($command === FALSE) {
throw new Throwable_SQL_Exception('Message: Failed to query SQL statement. Reason: :reason', array(':reason' => @mssql_get_last_message()));
}
$this->command = $command;
$this->record = FALSE;
}
private function connection()
{
$this->objCon = @mssql_pconnect($this->mssqlLibHost, $this->mssqlLibUser, $this->mssqlLibPassword);
if ($this->objCon == false) {
throw new SqlException("Connection error.\n<!-- SQL Message: " . mssql_get_last_message() . " -->");
}
if (@mssql_select_db($this->mssqlLibDatabase, $this->objCon) == false) {
throw new SqlException("Database error.\n<!-- SQL Message: " . mssql_get_last_message() . " -->");
}
}
/**
* Executes the SQL query.
* @param string SQL statement.
* @return IDibiResultDriver|NULL
* @throws DibiDriverException
*/
public function query($sql)
{
$res = @mssql_query($sql, $this->connection);
// intentionally @
if ($res === FALSE) {
throw new DibiDriverException(mssql_get_last_message(), 0, $sql);
} elseif (is_resource($res)) {
return $this->createResultDriver($res);
}
}
function execute($query)
{
$log =& CLog::CreateInstance();
$log->WriteLine('calendar MSSQL: ' . $query);
$res = mssql_query($query);
if ($res === false) {
die(mssql_get_last_message());
}
return $res;
}
/**
Does the mssql-dependent work of the execute method.
@param $sQuery The query to execute.
@return weeSQLiteResult A result set for SELECT queries.
*/
protected function doQuery($sQuery)
{
// mssql_query triggers a warning when the query could not be executed.
$m = @mssql_query($sQuery, $this->rLink);
$m === false and burn('DatabaseException', sprintf(_WT("Failed to execute the query with the following error:\n%s"), mssql_get_last_message()));
// Get it now since it can be wrong if numAffectedRows is called after getPKId
$this->iNumAffectedRows = mssql_rows_affected($this->rLink);
if ($m !== true) {
return new weeMSSQLResult($m);
}
}
protected function _doExec($query)
{
if (!mssql_select_db($this->profile['database'], $this->_connection)) {
throw new jException('jelix~db.error.database.unknown', $this->profile['database']);
}
if ($qI = mssql_query($query, $this->_connection)) {
return mssql_rows_affected($this->_connection);
} else {
throw new jException('jelix~db.error.query.bad', mssql_get_last_message());
}
}
/**
* Connects to the database.
*
* @param string $host
* @param string $user
* @param string $password
* @param string $database
*
* @return boolean TRUE, if connected, otherwise FALSE
*/
public function connect($host, $user, $password, $database = '')
{
$this->conn = mssql_pconnect($host, $user, $password);
if ($this->conn === false) {
PMF_Db::errorPage(mssql_get_last_message());
die;
}
if ('' !== $database) {
return mssql_select_db($database, $this->conn);
}
return true;
}
public function GetVaultContent()
{
$getLenghts = $this->query("SELECT [length] FROM [syscolumns] WHERE OBJECT_NAME([id]) = 'warehouse' AND [name] = 'Items';");
$getLenghts = mssql_fetch_object($getLenghts);
$this->Varbinary = $getLenghts->length;
$this->LineCounts = $getLenghts->length * 2 / (constant("SYSTEM_DBVERSION") == 1 ? 20 : 32) / 8;
$this->SlotCounts = $getLenghts->length * 2 / (constant("SYSTEM_DBVERSION") == 1 ? 20 : 32);
$SQL_Q = $this->query("SELECT 1 FROM warehouse WHERE Accountid='" . $_SESSION['Login'] . "'");
if (mssql_num_rows($SQL_Q) == 0) {
$this->query("INSERT INTO warehouse (AccountID, Items, Money, EndUseDate, DbVersion, pw) VALUES ('" . $_SESSION['Login'] . "', 0x" . str_pad("", $this->Varbinary * 2, "F") . ", 0, GetDate(), " . constant("SYSTEM_DBVERSION") . ", 0);");
}
$SQL_Q = $this->query("DECLARE @vault varbinary(" . $this->Varbinary . "); SELECT @vault = items FROM warehouse WHERE AccountID='" . $_SESSION['Login'] . "' " . (constant("ENCGAMES_S6") === true ? " AND VaultID = 1" : NULL) . "; PRINT @vault;");
$this->Vault_Content = substr(mssql_get_last_message($SQL_Q), 2);
}
public function _error()
{
switch ($this->type) {
case 'mssql':
return mssql_get_last_message();
break;
case 'sqlsrv':
return sqlsrv_errors();
break;
default:
case 'mysql':
return mysql_error();
break;
}
}
/**
* @throws SQLException
* @return void
*/
protected function initTables()
{
include_once 'creole/drivers/mssql/metadata/MSSQLTableInfo.php';
$dsn = $this->conn->getDSN();
if (!@mssql_select_db($this->dbname, $this->dblink)) {
throw new SQLException('No database selected');
}
$result = mssql_query("SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_TYPE = 'BASE TABLE' AND TABLE_NAME <> 'dtproperties'", $this->dblink);
if (!$result) {
throw new SQLException("Could not list tables", mssql_get_last_message());
}
while ($row = mssql_fetch_row($result)) {
$this->tables[strtoupper($row[0])] = new MSSQLTableInfo($this, $row[0]);
}
}
/**
* Connect to the WSUS server
*/
function dbwsus_connect()
{
global $conf, $wsus_dbuser, $wsus_dbpass;
message("Connect to " . $conf->wsus_dbalias . " " . $conf->wsus_db, 1);
$msconnect = mssql_connect($conf->wsus_dbalias, $wsus_dbuser, $wsus_dbpass);
if (!$msconnect) {
message("Cannot connect to WSUS server " . $conf->wsus_dbalias . ":" . mssql_get_last_message(), 0);
return false;
}
$d = mssql_select_db($conf->wsus_db, $msconnect);
if (!$d) {
message("Couldn't open database " . $conf->wsus_db . " " . mssql_get_last_message(), 0);
return false;
}
return true;
}
/**
* Get set of new courses from Student Information System (Agresso)
*
* @author Andrew Zoltay
* date 2010-04-28
* @global object $CACE_CFG CACE configuration object
* @param link_identifier $agrconn for SIS db
* @return mixed_array MS SQL result resource of courses or -1 for error
*/
function cace_fetch_sis_newcourses($agrconn)
{
global $CACE_CFG;
if ($agrconn) {
// Make call to db - using $CACE_CFG->monthsahead to determine how far into the future to look for new courses.
$query = "EXEC Learn.usp_GetNewCourses @intMonthsBeforeStart = {$CACE_CFG->monthsahead}, @blnIsLatestVersion = 1;";
$result = mssql_query($query, $agrconn);
if (!$result) {
cace_write_to_log("ERROR calling Learn.usp_GetNewCourses: " . mssql_get_last_message());
}
return $result;
} else {
cace_write_to_log("ERROR - Connection creation failed");
return false;
}
}
function dbQuery($query, $show_errors = true, $all_results = true, $show_output = true)
{
if ($show_errors) {
error_reporting(E_ALL);
} else {
error_reporting(E_PARSE);
}
// Connect to the Microsoft SQL Server database management system
$link = mssql_pconnect("192.168.1.125", "sa", "testpass");
if (!$link) {
die(mssql_get_last_message());
}
// Make 'testdb' the current database
$db_selected = mssql_select_db("testdb", $link);
if (!$db_selected) {
die(mssql_get_last_message());
}
// Print results in HTML
print "<html><body>\n";
// Print SQL query to test sqlmap '--string' command line option
//print "<b>SQL query:</b> " . $query . "<br>\n";
// Perform SQL injection affected query
$result = mssql_query($query);
if (!$result) {
if ($show_errors) {
print "<b>SQL error:</b> " . mssql_get_last_message() . "<br>\n";
}
exit(1);
}
if (!$show_output) {
exit(1);
}
print "<b>SQL results:</b>\n";
print "<table border=\"1\">\n";
while ($line = mssql_fetch_array($result, MSSQL_ASSOC)) {
print "<tr>";
foreach ($line as $col_value) {
print "<td>" . $col_value . "</td>";
}
print "</tr>\n";
if (!$all_results) {
break;
}
}
print "</table>\n";
print "</body></html>";
}
