mt-admin Commit - dc98d7eb2bb1

Switch to mysqli_* in other php files.

darkmorford -

dc98d7eb2bb1

Not Reviewed

Context file:

Add another comment

Collapse all files

0 unresolved 0 Resolved

0 General 0 Inline

character-twitter.php ¶ +7 -7

             if('post_twitter' == $_REQUEST['action'])
             {
             	check_nonce('new-character-twitter');
             	#Fetch the password from the DB.
             	$acct = $mtdb->getRow(sprintf("SELECT username, password FROM twitter_user WHERE id = '%d'", $_REQUEST['twitter-account']));
             	$post_at = strtotime($_REQUEST['date18']);
             	if($post_at)
             	{
             		if($post_at <= strtotime('now'))
             			#If we can post immediately, do so. Bypass the scheduler whenever possible.
             			#Treat a date/time in the past as immediate.
             			$ret = twitterpost($_REQUEST['message'], $acct->username, $acct->password);
             			if($ret)
             			{
             				$info.='Update posted to Twitter. <a href="http://www.twitter.com/'.$acct->username.'">View Twitter</a>.';
             			#No luck, gotta schedule.
             			$mtdb->query(
             				sprintf("INSERT INTO twitter_post (status, user, time, text)VALUES ('scheduled', '%d', FROM_UNIXTIME('%d'), '%s')",
-            					mysql_real_escape_string($_REQUEST['twitter-account']),
+            					mysqli_real_escape_string($mtdb->link, $_REQUEST['twitter-account']),
             					$post_at,
-            					mysql_real_escape_string($_REQUEST['message'])
+            					mysqli_real_escape_string($mtdb->link, $_REQUEST['message'])
             				)
             			);
             			$info .= "Your tweet for user " . htmlentities($acct->username) . " has been scheduled.";
             <?php
             adminfooter();
-            ?>
  No newline at end of file
+            ?>

delete-comic.php ¶ +2 -2

             if(!deletestrip( $_REQUEST['strip_id'] ))
             {
-            	adminlog("Error deleting strip $_REQUEST[strip_id]:".mysql_error(), MTS_STRIP, MTA_DELETE, E_ERROR);
+            	adminlog("Error deleting strip $_REQUEST[strip_id]:".mysqli_error(), MTS_STRIP, MTA_DELETE, E_ERROR);
             	mtdie('Error deleting the specified strip.','SQL Error');
             }
             adminlog("Strip $_REQUEST[strip_id] deleted.", MTS_STRIP, MTA_DELETE);
             _redirect( ADMIN_PATH . '/manage-comics.php?deleted=success' );
-            ?>
  No newline at end of file
+            ?>

delete-page.php ¶ +1 -1

             if(!deletepage( $_REQUEST['page_name'] ))
             {
-            	adminlog("Error deleting page $_REQUEST[page_name]: ".mysql_error(), MTS_PAGE, MTA_DELETE, E_ERROR);
+            	adminlog("Error deleting page $_REQUEST[page_name]: ".mysqli_error(), MTS_PAGE, MTA_DELETE, E_ERROR);
             	mtdie('Error deleting the specified page.','SQL Error');
             }

delete-rant.php ¶ +2 -2

             if(!deleterant( $_REQUEST['rant_id'] ))
             {
-            	adminlog("Error deleting rant $_REQUEST[rant_id]: ".mysql_error(), MTS_RANT, MTA_DELETE, E_ERROR);
+            	adminlog("Error deleting rant $_REQUEST[rant_id]: ".mysqli_error(), MTS_RANT, MTA_DELETE, E_ERROR);
             	mtdie('Error deleting the specified rant.','SQL Error');
             }
             _redirect( ADMIN_PATH . '/manage-rants.php?deleted=success' );
-            ?>
  No newline at end of file
+            ?>

edit-comic.php ¶ +19 -20

             $strip = getstrip($strip->id);
             if( $_POST ) {
             	// Form Elements
             	$strip->new_id = (int)$_POST['strip_new_id'] ? (int)$_POST['strip_new_id'] : $strip->id;
             	$strip->published = empty($_POST['strip_date']) ? time() : strtotime( $_POST['strip_date'] );
             	$strip->transcript_posted = $_POST['content'];
             	$strip->book = trim($_POST['book']);
             	$strip->page = trim($_POST['page']);
             	if( '' == $strip->title ) mtdie('Strips must be supplied with titles.');
             	$YESTERDAY = mktime(0,0,0, date('m'), date('d')-1, date('Y'));
             				adminlog("Image upload failed.", MTS_STRIP, MTA_ADD, E_WARNING);
             				mtdie('If you want to upload a new comic, you must provide said comic.','Strip upload failed.');
             			}
             			// get image type and target extension
             			$imagedata = getimagesize($_FILES['comicFile']['tmp_name']);
             			$strip->media = $imagedata[2];
             			$fileext = $mtdb->getOne( 'SELECT extension FROM media_t WHERE id = ' . (int)$strip->media );
             			if(strlen($fileext) < 3)
             			{
             				//bad image upload type
             				adminlog("Bad image type upload on new strip. Invalid media type.", MTS_STRIP, MTA_ADD, E_ERROR);
             				mtdie('Bad image type upload on new strip. Invalid media type.');
             			}
             			// Insert new strip into the database, get a real $strip->id
             			if(!insertstrip( $strip ))
             			{
-            				adminlog("Error on insertion of new strip: ".mysql_error(), MTS_STRIP, MTA_ADD, E_ERROR);
+            				adminlog("Error on insertion of new strip: ".mysqli_error(), MTS_STRIP, MTA_ADD, E_ERROR);
-            				mtdie('Error on insertion of new strip: '.mysql_error(), 'SQL Error');
+            				mtdie('Error on insertion of new strip: '.mysqli_error(), 'SQL Error');
             			}
             			// Store the uploaded file to xxxx-0.ext
             			$basefile = $strip->published <= time() ?
             			            sprintf(SITE_PATH_ABS.'/'.SITE_STRIP.'/'.'%04d.%s', $strip->id, $fileext) :
             			$info.="<p>Comic posted!</p>";
             			break;
             		case 'edit_comic':
             			if( 0 >= $strip->new_id ) mtdie('Strip numbers must be numeric, greater than 0.');
             			if( 0 >= $strip->id ) mtdie('Existing strip number, in the form, was zero. This should never happen.');
             			// When updating, $strip->id is the old strip number. Update in place first. Possibly adjust strip number later.
             			check_nonce('save-strip-'.$strip->id);
             				$strip->media = $imagedata[2];
             			}
             			$fileext = $mtdb->getOne( 'SELECT extension FROM media_t WHERE id=' . (int)$strip->media );
             			if(strlen($fileext) < 3)
             			{
             				//bad image upload type
             				adminlog("Bad image type upload on strip ".$strip->id.". Invalid media type.", MTS_STRIP, MTA_UPDATE, E_ERROR);
             				mtdie('Bad image type upload on strip '.$strip->id.'. Invalid media type.');
             			}
             			// Update existing strip
             			if(!updatestrip( $strip ) )
             			{
             				adminlog("Failed to update strip ".$strip->id.".", MTS_STRIP, MTA_UPDATE);
-            				mtdie('Error updating strip: ' . mysql_error(), 'SQL Error');
+            				mtdie('Error updating strip: ' . mysqli_error(), 'SQL Error');
             			}
             			if( is_valid_upload('comicFile') ) {	// If uploading, store the uploaded file to xxxx-n.ext
             				$basefile = $strip->published <= time() ?
             					    sprintf(SITE_PATH_ABS.'/'.SITE_STRIP.'/'.'%04d.%s', $strip->id, $fileext) :
             					    sprintf(SITE_PATH_ABS.'/'.SITE_STRIP.'/restricted/'.'%04d.%s', $strip->id, $fileext);
             				if(!move_uploaded_file($_FILES['comicFile']['tmp_name'], $basefile))
             				{
             					adminlog("Filesystem error in saving image.", MTS_STRIP, MTA_UPDATE, E_ERROR);
             			if( $_POST['broadcast'] ) {
             				#Limit broadcast message to 60 characters. Compose it now.
             				$b_msg = 'Comic ' . $strip->id . ' updated: ' . substr(trim($_REQUEST['broadcast_message']), 0, 60) . ', ' . SITE_HOST . SITE_PATH . "/strip/" . $strip->id;
             				rsspost($b_msg, SITE_HOST.SITE_PATH.'/strip/'.$strip->id);
             				twitterpost($b_msg);
             				$info.="<p>Update broadcasted with message '$b_msg'.</p>";
             			$info.="<p>Changes saved. <a href=\"".SITE_HOST.SITE_PATH."/index.php?strip_id=".$strip->id."\">View on site</a>.";
             			break;
             		default:
             			adminlog("User did something strange.", MTS_STRIP, MTA_MODIFY);
             			mtdie('You know, it would be <em>really</em> nice if you avoided nonsensical actions.');
             	}
             	$info = savetranscript($strip) . $info;
             	# If the strip number changed, swap strips sequentially to shuffle it into place
             	if( $strip->id != $strip->new_id ) {
             		$f = fopen(SITE_PATH_ABS.'/'.SITE_STRIP.'/'.SITE_STRIP_LOCK, 'w');
             		flock($f, LOCK_EX);
             		while( $strip->new_id < $strip->id ) {	// Move this strip backward
             			swap_strips( $strip->id - 1, $strip->id );
             			$strip->id--;
             <?php
             adminfooter();
             ?>

edit-rant.php ¶ +22 -22

             	}
             	$action = isset($_POST['publish']) ? 'post' : 'edit';
             	if( isset( $_POST['publish'] ) ) $rant->status = 'published';	// If [publish] button is used, ignore radio button
             	$source_rantimage_filename = $_FILES['ranterImage']['tmp_name'];
             	extract( pre_upload_rant_image( $source_rantimage_filename ) );
             	if( $upload_error ) $error.=$upload_error;
             			$source_rantattachment_filename[] = $_FILES['rant_attachment']['tmp_name'][$i];
             		}
             	}
             	switch( $_POST['action'] ) {
             		case 'new_rant':
             			check_nonce('new-rant');
             			if( ! $doing_upload ) {
             				// Use default rant image for this contributor.
             				$contributor = get_userdatabyid( $rant->author );
             			} else {
             				$rant->imagetype = $upload_imagetype;
             			}
             			$rant->id = insertrant($rant);
             			if( $rant->id === false )
             			{
-            				adminlog("Error on rant insertion: ".mysql_error(), MTS_RANT, MTA_INSERT, E_ERROR);
+            				adminlog("Error on rant insertion: ".mysqli_error(), MTS_RANT, MTA_INSERT, E_ERROR);
             				mtdie('There was an error inserting the rant into the database.', 'SQL Error');
             			}
             				$upload_error = $upload_info = '';
             				extract( save_upload_rant_attachment($_FILES['rant_attachment']['tmp_name'][$i], $rant->id) );
             				if( $upload_error ) $error.=$upload_error;
             				if( $upload_info ) {
             					$info .= $upload_info;
             					$rant->body = preg_replace('/(href|src)=\"([^\"]*?)\\{'.($i+1).'\\}(.*?)\"/', '\1="'.get_rantattachment_filename($rant_attachment_id).'"', $rant->body);
             			if( $doing_upload ) {
             				extract( save_upload_rant_image( $source_rantimage_filename, $rant ) );
             				if( $upload_info ) $info.=$upload_info;
             				if( $upload_error ) $error.=$upload_error;
             			} elseif($rant->imagetype != 'NULL') {
             				extract( save_stock_rant_image( $source_rantimage_filename, $rant ) );
             				if( $upload_info ) $info.=$upload_info;
             				if( $upload_error ) $error.=$upload_error;
             			}
             			break;
             		case 'saverant':
             			check_nonce('save-rant-' . $rant->id);
             			if( isset( $_POST['rant_reverttodefaultimage'] ) ) {
             				// Use default rant image for this contributor, copy it into place
             				$contributor = get_userdatabyid( $rant->author );
             				if($rant->imagetype != 'NULL')
             					extract( save_stock_rant_image( $contributor->default_image, $rant ) );
             				adminlog("Reverting to user's default rant image for rant ".$rant->id.".", MTS_RANT, MTA_UPDATE);
             			} elseif( $doing_upload ) {
             				$rant->imagetype = $upload_imagetype;
             				extract( save_upload_rant_image( $source_rantimage_filename, $rant ) );
             				adminlog("Uploading new rant image for rant ".$rant->id.".", MTS_RANT, MTA_UPDATE);
             				if( $upload_info ) $info.=$upload_info;
             				if( $upload_error ) $error.=$upload_error;
             			}
             			foreach($_POST['delete_attachment'] as $attachment)
             			for($i = 0; $i < count($existing_attachments); $i++) {
             				$rant->body = preg_replace('/(href|src)=\"([^\"]*?)\\{'.($i+1).'\\}(.*?)\"/', '\1="'.get_rantattachment_filename($existing_attachments[$i]->id).'"', $rant->body);
             			}
             			for($j = $i; $j < count($source_rantattachment_filename) + $i; $j++) {
             				if('' == $source_rantattachment_filename[$j - $i]) continue;
             				$upload_error = $upload_info = '';
             				extract( save_upload_rant_attachment($_FILES['rant_attachment']['tmp_name'][$j - $i], $rant->id) );
             				if( $upload_error ) $error.=$upload_error;
             				if( $upload_info ) {
             					$info .= $upload_info;
             					$rant->body = preg_replace('/(href|src)=\"([^\"]*?)\\{'.($i+1).'\\}(.*?)\"/', '\1="'.get_rantattachment_filename($rant_attachment_id).'"', $rant->body);
             			}
             			updaterant($rant);
             			if($rant->status != 'draft' && $_POST['broadcast'] &&
             					($rant->published <= mktime(0,0,0, date('m'), date('d')-1, date('Y'))))
             			{
             </fieldset>
             <fieldset id="authordiv" class="dbx-box">
             <h3 class="dbx-handle">Author</h3>
             <div class="dbx-content"><select name="rant_author"><?php
             	$contrib = $mtdb->getAll('select id,name from contributor');
             	foreach( $contrib as $k=>$v ) {
             			echo 'Custom rant image is specified.';
             		}
             	?>
             	<p>Upload new rant image:<br/>
             		<input type="hidden" name="MAX_FILE_SIZE" value="10000000" />
             		<input name="ranterImage" type="file"/>
             	</p>
             	<p><input type="checkbox" name="rant_reverttodefaultimage" /> Revert to default rant image.</p>
             	</td><td>
             	<?php if ( false !== $rantimage_filename ): ?>
             		<p><img src="<?php echo SITE_HOST . '/' . SITE_PATH . '/' . $rantimage_filename; ?>" width="150" /></p>

fredart_parse.php ¶ +3 -3

             	for ($count = 0; $count < 5; $count++) {
             		$entry = $feed->getEntryByOffset($count);
-            		$link = mysql_real_escape_string($entry->link);
+            		$link = mysqli_real_escape_string($mtdb->link, $entry->link);
-            		$title = mysql_real_escape_string($entry->title);
+            		$title = mysqli_real_escape_string($mtdb->link, $entry->title);
             		$date = $entry->pubdate;
             		$mtdb->query("INSERT INTO fredart (pubdate, title, link)
             			VALUES (FROM_UNIXTIME($date), '$title', '$link')", false);
             	}
             	header('Content-Type: text/xml');
             	header('Content-Length: 440');
             ?>

include/html.php ¶ +7 -7

             	} else {
             		$curS = $curT = basename( $_SERVER["PHP_SELF"] );
             	}
             	foreach( $submenu as $l=>$L ) {
             		foreach( $L as $k=>$v ) {
             			if( $k == $curS ) {
             	}
             	$current_sub_menu = false;
             	?>
             	<div id="wphead">
             	<h1>Megatokyo Site Administration <span>(<a href="<?php echo SITE_HOST . SITE_PATH; ?>">View site &raquo;</a>)</span></h1>
             	</div>
             	<div id="user_info"><p>Howdy, <strong><?php getCurrentUser(); ?></strong>. [<a href="<?php echo ADMIN_PATH;
             		?>/login.php?action=logout" title="Log out of this account">Sign Out</a>] </p></div>
             	}
             	?>
             	<div class="clear"></div>
             	<?php
             	if( $_GET['deleted'] && $_GET['deleted'] == 'success' ) $info.='<p>Deleted successfully.</p>';
             	if( $info ) echo "<div class=\"updated fade\">$info</div>";
             	?>
             	<div class="wrap">
             	<?php
             }
             function adminfooter($copy = true) {
             			header('Content-Type: text/html; charset=utf-8');
             			if (eregi('^(sql)$', $errstr)) {
-            				$errstr = "SQL Error " . mysql_errno() . ': ' . mysql_error();
+            				$errstr = "SQL Error " . mysqli_errno() . ': ' . mysqli_error();
             			}
             			$message = "Error#$errno: $errstr";

include/twitter.php ¶ +1 -1

             function setOAuthTokens($userid,$oauth_token,$oauth_token_secret, $username) {
             	global $mtdb;
             	$id = (int)$userid;
-            	if( $mtdb->query( sprintf('UPDATE twitter_user SET oauth_token="%s", oauth_token_secret="%s", username="%s" WHERE id=%d', mysql_real_escape_string($oauth_token), mysql_real_escape_string($oauth_token_secret), mysql_real_escape_string($username), $id )) )
+            	if( $mtdb->query( sprintf('UPDATE twitter_user SET oauth_token="%s", oauth_token_secret="%s", username="%s" WHERE id=%d', mysqli_real_escape_string($mtdb->link, $oauth_token), mysqli_real_escape_string($mtdb->link, $oauth_token_secret), mysqli_real_escape_string($mtdb->link, $username), $id )) )
             		return true;
             	return false;
             }

manage-metatypes.php ¶ +11 -11

             	if(! $mtdb->query( 'DELETE FROM meta_t WHERE id=' . (int)$_GET['delete'] ) )
             	{
             		adminlog("Error on deleting metatype ".(int)$_GET['delete'], MTS_TYPE_META, MTA_DELETE, E_WARNING);
-            		mtdie("Error on update: ". htmlentities(mysql_error()));
+            		mtdie("Error on update: ". htmlentities(mysqli_error()));
             	}
             	$info.='<p>Deleted metatype successfully.<p>';
             	adminlog("Metatype ".(int)$_GET['delete']." deleted.", MTS_TYPE_META, MTA_DELETE);
             if( isset($_POST['action']) && $_POST['action'] == 'new_meta' ) {
             	check_nonce('new-metatype');
             	$name = trim($_POST['name']);
             	if( check_type_name( $name ) ) {
-            		if(! $mtdb->query( 'INSERT INTO meta_t(name) VALUES("'. mysql_real_escape_string($name) . '")' ) )
+            		if(! $mtdb->query( 'INSERT INTO meta_t(name) VALUES("'. mysqli_real_escape_string($mtdb->link, $name) . '")' ) )
             		{
             			adminlog("Error on inserting metatype ".(int)$_GET['delete'], MTS_TYPE_META, MTA_INSERT, E_WARNING);
-            			mtdie("Error on insertion: ". htmlentities(mysql_error()));
+            			mtdie("Error on insertion: ". htmlentities(mysqli_error()));
             		}
             	}
             	$info.='<p>New metatype created successfully.<p>';
             if( isset($_POST['action']) && $_POST['action'] == 'edit_meta' ) {
             	check_nonce('save-metatype-'.(int)$_POST['type_id']);
             	$name = trim($_POST['name']);
             	if( check_type_name( $name ) ) {
-            		if(! $mtdb->query( 'UPDATE meta_t SET name = "' . mysql_real_escape_string($name) . '" WHERE id=' . (int)$_POST['type_id']) )
+            		if(! $mtdb->query( 'UPDATE meta_t SET name = "' . mysqli_real_escape_string($mtdb->link, $name) . '" WHERE id=' . (int)$_POST['type_id']) )
             		{
             			adminlog("Error updating metatype ".(int)$_GET['delete'], MTS_TYPE_META, MTA_UPDATE, E_WARNING);
-            			mtdie("Error on update: ". htmlentities(mysql_error()));
+            			mtdie("Error on update: ". htmlentities(mysqli_error()));
             		}
             	}
             	$info.='<p>Changes to metatype saved successfully.<p>';
             	<td width="66%"><input name="name" type="text" id="name" value="" /></td>
             	</tr>
             	</table>
             	<p class="submit"><input type="submit" value="Create &raquo;" name="submit" /></p>
             </div>
             </form>
             <?php
             adminfooter();
-            ?>
  No newline at end of file
+            ?>

manage-statusbox.php ¶ +8 -8

             		return;
             	}
-            	$mtdb->query( 'INSERT INTO status (published,eta,percentage,text) VALUES( NOW(), FROM_UNIXTIME(' . (int)$eta . '), '. (int)$percent . ', "' . mysql_real_escape_string($text) . '")' );
+            	$mtdb->query( 'INSERT INTO status (published,eta,percentage,text) VALUES( NOW(), FROM_UNIXTIME(' . (int)$eta . '), '. (int)$percent . ', "' . mysqli_real_escape_string($mtdb->link, $text) . '")' );
             	$_POST['update_percentage']=$_POST['update_eta']=$_POST['update_text']='';
             	$info = '<p>Statusbox updated successfully.</p>';
             	<th scope="row">Status Description</th>
             	<td width="66%"><textarea name="update_text" row="6" cols="30" id="update_text"><?php echo htmlentities($_POST['update_text']); ?></textarea></td>
             	</tr>
             	<script type="text/javascript">
             	function PresetHandler( f ) {
             		var i = f.preset.selectedIndex;
             		var v = f.preset.options[i].value;
             		var parts = v.split("% - ");
             		if( parts[0] == undefined ) {
             			parts[0] = "";
             		}
             		if( parts[1] == undefined ) {
             			parts[1] = "";
             		}
             		f.update_percentage.value = parts[0];
             		f.update_text.value = parts[1];
             		return true;
             	}
             	document.write('<tr><th scope="row">Presets</th><td width="66%"><select name="preset" onchange="PresetHandler(this.form);"><option value="">-none-</option><?php
             		foreach( $presets as $p )
             			echo '<option value="' . addslashes(htmlentities($p->p)) . '">' . addslashes(htmlentities($p->p)) . '</option>';
             	?></select></td></tr>');
             	</script>
             	</table>

manage-twitter-presets.php ¶ +2 -2

             		if(0 == $id && !empty($msg)) {
             			// Add a new preset
-            			$mtdb->query( sprintf('INSERT INTO twitter_status (position, message) VALUES (%d, "%s")', $position, mysql_real_escape_string($msg)) );
+            			$mtdb->query( sprintf('INSERT INTO twitter_status (position, message) VALUES (%d, "%s")', $position, mysqli_real_escape_string($mtdb->link, $msg)) );
             			adminlog("Added new preset: $msg", MTS_TWITTER, MTA_ADD);
             		} elseif(empty($msg)) {
             			// Delete an existing preset
             			adminlog("Removed preset: $id", MTS_TWITTER, MTA_ADD);
             		} else {
             			// Modify an existing preset
-            			$mtdb->query( sprintf('UPDATE twitter_status SET position = %d, message = "%s" WHERE id = %d', $position, mysql_real_escape_string($msg), $id) );
+            			$mtdb->query( sprintf('UPDATE twitter_status SET position = %d, message = "%s" WHERE id = %d', $position, mysqli_real_escape_string($mtdb->link, $msg), $id) );
             		}
             	}
             }

manage-twitter-users.php ¶ +19 -19

             if( isset($_POST['action']) && $_POST['action'] == 'new' ) {
             	check_nonce('new-twitter-user');
-            	if(! $mtdb->query( sprintf('INSERT INTO twitter_user(username) VALUES("%s")', mysql_real_escape_string( md5( microtime() )) ) ) ) {
+            	if(! $mtdb->query( sprintf('INSERT INTO twitter_user(username) VALUES("%s")', mysqli_real_escape_string( $mtdb->link, md5( microtime() )) ) ) ) {
             		adminlog("Error on insertion of new twitter user.", MTS_TWITTER, MTA_INSERT, E_WARNING);
-            		mtdie("Error on insertion of new twitter user: ". htmlentities(mysql_error()), 'SQL Error');
+            		mtdie("Error on insertion of new twitter user: ". htmlentities(mysqli_error()), 'SQL Error');
             	} else {
             		//$name = sanitize_username($_POST['name']);
-            		$id = mysql_insert_id();
+            		$id = mysqli_insert_id();
             		$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET);
             		$request_token = $connection->getRequestToken(OAUTH_CALLBACK . "&id=$id");
             		if ($connection->http_code !== 200 ) {
             			adminlog("Twitter getRequestToken failed. HTTP code: $connection->http_code", MTS_TWITTER, MTA_MODIFY);
             			mtdie("Could not connect to twitter.com.");
             		}
             		echo $id . '<br/>';
             		setOAuthTokens( $id, $request_token['oauth_token'], $request_token['oauth_token_secret'], md5(microtime()) );
             		adminlog("New twitter user created successfully.", MTS_TWITTER, MTA_ADD);
             		$url = $connection->getAuthorizeURL($request_token['oauth_token']);
             		//echo $url;
             		_redirect($url);
             		exit();
             	}
             }
             	# twitter userID = ID
             	$id = (int)$_REQUEST['id'];
             	$row = $mtdb->getRow( sprintf('SELECT id, username, oauth_token, oauth_token_secret, oauth_access_token FROM twitter_user WHERE id=%d LIMIT 1', $id));
             	# Compare token in database with token from twitter. If they differ, bail.
             	if( $row->oauth_token != $_REQUEST['oauth_token'] ) {
             		# token is old, drop from database
             	} else {
             		# token is good, save the new Access Token to the database
             		$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $row->oauth_token, $row->oauth_token_secret);
             		$access_token = $connection->getAccessToken($_REQUEST['oauth_verifier']);
             		if (200 == $connection->http_code) {
             			# successful
             			$info.='<p>Successfully obtained OAuth Access Token.</p>';
             			adminlog("Successfully received OAuth Access Tokens for twitter user.", MTS_TWITTER, MTA_MODIFY, E_WARNING);
             			//print_r($content);
             		} else {
             			# fail
             			if( !$mtdb->query("DELETE FROM twitter_user WHERE id = '$id'") ) {
             			$info.='<p>Failed to get OAuth Access Token for ' . $username . '.</p>';
             			adminlog("Failed to get OAuth Access Tokens for twitter user.", MTS_TWITTER, MTA_MODIFY, E_ERROR);
             		}
             	}
             }
             	$alternate=false;
             	foreach( $twitter_users as $s ) {
             		$alternate=!$alternate;
             		?>
             		<tr id="twitteruser-<?php echo $s->id; ?>" <?php if($alternate) echo 'class="alternate"'; ?>>
             		 <th scope="row" style="text-align: center;"><?php echo $s->id; ?></th>
             		 <td><?php echo htmlentities($s->username); ?></td>
             		 <td><?php echo htmlentities($s->oauth_token); ?></td>
             		 <td><?php echo htmlentities($s->oauth_token_secret); ?></td>
             		 <td><?php
             			$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $s->oauth_token, $s->oauth_token_secret);
             			$content = $connection->get('account/verify_credentials');
             			if( isset($content->profile_image_url)) {

manage-types.php ¶ +23 -23

             	if(! $mtdb->query( 'DELETE FROM strip_t WHERE id=' . (int)$_GET['delete'] ) )
             	{
             		adminlog("Error deleting type ".(int)$_GET['delete'], MTS_TYPE, MTA_DELETE, E_WARNING);
-            		mtdie("Error on deletion of existing type: " . htmlentities(mysql_error()), 'SQL Error');
+            		mtdie("Error on deletion of existing type: " . htmlentities(mysqli_error()), 'SQL Error');
             	}
             	if(! $mtdb->query( 'DELETE FROM meta WHERE type=' . (int)$_GET['delete'] ) )
             	{
             		adminlog("Error on deletion of type ".(int)$_GET['delete']."'s metadata.", MTS_TYPE, MTA_DELETE, E_WARNING);
-            		mtdie("Error on deletion of existing type's metadata: " . htmlentities(mysql_error()), 'SQL Error');
+            		mtdie("Error on deletion of existing type's metadata: " . htmlentities(mysqli_error()), 'SQL Error');
             	}
             	$info.='<p>Deleted type successfully.<p>';
             	adminlog("Deleted type ".(int)$_GET['delete'], MTS_TYPE, MTA_DELETE);
             if( isset($_POST['action']) && $_POST['action'] == 'new_type' ) {
             	check_nonce('new-type');
             	$name = trim($_POST['name']);
             	$desc = trim($_POST['description']);
             	if( check_type_name($name) ) {
-            		if(! $mtdb->query( sprintf( 'INSERT INTO strip_t(name, description) VALUES("%s", "%s")', mysql_real_escape_string($name), mysql_real_escape_string($desc)) ) )
+            		if(! $mtdb->query( sprintf( 'INSERT INTO strip_t(name, description) VALUES("%s", "%s")', mysqli_real_escape_string($mtdb->link, $name), mysqli_real_escape_string($mtdb->link, $desc)) ) )
             		{
             			adminlog("Error on insertion of new type.", MTS_TYPE, MTA_INSERT, E_WARNING);
-            			mtdie("Error on insertion of new type: ". htmlentities(mysql_error()), 'SQL Error');
+            			mtdie("Error on insertion of new type: ". htmlentities(mysqli_error()), 'SQL Error');
             		}
             	}
             	$info.='<p>New type created successfully.<p>';
             }
             if( isset($_POST['action']) && $_POST['action'] == 'edit_type' ) {
             	$id = (int)$_POST['type_id'];
             	check_nonce("save-type-$id");
             	$name = trim($_POST['name']);
             	$desc = trim($_POST['description']);
             	$meta = $_POST['meta'];
             	$m_delete = $mtdb->getAll("SELECT meta FROM meta WHERE type = $id");
             	$m_insert = array();
             	// Key listed in both Insert and Delete lists, so remove from both == Do Nothing
             	foreach( $m_delete as $k=>$v ) {
             		if( array_key_exists( $v->meta, $meta ) ) {
             			unset($m_delete[$k]);
             			unset($meta[$v->meta]);
             		} else {
             			$m_delete[$k] = 'meta=' . (int)$v->meta;
+            		}
             	}
             	// Key listed only in Insert list, make proper format
             	}
             	if( check_type_name( $name ) ) {
-            		if( !$mtdb->query( sprintf( 'UPDATE strip_t SET name = "%s", description = "%s" WHERE id = %s', mysql_real_escape_string($name), mysql_real_escape_string($desc), $id)) )
+            		if( !$mtdb->query( sprintf( 'UPDATE strip_t SET name = "%s", description = "%s" WHERE id = %s', mysqli_real_escape_string($mtdb->link, $name), mysqli_real_escape_string($mtdb->link, $desc), $id)) )
             		{
             			adminlog("Error on updating type ".$id, MTS_TYPE, MTA_UPDATE, E_WARNING);
-            			mtdie("Error on update of existing type: ". htmlentities(mysql_error()), 'SQL Error');
+            			mtdie("Error on update of existing type: ". htmlentities(mysqli_error()), 'SQL Error');
             		}
             		$sql_insert = "INSERT INTO meta (type,meta) VALUES " . implode(',',$m_insert);
             		$sql_delete = "DELETE FROM meta WHERE type=$id AND ( " . implode(' OR ',$m_delete) . ' )';
             		$mtdb->query('START TRANSACTION');
             		if( count($m_insert) )
             			if(! $mtdb->query( $sql_insert ) )
             			{
             				adminlog("Error deleting old metatype association data for type ".$id, MTS_TYPE, MTA_REMOVE, E_WARNING);
             				mtdie("There was an error deleting old metatype data. Transaction aborted. $sql_delete");
             			}
             		$mtdb->query('COMMIT');
             	} else {
             		$error.='<p>Invalid type name!</p>';
             	}
             	$alternate=false;
             	foreach( $types as $s ) {
             		$alternate=!$alternate;
             		$metas = $mtdb->getAll("SELECT meta_t.name AS name FROM strip_t
             			JOIN meta ON meta.type = strip_t.id JOIN meta_t ON meta.meta = meta_t.id
             			WHERE strip_t.id = $s->id");
             		$meta = implode(', ',  array_map('_getMetaNameFromObject', $metas) );
             		?>
             		<tr id="comic-<?php echo $s->id; ?>" <?php if($alternate) echo 'class="alternate"'; ?>>
             		 <th scope="row" style="text-align: center;"><?php echo $s->id; ?></th>
             	<td width="66%"><input name="description" type="text" id="description" value="" /></td>
             	</tr>
             	</table>
             	<p class="submit"><input type="submit" value="Create &raquo;" name="submit" /></p>
             </div>
             </form>

post-scratchpad.php ¶ +1 -1

             check_nonce('new-scratchpad');
-            $mtdb->query( sprintf( 'INSERT INTO scratchpad (contributor, message) VALUES (%d, "%s")', (int)$currentuser->id, mysql_real_escape_string($_REQUEST['message'])) );
+            $mtdb->query( sprintf( 'INSERT INTO scratchpad (contributor, message) VALUES (%d, "%s")', (int)$currentuser->id, mysqli_real_escape_string($mtdb->link, $_REQUEST['message'])) );
             adminlog("User posted to scratchpad.", MTS_SCRATCH, MTA_INSERT);
             _redirect( ADMIN_PATH . '/index.php' );

post-twitter.php ¶ +5 -5

             if('post_twitter' == $_REQUEST['action'])
             {
             	check_nonce('new-twitter');
             	$postmessage = '';
             	if(!empty($_REQUEST['stdmessage']) ) $postmessage = trim($_REQUEST['stdmessage']);
             	if( strlen($_REQUEST['message']) ) $postmessage = trim($_REQUEST['message']);
             	if('' == $postmessage) _redirect( ADMIN_PATH . '/post-twitter.php?tweet=missing');
             	$username = sanitize_username($_REQUEST['twitter_user']);
-            	$postasuser = $mtdb->getOne( sprintf('SELECT username FROM twitter_user WHERE username="%s"', mysql_real_escape_string($username)));
+            	$postasuser = $mtdb->getOne( sprintf('SELECT username FROM twitter_user WHERE username="%s"', mysqli_real_escape_string($mtdb->link, $username)));
             	if( in_array('twitter', $_REQUEST['service']) )
             		$rc = twitterpost( numeric_entities(utfentities($postmessage)), $postasuser );
             	if( in_array('rss', $_REQUEST['service']) )
             		$rc = rsspost( numeric_entities(utfentities($postmessage)), SITE_HOST.SITE_PATH );
             	if($rc) _redirect( ADMIN_PATH . '/post-twitter.php?tweet=success');
             	_redirect( ADMIN_PATH . '/post-twitter.php?tweet=fail');
             if( isset($_REQUEST['tweet']) && 'missing' == $_REQUEST['tweet'] )
             	$error.='Oops~  Looks like you forgot to enter a message.';
             $statuses = $mtdb->getAll('SELECT id, position, message FROM twitter_status ORDER BY position, id');
             $twitter_users = $mtdb->getAll('SELECT id, username, oauth_token, oauth_token_secret, oauth_access_token FROM twitter_user ORDER BY username');
             		var charactersremaining = document.getElementById('charactersremaining');
             		charactersremaining.innerHTML = 140 - status.value.length
             	}
             -->
             </script>
             <?php /*?>

twitter-scheduled.php ¶ +2 -2

             		adminlog("Error $ret_code posting scheduled tweet ".$t->id . ' with return value ' . $ret, MTS_TWITTER, MTA_ADD);
             		$t->status = 'error';
             	}
             	//	Unlock tweet, update db.
-            	$mtdb->query("UPDATE twitter_post SET status = '".mysql_real_escape_string($t->status)."' WHERE status = 'locked' AND id = ".(int)$t->id, false);
+            	$mtdb->query("UPDATE twitter_post SET status = '".mysqli_real_escape_string($mtdb->link, $t->status)."' WHERE status = 'locked' AND id = ".(int)$t->id, false);
             }

user-edit.php ¶ +14 -14

             		$username = sanitize_username( $_POST['user_login'] );
             		if( $username != $_POST['user_login'] || strlen($_POST['user_login']) < 1 )
             			mtdie( 'The specified username is not valid. Must be composed of a-z _ - @ .', 'Invalid Username' );
             		copy(RANTIMG.'default', RANTIMG.$username.'.png');
-            		$mtdb->query( 'INSERT INTO contributor (name, default_image) VALUES ("' . mysql_real_escape_string($username) . '", "'.$username.'.png")' );
+            		$mtdb->query( 'INSERT INTO contributor (name, default_image) VALUES ("' . mysqli_real_escape_string($mtdb->link, $username) . '", "'.$username.'.png")' );
             		$user = get_userdatabylogin( $username );
             		$userid = $user->id;
             		$info.='<p>User Account Created</p>';
             		$userid = (int) $_POST['edit'];
             		$user_old = $user = get_userdatabyid( $userid );
             	}
             	$user->nameplate = $_POST['nickname'];
             	$user->default_image = $user_old->default_image;
             	$user->default_link = $_POST['rant-link'];
             	$user->email = $_POST['email'];
             	if( !empty($_POST['password_new1']) && !empty($_POST['password_new2']) ) {
             		if( $_POST['password_new1'] !== $_POST['password_new2'] ) {
             			$error.='<p>New passwords do not match.</p>';
             		} else {
             			/* password change */
-            			if( ! $mtdb->getOne( 'SELECT id FROM contributor WHERE id = "' . (int)$user->id . '" AND (password = SHA1("' . mysql_real_escape_string($_POST['password_old']) . '") OR password = "")' )) {
+            			if( ! $mtdb->getOne( 'SELECT id FROM contributor WHERE id = "' . (int)$user->id . '" AND (password = SHA1("' . mysqli_real_escape_string($mtdb->link, $_POST['password_old']) . '") OR password = "")' )) {
             				$error.='<p>Specified password is incorrect.</p>';
             			} else {
             				/* Password match */
             	function handle_upload( &$user ) {
             		global $info,$error;
             		if( !$_FILES['rant_image'] ) return;
             		if( '' == $_FILES['rant_image']['name'] ) return;
             		if( UPLOAD_ERR_NO_FILE == $_FILES['rant_image']['error'] ) return;
             		if( 0 == $_FILES['rant_image']['size'] ) return;
             		$info.='<p>Tried to upload an image.</p>';
             		// Uploading new rant image
             		$imagedata = getimagesize($_FILES['rant_image']['tmp_name']);
             			$error.='<p>Image wrong height: '.$imagedata[1].'</p>';
             			return;
             		}
             		switch( $_FILES['rant_image']['type'] ) {
             			case 'image/jpeg':
             			case 'image/jpg':	$ext = 'jpg'; break;
             				$error.='<p>Unknown image extension. Upload refused.</p>';
             				return;
             		}
             		$destination_path = $user->name.'.'.$ext;
             		if( !is_uploaded_file( $_FILES['rant_image']['tmp_name'] )) {
             			$error.='<p>Something went wrong while retrieving the uploaded image.</p>';
             } else {
             	$userid = (int) $_GET['edit'];
             	$user = get_userdatabyid( $userid );
+            }
             if( !$user ) $error.='<p>The specified user does not exist.</p>';
             adminhead('Edit User Profile');

users.php ¶ +2 -2

             <h2>Create New Contributor</h2>
             <div class="narrow">
-            	<table class="editform" width="100% cellspacing="2" cellpadding="5">
+            	<table class="editform" width="100%" cellspacing="2" cellpadding="5">
             	<tr>
             	<th scope="row" width="33%">Username</th>
             	<td width="66%"><input name="user_login" type="text" id="user_login" value="" /></th>
             	</tr>
             	</table>
             	<p class="submit"><input type="submit" value="Create &raquo;" name="submit" /></p>
             </div>
             </form>

Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings