JEMBOT MAWOT Bypass Shell
<?php
/**
* Copyright since 2007 PrestaShop SA and Contributors
* PrestaShop is an International Registered Trademark & Property of PrestaShop SA
*
* NOTICE OF LICENSE
*
* This source file is subject to the Open Software License (OSL 3.0)
* that is bundled with this package in the file LICENSE.md.
* It is also available through the world-wide-web at this URL:
* https://opensource.org/licenses/OSL-3.0
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@prestashop.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade PrestaShop to newer
* versions in the future. If you wish to customize PrestaShop for your
* needs please refer to https://devdocs.prestashop.com/ for more information.
*
* @author PrestaShop SA and Contributors <contact@prestashop.com>
* @copyright Since 2007 PrestaShop SA and Contributors
* @license https://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
*/
/**
* Class DbPDOCore.
*
* @since 1.5.0.1
*/
class DbPDOCore extends Db
{
/** @var PDO */
protected $link;
/** @var PDOStatement */
protected $result;
/**
* Returns a new PDO object (database link).
*
* @param string $host
* @param string $user
* @param string $password
* @param string $dbname
* @param int $timeout
*
* @return PDO
*/
protected static function getPDO($host, $user, $password, $dbname, $timeout = 5)
{
$dsn = 'mysql:';
if ($dbname) {
$dsn .= 'dbname=' . $dbname . ';';
}
if (preg_match('/^(.*):([0-9]+)$/', $host, $matches)) {
$dsn .= 'host=' . $matches[1] . ';port=' . $matches[2];
} elseif (preg_match('#^.*:(/.*)$#', $host, $matches)) {
$dsn .= 'unix_socket=' . $matches[1];
} else {
$dsn .= 'host=' . $host;
}
$dsn .= ';charset=utf8mb4';
return new PDO(
$dsn,
$user,
$password,
[
PDO::ATTR_TIMEOUT => $timeout,
PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true,
PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8mb4',
PDO::MYSQL_ATTR_MULTI_STATEMENTS => _PS_ALLOW_MULTI_STATEMENTS_QUERIES_,
]
);
}
/**
* Tries to connect and create a new database.
*
* @param string $host
* @param string $user
* @param string $password
* @param string $dbname
* @param bool $dropit if true, drops the created database
*
* @return bool|int
*/
public static function createDatabase($host, $user, $password, $dbname, $dropit = false)
{
try {
$link = DbPDO::getPDO($host, $user, $password, '');
$success = $link->exec('CREATE DATABASE `' . str_replace('`', '\\`', $dbname) . '`');
if ($dropit && ($link->exec('DROP DATABASE `' . str_replace('`', '\\`', $dbname) . '`') !== false)) {
return true;
}
} catch (PDOException $e) {
return false;
}
return $success;
}
/**
* Tries to connect to the database.
*
* @see DbCore::connect()
*
* @return PDO
*
* @throws PrestaShopException
*/
public function connect()
{
try {
$this->link = $this->getPDO($this->server, $this->user, $this->password, $this->database, 5);
} catch (PDOException $e) {
throw new PrestaShopException('Link to database cannot be established: ' . $e->getMessage());
}
$this->link->exec('SET SESSION sql_mode = \'\'');
return $this->link;
}
/**
* Destroys the database connection link.
*
* @see DbCore::disconnect()
*/
public function disconnect()
{
unset($this->link);
}
/**
* Executes an SQL statement, returning a result set as a PDOStatement object or true/false.
*
* @see DbCore::_query()
*
* @param string $sql
*
* @return PDOStatement
*/
protected function _query($sql)
{
try {
return $this->link->query($sql);
} catch (\PDOException $exception) {
throw new PrestaShopException($exception->getMessage(), (int) $exception->getCode(), $exception);
}
}
/**
* Returns the next row from the result set.
*
* @see DbCore::nextRow()
*
* @param bool $result
*
* @return array|false|null
*/
public function nextRow($result = false)
{
if (!$result) {
$result = $this->result;
}
if (!is_object($result)) {
return false;
}
return $result->fetch(PDO::FETCH_ASSOC);
}
/**
* Returns all rows from the result set.
*
* @see DbCore::getAll()
*
* @param bool $result
*
* @return array|false|null
*/
protected function getAll($result = false)
{
if (!$result) {
$result = $this->result;
}
if (!is_object($result)) {
return false;
}
return $result->fetchAll(PDO::FETCH_ASSOC);
}
/**
* Returns row count from the result set.
*
* @see DbCore::_numRows()
*
* @param PDOStatement $result
*
* @return int
*/
protected function _numRows($result)
{
return $result->rowCount();
}
/**
* Returns ID of the last inserted row.
*
* @see DbCore::Insert_ID()
*
* @return string|int
*/
public function Insert_ID()
{
return $this->link->lastInsertId();
}
/**
* Return the number of rows affected by the last SQL query.
*
* @see DbCore::Affected_Rows()
*
* @return int
*/
public function Affected_Rows()
{
return $this->result->rowCount();
}
/**
* Returns error message.
*
* @see DbCore::getMsgError()
*
* @param bool $query
*
* @return string
*/
public function getMsgError($query = false)
{
$error = $this->link->errorInfo();
return ($error[0] == '00000') ? '' : $error[2];
}
/**
* Returns error code.
*
* @see DbCore::getNumberError()
*
* @return int
*/
public function getNumberError()
{
$error = $this->link->errorInfo();
return isset($error[1]) ? $error[1] : 0;
}
/**
* Returns database server version.
*
* @see DbCore::getVersion()
*
* @return string
*/
public function getVersion()
{
return $this->getValue('SELECT VERSION()');
}
/**
* Escapes illegal characters in a string.
*
* @see DbCore::_escape()
*
* @param string|null $str
*
* @return string
*/
public function _escape($str)
{
if (null === $str) {
return '';
}
$search = ['\\', "\0", "\n", "\r", "\x1a", "'", '"'];
$replace = ['\\\\', '\\0', '\\n', '\\r', "\Z", "\'", '\"'];
return str_replace($search, $replace, $str);
}
/**
* Switches to a different database.
*
* @see DbCore::set_db()
*
* @param string $db_name
*
* @return int
*/
public function set_db($db_name)
{
return $this->link->exec('USE ' . pSQL($db_name));
}
/**
* Try a connection to the database and check if at least one table with same prefix exists.
*
* @see Db::hasTableWithSamePrefix()
*
* @param string $server Server address
* @param string $user Login for database connection
* @param string $pwd Password for database connection
* @param string $db Database name
* @param string $prefix Tables prefix
*
* @return bool
*/
public static function hasTableWithSamePrefix($server, $user, $pwd, $db, $prefix)
{
try {
$link = DbPDO::getPDO($server, $user, $pwd, $db, 5);
} catch (PDOException $e) {
return false;
}
$sql = 'SHOW TABLES LIKE \'' . $prefix . '%\'';
$result = $link->query($sql);
return (bool) $result->fetch();
}
/**
* Tries to connect to the database and create a table (checking creation privileges).
*
* @param string $server
* @param string $user
* @param string $pwd
* @param string $db
* @param string $prefix
* @param string|null $engine Table engine
*
* @return bool|string True, false or error
*/
public static function checkCreatePrivilege($server, $user, $pwd, $db, $prefix, $engine = null)
{
try {
$link = DbPDO::getPDO($server, $user, $pwd, $db, 5);
} catch (PDOException $e) {
return false;
}
$enginesToTest = ['InnoDB', 'MyISAM'];
if ($engine !== null) {
$enginesToTest = [$engine];
}
foreach ($enginesToTest as $engineToTest) {
$result = $link->query('
CREATE TABLE `' . $prefix . 'test` (
`test` tinyint(1) unsigned NOT NULL
) ENGINE=' . $engineToTest);
if ($result) {
$link->query('DROP TABLE `' . $prefix . 'test`');
return true;
}
}
$error = $link->errorInfo();
return $error[2];
}
/**
* Tries to connect to the database and select content (checking select privileges).
*
* @param string $server
* @param string $user
* @param string $pwd
* @param string $db
* @param string $prefix
* @param string|null $engine Table engine
*
* @return bool|string True, false or error
*/
public static function checkSelectPrivilege($server, $user, $pwd, $db, $prefix, $engine = null)
{
try {
$link = DbPDO::getPDO($server, $user, $pwd, $db, 5);
} catch (PDOException $e) {
return false;
}
$enginesToTest = ['InnoDB', 'MyISAM'];
if ($engine !== null) {
$enginesToTest = [$engine];
}
foreach ($enginesToTest as $engineToTest) {
$link->query('CREATE TABLE `' . $prefix . 'test` (
`test` tinyint(1) unsigned NOT NULL
) ENGINE=' . $engineToTest);
$result = $link->query('SELECT * FROM `' . $prefix . 'test`');
$link->query('DROP TABLE `' . $prefix . 'test`');
if ($result) {
return true;
}
}
$error = $link->errorInfo();
return $error[2];
}
/**
* Try a connection to the database.
*
* @see Db::checkConnection()
*
* @param string $server Server address
* @param string $user Login for database connection
* @param string $pwd Password for database connection
* @param string $db Database name
* @param bool $new_db_link
* @param string|bool $engine
* @param int $timeout
*
* @return int Error code or 0 if connection was successful
*/
public static function tryToConnect($server, $user, $pwd, $db, $new_db_link = true, $engine = null, $timeout = 5)
{
try {
$link = DbPDO::getPDO($server, $user, $pwd, $db, $timeout);
} catch (PDOException $e) {
// hhvm wrongly reports error status 42000 when the database does not exist - might change in the future
return ($e->getCode() == 1049 || (defined('HHVM_VERSION') && $e->getCode() == 42000)) ? 2 : 1;
}
unset($link);
return 0;
}
/**
* Selects best table engine.
*
* @return string
*/
public function getBestEngine()
{
$value = 'InnoDB';
$sql = 'SHOW VARIABLES WHERE Variable_name = \'have_innodb\'';
$result = $this->link->query($sql);
if (!$result) {
$value = 'MyISAM';
} else {
$row = $result->fetch();
if (!$row || strtolower($row['Value']) != 'yes') {
$value = 'MyISAM';
}
}
/* MySQL >= 5.6 */
$sql = 'SHOW ENGINES';
$result = $this->link->query($sql);
while ($row = $result->fetch()) {
if ($row['Engine'] == 'InnoDB') {
if (in_array($row['Support'], ['DEFAULT', 'YES'])) {
$value = 'InnoDB';
}
break;
}
}
return $value;
}
/**
* Try a connection to the database and set names to UTF-8.
*
* @see Db::checkEncoding()
*
* @param string $server Server address
* @param string $user Login for database connection
* @param string $pwd Password for database connection
*
* @return bool
*/
public static function tryUTF8($server, $user, $pwd)
{
try {
$link = DbPDO::getPDO($server, $user, $pwd, '', 5);
} catch (PDOException $e) {
return false;
}
$result = $link->exec('SET NAMES utf8mb4');
unset($link);
return ($result === false) ? false : true;
}
}
xxxxx1.0, XXX xxxx