1: <?php
2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14:
15:
16: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
17:
18:
19: function injectSQL($db, $prefix, $file, $replacements = array()) {
20: $file = trim($file);
21:
22: if (!is_readable($file)) {
23: return false;
24: }
25:
26: $sqlFile = cFileHandler::read($file);
27:
28: $sqlFile = removeComments($sqlFile);
29: $sqlFile = removeRemarks($sqlFile);
30: $sqlFile = str_replace("!PREFIX!", $prefix, $sqlFile);
31: $sqlFile = trim($sqlFile);
32:
33: $sqlChunks = splitSqlFile(trim($sqlFile), ";");
34:
35: foreach ($sqlChunks as $sqlChunk) {
36: foreach ($replacements as $find => $replace) {
37: $sqlChunk = str_replace($find, $replace, $sqlChunk);
38: }
39:
40: $db->query($sqlChunk);
41:
42: if ($db->getErrorNumber() != 0) {
43: logSetupFailure("Unable to execute SQL statement:\n" . $sqlChunk . "\nMysql Error: " . $db->getErrorMessage() . " (" . $db->getErrorNumber() . ")");
44: $_SESSION['install_failedchunks'] = true;
45: }
46: }
47:
48: return true;
49: }
50:
51: 52: 53: 54: 55:
56: function addAutoIncrementToTables($db, $cfg) {
57:
58: $filterTables = array(
59: $cfg['sql']['sqlprefix'] . '_groups',
60: $cfg['sql']['sqlprefix'] . '_pica_alloc_con',
61: $cfg['sql']['sqlprefix'] . '_pica_lang',
62: $cfg['sql']['sqlprefix'] . '_sequence',
63: $cfg['sql']['sqlprefix'] . '_phplib_active_sessions',
64: $cfg['sql']['sqlprefix'] . '_online_user',
65: $cfg['sql']['sqlprefix'] . '_pi_linkwhitelist',
66: $cfg['sql']['sqlprefix'] . '_phplib_auth_user_md5',
67: $cfg['sql']['sqlprefix'] . '_user',
68: $cfg['sql']['sqlprefix'] . '_iso_639_2',
69: $cfg['sql']['sqlprefix'] . '_iso_3166'
70: );
71:
72: $sql = $db->prepare('SHOW TABLES FROM `%s`', $cfg['db']['connection']['database']);
73: $db->query($sql);
74:
75: if ($db->getErrorNumber() != 0) {
76: logSetupFailure("Unable to execute SQL statement:\n" . $sql . "\nMysql Error: " . $db->getErrorMessage() . " (" . $db->getErrorNumber() . ")");
77: $_SESSION['install_failedupgradetable'] = true;
78: }
79:
80: $aRows = array();
81: while ($db->nextRecord()) {
82: $aRows[] = $db->getRecord();
83: }
84: foreach ($aRows as $row) {
85: if (in_array($row[0], $filterTables) === false && strpos($row[0], $cfg['sql']['sqlprefix'] . '_') !== false) {
86: alterTableHandling($row[0]);
87: }
88: }
89:
90:
91: if (count($aRows) > 65) {
92: $sql = 'DROP TABLE IF EXISTS ' . $cfg['sql']['sqlprefix'] . '_sequence';
93: $db->query($sql);
94: }
95: }
96:
97: 98: 99: 100:
101: function addSalts($db) {
102: global $cfg;
103:
104: $db2 = getSetupMySQLDBConnection();
105:
106: $sql = "SHOW COLUMNS FROM %s LIKE 'salt'";
107: $sql = sprintf($sql, $cfg['tab']['user']);
108:
109: $db->query($sql);
110: if ($db->numRows() == 0) {
111: $db2->query("ALTER TABLE ".$cfg["tab"]["user"]." CHANGE password password VARCHAR(64)");
112: $db2->query("ALTER TABLE ".$cfg["tab"]["user"]." ADD salt VARCHAR(32) AFTER password");
113: }
114:
115: $db->query("SELECT * FROM ".$cfg["tab"]["user"]);
116: while ($db->nextRecord()) {
117: if ($db->f("salt") == "") {
118: $salt = md5($db->f("username").rand(1000, 9999).rand(1000, 9999).rand(1000, 9999));
119: $db2->query("UPDATE ".$cfg["tab"]["user"]." SET salt='".$salt."' WHERE user_id='".$db->f("user_id")."'");
120: $db2->query("UPDATE ".$cfg["tab"]["user"]." SET password='".hash("sha256", $db->f("password").$salt)."' WHERE user_id='".$db->f("user_id")."'");
121: }
122: }
123:
124: $sql = "SHOW COLUMNS FROM %s LIKE 'salt'";
125: $sql = sprintf($sql, $cfg['tab']['frontendusers']);
126:
127: $db->query($sql);
128: if ($db->numRows() == 0) {
129: $db2->query("ALTER TABLE ".$cfg["tab"]["frontendusers"]." CHANGE password password VARCHAR(64)");
130: $db2->query("ALTER TABLE ".$cfg["tab"]["frontendusers"]." ADD salt VARCHAR(32) AFTER password");
131: }
132:
133: $db->query("SELECT * FROM ".$cfg["tab"]["frontendusers"]);
134: while ($db->nextRecord()) {
135: if ($db->f("salt") == "") {
136: $salt = md5($db->f("username").rand(1000, 9999).rand(1000, 9999).rand(1000, 9999));
137: $db2->query("UPDATE ".$cfg["tab"]["frontendusers"]." SET salt='".$salt."' WHERE idfrontenduser='".$db->f("idfrontenduser")."'");
138: $db2->query("UPDATE ".$cfg["tab"]["frontendusers"]." SET password='".hash("sha256", $db->f("password").$salt)."' WHERE idfrontenduser='".$db->f("idfrontenduser")."'");
139: }
140: }
141: }
142:
143: function urlDecodeTables($db) {
144: global $cfg;
145:
146: urlDecodeTable($db, $cfg['tab']['frontendusers']);
147: urlDecodeTable($db, $cfg['tab']['content']);
148: urlDecodeTable($db, $cfg['tab']['properties']);
149: urlDecodeTable($db, $cfg['tab']['upl_meta']);
150: urlDecodeTable($db, $cfg['tab']['container']);
151: urlDecodeTable($db, $cfg['sql']['sqlprefix'] . '_pica_lang', true);
152: urlDecodeTable($db, $cfg['sql']['sqlprefix'] . '_pi_news_rcp', true);
153: urlDecodeTable($db, $cfg['tab']['art_lang']);
154: urlDecodeTable($db, $cfg['tab']['user_prop']);
155: urlDecodeTable($db, $cfg['tab']['system_prop']);
156: urlDecodeTable($db, $cfg['tab']['art_spec']);
157: urlDecodeTable($db, $cfg['sql']['sqlprefix'] . '_pi_news_jobs', true);
158:
159: }
160:
161: function urlDecodeTable($db, $table, $checkTableExists = false) {
162: if ($checkTableExists === true) {
163: $db->query('SHOW TABLES LIKE "%s"', $table);
164: if ($db->nextRecord() === false) {
165: return;
166: }
167: }
168:
169: $sql = "SELECT * FROM " . $table;
170: $db->query($sql);
171:
172: $db2 = getSetupMySQLDBConnection(false);
173:
174: while ($db->nextRecord()) {
175:
176: $row = $db->toArray(cDb::FETCH_ASSOC);
177:
178: $sql = "UPDATE " . $table . " SET ";
179: foreach ($row as $key => $value) {
180: if (strlen($value) > 0) {
181: $sql .= "`" . $key . "`='" . $db->escape(urldecode($value)) . "', ";
182: }
183: }
184: $sql = substr($sql, 0, strlen($sql) - 2) . " WHERE ";
185: foreach ($row as $key => $value) {
186: if (strlen($value) > 0) {
187: $sql .= "`" . $key . "`= '" . $db->escape($value) . "' AND ";
188: }
189: }
190: $sql = substr($sql, 0, strlen($sql) - 5) . ";";
191:
192: $db2->query($sql);
193: }
194: }
195:
196: function convertToDatetime($db, $cfg) {
197: $db->query('SHOW TABLES LIKE "%s"', $cfg["sql"]["sqlprefix"] . "_piwf_art_allocation");
198: if ($db->nextRecord()) {
199: $db->query("ALTER TABLE " . $cfg['sql']['sqlprefix'] . "_piwf_art_allocation CHANGE `starttime` `starttime` DATETIME NOT NULL");
200: }
201:
202: $db->query("ALTER TABLE " . $cfg['sql']['sqlprefix'] . "_template_conf CHANGE `created` `created` DATETIME NOT NULL");
203: }
204:
205: 206: 207: 208:
209: function alterTableHandling($tableName) {
210: $db = getSetupMySQLDBConnection(false);
211: $dbAlter = getSetupMySQLDBConnection(false);
212:
213: $sql = $db->prepare('SHOW KEYS FROM `%s` WHERE Key_name="PRIMARY"', $tableName);
214: $db->query($sql);
215: while ($db->nextRecord()) {
216: $row = $db->getRecord();
217: $primaryKey = $row[4];
218: $sqlAlter = $dbAlter->prepare('ALTER TABLE `%s` CHANGE `%s` `%s` INT(11) NOT NULL AUTO_INCREMENT', $tableName, $primaryKey, $primaryKey);
219: $dbAlter->query($sqlAlter);
220: if ($dbAlter->getErrorNumber() != 0) {
221: logSetupFailure("Unable to execute SQL statement:\n" . $sqlAlter . "\nMysql Error: " . $dbAlter->getErrorMessage() . " (" . $dbAlter->getErrorNumber() . ")");
222: $_SESSION['install_failedupgradetable'] = true;
223: }
224: }
225: }
226:
227: 228: 229: 230: 231: 232:
233: function removeComments(&$output) {
234: $lines = explode("\n", $output);
235: $output = "";
236:
237:
238: $linecount = count($lines);
239:
240: $in_comment = false;
241: for ($i = 0; $i < $linecount; $i++) {
242: if (preg_match("/^\/\*/", preg_quote($lines[$i]))) {
243: $in_comment = true;
244: }
245:
246: if (!$in_comment) {
247: $output .= $lines[$i] . "\n";
248: }
249:
250: if (preg_match("/\*\/$/", preg_quote($lines[$i]))) {
251: $in_comment = false;
252: }
253: }
254:
255: unset($lines);
256: return $output;
257: }
258:
259: 260: 261: 262: 263:
264: function removeRemarks($sql) {
265: $lines = explode("\n", $sql);
266:
267:
268: $sql = "";
269:
270: $linecount = count($lines);
271: $output = "";
272:
273: for ($i = 0; $i < $linecount; $i++) {
274: if (($i != ($linecount - 1)) || (strlen($lines[$i]) > 0)) {
275: if (!empty($lines[$i]) && $lines[$i][0] != "#") {
276: $output .= $lines[$i] . "\n";
277: } else {
278: $output .= "\n";
279: }
280:
281: $lines[$i] = "";
282: }
283: }
284:
285: return $output;
286: }
287:
288: 289: 290: 291: 292: 293: 294:
295: function splitSqlFile($sql, $delimiter) {
296:
297: $tokens = explode($delimiter, $sql);
298:
299:
300: $sql = "";
301: $output = array();
302:
303:
304: $matches = array();
305:
306:
307: $token_count = count($tokens);
308: for ($i = 0; $i < $token_count; $i++) {
309:
310: if (($i != ($token_count - 1)) || (strlen($tokens[$i] > 0))) {
311:
312: $total_quotes = preg_match_all("/'/", $tokens[$i], $matches);
313:
314:
315: $escaped_quotes = preg_match_all("/(?<!\\\\)(\\\\\\\\)*\\\\'/", $tokens[$i], $matches);
316:
317: $unescaped_quotes = $total_quotes - $escaped_quotes;
318:
319:
320: if (($unescaped_quotes % 2) == 0) {
321:
322: $output[] = $tokens[$i];
323:
324: $tokens[$i] = "";
325: } else {
326:
327:
328: $temp = $tokens[$i] . $delimiter;
329:
330: $tokens[$i] = "";
331:
332:
333: $complete_stmt = false;
334:
335: for ($j = $i + 1; (!$complete_stmt && ($j < $token_count)); $j++) {
336:
337: $total_quotes = preg_match_all("/'/", $tokens[$j], $matches);
338:
339:
340: $escaped_quotes = preg_match_all("/(?<!\\\\)(\\\\\\\\)*\\\\'/", $tokens[$j], $matches);
341:
342: $unescaped_quotes = $total_quotes - $escaped_quotes;
343:
344: if (($unescaped_quotes % 2) == 1) {
345:
346:
347: $output[] = $temp . $tokens[$j];
348:
349:
350: $tokens[$j] = "";
351: $temp = "";
352:
353:
354: $complete_stmt = true;
355:
356: $i = $j;
357: } else {
358:
359:
360: $temp .= $tokens[$j] . $delimiter;
361:
362: $tokens[$j] = "";
363: }
364: }
365: }
366: }
367: }
368:
369: return $output;
370: }
371: