User:Jana Kamachi/WebDB
< User:Jana Kamachi
Jump to navigation
Jump to search
Revision as of 02:41, 5 January 2008 by Jana Kamachi (talk | contribs) (New page: {{Jana}} This first part is a PHP script. It requires a webserver with PHP 4+ & MYSQL. '''TODO''' - Add SQLLite for flat filesystem storage where a database is not available. - MSSQL - ...)
If you like this script, or any script I've released, please post on my Talk page, or I'll most likely never see it o: If you want to improve a script, just go for it!
This first part is a PHP script. It requires a webserver with PHP 4+ & MYSQL. TODO
- Add SQLLite for flat filesystem storage where a database is not available. - MSSQL - Finish commands: - - list - - mkdir - - rmdir - - temp - - commit - Make it secure against SQL injections & Junk
<?php ///////////////////////////////////// //Examples: // core.php?mode=list&path=_info <---------Shows System Files. // core.php?mode=list&path=_info&pass=rofl <---------Shows Admin Level System Files $settings["db"]["host"] = "localhost"; $settings["db"]["prefix"] = "public_"; $settings["db"]["database"] = "<database name>"; $settings["db"]["username"] = "<database username>"; $settings["db"]["password"] = "<database password>"; //////////////////////////////////// //Don't edit below here if you don't know what your doing!!! /////////////////////////////////// mysql_connect($settings["db"]["host"],$settings["db"]["username"],$settings["db"]["password"]) or die("Invalid Host/Username/Password"); mysql_select_db($settings["db"]["database"]) or die("Database not found."); init(); $headers = apache_request_headers(); $obj["name"] = $headers["X-SecondLife-Object-Name"]; $obj["key"] = $headers["X-SecondLife-Object-Name"]; $obj["oname"] = $headers["X-SecondLife-Owner-Name"]; $obj["okey"] = $headers["X-SecondLife-Owner-Key"]; $obj["region"] = $headers["X-SecondLife-Region"]; if(empty($obj["key"])) { //Should check IP's, but whatever. die("At the moment only in-world access is allowed. This WILL be changed soon!"); } ////////////////////////////////////// //Take all possible inputs and create a common var for all of them ///////////////////////////////////// $qry["path"] = mysql_real_escape_string(($_GET["path"] ? strtolower($_GET["path"]) : strtolower($_POST["path"]))); $qry["mode"] = mysql_real_escape_string(($_GET["mode"] ? $_GET["mode"] : $_POST["mode"])); $qry["data"] = mysql_real_escape_string(($_GET["data"] ? $_GET["data"] : $_POST["data"])); $qry["pass"] = mysql_real_escape_string(($_GET["pass"] ? $_GET["pass"] : $_POST["pass"])); $qry["rpass"] = mysql_real_escape_string(($_GET["rpass"] ? $_GET["rpass"] : $_POST["rpass"])); $qry["flags"] = mysql_real_escape_string(($_GET["flags"] ? $_GET["flags"] : $_POST["flags"])); switch(strtolower($qry["mode"])){ case "get": //<------------Gets a path's contents getPath($qry["path"],$qry["rpass"]); break; case "set": //<------------Sets a path's contents setPath($qry["path"],$qry["pass"],$qry["rpass"],$qry["data"]); break; case "list": //<------------Lists a path's contents break; case "info": //<-----------Gets info on a path getPathInfo($qry["path"],$qry["rpass"]); break; case "app": //<-----------Append to a path break; case "part": //<----------Gets only part of a path's contents break; case "delete": //<---------Delete a path deletePath($qry["path"],$qry["pass"]); break; } function getPathInfo($path,$rpass){ global $settings; if(!pathExists($path)){ die("BAD:NO PATH"); } $sql = "SELECT * FROM `" . $settings["db"]["prefix"] . "values` WHERE `path` = '$path'"; $row = mysql_fetch_array(mysql_query($sql)); if(md5($rpass) == $row["read_pwd"]){ die("OK:" . strlen($row["data"]) . ":" . $row["modified"]); }else{ die("BAD:INVALID PASSWORD"); } } function deletePath($path,$pass){ global $settings; if(!pathExists($path)){ die("BAD:NO PATH"); } $sql = "SELECT * FROM `" . $settings["db"]["prefix"] . "values` WHERE `path` = '$path'"; $row = mysql_fetch_array(mysql_query($sql)); if(md5($pass) == $row["write_pwd"]){ $sql = "DELETE FROM `" . $settings["db"]["prefix"] . "values` WHERE `path` = '$path' LIMIT 1"; mysql_query($sql); die("OK:DELETED"); }else{ die("BAD:INVALID PASSWORD"); } } function setPath($path, $pass, $rpass, $content){ global $settings; if(pathExists($path)){ $sql = "SELECT * FROM `" . $settings["db"]["prefix"] . "values` WHERE `path` = '$path'"; $row = mysql_fetch_array(mysql_query($sql)); if(md5($pass) == $row["write_pwd"]){ $sql = "UPDATE `" . $settings["db"]["prefix"] . "values` SET `data` = '$content',`modified` = NOW( ) WHERE `path` ='$path' LIMIT 1;"; mysql_query($sql); die("OK:UPDATED"); }else{ die("BAD:INVALID PASSWORD"); } }else{ $sql = "INSERT INTO `" . $settings["db"]["prefix"] . "values` (`id` , `path` , `data` , `read_pwd` , `write_pwd` ) VALUES ( NULL , '$path', '$content', MD5('$rpass'), MD5( '$pass' ) );"; mysql_query($sql); die("OK:CREATED"); } } function getPath($path,$rpass){ global $settings; if(!pathExists($path)){ die("BAD:NO PATH"); }else{ $sql = "SELECT * FROM `" . $settings["db"]["prefix"] . "values` WHERE `path` = '$path'"; $row = mysql_fetch_array(mysql_query($sql)); if(md5($rpass) == $row["read_pwd"]){ die("OK:" . $row["data"]); }else{ die("BAD:INVALID PASSWORD"); } } } function pathExists($path){ global $settings; $sql = "SELECT * FROM `" . $settings["db"]["prefix"] . "values` WHERE `path` = '" . $path . "'"; if(mysql_num_rows(mysql_query($sql))>0) return 1; } function init(){ global $settings; $sql = "CREATE TABLE IF NOT EXISTS `" . $settings["db"]["prefix"] . "values` ( `id` int(11) NOT NULL auto_increment, `path` varchar(1000) NOT NULL, `data` varchar(1000) NOT NULL, `read_pwd` varchar(1000) NOT NULL, `write_pwd` varchar(1000) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;"; mysql_query($sql); } ?>
The next part is an example LSL script calling some of the functions.
string url = "http://world.janashell.com/index.php?"; list queries; // Requests can return in different ways: // All requests that succeded, return as "OK:"<data> // - For getInfo an example response is "OK:<length of the field>:<time stamp of last modified>" // - An example getFile is "OK:" <content> // All requests that fail return as "BAD:" <reason> // - BAD PATH -> The path you requested doesn't exist. // - INVALID PASSWORD -> either the read or write password was invalid. // - SYSTEM RESERVED -> Touche pas! Me only. appnd(key req, string path, string mode){ queries = (queries = []) + queries + [req,mode,path]; } integer getPos(key req){ return llListFindList(queries,[req]); } getFile(string path, string password){ appnd(llHTTPRequest(url + "path=" + path + "&rpass=" + password + "&mode=get",[],""),"get",path); } setFile(string path, string pass, string rpass, string content){ appnd(llHTTPRequest(url + "path=" + path + "&pass=" + pass + "&rpass=" + rpass + "&mode=set&data=" + llEscapeURL(content),[],""),"set",path); } deleteFile(string path, string pass){ appnd(llHTTPRequest(url + "path=" + path + "&pass=" + pass + "&mode=delete",[],""),"delete",path); } getInfo(string path, string rpass){ appnd(llHTTPRequest(url + "path=" + path + "&rpass=" + rpass + "&mode=info",[],""),"info",path); } default { state_entry(){ setFile("_sandbox/test2","<example>","<example>","This is a systems test. Test 4."); setFile("_sandbox/test3","<example>","<example>","This is a systems test. Test 5."); getInfo("_sandbox/test3","<example>"); deleteFile("_sandbox/test3","<example>"); getFile("_sandbox/test2","<example>"); } http_response(key req, integer stat, list meta, string body){ integer pos = llListFindList(queries,[req]); llSay(0,llList2CSV([llList2String(queries,pos+1),llList2String(queries,pos+2),body])); } }