mt-admin
RSS
Update pages and rants to use DBAL.
darkmorford -
089a8bc9edcb
Not Reviewed
Show More
Add another comment
Collapse all files
TODOs: 0 unresolved 0 Resolved
COMMENTS: 0 General 0 Inline
Show file before | Show file after | Show commentsHide comments
@@ -1,53 +1,84
1 <?php
1 <?php
2
2
3 class Page {
3 class Page
4 var $url_name, $status, $title, $body, $style;
4 {
5 public $url_name;
6 public $status;
7 public $title;
8 public $body;
9 public $style;
5 }
10 }
6
11
7 function savepage($page) {
12 function savepage($page)
8 if($page->url_name)
13 {
14 if ($page->url_name)
9 return updatepage($page);
15 return updatepage($page);
10 else
16 else
11 return insertpage($page);
17 return insertpage($page);
12 }
18 }
13
19
14 function insertpage($page) {
20 function insertpage($page)
15 global $mtdb;
21 {
16 $sql = 'INSERT INTO static_page ( url_name, status, title, body, style ) VALUES ('
22 if ( !$page->url_name ) return false;
17 . ' "' . mysqli_real_escape_string($mtdb->link, $page->url_name)
23 global $dbConnection;
18 . '", "' . mysqli_real_escape_string($mtdb->link, $page->status)
24
19 . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->title ) )
25 $sql = 'INSERT INTO static_page (url_name, status, title, body, style) VALUES (:slug, :status, :title, :body, :style)';
20 . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->body ) )
26 $stmt = $dbConnection->prepare($sql);
21 . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->style ) )
27
22 . '")';
28 $stmt->bindValue('slug', $page->url_name);
23 adminlog("Page '".$page->url_name."' has been added.", MTS_PAGE, MTA_ADD);
29 $stmt->bindValue('status', $page->status);
24 return $mtdb->query($sql);
30 $stmt->bindValue('title', trim($page->title));
31 $stmt->bindValue('body', trim($page->body));
32 $stmt->bindValue('style', trim($page->style));
33
34 adminlog("Page '" . $page->url_name . "' has been added.", MTS_PAGE, MTA_ADD);
35 return $stmt->execute();
25 }
36 }
26
37
27 function updatepage($page) {
38 function updatepage($page)
39 {
28 if ( !$page->url_name ) return false;
40 if ( !$page->url_name ) return false;
29 global $mtdb;
41 global $dbConnection;
30
42
31 $sql = 'UPDATE static_page SET url_name = "' . mysqli_real_escape_string($mtdb->link, $page->url_name)
43 $sql = 'UPDATE static_page SET url_name = :slug, status = :status, title = :title, body = :body, style = :style WHERE url_name = :slug';
32 . '", status = "' . mysqli_real_escape_string($mtdb->link, $page->status)
44 $stmt = $dbConnection->prepare($sql);
33 . '", title = "' . mysqli_real_escape_string( $mtdb->link, trim( $page->title ) )
45
34 . '", body = "' . mysqli_real_escape_string( $mtdb->link, trim( $page->body ) )
46 $stmt->bindValue('slug', $page->url_name);
35 . '", style = "' . mysqli_real_escape_string( $mtdb->link, trim( $page->style ) )
47 $stmt->bindValue('status', $page->status);
36 . '" WHERE url_name = "' . mysqli_real_escape_string($mtdb->link, $page->url_name) . '"';
48 $stmt->bindValue('title', trim($page->title));
37 adminlog("Page '".$page->url_name."' has been updated.", MTS_PAGE, MTA_MODIFY);
49 $stmt->bindValue('body', trim($page->body));
38 return $mtdb->query( $sql );
50 $stmt->bindValue('style', trim($page->style));
51
52 adminlog("Page '" . $page->url_name . "' has been updated.", MTS_PAGE, MTA_MODIFY);
53 return $stmt->execute();
39 }
54 }
40
55
41 function deletepage($url_name) {
56 function deletepage($url_name)
57 {
42 if ( !$url_name ) return false;
58 if ( !$url_name ) return false;
43 global $mtdb;
59 global $dbConnection;
44 adminlog("Page '".$page->url_name."' has been deleted.", MTS_PAGE, MTA_DELETE);
60
45 return $mtdb->query( 'DELETE FROM static_page WHERE url_name = "' . mysqli_real_escape_string($mtdb->link, $url_name) . '"' );
61 $sql = 'DELETE FROM static_page WHERE url_name = :slug';
62 $stmt = $dbConnection->prepare($sql);
63
64 $stmt->bindValue('slug', $url_name);
65
66 adminlog("Page '" . $page->url_name . "' has been deleted.", MTS_PAGE, MTA_DELETE);
67 return $stmt->execute();
46 }
68 }
47
69
48 function getpage($url_name) {
70 function getpage($url_name)
49 global $mtdb;
71 {
50 return $mtdb->getRow( 'SELECT url_name, status, title, body, style FROM static_page WHERE url_name = "'. mysqli_real_escape_string($mtdb->link, $url_name) . '"' );
72 if ( !$url_name ) return false;
73 global $dbConnection;
74
75 $sql = 'SELECT url_name, status, title, body, style FROM static_page WHERE url_name = :slug';
76 $stmt = $dbConnection->prepare($sql);
77
78 $stmt->bindValue('slug', $url_name);
79
80 $stmt->execute();
81 return $stmt->fetch();
51 }
82 }
52
83
53 ?>
84 ?>
Show file before | Show file after | Show commentsHide comments
@@ -1,119 +1,193
1 <?php
1 <?php
2
2
3 class Rant {
3 class Rant
4 var $id, $published, $status, $side, $author, $title, $body, $link, $imagetype, $imagetext;
4 {
5 public $id;
6 public $published;
7 public $status;
8 public $side;
9 public $author;
10 public $title;
11 public $body;
12 public $link;
13 public $imagetype;
14 public $imagetext;
5 }
15 }
6
16
7 function saverant($rant) {
17 function saverant($rant)
8 if($rant->id)
18 {
19 if ($rant->id)
9 return updaterant($rant);
20 return updaterant($rant);
10 else
21 else
11 return insertrant($rant);
22 return insertrant($rant);
12 }
23 }
13
24
14 function insertrant($rant) {
25 function insertrant($rant)
15 global $mtdb;
26 {
16 $sql = 'INSERT INTO rant ( published, status, side, author, title, body, link, imagetype, imagetext ) VALUES ( FROM_UNIXTIME('
27 global $dbConnection;
17 . (int)$rant->published
28
18 . '), "' . mysqli_real_escape_string($mtdb->link, $rant->status)
29 $sql = 'INSERT INTO rant (published, status, side, author, title, body, link, imagetype, imagetext) VALUES ' .
19 . '", "' . mysqli_real_escape_string($mtdb->link, $rant->side)
30 '(FROM_UNIXTIME(:published), :status, :side, :author, :title, :body, :link, :imagetype, :imagetext)';
20 . '", "' . (int)$rant->author
31 $stmt = $dbConnection->prepare($sql);
21 . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->title) )
32
22 . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->body ) )
33 $stmt->bindValue('published', (int)$rant->published);
23 . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->link ) )
34 $stmt->bindValue('status', $rant->status);
24 . '", ' . mysqli_real_escape_string($mtdb->link, $rant->imagetype)
35 $stmt->bindValue('side', $rant->side);
25 . ', "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->imagetext ) )
36 $stmt->bindValue('author', (int)$rant->author);
26 . '")';
37 $stmt->bindValue('title', trim($rant->title));
27
38 $stmt->bindValue('body', trim($rant->body));
28 if( $mtdb->query( $sql ) ) {
39 $stmt->bindValue('link', trim($rant->link));
40 $stmt->bindValue('imagetype', $rant->imagetype);
41 $stmt->bindValue('imagetext', trim($rant->imagetext));
42
43 if ($stmt->execute())
44 {
29 //logthis( 'Saved changes to rant ' . $rant->id );
45 //logthis( 'Saved changes to rant ' . $rant->id );
30 $rant->id = mysqli_insert_id( $mtdb->link );
46 $rant->id = $dbConnection->lastInsertId();
31
47
32 adminlog("Rant ".$rant->id." saved.", MTS_RANT, MTA_ADD);
48 adminlog("Rant " . $rant->id . " saved.", MTS_RANT, MTA_ADD);
33
49
34 if($rant->status == "published")
50 if ($rant->status == "published")
35 {
51 {
52 adminlog("Rant " . $rant->id . " published.", MTS_RANT, MTA_ADD);
53
54 /*
36 $poster = get_userdatabyid($rant->author);
55 $poster = get_userdatabyid($rant->author);
37 adminlog("Rant ".$rant->id." published.", MTS_RANT, MTA_ADD);
38 twitterpost("New rant posted by ".$poster->name.": ".SITE_HOST.SITE_PATH."/rant/".$rant->id);
56 twitterpost("New rant posted by ".$poster->name.": ".SITE_HOST.SITE_PATH."/rant/".$rant->id);
39
57
40 if($rant->author === 1) {
58 if($rant->author === 1) {
41 tumblrpost($rant->title, $rant->body);
59 tumblrpost($rant->title, $rant->body);
42 }
60 }
61 */
43 }
62 }
44
63
45 return $rant->id;
64 return $rant->id;
46 }
65 }
66
47 return false;
67 return false;
48 }
68 }
49
69
50 function updaterant($rant) {
70 function updaterant($rant)
71 {
51 if ( !(int)$rant->id ) return false;
72 if ( !(int)$rant->id ) return false;
52 global $mtdb;
73 global $dbConnection;
53
74
54 #first, check if it's published already
75 # First, check if it's published already
55 $qr = $mtdb->query("SELECT status FROM rant WHERE id = ".$rant->id);
76 $sql = 'SELECT status FROM rant WHERE id = ?';
56 $row = mysqli_fetch_row($qr);
77 $stmt = $dbConnection->prepare($sql);
57 $status = $row[0];
78
58
79 $stmt->bindValue(1, $rant->id);
59 adminlog("Rant ".$rant->id." updated.", MTS_RANT, MTA_UPDATE);
80
60
81 $stmt->execute();
61 $sql = 'UPDATE rant SET published=FROM_UNIXTIME(' . (int)$rant->published
82 $status = $stmt->fetchColumn();
62 . '), status = "' . mysqli_real_escape_string($mtdb->link, $rant->status)
83
63 . '", side = "' . mysqli_real_escape_string($mtdb->link, $rant->side)
84 adminlog("Rant " . $rant->id . " updated.", MTS_RANT, MTA_UPDATE);
64 . '", author = ' . (int)$rant->author
85
65 . ', title = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->title) )
86 $sql = 'UPDATE rant SET published = FROM_UNIXTIME(:published), status = :status, side = :side, author = :author, ' .
66 . '", body = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->body ) )
87 'title = :title, body = :body, link = :link, imagetype = :imagetype, imagetext = :imagetext WHERE id = :id';
67 . '", link = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->link ) )
88 $stmt = $dbConnection->prepare($sql);
68 . '", imagetype = ' . (int)$rant->imagetype
89
69 . ', imagetext = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->imagetext) )
90 $stmt->bindValue('id', (int)$rant->id);
70 . '" WHERE id=' . (int)$rant->id;
91 $stmt->bindValue('published', (int)$rant->published);
71
92 $stmt->bindValue('status', $rant->status);
72 if($status == "draft" && $rant->status == "published")
93 $stmt->bindValue('side', $rant->side);
94 $stmt->bindValue('author', (int)$rant->author);
95 $stmt->bindValue('title', trim($rant->title));
96 $stmt->bindValue('body', trim($rant->body));
97 $stmt->bindValue('link', trim($rant->link));
98 $stmt->bindValue('imagetype', (int)$rant->imagetype);
99 $stmt->bindValue('imagetext', trim($rant->imagetext));
100
101 if ($status == "draft" && $rant->status == "published")
73 {
102 {
103 adminlog("Rant " . $rant->id . " published.", MTS_RANT, MTA_UPDATE);
104
105 /*
74 $poster = get_userdatabyid($rant->author);
106 $poster = get_userdatabyid($rant->author);
75 adminlog("Rant ".$rant->id." published.", MTS_RANT, MTA_UPDATE);
76 twitterpost("New rant posted by ".$poster->name.": ".SITE_HOST.SITE_PATH."/rant/".$rant->id);
107 twitterpost("New rant posted by ".$poster->name.": ".SITE_HOST.SITE_PATH."/rant/".$rant->id);
77
108
78 if($rant->author === 1) {
109 if($rant->author === 1) {
79 tumblrpost($rant->title, $rant->body);
110 tumblrpost($rant->title, $rant->body);
80 }
111 }
112 */
81 }
113 }
82
114
83 return $mtdb->query( $sql );
115 return $stmt->execute();
84 }
116 }
85
117
86 function deleterant($rantid) {
118 function deleterant($rantid)
119 {
87 if ( !(int)$rantid ) return false;
120 if ( !(int)$rantid ) return false;
88 global $mtdb;
121 global $dbConnection;
89 adminlog("Rant ".$rantid." deleted.", MTS_RANT, MTA_DELETE);
122
90 return $mtdb->query( 'DELETE FROM rant WHERE id=' . $rantid );
123 $sql = 'DELETE FROM rant WHERE id = ?';
124 $stmt = $dbConnection->prepare($sql);
125
126 $stmt->bindValue(1, $rantid);
127
128 adminlog("Rant " . $rantid . " deleted.", MTS_RANT, MTA_DELETE);
129 return $stmt->execute();
91 }
130 }
92
131
93 function deleteattachment($id)
132 function deleteattachment($id)
94 {
133 {
95 global $mtdb;
134 global $dbConnection;
96 $file = SITE_PATH_ABS.'/'.get_rantattachment_filename($id);
135
97 unlink( $file ) or adminlog("Could not delete $file", MTS_RANT, MTA_DELETE, E_USER_WARNING);
136 // Remove attachment from filesystem
98 $mtdb->query( 'DELETE FROM rant_attachment WHERE id = ' . $id );
137 $file = SITE_PATH_ABS . '/' . get_rantattachment_filename($id);
138 unlink($file) or adminlog("Could not delete $file", MTS_RANT, MTA_DELETE, E_USER_WARNING);
139
140 // Remove from database
141 $sql = 'DELETE FROM rant_attachment WHERE id = ?';
142 $stmt = $dbConnection->prepare($sql);
143
144 $stmt->bindValue(1, $id);
145
146 $stmt->execute();
99 adminlog("Deleted attachment $id", MTS_RANT, MTA_DELETE);
147 adminlog("Deleted attachment $id", MTS_RANT, MTA_DELETE);
100 }
148 }
101
149
102 function getrant($id) {
150 function getrant($id)
103 global $mtdb;
151 {
104 return $mtdb->getRow( 'SELECT id, UNIX_TIMESTAMP(published) as published, status, side, author, title, body, link, imagetype, imagetext FROM rant WHERE id = '. (int)$id );
152 global $dbConnection;
153
154 $sql = 'SELECT id, UNIX_TIMESTAMP(published) as published, status, side, author, title, body, link, imagetype, imagetext FROM rant WHERE id = ?';
155 $stmt = $dbConnection->prepare($sql);
156
157 $stmt->bindValue(1, (int)$id);
158
159 $stmt->execute();
160 return $stmt->fetch();
105 }
161 }
106
162
107 function get_rantimage_filename( $rant ) {
163 function get_rantimage_filename($rant)
108 global $mtdb;
164 {
109 $ext = $mtdb->getOne( 'SELECT extension FROM media_t WHERE id=' . (int)$rant->imagetype ); // filename extension
165 global $dbConnection;
110 return sprintf( '%s/%04d.%s',SITE_RANT, (int)$rant->id, $ext );
166
167 $sql = 'SELECT extension FROM media_t WHERE id = ?';
168 $stmt = $dbConnection->prepare($sql);
169
170 $stmt->bindValue(1, (int)$rant->imagetype);
171
172 $stmt->execute();
173 $ext = $stmt->fetchColumn(); // filename extension
174
175 return sprintf('%s/%04d.%s', SITE_RANT, (int)$rant->id, $ext);
111 }
176 }
112
177
113 function get_rantattachment_filename( $id ) {
178 function get_rantattachment_filename($id)
114 global $mtdb;
179 {
115 $ext = $mtdb->getOne( 'SELECT extension FROM media_t JOIN rant_attachment ra ON ra.media = media_t.id WHERE ra.id=' . (int)$id ); // filename extension
180 global $dbConnection;
116 return sprintf( '%s/%d.%s',SITE_RANT_ATTACHMENT, (int)$id, $ext );
181
182 $sql = 'SELECT extension FROM media_t JOIN rant_attachment ra ON ra.media = media_t.id WHERE ra.id = ?';
183 $stmt = $dbConnection->prepare($sql);
184
185 $stmt->bindValue(1, (int)$id);
186
187 $stmt->execute();
188 $ext = $stmt->fetchColumn(); // filename extension
189
190 return sprintf('%s/%d.%s', SITE_RANT_ATTACHMENT, (int)$id, $ext );
117 }
191 }
118
192
119 ?>
193 ?>
Comments 0
You need to be logged in to leave comments. Login now