Changeset 130
- Timestamp:
- May 30, 2006 9:30:35 PM (18 years ago)
- Location:
- branches/2.0singleton
- Files:
-
- 22 edited
-
bin/file_importer.php (modified) (3 diffs)
-
bin/module_maker/form_template.cli.php (modified) (2 diffs)
-
bin/module_maker/list_template.cli.php (modified) (2 diffs)
-
bin/module_maker/module.cli.php (modified) (2 diffs)
-
bin/module_maker/skel/admin.php (modified) (12 diffs)
-
bin/module_maker/skel/public.php (modified) (6 diffs)
-
bin/module_maker/sql.cli.php (modified) (9 diffs)
-
bin/module_maker/validation.cli.php (modified) (2 diffs)
-
docs/coding_standards.txt (modified) (1 diff)
-
lib/Auth_SQL.inc.php (modified) (24 diffs)
-
lib/Hierarchy.inc.php (modified) (21 diffs)
-
lib/PageNumbers.inc.php (modified) (1 diff)
-
lib/RecordLock.inc.php (modified) (15 diffs)
-
lib/RecordVersion.inc.php (modified) (18 diffs)
-
lib/SortOrder.inc.php (modified) (2 diffs)
-
lib/TemplateGlue.inc.php (modified) (5 diffs)
-
lib/Utilities.inc.php (modified) (1 diff)
-
services/admins.php (modified) (15 diffs)
-
tests/AppTest.php (modified) (1 diff)
-
tests/Auth_SQLTest.php (modified) (6 diffs)
-
tests/RecordLockTest.php (modified) (3 diffs)
-
tests/RecordVersionTest.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/2.0singleton/bin/file_importer.php
r127 r130 9 9 10 10 $app =& App::getInstance(); 11 $db =& DB::getInstance(); 12 11 13 12 14 // Test arguments. … … 33 35 preg_match('/BALANCE:\s*\$([\.\d]+)/', $file_text, $amt); 34 36 $file_date = date('Y-m-d', strtotime(preg_replace('|[^_]*_|', '', basename($file)))); 35 // DB::query("37 // $db->query(" 36 38 // INSERT INTO invoice_tbl ( 37 39 // client_id, … … 45 47 // added_datetime 46 48 // ) VALUES ( 47 // '" . DB::escapeString(0) . "',48 // '" . DB::escapeString('hosting') . "',49 // '" . DB::escapeString($file_date) . "',50 // '" . DB::escapeString($amt[1]) . "',51 // '" . DB::escapeString('Paid') . "',52 // '" . DB::escapeString('') . "',53 // '" . DB::escapeString($file_text) . "',54 // '" . DB::escapeString($file_date) . "',49 // '" . $db->escapeString(0) . "', 50 // '" . $db->escapeString('hosting') . "', 51 // '" . $db->escapeString($file_date) . "', 52 // '" . $db->escapeString($amt[1]) . "', 53 // '" . $db->escapeString('Paid') . "', 54 // '" . $db->escapeString('') . "', 55 // '" . $db->escapeString($file_text) . "', 56 // '" . $db->escapeString($file_date) . "', 55 57 // NOW() 56 58 // ) -
branches/2.0singleton/bin/module_maker/form_template.cli.php
r127 r130 17 17 18 18 // Get DB tables. 19 $qid = DB::query("SHOW TABLES");19 $qid = $db->query("SHOW TABLES"); 20 20 while (list($row) = mysql_fetch_row($qid)) { 21 21 $tables[] = $row; … … 28 28 29 29 // Get DB table column info. 30 $qid = DB::query("DESCRIBE " . DB::escapeString($db_tbl));30 $qid = $db->query("DESCRIBE " . $db->escapeString($db_tbl)); 31 31 while ($row = mysql_fetch_row($qid)) { 32 32 $cols[] = $row; -
branches/2.0singleton/bin/module_maker/list_template.cli.php
r127 r130 30 30 31 31 // Get DB tables. 32 $qid = DB::query("SHOW TABLES");32 $qid = $db->query("SHOW TABLES"); 33 33 while (list($row) = mysql_fetch_row($qid)) { 34 34 $tables[] = $row; … … 41 41 42 42 // Get DB table column info. 43 $qid = DB::query("DESCRIBE " . DB::escapeString($db_tbl));43 $qid = $db->query("DESCRIBE " . $db->escapeString($db_tbl)); 44 44 while ($row = mysql_fetch_row($qid)) { 45 45 $cols[] = $row; -
branches/2.0singleton/bin/module_maker/module.cli.php
r127 r130 129 129 130 130 // Get DB tables. 131 $qid = DB::query("SHOW TABLES");131 $qid = $db->query("SHOW TABLES"); 132 132 while (list($row) = mysql_fetch_row($qid)) { 133 133 $tables[] = $row; … … 141 141 // Ensure requested table contains columns. 142 142 // Get DB table column info. 143 $qid = DB::query("DESCRIBE " . DB::escapeString($db_tbl));143 $qid = $db->query("DESCRIBE " . $db->escapeString($db_tbl)); 144 144 while ($row = mysql_fetch_row($qid)) { 145 145 $cols[] = $row; -
branches/2.0singleton/bin/module_maker/skel/admin.php
r127 r130 146 146 if (getFormdata('repeat', false)) { 147 147 // Display edit function with next available ID. 148 $qid = DB::query("SELECT %PRIMARY_KEY% FROM %DB_TBL% WHERE %PRIMARY_KEY% > '" . DB::escapeString(getFormData('%PRIMARY_KEY%')) . "' ORDER BY %PRIMARY_KEY% ASC LIMIT 1");148 $qid = $db->query("SELECT %PRIMARY_KEY% FROM %DB_TBL% WHERE %PRIMARY_KEY% > '" . $db->escapeString(getFormData('%PRIMARY_KEY%')) . "' ORDER BY %PRIMARY_KEY% ASC LIMIT 1"); 149 149 if (list($next_id) = mysql_fetch_row($qid)) { 150 150 $app->dieURL($_SERVER['PHP_SELF'] . '?op=edit&%PRIMARY_KEY%=' . $next_id); … … 207 207 { 208 208 global $lock; 209 209 $db =& DB::getInstance(); 210 210 211 $lock->select('%DB_TBL%', '%PRIMARY_KEY%', $id); 211 212 if ($lock->isLocked() && !$lock->isMine()) { … … 214 215 215 216 // Get the information for the form. 216 $qid = DB::query("217 $qid = $db->query(" 217 218 SELECT * 218 219 FROM %DB_TBL% 219 WHERE %PRIMARY_KEY% = '" . DB::escapeString($id) . "'220 WHERE %PRIMARY_KEY% = '" . $db->escapeString($id) . "' 220 221 "); 221 222 if (!$frm = mysql_fetch_assoc($qid)) { … … 246 247 { 247 248 global $lock; 248 249 $db =& DB::getInstance(); 250 249 251 $lock->select('%DB_TBL%', '%PRIMARY_KEY%', $id); 250 252 if ($lock->isLocked() && !$lock->isMine()) { … … 256 258 257 259 // Get the information for this object. 258 $qid = DB::query("260 $qid = $db->query(" 259 261 SELECT <##> 260 262 FROM %DB_TBL% 261 WHERE %PRIMARY_KEY% = '" . DB::escapeString($id) . "'263 WHERE %PRIMARY_KEY% = '" . $db->escapeString($id) . "' 262 264 "); 263 265 if (! list($name) = mysql_fetch_row($qid)) { … … 268 270 269 271 // Delete the record. 270 DB::query("DELETE FROM %DB_TBL% WHERE %PRIMARY_KEY% = '" . DB::escapeString($id) . "'");272 $db->query("DELETE FROM %DB_TBL% WHERE %PRIMARY_KEY% = '" . $db->escapeString($id) . "'"); 271 273 272 274 $app->raiseMsg(sprintf(_("The %ITEM_TITLE% <strong>%s</strong> has been deleted."), $name), MSG_SUCCESS, __FILE__, __LINE__); … … 279 281 { 280 282 global $auth; 281 283 $db =& DB::getInstance(); 284 282 285 // Break the cache because we are changing the list data. 283 286 SessionCache::breakCache($_SERVER['PHP_SELF']); 284 287 285 288 %INSERT% 286 $last_insert_id = mysql_insert_id( DB::getDBH());289 $last_insert_id = mysql_insert_id($db->getDBH()); 287 290 288 291 // Create version. … … 323 326 global $page; 324 327 global $so; 325 328 $db =& DB::getInstance(); 329 326 330 $where_clause = ''; 327 331 … … 336 340 if (getFormData('filter_<##>', false)) { 337 341 // Limit by filter. 338 $where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . " <##> = '" . DB::escapeString(getFormData('filter_<##>')) . "'";342 $where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . " <##> = '" . $db->escapeString(getFormData('filter_<##>')) . "'"; 339 343 } 340 344 341 345 // Count the total number of records so we can do something about the page numbers. 342 $qid = DB::query("346 $qid = $db->query(" 343 347 SELECT COUNT(*) 344 348 FROM %DB_TBL% … … 381 385 } else { 382 386 // If the list is not already cached, query now. 383 $qid = DB::query($sql);387 $qid = $db->query($sql); 384 388 // Fill an array with the items for this page. 385 389 while ($row = mysql_fetch_assoc($qid)) { … … 398 402 function updateRank($ranks) 399 403 { 404 $db =& DB::getInstance(); 405 400 406 if (!is_array($ranks)) { 401 407 $app->logMsg('Saving rank failed, data posted is not an array: ' . $ranks, LOG_ERR, __FILE__, __LINE__); … … 416 422 $unspecified_counter++; 417 423 } 418 DB::query("424 $db->query(" 419 425 UPDATE %DB_TBL% SET 420 rank = '" . DB::escapeString($new_rank) . "'421 WHERE %PRIMARY_KEY% = '" . DB::escapeString($id) . "'426 rank = '" . $db->escapeString($new_rank) . "' 427 WHERE %PRIMARY_KEY% = '" . $db->escapeString($id) . "' 422 428 "); 423 429 } -
branches/2.0singleton/bin/module_maker/skel/public.php
r127 r130 34 34 35 35 // Get requested record. 36 $qid = DB::query("36 $qid = $db->query(" 37 37 SELECT * FROM %DB_TBL% 38 WHERE %PRIMARY_KEY% = '" . DB::escapeString(getFormData('%PRIMARY_KEY%')) . "'38 WHERE %PRIMARY_KEY% = '" . $db->escapeString(getFormData('%PRIMARY_KEY%')) . "' 39 39 AND publish = 'true' 40 40 <##>AND (publish_date <= CURDATE() OR publish_date = '0000-00-00') … … 47 47 48 48 // Update the hit counter for this record. 49 DB::query("49 $db->query(" 50 50 UPDATE %DB_TBL% 51 51 SET hit_count = hit_count + 1 52 WHERE %PRIMARY_KEY% = '" . DB::escapeString(getFormData('%PRIMARY_KEY%')) . "'52 WHERE %PRIMARY_KEY% = '" . $db->escapeString(getFormData('%PRIMARY_KEY%')) . "' 53 53 "); 54 54 … … 61 61 // Get the DEFAULT list. 62 62 $%NAME_SINGULAR%_list = array(); 63 $qid = DB::query("63 $qid = $db->query(" 64 64 SELECT * 65 65 FROM %DB_TBL% … … 79 79 // Get the FEATURED list. 80 80 $featured_list = array(); 81 $qid = DB::query("81 $qid = $db->query(" 82 82 SELECT * 83 83 FROM %DB_TBL% … … 92 92 // Get the POPULAR list. 93 93 $popular_list = array(); 94 $qid = DB::query("94 $qid = $db->query(" 95 95 SELECT * 96 96 FROM %DB_TBL% … … 104 104 // Get the RECENT list. 105 105 $recent_list = array(); 106 $qid = DB::query("106 $qid = $db->query(" 107 107 SELECT * 108 108 FROM %DB_TBL% -
branches/2.0singleton/bin/module_maker/sql.cli.php
r127 r130 30 30 31 31 // Get DB tables. 32 $qid = DB::query("SHOW TABLES");32 $qid = $db->query("SHOW TABLES"); 33 33 while (list($row) = mysql_fetch_row($qid)) { 34 34 $tables[] = $row; … … 46 46 47 47 // Get DB table column info. 48 $qid = DB::query("DESCRIBE " . DB::escapeString($db_tbl));48 $qid = $db->query("DESCRIBE " . $db->escapeString($db_tbl)); 49 49 while ($row = mysql_fetch_row($qid)) { 50 50 $cols[] = $row; … … 76 76 } else if ('added_by_user_id' == $field || 'modified_by_user_id' == $field) { 77 77 // Toggle types. 78 $c[$field] = "'\" . DB::escapeString(\$auth->getVal('user_id')) . \"'";78 $c[$field] = "'\" . \$db->escapeString(\$auth->getVal('user_id')) . \"'"; 79 79 } else if ('added_datetime' == $field || 'modified_datetime' == $field) { 80 80 // DB record insertion datetime. … … 82 82 } else { 83 83 // Default. Just insert data. 84 $c[$field] = "'\" . DB::escapeString(\$frm['$field']) . \"'";84 $c[$field] = "'\" . \$db->escapeString(\$frm['$field']) . \"'"; 85 85 } 86 86 } … … 107 107 echo <<<E_O_F 108 108 // Insert record data. 109 DB::query("109 \$db->query(" 110 110 INSERT INTO $db_tbl ( 111 111 $db_keys … … 133 133 echo <<<E_O_F 134 134 // Update record data. 135 DB::query("135 \$db->query(" 136 136 UPDATE $db_tbl SET$key_eq_val 137 WHERE $primary_key = '" . DB::escapeString(\$frm['$primary_key']) . "'137 WHERE $primary_key = '" . \$db->escapeString(\$frm['$primary_key']) . "' 138 138 "); 139 139 E_O_F; … … 148 148 $delim = 'WHERE'; 149 149 if (!empty($primary_key)) { 150 $where_clause = " $delim $primary_key = '\" . DB::escapeString(\$frm['$primary_key']) . \"'\n";150 $where_clause = " $delim $primary_key = '\" . \$db->escapeString(\$frm['$primary_key']) . \"'\n"; 151 151 $delim = 'AND'; 152 152 } … … 155 155 continue; 156 156 } 157 $where_clause .= " $delim $k = '\" . DB::escapeString(\$frm['$k']) . \"'\n";157 $where_clause .= " $delim $k = '\" . \$db->escapeString(\$frm['$k']) . \"'\n"; 158 158 $delim = 'AND'; 159 159 } 160 160 echo <<<E_O_F 161 161 // Delete record data. 162 DB::query("162 \$db->query(" 163 163 DELETE FROM $db_tbl 164 164 $where_clause "); … … 183 183 if (!isset($op) || 'search' == $op) { 184 184 $search_skip_columns = array('added_datetime', 'added_by_user_id', 'modified_datetime', 'modified_by_user_id', 'publish', 'featured'); 185 $search_columns = $db_tbl . '.' . join(" LIKE '%\" . DB::escapeString(\$qry_words[\$i]) . \"%'\n OR $db_tbl.", array_diff(array_keys($c), $search_skip_columns));185 $search_columns = $db_tbl . '.' . join(" LIKE '%\" . \$db->escapeString(\$qry_words[\$i]) . \"%'\n OR $db_tbl.", array_diff(array_keys($c), $search_skip_columns)); 186 186 echo <<<E_O_F 187 187 \$where_clause .= (empty(\$where_clause) ? 'WHERE' : 'AND') . " 188 188 ( 189 $search_columns LIKE '%" . DB::escapeString(\$qry_words[\$i]) . "%'189 $search_columns LIKE '%" . \$db->escapeString(\$qry_words[\$i]) . "%' 190 190 ) 191 191 "; -
branches/2.0singleton/bin/module_maker/validation.cli.php
r127 r130 17 17 18 18 // Get DB tables. 19 $qid = DB::query("SHOW TABLES");19 $qid = $db->query("SHOW TABLES"); 20 20 while (list($row) = mysql_fetch_row($qid)) { 21 21 $tables[] = $row; … … 28 28 29 29 // Get DB table column info. 30 $qid = DB::query("DESCRIBE " . DB::escapeString($db_tbl));30 $qid = $db->query("DESCRIBE " . $db->escapeString($db_tbl)); 31 31 while ($row = mysql_fetch_row($qid)) { 32 32 $cols[] = $row; -
branches/2.0singleton/docs/coding_standards.txt
r127 r130 214 214 function getSetEnumFieldValues() 215 215 { 216 $qid = DB::query("SHOW COLUMNS FROM $db_table LIKE '$db_col'",false); 216 $db =& DB::getInstance(); 217 218 $qid = $db->query("SHOW COLUMNS FROM $db_table LIKE '$db_col'",false); 217 219 218 220 $row = mysql_fetch_row($qid); -
branches/2.0singleton/lib/Auth_SQL.inc.php
r127 r130 118 118 { 119 119 $app =& App::getInstance(); 120 $db =& DB::getInstance(); 121 120 122 121 123 static $_db_tested = false; … … 125 127 // User table. 126 128 if ($recreate_db) { 127 DB::query("DROP TABLE IF EXISTS " . $this->getParam('db_table'));129 $db->query("DROP TABLE IF EXISTS " . $this->getParam('db_table')); 128 130 $app->logMsg(sprintf('Dropping and recreating table %s.', $this->getParam('db_table')), LOG_DEBUG, __FILE__, __LINE__); 129 131 } 130 132 131 133 // The minimal columns for a table compatable with the Auth_SQL class. 132 DB::query("CREATE TABLE IF NOT EXISTS " . $this->getParam('db_table') . " (134 $db->query("CREATE TABLE IF NOT EXISTS " . $this->getParam('db_table') . " ( 133 135 " . $this->getParam('db_primary_key') . " smallint(11) NOT NULL auto_increment, 134 136 " . $this->getParam('db_username_column') . " varchar(255) NOT NULL default '', … … 156 158 )"); 157 159 158 if (! DB::columnExists($this->getParam('db_table'), array(160 if (!$db->columnExists($this->getParam('db_table'), array( 159 161 $this->getParam('db_primary_key'), 160 162 $this->getParam('db_username_column'), … … 184 186 if ($this->getParam('abuse_detection')) { 185 187 if ($recreate_db) { 186 DB::query("DROP TABLE IF EXISTS " . $this->getParam('db_login_table'));188 $db->query("DROP TABLE IF EXISTS " . $this->getParam('db_login_table')); 187 189 $app->logMsg(sprintf('Dropping and recreating table %s.', $this->getParam('db_login_table')), LOG_DEBUG, __FILE__, __LINE__); 188 190 } 189 DB::query("CREATE TABLE IF NOT EXISTS " . $this->getParam('db_login_table') . " (191 $db->query("CREATE TABLE IF NOT EXISTS " . $this->getParam('db_login_table') . " ( 190 192 " . $this->getParam('db_primary_key') . " smallint(11) NOT NULL default '0', 191 193 login_datetime datetime NOT NULL default '0000-00-00 00:00:00', … … 196 198 )"); 197 199 198 if (! DB::columnExists($this->getParam('db_login_table'), array(200 if (!$db->columnExists($this->getParam('db_login_table'), array( 199 201 $this->getParam('db_primary_key'), 200 202 'login_datetime', … … 249 251 function clearAuth() 250 252 { 253 $db =& DB::getInstance(); 254 251 255 $this->initDB(); 252 256 253 DB::query("257 $db->query(" 254 258 UPDATE " . $this->_params['db_table'] . " SET 255 259 seconds_online = seconds_online + (UNIX_TIMESTAMP() - UNIX_TIMESTAMP(last_access_datetime)), … … 305 309 { 306 310 $app =& App::getInstance(); 307 311 $db =& DB::getInstance(); 312 308 313 $this->initDB(); 309 314 310 315 // Query DB for user matching credentials. 311 316 // FIXME: Cannot compare crypt style passwords this way. 312 $qid = DB::query("317 $qid = $db->query(" 313 318 SELECT *, " . $this->_params['db_primary_key'] . " AS user_id 314 319 FROM " . $this->_params['db_table'] . " 315 WHERE " . $this->_params['db_username_column'] . " = '" . DB::escapeString($username) . "'316 AND BINARY userpass = '" . DB::escapeString($this->encryptPassword($password)) . "'320 WHERE " . $this->_params['db_username_column'] . " = '" . $db->escapeString($username) . "' 321 AND BINARY userpass = '" . $db->escapeString($this->encryptPassword($password)) . "' 317 322 "); 318 323 … … 338 343 { 339 344 $app =& App::getInstance(); 340 345 $db =& DB::getInstance(); 346 341 347 $this->initDB(); 342 348 … … 390 396 **/ 391 397 if ($this->getParam('abuse_detection') && !$this->getVal('login_abuse_exempt')) { 392 $qid = DB::query("398 $qid = $db->query(" 393 399 SELECT COUNT(DISTINCT LEFT(remote_ip_binary, " . $this->_params['login_abuse_ip_bitmask'] . ")) 394 400 FROM " . $this->_params['db_login_table'] . " … … 410 416 } 411 417 // Increment user's warning level. 412 DB::query("UPDATE " . $this->_params['db_table'] . " SET abuse_warning_level = abuse_warning_level + 1 WHERE " . $this->_params['db_primary_key'] . " = '" . $this->getVal('user_id') . "'");418 $db->query("UPDATE " . $this->_params['db_table'] . " SET abuse_warning_level = abuse_warning_level + 1 WHERE " . $this->_params['db_primary_key'] . " = '" . $this->getVal('user_id') . "'"); 413 419 // Reset the login counter for this user. 414 DB::query("DELETE FROM " . $this->_params['db_login_table'] . " WHERE " . $this->_params['db_primary_key'] . " = '" . $this->getVal('user_id') . "'");420 $db->query("DELETE FROM " . $this->_params['db_login_table'] . " WHERE " . $this->_params['db_primary_key'] . " = '" . $this->getVal('user_id') . "'"); 415 421 // No login: reset password because of account abuse! 416 422 $this->clearAuth(); … … 419 425 420 426 // Update the login counter table with this login access. Convert IP to binary. 421 DB::query("427 $db->query(" 422 428 INSERT INTO " . $this->_params['db_login_table'] . " ( 423 429 " . $this->_params['db_primary_key'] . ", … … 433 439 434 440 // Update user table with this login. 435 DB::query("441 $db->query(" 436 442 UPDATE " . $this->_params['db_table'] . " SET 437 443 last_login_datetime = '" . $this->getVal('login_datetime') . "', … … 458 464 { 459 465 $app =& App::getInstance(); 460 466 $db =& DB::getInstance(); 467 461 468 $this->initDB(); 462 469 463 470 if (isset($user_id)) { 464 471 // Check the login status of a specific user. 465 $qid = DB::query("472 $qid = $db->query(" 466 473 SELECT 1 FROM " . $this->_params['db_table'] . " 467 WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "'474 WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "' 468 475 AND DATE_ADD(last_login_datetime, INTERVAL '" . $this->_params['login_timeout'] . "' SECOND) > NOW() 469 476 AND DATE_ADD(last_access_datetime, INTERVAL '" . $this->_params['idle_timeout'] . "' SECOND) > NOW() … … 510 517 511 518 // Update the DB with the last_access_datetime and increment the seconds_online. 512 DB::query("519 $db->query(" 513 520 UPDATE " . $this->_params['db_table'] . " SET 514 521 seconds_online = seconds_online + (UNIX_TIMESTAMP() - UNIX_TIMESTAMP(last_access_datetime)) + 1, … … 516 523 WHERE " . $this->_params['db_primary_key'] . " = '" . $this->getVal('user_id') . "' 517 524 "); 518 if (mysql_affected_rows( DB::getDBH()) > 0) {525 if (mysql_affected_rows($db->getDBH()) > 0) { 519 526 // User record still exists in DB. Do this to ensure user was not delete from DB between accesses. Notice "+ 1" in SQL above to ensure record is modified. 520 527 return true; … … 584 591 { 585 592 $app =& App::getInstance(); 586 593 $db =& DB::getInstance(); 594 587 595 $this->initDB(); 588 596 589 597 if ($this->getParam('blocking')) { 590 if (strlen( DB::escapeString($reason)) > 255) {598 if (strlen($db->escapeString($reason)) > 255) { 591 599 // blocked_reason field is varchar(255). 592 600 $app->logMsg(sprintf('Blocked reason provided is greater than 255 characters: %s', $reason), LOG_WARNING, __FILE__, __LINE__); … … 595 603 // Get user_id if specified. 596 604 $user_id = isset($user_id) ? $user_id : $this->getVal('user_id'); 597 DB::query("605 $db->query(" 598 606 UPDATE " . $this->_params['db_table'] . " SET 599 607 blocked = 'true', 600 blocked_reason = '" . DB::escapeString($reason) . "'601 WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "'608 blocked_reason = '" . $db->escapeString($reason) . "' 609 WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "' 602 610 "); 603 611 } … … 609 617 function unblockAccount($user_id=null) 610 618 { 619 $db =& DB::getInstance(); 620 611 621 $this->initDB(); 612 622 613 623 if ($this->getParam('blocking')) { 614 624 // Get user_id if specified. 615 625 $user_id = isset($user_id) ? $user_id : $this->getVal('user_id'); 616 DB::query("626 $db->query(" 617 627 UPDATE " . $this->_params['db_table'] . " SET 618 628 blocked = '', 619 629 blocked_reason = '' 620 WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "'630 WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "' 621 631 "); 622 632 } … … 631 641 function usernameExists($username) 632 642 { 643 $db =& DB::getInstance(); 644 633 645 $this->initDB(); 634 646 635 $qid = DB::query("647 $qid = $db->query(" 636 648 SELECT 1 637 649 FROM " . $this->_params['db_table'] . " 638 WHERE " . $this->_params['db_username_column'] . " = '" . DB::escapeString($username) . "'650 WHERE " . $this->_params['db_username_column'] . " = '" . $db->escapeString($username) . "' 639 651 "); 640 652 return (mysql_num_rows($qid) > 0); … … 649 661 function getUsername($user_id) 650 662 { 663 $db =& DB::getInstance(); 664 651 665 $this->initDB(); 652 666 653 $qid = DB::query("667 $qid = $db->query(" 654 668 SELECT " . $this->_params['db_username_column'] . " 655 669 FROM " . $this->_params['db_table'] . " 656 WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "'670 WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "' 657 671 "); 658 672 if (list($username) = mysql_fetch_row($qid)) { … … 726 740 { 727 741 $app =& App::getInstance(); 728 742 $db =& DB::getInstance(); 743 729 744 $this->initDB(); 730 745 … … 733 748 734 749 // Issue the password change query. 735 DB::query("750 $db->query(" 736 751 UPDATE " . $this->_params['db_table'] . " 737 SET userpass = '" . DB::escapeString($this->encryptPassword($password)) . "'738 WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "'752 SET userpass = '" . $db->escapeString($this->encryptPassword($password)) . "' 753 WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "' 739 754 "); 740 755 741 if (mysql_affected_rows( DB::getDBH()) != 1) {756 if (mysql_affected_rows($db->getDBH()) != 1) { 742 757 $app->logMsg(sprintf('setPassword failed to update password for user %s', $user_id), LOG_NOTICE, __FILE__, __LINE__); 743 758 } … … 754 769 { 755 770 $app =& App::getInstance(); 756 771 $db =& DB::getInstance(); 772 757 773 $this->initDB(); 758 774 … … 761 777 762 778 // Reset password of a specific user. 763 $qid = DB::query("779 $qid = $db->query(" 764 780 SELECT * FROM " . $this->_params['db_table'] . " 765 WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "'781 WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "' 766 782 "); 767 783 if (!$user_data = mysql_fetch_assoc($qid)) { -
branches/2.0singleton/lib/Hierarchy.inc.php
r127 r130 152 152 { 153 153 $app =& App::getInstance(); 154 $db =& DB::getInstance(); 154 155 155 156 if (!isset($child_type) || !isset($child_id)) { … … 194 195 foreach ($parents as $parent_string) { 195 196 $parent = $this->toArrayID($parent_string); 196 DB::query("197 $db->query(" 197 198 INSERT INTO node_tbl ( 198 199 parent_type, … … 203 204 title 204 205 ) VALUES ( 205 '" . DB::escapeString($parent['node_type']) . "',206 '" . DB::escapeString($parent['node_id']) . "',207 '" . DB::escapeString($child_type) . "',208 '" . DB::escapeString($child_id) . "',209 " . (is_null($relationship_type) ? "NULL" : "'" . DB::escapeString($relationship_type) . "'") . ",210 '" . DB::escapeString($title) . "'206 '" . $db->escapeString($parent['node_type']) . "', 207 '" . $db->escapeString($parent['node_id']) . "', 208 '" . $db->escapeString($child_type) . "', 209 '" . $db->escapeString($child_id) . "', 210 " . (is_null($relationship_type) ? "NULL" : "'" . $db->escapeString($relationship_type) . "'") . ", 211 '" . $db->escapeString($title) . "' 211 212 ) 212 213 "); … … 230 231 { 231 232 $app =& App::getInstance(); 233 $db =& DB::getInstance(); 232 234 233 235 if (!isset($child_type) || !isset($child_id)) { … … 251 253 } 252 254 253 DB::query("255 $db->query(" 254 256 DELETE FROM node_tbl 255 WHERE child_type = '" . DB::escapeString($child_type) . "'256 AND child_id = '" . DB::escapeString($child_id) . "'257 WHERE child_type = '" . $db->escapeString($child_type) . "' 258 AND child_id = '" . $db->escapeString($child_id) . "' 257 259 "); 258 260 $app->logMsg(sprintf('deleteNode: Deleted node %s %s.', $child_type, $child_id), LOG_DEBUG, __FILE__, __LINE__); … … 279 281 { 280 282 $app =& App::getInstance(); 281 283 $db =& DB::getInstance(); 284 282 285 if (!isset($child_type) || !isset($child_id)) { 283 286 if ($this->node_init) { … … 319 322 if (empty($title)) { 320 323 // Select the title of the node we are moving, so we can add it again with the same info. 321 $qid = DB::query("324 $qid = $db->query(" 322 325 SELECT title FROM node_tbl 323 WHERE child_type = '" . DB::escapeString($child_type) . "'324 AND child_id = '" . DB::escapeString($child_id) . "'325 AND relationship_type " . (is_null($relationship_type) ? "IS NULL" : "= '" . DB::escapeString($relationship_type) . "'") . "326 WHERE child_type = '" . $db->escapeString($child_type) . "' 327 AND child_id = '" . $db->escapeString($child_id) . "' 328 AND relationship_type " . (is_null($relationship_type) ? "IS NULL" : "= '" . $db->escapeString($relationship_type) . "'") . " 326 329 "); 327 330 list($title) = mysql_fetch_row($qid); … … 329 332 330 333 // Delete the nodes with the old parents. 331 DB::query("334 $db->query(" 332 335 DELETE FROM node_tbl 333 WHERE child_type = '" . DB::escapeString($child_type) . "'334 AND child_id = '" . DB::escapeString($child_id) . "'335 AND relationship_type " . (is_null($relationship_type) ? "IS NULL" : "= '" . DB::escapeString($relationship_type) . "'") . "336 WHERE child_type = '" . $db->escapeString($child_type) . "' 337 AND child_id = '" . $db->escapeString($child_id) . "' 338 AND relationship_type " . (is_null($relationship_type) ? "IS NULL" : "= '" . $db->escapeString($relationship_type) . "'") . " 336 339 "); 337 340 $app->logMsg(sprintf('moveNode: Deleted node %s %s.', $child_type, $child_id), LOG_DEBUG, __FILE__, __LINE__); … … 355 358 { 356 359 $app =& App::getInstance(); 360 $db =& DB::getInstance(); 357 361 358 362 if (!isset($child_type) || !isset($child_id)) { … … 374 378 } 375 379 376 $qid = DB::query("380 $qid = $db->query(" 377 381 SELECT parent_type, parent_id 378 382 FROM node_tbl 379 WHERE child_type = '" . DB::escapeString($child_type) . "'380 AND child_id = '" . DB::escapeString($child_id) . "'383 WHERE child_type = '" . $db->escapeString($child_type) . "' 384 AND child_id = '" . $db->escapeString($child_id) . "' 381 385 $in_clause 382 " . DB::escapeString($order) . "386 " . $db->escapeString($order) . " 383 387 "); 384 388 … … 405 409 { 406 410 $app =& App::getInstance(); 411 $db =& DB::getInstance(); 407 412 408 413 if (!isset($child_type) || !isset($child_id)) { … … 416 421 } 417 422 418 $qid = DB::query("423 $qid = $db->query(" 419 424 SELECT child_type, child_id, title, subnode_quantity 420 425 FROM node_tbl 421 WHERE child_type = '" . DB::escapeString($child_type) . "'422 AND child_id = '" . DB::escapeString($child_id) . "'426 WHERE child_type = '" . $db->escapeString($child_type) . "' 427 AND child_id = '" . $db->escapeString($child_id) . "' 423 428 "); 424 429 … … 448 453 { 449 454 $app =& App::getInstance(); 455 $db =& DB::getInstance(); 450 456 451 457 if (!isset($child_type) || !isset($child_id)) { … … 467 473 } 468 474 469 $qid = DB::query("475 $qid = $db->query(" 470 476 SELECT * 471 477 FROM node_tbl 472 WHERE parent_type = '" . DB::escapeString($child_type) . "'473 AND parent_id = '" . DB::escapeString($child_id) . "'478 WHERE parent_type = '" . $db->escapeString($child_type) . "' 479 AND parent_id = '" . $db->escapeString($child_id) . "' 474 480 $in_clause 475 " . DB::escapeString($order) . "481 " . $db->escapeString($order) . " 476 482 "); 477 483 … … 499 505 { 500 506 $app =& App::getInstance(); 501 507 $db =& DB::getInstance(); 508 502 509 if (!isset($child_type) || !isset($child_id)) { 503 510 if ($this->node_init) { … … 518 525 } 519 526 520 $qid = DB::query("527 $qid = $db->query(" 521 528 SELECT COUNT(*) 522 529 FROM node_tbl 523 WHERE parent_type = '" . DB::escapeString($child_type) . "'524 AND parent_id = '" . DB::escapeString($child_id) . "'530 WHERE parent_type = '" . $db->escapeString($child_type) . "' 531 AND parent_id = '" . $db->escapeString($child_id) . "' 525 532 $in_clause 526 533 "); … … 599 606 function getAllAncestors($child_type, $child_id, $go_linear=false, $_return_flag=true) 600 607 { 608 $db =& DB::getInstance(); 609 601 610 static $output = array(); 602 611 static $return_flag; 603 612 604 $qid = DB::query("613 $qid = $db->query(" 605 614 SELECT parent_type, parent_id, child_type, child_id, title, subnode_quantity 606 615 FROM node_tbl 607 WHERE child_type = '" . DB::escapeString($child_type) . "'608 AND child_id = '" . DB::escapeString($child_id) . "'616 WHERE child_type = '" . $db->escapeString($child_type) . "' 617 AND child_id = '" . $db->escapeString($child_id) . "' 609 618 "); 610 619 while ($row = mysql_fetch_assoc($qid)) { … … 652 661 { 653 662 $app =& App::getInstance(); 663 $db =& DB::getInstance(); 654 664 655 665 if (!isset($child_type) || !isset($child_id)) { … … 664 674 665 675 if (isset($parent_type) && isset($parent_id)) { 666 $qid = DB::query("676 $qid = $db->query(" 667 677 SELECT 1 FROM node_tbl 668 WHERE parent_type = '" . DB::escapeString($parent_type) . "'669 AND parent_id = '" . DB::escapeString($parent_id) . "'670 AND child_type = '" . DB::escapeString($child_type) . "'671 AND child_id = '" . DB::escapeString($child_id) . "'672 AND relationship_type " . (is_null($relationship_type) ? "IS NULL" : "= '" . DB::escapeString($relationship_type) . "'") . "678 WHERE parent_type = '" . $db->escapeString($parent_type) . "' 679 AND parent_id = '" . $db->escapeString($parent_id) . "' 680 AND child_type = '" . $db->escapeString($child_type) . "' 681 AND child_id = '" . $db->escapeString($child_id) . "' 682 AND relationship_type " . (is_null($relationship_type) ? "IS NULL" : "= '" . $db->escapeString($relationship_type) . "'") . " 673 683 "); 674 684 } else { 675 $qid = DB::query("685 $qid = $db->query(" 676 686 SELECT 1 FROM node_tbl 677 WHERE child_type = '" . DB::escapeString($child_type) . "'678 AND child_id = '" . DB::escapeString($child_id) . "'687 WHERE child_type = '" . $db->escapeString($child_type) . "' 688 AND child_id = '" . $db->escapeString($child_id) . "' 679 689 "); 680 690 } … … 775 785 function rebuildSubnodeQty($type_constraint=null) 776 786 { 787 $db =& DB::getInstance(); 788 777 789 // Reset all the category counters to zero. 778 DB::query("UPDATE node_tbl SET subnode_quantity = 0");790 $db->query("UPDATE node_tbl SET subnode_quantity = 0"); 779 791 780 792 // Get all the nodes. 781 $qid = DB::query("SELECT DISTINCT child_type, child_id FROM node_tbl");793 $qid = $db->query("SELECT DISTINCT child_type, child_id FROM node_tbl"); 782 794 783 795 // For each node count the number of children... … … 797 809 function setSubnodeQtyToParents($child_type, $child_id, $num_children) 798 810 { 799 DB::query(" 811 $db =& DB::getInstance(); 812 813 $db->query(" 800 814 UPDATE node_tbl 801 SET subnode_quantity = subnode_quantity + '" . DB::escapeString($num_children) . "'802 WHERE child_type = '" . DB::escapeString($child_type) . "'803 AND child_id = '" . DB::escapeString($child_id) . "'815 SET subnode_quantity = subnode_quantity + '" . $db->escapeString($num_children) . "' 816 WHERE child_type = '" . $db->escapeString($child_type) . "' 817 AND child_id = '" . $db->escapeString($child_id) . "' 804 818 ",false); 805 $qid = DB::query("819 $qid = $db->query(" 806 820 SELECT parent_type, parent_id 807 821 FROM node_tbl 808 WHERE child_type = '" . DB::escapeString($child_type) . "'809 AND child_id = '" . DB::escapeString($child_id) . "'822 WHERE child_type = '" . $db->escapeString($child_type) . "' 823 AND child_id = '" . $db->escapeString($child_id) . "' 810 824 ",false); 811 825 while ((list($parent_type, $parent_id) = mysql_fetch_row($qid)) && $parent_id > 0) { -
branches/2.0singleton/lib/PageNumbers.inc.php
r128 r130 192 192 { 193 193 $app =& App::getInstance(); 194 $db =& DB::getInstance(); 194 195 195 196 if (is_numeric($this->first_item) && is_numeric($this->_per_page)) { 196 return ' LIMIT ' . DB::escapeString($this->first_item) . ', ' . DB::escapeString($this->_per_page) . ' ';197 return ' LIMIT ' . $db->escapeString($this->first_item) . ', ' . $db->escapeString($this->_per_page) . ' '; 197 198 } else { 198 199 $app->logMsg(sprintf('Could not find SQL to LIMIT by %s %s.', $this->first_item, $this->_per_page), LOG_WARNING, __FILE__, __LINE__); -
branches/2.0singleton/lib/RecordLock.inc.php
r128 r130 72 72 { 73 73 $app =& App::getInstance(); 74 $db =& DB::getInstance(); 74 75 75 76 static $_db_tested = false; … … 77 78 if ($recreate_db || !$_db_tested && $this->getParam('create_table')) { 78 79 if ($recreate_db) { 79 DB::query("DROP TABLE IF EXISTS " . $this->getParam('db_table'));80 $db->query("DROP TABLE IF EXISTS " . $this->getParam('db_table')); 80 81 $app->logMsg(sprintf('Dropping and recreating table %s.', $this->getParam('db_table')), LOG_DEBUG, __FILE__, __LINE__); 81 82 } 82 DB::query("CREATE TABLE IF NOT EXISTS " . $this->getParam('db_table') . " (83 $db->query("CREATE TABLE IF NOT EXISTS " . $this->getParam('db_table') . " ( 83 84 lock_id int NOT NULL auto_increment, 84 85 record_table varchar(255) NOT NULL default '', … … 94 95 )"); 95 96 96 if (! DB::columnExists($this->getParam('db_table'), array(97 if (!$db->columnExists($this->getParam('db_table'), array( 97 98 'lock_id', 98 99 'record_table', … … 154 155 { 155 156 $app =& App::getInstance(); 157 $db =& DB::getInstance(); 156 158 157 159 $this->initDB(); … … 162 164 if (is_numeric($record_table_or_lock_id) && !isset($record_key) && !isset($record_val)) { 163 165 // Get lock data by lock_id. 164 $qid = DB::query("166 $qid = $db->query(" 165 167 SELECT * FROM " . $this->getParam('db_table') . " 166 WHERE lock_id = '" . DB::escapeString($record_table_or_lock_id) . "'168 WHERE lock_id = '" . $db->escapeString($record_table_or_lock_id) . "' 167 169 "); 168 170 } else { 169 171 // Get lock data by record specs 170 $qid = DB::query("172 $qid = $db->query(" 171 173 SELECT * FROM " . $this->getParam('db_table') . " 172 WHERE record_table = '" . DB::escapeString($record_table_or_lock_id) . "'173 AND record_key = '" . DB::escapeString($record_key) . "'174 AND record_val = '" . DB::escapeString($record_val) . "'174 WHERE record_table = '" . $db->escapeString($record_table_or_lock_id) . "' 175 AND record_key = '" . $db->escapeString($record_key) . "' 176 AND record_val = '" . $db->escapeString($record_val) . "' 175 177 "); 176 178 } … … 204 206 function isMine() 205 207 { 208 $db =& DB::getInstance(); 209 206 210 $this->initDB(); 207 211 208 212 if (isset($this->data['lock_id'])) { 209 $qid = DB::query("SELECT * FROM " . $this->getParam('db_table') . " WHERE lock_id = '" . DB::escapeString($this->data['lock_id']) . "'");213 $qid = $db->query("SELECT * FROM " . $this->getParam('db_table') . " WHERE lock_id = '" . $db->escapeString($this->data['lock_id']) . "'"); 210 214 if ($lock = mysql_fetch_assoc($qid)) { 211 215 return ($lock['set_by_admin_id'] == $this->_auth->getVal('user_id')); … … 230 234 function set($record_table, $record_key, $record_val, $title='') 231 235 { 236 $db =& DB::getInstance(); 237 232 238 $this->initDB(); 233 239 … … 236 242 237 243 // Remove previous locks if exist. Is this better than using a REPLACE INTO? 238 DB::query("244 $db->query(" 239 245 DELETE FROM " . $this->getParam('db_table') . " 240 WHERE record_table = '" . DB::escapeString($record_table) . "'241 AND record_key = '" . DB::escapeString($record_key) . "'242 AND record_val = '" . DB::escapeString($record_val) . "'246 WHERE record_table = '" . $db->escapeString($record_table) . "' 247 AND record_key = '" . $db->escapeString($record_key) . "' 248 AND record_val = '" . $db->escapeString($record_val) . "' 243 249 "); 244 250 245 251 // Set new lock. 246 DB::query("252 $db->query(" 247 253 INSERT INTO " . $this->getParam('db_table') . " ( 248 254 record_table, … … 253 259 lock_datetime 254 260 ) VALUES ( 255 '" . DB::escapeString($record_table) . "',256 '" . DB::escapeString($record_key) . "',257 '" . DB::escapeString($record_val) . "',258 '" . DB::escapeString($title) . "',259 '" . DB::escapeString($this->_auth->getVal('user_id')) . "',261 '" . $db->escapeString($record_table) . "', 262 '" . $db->escapeString($record_key) . "', 263 '" . $db->escapeString($record_val) . "', 264 '" . $db->escapeString($title) . "', 265 '" . $db->escapeString($this->_auth->getVal('user_id')) . "', 260 266 NOW() 261 267 ) 262 268 "); 263 $lock_id = mysql_insert_id( DB::getDBH());269 $lock_id = mysql_insert_id($db->getDBH()); 264 270 265 271 // Must register this locked record as the current. … … 275 281 { 276 282 $app =& App::getInstance(); 283 $db =& DB::getInstance(); 277 284 278 285 $this->initDB(); … … 282 289 283 290 // Delete a specific lock. 284 DB::query("291 $db->query(" 285 292 DELETE FROM " . $this->getParam('db_table') . " 286 WHERE lock_id = '" . DB::escapeString($this->data['lock_id']) . "'293 WHERE lock_id = '" . $db->escapeString($this->data['lock_id']) . "' 287 294 "); 288 295 … … 296 303 { 297 304 $app =& App::getInstance(); 305 $db =& DB::getInstance(); 298 306 299 307 $this->initDB(); … … 304 312 if (isset($user_id)) { 305 313 // Delete specific user's locks. 306 DB::query("DELETE FROM " . $this->getParam('db_table') . " WHERE set_by_admin_id = '" . DB::escapeString($user_id) . "'");314 $db->query("DELETE FROM " . $this->getParam('db_table') . " WHERE set_by_admin_id = '" . $db->escapeString($user_id) . "'"); 307 315 $app->logMsg(sprintf('Record locks owned by %s %s have been deleted', $this->_auth->getVal('auth_name'), $this->_auth->getUsername($user_id)), LOG_DEBUG, __FILE__, __LINE__); 308 316 } else { 309 317 // Delete ALL locks. 310 DB::query("DELETE FROM " . $this->getParam('db_table') . "");318 $db->query("DELETE FROM " . $this->getParam('db_table') . ""); 311 319 $app->logMsg(sprintf('All record locks deleted by %s %s', $this->_auth->getVal('auth_name'), $this->_auth->getVal('username')), LOG_DEBUG, __FILE__, __LINE__); 312 320 } … … 318 326 function _auto_timeout() 319 327 { 328 $db =& DB::getInstance(); 329 320 330 static $_timeout_run = false; 321 331 … … 324 334 if (!$_timeout_run) { 325 335 // Delete all old locks. 326 DB::query("336 $db->query(" 327 337 DELETE FROM " . $this->getParam('db_table') . " 328 338 WHERE DATE_ADD(lock_datetime, INTERVAL '" . $this->getParam('auto_timeout') . "' SECOND) < NOW() -
branches/2.0singleton/lib/RecordVersion.inc.php
r128 r130 79 79 { 80 80 $app =& App::getInstance(); 81 $db =& DB::getInstance(); 81 82 82 83 static $_db_tested = false; … … 84 85 if ($recreate_db || !$_db_tested && $this->getParam('create_table')) { 85 86 if ($recreate_db) { 86 DB::query("DROP TABLE IF EXISTS " . $this->getParam('db_table'));87 $db->query("DROP TABLE IF EXISTS " . $this->getParam('db_table')); 87 88 $app->logMsg(sprintf('Dropping and recreating table %s.', $this->getParam('db_table')), LOG_DEBUG, __FILE__, __LINE__); 88 89 } 89 DB::query("CREATE TABLE IF NOT EXISTS " . $this->getParam('db_table') . " (90 $db->query("CREATE TABLE IF NOT EXISTS " . $this->getParam('db_table') . " ( 90 91 version_id int NOT NULL auto_increment, 91 92 record_table varchar(255) NOT NULL default '', … … 103 104 )"); 104 105 105 if (! DB::columnExists($this->getParam('db_table'), array(106 if (!$db->columnExists($this->getParam('db_table'), array( 106 107 'version_id', 107 108 'record_table', … … 166 167 { 167 168 $app =& App::getInstance(); 169 $db =& DB::getInstance(); 168 170 169 171 $this->initDB(); … … 179 181 180 182 // Save as new version. 181 DB::query("183 $db->query(" 182 184 INSERT INTO " . $this->getParam('db_table') . " ( 183 185 record_table, … … 190 192 version_datetime 191 193 ) VALUES ( 192 '" . DB::escapeString($record_table) . "',193 '" . DB::escapeString($record_key) . "',194 '" . DB::escapeString($record_val) . "',195 '" . DB::escapeString(gzcompress(serialize($record), 9)) . "',196 '" . DB::escapeString($title) . "',197 '" . DB::escapeString($notes) . "',198 '" . DB::escapeString($this->_auth->getVal('user_id')) . "',194 '" . $db->escapeString($record_table) . "', 195 '" . $db->escapeString($record_key) . "', 196 '" . $db->escapeString($record_val) . "', 197 '" . $db->escapeString(gzcompress(serialize($record), 9)) . "', 198 '" . $db->escapeString($title) . "', 199 '" . $db->escapeString($notes) . "', 200 '" . $db->escapeString($this->_auth->getVal('user_id')) . "', 199 201 NOW() 200 202 ) 201 203 "); 202 204 203 return mysql_insert_id( DB::getDBH());205 return mysql_insert_id($db->getDBH()); 204 206 } 205 207 … … 214 216 { 215 217 $app =& App::getInstance(); 218 $db =& DB::getInstance(); 216 219 217 220 $this->initDB(); 218 221 219 222 // Get version data. 220 $qid = DB::query("223 $qid = $db->query(" 221 224 SELECT * FROM " . $this->getParam('db_table') . " 222 WHERE version_id = '" . DB::escapeString($version_id) . "'225 WHERE version_id = '" . $db->escapeString($version_id) . "' 223 226 "); 224 227 if (!$record = mysql_fetch_assoc($qid)) { … … 230 233 231 234 // Ensure saved db columns match current table schema. 232 if (! DB::columnExists($record['record_table'], array_keys($data), $this->getParam('db_schema_strict'))) {235 if (!$db->columnExists($record['record_table'], array_keys($data), $this->getParam('db_schema_strict'))) { 233 236 $app->raiseMsg(sprintf(_("Version ID %s%s is not compatible with the current database table."), $version_id, (empty($record['version_title']) ? '' : ' (' . $record['version_title'] . ')')), MSG_ERR, __FILE__, __LINE__); 234 237 $app->logMsg(sprintf(_("Version ID %s%s restoration failed, DB schema does not match for table %s."), $version_id, (empty($record['version_title']) ? '' : ' (' . $record['version_title'] . ')'), $record['record_table']), LOG_ALERT, __FILE__, __LINE__); … … 243 246 $comma = ''; 244 247 foreach ($data as $v) { 245 $replace_values .= is_null($v) ? "$comma\nNULL" : "$comma\n'" . DB::escapeString($v) . "'";248 $replace_values .= is_null($v) ? "$comma\nNULL" : "$comma\n'" . $db->escapeString($v) . "'"; 246 249 $comma = ','; 247 250 } 248 251 249 252 // Replace current record with specified versioned record. 250 DB::query("253 $db->query(" 251 254 REPLACE INTO " . $record['record_table'] . " ( 252 255 $replace_keys … … 273 276 function deleteOld($record_table, $record_key, $record_val) 274 277 { 278 $db =& DB::getInstance(); 279 275 280 $this->initDB(); 276 281 277 282 // Get total number of versions for this record. 278 $qid = DB::query("283 $qid = $db->query(" 279 284 SELECT COUNT(*) FROM " . $this->getParam('db_table') . " 280 WHERE record_table = '" . DB::escapeString($record_table) . "'281 AND record_key = '" . DB::escapeString($record_key) . "'282 AND record_val = '" . DB::escapeString($record_val) . "'285 WHERE record_table = '" . $db->escapeString($record_table) . "' 286 AND record_key = '" . $db->escapeString($record_key) . "' 287 AND record_val = '" . $db->escapeString($record_val) . "' 283 288 "); 284 289 list($v_count) = mysql_fetch_row($qid); … … 288 293 // To prevent a record bomb, limit max number of versions to max_qty. 289 294 // First query for oldest records, selecting enough to bring total number down to min_qty. 290 $qid = DB::query("295 $qid = $db->query(" 291 296 SELECT version_id FROM " . $this->getParam('db_table') . " 292 WHERE record_table = '" . DB::escapeString($record_table) . "'293 AND record_key = '" . DB::escapeString($record_key) . "'294 AND record_val = '" . DB::escapeString($record_val) . "'297 WHERE record_table = '" . $db->escapeString($record_table) . "' 298 AND record_key = '" . $db->escapeString($record_key) . "' 299 AND record_val = '" . $db->escapeString($record_val) . "' 295 300 ORDER BY version_datetime ASC 296 301 LIMIT " . ($v_count - $this->getParam('min_qty')) . " … … 299 304 $old_versions[] = $old_id; 300 305 } 301 DB::query("306 $db->query(" 302 307 DELETE FROM " . $this->getParam('db_table') . " 303 308 WHERE version_id IN ('" . join("','", $old_versions) . "') … … 305 310 } else { 306 311 // Delete versions older than min_days, while still keeping min_qty. 307 $qid = DB::query("312 $qid = $db->query(" 308 313 SELECT version_id FROM " . $this->getParam('db_table') . " 309 WHERE record_table = '" . DB::escapeString($record_table) . "'310 AND record_key = '" . DB::escapeString($record_key) . "'311 AND record_val = '" . DB::escapeString($record_val) . "'314 WHERE record_table = '" . $db->escapeString($record_table) . "' 315 AND record_key = '" . $db->escapeString($record_key) . "' 316 AND record_val = '" . $db->escapeString($record_val) . "' 312 317 AND DATE_ADD(version_datetime, INTERVAL '" . $this->getParam('min_days') . "' DAY) < NOW() 313 318 ORDER BY version_datetime ASC … … 318 323 } 319 324 if (sizeof($old_versions) > 0) { 320 DB::query("325 $db->query(" 321 326 DELETE FROM " . $this->getParam('db_table') . " 322 327 WHERE version_id IN ('" . join("','", $old_versions) . "') … … 338 343 function getList($record_table, $record_key, $record_val) 339 344 { 345 $db =& DB::getInstance(); 346 340 347 $this->initDB(); 341 348 342 349 // Get versions of this record. 343 $qid = DB::query("350 $qid = $db->query(" 344 351 SELECT version_id, saved_by_admin_id, version_datetime, version_title 345 352 FROM " . $this->getParam('db_table') . " 346 WHERE record_table = '" . DB::escapeString($record_table) . "'347 AND record_key = '" . DB::escapeString($record_key) . "'348 AND record_val = '" . DB::escapeString($record_val) . "'353 WHERE record_table = '" . $db->escapeString($record_table) . "' 354 AND record_key = '" . $db->escapeString($record_key) . "' 355 AND record_val = '" . $db->escapeString($record_val) . "' 349 356 ORDER BY version_datetime DESC 350 357 "); … … 367 374 function getVerson($version_id) 368 375 { 376 $db =& DB::getInstance(); 377 369 378 $this->initDB(); 370 379 371 380 // Get version data. 372 $qid = DB::query("381 $qid = $db->query(" 373 382 SELECT * FROM " . $this->getParam('db_table') . " 374 WHERE version_id = '" . DB::escapeString($version_id) . "'383 WHERE version_id = '" . $db->escapeString($version_id) . "' 375 384 "); 376 385 return mysql_fetch_assoc($qid); … … 386 395 function getData($version_id) 387 396 { 397 $db =& DB::getInstance(); 398 388 399 $this->initDB(); 389 400 390 401 // Get version data. 391 $qid = DB::query("402 $qid = $db->query(" 392 403 SELECT * FROM " . $this->getParam('db_table') . " 393 WHERE version_id = '" . DB::escapeString($version_id) . "'404 WHERE version_id = '" . $db->escapeString($version_id) . "' 394 405 "); 395 406 $record = mysql_fetch_assoc($qid); … … 410 421 function getCurrent($record_table, $record_key, $record_val) 411 422 { 412 $this->initDB(); 413 414 $qid = DB::query(" 415 SELECT * FROM " . DB::escapeString($record_table) . " 416 WHERE " . DB::escapeString($record_key) . " = '" . DB::escapeString($record_val) . "' 423 $db =& DB::getInstance(); 424 425 $this->initDB(); 426 427 $qid = $db->query(" 428 SELECT * FROM " . $db->escapeString($record_table) . " 429 WHERE " . $db->escapeString($record_key) . " = '" . $db->escapeString($record_val) . "' 417 430 "); 418 431 if ($record = mysql_fetch_assoc($qid)) { -
branches/2.0singleton/lib/SortOrder.inc.php
r128 r130 129 129 { 130 130 $app =& App::getInstance(); 131 $db =& DB::getInstance(); 131 132 132 133 if (!isset($this->_columns[strtolower($this->sort_by)])) { … … 139 140 140 141 if (!empty($this->_columns[strtolower($this->sort_by)][strtolower($this->order)])) { 141 return sprintf(' ORDER BY %s ', DB::escapeString($this->_columns[strtolower($this->sort_by)][strtolower($this->order)]));142 return sprintf(' ORDER BY %s ', $db->escapeString($this->_columns[strtolower($this->sort_by)][strtolower($this->order)])); 142 143 } else { 143 144 $app->logMsg(sprintf('Could not find SQL to sort by %s %s.', $this->sort_by, $this->order), LOG_WARNING, __FILE__, __LINE__); -
branches/2.0singleton/lib/TemplateGlue.inc.php
r128 r130 67 67 { 68 68 $app =& App::getInstance(); 69 70 $qid = DB::query("SHOW COLUMNS FROM " . DB::escapeString($db_table) . " LIKE '" . DB::escapeString($db_col) . "'",false); 69 $db =& DB::getInstance(); 70 71 $qid = $db->query("SHOW COLUMNS FROM " . $db->escapeString($db_table) . " LIKE '" . $db->escapeString($db_col) . "'",false); 71 72 72 73 $row = mysql_fetch_row($qid); … … 296 297 function printSelectForm($db_table, $key_column, $val_column, $preselected, $blank=false, $extra_clause='') 297 298 { 299 $db =& DB::getInstance(); 300 298 301 // Sometimes preselected comes as a comma list. 299 302 if (!is_array($preselected)) { … … 316 319 } 317 320 } 318 $qid = DB::query("SELECT $key_column, $val_column FROM $db_table $extra_clause",false);321 $qid = $db->query("SELECT $key_column, $val_column FROM $db_table $extra_clause",false); 319 322 while ($row = mysql_fetch_assoc($qid)) { 320 323 $selected = in_array($row[$val_column], $preselected) ? ' selected="selected"' : ''; … … 337 340 function printDBCheckboxes($db_table, $key_column, $val_column, $preselected, $columns=1, $extra_clause='', $vert_columns=false) 338 341 { 342 $db =& DB::getInstance(); 343 339 344 // Sometimes preselected comes as a comma list. 340 345 if (!is_array($preselected)) { … … 350 355 } 351 356 352 $qid = DB::query("SELECT $key_column, $val_column FROM $db_table $extra_clause",false);357 $qid = $db->query("SELECT $key_column, $val_column FROM $db_table $extra_clause",false); 353 358 while ($row = mysql_fetch_assoc($qid)) { 354 359 $values[] = $row; -
branches/2.0singleton/lib/Utilities.inc.php
r123 r130 476 476 function escapedList($in) 477 477 { 478 $db =& DB::getInstance(); 479 478 480 if (is_array($in) && !empty($in)) { 479 481 return "'" . join("', '", array_map(array('DB', 'escapeString'), $in)) . "'"; 480 482 } else { 481 return DB::escapeString($in);483 return $db->escapeString($in); 482 484 } 483 485 } -
branches/2.0singleton/services/admins.php
r129 r130 154 154 if (getFormdata('repeat', false)) { 155 155 // Display edit function with next available ID. 156 $qid = DB::query("SELECT admin_id FROM admin_tbl WHERE admin_id > '" . DB::escapeString(getFormData('admin_id')) . "' ORDER BY admin_id ASC LIMIT 1");156 $qid = $db->query("SELECT admin_id FROM admin_tbl WHERE admin_id > '" . $db->escapeString(getFormData('admin_id')) . "' ORDER BY admin_id ASC LIMIT 1"); 157 157 if (list($next_id) = mysql_fetch_row($qid)) { 158 158 $app->dieURL($_SERVER['PHP_SELF'] . '?op=edit&admin_id=' . $next_id); … … 259 259 global $lock; 260 260 $app =& App::getInstance(); 261 261 $db =& DB::getInstance(); 262 262 263 $lock->select('admin_tbl', 'admin_id', $id); 263 264 if ($lock->isLocked() && !$lock->isMine()) { … … 266 267 267 268 // Get the information for the form. 268 $qid = DB::query("269 $qid = $db->query(" 269 270 SELECT * 270 271 FROM admin_tbl 271 WHERE admin_id = '" . DB::escapeString($id) . "'272 WHERE admin_id = '" . $db->escapeString($id) . "' 272 273 "); 273 274 if (!$frm = mysql_fetch_assoc($qid)) { … … 315 316 global $auth, $lock; 316 317 $app =& App::getInstance(); 317 318 $db =& DB::getInstance(); 319 318 320 $lock->select('admin_tbl', 'admin_id', $id); 319 321 if ($lock->isLocked() && !$lock->isMine()) { … … 325 327 326 328 // Get the information for this object. 327 $qid = DB::query("329 $qid = $db->query(" 328 330 SELECT username, user_type from admin_tbl 329 WHERE admin_id = '" . DB::escapeString($id) . "'331 WHERE admin_id = '" . $db->escapeString($id) . "' 330 332 "); 331 333 if (! list($name, $user_type) = mysql_fetch_row($qid)) { … … 336 338 337 339 // Get the information for this object. 338 $qid = DB::query("SELECT COUNT(*) from admin_tbl");340 $qid = $db->query("SELECT COUNT(*) from admin_tbl"); 339 341 list($num_admins) = mysql_fetch_row($qid); 340 342 if ('root' == $user_type && 'root' != $auth->getVal('user_type')) { … … 349 351 } else { 350 352 // Delete the record. 351 DB::query("DELETE FROM admin_tbl WHERE admin_id = '" . DB::escapeString($id) . "'");353 $db->query("DELETE FROM admin_tbl WHERE admin_id = '" . $db->escapeString($id) . "'"); 352 354 $app->raiseMsg(sprintf(_("The admin <strong>%s</strong> has been deleted."), $name), MSG_SUCCESS, __FILE__, __LINE__); 353 355 } … … 361 363 global $auth; 362 364 $app =& App::getInstance(); 363 365 $db =& DB::getInstance(); 366 364 367 // Break the cache because we are changing the list data. 365 368 SessionCache::breakCache($_SERVER['PHP_SELF']); 366 369 367 370 // Insert record data. 368 DB::query("371 $db->query(" 369 372 INSERT INTO admin_tbl ( 370 373 username, … … 376 379 added_datetime 377 380 ) VALUES ( 378 '" . DB::escapeString($frm['username']) . "',379 '" . DB::escapeString($frm['first_name']) . "',380 '" . DB::escapeString($frm['last_name']) . "',381 '" . DB::escapeString($frm['email']) . "',382 '" . DB::escapeString($frm['user_type']) . "',383 '" . DB::escapeString($auth->getVal('user_id')) . "',381 '" . $db->escapeString($frm['username']) . "', 382 '" . $db->escapeString($frm['first_name']) . "', 383 '" . $db->escapeString($frm['last_name']) . "', 384 '" . $db->escapeString($frm['email']) . "', 385 '" . $db->escapeString($frm['user_type']) . "', 386 '" . $db->escapeString($auth->getVal('user_id')) . "', 384 387 NOW() 385 388 ) 386 389 "); 387 $last_insert_id = mysql_insert_id( DB::getDBH());390 $last_insert_id = mysql_insert_id($db->getDBH()); 388 391 389 392 // Set admin password. … … 403 406 global $auth, $lock; 404 407 $app =& App::getInstance(); 405 408 $db =& DB::getInstance(); 409 406 410 $lock->select('admin_tbl', 'admin_id', $frm['admin_id']); 407 411 if ($lock->isLocked() && !$lock->isMine()) { … … 419 423 420 424 // Update record data. 421 DB::query("425 $db->query(" 422 426 UPDATE admin_tbl SET 423 username = '" . DB::escapeString($frm['username']) . "',424 first_name = '" . DB::escapeString($frm['first_name']) . "',425 last_name = '" . DB::escapeString($frm['last_name']) . "',426 email = '" . DB::escapeString($frm['email']) . "',427 user_type = '" . DB::escapeString($frm['user_type']) . "',428 modified_by_user_id = '" . DB::escapeString($auth->getVal('user_id')) . "',427 username = '" . $db->escapeString($frm['username']) . "', 428 first_name = '" . $db->escapeString($frm['first_name']) . "', 429 last_name = '" . $db->escapeString($frm['last_name']) . "', 430 email = '" . $db->escapeString($frm['email']) . "', 431 user_type = '" . $db->escapeString($frm['user_type']) . "', 432 modified_by_user_id = '" . $db->escapeString($auth->getVal('user_id')) . "', 429 433 modified_datetime = NOW() 430 WHERE admin_id = '" . DB::escapeString($frm['admin_id']) . "'434 WHERE admin_id = '" . $db->escapeString($frm['admin_id']) . "' 431 435 "); 432 436 … … 445 449 global $page; 446 450 global $so; 451 $db =& DB::getInstance(); 452 447 453 448 454 $where_clause = ''; … … 454 460 $where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . " 455 461 ( 456 admin_tbl.username LIKE '%" . DB::escapeString($qry_words[$i]) . "%'457 OR admin_tbl.first_name LIKE '%" . DB::escapeString($qry_words[$i]) . "%'458 OR admin_tbl.last_name LIKE '%" . DB::escapeString($qry_words[$i]) . "%'459 OR admin_tbl.email LIKE '%" . DB::escapeString($qry_words[$i]) . "%'462 admin_tbl.username LIKE '%" . $db->escapeString($qry_words[$i]) . "%' 463 OR admin_tbl.first_name LIKE '%" . $db->escapeString($qry_words[$i]) . "%' 464 OR admin_tbl.last_name LIKE '%" . $db->escapeString($qry_words[$i]) . "%' 465 OR admin_tbl.email LIKE '%" . $db->escapeString($qry_words[$i]) . "%' 460 466 ) 461 467 "; … … 464 470 465 471 // Count the total number of records so we can do something about the page numbers. 466 $qid = DB::query("472 $qid = $db->query(" 467 473 SELECT COUNT(*) 468 474 FROM admin_tbl … … 505 511 } else { 506 512 // If the list is not already cached, query now. 507 $qid = DB::query($sql);513 $qid = $db->query($sql); 508 514 // Fill an array with the items for this page. 509 515 while ($row = mysql_fetch_assoc($qid)) { -
branches/2.0singleton/tests/AppTest.php
r129 r130 71 71 function test_dbquery() 72 72 { 73 $qid = DB::query("SELECT 2 + 2"); 73 $db =& DB::getInstance(); 74 75 $qid = $db->query("SELECT 2 + 2"); 74 76 list($result) = mysql_fetch_row($qid); 75 77 $this->assertEquals('4', $result); -
branches/2.0singleton/tests/Auth_SQLTest.php
r42 r130 21 21 function setUp() 22 22 { 23 require dirname(__FILE__) . '/_config.inc.php'; 23 $db =& DB::getInstance(); 24 25 require dirname(__FILE__) . '/_config.inc.php'; 24 26 require_once '../lib/Auth_SQL.inc.php'; 25 27 $this->Auth_SQL =& new Auth_SQL('testauth'); … … 36 38 37 39 // Insert test data. 38 DB::query("40 $db->query(" 39 41 INSERT INTO test_user_tbl ( 40 42 username, … … 58 60 function tearDown() 59 61 { 60 unset($this->Auth_SQL); 61 DB::query("DROP TABLE IF EXISTS test_user_tbl"); 62 DB::query("DROP TABLE IF EXISTS test_login_tbl"); 62 $db =& DB::getInstance(); 63 64 unset($this->Auth_SQL); 65 $db->query("DROP TABLE IF EXISTS test_user_tbl"); 66 $db->query("DROP TABLE IF EXISTS test_login_tbl"); 63 67 } 64 68 … … 140 144 function test_blockaccount() 141 145 { 146 $db =& DB::getInstance(); 147 142 148 $this->Auth_SQL->login('testuser', 'testpass'); 143 149 $this->Auth_SQL->blockaccount(null, 'blocktestuser'); 144 $qid = DB::query("150 $qid = $db->query(" 145 151 SELECT blocked_reason 146 152 FROM test_user_tbl … … 152 158 function test_unblockaccount() 153 159 { 154 DB::query(" 160 $db =& DB::getInstance(); 161 162 $db->query(" 155 163 UPDATE test_user_tbl SET blocked_reason = 'blocktestuser' 156 164 "); 157 165 $this->Auth_SQL->unblockaccount(); 158 166 159 $qid = DB::query("167 $qid = $db->query(" 160 168 SELECT blocked_reason 161 169 FROM test_user_tbl … … 191 199 function test_setpassword() 192 200 { 201 $db =& DB::getInstance(); 202 193 203 $this->Auth_SQL->setpassword(null, '123'); 194 $qid = DB::query("204 $qid = $db->query(" 195 205 SELECT userpass 196 206 FROM test_user_tbl -
branches/2.0singleton/tests/RecordLockTest.php
r42 r130 22 22 function setUp() 23 23 { 24 $db =& DB::getInstance(); 25 24 26 require dirname(__FILE__) . '/_config.inc.php'; 25 27 require_once '../lib/RecordLock.inc.php'; … … 39 41 40 42 // Insert test data. 41 DB::query("43 $db->query(" 42 44 INSERT INTO test_user_tbl ( 43 45 username, … … 67 69 function tearDown() 68 70 { 71 $db =& DB::getInstance(); 72 69 73 unset($this->RecordLock); 70 74 unset($this->Auth_SQL); 71 DB::query("DROP TABLE IF EXISTS test_user_tbl");72 DB::query("DROP TABLE IF EXISTS test_login_tbl");73 DB::query("DROP TABLE IF EXISTS test_lock_tbl");75 $db->query("DROP TABLE IF EXISTS test_user_tbl"); 76 $db->query("DROP TABLE IF EXISTS test_login_tbl"); 77 $db->query("DROP TABLE IF EXISTS test_lock_tbl"); 74 78 } 75 79 -
branches/2.0singleton/tests/RecordVersionTest.php
r42 r130 22 22 function setUp() 23 23 { 24 $db =& DB::getInstance(); 25 24 26 require dirname(__FILE__) . '/_config.inc.php'; 25 27 require_once '../lib/RecordVersion.inc.php'; … … 39 41 40 42 // Insert test data. 41 DB::query("43 $db->query(" 42 44 INSERT INTO test_user_tbl ( 43 45 username, … … 68 70 function tearDown() 69 71 { 72 $db =& DB::getInstance(); 73 70 74 unset($this->RecordVersion); 71 75 unset($this->Auth_SQL); 72 DB::query("DROP TABLE IF EXISTS test_user_tbl");73 DB::query("DROP TABLE IF EXISTS test_login_tbl");74 DB::query("DROP TABLE IF EXISTS test_version_tbl");76 $db->query("DROP TABLE IF EXISTS test_user_tbl"); 77 $db->query("DROP TABLE IF EXISTS test_login_tbl"); 78 $db->query("DROP TABLE IF EXISTS test_version_tbl"); 75 79 } 76 80
Note: See TracChangeset
for help on using the changeset viewer.
