diff options
Diffstat (limited to '0.8/src/data/data.cpp')
| -rw-r--r-- | 0.8/src/data/data.cpp | 227 |
1 files changed, 227 insertions, 0 deletions
diff --git a/0.8/src/data/data.cpp b/0.8/src/data/data.cpp new file mode 100644 index 0000000..a401dab --- /dev/null +++ b/0.8/src/data/data.cpp @@ -0,0 +1,227 @@ +/*:* + *: File: ./src/data/data.cpp + *: + *: yChat; Homepage: ychat.buetow.org; Version 0.9.0-CURRENT + *: + *: Copyright (C) 2003 Paul C. Buetow, Volker Richter + *: Copyright (C) 2004 Paul C. Buetow + *: Copyright (C) 2005 EXA Digital Solutions GbR + *: Copyright (C) 2006, 2007 Paul C. Buetow + *: + *: This program is free software; you can redistribute it and/or + *: modify it under the terms of the GNU General Public License + *: as published by the Free Software Foundation; either version 2 + *: of the License, or (at your option) any later version. + *: + *: This program is distributed in the hope that it will be useful, + *: but WITHOUT ANY WARRANTY; without even the implied warranty of + *: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + *: GNU General Public License for more details. + *: + *: You should have received a copy of the GNU General Public License + *: along with this program; if not, write to the Free Software + *: Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + *:*/ +#include "data.h" + +#ifdef DATABASE +#ifndef DATA_CPP +#define DATA_CPP + +using namespace std; + +data::data() +{} + +data::~data() +{} + +hashmap<string> +data::select_user_data( string s_user, string s_query) +{ + string s_where_rule = " WHERE nick = \"" + s_user + "\""; + vector<string> vec_elements; + MYSQL_RES* p_result = select_query( s_query, s_where_rule, vec_elements ); + return parse_result( p_result, vec_elements ); +} + +MYSQL_RES* +data::select_query( string s_query, string s_where_rule, vector<string>& vec_elements ) +{ + con* p_con = get_con(); + + vec_elements = map_queries[s_query]; + string s_mysql_query = "SELECT "; + vector<string>::iterator iter = vec_elements.begin(); + + string s_table = *iter; + iter++; + + while ( iter != vec_elements.end() ) + { + s_mysql_query.append( secure_query(*iter) ); + if ( ++iter != vec_elements.end() ) + s_mysql_query.append( ", " ); + } + + s_mysql_query.append(" FROM " + s_table + s_where_rule ); + print_query( MYSQLQU + s_mysql_query ); + + MYSQL_RES* p_result = NULL; + + if ( 0 == mysql_query( p_con->p_mysql, (const char*)s_mysql_query.c_str() ) ) + { + p_result = mysql_store_result( p_con->p_mysql ); + push_con( p_con ); + } + else + { + wrap::system_message( MYSQLQU + string( mysql_error(p_con->p_mysql) ) ); + if (p_con != NULL) + delete p_con; + } + + return p_result; +} + +hashmap<string> +data::parse_result( MYSQL_RES* p_result, vector<string>& vec_elements ) +{ + hashmap<string> map_ret; + if ( p_result != NULL ) + { + MYSQL_ROW row; + vector<string>::iterator vec_iter = vec_elements.begin(); + vec_iter++; + + while ( (row = mysql_fetch_row(p_result)) ) + for ( int i=0; i < mysql_num_fields(p_result); i++, vec_iter++ ) + map_ret[*vec_iter] = string(row[i]); + + mysql_free_result( p_result ); + } + return map_ret; +} + +void +data::insert_user_data( string s_user, string s_query, map<string,string> insert_map ) +{ + insert_query( s_query, insert_map ); +} + +void +data::insert_query( string s_query, map<string,string> map_insert ) +{ + vector<string> vec_elements = map_queries[s_query]; + vector<string>::iterator iter = vec_elements.begin(); + + string s_table = *iter; + iter++; + string s_mysql_query = "INSERT INTO " + s_table + " ("; + + while ( iter != vec_elements.end() ) + { + s_mysql_query.append( *iter ); + + if ( ++iter != vec_elements.end() ) + s_mysql_query.append( ", " ); + else + s_mysql_query.append( ") VALUES(" ); + } + + iter = vec_elements.begin(); + iter++; + + while ( iter != vec_elements.end() ) + { + s_mysql_query.append( "\"" + secure_query(map_insert[*iter]) + "\"" ); + if ( ++iter != vec_elements.end() ) + s_mysql_query.append( ", " ); + else + s_mysql_query.append( ")" ); + } + + print_query( MYSQLQU + s_mysql_query ); + + con* p_con = get_con(); + + if ( 0 != mysql_query( p_con->p_mysql, (const char*)s_mysql_query.c_str() ) ) + wrap::system_message( MYSQLQU + string( mysql_error(p_con->p_mysql) ) ); + + push_con( p_con ); + + return; +} + +void +data::update_user_data( string s_user, string s_query, hashmap<string> update_map ) +{ + vector<string> vec_elements = map_queries[s_query]; + + if ( vec_elements.size() == 0 ) + return; + + vector<string>::iterator iter = vec_elements.begin(); + vector<string>::iterator iter_second = vec_elements.begin(); + iter_second++; + + string s_table = *iter; + iter++; + string s_mysql_query = "UPDATE " + s_table + " SET "; + bool b_flag = 0; + + while ( iter != vec_elements.end() ) + { + if ( update_map[*iter] == "" ) // Dont update data if it has not been changed / if its empty! + { + iter++; + continue; + } + + if ( iter != iter_second && b_flag ) + s_mysql_query.append( ", " ); + + s_mysql_query.append( *iter + "=\"" + secure_query(update_map[*iter]) + "\"" ); + b_flag = 1; + iter++; + } + + if ( b_flag ) + { + s_mysql_query.append( " WHERE nick=\"" + tool::to_lower(s_user) + "\"" ); + + con* p_con = get_con(); + print_query( MYSQLQU + s_mysql_query ); + + if ( 0 != mysql_query( p_con->p_mysql, (const char*)s_mysql_query.c_str() ) ) + wrap::system_message( MYSQLQU + string( mysql_error(p_con->p_mysql) ) ); + + push_con( p_con ); + } +} + +string +data::secure_query( string s_mysql_query ) +{ + // Prevent from MySQL injection attacks (escaping " and \) + unsigned i_pos = s_mysql_query.find("\\"); + + while ( i_pos != string::npos ) + { + s_mysql_query.replace( i_pos, 1, "/" ); + i_pos = s_mysql_query.find("\\"); + } + + i_pos = s_mysql_query.find("\""); + + while ( i_pos != string::npos ) + { + s_mysql_query.replace( i_pos, 1, "'" ); + i_pos = s_mysql_query.find("\""); + } + + return s_mysql_query; +} + +#endif +#endif |