Created
May 31, 2013 20:56
-
-
Save deekayen/5687918 to your computer and use it in GitHub Desktop.
One approach to adding MySQL SSL support to Drupal 6.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In order to connect to a remote MySQL database server (ie. instead of localhost) securely, the database connection must use SSL as a protocol. This Drupal core hack enables a version 6.x site to do just that. | |
The 2 files included in this directory (database.mysql.inc and settings.php) should replace [webroot]/includes/database.mysql.inc and [webroot]/sites/[domain.com]/settings.php in a Drupal multisite environment or [webroot]/sites/default/settings.php in a Drupal standalone environment. Make sure you set the correct connection parameters in the $db_url string. | |
Note: You can also replace [webroot]/includes/database.mysqli.inc. Just include the code additions from CHANGES-mysqli.txt. Remember to use mysqli in the $db_url string in settings.php also. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
49,78d48 | |
< * Returns the MySQL client flag based on the defined constant | |
< * | |
< * @return integer | |
< */ | |
< function db_get_client_flag($client_flags = 0) { | |
< $flags = array( | |
< 'CLIENT_LONG_PASSWORD' => 1, /* New more secure passwords */ | |
< 'CLIENT_FOUND_ROWS' => 2, /* Found instead of affected rows */ | |
< 'CLIENT_LONG_FLAG' => 4, /* Get all column flags */ | |
< 'CLIENT_CONNECT_WITH_DB' => 8, /* One can specify db on connect */ | |
< 'CLIENT_NO_SCHEMA' => 16, /* Don't allow database.table.column */ | |
< 'CLIENT_COMPRESS' => 32, /* Can use compression protocol */ | |
< 'CLIENT_ODBC' => 64, /* Odbc client */ | |
< 'CLIENT_LOCAL_FILES' => 128, /* Can use LOAD DATA LOCAL */ | |
< 'CLIENT_IGNORE_SPACE' => 256, /* Ignore spaces before '(' */ | |
< 'CLIENT_PROTOCOL_41' => 512, /* New 4.1 protocol */ | |
< 'CLIENT_INTERACTIVE' => 1024, /* This is an interactive client */ | |
< 'CLIENT_SSL' => 2048, /* Switch to SSL after handshake */ | |
< 'CLIENT_IGNORE_SIGPIPE' => 4096, /* IGNORE sigpipes */ | |
< 'CLIENT_TRANSACTIONS' => 8192, /* Client knows about transactions */ | |
< 'CLIENT_RESERVED' => 16384, /* Old flag for 4.1 protocol */ | |
< 'CLIENT_SECURE_CONNECTION' => 32768, /* New 4.1 authentication */ | |
< 'CLIENT_MULTI_STATEMENTS' => 65536, /* Enable/disable multi-stmt support */ | |
< 'CLIENT_MULTI_RESULTS' => 131072, /* Enable/disable multi-results */ | |
< ); | |
< $num = isset($flags[$client_flags]) ? $flags[$client_flags] : intval($client_flags); | |
< return $num; | |
< } | |
< | |
< /** | |
101,122c71,77 | |
< // - Setting $new_link = TRUE makes mysql_connect() always open a new link, | |
< // even if mysql_connect() was called before with the same parameters. | |
< // This is important if you are using two databases on the same server. | |
< // - Setting $client_flags = 2 means CLIENT_FOUND_ROWS: return the number | |
< // of found (matched) rows, not the number of affected rows. | |
< | |
< // Initialize variables (defaults) | |
< $new_link = TRUE; | |
< $client_flags = 2; | |
< | |
< // Check if variables are set (overrides) | |
< if (isset($url['query'])) { | |
< parse_str($url['query']); | |
< if (isset($new_link)) { | |
< $new_link = ($new_link && strtoupper($new_link) != 'FALSE') ? 1 : 0; | |
< } | |
< if (isset($client_flags)) { | |
< $client_flags = db_get_client_flag($client_flags); | |
< } | |
< } | |
< | |
< $connection = @mysql_connect($url['host'], $url['user'], $url['pass'], $new_link, $client_flags); | |
--- | |
> // - TRUE makes mysql_connect() always open a new link, even if | |
> // mysql_connect() was called before with the same parameters. | |
> // This is important if you are using two databases on the same | |
> // server. | |
> // - 2 means CLIENT_FOUND_ROWS: return the number of found | |
> // (matched) rows, not the number of affected rows. | |
> $connection = @mysql_connect($url['host'], $url['user'], $url['pass'], TRUE, 2); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
74,78d73 | |
< // Check if variables are set (overrides) | |
< if (isset($url['query'])) { | |
< parse_str($url['query']); | |
< } | |
< $url['client_flags'] = isset($client_flags) ? urldecode($client_flags) : MYSQLI_CLIENT_FOUND_ROWS; | |
81c76 | |
< @mysqli_real_connect($connection, $url['host'], $url['user'], $url['pass'], substr($url['path'], 1), $url['port'], NULL, $url['client_flags']); | |
--- | |
> @mysqli_real_connect($connection, $url['host'], $url['user'], $url['pass'], substr($url['path'], 1), $url['port'], NULL, MYSQLI_CLIENT_FOUND_ROWS); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
// $Id: database.mysql.inc,v 1.89.2.2 2010/02/01 16:32:10 goba Exp $ | |
/** | |
* @file | |
* Database interface code for MySQL database servers. | |
*/ | |
/** | |
* @ingroup database | |
* @{ | |
*/ | |
// Include functions shared between mysql and mysqli. | |
require_once './includes/database.mysql-common.inc'; | |
/** | |
* Report database status. | |
*/ | |
function db_status_report($phase) { | |
$t = get_t(); | |
$version = db_version(); | |
$form['mysql'] = array( | |
'title' => $t('MySQL database'), | |
'value' => ($phase == 'runtime') ? l($version, 'admin/reports/status/sql') : $version, | |
); | |
if (version_compare($version, DRUPAL_MINIMUM_MYSQL) < 0) { | |
$form['mysql']['severity'] = REQUIREMENT_ERROR; | |
$form['mysql']['description'] = $t('Your MySQL Server is too old. Drupal requires at least MySQL %version.', array('%version' => DRUPAL_MINIMUM_MYSQL)); | |
} | |
return $form; | |
} | |
/** | |
* Returns the version of the database server currently in use. | |
* | |
* @return Database server version | |
*/ | |
function db_version() { | |
list($version) = explode('-', mysql_get_server_info()); | |
return $version; | |
} | |
/** | |
* Returns the MySQL client flag based on the defined constant | |
* | |
* @return integer | |
*/ | |
function db_get_client_flag($client_flags = 0) { | |
$flags = array( | |
'CLIENT_LONG_PASSWORD' => 1, /* New more secure passwords */ | |
'CLIENT_FOUND_ROWS' => 2, /* Found instead of affected rows */ | |
'CLIENT_LONG_FLAG' => 4, /* Get all column flags */ | |
'CLIENT_CONNECT_WITH_DB' => 8, /* One can specify db on connect */ | |
'CLIENT_NO_SCHEMA' => 16, /* Don't allow database.table.column */ | |
'CLIENT_COMPRESS' => 32, /* Can use compression protocol */ | |
'CLIENT_ODBC' => 64, /* Odbc client */ | |
'CLIENT_LOCAL_FILES' => 128, /* Can use LOAD DATA LOCAL */ | |
'CLIENT_IGNORE_SPACE' => 256, /* Ignore spaces before '(' */ | |
'CLIENT_PROTOCOL_41' => 512, /* New 4.1 protocol */ | |
'CLIENT_INTERACTIVE' => 1024, /* This is an interactive client */ | |
'CLIENT_SSL' => 2048, /* Switch to SSL after handshake */ | |
'CLIENT_IGNORE_SIGPIPE' => 4096, /* IGNORE sigpipes */ | |
'CLIENT_TRANSACTIONS' => 8192, /* Client knows about transactions */ | |
'CLIENT_RESERVED' => 16384, /* Old flag for 4.1 protocol */ | |
'CLIENT_SECURE_CONNECTION' => 32768, /* New 4.1 authentication */ | |
'CLIENT_MULTI_STATEMENTS' => 65536, /* Enable/disable multi-stmt support */ | |
'CLIENT_MULTI_RESULTS' => 131072, /* Enable/disable multi-results */ | |
); | |
$num = isset($flags[$client_flags]) ? $flags[$client_flags] : intval($client_flags); | |
return $num; | |
} | |
/** | |
* Initialize a database connection. | |
*/ | |
function db_connect($url) { | |
$url = parse_url($url); | |
// Check if MySQL support is present in PHP | |
if (!function_exists('mysql_connect')) { | |
_db_error_page('Unable to use the MySQL database because the MySQL extension for PHP is not installed. Check your <code>php.ini</code> to see how you can enable it.'); | |
} | |
// Decode url-encoded information in the db connection string | |
$url['user'] = urldecode($url['user']); | |
// Test if database url has a password. | |
$url['pass'] = isset($url['pass']) ? urldecode($url['pass']) : ''; | |
$url['host'] = urldecode($url['host']); | |
$url['path'] = urldecode($url['path']); | |
// Allow for non-standard MySQL port. | |
if (isset($url['port'])) { | |
$url['host'] = $url['host'] .':'. $url['port']; | |
} | |
// - Setting $new_link = TRUE makes mysql_connect() always open a new link, | |
// even if mysql_connect() was called before with the same parameters. | |
// This is important if you are using two databases on the same server. | |
// - Setting $client_flags = 2 means CLIENT_FOUND_ROWS: return the number | |
// of found (matched) rows, not the number of affected rows. | |
// Initialize variables (defaults) | |
$new_link = TRUE; | |
$client_flags = 2; | |
// Check if variables are set (overrides) | |
if (isset($url['query'])) { | |
parse_str($url['query']); | |
if (isset($new_link)) { | |
$new_link = ($new_link && strtoupper($new_link) != 'FALSE') ? 1 : 0; | |
} | |
if (isset($client_flags)) { | |
$client_flags = db_get_client_flag($client_flags); | |
} | |
} | |
$connection = @mysql_connect($url['host'], $url['user'], $url['pass'], $new_link, $client_flags); | |
if (!$connection || !mysql_select_db(substr($url['path'], 1))) { | |
// Show error screen otherwise | |
_db_error_page(mysql_error()); | |
} | |
// Force UTF-8. | |
mysql_query('SET NAMES "utf8"', $connection); | |
return $connection; | |
} | |
/** | |
* Helper function for db_query(). | |
*/ | |
function _db_query($query, $debug = 0) { | |
global $active_db, $queries, $user; | |
if (variable_get('dev_query', 0)) { | |
list($usec, $sec) = explode(' ', microtime()); | |
$timer = (float)$usec + (float)$sec; | |
// If devel.module query logging is enabled, prepend a comment with the username and calling function | |
// to the SQL string. This is useful when running mysql's SHOW PROCESSLIST to learn what exact | |
// code is issueing the slow query. | |
$bt = debug_backtrace(); | |
// t() may not be available yet so we don't wrap 'Anonymous'. | |
$name = $user->uid ? $user->name : variable_get('anonymous', 'Anonymous'); | |
// str_replace() to prevent SQL injection via username or anonymous name. | |
$name = str_replace(array('*', '/'), '', $name); | |
$query = '/* '. $name .' : '. $bt[2]['function'] .' */ '. $query; | |
} | |
$result = mysql_query($query, $active_db); | |
if (variable_get('dev_query', 0)) { | |
$query = $bt[2]['function'] ."\n". $query; | |
list($usec, $sec) = explode(' ', microtime()); | |
$stop = (float)$usec + (float)$sec; | |
$diff = $stop - $timer; | |
$queries[] = array($query, $diff); | |
} | |
if ($debug) { | |
print '<p>query: '. $query .'<br />error:'. mysql_error($active_db) .'</p>'; | |
} | |
if (!mysql_errno($active_db)) { | |
return $result; | |
} | |
else { | |
// Indicate to drupal_error_handler that this is a database error. | |
${DB_ERROR} = TRUE; | |
trigger_error(check_plain(mysql_error($active_db) ."\nquery: ". $query), E_USER_WARNING); | |
return FALSE; | |
} | |
} | |
/** | |
* Fetch one result row from the previous query as an object. | |
* | |
* @param $result | |
* A database query result resource, as returned from db_query(). | |
* @return | |
* An object representing the next row of the result, or FALSE. The attributes | |
* of this object are the table fields selected by the query. | |
*/ | |
function db_fetch_object($result) { | |
if ($result) { | |
return mysql_fetch_object($result); | |
} | |
} | |
/** | |
* Fetch one result row from the previous query as an array. | |
* | |
* @param $result | |
* A database query result resource, as returned from db_query(). | |
* @return | |
* An associative array representing the next row of the result, or FALSE. | |
* The keys of this object are the names of the table fields selected by the | |
* query, and the values are the field values for this result row. | |
*/ | |
function db_fetch_array($result) { | |
if ($result) { | |
return mysql_fetch_array($result, MYSQL_ASSOC); | |
} | |
} | |
/** | |
* Return an individual result field from the previous query. | |
* | |
* Only use this function if exactly one field is being selected; otherwise, | |
* use db_fetch_object() or db_fetch_array(). | |
* | |
* @param $result | |
* A database query result resource, as returned from db_query(). | |
* @return | |
* The resulting field or FALSE. | |
*/ | |
function db_result($result) { | |
if ($result && mysql_num_rows($result) > 0) { | |
// The mysql_fetch_row function has an optional second parameter $row | |
// but that can't be used for compatibility with Oracle, DB2, etc. | |
$array = mysql_fetch_row($result); | |
return $array[0]; | |
} | |
return FALSE; | |
} | |
/** | |
* Determine whether the previous query caused an error. | |
*/ | |
function db_error() { | |
global $active_db; | |
return mysql_errno($active_db); | |
} | |
/** | |
* Determine the number of rows changed by the preceding query. | |
*/ | |
function db_affected_rows() { | |
global $active_db; | |
return mysql_affected_rows($active_db); | |
} | |
/** | |
* Runs a limited-range query in the active database. | |
* | |
* Use this as a substitute for db_query() when a subset of the query is to be | |
* returned. | |
* User-supplied arguments to the query should be passed in as separate parameters | |
* so that they can be properly escaped to avoid SQL injection attacks. | |
* | |
* @param $query | |
* A string containing an SQL query. | |
* @param ... | |
* A variable number of arguments which are substituted into the query | |
* using printf() syntax. The query arguments can be enclosed in one | |
* array instead. | |
* Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose | |
* in '') and %%. | |
* | |
* NOTE: using this syntax will cast NULL and FALSE values to decimal 0, | |
* and TRUE values to decimal 1. | |
* | |
* @param $from | |
* The first result row to return. | |
* @param $count | |
* The maximum number of result rows to return. | |
* @return | |
* A database query result resource, or FALSE if the query was not executed | |
* correctly. | |
*/ | |
function db_query_range($query) { | |
$args = func_get_args(); | |
$count = array_pop($args); | |
$from = array_pop($args); | |
array_shift($args); | |
$query = db_prefix_tables($query); | |
if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax | |
$args = $args[0]; | |
} | |
_db_query_callback($args, TRUE); | |
$query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query); | |
$query .= ' LIMIT '. (int)$from .', '. (int)$count; | |
return _db_query($query); | |
} | |
/** | |
* Runs a SELECT query and stores its results in a temporary table. | |
* | |
* Use this as a substitute for db_query() when the results need to stored | |
* in a temporary table. Temporary tables exist for the duration of the page | |
* request. | |
* User-supplied arguments to the query should be passed in as separate parameters | |
* so that they can be properly escaped to avoid SQL injection attacks. | |
* | |
* Note that if you need to know how many results were returned, you should do | |
* a SELECT COUNT(*) on the temporary table afterwards. db_affected_rows() does | |
* not give consistent result across different database types in this case. | |
* | |
* @param $query | |
* A string containing a normal SELECT SQL query. | |
* @param ... | |
* A variable number of arguments which are substituted into the query | |
* using printf() syntax. The query arguments can be enclosed in one | |
* array instead. | |
* Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose | |
* in '') and %%. | |
* | |
* NOTE: using this syntax will cast NULL and FALSE values to decimal 0, | |
* and TRUE values to decimal 1. | |
* | |
* @param $table | |
* The name of the temporary table to select into. This name will not be | |
* prefixed as there is no risk of collision. | |
* @return | |
* A database query result resource, or FALSE if the query was not executed | |
* correctly. | |
*/ | |
function db_query_temporary($query) { | |
$args = func_get_args(); | |
$tablename = array_pop($args); | |
array_shift($args); | |
$query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' Engine=HEAP SELECT', db_prefix_tables($query)); | |
if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax | |
$args = $args[0]; | |
} | |
_db_query_callback($args, TRUE); | |
$query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query); | |
return _db_query($query); | |
} | |
/** | |
* Returns a properly formatted Binary Large OBject value. | |
* | |
* @param $data | |
* Data to encode. | |
* @return | |
* Encoded data. | |
*/ | |
function db_encode_blob($data) { | |
global $active_db; | |
return "'". mysql_real_escape_string($data, $active_db) ."'"; | |
} | |
/** | |
* Returns text from a Binary Large Object value. | |
* | |
* @param $data | |
* Data to decode. | |
* @return | |
* Decoded data. | |
*/ | |
function db_decode_blob($data) { | |
return $data; | |
} | |
/** | |
* Prepare user input for use in a database query, preventing SQL injection attacks. | |
*/ | |
function db_escape_string($text) { | |
global $active_db; | |
return mysql_real_escape_string($text, $active_db); | |
} | |
/** | |
* Lock a table. | |
*/ | |
function db_lock_table($table) { | |
db_query('LOCK TABLES {'. db_escape_table($table) .'} WRITE'); | |
} | |
/** | |
* Unlock all locked tables. | |
*/ | |
function db_unlock_tables() { | |
db_query('UNLOCK TABLES'); | |
} | |
/** | |
* Check if a table exists. | |
*/ | |
function db_table_exists($table) { | |
return (bool) db_fetch_object(db_query("SHOW TABLES LIKE '{". db_escape_table($table) ."}'")); | |
} | |
/** | |
* Check if a column exists in the given table. | |
*/ | |
function db_column_exists($table, $column) { | |
return (bool) db_fetch_object(db_query("SHOW COLUMNS FROM {". db_escape_table($table) ."} LIKE '". db_escape_table($column) ."'")); | |
} | |
/** | |
* @} End of "ingroup database". | |
*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
// $Id: database.mysqli.inc,v 1.54.2.4 2010/12/15 20:41:10 goba Exp $ | |
/** | |
* @file | |
* Database interface code for MySQL database servers using the mysqli client libraries. mysqli is included in PHP 5 by default and allows developers to use the advanced features of MySQL 4.1.x, 5.0.x and beyond. | |
*/ | |
// Maintainers of this file should consult: | |
// http://www.php.net/manual/en/ref.mysqli.php | |
/** | |
* @ingroup database | |
* @{ | |
*/ | |
// Include functions shared between mysql and mysqli. | |
require_once './includes/database.mysql-common.inc'; | |
/** | |
* Report database status. | |
*/ | |
function db_status_report($phase) { | |
$t = get_t(); | |
$version = db_version(); | |
$form['mysql'] = array( | |
'title' => $t('MySQL database'), | |
'value' => ($phase == 'runtime') ? l($version, 'admin/reports/status/sql') : $version, | |
); | |
if (version_compare($version, DRUPAL_MINIMUM_MYSQL) < 0) { | |
$form['mysql']['severity'] = REQUIREMENT_ERROR; | |
$form['mysql']['description'] = $t('Your MySQL Server is too old. Drupal requires at least MySQL %version.', array('%version' => DRUPAL_MINIMUM_MYSQL)); | |
} | |
return $form; | |
} | |
/** | |
* Returns the version of the database server currently in use. | |
* | |
* @return Database server version | |
*/ | |
function db_version() { | |
global $active_db; | |
list($version) = explode('-', mysqli_get_server_info($active_db)); | |
return $version; | |
} | |
/** | |
* Initialise a database connection. | |
* | |
* Note that mysqli does not support persistent connections. | |
*/ | |
function db_connect($url) { | |
// Check if MySQLi support is present in PHP | |
if (!function_exists('mysqli_init') && !extension_loaded('mysqli')) { | |
_db_error_page('Unable to use the MySQLi database because the MySQLi extension for PHP is not installed. Check your <code>php.ini</code> to see how you can enable it.'); | |
} | |
$url = parse_url($url); | |
// Decode url-encoded information in the db connection string | |
$url['user'] = urldecode($url['user']); | |
// Test if database url has a password. | |
$url['pass'] = isset($url['pass']) ? urldecode($url['pass']) : ''; | |
$url['host'] = urldecode($url['host']); | |
$url['path'] = urldecode($url['path']); | |
if (!isset($url['port'])) { | |
$url['port'] = NULL; | |
} | |
// Check if variables are set (overrides) | |
if (isset($url['query'])) { | |
parse_str($url['query']); | |
} | |
$url['client_flags'] = isset($client_flags) ? urldecode($client_flags) : MYSQLI_CLIENT_FOUND_ROWS; | |
$connection = mysqli_init(); | |
@mysqli_real_connect($connection, $url['host'], $url['user'], $url['pass'], substr($url['path'], 1), $url['port'], NULL, $url['client_flags']); | |
if (mysqli_connect_errno() > 0) { | |
_db_error_page(mysqli_connect_error()); | |
} | |
// Force MySQL to use the UTF-8 character set. Also set the collation, if a | |
// certain one has been set; otherwise, MySQL defaults to 'utf8_general_ci' | |
// for UTF-8. | |
if (!empty($GLOBALS['db_collation'])) { | |
mysqli_query($connection, 'SET NAMES utf8 COLLATE ' . $GLOBALS['db_collation']); | |
} | |
else { | |
mysqli_query($connection, 'SET NAMES utf8'); | |
} | |
return $connection; | |
} | |
/** | |
* Helper function for db_query(). | |
*/ | |
function _db_query($query, $debug = 0) { | |
global $active_db, $queries, $user; | |
if (variable_get('dev_query', 0)) { | |
list($usec, $sec) = explode(' ', microtime()); | |
$timer = (float)$usec + (float)$sec; | |
// If devel.module query logging is enabled, prepend a comment with the username and calling function | |
// to the SQL string. This is useful when running mysql's SHOW PROCESSLIST to learn what exact | |
// code is issueing the slow query. | |
$bt = debug_backtrace(); | |
// t() may not be available yet so we don't wrap 'Anonymous' | |
$name = $user->uid ? $user->name : variable_get('anonymous', 'Anonymous'); | |
// str_replace() to prevent SQL injection via username or anonymous name. | |
$name = str_replace(array('*', '/'), '', $name); | |
$query = '/* '. $name .' : '. $bt[2]['function'] .' */ '. $query; | |
} | |
$result = mysqli_query($active_db, $query); | |
if (variable_get('dev_query', 0)) { | |
$query = $bt[2]['function'] ."\n". $query; | |
list($usec, $sec) = explode(' ', microtime()); | |
$stop = (float)$usec + (float)$sec; | |
$diff = $stop - $timer; | |
$queries[] = array($query, $diff); | |
} | |
if ($debug) { | |
print '<p>query: '. $query .'<br />error:'. mysqli_error($active_db) .'</p>'; | |
} | |
if (!mysqli_errno($active_db)) { | |
return $result; | |
} | |
else { | |
// Indicate to drupal_error_handler that this is a database error. | |
${DB_ERROR} = TRUE; | |
trigger_error(check_plain(mysqli_error($active_db) ."\nquery: ". $query), E_USER_WARNING); | |
return FALSE; | |
} | |
} | |
/** | |
* Fetch one result row from the previous query as an object. | |
* | |
* @param $result | |
* A database query result resource, as returned from db_query(). | |
* @return | |
* An object representing the next row of the result, or FALSE. The attributes | |
* of this object are the table fields selected by the query. | |
*/ | |
function db_fetch_object($result) { | |
if ($result) { | |
$object = mysqli_fetch_object($result); | |
return isset($object) ? $object : FALSE; | |
} | |
} | |
/** | |
* Fetch one result row from the previous query as an array. | |
* | |
* @param $result | |
* A database query result resource, as returned from db_query(). | |
* @return | |
* An associative array representing the next row of the result, or FALSE. | |
* The keys of this object are the names of the table fields selected by the | |
* query, and the values are the field values for this result row. | |
*/ | |
function db_fetch_array($result) { | |
if ($result) { | |
$array = mysqli_fetch_array($result, MYSQLI_ASSOC); | |
return isset($array) ? $array : FALSE; | |
} | |
} | |
/** | |
* Return an individual result field from the previous query. | |
* | |
* Only use this function if exactly one field is being selected; otherwise, | |
* use db_fetch_object() or db_fetch_array(). | |
* | |
* @param $result | |
* A database query result resource, as returned from db_query(). | |
* @return | |
* The resulting field or FALSE. | |
*/ | |
function db_result($result) { | |
if ($result && mysqli_num_rows($result) > 0) { | |
// The mysqli_fetch_row function has an optional second parameter $row | |
// but that can't be used for compatibility with Oracle, DB2, etc. | |
$array = mysqli_fetch_row($result); | |
return $array[0]; | |
} | |
return FALSE; | |
} | |
/** | |
* Determine whether the previous query caused an error. | |
*/ | |
function db_error() { | |
global $active_db; | |
return mysqli_errno($active_db); | |
} | |
/** | |
* Determine the number of rows changed by the preceding query. | |
*/ | |
function db_affected_rows() { | |
global $active_db; /* mysqli connection resource */ | |
return mysqli_affected_rows($active_db); | |
} | |
/** | |
* Runs a limited-range query in the active database. | |
* | |
* Use this as a substitute for db_query() when a subset of the query is to be | |
* returned. | |
* User-supplied arguments to the query should be passed in as separate parameters | |
* so that they can be properly escaped to avoid SQL injection attacks. | |
* | |
* @param $query | |
* A string containing an SQL query. | |
* @param ... | |
* A variable number of arguments which are substituted into the query | |
* using printf() syntax. The query arguments can be enclosed in one | |
* array instead. | |
* Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose | |
* in '') and %%. | |
* | |
* NOTE: using this syntax will cast NULL and FALSE values to decimal 0, | |
* and TRUE values to decimal 1. | |
* | |
* @param $from | |
* The first result row to return. | |
* @param $count | |
* The maximum number of result rows to return. | |
* @return | |
* A database query result resource, or FALSE if the query was not executed | |
* correctly. | |
*/ | |
function db_query_range($query) { | |
$args = func_get_args(); | |
$count = array_pop($args); | |
$from = array_pop($args); | |
array_shift($args); | |
$query = db_prefix_tables($query); | |
if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax | |
$args = $args[0]; | |
} | |
_db_query_callback($args, TRUE); | |
$query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query); | |
$query .= ' LIMIT '. (int)$from .', '. (int)$count; | |
return _db_query($query); | |
} | |
/** | |
* Runs a SELECT query and stores its results in a temporary table. | |
* | |
* Use this as a substitute for db_query() when the results need to stored | |
* in a temporary table. Temporary tables exist for the duration of the page | |
* request. | |
* User-supplied arguments to the query should be passed in as separate parameters | |
* so that they can be properly escaped to avoid SQL injection attacks. | |
* | |
* Note that if you need to know how many results were returned, you should do | |
* a SELECT COUNT(*) on the temporary table afterwards. db_affected_rows() does | |
* not give consistent result across different database types in this case. | |
* | |
* @param $query | |
* A string containing a normal SELECT SQL query. | |
* @param ... | |
* A variable number of arguments which are substituted into the query | |
* using printf() syntax. The query arguments can be enclosed in one | |
* array instead. | |
* Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose | |
* in '') and %%. | |
* | |
* NOTE: using this syntax will cast NULL and FALSE values to decimal 0, | |
* and TRUE values to decimal 1. | |
* | |
* @param $table | |
* The name of the temporary table to select into. This name will not be | |
* prefixed as there is no risk of collision. | |
* @return | |
* A database query result resource, or FALSE if the query was not executed | |
* correctly. | |
*/ | |
function db_query_temporary($query) { | |
$args = func_get_args(); | |
$tablename = array_pop($args); | |
array_shift($args); | |
$query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' Engine=HEAP SELECT', db_prefix_tables($query)); | |
if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax | |
$args = $args[0]; | |
} | |
_db_query_callback($args, TRUE); | |
$query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query); | |
return _db_query($query); | |
} | |
/** | |
* Returns a properly formatted Binary Large Object value. | |
* | |
* @param $data | |
* Data to encode. | |
* @return | |
* Encoded data. | |
*/ | |
function db_encode_blob($data) { | |
global $active_db; | |
return "'". mysqli_real_escape_string($active_db, $data) ."'"; | |
} | |
/** | |
* Returns text from a Binary Large OBject value. | |
* | |
* @param $data | |
* Data to decode. | |
* @return | |
* Decoded data. | |
*/ | |
function db_decode_blob($data) { | |
return $data; | |
} | |
/** | |
* Prepare user input for use in a database query, preventing SQL injection attacks. | |
*/ | |
function db_escape_string($text) { | |
global $active_db; | |
return mysqli_real_escape_string($active_db, $text); | |
} | |
/** | |
* Lock a table. | |
*/ | |
function db_lock_table($table) { | |
db_query('LOCK TABLES {'. db_escape_table($table) .'} WRITE'); | |
} | |
/** | |
* Unlock all locked tables. | |
*/ | |
function db_unlock_tables() { | |
db_query('UNLOCK TABLES'); | |
} | |
/** | |
* Check if a table exists. | |
* | |
* @param $table | |
* The name of the table. | |
* | |
* @return | |
* TRUE if the table exists, and FALSE if the table does not exist. | |
*/ | |
function db_table_exists($table) { | |
return (bool) db_fetch_object(db_query("SHOW TABLES LIKE '{". db_escape_table($table) ."}'")); | |
} | |
/** | |
* Check if a column exists in the given table. | |
* | |
* @param $table | |
* The name of the table. | |
* @param $column | |
* The name of the column. | |
* | |
* @return | |
* TRUE if the column exists, and FALSE if the column does not exist. | |
*/ | |
function db_column_exists($table, $column) { | |
return (bool) db_fetch_object(db_query("SHOW COLUMNS FROM {". db_escape_table($table) ."} LIKE '". db_escape_table($column) ."'")); | |
} | |
/** | |
* @} End of "ingroup database". | |
*/ | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
// $Id: default.settings.php,v 1.8.2.4 2009/09/14 12:59:18 goba Exp $ | |
/** | |
* @file | |
* Drupal site-specific configuration file. | |
* | |
* IMPORTANT NOTE: | |
* This file may have been set to read-only by the Drupal installation | |
* program. If you make changes to this file, be sure to protect it again | |
* after making your modifications. Failure to remove write permissions | |
* to this file is a security risk. | |
* | |
* The configuration file to be loaded is based upon the rules below. | |
* | |
* The configuration directory will be discovered by stripping the | |
* website's hostname from left to right and pathname from right to | |
* left. The first configuration file found will be used and any | |
* others will be ignored. If no other configuration file is found | |
* then the default configuration file at 'sites/default' will be used. | |
* | |
* For example, for a fictitious site installed at | |
* http://www.drupal.org/mysite/test/, the 'settings.php' | |
* is searched in the following directories: | |
* | |
* 1. sites/www.drupal.org.mysite.test | |
* 2. sites/drupal.org.mysite.test | |
* 3. sites/org.mysite.test | |
* | |
* 4. sites/www.drupal.org.mysite | |
* 5. sites/drupal.org.mysite | |
* 6. sites/org.mysite | |
* | |
* 7. sites/www.drupal.org | |
* 8. sites/drupal.org | |
* 9. sites/org | |
* | |
* 10. sites/default | |
* | |
* If you are installing on a non-standard port number, prefix the | |
* hostname with that number. For example, | |
* http://www.drupal.org:8080/mysite/test/ could be loaded from | |
* sites/8080.www.drupal.org.mysite.test/. | |
*/ | |
/** | |
* Database settings: | |
* | |
* Note that the $db_url variable gets parsed using PHP's built-in | |
* URL parser (i.e. using the "parse_url()" function) so make sure | |
* not to confuse the parser. If your username, password | |
* or database name contain characters used to delineate | |
* $db_url parts, you can escape them via URI hex encodings: | |
* | |
* : = %3a / = %2f @ = %40 | |
* + = %2b ( = %28 ) = %29 | |
* ? = %3f = = %3d & = %26 | |
* | |
* To specify multiple connections to be used in your site (i.e. for | |
* complex custom modules) you can also specify an associative array | |
* of $db_url variables with the 'default' element used until otherwise | |
* requested. | |
* | |
* You can optionally set prefixes for some or all database table names | |
* by using the $db_prefix setting. If a prefix is specified, the table | |
* name will be prepended with its value. Be sure to use valid database | |
* characters only, usually alphanumeric and underscore. If no prefixes | |
* are desired, leave it as an empty string ''. | |
* | |
* To have all database names prefixed, set $db_prefix as a string: | |
* | |
* $db_prefix = 'main_'; | |
* | |
* To provide prefixes for specific tables, set $db_prefix as an array. | |
* The array's keys are the table names and the values are the prefixes. | |
* The 'default' element holds the prefix for any tables not specified | |
* elsewhere in the array. Example: | |
* | |
* $db_prefix = array( | |
* 'default' => 'main_', | |
* 'users' => 'shared_', | |
* 'sessions' => 'shared_', | |
* 'role' => 'shared_', | |
* 'authmap' => 'shared_', | |
* ); | |
* | |
* Database URL format: | |
* $db_url = 'mysql://username:password@localhost/databasename'; | |
* $db_url = 'mysqli://username:password@localhost/databasename'; | |
* $db_url = 'pgsql://username:password@localhost/databasename'; | |
*/ | |
$db_url = 'mysql://username:password@db_hostname/db_name?new_link=1&client_flags=CLIENT_SSL'; | |
#$db_url = 'mysqli://username:password@db_hostname/db_name?client_flags=MYSQLI_CLIENT_SSL+MYSQLI_CLIENT_FOUND_ROWS'; | |
$db_prefix = ''; | |
/** | |
* Access control for update.php script | |
* | |
* If you are updating your Drupal installation using the update.php script | |
* being not logged in as administrator, you will need to modify the access | |
* check statement below. Change the FALSE to a TRUE to disable the access | |
* check. After finishing the upgrade, be sure to open this file again | |
* and change the TRUE back to a FALSE! | |
*/ | |
$update_free_access = FALSE; | |
/** | |
* Base URL (optional). | |
* | |
* If you are experiencing issues with different site domains, | |
* uncomment the Base URL statement below (remove the leading hash sign) | |
* and fill in the absolute URL to your Drupal installation. | |
* | |
* You might also want to force users to use a given domain. | |
* See the .htaccess file for more information. | |
* | |
* Examples: | |
* $base_url = 'http://www.example.com'; | |
* $base_url = 'http://www.example.com:8888'; | |
* $base_url = 'http://www.example.com/drupal'; | |
* $base_url = 'https://www.example.com:8888/drupal'; | |
* | |
* It is not allowed to have a trailing slash; Drupal will add it | |
* for you. | |
*/ | |
# $base_url = 'http://www.example.com'; // NO trailing slash! | |
$base_url = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https://' : 'http://') . 'sandbox2.highlights.com'; | |
/** | |
* PHP settings: | |
* | |
* To see what PHP settings are possible, including whether they can | |
* be set at runtime (ie., when ini_set() occurs), read the PHP | |
* documentation at http://www.php.net/manual/en/ini.php#ini.list | |
* and take a look at the .htaccess file to see which non-runtime | |
* settings are used there. Settings defined here should not be | |
* duplicated there so as to avoid conflict issues. | |
*/ | |
ini_set('arg_separator.output', '&'); | |
ini_set('magic_quotes_runtime', 0); | |
ini_set('magic_quotes_sybase', 0); | |
ini_set('session.cache_expire', 200000); | |
ini_set('session.cache_limiter', 'none'); | |
ini_set('session.cookie_lifetime', 2000000); | |
ini_set('session.gc_maxlifetime', 200000); | |
ini_set('session.save_handler', 'user'); | |
ini_set('session.use_cookies', 1); | |
ini_set('session.use_only_cookies', 1); | |
ini_set('session.use_trans_sid', 0); | |
ini_set('url_rewriter.tags', ''); | |
/** | |
* If you encounter a situation where users post a large amount of text, and | |
* the result is stripped out upon viewing but can still be edited, Drupal's | |
* output filter may not have sufficient memory to process it. If you | |
* experience this issue, you may wish to uncomment the following two lines | |
* and increase the limits of these variables. For more information, see | |
* http://php.net/manual/en/pcre.configuration.php. | |
*/ | |
# ini_set('pcre.backtrack_limit', 200000); | |
# ini_set('pcre.recursion_limit', 200000); | |
/** | |
* Drupal automatically generates a unique session cookie name for each site | |
* based on on its full domain name. If you have multiple domains pointing at | |
* the same Drupal site, you can either redirect them all to a single domain | |
* (see comment in .htaccess), or uncomment the line below and specify their | |
* shared base domain. Doing so assures that users remain logged in as they | |
* cross between your various domains. | |
*/ | |
# $cookie_domain = 'example.com'; | |
/** | |
* Variable overrides: | |
* | |
* To override specific entries in the 'variable' table for this site, | |
* set them here. You usually don't need to use this feature. This is | |
* useful in a configuration file for a vhost or directory, rather than | |
* the default settings.php. Any configuration setting from the 'variable' | |
* table can be given a new value. Note that any values you provide in | |
* these variable overrides will not be modifiable from the Drupal | |
* administration interface. | |
* | |
* Remove the leading hash signs to enable. | |
*/ | |
# $conf = array( | |
# 'site_name' => 'My Drupal site', | |
# 'theme_default' => 'minnelli', | |
# 'anonymous' => 'Visitor', | |
/** | |
* A custom theme can be set for the off-line page. This applies when the site | |
* is explicitly set to off-line mode through the administration page or when | |
* the database is inactive due to an error. It can be set through the | |
* 'maintenance_theme' key. The template file should also be copied into the | |
* theme. It is located inside 'modules/system/maintenance-page.tpl.php'. | |
* Note: This setting does not apply to installation and update pages. | |
*/ | |
# 'maintenance_theme' => 'minnelli', | |
/** | |
* reverse_proxy accepts a boolean value. | |
* | |
* Enable this setting to determine the correct IP address of the remote | |
* client by examining information stored in the X-Forwarded-For headers. | |
* X-Forwarded-For headers are a standard mechanism for identifying client | |
* systems connecting through a reverse proxy server, such as Squid or | |
* Pound. Reverse proxy servers are often used to enhance the performance | |
* of heavily visited sites and may also provide other site caching, | |
* security or encryption benefits. If this Drupal installation operates | |
* behind a reverse proxy, this setting should be enabled so that correct | |
* IP address information is captured in Drupal's session management, | |
* logging, statistics and access management systems; if you are unsure | |
* about this setting, do not have a reverse proxy, or Drupal operates in | |
* a shared hosting environment, this setting should be set to disabled. | |
*/ | |
# 'reverse_proxy' => TRUE, | |
/** | |
* reverse_proxy accepts an array of IP addresses. | |
* | |
* Each element of this array is the IP address of any of your reverse | |
* proxies. Filling this array Drupal will trust the information stored | |
* in the X-Forwarded-For headers only if Remote IP address is one of | |
* these, that is the request reaches the web server from one of your | |
* reverse proxies. Otherwise, the client could directly connect to | |
* your web server spoofing the X-Forwarded-For headers. | |
*/ | |
# 'reverse_proxy_addresses' => array('a.b.c.d', ...), | |
# ); | |
/** | |
* String overrides: | |
* | |
* To override specific strings on your site with or without enabling locale | |
* module, add an entry to this list. This functionality allows you to change | |
* a small number of your site's default English language interface strings. | |
* | |
* Remove the leading hash signs to enable. | |
*/ | |
# $conf['locale_custom_strings_en'] = array( | |
# 'forum' => 'Discussion board', | |
# '@count min' => '@count minutes', | |
# ); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment