00001 <?php
00002
00003 require_once 'const.php';
00004 require_once('config.php');
00005 require_once('error.php');
00006
00009
00010 # SQL queries
00011
00015
00016 $sql_actions = array(
00017
00018 'select' => array (
00019 "sql" => "SELECT @v:columns@ FROM @v:tables@ @v:join@ WHERE @v:cond@ @v:group_by@ ORDER BY @v:order@ ",
00020 "kw_default" => array( "columns" => "*", "cond" => "1 = 1", "order" => "id", "join" => "", "group_by" => "" ),
00021 "kw_args" => array ( "tables" )
00022 ),
00023
00024 'update' => array (
00025 "sql" => "UPDATE @v:tables@ SET @kvq:data@ WHERE @v:cond@",
00026 "kw_default" => array( "cond" => "1 = 1" ),
00027 "kw_args" => array ( "cond", "tables", "data" )
00028 ),
00029
00030 'insert' => array (
00031 "sql" => "INSERT INTO @v:table@ ( @k:data@ ) VALUES ( @vq:data@ )",
00032 "kw_default" => array(),
00033 "kw_args" => array ( "table", "data" )
00034 ),
00035
00036 'delete' => array (
00037 "sql" => "DELETE FROM @v:table@ WHERE @v:cond@",
00038 "kw_default" => array( "cond" => "1 = 1" ),
00039 "kw_args" => array ( "table", "cond" )
00040 ),
00041
00042 'check_pw' => array (
00043 "sql" => "SELECT user.*,role.name AS role_name,degree.description as degree_description FROM user,state,role,degree WHERE degree.id=user.degree_id AND state.name='active' AND user.state_id = state.id AND user.login = @vq:login@ AND user.password = @vq:password@ AND user.role_id = role.id LIMIT 1",
00044 "kw_default" => array( ),
00045 "kw_args" => array ( "login", "password" )
00046 ),
00047
00048 'set_state' => array (
00049 "sql" => "UPDATE @v:table@, state SET @v:table@.last_state_change = NOW(), @v:table@.state_id = state.id WHERE state.name = @vq:state@ AND @v:table@.id = @vq:id@ AND @v:cond@ AND @v:table@.state_id != state.id ",
00050 "kw_default" => array( "cond" => "1 = 1" ),
00051 "kw_args" => array ( "state", "table", "id" )
00052 ),
00053
00054 'last_id' => array (
00055 "sql" => "SELECT last_insert_id() AS last_id",
00056 "kw_default" => array(),
00057 "kw_args" => array ()
00058 ),
00059
00060 'get_uid' => array (
00061 "sql" => "SELECT id from user WHERE email = @vq:email@",
00062 "kw_default" => array(),
00063 "kw_args" => array ()
00064 ),
00065
00066 );
00067
00072
00073 function sql_quote($value, $dblink ) {
00074
00075 # Strip slashes
00076
00077 if (get_magic_quotes_gpc()) {
00078 $value = stripslashes($value);
00079 }
00080
00081 $type = gettype($value);
00082
00083 switch($type) {
00084
00085 case "string":
00086 $value = "'" . mysql_real_escape_string($value, $dblink) . "'";
00087 break;
00088
00089 case "boolean":
00090 $value = ($value) ? 1 : 0; # xxx mysql specific??
00091 break;
00092
00093 case "integer":
00094 case "float":
00095 break;
00096
00097 default:
00098 user_error("unsupported type: $type", E_USER_ERROR);
00099 }
00100
00101 return $value;
00102 }
00103
00120
00121 function sql_kw_parse ( $action, $kw, $dblink ) {
00122
00123 global $sql_actions;
00124
00125 # check arguments
00126
00127 if (!isset($sql_actions[$action])) {
00128 user_error("illegal action: $action", E_USER_ERROR);
00129 }
00130
00131 if (!is_array ($kw)) {
00132 user_error("illegal parameter type:" . gettype($kw),
00133 E_USER_ERROR);
00134 }
00135
00136 $kw = array_merge($sql_actions[$action]['kw_default'], $kw);
00137
00138
00139 foreach ($sql_actions[$action]['kw_args'] as $k) {
00140 if (!isset($kw[$k])){
00141 user_error("required keyword missing: $k",
00142 E_USER_ERROR);
00143 }
00144 }
00145
00146 $kw_out = array();
00147
00148 foreach ($kw as $key => $val) {
00149
00150 $type = gettype($val);
00151
00152 switch($type) {
00153
00154 case "array":
00155
00156 $keys = $vals = $keys_vals = "";
00157 $vals_q = $keys_vals_q = "";
00158
00159 foreach ($val as $k => $v ) {
00160
00161 $keys .= "$k,";
00162
00163 # unquoted
00164
00165 $vals .= "$v,";
00166 $keys_vals .= "$k = $v,";
00167
00168 $kw_out["@v:${key}#${k}@"] = $v;
00169
00170 # quoted
00171
00172 $v = sql_quote($v, $dblink);
00173
00174 $vals_q .= "$v,";
00175 $keys_vals_q .= "$k = $v,";
00176
00177 $kw_out["@vq:${key}#${k}@"] = $v;
00178 }
00179
00180 $kw_out["@k:$key@"] = rtrim($keys, ',');
00181 $kw_out["@v:$key@"] = rtrim($vals, ',');
00182 $kw_out["@kv:$key@"] = rtrim($keys_vals, ',');
00183
00184 $kw_out["@vq:$key@"] = rtrim($vals_q, ',');
00185 $kw_out["@kvq:$key@"] = rtrim($keys_vals_q, ',');
00186
00187 break;
00188
00189 case "string":
00190
00191 $kw_out['@v:' . $key . '@'] = $val;
00192 $kw_out['@vq:' . $key . '@'] = sql_quote($val, $dblink);
00193 break;
00194
00195 default:
00196 user_error("illegal type $type for key $key",
00197 E_USER_ERROR);
00198 }
00199 }
00200
00201 return $kw_out;
00202 }
00203
00251
00252 function sql_query ( $action, $kw, $dblink ) {
00253
00254 global $sql_actions, $debug_level;
00255
00256
00257
00258 if (!isset($sql_actions[$action])) {
00259 user_error("illegal action: $action" , E_USER_ERROR);
00260 }
00261
00262 if ($debug_level > 10) {
00263 print "action: $action";
00264 print "<hr><pre>SQL Keywords before parsing:\n";
00265 print_r($kw);
00266 print "</pre><hr>";
00267 }
00268
00269 $kw = sql_kw_parse($action, $kw, $dblink);
00270
00271 if ($debug_level > 10) {
00272 print "<hr><pre>SQL Keywords after parsing:\n";
00273 print_r($kw);
00274 print "</pre><hr>";
00275 }
00276
00277 $q = $sql_actions[$action]['sql'];
00278 $q = strtr($q, $kw);
00279
00280 if ($debug_level > 10) {
00281 print "<hr><pre>SQL query: $q </pre><hr>\n";
00282 }
00283
00284 $result = mysql_query($q, $dblink) or
00285 user_error( "mysql query failed: \"$q\"\n" . mysql_error(),
00286 E_USER_ERROR );
00287
00288 $ans = array();
00289
00290 if ($result) {
00291 $i = 0;
00292 while ( $ans[$i++] = mysql_fetch_assoc($result) )
00293 ;
00294
00295 unset($ans[$i-1]);
00296 }
00297
00298 if ($debug_level > 20) {
00299 print "<hr><pre>SQL answer: \n";
00300 print_r($ans);
00301 print "<hr>\n";
00302 }
00303
00304 return $ans;
00305 }
00306
00310
00311 function sql_init() {
00312 global $db_host, $db_user, $db_pass, $db_name, $_SESSION;
00313
00314 ($dblink = mysql_connect($db_host, $db_user, $db_pass)) or
00315 user_error( "mysql connection to host $db_host failed\n" .
00316 mysql_error(), E_USER_ERROR );
00317
00318 mysql_select_db($db_name, $dblink) or
00319 user_error( "database $db_name not present\n" . mysql_error(),
00320 E_USER_ERROR );
00321
00322 return $dblink;
00323 }
00324
00328
00329 function sql_exit($dblink) {
00330 global $_SESSION;
00331 mysql_close($dblink);
00332 }
00333
00334 ?>
