diff -urN ../base-1.4.5.orig/base_db_common.php ./base_db_common.php
--- ../base-1.4.5.orig/base_db_common.php 2010-03-05 10:06:16.000000000 -0500
+++ ./base_db_common.php 2014-03-12 15:00:22.000000000 -0400
@@ -80,7 +80,7 @@
" "._ERRPHPERROR2."";
}
- if ( ($DBtype == "mysql") || ($DBtype == "mysqlt") )
+ if ( ($DBtype == "mysql") || ($DBtype == "mysqlt") || ($DBtype == "mysqli"))
{
if ( !(function_exists("mysql_connect")) )
{
diff -urN ../base-1.4.5.orig/base_graph_display.php ./base_graph_display.php
--- ../base-1.4.5.orig/base_graph_display.php 2010-03-05 10:06:17.000000000 -0500
+++ ./base_graph_display.php 2014-03-12 14:59:57.000000000 -0400
@@ -114,7 +114,7 @@
else
{
// Create the graph area, legends on bottom -- Alejandro
- $Graph =& new Image_Graph(array('driver'=>'gd',
+ $Graph = new Image_Graph(array('driver'=>'gd',
'width'=>$width,
'height'=>$height));
}
@@ -320,27 +320,27 @@
// special case '"I0" => "private network (rfc 1918)"' and
// '"** (private network) " => "private network (rfc 1918)"'
- if (ereg("rfc 1918", $tmp, $substring) || (ereg("[*][*] \(private network\) ", $tmp_lower, $substring)))
+ if (preg_match("/rfc 1918/", $tmp, $substring) || (preg_match("/[*][*] \(private network\) /", $tmp_lower, $substring)))
{
$Dataset->addPoint("private network (rfc 1918)", $xdata[$i][1]);
}
// special case '?? (Not Found) ' => 'unknown'
- elseif(ereg("[?][?][ \t]+\(Not Found\)[ \t]*", $tmp, $substring))
+ elseif(preg_match("/[?][?][ \t]+\(Not Found\)[ \t]*/", $tmp, $substring))
{
$Dataset->addPoint("unknown", $xdata[$i][1]);
}
// anything inside parentheses, following a 2-letter TLD:
- elseif (ereg("^[-a-zA-Z0-9]{2}[ \t]\((.+)\)[ \t]*$", $tmp, $substring))
+ elseif (preg_match("/^[-a-zA-Z0-9]{2}[ \t]\((.+)\)[ \t]*$/", $tmp, $substring))
{
$Dataset->addPoint($substring[1], $xdata[$i][1]);
}
// anything after two-letter top level domain names and after one space or tab:
- elseif (ereg("[ \t]*[-a-zA-Z0-9]{2}[ \t]([-a-zA-Z0-9]+[-a-zA-Z0-9 ]*)", $tmp, $substring))
+ elseif (preg_match("/[ \t]*[-a-zA-Z0-9]{2}[ \t]([-a-zA-Z0-9]+[-a-zA-Z0-9 ]*)/", $tmp, $substring))
{
$Dataset->addPoint($substring[1], $xdata[$i][1]);
}
// two-letter top level domain names right at the beginning:
- elseif (ereg("[ \t]*([-a-zA-Z0-9]{2})[ \t]", $tmp_lower, $substring))
+ elseif (preg_match("/[ \t]*([-a-zA-Z0-9]{2})[ \t]/", $tmp_lower, $substring))
{
$Dataset->addPoint($substring[1], $xdata[$i][1]);
}
diff -urN ../base-1.4.5.orig/base_qry_common.php ./base_qry_common.php
--- ../base-1.4.5.orig/base_qry_common.php 2010-03-05 10:06:17.000000000 -0500
+++ ./base_qry_common.php 2014-03-12 14:59:53.000000000 -0400
@@ -773,10 +773,10 @@
}
}
/* if have chosen the address type to be both source and destination */
- if ( ereg("ip_both", $tmp) )
+ if ( preg_match("/ip_both/", $tmp) )
{
- $tmp_src = ereg_replace("ip_both","ip_src",$tmp);
- $tmp_dst = ereg_replace("ip_both","ip_dst",$tmp);
+ $tmp_src = preg_replace("/ip_both/","ip_src",$tmp);
+ $tmp_dst = preg_replace("/ip_both/","ip_dst",$tmp);
if ( $ip_addr[$i][2] == '=' )
$tmp = "(".$tmp_src.') OR ('.$tmp_dst.')';
diff -urN ../base-1.4.5.orig/base_qry_sqlcalls.php ./base_qry_sqlcalls.php
--- ../base-1.4.5.orig/base_qry_sqlcalls.php 2010-03-05 10:06:17.000000000 -0500
+++ ./base_qry_sqlcalls.php 2014-03-12 14:59:53.000000000 -0400
@@ -259,9 +259,9 @@
$line = split (" ", $current_sig_txt);
foreach ($line as $ps_element)
{
- if ( ereg("[0-9]*\.[0-9]*\.[0-9]*\.[0-9]", $ps_element) )
+ if ( preg_match("/[0-9]*\.[0-9]*\.[0-9]*\.[0-9]/", $ps_element) )
{
- $ps_element = ereg_replace (":", "", $ps_element);
+ $ps_element = preg_replace ("/:/", "", $ps_element);
qroPrintEntry("".
$ps_element."");
}
diff -urN ../base-1.4.5.orig/base_stat_common.php ./base_stat_common.php
--- ../base-1.4.5.orig/base_stat_common.php 2010-03-05 10:06:17.000000000 -0500
+++ ./base_stat_common.php 2014-03-12 15:00:16.000000000 -0400
@@ -312,7 +312,7 @@
if (!stristr($where, "WHERE") && $where != "")
$where = " WHERE $where ";
- if ( $db->DB_type == "mysql" )
+ if ( $db->DB_type == "mysql" || $db->DB_type == "mysqli" )
{
if ( $join == "" && $where == "")
$result = $db->baseExecute("SELECT COUNT(DISTINCT acid_event.ip_src, acid_event.ip_dst, acid_event.ip_proto) FROM acid_event");
diff -urN ../base-1.4.5.orig/base_stat_ipaddr.php ./base_stat_ipaddr.php
--- ../base-1.4.5.orig/base_stat_ipaddr.php 2010-03-05 10:06:17.000000000 -0500
+++ ./base_stat_ipaddr.php 2014-03-12 14:59:53.000000000 -0400
@@ -135,7 +135,7 @@
print "
\n";
*/
- if(ereg($ip, $contents)) {
+ if(preg_match("/$ip/", $contents)) {
$total++;
if( $total % 2 == 0 ) {
$color="DDDDDD";
@@ -143,7 +143,7 @@
$color="FFFFFF";
}
- $contents = ereg_replace(" ", " ", $contents);
+ $contents = preg_replace("/ /", " ", $contents);
$elements = explode(" ", $contents);
echo '| '.
@@ -183,7 +183,7 @@
print " | ";
/*
- ereg("([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*):([0-9]*)",$elements[3],$store);
+ preg_match("/([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*):([0-9]*)/",$elements[3],$store);
$source_ip = $store[1];
$source_port = $store[2];
if (empty($source_ip))
@@ -197,7 +197,7 @@
echo '' . $source_ip . ' | ';
echo '' . $source_port . ' | ';
- ereg("([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*):([0-9]*)",$elements[5],$store);
+ preg_match("/([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*):([0-9]*)/",$elements[5],$store);
$destination_ip = $store[1];
$destination_port = $store[2];
if (empty($destination_ip))
diff -urN ../base-1.4.5.orig/includes/base_db.inc.php ./includes/base_db.inc.php
--- ../base-1.4.5.orig/includes/base_db.inc.php 2010-03-05 10:06:18.000000000 -0500
+++ ./includes/base_db.inc.php 2014-03-12 15:00:09.000000000 -0400
@@ -77,7 +77,16 @@
{
GLOBAL $sql_trace_mode, $sql_trace_file;
- $this->DB = NewADOConnection();
+ // If they have mysqli, use it. Otherwise, fall back to the older "mysql" extension.
+ if ($this->DB_type == 'mysql') {
+ if (extension_loaded('mysqli')) {
+ $this->DB_type = 'mysqli';
+ } else {
+ $this->DB_type = 'mysql';
+ }
+ }
+
+ $this->DB = NewADOConnection($this->DB_type);
$this->DB_name = $database;
$this->DB_host = $host;
$this->DB_port = $port;
@@ -108,7 +117,7 @@
/* Set the database schema version number */
$sql = "SELECT vseq FROM schema";
- if ($this->DB_type == "mysql") $sql = "SELECT vseq FROM `schema`";
+ if ($this->DB_type == "mysql" || $this->DB_type == "mysqli") $sql = "SELECT vseq FROM `schema`";
if ($this->DB_type == "mssql") $sql = "SELECT vseq FROM [schema]";
$result = $this->DB->Execute($sql);
@@ -138,8 +147,17 @@
function basePConnect($database, $host, $port, $username, $password)
{
GLOBAL $sql_trace_mode, $sql_trace_file;
+
+ // If they have mysqli, use it. Otherwise, fall back to the older "mysql" extension.
+ if ($this->DB_type == 'mysql') {
+ if (extension_loaded('mysqli')) {
+ $this->DB_type = 'mysqli';
+ } else {
+ $this->DB_type = 'mysql';
+ }
+ }
- $this->DB = NewADOConnection();
+ $this->DB = NewADOConnection($this->DB_type);
$this->DB_name = $database;
$this->DB_host = $host;
$this->DB_port = $port;
@@ -171,7 +189,7 @@
/* Set the database schema version number */
$sql = "SELECT vseq FROM schema";
if ($this->DB_type == "mssql") $sql = "SELECT vseq FROM [schema]";
- if ($this->DB_type == "mysql") $sql = "SELECT vseq FROM `schema`";
+ if ($this->DB_type == "mysql" || $this->DB_type == "mysqli") $sql = "SELECT vseq FROM `schema`";
$result = $this->DB->Execute($sql);
if ( $this->baseErrorMessage() != "" )
@@ -209,7 +227,7 @@
/* ** Begin DB specific SQL fix-up ** */
if ($this->DB_type == "mssql")
{
- $sql = eregi_replace("''", "NULL", $sql);
+ $sql = preg_replace("/''/i", "NULL", $sql);
}
if ($this->DB_type == "oci8")
@@ -231,7 +249,7 @@
$rs = new baseRS($this->DB->Execute($sql), $this->DB_type);
else
{
- if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") ||
+ if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "mysqli") ||
($this->DB_type == "maxsql") )
{
$rs = new baseRS($this->DB->Execute($sql." LIMIT ".$start_row.", ".$num_rows),
@@ -321,7 +339,7 @@
* the current point, so it can't be here and needs to be in the actual script after calling this function
* -- srh (02/01/2001)
*/
- if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") ||
+ if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "mysqli") ||
($this->DB_type == "maxsql") || ($this->DB_type == "mssql"))
return $this->DB->Insert_ID();
else if ($this->DB_type == "postgres" ||($this->DB_type == "oci8"))
@@ -336,7 +354,7 @@
function baseSQL_YEAR($func_param, $op, $timestamp)
{
- if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") ||
+ if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "mysqli") ||
($this->DB_type == "maxsql") || ($this->DB_type == "mssql") )
return " YEAR($func_param) $op $timestamp ";
else if( $this->DB_type == "oci8" )
@@ -347,7 +365,7 @@
function baseSQL_MONTH($func_param, $op, $timestamp)
{
- if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") ||
+ if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "mysqli") ||
($this->DB_type == "maxsql") || ($this->DB_type == "mssql") )
return " MONTH($func_param) $op $timestamp ";
else if( $this->DB_type == "oci8" )
@@ -358,7 +376,7 @@
function baseSQL_DAY($func_param, $op, $timestamp)
{
- if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "maxsql") )
+ if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "mysqli") || ($this->DB_type == "maxsql") )
return " DAYOFMONTH($func_param) $op $timestamp ";
else if($this->DB_type == "oci8")
return " to_number( to_char( $func_param, 'DD' ) ) $op $timestamp ";
@@ -370,7 +388,7 @@
function baseSQL_HOUR($func_param, $op, $timestamp)
{
- if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "maxsql") )
+ if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "mysqli") || ($this->DB_type == "maxsql") )
return " HOUR($func_param) $op $timestamp ";
else if($this->DB_type == "oci8")
return " to_number( to_char( $func_param, 'HH' ) ) $op $timestamp ";
@@ -382,7 +400,7 @@
function baseSQL_MINUTE($func_param, $op, $timestamp)
{
- if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "maxsql") )
+ if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "mysqli") || ($this->DB_type == "maxsql") )
return " MINUTE($func_param) $op $timestamp ";
else if($this->DB_type == "oci8")
return " to_number( to_char( $func_param, 'MI' ) ) $op $timestamp ";
@@ -394,7 +412,7 @@
function baseSQL_SECOND($func_param, $op, $timestamp)
{
- if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "maxsql") )
+ if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "mysqli") || ($this->DB_type == "maxsql") )
return " SECOND($func_param) $op $timestamp ";
else if($this->DB_type == "oci8")
return " to_number( to_char( $func_param, 'SS' ) ) $op $timestamp ";
@@ -406,7 +424,7 @@
function baseSQL_UNIXTIME($func_param, $op, $timestamp)
{
- if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "maxsql") )
+ if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "mysqli") || ($this->DB_type == "maxsql") )
{
return " UNIX_TIMESTAMP($func_param) $op $timestamp ";
}
@@ -432,7 +450,7 @@
function baseSQL_TIMESEC($func_param, $op, $timestamp)
{
- if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "maxsql") )
+ if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "mysqli") || ($this->DB_type == "maxsql") )
return " TIME_TO_SEC($func_param) $op $timestamp ";
else if($this->DB_type == "oci8")
return " to_number( $func_param ) $op $timestamp ";
@@ -549,7 +567,7 @@
// Is This if statement necessary? -- Kevin
/* MS SQL Server 7, MySQL, Sybase, and Postgres natively support this function */
- if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "maxsql") ||
+ if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "mysqli") || ($this->DB_type == "maxsql") ||
($this->DB_type == "mssql") || ($this->DB_type == "sybase") || ($this->DB_type == "postgres") || ($this->DB_type == "oci8"))
return $this->row->RecordCount();
@@ -623,6 +641,7 @@
if ( !(
($type == "mysql") ||
($type == "mysqlt") ||
+ ($type == "mysqli") ||
($type == "maxsql") ||
($type == "postgres") ||
($type == "mssql") ||
diff -urN ../base-1.4.5.orig/includes/base_net.inc.php ./includes/base_net.inc.php
--- ../base-1.4.5.orig/includes/base_net.inc.php 2010-03-05 10:06:18.000000000 -0500
+++ ./includes/base_net.inc.php 2014-03-12 14:59:53.000000000 -0400
@@ -391,7 +391,7 @@
$line = explode(" ", $response_l[$i]);
for ($j=0; $j < sizeof($line); $j++ )
{
- if ( eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $line[$j]) )
+ if ( preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $line[$j]) )
{
if ( $email == "" )
$email = $line[$j];
diff -urN ../base-1.4.5.orig/includes/base_signature.inc.php ./includes/base_signature.inc.php
--- ../base-1.4.5.orig/includes/base_signature.inc.php 2010-03-05 10:06:18.000000000 -0500
+++ ./includes/base_signature.inc.php 2014-03-12 14:59:53.000000000 -0400
@@ -139,7 +139,7 @@
{
if ($tmp_ref_system_name == "snort")
{
- if (ereg("([0-9]+):([0-9]+)", $ref_tag, $backref))
+ if (preg_match("/([0-9]+):([0-9]+)/", $ref_tag, $backref))
{
if ($backref[1] == "1")
{
diff -urN ../base-1.4.5.orig/includes/base_state_citems.inc.php ./includes/base_state_citems.inc.php
--- ../base-1.4.5.orig/includes/base_state_citems.inc.php 2010-03-05 10:06:18.000000000 -0500
+++ ./includes/base_state_citems.inc.php 2014-03-12 14:59:53.000000000 -0400
@@ -963,7 +963,7 @@
for ( $i = 0; $i < $this->criteria_cnt; $i++ )
{
if ( (isset ($this->criteria[$i][3])) &&
- (ereg("([0-9]*)\.([0-9]*)\.([0-9]*)\.([0-9]*)", $this->criteria[$i][3])) )
+ (preg_match("/([0-9]*)\.([0-9]*)\.([0-9]*)\.([0-9]*)/", $this->criteria[$i][3])) )
{
$tmp_ip_str = $this->criteria[$i][7] = $this->criteria[$i][3];
$this->criteria[$i][3] = strtok($tmp_ip_str, ".");
diff -urN ../base-1.4.5.orig/includes/base_state_common.inc.php ./includes/base_state_common.inc.php
--- ../base-1.4.5.orig/includes/base_state_common.inc.php 2010-03-05 10:06:18.000000000 -0500
+++ ./includes/base_state_common.inc.php 2014-03-12 14:59:53.000000000 -0400
@@ -181,7 +181,7 @@
if ( ($valid_data & VAR_SCORE) > 0 )
$regex_mask = $regex_mask . "\-";
- return ereg_replace("[^".$regex_mask."]", "", $item);
+ return preg_replace("/[^".$regex_mask."]/", "", $item);
}
/* ***********************************************************************
diff -urN ../base-1.4.5.orig/includes/base_state_criteria.inc.php ./includes/base_state_criteria.inc.php
--- ../base-1.4.5.orig/includes/base_state_criteria.inc.php 2010-03-05 10:06:18.000000000 -0500
+++ ./includes/base_state_criteria.inc.php 2014-03-12 14:59:53.000000000 -0400
@@ -252,7 +252,7 @@
if ( isset($_POST['current_view']) ) $query_string .= "¤t_view=".$_POST['current_view'];
if ( isset($_POST['submit']) ) $query_string .= "&submit=".$_POST['submit'];
- $query_string = ereg_replace("back=1&", "", CleanVariable($query_string, VAR_PERIOD | VAR_DIGIT | VAR_PUNC | VAR_LETTER));
+ $query_string = preg_replace("/back=1&/", "", CleanVariable($query_string, VAR_PERIOD | VAR_DIGIT | VAR_PUNC | VAR_LETTER));
++$_SESSION['back_list_cnt'];
$_SESSION['back_list'][$_SESSION['back_list_cnt']] =
diff -urN ../base-1.4.5.orig/setup/setup2.php ./setup/setup2.php
--- ../base-1.4.5.orig/setup/setup2.php 2010-03-05 10:06:18.000000000 -0500
+++ ./setup/setup2.php 2014-03-12 15:00:05.000000000 -0400
@@ -68,6 +68,15 @@
$arcdbpasswd = ImportHTTPVar("arcdbpasswd");
$arcdbname = ImportHTTPVar("arcdbname", VAR_ALPHA | VAR_SCORE | VAR_USCORE);
+ // If they have mysqli, use it. Otherwise, fall back to the older "mysql" extension.
+ if ($dbtype == 'mysql') {
+ if (extension_loaded('mysqli')) {
+ $dbtype = 'mysqli';
+ } else {
+ $dbtype = 'mysql';
+ }
+ }
+
$db = NewADOConnection($dbtype);
$dbconnect = $db->Connect( ( ( $dbport == "") ? $dbhost : ($dbhost.":".$dbport) ),
$dbusername, $dbpasswd, $dbname);
diff -urN ../base-1.4.5.orig/setup/setup_db.inc.php ./setup/setup_db.inc.php
--- ../base-1.4.5.orig/setup/setup_db.inc.php 2010-03-05 10:06:18.000000000 -0500
+++ ./setup/setup_db.inc.php 2014-03-12 15:00:01.000000000 -0400
@@ -45,7 +45,7 @@
}
if ( !$tblBaseAG_present ) {
- if ( $db->DB_type == "mysql" ) {
+ if ( $db->DB_type == "mysql" || $db->DB_type == "mysqli") {
$sql = 'CREATE TABLE acid_ag ( ag_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
ag_name VARCHAR(40),
ag_desc TEXT,
@@ -114,7 +114,7 @@
}
if ( !$tblBaseAGAlert_present ) {
- if ( $db->DB_type == "mysql" ) {
+ if ( $db->DB_type == "mysql" || $db->DB_type == "mysqli") {
$sql = 'CREATE TABLE acid_ag_alert( ag_id INT UNSIGNED NOT NULL,
ag_sid INT UNSIGNED NOT NULL,
ag_cid INT UNSIGNED NOT NULL,
@@ -151,7 +151,7 @@
}
if ( !$tblBaseIPCache_present ) {
- if ( $db->DB_type == "mysql" ) {
+ if ( $db->DB_type == "mysql" || $db->DB_type == "mysqli") {
$sql = 'CREATE TABLE acid_ip_cache( ipc_ip INT UNSIGNED NOT NULL,
ipc_fqdn VARCHAR(50),
ipc_dns_timestamp DATETIME,
@@ -193,7 +193,7 @@
}
if ( !$tblBaseEvent_present ) {
- if ( $db->DB_type == "mysql" ) {
+ if ( $db->DB_type == "mysql" || $db->DB_type == "mysqli") {
if ( $db->baseGetDBversion() < 100 )
$sig_ddl = "signature VARCHAR(255) NOT NULL,";
else
@@ -319,7 +319,7 @@
/* Added for base_roles and base_users -- Kevin */
if ( !$tblBaseRoles_present ) {
- if ( $db->DB_type == "mysql" ) {
+ if ( $db->DB_type == "mysql" || $db->DB_type == "mysqli") {
$sql = 'CREATE TABLE base_roles ( role_id int(11) NOT NULL,
role_name varchar(20) NOT NULL,
role_desc varchar(75) NOT NULL,
@@ -385,7 +385,7 @@
}
if ( !$tblBaseUsers_present ) {
- if ( $db->DB_type == "mysql" ) {
+ if ( $db->DB_type == "mysql" || $db->DB_type == "mysqli") {
$sql = 'CREATE TABLE base_users ( usr_id int(11) NOT NULL,
usr_login varchar(25) NOT NULL,
usr_pwd varchar(32) NOT NULL,