Databases
|
|
|
|
<?php
//********* Echelon.php v1.3 **********
//******Matt Springfield <matt@digitalthought.net> *****
//******Branden Williams <brw@digitalthought.net> *****
//******Jason Lotito <jason@lehighweb.com> *****
//This version of Echelon supports both PostgreSQL and MySQL
//Definitions:
define('DB_TYPE', 'database'); // 'pg'= PostreSQL , 'mysql' = MySQL
define('DB_SERVER', 'localhost');
define('DB_PORT', 'database port');
define('DB_USERNAME', 'username');
define('DB_PASSWORD', 'password');
define('DB_DATABASE', 'database');
define('ECH_ACCEPTED_REFERERS', 'www.site1.net, www.site2.com');
// This should be a comma delimited list of all of the
// possible web addresses that will post to this install.
define('ECH_USE_SESSIONS', '0'); // If you want to use the sessions functionality, just
// set this to 1. Be sure to follow the instructions in the
// README file to make this work.
//if you are using sessions the following tells echelon what you are calling your php session so it won't try to insert that info in the database.
define('PHP_SESSION_ID', 'PHPSESSID');
//define('EC_ERROR_PAGE', 'url of public error message page'); // Added so once Echelon is being used,
// the user can make sure he controls how
// and where errors are displayed. This
// way, if something goes wrong, it takes
// the user to a predetermined place, and
// won't give them an error message they
// may not understand.
// Uncomment to use.
//**************************************************************************************************
//**************************************************************************************************
//*************************** DON'T CHANGE ANYTHING BELOW HERE! ************************************
//Configure the proper connect variable for the type of database we are using:
if(DB_TYPE == 'pg') {
$conn = pg_PConnect("host=".DB_SERVER." port=".DB_PORT." dbname=".DB_DATABASE." user=".DB_USERNAME." password=".DB_PASSWORD);
$close_conn = "pg_close";
}
if(DB_TYPE == 'mysql') {
$conn = mysql_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD) or die (mysql_error());
mysql_select_db(DB_DATABASE) or die (mysql_error());
$close_conn = "mysql_close";
}
if (!$conn) {
if (DB_TYPE == "pg") {
echo "Could not connect to database: " .pg_errormessage();
} elseif(DB_TYPE == "mysql") {
echo "Could not connect to database: " .mysql_error();
}
exit;
}
// Initialize the PHP session if we are using it.
if (ECH_USE_SESSIONS == 1) {
session_start();
}
//did we forget something?
if (empty($echelon_table)) {
if(empty($echelon_dbg)) {
if(defined(EC_ERROR_PAGE)) {
go_redirect(EC_ERROR_PAGE);
}
} else {
echo "<b>Error:</b> Table name not specified.";
exit;
}
} else if (empty($echelon_url)) {
if(empty($echelon_dbg)) {
if(defined(EC_ERROR_PAGE)) {
go_redirect(EC_ERROR_PAGE);
}
} else {
echo "<b>Error:</b> Redirect URL not specified.";
exit;
}
}
// perform a referer check. If PHP was smart enough to allow for constants of non-scalar value
// we would not have to explode the constant. oh well. Maybe another day. -B
$hostArray = explode(",", ECH_ACCEPTED_REFERERS);
if (!in_array($HTTP_HOST, $hostArray)) {
echo "Invalid Referer. Please check the ECH_ACCEPTED_REFERERS constant value.";
exit;
}
if ($echelon_aid == "ins" || $echelon_aid == "upd" || $echelon_aid == "del") {
build_sql($echelon_aid,$echelon_table,$echelon_url,$echelon_wc);
}
function build_sql($echelon_aid,$echelon_table,$echelon_url,$echelon_wc) {
global $conn, $HTTP_POST_VARS, $echelon_dbg;
reset ($HTTP_POST_VARS);
//initialize the variables for the sql string:
if ($echelon_aid == "ins") {
$SQL = "INSERT INTO $echelon_table (";
$Values = "VALUES (";
} else if ($echelon_aid == "upd") {
$SQL = "UPDATE $echelon_table SET ";
} else if ($echelon_aid == "del") {
$SQL = "DELETE FROM $echelon_table WHERE $echelon_wc";
}
while (list($key, $val) = each($HTTP_POST_VARS)) {
if (!get_magic_quotes_gpc()) {
$val = str_replace("\","\\",$val);
$val = str_replace("'","\'",$val);
}
if ($key == "echelon_table" || $key == "echelon_url" || $key == "echelon_wc" || $key == PHP_SESSION_ID) {
} else {
//are we inserting or deleting?
if ($echelon_aid == "ins") {
if (ereg("^func(.*)",$key)) {
$SQL .= substr(ereg_replace("^func(","",$key),0,-1).",";
} else {
$SQL .= $key.",";
}
if ($val == "") {
$Values .= "null,";
} else {
if (ereg("^func(.*)$",$key)) {
$Values .= $val.",";
} else {
$Values .= "'".$val."',";
}
}
} else if ($echelon_aid == "upd") {
if ($val == "") {
if (ereg("^func(.*)",$key)) {
$SQL .= substr(ereg_replace("^func(","",$key),0,-1)."=null, ";
} else {
$SQL .= $key."=null, ";
}
} else {
if (ereg("^func(.*)",$key)) {
$SQL .= substr(ereg_replace("^func(","",$key),0,-1)."=".$val.", ";
} else {
$SQL .= $key."='".$val."', ";
}
}
}
}
}
if ($echelon_aid == "ins") {
$SQL = substr($SQL,0,strlen($SQL)-1).") ".substr($Values,0,strlen($Values)-1) . ") ";
} else if ($echelon_aid == "upd") {
$echelon_wc = stripslashes($echelon_wc);
/*
This next part is a bit tricky, so let me explain what is going on.
First, the ereg is looking for something that resembles this:
'ec(field_name)'
When it finds that, it strips out the uneeded stuff, and finally, replaces
the field_name part with the value from HTTP_POST_VARS, essentially grabbing
the form value and putting it into the Where clause. It continues to do this as long
as the Where clause has the ereg in it.
*/
while(ereg("'ec(([a-zA-Z0-9_-]+))'",$echelon_wc, $regs)) {
$regs[1] = str_replace("ec--(","",$regs[1]);
$regs[1] = str_replace("'","",$regs[1]);
$echelon_wc = ereg_replace("'ec(".$regs[1].")'", "'".$HTTP_POST_VARS["$regs[1]"]."'", $echelon_wc);
}
$SQL = substr($SQL,0,strlen($SQL)-2)." WHERE ".$echelon_wc;
}
//are we debugging?
if ($echelon_dbg > "") {
echo "<b>Debugging ON</b><br><br>".$SQL."<br><b>Redirect URL:</b>".$echelon_url;
for($x = 0; $x <= $regs_count; $x++)
{
echo "<li>Regs[$x]: $regs[$x]";
}
echo "</ol>";
exit;
}
execute_sql($SQL,$echelon_url);
}
//************ SQL Execute FUNCTION ********************
//******************************************************
//***** This function is called by any of the **********
//***** other functions to execute the sql **********
//***** statement that is within the $SQL **********
//***** string. **********
//***** Required parameters: **********
//***** $SQL sql string **********
//******************************************************
function execute_sql($SQL) {
global $conn,$echelon_url;
if (!$conn) {
if(empty($echelon_dbg)) {
if(defined(EC_ERROR_PAGE)) {
go_redirect(EC_ERROR_PAGE);
}
} else {
echo "<b>Error:</b> Could not connect to database.";
exit;
}
} elseif (!$SQL) {
if(empty($echelon_dbg)) {
if(defined(EC_ERROR_PAGE)) {
go_redirect(EC_ERROR_PAGE);
}
} else {
echo "<b>Error:</b> SQL string error.<br>";
exit;
}
}
if (DB_TYPE == "pg") {
$result = pg_exec($conn, $SQL);
} elseif(DB_TYPE == "mysql") {
$result = mysql_query($SQL);
}
if (!$result) {
if (DB_TYPE == "pg") {
echo pg_errormessage();
} elseif(DB_TYPE == "mysql") {
echo mysql_error();
}
echo "<br><br>".$SQL;
exit;
}
$close_conn;
if (ECH_USE_SESSIONS == 1) {
session_unregister("echelon_wc");
session_unregister("echelon_url");
session_unregister("echelon_table");
}
go_redirect($echelon_url);
}
//************ REDIRECT FUNCTION ***********************
//******************************************************
//***** This function is called by any of the **********
//***** other functions to redirect back to **********
//***** application. **********
//***** Required parameters: **********
//***** $echelon_wc url to redirect to **********
//******************************************************
function go_redirect($echelon_url) {
header("location: ".$echelon_url);
}
//************ /REDIRECT FUNCTION **********************
?>
?>
|
|
|
Usage Example
|
|
|
Rate This Script
|
|
|
|
Store
Your email: