Skip to content
Snippets Groups Projects
Commit 9fb28fb2 authored by Jared Hancock's avatar Jared Hancock
Browse files

Merge pull request #571 from protich/feature/mysqli 


Add mysqli interface to osTicket

Reviewed-By: default avatarJared Hancock <jared@osticket.com>
parents c01d3b56 9544098f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
include/class.osticket.php
+ 1
1
View file @ 9fb28fb2
......@@ -307,7 +307,7 @@ class osTicket {
',log='.db_input($message).
',ip_address='.db_input($_SERVER['REMOTE_ADDR']);
mysql_query($sql); //don't use db_query to avoid possible loop.
db_query($sql, false);
return true;
}
......
include/class.setup.php
+ 9
10
View file @ 9fb28fb2
......@@ -21,7 +21,7 @@ Class SetupWizard {
'mysql' => '4.4');
//Version info - same as the latest version.
var $version =THIS_VERSION;
var $version_verbose = THIS_VERSION;
......@@ -35,7 +35,7 @@ Class SetupWizard {
}
function load_sql_file($file, $prefix, $abort=true, $debug=false) {
if(!file_exists($file) || !($schema=file_get_contents($file)))
return $this->abort('Error accessing SQL file '.basename($file), $debug);
......@@ -49,18 +49,17 @@ Class SetupWizard {
# Strip comments and remarks
$schema=preg_replace('%^\s*(#|--).*$%m', '', $schema);
# Replace table prefis
# Replace table prefix
$schema = str_replace('%TABLE_PREFIX%', $prefix, $schema);
# Split by semicolons - and cleanup
# Split by semicolons - and cleanup
if(!($statements = array_filter(array_map('trim', @explode(';', $schema)))))
return $this->abort('Error parsing SQL schema', $debug);
@mysql_query('SET SESSION SQL_MODE =""');
db_query('SET SESSION SQL_MODE =""', false);
foreach($statements as $k=>$sql) {
//Note that we're not using db_query - because we want to control how errors are reported.
if(mysql_query($sql)) continue;
$error = "[$sql] ".mysql_error();
if(db_query($sql, false)) continue;
$error = "[$sql] ".db_error();
if($abort)
return $this->abort($error, $debug);
}
......@@ -100,7 +99,7 @@ Class SetupWizard {
@error is a mixed var.
*/
function abort($error, $debug=false) {
if($debug) echo $error;
$this->onError($error);
......@@ -108,7 +107,7 @@ Class SetupWizard {
}
function setError($error) {
if($error && is_array($error))
$this->errors = array_merge($this->errors, $error);
elseif($error)
......
include/mysql.php
+ 23
23
View file @ 9fb28fb2
......@@ -2,7 +2,7 @@
/*********************************************************************
mysql.php
Collection of MySQL helper interface functions.
Collection of MySQL helper interface functions.
Mostly wrappers with error/resource checking.
......@@ -16,8 +16,8 @@
vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
function db_connect($host, $user, $passwd, $db = "") {
function db_connect($host, $user, $passwd, $options = array()) {
//Assert
if(!strlen($user) || !strlen($passwd) || !strlen($host))
return NULL;
......@@ -27,7 +27,7 @@
return NULL;
//Select the database, if any.
if($db) db_select_database($db);
if($options['db']) db_select_database($options['db']);
//set desired encoding just in case mysql charset is not UTF-8 - Thanks to FreshMedia
@mysql_query('SET NAMES "utf8"');
......@@ -36,7 +36,7 @@
@db_set_variable('sql_mode', '');
return $dblink;
return $dblink;
}
function db_close() {
......@@ -47,7 +47,7 @@
function db_version() {
$version=0;
if(preg_match('/(\d{1,2}\.\d{1,2}\.\d{1,2})/',
if(preg_match('/(\d{1,2}\.\d{1,2}\.\d{1,2})/',
mysql_result(db_query('SELECT VERSION()'),0,0),
$matches)) # nolint
$version=$matches[1]; # nolint
......@@ -77,18 +77,14 @@
function db_create_database($database, $charset='utf8', $collate='utf8_general_ci') {
return @mysql_query(sprintf('CREATE DATABASE %s DEFAULT CHARACTER SET %s COLLATE %s', $database, $charset, $collate));
}
// execute sql query
function db_query($query, $database="", $conn="") {
function db_query($query, $logError=true) {
global $ost;
if($conn) { /* connection is provided*/
$res = ($database)?mysql_db_query($database, $query, $conn):mysql_query($query, $conn);
} else {
$res = ($database)?mysql_db_query($database, $query):mysql_query($query);
}
if(!$res && $ost) { //error reporting
$res = mysql_query($query);
if(!$res && $logError && $ost) { //error reporting
$msg='['.$query.']'."\n\n".db_error();
$ost->logDBError('DB Error #'.db_errno(), $msg);
//echo $msg; #uncomment during debuging or dev.
......@@ -98,7 +94,7 @@
}
function db_squery($query) { //smart db query...utilizing args and sprintf
$args = func_get_args();
$query = array_shift($args);
$query = str_replace("?", "%s", $query);
......@@ -108,7 +104,7 @@
return db_query($query);
}
function db_count($query) {
function db_count($query) {
return db_result(db_query($query));
}
......@@ -126,7 +122,7 @@
function db_fetch_field($res) {
return ($res)?mysql_fetch_field($res):NULL;
}
}
function db_assoc_array($res, $mode=false) {
if($res && db_num_rows($res)) {
......@@ -159,13 +155,13 @@
function db_free_result($res) {
return mysql_free_result($res);
}
function db_output($var) {
if(!function_exists('get_magic_quotes_runtime') || !get_magic_quotes_runtime()) //Sucker is NOT on - thanks.
return $var;
if (is_array($var))
if (is_array($var))
return array_map('db_output', $var);
return (!is_numeric($var))?stripslashes($var):$var;
......@@ -192,9 +188,13 @@
}
function db_error() {
return mysql_error();
return mysql_error();
}
function db_connect_error() {
return db_error();
}
function db_errno() {
return mysql_errno();
}
......
include/mysqli.php 0 → 100644
+ 232
0
View file @ 9fb28fb2
<?php
/*********************************************************************
mysqli.php
Collection of MySQL helper interface functions.
Mostly wrappers with error/resource checking.
Peter Rotich <peter@osticket.com>
Jared Hancock <jared@osticket.com>
Copyright (c) 2006-2013 osTicket
http://www.osticket.com
Released under the GNU General Public License WITHOUT ANY WARRANTY.
See LICENSE.TXT for details.
vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
$__db = null;
function db_connect($host, $user, $passwd, $options = array()) {
global $__db;
//Assert
if(!strlen($user) || !strlen($host))
return NULL;
if (!($__db = mysqli_init()))
return NULL;
// Setup SSL if enabled
if (isset($options['ssl']))
$__db->ssl_set(
$options['ssl']['key'],
$options['ssl']['cert'],
$options['ssl']['ca'],
null, null);
elseif(!$passwd)
return NULL;
//Connectr
if(!@$__db->real_connect($host, $user, $passwd))
return NULL;
//Select the database, if any.
if(isset($options['db'])) $__db->select_db($options['db']);
//set desired encoding just in case mysql charset is not UTF-8 - Thanks to FreshMedia
@$__db->query('SET NAMES "utf8"');
@$__db->query('SET CHARACTER SET "utf8"');
@$__db->query('SET COLLATION_CONNECTION=utf8_general_ci');
@db_set_variable('sql_mode', '');
return $__db;
}
function db_close() {
global $__db;
return @$__db->close();
}
function db_version() {
$version=0;
if(preg_match('/(\d{1,2}\.\d{1,2}\.\d{1,2})/',
db_result(db_query('SELECT VERSION()')),
$matches)) # nolint
$version=$matches[1]; # nolint
return $version;
}
function db_timezone() {
return db_get_variable('time_zone');
}
function db_get_variable($variable, $type='session') {
$sql =sprintf('SELECT @@%s.%s', $type, $variable);
return db_result(db_query($sql));
}
function db_set_variable($variable, $value, $type='session') {
$sql =sprintf('SET %s %s=%s',strtoupper($type), $variable, db_input($value));
return db_query($sql);
}
function db_select_database($database) {
global $__db;
return ($database && @$__db->select_db($database));
}
function db_create_database($database, $charset='utf8',
$collate='utf8_general_ci') {
global $__db;
return @$__db->query(sprintf('CREATE DATABASE %s DEFAULT CHARACTER SET %s COLLATE %s', $database, $charset, $collate));
}
// execute sql query
function db_query($query, $logError=true) {
global $ost, $__db;
$res = $__db->query($query);
if(!$res && $logError && $ost) { //error reporting
$msg='['.$query.']'."\n\n".db_error();
$ost->logDBError('DB Error #'.db_errno(), $msg);
//echo $msg; #uncomment during debuging or dev.
}
return $res;
}
function db_squery($query) { //smart db query...utilizing args and sprintf
$args = func_get_args();
$query = array_shift($args);
$query = str_replace("?", "%s", $query);
$args = array_map('db_real_escape', $args);
array_unshift($args, $query);
$query = call_user_func_array('sprintf', $args);
return db_query($query);
}
function db_count($query) {
return db_result(db_query($query));
}
function db_result($res, $row=0) {
if (!$res)
return NULL;
$res->data_seek($row);
list($value) = db_output($res->fetch_row());
return $value;
}
function db_fetch_array($res, $mode=MYSQL_ASSOC) {
return ($res) ? db_output($res->fetch_array($mode)) : NULL;
}
function db_fetch_row($res) {
return ($res) ? db_output($res->fetch_row()) : NULL;
}
function db_fetch_field($res) {
return ($res) ? $res->fetch_field() : NULL;
}
function db_assoc_array($res, $mode=false) {
if($res && db_num_rows($res)) {
while ($row=db_fetch_array($res, $mode))
$result[]=$row;
}
return $result;
}
function db_num_rows($res) {
return ($res) ? $res->num_rows : 0;
}
function db_affected_rows() {
global $__db;
return $__db->affected_rows;
}
function db_data_seek($res, $row_number) {
return ($res && $res->data_seek($row_number));
}
function db_data_reset($res) {
return db_data_seek($res, 0);
}
function db_insert_id() {
global $__db;
return $__db->insert_id;
}
function db_free_result($res) {
return ($res && $res->free());
}
function db_output($var) {
if(!function_exists('get_magic_quotes_runtime') || !get_magic_quotes_runtime()) //Sucker is NOT on - thanks.
return $var;
if (is_array($var))
return array_map('db_output', $var);
return (!is_numeric($var))?stripslashes($var):$var;
}
//Do not call this function directly...use db_input
function db_real_escape($val, $quote=false) {
global $__db;
//Magic quotes crap is taken care of in main.inc.php
$val=$__db->real_escape_string($val);
return ($quote)?"'$val'":$val;
}
function db_input($var, $quote=true) {
if(is_array($var))
return array_map('db_input', $var, array_fill(0, count($var), $quote));
elseif($var && preg_match("/^\d+(\.\d+)?$/", $var))
return $var;
return db_real_escape($var, $quote);
}
function db_connect_error() {
global $__db;
return $__db->connect_error;
}
function db_error() {
global $__db;
return $__db->error;
}
function db_errno() {
global $__db;
return $__db->errno;
}
?>
include/ost-sampleconfig.php
+ 22
2
View file @ 9fb28fb2
......@@ -4,7 +4,7 @@
Static osTicket configuration file. Mainly useful for mysql login info.
Created during installation process and shouldn't change even on upgrades.
Peter Rotich <peter@osticket.com>
Copyright (c) 2006-2010 osTicket
http://www.osticket.com
......@@ -36,11 +36,31 @@ define('ADMIN_EMAIL','%ADMIN-EMAIL');
#Mysql Login info
define('DBTYPE','mysql');
define('DBHOST','%CONFIG-DBHOST');
define('DBHOST','%CONFIG-DBHOST');
define('DBNAME','%CONFIG-DBNAME');
define('DBUSER','%CONFIG-DBUSER');
define('DBPASS','%CONFIG-DBPASS');
# SSL Options
# ---------------------------------------------------
# SSL options for MySQL can be enabled by adding a certificate allowed by
# the database server here. To use SSL, you must have a client certificate
# signed by a CA (certificate authority). You can easily create this
# yourself with the EasyRSA suite. Give the public CA certificate, and both
# the public and private parts of your client certificate below.
#
# Once configured, you can ask MySQL to require the certificate for
# connections:
#
# > create user osticket;
# > grant all on osticket.* to osticket require subject '<subject>';
#
# More information (to-be) available in doc/security/hardening.md
# define('DBSSLCA','/path/to/ca.crt');
# define('DBSSLCERT','/path/to/client.crt');
# define('DBSSLKEY','/path/to/client.key');
#Table prefix
define('TABLE_PREFIX','%CONFIG-PREFIX');
......
main.inc.php
+ 16
3
View file @ 9fb28fb2
......@@ -122,7 +122,10 @@
require(INCLUDE_DIR.'class.format.php'); //format helpers
require(INCLUDE_DIR.'class.validator.php'); //Class to help with basic form input validation...please help improve it.
require(INCLUDE_DIR.'class.mailer.php');
require(INCLUDE_DIR.'mysql.php');
if (extension_loaded('mysqli'))
require_once INCLUDE_DIR.'mysqli.php';
else
require(INCLUDE_DIR.'mysql.php');
#CURRENT EXECUTING SCRIPT.
define('THISPAGE', Misc::currentURL());
......@@ -190,8 +193,18 @@
#Connect to the DB && get configuration from database
$ferror=null;
if (!db_connect(DBHOST,DBUSER,DBPASS) || !db_select_database(DBNAME)) {
$ferror='Unable to connect to the database';
$options = array();
if (defined('DBSSLCA'))
$options['ssl'] = array(
'ca' => DBSSLCA,
'cert' => DBSSLCERT,
'key' => DBSSLKEY
);
if (!db_connect(DBHOST, DBUSER, DBPASS, $options)) {
$ferror='Unable to connect to the database -'.db_connect_error();
}elseif(!db_select_database(DBNAME)) {
$ferror='Unknown or invalid database '.DBNAME;
} elseif(!($ost=osTicket::start(1)) || !($cfg = $ost->getConfig())) {
$ferror='Unable to load config info from DB. Get tech support.';
}
......
setup/inc/class.installer.php
+ 20
21
View file @ 9fb28fb2
......@@ -81,7 +81,7 @@ class Installer extends SetupWizard {
//MYSQL: Connect to the DB and check the version & database (create database if it doesn't exist!)
if(!$this->errors) {
if(!db_connect($vars['dbhost'],$vars['dbuser'],$vars['dbpass']))
$this->errors['db']='Unable to connect to MySQL server. Possibly invalid login info.';
$this->errors['db']='Unable to connect to MySQL server. '.db_connect_error();
elseif(db_version()< $this->getMySQLVersion())
$this->errors['db']=sprintf('osTicket requires MySQL %s or better!',$this->getMySQLVersion());
elseif(!db_select_database($vars['dbname']) && !db_create_database($vars['dbname'])) {
......@@ -92,12 +92,12 @@ class Installer extends SetupWizard {
} else {
//Abort if we have another installation (or table) with same prefix.
$sql = 'SELECT * FROM `'.$vars['prefix'].'config` LIMIT 1';
if(mysql_query($sql)) {
if(db_query($sql, false)) {
$this->errors['err'] = 'We have a problem - another installation with same table prefix exists!';
$this->errors['prefix'] = 'Prefix already in-use';
} else {
//Try changing charset and collation of the DB - no bigie if we fail.
mysql_query('ALTER DATABASE '.$vars['dbname'].' DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci');
db_query('ALTER DATABASE '.$vars['dbname'].' DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci', false);
}
}
}
......@@ -125,19 +125,19 @@ class Installer extends SetupWizard {
$this->errors['err']='Error parsing SQL schema! Get help from developers (#4)';
$sql='SELECT `id` FROM '.PREFIX.'sla ORDER BY `id` LIMIT 1';
$sla_id_1 = mysql_result(mysql_query($sql), 0);
$sla_id_1 = db_result(db_query($sql, false), 0);
$sql='SELECT `dept_id` FROM '.PREFIX.'department ORDER BY `dept_id` LIMIT 1';
$dept_id_1 = mysql_result(mysql_query($sql), 0);
$dept_id_1 = db_result(db_query($sql, false), 0);
$sql='SELECT `tpl_id` FROM '.PREFIX.'email_template ORDER BY `tpl_id` LIMIT 1';
$template_id_1 = mysql_result(mysql_query($sql), 0);
$template_id_1 = db_result(db_query($sql, false), 0);
$sql='SELECT `group_id` FROM '.PREFIX.'groups ORDER BY `group_id` LIMIT 1';
$group_id_1 = mysql_result(mysql_query($sql), 0);
$group_id_1 = db_result(db_query($sql, false), 0);
$sql='SELECT `id` FROM '.PREFIX.'timezone WHERE offset=-5.0 LIMIT 1';
$eastern_timezone = mysql_result(mysql_query($sql), 0);
$eastern_timezone = db_result(db_query($sql, false), 0);
if(!$this->errors) {
//Create admin user.
......@@ -149,7 +149,7 @@ class Installer extends SetupWizard {
.', lastname='.db_input($vars['lname'])
.', username='.db_input($vars['username'])
.', passwd='.db_input(Passwd::hash($vars['passwd']));
if(!mysql_query($sql) || !($uid=mysql_insert_id()))
if(!db_query($sql, false) || !($uid=db_insert_id()))
$this->errors['err']='Unable to create admin user (#6)';
}
......@@ -161,11 +161,11 @@ class Installer extends SetupWizard {
." ('Support','$email',NOW(),NOW())"
.",('osTicket Alerts','alerts@$domain',NOW(),NOW())"
.",('','noreply@$domain',NOW(),NOW())";
@mysql_query($sql);
$support_email_id = mysql_insert_id();
$support_email_id = db_query($sql, false) ? db_insert_id() : 0;
$sql='SELECT `email_id` FROM '.PREFIX."email WHERE `email`='alerts@$domain' LIMIT 1";
$alert_email_id = mysql_result(mysql_query($sql), 0);
$alert_email_id = db_result(db_query($sql, false), 0);
//Create config settings---default settings!
//XXX: rename ostversion helpdesk_* ??
......@@ -178,7 +178,7 @@ class Installer extends SetupWizard {
.', schema_signature='.db_input($signature)
.', helpdesk_url='.db_input(URL)
.', helpdesk_title='.db_input($vars['name']);
if(!mysql_query($sql) || !($cid=mysql_insert_id()))
if(!db_query($sql, false) || !($cid=db_insert_id()))
$this->errors['err']='Unable to create config settings (#7)';
}
......@@ -202,12 +202,11 @@ class Installer extends SetupWizard {
/************* Make the system happy ***********************/
$sql='UPDATE '.PREFIX."email SET dept_id=$dept_id_1";
mysql_query($sql);
$sql='UPDATE '.PREFIX."department SET email_id=$email_id_1"
.", autoresp_email_id=$email_id_1";
mysql_query($sql);
db_query($sql, false);
$sql='UPDATE '.PREFIX."department SET email_id=$support_email_id"
.", autoresp_email_id=$support_email_id";
db_query($sql, false);
//Create a ticket to make the system warm and happy.
$sql='INSERT INTO '.PREFIX.'ticket SET created=NOW(), status="open", source="Web" '
......@@ -216,7 +215,7 @@ class Installer extends SetupWizard {
.' ,email="support@osticket.com" '
.' ,name="osTicket Support" '
.' ,subject="osTicket Installed!"';
if(mysql_query($sql) && ($tid=mysql_insert_id())) {
if(db_query($sql, false) && ($tid=db_insert_id())) {
if(!($msg=file_get_contents(INC_DIR.'msg/installed.txt')))
$msg='Congratulations and Thank you for choosing osTicket!';
......@@ -226,7 +225,7 @@ class Installer extends SetupWizard {
.', ticket_id='.db_input($tid)
.', title='.db_input('osTicket Installed')
.', body='.db_input($msg);
@mysql_query($sql);
db_query($sql, false);
}
//TODO: create another personalized ticket and assign to admin??
......@@ -236,7 +235,7 @@ class Installer extends SetupWizard {
.', title="osTicket installed!"'
.', log='.db_input($msg)
.', ip_address='.db_input($_SERVER['REMOTE_ADDR']);
@mysql_query($sql);
db_query($sql, false);
return true;
}
......
setup/setup.inc.php
+ 6
1
View file @ 9fb28fb2
......@@ -66,5 +66,10 @@ require_once(INCLUDE_DIR.'class.validator.php');
require_once(INCLUDE_DIR.'class.passwd.php');
require_once(INCLUDE_DIR.'class.format.php');
require_once(INCLUDE_DIR.'class.misc.php');
require_once(INCLUDE_DIR.'mysql.php');
if (extension_loaded('mysqli'))
require_once INCLUDE_DIR.'mysqli.php';
else
require(INCLUDE_DIR.'mysql.php');
?>
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment