| [ Index ] |
|
Code source de Zen Cart E-Commerce Shopping Cart 1.3.7.1 |
1 <?php 2 /** 3 * general functions used by installer * 4 * @package Installer 5 * @access private 6 * @copyright Copyright 2003-2006 Zen Cart Development Team 7 * @copyright Portions Copyright 2003 osCommerce 8 * @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0 9 * @version $Id: general.php 4327 2006-08-31 07:59:37Z drbyte $ 10 */ 11 12 if (!defined('TABLE_UPGRADE_EXCEPTIONS')) define('TABLE_UPGRADE_EXCEPTIONS','upgrade_exceptions'); 13 14 function zen_not_null($value) { 15 if (is_array($value)) { 16 if (sizeof($value) > 0) { 17 return true; 18 } else { 19 return false; 20 } 21 } else { 22 if (($value != '') && (strtolower($value) != 'null') && (strlen(trim($value)) > 0)) { 23 return true; 24 } else { 25 return false; 26 } 27 } 28 } 29 30 function zen_output_string($string, $translate = false, $protected = false) { 31 if ($protected == true) { 32 return htmlspecialchars($string); 33 } else { 34 if ($translate == false) { 35 return zen_parse_input_field_data($string, array('"' => '"')); 36 } else { 37 return zen_parse_input_field_data($string, $translate); 38 } 39 } 40 } 41 42 function zen_parse_input_field_data($data, $parse) { 43 return strtr(trim($data), $parse); 44 } 45 46 function setInputValue($input, $constant, $default) { 47 if (isset($input)) { 48 define($constant, $input); 49 } else { 50 define($constant, $default); 51 } 52 } 53 54 function setRadioChecked($input, $constant, $default) { 55 if ($input == '') { 56 $input = $default; 57 } 58 if ($input == 'true') { 59 define($constant . '_FALSE', ''); 60 define($constant . '_TRUE', 'checked="checked" '); 61 } else { 62 define($constant . '_FALSE', 'checked="checked" '); 63 define($constant . '_TRUE', ''); 64 } 65 } 66 67 function setSelected($input, $selected) { 68 if ($input == $selected) { 69 return ' selected="selected"'; 70 } 71 } 72 function executeSql($sql_file, $database, $table_prefix = '', $isupgrade=false) { 73 $debug=false; 74 if (!defined('DB_PREFIX')) define('DB_PREFIX',$table_prefix); 75 // echo 'start SQL execute'; 76 global $db; 77 78 $ignored_count=0; 79 $ignore_line=false; 80 $results=0; 81 $string=''; 82 $result=''; 83 $errors=array(); 84 85 // prepare for upgrader processing 86 if ($isupgrade) zen_create_upgrader_table(); // only creates table if doesn't already exist 87 88 if (!get_cfg_var('safe_mode')) { 89 @set_time_limit(1200); 90 } 91 92 $lines = file($sql_file); 93 $newline = ''; 94 $lines_to_keep_together_counter=0; 95 // $saveline = ''; 96 foreach ($lines as $line) { 97 $line = trim($line); 98 // $line = $saveline . $line; 99 $keep_together = 1; // count of number of lines to treat as a single command 100 101 // split the line into words ... starts at $param[0] and so on. Also remove the ';' from end of last param if exists 102 $param=explode(" ",(substr($line,-1)==';') ? substr($line,0,strlen($line)-1) : $line); 103 104 // The following command checks to see if we're asking for a block of commands to be run at once. 105 // Syntax: #NEXT_X_ROWS_AS_ONE_COMMAND:6 for running the next 6 commands together (commands denoted by a ;) 106 if (substr($line,0,28) == '#NEXT_X_ROWS_AS_ONE_COMMAND:') $keep_together = substr($line,28); 107 if (substr($line,0,1) != '#' && substr($line,0,1) != '-' && $line != '') { 108 // if ($table_prefix != -1) { 109 //echo '*}'.$line.'<br>'; 110 111 $line_upper=strtoupper($line); 112 switch (true) { 113 case (substr($line_upper, 0, 21) == 'DROP TABLE IF EXISTS '): 114 $line = 'DROP TABLE IF EXISTS ' . $table_prefix . substr($line, 21); 115 break; 116 case (substr($line_upper, 0, 11) == 'DROP TABLE ' && $param[2] != 'IF'): 117 if (!$checkprivs = zen_check_database_privs('DROP')) $result=sprintf(REASON_NO_PRIVILEGES,'DROP'); 118 if (!zen_table_exists($param[2]) || zen_not_null($result)) { 119 zen_write_to_upgrade_exceptions_table($line, (zen_not_null($result) ? $result : sprintf(REASON_TABLE_DOESNT_EXIST,$param[2])), $sql_file); 120 $ignore_line=true; 121 $result=(zen_not_null($result) ? $result : sprintf(REASON_TABLE_DOESNT_EXIST,$param[2])); //duplicated here for on-screen error-reporting 122 break; 123 } else { 124 $line = 'DROP TABLE ' . $table_prefix . substr($line, 11); 125 } 126 break; 127 case (substr($line_upper, 0, 13) == 'CREATE TABLE '): 128 // check to see if table exists 129 $table = (strtoupper($param[2].' '.$param[3].' '.$param[4]) == 'IF NOT EXISTS') ? $param[5] : $param[2]; 130 $result=zen_table_exists($table); 131 if ($result==true) { 132 zen_write_to_upgrade_exceptions_table($line, sprintf(REASON_TABLE_ALREADY_EXISTS,$table), $sql_file); 133 $ignore_line=true; 134 $result=sprintf(REASON_TABLE_ALREADY_EXISTS,$table); //duplicated here for on-screen error-reporting 135 break; 136 } else { 137 $line = (strtoupper($param[2].' '.$param[3].' '.$param[4]) == 'IF NOT EXISTS') ? 'CREATE TABLE IF NOT EXISTS ' . $table_prefix . substr($line, 27) : 'CREATE TABLE ' . $table_prefix . substr($line, 13); 138 } 139 break; 140 case (substr($line_upper, 0, 13) == 'REPLACE INTO '): 141 //check to see if table prefix is going to match 142 if (!$tbl_exists = zen_table_exists($param[2])) $result=sprintf(REASON_TABLE_NOT_FOUND,$param[2]).' CHECK PREFIXES!'; 143 // check to see if INSERT command may be safely executed for "configuration" or "product_type_layout" tables 144 if (($param[2]=='configuration' && ($result=zen_check_config_key($line))) or 145 ($param[2]=='product_type_layout' && ($result=zen_check_product_type_layout_key($line))) or 146 ($param[2]=='configuration_group' && ($result=zen_check_cfggroup_key($line))) or 147 (!$tbl_exists) ) { 148 zen_write_to_upgrade_exceptions_table($line, $result, $sql_file); 149 $ignore_line=true; 150 break; 151 } else { 152 $line = 'REPLACE INTO ' . $table_prefix . substr($line, 13); 153 } 154 break; 155 case (substr($line_upper, 0, 12) == 'INSERT INTO '): 156 //check to see if table prefix is going to match 157 if (!$tbl_exists = zen_table_exists($param[2])) $result=sprintf(REASON_TABLE_NOT_FOUND,$param[2]).' CHECK PREFIXES!'; 158 // check to see if INSERT command may be safely executed for "configuration" or "product_type_layout" tables 159 if (($param[2]=='configuration' && ($result=zen_check_config_key($line))) or 160 ($param[2]=='product_type_layout' && ($result=zen_check_product_type_layout_key($line))) or 161 ($param[2]=='configuration_group' && ($result=zen_check_cfggroup_key($line))) or 162 (!$tbl_exists) ) { 163 zen_write_to_upgrade_exceptions_table($line, $result, $sql_file); 164 $ignore_line=true; 165 break; 166 } else { 167 $line = 'INSERT INTO ' . $table_prefix . substr($line, 12); 168 } 169 break; 170 case (substr($line_upper, 0, 19) == 'INSERT IGNORE INTO '): 171 //check to see if table prefix is going to match 172 if (!$tbl_exists = zen_table_exists($param[3])) { 173 $result=sprintf(REASON_TABLE_NOT_FOUND,$param[3]).' CHECK PREFIXES!'; 174 zen_write_to_upgrade_exceptions_table($line, $result, $sql_file); 175 $ignore_line=true; 176 break; 177 } else { 178 $line = 'INSERT IGNORE INTO ' . $table_prefix . substr($line, 19); 179 } 180 break; 181 case (substr($line_upper, 0, 12) == 'ALTER TABLE '): 182 // check to see if ALTER command may be safely executed 183 if ($result=zen_check_alter_command($param)) { 184 zen_write_to_upgrade_exceptions_table($line, $result, $sql_file); 185 $ignore_line=true; 186 break; 187 } else { 188 $line = 'ALTER TABLE ' . $table_prefix . substr($line, 12); 189 } 190 break; 191 case (substr($line_upper, 0, 13) == 'RENAME TABLE '): 192 // RENAME TABLE command cannot be parsed to insert table prefixes, so skip if zen is using prefixes 193 if (zen_not_null(DB_PREFIX)) { 194 zen_write_to_upgrade_exceptions_table($line, 'RENAME TABLE command not supported by upgrader. Please use phpMyAdmin instead.', $sql_file); 195 $ignore_line=true; 196 } 197 break; 198 case (substr($line_upper, 0, 7) == 'UPDATE '): 199 //check to see if table prefix is going to match 200 if (!$tbl_exists = zen_table_exists($param[1])) { 201 zen_write_to_upgrade_exceptions_table($line, sprintf(REASON_TABLE_NOT_FOUND,$param[1]).' CHECK PREFIXES!', $sql_file); 202 $result=sprintf(REASON_TABLE_NOT_FOUND,$param[1]).' CHECK PREFIXES!'; 203 $ignore_line=true; 204 break; 205 } else { 206 $line = 'UPDATE ' . $table_prefix . substr($line, 7); 207 } 208 break; 209 case (substr($line_upper, 0, 14) == 'UPDATE IGNORE '): 210 //check to see if table prefix is going to match 211 if (!$tbl_exists = zen_table_exists($param[2])) { 212 zen_write_to_upgrade_exceptions_table($line, sprintf(REASON_TABLE_NOT_FOUND,$param[2]).' CHECK PREFIXES!', $sql_file); 213 $result=sprintf(REASON_TABLE_NOT_FOUND,$param[2]).' CHECK PREFIXES!'; 214 $ignore_line=true; 215 break; 216 } else { 217 $line = 'UPDATE IGNORE ' . $table_prefix . substr($line, 14); 218 } 219 break; 220 case (substr($line_upper, 0, 12) == 'DELETE FROM '): 221 $line = 'DELETE FROM ' . $table_prefix . substr($line, 12); 222 break; 223 case (substr($line_upper, 0, 11) == 'DROP INDEX '): 224 // check to see if DROP INDEX command may be safely executed 225 if ($result=zen_drop_index_command($param)) { 226 zen_write_to_upgrade_exceptions_table($line, $result, $sql_file); 227 $ignore_line=true; 228 break; 229 } else { 230 $line = 'DROP INDEX ' . $param[2] . ' ON ' . $table_prefix . $param[4]; 231 } 232 break; 233 case (substr($line_upper, 0, 13) == 'CREATE INDEX ' || (strtoupper($param[0])=='CREATE' && strtoupper($param[2])=='INDEX')): 234 // check to see if CREATE INDEX command may be safely executed 235 if ($result=zen_create_index_command($param)) { 236 zen_write_to_upgrade_exceptions_table($line, $result, $sql_file); 237 $ignore_line=true; 238 break; 239 } else { 240 if (strtoupper($param[1])=='INDEX') { 241 $line = trim('CREATE INDEX ' . $param[2] .' ON '. $table_prefix . implode(' ',array($param[4],$param[5],$param[6],$param[7],$param[8],$param[9],$param[10],$param[11],$param[12],$param[13])) ).';'; // add the ';' back since it was removed from $param at start 242 } else { 243 $line = trim('CREATE '. $param[1] .' INDEX ' .$param[3]. ' ON '. $table_prefix . implode(' ',array($param[5],$param[6],$param[7],$param[8],$param[9],$param[10],$param[11],$param[12],$param[13])) ); // add the ';' back since it was removed from $param at start 244 } 245 } 246 break; 247 case (substr($line_upper, 0, 8) == 'SELECT (' && substr_count($line,'FROM ')>0): 248 $line = str_replace('FROM ','FROM '. $table_prefix, $line); 249 break; 250 case (substr($line_upper, 0, 10) == 'LEFT JOIN '): 251 $line = 'LEFT JOIN ' . $table_prefix . substr($line, 10); 252 break; 253 case (substr($line_upper, 0, 5) == 'FROM '): 254 if (substr_count($line,',')>0) { // contains FROM and a comma, thus must parse for multiple tablenames 255 $tbl_list = explode(',',substr($line,5)); 256 $line = 'FROM '; 257 foreach($tbl_list as $val) { 258 $line .= $table_prefix . trim($val) . ','; // add prefix and comma 259 } //end foreach 260 if (substr($line,-1)==',') $line = substr($line,0,(strlen($line)-1)); // remove trailing ',' 261 } else { //didn't have a comma, but starts with "FROM ", so insert table prefix 262 $line = str_replace('FROM ', 'FROM '.$table_prefix, $line); 263 }//endif substr_count(,) 264 break; 265 default: 266 break; 267 } //end switch 268 // } // endif $table_prefix 269 $newline .= $line . ' '; 270 271 if ( substr($line,-1) == ';') { 272 //found a semicolon, so treat it as a full command, incrementing counter of rows to process at once 273 if (substr($newline,-1)==' ') $newline = substr($newline,0,(strlen($newline)-1)); 274 $lines_to_keep_together_counter++; 275 if ($lines_to_keep_together_counter == $keep_together) { // if all grouped rows have been loaded, go to execute. 276 $complete_line = true; 277 $lines_to_keep_together_counter=0; 278 } else { 279 $complete_line = false; 280 } 281 } //endif found ';' 282 283 if ($complete_line) { 284 if ($debug==true) echo ((!$ignore_line) ? '<br /><strong>About to execute.</strong>': '<strong>Ignoring statement. This command WILL NOT be executed.</strong>').'<br />Debug info:<br />$ line='.$line.'<br />$ complete_line='.$complete_line.'<br>$ keep_together='.$keep_together.'<br />SQL='.$newline.'<br /><br />'; 285 if (get_magic_quotes_runtime() > 0) $newline=stripslashes($newline); 286 if (trim(str_replace(';','',$newline)) != '' && !$ignore_line) $output=$db->Execute($newline); 287 $results++; 288 $string .= $newline.'<br />'; 289 $return_output[]=$output; 290 if (zen_not_null($result) && !zen_check_exceptions($result, $line) ) $errors[]=$result; 291 // reset var's 292 $newline = ''; 293 $keep_together=1; 294 $complete_line = false; 295 if ($ignore_line && !zen_check_exceptions($result, $line)) $ignored_count++; 296 $ignore_line=false; 297 298 // show progress bar 299 global $zc_show_progress; 300 if ($zc_show_progress=='yes') { 301 $counter++; 302 if (($counter/5) == (int)($counter/5)) echo '~ '; 303 if ($counter>200) { 304 echo '<br /><br />'; 305 $counter=0; 306 } 307 if (function_exists('ob_flush')) @ob_flush(); 308 @flush(); 309 } 310 311 } //endif $complete_line 312 313 } //endif ! # or - 314 } // end foreach $lines 315 return array('queries'=> $results, 'string'=>$string, 'output'=>$return_output, 'ignored'=>($ignored_count), 'errors'=>$errors); 316 } //end function 317 318 function zen_db_prepare_input($string) { 319 if (is_string($string)) { 320 return trim(zen_sanitize_string(stripslashes($string))); 321 } elseif (is_array($string)) { 322 reset($string); 323 while (list($key, $value) = each($string)) { 324 $string[$key] = zen_db_prepare_input($value); 325 } 326 return $string; 327 } else { 328 return $string; 329 } 330 } 331 332 function zen_sanitize_string($string) { 333 $string = ereg_replace(' +', ' ', $string); 334 return preg_replace("/[<>]/", '_', $string); 335 } 336 337 function zen_validate_email($email = "root@localhost.localdomain") { 338 $valid_address = true; 339 $user =""; 340 $domain=""; 341 // split the e-mail address into user and domain parts 342 // need to update to trap for addresses in the format of "first@last"@someplace.com 343 // this method will most likely break in that case 344 list( $user, $domain ) = explode( "@", $email ); 345 $valid_ip_form = '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; 346 $valid_email_pattern = '^[a-z0-9]+[a-z0-9_\.\'\-]*@[a-z0-9]+[a-z0-9\.\-]*\.(([a-z]{2,6})|([0-9]{1,3}))$'; 347 $space_check = '[ ]'; 348 349 // strip beginning and ending quotes, if and only if both present 350 if( (ereg('^["]', $user) && ereg('["]$', $user)) ){ 351 $user = ereg_replace ( '^["]', '', $user ); 352 $user = ereg_replace ( '["]$', '', $user ); 353 $user = ereg_replace ( $space_check, '', $user ); //spaces in quoted addresses OK per RFC (?) 354 $email = $user."@".$domain; // contine with stripped quotes for remainder 355 } 356 357 // if e-mail domain part is an IP address, check each part for a value under 256 358 if (ereg($valid_ip_form, $domain)) { 359 $digit = explode( ".", $domain ); 360 for($i=0; $i<4; $i++) { 361 if ($digit[$i] > 255) { 362 $valid_address = false; 363 return $valid_address; 364 exit; 365 } 366 // stop crafty people from using internal IP addresses 367 if (($digit[0] == 192) || ($digit[0] == 10)) { 368 $valid_address = false; 369 return $valid_address; 370 exit; 371 } 372 } 373 } 374 375 if (!ereg($space_check, $email)) { // trap for spaces in 376 if ( eregi($valid_email_pattern, $email)) { // validate against valid e-mail patterns 377 $valid_address = true; 378 } else { 379 $valid_address = false; 380 return $valid_address; 381 exit; 382 } 383 } 384 385 // Verify e-mail has an associated MX and/or A record. 386 // Need alternate method to deal with Verisign shenanigans and with Windows Servers 387 // if (!checkdnsrr($domain, "MX") && !checkdnsrr($domain, "A")) { 388 // $valid_address = false; 389 // } 390 391 return $valid_address; 392 } 393 394 function zen_encrypt_password($plain) { 395 $password = ''; 396 397 for ($i=0; $i<10; $i++) { 398 $password .= zen_rand(); 399 } 400 401 $salt = substr(md5($password), 0, 2); 402 403 $password = md5($salt . $plain) . ':' . $salt; 404 405 return $password; 406 } 407 408 function zen_validate_password($plain, $encrypted) { 409 if (zen_not_null($plain) && zen_not_null($encrypted)) { 410 $stack = explode(':', $encrypted); 411 if (sizeof($stack) != 2) return false; 412 if (md5($stack[1] . $plain) == $stack[0]) { 413 return true; 414 } 415 } 416 return false; 417 } 418 419 420 function zen_rand($min = null, $max = null) { 421 static $seeded; 422 423 if (!isset($seeded)) { 424 mt_srand((double)microtime()*1000000); 425 $seeded = true; 426 } 427 428 if (isset($min) && isset($max)) { 429 if ($min >= $max) { 430 return $min; 431 } else { 432 return mt_rand($min, $max); 433 } 434 } else { 435 return mt_rand(); 436 } 437 } 438 439 function zen_read_config_value($value) { 440 $files_array = array(); 441 $string=''; 442 $files_array[] = '../includes/configure.php'; 443 444 if ($za_dir = @dir('../includes/' . 'extra_configures')) { 445 while ($zv_file = $za_dir->read()) { 446 if (strstr($zv_file, '.php')) { 447 //echo $zv_file.'<br>'; 448 $files_array[] = $zv_file; 449 } 450 } 451 } 452 foreach ($files_array as $filename) { 453 if (!file_exists($filename)) continue; 454 //echo $filename . '!<br>'; 455 $lines = file($filename); 456 foreach($lines as $line) { // read the configure.php file for specific variables 457 if (substr($line,0,2) == '//') continue; 458 $def_string=array(); 459 $def_string=explode("'",$line); 460 //define('CONSTANT','value'); 461 //[1]=TABLE_CONSTANT 462 //[2]=, 463 //[3]=value 464 //[4]=); 465 //[5]= 466 if (isset($def_string[1]) && strtoupper($def_string[1]) == $value ) $string .= $def_string[3]; 467 }//end foreach $line 468 }//end foreach $filename 469 return $string; 470 } 471 472 function zen_table_exists($tablename, $pre_install=false) { 473 global $db, $db_test; 474 if ($pre_install==true) { 475 $tables = $db_test->Execute("SHOW TABLES like '" . DB_PREFIX . $tablename . "'"); 476 } else { 477 $tables = $db->Execute("SHOW TABLES like '" . DB_PREFIX . $tablename . "'"); 478 } 479 if (ZC_UPG_DEBUG3==true) echo 'Table check ('.$tablename.') = '. $tables->RecordCount() .'<br>'; 480 if ($tables->RecordCount() > 0) { 481 return true; 482 } else { 483 return false; 484 } 485 } 486 487 function zen_check_database_privs($priv='',$table='',$show_privs=false) { 488 //bypass for now ... will attempt to use with modifications in a new release later 489 if ($show_privs==true) return 'Not Checked|||Not Checked'; 490 return true; 491 // end bypass 492 global $zdb_server, $zdb_user, $zdb_name; 493 if (!zen_not_null($zdb_server)) $zdb_server = zen_read_config_value('DB_SERVER'); 494 if (!zen_not_null($zdb_user)) $zdb_user = zen_read_config_value('DB_SERVER_USERNAME'); 495 if (!zen_not_null($zdb_name)) $zdb_name = zen_read_config_value('DB_DATABASE'); 496 if (isset($_GET['nogrants']) || isset($_POST['nogrants']) ) return true; // bypass if flag set 497 //Display permissions, or check for suitable permissions to carry out a particular task 498 //possible outputs: 499 //GRANT ALL PRIVILEGES ON *.* TO 'xyz'@'localhost' WITH GRANT OPTION 500 //GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, FILE, INDEX, ALTER ON *.* TO 'xyz'@'localhost' IDENTIFIED BY PASSWORD '2344' 501 //GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `db1`.* TO 'xyz'@'localhost' 502 //GRANT SELECT (id) ON db1.tablename TO 'xyz'@'localhost 503 global $db; 504 global $db_test; 505 $granted_privs_list=''; 506 if (ZC_UPG_DEBUG3==true) echo '<br />Checking for priv: ['.(zen_not_null($priv) ? $priv : 'none specified').']<br />'; 507 if (!defined('DB_SERVER')) define('DB_SERVER',$zdb_server); 508 if (!defined('DB_SERVER_USERNAME')) define('DB_SERVER_USERNAME',$zdb_user); 509 if (!defined('DB_DATABASE')) define('DB_DATABASE',$zdb_name); 510 $user = DB_SERVER_USERNAME."@".DB_SERVER; 511 if ($user == 'DB_SERVER_USERNAME@DB_SERVER' || DB_DATABASE=='DB_DATABASE') return true; // bypass if constants not set properly 512 $sql = "show grants for ".$user; 513 if (ZC_UPG_DEBUG3==true) echo $sql.'<br />'; 514 if (is_object($db)) { 515 $result = $db->Execute($sql); 516 } elseif (is_object($db_test)) { 517 $result = $db_test->Execute($sql); 518 } 519 while (!$result->EOF) { 520 if (ZC_UPG_DEBUG3==true) echo $result->fields['Grants for '.$user].'<br />'; 521 $grant_syntax = $result->fields['Grants for '.$user] . ' '; 522 $granted_privs = str_replace('GRANT ','',$grant_syntax); // remove "GRANT" keyword 523 $granted_privs = substr($granted_privs,0,strpos($granted_privs,' TO ')); //remove anything after the "TO" keyword 524 $granted_db = str_replace(array('`','\\'),'',substr($granted_privs,strpos($granted_privs,' ON ')+4) ); //remove backquote and find "ON" string 525 if (ZC_UPG_DEBUG3==true) echo 'privs_list = '.$granted_privs.'<br />'; 526 if (ZC_UPG_DEBUG3==true) echo 'granted_db = '.$granted_db.'<br />'; 527 $db_priv_ok += ($granted_db == '*.*' || $granted_db==DB_DATABASE.'.*' || $granted_db==DB_DATABASE.'.'.$table) ? true : false; 528 if (ZC_UPG_DEBUG3==true) echo 'db-priv-ok='.$db_priv_ok.'<br />'; 529 530 if ($db_priv_ok) { // if the privs list pertains to the current database, or is *.*, carry on 531 $granted_privs = substr($granted_privs,0,strpos($granted_privs,' ON ')); //remove anything after the "ON" keyword 532 $granted_privs_list .= ($granted_privs_list=='') ? $granted_privs : ', '.$granted_privs; 533 534 $specific_priv_found = (zen_not_null($priv) && substr_count($granted_privs,$priv)==1); 535 if (ZC_UPG_DEBUG3==true) echo 'specific priv['.$priv.'] found ='.$specific_priv_found.'<br />'; 536 537 if (ZC_UPG_DEBUG3==true) echo 'spec+db='.($specific_priv_found && $db_priv_ok == true).' ||| '; 538 if (ZC_UPG_DEBUG3==true) echo 'all+db='.($granted_privs == 'ALL PRIVILEGES' && $db_priv_ok==true).'<br /><br />'; 539 540 if (($specific_priv_found && $db_priv_ok == true) || ($granted_privs == 'ALL PRIVILEGES' && $db_priv_ok==true)) { 541 return true; // privs found 542 } 543 } // endif $db_priv_ok 544 $result->MoveNext(); 545 } 546 if ($show_privs) { 547 if (ZC_UPG_DEBUG3==true) echo 'LIST OF PRIVS='.$granted_privs_list.'<br />'; 548 return $db_priv_ok . '|||'. $granted_privs_list; 549 } else { 550 return false; // if not found, return false 551 } 552 } 553 554 function zen_drop_index_command($param) { 555 if (!$checkprivs = zen_check_database_privs('INDEX')) return sprintf(REASON_NO_PRIVILEGES,'INDEX'); 556 //this is only slightly different from the ALTER TABLE DROP INDEX command 557 global $db; 558 if (!zen_not_null($param)) return "Empty SQL Statement"; 559 $index = $param[2]; 560 $sql = "show index from " . DB_PREFIX . $param[4]; 561 $result = $db->Execute($sql); 562 while (!$result->EOF) { 563 if (ZC_UPG_DEBUG3==true) echo $result->fields['Key_name'].'<br />'; 564 if ($result->fields['Key_name'] == $index) { 565 // if (!$checkprivs = zen_check_database_privs('INDEX')) return sprintf(REASON_NO_PRIVILEGES,'INDEX'); 566 return; // if we get here, the index exists, and we have index privileges, so return with no error 567 } 568 $result->MoveNext(); 569 } 570 // if we get here, then the index didn't exist 571 return sprintf(REASON_INDEX_DOESNT_EXIST_TO_DROP,$index,$param[4]); 572 } 573 574 function zen_create_index_command($param) { 575 //this is only slightly different from the ALTER TABLE CREATE INDEX command 576 if (!$checkprivs = zen_check_database_privs('INDEX')) return sprintf(REASON_NO_PRIVILEGES,'INDEX'); 577 global $db; 578 if (!zen_not_null($param)) return "Empty SQL Statement"; 579 $index = (strtoupper($param[1])=='INDEX') ? $param[2] : $param[3]; 580 if (in_array('USING',$param)) return 'USING parameter found. Cannot validate syntax. Please run manually in phpMyAdmin.'; 581 $table = (strtoupper($param[2])=='INDEX' && strtoupper($param[4])=='ON') ? $param[5] : $param[4]; 582 $sql = "show index from " . DB_PREFIX . $table; 583 $result = $db->Execute($sql); 584 while (!$result->EOF) { 585 if (ZC_UPG_DEBUG3==true) echo $result->fields['Key_name'].'<br />'; 586 if (strtoupper($result->fields['Key_name']) == strtoupper($index)) { 587 return sprintf(REASON_INDEX_ALREADY_EXISTS,$index,$table); 588 } 589 $result->MoveNext(); 590 } 591 /* 592 * @TODO: verify that individual columns exist, by parsing the index_col_name parameters list 593 * Structure is (colname(len)), 594 * or (colname), 595 */ 596 } 597 598 function zen_check_alter_command($param) { 599 global $db; 600 if (!zen_not_null($param)) return "Empty SQL Statement"; 601 if (!$checkprivs = zen_check_database_privs('ALTER')) return sprintf(REASON_NO_PRIVILEGES,DB_SERVER_USERNAME, DB_SERVER, 'ALTER'); 602 switch (strtoupper($param[3])) { 603 case ("ADD"): 604 if (strtoupper($param[4]) == 'INDEX') { 605 // check that the index to be added doesn't already exist 606 $index = $param[5]; 607 $sql = "show index from " . DB_PREFIX . $param[2]; 608 $result = $db->Execute($sql); 609 while (!$result->EOF) { 610 if (ZC_UPG_DEBUG3==true) echo 'KEY: '.$result->fields['Key_name'].'<br />'; 611 if ($result->fields['Key_name'] == $index) { 612 return sprintf(REASON_INDEX_ALREADY_EXISTS,$index,$param[2]); 613 } 614 $result->MoveNext(); 615 } 616 } elseif (strtoupper($param[4])=='PRIMARY') { 617 // check that the primary key to be added doesn't exist 618 if ($param[5] != 'KEY') return; 619 $sql = "show index from " . DB_PREFIX . $param[2]; 620 $result = $db->Execute($sql); 621 while (!$result->EOF) { 622 if (ZC_UPG_DEBUG3==true) echo $result->fields['Key_name'].'<br />'; 623 if ($result->fields['Key_name'] == 'PRIMARY') { 624 return sprintf(REASON_PRIMARY_KEY_ALREADY_EXISTS,$param[2]); 625 } 626 $result->MoveNext(); 627 } 628 629 } elseif (!in_array(strtoupper($param[4]),array('CONSTRAINT','UNIQUE','PRIMARY','FULLTEXT','FOREIGN','SPATIAL') ) ) { 630 // check that the column to be added does not exist 631 $colname = ($param[4]=='COLUMN') ? $param[5] : $param[4]; 632 $sql = "show fields from " . DB_PREFIX . $param[2]; 633 $result = $db->Execute($sql); 634 while (!$result->EOF) { 635 if (ZC_UPG_DEBUG3==true) echo $result->fields['Field'].'<br />'; 636 if ($result->fields['Field'] == $colname) { 637 return sprintf(REASON_COLUMN_ALREADY_EXISTS,$colname); 638 } 639 $result->MoveNext(); 640 } 641 642 } elseif (strtoupper($param[5])=='AFTER') { 643 // check that the requested "after" field actually exists 644 $colname = ($param[6]=='COLUMN') ? $param[7] : $param[6]; 645 $sql = "show fields from " . DB_PREFIX . $param[2]; 646 $result = $db->Execute($sql); 647 while (!$result->EOF) { 648 if (ZC_UPG_DEBUG3==true) echo $result->fields['Field'].'<br />'; 649 if ($result->fields['Field'] == $colname) { 650 return; // exists, so return with no error 651 } 652 $result->MoveNext(); 653 } 654 655 } elseif (strtoupper($param[6])=='AFTER') { 656 // check that the requested "after" field actually exists 657 $colname = ($param[7]=='COLUMN') ? $param[8] : $param[7]; 658 $sql = "show fields from " . DB_PREFIX . $param[2]; 659 $result = $db->Execute($sql); 660 while (!$result->EOF) { 661 if (ZC_UPG_DEBUG3==true) echo $result->fields['Field'].'<br />'; 662 if ($result->fields['Field'] == $colname) { 663 return; // exists, so return with no error 664 } 665 $result->MoveNext(); 666 } 667 /* 668 * @TODO -- add check for FIRST parameter, to check that the FIRST colname specified actually exists 669 */ 670 } 671 break; 672 case ("DROP"): 673 if (strtoupper($param[4]) == 'INDEX') { 674 // check that the index to be dropped exists 675 $index = $param[5]; 676 $sql = "show index from " . DB_PREFIX . $param[2]; 677 $result = $db->Execute($sql); 678 while (!$result->EOF) { 679 if (ZC_UPG_DEBUG3==true) echo $result->fields['Key_name'].'<br />'; 680 if ($result->fields['Key_name'] == $index) { 681 return; // exists, so return with no error 682 } 683 $result->MoveNext(); 684 } 685 // if we get here, then the index didn't exist 686 return sprintf(REASON_INDEX_DOESNT_EXIST_TO_DROP,$index,$param[2]); 687 688 } elseif (strtoupper($param[4])=='PRIMARY') { 689 // check that the primary key to be dropped exists 690 if ($param[5] != 'KEY') return; 691 $sql = "show index from " . DB_PREFIX . $param[2]; 692 $result = $db->Execute($sql); 693 while (!$result->EOF) { 694 if (ZC_UPG_DEBUG3==true) echo $result->fields['Key_name'].'<br />'; 695 if ($result->fields['Key_name'] == 'PRIMARY') { 696 return; // exists, so return with no error 697 } 698 $result->MoveNext(); 699 } 700 // if we get here, then the primary key didn't exist 701 return sprintf(REASON_PRIMARY_KEY_DOESNT_EXIST_TO_DROP,$param[2]); 702 703 } elseif (!in_array(strtoupper($param[4]),array('CONSTRAINT','UNIQUE','PRIMARY','FULLTEXT','FOREIGN','SPATIAL'))) { 704 // check that the column to be dropped exists 705 $colname = ($param[4]=='COLUMN') ? $param[5] : $param[4]; 706 $sql = "show fields from " . DB_PREFIX . $param[2]; 707 $result = $db->Execute($sql); 708 while (!$result->EOF) { 709 if (ZC_UPG_DEBUG3==true) echo $result->fields['Field'].'<br />'; 710 if ($result->fields['Field'] == $colname) { 711 return; // exists, so return with no error 712 } 713 $result->MoveNext(); 714 } 715 // if we get here, then the column didn't exist 716 return sprintf(REASON_COLUMN_DOESNT_EXIST_TO_DROP,$colname); 717 }//endif 'DROP' 718 break; 719 case ("ALTER"): 720 case ("MODIFY"): 721 case ("CHANGE"): 722 // just check that the column to be changed 'exists' 723 $colname = ($param[4]=='COLUMN') ? $param[5] : $param[4]; 724 $sql = "show fields from " . DB_PREFIX . $param[2]; 725 $result = $db->Execute($sql); 726 while (!$result->EOF) { 727 if (ZC_UPG_DEBUG3==true) echo $result->fields['Field'].'<br />'; 728 if ($result->fields['Field'] == $colname) { 729 return; // exists, so return with no error 730 } 731 $result->MoveNext(); 732 } 733 // if we get here, then the column didn't exist 734 return sprintf(REASON_COLUMN_DOESNT_EXIST_TO_CHANGE,$colname); 735 break; 736 default: 737 // if we get here, then we're processing an ALTER command other than what we're checking for, so let it be processed. 738 return; 739 break; 740 } //end switch 741 } 742 743 function zen_check_config_key($line) { 744 global $db; 745 $values=array(); 746 $values=explode("'",$line); 747 //INSERT INTO configuration blah blah blah VALUES ('title','key', blah blah blah); 748 //[0]=INSERT INTO..... 749 //[1]=title 750 //[2]=, 751 //[3]=key 752 //[4]=blah blah 753 $title = $values[1]; 754 $key = $values[3]; 755 $sql = "select configuration_title from " . DB_PREFIX . "configuration where configuration_key='".$key."'"; 756 $result = $db->Execute($sql); 757 if ($result->RecordCount() >0 ) return sprintf(REASON_CONFIG_KEY_ALREADY_EXISTS,$key); 758 } 759 760 function zen_check_product_type_layout_key($line) { 761 global $db; 762 $values=array(); 763 $values=explode("'",$line); 764 $title = $values[1]; 765 $key = $values[3]; 766 $sql = "select configuration_title from " . DB_PREFIX . "product_type_layout where configuration_key='".$key."'"; 767 $result = $db->Execute($sql); 768 if ($result->RecordCount() >0 ) return sprintf(REASON_PRODUCT_TYPE_LAYOUT_KEY_ALREADY_EXISTS,$key); 769 } 770 771 function zen_check_cfggroup_key($line) { 772 global $db; 773 $values=array(); 774 $values=explode("'",$line); 775 $id = $values[1]; 776 $title = $values[3]; 777 $sql = "select configuration_group_title from " . DB_PREFIX . "configuration_group where configuration_group_title='".$title."'"; 778 $result = $db->Execute($sql); 779 if ($result->RecordCount() >0 ) return sprintf(REASON_CONFIGURATION_GROUP_KEY_ALREADY_EXISTS,$title); 780 $sql = "select configuration_group_title from " . DB_PREFIX . "configuration_group where configuration_group_id='".$id."'"; 781 $result = $db->Execute($sql); 782 if ($result->RecordCount() >0 ) return sprintf(REASON_CONFIGURATION_GROUP_ID_ALREADY_EXISTS,$id); 783 } 784 785 function zen_write_to_upgrade_exceptions_table($line, $reason, $sql_file) { 786 global $db; 787 zen_create_exceptions_table(); 788 $sql="INSERT INTO " . DB_PREFIX . TABLE_UPGRADE_EXCEPTIONS . " VALUES (0,'". $sql_file."','".$reason."', now(), '".addslashes($line)."')"; 789 if (ZC_UPG_DEBUG3==true) echo '<br />sql='.$sql.'<br />'; 790 $result = $db->Execute($sql); 791 return $result; 792 } 793 794 function zen_purge_exceptions_table() { 795 global $db; 796 zen_create_exceptions_table(); 797 $result = $db->Execute("TRUNCATE TABLE " . DB_PREFIX . TABLE_UPGRADE_EXCEPTIONS ); 798 return $result; 799 } 800 801 function zen_create_exceptions_table() { 802 global $db; 803 if (!zen_table_exists(TABLE_UPGRADE_EXCEPTIONS)) { 804 $result = $db->Execute("CREATE TABLE `" . DB_PREFIX . TABLE_UPGRADE_EXCEPTIONS ."` ( 805 `upgrade_exception_id` smallint(5) NOT NULL auto_increment, 806 `sql_file` varchar(50) default NULL, 807 `reason` varchar(200) default NULL, 808 `errordate` datetime default '0001-01-01 00:00:00', 809 `sqlstatement` text, PRIMARY KEY (`upgrade_exception_id`) 810 )"); 811 return $result; 812 } 813 } 814 815 function zen_check_exceptions($result, $line) { 816 // note: table-prefixes are ignored here, since they are not added if this is an exception 817 //echo '<br /><strong>RESULT_CODE: </strong>' . $result . '<br /><strong>LINE:</strong>' . $line; 818 if (strstr($result,'EZ-Pages Settings') && strstr(strtolower($line), 'insert into configuration_group')) return true; 819 if (strstr($result,'DEFINE_SITE_MAP_STATUS') && strstr(strtolower($line), 'insert into configuration')) return true; 820 //echo '<br /><strong>NO EXCEPTIONS </strong>TO IGNORE<br />'; 821 } 822 823 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Mon Nov 26 16:45:43 2007 | par Balluche grâce à PHPXref 0.7 |
|
|