EIOS/inc/_db.php

219 lines
7.5 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
class DB{
private $mysqli;
function __construct($database,$user,$password='',$host='127.0.0.1'){
$this->mysqli = new mysqli($host, $user, $password, $database);
if (mysqli_connect_error()) {
die('Ошибка подключения (' . mysqli_connect_errno() . ') '. mysqli_connect_error());
}
}
function logTime($str,$n=0){
$file = 'dblogtime.txt';
if($n==1) $mes=$str.PHP_EOL;
else $mes=$str.'|';
file_put_contents($file,$mes,FILE_APPEND);
}
/**
* ЗАПРОС С ВЫБОРКОЙ И ВОЗВРАТ МАССИВА, 0 ЭЛЕМЕНТ КОЛ-ВО СТРОК
* @param $sql
* @return array|void
*/
function QUR_SEL($sql){
$out = array();
$time1 = microtime(true);
$sql = $this->prepare_sql($sql);
$keyd = $this->debug_sql($sql,1);
$qur = $this->mysqli->query($sql);
$this->debug_sql($sql,2,$keyd);
if($_SESSION['user']['id']==9202) {
//file_put_contents('iup1.log',"\n".date('H:i:s d.m.Y').':'.$sql.print_r($qur,1),FILE_APPEND);
//echo 'field_count='.$qur->field_count.';<br>';//Получение количества полей в результирующем наборе
//echo 'field_count='.$qur->lengths.';<br>';//Возвращает длины полей текущей строки результирующего набора
//echo 'field_count='.$qur->num_rows.';<br>';//Получает число рядов в результирующей выборке
//var_dump($qur);
/*
object(mysqli_result)#7 (5) {
["current_field"]=> int(0)
["field_count"]=> int(4)
["lengths"]=> NULL
["num_rows"]=> int(1)
["type"]=> int(0)
}
object(mysqli_result)#7 (5) {
["current_field"]=> int(0)
["field_count"]=> int(8)
["lengths"]=> NULL
["num_rows"]=> int(1)
["type"]=> int(0)
} bool(false)
*/
/*if($qur->num_rows){
echo $sql.':1-num_rows='.$qur->num_rows.';<br>';
}else{
echo $sql.':2-num_rows='.$qur->num_rows.';<br>';
}
if($qur===true){
echo $sql.':TRUE;<br>';
}else{
echo $sql.':FALSE;<br>';
}
*/
}
if ($qur){
$kol = $qur->num_rows;
//$out['err'] = false;
//$out['kol'] = $kol;
if ($kol){
$out[0] = $kol;
while($rez = $qur->fetch_assoc()){
$out[] = $rez;
}
}
}else {
if(!$qur->num_rows){
$out[0] = 0;
}else{
echo '<p>Технические работы...</p><!--'.$sql.' ['.$qur->num_rows.']('.$this->mysqli->errno.')-->';
exit();
}
/*if($qur===true){
if($_SESSION['user']['id']==9202) file_put_contents('iup1.log',"\n".date('H:i:s d.m.Y').':true'FILE_APPEND);
}else{
if($_SESSION['user']['id']==9202) file_put_contents('iup1.log',"\n".date('H:i:s d.m.Y').':false'FILE_APPEND);
}*/
//$out['err'] = true;
//$out['sql']=$sql;
//$out['rep']='ОШИБКА БД!!! <br/>'.$sql.'<br />('.$this->mysqli->errno.') '.$this->mysqli->error;
}
//$time2 = microtime(true);
//$mc = $time2-$time1;
//if($mc>=1) {
// $this->logTime(date('H:i:s d.m.Y'));
// $this->logTime($time2 - $time1);
// $this->logTime($sql);
// $this->logTime($out[0], 1);
//}
return $out;
}
/*
ЗАПРОС К БАЗЕ ДАННЫХ, И ВОЗВРАТ РЕЗУЛЬТАТА ЗАПРОСА
*/
function QUR($sql){
$out = array();
$sql = $this->prepare_sql($sql);
$qur = $this->mysqli->query($sql);
//if($_SESSION['user']['id']==9202) file_put_contents('iup1.log',"\n".date('H:i:s d.m.Y').':'.$sql.print_r($qur,1),FILE_APPEND);
if ($qur){
$out['err']=false;
$out['id']=$this->mysqli->insert_id;
}else{
$out['err']=true;
$out['sql']=$sql;
$out['rep']='ОШИБКА БД!!! <br/>'.$sql.'<br />('.$this->mysqli->errno.') '.$this->mysqli->error;
}
return $out;
}
function prepare_sql($sql){
$stop_word = array('information_schema.tables','cmdshell','XSS','EXEC','UNION');
foreach($stop_word as $k => $word) {
if (strpos($sql, $word) !== false) {
$ip = $_SERVER['REMOTE_ADDR'];
$file = 'tmp/ban/'.$ip.'.json';
if (file_exists($file)){
$json = json_decode(file_get_contents($file),1);
$json['time'] = time();
$json['kol']=5;
$json['url'][]=$_SERVER['REQUEST_URI'];
file_put_contents($file,json_encode($json));
}else{
$json = array();
$json['time'] = time();
$json['kol'] = 5;
$json['url'][]=$_SERVER['REQUEST_URI'];
file_put_contents($file,json_encode($json));
}
exit();
}
}
return $sql;
}
function rescape($param){
return $this->mysqli->real_escape_string($param);
}
function lastinsertID(){
return $this->mysqli->insert_id;
}
function affected_rows(){
return $this->mysqli->mysqli_affected_rows;
}
function debug_sql($sql,$t,$keyd=''){
//$file = 'debug_sqls1.csv';
////if(file_exists($file)) unlink($file);
//$key = md5(time().$sql);
////if(!isset($this->debugSql[$key])) {
//if($t==1){
// $this->debugSql[$key]['sql'] = $sql;
// $this->debugSql[$key]['times'][] = round(microtime(),3);
// return $key;
//}
//if($t==2){
// $last = round(microtime(),3);
// $this->debugSql[$keyd]['times'][] = $last;
// $this->debugSql[$keyd]['time'] = $last - $this->debugSql[$keyd]['times'][0];
// $m1=array("\n","\r"); $m2=array(" "," ");
// $str = date('H:i:s d.m.Y').';'.round($this->debugSql[$keyd]['time'],2).';"'.str_replace($m1,$m2,$sql).'";';
// $str .= '"'.$_SERVER['REMOTE_ADDR'].'";';
// $str .= '"'.$_SERVER['REQUEST_METHOD'].'";';
// $str .= '"'.$_SERVER['PHP_SELF'].'";';
// $str .= '"'.$_SERVER['argv'].'";';
// $debug_backtrace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS);
// unset($debug_backtrace[0]);
// $str .= '"'.json_encode($debug_backtrace,JSON_UNESCAPED_UNICODE).'";';
// $str .= '"'.json_encode($_POST,JSON_UNESCAPED_UNICODE).'";';
// file_put_contents($file,$str."\n",FILE_APPEND);
// unset($this->debugSql[$keyd]);
//}
}
}
if(!function_exists ('mysql_insert_id')){
function mysql_insert_id(){
GLOBAL $DB;
return $DB->lastinsertID();
}
}
if(!function_exists ('mysql_affected_rows')){
function mysql_affected_rows(){
GLOBAL $DB;
return $DB->affected_rows();
}
}
if(!function_exists ('mysql_escape_string')){
function mysql_escape_string($str){
GLOBAL $DB;
return $DB->rescape($str);
}
}
if(!function_exists ('mysql_error')){
function mysql_error(){
return 'error';
}
}
function sendMailDB($fromEmail, $toEmail, $subject, $name, $message){
$Html="<HTML><HEAD><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"></HEAD>
<BODY bgColor=#FFFFFF>".$message."</BODY></HTML>";
$header = "Content-type: text/html; charset=utf-8\n";
$header .= "From: ".$name." <".$fromEmail.">\n";
if (mail($toEmail,$subject, $Html, $header)) return true; else return false;
}
?>