leftypol
/
leftypol
4
5
Fork 2
Code Issues 51 Pull Requests 1 Projects Releases Wiki Activity
Browse Source

Use PDO for databases

pull/40/head
Savetheinternet 14 years ago
parent
139514402d
commit
574256a01a
7 changed files with 208 additions and 201 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 14
      inc/config.php
  2. 39
      inc/database.php
  3. 263
      inc/functions.php
  4. 21
      inc/instance-config.php
  5. 37
      inc/mod.php
  6. 20
      mod.php
  7. 15
      post.php

14
inc/config.php
View File

@ -10,10 +10,16 @@
*/ */
// Database stuff // Database stuff
define('MY_SERVER', 'localhost', true);
define('MY_USER', '', true); // "mysql", "mysqli", "pgsql", "mssql"
define('MY_PASSWORD', '', true); define('DB_TYPE', 'mysql', true);
define('MY_DATABASE', '', true); // Hostname or IP address
define('DB_SERVER', 'localhost', true);
// Login
define('DB_USER', '', true);
define('DB_PASSWORD', '', true);
// TinyBoard database
define('DB_DATABASE', '', true);
// The name of the session cookie (PHP's $_SESSION) // The name of the session cookie (PHP's $_SESSION)
define('SESS_COOKIE', 'imgboard', true); define('SESS_COOKIE', 'imgboard', true);

39
inc/database.php
View File

@ -0,0 +1,39 @@
<?php
function sql_open() {
global $pdo;
if($pdo) return true;
try {
return $pdo = new PDO(DB_TYPE . ':host=' . DB_SERVER . ';dbname=' . DB_DATABASE, DB_USER, DB_PASSWORD);
} catch(PDOException $e) {
error('Database error.');
}
}
function sql_close() {
global $pdo;
$pdo = NULL;
}
function prepare($query) {
global $pdo;
return $pdo->prepare($query);
}
function query($query) {
global $pdo;
return $pdo->query($query);
}
function db_error($PDOStatement=null) {
global $pdo;
if(isset($PDOStatement)) {
$err = $PDOStatement->errorInfo();
return $err[2];
} else {
$err = $pdo->errorInfo();
return $err[2];
}
}
?>

263
inc/functions.php
View File

@ -7,22 +7,6 @@
return str_replace(array_keys($replaces), return str_replace(array_keys($replaces),
array_values($replaces), $str); array_values($replaces), $str);
} }
function sql_open() {
global $sql;
$sql = @mysql_connect(MY_SERVER, MY_USER, MY_PASSWORD) or error('Database error.');
@mysql_select_db(MY_DATABASE, $sql) or error('Database error.');
}
function sql_close() {
global $sql;
@mysql_close($sql);
}
function mysql_safe_array(&$array) {
foreach($array as &$item) {
$item = mysql_real_escape_string($item);
}
}
function setupBoard($array) { function setupBoard($array) {
global $board; global $board;
@ -45,94 +29,91 @@
function openBoard($uri) { function openBoard($uri) {
global $sql; global $sql;
sql_open(); sql_open();
$boards_res = mysql_query(sprintf(
"SELECT * FROM `boards` WHERE `uri` = '%s' LIMIT 1",
mysql_real_escape_string($uri)
), $sql) or error(mysql_error($sql));
if($_board = mysql_fetch_array($boards_res)) { $query = prepare("SELECT * FROM `boards` WHERE `uri` = :uri LIMIT 1");
setupBoard($_board); $query->bindValue(':uri', $uri);
$query->execute() or error(db_error($query));
if($board = $query->fetch()) {
setupBoard($board);
return true; return true;
} else return false; } else return false;
} }
function listBoards() { function listBoards() {
global $sql; $query = query("SELECT * FROM `boards`") or error(db_error());
sql_open(); $boards = $query->fetchAll();
$boards_res = mysql_query("SELECT * FROM `boards`", $sql) or error(mysql_error($sql));
$boards = Array();
while($_board = mysql_fetch_array($boards_res)) {
$boards[] = $_board;
}
return $boards; return $boards;
} }
function threadExists($id) { function threadExists($id) {
global $sql, $board; global $board;
$thread_res = mysql_query(sprintf(
"SELECT 1 FROM `posts_%s` WHERE `id` = '%d' AND `thread` IS NULL LIMIT 1",
mysql_real_escape_string($board['uri']),
$id
), $sql) or error(mysql_error($sql));
if(mysql_num_rows($thread_res) > 0) { $query = prepare(sprintf("SELECT 1 FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri']));
$query->bindParam(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error());
if($query->rowCount()) {
return true; return true;
} else return false; } else return false;
} }
function post($post, $OP) { function post($post, $OP) {
global $sql, $board; global $pdo, $board;
$query = prepare(sprintf("INSERT INTO `posts_%s` VALUES ( NULL, :thread, :subject, :email, :name, :trip, :body, :time, :time, :thumb, :thumbwidth, :thumbheight, :file, :width, :height, :filesize, :filename, :filehash, :password, :ip, :sticky)", $board['uri']));
// Basic stuff
$query->bindValue(':subject', $post['subject']);
$query->bindValue(':email', $post['email']);
$query->bindValue(':name', $post['name']);
$query->bindValue(':trip', $post['trip']);
$query->bindValue(':body', $post['body']);
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->bindValue(':password', $post['password']);
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':sticky', 0, PDO::PARAM_INT);
if($OP) { if($OP) {
mysql_query( // No parent thread, image
sprintf("INSERT INTO `posts_%s` VALUES ( NULL, NULL, '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s', '0')", $query->bindValue(':thread', null, PDO::PARAM_NULL);
mysql_real_escape_string($board['uri']),
$post['subject'],
$post['email'],
$post['name'],
$post['trip'],
$post['body'],
time(),
time(),
$post['thumb'],
$post['thumbwidth'],
$post['thumbheight'],
$post['file'],
$post['width'],
$post['height'],
$post['filesize'],
$post['filename'],
$post['filehash'],
$post['password'],
mysql_real_escape_string($_SERVER['REMOTE_ADDR'])
), $sql) or error(mysql_error($sql));
return mysql_insert_id($sql);
} else { } else {
mysql_query( $query->bindValue(':thread', $post['thread'], PDO::PARAM_INT);
sprintf("INSERT INTO `posts_%s` VALUES ( NULL, '%d', '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s', '0')",
mysql_real_escape_string($board['uri']),
$post['thread'],
$post['subject'],
$post['email'],
$post['name'],
$post['trip'],
$post['body'],
time(),
time(),
$post['has_file']?$post['thumb']:null,
$post['has_file']?$post['thumbwidth']:null,
$post['has_file']?$post['thumbheight']:null,
$post['has_file']?$post['file']:null,
$post['has_file']?$post['width']:null,
$post['has_file']?$post['height']:null,
$post['has_file']?$post['filesize']:null,
$post['has_file']?$post['filename']:null,
$post['has_file']?$post['filehash']:null,
$post['password'],
mysql_real_escape_string($_SERVER['REMOTE_ADDR'])
), $sql) or error(mysql_error($sql));
return mysql_insert_id($sql);
} }
if($post['has_file']) {
$query->bindValue(':thumb', $post['thumb']);
$query->bindValue(':thumbwidth', $post['thumbwidth'], PDO::PARAM_INT);
$query->bindValue(':thumbheight', $post['thumbheight'], PDO::PARAM_INT);
$query->bindValue(':file', $post['file']);
$query->bindValue(':width', $post['width'], PDO::PARAM_INT);
$query->bindValue(':height', $post['height'], PDO::PARAM_INT);
$query->bindValue(':filesize', $post['filesize'], PDO::PARAM_INT);
$query->bindValue(':filename', $post['filesize']);
$query->bindValue(':filehash', $post['filesize']);
} else {
$query->bindValue(':thumb', null, PDO::PARAM_NULL);
$query->bindValue(':thumbwidth', null, PDO::PARAM_NULL);
$query->bindValue(':thumbheight', null, PDO::PARAM_NULL);
$query->bindValue(':file', null, PDO::PARAM_NULL);
$query->bindValue(':width', null, PDO::PARAM_NULL);
$query->bindValue(':height', null, PDO::PARAM_NULL);
$query->bindValue(':filesize', null, PDO::PARAM_NULL);
$query->bindValue(':filename', null, PDO::PARAM_NULL);
$query->bindValue(':filehash', null, PDO::PARAM_NULL);
}
$query->execute() or error(db_error($query));
return $pdo->lastInsertId();
}
function bumpThread($id) {
global $board;
$query = prepare(sprintf("UPDATE `posts_%s` SET `bump` = :time WHERE `id` = :id AND `thread` IS NULL", $board['uri']));
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
} }
function index($page, $mod=false) { function index($page, $mod=false) {
@ -142,57 +123,52 @@
$offset = round($page*THREADS_PER_PAGE-THREADS_PER_PAGE); $offset = round($page*THREADS_PER_PAGE-THREADS_PER_PAGE);
sql_open(); sql_open();
$query = mysql_query(sprintf(
"SELECT * FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT %d,%d", $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT ?,?", $board['uri']));
mysql_real_escape_string($board['uri']), $query->bindValue(1, $offset, PDO::PARAM_INT);
$offset, $query->bindValue(2, THREADS_PER_PAGE, PDO::PARAM_INT);
THREADS_PER_PAGE $query->execute() or error(db_error($query));
), $sql) or error(mysql_error($sql));
if($query->rowcount() < 1 && $page > 1) return false;
if(mysql_num_rows($query) < 1 && $page > 1) return false; while($th = $query->fetch()) {
while($th = mysql_fetch_array($query)) {
$thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $th['sticky'], $mod ? '?/' : ROOT); $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $th['sticky'], $mod ? '?/' : ROOT);
$newposts = mysql_query(sprintf( $posts = prepare(sprintf("SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = ? ORDER BY `time` DESC LIMIT ?", $board['uri']));
"SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = '%s' ORDER BY `time` DESC LIMIT %d", $posts->bindValue(1, $th['id']);
mysql_real_escape_string($board['uri']), $posts->bindValue(2, THREADS_PREVIEW, PDO::PARAM_INT);
$th['id'], $posts->execute() or error(db_error($posts));
THREADS_PREVIEW
), $sql) or error(mysql_error($sql)); if($posts->rowCount() == THREADS_PREVIEW) {
if(mysql_num_rows($newposts) == THREADS_PREVIEW) { $count = prepare(sprintf("SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` = ?", $board['uri']));
$count_query = mysql_query(sprintf( $count->bindValue(1, $th['id']);
"SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` = '%s'", $count->execute() or error(db_error($count));
mysql_real_escape_string($board['uri']),
$th['id'] $count = $count->fetch();
), $sql) or error(mysql_error($sql));
$count = mysql_fetch_array($count_query);
$omitted = $count['num'] - THREADS_PREVIEW; $omitted = $count['num'] - THREADS_PREVIEW;
$thread->omitted = $omitted; $thread->omitted = $omitted;
mysql_free_result($count_query);
unset($count); unset($count);
unset($omitted); unset($omitted);
} }
while($po = mysql_fetch_array($newposts)) {
while($po = $posts->fetch()) {
$thread->add(new Post($po['id'], $th['id'], $po['subject'], $po['email'], $po['name'], $po['trip'], $po['body'], $po['time'], $po['thumb'], $po['thumbwidth'], $po['thumbheight'], $po['file'], $po['filewidth'], $po['fileheight'], $po['filesize'], $po['filename'], $po['ip'], $mod ? '?/' : ROOT)); $thread->add(new Post($po['id'], $th['id'], $po['subject'], $po['email'], $po['name'], $po['trip'], $po['body'], $po['time'], $po['thumb'], $po['thumbwidth'], $po['thumbheight'], $po['file'], $po['filewidth'], $po['fileheight'], $po['filesize'], $po['filename'], $po['ip'], $mod ? '?/' : ROOT));
} }
mysql_free_result($newposts);
$thread->posts = array_reverse($thread->posts); $thread->posts = array_reverse($thread->posts);
$body .= $thread->build(true); $body .= $thread->build(true);
} }
mysql_free_result($query);
return Array('button'=>BUTTON_NEWTOPIC, 'board'=>$board, 'body'=>$body, 'post_url' => POST_URL, 'index' => ROOT); return Array('button'=>BUTTON_NEWTOPIC, 'board'=>$board, 'body'=>$body, 'post_url' => POST_URL, 'index' => ROOT);
} }
function getPages($mod=false) { function getPages($mod=false) {
global $sql, $board; global $sql, $board;
$res = mysql_query(sprintf( // Count threads
"SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` IS NULL", $query = query(sprintf("SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error());
mysql_real_escape_string($board['uri'])
), $sql) or error(mysql_error($sql)); $count = current($query->fetch());
$arr = mysql_fetch_array($res); $count = floor((THREADS_PER_PAGE + $count - 1) / THREADS_PER_PAGE);
$count = floor((THREADS_PER_PAGE + $arr['num'] - 1) / THREADS_PER_PAGE);
$pages = Array(); $pages = Array();
for($x=0;$x<$count && $x<MAX_PAGES;$x++) { for($x=0;$x<$count && $x<MAX_PAGES;$x++) {
@ -256,18 +232,15 @@
strlen($cites[1][$index]), strlen($cites[1][$index]),
strlen($cites[3][$index]), strlen($cites[3][$index]),
); );
$query = prepare(sprintf("SELECT `thread`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri']));
$result = mysql_query(sprintf( $query->bindValue(':id', $cite);
"SELECT `thread`,`id` FROM `posts_%s` WHERE `id` = '%d' LIMIT 1", $query->execute() or error(db_error($query));
mysql_real_escape_string($board['uri']),
$cite if($post = $query->fetch()) {
), $sql) or error(mysql_error($sql));
if($post = mysql_fetch_array($result)) {
$replacement = '<a onclick="highlightReply(\''.$cite.'\');" href="' . ROOT . $board['dir'] . DIR_RES . ($post['thread']?$post['thread']:$post['id']) . '.html#' . $cite . '">&gt;&gt;' . $cite . '</a>'; $replacement = '<a onclick="highlightReply(\''.$cite.'\');" href="' . ROOT . $board['dir'] . DIR_RES . ($post['thread']?$post['thread']:$post['id']) . '.html#' . $cite . '">&gt;&gt;' . $cite . '</a>';
} else { } else {
$replacement = "&gt;&gt;{$cite}"; $replacement = "&gt;&gt;{$cite}";
} }
mysql_free_result($result);
// Find the position of the cite // Find the position of the cite
$position = strpos($body, $cites[0][$index]); $position = strpos($body, $cites[0][$index]);
@ -337,39 +310,39 @@
} }
function buildThread($id, $return=false, $mod=false) { function buildThread($id, $return=false, $mod=false) {
global $sql, $board; global $board;
$id = round($id); $id = round($id);
$query = mysql_query(sprintf( $query = prepare(sprintf("SELECT `id`,`thread`,`subject`,`name`,`email`,`trip`,`body`,`time`,`thumb`,`thumbwidth`,`thumbheight`,`file`,`filewidth`,`fileheight`,`filesize`,`filename`,`ip`,`sticky` FROM `posts_%s` WHERE (`thread` IS NULL AND `id` = :id) OR `thread` = :id ORDER BY `thread`,`time`", $board['uri']));
"SELECT `id`,`thread`,`subject`,`name`,`email`,`trip`,`body`,`time`,`thumb`,`thumbwidth`,`thumbheight`,`file`,`filewidth`,`fileheight`,`filesize`,`filename`,`ip`,`sticky` FROM `posts_%s` WHERE (`thread` IS NULL AND `id` = '%d') OR `thread` = '%d' ORDER BY `thread`,`time`", $query->bindValue(':id', $id, PDO::PARAM_INT);
mysql_real_escape_string($board['uri']), $query->execute() or error(db_error($query));
$id,
$id while($post = $query->fetch()) {
), $sql) or error(mysql_error($sql));
while($post = mysql_fetch_array($query)) {
if(!isset($thread)) { if(!isset($thread)) {
$thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $mod ? '?/' : ROOT); $thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $mod ? '?/' : ROOT);
} else { } else {
$thread->add(new Post($post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : ROOT)); $thread->add(new Post($post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : ROOT));
} }
} }
$body = Element('thread.html', Array(
'button'=>BUTTON_REPLY, // Check if any posts were found
'board'=>$board, if(!isset($thread)) error(ERROR_NONEXISTANT);
'body'=>$thread->build(),
'post_url' => POST_URL, $body = Element('thread.html', Array(
'index' => ROOT, 'button'=>BUTTON_REPLY,
'id' => $id, 'board'=>$board,
'mod' => $mod, 'body'=>$thread->build(),
'return' => ($mod ? '?' . $board['url'] . FILE_INDEX : ROOT . $board['uri'] . '/' . FILE_INDEX) 'post_url' => POST_URL,
)); 'index' => ROOT,
'id' => $id,
'mod' => $mod,
'return' => ($mod ? '?' . $board['url'] . FILE_INDEX : ROOT . $board['uri'] . '/' . FILE_INDEX)
));
if($return) if($return)
return $body; return $body;
else else
@file_put_contents($board['dir'] . DIR_RES . sprintf(FILE_PAGE, $id), $body) or error("Couldn't write to file."); @file_put_contents($board['dir'] . DIR_RES . sprintf(FILE_PAGE, $id), $body) or error("Couldn't write to file.");
mysql_free_result($query);
} }
function generate_tripcode ( $name, $length = 10 ) { function generate_tripcode ( $name, $length = 10 ) {

21
inc/instance-config.php
View File

@ -7,17 +7,18 @@
* *
* You can copy values from config.php (defaults) and paste them here. * You can copy values from config.php (defaults) and paste them here.
*/ */
/*
// Database stuff // Database stuff
define('MY_SERVER', '127.0.0.1'); define('DB_TYPE', 'mysql');
define('MY_USER', ''); define('DB_SERVER', 'localhost');
define('MY_PASSWORD', ''); define('DB_USER', '');
define('MY_DATABASE', ''); define('DB_PASSWORD', '');
define('DB_DATABASE', '');
define('ROOT', '/'); define('ROOT', '/');
// define('FOO', 'bar'); // define('FOO', 'bar');
*/
?> ?>

37
inc/mod.php
View File

@ -17,13 +17,12 @@
$password = sha1($password); $password = sha1($password);
} }
$res = mysql_query(sprintf( $query = prepare("SELECT `id`,`type` FROM `mods` WHERE `username` = :username AND `password` = :password LIMIT 1");
"SELECT `id`,`type` FROM `mods` WHERE `username` = '%s' AND `password` = '%s' LIMIT 1", $query->bindValue(':username', $username);
mysql_real_escape_string($username), $query->bindValue(':password', $password);
$password $query->execute();
), $sql) or error(mysql_error($sql));
if($user = mysql_fetch_array($res)) { if($user = $query->fetch()) {
return $mod = Array( return $mod = Array(
'id' => $user['id'], 'id' => $user['id'],
'type' => $user['type'], 'type' => $user['type'],
@ -142,22 +141,19 @@
// Delete a post (reply or thread) // Delete a post (reply or thread)
function deletePost($id) { function deletePost($id) {
global $board, $sql; global $board;
// Select post and replies (if thread) in one query // Select post and replies (if thread) in one query
$post_res = mysql_query(sprintf( $query = prepare(sprintf("SELECT `id`,`thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri']));
"SELECT `id`,`thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = '%d' OR `thread` = '%d'", $query->bindValue(':id', $id, PDO::PARAM_INT);
mysql_real_escape_string($board['uri']), $query->execute() or error(db_error($query));
$id,
$id if($query->rowCount() < 1) {
), $sql) or error(mysql_error($sql));
if(mysql_num_rows($post_res) < 1) {
error(ERROR_INVALIDPOST); error(ERROR_INVALIDPOST);
} }
// Delete posts and maybe replies // Delete posts and maybe replies
while($post = mysql_fetch_array($post_res)) { while($post = $query->fetch()) {
if(!$post['thread']) { if(!$post['thread']) {
// Delete thread HTML page // Delete thread HTML page
@unlink($board['dir'] . DIR_RES . sprintf(FILE_PAGE, $post['id'])); @unlink($board['dir'] . DIR_RES . sprintf(FILE_PAGE, $post['id']));
@ -172,11 +168,8 @@
} }
} }
mysql_query(sprintf( $query = prepare(sprintf("DELETE FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri']));
"DELETE FROM `posts_%s` WHERE `id` = '%d' OR `thread` = '%d'", $query->bindValue(':id', $id, PDO::PARAM_INT);
mysql_real_escape_string($board['uri']), $query->execute() or error(db_error($query));
$id,
$id
), $sql) or error(mysql_error($sql));
} }
?> ?>

20
mod.php
View File

@ -6,6 +6,7 @@
} }
require 'inc/config.php'; require 'inc/config.php';
require 'inc/template.php'; require 'inc/template.php';
require 'inc/database.php';
require 'inc/user.php'; require 'inc/user.php';
require 'inc/mod.php'; require 'inc/mod.php';
@ -175,20 +176,21 @@
if(!preg_match('/^\w+$/', $b['uri'])) if(!preg_match('/^\w+$/', $b['uri']))
error(sprintf(ERROR_INVALIDFIELD, 'URI')); error(sprintf(ERROR_INVALIDFIELD, 'URI'));
mysql_query(sprintf( $query = prepare("INSERT INTO `boards` VALUES (NULL, :uri, :title, :subtitle)");
"INSERT INTO `boards` VALUES (NULL, '%s', '%s', " . $query->bindValue(':uri', $b['uri']);
(empty($b['subtitle']) ? 'NULL' : "'%s'" ) . $query->bindValue(':title', $b['title']);
")", if(!empty($b['subtitle'])) {
mysql_real_escape_string($b['uri']), $query->bindValue(':subtitle', $b['subtitle']);
mysql_real_escape_string($b['title']), } else {
mysql_real_escape_string($b['subtitle']) $query->bindValue(':subtitle', null, PDO::PARAM_NULL);
), $sql) or error(mysql_error($sql)); }
$query->execute() or error(db_error($query));
// Open the board // Open the board
openBoard($b['uri']) or error("Couldn't open board after creation."); openBoard($b['uri']) or error("Couldn't open board after creation.");
// Create the posts table // Create the posts table
mysql_query(Element('posts.sql', Array('board' => $board['uri'])), $sql) or error(mysql_error($sql)); query(Element('posts.sql', Array('board' => $board['uri']))) or error(db_error());
// Build the board // Build the board
buildIndex(); buildIndex();

15
post.php
View File

@ -6,6 +6,7 @@
} }
require 'inc/config.php'; require 'inc/config.php';
require 'inc/template.php'; require 'inc/template.php';
require 'inc/database.php';
require 'inc/user.php'; require 'inc/user.php';
// Fix for magic quotes // Fix for magic quotes
@ -191,9 +192,6 @@
// Todo: Validate some more, remove messy code, allow more specific configuration // Todo: Validate some more, remove messy code, allow more specific configuration
// MySQLify
mysql_safe_array($post);
$id = post($post, $OP); $id = post($post, $OP);
if($post['has_file'] && $post['zip']) { if($post['has_file'] && $post['zip']) {
@ -295,12 +293,7 @@
buildThread(($OP?$id:$post['thread'])); buildThread(($OP?$id:$post['thread']));
if(!$OP) { if(!$OP) {
mysql_query( bumpThread($post['thread']);
sprintf("UPDATE `posts_%s` SET `bump` = '%d' WHERE `id` = '%s' AND `thread` IS NULL",
mysql_real_escape_string($board['uri']),
time(),
$post['thread']
), $sql) or error(mysql_error($sql));
} }
buildIndex(); buildIndex();
@ -318,8 +311,8 @@
sql_open(); sql_open();
// Build all boards // Build all boards
$boards_res = mysql_query('SELECT * FROM `boards`', $sql) or error(mysql_error($sql)); $boards = listBoards();
while($_board = mysql_fetch_array($boards_res)) { foreach($boards as &$_board) {
setupBoard($_board); setupBoard($_board);
buildIndex(); buildIndex();
} }

Write Preview
Loading…
Cancel
Save