*/\r
public function readFromName($displayname)\r
{\r
- return $this->read("mname='".sql_real_escape_string($displayname)."'");\r
+ return $this->read('mname='.DB::quoteValue($displayname));\r
}\r
\r
/**\r
// read info\r
$query = 'SELECT * FROM '.sql_table('member') . ' WHERE ' . $where;\r
\r
- $res = sql_query($query);\r
- $obj = sql_fetch_object($res);\r
- \r
- $this->setRealName($obj->mrealname);\r
- $this->setEmail($obj->memail);\r
- $this->password = $obj->mpassword;\r
- $this->setCookieKey($obj->mcookiekey);\r
- $this->setURL($obj->murl);\r
- $this->setDisplayName($obj->mname);\r
- $this->setAdmin($obj->madmin);\r
- $this->id = $obj->mnumber;\r
- $this->setCanLogin($obj->mcanlogin);\r
- $this->setNotes($obj->mnotes);\r
- $this->setLocale($obj->mlocale);\r
- $this->setAutosave($obj->mautosave);\r
- \r
- return sql_num_rows($res);\r
+ $row = DB::getRow($query);\r
+ \r
+ $this->setRealName($row['mrealname']);\r
+ $this->setEmail($row['memail']);\r
+ $this->password = $row['mpassword'];\r
+ $this->setCookieKey($row['mcookiekey']);\r
+ $this->setURL($row['murl']);\r
+ $this->setDisplayName($row['mname']);\r
+ $this->setAdmin($row['madmin']);\r
+ $this->id = $row['mnumber'];\r
+ $this->setCanLogin($row['mcanlogin']);\r
+ $this->setNotes($row['mnotes']);\r
+ $this->setLocale($row['mlocale']);\r
+ $this->setAutosave($row['mautosave']);\r
+ \r
+ return $row ? TRUE : FALSE;\r
}\r
\r
/**\r
$query = 'SELECT tadmin FROM '.sql_table('team').' WHERE'\r
. ' tblog=' . intval($blogid)\r
. ' and tmember='. $this->getID();\r
- $res = sql_query($query);\r
- if ( sql_num_rows($res) == 0 )\r
- return 0;\r
+ $res = DB::getValue($query);\r
+ if ( $res )\r
+ return ($res == 1);\r
else\r
- return ( sql_result($res,0,0) == 1 );\r
+ return 0;\r
}\r
\r
/**\r
$query = 'SELECT * FROM '.sql_table('team').' WHERE'\r
. ' tblog=' . intval($blogid)\r
. ' and tmember='. $this->getID();\r
- $res = sql_query($query);\r
- return (sql_num_rows($res) != 0);\r
+ $res = DB::getResult($query);\r
+ return ($res->rowCount() != 0);\r
}\r
\r
/**\r
// if this is a 'newcat' style newcat\r
// no blog admin of destination blog -> NOK\r
// blog admin of destination blog -> OK\r
- if ( strstr($catid,'newcat') )\r
+ if ( i18n::strpos($catid,'newcat') === 0 )\r
{\r
// get blogid\r
list($blogid) = sscanf($catid,"newcat-%d");\r
$query = 'SELECT citem as itemid, iblog as blogid, cmember as cauthor, iauthor'\r
. ' FROM '.sql_table('comment') .', '.sql_table('item').', '.sql_table('blog')\r
. ' WHERE citem=inumber and iblog=bnumber and cnumber=' . intval($commentid);\r
- $res = sql_query($query);\r
- $obj = sql_fetch_object($res);\r
+ $res = DB::getRow($query);\r
\r
- return ($obj->cauthor == $this->getID()) or $this->isBlogAdmin($obj->blogid) or ($obj->iauthor == $this->getID());\r
+ return ($res['cauthor'] == $this->getID()) or $this->isBlogAdmin($res['blogid']) or ($res['iauthor'] == $this->getID());\r
}\r
\r
/**\r
if ($this->isAdmin()) return 1;\r
\r
$query = 'SELECT iblog, iauthor FROM '.sql_table('item').' WHERE inumber=' . intval($itemid);\r
- $res = sql_query($query);\r
- $obj = sql_fetch_object($res);\r
- return ($obj->iauthor == $this->getID()) or $this->isBlogAdmin($obj->iblog);\r
+ $res = DB::getRow($query);\r
+ return ($res['iauthor'] == $this->getID()) or $this->isBlogAdmin($res['iblog']);\r
}\r
\r
/**\r
*/\r
public function canBeDeleted()\r
{\r
- $res = sql_query('SELECT * FROM '.sql_table('item').' WHERE iauthor=' . $this->getID());\r
- return ( sql_num_rows($res) == 0 );\r
+ $res = DB::getResult('SELECT * FROM '.sql_table('item').' WHERE iauthor=' . $this->getID());\r
+ return ( $res->rowCount() == 0 );\r
}\r
\r
/**\r
// if this is a 'newcat' style newcat\r
// no blog admin of destination blog -> NOK\r
// blog admin of destination blog -> OK\r
- if (strstr($newcat,'newcat'))\r
+ if ( i18n::strpos($newcat, 'newcat') === 0 )\r
{\r
// get blogid\r
- list($blogid) = sscanf($newcat,'newcat-%d');\r
+ list($blogid) = sscanf($newcat, 'newcat-%d');\r
return $this->blogAdminRights($blogid);\r
}\r
\r
}\r
\r
// not a valid category -> NOK\r
- $validCat = quickQuery('SELECT COUNT(*) AS result FROM '.sql_table('category').' WHERE catid='.intval($newcat));\r
+ $validCat = DB::getValue('SELECT COUNT(*) AS result FROM '.sql_table('category').' WHERE catid='.intval($newcat));\r
if ( !$validCat )\r
{\r
return 0;\r
$query = 'SELECT tblog as blogid from '.sql_table('team').' where tadmin=1 and tmember=' . $this->getID();\r
}\r
\r
- $res = sql_query($query);\r
- if ( sql_num_rows($res) > 0 )\r
+ $res = DB::getResult($query);\r
+ if ( $res->rowCount() > 0 )\r
{\r
- while ( $obj = sql_fetch_object($res) )\r
+ foreach ( $res as $row )\r
{\r
- array_push($blogs, $obj->blogid);\r
+ array_push($blogs, $row['blogid']);\r
}\r
}\r
return $blogs;\r
$query = 'SELECT tblog as blogid from '.sql_table('team').' where tmember=' . $this->getID();\r
}\r
\r
- $res = sql_query($query);\r
- if ( sql_num_rows($res) > 0 )\r
+ $res = DB::getResult($query);\r
+ if ( $res->rowCount() > 0 )\r
{\r
- while ( $obj = sql_fetch_object($res) )\r
+ foreach ( $res as $row )\r
{\r
- array_push($blogs, $obj->blogid);\r
+ array_push($blogs, $row['blogid']);\r
}\r
}\r
return $blogs;\r
public function write()\r
{\r
$query = 'UPDATE '.sql_table('member')\r
- . " SET mname='" . sql_real_escape_string($this->displayname) . "', "\r
- . "mrealname='". sql_real_escape_string($this->realname) . "', "\r
- . "mpassword='". sql_real_escape_string($this->password) . "', "\r
- . "mcookiekey='". sql_real_escape_string($this->cookiekey) . "', "\r
- . "murl='" . sql_real_escape_string($this->url) . "', "\r
- . "memail='" . sql_real_escape_string($this->email) . "', "\r
- . "madmin=" . intval($this->admin) . ", "\r
- . "mnotes='" . sql_real_escape_string($this->notes) . "', "\r
- . "mcanlogin=" . intval($this->canlogin) . ", "\r
- . "mlocale='" . sql_real_escape_string($this->locale) . "', "\r
- . "mautosave=" . intval($this->autosave) . " "\r
- . "WHERE mnumber=" . intval($this->id);\r
- sql_query($query);\r
+ . ' SET mname=' . DB::quoteValue($this->displayname) . ', '\r
+ . 'mrealname='. DB::quoteValue($this->realname) . ', '\r
+ . 'mpassword='. DB::quoteValue($this->password) . ', '\r
+ . 'mcookiekey='. DB::quoteValue($this->cookiekey) . ', '\r
+ . 'murl=' . DB::quoteValue($this->url) . ', '\r
+ . 'memail=' . DB::quoteValue($this->email) . ', '\r
+ . 'madmin=' . intval($this->admin) . ', '\r
+ . 'mnotes=' . DB::quoteValue($this->notes) . ', '\r
+ . 'mcanlogin=' . intval($this->canlogin) . ', '\r
+ . 'mlocale=' . DB::quoteValue($this->locale) . ', '\r
+ . 'mautosave=' . intval($this->autosave) . ' '\r
+ . 'WHERE mnumber=' . intval($this->id);\r
+ DB::execute($query);\r
return;\r
}\r
\r
\r
public function setLocale($locale)\r
{\r
- if ( !!preg_match('#^(.+)_(.+)_(.+)$#', $locale)\r
+ if ( !preg_match('#^(.+)_(.+)_(.+)$#', $locale)\r
&& ($locale = i18n::convert_old_language_file_name_to_locale($locale)) === FALSE )\r
{\r
$locale = '';\r
*/\r
public static function exists($name)\r
{\r
- $r = sql_query('select * FROM '.sql_table('member')." WHERE mname='".sql_real_escape_string($name)."'");\r
- return ( sql_num_rows($r) != 0 );\r
+ $r = DB::getResult('SELECT * FROM ' . sql_table('member') . ' WHERE mname=' . DB::quoteValue($name));\r
+ return ( $r->rowCount() != 0 );\r
}\r
\r
/**\r
*/\r
public static function existsID($id)\r
{\r
- $r = sql_query('select * FROM '.sql_table('member')." WHERE mnumber='".intval($id)."'");\r
- return (sql_num_rows($r) != 0);\r
+ $r = DB::getResult('SELECT * FROM ' . sql_table('member') . ' WHERE mnumber=' . intval($id));\r
+ return ( $r->rowCount() != 0 );\r
}\r
\r
/**\r
$url = 'http://' . $url;\r
}\r
\r
- $name = sql_real_escape_string($name);\r
- $realname = sql_real_escape_string($realname);\r
+ $name = DB::quoteValue($name);\r
+ $realname = DB::quoteValue($realname);\r
/* NOTE: hashed password is automatically updated if the length is 32 bytes when logging in */\r
- $password = sql_real_escape_string(md5($password));\r
- $email = sql_real_escape_string($email);\r
- $url = sql_real_escape_string($url);\r
+ $password = DB::quoteValue(md5($password));\r
+ $email = DB::quoteValue($email);\r
+ $url = DB::quoteValue($url);\r
$admin = (integer) $admin;\r
$canlogin = (integer) $canlogin;\r
- $notes = sql_real_escape_string($notes);\r
+ $notes = DB::quoteValue($notes);\r
\r
$query = "INSERT INTO %s"\r
. " (MNAME,MREALNAME,MPASSWORD,MEMAIL,MURL, MADMIN, MCANLOGIN, MNOTES)"\r
- . " VALUES ('%s','%s','%s','%s','%s',%d, %d, '%s')";\r
- $query = sprintf($query, sql_table(member), $name, $realname, $password, $email, $url, $admin, $canlogin, $notes);\r
- sql_query($query);\r
+ . " VALUES (%s, %s, %s, %s, %s, %d, %d, %s)";\r
+ $query = sprintf($query, sql_table('member'), $name, $realname, $password, $email, $url, $admin, $canlogin, $notes);\r
+ DB::execute($query);\r
\r
ActionLog::add(INFO, _ACTIONLOG_NEWMEMBER . ' ' . $name);\r
\r
*/\r
public static function getActivationInfo($key)\r
{\r
- $query = 'SELECT * FROM ' . sql_table('activation') . ' WHERE vkey=\'' . sql_real_escape_string($key). '\'';\r
- $res = sql_query($query);\r
+ $query = 'SELECT * FROM ' . sql_table('activation') . ' WHERE vkey=' . DB::quoteValue($key);\r
+ $res = DB::getResult($query);\r
\r
- if ( !$res || (sql_num_rows($res) == 0) )\r
+ if ( !$res || ($res->rowCount() == 0) )\r
{\r
return 0;\r
}\r
- return sql_fetch_object($res);\r
+ return $res->fetch();\r
}\r
\r
/**\r
\r
// kill any existing entries for the current member (delete is ok)\r
// (only one outstanding activation key can be present for a member)\r
- sql_query('DELETE FROM ' . sql_table('activation') . ' WHERE vmember=' . intval($this->getID()));\r
+ DB::execute('DELETE FROM ' . sql_table('activation') . ' WHERE vmember=' . intval($this->getID()));\r
\r
// indicates if the member can log in while the link is active\r
$canLoginWhileActive = false;\r
// attempt to add entry in database\r
// add in database as non-active\r
$query = 'INSERT INTO ' . sql_table('activation'). ' (vkey, vtime, vmember, vtype, vextra) ';\r
- $query .= 'VALUES (\'' . sql_real_escape_string($key). '\', \'' . date('Y-m-d H:i:s',time()) . '\', \'' . intval($this->getID()). '\', \'' . sql_real_escape_string($type). '\', \'' . sql_real_escape_string($extra). '\')';\r
- if ( sql_query($query) )\r
+ $query .= 'VALUES (' . DB::quoteValue($key). ', \'' . date('Y-m-d H:i:s',time()) . '\', ' . intval($this->getID()). ', ' . DB::quoteValue($type). ', ' . DB::quoteValue($extra). ')';\r
+ if ( DB::execute($query) !== FALSE )\r
$ok = true;\r
}\r
\r
return false;\r
}\r
\r
- switch ( $info->vtype )\r
+ switch ( $info['vtype'] )\r
{\r
case 'forgot':\r
// nothing to do\r
case 'register':\r
// set canlogin value\r
global $CONF;\r
- sql_query('UPDATE ' . sql_table('member') . ' SET mcanlogin=' . intval($CONF['NewMemberCanLogon']). ' WHERE mnumber=' . intval($info->vmember));\r
+ DB::execute('UPDATE ' . sql_table('member') . ' SET mcanlogin=' . intval($CONF['NewMemberCanLogon']). ' WHERE mnumber=' . intval($info['vmember']));\r
break;\r
case 'addresschange':\r
// reset old 'canlogin' value\r
- list($oldEmail, $oldCanLogin) = preg_split('#/#', $info->vextra);\r
- sql_query('UPDATE ' . sql_table('member') . ' SET mcanlogin=' . intval($oldCanLogin). ' WHERE mnumber=' . intval($info->vmember));\r
+ list($oldEmail, $oldCanLogin) = preg_split('#/#', $info['vextra']);\r
+ DB::execute('UPDATE ' . sql_table('member') . ' SET mcanlogin=' . intval($oldCanLogin). ' WHERE mnumber=' . intval($info['vmember']));\r
break;\r
}\r
\r
// delete from activation table\r
- sql_query('DELETE FROM ' . sql_table('activation') . ' WHERE vkey=\'' . sql_real_escape_string($key) . '\'');\r
+ DB::execute('DELETE FROM ' . sql_table('activation') . ' WHERE vkey=' . DB::quoteValue($key));\r
\r
// success!\r
return true;\r
$boundary = time() - (60 * 60 * 24 * $actdays);\r
\r
// 1. walk over all entries, and see if special actions need to be performed\r
- $res = sql_query('SELECT * FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s',$boundary) . '\'');\r
+ $res = DB::getResult('SELECT * FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s',$boundary) . '\'');\r
\r
- while ( $o = sql_fetch_object($res) )\r
+ foreach ( $res as $row )\r
{\r
- switch ( $o->vtype )\r
+ switch ( $row['vtype'] )\r
{\r
case 'register':\r
// delete all information about this site member. registration is undone because there was\r
// no timely activation\r
include_once($DIR_LIBS . 'ADMIN.php');\r
- Admin::deleteOneMember(intval($o->vmember));\r
+ Admin::deleteOneMember(intval($row['vmember']));\r
break;\r
case 'addresschange':\r
// revert the e-mail address of the member back to old address\r
- list($oldEmail, $oldCanLogin) = preg_split('#/#', $o->vextra);\r
- sql_query('UPDATE ' . sql_table('member') . ' SET mcanlogin=' . intval($oldCanLogin). ', memail=\'' . sql_real_escape_string($oldEmail). '\' WHERE mnumber=' . intval($o->vmember));\r
+ list($oldEmail, $oldCanLogin) = preg_split('#/#', $row['vextra']);\r
+ DB::execute('UPDATE ' . sql_table('member') . ' SET mcanlogin=' . intval($oldCanLogin). ', memail=' . DB::quoteValue($oldEmail). ' WHERE mnumber=' . intval($row['vmember']));\r
break;\r
case 'forgot':\r
// delete the activation link and ignore. member can request a new password using the\r
}\r
\r
// 2. delete activation entries for real\r
- sql_query('DELETE FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s',$boundary) . '\'');\r
+ DB::execute('DELETE FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s',$boundary) . '\'');\r
return;\r
}\r
\r