mt-admin
RSS
Switch more PHP files to use the DBAL.
darkmorford -
749c3253f5e9
Not Reviewed
Show More
Add another comment
Collapse all files
TODOs: 0 unresolved 0 Resolved
COMMENTS: 0 General 0 Inline
Show file before | Show file after | Show commentsHide comments
@@ -6,10 +6,10 auth_redirect(); // Require logged in user to access this page.
6
6
7 if( isset($_GET['delete']) && (int)$_GET['delete'] ) {
7 if( isset($_GET['delete']) && (int)$_GET['delete'] ) {
8 check_nonce('delete-metatype-'.(int)$_GET['delete']);
8 check_nonce('delete-metatype-'.(int)$_GET['delete']);
9 if(! $mtdb->query( 'DELETE FROM meta_t WHERE id=' . (int)$_GET['delete'] ) )
9 if(! $dbConnection->executeUpdate('DELETE FROM meta_t WHERE id = ?', array($_GET['delete'])))
10 {
10 {
11 adminlog("Error on deleting metatype ".(int)$_GET['delete'], MTS_TYPE_META, MTA_DELETE, E_WARNING);
11 adminlog("Error on deleting metatype ".(int)$_GET['delete'], MTS_TYPE_META, MTA_DELETE, E_WARNING);
12 mtdie("Error on update: ". htmlentities(mysqli_error()));
12 mtdie("Error on update: ". $dbConnection->errorCode());
13 }
13 }
14 $info.='<p>Deleted metatype successfully.<p>';
14 $info.='<p>Deleted metatype successfully.<p>';
15 adminlog("Metatype ".(int)$_GET['delete']." deleted.", MTS_TYPE_META, MTA_DELETE);
15 adminlog("Metatype ".(int)$_GET['delete']." deleted.", MTS_TYPE_META, MTA_DELETE);
@@ -21,10 +21,10 if( isset($_POST['action']) && $_POST['action'] == 'new_meta' ) {
21 $name = trim($_POST['name']);
21 $name = trim($_POST['name']);
22
22
23 if( check_type_name( $name ) ) {
23 if( check_type_name( $name ) ) {
24 if(! $mtdb->query( 'INSERT INTO meta_t(name) VALUES("'. mysqli_real_escape_string($mtdb->link, $name) . '")' ) )
24 if(! $dbConnection->executeUpdate('INSERT INTO meta_t (name) VALUES (?)', array($name)))
25 {
25 {
26 adminlog("Error on inserting metatype ".(int)$_GET['delete'], MTS_TYPE_META, MTA_INSERT, E_WARNING);
26 adminlog("Error on inserting metatype ".(int)$_GET['delete'], MTS_TYPE_META, MTA_INSERT, E_WARNING);
27 mtdie("Error on insertion: ". htmlentities(mysqli_error()));
27 mtdie("Error on insertion: ". $dbConnection->errorCode());
28 }
28 }
29 }
29 }
30 $info.='<p>New metatype created successfully.<p>';
30 $info.='<p>New metatype created successfully.<p>';
@@ -37,10 +37,10 if( isset($_POST['action']) && $_POST['action'] == 'edit_meta' ) {
37 $name = trim($_POST['name']);
37 $name = trim($_POST['name']);
38
38
39 if( check_type_name( $name ) ) {
39 if( check_type_name( $name ) ) {
40 if(! $mtdb->query( 'UPDATE meta_t SET name = "' . mysqli_real_escape_string($mtdb->link, $name) . '" WHERE id=' . (int)$_POST['type_id']) )
40 if(! $dbConnection->executeUpdate('UPDATE meta_t SET name = ? WHERE id = ?', array($name, $_POST['type_id'])))
41 {
41 {
42 adminlog("Error updating metatype ".(int)$_GET['delete'], MTS_TYPE_META, MTA_UPDATE, E_WARNING);
42 adminlog("Error updating metatype ".(int)$_GET['delete'], MTS_TYPE_META, MTA_UPDATE, E_WARNING);
43 mtdie("Error on update: ". htmlentities(mysqli_error()));
43 mtdie("Error on update: ". $dbConnection->errorCode());
44 }
44 }
45 }
45 }
46 $info.='<p>Changes to metatype saved successfully.<p>';
46 $info.='<p>Changes to metatype saved successfully.<p>';
@@ -48,7 +48,7 if( isset($_POST['action']) && $_POST['action'] == 'edit_meta' ) {
48 }
48 }
49
49
50 //get all metatypes
50 //get all metatypes
51 $metas = $mtdb->getAll("SELECT id, name FROM meta_t");
51 $metas = $dbConnection->fetchAll('SELECT id, name FROM meta_t');
52
52
53 adminhead('Metatypes');
53 adminhead('Metatypes');
54 adminmenu();
54 adminmenu();
Show file before | Show file after | Show commentsHide comments
@@ -12,7 +12,7 auth_redirect(); // Require logged in user to access this page.
12 /* Handle form submission of new updates */
12 /* Handle form submission of new updates */
13
13
14 function handle_update_form() {
14 function handle_update_form() {
15 global $error,$info,$mtdb;
15 global $error,$info,$dbConnection;
16
16
17 check_nonce('update-statusbox');
17 check_nonce('update-statusbox');
18 $percent = $_POST['update_percentage'];
18 $percent = $_POST['update_percentage'];
@@ -36,7 +36,7 function handle_update_form() {
36 return;
36 return;
37 }
37 }
38
38
39 $mtdb->query( 'INSERT INTO status (published,eta,percentage,text) VALUES( NOW(), FROM_UNIXTIME(' . (int)$eta . '), '. (int)$percent . ', "' . mysqli_real_escape_string($mtdb->link, $text) . '")' );
39 $dbConnection->executeUpdate('INSERT INTO status (published, eta, percentage, text) VALUES (NOW(), FROM_UNIXTIME(?), ?, ?)', array($eta, $percent, $text));
40
40
41 $_POST['update_percentage']=$_POST['update_eta']=$_POST['update_text']='';
41 $_POST['update_percentage']=$_POST['update_eta']=$_POST['update_text']='';
42 $info = '<p>Statusbox updated successfully.</p>';
42 $info = '<p>Statusbox updated successfully.</p>';
@@ -55,7 +55,7 adminmenu('manage-statusbox.php');
55 /* Simple Presets, Select things said before */
55 /* Simple Presets, Select things said before */
56
56
57
57
58 $presets = $mtdb->getAll('SELECT COUNT(*) as c, percentage, text, CONCAT( percentage, "% - ", text ) as p FROM status GROUP BY p HAVING c>1 ORDER BY c DESC');
58 $presets = $dbConnection->fetchAll('SELECT COUNT(*) as c, percentage, text, CONCAT( percentage, "% - ", text ) as p FROM status GROUP BY p HAVING c > 1 ORDER BY c DESC');
59
59
60 ?>
60 ?>
61
61
@@ -129,7 +129,7 $presets = $mtdb->getAll('SELECT COUNT(*) as c, percentage, text, CONCAT( percen
129
129
130 <?php
130 <?php
131
131
132 $stats = $mtdb->getAll("SELECT published,eta,percentage,text FROM status ORDER BY published DESC limit 5");
132 $stats = $dbConnection->fetchAll("SELECT published, eta, percentage, text FROM status ORDER BY published DESC LIMIT 5");
133
133
134 ?>
134 ?>
135
135
Show file before | Show file after | Show commentsHide comments
@@ -17,15 +17,15 if( isset($_REQUEST['action']) && 'edit_twitter' == $_REQUEST['action']) {
17
17
18 if(0 == $id && !empty($msg)) {
18 if(0 == $id && !empty($msg)) {
19 // Add a new preset
19 // Add a new preset
20 $mtdb->query( sprintf('INSERT INTO twitter_status (position, message) VALUES (%d, "%s")', $position, mysqli_real_escape_string($mtdb->link, $msg)) );
20 $dbConnection->executeUpdate('INSERT INTO twitter_status (position, message) VALUES (?, ?)', array($position, $msg));
21 adminlog("Added new preset: $msg", MTS_TWITTER, MTA_ADD);
21 adminlog("Added new preset: $msg", MTS_TWITTER, MTA_ADD);
22 } elseif(empty($msg)) {
22 } elseif(empty($msg)) {
23 // Delete an existing preset
23 // Delete an existing preset
24 $mtdb->query( "DELETE FROM twitter_status WHERE id = $id" );
24 $dbConnection->executeUpdate('DELETE FROM twitter_status WHERE id = ?', array($id));
25 adminlog("Removed preset: $id", MTS_TWITTER, MTA_ADD);
25 adminlog("Removed preset: $id", MTS_TWITTER, MTA_ADD);
26 } else {
26 } else {
27 // Modify an existing preset
27 // Modify an existing preset
28 $mtdb->query( sprintf('UPDATE twitter_status SET position = %d, message = "%s" WHERE id = %d', $position, mysqli_real_escape_string($mtdb->link, $msg), $id) );
28 $dbConnection->executeUpdate('UPDATE twitter_status SET position = ?, message = ? WHERE id = ?', array($position, $msg, $id));
29 }
29 }
30 }
30 }
31 }
31 }
Comments 0
You need to be logged in to leave comments. Login now