supernova-ws / SuperNova

classes/DBAL/db_mysql.php

<?php /** @noinspection PhpRedundantOptionalArgumentInspection */

/** @noinspection PhpDeprecationInspection */
/** @noinspection PhpUnnecessaryCurlyVarSyntaxInspection */

namespace DBAL;

use classConfig;
use Core\GlobalContainer;
use debug;
use mysqli;
use mysqli_result;
use SN;
use Unit\DBStaticUnit;

/**
 * User: Gorlum
 * Date: 01.09.2015
 * Time: 15:58
 */
class db_mysql {
  const TRANSACTION_LEVEL_SERIALIZABLE = 'SERIALIZABLE';
  const TRANSACTION_LEVEL_REPEATABLE_READ = 'REPEATABLE READ';
  const TRANSACTION_LEVEL_READ_COMMITTED = 'READ COMMITTED';
  const TRANSACTION_LEVEL_READ_UNCOMMITTED = 'READ UNCOMMITTED';

  const TRANSACTION_LEVELS_ALLOWED = [
    self::TRANSACTION_LEVEL_SERIALIZABLE,
    self::TRANSACTION_LEVEL_REPEATABLE_READ,
    self::TRANSACTION_LEVEL_READ_COMMITTED,
    self::TRANSACTION_LEVEL_READ_UNCOMMITTED,
  ];
  const DB_TRANSACTION_WHATEVER = false;
  const DB_TRANSACTION_SHOULD_BE = true;
  const DB_TRANSACTION_SHOULD_NOT_BE = null;
  public static $transaction_id = 0;
  public static $db_in_transaction = false;
  public static $transactionDepth = 0;

  const TABLE_USERS = 'users';

  const TABLE_ID_FIELD = [
    'fleets' => 'fleet_id',
  ];

  /**
   * DB schemes
   *
   * @var Schema|null $schema
   */
  protected static $schema = null;

  /**
   * Статус соединения с MySQL
   *
   * @var bool
   */
  public $connected = false;
  /**
   * Префикс названий таблиц в БД
   *
   * @var string
   */
  public $db_prefix = '';
  public $dbName = '';
  /**
   * Настройки БД
   *
   * @var array
   */
  protected $dbsettings = [];
//  /**
//   * Драйвер для прямого обращения к MySQL
//   *
//   * @var db_mysql_v5 $driver
//   */
//  public $driver = null;

  /**
   * Общее время запросов
   *
   * @var float $time_mysql_total
   */
  public $time_mysql_total = 0.0;

  /**
   * @var bool $inTransaction
   */
  protected $inTransaction = false;


  /**
   * Соединение с MySQL
   *
   * @var mysqli $link
   */
  public $link;


  /**
   * DBAL\db_mysql constructor.
   *
   * @param GlobalContainer $gc
   */
  public function __construct($gc) {
//    $this->transaction = new \DBAL\DbTransaction($gc, $this);
//    $this->snCache = new $gc->snCacheClass($gc, $this);
//    $this->operator = new DbRowDirectOperator($this);
  }

  /**
   * @return Schema
   */
  public function schema() {
    if (!isset(self::$schema)) {
      self::$schema = new Schema($this);
    }

    return self::$schema;
  }

  public function load_db_settings() {
    $dbsettings = array();

    require(SN_CONFIG_PATH);

    $this->setDbSettings($dbsettings);
  }

  public function sn_db_connect($external_db_settings = null) {
    $this->db_disconnect();

    if (!empty($external_db_settings) && is_array($external_db_settings)) {
      $this->setDbSettings($external_db_settings);
    }

    if (empty($this->dbsettings)) {
      $this->load_db_settings();
    }

    // TODO - фатальные (?) ошибки на каждом шагу
    if (!empty($this->dbsettings)) {
      // $driver_name = 'DBAL\\' . (empty($this->dbsettings['sn_driver']) ? 'db_mysql_v5' : $this->dbsettings['sn_driver']);
      // $this->driver = new $driver_name();
      $this->db_prefix = $this->dbsettings['prefix'];

      $this->connected = $this->connected || $this->mysql_connect_driver($this->dbsettings);

      if ($this->connected && empty($this->schema()->getSnTables())) {
        die('DB error - cannot find any table. Halting...');
      }

      $this->doQueryFast('SET SESSION TRANSACTION ISOLATION LEVEL ' . self::TRANSACTION_LEVEL_SERIALIZABLE);
    } else {
      $this->connected = false;
    }

    return $this->connected;
  }

  public function mysql_connect_driver($settings) {
    global $debug;

    static $need_keys = array('server', 'user', 'pass', 'name', 'prefix');

    if ($this->connected) {
      return true;
    }

    if (empty($settings) || !is_array($settings) || array_intersect($need_keys, array_keys($settings)) != $need_keys) {
      $debug->error_fatal('There is miss-configuration in your config.php. Check it again');
    }

    @$this->link = mysqli_connect($settings['server'], $settings['user'], $settings['pass'], $settings['name']);
    if (!is_object($this->link) || $this->link->connect_error) {
      $debug->error_fatal('DB Error - cannot connect to server error #' . $this->link->connect_errno, $this->link->connect_error);
    }

    $this->db_sql_query("/*!40101 SET NAMES 'utf8' */")
    or $debug->error_fatal('DB error - cannot set names 1 error #' . $this->link->errno, $this->link->error);
    $this->db_sql_query("SET NAMES 'utf8';")
    or $debug->error_fatal('DB error - cannot set names 2 error #' . $this->link->errno, $this->link->error);

    //mysql_select_db($settings['name']) or $debug->error_fatal('DB error - cannot find DB on server', $this->mysql_error());
    $this->db_sql_query('SET SESSION TRANSACTION ISOLATION LEVEL ' . self::TRANSACTION_LEVEL_SERIALIZABLE . ';')
    or $debug->error_fatal('DB error - cannot set desired isolation level error #' . $this->link->errno, $this->link->error);

    $this->connected = true;

    return true;
  }

  public function db_disconnect() {
    if ($this->connected) {
      /** @noinspection PhpFieldImmediatelyRewrittenInspection */
      $this->connected = !$this->driver_disconnect();
      $this->connected = false;
    }

    return !$this->connected;
  }

  /**
   * @param int    $errno
   * @param string $errStr
   * @param string $errFile
   * @param int    $errLine
   * @param array  $errContext
   *
   * @noinspection PhpUnusedParameterInspection
   */
  public function handlerQueryWarning($errno, $errStr, $errFile, $errLine, $errContext) {
    static $alreadyHandled;

    // Error was suppressed with the @-operator
    if (0 === error_reporting()) {
      return false;
    }

    if (!$alreadyHandled) {
      print(SN_TIME_SQL . '<br />Server is busy. Please try again in several minutes...<br />Сервер занят. Попробуйте снова через несколько минут...<br />Server zanyat. Poprobujte snova cherez neskolko minut...');
      $alreadyHandled = true;
    }

    return true;
  }

  public function prefixReplace($sql) {
    if (strpos($sql, '{{') !== false) {
      foreach ($this->schema()->getSnTables() as $tableName) {
        $sql = str_replace("{{{$tableName}}}", $this->db_prefix . $tableName, $sql);
      }
    }

    return $sql;
  }

  /** @noinspection SpellCheckingInspection */
  public function doquery($query, $fetch = false, $skip_query_check = false) {
    /**
     * @var debug       $debug
     * @var classConfig $config
     */
    global $numqueries, $debug, $config;

    if (!$this->connected) {
      $this->sn_db_connect();
    }

    $query = trim($query);
    $this->security_watch_user_queries($query);
    $skip_query_check or $this->security_query_check_bad_words($query);

    $sql = $this->prefixReplace($query);

    if ($config->debug) {
      $numqueries++;
      $arr   = debug_backtrace();
      $array = explode('/', $arr[0]['file']);
      $file  = end($array);
      $line  = $arr[0]['line'];
      $debug->add("<tr><th>Query $numqueries: </th><th>$query</th><th>$file($line)</th><th>&nbsp;</th><th>$fetch</th></tr>");
    }

    if (defined('DEBUG_SQL_COMMENT')) {
      $sql = $debug->comment_query(debug_backtrace(), $sql);
    }

    set_error_handler([$this, 'handlerQueryWarning']);
    $sqlquery = $this->db_sql_query($sql);
    if (!$sqlquery) {
      $debug->error(SN::$db->db_error() . "\n$sql\n", 'SQL Error');
    }
    restore_error_handler();

    return $fetch ? $this->db_fetch($sqlquery) : $sqlquery;
  }

  /**
   * Get all records for a query as array of arrays or objects
   *
   * @param string $query          SQL query to execute
   * @param bool   $skipQueryCheck Should query skip security check
   * @param bool   $asArray        Should records be returned as array? If false - records would be returned as StdObject
   *
   * @return array
   */
  public function dbGetAll($query, $skipQueryCheck = false, $asArray = true) {
    $queryResult = $this->doquery($query, false, $skipQueryCheck);

    $result = [];
    while ($row = $this->db_fetch($queryResult)) {

It seems like $queryResult can also be of type true; however, parameter $query_result of DBAL\db_mysql::db_fetch() does only seem to accept mysqli_result, maybe add an additional type check?

      $result[] = $asArray ? $row : (object)$row;
    }

    return $result;
  }

  public function doQueryAndFetch($query) {
    return $this->doquery($query, true);
  }

  public function doQueryFast($query, $fetch = false) {
    $sql = $this->prefixReplace($query);

    set_error_handler([$this, 'handlerQueryWarning']);
    $sqlQuery = $this->db_sql_query($sql) or SN::$debug->error(SN::$db->db_error() . "<br />$sql<br />", 'SQL Error');
    restore_error_handler();

    return $fetch ? $this->db_fetch($sqlQuery) : $sqlQuery;
  }

  /**
   * @param string $query
   * @param bool   $skip_query_check
   *
   * @return DbMysqliResultIterator
   */
  public function selectIterator($query, $skip_query_check = false) {
    return new DbMysqliResultIterator($this->doquery($query, false, $skip_query_check));
  }

  /**
   * @param string $query
   * @param bool   $skip_query_check
   *
   * @return int|null
   */
  public function selectValue($query, $skip_query_check = false) {
    $row = $this->doquery($query, true, $skip_query_check);

    return !empty($row) ? intval(reset($row)) : null;
  }

  /**
   * @param DbQuery $dbQuery
   *
   * @return array|null
   */
  public function dbqSelectAndFetch(DbQuery $dbQuery) {
    return $this->doQueryAndFetch($dbQuery->select());
  }


  public function security_watch_user_queries($query) {
    // TODO Заменить это на новый логгер
    global $config, $is_watching, $user, $debug;

    if (!$is_watching && $config->game_watchlist_array && in_array($user['id'], $config->game_watchlist_array)) {
      if (!preg_match('/^(select|commit|rollback|start transaction)/i', $query)) {
        $is_watching = true;
        $msg         = "\$query = \"{$query}\"\n\r";
        if (!empty($_POST)) {
          $msg .= "\n\r" . dump($_POST, '$_POST');
        }
        if (!empty($_GET)) {
          $msg .= "\n\r" . dump($_GET, '$_GET');
        }
        $debug->warning($msg, "Watching user {$user['id']}", 399, array('base_dump' => true));
        $is_watching = false;
      }
    }
  }


  /** @noinspection SpellCheckingInspection */
  public function security_query_check_bad_words($query) {
    global $user, $dm_change_legit, $mm_change_legit;

    switch (true) {
      case stripos($query, 'RUNCATE TABL') != false:
      case stripos($query, 'ROP TABL') != false:
      case stripos($query, 'ENAME TABL') != false:
      case stripos($query, 'REATE DATABAS') != false:
      case stripos($query, 'REATE TABL') != false:
      case stripos($query, 'ET PASSWOR') != false:
      case stripos($query, 'EOAD DAT') != false:
      case stripos($query, 'RPG_POINTS') != false && stripos(trim($query), 'UPDATE ') === 0 && !$dm_change_legit:
      case stripos($query, 'METAMATTER') != false && stripos(trim($query), 'UPDATE ') === 0 && !$mm_change_legit:
      case stripos($query, 'AUTHLEVEL') != false && $user['authlevel'] < 3 && stripos($query, 'SELECT') !== 0:
        $report = "Hacking attempt (" . date("d.m.Y H:i:s") . " - [" . time() . "]):\n";
        $report .= ">Database Inforamation\n";
        $report .= "\tID - " . $user['id'] . "\n";
        $report .= "\tUser - " . $user['username'] . "\n";
        $report .= "\tAuth level - " . $user['authlevel'] . "\n";
        $report .= "\tAdmin Notes - " . $user['adminNotes'] . "\n";
        $report .= "\tCurrent Planet - " . $user['current_planet'] . "\n";
        $report .= "\tUser IP - " . $user['user_lastip'] . "\n";
        $report .= "\tUser IP at Reg - " . $user['ip_at_reg'] . "\n";
        $report .= "\tUser Agent- " . $_SERVER['HTTP_USER_AGENT'] . "\n";
        $report .= "\tCurrent Page - " . $user['current_page'] . "\n";
        $report .= "\tRegister Time - " . $user['register_time'] . "\n";
        $report .= "\n";

        $report .= ">Query Information\n";
        $report .= "\tQuery - " . $query . "\n";
        $report .= "\n";

        $report .= ">\$_SERVER Information\n";
        $report .= "\tIP - " . $_SERVER['REMOTE_ADDR'] . "\n";
        $report .= "\tHost Name - " . $_SERVER['HTTP_HOST'] . "\n";
        $report .= "\tUser Agent - " . $_SERVER['HTTP_USER_AGENT'] . "\n";
        $report .= "\tRequest Method - " . $_SERVER['REQUEST_METHOD'] . "\n";
        $report .= "\tCame From - " . $_SERVER['HTTP_REFERER'] . "\n";
        $report .= "\tPage is - " . $_SERVER['SCRIPT_NAME'] . "\n";
        $report .= "\tUses Port - " . $_SERVER['REMOTE_PORT'] . "\n";
        $report .= "\tServer Protocol - " . $_SERVER['SERVER_PROTOCOL'] . "\n";

        $report .= "\n--------------------------------------------------------------------------------------------------\n";

        $fp = fopen(SN_ROOT_PHYSICAL . 'badqrys.txt', 'a');
        fwrite($fp, $report);
        fclose($fp);

        $message = 'Привет, я не знаю то, что Вы пробовали сделать, но команда, которую Вы только послали базе данных, не выглядела очень дружественной и она была заблокированна.<br /><br />Ваш IP, и другие данные переданны администрации сервера. Удачи!.';
        die($message);
        /** @noinspection PhpUnreachableStatementInspection */
      break;
    }
  }

  public function mysql_get_table_list() {
    return $this->db_sql_query('SHOW TABLES;');
  }

  public function mysql_get_innodb_status() {
    return $this->db_sql_query('SHOW ENGINE INNODB STATUS;');
  }

  /**
   * @param string $tableName_unsafe
   *
   * @return array[]
   */
  public function mysql_get_fields($tableName_unsafe) {
    $result = [];

    $prefixedTableName_safe = $this->db_escape($this->db_prefix . $tableName_unsafe);
    $q1                     = $this->db_sql_query("SHOW FULL COLUMNS FROM `{$prefixedTableName_safe}`;");
    while ($r1 = db_fetch($q1)) {

The function db_fetch() has been deprecated.

      $dbf = new DbFieldDescription();
      $dbf->fromMySqlDescription($r1);

      $result[$r1['Field']] = $dbf;
    }

    return $result;
  }

  /**
   * @param string $tableName_unsafe
   *
   * @return DbIndexDescription[]
   */
  public function mysql_get_indexes($tableName_unsafe) {
    /**
     * @var DbIndexDescription[] $result
     */
    $result = [];

    $prefixedTableName_safe = $this->db_escape($this->db_prefix . $tableName_unsafe);
    $q1                     = $this->db_sql_query("SHOW INDEX FROM {$prefixedTableName_safe};");
    while ($r1 = db_fetch($q1)) {

The function db_fetch() has been deprecated.

      $indexName = $r1['Key_name'];
      if (empty($result[$indexName])) {
        $result[$indexName] = new DbIndexDescription();
      }
      $result[$indexName]->addField($r1);
    }

    return $result;
  }

  /**
   * @param string $tableName_unsafe
   *
   * @return array[]
   */
  public function mysql_get_constraints($tableName_unsafe) {
    $result = [];

    $prefixedTableName_safe = $this->db_escape($this->db_prefix . $tableName_unsafe);

    $q1 = $this->db_sql_query("SELECT * FROM `information_schema`.`KEY_COLUMN_USAGE` WHERE `TABLE_SCHEMA` = '" . SN::$db->db_escape(SN::$db_name) . "' AND `TABLE_NAME` = '{$prefixedTableName_safe}' AND `REFERENCED_TABLE_NAME` IS NOT NULL;");
    while ($r1 = db_fetch($q1)) {

The function db_fetch() has been deprecated.

      $indexName = $r1['CONSTRAINT_NAME'];

      $table_referenced = str_replace($this->db_prefix, '', $r1['REFERENCED_TABLE_NAME']);

      $result[$indexName]['name']                       = $indexName;
      $result[$indexName]['signature'][]                = "{$r1['COLUMN_NAME']}=>{$table_referenced}.{$r1['REFERENCED_COLUMN_NAME']}";
      $r1['REFERENCED_TABLE_NAME']                      = $table_referenced;
      $r1['TABLE_NAME']                                 = $tableName_unsafe;
      $result[$indexName]['fields'][$r1['COLUMN_NAME']] = $r1;
    }

    foreach ($result as &$constraint) {
      $constraint['signature'] = implode(',', $constraint['signature']);
    }

    return $result;
  }


  /**
   * @param $query_string
   *
   * @return bool|mysqli_result
   */
  public function db_sql_query($query_string) {
    $mt = microtime(true);

    $result = $this->link->query($query_string);

    $this->time_mysql_total += microtime(true) - $mt;

    return $result;
//    return $this->driver->mysql_query($query_string);
  }

  /**
   * @param mysqli_result $query_result
   *
   * @return array|null
   */
  public function db_fetch($query_result) {
    $mt = microtime(true);

    $result = mysqli_fetch_assoc($query_result);

    $this->time_mysql_total += microtime(true) - $mt;

    return $result;
  }

//  public function db_fetch_row(&$query) {
//    return mysqli_fetch_row($query);
//  }

  public function db_escape($unescaped_string) {
    return mysqli_real_escape_string($this->link, $unescaped_string);
  }

  public function driver_disconnect() {
    if (is_object($this->link)) {
      $this->link->close();
      $this->connected = false;
      unset($this->link);
    }

    return true;
  }

  public function db_error() {
    return mysqli_error($this->link);
  }

  /**
   * @return int|string
   */
  public function db_insert_id() {
    return mysqli_insert_id($this->link);
  }

  public function db_num_rows($result) {
    return mysqli_num_rows($result);
  }

  public function db_affected_rows() {
    return mysqli_affected_rows($this->link);
  }

  public function getClientInfo() {
    return mysqli_get_client_info($this->link);
  }

  public function getServerInfo() {
    return mysqli_get_server_info($this->link);
  }

  public function getHostInfo() {
    return mysqli_get_host_info($this->link);
  }

  public function getServerStat() {
    return mysqli_stat($this->link);
  }

  /**
   * @param array $dbSettings
   */
  public function setDbSettings($dbSettings) {
    $this->dbsettings = $dbSettings;
    $this->dbName     = $this->dbsettings['name'];

    return $this;
  }

  public function getDbSettings() {
    return $this->dbsettings;
  }

  /**
   * @param $level
   *
   * @return void
   */
  public function transactionStart($level = '') {
    $this->inTransaction = true;

    if ($level && in_array($level, self::TRANSACTION_LEVELS_ALLOWED)) {
      $this->db_sql_query("SET TRANSACTION ISOLATION LEVEL {$level};");
    }

    $this->doquery('START TRANSACTION; /* transaction start */', false);
  }

  /**
   * @return void
   */
  public function transactionCommit() {
    $this->doquery('COMMIT; /* transaction commit */');
    $this->inTransaction = false;
  }

  /**
   * @return void
   */
  public function transactionRollback() {
    $this->doquery('ROLLBACK; /* transaction rollback */');
    $this->inTransaction = false;
  }

  /**
   * Check if transaction started
   *
   * @return bool
   */
  public function transactionCheck() {
    return $this->inTransaction;
  }

  /**
   * Wrap callback in transaction
   *
   * @param callable $callback
   * @param string   $level
   *
   * @return mixed
   */
  public function transactionWrap($callback, $level = '') {
    $this->transactionStart($level);
    $result = $callback();
    $this->transactionCommit();

    return $result;
  }

  public static function db_transaction_start($level = '') {
    self::db_transaction_check(db_mysql::DB_TRANSACTION_SHOULD_NOT_BE);

    SN::$gc->db->transactionStart($level);

    self::$transaction_id++;

    if (SN::$config->db_manual_lock_enabled) {
      SN::$config->db_loadItem('var_db_manually_locked');
      SN::$config->db_saveItem('var_db_manually_locked', SN_TIME_SQL);
    }

    self::$db_in_transaction = true;
    self::$transactionDepth++;
    DBStaticUnit::cache_clear();

    return self::$transaction_id;
  }

  public static function db_transaction_rollback() {
    // static::db_transaction_check(true); // TODO - вообще-то тут тоже надо проверять есть ли транзакция
    DBStaticUnit::cache_clear();

    SN::$gc->db->transactionRollback();

    self::$db_in_transaction = false;
    self::$transactionDepth--;

    return self::$transaction_id;
  }

  /**
   * Блокирует указанные таблицу/список таблиц
   *
   * @param string|array $tables Таблица/список таблиц для блокировки. Названия таблиц - без префиксов
   *                             <p>string - название таблицы для блокировки</p>
   *                             <p>array - массив, где ключ - имя таблицы, а значение - условия блокировки элементов</p>
   */
  public static function db_lock_tables($tables) {
    $tables = is_array($tables) ? $tables : array($tables => '');
    foreach ($tables as $table_name => $condition) {
      SN::$db->doquery(
        "SELECT 1 FROM {{{$table_name}}}" . ($condition ? ' WHERE ' . $condition : '')
      );
    }
  }

  public static function db_transaction_commit() {
    self::db_transaction_check(db_mysql::DB_TRANSACTION_SHOULD_BE);

    DBStaticUnit::cache_clear();
    SN::$gc->db->transactionCommit();

    self::$db_in_transaction = false;
    self::$transactionDepth--;

    return self::$transaction_id++;
  }

  /**
   * Эта функция проверяет статус транзакции
   *
   * Это - низкоуровневая функция. В нормальном состоянии движка её сообщения никогда не будут видны
   *
   * @param null|true|false $status Должна ли быть запущена транзакция в момент проверки
   *                                <p>null - транзакция НЕ должна быть запущена</p>
   *                                <p>true - транзакция должна быть запущена - для совместимости с $for_update</p>
   *                                <p>false - всё равно - для совместимости с $for_update</p>
   *
   * @return bool Текущий статус транзакции
   */
  public static function db_transaction_check($status = self::DB_TRANSACTION_WHATEVER) {
    $error_msg = false;
    if ($status && !self::$db_in_transaction) {
      $error_msg = 'No transaction started for current operation';
    } elseif ($status === null && self::$db_in_transaction) {
      $error_msg = 'Transaction is already started';
    }

    if ($error_msg) {
      // TODO - Убрать позже
      print('<h1>СООБЩИТЕ ЭТО АДМИНУ: sn_db_transaction_check() - ' . $error_msg . '</h1>');
      $backtrace = debug_backtrace();
      array_shift($backtrace);
      pdump($backtrace);
      die($error_msg);

Using exit here is not recommended.

    }

    return self::$db_in_transaction;
  }

  /**
   * Lock specified records in specified tables
   *
   * @param array[] $locks ['$tableName' => [$idToLock, ...],],
   *
   * @return array|bool|mysqli_result|null
   */
  public function lockRecords($locks) {
    $query = [];

    foreach ($locks as $tableName => $lockedIds) {
      if (!empty($lockedIds)) {
        // Detecting primary key name
        $idFieldName = !empty(static::TABLE_ID_FIELD[$tableName]) ? static::TABLE_ID_FIELD[$tableName] : 'id';
        // Making ID mysql-safe
        array_walk($lockedIds, function (&$id) { $id = idval($id); });
        /** @noinspection SqlResolve */
        $query[] = "(SELECT 1 FROM `{{{$tableName}}}` WHERE `{$idFieldName}` IN (" . implode(',', $lockedIds) . ") FOR UPDATE)";
      }
    }

    return !empty($query) ? doquery(implode(' UNION ', $query)) : false;

The function doquery() has been deprecated.

  }

}