Database as new class with interface (#169)

* Database as new class with interface

Dockerfile

@@ -10,7 +10,7 @@ RUN sed -i '/security.debian.org/d' /etc/apt/sources.list \
 RUN echo "deb http://archive.debian.org/debian/ stretch main" > /etc/apt/sources.list \
     && echo "deb http://archive.debian.org/debian-security stretch/updates main" >> /etc/apt/sources.list
 
-RUN apt-get update && apt-get install -y zlib1g-dev libicu-dev g++ wget git
+RUN apt-get update && apt-get install -y zlib1g-dev libicu-dev g++ wget git zip
 
 RUN wget --no-check-certificate https://pecl.php.net/get/xdebug-2.5.5.tgz \
     && pecl install --offline ./xdebug-2.5.5.tgz \

actions-sms.php

@@ -1,4 +1,9 @@
 <?php
+
+use BikeShare\Db\DbInterface;
+use BikeShare\Db\MysqliDb;
+
+require_once 'vendor/autoload.php';
 require("common.php");
 
 function help($number)
@@ -320,7 +325,7 @@ function returnBike($number,$bike,$stand,$message="",$force=FALSE)
       {
       $userNote="";
       }
-   else $userNote=$db->conn->real_escape_string(trim($matches[1]));
+   else $userNote=$db->escape(trim($matches[1]));
 
    $result=$db->query("UPDATE bikes SET currentUser=NULL,currentStand=$standId WHERE bikeNum=$bikeNum");
    if ($userNote)
@@ -509,28 +514,30 @@ function freeBikes($number)
 
 function log_sms($sms_uuid, $sender, $receive_time, $sms_text, $ip)
 {
-   global $dbserver,$dbuser,$dbpassword,$dbname;
-        $localdb=new Database($dbserver,$dbuser,$dbpassword,$dbname);
-        $localdb->connect();
-        $localdb->conn->autocommit(TRUE);
-
-   $sms_uuid =$localdb->conn->real_escape_string($sms_uuid);
-   $sender =$localdb->conn->real_escape_string($sender);
-   $receive_time =$localdb->conn->real_escape_string($receive_time);
-   $sms_text =$localdb->conn->real_escape_string($sms_text);
-   $ip =$localdb->conn->real_escape_string($ip);
-
-        $result =$localdb->query("SELECT sms_uuid FROM received WHERE sms_uuid='$sms_uuid'");
-        if (DEBUG===FALSE AND $result->num_rows>=1) // sms already exists in DB, possible problem
-           {
-           notifyAdmins(_('Problem with SMS')." $sms_uuid!",1);
-           return FALSE;
-           }
-        else
-           {
-           $result =$localdb->query("INSERT INTO received SET sms_uuid='$sms_uuid',sender='$sender',receive_time='$receive_time',sms_text='$sms_text',ip='$ip'");
-           }
-
+    global $dbserver, $dbuser, $dbpassword, $dbname;
+    /**
+     * @var DbInterface
+     */
+    $localdb = new MysqliDb($dbserver, $dbuser, $dbpassword, $dbname);
+    $localdb->connect();
+
+    #TODO does it needed???
+    $localdb->setAutocommit(true);
+
+    $sms_uuid = $localdb->escape($sms_uuid);
+    $sender = $localdb->escape($sender);
+    $receive_time = $localdb->escape($receive_time);
+    $sms_text = $localdb->escape($sms_text);
+    $ip = $localdb->escape($ip);
+
+    $result = $localdb->query("SELECT sms_uuid FROM received WHERE sms_uuid='$sms_uuid'");
+    if (DEBUG === FALSE and $result->num_rows >= 1) {
+        // sms already exists in DB, possible problem
+        notifyAdmins(_('Problem with SMS') . " $sms_uuid!", 1);
+        return FALSE;
+    } else {
+        $result = $localdb->query("INSERT INTO received SET sms_uuid='$sms_uuid',sender='$sender',receive_time='$receive_time',sms_text='$sms_text',ip='$ip'");
+    }
 }
 
 
@@ -554,7 +561,7 @@ function delnote($number,$bikeNum,$message)
 	}
 	else
 	{
-      	sendSMS($number,_('Error in bike number / stand name specification:'.$db->conn->real_escape_string($bikeNum)));
+      	sendSMS($number,_('Error in bike number / stand name specification:'.$db->escape($bikeNum)));
 		return;
 	}
 
@@ -587,15 +594,15 @@ function delnote($number,$bikeNum,$message)
    $reportedBy=$row["userName"];
 
       $matches=explode(" ",$message,3);
-      $userNote=$db->conn->real_escape_string(trim($matches[2]));
+      $userNote=$db->escape(trim($matches[2]));
 
 	if($userNote=='')
 	{
 		$userNote='%';
 	}
 
       $result=$db->query("UPDATE notes SET deleted=NOW() where bikeNum=$bikeNum and deleted is null and note like '%$userNote%'");
-      $count = $db->conn->affected_rows;
+      $count = $db->getAffectedRows();
 
 	if($count == 0)
 	{
@@ -647,15 +654,15 @@ function untag($number,$standName,$message)
 
 
       $matches=explode(" ",$message,3);
-      $userNote=$db->conn->real_escape_string(trim($matches[2]));
+      $userNote=$db->escape(trim($matches[2]));
 
 	if($userNote=='')
 	{
 		$userNote='%';
 	}
 
     $result=$db->query("update notes join bikes on notes.bikeNum = bikes.bikeNum set deleted=now() where bikes.currentStand='$standId' and note like '%$userNote%' and deleted is null");
-    $count = $db->conn->affected_rows;
+    $count = $db->getAffectedRows();
 
 	if($count == 0)
 	{
@@ -706,15 +713,15 @@ function delstandnote($number,$standName,$message)
 
 
       $matches=explode(" ",$message,3);
-      $userNote=$db->conn->real_escape_string(trim($matches[2]));
+      $userNote=$db->escape(trim($matches[2]));
 
 	if($userNote=='')
 	{
 		$userNote='%';
 	}
 
       $result=$db->query("UPDATE notes SET deleted=NOW() where standId=$standId and deleted is null and note like '%$userNote%'");
-      $count = $db->conn->affected_rows;
+      $count = $db->getAffectedRows();
 
 	if($count == 0)
 	{
@@ -765,7 +772,7 @@ function standNote($number,$standName,$message)
 
 
     $matches=explode(" ",$message,3);
-    $userNote=$db->conn->real_escape_string(trim($matches[2]));
+    $userNote=$db->escape(trim($matches[2]));
 
    if ($userNote=="") //deletemmm
       {
@@ -781,7 +788,7 @@ function standNote($number,$standName,$message)
    else
       {
       $db->query("INSERT INTO notes SET standId='$standId',userId='$userId',note='$userNote'");
-      $noteid=$db->conn->insert_id;
+      $noteid=$db->getLastInsertId();
       sendSMS($number,_('Note for stand')." ".$standName." "._('saved').".");
       notifyAdmins(_('Note #').$noteid.": "._("on stand")." ".$standName." "._('by')." ".$reportedBy." (".$number."):".$userNote);
       }
@@ -813,7 +820,7 @@ function tag($number,$standName,$message)
 
 
     $matches=explode(" ",$message,3);
-    $userNote=$db->conn->real_escape_string(trim($matches[2]));
+    $userNote=$db->escape(trim($matches[2]));
 
    if ($userNote=="") //deletemmm
       {
@@ -829,7 +836,7 @@ function tag($number,$standName,$message)
    else
       {
       $db->query("INSERT INTO notes (bikeNum,userId,note) SELECT bikeNum,'$userId','$userNote' FROM bikes where currentStand='$standId'");
-      //$noteid=$db->conn->insert_id;
+      //$noteid=$db->getLastInsertId();
       sendSMS($number,_('All bikes on stand')." ".$standName." "._('tagged').".");
       notifyAdmins(_('All bikes on stand')." "."$standName".' '._('tagged by')." ".$reportedBy." (".$number.")". _("with note:").$userNote);
       }
@@ -855,7 +862,7 @@ function note($number,$bikeNum,$message)
 	}
 	else
 	{
-      	sendSMS($number,_('Error in bike number / stand name specification:'.$db->conn->real_escape_string($bikeNum)));
+      	sendSMS($number,_('Error in bike number / stand name specification:'.$db->escape($bikeNum)));
 		return;
 	}
 
@@ -892,7 +899,7 @@ function note($number,$bikeNum,$message)
    else
       {
       $matches=explode(" ",$message,3);
-      $userNote=$db->conn->real_escape_string(trim($matches[2]));
+      $userNote=$db->escape(trim($matches[2]));
       }
 
    if ($userNote=="")
@@ -911,7 +918,7 @@ function note($number,$bikeNum,$message)
    else
       {
       $db->query("INSERT INTO notes SET bikeNum='$bikeNum',userId='$userId',note='$userNote'");
-      $noteid=$db->conn->insert_id;
+      $noteid=$db->getLastInsertId();
       sendSMS($number,_('Note for bike')." ".$bikeNum." "._('saved').".");
       notifyAdmins(_('Note #').$noteid.": b.".$bikeNum." (".$bikeStatus.") "._('by')." ".$reportedBy." (".$number."):".$userNote);
       }
@@ -1028,8 +1035,8 @@ function add($number,$email,$phone,$message)
       sendSMS($number,_('Contact information is in incorrect format. Use:')." ADD king@earth.com 0901456789 Martin Luther King Jr.");
       return;
    }
-   $userName=$db->conn->real_escape_string(trim($matches[2]));
-   $email=$db->conn->real_escape_string(trim($matches[1]));
+   $userName=$db->escape(trim($matches[2]));
+   $email=$db->escape(trim($matches[1]));
 
    $result=$db->query("INSERT into users SET userName='$userName',number=$phone,mail='$email'");
 

admin.php

@@ -1,15 +1,22 @@
 <?php
+
+use BikeShare\Db\DbInterface;
+use BikeShare\Db\MysqliDb;
+
+require_once 'vendor/autoload.php';
 require("config.php");
-require("db.class.php");
 require('actions-web.php');
 
-$db=new Database($dbserver,$dbuser,$dbpassword,$dbname);
+/**
+ * @var DbInterface
+ */
+$db=new MysqliDb($dbserver,$dbuser,$dbpassword,$dbname);
 $db->connect();
 
 checksession();
 
 if (isset($_COOKIE["loguserid"])) {
-    $userid = $db->conn->real_escape_string(trim($_COOKIE["loguserid"]));
+    $userid = $db->escape(trim($_COOKIE["loguserid"]));
 } else {
     $userid = 0;
 }

agree.php

@@ -1,9 +1,16 @@
 <?php
+
+use BikeShare\Db\DbInterface;
+use BikeShare\Db\MysqliDb;
+
+require_once 'vendor/autoload.php';
 require("config.php");
-require("db.class.php");
 require('actions-web.php');
 
-$db=new Database($dbserver,$dbuser,$dbpassword,$dbname);
+/**
+ * @var DbInterface
+ */
+$db=new MysqliDb($dbserver,$dbuser,$dbpassword,$dbname);
 $db->connect();
 ?>
 <!DOCTYPE html>

command.php

@@ -1,19 +1,26 @@
 <?php
+
+use BikeShare\Db\DbInterface;
+use BikeShare\Db\MysqliDb;
+
+require_once 'vendor/autoload.php';
 require("config.php");
-require("db.class.php");
 require('actions-web.php');
 
-$db=new Database($dbserver,$dbuser,$dbpassword,$dbname);
+/**
+ * @var DbInterface
+ */
+$db=new MysqliDb($dbserver,$dbuser,$dbpassword,$dbname);
 $db->connect();
 
 if (isset($_COOKIE["loguserid"])) {
-    $userid = $db->conn->real_escape_string(trim($_COOKIE["loguserid"]));
+    $userid = $db->escape(trim($_COOKIE["loguserid"]));
 } else {
     $userid = 0;
 }
 
 if (isset($_COOKIE["logsession"])) {
-    $session = $db->conn->real_escape_string(trim($_COOKIE["logsession"]));
+    $session = $db->escape(trim($_COOKIE["logsession"]));
 } else {
     $session = '';
 }