Inicio Explorar Axuda
Iniciar sesión
fusionpbx
/
fusionpbx-framework
réplica de https://github.com/fusionpbx/fusionpbx-framework.git
2
0
Fork 0
Ficheiros Incidencias 0 Wiki
Rama: patch-1
Ramas Etiquetas
fusionpbx-frame...
/
resources
/
pdo.php

pdo.php 11 KB
Permalink Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384 
  1. <?php
    2. 

  2. /*
    3. 

  3.  FusionPBX
    4. 

  4.  Version: MPL 1.1
    5. 

  5. 

  6.  The contents of this file are subject to the Mozilla Public License Version
    7. 

  7.  1.1 (the "License"); you may not use this file except in compliance with
    8. 

  8.  the License. You may obtain a copy of the License at
    9. 

  9.  http://www.mozilla.org/MPL/
    10. 

  10. 

  11.  Software distributed under the License is distributed on an "AS IS" basis,
    12. 

  12.  WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
    13. 

  13.  for the specific language governing rights and limitations under the
    14. 

  14.  License.
    15. 

  15. 

  16.  The Original Code is FusionPBX
    17. 

  17. 

  18.  The Initial Developer of the Original Code is
    19. 

  19.  Mark J Crane <[email protected]>
    20. 

  20.  Portions created by the Initial Developer are Copyright (C) 2008-2016
    21. 

  21.  the Initial Developer. All Rights Reserved.
    22. 

  22. 

  23.  Contributor(s):
    24. 

  24.  Mark J Crane <[email protected]>
    25. 

  25.  Raymond Chandler <[email protected]>
    26. 

  26.  */
    27. 

  27. 

  28. //includes
    29. 

  29. 	include "root.php";
    30. 

  30. 	require_once "resources/functions.php";
    31. 

  31. 

  32. //set defaults
    33. 

  33. 	if (isset($dbtype)) {
    34. 

  34. 		$db_type = $dbtype;
    35. 

  35. 	}
    36. 

  36. 	if (isset($dbhost)) {
    37. 

  37. 		$db_host = $dbhost;
    38. 

  38. 	}
    39. 

  39. 	if (isset($dbport)) {
    40. 

  40. 		$db_port = $dbport;
    41. 

  41. 	}
    42. 

  42. 	if (isset($dbname)) {
    43. 

  43. 		$db_name = $dbname;
    44. 

  44. 	}
    45. 

  45. 	if (isset($dbusername)) {
    46. 

  46. 		$db_username = $dbusername;
    47. 

  47. 	}
    48. 

  48. 	if (isset($dbpassword)) {
    49. 

  49. 		$db_password = $dbpassword;
    50. 

  50. 	}
    51. 

  51. 	if (isset($db_file_path)) {
    52. 

  52. 		$db_path = $db_file_path;
    53. 

  53. 	}
    54. 

  54. 	if (isset($dbfilename)) {
    55. 

  55. 		$db_name = $dbfilename;
    56. 

  56. 	}
    57. 

  57. 	if (isset($dbsecure)) {
    58. 

  58. 		$db_secure = $dbsecure;
    59. 

  59. 	}
    60. 

  60. 	if (isset($dbcertauthority)) {
    61. 

  61. 		$db_cert_authority = $dbcertauthority;
    62. 

  62. 	}
    63. 

  63. 

  64. if (!function_exists('get_db_field_names')) {
    65. 

  65. 	function get_db_field_names($db, $table, $db_name='fusionpbx') {
    66. 

  66. 		$query = sprintf('SELECT * FROM %s LIMIT 1', $table);
    67. 

  67. 		foreach ($db->query($query, PDO::FETCH_ASSOC) as $row) {
    68. 

  68. 			return array_keys($row);
    69. 

  69. 		}
    70. 

  70. 

  71. 		// if we're still here, we need to try something else
    72. 

  72. 		$fields 	= array();
    73. 

  73. 		$driver = $db->getAttribute(PDO::ATTR_DRIVER_NAME);
    74. 

  74. 		if ($driver == 'sqlite') {
    75. 

  75. 			$query 		= sprintf("Pragma table_info(%s);", $table);
    76. 

  76. 			$stmt 		= $db->prepare($query);
    77. 

  77. 			$result 	= $stmt->execute();
    78. 

  78. 			$rows 		= $stmt->fetchAll(PDO::FETCH_NAMED);
    79. 

  79. 			//printf('<pre>%s</pre>', print_r($rows, true));
    80. 

  80. 			$row_count 	= count($rows);
    81. 

  81. 			//printf('<pre>%s</pre>', print_r($rows, true));
    82. 

  82. 			for ($i = 0; $i < $row_count; $i++) {
    83. 

  83. 				array_push($fields, $rows[$i]['name']);
    84. 

  84. 			}
    85. 

  85. 			return $fields;
    86. 

  86. 		} else {
    87. 

  87. 			$query 		= sprintf("SELECT * FROM information_schema.columns
    88. 

  88. 			WHERE table_schema='%s' AND table_name='%s';"
    89. 

  89. 			, $db_name, $table
    90. 

  90. 			);
    91. 

  91. 			$stmt 		= $db->prepare($query);
    92. 

  92. 			$result 	= $stmt->execute();
    93. 

  93. 			$rows 		= $stmt->fetchAll(PDO::FETCH_NAMED);
    94. 

  94. 			$row_count 	= count($rows);
    95. 

  95. 			//printf('<pre>%s</pre>', print_r($rows, true));
    96. 

  96. 			for ($i = 0; $i < $row_count; $i++) {
    97. 

  97. 				array_push($fields, $rows[$i]['COLUMN_NAME']);
    98. 

  98. 			}
    99. 

  99. 			return $fields;
    100. 

  100. 		}
    101. 

  101. 	}
    102. 

  102. }
    103. 

  103. 

  104. if ($db_type == "sqlite") {
    105. 

  105. 

  106. 	//set the document_root
    107. 

  107. 		if (strlen($document_root) == 0) {
    108. 

  108. 			$document_root = $_SERVER["DOCUMENT_ROOT"];
    109. 

  109. 		}
    110. 

  110. 

  111. 	//prepare the database connection
    112. 

  112. 		if (strlen($db_name) == 0) {
    113. 

  113. 			//if (strlen($_SERVER["SERVER_NAME"]) == 0) { $_SERVER["SERVER_NAME"] = "http://localhost"; }
    114. 

  114. 			$server_name = $_SERVER["SERVER_NAME"];
    115. 

  115. 			$server_name = str_replace ("www.", "", $server_name);
    116. 

  116. 			//$server_name = str_replace (".", "_", $server_name);
    117. 

  117. 			$db_name_short = $server_name;
    118. 

  118. 			$db_name = $server_name.'.db';
    119. 

  119. 		}
    120. 

  120. 		else {
    121. 

  121. 			$db_name_short = $db_name;
    122. 

  122. 		}
    123. 

  123. 

  124. 		$db_path = realpath($db_path);
    125. 

  125. 		if (file_exists($db_path.'/'.$db_name)) {
    126. 

  126. 			//echo "database file exists<br>";
    127. 

  127. 		}
    128. 

  128. 		else {
    129. 

  129. 			if (is_writable($db_path.'/'.$db_name)) {
    130. 

  130. 				//use database in current location
    131. 

  131. 			}
    132. 

  132. 			else {
    133. 

  133. 				//not writable
    134. 

  134. 				echo "The database ".$db_path."/".$db_name." does not exist or is not writable.";
    135. 

  135. 				exit;
    136. 

  136. 			}
    137. 

  137. 		}
    138. 

  138. 

  139. 		if (!function_exists('php_md5')) {
    140. 

  140. 			function php_md5($string) {
    141. 

  141. 				return md5($string);
    142. 

  142. 			}
    143. 

  143. 		}
    144. 

  144. 		if (!function_exists('php_unix_timestamp')) {
    145. 

  145. 			function php_unix_timestamp($string) {
    146. 

  146. 				return strtotime($string);
    147. 

  147. 			}
    148. 

  148. 		}
    149. 

  149. 		if (!function_exists('php_now')) {
    150. 

  150. 			function php_now() {
    151. 

  151. 				return date("Y-m-d H:i:s");
    152. 

  152. 			}
    153. 

  153. 		}
    154. 

  154. 		if (!function_exists('php_left')) {
    155. 

  155. 			function php_left($string, $num) {
    156. 

  156. 				return substr($string, 0, $num);
    157. 

  157. 			}
    158. 

  158. 		}
    159. 

  159. 		if (!function_exists('php_right')) {
    160. 

  160. 			function php_right($string, $num) {
    161. 

  161. 				return substr($string, (strlen($string)-$num), strlen($string));
    162. 

  162. 			}
    163. 

  163. 		}
    164. 

  164. 		if (!function_exists('php_sqlite_data_type')) {
    165. 

  165. 			function php_sqlite_data_type($string, $field) {
    166. 

  166. 

  167. 				//get the string between the start and end characters
    168. 

  168. 				$start = '(';
    169. 

  169. 				$end = ')';
    170. 

  170. 				$ini = stripos($string,$start);
    171. 

  171. 				if ($ini == 0) return "";
    172. 

  172. 				$ini += strlen($start);
    173. 

  173. 				$len = stripos($string,$end,$ini) - $ini;
    174. 

  174. 				$string = substr($string,$ini,$len);
    175. 

  175. 

  176. 				$str_data_type = '';
    177. 

  177. 				$string_array = explode(',', $string);
    178. 

  178. 				foreach($string_array as $lnvalue) {
    179. 

  179. 					$fieldlistarray = explode (" ", $value);
    180. 

  180. 					unset($fieldarray, $string, $field);
    181. 

  181. 				}
    182. 

  182. 

  183. 				return $str_data_type;
    184. 

  184. 			}
    185. 

  185. 		}
    186. 

  186. 

  187. 	//database connection
    188. 

  188. 		try {
    189. 

  189. 			//create the database connection object
    190. 

  190. 				//$db = new PDO('sqlite2:example.db'); //sqlite 2
    191. 

  191. 				//$db = new PDO('sqlite::memory:'); //sqlite 3
    192. 

  192. 				$db = new PDO('sqlite:'.$db_path.'/'.$db_name); //sqlite 3
    193. 

  193. 			//enable foreign key constraints
    194. 

  194. 				$db->query('PRAGMA foreign_keys = ON;');
    195. 

  195. 			//add additional functions to SQLite so that they are accessible inside SQL
    196. 

  196. 				//bool PDO::sqliteCreateFunction ( string function_name, callback callback [, int num_args] )
    197. 

  197. 				$db->sqliteCreateFunction('md5', 'php_md5', 1);
    198. 

  198. 				$db->sqliteCreateFunction('unix_timestamp', 'php_unix_timestamp', 1);
    199. 

  199. 				$db->sqliteCreateFunction('now', 'php_now', 0);
    200. 

  200. 				$db->sqliteCreateFunction('sqlitedatatype', 'php_sqlite_data_type', 2);
    201. 

  201. 				$db->sqliteCreateFunction('strleft', 'php_left', 2);
    202. 

  202. 				$db->sqliteCreateFunction('strright', 'php_right', 2);
    203. 

  203. 		}
    204. 

  204. 		catch (PDOException $error) {
    205. 

  205. 			print "error: " . $error->getMessage() . "<br/>";
    206. 

  206. 			die();
    207. 

  207. 		}
    208. 

  208. } //end if db_type sqlite
    209. 

  209. 

  210. 

  211. if ($db_type == "mysql") {
    212. 

  212. 	//database connection
    213. 

  213. 	try {
    214. 

  214. 		//required for mysql_real_escape_string
    215. 

  215. 			if (function_exists('mysql_connect')) {
    216. 

  216. 				$mysql_connection = @mysql_connect($db_host, $db_username, $db_password);
    217. 

  217. 				//$mysql_connection = mysqli_connect($db_host, $db_username, $db_password,$db_name) or die("Error " . mysqli_error($link));
    218. 

  218. 			}
    219. 

  219. 		//mysql pdo connection
    220. 

  220. 			if (strlen($db_host) == 0 && strlen($db_port) == 0) {
    221. 

  221. 				//if both host and port are empty use the unix socket
    222. 

  222. 				$db = new PDO("mysql:host=$db_host;unix_socket=/var/run/mysqld/mysqld.sock;dbname=$db_name;charset=utf8;", $db_username, $db_password);
    223. 

  223. 			}
    224. 

  224. 			else {
    225. 

  225. 				if (strlen($db_port) == 0) {
    226. 

  226. 					//leave out port if it is empty
    227. 

  227. 					$db = new PDO("mysql:host=$db_host;dbname=$db_name;charset=utf8;", $db_username, $db_password, array(
    228. 

  228. 					PDO::ATTR_ERRMODE,
    229. 

  229. 					PDO::ERRMODE_EXCEPTION
    230. 

  230. 					));
    231. 

  231. 				}
    232. 

  232. 				else {
    233. 

  233. 					$db = new PDO("mysql:host=$db_host;port=$db_port;dbname=$db_name;charset=utf8;", $db_username, $db_password, array(
    234. 

  234. 					PDO::ATTR_ERRMODE,
    235. 

  235. 					PDO::ERRMODE_EXCEPTION
    236. 

  236. 					));
    237. 

  237. 				}
    238. 

  238. 			}
    239. 

  239. 	}
    240. 

  240. 	catch (PDOException $error) {
    241. 

  241. 		print "error: " . $error->getMessage() . "<br/>";
    242. 

  242. 		die();
    243. 

  243. 	}
    244. 

  244. } //end if db_type mysql
    245. 

  245. 

  246. if ($db_type == "pgsql") {
    247. 

  247. 	//database connection
    248. 

  248. 	try {
    249. 

  249. 		if (isset($db_secure)) {
    250. 

  250. 			$dbissecure = $db_secure;
    251. 

  251. 		}
    252. 

  252. 		else {
    253. 

  253. 			$dbissecure = false;
    254. 

  254. 		}
    255. 

  255. 		if (strlen($db_host) > 0) {
    256. 

  256. 			if (strlen($db_port) == 0) { $db_port = "5432"; }
    257. 

  257. 			if ($dbissecure == true) {
    258. 

  258. 				$db = new PDO("pgsql:host=$db_host port=$db_port dbname=$db_name user=$db_username password=$db_password sslmode=verify-ca sslrootcert=$db_cert_authority");
    259. 

  259. 			}
    260. 

  260. 			else {
    261. 

  261. 				$db = new PDO("pgsql:host=$db_host port=$db_port dbname=$db_name user=$db_username password=$db_password");
    262. 

  262. 			}
    263. 

  263. 		}
    264. 

  264. 		else {
    265. 

  265. 			$db = new PDO("pgsql:dbname=$db_name user=$db_username password=$db_password");
    266. 

  266. 		}
    267. 

  267. 	}
    268. 

  268. 	catch (PDOException $error) {
    269. 

  269. 		print "error: " . $error->getMessage() . "<br/>";
    270. 

  270. 		die();
    271. 

  271. 	}
    272. 

  272. } //end if db_type pgsql
    273. 

  273. 

  274. //get the domain list
    275. 

  275. 	if (!is_array($_SESSION['domains']) or !isset($_SESSION["domain_uuid"])) {
    276. 

  276. 

  277. 		//get the domain
    278. 

  278. 			$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
    279. 

  279. 

  280. 		//get the domains from the database
    281. 

  281. 			$sql = "select * from v_domains";
    282. 

  282. 			$prep_statement = $db->prepare($sql);
    283. 

  283. 			$prep_statement->execute();
    284. 

  284. 			$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
    285. 

  285. 			foreach($result as $row) {
    286. 

  286. 				$domain_names[] = $row['domain_name'];
    287. 

  287. 			}
    288. 

  288. 			unset($prep_statement);
    289. 

  289. 

  290. 		//put the domains in natural order
    291. 

  291. 			if (is_array($domain_names)) {
    292. 

  292. 				natsort($domain_names);
    293. 

  293. 			}
    294. 

  294. 

  295. 		//build the domains array in the correct order
    296. 

  296. 			if (is_array($domain_names)) { 
    297. 

  297. 				foreach ($domain_names as $dn) {
    298. 

  298. 					foreach ($result as $row) {
    299. 

  299. 						if ($row['domain_name'] == $dn) {
    300. 

  300. 							$domains[] = $row;
    301. 

  301. 						}
    302. 

  302. 					}
    303. 

  303. 				}
    304. 

  304. 				unset($result);
    305. 

  305. 			}
    306. 

  306. 

  307. 			if (is_array($domains)) { 
    308. 

  308. 				foreach($domains as $row) {
    309. 

  309. 					if (count($domains) == 1) {
    310. 

  310. 						$_SESSION["domain_uuid"] = $row["domain_uuid"];
    311. 

  311. 						$_SESSION["domain_name"] = $row['domain_name'];
    312. 

  312. 					}
    313. 

  313. 					else {
    314. 

  314. 						if ($row['domain_name'] == $domain_array[0] || $row['domain_name'] == 'www.'.$domain_array[0]) {
    315. 

  315. 							$_SESSION["domain_uuid"] = $row["domain_uuid"];
    316. 

  316. 							$_SESSION["domain_name"] = $row["domain_name"];
    317. 

  317. 						}
    318. 

  318. 					}
    319. 

  319. 					$_SESSION['domains'][$row['domain_uuid']] = $row;
    320. 

  320. 				}
    321. 

  321. 				unset($domains, $prep_statement);
    322. 

  322. 			}
    323. 

  323. 	}
    324. 

  324. 

  325. //get the software name
    326. 

  326. 	if (!isset($_SESSION["software_name"])) {
    327. 

  327. 		$sql = "select * from v_software ";
    328. 

  328. 		$prep_statement = $db->prepare(check_sql($sql));
    329. 

  329. 		if ($prep_statement) {
    330. 

  330. 			$prep_statement->execute();
    331. 

  331. 			$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
    332. 

  332. 			$_SESSION["software_name"] = $row['software_name'];
    333. 

  333. 		}
    334. 

  334. 		unset($prep_statement, $result);
    335. 

  335. 	}
    336. 

  336. 

  337. //set the setting arrays
    338. 

  338. 	if (!isset($_SESSION['domain']['menu'])){
    339. 

  339. 		require "resources/classes/domains.php";
    340. 

  340. 		$domain = new domains();
    341. 

  341. 		$domain->db = $db;
    342. 

  342. 		$domain->set();
    343. 

  343. 	}
    344. 

  344. 

  345. //set the domain_uuid variable from the session
    346. 

  346. 	if (strlen($_SESSION["domain_uuid"]) > 0) {
    347. 

  347. 		$domain_uuid = $_SESSION["domain_uuid"];
    348. 

  348. 	}
    349. 

  349. 	else {
    350. 

  350. 		$domain_uuid = uuid();
    351. 

  351. 	}
    352. 

  352. 

  353. //check the domain cidr range 
    354. 

  354. 	if (isset($_SESSION['domain']["cidr"]) && !defined('STDIN')) {
    355. 

  355. 		$found = false;
    356. 

  356. 		foreach($_SESSION['domain']["cidr"] as $cidr) {
    357. 

  357. 			if (check_cidr($cidr, $_SERVER['REMOTE_ADDR'])) {
    358. 

  358. 				$found = true;
    359. 

  359. 				break;
    360. 

  360. 			}
    361. 

  361. 		}
    362. 

  362. 		if (!$found) {
    363. 

  363. 			echo "access denied";
    364. 

  364. 			exit;
    365. 

  365. 		}
    366. 

  366. 	}
    367. 

  367. 

  368. //check the api cidr range
    369. 

  369. 	if (isset($_SESSION['api']["cidr"])) {
    370. 

  370. 		$found = false;
    371. 

  371. 		foreach($_SESSION['api']["cidr"] as $cidr) {
    372. 

  372. 			if (check_cidr($cidr, $_SERVER['REMOTE_ADDR'])) {
    373. 

  373. 				$found = true;
    374. 

  374. 				break;
    375. 

  375. 			}
    376. 

  376. 		}
    377. 

  377. 		if (!$found) {
    378. 

  378. 			unset ($_REQUEST['key']);
    379. 

  379. 			unset ($_POST['key']);
    380. 

  380. 			unset ($_GET['key']);
    381. 

  381. 		}
    382. 

  382. 	}
    383. 

  383. 

  384. ?>
    385.