muppetjones Posted March 4, 2008 Share Posted March 4, 2008 I'm pretty new to this, and I'm buried pretty deep. I just got an email from my admin telling me I need to stop this script because it was core dumping (meaning a fatal error?), and it bounced over 7000 emails all over the system last night Basically, I decided to update an old PHP4 user login script to PHP5 and include AJAX. Last night I was testing it, and I had no idea all of these problems were going on. I think the emails were from the error logging system -- they're supposed to go to a specified email address, but I never got any of them. Here's a copy of the email I received: Your script located at http://squeezeoflime.com/Scripts/form_check.php has been moved to your account root. This script generated over 7000 emails that bounced back and forth on our server for an hour, which drive the load on this machine to inappropriate levels. Every time this script runs, it also core dumps on the server: -rw------- 1 squeez7 squeez7 24M Mar 3 21:47 core.14811 -rw------- 1 squeez7 squeez7 24M Mar 3 21:51 core.15255 -rw------- 1 squeez7 squeez7 24M Mar 3 21:51 core.1342 I could really use some help, please! I've been over this code a million times, but I don't know the backend well enough to figure out how or what my program is doing to cause this! Here's a quick rundown of how the program works: 1) user enters info (user name, email, first and last name): index.php 2) AJAX validates and returns response: ajax.js, form_check.php 3) user submits form: index.php --3a) AJAX double checks form: ajax.php --> registration.php --3b) AJAX registers user: UsrDB.php (extends BasicDB.php) --3c) AJAX returns pass/fail index.php --calls--> ajax.js --> form_check.php form_check.php includes the classes Sys.php, Usr.php, and UsrDB.php. Here is my AJAX script, and I'll post the others below...Thank you so much for the help!!! /********************************** Filename: ajax.js Date: 02.25.08 **********************************/ /***** CREATE XMLHTTP OBJECT *****/ function request() { var browser = navigator.appName; // get browser var req = false; if(browser == "Microsoft Internet Explorer") { // IE try { req = new ActiveXObject("Msm12.XMLHTTP"); // -- Msm12 } catch(err1) { try { req = new ActiveXObject("Microsoft.XMLHTTP"); // -- Microsoft } catch(err2) { req = false; // FAIL! } } } else { try { req = new XMLHttpRequest(); // not IE } catch(err) { req = false; } } return req; } var http = request(); // CREATE XMLHTTP object var obj; // other variables var obj2; var url; /***** SEND AJAX REQUEST *******/ function send_post(params,use) { http.open("POST", url, true); http.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); http.setRequestHeader("Content-length", params.length); http.setRequestHeader("Connection", "close"); http.onreadystatechange = eval(use); http.send(params); } /******************************************************************************** ***** USE FUNCTIONS ************************************************************* ********************************************************************************/ /***** FORM *****/ function form_response() { var vobj = "v"+obj; if(http.readyState == 4) { if(http.status == 200) { var data = http.responseText.split(","); if(data[0] == 2) { // no data -- do nothing } else if(data[0] == 0) { // good data -- show check document.getElementById(vobj).innerHTML = "<img class=\"form_img\" src=\"../images/yes.png\"/>"; } else { // bad data -- show x and response document.getElementById(vobj).innerHTML = data[1]+" <img class=\"form_img\" src=\"../images/no.png\"/>"; } } else { document.getElementById(vobj).innerHTML = "No server response."; //document.getElementsByName(obj)[0].className = "maybe"; } } else { document.getElementById(vobj).innerHTML = 'Checking...'; //document.getElementsByName(obj)[0].className = "maybe"; } } /***** REGISTER *****/ function register_response() { obj = 'message'; // set div id var msg = ''; if(http.readyState == 4) { if(http.status == 200) { var data = http.responseText; document.getElementById(obj).innerHTML = data; } else { document.getElementById(obj).innerHTML = "Unable to complete request."; } } else { document.getElementById(obj).innerHTML = "Working"; } } /******************************************************************************** ***** CHECK FUNCTIONS *********************************************************** ********************************************************************************/ /* EMAIL */ function check_email() { url = "../Scripts/form_check.php"; obj = "email"; if(document.getElementsByName(obj)[0].value != '') { var params = "object="+obj+"&data="+document.getElementsByName(obj)[0].value; send_post(params,"form_response"); } } /* USR */ function check_usr() { url = "../Scripts/form_check.php"; obj = "usr"; if(document.getElementsByName(obj)[0].value != '') { var params = "object="+obj+"&data="+document.getElementsByName(obj)[0].value; send_post(params,"form_response"); } } /* FIRST */ function check_first() { url = "../Scripts/form_check.php"; obj = "first"; if(document.getElementsByName(obj)[0].value != '') { var params = "object="+obj+"&data="+document.getElementsByName(obj)[0].value; send_post(params,"form_response"); } } /* LAST */ function check_last() { url = "../Scripts/form_check.php"; obj = "last"; if(document.getElementsByName(obj)[0].value != '') { var params = "object="+obj+"&data="+document.getElementsByName(obj)[0].value; send_post(params,"form_response"); } } /* PASSWORD */ function check_password() { url = "../Scripts/form_check.php"; obj = "password"; if(document.getElementsByName(obj)[0].value != '') { var params = "object="+obj+"&data="+document.getElementsByName(obj)[0].value; send_post(params,"form_response"); } } function check_confirm() { url = "../Scripts/form_check.php"; obj = "confirm"; obj2 = "password"; if(document.getElementsByName(obj)[0].value != '') { var params = "object="+obj+"&data="+document.getElementsByName(obj)[0].value+ "&data2="+document.getElementsByName(obj2)[0].value; send_post(params,"form_response"); } } /* REGISTER */ function register() { url = "../Scripts/register.php"; if(document.getElementsByName('usr')[0].value != 0 && document.getElementsByName('email')[0].value != 0 && document.getElementsByName('first')[0].value != 0 && document.getElementsByName('last')[0].value != 0) { params = "usr="+document.getElementsByName('usr')[0].value+ "&email="+document.getElementsByName('email')[0].value+ "&first="+document.getElementsByName('first')[0].value+ "&last="+document.getElementsByName('last')[0].value; send_post(params,"register_response"); } } /* LOGIN */ function login() { url = "../Scripts/login.php"; if(document.getElementsByName('name')[0].value != 0 && document.getElementsByName('password')[0].value != 0) { params = "name="+document.getElementsByName('name')[0].value+ "&password="+document.getElementsByName('password')[0].value; send_post(params,"register_response"); } } Quote Link to comment Share on other sites More sharing options...
muppetjones Posted March 4, 2008 Author Share Posted March 4, 2008 Here's the form_check.php <?php require_once("../Classes/Sys.php"); require_once("../Classes/Usr.php"); require_once("../Classes/UsrDB.php"); session_start(); header("Cache-control: private"); $db = new UsrDB($_SESSION['sys'],$_SESSION['usr']); $return = "1,Invalid data"; if($_POST['data'] == '') { echo "2,No data"; } switch($_POST['object']) { case "usr": if($db->verify_usr($_POST['data'])) { $return = "1,Existing user name"; } else { $return = "0,Available user name"; } break; case "email": $find = "/[\w\d\_\-\.]*\@[\w\d\_\-\.]*\.(com|edu|gov|net|co)/"; if(!preg_match($find,$_POST['data'])) { $return = "1,Invalid email"; } else { if($db->verify_email($_POST['data'])) { $return = "1,Existing email"; } else { $return = "0,Available email"; } } break; case "first": case "last": $find = "/[^a-zA-Z]/"; if(preg_match($find,$_POST['data'])) { $return = "1,Invalid string"; } else { $return = "0,Valid string"; } break; case "password": $find = "/\s/"; if(preg_match($find,$_POST['data'])) { $return = "1,Invalid password"; } else { $return = "0,Valid password"; } break; case "confirm": if($_POST['data'] == $_POST['data2']) { $return = "0,Passwords match"; } else { $return = "1,Passwords don't match"; } break; default: break; } echo $return; ?> Quote Link to comment Share on other sites More sharing options...
muppetjones Posted March 4, 2008 Author Share Posted March 4, 2008 Here's UsrDB.php: <?php require_once('BasicDB.php'); class UsrDB extends BasicDB { /* CLASS VARIABLES */ protected $group; // denotes project & permissions set private $system; // instance of the system class private $user; // instance of the user class private $webmaster; // email to send error messages to private $date; // date private $day; // day private $time; // time /* PUBLIC FUNCTIONS */ /*********************************************************************** ***** CONSTRUCTOR & DESTRUCTOR ***************************************** ***********************************************************************/ /*********************************************************************** Constructor input: instance of the system and user classes output: none */ public function __construct($sys,$usr) { $this->system = $sys; // System class $this->user = $usr; // Usr class $this->group = $this->system->group(); // GET system group $this->day = date("Y:m:d"); $this->time = date("H:i:s"); $this->date = $day."::".$time; $this->webmaster = "webmaster@------.com"; } // END Constructor public function __destruct() { } /*********************************************************************** ***** ERROR HANDLING FUNCTIONS ***************************************** ***********************************************************************/ /*********************************************************************** Write_log($m) input: instruction (Error,LogIN,LogOUT,etc.), and message output: TRUE / FALSE */ public function write_log($instruction,&$msg) { /* LOG MESSAGE QUERY */ $query = sprintf("INSERT INTO log (ses_id, log_date, log_time, log_msg, log_instruction) VALUES ( '%s', '%s', '%s', '%s', '%s' )", // CREATE mysql query $this->system->id(), $this->day, $this->time, $msg, $instruction); if(!$this->insert($query)) { // IF our query has errors $to = $this->webmaster; $subj = "[".$this->group."] Error"; $msg = "Function: write_log\n". "Problem: Unable to write to database\n". "Date: ".$this->date."\n". "User: ".$this->user->name(); $from = "From: ".$this->webmaster; mail($to,$subj,$msg,$from); // --NOTIFY the webmaster return false; // --RETURN FALSE } return true; // RETURN true } // END log_err /*********************************************************************** ***** USRDB METHODS **************************************************** ***********************************************************************/ /*********************************************************************** login() input: user name and password output: true if success, false if fail */ public function login($u,$p) { $msg = ''; $row; $usr_name = $this->mysql_safe($u); // SECURE input data $usr_pass = $this->mysql_safe(sha1($p)); // SECURE & ENCRYPT data if(!$usr_name || !$usr_pass) { return false; } // IF no good, RETURN false $query = sprintf("SELECT u.usr_id ". // QUERY test for valid login "FROM pswd p, usr u ". "WHERE u.usr_name = %s AND u.usr_id = p.usr_id AND p.p_pswd = %s", $usr_name, $usr_pass); if(!($row = $this->select($query))) { return false; } // RUN query, RETURN false if no good $id = $row['usr_id']; // SAVE the user id $query = sprintf("SELECT g.usrg_rank ". // QUERY get user rank "FROM usr u, usr_grp g ". "WHERE u.usr_ID = %s AND u.usr_id = g.usr_id AND g.usrg_grp = %s", $this->user->id(), $this->group); if(!($row = $this->select($query))) { // IF user not in group $query = sprintf("INSERT INTO usr_grp (usr_id,usrg_grp,usrg_rank) ". // --QUERY add user as entry lvl "VALUES (%d,'%s',%d)", $id, $this->group, 1); if(!$this->insert($query)) { return false; } // --RUN query, RETURN false if no good $this->user->rank(1); // --SET user rank to one } else { $this->user->rank($row['usrg_rank']); // ELSE set rank } $this->user->id($id); // SET id $this->user->name($usr_name); // SET name $this->session(); // LOG session data $this->write_log("Log","IN ".$this->user->name()); // LOG log in return true; // RETURN true } // END login /*********************************************************************** logout() input: none output: none result: */ public function logout() { $this->system->__destruct(); // KILL system instance unset($this->system); // UNSET system instance $this->write_log("Log","OUT ".$this->user->name()); // LOG log out } // END logout /*********************************************************************** register() input: array of user name, first & last name, and email output: true if success, false if fail */ public function register($input_array) { $usr = $this->mysql_safe($input_array['usr']); // SECURE user input $first = $this->mysql_safe($input_array['first']); $last = $this->mysql_safe($input_array['last']); $email = $this->mysql_safe($input_array['email']); $msg = ''; $row; $query = sprintf("INSERT INTO usr (usr_name,usr_fname,usr_lname,usr_email) VALUES (%s,%s,%s,%s)", // QUERY add user $usr, $first, $last, $email); if(!$this->insert($query)) { return false; } // RUN query, FALSE if bad $query = sprintf("SELECT usr_id FROM usr WHERE usr_name = %s",$usr); // QUERY get user id if(!($row = $this->select($query))) { return false; } // RUN query, FALSE if bad $id = $row['usr_id']; // SAVE user id $password = $this->random_password(); // CREATE random password $query = sprintf("INSERT INTO pswd (p_pswd,usr_id) VALUES ('%s',%d)", // QUERY add encrypted password sha1($password), $id); if(!$this->insert($query)) { return false; } // RUN query, FALSE if bad $query = sprintf("INSERT INTO usr_grp (usr_id,usrg_grp,usrg_rank) ". // QUERY insert user into group "VALUES (%d,'%s',%d)", $id, $this->group, 1); if(!$this->insert($query)) { return false; } // RUN query, FALSE if bad $query = sprintf("INSERT INTO usr_meta (usr_id) VALUES (%d)", // QUERY add user row in meta table $id); if(!$this->insert($query)) { return false; } // RUN query, FALSE if bad $this->welcome($email,$usr,$password); // SEND welcome email with password $this->write_log("Register",$usr); // LOG register return true; } // END register /*********************************************************************** session() input: none output: TRUE / FALSE */ public function session() { if(!$this->system->verify_id() || !$this->system->verify_ip()) { // IF we still have the same creds $this->logout(); // --LOGOUT return false; } // --RETURN false // Add session to database $query = sprintf("INSERT INTO session (usr_id,ses_grp,ses_ip,ses_addr,ses_php,ses_date,ses_time) VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s' )", // QUERY add session data $this->user->id(), $this->group, $this->system->ip(), $this->system->addr(), $this->system->id(), $this->day, $this->time); if(!$this->insert($query)) { return false; } // RUN query, FALSE if bad return true; // RETURN true } // END session /*********************************************************************** welcome input: email, user name, password output: welcome email and password email */ public function welcome($email,$usr,$password) { $to = $email; $subj = "Welcome to ".$this->group; $from = "From: ".$this->webmaster; $msg = " Dear $usr, Thank you for signing up with ".$this->group."! For security reasons, your password has been sent to you in a different email. If you choose, you may log in and change your password to something you may remember more easily. Keep in mind that our site does not use cookies, so you will need to remember your password. A few password tips may be found here <http://www.microsoft.com/protect/yourself/password/create.mspx>. We would also like to remind you that your email will only be used to contact or identify you from this site. We will never sell nor give* your information to anyone. Please feel free to contact us if you need anything! Cheers, The ".$this->group." team *Unless an extreme security issue arises; an example would be information or copyright theft. --------------------------------------------------------------- If you feel you are receiving this email in error (i.e. you have not registered, changed your email, or changed your password) please let us know ASAP by contacting ".$this->webmaster." or contacting us through our webpage. "; mail($to,$subj,$msg,$from); // SEND welcome email mail($to,$subj,$password,$from); // SEND password email return true; // RETURN true } // END welcome /*********************************************************************** ***** VERIFY FUNCTIONS ************************************************* ***********************************************************************/ /*********************************************************************** verify_email input: email output: true | false */ public function verify_email($email) { $email = $this->mysql_safe($email); // SECURE user input $query = sprintf("SELECT usr_id FROM usr WHERE usr_email = %s", // QUERY check if email is in database $email); if(!($row = $this->select($query))) { return false; } // RUN query, FALSE if not else { return true; } // TRUE if it is } /*********************************************************************** verify_usr input: user name output: true | false */ public function verify_usr($usr) { $usr = $this->mysql_safe($usr); // SECURE user input $query = sprintf("SELECT usr_id FROM usr WHERE usr_name = %s", // QUERY check if user name is in database $usr); if(!($row = $this->select($query))) { return false; } // RUN query, FALSE if not else { return true; } // TRUE if it is } /*********************************************************************** ***** UPDATE FUNCTIONS ************************************************* ***********************************************************************/ /*********************************************************************** change_password input: old password, new password, confirm password output: true | false */ public function change_password($old,$new,$confirm) { if(!verify_id() || !verify_ip()) { return false; } // VERIFY our credentials $old = $this->mysql_safe(sha1($old)); // SECURE user input $new = $this->mysql_safe(sha1($new)); $confirm = $this->mysql_safe(sha1($confirm)); $query = sprintf("SELECT u.usr_id ". // QUERY valid login "FROM pswd p, usr u ". "WHERE u.usr_name = '%s' AND u.usr_id = p.usr_id AND p.p_pswd = %s", $this->user->name(), $old); if(!($row = $this->select($query))) { return false; } // RUN query, FALSE if bad $id = $row['usr_id']; // SAVE user id // Test new password if($new != $confirm) { return false; } // IF new pass don't match, FALSE $query = sprintf("UPDATE pswd ". // QUERY update new password "SET p_pswd = %s ". "WHERE usr_id = %d ", $new, $id); if(!$this->insert($query)) { return false; } // RUN query, FALSE on fail $this->write_log("Password","Change: ".$this->user->name()); // LOG password change return true; // RETURN true } /*********************************************************************** new_password input: email output: welcome message with new password */ public function new_password($email) { $safe = $this->mysql_safe($email); // SECURE user input $query = sprintf("SELECT usr_name FROM usr WHERE usr_email = %s", // QUERY verify email $safe); if(!($row = $this->select($query))) { return false; } // RUN query, FALSE on fail $usr = $row['usr_name']; // SAVE user name $password = $this->random_password(); // GENERATE random password $this->welcome($email,$usr,$password); // SEND user email $this->write_log("Password","New: ".$usr); // LOG new password return true; // RETURN true } /*********************************************************************** update_email() input: email output: true | false */ public function update_email($email) { $safe = $this->mysql_safe($email); // SECURE user input $query = sprintf("UPDATE usr ". // QUERY update email "SET usr_email = %s ". "WHERE u.usr_name = '%s'", $safe, $this->usr->name()); if(!$this->insert($query)) { return false; } // RUN query, FALSE on fail $this->new_password($email); // VERIFY new email, SEND new password $this->write_log("Email","Update: ".$this->usr->name()); // LOG email update return true; // RETURN true } /*********************************************************************** update_rank() input: user name, new rank output: true | false */ public function update_rank($usr_name, $rank) { if($this->user->rank() < 3) { return false; } // ADMIN function only $query = sprintf("UPDATE usr_grp g, usr u ". // QUERY update user rank "SET g.usrg_rank = %d ". "WHERE u.usr_name = '%s' AND u.usr_id = g.usr_id", $rank, $usr_name); if(!$this->insert($query)) { return false; } // RUN query, FALSE on fail $this->write_log("Rank","$usr_name to $rank by ".$this->usr->name()); // LOG rank change return true; // RETURN true } /*********************************************************************** ***** GET FUNCTIONS **************************************************** ***********************************************************************/ /*********************************************************************** email_users() input: none output: email to all users of given rank */ public function email_users() { if($this->user->rank() < 3) { return false; } // ADMIN function only $subj = func_get_arg(0); // GET subject $msg = func_get_arg(1); // GET mesage $from = "From: ".$this->webmaster; // ASSIGN from if(func_num_args() == 3) { // IF rank was included $min_rank = func_get_arg(2); } // --GET rank else { $min_rank = 1; } // ELSE set to all users $list = get_list("usr_email",$min_rank); // GET all emails above rank $to = join(",",$list); // JOIN email array to string mail($to,$subj,$msg,$from); // SEND mail to all users $this->write_log("Email","Everyone $rank, from: ".$this->usr->name()); // LOG mass email return true; // RETURN true } /*********************************************************************** get_hash() input: desired attribute, minimum rank (opt) output: hash of user names TEMPORARILY DISABLED --> NOT IN USE public function get_user_hash() { return $this->get_hash("usr_name"); } // ALIAS for get_hash USER public function get_email_hash() { return $this->get_hash("usr_email"); } // ALIAS for get_hash EMAIL public function get_hash() { $val = func_get_arg(0); // SAVE desired attribute if(func_num_args() == 2) { // IF more input $min_rank = func_get_arg(1); } // --SAVE desired rank else { $min_rank = 1; } // ELSE get all ranks $query = sprintf("SELECT %s FROM usr WHERE usr_rank >= %d", // QUERY get all rows $val, $min_rank); $list = $this->select_simple_hash($query); // SAVE rows as a hash return $list; // RETURN hash } // END get_list /*********************************************************************** get_list() input: desired attribute, minimum rank (opt) output: array of user names */ public function get_user_list() { return $this->get_list("usr_name"); } // ALIAS for get_list USER public function get_email_list() { return $this->get_list("usr_email"); } // ALIAS for get_list EMAIL public function get_list() { $val = func_get_arg(0); // SAVE desired attribute if(func_num_args() == 2) { // IF more input $min_rank = func_get_arg(1); } // --SAVE desired rank else { $min_rank = 1; } // ELSE get all ranks $query = sprintf("SELECT %s FROM usr WHERE usr_rank >= %d", // QUERY get all rows $val, $min_rank); if(!($list = $this->select_simple_list($query))) { return false; } // SAVE rows as a array, FALSE on fail return $list; // RETURN array } // END get_list /*********************************************************************** get_fulllist() input: none output: array of user names TEMPORARILY DISABLED --> NOT IN USE public function get_fulllist() { $query = sprintf("SELECT usr_lname,usr_fname,usr_name,usr_email,usrg_rank ". "FROM usr u, usr_grp g ". // QUERY all attributes "WHERE u.usr_id = g.usr_id AND g.usrg_grp = %s ". "ORDER BY g.usrg_rank,u.usr_lname", $this->group); if(!($list = $this->select_complex_list($query))) { return false; } // RUN query, FALSE on fail return $list; // RETURN array } // END get_fulllist /*********************************************************************** random_password() input: none output: password generated */ public function random_password() { // CREATE character arrays $letters = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z'); $numbers = array('1','2','3','4','5','6','7','8','9','0'); $symbols = array('!','@','#','$','%','^','&','*','(',')','<','>','.','?','/',':','{ ','} ',',','.','; ','|','+','=','~'); $length = 10; $password = ''; for($i = 0; $i <= $length; $i++) { // LOOP for given length $set = mt_rand(0,2); // CHOOSE which array to use if($set == 0) { // IF letters $char = mt_rand(1,count($letters)); // --GENERATE a random value $char--; // --DECREMENT (to fit in array index) $password .= $letters[$char]; // --ADD to password } else if($set == 1) { // IF numbers $char = mt_rand(1,count($numbers)); // --see above $char--; $password .= $numbers[$char]; } else if($set == 2) { // IF symbols $char = mt_rand(1,count($symbols)); // -- see above $char--; $password .= $symbols[$char]; } else { } } return $password; // RETURN password } // END random_password } // END CLASS ?> Quote Link to comment Share on other sites More sharing options...
muppetjones Posted March 4, 2008 Author Share Posted March 4, 2008 Here's BasicDB.php: <?php class BasicDB { /* CLASS VARIABLES */ private $date; // Date in Y:m:d::H:i:s form private $day; // Day in Y:m:d form private $system; // instance of the system class private $time; // Time in H:i:s form private $webmaster; // Email to send error notifications to /* CLASS FUNCTIONS */ /*********************************************************************** ***** CONSTRUCTOR & DESTRUCTOR ***************************************** ***********************************************************************/ /*********************************************************************** Constructor input: instance of the system class output: none */ public function __construct($sys) { $this->day = date("Y:m:d"); $this->time = date("H:i:s"); $this->date = $day."::".$time; $this->system = $sys; $this->webmaster = "webmaster@-------.com"; } // END Constructor /*********************************************************************** ***** ERROR HANDLING FUNCTIONS ***************************************** ***********************************************************************/ /*********************************************************************** $this->err($msg) input: error message output: email to the webmaster write to log */ public function err($msg) { $to = $this->webmaster; // assign To: $subj = "[".$this->group."] Error"; // assign Subject: $msg .= "\n".$this->date; // assign Message: $from = "From: ".$this->webmaster; // assign From: mail($to,$subj,$msg,$from); // send mail $this->write_log("Error",$msg); // log error } // END $this->err() /*********************************************************************** ***** MYSQL FUNCTIONS ************************************************** ***********************************************************************/ /*********************************************************************** DB_connect() input: none output: link resource */ public function db_connect() { /* Squeeze of Lime server info*/ $server = "----------"; $usr = '----------'; $pswd = '----------'; $db = '----------'; // opening db connection $link = mysql_connect($server,$usr,$pswd); // OPEN mysql connection if(!$link) { // IF no connection $this->err("db_connect(): Unable to connect to db."); // --REPORT error return false; // --RETURN false } else { } // ELSE continue $dbselect = mysql_select_db($db, $link); // SELECT database if(!$dbselect) { // IF no selection $this->err("db_connect(): Unable to select db."); // --REPORT error return false; // --RETURN false } else { } // ELSE continue return $link; // RETURN link resource } // END db_connect() /*********************************************************************** insert input: mysql query string (insert, delete, or update) output: query result (false on fail, true on success) */ public function insert($query) { return $this->result($query,1,0); // CALL result function } /*********************************************************************** select input: mysql query string (select) output: query result (false on fail, single result on success) */ public function select($query) { return $this->result($query,0,0); // CALL result function } // END select /*********************************************************************** select_simple_list input: mysql query string (select) output: query result (false on fail, array of single field on success) */ public function select_simple_list($query) { return $this->result($query,0,1); // CALL result function } // END select_simple_list /*********************************************************************** result input: mysql query string, boolean, boolean output: */ public function result($query,$insert,$list) { $count = 0; // RESET count $link = $this->db_connect(); // GET a database link $data; // INITIALIZE variable if(!$link) { // IF we still don't connect $msg = "Function: check_result\n". // --CREATE error message "Problem: ".mysql_error()."\n". "Date: ".$this->date."\n"; $this->err($msg); // --REPORT error $this->logout(); // --LOGOUT return false; } // --RETURN FALSE $count = 0; // RESET count $result = mysql_query($query,$link); // QUERY database if(!$result) { // IF no result, $msg = "Function: check_result\n". // --CREATE error message "Problem: ".mysql_error()."\n". "Date: ".$this->date."\n". "Query: $query"; $this->err($msg); // --REPORT error $this->logout(); // --LOGOUT return false; } // --RETURN FALSE if($insert) { // IF an insert type query if(mysql_affected_rows() == 0) { // --CHECK for affected rows return false; } // --NONE? return false $data = true; // --OTHERWISE return true } else { // ELSE a select type query if(mysql_num_rows($result) == 0) { // --CHECK for number of rows return false; } // --NONE? return false else if($list) { // --ELSE IF we want a list while($row = mysql_fetch_row($result)) { // --LOOP through the rows returned $data[] = $row[0]; } // --SAVE first value in array } else { // --ELSE we want a single value $data = mysql_fetch_assoc($result); // --SAVE the query result } mysql_free_result($result); // FREE the result } mysql_close($link); // CLOSE database link return $data; // RETURN our query data (if good result) } /*********************************************************************** ***** SAFE FUNCTIONS *************************************************** ***********************************************************************/ /*********************************************************************** Mysql_safe($val) input: a string output: a safe, mysql 'executable' version of the string, in quotes note: (adapted from php.net) */ public function mysql_safe($value) { $link = $this->db_connect(); // GET a database link if (get_magic_quotes_gpc()) { $value = stripslashes($value); } // IF gmqg is turned on, USE it if (!is_numeric($value)) { // IF its not a number $value = "\"" . mysql_real_escape_string($value,$link) . "\""; } // --ESCAPE and put in quotes return $value; // --RETURN our safe string } // END mysql_safe /*********************************************************************** Mysql_safe_nq($val) input: a string output: a safe, mysql 'executable' version of the string, W/O quotes note: (adapted from php.net) */ public function mysql_safe_nq($value) { $link = $this->db_connect(); // GET a database link if (get_magic_quotes_gpc()) { $value = stripslashes($value); } // IF gmqg is turned on, USE it if (!is_numeric($value)) { // IF its not a number $value = mysql_real_escape_string($value,$link); } // --ESCAPE the string return $value; // --RETURN our safe string } // END mysql_safe } // END CLASS ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.