/** * Outputs the error and logs it to a file. * Note that this function effectively halts the execution of our script. * @param int The errorlevel of the error. * @param string The message * @param string The file the error occured in * @param int The line number of the error * @param string The stacktrace as a string */ protected static final function outputError($errorLevel, $errorNotice, $errorFile, $errorLine, $stackTrace) { //logging of the error goes here. This is done using classic SQL queries and manual connecting to the db, //because we dont want to be dependant of the system $errorPage = self::ERRORPAGE; if (defined('ERRORPAGE_CUSTOM')) { $errorPage = constant('ERRORPAGE_CUSTOM'); } if (defined('DATABASE_HOST') && defined('DATABASE_USER') && defined('DATABASE_PASS') && defined('DATABASE_PORT') && defined('DATABASE_NAME')) { $link = @mysqli_connect(DATABASE_HOST, DATABASE_USER, DATABASE_PASS, DATABASE_NAME, DATABASE_PORT); if ($link) { $ip = @mysqli_real_escape_string($link, \System\HTTP\Visitor\IP::getClientIP()); $serverIp = @mysqli_real_escape_string($link, \System\HTTP\Request\Request::getServerAddress()); $query = @mysqli_real_escape_string($link, \System\HTTP\Request\Request::getQuery()); $referer = @mysqli_real_escape_string($link, \System\HTTP\Request\Request::getReferer()); $request = @mysqli_real_escape_string($link, \System\HTTP\Request\Request::getRequest()); $errorNumber = @mysqli_real_escape_string($link, $errorLevel); $errorString = @mysqli_real_escape_string($link, $errorNotice); $escapedError = @mysqli_real_escape_string($link, $errorFile); $errorLine = @mysqli_real_escape_string($link, $errorLine); $escapedTrace = @mysqli_real_escape_string($link, $stackTrace); $post = new \System\HTTP\Request\Post(); $postData = $post->serialize(); $get = new \System\HTTP\Request\Get(); $getData = $get->serialize(); @mysqli_query($link, "INSERT INTO syserror (syserror_code, syserror_string, syserror_file, syserror_line, syserror_timestamp, syserror_server_ip, syserror_ip, syserror_query, syserror_referer, syserror_request, syserror_stacktrace, syserror_post, syserror_get)\n\t VALUES ('{$errorNumber}', '{$errorString}', '{$escapedError}', '{$errorLine}', NOW(), '{$serverIp}', '{$ip}', '{$query}', '{$referer}', '{$request}', '{$escapedTrace}', '{$postData}', '{$getData}')"); @mysqli_close($link); //remove extended notices for cli mode if (\System\Server\SAPI::getSAPI() == \System\Server\SAPI::SAPI_CLI) { $errorPage = '{ERROR}'; } if (!defined('DEBUG')) { $errorPage = str_replace('{ERROR}', "<p><b>Details:</b></p><p>The page you requested could not be found. Please contact the webmaster.</p>", $errorPage); } else { $errorPage = str_ireplace("{ERROR}", "<p><b>Details:</b></p><p><b>Errorcode</b>: " . $errorNumber . " - " . self::translateErrorNumber($errorNumber) . "</p><p><b>Error message</b>: " . $errorNotice . "</p><p><b>Errorneous file</b>: " . $errorFile . "</p><p><b>On line</b>: " . $errorLine . "</p><p><b>Stacktrace</b>:<br />" . nl2br(strip_tags($stackTrace)) . "</p>", $errorPage); } //remove tags for cli mode if (\System\Server\SAPI::getSAPI() == \System\Server\SAPI::SAPI_CLI) { $errorPage = strip_tags(str_ireplace(array('<br />', '<br>', '<br/>', '</p><p>'), PHP_EOL, $errorPage)); } } } //terminate; in debug mode we output potentially harmfull info without escaping! $errorPage = str_replace('{ERROR}', "<p><b>Details:</b></p><p>(ERR: 1001) The page you requested could not be found. Please contact the webmaster.</p>" . (defined('DEBUG') ? '<p>' . $errorNotice . '</p>' : ''), $errorPage); echo $errorPage; }