
204 Zeilen
Kein EOL
5,6 KiB

* Project:
* Contenido Content Management System
* Description:
* PHPLIB Data Storage Container using a SQL database
* Requirements:
* @con_php_req 5
* @package ContenidoBackendArea
* @version 1.1.1
* @author Boris Erdmann, Kristian Koehntopp, Sascha Schumann <>
* @copyright four for business AG <>
* @license
* @link
* @link
* @since file available since contenido release <Contenido Version>
* @deprecated file deprecated in contenido release <Contenido Version>
* {@internal
* created 2002-07-21
* modified 2008-07-03, bilal arslan, added security fix
* modified 2009-11-06, Murat Purc, replaced deprecated functions (PHP 5.3 ready)
* $Id: 1094 2009-11-06 01:22:13Z xmurrix $:
* }}
if(!defined('CON_FRAMEWORK')) {
die('Illegal call');
class CT_Sql {
## Define these parameters by overwriting or by
## deriving your own class from it (recommened)
var $database_lock_semaphore = "";
var $encoding_mode = "base64";
## end of configuration
var $db;
function ac_start() {
$name = $this->database_class;
$this->db = new $name;
function ac_get_lock() {
if ( "" != $this->database_lock_semaphore ) {
$query = sprintf("SELECT get_lock('%s')", $this->database_lock_semaphore);
while ( ! $this->db->query($query)) {
$t = 1 + time(); while ( $t > time() ) { ; }
function ac_release_lock() {
if ( "" != $this->database_lock_semaphore ) {
$query = sprintf("SELECT release_lock('%s')", $this->database_lock_semaphore);
function ac_gc($gc_time, $name) {
// Security Fix
$timeout = time();
$sqldate = date("YmdHis", $timeout - (Contenido_Security::escapeDB($gc_time, $this->db) * 60));
$this->db->query(sprintf("DELETE FROM %s WHERE changed < '%s' AND name = '%s'",
Contenido_Security::escapeDB($name, $this->db)));
function ac_store($id, $name, $str) {
// Security Fix
$ret = true;
switch ( $this->encoding_mode ) {
case "slashes":
$str = addslashes($name . ":" . $str);
case "base64":
$str = base64_encode($name . ":" . $str);
$name = addslashes($name);
## update duration of visit
$now = date("YmdHis", time());
$uquery = sprintf("update %s set val='%s', changed='%s' where sid='%s' and name='%s'",
Contenido_Security::escapeDB($id, $this->db),
Contenido_Security::escapeDB($name, $this->db));
$squery = sprintf("select count(*) from %s where val='%s' and changed='%s' and sid='%s' and name='%s'",
Contenido_Security::escapeDB($id, $this->db),
Contenido_Security::escapeDB($name, $this->db));
$iquery = sprintf("insert into %s ( sid, name, val, changed ) values ('%s', '%s', '%s', '%s')",
Contenido_Security::escapeDB($id, $this->db),
Contenido_Security::escapeDB($name, $this->db),
# FIRST test to see if any rows were affected.
# Zero rows affected could mean either there were no matching rows
# whatsoever, OR that the update statement did match a row but made
# no changes to the table data (i.e. UPDATE tbl SET col = 'x', when
# "col" is _already_ set to 'x') so then,
# SECOND, query(SELECT...) on the sid to determine if the row is in
# fact there,
# THIRD, verify that there is at least one row present, and if there
# is not, then
# FOURTH, insert the row as we've determined that it does not exist.
if ( $this->db->affected_rows() == 0
&& $this->db->query($squery)
&& $this->db->next_record() && $this->db->f(0) == 0
&& !$this->db->query($iquery)) {
$ret = false;
return $ret;
function ac_delete($id, $name) {
// Security Fix
$this->db->query(sprintf("delete from %s where name = '%s' and sid = '%s'",
Contenido_Security::escapeDB($name, $this->db),
Contenido_Security::escapeDB($id, $this->db)));
function ac_get_value($id, $name) {
// Security Fix
$this->db->query(sprintf("select val from %s where sid = '%s' and name = '%s'",
Contenido_Security::escapeDB($id, $this->db),
Contenido_Security::escapeDB($name, $this->db)));
if ($this->db->next_record()) {
$str = $this->db->f("val");
$str2 = base64_decode( $str );
if (preg_match('/^' . $name . ':.*/', $str2)) {
$str = preg_replace('/^' . $name . ':/', '', $str2);
} else {
$str3 = stripslashes( $str );
if (preg_match('/^' . $name . ':.*/', $str3)) {
$str = preg_replace('/^' . $name . ':/', '', $str3);
} else {
switch ( $this->encoding_mode ) {
case "slashes":
$str = stripslashes($str);
case "base64":
$str = base64_decode($str);
return $str;
return "";
function ac_newid($str, $name) {
return $str;
function ac_halt($s) {