API tools faq
paste
UnitedSecTeam

SourceForge Leaked!!

UnitedSecTeam
Oct 21st, 2017
142
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.35 KB | None | 0 0
raw download clone embed print report
  1. ///////////////////UnitedSecTeam///////////////////
  2. @UniteSecTeam
  3. Pesting since 2015
  4. www.sourceforge.net
  5.  
  6. WebTree leaked containing database names.
  7.  
  8.  
  9.  
  10. --- a/web/mysql.inc
  11. +++ b/web/mysql.inc
  12. @@ -2,32 +2,46 @@
  13. // $Id$
  14.  
  15. // mysql.inc - Simple PHP database support for MySQL.
  16. -// Include this file after defining the following variables:
  17. +// The standard MRBS database connection utilises the following configuration
  18. +// variables:
  19. // $db_host = The hostname of the database server
  20. // $db_login = The username to use when connecting to the database
  21. // $db_password = The database account password
  22. // $db_database = The database name.
  23. -// Including this file connects you to the database, or exits on error.
  24. -
  25. +
  26. +
  27. +// A small utility function (not part of the DB abstraction API) to
  28. +// update a connection handle to the global MRBS connection handle
  29. +// if said handle is null/empty
  30. +function sql_mysql_ensure_handle(&$db_conn)
  31. +{
  32. + if (empty($db_conn))
  33. + {
  34. + global $sql_mysql_conn;
  35. + $db_conn = $sql_mysql_conn;
  36. + }
  37. +}
  38.  
  39. // Free a results handle. You need not call this if you call sql_row or
  40. // sql_row_keyed until the row returns 0, since sql_row frees the results
  41. // handle when you finish reading the rows.
  42. -function sql_free ($r)
  43. -{
  44. +function sql_mysql_free ($r, $db_conn = null)
  45. +{
  46. + sql_mysql_ensure_handle($db_conn);
  47. +
  48. mysql_free_result($r);
  49. }
  50.  
  51. // Execute a non-SELECT SQL command (insert/update/delete).
  52. // Returns the number of tuples affected if OK (a number >= 0).
  53. // Returns -1 on error; use sql_error to get the error message.
  54. -function sql_command ($sql)
  55. -{
  56. - global $db_c;
  57. -
  58. - if (mysql_query($sql, $db_c))
  59. - {
  60. - return mysql_affected_rows($db_c);
  61. +function sql_mysql_command ($sql, $db_conn = null)
  62. +{
  63. + sql_mysql_ensure_handle($db_conn);
  64. +
  65. + if (mysql_query($sql, $db_conn))
  66. + {
  67. + return mysql_affected_rows($db_conn);
  68. }
  69. return -1;
  70. }
  71. @@ -38,11 +52,11 @@
  72. // exactly one value, so error checking is somewhat limited.
  73. // It also returns -1 if the query returns a single NULL value, such as from
  74. // a MIN or MAX aggregate function applied over no rows.
  75. -function sql_query1 ($sql)
  76. -{
  77. - global $db_c;
  78. -
  79. - $r = mysql_query($sql, $db_c);
  80. +function sql_mysql_query1 ($sql, $db_conn = null)
  81. +{
  82. + sql_mysql_ensure_handle($db_conn);
  83. +
  84. + $r = mysql_query($sql, $db_conn);
  85. if (! $r)
  86. {
  87. return -1;
  88. @@ -59,11 +73,11 @@
  89. // Execute an SQL query. Returns a database-dependent result handle,
  90. // which should be passed back to sql_row or sql_row_keyed to get the results.
  91. // Returns 0 on error; use sql_error to get the error message.
  92. -function sql_query ($sql)
  93. -{
  94. - global $db_c;
  95. -
  96. - $r = mysql_query($sql, $db_c);
  97. +function sql_mysql_query ($sql, $db_conn = null)
  98. +{
  99. + sql_mysql_ensure_handle($db_conn);
  100. +
  101. + $r = mysql_query($sql, $db_conn);
  102. return $r;
  103. }
  104.  
  105. @@ -72,8 +86,10 @@
  106. // When called with i >= number of rows in the result, cleans up from
  107. // the query and returns 0.
  108. // Typical usage: $i = 0; while ((a = sql_row($r, $i++))) { ... }
  109. -function sql_row ($r, $i)
  110. -{
  111. +function sql_mysql_row ($r, $i, $db_conn = null)
  112. +{
  113. + sql_mysql_ensure_handle($db_conn);
  114. +
  115. if ($i >= mysql_num_rows($r))
  116. {
  117. mysql_free_result($r);
  118. @@ -89,8 +105,10 @@
  119. // routing also stores the data under number indexes.
  120. // When called with i >= number of rows in the result, cleans up from
  121. // the query and returns 0.
  122. -function sql_row_keyed ($r, $i)
  123. -{
  124. +function sql_mysql_row_keyed ($r, $i, $db_conn = null)
  125. +{
  126. + sql_mysql_ensure_handle($db_conn);
  127. +
  128. if ($i >= mysql_num_rows($r))
  129. {
  130. mysql_free_result($r);
  131. @@ -101,37 +119,39 @@
  132. }
  133.  
  134. // Return the number of rows returned by a result handle from sql_query.
  135. -function sql_count ($r)
  136. -{
  137. +function sql_mysql_count ($r, $db_conn = null)
  138. +{
  139. + sql_mysql_ensure_handle($db_conn);
  140. +
  141. return mysql_num_rows($r);
  142. }
  143.  
  144. // Return the value of an autoincrement field from the last insert.
  145. // Must be called right after an insert on that table!
  146. -function sql_insert_id($table, $field)
  147. -{
  148. - global $db_c;
  149. -
  150. - return mysql_insert_id($db_c);
  151. +function sql_mysql_insert_id($table, $field, $db_conn = null)
  152. +{
  153. + sql_mysql_ensure_handle($db_conn);
  154. +
  155. + return mysql_insert_id($db_conn);
  156. }
  157.  
  158. // Return the text of the last error message.
  159. -function sql_error()
  160. -{
  161. - global $db_c;
  162. -
  163. - return mysql_error($db_c);
  164. +function sql_mysql_error($db_conn = null)
  165. +{
  166. + sql_mysql_ensure_handle($db_conn);
  167. +
  168. + return mysql_error($db_conn);
  169. }
  170.  
  171. // Begin a transaction, if the database supports it. This is used to
  172. // improve PostgreSQL performance for multiple insert/delete/updates.
  173. // There is no rollback support, since MySQL doesn't support it.
  174. -function sql_begin()
  175. +function sql_msyql_begin($db_conn = null)
  176. {
  177. }
  178.  
  179. // Commit (end) a transaction. See sql_begin().
  180. -function sql_commit()
  181. +function sql_mysql_commit($db_conn = null)
  182. {
  183. }
  184.  
  185. @@ -146,61 +166,70 @@
  186. // Do not mix this with sql_begin()/sql_end() calls.
  187. //
  188. // In MySQL, we avoid table locks, and use low-level locks instead.
  189. -function sql_mutex_lock($name)
  190. -{
  191. - global $sql_mutex_shutdown_registered, $sql_mutex_unlock_name;
  192. - if (!sql_query1("SELECT GET_LOCK('$name', 20)"))
  193. +function sql_mysql_mutex_lock($name, $db_conn = null)
  194. +{
  195. + sql_mysql_ensure_handle($db_conn);
  196. +
  197. + global $sql_mysql_mutex_shutdown_registered, $sql_mysql_mutex_unlock_name;
  198. + if (!sql_mysql_query1("SELECT GET_LOCK('$name', 20)", $db_conn))
  199. {
  200. return 0;
  201. }
  202. - $sql_mutex_unlock_name = $name;
  203. - if (empty($sql_mutex_shutdown_registered))
  204. - {
  205. - register_shutdown_function("sql_mutex_cleanup");
  206. - $sql_mutex_shutdown_registered = 1;
  207. + $sql_mysql_mutex_unlock_name = $name;
  208. + if (empty($sql_mysql_mutex_shutdown_registered))
  209. + {
  210. + register_shutdown_function("sql_mysql_mutex_cleanup", $db_conn);
  211. + $sql_mysql_mutex_shutdown_registered = 1;
  212. }
  213. return 1;
  214. }
  215.  
  216. // Release a mutual-exclusion lock on the named table. See sql_mutex_unlock.
  217. -function sql_mutex_unlock($name)
  218. -{
  219. - global $sql_mutex_unlock_name;
  220. - sql_query1("SELECT RELEASE_LOCK('$name')");
  221. - $sql_mutex_unlock_name = "";
  222. +function sql_mysql_mutex_unlock($name, $db_conn = null)
  223. +{
  224. + sql_mysql_ensure_handle($db_conn);
  225. +
  226. + global $sql_mysql_mutex_unlock_name;
  227. + sql_mysql_query1("SELECT RELEASE_LOCK('$name')", $db_conn);
  228. + $sql_mysql_mutex_unlock_name = "";
  229. }
  230.  
  231. // Shutdown function to clean up a forgotten lock. For internal use only.
  232. -function sql_mutex_cleanup()
  233. -{
  234. - global $sql_mutex_shutdown_registered, $sql_mutex_unlock_name;
  235. - if (!empty($sql_mutex_unlock_name))
  236. - {
  237. - sql_mutex_unlock($sql_mutex_unlock_name);
  238. - $sql_mutex_unlock_name = "";
  239. - }
  240. -}
  241. -
  242. +function sql_mysql_mutex_cleanup($db_conn)
  243. +{
  244. + global $sql_mysql_mutex_shutdown_registered, $sql_mysql_mutex_unlock_name;
  245. + if (!empty($sql_mysql_mutex_unlock_name))
  246. + {
  247. + sql_mysql_mutex_unlock($sql_mysql_mutex_unlock_name, $db_conn);
  248. + $sql_mysql_mutex_unlock_name = "";
  249. + }
  250. +}
  251.  
  252. // Return a string identifying the database version:
  253. -function sql_version()
  254. -{
  255. - $r = sql_query("select version()");
  256. - $v = sql_row($r, 0);
  257. - sql_free($r);
  258. +function sql_mysql_version($db_conn = null)
  259. +{
  260. + sql_mysql_ensure_handle($db_conn);
  261. +
  262. + $r = sql_mysql_query("select version()", $db_conn);
  263. + $v = sql_mysql_row($r, 0, $db_conn);
  264. + sql_mysql_free($r, $db_conn);
  265. return "MySQL $v[0]";
  266. }
  267.  
  268.  
  269. // Generate non-standard SQL for LIMIT clauses:
  270. -function sql_syntax_limit($count, $offset)
  271. -{
  272. +function sql_mysql_syntax_limit($count, $offset, $db_conn = null)
  273. +{
  274. + sql_mysql_ensure_handle($db_conn);
  275. +
  276. return " LIMIT $offset,$count ";
  277. }
  278.  
  279. // Generate non-standard SQL to output a TIMESTAMP as a Unix-time:
  280. -function sql_syntax_timestamp_to_unix($fieldname)
  281. -{
  282. +function sql_mysql_syntax_timestamp_to_unix($fieldname, $db_conn = null)
  283. +{
  284. + sql_mysql_ensure_handle($db_conn);
  285. +
  286. return " UNIX_TIMESTAMP($fieldname) ";
  287. }
  288.  
  289. @@ -208,8 +237,10 @@
  290. // in a case insensitive manner. $s is the un-escaped/un-slashed string.
  291. // In MySQL, REGEXP seems to be case sensitive, so use LIKE instead. But this
  292. // requires quoting of % and _ in addition to the usual.
  293. -function sql_syntax_caseless_contains($fieldname, $s)
  294. -{
  295. +function sql_mysql_syntax_caseless_contains($fieldname, $s, $db_conn = null)
  296. +{
  297. + sql_mysql_ensure_handle($db_conn);
  298. +
  299. $s = str_replace("\\", "\\\\", $s);
  300. $s = str_replace("%", "\\%", $s);
  301. $s = str_replace("_", "\\_", $s);
  302. @@ -218,43 +249,76 @@
  303. }
  304.  
  305. // Returns the name of a field.
  306. -function sql_field_name($result, $index)
  307. -{
  308. +function sql_mysql_field_name($result, $index, $db_conn = null)
  309. +{
  310. + sql_mysql_ensure_handle($db_conn);
  311. +
  312. return mysql_field_name($result, $index);
  313. }
  314.  
  315. // Returns the type of a field. (one of "int", "real", "string", "blob", etc...)
  316. -function sql_field_type($result, $index)
  317. -{
  318. +function sql_mysql_field_type($result, $index, $db_conn = null)
  319. +{
  320. + sql_mysql_ensure_handle($db_conn);
  321. +
  322. return mysql_field_type($result, $index);
  323. }
  324.  
  325. // Returns the number of fields in a result.
  326. -function sql_num_fields($result)
  327. -{
  328. +function sql_mysql_num_fields($result, $db_conn = null)
  329. +{
  330. + sql_mysql_ensure_handle($db_conn);
  331. +
  332. return mysql_num_fields($result);
  333. }
  334.  
  335.  
  336. -
  337. -// Establish a database connection.
  338. -// On connection error, the message will be output without a proper HTML
  339. -// header. There is no way I can see around this; if track_errors isn't on
  340. -// there seems to be no way to supress the automatic error message output and
  341. -// still be able to access the error text.
  342. -if (empty($db_nopersist))
  343. -{
  344. - $db_c = mysql_pconnect($db_host, $db_login, $db_password);
  345. -}
  346. -else
  347. -{
  348. - $db_c = mysql_connect($db_host, $db_login, $db_password);
  349. -}
  350. -
  351. -if (!$db_c || !mysql_select_db ($db_database, $db_c))
  352. -{
  353. - echo "\n<p>\n" . get_vocab("failed_connect_db") . "\n</p>\n";
  354. - exit;
  355. +// Connect to a database server and select a database, optionally using
  356. +// persistent connections
  357. +function sql_mysql_connect($host, $username, $password, $db_name, $persist = 0)
  358. +{
  359. + // Establish a database connection.
  360. +
  361. + // On connection error, the message will be output without a proper HTML
  362. + // header. There is no way I can see around this; if track_errors isn't on
  363. + // there seems to be no way to supress the automatic error message output and
  364. + // still be able to access the error text.
  365. +
  366. + if ($persist)
  367. + {
  368. + $db_conn = mysql_pconnect($host, $username, $password);
  369. + }
  370. + else
  371. + {
  372. + $db_conn = mysql_connect($host, $username, $password);
  373. + }
  374. +
  375. + if (!$db_conn || !mysql_select_db ($db_name, $db_conn))
  376. + {
  377. + echo "\n<p>\n" . get_vocab("failed_connect_db") . "\n</p>\n";
  378. + exit;
  379. + }
  380. + return $db_conn;
  381. +}
  382. +
  383. +
  384. +//
  385. +function sql_mysql_default_connect()
  386. +{
  387. + global $sql_mysql_conn, $db_nopersist, $db_host, $db_login, $db_password,
  388. + $db_database;
  389. +
  390. + /////////////////////////////////////////////
  391. + // Open the standard MRBS database connection
  392. +
  393. + $persist = 1;
  394. + if (!empty($db_nopersist) && $db_nopersist)
  395. + {
  396. + $persist = 0;
  397. + }
  398. +
  399. + $sql_mysql_conn = sql_mysql_connect($db_host, $db_login, $db_password,
  400. + $db_database, $persist);
  401. }
  402.  
  403. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!