Use PDO for databases
This commit is contained in:
parent
139514402d
commit
574256a01a
@ -10,10 +10,16 @@
|
||||
*/
|
||||
|
||||
// Database stuff
|
||||
define('MY_SERVER', 'localhost', true);
|
||||
define('MY_USER', '', true);
|
||||
define('MY_PASSWORD', '', true);
|
||||
define('MY_DATABASE', '', true);
|
||||
|
||||
// "mysql", "mysqli", "pgsql", "mssql"
|
||||
define('DB_TYPE', 'mysql', true);
|
||||
// Hostname or IP address
|
||||
define('DB_SERVER', 'localhost', true);
|
||||
// Login
|
||||
define('DB_USER', '', true);
|
||||
define('DB_PASSWORD', '', true);
|
||||
// TinyBoard database
|
||||
define('DB_DATABASE', '', true);
|
||||
|
||||
// The name of the session cookie (PHP's $_SESSION)
|
||||
define('SESS_COOKIE', 'imgboard', true);
|
||||
|
39
inc/database.php
Normal file
39
inc/database.php
Normal file
@ -0,0 +1,39 @@
|
||||
<?php
|
||||
|
||||
function sql_open() {
|
||||
global $pdo;
|
||||
if($pdo) return true;
|
||||
|
||||
try {
|
||||
return $pdo = new PDO(DB_TYPE . ':host=' . DB_SERVER . ';dbname=' . DB_DATABASE, DB_USER, DB_PASSWORD);
|
||||
} catch(PDOException $e) {
|
||||
error('Database error.');
|
||||
}
|
||||
}
|
||||
|
||||
function sql_close() {
|
||||
global $pdo;
|
||||
$pdo = NULL;
|
||||
}
|
||||
|
||||
function prepare($query) {
|
||||
global $pdo;
|
||||
return $pdo->prepare($query);
|
||||
}
|
||||
|
||||
function query($query) {
|
||||
global $pdo;
|
||||
return $pdo->query($query);
|
||||
}
|
||||
|
||||
function db_error($PDOStatement=null) {
|
||||
global $pdo;
|
||||
if(isset($PDOStatement)) {
|
||||
$err = $PDOStatement->errorInfo();
|
||||
return $err[2];
|
||||
} else {
|
||||
$err = $pdo->errorInfo();
|
||||
return $err[2];
|
||||
}
|
||||
}
|
||||
?>
|
@ -7,22 +7,6 @@
|
||||
return str_replace(array_keys($replaces),
|
||||
array_values($replaces), $str);
|
||||
}
|
||||
|
||||
function sql_open() {
|
||||
global $sql;
|
||||
$sql = @mysql_connect(MY_SERVER, MY_USER, MY_PASSWORD) or error('Database error.');
|
||||
@mysql_select_db(MY_DATABASE, $sql) or error('Database error.');
|
||||
}
|
||||
function sql_close() {
|
||||
global $sql;
|
||||
@mysql_close($sql);
|
||||
}
|
||||
|
||||
function mysql_safe_array(&$array) {
|
||||
foreach($array as &$item) {
|
||||
$item = mysql_real_escape_string($item);
|
||||
}
|
||||
}
|
||||
|
||||
function setupBoard($array) {
|
||||
global $board;
|
||||
@ -45,94 +29,91 @@
|
||||
function openBoard($uri) {
|
||||
global $sql;
|
||||
sql_open();
|
||||
$boards_res = mysql_query(sprintf(
|
||||
"SELECT * FROM `boards` WHERE `uri` = '%s' LIMIT 1",
|
||||
mysql_real_escape_string($uri)
|
||||
), $sql) or error(mysql_error($sql));
|
||||
|
||||
if($_board = mysql_fetch_array($boards_res)) {
|
||||
setupBoard($_board);
|
||||
$query = prepare("SELECT * FROM `boards` WHERE `uri` = :uri LIMIT 1");
|
||||
$query->bindValue(':uri', $uri);
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
if($board = $query->fetch()) {
|
||||
setupBoard($board);
|
||||
return true;
|
||||
} else return false;
|
||||
}
|
||||
|
||||
function listBoards() {
|
||||
global $sql;
|
||||
sql_open();
|
||||
$boards_res = mysql_query("SELECT * FROM `boards`", $sql) or error(mysql_error($sql));
|
||||
|
||||
$boards = Array();
|
||||
while($_board = mysql_fetch_array($boards_res)) {
|
||||
$boards[] = $_board;
|
||||
}
|
||||
$query = query("SELECT * FROM `boards`") or error(db_error());
|
||||
$boards = $query->fetchAll();
|
||||
return $boards;
|
||||
}
|
||||
|
||||
function threadExists($id) {
|
||||
global $sql, $board;
|
||||
$thread_res = mysql_query(sprintf(
|
||||
"SELECT 1 FROM `posts_%s` WHERE `id` = '%d' AND `thread` IS NULL LIMIT 1",
|
||||
mysql_real_escape_string($board['uri']),
|
||||
$id
|
||||
), $sql) or error(mysql_error($sql));
|
||||
global $board;
|
||||
|
||||
if(mysql_num_rows($thread_res) > 0) {
|
||||
$query = prepare(sprintf("SELECT 1 FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri']));
|
||||
$query->bindParam(':id', $id, PDO::PARAM_INT);
|
||||
$query->execute() or error(db_error());
|
||||
|
||||
if($query->rowCount()) {
|
||||
return true;
|
||||
} else return false;
|
||||
}
|
||||
|
||||
function post($post, $OP) {
|
||||
global $sql, $board;
|
||||
global $pdo, $board;
|
||||
|
||||
$query = prepare(sprintf("INSERT INTO `posts_%s` VALUES ( NULL, :thread, :subject, :email, :name, :trip, :body, :time, :time, :thumb, :thumbwidth, :thumbheight, :file, :width, :height, :filesize, :filename, :filehash, :password, :ip, :sticky)", $board['uri']));
|
||||
|
||||
// Basic stuff
|
||||
$query->bindValue(':subject', $post['subject']);
|
||||
$query->bindValue(':email', $post['email']);
|
||||
$query->bindValue(':name', $post['name']);
|
||||
$query->bindValue(':trip', $post['trip']);
|
||||
$query->bindValue(':body', $post['body']);
|
||||
$query->bindValue(':time', time(), PDO::PARAM_INT);
|
||||
$query->bindValue(':password', $post['password']);
|
||||
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
|
||||
$query->bindValue(':sticky', 0, PDO::PARAM_INT);
|
||||
|
||||
if($OP) {
|
||||
mysql_query(
|
||||
sprintf("INSERT INTO `posts_%s` VALUES ( NULL, NULL, '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s', '0')",
|
||||
mysql_real_escape_string($board['uri']),
|
||||
$post['subject'],
|
||||
$post['email'],
|
||||
$post['name'],
|
||||
$post['trip'],
|
||||
$post['body'],
|
||||
time(),
|
||||
time(),
|
||||
$post['thumb'],
|
||||
$post['thumbwidth'],
|
||||
$post['thumbheight'],
|
||||
$post['file'],
|
||||
$post['width'],
|
||||
$post['height'],
|
||||
$post['filesize'],
|
||||
$post['filename'],
|
||||
$post['filehash'],
|
||||
$post['password'],
|
||||
mysql_real_escape_string($_SERVER['REMOTE_ADDR'])
|
||||
), $sql) or error(mysql_error($sql));
|
||||
return mysql_insert_id($sql);
|
||||
// No parent thread, image
|
||||
$query->bindValue(':thread', null, PDO::PARAM_NULL);
|
||||
} else {
|
||||
mysql_query(
|
||||
sprintf("INSERT INTO `posts_%s` VALUES ( NULL, '%d', '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s', '0')",
|
||||
mysql_real_escape_string($board['uri']),
|
||||
$post['thread'],
|
||||
$post['subject'],
|
||||
$post['email'],
|
||||
$post['name'],
|
||||
$post['trip'],
|
||||
$post['body'],
|
||||
time(),
|
||||
time(),
|
||||
$post['has_file']?$post['thumb']:null,
|
||||
$post['has_file']?$post['thumbwidth']:null,
|
||||
$post['has_file']?$post['thumbheight']:null,
|
||||
$post['has_file']?$post['file']:null,
|
||||
$post['has_file']?$post['width']:null,
|
||||
$post['has_file']?$post['height']:null,
|
||||
$post['has_file']?$post['filesize']:null,
|
||||
$post['has_file']?$post['filename']:null,
|
||||
$post['has_file']?$post['filehash']:null,
|
||||
$post['password'],
|
||||
mysql_real_escape_string($_SERVER['REMOTE_ADDR'])
|
||||
), $sql) or error(mysql_error($sql));
|
||||
return mysql_insert_id($sql);
|
||||
$query->bindValue(':thread', $post['thread'], PDO::PARAM_INT);
|
||||
}
|
||||
|
||||
if($post['has_file']) {
|
||||
$query->bindValue(':thumb', $post['thumb']);
|
||||
$query->bindValue(':thumbwidth', $post['thumbwidth'], PDO::PARAM_INT);
|
||||
$query->bindValue(':thumbheight', $post['thumbheight'], PDO::PARAM_INT);
|
||||
$query->bindValue(':file', $post['file']);
|
||||
$query->bindValue(':width', $post['width'], PDO::PARAM_INT);
|
||||
$query->bindValue(':height', $post['height'], PDO::PARAM_INT);
|
||||
$query->bindValue(':filesize', $post['filesize'], PDO::PARAM_INT);
|
||||
$query->bindValue(':filename', $post['filesize']);
|
||||
$query->bindValue(':filehash', $post['filesize']);
|
||||
} else {
|
||||
$query->bindValue(':thumb', null, PDO::PARAM_NULL);
|
||||
$query->bindValue(':thumbwidth', null, PDO::PARAM_NULL);
|
||||
$query->bindValue(':thumbheight', null, PDO::PARAM_NULL);
|
||||
$query->bindValue(':file', null, PDO::PARAM_NULL);
|
||||
$query->bindValue(':width', null, PDO::PARAM_NULL);
|
||||
$query->bindValue(':height', null, PDO::PARAM_NULL);
|
||||
$query->bindValue(':filesize', null, PDO::PARAM_NULL);
|
||||
$query->bindValue(':filename', null, PDO::PARAM_NULL);
|
||||
$query->bindValue(':filehash', null, PDO::PARAM_NULL);
|
||||
}
|
||||
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
return $pdo->lastInsertId();
|
||||
}
|
||||
|
||||
function bumpThread($id) {
|
||||
global $board;
|
||||
$query = prepare(sprintf("UPDATE `posts_%s` SET `bump` = :time WHERE `id` = :id AND `thread` IS NULL", $board['uri']));
|
||||
$query->bindValue(':time', time(), PDO::PARAM_INT);
|
||||
$query->bindValue(':id', $id, PDO::PARAM_INT);
|
||||
$query->execute() or error(db_error($query));
|
||||
}
|
||||
|
||||
function index($page, $mod=false) {
|
||||
@ -142,57 +123,52 @@
|
||||
$offset = round($page*THREADS_PER_PAGE-THREADS_PER_PAGE);
|
||||
|
||||
sql_open();
|
||||
$query = mysql_query(sprintf(
|
||||
"SELECT * FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT %d,%d",
|
||||
mysql_real_escape_string($board['uri']),
|
||||
$offset,
|
||||
THREADS_PER_PAGE
|
||||
), $sql) or error(mysql_error($sql));
|
||||
|
||||
if(mysql_num_rows($query) < 1 && $page > 1) return false;
|
||||
while($th = mysql_fetch_array($query)) {
|
||||
|
||||
$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT ?,?", $board['uri']));
|
||||
$query->bindValue(1, $offset, PDO::PARAM_INT);
|
||||
$query->bindValue(2, THREADS_PER_PAGE, PDO::PARAM_INT);
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
if($query->rowcount() < 1 && $page > 1) return false;
|
||||
while($th = $query->fetch()) {
|
||||
$thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $th['sticky'], $mod ? '?/' : ROOT);
|
||||
|
||||
$newposts = mysql_query(sprintf(
|
||||
"SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = '%s' ORDER BY `time` DESC LIMIT %d",
|
||||
mysql_real_escape_string($board['uri']),
|
||||
$th['id'],
|
||||
THREADS_PREVIEW
|
||||
), $sql) or error(mysql_error($sql));
|
||||
if(mysql_num_rows($newposts) == THREADS_PREVIEW) {
|
||||
$count_query = mysql_query(sprintf(
|
||||
"SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` = '%s'",
|
||||
mysql_real_escape_string($board['uri']),
|
||||
$th['id']
|
||||
), $sql) or error(mysql_error($sql));
|
||||
$count = mysql_fetch_array($count_query);
|
||||
$posts = prepare(sprintf("SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = ? ORDER BY `time` DESC LIMIT ?", $board['uri']));
|
||||
$posts->bindValue(1, $th['id']);
|
||||
$posts->bindValue(2, THREADS_PREVIEW, PDO::PARAM_INT);
|
||||
$posts->execute() or error(db_error($posts));
|
||||
|
||||
if($posts->rowCount() == THREADS_PREVIEW) {
|
||||
$count = prepare(sprintf("SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` = ?", $board['uri']));
|
||||
$count->bindValue(1, $th['id']);
|
||||
$count->execute() or error(db_error($count));
|
||||
|
||||
$count = $count->fetch();
|
||||
$omitted = $count['num'] - THREADS_PREVIEW;
|
||||
$thread->omitted = $omitted;
|
||||
mysql_free_result($count_query);
|
||||
unset($count);
|
||||
unset($omitted);
|
||||
}
|
||||
while($po = mysql_fetch_array($newposts)) {
|
||||
|
||||
while($po = $posts->fetch()) {
|
||||
$thread->add(new Post($po['id'], $th['id'], $po['subject'], $po['email'], $po['name'], $po['trip'], $po['body'], $po['time'], $po['thumb'], $po['thumbwidth'], $po['thumbheight'], $po['file'], $po['filewidth'], $po['fileheight'], $po['filesize'], $po['filename'], $po['ip'], $mod ? '?/' : ROOT));
|
||||
}
|
||||
mysql_free_result($newposts);
|
||||
|
||||
$thread->posts = array_reverse($thread->posts);
|
||||
$body .= $thread->build(true);
|
||||
}
|
||||
mysql_free_result($query);
|
||||
|
||||
return Array('button'=>BUTTON_NEWTOPIC, 'board'=>$board, 'body'=>$body, 'post_url' => POST_URL, 'index' => ROOT);
|
||||
}
|
||||
|
||||
function getPages($mod=false) {
|
||||
global $sql, $board;
|
||||
|
||||
$res = mysql_query(sprintf(
|
||||
"SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` IS NULL",
|
||||
mysql_real_escape_string($board['uri'])
|
||||
), $sql) or error(mysql_error($sql));
|
||||
$arr = mysql_fetch_array($res);
|
||||
$count = floor((THREADS_PER_PAGE + $arr['num'] - 1) / THREADS_PER_PAGE);
|
||||
// Count threads
|
||||
$query = query(sprintf("SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error());
|
||||
|
||||
$count = current($query->fetch());
|
||||
$count = floor((THREADS_PER_PAGE + $count - 1) / THREADS_PER_PAGE);
|
||||
|
||||
$pages = Array();
|
||||
for($x=0;$x<$count && $x<MAX_PAGES;$x++) {
|
||||
@ -256,18 +232,15 @@
|
||||
strlen($cites[1][$index]),
|
||||
strlen($cites[3][$index]),
|
||||
);
|
||||
|
||||
$result = mysql_query(sprintf(
|
||||
"SELECT `thread`,`id` FROM `posts_%s` WHERE `id` = '%d' LIMIT 1",
|
||||
mysql_real_escape_string($board['uri']),
|
||||
$cite
|
||||
), $sql) or error(mysql_error($sql));
|
||||
if($post = mysql_fetch_array($result)) {
|
||||
$query = prepare(sprintf("SELECT `thread`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri']));
|
||||
$query->bindValue(':id', $cite);
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
if($post = $query->fetch()) {
|
||||
$replacement = '<a onclick="highlightReply(\''.$cite.'\');" href="' . ROOT . $board['dir'] . DIR_RES . ($post['thread']?$post['thread']:$post['id']) . '.html#' . $cite . '">>>' . $cite . '</a>';
|
||||
} else {
|
||||
$replacement = ">>{$cite}";
|
||||
}
|
||||
mysql_free_result($result);
|
||||
|
||||
// Find the position of the cite
|
||||
$position = strpos($body, $cites[0][$index]);
|
||||
@ -337,39 +310,39 @@
|
||||
}
|
||||
|
||||
function buildThread($id, $return=false, $mod=false) {
|
||||
global $sql, $board;
|
||||
global $board;
|
||||
$id = round($id);
|
||||
|
||||
$query = mysql_query(sprintf(
|
||||
"SELECT `id`,`thread`,`subject`,`name`,`email`,`trip`,`body`,`time`,`thumb`,`thumbwidth`,`thumbheight`,`file`,`filewidth`,`fileheight`,`filesize`,`filename`,`ip`,`sticky` FROM `posts_%s` WHERE (`thread` IS NULL AND `id` = '%d') OR `thread` = '%d' ORDER BY `thread`,`time`",
|
||||
mysql_real_escape_string($board['uri']),
|
||||
$id,
|
||||
$id
|
||||
), $sql) or error(mysql_error($sql));
|
||||
|
||||
while($post = mysql_fetch_array($query)) {
|
||||
$query = prepare(sprintf("SELECT `id`,`thread`,`subject`,`name`,`email`,`trip`,`body`,`time`,`thumb`,`thumbwidth`,`thumbheight`,`file`,`filewidth`,`fileheight`,`filesize`,`filename`,`ip`,`sticky` FROM `posts_%s` WHERE (`thread` IS NULL AND `id` = :id) OR `thread` = :id ORDER BY `thread`,`time`", $board['uri']));
|
||||
$query->bindValue(':id', $id, PDO::PARAM_INT);
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
while($post = $query->fetch()) {
|
||||
if(!isset($thread)) {
|
||||
$thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $mod ? '?/' : ROOT);
|
||||
} else {
|
||||
$thread->add(new Post($post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : ROOT));
|
||||
}
|
||||
}
|
||||
$body = Element('thread.html', Array(
|
||||
'button'=>BUTTON_REPLY,
|
||||
'board'=>$board,
|
||||
'body'=>$thread->build(),
|
||||
'post_url' => POST_URL,
|
||||
'index' => ROOT,
|
||||
'id' => $id,
|
||||
'mod' => $mod,
|
||||
'return' => ($mod ? '?' . $board['url'] . FILE_INDEX : ROOT . $board['uri'] . '/' . FILE_INDEX)
|
||||
));
|
||||
|
||||
// Check if any posts were found
|
||||
if(!isset($thread)) error(ERROR_NONEXISTANT);
|
||||
|
||||
$body = Element('thread.html', Array(
|
||||
'button'=>BUTTON_REPLY,
|
||||
'board'=>$board,
|
||||
'body'=>$thread->build(),
|
||||
'post_url' => POST_URL,
|
||||
'index' => ROOT,
|
||||
'id' => $id,
|
||||
'mod' => $mod,
|
||||
'return' => ($mod ? '?' . $board['url'] . FILE_INDEX : ROOT . $board['uri'] . '/' . FILE_INDEX)
|
||||
));
|
||||
|
||||
if($return)
|
||||
return $body;
|
||||
else
|
||||
@file_put_contents($board['dir'] . DIR_RES . sprintf(FILE_PAGE, $id), $body) or error("Couldn't write to file.");
|
||||
mysql_free_result($query);
|
||||
}
|
||||
|
||||
function generate_tripcode ( $name, $length = 10 ) {
|
||||
|
@ -7,17 +7,18 @@
|
||||
*
|
||||
* You can copy values from config.php (defaults) and paste them here.
|
||||
*/
|
||||
|
||||
|
||||
/*
|
||||
|
||||
|
||||
|
||||
// Database stuff
|
||||
define('MY_SERVER', '127.0.0.1');
|
||||
define('MY_USER', '');
|
||||
define('MY_PASSWORD', '');
|
||||
define('MY_DATABASE', '');
|
||||
|
||||
define('DB_TYPE', 'mysql');
|
||||
define('DB_SERVER', 'localhost');
|
||||
define('DB_USER', '');
|
||||
define('DB_PASSWORD', '');
|
||||
define('DB_DATABASE', '');
|
||||
|
||||
define('ROOT', '/');
|
||||
|
||||
|
||||
// define('FOO', 'bar');
|
||||
*/
|
||||
|
||||
?>
|
35
inc/mod.php
35
inc/mod.php
@ -17,13 +17,12 @@
|
||||
$password = sha1($password);
|
||||
}
|
||||
|
||||
$res = mysql_query(sprintf(
|
||||
"SELECT `id`,`type` FROM `mods` WHERE `username` = '%s' AND `password` = '%s' LIMIT 1",
|
||||
mysql_real_escape_string($username),
|
||||
$password
|
||||
), $sql) or error(mysql_error($sql));
|
||||
$query = prepare("SELECT `id`,`type` FROM `mods` WHERE `username` = :username AND `password` = :password LIMIT 1");
|
||||
$query->bindValue(':username', $username);
|
||||
$query->bindValue(':password', $password);
|
||||
$query->execute();
|
||||
|
||||
if($user = mysql_fetch_array($res)) {
|
||||
if($user = $query->fetch()) {
|
||||
return $mod = Array(
|
||||
'id' => $user['id'],
|
||||
'type' => $user['type'],
|
||||
@ -142,22 +141,19 @@
|
||||
|
||||
// Delete a post (reply or thread)
|
||||
function deletePost($id) {
|
||||
global $board, $sql;
|
||||
global $board;
|
||||
|
||||
// Select post and replies (if thread) in one query
|
||||
$post_res = mysql_query(sprintf(
|
||||
"SELECT `id`,`thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = '%d' OR `thread` = '%d'",
|
||||
mysql_real_escape_string($board['uri']),
|
||||
$id,
|
||||
$id
|
||||
), $sql) or error(mysql_error($sql));
|
||||
$query = prepare(sprintf("SELECT `id`,`thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri']));
|
||||
$query->bindValue(':id', $id, PDO::PARAM_INT);
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
if(mysql_num_rows($post_res) < 1) {
|
||||
if($query->rowCount() < 1) {
|
||||
error(ERROR_INVALIDPOST);
|
||||
}
|
||||
|
||||
// Delete posts and maybe replies
|
||||
while($post = mysql_fetch_array($post_res)) {
|
||||
while($post = $query->fetch()) {
|
||||
if(!$post['thread']) {
|
||||
// Delete thread HTML page
|
||||
@unlink($board['dir'] . DIR_RES . sprintf(FILE_PAGE, $post['id']));
|
||||
@ -172,11 +168,8 @@
|
||||
}
|
||||
}
|
||||
|
||||
mysql_query(sprintf(
|
||||
"DELETE FROM `posts_%s` WHERE `id` = '%d' OR `thread` = '%d'",
|
||||
mysql_real_escape_string($board['uri']),
|
||||
$id,
|
||||
$id
|
||||
), $sql) or error(mysql_error($sql));
|
||||
$query = prepare(sprintf("DELETE FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri']));
|
||||
$query->bindValue(':id', $id, PDO::PARAM_INT);
|
||||
$query->execute() or error(db_error($query));
|
||||
}
|
||||
?>
|
20
mod.php
20
mod.php
@ -6,6 +6,7 @@
|
||||
}
|
||||
require 'inc/config.php';
|
||||
require 'inc/template.php';
|
||||
require 'inc/database.php';
|
||||
require 'inc/user.php';
|
||||
require 'inc/mod.php';
|
||||
|
||||
@ -175,20 +176,21 @@
|
||||
if(!preg_match('/^\w+$/', $b['uri']))
|
||||
error(sprintf(ERROR_INVALIDFIELD, 'URI'));
|
||||
|
||||
mysql_query(sprintf(
|
||||
"INSERT INTO `boards` VALUES (NULL, '%s', '%s', " .
|
||||
(empty($b['subtitle']) ? 'NULL' : "'%s'" ) .
|
||||
")",
|
||||
mysql_real_escape_string($b['uri']),
|
||||
mysql_real_escape_string($b['title']),
|
||||
mysql_real_escape_string($b['subtitle'])
|
||||
), $sql) or error(mysql_error($sql));
|
||||
$query = prepare("INSERT INTO `boards` VALUES (NULL, :uri, :title, :subtitle)");
|
||||
$query->bindValue(':uri', $b['uri']);
|
||||
$query->bindValue(':title', $b['title']);
|
||||
if(!empty($b['subtitle'])) {
|
||||
$query->bindValue(':subtitle', $b['subtitle']);
|
||||
} else {
|
||||
$query->bindValue(':subtitle', null, PDO::PARAM_NULL);
|
||||
}
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
// Open the board
|
||||
openBoard($b['uri']) or error("Couldn't open board after creation.");
|
||||
|
||||
// Create the posts table
|
||||
mysql_query(Element('posts.sql', Array('board' => $board['uri'])), $sql) or error(mysql_error($sql));
|
||||
query(Element('posts.sql', Array('board' => $board['uri']))) or error(db_error());
|
||||
|
||||
// Build the board
|
||||
buildIndex();
|
||||
|
15
post.php
15
post.php
@ -6,6 +6,7 @@
|
||||
}
|
||||
require 'inc/config.php';
|
||||
require 'inc/template.php';
|
||||
require 'inc/database.php';
|
||||
require 'inc/user.php';
|
||||
|
||||
// Fix for magic quotes
|
||||
@ -191,9 +192,6 @@
|
||||
|
||||
// Todo: Validate some more, remove messy code, allow more specific configuration
|
||||
|
||||
// MySQLify
|
||||
mysql_safe_array($post);
|
||||
|
||||
$id = post($post, $OP);
|
||||
|
||||
if($post['has_file'] && $post['zip']) {
|
||||
@ -295,12 +293,7 @@
|
||||
buildThread(($OP?$id:$post['thread']));
|
||||
|
||||
if(!$OP) {
|
||||
mysql_query(
|
||||
sprintf("UPDATE `posts_%s` SET `bump` = '%d' WHERE `id` = '%s' AND `thread` IS NULL",
|
||||
mysql_real_escape_string($board['uri']),
|
||||
time(),
|
||||
$post['thread']
|
||||
), $sql) or error(mysql_error($sql));
|
||||
bumpThread($post['thread']);
|
||||
}
|
||||
|
||||
buildIndex();
|
||||
@ -318,8 +311,8 @@
|
||||
sql_open();
|
||||
|
||||
// Build all boards
|
||||
$boards_res = mysql_query('SELECT * FROM `boards`', $sql) or error(mysql_error($sql));
|
||||
while($_board = mysql_fetch_array($boards_res)) {
|
||||
$boards = listBoards();
|
||||
foreach($boards as &$_board) {
|
||||
setupBoard($_board);
|
||||
buildIndex();
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user