Changeset 146 for trunk/lib/Lock.inc.php


Ignore:
Timestamp:
Jun 5, 2006 1:14:51 AM (18 years ago)
Author:
scdev
Message:

Q - added persistant database storage to Prefs.inc.php. Modified getParam failure log type to LOG_DEBUG in all classes.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/lib/Lock.inc.php

    r141 r146  
    1717        'error_url' => '/lock.php',
    1818        'db_table' => 'lock_tbl',
    19         'create_table' => true, // Automatically create table and verify columns. Better set to false after site launch.
     19
     20        // Automatically create table and verify columns. Better set to false after site launch.
     21        'create_table' => true,
    2022    );
    2123
     
    8486                $app->logMsg(sprintf('Dropping and recreating table %s.', $this->getParam('db_table')), LOG_DEBUG, __FILE__, __LINE__);
    8587            }
    86             $db->query("CREATE TABLE IF NOT EXISTS " . $this->getParam('db_table') . " (
     88            $db->query("CREATE TABLE IF NOT EXISTS " . $db->escapeString($this->getParam('db_table')) . " (
    8789                lock_id int NOT NULL auto_increment,
    8890                record_table varchar(255) NOT NULL default '',
     
    141143            return $this->_params[$param];
    142144        } else {
    143             $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_NOTICE, __FILE__, __LINE__);
     145            $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__);
    144146            return null;
    145147        }
     
    168170            // Get lock data by lock_id.
    169171            $qid = $db->query("
    170                 SELECT * FROM " . $this->getParam('db_table') . "
     172                SELECT * FROM " . $db->escapeString($this->getParam('db_table')) . "
    171173                WHERE lock_id = '" . $db->escapeString($record_table_or_lock_id) . "'
    172174            ");
     
    174176            // Get lock data by record specs
    175177            $qid = $db->query("
    176                 SELECT * FROM " . $this->getParam('db_table') . "
     178                SELECT * FROM " . $db->escapeString($this->getParam('db_table')) . "
    177179                WHERE record_table = '" . $db->escapeString($record_table_or_lock_id) . "'
    178180                AND record_key = '" . $db->escapeString($record_key) . "'
     
    214216
    215217        if (isset($this->data['lock_id'])) {
    216             $qid = $db->query("SELECT * FROM " . $this->getParam('db_table') . " WHERE lock_id = '" . $db->escapeString($this->data['lock_id']) . "'");
     218            $qid = $db->query("SELECT * FROM " . $db->escapeString($this->getParam('db_table')) . " WHERE lock_id = '" . $db->escapeString($this->data['lock_id']) . "'");
    217219            if ($lock = mysql_fetch_assoc($qid)) {
    218220                return ($lock['set_by_admin_id'] == $this->_auth->getVal('user_id'));
     
    246248        // Remove previous locks if exist. Is this better than using a REPLACE INTO?
    247249        $db->query("
    248             DELETE FROM " . $this->getParam('db_table') . "
     250            DELETE FROM " . $db->escapeString($this->getParam('db_table')) . "
    249251            WHERE record_table = '" . $db->escapeString($record_table) . "'
    250252            AND record_key = '" . $db->escapeString($record_key) . "'
     
    254256        // Set new lock.
    255257        $db->query("
    256             INSERT INTO " . $this->getParam('db_table') . " (
     258            INSERT INTO " . $db->escapeString($this->getParam('db_table')) . " (
    257259                record_table,
    258260                record_key,
     
    293295        // Delete a specific lock.
    294296        $db->query("
    295             DELETE FROM " . $this->getParam('db_table') . "
     297            DELETE FROM " . $db->escapeString($this->getParam('db_table')) . "
    296298            WHERE lock_id = '" . $db->escapeString($this->data['lock_id']) . "'
    297299        ");
     
    315317        if (isset($user_id)) {
    316318            // Delete specific user's locks.
    317             $db->query("DELETE FROM " . $this->getParam('db_table') . " WHERE set_by_admin_id = '" . $db->escapeString($user_id) . "'");
     319            $db->query("DELETE FROM " . $db->escapeString($this->getParam('db_table')) . " WHERE set_by_admin_id = '" . $db->escapeString($user_id) . "'");
    318320            $app->logMsg(sprintf('Record locks owned by %s %s have been deleted', $this->_auth->getVal('auth_name'), $this->_auth->getUsername($user_id)), LOG_DEBUG, __FILE__, __LINE__);
    319321        } else {
    320322            // Delete ALL locks.
    321             $db->query("DELETE FROM " . $this->getParam('db_table') . "");
     323            $db->query("DELETE FROM " . $db->escapeString($this->getParam('db_table')) . "");
    322324            $app->logMsg(sprintf('All record locks deleted by %s %s', $this->_auth->getVal('auth_name'), $this->_auth->getVal('username')), LOG_DEBUG, __FILE__, __LINE__);
    323325        }
     
    338340            // Delete all old locks.
    339341            $db->query("
    340                 DELETE FROM " . $this->getParam('db_table') . "
     342                DELETE FROM " . $db->escapeString($this->getParam('db_table')) . "
    341343                WHERE DATE_ADD(lock_datetime, INTERVAL '" . $this->getParam('auto_timeout') . "' SECOND) < NOW()
    342344            ");
Note: See TracChangeset for help on using the changeset viewer.