/** * Connects to mysql server */ function sql_connect() { global $MYSQL_HOST, $MYSQL_USER, $MYSQL_PASSWORD, $MYSQL_DATABASE, $MYSQL_CONN; $MYSQL_CONN = @mysql_connect($MYSQL_HOST, $MYSQL_USER, $MYSQL_PASSWORD) or startUpError('<p>Could not connect to MySQL database.</p>', 'Connect Error'); mysql_select_db($MYSQL_DATABASE) or startUpError('<p>Could not select database: ' . mysql_error() . '</p>', 'Connect Error'); // <add for garble measure> if (defined(_CHARSET)) { $charset = _CHARSET; } else { $resource = sql_query("show variables LIKE 'character_set_database'"); $fetchDat = sql_fetch_assoc($resource); $charset = $fetchDat['Value']; // in trouble of encoding,uncomment the following line. // $charset = "ujis"; // $charset = "utf8"; } sql_set_charset_jp($charset); // </add for garble measure>*/ return $MYSQL_CONN; }
* of the License, or (at your option) any later version. * (see nucleus/documentation/index.html#license for more info) */ /** * @license http://nucleuscms.org/license.txt GNU General Public License * @copyright Copyright (C) 2002-2011 The Nucleus Group * @version $Id: mysql.php 1131 2011-02-01 06:19:31Z sakamocchi $ * @version $NucleusJP: mysql.php,v 1.2 2006/07/20 08:01:52 kimitake Exp $ */ /* * if no mysql_* functions exist, define wrappers */ $MYSQL_CONN = 0; if (!function_exists('mysql_query')) { if (!function_exists('mysqli_query') && function_exists('startUpError')) { startUpError(_NO_SUITABLE_MYSQL_LIBRARY); } function mysql_query($query) { global $MYSQL_CONN; return mysqli_query($MYSQL_CONN, $query); } function mysql_fetch_object($res) { return mysqli_fetch_object($res); } function mysql_fetch_array($res) { return mysqli_fetch_array($res); } function mysql_fetch_assoc($res)
function encoding_check($val, $key, $encoding = false, $exclude = false) { /* When 3rd argument is set, return if checked already. When 4th argument is set, set the excluded key(s). */ static $search = false, $checked = array(), $excludes = array(); if ($exclude !== false) { if (is_array($exclude)) { foreach ($exclude as $v) { $excludes[$v] = true; } } else { $excludes[$exclude] = true; } return; } if ($encoding !== false) { switch ($encoding = strtolower($encoding)) { case 'utf-8': $search = '/([\\x00-\\x7F]+' . '|[\\xC2-\\xDF][\\x80-\\xBF]' . '|[\\xE0-\\xEF][\\x80-\\xBF][\\x80-\\xBF]' . '|[\\xF0-\\xF7][\\x80-\\xBF][\\x80-\\xBF][\\x80-\\xBF]' . '|[\\xF8-\\xFB][\\x80-\\xBF][\\x80-\\xBF][\\x80-\\xBF][\\x80-\\xBF]' . '|[\\xFC-\\xFD][\\x80-\\xBF][\\x80-\\xBF][\\x80-\\xBF][\\x80-\\xBF][\\x80-\\xBF])/'; break; case 'euc-jp': $search = '/([\\x00-\\x7F]+' . '|[\\x8E][\\xA0-\\xDF]' . '|[\\x8F]?[\\xA1-\\xFE][\\xA1-\\xFE])/'; break; case 'gb2312': $search = '/([\\x00-\\x7F]+' . '|[\\xA1-\\xF7][\\xA1-\\xFE])/'; break; case 'shift_jis': // Note that shift_jis is only supported for output. // Using shift_jis in DB is prohibited. $search = '/([\\x00-\\x7F\\xA1-\\xDF]+' . '|[\\x81-\\x9F\\xE0-\\xFC][\\x40-\\xFC])/'; break; default: $search = false; if (preg_match('/^iso\\-8859\\-[0-9]{1,2}$/', $encoding)) { break; } if (preg_match('/^windows\\-125[0-8]$/', $encoding)) { break; } startUpError('<p>Unknown or non-supported encoding.</p>', 'Encoding Error'); exit; } if (isset($checked[$encoding])) { return true; } // Already checked. $checked[$encoding] = true; } if ($key === false) { return false; } // Not yet checked. if ($search === false) { return true; } // non-multibyte encoding if (isset($excludes[$key])) { return true; } // This key isn't checked. if (is_array($val)) { array_walk($val, 'encoding_check'); } else { $result = preg_replace($search, '', $val); if (strlen($result) != 0) { startUpError('<p>Invalid input.</p>', 'Input Error'); exit; } } $result = preg_replace($search, '', $key); if (strlen($result) != 0) { startUpError('<p>Invalid input.</p>', 'Input Error'); exit; } return true; }
// include the admin code require_once '../config.php'; if ($CONF['alertOnSecurityRisk'] == 1) { // check if files exist and generate an error if so $aFiles = array('../install' => _ERRORS_INSTALLDIR, 'upgrades' => _ERRORS_UPGRADESDIR, 'convert' => _ERRORS_CONVERTDIR); $aFound = array(); foreach ($aFiles as $fileName => $fileDesc) { if (@file_exists($fileName)) { array_push($aFound, $fileDesc); } } if (@is_writable('../config.php')) { array_push($aFound, _ERRORS_CONFIGPHP); } if (sizeof($aFound) > 0) { startUpError(_ERRORS_STARTUPERROR1 . implode($aFound, '</li><li>') . _ERRORS_STARTUPERROR2, _ERRORS_STARTUPERROR3); } } $bNeedsLogin = false; $bIsActivation = in_array($action, array('activate', 'activatesetpwd')); if ($action == 'logout') { $bNeedsLogin = true; } if (!$member->isLoggedIn() && !$bIsActivation) { $bNeedsLogin = true; } // show error if member cannot login to admin if ($member->isLoggedIn() && !$member->canLogin() && !$bIsActivation) { $error = _ERROR_LOGINDISALLOWED; $bNeedsLogin = true; }
/** * executes an SQL db select */ function sql_select_db($db, &$dbh = NULL) { global $MYSQL_HOST, $MYSQL_USER, $MYSQL_PASSWORD, $MYSQL_DATABASE, $MYSQL_CONN, $MYSQL_HANDLER, $SQL_DBH; //echo '<hr />'.print_r($dbh,true).'<hr />'; //exit; if (is_null($dbh)) { try { $SQL_DBH = NULL; list($host, $port) = explode(":", $MYSQL_HOST); if (isset($port)) { $portnum = $port; $port = ';port=' . trim($port); } else { $port = ''; $portnum = ''; } //$SQL_DBH = new PDO($MYSQL_HANDLER[1].':host='.trim($host).$port.';dbname='.$db, $MYSQL_USER, $MYSQL_PASSWORD); //$SQL_DBH = sql_connect(); switch ($MYSQL_HANDLER[1]) { case 'sybase': case 'dblib': if (is_numeric($portnum)) { $port = ':' . intval($portnum); } else { $port = ''; } $SQL_DBH = new PDO($MYSQL_HANDLER[1] . ':host=' . $host . $port . ';dbname=' . $db, $MYSQL_USER, $MYSQL_PASSWORD); break; case 'mssql': if (is_numeric($portnum)) { $port = ',' . intval($portnum); } else { $port = ''; } $SQL_DBH = new PDO($MYSQL_HANDLER[1] . ':host=' . $host . $port . ';dbname=' . $db, $MYSQL_USER, $MYSQL_PASSWORD); break; case 'oci': if (is_numeric($portnum)) { $port = ':' . intval($portnum); } else { $port = ''; } $SQL_DBH = new PDO($MYSQL_HANDLER[1] . ':dbname=//' . $host . $port . '/' . $db, $MYSQL_USER, $MYSQL_PASSWORD); break; case 'odbc': if (is_numeric($portnum)) { $port = ';PORT=' . intval($portnum); } else { $port = ''; } $SQL_DBH = new PDO($MYSQL_HANDLER[1] . ':DRIVER={IBM DB2 ODBC DRIVER};HOSTNAME=' . $host . $port . ';DATABASE=' . $db . ';PROTOCOL=TCPIP;UID=' . $MYSQL_USER . ';PWD=' . $MYSQL_PASSWORD); break; case 'pgsql': if (is_numeric($portnum)) { $port = ';port=' . intval($portnum); } else { $port = ''; } $SQL_DBH = new PDO($MYSQL_HANDLER[1] . ':host=' . $host . $port . ';dbname=' . $db, $MYSQL_USER, $MYSQL_PASSWORD); break; case 'sqlite': case 'sqlite2': if (is_numeric($portnum)) { $port = ':' . intval($portnum); } else { $port = ''; } $SQL_DBH = new PDO($MYSQL_HANDLER[1] . ':' . $db, $MYSQL_USER, $MYSQL_PASSWORD); break; default: //mysql $SQL_DBH = new PDO($MYSQL_HANDLER[1] . ':host=' . $host . $port . ';dbname=' . $db, $MYSQL_USER, $MYSQL_PASSWORD); break; } return 1; } catch (PDOException $e) { startUpError('<p>a3 Error!: ' . $e->getMessage() . '</p>', 'Connect Error'); return 0; } } else { if ($dbh->exec("USE {$db}") !== false) { return 1; } else { return 0; } } }