diff --git a/include/admin.inc.php b/include/admin.inc.php
index 75b666a..30695cd 100644
--- a/include/admin.inc.php
+++ b/include/admin.inc.php
@@ -45,7 +45,7 @@ define('USING_TIDY', false);
// Call mysql to hash a password
function mt_hash_password($password) {
global $mtdb;
- return $mtdb->getOne('SELECT SHA1("' . mysql_real_escape_string($password) . '")') ;
+ return $mtdb->getOne('SELECT SHA1("' . mysqli_real_escape_string($mtdb->link, $password) . '")') ;
}
// Remove invalid characters from username. Permit only alpha, underscore, period, at, hypen
@@ -67,7 +67,7 @@ function mt_login($username, $password, $already_hashed = false) {
$username = sanitize_username( $username );
- $login = $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link,password FROM contributor WHERE name = "' . mysql_real_escape_string($username) . '"');
+ $login = $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link,password FROM contributor WHERE name = "' . mysqli_real_escape_string($mtdb->link, $username) . '"');
if (!$login) {
$error = ('ERROR: Invalid username or password.');
adminlog("Failed login attempt from ".$_SERVER['REMOTE_ADDR']." for $username.", MTS_LOGIN, MTA_CHANGE);
@@ -131,7 +131,7 @@ function _redirect($location, $status = 302) {
if ( substr(php_sapi_name(), 0, 3) != 'cgi' )
header('Status: '.$status); // This causes problems on IIS and some FastCGI setups
-
+
header("Location: $location");
die();
}
diff --git a/include/error.php b/include/error.php
index 2dc840e..329a43c 100644
--- a/include/error.php
+++ b/include/error.php
@@ -25,10 +25,10 @@ define('MTA_CHANGE', 'update'); // Modification action
function adminlog($msg, $section, $action, $level=E_USER_NOTICE, $email=false)
{
global $mtdb, $currentuser;
-
+
$sql = sprintf('INSERT INTO admin_log (contributor, section, action, level, message) VALUES (%s, %d, "%s", %d, "%s")',
- (is_numeric($currentuser->id) ? $currentuser->id : "NULL"), $section, mysql_real_escape_string($action), $level, mysql_real_escape_string($msg));
- $mtdb->query( $sql ) or die($sql."
".mysql_error()."
\n".var_export(debug_backtrace()));
+ (is_numeric($currentuser->id) ? $currentuser->id : "NULL"), $section, mysqli_real_escape_string($mtdb->link, $action), $level, mysqli_real_escape_string($mtdb->link, $msg));
+ $mtdb->query( $sql ) or die($sql."
".mysqli_error()."
\n".var_export(debug_backtrace()));
// Log all important sorts of messages in the Apache log
if( $level & (E_USER_WARNING | E_USER_ERROR) ) {
diff --git a/include/pages.php b/include/pages.php
index 2ebda84..dbdba59 100644
--- a/include/pages.php
+++ b/include/pages.php
@@ -14,26 +14,26 @@ function savepage($page) {
function insertpage($page) {
global $mtdb;
$sql = 'INSERT INTO static_page ( url_name, status, title, body, style ) VALUES ('
- . ' "' . mysql_real_escape_string($page->url_name)
- . '", "' . mysql_real_escape_string($page->status)
- . '", "' . mysql_real_escape_string( trim( $page->title ) )
- . '", "' . mysql_real_escape_string( trim( $page->body ) )
- . '", "' . mysql_real_escape_string( trim( $page->style ) )
+ . ' "' . mysqli_real_escape_string($mtdb->link, $page->url_name)
+ . '", "' . mysqli_real_escape_string($mtdb->link, $page->status)
+ . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->title ) )
+ . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->body ) )
+ . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->style ) )
. '")';
adminlog("Page '".$page->url_name."' has been added.", MTS_PAGE, MTA_ADD);
return $mtdb->query($sql);
-}
+}
function updatepage($page) {
if ( !$page->url_name ) return false;
global $mtdb;
-
- $sql = 'UPDATE static_page SET url_name = "' . mysql_real_escape_string($page->url_name)
- . '", status = "' . mysql_real_escape_string($page->status)
- . '", title = "' . mysql_real_escape_string( trim($page->title) )
- . '", body = "' . mysql_real_escape_string( trim($page->body ) )
- . '", style = "' . mysql_real_escape_string( trim($page->style ) )
- . '" WHERE url_name = "' . mysql_real_escape_string($page->url_name) . '"';
+
+ $sql = 'UPDATE static_page SET url_name = "' . mysqli_real_escape_string($page->url_name)
+ . '", status = "' . mysqli_real_escape_string($mtdb->link, $page->status)
+ . '", title = "' . mysqli_real_escape_string( trim($mtdb->link, $page->title) )
+ . '", body = "' . mysqli_real_escape_string( trim($mtdb->link, $page->body ) )
+ . '", style = "' . mysqli_real_escape_string( trim($mtdb->link, $page->style ) )
+ . '" WHERE url_name = "' . mysqli_real_escape_string($mtdb->link, $page->url_name) . '"';
adminlog("Page '".$page->url_name."' has been updated.", MTS_PAGE, MTA_MODIFY);
return $mtdb->query( $sql );
}
@@ -42,12 +42,12 @@ function deletepage($url_name) {
if ( !$url_name ) return false;
global $mtdb;
adminlog("Page '".$page->url_name."' has been deleted.", MTS_PAGE, MTA_DELETE);
- return $mtdb->query( 'DELETE FROM static_page WHERE url_name = "' . mysql_real_escape_string($url_name) . '"' );
+ return $mtdb->query( 'DELETE FROM static_page WHERE url_name = "' . mysqli_real_escape_string($mtdb->link, $url_name) . '"' );
}
function getpage($url_name) {
global $mtdb;
- return $mtdb->getRow( 'SELECT url_name, status, title, body, style FROM static_page WHERE url_name = "'. mysql_real_escape_string($url_name) . '"' );
+ return $mtdb->getRow( 'SELECT url_name, status, title, body, style FROM static_page WHERE url_name = "'. mysqli_real_escape_string($mtdb->link, $url_name) . '"' );
}
?>
diff --git a/include/rants.php b/include/rants.php
index 6dca332..3dd3399 100644
--- a/include/rants.php
+++ b/include/rants.php
@@ -15,22 +15,22 @@ function insertrant($rant) {
global $mtdb;
$sql = 'INSERT INTO rant ( published, status, side, author, title, body, link, imagetype, imagetext ) VALUES ( FROM_UNIXTIME('
. (int)$rant->published
- . '), "' . mysql_real_escape_string($rant->status)
- . '", "' . mysql_real_escape_string($rant->side)
+ . '), "' . mysqli_real_escape_string($mtdb->link, $rant->status)
+ . '", "' . mysqli_real_escape_string($mtdb->link, $rant->side)
. '", "' . (int)$rant->author
- . '", "' . mysql_real_escape_string( trim( $rant->title) )
- . '", "' . mysql_real_escape_string( trim( $rant->body ) )
- . '", "' . mysql_real_escape_string( trim( $rant->link ) )
- . '", ' . mysql_real_escape_string($rant->imagetype)
- . ', "' . mysql_real_escape_string( trim( $rant->imagetext ) )
+ . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->title) )
+ . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->body ) )
+ . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->link ) )
+ . '", ' . mysqli_real_escape_string($mtdb->link, $rant->imagetype)
+ . ', "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->imagetext ) )
. '")';
-
+
if( $mtdb->query( $sql ) ) {
//logthis( 'Saved changes to rant ' . $rant->id );
- $rant->id = mysql_insert_id( $mtdb->link );
-
+ $rant->id = mysqli_insert_id( $mtdb->link );
+
adminlog("Rant ".$rant->id." saved.", MTS_RANT, MTA_ADD);
-
+
if($rant->status == "published")
{
$poster = get_userdatabyid($rant->author);
@@ -41,34 +41,34 @@ function insertrant($rant) {
tumblrpost($rant->title, $rant->body);
}
}
-
+
return $rant->id;
}
return false;
-}
+}
function updaterant($rant) {
if ( !(int)$rant->id ) return false;
global $mtdb;
-
+
#first, check if it's published already
$qr = $mtdb->query("SELECT status FROM rant WHERE id = ".$rant->id);
- $row = mysql_fetch_row($qr);
+ $row = mysqli_fetch_row($qr);
$status = $row[0];
-
+
adminlog("Rant ".$rant->id." updated.", MTS_RANT, MTA_UPDATE);
-
+
$sql = 'UPDATE rant SET published=FROM_UNIXTIME(' . (int)$rant->published
- . '), status = "' . mysql_real_escape_string($rant->status)
- . '", side = "' . mysql_real_escape_string($rant->side)
+ . '), status = "' . mysqli_real_escape_string($mtdb->link, $rant->status)
+ . '", side = "' . mysqli_real_escape_string($mtdb->link, $rant->side)
. '", author = ' . (int)$rant->author
- . ', title = "' . mysql_real_escape_string( trim($rant->title) )
- . '", body = "' . mysql_real_escape_string( trim($rant->body ) )
- . '", link = "' . mysql_real_escape_string( trim($rant->link ) )
+ . ', title = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->title) )
+ . '", body = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->body ) )
+ . '", link = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->link ) )
. '", imagetype = ' . (int)$rant->imagetype
- . ', imagetext = "' . mysql_real_escape_string( trim($rant->imagetext) )
+ . ', imagetext = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->imagetext) )
. '" WHERE id=' . (int)$rant->id;
-
+
if($status == "draft" && $rant->status == "published")
{
$poster = get_userdatabyid($rant->author);
@@ -79,7 +79,7 @@ function updaterant($rant) {
tumblrpost($rant->title, $rant->body);
}
}
-
+
return $mtdb->query( $sql );
}
diff --git a/include/rss.php b/include/rss.php
index 8f3e4bd..3087cb2 100644
--- a/include/rss.php
+++ b/include/rss.php
@@ -3,10 +3,10 @@
function rsspost($body, $url)
{
global $mtdb;
-
+
$mtdb->query('INSERT INTO rss_comment (body, url)
- VALUES ("'.mysql_real_escape_string($body).'",
- "'.mysql_real_escape_string($url).'")');
+ VALUES ("'.mysqli_real_escape_string($mtdb->link, $body).'",
+ "'.mysqli_real_escape_string($mtdb->link, $url).'")');
return true;
}
diff --git a/include/strip.php b/include/strip.php
index 414c3af..82eca8c 100644
--- a/include/strip.php
+++ b/include/strip.php
@@ -13,10 +13,10 @@ class Strip {
// Strip id is automatically incremented
function insertstrip(&$strip) {
global $mtdb;
-
+
$strip->book = ($strip->book == '') ? 'NULL' : (int)$strip->book;
- $strip->page = ($strip->page == '') ? 'NULL' : (int)$strip->page;
-
+ $strip->page = ($strip->page == '') ? 'NULL' : (int)$strip->page;
+
$mtdb->query('START TRANSACTION');
$newid = $mtdb->getOne('SELECT MAX(id) FROM strip') + 1;
$sql = 'INSERT INTO strip ( id, published, media, type, title, book, page ) VALUES ('
@@ -24,11 +24,11 @@ function insertstrip(&$strip) {
. ', FROM_UNIXTIME(' . (int)$strip->published
. '), '. (int)$strip->media
. ', ' . (int)$strip->type
- . ', "' . mysql_real_escape_string( trim($strip->title) )
+ . ', "' . mysqli_real_escape_string( $mtdb->link, trim($strip->title) )
. '", '. $strip->book
. ', ' . $strip->page
. ')';
-
+
$r = $mtdb->query( $sql );
if( !$r ) {
$mtdb->query('ROLLBACK');
@@ -36,24 +36,24 @@ function insertstrip(&$strip) {
}
$mtdb->query('COMMIT');
adminlog("Comic ".$newid." posted.", MTS_STRIP, MTA_ADD);
-
+
$strip->id = $newid;
if( $strip->id == 0 ) return false;
return true;
-}
+}
function updatestrip(&$strip) {
global $mtdb;
-
+
$strip->book = ($strip->book === '') ? 'NULL' : (int)$strip->book;
$strip->page = ($strip->page === '') ? 'NULL' : (int)$strip->page;
-
+
$mtdb->query('START TRANSACTION');
$sql = 'UPDATE strip SET
published = FROM_UNIXTIME(' . (int)$strip->published .')
, media = '. (int)$strip->media .'
, type = ' . (int)$strip->type .'
- , title = "' . mysql_real_escape_string( trim($strip->title) ) .'"
+ , title = "' . mysqli_real_escape_string( $mtdb->link, trim($strip->title) ) .'"
, book = ' . (int)$strip->book .'
, page = ' . (int)$strip->page .'
WHERE id = ' . (int)$strip->id;
@@ -61,7 +61,7 @@ function updatestrip(&$strip) {
$mtdb->query('COMMIT');
adminlog("Comic ".$strip->id." modified.", MTS_STRIP, MTA_MODIFY);
return true;
-}
+}
// Delete destination strip from DB and FS, and Update/Rename the source strip into place. Destructive Move!
function move_strip($from_id, $to_id)
@@ -69,7 +69,7 @@ function move_strip($from_id, $to_id)
global $mtdb;
$from_id = (int) $from_id;
$to_id = (int) $to_id;
-
+
// Ensure our source exists
$num_strips = $mtdb->getOne( "SELECT COUNT(*) FROM strip WHERE id = $from_id" );
if($num_strips < 1)
@@ -77,7 +77,7 @@ function move_strip($from_id, $to_id)
// Ready the destination
deletestrip( $to_id );
-
+
// Update database
$mtdb->query( "UPDATE strip SET id = $to_id WHERE id = $from_id" );
$strip = $mtdb->getRow( "SELECT strip.id, extension FROM strip, media_t WHERE media_t.id = strip.media AND strip.id = $to_id" );
@@ -100,7 +100,7 @@ function swap_strips( $from_id, $to_id ) {
function deletestrip($id) {
$id = (int)$id;
if ( !$id ) return false;
-
+
global $mtdb;
$r = $mtdb->query( 'DELETE FROM strip WHERE id=' . $id );
foreach(glob(sprintf(SITE_PATH_ABS.'/'.SITE_STRIP.'/%04d*.*', $id)) as $item)
diff --git a/include/transcript.php b/include/transcript.php
index 4493cf7..cf0196d 100644
--- a/include/transcript.php
+++ b/include/transcript.php
@@ -5,12 +5,12 @@ function bracketbalance($line)
#first, if no angle brackets, we're OK
if(substr_count($line, "<") == 0 && substr_count($line, ">") == 0)
return true;
-
+
if(substr_count($line, "<") != substr_count($line, ">"))
{
return false;
}
-
+
return true;
}
@@ -18,7 +18,7 @@ function bracketbalance($line)
function gettranscript(&$strip)
{
global $mtdb;
-
+
$result = $mtdb->query('SELECT strip FROM transcript WHERE strip=' . (int)$strip->id );
if($result)
@@ -34,14 +34,14 @@ function gettranscript(&$strip)
if( $numPanels ) {
for($i = 1; $i <= $numPanels; $i++) {
$result = $mtdb->query( 'SELECT speaker, speech FROM transcript WHERE transcript.strip=' . (int)$strip->id . ' AND panel=' .$i.' ORDER BY line')
- or mtdie("There was an error fetching the panel count in the transcript for $strip->id, panel $i. " . mysql_error(), 'SQL Error');
-
+ or mtdie("There was an error fetching the panel count in the transcript for $strip->id, panel $i. " . mysqli_error(), 'SQL Error');
+
if(!$result) continue;
-
+
$output.= "\nnewpanel\n";
- while($row = mysql_fetch_row($result)) {
+ while($row = mysqli_fetch_row($result)) {
if(strlen($row[0]) < 1) continue;
-
+
$output.= $row[0];
if($row[1] !== '') $output.= ":: ".$row[1];
$output.= "\n";
@@ -58,9 +58,9 @@ function gettranscript(&$strip)
function savetranscript( &$strip ) {
global $mtdb;
$info = '';
-
+
$mtdb->query('START TRANSACTION');
-
+
//remove any old transcript data - it's being replaced
$mtdb->query( 'DELETE FROM transcript WHERE transcript.strip=' . (int)$strip->id );
@@ -87,7 +87,7 @@ function savetranscript( &$strip ) {
if(strpos($lines[$j], '(') === 0) {
# Line is a note, add it as a comment
- $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, '#', mysql_real_escape_string($lines[$j]), '');
+ $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, '#', mysqli_real_escape_string($mtdb->link, $lines[$j]), '');
} elseif(strpos($lines[$j], '[') === 0 || strlen($lines[$j]) == 0) {
# Line is an annotation or blank, do nothing
continue;
@@ -95,13 +95,13 @@ function savetranscript( &$strip ) {
# Line contains a list of nonspeaking characters
array_splice($lines, $j, 1, array_map('_nospeaker', explode(',', substr($lines[$j], 11))));
$speaker = trim(substr($lines[$j], 11));
- $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysql_real_escape_string($speaker), '', '');
+ $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker), '', '');
} elseif($i > 0 && $lines[$j] == strtoupper($lines[$j])) {
# Line designates a new speaker, note speaker
# Handle speakers who did not say anything
if(null !== $speaker && !$has_spoken)
- $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysql_real_escape_string($speaker), '', '');
+ $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker), '', '');
$speaker = ucfirst(strtolower($lines[$j]));
$has_spoken = false;
@@ -111,29 +111,29 @@ function savetranscript( &$strip ) {
$info .= "Warning: Open brackets do not match close brackets in panel $i for speaker ".htmlentities($speaker).'
';
$search = preg_replace( '/[[:punct:]]|(?<=\s)\s+/', ' ', strtolower($lines[$j]) );
- $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysql_real_escape_string($speaker),
- mysql_real_escape_string($lines[$j]), mysql_real_escape_string($search));
+ $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker),
+ mysqli_real_escape_string($mtdb->link, $lines[$j]), mysqli_real_escape_string($mtdb->link, $search));
$has_spoken = true;
} else {
# Line is unrecognized, add it as a comment
- $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, '#', mysql_real_escape_string($lines[$j]), '');
+ $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, '#', mysqli_real_escape_string($mtdb->link, $lines[$j]), '');
}
if( $insert_sql && false === $mtdb->query( $insert_sql ) ) {
$mtdb->query('ROLLBACK');
- mtdie (mysql_error(), 'Error inserting transcript.');
+ mtdie (mysqli_error(), 'Error inserting transcript.');
}
}
if(null !== $speaker && !$has_spoken) {
- $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysql_real_escape_string($speaker), '', '');
+ $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker), '', '');
if( false === $mtdb->query( $insert_sql ) ) {
$mtdb->query('ROLLBACK');
- mtdie (mysql_error(), 'Error inserting transcript.');
+ mtdie (mysqli_error(), 'Error inserting transcript.');
}
}
}
-
+
} else {
# Assume that this is a Kalium style transcript
@@ -141,30 +141,30 @@ function savetranscript( &$strip ) {
$numPanels = count($panels);
foreach($panels as $currPanel)
$currPanel = trim($currPanel);
-
+
for($i = 1; $i < $numPanels; $i++) {
$lines = explode("\n", $panels[$i]);
$numLines = count($lines);
foreach($lines as $currLine)
$currLine = trim($currLine);
-
+
for($j = 1; $j < $numLines; $j++) {
$spoken = explode("::", $lines[$j]); // Distinguish between speaker and speech
-
+
$spoken[0] = trim($spoken[0]); // Strip excess whitespace
$spoken[1] = trim($spoken[1]);
-
+
if(strlen($spoken[0]) < 1) continue; // Disregard null
$spoken[2] = preg_replace('/[[:punct:]]|(?<=\s)\s+/', ' ', strtolower($spoken[1]) ); // Make searchable text
-
+
if(!bracketbalance($spoken[1]))
$info .= "Warning: Open brackets do not match close brackets in panel $i for speaker ".htmlentities($spoken[0]).'
';
- $insert_sql = sprintf($inserter, (int)$strip->id, (int)$i, (int)$j, mysql_real_escape_string($spoken[0]),
- mysql_real_escape_string($spoken[1]), mysql_real_escape_string($spoken[2]) );
+ $insert_sql = sprintf($inserter, (int)$strip->id, (int)$i, (int)$j, mysqli_real_escape_string($mtdb->link, $spoken[0]),
+ mysqli_real_escape_string($mtdb->link, $spoken[1]), mysqli_real_escape_string($mtdb->link, $spoken[2]) );
if( false === $mtdb->query( $insert_sql ) ) {
$mtdb->query('ROLLBACK');
- mtdie (mysql_error(), 'Error inserting transcript.');
+ mtdie (mysqli_error(), 'Error inserting transcript.');
}
}
}
diff --git a/include/twitter.php b/include/twitter.php
index b6816ba..952e439 100644
--- a/include/twitter.php
+++ b/include/twitter.php
@@ -22,20 +22,20 @@ function twitterpost($message, $user=TWITTER_USER, $password=TWITTER_PASS)
adminlog("Twitter post failed for user $user!", MTS_TWITTER, MTA_ADD);
}
return !empty($buffer);
-
+
} else {
# OAuth Mode
- $row = $mtdb->getRow( sprintf('SELECT id, username, oauth_token, oauth_token_secret FROM twitter_user WHERE username="%s"', mysql_real_escape_string($user)));
-
+ $row = $mtdb->getRow( sprintf('SELECT id, username, oauth_token, oauth_token_secret FROM twitter_user WHERE username="%s"', mysqli_real_escape_string($mtdb->link, $user)));
+
$username = $row->username;
$oauth_token = $row->oauth_token;
$oauth_token_secret = $row->oauth_token_secret;
-
+
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $oauth_token, $oauth_token_secret);
-
+
$parameters = array('status' => $message );
$status = $connection->post('statuses/update', $parameters);
-
+
switch( $connection->http_code ) {
case 200:
adminlog("Twitter post succeeded for user $username!", MTS_TWITTER, MTA_ADD);
@@ -44,10 +44,10 @@ function twitterpost($message, $user=TWITTER_USER, $password=TWITTER_PASS)
adminlog("Twitter post failed for user $username!", MTS_TWITTER, MTA_ADD);
return false;
}
-
-
+
+
}
-
+
}
diff --git a/include/uploads.php b/include/uploads.php
index 516add7..796d193 100644
--- a/include/uploads.php
+++ b/include/uploads.php
@@ -34,7 +34,7 @@ function pre_upload_rant_image( $pathtofile ) {
$doing_upload = false;
$upload_imagetype = null;
$upload_error = false;
-
+
if( false === $image_data ) {
$upload_error='Something wronky happened with that upload, getimagesize() returned false!
';
} elseif( 300 > $image_data[0] ) {
@@ -53,7 +53,7 @@ function pre_upload_rant_image( $pathtofile ) {
return compact( "upload_error", "doing_upload", "upload_imagetype" );
}
-function save_stock_rant_image( $source, $rant ) {
+function save_stock_rant_image( $source, $rant ) {
if( copy( sprintf( '%s/%s/%s', SITE_PATH_ABS,SITE_RANT,$source),
SITE_PATH_ABS .'/'.get_rantimage_filename($rant) ) ) {
$upload_info='Default rant image copied.
';
@@ -72,7 +72,7 @@ function save_upload_rant_image( $source, $rant ) {
$upload_info='New rant image uploaded for rant '. $rant->id .'.
';
} else {
$upload_error='Something went wrong while moving the uploaded image.
';
- }
+ }
} else {
if( crop_resize($source, $destination) ) {
$upload_info='New rant image uploaded and resized for rant '. $rant->id .'.
';
@@ -90,14 +90,14 @@ function save_upload_rant_attachment( $source, $rant )
$image_data = getimagesize( $source );
$mtdb->query( "INSERT INTO rant_attachment (rant, media) VALUES ($rant, $image_data[2])" );
- $rant_attachment_id = mysql_insert_id( $mtdb->link );
+ $rant_attachment_id = mysqli_insert_id( $mtdb->link );
if( move_uploaded_file($source, SITE_PATH_ABS.'/'.get_rantattachment_filename($rant_attachment_id) ) ) {
$upload_info='New rant attachment uploaded for rant '. $rant .'.
';
adminlog('Rant attachment uploaded', MTS_RANT, MTA_ADD);
} else {
$upload_error='Something went wrong while storing the attachment.
';
- }
+ }
return compact("rant_attachment_id","upload_info","upload_error");
}
diff --git a/include/user.php b/include/user.php
index c8fbdb8..0a2924a 100644
--- a/include/user.php
+++ b/include/user.php
@@ -8,28 +8,28 @@ function getCurrentUser() {
}
function get_userdatabyid( $id ) {
- global $mtdb;
+ global $mtdb;
return $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link FROM contributor WHERE id = ' . (int)$id );
}
function get_userdatabylogin( $username ) {
global $mtdb;
- return $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link FROM contributor WHERE name = "' . mysql_real_escape_string($username) . '"' );
+ return $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link FROM contributor WHERE name = "' . mysqli_real_escape_string($mtdb->link, $username) . '"' );
}
function save_userdata( $user ) {
adminlog("Saved changes to user ".$user->id." (".$user->name.").", MTS_USER, MTA_UPDATE);
global $mtdb;
return $mtdb->query( sprintf( 'UPDATE contributor SET email="%s", nameplate="%s", default_image="%s", default_link="%s" WHERE id=%d',
- mysql_real_escape_string($user->email), mysql_real_escape_string($user->nameplate),
- mysql_real_escape_string($user->default_image), mysql_real_escape_string($user->default_link), $user->id) );
+ mysqli_real_escape_string($mtdb->link, $user->email), mysqli_real_escape_string($mtdb->link, $user->nameplate),
+ mysqli_real_escape_string($mtdb->link, $user->default_image), mysqli_real_escape_string($mtdb->link, $user->default_link), $user->id) );
}
function change_password( $user ) {
adminlog("Changed password for user ".$user->id." (".$user->name.").", MTS_USER, MTA_UPDATE);
global $mtdb, $currentuser;
if( $currentuser->id === $user->id ) mt_setcookie($user->name, $user->password, false, ADMINURL, FALSE );
- return $mtdb->query( 'UPDATE contributor SET password=SHA1( "' . mysql_real_escape_string($user->password) . '" ) WHERE id = "' . mysql_real_escape_string($user->id) . '"' );
+ return $mtdb->query( 'UPDATE contributor SET password=SHA1( "' . mysqli_real_escape_string($mtdb->link, $user->password) . '" ) WHERE id = "' . mysqli_real_escape_string($mtdb->link, $user->id) . '"' );
}
?>