X-Git-Url: https://jasonwoof.com/gitweb/?p=wfpl.git;a=blobdiff_plain;f=db.php;h=428c1bf007bb42f85b5551e0633695985dd2ce0d;hp=0a1369fc967fca4fd32c72e83f150c8d55d84f79;hb=HEAD;hpb=a09e0b5b03f95291c9508dd28a2e682ea9fb1f88

diff --git a/db.php b/db.php
index 0a1369f..428c1bf 100644
--- a/db.php
+++ b/db.php
@@ -1,28 +1,16 @@
 <?php
 
-#  Copyright (C) 2006 Jason Woofenden
-#
-#  This file is part of wfpl.
-#
-#  wfpl is free software; you can redistribute it and/or modify it under the
-#  terms of the GNU Lesser General Public License as published by the Free
-#  Software Foundation; either version 2.1 of the License, or (at your option)
-#  any later version.
-#
-#  wfpl is distributed in the hope that it will be useful, but WITHOUT ANY
-#  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-#  FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for
-#  more details.
-#
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with wfpl; if not, write to the Free Software Foundation, Inc., 51
-#  Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+# This program is in the public domain within the United States. Additionally,
+# we waive copyright and related rights in the work worldwide through the CC0
+# 1.0 Universal public domain dedication, which can be found at
+# http://creativecommons.org/publicdomain/zero/1.0/
 
 
-require_once('code/wfpl/encode.php');
-require_once('code/wfpl/format.php');
+require_once(__DIR__.'/'.'encode.php');
+require_once(__DIR__.'/'.'format.php');
 
-# db_connect() -- connect to a mysql database
+# db_connect() -- connect to a mysql database (automatically, later, when/if needed)
+# db_connect_now() -- connect to a mysql database immediately
 #
 # PARAMETERS:
 #
@@ -40,8 +28,14 @@ require_once('code/wfpl/format.php');
 #
 #   the database connection handle. You'll only need this if you want to have
 #   multiple databases open at once.
-
-function db_connect($database = 'auto', $user = 'auto', $pass = 'auto', $host = 'localhost') {
+function db_connect() {
+	if (isset($GLOBALS['wfpl_db_handle'])) {
+		mysqli_close($GLOBALS['wfpl_db_handle']);
+		unset($GLOBALS['wfpl_db_handle']);
+	}
+	$GLOBALS['wfpl_db_connect_args'] = func_get_args();
+}
+function db_connect_now($database = 'auto', $user = 'auto', $pass = 'auto', $host = 'localhost', $encoding = 'utf8') {
 	if($database == 'auto') {
 		if(isset($GLOBALS['db_name'])) {
 			$database = $GLOBALS['db_name'];
@@ -70,24 +64,43 @@ function db_connect($database = 'auto', $user = 'auto', $pass = 'auto', $host =
 		}
 	}
 
-	$GLOBALS['wfpl_db_handle'] = mysql_connect($host, $user, $pass);
+	$GLOBALS['wfpl_db_handle'] = @mysqli_connect($host, $user, $pass);
 	if(!$GLOBALS['wfpl_db_handle']) {
-		die('Could not connect to the database: ' . mysql_error());
+		die('Server error: Database connection failed');
+		# to show username and host: mysqli_connect_error()
 	}
 
-	if(!mysql_select_db($database, $GLOBALS['wfpl_db_handle'])) {
-		die("Couldn not access database \"$database\": " . mysql_error($GLOBALS['wfpl_db_handle']));
+	mysqli_set_charset($GLOBALS['wfpl_db_handle'], $encoding);
+
+	if(!mysqli_select_db($GLOBALS['wfpl_db_handle'], $database)) {
+		die("Couldn not access database \"$database\": " . mysqli_error($GLOBALS['wfpl_db_handle']));
 	}
 
 	return $GLOBALS['wfpl_db_handle'];
 }
+# for internal use (helps implement the auto-connect feature of db_connect())
+function _db_connection_needed() {
+	if (isset($GLOBALS['wfpl_db_handle'])) {
+		return;
+	}
+	if (isset($GLOBALS['wfpl_db_connect_args'])) {
+		return call_user_func_array('db_connect_now', $GLOBALS['wfpl_db_connect_args']);
+	}
+	die('Error: you must call db_connect() or db_auto_connect() first!');
+}
+
+function db_enc_sql($str) {
+	_db_connection_needed();
+	return mysqli_real_escape_string(isset($GLOBALS['wfpl_db_handle']) ? $GLOBALS['wfpl_db_handle'] : null, $str);
+}
 
 # Unless you're doing something unusual like an ALTER TABLE don't call this directly
 function db_send_query($sql) {
+	_db_connection_needed();
 	#echo("Sending query: " . enc_html($sql) . "<br>\n");
-	$result = mysql_query($sql, $GLOBALS['wfpl_db_handle']);
+	$result = mysqli_query($GLOBALS['wfpl_db_handle'], $sql);
 	if(!$result) {
-		die(enc_html('DATABASE ERROR: ' . mysql_error($GLOBALS['wfpl_db_handle']) . ' in the following query: ' . $sql));
+		die(enc_html('DATABASE ERROR: ' . mysqli_error($GLOBALS['wfpl_db_handle']) . ' in the following query: ' . $sql));
 	}
 
 	return $result;
@@ -98,8 +111,11 @@ function db_send_query($sql) {
 #
 # %%  put a % in the output
 # %i  put an integer in the output (strips non-numeric digits, and puts in 0 if blank)
+# %I  a list of integers (as %i) separated by commas
+# %f  put a floating point value in the output (strips non-numeric digits, puts in 0.0 if not valid)
 # %"  output double quotes, surrounding the variable which is encoded to be in there.
 # %s  output encoded to be in double quotes, but don't output the quotes
+# %$  output argument as-is, no encoding. Make sure you quote everything from the user!
 #
 # complex example: db_get_rows('mytable', 'id', 'where name=%" or company like "%%%s%%"', $name, $company_partial);
 
@@ -128,13 +144,34 @@ function _db_printf($str, $args) {
 		$str = substr($str, $pos + 2);
 
 		if($chr == '"') {
-			$out .= '"' . enc_sql(array_shift($args)) . '"';
+			$out .= '"' . db_enc_sql(array_shift($args)) . '"';
 		} elseif($chr == 's') {
-			$out .= enc_sql(array_shift($args));
+			$out .= db_enc_sql(array_shift($args));
 		} elseif($chr == 'i') {
-			$int = format_int(array_shift($args));
-			if($int == '') $int = '0';
-			$out .= $int;
+			$out .= format_int_0(array_shift($args));
+		} elseif($chr == 'I') {
+			$arg = array_shift($args);
+			$first = true;
+			foreach ($arg as $int) {
+				if ($first) {
+					$first = false;
+				} else {
+					$out .= ',';
+				}
+				$out .= format_int_0($int);
+			}
+		} elseif($chr == 'f') {
+			$arg = array_shift($args);
+			if(is_numeric($arg)) {
+				$arg = sprintf("%f", $arg);
+			}
+			$arg = format_decimal($arg);
+			if(strlen($arg) < 1) {
+				$arg = '0.0';
+			}
+			$out .= $arg;
+		} elseif($chr == '$') {
+			$out .= array_shift($args);
 		} else {
 			$out .= $chr;
 		}
@@ -144,6 +181,7 @@ function _db_printf($str, $args) {
 }
 
 
+# helper function
 function db_send_get($table, $columns, $where, $args) {
 	$sql = "SELECT $columns FROM $table";
 	if($where) {
@@ -154,67 +192,104 @@ function db_send_get($table, $columns, $where, $args) {
 }
 
 
+# if no results: returs []
 function db_get_rows($table, $columns, $where = '') {
 	$args = func_get_args();
 	$args = array_slice($args, 3);
 	$result = db_send_get($table, $columns, $where, $args);
 
 	$rows = array();
-	while($row = mysql_fetch_row($result)) {
+	while($row = mysqli_fetch_row($result)) {
 		$rows[] = $row;
 	}
 
-	mysql_free_result($result);
+	mysqli_free_result($result);
 
 	return $rows;
 }
 
+# like db_get_rows, but return array of hashes.
+# if no results: returs []
+function db_get_assocs($table, $columns, $where = '') {
+	$args = func_get_args();
+	$args = array_slice($args, 3);
+	$result = db_send_get($table, $columns, $where, $args);
+
+	$rows = array();
+	while($row = mysqli_fetch_assoc($result)) {
+		$rows[] = $row;
+	}
+
+	mysqli_free_result($result);
+
+	return $rows;
+}
+
+# if no results: returs []
 function db_get_column($table, $columns, $where = '') {
 	$args = func_get_args();
 	$args = array_slice($args, 3);
 	$result = db_send_get($table, $columns, $where, $args);
 
 	$column = array();
-	while($row = mysql_fetch_row($result)) {
+	while($row = mysqli_fetch_row($result)) {
 		$column[] = $row[0];
 	}
 
-	mysql_free_result($result);
+	mysqli_free_result($result);
 
 	return $column;
 }
 
+# returns first matching row
+# if no results: returns false
 function db_get_row($table, $columns, $where = '') {
 	$args = func_get_args();
 	$args = array_slice($args, 3);
 	$result = db_send_get($table, $columns, $where, $args);
 
-	$row = mysql_fetch_row($result);
+	$row = mysqli_fetch_row($result);
 
-	mysql_free_result($result);
+	mysqli_free_result($result);
 
 	return $row;
 }
 
-function db_get_value($table, $columns, $where = '') {
+# like db_get_row, but return a hash.
+# if no results: returns false
+function db_get_assoc($table, $columns, $where = '') {
 	$args = func_get_args();
 	$args = array_slice($args, 3);
 	$result = db_send_get($table, $columns, $where, $args);
 
-	$value = mysql_fetch_row($result);
-	if($value !== false) {
+	$row = mysqli_fetch_assoc($result);
+
+	mysqli_free_result($result);
+
+	return $row;
+}
+
+# if no results: returns false
+function db_get_value($table, $column, $where = '') {
+	$args = func_get_args();
+	$args = array_slice($args, 3);
+	$result = db_send_get($table, $column, $where, $args);
+
+	$value = mysqli_fetch_row($result);
+	if($value !== NULL) {
 		$value = $value[0];
 	}
 
-	mysql_free_result($result);
+	mysqli_free_result($result);
 
 	return $value;
 }
 
+# returns an integer
 function db_count($table, $where = '') {
 	$args = func_get_args();
 	array_splice($args, 1, 0, array('count(*)'));
-	return call_user_func_array('db_get_value', $args);
+	return (int) call_user_func_array('db_get_value', $args);
 }
 
 # call either of these ways:
@@ -230,6 +305,22 @@ function db_insert($table, $columns, $values) {
 	
 	db_insert_ish('INSERT', $table, $columns, $values);
 }
+
+# like db_insert() above, but instead of passing columns and data separately,
+# you can pass one array with the column names as keys and the data as values
+function db_insert_assoc($table, $data) {
+	$args = func_get_args();
+	$args = array_slice($args, 2);
+	$columns = array();
+	$values = array();
+	foreach($data as $key => $value) {
+		$columns[] = $key;
+		$values[] = $value;
+	}
+	array_unshift($args, $table, join(',', $columns), $values);
+	call_user_func_array('db_insert', $args);
+}
+
 # same as above, except uses the "replace" command instead of "insert"
 function db_replace($table, $columns, $values) {
 	if(!is_array($values)) {
@@ -242,7 +333,8 @@ function db_replace($table, $columns, $values) {
 	
 # return the value mysql made up for the auto_increment field (for the last insert)
 function db_auto_id() {
-	return mysql_insert_id($GLOBALS['wfpl_db_handle']);
+	_db_connection_needed();
+	return mysqli_insert_id($GLOBALS['wfpl_db_handle']);
 }
 
 
@@ -252,7 +344,7 @@ function db_insert_ish($command, $table, $columns, $values) {
 	$sql = '';
 	foreach($values as $value) {
 		if($sql) $sql .= ',';
-		$sql .= '"' . enc_sql($value) . '"';
+		$sql .= '"' . db_enc_sql($value) . '"';
 	}
 
 	$sql = "$command INTO $table ($columns) values($sql)";
@@ -260,10 +352,10 @@ function db_insert_ish($command, $table, $columns, $values) {
 	db_send_query($sql);
 }
 
-# to be consistant with the syntax of the other db functions, $values can be an
+# to be consistent with the syntax of the other db functions, $values can be an
 # array, a single value, or multiple parameters.
 #
-# as usual the where clause stuff is optional, but it will ofcourse update the
+# as usual the where clause stuff is optional, but it will of course update the
 # whole table if you leave it off.
 #
 # examples:
@@ -290,6 +382,7 @@ function db_update($table, $columns, $values) {
 	$num_fields = count($columns);
 
 	if(is_array($values)) {
+		$values = array_values($values);
 		$args = array_slice($args, 1);
 	} else {
 		$values = array_slice($args, 0, $num_fields);
@@ -301,7 +394,7 @@ function db_update($table, $columns, $values) {
 		if($sql != '') {
 			$sql .= ', ';
 		}
-		$sql .= $columns[$i] . ' = "' . enc_sql($values[$i]) . '"';
+		$sql .= $columns[$i] . ' = "' . db_enc_sql($values[$i]) . '"';
 	}
 
 
@@ -313,7 +406,7 @@ function db_update($table, $columns, $values) {
 		$args = array_slice($args, 1);
 
 		$sql .= ' ';
-		# any left for where claus arguments?
+		# any left for printf arguments?
 		if($args) {
 			$sql .= _db_printf($where, $args);
 		} else {
@@ -325,6 +418,23 @@ function db_update($table, $columns, $values) {
 	db_send_query($sql);
 }
 
+# like db_update() above, but instead of passing columns and data separately,
+# you can pass one array with the column names as keys and the data as values
+function db_update_assoc($table, $data) {
+	$args = func_get_args();
+	$args = array_slice($args, 2);
+	$columns = array();
+	$values = array();
+	foreach($data as $key => $value) {
+		$columns[] = $key;
+		$values[] = $value;
+	}
+	array_unshift($args, $values);
+	array_unshift($args, join(',', $columns));
+	array_unshift($args, $table);
+	call_user_func_array('db_update', $args);
+}
+
 # pass args for printf-style where clause as usual
 function db_delete($table, $where = '') {
 	$sql = "DELETE FROM $table";
@@ -342,4 +452,178 @@ function db_delete($table, $where = '') {
 	db_send_query($sql);
 }
 
-?>
+
+define('DB_ORD_MAX', 2000000000);
+
+function db_reposition_respace($table, $field, $where = '') {
+	if($where) {
+		$andand = " && ($where) ";
+	}
+	$ids = db_get_column($table, 'id', "where $field != 0 $andand order by $field");
+	$c = count($ids);
+	if(!$c) {
+		# should never happen
+		return;
+	}
+	$inc = floor(DB_ORD_MAX / ($c + 1));
+	$ord = $inc;
+	$count = count($ids);
+	for ($i = 0; $i < $count; $i += 1000) {
+		$values = [];
+		$j_max = min($count, $i + 1000);
+		for ($j = $i; $j < $j_max; ++$j) {
+			$id = $ids[$j];
+			$values[] = "($id,$ord)";
+			$ord += $inc;
+		}
+		$sql =
+			"insert into $table (id,$field) values "
+			. implode(',', $values)
+			. " on duplicate key update $field=VALUES($field)"
+		;
+		db_send_query($sql);
+	}
+}
+
+# this function facilitates letting the user manually sort records (with (int) $field != 0)
+#
+# When editing a particular row, give the user a pulldown, with 0 -> first, 1 -> second, etc, and pass this integer to db_reposition (3rd parameter). The value "ignored" can be passed, and the row will be given a sort value of 0 and ignored for all sorting.
+#
+# $pretty is used in error messages to refer to the row, it defaults to whatever you pass for $table.
+#
+# return value is the "ord" value you should set/insert into your database
+
+function db_reposition($table, $row_id, $new_pos, $field = 'ord', $pretty = 'same as $table', $where = '', $renumbered_already = false) {
+	if($pretty == 'same as $table') {
+		$pretty = $table;
+	}
+	if($where) {
+		$andand = " && ($where) ";
+	}
+
+	if($new_pos === 'ignored') {
+		# not sorted
+		return '0';
+	}
+
+	# strategy: calculate $prev_ord and $next_ord. If there's no space between, renumber and recurse
+	if($new_pos == '0') {
+		$row = db_get_row($table, "id,$field", "where $field != 0 $andand order by $field limit 1");
+		if($row) {
+			list($first_row_id, $first_row_ord) = $row;
+			if($first_row_id == $row_id) {
+				# already first
+				return $first_row_ord;
+			}
+			$next_ord = $first_row_ord;
+		} else {
+			# this is the only row, put it in the middle
+			return '' + floor(DB_ORD_MAX / 2);
+		}
+
+		$prev_ord = 0;
+	} else {
+		$new_pos = format_int_0($new_pos);
+		$rows = db_get_rows($table, "id,$field", "where $field != 0 $andand order by $field limit %i,2", $new_pos - 1);
+		if(!$rows) {
+			message("Sorry, couldn't find the $pretty you asked to put this $pretty after. Putting it first instead.");
+			return db_reposition($table, $row_id, '0', $field, $pretty, $where);
+		} else {
+			list($prev_id, $prev_ord) = $rows[0];
+			if($prev_id == $row_id) {
+				# after self? this shouldn't happen
+				return $prev_ord;
+			}
+			if(count($rows) == 1) {
+				# we should be last
+				$next_ord = DB_ORD_MAX;
+			} else {
+				list($next_id, $next_ord) = $rows[1];
+				if($next_id == $row_id) {
+					# after prev (already there)
+					return $next_ord;
+				}
+			}
+		}
+	}
+	if($prev_ord + 1 == $next_ord || $prev_ord == $next_ord) { # the latter should never happen
+		if($renumbered_already) {
+			message("Programmer error in $pretty ordering code. Please tell your website administrator.");
+			return '' . rand(2, DB_ORD_MAX - 2); # reasonably unlikely to be the same as some other ord
+		}
+		db_reposition_respace($table, $field, $where);
+		return db_reposition($table, $row_id, $new_pos, $field, $pretty, $where, $renumbered_already = true);
+	} else {
+		return $prev_ord + round(($next_ord - $prev_ord) / 2);
+	}
+}
+
+# Call this to upgrade your database (using upgrade functions you define.)
+#
+# You can call this from config.php right after db_connect() to make sure the
+# database is up to date.
+#
+# When you want to update your schema, define a new function named
+# db_upgrade_to_X() where X is the next integer (start at 1).
+#
+# If there are any page views while your upgrade function is running, they will
+# stall until the upgrade function completes. This is often better than running
+# while the databse is in a transitional state, and is way way better than
+# running the upgrade function multiple times concurrently.
+#
+# Efficiency: this function is designed to be lean enough that you'd run it on
+# every page load, so you never forget to upgrade your schema after uploading
+# code changes. If your schema is up to date, this will only execute one
+# database query, and that query loads the persistent data store (used by
+# persistent_get()), so if you use that, you'll need that query to happen
+# anyway (giving this function a zero-query overhead).
+
+function db_upgrade() {
+	if (isset($GLOBALS['wfpl_persistent'])) {
+		$version = persistent_get('wfpl_db_version');
+	} else {
+		# custom version of persistent_init() that creates the table if needed
+		# instead of dying
+		$GLOBALS['wfpl_persistent'] = array();
+		_db_connection_needed();
+		$result = mysqli_query($GLOBALS['wfpl_db_handle'], 'select k,v from wfpl_persistent');
+		if ($result) {
+			while($row = mysqli_fetch_assoc($result)) {
+				$GLOBALS['wfpl_persistent'][$row['k']] = json_decode($row['v'], true);
+			} unset($row);
+			if (isset($GLOBALS['wfpl_persistent']['wfpl_db_version'])) {
+				$version = $GLOBALS['wfpl_persistent']['wfpl_db_version'];
+			} else {
+				$version = -1;
+			}
+		} else {
+			db_send_query('create table if not exists wfpl_persistent (k varchar(30) binary not null default "", v mediumblob, primary key (k)) CHARSET=utf8;');
+			$version = -1;
+		}
+	}
+
+	if ($version === -1) {
+		db_send_query('create table if not exists wfpl_mutexes (id int unique auto_increment, name varchar(255) binary, expires int(11)) CHARSET=utf8;');
+		$version = 0;
+		# don't save version now in case another thread is doing this too
+	}
+	$next = $version + 1;
+	if (function_exists("db_upgrade_to_$next")) {
+		require_once(__DIR__.'/'.'persistent.php');
+		require_once(__DIR__.'/'.'mutex.php');
+		mutex_lock('wfpl_db_upgrade', 20);
+		# check version again, in case another thread upgraded the database
+		# while we waited for a lock just now
+		persistent_invalidate_cache();
+		$version = persistent_get('wfpl_db_version');
+		if ($version === null) {
+			$version = 0;
+		}
+
+		for ($next = $version + 1; function_exists("db_upgrade_to_$next"); ++$next) {
+			call_user_func("db_upgrade_to_$next");
+			persistent_set('wfpl_db_version', $next);
+		}
+		mutex_unlock('wfpl_db_upgrade');
+	}
+}