<?php
-# Copyright (C) 2006 Jason Woofenden
-#
-# This file is part of wfpl.
-#
-# wfpl is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# wfpl is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with wfpl; see the file COPYING. If not, write to the
-# Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
-# MA 02111-1307, USA.
+# This program is in the public domain within the United States. Additionally,
+# we waive copyright and related rights in the work worldwide through the CC0
+# 1.0 Universal public domain dedication, which can be found at
+# http://creativecommons.org/publicdomain/zero/1.0/
-require_once('code/wfpl/encode.php');
-require_once('code/wfpl/format.php');
+require_once(__DIR__.'/'.'encode.php');
+require_once(__DIR__.'/'.'format.php');
-# db_connect() parameters:
+# db_connect() -- connect to a mysql database (automatically, later, when/if needed)
+# db_connect_now() -- connect to a mysql database immediately
#
-# database: the name of the database you want to connect to. Defaults to the
-# second-to-last part of the domain name. eg for foo.example.com it would be
-# "example".
+# PARAMETERS:
#
-# user: username for connecting to the database. Defaults to
-# $GLOBALS['db_username'] or (if that's not set) "www".
+# database: the name of the database you want to connect to. Defaults to the
+# second-to-last part of the domain name. eg for foo.example.com it would be
+# "example".
+#
+# user: username for connecting to the database. Defaults to
+# $GLOBALS['db_username'] or (if that's not set) "www".
+#
+# password: password for connecting to the database. Defaults to
+# $GLOBALS['db_password'] or (if that's not set "".
#
-# password: password for connecting to the database. Defaults to
-# $GLOBALS['db_password'] or (if that's not set "".
+# RETURNS:
#
-# RETURNS: the database connection handle. You'll only need this if you
-# want to have multiple databases open at once.
-
-function db_connect($database = 'auto', $user = 'auto', $pass = 'auto', $host = 'localhost') {
+# the database connection handle. You'll only need this if you want to have
+# multiple databases open at once.
+function db_connect() {
+ if (isset($GLOBALS['wfpl_db_handle'])) {
+ mysqli_close($GLOBALS['wfpl_db_handle']);
+ unset($GLOBALS['wfpl_db_handle']);
+ }
+ $GLOBALS['wfpl_db_connect_args'] = func_get_args();
+}
+function db_connect_now($database = 'auto', $user = 'auto', $pass = 'auto', $host = 'localhost', $encoding = 'utf8') {
if($database == 'auto') {
if(isset($GLOBALS['db_name'])) {
$database = $GLOBALS['db_name'];
}
}
- $GLOBALS['wfpl_db_handle'] = mysql_connect($host, $user, $pass);
+ $GLOBALS['wfpl_db_handle'] = @mysqli_connect($host, $user, $pass);
if(!$GLOBALS['wfpl_db_handle']) {
- die('Could not connect to the database: ' . mysql_error());
+ die('Server error: Database connection failed');
+ # to show username and host: mysqli_connect_error()
}
- if(!mysql_select_db($database, $GLOBALS['wfpl_db_handle'])) {
- die("Couldn not access database \"$database\": " . mysql_error());
+ mysqli_set_charset($GLOBALS['wfpl_db_handle'], $encoding);
+
+ if(!mysqli_select_db($GLOBALS['wfpl_db_handle'], $database)) {
+ die("Couldn not access database \"$database\": " . mysqli_error($GLOBALS['wfpl_db_handle']));
}
return $GLOBALS['wfpl_db_handle'];
}
+# for internal use (helps implement the auto-connect feature of db_connect())
+function _db_connection_needed() {
+ if (isset($GLOBALS['wfpl_db_handle'])) {
+ return;
+ }
+ if (isset($GLOBALS['wfpl_db_connect_args'])) {
+ return call_user_func_array('db_connect_now', $GLOBALS['wfpl_db_connect_args']);
+ }
+ die('Error: you must call db_connect() or db_auto_connect() first!');
+}
+
+function db_enc_sql($str) {
+ _db_connection_needed();
+ return mysqli_real_escape_string(isset($GLOBALS['wfpl_db_handle']) ? $GLOBALS['wfpl_db_handle'] : null, $str);
+}
# Unless you're doing something unusual like an ALTER TABLE don't call this directly
function db_send_query($sql) {
+ _db_connection_needed();
#echo("Sending query: " . enc_html($sql) . "<br>\n");
- $result = mysql_query($sql);
+ $result = mysqli_query($GLOBALS['wfpl_db_handle'], $sql);
if(!$result) {
- die(enc_html('DATABASE ERROR: ' . mysql_error() . ' in the following query: ' . $sql));
+ die(enc_html('DATABASE ERROR: ' . mysqli_error($GLOBALS['wfpl_db_handle']) . ' in the following query: ' . $sql));
}
return $result;
#
# %% put a % in the output
# %i put an integer in the output (strips non-numeric digits, and puts in 0 if blank)
+# %f put a floating point value in the output (strips non-numeric digits, puts in 0.0 if not valid)
# %" output double quotes, surrounding the variable which is encoded to be in there.
# %s output encoded to be in double quotes, but don't output the quotes
+# %$ output argument as-is, no encoding. Make sure you quote everything from the user!
#
-# complex example: db_get_rows('mytable', 'id', 'name=%" or company like "%%%s%%"', $name, $company_partial);
+# complex example: db_get_rows('mytable', 'id', 'where name=%" or company like "%%%s%%"', $name, $company_partial);
function db_printf($str) {
$args = func_get_args();
$args = array_slice($args, 1);
- _db_printf($str, $args);
+ return _db_printf($str, $args);
}
-# This function does the work, but takes the parameters in an array, and backwards.
+# This function does the work, but takes the parameters in an array
function _db_printf($str, $args) {
- $args = array_reverse($args); # because array_pop() takes from the end
$out = '';
while($str) {
$pos = strpos($str, '%');
$str = substr($str, $pos + 2);
if($chr == '"') {
- $out .= '"' . enc_sql(array_pop($args)) . '"';
+ $out .= '"' . db_enc_sql(array_shift($args)) . '"';
+ } elseif($chr == 's') {
+ $out .= db_enc_sql(array_shift($args));
} elseif($chr == 'i') {
- $int = format_int(array_pop($args));
+ $int = format_int(array_shift($args));
if($int == '') $int = '0';
$out .= $int;
+ } elseif($chr == 'f') {
+ $arg = array_shift($args);
+ if(is_numeric($arg)) {
+ $arg = sprintf("%f", $arg);
+ }
+ $arg = format_decimal($arg);
+ if(strlen($arg) < 1) {
+ $arg = '0.0';
+ }
+ $out .= $arg;
+ } elseif($chr == '$') {
+ $out .= array_shift($args);
} else {
$out .= $chr;
}
}
-function db_send_get($table, $columns, $where = '', $args) {
+# helper function
+function db_send_get($table, $columns, $where, $args) {
$sql = "SELECT $columns FROM $table";
if($where) {
- $sql .= ' WHERE ' . _db_printf($where, $args);
+ $sql .= ' ' . _db_printf($where, $args);
}
return db_send_query($sql);
}
+# if no results: returs []
function db_get_rows($table, $columns, $where = '') {
$args = func_get_args();
$args = array_slice($args, 3);
$result = db_send_get($table, $columns, $where, $args);
$rows = array();
- while($row = mysql_fetch_row($result)) {
+ while($row = mysqli_fetch_row($result)) {
$rows[] = $row;
}
- mysql_free_result($result);
+ mysqli_free_result($result);
return $rows;
}
+# like db_get_rows, but return array of hashes.
+# if no results: returs []
+function db_get_assocs($table, $columns, $where = '') {
+ $args = func_get_args();
+ $args = array_slice($args, 3);
+ $result = db_send_get($table, $columns, $where, $args);
+
+ $rows = array();
+ while($row = mysqli_fetch_assoc($result)) {
+ $rows[] = $row;
+ }
+
+ mysqli_free_result($result);
+
+ return $rows;
+}
+
+# if no results: returs []
function db_get_column($table, $columns, $where = '') {
$args = func_get_args();
$args = array_slice($args, 3);
$result = db_send_get($table, $columns, $where, $args);
$column = array();
- while($row = mysql_fetch_row($result)) {
+ while($row = mysqli_fetch_row($result)) {
$column[] = $row[0];
}
- mysql_free_result($result);
+ mysqli_free_result($result);
return $column;
}
+# returns first matching row
+# if no results: returns false
function db_get_row($table, $columns, $where = '') {
$args = func_get_args();
$args = array_slice($args, 3);
$result = db_send_get($table, $columns, $where, $args);
- $row = mysql_fetch_row($result);
+ $row = mysqli_fetch_row($result);
- mysql_free_result($result);
+ mysqli_free_result($result);
return $row;
}
-function db_get_value($table, $columns, $where = '') {
+# like db_get_row, but return a hash.
+# if no results: returns false
+function db_get_assoc($table, $columns, $where = '') {
$args = func_get_args();
$args = array_slice($args, 3);
$result = db_send_get($table, $columns, $where, $args);
- $value = mysql_fetch_row($result);
+ $row = mysqli_fetch_assoc($result);
+
+ mysqli_free_result($result);
+
+ return $row;
+}
+
+# if no results: returns false
+function db_get_value($table, $column, $where = '') {
+ $args = func_get_args();
+ $args = array_slice($args, 3);
+ $result = db_send_get($table, $column, $where, $args);
+
+ $value = mysqli_fetch_row($result);
if($value !== false) {
$value = $value[0];
}
- mysql_free_result($result);
+ mysqli_free_result($result);
return $value;
}
+# returns an integer
+function db_count($table, $where = '') {
+ $args = func_get_args();
+ array_splice($args, 1, 0, array('count(*)'));
+ return (int) call_user_func_array('db_get_value', $args);
+}
+
# call either of these ways:
#
# db_insert('people', 'name,company', 'jason', 'widgets ltd');
$values = func_get_args();
$values = array_slice($values, 2);
}
+
+ db_insert_ish('INSERT', $table, $columns, $values);
+}
+
+# like db_insert() above, but instead of passing columns and data separately,
+# you can pass one array with the column names as keys and the data as values
+function db_insert_assoc($table, $data) {
+ $args = func_get_args();
+ $args = array_slice($args, 2);
+ $columns = array();
+ $values = array();
+ foreach($data as $key => $value) {
+ $columns[] = $key;
+ $values[] = $value;
+ }
+ array_unshift($args, $table, join(',', $columns), $values);
+ call_user_func_array('db_insert', $args);
+}
+
+# same as above, except uses the "replace" command instead of "insert"
+function db_replace($table, $columns, $values) {
+ if(!is_array($values)) {
+ $values = func_get_args();
+ $values = array_slice($values, 2);
+ }
+
+ db_insert_ish('REPLACE', $table, $columns, $values);
+}
+
+# return the value mysql made up for the auto_increment field (for the last insert)
+function db_auto_id() {
+ _db_connection_needed();
+ return mysqli_insert_id($GLOBALS['wfpl_db_handle']);
+}
+
+
+# used to implement db_insert() and db_replace()
+function db_insert_ish($command, $table, $columns, $values) {
$sql = '';
foreach($values as $value) {
if($sql) $sql .= ',';
- $sql .= '"' . enc_sql($value) . '"';
+ $sql .= '"' . db_enc_sql($value) . '"';
}
- $sql = "INSERT INTO $table ($columns) values($sql)";
+ $sql = "$command INTO $table ($columns) values($sql)";
db_send_query($sql);
}
-?>
+# to be consistent with the syntax of the other db functions, $values can be an
+# array, a single value, or multiple parameters.
+#
+# as usual the where clause stuff is optional, but it will of course update the
+# whole table if you leave it off.
+#
+# examples:
+#
+# # name everybody Bruce
+# db_update('users', 'name', 'Bruce');
+#
+# # name user #6 Bruce
+# db_update('users', 'name', 'Bruce', 'where id=%i', 6);
+#
+# # update the whole bit for user #6
+# db_update('users', 'name,email,description', 'Bruce', 'bruce@example.com', 'is a cool guy', 'where id=%i', 6);
+#
+# # update the whole bit for user #6 (passing data as an array)
+# $data = array('Bruce', 'bruce@example.com', 'is a cool guy');
+# db_update('users', 'name,email,description', $data, 'where id=%i', 6);
+
+# The prototype is really something like this:
+# db_update(table, columns, values..., where(optional), where_args...(optional))
+function db_update($table, $columns, $values) {
+ $args = func_get_args();
+ $args = array_slice($args, 2);
+ $columns = explode(',', $columns);
+ $num_fields = count($columns);
+
+ if(is_array($values)) {
+ $values = array_values($values);
+ $args = array_slice($args, 1);
+ } else {
+ $values = array_slice($args, 0, $num_fields);
+ $args = array_slice($args, $num_fields);
+ }
+
+ $sql = '';
+ for($i = 0; $i < $num_fields; ++$i) {
+ if($sql != '') {
+ $sql .= ', ';
+ }
+ $sql .= $columns[$i] . ' = "' . db_enc_sql($values[$i]) . '"';
+ }
+
+
+ $sql = "UPDATE $table SET $sql";
+
+ # if there's any more arguments
+ if($args) {
+ $where = $args[0];
+ $args = array_slice($args, 1);
+
+ $sql .= ' ';
+ # any left for printf arguments?
+ if($args) {
+ $sql .= _db_printf($where, $args);
+ } else {
+ $sql .= $where;
+ }
+
+ }
+
+ db_send_query($sql);
+}
+
+# like db_update() above, but instead of passing columns and data separately,
+# you can pass one array with the column names as keys and the data as values
+function db_update_assoc($table, $data) {
+ $args = func_get_args();
+ $args = array_slice($args, 2);
+ $columns = array();
+ $values = array();
+ foreach($data as $key => $value) {
+ $columns[] = $key;
+ $values[] = $value;
+ }
+ array_unshift($args, $values);
+ array_unshift($args, join(',', $columns));
+ array_unshift($args, $table);
+ call_user_func_array('db_update', $args);
+}
+
+# pass args for printf-style where clause as usual
+function db_delete($table, $where = '') {
+ $sql = "DELETE FROM $table";
+ if($where) {
+ $sql .= ' ';
+ $args = func_get_args();
+ $args = array_slice($args, 2);
+ if($args) {
+ $sql .= _db_printf($where, $args);
+ } else {
+ $sql .= $where;
+ }
+ }
+
+ db_send_query($sql);
+}
+
+
+define('DB_ORD_MAX', 2000000000);
+
+function db_reposition_respace($table, $field, $where = '') {
+ if($where) {
+ $andand = " && ($where) ";
+ }
+ $ids = db_get_column($table, 'id', "where $field != 0 $andand order by $field");
+ $c = count($ids);
+ if(!$c) {
+ # should never happen
+ return;
+ }
+ $inc = floor(DB_ORD_MAX / ($c + 1));
+ $cur = $inc;
+ foreach($ids as $id) {
+ db_update($table, $field, $cur, 'where id=%i', $id);
+ $cur += $inc;
+ }
+}
+
+# this function facilitates letting the user manually sort records (with (int) $field != 0)
+#
+# When editing a particular row, give the user a pulldown, with 0 -> first, 1 -> second, etc, and pass this integer to db_reposition (3rd parameter). The value "ignored" can be passed, and the row will be given a sort value of 0 and ignored for all sorting.
+#
+# $pretty is used in error messages to refer to the row, it defaults to whatever you pass for $table.
+#
+# return value is the "ord" value you should set/insert into your database
+
+function db_reposition($table, $row_id, $new_pos, $field = 'ord', $pretty = 'same as $table', $where = '', $renumbered_already = false) {
+ if($pretty == 'same as $table') {
+ $pretty = $table;
+ }
+ if($where) {
+ $andand = " && ($where) ";
+ }
+
+ if($new_pos === 'ignored') {
+ # not sorted
+ return '0';
+ }
+
+ # strategy: calculate $prev_ord and $next_ord. If there's no space between, renumber and recurse
+ if($new_pos == '0') {
+ $row = db_get_row($table, "id,$field", "where $field != 0 $andand order by $field limit 1");
+ if($row) {
+ list($first_row_id, $first_row_ord) = $row;
+ if($first_row_id == $row_id) {
+ # already first
+ return $first_row_ord;
+ }
+ $next_ord = $first_row_ord;
+ } else {
+ # this is the only row, put it in the middle
+ return '' + floor(DB_ORD_MAX / 2);
+ }
+
+ $prev_ord = 0;
+ } else {
+ $new_pos = format_int_0($new_pos);
+ $rows = db_get_rows($table, "id,$field", "where $field != 0 $andand order by $field limit %i,2", $new_pos - 1);
+ if(!$rows) {
+ message("Sorry, couldn't find the $pretty you asked to put this $pretty after. Putting it first instead.");
+ return db_reposition($table, $row_id, '0', $field, $pretty, $where);
+ } else {
+ list($prev_id, $prev_ord) = $rows[0];
+ if($prev_id == $row_id) {
+ # after self? this shouldn't happen
+ return $prev_ord;
+ }
+ if(count($rows) == 1) {
+ # we should be last
+ $next_ord = DB_ORD_MAX;
+ } else {
+ list($next_id, $next_ord) = $rows[1];
+ if($next_id == $row_id) {
+ # after prev (already there)
+ return $next_ord;
+ }
+ }
+ }
+ }
+ if($prev_ord + 1 == $next_ord || $prev_ord == $next_ord) { # the latter should never happen
+ if($renumbered_already) {
+ message("Programmer error in $pretty ordering code. Please tell your website administrator.");
+ return '' . rand(2, DB_ORD_MAX - 2); # reasonably unlikely to be the same as some other ord
+ }
+ db_reposition_respace($table, $field, $where);
+ return db_reposition($table, $row_id, $new_pos, $field, $pretty, $where, $renumbered_already = true);
+ } else {
+ return $prev_ord + round(($next_ord - $prev_ord) / 2);
+ }
+}
+
+# Call this to upgrade your database (using upgrade functions you define.)
+#
+# You can call this from config.php right after db_connect() to make sure the
+# database is up to date.
+#
+# When you want to update your schema, define a new function named
+# db_upgrade_to_X() where X is the next integer (start at 1).
+#
+# If there are any page views while your upgrade function is running, they will
+# stall until the upgrade function completes. This is often better than running
+# while the databse is in a transitional state, and is way way better than
+# running the upgrade function multiple times concurrently.
+#
+# Efficiency: this function is designed to be lean enough that you'd run it on
+# every page load, so you never forget to upgrade your schema after uploading
+# code changes. If your schema is up to date, this will only execute one
+# database query, and that query loads the persistent data store (used by
+# persistent_get()), so if you use that, you'll need that query to happen
+# anyway (giving this function a zero-query overhead).
+
+function db_upgrade() {
+ if (isset($GLOBALS['wfpl_persistent'])) {
+ $version = persistent_get('wfpl_db_version');
+ } else {
+ # custom version of persistent_init() that creates the table if needed
+ # instead of dying
+ $GLOBALS['wfpl_persistent'] = array();
+ _db_connection_needed();
+ $result = mysqli_query($GLOBALS['wfpl_db_handle'], 'select k,v from wfpl_persistent');
+ if ($result) {
+ while($row = mysqli_fetch_assoc($result)) {
+ $GLOBALS['wfpl_persistent'][$row['k']] = json_decode($row['v'], true);
+ } unset($row);
+ if (isset($GLOBALS['wfpl_persistent']['wfpl_db_version'])) {
+ $version = $GLOBALS['wfpl_persistent']['wfpl_db_version'];
+ } else {
+ $version = -1;
+ }
+ } else {
+ db_send_query('create table if not exists wfpl_persistent (k varchar(30) binary not null default "", v mediumblob, primary key (k)) CHARSET=utf8;');
+ $version = -1;
+ }
+ }
+
+ if ($version === -1) {
+ db_send_query('create table if not exists wfpl_mutexes (id int unique auto_increment, name varchar(30) binary, expires int(11)) CHARSET=utf8;');
+ $version = 0;
+ # don't save version now in case another thread is doing this too
+ }
+ $next = $version + 1;
+ if (function_exists("db_upgrade_to_$next")) {
+ require_once(__DIR__.'/'.'persistent.php');
+ require_once(__DIR__.'/'.'mutex.php');
+ mutex_lock('wfpl_db_upgrade', 20);
+ # check version again, in case another thread upgraded the database
+ # while we waited for a lock just now
+ persistent_invalidate_cache();
+ $version = persistent_get('wfpl_db_version');
+ if ($version === null) {
+ $version = 0;
+ }
+
+ for ($next = $version + 1; function_exists("db_upgrade_to_$next"); ++$next) {
+ call_user_func("db_upgrade_to_$next");
+ persistent_set('wfpl_db_version', $next);
+ }
+ mutex_unlock('wfpl_db_upgrade');
+ }
+}