Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/php5
- <?php
- $username = "db_username";
- $password = "db_password";
- $servername = "db_host";
- $dbname = "db_name";
- // Create connection
- $conn = new mysqli($servername, $username, $password, $dbname);
- // Check connection
- if ($conn->connect_error) {
- echo json_encode(array(
- success => FALSE,
- decription => "connection failure",
- result => array(),
- was_debug => FALSE,
- ));
- exit();
- }
- echo "Content-Type: text/json\n\n";
- $msg = stream_get_contents(STDIN);
- $msg = json_decode($msg);
- $arguments = json_decode($msg->arguments);
- $debug_hash = 'kxjsio32@#ekmeXN223SMXSK2k323';
- $salt = 'powpl@#@qnqm123MWKEn2m3XXKL@2[w]q[<qq>';
- $query = $msg->query;
- if ($msg->groups) {
- foreach ($msg->groups as $name => $rtimes) {
- // Find group in query. There should only be
- // one group in the query.
- $spos = strpos($query, "$!" . $name . "$", 0);
- $epos = strpos($query, "$!" . $name . "/$", $spos);
- $spos_d = $spos + 2 + count($name) + 1;
- $epos_d = $epos;
- $epos = $epos + 2 + count($name) + 2;
- // Extract part and repeat it this many times.
- $part = substr($query, $spos_d, $epos_d - $spos_d);
- $query = substr_replace($query, str_repeat($part, $rtimes), $epos, $epos - $spos);
- }
- }
- // Only use $debug_hash for the shmac when we are debugging and
- // desire to have the hash returned. Otherwise, pass the
- // actual SHA512 hash as the shmac and it will be checked.
- //
- // The $debug_hash just makes implementing a test query easier or
- // making changes easier. Once code goes to production it should be
- // using the actual hash.
- //
- // By using the hash instead of the password as salt we can
- // prevent anyone from running arbitrary queries.
- $_shmac = hash("sha512", $query . $salt, FALSE);
- $was_debug = TRUE;
- if ($msg->shmac != $debug_hash) {
- $was_debug = FALSE;
- if ($msg->shmac != $_shmac) {
- // This is someone trying to guess the hash. They need
- // the salt to compute the hash but they should not have
- // it. The only value they should see if the actual SHA512
- // hashes unless you left the $salt from debugging.
- echo json_encode(array(
- success => FALSE,
- decription => "hash failure",
- result => array(),
- was_debug => FALSE,
- ));
- exit();
- }
- }
- $stmt = $conn->prepare($msg->query);
- $refl = new ReflectionClass('mysqli_stmt');
- $args = array();
- if (count($arguments) > 0) {
- array_push($args, $msg->typecodes);
- foreach($arguments as $key => $val) {
- $args[] = &$arguments[$key];
- }
- call_user_func_array(array($stmt, "bind_param"), $args);
- }
- $stmt->execute();
- $stmt->store_result();
- // Need to build a list of references to our $orow array so that
- // it can recieve the columns of each row. The fields are iterated
- // so that it is known what fields and all can be fetched.
- $oparams = array();
- $orow = array();
- $meta = $stmt->result_metadata();
- while ($field = $meta->fetch_field()) {
- array_push($oparams, &$orow[$field->name]);
- }
- // A special function to call a method with arguments from an array.
- $method = call_user_func_array(array($stmt, "bind_result"), $oparams);
- $out = array();
- while ($stmt->fetch()) {
- array_push($out, json_decode(json_encode($orow)));
- }
- $stmt->close();
- echo json_encode(array(
- success => TRUE,
- decription => "success",
- result => $out,
- // If this was a success then this is the same value that was provided
- // or the salt was given so this gives the actual hash to be used in
- // place of the salt value.
- shmac => $_shmac,
- was_debug => $was_debug,
- query => $msg->query,
- ));
- $conn->close();
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement