Untitled

#!/usr/bin/php5
<?php
$username = "db_username";
$password = "db_password";
$servername = "db_host";
$dbname = "db_name";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
	echo json_encode(array(
		success => FALSE,
		decription => "connection failure",
		result => array(),
		was_debug => FALSE,
	));
	exit();
}

echo "Content-Type: text/json\n\n";
$msg = stream_get_contents(STDIN);

$msg = json_decode($msg);

$arguments = json_decode($msg->arguments);

$debug_hash = 'kxjsio32@#ekmeXN223SMXSK2k323';
$salt = 'powpl@#@qnqm123MWKEn2m3XXKL@2[w]q[<qq>';

$query = $msg->query;

if ($msg->groups) {
	foreach ($msg->groups as $name => $rtimes) {
		// Find group in query. There should only be
		// one group in the query.
		$spos = strpos($query, "$!" . $name . "$", 0);
		$epos = strpos($query, "$!" . $name . "/$", $spos);
		$spos_d = $spos + 2 + count($name) + 1;
		$epos_d = $epos;
		$epos = $epos + 2 + count($name) + 2;
		// Extract part and repeat it this many times.
		$part = substr($query, $spos_d, $epos_d - $spos_d);
		$query = substr_replace($query, str_repeat($part, $rtimes), $epos, $epos - $spos);
	}
}
// Only use $debug_hash for the shmac when we are debugging and
// desire to have the hash returned. Otherwise, pass the
// actual SHA512 hash as the shmac and it will be checked.
//
// The $debug_hash just makes implementing a test query easier or
// making changes easier. Once code goes to production it should be
// using the actual hash.
//
// By using the hash instead of the password as salt we can
// prevent anyone from running arbitrary queries.
$_shmac = hash("sha512", $query . $salt, FALSE);
$was_debug = TRUE;
if ($msg->shmac != $debug_hash) {
	$was_debug = FALSE;
	if ($msg->shmac != $_shmac) {
		// This is someone trying to guess the hash. They need
		// the salt to compute the hash but they should not have
		// it. The only value they should see if the actual SHA512
		// hashes unless you left the $salt from debugging.
		echo json_encode(array(
			success => FALSE,
			decription => "hash failure",
			result => array(),
			was_debug => FALSE,
		));
		exit();
	}
}

$stmt = $conn->prepare($msg->query);

$refl = new ReflectionClass('mysqli_stmt');

$args = array();
if (count($arguments) > 0) {
	array_push($args, $msg->typecodes);
	foreach($arguments as $key => $val) {
	  $args[] = &$arguments[$key];
	}

	call_user_func_array(array($stmt, "bind_param"), $args);
}

$stmt->execute();
$stmt->store_result();

// Need to build a list of references to our $orow array so that
// it can recieve the columns of each row. The fields are iterated
// so that it is known what fields and all can be fetched.
$oparams = array();
$orow = array();
$meta = $stmt->result_metadata();
while ($field = $meta->fetch_field()) {
  array_push($oparams, &$orow[$field->name]);
}

// A special function to call a method with arguments from an array.
$method = call_user_func_array(array($stmt, "bind_result"), $oparams);

$out = array();
while ($stmt->fetch()) {
  array_push($out, json_decode(json_encode($orow)));
}

$stmt->close();

echo json_encode(array(
	success => TRUE,
	decription => "success",
	result => $out,
	// If this was a success then this is the same value that was provided
	// or the salt was given so this gives the actual hash to be used in
	// place of the salt value.
	shmac => $_shmac,
	was_debug => $was_debug,
	query => $msg->query,
));

$conn->close();
?>