mt-admin
RSS
Update pages and rants to use DBAL.
darkmorford -
089a8bc9edcb
Not Reviewed
Show More
Add another comment
Collapse all files
TODOs: 0 unresolved 0 Resolved
COMMENTS: 0 General 0 Inline
Show file before | Show file after | Show commentsHide comments
@@ -1,53 +1,84
1 1 <?php
2 2
3 class Page {
4 var $url_name, $status, $title, $body, $style;
3 class Page
4 {
5 public $url_name;
6 public $status;
7 public $title;
8 public $body;
9 public $style;
5 10 }
6 11
7 function savepage($page) {
8 if($page->url_name)
12 function savepage($page)
13 {
14 if ($page->url_name)
9 15 return updatepage($page);
10 16 else
11 17 return insertpage($page);
12 18 }
13 19
14 function insertpage($page) {
15 global $mtdb;
16 $sql = 'INSERT INTO static_page ( url_name, status, title, body, style ) VALUES ('
17 . ' "' . mysqli_real_escape_string($mtdb->link, $page->url_name)
18 . '", "' . mysqli_real_escape_string($mtdb->link, $page->status)
19 . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->title ) )
20 . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->body ) )
21 . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->style ) )
22 . '")';
23 adminlog("Page '".$page->url_name."' has been added.", MTS_PAGE, MTA_ADD);
24 return $mtdb->query($sql);
20 function insertpage($page)
21 {
22 if ( !$page->url_name ) return false;
23 global $dbConnection;
24
25 $sql = 'INSERT INTO static_page (url_name, status, title, body, style) VALUES (:slug, :status, :title, :body, :style)';
26 $stmt = $dbConnection->prepare($sql);
27
28 $stmt->bindValue('slug', $page->url_name);
29 $stmt->bindValue('status', $page->status);
30 $stmt->bindValue('title', trim($page->title));
31 $stmt->bindValue('body', trim($page->body));
32 $stmt->bindValue('style', trim($page->style));
33
34 adminlog("Page '" . $page->url_name . "' has been added.", MTS_PAGE, MTA_ADD);
35 return $stmt->execute();
25 36 }
26 37
27 function updatepage($page) {
38 function updatepage($page)
39 {
28 40 if ( !$page->url_name ) return false;
29 global $mtdb;
30
31 $sql = 'UPDATE static_page SET url_name = "' . mysqli_real_escape_string($mtdb->link, $page->url_name)
32 . '", status = "' . mysqli_real_escape_string($mtdb->link, $page->status)
33 . '", title = "' . mysqli_real_escape_string( $mtdb->link, trim( $page->title ) )
34 . '", body = "' . mysqli_real_escape_string( $mtdb->link, trim( $page->body ) )
35 . '", style = "' . mysqli_real_escape_string( $mtdb->link, trim( $page->style ) )
36 . '" WHERE url_name = "' . mysqli_real_escape_string($mtdb->link, $page->url_name) . '"';
37 adminlog("Page '".$page->url_name."' has been updated.", MTS_PAGE, MTA_MODIFY);
38 return $mtdb->query( $sql );
41 global $dbConnection;
42
43 $sql = 'UPDATE static_page SET url_name = :slug, status = :status, title = :title, body = :body, style = :style WHERE url_name = :slug';
44 $stmt = $dbConnection->prepare($sql);
45
46 $stmt->bindValue('slug', $page->url_name);
47 $stmt->bindValue('status', $page->status);
48 $stmt->bindValue('title', trim($page->title));
49 $stmt->bindValue('body', trim($page->body));
50 $stmt->bindValue('style', trim($page->style));
51
52 adminlog("Page '" . $page->url_name . "' has been updated.", MTS_PAGE, MTA_MODIFY);
53 return $stmt->execute();
39 54 }
40 55
41 function deletepage($url_name) {
56 function deletepage($url_name)
57 {
42 58 if ( !$url_name ) return false;
43 global $mtdb;
44 adminlog("Page '".$page->url_name."' has been deleted.", MTS_PAGE, MTA_DELETE);
45 return $mtdb->query( 'DELETE FROM static_page WHERE url_name = "' . mysqli_real_escape_string($mtdb->link, $url_name) . '"' );
59 global $dbConnection;
60
61 $sql = 'DELETE FROM static_page WHERE url_name = :slug';
62 $stmt = $dbConnection->prepare($sql);
63
64 $stmt->bindValue('slug', $url_name);
65
66 adminlog("Page '" . $page->url_name . "' has been deleted.", MTS_PAGE, MTA_DELETE);
67 return $stmt->execute();
46 68 }
47 69
48 function getpage($url_name) {
49 global $mtdb;
50 return $mtdb->getRow( 'SELECT url_name, status, title, body, style FROM static_page WHERE url_name = "'. mysqli_real_escape_string($mtdb->link, $url_name) . '"' );
70 function getpage($url_name)
71 {
72 if ( !$url_name ) return false;
73 global $dbConnection;
74
75 $sql = 'SELECT url_name, status, title, body, style FROM static_page WHERE url_name = :slug';
76 $stmt = $dbConnection->prepare($sql);
77
78 $stmt->bindValue('slug', $url_name);
79
80 $stmt->execute();
81 return $stmt->fetch();
51 82 }
52 83
53 84 ?>
Show file before | Show file after | Show commentsHide comments
@@ -1,119 +1,193
1 1 <?php
2 2
3 class Rant {
4 var $id, $published, $status, $side, $author, $title, $body, $link, $imagetype, $imagetext;
3 class Rant
4 {
5 public $id;
6 public $published;
7 public $status;
8 public $side;
9 public $author;
10 public $title;
11 public $body;
12 public $link;
13 public $imagetype;
14 public $imagetext;
5 15 }
6 16
7 function saverant($rant) {
8 if($rant->id)
17 function saverant($rant)
18 {
19 if ($rant->id)
9 20 return updaterant($rant);
10 21 else
11 22 return insertrant($rant);
12 23 }
13 24
14 function insertrant($rant) {
15 global $mtdb;
16 $sql = 'INSERT INTO rant ( published, status, side, author, title, body, link, imagetype, imagetext ) VALUES ( FROM_UNIXTIME('
17 . (int)$rant->published
18 . '), "' . mysqli_real_escape_string($mtdb->link, $rant->status)
19 . '", "' . mysqli_real_escape_string($mtdb->link, $rant->side)
20 . '", "' . (int)$rant->author
21 . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->title) )
22 . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->body ) )
23 . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->link ) )
24 . '", ' . mysqli_real_escape_string($mtdb->link, $rant->imagetype)
25 . ', "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->imagetext ) )
26 . '")';
27
28 if( $mtdb->query( $sql ) ) {
25 function insertrant($rant)
26 {
27 global $dbConnection;
28
29 $sql = 'INSERT INTO rant (published, status, side, author, title, body, link, imagetype, imagetext) VALUES ' .
30 '(FROM_UNIXTIME(:published), :status, :side, :author, :title, :body, :link, :imagetype, :imagetext)';
31 $stmt = $dbConnection->prepare($sql);
32
33 $stmt->bindValue('published', (int)$rant->published);
34 $stmt->bindValue('status', $rant->status);
35 $stmt->bindValue('side', $rant->side);
36 $stmt->bindValue('author', (int)$rant->author);
37 $stmt->bindValue('title', trim($rant->title));
38 $stmt->bindValue('body', trim($rant->body));
39 $stmt->bindValue('link', trim($rant->link));
40 $stmt->bindValue('imagetype', $rant->imagetype);
41 $stmt->bindValue('imagetext', trim($rant->imagetext));
42
43 if ($stmt->execute())
44 {
29 45 //logthis( 'Saved changes to rant ' . $rant->id );
30 $rant->id = mysqli_insert_id( $mtdb->link );
46 $rant->id = $dbConnection->lastInsertId();
31 47
32 adminlog("Rant ".$rant->id." saved.", MTS_RANT, MTA_ADD);
48 adminlog("Rant " . $rant->id . " saved.", MTS_RANT, MTA_ADD);
33 49
34 if($rant->status == "published")
50 if ($rant->status == "published")
35 51 {
52 adminlog("Rant " . $rant->id . " published.", MTS_RANT, MTA_ADD);
53
54 /*
36 55 $poster = get_userdatabyid($rant->author);
37 adminlog("Rant ".$rant->id." published.", MTS_RANT, MTA_ADD);
38 56 twitterpost("New rant posted by ".$poster->name.": ".SITE_HOST.SITE_PATH."/rant/".$rant->id);
39 57
40 58 if($rant->author === 1) {
41 59 tumblrpost($rant->title, $rant->body);
42 60 }
61 */
43 62 }
44 63
45 64 return $rant->id;
46 65 }
66
47 67 return false;
48 68 }
49 69
50 function updaterant($rant) {
70 function updaterant($rant)
71 {
51 72 if ( !(int)$rant->id ) return false;
52 global $mtdb;
53
54 #first, check if it's published already
55 $qr = $mtdb->query("SELECT status FROM rant WHERE id = ".$rant->id);
56 $row = mysqli_fetch_row($qr);
57 $status = $row[0];
58
59 adminlog("Rant ".$rant->id." updated.", MTS_RANT, MTA_UPDATE);
60
61 $sql = 'UPDATE rant SET published=FROM_UNIXTIME(' . (int)$rant->published
62 . '), status = "' . mysqli_real_escape_string($mtdb->link, $rant->status)
63 . '", side = "' . mysqli_real_escape_string($mtdb->link, $rant->side)
64 . '", author = ' . (int)$rant->author
65 . ', title = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->title) )
66 . '", body = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->body ) )
67 . '", link = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->link ) )
68 . '", imagetype = ' . (int)$rant->imagetype
69 . ', imagetext = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->imagetext) )
70 . '" WHERE id=' . (int)$rant->id;
71
72 if($status == "draft" && $rant->status == "published")
73 global $dbConnection;
74
75 # First, check if it's published already
76 $sql = 'SELECT status FROM rant WHERE id = ?';
77 $stmt = $dbConnection->prepare($sql);
78
79 $stmt->bindValue(1, $rant->id);
80
81 $stmt->execute();
82 $status = $stmt->fetchColumn();
83
84 adminlog("Rant " . $rant->id . " updated.", MTS_RANT, MTA_UPDATE);
85
86 $sql = 'UPDATE rant SET published = FROM_UNIXTIME(:published), status = :status, side = :side, author = :author, ' .
87 'title = :title, body = :body, link = :link, imagetype = :imagetype, imagetext = :imagetext WHERE id = :id';
88 $stmt = $dbConnection->prepare($sql);
89
90 $stmt->bindValue('id', (int)$rant->id);
91 $stmt->bindValue('published', (int)$rant->published);
92 $stmt->bindValue('status', $rant->status);
93 $stmt->bindValue('side', $rant->side);
94 $stmt->bindValue('author', (int)$rant->author);
95 $stmt->bindValue('title', trim($rant->title));
96 $stmt->bindValue('body', trim($rant->body));
97 $stmt->bindValue('link', trim($rant->link));
98 $stmt->bindValue('imagetype', (int)$rant->imagetype);
99 $stmt->bindValue('imagetext', trim($rant->imagetext));
100
101 if ($status == "draft" && $rant->status == "published")
73 102 {
103 adminlog("Rant " . $rant->id . " published.", MTS_RANT, MTA_UPDATE);
104
105 /*
74 106 $poster = get_userdatabyid($rant->author);
75 adminlog("Rant ".$rant->id." published.", MTS_RANT, MTA_UPDATE);
76 107 twitterpost("New rant posted by ".$poster->name.": ".SITE_HOST.SITE_PATH."/rant/".$rant->id);
77 108
78 109 if($rant->author === 1) {
79 110 tumblrpost($rant->title, $rant->body);
80 111 }
112 */
81 113 }
82 114
83 return $mtdb->query( $sql );
115 return $stmt->execute();
84 116 }
85 117
86 function deleterant($rantid) {
118 function deleterant($rantid)
119 {
87 120 if ( !(int)$rantid ) return false;
88 global $mtdb;
89 adminlog("Rant ".$rantid." deleted.", MTS_RANT, MTA_DELETE);
90 return $mtdb->query( 'DELETE FROM rant WHERE id=' . $rantid );
121 global $dbConnection;
122
123 $sql = 'DELETE FROM rant WHERE id = ?';
124 $stmt = $dbConnection->prepare($sql);
125
126 $stmt->bindValue(1, $rantid);
127
128 adminlog("Rant " . $rantid . " deleted.", MTS_RANT, MTA_DELETE);
129 return $stmt->execute();
91 130 }
92 131
93 132 function deleteattachment($id)
94 133 {
95 global $mtdb;
96 $file = SITE_PATH_ABS.'/'.get_rantattachment_filename($id);
97 unlink( $file ) or adminlog("Could not delete $file", MTS_RANT, MTA_DELETE, E_USER_WARNING);
98 $mtdb->query( 'DELETE FROM rant_attachment WHERE id = ' . $id );
134 global $dbConnection;
135
136 // Remove attachment from filesystem
137 $file = SITE_PATH_ABS . '/' . get_rantattachment_filename($id);
138 unlink($file) or adminlog("Could not delete $file", MTS_RANT, MTA_DELETE, E_USER_WARNING);
139
140 // Remove from database
141 $sql = 'DELETE FROM rant_attachment WHERE id = ?';
142 $stmt = $dbConnection->prepare($sql);
143
144 $stmt->bindValue(1, $id);
145
146 $stmt->execute();
99 147 adminlog("Deleted attachment $id", MTS_RANT, MTA_DELETE);
100 148 }
101 149
102 function getrant($id) {
103 global $mtdb;
104 return $mtdb->getRow( 'SELECT id, UNIX_TIMESTAMP(published) as published, status, side, author, title, body, link, imagetype, imagetext FROM rant WHERE id = '. (int)$id );
150 function getrant($id)
151 {
152 global $dbConnection;
153
154 $sql = 'SELECT id, UNIX_TIMESTAMP(published) as published, status, side, author, title, body, link, imagetype, imagetext FROM rant WHERE id = ?';
155 $stmt = $dbConnection->prepare($sql);
156
157 $stmt->bindValue(1, (int)$id);
158
159 $stmt->execute();
160 return $stmt->fetch();
105 161 }
106 162
107 function get_rantimage_filename( $rant ) {
108 global $mtdb;
109 $ext = $mtdb->getOne( 'SELECT extension FROM media_t WHERE id=' . (int)$rant->imagetype ); // filename extension
110 return sprintf( '%s/%04d.%s',SITE_RANT, (int)$rant->id, $ext );
163 function get_rantimage_filename($rant)
164 {
165 global $dbConnection;
166
167 $sql = 'SELECT extension FROM media_t WHERE id = ?';
168 $stmt = $dbConnection->prepare($sql);
169
170 $stmt->bindValue(1, (int)$rant->imagetype);
171
172 $stmt->execute();
173 $ext = $stmt->fetchColumn(); // filename extension
174
175 return sprintf('%s/%04d.%s', SITE_RANT, (int)$rant->id, $ext);
111 176 }
112 177
113 function get_rantattachment_filename( $id ) {
114 global $mtdb;
115 $ext = $mtdb->getOne( 'SELECT extension FROM media_t JOIN rant_attachment ra ON ra.media = media_t.id WHERE ra.id=' . (int)$id ); // filename extension
116 return sprintf( '%s/%d.%s',SITE_RANT_ATTACHMENT, (int)$id, $ext );
178 function get_rantattachment_filename($id)
179 {
180 global $dbConnection;
181
182 $sql = 'SELECT extension FROM media_t JOIN rant_attachment ra ON ra.media = media_t.id WHERE ra.id = ?';
183 $stmt = $dbConnection->prepare($sql);
184
185 $stmt->bindValue(1, (int)$id);
186
187 $stmt->execute();
188 $ext = $stmt->fetchColumn(); // filename extension
189
190 return sprintf('%s/%d.%s', SITE_RANT_ATTACHMENT, (int)$id, $ext );
117 191 }
118 192
119 193 ?>
Comments 0
You need to be logged in to leave comments. Login now