mt-admin Commit - c1cc0a746d24

Merge branch 'master' into tinymce

darkmorford -

c1cc0a746d24

Not Reviewed

Context file:

Add another comment

Expand all files

0 unresolved 0 Resolved

0 General 0 Inline

CalendarPopup.js ¶ +70 -70

             // use. That means, you can include it in your product, or your web
             // site, or any other form where the code is actually being used. You
             // may not put the plain javascript up on your site for download or
             // include it in your javascript libraries for download.
             // If you wish to share this code with others, please just point them
             // to the URL instead.
             // Please DO NOT link directly to my .js files from your site. Copy
             /* SOURCE FILE: AnchorPosition.js */
             /*
             AnchorPosition.js
             Author: Matt Kruse
             Last modified: 10/11/02
             so other elements can be positioned relative to it.
             COMPATABILITY: Netscape 4.x,6.x,Mozilla, IE 5.x,6.x on Windows. Some small
             positioning errors - usually with Window positioning - occur on the
             Macintosh platform.
             FUNCTIONS:
             NOTES:
 ) For popping up separate browser windows, use getAnchorWindowPosition.
                Otherwise, use getAnchorPosition
 ) Your anchor tag MUST contain both NAME and ID attributes which are the
                same. For example:
                <A NAME="test" ID="test"> </A>
 ) There must be at least a space between <A> </A> for IE5.5 to see the
                anchor tag correctly. Do not do <A></A> with no space.
             */
             // getAnchorPosition(anchorname)
             //   This function returns an object having .x and .y properties which are the coordinates
             	}
             function AnchorPosition_getWindowOffsetLeft (el) {
             	return AnchorPosition_getPageOffsetLeft(el)-document.body.scrollLeft;
+            	}
             function AnchorPosition_getPageOffsetTop (el) {
             	var ot=el.offsetTop;
             	while((el=el.offsetParent) != null) { ot += el.offsetTop; }
             // May 17, 2003: Fixed bug in parseDate() for dates <1970
             // March 11, 2003: Added parseDate() function
             // March 11, 2003: Added "NNN" formatting option. Doesn't match up
             //                 perfectly with SimpleDateFormat formats, but
             //                 backwards-compatability was required.
             // ------------------------------------------------------------------
             // These functions use the same 'format' strings as the
             // java.text.SimpleDateFormat class, with minor exceptions.
             // The format string consists of the following abbreviations:
             //
             // Field        | Full Form          | Short Form
             // -------------+--------------------+-----------------------
             // Year         | yyyy (4 digits)    | yy (2 digits), y (2 or 4 digits)
             		}
             	return result;
             	}
             // ------------------------------------------------------------------
             // Utility functions for parsing in getDateFromFormat()
             // ------------------------------------------------------------------
             		}
             	return null;
             	}
             // ------------------------------------------------------------------
             // getDateFromFormat( date_string , format_string )
             //
             // This function takes a date string and a format string. It matches
             // If the date string matches the format string, it returns the
             // getTime() of the date. If it does not match, it returns 0.
             // ------------------------------------------------------------------
             function getDateFromFormat(val,format) {
             	var mm=now.getMinutes();
             	var ss=now.getSeconds();
             	var ampm="";
             	while (i_format < format.length) {
             		// Get next token from format string
             		c=format.charAt(i_format);
             /* SOURCE FILE: PopupWindow.js */
             /*
             PopupWindow.js
             Author: Matt Kruse
             Last modified: 02/16/04
             window.
             COMPATABILITY: Works with Netscape 4.x, 6.x, IE 5.x on Windows. Some small
             positioning errors - usually with Window positioning - occur on the
             Macintosh platform. Due to bugs in Netscape 4.x, populating the popup
             window with <STYLE> tags may cause errors.
             USAGE:
             // Create an object for a WINDOW popup
             var win = new PopupWindow();
             // Create an object for a DIV window using the DIV named 'mydiv'
             var win = new PopupWindow('mydiv');
             // Set the window to automatically hide itself when the user clicks
             // anywhere else on the page except the popup
             win.autoHide();
             // Show the window relative to the anchor name passed in
             win.showPopup(anchorname);
             // Set the size of the popup window (only applies to WINDOW popups
             win.setSize(width,height);
             // Populate the contents of the popup window that will be shown. If you
             // change the contents while it is displayed, you will need to refresh()
             win.populate(string);
             NOTES:
 ) Requires the functions in AnchorPosition.js
 ) Your anchor tag MUST contain both NAME and ID attributes which are the
                same. For example:
                <A NAME="test" ID="test"> </A>
 ) There must be at least a space between <A> </A> for IE5.5 to see the
                anchor tag correctly. Do not do <A></A> with no space.
 ) When a PopupWindow object is created, a handler for 'onmouseup' is
                attached to any event handler you may have already defined. Do NOT define
                an event handler for 'onmouseup' after you define a PopupWindow object or
                the autoHide() will not work correctly.
             */
             // Set the position of the popup window based on the anchor
             function PopupWindow_getXYPosition(anchorname) {
             		if (this.use_gebi) {
             			document.getElementById(this.divName).innerHTML = this.contents;
             			}
             		else if (this.use_css) {
             			document.all[this.divName].innerHTML = this.contents;
             			}
             		else if (this.use_layers) {
             			var d = document.layers[this.divName];
             			d.document.open();
             			d.document.writeln(this.contents);
             			d.document.close();
             	this.populated = false;
             	this.visible = false;
             	this.autoHideEnabled = false;
             	this.contents = "";
             	this.url="";
             	this.windowProperties="toolbar=no,location=no,status=no,menubar=no,scrollbars=auto,resizable,alwaysRaised,dependent,titlebar=no";
             //      CSS prefix.
             // August 19, 2003: Renamed the function to get styles, and made it
             //      work correctly without an object reference
             // August 18, 2003: Changed showYearNavigation and
             //      showYearNavigationInput to optionally take an argument of
             //      true or false
             // July 31, 2003: Added text input option for year navigation.
             //      Added a per-calendar CSS prefix option to optionally use
             //      different styles for different calendars.
             // July 29, 2003: Fixed bug causing the Today link to be clickable
             //      even though today falls in a disabled date range.
             //      Changed formatting to use pure CSS, allowing greater control
             //      over look-and-feel options.
             //      under certain cases when some days of week are disabled
             // March 14, 2003: Added ability to disable individual dates or date
             //      ranges, display as light gray and strike-through
             // March 14, 2003: Removed dependency on graypixel.gif and instead
             ///     use table border coloring
             // March 12, 2003: Modified showCalendar() function to allow optional
             //      start-date parameter
             // March 11, 2003: Modified select() function to allow optional
             //      start-date parameter
             /*
             DESCRIPTION: This object implements a popup calendar to allow the user to
             select a date, month, quarter, or year.
             COMPATABILITY: Works with Netscape 4.x, 6.x, IE 5.x on Windows. Some small
             positioning errors - usually with Window positioning - occur on the
             Macintosh platform.
             The calendar can be modified to work for any location in the world by
             changing which weekday is displayed as the first column, changing the month
             names, and changing the column headers for each day.
             USAGE:
             // Create a new CalendarPopup object of type WINDOW
             var cal = new CalendarPopup();
             // Create a new CalendarPopup object of type DIV using the DIV named 'mydiv'
             var cal = new CalendarPopup('mydiv');
             // Easy method to link the popup calendar with an input box.
             cal.select(inputObject, anchorname, dateFormat);
             // Same method, but passing a default date other than the field's current value
             cal.select(inputObject, anchorname, dateFormat, '01/02/2000');
             // This is an example call to the popup calendar from a link to populate an
             // input box. Note that to use this, date.js must also be included!!
             <A HREF="#" onClick="cal.select(document.forms[0].date,'anchorname','MM/dd/yyyy'); return false;">Select</A>
             // Show month and year dropdowns, for quicker selection of month of dates
             cal.showNavigationDropdowns();
             // Set the text to be used above each day column. The days start with
             // sunday regardless of the value of WeekStartDay
             cal.setDayHeaders("S","M","T",...);
             // Pass two dates to disable all dates inbetween and including the two
             cal.addDisabledDates("January 01, 2003", "Dec 31, 2003");
             // When the 'year' select is displayed, set the number of years back from the
             // current year to start listing years. Default is 2.
             // This is also used for year drop-down, to decide how many years +/- to display
             cal.setYearSelectStartOffset(2);
             NOTES:
 ) Requires the functions in AnchorPosition.js and PopupWindow.js
 ) Your anchor tag MUST contain both NAME and ID attributes which are the
                same. For example:
                <A NAME="test" ID="test"> </A>
 ) There must be at least a space between <A> </A> for IE5.5 to see the
                anchor tag correctly. Do not do <A></A> with no space.
 ) When a CalendarPopup object is created, a handler for 'onmouseup' is
                attached to any event handler you may have already defined. Do NOT define
                an event handler for 'onmouseup' after you define a CalendarPopup object
                or the autoHide() will not work correctly.
 ) The calendar popup display uses style sheets to make it look nice.
             */
             // Quick fix for FF3
             function CP_stop(e) { if (e && e.stopPropagation) { e.stopPropagation(); } }
             	return c;
             	}
             function CP_copyMonthNamesToWindow() {
             	// Copy these values over to the date.js
             	if (typeof(window.MONTH_NAMES)!="undefined" && window.MONTH_NAMES!=null) {
             		window.MONTH_NAMES = new Array();
             		for (var i=0; i<this.monthNames.length; i++) {
             	}
             }
             // Temporary default functions to be called when items clicked, so no error is thrown
             function CP_tmpReturnFunction(y,m,d) {
             	if (window.CP_targetInput!=null) {
             		var dt = new Date(y,m-1,d,0,0,0);
             		if (window.CP_calendarObject!=null) { window.CP_calendarObject.copyMonthNamesToWindow(); }
             		window.CP_targetInput.value = formatDate(dt,window.CP_dateFormat);
             		}
             	else {
             		alert('Use setReturnFunction() to define which function will get the clicked results!');
             		}
             	}
             function CP_tmpReturnMonthFunction(y,m) {
             	alert('Use setReturnMonthFunction() to define which function will get the clicked results!\nYou clicked: year='+y+' , month='+m);
             	}
             function CP_tmpReturnQuarterFunction(y,q) {
             	alert('Use setReturnQuarterFunction() to define which function will get the clicked results!\nYou clicked: year='+y+' , quarter='+q);
             	}
             function CP_tmpReturnYearFunction(y) {
             	alert('Use setReturnYearFunction() to define which function will get the clicked results!\nYou clicked: year='+y);
             	}
             // Set the name of the functions to call to get the clicked item
             	this.disabledWeekDays = new Object();
             	for (var i=0; i<arguments.length; i++) { this.disabledWeekDays[arguments[i]] = true; }
             	}
             // Disable individual dates or ranges
             // Builds an internal logical test which is run via eval() for efficiency
             function CP_addDisabledDates(start, end) {
             	else if (end  ==null) { this.disabledDatesExpression+="(ds>="+start+")"; }
             	else { this.disabledDatesExpression+="(ds>="+start+"&&ds<="+end+")"; }
             	}
             // Set the text to use for the "Today" link
             function CP_setTodayText(text) {
             	this.todayText = text;
             	}
             // Set the prefix to be added to all CSS classes when writing output
             function CP_setCssPrefix(val) {
             	this.cssPrefix = val;
             	}
             // Show the navigation as an dropdowns that can be manually changed
             // Refresh the contents of the calendar display
             function CP_refreshCalendar(index) {
             	var calObject = window.popupWindowObjects[index];
             	if (arguments.length>1) {
             		calObject.populate(calObject.getCalendar(arguments[1],arguments[2],arguments[3],arguments[4],arguments[5]));
             		}
             	else {
             		alert("calendar.select: This function can only be used with displayType 'date' or 'week-end'");
             		return;
             		}
             	if (inputobj.type!="text" && inputobj.type!="hidden" && inputobj.type!="textarea") {
             		alert("calendar.select: Input object passed is not a valid form input object");
             		window.CP_targetInput=null;
             		return;
             		}
             	window.CP_dateFormat = format;
             	this.showCalendar(linkname);
             	}
             // Get style block needed to display the calendar correctly
             function getCalendarStyles() {
             	var result = "";
             		var display_date = 1;
             		var weekday= current_month.getDay();
             		var offset = 0;
             		offset = (weekday >= this.weekStartDay) ? weekday-this.weekStartDay : 7-this.weekStartDay+weekday ;
             		if (offset > 0) {
             			display_month--;
             	// ------------------------------------
             	if (this.displayType=="month" || this.displayType=="quarter" || this.displayType=="year") {
             		if (arguments.length > 0) { var year = arguments[0]; }
             		else {
             			if (this.displayType=="year") {	var year = now.getFullYear()-this.yearSelectStartOffset; }
             			else { var year = now.getFullYear(); }
             			}
             			result += '</TR></TABLE>\n';
             			}
             		}
             	// Code for MONTH display
             	// ----------------------
             	if (this.displayType=="month") {
             		// If POPUP, write entire HTML document
             			}
             		result += '</TABLE></CENTER></TD></TR></TABLE>\n';
             		}
             	// Code for QUARTER display
             	// ------------------------
             	if (this.displayType=="quarter") {

character-twitter.php ¶ +7 -7

             if('post_twitter' == $_REQUEST['action'])
             {
             	check_nonce('new-character-twitter');
             	#Fetch the password from the DB.
             	$acct = $mtdb->getRow(sprintf("SELECT username, password FROM twitter_user WHERE id = '%d'", $_REQUEST['twitter-account']));
             	$post_at = strtotime($_REQUEST['date18']);
             	if($post_at)
             	{
             		if($post_at <= strtotime('now'))
             			#If we can post immediately, do so. Bypass the scheduler whenever possible.
             			#Treat a date/time in the past as immediate.
             			$ret = twitterpost($_REQUEST['message'], $acct->username, $acct->password);
             			if($ret)
             			{
             				$info.='Update posted to Twitter. <a href="http://www.twitter.com/'.$acct->username.'">View Twitter</a>.';
             			#No luck, gotta schedule.
             			$mtdb->query(
             				sprintf("INSERT INTO twitter_post (status, user, time, text)VALUES ('scheduled', '%d', FROM_UNIXTIME('%d'), '%s')",
-            					mysql_real_escape_string($_REQUEST['twitter-account']),
+            					mysqli_real_escape_string($mtdb->link, $_REQUEST['twitter-account']),
             					$post_at,
-            					mysql_real_escape_string($_REQUEST['message'])
+            					mysqli_real_escape_string($mtdb->link, $_REQUEST['message'])
             				)
             			);
             			$info .= "Your tweet for user " . htmlentities($acct->username) . " has been scheduled.";
             <?php
             adminfooter();
-            ?>
  No newline at end of file
+            ?>

delete-comic.php ¶ +2 -2

             if(!deletestrip( $_REQUEST['strip_id'] ))
             {
-            	adminlog("Error deleting strip $_REQUEST[strip_id]:".mysql_error(), MTS_STRIP, MTA_DELETE, E_ERROR);
+            	adminlog("Error deleting strip $_REQUEST[strip_id]:".mysqli_error(), MTS_STRIP, MTA_DELETE, E_ERROR);
             	mtdie('Error deleting the specified strip.','SQL Error');
             }
             adminlog("Strip $_REQUEST[strip_id] deleted.", MTS_STRIP, MTA_DELETE);
             _redirect( ADMIN_PATH . '/manage-comics.php?deleted=success' );
-            ?>
  No newline at end of file
+            ?>

delete-page.php ¶ +1 -1

             if(!deletepage( $_REQUEST['page_name'] ))
             {
-            	adminlog("Error deleting page $_REQUEST[page_name]: ".mysql_error(), MTS_PAGE, MTA_DELETE, E_ERROR);
+            	adminlog("Error deleting page $_REQUEST[page_name]: ".mysqli_error(), MTS_PAGE, MTA_DELETE, E_ERROR);
             	mtdie('Error deleting the specified page.','SQL Error');
             }

delete-rant.php ¶ +2 -2

             if(!deleterant( $_REQUEST['rant_id'] ))
             {
-            	adminlog("Error deleting rant $_REQUEST[rant_id]: ".mysql_error(), MTS_RANT, MTA_DELETE, E_ERROR);
+            	adminlog("Error deleting rant $_REQUEST[rant_id]: ".mysqli_error(), MTS_RANT, MTA_DELETE, E_ERROR);
             	mtdie('Error deleting the specified rant.','SQL Error');
             }
             _redirect( ADMIN_PATH . '/manage-rants.php?deleted=success' );
-            ?>
  No newline at end of file
+            ?>

delete-tweet.php ¶ +1 -1

             adminlog("Tweet $victim deleted.", MTS_TWITTER, MTA_DELETE);
             _redirect( ADMIN_PATH . '/character-twitter.php?deleted=success' );
-            ?>
  No newline at end of file
+            ?>

delete-twitter-user.php ¶ +1 -1

             adminlog("Twitter $victim deleted.", MTS_TWITTER, MTA_DELETE);
             _redirect( ADMIN_PATH . '/manage-twitter-users.php?deleted=success' );
-            ?>
  No newline at end of file
+            ?>

edit-comic.php ¶ +19 -20

             $strip = getstrip($strip->id);
             if( $_POST ) {
             	// Form Elements
             	$strip->new_id = (int)$_POST['strip_new_id'] ? (int)$_POST['strip_new_id'] : $strip->id;
             	$strip->published = empty($_POST['strip_date']) ? time() : strtotime( $_POST['strip_date'] );
             	$strip->transcript_posted = $_POST['content'];
             	$strip->book = trim($_POST['book']);
             	$strip->page = trim($_POST['page']);
             	if( '' == $strip->title ) mtdie('Strips must be supplied with titles.');
             	$YESTERDAY = mktime(0,0,0, date('m'), date('d')-1, date('Y'));
             				adminlog("Image upload failed.", MTS_STRIP, MTA_ADD, E_WARNING);
             				mtdie('If you want to upload a new comic, you must provide said comic.','Strip upload failed.');
             			}
             			// get image type and target extension
             			$imagedata = getimagesize($_FILES['comicFile']['tmp_name']);
             			$strip->media = $imagedata[2];
             			$fileext = $mtdb->getOne( 'SELECT extension FROM media_t WHERE id = ' . (int)$strip->media );
             			if(strlen($fileext) < 3)
             			{
             				//bad image upload type
             				adminlog("Bad image type upload on new strip. Invalid media type.", MTS_STRIP, MTA_ADD, E_ERROR);
             				mtdie('Bad image type upload on new strip. Invalid media type.');
             			}
             			// Insert new strip into the database, get a real $strip->id
             			if(!insertstrip( $strip ))
             			{
-            				adminlog("Error on insertion of new strip: ".mysql_error(), MTS_STRIP, MTA_ADD, E_ERROR);
+            				adminlog("Error on insertion of new strip: ".mysqli_error(), MTS_STRIP, MTA_ADD, E_ERROR);
-            				mtdie('Error on insertion of new strip: '.mysql_error(), 'SQL Error');
+            				mtdie('Error on insertion of new strip: '.mysqli_error(), 'SQL Error');
             			}
             			// Store the uploaded file to xxxx-0.ext
             			$basefile = $strip->published <= time() ?
             			            sprintf(SITE_PATH_ABS.'/'.SITE_STRIP.'/'.'%04d.%s', $strip->id, $fileext) :
             			$info.="<p>Comic posted!</p>";
             			break;
             		case 'edit_comic':
             			if( 0 >= $strip->new_id ) mtdie('Strip numbers must be numeric, greater than 0.');
             			if( 0 >= $strip->id ) mtdie('Existing strip number, in the form, was zero. This should never happen.');
             			// When updating, $strip->id is the old strip number. Update in place first. Possibly adjust strip number later.
             			check_nonce('save-strip-'.$strip->id);
             				$strip->media = $imagedata[2];
             			}
             			$fileext = $mtdb->getOne( 'SELECT extension FROM media_t WHERE id=' . (int)$strip->media );
             			if(strlen($fileext) < 3)
             			{
             				//bad image upload type
             				adminlog("Bad image type upload on strip ".$strip->id.". Invalid media type.", MTS_STRIP, MTA_UPDATE, E_ERROR);
             				mtdie('Bad image type upload on strip '.$strip->id.'. Invalid media type.');
             			}
             			// Update existing strip
             			if(!updatestrip( $strip ) )
             			{
             				adminlog("Failed to update strip ".$strip->id.".", MTS_STRIP, MTA_UPDATE);
-            				mtdie('Error updating strip: ' . mysql_error(), 'SQL Error');
+            				mtdie('Error updating strip: ' . mysqli_error(), 'SQL Error');
             			}
             			if( is_valid_upload('comicFile') ) {	// If uploading, store the uploaded file to xxxx-n.ext
             				$basefile = $strip->published <= time() ?
             					    sprintf(SITE_PATH_ABS.'/'.SITE_STRIP.'/'.'%04d.%s', $strip->id, $fileext) :
             					    sprintf(SITE_PATH_ABS.'/'.SITE_STRIP.'/restricted/'.'%04d.%s', $strip->id, $fileext);
             				if(!move_uploaded_file($_FILES['comicFile']['tmp_name'], $basefile))
             				{
             					adminlog("Filesystem error in saving image.", MTS_STRIP, MTA_UPDATE, E_ERROR);
             			if( $_POST['broadcast'] ) {
             				#Limit broadcast message to 60 characters. Compose it now.
             				$b_msg = 'Comic ' . $strip->id . ' updated: ' . substr(trim($_REQUEST['broadcast_message']), 0, 60) . ', ' . SITE_HOST . SITE_PATH . "/strip/" . $strip->id;
             				rsspost($b_msg, SITE_HOST.SITE_PATH.'/strip/'.$strip->id);
             				twitterpost($b_msg);
             				$info.="<p>Update broadcasted with message '$b_msg'.</p>";
             			$info.="<p>Changes saved. <a href=\"".SITE_HOST.SITE_PATH."/index.php?strip_id=".$strip->id."\">View on site</a>.";
             			break;
             		default:
             			adminlog("User did something strange.", MTS_STRIP, MTA_MODIFY);
             			mtdie('You know, it would be <em>really</em> nice if you avoided nonsensical actions.');
             	}
             	$info = savetranscript($strip) . $info;
             	# If the strip number changed, swap strips sequentially to shuffle it into place
             	if( $strip->id != $strip->new_id ) {
             		$f = fopen(SITE_PATH_ABS.'/'.SITE_STRIP.'/'.SITE_STRIP_LOCK, 'w');
             		flock($f, LOCK_EX);
             		while( $strip->new_id < $strip->id ) {	// Move this strip backward
             			swap_strips( $strip->id - 1, $strip->id );
             			$strip->id--;
             <?php
             adminfooter();
             ?>

edit-metatype.php ¶ +1 -1

             	<td width="66%"><input name="name" type="text" id="name" value="<?php echo htmlentities($type->name); ?>" /></td>
             	</tr>
             	</table>
             	<p class="submit"><input type="submit" value="Save &raquo;" name="submit" /></p>
             </div>

edit-page.php ¶ +4 -4

             	}
             	$action = isset($_POST['publish']) ? 'post' : 'edit';
             	if( isset( $_POST['publish'] ) ) $page->status = 'published';	// If [publish] button is used, ignore radio button
             	switch( $_POST['action'] ) {
             		case 'new_page':
             			check_nonce('new-page');
             				mtdie('There was an error inserting the page into the database.', 'SQL Error');
             			}
             			break;
             		case 'savepage':
             			check_nonce('save-page-' . $page->url_name);
             			updatepage($page);
             			break;
             	}
             	if( $upload_info ) $info.=$upload_info;
             	if( $upload_error ) $error.=$upload_error;
             	if( $error ) $action='edit';
             	if( 'post' == $action ) _redirect( ADMIN_PATH . '/manage-pages.php?saved=success' );

edit-rant.php ¶ +22 -22

             	}
             	$action = isset($_POST['publish']) ? 'post' : 'edit';
             	if( isset( $_POST['publish'] ) ) $rant->status = 'published';	// If [publish] button is used, ignore radio button
             	$source_rantimage_filename = $_FILES['ranterImage']['tmp_name'];
             	extract( pre_upload_rant_image( $source_rantimage_filename ) );
             	if( $upload_error ) $error.=$upload_error;
             			$source_rantattachment_filename[] = $_FILES['rant_attachment']['tmp_name'][$i];
             		}
             	}
             	switch( $_POST['action'] ) {
             		case 'new_rant':
             			check_nonce('new-rant');
             			if( ! $doing_upload ) {
             				// Use default rant image for this contributor.
             				$contributor = get_userdatabyid( $rant->author );
             			} else {
             				$rant->imagetype = $upload_imagetype;
             			}
             			$rant->id = insertrant($rant);
             			if( $rant->id === false )
             			{
-            				adminlog("Error on rant insertion: ".mysql_error(), MTS_RANT, MTA_INSERT, E_ERROR);
+            				adminlog("Error on rant insertion: ".mysqli_error(), MTS_RANT, MTA_INSERT, E_ERROR);
             				mtdie('There was an error inserting the rant into the database.', 'SQL Error');
             			}
             				$upload_error = $upload_info = '';
             				extract( save_upload_rant_attachment($_FILES['rant_attachment']['tmp_name'][$i], $rant->id) );
             				if( $upload_error ) $error.=$upload_error;
             				if( $upload_info ) {
             					$info .= $upload_info;
             					$rant->body = preg_replace('/(href|src)=\"([^\"]*?)\\{'.($i+1).'\\}(.*?)\"/', '\1="'.get_rantattachment_filename($rant_attachment_id).'"', $rant->body);
             			if( $doing_upload ) {
             				extract( save_upload_rant_image( $source_rantimage_filename, $rant ) );
             				if( $upload_info ) $info.=$upload_info;
             				if( $upload_error ) $error.=$upload_error;
             			} elseif($rant->imagetype != 'NULL') {
             				extract( save_stock_rant_image( $source_rantimage_filename, $rant ) );
             				if( $upload_info ) $info.=$upload_info;
             				if( $upload_error ) $error.=$upload_error;
             			}
             			break;
             		case 'saverant':
             			check_nonce('save-rant-' . $rant->id);
             			if( isset( $_POST['rant_reverttodefaultimage'] ) ) {
             				// Use default rant image for this contributor, copy it into place
             				$contributor = get_userdatabyid( $rant->author );
             				if($rant->imagetype != 'NULL')
             					extract( save_stock_rant_image( $contributor->default_image, $rant ) );
             				adminlog("Reverting to user's default rant image for rant ".$rant->id.".", MTS_RANT, MTA_UPDATE);
             			} elseif( $doing_upload ) {
             				$rant->imagetype = $upload_imagetype;
             				extract( save_upload_rant_image( $source_rantimage_filename, $rant ) );
             				adminlog("Uploading new rant image for rant ".$rant->id.".", MTS_RANT, MTA_UPDATE);
             				if( $upload_info ) $info.=$upload_info;
             				if( $upload_error ) $error.=$upload_error;
             			}
             			foreach($_POST['delete_attachment'] as $attachment)
             			for($i = 0; $i < count($existing_attachments); $i++) {
             				$rant->body = preg_replace('/(href|src)=\"([^\"]*?)\\{'.($i+1).'\\}(.*?)\"/', '\1="'.get_rantattachment_filename($existing_attachments[$i]->id).'"', $rant->body);
             			}
             			for($j = $i; $j < count($source_rantattachment_filename) + $i; $j++) {
             				if('' == $source_rantattachment_filename[$j - $i]) continue;
             				$upload_error = $upload_info = '';
             				extract( save_upload_rant_attachment($_FILES['rant_attachment']['tmp_name'][$j - $i], $rant->id) );
             				if( $upload_error ) $error.=$upload_error;
             				if( $upload_info ) {
             					$info .= $upload_info;
             					$rant->body = preg_replace('/(href|src)=\"([^\"]*?)\\{'.($i+1).'\\}(.*?)\"/', '\1="'.get_rantattachment_filename($rant_attachment_id).'"', $rant->body);
             			}
             			updaterant($rant);
             			if($rant->status != 'draft' && $_POST['broadcast'] &&
             					($rant->published <= mktime(0,0,0, date('m'), date('d')-1, date('Y'))))
             			{
             </fieldset>
             <fieldset id="authordiv" class="dbx-box">
             <h3 class="dbx-handle">Author</h3>
             <div class="dbx-content"><select name="rant_author"><?php
             	$contrib = $mtdb->getAll('select id,name from contributor');
             	foreach( $contrib as $k=>$v ) {
             			echo 'Custom rant image is specified.';
             		}
             	?>
             	<p>Upload new rant image:<br/>
             		<input type="hidden" name="MAX_FILE_SIZE" value="10000000" />
             		<input name="ranterImage" type="file"/>
             	</p>
             	<p><input type="checkbox" name="rant_reverttodefaultimage" /> Revert to default rant image.</p>
             	</td><td>
             	<?php if ( false !== $rantimage_filename ): ?>
             		<p><img src="<?php echo SITE_HOST . '/' . SITE_PATH . '/' . $rantimage_filename; ?>" width="150" /></p>

edit-type.php ¶ +1 -1

             	?></td>
             	</tr>
             	</table>
             	<p class="submit"><input type="submit" value="Save &raquo;" name="submit" /></p>
             </div>

fredart_parse.php ¶ +3 -3

             	for ($count = 0; $count < 5; $count++) {
             		$entry = $feed->getEntryByOffset($count);
-            		$link = mysql_real_escape_string($entry->link);
+            		$link = mysqli_real_escape_string($mtdb->link, $entry->link);
-            		$title = mysql_real_escape_string($entry->title);
+            		$title = mysqli_real_escape_string($mtdb->link, $entry->title);
             		$date = $entry->pubdate;
             		$mtdb->query("INSERT INTO fredart (pubdate, title, link)
             			VALUES (FROM_UNIXTIME($date), '$title', '$link')", false);
             	}
             	header('Content-Type: text/xml');
             	header('Content-Length: 440');
             ?>

include/admin.inc.php ¶ +3 -3

             // Call mysql to hash a password
             function mt_hash_password($password) {
             	global $mtdb;
-            	return $mtdb->getOne('SELECT SHA1("' . mysql_real_escape_string($password) . '")') ;
+            	return $mtdb->getOne('SELECT SHA1("' . mysqli_real_escape_string($mtdb->link, $password) . '")') ;
             }
             // Remove invalid characters from username. Permit only alpha, underscore, period, at, hypen
             	$username = sanitize_username( $username );
-            	$login = $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link,password FROM contributor WHERE name = "' . mysql_real_escape_string($username) . '"');
+            	$login = $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link,password FROM contributor WHERE name = "' . mysqli_real_escape_string($mtdb->link, $username) . '"');
             	if (!$login) {
             		$error = ('<strong>ERROR</strong>: Invalid username or password.');
             		adminlog("Failed login attempt from ".$_SERVER['REMOTE_ADDR']." for $username.", MTS_LOGIN, MTA_CHANGE);
             	if ( substr(php_sapi_name(), 0, 3) != 'cgi' )
             		header('Status: '.$status); // This causes problems on IIS and some FastCGI setups
             	header("Location: $location");
             	die();
             }

include/cookies.php ¶ +2 -2

             	define('USER_COOKIE', 'megatokyoadmin_user_'. COOKIEHASH);
             if ( !defined('PASS_COOKIE') )
             	define('PASS_COOKIE', 'megatokyoadmin_pass_'. COOKIEHASH);
             if ( !defined('COOKIEPATH') )
             	define('COOKIEPATH', ADMIN_PATH . '/' );
             if ( !defined('COOKIE_DOMAIN') )
             	setcookie(PASS_COOKIE, ' ', time() - 36000, COOKIEPATH );
             }
-            ?>
  No newline at end of file
+            ?>

include/error.php ¶ +3 -3

             function adminlog($msg, $section, $action, $level=E_USER_NOTICE, $email=false)
             {
             	global $mtdb, $currentuser;
             	$sql = sprintf('INSERT INTO admin_log (contributor, section, action, level, message) VALUES (%s, %d, "%s", %d, "%s")',
-            	               (is_numeric($currentuser->id) ? $currentuser->id : "NULL"), $section, mysql_real_escape_string($action), $level, mysql_real_escape_string($msg));
+            	               (is_numeric($currentuser->id) ? $currentuser->id : "NULL"), $section, mysqli_real_escape_string($mtdb->link, $action), $level, mysqli_real_escape_string($mtdb->link, $msg));
-            	$mtdb->query( $sql ) or die($sql."<br>".mysql_error()."<br>\n".var_export(debug_backtrace()));
+            	$mtdb->query( $sql ) or die($sql."<br>".mysqli_error($mtdb->link)."<br>\n".var_export(debug_backtrace()));
             	// Log all important sorts of messages in the Apache log
             	if( $level & (E_USER_WARNING | E_USER_ERROR) ) {

include/extra.php ¶ +12 -12

             function extra_handle_upload() {
             	global $info,$error,$dir;
             	if( !$_FILES['extra_file'] ) return false;
             	if( '' == $_FILES['extra_file']['name'] ) return false;
             	if( UPLOAD_ERR_NO_FILE == $_FILES['extra_file']['error'] ) return false;
             	if( 0 == $_FILES['extra_file']['size'] ) return false;
             	if(isset( $_POST['name'] )) $dest = $_POST['name'];
             	$dest = extra_sanitize_filename($dest);
             	if( !is_uploaded_file( $_FILES['extra_file']['tmp_name'] )) return false;
             	if( move_uploaded_file($_FILES['extra_file']['tmp_name'], $dir.'/'.$dest) ) return $true;
             	return false;
             }
             function extra_get_directory_list($dir) {
             	if( !is_dir( $dir ) ) return false;
             	if( ! $handle = opendir( $dir ) ) return false;
             	$files = array();
             	class ExtraFile {
             		var $name;
             		var $rwx;
             		var $mtime;
             		var $inode;
-            		function ExtraFile($path, $file) {
+            		function __construct($path, $file) {
             			$this->name = $file;
             			$this->fullpath = $path . $file;
             			$this->rwx = is_readable($this->fullpath) ? 'r' : '-';
             			$this->mtime = filemtime($this->fullpath);
             			$this->inode = fileinode($this->fullpath);
             		}
             	}
             	while (false !== ($file = readdir($handle))) {
             		if( is_file( $dir.'/'.$file )) $files[] = new ExtraFile($dir.'/', $file);
             	}
             	return $files;
             }
-            ?>
  No newline at end of file
+            ?>

include/functions.php ¶ +4 -4

             	$url = str_replace($strip, '', $url);
             	if ( strpos($url, '://') === false && substr( $url, 0, 1 ) != '/' && !preg_match('/^[a-z0-9-]+?\.php/i', $url) )
             		$url = 'http://' . $url;
             	$url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&#038;$1', $url);
             	return $url;
             }
             // Like htmlspecialchars except don't double-encode HTML entities
             function mt_specialchars( $text, $quotes = false ) {
             	$text = str_replace('&&', '&#038;&', $text);
             	$text = str_replace('&&', '&#038;&', $text);
             	$text = preg_replace('/&(?:$|([^#])(?![a-z1-4]{1,8};))/', '&#038;$1', $text);
             function check_type_name( $name ) {
             	global $error;
             	if( $name == '' )
             		$error.='A type must be supplied with a name, but none was given. Valid characters include letters, numbers, apostrophes, colons, and whitespace.';
             	elseif ( $name !== sanitize_type_name($name) )
             	return false;
             }
-            ?>
  No newline at end of file
+            ?>

include/html.php ¶ +8 -8

             	'manage-rants.php' => 'Rants' ,
             	'manage-pages.php' => 'Pages',
             	'manage-types.php' => 'Types',
-            	'manage-twitter-users.php' => 'Manage Twitter Users',
+            	'manage-twitter-users.php' => 'Twitter Users',
             	'manage-metatypes.php' => 'Metatypes',
             	'swap-comics.php' => 'Swap Comics',
             	'character-twitter.php' => 'Character Twitters',
             	} else {
             		$curS = $curT = basename( $_SERVER["PHP_SELF"] );
             	}
             	foreach( $submenu as $l=>$L ) {
             		foreach( $L as $k=>$v ) {
             			if( $k == $curS ) {
             	}
             	$current_sub_menu = false;
             	?>
             	<div id="wphead">
             	<h1>Megatokyo Site Administration <span>(<a href="<?php echo SITE_HOST . SITE_PATH; ?>">View site &raquo;</a>)</span></h1>
             	</div>
             	<div id="user_info"><p>Howdy, <strong><?php getCurrentUser(); ?></strong>. [<a href="<?php echo ADMIN_PATH;
             		?>/login.php?action=logout" title="Log out of this account">Sign Out</a>] </p></div>
             	}
             	?>
             	<div class="clear"></div>
             	<?php
             	if( $_GET['deleted'] && $_GET['deleted'] == 'success' ) $info.='<p>Deleted successfully.</p>';
             	if( $info ) echo "<div class=\"updated fade\">$info</div>";
             	?>
             	<div class="wrap">
             	<?php
             }
             function adminfooter($copy = true) {
             			header('Content-Type: text/html; charset=utf-8');
             			if (eregi('^(sql)$', $errstr)) {
-            				$errstr = "SQL Error " . mysql_errno() . ': ' . mysql_error();
+            				$errstr = "SQL Error " . mysqli_errno() . ': ' . mysqli_error();
             			}
             			$message = "Error#$errno: $errstr";

include/images.php ¶ +5 -5

             {
             	$img_data = getimagesize($filename);
             	$ext = image_type_to_extension($img_data[2]);
             	switch($ext)
             	{
             		case '.gif':
             		return false;
             	}
             	$dest = imagecreatetruecolor(300, 245);
             	#attempt to determine scaling factor
             	$data = getimagesize($filename);
             	#300x245 reduces to 60x49
             	$factor = min(floor($data[0]/60), floor($data[1]/49));
             	#well, that should give us a good scaling factor
             	#now we have to determine what point to start from
             	$src_x = floor(($data[0]/2) - ($factor*30));
             	$src_y = floor(($data[1]/2) - ($factor*24.5));
             	#make sure we don't fuck things up
             	if($src_x < 0) $src_x=0;
             	if($src_y < 0) $src_y=0;
             	#now resample
             	imagecopyresampled($dest, $source, 0, 0, $src_x, $src_y, 300, 245, $factor*60, $factor*49);
             	#and output

include/mysql.php ¶ +16 -19

             <?php
             class MysqlStore {
             	var $link;
-            	function connect($server,$user,$pass,$dbname) {
-            		$this->link = @mysql_connect($server, $user, $pass)
+            	function connect($server, $user, $pass, $dbname) {
+            		$this->link = @mysqli_connect($server, $user, $pass, $dbname)
             			or mtdie('Could not connect to the database server.');
-            		@mysql_select_db($dbname, $this->link)
+            		if( !$this->link ) mtdie('Could not connect to the database server.');
-            			or mtdie('Could not open the megatokyo database.');
-            		if( !$this->link ) mtdie('Could not connect to the database server.');
             	}
             	function query($sql, $showerror = true ) {
-            		$r = mysql_query( $sql, $this->link );
+            		$r = mysqli_query( $this->link, $sql );
-            		if( false === $r && $showerror ) echo mysql_error();
+            		if( false === $r && $showerror ) echo mysqli_error($this->link);
             		return $r;
             	}
             	function getAll($sql) {
             		if( $r = $this->query( $sql ) ) {
             			$ret = array();
-            			while( $row = mysql_fetch_object( $r ) ) {
+            			while( $row = mysqli_fetch_object( $r ) ) {
             				$ret[] = $row;
             			}
             			return $ret;
             		}
             	}
             	function getRow($sql) {
             		if( $r = $this->query( $sql ) ) {
             			if( false === $r ) {
-            				echo mysql_error();
+            				echo mysqli_error($this->link);
             				return false;
             			}
-            			if( mysql_num_rows( $r ) == 0 ) return false;
+            			if( mysqli_num_rows( $r ) == 0 ) return false;
-            			return mysql_fetch_object( $r );
+            			return mysqli_fetch_object( $r );
             		}
             	}
             	function getOne($sql) {
             		if( $r = $this->query( $sql ) ) {
-            			if( mysql_num_rows( $r ) == 0 ) return false;
+            			if( mysqli_num_rows( $r ) == 0 ) return false;
-            			$ret = mysql_fetch_row( $r );
+            			$ret = mysqli_fetch_row( $r );
             			return $ret[0];
             		}
             	}
             }
-            ?>
  No newline at end of file
+            ?>

include/nonce.php ¶ +12 -12

             	global $mtdb;
             	$c = explode('-',$action);
             	$i = (int)$c[2];
             	$message = array();
             	$message['rant']['new'] = 'Are you sure you want to create a new rant?';
             	$message['rant']['save'] = 'Are you sure you want to save changes to the rant "%s"?';
             	$message['rant']['delete'] = 'Are you sure you want to delete the rant "%s"? This is a destructive action, and cannot be undone!';
             	$message['type']['new'] = 'Are you sure you want to create a new type?';
             	$message['type']['save'] = 'Are you sure you want to save changes to the type "%s"?';
             	$message['type']['delete'] = 'Are you sure you want to delete the type "%s"? This is a destructive action, and cannot be undone!';
             	$message['metatype']['new'] = 'Are you sure you want to create a new metatype?';
             	$message['metatype']['save'] = 'Are you sure you want to save changes to the metatype "%s"?';
             	$message['metatype']['delete'] = 'Are you sure you want to delete the metatype "%s"? This is a destructive action, and cannot be undone!';
             	$message['strip']['save'] = 'Are you sure you want to save changes to the strip "%s"?';
             	$message['strip']['delete'] = 'Are you sure you want to delete the comic strip "%1$s"? This will break site navigation, which can be fixed by changing other strip numbers. This is a destructive action, and cannot be undone! It is far better to <a href="edit-comic.php?strip_id=%1$s">edit the existing strip</a>.';
             	$message['strip']['swap'] = 'Are you sure you want to swap these two strips? This is a destructive action, and cannot be undone!';
             	$message['statusbox']['update'] = 'Are you sure you want to update the statusbox information?';
             	$message['scratchpad']['new'] = 'Are you sure you want to update the scratchpad information?';
             	$message['twitter']['new'] = 'Are you sure you want to update the Twitter feed?';
             	$message['extra']['new'] = 'Are you sure you want to upload a new file to /extra?';
             	$message['extra']['delete'] = 'Are you sure you want to delete the file from /extra named "%s"?';
             	$message['twitteruser']['delete'] = 'Are you sure you want to delete the twitter user "%s"?';
             	if( isset( $message[ $c[1] ][ $c[0] ] )) {
             		$t = $message[ $c[1] ][ $c[0] ];
             		if( false !== strpos( $t, '%' ) ) {
             			switch( $c[1] ) {
             				case 'rant':	$v = $mtdb->getOne('SELECT title FROM rant WHERE id=' . $i); break;
             				case 'strip':	$v = $mtdb->getOne('SELECT id FROM strip WHERE id=' . $i); break;
             				case 'twitteruser': $v = $mtdb->getOne('SELECT username FROM twitter_user WHERE id=' . $i); break;
             				default:		$v = $i;
             			}
             			return sprintf( $t, mt_specialchars($v,true) );
             		}
             		return $t;
             	}
             	return "Are you sure you want to perform the action $action?";
             }
             	echo '<input type="hidden" name="_mtnonce" value="' . create_nonce($action) . '" />';
             }
-            ?>
  No newline at end of file
+            ?>

include/pages.php ¶ +15 -15

             function insertpage($page) {
             	global $mtdb;
             	$sql = 'INSERT INTO static_page ( url_name, status, title, body, style ) VALUES ('
-            		. '   "' . mysql_real_escape_string($page->url_name)
+            		. '   "' . mysqli_real_escape_string($mtdb->link, $page->url_name)
-            		. '", "' . mysql_real_escape_string($page->status)
+            		. '", "' . mysqli_real_escape_string($mtdb->link, $page->status)
-            		. '", "' . mysql_real_escape_string( trim( $page->title ) )
+            		. '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->title ) )
-            		. '", "' . mysql_real_escape_string( trim( $page->body ) )
+            		. '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->body ) )
-            		. '", "' . mysql_real_escape_string( trim( $page->style ) )
+            		. '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->style ) )
             		. '")';
             	adminlog("Page '".$page->url_name."' has been added.", MTS_PAGE, MTA_ADD);
             	return $mtdb->query($sql);
+            }
             function updatepage($page) {
             	if ( !$page->url_name ) return false;
             	global $mtdb;
-            	$sql = 'UPDATE static_page SET url_name = "' . mysql_real_escape_string($page->url_name)
+            	$sql = 'UPDATE static_page SET url_name = "' . mysqli_real_escape_string($mtdb->link, $page->url_name)
-            		. '", status = "' . mysql_real_escape_string($page->status)
+            		. '", status = "' . mysqli_real_escape_string($mtdb->link, $page->status)
-            		. '", title = "' . mysql_real_escape_string( trim($page->title) )
+            		. '", title = "' . mysqli_real_escape_string( $mtdb->link, trim( $page->title ) )
-            		. '", body = "' . mysql_real_escape_string( trim($page->body ) )
+            		. '", body = "' . mysqli_real_escape_string( $mtdb->link, trim( $page->body ) )
-            		. '", style = "' . mysql_real_escape_string( trim($page->style ) )
+            		. '", style = "' . mysqli_real_escape_string( $mtdb->link, trim( $page->style ) )
-            		. '" WHERE url_name = "' . mysql_real_escape_string($page->url_name) . '"';
+            		. '" WHERE url_name = "' . mysqli_real_escape_string($mtdb->link, $page->url_name) . '"';
             	adminlog("Page '".$page->url_name."' has been updated.", MTS_PAGE, MTA_MODIFY);
             	return $mtdb->query( $sql );
             }
             	if ( !$url_name ) return false;
             	global $mtdb;
             	adminlog("Page '".$page->url_name."' has been deleted.", MTS_PAGE, MTA_DELETE);
-            	return $mtdb->query( 'DELETE FROM static_page WHERE url_name = "' . mysql_real_escape_string($url_name) . '"' );
+            	return $mtdb->query( 'DELETE FROM static_page WHERE url_name = "' . mysqli_real_escape_string($mtdb->link, $url_name) . '"' );
             }
             function getpage($url_name) {
             	global $mtdb;
-            	return $mtdb->getRow( 'SELECT url_name, status, title, body, style FROM static_page WHERE url_name = "'. mysql_real_escape_string($url_name) . '"' );
+            	return $mtdb->getRow( 'SELECT url_name, status, title, body, style FROM static_page WHERE url_name = "'. mysqli_real_escape_string($mtdb->link, $url_name) . '"' );
             }
             ?>

include/rants.php ¶ +25 -25

             	global $mtdb;
             	$sql = 'INSERT INTO rant ( published, status, side, author, title, body, link, imagetype, imagetext ) VALUES ( FROM_UNIXTIME('
             		. (int)$rant->published
-            		. '), "' . mysql_real_escape_string($rant->status)
+            		. '), "' . mysqli_real_escape_string($mtdb->link, $rant->status)
-            		. '", "' . mysql_real_escape_string($rant->side)
+            		. '", "' . mysqli_real_escape_string($mtdb->link, $rant->side)
             		. '", "' . (int)$rant->author
-            		. '", "' . mysql_real_escape_string( trim( $rant->title) )
+            		. '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->title) )
-            		. '", "' . mysql_real_escape_string( trim( $rant->body ) )
+            		. '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->body ) )
-            		. '", "' . mysql_real_escape_string( trim( $rant->link ) )
+            		. '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->link ) )
-            		. '", ' . mysql_real_escape_string($rant->imagetype)
+            		. '", ' . mysqli_real_escape_string($mtdb->link, $rant->imagetype)
-            		. ', "' . mysql_real_escape_string( trim( $rant->imagetext ) )
+            		. ', "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->imagetext ) )
             		. '")';
             	if( $mtdb->query( $sql ) ) {
             		//logthis( 'Saved changes to rant ' . $rant->id );
-            		$rant->id = mysql_insert_id( $mtdb->link );
+            		$rant->id = mysqli_insert_id( $mtdb->link );
             		adminlog("Rant ".$rant->id." saved.", MTS_RANT, MTA_ADD);
             		if($rant->status == "published")
             		{
             			$poster = get_userdatabyid($rant->author);
             				tumblrpost($rant->title, $rant->body);
             			}
             		}
             		return $rant->id;
             	}
             	return false;
+            }
             function updaterant($rant) {
             	if ( !(int)$rant->id ) return false;
             	global $mtdb;
             	#first, check if it's published already
             	$qr = $mtdb->query("SELECT status FROM rant WHERE id = ".$rant->id);
-            	$row = mysql_fetch_row($qr);
+            	$row = mysqli_fetch_row($qr);
             	$status = $row[0];
             	adminlog("Rant ".$rant->id." updated.", MTS_RANT, MTA_UPDATE);
             	$sql = 'UPDATE rant SET published=FROM_UNIXTIME(' . (int)$rant->published
-            		. '), status = "' . mysql_real_escape_string($rant->status)
+            		. '), status = "' . mysqli_real_escape_string($mtdb->link, $rant->status)
-            		. '", side = "' . mysql_real_escape_string($rant->side)
+            		. '", side = "' . mysqli_real_escape_string($mtdb->link, $rant->side)
             		. '", author = ' . (int)$rant->author
-            		. ', title = "' . mysql_real_escape_string( trim($rant->title) )
+            		. ', title = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->title) )
-            		. '", body = "' . mysql_real_escape_string( trim($rant->body ) )
+            		. '", body = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->body ) )
-            		. '", link = "' . mysql_real_escape_string( trim($rant->link ) )
+            		. '", link = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->link ) )
             		. '", imagetype = ' . (int)$rant->imagetype
-            		. ', imagetext = "' . mysql_real_escape_string( trim($rant->imagetext) )
+            		. ', imagetext = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->imagetext) )
             		. '" WHERE id=' . (int)$rant->id;
             	if($status == "draft" && $rant->status == "published")
             	{
             		$poster = get_userdatabyid($rant->author);
             			tumblrpost($rant->title, $rant->body);
             		}
             	}
             	return $mtdb->query( $sql );
             }

include/rss.php ¶ +3 -3

             function rsspost($body, $url)
             {
             	global $mtdb;
             	$mtdb->query('INSERT INTO rss_comment (body, url)
-            		VALUES ("'.mysql_real_escape_string($body).'",
+            		VALUES ("'.mysqli_real_escape_string($mtdb->link, $body).'",
-            		"'.mysql_real_escape_string($url).'")');
+            		"'.mysqli_real_escape_string($mtdb->link, $url).'")');
             	return true;
             }

include/strip.php ¶ +14 -14

             // Strip id is automatically incremented
             function insertstrip(&$strip) {
             	global $mtdb;
             	$strip->book = ($strip->book == '') ? 'NULL' : (int)$strip->book;
             	$strip->page = ($strip->page == '') ? 'NULL' : (int)$strip->page;
             	$mtdb->query('START TRANSACTION');
             	$newid = $mtdb->getOne('SELECT MAX(id) FROM strip') + 1;
             	$sql = 'INSERT INTO strip ( id, published, media, type, title, book, page ) VALUES ('
             		. ', FROM_UNIXTIME(' . (int)$strip->published
             		. '), '. (int)$strip->media
             		. ', ' . (int)$strip->type
-            		. ', "' . mysql_real_escape_string( trim($strip->title) )
+            		. ', "' . mysqli_real_escape_string( $mtdb->link, trim($strip->title) )
             		. '", '. $strip->book
             		. ', ' . $strip->page
             		. ')';
             	$r = $mtdb->query( $sql );
             	if( !$r ) {
             		$mtdb->query('ROLLBACK');
             	}
             	$mtdb->query('COMMIT');
             	adminlog("Comic ".$newid." posted.", MTS_STRIP, MTA_ADD);
             	$strip->id = $newid;
             	if( $strip->id == 0 ) return false;
             	return true;
+            }
             function updatestrip(&$strip) {
             	global $mtdb;
             	$strip->book = ($strip->book === '') ? 'NULL' : (int)$strip->book;
             	$strip->page = ($strip->page === '') ? 'NULL' : (int)$strip->page;
             	$mtdb->query('START TRANSACTION');
             	$sql = 'UPDATE strip SET
             		published = FROM_UNIXTIME(' . (int)$strip->published .')
             		, media = '. (int)$strip->media .'
             		, type = ' . (int)$strip->type .'
-            		, title = "' . mysql_real_escape_string( trim($strip->title) ) .'"
+            		, title = "' . mysqli_real_escape_string( $mtdb->link, trim($strip->title) ) .'"
             		, book = ' . (int)$strip->book .'
             		, page = ' . (int)$strip->page .'
             		WHERE id = ' . (int)$strip->id;
             	$mtdb->query('COMMIT');
             	adminlog("Comic ".$strip->id." modified.", MTS_STRIP, MTA_MODIFY);
             	return true;
+            }
             // Delete destination strip from DB and FS, and Update/Rename the source strip into place. Destructive Move!
             function move_strip($from_id, $to_id)
             	global $mtdb;
             	$from_id = (int) $from_id;
             	$to_id = (int) $to_id;
             	// Ensure our source exists
             	$num_strips = $mtdb->getOne( "SELECT COUNT(*) FROM strip WHERE id = $from_id" );
             	if($num_strips < 1)
             	// Ready the destination
             	deletestrip( $to_id );
             	// Update database
             	$mtdb->query( "UPDATE strip SET id = $to_id WHERE id = $from_id" );
             	$strip = $mtdb->getRow( "SELECT strip.id, extension FROM strip, media_t WHERE media_t.id = strip.media AND strip.id = $to_id" );
             function deletestrip($id) {
             	$id = (int)$id;
             	if ( !$id ) return false;
             	global $mtdb;
             	$r = $mtdb->query( 'DELETE FROM strip WHERE id=' . $id );
             	foreach(glob(sprintf(SITE_PATH_ABS.'/'.SITE_STRIP.'/%04d*.*', $id)) as $item)

include/transcript.php ¶ +28 -28

             	#first, if no angle brackets, we're OK
             	if(substr_count($line, "<") == 0 &&  substr_count($line, ">") == 0)
             		return true;
             	if(substr_count($line, "<") != substr_count($line, ">"))
             	{
             		return false;
             	}
             	return true;
             }
             function gettranscript(&$strip)
             {
             	global $mtdb;
             	$result = $mtdb->query('SELECT strip FROM transcript WHERE strip=' . (int)$strip->id );
             	if($result)
             		if( $numPanels ) {
             			for($i = 1; $i <= $numPanels; $i++) {
             				$result = $mtdb->query( 'SELECT speaker, speech FROM transcript WHERE transcript.strip=' . (int)$strip->id . ' AND panel=' .$i.' ORDER BY line')
-            					or mtdie("There was an error fetching the panel count in the transcript for $strip->id, panel $i. " . mysql_error(), 'SQL Error');
+            					or mtdie("There was an error fetching the panel count in the transcript for $strip->id, panel $i. " . mysqli_error(), 'SQL Error');
             				if(!$result) continue;
             				$output.= "\nnewpanel\n";
-            				while($row = mysql_fetch_row($result)) {
+            				while($row = mysqli_fetch_row($result)) {
             					if(strlen($row[0]) < 1) continue;
             					$output.= $row[0];
             					if($row[1] !== '') $output.= ":: ".$row[1];
             					$output.= "\n";
             function savetranscript( &$strip ) {
             	global $mtdb;
             	$info = '';
             	$mtdb->query('START TRANSACTION');
             	//remove any old transcript data - it's being replaced
             	$mtdb->query( 'DELETE FROM transcript WHERE transcript.strip=' . (int)$strip->id );
             					if(strpos($lines[$j], '(') === 0) {
             						# Line is a note, add it as a comment
-            						$insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, '#', mysql_real_escape_string($lines[$j]), '');
+            						$insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, '#', mysqli_real_escape_string($mtdb->link, $lines[$j]), '');
             					} elseif(strpos($lines[$j], '[') === 0 || strlen($lines[$j]) == 0) {
             						# Line is an annotation or blank, do nothing
             						continue;
             						# Line contains a list of nonspeaking characters
             						array_splice($lines, $j, 1, array_map('_nospeaker', explode(',', substr($lines[$j], 11))));
             						$speaker = trim(substr($lines[$j], 11));
-            						$insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysql_real_escape_string($speaker), '', '');
+            						$insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker), '', '');
             					} elseif($i > 0 && $lines[$j] == strtoupper($lines[$j])) {
             						# Line designates a new speaker, note speaker
             						# Handle speakers who did not say anything
             						if(null !== $speaker && !$has_spoken)
-            							$insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysql_real_escape_string($speaker), '', '');
+            							$insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker), '', '');
             						$speaker = ucfirst(strtolower($lines[$j]));
             						$has_spoken = false;
             							$info .= "<p>Warning: Open brackets do not match close brackets in panel $i for speaker ".htmlentities($speaker).'</p>';
             						$search = preg_replace( '/[[:punct:]]|(?<=\s)\s+/', ' ', strtolower($lines[$j]) );
-            						$insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysql_real_escape_string($speaker),
+            						$insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker),
-            								mysql_real_escape_string($lines[$j]), mysql_real_escape_string($search));
+            								mysqli_real_escape_string($mtdb->link, $lines[$j]), mysqli_real_escape_string($mtdb->link, $search));
             						$has_spoken = true;
             					} else {
             						# Line is unrecognized, add it as a comment
-            						$insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, '#', mysql_real_escape_string($lines[$j]), '');
+            						$insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, '#', mysqli_real_escape_string($mtdb->link, $lines[$j]), '');
             					}
             					if( $insert_sql && false === $mtdb->query( $insert_sql ) ) {
             						$mtdb->query('ROLLBACK');
-            						mtdie (mysql_error(), 'Error inserting transcript.');
+            						mtdie (mysqli_error($mtdb->link), 'Error inserting transcript.');
             					}
             				}
             				if(null !== $speaker && !$has_spoken) {
-            					$insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysql_real_escape_string($speaker), '', '');
+            					$insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker), '', '');
             					if( false === $mtdb->query( $insert_sql ) ) {
             						$mtdb->query('ROLLBACK');
-            						mtdie (mysql_error(), 'Error inserting transcript.');
+            						mtdie (mysqli_error($mtdb->link), 'Error inserting transcript.');
             					}
             				}
             			}
             		} else {
             			# Assume that this is a Kalium style transcript
             			$numPanels = count($panels);
             			foreach($panels as $currPanel)
             				$currPanel = trim($currPanel);
             			for($i = 1; $i < $numPanels; $i++) {
             				$lines = explode("\n", $panels[$i]);
             				$numLines = count($lines);
             				foreach($lines as $currLine)
             					$currLine = trim($currLine);
             				for($j = 1; $j < $numLines; $j++) {
             					$spoken = explode("::", $lines[$j]); // Distinguish between speaker and speech
             					$spoken[0] = trim($spoken[0]);	// Strip excess whitespace
             					$spoken[1] = trim($spoken[1]);
             					if(strlen($spoken[0]) <  1) continue;	// Disregard null
             					$spoken[2] = preg_replace('/[[:punct:]]|(?<=\s)\s+/', ' ', strtolower($spoken[1]) );	// Make searchable text
             					if(!bracketbalance($spoken[1]))
             						$info .= "<p>Warning: Open brackets do not match close brackets in panel $i for speaker ".htmlentities($spoken[0]).'</p>';
-            					$insert_sql = sprintf($inserter, (int)$strip->id, (int)$i, (int)$j, mysql_real_escape_string($spoken[0]),
+            					$insert_sql = sprintf($inserter, (int)$strip->id, (int)$i, (int)$j, mysqli_real_escape_string($mtdb->link, $spoken[0]),
-            							mysql_real_escape_string($spoken[1]), mysql_real_escape_string($spoken[2]) );
+            							mysqli_real_escape_string($mtdb->link, $spoken[1]), mysqli_real_escape_string($mtdb->link, $spoken[2]) );
             					if( false === $mtdb->query( $insert_sql ) ) {
             						$mtdb->query('ROLLBACK');
-            						mtdie (mysql_error(), 'Error inserting transcript.');
+            						mtdie (mysqli_error($mtdb->link), 'Error inserting transcript.');
             					}
             				}
             			}

include/twitter.php ¶ +10 -10

             			adminlog("Twitter post failed for user $user!", MTS_TWITTER, MTA_ADD);
             		}
             		return !empty($buffer);
             	} else {
             		# OAuth Mode
-            		$row = $mtdb->getRow( sprintf('SELECT id, username, oauth_token, oauth_token_secret FROM twitter_user WHERE username="%s"', mysql_real_escape_string($user)));
+            		$row = $mtdb->getRow( sprintf('SELECT id, username, oauth_token, oauth_token_secret FROM twitter_user WHERE username="%s"', mysqli_real_escape_string($mtdb->link, $user)));
             		$username = $row->username;
             		$oauth_token = $row->oauth_token;
             		$oauth_token_secret = $row->oauth_token_secret;
             		$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $oauth_token, $oauth_token_secret);
             		$parameters = array('status' => $message );
             		$status = $connection->post('statuses/update', $parameters);
             		switch( $connection->http_code ) {
             			case 200:
             				adminlog("Twitter post succeeded for user $username!", MTS_TWITTER, MTA_ADD);
             				adminlog("Twitter post failed for user $username!", MTS_TWITTER, MTA_ADD);
             				return false;
             		}
             	}
             }
             function setOAuthTokens($userid,$oauth_token,$oauth_token_secret, $username) {
             	global $mtdb;
             	$id = (int)$userid;
-            	if( $mtdb->query( sprintf('UPDATE twitter_user SET oauth_token="%s", oauth_token_secret="%s", username="%s" WHERE id=%d', mysql_real_escape_string($oauth_token), mysql_real_escape_string($oauth_token_secret), mysql_real_escape_string($username), $id )) )
+            	if( $mtdb->query( sprintf('UPDATE twitter_user SET oauth_token="%s", oauth_token_secret="%s", username="%s" WHERE id=%d', mysqli_real_escape_string($mtdb->link, $oauth_token), mysqli_real_escape_string($mtdb->link, $oauth_token_secret), mysqli_real_escape_string($mtdb->link, $username), $id )) )
             		return true;
             	return false;
             }

include/type.php ¶ +2 -2

             	global $mtdb;
             	$id = (int)$id;
             	$r = $mtdb->getRow( 'SELECT id, name, description FROM strip_t WHERE id=' . $id );
             	$r->meta = $mtdb->getAll( 'SELECT meta as id from meta where type=' . $id);
             	return $r;
             }
             	return $obj->name;
             }
-            ?>
  No newline at end of file
+            ?>

include/uploads.php ¶ +5 -5

             	$doing_upload = false;
             	$upload_imagetype = null;
             	$upload_error = false;
             	if( false === $image_data ) {
             		$upload_error='<p>Something wronky happened with that upload, getimagesize() returned false!</p>';
             	} elseif( 300 > $image_data[0] ) {
             	return compact( "upload_error", "doing_upload", "upload_imagetype" );
             }
             function save_stock_rant_image( $source, $rant ) {
             	if( copy( sprintf( '%s/%s/%s', SITE_PATH_ABS,SITE_RANT,$source),
             		SITE_PATH_ABS .'/'.get_rantimage_filename($rant) ) ) {
             		$upload_info='<p>Default rant image copied.</p>';
             			$upload_info='<p>New rant image uploaded for rant '. $rant->id .'.</p>';
             		} else {
             			$upload_error='<p>Something went wrong while moving the uploaded image.</p>';
+            		}
             	} else {
             		if( crop_resize($source, $destination) ) {
             			$upload_info='<p>New rant image uploaded and resized for rant '. $rant->id .'.</p>';
             	$image_data = getimagesize( $source );
             	$mtdb->query( "INSERT INTO rant_attachment (rant, media) VALUES ($rant, $image_data[2])" );
-            	$rant_attachment_id = mysql_insert_id( $mtdb->link );
+            	$rant_attachment_id = mysqli_insert_id( $mtdb->link );
             	if( move_uploaded_file($source, SITE_PATH_ABS.'/'.get_rantattachment_filename($rant_attachment_id) ) ) {
             		$upload_info='<p>New rant attachment uploaded for rant '. $rant .'.</p>';
             		adminlog('Rant attachment uploaded', MTS_RANT, MTA_ADD);
             	} else {
             		$upload_error='<p>Something went wrong while storing the attachment.</p>';
+            	}
             	return compact("rant_attachment_id","upload_info","upload_error");
             }

include/user.php ¶ +5 -5

             }
             function get_userdatabyid( $id ) {
             	global $mtdb;
             	return $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link FROM contributor WHERE id = ' . (int)$id );
             }
             function get_userdatabylogin( $username ) {
             	global $mtdb;
-            	return $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link FROM contributor WHERE name = "' . mysql_real_escape_string($username) . '"' );
+            	return $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link FROM contributor WHERE name = "' . mysqli_real_escape_string($mtdb->link, $username) . '"' );
             }
             function save_userdata( $user ) {
             	adminlog("Saved changes to user ".$user->id." (".$user->name.").", MTS_USER, MTA_UPDATE);
             	global $mtdb;
             	return $mtdb->query( sprintf( 'UPDATE contributor SET email="%s", nameplate="%s", default_image="%s", default_link="%s" WHERE id=%d',
-            		mysql_real_escape_string($user->email), mysql_real_escape_string($user->nameplate),
+            		mysqli_real_escape_string($mtdb->link, $user->email), mysqli_real_escape_string($mtdb->link, $user->nameplate),
-            		mysql_real_escape_string($user->default_image), mysql_real_escape_string($user->default_link), $user->id) );
+            		mysqli_real_escape_string($mtdb->link, $user->default_image), mysqli_real_escape_string($mtdb->link, $user->default_link), $user->id) );
             }
             function change_password( $user ) {
             	adminlog("Changed password for user ".$user->id." (".$user->name.").", MTS_USER, MTA_UPDATE);
             	global $mtdb, $currentuser;
             	if( $currentuser->id === $user->id ) mt_setcookie($user->name, $user->password, false, ADMINURL, FALSE );
-            	return $mtdb->query( 'UPDATE contributor SET password=SHA1( "' . mysql_real_escape_string($user->password) . '" ) WHERE id = "' . mysql_real_escape_string($user->id) . '"' );
+            	return $mtdb->query( 'UPDATE contributor SET password=SHA1( "' . mysqli_real_escape_string($mtdb->link, $user->password) . '" ) WHERE id = "' . mysqli_real_escape_string($mtdb->link, $user->id) . '"' );
             }
             ?>

index.php ¶ +2 -2

             			$days = 1;
             		}
             		$since = sprintf( $days == 1 ? '%s day' : '%s days', $days);
             	} else {
             		$weeks = round($diff / 604800);
             		if( $weeks <= 1) {
             			$weeks = 1;
             	?>
             	</ul>
             	<p style="padding-bottom:1em;"><input type="text" name="message" /><input type="submit" value="Send" /></p>
             </form><br>
             <h2>Recent Strips</h2>

             require_once('include/admin.inc.php');
             /* Megatokyo admin system assumes that everyone has equivilent
                ability to create and alter content. There are no permission
                levels or access controls other than "Can they login?" */
             	case 'login':
             		$log = $_POST['log'];
             		$pwd = $_POST['pwd'];
             		if( mt_login( $log, $pwd )) {
             			//logthis ( "AUTH: Successful login from $log at " . $_SERVER["REMOTE_ADDR"], false );
             			adminlog("User ".$log." has logged in from ".$_SERVER['REMOTE_ADDR'], MTS_LOGIN, MTA_CHANGE);
             		} else {
             			//logthis ('AUTH: Failed login attempt from ' . $_SERVER["REMOTE_ADDR"], var_export( $_REQUEST, true ) );
             		}
             		// incorrect username or password, fall through to error display
             	case 'error':
             	default:
             		if (  !empty($_COOKIE[USER_COOKIE]) && mt_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) ) {
             			// Already logged in, redirect to admin dashboard.
             			nocache_headers();
             			_redirect( ADMIN_PATH .'/' );
             		}
             		if( $_GET['loggedout'] == true ) $error.='<p>Successfully logged you out.</p>';
             ?>
             <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
             				<input type="hidden" name="action" value="login" />
             			</p>
             		</form></div>
             		<ul>
             			<li><a href="<?php echo SITE_HOST.SITE_PATH; ?>" title="Return to the public Megatokyo website.">Back to Megatokyo Website</a></li>
             		</ul>
             		</body>
             		</html>
             		<?php
             		die();
             } // end switch

manage-metatypes.php ¶ +11 -11

             	if(! $mtdb->query( 'DELETE FROM meta_t WHERE id=' . (int)$_GET['delete'] ) )
             	{
             		adminlog("Error on deleting metatype ".(int)$_GET['delete'], MTS_TYPE_META, MTA_DELETE, E_WARNING);
-            		mtdie("Error on update: ". htmlentities(mysql_error()));
+            		mtdie("Error on update: ". htmlentities(mysqli_error()));
             	}
             	$info.='<p>Deleted metatype successfully.<p>';
             	adminlog("Metatype ".(int)$_GET['delete']." deleted.", MTS_TYPE_META, MTA_DELETE);
             if( isset($_POST['action']) && $_POST['action'] == 'new_meta' ) {
             	check_nonce('new-metatype');
             	$name = trim($_POST['name']);
             	if( check_type_name( $name ) ) {
-            		if(! $mtdb->query( 'INSERT INTO meta_t(name) VALUES("'. mysql_real_escape_string($name) . '")' ) )
+            		if(! $mtdb->query( 'INSERT INTO meta_t(name) VALUES("'. mysqli_real_escape_string($mtdb->link, $name) . '")' ) )
             		{
             			adminlog("Error on inserting metatype ".(int)$_GET['delete'], MTS_TYPE_META, MTA_INSERT, E_WARNING);
-            			mtdie("Error on insertion: ". htmlentities(mysql_error()));
+            			mtdie("Error on insertion: ". htmlentities(mysqli_error()));
             		}
             	}
             	$info.='<p>New metatype created successfully.<p>';
             if( isset($_POST['action']) && $_POST['action'] == 'edit_meta' ) {
             	check_nonce('save-metatype-'.(int)$_POST['type_id']);
             	$name = trim($_POST['name']);
             	if( check_type_name( $name ) ) {
-            		if(! $mtdb->query( 'UPDATE meta_t SET name = "' . mysql_real_escape_string($name) . '" WHERE id=' . (int)$_POST['type_id']) )
+            		if(! $mtdb->query( 'UPDATE meta_t SET name = "' . mysqli_real_escape_string($mtdb->link, $name) . '" WHERE id=' . (int)$_POST['type_id']) )
             		{
             			adminlog("Error updating metatype ".(int)$_GET['delete'], MTS_TYPE_META, MTA_UPDATE, E_WARNING);
-            			mtdie("Error on update: ". htmlentities(mysql_error()));
+            			mtdie("Error on update: ". htmlentities(mysqli_error()));
             		}
             	}
             	$info.='<p>Changes to metatype saved successfully.<p>';
             	<td width="66%"><input name="name" type="text" id="name" value="" /></td>
             	</tr>
             	</table>
             	<p class="submit"><input type="submit" value="Create &raquo;" name="submit" /></p>
             </div>
             </form>
             <?php
             adminfooter();
-            ?>
  No newline at end of file
+            ?>

manage-statusbox.php ¶ +8 -8

             		return;
             	}
-            	$mtdb->query( 'INSERT INTO status (published,eta,percentage,text) VALUES( NOW(), FROM_UNIXTIME(' . (int)$eta . '), '. (int)$percent . ', "' . mysql_real_escape_string($text) . '")' );
+            	$mtdb->query( 'INSERT INTO status (published,eta,percentage,text) VALUES( NOW(), FROM_UNIXTIME(' . (int)$eta . '), '. (int)$percent . ', "' . mysqli_real_escape_string($mtdb->link, $text) . '")' );
             	$_POST['update_percentage']=$_POST['update_eta']=$_POST['update_text']='';
             	$info = '<p>Statusbox updated successfully.</p>';
             	<th scope="row">Status Description</th>
             	<td width="66%"><textarea name="update_text" row="6" cols="30" id="update_text"><?php echo htmlentities($_POST['update_text']); ?></textarea></td>
             	</tr>
             	<script type="text/javascript">
             	function PresetHandler( f ) {
             		var i = f.preset.selectedIndex;
             		var v = f.preset.options[i].value;
             		var parts = v.split("% - ");
             		if( parts[0] == undefined ) {
             			parts[0] = "";
             		}
             		if( parts[1] == undefined ) {
             			parts[1] = "";
             		}
             		f.update_percentage.value = parts[0];
             		f.update_text.value = parts[1];
             		return true;
             	}
             	document.write('<tr><th scope="row">Presets</th><td width="66%"><select name="preset" onchange="PresetHandler(this.form);"><option value="">-none-</option><?php
             		foreach( $presets as $p )
             			echo '<option value="' . addslashes(htmlentities($p->p)) . '">' . addslashes(htmlentities($p->p)) . '</option>';
             	?></select></td></tr>');
             	</script>
             	</table>

manage-twitter-presets.php ¶ +2 -2

             		if(0 == $id && !empty($msg)) {
             			// Add a new preset
-            			$mtdb->query( sprintf('INSERT INTO twitter_status (position, message) VALUES (%d, "%s")', $position, mysql_real_escape_string($msg)) );
+            			$mtdb->query( sprintf('INSERT INTO twitter_status (position, message) VALUES (%d, "%s")', $position, mysqli_real_escape_string($mtdb->link, $msg)) );
             			adminlog("Added new preset: $msg", MTS_TWITTER, MTA_ADD);
             		} elseif(empty($msg)) {
             			// Delete an existing preset
             			adminlog("Removed preset: $id", MTS_TWITTER, MTA_ADD);
             		} else {
             			// Modify an existing preset
-            			$mtdb->query( sprintf('UPDATE twitter_status SET position = %d, message = "%s" WHERE id = %d', $position, mysql_real_escape_string($msg), $id) );
+            			$mtdb->query( sprintf('UPDATE twitter_status SET position = %d, message = "%s" WHERE id = %d', $position, mysqli_real_escape_string($mtdb->link, $msg), $id) );
             		}
             	}
             }

manage-twitter-users.php ¶ +19 -19

             if( isset($_POST['action']) && $_POST['action'] == 'new' ) {
             	check_nonce('new-twitter-user');
-            	if(! $mtdb->query( sprintf('INSERT INTO twitter_user(username) VALUES("%s")', mysql_real_escape_string( md5( microtime() )) ) ) ) {
+            	if(! $mtdb->query( sprintf('INSERT INTO twitter_user(username) VALUES("%s")', mysqli_real_escape_string( $mtdb->link, md5( microtime() )) ) ) ) {
             		adminlog("Error on insertion of new twitter user.", MTS_TWITTER, MTA_INSERT, E_WARNING);
-            		mtdie("Error on insertion of new twitter user: ". htmlentities(mysql_error()), 'SQL Error');
+            		mtdie("Error on insertion of new twitter user: ". htmlentities(mysqli_error()), 'SQL Error');
             	} else {
             		//$name = sanitize_username($_POST['name']);
-            		$id = mysql_insert_id();
+            		$id = mysqli_insert_id();
             		$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET);
             		$request_token = $connection->getRequestToken(OAUTH_CALLBACK . "&id=$id");
             		if ($connection->http_code !== 200 ) {
             			adminlog("Twitter getRequestToken failed. HTTP code: $connection->http_code", MTS_TWITTER, MTA_MODIFY);
             			mtdie("Could not connect to twitter.com.");
             		}
             		echo $id . '<br/>';
             		setOAuthTokens( $id, $request_token['oauth_token'], $request_token['oauth_token_secret'], md5(microtime()) );
             		adminlog("New twitter user created successfully.", MTS_TWITTER, MTA_ADD);
             		$url = $connection->getAuthorizeURL($request_token['oauth_token']);
             		//echo $url;
             		_redirect($url);
             		exit();
             	}
             }
             	# twitter userID = ID
             	$id = (int)$_REQUEST['id'];
             	$row = $mtdb->getRow( sprintf('SELECT id, username, oauth_token, oauth_token_secret, oauth_access_token FROM twitter_user WHERE id=%d LIMIT 1', $id));
             	# Compare token in database with token from twitter. If they differ, bail.
             	if( $row->oauth_token != $_REQUEST['oauth_token'] ) {
             		# token is old, drop from database
             	} else {
             		# token is good, save the new Access Token to the database
             		$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $row->oauth_token, $row->oauth_token_secret);
             		$access_token = $connection->getAccessToken($_REQUEST['oauth_verifier']);
             		if (200 == $connection->http_code) {
             			# successful
             			$info.='<p>Successfully obtained OAuth Access Token.</p>';
             			adminlog("Successfully received OAuth Access Tokens for twitter user.", MTS_TWITTER, MTA_MODIFY, E_WARNING);
             			//print_r($content);
             		} else {
             			# fail
             			if( !$mtdb->query("DELETE FROM twitter_user WHERE id = '$id'") ) {
             			$info.='<p>Failed to get OAuth Access Token for ' . $username . '.</p>';
             			adminlog("Failed to get OAuth Access Tokens for twitter user.", MTS_TWITTER, MTA_MODIFY, E_ERROR);
             		}
             	}
             }
             	$alternate=false;
             	foreach( $twitter_users as $s ) {
             		$alternate=!$alternate;
             		?>
             		<tr id="twitteruser-<?php echo $s->id; ?>" <?php if($alternate) echo 'class="alternate"'; ?>>
             		 <th scope="row" style="text-align: center;"><?php echo $s->id; ?></th>
             		 <td><?php echo htmlentities($s->username); ?></td>
             		 <td><?php echo htmlentities($s->oauth_token); ?></td>
             		 <td><?php echo htmlentities($s->oauth_token_secret); ?></td>
             		 <td><?php
             			$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $s->oauth_token, $s->oauth_token_secret);
             			$content = $connection->get('account/verify_credentials');
             			if( isset($content->profile_image_url)) {

manage-types.php ¶ +23 -23

             	if(! $mtdb->query( 'DELETE FROM strip_t WHERE id=' . (int)$_GET['delete'] ) )
             	{
             		adminlog("Error deleting type ".(int)$_GET['delete'], MTS_TYPE, MTA_DELETE, E_WARNING);
-            		mtdie("Error on deletion of existing type: " . htmlentities(mysql_error()), 'SQL Error');
+            		mtdie("Error on deletion of existing type: " . htmlentities(mysqli_error()), 'SQL Error');
             	}
             	if(! $mtdb->query( 'DELETE FROM meta WHERE type=' . (int)$_GET['delete'] ) )
             	{
             		adminlog("Error on deletion of type ".(int)$_GET['delete']."'s metadata.", MTS_TYPE, MTA_DELETE, E_WARNING);
-            		mtdie("Error on deletion of existing type's metadata: " . htmlentities(mysql_error()), 'SQL Error');
+            		mtdie("Error on deletion of existing type's metadata: " . htmlentities(mysqli_error()), 'SQL Error');
             	}
             	$info.='<p>Deleted type successfully.<p>';
             	adminlog("Deleted type ".(int)$_GET['delete'], MTS_TYPE, MTA_DELETE);
             if( isset($_POST['action']) && $_POST['action'] == 'new_type' ) {
             	check_nonce('new-type');
             	$name = trim($_POST['name']);
             	$desc = trim($_POST['description']);
             	if( check_type_name($name) ) {
-            		if(! $mtdb->query( sprintf( 'INSERT INTO strip_t(name, description) VALUES("%s", "%s")', mysql_real_escape_string($name), mysql_real_escape_string($desc)) ) )
+            		if(! $mtdb->query( sprintf( 'INSERT INTO strip_t(name, description) VALUES("%s", "%s")', mysqli_real_escape_string($mtdb->link, $name), mysqli_real_escape_string($mtdb->link, $desc)) ) )
             		{
             			adminlog("Error on insertion of new type.", MTS_TYPE, MTA_INSERT, E_WARNING);
-            			mtdie("Error on insertion of new type: ". htmlentities(mysql_error()), 'SQL Error');
+            			mtdie("Error on insertion of new type: ". htmlentities(mysqli_error()), 'SQL Error');
             		}
             	}
             	$info.='<p>New type created successfully.<p>';
             }
             if( isset($_POST['action']) && $_POST['action'] == 'edit_type' ) {
             	$id = (int)$_POST['type_id'];
             	check_nonce("save-type-$id");
             	$name = trim($_POST['name']);
             	$desc = trim($_POST['description']);
             	$meta = $_POST['meta'];
             	$m_delete = $mtdb->getAll("SELECT meta FROM meta WHERE type = $id");
             	$m_insert = array();
             	// Key listed in both Insert and Delete lists, so remove from both == Do Nothing
             	foreach( $m_delete as $k=>$v ) {
             		if( array_key_exists( $v->meta, $meta ) ) {
             			unset($m_delete[$k]);
             			unset($meta[$v->meta]);
             		} else {
             			$m_delete[$k] = 'meta=' . (int)$v->meta;
+            		}
             	}
             	// Key listed only in Insert list, make proper format
             	}
             	if( check_type_name( $name ) ) {
-            		if( !$mtdb->query( sprintf( 'UPDATE strip_t SET name = "%s", description = "%s" WHERE id = %s', mysql_real_escape_string($name), mysql_real_escape_string($desc), $id)) )
+            		if( !$mtdb->query( sprintf( 'UPDATE strip_t SET name = "%s", description = "%s" WHERE id = %s', mysqli_real_escape_string($mtdb->link, $name), mysqli_real_escape_string($mtdb->link, $desc), $id)) )
             		{
             			adminlog("Error on updating type ".$id, MTS_TYPE, MTA_UPDATE, E_WARNING);
-            			mtdie("Error on update of existing type: ". htmlentities(mysql_error()), 'SQL Error');
+            			mtdie("Error on update of existing type: ". htmlentities(mysqli_error()), 'SQL Error');
             		}
             		$sql_insert = "INSERT INTO meta (type,meta) VALUES " . implode(',',$m_insert);
             		$sql_delete = "DELETE FROM meta WHERE type=$id AND ( " . implode(' OR ',$m_delete) . ' )';
             		$mtdb->query('START TRANSACTION');
             		if( count($m_insert) )
             			if(! $mtdb->query( $sql_insert ) )
             			{
             				adminlog("Error deleting old metatype association data for type ".$id, MTS_TYPE, MTA_REMOVE, E_WARNING);
             				mtdie("There was an error deleting old metatype data. Transaction aborted. $sql_delete");
             			}
             		$mtdb->query('COMMIT');
             	} else {
             		$error.='<p>Invalid type name!</p>';
             	}
             	$alternate=false;
             	foreach( $types as $s ) {
             		$alternate=!$alternate;
             		$metas = $mtdb->getAll("SELECT meta_t.name AS name FROM strip_t
             			JOIN meta ON meta.type = strip_t.id JOIN meta_t ON meta.meta = meta_t.id
             			WHERE strip_t.id = $s->id");
             		$meta = implode(', ',  array_map('_getMetaNameFromObject', $metas) );
             		?>
             		<tr id="comic-<?php echo $s->id; ?>" <?php if($alternate) echo 'class="alternate"'; ?>>
             		 <th scope="row" style="text-align: center;"><?php echo $s->id; ?></th>
             	<td width="66%"><input name="description" type="text" id="description" value="" /></td>
             	</tr>
             	</table>
             	<p class="submit"><input type="submit" value="Create &raquo;" name="submit" /></p>
             </div>
             </form>

post-comic.php ¶ +1 -1

             	//in general, this is the case that is desired
             	//	the next monday, wednesday, or friday that isn't today
             	$post_date = min( strtotime("next Monday +1 hour", $tomorrow), strtotime("next Wednesday +1 hour", $tomorrow), strtotime("next Friday +1 hour", $tomorrow) );
             	//however, if it is monday, wednesday, or friday AND before 1 AM
             	// then we want to post at 1 AM on this day
             	$today = date("l");

post-page.php ¶ +2 -2

             <fieldset id="postdivrich">
             	<legend>Page</legend>
             	<style type="text/css">
             		#postdivrich table, #postdivrich #quicktags {border-top: none;}
             		#quicktags {border-bottom: none; padding-bottom: 2px; margin-bottom: -1px;}
             <fieldset id="cssdivrich">
             	<legend>Optional CSS</legend>
             	<style type="text/css">
             		#postdivrich table, #postdivrich #quicktags {border-top: none;}
             		#quicktags {border-bottom: none; padding-bottom: 2px; margin-bottom: -1px;}

post-rant.php ¶ +8 -8

             <?php
               // What side does this author usually post on?
               $usual = $mtdb->getOne( 'SELECT side,count(*) c FROM rant WHERE author=' . (int)$currentuser->id . ' GROUP BY side ORDER BY c DESC limit 1' );
               $sides = array('left'=>'Left','right'=>'Right');
               foreach( $sides as $k=>$v ) {
               	printf('<option value="%s" %s>%s</option>', htmlentities($k), ($usual == $k ? 'selected="selected"' : '' ), $v );
             </fieldset>
             <fieldset id="authordiv" class="dbx-box">
             <h3 class="dbx-handle">Author</h3>
             <div class="dbx-content"><select name="rant_author"><?php
             	$contrib = $mtdb->getAll('select id,name from contributor');
             	foreach( $contrib as $k=>$v ) {
             <fieldset id="postdivrich">
             	<legend>Post</legend>
             	<style type="text/css">
             		#postdivrich table, #postdivrich #quicktags {border-top: none;}
             		#quicktags {border-bottom: none; padding-bottom: 2px; margin-bottom: -1px;}
             	</style>
             	<div><textarea class="mceEditor" rows="13" cols="40" name="content" tabindex="3" id="content"></textarea></div>
             	<?php
             	/*
             	include("include/fckeditor/fckeditor_php4.php");
             	$oFCKeditor->Create();
             	*/
             	?>
             </fieldset>
             		<input type="hidden" name="MAX_FILE_SIZE" value="10000000" />
             		<input name="ranterImage" type="file"/>
             	</p>
             	</td><td>
             	<?php if ( $rantimage_filename ): ?>
             		<p><img src="<?php echo SITE_HOST . '/' . SITE_PATH . '/' . $rantimage_filename; ?>" width="150" /></p>

post-scratchpad.php ¶ +1 -1

             check_nonce('new-scratchpad');
-            $mtdb->query( sprintf( 'INSERT INTO scratchpad (contributor, message) VALUES (%d, "%s")', (int)$currentuser->id, mysql_real_escape_string($_REQUEST['message'])) );
+            $mtdb->query( sprintf( 'INSERT INTO scratchpad (contributor, message) VALUES (%d, "%s")', (int)$currentuser->id, mysqli_real_escape_string($mtdb->link, $_REQUEST['message'])) );
             adminlog("User posted to scratchpad.", MTS_SCRATCH, MTA_INSERT);
             _redirect( ADMIN_PATH . '/index.php' );

post-twitter.php ¶ +5 -5

             if('post_twitter' == $_REQUEST['action'])
             {
             	check_nonce('new-twitter');
             	$postmessage = '';
             	if(!empty($_REQUEST['stdmessage']) ) $postmessage = trim($_REQUEST['stdmessage']);
             	if( strlen($_REQUEST['message']) ) $postmessage = trim($_REQUEST['message']);
             	if('' == $postmessage) _redirect( ADMIN_PATH . '/post-twitter.php?tweet=missing');
             	$username = sanitize_username($_REQUEST['twitter_user']);
-            	$postasuser = $mtdb->getOne( sprintf('SELECT username FROM twitter_user WHERE username="%s"', mysql_real_escape_string($username)));
+            	$postasuser = $mtdb->getOne( sprintf('SELECT username FROM twitter_user WHERE username="%s"', mysqli_real_escape_string($mtdb->link, $username)));
             	if( in_array('twitter', $_REQUEST['service']) )
             		$rc = twitterpost( numeric_entities(utfentities($postmessage)), $postasuser );
             	if( in_array('rss', $_REQUEST['service']) )
             		$rc = rsspost( numeric_entities(utfentities($postmessage)), SITE_HOST.SITE_PATH );
             	if($rc) _redirect( ADMIN_PATH . '/post-twitter.php?tweet=success');
             	_redirect( ADMIN_PATH . '/post-twitter.php?tweet=fail');
             if( isset($_REQUEST['tweet']) && 'missing' == $_REQUEST['tweet'] )
             	$error.='Oops~  Looks like you forgot to enter a message.';
             $statuses = $mtdb->getAll('SELECT id, position, message FROM twitter_status ORDER BY position, id');
             $twitter_users = $mtdb->getAll('SELECT id, username, oauth_token, oauth_token_secret, oauth_access_token FROM twitter_user ORDER BY username');
             		var charactersremaining = document.getElementById('charactersremaining');
             		charactersremaining.innerHTML = 140 - status.value.length
             	}
             -->
             </script>
             <?php /*?>

swap-comics.php ¶ +5 -5

             if($_POST)
             {
             	check_nonce('swap-strip');
             	if(!is_numeric($_POST['comic_a']) || !is_numeric($_POST['comic_b']))
             		mtdie('This tool only works on numeric strip numbers.');
             	$f = fopen(SITE_PATH_ABS.'/'.SITE_STRIP.'/'.SITE_STRIP_LOCK, 'w');
             	flock($f, LOCK_EX);
             	swap_strips( $a, $b );
             	close($f);
             	$info.='<p>Strips $a and $b swapped successfully.</p>';
             	adminlog("Strips $a and $b have been swapped.", MTS_STRIP, MTA_MODIFY);
             }
             	<td width="66%"><input name="comic_b" type="text" id="comic_b" value="" /></th>
             	</tr>
             	</table>
             	<p class="submit"><input type="submit" value="Swap &raquo;" name="submit" /></p>
             </div>

twitter-scheduled.php ¶ +4 -2

             		adminlog("Error $ret_code posting scheduled tweet ".$t->id . ' with return value ' . $ret, MTS_TWITTER, MTA_ADD);
             		$t->status = 'error';
             	}
             	//	Unlock tweet, update db.
-            	$mtdb->query("UPDATE twitter_post SET status = '".mysql_real_escape_string($t->status)."' WHERE status = 'locked' AND id = ".(int)$t->id, false);
+            	$mtdb->query("UPDATE twitter_post SET status = '".mysqli_real_escape_string($mtdb->link, $t->status)."' WHERE status = 'locked' AND id = ".(int)$t->id, false);
             }
+            ?>

user-edit.php ¶ +14 -14

             		$username = sanitize_username( $_POST['user_login'] );
             		if( $username != $_POST['user_login'] || strlen($_POST['user_login']) < 1 )
             			mtdie( 'The specified username is not valid. Must be composed of a-z _ - @ .', 'Invalid Username' );
             		copy(RANTIMG.'default', RANTIMG.$username.'.png');
-            		$mtdb->query( 'INSERT INTO contributor (name, default_image) VALUES ("' . mysql_real_escape_string($username) . '", "'.$username.'.png")' );
+            		$mtdb->query( 'INSERT INTO contributor (name, default_image) VALUES ("' . mysqli_real_escape_string($mtdb->link, $username) . '", "'.$username.'.png")' );
             		$user = get_userdatabylogin( $username );
             		$userid = $user->id;
             		$info.='<p>User Account Created</p>';
             		$userid = (int) $_POST['edit'];
             		$user_old = $user = get_userdatabyid( $userid );
             	}
             	$user->nameplate = $_POST['nickname'];
             	$user->default_image = $user_old->default_image;
             	$user->default_link = $_POST['rant-link'];
             	$user->email = $_POST['email'];
             	if( !empty($_POST['password_new1']) && !empty($_POST['password_new2']) ) {
             		if( $_POST['password_new1'] !== $_POST['password_new2'] ) {
             			$error.='<p>New passwords do not match.</p>';
             		} else {
             			/* password change */
-            			if( ! $mtdb->getOne( 'SELECT id FROM contributor WHERE id = "' . (int)$user->id . '" AND (password = SHA1("' . mysql_real_escape_string($_POST['password_old']) . '") OR password = "")' )) {
+            			if( ! $mtdb->getOne( 'SELECT id FROM contributor WHERE id = "' . (int)$user->id . '" AND (password = SHA1("' . mysqli_real_escape_string($mtdb->link, $_POST['password_old']) . '") OR password = "")' )) {
             				$error.='<p>Specified password is incorrect.</p>';
             			} else {
             				/* Password match */
             	function handle_upload( &$user ) {
             		global $info,$error;
             		if( !$_FILES['rant_image'] ) return;
             		if( '' == $_FILES['rant_image']['name'] ) return;
             		if( UPLOAD_ERR_NO_FILE == $_FILES['rant_image']['error'] ) return;
             		if( 0 == $_FILES['rant_image']['size'] ) return;
             		$info.='<p>Tried to upload an image.</p>';
             		// Uploading new rant image
             		$imagedata = getimagesize($_FILES['rant_image']['tmp_name']);
             			$error.='<p>Image wrong height: '.$imagedata[1].'</p>';
             			return;
             		}
             		switch( $_FILES['rant_image']['type'] ) {
             			case 'image/jpeg':
             			case 'image/jpg':	$ext = 'jpg'; break;
             				$error.='<p>Unknown image extension. Upload refused.</p>';
             				return;
             		}
             		$destination_path = $user->name.'.'.$ext;
             		if( !is_uploaded_file( $_FILES['rant_image']['tmp_name'] )) {
             			$error.='<p>Something went wrong while retrieving the uploaded image.</p>';
             } else {
             	$userid = (int) $_GET['edit'];
             	$user = get_userdatabyid( $userid );
+            }
             if( !$user ) $error.='<p>The specified user does not exist.</p>';
             adminhead('Edit User Profile');

users.php ¶ +2 -2

             <h2>Create New Contributor</h2>
             <div class="narrow">
-            	<table class="editform" width="100% cellspacing="2" cellpadding="5">
+            	<table class="editform" width="100%" cellspacing="2" cellpadding="5">
             	<tr>
             	<th scope="row" width="33%">Username</th>
             	<td width="66%"><input name="user_login" type="text" id="user_login" value="" /></th>
             	</tr>
             	</table>
             	<p class="submit"><input type="submit" value="Create &raquo;" name="submit" /></p>
             </div>
             </form>

Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings