Merge of a bunch of @DookTibsCarl and other @carelton work. Improved …

…form builder. Catalog commits. akismet for forms. Deleted page/site redirection admin ui. Leaves out profile commits for now.

carl_util/cache/cache_types/default.php

@@ -43,6 +43,11 @@ abstract class DefaultObjectCache
 	 */
 	var $cache_id;
 
+	/**
+	 * @var string human-readable identifier for the cache
+	 */
+	var $cache_name;
+
 	final function __construct($dumb_key, $settings = NULL)
 	{
 		if ($dumb_key == 'do_not_instantiate_me_directly')
@@ -79,6 +84,25 @@ abstract public function set(&$object);
 	 */
 	abstract public function clear();
 
+	/**
+	 * Sets a lock on a cache to indicate that it's being modified
+	 * @param How long the lock should be honored (seconds)
+	 * @return boolean success or failure
+	 */
+	abstract public function lock($expire_seconds);
+
+	/**
+	 * Clears a lock on a cache
+	 * @return boolean success or failure
+	 */
+	abstract public function unlock();
+
+	/**
+	 * Checks to see if a lock exists on a cache
+	 * @return boolean
+	 */
+	abstract public function is_locked();
+
 	/**
 	 * Run once per page load to verify settings, constants, and the basic cache type setup.
 	 *
@@ -128,6 +152,23 @@ function set_cache_id($hash)
 		$this->cache_id = $hash;
 	}
 
+	/**
+	 * @return string cache name
+	 */
+
+	function get_cache_name()
+	{
+		return $this->cache_name;
+	}
+
+	/**
+	 * @return true
+	 */
+	function set_cache_name($name)
+	{
+		$this->cache_name = $name;
+	}
+
 	/**
 	 * @return true
 	 */	

carl_util/cache/cache_types/file.php

@@ -14,6 +14,8 @@
 class FileObjectCache extends DefaultObjectCache
 {	
 	private $_cache_dir;
+	private $_read_log = false;
+	private $_write_log = true;
 
 	function &fetch()
 	{
@@ -23,10 +25,11 @@ function &fetch()
 		if (file_exists($cache_file))
 		{
 			$last_modified = filemtime($cache_file);
-			$ret = (($lifespan == -1) || ((time() - $last_modified) < $lifespan))
+			$ret = (($lifespan == -1) || ((time() - $last_modified) < $lifespan) || $this->is_locked())
 				   ? unserialize(file_get_contents($cache_file)) 
 				   : false;
 		}
+		if ($ret && $this->_read_log) error_log(date('Y-m-d H:i:s').' CACHE '.str_replace("\n",' ',$this->get_cache_name()).' read '.filesize($cache_file).' bytes in '.$_SERVER['REQUEST_URI']."\n", 3, '/tmp/reason_cache.log');
 		return $ret;
 	}
 
@@ -35,13 +38,15 @@ function &fetch()
 	 */
 	function set(&$object)
 	{
+		if ($this->_write_log) error_log(date('Y-m-d H:i:s').' CACHE '.str_replace("\n",' ',$this->get_cache_name()).' writing in '.$_SERVER['REQUEST_URI']."\n", 3, '/tmp/reason_cache.log');
 		$cache_file = $this->_get_cache_file();
 		if (!is_dir(dirname($cache_file))) mkdir_recursive(dirname($cache_file));
 		$fh = fopen($cache_file,"w");
 		flock($fh, LOCK_EX);
 		$result = fwrite($fh, serialize($object));
 		flock($fh, LOCK_UN);
 		fclose($fh);
+		if ($this->_write_log) error_log(date('Y-m-d H:i:s').' CACHE '.str_replace("\n",' ',$this->get_cache_name()).' wrote '.filesize($cache_file).' bytes in '.$_SERVER['REQUEST_URI']."\n", 3, '/tmp/reason_cache.log');
 		return ($result !== FALSE);
 	}
 
@@ -50,6 +55,43 @@ function clear()
 		$cache_file = $this->_get_cache_file();
 		if(file_exists($cache_file)) return unlink( $cache_file );
 	}	
+
+	function lock($expire_seconds)
+	{
+		$lock_file = $this->_get_cache_file().'.lock';
+		if (!is_dir(dirname($lock_file))) mkdir_recursive(dirname($lock_file));
+		$fh = fopen($lock_file,"w");
+		flock($fh, LOCK_EX);
+		$result = fwrite($fh, time() + $expire_seconds);
+		flock($fh, LOCK_UN);
+		fclose($fh);
+		return ($result !== FALSE);		
+	}
+
+	function unlock()
+	{
+		$lock_file = $this->_get_cache_file().'.lock';
+		if(file_exists($lock_file)) return unlink( $lock_file );	
+	}
+
+	function is_locked()
+	{
+		$lock_file = $this->_get_cache_file().'.lock';
+		if (file_exists($lock_file))
+		{
+			$expires = file_get_contents($lock_file);
+			if ($expires > time())
+			{
+				return true;
+			}
+			else
+			{
+				$this->unlock();
+			}
+		} else {
+		}
+		return false;
+	}
 
 	function validate()
 	{

carl_util/cache/object_cache.php

@@ -79,6 +79,7 @@ function init($id = '', $lifespan = '', $type = '')
 		$cache =& $this->set_cache();
 		if ($id && $cache)
 		{
+			$cache->set_cache_name($id);
 			$cache->set_cache_id(md5($id));
 			if ( !empty($lifespan) || ($lifespan = $this->get_default_lifespan())) $cache->set_cache_lifespan($lifespan);
 			if ($params = $this->get_cache_params())

carl_util/db/db.php

@@ -19,6 +19,7 @@
 	include_once( CARL_UTIL_INC . 'error_handler/error_handler.php' );
 	include_once( 'connectDB.php' );
 	include_once( 'db_query.php' );
+	include_once( 'sql_string_escape.php' );
 
 }
 ?>

carl_util/db/db_query.php

@@ -20,6 +20,9 @@
  *	- query tracking
  *	- query reporting
  *
+ *	Query tracking is memory expensive (4-5K per call), so if you want to use it, you need
+ *	to set $GLOBALS['_db_query_enable_tracking'] to true in your script.
+ *
  *	@param	$query	the query to run
  *	@param	$error_message	the custom error message
  *	@param	$die_on_error	boolean variable that determines whether to die on an error
@@ -29,9 +32,7 @@
 function db_query( $query, $error_message = '', $die_on_error = true )
 {
 	// keep track of all queries
-	static $queries;
-	static $distinct_queries;
-	static $distinct_errors;
+	static $queries = array();
 	static $first_run = true;
 
 	if ($first_run)
@@ -43,23 +44,11 @@ function db_query( $query, $error_message = '', $die_on_error = true )
 		$first_run = false;
 	}
 
-	if( !isset( $queries ) OR empty( $queries ) )
-		$queries = array();
-	if( !isset( $distinct_errors ) OR empty( $distinct_errors ) )
-		$distinct_errors = array();
-	if( !isset( $distinct_queries ) OR empty( $distinct_queries ) )
-		$distinct_queries = array();
-
-	$queries[] = array('q' => $query, 'error' => $error_message );
-
-	if( !isset( $distinct_queries[ $query ] ) )
-		$distinct_queries[ $query ] = 0;
-	$distinct_queries[ $query ]++;
-
-	if( !isset( $distinct_errors[ $error_message ] ) )
-		$distinct_errors[ $error_message ] = 0;
-	$distinct_errors[ $error_message ]++;
-
+	if (!empty($GLOBALS['_db_query_enable_tracking']))
+	{
+		$queries[] = array('q' => $query, 'error' => $error_message );
+	}
+
 	switch( $query )
 	{
 		// profiling and reporting cases
@@ -70,10 +59,26 @@ function db_query( $query, $error_message = '', $die_on_error = true )
 			return $queries;
 			break;
 		case 'REPORT DISTINCT QUERIES':
+			$distinct_queries = array();
+			foreach ($queries as $query)
+			{
+				if (isset($distinct_queries[$query['q']]))
+					$distinct_queries[$query['q']]++;
+				else
+					$distinct_queries[$query['q']] = 0;
+			}
 			arsort( $distinct_queries );
 			pray( $distinct_queries );
 			break;
 		case 'REPORT DISTINCT ERRORS':
+			$distinct_errors = array();
+			foreach ($queries as $query)
+			{
+				if (isset($distinct_errors[$query['error']]))
+					$distinct_errors[$query['error']]++;
+				else
+					$distinct_errors[$query['error']] = 0;
+			}
 			arsort( $distinct_errors );
 			pray( $distinct_errors );
 			break;

carl_util/db/sql_string_escape.php

@@ -0,0 +1,23 @@
+<?php
+/**
+ * @package carl_util
+ * @subpackage db
+ */
+
+/**
+ * Escape a string for use in a SQL statement
+ *
+ * Internally uses mysql_real_escape_string(), so a DB connection should be established to ensure
+ * proper encoding before calling this function.
+ *
+ * @param string $str
+ * @param resource $link_identifier
+ * @return string
+ */
+function carl_util_sql_string_escape($str, $link_identifier = NULL)
+{
+	if(NULL === $link_identifier)
+		return mysql_real_escape_string($str);
+	return mysql_real_escape_string($str, $link_identifier);
+
+}

carl_util/db/sqler.php

@@ -15,15 +15,15 @@
   */
 include_once('paths.php');
 include_once(CARL_UTIL_INC.'error_handler/error_handler.php');
-
+include_once( CARL_UTIL_INC . 'db/db.php' );
 /*
  * The SQLer
  *
  * A wrapper for quick and easy SQL INSERTs, UPDATEs, and DELETEs.
  * The general data format is an associative array.  It takes care of the rest.
  * 
  * A singleton instance of SQLER is stored in $GLOBALS['sqler'] to reduce the need to constantly reinstantiate this class
- *
+ * 
  * @todo unify with db_query class so we aren't using mysql_query directly there and there.
  *
  * @author dave hendler
@@ -53,8 +53,13 @@ function insert( $table, $data, $die_on_error = true ) // {{{
 			reset( $data );
 			foreach($data as $key => $val )
 			{
+				if (is_array($val))
+				{
+					trigger_error('Array value passed for key "'.$key.'" in SQLER insert.');
+					continue;
+				}
 				$fields .= '`'.$key.'`,';
-				$values .= ($val !== NULL) ? '"'.addslashes( $val ).'",' : 'NULL,';
+				$values .= ($val !== NULL) ? '"'.carl_util_sql_string_escape( $val ).'",' : 'NULL,';
 			}
 			$fields = substr( $fields, 0, -1 );
 			$values = substr( $values, 0, -1 );
@@ -95,7 +100,7 @@ function update_one( $table, $data, $id, $primary_key = 'id' ) // {{{
 			foreach($data as $key => $val )
 			{
 				$set_these .= '`'.$key.'` = ';
-				$set_these .= ($val !== NULL) ? '"'.addslashes( $val ).'",' : 'NULL,';
+				$set_these .= ($val !== NULL) ? '"'.carl_util_sql_string_escape( $val ).'",' : 'NULL,';
 			}
 			$set_these = substr( $set_these, 0, -1 );
 
@@ -128,7 +133,7 @@ function update_one( $table, $data, $id, $primary_key = 'id' ) // {{{
 		 */
 		function delete_one( $table, $id, $primary_key = 'id' ) // {{{
 		{
-			$q = 'DELETE FROM '.$table.' WHERE '.$primary_key.' = "'.addslashes($id).'" LIMIT 1';
+			$q = 'DELETE FROM '.$table.' WHERE '.$primary_key.' = "'.carl_util_sql_string_escape($id).'" LIMIT 1';
 			if ($this->mode == 'get_query') return $q;
 			else 
 			{