supernova-ws /
SuperNova
@@ -157,7 +157,7 @@ discard block |
||
| 157 | 157 | /** |
| 158 | 158 | * @param string $query |
| 159 | 159 | * |
| 160 | - * @return mixed|string |
|
| 160 | + * @return string |
|
| 161 | 161 | */ |
| 162 | 162 | public function replaceTablePlaceholders($query) { |
| 163 | 163 | $sql = $query; |
@@ -171,7 +171,7 @@ discard block |
||
| 171 | 171 | } |
| 172 | 172 | |
| 173 | 173 | /** |
| 174 | - * @param $query |
|
| 174 | + * @param string $query |
|
| 175 | 175 | */ |
| 176 | 176 | protected function logQuery($query) { |
| 177 | 177 | if (!classSupernova::$config->debug) { |
@@ -301,6 +301,11 @@ discard block |
||
| 301 | 301 | |
| 302 | 302 | |
| 303 | 303 | // INSERT/REPLACE |
| 304 | + |
|
| 305 | + /** |
|
| 306 | + * @param string $table |
|
| 307 | + * @param integer $replace |
|
| 308 | + */ |
|
| 304 | 309 | protected function doSet($table, $fieldsAndValues, $replace = DB_INSERT_PLAIN) { |
| 305 | 310 | $query = DbQuery::build($this) |
| 306 | 311 | ->setTable($table) |
@@ -338,6 +343,10 @@ discard block |
||
| 338 | 343 | |
| 339 | 344 | |
| 340 | 345 | // INSERTERS |
| 346 | + |
|
| 347 | + /** |
|
| 348 | + * @param string $query |
|
| 349 | + */ |
|
| 341 | 350 | public function doInsertComplex($query) { |
| 342 | 351 | return $this->doSql($query); |
| 343 | 352 | } |
@@ -358,7 +367,7 @@ discard block |
||
| 358 | 367 | * Values should be passed as-is |
| 359 | 368 | * |
| 360 | 369 | * @param string $table |
| 361 | - * @param array $fields |
|
| 370 | + * @param string[] $fields |
|
| 362 | 371 | * @param string[] $values |
| 363 | 372 | * |
| 364 | 373 | * @return array|bool|mysqli_result|null |
@@ -415,7 +424,7 @@ discard block |
||
| 415 | 424 | * Self-contained - means no params used |
| 416 | 425 | * Such queries usually used to make large amount of in-base calculations |
| 417 | 426 | * |
| 418 | - * @param $query |
|
| 427 | + * @param string $query |
|
| 419 | 428 | * |
| 420 | 429 | * @return array|bool|mysqli_result|null |
| 421 | 430 | */ |
@@ -423,6 +432,9 @@ discard block |
||
| 423 | 432 | return $this->doSql($query); |
| 424 | 433 | } |
| 425 | 434 | |
| 435 | + /** |
|
| 436 | + * @param boolean $isOneRecord |
|
| 437 | + */ |
|
| 426 | 438 | protected function doUpdateWhere($table, $fieldsSet, $fieldsAdjust = array(), $where = array(), $isOneRecord = DB_RECORDS_ALL) { |
| 427 | 439 | // $query = DbQuery::build($this) |
| 428 | 440 | // ->setTable($table) |
@@ -457,10 +469,16 @@ discard block |
||
| 457 | 469 | return $this->doSql($query); |
| 458 | 470 | } |
| 459 | 471 | |
| 472 | + /** |
|
| 473 | + * @param string $table |
|
| 474 | + */ |
|
| 460 | 475 | public function doUpdateRowSet($table, $fieldsAndValues, $where) { |
| 461 | 476 | return $this->doUpdateWhere($table, $fieldsAndValues, array(), $where, DB_RECORD_ONE); |
| 462 | 477 | } |
| 463 | 478 | |
| 479 | + /** |
|
| 480 | + * @param string $table |
|
| 481 | + */ |
|
| 464 | 482 | public function doUpdateTableSet($table, $fieldsAndValues, $where = array()) { |
| 465 | 483 | return $this->doUpdateWhere($table, $fieldsAndValues, array(), $where, DB_RECORDS_ALL); |
| 466 | 484 | } |
@@ -680,6 +698,10 @@ discard block |
||
| 680 | 698 | } |
| 681 | 699 | |
| 682 | 700 | // TODO Заменить это на новый логгер |
| 701 | + |
|
| 702 | + /** |
|
| 703 | + * @param string $query |
|
| 704 | + */ |
|
| 683 | 705 | protected function security_watch_user_queries($query) { |
| 684 | 706 | global $user; |
| 685 | 707 | |
@@ -703,6 +725,9 @@ discard block |
||
| 703 | 725 | } |
| 704 | 726 | |
| 705 | 727 | |
| 728 | + /** |
|
| 729 | + * @param string $query |
|
| 730 | + */ |
|
| 706 | 731 | public function security_query_check_bad_words($query) { |
| 707 | 732 | if ($this->skipQueryCheck) { |
| 708 | 733 | return; |
@@ -91,7 +91,7 @@ discard block |
||
| 91 | 91 | public function load_db_settings($configFile = '') { |
| 92 | 92 | $dbsettings = array(); |
| 93 | 93 | |
| 94 | - empty($configFile) ? $configFile = SN_ROOT_PHYSICAL . "config" . DOT_PHP_EX : false; |
|
| 94 | + empty($configFile) ? $configFile = SN_ROOT_PHYSICAL."config".DOT_PHP_EX : false; |
|
| 95 | 95 | |
| 96 | 96 | require $configFile; |
| 97 | 97 | |
@@ -111,7 +111,7 @@ discard block |
||
| 111 | 111 | } |
| 112 | 112 | |
| 113 | 113 | if (empty($this->dbsettings)) { |
| 114 | - $this->load_db_settings(SN_ROOT_PHYSICAL . "config" . DOT_PHP_EX); |
|
| 114 | + $this->load_db_settings(SN_ROOT_PHYSICAL."config".DOT_PHP_EX); |
|
| 115 | 115 | } |
| 116 | 116 | |
| 117 | 117 | // TODO - фатальные (?) ошибки на каждом шагу. Хотя - скорее Эксепшны |
@@ -163,7 +163,7 @@ discard block |
||
| 163 | 163 | $sql = $query; |
| 164 | 164 | if (strpos($sql, '{{') !== false) { |
| 165 | 165 | foreach ($this->table_list as $tableName) { |
| 166 | - $sql = str_replace("{{{$tableName}}}", $this->db_prefix . $tableName, $sql); |
|
| 166 | + $sql = str_replace("{{{$tableName}}}", $this->db_prefix.$tableName, $sql); |
|
| 167 | 167 | } |
| 168 | 168 | } |
| 169 | 169 | |
@@ -234,12 +234,12 @@ discard block |
||
| 234 | 234 | |
| 235 | 235 | $queryResult = null; |
| 236 | 236 | try { |
| 237 | - $queryResult = $this->db_sql_query($stringQuery . DbSqlHelper::quoteComment($queryTrace)); |
|
| 237 | + $queryResult = $this->db_sql_query($stringQuery.DbSqlHelper::quoteComment($queryTrace)); |
|
| 238 | 238 | if (!$queryResult) { |
| 239 | 239 | throw new Exception(); |
| 240 | 240 | } |
| 241 | 241 | } catch (Exception $e) { |
| 242 | - classSupernova::$debug->error($this->db_error() . "<br />{$query}<br />", 'SQL Error'); |
|
| 242 | + classSupernova::$debug->error($this->db_error()."<br />{$query}<br />", 'SQL Error'); |
|
| 243 | 243 | } |
| 244 | 244 | |
| 245 | 245 | return $queryResult; |
@@ -578,7 +578,7 @@ discard block |
||
| 578 | 578 | case TYPE_EMPTY: |
| 579 | 579 | // No-type defaults to string |
| 580 | 580 | default: |
| 581 | - $value = "'" . $this->db_escape((string)$value) . "'"; |
|
| 581 | + $value = "'".$this->db_escape((string) $value)."'"; |
|
| 582 | 582 | break; |
| 583 | 583 | } |
| 584 | 584 | |
@@ -606,7 +606,7 @@ discard block |
||
| 606 | 606 | if (is_int($fieldName)) { |
| 607 | 607 | $result[$fieldName] = $fieldValue; |
| 608 | 608 | } else { |
| 609 | - $result[$fieldName] = "`{$fieldName}` = " . $this->castAsDbValue($fieldValue); |
|
| 609 | + $result[$fieldName] = "`{$fieldName}` = ".$this->castAsDbValue($fieldValue); |
|
| 610 | 610 | } |
| 611 | 611 | } |
| 612 | 612 | |
@@ -635,7 +635,7 @@ discard block |
||
| 635 | 635 | if (is_int($fieldName)) { |
| 636 | 636 | $result[$fieldName] = $fieldValue; |
| 637 | 637 | } else { |
| 638 | - $result[$fieldName] = "`{$fieldName}` = `{$fieldName}` + (" . $this->castAsDbValue($fieldValue) . ")"; |
|
| 638 | + $result[$fieldName] = "`{$fieldName}` = `{$fieldName}` + (".$this->castAsDbValue($fieldValue).")"; |
|
| 639 | 639 | } |
| 640 | 640 | } |
| 641 | 641 | |
@@ -692,10 +692,10 @@ discard block |
||
| 692 | 692 | $this->isWatching = true; |
| 693 | 693 | $msg = "\$query = \"{$query}\"\n\r"; |
| 694 | 694 | if (!empty($_POST)) { |
| 695 | - $msg .= "\n\r" . dump($_POST, '$_POST'); |
|
| 695 | + $msg .= "\n\r".dump($_POST, '$_POST'); |
|
| 696 | 696 | } |
| 697 | 697 | if (!empty($_GET)) { |
| 698 | - $msg .= "\n\r" . dump($_GET, '$_GET'); |
|
| 698 | + $msg .= "\n\r".dump($_GET, '$_GET'); |
|
| 699 | 699 | } |
| 700 | 700 | classSupernova::$debug->warning($msg, "Watching user {$user['id']}", 399, array('base_dump' => true)); |
| 701 | 701 | $this->isWatching = false; |
@@ -721,37 +721,37 @@ discard block |
||
| 721 | 721 | case stripos($query, 'RPG_POINTS') != false && stripos(trim($query), 'UPDATE ') === 0 && !$dm_change_legit: |
| 722 | 722 | case stripos($query, 'METAMATTER') != false && stripos(trim($query), 'UPDATE ') === 0 && !$mm_change_legit: |
| 723 | 723 | case stripos($query, 'AUTHLEVEL') != false && $user['authlevel'] < 3 && stripos($query, 'SELECT') !== 0: |
| 724 | - $report = "Hacking attempt (" . date("d.m.Y H:i:s") . " - [" . time() . "]):\n"; |
|
| 724 | + $report = "Hacking attempt (".date("d.m.Y H:i:s")." - [".time()."]):\n"; |
|
| 725 | 725 | $report .= ">Database Inforamation\n"; |
| 726 | - $report .= "\tID - " . $user['id'] . "\n"; |
|
| 727 | - $report .= "\tUser - " . $user['username'] . "\n"; |
|
| 728 | - $report .= "\tAuth level - " . $user['authlevel'] . "\n"; |
|
| 729 | - $report .= "\tAdmin Notes - " . $user['adminNotes'] . "\n"; |
|
| 730 | - $report .= "\tCurrent Planet - " . $user['current_planet'] . "\n"; |
|
| 731 | - $report .= "\tUser IP - " . $user['user_lastip'] . "\n"; |
|
| 732 | - $report .= "\tUser IP at Reg - " . $user['ip_at_reg'] . "\n"; |
|
| 733 | - $report .= "\tUser Agent- " . $_SERVER['HTTP_USER_AGENT'] . "\n"; |
|
| 734 | - $report .= "\tCurrent Page - " . $user['current_page'] . "\n"; |
|
| 735 | - $report .= "\tRegister Time - " . $user['register_time'] . "\n"; |
|
| 726 | + $report .= "\tID - ".$user['id']."\n"; |
|
| 727 | + $report .= "\tUser - ".$user['username']."\n"; |
|
| 728 | + $report .= "\tAuth level - ".$user['authlevel']."\n"; |
|
| 729 | + $report .= "\tAdmin Notes - ".$user['adminNotes']."\n"; |
|
| 730 | + $report .= "\tCurrent Planet - ".$user['current_planet']."\n"; |
|
| 731 | + $report .= "\tUser IP - ".$user['user_lastip']."\n"; |
|
| 732 | + $report .= "\tUser IP at Reg - ".$user['ip_at_reg']."\n"; |
|
| 733 | + $report .= "\tUser Agent- ".$_SERVER['HTTP_USER_AGENT']."\n"; |
|
| 734 | + $report .= "\tCurrent Page - ".$user['current_page']."\n"; |
|
| 735 | + $report .= "\tRegister Time - ".$user['register_time']."\n"; |
|
| 736 | 736 | $report .= "\n"; |
| 737 | 737 | |
| 738 | 738 | $report .= ">Query Information\n"; |
| 739 | - $report .= "\tQuery - " . $query . "\n"; |
|
| 739 | + $report .= "\tQuery - ".$query."\n"; |
|
| 740 | 740 | $report .= "\n"; |
| 741 | 741 | |
| 742 | 742 | $report .= ">\$_SERVER Information\n"; |
| 743 | - $report .= "\tIP - " . $_SERVER['REMOTE_ADDR'] . "\n"; |
|
| 744 | - $report .= "\tHost Name - " . $_SERVER['HTTP_HOST'] . "\n"; |
|
| 745 | - $report .= "\tUser Agent - " . $_SERVER['HTTP_USER_AGENT'] . "\n"; |
|
| 746 | - $report .= "\tRequest Method - " . $_SERVER['REQUEST_METHOD'] . "\n"; |
|
| 747 | - $report .= "\tCame From - " . $_SERVER['HTTP_REFERER'] . "\n"; |
|
| 748 | - $report .= "\tPage is - " . $_SERVER['SCRIPT_NAME'] . "\n"; |
|
| 749 | - $report .= "\tUses Port - " . $_SERVER['REMOTE_PORT'] . "\n"; |
|
| 750 | - $report .= "\tServer Protocol - " . $_SERVER['SERVER_PROTOCOL'] . "\n"; |
|
| 743 | + $report .= "\tIP - ".$_SERVER['REMOTE_ADDR']."\n"; |
|
| 744 | + $report .= "\tHost Name - ".$_SERVER['HTTP_HOST']."\n"; |
|
| 745 | + $report .= "\tUser Agent - ".$_SERVER['HTTP_USER_AGENT']."\n"; |
|
| 746 | + $report .= "\tRequest Method - ".$_SERVER['REQUEST_METHOD']."\n"; |
|
| 747 | + $report .= "\tCame From - ".$_SERVER['HTTP_REFERER']."\n"; |
|
| 748 | + $report .= "\tPage is - ".$_SERVER['SCRIPT_NAME']."\n"; |
|
| 749 | + $report .= "\tUses Port - ".$_SERVER['REMOTE_PORT']."\n"; |
|
| 750 | + $report .= "\tServer Protocol - ".$_SERVER['SERVER_PROTOCOL']."\n"; |
|
| 751 | 751 | |
| 752 | 752 | $report .= "\n--------------------------------------------------------------------------------------------------\n"; |
| 753 | 753 | |
| 754 | - $fp = fopen(SN_ROOT_PHYSICAL . 'badqrys.txt', 'a'); |
|
| 754 | + $fp = fopen(SN_ROOT_PHYSICAL.'badqrys.txt', 'a'); |
|
| 755 | 755 | fwrite($fp, $report); |
| 756 | 756 | fclose($fp); |
| 757 | 757 | |
@@ -101,17 +101,17 @@ discard block |
||
| 101 | 101 | protected function buildCommand() { |
| 102 | 102 | switch ($this->command) { |
| 103 | 103 | case static::UPDATE: |
| 104 | - $this->build[] = $this->command . " " . $this->quoteTable($this->table); |
|
| 104 | + $this->build[] = $this->command." ".$this->quoteTable($this->table); |
|
| 105 | 105 | break; |
| 106 | 106 | |
| 107 | 107 | case static::DELETE: |
| 108 | - $this->build[] = $this->command . " FROM " . $this->quoteTable($this->table); |
|
| 108 | + $this->build[] = $this->command." FROM ".$this->quoteTable($this->table); |
|
| 109 | 109 | break; |
| 110 | 110 | |
| 111 | 111 | case static::REPLACE: |
| 112 | 112 | case static::INSERT_IGNORE: |
| 113 | 113 | case static::INSERT: |
| 114 | - $this->build[] = $this->command . " INTO " . $this->quoteTable($this->table); |
|
| 114 | + $this->build[] = $this->command." INTO ".$this->quoteTable($this->table); |
|
| 115 | 115 | break; |
| 116 | 116 | } |
| 117 | 117 | } |
@@ -170,7 +170,7 @@ discard block |
||
| 170 | 170 | $compiled = array(); |
| 171 | 171 | |
| 172 | 172 | foreach ($this->values as $valuesVector) { |
| 173 | - $compiled[] = '(' . implode(',', $this->safeFields($valuesVector)) . ')'; |
|
| 173 | + $compiled[] = '('.implode(',', $this->safeFields($valuesVector)).')'; |
|
| 174 | 174 | } |
| 175 | 175 | |
| 176 | 176 | $this->build[] = implode(',', $compiled); |
@@ -380,7 +380,7 @@ discard block |
||
| 380 | 380 | * @return string |
| 381 | 381 | */ |
| 382 | 382 | protected function stringValue($value) { |
| 383 | - return "'" . $this->escape((string)$value) . "'"; |
|
| 383 | + return "'".$this->escape((string) $value)."'"; |
|
| 384 | 384 | } |
| 385 | 385 | |
| 386 | 386 | /** |
@@ -391,7 +391,7 @@ discard block |
||
| 391 | 391 | * @return string |
| 392 | 392 | */ |
| 393 | 393 | protected function quote($fieldName) { |
| 394 | - return "`" . $this->escape((string)$fieldName) . "`"; |
|
| 394 | + return "`".$this->escape((string) $fieldName)."`"; |
|
| 395 | 395 | } |
| 396 | 396 | |
| 397 | 397 | /** |
@@ -402,7 +402,7 @@ discard block |
||
| 402 | 402 | * @return string |
| 403 | 403 | */ |
| 404 | 404 | protected function quoteTable($tableName) { |
| 405 | - return "`{{" . $this->escape((string)$tableName) . "}}`"; |
|
| 405 | + return "`{{".$this->escape((string) $tableName)."}}`"; |
|
| 406 | 406 | } |
| 407 | 407 | |
| 408 | 408 | protected function castAsDbValue($value) { |
@@ -482,7 +482,7 @@ discard block |
||
| 482 | 482 | foreach ($fieldValues as $fieldName => $fieldValue) { |
| 483 | 483 | // Integer $fieldName is DANGER! They skipped there! |
| 484 | 484 | if (!is_int($fieldName)) { |
| 485 | - $result[$fieldName] = $this->quote($fieldName) . " = " . $this->castAsDbValue($fieldValue); |
|
| 485 | + $result[$fieldName] = $this->quote($fieldName)." = ".$this->castAsDbValue($fieldValue); |
|
| 486 | 486 | } |
| 487 | 487 | } |
| 488 | 488 | |
@@ -524,7 +524,7 @@ discard block |
||
| 524 | 524 | foreach ($fields as $fieldName => $fieldValue) { |
| 525 | 525 | // Integer $fieldName means "leave as is" - for expressions and already processed fields |
| 526 | 526 | if (is_string($fieldName)) { |
| 527 | - $result[$fieldName] = "`{$fieldName}` = `{$fieldName}` + (" . $this->castAsDbValue($fieldValue) . ")"; |
|
| 527 | + $result[$fieldName] = "`{$fieldName}` = `{$fieldName}` + (".$this->castAsDbValue($fieldValue).")"; |
|
| 528 | 528 | } |
| 529 | 529 | } |
| 530 | 530 | |
