219 lines
7.5 KiB
PHP
219 lines
7.5 KiB
PHP
<?php
|
||
class DB{
|
||
private $mysqli;
|
||
function __construct($database,$user,$password='',$host='127.0.0.1'){
|
||
$this->mysqli = new mysqli($host, $user, $password, $database);
|
||
if (mysqli_connect_error()) {
|
||
die('Ошибка подключения (' . mysqli_connect_errno() . ') '. mysqli_connect_error());
|
||
}
|
||
}
|
||
|
||
function logTime($str,$n=0){
|
||
$file = 'dblogtime.txt';
|
||
if($n==1) $mes=$str.PHP_EOL;
|
||
else $mes=$str.'|';
|
||
file_put_contents($file,$mes,FILE_APPEND);
|
||
}
|
||
|
||
/**
|
||
* ЗАПРОС С ВЫБОРКОЙ И ВОЗВРАТ МАССИВА, 0 ЭЛЕМЕНТ КОЛ-ВО СТРОК
|
||
* @param $sql
|
||
* @return array|void
|
||
*/
|
||
function QUR_SEL($sql){
|
||
$out = array();
|
||
$time1 = microtime(true);
|
||
$sql = $this->prepare_sql($sql);
|
||
|
||
$keyd = $this->debug_sql($sql,1);
|
||
$qur = $this->mysqli->query($sql);
|
||
$this->debug_sql($sql,2,$keyd);
|
||
if($_SESSION['user']['id']==9202) {
|
||
//file_put_contents('iup1.log',"\n".date('H:i:s d.m.Y').':'.$sql.print_r($qur,1),FILE_APPEND);
|
||
//echo 'field_count='.$qur->field_count.';<br>';//Получение количества полей в результирующем наборе
|
||
//echo 'field_count='.$qur->lengths.';<br>';//Возвращает длины полей текущей строки результирующего набора
|
||
//echo 'field_count='.$qur->num_rows.';<br>';//Получает число рядов в результирующей выборке
|
||
//var_dump($qur);
|
||
/*
|
||
object(mysqli_result)#7 (5) {
|
||
["current_field"]=> int(0)
|
||
["field_count"]=> int(4)
|
||
["lengths"]=> NULL
|
||
["num_rows"]=> int(1)
|
||
["type"]=> int(0)
|
||
}
|
||
object(mysqli_result)#7 (5) {
|
||
["current_field"]=> int(0)
|
||
["field_count"]=> int(8)
|
||
["lengths"]=> NULL
|
||
["num_rows"]=> int(1)
|
||
["type"]=> int(0)
|
||
} bool(false)
|
||
*/
|
||
/*if($qur->num_rows){
|
||
echo $sql.':1-num_rows='.$qur->num_rows.';<br>';
|
||
}else{
|
||
echo $sql.':2-num_rows='.$qur->num_rows.';<br>';
|
||
}
|
||
if($qur===true){
|
||
echo $sql.':TRUE;<br>';
|
||
}else{
|
||
echo $sql.':FALSE;<br>';
|
||
}
|
||
*/
|
||
}
|
||
if ($qur){
|
||
$kol = $qur->num_rows;
|
||
//$out['err'] = false;
|
||
//$out['kol'] = $kol;
|
||
if ($kol){
|
||
$out[0] = $kol;
|
||
while($rez = $qur->fetch_assoc()){
|
||
$out[] = $rez;
|
||
}
|
||
}
|
||
}else {
|
||
if(!$qur->num_rows){
|
||
$out[0] = 0;
|
||
}else{
|
||
echo '<p>Технические работы...</p><!--'.$sql.' ['.$qur->num_rows.']('.$this->mysqli->errno.')-->';
|
||
exit();
|
||
}
|
||
/*if($qur===true){
|
||
if($_SESSION['user']['id']==9202) file_put_contents('iup1.log',"\n".date('H:i:s d.m.Y').':true'FILE_APPEND);
|
||
}else{
|
||
if($_SESSION['user']['id']==9202) file_put_contents('iup1.log',"\n".date('H:i:s d.m.Y').':false'FILE_APPEND);
|
||
}*/
|
||
//$out['err'] = true;
|
||
//$out['sql']=$sql;
|
||
//$out['rep']='ОШИБКА БД!!! <br/>'.$sql.'<br />('.$this->mysqli->errno.') '.$this->mysqli->error;
|
||
|
||
}
|
||
//$time2 = microtime(true);
|
||
//$mc = $time2-$time1;
|
||
//if($mc>=1) {
|
||
// $this->logTime(date('H:i:s d.m.Y'));
|
||
// $this->logTime($time2 - $time1);
|
||
// $this->logTime($sql);
|
||
// $this->logTime($out[0], 1);
|
||
//}
|
||
return $out;
|
||
}
|
||
/*
|
||
ЗАПРОС К БАЗЕ ДАННЫХ, И ВОЗВРАТ РЕЗУЛЬТАТА ЗАПРОСА
|
||
*/
|
||
function QUR($sql){
|
||
$out = array();
|
||
$sql = $this->prepare_sql($sql);
|
||
$qur = $this->mysqli->query($sql);
|
||
//if($_SESSION['user']['id']==9202) file_put_contents('iup1.log',"\n".date('H:i:s d.m.Y').':'.$sql.print_r($qur,1),FILE_APPEND);
|
||
if ($qur){
|
||
$out['err']=false;
|
||
$out['id']=$this->mysqli->insert_id;
|
||
}else{
|
||
$out['err']=true;
|
||
$out['sql']=$sql;
|
||
$out['rep']='ОШИБКА БД!!! <br/>'.$sql.'<br />('.$this->mysqli->errno.') '.$this->mysqli->error;
|
||
}
|
||
return $out;
|
||
}
|
||
|
||
function prepare_sql($sql){
|
||
$stop_word = array('information_schema.tables','cmdshell','XSS','EXEC','UNION');
|
||
foreach($stop_word as $k => $word) {
|
||
if (strpos($sql, $word) !== false) {
|
||
$ip = $_SERVER['REMOTE_ADDR'];
|
||
$file = 'tmp/ban/'.$ip.'.json';
|
||
if (file_exists($file)){
|
||
$json = json_decode(file_get_contents($file),1);
|
||
$json['time'] = time();
|
||
$json['kol']=5;
|
||
$json['url'][]=$_SERVER['REQUEST_URI'];
|
||
file_put_contents($file,json_encode($json));
|
||
}else{
|
||
$json = array();
|
||
$json['time'] = time();
|
||
$json['kol'] = 5;
|
||
$json['url'][]=$_SERVER['REQUEST_URI'];
|
||
file_put_contents($file,json_encode($json));
|
||
}
|
||
exit();
|
||
}
|
||
}
|
||
return $sql;
|
||
}
|
||
|
||
function rescape($param){
|
||
return $this->mysqli->real_escape_string($param);
|
||
}
|
||
function lastinsertID(){
|
||
return $this->mysqli->insert_id;
|
||
}
|
||
function affected_rows(){
|
||
return $this->mysqli->mysqli_affected_rows;
|
||
}
|
||
|
||
function debug_sql($sql,$t,$keyd=''){
|
||
//$file = 'debug_sqls1.csv';
|
||
////if(file_exists($file)) unlink($file);
|
||
//$key = md5(time().$sql);
|
||
////if(!isset($this->debugSql[$key])) {
|
||
//if($t==1){
|
||
// $this->debugSql[$key]['sql'] = $sql;
|
||
// $this->debugSql[$key]['times'][] = round(microtime(),3);
|
||
// return $key;
|
||
//}
|
||
//if($t==2){
|
||
// $last = round(microtime(),3);
|
||
// $this->debugSql[$keyd]['times'][] = $last;
|
||
// $this->debugSql[$keyd]['time'] = $last - $this->debugSql[$keyd]['times'][0];
|
||
// $m1=array("\n","\r"); $m2=array(" "," ");
|
||
// $str = date('H:i:s d.m.Y').';'.round($this->debugSql[$keyd]['time'],2).';"'.str_replace($m1,$m2,$sql).'";';
|
||
// $str .= '"'.$_SERVER['REMOTE_ADDR'].'";';
|
||
// $str .= '"'.$_SERVER['REQUEST_METHOD'].'";';
|
||
// $str .= '"'.$_SERVER['PHP_SELF'].'";';
|
||
// $str .= '"'.$_SERVER['argv'].'";';
|
||
// $debug_backtrace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS);
|
||
// unset($debug_backtrace[0]);
|
||
// $str .= '"'.json_encode($debug_backtrace,JSON_UNESCAPED_UNICODE).'";';
|
||
// $str .= '"'.json_encode($_POST,JSON_UNESCAPED_UNICODE).'";';
|
||
// file_put_contents($file,$str."\n",FILE_APPEND);
|
||
// unset($this->debugSql[$keyd]);
|
||
//}
|
||
}
|
||
}
|
||
if(!function_exists ('mysql_insert_id')){
|
||
function mysql_insert_id(){
|
||
GLOBAL $DB;
|
||
return $DB->lastinsertID();
|
||
}
|
||
}
|
||
|
||
if(!function_exists ('mysql_affected_rows')){
|
||
function mysql_affected_rows(){
|
||
GLOBAL $DB;
|
||
return $DB->affected_rows();
|
||
}
|
||
}
|
||
|
||
|
||
if(!function_exists ('mysql_escape_string')){
|
||
function mysql_escape_string($str){
|
||
GLOBAL $DB;
|
||
return $DB->rescape($str);
|
||
}
|
||
}
|
||
if(!function_exists ('mysql_error')){
|
||
function mysql_error(){
|
||
return 'error';
|
||
}
|
||
}
|
||
|
||
function sendMailDB($fromEmail, $toEmail, $subject, $name, $message){
|
||
$Html="<HTML><HEAD><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"></HEAD>
|
||
<BODY bgColor=#FFFFFF>".$message."</BODY></HTML>";
|
||
$header = "Content-type: text/html; charset=utf-8\n";
|
||
$header .= "From: ".$name." <".$fromEmail.">\n";
|
||
if (mail($toEmail,$subject, $Html, $header)) return true; else return false;
|
||
}
|
||
?>
|