diff --git a/api/index.php b/api/index.php index 823b9527e..d28ab763a 100644 --- a/api/index.php +++ b/api/index.php @@ -13,6 +13,7 @@ define('TTRSS_SESSION_NAME', 'ttrss_api_sid'); define('NO_SESSION_AUTOSTART', true); + require_once "autoload.php"; require_once "db.php"; require_once "db-prefs.php"; require_once "functions.php"; diff --git a/backend.php b/backend.php index 40e40aeb3..b583d379e 100644 --- a/backend.php +++ b/backend.php @@ -37,6 +37,7 @@ @$csrf_token = $_REQUEST['csrf_token']; + require_once "autoload.php"; require_once "sessions.php"; require_once "functions.php"; require_once "config.php"; diff --git a/classes/db.php b/classes/db.php index 71fc01ae1..558d3e6b7 100644 --- a/classes/db.php +++ b/classes/db.php @@ -2,6 +2,7 @@ class Db implements IDb { private static $instance; private $adapter; + private $link; private function __construct() { switch (DB_TYPE) { @@ -12,11 +13,11 @@ class Db implements IDb { $this->adapter = new Db_Pgsql(); break; default: - die("Unknown DB_TYPE: " . DB_TYPE); + user_error("Unknown DB_TYPE: " . DB_TYPE); } - $this->adapter->connect(DB_HOST, DB_USER, DB_PASS, DB_NAME, DB_PORT); - $this->adapter->init(); + $this->link = $this->adapter->connect(DB_HOST, DB_USER, DB_PASS, DB_NAME, DB_PORT); + } private function __clone() { @@ -40,6 +41,7 @@ class Db implements IDb { function connect($host, $user, $pass, $db, $port) { //return $this->adapter->connect($host, $user, $pass, $db, $port); + return $this->link; } function escape_string($s, $strip_tags = true) { diff --git a/classes/db/mysql.php b/classes/db/mysql.php index fa97dcff1..64c35ebdc 100644 --- a/classes/db/mysql.php +++ b/classes/db/mysql.php @@ -9,6 +9,9 @@ class Db_Mysql implements IDb { if (!$result) { die("Can't select DB: " . mysql_error($this->link)); } + + $this->init(); + return $this->link; } else { die("Unable to connect to database (as $user to $host, database $db): " . mysql_error()); diff --git a/classes/db/pgsql.php b/classes/db/pgsql.php index c9ec33887..0f38fb8cb 100644 --- a/classes/db/pgsql.php +++ b/classes/db/pgsql.php @@ -23,6 +23,8 @@ class Db_Pgsql implements IDb { die("Unable to connect to database (as $user to $host, database $db):" . pg_last_error()); } + $this->init(); + return $this->link; } diff --git a/classes/sessionhandler.php b/classes/sessionhandler.php new file mode 100644 index 000000000..66d8dd86c --- /dev/null +++ b/classes/sessionhandler.php @@ -0,0 +1,73 @@ +db = Db::get(); + + session_set_save_handler("SessionHandler::open", "SessionHandler::close", + "SessionHandler::read", "SessionHandler::write", "SessionHandler::destroy", + "SessionHandler::gc"); + } + + public static function open($save_path, $name) { } + + + public static function read ($id){ + + $query = "SELECT data FROM ttrss_sessions WHERE id='$id'"; + + $res = $this->db->query("SELECT data FROM ttrss_sessions WHERE id='$id'"); + + if ($this->db->num_rows($res) != 1) { + + "INSERT INTO ttrss_sessions (id, data, expire) + VALUES ('$id', '$data', '$expire')"; + + + + } else { + $data = $this->db->fetch_result($res, 0, "data"); + return base64_decode($data); + } + + } + + public static function write($id, $data) { + if (! $data) { + return false; + } + + $data = $this->db->escape_string( base64_encode($data), false); + + $expire = time() + max(SESSION_COOKIE_LIFETIME, 86400); + + $query = "UPDATE ttrss_sessions SET data='$data', + expire = '$expire' WHERE id='$id'"; + + $this->db->query( $query); + return true; + } + + public static function close () { } + + public static function destroy($session_id) { + $this->db->query("DELETE FROM ttrss_sessions WHERE id = '$session_id'"); + return true; + } + + public static function gc($maxLifeTime) { + $this->db->query("DELETE FROM ttrss_sessions WHERE expire < " time() - $maxLifeTime); + return true; + } + +} +?> diff --git a/include/autoload.php b/include/autoload.php new file mode 100644 index 000000000..40c63d547 --- /dev/null +++ b/include/autoload.php @@ -0,0 +1,12 @@ + diff --git a/include/db.php b/include/db.php index a70a1d878..cfa4ccda5 100644 --- a/include/db.php +++ b/include/db.php @@ -1,138 +1,44 @@ connect($host, $user, $pass, $db, 0); } function db_escape_string($link, $s, $strip_tags = true) { - if ($strip_tags) $s = strip_tags($s); - - if (DB_TYPE == "pgsql") { - return pg_escape_string($link, $s); - } else { - return mysql_real_escape_string($s, $link); - } + return Db::get()->escape_string($s, $strip_tags); } function db_query($link, $query, $die_on_error = true) { - if (DB_TYPE == "pgsql") { - $result = pg_query($link, $query); - if (!$result) { - $query = htmlspecialchars($query); // just in case - if ($die_on_error) { - die("Query $query failed [$result]: " . ($link ? pg_last_error($link) : "No connection")); - } - } - return $result; - } else if (DB_TYPE == "mysql") { - $result = mysql_query($query, $link); - if (!$result) { - $query = htmlspecialchars($query); - if ($die_on_error) { - die("Query $query failed: " . ($link ? mysql_error($link) : "No connection")); - } - } - return $result; - } + return Db::get()->query($query, $die_on_error); } function db_fetch_assoc($result) { - if (DB_TYPE == "pgsql") { - return pg_fetch_assoc($result); - } else if (DB_TYPE == "mysql") { - return mysql_fetch_assoc($result); - } + return Db::get()->fetch_assoc($result); } function db_num_rows($result) { - if (DB_TYPE == "pgsql") { - return pg_num_rows($result); - } else if (DB_TYPE == "mysql") { - return mysql_num_rows($result); - } + return Db::get()->num_rows($result); } function db_fetch_result($result, $row, $param) { - if (DB_TYPE == "pgsql") { - return pg_fetch_result($result, $row, $param); - } else if (DB_TYPE == "mysql") { - // I hate incoherent naming of PHP functions - return mysql_result($result, $row, $param); - } -} - -function db_unescape_string($str) { - $tmp = str_replace("\\\"", "\"", $str); - $tmp = str_replace("\\'", "'", $tmp); - return $tmp; + return Db::get()->fetch_result($result, $row, $param); } function db_close($link) { - if (DB_TYPE == "pgsql") { - - return pg_close($link); - - } else if (DB_TYPE == "mysql") { - return mysql_close($link); - } + return Db::get()->close(); } function db_affected_rows($link, $result) { - if (DB_TYPE == "pgsql") { - return pg_affected_rows($result); - } else if (DB_TYPE == "mysql") { - return mysql_affected_rows($link); - } + return Db::get()->affected_rows($result); } function db_last_error($link) { - if (DB_TYPE == "pgsql") { - return pg_last_error($link); - } else if (DB_TYPE == "mysql") { - return mysql_error($link); - } + return Db::get()->last_error(); } function db_quote($str){ - return("'$str'"); + return Db::get()->quote($str); } ?> diff --git a/include/errorhandler.php b/include/errorhandler.php index f7fadc172..45496b18b 100644 --- a/include/errorhandler.php +++ b/include/errorhandler.php @@ -1,7 +1,7 @@ diff --git a/include/functions.php b/include/functions.php index 0a686e71e..f0d5e85fa 100644 --- a/include/functions.php +++ b/include/functions.php @@ -10,17 +10,6 @@ $fetch_last_content_type = false; $pluginhost = false; - function __autoload($class) { - $class_file = str_replace("_", "/", strtolower(basename($class))); - - $file = dirname(__FILE__)."/../classes/$class_file.php"; - - if (file_exists($file)) { - require $file; - } - - } - mb_internal_encoding("UTF-8"); date_default_timezone_set('UTC'); if (defined('E_DEPRECATED')) { diff --git a/include/sessions.php b/include/sessions.php index bc8b7cff1..f6e8bfe61 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -2,7 +2,8 @@ // Original from http://www.daniweb.com/code/snippet43.html require_once "config.php"; - require_once "db.php"; + require_once "classes/db.php"; + require_once "autoload.php"; require_once "errorhandler.php"; require_once "lib/accept-to-gettext.php"; require_once "lib/gettext/gettext.inc"; @@ -22,14 +23,12 @@ ini_set("session.gc_maxlifetime", $session_expire); ini_set("session.cookie_lifetime", min(0, SESSION_COOKIE_LIFETIME)); - global $session_connection; - - function session_get_schema_version($link, $nocache = false) { + function session_get_schema_version($nocache = false) { global $schema_version; if (!$schema_version) { - $result = db_query($link, "SELECT schema_version FROM ttrss_version"); - $version = db_fetch_result($result, 0, "schema_version"); + $result = Db::get()->query("SELECT schema_version FROM ttrss_version"); + $version = Db::get()->fetch_result($result, 0, "schema_version"); $schema_version = $version; return $version; } else { @@ -39,7 +38,6 @@ function validate_session($link) { if (SINGLE_USER_MODE) return true; - if (!$link) return false; if (VERSION != $_SESSION["version"]) return false; @@ -64,21 +62,21 @@ return false; } - if ($_SESSION["ref_schema_version"] != session_get_schema_version($link, true)) + if ($_SESSION["ref_schema_version"] != session_get_schema_version(true)) return false; if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"]) return false; if ($_SESSION["uid"]) { - $result = db_query($link, + $result = Db::get()->query( "SELECT pwd_hash FROM ttrss_users WHERE id = '".$_SESSION["uid"]."'"); // user not found - if (db_num_rows($result) == 0) { + if (Db::get()->num_rows($result) == 0) { return false; } else { - $pwd_hash = db_fetch_result($result, 0, "pwd_hash"); + $pwd_hash = Db::get()->fetch_result($result, 0, "pwd_hash"); if ($pwd_hash != $_SESSION["pwd_hash"]) { return false; @@ -86,101 +84,63 @@ } } -/* if ($_SESSION["cookie_lifetime"] && $_SESSION["uid"]) { - - //print_r($_SESSION); - - if (time() > $_SESSION["cookie_lifetime"]) { - return false; - } - } */ - return true; } function ttrss_open ($s, $n) { - global $session_connection; - - $session_connection = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); - return true; } function ttrss_read ($id){ + global $session_expire; + + $res = Db::get()->query("SELECT data FROM ttrss_sessions WHERE id='$id'"); - global $session_connection,$session_read; + if (Db::get()->num_rows($res) != 1) { - $query = "SELECT data FROM ttrss_sessions WHERE id='$id'"; + $expire = time() + $session_expire; - $res = db_query($session_connection, $query); + Db::get()->query("INSERT INTO ttrss_sessions (id, data, expire) + VALUES ('$id', '', '$expire')"); - if (db_num_rows($res) != 1) { return ""; } else { - $session_read = db_fetch_assoc($res); - $session_read["data"] = base64_decode($session_read["data"]); - return $session_read["data"]; + return base64_decode(Db::get()->fetch_result($res, 0, "data")); } + } function ttrss_write ($id, $data) { + global $session_expire; - if (! $data) { - return false; - } - - global $session_connection, $session_read, $session_expire; - + $data = base64_encode($data); $expire = time() + $session_expire; - $data = db_escape_string($session_connection, base64_encode($data), false); - - if ($session_read) { - $query = "UPDATE ttrss_sessions SET data='$data', - expire='$expire' WHERE id='$id'"; - } else { - $query = "INSERT INTO ttrss_sessions (id, data, expire) - VALUES ('$id', '$data', '$expire')"; - } + Db::get()->query("UPDATE ttrss_sessions SET data='$data', expire='$expire' WHERE id='$id'"); - db_query($session_connection, $query); return true; } function ttrss_close () { - - global $session_connection; - - //db_close($session_connection); - return true; } - function ttrss_destroy ($id) { - - global $session_connection; - - $query = "DELETE FROM ttrss_sessions WHERE id = '$id'"; - - db_query($session_connection, $query); + function ttrss_destroy($id) { + Db::get()->query("DELETE FROM ttrss_sessions WHERE id = '$id'"); return true; } function ttrss_gc ($expire) { - - global $session_connection; - - $query = "DELETE FROM ttrss_sessions WHERE expire < " . time(); - - db_query($session_connection, $query); + Db::get()->query("DELETE FROM ttrss_sessions WHERE expire < " . time()); } if (!SINGLE_USER_MODE /* && DB_TYPE == "pgsql" */) { session_set_save_handler("ttrss_open", "ttrss_close", "ttrss_read", "ttrss_write", "ttrss_destroy", "ttrss_gc"); + register_shutdown_function('session_write_close'); } if (!defined('NO_SESSION_AUTOSTART')) { diff --git a/index.php b/index.php index c21b46809..66e236dae 100644 --- a/index.php +++ b/index.php @@ -19,6 +19,7 @@ set_include_path(dirname(__FILE__) ."/include" . PATH_SEPARATOR . get_include_path()); + require_once "autoload.php"; require_once "sessions.php"; require_once "functions.php"; require_once "sanity_check.php"; diff --git a/opml.php b/opml.php index ad866fbd5..709cfd4cc 100644 --- a/opml.php +++ b/opml.php @@ -2,6 +2,7 @@ set_include_path(dirname(__FILE__) ."/include" . PATH_SEPARATOR . get_include_path()); + require_once "autoload.php"; require_once "functions.php"; require_once "sessions.php"; require_once "sanity_check.php"; diff --git a/prefs.php b/prefs.php index 046d5eb76..7a7d2842c 100644 --- a/prefs.php +++ b/prefs.php @@ -12,6 +12,7 @@ exit; } + require_once "autoload.php"; require_once "sessions.php"; require_once "functions.php"; require_once "sanity_check.php"; diff --git a/public.php b/public.php index 1a50538fb..ae6ae44b2 100644 --- a/public.php +++ b/public.php @@ -17,6 +17,7 @@ $_REQUEST = array_map('stripslashes_deep', $_REQUEST); } + require_once "autoload.php"; require_once "sessions.php"; require_once "functions.php"; require_once "sanity_check.php"; diff --git a/register.php b/register.php index 9aec6dde7..d7c60d4f0 100644 --- a/register.php +++ b/register.php @@ -8,7 +8,7 @@ get_include_path()); require_once 'classes/ttrssmailer.php'; - + require_once "autoload.php"; require_once "functions.php"; require_once "sessions.php"; require_once "sanity_check.php"; diff --git a/update.php b/update.php index ffe54cc7c..d9009f965 100755 --- a/update.php +++ b/update.php @@ -7,6 +7,7 @@ chdir(dirname(__FILE__)); + require_once "autoload.php"; require_once "functions.php"; require_once "rssfuncs.php"; require_once "config.php"; diff --git a/update_daemon2.php b/update_daemon2.php index e8a56eec9..6d13add00 100755 --- a/update_daemon2.php +++ b/update_daemon2.php @@ -14,6 +14,7 @@ define('DAEMON_EXTENDED_DEBUG', true); } + require_once "autoload.php"; require_once "functions.php"; require_once "rssfuncs.php"; require_once "sanity_check.php";