From 2f20c71050502f5ba9aeb8ce4a4d1222e1d5766d 2017-06-14 01:08:07 From: DarkMorford Date: 2017-06-14 01:08:07 Subject: [PATCH] Update include/*.php to use mysqli_* functions. --- diff --git a/include/admin.inc.php b/include/admin.inc.php index 75b666a..30695cd 100644 --- a/include/admin.inc.php +++ b/include/admin.inc.php @@ -45,7 +45,7 @@ define('USING_TIDY', false); // Call mysql to hash a password function mt_hash_password($password) { global $mtdb; - return $mtdb->getOne('SELECT SHA1("' . mysql_real_escape_string($password) . '")') ; + return $mtdb->getOne('SELECT SHA1("' . mysqli_real_escape_string($mtdb->link, $password) . '")') ; } // Remove invalid characters from username. Permit only alpha, underscore, period, at, hypen @@ -67,7 +67,7 @@ function mt_login($username, $password, $already_hashed = false) { $username = sanitize_username( $username ); - $login = $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link,password FROM contributor WHERE name = "' . mysql_real_escape_string($username) . '"'); + $login = $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link,password FROM contributor WHERE name = "' . mysqli_real_escape_string($mtdb->link, $username) . '"'); if (!$login) { $error = ('ERROR: Invalid username or password.'); adminlog("Failed login attempt from ".$_SERVER['REMOTE_ADDR']." for $username.", MTS_LOGIN, MTA_CHANGE); @@ -131,7 +131,7 @@ function _redirect($location, $status = 302) { if ( substr(php_sapi_name(), 0, 3) != 'cgi' ) header('Status: '.$status); // This causes problems on IIS and some FastCGI setups - + header("Location: $location"); die(); } diff --git a/include/error.php b/include/error.php index 2dc840e..329a43c 100644 --- a/include/error.php +++ b/include/error.php @@ -25,10 +25,10 @@ define('MTA_CHANGE', 'update'); // Modification action function adminlog($msg, $section, $action, $level=E_USER_NOTICE, $email=false) { global $mtdb, $currentuser; - + $sql = sprintf('INSERT INTO admin_log (contributor, section, action, level, message) VALUES (%s, %d, "%s", %d, "%s")', - (is_numeric($currentuser->id) ? $currentuser->id : "NULL"), $section, mysql_real_escape_string($action), $level, mysql_real_escape_string($msg)); - $mtdb->query( $sql ) or die($sql."
".mysql_error()."
\n".var_export(debug_backtrace())); + (is_numeric($currentuser->id) ? $currentuser->id : "NULL"), $section, mysqli_real_escape_string($mtdb->link, $action), $level, mysqli_real_escape_string($mtdb->link, $msg)); + $mtdb->query( $sql ) or die($sql."
".mysqli_error()."
\n".var_export(debug_backtrace())); // Log all important sorts of messages in the Apache log if( $level & (E_USER_WARNING | E_USER_ERROR) ) { diff --git a/include/pages.php b/include/pages.php index 2ebda84..dbdba59 100644 --- a/include/pages.php +++ b/include/pages.php @@ -14,26 +14,26 @@ function savepage($page) { function insertpage($page) { global $mtdb; $sql = 'INSERT INTO static_page ( url_name, status, title, body, style ) VALUES (' - . ' "' . mysql_real_escape_string($page->url_name) - . '", "' . mysql_real_escape_string($page->status) - . '", "' . mysql_real_escape_string( trim( $page->title ) ) - . '", "' . mysql_real_escape_string( trim( $page->body ) ) - . '", "' . mysql_real_escape_string( trim( $page->style ) ) + . ' "' . mysqli_real_escape_string($mtdb->link, $page->url_name) + . '", "' . mysqli_real_escape_string($mtdb->link, $page->status) + . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->title ) ) + . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->body ) ) + . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->style ) ) . '")'; adminlog("Page '".$page->url_name."' has been added.", MTS_PAGE, MTA_ADD); return $mtdb->query($sql); -} +} function updatepage($page) { if ( !$page->url_name ) return false; global $mtdb; - - $sql = 'UPDATE static_page SET url_name = "' . mysql_real_escape_string($page->url_name) - . '", status = "' . mysql_real_escape_string($page->status) - . '", title = "' . mysql_real_escape_string( trim($page->title) ) - . '", body = "' . mysql_real_escape_string( trim($page->body ) ) - . '", style = "' . mysql_real_escape_string( trim($page->style ) ) - . '" WHERE url_name = "' . mysql_real_escape_string($page->url_name) . '"'; + + $sql = 'UPDATE static_page SET url_name = "' . mysqli_real_escape_string($page->url_name) + . '", status = "' . mysqli_real_escape_string($mtdb->link, $page->status) + . '", title = "' . mysqli_real_escape_string( trim($mtdb->link, $page->title) ) + . '", body = "' . mysqli_real_escape_string( trim($mtdb->link, $page->body ) ) + . '", style = "' . mysqli_real_escape_string( trim($mtdb->link, $page->style ) ) + . '" WHERE url_name = "' . mysqli_real_escape_string($mtdb->link, $page->url_name) . '"'; adminlog("Page '".$page->url_name."' has been updated.", MTS_PAGE, MTA_MODIFY); return $mtdb->query( $sql ); } @@ -42,12 +42,12 @@ function deletepage($url_name) { if ( !$url_name ) return false; global $mtdb; adminlog("Page '".$page->url_name."' has been deleted.", MTS_PAGE, MTA_DELETE); - return $mtdb->query( 'DELETE FROM static_page WHERE url_name = "' . mysql_real_escape_string($url_name) . '"' ); + return $mtdb->query( 'DELETE FROM static_page WHERE url_name = "' . mysqli_real_escape_string($mtdb->link, $url_name) . '"' ); } function getpage($url_name) { global $mtdb; - return $mtdb->getRow( 'SELECT url_name, status, title, body, style FROM static_page WHERE url_name = "'. mysql_real_escape_string($url_name) . '"' ); + return $mtdb->getRow( 'SELECT url_name, status, title, body, style FROM static_page WHERE url_name = "'. mysqli_real_escape_string($mtdb->link, $url_name) . '"' ); } ?> diff --git a/include/rants.php b/include/rants.php index 6dca332..3dd3399 100644 --- a/include/rants.php +++ b/include/rants.php @@ -15,22 +15,22 @@ function insertrant($rant) { global $mtdb; $sql = 'INSERT INTO rant ( published, status, side, author, title, body, link, imagetype, imagetext ) VALUES ( FROM_UNIXTIME(' . (int)$rant->published - . '), "' . mysql_real_escape_string($rant->status) - . '", "' . mysql_real_escape_string($rant->side) + . '), "' . mysqli_real_escape_string($mtdb->link, $rant->status) + . '", "' . mysqli_real_escape_string($mtdb->link, $rant->side) . '", "' . (int)$rant->author - . '", "' . mysql_real_escape_string( trim( $rant->title) ) - . '", "' . mysql_real_escape_string( trim( $rant->body ) ) - . '", "' . mysql_real_escape_string( trim( $rant->link ) ) - . '", ' . mysql_real_escape_string($rant->imagetype) - . ', "' . mysql_real_escape_string( trim( $rant->imagetext ) ) + . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->title) ) + . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->body ) ) + . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->link ) ) + . '", ' . mysqli_real_escape_string($mtdb->link, $rant->imagetype) + . ', "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->imagetext ) ) . '")'; - + if( $mtdb->query( $sql ) ) { //logthis( 'Saved changes to rant ' . $rant->id ); - $rant->id = mysql_insert_id( $mtdb->link ); - + $rant->id = mysqli_insert_id( $mtdb->link ); + adminlog("Rant ".$rant->id." saved.", MTS_RANT, MTA_ADD); - + if($rant->status == "published") { $poster = get_userdatabyid($rant->author); @@ -41,34 +41,34 @@ function insertrant($rant) { tumblrpost($rant->title, $rant->body); } } - + return $rant->id; } return false; -} +} function updaterant($rant) { if ( !(int)$rant->id ) return false; global $mtdb; - + #first, check if it's published already $qr = $mtdb->query("SELECT status FROM rant WHERE id = ".$rant->id); - $row = mysql_fetch_row($qr); + $row = mysqli_fetch_row($qr); $status = $row[0]; - + adminlog("Rant ".$rant->id." updated.", MTS_RANT, MTA_UPDATE); - + $sql = 'UPDATE rant SET published=FROM_UNIXTIME(' . (int)$rant->published - . '), status = "' . mysql_real_escape_string($rant->status) - . '", side = "' . mysql_real_escape_string($rant->side) + . '), status = "' . mysqli_real_escape_string($mtdb->link, $rant->status) + . '", side = "' . mysqli_real_escape_string($mtdb->link, $rant->side) . '", author = ' . (int)$rant->author - . ', title = "' . mysql_real_escape_string( trim($rant->title) ) - . '", body = "' . mysql_real_escape_string( trim($rant->body ) ) - . '", link = "' . mysql_real_escape_string( trim($rant->link ) ) + . ', title = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->title) ) + . '", body = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->body ) ) + . '", link = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->link ) ) . '", imagetype = ' . (int)$rant->imagetype - . ', imagetext = "' . mysql_real_escape_string( trim($rant->imagetext) ) + . ', imagetext = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->imagetext) ) . '" WHERE id=' . (int)$rant->id; - + if($status == "draft" && $rant->status == "published") { $poster = get_userdatabyid($rant->author); @@ -79,7 +79,7 @@ function updaterant($rant) { tumblrpost($rant->title, $rant->body); } } - + return $mtdb->query( $sql ); } diff --git a/include/rss.php b/include/rss.php index 8f3e4bd..3087cb2 100644 --- a/include/rss.php +++ b/include/rss.php @@ -3,10 +3,10 @@ function rsspost($body, $url) { global $mtdb; - + $mtdb->query('INSERT INTO rss_comment (body, url) - VALUES ("'.mysql_real_escape_string($body).'", - "'.mysql_real_escape_string($url).'")'); + VALUES ("'.mysqli_real_escape_string($mtdb->link, $body).'", + "'.mysqli_real_escape_string($mtdb->link, $url).'")'); return true; } diff --git a/include/strip.php b/include/strip.php index 414c3af..82eca8c 100644 --- a/include/strip.php +++ b/include/strip.php @@ -13,10 +13,10 @@ class Strip { // Strip id is automatically incremented function insertstrip(&$strip) { global $mtdb; - + $strip->book = ($strip->book == '') ? 'NULL' : (int)$strip->book; - $strip->page = ($strip->page == '') ? 'NULL' : (int)$strip->page; - + $strip->page = ($strip->page == '') ? 'NULL' : (int)$strip->page; + $mtdb->query('START TRANSACTION'); $newid = $mtdb->getOne('SELECT MAX(id) FROM strip') + 1; $sql = 'INSERT INTO strip ( id, published, media, type, title, book, page ) VALUES (' @@ -24,11 +24,11 @@ function insertstrip(&$strip) { . ', FROM_UNIXTIME(' . (int)$strip->published . '), '. (int)$strip->media . ', ' . (int)$strip->type - . ', "' . mysql_real_escape_string( trim($strip->title) ) + . ', "' . mysqli_real_escape_string( $mtdb->link, trim($strip->title) ) . '", '. $strip->book . ', ' . $strip->page . ')'; - + $r = $mtdb->query( $sql ); if( !$r ) { $mtdb->query('ROLLBACK'); @@ -36,24 +36,24 @@ function insertstrip(&$strip) { } $mtdb->query('COMMIT'); adminlog("Comic ".$newid." posted.", MTS_STRIP, MTA_ADD); - + $strip->id = $newid; if( $strip->id == 0 ) return false; return true; -} +} function updatestrip(&$strip) { global $mtdb; - + $strip->book = ($strip->book === '') ? 'NULL' : (int)$strip->book; $strip->page = ($strip->page === '') ? 'NULL' : (int)$strip->page; - + $mtdb->query('START TRANSACTION'); $sql = 'UPDATE strip SET published = FROM_UNIXTIME(' . (int)$strip->published .') , media = '. (int)$strip->media .' , type = ' . (int)$strip->type .' - , title = "' . mysql_real_escape_string( trim($strip->title) ) .'" + , title = "' . mysqli_real_escape_string( $mtdb->link, trim($strip->title) ) .'" , book = ' . (int)$strip->book .' , page = ' . (int)$strip->page .' WHERE id = ' . (int)$strip->id; @@ -61,7 +61,7 @@ function updatestrip(&$strip) { $mtdb->query('COMMIT'); adminlog("Comic ".$strip->id." modified.", MTS_STRIP, MTA_MODIFY); return true; -} +} // Delete destination strip from DB and FS, and Update/Rename the source strip into place. Destructive Move! function move_strip($from_id, $to_id) @@ -69,7 +69,7 @@ function move_strip($from_id, $to_id) global $mtdb; $from_id = (int) $from_id; $to_id = (int) $to_id; - + // Ensure our source exists $num_strips = $mtdb->getOne( "SELECT COUNT(*) FROM strip WHERE id = $from_id" ); if($num_strips < 1) @@ -77,7 +77,7 @@ function move_strip($from_id, $to_id) // Ready the destination deletestrip( $to_id ); - + // Update database $mtdb->query( "UPDATE strip SET id = $to_id WHERE id = $from_id" ); $strip = $mtdb->getRow( "SELECT strip.id, extension FROM strip, media_t WHERE media_t.id = strip.media AND strip.id = $to_id" ); @@ -100,7 +100,7 @@ function swap_strips( $from_id, $to_id ) { function deletestrip($id) { $id = (int)$id; if ( !$id ) return false; - + global $mtdb; $r = $mtdb->query( 'DELETE FROM strip WHERE id=' . $id ); foreach(glob(sprintf(SITE_PATH_ABS.'/'.SITE_STRIP.'/%04d*.*', $id)) as $item) diff --git a/include/transcript.php b/include/transcript.php index 4493cf7..cf0196d 100644 --- a/include/transcript.php +++ b/include/transcript.php @@ -5,12 +5,12 @@ function bracketbalance($line) #first, if no angle brackets, we're OK if(substr_count($line, "<") == 0 && substr_count($line, ">") == 0) return true; - + if(substr_count($line, "<") != substr_count($line, ">")) { return false; } - + return true; } @@ -18,7 +18,7 @@ function bracketbalance($line) function gettranscript(&$strip) { global $mtdb; - + $result = $mtdb->query('SELECT strip FROM transcript WHERE strip=' . (int)$strip->id ); if($result) @@ -34,14 +34,14 @@ function gettranscript(&$strip) if( $numPanels ) { for($i = 1; $i <= $numPanels; $i++) { $result = $mtdb->query( 'SELECT speaker, speech FROM transcript WHERE transcript.strip=' . (int)$strip->id . ' AND panel=' .$i.' ORDER BY line') - or mtdie("There was an error fetching the panel count in the transcript for $strip->id, panel $i. " . mysql_error(), 'SQL Error'); - + or mtdie("There was an error fetching the panel count in the transcript for $strip->id, panel $i. " . mysqli_error(), 'SQL Error'); + if(!$result) continue; - + $output.= "\nnewpanel\n"; - while($row = mysql_fetch_row($result)) { + while($row = mysqli_fetch_row($result)) { if(strlen($row[0]) < 1) continue; - + $output.= $row[0]; if($row[1] !== '') $output.= ":: ".$row[1]; $output.= "\n"; @@ -58,9 +58,9 @@ function gettranscript(&$strip) function savetranscript( &$strip ) { global $mtdb; $info = ''; - + $mtdb->query('START TRANSACTION'); - + //remove any old transcript data - it's being replaced $mtdb->query( 'DELETE FROM transcript WHERE transcript.strip=' . (int)$strip->id ); @@ -87,7 +87,7 @@ function savetranscript( &$strip ) { if(strpos($lines[$j], '(') === 0) { # Line is a note, add it as a comment - $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, '#', mysql_real_escape_string($lines[$j]), ''); + $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, '#', mysqli_real_escape_string($mtdb->link, $lines[$j]), ''); } elseif(strpos($lines[$j], '[') === 0 || strlen($lines[$j]) == 0) { # Line is an annotation or blank, do nothing continue; @@ -95,13 +95,13 @@ function savetranscript( &$strip ) { # Line contains a list of nonspeaking characters array_splice($lines, $j, 1, array_map('_nospeaker', explode(',', substr($lines[$j], 11)))); $speaker = trim(substr($lines[$j], 11)); - $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysql_real_escape_string($speaker), '', ''); + $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker), '', ''); } elseif($i > 0 && $lines[$j] == strtoupper($lines[$j])) { # Line designates a new speaker, note speaker # Handle speakers who did not say anything if(null !== $speaker && !$has_spoken) - $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysql_real_escape_string($speaker), '', ''); + $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker), '', ''); $speaker = ucfirst(strtolower($lines[$j])); $has_spoken = false; @@ -111,29 +111,29 @@ function savetranscript( &$strip ) { $info .= "

Warning: Open brackets do not match close brackets in panel $i for speaker ".htmlentities($speaker).'

'; $search = preg_replace( '/[[:punct:]]|(?<=\s)\s+/', ' ', strtolower($lines[$j]) ); - $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysql_real_escape_string($speaker), - mysql_real_escape_string($lines[$j]), mysql_real_escape_string($search)); + $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker), + mysqli_real_escape_string($mtdb->link, $lines[$j]), mysqli_real_escape_string($mtdb->link, $search)); $has_spoken = true; } else { # Line is unrecognized, add it as a comment - $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, '#', mysql_real_escape_string($lines[$j]), ''); + $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, '#', mysqli_real_escape_string($mtdb->link, $lines[$j]), ''); } if( $insert_sql && false === $mtdb->query( $insert_sql ) ) { $mtdb->query('ROLLBACK'); - mtdie (mysql_error(), 'Error inserting transcript.'); + mtdie (mysqli_error(), 'Error inserting transcript.'); } } if(null !== $speaker && !$has_spoken) { - $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysql_real_escape_string($speaker), '', ''); + $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker), '', ''); if( false === $mtdb->query( $insert_sql ) ) { $mtdb->query('ROLLBACK'); - mtdie (mysql_error(), 'Error inserting transcript.'); + mtdie (mysqli_error(), 'Error inserting transcript.'); } } } - + } else { # Assume that this is a Kalium style transcript @@ -141,30 +141,30 @@ function savetranscript( &$strip ) { $numPanels = count($panels); foreach($panels as $currPanel) $currPanel = trim($currPanel); - + for($i = 1; $i < $numPanels; $i++) { $lines = explode("\n", $panels[$i]); $numLines = count($lines); foreach($lines as $currLine) $currLine = trim($currLine); - + for($j = 1; $j < $numLines; $j++) { $spoken = explode("::", $lines[$j]); // Distinguish between speaker and speech - + $spoken[0] = trim($spoken[0]); // Strip excess whitespace $spoken[1] = trim($spoken[1]); - + if(strlen($spoken[0]) < 1) continue; // Disregard null $spoken[2] = preg_replace('/[[:punct:]]|(?<=\s)\s+/', ' ', strtolower($spoken[1]) ); // Make searchable text - + if(!bracketbalance($spoken[1])) $info .= "

Warning: Open brackets do not match close brackets in panel $i for speaker ".htmlentities($spoken[0]).'

'; - $insert_sql = sprintf($inserter, (int)$strip->id, (int)$i, (int)$j, mysql_real_escape_string($spoken[0]), - mysql_real_escape_string($spoken[1]), mysql_real_escape_string($spoken[2]) ); + $insert_sql = sprintf($inserter, (int)$strip->id, (int)$i, (int)$j, mysqli_real_escape_string($mtdb->link, $spoken[0]), + mysqli_real_escape_string($mtdb->link, $spoken[1]), mysqli_real_escape_string($mtdb->link, $spoken[2]) ); if( false === $mtdb->query( $insert_sql ) ) { $mtdb->query('ROLLBACK'); - mtdie (mysql_error(), 'Error inserting transcript.'); + mtdie (mysqli_error(), 'Error inserting transcript.'); } } } diff --git a/include/twitter.php b/include/twitter.php index b6816ba..952e439 100644 --- a/include/twitter.php +++ b/include/twitter.php @@ -22,20 +22,20 @@ function twitterpost($message, $user=TWITTER_USER, $password=TWITTER_PASS) adminlog("Twitter post failed for user $user!", MTS_TWITTER, MTA_ADD); } return !empty($buffer); - + } else { # OAuth Mode - $row = $mtdb->getRow( sprintf('SELECT id, username, oauth_token, oauth_token_secret FROM twitter_user WHERE username="%s"', mysql_real_escape_string($user))); - + $row = $mtdb->getRow( sprintf('SELECT id, username, oauth_token, oauth_token_secret FROM twitter_user WHERE username="%s"', mysqli_real_escape_string($mtdb->link, $user))); + $username = $row->username; $oauth_token = $row->oauth_token; $oauth_token_secret = $row->oauth_token_secret; - + $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $oauth_token, $oauth_token_secret); - + $parameters = array('status' => $message ); $status = $connection->post('statuses/update', $parameters); - + switch( $connection->http_code ) { case 200: adminlog("Twitter post succeeded for user $username!", MTS_TWITTER, MTA_ADD); @@ -44,10 +44,10 @@ function twitterpost($message, $user=TWITTER_USER, $password=TWITTER_PASS) adminlog("Twitter post failed for user $username!", MTS_TWITTER, MTA_ADD); return false; } - - + + } - + } diff --git a/include/uploads.php b/include/uploads.php index 516add7..796d193 100644 --- a/include/uploads.php +++ b/include/uploads.php @@ -34,7 +34,7 @@ function pre_upload_rant_image( $pathtofile ) { $doing_upload = false; $upload_imagetype = null; $upload_error = false; - + if( false === $image_data ) { $upload_error='

Something wronky happened with that upload, getimagesize() returned false!

'; } elseif( 300 > $image_data[0] ) { @@ -53,7 +53,7 @@ function pre_upload_rant_image( $pathtofile ) { return compact( "upload_error", "doing_upload", "upload_imagetype" ); } -function save_stock_rant_image( $source, $rant ) { +function save_stock_rant_image( $source, $rant ) { if( copy( sprintf( '%s/%s/%s', SITE_PATH_ABS,SITE_RANT,$source), SITE_PATH_ABS .'/'.get_rantimage_filename($rant) ) ) { $upload_info='

Default rant image copied.

'; @@ -72,7 +72,7 @@ function save_upload_rant_image( $source, $rant ) { $upload_info='

New rant image uploaded for rant '. $rant->id .'.

'; } else { $upload_error='

Something went wrong while moving the uploaded image.

'; - } + } } else { if( crop_resize($source, $destination) ) { $upload_info='

New rant image uploaded and resized for rant '. $rant->id .'.

'; @@ -90,14 +90,14 @@ function save_upload_rant_attachment( $source, $rant ) $image_data = getimagesize( $source ); $mtdb->query( "INSERT INTO rant_attachment (rant, media) VALUES ($rant, $image_data[2])" ); - $rant_attachment_id = mysql_insert_id( $mtdb->link ); + $rant_attachment_id = mysqli_insert_id( $mtdb->link ); if( move_uploaded_file($source, SITE_PATH_ABS.'/'.get_rantattachment_filename($rant_attachment_id) ) ) { $upload_info='

New rant attachment uploaded for rant '. $rant .'.

'; adminlog('Rant attachment uploaded', MTS_RANT, MTA_ADD); } else { $upload_error='

Something went wrong while storing the attachment.

'; - } + } return compact("rant_attachment_id","upload_info","upload_error"); } diff --git a/include/user.php b/include/user.php index c8fbdb8..0a2924a 100644 --- a/include/user.php +++ b/include/user.php @@ -8,28 +8,28 @@ function getCurrentUser() { } function get_userdatabyid( $id ) { - global $mtdb; + global $mtdb; return $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link FROM contributor WHERE id = ' . (int)$id ); } function get_userdatabylogin( $username ) { global $mtdb; - return $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link FROM contributor WHERE name = "' . mysql_real_escape_string($username) . '"' ); + return $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link FROM contributor WHERE name = "' . mysqli_real_escape_string($mtdb->link, $username) . '"' ); } function save_userdata( $user ) { adminlog("Saved changes to user ".$user->id." (".$user->name.").", MTS_USER, MTA_UPDATE); global $mtdb; return $mtdb->query( sprintf( 'UPDATE contributor SET email="%s", nameplate="%s", default_image="%s", default_link="%s" WHERE id=%d', - mysql_real_escape_string($user->email), mysql_real_escape_string($user->nameplate), - mysql_real_escape_string($user->default_image), mysql_real_escape_string($user->default_link), $user->id) ); + mysqli_real_escape_string($mtdb->link, $user->email), mysqli_real_escape_string($mtdb->link, $user->nameplate), + mysqli_real_escape_string($mtdb->link, $user->default_image), mysqli_real_escape_string($mtdb->link, $user->default_link), $user->id) ); } function change_password( $user ) { adminlog("Changed password for user ".$user->id." (".$user->name.").", MTS_USER, MTA_UPDATE); global $mtdb, $currentuser; if( $currentuser->id === $user->id ) mt_setcookie($user->name, $user->password, false, ADMINURL, FALSE ); - return $mtdb->query( 'UPDATE contributor SET password=SHA1( "' . mysql_real_escape_string($user->password) . '" ) WHERE id = "' . mysql_real_escape_string($user->id) . '"' ); + return $mtdb->query( 'UPDATE contributor SET password=SHA1( "' . mysqli_real_escape_string($mtdb->link, $user->password) . '" ) WHERE id = "' . mysqli_real_escape_string($mtdb->link, $user->id) . '"' ); } ?>