SamuraiWTF · JGillam · Aug 1, 2024 · Jul 23, 2024 · Jul 23, 2024 · Jul 23, 2024
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,5 @@
 .vagrant
 ubuntu*.log
 *.retry
-.idea
+.idea
+sqlite_data
diff --git a/.shogun/Dockerfile.dojo-basic b/.shogun/Dockerfile.dojo-basic
@@ -1,8 +1,13 @@
 # Dockerfile.dojo-basic
 FROM php:7.4.27-apache-bullseye
 
-RUN docker-php-ext-install pdo_mysql mysqli
-RUN apt-get update && apt-get install -y dnsutils
+RUN docker-php-ext-install pdo_mysql mysqli \
+    && apt-get update \
+    && apt-get install -y dnsutils
+
+# Set the environment variable for database type
+ENV DOJO_DB_TYPE=mysql
+
 COPY ./src/basic /var/www/html
 LABEL org.opencontainers.image.source=https://github.com/SamuraiWTF/samurai-dojo
 LABEL org.opencontainers.image.description="Basic PHP 7.4.27-apache-bullseye image with dojo-basic and mysql support."

diff --git a/.shogun/Dockerfile.dojo-basic-lite b/.shogun/Dockerfile.dojo-basic-lite
@@ -0,0 +1,17 @@
+# Dockerfile.dojo-basic
+FROM php:7.4.27-apache-bullseye
+
+# Install dependencies
+RUN apt-get update && apt-get install -y \
+    sqlite3 \
+    libsqlite3-dev \
+    dnsutils \
+    && rm -rf /var/lib/apt/lists/*
+
+# Set the environment variable for database type
+ENV DOJO_DB_TYPE=sqlite
+
+COPY ./src/basic /var/www/html
+LABEL org.opencontainers.image.source=https://github.com/SamuraiWTF/samurai-dojo
+LABEL org.opencontainers.image.description="Basic PHP 7.4.27-apache-bullseye image with dojo-basic with sqlite support."
+LABEL org.opencontainers.image.licenses="lgpl"
diff --git a/.shogun/docker-compose-dojo-basic-lite.yml b/.shogun/docker-compose-dojo-basic-lite.yml
@@ -0,0 +1,12 @@
+version: '3'
+services:
+  dojo-basic-lite:
+    build:
+      context: ..
+      dockerfile: .shogun/Dockerfile.dojo-basic-lite
+    ports:
+      - "8080:80"
+    environment:
+      - DOJO_DB_TYPE=sqlite
+    volumes:
+      - ./sqlite_data:/var/www/html/db
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -32,14 +32,27 @@ services:
     build: src
     ports:
       - "32080:80"
-      - "32443:80"
+      - "32443:443"
     volumes:
       - ./src/helpdesk:/var/www/html
     links:
       - basicdb
     depends_on:
       - basicdb
 
+  dojo-basic-lite:
+    build: src
+    ports:
+      - "33080:80"
+      - "33443:443"
+    environment:
+      - DOJO_DB_TYPE=sqlite
+    extra_hosts:
+      - "dojo-basic:127.0.0.2"
+      - "dojo-basic.wtf:127.0.0.2"
+    volumes:
+      - ./sqlite_data:/var/www/html/db
+      - ./src/basic:/var/www/html
 
   basicdb:
     image: mysql:5.7

diff --git a/src/Dockerfile b/src/Dockerfile
@@ -3,3 +3,5 @@ FROM php:7.4.27-apache-bullseye
 RUN docker-php-ext-install pdo_mysql mysqli
 
 RUN apt-get update && apt-get install -y dnsutils
+
+ENV DOJO_DB_TYPE=mysql
diff --git a/src/basic/add-to-your-blog.php b/src/basic/add-to-your-blog.php
@@ -11,28 +11,28 @@
 
 <?php
 // Grab inputs
-$inputfromform = $conn->real_escape_string($_REQUEST["input"]);
+$inputfromform = db_escape_string($conn, $_REQUEST["input"]);
 $showonlyuser =  $_REQUEST["show_only_user"];
 
 if ($inputfromform  <> "") {
 	$query = "INSERT INTO blogs_table(blogger_name, comment, date) VALUES ('".
 		$logged_in_user . "', '".
 		$inputfromform  . "', " .
-		" now() )";
+		db_now() . ")";
 
-$result = $conn->query($query);
+$result = db_query($conn, $query);
 }
 
 $query  = "SELECT * FROM blogs_table WHERE
 		blogger_name like '{$logged_in_user}%'
 		ORDER BY date DESC
 		LIMIT 0 , 100";
 
-$result = $conn->query($query) or die(mysqli_error($conn) . '<p><b>SQL Statement:</b>' . $query);;
+$result = db_query($conn, $query) or die(mysqli_error($conn) . '<p><b>SQL Statement:</b>' . $query);;
 //echo $result;
 
 echo 'Entries:<p>';
-while($row = $result->fetch_assoc())
+while($row = db_fetch_assoc($result))
 {
 echo "<p><b>{$row['blogger_name']}:</b>({$row['date']})<br>{$row['comment']}</p>";
 }

diff --git a/src/basic/closedb.inc b/src/basic/closedb.inc
@@ -1 +1,17 @@
-<?php mysqli_close($conn); ?>
+<?php
+// closedb.inc
+
+function db_close($conn) {
+    global $db_type;
+
+    if ($db_type === 'mysql') {
+        $conn->close();
+    } else {
+        $conn->close();
+        unset($conn);
+    }
+}
+
+// Close the database connection
+db_close($conn);
+?>
diff --git a/src/basic/config.inc b/src/basic/config.inc
@@ -3,4 +3,5 @@ $dbhost = 'basicdb';
 $dbuser = 'root';
 $dbpass = 'samurai';
 $dbname = 'samurai_dojo_basic';
+$db_type = getenv('DOJO_DB_TYPE') ?: 'mysql';  // 'mysql' or 'sqlite'
 ?>
diff --git a/src/basic/employee-directory.php b/src/basic/employee-directory.php
@@ -13,7 +13,7 @@ function getEmployees($sortColumn = "last_name", $sortDirection = "DESC") {
               ORDER BY " . $sortOrder;
 
     // Execute the query
-    $result = $conn->query($query);
+    $result = db_query($conn, $query);
 
     // Check for errors without exposing the query
     if (!$result) {
@@ -22,7 +22,7 @@ function getEmployees($sortColumn = "last_name", $sortDirection = "DESC") {
     }
 
     $employees = [];
-    while ($row = $result->fetch_assoc()) {
+    while ($row = db_fetch_assoc($result)) {
         $employees[] = $row;
     }
     return $employees;

diff --git a/src/basic/header.php b/src/basic/header.php
@@ -1,7 +1,10 @@
-<?php
+<?php ob_start();
 include 'config.inc';
 include 'opendb.inc';
 
+// error_reporting(E_ALL);
+// ini_set('display_errors', 1);
+
 // Grab inputs
 $username = $_REQUEST["user_name"];
 $password = $_REQUEST["password"];
@@ -14,8 +17,8 @@
 
 if ($username <> "" and $password <> "") {
 	$query  = "SELECT * FROM accounts WHERE username='". $username ."' AND password='".stripslashes($password)."'";
-	$result = $conn->query($query) or die(mysqli_error($conn) . '<p><b>SQL Statement:</b>' . $query);
-	if ($result->num_rows > 0) {
+	$result = db_query($conn, $query);
+	if (db_num_rows($result) > 0) {
 		// flag the cookie as secure only if it is accessed via SSL
 		$ssl = FALSE;
 		if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
@@ -27,16 +30,16 @@
                 $value = md5($rndm);
                 setcookie("sessionid", $value, 0, "/", "", $ssl, TRUE);
 		// set uid to appropriate user
-		$row = $result->fetch_assoc();
-		setcookie("uid", base64_encode($row['cid']), 0, "/", "", $ssl, FALSE); 
+		$row = db_fetch_assoc($result);
+		setcookie("uid", base64_encode($row['cid']), 0, "/", "", $ssl, FALSE);
+
 		$failedloginflag=0;
 		if ($_REQUEST["returnURL"] <> "") {
 			echo '<meta http-equiv="refresh" content="0;url=' . $_REQUEST["returnURL"] , '">';
 		} else {
 			echo '<meta http-equiv="refresh" content="0;url=index.php">';
 		}
 
-
 	} else {
 		$failedloginflag=1;
 	}
@@ -60,7 +63,7 @@
 		}		
 		break;
 }
-
+ob_end_flush();
 ?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">
 <html lang="en">
@@ -91,11 +94,10 @@
 		-->
 		<?php
 		$query  = "SELECT * FROM accounts WHERE cid='".base64_decode($_COOKIE["uid"])."'";
-		$result = $conn->query($query) or die(mysqli_error($conn) . '<p><b>SQL Statement:</b>' . $query);
-		echo mysqli_error($conn);
-		echo mysqli_error($conn);
-		if ($result->num_rows > 0) {
-			while($row = $result->fetch_assoc())
+		$result = db_query($conn, $query);
+
+		if (db_num_rows($result) > 0) {
+			while($row = db_fetch_assoc($result))
 			{
 				$logged_in_user = $row['username'];
 				$logged_in_usersignature = $row['mysignature'];				

diff --git a/src/basic/opendb.inc b/src/basic/opendb.inc
@@ -1,3 +1,85 @@
 <?php
-$conn = new mysqli($dbhost, $dbuser, $dbpass, $dbname) or die('Error connecting to mysql');
-?>
+// opendb.inc
+
+function db_connect() {
+    global $db_type, $dbhost, $dbuser, $dbpass, $dbname;
+
+    if ($db_type === 'mysql') {
+        $conn = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
+        if ($conn->connect_error) {
+            die("Connection failed: " . $conn->connect_error);
+        }
+    } else {
+        $conn = new SQLite3('/var/www/html/db/' . $dbname . '.sqlite');
+    }
+
+    return $conn;
+}
+
+function db_query($conn, $query) {
+    global $db_type;
+
+    if ($db_type === 'mysql') {
+            $result = $conn->query($query);
+            if (!$result) {
+                die("Query failed: " . $conn->error . '<p><b>SQL Statement:</b>' . $query);
+            }
+        } else {
+            $result = $conn->query($query);
+            if (!$result) {
+                die("Query failed: " . $conn->lastErrorMsg() . '<p><b>SQL Statement:</b>' . $query);
+            }
+        }
+
+    return $result;
+}
+
+function db_now() {
+    global $db_type;
+
+    if ($db_type === 'mysql') {
+        return "NOW()";
+    } else {
+        return "date('now')";
+    }
+}
+
+function db_num_rows($result) {
+    global $db_type;
+
+    if ($db_type === 'mysql') {
+        return $result->num_rows;
+    } else {
+        $count = 0;
+        $res = $result;
+        while ($res->fetchArray()) {
+            $count++;
+        }
+        $res->reset();
+        return $count;
+    }
+}
+
+function db_fetch_assoc($result) {
+    global $db_type;
+
+    if ($db_type === 'mysql') {
+        return $result->fetch_assoc();
+    } else {
+        return $result->fetchArray(SQLITE3_ASSOC);
+    }
+}
+
+function db_escape_string($conn, $string) {
+    global $db_type;
+
+    if ($db_type === 'mysql') {
+        return $conn->real_escape_string($string);
+    } else {
+        return SQLite3::escapeString($string);
+    }
+}
+
+// Establish the database connection
+$conn = db_connect();
+?>
diff --git a/src/basic/redirectandlog.php b/src/basic/redirectandlog.php
@@ -9,7 +9,7 @@
 	"Redirected user to: " . $forwardurl . "', ".
 	" now() )";
 //echo $query;
-$result = $conn->query($query);
+$result = db_query($conn, $query);
 echo mysqli_error($conn );
 
 mysqli_close($conn);
Original file line number	Diff line number	Diff line change
Expand Up		@@ -3,3 +3,5 @@ FROM php:7.4.27-apache-bullseye
		RUN docker-php-ext-install pdo_mysql mysqli

		RUN apt-get update && apt-get install -y dnsutils

		ENV DOJO_DB_TYPE=mysql