dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update database.php

This commit is contained in:
FusionPBX 2017-07-15 17:09:01 -06:00 committed by GitHub
parent 566e87f675
commit bc414459de
1 changed files with 173 additions and 145 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

318
resources/classes/database.php
View File

@ -53,7 +53,7 @@ include "root.php";
public function connect() { public function connect() {
if (strlen($this->type) == 0 && strlen($this->db_name) == 0) { if (strlen($this->db_name) == 0) {
//include config.php //include config.php
include "root.php"; include "root.php";
if (file_exists($_SERVER["PROJECT_ROOT"]."/resources/config.php")) { if (file_exists($_SERVER["PROJECT_ROOT"]."/resources/config.php")) {
@ -63,7 +63,7 @@ include "root.php";
} elseif (file_exists("/etc/fusionpbx/config.php")){ } elseif (file_exists("/etc/fusionpbx/config.php")){
//linux //linux
include "/etc/fusionpbx/config.php"; include "/etc/fusionpbx/config.php";
} elseif (file_exists("/usr/local/etc/fusionpbx/config.php")){ } elseif (file_exists("/usr/local/etc/fusionpbx/config.php")) {
//bsd //bsd
include "/usr/local/etc/fusionpbx/config.php"; include "/usr/local/etc/fusionpbx/config.php";
} }
@ -92,6 +92,9 @@ include "root.php";
$this->driver = $this->type; $this->driver = $this->type;
} }
//sanitize the database name
$this->db_name = preg_replace('#[^a-zA-Z0-9_\-]#', '', $this->db_name);
if ($this->driver == "sqlite") { if ($this->driver == "sqlite") {
if (strlen($this->db_name) == 0) { if (strlen($this->db_name) == 0) {
$server_name = $_SERVER["SERVER_NAME"]; $server_name = $_SERVER["SERVER_NAME"];
@ -233,6 +236,9 @@ include "root.php";
if (!$this->db) { if (!$this->db) {
$this->connect(); $this->connect();
} }
//sanitize the names
$this->table = preg_replace('#[^a-zA-Z0-9_\-]#', '', $this->table);
$this->db_name = preg_replace('#[^a-zA-Z0-9_\-]#', '', $this->db_name);
//get the table info //get the table info
if (strlen($this->table) == 0) { return false; } if (strlen($this->table) == 0) { return false; }
if ($this->type == "sqlite") { if ($this->type == "sqlite") {
@ -322,45 +328,97 @@ include "root.php";
if (!$this->db) { if (!$this->db) {
$this->connect(); $this->connect();
} }
//sanitize the name
$this->table = preg_replace('#[^a-zA-Z0-9_\-]#', '', $this->table);
//get data from the database //get data from the database
$sql = "select * from ".$this->table." "; $sql = "select * from ".$this->table." ";
if ($this->where) { if ($this->where) {
$i = 0; $i = 0;
if (is_array($this->where)) { if (is_array($this->where)) {
foreach($this->where as $row) { foreach($this->where as $row) {
//sanitize the name
$array['name'] = preg_replace('#[^a-zA-Z0-9_\-]#', '', $array['name']);
//validate the operator
switch ($row['operator']) {
case "<": break;
case ">": break;
case "<=": break;
case ">=": break;
case "=": break;
case ">=": break;
case "<>": break;
case "!=": break;
default:
//invalid operator
return false;
}
//build the sql
if ($i == 0) { if ($i == 0) {
$sql .= 'where '.$row['name']." ".$row['operator']." '".$row['value']."' "; //$sql .= 'where '.$row['name']." ".$row['operator']." '".$row['value']."' ";
$sql .= 'where '.$row['name']." ".$row['operator']." :".$row['name']." ";
} }
else { else {
$sql .= "and ".$row['name']." ".$row['operator']." '".$row['value']."' "; //$sql .= "and ".$row['name']." ".$row['operator']." '".$row['value']."' ";
$sql .= "and ".$row['name']." ".$row['operator']." :".$row['name']." ";
} }
//add the name and value to the params array
$params[$row['name']] = $row['value'];
//increment $i
$i++; $i++;
} }
} }
} }
if (count($this->order_by) > 0) { if (is_array($this->order_by)) {
$sql .= "order by "; $sql .= "order by ";
$i = 1; $i = 1;
if (is_array($this->order_by)) { if (is_array($this->order_by)) {
foreach($this->order_by as $row) { foreach($this->order_by as $row) {
//sanitize the name
$row['name'] = preg_replace('#[^a-zA-Z0-9_\-]#', '', $row['name']);
//sanitize the order
switch ($row['order']) {
case "asc":
break;
case "desc":
break;
default:
$row['order'] = '';
}
//build the sql
if (count($this->order_by) == $i) { if (count($this->order_by) == $i) {
$sql .= $row['name']." ".$row['order']." "; $sql .= $row['name']." ".$row['order']." ";
} }
else { else {
$sql .= $row['name']." ".$row['order'].", "; $sql .= $row['name']." ".$row['order'].", ";
} }
//increment $i
$i++; $i++;
} }
} }
} }
if ($this->limit) {
$sql .= " limit ".$this->limit." offset ".$this->offset." "; //limit
if (isset($this->limit) && is_numeric($this->limit)) {
$sql .= "limit ".$this->limit." ";
} }
//echo $sql; //offset
if (isset($this->offset) && is_numeric($this->offset)) {
$sql .= "offset ".$this->offset." ";
}
$prep_statement = $this->db->prepare($sql); $prep_statement = $this->db->prepare($sql);
if ($prep_statement) { if ($prep_statement) {
$prep_statement->execute(); $prep_statement->execute($params);
return $prep_statement->fetchAll(PDO::FETCH_ASSOC); $array = $prep_statement->fetchAll(PDO::FETCH_ASSOC);
unset($prep_statement);
return $array;
} }
else { else {
return false; return false;
@ -386,145 +444,60 @@ include "root.php";
} }
} }
public function add() {
//connect to the database if needed
if (!$this->db) {
$this->connect();
}
//add data to the database
$sql = "insert into ".$this->table;
$sql .= " (";
$i = 1;
if (is_array($this->fields)) {
foreach($this->fields as $name => $value) {
if (count($this->fields) == $i) {
$sql .= $name." ";
}
else {
$sql .= $name.", ";
}
$i++;
}
}
$sql .= ") ";
$sql .= "values ";
$sql .= "(";
$i = 1;
if (is_array($this->fields)) {
foreach($this->fields as $name => $value) {
if (count($this->fields) == $i) {
if (strlen($value) > 0) {
$sql .= "'".$value."' ";
}
else {
$sql .= "'".$value."' ";
}
}
else {
if (strlen($value) > 0) {
$sql .= "'".$value."', ";
}
else {
$sql .= "null, ";
}
}
$i++;
}
}
$sql .= ")";
//execute the query, show exceptions
$this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
try {
$this->sql = $sql;
$this->db->exec($sql);
}
catch(PDOException $e) {
echo "<b>Error:</b><br />\n";
echo "<table>\n";
echo "<tr>\n";
echo "<td>\n";
echo $e->getMessage();
echo "</td>\n";
echo "</tr>\n";
echo "</table>\n";
}
unset($this->fields);
unset($sql);
}
public function update() {
//connect to the database if needed
if (!$this->db) {
$this->connect();
}
//udate the database
$sql = "update ".$this->table." set ";
$i = 1;
if (is_array($this->fields)) {
foreach($this->fields as $name => $value) {
if (count($this->fields) == $i) {
if (strlen($name) > 0 && $value == null) {
$sql .= $name." = null ";
}
else {
$sql .= $name." = '".$value."' ";
}
}
else {
if (strlen($name) > 0 && $value == null) {
$sql .= $name." = null, ";
}
else {
$sql .= $name." = '".$value."', ";
}
}
$i++;
}
}
$i = 0;
if (is_array($this->where)) {
foreach($this->where as $row) {
if ($i == 0) {
$sql .= 'where '.$row['name']." ".$row['operator']." '".$row['value']."' ";
}
else {
$sql .= "and ".$row['name']." ".$row['operator']." '".$row['value']."' ";
}
$i++;
}
}
$this->db->exec(check_sql($sql));
unset($this->fields);
unset($this->where);
unset($sql);
}
public function delete($array) { public function delete($array) {
//connect to the database if needed //connect to the database if needed
if (!$this->db) { if (!$this->db) {
$this->connect(); $this->connect();
} }
//sanitize the table name
$this->table = preg_replace('#[^a-zA-Z0-9_\-]#', '', $this->table);
//delete from the database //delete from the database
if (isset($this->table) && isset($this->where)) { if (isset($this->table) && isset($this->where)) {
$sql = "delete from ".$this->table." ";
$i = 0; $i = 0;
$sql = "delete from ".$this->table." ";
if (is_array($this->where)) { if (is_array($this->where)) {
foreach($this->where as $row) { foreach($this->where as $row) {
//sanitize the name
$row['name'] = preg_replace('#[^a-zA-Z0-9_\-]#', '', $row['name']);
//validate the operator
switch ($row['operator']) {
case "<": break;
case ">": break;
case "<=": break;
case ">=": break;
case "=": break;
case ">=": break;
case "<>": break;
case "!=": break;
default:
//invalid operator
return false;
}
//build the sql
if ($i == 0) { if ($i == 0) {
$sql .= "where ".$row['name']." ".$row['operator']." '".$row['value']."' "; //$sql .= $row['name']." ".$row['operator']." '".$row['value']."' ";
$sql .= "where ".$row['name']." ".$row['operator']." :".$row['name']." ";
} }
else { else {
$sql .= "and ".$row['name']." ".$row['operator']." '".$row['value']."' "; //$sql .= $row['name']." ".$row['operator']." '".$row['value']."' ";
$sql .= "and ".$row['name']." ".$row['operator']." :".$row['name']." ";
} }
//add the name and value to the params array
$params[$row['name']] = $row['value'];
//increment $i
$i++; $i++;
} }
} }
//echo $sql."<br>\n"; //echo $sql."<br>\n";
$prep_statement = $this->db->prepare($sql); $prep_statement = $this->db->prepare($sql);
$prep_statement->execute(); $prep_statement->execute($params);
unset($sql); unset($sql, $this->where);
unset($this->where);
return; return;
} }
@ -923,30 +896,60 @@ include "root.php";
} //delete } //delete
public function count() { public function count() {
//connect to the database if needed //connect to the database if needed
if (!$this->db) { if (!$this->db) {
$this->connect(); $this->connect();
} }
//sanitize the table name
$this->table = preg_replace('#[^a-zA-Z0-9_\-]#', '', $this->table);
//get the number of rows //get the number of rows
$sql = "select count(*) as num_rows from ".$this->table." "; $sql = "select count(*) as num_rows from ".$this->table." ";
if ($this->where) { if ($this->where) {
$i = 0; $i = 0;
if (is_array($this->where)) { if (is_array($this->where)) {
foreach($this->where as $row) { foreach($this->where as $row) {
//sanitize the name
$row['name'] = preg_replace('#[^a-zA-Z0-9_\-]#', '', $row['name']);
//validate the operator
switch ($row['operator']) {
case "<": break;
case ">": break;
case "<=": break;
case ">=": break;
case "=": break;
case ">=": break;
case "<>": break;
case "!=": break;
default:
//invalid operator
return false;
}
//build the sql
if ($i == 0) { if ($i == 0) {
$sql .= "where ".$row['name']." ".$row['operator']." '".$row['value']."' "; //$sql .= $row['name']." ".$row['operator']." '".$row['value']."' ";
$sql .= "where ".$row['name']." ".$row['operator']." :".$row['name']." ";
} }
else { else {
$sql .= "and ".$row['name']." ".$row['operator']." '".$row['value']."' "; //$sql .= $row['name']." ".$row['operator']." '".$row['value']."' ";
$sql .= "and ".$row['name']." ".$row['operator']." :".$row['name']." ";
} }
//add the name and value to the params array
$params[$row['name']] = $row['value'];
//increment $i
$i++; $i++;
} }
} }
} }
unset($this->where); unset($this->where);
$prep_statement = $this->db->prepare(check_sql($sql)); $prep_statement = $this->db->prepare($sql);
if ($prep_statement) { if ($prep_statement) {
$prep_statement->execute(); $prep_statement->execute($params);
$row = $prep_statement->fetch(PDO::FETCH_ASSOC); $row = $prep_statement->fetch(PDO::FETCH_ASSOC);
if ($row['num_rows'] > 0) { if ($row['num_rows'] > 0) {
return $row['num_rows']; return $row['num_rows'];
@ -956,6 +959,7 @@ include "root.php";
} }
} }
unset($prep_statement); unset($prep_statement);
} //count } //count
public function select($sql) { public function select($sql) {
@ -1008,7 +1012,7 @@ include "root.php";
$this->name = preg_replace('#[^a-zA-Z0-9_\-]#', '', $array['name']); $this->name = preg_replace('#[^a-zA-Z0-9_\-]#', '', $array['name']);
} }
//set the uuid //set the uuid
if (isset($array['uuid'])) { if (isset($array['uuid']) and $this->is_uuid($array['uuid'])) {
$this->uuid = $array['uuid']; $this->uuid = $array['uuid'];
} }
//build the query //build the query
@ -1022,32 +1026,59 @@ include "root.php";
$i = 0; $i = 0;
if (is_array($array)) { if (is_array($array)) {
foreach($array['where'] as $row) { foreach($array['where'] as $row) {
//sanitize the name
$array['name'] = preg_replace('#[^a-zA-Z0-9_\-]#', '', $array['name']);
//validate the operator
switch ($row['operator']) {
case "<": break;
case ">": break;
case "<=": break;
case ">=": break;
case "=": break;
case ">=": break;
case "<>": break;
case "!=": break;
default:
//invalid operator
return false;
}
//build the sql
if ($i == 0) { if ($i == 0) {
$sql .= "WHERE ".$row['name']." ".$row['operator']." '".$row['value']."' "; //$sql .= "WHERE ".$row['name']." ".$row['operator']." '".$row['value']."' ";
$sql .= "WHERE ".$row['name']." ".$row['operator']." :".$row['value']." ";
} }
else { else {
$sql .= "AND ".$row['name']." ".$row['operator']." '".$row['value']."' "; //$sql .= "AND ".$row['name']." ".$row['operator']." '".$row['value']."' ";
$sql .= "AND ".$row['name']." ".$row['operator']." :".$row['value']." ";
} }
//add the name and value to the params array
$params[$row['name']] = $row['value'];
//increment $i
$i++; $i++;
} }
} }
//order by //order by
if (is_array($array['order_by'])) { if (isset($array['order_by'])) {
$array['order_by'] = preg_replace('#[^a-zA-Z0-9_\-]#', '', $array['order_by']);
$sql .= "ORDER BY ".$array['order_by']." "; $sql .= "ORDER BY ".$array['order_by']." ";
} }
//limit //limit
if (isset($array['limit'])) { if (isset($array['limit']) && is_numeric($array['limit'])) {
$sql .= "LIMIT ".$array['limit']." "; $sql .= "LIMIT ".$array['limit']." ";
} }
//offset //offset
if (isset($array['offset'])) { if (isset($array['offset']) && is_numeric($array['offset'])) {
$sql .= "OFFSET ".$array['offset']." "; $sql .= "OFFSET ".$array['offset']." ";
} }
} }
//execute the query, and return the results //execute the query, and return the results
try { try {
$prep_statement = $this->db->prepare(check_sql($sql)); $prep_statement = $this->db->prepare($sql);
$prep_statement->execute(); $prep_statement->execute($params);
$message["message"] = "OK"; $message["message"] = "OK";
$message["code"] = "200"; $message["code"] = "200";
$message["details"][$m]["name"] = $this->name; $message["details"][$m]["name"] = $this->name;
@ -1879,12 +1910,9 @@ include "root.php";
require_once "resources/classes/database.php"; require_once "resources/classes/database.php";
$database = new database; $database = new database;
$database->domain_uuid = $_SESSION["domain_uuid"]; $database->domain_uuid = $_SESSION["domain_uuid"];
$database->type = $db_type;
$database->table = "v_ivr_menus"; $database->table = "v_ivr_menus";
$fields[0]['name'] = 'domain_uuid'; $fields[0]['name'] = 'domain_uuid';
$fields[0]['value'] = $_SESSION["domain_uuid"]; $fields[0]['value'] = $_SESSION["domain_uuid"];
$database->add(); echo $database->count();
print_r($database->result);
*/
?> ?>