summary refs log tree commit diff stats
path: root/includes
diff options
context:
space:
mode:
Diffstat (limited to 'includes')
-rwxr-xr-xincludes/db.php4
-rwxr-xr-xincludes/fix_mysql.inc.php257
-rwxr-xr-xincludes/functions.php24
-rwxr-xr-xincludes/update.php26
4 files changed, 30 insertions, 281 deletions
diff --git a/includes/db.php b/includes/db.php index 6554b8a..e2d67ee 100755 --- a/includes/db.php +++ b/includes/db.php
@@ -1,9 +1,7 @@
1<?php 1<?php
2 2
3include_once('fix_mysql.inc.php');
4include('/srv/www/security/pillowcase.php'); 3include('/srv/www/security/pillowcase.php');
5 4
6$mysql_conn = mysql_connect($dbhost, $dbuser, $dbpasswd); 5$mysql_conn = new mysqli($dbhost, $dbuser, $dbpasswd, $dbname);
7mysql_select_db($dbname);
8 6
9?> 7?>
diff --git a/includes/fix_mysql.inc.php b/includes/fix_mysql.inc.php deleted file mode 100755 index 8ff45bf..0000000 --- a/includes/fix_mysql.inc.php +++ /dev/null
@@ -1,257 +0,0 @@
1<?php
2/**
3* replacement for all mysql functions
4*
5* @version 3
6* @git https://github.com/rubo77/php-mysql-fix
7*
8* Be aware, that this is just a workaround to fix-up some old code and the resulting project
9* will be more vulnerable than if you use the recommended newer mysqli-functions instead.
10* So only If you are sure that this is not setting your server at risk, you can fix your old
11* code by adding this line at the beginning of your old code:
12
13<?php
14include_once('fix_mysql.inc.php');
15*
16* see: https://stackoverflow.com/a/37877644/1069083
17*/
18
19if (!function_exists("mysql_connect")){
20 /* warning: fatal error "cannot redeclare" if a function was disabled in php.ini with disable_functions:
21 disable_functions =mysql_connect,mysql_pconnect,mysql_select_db,mysql_ping,mysql_query,mysql_fetch_assoc,mysql_num_rows,mysql_fetch_array,mysql_error,mysql_insert_id,mysql_close,mysql_real_escape_string,mysql_data_seek,mysql_result
22 */
23
24 define("MYSQL_ASSOC", MYSQLI_ASSOC);
25 define("MYSQL_NUM", MYSQLI_NUM);
26 define("MYSQL_BOTH", MYSQLI_BOTH);
27
28 function mysql_fetch_array($result, $result_type = MYSQL_BOTH){
29 $row = mysqli_fetch_array($result, $result_type);
30 return is_null($row) ? false : $row;
31 }
32
33 function mysql_fetch_assoc($result){
34 $row = mysqli_fetch_assoc($result);
35 return is_null($row) ? false : $row;
36 }
37
38 function mysql_fetch_row($result) {
39 $row = mysqli_fetch_row($result);
40 return is_null($row) ? false : $row;
41 }
42
43 function mysql_fetch_object($result) {
44 $row = mysqli_fetch_object($result);
45 return is_null($row) ? false : $row;
46 }
47
48 function mysql_connect($host, $username, $password, $new_link = FALSE, $client_flags = 0){
49 global $global_link_identifier;
50 $global_link_identifier = mysqli_connect($host, $username, $password);
51 return $global_link_identifier;
52 }
53
54 function mysql_pconnect($host, $username, $password, $client_flags = 0){
55 global $global_link_identifier;
56 $global_link_identifier = mysqli_connect("p:".$host, $username, $password);
57 return $global_link_identifier;
58 }
59
60 function mysql_select_db($dbname, $link_identifier = null){
61 global $global_link_identifier;
62 if($link_identifier == null) {
63 $link_identifier = $global_link_identifier;
64 }
65 return mysqli_select_db($link_identifier, $dbname);
66 }
67
68 function mysql_ping($link_identifier = null){
69 global $global_link_identifier;
70 if($link_identifier == null) {
71 $link_identifier = $global_link_identifier;
72 }
73 return mysqli_ping($link_identifier);
74 }
75
76 function mysql_query($stmt, $link_identifier = null){
77 global $global_link_identifier;
78 if($link_identifier == null) {
79 $link_identifier = $global_link_identifier;
80 }
81 return mysqli_query($link_identifier, $stmt);
82 }
83
84 function mysql_db_query ($database, $query, $link_identifier = NULL){
85 global $global_link_identifier;
86 if($link_identifier == null) {
87 $link_identifier = $global_link_identifier;
88 }
89 mysqli_select_db($link_identifier, $database);
90 return mysqli_query($link_identifier, $query);
91 }
92
93 function mysql_num_rows($result){
94 return mysqli_num_rows($result);
95 }
96
97 function mysql_affected_rows($link_identifier = NULL){
98 // TODO: check, if working when called without argument: mysql_affected_rows()
99 global $global_link_identifier;
100 if($link_identifier == null) {
101 $link_identifier = $global_link_identifier;
102 }
103 return mysqli_affected_rows($link_identifier);
104 }
105
106 function mysql_list_tables($dbname, $link_identifier = null){
107 global $global_link_identifier;
108 if($link_identifier == null) {
109 $link_identifier = $global_link_identifier;
110 }
111 $sql = "SHOW TABLES FROM $dbname";
112 $result = mysql_query($sql, $link_identifier);
113 return $result;
114 }
115
116 function mysql_error($link_identifier = null){
117 global $global_link_identifier;
118 if($link_identifier == null) {
119 $link_identifier = $global_link_identifier;
120 }
121 return mysqli_error($link_identifier);
122 }
123
124 function mysql_errno($link_identifier = null){
125 global $global_link_identifier;
126 if($link_identifier == null) {
127 $link_identifier = $global_link_identifier;
128 }
129 return mysqli_errno($link_identifier);
130 }
131
132 function mysql_insert_id($link_identifier = NULL){
133 global $global_link_identifier;
134 if($link_identifier == null) {
135 $link_identifier = $global_link_identifier;
136 }
137 return mysqli_insert_id($link_identifier);
138 }
139
140 function mysql_close($link_identifier = NULL){
141 return true;
142 }
143
144 function mysql_real_escape_string($unescaped_string, $link_identifier = null){
145 global $global_link_identifier;
146 if($link_identifier == null) {
147 $link_identifier = $global_link_identifier;
148 }
149 return mysqli_real_escape_string($link_identifier, $unescaped_string);
150 }
151
152 function mysql_data_seek($result, $row_number){
153 return mysqli_data_seek($result, $row_number);
154 }
155
156 function mysql_result($result, $row=0, $col=0){
157 $numrows = mysqli_num_rows($result);
158 if($numrows && $row <= ($numrows-1) && $row >= 0){
159 mysqli_data_seek($result, $row);
160 $resultrow = (is_numeric($col)) ? mysqli_fetch_row($result) : mysqli_fetch_assoc($result);
161 if (isset($resultrow[$col])){
162 return $resultrow[$col];
163 }
164 }
165 return false;
166 }
167
168 function mysql_escape_string($s, $link_identifier = null){
169 global $global_link_identifier;
170 if($link_identifier == null) {
171 $link_identifier = $global_link_identifier;
172 }
173 return mysqli_real_escape_string($link_identifier, $s);
174 }
175
176 function mysql_fetch_field($result, $i = null) {
177 if ($i === null) {
178 return mysqli_fetch_field($result);
179 }
180 return mysqli_fetch_field_direct($result, $i);
181 }
182
183 function mysql_field_name($result, $i) {
184 return mysqli_fetch_field_direct($result, $i)->name;
185 }
186
187 function mysql_field_type($result, $i){
188 return mysqli_fetch_field_direct($result, $i)->type;
189 }
190
191 function mysql_field_len($result, $i){
192 return mysqli_fetch_field_direct($result, $i)->length;
193 }
194
195 function mysql_num_fields($result){
196 return mysqli_num_fields($result);
197 }
198
199 function mysql_free_result($result) {
200 return mysqli_free_result($result);
201 }
202
203 function mysql_get_server_info($link_identifier = null){
204 global $global_link_identifier;
205 if($link_identifier == null) {
206 $link_identifier = $global_link_identifier;
207 }
208 return mysqli_get_server_info($link_identifier);
209 }
210
211 function mysql_set_charset($csname, $link_identifier = null){
212 global $global_link_identifier;
213 if($link_identifier == null) {
214 $link_identifier = $global_link_identifier;
215 }
216 return mysqli_set_charset($link_identifier, $csname);
217 }
218
219 // aliases
220 function mysql(...$args){ return mysql_db_query(...$args); }
221 function mysql_createdb(...$args){ return mysql_create_db(...$args); }
222 function mysql_db_name(...$args){ return mysql_result(...$args); }
223 function mysql_dbname(...$args){ return mysql_result(...$args); }
224 function mysql_dropdb(...$args){ return mysql_drop_db(...$args); }
225 function mysql_fieldflags(...$args){ return mysql_field_flags(...$args); }
226 function mysql_fieldlen(...$args){ return mysql_field_len(...$args); }
227 function mysql_fieldname(...$args){ return mysql_field_name(...$args); }
228 function mysql_fieldtable(...$args){ return mysql_field_table(...$args); }
229 function mysql_fieldtype(...$args){ return mysql_field_type(...$args); }
230 function mysql_freeresult(...$args){ return mysql_free_result(...$args); }
231 function mysql_listdbs(...$args){ return mysql_list_dbs(...$args); }
232 function mysql_listfields(...$args){ return mysql_list_fields(...$args); }
233 function mysql_listtables(...$args){ return mysql_list_tables(...$args); }
234 function mysql_numfields(...$args){ return mysql_num_fields(...$args); }
235 function mysql_numrows(...$args){ return mysql_num_rows(...$args); }
236 function mysql_selectdb(...$args){ return mysql_select_db(...$args); }
237
238 // TODO: those functions are not defined yet:
239 function mysql_client_encoding(){ trigger_error("mysql_client_encoding is not defined yet", E_USER_ERROR); }
240 function mysql_create_db(){ trigger_error("mysql_create_db is not defined yet", E_USER_ERROR); }
241 function mysql_drop_db(){ trigger_error("mysql_drop_db is not defined yet", E_USER_ERROR); }
242 function mysql_fetch_lengths(){ trigger_error("mysql_fetch_lengths is not defined yet", E_USER_ERROR); }
243 function mysql_field_flags(){ trigger_error("mysql_field_flags is not defined yet", E_USER_ERROR); }
244 function mysql_field_seek(){ trigger_error("mysql_field_seek is not defined yet", E_USER_ERROR); }
245 function mysql_field_table(){ trigger_error("mysql_field_table is not defined yet", E_USER_ERROR); }
246 function mysql_get_client_info(){ trigger_error("mysql_get_client_info is not defined yet", E_USER_ERROR); }
247 function mysql_get_host_info(){ trigger_error("mysql_get_host_info is not defined yet", E_USER_ERROR); }
248 function mysql_get_proto_info(){ trigger_error("mysql_get_proto_info is not defined yet", E_USER_ERROR); }
249 function mysql_info(){ trigger_error("mysql_info is not defined yet", E_USER_ERROR); }
250 function mysql_list_dbs(){ trigger_error("mysql_list_dbs is not defined yet", E_USER_ERROR); }
251 function mysql_list_fields(){ trigger_error("mysql_list_fields is not defined yet", E_USER_ERROR); }
252 function mysql_list_processes(){ trigger_error("mysql_list_processes is not defined yet", E_USER_ERROR); }
253 function mysql_tablename(){ trigger_error("mysql_tablename is not defined yet", E_USER_ERROR); }
254 function mysql_stat(){ trigger_error("mysql_stat is not defined yet", E_USER_ERROR); }
255 function mysql_thread_id(){ trigger_error("mysql_thread_id is not defined yet", E_USER_ERROR); }
256 function mysql_unbuffered_query(){ trigger_error("mysql_unbuffered_query is not defined yet", E_USER_ERROR); }
257}
diff --git a/includes/functions.php b/includes/functions.php index edb666b..e0a5ab8 100755 --- a/includes/functions.php +++ b/includes/functions.php
@@ -2,9 +2,12 @@
2 2
3function has_meta($id, $name) 3function has_meta($id, $name)
4{ 4{
5 $getmeta = "SELECT * FROM meta WHERE comic_id = " . $id . " AND name = \"" . $name . "\""; 5 global $mysql_conn;
6 $getmeta2 = mysql_query($getmeta); 6 $getmeta = $mysql_conn->prepare("SELECT * FROM meta WHERE comic_id = ? AND name = ?");
7 $getmeta3 = mysql_fetch_array($getmeta2); 7 $getmeta->bind_param("is", $id, $name);
8 $getmeta->execute();
9 $getmeta2 = $getmeta->get_result();
10 $getmeta3 = $getmeta2->fetch_assoc();
8 11
9 if ($getmeta3['name'] == $name) 12 if ($getmeta3['name'] == $name)
10 { 13 {
@@ -16,18 +19,21 @@ function has_meta($id, $name)
16 19
17function get_meta($id, $name) 20function get_meta($id, $name)
18{ 21{
19 $getmeta = "SELECT * FROM meta WHERE comic_id = " . $id . " AND name = \"" . $name . "\""; 22 global $mysql_conn;
20 $getmeta2 = mysql_query($getmeta); 23 $getmeta = $mysql_conn->prepare("SELECT * FROM meta WHERE comic_id = ? AND name = ?");
21 $getmeta3 = mysql_fetch_array($getmeta2); 24 $getmeta->bind_param("is", $id, $name);
25 $getmeta->execute();
26 $getmeta2 = $getmeta->get_result();
27 $getmeta3 = $getmeta2->fetch_assoc();
22 28
23 return $getmeta3['value']; 29 return $getmeta3['value'];
24} 30}
25 31
26function next_comic_id() 32function next_comic_id()
27{ 33{
28 $getcomic = "SELECT * FROM comics WHERE status = \"publish\" ORDER BY comic_id DESC LIMIT 0,1"; 34 global $mysql_conn;
29 $getcomic2 = mysql_query($getcomic); 35 $getcomic = $mysql_conn->query("SELECT * FROM comics WHERE status = \"publish\" ORDER BY comic_id DESC LIMIT 0,1");
30 $getcomic3 = mysql_fetch_array($getcomic2); 36 $getcomic3 = $getcomic->fetch_assoc();
31 37
32 return ($getcomic3['comic_id']+1); 38 return ($getcomic3['comic_id']+1);
33} 39}
diff --git a/includes/update.php b/includes/update.php index 6c8d9ff..3f2fae1 100755 --- a/includes/update.php +++ b/includes/update.php
@@ -1,27 +1,29 @@
1<?php 1<?php
2 2
3$getlast = "SELECT * FROM config WHERE name = \"lastUpdated\""; 3$getlast = $mysql_conn->query("SELECT * FROM config WHERE name = \"lastUpdated\"");
4$getlast2 = mysql_query($getlast); 4$getlast3 = $getlast->fetch_assoc();
5$getlast3 = mysql_fetch_array($getlast2);
6 5
7$last = $getlast3['value']; 6$last = $getlast3['value'];
8if ($last != date('md')) 7if ($last != date('md'))
9{ 8{
10 $getpending = "SELECT * FROM comics WHERE status = \"pending\" ORDER BY id ASC LIMIT 0,1"; 9 $getpending = $mysql_conn->query("SELECT * FROM comics WHERE status = \"pending\" ORDER BY id ASC LIMIT 0,1");
11 $getpending2 = mysql_query($getpending); 10 $getpending3 = $getpending->fetch_assoc();
12 $getpending3 = mysql_fetch_array($getpending2);
13 if (!empty($getpending3)) 11 if (!empty($getpending3))
14 { 12 {
15 $id = next_comic_id(); 13 $id = next_comic_id();
16 14
17 $setcomic = "UPDATE comics SET status = \"publish\", comic_id = " . $id . " WHERE id = " . $getpending3['id']; 15 $setcomic = $mysql_conn->prepare("UPDATE comics SET status = \"publish\", comic_id = ? WHERE id = ?");
18 $setcomic2 = mysql_query($setcomic) or die($setcomic); 16 $setcomic->bind_param("ii", $id, $getpending3['id']);
17 $setcomic->execute() or die($setcomic);
19 18
20 $insmeta = "INSERT INTO meta (comic_id,name,value) VALUES (" . $getpending3['id'] . ",\"pubDate\",\"" . date('Y-m-d H:i:s') . "\")"; 19 $insmeta = $mysql_conn->prepare("INSERT INTO meta (comic_id,name,value) VALUES (?,\"pubDate\",\"" . date('Y-m-d H:i:s') . "\")");
21 $insmeta2 = mysql_query($insmeta) or die($insmeta); 20 $insmeta->bind_param("i", $getpending3['id']);
21 $insmeta->execute() or die($insmeta);
22 22
23 $setconfig = "UPDATE config SET value = \"" . date('md') . "\" WHERE name = \"lastUpdated\""; 23 $setconfig = $mysql_conn->prepare("UPDATE config SET value = ? WHERE name = \"lastUpdated\"");
24 $setconfig2 = mysql_query($setconfig); 24 $newdate = date('md');
25 $setconfig->bind_param("s", $newdate);
26 $setconfig->execute();
25 } 27 }
26} 28}
27 29