From 089a8bc9edcb079f4783083c1c2b07b03ae46191 2017-06-21 16:32:39 From: DarkMorford Date: 2017-06-21 16:32:39 Subject: [PATCH] Update pages and rants to use DBAL. --- diff --git a/include/pages.php b/include/pages.php index a5ffc88..12dfb83 100644 --- a/include/pages.php +++ b/include/pages.php @@ -1,53 +1,84 @@ url_name) +function savepage($page) +{ + if ($page->url_name) return updatepage($page); else return insertpage($page); } -function insertpage($page) { - global $mtdb; - $sql = 'INSERT INTO static_page ( url_name, status, title, body, style ) VALUES (' - . ' "' . mysqli_real_escape_string($mtdb->link, $page->url_name) - . '", "' . mysqli_real_escape_string($mtdb->link, $page->status) - . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->title ) ) - . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->body ) ) - . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->style ) ) - . '")'; - adminlog("Page '".$page->url_name."' has been added.", MTS_PAGE, MTA_ADD); - return $mtdb->query($sql); +function insertpage($page) +{ + if ( !$page->url_name ) return false; + global $dbConnection; + + $sql = 'INSERT INTO static_page (url_name, status, title, body, style) VALUES (:slug, :status, :title, :body, :style)'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue('slug', $page->url_name); + $stmt->bindValue('status', $page->status); + $stmt->bindValue('title', trim($page->title)); + $stmt->bindValue('body', trim($page->body)); + $stmt->bindValue('style', trim($page->style)); + + adminlog("Page '" . $page->url_name . "' has been added.", MTS_PAGE, MTA_ADD); + return $stmt->execute(); } -function updatepage($page) { +function updatepage($page) +{ if ( !$page->url_name ) return false; - global $mtdb; - - $sql = 'UPDATE static_page SET url_name = "' . mysqli_real_escape_string($mtdb->link, $page->url_name) - . '", status = "' . mysqli_real_escape_string($mtdb->link, $page->status) - . '", title = "' . mysqli_real_escape_string( $mtdb->link, trim( $page->title ) ) - . '", body = "' . mysqli_real_escape_string( $mtdb->link, trim( $page->body ) ) - . '", style = "' . mysqli_real_escape_string( $mtdb->link, trim( $page->style ) ) - . '" WHERE url_name = "' . mysqli_real_escape_string($mtdb->link, $page->url_name) . '"'; - adminlog("Page '".$page->url_name."' has been updated.", MTS_PAGE, MTA_MODIFY); - return $mtdb->query( $sql ); + global $dbConnection; + + $sql = 'UPDATE static_page SET url_name = :slug, status = :status, title = :title, body = :body, style = :style WHERE url_name = :slug'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue('slug', $page->url_name); + $stmt->bindValue('status', $page->status); + $stmt->bindValue('title', trim($page->title)); + $stmt->bindValue('body', trim($page->body)); + $stmt->bindValue('style', trim($page->style)); + + adminlog("Page '" . $page->url_name . "' has been updated.", MTS_PAGE, MTA_MODIFY); + return $stmt->execute(); } -function deletepage($url_name) { +function deletepage($url_name) +{ if ( !$url_name ) return false; - global $mtdb; - adminlog("Page '".$page->url_name."' has been deleted.", MTS_PAGE, MTA_DELETE); - return $mtdb->query( 'DELETE FROM static_page WHERE url_name = "' . mysqli_real_escape_string($mtdb->link, $url_name) . '"' ); + global $dbConnection; + + $sql = 'DELETE FROM static_page WHERE url_name = :slug'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue('slug', $url_name); + + adminlog("Page '" . $page->url_name . "' has been deleted.", MTS_PAGE, MTA_DELETE); + return $stmt->execute(); } -function getpage($url_name) { - global $mtdb; - return $mtdb->getRow( 'SELECT url_name, status, title, body, style FROM static_page WHERE url_name = "'. mysqli_real_escape_string($mtdb->link, $url_name) . '"' ); +function getpage($url_name) +{ + if ( !$url_name ) return false; + global $dbConnection; + + $sql = 'SELECT url_name, status, title, body, style FROM static_page WHERE url_name = :slug'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue('slug', $url_name); + + $stmt->execute(); + return $stmt->fetch(); } ?> diff --git a/include/rants.php b/include/rants.php index 3dd3399..b599705 100644 --- a/include/rants.php +++ b/include/rants.php @@ -1,119 +1,193 @@ id) +function saverant($rant) +{ + if ($rant->id) return updaterant($rant); else return insertrant($rant); } -function insertrant($rant) { - global $mtdb; - $sql = 'INSERT INTO rant ( published, status, side, author, title, body, link, imagetype, imagetext ) VALUES ( FROM_UNIXTIME(' - . (int)$rant->published - . '), "' . mysqli_real_escape_string($mtdb->link, $rant->status) - . '", "' . mysqli_real_escape_string($mtdb->link, $rant->side) - . '", "' . (int)$rant->author - . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->title) ) - . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->body ) ) - . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->link ) ) - . '", ' . mysqli_real_escape_string($mtdb->link, $rant->imagetype) - . ', "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->imagetext ) ) - . '")'; - - if( $mtdb->query( $sql ) ) { +function insertrant($rant) +{ + global $dbConnection; + + $sql = 'INSERT INTO rant (published, status, side, author, title, body, link, imagetype, imagetext) VALUES ' . + '(FROM_UNIXTIME(:published), :status, :side, :author, :title, :body, :link, :imagetype, :imagetext)'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue('published', (int)$rant->published); + $stmt->bindValue('status', $rant->status); + $stmt->bindValue('side', $rant->side); + $stmt->bindValue('author', (int)$rant->author); + $stmt->bindValue('title', trim($rant->title)); + $stmt->bindValue('body', trim($rant->body)); + $stmt->bindValue('link', trim($rant->link)); + $stmt->bindValue('imagetype', $rant->imagetype); + $stmt->bindValue('imagetext', trim($rant->imagetext)); + + if ($stmt->execute()) + { //logthis( 'Saved changes to rant ' . $rant->id ); - $rant->id = mysqli_insert_id( $mtdb->link ); + $rant->id = $dbConnection->lastInsertId(); - adminlog("Rant ".$rant->id." saved.", MTS_RANT, MTA_ADD); + adminlog("Rant " . $rant->id . " saved.", MTS_RANT, MTA_ADD); - if($rant->status == "published") + if ($rant->status == "published") { + adminlog("Rant " . $rant->id . " published.", MTS_RANT, MTA_ADD); + + /* $poster = get_userdatabyid($rant->author); - adminlog("Rant ".$rant->id." published.", MTS_RANT, MTA_ADD); twitterpost("New rant posted by ".$poster->name.": ".SITE_HOST.SITE_PATH."/rant/".$rant->id); if($rant->author === 1) { tumblrpost($rant->title, $rant->body); } + */ } return $rant->id; } + return false; } -function updaterant($rant) { +function updaterant($rant) +{ if ( !(int)$rant->id ) return false; - global $mtdb; - - #first, check if it's published already - $qr = $mtdb->query("SELECT status FROM rant WHERE id = ".$rant->id); - $row = mysqli_fetch_row($qr); - $status = $row[0]; - - adminlog("Rant ".$rant->id." updated.", MTS_RANT, MTA_UPDATE); - - $sql = 'UPDATE rant SET published=FROM_UNIXTIME(' . (int)$rant->published - . '), status = "' . mysqli_real_escape_string($mtdb->link, $rant->status) - . '", side = "' . mysqli_real_escape_string($mtdb->link, $rant->side) - . '", author = ' . (int)$rant->author - . ', title = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->title) ) - . '", body = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->body ) ) - . '", link = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->link ) ) - . '", imagetype = ' . (int)$rant->imagetype - . ', imagetext = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->imagetext) ) - . '" WHERE id=' . (int)$rant->id; - - if($status == "draft" && $rant->status == "published") + global $dbConnection; + + # First, check if it's published already + $sql = 'SELECT status FROM rant WHERE id = ?'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue(1, $rant->id); + + $stmt->execute(); + $status = $stmt->fetchColumn(); + + adminlog("Rant " . $rant->id . " updated.", MTS_RANT, MTA_UPDATE); + + $sql = 'UPDATE rant SET published = FROM_UNIXTIME(:published), status = :status, side = :side, author = :author, ' . + 'title = :title, body = :body, link = :link, imagetype = :imagetype, imagetext = :imagetext WHERE id = :id'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue('id', (int)$rant->id); + $stmt->bindValue('published', (int)$rant->published); + $stmt->bindValue('status', $rant->status); + $stmt->bindValue('side', $rant->side); + $stmt->bindValue('author', (int)$rant->author); + $stmt->bindValue('title', trim($rant->title)); + $stmt->bindValue('body', trim($rant->body)); + $stmt->bindValue('link', trim($rant->link)); + $stmt->bindValue('imagetype', (int)$rant->imagetype); + $stmt->bindValue('imagetext', trim($rant->imagetext)); + + if ($status == "draft" && $rant->status == "published") { + adminlog("Rant " . $rant->id . " published.", MTS_RANT, MTA_UPDATE); + + /* $poster = get_userdatabyid($rant->author); - adminlog("Rant ".$rant->id." published.", MTS_RANT, MTA_UPDATE); twitterpost("New rant posted by ".$poster->name.": ".SITE_HOST.SITE_PATH."/rant/".$rant->id); if($rant->author === 1) { tumblrpost($rant->title, $rant->body); } + */ } - return $mtdb->query( $sql ); + return $stmt->execute(); } -function deleterant($rantid) { +function deleterant($rantid) +{ if ( !(int)$rantid ) return false; - global $mtdb; - adminlog("Rant ".$rantid." deleted.", MTS_RANT, MTA_DELETE); - return $mtdb->query( 'DELETE FROM rant WHERE id=' . $rantid ); + global $dbConnection; + + $sql = 'DELETE FROM rant WHERE id = ?'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue(1, $rantid); + + adminlog("Rant " . $rantid . " deleted.", MTS_RANT, MTA_DELETE); + return $stmt->execute(); } function deleteattachment($id) { - global $mtdb; - $file = SITE_PATH_ABS.'/'.get_rantattachment_filename($id); - unlink( $file ) or adminlog("Could not delete $file", MTS_RANT, MTA_DELETE, E_USER_WARNING); - $mtdb->query( 'DELETE FROM rant_attachment WHERE id = ' . $id ); + global $dbConnection; + + // Remove attachment from filesystem + $file = SITE_PATH_ABS . '/' . get_rantattachment_filename($id); + unlink($file) or adminlog("Could not delete $file", MTS_RANT, MTA_DELETE, E_USER_WARNING); + + // Remove from database + $sql = 'DELETE FROM rant_attachment WHERE id = ?'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue(1, $id); + + $stmt->execute(); adminlog("Deleted attachment $id", MTS_RANT, MTA_DELETE); } -function getrant($id) { - global $mtdb; - return $mtdb->getRow( 'SELECT id, UNIX_TIMESTAMP(published) as published, status, side, author, title, body, link, imagetype, imagetext FROM rant WHERE id = '. (int)$id ); +function getrant($id) +{ + global $dbConnection; + + $sql = 'SELECT id, UNIX_TIMESTAMP(published) as published, status, side, author, title, body, link, imagetype, imagetext FROM rant WHERE id = ?'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue(1, (int)$id); + + $stmt->execute(); + return $stmt->fetch(); } -function get_rantimage_filename( $rant ) { - global $mtdb; - $ext = $mtdb->getOne( 'SELECT extension FROM media_t WHERE id=' . (int)$rant->imagetype ); // filename extension - return sprintf( '%s/%04d.%s',SITE_RANT, (int)$rant->id, $ext ); +function get_rantimage_filename($rant) +{ + global $dbConnection; + + $sql = 'SELECT extension FROM media_t WHERE id = ?'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue(1, (int)$rant->imagetype); + + $stmt->execute(); + $ext = $stmt->fetchColumn(); // filename extension + + return sprintf('%s/%04d.%s', SITE_RANT, (int)$rant->id, $ext); } -function get_rantattachment_filename( $id ) { - global $mtdb; - $ext = $mtdb->getOne( 'SELECT extension FROM media_t JOIN rant_attachment ra ON ra.media = media_t.id WHERE ra.id=' . (int)$id ); // filename extension - return sprintf( '%s/%d.%s',SITE_RANT_ATTACHMENT, (int)$id, $ext ); +function get_rantattachment_filename($id) +{ + global $dbConnection; + + $sql = 'SELECT extension FROM media_t JOIN rant_attachment ra ON ra.media = media_t.id WHERE ra.id = ?'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue(1, (int)$id); + + $stmt->execute(); + $ext = $stmt->fetchColumn(); // filename extension + + return sprintf('%s/%d.%s', SITE_RANT_ATTACHMENT, (int)$id, $ext ); } ?>