Changeset 130 for branches/2.0singleton/lib
- Timestamp:
- May 30, 2006 9:30:35 PM (18 years ago)
- Location:
- branches/2.0singleton/lib
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.0singleton/lib/Auth_SQL.inc.php
r127 r130 118 118 { 119 119 $app =& App::getInstance(); 120 $db =& DB::getInstance(); 121 120 122 121 123 static $_db_tested = false; … … 125 127 // User table. 126 128 if ($recreate_db) { 127 DB::query("DROP TABLE IF EXISTS " . $this->getParam('db_table'));129 $db->query("DROP TABLE IF EXISTS " . $this->getParam('db_table')); 128 130 $app->logMsg(sprintf('Dropping and recreating table %s.', $this->getParam('db_table')), LOG_DEBUG, __FILE__, __LINE__); 129 131 } 130 132 131 133 // The minimal columns for a table compatable with the Auth_SQL class. 132 DB::query("CREATE TABLE IF NOT EXISTS " . $this->getParam('db_table') . " (134 $db->query("CREATE TABLE IF NOT EXISTS " . $this->getParam('db_table') . " ( 133 135 " . $this->getParam('db_primary_key') . " smallint(11) NOT NULL auto_increment, 134 136 " . $this->getParam('db_username_column') . " varchar(255) NOT NULL default '', … … 156 158 )"); 157 159 158 if (! DB::columnExists($this->getParam('db_table'), array(160 if (!$db->columnExists($this->getParam('db_table'), array( 159 161 $this->getParam('db_primary_key'), 160 162 $this->getParam('db_username_column'), … … 184 186 if ($this->getParam('abuse_detection')) { 185 187 if ($recreate_db) { 186 DB::query("DROP TABLE IF EXISTS " . $this->getParam('db_login_table'));188 $db->query("DROP TABLE IF EXISTS " . $this->getParam('db_login_table')); 187 189 $app->logMsg(sprintf('Dropping and recreating table %s.', $this->getParam('db_login_table')), LOG_DEBUG, __FILE__, __LINE__); 188 190 } 189 DB::query("CREATE TABLE IF NOT EXISTS " . $this->getParam('db_login_table') . " (191 $db->query("CREATE TABLE IF NOT EXISTS " . $this->getParam('db_login_table') . " ( 190 192 " . $this->getParam('db_primary_key') . " smallint(11) NOT NULL default '0', 191 193 login_datetime datetime NOT NULL default '0000-00-00 00:00:00', … … 196 198 )"); 197 199 198 if (! DB::columnExists($this->getParam('db_login_table'), array(200 if (!$db->columnExists($this->getParam('db_login_table'), array( 199 201 $this->getParam('db_primary_key'), 200 202 'login_datetime', … … 249 251 function clearAuth() 250 252 { 253 $db =& DB::getInstance(); 254 251 255 $this->initDB(); 252 256 253 DB::query("257 $db->query(" 254 258 UPDATE " . $this->_params['db_table'] . " SET 255 259 seconds_online = seconds_online + (UNIX_TIMESTAMP() - UNIX_TIMESTAMP(last_access_datetime)), … … 305 309 { 306 310 $app =& App::getInstance(); 307 311 $db =& DB::getInstance(); 312 308 313 $this->initDB(); 309 314 310 315 // Query DB for user matching credentials. 311 316 // FIXME: Cannot compare crypt style passwords this way. 312 $qid = DB::query("317 $qid = $db->query(" 313 318 SELECT *, " . $this->_params['db_primary_key'] . " AS user_id 314 319 FROM " . $this->_params['db_table'] . " 315 WHERE " . $this->_params['db_username_column'] . " = '" . DB::escapeString($username) . "'316 AND BINARY userpass = '" . DB::escapeString($this->encryptPassword($password)) . "'320 WHERE " . $this->_params['db_username_column'] . " = '" . $db->escapeString($username) . "' 321 AND BINARY userpass = '" . $db->escapeString($this->encryptPassword($password)) . "' 317 322 "); 318 323 … … 338 343 { 339 344 $app =& App::getInstance(); 340 345 $db =& DB::getInstance(); 346 341 347 $this->initDB(); 342 348 … … 390 396 **/ 391 397 if ($this->getParam('abuse_detection') && !$this->getVal('login_abuse_exempt')) { 392 $qid = DB::query("398 $qid = $db->query(" 393 399 SELECT COUNT(DISTINCT LEFT(remote_ip_binary, " . $this->_params['login_abuse_ip_bitmask'] . ")) 394 400 FROM " . $this->_params['db_login_table'] . " … … 410 416 } 411 417 // Increment user's warning level. 412 DB::query("UPDATE " . $this->_params['db_table'] . " SET abuse_warning_level = abuse_warning_level + 1 WHERE " . $this->_params['db_primary_key'] . " = '" . $this->getVal('user_id') . "'");418 $db->query("UPDATE " . $this->_params['db_table'] . " SET abuse_warning_level = abuse_warning_level + 1 WHERE " . $this->_params['db_primary_key'] . " = '" . $this->getVal('user_id') . "'"); 413 419 // Reset the login counter for this user. 414 DB::query("DELETE FROM " . $this->_params['db_login_table'] . " WHERE " . $this->_params['db_primary_key'] . " = '" . $this->getVal('user_id') . "'");420 $db->query("DELETE FROM " . $this->_params['db_login_table'] . " WHERE " . $this->_params['db_primary_key'] . " = '" . $this->getVal('user_id') . "'"); 415 421 // No login: reset password because of account abuse! 416 422 $this->clearAuth(); … … 419 425 420 426 // Update the login counter table with this login access. Convert IP to binary. 421 DB::query("427 $db->query(" 422 428 INSERT INTO " . $this->_params['db_login_table'] . " ( 423 429 " . $this->_params['db_primary_key'] . ", … … 433 439 434 440 // Update user table with this login. 435 DB::query("441 $db->query(" 436 442 UPDATE " . $this->_params['db_table'] . " SET 437 443 last_login_datetime = '" . $this->getVal('login_datetime') . "', … … 458 464 { 459 465 $app =& App::getInstance(); 460 466 $db =& DB::getInstance(); 467 461 468 $this->initDB(); 462 469 463 470 if (isset($user_id)) { 464 471 // Check the login status of a specific user. 465 $qid = DB::query("472 $qid = $db->query(" 466 473 SELECT 1 FROM " . $this->_params['db_table'] . " 467 WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "'474 WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "' 468 475 AND DATE_ADD(last_login_datetime, INTERVAL '" . $this->_params['login_timeout'] . "' SECOND) > NOW() 469 476 AND DATE_ADD(last_access_datetime, INTERVAL '" . $this->_params['idle_timeout'] . "' SECOND) > NOW() … … 510 517 511 518 // Update the DB with the last_access_datetime and increment the seconds_online. 512 DB::query("519 $db->query(" 513 520 UPDATE " . $this->_params['db_table'] . " SET 514 521 seconds_online = seconds_online + (UNIX_TIMESTAMP() - UNIX_TIMESTAMP(last_access_datetime)) + 1, … … 516 523 WHERE " . $this->_params['db_primary_key'] . " = '" . $this->getVal('user_id') . "' 517 524 "); 518 if (mysql_affected_rows( DB::getDBH()) > 0) {525 if (mysql_affected_rows($db->getDBH()) > 0) { 519 526 // User record still exists in DB. Do this to ensure user was not delete from DB between accesses. Notice "+ 1" in SQL above to ensure record is modified. 520 527 return true; … … 584 591 { 585 592 $app =& App::getInstance(); 586 593 $db =& DB::getInstance(); 594 587 595 $this->initDB(); 588 596 589 597 if ($this->getParam('blocking')) { 590 if (strlen( DB::escapeString($reason)) > 255) {598 if (strlen($db->escapeString($reason)) > 255) { 591 599 // blocked_reason field is varchar(255). 592 600 $app->logMsg(sprintf('Blocked reason provided is greater than 255 characters: %s', $reason), LOG_WARNING, __FILE__, __LINE__); … … 595 603 // Get user_id if specified. 596 604 $user_id = isset($user_id) ? $user_id : $this->getVal('user_id'); 597 DB::query("605 $db->query(" 598 606 UPDATE " . $this->_params['db_table'] . " SET 599 607 blocked = 'true', 600 blocked_reason = '" . DB::escapeString($reason) . "'601 WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "'608 blocked_reason = '" . $db->escapeString($reason) . "' 609 WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "' 602 610 "); 603 611 } … … 609 617 function unblockAccount($user_id=null) 610 618 { 619 $db =& DB::getInstance(); 620 611 621 $this->initDB(); 612 622 613 623 if ($this->getParam('blocking')) { 614 624 // Get user_id if specified. 615 625 $user_id = isset($user_id) ? $user_id : $this->getVal('user_id'); 616 DB::query("626 $db->query(" 617 627 UPDATE " . $this->_params['db_table'] . " SET 618 628 blocked = '', 619 629 blocked_reason = '' 620 WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "'630 WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "' 621 631 "); 622 632 } … … 631 641 function usernameExists($username) 632 642 { 643 $db =& DB::getInstance(); 644 633 645 $this->initDB(); 634 646 635 $qid = DB::query("647 $qid = $db->query(" 636 648 SELECT 1 637 649 FROM " . $this->_params['db_table'] . " 638 WHERE " . $this->_params['db_username_column'] . " = '" . DB::escapeString($username) . "'650 WHERE " . $this->_params['db_username_column'] . " = '" . $db->escapeString($username) . "' 639 651 "); 640 652 return (mysql_num_rows($qid) > 0); … … 649 661 function getUsername($user_id) 650 662 { 663 $db =& DB::getInstance(); 664 651 665 $this->initDB(); 652 666 653 $qid = DB::query("667 $qid = $db->query(" 654 668 SELECT " . $this->_params['db_username_column'] . " 655 669 FROM " . $this->_params['db_table'] . " 656 WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "'670 WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "' 657 671 "); 658 672 if (list($username) = mysql_fetch_row($qid)) { … … 726 740 { 727 741 $app =& App::getInstance(); 728 742 $db =& DB::getInstance(); 743 729 744 $this->initDB(); 730 745 … … 733 748 734 749 // Issue the password change query. 735 DB::query("750 $db->query(" 736 751 UPDATE " . $this->_params['db_table'] . " 737 SET userpass = '" . DB::escapeString($this->encryptPassword($password)) . "'738 WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "'752 SET userpass = '" . $db->escapeString($this->encryptPassword($password)) . "' 753 WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "' 739 754 "); 740 755 741 if (mysql_affected_rows( DB::getDBH()) != 1) {756 if (mysql_affected_rows($db->getDBH()) != 1) { 742 757 $app->logMsg(sprintf('setPassword failed to update password for user %s', $user_id), LOG_NOTICE, __FILE__, __LINE__); 743 758 } … … 754 769 { 755 770 $app =& App::getInstance(); 756 771 $db =& DB::getInstance(); 772 757 773 $this->initDB(); 758 774 … … 761 777 762 778 // Reset password of a specific user. 763 $qid = DB::query("779 $qid = $db->query(" 764 780 SELECT * FROM " . $this->_params['db_table'] . " 765 WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "'781 WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "' 766 782 "); 767 783 if (!$user_data = mysql_fetch_assoc($qid)) { -
branches/2.0singleton/lib/Hierarchy.inc.php
r127 r130 152 152 { 153 153 $app =& App::getInstance(); 154 $db =& DB::getInstance(); 154 155 155 156 if (!isset($child_type) || !isset($child_id)) { … … 194 195 foreach ($parents as $parent_string) { 195 196 $parent = $this->toArrayID($parent_string); 196 DB::query("197 $db->query(" 197 198 INSERT INTO node_tbl ( 198 199 parent_type, … … 203 204 title 204 205 ) VALUES ( 205 '" . DB::escapeString($parent['node_type']) . "',206 '" . DB::escapeString($parent['node_id']) . "',207 '" . DB::escapeString($child_type) . "',208 '" . DB::escapeString($child_id) . "',209 " . (is_null($relationship_type) ? "NULL" : "'" . DB::escapeString($relationship_type) . "'") . ",210 '" . DB::escapeString($title) . "'206 '" . $db->escapeString($parent['node_type']) . "', 207 '" . $db->escapeString($parent['node_id']) . "', 208 '" . $db->escapeString($child_type) . "', 209 '" . $db->escapeString($child_id) . "', 210 " . (is_null($relationship_type) ? "NULL" : "'" . $db->escapeString($relationship_type) . "'") . ", 211 '" . $db->escapeString($title) . "' 211 212 ) 212 213 "); … … 230 231 { 231 232 $app =& App::getInstance(); 233 $db =& DB::getInstance(); 232 234 233 235 if (!isset($child_type) || !isset($child_id)) { … … 251 253 } 252 254 253 DB::query("255 $db->query(" 254 256 DELETE FROM node_tbl 255 WHERE child_type = '" . DB::escapeString($child_type) . "'256 AND child_id = '" . DB::escapeString($child_id) . "'257 WHERE child_type = '" . $db->escapeString($child_type) . "' 258 AND child_id = '" . $db->escapeString($child_id) . "' 257 259 "); 258 260 $app->logMsg(sprintf('deleteNode: Deleted node %s %s.', $child_type, $child_id), LOG_DEBUG, __FILE__, __LINE__); … … 279 281 { 280 282 $app =& App::getInstance(); 281 283 $db =& DB::getInstance(); 284 282 285 if (!isset($child_type) || !isset($child_id)) { 283 286 if ($this->node_init) { … … 319 322 if (empty($title)) { 320 323 // Select the title of the node we are moving, so we can add it again with the same info. 321 $qid = DB::query("324 $qid = $db->query(" 322 325 SELECT title FROM node_tbl 323 WHERE child_type = '" . DB::escapeString($child_type) . "'324 AND child_id = '" . DB::escapeString($child_id) . "'325 AND relationship_type " . (is_null($relationship_type) ? "IS NULL" : "= '" . DB::escapeString($relationship_type) . "'") . "326 WHERE child_type = '" . $db->escapeString($child_type) . "' 327 AND child_id = '" . $db->escapeString($child_id) . "' 328 AND relationship_type " . (is_null($relationship_type) ? "IS NULL" : "= '" . $db->escapeString($relationship_type) . "'") . " 326 329 "); 327 330 list($title) = mysql_fetch_row($qid); … … 329 332 330 333 // Delete the nodes with the old parents. 331 DB::query("334 $db->query(" 332 335 DELETE FROM node_tbl 333 WHERE child_type = '" . DB::escapeString($child_type) . "'334 AND child_id = '" . DB::escapeString($child_id) . "'335 AND relationship_type " . (is_null($relationship_type) ? "IS NULL" : "= '" . DB::escapeString($relationship_type) . "'") . "336 WHERE child_type = '" . $db->escapeString($child_type) . "' 337 AND child_id = '" . $db->escapeString($child_id) . "' 338 AND relationship_type " . (is_null($relationship_type) ? "IS NULL" : "= '" . $db->escapeString($relationship_type) . "'") . " 336 339 "); 337 340 $app->logMsg(sprintf('moveNode: Deleted node %s %s.', $child_type, $child_id), LOG_DEBUG, __FILE__, __LINE__); … … 355 358 { 356 359 $app =& App::getInstance(); 360 $db =& DB::getInstance(); 357 361 358 362 if (!isset($child_type) || !isset($child_id)) { … … 374 378 } 375 379 376 $qid = DB::query("380 $qid = $db->query(" 377 381 SELECT parent_type, parent_id 378 382 FROM node_tbl 379 WHERE child_type = '" . DB::escapeString($child_type) . "'380 AND child_id = '" . DB::escapeString($child_id) . "'383 WHERE child_type = '" . $db->escapeString($child_type) . "' 384 AND child_id = '" . $db->escapeString($child_id) . "' 381 385 $in_clause 382 " . DB::escapeString($order) . "386 " . $db->escapeString($order) . " 383 387 "); 384 388 … … 405 409 { 406 410 $app =& App::getInstance(); 411 $db =& DB::getInstance(); 407 412 408 413 if (!isset($child_type) || !isset($child_id)) { … … 416 421 } 417 422 418 $qid = DB::query("423 $qid = $db->query(" 419 424 SELECT child_type, child_id, title, subnode_quantity 420 425 FROM node_tbl 421 WHERE child_type = '" . DB::escapeString($child_type) . "'422 AND child_id = '" . DB::escapeString($child_id) . "'426 WHERE child_type = '" . $db->escapeString($child_type) . "' 427 AND child_id = '" . $db->escapeString($child_id) . "' 423 428 "); 424 429 … … 448 453 { 449 454 $app =& App::getInstance(); 455 $db =& DB::getInstance(); 450 456 451 457 if (!isset($child_type) || !isset($child_id)) { … … 467 473 } 468 474 469 $qid = DB::query("475 $qid = $db->query(" 470 476 SELECT * 471 477 FROM node_tbl 472 WHERE parent_type = '" . DB::escapeString($child_type) . "'473 AND parent_id = '" . DB::escapeString($child_id) . "'478 WHERE parent_type = '" . $db->escapeString($child_type) . "' 479 AND parent_id = '" . $db->escapeString($child_id) . "' 474 480 $in_clause 475 " . DB::escapeString($order) . "481 " . $db->escapeString($order) . " 476 482 "); 477 483 … … 499 505 { 500 506 $app =& App::getInstance(); 501 507 $db =& DB::getInstance(); 508 502 509 if (!isset($child_type) || !isset($child_id)) { 503 510 if ($this->node_init) { … … 518 525 } 519 526 520 $qid = DB::query("527 $qid = $db->query(" 521 528 SELECT COUNT(*) 522 529 FROM node_tbl 523 WHERE parent_type = '" . DB::escapeString($child_type) . "'524 AND parent_id = '" . DB::escapeString($child_id) . "'530 WHERE parent_type = '" . $db->escapeString($child_type) . "' 531 AND parent_id = '" . $db->escapeString($child_id) . "' 525 532 $in_clause 526 533 "); … … 599 606 function getAllAncestors($child_type, $child_id, $go_linear=false, $_return_flag=true) 600 607 { 608 $db =& DB::getInstance(); 609 601 610 static $output = array(); 602 611 static $return_flag; 603 612 604 $qid = DB::query("613 $qid = $db->query(" 605 614 SELECT parent_type, parent_id, child_type, child_id, title, subnode_quantity 606 615 FROM node_tbl 607 WHERE child_type = '" . DB::escapeString($child_type) . "'608 AND child_id = '" . DB::escapeString($child_id) . "'616 WHERE child_type = '" . $db->escapeString($child_type) . "' 617 AND child_id = '" . $db->escapeString($child_id) . "' 609 618 "); 610 619 while ($row = mysql_fetch_assoc($qid)) { … … 652 661 { 653 662 $app =& App::getInstance(); 663 $db =& DB::getInstance(); 654 664 655 665 if (!isset($child_type) || !isset($child_id)) { … … 664 674 665 675 if (isset($parent_type) && isset($parent_id)) { 666 $qid = DB::query("676 $qid = $db->query(" 667 677 SELECT 1 FROM node_tbl 668 WHERE parent_type = '" . DB::escapeString($parent_type) . "'669 AND parent_id = '" . DB::escapeString($parent_id) . "'670 AND child_type = '" . DB::escapeString($child_type) . "'671 AND child_id = '" . DB::escapeString($child_id) . "'672 AND relationship_type " . (is_null($relationship_type) ? "IS NULL" : "= '" . DB::escapeString($relationship_type) . "'") . "678 WHERE parent_type = '" . $db->escapeString($parent_type) . "' 679 AND parent_id = '" . $db->escapeString($parent_id) . "' 680 AND child_type = '" . $db->escapeString($child_type) . "' 681 AND child_id = '" . $db->escapeString($child_id) . "' 682 AND relationship_type " . (is_null($relationship_type) ? "IS NULL" : "= '" . $db->escapeString($relationship_type) . "'") . " 673 683 "); 674 684 } else { 675 $qid = DB::query("685 $qid = $db->query(" 676 686 SELECT 1 FROM node_tbl 677 WHERE child_type = '" . DB::escapeString($child_type) . "'678 AND child_id = '" . DB::escapeString($child_id) . "'687 WHERE child_type = '" . $db->escapeString($child_type) . "' 688 AND child_id = '" . $db->escapeString($child_id) . "' 679 689 "); 680 690 } … … 775 785 function rebuildSubnodeQty($type_constraint=null) 776 786 { 787 $db =& DB::getInstance(); 788 777 789 // Reset all the category counters to zero. 778 DB::query("UPDATE node_tbl SET subnode_quantity = 0");790 $db->query("UPDATE node_tbl SET subnode_quantity = 0"); 779 791 780 792 // Get all the nodes. 781 $qid = DB::query("SELECT DISTINCT child_type, child_id FROM node_tbl");793 $qid = $db->query("SELECT DISTINCT child_type, child_id FROM node_tbl"); 782 794 783 795 // For each node count the number of children... … … 797 809 function setSubnodeQtyToParents($child_type, $child_id, $num_children) 798 810 { 799 DB::query(" 811 $db =& DB::getInstance(); 812 813 $db->query(" 800 814 UPDATE node_tbl 801 SET subnode_quantity = subnode_quantity + '" . DB::escapeString($num_children) . "'802 WHERE child_type = '" . DB::escapeString($child_type) . "'803 AND child_id = '" . DB::escapeString($child_id) . "'815 SET subnode_quantity = subnode_quantity + '" . $db->escapeString($num_children) . "' 816 WHERE child_type = '" . $db->escapeString($child_type) . "' 817 AND child_id = '" . $db->escapeString($child_id) . "' 804 818 ",false); 805 $qid = DB::query("819 $qid = $db->query(" 806 820 SELECT parent_type, parent_id 807 821 FROM node_tbl 808 WHERE child_type = '" . DB::escapeString($child_type) . "'809 AND child_id = '" . DB::escapeString($child_id) . "'822 WHERE child_type = '" . $db->escapeString($child_type) . "' 823 AND child_id = '" . $db->escapeString($child_id) . "' 810 824 ",false); 811 825 while ((list($parent_type, $parent_id) = mysql_fetch_row($qid)) && $parent_id > 0) { -
branches/2.0singleton/lib/PageNumbers.inc.php
r128 r130 192 192 { 193 193 $app =& App::getInstance(); 194 $db =& DB::getInstance(); 194 195 195 196 if (is_numeric($this->first_item) && is_numeric($this->_per_page)) { 196 return ' LIMIT ' . DB::escapeString($this->first_item) . ', ' . DB::escapeString($this->_per_page) . ' ';197 return ' LIMIT ' . $db->escapeString($this->first_item) . ', ' . $db->escapeString($this->_per_page) . ' '; 197 198 } else { 198 199 $app->logMsg(sprintf('Could not find SQL to LIMIT by %s %s.', $this->first_item, $this->_per_page), LOG_WARNING, __FILE__, __LINE__); -
branches/2.0singleton/lib/RecordLock.inc.php
r128 r130 72 72 { 73 73 $app =& App::getInstance(); 74 $db =& DB::getInstance(); 74 75 75 76 static $_db_tested = false; … … 77 78 if ($recreate_db || !$_db_tested && $this->getParam('create_table')) { 78 79 if ($recreate_db) { 79 DB::query("DROP TABLE IF EXISTS " . $this->getParam('db_table'));80 $db->query("DROP TABLE IF EXISTS " . $this->getParam('db_table')); 80 81 $app->logMsg(sprintf('Dropping and recreating table %s.', $this->getParam('db_table')), LOG_DEBUG, __FILE__, __LINE__); 81 82 } 82 DB::query("CREATE TABLE IF NOT EXISTS " . $this->getParam('db_table') . " (83 $db->query("CREATE TABLE IF NOT EXISTS " . $this->getParam('db_table') . " ( 83 84 lock_id int NOT NULL auto_increment, 84 85 record_table varchar(255) NOT NULL default '', … … 94 95 )"); 95 96 96 if (! DB::columnExists($this->getParam('db_table'), array(97 if (!$db->columnExists($this->getParam('db_table'), array( 97 98 'lock_id', 98 99 'record_table', … … 154 155 { 155 156 $app =& App::getInstance(); 157 $db =& DB::getInstance(); 156 158 157 159 $this->initDB(); … … 162 164 if (is_numeric($record_table_or_lock_id) && !isset($record_key) && !isset($record_val)) { 163 165 // Get lock data by lock_id. 164 $qid = DB::query("166 $qid = $db->query(" 165 167 SELECT * FROM " . $this->getParam('db_table') . " 166 WHERE lock_id = '" . DB::escapeString($record_table_or_lock_id) . "'168 WHERE lock_id = '" . $db->escapeString($record_table_or_lock_id) . "' 167 169 "); 168 170 } else { 169 171 // Get lock data by record specs 170 $qid = DB::query("172 $qid = $db->query(" 171 173 SELECT * FROM " . $this->getParam('db_table') . " 172 WHERE record_table = '" . DB::escapeString($record_table_or_lock_id) . "'173 AND record_key = '" . DB::escapeString($record_key) . "'174 AND record_val = '" . DB::escapeString($record_val) . "'174 WHERE record_table = '" . $db->escapeString($record_table_or_lock_id) . "' 175 AND record_key = '" . $db->escapeString($record_key) . "' 176 AND record_val = '" . $db->escapeString($record_val) . "' 175 177 "); 176 178 } … … 204 206 function isMine() 205 207 { 208 $db =& DB::getInstance(); 209 206 210 $this->initDB(); 207 211 208 212 if (isset($this->data['lock_id'])) { 209 $qid = DB::query("SELECT * FROM " . $this->getParam('db_table') . " WHERE lock_id = '" . DB::escapeString($this->data['lock_id']) . "'");213 $qid = $db->query("SELECT * FROM " . $this->getParam('db_table') . " WHERE lock_id = '" . $db->escapeString($this->data['lock_id']) . "'"); 210 214 if ($lock = mysql_fetch_assoc($qid)) { 211 215 return ($lock['set_by_admin_id'] == $this->_auth->getVal('user_id')); … … 230 234 function set($record_table, $record_key, $record_val, $title='') 231 235 { 236 $db =& DB::getInstance(); 237 232 238 $this->initDB(); 233 239 … … 236 242 237 243 // Remove previous locks if exist. Is this better than using a REPLACE INTO? 238 DB::query("244 $db->query(" 239 245 DELETE FROM " . $this->getParam('db_table') . " 240 WHERE record_table = '" . DB::escapeString($record_table) . "'241 AND record_key = '" . DB::escapeString($record_key) . "'242 AND record_val = '" . DB::escapeString($record_val) . "'246 WHERE record_table = '" . $db->escapeString($record_table) . "' 247 AND record_key = '" . $db->escapeString($record_key) . "' 248 AND record_val = '" . $db->escapeString($record_val) . "' 243 249 "); 244 250 245 251 // Set new lock. 246 DB::query("252 $db->query(" 247 253 INSERT INTO " . $this->getParam('db_table') . " ( 248 254 record_table, … … 253 259 lock_datetime 254 260 ) VALUES ( 255 '" . DB::escapeString($record_table) . "',256 '" . DB::escapeString($record_key) . "',257 '" . DB::escapeString($record_val) . "',258 '" . DB::escapeString($title) . "',259 '" . DB::escapeString($this->_auth->getVal('user_id')) . "',261 '" . $db->escapeString($record_table) . "', 262 '" . $db->escapeString($record_key) . "', 263 '" . $db->escapeString($record_val) . "', 264 '" . $db->escapeString($title) . "', 265 '" . $db->escapeString($this->_auth->getVal('user_id')) . "', 260 266 NOW() 261 267 ) 262 268 "); 263 $lock_id = mysql_insert_id( DB::getDBH());269 $lock_id = mysql_insert_id($db->getDBH()); 264 270 265 271 // Must register this locked record as the current. … … 275 281 { 276 282 $app =& App::getInstance(); 283 $db =& DB::getInstance(); 277 284 278 285 $this->initDB(); … … 282 289 283 290 // Delete a specific lock. 284 DB::query("291 $db->query(" 285 292 DELETE FROM " . $this->getParam('db_table') . " 286 WHERE lock_id = '" . DB::escapeString($this->data['lock_id']) . "'293 WHERE lock_id = '" . $db->escapeString($this->data['lock_id']) . "' 287 294 "); 288 295 … … 296 303 { 297 304 $app =& App::getInstance(); 305 $db =& DB::getInstance(); 298 306 299 307 $this->initDB(); … … 304 312 if (isset($user_id)) { 305 313 // Delete specific user's locks. 306 DB::query("DELETE FROM " . $this->getParam('db_table') . " WHERE set_by_admin_id = '" . DB::escapeString($user_id) . "'");314 $db->query("DELETE FROM " . $this->getParam('db_table') . " WHERE set_by_admin_id = '" . $db->escapeString($user_id) . "'"); 307 315 $app->logMsg(sprintf('Record locks owned by %s %s have been deleted', $this->_auth->getVal('auth_name'), $this->_auth->getUsername($user_id)), LOG_DEBUG, __FILE__, __LINE__); 308 316 } else { 309 317 // Delete ALL locks. 310 DB::query("DELETE FROM " . $this->getParam('db_table') . "");318 $db->query("DELETE FROM " . $this->getParam('db_table') . ""); 311 319 $app->logMsg(sprintf('All record locks deleted by %s %s', $this->_auth->getVal('auth_name'), $this->_auth->getVal('username')), LOG_DEBUG, __FILE__, __LINE__); 312 320 } … … 318 326 function _auto_timeout() 319 327 { 328 $db =& DB::getInstance(); 329 320 330 static $_timeout_run = false; 321 331 … … 324 334 if (!$_timeout_run) { 325 335 // Delete all old locks. 326 DB::query("336 $db->query(" 327 337 DELETE FROM " . $this->getParam('db_table') . " 328 338 WHERE DATE_ADD(lock_datetime, INTERVAL '" . $this->getParam('auto_timeout') . "' SECOND) < NOW() -
branches/2.0singleton/lib/RecordVersion.inc.php
r128 r130 79 79 { 80 80 $app =& App::getInstance(); 81 $db =& DB::getInstance(); 81 82 82 83 static $_db_tested = false; … … 84 85 if ($recreate_db || !$_db_tested && $this->getParam('create_table')) { 85 86 if ($recreate_db) { 86 DB::query("DROP TABLE IF EXISTS " . $this->getParam('db_table'));87 $db->query("DROP TABLE IF EXISTS " . $this->getParam('db_table')); 87 88 $app->logMsg(sprintf('Dropping and recreating table %s.', $this->getParam('db_table')), LOG_DEBUG, __FILE__, __LINE__); 88 89 } 89 DB::query("CREATE TABLE IF NOT EXISTS " . $this->getParam('db_table') . " (90 $db->query("CREATE TABLE IF NOT EXISTS " . $this->getParam('db_table') . " ( 90 91 version_id int NOT NULL auto_increment, 91 92 record_table varchar(255) NOT NULL default '', … … 103 104 )"); 104 105 105 if (! DB::columnExists($this->getParam('db_table'), array(106 if (!$db->columnExists($this->getParam('db_table'), array( 106 107 'version_id', 107 108 'record_table', … … 166 167 { 167 168 $app =& App::getInstance(); 169 $db =& DB::getInstance(); 168 170 169 171 $this->initDB(); … … 179 181 180 182 // Save as new version. 181 DB::query("183 $db->query(" 182 184 INSERT INTO " . $this->getParam('db_table') . " ( 183 185 record_table, … … 190 192 version_datetime 191 193 ) VALUES ( 192 '" . DB::escapeString($record_table) . "',193 '" . DB::escapeString($record_key) . "',194 '" . DB::escapeString($record_val) . "',195 '" . DB::escapeString(gzcompress(serialize($record), 9)) . "',196 '" . DB::escapeString($title) . "',197 '" . DB::escapeString($notes) . "',198 '" . DB::escapeString($this->_auth->getVal('user_id')) . "',194 '" . $db->escapeString($record_table) . "', 195 '" . $db->escapeString($record_key) . "', 196 '" . $db->escapeString($record_val) . "', 197 '" . $db->escapeString(gzcompress(serialize($record), 9)) . "', 198 '" . $db->escapeString($title) . "', 199 '" . $db->escapeString($notes) . "', 200 '" . $db->escapeString($this->_auth->getVal('user_id')) . "', 199 201 NOW() 200 202 ) 201 203 "); 202 204 203 return mysql_insert_id( DB::getDBH());205 return mysql_insert_id($db->getDBH()); 204 206 } 205 207 … … 214 216 { 215 217 $app =& App::getInstance(); 218 $db =& DB::getInstance(); 216 219 217 220 $this->initDB(); 218 221 219 222 // Get version data. 220 $qid = DB::query("223 $qid = $db->query(" 221 224 SELECT * FROM " . $this->getParam('db_table') . " 222 WHERE version_id = '" . DB::escapeString($version_id) . "'225 WHERE version_id = '" . $db->escapeString($version_id) . "' 223 226 "); 224 227 if (!$record = mysql_fetch_assoc($qid)) { … … 230 233 231 234 // Ensure saved db columns match current table schema. 232 if (! DB::columnExists($record['record_table'], array_keys($data), $this->getParam('db_schema_strict'))) {235 if (!$db->columnExists($record['record_table'], array_keys($data), $this->getParam('db_schema_strict'))) { 233 236 $app->raiseMsg(sprintf(_("Version ID %s%s is not compatible with the current database table."), $version_id, (empty($record['version_title']) ? '' : ' (' . $record['version_title'] . ')')), MSG_ERR, __FILE__, __LINE__); 234 237 $app->logMsg(sprintf(_("Version ID %s%s restoration failed, DB schema does not match for table %s."), $version_id, (empty($record['version_title']) ? '' : ' (' . $record['version_title'] . ')'), $record['record_table']), LOG_ALERT, __FILE__, __LINE__); … … 243 246 $comma = ''; 244 247 foreach ($data as $v) { 245 $replace_values .= is_null($v) ? "$comma\nNULL" : "$comma\n'" . DB::escapeString($v) . "'";248 $replace_values .= is_null($v) ? "$comma\nNULL" : "$comma\n'" . $db->escapeString($v) . "'"; 246 249 $comma = ','; 247 250 } 248 251 249 252 // Replace current record with specified versioned record. 250 DB::query("253 $db->query(" 251 254 REPLACE INTO " . $record['record_table'] . " ( 252 255 $replace_keys … … 273 276 function deleteOld($record_table, $record_key, $record_val) 274 277 { 278 $db =& DB::getInstance(); 279 275 280 $this->initDB(); 276 281 277 282 // Get total number of versions for this record. 278 $qid = DB::query("283 $qid = $db->query(" 279 284 SELECT COUNT(*) FROM " . $this->getParam('db_table') . " 280 WHERE record_table = '" . DB::escapeString($record_table) . "'281 AND record_key = '" . DB::escapeString($record_key) . "'282 AND record_val = '" . DB::escapeString($record_val) . "'285 WHERE record_table = '" . $db->escapeString($record_table) . "' 286 AND record_key = '" . $db->escapeString($record_key) . "' 287 AND record_val = '" . $db->escapeString($record_val) . "' 283 288 "); 284 289 list($v_count) = mysql_fetch_row($qid); … … 288 293 // To prevent a record bomb, limit max number of versions to max_qty. 289 294 // First query for oldest records, selecting enough to bring total number down to min_qty. 290 $qid = DB::query("295 $qid = $db->query(" 291 296 SELECT version_id FROM " . $this->getParam('db_table') . " 292 WHERE record_table = '" . DB::escapeString($record_table) . "'293 AND record_key = '" . DB::escapeString($record_key) . "'294 AND record_val = '" . DB::escapeString($record_val) . "'297 WHERE record_table = '" . $db->escapeString($record_table) . "' 298 AND record_key = '" . $db->escapeString($record_key) . "' 299 AND record_val = '" . $db->escapeString($record_val) . "' 295 300 ORDER BY version_datetime ASC 296 301 LIMIT " . ($v_count - $this->getParam('min_qty')) . " … … 299 304 $old_versions[] = $old_id; 300 305 } 301 DB::query("306 $db->query(" 302 307 DELETE FROM " . $this->getParam('db_table') . " 303 308 WHERE version_id IN ('" . join("','", $old_versions) . "') … … 305 310 } else { 306 311 // Delete versions older than min_days, while still keeping min_qty. 307 $qid = DB::query("312 $qid = $db->query(" 308 313 SELECT version_id FROM " . $this->getParam('db_table') . " 309 WHERE record_table = '" . DB::escapeString($record_table) . "'310 AND record_key = '" . DB::escapeString($record_key) . "'311 AND record_val = '" . DB::escapeString($record_val) . "'314 WHERE record_table = '" . $db->escapeString($record_table) . "' 315 AND record_key = '" . $db->escapeString($record_key) . "' 316 AND record_val = '" . $db->escapeString($record_val) . "' 312 317 AND DATE_ADD(version_datetime, INTERVAL '" . $this->getParam('min_days') . "' DAY) < NOW() 313 318 ORDER BY version_datetime ASC … … 318 323 } 319 324 if (sizeof($old_versions) > 0) { 320 DB::query("325 $db->query(" 321 326 DELETE FROM " . $this->getParam('db_table') . " 322 327 WHERE version_id IN ('" . join("','", $old_versions) . "') … … 338 343 function getList($record_table, $record_key, $record_val) 339 344 { 345 $db =& DB::getInstance(); 346 340 347 $this->initDB(); 341 348 342 349 // Get versions of this record. 343 $qid = DB::query("350 $qid = $db->query(" 344 351 SELECT version_id, saved_by_admin_id, version_datetime, version_title 345 352 FROM " . $this->getParam('db_table') . " 346 WHERE record_table = '" . DB::escapeString($record_table) . "'347 AND record_key = '" . DB::escapeString($record_key) . "'348 AND record_val = '" . DB::escapeString($record_val) . "'353 WHERE record_table = '" . $db->escapeString($record_table) . "' 354 AND record_key = '" . $db->escapeString($record_key) . "' 355 AND record_val = '" . $db->escapeString($record_val) . "' 349 356 ORDER BY version_datetime DESC 350 357 "); … … 367 374 function getVerson($version_id) 368 375 { 376 $db =& DB::getInstance(); 377 369 378 $this->initDB(); 370 379 371 380 // Get version data. 372 $qid = DB::query("381 $qid = $db->query(" 373 382 SELECT * FROM " . $this->getParam('db_table') . " 374 WHERE version_id = '" . DB::escapeString($version_id) . "'383 WHERE version_id = '" . $db->escapeString($version_id) . "' 375 384 "); 376 385 return mysql_fetch_assoc($qid); … … 386 395 function getData($version_id) 387 396 { 397 $db =& DB::getInstance(); 398 388 399 $this->initDB(); 389 400 390 401 // Get version data. 391 $qid = DB::query("402 $qid = $db->query(" 392 403 SELECT * FROM " . $this->getParam('db_table') . " 393 WHERE version_id = '" . DB::escapeString($version_id) . "'404 WHERE version_id = '" . $db->escapeString($version_id) . "' 394 405 "); 395 406 $record = mysql_fetch_assoc($qid); … … 410 421 function getCurrent($record_table, $record_key, $record_val) 411 422 { 412 $this->initDB(); 413 414 $qid = DB::query(" 415 SELECT * FROM " . DB::escapeString($record_table) . " 416 WHERE " . DB::escapeString($record_key) . " = '" . DB::escapeString($record_val) . "' 423 $db =& DB::getInstance(); 424 425 $this->initDB(); 426 427 $qid = $db->query(" 428 SELECT * FROM " . $db->escapeString($record_table) . " 429 WHERE " . $db->escapeString($record_key) . " = '" . $db->escapeString($record_val) . "' 417 430 "); 418 431 if ($record = mysql_fetch_assoc($qid)) { -
branches/2.0singleton/lib/SortOrder.inc.php
r128 r130 129 129 { 130 130 $app =& App::getInstance(); 131 $db =& DB::getInstance(); 131 132 132 133 if (!isset($this->_columns[strtolower($this->sort_by)])) { … … 139 140 140 141 if (!empty($this->_columns[strtolower($this->sort_by)][strtolower($this->order)])) { 141 return sprintf(' ORDER BY %s ', DB::escapeString($this->_columns[strtolower($this->sort_by)][strtolower($this->order)]));142 return sprintf(' ORDER BY %s ', $db->escapeString($this->_columns[strtolower($this->sort_by)][strtolower($this->order)])); 142 143 } else { 143 144 $app->logMsg(sprintf('Could not find SQL to sort by %s %s.', $this->sort_by, $this->order), LOG_WARNING, __FILE__, __LINE__); -
branches/2.0singleton/lib/TemplateGlue.inc.php
r128 r130 67 67 { 68 68 $app =& App::getInstance(); 69 70 $qid = DB::query("SHOW COLUMNS FROM " . DB::escapeString($db_table) . " LIKE '" . DB::escapeString($db_col) . "'",false); 69 $db =& DB::getInstance(); 70 71 $qid = $db->query("SHOW COLUMNS FROM " . $db->escapeString($db_table) . " LIKE '" . $db->escapeString($db_col) . "'",false); 71 72 72 73 $row = mysql_fetch_row($qid); … … 296 297 function printSelectForm($db_table, $key_column, $val_column, $preselected, $blank=false, $extra_clause='') 297 298 { 299 $db =& DB::getInstance(); 300 298 301 // Sometimes preselected comes as a comma list. 299 302 if (!is_array($preselected)) { … … 316 319 } 317 320 } 318 $qid = DB::query("SELECT $key_column, $val_column FROM $db_table $extra_clause",false);321 $qid = $db->query("SELECT $key_column, $val_column FROM $db_table $extra_clause",false); 319 322 while ($row = mysql_fetch_assoc($qid)) { 320 323 $selected = in_array($row[$val_column], $preselected) ? ' selected="selected"' : ''; … … 337 340 function printDBCheckboxes($db_table, $key_column, $val_column, $preselected, $columns=1, $extra_clause='', $vert_columns=false) 338 341 { 342 $db =& DB::getInstance(); 343 339 344 // Sometimes preselected comes as a comma list. 340 345 if (!is_array($preselected)) { … … 350 355 } 351 356 352 $qid = DB::query("SELECT $key_column, $val_column FROM $db_table $extra_clause",false);357 $qid = $db->query("SELECT $key_column, $val_column FROM $db_table $extra_clause",false); 353 358 while ($row = mysql_fetch_assoc($qid)) { 354 359 $values[] = $row; -
branches/2.0singleton/lib/Utilities.inc.php
r123 r130 476 476 function escapedList($in) 477 477 { 478 $db =& DB::getInstance(); 479 478 480 if (is_array($in) && !empty($in)) { 479 481 return "'" . join("', '", array_map(array('DB', 'escapeString'), $in)) . "'"; 480 482 } else { 481 return DB::escapeString($in);483 return $db->escapeString($in); 482 484 } 483 485 }
Note: See TracChangeset
for help on using the changeset viewer.