lychee/php/modules/Database.php

<?php

###
# @name			Database Module
# @copyright	2015 by Tobias Reich
###

if (!defined('LYCHEE')) exit('Error: Direct access is not allowed!');

class Database extends Module {

	static function connect($host = 'localhost', $user, $password, $name = 'lychee') {

		# Check dependencies
		Module::dependencies(isset($host, $user, $password, $name));

		$database = new mysqli($host, $user, $password);

		# Check connection
		if ($database->connect_errno) exit('Error: ' . $database->connect_error);

		# Avoid sql injection on older MySQL versions by using GBK
		if ($database->server_version<50500) @$database->set_charset('GBK');
		else @$database->set_charset('utf8');

		# Set unicode
		$database->query('SET NAMES utf8;');

		# Check database
		if (!$database->select_db($name))
			if (!Database::createDatabase($database, $name)) exit('Error: Could not create database!');

		# Check tables
		$query = Database::prepare($database, 'SELECT * FROM ?, ?, ?, ? LIMIT 0', array(LYCHEE_TABLE_PHOTOS, LYCHEE_TABLE_ALBUMS, LYCHEE_TABLE_SETTINGS, LYCHEE_TABLE_LOG));
		if (!$database->query($query))
			if (!Database::createTables($database)) exit('Error: Could not create tables!');

		return $database;

	}

	static function update($database, $dbName, $version = 0) {

		# Check dependencies
		Module::dependencies(isset($database, $dbName));
		if (!isset($version)) return true;

		# List of updates
		$updates = array(
			'020100', #2.1
			'020101', #2.1.1
			'020200', #2.2
			'020500', #2.5
			'020505', #2.5.5
			'020601', #2.6.1
			'020602', #2.6.2
			'020700', #2.7.0
			'030000', #3.0.0
			'030001' #3.0.1
		);

		# For each update
		foreach ($updates as $update) {

			if ($update<=$version) continue;

			# Load update
			include(__DIR__ . '/../database/update_' . $update . '.php');

		}

		return true;

	}

	static function createConfig($host = 'localhost', $user, $password, $name = 'lychee', $prefix = '') {

		# Check dependencies
		Module::dependencies(isset($host, $user, $password, $name));

		$database = new mysqli($host, $user, $password);

		if ($database->connect_errno) return 'Warning: Connection failed!';

		# Check if database exists
		if (!$database->select_db($name)) {

			# Database doesn't exist
			# Check if user can create the database
			$result = Database::createDatabase($database, $name);
			if ($result===false) return 'Warning: Creation failed!';

		}

		# Escape data
		$host		= mysqli_real_escape_string($database, $host);
		$user		= mysqli_real_escape_string($database, $user);
		$password	= mysqli_real_escape_string($database, $password);
		$name		= mysqli_real_escape_string($database, $name);
		$prefix		= mysqli_real_escape_string($database, $prefix);

		# Save config.php
$config = "<?php

###
# @name			Configuration
# @author		Tobias Reich
# @copyright	2015 Tobias Reich
###

if(!defined('LYCHEE')) exit('Error: Direct access is not allowed!');

# Database configuration
\$dbHost = '$host'; # Host of the database
\$dbUser = '$user'; # Username of the database
\$dbPassword = '$password'; # Password of the database
\$dbName = '$name'; # Database name
\$dbTablePrefix = '$prefix'; # Table prefix

?>";

		# Save file
		if (file_put_contents(LYCHEE_CONFIG_FILE, $config)===false) return 'Warning: Could not create file!';

		return true;

	}

	static function createDatabase($database, $name = 'lychee') {

		# Check dependencies
		Module::dependencies(isset($database, $name));

		# Create database
		$query	= Database::prepare($database, 'CREATE DATABASE IF NOT EXISTS ?', array($name));
		$result = $database->query($query);

		if (!$database->select_db($name)||!$result) return false;
		return true;

	}

	static function createTables($database) {

		# Check dependencies
		Module::dependencies(isset($database));

		# Create log
		$exist = Database::prepare($database, 'SELECT * FROM ? LIMIT 0', array(LYCHEE_TABLE_LOG));
		if (!$database->query($exist)) {

			# Read file
			$file	= __DIR__ . '/../database/log_table.sql';
			$query	= @file_get_contents($file);

			if (!isset($query)||$query===false) return false;

			# Create table
			$query = Database::prepare($database, $query, array(LYCHEE_TABLE_LOG));
			if (!$database->query($query)) return false;

		}

		# Create settings
		$exist = Database::prepare($database, 'SELECT * FROM ? LIMIT 0', array(LYCHEE_TABLE_SETTINGS));
		if (!$database->query($exist)) {

			# Read file
			$file	= __DIR__ . '/../database/settings_table.sql';
			$query	= @file_get_contents($file);

			if (!isset($query)||$query===false) {
				Log::error($database, __METHOD__, __LINE__, 'Could not load query for lychee_settings');
				return false;
			}

			# Create table
			$query = Database::prepare($database, $query, array(LYCHEE_TABLE_SETTINGS));
			if (!$database->query($query)) {
				Log::error($database, __METHOD__, __LINE__, $database->error);
				return false;
			}

			# Read file
			$file	= __DIR__ . '/../database/settings_content.sql';
			$query	= @file_get_contents($file);

			if (!isset($query)||$query===false) {
				Log::error($database, __METHOD__, __LINE__, 'Could not load content-query for lychee_settings');
				return false;
			}

			# Add content
			$query = Database::prepare($database, $query, array(LYCHEE_TABLE_SETTINGS));
			if (!$database->query($query)) {
				Log::error($database, __METHOD__, __LINE__, $database->error);
				return false;
			}

		}

		# Create albums
		$exist = Database::prepare($database, 'SELECT * FROM ? LIMIT 0', array(LYCHEE_TABLE_ALBUMS));
		if (!$database->query($exist)) {

			# Read file
			$file	= __DIR__ . '/../database/albums_table.sql';
			$query	= @file_get_contents($file);

			if (!isset($query)||$query===false) {
				Log::error($database, __METHOD__, __LINE__, 'Could not load query for lychee_albums');
				return false;
			}

			# Create table
			$query = Database::prepare($database, $query, array(LYCHEE_TABLE_ALBUMS));
			if (!$database->query($query)) {
				Log::error($database, __METHOD__, __LINE__, $database->error);
				return false;
			}

		}

		# Create photos
		$exist = Database::prepare($database, 'SELECT * FROM ? LIMIT 0', array(LYCHEE_TABLE_PHOTOS));
		if (!$database->query($exist)) {

			# Read file
			$file	= __DIR__ . '/../database/photos_table.sql';
			$query	= @file_get_contents($file);

			if (!isset($query)||$query===false) {
				Log::error($database, __METHOD__, __LINE__, 'Could not load query for lychee_photos');
				return false;
			}

			# Create table
			$query = Database::prepare($database, $query, array(LYCHEE_TABLE_PHOTOS));
			if (!$database->query($query)) {
				Log::error($database, __METHOD__, __LINE__, $database->error);
				return false;
			}

		}

		return true;

	}

	static function setVersion($database, $version) {

		$query	= Database::prepare($database, "UPDATE ? SET value = '?' WHERE `key` = 'version'", array(LYCHEE_TABLE_SETTINGS, $version));
		$result = $database->query($query);
		if (!$result) {
			Log::error($database, __METHOD__, __LINE__, 'Could not update database (' . $database->error . ')');
			return false;
		}

	}

	static function prepare($database, $query, $data) {

		# Check dependencies
		Module::dependencies(isset($database, $query, $data));

		# Count the number of placeholders and compare it with the number of arguments
		# If it doesn't match, calculate the difference and skip this number of placeholders before starting the replacement
		# This avoids problems with placeholders in user-input
		# $skip = Number of placeholders which need to be skipped
		$skip	= 0;
		$num	= array(
			'placeholder'	=> substr_count($query, '?'),
			'data'			=> count($data)
		);

		if (($num['data']-$num['placeholder'])<0) Log::notice($database, __METHOD__, __LINE__, 'Could not completely prepare query. Query has more placeholders than values.');

		foreach ($data as $value) {

			# Escape
			$value = mysqli_real_escape_string($database, $value);

			# Recalculate number of placeholders
			$num['placeholder'] = substr_count($query, '?');

			# Calculate number of skips
			if ($num['placeholder']>$num['data']) $skip = $num['placeholder'] - $num['data'];

			if ($skip>0) {

				# Need to skip $skip placeholders, because the user input contained placeholders
				# Calculate a substring which does not contain the user placeholders
				# 1 or -1 is the length of the placeholder (placeholder = ?)

				$pos = -1;
				for ($i=$skip; $i>0; $i--) $pos = strpos($query, '?', $pos + 1);
				$pos++;

				$temp	= substr($query, 0, $pos); # First part of $query
				$query	= substr($query, $pos); # Last part of $query

			}

			# Replace
			$query = preg_replace('/\?/', $value, $query, 1);

			if ($skip>0) {

				# Reassemble the parts of $query
				$query = $temp . $query;

			}

			# Reset skip
			$skip = 0;

			# Decrease number of data elements
			$num['data']--;

		}

		return $query;

	}

}

?>
Added Database class 2014-04-04 19:59:39 +00:00			`<?php`

			`###`
Comment cleanup 2014-10-21 11:45:11 +00:00			`# @name Database Module`
Updated copyright 2015-02-01 21:08:37 +00:00			`# @copyright 2015 by Tobias Reich`
Added Database class 2014-04-04 19:59:39 +00:00			`###`

			`if (!defined('LYCHEE')) exit('Error: Direct access is not allowed!');`

			`class Database extends Module {`

			`static function connect($host = 'localhost', $user, $password, $name = 'lychee') {`

Improved error handling by checking the dependencies (e.g. vars and parameters) 2014-04-19 19:07:36 +00:00			`# Check dependencies`
			`Module::dependencies(isset($host, $user, $password, $name));`
Added Database class 2014-04-04 19:59:39 +00:00
			`$database = new mysqli($host, $user, $password);`

			`# Check connection`
			`if ($database->connect_errno) exit('Error: ' . $database->connect_error);`

Fix db encoding and setting it to UTF-8 (#112 #116) 2014-04-06 13:11:55 +00:00			`# Avoid sql injection on older MySQL versions by using GBK`
Prevent warning of set_charset #291 2015-01-22 20:24:20 +00:00			`if ($database->server_version<50500) @$database->set_charset('GBK');`
			`else @$database->set_charset('utf8');`
Updated version 2014-09-19 21:32:35 +00:00
Changed spaces to tabs for indentation 2014-09-16 12:20:35 +00:00			`# Set unicode`
			`$database->query('SET NAMES utf8;');`
Added Database class 2014-04-04 19:59:39 +00:00
			`# Check database`
			`if (!$database->select_db($name))`
			`if (!Database::createDatabase($database, $name)) exit('Error: Could not create database!');`

			`# Check tables`
Replaced new array syntax with old one to support older php versions 2014-08-30 05:05:26 +00:00			`$query = Database::prepare($database, 'SELECT * FROM ?, ?, ?, ? LIMIT 0', array(LYCHEE_TABLE_PHOTOS, LYCHEE_TABLE_ALBUMS, LYCHEE_TABLE_SETTINGS, LYCHEE_TABLE_LOG));`
Create tables with prefix (#38 #214 #196) 2014-08-29 21:08:18 +00:00			`if (!$database->query($query))`
Added Database class 2014-04-04 19:59:39 +00:00			`if (!Database::createTables($database)) exit('Error: Could not create tables!');`

			`return $database;`

			`}`

Improved error handling by checking the dependencies (e.g. vars and parameters) 2014-04-19 19:07:36 +00:00			`static function update($database, $dbName, $version = 0) {`
Added Database class 2014-04-04 19:59:39 +00:00
Improved error handling by checking the dependencies (e.g. vars and parameters) 2014-04-19 19:07:36 +00:00			`# Check dependencies`
			`Module::dependencies(isset($database, $dbName));`
Updated version 2014-09-19 21:32:35 +00:00			`if (!isset($version)) return true;`
Improved update mechanism (#115) 2014-04-05 16:30:24 +00:00
			`# List of updates`
			`$updates = array(`
			`'020100', #2.1`
			`'020101', #2.1.1`
Added update script to v2.5 + version push (#115) 2014-04-10 20:42:14 +00:00			`'020200', #2.2`
Version push and add checksum for existing users #179 2014-07-04 22:39:31 +00:00			`'020500', #2.5`
Added `downloadable` to database and backend 2014-08-09 15:57:31 +00:00			`'020505', #2.5.5`
Added update for database for version 2.6.2 2014-08-27 19:17:05 +00:00			`'020601', #2.6.1`
ntermediate sized images for small screen devices #67 - Updated version - Update database - Write medium to database - Delete medium on photo delete - Show medium depending on screen 2014-10-11 14:09:10 +00:00			`'020602', #2.6.2`
Removed useless md5 hashing in front-end and added username hashing in back-end 2015-02-08 14:36:13 +00:00			`'020700', #2.7.0`
Allow an album and photo title length of 50 chars #332 2015-05-10 21:01:07 +00:00			`'030000', #3.0.0`
			`'030001' #3.0.1`
Improved update mechanism (#115) 2014-04-05 16:30:24 +00:00			`);`

			`# For each update`
			`foreach ($updates as $update) {`

Updated version 2014-09-19 21:32:35 +00:00			`if ($update<=$version) continue;`
Improved update mechanism (#115) 2014-04-05 16:30:24 +00:00
			`# Load update`
Added __DIR__ to Database.php 2014-04-09 18:26:25 +00:00			`include(__DIR__ . '/../database/update_' . $update . '.php');`
Improved update mechanism (#115) 2014-04-05 16:30:24 +00:00
			`}`

			`return true;`

			`}`

Added table prefix to create dialog (#214 #196) 2014-08-29 17:55:21 +00:00			`static function createConfig($host = 'localhost', $user, $password, $name = 'lychee', $prefix = '') {`
Improved update mechanism (#115) 2014-04-05 16:30:24 +00:00
Improved error handling by checking the dependencies (e.g. vars and parameters) 2014-04-19 19:07:36 +00:00			`# Check dependencies`
			`Module::dependencies(isset($host, $user, $password, $name));`
Added Database class 2014-04-04 19:59:39 +00:00
			`$database = new mysqli($host, $user, $password);`

			`if ($database->connect_errno) return 'Warning: Connection failed!';`

Fixed "Setup tries to create database lychee_dbcheck #202" 2014-08-08 14:28:34 +00:00			`# Check if database exists`
			`if (!$database->select_db($name)) {`

			`# Database doesn't exist`
Fixed creation of test db #295 2015-01-23 19:50:21 +00:00			`# Check if user can create the database`
			`$result = Database::createDatabase($database, $name);`
			`if ($result===false) return 'Warning: Creation failed!';`
Fixed "Setup tries to create database lychee_dbcheck #202" 2014-08-08 14:28:34 +00:00
			`}`
Fixed "No way to back out during database creation #195" 2014-08-07 18:23:39 +00:00
Escape data before writing to config.php (#38) 2014-08-29 18:10:50 +00:00			`# Escape data`
			`$host = mysqli_real_escape_string($database, $host);`
			`$user = mysqli_real_escape_string($database, $user);`
			`$password = mysqli_real_escape_string($database, $password);`
			`$name = mysqli_real_escape_string($database, $name);`
			`$prefix = mysqli_real_escape_string($database, $prefix);`

Fixed "No way to back out during database creation #195" 2014-08-07 18:23:39 +00:00			`# Save config.php`
Added Database class 2014-04-04 19:59:39 +00:00			`$config = "<?php`

			`###`
Added table prefix to create dialog (#214 #196) 2014-08-29 17:55:21 +00:00			`# @name Configuration`
Added Database class 2014-04-04 19:59:39 +00:00			`# @author Tobias Reich`
Updated copyright year 2015-03-29 16:56:08 +00:00			`# @copyright 2015 Tobias Reich`
Added Database class 2014-04-04 19:59:39 +00:00			`###`

			`if(!defined('LYCHEE')) exit('Error: Direct access is not allowed!');`

			`# Database configuration`
			`\$dbHost = '$host'; # Host of the database`
			`\$dbUser = '$user'; # Username of the database`
			`\$dbPassword = '$password'; # Password of the database`
			`\$dbName = '$name'; # Database name`
Added table prefix to create dialog (#214 #196) 2014-08-29 17:55:21 +00:00			`\$dbTablePrefix = '$prefix'; # Table prefix`
Added Database class 2014-04-04 19:59:39 +00:00
			`?>";`

Fixed "No way to back out during database creation #195" 2014-08-07 18:23:39 +00:00			`# Save file`
			`if (file_put_contents(LYCHEE_CONFIG_FILE, $config)===false) return 'Warning: Could not create file!';`
Added Database class 2014-04-04 19:59:39 +00:00
Fixed "No way to back out during database creation #195" 2014-08-07 18:23:39 +00:00			`return true;`
Added Database class 2014-04-04 19:59:39 +00:00
			`}`

			`static function createDatabase($database, $name = 'lychee') {`

Improved error handling by checking the dependencies (e.g. vars and parameters) 2014-04-19 19:07:36 +00:00			`# Check dependencies`
			`Module::dependencies(isset($database, $name));`
Added Database class 2014-04-04 19:59:39 +00:00
Improved update mechanism (#115) 2014-04-05 16:30:24 +00:00			`# Create database`
Fixed creation of test db #295 2015-01-23 19:50:21 +00:00			`$query = Database::prepare($database, 'CREATE DATABASE IF NOT EXISTS ?', array($name));`
			`$result = $database->query($query);`
Added Database class 2014-04-04 19:59:39 +00:00
			`if (!$database->select_db($name)\|\|!$result) return false;`
			`return true;`

			`}`

			`static function createTables($database) {`

Improved error handling by checking the dependencies (e.g. vars and parameters) 2014-04-19 19:07:36 +00:00			`# Check dependencies`
			`Module::dependencies(isset($database));`
Added Database class 2014-04-04 19:59:39 +00:00
Added basic Log class (#143) 2014-05-06 19:22:56 +00:00			`# Create log`
Replaced new array syntax with old one to support older php versions 2014-08-30 05:05:26 +00:00			`$exist = Database::prepare($database, 'SELECT * FROM ? LIMIT 0', array(LYCHEE_TABLE_LOG));`
Create tables with prefix (#38 #214 #196) 2014-08-29 21:08:18 +00:00			`if (!$database->query($exist)) {`
Added basic Log class (#143) 2014-05-06 19:22:56 +00:00
			`# Read file`
			`$file = __DIR__ . '/../database/log_table.sql';`
			`$query = @file_get_contents($file);`

			`if (!isset($query)\|\|$query===false) return false;`
Create tables with prefix (#38 #214 #196) 2014-08-29 21:08:18 +00:00
			`# Create table`
Replaced new array syntax with old one to support older php versions 2014-08-30 05:05:26 +00:00			`$query = Database::prepare($database, $query, array(LYCHEE_TABLE_LOG));`
Added basic Log class (#143) 2014-05-06 19:22:56 +00:00			`if (!$database->query($query)) return false;`

			`}`

Added Database class 2014-04-04 19:59:39 +00:00			`# Create settings`
Replaced new array syntax with old one to support older php versions 2014-08-30 05:05:26 +00:00			`$exist = Database::prepare($database, 'SELECT * FROM ? LIMIT 0', array(LYCHEE_TABLE_SETTINGS));`
Create tables with prefix (#38 #214 #196) 2014-08-29 21:08:18 +00:00			`if (!$database->query($exist)) {`
Added Database class 2014-04-04 19:59:39 +00:00
Improved update mechanism (#115) 2014-04-05 16:30:24 +00:00			`# Read file`
Added __DIR__ to Database.php 2014-04-09 18:26:25 +00:00			`$file = __DIR__ . '/../database/settings_table.sql';`
Improved error handling for table creation 2014-04-19 14:57:36 +00:00			`$query = @file_get_contents($file);`
Added Database class 2014-04-04 19:59:39 +00:00
Added Log to Database 2014-05-30 14:54:34 +00:00			`if (!isset($query)\|\|$query===false) {`
			`Log::error($database, __METHOD__, __LINE__, 'Could not load query for lychee_settings');`
			`return false;`
			`}`
Create tables with prefix (#38 #214 #196) 2014-08-29 21:08:18 +00:00
			`# Create table`
Replaced new array syntax with old one to support older php versions 2014-08-30 05:05:26 +00:00			`$query = Database::prepare($database, $query, array(LYCHEE_TABLE_SETTINGS));`
Added Log to Database 2014-05-30 14:54:34 +00:00			`if (!$database->query($query)) {`
			`Log::error($database, __METHOD__, __LINE__, $database->error);`
			`return false;`
			`}`
Added Database class 2014-04-04 19:59:39 +00:00
Improved update mechanism (#115) 2014-04-05 16:30:24 +00:00			`# Read file`
Added __DIR__ to Database.php 2014-04-09 18:26:25 +00:00			`$file = __DIR__ . '/../database/settings_content.sql';`
Improved error handling for table creation 2014-04-19 14:57:36 +00:00			`$query = @file_get_contents($file);`
Added Database class 2014-04-04 19:59:39 +00:00
Added Log to Database 2014-05-30 14:54:34 +00:00			`if (!isset($query)\|\|$query===false) {`
			`Log::error($database, __METHOD__, __LINE__, 'Could not load content-query for lychee_settings');`
			`return false;`
			`}`
Create tables with prefix (#38 #214 #196) 2014-08-29 21:08:18 +00:00
			`# Add content`
Replaced new array syntax with old one to support older php versions 2014-08-30 05:05:26 +00:00			`$query = Database::prepare($database, $query, array(LYCHEE_TABLE_SETTINGS));`
Added Log to Database 2014-05-30 14:54:34 +00:00			`if (!$database->query($query)) {`
			`Log::error($database, __METHOD__, __LINE__, $database->error);`
			`return false;`
			`}`
Added Database class 2014-04-04 19:59:39 +00:00
			`}`

			`# Create albums`
Replaced new array syntax with old one to support older php versions 2014-08-30 05:05:26 +00:00			`$exist = Database::prepare($database, 'SELECT * FROM ? LIMIT 0', array(LYCHEE_TABLE_ALBUMS));`
Create tables with prefix (#38 #214 #196) 2014-08-29 21:08:18 +00:00			`if (!$database->query($exist)) {`
Added Database class 2014-04-04 19:59:39 +00:00
Improved update mechanism (#115) 2014-04-05 16:30:24 +00:00			`# Read file`
Added __DIR__ to Database.php 2014-04-09 18:26:25 +00:00			`$file = __DIR__ . '/../database/albums_table.sql';`
Improved error handling for table creation 2014-04-19 14:57:36 +00:00			`$query = @file_get_contents($file);`
Added Database class 2014-04-04 19:59:39 +00:00
Added Log to Database 2014-05-30 14:54:34 +00:00			`if (!isset($query)\|\|$query===false) {`
			`Log::error($database, __METHOD__, __LINE__, 'Could not load query for lychee_albums');`
			`return false;`
			`}`
Create tables with prefix (#38 #214 #196) 2014-08-29 21:08:18 +00:00
			`# Create table`
Replaced new array syntax with old one to support older php versions 2014-08-30 05:05:26 +00:00			`$query = Database::prepare($database, $query, array(LYCHEE_TABLE_ALBUMS));`
Added Log to Database 2014-05-30 14:54:34 +00:00			`if (!$database->query($query)) {`
			`Log::error($database, __METHOD__, __LINE__, $database->error);`
			`return false;`
			`}`
Added Database class 2014-04-04 19:59:39 +00:00
			`}`

			`# Create photos`
Replaced new array syntax with old one to support older php versions 2014-08-30 05:05:26 +00:00			`$exist = Database::prepare($database, 'SELECT * FROM ? LIMIT 0', array(LYCHEE_TABLE_PHOTOS));`
Create tables with prefix (#38 #214 #196) 2014-08-29 21:08:18 +00:00			`if (!$database->query($exist)) {`
Added Database class 2014-04-04 19:59:39 +00:00
Improved update mechanism (#115) 2014-04-05 16:30:24 +00:00			`# Read file`
Added __DIR__ to Database.php 2014-04-09 18:26:25 +00:00			`$file = __DIR__ . '/../database/photos_table.sql';`
Improved error handling for table creation 2014-04-19 14:57:36 +00:00			`$query = @file_get_contents($file);`
Added Database class 2014-04-04 19:59:39 +00:00
Added Log to Database 2014-05-30 14:54:34 +00:00			`if (!isset($query)\|\|$query===false) {`
			`Log::error($database, __METHOD__, __LINE__, 'Could not load query for lychee_photos');`
			`return false;`
			`}`
Create tables with prefix (#38 #214 #196) 2014-08-29 21:08:18 +00:00
			`# Create table`
Replaced new array syntax with old one to support older php versions 2014-08-30 05:05:26 +00:00			`$query = Database::prepare($database, $query, array(LYCHEE_TABLE_PHOTOS));`
Added Log to Database 2014-05-30 14:54:34 +00:00			`if (!$database->query($query)) {`
			`Log::error($database, __METHOD__, __LINE__, $database->error);`
			`return false;`
			`}`
Added Database class 2014-04-04 19:59:39 +00:00
			`}`

			`return true;`

			`}`

Database::setVersion to update the database version 2014-08-30 17:25:01 +00:00			`static function setVersion($database, $version) {`

			$query = Database::prepare($database, "UPDATE ? SET value = '?' WHERE `key` = 'version'", array(LYCHEE_TABLE_SETTINGS, $version));
			`$result = $database->query($query);`
			`if (!$result) {`
			`Log::error($database, __METHOD__, __LINE__, 'Could not update database (' . $database->error . ')');`
			`return false;`
			`}`

			`}`

Added database prepare (#38 #214 #196) 2014-08-29 17:12:35 +00:00			`static function prepare($database, $query, $data) {`

			`# Check dependencies`
			`Module::dependencies(isset($database, $query, $data));`

Fixed a bug with Database::prepare and ? in user input (#38 #214 #196) 2014-08-31 21:49:25 +00:00			`# Count the number of placeholders and compare it with the number of arguments`
			`# If it doesn't match, calculate the difference and skip this number of placeholders before starting the replacement`
			`# This avoids problems with placeholders in user-input`
			`# $skip = Number of placeholders which need to be skipped`
			`$skip = 0;`
			`$num = array(`
			`'placeholder' => substr_count($query, '?'),`
			`'data' => count($data)`
			`);`

			`if (($num['data']-$num['placeholder'])<0) Log::notice($database, __METHOD__, __LINE__, 'Could not completely prepare query. Query has more placeholders than values.');`

Added database prepare (#38 #214 #196) 2014-08-29 17:12:35 +00:00			`foreach ($data as $value) {`

			`# Escape`
			`$value = mysqli_real_escape_string($database, $value);`

Fixed a bug with Database::prepare and ? in user input (#38 #214 #196) 2014-08-31 21:49:25 +00:00			`# Recalculate number of placeholders`
			`$num['placeholder'] = substr_count($query, '?');`

			`# Calculate number of skips`
			`if ($num['placeholder']>$num['data']) $skip = $num['placeholder'] - $num['data'];`

			`if ($skip>0) {`

			`# Need to skip $skip placeholders, because the user input contained placeholders`
			`# Calculate a substring which does not contain the user placeholders`
			`# 1 or -1 is the length of the placeholder (placeholder = ?)`

			`$pos = -1;`
			`for ($i=$skip; $i>0; $i--) $pos = strpos($query, '?', $pos + 1);`
			`$pos++;`

			`$temp = substr($query, 0, $pos); # First part of $query`
			`$query = substr($query, $pos); # Last part of $query`

			`}`

Added database prepare (#38 #214 #196) 2014-08-29 17:12:35 +00:00			`# Replace`
			`$query = preg_replace('/\?/', $value, $query, 1);`

Fixed a bug with Database::prepare and ? in user input (#38 #214 #196) 2014-08-31 21:49:25 +00:00			`if ($skip>0) {`
Added database prepare (#38 #214 #196) 2014-08-29 17:12:35 +00:00
Fixed a bug with Database::prepare and ? in user input (#38 #214 #196) 2014-08-31 21:49:25 +00:00			`# Reassemble the parts of $query`
			`$query = $temp . $query;`

			`}`

			`# Reset skip`
			`$skip = 0;`

			`# Decrease number of data elements`
			`$num['data']--;`

			`}`
Added database prepare (#38 #214 #196) 2014-08-29 17:12:35 +00:00
			`return $query;`

			`}`

Added Database class 2014-04-04 19:59:39 +00:00			`}`

			`?>`