[Astrospaces-commits] SF.net SVN: astrospaces: [48] trunk
Brought to you by:
p3net
Menu
▾
▴
[Astrospaces-commits] SF.net SVN: astrospaces: [48] trunk
|
From: <cal...@us...> - 2007-07-30 23:20:49
|
Revision: 48
http://astrospaces.svn.sourceforge.net/astrospaces/?rev=48&view=rev
Author: caleb870
Date: 2007-07-30 16:20:51 -0700 (Mon, 30 Jul 2007)
Log Message:
-----------
Finally completed converting to ADOdb, fixed a few syntax errors along the way as well.
Modified Paths:
--------------
trunk/config.php
trunk/functions/session.php
trunk/gallery.php
Modified: trunk/config.php
===================================================================
--- trunk/config.php 2007-07-30 22:04:51 UTC (rev 47)
+++ trunk/config.php 2007-07-30 23:20:51 UTC (rev 48)
@@ -1,7 +1,7 @@
<?php
/* These settings are autogenerated by AstroSPACES
- do not change them unless you know what you are
- doing!
+ do not change them unless if you have instructions
+ stating that these values should be changed.
*/
define('AS_DB_TYPE', 'mysql');
define('AS_DB_PREFIX', 'as_');
@@ -17,8 +17,7 @@
define('AS_LOC_DIRECT', 'C:/path/to/astrospaces/');
/* These settings are constants and must NOT
- be altered. Doing so will prevent AstroSPACES
- from functioning.
+ be altered unless if you understand what you are doing.
*/
define('AS_TBL_USER', AS_DB_PREFIX.'user');
define('AS_TBL_BLOG', AS_DB_PREFIX.'blog');
@@ -30,6 +29,8 @@
define('AS_TBL_CMT', AS_DB_PREFIX.'comments');
define('AS_TBL_SESSION', AS_DB_PREFIX.'sessions');
define('AS_TBL_PM', AS_DB_PREFIX.'private_messages');
+define('AS_TBL_GRP', AS_DB_PREFIX.'groups');
+define('AS_TBL_GRP_RES', AS_DB_PREFIX.'group_resolver');
define('AS_DIR_TPL', 'template/');
define('AS_TPL', AS_LOC_URL.AS_DIR_TPL.'default/');
Modified: trunk/functions/session.php
===================================================================
--- trunk/functions/session.php 2007-07-30 22:04:51 UTC (rev 47)
+++ trunk/functions/session.php 2007-07-30 23:20:51 UTC (rev 48)
@@ -211,6 +211,7 @@
$error->general('Invalid actionID', "Invalid actionID = Possible hack! Input value: \"".$action."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
return false;
}
+
if (!is_numeric($who) and $who != null)
{
$error->general('Invalid whoID', "Invalid whoID = Possible hack! Input value: \"".$who."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
@@ -239,7 +240,7 @@
{
if (!is_numeric($id) and $id != null)
{
- $error->general('Invalid friendID', "Invalid friendID = Possible hack! Input value: \"".$action."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
+ $error->general('Invalid friendID', "Invalid friendID = Possible hack! Input value: \"".$id."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
return false;
}
@@ -280,6 +281,7 @@
$message->thank("adding this user as your friend. You will be alerted when they accept you as a friend.", "to go back", "javascript:history.go(-1)");
}
}
+ }
}
}
/*
@@ -291,7 +293,7 @@
{
if (!is_numeric($id) and $id != null)
{
- $error->general('Invalid friendID', "Invalid friendID = Possible hack! Input value: \"".$action."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
+ $error->general('Invalid friendID', "Invalid friendID = Possible hack! Input value: \"".$id."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
return false;
}
$_query= 'UPDATE '.AS_TBL_FRIEND.' SET accepted = 1 WHERE party_2 = '.$data->user['user_id'].' AND party_1 = '.$id.' LIMIT 1';
@@ -307,23 +309,23 @@
{
if (!is_numeric($id) and $id != null)
{
- $error->general('Invalid friendID', "Invalid friendID = Possible hack! Input value: \"".$action."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
+ $error->general('Invalid friendID', "Invalid friendID = Possible hack! Input value: \"".$id."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
return false;
}
/*We're simply checking whether or not we have the permissions to view this space */
/*First we need to figure out what the space privacy setting is*/
$_query = 'SELECT privacy FROM '.AS_TBL_USER.' WHERE id = ' . $id . ' LIMIT 1';
$_query = $db->Execute($_query);
- $_query=$db->fetch_array($_query);
- $res=$_query['privacy'];
+ $_query = $db->GetArray($_query);
+ $res = $_query[0]['privacy'];
if($res == '0')
{
- /*All users can view this space*/
+ /* All users can view this space */
return true;
}
else
{
- /*We need to check if we're they're friend*/
+ /* We need to check if we're they're friend */
if($session->is_friend($id))
{
return true;
@@ -341,17 +343,22 @@
*/
function add_comment($id)
{
+ if (!is_numeric($id) and $id != null)
+ {
+ $error->general('Invalid userID', "Invalid userD = Possible hack! Input value: \"".$id."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
+ return false;
+ }
if($session->is_friend($id))
{
- /*Okay, we have permission to leave this comment*/
- foreach($_POST as $key => $value)
- {
- $var[$key] = mysql_real_escape_string($value);
- }
- $_query="INSERT INTO `comments` VALUES('', '" . time() . "', '" . $user->data['user_id'] . "', '" . $id . "', '" . $var['body'] .
- "'";
- $db->query($_query);
- $session->action('2', $id);
+ /* Okay, we have permission to leave this comment */
+ $_query = 'INSERT INTO '.AS_TBL_CMT.' (comment_timestamp, poster_id, recipient_id, comment) VALUES(' .
+ time() . ',' . $user->data['user_id'] . ',' . $id . ',' . $db->qstr($_POST['body']).')';
+ if ($db->Execute($_query) === false)
+ {
+ $error->general('<b>DB Error!</b>', 'session.php - add_comment(): '.$db->ErrorMsg());
+ return false;
+ }
+ $session->action('2', $id);
}
}
/*
@@ -361,10 +368,15 @@
*/
function get_username($id)
{
- $_query="SELECT `display_name` FROM `users` WHERE `id`='" . $id . "'";
- $_query=$db->query($_query);
- $res=$db->fetch_array($_query);
- return $res['display_name'];
+ if (!is_numeric($id) and $id != null)
+ {
+ $error->general('Invalid userID', "Invalid userID = Possible hack! Input value: \"".$id."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
+ return false;
+ }
+ $_query = 'SELECT display_name FROM '.AS_TBL_USER.' WHERE id = ' . $id;
+ $_query = $db->Execute($_query);
+ $res = $db->GetArray($_query);
+ return $res[0]['display_name'];
}
/*
Function Name: add_image_comment
@@ -373,19 +385,25 @@
*/
function add_image_comment($id)
{
- $owner = "SELECT `owner` FROM `images` WHERE `id`='" . $id . "'";
+ if (!is_numeric($id) and $id != null)
+ {
+ $error->general('Invalid imageID', "Invalid imageID = Possible hack! Input value: \"".$id."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
+ return false;
+ }
+
+ $owner = 'SELECT owner_id FROM '.AS_TBL_IMG.' WHERE id = ' . $id;
$owner = $db->query($owner);
$owner = $db->fetch_array($owner);
$owner = $owner['owner'];
- if($session->is_friend($owner))
+ if ($session->is_friend($owner))
{
- foreach($_POST as $key => $value)
- {
- $var[$key] = mysql_real_escape_string($value);
- }
- $_query="INSERT INTO `image_comments` VALUES('', '" . $id . "', '" . time() . "', '" . $user->data['user_id'] . "', '" . $var['comment'] . "'";
- $db->query($_query);
- }
+ $_query = 'INSERT INTO '.AS_TBL_IMG_CMT.' (image_id, post_timestamp, author, comment) VALUES('. $id . ',' . time() . ',' . $user->data['user_id'] . ',' . $db->qstr($_POST['comment'],get_magic_quotes_gpc()) . ')';
+ if ($db->Execute($_query) === false)
+ {
+ $error->general('<b>DB Error!</b>', 'session.php - add_img_comment(): '.$db->ErrorMsg());
+ return false;
+ }
+ }
}
/*
Function Name: generate_timestamp
@@ -394,14 +412,20 @@
*/
function generate_timestamp($time)
{
+ if (!is_numeric($time) and $time != null)
+ {
+ $error->general('Invalid timestamp', "Invalid timestamp = Possible hack! Input value: \"".$time."\" User Hostname: ".$_SERVER['REMOTE_ADDR']);
+ return false;
+ }
+
if($session->logged_in())
{
- $_query="SELECT `time_offset` FROM `users` WHERE `id`='" . $user->data['user_id'] . "'";
- $_query=$db->query($_query);
- $_query=$db->fetch_array($_query);
- $offset=$_query['time_offset'];
-
- $diff = $offset * 60 * 60;
+ $_query = 'SELECT time_offset FROM '.AS_TBL_USER.' WHERE id = ' . $user->data['user_id'];
+ $_query = $db->Execute($_query);
+ $_query = $query->GetArray($_query);
+ $offset = $_query[0]['time_offset'];
+
+ $diff = $offset * 60 * 60;
}
$time = $time + $diff;
return date('m/d/Y G:i:s', $time);
Modified: trunk/gallery.php
===================================================================
--- trunk/gallery.php 2007-07-30 22:04:51 UTC (rev 47)
+++ trunk/gallery.php 2007-07-30 23:20:51 UTC (rev 48)
@@ -66,17 +66,17 @@
$img_com = $db->Execute( $_query );
$count = $img_com->RecordCount();
- for ($i = 0; $i < $count; $i++) /* What? */
+ $array = $img_com->GetArray();
+ foreach($array[0] as $key_name => $key_value)
{
- foreach($value as $key_name => $key_value)
- {
- if ($key_value == 'author')
- {
- $key_value = $session->get_username($key_value);
- }
- $com[$key_name] = $key_value;
- }
- $img_con->MoveNext();
+ if (!is_numeric($key_name))
+ {
+ if ($key_value == 'author')
+ {
+ $key_value = $session->get_username($key_value);
+ }
+ $com[$key_name] = $key_value;
+ }
}
$img_com->Close();
$img = $img->GetArray();
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
