Not Reviewed
Show More
Add another comment
| @@ -45,7 +45,7 define('USING_TIDY', false); | |||||
|
|
45 | // Call mysql to hash a password |
|
45 | // Call mysql to hash a password |
|
|
46 | function mt_hash_password($password) { |
|
46 | function mt_hash_password($password) { |
|
|
47 | global $mtdb; |
|
47 | global $mtdb; |
|
|
48 | return $mtdb->getOne('SELECT SHA1("' . mysql_real_escape_string($password) . '")') ; |
|
48 | return $mtdb->getOne('SELECT SHA1("' . mysqli_real_escape_string($mtdb->link, $password) . '")') ; |
|
|
49 | } |
|
49 | } |
|
|
50 |
|
50 | ||
|
|
51 | // Remove invalid characters from username. Permit only alpha, underscore, period, at, hypen |
|
51 | // Remove invalid characters from username. Permit only alpha, underscore, period, at, hypen |
| @@ -67,7 +67,7 function mt_login($username, $password, $already_hashed = false) { | |||||
|
|
67 |
|
67 | ||
|
|
68 | $username = sanitize_username( $username ); |
|
68 | $username = sanitize_username( $username ); |
|
|
69 |
|
69 | ||
|
|
70 | $login = $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link,password FROM contributor WHERE name = "' . mysql_real_escape_string($username) . '"'); |
|
70 | $login = $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link,password FROM contributor WHERE name = "' . mysqli_real_escape_string($mtdb->link, $username) . '"'); |
|
|
71 | if (!$login) { |
|
71 | if (!$login) { |
|
|
72 | $error = ('<strong>ERROR</strong>: Invalid username or password.'); |
|
72 | $error = ('<strong>ERROR</strong>: Invalid username or password.'); |
|
|
73 | adminlog("Failed login attempt from ".$_SERVER['REMOTE_ADDR']." for $username.", MTS_LOGIN, MTA_CHANGE); |
|
73 | adminlog("Failed login attempt from ".$_SERVER['REMOTE_ADDR']." for $username.", MTS_LOGIN, MTA_CHANGE); |
| @@ -131,7 +131,7 function _redirect($location, $status = 302) { | |||||
|
|
131 |
|
131 | ||
|
|
132 | if ( substr(php_sapi_name(), 0, 3) != 'cgi' ) |
|
132 | if ( substr(php_sapi_name(), 0, 3) != 'cgi' ) |
|
|
133 | header('Status: '.$status); // This causes problems on IIS and some FastCGI setups |
|
133 | header('Status: '.$status); // This causes problems on IIS and some FastCGI setups |
|
|
134 |
|
134 | ||
|
|
135 | header("Location: $location"); |
|
135 | header("Location: $location"); |
|
|
136 | die(); |
|
136 | die(); |
|
|
137 | } |
|
137 | } |
| @@ -25,10 +25,10 define('MTA_CHANGE', 'update'); // Modification action | |||||
|
|
25 | function adminlog($msg, $section, $action, $level=E_USER_NOTICE, $email=false) |
|
25 | function adminlog($msg, $section, $action, $level=E_USER_NOTICE, $email=false) |
|
|
26 | { |
|
26 | { |
|
|
27 | global $mtdb, $currentuser; |
|
27 | global $mtdb, $currentuser; |
|
|
28 |
|
28 | ||
|
|
29 | $sql = sprintf('INSERT INTO admin_log (contributor, section, action, level, message) VALUES (%s, %d, "%s", %d, "%s")', |
|
29 | $sql = sprintf('INSERT INTO admin_log (contributor, section, action, level, message) VALUES (%s, %d, "%s", %d, "%s")', |
|
|
30 | (is_numeric($currentuser->id) ? $currentuser->id : "NULL"), $section, mysql_real_escape_string($action), $level, mysql_real_escape_string($msg)); |
|
30 | (is_numeric($currentuser->id) ? $currentuser->id : "NULL"), $section, mysqli_real_escape_string($mtdb->link, $action), $level, mysqli_real_escape_string($mtdb->link, $msg)); |
|
|
31 | $mtdb->query( $sql ) or die($sql."<br>".mysql_error()."<br>\n".var_export(debug_backtrace())); |
|
31 | $mtdb->query( $sql ) or die($sql."<br>".mysqli_error()."<br>\n".var_export(debug_backtrace())); |
|
|
32 |
|
32 | ||
|
|
33 | // Log all important sorts of messages in the Apache log |
|
33 | // Log all important sorts of messages in the Apache log |
|
|
34 | if( $level & (E_USER_WARNING | E_USER_ERROR) ) { |
|
34 | if( $level & (E_USER_WARNING | E_USER_ERROR) ) { |
| @@ -14,26 +14,26 function savepage($page) { | |||||
|
|
14 | function insertpage($page) { |
|
14 | function insertpage($page) { |
|
|
15 | global $mtdb; |
|
15 | global $mtdb; |
|
|
16 | $sql = 'INSERT INTO static_page ( url_name, status, title, body, style ) VALUES (' |
|
16 | $sql = 'INSERT INTO static_page ( url_name, status, title, body, style ) VALUES (' |
|
|
17 | . ' "' . mysql_real_escape_string($page->url_name) |
|
17 | . ' "' . mysqli_real_escape_string($mtdb->link, $page->url_name) |
|
|
18 | . '", "' . mysql_real_escape_string($page->status) |
|
18 | . '", "' . mysqli_real_escape_string($mtdb->link, $page->status) |
|
|
19 | . '", "' . mysql_real_escape_string( trim( $page->title ) ) |
|
19 | . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->title ) ) |
|
|
20 | . '", "' . mysql_real_escape_string( trim( $page->body ) ) |
|
20 | . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->body ) ) |
|
|
21 | . '", "' . mysql_real_escape_string( trim( $page->style ) ) |
|
21 | . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->style ) ) |
|
|
22 | . '")'; |
|
22 | . '")'; |
|
|
23 | adminlog("Page '".$page->url_name."' has been added.", MTS_PAGE, MTA_ADD); |
|
23 | adminlog("Page '".$page->url_name."' has been added.", MTS_PAGE, MTA_ADD); |
|
|
24 | return $mtdb->query($sql); |
|
24 | return $mtdb->query($sql); |
|
|
25 |
} |
|
25 | } |
|
|
26 |
|
26 | ||
|
|
27 | function updatepage($page) { |
|
27 | function updatepage($page) { |
|
|
28 | if ( !$page->url_name ) return false; |
|
28 | if ( !$page->url_name ) return false; |
|
|
29 | global $mtdb; |
|
29 | global $mtdb; |
|
|
30 |
|
30 | ||
|
|
31 | $sql = 'UPDATE static_page SET url_name = "' . mysql_real_escape_string($page->url_name) |
|
31 | $sql = 'UPDATE static_page SET url_name = "' . mysqli_real_escape_string($page->url_name) |
|
|
32 | . '", status = "' . mysql_real_escape_string($page->status) |
|
32 | . '", status = "' . mysqli_real_escape_string($mtdb->link, $page->status) |
|
|
33 | . '", title = "' . mysql_real_escape_string( trim($page->title) ) |
|
33 | . '", title = "' . mysqli_real_escape_string( trim($mtdb->link, $page->title) ) |
|
|
34 | . '", body = "' . mysql_real_escape_string( trim($page->body ) ) |
|
34 | . '", body = "' . mysqli_real_escape_string( trim($mtdb->link, $page->body ) ) |
|
|
35 | . '", style = "' . mysql_real_escape_string( trim($page->style ) ) |
|
35 | . '", style = "' . mysqli_real_escape_string( trim($mtdb->link, $page->style ) ) |
|
|
36 | . '" WHERE url_name = "' . mysql_real_escape_string($page->url_name) . '"'; |
|
36 | . '" WHERE url_name = "' . mysqli_real_escape_string($mtdb->link, $page->url_name) . '"'; |
|
|
37 | adminlog("Page '".$page->url_name."' has been updated.", MTS_PAGE, MTA_MODIFY); |
|
37 | adminlog("Page '".$page->url_name."' has been updated.", MTS_PAGE, MTA_MODIFY); |
|
|
38 | return $mtdb->query( $sql ); |
|
38 | return $mtdb->query( $sql ); |
|
|
39 | } |
|
39 | } |
| @@ -42,12 +42,12 function deletepage($url_name) { | |||||
|
|
42 | if ( !$url_name ) return false; |
|
42 | if ( !$url_name ) return false; |
|
|
43 | global $mtdb; |
|
43 | global $mtdb; |
|
|
44 | adminlog("Page '".$page->url_name."' has been deleted.", MTS_PAGE, MTA_DELETE); |
|
44 | adminlog("Page '".$page->url_name."' has been deleted.", MTS_PAGE, MTA_DELETE); |
|
|
45 | return $mtdb->query( 'DELETE FROM static_page WHERE url_name = "' . mysql_real_escape_string($url_name) . '"' ); |
|
45 | return $mtdb->query( 'DELETE FROM static_page WHERE url_name = "' . mysqli_real_escape_string($mtdb->link, $url_name) . '"' ); |
|
|
46 | } |
|
46 | } |
|
|
47 |
|
47 | ||
|
|
48 | function getpage($url_name) { |
|
48 | function getpage($url_name) { |
|
|
49 | global $mtdb; |
|
49 | global $mtdb; |
|
|
50 | return $mtdb->getRow( 'SELECT url_name, status, title, body, style FROM static_page WHERE url_name = "'. mysql_real_escape_string($url_name) . '"' ); |
|
50 | return $mtdb->getRow( 'SELECT url_name, status, title, body, style FROM static_page WHERE url_name = "'. mysqli_real_escape_string($mtdb->link, $url_name) . '"' ); |
|
|
51 | } |
|
51 | } |
|
|
52 |
|
52 | ||
|
|
53 | ?> |
|
53 | ?> |
| @@ -15,22 +15,22 function insertrant($rant) { | |||||
|
|
15 | global $mtdb; |
|
15 | global $mtdb; |
|
|
16 | $sql = 'INSERT INTO rant ( published, status, side, author, title, body, link, imagetype, imagetext ) VALUES ( FROM_UNIXTIME(' |
|
16 | $sql = 'INSERT INTO rant ( published, status, side, author, title, body, link, imagetype, imagetext ) VALUES ( FROM_UNIXTIME(' |
|
|
17 | . (int)$rant->published |
|
17 | . (int)$rant->published |
|
|
18 | . '), "' . mysql_real_escape_string($rant->status) |
|
18 | . '), "' . mysqli_real_escape_string($mtdb->link, $rant->status) |
|
|
19 | . '", "' . mysql_real_escape_string($rant->side) |
|
19 | . '", "' . mysqli_real_escape_string($mtdb->link, $rant->side) |
|
|
20 | . '", "' . (int)$rant->author |
|
20 | . '", "' . (int)$rant->author |
|
|
21 | . '", "' . mysql_real_escape_string( trim( $rant->title) ) |
|
21 | . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->title) ) |
|
|
22 | . '", "' . mysql_real_escape_string( trim( $rant->body ) ) |
|
22 | . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->body ) ) |
|
|
23 | . '", "' . mysql_real_escape_string( trim( $rant->link ) ) |
|
23 | . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->link ) ) |
|
|
24 | . '", ' . mysql_real_escape_string($rant->imagetype) |
|
24 | . '", ' . mysqli_real_escape_string($mtdb->link, $rant->imagetype) |
|
|
25 | . ', "' . mysql_real_escape_string( trim( $rant->imagetext ) ) |
|
25 | . ', "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->imagetext ) ) |
|
|
26 | . '")'; |
|
26 | . '")'; |
|
|
27 |
|
27 | ||
|
|
28 | if( $mtdb->query( $sql ) ) { |
|
28 | if( $mtdb->query( $sql ) ) { |
|
|
29 | //logthis( 'Saved changes to rant ' . $rant->id ); |
|
29 | //logthis( 'Saved changes to rant ' . $rant->id ); |
|
|
30 | $rant->id = mysql_insert_id( $mtdb->link ); |
|
30 | $rant->id = mysqli_insert_id( $mtdb->link ); |
|
|
31 |
|
31 | ||
|
|
32 | adminlog("Rant ".$rant->id." saved.", MTS_RANT, MTA_ADD); |
|
32 | adminlog("Rant ".$rant->id." saved.", MTS_RANT, MTA_ADD); |
|
|
33 |
|
33 | ||
|
|
34 | if($rant->status == "published") |
|
34 | if($rant->status == "published") |
|
|
35 | { |
|
35 | { |
|
|
36 | $poster = get_userdatabyid($rant->author); |
|
36 | $poster = get_userdatabyid($rant->author); |
| @@ -41,34 +41,34 function insertrant($rant) { | |||||
|
|
41 | tumblrpost($rant->title, $rant->body); |
|
41 | tumblrpost($rant->title, $rant->body); |
|
|
42 | } |
|
42 | } |
|
|
43 | } |
|
43 | } |
|
|
44 |
|
44 | ||
|
|
45 | return $rant->id; |
|
45 | return $rant->id; |
|
|
46 | } |
|
46 | } |
|
|
47 | return false; |
|
47 | return false; |
|
|
48 |
} |
|
48 | } |
|
|
49 |
|
49 | ||
|
|
50 | function updaterant($rant) { |
|
50 | function updaterant($rant) { |
|
|
51 | if ( !(int)$rant->id ) return false; |
|
51 | if ( !(int)$rant->id ) return false; |
|
|
52 | global $mtdb; |
|
52 | global $mtdb; |
|
|
53 |
|
53 | ||
|
|
54 | #first, check if it's published already |
|
54 | #first, check if it's published already |
|
|
55 | $qr = $mtdb->query("SELECT status FROM rant WHERE id = ".$rant->id); |
|
55 | $qr = $mtdb->query("SELECT status FROM rant WHERE id = ".$rant->id); |
|
|
56 | $row = mysql_fetch_row($qr); |
|
56 | $row = mysqli_fetch_row($qr); |
|
|
57 | $status = $row[0]; |
|
57 | $status = $row[0]; |
|
|
58 |
|
58 | ||
|
|
59 | adminlog("Rant ".$rant->id." updated.", MTS_RANT, MTA_UPDATE); |
|
59 | adminlog("Rant ".$rant->id." updated.", MTS_RANT, MTA_UPDATE); |
|
|
60 |
|
60 | ||
|
|
61 | $sql = 'UPDATE rant SET published=FROM_UNIXTIME(' . (int)$rant->published |
|
61 | $sql = 'UPDATE rant SET published=FROM_UNIXTIME(' . (int)$rant->published |
|
|
62 | . '), status = "' . mysql_real_escape_string($rant->status) |
|
62 | . '), status = "' . mysqli_real_escape_string($mtdb->link, $rant->status) |
|
|
63 | . '", side = "' . mysql_real_escape_string($rant->side) |
|
63 | . '", side = "' . mysqli_real_escape_string($mtdb->link, $rant->side) |
|
|
64 | . '", author = ' . (int)$rant->author |
|
64 | . '", author = ' . (int)$rant->author |
|
|
65 | . ', title = "' . mysql_real_escape_string( trim($rant->title) ) |
|
65 | . ', title = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->title) ) |
|
|
66 | . '", body = "' . mysql_real_escape_string( trim($rant->body ) ) |
|
66 | . '", body = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->body ) ) |
|
|
67 | . '", link = "' . mysql_real_escape_string( trim($rant->link ) ) |
|
67 | . '", link = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->link ) ) |
|
|
68 | . '", imagetype = ' . (int)$rant->imagetype |
|
68 | . '", imagetype = ' . (int)$rant->imagetype |
|
|
69 | . ', imagetext = "' . mysql_real_escape_string( trim($rant->imagetext) ) |
|
69 | . ', imagetext = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->imagetext) ) |
|
|
70 | . '" WHERE id=' . (int)$rant->id; |
|
70 | . '" WHERE id=' . (int)$rant->id; |
|
|
71 |
|
71 | ||
|
|
72 | if($status == "draft" && $rant->status == "published") |
|
72 | if($status == "draft" && $rant->status == "published") |
|
|
73 | { |
|
73 | { |
|
|
74 | $poster = get_userdatabyid($rant->author); |
|
74 | $poster = get_userdatabyid($rant->author); |
| @@ -79,7 +79,7 function updaterant($rant) { | |||||
|
|
79 | tumblrpost($rant->title, $rant->body); |
|
79 | tumblrpost($rant->title, $rant->body); |
|
|
80 | } |
|
80 | } |
|
|
81 | } |
|
81 | } |
|
|
82 |
|
82 | ||
|
|
83 | return $mtdb->query( $sql ); |
|
83 | return $mtdb->query( $sql ); |
|
|
84 | } |
|
84 | } |
|
|
85 |
|
85 | ||
| @@ -3,10 +3,10 | |||||
|
|
3 | function rsspost($body, $url) |
|
3 | function rsspost($body, $url) |
|
|
4 | { |
|
4 | { |
|
|
5 | global $mtdb; |
|
5 | global $mtdb; |
|
|
6 |
|
6 | ||
|
|
7 | $mtdb->query('INSERT INTO rss_comment (body, url) |
|
7 | $mtdb->query('INSERT INTO rss_comment (body, url) |
|
|
8 | VALUES ("'.mysql_real_escape_string($body).'", |
|
8 | VALUES ("'.mysqli_real_escape_string($mtdb->link, $body).'", |
|
|
9 | "'.mysql_real_escape_string($url).'")'); |
|
9 | "'.mysqli_real_escape_string($mtdb->link, $url).'")'); |
|
|
10 |
|
10 | ||
|
|
11 | return true; |
|
11 | return true; |
|
|
12 | } |
|
12 | } |
| @@ -13,10 +13,10 class Strip { | |||||
|
|
13 | // Strip id is automatically incremented |
|
13 | // Strip id is automatically incremented |
|
|
14 | function insertstrip(&$strip) { |
|
14 | function insertstrip(&$strip) { |
|
|
15 | global $mtdb; |
|
15 | global $mtdb; |
|
|
16 |
|
16 | ||
|
|
17 | $strip->book = ($strip->book == '') ? 'NULL' : (int)$strip->book; |
|
17 | $strip->book = ($strip->book == '') ? 'NULL' : (int)$strip->book; |
|
|
18 |
$strip->page = ($strip->page == '') ? 'NULL' : (int)$strip->page; |
|
18 | $strip->page = ($strip->page == '') ? 'NULL' : (int)$strip->page; |
|
|
19 |
|
19 | ||
|
|
20 | $mtdb->query('START TRANSACTION'); |
|
20 | $mtdb->query('START TRANSACTION'); |
|
|
21 | $newid = $mtdb->getOne('SELECT MAX(id) FROM strip') + 1; |
|
21 | $newid = $mtdb->getOne('SELECT MAX(id) FROM strip') + 1; |
|
|
22 | $sql = 'INSERT INTO strip ( id, published, media, type, title, book, page ) VALUES (' |
|
22 | $sql = 'INSERT INTO strip ( id, published, media, type, title, book, page ) VALUES (' |
| @@ -24,11 +24,11 function insertstrip(&$strip) { | |||||
|
|
24 | . ', FROM_UNIXTIME(' . (int)$strip->published |
|
24 | . ', FROM_UNIXTIME(' . (int)$strip->published |
|
|
25 | . '), '. (int)$strip->media |
|
25 | . '), '. (int)$strip->media |
|
|
26 | . ', ' . (int)$strip->type |
|
26 | . ', ' . (int)$strip->type |
|
|
27 | . ', "' . mysql_real_escape_string( trim($strip->title) ) |
|
27 | . ', "' . mysqli_real_escape_string( $mtdb->link, trim($strip->title) ) |
|
|
28 | . '", '. $strip->book |
|
28 | . '", '. $strip->book |
|
|
29 | . ', ' . $strip->page |
|
29 | . ', ' . $strip->page |
|
|
30 | . ')'; |
|
30 | . ')'; |
|
|
31 |
|
31 | ||
|
|
32 | $r = $mtdb->query( $sql ); |
|
32 | $r = $mtdb->query( $sql ); |
|
|
33 | if( !$r ) { |
|
33 | if( !$r ) { |
|
|
34 | $mtdb->query('ROLLBACK'); |
|
34 | $mtdb->query('ROLLBACK'); |
| @@ -36,24 +36,24 function insertstrip(&$strip) { | |||||
|
|
36 | } |
|
36 | } |
|
|
37 | $mtdb->query('COMMIT'); |
|
37 | $mtdb->query('COMMIT'); |
|
|
38 | adminlog("Comic ".$newid." posted.", MTS_STRIP, MTA_ADD); |
|
38 | adminlog("Comic ".$newid." posted.", MTS_STRIP, MTA_ADD); |
|
|
39 |
|
39 | ||
|
|
40 | $strip->id = $newid; |
|
40 | $strip->id = $newid; |
|
|
41 | if( $strip->id == 0 ) return false; |
|
41 | if( $strip->id == 0 ) return false; |
|
|
42 | return true; |
|
42 | return true; |
|
|
43 |
} |
|
43 | } |
|
|
44 |
|
44 | ||
|
|
45 | function updatestrip(&$strip) { |
|
45 | function updatestrip(&$strip) { |
|
|
46 | global $mtdb; |
|
46 | global $mtdb; |
|
|
47 |
|
47 | ||
|
|
48 | $strip->book = ($strip->book === '') ? 'NULL' : (int)$strip->book; |
|
48 | $strip->book = ($strip->book === '') ? 'NULL' : (int)$strip->book; |
|
|
49 | $strip->page = ($strip->page === '') ? 'NULL' : (int)$strip->page; |
|
49 | $strip->page = ($strip->page === '') ? 'NULL' : (int)$strip->page; |
|
|
50 |
|
50 | ||
|
|
51 | $mtdb->query('START TRANSACTION'); |
|
51 | $mtdb->query('START TRANSACTION'); |
|
|
52 | $sql = 'UPDATE strip SET |
|
52 | $sql = 'UPDATE strip SET |
|
|
53 | published = FROM_UNIXTIME(' . (int)$strip->published .') |
|
53 | published = FROM_UNIXTIME(' . (int)$strip->published .') |
|
|
54 | , media = '. (int)$strip->media .' |
|
54 | , media = '. (int)$strip->media .' |
|
|
55 | , type = ' . (int)$strip->type .' |
|
55 | , type = ' . (int)$strip->type .' |
|
|
56 | , title = "' . mysql_real_escape_string( trim($strip->title) ) .'" |
|
56 | , title = "' . mysqli_real_escape_string( $mtdb->link, trim($strip->title) ) .'" |
|
|
57 | , book = ' . (int)$strip->book .' |
|
57 | , book = ' . (int)$strip->book .' |
|
|
58 | , page = ' . (int)$strip->page .' |
|
58 | , page = ' . (int)$strip->page .' |
|
|
59 | WHERE id = ' . (int)$strip->id; |
|
59 | WHERE id = ' . (int)$strip->id; |
| @@ -61,7 +61,7 function updatestrip(&$strip) { | |||||
|
|
61 | $mtdb->query('COMMIT'); |
|
61 | $mtdb->query('COMMIT'); |
|
|
62 | adminlog("Comic ".$strip->id." modified.", MTS_STRIP, MTA_MODIFY); |
|
62 | adminlog("Comic ".$strip->id." modified.", MTS_STRIP, MTA_MODIFY); |
|
|
63 | return true; |
|
63 | return true; |
|
|
64 |
} |
|
64 | } |
|
|
65 |
|
65 | ||
|
|
66 | // Delete destination strip from DB and FS, and Update/Rename the source strip into place. Destructive Move! |
|
66 | // Delete destination strip from DB and FS, and Update/Rename the source strip into place. Destructive Move! |
|
|
67 | function move_strip($from_id, $to_id) |
|
67 | function move_strip($from_id, $to_id) |
| @@ -69,7 +69,7 function move_strip($from_id, $to_id) | |||||
|
|
69 | global $mtdb; |
|
69 | global $mtdb; |
|
|
70 | $from_id = (int) $from_id; |
|
70 | $from_id = (int) $from_id; |
|
|
71 | $to_id = (int) $to_id; |
|
71 | $to_id = (int) $to_id; |
|
|
72 |
|
72 | ||
|
|
73 | // Ensure our source exists |
|
73 | // Ensure our source exists |
|
|
74 | $num_strips = $mtdb->getOne( "SELECT COUNT(*) FROM strip WHERE id = $from_id" ); |
|
74 | $num_strips = $mtdb->getOne( "SELECT COUNT(*) FROM strip WHERE id = $from_id" ); |
|
|
75 | if($num_strips < 1) |
|
75 | if($num_strips < 1) |
| @@ -77,7 +77,7 function move_strip($from_id, $to_id) | |||||
|
|
77 |
|
77 | ||
|
|
78 | // Ready the destination |
|
78 | // Ready the destination |
|
|
79 | deletestrip( $to_id ); |
|
79 | deletestrip( $to_id ); |
|
|
80 |
|
80 | ||
|
|
81 | // Update database |
|
81 | // Update database |
|
|
82 | $mtdb->query( "UPDATE strip SET id = $to_id WHERE id = $from_id" ); |
|
82 | $mtdb->query( "UPDATE strip SET id = $to_id WHERE id = $from_id" ); |
|
|
83 | $strip = $mtdb->getRow( "SELECT strip.id, extension FROM strip, media_t WHERE media_t.id = strip.media AND strip.id = $to_id" ); |
|
83 | $strip = $mtdb->getRow( "SELECT strip.id, extension FROM strip, media_t WHERE media_t.id = strip.media AND strip.id = $to_id" ); |
| @@ -100,7 +100,7 function swap_strips( $from_id, $to_id ) { | |||||
|
|
100 | function deletestrip($id) { |
|
100 | function deletestrip($id) { |
|
|
101 | $id = (int)$id; |
|
101 | $id = (int)$id; |
|
|
102 | if ( !$id ) return false; |
|
102 | if ( !$id ) return false; |
|
|
103 |
|
103 | ||
|
|
104 | global $mtdb; |
|
104 | global $mtdb; |
|
|
105 | $r = $mtdb->query( 'DELETE FROM strip WHERE id=' . $id ); |
|
105 | $r = $mtdb->query( 'DELETE FROM strip WHERE id=' . $id ); |
|
|
106 | foreach(glob(sprintf(SITE_PATH_ABS.'/'.SITE_STRIP.'/%04d*.*', $id)) as $item) |
|
106 | foreach(glob(sprintf(SITE_PATH_ABS.'/'.SITE_STRIP.'/%04d*.*', $id)) as $item) |
| @@ -5,12 +5,12 function bracketbalance($line) | |||||
|
|
5 | #first, if no angle brackets, we're OK |
|
5 | #first, if no angle brackets, we're OK |
|
|
6 | if(substr_count($line, "<") == 0 && substr_count($line, ">") == 0) |
|
6 | if(substr_count($line, "<") == 0 && substr_count($line, ">") == 0) |
|
|
7 | return true; |
|
7 | return true; |
|
|
8 |
|
8 | ||
|
|
9 | if(substr_count($line, "<") != substr_count($line, ">")) |
|
9 | if(substr_count($line, "<") != substr_count($line, ">")) |
|
|
10 | { |
|
10 | { |
|
|
11 | return false; |
|
11 | return false; |
|
|
12 | } |
|
12 | } |
|
|
13 |
|
13 | ||
|
|
14 | return true; |
|
14 | return true; |
|
|
15 | } |
|
15 | } |
|
|
16 |
|
16 | ||
| @@ -18,7 +18,7 function bracketbalance($line) | |||||
|
|
18 | function gettranscript(&$strip) |
|
18 | function gettranscript(&$strip) |
|
|
19 | { |
|
19 | { |
|
|
20 | global $mtdb; |
|
20 | global $mtdb; |
|
|
21 |
|
21 | ||
|
|
22 | $result = $mtdb->query('SELECT strip FROM transcript WHERE strip=' . (int)$strip->id ); |
|
22 | $result = $mtdb->query('SELECT strip FROM transcript WHERE strip=' . (int)$strip->id ); |
|
|
23 |
|
23 | ||
|
|
24 | if($result) |
|
24 | if($result) |
| @@ -34,14 +34,14 function gettranscript(&$strip) | |||||
|
|
34 | if( $numPanels ) { |
|
34 | if( $numPanels ) { |
|
|
35 | for($i = 1; $i <= $numPanels; $i++) { |
|
35 | for($i = 1; $i <= $numPanels; $i++) { |
|
|
36 | $result = $mtdb->query( 'SELECT speaker, speech FROM transcript WHERE transcript.strip=' . (int)$strip->id . ' AND panel=' .$i.' ORDER BY line') |
|
36 | $result = $mtdb->query( 'SELECT speaker, speech FROM transcript WHERE transcript.strip=' . (int)$strip->id . ' AND panel=' .$i.' ORDER BY line') |
|
|
37 | or mtdie("There was an error fetching the panel count in the transcript for $strip->id, panel $i. " . mysql_error(), 'SQL Error'); |
|
37 | or mtdie("There was an error fetching the panel count in the transcript for $strip->id, panel $i. " . mysqli_error(), 'SQL Error'); |
|
|
38 |
|
38 | ||
|
|
39 | if(!$result) continue; |
|
39 | if(!$result) continue; |
|
|
40 |
|
40 | ||
|
|
41 | $output.= "\nnewpanel\n"; |
|
41 | $output.= "\nnewpanel\n"; |
|
|
42 | while($row = mysql_fetch_row($result)) { |
|
42 | while($row = mysqli_fetch_row($result)) { |
|
|
43 | if(strlen($row[0]) < 1) continue; |
|
43 | if(strlen($row[0]) < 1) continue; |
|
|
44 |
|
44 | ||
|
|
45 | $output.= $row[0]; |
|
45 | $output.= $row[0]; |
|
|
46 | if($row[1] !== '') $output.= ":: ".$row[1]; |
|
46 | if($row[1] !== '') $output.= ":: ".$row[1]; |
|
|
47 | $output.= "\n"; |
|
47 | $output.= "\n"; |
| @@ -58,9 +58,9 function gettranscript(&$strip) | |||||
|
|
58 | function savetranscript( &$strip ) { |
|
58 | function savetranscript( &$strip ) { |
|
|
59 | global $mtdb; |
|
59 | global $mtdb; |
|
|
60 | $info = ''; |
|
60 | $info = ''; |
|
|
61 |
|
61 | ||
|
|
62 | $mtdb->query('START TRANSACTION'); |
|
62 | $mtdb->query('START TRANSACTION'); |
|
|
63 |
|
63 | ||
|
|
64 | //remove any old transcript data - it's being replaced |
|
64 | //remove any old transcript data - it's being replaced |
|
|
65 | $mtdb->query( 'DELETE FROM transcript WHERE transcript.strip=' . (int)$strip->id ); |
|
65 | $mtdb->query( 'DELETE FROM transcript WHERE transcript.strip=' . (int)$strip->id ); |
|
|
66 |
|
66 | ||
| @@ -87,7 +87,7 function savetranscript( &$strip ) { | |||||
|
|
87 |
|
87 | ||
|
|
88 | if(strpos($lines[$j], '(') === 0) { |
|
88 | if(strpos($lines[$j], '(') === 0) { |
|
|
89 | # Line is a note, add it as a comment |
|
89 | # Line is a note, add it as a comment |
|
|
90 | $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, '#', mysql_real_escape_string($lines[$j]), ''); |
|
90 | $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, '#', mysqli_real_escape_string($mtdb->link, $lines[$j]), ''); |
|
|
91 | } elseif(strpos($lines[$j], '[') === 0 || strlen($lines[$j]) == 0) { |
|
91 | } elseif(strpos($lines[$j], '[') === 0 || strlen($lines[$j]) == 0) { |
|
|
92 | # Line is an annotation or blank, do nothing |
|
92 | # Line is an annotation or blank, do nothing |
|
|
93 | continue; |
|
93 | continue; |
| @@ -95,13 +95,13 function savetranscript( &$strip ) { | |||||
|
|
95 | # Line contains a list of nonspeaking characters |
|
95 | # Line contains a list of nonspeaking characters |
|
|
96 | array_splice($lines, $j, 1, array_map('_nospeaker', explode(',', substr($lines[$j], 11)))); |
|
96 | array_splice($lines, $j, 1, array_map('_nospeaker', explode(',', substr($lines[$j], 11)))); |
|
|
97 | $speaker = trim(substr($lines[$j], 11)); |
|
97 | $speaker = trim(substr($lines[$j], 11)); |
|
|
98 | $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysql_real_escape_string($speaker), '', ''); |
|
98 | $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker), '', ''); |
|
|
99 | } elseif($i > 0 && $lines[$j] == strtoupper($lines[$j])) { |
|
99 | } elseif($i > 0 && $lines[$j] == strtoupper($lines[$j])) { |
|
|
100 | # Line designates a new speaker, note speaker |
|
100 | # Line designates a new speaker, note speaker |
|
|
101 |
|
101 | ||
|
|
102 | # Handle speakers who did not say anything |
|
102 | # Handle speakers who did not say anything |
|
|
103 | if(null !== $speaker && !$has_spoken) |
|
103 | if(null !== $speaker && !$has_spoken) |
|
|
104 | $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysql_real_escape_string($speaker), '', ''); |
|
104 | $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker), '', ''); |
|
|
105 |
|
105 | ||
|
|
106 | $speaker = ucfirst(strtolower($lines[$j])); |
|
106 | $speaker = ucfirst(strtolower($lines[$j])); |
|
|
107 | $has_spoken = false; |
|
107 | $has_spoken = false; |
| @@ -111,29 +111,29 function savetranscript( &$strip ) { | |||||
|
|
111 | $info .= "<p>Warning: Open brackets do not match close brackets in panel $i for speaker ".htmlentities($speaker).'</p>'; |
|
111 | $info .= "<p>Warning: Open brackets do not match close brackets in panel $i for speaker ".htmlentities($speaker).'</p>'; |
|
|
112 |
|
112 | ||
|
|
113 | $search = preg_replace( '/[[:punct:]]|(?<=\s)\s+/', ' ', strtolower($lines[$j]) ); |
|
113 | $search = preg_replace( '/[[:punct:]]|(?<=\s)\s+/', ' ', strtolower($lines[$j]) ); |
|
|
114 | $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysql_real_escape_string($speaker), |
|
114 | $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker), |
|
|
115 | mysql_real_escape_string($lines[$j]), mysql_real_escape_string($search)); |
|
115 | mysqli_real_escape_string($mtdb->link, $lines[$j]), mysqli_real_escape_string($mtdb->link, $search)); |
|
|
116 | $has_spoken = true; |
|
116 | $has_spoken = true; |
|
|
117 | } else { |
|
117 | } else { |
|
|
118 | # Line is unrecognized, add it as a comment |
|
118 | # Line is unrecognized, add it as a comment |
|
|
119 | $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, '#', mysql_real_escape_string($lines[$j]), ''); |
|
119 | $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, '#', mysqli_real_escape_string($mtdb->link, $lines[$j]), ''); |
|
|
120 | } |
|
120 | } |
|
|
121 |
|
121 | ||
|
|
122 | if( $insert_sql && false === $mtdb->query( $insert_sql ) ) { |
|
122 | if( $insert_sql && false === $mtdb->query( $insert_sql ) ) { |
|
|
123 | $mtdb->query('ROLLBACK'); |
|
123 | $mtdb->query('ROLLBACK'); |
|
|
124 | mtdie (mysql_error(), 'Error inserting transcript.'); |
|
124 | mtdie (mysqli_error(), 'Error inserting transcript.'); |
|
|
125 | } |
|
125 | } |
|
|
126 | } |
|
126 | } |
|
|
127 |
|
127 | ||
|
|
128 | if(null !== $speaker && !$has_spoken) { |
|
128 | if(null !== $speaker && !$has_spoken) { |
|
|
129 | $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysql_real_escape_string($speaker), '', ''); |
|
129 | $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker), '', ''); |
|
|
130 | if( false === $mtdb->query( $insert_sql ) ) { |
|
130 | if( false === $mtdb->query( $insert_sql ) ) { |
|
|
131 | $mtdb->query('ROLLBACK'); |
|
131 | $mtdb->query('ROLLBACK'); |
|
|
132 | mtdie (mysql_error(), 'Error inserting transcript.'); |
|
132 | mtdie (mysqli_error(), 'Error inserting transcript.'); |
|
|
133 | } |
|
133 | } |
|
|
134 | } |
|
134 | } |
|
|
135 | } |
|
135 | } |
|
|
136 |
|
136 | ||
|
|
137 | } else { |
|
137 | } else { |
|
|
138 | # Assume that this is a Kalium style transcript |
|
138 | # Assume that this is a Kalium style transcript |
|
|
139 |
|
139 | ||
| @@ -141,30 +141,30 function savetranscript( &$strip ) { | |||||
|
|
141 | $numPanels = count($panels); |
|
141 | $numPanels = count($panels); |
|
|
142 | foreach($panels as $currPanel) |
|
142 | foreach($panels as $currPanel) |
|
|
143 | $currPanel = trim($currPanel); |
|
143 | $currPanel = trim($currPanel); |
|
|
144 |
|
144 | ||
|
|
145 | for($i = 1; $i < $numPanels; $i++) { |
|
145 | for($i = 1; $i < $numPanels; $i++) { |
|
|
146 | $lines = explode("\n", $panels[$i]); |
|
146 | $lines = explode("\n", $panels[$i]); |
|
|
147 | $numLines = count($lines); |
|
147 | $numLines = count($lines); |
|
|
148 | foreach($lines as $currLine) |
|
148 | foreach($lines as $currLine) |
|
|
149 | $currLine = trim($currLine); |
|
149 | $currLine = trim($currLine); |
|
|
150 |
|
150 | ||
|
|
151 | for($j = 1; $j < $numLines; $j++) { |
|
151 | for($j = 1; $j < $numLines; $j++) { |
|
|
152 | $spoken = explode("::", $lines[$j]); // Distinguish between speaker and speech |
|
152 | $spoken = explode("::", $lines[$j]); // Distinguish between speaker and speech |
|
|
153 |
|
153 | ||
|
|
154 | $spoken[0] = trim($spoken[0]); // Strip excess whitespace |
|
154 | $spoken[0] = trim($spoken[0]); // Strip excess whitespace |
|
|
155 | $spoken[1] = trim($spoken[1]); |
|
155 | $spoken[1] = trim($spoken[1]); |
|
|
156 |
|
156 | ||
|
|
157 | if(strlen($spoken[0]) < 1) continue; // Disregard null |
|
157 | if(strlen($spoken[0]) < 1) continue; // Disregard null |
|
|
158 | $spoken[2] = preg_replace('/[[:punct:]]|(?<=\s)\s+/', ' ', strtolower($spoken[1]) ); // Make searchable text |
|
158 | $spoken[2] = preg_replace('/[[:punct:]]|(?<=\s)\s+/', ' ', strtolower($spoken[1]) ); // Make searchable text |
|
|
159 |
|
159 | ||
|
|
160 | if(!bracketbalance($spoken[1])) |
|
160 | if(!bracketbalance($spoken[1])) |
|
|
161 | $info .= "<p>Warning: Open brackets do not match close brackets in panel $i for speaker ".htmlentities($spoken[0]).'</p>'; |
|
161 | $info .= "<p>Warning: Open brackets do not match close brackets in panel $i for speaker ".htmlentities($spoken[0]).'</p>'; |
|
|
162 |
|
162 | ||
|
|
163 | $insert_sql = sprintf($inserter, (int)$strip->id, (int)$i, (int)$j, mysql_real_escape_string($spoken[0]), |
|
163 | $insert_sql = sprintf($inserter, (int)$strip->id, (int)$i, (int)$j, mysqli_real_escape_string($mtdb->link, $spoken[0]), |
|
|
164 | mysql_real_escape_string($spoken[1]), mysql_real_escape_string($spoken[2]) ); |
|
164 | mysqli_real_escape_string($mtdb->link, $spoken[1]), mysqli_real_escape_string($mtdb->link, $spoken[2]) ); |
|
|
165 | if( false === $mtdb->query( $insert_sql ) ) { |
|
165 | if( false === $mtdb->query( $insert_sql ) ) { |
|
|
166 | $mtdb->query('ROLLBACK'); |
|
166 | $mtdb->query('ROLLBACK'); |
|
|
167 | mtdie (mysql_error(), 'Error inserting transcript.'); |
|
167 | mtdie (mysqli_error(), 'Error inserting transcript.'); |
|
|
168 | } |
|
168 | } |
|
|
169 | } |
|
169 | } |
|
|
170 | } |
|
170 | } |
| @@ -22,20 +22,20 function twitterpost($message, $user=TWITTER_USER, $password=TWITTER_PASS) | |||||
|
|
22 | adminlog("Twitter post failed for user $user!", MTS_TWITTER, MTA_ADD); |
|
22 | adminlog("Twitter post failed for user $user!", MTS_TWITTER, MTA_ADD); |
|
|
23 | } |
|
23 | } |
|
|
24 | return !empty($buffer); |
|
24 | return !empty($buffer); |
|
|
25 |
|
25 | ||
|
|
26 | } else { |
|
26 | } else { |
|
|
27 | # OAuth Mode |
|
27 | # OAuth Mode |
|
|
28 | $row = $mtdb->getRow( sprintf('SELECT id, username, oauth_token, oauth_token_secret FROM twitter_user WHERE username="%s"', mysql_real_escape_string($user))); |
|
28 | $row = $mtdb->getRow( sprintf('SELECT id, username, oauth_token, oauth_token_secret FROM twitter_user WHERE username="%s"', mysqli_real_escape_string($mtdb->link, $user))); |
|
|
29 |
|
29 | ||
|
|
30 | $username = $row->username; |
|
30 | $username = $row->username; |
|
|
31 | $oauth_token = $row->oauth_token; |
|
31 | $oauth_token = $row->oauth_token; |
|
|
32 | $oauth_token_secret = $row->oauth_token_secret; |
|
32 | $oauth_token_secret = $row->oauth_token_secret; |
|
|
33 |
|
33 | ||
|
|
34 | $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $oauth_token, $oauth_token_secret); |
|
34 | $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $oauth_token, $oauth_token_secret); |
|
|
35 |
|
35 | ||
|
|
36 | $parameters = array('status' => $message ); |
|
36 | $parameters = array('status' => $message ); |
|
|
37 | $status = $connection->post('statuses/update', $parameters); |
|
37 | $status = $connection->post('statuses/update', $parameters); |
|
|
38 |
|
38 | ||
|
|
39 | switch( $connection->http_code ) { |
|
39 | switch( $connection->http_code ) { |
|
|
40 | case 200: |
|
40 | case 200: |
|
|
41 | adminlog("Twitter post succeeded for user $username!", MTS_TWITTER, MTA_ADD); |
|
41 | adminlog("Twitter post succeeded for user $username!", MTS_TWITTER, MTA_ADD); |
| @@ -44,10 +44,10 function twitterpost($message, $user=TWITTER_USER, $password=TWITTER_PASS) | |||||
|
|
44 | adminlog("Twitter post failed for user $username!", MTS_TWITTER, MTA_ADD); |
|
44 | adminlog("Twitter post failed for user $username!", MTS_TWITTER, MTA_ADD); |
|
|
45 | return false; |
|
45 | return false; |
|
|
46 | } |
|
46 | } |
|
|
47 |
|
47 | ||
|
|
48 |
|
48 | ||
|
|
49 | } |
|
49 | } |
|
|
50 |
|
50 | ||
|
|
51 |
|
51 | ||
|
|
52 | } |
|
52 | } |
|
|
53 |
|
53 | ||
| @@ -34,7 +34,7 function pre_upload_rant_image( $pathtofile ) { | |||||
|
|
34 | $doing_upload = false; |
|
34 | $doing_upload = false; |
|
|
35 | $upload_imagetype = null; |
|
35 | $upload_imagetype = null; |
|
|
36 | $upload_error = false; |
|
36 | $upload_error = false; |
|
|
37 |
|
37 | ||
|
|
38 | if( false === $image_data ) { |
|
38 | if( false === $image_data ) { |
|
|
39 | $upload_error='<p>Something wronky happened with that upload, getimagesize() returned false!</p>'; |
|
39 | $upload_error='<p>Something wronky happened with that upload, getimagesize() returned false!</p>'; |
|
|
40 | } elseif( 300 > $image_data[0] ) { |
|
40 | } elseif( 300 > $image_data[0] ) { |
| @@ -53,7 +53,7 function pre_upload_rant_image( $pathtofile ) { | |||||
|
|
53 | return compact( "upload_error", "doing_upload", "upload_imagetype" ); |
|
53 | return compact( "upload_error", "doing_upload", "upload_imagetype" ); |
|
|
54 | } |
|
54 | } |
|
|
55 |
|
55 | ||
|
|
56 |
function save_stock_rant_image( $source, $rant ) { |
|
56 | function save_stock_rant_image( $source, $rant ) { |
|
|
57 | if( copy( sprintf( '%s/%s/%s', SITE_PATH_ABS,SITE_RANT,$source), |
|
57 | if( copy( sprintf( '%s/%s/%s', SITE_PATH_ABS,SITE_RANT,$source), |
|
|
58 | SITE_PATH_ABS .'/'.get_rantimage_filename($rant) ) ) { |
|
58 | SITE_PATH_ABS .'/'.get_rantimage_filename($rant) ) ) { |
|
|
59 | $upload_info='<p>Default rant image copied.</p>'; |
|
59 | $upload_info='<p>Default rant image copied.</p>'; |
| @@ -72,7 +72,7 function save_upload_rant_image( $source, $rant ) { | |||||
|
|
72 | $upload_info='<p>New rant image uploaded for rant '. $rant->id .'.</p>'; |
|
72 | $upload_info='<p>New rant image uploaded for rant '. $rant->id .'.</p>'; |
|
|
73 | } else { |
|
73 | } else { |
|
|
74 | $upload_error='<p>Something went wrong while moving the uploaded image.</p>'; |
|
74 | $upload_error='<p>Something went wrong while moving the uploaded image.</p>'; |
|
|
75 |
} |
|
75 | } |
|
|
76 | } else { |
|
76 | } else { |
|
|
77 | if( crop_resize($source, $destination) ) { |
|
77 | if( crop_resize($source, $destination) ) { |
|
|
78 | $upload_info='<p>New rant image uploaded and resized for rant '. $rant->id .'.</p>'; |
|
78 | $upload_info='<p>New rant image uploaded and resized for rant '. $rant->id .'.</p>'; |
| @@ -90,14 +90,14 function save_upload_rant_attachment( $source, $rant ) | |||||
|
|
90 |
|
90 | ||
|
|
91 | $image_data = getimagesize( $source ); |
|
91 | $image_data = getimagesize( $source ); |
|
|
92 | $mtdb->query( "INSERT INTO rant_attachment (rant, media) VALUES ($rant, $image_data[2])" ); |
|
92 | $mtdb->query( "INSERT INTO rant_attachment (rant, media) VALUES ($rant, $image_data[2])" ); |
|
|
93 | $rant_attachment_id = mysql_insert_id( $mtdb->link ); |
|
93 | $rant_attachment_id = mysqli_insert_id( $mtdb->link ); |
|
|
94 |
|
94 | ||
|
|
95 | if( move_uploaded_file($source, SITE_PATH_ABS.'/'.get_rantattachment_filename($rant_attachment_id) ) ) { |
|
95 | if( move_uploaded_file($source, SITE_PATH_ABS.'/'.get_rantattachment_filename($rant_attachment_id) ) ) { |
|
|
96 | $upload_info='<p>New rant attachment uploaded for rant '. $rant .'.</p>'; |
|
96 | $upload_info='<p>New rant attachment uploaded for rant '. $rant .'.</p>'; |
|
|
97 | adminlog('Rant attachment uploaded', MTS_RANT, MTA_ADD); |
|
97 | adminlog('Rant attachment uploaded', MTS_RANT, MTA_ADD); |
|
|
98 | } else { |
|
98 | } else { |
|
|
99 | $upload_error='<p>Something went wrong while storing the attachment.</p>'; |
|
99 | $upload_error='<p>Something went wrong while storing the attachment.</p>'; |
|
|
100 |
} |
|
100 | } |
|
|
101 |
|
101 | ||
|
|
102 | return compact("rant_attachment_id","upload_info","upload_error"); |
|
102 | return compact("rant_attachment_id","upload_info","upload_error"); |
|
|
103 | } |
|
103 | } |
| @@ -8,28 +8,28 function getCurrentUser() { | |||||
|
|
8 | } |
|
8 | } |
|
|
9 |
|
9 | ||
|
|
10 | function get_userdatabyid( $id ) { |
|
10 | function get_userdatabyid( $id ) { |
|
|
11 |
global $mtdb; |
|
11 | global $mtdb; |
|
|
12 | return $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link FROM contributor WHERE id = ' . (int)$id ); |
|
12 | return $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link FROM contributor WHERE id = ' . (int)$id ); |
|
|
13 | } |
|
13 | } |
|
|
14 |
|
14 | ||
|
|
15 | function get_userdatabylogin( $username ) { |
|
15 | function get_userdatabylogin( $username ) { |
|
|
16 | global $mtdb; |
|
16 | global $mtdb; |
|
|
17 | return $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link FROM contributor WHERE name = "' . mysql_real_escape_string($username) . '"' ); |
|
17 | return $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link FROM contributor WHERE name = "' . mysqli_real_escape_string($mtdb->link, $username) . '"' ); |
|
|
18 | } |
|
18 | } |
|
|
19 |
|
19 | ||
|
|
20 | function save_userdata( $user ) { |
|
20 | function save_userdata( $user ) { |
|
|
21 | adminlog("Saved changes to user ".$user->id." (".$user->name.").", MTS_USER, MTA_UPDATE); |
|
21 | adminlog("Saved changes to user ".$user->id." (".$user->name.").", MTS_USER, MTA_UPDATE); |
|
|
22 | global $mtdb; |
|
22 | global $mtdb; |
|
|
23 | return $mtdb->query( sprintf( 'UPDATE contributor SET email="%s", nameplate="%s", default_image="%s", default_link="%s" WHERE id=%d', |
|
23 | return $mtdb->query( sprintf( 'UPDATE contributor SET email="%s", nameplate="%s", default_image="%s", default_link="%s" WHERE id=%d', |
|
|
24 | mysql_real_escape_string($user->email), mysql_real_escape_string($user->nameplate), |
|
24 | mysqli_real_escape_string($mtdb->link, $user->email), mysqli_real_escape_string($mtdb->link, $user->nameplate), |
|
|
25 | mysql_real_escape_string($user->default_image), mysql_real_escape_string($user->default_link), $user->id) ); |
|
25 | mysqli_real_escape_string($mtdb->link, $user->default_image), mysqli_real_escape_string($mtdb->link, $user->default_link), $user->id) ); |
|
|
26 | } |
|
26 | } |
|
|
27 |
|
27 | ||
|
|
28 | function change_password( $user ) { |
|
28 | function change_password( $user ) { |
|
|
29 | adminlog("Changed password for user ".$user->id." (".$user->name.").", MTS_USER, MTA_UPDATE); |
|
29 | adminlog("Changed password for user ".$user->id." (".$user->name.").", MTS_USER, MTA_UPDATE); |
|
|
30 | global $mtdb, $currentuser; |
|
30 | global $mtdb, $currentuser; |
|
|
31 | if( $currentuser->id === $user->id ) mt_setcookie($user->name, $user->password, false, ADMINURL, FALSE ); |
|
31 | if( $currentuser->id === $user->id ) mt_setcookie($user->name, $user->password, false, ADMINURL, FALSE ); |
|
|
32 | return $mtdb->query( 'UPDATE contributor SET password=SHA1( "' . mysql_real_escape_string($user->password) . '" ) WHERE id = "' . mysql_real_escape_string($user->id) . '"' ); |
|
32 | return $mtdb->query( 'UPDATE contributor SET password=SHA1( "' . mysqli_real_escape_string($mtdb->link, $user->password) . '" ) WHERE id = "' . mysqli_real_escape_string($mtdb->link, $user->id) . '"' ); |
|
|
33 | } |
|
33 | } |
|
|
34 |
|
34 | ||
|
|
35 | ?> |
|
35 | ?> |
Comments 0
You need to be logged in to leave comments.
Login now