kashire/lainchan
4
0
Fork 0
Code Issues 18 Pull Requests Releases Wiki Activity

Use PDO for databases

Browse Source
This commit is contained in:
Savetheinternet 2010-12-18 01:18:03 +11:00
parent 139514402d
commit 574256a01a
7 changed files with 207 additions and 200 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
inc/config.php
View File

@ -10,10 +10,16 @@
*/ */
// Database stuff // Database stuff
define('MY_SERVER', 'localhost', true);
define('MY_USER', '', true); // "mysql", "mysqli", "pgsql", "mssql"
define('MY_PASSWORD', '', true); define('DB_TYPE', 'mysql', true);
define('MY_DATABASE', '', true); // Hostname or IP address
define('DB_SERVER', 'localhost', true);
// Login
define('DB_USER', '', true);
define('DB_PASSWORD', '', true);
// TinyBoard database
define('DB_DATABASE', '', true);
// The name of the session cookie (PHP's $_SESSION) // The name of the session cookie (PHP's $_SESSION)
define('SESS_COOKIE', 'imgboard', true); define('SESS_COOKIE', 'imgboard', true);

39
inc/database.php Normal file
View File

@ -0,0 +1,39 @@
<?php
function sql_open() {
global $pdo;
if($pdo) return true;
try {
return $pdo = new PDO(DB_TYPE . ':host=' . DB_SERVER . ';dbname=' . DB_DATABASE, DB_USER, DB_PASSWORD);
} catch(PDOException $e) {
error('Database error.');
}
}
function sql_close() {
global $pdo;
$pdo = NULL;
}
function prepare($query) {
global $pdo;
return $pdo->prepare($query);
}
function query($query) {
global $pdo;
return $pdo->query($query);
}
function db_error($PDOStatement=null) {
global $pdo;
if(isset($PDOStatement)) {
$err = $PDOStatement->errorInfo();
return $err[2];
} else {
$err = $pdo->errorInfo();
return $err[2];
}
}
?>

257
inc/functions.php
View File

@ -8,22 +8,6 @@
array_values($replaces), $str); array_values($replaces), $str);
} }
function sql_open() {
global $sql;
$sql = @mysql_connect(MY_SERVER, MY_USER, MY_PASSWORD) or error('Database error.');
@mysql_select_db(MY_DATABASE, $sql) or error('Database error.');
}
function sql_close() {
global $sql;
@mysql_close($sql);
}
function mysql_safe_array(&$array) {
foreach($array as &$item) {
$item = mysql_real_escape_string($item);
}
}
function setupBoard($array) { function setupBoard($array) {
global $board; global $board;
@ -45,94 +29,91 @@
function openBoard($uri) { function openBoard($uri) {
global $sql; global $sql;
sql_open(); sql_open();
$boards_res = mysql_query(sprintf(
"SELECT * FROM `boards` WHERE `uri` = '%s' LIMIT 1",
mysql_real_escape_string($uri)
), $sql) or error(mysql_error($sql));
if($_board = mysql_fetch_array($boards_res)) { $query = prepare("SELECT * FROM `boards` WHERE `uri` = :uri LIMIT 1");
setupBoard($_board); $query->bindValue(':uri', $uri);
$query->execute() or error(db_error($query));
if($board = $query->fetch()) {
setupBoard($board);
return true; return true;
} else return false; } else return false;
} }
function listBoards() { function listBoards() {
global $sql; $query = query("SELECT * FROM `boards`") or error(db_error());
sql_open(); $boards = $query->fetchAll();
$boards_res = mysql_query("SELECT * FROM `boards`", $sql) or error(mysql_error($sql));
$boards = Array();
while($_board = mysql_fetch_array($boards_res)) {
$boards[] = $_board;
}
return $boards; return $boards;
} }
function threadExists($id) { function threadExists($id) {
global $sql, $board; global $board;
$thread_res = mysql_query(sprintf(
"SELECT 1 FROM `posts_%s` WHERE `id` = '%d' AND `thread` IS NULL LIMIT 1",
mysql_real_escape_string($board['uri']),
$id
), $sql) or error(mysql_error($sql));
if(mysql_num_rows($thread_res) > 0) { $query = prepare(sprintf("SELECT 1 FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri']));
$query->bindParam(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error());
if($query->rowCount()) {
return true; return true;
} else return false; } else return false;
} }
function post($post, $OP) { function post($post, $OP) {
global $sql, $board; global $pdo, $board;
$query = prepare(sprintf("INSERT INTO `posts_%s` VALUES ( NULL, :thread, :subject, :email, :name, :trip, :body, :time, :time, :thumb, :thumbwidth, :thumbheight, :file, :width, :height, :filesize, :filename, :filehash, :password, :ip, :sticky)", $board['uri']));
// Basic stuff
$query->bindValue(':subject', $post['subject']);
$query->bindValue(':email', $post['email']);
$query->bindValue(':name', $post['name']);
$query->bindValue(':trip', $post['trip']);
$query->bindValue(':body', $post['body']);
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->bindValue(':password', $post['password']);
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':sticky', 0, PDO::PARAM_INT);
if($OP) { if($OP) {
mysql_query( // No parent thread, image
sprintf("INSERT INTO `posts_%s` VALUES ( NULL, NULL, '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s', '0')", $query->bindValue(':thread', null, PDO::PARAM_NULL);
mysql_real_escape_string($board['uri']),
$post['subject'],
$post['email'],
$post['name'],
$post['trip'],
$post['body'],
time(),
time(),
$post['thumb'],
$post['thumbwidth'],
$post['thumbheight'],
$post['file'],
$post['width'],
$post['height'],
$post['filesize'],
$post['filename'],
$post['filehash'],
$post['password'],
mysql_real_escape_string($_SERVER['REMOTE_ADDR'])
), $sql) or error(mysql_error($sql));
return mysql_insert_id($sql);
} else { } else {
mysql_query( $query->bindValue(':thread', $post['thread'], PDO::PARAM_INT);
sprintf("INSERT INTO `posts_%s` VALUES ( NULL, '%d', '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s', '0')",
mysql_real_escape_string($board['uri']),
$post['thread'],
$post['subject'],
$post['email'],
$post['name'],
$post['trip'],
$post['body'],
time(),
time(),
$post['has_file']?$post['thumb']:null,
$post['has_file']?$post['thumbwidth']:null,
$post['has_file']?$post['thumbheight']:null,
$post['has_file']?$post['file']:null,
$post['has_file']?$post['width']:null,
$post['has_file']?$post['height']:null,
$post['has_file']?$post['filesize']:null,
$post['has_file']?$post['filename']:null,
$post['has_file']?$post['filehash']:null,
$post['password'],
mysql_real_escape_string($_SERVER['REMOTE_ADDR'])
), $sql) or error(mysql_error($sql));
return mysql_insert_id($sql);
} }
if($post['has_file']) {
$query->bindValue(':thumb', $post['thumb']);
$query->bindValue(':thumbwidth', $post['thumbwidth'], PDO::PARAM_INT);
$query->bindValue(':thumbheight', $post['thumbheight'], PDO::PARAM_INT);
$query->bindValue(':file', $post['file']);
$query->bindValue(':width', $post['width'], PDO::PARAM_INT);
$query->bindValue(':height', $post['height'], PDO::PARAM_INT);
$query->bindValue(':filesize', $post['filesize'], PDO::PARAM_INT);
$query->bindValue(':filename', $post['filesize']);
$query->bindValue(':filehash', $post['filesize']);
} else {
$query->bindValue(':thumb', null, PDO::PARAM_NULL);
$query->bindValue(':thumbwidth', null, PDO::PARAM_NULL);
$query->bindValue(':thumbheight', null, PDO::PARAM_NULL);
$query->bindValue(':file', null, PDO::PARAM_NULL);
$query->bindValue(':width', null, PDO::PARAM_NULL);
$query->bindValue(':height', null, PDO::PARAM_NULL);
$query->bindValue(':filesize', null, PDO::PARAM_NULL);
$query->bindValue(':filename', null, PDO::PARAM_NULL);
$query->bindValue(':filehash', null, PDO::PARAM_NULL);
}
$query->execute() or error(db_error($query));
return $pdo->lastInsertId();
}
function bumpThread($id) {
global $board;
$query = prepare(sprintf("UPDATE `posts_%s` SET `bump` = :time WHERE `id` = :id AND `thread` IS NULL", $board['uri']));
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
} }
function index($page, $mod=false) { function index($page, $mod=false) {
@ -142,57 +123,52 @@
$offset = round($page*THREADS_PER_PAGE-THREADS_PER_PAGE); $offset = round($page*THREADS_PER_PAGE-THREADS_PER_PAGE);
sql_open(); sql_open();
$query = mysql_query(sprintf(
"SELECT * FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT %d,%d",
mysql_real_escape_string($board['uri']),
$offset,
THREADS_PER_PAGE
), $sql) or error(mysql_error($sql));
if(mysql_num_rows($query) < 1 && $page > 1) return false; $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT ?,?", $board['uri']));
while($th = mysql_fetch_array($query)) { $query->bindValue(1, $offset, PDO::PARAM_INT);
$query->bindValue(2, THREADS_PER_PAGE, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($query->rowcount() < 1 && $page > 1) return false;
while($th = $query->fetch()) {
$thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $th['sticky'], $mod ? '?/' : ROOT); $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $th['sticky'], $mod ? '?/' : ROOT);
$newposts = mysql_query(sprintf( $posts = prepare(sprintf("SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = ? ORDER BY `time` DESC LIMIT ?", $board['uri']));
"SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = '%s' ORDER BY `time` DESC LIMIT %d", $posts->bindValue(1, $th['id']);
mysql_real_escape_string($board['uri']), $posts->bindValue(2, THREADS_PREVIEW, PDO::PARAM_INT);
$th['id'], $posts->execute() or error(db_error($posts));
THREADS_PREVIEW
), $sql) or error(mysql_error($sql)); if($posts->rowCount() == THREADS_PREVIEW) {
if(mysql_num_rows($newposts) == THREADS_PREVIEW) { $count = prepare(sprintf("SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` = ?", $board['uri']));
$count_query = mysql_query(sprintf( $count->bindValue(1, $th['id']);
"SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` = '%s'", $count->execute() or error(db_error($count));
mysql_real_escape_string($board['uri']),
$th['id'] $count = $count->fetch();
), $sql) or error(mysql_error($sql));
$count = mysql_fetch_array($count_query);
$omitted = $count['num'] - THREADS_PREVIEW; $omitted = $count['num'] - THREADS_PREVIEW;
$thread->omitted = $omitted; $thread->omitted = $omitted;
mysql_free_result($count_query);
unset($count); unset($count);
unset($omitted); unset($omitted);
} }
while($po = mysql_fetch_array($newposts)) {
while($po = $posts->fetch()) {
$thread->add(new Post($po['id'], $th['id'], $po['subject'], $po['email'], $po['name'], $po['trip'], $po['body'], $po['time'], $po['thumb'], $po['thumbwidth'], $po['thumbheight'], $po['file'], $po['filewidth'], $po['fileheight'], $po['filesize'], $po['filename'], $po['ip'], $mod ? '?/' : ROOT)); $thread->add(new Post($po['id'], $th['id'], $po['subject'], $po['email'], $po['name'], $po['trip'], $po['body'], $po['time'], $po['thumb'], $po['thumbwidth'], $po['thumbheight'], $po['file'], $po['filewidth'], $po['fileheight'], $po['filesize'], $po['filename'], $po['ip'], $mod ? '?/' : ROOT));
} }
mysql_free_result($newposts);
$thread->posts = array_reverse($thread->posts); $thread->posts = array_reverse($thread->posts);
$body .= $thread->build(true); $body .= $thread->build(true);
} }
mysql_free_result($query);
return Array('button'=>BUTTON_NEWTOPIC, 'board'=>$board, 'body'=>$body, 'post_url' => POST_URL, 'index' => ROOT); return Array('button'=>BUTTON_NEWTOPIC, 'board'=>$board, 'body'=>$body, 'post_url' => POST_URL, 'index' => ROOT);
} }
function getPages($mod=false) { function getPages($mod=false) {
global $sql, $board; global $sql, $board;
$res = mysql_query(sprintf( // Count threads
"SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` IS NULL", $query = query(sprintf("SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error());
mysql_real_escape_string($board['uri'])
), $sql) or error(mysql_error($sql)); $count = current($query->fetch());
$arr = mysql_fetch_array($res); $count = floor((THREADS_PER_PAGE + $count - 1) / THREADS_PER_PAGE);
$count = floor((THREADS_PER_PAGE + $arr['num'] - 1) / THREADS_PER_PAGE);
$pages = Array(); $pages = Array();
for($x=0;$x<$count && $x<MAX_PAGES;$x++) { for($x=0;$x<$count && $x<MAX_PAGES;$x++) {
@ -256,18 +232,15 @@
strlen($cites[1][$index]), strlen($cites[1][$index]),
strlen($cites[3][$index]), strlen($cites[3][$index]),
); );
$query = prepare(sprintf("SELECT `thread`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri']));
$query->bindValue(':id', $cite);
$query->execute() or error(db_error($query));
$result = mysql_query(sprintf( if($post = $query->fetch()) {
"SELECT `thread`,`id` FROM `posts_%s` WHERE `id` = '%d' LIMIT 1",
mysql_real_escape_string($board['uri']),
$cite
), $sql) or error(mysql_error($sql));
if($post = mysql_fetch_array($result)) {
$replacement = '<a onclick="highlightReply(\''.$cite.'\');" href="' . ROOT . $board['dir'] . DIR_RES . ($post['thread']?$post['thread']:$post['id']) . '.html#' . $cite . '">&gt;&gt;' . $cite . '</a>'; $replacement = '<a onclick="highlightReply(\''.$cite.'\');" href="' . ROOT . $board['dir'] . DIR_RES . ($post['thread']?$post['thread']:$post['id']) . '.html#' . $cite . '">&gt;&gt;' . $cite . '</a>';
} else { } else {
$replacement = "&gt;&gt;{$cite}"; $replacement = "&gt;&gt;{$cite}";
} }
mysql_free_result($result);
// Find the position of the cite // Find the position of the cite
$position = strpos($body, $cites[0][$index]); $position = strpos($body, $cites[0][$index]);
@ -337,39 +310,39 @@
} }
function buildThread($id, $return=false, $mod=false) { function buildThread($id, $return=false, $mod=false) {
global $sql, $board; global $board;
$id = round($id); $id = round($id);
$query = mysql_query(sprintf( $query = prepare(sprintf("SELECT `id`,`thread`,`subject`,`name`,`email`,`trip`,`body`,`time`,`thumb`,`thumbwidth`,`thumbheight`,`file`,`filewidth`,`fileheight`,`filesize`,`filename`,`ip`,`sticky` FROM `posts_%s` WHERE (`thread` IS NULL AND `id` = :id) OR `thread` = :id ORDER BY `thread`,`time`", $board['uri']));
"SELECT `id`,`thread`,`subject`,`name`,`email`,`trip`,`body`,`time`,`thumb`,`thumbwidth`,`thumbheight`,`file`,`filewidth`,`fileheight`,`filesize`,`filename`,`ip`,`sticky` FROM `posts_%s` WHERE (`thread` IS NULL AND `id` = '%d') OR `thread` = '%d' ORDER BY `thread`,`time`", $query->bindValue(':id', $id, PDO::PARAM_INT);
mysql_real_escape_string($board['uri']), $query->execute() or error(db_error($query));
$id,
$id
), $sql) or error(mysql_error($sql));
while($post = mysql_fetch_array($query)) { while($post = $query->fetch()) {
if(!isset($thread)) { if(!isset($thread)) {
$thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $mod ? '?/' : ROOT); $thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $mod ? '?/' : ROOT);
} else { } else {
$thread->add(new Post($post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : ROOT)); $thread->add(new Post($post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : ROOT));
} }
} }
$body = Element('thread.html', Array(
'button'=>BUTTON_REPLY, // Check if any posts were found
'board'=>$board, if(!isset($thread)) error(ERROR_NONEXISTANT);
'body'=>$thread->build(),
'post_url' => POST_URL, $body = Element('thread.html', Array(
'index' => ROOT, 'button'=>BUTTON_REPLY,
'id' => $id, 'board'=>$board,
'mod' => $mod, 'body'=>$thread->build(),
'return' => ($mod ? '?' . $board['url'] . FILE_INDEX : ROOT . $board['uri'] . '/' . FILE_INDEX) 'post_url' => POST_URL,
)); 'index' => ROOT,
'id' => $id,
'mod' => $mod,
'return' => ($mod ? '?' . $board['url'] . FILE_INDEX : ROOT . $board['uri'] . '/' . FILE_INDEX)
));
if($return) if($return)
return $body; return $body;
else else
@file_put_contents($board['dir'] . DIR_RES . sprintf(FILE_PAGE, $id), $body) or error("Couldn't write to file."); @file_put_contents($board['dir'] . DIR_RES . sprintf(FILE_PAGE, $id), $body) or error("Couldn't write to file.");
mysql_free_result($query);
} }
function generate_tripcode ( $name, $length = 10 ) { function generate_tripcode ( $name, $length = 10 ) {

13
inc/instance-config.php
View File

@ -9,15 +9,16 @@
*/ */
/*
// Database stuff // Database stuff
define('MY_SERVER', '127.0.0.1'); define('DB_TYPE', 'mysql');
define('MY_USER', ''); define('DB_SERVER', 'localhost');
define('MY_PASSWORD', ''); define('DB_USER', '');
define('MY_DATABASE', ''); define('DB_PASSWORD', '');
define('DB_DATABASE', '');
define('ROOT', '/'); define('ROOT', '/');
// define('FOO', 'bar'); // define('FOO', 'bar');
*/
?> ?>

35
inc/mod.php
View File

@ -17,13 +17,12 @@
$password = sha1($password); $password = sha1($password);
} }
$res = mysql_query(sprintf( $query = prepare("SELECT `id`,`type` FROM `mods` WHERE `username` = :username AND `password` = :password LIMIT 1");
"SELECT `id`,`type` FROM `mods` WHERE `username` = '%s' AND `password` = '%s' LIMIT 1", $query->bindValue(':username', $username);
mysql_real_escape_string($username), $query->bindValue(':password', $password);
$password $query->execute();
), $sql) or error(mysql_error($sql));
if($user = mysql_fetch_array($res)) { if($user = $query->fetch()) {
return $mod = Array( return $mod = Array(
'id' => $user['id'], 'id' => $user['id'],
'type' => $user['type'], 'type' => $user['type'],
@ -142,22 +141,19 @@
// Delete a post (reply or thread) // Delete a post (reply or thread)
function deletePost($id) { function deletePost($id) {
global $board, $sql; global $board;
// Select post and replies (if thread) in one query // Select post and replies (if thread) in one query
$post_res = mysql_query(sprintf( $query = prepare(sprintf("SELECT `id`,`thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri']));
"SELECT `id`,`thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = '%d' OR `thread` = '%d'", $query->bindValue(':id', $id, PDO::PARAM_INT);
mysql_real_escape_string($board['uri']), $query->execute() or error(db_error($query));
$id,
$id
), $sql) or error(mysql_error($sql));
if(mysql_num_rows($post_res) < 1) { if($query->rowCount() < 1) {
error(ERROR_INVALIDPOST); error(ERROR_INVALIDPOST);
} }
// Delete posts and maybe replies // Delete posts and maybe replies
while($post = mysql_fetch_array($post_res)) { while($post = $query->fetch()) {
if(!$post['thread']) { if(!$post['thread']) {
// Delete thread HTML page // Delete thread HTML page
@unlink($board['dir'] . DIR_RES . sprintf(FILE_PAGE, $post['id'])); @unlink($board['dir'] . DIR_RES . sprintf(FILE_PAGE, $post['id']));
@ -172,11 +168,8 @@
} }
} }
mysql_query(sprintf( $query = prepare(sprintf("DELETE FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri']));
"DELETE FROM `posts_%s` WHERE `id` = '%d' OR `thread` = '%d'", $query->bindValue(':id', $id, PDO::PARAM_INT);
mysql_real_escape_string($board['uri']), $query->execute() or error(db_error($query));
$id,
$id
), $sql) or error(mysql_error($sql));
} }
?> ?>

20
mod.php
View File

@ -6,6 +6,7 @@
} }
require 'inc/config.php'; require 'inc/config.php';
require 'inc/template.php'; require 'inc/template.php';
require 'inc/database.php';
require 'inc/user.php'; require 'inc/user.php';
require 'inc/mod.php'; require 'inc/mod.php';
@ -175,20 +176,21 @@
if(!preg_match('/^\w+$/', $b['uri'])) if(!preg_match('/^\w+$/', $b['uri']))
error(sprintf(ERROR_INVALIDFIELD, 'URI')); error(sprintf(ERROR_INVALIDFIELD, 'URI'));
mysql_query(sprintf( $query = prepare("INSERT INTO `boards` VALUES (NULL, :uri, :title, :subtitle)");
"INSERT INTO `boards` VALUES (NULL, '%s', '%s', " . $query->bindValue(':uri', $b['uri']);
(empty($b['subtitle']) ? 'NULL' : "'%s'" ) . $query->bindValue(':title', $b['title']);
")", if(!empty($b['subtitle'])) {
mysql_real_escape_string($b['uri']), $query->bindValue(':subtitle', $b['subtitle']);
mysql_real_escape_string($b['title']), } else {
mysql_real_escape_string($b['subtitle']) $query->bindValue(':subtitle', null, PDO::PARAM_NULL);
), $sql) or error(mysql_error($sql)); }
$query->execute() or error(db_error($query));
// Open the board // Open the board
openBoard($b['uri']) or error("Couldn't open board after creation."); openBoard($b['uri']) or error("Couldn't open board after creation.");
// Create the posts table // Create the posts table
mysql_query(Element('posts.sql', Array('board' => $board['uri'])), $sql) or error(mysql_error($sql)); query(Element('posts.sql', Array('board' => $board['uri']))) or error(db_error());
// Build the board // Build the board
buildIndex(); buildIndex();

15
post.php
View File

@ -6,6 +6,7 @@
} }
require 'inc/config.php'; require 'inc/config.php';
require 'inc/template.php'; require 'inc/template.php';
require 'inc/database.php';
require 'inc/user.php'; require 'inc/user.php';
// Fix for magic quotes // Fix for magic quotes
@ -191,9 +192,6 @@
// Todo: Validate some more, remove messy code, allow more specific configuration // Todo: Validate some more, remove messy code, allow more specific configuration
// MySQLify
mysql_safe_array($post);
$id = post($post, $OP); $id = post($post, $OP);
if($post['has_file'] && $post['zip']) { if($post['has_file'] && $post['zip']) {
@ -295,12 +293,7 @@
buildThread(($OP?$id:$post['thread'])); buildThread(($OP?$id:$post['thread']));
if(!$OP) { if(!$OP) {
mysql_query( bumpThread($post['thread']);
sprintf("UPDATE `posts_%s` SET `bump` = '%d' WHERE `id` = '%s' AND `thread` IS NULL",
mysql_real_escape_string($board['uri']),
time(),
$post['thread']
), $sql) or error(mysql_error($sql));
} }
buildIndex(); buildIndex();
@ -318,8 +311,8 @@
sql_open(); sql_open();
// Build all boards // Build all boards
$boards_res = mysql_query('SELECT * FROM `boards`', $sql) or error(mysql_error($sql)); $boards = listBoards();
while($_board = mysql_fetch_array($boards_res)) { foreach($boards as &$_board) {
setupBoard($_board); setupBoard($_board);
buildIndex(); buildIndex();
} }