function Controller() { # create database object if (!is_object($this->db)) { include_once SP_LIBPATH . "/database.class.php"; $dbObj = new Database(DB_ENGINE); $this->db = $dbObj->dbConnect(); $this->db->query("show tables", true); if ($this->db->noRows <= 0) { showErrorMsg("<p>The database tables could not be found.</p><p><a href=\"install/index.php\">Click here to install Seo Panel.</a></p>"); } } $this->view = new View(); $this->session = new Session(); $this->validate = new Validation(); $this->spider = new Spider(); $this->paging = new Paging(); # to define all system variables $this->defineAllSystemSettings(); # to define all system variables $force = false; if (!empty($_GET['lang_code'])) { $this->assignLangCode(trim($_GET['lang_code'])); $_GET['lang_code'] = ''; $force = true; } # func to assign texts to session $_SESSION['lang_code'] = empty($_SESSION['lang_code']) ? SP_DEFAULTLANG : $_SESSION['lang_code']; $this->assignTextsToSession($_SESSION['lang_code'], $force); }
function checkDBConn($force = false) { if ($force || !is_object($this->db)) { $dbObj = new Database(DB_ENGINE); $this->db = $dbObj->dbConnect(); } }
public static function connect($dbsortName = 'default') { global $db; if (self::$hasConnected == 'no') { if (!is_array($db[$dbsortName])) { return false; } self::$dbinfo = $db[$dbsortName]; self::$dbType = $db[$dbsortName]['dbtype']; switch ($db[$dbsortName]['dbtype']) { case "mysqli": $conn = new mysqli($db[$dbsortName]['dbhost'], $db[$dbsortName]['dbuser'], $db[$dbsortName]['dbpassword'], $db[$dbsortName]['dbname'], $db[$dbsortName]['dbport']); // if (!$conn) Alert::make('Cant connect to your database.'); self::$dbConnect = $conn; self::$hasConnected = 'yes'; self::$dbName = $db[$dbsortName]['dbname']; if (isset($conn->connect_error[5])) { Log::error('Can not connect to your database. You must to edit file config.php now!'); } return $conn; break; case "sqlserver": $conn = DatabaseSqlserver::connect(); self::$error = DatabaseSqlserver::$error; self::$dbConnect = $conn; self::$hasConnected = 'yes'; return $conn; break; case "mssql": $conn = DatabaseMSSQL::connect(); // self::$error = DatabaseMSSQL::$error; self::$dbConnect = $conn; self::$hasConnected = 'yes'; return $conn; break; case "pdo": $conn = DatabasePDO::connect(); self::$dbConnect = $conn; self::$hasConnected = 'yes'; return $conn; break; // case "mysql": // // $conn = mysql_connect($db['dbhost'], $db['dbuser'], $db['dbpassword']); // // mysql_select_db($db['dbname']); // // self::$dbConnect = $conn; // // self::$hasConnected = 'yes'; // // break; } } }
error_reporting(0); } # system settings define('SP_CONFPATH', SP_ABSPATH . "/config"); define('SP_CTRLPATH', SP_ABSPATH . "/controllers"); define('SP_INCPATH', SP_ABSPATH . "/includes"); define('SP_LIBPATH', SP_ABSPATH . "/libs"); define('SP_TMPPATH', SP_ABSPATH . "/tmp"); define('SP_PLUGINPATH', SP_ABSPATH . "/plugins"); define('SP_THEMEPATH', SP_ABSPATH . "/themes"); define('SP_DATAPATH', SP_ABSPATH . "/install/data"); define('SP_JSPATH', SP_WEBPATH . "/js"); #create database object include_once SP_LIBPATH . "/database.class.php"; $dbObj = new Database(DB_ENGINE); $dbConn = $dbObj->dbConnect(); # web settings $sql = "select * from themes where status=1 order by id"; $themeInfo = $dbConn->select($sql, true); $themeLocation = empty($themeInfo['folder']) ? "themes/classic" : "themes/" . $themeInfo['folder']; define('SP_VIEWPATH', SP_ABSPATH . "/{$themeLocation}/views"); define('SP_CSSPATH', SP_WEBPATH . "/{$themeLocation}/css"); define('SP_IMGPATH', SP_WEBPATH . "/{$themeLocation}/images"); # to prevent sql injection if (!empty($_SERVER['REQUEST_METHOD']) && SP_PREVENT_SQL_INJECTION) { # merge all post and get elements foreach (array_merge($_GET, $_POST) as $name => $value) { # if not a numeric parameter if (is_string($value) && !empty($value) && !is_numeric($value)) { # Search for patterns in the value of the parameter that indicate an SQL injection $pattern = '/(and|or)[\\s\\(\\)\\/\\*]+(update|delete|select)\\W|(select|update).+\\.(password|email)|(select|update|delete).+users/im';