supernova-ws /
SuperNova
@@ -17,7 +17,7 @@ |
||
| 17 | 17 | * @param $user |
| 18 | 18 | * @param $survey_id |
| 19 | 19 | * @param $survey_vote_id |
| 20 | - * @param $user_name_safe |
|
| 20 | + * @param string $user_name_safe |
|
| 21 | 21 | */ |
| 22 | 22 | public static function db_survey_vote_insert(&$user, $survey_id, $survey_vote_id, $user_name_safe) { |
| 23 | 23 | doquery("INSERT INTO {{survey_votes}} SET `survey_parent_id` = {$survey_id}, `survey_parent_answer_id` = {$survey_vote_id}, `survey_vote_user_id` = {$user['id']}, `survey_vote_user_name` = '{$user_name_safe}';"); |
@@ -23,7 +23,7 @@ |
||
| 23 | 23 | * @return array|bool|mysqli_result|null |
| 24 | 24 | */ |
| 25 | 25 | public static function db_missile_list_by_arrival() { |
| 26 | - $iraks = doquery("SELECT * FROM {{iraks}} WHERE `fleet_end_time` <= " . SN_TIME_NOW . " FOR UPDATE;"); |
|
| 26 | + $iraks = doquery("SELECT * FROM {{iraks}} WHERE `fleet_end_time` <= ".SN_TIME_NOW." FOR UPDATE;"); |
|
| 27 | 27 | |
| 28 | 28 | return $iraks; |
| 29 | 29 | } |
@@ -36,7 +36,7 @@ discard block |
||
| 36 | 36 | * @param $note_id_edit |
| 37 | 37 | */ |
| 38 | 38 | public static function db_note_update_by_id($note_priority, $note_title, $note_text, $note_galaxy, $note_system, $note_planet, $note_planet_type, $note_sticky, $note_id_edit) { |
| 39 | - doquery("UPDATE {{notes}} SET `time` = " . SN_TIME_NOW . ", `priority` = {$note_priority}, `title` = '{$note_title}', `text` = '{$note_text}', |
|
| 39 | + doquery("UPDATE {{notes}} SET `time` = ".SN_TIME_NOW.", `priority` = {$note_priority}, `title` = '{$note_title}', `text` = '{$note_text}', |
|
| 40 | 40 | `galaxy` = {$note_galaxy}, `system` = {$note_system}, `planet` = {$note_planet}, `planet_type` = {$note_planet_type}, `sticky` = {$note_sticky} |
| 41 | 41 | WHERE `id` = {$note_id_edit} LIMIT 1;"); |
| 42 | 42 | } |
@@ -53,7 +53,7 @@ discard block |
||
| 53 | 53 | * @param $note_sticky |
| 54 | 54 | */ |
| 55 | 55 | public static function db_note_insert($user, $note_priority, $note_title, $note_text, $note_galaxy, $note_system, $note_planet, $note_planet_type, $note_sticky) { |
| 56 | - doquery("INSERT INTO {{notes}} SET `owner` = {$user['id']}, `time` = " . SN_TIME_NOW . ", `priority` = {$note_priority}, `title` = '{$note_title}', `text` = '{$note_text}', |
|
| 56 | + doquery("INSERT INTO {{notes}} SET `owner` = {$user['id']}, `time` = ".SN_TIME_NOW.", `priority` = {$note_priority}, `title` = '{$note_title}', `text` = '{$note_text}', |
|
| 57 | 57 | `galaxy` = {$note_galaxy}, `system` = {$note_system}, `planet` = {$note_planet}, `planet_type` = {$note_planet_type}, `sticky` = {$note_sticky};"); |
| 58 | 58 | } |
| 59 | 59 | |
@@ -55,8 +55,8 @@ |
||
| 55 | 55 | } |
| 56 | 56 | |
| 57 | 57 | /** |
| 58 | - * @param int|string $recordId |
|
| 59 | - * @param mixed|array $fieldList |
|
| 58 | + * @param integer $recordId |
|
| 59 | + * @param string[] $fieldList |
|
| 60 | 60 | * @param bool $forUpdate |
| 61 | 61 | * |
| 62 | 62 | * @return array|null |
@@ -91,7 +91,7 @@ discard block |
||
| 91 | 91 | * @return array|null |
| 92 | 92 | */ |
| 93 | 93 | public static function getRecordById($recordId, $fieldList = '*', $forUpdate = false) { |
| 94 | - return static::getRecord(array(static::$_idField . '=' . $recordId), $fieldList, $forUpdate); |
|
| 94 | + return static::getRecord(array(static::$_idField.'='.$recordId), $fieldList, $forUpdate); |
|
| 95 | 95 | } |
| 96 | 96 | |
| 97 | 97 | /** |
@@ -104,7 +104,7 @@ discard block |
||
| 104 | 104 | $query = static::selectIterator( |
| 105 | 105 | static::buildSelect() |
| 106 | 106 | ->fields(static::$_idField) |
| 107 | - ->where(array("`" . static::$_idField . "` IN (" . implode(',', $idList) . ")")) |
|
| 107 | + ->where(array("`".static::$_idField."` IN (".implode(',', $idList).")")) |
|
| 108 | 108 | ); |
| 109 | 109 | } else { |
| 110 | 110 | $query = new DbEmptyIterator(); |
@@ -125,7 +125,7 @@ discard block |
||
| 125 | 125 | |
| 126 | 126 | $result = array(); |
| 127 | 127 | if (!empty($idList)) { |
| 128 | - foreach(static::queryExistsIdInList($idList) as $row) { |
|
| 128 | + foreach (static::queryExistsIdInList($idList) as $row) { |
|
| 129 | 129 | $result[] = $row[static::$_idField]; |
| 130 | 130 | } |
| 131 | 131 | } |
@@ -150,7 +150,7 @@ discard block |
||
| 150 | 150 | */ |
| 151 | 151 | protected static function selectIterator($sql) { |
| 152 | 152 | $result = static::$dbStatic->selectIterator($sql, false); |
| 153 | - if(!($result instanceof DbResultIterator)) { |
|
| 153 | + if (!($result instanceof DbResultIterator)) { |
|
| 154 | 154 | $result = new DbEmptyIterator(); |
| 155 | 155 | } |
| 156 | 156 | return $result; |
@@ -10,7 +10,7 @@ discard block |
||
| 10 | 10 | define('INSTALL', false); |
| 11 | 11 | define('IN_ADMIN', true); |
| 12 | 12 | |
| 13 | -require('../common.' . substr(strrchr(__FILE__, '.'), 1)); |
|
| 13 | +require('../common.'.substr(strrchr(__FILE__, '.'), 1)); |
|
| 14 | 14 | |
| 15 | 15 | if ($user['authlevel'] < 3) { |
| 16 | 16 | AdminMessage(classLocale::$lang['adm_err_denied']); |
@@ -111,7 +111,7 @@ discard block |
||
| 111 | 111 | foreach ($value as $interval_data) { |
| 112 | 112 | print("<tr>"); |
| 113 | 113 | print("<td>{$user_id}</td><td>{$user_record['username']}</td><td>{$interval_data[0]}</td><td>{$interval_data[1]}</td><td>{$interval_data[2]}</td>"); |
| 114 | - print("<td>" . date(FMT_DATE_TIME_SQL, $user_record['onlinetime']) . "</td>"); |
|
| 114 | + print("<td>".date(FMT_DATE_TIME_SQL, $user_record['onlinetime'])."</td>"); |
|
| 115 | 115 | print("</tr>"); |
| 116 | 116 | } |
| 117 | 117 | } |
@@ -45,8 +45,8 @@ |
||
| 45 | 45 | */ |
| 46 | 46 | protected function quoteStringAsFieldByRef(&$string) { |
| 47 | 47 | $string = $this->stringEscape($string); |
| 48 | - if ((string)$string && '*' != $string) { |
|
| 49 | - $string = '`' . $string . '`'; |
|
| 48 | + if ((string) $string && '*' != $string) { |
|
| 49 | + $string = '`'.$string.'`'; |
|
| 50 | 50 | } |
| 51 | 51 | } |
| 52 | 52 | |
@@ -124,7 +124,7 @@ discard block |
||
| 124 | 124 | /** |
| 125 | 125 | * @param string $query |
| 126 | 126 | * |
| 127 | - * @return mixed|string |
|
| 127 | + * @return string |
|
| 128 | 128 | */ |
| 129 | 129 | public function replaceTablePlaceholders($query) { |
| 130 | 130 | $sql = $query; |
@@ -138,8 +138,8 @@ discard block |
||
| 138 | 138 | } |
| 139 | 139 | |
| 140 | 140 | /** |
| 141 | - * @param $query |
|
| 142 | - * @param $fetch |
|
| 141 | + * @param string $query |
|
| 142 | + * @param boolean $fetch |
|
| 143 | 143 | */ |
| 144 | 144 | protected function logQuery($query, $fetch) { |
| 145 | 145 | if (!classSupernova::$config->debug) { |
@@ -257,6 +257,10 @@ discard block |
||
| 257 | 257 | |
| 258 | 258 | |
| 259 | 259 | // TODO Заменить это на новый логгер |
| 260 | + |
|
| 261 | + /** |
|
| 262 | + * @param string $query |
|
| 263 | + */ |
|
| 260 | 264 | protected function security_watch_user_queries($query) { |
| 261 | 265 | global $user; |
| 262 | 266 | |
@@ -280,6 +284,9 @@ discard block |
||
| 280 | 284 | } |
| 281 | 285 | |
| 282 | 286 | |
| 287 | + /** |
|
| 288 | + * @param string $query |
|
| 289 | + */ |
|
| 283 | 290 | public function security_query_check_bad_words($query, $skip_query_check = false) { |
| 284 | 291 | if ($skip_query_check) { |
| 285 | 292 | return; |
@@ -65,7 +65,7 @@ discard block |
||
| 65 | 65 | public function load_db_settings() { |
| 66 | 66 | $dbsettings = array(); |
| 67 | 67 | |
| 68 | - require(SN_ROOT_PHYSICAL . "config" . DOT_PHP_EX); |
|
| 68 | + require(SN_ROOT_PHYSICAL."config".DOT_PHP_EX); |
|
| 69 | 69 | |
| 70 | 70 | $this->dbsettings = $dbsettings; |
| 71 | 71 | } |
@@ -130,7 +130,7 @@ discard block |
||
| 130 | 130 | $sql = $query; |
| 131 | 131 | if (strpos($sql, '{{') !== false) { |
| 132 | 132 | foreach ($this->table_list as $tableName) { |
| 133 | - $sql = str_replace("{{{$tableName}}}", $this->db_prefix . $tableName, $sql); |
|
| 133 | + $sql = str_replace("{{{$tableName}}}", $this->db_prefix.$tableName, $sql); |
|
| 134 | 134 | } |
| 135 | 135 | } |
| 136 | 136 | |
@@ -150,7 +150,7 @@ discard block |
||
| 150 | 150 | $arr = debug_backtrace(); |
| 151 | 151 | $file = end(explode('/', $arr[0]['file'])); |
| 152 | 152 | $line = $arr[0]['line']; |
| 153 | - classSupernova::$debug->add("<tr><th>Query {$this->queryCount}: </th><th>$query</th><th>{$file} @ {$line}</th><th> </th><th> " . ($fetch ? '+' : ' ') . " </th></tr>"); |
|
| 153 | + classSupernova::$debug->add("<tr><th>Query {$this->queryCount}: </th><th>$query</th><th>{$file} @ {$line}</th><th> </th><th> ".($fetch ? '+' : ' ')." </th></tr>"); |
|
| 154 | 154 | } |
| 155 | 155 | |
| 156 | 156 | |
@@ -219,13 +219,13 @@ discard block |
||
| 219 | 219 | ->execute() |
| 220 | 220 | ->getResult(); |
| 221 | 221 | } else { |
| 222 | - $queryResult = $this->db_sql_query($stringQuery . DbSqlHelper::quoteComment($queryTrace)); |
|
| 222 | + $queryResult = $this->db_sql_query($stringQuery.DbSqlHelper::quoteComment($queryTrace)); |
|
| 223 | 223 | } |
| 224 | 224 | if (!$queryResult) { |
| 225 | 225 | throw new Exception(); |
| 226 | 226 | } |
| 227 | 227 | } catch (Exception $e) { |
| 228 | - classSupernova::$debug->error($this->db_error() . "<br />{$query}<br />", 'SQL Error'); |
|
| 228 | + classSupernova::$debug->error($this->db_error()."<br />{$query}<br />", 'SQL Error'); |
|
| 229 | 229 | } |
| 230 | 230 | |
| 231 | 231 | if ($fetch) { |
@@ -272,7 +272,7 @@ discard block |
||
| 272 | 272 | ->execute() |
| 273 | 273 | ->getIterator(); |
| 274 | 274 | } else { |
| 275 | - $queryResult = $this->db_sql_query($stringQuery . DbSqlHelper::quoteComment($queryTrace)); |
|
| 275 | + $queryResult = $this->db_sql_query($stringQuery.DbSqlHelper::quoteComment($queryTrace)); |
|
| 276 | 276 | |
| 277 | 277 | if (!$queryResult) { |
| 278 | 278 | throw new Exception(); |
@@ -285,7 +285,7 @@ discard block |
||
| 285 | 285 | } |
| 286 | 286 | } |
| 287 | 287 | } catch (Exception $e) { |
| 288 | - classSupernova::$debug->error($this->db_error() . "<br />{$query}<br />", 'SQL Error'); |
|
| 288 | + classSupernova::$debug->error($this->db_error()."<br />{$query}<br />", 'SQL Error'); |
|
| 289 | 289 | } |
| 290 | 290 | |
| 291 | 291 | return $result; |
@@ -354,10 +354,10 @@ discard block |
||
| 354 | 354 | $this->isWatching = true; |
| 355 | 355 | $msg = "\$query = \"{$query}\"\n\r"; |
| 356 | 356 | if (!empty($_POST)) { |
| 357 | - $msg .= "\n\r" . dump($_POST, '$_POST'); |
|
| 357 | + $msg .= "\n\r".dump($_POST, '$_POST'); |
|
| 358 | 358 | } |
| 359 | 359 | if (!empty($_GET)) { |
| 360 | - $msg .= "\n\r" . dump($_GET, '$_GET'); |
|
| 360 | + $msg .= "\n\r".dump($_GET, '$_GET'); |
|
| 361 | 361 | } |
| 362 | 362 | classSupernova::$debug->warning($msg, "Watching user {$user['id']}", 399, array('base_dump' => true)); |
| 363 | 363 | $this->isWatching = false; |
@@ -372,7 +372,7 @@ discard block |
||
| 372 | 372 | |
| 373 | 373 | global $user, $dm_change_legit, $mm_change_legit; |
| 374 | 374 | |
| 375 | - switch(true) { |
|
| 375 | + switch (true) { |
|
| 376 | 376 | case stripos($query, 'RUNCATE TABL') != false: |
| 377 | 377 | case stripos($query, 'ROP TABL') != false: |
| 378 | 378 | case stripos($query, 'ENAME TABL') != false: |
@@ -383,37 +383,37 @@ discard block |
||
| 383 | 383 | case stripos($query, 'RPG_POINTS') != false && stripos(trim($query), 'UPDATE ') === 0 && !$dm_change_legit: |
| 384 | 384 | case stripos($query, 'METAMATTER') != false && stripos(trim($query), 'UPDATE ') === 0 && !$mm_change_legit: |
| 385 | 385 | case stripos($query, 'AUTHLEVEL') != false && $user['authlevel'] < 3 && stripos($query, 'SELECT') !== 0: |
| 386 | - $report = "Hacking attempt (" . date("d.m.Y H:i:s") . " - [" . time() . "]):\n"; |
|
| 386 | + $report = "Hacking attempt (".date("d.m.Y H:i:s")." - [".time()."]):\n"; |
|
| 387 | 387 | $report .= ">Database Inforamation\n"; |
| 388 | - $report .= "\tID - " . $user['id'] . "\n"; |
|
| 389 | - $report .= "\tUser - " . $user['username'] . "\n"; |
|
| 390 | - $report .= "\tAuth level - " . $user['authlevel'] . "\n"; |
|
| 391 | - $report .= "\tAdmin Notes - " . $user['adminNotes'] . "\n"; |
|
| 392 | - $report .= "\tCurrent Planet - " . $user['current_planet'] . "\n"; |
|
| 393 | - $report .= "\tUser IP - " . $user['user_lastip'] . "\n"; |
|
| 394 | - $report .= "\tUser IP at Reg - " . $user['ip_at_reg'] . "\n"; |
|
| 395 | - $report .= "\tUser Agent- " . $_SERVER['HTTP_USER_AGENT'] . "\n"; |
|
| 396 | - $report .= "\tCurrent Page - " . $user['current_page'] . "\n"; |
|
| 397 | - $report .= "\tRegister Time - " . $user['register_time'] . "\n"; |
|
| 388 | + $report .= "\tID - ".$user['id']."\n"; |
|
| 389 | + $report .= "\tUser - ".$user['username']."\n"; |
|
| 390 | + $report .= "\tAuth level - ".$user['authlevel']."\n"; |
|
| 391 | + $report .= "\tAdmin Notes - ".$user['adminNotes']."\n"; |
|
| 392 | + $report .= "\tCurrent Planet - ".$user['current_planet']."\n"; |
|
| 393 | + $report .= "\tUser IP - ".$user['user_lastip']."\n"; |
|
| 394 | + $report .= "\tUser IP at Reg - ".$user['ip_at_reg']."\n"; |
|
| 395 | + $report .= "\tUser Agent- ".$_SERVER['HTTP_USER_AGENT']."\n"; |
|
| 396 | + $report .= "\tCurrent Page - ".$user['current_page']."\n"; |
|
| 397 | + $report .= "\tRegister Time - ".$user['register_time']."\n"; |
|
| 398 | 398 | $report .= "\n"; |
| 399 | 399 | |
| 400 | 400 | $report .= ">Query Information\n"; |
| 401 | - $report .= "\tQuery - " . $query . "\n"; |
|
| 401 | + $report .= "\tQuery - ".$query."\n"; |
|
| 402 | 402 | $report .= "\n"; |
| 403 | 403 | |
| 404 | 404 | $report .= ">\$_SERVER Information\n"; |
| 405 | - $report .= "\tIP - " . $_SERVER['REMOTE_ADDR'] . "\n"; |
|
| 406 | - $report .= "\tHost Name - " . $_SERVER['HTTP_HOST'] . "\n"; |
|
| 407 | - $report .= "\tUser Agent - " . $_SERVER['HTTP_USER_AGENT'] . "\n"; |
|
| 408 | - $report .= "\tRequest Method - " . $_SERVER['REQUEST_METHOD'] . "\n"; |
|
| 409 | - $report .= "\tCame From - " . $_SERVER['HTTP_REFERER'] . "\n"; |
|
| 410 | - $report .= "\tPage is - " . $_SERVER['SCRIPT_NAME'] . "\n"; |
|
| 411 | - $report .= "\tUses Port - " . $_SERVER['REMOTE_PORT'] . "\n"; |
|
| 412 | - $report .= "\tServer Protocol - " . $_SERVER['SERVER_PROTOCOL'] . "\n"; |
|
| 405 | + $report .= "\tIP - ".$_SERVER['REMOTE_ADDR']."\n"; |
|
| 406 | + $report .= "\tHost Name - ".$_SERVER['HTTP_HOST']."\n"; |
|
| 407 | + $report .= "\tUser Agent - ".$_SERVER['HTTP_USER_AGENT']."\n"; |
|
| 408 | + $report .= "\tRequest Method - ".$_SERVER['REQUEST_METHOD']."\n"; |
|
| 409 | + $report .= "\tCame From - ".$_SERVER['HTTP_REFERER']."\n"; |
|
| 410 | + $report .= "\tPage is - ".$_SERVER['SCRIPT_NAME']."\n"; |
|
| 411 | + $report .= "\tUses Port - ".$_SERVER['REMOTE_PORT']."\n"; |
|
| 412 | + $report .= "\tServer Protocol - ".$_SERVER['SERVER_PROTOCOL']."\n"; |
|
| 413 | 413 | |
| 414 | 414 | $report .= "\n--------------------------------------------------------------------------------------------------\n"; |
| 415 | 415 | |
| 416 | - $fp = fopen(SN_ROOT_PHYSICAL . 'badqrys.txt', 'a'); |
|
| 416 | + $fp = fopen(SN_ROOT_PHYSICAL.'badqrys.txt', 'a'); |
|
| 417 | 417 | fwrite($fp, $report); |
| 418 | 418 | fclose($fp); |
| 419 | 419 | |
@@ -434,7 +434,7 @@ discard block |
||
| 434 | 434 | $prefix_length = strlen($this->db_prefix); |
| 435 | 435 | |
| 436 | 436 | $tl = array(); |
| 437 | - while($row = $this->db_fetch($query)) { |
|
| 437 | + while ($row = $this->db_fetch($query)) { |
|
| 438 | 438 | foreach ($row as $table_name) { |
| 439 | 439 | if (strpos($table_name, $this->db_prefix) === 0) { |
| 440 | 440 | $table_name = substr($table_name, $prefix_length); |
@@ -565,7 +565,7 @@ discard block |
||
| 565 | 565 | if (is_bool($query)) { |
| 566 | 566 | throw new Exception('Result of SHOW STATUS command is boolean - which should never happen. Connection to DB is lost?'); |
| 567 | 567 | } |
| 568 | - while($row = db_fetch($query)) { |
|
| 568 | + while ($row = db_fetch($query)) { |
|
| 569 | 569 | $result[$row['Variable_name']] = $row['Value']; |
| 570 | 570 | } |
| 571 | 571 | |
@@ -31,7 +31,7 @@ discard block |
||
| 31 | 31 | * @return $this |
| 32 | 32 | */ |
| 33 | 33 | public function literal($value) { |
| 34 | - $this->literal = (string)$value; |
|
| 34 | + $this->literal = (string) $value; |
|
| 35 | 35 | |
| 36 | 36 | return $this; |
| 37 | 37 | } |
@@ -64,10 +64,10 @@ discard block |
||
| 64 | 64 | $alias = $this->aliasFromField($functionName, $field); |
| 65 | 65 | } |
| 66 | 66 | |
| 67 | - $this->literal = strtoupper($functionName) . '(' . $this->quoteField($field) . ')'; |
|
| 67 | + $this->literal = strtoupper($functionName).'('.$this->quoteField($field).')'; |
|
| 68 | 68 | |
| 69 | 69 | if (self::SQL_LITERAL_ALIAS_NONE !== $alias && !empty($alias)) { |
| 70 | - $this->literal .= ' AS `' . $alias . '`'; |
|
| 70 | + $this->literal .= ' AS `'.$alias.'`'; |
|
| 71 | 71 | } |
| 72 | 72 | |
| 73 | 73 | return $this; |
@@ -124,10 +124,10 @@ discard block |
||
| 124 | 124 | $alias = $this->aliasFromField($functionName, $field); |
| 125 | 125 | } |
| 126 | 126 | |
| 127 | - $this->literal = $this->quoteField($field) . ' IS NULL'; |
|
| 127 | + $this->literal = $this->quoteField($field).' IS NULL'; |
|
| 128 | 128 | |
| 129 | 129 | if (!empty($alias)) { |
| 130 | - $this->literal .= ' AS `' . $alias . '`'; |
|
| 130 | + $this->literal .= ' AS `'.$alias.'`'; |
|
| 131 | 131 | } |
| 132 | 132 | |
| 133 | 133 | return $this; |
@@ -26,7 +26,7 @@ |
||
| 26 | 26 | } |
| 27 | 27 | |
| 28 | 28 | /** |
| 29 | - * @param mixed $value |
|
| 29 | + * @param string $value |
|
| 30 | 30 | * |
| 31 | 31 | * @return $this |
| 32 | 32 | */ |
@@ -15,13 +15,13 @@ |
||
| 15 | 15 | * @return string |
| 16 | 16 | */ |
| 17 | 17 | public static function quoteComment($comment) { |
| 18 | - if($comment == '') { |
|
| 18 | + if ($comment == '') { |
|
| 19 | 19 | return ''; |
| 20 | 20 | } |
| 21 | 21 | |
| 22 | - $comment = str_replace(array('/*', '*/'), '__',$comment); |
|
| 22 | + $comment = str_replace(array('/*', '*/'), '__', $comment); |
|
| 23 | 23 | |
| 24 | - return "\r\n/*" . $comment . "*/"; |
|
| 24 | + return "\r\n/*".$comment."*/"; |
|
| 25 | 25 | } |
| 26 | 26 | |
| 27 | 27 | } |
