DedeBIZ
/
DedeV6
Segui 2
Vota 0
Forka 0
Codice Pull Requests 0 Rilasci 29 Attività
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
457 Commit
3 Rami (Branch)
322MB
Albero (Tree): 2997f1ed6b
Rami (Branch) Tag
${ item.name }
Crea branch ${ searchTerm }
da '2997f1ed6b'
${ noResults }
DedeV6/system/dedesqlite.class.php

692 lines
24KB
Originale Blame Cronologia 

  1. <?php

  2. if (!defined('DEDEINC')) exit('dedebiz');

  3. /**

  4.  * 数据库类

  5.  * 说明:系统底层数据库核心类

  6.  *      调用这个类前,请先设定这些外部变量

  7.  *      $GLOBALS['cfg_dbhost'];

  8.  *      $GLOBALS['cfg_dbuser'];

  9.  *      $GLOBALS['cfg_dbpwd'];

  10.  *      $GLOBALS['cfg_dbname'];

  11.  *      $GLOBALS['cfg_dbprefix'];

  12.  *

  13.  * @version        $Id: dedesqli.class.php 1 15:00 2011-1-21 tianya $

  14.  * @package        DedeBIZ.Libraries

  15.  * @copyright      Copyright (c) 2022, DedeBIZ.COM

  16.  * @license        https://www.dedebiz.com/license

  17.  * @link           https://www.dedebiz.com

  18.  */

  19. @set_time_limit(0);

  20. //在工程所有文件中均不需要单独初始化这个类,可直接用 $dsql 或 $db 进行操作

  21. //为了防止错误,操作完后不必关闭数据库

  22. $dsql = $dsqlitete = $db = new DedeSqlite(FALSE);

  23. /**

  24.  * Dede MySQLi数据库类

  25.  *

  26.  * @package        DedeSqli

  27.  * @subpackage     DedeBIZ.Libraries

  28.  * @link           https://www.dedebiz.com

  29.  */

  30. if (!defined('MYSQL_BOTH')) {

  31.     define('MYSQL_BOTH', MYSQLI_BOTH);

  32. }

  33. if (!defined('MYSQL_ASSOC')) {

  34.     define('MYSQL_ASSOC', SQLITE3_ASSOC);

  35. }

  36. class DedeSqlite

  37. {

  38.     var $linkID;

  39.     var $dbHost;

  40.     var $dbUser;

  41.     var $dbPwd;

  42.     var $dbName;

  43.     var $dbPrefix;

  44.     var $result;

  45.     var $queryString;

  46.     var $parameters;

  47.     var $isClose;

  48.     var $safeCheck;

  49.     var $showError = false;

  50.     var $recordLog = false; //记录日志到data/mysqli_record_log.inc便于进行调试

  51.     var $isInit = false;

  52.     var $pconnect = false;

  53.     var $_fixObject;

  54. 

  55.     //用外部定义的变量初始类,并连接数据库

  56.     function __construct($pconnect = FALSE, $nconnect = FALSE)

  57.     {

  58.         $this->isClose = FALSE;

  59.         $this->safeCheck = TRUE;

  60.         $this->pconnect = $pconnect;

  61.         if ($nconnect) {

  62.             $this->Init($pconnect);

  63.         }

  64.     }

  65. 

  66.     function DedeSql($pconnect = FALSE, $nconnect = TRUE)

  67.     {

  68.         $this->__construct($pconnect, $nconnect);

  69.     }

  70. 

  71.     function Init($pconnect = FALSE)

  72.     {

  73.         $this->linkID = 0;

  74.         //$this->queryString = '';

  75.         //$this->parameters = Array();

  76.         $this->dbHost   =  $GLOBALS['cfg_dbhost'];

  77.         $this->dbUser   =  $GLOBALS['cfg_dbuser'];

  78.         $this->dbPwd    =  $GLOBALS['cfg_dbpwd'];

  79.         $this->dbName   =  $GLOBALS['cfg_dbname'];

  80.         $this->dbPrefix =  $GLOBALS['cfg_dbprefix'];

  81.         $this->result["me"] = 0;

  82.         $this->Open($pconnect);

  83.     }

  84. 

  85.     //用指定参数初始数据库信息

  86.     function SetSource($host, $username, $pwd, $dbname, $dbprefix = "dede_")

  87.     {

  88.         $this->dbHost = $host;

  89.         $this->dbUser = $username;

  90.         $this->dbPwd = $pwd;

  91.         $this->dbName = $dbname;

  92.         $this->dbPrefix = $dbprefix;

  93.         $this->result["me"] = 0;

  94.     }

  95. 

  96.     //设置SQL里的参数

  97.     function SetParameter($key, $value)

  98.     {

  99.         $this->parameters[$key] = $value;

  100.     }

  101. 

  102.     //连接数据库

  103.     function Open($pconnect = FALSE)

  104.     {

  105.         global $dsqlite;

  106.         //连接数据库

  107.         if ($dsqlite && !$dsqlite->isClose && $dsqlite->isInit) {

  108.             $this->linkID = $dsqlite->linkID;

  109.         } else {

  110. 

  111.             $this->linkID = new SQLite3(DEDEDATA.'/'.$this->dbName.'.db');

  112. 

  113.             //复制一个对象副本

  114.             CopySQLiPoint($this);

  115.         }

  116. 

  117.         //处理错误,成功连接则选择数据库

  118.         if (!$this->linkID) {

  119.             $this->DisplayError("DedeBIZ错误警告:<span style='color:#dc3545'>连接数据库失败,可能数据库密码不对或数据库服务器出错</span>");

  120.             exit();

  121.         }

  122.         $this->isInit = TRUE;

  123.         return TRUE;

  124.     }

  125. 

  126.     //为了防止采集等需要较长运行时间的程序超时,在运行这类程序时设置系统等待和交互时间

  127.     function SetLongLink()

  128.     {

  129.         @mysqli_query("SET interactive_timeout=3600, wait_timeout=3600 ;", $this->linkID);

  130.     }

  131. 

  132.     //获得错误描述

  133.     function GetError()

  134.     {

  135.         $str = mysqli_error($this->linkID);

  136.         return $str;

  137.     }

  138. 

  139.     //关闭数据库

  140.     //mysql能自动管理非持久连接的连接池

  141.     //实际上关闭并无意义并且容易出错,所以取消这函数

  142.     function Close($isok = FALSE)

  143.     {

  144.         $this->FreeResultAll();

  145.         if ($isok) {

  146.             $this->linkID->close();

  147.             $this->isClose = TRUE;

  148.             $GLOBALS['dsql'] = NULL;

  149.         }

  150.     }

  151. 

  152.     //定期清理死连接

  153.     function ClearErrLink()

  154.     {

  155.     }

  156. 

  157.     //关闭指定的数据库连接

  158.     function CloseLink($dblink)

  159.     {

  160.     }

  161. 

  162.     function Esc($_str)

  163.     {

  164.         return addslashes($_str);

  165.     }

  166. 

  167.     //执行一个不返回结果的SQL语句,如update,delete,insert等

  168.     function ExecuteNoneQuery($sql = '')

  169.     {

  170.         global $dsqlite;

  171.         if (!$dsqlite->isInit) {

  172.             $this->Init($this->pconnect);

  173.         }

  174.         if ($dsqlite->isClose) {

  175.             $this->Open(FALSE);

  176.             $dsqlite->isClose = FALSE;

  177.         }

  178.         if (!empty($sql)) {

  179.             $this->SetQuery($sql);

  180.         } else {

  181.             return FALSE;

  182.         }

  183.         if (is_array($this->parameters)) {

  184.             foreach ($this->parameters as $key => $value) {

  185.                 $this->queryString = str_replace("@".$key, "'$value'", $this->queryString);

  186.             }

  187.         }

  188.         //SQL语句安全检查

  189.         if ($this->safeCheck) CheckSql($this->queryString, 'update');

  190. 

  191.         $t1 = ExecTime();

  192. 

  193.         $rs = $this->linkID->exec($this->queryString);

  194. 

  195. 

  196.         //查询性能测试

  197.         if ($this->recordLog) {

  198.             $queryTime = ExecTime() - $t1;

  199.             $this->RecordLog($queryTime);

  200.             //echo $this->queryString."--{$queryTime}<hr />\r\n";

  201.         }

  202.         return $rs;

  203.     }

  204. 

  205. 

  206.     //执行一个返回影响记录条数的SQL语句,如update,delete,insert等

  207.     function ExecuteNoneQuery2($sql = '')

  208.     {

  209.         global $dsqlite;

  210.         if (!$dsqlite->isInit) {

  211.             $this->Init($this->pconnect);

  212.         }

  213.         if ($dsqlite->isClose) {

  214.             $this->Open(FALSE);

  215.             $dsqlite->isClose = FALSE;

  216.         }

  217. 

  218.         if (!empty($sql)) {

  219.             $this->SetQuery($sql);

  220.         }

  221.         if (is_array($this->parameters)) {

  222.             foreach ($this->parameters as $key => $value) {

  223.                 $this->queryString = str_replace("@".$key, "'$value'", $this->queryString);

  224.             }

  225.         }

  226.         $t1 = ExecTime();

  227.         $this->linkID->exec($this->queryString);

  228. 

  229.         //查询性能测试

  230.         if ($this->recordLog) {

  231.             $queryTime = ExecTime() - $t1;

  232.             $this->RecordLog($queryTime);

  233.             //echo $this->queryString."--{$queryTime}<hr />\r\n";

  234.         }

  235. 

  236.         return $this->linkID->changes();

  237.     }

  238. 

  239.     function ExecNoneQuery($sql = '')

  240.     {

  241.         return $this->ExecuteNoneQuery($sql);

  242.     }

  243. 

  244.     function GetFetchRow($id = 'me')

  245.     {

  246.         return $this->result[$id]->numColumns();

  247.     }

  248. 

  249.     function GetAffectedRows()

  250.     {

  251.         return $this->linkID->changes();

  252.     }

  253. 

  254.     //执行一个带返回结果的SQL语句,如SELECT,SHOW等

  255.     function Execute($id = "me", $sql = '')

  256.     {

  257.         global $dsqlite;

  258.         if (!$dsqlite->isInit) {

  259.             $this->Init($this->pconnect);

  260.         }

  261.         if ($dsqlite->isClose) {

  262.             $this->Open(FALSE);

  263.             $dsqlite->isClose = FALSE;

  264.         }

  265.         if (!empty($sql)) {

  266.             $this->SetQuery($sql);

  267.         }

  268.         //SQL语句安全检查

  269.         if ($this->safeCheck) {

  270.             CheckSql($this->queryString);

  271.         }

  272. 

  273.         $t1 = ExecTime();

  274.         //var_dump($this->queryString);

  275. 

  276.         $this->result[$id] = $this->linkID->query($this->queryString);

  277. 

  278.         //var_dump(mysql_error());

  279. 

  280.         //查询性能测试

  281.         if ($this->recordLog) {

  282.             $queryTime = ExecTime() - $t1;

  283.             $this->RecordLog($queryTime);

  284.             //echo $this->queryString."--{$queryTime}<hr />\r\n";

  285.         }

  286. 

  287.         if ($this->result[$id] === FALSE) {

  288.             $this->DisplayError($this->linkID->lastErrorMsg()." <br>Error sql: <span style='color:#dc3545'>".$this->queryString."</span>");

  289.         }

  290.     }

  291. 

  292.     function Query($id = "me", $sql = '')

  293.     {

  294.         $this->Execute($id, $sql);

  295.     }

  296. 

  297.     //执行一个SQL语句,返回前一条记录或仅返回一条记录

  298.     function GetOne($sql = '', $acctype = MYSQLI_ASSOC)

  299.     {

  300.         global $dsqlite;

  301.         if (!$dsqlite->isInit) {

  302.             $this->Init($this->pconnect);

  303.         }

  304.         if ($dsqlite->isClose) {

  305.             $this->Open(FALSE);

  306.             $dsqlite->isClose = FALSE;

  307.         }

  308.         if (!empty($sql)) {

  309.             if (!preg_match("/LIMIT/i", $sql)) $this->SetQuery(preg_replace("/[,;]$/i", '', trim($sql))." LIMIT 0,1;");

  310.             else $this->SetQuery($sql);

  311.         }

  312.         $this->Execute("one");

  313.         $arr = $this->GetArray("one", $acctype);

  314.         if (!is_array($arr)) {

  315.             return '';

  316.         } else {

  317.             $this->result["one"]->reset();

  318.             return ($arr);

  319.         }

  320.     }

  321. 

  322.     //执行一个不与任何表名有关的SQL语句,Create等

  323.     function ExecuteSafeQuery($sql, $id = "me")

  324.     {

  325.         global $dsqlite;

  326.         if (!$dsqlite->isInit) {

  327.             $this->Init($this->pconnect);

  328.         }

  329.         if ($dsqlite->isClose) {

  330.             $this->Open(FALSE);

  331.             $dsqlite->isClose = FALSE;

  332.         }

  333.         $this->result[$id] = $this->linkID->query($sql);

  334.     }

  335. 

  336.     //返回当前的一条记录并把游标移向下一记录

  337.     //SQLITE3_ASSOC、SQLITE3_NUM、SQLITE3_BOTH

  338.     function GetArray($id = "me", $acctype = SQLITE3_ASSOC)

  339.     {

  340.         switch ($acctype) {

  341.             case MYSQL_ASSOC:

  342.                 $acctype = SQLITE3_ASSOC;

  343.                 break;

  344.             case MYSQL_NUM:

  345.                 $acctype = SQLITE3_NUM;

  346.                 break;

  347.             default:

  348.                 $acctype = SQLITE3_BOTH;

  349.                 break;

  350.         }

  351. 

  352.         if ($this->result[$id] === 0) {

  353.             return FALSE;

  354.         } else {

  355.             $rs = $this->result[$id]->fetchArray($acctype);

  356.             if (!$rs) {

  357.                 $this->result[$id] = 0;

  358.                 return false;

  359.             }

  360.             return $rs;

  361.         }

  362.     }

  363. 

  364.     function GetObject($id = "me")

  365.     {

  366.         if (!isset($this->_fixObject[$id])) {

  367.             $this->_fixObject[$id] = array();

  368.             while ($row = $this->result[$id]->fetchArray(SQLITE3_ASSOC)) {

  369.                 $this->_fixObject[$id][] = (object)$row;

  370.             }

  371.             $this->result[$id]->reset();

  372.         }

  373.         return array_shift($this->_fixObject[$id]);

  374.     }

  375. 

  376.     //检测是否存在某数据表

  377.     function IsTable($tbname)

  378.     {

  379.         global $dsqlite;

  380.         if (!$dsqlite->isInit) {

  381.             $this->Init($this->pconnect);

  382.         }

  383.         $prefix = "#@__";

  384.         $tbname = str_replace($prefix, $GLOBALS['cfg_dbprefix'], $tbname);

  385. 

  386.         $row = $this->linkID->querySingle("PRAGMA table_info({$tbname});");

  387. 

  388.         if ($row !== null) {

  389.             return TRUE;

  390.         }

  391.         return FALSE;

  392.     }

  393. 

  394.     //获得MySql的版本号

  395.     function GetVersion($isformat = TRUE)

  396.     {

  397.         global $dsqlite;

  398.         if (!$dsqlite->isInit) {

  399.             $this->Init($this->pconnect);

  400.         }

  401.         if ($dsqlite->isClose) {

  402.             $this->Open(FALSE);

  403.             $dsqlite->isClose = FALSE;

  404.         }

  405.         $rs = $this->linkID->querySingle("select sqlite_version();");

  406.         $sqlite_version = $rs;

  407.         if ($isformat) {

  408.             $sqlite_versions = explode(".", trim($sqlite_version));

  409.             $sqlite_version = number_format($sqlite_versions[0].".".$sqlite_versions[1], 2);

  410.         }

  411.         return $sqlite_version;

  412.     }

  413. 

  414.     //获取特定表的信息

  415.     function GetTableFields($tbname, $id = "me")

  416.     {

  417.         global $dsqlite;

  418.         if (!$dsqlite->isInit) {

  419.             $this->Init($this->pconnect);

  420.         }

  421.         $prefix = "#@__";

  422.         $tbname = str_replace($prefix, $GLOBALS['cfg_dbprefix'], $tbname);

  423.         $query = "SELECT * FROM {$tbname} LIMIT 0,1";

  424.         $this->result[$id] = $this->linkID->query($query);

  425.     }

  426. 

  427.     //获取字段详细信息

  428.     function GetFieldObject($id = "me")

  429.     {

  430.         $cols = $this->result[$id]->numColumns();

  431.         $fields = array();

  432.         while ($row = $this->result[$id]->fetchArray()) {

  433.             for ($i = 1; $i < $cols; $i++) {

  434.                 $fields[] =  $this->result[$id]->columnName($i);

  435.             }

  436.         }

  437. 

  438.         return (object)$fields;

  439.     }

  440. 

  441.     //获得查询的总记录数

  442.     function GetTotalRow($id = "me")

  443.     {

  444.         $queryString = preg_replace("/SELECT(.*)FROM/isU", 'SELECT count(*) as dd FROM', $this->queryString);

  445.         $rs = $this->linkID->query($queryString);

  446.         $row = $rs->fetchArray();

  447.         return $row['dd'];

  448.     }

  449. 

  450.     //获取上一步INSERT操作产生的ID

  451.     function GetLastID()

  452.     {

  453.         //如果 AUTO_INCREMENT 的列的类型是 BIGINT,则 mysqli_insert_id() 返回的值将不正确。

  454.         //可以在 SQL 查询中用 MySQL 内部的 SQL 函数 LAST_INSERT_ID() 来替代。

  455.         //$rs = mysqli_query($this->linkID, "Select LAST_INSERT_ID() as lid");

  456.         //$row = mysqli_fetch_array($rs);

  457.         //return $row["lid"];

  458.         return $this->linkID->lastInsertRowID();

  459.     }

  460. 

  461.     //释放记录集占用的资源

  462.     function FreeResult($id = "me")

  463.     {

  464.         if ($this->result[$id]) {

  465.             @$this->result[$id]->reset();

  466.         }

  467.     }

  468.     function FreeResultAll()

  469.     {

  470.         if (!is_array($this->result)) {

  471.             return '';

  472.         }

  473.         foreach ($this->result as $kk => $vv) {

  474.             if ($vv) {

  475.                 @$vv->reset();

  476.             }

  477.         }

  478.     }

  479. 

  480.     //设置SQL语句,会自动把SQL语句里的#@__替换为$this->dbPrefix(在配置文件中为$cfg_dbprefix)

  481.     function SetQuery($sql)

  482.     {

  483.         $prefix = "#@__";

  484.         $sql = str_replace($prefix, $GLOBALS['cfg_dbprefix'], $sql);

  485.         $this->queryString = $sql;

  486.         //$this->queryString = preg_replace("/CONCAT\(',', arc.typeid2, ','\)/i","printf(',%s,', arc.typeid2)",$this->queryString);

  487.         if (preg_match("/CONCAT\(([^\)]*?)\)/i", $this->queryString, $matches)) {

  488.             $this->queryString = preg_replace("/CONCAT\(([^\)]*?)\)/i", str_replace(",", "||", $matches[1]), $this->queryString);

  489.             $this->queryString = str_replace("'||'", "','", $this->queryString);

  490.         }

  491. 

  492.         $this->queryString = preg_replace("/FIND_IN_SET\('([\w]+)', arc.flag\)>0/i", "(',' || arc.flag || ',') LIKE '%,\\1,%'", $this->queryString);

  493.         $this->queryString = preg_replace("/FIND_IN_SET\('([\w]+)', arc.flag\)<1/i", "(',' || arc.flag || ',') NOT LIKE '%,\\1,%'", $this->queryString);

  494.         if (preg_match("/CREATE TABLE/i", $this->queryString)) {

  495.             $this->queryString = preg_replace("/[\r\n]/", '', $this->queryString);

  496.             $this->queryString = preg_replace('/character set (.*?) /i', '', $this->queryString);

  497.             $this->queryString = preg_replace('/unsigned/i', '', $this->queryString);

  498.             $this->queryString = str_replace('TYPE=MyISAM', '', $this->queryString);

  499. 

  500.             $this->queryString = preg_replace('/TINYINT\(([\d]+)\)/i', 'INTEGER', $this->queryString);

  501.             $this->queryString = preg_replace('/mediumint\(([\d]+)\)/i', 'INTEGER', $this->queryString);

  502.             $this->queryString = preg_replace('/smallint\(([\d]+)\)/i', 'INTEGER', $this->queryString);

  503.             $this->queryString = preg_replace('/int\(([\d]+)\)/i', 'INTEGER', $this->queryString);

  504.             $this->queryString = preg_replace('/auto_increment/i', 'PRIMARY KEY AUTOINCREMENT', $this->queryString);

  505.             $this->queryString = preg_replace('/, KEY(.*?)MyISAM;/i', '', $this->queryString);

  506.             $this->queryString = preg_replace('/, KEY(.*?);/i', ');', $this->queryString);

  507.             $this->queryString = preg_replace('/, UNIQUE KEY(.*?);/i', ');', $this->queryString);

  508.             $this->queryString = preg_replace('/set\(([^\)]*?)\)/', 'varchar', $this->queryString);

  509.             $this->queryString = preg_replace('/enum\(([^\)]*?)\)/', 'varchar', $this->queryString);

  510.             if (preg_match("/PRIMARY KEY AUTOINCREMENT/", $this->queryString)) {

  511.                 $this->queryString = preg_replace('/,([\t\s ]+)PRIMARY KEY  \(`([0-9a-zA-Z]+)`\)/i', '', $this->queryString);

  512.                 $this->queryString = str_replace(',	PRIMARY KEY (`id`)', '', $this->queryString);

  513.             }

  514.         }

  515.         $this->queryString = preg_replace("/SHOW fields FROM `([\w]+)`/i", "PRAGMA table_info('\\1') ", $this->queryString);

  516.         $this->queryString = preg_replace("/SHOW CREATE TABLE .([\w]+)/i", "SELECT 0,sql FROM sqlite_master WHERE name='\\1'; ", $this->queryString);

  517.         //var_dump($this->queryString);

  518.         $this->queryString = preg_replace("/Show Tables/i", "SELECT name FROM sqlite_master WHERE type = \"table\"", $this->queryString);

  519.         $this->queryString = str_replace("\'", "\"", $this->queryString);

  520.         $this->queryString = str_replace('\t\n', "", $this->queryString);

  521.         //var_dump($this->queryString);

  522.     }

  523. 

  524.     function SetSql($sql)

  525.     {

  526.         $this->SetQuery($sql);

  527.     }

  528. 

  529.     function RecordLog($runtime = 0)

  530.     {

  531.         $RecordLogFile = dirname(__FILE__).'/../data/mysqli_record_log.inc';

  532.         $url = $this->GetCurUrl();

  533.         $savemsg = <<<EOT

  534. 

  535. ------------------------------------------

  536. SQL:{$this->queryString}

  537. Page:$url

  538. Runtime:$runtime

  539. EOT;

  540.         $fp = @fopen($RecordLogFile, 'a');

  541.         @fwrite($fp, $savemsg);

  542.         @fclose($fp);

  543.     }

  544. 

  545.     //显示数据链接错误信息

  546.     function DisplayError($msg)

  547.     {

  548.         $errorTrackFile = dirname(__FILE__).'/../data/mysqli_error_trace.inc';

  549.         if (file_exists(dirname(__FILE__).'/../data/mysqli_error_trace.php')) {

  550.             @unlink(dirname(__FILE__).'/../data/mysqli_error_trace.php');

  551.         }

  552.         if ($this->showError) {

  553.             $emsg = '';

  554.             $emsg .= "<div><h3>DedeBIZ Error Warning!</h3>\r\n";

  555.             $emsg .= "<div><a href='https://www.dedebiz.com' target='_blank' style='color:red'>Technical Support: https://www.dedebiz.com</a></div>";

  556.             $emsg .= "<div style='line-helght:160%;font-size:14px;color:green'>\r\n";

  557.             $emsg .= "<div style='color:blue'><br>Error page: <span style='color:#dc3545'>".$this->GetCurUrl()."</span></div>\r\n";

  558.             $emsg .= "<div>Error infos: {$msg}</div>\r\n";

  559.             $emsg .= "<br></div></div>\r\n";

  560. 

  561.             echo $emsg;

  562.         }

  563. 

  564.         $savemsg = 'Page: '.$this->GetCurUrl()."\r\nError: ".$msg."\r\nTime".date('Y-m-d H:i:s');

  565.         //保存MySql错误日志

  566.         $fp = @fopen($errorTrackFile, 'a');

  567.         @fwrite($fp, '<'.'?php  exit();'."\r\n/*\r\n{$savemsg}\r\n*/\r\n?".">\r\n");

  568.         @fclose($fp);

  569.     }

  570. 

  571.     //获得当前的脚本网址

  572.     function GetCurUrl()

  573.     {

  574.         if (!empty($_SERVER["REQUEST_URI"])) {

  575.             $scriptName = $_SERVER["REQUEST_URI"];

  576.             $nowurl = $scriptName;

  577.         } else {

  578.             $scriptName = $_SERVER["PHP_SELF"];

  579.             if (empty($_SERVER["QUERY_STRING"])) {

  580.                 $nowurl = $scriptName;

  581.             } else {

  582.                 $nowurl = $scriptName."?".$_SERVER["QUERY_STRING"];

  583.             }

  584.         }

  585.         return $nowurl;

  586.     }

  587. }

  588. 

  589. //复制一个对象副本

  590. function CopySQLiPoint(&$ndsql)

  591. {

  592.     $GLOBALS['dsqlite'] = $ndsql;

  593. }

  594. 

  595. //SQL语句过滤程序,由80sec提供,这里作了适当的修改

  596. if (!function_exists('CheckSql')) {

  597.     function CheckSql($db_string, $querytype = 'select')

  598.     {

  599.         global $cfg_cookie_encode;

  600.         $clean = '';

  601.         $error = '';

  602.         $old_pos = 0;

  603.         $pos = -1;

  604.         $log_file = DEDEINC.'/../data/'.md5($cfg_cookie_encode).'_safe.txt';

  605.         $userIP = GetIP();

  606.         $getUrl = GetCurUrl();

  607. 

  608.         //如果是普通查询语句,直接过滤一些特殊语法

  609.         if ($querytype == 'select') {

  610.             $notallow1 = "[^0-9a-z@\._-]{1,}(union|sleep|benchmark|load_file|outfile)[^0-9a-z@\.-]{1,}";

  611. 

  612.             //$notallow2 = "--|/\*";

  613.             if (preg_match("/".$notallow1."/i", $db_string)) {

  614.                 fputs(fopen($log_file, 'a+'), "$userIP||$getUrl||$db_string||SelectBreak\r\n");

  615.                 exit("<span>Safe Alert: Request Error step 1 !</span>");

  616.             }

  617.         }

  618. 

  619.         //完整的SQL检查

  620.         while (TRUE) {

  621.             $pos = strpos($db_string, '\'', $pos + 1);

  622.             if ($pos === FALSE) {

  623.                 break;

  624.             }

  625.             $clean .= substr($db_string, $old_pos, $pos - $old_pos);

  626.             while (TRUE) {

  627.                 $pos1 = strpos($db_string, '\'', $pos + 1);

  628.                 $pos2 = strpos($db_string, '\\', $pos + 1);

  629.                 if ($pos1 === FALSE) {

  630.                     break;

  631.                 } elseif ($pos2 == FALSE || $pos2 > $pos1) {

  632.                     $pos = $pos1;

  633.                     break;

  634.                 }

  635.                 $pos = $pos2 + 1;

  636.             }

  637.             $clean .= '$s$';

  638.             $old_pos = $pos + 1;

  639.         }

  640.         $clean .= substr($db_string, $old_pos);

  641.         $clean = trim(strtolower(preg_replace(array('~\s+~s'), array(' '), $clean)));

  642. 

  643.         if (

  644.             strpos($clean, '@') !== FALSE  or strpos($clean, 'char(') !== FALSE or strpos($clean, '"') !== FALSE

  645.             or strpos($clean, '$s$$s$') !== FALSE

  646.         ) {

  647.             $fail = TRUE;

  648.             if (preg_match("#^create table#i", $clean)) $fail = FALSE;

  649.             $error = "unusual character";

  650.         }

  651. 

  652.         //老版本的Mysql并不支持union,常用的程序里也不使用union,但是一些黑客使用它,所以检查它

  653.         if (strpos($clean, 'union') !== FALSE && preg_match('~(^|[^a-z])union($|[^[a-z])~s', $clean) != 0) {

  654.             $fail = TRUE;

  655.             $error = "union detect";

  656.         }

  657. 

  658.         //发布版本的程序可能比较少包括--,#这样的注释,但是黑客经常使用它们

  659.         elseif (strpos($clean, '/*') > 2 || strpos($clean, '--') !== FALSE || strpos($clean, '#') !== FALSE) {

  660.             $fail = TRUE;

  661.             $error = "comment detect";

  662.         }

  663. 

  664.         //这些函数不会被使用,但是黑客会用它来操作文件,down掉数据库

  665.         elseif (strpos($clean, 'sleep') !== FALSE && preg_match('~(^|[^a-z])sleep($|[^[a-z])~s', $clean) != 0) {

  666.             $fail = TRUE;

  667.             $error = "slown down detect";

  668.         } elseif (strpos($clean, 'benchmark') !== FALSE && preg_match('~(^|[^a-z])benchmark($|[^[a-z])~s', $clean) != 0) {

  669.             $fail = TRUE;

  670.             $error = "slown down detect";

  671.         } elseif (strpos($clean, 'load_file') !== FALSE && preg_match('~(^|[^a-z])load_file($|[^[a-z])~s', $clean) != 0) {

  672.             $fail = TRUE;

  673.             $error = "file fun detect";

  674.         } elseif (strpos($clean, 'into outfile') !== FALSE && preg_match('~(^|[^a-z])into\s+outfile($|[^[a-z])~s', $clean) != 0) {

  675.             $fail = TRUE;

  676.             $error = "file fun detect";

  677.         }

  678. 

  679.         //老版本的MYSQL不支持子查询,我们的程序里可能也用得少,但是黑客可以使用它来查询数据库敏感信息

  680.         elseif (preg_match('~\([^)]*?select~s', $clean) != 0) {

  681.             $fail = TRUE;

  682.             $error = "sub select detect";

  683.         }

  684.         if (!empty($fail)) {

  685.             fputs(fopen($log_file, 'a+'), "$userIP||$getUrl||$db_string||$error\r\n");

  686.             exit("<span>Safe Alert: Request Error step 2!</span>");

  687.         } else {

  688.             return $db_string;

  689.         }

  690.     }

  691. }