Browse Source

Add optional database table prefix (issue #118; see issue comments for details)

pull/40/head
Michael Foster 9 years ago
parent
commit
a052a791b5
  1. 12
      inc/anti-bot.php
  2. 2
      inc/config.php
  3. 4
      inc/database.php
  4. 2
      inc/filters.php
  5. 80
      inc/functions.php
  6. 8
      inc/mod/auth.php
  7. 6
      inc/mod/ban.php
  8. 188
      inc/mod/pages.php
  9. 6
      install.php
  10. 10
      post.php
  11. 2
      templates/posts.sql
  12. 2
      templates/themes/basic/theme.php
  13. 2
      templates/themes/catalog/theme.php
  14. 2
      templates/themes/categories/theme.php
  15. 2
      templates/themes/frameset/theme.php
  16. 10
      templates/themes/recent/theme.php
  17. 2
      templates/themes/rrdtool/theme.php
  18. 2
      templates/themes/sitemap/theme.php

12
inc/anti-bot.php

@ -182,12 +182,12 @@ function _create_antibot($board, $thread) {
$antibot = new AntiBot(array($board, $thread));
query('DELETE FROM `antispam` WHERE `expires` < UNIX_TIMESTAMP()') or error(db_error());
query('DELETE FROM ``antispam`` WHERE `expires` < UNIX_TIMESTAMP()') or error(db_error());
if ($thread)
$query = prepare('UPDATE `antispam` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` = :thread AND `expires` IS NULL');
$query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` = :thread AND `expires` IS NULL');
else
$query = prepare('UPDATE `antispam` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` IS NULL AND `expires` IS NULL');
$query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` IS NULL AND `expires` IS NULL');
$query->bindValue(':board', $board);
if ($thread)
@ -195,7 +195,7 @@ function _create_antibot($board, $thread) {
$query->bindValue(':expires', $config['spam']['hidden_inputs_expire']);
$query->execute() or error(db_error($query));
$query = prepare('INSERT INTO `antispam` VALUES (:board, :thread, :hash, UNIX_TIMESTAMP(), NULL, 0)');
$query = prepare('INSERT INTO ``antispam`` VALUES (:board, :thread, :hash, UNIX_TIMESTAMP(), NULL, 0)');
$query->bindValue(':board', $board);
$query->bindValue(':thread', $thread);
$query->bindValue(':hash', $antibot->hash());
@ -248,7 +248,7 @@ function checkSpam(array $extra_salt = array()) {
if ($hash != $_hash)
return true;
$query = prepare('SELECT `passed` FROM `antispam` WHERE `hash` = :hash');
$query = prepare('SELECT `passed` FROM ``antispam`` WHERE `hash` = :hash');
$query->bindValue(':hash', $hash);
$query->execute() or error(db_error($query));
if ((($passed = $query->fetchColumn(0)) === false) || ($passed > $config['spam']['hidden_inputs_max_pass'])) {
@ -260,7 +260,7 @@ function checkSpam(array $extra_salt = array()) {
}
function incrementSpamHash($hash) {
$query = prepare('UPDATE `antispam` SET `passed` = `passed` + 1 WHERE `hash` = :hash');
$query = prepare('UPDATE ``antispam`` SET `passed` = `passed` + 1 WHERE `hash` = :hash');
$query->bindValue(':hash', $hash);
$query->execute() or error(db_error($query));
}

2
inc/config.php

@ -76,6 +76,8 @@
$config['db']['password'] = '';
// Tinyboard database
$config['db']['database'] = '';
// Table prefix
$config['db']['prefix'] = '';
// Use a persistent connection (experimental)
$config['db']['persistent'] = false;
// Anything more to add to the DSN string (eg. port=xxx;foo=bar)

4
inc/database.php

@ -87,6 +87,8 @@ function mysql_version() {
function prepare($query) {
global $pdo, $debug, $config;
$query = preg_replace('/``([0-9a-zA-Z$_\x{0080}-\x{FFFF}]+)``/u', '`' . $config['db']['prefix'] . '$1`', $query);
sql_open();
if ($config['debug'])
@ -98,6 +100,8 @@ function prepare($query) {
function query($query) {
global $pdo, $debug, $config;
$query = preg_replace('/``([0-9a-zA-Z$_\x{0080}-\x{FFFF}]+)``/u', '`' . $config['db']['prefix'] . '$1`', $query);
sql_open();
if ($config['debug']) {

2
inc/filters.php

@ -81,7 +81,7 @@ class Filter {
else
$all_boards = false;
$query = prepare("INSERT INTO `bans` VALUES (NULL, :ip, :mod, :set, :expires, :reason, :board, 0)");
$query = prepare("INSERT INTO ``bans`` VALUES (NULL, :ip, :mod, :set, :expires, :reason, :board, 0)");
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':mod', -1);
$query->bindValue(':set', time());

80
inc/functions.php

@ -241,7 +241,7 @@ function create_antibot($board, $thread = null) {
function rebuildThemes($action, $board = false) {
// List themes
$query = query("SELECT `theme` FROM `theme_settings` WHERE `name` IS NULL AND `value` IS NULL") or error(db_error());
$query = query("SELECT `theme` FROM ``theme_settings`` WHERE `name` IS NULL AND `value` IS NULL") or error(db_error());
while ($theme = $query->fetch(PDO::FETCH_ASSOC)) {
rebuildTheme($theme['theme'], $action, $board);
@ -276,7 +276,7 @@ function rebuildTheme($theme, $action, $board = false) {
function themeSettings($theme) {
$query = prepare("SELECT `name`, `value` FROM `theme_settings` WHERE `theme` = :theme AND `name` IS NOT NULL");
$query = prepare("SELECT `name`, `value` FROM ``theme_settings`` WHERE `theme` = :theme AND `name` IS NOT NULL");
$query->bindValue(':theme', $theme);
$query->execute() or error(db_error($query));
@ -347,7 +347,7 @@ function getBoardInfo($uri) {
return $board;
}
$query = prepare("SELECT * FROM `boards` WHERE `uri` = :uri LIMIT 1");
$query = prepare("SELECT * FROM ``boards`` WHERE `uri` = :uri LIMIT 1");
$query->bindValue(':uri', $uri);
$query->execute() or error(db_error($query));
@ -523,7 +523,7 @@ function listBoards() {
if ($config['cache']['enabled'] && ($boards = cache::get('all_boards')))
return $boards;
$query = query("SELECT * FROM `boards` ORDER BY `uri`") or error(db_error());
$query = query("SELECT * FROM ``boards`` ORDER BY `uri`") or error(db_error());
$boards = $query->fetchAll();
if ($config['cache']['enabled'])
@ -535,7 +535,7 @@ function listBoards() {
function checkFlood($post) {
global $board, $config;
$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE (`ip` = :ip AND `time` >= :floodtime) OR (`ip` = :ip AND `body` != '' AND `body` = :body AND `time` >= :floodsameiptime) OR (`body` != '' AND `body` = :body AND `time` >= :floodsametime) LIMIT 1", $board['uri']));
$query = prepare(sprintf("SELECT * FROM ``posts_%s`` WHERE (`ip` = :ip AND `time` >= :floodtime) OR (`ip` = :ip AND `body` != '' AND `body` = :body AND `time` >= :floodsameiptime) OR (`body` != '' AND `body` = :body AND `time` >= :floodsametime) LIMIT 1", $board['uri']));
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':body', $post['body']);
$query->bindValue(':floodtime', time()-$config['flood_time'], PDO::PARAM_INT);
@ -589,7 +589,7 @@ function displayBan($ban) {
global $config;
if (!$ban['seen']) {
$query = prepare("UPDATE `bans` SET `seen` = 1 WHERE `id` = :id");
$query = prepare("UPDATE ``bans`` SET `seen` = 1 WHERE `id` = :id");
$query->bindValue(':id', $ban['id'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
}
@ -620,12 +620,12 @@ function checkBan($board = 0) {
if (event('check-ban', $board))
return true;
$query = prepare("SELECT `set`, `expires`, `reason`, `board`, `seen`, `bans`.`id` FROM `bans` WHERE (`board` IS NULL OR `board` = :board) AND `ip` = :ip ORDER BY `expires` IS NULL DESC, `expires` DESC, `expires` DESC LIMIT 1");
$query = prepare("SELECT `set`, `expires`, `reason`, `board`, `seen`, ``bans``.`id` FROM ``bans`` WHERE (`board` IS NULL OR `board` = :board) AND `ip` = :ip ORDER BY `expires` IS NULL DESC, `expires` DESC, `expires` DESC LIMIT 1");
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':board', $board);
$query->execute() or error(db_error($query));
if ($query->rowCount() < 1 && $config['ban_range']) {
$query = prepare("SELECT `set`, `expires`, `reason`, `board`, `seen`, `bans`.`id` FROM `bans` WHERE (`board` IS NULL OR `board` = :board) AND :ip LIKE REPLACE(REPLACE(`ip`, '%', '!%'), '*', '%') ESCAPE '!' ORDER BY `expires` IS NULL DESC, `expires` DESC LIMIT 1");
$query = prepare("SELECT `set`, `expires`, `reason`, `board`, `seen`, ``bans``.`id` FROM ``bans`` WHERE (`board` IS NULL OR `board` = :board) AND :ip LIKE REPLACE(REPLACE(`ip`, '%', '!%'), '*', '%') ESCAPE '!' ORDER BY `expires` IS NULL DESC, `expires` DESC LIMIT 1");
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':board', $board);
$query->execute() or error(db_error($query));
@ -633,7 +633,7 @@ function checkBan($board = 0) {
if ($query->rowCount() < 1 && $config['ban_cidr'] && !isIPv6()) {
// my most insane SQL query yet
$query = prepare("SELECT `set`, `expires`, `reason`, `board`, `seen`, `bans`.`id` FROM `bans` WHERE (`board` IS NULL OR `board` = :board)
$query = prepare("SELECT `set`, `expires`, `reason`, `board`, `seen`, ``bans``.`id` FROM ``bans`` WHERE (`board` IS NULL OR `board` = :board)
AND (
`ip` REGEXP '^(\[0-9]+\.\[0-9]+\.\[0-9]+\.\[0-9]+\)\/(\[0-9]+)$'
AND
@ -650,7 +650,7 @@ function checkBan($board = 0) {
if ($ban = $query->fetch(PDO::FETCH_ASSOC)) {
if ($ban['expires'] && $ban['expires'] < time()) {
// Ban expired
$query = prepare("DELETE FROM `bans` WHERE `id` = :id");
$query = prepare("DELETE FROM ``bans`` WHERE `id` = :id");
$query->bindValue(':id', $ban['id'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
@ -670,7 +670,7 @@ function checkBan($board = 0) {
// No reason to keep expired bans in the database (except those that haven't been viewed yet)
function purge_bans() {
$query = prepare("DELETE FROM `bans` WHERE `expires` IS NOT NULL AND `expires` < :time AND `seen` = 1");
$query = prepare("DELETE FROM ``bans`` WHERE `expires` IS NOT NULL AND `expires` < :time AND `seen` = 1");
$query->bindValue(':time', time());
$query->execute() or error(db_error($query));
}
@ -681,7 +681,7 @@ function threadLocked($id) {
if (event('check-locked', $id))
return true;
$query = prepare(sprintf("SELECT `locked` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri']));
$query = prepare(sprintf("SELECT `locked` FROM ``posts_%s`` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri']));
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error());
@ -699,7 +699,7 @@ function threadSageLocked($id) {
if (event('check-sage-locked', $id))
return true;
$query = prepare(sprintf("SELECT `sage` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri']));
$query = prepare(sprintf("SELECT `sage` FROM ``posts_%s`` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri']));
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error());
@ -714,7 +714,7 @@ function threadSageLocked($id) {
function threadExists($id) {
global $board;
$query = prepare(sprintf("SELECT 1 FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri']));
$query = prepare(sprintf("SELECT 1 FROM ``posts_%s`` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri']));
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error());
@ -727,7 +727,7 @@ function threadExists($id) {
function post(array $post) {
global $pdo, $board;
$query = prepare(sprintf("INSERT INTO `posts_%s` (`id`, `thread`, `subject`, `email`, `name`, `trip`, `capcode`, `body`, `body_nomarkup`, `time`, `bump`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`, `filehash`, `password`, `ip`, `sticky`, `locked`, `sage`, `embed`) VALUES ( NULL, :thread, :subject, :email, :name, :trip, :capcode, :body, :body_nomarkup, :time, :time, :thumb, :thumbwidth, :thumbheight, :file, :width, :height, :filesize, :filename, :filehash, :password, :ip, :sticky, :locked, 0, :embed)", $board['uri']));
$query = prepare(sprintf("INSERT INTO ``posts_%s`` VALUES ( NULL, :thread, :subject, :email, :name, :trip, :capcode, :body, :body_nomarkup, :time, :time, :thumb, :thumbwidth, :thumbheight, :file, :width, :height, :filesize, :filename, :filehash, :password, :ip, :sticky, :locked, 0, :embed)", $board['uri']));
// Basic stuff
if (!empty($post['subject'])) {
@ -829,7 +829,7 @@ function bumpThread($id) {
if (event('bump', $id))
return true;
$query = prepare(sprintf("UPDATE `posts_%s` SET `bump` = :time WHERE `id` = :id AND `thread` IS NULL", $board['uri']));
$query = prepare(sprintf("UPDATE ``posts_%s`` SET `bump` = :time WHERE `id` = :id AND `thread` IS NULL", $board['uri']));
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
@ -839,7 +839,7 @@ function bumpThread($id) {
function deleteFile($id, $remove_entirely_if_already=true) {
global $board, $config;
$query = prepare(sprintf("SELECT `thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri']));
$query = prepare(sprintf("SELECT `thread`,`thumb`,`file` FROM ``posts_%s`` WHERE `id` = :id LIMIT 1", $board['uri']));
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if (!$post = $query->fetch(PDO::FETCH_ASSOC))
@ -848,7 +848,7 @@ function deleteFile($id, $remove_entirely_if_already=true) {
if ($post['file'] == 'deleted' && !$post['thread'])
return; // Can't delete OP's image completely.
$query = prepare(sprintf("UPDATE `posts_%s` SET `thumb` = NULL, `thumbwidth` = NULL, `thumbheight` = NULL, `filewidth` = NULL, `fileheight` = NULL, `filesize` = NULL, `filename` = NULL, `filehash` = NULL, `file` = :file WHERE `id` = :id", $board['uri']));
$query = prepare(sprintf("UPDATE ``posts_%s`` SET `thumb` = NULL, `thumbwidth` = NULL, `thumbheight` = NULL, `filewidth` = NULL, `fileheight` = NULL, `filesize` = NULL, `filename` = NULL, `filehash` = NULL, `file` = :file WHERE `id` = :id", $board['uri']));
if ($post['file'] == 'deleted' && $remove_entirely_if_already) {
// Already deleted; remove file fully
$query->bindValue(':file', null, PDO::PARAM_NULL);
@ -876,7 +876,7 @@ function deleteFile($id, $remove_entirely_if_already=true) {
function rebuildPost($id) {
global $board;
$query = prepare(sprintf("SELECT `body_nomarkup`, `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
$query = prepare(sprintf("SELECT `body_nomarkup`, `thread` FROM ``posts_%s`` WHERE `id` = :id", $board['uri']));
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
@ -885,7 +885,7 @@ function rebuildPost($id) {
markup($body = &$post['body_nomarkup']);
$query = prepare(sprintf("UPDATE `posts_%s` SET `body` = :body WHERE `id` = :id", $board['uri']));
$query = prepare(sprintf("UPDATE ``posts_%s`` SET `body` = :body WHERE `id` = :id", $board['uri']));
$query->bindValue(':body', $body);
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
@ -900,7 +900,7 @@ function deletePost($id, $error_if_doesnt_exist=true, $rebuild_after=true) {
global $board, $config;
// Select post and replies (if thread) in one query
$query = prepare(sprintf("SELECT `id`,`thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri']));
$query = prepare(sprintf("SELECT `id`,`thread`,`thumb`,`file` FROM ``posts_%s`` WHERE `id` = :id OR `thread` = :id", $board['uri']));
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
@ -918,7 +918,7 @@ function deletePost($id, $error_if_doesnt_exist=true, $rebuild_after=true) {
// Delete thread HTML page
file_unlink($board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $post['id']));
$antispam_query = prepare('DELETE FROM `antispam` WHERE `board` = :board AND `thread` = :thread');
$antispam_query = prepare('DELETE FROM ``antispam`` WHERE `board` = :board AND `thread` = :thread');
$antispam_query->bindValue(':board', $board['uri']);
$antispam_query->bindValue(':thread', $post['id']);
$antispam_query->execute() or error(db_error($antispam_query));
@ -939,11 +939,11 @@ function deletePost($id, $error_if_doesnt_exist=true, $rebuild_after=true) {
}
$query = prepare(sprintf("DELETE FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri']));
$query = prepare(sprintf("DELETE FROM ``posts_%s`` WHERE `id` = :id OR `thread` = :id", $board['uri']));
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
$query = prepare("SELECT `board`, `post` FROM `cites` WHERE `target_board` = :board AND (`target` = " . implode(' OR `target` = ', $ids) . ")");
$query = prepare("SELECT `board`, `post` FROM ``cites`` WHERE `target_board` = :board AND (`target` = " . implode(' OR `target` = ', $ids) . ")");
$query->bindValue(':board', $board['uri']);
$query->execute() or error(db_error($query));
while ($cite = $query->fetch(PDO::FETCH_ASSOC)) {
@ -958,7 +958,7 @@ function deletePost($id, $error_if_doesnt_exist=true, $rebuild_after=true) {
if (isset($tmp_board))
openBoard($tmp_board);
$query = prepare("DELETE FROM `cites` WHERE (`target_board` = :board AND `target` = :id) OR (`board` = :board AND `post` = :id)");
$query = prepare("DELETE FROM ``cites`` WHERE (`target_board` = :board AND `target` = :id) OR (`board` = :board AND `post` = :id)");
$query->bindValue(':board', $board['uri']);
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
@ -975,7 +975,7 @@ function clean() {
$offset = round($config['max_pages']*$config['threads_per_page']);
// I too wish there was an easier way of doing this...
$query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT :offset, 9001", $board['uri']));
$query = prepare(sprintf("SELECT `id` FROM ``posts_%s`` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT :offset, 9001", $board['uri']));
$query->bindValue(':offset', $offset, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
@ -990,7 +990,7 @@ function index($page, $mod=false) {
$body = '';
$offset = round($page*$config['threads_per_page']-$config['threads_per_page']);
$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT :offset,:threads_per_page", $board['uri']));
$query = prepare(sprintf("SELECT * FROM ``posts_%s`` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT :offset,:threads_per_page", $board['uri']));
$query->bindValue(':offset', $offset, PDO::PARAM_INT);
$query->bindValue(':threads_per_page', $config['threads_per_page'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
@ -1011,7 +1011,7 @@ function index($page, $mod=false) {
$replies = $cached['replies'];
$omitted = $cached['omitted'];
} else {
$posts = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` = :id ORDER BY `id` DESC LIMIT :limit", $board['uri']));
$posts = prepare(sprintf("SELECT * FROM ``posts_%s`` WHERE `thread` = :id ORDER BY `id` DESC LIMIT :limit", $board['uri']));
$posts->bindValue(':id', $th['id']);
$posts->bindValue(':limit', ($th['sticky'] ? $config['threads_preview_sticky'] : $config['threads_preview']), PDO::PARAM_INT);
$posts->execute() or error(db_error($posts));
@ -1115,7 +1115,7 @@ function getPages($mod=false) {
$count = $board['thread_count'];
} else {
// Count threads
$query = query(sprintf("SELECT COUNT(*) FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error());
$query = query(sprintf("SELECT COUNT(*) FROM ``posts_%s`` WHERE `thread` IS NULL", $board['uri'])) or error(db_error());
$count = $query->fetchColumn();
}
$count = floor(($config['threads_per_page'] + $count - 1) / $config['threads_per_page']);
@ -1151,7 +1151,7 @@ function checkRobot($body) {
return true;
$body = makerobot($body);
$query = prepare("SELECT 1 FROM `robot` WHERE `hash` = :hash LIMIT 1");
$query = prepare("SELECT 1 FROM ``robot`` WHERE `hash` = :hash LIMIT 1");
$query->bindValue(':hash', $body);
$query->execute() or error(db_error($query));
@ -1160,7 +1160,7 @@ function checkRobot($body) {
}
// Insert new hash
$query = prepare("INSERT INTO `robot` VALUES (:hash)");
$query = prepare("INSERT INTO ``robot`` VALUES (:hash)");
$query->bindValue(':hash', $body);
$query->execute() or error(db_error($query));
@ -1170,7 +1170,7 @@ function checkRobot($body) {
// Returns an associative array with 'replies' and 'images' keys
function numPosts($id) {
global $board;
$query = prepare(sprintf("SELECT COUNT(*) FROM `posts_%s` WHERE `thread` = :thread UNION ALL SELECT COUNT(*) FROM `posts_%s` WHERE `file` IS NOT NULL AND `thread` = :thread", $board['uri'], $board['uri']));
$query = prepare(sprintf("SELECT COUNT(*) FROM ``posts_%s`` WHERE `thread` = :thread UNION ALL SELECT COUNT(*) FROM ``posts_%s`` WHERE `file` IS NOT NULL AND `thread` = :thread", $board['uri'], $board['uri']));
$query->bindValue(':thread', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
@ -1187,7 +1187,7 @@ function muteTime() {
return $time;
// Find number of mutes in the past X hours
$query = prepare("SELECT COUNT(*) FROM `mutes` WHERE `time` >= :time AND `ip` = :ip");
$query = prepare("SELECT COUNT(*) FROM ``mutes`` WHERE `time` >= :time AND `ip` = :ip");
$query->bindValue(':time', time()-($config['robot_mute_hour']*3600), PDO::PARAM_INT);
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->execute() or error(db_error($query));
@ -1199,7 +1199,7 @@ function muteTime() {
function mute() {
// Insert mute
$query = prepare("INSERT INTO `mutes` VALUES (:ip, :time)");
$query = prepare("INSERT INTO ``mutes`` VALUES (:ip, :time)");
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->execute() or error(db_error($query));
@ -1220,7 +1220,7 @@ function checkMute() {
$mutetime = muteTime();
if ($mutetime > 0) {
// Find last mute time
$query = prepare("SELECT `time` FROM `mutes` WHERE `ip` = :ip ORDER BY `time` DESC LIMIT 1");
$query = prepare("SELECT `time` FROM ``mutes`` WHERE `ip` = :ip ORDER BY `time` DESC LIMIT 1");
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->execute() or error(db_error($query));
@ -1514,7 +1514,7 @@ function markup(&$body, $track_cites = false) {
foreach ($cites as $matches) {
$cite = $matches[2][0];
$query = prepare(sprintf("SELECT `thread`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri']));
$query = prepare(sprintf("SELECT `thread`,`id` FROM ``posts_%s`` WHERE `id` = :id LIMIT 1", $board['uri']));
$query->bindValue(':id', $cite);
$query->execute() or error(db_error($query));
@ -1562,7 +1562,7 @@ function markup(&$body, $track_cites = false) {
// Check if the board exists, and load settings
if (openBoard($_board)) {
if ($cite) {
$query = prepare(sprintf("SELECT `thread`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri']));
$query = prepare(sprintf("SELECT `thread`,`id` FROM ``posts_%s`` WHERE `id` = :id LIMIT 1", $board['uri']));
$query->bindValue(':id', $cite);
$query->execute() or error(db_error($query));
@ -1671,7 +1671,7 @@ function buildThread($id, $return = false, $mod = false) {
cache::delete("thread_{$board['uri']}_{$id}");
}
$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE (`thread` IS NULL AND `id` = :id) OR `thread` = :id ORDER BY `thread`,`id`", $board['uri']));
$query = prepare(sprintf("SELECT * FROM ``posts_%s`` WHERE (`thread` IS NULL AND `id` = :id) OR `thread` = :id ORDER BY `thread`,`id`", $board['uri']));
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
@ -1806,7 +1806,7 @@ function fraction($numerator, $denominator, $sep) {
function getPostByHash($hash) {
global $board;
$query = prepare(sprintf("SELECT `id`,`thread` FROM `posts_%s` WHERE `filehash` = :hash", $board['uri']));
$query = prepare(sprintf("SELECT `id`,`thread` FROM ``posts_%s`` WHERE `filehash` = :hash", $board['uri']));
$query->bindValue(':hash', $hash, PDO::PARAM_STR);
$query->execute() or error(db_error($query));
@ -1819,7 +1819,7 @@ function getPostByHash($hash) {
function getPostByHashInThread($hash, $thread) {
global $board;
$query = prepare(sprintf("SELECT `id`,`thread` FROM `posts_%s` WHERE `filehash` = :hash AND ( `thread` = :thread OR `id` = :thread )", $board['uri']));
$query = prepare(sprintf("SELECT `id`,`thread` FROM ``posts_%s`` WHERE `filehash` = :hash AND ( `thread` = :thread OR `id` = :thread )", $board['uri']));
$query->bindValue(':hash', $hash, PDO::PARAM_STR);
$query->bindValue(':thread', $thread, PDO::PARAM_INT);
$query->execute() or error(db_error($query));

8
inc/mod/auth.php

@ -42,7 +42,7 @@ function login($username, $password, $makehash=true) {
$password = sha1($password);
}
$query = prepare("SELECT `id`, `type`, `boards`, `password`, `salt` FROM `mods` WHERE `username` = :username");
$query = prepare("SELECT `id`, `type`, `boards`, `password`, `salt` FROM ``mods`` WHERE `username` = :username");
$query->bindValue(':username', $username);
$query->execute() or error(db_error($query));
@ -83,7 +83,7 @@ function destroyCookies() {
function modLog($action, $_board=null) {
global $mod, $board, $config;
$query = prepare("INSERT INTO `modlogs` VALUES (:id, :ip, :board, :time, :text)");
$query = prepare("INSERT INTO ``modlogs`` VALUES (:id, :ip, :board, :time, :text)");
$query->bindValue(':id', $mod['id'], PDO::PARAM_INT);
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':time', time(), PDO::PARAM_INT);
@ -112,7 +112,7 @@ if (isset($_COOKIE[$config['cookies']['mod']])) {
exit;
}
$query = prepare("SELECT `id`, `type`, `boards`, `password` FROM `mods` WHERE `username` = :username");
$query = prepare("SELECT `id`, `type`, `boards`, `password` FROM ``mods`` WHERE `username` = :username");
$query->bindValue(':username', $cookie[0]);
$query->execute() or error(db_error($query));
$user = $query->fetch(PDO::FETCH_ASSOC);
@ -143,7 +143,7 @@ function create_pm_header() {
return $header;
}
$query = prepare("SELECT `id` FROM `pms` WHERE `to` = :id AND `unread` = 1");
$query = prepare("SELECT `id` FROM ``pms`` WHERE `to` = :id AND `unread` = 1");
$query->bindValue(':id', $mod['id'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));

6
inc/mod/ban.php

@ -56,7 +56,7 @@ function parse_time($str) {
function ban($mask, $reason, $length, $board) {
global $mod, $pdo;
$query = prepare("INSERT INTO `bans` VALUES (NULL, :ip, :mod, :time, :expires, :reason, :board, 0)");
$query = prepare("INSERT INTO ``bans`` VALUES (NULL, :ip, :mod, :time, :expires, :reason, :board, 0)");
$query->bindValue(':ip', $mask);
$query->bindValue(':mod', $mod['id']);
$query->bindValue(':time', time());
@ -89,12 +89,12 @@ function ban($mask, $reason, $length, $board) {
}
function unban($id) {
$query = prepare("SELECT `ip` FROM `bans` WHERE `id` = :id");
$query = prepare("SELECT `ip` FROM ``bans`` WHERE `id` = :id");
$query->bindValue(':id', $id);
$query->execute() or error(db_error($query));
$mask = $query->fetchColumn();
$query = prepare("DELETE FROM `bans` WHERE `id` = :id");
$query = prepare("DELETE FROM ``bans`` WHERE `id` = :id");
$query->bindValue(':id', $id);
$query->execute() or error(db_error($query));

188
inc/mod/pages.php

@ -82,7 +82,7 @@ function mod_dashboard() {
if (hasPermission($config['mod']['noticeboard'])) {
if (!$config['cache']['enabled'] || !$args['noticeboard'] = cache::get('noticeboard_preview')) {
$query = prepare("SELECT `noticeboard`.*, `username` FROM `noticeboard` LEFT JOIN `mods` ON `mods`.`id` = `mod` ORDER BY `id` DESC LIMIT :limit");
$query = prepare("SELECT ``noticeboard``.*, `username` FROM ``noticeboard`` LEFT JOIN ``mods`` ON ``mods``.`id` = `mod` ORDER BY `id` DESC LIMIT :limit");
$query->bindValue(':limit', $config['mod']['noticeboard_dashboard'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
$args['noticeboard'] = $query->fetchAll(PDO::FETCH_ASSOC);
@ -93,7 +93,7 @@ function mod_dashboard() {
}
if (!$config['cache']['enabled'] || ($args['unread_pms'] = cache::get('pm_unreadcount_' . $mod['id'])) == false) {
$query = prepare('SELECT COUNT(*) FROM `pms` WHERE `to` = :id AND `unread` = 1');
$query = prepare('SELECT COUNT(*) FROM ``pms`` WHERE `to` = :id AND `unread` = 1');
$query->bindValue(':id', $mod['id']);
$query->execute() or error(db_error($query));
$args['unread_pms'] = $query->fetchColumn();
@ -102,7 +102,7 @@ function mod_dashboard() {
cache::set('pm_unreadcount_' . $mod['id'], $args['unread_pms']);
}
$query = query('SELECT COUNT(*) FROM `reports`') or error(db_error($query));
$query = query('SELECT COUNT(*) FROM ``reports``') or error(db_error($query));
$args['reports'] = $query->fetchColumn();
if ($mod['type'] >= ADMIN && $config['check_updates']) {
@ -208,6 +208,8 @@ function mod_search($type, $search_query_escaped, $page_no = 1) {
// Use asterisk as wildcard instead
$query = str_replace('*', '%', $query);
$query = str_replace('`', '!`', $query);
// Array of phrases to match
$match = array();
@ -271,7 +273,7 @@ function mod_search($type, $search_query_escaped, $page_no = 1) {
if (!empty($query))
$query .= ' UNION ALL ';
$query .= sprintf("SELECT *, '%s' AS `board` FROM `posts_%s` WHERE %s", $board['uri'], $board['uri'], $sql_like);
$query .= sprintf("SELECT *, '%s' AS `board` FROM ``posts_%s`` WHERE %s", $board['uri'], $board['uri'], $sql_like);
}
// You weren't allowed to search any boards
@ -282,21 +284,21 @@ function mod_search($type, $search_query_escaped, $page_no = 1) {
}
if ($type == 'IP_notes') {
$query = 'SELECT * FROM `ip_notes` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE ' . $sql_like . ' ORDER BY `time` DESC';
$query = 'SELECT * FROM ``ip_notes`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE ' . $sql_like . ' ORDER BY `time` DESC';
$sql_table = 'ip_notes';
if (!hasPermission($config['mod']['view_notes']) || !hasPermission($config['mod']['show_ip']))
error($config['error']['noaccess']);
}
if ($type == 'bans') {
$query = 'SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE ' . $sql_like . ' ORDER BY (`expires` IS NOT NULL AND `expires` < UNIX_TIMESTAMP()), `set` DESC';
$query = 'SELECT ``bans``.*, `username` FROM ``bans`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE ' . $sql_like . ' ORDER BY (`expires` IS NOT NULL AND `expires` < UNIX_TIMESTAMP()), `set` DESC';
$sql_table = 'bans';
if (!hasPermission($config['mod']['view_banlist']))
error($config['error']['noaccess']);
}
if ($type == 'log') {
$query = 'SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE ' . $sql_like . ' ORDER BY `time` DESC';
$query = 'SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM ``modlogs`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE ' . $sql_like . ' ORDER BY `time` DESC';
$sql_table = 'modlogs';
if (!hasPermission($config['mod']['modlog']))
error($config['error']['noaccess']);
@ -353,7 +355,7 @@ function mod_edit_board($boardName) {
if (!hasPermission($config['mod']['manageboards'], $board['uri']))
error($config['error']['deleteboard']);
$query = prepare('DELETE FROM `boards` WHERE `uri` = :uri');
$query = prepare('DELETE FROM ``boards`` WHERE `uri` = :uri');
$query->bindValue(':uri', $board['uri']);
$query->execute() or error(db_error($query));
@ -363,19 +365,19 @@ function mod_edit_board($boardName) {
rrmdir($board['uri'] . '/');
// Delete posting table
$query = query(sprintf('DROP TABLE IF EXISTS `posts_%s`', $board['uri'])) or error(db_error());
$query = query(sprintf('DROP TABLE IF EXISTS ``posts_%s``', $board['uri'])) or error(db_error());
// Clear reports
$query = prepare('DELETE FROM `reports` WHERE `board` = :id');
$query = prepare('DELETE FROM ``reports`` WHERE `board` = :id');
$query->bindValue(':id', $board['uri'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
// Delete from table
$query = prepare('DELETE FROM `boards` WHERE `uri` = :uri');
$query = prepare('DELETE FROM ``boards`` WHERE `uri` = :uri');
$query->bindValue(':uri', $board['uri'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
$query = prepare("SELECT `board`, `post` FROM `cites` WHERE `target_board` = :board");
$query = prepare("SELECT `board`, `post` FROM ``cites`` WHERE `target_board` = :board");
$query->bindValue(':board', $board['uri']);
$query->execute() or error(db_error($query));
while ($cite = $query->fetch(PDO::FETCH_ASSOC)) {
@ -387,28 +389,28 @@ function mod_edit_board($boardName) {
}
}
$query = prepare('DELETE FROM `cites` WHERE `board` = :board OR `target_board` = :board');
$query = prepare('DELETE FROM ``cites`` WHERE `board` = :board OR `target_board` = :board');
$query->bindValue(':board', $board['uri']);
$query->execute() or error(db_error($query));
$query = prepare('DELETE FROM `antispam` WHERE `board` = :board');
$query = prepare('DELETE FROM ``antispam`` WHERE `board` = :board');
$query->bindValue(':board', $board['uri']);
$query->execute() or error(db_error($query));
// Remove board from users/permissions table
$query = query('SELECT `id`,`boards` FROM `mods`') or error(db_error());
$query = query('SELECT `id`,`boards` FROM ``mods``') or error(db_error());
while ($user = $query->fetch(PDO::FETCH_ASSOC)) {
$user_boards = explode(',', $user['boards']);
if (in_array($board['uri'], $user_boards)) {
unset($user_boards[array_search($board['uri'], $user_boards)]);
$_query = prepare('UPDATE `mods` SET `boards` = :boards WHERE `id` = :id');
$_query = prepare('UPDATE ``mods`` SET `boards` = :boards WHERE `id` = :id');
$_query->bindValue(':boards', implode(',', $user_boards));
$_query->bindValue(':id', $user['id']);
$_query->execute() or error(db_error($_query));
}
}
} else {
$query = prepare('UPDATE `boards` SET `title` = :title, `subtitle` = :subtitle WHERE `uri` = :uri');
$query = prepare('UPDATE ``boards`` SET `title` = :title, `subtitle` = :subtitle WHERE `uri` = :uri');
$query->bindValue(':uri', $board['uri']);
$query->bindValue(':title', $_POST['title']);
$query->bindValue(':subtitle', $_POST['subtitle']);
@ -467,7 +469,7 @@ function mod_new_board() {
error(sprintf($config['error']['boardexists'], $board['url']));
}
$query = prepare('INSERT INTO `boards` VALUES (:uri, :title, :subtitle)');
$query = prepare('INSERT INTO ``boards`` VALUES (:uri, :title, :subtitle)');
$query->bindValue(':uri', $_POST['uri']);
$query->bindValue(':title', $_POST['title']);
$query->bindValue(':subtitle', $_POST['subtitle']);
@ -510,7 +512,7 @@ function mod_noticeboard($page_no = 1) {
$_POST['body'] = escape_markup_modifiers($_POST['body']);
markup($_POST['body']);
$query = prepare('INSERT INTO `noticeboard` VALUES (NULL, :mod, :time, :subject, :body)');
$query = prepare('INSERT INTO ``noticeboard`` VALUES (NULL, :mod, :time, :subject, :body)');
$query->bindValue(':mod', $mod['id']);
$query->bindvalue(':time', time());
$query->bindValue(':subject', $_POST['subject']);
@ -525,7 +527,7 @@ function mod_noticeboard($page_no = 1) {
header('Location: ?/noticeboard#' . $pdo->lastInsertId(), true, $config['redirect_http']);
}
$query = prepare("SELECT `noticeboard`.*, `username` FROM `noticeboard` LEFT JOIN `mods` ON `mods`.`id` = `mod` ORDER BY `id` DESC LIMIT :offset, :limit");
$query = prepare("SELECT ``noticeboard``.*, `username` FROM ``noticeboard`` LEFT JOIN ``mods`` ON ``mods``.`id` = `mod` ORDER BY `id` DESC LIMIT :offset, :limit");
$query->bindValue(':limit', $config['mod']['noticeboard_page'], PDO::PARAM_INT);
$query->bindValue(':offset', ($page_no - 1) * $config['mod']['noticeboard_page'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
@ -534,7 +536,7 @@ function mod_noticeboard($page_no = 1) {
if (empty($noticeboard) && $page_no > 1)
error($config['error']['404']);
$query = prepare("SELECT COUNT(*) FROM `noticeboard`");
$query = prepare("SELECT COUNT(*) FROM ``noticeboard``");
$query->execute() or error(db_error($query));
$count = $query->fetchColumn();
@ -547,7 +549,7 @@ function mod_noticeboard_delete($id) {
if (!hasPermission($config['mod']['noticeboard_delete']))
error($config['error']['noaccess']);
$query = prepare('DELETE FROM `noticeboard` WHERE `id` = :id');
$query = prepare('DELETE FROM ``noticeboard`` WHERE `id` = :id');
$query->bindValue(':id', $id);
$query->execute() or error(db_error($query));
@ -572,7 +574,7 @@ function mod_news($page_no = 1) {
$_POST['body'] = escape_markup_modifiers($_POST['body']);
markup($_POST['body']);
$query = prepare('INSERT INTO `news` VALUES (NULL, :name, :time, :subject, :body)');
$query = prepare('INSERT INTO ``news`` VALUES (NULL, :name, :time, :subject, :body)');
$query->bindValue(':name', isset($_POST['name']) && hasPermission($config['mod']['news_custom']) ? $_POST['name'] : $mod['username']);
$query->bindvalue(':time', time());
$query->bindValue(':subject', $_POST['subject']);
@ -586,7 +588,7 @@ function mod_news($page_no = 1) {
header('Location: ?/news#' . $pdo->lastInsertId(), true, $config['redirect_http']);
}
$query = prepare("SELECT * FROM `news` ORDER BY `id` DESC LIMIT :offset, :limit");
$query = prepare("SELECT * FROM ``news`` ORDER BY `id` DESC LIMIT :offset, :limit");
$query->bindValue(':limit', $config['mod']['news_page'], PDO::PARAM_INT);
$query->bindValue(':offset', ($page_no - 1) * $config['mod']['news_page'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
@ -595,7 +597,7 @@ function mod_news($page_no = 1) {
if (empty($news) && $page_no > 1)
error($config['error']['404']);
$query = prepare("SELECT COUNT(*) FROM `news`");
$query = prepare("SELECT COUNT(*) FROM ``news``");
$query->execute() or error(db_error($query));
$count = $query->fetchColumn();
@ -608,7 +610,7 @@ function mod_news_delete($id) {
if (!hasPermission($config['mod']['news_delete']))
error($config['error']['noaccess']);
$query = prepare('DELETE FROM `news` WHERE `id` = :id');
$query = prepare('DELETE FROM ``news`` WHERE `id` = :id');
$query->bindValue(':id', $id);
$query->execute() or error(db_error($query));
@ -626,7 +628,7 @@ function mod_log($page_no = 1) {
if (!hasPermission($config['mod']['modlog']))
error($config['error']['noaccess']);
$query = prepare("SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY `time` DESC LIMIT :offset, :limit");
$query = prepare("SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM ``modlogs`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` ORDER BY `time` DESC LIMIT :offset, :limit");
$query->bindValue(':limit', $config['mod']['modlog_page'], PDO::PARAM_INT);
$query->bindValue(':offset', ($page_no - 1) * $config['mod']['modlog_page'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
@ -635,7 +637,7 @@ function mod_log($page_no = 1) {
if (empty($logs) && $page_no > 1)
error($config['error']['404']);
$query = prepare("SELECT COUNT(*) FROM `modlogs`");
$query = prepare("SELECT COUNT(*) FROM ``modlogs``");
$query->execute() or error(db_error($query));
$count = $query->fetchColumn();
@ -651,7 +653,7 @@ function mod_user_log($username, $page_no = 1) {
if (!hasPermission($config['mod']['modlog']))
error($config['error']['noaccess']);
$query = prepare("SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `username` = :username ORDER BY `time` DESC LIMIT :offset, :limit");
$query = prepare("SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM ``modlogs`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `username` = :username ORDER BY `time` DESC LIMIT :offset, :limit");
$query->bindValue(':username', $username);
$query->bindValue(':limit', $config['mod']['modlog_page'], PDO::PARAM_INT);
$query->bindValue(':offset', ($page_no - 1) * $config['mod']['modlog_page'], PDO::PARAM_INT);
@ -661,7 +663,7 @@ function mod_user_log($username, $page_no = 1) {
if (empty($logs) && $page_no > 1)
error($config['error']['404']);
$query = prepare("SELECT COUNT(*) FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `username` = :username");
$query = prepare("SELECT COUNT(*) FROM ``modlogs`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `username` = :username");
$query->bindValue(':username', $username);
$query->execute() or error(db_error($query));
$count = $query->fetchColumn();
@ -707,7 +709,7 @@ function mod_ip_remove_note($ip, $id) {
if (filter_var($ip, FILTER_VALIDATE_IP) === false)
error("Invalid IP address.");
$query = prepare('DELETE FROM `ip_notes` WHERE `ip` = :ip AND `id` = :id');
$query = prepare('DELETE FROM ``ip_notes`` WHERE `ip` = :ip AND `id` = :id');
$query->bindValue(':ip', $ip);
$query->bindValue(':id', $id);
$query->execute() or error(db_error($query));
@ -741,7 +743,7 @@ function mod_page_ip($ip) {
$_POST['note'] = escape_markup_modifiers($_POST['note']);
markup($_POST['note']);
$query = prepare('INSERT INTO `ip_notes` VALUES (NULL, :ip, :mod, :time, :body)');
$query = prepare('INSERT INTO ``ip_notes`` VALUES (NULL, :ip, :mod, :time, :body)');
$query->bindValue(':ip', $ip);
$query->bindValue(':mod', $mod['id']);
$query->bindValue(':time', time());
@ -766,7 +768,7 @@ function mod_page_ip($ip) {
openBoard($board['uri']);
if (!hasPermission($config['mod']['show_ip'], $board['uri']))
continue;
$query = prepare(sprintf('SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `id` DESC LIMIT :limit', $board['uri']));
$query = prepare(sprintf('SELECT * FROM ``posts_%s`` WHERE `ip` = :ip ORDER BY `sticky` DESC, `id` DESC LIMIT :limit', $board['uri']));
$query->bindValue(':ip', $ip);
$query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
@ -798,21 +800,21 @@ function mod_page_ip($ip) {
$args['token'] = make_secure_link_token('ban');
if (hasPermission($config['mod']['view_ban'])) {
$query = prepare("SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip");
$query = prepare("SELECT ``bans``.*, `username` FROM ``bans`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `ip` = :ip");
$query->bindValue(':ip', $ip);
$query->execute() or error(db_error($query));
$args['bans'] = $query->fetchAll(PDO::FETCH_ASSOC);
}
if (hasPermission($config['mod']['view_notes'])) {
$query = prepare("SELECT `ip_notes`.*, `username` FROM `ip_notes` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip");
$query = prepare("SELECT ``ip_notes``.*, `username` FROM ``ip_notes`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `ip` = :ip");
$query->bindValue(':ip', $ip);
$query->execute() or error(db_error($query));
$args['notes'] = $query->fetchAll(PDO::FETCH_ASSOC);
}
if (hasPermission($config['mod']['modlog_ip'])) {
$query = prepare("SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `text` LIKE :search ORDER BY `time` DESC LIMIT 20");
$query = prepare("SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM ``modlogs`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `text` LIKE :search ORDER BY `time` DESC LIMIT 20");
$query->bindValue(':search', '%' . $ip . '%');
$query->execute() or error(db_error($query));
$args['logs'] = $query->fetchAll(PDO::FETCH_ASSOC);
@ -865,7 +867,7 @@ function mod_bans($page_no = 1) {
if (isset($config['mod']['unban_limit'])){
if (count($unban) <= $config['mod']['unban_limit'] || $config['mod']['unban_limit'] == -1){
if (!empty($unban)) {
query('DELETE FROM `bans` WHERE `id` = ' . implode(' OR `id` = ', $unban)) or error(db_error());
query('DELETE FROM ``bans`` WHERE `id` = ' . implode(' OR `id` = ', $unban)) or error(db_error());
foreach ($unban as $id) {
modLog("Removed ban #{$id}");
@ -878,7 +880,7 @@ function mod_bans($page_no = 1) {
} else {
if (!empty($unban)) {
query('DELETE FROM `bans` WHERE `id` = ' . implode(' OR `id` = ', $unban)) or error(db_error());
query('DELETE FROM ``bans`` WHERE `id` = ' . implode(' OR `id` = ', $unban)) or error(db_error());
foreach ($unban as $id) {
modLog("Removed ban #{$id}");
@ -890,10 +892,10 @@ function mod_bans($page_no = 1) {
}
if ($config['mod']['view_banexpired']) {
$query = prepare("SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY (`expires` IS NOT NULL AND `expires` < :time), `set` DESC LIMIT :offset, :limit");
$query = prepare("SELECT ``bans``.*, `username` FROM ``bans`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` ORDER BY (`expires` IS NOT NULL AND `expires` < :time), `set` DESC LIMIT :offset, :limit");
} else {
// Filter out expired bans
$query = prepare("SELECT `bans`.*, `username` FROM `bans` INNER JOIN `mods` ON `mod` = `mods`.`id` WHERE `expires` = 0 OR `expires` > :time ORDER BY `set` DESC LIMIT :offset, :limit");
$query = prepare("SELECT ``bans``.*, `username` FROM ``bans`` INNER JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `expires` = 0 OR `expires` > :time ORDER BY `set` DESC LIMIT :offset, :limit");
}
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->bindValue(':limit', $config['mod']['banlist_page'], PDO::PARAM_INT);
@ -904,7 +906,7 @@ function mod_bans($page_no = 1) {
if (empty($bans) && $page_no > 1)
error($config['error']['404']);
$query = prepare("SELECT COUNT(*) FROM `bans`");
$query = prepare("SELECT COUNT(*) FROM ``bans``");
$query->execute() or error(db_error($query));
$count = $query->fetchColumn();
@ -926,7 +928,7 @@ function mod_lock($board, $unlock, $post) {
if (!hasPermission($config['mod']['lock'], $board))
error($config['error']['noaccess']);
$query = prepare(sprintf('UPDATE `posts_%s` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL', $board));
$query = prepare(sprintf('UPDATE ``posts_%s`` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL', $board));
$query->bindValue(':id', $post);
$query->bindValue(':locked', $unlock ? 0 : 1);
$query->execute() or error(db_error($query));
@ -937,7 +939,7 @@ function mod_lock($board, $unlock, $post) {
}
if ($config['mod']['dismiss_reports_on_lock']) {
$query = prepare('DELETE FROM `reports` WHERE `board` = :board AND `post` = :id');
$query = prepare('DELETE FROM ``reports`` WHERE `board` = :board AND `post` = :id');
$query->bindValue(':board', $board);
$query->bindValue(':id', $post);
$query->execute() or error(db_error($query));
@ -960,7 +962,7 @@ function mod_sticky($board, $unsticky, $post) {
if (!hasPermission($config['mod']['sticky'], $board))
error($config['error']['noaccess']);
$query = prepare(sprintf('UPDATE `posts_%s` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL', $board));
$query = prepare(sprintf('UPDATE ``posts_%s`` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL', $board));
$query->bindValue(':id', $post);
$query->bindValue(':sticky', $unsticky ? 0 : 1);
$query->execute() or error(db_error($query));
@ -982,7 +984,7 @@ function mod_bumplock($board, $unbumplock, $post) {
if (!hasPermission($config['mod']['bumplock'], $board))
error($config['error']['noaccess']);
$query = prepare(sprintf('UPDATE `posts_%s` SET `sage` = :bumplock WHERE `id` = :id AND `thread` IS NULL', $board));
$query = prepare(sprintf('UPDATE ``posts_%s`` SET `sage` = :bumplock WHERE `id` = :id AND `thread` IS NULL', $board));
$query->bindValue(':id', $post);
$query->bindValue(':bumplock', $unbumplock ? 0 : 1);
$query->execute() or error(db_error($query));
@ -1004,7 +1006,7 @@ function mod_move($originBoard, $postID) {
if (!hasPermission($config['mod']['move'], $originBoard))
error($config['error']['noaccess']);
$query = prepare(sprintf('SELECT * FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL', $originBoard));
$query = prepare(sprintf('SELECT * FROM ``posts_%s`` WHERE `id` = :id AND `thread` IS NULL', $originBoard));
$query->bindValue(':id', $postID);
$query->execute() or error(db_error($query));
if (!$post = $query->fetch(PDO::FETCH_ASSOC))
@ -1052,7 +1054,7 @@ function mod_move($originBoard, $postID) {
// go back to the original board to fetch replies
openBoard($originBoard);
$query = prepare(sprintf('SELECT * FROM `posts_%s` WHERE `thread` = :id ORDER BY `id`', $originBoard));
$query = prepare(sprintf('SELECT * FROM ``posts_%s`` WHERE `thread` = :id ORDER BY `id`', $originBoard));
$query->bindValue(':id', $postID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
@ -1081,7 +1083,7 @@ function mod_move($originBoard, $postID) {
openBoard($targetBoard);
foreach ($replies as &$post) {
$query = prepare('SELECT `target` FROM `cites` WHERE `target_board` = :board AND `board` = :board AND `post` = :post');
$query = prepare('SELECT `target` FROM ``cites`` WHERE `target_board` = :board AND `board` = :board AND `post` = :post');
$query->bindValue(':board', $originBoard);
$query->bindValue(':post', $post['id'], PDO::PARAM_INT);
$query->execute() or error(db_error($qurey));
@ -1113,7 +1115,7 @@ function mod_move($originBoard, $postID) {
}
foreach ($post['tracked_cites'] as $cite) {
$query = prepare('INSERT INTO `cites` VALUES (:board, :post, :target_board, :target)');
$query = prepare('INSERT INTO ``cites`` VALUES (:board, :post, :target_board, :target)');
$query->bindValue(':board', $board['uri']);
$query->bindValue(':post', $newPostID, PDO::PARAM_INT);
$query->bindValue(':target_board',$cite[0]);
@ -1138,7 +1140,7 @@ function mod_move($originBoard, $postID) {
if ($shadow) {
// lock old thread
$query = prepare(sprintf('UPDATE `posts_%s` SET `locked` = 1 WHERE `id` = :id', $originBoard));
$query = prepare(sprintf('UPDATE ``posts_%s`` SET `locked` = 1 WHERE `id` = :id', $originBoard));
$query->bindValue(':id', $postID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
@ -1197,7 +1199,7 @@ function mod_ban_post($board, $delete, $post, $token = false) {
$security_token = make_secure_link_token($board . '/ban/' . $post);
$query = prepare(sprintf('SELECT `ip`, `thread` FROM `posts_%s` WHERE `id` = :id', $board));
$query = prepare(sprintf('SELECT `ip`, `thread` FROM ``posts_%s`` WHERE `id` = :id', $board));
$query->bindValue(':id', $post);
$query->execute() or error(db_error($query));
if (!$_post = $query->fetch(PDO::FETCH_ASSOC))
@ -1220,7 +1222,7 @@ function mod_ban_post($board, $delete, $post, $token = false) {
$_POST['message'] = preg_replace('/[\r\n]/', '', $_POST['message']);
$_POST['message'] = str_replace('%length%', $length_english, $_POST['message']);
$_POST['message'] = str_replace('%LENGTH%', strtoupper($length_english), $_POST['message']);
$query = prepare(sprintf('UPDATE `posts_%s` SET `body_nomarkup` = CONCAT(`body_nomarkup`, :body_nomarkup) WHERE `id` = :id', $board));
$query = prepare(sprintf('UPDATE ``posts_%s`` SET `body_nomarkup` = CONCAT(`body_nomarkup`, :body_nomarkup) WHERE `id` = :id', $board));
$query->bindValue(':id', $post);
$query->bindValue(':body_nomarkup', sprintf("\n<tinyboard ban message>%s</tinyboard>", utf8tohtml($_POST['message'])));
$query->execute() or error(db_error($query));
@ -1267,7 +1269,7 @@ function mod_edit_post($board, $edit_raw_html, $postID) {
$security_token = make_secure_link_token($board . '/edit' . ($edit_raw_html ? '_raw' : '') . '/' . $postID);
$query = prepare(sprintf('SELECT * FROM `posts_%s` WHERE `id` = :id', $board));
$query = prepare(sprintf('SELECT * FROM ``posts_%s`` WHERE `id` = :id', $board));
$query->bindValue(':id', $postID);
$query->execute() or error(db_error($query));
@ -1276,9 +1278,9 @@ function mod_edit_post($board, $edit_raw_html, $postID) {
if (isset($_POST['name'], $_POST['email'], $_POST['subject'], $_POST['body'])) {
if ($edit_raw_html)
$query = prepare(sprintf('UPDATE `posts_%s` SET `name` = :name, `email` = :email, `subject` = :subject, `body` = :body, `body_nomarkup` = :body_nomarkup WHERE `id` = :id', $board));
$query = prepare(sprintf('UPDATE ``posts_%s`` SET `name` = :name, `email` = :email, `subject` = :subject, `body` = :body, `body_nomarkup` = :body_nomarkup WHERE `id` = :id', $board));
else
$query = prepare(sprintf('UPDATE `posts_%s` SET `name` = :name, `email` = :email, `subject` = :subject, `body_nomarkup` = :body WHERE `id` = :id', $board));
$query = prepare(sprintf('UPDATE ``posts_%s`` SET `name` = :name, `email` = :email, `subject` = :subject, `body_nomarkup` = :body WHERE `id` = :id', $board));
$query->bindValue(':id', $postID);
$query->bindValue('name', $_POST['name']);
$query->bindValue(':email', $_POST['email']);
@ -1369,7 +1371,7 @@ function mod_deletebyip($boardName, $post, $global = false) {
error($config['error']['noaccess']);
// Find IP address
$query = prepare(sprintf('SELECT `ip` FROM `posts_%s` WHERE `id` = :id', $boardName));
$query = prepare(sprintf('SELECT `ip` FROM ``posts_%s`` WHERE `id` = :id', $boardName));
$query->bindValue(':id', $post);
$query->execute() or error(db_error($query));
if (!$ip = $query->fetchColumn())
@ -1379,7 +1381,7 @@ function mod_deletebyip($boardName, $post, $global = false) {
$query = '';
foreach ($boards as $_board) {
$query .= sprintf("SELECT `thread`, `id`, '%s' AS `board` FROM `posts_%s` WHERE `ip` = :ip UNION ALL ", $_board['uri'], $_board['uri']);
$query .= sprintf("SELECT `thread`, `id`, '%s' AS `board` FROM ``posts_%s`` WHERE `ip` = :ip UNION ALL ", $_board['uri'], $_board['uri']);
}
$query = preg_replace('/UNION ALL $/', '', $query);
@ -1431,7 +1433,7 @@ function mod_user($uid) {
if (!hasPermission($config['mod']['editusers']) && !(hasPermission($config['mod']['change_password']) && $uid == $mod['id']))
error($config['error']['noaccess']);
$query = prepare('SELECT * FROM `mods` WHERE `id` = :id');
$query = prepare('SELECT * FROM ``mods`` WHERE `id` = :id');
$query->bindValue(':id', $uid);
$query->execute() or error(db_error($query));
if (!$user = $query->fetch(PDO::FETCH_ASSOC))
@ -1457,7 +1459,7 @@ function mod_user($uid) {
if (!hasPermission($config['mod']['deleteusers']))
error($config['error']['noaccess']);
$query = prepare('DELETE FROM `mods` WHERE `id` = :id');
$query = prepare('DELETE FROM ``mods`` WHERE `id` = :id');
$query->bindValue(':id', $uid);
$query->execute() or error(db_error($query));
@ -1471,7 +1473,7 @@ function mod_user($uid) {
if ($_POST['username'] == '')
error(sprintf($config['error']['required'], 'username'));
$query = prepare('UPDATE `mods` SET `username` = :username, `boards` = :boards WHERE `id` = :id');
$query = prepare('UPDATE ``mods`` SET `username` = :username, `boards` = :boards WHERE `id` = :id');
$query->bindValue(':id', $uid);
$query->bindValue(':username', $_POST['username']);
$query->bindValue(':boards', implode(',', $boards));
@ -1486,7 +1488,7 @@ function mod_user($uid) {
$salt = generate_salt();
$password = hash('sha256', $salt . sha1($_POST['password']));
$query = prepare('UPDATE `mods` SET `password` = :password, `salt` = :salt WHERE `id` = :id');
$query = prepare('UPDATE ``mods`` SET `password` = :password, `salt` = :salt WHERE `id` = :id');
$query->bindValue(':id', $uid);
$query->bindValue(':password', $password);
$query->bindValue(':salt', $salt);
@ -1513,7 +1515,7 @@ function mod_user($uid) {
$salt = generate_salt();
$password = hash('sha256', $salt . sha1($_POST['password']));
$query = prepare('UPDATE `mods` SET `password` = :password, `salt` = :salt WHERE `id` = :id');
$query = prepare('UPDATE ``mods`` SET `password` = :password, `salt` = :salt WHERE `id` = :id');
$query->bindValue(':id', $uid);
$query->bindValue(':password', $password);
$query->bindValue(':salt', $salt);
@ -1534,7 +1536,7 @@ function mod_user($uid) {
}
if (hasPermission($config['mod']['modlog'])) {
$query = prepare('SELECT * FROM `modlogs` WHERE `mod` = :id ORDER BY `time` DESC LIMIT 5');
$query = prepare('SELECT * FROM ``modlogs`` WHERE `mod` = :id ORDER BY `time` DESC LIMIT 5');
$query->bindValue(':id', $uid);
$query->execute() or error(db_error($query));
$log = $query->fetchAll(PDO::FETCH_ASSOC);
@ -1581,7 +1583,7 @@ function mod_user_new() {
$salt = generate_salt();
$password = hash('sha256', $salt . sha1($_POST['password']));
$query = prepare('INSERT INTO `mods` VALUES (NULL, :username, :password, :salt, :type, :boards)');
$query = prepare('INSERT INTO ``mods`` VALUES (NULL, :username, :password, :salt, :type, :boards)');
$query->bindValue(':username', $_POST['username']);
$query->bindValue(':password', $password);
$query->bindValue(':salt', $salt);
@ -1607,7 +1609,7 @@ function mod_users() {
if (!hasPermission($config['mod']['manageusers']))
error($config['error']['noaccess']);
$query = query("SELECT *, (SELECT `time` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM `mods` ORDER BY `type` DESC,`id`") or error(db_error());
$query = query("SELECT *, (SELECT `time` FROM ``modlogs`` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM ``modlogs`` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM ``mods`` ORDER BY `type` DESC,`id`") or error(db_error());
$users = $query->fetchAll(PDO::FETCH_ASSOC);
mod_page(sprintf('%s (%d)', _('Manage users'), count($users)), 'mod/users.html', array('users' => $users));
@ -1619,7 +1621,7 @@ function mod_user_promote($uid, $action) {
if (!hasPermission($config['mod']['promoteusers']))
error($config['error']['noaccess']);
$query = prepare("UPDATE `mods` SET `type` = `type` " . ($action == 'promote' ? "+1 WHERE `type` < " . (int)ADMIN : "-1 WHERE `type` > " . (int)JANITOR) . " AND `id` = :id");
$query = prepare("UPDATE ``mods`` SET `type` = `type` " . ($action == 'promote' ? "+1 WHERE `type` < " . (int)ADMIN : "-1 WHERE `type` > " . (int)JANITOR) . " AND `id` = :id");
$query->bindValue(':id', $uid);
$query->execute() or error(db_error($query));
@ -1634,7 +1636,7 @@ function mod_pm($id, $reply = false) {
if ($reply && !hasPermission($config['mod']['create_pm']))
error($config['error']['noaccess']);
$query = prepare("SELECT `mods`.`username`, `mods_to`.`username` AS `to_username`, `pms`.* FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` LEFT JOIN `mods` AS `mods_to` ON `mods_to`.`id` = `to` WHERE `pms`.`id` = :id");
$query = prepare("SELECT ``mods``.`username`, `mods_to`.`username` AS `to_username`, ``pms``.* FROM ``pms`` LEFT JOIN ``mods`` ON ``mods``.`id` = `sender` LEFT JOIN ``mods`` AS `mods_to` ON `mods_to`.`id` = `to` WHERE ``pms``.`id` = :id");
$query->bindValue(':id', $id);
$query->execute() or error(db_error($query));
@ -1642,7 +1644,7 @@ function mod_pm($id, $reply = false) {
error($config['error']['404']);
if (isset($_POST['delete'])) {
$query = prepare("DELETE FROM `pms` WHERE `id` = :id");
$query = prepare("DELETE FROM ``pms`` WHERE `id` = :id");
$query->bindValue(':id', $id);
$query->execute() or error(db_error($query));
@ -1656,7 +1658,7 @@ function mod_pm($id, $reply = false) {
}
if ($pm['unread'] && $pm['to'] == $mod['id']) {
$query = prepare("UPDATE `pms` SET `unread` = 0 WHERE `id` = :id");
$query = prepare("UPDATE ``pms`` SET `unread` = 0 WHERE `id` = :id");
$query->bindValue(':id', $id);
$query->execute() or error(db_error($query));
@ -1683,12 +1685,12 @@ function mod_pm($id, $reply = false) {
function mod_inbox() {
global $config, $mod;
$query = prepare('SELECT `unread`,`pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `to` = :mod ORDER BY `unread` DESC, `time` DESC');
$query = prepare('SELECT `unread`,``pms``.`id`, `time`, `sender`, `to`, `message`, `username` FROM ``pms`` LEFT JOIN ``mods`` ON ``mods``.`id` = `sender` WHERE `to` = :mod ORDER BY `unread` DESC, `time` DESC');
$query->bindValue(':mod', $mod['id']);
$query->execute() or error(db_error($query));
$messages = $query->fetchAll(PDO::FETCH_ASSOC);
$query = prepare('SELECT COUNT(*) FROM `pms` WHERE `to` = :mod AND `unread` = 1');
$query = prepare('SELECT COUNT(*) FROM ``pms`` WHERE `to` = :mod AND `unread` = 1');
$query->bindValue(':mod', $mod['id']);
$query->execute() or error(db_error($query));
$unread = $query->fetchColumn();
@ -1710,12 +1712,12 @@ function mod_new_pm($username) {
if (!hasPermission($config['mod']['create_pm']))
error($config['error']['noaccess']);
$query = prepare("SELECT `id` FROM `mods` WHERE `username` = :username");
$query = prepare("SELECT `id` FROM ``mods`` WHERE `username` = :username");
$query->bindValue(':username', $username);
$query->execute() or error(db_error($query));
if (!$id = $query->fetchColumn()) {
// Old style ?/PM: by user ID
$query = prepare("SELECT `username` FROM `mods` WHERE `id` = :username");
$query = prepare("SELECT `username` FROM ``mods`` WHERE `id` = :username");
$query->bindValue(':username', $username);
$query->execute() or error(db_error($query));
if ($username = $query->fetchColumn())
@ -1728,7 +1730,7 @@ function mod_new_pm($username) {
$_POST['message'] = escape_markup_modifiers($_POST['message']);
markup($_POST['message']);
$query = prepare("INSERT INTO `pms` VALUES (NULL, :me, :id, :message, :time, 1)");
$query = prepare("INSERT INTO ``pms`` VALUES (NULL, :me, :id, :message, :time, 1)");
$query->bindValue(':me', $mod['id']);
$query->bindValue(':id', $id);
$query->bindValue(':message', $_POST['message']);
@ -1801,7 +1803,7 @@ function mod_rebuild() {
}
if (isset($_POST['rebuild_thread'])) {
$query = query(sprintf("SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error());
$query = query(sprintf("SELECT `id` FROM ``posts_%s`` WHERE `thread` IS NULL", $board['uri'])) or error(db_error());
while ($post = $query->fetch(PDO::FETCH_ASSOC)) {
$log[] = '<strong>' . sprintf($config['board_abbreviation'], $board['uri']) . '</strong>: Rebuilding thread #' . $post['id'];
buildThread($post['id']);
@ -1822,7 +1824,7 @@ function mod_reports() {
if (!hasPermission($config['mod']['reports']))
error($config['error']['noaccess']);
$query = prepare("SELECT * FROM `reports` ORDER BY `time` DESC LIMIT :limit");
$query = prepare("SELECT * FROM ``reports`` ORDER BY `time` DESC LIMIT :limit");
$query->bindValue(':limit', $config['mod']['recent_reports'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
$reports = $query->fetchAll(PDO::FETCH_ASSOC);
@ -1838,7 +1840,7 @@ function mod_reports() {
foreach ($report_queries as $board => $posts) {
$report_posts[$board] = array();
$query = query(sprintf('SELECT * FROM `posts_%s` WHERE `id` = ' . implode(' OR `id` = ', $posts), $board)) or error(db_error());
$query = query(sprintf('SELECT * FROM ``posts_%s`` WHERE `id` = ' . implode(' OR `id` = ', $posts), $board)) or error(db_error());
while ($post = $query->fetch(PDO::FETCH_ASSOC)) {
$report_posts[$board][$post['id']] = $post;
}
@ -1849,7 +1851,7 @@ function mod_reports() {
foreach ($reports as $report) {
if (!isset($report_posts[$report['board']][$report['post']])) {
// // Invalid report (post has since been deleted)
$query = prepare("DELETE FROM `reports` WHERE `post` = :id AND `board` = :board");
$query = prepare("DELETE FROM ``reports`` WHERE `post` = :id AND `board` = :board");
$query->bindValue(':id', $report['post'], PDO::PARAM_INT);
$query->bindValue(':board', $report['board']);
$query->execute() or error(db_error($query));
@ -1905,7 +1907,7 @@ function mod_reports() {
function mod_report_dismiss($id, $all = false) {
global $config;
$query = prepare("SELECT `post`, `board`, `ip` FROM `reports` WHERE `id` = :id");
$query = prepare("SELECT `post`, `board`, `ip` FROM ``reports`` WHERE `id` = :id");
$query->bindValue(':id', $id);
$query->execute() or error(db_error($query));
if ($report = $query->fetch(PDO::FETCH_ASSOC)) {
@ -1922,10 +1924,10 @@ function mod_report_dismiss($id, $all = false) {
error($config['error']['noaccess']);
if ($all) {
$query = prepare("DELETE FROM `reports` WHERE `ip` = :ip");
$query = prepare("DELETE FROM ``reports`` WHERE `ip` = :ip");
$query->bindValue(':ip', $ip);
} else {
$query = prepare("DELETE FROM `reports` WHERE `id` = :id");
$query = prepare("DELETE FROM ``reports`` WHERE `id` = :id");
$query->bindValue(':id', $id);
}
$query->execute() or error(db_error($query));
@ -2035,7 +2037,7 @@ function mod_themes_list() {
if (!$dir = opendir($config['dir']['themes']))
error(_('Cannot open themes directory; check permissions.'));
$query = query('SELECT `theme` FROM `theme_settings` WHERE `name` IS NULL AND `value` IS NULL') or error(db_error());
$query = query('SELECT `theme` FROM ``theme_settings`` WHERE `name` IS NULL AND `value` IS NULL') or error(db_error());
$themes_in_use = $query->fetchAll(PDO::FETCH_COLUMN);
// Scan directory for themes
@ -2071,19 +2073,19 @@ function mod_theme_configure($theme_name) {
}
// Clear previous settings
$query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme");
$query = prepare("DELETE FROM ``theme_settings`` WHERE `theme` = :theme");
$query->bindValue(':theme', $theme_name);
$query->execute() or error(db_error($query));
foreach ($theme['config'] as &$conf) {
$query = prepare("INSERT INTO `theme_settings` VALUES(:theme, :name, :value)");
$query = prepare("INSERT INTO ``theme_settings`` VALUES(:theme, :name, :value)");
$query->bindValue(':theme', $theme_name);
$query->bindValue(':name', $conf['name']);
$query->bindValue(':value', $_POST[$conf['name']]);
$query->execute() or error(db_error($query));
}
$query = prepare("INSERT INTO `theme_settings` VALUES(:theme, NULL, NULL)");
$query = prepare("INSERT INTO ``theme_settings`` VALUES(:theme, NULL, NULL)");
$query->bindValue(':theme', $theme_name);
$query->execute() or error(db_error($query));
@ -2101,7 +2103,7 @@ function mod_theme_configure($theme_name) {
if (!$result) {
// Install failed
$query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme");
$query = prepare("DELETE FROM ``theme_settings`` WHERE `theme` = :theme");
$query->bindValue(':theme', $theme_name);
$query->execute() or error(db_error($query));
}
@ -2133,7 +2135,7 @@ function mod_theme_uninstall($theme_name) {
if (!hasPermission($config['mod']['themes']))
error($config['error']['noaccess']);
$query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme");
$query = prepare("DELETE FROM ``theme_settings`` WHERE `theme` = :theme");
$query->bindValue(':theme', $theme_name);
$query->execute() or error(db_error($query));
@ -2164,7 +2166,7 @@ function mod_debug_antispam() {
$where .= ' AND `thread` = ' . $pdo->quote($_POST['thread']);
if (isset($_POST['purge'])) {
$query = prepare(', DATE `antispam` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE' . $where);
$query = prepare(', DATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE' . $where);
$query->bindValue(':expires', $config['spam']['hidden_inputs_expire']);
$query->execute() or error(db_error());
}
@ -2175,16 +2177,16 @@ function mod_debug_antispam() {
$where = '';
}
$query = query('SELECT COUNT(*) FROM `antispam`' . ($where ? " WHERE $where" : '')) or error(db_error());
$query = query('SELECT COUNT(*) FROM ``antispam``' . ($where ? " WHERE $where" : '')) or error(db_error());
$args['total'] = number_format($query->fetchColumn());
$query = query('SELECT COUNT(*) FROM `antispam` WHERE `expires` IS NOT NULL' . ($where ? " AND $where" : '')) or error(db_error());
$query = query('SELECT COUNT(*) FROM ``antispam`` WHERE `expires` IS NOT NULL' . ($where ? " AND $where" : '')) or error(db_error());
$args['expiring'] = number_format($query->fetchColumn());
$query = query('SELECT * FROM `antispam` ' . ($where ? "WHERE $where" : '') . ' ORDER BY `passed` DESC LIMIT 40') or error(db_error());
$query = query('SELECT * FROM ``antispam`` ' . ($where ? "WHERE $where" : '') . ' ORDER BY `passed` DESC LIMIT 40') or error(db_error());
$args['top'] = $query->fetchAll(PDO::FETCH_ASSOC);
$query = query('SELECT * FROM `antispam` ' . ($where ? "WHERE $where" : '') . ' ORDER BY `created` DESC LIMIT 20') or error(db_error());
$query = query('SELECT * FROM ``antispam`` ' . ($where ? "WHERE $where" : '') . ' ORDER BY `created` DESC LIMIT 20') or error(db_error());
$args['recent'] = $query->fetchAll(PDO::FETCH_ASSOC);
mod_page(_('Debug: Anti-spam'), 'mod/debug/antispam.html', $args);
@ -2200,7 +2202,7 @@ function mod_debug_recent_posts() {
// Manually build an SQL query
$query = 'SELECT * FROM (';
foreach ($boards as $board) {
$query .= sprintf('SELECT *, %s AS `board` FROM `posts_%s` UNION ALL ', $pdo->quote($board['uri']), $board['uri']);
$query .= sprintf('SELECT *, %s AS `board` FROM ``posts_%s`` UNION ALL ', $pdo->quote($board['uri']), $board['uri']);
}
// Remove the last "UNION ALL" seperator and complete the query
$query = preg_replace('/UNION ALL $/', ') AS `all_posts` ORDER BY `time` DESC LIMIT ' . $limit, $query);

6
install.php

@ -501,6 +501,9 @@ if ($step == 0) {
<label for="db_db">Database:</label>
<input type="text" id="db_db" name="db[database]" value="" />
<label for="db_pass">Table prefix (optional):</label>
<input type="password" id="db_pass" name="db[prefix]" value="" />
<label for="db_user">Username:</label>
<input type="text" id="db_user" name="db[user]" value="" />
@ -668,7 +671,8 @@ if ($step == 0) {
$queries[] = Element('posts.sql', array('board' => 'b'));
$sql_errors = '';
foreach ($queries as &$query) {
foreach ($queries as $query) {
$query = preg_replace('/^([\w\s]*)`([0-9a-zA-Z$_\x{0080}-\x{FFFF}]+)`/u', '$1``$2``', $query);
if (!query($query))
$sql_errors .= '<li>' . db_error() . '</li>';
}

10
post.php

@ -48,7 +48,7 @@ if (isset($_POST['delete'])) {
error($config['error']['nodelete']);
foreach ($delete as &$id) {
$query = prepare(sprintf("SELECT `thread`, `time`,`password` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
$query = prepare(sprintf("SELECT `thread`, `time`,`password` FROM ``posts_%s`` WHERE `id` = :id", $board['uri']));
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
@ -111,7 +111,7 @@ if (isset($_POST['delete'])) {
markup($reason);
foreach ($report as &$id) {
$query = prepare(sprintf("SELECT `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
$query = prepare(sprintf("SELECT `thread` FROM ``posts_%s`` WHERE `id` = :id", $board['uri']));
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
@ -123,7 +123,7 @@ if (isset($_POST['delete'])) {
'/' . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $thread ? $thread : $id) . ($thread ? '#' . $id : '') .
' for "' . $reason . '"'
);
$query = prepare("INSERT INTO `reports` VALUES (NULL, :time, :ip, :board, :post, :reason)");
$query = prepare("INSERT INTO ``reports`` VALUES (NULL, :time, :ip, :board, :post, :reason)");
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR);
$query->bindValue(':board', $board['uri'], PDO::PARAM_INT);
@ -227,7 +227,7 @@ if (isset($_POST['delete'])) {
//Check if thread exists
if (!$post['op']) {
$query = prepare(sprintf("SELECT `sticky`,`locked`,`sage` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri']));
$query = prepare(sprintf("SELECT `sticky`,`locked`,`sage` FROM ``posts_%s`` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri']));
$query->bindValue(':id', $post['thread'], PDO::PARAM_INT);
$query->execute() or error(db_error());
@ -583,7 +583,7 @@ if (isset($_POST['delete'])) {
if (isset($post['tracked_cites'])) {
foreach ($post['tracked_cites'] as $cite) {
$query = prepare('INSERT INTO `cites` VALUES (:board, :post, :target_board, :target)');
$query = prepare('INSERT INTO ``cites`` VALUES (:board, :post, :target_board, :target)');
$query->bindValue(':board', $board['uri']);
$query->bindValue(':post', $id, PDO::PARAM_INT);
$query->bindValue(':target_board',$cite[0]);

2
templates/posts.sql

@ -1,4 +1,4 @@
CREATE TABLE IF NOT EXISTS `posts_{{ board }}` (
CREATE TABLE IF NOT EXISTS ``posts_{{ board }}`` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`thread` int(11) DEFAULT NULL,
`subject` varchar(100) DEFAULT NULL,

2
templates/themes/basic/theme.php

@ -25,7 +25,7 @@
$settings['no_recent'] = (int) $settings['no_recent'];
$query = query("SELECT * FROM `news` ORDER BY `time` DESC" . ($settings['no_recent'] ? ' LIMIT ' . $settings['no_recent'] : '')) or error(db_error());
$query = query("SELECT * FROM ``news`` ORDER BY `time` DESC" . ($settings['no_recent'] ? ' LIMIT ' . $settings['no_recent'] : '')) or error(db_error());
$news = $query->fetchAll(PDO::FETCH_ASSOC);
return Element('themes/basic/index.html', Array(

2
templates/themes/catalog/theme.php

@ -37,7 +37,7 @@
$recent_posts = array();
$stats = array();
$query = query(sprintf("SELECT *, `id` AS `thread_id`, (SELECT COUNT(*) FROM `posts_%s` WHERE `thread` = `thread_id`) AS `reply_count`, '%s' AS `board` FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `bump` DESC", $board_name, $board_name, $board_name)) or error(db_error());
$query = query(sprintf("SELECT *, `id` AS `thread_id`, (SELECT COUNT(*) FROM ``posts_%s`` WHERE `thread` = `thread_id`) AS `reply_count`, '%s' AS `board` FROM ``posts_%s`` WHERE `thread` IS NULL ORDER BY `bump` DESC", $board_name, $board_name, $board_name)) or error(db_error());
while ($post = $query->fetch(PDO::FETCH_ASSOC)) {
$post['link'] = $config['root'] . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], ($post['thread'] ? $post['thread'] : $post['id']));

2
templates/themes/categories/theme.php

@ -36,7 +36,7 @@
public static function news($settings) {
global $config;
$query = query("SELECT * FROM `news` ORDER BY `time` DESC") or error(db_error());
$query = query("SELECT * FROM ``news`` ORDER BY `time` DESC") or error(db_error());
$news = $query->fetchAll(PDO::FETCH_ASSOC);
return Element('themes/categories/news.html', Array(

2
templates/themes/frameset/theme.php

@ -36,7 +36,7 @@
public static function news($settings) {
global $config;
$query = query("SELECT * FROM `news` ORDER BY `time` DESC") or error(db_error());
$query = query("SELECT * FROM ``news`` ORDER BY `time` DESC") or error(db_error());
$news = $query->fetchAll(PDO::FETCH_ASSOC);