diff --git a/character-twitter.php b/character-twitter.php index ed255a0..9aee60b 100644 --- a/character-twitter.php +++ b/character-twitter.php @@ -8,12 +8,12 @@ auth_redirect(); // Require logged in user to access this page. if('post_twitter' == $_REQUEST['action']) { check_nonce('new-character-twitter'); - + #Fetch the password from the DB. $acct = $mtdb->getRow(sprintf("SELECT username, password FROM twitter_user WHERE id = '%d'", $_REQUEST['twitter-account'])); - + $post_at = strtotime($_REQUEST['date18']); - + if($post_at) { if($post_at <= strtotime('now')) @@ -21,7 +21,7 @@ if('post_twitter' == $_REQUEST['action']) #If we can post immediately, do so. Bypass the scheduler whenever possible. #Treat a date/time in the past as immediate. $ret = twitterpost($_REQUEST['message'], $acct->username, $acct->password); - + if($ret) { $info.='Update posted to Twitter. View Twitter.'; @@ -37,9 +37,9 @@ if('post_twitter' == $_REQUEST['action']) #No luck, gotta schedule. $mtdb->query( sprintf("INSERT INTO twitter_post (status, user, time, text)VALUES ('scheduled', '%d', FROM_UNIXTIME('%d'), '%s')", - mysql_real_escape_string($_REQUEST['twitter-account']), + mysqli_real_escape_string($mtdb->link, $_REQUEST['twitter-account']), $post_at, - mysql_real_escape_string($_REQUEST['message']) + mysqli_real_escape_string($mtdb->link, $_REQUEST['message']) ) ); $info .= "Your tweet for user " . htmlentities($acct->username) . " has been scheduled."; @@ -119,4 +119,4 @@ At: \ No newline at end of file +?> diff --git a/delete-comic.php b/delete-comic.php index ad20caa..0f1bff7 100644 --- a/delete-comic.php +++ b/delete-comic.php @@ -9,11 +9,11 @@ check_nonce('delete-strip-'.(int)$_REQUEST['strip_id']); if(!deletestrip( $_REQUEST['strip_id'] )) { - adminlog("Error deleting strip $_REQUEST[strip_id]:".mysql_error(), MTS_STRIP, MTA_DELETE, E_ERROR); + adminlog("Error deleting strip $_REQUEST[strip_id]:".mysqli_error(), MTS_STRIP, MTA_DELETE, E_ERROR); mtdie('Error deleting the specified strip.','SQL Error'); } adminlog("Strip $_REQUEST[strip_id] deleted.", MTS_STRIP, MTA_DELETE); _redirect( ADMIN_PATH . '/manage-comics.php?deleted=success' ); -?> \ No newline at end of file +?> diff --git a/delete-page.php b/delete-page.php index 14bbf01..d535cbf 100644 --- a/delete-page.php +++ b/delete-page.php @@ -9,7 +9,7 @@ check_nonce('delete-page-'.$_REQUEST['page_name']); if(!deletepage( $_REQUEST['page_name'] )) { - adminlog("Error deleting page $_REQUEST[page_name]: ".mysql_error(), MTS_PAGE, MTA_DELETE, E_ERROR); + adminlog("Error deleting page $_REQUEST[page_name]: ".mysqli_error(), MTS_PAGE, MTA_DELETE, E_ERROR); mtdie('Error deleting the specified page.','SQL Error'); } diff --git a/delete-rant.php b/delete-rant.php index 9fdee71..122d598 100644 --- a/delete-rant.php +++ b/delete-rant.php @@ -9,9 +9,9 @@ check_nonce('delete-rant-'.(int)$_REQUEST['rant_id']); if(!deleterant( $_REQUEST['rant_id'] )) { - adminlog("Error deleting rant $_REQUEST[rant_id]: ".mysql_error(), MTS_RANT, MTA_DELETE, E_ERROR); + adminlog("Error deleting rant $_REQUEST[rant_id]: ".mysqli_error(), MTS_RANT, MTA_DELETE, E_ERROR); mtdie('Error deleting the specified rant.','SQL Error'); } _redirect( ADMIN_PATH . '/manage-rants.php?deleted=success' ); -?> \ No newline at end of file +?> diff --git a/edit-comic.php b/edit-comic.php index 6d526fe..478b5ac 100644 --- a/edit-comic.php +++ b/edit-comic.php @@ -9,7 +9,7 @@ $strip->id = (int)$_REQUEST['strip_id']; $strip = getstrip($strip->id); if( $_POST ) { - + // Form Elements $strip->new_id = (int)$_POST['strip_new_id'] ? (int)$_POST['strip_new_id'] : $strip->id; $strip->published = empty($_POST['strip_date']) ? time() : strtotime( $_POST['strip_date'] ); @@ -18,7 +18,7 @@ if( $_POST ) { $strip->transcript_posted = $_POST['content']; $strip->book = trim($_POST['book']); $strip->page = trim($_POST['page']); - + if( '' == $strip->title ) mtdie('Strips must be supplied with titles.'); $YESTERDAY = mktime(0,0,0, date('m'), date('d')-1, date('Y')); @@ -37,26 +37,26 @@ if( $_POST ) { adminlog("Image upload failed.", MTS_STRIP, MTA_ADD, E_WARNING); mtdie('If you want to upload a new comic, you must provide said comic.','Strip upload failed.'); } - + // get image type and target extension $imagedata = getimagesize($_FILES['comicFile']['tmp_name']); $strip->media = $imagedata[2]; $fileext = $mtdb->getOne( 'SELECT extension FROM media_t WHERE id = ' . (int)$strip->media ); - + if(strlen($fileext) < 3) { //bad image upload type adminlog("Bad image type upload on new strip. Invalid media type.", MTS_STRIP, MTA_ADD, E_ERROR); mtdie('Bad image type upload on new strip. Invalid media type.'); } - + // Insert new strip into the database, get a real $strip->id if(!insertstrip( $strip )) { - adminlog("Error on insertion of new strip: ".mysql_error(), MTS_STRIP, MTA_ADD, E_ERROR); - mtdie('Error on insertion of new strip: '.mysql_error(), 'SQL Error'); + adminlog("Error on insertion of new strip: ".mysqli_error(), MTS_STRIP, MTA_ADD, E_ERROR); + mtdie('Error on insertion of new strip: '.mysqli_error(), 'SQL Error'); } - + // Store the uploaded file to xxxx-0.ext $basefile = $strip->published <= time() ? sprintf(SITE_PATH_ABS.'/'.SITE_STRIP.'/'.'%04d.%s', $strip->id, $fileext) : @@ -73,11 +73,11 @@ if( $_POST ) { $info.="

Comic posted!

"; break; - + case 'edit_comic': if( 0 >= $strip->new_id ) mtdie('Strip numbers must be numeric, greater than 0.'); if( 0 >= $strip->id ) mtdie('Existing strip number, in the form, was zero. This should never happen.'); - + // When updating, $strip->id is the old strip number. Update in place first. Possibly adjust strip number later. check_nonce('save-strip-'.$strip->id); @@ -87,26 +87,26 @@ if( $_POST ) { $strip->media = $imagedata[2]; } $fileext = $mtdb->getOne( 'SELECT extension FROM media_t WHERE id=' . (int)$strip->media ); - + if(strlen($fileext) < 3) { //bad image upload type adminlog("Bad image type upload on strip ".$strip->id.". Invalid media type.", MTS_STRIP, MTA_UPDATE, E_ERROR); mtdie('Bad image type upload on strip '.$strip->id.'. Invalid media type.'); } - + // Update existing strip if(!updatestrip( $strip ) ) { adminlog("Failed to update strip ".$strip->id.".", MTS_STRIP, MTA_UPDATE); - mtdie('Error updating strip: ' . mysql_error(), 'SQL Error'); + mtdie('Error updating strip: ' . mysqli_error(), 'SQL Error'); } - + if( is_valid_upload('comicFile') ) { // If uploading, store the uploaded file to xxxx-n.ext $basefile = $strip->published <= time() ? sprintf(SITE_PATH_ABS.'/'.SITE_STRIP.'/'.'%04d.%s', $strip->id, $fileext) : sprintf(SITE_PATH_ABS.'/'.SITE_STRIP.'/restricted/'.'%04d.%s', $strip->id, $fileext); - + if(!move_uploaded_file($_FILES['comicFile']['tmp_name'], $basefile)) { adminlog("Filesystem error in saving image.", MTS_STRIP, MTA_UPDATE, E_ERROR); @@ -120,7 +120,7 @@ if( $_POST ) { if( $_POST['broadcast'] ) { #Limit broadcast message to 60 characters. Compose it now. $b_msg = 'Comic ' . $strip->id . ' updated: ' . substr(trim($_REQUEST['broadcast_message']), 0, 60) . ', ' . SITE_HOST . SITE_PATH . "/strip/" . $strip->id; - + rsspost($b_msg, SITE_HOST.SITE_PATH.'/strip/'.$strip->id); twitterpost($b_msg); $info.="

Update broadcasted with message '$b_msg'.

"; @@ -128,19 +128,19 @@ if( $_POST ) { $info.="

Changes saved. id."\">View on site."; break; - + default: adminlog("User did something strange.", MTS_STRIP, MTA_MODIFY); mtdie('You know, it would be really nice if you avoided nonsensical actions.'); } - + $info = savetranscript($strip) . $info; # If the strip number changed, swap strips sequentially to shuffle it into place if( $strip->id != $strip->new_id ) { $f = fopen(SITE_PATH_ABS.'/'.SITE_STRIP.'/'.SITE_STRIP_LOCK, 'w'); flock($f, LOCK_EX); - + while( $strip->new_id < $strip->id ) { // Move this strip backward swap_strips( $strip->id - 1, $strip->id ); $strip->id--; @@ -255,4 +255,3 @@ if( file_exists( SITE_PATH_ABS.'/'.$file ) ){ - diff --git a/edit-rant.php b/edit-rant.php index ff7fff9..68289a7 100644 --- a/edit-rant.php +++ b/edit-rant.php @@ -26,10 +26,10 @@ if( $_POST ) { } $action = isset($_POST['publish']) ? 'post' : 'edit'; - + if( isset( $_POST['publish'] ) ) $rant->status = 'published'; // If [publish] button is used, ignore radio button - + $source_rantimage_filename = $_FILES['ranterImage']['tmp_name']; extract( pre_upload_rant_image( $source_rantimage_filename ) ); if( $upload_error ) $error.=$upload_error; @@ -43,12 +43,12 @@ if( $_POST ) { $source_rantattachment_filename[] = $_FILES['rant_attachment']['tmp_name'][$i]; } } - + switch( $_POST['action'] ) { case 'new_rant': - + check_nonce('new-rant'); - + if( ! $doing_upload ) { // Use default rant image for this contributor. $contributor = get_userdatabyid( $rant->author ); @@ -58,11 +58,11 @@ if( $_POST ) { } else { $rant->imagetype = $upload_imagetype; } - + $rant->id = insertrant($rant); if( $rant->id === false ) { - adminlog("Error on rant insertion: ".mysql_error(), MTS_RANT, MTA_INSERT, E_ERROR); + adminlog("Error on rant insertion: ".mysqli_error(), MTS_RANT, MTA_INSERT, E_ERROR); mtdie('There was an error inserting the rant into the database.', 'SQL Error'); } @@ -72,7 +72,7 @@ if( $_POST ) { $upload_error = $upload_info = ''; extract( save_upload_rant_attachment($_FILES['rant_attachment']['tmp_name'][$i], $rant->id) ); - if( $upload_error ) $error.=$upload_error; + if( $upload_error ) $error.=$upload_error; if( $upload_info ) { $info .= $upload_info; $rant->body = preg_replace('/(href|src)=\"([^\"]*?)\\{'.($i+1).'\\}(.*?)\"/', '\1="'.get_rantattachment_filename($rant_attachment_id).'"', $rant->body); @@ -85,19 +85,19 @@ if( $_POST ) { if( $doing_upload ) { extract( save_upload_rant_image( $source_rantimage_filename, $rant ) ); if( $upload_info ) $info.=$upload_info; - if( $upload_error ) $error.=$upload_error; + if( $upload_error ) $error.=$upload_error; } elseif($rant->imagetype != 'NULL') { extract( save_stock_rant_image( $source_rantimage_filename, $rant ) ); if( $upload_info ) $info.=$upload_info; - if( $upload_error ) $error.=$upload_error; + if( $upload_error ) $error.=$upload_error; } - + break; - + case 'saverant': check_nonce('save-rant-' . $rant->id); - + if( isset( $_POST['rant_reverttodefaultimage'] ) ) { // Use default rant image for this contributor, copy it into place $contributor = get_userdatabyid( $rant->author ); @@ -106,13 +106,13 @@ if( $_POST ) { if($rant->imagetype != 'NULL') extract( save_stock_rant_image( $contributor->default_image, $rant ) ); adminlog("Reverting to user's default rant image for rant ".$rant->id.".", MTS_RANT, MTA_UPDATE); - + } elseif( $doing_upload ) { $rant->imagetype = $upload_imagetype; extract( save_upload_rant_image( $source_rantimage_filename, $rant ) ); adminlog("Uploading new rant image for rant ".$rant->id.".", MTS_RANT, MTA_UPDATE); if( $upload_info ) $info.=$upload_info; - if( $upload_error ) $error.=$upload_error; + if( $upload_error ) $error.=$upload_error; } foreach($_POST['delete_attachment'] as $attachment) @@ -122,14 +122,14 @@ if( $_POST ) { for($i = 0; $i < count($existing_attachments); $i++) { $rant->body = preg_replace('/(href|src)=\"([^\"]*?)\\{'.($i+1).'\\}(.*?)\"/', '\1="'.get_rantattachment_filename($existing_attachments[$i]->id).'"', $rant->body); } - + for($j = $i; $j < count($source_rantattachment_filename) + $i; $j++) { if('' == $source_rantattachment_filename[$j - $i]) continue; - + $upload_error = $upload_info = ''; extract( save_upload_rant_attachment($_FILES['rant_attachment']['tmp_name'][$j - $i], $rant->id) ); - if( $upload_error ) $error.=$upload_error; + if( $upload_error ) $error.=$upload_error; if( $upload_info ) { $info .= $upload_info; $rant->body = preg_replace('/(href|src)=\"([^\"]*?)\\{'.($i+1).'\\}(.*?)\"/', '\1="'.get_rantattachment_filename($rant_attachment_id).'"', $rant->body); @@ -137,7 +137,7 @@ if( $_POST ) { } updaterant($rant); - + if($rant->status != 'draft' && $_POST['broadcast'] && ($rant->published <= mktime(0,0,0, date('m'), date('d')-1, date('Y')))) { @@ -216,7 +216,7 @@ tinyMCE.init({

-

Author

+

Author

-

Revert to default rant image.

+

Revert to default rant image.

diff --git a/fredart_parse.php b/fredart_parse.php index c1b2c41..c90c692 100644 --- a/fredart_parse.php +++ b/fredart_parse.php @@ -24,14 +24,14 @@ for ($count = 0; $count < 5; $count++) { $entry = $feed->getEntryByOffset($count); - $link = mysql_real_escape_string($entry->link); - $title = mysql_real_escape_string($entry->title); + $link = mysqli_real_escape_string($mtdb->link, $entry->link); + $title = mysqli_real_escape_string($mtdb->link, $entry->title); $date = $entry->pubdate; $mtdb->query("INSERT INTO fredart (pubdate, title, link) VALUES (FROM_UNIXTIME($date), '$title', '$link')", false); } - + header('Content-Type: text/xml'); header('Content-Length: 440'); ?> diff --git a/include/html.php b/include/html.php index 6beb760..0fa61de 100644 --- a/include/html.php +++ b/include/html.php @@ -54,8 +54,8 @@ function adminmenu($current='') { } else { $curS = $curT = basename( $_SERVER["PHP_SELF"] ); } - - + + foreach( $submenu as $l=>$L ) { foreach( $L as $k=>$v ) { if( $k == $curS ) { @@ -65,11 +65,11 @@ function adminmenu($current='') { } $current_sub_menu = false; - ?> + ?> -

Howdy, . [

Howdy, . [Sign Out]

@@ -94,7 +94,7 @@ function adminmenu($current='') { } ?> -
+
Deleted successfully.

'; @@ -104,7 +104,7 @@ function adminmenu($current='') { if( $info ) echo "
$info
"; ?>
- query( sprintf('UPDATE twitter_user SET oauth_token="%s", oauth_token_secret="%s", username="%s" WHERE id=%d', mysql_real_escape_string($oauth_token), mysql_real_escape_string($oauth_token_secret), mysql_real_escape_string($username), $id )) ) + if( $mtdb->query( sprintf('UPDATE twitter_user SET oauth_token="%s", oauth_token_secret="%s", username="%s" WHERE id=%d', mysqli_real_escape_string($mtdb->link, $oauth_token), mysqli_real_escape_string($mtdb->link, $oauth_token_secret), mysqli_real_escape_string($mtdb->link, $username), $id )) ) return true; return false; } diff --git a/manage-metatypes.php b/manage-metatypes.php index ea01b73..3fba133 100644 --- a/manage-metatypes.php +++ b/manage-metatypes.php @@ -9,7 +9,7 @@ if( isset($_GET['delete']) && (int)$_GET['delete'] ) { if(! $mtdb->query( 'DELETE FROM meta_t WHERE id=' . (int)$_GET['delete'] ) ) { adminlog("Error on deleting metatype ".(int)$_GET['delete'], MTS_TYPE_META, MTA_DELETE, E_WARNING); - mtdie("Error on update: ". htmlentities(mysql_error())); + mtdie("Error on update: ". htmlentities(mysqli_error())); } $info.='

Deleted metatype successfully.

'; adminlog("Metatype ".(int)$_GET['delete']." deleted.", MTS_TYPE_META, MTA_DELETE); @@ -17,14 +17,14 @@ if( isset($_GET['delete']) && (int)$_GET['delete'] ) { if( isset($_POST['action']) && $_POST['action'] == 'new_meta' ) { check_nonce('new-metatype'); - + $name = trim($_POST['name']); - + if( check_type_name( $name ) ) { - if(! $mtdb->query( 'INSERT INTO meta_t(name) VALUES("'. mysql_real_escape_string($name) . '")' ) ) + if(! $mtdb->query( 'INSERT INTO meta_t(name) VALUES("'. mysqli_real_escape_string($mtdb->link, $name) . '")' ) ) { adminlog("Error on inserting metatype ".(int)$_GET['delete'], MTS_TYPE_META, MTA_INSERT, E_WARNING); - mtdie("Error on insertion: ". htmlentities(mysql_error())); + mtdie("Error on insertion: ". htmlentities(mysqli_error())); } } $info.='

New metatype created successfully.

'; @@ -33,14 +33,14 @@ if( isset($_POST['action']) && $_POST['action'] == 'new_meta' ) { if( isset($_POST['action']) && $_POST['action'] == 'edit_meta' ) { check_nonce('save-metatype-'.(int)$_POST['type_id']); - + $name = trim($_POST['name']); - + if( check_type_name( $name ) ) { - if(! $mtdb->query( 'UPDATE meta_t SET name = "' . mysql_real_escape_string($name) . '" WHERE id=' . (int)$_POST['type_id']) ) + if(! $mtdb->query( 'UPDATE meta_t SET name = "' . mysqli_real_escape_string($mtdb->link, $name) . '" WHERE id=' . (int)$_POST['type_id']) ) { adminlog("Error updating metatype ".(int)$_GET['delete'], MTS_TYPE_META, MTA_UPDATE, E_WARNING); - mtdie("Error on update: ". htmlentities(mysql_error())); + mtdie("Error on update: ". htmlentities(mysqli_error())); } } $info.='

Changes to metatype saved successfully.

'; @@ -96,11 +96,11 @@ adminmenu(); - +

\ No newline at end of file +?> diff --git a/manage-statusbox.php b/manage-statusbox.php index c943f2e..31c8020 100644 --- a/manage-statusbox.php +++ b/manage-statusbox.php @@ -36,7 +36,7 @@ function handle_update_form() { return; } - $mtdb->query( 'INSERT INTO status (published,eta,percentage,text) VALUES( NOW(), FROM_UNIXTIME(' . (int)$eta . '), '. (int)$percent . ', "' . mysql_real_escape_string($text) . '")' ); + $mtdb->query( 'INSERT INTO status (published,eta,percentage,text) VALUES( NOW(), FROM_UNIXTIME(' . (int)$eta . '), '. (int)$percent . ', "' . mysqli_real_escape_string($mtdb->link, $text) . '")' ); $_POST['update_percentage']=$_POST['update_eta']=$_POST['update_text']=''; $info = '

Statusbox updated successfully.

'; @@ -87,32 +87,32 @@ $presets = $mtdb->getAll('SELECT COUNT(*) as c, percentage, text, CONCAT( percen Status Description - + diff --git a/manage-twitter-presets.php b/manage-twitter-presets.php index 2177400..64cfefc 100644 --- a/manage-twitter-presets.php +++ b/manage-twitter-presets.php @@ -17,7 +17,7 @@ if( isset($_REQUEST['action']) && 'edit_twitter' == $_REQUEST['action']) { if(0 == $id && !empty($msg)) { // Add a new preset - $mtdb->query( sprintf('INSERT INTO twitter_status (position, message) VALUES (%d, "%s")', $position, mysql_real_escape_string($msg)) ); + $mtdb->query( sprintf('INSERT INTO twitter_status (position, message) VALUES (%d, "%s")', $position, mysqli_real_escape_string($mtdb->link, $msg)) ); adminlog("Added new preset: $msg", MTS_TWITTER, MTA_ADD); } elseif(empty($msg)) { // Delete an existing preset @@ -25,7 +25,7 @@ if( isset($_REQUEST['action']) && 'edit_twitter' == $_REQUEST['action']) { adminlog("Removed preset: $id", MTS_TWITTER, MTA_ADD); } else { // Modify an existing preset - $mtdb->query( sprintf('UPDATE twitter_status SET position = %d, message = "%s" WHERE id = %d', $position, mysql_real_escape_string($msg), $id) ); + $mtdb->query( sprintf('UPDATE twitter_status SET position = %d, message = "%s" WHERE id = %d', $position, mysqli_real_escape_string($mtdb->link, $msg), $id) ); } } } diff --git a/manage-twitter-users.php b/manage-twitter-users.php index 8e14058..f329597 100644 --- a/manage-twitter-users.php +++ b/manage-twitter-users.php @@ -6,34 +6,34 @@ auth_redirect(); // Require logged in user to access this page. if( isset($_POST['action']) && $_POST['action'] == 'new' ) { check_nonce('new-twitter-user'); - - if(! $mtdb->query( sprintf('INSERT INTO twitter_user(username) VALUES("%s")', mysql_real_escape_string( md5( microtime() )) ) ) ) { + + if(! $mtdb->query( sprintf('INSERT INTO twitter_user(username) VALUES("%s")', mysqli_real_escape_string( $mtdb->link, md5( microtime() )) ) ) ) { adminlog("Error on insertion of new twitter user.", MTS_TWITTER, MTA_INSERT, E_WARNING); - mtdie("Error on insertion of new twitter user: ". htmlentities(mysql_error()), 'SQL Error'); + mtdie("Error on insertion of new twitter user: ". htmlentities(mysqli_error()), 'SQL Error'); } else { //$name = sanitize_username($_POST['name']); - - $id = mysql_insert_id(); - + + $id = mysqli_insert_id(); + $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET); $request_token = $connection->getRequestToken(OAUTH_CALLBACK . "&id=$id"); - + if ($connection->http_code !== 200 ) { adminlog("Twitter getRequestToken failed. HTTP code: $connection->http_code", MTS_TWITTER, MTA_MODIFY); mtdie("Could not connect to twitter.com."); } - + echo $id . '
'; - + setOAuthTokens( $id, $request_token['oauth_token'], $request_token['oauth_token_secret'], md5(microtime()) ); - + adminlog("New twitter user created successfully.", MTS_TWITTER, MTA_ADD); $url = $connection->getAuthorizeURL($request_token['oauth_token']); //echo $url; _redirect($url); - exit(); - + exit(); + } } @@ -41,7 +41,7 @@ if( isset($_REQUEST['action']) && $_REQUEST['action'] == 'twittercallback' && is # twitter userID = ID $id = (int)$_REQUEST['id']; $row = $mtdb->getRow( sprintf('SELECT id, username, oauth_token, oauth_token_secret, oauth_access_token FROM twitter_user WHERE id=%d LIMIT 1', $id)); - + # Compare token in database with token from twitter. If they differ, bail. if( $row->oauth_token != $_REQUEST['oauth_token'] ) { # token is old, drop from database @@ -53,9 +53,9 @@ if( isset($_REQUEST['action']) && $_REQUEST['action'] == 'twittercallback' && is } else { # token is good, save the new Access Token to the database $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $row->oauth_token, $row->oauth_token_secret); - + $access_token = $connection->getAccessToken($_REQUEST['oauth_verifier']); - + if (200 == $connection->http_code) { # successful $info.='

Successfully obtained OAuth Access Token.

'; @@ -66,7 +66,7 @@ if( isset($_REQUEST['action']) && $_REQUEST['action'] == 'twittercallback' && is adminlog("Successfully received OAuth Access Tokens for twitter user.", MTS_TWITTER, MTA_MODIFY, E_WARNING); //print_r($content); - + } else { # fail if( !$mtdb->query("DELETE FROM twitter_user WHERE id = '$id'") ) { @@ -76,7 +76,7 @@ if( isset($_REQUEST['action']) && $_REQUEST['action'] == 'twittercallback' && is $info.='

Failed to get OAuth Access Token for ' . $username . '.

'; adminlog("Failed to get OAuth Access Tokens for twitter user.", MTS_TWITTER, MTA_MODIFY, E_ERROR); } - + } } @@ -109,14 +109,14 @@ adminmenu(); $alternate=false; foreach( $twitter_users as $s ) { $alternate=!$alternate; - + ?> > id; ?> username); ?> oauth_token); ?> oauth_token_secret); ?> - oauth_token, $s->oauth_token_secret); $content = $connection->get('account/verify_credentials'); if( isset($content->profile_image_url)) { diff --git a/manage-types.php b/manage-types.php index cf493fa..8b05a33 100644 --- a/manage-types.php +++ b/manage-types.php @@ -9,12 +9,12 @@ if( isset($_GET['delete']) && (int)$_GET['delete'] ) { if(! $mtdb->query( 'DELETE FROM strip_t WHERE id=' . (int)$_GET['delete'] ) ) { adminlog("Error deleting type ".(int)$_GET['delete'], MTS_TYPE, MTA_DELETE, E_WARNING); - mtdie("Error on deletion of existing type: " . htmlentities(mysql_error()), 'SQL Error'); + mtdie("Error on deletion of existing type: " . htmlentities(mysqli_error()), 'SQL Error'); } if(! $mtdb->query( 'DELETE FROM meta WHERE type=' . (int)$_GET['delete'] ) ) { adminlog("Error on deletion of type ".(int)$_GET['delete']."'s metadata.", MTS_TYPE, MTA_DELETE, E_WARNING); - mtdie("Error on deletion of existing type's metadata: " . htmlentities(mysql_error()), 'SQL Error'); + mtdie("Error on deletion of existing type's metadata: " . htmlentities(mysqli_error()), 'SQL Error'); } $info.='

Deleted type successfully.

'; adminlog("Deleted type ".(int)$_GET['delete'], MTS_TYPE, MTA_DELETE); @@ -22,15 +22,15 @@ if( isset($_GET['delete']) && (int)$_GET['delete'] ) { if( isset($_POST['action']) && $_POST['action'] == 'new_type' ) { check_nonce('new-type'); - + $name = trim($_POST['name']); $desc = trim($_POST['description']); - + if( check_type_name($name) ) { - if(! $mtdb->query( sprintf( 'INSERT INTO strip_t(name, description) VALUES("%s", "%s")', mysql_real_escape_string($name), mysql_real_escape_string($desc)) ) ) + if(! $mtdb->query( sprintf( 'INSERT INTO strip_t(name, description) VALUES("%s", "%s")', mysqli_real_escape_string($mtdb->link, $name), mysqli_real_escape_string($mtdb->link, $desc)) ) ) { adminlog("Error on insertion of new type.", MTS_TYPE, MTA_INSERT, E_WARNING); - mtdie("Error on insertion of new type: ". htmlentities(mysql_error()), 'SQL Error'); + mtdie("Error on insertion of new type: ". htmlentities(mysqli_error()), 'SQL Error'); } } $info.='

New type created successfully.

'; @@ -38,27 +38,27 @@ if( isset($_POST['action']) && $_POST['action'] == 'new_type' ) { } if( isset($_POST['action']) && $_POST['action'] == 'edit_type' ) { - + $id = (int)$_POST['type_id']; check_nonce("save-type-$id"); $name = trim($_POST['name']); $desc = trim($_POST['description']); - + $meta = $_POST['meta']; $m_delete = $mtdb->getAll("SELECT meta FROM meta WHERE type = $id"); - + $m_insert = array(); - - // Key listed in both Insert and Delete lists, so remove from both == Do Nothing - foreach( $m_delete as $k=>$v ) { + + // Key listed in both Insert and Delete lists, so remove from both == Do Nothing + foreach( $m_delete as $k=>$v ) { if( array_key_exists( $v->meta, $meta ) ) { unset($m_delete[$k]); unset($meta[$v->meta]); } else { $m_delete[$k] = 'meta=' . (int)$v->meta; - } + } } // Key listed only in Insert list, make proper format @@ -67,17 +67,17 @@ if( isset($_POST['action']) && $_POST['action'] == 'edit_type' ) { } if( check_type_name( $name ) ) { - if( !$mtdb->query( sprintf( 'UPDATE strip_t SET name = "%s", description = "%s" WHERE id = %s', mysql_real_escape_string($name), mysql_real_escape_string($desc), $id)) ) + if( !$mtdb->query( sprintf( 'UPDATE strip_t SET name = "%s", description = "%s" WHERE id = %s', mysqli_real_escape_string($mtdb->link, $name), mysqli_real_escape_string($mtdb->link, $desc), $id)) ) { adminlog("Error on updating type ".$id, MTS_TYPE, MTA_UPDATE, E_WARNING); - mtdie("Error on update of existing type: ". htmlentities(mysql_error()), 'SQL Error'); + mtdie("Error on update of existing type: ". htmlentities(mysqli_error()), 'SQL Error'); } - + $sql_insert = "INSERT INTO meta (type,meta) VALUES " . implode(',',$m_insert); $sql_delete = "DELETE FROM meta WHERE type=$id AND ( " . implode(' OR ',$m_delete) . ' )'; $mtdb->query('START TRANSACTION'); - + if( count($m_insert) ) if(! $mtdb->query( $sql_insert ) ) { @@ -90,9 +90,9 @@ if( isset($_POST['action']) && $_POST['action'] == 'edit_type' ) { adminlog("Error deleting old metatype association data for type ".$id, MTS_TYPE, MTA_REMOVE, E_WARNING); mtdie("There was an error deleting old metatype data. Transaction aborted. $sql_delete"); } - + $mtdb->query('COMMIT'); - + } else { $error.='

Invalid type name!

'; } @@ -129,13 +129,13 @@ adminmenu(); $alternate=false; foreach( $types as $s ) { $alternate=!$alternate; - + $metas = $mtdb->getAll("SELECT meta_t.name AS name FROM strip_t JOIN meta ON meta.type = strip_t.id JOIN meta_t ON meta.meta = meta_t.id WHERE strip_t.id = $s->id"); - + $meta = implode(', ', array_map('_getMetaNameFromObject', $metas) ); - + ?> > id; ?> @@ -169,7 +169,7 @@ adminmenu(); - +

diff --git a/post-scratchpad.php b/post-scratchpad.php index e340b89..051ba49 100644 --- a/post-scratchpad.php +++ b/post-scratchpad.php @@ -6,7 +6,7 @@ auth_redirect(); // Require logged in user to access this page. check_nonce('new-scratchpad'); -$mtdb->query( sprintf( 'INSERT INTO scratchpad (contributor, message) VALUES (%d, "%s")', (int)$currentuser->id, mysql_real_escape_string($_REQUEST['message'])) ); +$mtdb->query( sprintf( 'INSERT INTO scratchpad (contributor, message) VALUES (%d, "%s")', (int)$currentuser->id, mysqli_real_escape_string($mtdb->link, $_REQUEST['message'])) ); adminlog("User posted to scratchpad.", MTS_SCRATCH, MTA_INSERT); _redirect( ADMIN_PATH . '/index.php' ); diff --git a/post-twitter.php b/post-twitter.php index 8fd01fe..6393c58 100644 --- a/post-twitter.php +++ b/post-twitter.php @@ -8,7 +8,7 @@ auth_redirect(); // Require logged in user to access this page. if('post_twitter' == $_REQUEST['action']) { check_nonce('new-twitter'); - + $postmessage = ''; if(!empty($_REQUEST['stdmessage']) ) $postmessage = trim($_REQUEST['stdmessage']); if( strlen($_REQUEST['message']) ) $postmessage = trim($_REQUEST['message']); @@ -20,13 +20,13 @@ if('post_twitter' == $_REQUEST['action']) if('' == $postmessage) _redirect( ADMIN_PATH . '/post-twitter.php?tweet=missing'); $username = sanitize_username($_REQUEST['twitter_user']); - $postasuser = $mtdb->getOne( sprintf('SELECT username FROM twitter_user WHERE username="%s"', mysql_real_escape_string($username))); + $postasuser = $mtdb->getOne( sprintf('SELECT username FROM twitter_user WHERE username="%s"', mysqli_real_escape_string($mtdb->link, $username))); if( in_array('twitter', $_REQUEST['service']) ) $rc = twitterpost( numeric_entities(utfentities($postmessage)), $postasuser ); if( in_array('rss', $_REQUEST['service']) ) $rc = rsspost( numeric_entities(utfentities($postmessage)), SITE_HOST.SITE_PATH ); - + if($rc) _redirect( ADMIN_PATH . '/post-twitter.php?tweet=success'); _redirect( ADMIN_PATH . '/post-twitter.php?tweet=fail'); @@ -41,7 +41,7 @@ if( isset($_REQUEST['tweet']) && 'fail' == $_REQUEST['tweet'] ) if( isset($_REQUEST['tweet']) && 'missing' == $_REQUEST['tweet'] ) $error.='Oops~ Looks like you forgot to enter a message.'; - + $statuses = $mtdb->getAll('SELECT id, position, message FROM twitter_status ORDER BY position, id'); $twitter_users = $mtdb->getAll('SELECT id, username, oauth_token, oauth_token_secret, oauth_access_token FROM twitter_user ORDER BY username'); @@ -98,7 +98,7 @@ adminmenu(); var charactersremaining = document.getElementById('charactersremaining'); charactersremaining.innerHTML = 140 - status.value.length } ---> +--> diff --git a/twitter-scheduled.php b/twitter-scheduled.php index 5faa8c2..46da111 100644 --- a/twitter-scheduled.php +++ b/twitter-scheduled.php @@ -37,7 +37,7 @@ foreach($tweets as $t) adminlog("Error $ret_code posting scheduled tweet ".$t->id . ' with return value ' . $ret, MTS_TWITTER, MTA_ADD); $t->status = 'error'; } - + // Unlock tweet, update db. - $mtdb->query("UPDATE twitter_post SET status = '".mysql_real_escape_string($t->status)."' WHERE status = 'locked' AND id = ".(int)$t->id, false); + $mtdb->query("UPDATE twitter_post SET status = '".mysqli_real_escape_string($mtdb->link, $t->status)."' WHERE status = 'locked' AND id = ".(int)$t->id, false); } diff --git a/user-edit.php b/user-edit.php index 6f87eb4..d2c15b4 100644 --- a/user-edit.php +++ b/user-edit.php @@ -12,10 +12,10 @@ if( isset($_POST['edit']) ) { $username = sanitize_username( $_POST['user_login'] ); if( $username != $_POST['user_login'] || strlen($_POST['user_login']) < 1 ) mtdie( 'The specified username is not valid. Must be composed of a-z _ - @ .', 'Invalid Username' ); - + copy(RANTIMG.'default', RANTIMG.$username.'.png'); - - $mtdb->query( 'INSERT INTO contributor (name, default_image) VALUES ("' . mysql_real_escape_string($username) . '", "'.$username.'.png")' ); + + $mtdb->query( 'INSERT INTO contributor (name, default_image) VALUES ("' . mysqli_real_escape_string($mtdb->link, $username) . '", "'.$username.'.png")' ); $user = get_userdatabylogin( $username ); $userid = $user->id; $info.='

User Account Created

'; @@ -25,19 +25,19 @@ if( isset($_POST['edit']) ) { $userid = (int) $_POST['edit']; $user_old = $user = get_userdatabyid( $userid ); } - + $user->nameplate = $_POST['nickname']; $user->default_image = $user_old->default_image; $user->default_link = $_POST['rant-link']; $user->email = $_POST['email']; - + if( !empty($_POST['password_new1']) && !empty($_POST['password_new2']) ) { - + if( $_POST['password_new1'] !== $_POST['password_new2'] ) { $error.='

New passwords do not match.

'; } else { /* password change */ - if( ! $mtdb->getOne( 'SELECT id FROM contributor WHERE id = "' . (int)$user->id . '" AND (password = SHA1("' . mysql_real_escape_string($_POST['password_old']) . '") OR password = "")' )) { + if( ! $mtdb->getOne( 'SELECT id FROM contributor WHERE id = "' . (int)$user->id . '" AND (password = SHA1("' . mysqli_real_escape_string($mtdb->link, $_POST['password_old']) . '") OR password = "")' )) { $error.='

Specified password is incorrect.

'; } else { /* Password match */ @@ -50,13 +50,13 @@ if( isset($_POST['edit']) ) { function handle_upload( &$user ) { global $info,$error; - + if( !$_FILES['rant_image'] ) return; - + if( '' == $_FILES['rant_image']['name'] ) return; if( UPLOAD_ERR_NO_FILE == $_FILES['rant_image']['error'] ) return; if( 0 == $_FILES['rant_image']['size'] ) return; - + $info.='

Tried to upload an image.

'; // Uploading new rant image $imagedata = getimagesize($_FILES['rant_image']['tmp_name']); @@ -68,7 +68,7 @@ if( isset($_POST['edit']) ) { $error.='

Image wrong height: '.$imagedata[1].'

'; return; } - + switch( $_FILES['rant_image']['type'] ) { case 'image/jpeg': case 'image/jpg': $ext = 'jpg'; break; @@ -80,7 +80,7 @@ if( isset($_POST['edit']) ) { $error.='

Unknown image extension. Upload refused.

'; return; } - + $destination_path = $user->name.'.'.$ext; if( !is_uploaded_file( $_FILES['rant_image']['tmp_name'] )) { $error.='

Something went wrong while retrieving the uploaded image.

'; @@ -103,8 +103,8 @@ if( isset($_POST['edit']) ) { } else { $userid = (int) $_GET['edit']; $user = get_userdatabyid( $userid ); -} - +} + if( !$user ) $error.='

The specified user does not exist.

'; adminhead('Edit User Profile'); diff --git a/users.php b/users.php index e9f2a32..26c5d62 100644 --- a/users.php +++ b/users.php @@ -54,13 +54,13 @@ $users = $mtdb->getAll("SELECT id,name,email,nameplate FROM contributor");

Create New Contributor

- +
Username
- +