#false confirmation :)
$_POST = Array_Map('stripslashes', $_POST);
extract($_POST, EXTR_SKIP, 'u');
if (in_array($email, ['*****@*****.**'])) {
block('scanner');
r404();
die;
}
Adds($nom);
Adds($tel);
Adds($email);
Adds($ms);
Adds($k);
#if(ereg("seflow.it",HOST)or(ereg("email@",$email))or
if (Preg_Match("#(\\[url|href)=#i", $message)) {
r404();
}
$ms = "Nom: {$nom} ({$tel}) <br>email : {$email}<br>{$city}<br>{$message}<br><br>--- {$k} {$t}" . IP;
$ms = str_replace('"', '', $ms);
#if(admin)die($ms);
#SQL5("insert into ben.contact(`nom`,`tel`,`email`,`message`,`key`,`date`)values(\"$nom\",\"$tel\",\"$email\",\"$ms\",\"$k\",NOW())");
$as = $de = $email;
/*email renseigné dans form*/
$headers = "MIME-Version: 1.0{$s}Content-type: text/html; charset=iso-8859-1{$s}From:{$as}{$s}Return-Path:{$as}{$s}Reply-To:{$as}{$s}";
$msg = $ms;
$x = wmail($mail, $subject, $msg, $headers);
if (!$x) {
$subject .= ' (try#2 -> bmail)';
$x = Bmail(compact('subject', 'msg', 'mail', 'de', 'as'));
}
if (!$x) {
function sql($sql, $bd = null, $opt = null)
{
if (is_array($opt)) {
extract($opt);
}
$param = 'old';
if (substr($sql, -4) == '#' . $param) {
$sql = str_replace('#' . $param, '', $sql);
${$param} = 1;
}
#usage mysql court
#if(substr_count($sql,"'")%2==1){db('injection : '.substr_count($sql,"'").$sql);return;}
#str_replace("'",'’',$within the quoted space)
static $status, $bdsel, $host, $conn;
if ($status == 'dead') {
return;
}
#connexion dropped
if ($bd == 1 or $opt == 1) {
$close = 1;
unset($p, $nt);
}
if (strpos($sql, '.s3db')) {
Preg_match('~[^ ]+\\.s3db\\.~i', $sql, $m);
$bd = trim($m[0], '.');
$sql = str_replace($m[0], '', $sql);
}
if (strpos($bd, '.s3db')) {
return sqlite($sql, $bd, $close);
}
#if(function_exists('div_sql'))av(div_sql($sql,$bd));#addition ksv1:list($sql,$bd,$a)=div_sql($sql,$bd);#fonction divergentes
if (function_exists('div_sql')) {
list($sql, $bd, $a) = div_sql($sql, $bd);
}
#addition ksv1:list($sql,$bd,$a)=div_sql($sql,$bd);#fonction divergentes
if (!$bd && strpos($sql, ' ciel.')) {
$bd = 'ciel';
} elseif (!$bd && strpos($sql, ' p.')) {
$bd = 'p';
} elseif (!$bd && strpos($sql, ' ben.')) {
$bd = 'ben';
}
ReM($bd, array($_ENV['defaultdb'], $_GET['defaultdb'], DB, 'localhost'));
#av($sql,$bd);
if (!$a) {
$a = $_ENV['c']['sql'][$bd];
}
#si non fournie par div_sql()
if (!$a) {
db("5.sqldb not defined : {$bd} {$sql}");
return;
}
#if(J9){echo'<pre>';print_r([$sql,$sa,$bd,SIP,$a,'dfdeb'=>$_ENV['defaultdb'],'getdef'=>$_GET['defaultdb'],'db'=>DB]);die;}#,ben,aws
#$bd=ben,SIP=aws
if (preg_match("~(/\\*|--|\\(\\{) '|\\x(00|1a)|;(drop|select|delete|update)|'? union select~i", $sql, $m)) {
av('injection match', $m);
FPC(ERLOGS, "\nsql injection:{$sql}", 4);
return;
}
#injection tester - never add those
$Stamp = substr($sql, 4, 15) . " " . substr($sql, -7);
if (GT($Stamp) > 10000 and Preg_Match("~update |insert ~i", $sql)) {
FAP(LOGS . "sql.decalees", $sql);
return;
}
#check for these ones with a cron
if (!e(',sqlon', 1)) {
$bdsel = '';
}
#could have been killed .....
if ($bd != $bdsel) {
GT("sqlon" . $bd);
$bdsel = $bd;
#on recrée la connexion
$_ENV['dbe'][] = $sql;
if ($a[0] == '94.23.226.97') {
return;
}
#server offline - returns null - Db(NU.'->'.$sql,'prio');
Rem($sa, SIP, $_ENV['server']);
if (SIP == $a[0]) {
$a[0] = '127.0.0.1';
}
#si l'on tente de connecter à une ip définie et que c'est le localhost en réalité =
#Si seulement, au final, on a changé de host
if ($host != $a[0]) {
$host = $a[0];
$GLOBALS['mysqlconnection'] = $_ENV['sqlconn'] = $conn = mysqli_connect($a[0], $a[1], $a[2]);
if ($n = mysqli_connect_error() || !$conn) {
File_put_contents(ini_get('error_log'), "\n" . SU . " > {$bd}/{$sql}; pas de connexion sql : " . $n . "-" . str_replace("\n", '', print_r($a, 1)), FILE_APPEND);
Db(SU . " > {$bd}/{$sql}; pas de connexion sql : " . $n . "\n" . print_r($a, 1));
return;
}
$n = mysqli_error($conn);
}
if ($n) {
Db('sqlerror ' . $sql . ' ' . $n);
}
#if(j10)fb("connect:$a[0],$a[1],$a[2]");
if (!$conn) {
DB("!sqlcon:{$a['0']},{$a['1']},{$a['2']}");
}
if (!$conn || $n && !stripos('uplicate', $n)) {
av("nc:bd:{$bd}/{$sql}; {$n}");
rcache();
$host = $bdsel = 'dead';
Db(SU . " 503>nc:bd:{$bd}/{$sql}; {$n} ");
R503("nc:{$bd}/{$sql}; {$n} " . pre($a));
return;
}
mysqli_select_db($conn, $bd);
e(",sqlon:{$bd}");
}
#e(','.$sql);;
$_ENV['sql'][] = $sql;
#bug:possible bug if semicolon within some field..
if (substr_count($sql, '¤') > 0 && $safe) {
$x = mysqli_multi_query($conn, str_replace('¤', ';', $sql));
} elseif (substr_count($sql, '¤') > 0) {
db('unsafe injection : ¤');
r404('¤');
} else {
$x = mysqli_query($conn, $sql);
}
$_ENV['sqlquery'] = $x;
$_GET['nSQL']++;
$n = mysqli_error($conn);
#todo:add pdo, mysqli, mysqlnd
if ($n) {
$_ENV['errors'][] = $n;
if (j10) {
FB($_ENV['args']);
}
if (Preg_match("~server has gone away|access denied~i", $n)) {
rcache();
$status = 'dead';
R503($n);
return;
return sql($sql, $bd);
} elseif ($n and !strpos($n, "uplicate entry")) {
db("{$sql}; {$n} {$_SERVER['SCRIPT_FILENAME']} " . SU);
} elseif ($n) {
$_ENV['error'] .= "sqlfail:{$_SERVER['SCRIPT_FILENAME']} : {$sql} {$n}";
db($_ENV['error'], null, 'sql');
return;
}
#une erreur mais ...
}
if (Preg_match("~(update|delete) ~i", $sql)) {
$x = Mysqli_affected_rows($conn);
}
if (Preg_match("~insert ~i", $sql)) {
$x = Mysqli_insert_id($conn);
}
#ahah on nettoye les congestions
$Temps = GT('sql:' . $_GET['nSQL'] . ':' . $sql);
//Récupère la valeur du chrono
if ($Temps > 4000 and !preg_match("~OPTIMIZE|CSF|ALTER~i", $sql) && 0) {
#stopped
$x2 = mysql_query("SHOW PROCESSLIST");
while ($t = @mysqli_fetch_assoc($x2)) {
$killed[] = $t;
if ($t["Time"] > 30) {
mysql_query("kill {$t['Id']}");
$Temps .= "+kill {$t['Id']}";
db("kill {$Temps} >{$sql} via {$_SERVER['SCRIPT_FILENAME']}" . SU);
}
}
if ($killed) {
Bmail('sql killed', pre($killed));
}
}
#if(!Preg_match("~select ~i",$sql))av($sql."<li>".$x);
return $x;
#mysqli_free_result($x);//else echo mysql_error().$SQL;
}
