public static function install($data, &$fail, &$errno, &$error) { if (!$fail && (isset($data['action']) && $data['action'] == 'update' || isset($data['DB']['db_user_override_operator']) && $data['DB']['db_user_override_operator'] === 'override')) { $oldName = $data['DB']['db_name']; $data['DB']['db_name'] = null; $sql = "DROP USER '{$data['DB']['db_user_operator']}'@'%';"; $sql2 = "DROP USER '{$data['DB']['db_user_operator']}'@'localhost';"; $result = DBRequest::request2($sql, false, $data); $result = DBRequest::request2($sql2, false, $data); /*if ($result["errno"] !== 0){ $fail = true; $errno = $result["errno"];$error = isset($result["error"]) ? $result["error"] : ''; }*/ $data['DB']['db_name'] = $oldName; } $userExists = false; if (!$fail) { $oldName = $data['DB']['db_name']; $data['DB']['db_name'] = null; $sql = "SELECT count(1) as 'exists' FROM mysql.user WHERE user = '******'DB']['db_user_operator']}';"; $result = DBRequest::request($sql, false, $data); if ($result["errno"] !== 0 || !isset($result["content"])) { $fail = true; $errno = $result["errno"]; $error = isset($result["error"]) ? $result["error"] : ''; } else { $result = DBJson::getRows($result['content']); if (count($result) > 0 && isset($result[0]['exists']) && $result[0]['exists'] > 0) { $userExists = true; } } $data['DB']['db_name'] = $oldName; } if (!$fail && !$userExists) { $oldName = $data['DB']['db_name']; $data['DB']['db_name'] = null; $sql = "GRANT CREATE VIEW,EXECUTE,ALTER ROUTINE,CREATE ROUTINE,SHOW VIEW,CREATE TEMPORARY TABLES,INDEX,ALTER,SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,TRIGGER " . "ON `{$oldName}`.* " . "TO '{$data['DB']['db_user_operator']}'@'%' " . "IDENTIFIED BY '{$data['DB']['db_passwd_operator']}';"; $sql .= "GRANT CREATE VIEW,EXECUTE,ALTER ROUTINE,CREATE ROUTINE,SHOW VIEW,CREATE TEMPORARY TABLES,INDEX,ALTER,SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,TRIGGER " . "ON `{$oldName}`.* " . "TO '{$data['DB']['db_user_operator']}'@'localhost' " . "IDENTIFIED BY '{$data['DB']['db_passwd_operator']}';"; $result = DBRequest::request2($sql, false, $data); if ($result[0]["errno"] !== 0 && (count($result) < 2 || $result[1]["errno"] !== 0)) { $fail = true; $errno = $result[0]["errno"]; $error = isset($result[0]["error"]) ? $result[0]["error"] : ''; } $data['DB']['db_name'] = $oldName; } elseif ($userExists) { $fail = true; $errno = 0; $error = 'user already exists'; } return null; }
/** * performs a database query * * @param string $sql_statement the sql statement you want to send * * @return assoc array with multiple query result informations (String[]) * - ['content'] = the content/table you received from database * - ['affectedRows'] = the affected rows * - ['insertId'] = on post/insert with auto-increment, the id of the inserted entry * - ['errno'] = the error number * - ['error'] = the error message * - ['numRows'] = on get, the received number of rows * - you have to check for yourself, that the records exist, with isset() */ public static function request($sqlStatement, $checkSession, $config = null, $useDbOperator = false) { if ($config === null) { // loads the mysql server config from file $config = parse_ini_file('config.ini', TRUE); } //ini_set('mysql.connect_timeout','60'); // creates a new connection to database if (!isset($config['ZV']['zv_type']) || isset($config['ZV']['zv_type']) && $config['ZV']['zv_type'] == 'local') { $path = strpos($config['PL']['urlExtern'], $config['DB']['db_path']) === false ? $config['DB']['db_path'] : 'localhost'; } else { $path = $config['DB']['db_path']; } $dbconn = @mysql_connect($path, $config['DB']['db_user'], $config['DB']['db_passwd'], false, MYSQL_CLIENT_COMPRESS); if (!$dbconn) { $query_result['errno'] = mysql_errno(); $query_result['error'] = mysql_error(); return $query_result; } // use UTF8 mysql_query("SET NAMES 'utf8'"); // selects the database if ($config['DB']['db_name'] !== null) { mysql_select_db($config['DB']['db_name']); } // check session ///if (error_reporting() & E_NOTICE) $checkSession = false; // remove the comment this line to disable the session examination // Storing whether or not a session condition is not satisfied $sessionFail = false; if ($checkSession === true) { Logger::Log('starts session validation', LogLevel::DEBUG); if (isset($_SERVER['HTTP_SESSION']) && isset($_SERVER['HTTP_USER']) && isset($_SERVER['HTTP_DATE']) && ctype_digit($_SERVER['HTTP_USER']) && (int) $_SERVER['REQUEST_TIME'] <= (int) $_SERVER['HTTP_DATE'] + 10 * 60) { $content = mysql_query('select SE_sessionID from Session where U_id = ' . $_SERVER['HTTP_USER'], $dbconn); // evaluates the session $errno = mysql_errno(); if ($errno == 0 && gettype($content) != 'boolean') { $data = DBJson::getRows($content); if ($data != null && $data[0]['SE_sessionID'] == $_SERVER['HTTP_SESSION']) { $sessionFail = false; $query_result['error'] = 'access denied V'; } else { $sessionFail = true; $query_result['error'] = 'access denied IV'; } } else { $sessionFail = true; $query_result['error'] = 'access denied III'; } } else { $sessionFail = true; $query_result['error'] = "access denied II"; } } // if a condition is not met, the request is invalid if ($sessionFail == true) { $query_result['content'] = ''; $query_result['errno'] = 401; if (!isset($query_result['error'])) { $query_result['error'] = 'unknown access denied'; } $query_result['numRows'] = 0; mysql_close($dbconn); $dbconn = null; return $query_result; } // performs the request $query_result['content'] = mysql_query($sqlStatement, $dbconn); // evaluates the request $query_result['affectedRows'] = mysql_affected_rows(); $query_result['insertId'] = mysql_insert_id(); $query_result['errno'] = mysql_errno(); $query_result['error'] = mysql_error(); if (gettype($query_result['content']) != 'boolean') { $query_result['numRows'] = mysql_num_rows($query_result['content']); } // closes the connection and returns the result mysql_close($dbconn); $dbconn = null; return $query_result; }
public function getTableReferences() { Logger::Log('starts GET GetTableReferences', LogLevel::DEBUG); if (!file_exists(dirname(__FILE__) . '/config.ini')) { $this->_app->response->setStatus(409); $this->_app->stop(); } $conf = parse_ini_file(dirname(__FILE__) . '/config.ini', TRUE); // starts a query ob_start(); eval("?>" . file_get_contents(dirname(__FILE__) . '/Sql/GetTableReferences.sql')); $sql = ob_get_contents(); ob_end_clean(); $result = DBRequest::request($sql, false, $conf); // checks the correctness of the query if ((!isset($result['errno']) || !$result['errno']) && $result['content']) { $data = DBJson::getRows($result['content']); $res = array(); foreach ($data as $dat) { if (!isset($res)) { $res[$dat['table_name']] = array(); } $res[$dat['table_name']][] = $dat['referenced_table_name']; } $this->_app->response->setStatus(200); $this->_app->response->setBody(json_encode($res)); } else { Logger::Log('GET GetTableReferences failed', LogLevel::ERROR); $this->_app->response->setStatus(409); $this->_app->response->setBody(''); $this->_app->stop(); } }