Pastebin
API
tools
faq
paste
Login
Sign up
Please fix the following errors:
New Paste
Syntax Highlighting
<?php /* Determine the root of the entire project. * Recall this file is in the "includes" folder so its "2 levels deep". */ define('__SITE_ROOT__', dirname(dirname(__FILE__))); /* Read database configuration file and populate class parameters */ require_once(__SITE_ROOT__ . '/includes/database-config.php'); class MySQLHandler { /**************************/ /* Database Configuration */ /**************************/ /* If there is any problem connecting, it is almost always one of these values. */ /* ---------------------------------------------- * DATABASE HOST * ---------------------------------------------- * This is the host/server which has the database. * If using XAMPP, this is almost certainly localhost. * 127.0.0.1 might work. * */ static public $mMySQLDatabaseHost = DB_HOST; /* ---------------------------------------------- * DATABASE USER NAME * ---------------------------------------------- * This is the user name of the account on the database * which OWASP Mutillidae II will use to connect. If this is set * incorrectly, OWASP Mutillidae II is not going to be able to connect * to the database. * */ static public $mMySQLDatabaseUsername = DB_USERNAME; /* ---------------------------------------------- * DATABASE PASSWORD * ---------------------------------------------- * This is the password of the account on the database * which OWASP Mutillidae II will use to connect. If this is set * incorrectly, OWASP Mutillidae II is not going to be able to connect * to the database. On XAMPP, the password for user * account root is typically blank. * On Samurai, the $dbpass password is "samurai" rather * than blank. * */ static public $mMySQLDatabasePassword = DB_PASSWORD; /* ---------------------------------------------- * DATABASE NAME (NOT SERVER NAME) * ---------------------------------------------- * This is the name of the database which will be created * by the installation script. You can choose this name. * */ static public $mMySQLDatabaseName = DB_NAME; /* ------------------------------------------ * OBJECT PROPERTIES * ------------------------------------------ */ //default insecure: no output encoding. protected $encodeOutput = FALSE; protected $stopSQLInjection = FALSE; protected $mSecurityLevel = 0; protected $ESAPI = null; protected $Encoder = null; /* Helper Objects */ protected $mCustomErrorHandler = null; protected $mLogHandler = null; /* MySQL Object */ protected $mMySQLConnection = null; /* ------------------------------------------ * STATIC PROPERTIES * ------------------------------------------ */ public static $mDatabaseAvailableMessage = ""; /* ------------------------------------------ * CONSTRUCTOR METHOD * ------------------------------------------ */ public function __construct($pPathToESAPI, $pSecurityLevel){ $this->doSetSecurityLevel($pSecurityLevel); /* initialize OWASP ESAPI for PHP */ require_once $pPathToESAPI . 'ESAPI.php'; $this->ESAPI = new ESAPI($pPathToESAPI . 'ESAPI.xml'); $this->Encoder = $this->ESAPI->getEncoder(); /* initialize custom error handler */ require_once 'CustomErrorHandler.php'; $this->mCustomErrorHandler = new CustomErrorHandler($pPathToESAPI, $pSecurityLevel); $this->doOpenDatabaseConnection(); }// end function __construct() /* ------------------------------------------ * PRIVATE METHODS * ------------------------------------------ */ private function doSetSecurityLevel($pSecurityLevel){ $this->mSecurityLevel = $pSecurityLevel; switch ($this->mSecurityLevel){ case "0": // This code is insecure, we are not encoding output case "1": // This code is insecure, we are not encoding output $this->encodeOutput = FALSE; $this->stopSQLInjection = FALSE; break; case "2": case "3": case "4": case "5": // This code is fairly secure // If we are secure, then we encode all output. $this->encodeOutput = TRUE; $this->stopSQLInjection = TRUE; break; }// end switch }// end function private function doOpenDatabaseConnection(){ $ACCESS_DENIED = "Access denied for user"; $USERNAME = self::$mMySQLDatabaseUsername; $PASSWORD = self::$mMySQLDatabasePassword; $SAMURAI_WTF_PASSWORD = "samurai"; $HOSTNAME = self::$mMySQLDatabaseHost; try{ $this->mMySQLConnection = new mysqli($HOSTNAME, $USERNAME, $PASSWORD); if (strlen($this->mMySQLConnection->connect_error) > 0) { /* If error is "Access denied for user", it could just be an incorrect password. On samurai * the password is "samurai". Try that password. */ if (substr_count($this->mMySQLConnection->connect_error, $ACCESS_DENIED) > 0){ $this->mMySQLConnection = new mysqli($HOSTNAME, $USERNAME, $SAMURAI_WTF_PASSWORD); if (strlen($this->mMySQLConnection->connect_error) > 0) { throw (new Exception("Could not connect with password '".$SAMURAI_WTF_PASSWORD."' either.")); }// end if }else{ throw (new Exception("Database settings might be incorect.")); }//end if }// end if } catch (Exception $e) { throw(new Exception("CRITICAL. Error attempting to open MySQL connection. Try checking the connection settings in the MySQLHandler.php class file. If there is a problem connecting, usually one of these settings is incorrect (i.e. - username, password, database name). It is also a good idea to make sure the database is running and that the web site (Mutillidae) is allowed to connect. This error was generated by public function __construct(). Tried to connect with username " . self::$mMySQLDatabaseUsername . ", password ". self::$mMySQLDatabasePassword . ", and hostname " . self::$mMySQLDatabaseHost . ". " . $this->mCustomErrorHandler->getExceptionMessage($e))); }// end try }// end function doOpenDatabaseConnection private function doCloseDatabaseConnection(){ try{ $lResult = $this->mMySQLConnection->close(); if (!$lResult) { throw (new Exception("Error executing query. Connection error: ".$this->mMySQLConnection->connect_errorno." - ".$this->mMySQLConnection->connect_error." Error: ".$this->mMySQLConnection->errorno." - ".$this->mMySQLConnection->error, $this->mMySQLConnection->errorno)); }// end if }catch (Exception $e){ throw(new Exception($this->mCustomErrorHandler->getExceptionMessage($e, "Error attempting to close MySQL connection."))); }// end try }// end public private doCloseDatabaseConnection private function serializeMySQLImprovedObjectProperties(){ $lErrorMessage = "<br /><br />"; if (isset($this->mMySQLConnection->connect_errno)) { $lErrorMessage .= "connect_errno: " . $this->mMySQLConnection->connect_errno . "<br />"; }// end if isset() if (isset($this->mMySQLConnection->connect_error)) { $lErrorMessage .= "connect_error: " . $this->mMySQLConnection->connect_error . "<br />"; }// end if isset() if (isset($this->mMySQLConnection->errno)) { $lErrorMessage .= "errno: " . $this->mMySQLConnection->errno . "<br />"; }// end if isset() if (isset($this->mMySQLConnection->error)) { $lErrorMessage .= "error: " . $this->mMySQLConnection->error . "<br />"; }// end if isset() if (isset($this->mMySQLConnection->client_info)) { $lErrorMessage .= "client_info: " . $this->mMySQLConnection->client_info . "<br />"; }// end if isset() if (isset($this->mMySQLConnection->host_info)) { $lErrorMessage .= "host_info: " . $this->mMySQLConnection->host_info . "<br /><br />"; }// end if isset() return $lErrorMessage; }// end private function serializeMySQLImprovedObjectProperties() private function doExecuteQuery($pQueryString){ try { $lResult = $this->mMySQLConnection->query($pQueryString); if (!$lResult) { throw (new Exception("Error executing query: ".$this->serializeMySQLImprovedObjectProperties().")")); }// end if there are no results return $lResult; } catch (Exception $e) { throw(new Exception($this->mCustomErrorHandler->getExceptionMessage($e, "Query: " . $this->Encoder->encodeForHTML($pQueryString)))); }// end function }// end private function executeQuery /* ------------------------------------------ * PUBLIC METHODS * ------------------------------------------ */ public static function databaseAvailable(){ self::$mDatabaseAvailableMessage = "AVAILABLE"; $lMySQLConnection = null; $UNKNOWN_DATABASE = "Unknown database"; $ACCESS_DENIED = "Access denied for user"; $USERNAME = self::$mMySQLDatabaseUsername; $PASSWORD = self::$mMySQLDatabasePassword; $SAMURAI_WTF_PASSWORD = "samurai"; $HOSTNAME = self::$mMySQLDatabaseHost; $INCORRECT_DATABASE_CONFIGURATION_MESSAGE = "Error connecting to MySQL database on host '".$HOSTNAME."' with username '".$USERNAME."' and password '".$PASSWORD."'. First, try to reset the database (ResetDB button on menu). Next, check that the database service is running and that the database username, password, database name, and database location are configured correctly. Note: File /mutillidae/classes/MySQLHandler.php contains the database configuration."; $INCORRECT_DATABASE_CONFIGURATION_MESSAGE_SAMURAI = "Error connecting to MySQL database on host '".$HOSTNAME."' with username '".$USERNAME."' and password '".$PASSWORD."'. Note: In addition to the configured password '".$PASSWORD."', the password 'samurai' was tried as well. First, try to reset the database (ResetDB button on menu). Next, check that the database service is running and that the database username, password, database name, and database location are configured correctly. Note: File /mutillidae/classes/MySQLHandler.php contains the database configuration."; $UNKNOWN_DATABASE_MESSAGE = "Unable to select default database " . self::$mMySQLDatabaseName. ". It appears that the database to which Mutillidae is configured to connect has not been created. Try to <a href=\"set-up-database.php\">setup/reset the DB</a> to see if that helps. Next, check that the database service is running and that the database username, password, database name, and database location are configured correctly. Note: File /mutillidae/classes/MySQLHandler.php contains the database configuration."; try{ $lMySQLConnection = new mysqli($HOSTNAME, $USERNAME, $PASSWORD); if (strlen($lMySQLConnection->connect_error) > 0) { /* If error is "Access denied for user", it could just be an incorrect password. On samurai * the password is "samurai". Try that password. */ try { $lMySQLConnection = new mysqli($HOSTNAME, $USERNAME, $SAMURAI_WTF_PASSWORD); if (strlen($lMySQLConnection->connect_error) > 0) { self::$mDatabaseAvailableMessage = $INCORRECT_DATABASE_CONFIGURATION_MESSAGE_SAMURAI . " Connection error: ".$lMySQLConnection->connect_error; throw new Exception(self::$mDatabaseAvailableMessage); }// end if } catch (Exception $e) { self::$mDatabaseAvailableMessage = $INCORRECT_DATABASE_CONFIGURATION_MESSAGE . " Connection error: ".$lMySQLConnection->connect_error; throw new Exception(self::$mDatabaseAvailableMessage); } }// end if there was an error right away if(!$lMySQLConnection->select_db(self::$mMySQLDatabaseName)) { self::$mDatabaseAvailableMessage = $UNKNOWN_DATABASE_MESSAGE . " Connection error: ".$lMySQLConnection->connect_error; throw new Exception(self::$mDatabaseAvailableMessage); }//end if $lResult = $lMySQLConnection->query("SELECT 'test connection';"); if(!$lResult){ self::$mDatabaseAvailableMessage = "Failed to execute test query on MySQL database but we appear to be connected " . $lMySQLConnection->error."<br /><br />First, try to reset the database (ResetDB button on menu)<br /><br />Check if the database configuration is correct. If the system made it this far, the username and password are probably correct. Perhaps the database name is wrong.<br /><br />"; throw new Exception(self::$mDatabaseAvailableMessage); }// end if $lResult = $lMySQLConnection->query("SELECT cid FROM blogs_table;"); if(!$lResult){ self::$mDatabaseAvailableMessage = "Failed to execute test query on blogs_table in the MySQL database but we appear to be connected " . $lMySQLConnection->error."<br /><br />First, try to reset the database (ResetDB button on menu)<br /><br />The blogs table should exist in the ".self::$mMySQLDatabaseName." database if the database configuration is correct. If the system made it this far, the username and password are probably correct. Perhaps the database name is wrong.<br /><br />"; throw new Exception(self::$mDatabaseAvailableMessage); }// end if $lMySQLConnection->close(); } catch (Exception $e) { self::$mDatabaseAvailableMessage = "Failed to connect to MySQL database. " . $e->getMessage(); throw new Exception(self::$mDatabaseAvailableMessage); }// end try return TRUE; } //end public function databaseAvailable(){ public function connectToDefaultDatabase(){ $this->mMySQLConnection->select_db(self::$mMySQLDatabaseName); }//end function public function setSecurityLevel($pSecurityLevel){ $this->doSetSecurityLevel($pSecurityLevel); }// end function public function getSecurityLevel(){ return $this->mSecurityLevel; }// end function public function openDatabaseConnection(){ $this->doOpenDatabaseConnection(); }// end function public function escapeDangerousCharacters($pString){ return $this->mMySQLConnection->real_escape_string($pString); }//end function public function affected_rows(){ return $this->mMySQLConnection->affected_rows; }//end function public function executeQuery($pQueryString){ return $this->doExecuteQuery($pQueryString); }// end public function executeQuery public function closeDatabaseConnection(){ $this->doCloseDatabaseConnection(); }// end public function closeDatabaseConnection }// end class
Optional Paste Settings
Category:
None
Cryptocurrency
Cybersecurity
Fixit
Food
Gaming
Haiku
Help
History
Housing
Jokes
Legal
Money
Movies
Music
Pets
Photo
Science
Software
Source Code
Spirit
Sports
Travel
TV
Writing
Tags:
Syntax Highlighting:
None
Bash
C
C#
C++
CSS
HTML
JSON
Java
JavaScript
Lua
Markdown (PRO members only)
Objective C
PHP
Perl
Python
Ruby
Swift
4CS
6502 ACME Cross Assembler
6502 Kick Assembler
6502 TASM/64TASS
ABAP
AIMMS
ALGOL 68
APT Sources
ARM
ASM (NASM)
ASP
ActionScript
ActionScript 3
Ada
Apache Log
AppleScript
Arduino
Asymptote
AutoIt
Autohotkey
Avisynth
Awk
BASCOM AVR
BNF
BOO
Bash
Basic4GL
Batch
BibTeX
Blitz Basic
Blitz3D
BlitzMax
BrainFuck
C
C (WinAPI)
C Intermediate Language
C for Macs
C#
C++
C++ (WinAPI)
C++ (with Qt extensions)
C: Loadrunner
CAD DCL
CAD Lisp
CFDG
CMake
COBOL
CSS
Ceylon
ChaiScript
Chapel
Clojure
Clone C
Clone C++
CoffeeScript
ColdFusion
Cuesheet
D
DCL
DCPU-16
DCS
DIV
DOT
Dart
Delphi
Delphi Prism (Oxygene)
Diff
E
ECMAScript
EPC
Easytrieve
Eiffel
Email
Erlang
Euphoria
F#
FO Language
Falcon
Filemaker
Formula One
Fortran
FreeBasic
FreeSWITCH
GAMBAS
GDB
GDScript
Game Maker
Genero
Genie
GetText
Go
Godot GLSL
Groovy
GwBasic
HQ9 Plus
HTML
HTML 5
Haskell
Haxe
HicEst
IDL
INI file
INTERCAL
IO
ISPF Panel Definition
Icon
Inno Script
J
JCL
JSON
Java
Java 5
JavaScript
Julia
KSP (Kontakt Script)
KiXtart
Kotlin
LDIF
LLVM
LOL Code
LScript
Latex
Liberty BASIC
Linden Scripting
Lisp
Loco Basic
Logtalk
Lotus Formulas
Lotus Script
Lua
M68000 Assembler
MIX Assembler
MK-61/52
MPASM
MXML
MagikSF
Make
MapBasic
Markdown (PRO members only)
MatLab
Mercury
MetaPost
Modula 2
Modula 3
Motorola 68000 HiSoft Dev
MySQL
Nagios
NetRexx
Nginx
Nim
NullSoft Installer
OCaml
OCaml Brief
Oberon 2
Objeck Programming Langua
Objective C
Octave
Open Object Rexx
OpenBSD PACKET FILTER
OpenGL Shading
Openoffice BASIC
Oracle 11
Oracle 8
Oz
PARI/GP
PCRE
PHP
PHP Brief
PL/I
PL/SQL
POV-Ray
ParaSail
Pascal
Pawn
Per
Perl
Perl 6
Phix
Pic 16
Pike
Pixel Bender
PostScript
PostgreSQL
PowerBuilder
PowerShell
ProFTPd
Progress
Prolog
Properties
ProvideX
Puppet
PureBasic
PyCon
Python
Python for S60
QBasic
QML
R
RBScript
REBOL
REG
RPM Spec
Racket
Rails
Rexx
Robots
Roff Manpage
Ruby
Ruby Gnuplot
Rust
SAS
SCL
SPARK
SPARQL
SQF
SQL
SSH Config
Scala
Scheme
Scilab
SdlBasic
Smalltalk
Smarty
StandardML
StoneScript
SuperCollider
Swift
SystemVerilog
T-SQL
TCL
TeXgraph
Tera Term
TypeScript
TypoScript
UPC
Unicon
UnrealScript
Urbi
VB.NET
VBScript
VHDL
VIM
Vala
Vedit
VeriLog
Visual Pro Log
VisualBasic
VisualFoxPro
WHOIS
WhiteSpace
Winbatch
XBasic
XML
XPP
Xojo
Xorg Config
YAML
YARA
Z80 Assembler
ZXBasic
autoconf
jQuery
mIRC
newLISP
q/kdb+
thinBasic
Paste Expiration:
Never
Burn after read
10 Minutes
1 Hour
1 Day
1 Week
2 Weeks
1 Month
6 Months
1 Year
Paste Exposure:
Public
Unlisted
Private
Folder:
(members only)
Password
NEW
Enabled
Disabled
Burn after read
NEW
Paste Name / Title:
Create New Paste
Hello
Guest
Sign Up
or
Login
Sign in with Facebook
Sign in with Twitter
Sign in with Google
You are currently not logged in, this means you can not edit or delete anything you paste.
Sign Up
or
Login
Public Pastes
Tttg
5 hours ago | 0.33 KB
OoT rando seed 6/6
5 hours ago | 68.46 KB
Symbol Dump for Discord
21 hours ago | 0.41 KB
tes
1 day ago | 0.02 KB
Untitled
1 day ago | 2.28 KB
GSA NS
1 day ago | 1.37 KB
WaterFul.m
MatLab | 1 day ago | 0.42 KB
WaterEmpty.m
MatLab | 1 day ago | 0.54 KB
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the
Cookies Policy
.
OK, I Understand
Not a member of Pastebin yet?
Sign Up
, it unlocks many cool features!
