vamp-website: forum/Sources/Subs-Db-mysql.php annotate

annotate forum/Sources/Subs-Db-mysql.php @ 85:6d7b61434be7 website

Add a copy of this here, just in case!

author	Chris Cannam
date	Mon, 20 Jan 2014 11:02:36 +0000
parents	e3e11437ecea
children

rev	line source
Chris@76	1 <?php
Chris@76	2
Chris@76	3 /**
Chris@76	4 * Simple Machines Forum (SMF)
Chris@76	5 *
Chris@76	6 * @package SMF
Chris@76	7 * @author Simple Machines http://www.simplemachines.org
Chris@76	8 * @copyright 2011 Simple Machines
Chris@76	9 * @license http://www.simplemachines.org/about/smf/license.php BSD
Chris@76	10 *
Chris@76	11 * @version 2.0.4
Chris@76	12 */
Chris@76	13
Chris@76	14 if (!defined('SMF'))
Chris@76	15 die('Hacking attempt...');
Chris@76	16
Chris@76	17 /* This file has all the main functions in it that relate to the database.
Chris@76	18
Chris@76	19 smf_db_initiate() maps the implementations in this file (smf_db_function_name)
Chris@76	20 to the $smcFunc['db_function_name'] variable.
Chris@76	21
Chris@76	22 */
Chris@76	23
Chris@76	24 // Initialize the database settings
Chris@76	25 function smf_db_initiate($db_server, $db_name, $db_user, $db_passwd, $db_prefix, $db_options = array())
Chris@76	26 {
Chris@76	27 global $smcFunc, $mysql_set_mode;
Chris@76	28
Chris@76	29 // Map some database specific functions, only do this once.
Chris@76	30 if (!isset($smcFunc['db_fetch_assoc']) \|\| $smcFunc['db_fetch_assoc'] != 'mysql_fetch_assoc')
Chris@76	31 $smcFunc += array(
Chris@76	32 'db_query' => 'smf_db_query',
Chris@76	33 'db_quote' => 'smf_db_quote',
Chris@76	34 'db_fetch_assoc' => 'mysql_fetch_assoc',
Chris@76	35 'db_fetch_row' => 'mysql_fetch_row',
Chris@76	36 'db_free_result' => 'mysql_free_result',
Chris@76	37 'db_insert' => 'smf_db_insert',
Chris@76	38 'db_insert_id' => 'smf_db_insert_id',
Chris@76	39 'db_num_rows' => 'mysql_num_rows',
Chris@76	40 'db_data_seek' => 'mysql_data_seek',
Chris@76	41 'db_num_fields' => 'mysql_num_fields',
Chris@76	42 'db_escape_string' => 'addslashes',
Chris@76	43 'db_unescape_string' => 'stripslashes',
Chris@76	44 'db_server_info' => 'mysql_get_server_info',
Chris@76	45 'db_affected_rows' => 'smf_db_affected_rows',
Chris@76	46 'db_transaction' => 'smf_db_transaction',
Chris@76	47 'db_error' => 'mysql_error',
Chris@76	48 'db_select_db' => 'mysql_select_db',
Chris@76	49 'db_title' => 'MySQL',
Chris@76	50 'db_sybase' => false,
Chris@76	51 'db_case_sensitive' => false,
Chris@76	52 'db_escape_wildcard_string' => 'smf_db_escape_wildcard_string',
Chris@76	53 );
Chris@76	54
Chris@76	55 if (!empty($db_options['persist']))
Chris@76	56 $connection = @mysql_pconnect($db_server, $db_user, $db_passwd);
Chris@76	57 else
Chris@76	58 $connection = @mysql_connect($db_server, $db_user, $db_passwd);
Chris@76	59
Chris@76	60 // Something's wrong, show an error if its fatal (which we assume it is)
Chris@76	61 if (!$connection)
Chris@76	62 {
Chris@76	63 if (!empty($db_options['non_fatal']))
Chris@76	64 return null;
Chris@76	65 else
Chris@76	66 db_fatal_error();
Chris@76	67 }
Chris@76	68
Chris@76	69 // Select the database, unless told not to
Chris@76	70 if (empty($db_options['dont_select_db']) && !@mysql_select_db($db_name, $connection) && empty($db_options['non_fatal']))
Chris@76	71 db_fatal_error();
Chris@76	72
Chris@76	73 // This makes it possible to have SMF automatically change the sql_mode and autocommit if needed.
Chris@76	74 if (isset($mysql_set_mode) && $mysql_set_mode === true)
Chris@76	75 $smcFunc['db_query']('', 'SET sql_mode = \'\', AUTOCOMMIT = 1',
Chris@76	76 array(),
Chris@76	77 false
Chris@76	78 );
Chris@76	79
Chris@76	80 return $connection;
Chris@76	81 }
Chris@76	82
Chris@76	83 // Extend the database functionality.
Chris@76	84 function db_extend($type = 'extra')
Chris@76	85 {
Chris@76	86 global $sourcedir, $db_type;
Chris@76	87
Chris@76	88 require_once($sourcedir . '/Db' . strtoupper($type[0]) . substr($type, 1) . '-' . $db_type . '.php');
Chris@76	89 $initFunc = 'db_' . $type . '_init';
Chris@76	90 $initFunc();
Chris@76	91 }
Chris@76	92
Chris@76	93 // Fix up the prefix so it doesn't require the database to be selected.
Chris@76	94 function db_fix_prefix(&$db_prefix, $db_name)
Chris@76	95 {
Chris@76	96 $db_prefix = is_numeric(substr($db_prefix, 0, 1)) ? $db_name . '.' . $db_prefix : '`' . $db_name . '`.' . $db_prefix;
Chris@76	97 }
Chris@76	98
Chris@76	99 function smf_db_replacement__callback($matches)
Chris@76	100 {
Chris@76	101 global $db_callback, $user_info, $db_prefix;
Chris@76	102
Chris@76	103 list ($values, $connection) = $db_callback;
Chris@76	104
Chris@76	105 if (!is_resource($connection))
Chris@76	106 db_fatal_error();
Chris@76	107
Chris@76	108 if ($matches[1] === 'db_prefix')
Chris@76	109 return $db_prefix;
Chris@76	110
Chris@76	111 if ($matches[1] === 'query_see_board')
Chris@76	112 return $user_info['query_see_board'];
Chris@76	113
Chris@76	114 if ($matches[1] === 'query_wanna_see_board')
Chris@76	115 return $user_info['query_wanna_see_board'];
Chris@76	116
Chris@76	117 if (!isset($matches[2]))
Chris@76	118 smf_db_error_backtrace('Invalid value inserted or no type specified.', '', E_USER_ERROR, __FILE__, __LINE__);
Chris@76	119
Chris@76	120 if (!isset($values[$matches[2]]))
Chris@76	121 smf_db_error_backtrace('The database value you\'re trying to insert does not exist: ' . htmlspecialchars($matches[2]), '', E_USER_ERROR, __FILE__, __LINE__);
Chris@76	122
Chris@76	123 $replacement = $values[$matches[2]];
Chris@76	124
Chris@76	125 switch ($matches[1])
Chris@76	126 {
Chris@76	127 case 'int':
Chris@76	128 if (!is_numeric($replacement) \|\| (string) $replacement !== (string) (int) $replacement)
Chris@76	129 smf_db_error_backtrace('Wrong value type sent to the database. Integer expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
Chris@76	130 return (string) (int) $replacement;
Chris@76	131 break;
Chris@76	132
Chris@76	133 case 'string':
Chris@76	134 case 'text':
Chris@76	135 return sprintf('\'%1$s\'', mysql_real_escape_string($replacement, $connection));
Chris@76	136 break;
Chris@76	137
Chris@76	138 case 'array_int':
Chris@76	139 if (is_array($replacement))
Chris@76	140 {
Chris@76	141 if (empty($replacement))
Chris@76	142 smf_db_error_backtrace('Database error, given array of integer values is empty. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
Chris@76	143
Chris@76	144 foreach ($replacement as $key => $value)
Chris@76	145 {
Chris@76	146 if (!is_numeric($value) \|\| (string) $value !== (string) (int) $value)
Chris@76	147 smf_db_error_backtrace('Wrong value type sent to the database. Array of integers expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
Chris@76	148
Chris@76	149 $replacement[$key] = (string) (int) $value;
Chris@76	150 }
Chris@76	151
Chris@76	152 return implode(', ', $replacement);
Chris@76	153 }
Chris@76	154 else
Chris@76	155 smf_db_error_backtrace('Wrong value type sent to the database. Array of integers expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
Chris@76	156
Chris@76	157 break;
Chris@76	158
Chris@76	159 case 'array_string':
Chris@76	160 if (is_array($replacement))
Chris@76	161 {
Chris@76	162 if (empty($replacement))
Chris@76	163 smf_db_error_backtrace('Database error, given array of string values is empty. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
Chris@76	164
Chris@76	165 foreach ($replacement as $key => $value)
Chris@76	166 $replacement[$key] = sprintf('\'%1$s\'', mysql_real_escape_string($value, $connection));
Chris@76	167
Chris@76	168 return implode(', ', $replacement);
Chris@76	169 }
Chris@76	170 else
Chris@76	171 smf_db_error_backtrace('Wrong value type sent to the database. Array of strings expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
Chris@76	172 break;
Chris@76	173
Chris@76	174 case 'date':
Chris@76	175 if (preg_match('~^(\d{4})-([0-1]?\d)-([0-3]?\d)$~', $replacement, $date_matches) === 1)
Chris@76	176 return sprintf('\'%04d-%02d-%02d\'', $date_matches[1], $date_matches[2], $date_matches[3]);
Chris@76	177 else
Chris@76	178 smf_db_error_backtrace('Wrong value type sent to the database. Date expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
Chris@76	179 break;
Chris@76	180
Chris@76	181 case 'float':
Chris@76	182 if (!is_numeric($replacement))
Chris@76	183 smf_db_error_backtrace('Wrong value type sent to the database. Floating point number expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
Chris@76	184 return (string) (float) $replacement;
Chris@76	185 break;
Chris@76	186
Chris@76	187 case 'identifier':
Chris@76	188 // Backticks inside identifiers are supported as of MySQL 4.1. We don't need them for SMF.
Chris@76	189 return '`' . strtr($replacement, array('`' => '', '.' => '')) . '`';
Chris@76	190 break;
Chris@76	191
Chris@76	192 case 'raw':
Chris@76	193 return $replacement;
Chris@76	194 break;
Chris@76	195
Chris@76	196 default:
Chris@76	197 smf_db_error_backtrace('Undefined type used in the database query. (' . $matches[1] . ':' . $matches[2] . ')', '', false, __FILE__, __LINE__);
Chris@76	198 break;
Chris@76	199 }
Chris@76	200 }
Chris@76	201
Chris@76	202 // Just like the db_query, escape and quote a string, but not executing the query.
Chris@76	203 function smf_db_quote($db_string, $db_values, $connection = null)
Chris@76	204 {
Chris@76	205 global $db_callback, $db_connection;
Chris@76	206
Chris@76	207 // Only bother if there's something to replace.
Chris@76	208 if (strpos($db_string, '{') !== false)
Chris@76	209 {
Chris@76	210 // This is needed by the callback function.
Chris@76	211 $db_callback = array($db_values, $connection == null ? $db_connection : $connection);
Chris@76	212
Chris@76	213 // Do the quoting and escaping
Chris@76	214 $db_string = preg_replace_callback('~{([a-z_]+)(?::([a-zA-Z0-9_-]+))?}~', 'smf_db_replacement__callback', $db_string);
Chris@76	215
Chris@76	216 // Clear this global variable.
Chris@76	217 $db_callback = array();
Chris@76	218 }
Chris@76	219
Chris@76	220 return $db_string;
Chris@76	221 }
Chris@76	222
Chris@76	223 // Do a query. Takes care of errors too.
Chris@76	224 function smf_db_query($identifier, $db_string, $db_values = array(), $connection = null)
Chris@76	225 {
Chris@76	226 global $db_cache, $db_count, $db_connection, $db_show_debug, $time_start;
Chris@76	227 global $db_unbuffered, $db_callback, $modSettings;
Chris@76	228
Chris@76	229 // Comments that are allowed in a query are preg_removed.
Chris@76	230 static $allowed_comments_from = array(
Chris@76	231 '~\s+~s',
Chris@76	232 '~/\!40001 SQL_NO_CACHE \/~',
Chris@76	233 '~/\!40000 USE INDEX $[A-Za-z\_]+?$ \/~',
Chris@76	234 '~/\!40100 ON DUPLICATE KEY UPDATE id_msg = \d+ \/~',
Chris@76	235 );
Chris@76	236 static $allowed_comments_to = array(
Chris@76	237 ' ',
Chris@76	238 '',
Chris@76	239 '',
Chris@76	240 '',
Chris@76	241 );
Chris@76	242
Chris@76	243 // Decide which connection to use.
Chris@76	244 $connection = $connection == null ? $db_connection : $connection;
Chris@76	245
Chris@76	246 // One more query....
Chris@76	247 $db_count = !isset($db_count) ? 1 : $db_count + 1;
Chris@76	248
Chris@76	249 if (empty($modSettings['disableQueryCheck']) && strpos($db_string, '\'') !== false && empty($db_values['security_override']))
Chris@76	250 smf_db_error_backtrace('Hacking attempt...', 'Illegal character (\') used in query...', true, __FILE__, __LINE__);
Chris@76	251
Chris@76	252 // Use "ORDER BY null" to prevent Mysql doing filesorts for Group By clauses without an Order By
Chris@76	253 if (strpos($db_string, 'GROUP BY') !== false && strpos($db_string, 'ORDER BY') === false && strpos($db_string, 'INSERT INTO') === false)
Chris@76	254 {
Chris@76	255 // Add before LIMIT
Chris@76	256 if ($pos = strpos($db_string, 'LIMIT '))
Chris@76	257 $db_string = substr($db_string, 0, $pos) . "\t\t\tORDER BY null\n" . substr($db_string, $pos, strlen($db_string));
Chris@76	258 else
Chris@76	259 // Append it.
Chris@76	260 $db_string .= "\n\t\t\tORDER BY null";
Chris@76	261 }
Chris@76	262
Chris@76	263 if (empty($db_values['security_override']) && (!empty($db_values) \|\| strpos($db_string, '{db_prefix}') !== false))
Chris@76	264 {
Chris@76	265 // Pass some values to the global space for use in the callback function.
Chris@76	266 $db_callback = array($db_values, $connection);
Chris@76	267
Chris@76	268 // Inject the values passed to this function.
Chris@76	269 $db_string = preg_replace_callback('~{([a-z_]+)(?::([a-zA-Z0-9_-]+))?}~', 'smf_db_replacement__callback', $db_string);
Chris@76	270
Chris@76	271 // This shouldn't be residing in global space any longer.
Chris@76	272 $db_callback = array();
Chris@76	273 }
Chris@76	274
Chris@76	275 // Debugging.
Chris@76	276 if (isset($db_show_debug) && $db_show_debug === true)
Chris@76	277 {
Chris@76	278 // Get the file and line number this function was called.
Chris@76	279 list ($file, $line) = smf_db_error_backtrace('', '', 'return', __FILE__, __LINE__);
Chris@76	280
Chris@76	281 // Initialize $db_cache if not already initialized.
Chris@76	282 if (!isset($db_cache))
Chris@76	283 $db_cache = array();
Chris@76	284
Chris@76	285 if (!empty($_SESSION['debug_redirect']))
Chris@76	286 {
Chris@76	287 $db_cache = array_merge($_SESSION['debug_redirect'], $db_cache);
Chris@76	288 $db_count = count($db_cache) + 1;
Chris@76	289 $_SESSION['debug_redirect'] = array();
Chris@76	290 }
Chris@76	291
Chris@76	292 $st = microtime();
Chris@76	293 // Don't overload it.
Chris@76	294 $db_cache[$db_count]['q'] = $db_count < 50 ? $db_string : '...';
Chris@76	295 $db_cache[$db_count]['f'] = $file;
Chris@76	296 $db_cache[$db_count]['l'] = $line;
Chris@76	297 $db_cache[$db_count]['s'] = array_sum(explode(' ', $st)) - array_sum(explode(' ', $time_start));
Chris@76	298 }
Chris@76	299
Chris@76	300 // First, we clean strings out of the query, reduce whitespace, lowercase, and trim - so we can check it over.
Chris@76	301 if (empty($modSettings['disableQueryCheck']))
Chris@76	302 {
Chris@76	303 $clean = '';
Chris@76	304 $old_pos = 0;
Chris@76	305 $pos = -1;
Chris@76	306 while (true)
Chris@76	307 {
Chris@76	308 $pos = strpos($db_string, '\'', $pos + 1);
Chris@76	309 if ($pos === false)
Chris@76	310 break;
Chris@76	311 $clean .= substr($db_string, $old_pos, $pos - $old_pos);
Chris@76	312
Chris@76	313 while (true)
Chris@76	314 {
Chris@76	315 $pos1 = strpos($db_string, '\'', $pos + 1);
Chris@76	316 $pos2 = strpos($db_string, '\\', $pos + 1);
Chris@76	317 if ($pos1 === false)
Chris@76	318 break;
Chris@76	319 elseif ($pos2 == false \|\| $pos2 > $pos1)
Chris@76	320 {
Chris@76	321 $pos = $pos1;
Chris@76	322 break;
Chris@76	323 }
Chris@76	324
Chris@76	325 $pos = $pos2 + 1;
Chris@76	326 }
Chris@76	327 $clean .= ' %s ';
Chris@76	328
Chris@76	329 $old_pos = $pos + 1;
Chris@76	330 }
Chris@76	331 $clean .= substr($db_string, $old_pos);
Chris@76	332 $clean = trim(strtolower(preg_replace($allowed_comments_from, $allowed_comments_to, $clean)));
Chris@76	333
Chris@76	334 // We don't use UNION in SMF, at least so far. But it's useful for injections.
Chris@76	335 if (strpos($clean, 'union') !== false && preg_match('~(^\|[^a-z])union($\|[^[a-z])~s', $clean) != 0)
Chris@76	336 $fail = true;
Chris@76	337 // Comments? We don't use comments in our queries, we leave 'em outside!
Chris@76	338 elseif (strpos($clean, '/*') > 2 \|\| strpos($clean, '--') !== false \|\| strpos($clean, ';') !== false)
Chris@76	339 $fail = true;
Chris@76	340 // Trying to change passwords, slow us down, or something?
Chris@76	341 elseif (strpos($clean, 'sleep') !== false && preg_match('~(^\|[^a-z])sleep($\|[^[_a-z])~s', $clean) != 0)
Chris@76	342 $fail = true;
Chris@76	343 elseif (strpos($clean, 'benchmark') !== false && preg_match('~(^\|[^a-z])benchmark($\|[^[a-z])~s', $clean) != 0)
Chris@76	344 $fail = true;
Chris@76	345 // Sub selects? We don't use those either.
Chris@76	346 elseif (preg_match('~\([^)]*?select~s', $clean) != 0)
Chris@76	347 $fail = true;
Chris@76	348
Chris@76	349 if (!empty($fail) && function_exists('log_error'))
Chris@76	350 smf_db_error_backtrace('Hacking attempt...', 'Hacking attempt...' . "\n" . $db_string, E_USER_ERROR, __FILE__, __LINE__);
Chris@76	351 }
Chris@76	352
Chris@76	353 if (empty($db_unbuffered))
Chris@76	354 $ret = @mysql_query($db_string, $connection);
Chris@76	355 else
Chris@76	356 $ret = @mysql_unbuffered_query($db_string, $connection);
Chris@76	357 if ($ret === false && empty($db_values['db_error_skip']))
Chris@76	358 $ret = smf_db_error($db_string, $connection);
Chris@76	359
Chris@76	360 // Debugging.
Chris@76	361 if (isset($db_show_debug) && $db_show_debug === true)
Chris@76	362 $db_cache[$db_count]['t'] = array_sum(explode(' ', microtime())) - array_sum(explode(' ', $st));
Chris@76	363
Chris@76	364 return $ret;
Chris@76	365 }
Chris@76	366
Chris@76	367 function smf_db_affected_rows($connection = null)
Chris@76	368 {
Chris@76	369 global $db_connection;
Chris@76	370
Chris@76	371 return mysql_affected_rows($connection == null ? $db_connection : $connection);
Chris@76	372 }
Chris@76	373
Chris@76	374 function smf_db_insert_id($table, $field = null, $connection = null)
Chris@76	375 {
Chris@76	376 global $db_connection, $db_prefix;
Chris@76	377
Chris@76	378 $table = str_replace('{db_prefix}', $db_prefix, $table);
Chris@76	379
Chris@76	380 // MySQL doesn't need the table or field information.
Chris@76	381 return mysql_insert_id($connection == null ? $db_connection : $connection);
Chris@76	382 }
Chris@76	383
Chris@76	384 // Do a transaction.
Chris@76	385 function smf_db_transaction($type = 'commit', $connection = null)
Chris@76	386 {
Chris@76	387 global $db_connection;
Chris@76	388
Chris@76	389 // Decide which connection to use
Chris@76	390 $connection = $connection == null ? $db_connection : $connection;
Chris@76	391
Chris@76	392 if ($type == 'begin')
Chris@76	393 return @mysql_query('BEGIN', $connection);
Chris@76	394 elseif ($type == 'rollback')
Chris@76	395 return @mysql_query('ROLLBACK', $connection);
Chris@76	396 elseif ($type == 'commit')
Chris@76	397 return @mysql_query('COMMIT', $connection);
Chris@76	398
Chris@76	399 return false;
Chris@76	400 }
Chris@76	401
Chris@76	402 // Database error!
Chris@76	403 function smf_db_error($db_string, $connection = null)
Chris@76	404 {
Chris@76	405 global $txt, $context, $sourcedir, $webmaster_email, $modSettings;
Chris@76	406 global $forum_version, $db_connection, $db_last_error, $db_persist;
Chris@76	407 global $db_server, $db_user, $db_passwd, $db_name, $db_show_debug, $ssi_db_user, $ssi_db_passwd;
Chris@76	408 global $smcFunc;
Chris@76	409
Chris@76	410 // Get the file and line numbers.
Chris@76	411 list ($file, $line) = smf_db_error_backtrace('', '', 'return', __FILE__, __LINE__);
Chris@76	412
Chris@76	413 // Decide which connection to use
Chris@76	414 $connection = $connection == null ? $db_connection : $connection;
Chris@76	415
Chris@76	416 // This is the error message...
Chris@76	417 $query_error = mysql_error($connection);
Chris@76	418 $query_errno = mysql_errno($connection);
Chris@76	419
Chris@76	420 // Error numbers:
Chris@76	421 // 1016: Can't open file '....MYI'
Chris@76	422 // 1030: Got error ??? from table handler.
Chris@76	423 // 1034: Incorrect key file for table.
Chris@76	424 // 1035: Old key file for table.
Chris@76	425 // 1205: Lock wait timeout exceeded.
Chris@76	426 // 1213: Deadlock found.
Chris@76	427 // 2006: Server has gone away.
Chris@76	428 // 2013: Lost connection to server during query.
Chris@76	429
Chris@76	430 // Log the error.
Chris@76	431 if ($query_errno != 1213 && $query_errno != 1205 && function_exists('log_error'))
Chris@76	432 log_error($txt['database_error'] . ': ' . $query_error . (!empty($modSettings['enableErrorQueryLogging']) ? "\n\n$db_string" : ''), 'database', $file, $line);
Chris@76	433
Chris@76	434 // Database error auto fixing ;).
Chris@76	435 if (function_exists('cache_get_data') && (!isset($modSettings['autoFixDatabase']) \|\| $modSettings['autoFixDatabase'] == '1'))
Chris@76	436 {
Chris@76	437 // Force caching on, just for the error checking.
Chris@76	438 $old_cache = @$modSettings['cache_enable'];
Chris@76	439 $modSettings['cache_enable'] = '1';
Chris@76	440
Chris@76	441 if (($temp = cache_get_data('db_last_error', 600)) !== null)
Chris@76	442 $db_last_error = max(@$db_last_error, $temp);
Chris@76	443
Chris@76	444 if (@$db_last_error < time() - 3600 * 24 * 3)
Chris@76	445 {
Chris@76	446 // We know there's a problem... but what? Try to auto detect.
Chris@76	447 if ($query_errno == 1030 && strpos($query_error, ' 127 ') !== false)
Chris@76	448 {
Chris@76	449 preg_match_all('~(?:[\n\r]\|^)[^\']+?(?:FROM\|JOIN\|UPDATE\|TABLE) ((?:[^\n\r(]+?(?:, )?)*)~s', $db_string, $matches);
Chris@76	450
Chris@76	451 $fix_tables = array();
Chris@76	452 foreach ($matches[1] as $tables)
Chris@76	453 {
Chris@76	454 $tables = array_unique(explode(',', $tables));
Chris@76	455 foreach ($tables as $table)
Chris@76	456 {
Chris@76	457 // Now, it's still theoretically possible this could be an injection. So backtick it!
Chris@76	458 if (trim($table) != '')
Chris@76	459 $fix_tables[] = '`' . strtr(trim($table), array('`' => '')) . '`';
Chris@76	460 }
Chris@76	461 }
Chris@76	462
Chris@76	463 $fix_tables = array_unique($fix_tables);
Chris@76	464 }
Chris@76	465 // Table crashed. Let's try to fix it.
Chris@76	466 elseif ($query_errno == 1016)
Chris@76	467 {
Chris@76	468 if (preg_match('~\'([^\.\']+)~', $query_error, $match) != 0)
Chris@76	469 $fix_tables = array('`' . $match[1] . '`');
Chris@76	470 }
Chris@76	471 // Indexes crashed. Should be easy to fix!
Chris@76	472 elseif ($query_errno == 1034 \|\| $query_errno == 1035)
Chris@76	473 {
Chris@76	474 preg_match('~\'([^\']+?)\'~', $query_error, $match);
Chris@76	475 $fix_tables = array('`' . $match[1] . '`');
Chris@76	476 }
Chris@76	477 }
Chris@76	478
Chris@76	479 // Check for errors like 145... only fix it once every three days, and send an email. (can't use empty because it might not be set yet...)
Chris@76	480 if (!empty($fix_tables))
Chris@76	481 {
Chris@76	482 // Subs-Admin.php for updateSettingsFile(), Subs-Post.php for sendmail().
Chris@76	483 require_once($sourcedir . '/Subs-Admin.php');
Chris@76	484 require_once($sourcedir . '/Subs-Post.php');
Chris@76	485
Chris@76	486 // Make a note of the REPAIR...
Chris@76	487 cache_put_data('db_last_error', time(), 600);
Chris@76	488 if (($temp = cache_get_data('db_last_error', 600)) === null)
Chris@76	489 updateSettingsFile(array('db_last_error' => time()));
Chris@76	490
Chris@76	491 // Attempt to find and repair the broken table.
Chris@76	492 foreach ($fix_tables as $table)
Chris@76	493 $smcFunc['db_query']('', "
Chris@76	494 REPAIR TABLE $table", false, false);
Chris@76	495
Chris@76	496 // And send off an email!
Chris@76	497 sendmail($webmaster_email, $txt['database_error'], $txt['tried_to_repair']);
Chris@76	498
Chris@76	499 $modSettings['cache_enable'] = $old_cache;
Chris@76	500
Chris@76	501 // Try the query again...?
Chris@76	502 $ret = $smcFunc['db_query']('', $db_string, false, false);
Chris@76	503 if ($ret !== false)
Chris@76	504 return $ret;
Chris@76	505 }
Chris@76	506 else
Chris@76	507 $modSettings['cache_enable'] = $old_cache;
Chris@76	508
Chris@76	509 // Check for the "lost connection" or "deadlock found" errors - and try it just one more time.
Chris@76	510 if (in_array($query_errno, array(1205, 1213, 2006, 2013)))
Chris@76	511 {
Chris@76	512 if (in_array($query_errno, array(2006, 2013)) && $db_connection == $connection)
Chris@76	513 {
Chris@76	514 // Are we in SSI mode? If so try that username and password first
Chris@76	515 if (SMF == 'SSI' && !empty($ssi_db_user) && !empty($ssi_db_passwd))
Chris@76	516 {
Chris@76	517 if (empty($db_persist))
Chris@76	518 $db_connection = @mysql_connect($db_server, $ssi_db_user, $ssi_db_passwd);
Chris@76	519 else
Chris@76	520 $db_connection = @mysql_pconnect($db_server, $ssi_db_user, $ssi_db_passwd);
Chris@76	521 }
Chris@76	522 // Fall back to the regular username and password if need be
Chris@76	523 if (!$db_connection)
Chris@76	524 {
Chris@76	525 if (empty($db_persist))
Chris@76	526 $db_connection = @mysql_connect($db_server, $db_user, $db_passwd);
Chris@76	527 else
Chris@76	528 $db_connection = @mysql_pconnect($db_server, $db_user, $db_passwd);
Chris@76	529 }
Chris@76	530
Chris@76	531 if (!$db_connection \|\| !@mysql_select_db($db_name, $db_connection))
Chris@76	532 $db_connection = false;
Chris@76	533 }
Chris@76	534
Chris@76	535 if ($db_connection)
Chris@76	536 {
Chris@76	537 // Try a deadlock more than once more.
Chris@76	538 for ($n = 0; $n < 4; $n++)
Chris@76	539 {
Chris@76	540 $ret = $smcFunc['db_query']('', $db_string, false, false);
Chris@76	541
Chris@76	542 $new_errno = mysql_errno($db_connection);
Chris@76	543 if ($ret !== false \|\| in_array($new_errno, array(1205, 1213)))
Chris@76	544 break;
Chris@76	545 }
Chris@76	546
Chris@76	547 // If it failed again, shucks to be you... we're not trying it over and over.
Chris@76	548 if ($ret !== false)
Chris@76	549 return $ret;
Chris@76	550 }
Chris@76	551 }
Chris@76	552 // Are they out of space, perhaps?
Chris@76	553 elseif ($query_errno == 1030 && (strpos($query_error, ' -1 ') !== false \|\| strpos($query_error, ' 28 ') !== false \|\| strpos($query_error, ' 12 ') !== false))
Chris@76	554 {
Chris@76	555 if (!isset($txt))
Chris@76	556 $query_error .= ' - check database storage space.';
Chris@76	557 else
Chris@76	558 {
Chris@76	559 if (!isset($txt['mysql_error_space']))
Chris@76	560 loadLanguage('Errors');
Chris@76	561
Chris@76	562 $query_error .= !isset($txt['mysql_error_space']) ? ' - check database storage space.' : $txt['mysql_error_space'];
Chris@76	563 }
Chris@76	564 }
Chris@76	565 }
Chris@76	566
Chris@76	567 // Nothing's defined yet... just die with it.
Chris@76	568 if (empty($context) \|\| empty($txt))
Chris@76	569 die($query_error);
Chris@76	570
Chris@76	571 // Show an error message, if possible.
Chris@76	572 $context['error_title'] = $txt['database_error'];
Chris@76	573 if (allowedTo('admin_forum'))
Chris@76	574 $context['error_message'] = nl2br($query_error) . '<br />' . $txt['file'] . ': ' . $file . '<br />' . $txt['line'] . ': ' . $line;
Chris@76	575 else
Chris@76	576 $context['error_message'] = $txt['try_again'];
Chris@76	577
Chris@76	578 // A database error is often the sign of a database in need of upgrade. Check forum versions, and if not identical suggest an upgrade... (not for Demo/CVS versions!)
Chris@76	579 if (allowedTo('admin_forum') && !empty($forum_version) && $forum_version != 'SMF ' . @$modSettings['smfVersion'] && strpos($forum_version, 'Demo') === false && strpos($forum_version, 'CVS') === false)
Chris@76	580 $context['error_message'] .= '<br /><br />' . sprintf($txt['database_error_versions'], $forum_version, $modSettings['smfVersion']);
Chris@76	581
Chris@76	582 if (allowedTo('admin_forum') && isset($db_show_debug) && $db_show_debug === true)
Chris@76	583 {
Chris@76	584 $context['error_message'] .= '<br /><br />' . nl2br($db_string);
Chris@76	585 }
Chris@76	586
Chris@76	587 // It's already been logged... don't log it again.
Chris@76	588 fatal_error($context['error_message'], false);
Chris@76	589 }
Chris@76	590
Chris@76	591 // Insert some data...
Chris@76	592 function smf_db_insert($method = 'replace', $table, $columns, $data, $keys, $disable_trans = false, $connection = null)
Chris@76	593 {
Chris@76	594 global $smcFunc, $db_connection, $db_prefix;
Chris@76	595
Chris@76	596 $connection = $connection === null ? $db_connection : $connection;
Chris@76	597
Chris@76	598 // With nothing to insert, simply return.
Chris@76	599 if (empty($data))
Chris@76	600 return;
Chris@76	601
Chris@76	602 // Replace the prefix holder with the actual prefix.
Chris@76	603 $table = str_replace('{db_prefix}', $db_prefix, $table);
Chris@76	604
Chris@76	605 // Inserting data as a single row can be done as a single array.
Chris@76	606 if (!is_array($data[array_rand($data)]))
Chris@76	607 $data = array($data);
Chris@76	608
Chris@76	609 // Create the mold for a single row insert.
Chris@76	610 $insertData = '(';
Chris@76	611 foreach ($columns as $columnName => $type)
Chris@76	612 {
Chris@76	613 // Are we restricting the length?
Chris@76	614 if (strpos($type, 'string-') !== false)
Chris@76	615 $insertData .= sprintf('SUBSTRING({string:%1$s}, 1, ' . substr($type, 7) . '), ', $columnName);
Chris@76	616 else
Chris@76	617 $insertData .= sprintf('{%1$s:%2$s}, ', $type, $columnName);
Chris@76	618 }
Chris@76	619 $insertData = substr($insertData, 0, -2) . ')';
Chris@76	620
Chris@76	621 // Create an array consisting of only the columns.
Chris@76	622 $indexed_columns = array_keys($columns);
Chris@76	623
Chris@76	624 // Here's where the variables are injected to the query.
Chris@76	625 $insertRows = array();
Chris@76	626 foreach ($data as $dataRow)
Chris@76	627 $insertRows[] = smf_db_quote($insertData, array_combine($indexed_columns, $dataRow), $connection);
Chris@76	628
Chris@76	629 // Determine the method of insertion.
Chris@76	630 $queryTitle = $method == 'replace' ? 'REPLACE' : ($method == 'ignore' ? 'INSERT IGNORE' : 'INSERT');
Chris@76	631
Chris@76	632 // Do the insert.
Chris@76	633 $smcFunc['db_query']('', '
Chris@76	634 ' . $queryTitle . ' INTO ' . $table . '(`' . implode('`, `', $indexed_columns) . '`)
Chris@76	635 VALUES
Chris@76	636 ' . implode(',
Chris@76	637 ', $insertRows),
Chris@76	638 array(
Chris@76	639 'security_override' => true,
Chris@76	640 'db_error_skip' => $table === $db_prefix . 'log_errors',
Chris@76	641 ),
Chris@76	642 $connection
Chris@76	643 );
Chris@76	644 }
Chris@76	645
Chris@76	646 // This function tries to work out additional error information from a back trace.
Chris@76	647 function smf_db_error_backtrace($error_message, $log_message = '', $error_type = false, $file = null, $line = null)
Chris@76	648 {
Chris@76	649 if (empty($log_message))
Chris@76	650 $log_message = $error_message;
Chris@76	651
Chris@76	652 if (function_exists('debug_backtrace'))
Chris@76	653 {
Chris@76	654 foreach (debug_backtrace() as $step)
Chris@76	655 {
Chris@76	656 // Found it?
Chris@76	657 if (strpos($step['function'], 'query') === false && !in_array(substr($step['function'], 0, 7), array('smf_db_', 'preg_re', 'db_erro', 'call_us')) && substr($step['function'], 0, 2) != '__')
Chris@76	658 {
Chris@76	659 $log_message .= '<br />Function: ' . $step['function'];
Chris@76	660 break;
Chris@76	661 }
Chris@76	662
Chris@76	663 if (isset($step['line']))
Chris@76	664 {
Chris@76	665 $file = $step['file'];
Chris@76	666 $line = $step['line'];
Chris@76	667 }
Chris@76	668 }
Chris@76	669 }
Chris@76	670
Chris@76	671 // A special case - we want the file and line numbers for debugging.
Chris@76	672 if ($error_type == 'return')
Chris@76	673 return array($file, $line);
Chris@76	674
Chris@76	675 // Is always a critical error.
Chris@76	676 if (function_exists('log_error'))
Chris@76	677 log_error($log_message, 'critical', $file, $line);
Chris@76	678
Chris@76	679 if (function_exists('fatal_error'))
Chris@76	680 {
Chris@76	681 fatal_error($error_message, false);
Chris@76	682
Chris@76	683 // Cannot continue...
Chris@76	684 exit;
Chris@76	685 }
Chris@76	686 elseif ($error_type)
Chris@76	687 trigger_error($error_message . ($line !== null ? '<em>(' . basename($file) . '-' . $line . ')</em>' : ''), $error_type);
Chris@76	688 else
Chris@76	689 trigger_error($error_message . ($line !== null ? '<em>(' . basename($file) . '-' . $line . ')</em>' : ''));
Chris@76	690 }
Chris@76	691
Chris@76	692 // Escape the LIKE wildcards so that they match the character and not the wildcard.
Chris@76	693 // The optional second parameter turns human readable wildcards into SQL wildcards.
Chris@76	694 function smf_db_escape_wildcard_string($string, $translate_human_wildcards=false)
Chris@76	695 {
Chris@76	696 $replacements = array(
Chris@76	697 '%' => '\%',
Chris@76	698 '_' => '\_',
Chris@76	699 '\\' => '\\\\',
Chris@76	700 );
Chris@76	701
Chris@76	702 if ($translate_human_wildcards)
Chris@76	703 $replacements += array(
Chris@76	704 '*' => '%',
Chris@76	705 );
Chris@76	706
Chris@76	707 return strtr($string, $replacements);
Chris@76	708 }
Chris@76	709 ?>

Mercurial > hg > vamp-website

annotate forum/Sources/Subs-Db-mysql.php @ 85:6d7b61434be7 website