diff options
author | Star Rauchenberger <fefferburbia@gmail.com> | 2024-01-08 21:09:05 +0000 |
---|---|---|
committer | Star Rauchenberger <fefferburbia@gmail.com> | 2024-01-08 21:09:05 +0000 |
commit | 459e929311d8806f604c0b914ba4b37aa731fbfc (patch) | |
tree | d81247d7ee4f768c9df552df07aad6d6896047f8 /includes | |
parent | 5b892eafafb1f41bab1a20f1524cef144042e3e1 (diff) | |
download | pillowcase-459e929311d8806f604c0b914ba4b37aa731fbfc.tar.gz pillowcase-459e929311d8806f604c0b914ba4b37aa731fbfc.tar.bz2 pillowcase-459e929311d8806f604c0b914ba4b37aa731fbfc.zip |
Diffstat (limited to 'includes')
-rwxr-xr-x | includes/db.php | 4 | ||||
-rwxr-xr-x | includes/fix_mysql.inc.php | 257 | ||||
-rwxr-xr-x | includes/functions.php | 24 | ||||
-rwxr-xr-x | includes/update.php | 26 |
4 files changed, 30 insertions, 281 deletions
diff --git a/includes/db.php b/includes/db.php index 6554b8a..e2d67ee 100755 --- a/includes/db.php +++ b/includes/db.php | |||
@@ -1,9 +1,7 @@ | |||
1 | <?php | 1 | <?php |
2 | 2 | ||
3 | include_once('fix_mysql.inc.php'); | ||
4 | include('/srv/www/security/pillowcase.php'); | 3 | include('/srv/www/security/pillowcase.php'); |
5 | 4 | ||
6 | $mysql_conn = mysql_connect($dbhost, $dbuser, $dbpasswd); | 5 | $mysql_conn = new mysqli($dbhost, $dbuser, $dbpasswd, $dbname); |
7 | mysql_select_db($dbname); | ||
8 | 6 | ||
9 | ?> | 7 | ?> |
diff --git a/includes/fix_mysql.inc.php b/includes/fix_mysql.inc.php deleted file mode 100755 index 8ff45bf..0000000 --- a/includes/fix_mysql.inc.php +++ /dev/null | |||
@@ -1,257 +0,0 @@ | |||
1 | <?php | ||
2 | /** | ||
3 | * replacement for all mysql functions | ||
4 | * | ||
5 | * @version 3 | ||
6 | * @git https://github.com/rubo77/php-mysql-fix | ||
7 | * | ||
8 | * Be aware, that this is just a workaround to fix-up some old code and the resulting project | ||
9 | * will be more vulnerable than if you use the recommended newer mysqli-functions instead. | ||
10 | * So only If you are sure that this is not setting your server at risk, you can fix your old | ||
11 | * code by adding this line at the beginning of your old code: | ||
12 | |||
13 | <?php | ||
14 | include_once('fix_mysql.inc.php'); | ||
15 | * | ||
16 | * see: https://stackoverflow.com/a/37877644/1069083 | ||
17 | */ | ||
18 | |||
19 | if (!function_exists("mysql_connect")){ | ||
20 | /* warning: fatal error "cannot redeclare" if a function was disabled in php.ini with disable_functions: | ||
21 | disable_functions =mysql_connect,mysql_pconnect,mysql_select_db,mysql_ping,mysql_query,mysql_fetch_assoc,mysql_num_rows,mysql_fetch_array,mysql_error,mysql_insert_id,mysql_close,mysql_real_escape_string,mysql_data_seek,mysql_result | ||
22 | */ | ||
23 | |||
24 | define("MYSQL_ASSOC", MYSQLI_ASSOC); | ||
25 | define("MYSQL_NUM", MYSQLI_NUM); | ||
26 | define("MYSQL_BOTH", MYSQLI_BOTH); | ||
27 | |||
28 | function mysql_fetch_array($result, $result_type = MYSQL_BOTH){ | ||
29 | $row = mysqli_fetch_array($result, $result_type); | ||
30 | return is_null($row) ? false : $row; | ||
31 | } | ||
32 | |||
33 | function mysql_fetch_assoc($result){ | ||
34 | $row = mysqli_fetch_assoc($result); | ||
35 | return is_null($row) ? false : $row; | ||
36 | } | ||
37 | |||
38 | function mysql_fetch_row($result) { | ||
39 | $row = mysqli_fetch_row($result); | ||
40 | return is_null($row) ? false : $row; | ||
41 | } | ||
42 | |||
43 | function mysql_fetch_object($result) { | ||
44 | $row = mysqli_fetch_object($result); | ||
45 | return is_null($row) ? false : $row; | ||
46 | } | ||
47 | |||
48 | function mysql_connect($host, $username, $password, $new_link = FALSE, $client_flags = 0){ | ||
49 | global $global_link_identifier; | ||
50 | $global_link_identifier = mysqli_connect($host, $username, $password); | ||
51 | return $global_link_identifier; | ||
52 | } | ||
53 | |||
54 | function mysql_pconnect($host, $username, $password, $client_flags = 0){ | ||
55 | global $global_link_identifier; | ||
56 | $global_link_identifier = mysqli_connect("p:".$host, $username, $password); | ||
57 | return $global_link_identifier; | ||
58 | } | ||
59 | |||
60 | function mysql_select_db($dbname, $link_identifier = null){ | ||
61 | global $global_link_identifier; | ||
62 | if($link_identifier == null) { | ||
63 | $link_identifier = $global_link_identifier; | ||
64 | } | ||
65 | return mysqli_select_db($link_identifier, $dbname); | ||
66 | } | ||
67 | |||
68 | function mysql_ping($link_identifier = null){ | ||
69 | global $global_link_identifier; | ||
70 | if($link_identifier == null) { | ||
71 | $link_identifier = $global_link_identifier; | ||
72 | } | ||
73 | return mysqli_ping($link_identifier); | ||
74 | } | ||
75 | |||
76 | function mysql_query($stmt, $link_identifier = null){ | ||
77 | global $global_link_identifier; | ||
78 | if($link_identifier == null) { | ||
79 | $link_identifier = $global_link_identifier; | ||
80 | } | ||
81 | return mysqli_query($link_identifier, $stmt); | ||
82 | } | ||
83 | |||
84 | function mysql_db_query ($database, $query, $link_identifier = NULL){ | ||
85 | global $global_link_identifier; | ||
86 | if($link_identifier == null) { | ||
87 | $link_identifier = $global_link_identifier; | ||
88 | } | ||
89 | mysqli_select_db($link_identifier, $database); | ||
90 | return mysqli_query($link_identifier, $query); | ||
91 | } | ||
92 | |||
93 | function mysql_num_rows($result){ | ||
94 | return mysqli_num_rows($result); | ||
95 | } | ||
96 | |||
97 | function mysql_affected_rows($link_identifier = NULL){ | ||
98 | // TODO: check, if working when called without argument: mysql_affected_rows() | ||
99 | global $global_link_identifier; | ||
100 | if($link_identifier == null) { | ||
101 | $link_identifier = $global_link_identifier; | ||
102 | } | ||
103 | return mysqli_affected_rows($link_identifier); | ||
104 | } | ||
105 | |||
106 | function mysql_list_tables($dbname, $link_identifier = null){ | ||
107 | global $global_link_identifier; | ||
108 | if($link_identifier == null) { | ||
109 | $link_identifier = $global_link_identifier; | ||
110 | } | ||
111 | $sql = "SHOW TABLES FROM $dbname"; | ||
112 | $result = mysql_query($sql, $link_identifier); | ||
113 | return $result; | ||
114 | } | ||
115 | |||
116 | function mysql_error($link_identifier = null){ | ||
117 | global $global_link_identifier; | ||
118 | if($link_identifier == null) { | ||
119 | $link_identifier = $global_link_identifier; | ||
120 | } | ||
121 | return mysqli_error($link_identifier); | ||
122 | } | ||
123 | |||
124 | function mysql_errno($link_identifier = null){ | ||
125 | global $global_link_identifier; | ||
126 | if($link_identifier == null) { | ||
127 | $link_identifier = $global_link_identifier; | ||
128 | } | ||
129 | return mysqli_errno($link_identifier); | ||
130 | } | ||
131 | |||
132 | function mysql_insert_id($link_identifier = NULL){ | ||
133 | global $global_link_identifier; | ||
134 | if($link_identifier == null) { | ||
135 | $link_identifier = $global_link_identifier; | ||
136 | } | ||
137 | return mysqli_insert_id($link_identifier); | ||
138 | } | ||
139 | |||
140 | function mysql_close($link_identifier = NULL){ | ||
141 | return true; | ||
142 | } | ||
143 | |||
144 | function mysql_real_escape_string($unescaped_string, $link_identifier = null){ | ||
145 | global $global_link_identifier; | ||
146 | if($link_identifier == null) { | ||
147 | $link_identifier = $global_link_identifier; | ||
148 | } | ||
149 | return mysqli_real_escape_string($link_identifier, $unescaped_string); | ||
150 | } | ||
151 | |||
152 | function mysql_data_seek($result, $row_number){ | ||
153 | return mysqli_data_seek($result, $row_number); | ||
154 | } | ||
155 | |||
156 | function mysql_result($result, $row=0, $col=0){ | ||
157 | $numrows = mysqli_num_rows($result); | ||
158 | if($numrows && $row <= ($numrows-1) && $row >= 0){ | ||
159 | mysqli_data_seek($result, $row); | ||
160 | $resultrow = (is_numeric($col)) ? mysqli_fetch_row($result) : mysqli_fetch_assoc($result); | ||
161 | if (isset($resultrow[$col])){ | ||
162 | return $resultrow[$col]; | ||
163 | } | ||
164 | } | ||
165 | return false; | ||
166 | } | ||
167 | |||
168 | function mysql_escape_string($s, $link_identifier = null){ | ||
169 | global $global_link_identifier; | ||
170 | if($link_identifier == null) { | ||
171 | $link_identifier = $global_link_identifier; | ||
172 | } | ||
173 | return mysqli_real_escape_string($link_identifier, $s); | ||
174 | } | ||
175 | |||
176 | function mysql_fetch_field($result, $i = null) { | ||
177 | if ($i === null) { | ||
178 | return mysqli_fetch_field($result); | ||
179 | } | ||
180 | return mysqli_fetch_field_direct($result, $i); | ||
181 | } | ||
182 | |||
183 | function mysql_field_name($result, $i) { | ||
184 | return mysqli_fetch_field_direct($result, $i)->name; | ||
185 | } | ||
186 | |||
187 | function mysql_field_type($result, $i){ | ||
188 | return mysqli_fetch_field_direct($result, $i)->type; | ||
189 | } | ||
190 | |||
191 | function mysql_field_len($result, $i){ | ||
192 | return mysqli_fetch_field_direct($result, $i)->length; | ||
193 | } | ||
194 | |||
195 | function mysql_num_fields($result){ | ||
196 | return mysqli_num_fields($result); | ||
197 | } | ||
198 | |||
199 | function mysql_free_result($result) { | ||
200 | return mysqli_free_result($result); | ||
201 | } | ||
202 | |||
203 | function mysql_get_server_info($link_identifier = null){ | ||
204 | global $global_link_identifier; | ||
205 | if($link_identifier == null) { | ||
206 | $link_identifier = $global_link_identifier; | ||
207 | } | ||
208 | return mysqli_get_server_info($link_identifier); | ||
209 | } | ||
210 | |||
211 | function mysql_set_charset($csname, $link_identifier = null){ | ||
212 | global $global_link_identifier; | ||
213 | if($link_identifier == null) { | ||
214 | $link_identifier = $global_link_identifier; | ||
215 | } | ||
216 | return mysqli_set_charset($link_identifier, $csname); | ||
217 | } | ||
218 | |||
219 | // aliases | ||
220 | function mysql(...$args){ return mysql_db_query(...$args); } | ||
221 | function mysql_createdb(...$args){ return mysql_create_db(...$args); } | ||
222 | function mysql_db_name(...$args){ return mysql_result(...$args); } | ||
223 | function mysql_dbname(...$args){ return mysql_result(...$args); } | ||
224 | function mysql_dropdb(...$args){ return mysql_drop_db(...$args); } | ||
225 | function mysql_fieldflags(...$args){ return mysql_field_flags(...$args); } | ||
226 | function mysql_fieldlen(...$args){ return mysql_field_len(...$args); } | ||
227 | function mysql_fieldname(...$args){ return mysql_field_name(...$args); } | ||
228 | function mysql_fieldtable(...$args){ return mysql_field_table(...$args); } | ||
229 | function mysql_fieldtype(...$args){ return mysql_field_type(...$args); } | ||
230 | function mysql_freeresult(...$args){ return mysql_free_result(...$args); } | ||
231 | function mysql_listdbs(...$args){ return mysql_list_dbs(...$args); } | ||
232 | function mysql_listfields(...$args){ return mysql_list_fields(...$args); } | ||
233 | function mysql_listtables(...$args){ return mysql_list_tables(...$args); } | ||
234 | function mysql_numfields(...$args){ return mysql_num_fields(...$args); } | ||
235 | function mysql_numrows(...$args){ return mysql_num_rows(...$args); } | ||
236 | function mysql_selectdb(...$args){ return mysql_select_db(...$args); } | ||
237 | |||
238 | // TODO: those functions are not defined yet: | ||
239 | function mysql_client_encoding(){ trigger_error("mysql_client_encoding is not defined yet", E_USER_ERROR); } | ||
240 | function mysql_create_db(){ trigger_error("mysql_create_db is not defined yet", E_USER_ERROR); } | ||
241 | function mysql_drop_db(){ trigger_error("mysql_drop_db is not defined yet", E_USER_ERROR); } | ||
242 | function mysql_fetch_lengths(){ trigger_error("mysql_fetch_lengths is not defined yet", E_USER_ERROR); } | ||
243 | function mysql_field_flags(){ trigger_error("mysql_field_flags is not defined yet", E_USER_ERROR); } | ||
244 | function mysql_field_seek(){ trigger_error("mysql_field_seek is not defined yet", E_USER_ERROR); } | ||
245 | function mysql_field_table(){ trigger_error("mysql_field_table is not defined yet", E_USER_ERROR); } | ||
246 | function mysql_get_client_info(){ trigger_error("mysql_get_client_info is not defined yet", E_USER_ERROR); } | ||
247 | function mysql_get_host_info(){ trigger_error("mysql_get_host_info is not defined yet", E_USER_ERROR); } | ||
248 | function mysql_get_proto_info(){ trigger_error("mysql_get_proto_info is not defined yet", E_USER_ERROR); } | ||
249 | function mysql_info(){ trigger_error("mysql_info is not defined yet", E_USER_ERROR); } | ||
250 | function mysql_list_dbs(){ trigger_error("mysql_list_dbs is not defined yet", E_USER_ERROR); } | ||
251 | function mysql_list_fields(){ trigger_error("mysql_list_fields is not defined yet", E_USER_ERROR); } | ||
252 | function mysql_list_processes(){ trigger_error("mysql_list_processes is not defined yet", E_USER_ERROR); } | ||
253 | function mysql_tablename(){ trigger_error("mysql_tablename is not defined yet", E_USER_ERROR); } | ||
254 | function mysql_stat(){ trigger_error("mysql_stat is not defined yet", E_USER_ERROR); } | ||
255 | function mysql_thread_id(){ trigger_error("mysql_thread_id is not defined yet", E_USER_ERROR); } | ||
256 | function mysql_unbuffered_query(){ trigger_error("mysql_unbuffered_query is not defined yet", E_USER_ERROR); } | ||
257 | } | ||
diff --git a/includes/functions.php b/includes/functions.php index edb666b..e0a5ab8 100755 --- a/includes/functions.php +++ b/includes/functions.php | |||
@@ -2,9 +2,12 @@ | |||
2 | 2 | ||
3 | function has_meta($id, $name) | 3 | function has_meta($id, $name) |
4 | { | 4 | { |
5 | $getmeta = "SELECT * FROM meta WHERE comic_id = " . $id . " AND name = \"" . $name . "\""; | 5 | global $mysql_conn; |
6 | $getmeta2 = mysql_query($getmeta); | 6 | $getmeta = $mysql_conn->prepare("SELECT * FROM meta WHERE comic_id = ? AND name = ?"); |
7 | $getmeta3 = mysql_fetch_array($getmeta2); | 7 | $getmeta->bind_param("is", $id, $name); |
8 | $getmeta->execute(); | ||
9 | $getmeta2 = $getmeta->get_result(); | ||
10 | $getmeta3 = $getmeta2->fetch_assoc(); | ||
8 | 11 | ||
9 | if ($getmeta3['name'] == $name) | 12 | if ($getmeta3['name'] == $name) |
10 | { | 13 | { |
@@ -16,18 +19,21 @@ function has_meta($id, $name) | |||
16 | 19 | ||
17 | function get_meta($id, $name) | 20 | function get_meta($id, $name) |
18 | { | 21 | { |
19 | $getmeta = "SELECT * FROM meta WHERE comic_id = " . $id . " AND name = \"" . $name . "\""; | 22 | global $mysql_conn; |
20 | $getmeta2 = mysql_query($getmeta); | 23 | $getmeta = $mysql_conn->prepare("SELECT * FROM meta WHERE comic_id = ? AND name = ?"); |
21 | $getmeta3 = mysql_fetch_array($getmeta2); | 24 | $getmeta->bind_param("is", $id, $name); |
25 | $getmeta->execute(); | ||
26 | $getmeta2 = $getmeta->get_result(); | ||
27 | $getmeta3 = $getmeta2->fetch_assoc(); | ||
22 | 28 | ||
23 | return $getmeta3['value']; | 29 | return $getmeta3['value']; |
24 | } | 30 | } |
25 | 31 | ||
26 | function next_comic_id() | 32 | function next_comic_id() |
27 | { | 33 | { |
28 | $getcomic = "SELECT * FROM comics WHERE status = \"publish\" ORDER BY comic_id DESC LIMIT 0,1"; | 34 | global $mysql_conn; |
29 | $getcomic2 = mysql_query($getcomic); | 35 | $getcomic = $mysql_conn->query("SELECT * FROM comics WHERE status = \"publish\" ORDER BY comic_id DESC LIMIT 0,1"); |
30 | $getcomic3 = mysql_fetch_array($getcomic2); | 36 | $getcomic3 = $getcomic->fetch_assoc(); |
31 | 37 | ||
32 | return ($getcomic3['comic_id']+1); | 38 | return ($getcomic3['comic_id']+1); |
33 | } | 39 | } |
diff --git a/includes/update.php b/includes/update.php index 6c8d9ff..3f2fae1 100755 --- a/includes/update.php +++ b/includes/update.php | |||
@@ -1,27 +1,29 @@ | |||
1 | <?php | 1 | <?php |
2 | 2 | ||
3 | $getlast = "SELECT * FROM config WHERE name = \"lastUpdated\""; | 3 | $getlast = $mysql_conn->query("SELECT * FROM config WHERE name = \"lastUpdated\""); |
4 | $getlast2 = mysql_query($getlast); | 4 | $getlast3 = $getlast->fetch_assoc(); |
5 | $getlast3 = mysql_fetch_array($getlast2); | ||
6 | 5 | ||
7 | $last = $getlast3['value']; | 6 | $last = $getlast3['value']; |
8 | if ($last != date('md')) | 7 | if ($last != date('md')) |
9 | { | 8 | { |
10 | $getpending = "SELECT * FROM comics WHERE status = \"pending\" ORDER BY id ASC LIMIT 0,1"; | 9 | $getpending = $mysql_conn->query("SELECT * FROM comics WHERE status = \"pending\" ORDER BY id ASC LIMIT 0,1"); |
11 | $getpending2 = mysql_query($getpending); | 10 | $getpending3 = $getpending->fetch_assoc(); |
12 | $getpending3 = mysql_fetch_array($getpending2); | ||
13 | if (!empty($getpending3)) | 11 | if (!empty($getpending3)) |
14 | { | 12 | { |
15 | $id = next_comic_id(); | 13 | $id = next_comic_id(); |
16 | 14 | ||
17 | $setcomic = "UPDATE comics SET status = \"publish\", comic_id = " . $id . " WHERE id = " . $getpending3['id']; | 15 | $setcomic = $mysql_conn->prepare("UPDATE comics SET status = \"publish\", comic_id = ? WHERE id = ?"); |
18 | $setcomic2 = mysql_query($setcomic) or die($setcomic); | 16 | $setcomic->bind_param("ii", $id, $getpending3['id']); |
17 | $setcomic->execute() or die($setcomic); | ||
19 | 18 | ||
20 | $insmeta = "INSERT INTO meta (comic_id,name,value) VALUES (" . $getpending3['id'] . ",\"pubDate\",\"" . date('Y-m-d H:i:s') . "\")"; | 19 | $insmeta = $mysql_conn->prepare("INSERT INTO meta (comic_id,name,value) VALUES (?,\"pubDate\",\"" . date('Y-m-d H:i:s') . "\")"); |
21 | $insmeta2 = mysql_query($insmeta) or die($insmeta); | 20 | $insmeta->bind_param("i", $getpending3['id']); |
21 | $insmeta->execute() or die($insmeta); | ||
22 | 22 | ||
23 | $setconfig = "UPDATE config SET value = \"" . date('md') . "\" WHERE name = \"lastUpdated\""; | 23 | $setconfig = $mysql_conn->prepare("UPDATE config SET value = ? WHERE name = \"lastUpdated\""); |
24 | $setconfig2 = mysql_query($setconfig); | 24 | $newdate = date('md'); |
25 | $setconfig->bind_param("s", $newdate); | ||
26 | $setconfig->execute(); | ||
25 | } | 27 | } |
26 | } | 28 | } |
27 | 29 | ||