Index: html/ajax_entitypopup.php
===================================================================
--- html/ajax_entitypopup.php (revision 6309)
+++ html/ajax_entitypopup.php (working copy)
@@ -25,7 +25,7 @@
include_once("../config.php");
include_once("../includes/definitions.inc.php");
include($config['install_dir'] . "/includes/common.inc.php");
-include($config['install_dir'] . "/includes/dbFacile.php");
+include_once($config['install_dir'] . "/includes/dbFacile.php");
include($config['install_dir'] . "/includes/rewrites.inc.php");
include($config['html_dir'] . "/includes/functions.inc.php");
include($config['html_dir'] . "/includes/authenticate.inc.php");
Index: html/ajax_listports.php
===================================================================
--- html/ajax_listports.php (revision 6309)
+++ html/ajax_listports.php (working copy)
@@ -8,7 +8,7 @@
* @package observium
* @subpackage ajax
* @author Adam Armstrong
- * @copyright (C) 2006-2014 Adam Armstrong
+ * @copyright (C) 2006-2015 Adam Armstrong
*
*/
@@ -37,10 +37,10 @@
{
foreach (dbFetch("SELECT * FROM ports WHERE device_id = ? AND deleted = 0", array($_GET['device_id'])) as $interface)
{
- $string = addslashes($interface['ifDescr']." - ".$interface['ifAlias']); # FIXME wtf mres? is it supposed to escape javascript stuff?
+ $string = addslashes($interface['ifDescr']." - ".$interface['ifAlias']);
echo("obj.options[obj.options.length] = new Option('".$string."','".$interface['port_id']."');\n");
#echo("obj.options[obj.options.length] = new Option('".$interface['ifDescr']." - ".$interface['ifAlias']."','".$interface['port_id']."');\n");
}
}
-?>
+// EOF
Index: html/api.php
===================================================================
--- html/api.php (revision 6309)
+++ html/api.php (working copy)
@@ -17,7 +17,7 @@
include_once("../includes/definitions.inc.php");
include($config['install_dir'] . "/includes/common.inc.php");
include($config['install_dir'] . "/includes/rewrites.inc.php");
-include($config['install_dir'] . "/includes/dbFacile.php");
+include_once($config['install_dir'] . "/includes/dbFacile.php");
include($config['install_dir'] . "/includes/entities.inc.php");
include($config['html_dir'] . "/includes/functions.inc.php");
include($config['html_dir'] . "/includes/api/functions.inc.php");
Index: html/feed.php
===================================================================
--- html/feed.php (revision 6309)
+++ html/feed.php (working copy)
@@ -25,7 +25,7 @@
include_once("../includes/definitions.inc.php");
include($config['install_dir'] . "/includes/common.inc.php");
include($config['install_dir'] . "/includes/rewrites.inc.php");
-include($config['install_dir'] . "/includes/dbFacile.php");
+include_once($config['install_dir'] . "/includes/dbFacile.php");
//include($config['install_dir'] . "/includes/functions.inc.php");
include($config['html_dir'] . "/includes/functions.inc.php");
Index: html/graph.php
===================================================================
--- html/graph.php (revision 6309)
+++ html/graph.php (working copy)
@@ -21,7 +21,7 @@
$start = utime(); // Needs common.php
-include($config['install_dir'] . "/includes/dbFacile.php");
+include_once($config['install_dir'] . "/includes/dbFacile.php");
include($config['install_dir'] . "/includes/rewrites.inc.php");
include($config['install_dir'] . "/includes/rrdtool.inc.php");
include($config['install_dir'] . "/includes/entities.inc.php");
Index: html/includes/functions.inc.php
===================================================================
--- html/includes/functions.inc.php (revision 6309)
+++ html/includes/functions.inc.php (working copy)
@@ -1719,7 +1719,7 @@
{
$v = str_replace($search, $replace, $v);
$v = str_replace('LIKE', $v, $condition);
- $values[] = $column . $like . "'" . mysql_real_escape_string($v) . "'";
+ $values[] = $column . $like . "'" . dbEscape($v) . "'";
}
$where = ' AND (' . implode($implode, $values) . ')';
break;
@@ -1731,7 +1731,7 @@
{
$values[] = "''";
} else {
- $values[] = "'" . mysql_real_escape_string($v) . "'"; // Yes, mres here. --mike
+ $values[] = "'" . dbEscape($v) . "'";
}
}
if (count($values) == 1)
Index: html/includes/graphs/device/collectd.inc.php
===================================================================
--- html/includes/graphs/device/collectd.inc.php (revision 6309)
+++ html/includes/graphs/device/collectd.inc.php (working copy)
@@ -102,7 +102,6 @@
if(isset($rrd_cmd))
{
- # FIXME mres? wtf.
if ($vars['from']) { $from = $vars['from']; }
if ($vars['to']) { $to = $vars['to']; }
$rrd_cmd .= " -s " . escapeshellarg($from) . " -e " . escapeshellarg($to);
@@ -117,4 +116,4 @@
$rt = 0;
$rrd_options = $rrd_cmd;
-?>
+// EOF
Index: html/includes/graphs/port/mac_acc_total.inc.php
===================================================================
--- html/includes/graphs/port/mac_acc_total.inc.php (revision 6309)
+++ html/includes/graphs/port/mac_acc_total.inc.php (working copy)
@@ -11,8 +11,7 @@
*
*/
-# FIXME mres? wtf. check for numeric!
-$port = $_GET['id'];
+$port = (int)$_GET['id'];
if ($_GET['stat']) { $stat = $_GET['stat']; } else { $stat = "bits"; }
$sort = $_GET['sort'];
Index: includes/alerts.inc.php
===================================================================
--- includes/alerts.inc.php (revision 6309)
+++ includes/alerts.inc.php (working copy)
@@ -568,7 +568,7 @@
if (!is_array($entity_type)) { return NULL; } // Do nothing if entity type unknown
$param = array();
- $sql = "SELECT * FROM `" . mysql_real_escape_string($entity_table) . "`";
+ $sql = "SELECT * FROM `" . dbEscape($entity_table) . "`";
$sql .= " WHERE device_id = ?";
#print_vars($entity_type);
Index: includes/common.inc.php
===================================================================
--- includes/common.inc.php (revision 6309)
+++ includes/common.inc.php (working copy)
@@ -1417,14 +1417,6 @@
if (strlen($string) > $max) { return substr_replace($string, $rep, $leave); } else { return $string; }
}
-// DOCME needs phpdoc block
-// TESTME needs unit testing
-// FIXME mysqli instead? this is in all our required versions right?
-function mres($string)
-{ // short function wrapper because the real one is stupidly long and ugly. aesthetics.
- return mysql_real_escape_string($string);
-}
-
/**
* Wrapper to htmlspecialchars()
*
Index: includes/dbFacile.php
===================================================================
--- includes/dbFacile.php (revision 6309)
+++ includes/dbFacile.php (working copy)
@@ -58,7 +58,7 @@
$time_start = microtime(true);
}
- $result = mysql_query($fullSql); // sets $this->result
+ $result = mysqli_query($GLOBALS['observium_db'], $fullSql); // sets $this->result
if (OBS_DEBUG || $GLOBALS['config']['profile_sql'])
{
@@ -77,7 +77,7 @@
{
// aye. this gets triggers on duplicate Contact insert
//trigger_error('QDB - Error in query: ' . $fullSql . ' : ' . mysql_error(), E_USER_WARNING);
- $error_msg = 'Error in query: (' . mysql_errno() . ') ' . mysql_error();
+ $error_msg = 'Error in query: (' . mysqli_errno($GLOBALS['observium_db']) . ') ' . mysqli_error($GLOBALS['observium_db']);
$debug_msg .= PHP_EOL . 'ERROR[%r'.$error_msg.'%n]';
}
@@ -85,7 +85,7 @@
{
if (OBS_DEBUG > 1)
{
- $rows = mysql_affected_rows();
+ $rows = mysqli_affected_rows($GLOBALS['observium_db']);
$debug_msg = 'ROWS['.($rows < 1 ? '%r' : '%g').$rows.'%n]'.PHP_EOL.$debug_msg;
}
// After query debug output for cli
@@ -125,7 +125,7 @@
$result = dbQuery($sql, $data);
if ($result)
{
- $id = mysql_insert_id();
+ $id = mysqli_insert_id($GLOBALS['observium_db']);
dbCommitTransaction();
#return $id;
} else {
@@ -184,7 +184,7 @@
$time_start = microtime(true);
if (dbQuery($sql, $data))
{
- $return = mysql_affected_rows();
+ $return = mysqli_affected_rows($GLOBALS['observium_db']);
} else {
#echo("$fullSql");
trigger_error('QDB - Update failed.', E_USER_WARNING);
@@ -208,7 +208,7 @@
$time_start = microtime(true);
if (dbQuery($sql, $parameters))
{
- $return = mysql_affected_rows();
+ $return = mysqli_affected_rows($GLOBALS['observium_db']);
} else {
$return = false;
}
@@ -228,14 +228,13 @@
$time_start = microtime(true);
$result = dbQuery($sql, $parameters);
- $rows = array();
- if (mysql_num_rows($result) > 0)
+ if (mysqli_num_rows($result) > 0)
{
- while ($row = mysql_fetch_assoc($result))
+ while ($row = mysqli_fetch_assoc($result))
{
$rows[] = $row;
}
- mysql_free_result($result);
+ mysqli_free_result($result);
$time_end = microtime(true);
$GLOBALS['db_stats']['fetchrows_sec'] += number_format($time_end - $time_start, 8);
@@ -275,8 +274,8 @@
$result = dbQuery($sql, $parameters);
if ($result)
{
- $row = mysql_fetch_assoc($result);
- mysql_free_result($result);
+ $row = mysqli_fetch_assoc($result);
+ mysqli_free_result($result);
$time_end = microtime(true);
$GLOBALS['db_stats']['fetchrow_sec'] += number_format($time_end - $time_start, 8);
@@ -300,8 +299,8 @@
$result = dbQuery($sql, $parameters);
if ($result)
{
- $row = mysql_fetch_assoc($result);
- mysql_free_result($result);
+ $row = mysqli_fetch_assoc($result);
+ mysqli_free_result($result);
$time_end = microtime(true);
$GLOBALS['db_stats']['fetchcell_sec'] += number_format($time_end - $time_start, 8);
@@ -393,7 +392,8 @@
// every-other item in $result will be the placeholder that was found
$query = '';
- for ($i = 0; $i < sizeof($result); $i+=2)
+ $count = count($result);
+ for ($i = 0; $i < $count; $i+=2)
{
$query .= $result[$i];
@@ -437,7 +437,7 @@
// but implode() can't first escape each string, of course.
foreach ($value as $entry)
{
- $escaped[] = "'" . mysql_real_escape_string($entry) . "'";
+ $escaped[] = "'" . dbEscape($entry) . "'";
}
$value = implode($escaped,",");
}
@@ -449,7 +449,7 @@
// continue;
if ($escape)
{
- $values[$key] = "'" . mysql_real_escape_string($value) . "'";
+ $values[$key] = "'" . dbEscape($value) . "'";
} else {
$values[$key] = $value;
}
@@ -479,51 +479,49 @@
function dbBeginTransaction()
{
- mysql_query('begin');
+ mysqli_autocommit($GLOBALS['observium_db'], FALSE);
}
function dbCommitTransaction()
{
- mysql_query('commit');
+ mysqli_commit($GLOBALS['observium_db']);
+ mysqli_autocommit($GLOBALS['observium_db'], TRUE);
}
function dbRollbackTransaction()
{
- mysql_query('rollback');
+ mysqli_rollback($GLOBALS['observium_db']);
+ mysqli_autocommit($GLOBALS['observium_db'], TRUE);
}
-/*
-class dbIterator implements Iterator {
- private $result;
- private $i;
+function dbEscape($string)
+{
+ return mysqli_real_escape_string($GLOBALS['observium_db'], $string);
+}
- public function __construct($r) {
- $this->result = $r;
- $this->i = 0;
+function dbOpen($host, $user, $password, $database, $charset = 'utf8')
+{
+ $db = mysqli_connect($host, $user, $password, $database);
+ if (mysqli_connect_errno())
+ {
+ include_once('common.inc.php');
+
+ if (defined('__PHPUNIT_PHAR__'))
+ {
+ print_warning("WARNING. In PHP Unit tests can skip MySQL connect. But If you test mysql functions, check your configs.");
+ } else {
+ print_error("MySQL Error: " . mysqli_connect_error());
+ die; // Die if not PHP Unit tests
+ }
}
- public function rewind() {
- mysql_data_seek($this->result, 0);
- $this->i = 0;
+/* FIXME For now keep this disabled
+ if ($charset)
+ {
+ mysqli_set_charset($db, $charset);
}
- public function current() {
- $a = mysql_fetch_assoc($this->result);
- return $a;
- }
- public function key() {
- return $this->i;
- }
- public function next() {
- $this->i++;
- $a = mysql_data_seek($this->result, $this->i);
- if ($a === false) {
- $this->i = 0;
- }
- return $a;
- }
- public function valid() {
- return ($this->current() !== false);
- }
+ */
+
+ return $db;
}
-*/
// EOF
Index: includes/definitions.inc.php
===================================================================
--- includes/definitions.inc.php (revision 6309)
+++ includes/definitions.inc.php (working copy)
@@ -73,6 +73,9 @@
// Sensors definitions
include($config['install_dir'].'/includes/definitions/sensors.inc.php');
+// dbFacile
+include_once($config['install_dir'].'/includes/dbFacile.php');
+
// Alert Graphs
## FIXME - this is ugly
@@ -409,21 +412,8 @@
if (substr($config['web_url'], -1) != '/') { $config['web_url'] .= '/'; }
// Connect to database
-$observium_link = mysql_connect($config['db_host'], $config['db_user'], $config['db_pass']);
-if (!$observium_link)
-{
- include_once("common.inc.php");
+$observium_db = dbOpen($config['db_host'], $config['db_user'], $config['db_pass'], $config['db_name']);
- if (defined('__PHPUNIT_PHAR__'))
- {
- print_warning("WARNING. In PHP Unit tests can skip MySQL connect. But If you test mysql functions, check your configs.");
- } else {
- print_error("MySQL Error: " . mysql_error());
- die; // Die if not PHP Unit tests
- }
-}
-$observium_db = mysql_select_db($config['db_name'], $observium_link);
-
// Connect to statsd
if($config['statsd']['enable'] && class_exists('StatsD'))
Index: includes/functions.inc.php
===================================================================
--- includes/functions.inc.php (revision 6309)
+++ includes/functions.inc.php (working copy)
@@ -21,7 +21,7 @@
include($config['install_dir'] . "/includes/rewrites.inc.php");
include($config['install_dir'] . "/includes/snmp.inc.php");
include($config['install_dir'] . "/includes/services.inc.php");
-include($config['install_dir'] . "/includes/dbFacile.php");
+include_once($config['install_dir'] . "/includes/dbFacile.php");
include($config['install_dir'] . "/includes/entities.inc.php");
include($config['install_dir'] . "/includes/wifi.inc.php");
include($config['install_dir'] . "/includes/geolocation.inc.php");
Index: includes/update/update.php
===================================================================
--- includes/update/update.php (revision 6309)
+++ includes/update/update.php (working copy)
@@ -90,8 +90,8 @@
$update = dbQuery($line);
if (!$update)
{
- $error_no = mysql_errno();
- $error_msg = "($error_no) " . mysql_error();
+ $error_no = mysqli_errno($GLOBALS['observium_db']);
+ $error_msg = "($error_no) " . mysqli_error($GLOBALS['observium_db']);
if ($error_no >= 2000)
{
// Critical errors, stop update