From 17cb6fd19dbb02e147be90af4a4fd17be3f0a8f8 2017-07-02 17:46:27 From: darkmorford Date: 2017-07-02 17:46:27 Subject: [PATCH] Merge pull request #16 from mt-admin dbal Convert to Doctrine DBAL --- diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..351d4f7 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,14 @@ +# Topmost editor config for this site +root = true + +# Global config settings +[*] +charset = utf-8 +indent_style = tab +insert_final_newline = true +trim_trailing_whitespace = true + +# Exceptions for specific files +[composer.{json,lock}] +indent_size = 4 +indent_style = space diff --git a/.gitignore b/.gitignore index b6a49ac..88f98ce 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,7 @@ -# SASS artifacts +# Composer dependencies +vendor + +# Stylesheet artifacts *.css *.css.map .sass-cache diff --git a/character-twitter.php b/character-twitter.php index 9aee60b..9ee383c 100644 --- a/character-twitter.php +++ b/character-twitter.php @@ -10,7 +10,8 @@ if('post_twitter' == $_REQUEST['action']) check_nonce('new-character-twitter'); #Fetch the password from the DB. - $acct = $mtdb->getRow(sprintf("SELECT username, password FROM twitter_user WHERE id = '%d'", $_REQUEST['twitter-account'])); + $stmt = $dbConnection->executeQuery('SELECT username, password FROM twitter_user WHERE id = ?', array($_REQUEST['twitter-account'])); + $acct = $stmt->fetch(); $post_at = strtotime($_REQUEST['date18']); @@ -35,13 +36,8 @@ if('post_twitter' == $_REQUEST['action']) else { #No luck, gotta schedule. - $mtdb->query( - sprintf("INSERT INTO twitter_post (status, user, time, text)VALUES ('scheduled', '%d', FROM_UNIXTIME('%d'), '%s')", - mysqli_real_escape_string($mtdb->link, $_REQUEST['twitter-account']), - $post_at, - mysqli_real_escape_string($mtdb->link, $_REQUEST['message']) - ) - ); + $dbConnection->executeUpdate('INSERT INTO twitter_post (status, user, time, text) VALUES (\'scheduled\', ?, FROM_UNIXTIME(?), ?)', + array($_REQUEST['twitter-account'], $post_at, $_REQUEST['message'])); $info .= "Your tweet for user " . htmlentities($acct->username) . " has been scheduled."; adminlog('Tweet for account ' . $acct->username . ' has been scheduled.', MTS_TWITTER, MTA_ADD); } @@ -52,12 +48,11 @@ if('post_twitter' == $_REQUEST['action']) } } -$characters = $mtdb->getAll("SELECT id, username FROM twitter_user ORDER BY username"); +$characters = $dbConnection->fetchAll('SELECT id, username FROM twitter_user ORDER BY username'); -$scheduled = $mtdb->getAll("SELECT username, text, status, twitter_post.id AS id, time - FROM twitter_post JOIN twitter_user - ON twitter_post.user = twitter_user.id - WHERE twitter_post.status = 'scheduled' ORDER BY time"); +$scheduled = $dbConnection->fetchAll('SELECT username, text, status, twitter_post.id AS id, time ' . + 'FROM twitter_post JOIN twitter_user ON twitter_post.user = twitter_user.id ' . + 'WHERE twitter_post.status = \'scheduled\' ORDER BY time'); adminhead('Manage Character Twitters'); adminmenu(); diff --git a/composer.json b/composer.json new file mode 100644 index 0000000..d2d1592 --- /dev/null +++ b/composer.json @@ -0,0 +1,5 @@ +{ + "require": { + "doctrine/dbal": "v2.5.12" + } +} diff --git a/composer.lock b/composer.lock new file mode 100644 index 0000000..f5c2e38 --- /dev/null +++ b/composer.lock @@ -0,0 +1,488 @@ +{ + "_readme": [ + "This file locks the dependencies of your project to a known state", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", + "This file is @generated automatically" + ], + "content-hash": "6b362fc1ca79445eff7965b72a3e900b", + "packages": [ + { + "name": "doctrine/annotations", + "version": "v1.4.0", + "source": { + "type": "git", + "url": "https://github.com/doctrine/annotations.git", + "reference": "54cacc9b81758b14e3ce750f205a393d52339e97" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/doctrine/annotations/zipball/54cacc9b81758b14e3ce750f205a393d52339e97", + "reference": "54cacc9b81758b14e3ce750f205a393d52339e97", + "shasum": "" + }, + "require": { + "doctrine/lexer": "1.*", + "php": "^5.6 || ^7.0" + }, + "require-dev": { + "doctrine/cache": "1.*", + "phpunit/phpunit": "^5.7" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.4.x-dev" + } + }, + "autoload": { + "psr-4": { + "Doctrine\\Common\\Annotations\\": "lib/Doctrine/Common/Annotations" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Roman Borschel", + "email": "roman@code-factory.org" + }, + { + "name": "Benjamin Eberlei", + "email": "kontakt@beberlei.de" + }, + { + "name": "Guilherme Blanco", + "email": "guilhermeblanco@gmail.com" + }, + { + "name": "Jonathan Wage", + "email": "jonwage@gmail.com" + }, + { + "name": "Johannes Schmitt", + "email": "schmittjoh@gmail.com" + } + ], + "description": "Docblock Annotations Parser", + "homepage": "http://www.doctrine-project.org", + "keywords": [ + "annotations", + "docblock", + "parser" + ], + "time": "2017-02-24T16:22:25+00:00" + }, + { + "name": "doctrine/cache", + "version": "v1.6.1", + "source": { + "type": "git", + "url": "https://github.com/doctrine/cache.git", + "reference": "b6f544a20f4807e81f7044d31e679ccbb1866dc3" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/doctrine/cache/zipball/b6f544a20f4807e81f7044d31e679ccbb1866dc3", + "reference": "b6f544a20f4807e81f7044d31e679ccbb1866dc3", + "shasum": "" + }, + "require": { + "php": "~5.5|~7.0" + }, + "conflict": { + "doctrine/common": ">2.2,<2.4" + }, + "require-dev": { + "phpunit/phpunit": "~4.8|~5.0", + "predis/predis": "~1.0", + "satooshi/php-coveralls": "~0.6" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.6.x-dev" + } + }, + "autoload": { + "psr-4": { + "Doctrine\\Common\\Cache\\": "lib/Doctrine/Common/Cache" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Roman Borschel", + "email": "roman@code-factory.org" + }, + { + "name": "Benjamin Eberlei", + "email": "kontakt@beberlei.de" + }, + { + "name": "Guilherme Blanco", + "email": "guilhermeblanco@gmail.com" + }, + { + "name": "Jonathan Wage", + "email": "jonwage@gmail.com" + }, + { + "name": "Johannes Schmitt", + "email": "schmittjoh@gmail.com" + } + ], + "description": "Caching library offering an object-oriented API for many cache backends", + "homepage": "http://www.doctrine-project.org", + "keywords": [ + "cache", + "caching" + ], + "time": "2016-10-29T11:16:17+00:00" + }, + { + "name": "doctrine/collections", + "version": "v1.4.0", + "source": { + "type": "git", + "url": "https://github.com/doctrine/collections.git", + "reference": "1a4fb7e902202c33cce8c55989b945612943c2ba" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/doctrine/collections/zipball/1a4fb7e902202c33cce8c55989b945612943c2ba", + "reference": "1a4fb7e902202c33cce8c55989b945612943c2ba", + "shasum": "" + }, + "require": { + "php": "^5.6 || ^7.0" + }, + "require-dev": { + "doctrine/coding-standard": "~0.1@dev", + "phpunit/phpunit": "^5.7" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.3.x-dev" + } + }, + "autoload": { + "psr-0": { + "Doctrine\\Common\\Collections\\": "lib/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Roman Borschel", + "email": "roman@code-factory.org" + }, + { + "name": "Benjamin Eberlei", + "email": "kontakt@beberlei.de" + }, + { + "name": "Guilherme Blanco", + "email": "guilhermeblanco@gmail.com" + }, + { + "name": "Jonathan Wage", + "email": "jonwage@gmail.com" + }, + { + "name": "Johannes Schmitt", + "email": "schmittjoh@gmail.com" + } + ], + "description": "Collections Abstraction library", + "homepage": "http://www.doctrine-project.org", + "keywords": [ + "array", + "collections", + "iterator" + ], + "time": "2017-01-03T10:49:41+00:00" + }, + { + "name": "doctrine/common", + "version": "v2.7.2", + "source": { + "type": "git", + "url": "https://github.com/doctrine/common.git", + "reference": "930297026c8009a567ac051fd545bf6124150347" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/doctrine/common/zipball/930297026c8009a567ac051fd545bf6124150347", + "reference": "930297026c8009a567ac051fd545bf6124150347", + "shasum": "" + }, + "require": { + "doctrine/annotations": "1.*", + "doctrine/cache": "1.*", + "doctrine/collections": "1.*", + "doctrine/inflector": "1.*", + "doctrine/lexer": "1.*", + "php": "~5.6|~7.0" + }, + "require-dev": { + "phpunit/phpunit": "^5.4.6" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "2.7.x-dev" + } + }, + "autoload": { + "psr-4": { + "Doctrine\\Common\\": "lib/Doctrine/Common" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Roman Borschel", + "email": "roman@code-factory.org" + }, + { + "name": "Benjamin Eberlei", + "email": "kontakt@beberlei.de" + }, + { + "name": "Guilherme Blanco", + "email": "guilhermeblanco@gmail.com" + }, + { + "name": "Jonathan Wage", + "email": "jonwage@gmail.com" + }, + { + "name": "Johannes Schmitt", + "email": "schmittjoh@gmail.com" + } + ], + "description": "Common Library for Doctrine projects", + "homepage": "http://www.doctrine-project.org", + "keywords": [ + "annotations", + "collections", + "eventmanager", + "persistence", + "spl" + ], + "time": "2017-01-13T14:02:13+00:00" + }, + { + "name": "doctrine/dbal", + "version": "v2.5.12", + "source": { + "type": "git", + "url": "https://github.com/doctrine/dbal.git", + "reference": "7b9e911f9d8b30d43b96853dab26898c710d8f44" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/doctrine/dbal/zipball/7b9e911f9d8b30d43b96853dab26898c710d8f44", + "reference": "7b9e911f9d8b30d43b96853dab26898c710d8f44", + "shasum": "" + }, + "require": { + "doctrine/common": ">=2.4,<2.8-dev", + "php": ">=5.3.2" + }, + "require-dev": { + "phpunit/phpunit": "4.*", + "symfony/console": "2.*||^3.0" + }, + "suggest": { + "symfony/console": "For helpful console commands such as SQL execution and import of files." + }, + "bin": [ + "bin/doctrine-dbal" + ], + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "2.5.x-dev" + } + }, + "autoload": { + "psr-0": { + "Doctrine\\DBAL\\": "lib/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Roman Borschel", + "email": "roman@code-factory.org" + }, + { + "name": "Benjamin Eberlei", + "email": "kontakt@beberlei.de" + }, + { + "name": "Guilherme Blanco", + "email": "guilhermeblanco@gmail.com" + }, + { + "name": "Jonathan Wage", + "email": "jonwage@gmail.com" + } + ], + "description": "Database Abstraction Layer", + "homepage": "http://www.doctrine-project.org", + "keywords": [ + "database", + "dbal", + "persistence", + "queryobject" + ], + "time": "2017-02-08T12:53:47+00:00" + }, + { + "name": "doctrine/inflector", + "version": "v1.1.0", + "source": { + "type": "git", + "url": "https://github.com/doctrine/inflector.git", + "reference": "90b2128806bfde671b6952ab8bea493942c1fdae" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/doctrine/inflector/zipball/90b2128806bfde671b6952ab8bea493942c1fdae", + "reference": "90b2128806bfde671b6952ab8bea493942c1fdae", + "shasum": "" + }, + "require": { + "php": ">=5.3.2" + }, + "require-dev": { + "phpunit/phpunit": "4.*" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.1.x-dev" + } + }, + "autoload": { + "psr-0": { + "Doctrine\\Common\\Inflector\\": "lib/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Roman Borschel", + "email": "roman@code-factory.org" + }, + { + "name": "Benjamin Eberlei", + "email": "kontakt@beberlei.de" + }, + { + "name": "Guilherme Blanco", + "email": "guilhermeblanco@gmail.com" + }, + { + "name": "Jonathan Wage", + "email": "jonwage@gmail.com" + }, + { + "name": "Johannes Schmitt", + "email": "schmittjoh@gmail.com" + } + ], + "description": "Common String Manipulations with regard to casing and singular/plural rules.", + "homepage": "http://www.doctrine-project.org", + "keywords": [ + "inflection", + "pluralize", + "singularize", + "string" + ], + "time": "2015-11-06T14:35:42+00:00" + }, + { + "name": "doctrine/lexer", + "version": "v1.0.1", + "source": { + "type": "git", + "url": "https://github.com/doctrine/lexer.git", + "reference": "83893c552fd2045dd78aef794c31e694c37c0b8c" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/doctrine/lexer/zipball/83893c552fd2045dd78aef794c31e694c37c0b8c", + "reference": "83893c552fd2045dd78aef794c31e694c37c0b8c", + "shasum": "" + }, + "require": { + "php": ">=5.3.2" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.0.x-dev" + } + }, + "autoload": { + "psr-0": { + "Doctrine\\Common\\Lexer\\": "lib/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Roman Borschel", + "email": "roman@code-factory.org" + }, + { + "name": "Guilherme Blanco", + "email": "guilhermeblanco@gmail.com" + }, + { + "name": "Johannes Schmitt", + "email": "schmittjoh@gmail.com" + } + ], + "description": "Base library for a lexer that can be used in Top-Down, Recursive Descent Parsers.", + "homepage": "http://www.doctrine-project.org", + "keywords": [ + "lexer", + "parser" + ], + "time": "2014-09-09T13:34:57+00:00" + } + ], + "packages-dev": [], + "aliases": [], + "minimum-stability": "stable", + "stability-flags": [], + "prefer-stable": false, + "prefer-lowest": false, + "platform": [], + "platform-dev": [] +} diff --git a/delete-comic.php b/delete-comic.php index 0f1bff7..89493f9 100644 --- a/delete-comic.php +++ b/delete-comic.php @@ -9,7 +9,7 @@ check_nonce('delete-strip-'.(int)$_REQUEST['strip_id']); if(!deletestrip( $_REQUEST['strip_id'] )) { - adminlog("Error deleting strip $_REQUEST[strip_id]:".mysqli_error(), MTS_STRIP, MTA_DELETE, E_ERROR); + adminlog("Error deleting strip $_REQUEST[strip_id]:".$dbConnection->errorCode(), MTS_STRIP, MTA_DELETE, E_ERROR); mtdie('Error deleting the specified strip.','SQL Error'); } diff --git a/delete-page.php b/delete-page.php index d535cbf..b3fa09d 100644 --- a/delete-page.php +++ b/delete-page.php @@ -9,7 +9,7 @@ check_nonce('delete-page-'.$_REQUEST['page_name']); if(!deletepage( $_REQUEST['page_name'] )) { - adminlog("Error deleting page $_REQUEST[page_name]: ".mysqli_error(), MTS_PAGE, MTA_DELETE, E_ERROR); + adminlog("Error deleting page $_REQUEST[page_name]: ".$dbConnection->errorCode(), MTS_PAGE, MTA_DELETE, E_ERROR); mtdie('Error deleting the specified page.','SQL Error'); } diff --git a/delete-rant.php b/delete-rant.php index 122d598..e368f05 100644 --- a/delete-rant.php +++ b/delete-rant.php @@ -9,7 +9,7 @@ check_nonce('delete-rant-'.(int)$_REQUEST['rant_id']); if(!deleterant( $_REQUEST['rant_id'] )) { - adminlog("Error deleting rant $_REQUEST[rant_id]: ".mysqli_error(), MTS_RANT, MTA_DELETE, E_ERROR); + adminlog("Error deleting rant $_REQUEST[rant_id]: ".$dbConnection->errorCode(), MTS_RANT, MTA_DELETE, E_ERROR); mtdie('Error deleting the specified rant.','SQL Error'); } diff --git a/delete-tweet.php b/delete-tweet.php index e70002e..4a35719 100644 --- a/delete-tweet.php +++ b/delete-tweet.php @@ -12,7 +12,7 @@ $victim = (int)$_REQUEST['tweet_id']; if($victim) { - $r = $mtdb->query("DELETE FROM twitter_post WHERE id = '$victim'"); + $r = $dbConnection->executeUpdate('DELETE FROM twitter_post WHERE id = ?', array($victim)); if(!$r) { adminlog('Error deleting scheduled tweet ' . $victim, MTS_TWITTER, MTA_DELETE, E_ERROR); diff --git a/delete-twitter-user.php b/delete-twitter-user.php index c8069b1..0a50ed8 100644 --- a/delete-twitter-user.php +++ b/delete-twitter-user.php @@ -12,7 +12,7 @@ $victim = (int)$_REQUEST['id']; if($victim) { - $r = $mtdb->query("DELETE FROM twitter_user WHERE id = '$victim'"); + $r = $dbConnection->executeUpdate('DELETE FROM twitter_user WHERE id = ?', array($victim)); if(!$r) { adminlog('Error deleting specified twitter user ' . $victim, MTS_TWITTER, MTA_DELETE, E_ERROR); diff --git a/edit-comic.php b/edit-comic.php index 478b5ac..2ce79cb 100644 --- a/edit-comic.php +++ b/edit-comic.php @@ -35,13 +35,13 @@ if( $_POST ) { if( !is_valid_upload('comicFile') ) { adminlog("Image upload failed.", MTS_STRIP, MTA_ADD, E_WARNING); - mtdie('If you want to upload a new comic, you must provide said comic.','Strip upload failed.'); + mtdie('If you want to upload a new comic, you must provide said comic.', 'Strip upload failed.'); } // get image type and target extension $imagedata = getimagesize($_FILES['comicFile']['tmp_name']); $strip->media = $imagedata[2]; - $fileext = $mtdb->getOne( 'SELECT extension FROM media_t WHERE id = ' . (int)$strip->media ); + $fileext = $dbConnection->fetchColumn('SELECT extension FROM media_t WHERE id = ?', array($strip->media), 0, array(PDO::PARAM_INT)); if(strlen($fileext) < 3) { @@ -53,8 +53,8 @@ if( $_POST ) { // Insert new strip into the database, get a real $strip->id if(!insertstrip( $strip )) { - adminlog("Error on insertion of new strip: ".mysqli_error(), MTS_STRIP, MTA_ADD, E_ERROR); - mtdie('Error on insertion of new strip: '.mysqli_error(), 'SQL Error'); + adminlog("Error on insertion of new strip: ".$dbConnection->errorCode(), MTS_STRIP, MTA_ADD, E_ERROR); + mtdie('Error on insertion of new strip: '.$dbConnection->errorCode(), 'SQL Error'); } // Store the uploaded file to xxxx-0.ext @@ -86,7 +86,7 @@ if( $_POST ) { $imagedata = getimagesize($_FILES['comicFile']['tmp_name']); $strip->media = $imagedata[2]; } - $fileext = $mtdb->getOne( 'SELECT extension FROM media_t WHERE id=' . (int)$strip->media ); + $fileext = $dbConnection->fetchColumn('SELECT extension FROM media_t WHERE id = ?', array($strip->media), 0, array(PDO::PARAM_INT)); if(strlen($fileext) < 3) { @@ -99,7 +99,7 @@ if( $_POST ) { if(!updatestrip( $strip ) ) { adminlog("Failed to update strip ".$strip->id.".", MTS_STRIP, MTA_UPDATE); - mtdie('Error updating strip: ' . mysqli_error(), 'SQL Error'); + mtdie('Error updating strip: ' . $dbConnection->errorCode(), 'SQL Error'); } if( is_valid_upload('comicFile') ) { // If uploading, store the uploaded file to xxxx-n.ext @@ -178,7 +178,7 @@ adminmenu('manage-comics.php');

Comic Type

getAll('select id,name from contributor'); + $contrib = $dbConnection->fetchAll('SELECT id, name FROM contributor'); foreach( $contrib as $k=>$v ) { printf('', htmlentities($v->id, ENT_COMPAT, 'UTF-8'), ( $v->id == $rant->author ? 'selected="selected"' : '' ), htmlentities($v->name) ); } ?> @@ -298,7 +298,7 @@ adminmenu('manage-rants.php');

Attach files:

    getAll('SELECT ra.id AS id, extension FROM rant_attachment ra JOIN media_t ON ra.media = media_t.id WHERE ra.rant = '.$rant->id.' ORDER BY id'); + $attachments = $dbConnection->fetchAll('SELECT ra.id AS id, extension FROM rant_attachment ra JOIN media_t ON ra.media = media_t.id WHERE ra.rant = ? ORDER BY id', array($rant->id)); foreach($attachments as $k=>$v) printf('
  1. %s
    2. ', $v->id, SITE_HOST, SITE_PATH, get_rantattachment_filename($v->id), get_rantattachment_filename($v->id)); ?> diff --git a/fredart_parse.php b/fredart_parse.php index c90c692..011aeee 100644 --- a/fredart_parse.php +++ b/fredart_parse.php @@ -24,12 +24,8 @@ for ($count = 0; $count < 5; $count++) { $entry = $feed->getEntryByOffset($count); - $link = mysqli_real_escape_string($mtdb->link, $entry->link); - $title = mysqli_real_escape_string($mtdb->link, $entry->title); - $date = $entry->pubdate; - $mtdb->query("INSERT INTO fredart (pubdate, title, link) - VALUES (FROM_UNIXTIME($date), '$title', '$link')", false); + $dbConnection->executeUpdate('INSERT INTO fredart (pubdate, title, link) VALUES (FROM_UNIXTIME(?), ?, ?)', array($entry->pubdate, $entry->title, $entry->link)); } header('Content-Type: text/xml'); diff --git a/include/admin.inc.php b/include/admin.inc.php index 30695cd..b14ad0d 100644 --- a/include/admin.inc.php +++ b/include/admin.inc.php @@ -1,12 +1,11 @@ connect( DB_SERVER, DB_WRITE_USER, DB_WRITE_PASS, DB_NAME ); +// Initialize a connection to the database +$dbConfig = new \Doctrine\DBAL\Configuration(); +$dbParams = array( + 'dbname' => DB_NAME, + 'user' => DB_WRITE_USER, + 'password' => DB_WRITE_PASS, + 'host' => DB_SERVER, + 'driver' => 'pdo_mysql', + 'charset' => 'utf8mb4' +); +$dbConnection = \Doctrine\DBAL\DriverManager::getConnection($dbParams, $dbConfig); +$dbConnection->setFetchMode(PDO::FETCH_OBJ); /* TODO: Move these definitions to LocalSettings.php */ if ( !defined('RANTIMG') ) @@ -42,21 +51,20 @@ define('USING_TIDY', false); /* These function are all for core authentication. */ -// Call mysql to hash a password function mt_hash_password($password) { - global $mtdb; - return $mtdb->getOne('SELECT SHA1("' . mysqli_real_escape_string($mtdb->link, $password) . '")') ; + return sha1($password); } -// Remove invalid characters from username. Permit only alpha, underscore, period, at, hypen +// Remove invalid characters from username. Permit only alpha, underscore, period, at, hyphen function sanitize_username( $username ) { return preg_replace('|[^a-z_.@-]|i', '', $username); } // Attempt to login with a username and password. If from cookies, set already_hashed = true. function mt_login($username, $password, $already_hashed = false) { - global $error,$mtdb; + global $error, $dbConnection; + // Fail login if either user or pass is blank if ( '' == $username ) return false; @@ -67,7 +75,11 @@ function mt_login($username, $password, $already_hashed = false) { $username = sanitize_username( $username ); - $login = $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link,password FROM contributor WHERE name = "' . mysqli_real_escape_string($mtdb->link, $username) . '"'); + // Get user info from the database + $sql = 'SELECT * FROM contributor WHERE name LIKE ?'; + $stmt = $dbConnection->executeQuery($sql, array($username)); + $login = $stmt->fetch(); + if (!$login) { $error = ('ERROR: Invalid username or password.'); adminlog("Failed login attempt from ".$_SERVER['REMOTE_ADDR']." for $username.", MTS_LOGIN, MTA_CHANGE); @@ -144,5 +156,4 @@ function nocache_headers() { @ header('Pragma: no-cache'); } - ?> diff --git a/include/cookies.php b/include/cookies.php index 05e2f0d..9fdc5b8 100644 --- a/include/cookies.php +++ b/include/cookies.php @@ -25,7 +25,6 @@ function mt_get_cookie_login() { // Store username and password in a cookie function mt_setcookie($username, $password, $already_md5 = false, $siteurl = '', $remember = false) { - global $mtdb; if ( !$already_md5 ) $password = mt_hash_password($password); diff --git a/include/error.php b/include/error.php index 3d6dc52..aa433f7 100644 --- a/include/error.php +++ b/include/error.php @@ -13,8 +13,7 @@ define('MTS_TYPE_META', 8); // Changes in the metatype manager define('MTS_TUMBLR', 10); - -define('MTA_ADD', 'create'); // Creation action +define('MTA_ADD', 'create'); // Creation action define('MTA_INSERT', 'create'); // Creation action define('MTA_DELETE', 'delete'); // Deletion action define('MTA_REMOVE', 'delete'); // Deletion action @@ -24,21 +23,29 @@ define('MTA_CHANGE', 'update'); // Modification action function adminlog($msg, $section, $action, $level=E_USER_NOTICE, $email=false) { - global $mtdb, $currentuser; + global $dbConnection, $currentuser; - $sql = sprintf('INSERT INTO admin_log (contributor, section, action, level, message) VALUES (%s, %d, "%s", %d, "%s")', - (is_numeric($currentuser->id) ? $currentuser->id : "NULL"), $section, mysqli_real_escape_string($mtdb->link, $action), $level, mysqli_real_escape_string($mtdb->link, $msg)); - $mtdb->query( $sql ) or die($sql."
    ".mysqli_error($mtdb->link)."
    \n".var_export(debug_backtrace())); + $sql = 'INSERT INTO admin_log (contributor, section, action, level, message) VALUES (?, ?, ?, ?, ?)'; + $stmt = $dbConnection->prepare($sql); + $stmt->bindValue(1, is_numeric($currentuser->id) ? $currentuser->id : NULL); + $stmt->bindValue(2, $section); + $stmt->bindValue(3, $action); + $stmt->bindValue(4, $level); + $stmt->bindValue(5, $msg); + $stmt->execute() or die($sql . '
    ' . $stmt->errorCode() . '
    ' . var_export(debug_backtrace())); // Log all important sorts of messages in the Apache log - if( $level & (E_USER_WARNING | E_USER_ERROR) ) { + if( $level & (E_USER_WARNING | E_USER_ERROR) ) + { error_log($msg, 0); } // Email critical messages and those for which email is requested - if($email || E_USER_ERROR == $level || E_ERROR == $level) { + if($email || E_USER_ERROR == $level || E_ERROR == $level) + { // Pretty printing - switch($level) { + switch($level) + { case E_USER_NOTICE: case E_NOTICE: $importance = 'Notice'; @@ -56,7 +63,8 @@ function adminlog($msg, $section, $action, $level=E_USER_NOTICE, $email=false) break; } - switch($section) { + switch($section) + { case MTS_LOGIN: $area = 'User login'; break; case MTS_USER: $area = 'Modify user'; break; case MTS_PAGE: $area = 'Modify page'; break; diff --git a/include/html.php b/include/html.php index 2ad1c6c..422b6cb 100644 --- a/include/html.php +++ b/include/html.php @@ -12,7 +12,7 @@ function adminhead($title = '') { Megatokyo Administrative Dashboard<?php if( $title ) echo " — $title"; ?> - + @@ -41,7 +41,7 @@ $submenu['manage-comics.php'] = array( 'manage-types.php' => 'Types', 'manage-twitter-users.php' => 'Twitter Users', 'manage-metatypes.php' => 'Metatypes', - 'swap-comics.php' => 'Swap Comics', +//'swap-comics.php' => 'Swap Comics', 'character-twitter.php' => 'Character Twitters', 'view-adminlog.php' => 'View Admin Log' ); @@ -155,6 +155,7 @@ function handle_error($errno, $errstr, $errfile, $errline, $errcontext) { case E_CORE_WARNING: case E_COMPILE_WARNING: break; + case E_USER_ERROR: case E_ERROR: case E_PARSE: @@ -164,7 +165,7 @@ function handle_error($errno, $errstr, $errfile, $errline, $errcontext) { header('Content-Type: text/html; charset=utf-8'); if (eregi('^(sql)$', $errstr)) { - $errstr = "SQL Error " . mysqli_errno() . ': ' . mysqli_error(); + // $errstr = "SQL Error " . mysqli_errno() . ': ' . mysqli_error(); } $message = "Error#$errno: $errstr"; @@ -204,7 +205,7 @@ function mtdie($message,$title='') { font-dize: 18px; font-weight: lighter; } - h2 { + h2 { font-size: 16px; } p, li, dt { @@ -222,13 +223,12 @@ function mtdie($message,$title='') {

    Megatokyo Admin

    - $title\n"; ?> + $title\n"; ?>

    getOne('SELECT title FROM rant WHERE id=' . $i); break; - case 'strip': $v = $mtdb->getOne('SELECT id FROM strip WHERE id=' . $i); break; - case 'type': $v = $mtdb->getOne('SELECT name FROM strip_t WHERE id=' . $i); break; - case 'metatype':$v = $mtdb->getOne('SELECT name FROM meta_t WHERE id=' . $i); break; + case 'rant': $v = $dbConnection->fetchColumn('SELECT title FROM rant WHERE id = ?', array($i)); break; + case 'strip': $v = $dbConnection->fetchColumn('SELECT id FROM strip WHERE id = ?', array($i)); break; + case 'type': $v = $dbConnection->fetchColumn('SELECT name FROM strip_t WHERE id = ?', array($i)); break; + case 'metatype':$v = $dbConnection->fetchColumn('SELECT name FROM meta_t WHERE id = ?', array($i)); break; case 'extra': $temp = extra_file_from_inode($i); $v = $temp->name; break; - case 'twitteruser': $v = $mtdb->getOne('SELECT username FROM twitter_user WHERE id=' . $i); break; + case 'twitteruser': $v = $dbConnection->fetchColumn('SELECT username FROM twitter_user WHERE id = ?', array($i)); break; default: $v = $i; } diff --git a/include/pages.php b/include/pages.php index a5ffc88..12dfb83 100644 --- a/include/pages.php +++ b/include/pages.php @@ -1,53 +1,84 @@ url_name) +function savepage($page) +{ + if ($page->url_name) return updatepage($page); else return insertpage($page); } -function insertpage($page) { - global $mtdb; - $sql = 'INSERT INTO static_page ( url_name, status, title, body, style ) VALUES (' - . ' "' . mysqli_real_escape_string($mtdb->link, $page->url_name) - . '", "' . mysqli_real_escape_string($mtdb->link, $page->status) - . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->title ) ) - . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->body ) ) - . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->style ) ) - . '")'; - adminlog("Page '".$page->url_name."' has been added.", MTS_PAGE, MTA_ADD); - return $mtdb->query($sql); +function insertpage($page) +{ + if ( !$page->url_name ) return false; + global $dbConnection; + + $sql = 'INSERT INTO static_page (url_name, status, title, body, style) VALUES (:slug, :status, :title, :body, :style)'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue('slug', $page->url_name); + $stmt->bindValue('status', $page->status); + $stmt->bindValue('title', trim($page->title)); + $stmt->bindValue('body', trim($page->body)); + $stmt->bindValue('style', trim($page->style)); + + adminlog("Page '" . $page->url_name . "' has been added.", MTS_PAGE, MTA_ADD); + return $stmt->execute(); } -function updatepage($page) { +function updatepage($page) +{ if ( !$page->url_name ) return false; - global $mtdb; - - $sql = 'UPDATE static_page SET url_name = "' . mysqli_real_escape_string($mtdb->link, $page->url_name) - . '", status = "' . mysqli_real_escape_string($mtdb->link, $page->status) - . '", title = "' . mysqli_real_escape_string( $mtdb->link, trim( $page->title ) ) - . '", body = "' . mysqli_real_escape_string( $mtdb->link, trim( $page->body ) ) - . '", style = "' . mysqli_real_escape_string( $mtdb->link, trim( $page->style ) ) - . '" WHERE url_name = "' . mysqli_real_escape_string($mtdb->link, $page->url_name) . '"'; - adminlog("Page '".$page->url_name."' has been updated.", MTS_PAGE, MTA_MODIFY); - return $mtdb->query( $sql ); + global $dbConnection; + + $sql = 'UPDATE static_page SET url_name = :slug, status = :status, title = :title, body = :body, style = :style WHERE url_name = :slug'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue('slug', $page->url_name); + $stmt->bindValue('status', $page->status); + $stmt->bindValue('title', trim($page->title)); + $stmt->bindValue('body', trim($page->body)); + $stmt->bindValue('style', trim($page->style)); + + adminlog("Page '" . $page->url_name . "' has been updated.", MTS_PAGE, MTA_MODIFY); + return $stmt->execute(); } -function deletepage($url_name) { +function deletepage($url_name) +{ if ( !$url_name ) return false; - global $mtdb; - adminlog("Page '".$page->url_name."' has been deleted.", MTS_PAGE, MTA_DELETE); - return $mtdb->query( 'DELETE FROM static_page WHERE url_name = "' . mysqli_real_escape_string($mtdb->link, $url_name) . '"' ); + global $dbConnection; + + $sql = 'DELETE FROM static_page WHERE url_name = :slug'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue('slug', $url_name); + + adminlog("Page '" . $page->url_name . "' has been deleted.", MTS_PAGE, MTA_DELETE); + return $stmt->execute(); } -function getpage($url_name) { - global $mtdb; - return $mtdb->getRow( 'SELECT url_name, status, title, body, style FROM static_page WHERE url_name = "'. mysqli_real_escape_string($mtdb->link, $url_name) . '"' ); +function getpage($url_name) +{ + if ( !$url_name ) return false; + global $dbConnection; + + $sql = 'SELECT url_name, status, title, body, style FROM static_page WHERE url_name = :slug'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue('slug', $url_name); + + $stmt->execute(); + return $stmt->fetch(); } ?> diff --git a/include/rants.php b/include/rants.php index 3dd3399..b599705 100644 --- a/include/rants.php +++ b/include/rants.php @@ -1,119 +1,193 @@ id) +function saverant($rant) +{ + if ($rant->id) return updaterant($rant); else return insertrant($rant); } -function insertrant($rant) { - global $mtdb; - $sql = 'INSERT INTO rant ( published, status, side, author, title, body, link, imagetype, imagetext ) VALUES ( FROM_UNIXTIME(' - . (int)$rant->published - . '), "' . mysqli_real_escape_string($mtdb->link, $rant->status) - . '", "' . mysqli_real_escape_string($mtdb->link, $rant->side) - . '", "' . (int)$rant->author - . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->title) ) - . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->body ) ) - . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->link ) ) - . '", ' . mysqli_real_escape_string($mtdb->link, $rant->imagetype) - . ', "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->imagetext ) ) - . '")'; - - if( $mtdb->query( $sql ) ) { +function insertrant($rant) +{ + global $dbConnection; + + $sql = 'INSERT INTO rant (published, status, side, author, title, body, link, imagetype, imagetext) VALUES ' . + '(FROM_UNIXTIME(:published), :status, :side, :author, :title, :body, :link, :imagetype, :imagetext)'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue('published', (int)$rant->published); + $stmt->bindValue('status', $rant->status); + $stmt->bindValue('side', $rant->side); + $stmt->bindValue('author', (int)$rant->author); + $stmt->bindValue('title', trim($rant->title)); + $stmt->bindValue('body', trim($rant->body)); + $stmt->bindValue('link', trim($rant->link)); + $stmt->bindValue('imagetype', $rant->imagetype); + $stmt->bindValue('imagetext', trim($rant->imagetext)); + + if ($stmt->execute()) + { //logthis( 'Saved changes to rant ' . $rant->id ); - $rant->id = mysqli_insert_id( $mtdb->link ); + $rant->id = $dbConnection->lastInsertId(); - adminlog("Rant ".$rant->id." saved.", MTS_RANT, MTA_ADD); + adminlog("Rant " . $rant->id . " saved.", MTS_RANT, MTA_ADD); - if($rant->status == "published") + if ($rant->status == "published") { + adminlog("Rant " . $rant->id . " published.", MTS_RANT, MTA_ADD); + + /* $poster = get_userdatabyid($rant->author); - adminlog("Rant ".$rant->id." published.", MTS_RANT, MTA_ADD); twitterpost("New rant posted by ".$poster->name.": ".SITE_HOST.SITE_PATH."/rant/".$rant->id); if($rant->author === 1) { tumblrpost($rant->title, $rant->body); } + */ } return $rant->id; } + return false; } -function updaterant($rant) { +function updaterant($rant) +{ if ( !(int)$rant->id ) return false; - global $mtdb; - - #first, check if it's published already - $qr = $mtdb->query("SELECT status FROM rant WHERE id = ".$rant->id); - $row = mysqli_fetch_row($qr); - $status = $row[0]; - - adminlog("Rant ".$rant->id." updated.", MTS_RANT, MTA_UPDATE); - - $sql = 'UPDATE rant SET published=FROM_UNIXTIME(' . (int)$rant->published - . '), status = "' . mysqli_real_escape_string($mtdb->link, $rant->status) - . '", side = "' . mysqli_real_escape_string($mtdb->link, $rant->side) - . '", author = ' . (int)$rant->author - . ', title = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->title) ) - . '", body = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->body ) ) - . '", link = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->link ) ) - . '", imagetype = ' . (int)$rant->imagetype - . ', imagetext = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->imagetext) ) - . '" WHERE id=' . (int)$rant->id; - - if($status == "draft" && $rant->status == "published") + global $dbConnection; + + # First, check if it's published already + $sql = 'SELECT status FROM rant WHERE id = ?'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue(1, $rant->id); + + $stmt->execute(); + $status = $stmt->fetchColumn(); + + adminlog("Rant " . $rant->id . " updated.", MTS_RANT, MTA_UPDATE); + + $sql = 'UPDATE rant SET published = FROM_UNIXTIME(:published), status = :status, side = :side, author = :author, ' . + 'title = :title, body = :body, link = :link, imagetype = :imagetype, imagetext = :imagetext WHERE id = :id'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue('id', (int)$rant->id); + $stmt->bindValue('published', (int)$rant->published); + $stmt->bindValue('status', $rant->status); + $stmt->bindValue('side', $rant->side); + $stmt->bindValue('author', (int)$rant->author); + $stmt->bindValue('title', trim($rant->title)); + $stmt->bindValue('body', trim($rant->body)); + $stmt->bindValue('link', trim($rant->link)); + $stmt->bindValue('imagetype', (int)$rant->imagetype); + $stmt->bindValue('imagetext', trim($rant->imagetext)); + + if ($status == "draft" && $rant->status == "published") { + adminlog("Rant " . $rant->id . " published.", MTS_RANT, MTA_UPDATE); + + /* $poster = get_userdatabyid($rant->author); - adminlog("Rant ".$rant->id." published.", MTS_RANT, MTA_UPDATE); twitterpost("New rant posted by ".$poster->name.": ".SITE_HOST.SITE_PATH."/rant/".$rant->id); if($rant->author === 1) { tumblrpost($rant->title, $rant->body); } + */ } - return $mtdb->query( $sql ); + return $stmt->execute(); } -function deleterant($rantid) { +function deleterant($rantid) +{ if ( !(int)$rantid ) return false; - global $mtdb; - adminlog("Rant ".$rantid." deleted.", MTS_RANT, MTA_DELETE); - return $mtdb->query( 'DELETE FROM rant WHERE id=' . $rantid ); + global $dbConnection; + + $sql = 'DELETE FROM rant WHERE id = ?'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue(1, $rantid); + + adminlog("Rant " . $rantid . " deleted.", MTS_RANT, MTA_DELETE); + return $stmt->execute(); } function deleteattachment($id) { - global $mtdb; - $file = SITE_PATH_ABS.'/'.get_rantattachment_filename($id); - unlink( $file ) or adminlog("Could not delete $file", MTS_RANT, MTA_DELETE, E_USER_WARNING); - $mtdb->query( 'DELETE FROM rant_attachment WHERE id = ' . $id ); + global $dbConnection; + + // Remove attachment from filesystem + $file = SITE_PATH_ABS . '/' . get_rantattachment_filename($id); + unlink($file) or adminlog("Could not delete $file", MTS_RANT, MTA_DELETE, E_USER_WARNING); + + // Remove from database + $sql = 'DELETE FROM rant_attachment WHERE id = ?'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue(1, $id); + + $stmt->execute(); adminlog("Deleted attachment $id", MTS_RANT, MTA_DELETE); } -function getrant($id) { - global $mtdb; - return $mtdb->getRow( 'SELECT id, UNIX_TIMESTAMP(published) as published, status, side, author, title, body, link, imagetype, imagetext FROM rant WHERE id = '. (int)$id ); +function getrant($id) +{ + global $dbConnection; + + $sql = 'SELECT id, UNIX_TIMESTAMP(published) as published, status, side, author, title, body, link, imagetype, imagetext FROM rant WHERE id = ?'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue(1, (int)$id); + + $stmt->execute(); + return $stmt->fetch(); } -function get_rantimage_filename( $rant ) { - global $mtdb; - $ext = $mtdb->getOne( 'SELECT extension FROM media_t WHERE id=' . (int)$rant->imagetype ); // filename extension - return sprintf( '%s/%04d.%s',SITE_RANT, (int)$rant->id, $ext ); +function get_rantimage_filename($rant) +{ + global $dbConnection; + + $sql = 'SELECT extension FROM media_t WHERE id = ?'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue(1, (int)$rant->imagetype); + + $stmt->execute(); + $ext = $stmt->fetchColumn(); // filename extension + + return sprintf('%s/%04d.%s', SITE_RANT, (int)$rant->id, $ext); } -function get_rantattachment_filename( $id ) { - global $mtdb; - $ext = $mtdb->getOne( 'SELECT extension FROM media_t JOIN rant_attachment ra ON ra.media = media_t.id WHERE ra.id=' . (int)$id ); // filename extension - return sprintf( '%s/%d.%s',SITE_RANT_ATTACHMENT, (int)$id, $ext ); +function get_rantattachment_filename($id) +{ + global $dbConnection; + + $sql = 'SELECT extension FROM media_t JOIN rant_attachment ra ON ra.media = media_t.id WHERE ra.id = ?'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue(1, (int)$id); + + $stmt->execute(); + $ext = $stmt->fetchColumn(); // filename extension + + return sprintf('%s/%d.%s', SITE_RANT_ATTACHMENT, (int)$id, $ext ); } ?> diff --git a/include/rss.php b/include/rss.php index 3087cb2..be72b2c 100644 --- a/include/rss.php +++ b/include/rss.php @@ -2,13 +2,14 @@ function rsspost($body, $url) { - global $mtdb; + global $dbConnection; - $mtdb->query('INSERT INTO rss_comment (body, url) - VALUES ("'.mysqli_real_escape_string($mtdb->link, $body).'", - "'.mysqli_real_escape_string($mtdb->link, $url).'")'); + $sql = 'INSERT INTO rss_comment (body, url) VALUES (?, ?)'; + $stmt = $dbConnection->prepare($sql); + $stmt->bindValue(1, $body); + $stmt->bindValue(2, $url); - return true; + return $stmt->execute(); } ?> diff --git a/include/strip.php b/include/strip.php index 82eca8c..8c49b7d 100644 --- a/include/strip.php +++ b/include/strip.php @@ -3,8 +3,16 @@ // Book: The offset from 0 at the beginning of time // Page: The offset from 0 at the beginning of the volume -class Strip { - var $id, $old_id, $published, $media, $type, $title, $book, $page; +class Strip +{ + public $id; + public $old_id; + public $published; + public $media; + public $type; + public $title; + public $book; + public $page; } // old_id is used to detect alterations to the strip id in forms. Not saved in database. @@ -12,29 +20,31 @@ class Strip { // Strip id is automatically incremented function insertstrip(&$strip) { - global $mtdb; - - $strip->book = ($strip->book == '') ? 'NULL' : (int)$strip->book; - $strip->page = ($strip->page == '') ? 'NULL' : (int)$strip->page; - - $mtdb->query('START TRANSACTION'); - $newid = $mtdb->getOne('SELECT MAX(id) FROM strip') + 1; - $sql = 'INSERT INTO strip ( id, published, media, type, title, book, page ) VALUES (' - . $newid - . ', FROM_UNIXTIME(' . (int)$strip->published - . '), '. (int)$strip->media - . ', ' . (int)$strip->type - . ', "' . mysqli_real_escape_string( $mtdb->link, trim($strip->title) ) - . '", '. $strip->book - . ', ' . $strip->page - . ')'; - - $r = $mtdb->query( $sql ); + global $dbConnection; + + $strip->book = ($strip->book == '') ? NULL : (int)$strip->book; + $strip->page = ($strip->page == '') ? NULL : (int)$strip->page; + + $dbConnection->beginTransaction(); + $newid = $dbConnection->fetchColumn('SELECT MAX(id) FROM strip') + 1; + + $sql = 'INSERT INTO strip (id, published, media, type, title, book, page) VALUES(?, FROM_UNIXTIME(?), ?, ?, ?, ?, ?)'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue(1, $newid); + $stmt->bindValue(2, $strip->published, PDO::PARAM_INT); + $stmt->bindValue(3, $strip->media, PDO::PARAM_INT); + $stmt->bindValue(4, $strip->type, PDO::PARAM_INT); + $stmt->bindValue(5, trim($strip->title)); + $stmt->bindValue(6, $strip->book); + $stmt->bindValue(7, $strip->page); + + $r = $stmt->execute(); if( !$r ) { - $mtdb->query('ROLLBACK'); + $dbConnection->rollback(); return false; } - $mtdb->query('COMMIT'); + $dbConnection->commit(); adminlog("Comic ".$newid." posted.", MTS_STRIP, MTA_ADD); $strip->id = $newid; @@ -43,22 +53,26 @@ function insertstrip(&$strip) { } function updatestrip(&$strip) { - global $mtdb; - - $strip->book = ($strip->book === '') ? 'NULL' : (int)$strip->book; - $strip->page = ($strip->page === '') ? 'NULL' : (int)$strip->page; - - $mtdb->query('START TRANSACTION'); - $sql = 'UPDATE strip SET - published = FROM_UNIXTIME(' . (int)$strip->published .') - , media = '. (int)$strip->media .' - , type = ' . (int)$strip->type .' - , title = "' . mysqli_real_escape_string( $mtdb->link, trim($strip->title) ) .'" - , book = ' . (int)$strip->book .' - , page = ' . (int)$strip->page .' - WHERE id = ' . (int)$strip->id; - $mtdb->query( $sql ); - $mtdb->query('COMMIT'); + global $dbConnection; + + $strip->book = ($strip->book === '') ? NULL : (int)$strip->book; + $strip->page = ($strip->page === '') ? NULL : (int)$strip->page; + + $dbConnection->beginTransaction(); + + $sql = 'UPDATE strip SET published = FROM_UNIXTIME(?), media = ?, type = ?, title = ?, book = ?, page = ? WHERE id = ?'; + $stmt = $dbConnection->prepare($sql); + + $stmt->bindValue(1, $strip->published, PDO::PARAM_INT); + $stmt->bindValue(2, $strip->media, PDO::PARAM_INT); + $stmt->bindValue(3, $strip->type, PDO::PARAM_INT); + $stmt->bindValue(4, trim($strip->title)); + $stmt->bindValue(5, $strip->book, PDO::PARAM_INT); + $stmt->bindValue(6, $strip->page, PDO::PARAM_INT); + $stmt->bindValue(7, $strip->id, PDO::PARAM_INT); + + $stmt->execute(); + $dbConnection->commit(); adminlog("Comic ".$strip->id." modified.", MTS_STRIP, MTA_MODIFY); return true; } @@ -66,12 +80,12 @@ function updatestrip(&$strip) { // Delete destination strip from DB and FS, and Update/Rename the source strip into place. Destructive Move! function move_strip($from_id, $to_id) { - global $mtdb; + global $dbConnection; $from_id = (int) $from_id; $to_id = (int) $to_id; // Ensure our source exists - $num_strips = $mtdb->getOne( "SELECT COUNT(*) FROM strip WHERE id = $from_id" ); + $num_strips = $dbConnection->fetchColumn('SELECT COUNT(*) FROM strip WHERE id = ?', array($from_id)); if($num_strips < 1) mtdie("Cannot move strip number $from_id, because it cannot be found in database."); @@ -79,8 +93,8 @@ function move_strip($from_id, $to_id) deletestrip( $to_id ); // Update database - $mtdb->query( "UPDATE strip SET id = $to_id WHERE id = $from_id" ); - $strip = $mtdb->getRow( "SELECT strip.id, extension FROM strip, media_t WHERE media_t.id = strip.media AND strip.id = $to_id" ); + $dbConnection->executeUpdate('UPDATE strip SET id = ? WHERE id = ?', array($to_id, $from_id)); + $strip = $dbConnection->executeQuery('SELECT strip.id, extension FROM strip, media_t WHERE media_t.id = strip.media AND strip.id = ?', array($to_id))->fetch(); // Update filesystem foreach(glob(sprintf(SITE_PATH_ABS.'/'.SITE_STRIP.'/%04d.*', $from_id)) as $item) { @@ -101,8 +115,8 @@ function deletestrip($id) { $id = (int)$id; if ( !$id ) return false; - global $mtdb; - $r = $mtdb->query( 'DELETE FROM strip WHERE id=' . $id ); + global $dbConnection; + $r = $dbConnection->executeUpdate('DELETE FROM strip WHERE id = ?', array($id)); foreach(glob(sprintf(SITE_PATH_ABS.'/'.SITE_STRIP.'/%04d*.*', $id)) as $item) unlink($item); foreach(glob(sprintf(SITE_PATH_ABS.'/'.SITE_STRIP.'/restricted/%04d*.*', $id)) as $item) @@ -112,19 +126,19 @@ function deletestrip($id) { } function getstrip($id) { - global $mtdb; - return $mtdb->getRow( 'SELECT id, UNIX_TIMESTAMP(published) as published, type, media, title, book, page FROM strip WHERE id=' . (int)$id); + global $dbConnection; + return $dbConnection->executeQuery('SELECT id, UNIX_TIMESTAMP(published) as published, type, media, title, book, page FROM strip WHERE id = ?', array($id))->fetch(); } function get_stripimage_filename( $strip ) { - global $mtdb; - $ext = $mtdb->getOne( 'SELECT extension FROM media_t WHERE id=' . (int)$strip->media ); // filename extension + global $dbConnection; + $ext = $dbConnection->fetchColumn('SELECT extension FROM media_t WHERE id = ?', array($strip->media)); // filename extension return sprintf( '%s/%04d.%s', SITE_STRIP, $strip->id, $ext ); } function get_stripid_by_rantid($rantid) { - global $mtdb; - return $mtdb->getOne('SELECT MAX(strip.id) FROM strip,rant WHERE strip.published<=rant.published AND rant.id=' . (int)$rantid); + global $dbConnection; + return $dbConnection->fetchColumn('SELECT MAX(strip.id) FROM strip, rant WHERE strip.published <= rant.published AND rant.id = ?', array($rantid)); } ?> diff --git a/include/transcript.php b/include/transcript.php index 2697e25..977f4f0 100644 --- a/include/transcript.php +++ b/include/transcript.php @@ -17,9 +17,9 @@ function bracketbalance($line) // Retrieve transcript for this strip from the database, modifying the strip object. function gettranscript(&$strip) { - global $mtdb; + global $dbConnection; - $result = $mtdb->query('SELECT strip FROM transcript WHERE strip=' . (int)$strip->id ); + $result = $dbConnection->executeQuery('SELECT strip FROM transcript WHERE strip = ?', array($strip->id)); if($result) { @@ -30,16 +30,16 @@ function gettranscript(&$strip) # either way, I care not Might be able to exchange this loop of getOne()s for a getAll() call. */ - $numPanels = $mtdb->getOne( 'SELECT MAX(panel) FROM transcript WHERE transcript.strip=' . (int)$strip->id ); + $numPanels = $dbConnection->fetchColumn('SELECT MAX(panel) FROM transcript WHERE strip = ?', array($strip->id)); if( $numPanels ) { for($i = 1; $i <= $numPanels; $i++) { - $result = $mtdb->query( 'SELECT speaker, speech FROM transcript WHERE transcript.strip=' . (int)$strip->id . ' AND panel=' .$i.' ORDER BY line') - or mtdie("There was an error fetching the panel count in the transcript for $strip->id, panel $i. " . mysqli_error(), 'SQL Error'); + $result = $dbConnection->executeQuery('SELECT speaker, speech FROM transcript WHERE transcript.strip = ? AND panel = ? ORDER BY line', array($strip->id, $i)) + or mtdie("There was an error fetching the panel count in the transcript for $strip->id, panel $i. " . $dbConnection->errorCode(), 'SQL Error'); if(!$result) continue; $output.= "\nnewpanel\n"; - while($row = mysqli_fetch_row($result)) { + while($row = $result->fetch(PDO::FETCH_NUM)) { if(strlen($row[0]) < 1) continue; $output.= $row[0]; @@ -56,16 +56,17 @@ function gettranscript(&$strip) // Parse submitted transcript from strip object, and insert it into the database. function savetranscript( &$strip ) { - global $mtdb; + global $dbConnection; $info = ''; - $mtdb->query('START TRANSACTION'); + $dbConnection->beginTransaction(); //remove any old transcript data - it's being replaced - $mtdb->query( 'DELETE FROM transcript WHERE transcript.strip=' . (int)$strip->id ); + $dbConnection->executeUpdate('DELETE FROM transcript WHERE transcript.strip = ?', array($strip->id)); if( $strip->transcript_posted ) { - $inserter = 'INSERT INTO transcript (strip,panel,line,speaker,speech,search) VALUES (%d,%d,%d,"%s","%s","%s")'; + $insert_sql = 'INSERT INTO transcript (strip, panel, line, speaker, speech, search) VALUES (?, ?, ?, ?, ?, ?)'; + $inserter_types = array(PDO::PARAM_INT, PDO::PARAM_INT, PDO::PARAM_INT, PDO::PARAM_STR, PDO::PARAM_STR, PDO::PARAM_STR); if(strpos($strip->transcript_posted, 'Panel <$n>') !== FALSE) { # This is probably a scrivener script @@ -83,11 +84,11 @@ function savetranscript( &$strip ) { $has_spoken = true; for($j = 0; $j < count($lines); $j++) { - $insert_sql = ''; + $inserter_values = array(); if(strpos($lines[$j], '(') === 0) { # Line is a note, add it as a comment - $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, '#', mysqli_real_escape_string($mtdb->link, $lines[$j]), ''); + $inserter_values = array($strip->id, $i, $j, '#', $lines[$j], ''); } elseif(strpos($lines[$j], '[') === 0 || strlen($lines[$j]) == 0) { # Line is an annotation or blank, do nothing continue; @@ -95,13 +96,13 @@ function savetranscript( &$strip ) { # Line contains a list of nonspeaking characters array_splice($lines, $j, 1, array_map('_nospeaker', explode(',', substr($lines[$j], 11)))); $speaker = trim(substr($lines[$j], 11)); - $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker), '', ''); + $inserter_values = array($strip->id, $i, $j, $speaker, '', ''); } elseif($i > 0 && $lines[$j] == strtoupper($lines[$j])) { # Line designates a new speaker, note speaker # Handle speakers who did not say anything if(null !== $speaker && !$has_spoken) - $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker), '', ''); + $inserter_values = array($strip->id, $i, $j, $speaker, '', ''); $speaker = ucfirst(strtolower($lines[$j])); $has_spoken = false; @@ -111,25 +112,24 @@ function savetranscript( &$strip ) { $info .= "

    Warning: Open brackets do not match close brackets in panel $i for speaker ".htmlentities($speaker).'

    '; $search = preg_replace( '/[[:punct:]]|(?<=\s)\s+/', ' ', strtolower($lines[$j]) ); - $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker), - mysqli_real_escape_string($mtdb->link, $lines[$j]), mysqli_real_escape_string($mtdb->link, $search)); + $inserter_values = array($strip->id, $i, $j, $speaker, $lines[$j], $search); $has_spoken = true; } else { # Line is unrecognized, add it as a comment - $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, '#', mysqli_real_escape_string($mtdb->link, $lines[$j]), ''); + $inserter_values = array($strip->id, $i, $j, '#', $lines[$j], ''); } - if( $insert_sql && false === $mtdb->query( $insert_sql ) ) { - $mtdb->query('ROLLBACK'); - mtdie (mysqli_error($mtdb->link), 'Error inserting transcript.'); + if( $inserter_values && false === $dbConnection->executeUpdate($insert_sql, $inserter_values, $inserter_types) ) { + $dbConnection->rollback(); + mtdie ($dbConnection->errorCode(), 'Error inserting transcript.'); } } if(null !== $speaker && !$has_spoken) { - $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker), '', ''); - if( false === $mtdb->query( $insert_sql ) ) { - $mtdb->query('ROLLBACK'); - mtdie (mysqli_error($mtdb->link), 'Error inserting transcript.'); + $inserter_values = array($strip->id, $i, $j, $speaker, '', ''); + if( false === $dbConnection->executeUpdate($insert_sql, $inserter_values, $inserter_types) ) { + $dbConnection->rollback(); + mtdie ($dbConnection->errorCode(), 'Error inserting transcript.'); } } } @@ -160,17 +160,16 @@ function savetranscript( &$strip ) { if(!bracketbalance($spoken[1])) $info .= "

    Warning: Open brackets do not match close brackets in panel $i for speaker ".htmlentities($spoken[0]).'

    '; - $insert_sql = sprintf($inserter, (int)$strip->id, (int)$i, (int)$j, mysqli_real_escape_string($mtdb->link, $spoken[0]), - mysqli_real_escape_string($mtdb->link, $spoken[1]), mysqli_real_escape_string($mtdb->link, $spoken[2]) ); - if( false === $mtdb->query( $insert_sql ) ) { - $mtdb->query('ROLLBACK'); - mtdie (mysqli_error($mtdb->link), 'Error inserting transcript.'); + $inserter_values = array($strip->id, $i, $j, $spoken[0], $spoken[1], $spoken[2]); + if( false === $dbConnection->executeUpdate($insert_sql, $inserter_values, $inserter_types) ) { + $dbConnection->rollback(); + mtdie ($dbConnection->errorCode(), 'Error inserting transcript.'); } } } } } - $mtdb->query('COMMIT'); + $dbConnection->commit(); return $info; } diff --git a/include/twitter.php b/include/twitter.php index b73dd93..4bab4fa 100644 --- a/include/twitter.php +++ b/include/twitter.php @@ -2,7 +2,9 @@ function twitterpost($message, $user=TWITTER_USER, $password=TWITTER_PASS) { - global $mtdb, $info, $error; + if (!TWITTER_ENABLED) return; + + global $dbConnection, $info, $error; if( $user == '' ) { # preserve existing twitterpost(message) style posting until OAuth has been vetted. $user = TWITTER_USER; @@ -25,7 +27,7 @@ function twitterpost($message, $user=TWITTER_USER, $password=TWITTER_PASS) } else { # OAuth Mode - $row = $mtdb->getRow( sprintf('SELECT id, username, oauth_token, oauth_token_secret FROM twitter_user WHERE username="%s"', mysqli_real_escape_string($mtdb->link, $user))); + $row = $dbConnection->executeQuery('SELECT id, username, oauth_token, oauth_token_secret FROM twitter_user WHERE username = ?', array($user))->fetch(); $username = $row->username; $oauth_token = $row->oauth_token; @@ -53,9 +55,9 @@ function twitterpost($message, $user=TWITTER_USER, $password=TWITTER_PASS) function setOAuthTokens($userid,$oauth_token,$oauth_token_secret, $username) { - global $mtdb; + global $dbConnection; $id = (int)$userid; - if( $mtdb->query( sprintf('UPDATE twitter_user SET oauth_token="%s", oauth_token_secret="%s", username="%s" WHERE id=%d', mysqli_real_escape_string($mtdb->link, $oauth_token), mysqli_real_escape_string($mtdb->link, $oauth_token_secret), mysqli_real_escape_string($mtdb->link, $username), $id )) ) + if ($dbConnection->executeUpdate('UPDATE twitter_user SET oauth_token = ?, oauth_token_secret = ?, username = ? WHERE id = ?', array($oauth_token, $oauth_token_secret, $username, $id))) return true; return false; } diff --git a/include/type.php b/include/type.php index e3741b3..f298165 100644 --- a/include/type.php +++ b/include/type.php @@ -3,21 +3,23 @@ /* Types */ function get_typeByID( $id ) { - global $mtdb; + global $dbConnection; $id = (int)$id; - $r = $mtdb->getRow( 'SELECT id, name, description FROM strip_t WHERE id=' . $id ); - $r->meta = $mtdb->getAll( 'SELECT meta as id from meta where type=' . $id); + $stmt = $dbConnection->executeQuery('SELECT id, name, description FROM strip_t WHERE id = ?', array($id)); + $r = $stmt->fetch(); + $r->meta = $dbConnection->fetchAll('SELECT meta AS id FROM meta WHERE type = ?', array($id)); return $r; } function get_allTypes() { - global $mtdb; - return $mtdb->getRow( 'SELECT id, name, description, meta FROM strip_t' ); + global $dbConnection; + $stmt = $dbConnection->executeQuery('SELECT id, name, description, meta FROM strip_t'); + return $stmt->fetch(); } function get_allMetaTypes() { - global $mtdb; - return $mtdb->getAll("SELECT id, name FROM meta_t"); + global $dbConnection; + return $dbConnection->fetchAll('SELECT id, name FROM meta_t'); } function _getMetaNameFromObject($obj) { diff --git a/include/uploads.php b/include/uploads.php index 796d193..0d9d670 100644 --- a/include/uploads.php +++ b/include/uploads.php @@ -86,11 +86,11 @@ function save_upload_rant_image( $source, $rant ) { function save_upload_rant_attachment( $source, $rant ) { - global $mtdb; + global $dbConnection; $image_data = getimagesize( $source ); - $mtdb->query( "INSERT INTO rant_attachment (rant, media) VALUES ($rant, $image_data[2])" ); - $rant_attachment_id = mysqli_insert_id( $mtdb->link ); + $dbConnection->executeUpdate('INSERT INTO rant_attachment (rant, media) VALUES (?, ?)', array($rant, $image_data[2])); + $rant_attachment_id = $dbConnection->lastInsertId(); if( move_uploaded_file($source, SITE_PATH_ABS.'/'.get_rantattachment_filename($rant_attachment_id) ) ) { $upload_info='

    New rant attachment uploaded for rant '. $rant .'.

    '; diff --git a/include/user.php b/include/user.php index 0a2924a..b658430 100644 --- a/include/user.php +++ b/include/user.php @@ -1,6 +1,6 @@ getRow( 'SELECT id,name,email,nameplate,default_image,default_link FROM contributor WHERE id = ' . (int)$id ); + global $dbConnection; + return $dbConnection->executeQuery('SELECT id, name, email, nameplate, default_image, default_link FROM contributor WHERE id = ?', array($id))->fetch(); } function get_userdatabylogin( $username ) { - global $mtdb; - return $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link FROM contributor WHERE name = "' . mysqli_real_escape_string($mtdb->link, $username) . '"' ); + global $dbConnection; + return $dbConnection->executeQuery('SELECT id, name, email, nameplate, default_image, default_link FROM contributor WHERE name LIKE ?', array($username))->fetch(); } function save_userdata( $user ) { adminlog("Saved changes to user ".$user->id." (".$user->name.").", MTS_USER, MTA_UPDATE); - global $mtdb; - return $mtdb->query( sprintf( 'UPDATE contributor SET email="%s", nameplate="%s", default_image="%s", default_link="%s" WHERE id=%d', - mysqli_real_escape_string($mtdb->link, $user->email), mysqli_real_escape_string($mtdb->link, $user->nameplate), - mysqli_real_escape_string($mtdb->link, $user->default_image), mysqli_real_escape_string($mtdb->link, $user->default_link), $user->id) ); + global $dbConnection; + + return $dbConnection->executeUpdate('UPDATE contributor SET email = ?, nameplate = ?, default_image = ?, default_link = ? WHERE id = ?', + array($user->email, $user->nameplate, $user->default_image, $user->default_link, $user->id)); } function change_password( $user ) { adminlog("Changed password for user ".$user->id." (".$user->name.").", MTS_USER, MTA_UPDATE); - global $mtdb, $currentuser; + global $dbConnection, $currentuser; if( $currentuser->id === $user->id ) mt_setcookie($user->name, $user->password, false, ADMINURL, FALSE ); - return $mtdb->query( 'UPDATE contributor SET password=SHA1( "' . mysqli_real_escape_string($mtdb->link, $user->password) . '" ) WHERE id = "' . mysqli_real_escape_string($mtdb->link, $user->id) . '"' ); + return $dbConnection->executeUpdate('UPDATE contributor SET password = SHA1(?) WHERE id = ?', array($user->password, $user->id)); } ?> diff --git a/index.php b/index.php index dc40a9a..f6c4654 100644 --- a/index.php +++ b/index.php @@ -46,7 +46,7 @@ adminmenu();
      getAll('SELECT UNIX_TIMESTAMP(s.published) AS pubdate, c.name, s.message FROM scratchpad s JOIN contributor c ON s.contributor = c.id ORDER BY published DESC LIMIT 5') ); + $strips = array_reverse( $dbConnection->fetchAll('SELECT UNIX_TIMESTAMP(s.published) AS pubdate, c.name, s.message FROM scratchpad s JOIN contributor c ON s.contributor = c.id ORDER BY published DESC LIMIT 5') ); foreach($strips as $k=>$v) { @@ -63,7 +63,7 @@ adminmenu();

      Recent Strips

        getAll("SELECT distinct id, title, UNIX_TIMESTAMP(published) as date FROM strip WHERE published <= NOW() order by id DESC LIMIT 5"); +$strips = $dbConnection->fetchAll('SELECT id, title, UNIX_TIMESTAMP(published) as date FROM strip WHERE published <= NOW() order by id DESC LIMIT 5'); foreach($strips as $k=>$v) { printf( '
      • %d: %s, %s ago
        • ', $v->id, SITE_HOST . SITE_PATH, $v->id, htmlspecialchars($v->title), human_time_diff($v->date) ); @@ -74,7 +74,7 @@ foreach($strips as $k=>$v) {

        Upcoming Strips

          getAll("SELECT distinct id, title, UNIX_TIMESTAMP(published) as date FROM strip WHERE published > NOW() order by id ASC LIMIT 5"); +$strips = $dbConnection->fetchAll('SELECT id, title, UNIX_TIMESTAMP(published) as date FROM strip WHERE published > NOW() order by id ASC LIMIT 5'); foreach($strips as $k=>$v) { printf( '
        • %d: %s, in %s
          • ', $v->id, SITE_HOST . SITE_PATH . '/' . SITE_ADMIN, $v->id, htmlspecialchars($v->title), human_time_diff($v->date) ); @@ -85,7 +85,7 @@ foreach($strips as $k=>$v) {

          Recent Published Rants

            getAll('SELECT distinct rant.id,UNIX_TIMESTAMP(rant.published) as date,rant.title,contributor.name from rant,contributor where rant.author=contributor.id AND rant.status=\'published\' ORDER BY rant.published DESC limit 5'); +$rants = $dbConnection->fetchAll('SELECT rant.id,UNIX_TIMESTAMP(rant.published) as date,rant.title,contributor.name from rant,contributor where rant.author=contributor.id AND rant.status=\'published\' ORDER BY rant.published DESC limit 5'); foreach($rants as $k=>$v) { printf( '
          • %d: %s by %s, %s ago
            • ', $v->id, SITE_HOST . SITE_PATH, $v->id, htmlspecialchars($v->title), htmlspecialchars($v->name), human_time_diff($v->date) ); @@ -96,7 +96,7 @@ foreach($rants as $k=>$v) {

            Recent Draft Rants

              getAll('SELECT distinct rant.id,UNIX_TIMESTAMP(rant.published) as date,rant.title,contributor.name from rant,contributor where rant.author=contributor.id AND rant.status=\'draft\' ORDER BY rant.published DESC limit 5'); +$rants = $dbConnection->fetchAll('SELECT rant.id,UNIX_TIMESTAMP(rant.published) as date,rant.title,contributor.name from rant,contributor where rant.author=contributor.id AND rant.status=\'draft\' ORDER BY rant.published DESC limit 5'); foreach($rants as $k=>$v) { printf( '
            • %d: %s by %s, %s ago
              • ', $v->id, SITE_HOST . ADMIN_PATH, $v->id, htmlspecialchars($v->title), htmlspecialchars($v->name), human_time_diff($v->date) ); diff --git a/login.php b/login.php index ea3828f..b604d84 100644 --- a/login.php +++ b/login.php @@ -47,7 +47,7 @@ switch( $_REQUEST['action'] ) { Megatokyo Admin › Login - + diff --git a/rss-adminlog.php b/rss-adminlog.php index 6e720e3..a7ace0c 100644 --- a/rss-adminlog.php +++ b/rss-adminlog.php @@ -6,7 +6,7 @@ auth_basic(); $count = isset($_REQUEST['count']) && ctype_digit($_REQUEST['count']) ? $_REQUEST['count'] : 25; -$entries = $mtdb->getAll("SELECT UNIX_TIMESTAMP(l.logdate) AS logdate, c.name AS cname, c.email AS cmail, s.name AS section, action, level, message FROM admin_log l JOIN admin_section s ON l.section = s.id LEFT JOIN contributor c ON l.contributor = c.id ORDER BY l.logdate DESC LIMIT $count"); +$entries = $dbConnection->fetchAll("SELECT UNIX_TIMESTAMP(l.logdate) AS logdate, c.name AS cname, c.email AS cmail, s.name AS section, action, level, message FROM admin_log l JOIN admin_section s ON l.section = s.id JOIN contributor c ON l.contributor = c.id ORDER BY l.logdate DESC LIMIT ?", array($count), array(PDO::PARAM_INT)); header("Content-Type: application/rss+xml;charset=utf-8"); diff --git a/rss-scratchpad.php b/rss-scratchpad.php index d932663..4c8a0bf 100644 --- a/rss-scratchpad.php +++ b/rss-scratchpad.php @@ -6,7 +6,7 @@ auth_basic(); $count = isset($_REQUEST['count']) && ctype_digit($_REQUEST['count']) ? $_REQUEST['count'] : 25; -$entries = $mtdb->getAll("SELECT UNIX_TIMESTAMP(s.published) AS pubdate, c.name AS cname, c.email AS cmail, message FROM scratchpad s JOIN contributor c ON s.contributor = c.id ORDER BY s.published DESC LIMIT $count"); +$entries = $dbConnection->fetchAll('SELECT UNIX_TIMESTAMP(s.published) AS pubdate, c.name AS cname, c.email AS cmail, message FROM scratchpad s JOIN contributor c ON s.contributor = c.id ORDER BY published DESC LIMIT ?', array($count), array(PDO::PARAM_INT)); header("Content-Type: application/rss+xml;charset=utf-8"); diff --git a/rss-striplog.php b/rss-striplog.php index 6d78c2f..c2feaa1 100644 --- a/rss-striplog.php +++ b/rss-striplog.php @@ -4,7 +4,7 @@ require_once('include/admin.inc.php'); $count = isset($_REQUEST['count']) && ctype_digit($_REQUEST['count']) ? $_REQUEST['count'] : 25; -$entries = $mtdb->getAll("SELECT UNIX_TIMESTAMP(l.logdate) AS logdate, s.name AS section, action, message FROM admin_log l JOIN admin_section s ON l.section = s.id WHERE s.name = 'strip' ORDER BY l.logdate DESC LIMIT $count"); +$entries = $dbConnection->fetchAll('SELECT UNIX_TIMESTAMP(l.logdate) AS logdate, s.name AS section, action, message FROM admin_log l JOIN admin_section s ON l.section = s.id WHERE s.name = \'strip\' ORDER BY l.logdate DESC LIMIT ?', array($count), array(PDO::PARAM_INT)); header("Content-Type: application/rss+xml;charset=utf-8"); diff --git a/styles/_fonts.scss b/styles/_fonts.scss index 811801e..6a169f7 100644 --- a/styles/_fonts.scss +++ b/styles/_fonts.scss @@ -1,5 +1,9 @@ @charset "utf-8"; +$fonts-main: "Lucida Grande", "Lucida Sans Unicode", Tahoma, Verdana; +$fonts-news: Georgia, "Times New Roman", Times, serif; +$fonts-input: Verdana, Arial, Helvetica, sans-serif; +$fonts-code: "Courier New", Courier, monospace; $font-stack: Verdana, Arial, Helvetica, sans-serif; $banner-font: monospace; $credits-font: Arial, Helvetica, sans-serif; diff --git a/styles/_palette.scss b/styles/_palette.scss index c4ae91b..26454f3 100644 --- a/styles/_palette.scss +++ b/styles/_palette.scss @@ -1,14 +1,21 @@ @charset "utf-8"; +$background-color: #F9FCFE; +$input-background: #F4F4F4; $background: #4C565E; $foreground: #757B81; $infobox: #23272B; +$font-color-normal: #000000; $nl-background: #000000; $comic-background: #FFFFFF; $percent-border: #556677; +$input-border: #B2B2B2; +$button-normal-border: #CCCCCC; +$button-down-border: #999999; +$button-label: #333333; $text-normal: #B7BFC7; $text-accent: #F6B33D; $text-credits: #E4E4D6; diff --git a/wp-admin.css b/styles/wp-admin.scss similarity index 87% rename from wp-admin.css rename to styles/wp-admin.scss index 2ed65ba..7cbb07b 100644 --- a/wp-admin.css +++ b/styles/wp-admin.scss @@ -1,3 +1,7 @@ +@charset "utf-8"; +@import "fonts"; +@import "palette"; + * html #poststuff { height: 100%; /* kill peekaboo bug in IE */ } @@ -9,6 +13,7 @@ body { border: none; } + a { border-bottom: 1px solid #69c; color: #00019b; @@ -21,45 +26,47 @@ a.delete:hover { } #devnews h4 { - font-family: Georgia, "Times New Roman", Times, serif; + font-family: $fonts-news; font-size: 18px; font-weight: normal; } -#planetnews ul { - list-style: none; - margin: 0; - padding: 0; -} - -#planetnews li { - width: 17%; - margin: 1%; - float: left; -} - -#planetnews li a { - display: block; - padding: .5em; - background: #ddd; - height: 6em; - overflow: hidden; -} - -#planetnews cite { - font-size: 11px; -} - -#planetnews li .post { - font-family: Georgia, "Times New Roman", Times, serif; - font-size: 18px; - display: block; - height: 60px; - overflow: hidden; -} - -#planetnews .hidden { - display: none; +#planetnews { + ul { + list-style: none; + margin: 0; + padding: 0; + } + + li { + width: 17%; + margin: 1%; + float: left; + + a { + display: block; + padding: .5em; + background: #ddd; + height: 6em; + overflow: hidden; + } + + .post { + font-family: $fonts-news; + font-size: 18px; + display: block; + height: 60px; + overflow: hidden; + } + } + + cite { + font-size: 11px; + } + + .hidden { + display: none; + } } .readmore { @@ -125,43 +132,43 @@ a:hover { } body { - background: #f9fcfe; - color: #000; + background: $background-color; + color: $font-color-normal; margin: 0; padding: 0; } body, td { - font: 13px "Lucida Grande", "Lucida Sans Unicode", Tahoma, Verdana; + font: 13px $fonts-main; } fieldset { border: none; padding: 3px; -} -fieldset label.selectit { - display: block; - font-size: 11px; - padding: 0 2px; -} + label.selectit { + display: block; + font-size: 11px; + padding: 0 2px; -fieldset label.selectit:hover { - background: #e9e9e9; -} + &:hover { + background: #e9e9e9; + } + } -fieldset legend { - padding: .1em .3em; -} + legend { + padding: .1em .3em; + } -fieldset.options { - padding: 1em; -} + &.options { + padding: 1em; -fieldset.options legend { - font-size: 1.5em; - font-weight: bold; - font-family: Georgia, "Times New Roman", Times, serif; + legend { + font-size: 1.5em; + font-weight: bold; + font-family: $fonts-news; + } + } } form, label input { @@ -198,10 +205,10 @@ p, li, dl, dd, dt { } textarea, input, select { - background: #f4f4f4; - border: 1px solid #b2b2b2; - color: #000; - font: 13px Verdana, Arial, Helvetica, sans-serif; + background: $input-background; + border: 1px solid $input-border; + color: $font-color-normal; + font: 13px $fonts-input; margin: 1px; padding: 3px; } @@ -283,7 +290,7 @@ form#upload #post_content { } .code { - font-family: "Courier New", Courier, monospace; + font-family: $fonts-code; } .commentlist li { @@ -325,24 +332,24 @@ form#upload #post_content { .quicktags, .search { background: #ccc; - color: #000; - font: 12px Georgia, "Times New Roman", Times, serif; + color: $font-color-normal; + font: 12px $fonts-news; } .submit input, .submit input:focus, .button, .button:focus { - background: url( images/fade-butt.png ); - border: 3px double #999; - border-left-color: #ccc; - border-top-color: #ccc; - color: #333; + background: url( ../images/fade-butt.png ); + border: 3px double $button-down-border; + border-left-color: $button-normal-border; + border-top-color: $button-normal-border; + color: $button-label; padding: 0.25em; } .submit input:active, .button:active { - background: #f4f4f4; - border: 3px double #ccc; - border-left-color: #999; - border-top-color: #999; + background: $input-background; + border: 3px double $button-normal-border; + border-left-color: $button-down-border; + border-top-color: $button-down-border; } .button, .button:focus { @@ -401,7 +408,7 @@ form#upload #post_content { } .updated, .confirm { - background: #CFEBF7 url(images/notice.gif) no-repeat 1em; + background: #CFEBF7 url(../images/notice.gif) no-repeat 1em; border: 1px solid #2580B2; margin: 1em 5% 10px; padding: 0 1em 0 3em; @@ -466,7 +473,7 @@ input.disabled, textarea.disabled { } #adminmenu a { - color: #000; + color: $font-color-normal; font-size: 14px; font-weight: normal; margin: 0; @@ -506,7 +513,7 @@ input.disabled, textarea.disabled { } #submenu .current { - background: #f9fcfe; + background: $background-color; border-top: 1px solid #045290; border-right: 2px solid #045290; color: #000; @@ -597,7 +604,7 @@ input.delete:hover { } #ed_toolbar input { - background: #fff url( images/fade-butt.png ) repeat-x 0px -2px; + background: #fff url( ../images/fade-butt.png ) repeat-x 0px -2px; margin: 3px 2px 2px; } @@ -619,7 +626,7 @@ input.delete:hover { } #quicktags #ed_code { - font-family: "Courier New", Courier, mono; + font-family: $fonts-code; margin-bottom: 3px; } @@ -673,7 +680,7 @@ input.delete:hover { #login { position: relative; - background: url('images/login-bkg-tile.gif') no-repeat top center; + background: url('../images/login-bkg-tile.gif') no-repeat top center; color: #fff; margin: 5em auto 1em; padding: 20px 0 0; @@ -681,7 +688,7 @@ input.delete:hover { } #login form { - background: url('images/login-bkg-bottom.gif') no-repeat bottom center; + background: url('../images/login-bkg-bottom.gif') no-repeat bottom center; padding: 0 50px 25px; } @@ -697,11 +704,11 @@ input.delete:hover { text-align: center; } -#login p { +#login p { font-size: 12px; } -#login p.message { +#login p.message { width: 310px; margin: 0 auto 1em; } @@ -773,12 +780,12 @@ input.delete:hover { width: 97%; } -#login p label { +#login p label { font-size: 11px; } #login input#rememberme { - background-color: 0e3757; + background-color: #0e3757; } #login #submit { @@ -846,7 +853,7 @@ input.delete:hover { } #template textarea { - font: small 'Courier New', Courier, monospace; + font: small $fonts-code; width: 97%; } @@ -893,7 +900,7 @@ input.delete:hover { font-weight: normal; letter-spacing: -.05em; margin: 0; - font-family: Georgia, "Times New Roman", Times, serif + font-family: $fonts-news; } #wphead h1 span { @@ -1098,7 +1105,7 @@ overall, dbx-box is best left as visually unstyled as possible } #your-profile legend { - font-family: Georgia, "Times New Roman", Times, serif; + font-family: $fonts-news; font-size: 22px; } @@ -1113,13 +1120,13 @@ overall, dbx-box is best left as visually unstyled as possible } #moremeta .dbx-content { - background: url(images/box-butt.gif) no-repeat bottom right; + background: url(../images/box-butt.gif) no-repeat bottom right; padding-bottom: 10px; padding-right: 2px; } #moremeta fieldset.dbx-box-closed { - background: url(images/box-butt.gif) no-repeat bottom; + background: url(../images/box-butt.gif) no-repeat bottom; padding-bottom: 9px; } @@ -1136,11 +1143,11 @@ overall, dbx-box is best left as visually unstyled as possible #moremeta .dbx-handle { padding: 6px 1em 2px; font-size: 12px; - background: #2685af url(images/box-head.gif) no-repeat right; + background: #2685af url(../images/box-head.gif) no-repeat right; } #moremeta .dbx-box { - background: url(images/box-bg.gif) repeat-y right; + background: url(../images/box-bg.gif) repeat-y right; } #advancedstuff h3.dbx-handle { @@ -1149,17 +1156,17 @@ overall, dbx-box is best left as visually unstyled as possible padding: 6px 1em 0 3px; height: 19px; font-size: 12px; - background: #2685af url(images/box-head-right.gif) no-repeat top right; + background: #2685af url(../images/box-head-right.gif) no-repeat top right; } #advancedstuff div.dbx-handle-wrapper { margin: 0 0 0 -7px; - background: #fff url(images/box-head-left.gif) no-repeat top left; + background: #fff url(../images/box-head-left.gif) no-repeat top left; } #advancedstuff div.dbx-content { margin-left: 8px; - background: url(images/box-bg-right.gif) repeat-y right; + background: url(../images/box-bg-right.gif) repeat-y right; padding: 10px 10px 15px 0px; } @@ -1171,26 +1178,26 @@ overall, dbx-box is best left as visually unstyled as possible #advancedstuff div.dbx-content-wrapper { margin-left: -7px; margin-right: 0; - background: url(images/box-bg-left.gif) repeat-y left; + background: url(../images/box-bg-left.gif) repeat-y left; } #advancedstuff fieldset.dbx-box { padding-bottom: 9px; margin-left: 6px; - background: url(images/box-butt-right.gif) no-repeat bottom right; + background: url(../images/box-butt-right.gif) no-repeat bottom right; } #advancedstuff div.dbx-box-wrapper { - background: url(images/box-butt-left.gif) no-repeat bottom left; + background: url(../images/box-butt-left.gif) no-repeat bottom left; } #advancedstuff .dbx-box-closed div.dbx-content-wrapper { padding-bottom: 2px; - background: url(images/box-butt-left.gif) no-repeat bottom left; + background: url(../images/box-butt-left.gif) no-repeat bottom left; } #advancedstuff .dbx-box { - background: url(images/box-butt-right.gif) no-repeat bottom right; + background: url(../images/box-butt-right.gif) no-repeat bottom right; } @@ -1203,7 +1210,7 @@ overall, dbx-box is best left as visually unstyled as possible a.dbx-toggle, a.dbx-toggle:visited { display:block; overflow: hidden; - background-image: url( images/toggle.gif ); + background-image: url( ../images/toggle.gif ); position: absolute; top: 0px; right: 0px; @@ -1308,7 +1315,7 @@ input #catadd { } #edButtons input.edButtonBack, #edButtons input.edButtonBack:active { - background: #fff url( images/fade-butt.png ) repeat-x 0px 15px; + background: #fff url( ../images/fade-butt.png ) repeat-x 0px 15px; border-bottom: 1px solid #ccc; } @@ -1336,6 +1343,6 @@ a.page-numbers:hover { margin: 0 6px; } -ul.historic { +ul.historic { margin-bottom: 1em; -} \ No newline at end of file +} diff --git a/swap-comics.php b/swap-comics.php index 64c698d..b208b92 100644 --- a/swap-comics.php +++ b/swap-comics.php @@ -19,9 +19,9 @@ if($_POST) swap_strips( $a, $b ); - close($f); + fclose($f); - $info.='

              Strips $a and $b swapped successfully.

              '; + $info.="

              Strips $a and $b swapped successfully.

              "; adminlog("Strips $a and $b have been swapped.", MTS_STRIP, MTA_MODIFY); } diff --git a/twitter-scheduled.php b/twitter-scheduled.php index e57d984..17abe7d 100644 --- a/twitter-scheduled.php +++ b/twitter-scheduled.php @@ -4,13 +4,8 @@ require_once('include/admin.inc.php'); // First, the quick hack way. May become neccessary to parallelize later. -$tweets = $mtdb->getAll("SELECT username, password, text, status, twitter_post.id AS id - FROM twitter_post JOIN twitter_user - ON twitter_post.user = twitter_user.id - WHERE twitter_post.status = 'scheduled' - AND time >= NOW() - AND time < TIMESTAMPADD(" . RUN_INTERVAL . ", NOW()) -"); +$tweets = $dbConnection->fetchAll('SELECT username, password, text, status, tp.id AS id FROM twitter_post tp JOIN twitter_user tu ON tp.user = tu.id ' . + 'WHERE tp.status = \'scheduled\' AND time >= NOW() AND time < TIMESTAMPADD(?, NOW())', array(RUN_INTERVAL)); // Check if we actually have any tweets. If not, bail. if(count($tweets) === 0) @@ -23,7 +18,7 @@ if(count($tweets) === 0) foreach($tweets as $t) { // Lock the tweet - $mtdb->query("UPDATE twitter_post SET status = 'locked' WHERE id = ".(int)$t->id." AND status = 'scheduled'", false); + $dbConnection->executeUpdate('UPDATE twitter_post SET status = \'locked\' WHERE id = ? AND status = \'scheduled\'', array($t->id)); if(twitterpost($t->text, $t->username, $t->password)) { @@ -39,7 +34,7 @@ foreach($tweets as $t) } // Unlock tweet, update db. - $mtdb->query("UPDATE twitter_post SET status = '".mysqli_real_escape_string($mtdb->link, $t->status)."' WHERE status = 'locked' AND id = ".(int)$t->id, false); + $dbConnection->executeUpdate('UPDATE twitter_post SET status = ? WHERE status = \'locked\' AND id = ?', array($t->status, $t->id)); } ?> diff --git a/user-edit.php b/user-edit.php index d2c15b4..bd5e4a5 100644 --- a/user-edit.php +++ b/user-edit.php @@ -15,7 +15,7 @@ if( isset($_POST['edit']) ) { copy(RANTIMG.'default', RANTIMG.$username.'.png'); - $mtdb->query( 'INSERT INTO contributor (name, default_image) VALUES ("' . mysqli_real_escape_string($mtdb->link, $username) . '", "'.$username.'.png")' ); + $dbConnection->executeUpdate('INSERT INTO contributor (name, default_image) VALUES (?, ?)', array($username, $username . '.png')); $user = get_userdatabylogin( $username ); $userid = $user->id; $info.='

              User Account Created

              '; @@ -37,7 +37,7 @@ if( isset($_POST['edit']) ) { $error.='

              New passwords do not match.

              '; } else { /* password change */ - if( ! $mtdb->getOne( 'SELECT id FROM contributor WHERE id = "' . (int)$user->id . '" AND (password = SHA1("' . mysqli_real_escape_string($mtdb->link, $_POST['password_old']) . '") OR password = "")' )) { + if( ! $dbConnection->fetchColumn('SELECT id FROM contributor WHERE id = ? AND (password = SHA1(?) OR password = "")', array((int)$user->id, $_POST['password_old']))) { $error.='

              Specified password is incorrect.

              '; } else { /* Password match */ diff --git a/users.php b/users.php index 26c5d62..da018c2 100644 --- a/users.php +++ b/users.php @@ -10,11 +10,11 @@ adminhead('Users'); adminmenu(); ?>

              User Administration

              -

              Make changes to accounts for contributers to the website.

              +

              Make changes to accounts for contributors to the website.

              getAll("SELECT id,name,email,nameplate FROM contributor"); +$users = $dbConnection->fetchAll('SELECT id, name, email, nameplate FROM contributor'); ?> diff --git a/view-adminlog.php b/view-adminlog.php index 2edebd7..8fc4531 100644 --- a/view-adminlog.php +++ b/view-adminlog.php @@ -17,10 +17,11 @@ $page = 1; if( isset($_GET['page'] )) $page = (int) $_GET['page']; $perpage = 15; -$start = ($page-1) * $perpage; +$start = ($page - 1) * $perpage; -$total = ceil( $mtdb->getOne("SELECT COUNT(*) FROM admin_log") / $perpage ); -$entries = $mtdb->getAll("SELECT UNIX_TIMESTAMP(l.logdate) AS logstamp, l.logdate AS logdate, c.name AS cname, c.email AS cmail, s.name AS section, action, level, message FROM admin_log l JOIN admin_section s ON l.section = s.id LEFT JOIN contributor c ON l.contributor = c.id ORDER BY l.logdate DESC LIMIT $start,$perpage"); +$total = ceil( $dbConnection->fetchColumn('SELECT COUNT(*) FROM admin_log') / $perpage ); +$entries = $dbConnection->fetchAll('SELECT UNIX_TIMESTAMP(l.logdate) AS logstamp, l.logdate AS logdate, c.name AS cname, s.name AS section, action, level, message ' . + 'FROM admin_log l JOIN admin_section s ON l.section = s.id JOIN contributor c ON l.contributor = c.id ORDER BY l.logdate DESC LIMIT ?, ?', array($start, $perpage), array(PDO::PARAM_INT, PDO::PARAM_INT)); pagination( $page, $total );