mt-admin
RSS
Merge pull request #11 from mt-admin mysqli...
darkmorford -
dc6672c2e0e6 merge
Not Reviewed
Show More
Add another comment
TODOs: 0 unresolved 0 Resolved
COMMENTS: 0 General 0 Inline
Show file before | Show file after | Show commentsHide comments
@@ -11,7 +11,7
11 11 // use. That means, you can include it in your product, or your web
12 12 // site, or any other form where the code is actually being used. You
13 13 // may not put the plain javascript up on your site for download or
14 // include it in your javascript libraries for download.
14 // include it in your javascript libraries for download.
15 15 // If you wish to share this code with others, please just point them
16 16 // to the URL instead.
17 17 // Please DO NOT link directly to my .js files from your site. Copy
@@ -21,7 +21,7
21 21
22 22 /* SOURCE FILE: AnchorPosition.js */
23 23
24 /*
24 /*
25 25 AnchorPosition.js
26 26 Author: Matt Kruse
27 27 Last modified: 10/11/02
@@ -30,7 +30,7 DESCRIPTION: These functions find the position of an <A> tag in a document,
30 30 so other elements can be positioned relative to it.
31 31
32 32 COMPATABILITY: Netscape 4.x,6.x,Mozilla, IE 5.x,6.x on Windows. Some small
33 positioning errors - usually with Window positioning - occur on the
33 positioning errors - usually with Window positioning - occur on the
34 34 Macintosh platform.
35 35
36 36 FUNCTIONS:
@@ -44,16 +44,16 getAnchorWindowPosition(anchorname)
44 44
45 45 NOTES:
46 46
47 1) For popping up separate browser windows, use getAnchorWindowPosition.
47 1) For popping up separate browser windows, use getAnchorWindowPosition.
48 48 Otherwise, use getAnchorPosition
49 49
50 2) Your anchor tag MUST contain both NAME and ID attributes which are the
50 2) Your anchor tag MUST contain both NAME and ID attributes which are the
51 51 same. For example:
52 52 <A NAME="test" ID="test"> </A>
53 53
54 3) There must be at least a space between <A> </A> for IE5.5 to see the
54 3) There must be at least a space between <A> </A> for IE5.5 to see the
55 55 anchor tag correctly. Do not do <A></A> with no space.
56 */
56 */
57 57
58 58 // getAnchorPosition(anchorname)
59 59 // This function returns an object having .x and .y properties which are the coordinates
@@ -139,7 +139,7 function AnchorPosition_getPageOffsetLeft (el) {
139 139 }
140 140 function AnchorPosition_getWindowOffsetLeft (el) {
141 141 return AnchorPosition_getPageOffsetLeft(el)-document.body.scrollLeft;
142 }
142 }
143 143 function AnchorPosition_getPageOffsetTop (el) {
144 144 var ot=el.offsetTop;
145 145 while((el=el.offsetParent) != null) { ot += el.offsetTop; }
@@ -156,14 +156,14 function AnchorPosition_getWindowOffsetTop (el) {
156 156 // May 17, 2003: Fixed bug in parseDate() for dates <1970
157 157 // March 11, 2003: Added parseDate() function
158 158 // March 11, 2003: Added "NNN" formatting option. Doesn't match up
159 // perfectly with SimpleDateFormat formats, but
159 // perfectly with SimpleDateFormat formats, but
160 160 // backwards-compatability was required.
161 161
162 162 // ------------------------------------------------------------------
163 // These functions use the same 'format' strings as the
163 // These functions use the same 'format' strings as the
164 164 // java.text.SimpleDateFormat class, with minor exceptions.
165 165 // The format string consists of the following abbreviations:
166 //
166 //
167 167 // Field | Full Form | Short Form
168 168 // -------------+--------------------+-----------------------
169 169 // Year | yyyy (4 digits) | yy (2 digits), y (2 or 4 digits)
@@ -286,7 +286,7 function formatDate(date,format) {
286 286 }
287 287 return result;
288 288 }
289
289
290 290 // ------------------------------------------------------------------
291 291 // Utility functions for parsing in getDateFromFormat()
292 292 // ------------------------------------------------------------------
@@ -305,12 +305,12 function _getInt(str,i,minlength,maxlength) {
305 305 }
306 306 return null;
307 307 }
308
308
309 309 // ------------------------------------------------------------------
310 310 // getDateFromFormat( date_string , format_string )
311 311 //
312 312 // This function takes a date string and a format string. It matches
313 // If the date string matches the format string, it returns the
313 // If the date string matches the format string, it returns the
314 314 // getTime() of the date. If it does not match, it returns 0.
315 315 // ------------------------------------------------------------------
316 316 function getDateFromFormat(val,format) {
@@ -330,7 +330,7 function getDateFromFormat(val,format) {
330 330 var mm=now.getMinutes();
331 331 var ss=now.getSeconds();
332 332 var ampm="";
333
333
334 334 while (i_format < format.length) {
335 335 // Get next token from format string
336 336 c=format.charAt(i_format);
@@ -469,7 +469,7 function parseDate(val) {
469 469
470 470 /* SOURCE FILE: PopupWindow.js */
471 471
472 /*
472 /*
473 473 PopupWindow.js
474 474 Author: Matt Kruse
475 475 Last modified: 02/16/04
@@ -479,20 +479,20 in a certain place. The window can either be a DIV or a separate browser
479 479 window.
480 480
481 481 COMPATABILITY: Works with Netscape 4.x, 6.x, IE 5.x on Windows. Some small
482 positioning errors - usually with Window positioning - occur on the
483 Macintosh platform. Due to bugs in Netscape 4.x, populating the popup
482 positioning errors - usually with Window positioning - occur on the
483 Macintosh platform. Due to bugs in Netscape 4.x, populating the popup
484 484 window with <STYLE> tags may cause errors.
485 485
486 486 USAGE:
487 487 // Create an object for a WINDOW popup
488 var win = new PopupWindow();
488 var win = new PopupWindow();
489 489
490 490 // Create an object for a DIV window using the DIV named 'mydiv'
491 var win = new PopupWindow('mydiv');
491 var win = new PopupWindow('mydiv');
492 492
493 // Set the window to automatically hide itself when the user clicks
493 // Set the window to automatically hide itself when the user clicks
494 494 // anywhere else on the page except the popup
495 win.autoHide();
495 win.autoHide();
496 496
497 497 // Show the window relative to the anchor name passed in
498 498 win.showPopup(anchorname);
@@ -503,7 +503,7 win.hidePopup();
503 503 // Set the size of the popup window (only applies to WINDOW popups
504 504 win.setSize(width,height);
505 505
506 // Populate the contents of the popup window that will be shown. If you
506 // Populate the contents of the popup window that will be shown. If you
507 507 // change the contents while it is displayed, you will need to refresh()
508 508 win.populate(string);
509 509
@@ -523,18 +523,18 win.offsetY = 100;
523 523 NOTES:
524 524 1) Requires the functions in AnchorPosition.js
525 525
526 2) Your anchor tag MUST contain both NAME and ID attributes which are the
526 2) Your anchor tag MUST contain both NAME and ID attributes which are the
527 527 same. For example:
528 528 <A NAME="test" ID="test"> </A>
529 529
530 3) There must be at least a space between <A> </A> for IE5.5 to see the
530 3) There must be at least a space between <A> </A> for IE5.5 to see the
531 531 anchor tag correctly. Do not do <A></A> with no space.
532 532
533 533 4) When a PopupWindow object is created, a handler for 'onmouseup' is
534 534 attached to any event handler you may have already defined. Do NOT define
535 535 an event handler for 'onmouseup' after you define a PopupWindow object or
536 536 the autoHide() will not work correctly.
537 */
537 */
538 538
539 539 // Set the position of the popup window based on the anchor
540 540 function PopupWindow_getXYPosition(anchorname) {
@@ -573,11 +573,11 function PopupWindow_refresh() {
573 573 if (this.use_gebi) {
574 574 document.getElementById(this.divName).innerHTML = this.contents;
575 575 }
576 else if (this.use_css) {
576 else if (this.use_css) {
577 577 document.all[this.divName].innerHTML = this.contents;
578 578 }
579 else if (this.use_layers) {
580 var d = document.layers[this.divName];
579 else if (this.use_layers) {
580 var d = document.layers[this.divName];
581 581 d.document.open();
582 582 d.document.writeln(this.contents);
583 583 d.document.close();
@@ -752,7 +752,7 function PopupWindow() {
752 752 this.populated = false;
753 753 this.visible = false;
754 754 this.autoHideEnabled = false;
755
755
756 756 this.contents = "";
757 757 this.url="";
758 758 this.windowProperties="toolbar=no,location=no,status=no,menubar=no,scrollbars=auto,resizable,alwaysRaised,dependent,titlebar=no";
@@ -801,13 +801,13 function PopupWindow() {
801 801 // CSS prefix.
802 802 // August 19, 2003: Renamed the function to get styles, and made it
803 803 // work correctly without an object reference
804 // August 18, 2003: Changed showYearNavigation and
804 // August 18, 2003: Changed showYearNavigation and
805 805 // showYearNavigationInput to optionally take an argument of
806 806 // true or false
807 807 // July 31, 2003: Added text input option for year navigation.
808 // Added a per-calendar CSS prefix option to optionally use
808 // Added a per-calendar CSS prefix option to optionally use
809 809 // different styles for different calendars.
810 // July 29, 2003: Fixed bug causing the Today link to be clickable
810 // July 29, 2003: Fixed bug causing the Today link to be clickable
811 811 // even though today falls in a disabled date range.
812 812 // Changed formatting to use pure CSS, allowing greater control
813 813 // over look-and-feel options.
@@ -815,35 +815,35 function PopupWindow() {
815 815 // under certain cases when some days of week are disabled
816 816 // March 14, 2003: Added ability to disable individual dates or date
817 817 // ranges, display as light gray and strike-through
818 // March 14, 2003: Removed dependency on graypixel.gif and instead
818 // March 14, 2003: Removed dependency on graypixel.gif and instead
819 819 /// use table border coloring
820 820 // March 12, 2003: Modified showCalendar() function to allow optional
821 821 // start-date parameter
822 822 // March 11, 2003: Modified select() function to allow optional
823 823 // start-date parameter
824 /*
824 /*
825 825 DESCRIPTION: This object implements a popup calendar to allow the user to
826 826 select a date, month, quarter, or year.
827 827
828 828 COMPATABILITY: Works with Netscape 4.x, 6.x, IE 5.x on Windows. Some small
829 positioning errors - usually with Window positioning - occur on the
829 positioning errors - usually with Window positioning - occur on the
830 830 Macintosh platform.
831 The calendar can be modified to work for any location in the world by
831 The calendar can be modified to work for any location in the world by
832 832 changing which weekday is displayed as the first column, changing the month
833 833 names, and changing the column headers for each day.
834 834
835 835 USAGE:
836 836 // Create a new CalendarPopup object of type WINDOW
837 var cal = new CalendarPopup();
837 var cal = new CalendarPopup();
838 838
839 839 // Create a new CalendarPopup object of type DIV using the DIV named 'mydiv'
840 var cal = new CalendarPopup('mydiv');
840 var cal = new CalendarPopup('mydiv');
841 841
842 // Easy method to link the popup calendar with an input box.
842 // Easy method to link the popup calendar with an input box.
843 843 cal.select(inputObject, anchorname, dateFormat);
844 844 // Same method, but passing a default date other than the field's current value
845 845 cal.select(inputObject, anchorname, dateFormat, '01/02/2000');
846 // This is an example call to the popup calendar from a link to populate an
846 // This is an example call to the popup calendar from a link to populate an
847 847 // input box. Note that to use this, date.js must also be included!!
848 848 <A HREF="#" onClick="cal.select(document.forms[0].date,'anchorname','MM/dd/yyyy'); return false;">Select</A>
849 849
@@ -880,7 +880,7 cal.showYearNavigation();
880 880 // Show month and year dropdowns, for quicker selection of month of dates
881 881 cal.showNavigationDropdowns();
882 882
883 // Set the text to be used above each day column. The days start with
883 // Set the text to be used above each day column. The days start with
884 884 // sunday regardless of the value of WeekStartDay
885 885 cal.setDayHeaders("S","M","T",...);
886 886
@@ -907,7 +907,7 cal.addDisabledDates("Jan 01, 2003", null);
907 907 // Pass two dates to disable all dates inbetween and including the two
908 908 cal.addDisabledDates("January 01, 2003", "Dec 31, 2003");
909 909
910 // When the 'year' select is displayed, set the number of years back from the
910 // When the 'year' select is displayed, set the number of years back from the
911 911 // current year to start listing years. Default is 2.
912 912 // This is also used for year drop-down, to decide how many years +/- to display
913 913 cal.setYearSelectStartOffset(2);
@@ -940,21 +940,21 cal.offsetY = 20;
940 940 NOTES:
941 941 1) Requires the functions in AnchorPosition.js and PopupWindow.js
942 942
943 2) Your anchor tag MUST contain both NAME and ID attributes which are the
943 2) Your anchor tag MUST contain both NAME and ID attributes which are the
944 944 same. For example:
945 945 <A NAME="test" ID="test"> </A>
946 946
947 3) There must be at least a space between <A> </A> for IE5.5 to see the
947 3) There must be at least a space between <A> </A> for IE5.5 to see the
948 948 anchor tag correctly. Do not do <A></A> with no space.
949 949
950 950 4) When a CalendarPopup object is created, a handler for 'onmouseup' is
951 951 attached to any event handler you may have already defined. Do NOT define
952 an event handler for 'onmouseup' after you define a CalendarPopup object
952 an event handler for 'onmouseup' after you define a CalendarPopup object
953 953 or the autoHide() will not work correctly.
954
954
955 955 5) The calendar popup display uses style sheets to make it look nice.
956 956
957 */
957 */
958 958
959 959 // Quick fix for FF3
960 960 function CP_stop(e) { if (e && e.stopPropagation) { e.stopPropagation(); } }
@@ -1024,7 +1024,7 function CalendarPopup() {
1024 1024 return c;
1025 1025 }
1026 1026 function CP_copyMonthNamesToWindow() {
1027 // Copy these values over to the date.js
1027 // Copy these values over to the date.js
1028 1028 if (typeof(window.MONTH_NAMES)!="undefined" && window.MONTH_NAMES!=null) {
1029 1029 window.MONTH_NAMES = new Array();
1030 1030 for (var i=0; i<this.monthNames.length; i++) {
@@ -1036,24 +1036,24 function CP_copyMonthNamesToWindow() {
1036 1036 }
1037 1037 }
1038 1038 // Temporary default functions to be called when items clicked, so no error is thrown
1039 function CP_tmpReturnFunction(y,m,d) {
1039 function CP_tmpReturnFunction(y,m,d) {
1040 1040 if (window.CP_targetInput!=null) {
1041 1041 var dt = new Date(y,m-1,d,0,0,0);
1042 1042 if (window.CP_calendarObject!=null) { window.CP_calendarObject.copyMonthNamesToWindow(); }
1043 1043 window.CP_targetInput.value = formatDate(dt,window.CP_dateFormat);
1044 1044 }
1045 1045 else {
1046 alert('Use setReturnFunction() to define which function will get the clicked results!');
1046 alert('Use setReturnFunction() to define which function will get the clicked results!');
1047 1047 }
1048 1048 }
1049 function CP_tmpReturnMonthFunction(y,m) {
1050 alert('Use setReturnMonthFunction() to define which function will get the clicked results!\nYou clicked: year='+y+' , month='+m);
1049 function CP_tmpReturnMonthFunction(y,m) {
1050 alert('Use setReturnMonthFunction() to define which function will get the clicked results!\nYou clicked: year='+y+' , month='+m);
1051 1051 }
1052 function CP_tmpReturnQuarterFunction(y,q) {
1053 alert('Use setReturnQuarterFunction() to define which function will get the clicked results!\nYou clicked: year='+y+' , quarter='+q);
1052 function CP_tmpReturnQuarterFunction(y,q) {
1053 alert('Use setReturnQuarterFunction() to define which function will get the clicked results!\nYou clicked: year='+y+' , quarter='+q);
1054 1054 }
1055 function CP_tmpReturnYearFunction(y) {
1056 alert('Use setReturnYearFunction() to define which function will get the clicked results!\nYou clicked: year='+y);
1055 function CP_tmpReturnYearFunction(y) {
1056 alert('Use setReturnYearFunction() to define which function will get the clicked results!\nYou clicked: year='+y);
1057 1057 }
1058 1058
1059 1059 // Set the name of the functions to call to get the clicked item
@@ -1100,7 +1100,7 function CP_setDisabledWeekDays() {
1100 1100 this.disabledWeekDays = new Object();
1101 1101 for (var i=0; i<arguments.length; i++) { this.disabledWeekDays[arguments[i]] = true; }
1102 1102 }
1103
1103
1104 1104 // Disable individual dates or ranges
1105 1105 // Builds an internal logical test which is run via eval() for efficiency
1106 1106 function CP_addDisabledDates(start, end) {
@@ -1113,15 +1113,15 function CP_addDisabledDates(start, end) {
1113 1113 else if (end ==null) { this.disabledDatesExpression+="(ds>="+start+")"; }
1114 1114 else { this.disabledDatesExpression+="(ds>="+start+"&&ds<="+end+")"; }
1115 1115 }
1116
1116
1117 1117 // Set the text to use for the "Today" link
1118 1118 function CP_setTodayText(text) {
1119 1119 this.todayText = text;
1120 1120 }
1121 1121
1122 1122 // Set the prefix to be added to all CSS classes when writing output
1123 function CP_setCssPrefix(val) {
1124 this.cssPrefix = val;
1123 function CP_setCssPrefix(val) {
1124 this.cssPrefix = val;
1125 1125 }
1126 1126
1127 1127 // Show the navigation as an dropdowns that can be manually changed
@@ -1139,7 +1139,7 function CP_hideCalendar() {
1139 1139 // Refresh the contents of the calendar display
1140 1140 function CP_refreshCalendar(index) {
1141 1141 var calObject = window.popupWindowObjects[index];
1142 if (arguments.length>1) {
1142 if (arguments.length>1) {
1143 1143 calObject.populate(calObject.getCalendar(arguments[1],arguments[2],arguments[3],arguments[4],arguments[5]));
1144 1144 }
1145 1145 else {
@@ -1173,8 +1173,8 function CP_select(inputobj, linkname, format) {
1173 1173 alert("calendar.select: This function can only be used with displayType 'date' or 'week-end'");
1174 1174 return;
1175 1175 }
1176 if (inputobj.type!="text" && inputobj.type!="hidden" && inputobj.type!="textarea") {
1177 alert("calendar.select: Input object passed is not a valid form input object");
1176 if (inputobj.type!="text" && inputobj.type!="hidden" && inputobj.type!="textarea") {
1177 alert("calendar.select: Input object passed is not a valid form input object");
1178 1178 window.CP_targetInput=null;
1179 1179 return;
1180 1180 }
@@ -1196,7 +1196,7 function CP_select(inputobj, linkname, format) {
1196 1196 window.CP_dateFormat = format;
1197 1197 this.showCalendar(linkname);
1198 1198 }
1199
1199
1200 1200 // Get style block needed to display the calendar correctly
1201 1201 function getCalendarStyles() {
1202 1202 var result = "";
@@ -1256,7 +1256,7 function CP_getCalendar() {
1256 1256 var display_date = 1;
1257 1257 var weekday= current_month.getDay();
1258 1258 var offset = 0;
1259
1259
1260 1260 offset = (weekday >= this.weekStartDay) ? weekday-this.weekStartDay : 7-this.weekStartDay+weekday ;
1261 1261 if (offset > 0) {
1262 1262 display_month--;
@@ -1393,7 +1393,7 function CP_getCalendar() {
1393 1393 // ------------------------------------
1394 1394 if (this.displayType=="month" || this.displayType=="quarter" || this.displayType=="year") {
1395 1395 if (arguments.length > 0) { var year = arguments[0]; }
1396 else {
1396 else {
1397 1397 if (this.displayType=="year") { var year = now.getFullYear()-this.yearSelectStartOffset; }
1398 1398 else { var year = now.getFullYear(); }
1399 1399 }
@@ -1406,8 +1406,8 function CP_getCalendar() {
1406 1406 result += '</TR></TABLE>\n';
1407 1407 }
1408 1408 }
1409
1410 // Code for MONTH display
1409
1410 // Code for MONTH display
1411 1411 // ----------------------
1412 1412 if (this.displayType=="month") {
1413 1413 // If POPUP, write entire HTML document
@@ -1422,7 +1422,7 function CP_getCalendar() {
1422 1422 }
1423 1423 result += '</TABLE></CENTER></TD></TR></TABLE>\n';
1424 1424 }
1425
1425
1426 1426 // Code for QUARTER display
1427 1427 // ------------------------
1428 1428 if (this.displayType=="quarter") {
Show file before | Show file after | Show commentsHide comments
@@ -8,12 +8,12 auth_redirect(); // Require logged in user to access this page.
8 8 if('post_twitter' == $_REQUEST['action'])
9 9 {
10 10 check_nonce('new-character-twitter');
11
11
12 12 #Fetch the password from the DB.
13 13 $acct = $mtdb->getRow(sprintf("SELECT username, password FROM twitter_user WHERE id = '%d'", $_REQUEST['twitter-account']));
14
14
15 15 $post_at = strtotime($_REQUEST['date18']);
16
16
17 17 if($post_at)
18 18 {
19 19 if($post_at <= strtotime('now'))
@@ -21,7 +21,7 if('post_twitter' == $_REQUEST['action'])
21 21 #If we can post immediately, do so. Bypass the scheduler whenever possible.
22 22 #Treat a date/time in the past as immediate.
23 23 $ret = twitterpost($_REQUEST['message'], $acct->username, $acct->password);
24
24
25 25 if($ret)
26 26 {
27 27 $info.='Update posted to Twitter. <a href="http://www.twitter.com/'.$acct->username.'">View Twitter</a>.';
@@ -37,9 +37,9 if('post_twitter' == $_REQUEST['action'])
37 37 #No luck, gotta schedule.
38 38 $mtdb->query(
39 39 sprintf("INSERT INTO twitter_post (status, user, time, text)VALUES ('scheduled', '%d', FROM_UNIXTIME('%d'), '%s')",
40 mysql_real_escape_string($_REQUEST['twitter-account']),
40 mysqli_real_escape_string($mtdb->link, $_REQUEST['twitter-account']),
41 41 $post_at,
42 mysql_real_escape_string($_REQUEST['message'])
42 mysqli_real_escape_string($mtdb->link, $_REQUEST['message'])
43 43 )
44 44 );
45 45 $info .= "Your tweet for user " . htmlentities($acct->username) . " has been scheduled.";
@@ -119,4 +119,4 At: <script type="text/javascript" src="CalendarPopup.js" ></script>
119 119
120 120 <?php
121 121 adminfooter();
122 ?> No newline at end of file
122 ?>
Show file before | Show file after | Show commentsHide comments
@@ -9,11 +9,11 check_nonce('delete-strip-'.(int)$_REQUEST['strip_id']);
9 9
10 10 if(!deletestrip( $_REQUEST['strip_id'] ))
11 11 {
12 adminlog("Error deleting strip $_REQUEST[strip_id]:".mysql_error(), MTS_STRIP, MTA_DELETE, E_ERROR);
12 adminlog("Error deleting strip $_REQUEST[strip_id]:".mysqli_error(), MTS_STRIP, MTA_DELETE, E_ERROR);
13 13 mtdie('Error deleting the specified strip.','SQL Error');
14 14 }
15 15
16 16 adminlog("Strip $_REQUEST[strip_id] deleted.", MTS_STRIP, MTA_DELETE);
17 17 _redirect( ADMIN_PATH . '/manage-comics.php?deleted=success' );
18 18
19 ?> No newline at end of file
19 ?>
Show file before | Show file after | Show commentsHide comments
@@ -9,7 +9,7 check_nonce('delete-page-'.$_REQUEST['page_name']);
9 9
10 10 if(!deletepage( $_REQUEST['page_name'] ))
11 11 {
12 adminlog("Error deleting page $_REQUEST[page_name]: ".mysql_error(), MTS_PAGE, MTA_DELETE, E_ERROR);
12 adminlog("Error deleting page $_REQUEST[page_name]: ".mysqli_error(), MTS_PAGE, MTA_DELETE, E_ERROR);
13 13 mtdie('Error deleting the specified page.','SQL Error');
14 14 }
15 15
Show file before | Show file after | Show commentsHide comments
@@ -9,9 +9,9 check_nonce('delete-rant-'.(int)$_REQUEST['rant_id']);
9 9
10 10 if(!deleterant( $_REQUEST['rant_id'] ))
11 11 {
12 adminlog("Error deleting rant $_REQUEST[rant_id]: ".mysql_error(), MTS_RANT, MTA_DELETE, E_ERROR);
12 adminlog("Error deleting rant $_REQUEST[rant_id]: ".mysqli_error(), MTS_RANT, MTA_DELETE, E_ERROR);
13 13 mtdie('Error deleting the specified rant.','SQL Error');
14 14 }
15 15
16 16 _redirect( ADMIN_PATH . '/manage-rants.php?deleted=success' );
17 ?> No newline at end of file
17 ?>
Show file before | Show file after | Show commentsHide comments
@@ -23,4 +23,4 if($victim)
23 23 adminlog("Tweet $victim deleted.", MTS_TWITTER, MTA_DELETE);
24 24 _redirect( ADMIN_PATH . '/character-twitter.php?deleted=success' );
25 25
26 ?> No newline at end of file
26 ?>
Show file before | Show file after | Show commentsHide comments
@@ -23,4 +23,4 if($victim)
23 23 adminlog("Twitter $victim deleted.", MTS_TWITTER, MTA_DELETE);
24 24 _redirect( ADMIN_PATH . '/manage-twitter-users.php?deleted=success' );
25 25
26 ?> No newline at end of file
26 ?>
Show file before | Show file after | Show commentsHide comments
@@ -9,7 +9,7 $strip->id = (int)$_REQUEST['strip_id'];
9 9 $strip = getstrip($strip->id);
10 10
11 11 if( $_POST ) {
12
12
13 13 // Form Elements
14 14 $strip->new_id = (int)$_POST['strip_new_id'] ? (int)$_POST['strip_new_id'] : $strip->id;
15 15 $strip->published = empty($_POST['strip_date']) ? time() : strtotime( $_POST['strip_date'] );
@@ -18,7 +18,7 if( $_POST ) {
18 18 $strip->transcript_posted = $_POST['content'];
19 19 $strip->book = trim($_POST['book']);
20 20 $strip->page = trim($_POST['page']);
21
21
22 22 if( '' == $strip->title ) mtdie('Strips must be supplied with titles.');
23 23
24 24 $YESTERDAY = mktime(0,0,0, date('m'), date('d')-1, date('Y'));
@@ -37,26 +37,26 if( $_POST ) {
37 37 adminlog("Image upload failed.", MTS_STRIP, MTA_ADD, E_WARNING);
38 38 mtdie('If you want to upload a new comic, you must provide said comic.','Strip upload failed.');
39 39 }
40
40
41 41 // get image type and target extension
42 42 $imagedata = getimagesize($_FILES['comicFile']['tmp_name']);
43 43 $strip->media = $imagedata[2];
44 44 $fileext = $mtdb->getOne( 'SELECT extension FROM media_t WHERE id = ' . (int)$strip->media );
45
45
46 46 if(strlen($fileext) < 3)
47 47 {
48 48 //bad image upload type
49 49 adminlog("Bad image type upload on new strip. Invalid media type.", MTS_STRIP, MTA_ADD, E_ERROR);
50 50 mtdie('Bad image type upload on new strip. Invalid media type.');
51 51 }
52
52
53 53 // Insert new strip into the database, get a real $strip->id
54 54 if(!insertstrip( $strip ))
55 55 {
56 adminlog("Error on insertion of new strip: ".mysql_error(), MTS_STRIP, MTA_ADD, E_ERROR);
57 mtdie('Error on insertion of new strip: '.mysql_error(), 'SQL Error');
56 adminlog("Error on insertion of new strip: ".mysqli_error(), MTS_STRIP, MTA_ADD, E_ERROR);
57 mtdie('Error on insertion of new strip: '.mysqli_error(), 'SQL Error');
58 58 }
59
59
60 60 // Store the uploaded file to xxxx-0.ext
61 61 $basefile = $strip->published <= time() ?
62 62 sprintf(SITE_PATH_ABS.'/'.SITE_STRIP.'/'.'%04d.%s', $strip->id, $fileext) :
@@ -73,11 +73,11 if( $_POST ) {
73 73
74 74 $info.="<p>Comic posted!</p>";
75 75 break;
76
76
77 77 case 'edit_comic':
78 78 if( 0 >= $strip->new_id ) mtdie('Strip numbers must be numeric, greater than 0.');
79 79 if( 0 >= $strip->id ) mtdie('Existing strip number, in the form, was zero. This should never happen.');
80
80
81 81 // When updating, $strip->id is the old strip number. Update in place first. Possibly adjust strip number later.
82 82 check_nonce('save-strip-'.$strip->id);
83 83
@@ -87,26 +87,26 if( $_POST ) {
87 87 $strip->media = $imagedata[2];
88 88 }
89 89 $fileext = $mtdb->getOne( 'SELECT extension FROM media_t WHERE id=' . (int)$strip->media );
90
90
91 91 if(strlen($fileext) < 3)
92 92 {
93 93 //bad image upload type
94 94 adminlog("Bad image type upload on strip ".$strip->id.". Invalid media type.", MTS_STRIP, MTA_UPDATE, E_ERROR);
95 95 mtdie('Bad image type upload on strip '.$strip->id.'. Invalid media type.');
96 96 }
97
97
98 98 // Update existing strip
99 99 if(!updatestrip( $strip ) )
100 100 {
101 101 adminlog("Failed to update strip ".$strip->id.".", MTS_STRIP, MTA_UPDATE);
102 mtdie('Error updating strip: ' . mysql_error(), 'SQL Error');
102 mtdie('Error updating strip: ' . mysqli_error(), 'SQL Error');
103 103 }
104
104
105 105 if( is_valid_upload('comicFile') ) { // If uploading, store the uploaded file to xxxx-n.ext
106 106 $basefile = $strip->published <= time() ?
107 107 sprintf(SITE_PATH_ABS.'/'.SITE_STRIP.'/'.'%04d.%s', $strip->id, $fileext) :
108 108 sprintf(SITE_PATH_ABS.'/'.SITE_STRIP.'/restricted/'.'%04d.%s', $strip->id, $fileext);
109
109
110 110 if(!move_uploaded_file($_FILES['comicFile']['tmp_name'], $basefile))
111 111 {
112 112 adminlog("Filesystem error in saving image.", MTS_STRIP, MTA_UPDATE, E_ERROR);
@@ -120,7 +120,7 if( $_POST ) {
120 120 if( $_POST['broadcast'] ) {
121 121 #Limit broadcast message to 60 characters. Compose it now.
122 122 $b_msg = 'Comic ' . $strip->id . ' updated: ' . substr(trim($_REQUEST['broadcast_message']), 0, 60) . ', ' . SITE_HOST . SITE_PATH . "/strip/" . $strip->id;
123
123
124 124 rsspost($b_msg, SITE_HOST.SITE_PATH.'/strip/'.$strip->id);
125 125 twitterpost($b_msg);
126 126 $info.="<p>Update broadcasted with message '$b_msg'.</p>";
@@ -128,19 +128,19 if( $_POST ) {
128 128
129 129 $info.="<p>Changes saved. <a href=\"".SITE_HOST.SITE_PATH."/index.php?strip_id=".$strip->id."\">View on site</a>.";
130 130 break;
131
131
132 132 default:
133 133 adminlog("User did something strange.", MTS_STRIP, MTA_MODIFY);
134 134 mtdie('You know, it would be <em>really</em> nice if you avoided nonsensical actions.');
135 135 }
136
136
137 137 $info = savetranscript($strip) . $info;
138 138
139 139 # If the strip number changed, swap strips sequentially to shuffle it into place
140 140 if( $strip->id != $strip->new_id ) {
141 141 $f = fopen(SITE_PATH_ABS.'/'.SITE_STRIP.'/'.SITE_STRIP_LOCK, 'w');
142 142 flock($f, LOCK_EX);
143
143
144 144 while( $strip->new_id < $strip->id ) { // Move this strip backward
145 145 swap_strips( $strip->id - 1, $strip->id );
146 146 $strip->id--;
@@ -255,4 +255,3 if( file_exists( SITE_PATH_ABS.'/'.$file ) ){
255 255 <?php
256 256 adminfooter();
257 257 ?>
258
Show file before | Show file after | Show commentsHide comments
@@ -27,7 +27,7 adminmenu('manage-metatypes.php');
27 27 <td width="66%"><input name="name" type="text" id="name" value="<?php echo htmlentities($type->name); ?>" /></td>
28 28 </tr>
29 29 </table>
30
30
31 31 <p class="submit"><input type="submit" value="Save &raquo;" name="submit" /></p>
32 32
33 33 </div>
Show file before | Show file after | Show commentsHide comments
@@ -23,10 +23,10 if( $_POST ) {
23 23 }
24 24
25 25 $action = isset($_POST['publish']) ? 'post' : 'edit';
26
26
27 27 if( isset( $_POST['publish'] ) ) $page->status = 'published'; // If [publish] button is used, ignore radio button
28 28
29
29
30 30 switch( $_POST['action'] ) {
31 31 case 'new_page':
32 32 check_nonce('new-page');
@@ -36,14 +36,14 if( $_POST ) {
36 36 mtdie('There was an error inserting the page into the database.', 'SQL Error');
37 37 }
38 38 break;
39
39
40 40 case 'savepage':
41 41 check_nonce('save-page-' . $page->url_name);
42 42 updatepage($page);
43 43 break;
44 44 }
45 45 if( $upload_info ) $info.=$upload_info;
46 if( $upload_error ) $error.=$upload_error;
46 if( $upload_error ) $error.=$upload_error;
47 47 if( $error ) $action='edit';
48 48
49 49 if( 'post' == $action ) _redirect( ADMIN_PATH . '/manage-pages.php?saved=success' );
Show file before | Show file after | Show commentsHide comments
@@ -26,10 +26,10 if( $_POST ) {
26 26 }
27 27
28 28 $action = isset($_POST['publish']) ? 'post' : 'edit';
29
29
30 30 if( isset( $_POST['publish'] ) ) $rant->status = 'published'; // If [publish] button is used, ignore radio button
31 31
32
32
33 33 $source_rantimage_filename = $_FILES['ranterImage']['tmp_name'];
34 34 extract( pre_upload_rant_image( $source_rantimage_filename ) );
35 35 if( $upload_error ) $error.=$upload_error;
@@ -43,12 +43,12 if( $_POST ) {
43 43 $source_rantattachment_filename[] = $_FILES['rant_attachment']['tmp_name'][$i];
44 44 }
45 45 }
46
46
47 47 switch( $_POST['action'] ) {
48 48 case 'new_rant':
49
49
50 50 check_nonce('new-rant');
51
51
52 52 if( ! $doing_upload ) {
53 53 // Use default rant image for this contributor.
54 54 $contributor = get_userdatabyid( $rant->author );
@@ -58,11 +58,11 if( $_POST ) {
58 58 } else {
59 59 $rant->imagetype = $upload_imagetype;
60 60 }
61
61
62 62 $rant->id = insertrant($rant);
63 63 if( $rant->id === false )
64 64 {
65 adminlog("Error on rant insertion: ".mysql_error(), MTS_RANT, MTA_INSERT, E_ERROR);
65 adminlog("Error on rant insertion: ".mysqli_error(), MTS_RANT, MTA_INSERT, E_ERROR);
66 66 mtdie('There was an error inserting the rant into the database.', 'SQL Error');
67 67 }
68 68
@@ -72,7 +72,7 if( $_POST ) {
72 72 $upload_error = $upload_info = '';
73 73 extract( save_upload_rant_attachment($_FILES['rant_attachment']['tmp_name'][$i], $rant->id) );
74 74
75 if( $upload_error ) $error.=$upload_error;
75 if( $upload_error ) $error.=$upload_error;
76 76 if( $upload_info ) {
77 77 $info .= $upload_info;
78 78 $rant->body = preg_replace('/(href|src)=\"([^\"]*?)\\{'.($i+1).'\\}(.*?)\"/', '\1="'.get_rantattachment_filename($rant_attachment_id).'"', $rant->body);
@@ -85,19 +85,19 if( $_POST ) {
85 85 if( $doing_upload ) {
86 86 extract( save_upload_rant_image( $source_rantimage_filename, $rant ) );
87 87 if( $upload_info ) $info.=$upload_info;
88 if( $upload_error ) $error.=$upload_error;
88 if( $upload_error ) $error.=$upload_error;
89 89 } elseif($rant->imagetype != 'NULL') {
90 90 extract( save_stock_rant_image( $source_rantimage_filename, $rant ) );
91 91 if( $upload_info ) $info.=$upload_info;
92 if( $upload_error ) $error.=$upload_error;
92 if( $upload_error ) $error.=$upload_error;
93 93 }
94
94
95 95 break;
96
96
97 97 case 'saverant':
98 98
99 99 check_nonce('save-rant-' . $rant->id);
100
100
101 101 if( isset( $_POST['rant_reverttodefaultimage'] ) ) {
102 102 // Use default rant image for this contributor, copy it into place
103 103 $contributor = get_userdatabyid( $rant->author );
@@ -106,13 +106,13 if( $_POST ) {
106 106 if($rant->imagetype != 'NULL')
107 107 extract( save_stock_rant_image( $contributor->default_image, $rant ) );
108 108 adminlog("Reverting to user's default rant image for rant ".$rant->id.".", MTS_RANT, MTA_UPDATE);
109
109
110 110 } elseif( $doing_upload ) {
111 111 $rant->imagetype = $upload_imagetype;
112 112 extract( save_upload_rant_image( $source_rantimage_filename, $rant ) );
113 113 adminlog("Uploading new rant image for rant ".$rant->id.".", MTS_RANT, MTA_UPDATE);
114 114 if( $upload_info ) $info.=$upload_info;
115 if( $upload_error ) $error.=$upload_error;
115 if( $upload_error ) $error.=$upload_error;
116 116 }
117 117
118 118 foreach($_POST['delete_attachment'] as $attachment)
@@ -122,14 +122,14 if( $_POST ) {
122 122 for($i = 0; $i < count($existing_attachments); $i++) {
123 123 $rant->body = preg_replace('/(href|src)=\"([^\"]*?)\\{'.($i+1).'\\}(.*?)\"/', '\1="'.get_rantattachment_filename($existing_attachments[$i]->id).'"', $rant->body);
124 124 }
125
125
126 126 for($j = $i; $j < count($source_rantattachment_filename) + $i; $j++) {
127 127 if('' == $source_rantattachment_filename[$j - $i]) continue;
128
128
129 129 $upload_error = $upload_info = '';
130 130 extract( save_upload_rant_attachment($_FILES['rant_attachment']['tmp_name'][$j - $i], $rant->id) );
131 131
132 if( $upload_error ) $error.=$upload_error;
132 if( $upload_error ) $error.=$upload_error;
133 133 if( $upload_info ) {
134 134 $info .= $upload_info;
135 135 $rant->body = preg_replace('/(href|src)=\"([^\"]*?)\\{'.($i+1).'\\}(.*?)\"/', '\1="'.get_rantattachment_filename($rant_attachment_id).'"', $rant->body);
@@ -137,7 +137,7 if( $_POST ) {
137 137 }
138 138
139 139 updaterant($rant);
140
140
141 141 if($rant->status != 'draft' && $_POST['broadcast'] &&
142 142 ($rant->published <= mktime(0,0,0, date('m'), date('d')-1, date('Y'))))
143 143 {
@@ -216,7 +216,7 tinyMCE.init({
216 216 </fieldset>
217 217
218 218 <fieldset id="authordiv" class="dbx-box">
219 <h3 class="dbx-handle">Author</h3>
219 <h3 class="dbx-handle">Author</h3>
220 220 <div class="dbx-content"><select name="rant_author"><?php
221 221 $contrib = $mtdb->getAll('select id,name from contributor');
222 222 foreach( $contrib as $k=>$v ) {
@@ -305,12 +305,12 tinyMCE.init({
305 305 echo 'Custom rant image is specified.';
306 306 }
307 307 ?>
308
308
309 309 <p>Upload new rant image:<br/>
310 310 <input type="hidden" name="MAX_FILE_SIZE" value="10000000" />
311 311 <input name="ranterImage" type="file"/>
312 312 </p>
313 <p><input type="checkbox" name="rant_reverttodefaultimage" /> Revert to default rant image.</p>
313 <p><input type="checkbox" name="rant_reverttodefaultimage" /> Revert to default rant image.</p>
314 314 </td><td>
315 315 <?php if ( false !== $rantimage_filename ): ?>
316 316 <p><img src="<?php echo SITE_HOST . '/' . SITE_PATH . '/' . $rantimage_filename; ?>" width="150" /></p>
Show file before | Show file after | Show commentsHide comments
@@ -41,7 +41,7 adminmenu('manage-types.php');
41 41 ?></td>
42 42 </tr>
43 43 </table>
44
44
45 45 <p class="submit"><input type="submit" value="Save &raquo;" name="submit" /></p>
46 46
47 47 </div>
Show file before | Show file after | Show commentsHide comments
@@ -24,14 +24,14
24 24
25 25 for ($count = 0; $count < 5; $count++) {
26 26 $entry = $feed->getEntryByOffset($count);
27 $link = mysql_real_escape_string($entry->link);
28 $title = mysql_real_escape_string($entry->title);
27 $link = mysqli_real_escape_string($mtdb->link, $entry->link);
28 $title = mysqli_real_escape_string($mtdb->link, $entry->title);
29 29 $date = $entry->pubdate;
30 30
31 31 $mtdb->query("INSERT INTO fredart (pubdate, title, link)
32 32 VALUES (FROM_UNIXTIME($date), '$title', '$link')", false);
33 33 }
34
34
35 35 header('Content-Type: text/xml');
36 36 header('Content-Length: 440');
37 37 ?>
Show file before | Show file after | Show commentsHide comments
@@ -45,7 +45,7 define('USING_TIDY', false);
45 45 // Call mysql to hash a password
46 46 function mt_hash_password($password) {
47 47 global $mtdb;
48 return $mtdb->getOne('SELECT SHA1("' . mysql_real_escape_string($password) . '")') ;
48 return $mtdb->getOne('SELECT SHA1("' . mysqli_real_escape_string($mtdb->link, $password) . '")') ;
49 49 }
50 50
51 51 // Remove invalid characters from username. Permit only alpha, underscore, period, at, hypen
@@ -67,7 +67,7 function mt_login($username, $password, $already_hashed = false) {
67 67
68 68 $username = sanitize_username( $username );
69 69
70 $login = $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link,password FROM contributor WHERE name = "' . mysql_real_escape_string($username) . '"');
70 $login = $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link,password FROM contributor WHERE name = "' . mysqli_real_escape_string($mtdb->link, $username) . '"');
71 71 if (!$login) {
72 72 $error = ('<strong>ERROR</strong>: Invalid username or password.');
73 73 adminlog("Failed login attempt from ".$_SERVER['REMOTE_ADDR']." for $username.", MTS_LOGIN, MTA_CHANGE);
@@ -131,7 +131,7 function _redirect($location, $status = 302) {
131 131
132 132 if ( substr(php_sapi_name(), 0, 3) != 'cgi' )
133 133 header('Status: '.$status); // This causes problems on IIS and some FastCGI setups
134
134
135 135 header("Location: $location");
136 136 die();
137 137 }
Show file before | Show file after | Show commentsHide comments
@@ -9,7 +9,7 if ( !defined('USER_COOKIE') )
9 9 define('USER_COOKIE', 'megatokyoadmin_user_'. COOKIEHASH);
10 10 if ( !defined('PASS_COOKIE') )
11 11 define('PASS_COOKIE', 'megatokyoadmin_pass_'. COOKIEHASH);
12
12
13 13 if ( !defined('COOKIEPATH') )
14 14 define('COOKIEPATH', ADMIN_PATH . '/' );
15 15 if ( !defined('COOKIE_DOMAIN') )
@@ -49,4 +49,4 function mt_clearcookie() {
49 49 setcookie(PASS_COOKIE, ' ', time() - 36000, COOKIEPATH );
50 50 }
51 51
52 ?> No newline at end of file
52 ?>
Show file before | Show file after | Show commentsHide comments
@@ -25,10 +25,10 define('MTA_CHANGE', 'update'); // Modification action
25 25 function adminlog($msg, $section, $action, $level=E_USER_NOTICE, $email=false)
26 26 {
27 27 global $mtdb, $currentuser;
28
28
29 29 $sql = sprintf('INSERT INTO admin_log (contributor, section, action, level, message) VALUES (%s, %d, "%s", %d, "%s")',
30 (is_numeric($currentuser->id) ? $currentuser->id : "NULL"), $section, mysql_real_escape_string($action), $level, mysql_real_escape_string($msg));
31 $mtdb->query( $sql ) or die($sql."<br>".mysql_error()."<br>\n".var_export(debug_backtrace()));
30 (is_numeric($currentuser->id) ? $currentuser->id : "NULL"), $section, mysqli_real_escape_string($mtdb->link, $action), $level, mysqli_real_escape_string($mtdb->link, $msg));
31 $mtdb->query( $sql ) or die($sql."<br>".mysqli_error($mtdb->link)."<br>\n".var_export(debug_backtrace()));
32 32
33 33 // Log all important sorts of messages in the Apache log
34 34 if( $level & (E_USER_WARNING | E_USER_ERROR) ) {
Show file before | Show file after | Show commentsHide comments
@@ -16,9 +16,9 function extra_sort_file_objects($a, $b) {
16 16
17 17 function extra_handle_upload() {
18 18 global $info,$error,$dir;
19
19
20 20 if( !$_FILES['extra_file'] ) return false;
21
21
22 22 if( '' == $_FILES['extra_file']['name'] ) return false;
23 23 if( UPLOAD_ERR_NO_FILE == $_FILES['extra_file']['error'] ) return false;
24 24 if( 0 == $_FILES['extra_file']['size'] ) return false;
@@ -27,10 +27,10 function extra_handle_upload() {
27 27
28 28 if(isset( $_POST['name'] )) $dest = $_POST['name'];
29 29 $dest = extra_sanitize_filename($dest);
30
30
31 31 if( !is_uploaded_file( $_FILES['extra_file']['tmp_name'] )) return false;
32 32 if( move_uploaded_file($_FILES['extra_file']['tmp_name'], $dir.'/'.$dest) ) return $true;
33
33
34 34 return false;
35 35 }
36 36
@@ -51,16 +51,16 function extra_sanitize_filename( $raw_filename ) {
51 51 function extra_get_directory_list($dir) {
52 52 if( !is_dir( $dir ) ) return false;
53 53 if( ! $handle = opendir( $dir ) ) return false;
54
54
55 55 $files = array();
56
56
57 57 class ExtraFile {
58 58 var $name;
59 59 var $rwx;
60 60 var $mtime;
61 61 var $inode;
62
63 function ExtraFile($path, $file) {
62
63 function __construct($path, $file) {
64 64 $this->name = $file;
65 65 $this->fullpath = $path . $file;
66 66 $this->rwx = is_readable($this->fullpath) ? 'r' : '-';
@@ -69,14 +69,14 function extra_get_directory_list($dir) {
69 69 $this->mtime = filemtime($this->fullpath);
70 70 $this->inode = fileinode($this->fullpath);
71 71 }
72
72
73 73 }
74
74
75 75 while (false !== ($file = readdir($handle))) {
76 76 if( is_file( $dir.'/'.$file )) $files[] = new ExtraFile($dir.'/', $file);
77 77 }
78 78
79 return $files;
79 return $files;
80 80 }
81 81
82 ?> No newline at end of file
82 ?>
Show file before | Show file after | Show commentsHide comments
@@ -27,14 +27,14 function clean_url( $url, $protocols = null ) {
27 27 $url = str_replace($strip, '', $url);
28 28 if ( strpos($url, '://') === false && substr( $url, 0, 1 ) != '/' && !preg_match('/^[a-z0-9-]+?\.php/i', $url) )
29 29 $url = 'http://' . $url;
30
30
31 31 $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&#038;$1', $url);
32 32 return $url;
33 33 }
34 34
35 35 // Like htmlspecialchars except don't double-encode HTML entities
36 36 function mt_specialchars( $text, $quotes = false ) {
37
37
38 38 $text = str_replace('&&', '&#038;&', $text);
39 39 $text = str_replace('&&', '&#038;&', $text);
40 40 $text = preg_replace('/&(?:$|([^#])(?![a-z1-4]{1,8};))/', '&#038;$1', $text);
@@ -72,7 +72,7 function sanitize_type_name( $name ) {
72 72
73 73 function check_type_name( $name ) {
74 74 global $error;
75
75
76 76 if( $name == '' )
77 77 $error.='A type must be supplied with a name, but none was given. Valid characters include letters, numbers, apostrophes, colons, and whitespace.';
78 78 elseif ( $name !== sanitize_type_name($name) )
@@ -88,4 +88,4 function _objectInArrayWithIdExists( $id, $arrobj ) {
88 88 return false;
89 89 }
90 90
91 ?> No newline at end of file
91 ?>
Show file before | Show file after | Show commentsHide comments
@@ -39,7 +39,7 $submenu['manage-comics.php'] = array(
39 39 'manage-rants.php' => 'Rants' ,
40 40 'manage-pages.php' => 'Pages',
41 41 'manage-types.php' => 'Types',
42 'manage-twitter-users.php' => 'Manage Twitter Users',
42 'manage-twitter-users.php' => 'Twitter Users',
43 43 'manage-metatypes.php' => 'Metatypes',
44 44 'swap-comics.php' => 'Swap Comics',
45 45 'character-twitter.php' => 'Character Twitters',
@@ -54,8 +54,8 function adminmenu($current='') {
54 54 } else {
55 55 $curS = $curT = basename( $_SERVER["PHP_SELF"] );
56 56 }
57
58
57
58
59 59 foreach( $submenu as $l=>$L ) {
60 60 foreach( $L as $k=>$v ) {
61 61 if( $k == $curS ) {
@@ -65,11 +65,11 function adminmenu($current='') {
65 65 }
66 66 $current_sub_menu = false;
67 67
68 ?>
68 ?>
69 69 <div id="wphead">
70 70 <h1>Megatokyo Site Administration <span>(<a href="<?php echo SITE_HOST . SITE_PATH; ?>">View site &raquo;</a>)</span></h1>
71 71 </div>
72 <div id="user_info"><p>Howdy, <strong><?php getCurrentUser(); ?></strong>. [<a href="<?php echo ADMIN_PATH;
72 <div id="user_info"><p>Howdy, <strong><?php getCurrentUser(); ?></strong>. [<a href="<?php echo ADMIN_PATH;
73 73 ?>/login.php?action=logout" title="Log out of this account">Sign Out</a>] </p></div>
74 74
75 75
@@ -94,7 +94,7 function adminmenu($current='') {
94 94 }
95 95 ?>
96 96
97 <div class="clear"></div>
97 <div class="clear"></div>
98 98
99 99 <?php
100 100 if( $_GET['deleted'] && $_GET['deleted'] == 'success' ) $info.='<p>Deleted successfully.</p>';
@@ -104,7 +104,7 function adminmenu($current='') {
104 104 if( $info ) echo "<div class=\"updated fade\">$info</div>";
105 105 ?>
106 106 <div class="wrap">
107 <?php
107 <?php
108 108 }
109 109
110 110 function adminfooter($copy = true) {
@@ -164,7 +164,7 function handle_error($errno, $errstr, $errfile, $errline, $errcontext) {
164 164 header('Content-Type: text/html; charset=utf-8');
165 165
166 166 if (eregi('^(sql)$', $errstr)) {
167 $errstr = "SQL Error " . mysql_errno() . ': ' . mysql_error();
167 $errstr = "SQL Error " . mysqli_errno() . ': ' . mysqli_error();
168 168 }
169 169
170 170 $message = "Error#$errno: $errstr";
Show file before | Show file after | Show commentsHide comments
@@ -4,7 +4,7 function getimagefromfile($filename)
4 4 {
5 5 $img_data = getimagesize($filename);
6 6 $ext = image_type_to_extension($img_data[2]);
7
7
8 8 switch($ext)
9 9 {
10 10 case '.gif':
@@ -31,21 +31,21 function crop_resize($filename, $dest_file)
31 31 return false;
32 32 }
33 33 $dest = imagecreatetruecolor(300, 245);
34
34
35 35 #attempt to determine scaling factor
36 36 $data = getimagesize($filename);
37 37 #300x245 reduces to 60x49
38 38 $factor = min(floor($data[0]/60), floor($data[1]/49));
39 39 #well, that should give us a good scaling factor
40
40
41 41 #now we have to determine what point to start from
42 42 $src_x = floor(($data[0]/2) - ($factor*30));
43 43 $src_y = floor(($data[1]/2) - ($factor*24.5));
44
44
45 45 #make sure we don't fuck things up
46 46 if($src_x < 0) $src_x=0;
47 47 if($src_y < 0) $src_y=0;
48
48
49 49 #now resample
50 50 imagecopyresampled($dest, $source, 0, 0, $src_x, $src_y, 300, 245, $factor*60, $factor*49);
51 51 #and output
Show file before | Show file after | Show commentsHide comments
@@ -1,51 +1,48
1 1 <?php
2 2
3
4 3 class MysqlStore {
5 4 var $link;
6 function connect($server,$user,$pass,$dbname) {
7 $this->link = @mysql_connect($server, $user, $pass)
5
6 function connect($server, $user, $pass, $dbname) {
7 $this->link = @mysqli_connect($server, $user, $pass, $dbname)
8 8 or mtdie('Could not connect to the database server.');
9 @mysql_select_db($dbname, $this->link)
10 or mtdie('Could not open the megatokyo database.');
11 if( !$this->link ) mtdie('Could not connect to the database server.');
9 if( !$this->link ) mtdie('Could not connect to the database server.');
12 10 }
13 11
14
15 12 function query($sql, $showerror = true ) {
16 $r = mysql_query( $sql, $this->link );
17 if( false === $r && $showerror ) echo mysql_error();
13 $r = mysqli_query( $this->link, $sql );
14 if( false === $r && $showerror ) echo mysqli_error($this->link);
18 15 return $r;
19 16 }
20
17
21 18 function getAll($sql) {
22 19 if( $r = $this->query( $sql ) ) {
23 20 $ret = array();
24 while( $row = mysql_fetch_object( $r ) ) {
21 while( $row = mysqli_fetch_object( $r ) ) {
25 22 $ret[] = $row;
26 23 }
27 24 return $ret;
28 25 }
29 26 }
30
27
31 28 function getRow($sql) {
32 29 if( $r = $this->query( $sql ) ) {
33 30 if( false === $r ) {
34 echo mysql_error();
31 echo mysqli_error($this->link);
35 32 return false;
36 33 }
37 if( mysql_num_rows( $r ) == 0 ) return false;
38 return mysql_fetch_object( $r );
34 if( mysqli_num_rows( $r ) == 0 ) return false;
35 return mysqli_fetch_object( $r );
39 36 }
40 37 }
41
38
42 39 function getOne($sql) {
43 40 if( $r = $this->query( $sql ) ) {
44 if( mysql_num_rows( $r ) == 0 ) return false;
45 $ret = mysql_fetch_row( $r );
41 if( mysqli_num_rows( $r ) == 0 ) return false;
42 $ret = mysqli_fetch_row( $r );
46 43 return $ret[0];
47 44 }
48 45 }
49 46 }
50 47
51 ?> No newline at end of file
48 ?>
Show file before | Show file after | Show commentsHide comments
@@ -76,16 +76,16 function mt_explain_nonce($action) {
76 76 global $mtdb;
77 77 $c = explode('-',$action);
78 78 $i = (int)$c[2];
79
79
80 80 $message = array();
81 81 $message['rant']['new'] = 'Are you sure you want to create a new rant?';
82 82 $message['rant']['save'] = 'Are you sure you want to save changes to the rant "%s"?';
83 83 $message['rant']['delete'] = 'Are you sure you want to delete the rant "%s"? This is a destructive action, and cannot be undone!';
84
84
85 85 $message['type']['new'] = 'Are you sure you want to create a new type?';
86 86 $message['type']['save'] = 'Are you sure you want to save changes to the type "%s"?';
87 87 $message['type']['delete'] = 'Are you sure you want to delete the type "%s"? This is a destructive action, and cannot be undone!';
88
88
89 89 $message['metatype']['new'] = 'Are you sure you want to create a new metatype?';
90 90 $message['metatype']['save'] = 'Are you sure you want to save changes to the metatype "%s"?';
91 91 $message['metatype']['delete'] = 'Are you sure you want to delete the metatype "%s"? This is a destructive action, and cannot be undone!';
@@ -94,21 +94,21 function mt_explain_nonce($action) {
94 94 $message['strip']['save'] = 'Are you sure you want to save changes to the strip "%s"?';
95 95 $message['strip']['delete'] = 'Are you sure you want to delete the comic strip "%1$s"? This will break site navigation, which can be fixed by changing other strip numbers. This is a destructive action, and cannot be undone! It is far better to <a href="edit-comic.php?strip_id=%1$s">edit the existing strip</a>.';
96 96 $message['strip']['swap'] = 'Are you sure you want to swap these two strips? This is a destructive action, and cannot be undone!';
97
97
98 98 $message['statusbox']['update'] = 'Are you sure you want to update the statusbox information?';
99 99 $message['scratchpad']['new'] = 'Are you sure you want to update the scratchpad information?';
100 100 $message['twitter']['new'] = 'Are you sure you want to update the Twitter feed?';
101
101
102 102 $message['extra']['new'] = 'Are you sure you want to upload a new file to /extra?';
103 103 $message['extra']['delete'] = 'Are you sure you want to delete the file from /extra named "%s"?';
104
104
105 105 $message['twitteruser']['delete'] = 'Are you sure you want to delete the twitter user "%s"?';
106
106
107 107 if( isset( $message[ $c[1] ][ $c[0] ] )) {
108 108 $t = $message[ $c[1] ][ $c[0] ];
109
109
110 110 if( false !== strpos( $t, '%' ) ) {
111
111
112 112 switch( $c[1] ) {
113 113 case 'rant': $v = $mtdb->getOne('SELECT title FROM rant WHERE id=' . $i); break;
114 114 case 'strip': $v = $mtdb->getOne('SELECT id FROM strip WHERE id=' . $i); break;
@@ -118,11 +118,11 function mt_explain_nonce($action) {
118 118 case 'twitteruser': $v = $mtdb->getOne('SELECT username FROM twitter_user WHERE id=' . $i); break;
119 119 default: $v = $i;
120 120 }
121
121
122 122 return sprintf( $t, mt_specialchars($v,true) );
123 123 }
124 124
125 return $t;
125 return $t;
126 126 }
127 127 return "Are you sure you want to perform the action $action?";
128 128 }
@@ -131,4 +131,4 function nonce_field($action) {
131 131 echo '<input type="hidden" name="_mtnonce" value="' . create_nonce($action) . '" />';
132 132 }
133 133
134 ?> No newline at end of file
134 ?>
Show file before | Show file after | Show commentsHide comments
@@ -14,26 +14,26 function savepage($page) {
14 14 function insertpage($page) {
15 15 global $mtdb;
16 16 $sql = 'INSERT INTO static_page ( url_name, status, title, body, style ) VALUES ('
17 . ' "' . mysql_real_escape_string($page->url_name)
18 . '", "' . mysql_real_escape_string($page->status)
19 . '", "' . mysql_real_escape_string( trim( $page->title ) )
20 . '", "' . mysql_real_escape_string( trim( $page->body ) )
21 . '", "' . mysql_real_escape_string( trim( $page->style ) )
17 . ' "' . mysqli_real_escape_string($mtdb->link, $page->url_name)
18 . '", "' . mysqli_real_escape_string($mtdb->link, $page->status)
19 . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->title ) )
20 . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->body ) )
21 . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $page->style ) )
22 22 . '")';
23 23 adminlog("Page '".$page->url_name."' has been added.", MTS_PAGE, MTA_ADD);
24 24 return $mtdb->query($sql);
25 }
25 }
26 26
27 27 function updatepage($page) {
28 28 if ( !$page->url_name ) return false;
29 29 global $mtdb;
30
31 $sql = 'UPDATE static_page SET url_name = "' . mysql_real_escape_string($page->url_name)
32 . '", status = "' . mysql_real_escape_string($page->status)
33 . '", title = "' . mysql_real_escape_string( trim($page->title) )
34 . '", body = "' . mysql_real_escape_string( trim($page->body ) )
35 . '", style = "' . mysql_real_escape_string( trim($page->style ) )
36 . '" WHERE url_name = "' . mysql_real_escape_string($page->url_name) . '"';
30
31 $sql = 'UPDATE static_page SET url_name = "' . mysqli_real_escape_string($mtdb->link, $page->url_name)
32 . '", status = "' . mysqli_real_escape_string($mtdb->link, $page->status)
33 . '", title = "' . mysqli_real_escape_string( $mtdb->link, trim( $page->title ) )
34 . '", body = "' . mysqli_real_escape_string( $mtdb->link, trim( $page->body ) )
35 . '", style = "' . mysqli_real_escape_string( $mtdb->link, trim( $page->style ) )
36 . '" WHERE url_name = "' . mysqli_real_escape_string($mtdb->link, $page->url_name) . '"';
37 37 adminlog("Page '".$page->url_name."' has been updated.", MTS_PAGE, MTA_MODIFY);
38 38 return $mtdb->query( $sql );
39 39 }
@@ -42,12 +42,12 function deletepage($url_name) {
42 42 if ( !$url_name ) return false;
43 43 global $mtdb;
44 44 adminlog("Page '".$page->url_name."' has been deleted.", MTS_PAGE, MTA_DELETE);
45 return $mtdb->query( 'DELETE FROM static_page WHERE url_name = "' . mysql_real_escape_string($url_name) . '"' );
45 return $mtdb->query( 'DELETE FROM static_page WHERE url_name = "' . mysqli_real_escape_string($mtdb->link, $url_name) . '"' );
46 46 }
47 47
48 48 function getpage($url_name) {
49 49 global $mtdb;
50 return $mtdb->getRow( 'SELECT url_name, status, title, body, style FROM static_page WHERE url_name = "'. mysql_real_escape_string($url_name) . '"' );
50 return $mtdb->getRow( 'SELECT url_name, status, title, body, style FROM static_page WHERE url_name = "'. mysqli_real_escape_string($mtdb->link, $url_name) . '"' );
51 51 }
52 52
53 53 ?>
Show file before | Show file after | Show commentsHide comments
@@ -15,22 +15,22 function insertrant($rant) {
15 15 global $mtdb;
16 16 $sql = 'INSERT INTO rant ( published, status, side, author, title, body, link, imagetype, imagetext ) VALUES ( FROM_UNIXTIME('
17 17 . (int)$rant->published
18 . '), "' . mysql_real_escape_string($rant->status)
19 . '", "' . mysql_real_escape_string($rant->side)
18 . '), "' . mysqli_real_escape_string($mtdb->link, $rant->status)
19 . '", "' . mysqli_real_escape_string($mtdb->link, $rant->side)
20 20 . '", "' . (int)$rant->author
21 . '", "' . mysql_real_escape_string( trim( $rant->title) )
22 . '", "' . mysql_real_escape_string( trim( $rant->body ) )
23 . '", "' . mysql_real_escape_string( trim( $rant->link ) )
24 . '", ' . mysql_real_escape_string($rant->imagetype)
25 . ', "' . mysql_real_escape_string( trim( $rant->imagetext ) )
21 . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->title) )
22 . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->body ) )
23 . '", "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->link ) )
24 . '", ' . mysqli_real_escape_string($mtdb->link, $rant->imagetype)
25 . ', "' . mysqli_real_escape_string( $mtdb->link, trim( $rant->imagetext ) )
26 26 . '")';
27
27
28 28 if( $mtdb->query( $sql ) ) {
29 29 //logthis( 'Saved changes to rant ' . $rant->id );
30 $rant->id = mysql_insert_id( $mtdb->link );
31
30 $rant->id = mysqli_insert_id( $mtdb->link );
31
32 32 adminlog("Rant ".$rant->id." saved.", MTS_RANT, MTA_ADD);
33
33
34 34 if($rant->status == "published")
35 35 {
36 36 $poster = get_userdatabyid($rant->author);
@@ -41,34 +41,34 function insertrant($rant) {
41 41 tumblrpost($rant->title, $rant->body);
42 42 }
43 43 }
44
44
45 45 return $rant->id;
46 46 }
47 47 return false;
48 }
48 }
49 49
50 50 function updaterant($rant) {
51 51 if ( !(int)$rant->id ) return false;
52 52 global $mtdb;
53
53
54 54 #first, check if it's published already
55 55 $qr = $mtdb->query("SELECT status FROM rant WHERE id = ".$rant->id);
56 $row = mysql_fetch_row($qr);
56 $row = mysqli_fetch_row($qr);
57 57 $status = $row[0];
58
58
59 59 adminlog("Rant ".$rant->id." updated.", MTS_RANT, MTA_UPDATE);
60
60
61 61 $sql = 'UPDATE rant SET published=FROM_UNIXTIME(' . (int)$rant->published
62 . '), status = "' . mysql_real_escape_string($rant->status)
63 . '", side = "' . mysql_real_escape_string($rant->side)
62 . '), status = "' . mysqli_real_escape_string($mtdb->link, $rant->status)
63 . '", side = "' . mysqli_real_escape_string($mtdb->link, $rant->side)
64 64 . '", author = ' . (int)$rant->author
65 . ', title = "' . mysql_real_escape_string( trim($rant->title) )
66 . '", body = "' . mysql_real_escape_string( trim($rant->body ) )
67 . '", link = "' . mysql_real_escape_string( trim($rant->link ) )
65 . ', title = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->title) )
66 . '", body = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->body ) )
67 . '", link = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->link ) )
68 68 . '", imagetype = ' . (int)$rant->imagetype
69 . ', imagetext = "' . mysql_real_escape_string( trim($rant->imagetext) )
69 . ', imagetext = "' . mysqli_real_escape_string( $mtdb->link, trim($rant->imagetext) )
70 70 . '" WHERE id=' . (int)$rant->id;
71
71
72 72 if($status == "draft" && $rant->status == "published")
73 73 {
74 74 $poster = get_userdatabyid($rant->author);
@@ -79,7 +79,7 function updaterant($rant) {
79 79 tumblrpost($rant->title, $rant->body);
80 80 }
81 81 }
82
82
83 83 return $mtdb->query( $sql );
84 84 }
85 85
Show file before | Show file after | Show commentsHide comments
@@ -3,10 +3,10
3 3 function rsspost($body, $url)
4 4 {
5 5 global $mtdb;
6
6
7 7 $mtdb->query('INSERT INTO rss_comment (body, url)
8 VALUES ("'.mysql_real_escape_string($body).'",
9 "'.mysql_real_escape_string($url).'")');
8 VALUES ("'.mysqli_real_escape_string($mtdb->link, $body).'",
9 "'.mysqli_real_escape_string($mtdb->link, $url).'")');
10 10
11 11 return true;
12 12 }
Show file before | Show file after | Show commentsHide comments
@@ -13,10 +13,10 class Strip {
13 13 // Strip id is automatically incremented
14 14 function insertstrip(&$strip) {
15 15 global $mtdb;
16
16
17 17 $strip->book = ($strip->book == '') ? 'NULL' : (int)$strip->book;
18 $strip->page = ($strip->page == '') ? 'NULL' : (int)$strip->page;
19
18 $strip->page = ($strip->page == '') ? 'NULL' : (int)$strip->page;
19
20 20 $mtdb->query('START TRANSACTION');
21 21 $newid = $mtdb->getOne('SELECT MAX(id) FROM strip') + 1;
22 22 $sql = 'INSERT INTO strip ( id, published, media, type, title, book, page ) VALUES ('
@@ -24,11 +24,11 function insertstrip(&$strip) {
24 24 . ', FROM_UNIXTIME(' . (int)$strip->published
25 25 . '), '. (int)$strip->media
26 26 . ', ' . (int)$strip->type
27 . ', "' . mysql_real_escape_string( trim($strip->title) )
27 . ', "' . mysqli_real_escape_string( $mtdb->link, trim($strip->title) )
28 28 . '", '. $strip->book
29 29 . ', ' . $strip->page
30 30 . ')';
31
31
32 32 $r = $mtdb->query( $sql );
33 33 if( !$r ) {
34 34 $mtdb->query('ROLLBACK');
@@ -36,24 +36,24 function insertstrip(&$strip) {
36 36 }
37 37 $mtdb->query('COMMIT');
38 38 adminlog("Comic ".$newid." posted.", MTS_STRIP, MTA_ADD);
39
39
40 40 $strip->id = $newid;
41 41 if( $strip->id == 0 ) return false;
42 42 return true;
43 }
43 }
44 44
45 45 function updatestrip(&$strip) {
46 46 global $mtdb;
47
47
48 48 $strip->book = ($strip->book === '') ? 'NULL' : (int)$strip->book;
49 49 $strip->page = ($strip->page === '') ? 'NULL' : (int)$strip->page;
50
50
51 51 $mtdb->query('START TRANSACTION');
52 52 $sql = 'UPDATE strip SET
53 53 published = FROM_UNIXTIME(' . (int)$strip->published .')
54 54 , media = '. (int)$strip->media .'
55 55 , type = ' . (int)$strip->type .'
56 , title = "' . mysql_real_escape_string( trim($strip->title) ) .'"
56 , title = "' . mysqli_real_escape_string( $mtdb->link, trim($strip->title) ) .'"
57 57 , book = ' . (int)$strip->book .'
58 58 , page = ' . (int)$strip->page .'
59 59 WHERE id = ' . (int)$strip->id;
@@ -61,7 +61,7 function updatestrip(&$strip) {
61 61 $mtdb->query('COMMIT');
62 62 adminlog("Comic ".$strip->id." modified.", MTS_STRIP, MTA_MODIFY);
63 63 return true;
64 }
64 }
65 65
66 66 // Delete destination strip from DB and FS, and Update/Rename the source strip into place. Destructive Move!
67 67 function move_strip($from_id, $to_id)
@@ -69,7 +69,7 function move_strip($from_id, $to_id)
69 69 global $mtdb;
70 70 $from_id = (int) $from_id;
71 71 $to_id = (int) $to_id;
72
72
73 73 // Ensure our source exists
74 74 $num_strips = $mtdb->getOne( "SELECT COUNT(*) FROM strip WHERE id = $from_id" );
75 75 if($num_strips < 1)
@@ -77,7 +77,7 function move_strip($from_id, $to_id)
77 77
78 78 // Ready the destination
79 79 deletestrip( $to_id );
80
80
81 81 // Update database
82 82 $mtdb->query( "UPDATE strip SET id = $to_id WHERE id = $from_id" );
83 83 $strip = $mtdb->getRow( "SELECT strip.id, extension FROM strip, media_t WHERE media_t.id = strip.media AND strip.id = $to_id" );
@@ -100,7 +100,7 function swap_strips( $from_id, $to_id ) {
100 100 function deletestrip($id) {
101 101 $id = (int)$id;
102 102 if ( !$id ) return false;
103
103
104 104 global $mtdb;
105 105 $r = $mtdb->query( 'DELETE FROM strip WHERE id=' . $id );
106 106 foreach(glob(sprintf(SITE_PATH_ABS.'/'.SITE_STRIP.'/%04d*.*', $id)) as $item)
Show file before | Show file after | Show commentsHide comments
@@ -5,12 +5,12 function bracketbalance($line)
5 5 #first, if no angle brackets, we're OK
6 6 if(substr_count($line, "<") == 0 && substr_count($line, ">") == 0)
7 7 return true;
8
8
9 9 if(substr_count($line, "<") != substr_count($line, ">"))
10 10 {
11 11 return false;
12 12 }
13
13
14 14 return true;
15 15 }
16 16
@@ -18,7 +18,7 function bracketbalance($line)
18 18 function gettranscript(&$strip)
19 19 {
20 20 global $mtdb;
21
21
22 22 $result = $mtdb->query('SELECT strip FROM transcript WHERE strip=' . (int)$strip->id );
23 23
24 24 if($result)
@@ -34,14 +34,14 function gettranscript(&$strip)
34 34 if( $numPanels ) {
35 35 for($i = 1; $i <= $numPanels; $i++) {
36 36 $result = $mtdb->query( 'SELECT speaker, speech FROM transcript WHERE transcript.strip=' . (int)$strip->id . ' AND panel=' .$i.' ORDER BY line')
37 or mtdie("There was an error fetching the panel count in the transcript for $strip->id, panel $i. " . mysql_error(), 'SQL Error');
38
37 or mtdie("There was an error fetching the panel count in the transcript for $strip->id, panel $i. " . mysqli_error(), 'SQL Error');
38
39 39 if(!$result) continue;
40
40
41 41 $output.= "\nnewpanel\n";
42 while($row = mysql_fetch_row($result)) {
42 while($row = mysqli_fetch_row($result)) {
43 43 if(strlen($row[0]) < 1) continue;
44
44
45 45 $output.= $row[0];
46 46 if($row[1] !== '') $output.= ":: ".$row[1];
47 47 $output.= "\n";
@@ -58,9 +58,9 function gettranscript(&$strip)
58 58 function savetranscript( &$strip ) {
59 59 global $mtdb;
60 60 $info = '';
61
61
62 62 $mtdb->query('START TRANSACTION');
63
63
64 64 //remove any old transcript data - it's being replaced
65 65 $mtdb->query( 'DELETE FROM transcript WHERE transcript.strip=' . (int)$strip->id );
66 66
@@ -87,7 +87,7 function savetranscript( &$strip ) {
87 87
88 88 if(strpos($lines[$j], '(') === 0) {
89 89 # Line is a note, add it as a comment
90 $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, '#', mysql_real_escape_string($lines[$j]), '');
90 $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, '#', mysqli_real_escape_string($mtdb->link, $lines[$j]), '');
91 91 } elseif(strpos($lines[$j], '[') === 0 || strlen($lines[$j]) == 0) {
92 92 # Line is an annotation or blank, do nothing
93 93 continue;
@@ -95,13 +95,13 function savetranscript( &$strip ) {
95 95 # Line contains a list of nonspeaking characters
96 96 array_splice($lines, $j, 1, array_map('_nospeaker', explode(',', substr($lines[$j], 11))));
97 97 $speaker = trim(substr($lines[$j], 11));
98 $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysql_real_escape_string($speaker), '', '');
98 $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker), '', '');
99 99 } elseif($i > 0 && $lines[$j] == strtoupper($lines[$j])) {
100 100 # Line designates a new speaker, note speaker
101 101
102 102 # Handle speakers who did not say anything
103 103 if(null !== $speaker && !$has_spoken)
104 $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysql_real_escape_string($speaker), '', '');
104 $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker), '', '');
105 105
106 106 $speaker = ucfirst(strtolower($lines[$j]));
107 107 $has_spoken = false;
@@ -111,29 +111,29 function savetranscript( &$strip ) {
111 111 $info .= "<p>Warning: Open brackets do not match close brackets in panel $i for speaker ".htmlentities($speaker).'</p>';
112 112
113 113 $search = preg_replace( '/[[:punct:]]|(?<=\s)\s+/', ' ', strtolower($lines[$j]) );
114 $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysql_real_escape_string($speaker),
115 mysql_real_escape_string($lines[$j]), mysql_real_escape_string($search));
114 $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker),
115 mysqli_real_escape_string($mtdb->link, $lines[$j]), mysqli_real_escape_string($mtdb->link, $search));
116 116 $has_spoken = true;
117 117 } else {
118 118 # Line is unrecognized, add it as a comment
119 $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, '#', mysql_real_escape_string($lines[$j]), '');
119 $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, '#', mysqli_real_escape_string($mtdb->link, $lines[$j]), '');
120 120 }
121 121
122 122 if( $insert_sql && false === $mtdb->query( $insert_sql ) ) {
123 123 $mtdb->query('ROLLBACK');
124 mtdie (mysql_error(), 'Error inserting transcript.');
124 mtdie (mysqli_error($mtdb->link), 'Error inserting transcript.');
125 125 }
126 126 }
127 127
128 128 if(null !== $speaker && !$has_spoken) {
129 $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysql_real_escape_string($speaker), '', '');
129 $insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker), '', '');
130 130 if( false === $mtdb->query( $insert_sql ) ) {
131 131 $mtdb->query('ROLLBACK');
132 mtdie (mysql_error(), 'Error inserting transcript.');
132 mtdie (mysqli_error($mtdb->link), 'Error inserting transcript.');
133 133 }
134 134 }
135 135 }
136
136
137 137 } else {
138 138 # Assume that this is a Kalium style transcript
139 139
@@ -141,30 +141,30 function savetranscript( &$strip ) {
141 141 $numPanels = count($panels);
142 142 foreach($panels as $currPanel)
143 143 $currPanel = trim($currPanel);
144
144
145 145 for($i = 1; $i < $numPanels; $i++) {
146 146 $lines = explode("\n", $panels[$i]);
147 147 $numLines = count($lines);
148 148 foreach($lines as $currLine)
149 149 $currLine = trim($currLine);
150
150
151 151 for($j = 1; $j < $numLines; $j++) {
152 152 $spoken = explode("::", $lines[$j]); // Distinguish between speaker and speech
153
153
154 154 $spoken[0] = trim($spoken[0]); // Strip excess whitespace
155 155 $spoken[1] = trim($spoken[1]);
156
156
157 157 if(strlen($spoken[0]) < 1) continue; // Disregard null
158 158 $spoken[2] = preg_replace('/[[:punct:]]|(?<=\s)\s+/', ' ', strtolower($spoken[1]) ); // Make searchable text
159
159
160 160 if(!bracketbalance($spoken[1]))
161 161 $info .= "<p>Warning: Open brackets do not match close brackets in panel $i for speaker ".htmlentities($spoken[0]).'</p>';
162 162
163 $insert_sql = sprintf($inserter, (int)$strip->id, (int)$i, (int)$j, mysql_real_escape_string($spoken[0]),
164 mysql_real_escape_string($spoken[1]), mysql_real_escape_string($spoken[2]) );
163 $insert_sql = sprintf($inserter, (int)$strip->id, (int)$i, (int)$j, mysqli_real_escape_string($mtdb->link, $spoken[0]),
164 mysqli_real_escape_string($mtdb->link, $spoken[1]), mysqli_real_escape_string($mtdb->link, $spoken[2]) );
165 165 if( false === $mtdb->query( $insert_sql ) ) {
166 166 $mtdb->query('ROLLBACK');
167 mtdie (mysql_error(), 'Error inserting transcript.');
167 mtdie (mysqli_error($mtdb->link), 'Error inserting transcript.');
168 168 }
169 169 }
170 170 }
Show file before | Show file after | Show commentsHide comments
@@ -22,20 +22,20 function twitterpost($message, $user=TWITTER_USER, $password=TWITTER_PASS)
22 22 adminlog("Twitter post failed for user $user!", MTS_TWITTER, MTA_ADD);
23 23 }
24 24 return !empty($buffer);
25
25
26 26 } else {
27 27 # OAuth Mode
28 $row = $mtdb->getRow( sprintf('SELECT id, username, oauth_token, oauth_token_secret FROM twitter_user WHERE username="%s"', mysql_real_escape_string($user)));
29
28 $row = $mtdb->getRow( sprintf('SELECT id, username, oauth_token, oauth_token_secret FROM twitter_user WHERE username="%s"', mysqli_real_escape_string($mtdb->link, $user)));
29
30 30 $username = $row->username;
31 31 $oauth_token = $row->oauth_token;
32 32 $oauth_token_secret = $row->oauth_token_secret;
33
33
34 34 $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $oauth_token, $oauth_token_secret);
35
35
36 36 $parameters = array('status' => $message );
37 37 $status = $connection->post('statuses/update', $parameters);
38
38
39 39 switch( $connection->http_code ) {
40 40 case 200:
41 41 adminlog("Twitter post succeeded for user $username!", MTS_TWITTER, MTA_ADD);
@@ -44,10 +44,10 function twitterpost($message, $user=TWITTER_USER, $password=TWITTER_PASS)
44 44 adminlog("Twitter post failed for user $username!", MTS_TWITTER, MTA_ADD);
45 45 return false;
46 46 }
47
48
47
48
49 49 }
50
50
51 51
52 52 }
53 53
@@ -55,7 +55,7 function twitterpost($message, $user=TWITTER_USER, $password=TWITTER_PASS)
55 55 function setOAuthTokens($userid,$oauth_token,$oauth_token_secret, $username) {
56 56 global $mtdb;
57 57 $id = (int)$userid;
58 if( $mtdb->query( sprintf('UPDATE twitter_user SET oauth_token="%s", oauth_token_secret="%s", username="%s" WHERE id=%d', mysql_real_escape_string($oauth_token), mysql_real_escape_string($oauth_token_secret), mysql_real_escape_string($username), $id )) )
58 if( $mtdb->query( sprintf('UPDATE twitter_user SET oauth_token="%s", oauth_token_secret="%s", username="%s" WHERE id=%d', mysqli_real_escape_string($mtdb->link, $oauth_token), mysqli_real_escape_string($mtdb->link, $oauth_token_secret), mysqli_real_escape_string($mtdb->link, $username), $id )) )
59 59 return true;
60 60 return false;
61 61 }
Show file before | Show file after | Show commentsHide comments
@@ -6,7 +6,7 function get_typeByID( $id ) {
6 6 global $mtdb;
7 7 $id = (int)$id;
8 8 $r = $mtdb->getRow( 'SELECT id, name, description FROM strip_t WHERE id=' . $id );
9 $r->meta = $mtdb->getAll( 'SELECT meta as id from meta where type=' . $id);
9 $r->meta = $mtdb->getAll( 'SELECT meta as id from meta where type=' . $id);
10 10 return $r;
11 11 }
12 12
@@ -24,4 +24,4 function _getMetaNameFromObject($obj) {
24 24 return $obj->name;
25 25 }
26 26
27 ?> No newline at end of file
27 ?>
Show file before | Show file after | Show commentsHide comments
@@ -34,7 +34,7 function pre_upload_rant_image( $pathtofile ) {
34 34 $doing_upload = false;
35 35 $upload_imagetype = null;
36 36 $upload_error = false;
37
37
38 38 if( false === $image_data ) {
39 39 $upload_error='<p>Something wronky happened with that upload, getimagesize() returned false!</p>';
40 40 } elseif( 300 > $image_data[0] ) {
@@ -53,7 +53,7 function pre_upload_rant_image( $pathtofile ) {
53 53 return compact( "upload_error", "doing_upload", "upload_imagetype" );
54 54 }
55 55
56 function save_stock_rant_image( $source, $rant ) {
56 function save_stock_rant_image( $source, $rant ) {
57 57 if( copy( sprintf( '%s/%s/%s', SITE_PATH_ABS,SITE_RANT,$source),
58 58 SITE_PATH_ABS .'/'.get_rantimage_filename($rant) ) ) {
59 59 $upload_info='<p>Default rant image copied.</p>';
@@ -72,7 +72,7 function save_upload_rant_image( $source, $rant ) {
72 72 $upload_info='<p>New rant image uploaded for rant '. $rant->id .'.</p>';
73 73 } else {
74 74 $upload_error='<p>Something went wrong while moving the uploaded image.</p>';
75 }
75 }
76 76 } else {
77 77 if( crop_resize($source, $destination) ) {
78 78 $upload_info='<p>New rant image uploaded and resized for rant '. $rant->id .'.</p>';
@@ -90,14 +90,14 function save_upload_rant_attachment( $source, $rant )
90 90
91 91 $image_data = getimagesize( $source );
92 92 $mtdb->query( "INSERT INTO rant_attachment (rant, media) VALUES ($rant, $image_data[2])" );
93 $rant_attachment_id = mysql_insert_id( $mtdb->link );
93 $rant_attachment_id = mysqli_insert_id( $mtdb->link );
94 94
95 95 if( move_uploaded_file($source, SITE_PATH_ABS.'/'.get_rantattachment_filename($rant_attachment_id) ) ) {
96 96 $upload_info='<p>New rant attachment uploaded for rant '. $rant .'.</p>';
97 97 adminlog('Rant attachment uploaded', MTS_RANT, MTA_ADD);
98 98 } else {
99 99 $upload_error='<p>Something went wrong while storing the attachment.</p>';
100 }
100 }
101 101
102 102 return compact("rant_attachment_id","upload_info","upload_error");
103 103 }
Show file before | Show file after | Show commentsHide comments
@@ -8,28 +8,28 function getCurrentUser() {
8 8 }
9 9
10 10 function get_userdatabyid( $id ) {
11 global $mtdb;
11 global $mtdb;
12 12 return $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link FROM contributor WHERE id = ' . (int)$id );
13 13 }
14 14
15 15 function get_userdatabylogin( $username ) {
16 16 global $mtdb;
17 return $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link FROM contributor WHERE name = "' . mysql_real_escape_string($username) . '"' );
17 return $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link FROM contributor WHERE name = "' . mysqli_real_escape_string($mtdb->link, $username) . '"' );
18 18 }
19 19
20 20 function save_userdata( $user ) {
21 21 adminlog("Saved changes to user ".$user->id." (".$user->name.").", MTS_USER, MTA_UPDATE);
22 22 global $mtdb;
23 23 return $mtdb->query( sprintf( 'UPDATE contributor SET email="%s", nameplate="%s", default_image="%s", default_link="%s" WHERE id=%d',
24 mysql_real_escape_string($user->email), mysql_real_escape_string($user->nameplate),
25 mysql_real_escape_string($user->default_image), mysql_real_escape_string($user->default_link), $user->id) );
24 mysqli_real_escape_string($mtdb->link, $user->email), mysqli_real_escape_string($mtdb->link, $user->nameplate),
25 mysqli_real_escape_string($mtdb->link, $user->default_image), mysqli_real_escape_string($mtdb->link, $user->default_link), $user->id) );
26 26 }
27 27
28 28 function change_password( $user ) {
29 29 adminlog("Changed password for user ".$user->id." (".$user->name.").", MTS_USER, MTA_UPDATE);
30 30 global $mtdb, $currentuser;
31 31 if( $currentuser->id === $user->id ) mt_setcookie($user->name, $user->password, false, ADMINURL, FALSE );
32 return $mtdb->query( 'UPDATE contributor SET password=SHA1( "' . mysql_real_escape_string($user->password) . '" ) WHERE id = "' . mysql_real_escape_string($user->id) . '"' );
32 return $mtdb->query( 'UPDATE contributor SET password=SHA1( "' . mysqli_real_escape_string($mtdb->link, $user->password) . '" ) WHERE id = "' . mysqli_real_escape_string($mtdb->link, $user->id) . '"' );
33 33 }
34 34
35 35 ?>
Show file before | Show file after | Show commentsHide comments
@@ -26,7 +26,7 function human_time_diff( $from, $to = '' ) {
26 26 $days = 1;
27 27 }
28 28 $since = sprintf( $days == 1 ? '%s day' : '%s days', $days);
29 } else {
29 } else {
30 30 $weeks = round($diff / 604800);
31 31 if( $weeks <= 1) {
32 32 $weeks = 1;
@@ -57,7 +57,7 adminmenu();
57 57 ?>
58 58 </ul>
59 59 <p style="padding-bottom:1em;"><input type="text" name="message" /><input type="submit" value="Send" /></p>
60
60
61 61 </form><br>
62 62
63 63 <h2>Recent Strips</h2>
Show file before | Show file after | Show commentsHide comments
@@ -2,7 +2,7
2 2
3 3 require_once('include/admin.inc.php');
4 4
5 /* Megatokyo admin system assumes that everyone has equivilent
5 /* Megatokyo admin system assumes that everyone has equivilent
6 6 ability to create and alter content. There are no permission
7 7 levels or access controls other than "Can they login?" */
8 8
@@ -16,7 +16,7 switch( $_REQUEST['action'] ) {
16 16 case 'login':
17 17 $log = $_POST['log'];
18 18 $pwd = $_POST['pwd'];
19
19
20 20 if( mt_login( $log, $pwd )) {
21 21 //logthis ( "AUTH: Successful login from $log at " . $_SERVER["REMOTE_ADDR"], false );
22 22 adminlog("User ".$log." has logged in from ".$_SERVER['REMOTE_ADDR'], MTS_LOGIN, MTA_CHANGE);
@@ -28,17 +28,17 switch( $_REQUEST['action'] ) {
28 28 } else {
29 29 //logthis ('AUTH: Failed login attempt from ' . $_SERVER["REMOTE_ADDR"], var_export( $_REQUEST, true ) );
30 30 }
31 // incorrect username or password, fall through to error display
32
31 // incorrect username or password, fall through to error display
32
33 33 case 'error':
34 34 default:
35
35
36 36 if ( !empty($_COOKIE[USER_COOKIE]) && mt_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) ) {
37 37 // Already logged in, redirect to admin dashboard.
38 38 nocache_headers();
39 39 _redirect( ADMIN_PATH .'/' );
40 40 }
41
41
42 42 if( $_GET['loggedout'] == true ) $error.='<p>Successfully logged you out.</p>';
43 43 ?>
44 44 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@@ -81,16 +81,16 switch( $_REQUEST['action'] ) {
81 81 <input type="hidden" name="action" value="login" />
82 82 </p>
83 83 </form></div>
84
84
85 85 <ul>
86 86 <li><a href="<?php echo SITE_HOST.SITE_PATH; ?>" title="Return to the public Megatokyo website.">Back to Megatokyo Website</a></li>
87 87 </ul>
88
88
89 89 </body>
90 90 </html>
91 91 <?php
92 92 die();
93
93
94 94 } // end switch
95 95
96 96
Show file before | Show file after | Show commentsHide comments
@@ -9,7 +9,7 if( isset($_GET['delete']) && (int)$_GET['delete'] ) {
9 9 if(! $mtdb->query( 'DELETE FROM meta_t WHERE id=' . (int)$_GET['delete'] ) )
10 10 {
11 11 adminlog("Error on deleting metatype ".(int)$_GET['delete'], MTS_TYPE_META, MTA_DELETE, E_WARNING);
12 mtdie("Error on update: ". htmlentities(mysql_error()));
12 mtdie("Error on update: ". htmlentities(mysqli_error()));
13 13 }
14 14 $info.='<p>Deleted metatype successfully.<p>';
15 15 adminlog("Metatype ".(int)$_GET['delete']." deleted.", MTS_TYPE_META, MTA_DELETE);
@@ -17,14 +17,14 if( isset($_GET['delete']) && (int)$_GET['delete'] ) {
17 17
18 18 if( isset($_POST['action']) && $_POST['action'] == 'new_meta' ) {
19 19 check_nonce('new-metatype');
20
20
21 21 $name = trim($_POST['name']);
22
22
23 23 if( check_type_name( $name ) ) {
24 if(! $mtdb->query( 'INSERT INTO meta_t(name) VALUES("'. mysql_real_escape_string($name) . '")' ) )
24 if(! $mtdb->query( 'INSERT INTO meta_t(name) VALUES("'. mysqli_real_escape_string($mtdb->link, $name) . '")' ) )
25 25 {
26 26 adminlog("Error on inserting metatype ".(int)$_GET['delete'], MTS_TYPE_META, MTA_INSERT, E_WARNING);
27 mtdie("Error on insertion: ". htmlentities(mysql_error()));
27 mtdie("Error on insertion: ". htmlentities(mysqli_error()));
28 28 }
29 29 }
30 30 $info.='<p>New metatype created successfully.<p>';
@@ -33,14 +33,14 if( isset($_POST['action']) && $_POST['action'] == 'new_meta' ) {
33 33
34 34 if( isset($_POST['action']) && $_POST['action'] == 'edit_meta' ) {
35 35 check_nonce('save-metatype-'.(int)$_POST['type_id']);
36
36
37 37 $name = trim($_POST['name']);
38
38
39 39 if( check_type_name( $name ) ) {
40 if(! $mtdb->query( 'UPDATE meta_t SET name = "' . mysql_real_escape_string($name) . '" WHERE id=' . (int)$_POST['type_id']) )
40 if(! $mtdb->query( 'UPDATE meta_t SET name = "' . mysqli_real_escape_string($mtdb->link, $name) . '" WHERE id=' . (int)$_POST['type_id']) )
41 41 {
42 42 adminlog("Error updating metatype ".(int)$_GET['delete'], MTS_TYPE_META, MTA_UPDATE, E_WARNING);
43 mtdie("Error on update: ". htmlentities(mysql_error()));
43 mtdie("Error on update: ". htmlentities(mysqli_error()));
44 44 }
45 45 }
46 46 $info.='<p>Changes to metatype saved successfully.<p>';
@@ -96,11 +96,11 adminmenu();
96 96 <td width="66%"><input name="name" type="text" id="name" value="" /></td>
97 97 </tr>
98 98 </table>
99
99
100 100 <p class="submit"><input type="submit" value="Create &raquo;" name="submit" /></p>
101 101 </div>
102 102 </form>
103 103
104 104 <?php
105 105 adminfooter();
106 ?> No newline at end of file
106 ?>
Show file before | Show file after | Show commentsHide comments
@@ -36,7 +36,7 function handle_update_form() {
36 36 return;
37 37 }
38 38
39 $mtdb->query( 'INSERT INTO status (published,eta,percentage,text) VALUES( NOW(), FROM_UNIXTIME(' . (int)$eta . '), '. (int)$percent . ', "' . mysql_real_escape_string($text) . '")' );
39 $mtdb->query( 'INSERT INTO status (published,eta,percentage,text) VALUES( NOW(), FROM_UNIXTIME(' . (int)$eta . '), '. (int)$percent . ', "' . mysqli_real_escape_string($mtdb->link, $text) . '")' );
40 40
41 41 $_POST['update_percentage']=$_POST['update_eta']=$_POST['update_text']='';
42 42 $info = '<p>Statusbox updated successfully.</p>';
@@ -87,32 +87,32 $presets = $mtdb->getAll('SELECT COUNT(*) as c, percentage, text, CONCAT( percen
87 87 <th scope="row">Status Description</th>
88 88 <td width="66%"><textarea name="update_text" row="6" cols="30" id="update_text"><?php echo htmlentities($_POST['update_text']); ?></textarea></td>
89 89 </tr>
90
90
91 91 <script type="text/javascript">
92 92 function PresetHandler( f ) {
93
93
94 94 var i = f.preset.selectedIndex;
95 95 var v = f.preset.options[i].value;
96
96
97 97 var parts = v.split("% - ");
98
98
99 99 if( parts[0] == undefined ) {
100 100 parts[0] = "";
101 101 }
102 102 if( parts[1] == undefined ) {
103 103 parts[1] = "";
104 104 }
105
105
106 106 f.update_percentage.value = parts[0];
107 107 f.update_text.value = parts[1];
108
108
109 109 return true;
110 110 }
111 111 document.write('<tr><th scope="row">Presets</th><td width="66%"><select name="preset" onchange="PresetHandler(this.form);"><option value="">-none-</option><?php
112 112 foreach( $presets as $p )
113 113 echo '<option value="' . addslashes(htmlentities($p->p)) . '">' . addslashes(htmlentities($p->p)) . '</option>';
114 114 ?></select></td></tr>');
115
115
116 116 </script>
117 117 </table>
118 118
Show file before | Show file after | Show commentsHide comments
@@ -17,7 +17,7 if( isset($_REQUEST['action']) && 'edit_twitter' == $_REQUEST['action']) {
17 17
18 18 if(0 == $id && !empty($msg)) {
19 19 // Add a new preset
20 $mtdb->query( sprintf('INSERT INTO twitter_status (position, message) VALUES (%d, "%s")', $position, mysql_real_escape_string($msg)) );
20 $mtdb->query( sprintf('INSERT INTO twitter_status (position, message) VALUES (%d, "%s")', $position, mysqli_real_escape_string($mtdb->link, $msg)) );
21 21 adminlog("Added new preset: $msg", MTS_TWITTER, MTA_ADD);
22 22 } elseif(empty($msg)) {
23 23 // Delete an existing preset
@@ -25,7 +25,7 if( isset($_REQUEST['action']) && 'edit_twitter' == $_REQUEST['action']) {
25 25 adminlog("Removed preset: $id", MTS_TWITTER, MTA_ADD);
26 26 } else {
27 27 // Modify an existing preset
28 $mtdb->query( sprintf('UPDATE twitter_status SET position = %d, message = "%s" WHERE id = %d', $position, mysql_real_escape_string($msg), $id) );
28 $mtdb->query( sprintf('UPDATE twitter_status SET position = %d, message = "%s" WHERE id = %d', $position, mysqli_real_escape_string($mtdb->link, $msg), $id) );
29 29 }
30 30 }
31 31 }
Show file before | Show file after | Show commentsHide comments
@@ -6,34 +6,34 auth_redirect(); // Require logged in user to access this page.
6 6
7 7 if( isset($_POST['action']) && $_POST['action'] == 'new' ) {
8 8 check_nonce('new-twitter-user');
9
10 if(! $mtdb->query( sprintf('INSERT INTO twitter_user(username) VALUES("%s")', mysql_real_escape_string( md5( microtime() )) ) ) ) {
9
10 if(! $mtdb->query( sprintf('INSERT INTO twitter_user(username) VALUES("%s")', mysqli_real_escape_string( $mtdb->link, md5( microtime() )) ) ) ) {
11 11 adminlog("Error on insertion of new twitter user.", MTS_TWITTER, MTA_INSERT, E_WARNING);
12 mtdie("Error on insertion of new twitter user: ". htmlentities(mysql_error()), 'SQL Error');
12 mtdie("Error on insertion of new twitter user: ". htmlentities(mysqli_error()), 'SQL Error');
13 13 } else {
14 14 //$name = sanitize_username($_POST['name']);
15
16 $id = mysql_insert_id();
17
15
16 $id = mysqli_insert_id();
17
18 18 $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET);
19 19 $request_token = $connection->getRequestToken(OAUTH_CALLBACK . "&id=$id");
20
20
21 21 if ($connection->http_code !== 200 ) {
22 22 adminlog("Twitter getRequestToken failed. HTTP code: $connection->http_code", MTS_TWITTER, MTA_MODIFY);
23 23 mtdie("Could not connect to twitter.com.");
24 24 }
25
25
26 26 echo $id . '<br/>';
27
27
28 28 setOAuthTokens( $id, $request_token['oauth_token'], $request_token['oauth_token_secret'], md5(microtime()) );
29
29
30 30 adminlog("New twitter user created successfully.", MTS_TWITTER, MTA_ADD);
31 31
32 32 $url = $connection->getAuthorizeURL($request_token['oauth_token']);
33 33 //echo $url;
34 34 _redirect($url);
35 exit();
36
35 exit();
36
37 37 }
38 38 }
39 39
@@ -41,7 +41,7 if( isset($_REQUEST['action']) && $_REQUEST['action'] == 'twittercallback' && is
41 41 # twitter userID = ID
42 42 $id = (int)$_REQUEST['id'];
43 43 $row = $mtdb->getRow( sprintf('SELECT id, username, oauth_token, oauth_token_secret, oauth_access_token FROM twitter_user WHERE id=%d LIMIT 1', $id));
44
44
45 45 # Compare token in database with token from twitter. If they differ, bail.
46 46 if( $row->oauth_token != $_REQUEST['oauth_token'] ) {
47 47 # token is old, drop from database
@@ -53,9 +53,9 if( isset($_REQUEST['action']) && $_REQUEST['action'] == 'twittercallback' && is
53 53 } else {
54 54 # token is good, save the new Access Token to the database
55 55 $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $row->oauth_token, $row->oauth_token_secret);
56
56
57 57 $access_token = $connection->getAccessToken($_REQUEST['oauth_verifier']);
58
58
59 59 if (200 == $connection->http_code) {
60 60 # successful
61 61 $info.='<p>Successfully obtained OAuth Access Token.</p>';
@@ -66,7 +66,7 if( isset($_REQUEST['action']) && $_REQUEST['action'] == 'twittercallback' && is
66 66 adminlog("Successfully received OAuth Access Tokens for twitter user.", MTS_TWITTER, MTA_MODIFY, E_WARNING);
67 67
68 68 //print_r($content);
69
69
70 70 } else {
71 71 # fail
72 72 if( !$mtdb->query("DELETE FROM twitter_user WHERE id = '$id'") ) {
@@ -76,7 +76,7 if( isset($_REQUEST['action']) && $_REQUEST['action'] == 'twittercallback' && is
76 76 $info.='<p>Failed to get OAuth Access Token for ' . $username . '.</p>';
77 77 adminlog("Failed to get OAuth Access Tokens for twitter user.", MTS_TWITTER, MTA_MODIFY, E_ERROR);
78 78 }
79
79
80 80 }
81 81 }
82 82
@@ -109,14 +109,14 adminmenu();
109 109 $alternate=false;
110 110 foreach( $twitter_users as $s ) {
111 111 $alternate=!$alternate;
112
112
113 113 ?>
114 114 <tr id="twitteruser-<?php echo $s->id; ?>" <?php if($alternate) echo 'class="alternate"'; ?>>
115 115 <th scope="row" style="text-align: center;"><?php echo $s->id; ?></th>
116 116 <td><?php echo htmlentities($s->username); ?></td>
117 117 <td><?php echo htmlentities($s->oauth_token); ?></td>
118 118 <td><?php echo htmlentities($s->oauth_token_secret); ?></td>
119 <td><?php
119 <td><?php
120 120 $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $s->oauth_token, $s->oauth_token_secret);
121 121 $content = $connection->get('account/verify_credentials');
122 122 if( isset($content->profile_image_url)) {
Show file before | Show file after | Show commentsHide comments
@@ -9,12 +9,12 if( isset($_GET['delete']) && (int)$_GET['delete'] ) {
9 9 if(! $mtdb->query( 'DELETE FROM strip_t WHERE id=' . (int)$_GET['delete'] ) )
10 10 {
11 11 adminlog("Error deleting type ".(int)$_GET['delete'], MTS_TYPE, MTA_DELETE, E_WARNING);
12 mtdie("Error on deletion of existing type: " . htmlentities(mysql_error()), 'SQL Error');
12 mtdie("Error on deletion of existing type: " . htmlentities(mysqli_error()), 'SQL Error');
13 13 }
14 14 if(! $mtdb->query( 'DELETE FROM meta WHERE type=' . (int)$_GET['delete'] ) )
15 15 {
16 16 adminlog("Error on deletion of type ".(int)$_GET['delete']."'s metadata.", MTS_TYPE, MTA_DELETE, E_WARNING);
17 mtdie("Error on deletion of existing type's metadata: " . htmlentities(mysql_error()), 'SQL Error');
17 mtdie("Error on deletion of existing type's metadata: " . htmlentities(mysqli_error()), 'SQL Error');
18 18 }
19 19 $info.='<p>Deleted type successfully.<p>';
20 20 adminlog("Deleted type ".(int)$_GET['delete'], MTS_TYPE, MTA_DELETE);
@@ -22,15 +22,15 if( isset($_GET['delete']) && (int)$_GET['delete'] ) {
22 22
23 23 if( isset($_POST['action']) && $_POST['action'] == 'new_type' ) {
24 24 check_nonce('new-type');
25
25
26 26 $name = trim($_POST['name']);
27 27 $desc = trim($_POST['description']);
28
28
29 29 if( check_type_name($name) ) {
30 if(! $mtdb->query( sprintf( 'INSERT INTO strip_t(name, description) VALUES("%s", "%s")', mysql_real_escape_string($name), mysql_real_escape_string($desc)) ) )
30 if(! $mtdb->query( sprintf( 'INSERT INTO strip_t(name, description) VALUES("%s", "%s")', mysqli_real_escape_string($mtdb->link, $name), mysqli_real_escape_string($mtdb->link, $desc)) ) )
31 31 {
32 32 adminlog("Error on insertion of new type.", MTS_TYPE, MTA_INSERT, E_WARNING);
33 mtdie("Error on insertion of new type: ". htmlentities(mysql_error()), 'SQL Error');
33 mtdie("Error on insertion of new type: ". htmlentities(mysqli_error()), 'SQL Error');
34 34 }
35 35 }
36 36 $info.='<p>New type created successfully.<p>';
@@ -38,27 +38,27 if( isset($_POST['action']) && $_POST['action'] == 'new_type' ) {
38 38 }
39 39
40 40 if( isset($_POST['action']) && $_POST['action'] == 'edit_type' ) {
41
41
42 42 $id = (int)$_POST['type_id'];
43 43 check_nonce("save-type-$id");
44 44
45 45 $name = trim($_POST['name']);
46 46 $desc = trim($_POST['description']);
47
47
48 48 $meta = $_POST['meta'];
49 49
50 50 $m_delete = $mtdb->getAll("SELECT meta FROM meta WHERE type = $id");
51
51
52 52 $m_insert = array();
53
54 // Key listed in both Insert and Delete lists, so remove from both == Do Nothing
55 foreach( $m_delete as $k=>$v ) {
53
54 // Key listed in both Insert and Delete lists, so remove from both == Do Nothing
55 foreach( $m_delete as $k=>$v ) {
56 56 if( array_key_exists( $v->meta, $meta ) ) {
57 57 unset($m_delete[$k]);
58 58 unset($meta[$v->meta]);
59 59 } else {
60 60 $m_delete[$k] = 'meta=' . (int)$v->meta;
61 }
61 }
62 62 }
63 63
64 64 // Key listed only in Insert list, make proper format
@@ -67,17 +67,17 if( isset($_POST['action']) && $_POST['action'] == 'edit_type' ) {
67 67 }
68 68
69 69 if( check_type_name( $name ) ) {
70 if( !$mtdb->query( sprintf( 'UPDATE strip_t SET name = "%s", description = "%s" WHERE id = %s', mysql_real_escape_string($name), mysql_real_escape_string($desc), $id)) )
70 if( !$mtdb->query( sprintf( 'UPDATE strip_t SET name = "%s", description = "%s" WHERE id = %s', mysqli_real_escape_string($mtdb->link, $name), mysqli_real_escape_string($mtdb->link, $desc), $id)) )
71 71 {
72 72 adminlog("Error on updating type ".$id, MTS_TYPE, MTA_UPDATE, E_WARNING);
73 mtdie("Error on update of existing type: ". htmlentities(mysql_error()), 'SQL Error');
73 mtdie("Error on update of existing type: ". htmlentities(mysqli_error()), 'SQL Error');
74 74 }
75
75
76 76 $sql_insert = "INSERT INTO meta (type,meta) VALUES " . implode(',',$m_insert);
77 77 $sql_delete = "DELETE FROM meta WHERE type=$id AND ( " . implode(' OR ',$m_delete) . ' )';
78 78
79 79 $mtdb->query('START TRANSACTION');
80
80
81 81 if( count($m_insert) )
82 82 if(! $mtdb->query( $sql_insert ) )
83 83 {
@@ -90,9 +90,9 if( isset($_POST['action']) && $_POST['action'] == 'edit_type' ) {
90 90 adminlog("Error deleting old metatype association data for type ".$id, MTS_TYPE, MTA_REMOVE, E_WARNING);
91 91 mtdie("There was an error deleting old metatype data. Transaction aborted. $sql_delete");
92 92 }
93
93
94 94 $mtdb->query('COMMIT');
95
95
96 96 } else {
97 97 $error.='<p>Invalid type name!</p>';
98 98 }
@@ -129,13 +129,13 adminmenu();
129 129 $alternate=false;
130 130 foreach( $types as $s ) {
131 131 $alternate=!$alternate;
132
132
133 133 $metas = $mtdb->getAll("SELECT meta_t.name AS name FROM strip_t
134 134 JOIN meta ON meta.type = strip_t.id JOIN meta_t ON meta.meta = meta_t.id
135 135 WHERE strip_t.id = $s->id");
136
136
137 137 $meta = implode(', ', array_map('_getMetaNameFromObject', $metas) );
138
138
139 139 ?>
140 140 <tr id="comic-<?php echo $s->id; ?>" <?php if($alternate) echo 'class="alternate"'; ?>>
141 141 <th scope="row" style="text-align: center;"><?php echo $s->id; ?></th>
@@ -169,7 +169,7 adminmenu();
169 169 <td width="66%"><input name="description" type="text" id="description" value="" /></td>
170 170 </tr>
171 171 </table>
172
172
173 173 <p class="submit"><input type="submit" value="Create &raquo;" name="submit" /></p>
174 174 </div>
175 175 </form>
Show file before | Show file after | Show commentsHide comments
@@ -18,7 +18,7 if(isset($_REQUEST['next']) && $_REQUEST['next'] == "yes")
18 18 //in general, this is the case that is desired
19 19 // the next monday, wednesday, or friday that isn't today
20 20 $post_date = min( strtotime("next Monday +1 hour", $tomorrow), strtotime("next Wednesday +1 hour", $tomorrow), strtotime("next Friday +1 hour", $tomorrow) );
21
21
22 22 //however, if it is monday, wednesday, or friday AND before 1 AM
23 23 // then we want to post at 1 AM on this day
24 24 $today = date("l");
Show file before | Show file after | Show commentsHide comments
@@ -64,7 +64,7 tinyMCE.init({
64 64
65 65 <fieldset id="postdivrich">
66 66 <legend>Page</legend>
67
67
68 68 <style type="text/css">
69 69 #postdivrich table, #postdivrich #quicktags {border-top: none;}
70 70 #quicktags {border-bottom: none; padding-bottom: 2px; margin-bottom: -1px;}
@@ -85,7 +85,7 tinyMCE.init({
85 85
86 86 <fieldset id="cssdivrich">
87 87 <legend>Optional CSS</legend>
88
88
89 89 <style type="text/css">
90 90 #postdivrich table, #postdivrich #quicktags {border-top: none;}
91 91 #quicktags {border-bottom: none; padding-bottom: 2px; margin-bottom: -1px;}
Show file before | Show file after | Show commentsHide comments
@@ -59,7 +59,7 tinyMCE.init({
59 59 <?php
60 60 // What side does this author usually post on?
61 61 $usual = $mtdb->getOne( 'SELECT side,count(*) c FROM rant WHERE author=' . (int)$currentuser->id . ' GROUP BY side ORDER BY c DESC limit 1' );
62
62
63 63 $sides = array('left'=>'Left','right'=>'Right');
64 64 foreach( $sides as $k=>$v ) {
65 65 printf('<option value="%s" %s>%s</option>', htmlentities($k), ($usual == $k ? 'selected="selected"' : '' ), $v );
@@ -69,7 +69,7 tinyMCE.init({
69 69 </fieldset>
70 70
71 71 <fieldset id="authordiv" class="dbx-box">
72 <h3 class="dbx-handle">Author</h3>
72 <h3 class="dbx-handle">Author</h3>
73 73 <div class="dbx-content"><select name="rant_author"><?php
74 74 $contrib = $mtdb->getAll('select id,name from contributor');
75 75 foreach( $contrib as $k=>$v ) {
@@ -106,7 +106,7 tinyMCE.init({
106 106
107 107 <fieldset id="postdivrich">
108 108 <legend>Post</legend>
109
109
110 110 <style type="text/css">
111 111 #postdivrich table, #postdivrich #quicktags {border-top: none;}
112 112 #quicktags {border-bottom: none; padding-bottom: 2px; margin-bottom: -1px;}
@@ -114,7 +114,7 tinyMCE.init({
114 114 </style>
115 115 <div><textarea class="mceEditor" rows="13" cols="40" name="content" tabindex="3" id="content"></textarea></div>
116 116
117
117
118 118 <?php
119 119 /*
120 120 include("include/fckeditor/fckeditor_php4.php");
@@ -124,9 +124,9 tinyMCE.init({
124 124 $oFCKeditor->Create();
125 125 */
126 126 ?>
127
128
129
127
128
129
130 130 </fieldset>
131 131
132 132
@@ -163,7 +163,7 tinyMCE.init({
163 163 <input type="hidden" name="MAX_FILE_SIZE" value="10000000" />
164 164 <input name="ranterImage" type="file"/>
165 165 </p>
166
166
167 167 </td><td>
168 168 <?php if ( $rantimage_filename ): ?>
169 169 <p><img src="<?php echo SITE_HOST . '/' . SITE_PATH . '/' . $rantimage_filename; ?>" width="150" /></p>
Show file before | Show file after | Show commentsHide comments
@@ -6,7 +6,7 auth_redirect(); // Require logged in user to access this page.
6 6
7 7 check_nonce('new-scratchpad');
8 8
9 $mtdb->query( sprintf( 'INSERT INTO scratchpad (contributor, message) VALUES (%d, "%s")', (int)$currentuser->id, mysql_real_escape_string($_REQUEST['message'])) );
9 $mtdb->query( sprintf( 'INSERT INTO scratchpad (contributor, message) VALUES (%d, "%s")', (int)$currentuser->id, mysqli_real_escape_string($mtdb->link, $_REQUEST['message'])) );
10 10
11 11 adminlog("User posted to scratchpad.", MTS_SCRATCH, MTA_INSERT);
12 12 _redirect( ADMIN_PATH . '/index.php' );
Show file before | Show file after | Show commentsHide comments
@@ -8,7 +8,7 auth_redirect(); // Require logged in user to access this page.
8 8 if('post_twitter' == $_REQUEST['action'])
9 9 {
10 10 check_nonce('new-twitter');
11
11
12 12 $postmessage = '';
13 13 if(!empty($_REQUEST['stdmessage']) ) $postmessage = trim($_REQUEST['stdmessage']);
14 14 if( strlen($_REQUEST['message']) ) $postmessage = trim($_REQUEST['message']);
@@ -20,13 +20,13 if('post_twitter' == $_REQUEST['action'])
20 20
21 21 if('' == $postmessage) _redirect( ADMIN_PATH . '/post-twitter.php?tweet=missing');
22 22 $username = sanitize_username($_REQUEST['twitter_user']);
23 $postasuser = $mtdb->getOne( sprintf('SELECT username FROM twitter_user WHERE username="%s"', mysql_real_escape_string($username)));
23 $postasuser = $mtdb->getOne( sprintf('SELECT username FROM twitter_user WHERE username="%s"', mysqli_real_escape_string($mtdb->link, $username)));
24 24
25 25 if( in_array('twitter', $_REQUEST['service']) )
26 26 $rc = twitterpost( numeric_entities(utfentities($postmessage)), $postasuser );
27 27 if( in_array('rss', $_REQUEST['service']) )
28 28 $rc = rsspost( numeric_entities(utfentities($postmessage)), SITE_HOST.SITE_PATH );
29
29
30 30 if($rc) _redirect( ADMIN_PATH . '/post-twitter.php?tweet=success');
31 31 _redirect( ADMIN_PATH . '/post-twitter.php?tweet=fail');
32 32
@@ -41,7 +41,7 if( isset($_REQUEST['tweet']) && 'fail' == $_REQUEST['tweet'] )
41 41
42 42 if( isset($_REQUEST['tweet']) && 'missing' == $_REQUEST['tweet'] )
43 43 $error.='Oops~ Looks like you forgot to enter a message.';
44
44
45 45
46 46 $statuses = $mtdb->getAll('SELECT id, position, message FROM twitter_status ORDER BY position, id');
47 47 $twitter_users = $mtdb->getAll('SELECT id, username, oauth_token, oauth_token_secret, oauth_access_token FROM twitter_user ORDER BY username');
@@ -98,7 +98,7 adminmenu();
98 98 var charactersremaining = document.getElementById('charactersremaining');
99 99 charactersremaining.innerHTML = 140 - status.value.length
100 100 }
101 -->
101 -->
102 102 </script>
103 103
104 104 <?php /*?>
Show file before | Show file after | Show commentsHide comments
@@ -7,7 +7,7 auth_redirect(); // Require logged in user to access this page.
7 7 if($_POST)
8 8 {
9 9 check_nonce('swap-strip');
10
10
11 11 if(!is_numeric($_POST['comic_a']) || !is_numeric($_POST['comic_b']))
12 12 mtdie('This tool only works on numeric strip numbers.');
13 13
@@ -16,11 +16,11 if($_POST)
16 16
17 17 $f = fopen(SITE_PATH_ABS.'/'.SITE_STRIP.'/'.SITE_STRIP_LOCK, 'w');
18 18 flock($f, LOCK_EX);
19
19
20 20 swap_strips( $a, $b );
21
21
22 22 close($f);
23
23
24 24 $info.='<p>Strips $a and $b swapped successfully.</p>';
25 25 adminlog("Strips $a and $b have been swapped.", MTS_STRIP, MTA_MODIFY);
26 26 }
@@ -48,7 +48,7 adminmenu('swap-comics.php');
48 48 <td width="66%"><input name="comic_b" type="text" id="comic_b" value="" /></th>
49 49 </tr>
50 50 </table>
51
51
52 52 <p class="submit"><input type="submit" value="Swap &raquo;" name="submit" /></p>
53 53
54 54 </div>
Show file before | Show file after | Show commentsHide comments
@@ -37,7 +37,9 foreach($tweets as $t)
37 37 adminlog("Error $ret_code posting scheduled tweet ".$t->id . ' with return value ' . $ret, MTS_TWITTER, MTA_ADD);
38 38 $t->status = 'error';
39 39 }
40
40
41 41 // Unlock tweet, update db.
42 $mtdb->query("UPDATE twitter_post SET status = '".mysql_real_escape_string($t->status)."' WHERE status = 'locked' AND id = ".(int)$t->id, false);
42 $mtdb->query("UPDATE twitter_post SET status = '".mysqli_real_escape_string($mtdb->link, $t->status)."' WHERE status = 'locked' AND id = ".(int)$t->id, false);
43 43 }
44
45 ?>
Show file before | Show file after | Show commentsHide comments
@@ -12,10 +12,10 if( isset($_POST['edit']) ) {
12 12 $username = sanitize_username( $_POST['user_login'] );
13 13 if( $username != $_POST['user_login'] || strlen($_POST['user_login']) < 1 )
14 14 mtdie( 'The specified username is not valid. Must be composed of a-z _ - @ .', 'Invalid Username' );
15
15
16 16 copy(RANTIMG.'default', RANTIMG.$username.'.png');
17
18 $mtdb->query( 'INSERT INTO contributor (name, default_image) VALUES ("' . mysql_real_escape_string($username) . '", "'.$username.'.png")' );
17
18 $mtdb->query( 'INSERT INTO contributor (name, default_image) VALUES ("' . mysqli_real_escape_string($mtdb->link, $username) . '", "'.$username.'.png")' );
19 19 $user = get_userdatabylogin( $username );
20 20 $userid = $user->id;
21 21 $info.='<p>User Account Created</p>';
@@ -25,19 +25,19 if( isset($_POST['edit']) ) {
25 25 $userid = (int) $_POST['edit'];
26 26 $user_old = $user = get_userdatabyid( $userid );
27 27 }
28
28
29 29 $user->nameplate = $_POST['nickname'];
30 30 $user->default_image = $user_old->default_image;
31 31 $user->default_link = $_POST['rant-link'];
32 32 $user->email = $_POST['email'];
33
33
34 34 if( !empty($_POST['password_new1']) && !empty($_POST['password_new2']) ) {
35
35
36 36 if( $_POST['password_new1'] !== $_POST['password_new2'] ) {
37 37 $error.='<p>New passwords do not match.</p>';
38 38 } else {
39 39 /* password change */
40 if( ! $mtdb->getOne( 'SELECT id FROM contributor WHERE id = "' . (int)$user->id . '" AND (password = SHA1("' . mysql_real_escape_string($_POST['password_old']) . '") OR password = "")' )) {
40 if( ! $mtdb->getOne( 'SELECT id FROM contributor WHERE id = "' . (int)$user->id . '" AND (password = SHA1("' . mysqli_real_escape_string($mtdb->link, $_POST['password_old']) . '") OR password = "")' )) {
41 41 $error.='<p>Specified password is incorrect.</p>';
42 42 } else {
43 43 /* Password match */
@@ -50,13 +50,13 if( isset($_POST['edit']) ) {
50 50
51 51 function handle_upload( &$user ) {
52 52 global $info,$error;
53
53
54 54 if( !$_FILES['rant_image'] ) return;
55
55
56 56 if( '' == $_FILES['rant_image']['name'] ) return;
57 57 if( UPLOAD_ERR_NO_FILE == $_FILES['rant_image']['error'] ) return;
58 58 if( 0 == $_FILES['rant_image']['size'] ) return;
59
59
60 60 $info.='<p>Tried to upload an image.</p>';
61 61 // Uploading new rant image
62 62 $imagedata = getimagesize($_FILES['rant_image']['tmp_name']);
@@ -68,7 +68,7 if( isset($_POST['edit']) ) {
68 68 $error.='<p>Image wrong height: '.$imagedata[1].'</p>';
69 69 return;
70 70 }
71
71
72 72 switch( $_FILES['rant_image']['type'] ) {
73 73 case 'image/jpeg':
74 74 case 'image/jpg': $ext = 'jpg'; break;
@@ -80,7 +80,7 if( isset($_POST['edit']) ) {
80 80 $error.='<p>Unknown image extension. Upload refused.</p>';
81 81 return;
82 82 }
83
83
84 84 $destination_path = $user->name.'.'.$ext;
85 85 if( !is_uploaded_file( $_FILES['rant_image']['tmp_name'] )) {
86 86 $error.='<p>Something went wrong while retrieving the uploaded image.</p>';
@@ -103,8 +103,8 if( isset($_POST['edit']) ) {
103 103 } else {
104 104 $userid = (int) $_GET['edit'];
105 105 $user = get_userdatabyid( $userid );
106 }
107
106 }
107
108 108 if( !$user ) $error.='<p>The specified user does not exist.</p>';
109 109
110 110 adminhead('Edit User Profile');
Show file before | Show file after | Show commentsHide comments
@@ -54,13 +54,13 $users = $mtdb->getAll("SELECT id,name,email,nameplate FROM contributor");
54 54
55 55 <h2>Create New Contributor</h2>
56 56 <div class="narrow">
57 <table class="editform" width="100% cellspacing="2" cellpadding="5">
57 <table class="editform" width="100%" cellspacing="2" cellpadding="5">
58 58 <tr>
59 59 <th scope="row" width="33%">Username</th>
60 60 <td width="66%"><input name="user_login" type="text" id="user_login" value="" /></th>
61 61 </tr>
62 62 </table>
63
63
64 64 <p class="submit"><input type="submit" value="Create &raquo;" name="submit" /></p>
65 65 </div>
66 66 </form>
Comments 0
You need to be logged in to leave comments. Login now