From b167721d5746c0d1791febbb213da0a0aed21aa2 Mon Sep 17 00:00:00 2001 From: Brian Evans Date: Mon, 29 Jan 2018 16:07:33 -0500 Subject: Modernize the database and mirror libraries --- php/admin/index.php | 13 ++- php/admin/locations.php | 10 +- php/admin/login.php | 4 +- php/admin/logout.php | 4 +- php/admin/mirror-list.php | 25 +++-- php/admin/mstats.php | 3 +- php/admin/os.php | 10 +- php/admin/products.php | 10 +- php/admin/pstats.php | 3 +- php/admin/regions.php | 11 +- php/admin/users.php | 10 +- php/cfg/admin_init.php | 5 +- php/cfg/init.php | 4 +- php/inc/forms/location.php | 6 +- php/inc/forms/mirror.php | 3 +- php/index-list.php | 25 +++-- php/index.php | 43 ++++---- php/lib/auth.php | 60 +++++++---- php/lib/csv.php | 4 +- php/lib/db.php | 249 +++++++++++--------------------------------- php/lib/mirror.php | 205 ++++++++++++++++++------------------ php/rss/download-counts.php | 6 +- 22 files changed, 293 insertions(+), 420 deletions(-) diff --git a/php/admin/index.php b/php/admin/index.php index 8c3db5c..e8feaec 100644 --- a/php/admin/index.php +++ b/php/admin/index.php @@ -9,7 +9,7 @@ require_once('../cfg/init.php'); // add mirror if (!empty($_POST['add-submit'])) { - if (mirror_insert_mirror($_POST['mirror_name'],$_POST['region_id'],$_POST['mirror_baseurl'],$_POST['mirror_rating'])) { + if (Mirror::insert_mirror($_POST['mirror_name'],$_POST['region_id'],$_POST['mirror_baseurl'],$_POST['mirror_rating'])) { set_msg('Mirror added successfully.'); header('Location: http://'.$_SERVER['HTTP_HOST'].WEBPATH.'/admin/'); exit; @@ -24,7 +24,7 @@ if (!empty($_POST['submit'])) { switch($_POST['action']) { case 'edit': if (!empty($_POST['doit'])) { - if (mirror_update_mirror($_POST['mirror_id'],$_POST['mirror_name'],$_POST['region_id'],$_POST['mirror_baseurl'],$_POST['mirror_rating'])) { + if (Mirror::update_mirror($_POST['mirror_id'],$_POST['mirror_name'],$_POST['region_id'],$_POST['mirror_baseurl'],$_POST['mirror_rating'])) { set_msg('Mirror updated successfully.'); header('Location: http://'.$_SERVER['HTTP_HOST'].WEBPATH.'/admin/'); exit; @@ -36,7 +36,7 @@ if (!empty($_POST['submit'])) { $nav = INC.'/admin_nav.php'; require_once(HEADER); echo '

Edit Mirror

'; - $posts = mirror_get_one_mirror($_POST['mirror_id']); + $posts = Mirror::get_one_mirror($_POST['mirror_id']); form_start(); include_once(INC.'/forms/mirror.php'); form_hidden('doit','1'); @@ -49,14 +49,14 @@ if (!empty($_POST['submit'])) { } break; case 'delete': - if (mirror_delete_mirror($_POST['mirror_id'])) { + if (Mirror::delete_mirror($_POST['mirror_id'])) { set_msg('Mirror deleted successfully.'); } else { set_error('Mirror could not be deleted.'); } break; case 'toggle': - if (mirror_toggle($_POST['mirror_id'])) { + if (Mirror::toggle($_POST['mirror_id'])) { set_msg('Mirror enabled/disabled.'); } else { set_error('Mirror could not be enabled/disabled.'); @@ -75,7 +75,7 @@ echo '

Mirrors

'; show_error(); show_msg(); -$mirrors = mirror_get_mirrors(); +$mirrors = Mirror::get_mirrors(); $_GET['sort']=(!empty($_GET['sort']))?$_GET['sort']:'mirror_active'; $_GET['order']=(!empty($_GET['order']))?$_GET['order']:'ASC'; @@ -108,4 +108,3 @@ form_submit('add-submit','','button1','Add Mirror'); form_end(); require_once(FOOTER); -?> diff --git a/php/admin/locations.php b/php/admin/locations.php index f1bb456..e868d1a 100644 --- a/php/admin/locations.php +++ b/php/admin/locations.php @@ -9,7 +9,7 @@ require_once('../cfg/init.php'); // add mirror if (!empty($_POST['add-submit'])&&!empty($_POST['location_path'])) { - if (mirror_insert_location($_POST['product_id'],$_POST['os_id'],$_POST['location_path'])) { + if (Mirror::insert_location($_POST['product_id'],$_POST['os_id'],$_POST['location_path'])) { set_msg('Location added successfully.'); header('Location: http://'.$_SERVER['HTTP_HOST'].WEBPATH.'/admin/locations.php'); exit; @@ -24,7 +24,7 @@ if (!empty($_POST['submit'])) { switch($_POST['action']) { case 'edit': if (!empty($_POST['doit'])) { - if (mirror_update_location($_POST['location_id'],$_POST['product_id'],$_POST['os_id'],$_POST['location_path'])) { + if (Mirror::update_location($_POST['location_id'],$_POST['product_id'],$_POST['os_id'],$_POST['location_path'])) { set_msg('Location updated successfully.'); header('Location: http://'.$_SERVER['HTTP_HOST'].WEBPATH.'/admin/locations.php'); exit; @@ -36,7 +36,7 @@ if (!empty($_POST['submit'])) { $nav = INC.'/admin_nav.php'; require_once(HEADER); echo '

Edit Location

'; - $posts = mirror_get_one_location($_POST['location_id']); + $posts = Mirror::get_one_location($_POST['location_id']); form_start(); include_once(INC.'/forms/location.php'); form_hidden('doit','1'); @@ -49,7 +49,7 @@ if (!empty($_POST['submit'])) { } break; case 'delete': - if (mirror_delete_location($_POST['location_id'])) { + if (Mirror::delete_location($_POST['location_id'])) { set_msg('Location deleted successfully.'); } else { set_error('Location could not be deleted.'); @@ -68,7 +68,7 @@ echo '

Locations

'; show_error(); show_msg(); -$locations = mirror_get_locations(); +$locations = Mirror::get_locations(); $_GET['sort'] = (!empty($_GET['sort']))?$_GET['sort']:'product_name'; $_GET['order'] = (!empty($_GET['order']))?$_GET['order']:'ASC'; diff --git a/php/admin/login.php b/php/admin/login.php index 5e9d4c3..455c556 100644 --- a/php/admin/login.php +++ b/php/admin/login.php @@ -9,8 +9,8 @@ require_once(LIB.'/auth.php'); // authenticate if (!empty($_POST['submit'])) { - if ($auth = auth_mysql($_POST['username'],$_POST['password'])) { - auth_create_session($auth); + if ($auth = Auth::query($_POST['username'],$_POST['password'])) { + Auth::create_session($auth); header('Location: http://'.$_SERVER['HTTP_HOST'].WEBPATH.'/admin/'); exit; } else { diff --git a/php/admin/logout.php b/php/admin/logout.php index d980d9d..f876efe 100644 --- a/php/admin/logout.php +++ b/php/admin/logout.php @@ -6,7 +6,5 @@ */ require_once('../cfg/init.php'); require_once(LIB.'/auth.php'); -auth_logout(); +Auth::logout(); header('Location: http://'.$_SERVER['HTTP_HOST'].WEBPATH.'/admin/login.php'); -exit; -?> diff --git a/php/admin/mirror-list.php b/php/admin/mirror-list.php index c161efd..e0876d4 100644 --- a/php/admin/mirror-list.php +++ b/php/admin/mirror-list.php @@ -9,20 +9,20 @@ require_once('../cfg/init.php'); if (!empty($_GET['os'])&&!empty($_GET['product'])) { // clean in os and product strings - $os_name = mysql_real_escape_string(trim(strtolower($_GET['os']))); - $product_name = mysql_real_escape_string(trim(strtolower($_GET['product']))); + $os_name = trim(strtolower(filter_input(INPUT_GET,'os'))); + $product_name = trim(strtolower(filter_input(INPUT_GET,'product'))); // get os and product IDs - $os_id = db_name_to_id('mirror_os','os_id','os_name',$os_name); - $product_id = db_name_to_id('mirror_products','product_id','product_name',$product_name); + $os_id = DB::name_to_id('mirror_os','os_id','os_name',$os_name); + $product_id = DB::name_to_id('mirror_products','product_id','product_name',$product_name); } if (!empty($_GET['os_id'])&&!empty($_GET['product_id'])) { - $os_id = intval($_GET['os_id']); - $product_id = intval($_GET['product_id']); + $os_id = intval(filter_input(INPUT_GET,'os_id',FILTER_SANITIZE_NUMBER_INT)); + $product_id = intval(filter_input(INPUT_GET,'product_id',FILTER_SANITIZE_NUMBER_INT)); - $mirrors = db_get(" + $mirrors = DB::get(" SELECT DISTINCT mirror_baseurl FROM @@ -36,11 +36,11 @@ if (!empty($_GET['os_id'])&&!empty($_GET['product_id'])) { ON mirror_location_mirror_map.location_id = mirror_locations.location_id WHERE - mirror_locations.os_id = {$os_id} AND - mirror_locations.product_id = {$product_id} AND + mirror_locations.os_id = ? AND + mirror_locations.product_id = ? AND mirror_location_mirror_map.location_active = '1' AND mirror_mirrors.mirror_active = '1' - "); + ", PDO::FETCH_ASSOC, [$os_id, $product_id]); header("Content-type: text/plain;"); foreach ($mirrors as $mirror) { @@ -58,17 +58,16 @@ if (!empty($_GET['os_id'])&&!empty($_GET['product_id'])) { form_start('list','list','get','./mirror-list.php'); echo '
'; form_label('Product', 'product','label-small'); - form_select('product_id','product','',mirror_get_products_select(),$posts['product_id']); + form_select('product_id','product','',Mirror::get_products_select(),$posts['product_id']); echo ' [edit products]'; echo '

'; echo '
'; form_label('OS', 'os','label-small'); - form_select('os_id','os','',mirror_get_oss_select(),$posts['os_id']); + form_select('os_id','os','',Mirror::get_oss_select(),$posts['os_id']); echo ' [edit operating systems]'; echo '

'; form_submit('submit','','button1','Update'); form_end(); require_once(FOOTER); } -?> diff --git a/php/admin/mstats.php b/php/admin/mstats.php index 5778d16..284dcf4 100644 --- a/php/admin/mstats.php +++ b/php/admin/mstats.php @@ -12,7 +12,7 @@ $nav = INC.'/admin_nav.php'; require_once(HEADER); echo '

Mirror Statistics

'; -$stats = mirror_get_mirror_stats(); +$stats = Mirror::get_mirror_stats(); $_GET['sort']=(!empty($_GET['sort']))?$_GET['sort']:'count'; $_GET['order']=(!empty($_GET['order']))?$_GET['order']:'DESC'; @@ -29,4 +29,3 @@ $headers = array( show_list($stats,$headers,'simple'); require_once(FOOTER); -?> diff --git a/php/admin/os.php b/php/admin/os.php index b150245..72bb383 100644 --- a/php/admin/os.php +++ b/php/admin/os.php @@ -9,7 +9,7 @@ require_once('../cfg/init.php'); // add os if (!empty($_POST['add-submit'])&&!empty($_POST['os_name'])) { - if (mirror_insert_os($_POST['os_name'],$_POST['os_priority'])) { + if (Mirror::insert_os($_POST['os_name'],$_POST['os_priority'])) { set_msg('OS added successfully.'); header('Location: http://'.$_SERVER['HTTP_HOST'].WEBPATH.'/admin/os.php'); exit; @@ -24,7 +24,7 @@ if (!empty($_POST['submit'])) { switch($_POST['action']) { case 'edit': if (!empty($_POST['doit'])) { - if (mirror_update_os($_POST['os_id'],$_POST['os_name'],$_POST['os_priority'])) { + if (Mirror::update_os($_POST['os_id'],$_POST['os_name'],$_POST['os_priority'])) { set_msg('OS updated successfully.'); header('Location: http://'.$_SERVER['HTTP_HOST'].WEBPATH.'/admin/os.php'); exit; @@ -36,7 +36,7 @@ if (!empty($_POST['submit'])) { $nav = INC.'/admin_nav.php'; require_once(HEADER); echo '

Edit OS

'; - $posts = mirror_get_one_os($_POST['os_id']); + $posts = Mirror::get_one_os($_POST['os_id']); form_start(); include_once(INC.'/forms/os.php'); form_hidden('doit','1'); @@ -49,7 +49,7 @@ if (!empty($_POST['submit'])) { } break; case 'delete': - if (!record_exists('mirror_locations','os_id',$_POST['os_id'])&&mirror_delete_os($_POST['os_id'])) { + if (!record_exists('mirror_locations','os_id',$_POST['os_id'])&&Mirror::delete_os($_POST['os_id'])) { set_msg('OS deleted successfully.'); } else { set_error('OS cannot be deleted because it is being used by a file location.'); @@ -69,7 +69,7 @@ echo '

Operating Systems

'; show_error(); show_msg(); -$oss = mirror_get_oss(); +$oss = Mirror::get_oss(); $_GET['sort']=(!empty($_GET['sort']))?$_GET['sort']:'os_name'; $_GET['order']=(!empty($_GET['order']))?$_GET['order']:'ASC'; diff --git a/php/admin/products.php b/php/admin/products.php index e93686f..a0d5187 100644 --- a/php/admin/products.php +++ b/php/admin/products.php @@ -9,7 +9,7 @@ require_once('../cfg/init.php'); // add product if (!empty($_POST['add-submit'])&&!empty($_POST['product_name'])) { - if (mirror_insert_product($_POST['product_name'],$_POST['product_priority'])) { + if (Mirror::insert_product($_POST['product_name'],$_POST['product_priority'])) { set_msg('Product added successfully.'); header('Location: http://'.$_SERVER['HTTP_HOST'].WEBPATH.'/admin/products.php'); exit; @@ -24,7 +24,7 @@ if (!empty($_POST['submit'])) { switch($_POST['action']) { case 'edit': if (!empty($_POST['doit'])) { - if (mirror_update_product($_POST['product_id'],$_POST['product_name'],$_POST['product_priority'])) { + if (Mirror::update_product($_POST['product_id'],$_POST['product_name'],$_POST['product_priority'])) { set_msg('Product updated successfully.'); header('Location: http://'.$_SERVER['HTTP_HOST'].WEBPATH.'/admin/products.php'); exit; @@ -36,7 +36,7 @@ if (!empty($_POST['submit'])) { $nav = INC.'/admin_nav.php'; require_once(HEADER); echo '

Edit Product

'; - $posts = mirror_get_one_product($_POST['product_id']); + $posts = Mirror::get_one_product($_POST['product_id']); form_start(); include_once(INC.'/forms/product.php'); form_hidden('doit','1'); @@ -49,7 +49,7 @@ if (!empty($_POST['submit'])) { } break; case 'delete': - if (!record_exists('mirror_locations','product_id',$_POST['product_id'])&&mirror_delete_product($_POST['product_id'])) { + if (!record_exists('mirror_locations','product_id',$_POST['product_id'])&&Mirror::delete_product($_POST['product_id'])) { set_msg('Product deleted successfully.'); } else { set_error('Product cannot be deleted because it is being used by a file location.'); @@ -69,7 +69,7 @@ echo '

Products

'; show_error(); show_msg(); -$products = mirror_get_products(); +$products = Mirror::get_products(); $_GET['sort']=(!empty($_GET['sort']))?$_GET['sort']:'product_name'; $_GET['order']=(!empty($_GET['order']))?$_GET['order']:'ASC'; diff --git a/php/admin/pstats.php b/php/admin/pstats.php index e0b4aff..ef887bd 100644 --- a/php/admin/pstats.php +++ b/php/admin/pstats.php @@ -12,7 +12,7 @@ $nav = INC.'/admin_nav.php'; require_once(HEADER); echo '

Product Statistics

'; -$stats = mirror_get_product_stats(); +$stats = Mirror::get_product_stats(); $_GET['sort']=(!empty($_GET['sort']))?$_GET['sort']:'count'; $_GET['order']=(!empty($_GET['order']))?$_GET['order']:'DESC'; @@ -26,4 +26,3 @@ $headers = array( show_list($stats,$headers,'simple'); require_once(FOOTER); -?> diff --git a/php/admin/regions.php b/php/admin/regions.php index f42c0da..0709e43 100644 --- a/php/admin/regions.php +++ b/php/admin/regions.php @@ -9,7 +9,7 @@ require_once('../cfg/init.php'); // add region if (!empty($_POST['add-submit'])&&!empty($_POST['region_name'])) { - if (mirror_insert_region($_POST['region_name'],$_POST['region_priority'])) { + if (Mirror::insert_region($_POST['region_name'],$_POST['region_priority'])) { set_msg('Region added successfully.'); header('Location: http://'.$_SERVER['HTTP_HOST'].WEBPATH.'/admin/regions.php'); exit; @@ -24,7 +24,7 @@ if (!empty($_POST['submit'])) { switch($_POST['action']) { case 'edit': if (!empty($_POST['doit'])) { - if (mirror_update_region($_POST['region_id'],$_POST['region_name'],$_POST['region_priority'])) { + if (Mirror::update_region($_POST['region_id'],$_POST['region_name'],$_POST['region_priority'])) { set_msg('Region updated successfully.'); header('Location: http://'.$_SERVER['HTTP_HOST'].WEBPATH.'/admin/regions.php'); exit; @@ -36,7 +36,7 @@ if (!empty($_POST['submit'])) { $nav = INC.'/admin_nav.php'; require_once(HEADER); echo '

Edit Region

'; - $posts = mirror_get_one_region($_POST['region_id']); + $posts = Mirror::get_one_region($_POST['region_id']); form_start(); include_once(INC.'/forms/region.php'); form_hidden('doit','1'); @@ -49,7 +49,7 @@ if (!empty($_POST['submit'])) { } break; case 'delete': - if (!record_exists('mirror_mirror_region_map','region_id',$_POST['region_id'])&&mirror_delete_region($_POST['region_id'])) { + if (!record_exists('mirror_mirror_region_map','region_id',$_POST['region_id'])&&Mirror::delete_region($_POST['region_id'])) { set_msg('Region deleted successfully.'); } else { set_error('Region cannot be deleted because it is linked to a mirror.'); @@ -69,7 +69,7 @@ echo '

Regions

'; show_error(); show_msg(); -$regions = mirror_get_regions(); +$regions = Mirror::get_regions(); $_GET['sort']=(!empty($_GET['sort']))?$_GET['sort']:'region_name'; $_GET['order']=(!empty($_GET['order']))?$_GET['order']:'ASC'; @@ -98,4 +98,3 @@ form_submit('add-submit','','button1','Add Region'); form_end(); require_once(FOOTER); -?> diff --git a/php/admin/users.php b/php/admin/users.php index 3017c49..4926117 100644 --- a/php/admin/users.php +++ b/php/admin/users.php @@ -9,7 +9,7 @@ require_once('../cfg/init.php'); // add user if (!empty($_POST['add-submit'])&&!empty($_POST['username'])&&!empty($_POST['password'])&&!empty($_POST['rpassword'])) { - if (mirror_insert_user($_POST['username'],$_POST['password'],$_POST['rpassword'],$_POST['user_firstname'],$_POST['user_lastname'],$_POST['user_email'])) { + if (Mirror::insert_user($_POST['username'],$_POST['password'],$_POST['rpassword'],$_POST['user_firstname'],$_POST['user_lastname'],$_POST['user_email'])) { set_msg('User added successfully.'); header('Location: http://'.$_SERVER['HTTP_HOST'].WEBPATH.'/admin/users.php'); exit; @@ -24,7 +24,7 @@ if (!empty($_POST['submit'])) { switch($_POST['action']) { case 'edit': if (!empty($_POST['doit'])) { - if (mirror_update_user($_POST['user_id'],$_POST['username'],$_POST['password'],$_POST['rpassword'],$_POST['user_firstname'],$_POST['user_lastname'],$_POST['user_email'])) { + if (Mirror::update_user($_POST['user_id'],$_POST['username'],$_POST['password'],$_POST['rpassword'],$_POST['user_firstname'],$_POST['user_lastname'],$_POST['user_email'])) { set_msg('User updated successfully.'); header('Location: http://'.$_SERVER['HTTP_HOST'].WEBPATH.'/admin/users.php'); exit; @@ -36,7 +36,7 @@ if (!empty($_POST['submit'])) { $nav = INC.'/admin_nav.php'; require_once(HEADER); echo '

Edit User

'; - $posts = mirror_get_one_user($_POST['user_id']); + $posts = Mirror::get_one_user($_POST['user_id']); form_start(); include_once(INC.'/forms/user.php'); form_hidden('doit','1'); @@ -51,7 +51,7 @@ if (!empty($_POST['submit'])) { case 'delete': if ($_POST['user_id']==$_SESSION['user']['user_id']) { set_error('You cannot delete yourself.'); - } elseif (mirror_delete_user($_POST['user_id'])) { + } elseif (Mirror::delete_user($_POST['user_id'])) { set_msg('User deleted successfully.'); } else { set_error('User could not be deleted because of an error.'); @@ -71,7 +71,7 @@ echo '

Users

'; show_error(); show_msg(); -$users = mirror_get_users(); +$users = Mirror::get_users(); $_GET['sort'] = (!empty($_GET['sort']))?$_GET['sort']:'user_lastname'; $_GET['order'] = (!empty($_GET['order']))?$_GET['order']:'ASC'; diff --git a/php/cfg/admin_init.php b/php/cfg/admin_init.php index 7d22ab3..68f3063 100644 --- a/php/cfg/admin_init.php +++ b/php/cfg/admin_init.php @@ -6,10 +6,9 @@ */ require_once(LIB.'/auth.php'); // auth functions require_once(LIB.'/forms.php'); // form library -require_once(LIB.'/list.php'); // list library -if (!auth_is_valid_session()) { +if (!Auth::is_valid_session()) { header('Location: http://'.$_SERVER['HTTP_HOST'].WEBPATH.'/admin/login.php'); exit; } -?> + diff --git a/php/cfg/init.php b/php/cfg/init.php index 4eb6ed0..3e8f6fb 100644 --- a/php/cfg/init.php +++ b/php/cfg/init.php @@ -10,9 +10,7 @@ require_once(LIB.'/csv.php'); // util file for random functions (no SQL here) $start = microtime_float(); // start timer require_once(LIB.'/mirror.php'); // user and admin functions for the mirror app (some SQL) require_once(LIB.'/db.php'); // core mysql wrappers used in mirror functions -db_connect(DBHOST,DBUSER,DBPASS); // open persistent connection to db -db_select(DBNAME); // select db +DB::connect(DBHOST,DBUSER,DBPASS,DBNAME); // open persistent connection to db if (!empty($protect)) { require_once('admin_init.php'); } -?> diff --git a/php/inc/forms/location.php b/php/inc/forms/location.php index 60e35cb..0d48d2d 100644 --- a/php/inc/forms/location.php +++ b/php/inc/forms/location.php @@ -6,13 +6,13 @@ */ echo '
'; form_label('Product', 'product','label-small'); -form_select('product_id','product','',mirror_get_products_select(),$posts['product_id']); +form_select('product_id','product','',Mirror::get_products_select(),$posts['product_id']); echo ' [edit products]'; echo '

'; echo '
'; form_label('OS', 'os','label-small'); -form_select('os_id','os','',mirror_get_oss_select(),$posts['os_id']); +form_select('os_id','os','',Mirror::get_oss_select(),$posts['os_id']); echo ' [edit operating systems]'; echo '

'; @@ -20,4 +20,4 @@ echo '
'; form_label('File Location', 'floc','label-small'); form_text('location_path', 'floc', '', $posts['location_path'], 30, 100); echo '

'; -?> + diff --git a/php/inc/forms/mirror.php b/php/inc/forms/mirror.php index c1e7dcb..35a3ed7 100644 --- a/php/inc/forms/mirror.php +++ b/php/inc/forms/mirror.php @@ -11,7 +11,7 @@ echo '
'; echo '
'; form_label('Region', 'mregion','label-small'); -form_select('region_id','mregion','',mirror_get_regions_select(),$posts['region_id']); +form_select('region_id','mregion','',Mirror::get_regions_select(),$posts['region_id']); echo ' [edit regions]'; echo '

'; @@ -24,4 +24,3 @@ echo '
'; form_label('Rating', 'mrating','label-small'); form_text('mirror_rating', 'mrating', '', $posts['mirror_rating'], 30, 100); echo '

'; -?> diff --git a/php/index-list.php b/php/index-list.php index 1705ee6..1b158b7 100644 --- a/php/index-list.php +++ b/php/index-list.php @@ -7,25 +7,24 @@ require_once('./cfg/init.php'); require_once(LIB.'/auth.php'); // auth functions require_once(LIB.'/forms.php'); // form library -require_once(LIB.'/list.php'); // list library error_reporting(E_GET); if (!empty($_GET['os'])&&!empty($_GET['product'])) { // clean in os and product strings - $os_name = mysql_real_escape_string(trim(strtolower($_GET['os']))); - $product_name = mysql_real_escape_string(trim(strtolower($_GET['product']))); + $os_name = trim(strtolower(filter_input(INPUT_GET,'os'))); + $product_name = trim(strtolower(filter_input(INPUT_GET,'product'))); // get os and product IDs - $os_id = db_name_to_id('mirror_os','os_id','os_name',$os_name); - $product_id = db_name_to_id('mirror_products','product_id','product_name',$product_name); + $os_id = DB::name_to_id('mirror_os','os_id','os_name',$os_name); + $product_id = DB::name_to_id('mirror_products','product_id','product_name',$product_name); } if (!empty($_GET['os_id'])&&!empty($_GET['product_id'])) { - $os_id = intval($_GET['os_id']); - $product_id = intval($_GET['product_id']); + $os_id = intval(filter_input(INPUT_GET, 'os_id', FILTER_SANITIZE_NUMBER_INT)); + $product_id = intval(filter_input(INPUT_GET, 'product_id', FILTER_SANITIZE_NUMBER_INT)); } if (!empty($os_id)&&!empty($product_id)) { - $mirrors = db_get(" + $mirrors = DB::get(" SELECT DISTINCT mirror_baseurl, location_path FROM @@ -39,13 +38,13 @@ if (!empty($os_id)&&!empty($product_id)) { ON mirror_location_mirror_map.location_id = mirror_locations.location_id WHERE - mirror_locations.os_id = {$os_id} AND - mirror_locations.product_id = {$product_id} AND + mirror_locations.os_id = ? AND + mirror_locations.product_id = ? AND mirror_location_mirror_map.location_active = '1' AND mirror_mirrors.mirror_active = '1' ORDER BY mirror_rating DESC, mirror_baseurl - "); + ", PDO::FETCH_ASSOC, [$os_id, $product_id]); header("Content-type: text/plain;"); foreach ($mirrors as $mirror) { @@ -68,13 +67,13 @@ if (!empty($os_id)&&!empty($product_id)) { form_start('list','list','get','./index-list.php'); echo '
'; form_label('Product', 'product','label-small'); - form_select('product_id','product','',mirror_get_products_select(),$_GET['product_id']); + form_select('product_id','product','',Mirror::get_products_select(),$_GET['product_id']); echo ' [edit products]'; echo '

'; echo '
'; form_label('OS', 'os','label-small'); - form_select('os_id','os','',mirror_get_oss_select(),$_GET['os_id']); + form_select('os_id','os','',Mirror::get_oss_select(),$_GET['os_id']); echo ' [edit operating systems]'; echo '

'; form_submit('submit','','button1','Update'); diff --git a/php/index.php b/php/index.php index eacb99e..28b29b8 100644 --- a/php/index.php +++ b/php/index.php @@ -15,45 +15,44 @@ if (empty($_GET['os'])) { // do we even have an os or product? if (!empty($_GET['os'])&&!empty($_GET['product'])) { require_once(LIB.'/db.php'); // core mysql wrappers - db_connect(DBHOST,DBUSER,DBPASS); // open persistent connection to db - db_select(DBNAME); // select db + DB::connect(DBHOST,DBUSER,DBPASS,DBNAME); // open persistent connection to db // clean in os and product strings - $os_name = mysql_real_escape_string(trim(strtolower($_GET['os']))); - $product_name = mysql_real_escape_string(trim(strtolower($_GET['product']))); + $os_name = trim(strtolower($_GET['os'])); + $product_name = trim(strtolower($_GET['product'])); // get os and product IDs - $os_id = db_name_to_id('mirror_os','os_id','os_name',$os_name); - $product_id = db_name_to_id('mirror_products','product_id','product_name',$product_name); + $os_id = DB::name_to_id('mirror_os','os_id','os_name',$os_name); + $product_id = DB::name_to_id('mirror_products','product_id','product_name',$product_name); // do we have a valid os and product? if (!empty($os_id)&&!empty($product_id)) { - $location = db_get_one("SELECT location_id,location_path FROM mirror_locations WHERE product_id={$product_id} AND os_id={$os_id}"); + $location = DB::get_one("SELECT location_id,location_path FROM mirror_locations WHERE product_id={$product_id} AND os_id={$os_id}"); // did we get a valid location? if (!empty($location)) { - $mirror = db_get_one("SELECT mirror_mirrors.mirror_id,mirror_baseurl FROM mirror_mirrors, mirror_location_mirror_map WHERE mirror_mirrors.mirror_id = mirror_location_mirror_map.mirror_id AND mirror_location_mirror_map.location_id = {$location['location_id']} AND mirror_active='1' AND location_active ='1' ORDER BY rand()*(1/mirror_rating)"); + $mirror = DB::get_one("SELECT mirror_mirrors.mirror_id,mirror_baseurl FROM mirror_mirrors, mirror_location_mirror_map WHERE mirror_mirrors.mirror_id = mirror_location_mirror_map.mirror_id AND mirror_location_mirror_map.location_id = {$location['location_id']} AND mirror_active='1' AND location_active ='1' ORDER BY rand()*(1/mirror_rating)"); // did we get a valid mirror? if (!empty($mirror)) { // if logging is enabled, insert log if (LOGGING) { - db_query("UPDATE mirror_mirrors SET mirror_count=mirror_count+1 WHERE mirror_id={$mirror['mirror_id']}"); - db_query("UPDATE mirror_products SET product_count=product_count+1 WHERE product_id={$product_id}"); + DB::query("UPDATE mirror_mirrors SET mirror_count=mirror_count+1 WHERE mirror_id={$mirror['mirror_id']}"); + DB::query("UPDATE mirror_products SET product_count=product_count+1 WHERE product_id={$product_id}"); } - + // LANGUAGE HACK - if (!empty($_GET['lang'])) { + if (!empty($_GET['lang'])) { //// $location['location_path'] = str_replace('x86',$_GET['lang'],$location['location_path']); - $location['location_path'] = str_replace('en-US',$_GET['lang'],$location['location_path']); - } - - // BitTorrent HACK - robbat2 - if (!empty($_GET['extra'])) { - $extra = $_GET['extra']; - $location['location_path'] .= ereg_replace('\?.*|&.*','',$extra); - } + $location['location_path'] = str_replace('en-US',$_GET['lang'],$location['location_path']); + } + + // BitTorrent HACK - robbat2 + if (!empty($_GET['extra'])) { + $extra = $_GET['extra']; + $location['location_path'] .= ereg_replace('\?.*|&.*','',$extra); + } // if we are just testing, then just print and exit. if (!empty($_GET['print'])) { @@ -69,7 +68,5 @@ if (!empty($_GET['os'])&&!empty($_GET['product'])) { } } -// if we get here, the request was invalid; redirect to mozilla home +// if we get here, the request was invalid; redirect to Gentoo home header('Location: http://www.gentoo.org/'); -exit; -?> diff --git a/php/lib/auth.php b/php/lib/auth.php index f03db32..eb6319c 100644 --- a/php/lib/auth.php +++ b/php/lib/auth.php @@ -1,4 +1,6 @@ 0) { - $buf = db_fetch($res,MYSQL_ASSOC); + $cookieAdmin = filter_input(INPUT_COOKIE, 'mozilla-mirror-admin'); + if (!empty($cookieAdmin)) { // check cookie + $res = DB::query("SELECT * FROM mirror_sessions WHERE session_id = ?", [$cookieAdmin]); // check db for id + if ($res && DB::numrows($res)>0) { + $buf = DB::fetch($res,PDO::FETCH_ASSOC); // comment line below to disable gc and allow multiple sessions per username - db_query("DELETE FROM mirror_sessions WHERE username='{$buf['username']}' AND session_id != '{$_COOKIE['mozilla-mirror-admin']}'"); // garbage collection - $user = db_fetch(db_query("SELECT * FROM mirror_users WHERE username='{$buf['username']}'"),MYSQL_ASSOC); + DB::query("DELETE FROM mirror_sessions WHERE username=? AND session_id != ?", [$buf['username'], $cookieAdmin]); // garbage collection + $user = DB::fetch(DB::query("SELECT * FROM mirror_users WHERE username=?", [$buf['username']]),PDO::FETCH_ASSOC); if (empty($_SESSION)) { - auth_create_session($user); // if session isn't started, create it and push user data + static::create_session($user); // if session isn't started, create it and push user data } return true; } @@ -34,42 +37,57 @@ function auth_is_valid_session() * @param string $password * @return array|bool array containing user data or false on failure */ -function auth_mysql($username,$password) +public static function query($username,$password) { if (empty($username)||empty($password)) { return false; - } - $username = trim(strip_tags(addslashes($username))); - $password = trim(strip_tags(addslashes($password))); - $res = db_query("SELECT * FROM mirror_users WHERE username='{$username}' AND password=MD5('{$password}')"); - if ($res && db_numrows($res)>0) { - return db_fetch($res,MYSQL_ASSOC); + } + $username = trim(strip_tags($username)); + $password = trim(strip_tags($password)); + $res = DB::query("SELECT * FROM mirror_users WHERE username=?", [$username]); + if ($res && DB::numrows($res)>0) { + $userrow = DB::fetch($res,PDO::FETCH_ASSOC); + if (!password_verify($password, $userrow['password'])) { + if ($userrow['password'] !== md5($password)) + return false; + static::password_upgrade($userrow, $username, $password); + } + if (password_needs_rehash($userrow['password'], PASSWORD_DEFAULT)) + static::password_upgrade($userrow, $username, $password); + return $userrow; } else { return false; } } +private static function password_upgrade($userrow, $username, $password) { + require_once(LIB.'/mirror.php'); //Upgrade password security + Mirror::update_user($userrow['user_id'],$username,$password,$password,$userrow['firstname'],$userrow['lastname'],$userrow['email']); +} + /** * Start a valid session. * @param array $user array containing user information. */ -function auth_create_session($user,$secure=0) +public static function create_session($user,$secure=0) { session_name('mozilla-mirror-admin'); session_set_cookie_params(0,'/',$_SERVER['HTTP_HOST'],$secure); session_start(); - db_query("INSERT INTO mirror_sessions(session_id,username) VALUES('".session_id()."','{$user['username']}')"); + DB::query("INSERT INTO mirror_sessions(session_id,username) VALUES(?,?)", [session_id(), $user['username']]); $_SESSION['user']=$user; } /** * Logout. */ -function auth_logout() +public static function logout() { // comment line below to keep gc from deleting other sessions for this user - db_query("DELETE FROM mirror_sessions WHERE session_id='{$_COOKIE['mozilla-mirror-admin']}' OR username='{$_SESSION['user']['username']}'"); - $_COOKIE = array(); + $cookieAdmin = filter_input(INPUT_COOKIE, 'mozilla-mirror-admin'); + DB::query("DELETE FROM mirror_sessions WHERE session_id=? OR username=?", [$cookieAdmin, $_SESSION['user']['username']]); + $_COOKIE = array(); $_SESSION = array(); } -?> + +} diff --git a/php/lib/csv.php b/php/lib/csv.php index e98d37c..12dff67 100644 --- a/php/lib/csv.php +++ b/php/lib/csv.php @@ -5,7 +5,7 @@ * * if ($_GET['csv']) * { - * $res=db_query("SELECT * FROM fic_courses"); + * $res=DB::query("SELECT * FROM fic_courses"); * csv_send_csv($res); * exit; * } @@ -24,7 +24,7 @@ function csv_export_to_csv($res) { // parse all results, format for CSV - while ( $buf=db_fetch($res,MYSQL_ASSOC) ) + while ( $buf=DB::fetch($res,PDO::FETCH_ASSOC) ) { // get the keys (headers), if not already done if ( empty($heads) ) diff --git a/php/lib/db.php b/php/lib/db.php index 3f9435f..6882064 100644 --- a/php/lib/db.php +++ b/php/lib/db.php @@ -5,60 +5,51 @@ * @subpackage lib */ +class DB { + + private $dsn; + private $result; /** * Connect to a MySQL database server. * @param string $host db server, defaults to localhost * @param string $user db username - * @param string $password db password - * @return resource dbh + * @param string $password db password + * @return PDO dbh */ -function db_connect($host='localhost',$user=null,$password=null) +public static function connect($host='localhost',$user=null,$password=null,$database=null) { - static $dbh = null; if (!empty($host) && isset($user) && isset($password)) { - $dbh = @mysql_connect($host,$user,$password); - } - if (is_resource($dbh)) { - return $dbh; + $dsn = "mysql:host={$host}"; + if(!empty($database)) $dsn .= ";database={$database}"; + $options = [PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]; + static::$dbh = new PDO($dsn, $user, $password, $options); } - else die("Unable to create database connection in db_connect()"); -} - -/** - * Select database. - * @param string $database name of the database to select - * @param resource $dbh valid dbh, null if not defined - * @return bool success of command - */ -function db_select($database,$dbh=null) -{ - if(is_resource($dbh)){ - return @mysql_select_db($database); - }else{ - return @mysql_select_db($database, db_connect()); + if (static::$dbh instanceof PDO) { + return static::$dbh; } - + die("Unable to create database connection in DB::connect()"); } /** * Execute a MySQL query. * @param string $qry MySQL query - * @param resource $dbh valid dbh */ -function db_query($qry=null,$dbh=null) +public static function query($qry=null, $parameters=[]) { - static $result = null; - if(!is_resource($dbh)) $dbh = db_connect(); + if(!(static::$dbh instanceof PDO)) static::$dbh = static::connect(); if(is_null($qry)) { - if(is_resource($result)) return $result; + if(static::$result instanceof PDOStatement) return static::$result; else return false; } - else - { - $result = @mysql_query($qry,$dbh); - return $result; + if(!empty($parameters)) { + static::$result = static::$dbh->prepare($query); + static::$result->execute($parameters); } + else { + static::$result = static::$dbh->query($qry); + } + return static::$result; } /** @@ -66,198 +57,90 @@ function db_query($qry=null,$dbh=null) * @param string $result (default to null) * @return array */ -function db_fetch($result=null,$type=MYSQL_BOTH) +public static function fetch($result=null,$type=PDO::FETCH_BOTH) { - return (!is_resource($result))? @mysql_fetch_array(db_query()) : @mysql_fetch_array($result,$type); + if (is_null($result) && static::$result instanceof PDOStatement) + $result = static::$result; + if (!$result instanceof PDOStatement) + throw new InvalidArgumentException("Fetch called before query issued"); + return $result->fetch($type); } /** - * Fetch an array based on a query. + * Fetch an array based on a query. * @param string $query database query * @param int $type result type * @param string $col_id if passed it, the values of this column in the result set will be used as the array keys in the returned array * @return array $list array of database rows * Example of returned array: * - * db_get("SELECT * FROM table",MYSQL_ASSOC); + * DB::get("SELECT * FROM table",PDO::FETCH_ASSOC); * returns... * Array * ( * [0] => Array * ( * [id] => 1 - * [field1] => data1 + * [field1] => data1 * [field2] => data2 * ) * * ) * */ -function db_get($query,$type=MYSQL_BOTH,$col_id=NULL) +public static function get($query,$type=PDO::FETCH_BOTH,$col_id=NULL,$parameters=[]) { - $res = db_query($query); - $list = array(); - if (is_resource($res) && !is_null($col_id) && ($type == MYSQL_BOTH || $type == MYSQL_ASSOC) && @mysql_num_rows($res) !== 0) { - $col_test = db_fetch($res,$type); - @mysql_data_seek($res, 0); + $res = static::query($query, $parameters); + $list = []; + if ($res instanceof PDOStatement && !is_null($col_id) && ($type === PDO::FETCH_BOTH || $type == PDO::FETCH_ASSOC) && $res->rowCount() !== 0) { + $col_test = static::fetch($res,$type); if (array_key_exists($col_id,$col_test)) { - while ( $buf = db_fetch($res,$type) ) { + $list[$col_test[$col_id]] = $col_test; + while ( $buf = static::fetch($res,$type) ) { $list[$buf[$col_id]] = $buf; } return $list; } } - while ( $buf = db_fetch($res,$type) ) { - $list[] = $buf; + if ($res instanceof PDOStatement) { + $list = $res->fetchAll($type); } return $list; } -/** - * Get all of the fieldnames for the specified table. - * @param string $table name of table to describe - * @return array array of column names, must be an array - */ -function db_fieldnames($table) -{ - $dbh = db_connect(); - $results = db_query("DESCRIBE $table"); - if (is_resource($results)) - { - while ($buf=db_fetch($results)) - { - $field_names[] = $buf[0]; - } - } - else - { - $field_names[] = 0; - } - return $field_names; -} - -/** - * Create a MySQL INSERT statement based on $_POST array generated by form submission. - * - * @param array $vars array of posts - * @param string $table name of the table that fields will be inserted into - * @return string $query resulting MySQL insert string - */ -function db_makeinsert($vars,$table) -{ - $dbh = db_connect(); - $fields = db_fieldnames($table); - foreach ($fields as $field) - { - if (get_magic_quotes_gpc) $vars[$field] = stripslashes($vars[$field]); - $vars[$field] = addslashes($vars[$field]); - if (isset($vars[$field])) - { - isset($q1)?$q1 .= ','.$field:$q1='INSERT INTO '.$table.'('.$field; - isset($q2)?$q2 .= ",'$vars[$field]'":$q2=" VALUES('$vars[$field]'"; - } - } - $q1 .= ')'; - $q2 .= ')'; - $query = $q1.$q2; - return $query; -} - -/** - * Create a MySQL REPLACE statement based on $_POST array generated by form submission. - * - * @param array $vars array of posts - * @param string $table name of the table that fields will be inserted into - * @return string $query resulting MySQL insert string - */ -function db_makereplace($vars,$table) -{ - $dbh = db_connect(); - $fields = db_fieldnames($table); - foreach ($fields as $field) - { - if (get_magic_quotes_gpc) $vars[$field] = stripslashes($vars[$field]); - $vars[$field] = addslashes($vars[$field]); - if (isset($vars[$field])) - { - isset($q1)?$q1 .= ','.$field:$q1='REPLACE INTO '.$table.'('.$field; - isset($q2)?$q2 .= ",'$vars[$field]'":$q2=" VALUES('$vars[$field]'"; - } - } - $q1 .= ')'; - $q2 .= ')'; - $query = $q1.$q2; - return $query; -} - -/** - * Create a MySQL UPDATE statement based on $_POST array generated by form submission. - * - * @param array $vars array of posts - * @param string $table name of the table that fields will be inserted into - * @param string $where where clause, describing which records are to be updated - */ -function db_makeupdate($vars,$table,$where) -{ - $dbh = db_connect(); - $fields = db_fieldnames($table); - foreach ($fields as $field) - { - if (isset($vars[$field])) - { - if (get_magic_quotes_gpc()) $vars[$field] = stripslashes($vars[$field]); - $vars[$field]=addslashes($vars[$field]); - $q1 = isset($q1)?$q1 .= ' ,'.$field."='$vars[$field]'":'UPDATE '.$table.' set '.$field."='$vars[$field]'"; - } - } - $query = $q1.' '.$where; - return $query; -} - /** * Since PHP's mysql_insert_id() sometimes throws an error, this is the replacement - * @param resource $dbh optional dbh to get the last inserted id from + * @param PDO $dbh optional dbh to get the last inserted id from * @return int the return value of MySQL's last_insert_id() */ -function db_insert_id($dbh=null) +public static function insert_id($dbh=null) { - if(!is_resource($dbh)) $dbh = db_connect(); - $buf = db_fetch(db_query("SELECT LAST_INSERT_ID()", $dbh)); - return empty($buf[0]) ? false : $buf[0]; + if(!($dbh instanceof PDO)) $dbh = static::connect(); + $buf = $dbh->lastInsertId(); + return empty($buf) ? false : $buf; } /** * Determine number of rows in result. - * @param resource $result mysql result + * @param PDOStatement $result mysql result * @return int number of rows in query result */ -function db_numrows($result=null) +function numrows($result=null) { - return (!is_resource($result))? @mysql_num_rows(db_query()) : @mysql_num_rows($result); + if (is_null($result) && static::$result instanceof PDOStatement) + $result = static::$result; + if (!$result instanceof PDOStatement) + throw new InvalidArgumentException("numrows called before query issued"); + return $result->rowCount(); } /** * Close the db connection. If a dbh is not specified, assume the last opened link. * @param resource $dbh optional dbh to close */ -function db_close($dbh=null) +public static function close($dbh=null) { - return is_resource($dbh)?@mysql_close($dbh):@mysql_close(); + return ($dbh instanceof PDO)?$dbh=null:static::$dbh=null; } /** @@ -265,8 +148,8 @@ function db_close($dbh=null) * @param string $query query * @param int $type result type */ -function db_get_one($query,$type=MYSQL_ASSOC) { - $buf = db_get($query.' LIMIT 1',$type); +public static function get_one($query,$type=PDO::FETCH_ASSOC,$parameters=[]) { + $buf = static::get($query.' LIMIT 1',$type,$parameters); return $buf[0]; } @@ -277,22 +160,10 @@ function db_get_one($query,$type=MYSQL_ASSOC) { * @param string $name_col * @param string $name */ -function db_name_to_id($table,$id_col,$name_col,$name) +public static function name_to_id($table,$id_col,$name_col,$name) { - $buf = db_get_one("SELECT {$id_col} FROM {$table} WHERE {$name_col} = '{$name}'", MYSQL_NUM); + $buf = static::get_one("SELECT {$id_col} FROM {$table} WHERE {$name_col} = :name", PDO::FETCH_NUM, [':name' => $name]); return $buf[0]; } -/** - * Sets enum booleans to their opposite - * @param string $table - * @param string $pri - * @param string $col - * @param array $id - * @return int - */ -function db_toggle_bool($table, $pri, $col, $id) -{ - return db_query("UPDATE {$table} SET {$col} = IF({$col} = '1', '0', '1') WHERE {$pri} = {$id}"); } -?> diff --git a/php/lib/mirror.php b/php/lib/mirror.php index a618a86..ac3e904 100644 --- a/php/lib/mirror.php +++ b/php/lib/mirror.php @@ -6,13 +6,15 @@ * @todo add transactions once innodb table types are in place */ +class Mirror { + /** * Get an alpha-list of regions for select list. * @return array $regions */ -function mirror_get_regions_select() +public static function get_regions_select() { - $regions = db_get("SELECT region_id,region_name FROM mirror_regions ORDER BY region_name ASC",MYSQL_ASSOC); + $regions = DB::get("SELECT region_id,region_name FROM mirror_regions ORDER BY region_name ASC",PDO::FETCH_ASSOC); foreach ($regions as $region) { $retval[$region['region_id']]=$region['region_name']; } @@ -23,9 +25,9 @@ function mirror_get_regions_select() * Get an priority-list of regions for select list. * @return array $regions */ -function mirror_get_regions_select_priority() +public static function get_regions_select_priority() { - $regions = db_get("SELECT region_id,region_name FROM mirror_regions ORDER BY region_priority ASC",MYSQL_ASSOC); + $regions = DB::get("SELECT region_id,region_name FROM mirror_regions ORDER BY region_priority ASC",PDO::FETCH_ASSOC); foreach ($regions as $region) { $retval[$region['region_id']]=$region['region_name']; } @@ -37,10 +39,10 @@ function mirror_get_regions_select_priority() * @param string $name * @param int $priority * @return bool - */ -function mirror_insert_region($name,$priority) + */ +public static function insert_region($name,$priority) { - return db_query("INSERT INTO mirror_regions(region_name,region_priority) VALUES('{$name}',{$priority})"); + return DB::query("INSERT INTO mirror_regions(region_name,region_priority) VALUES(?,?)", [$name, $priority]); } /** @@ -49,10 +51,10 @@ function mirror_insert_region($name,$priority) * @param string $name * @param int $priority * @return bool - */ -function mirror_update_region($id,$name,$priority) + */ +public static function update_region($id,$name,$priority) { - return db_query("UPDATE mirror_regions SET region_name='{$name}',region_priority={$priority} WHERE region_id={$id}"); + return DB::query("UPDATE mirror_regions SET region_name=?,region_priority=? WHERE region_id=?", [$name, $priority, $id]); } /** @@ -60,9 +62,9 @@ function mirror_update_region($id,$name,$priority) * @param int $id * @return array */ -function mirror_get_one_region($id) +public static function get_one_region($id) { - return db_get_one("SELECT * FROM mirror_regions WHERE region_id = {$id}"); + return DB::get_one("SELECT * FROM mirror_regions WHERE region_id = ?", PDO::FETCH_ASSOC, [$id]); } /** @@ -70,18 +72,18 @@ function mirror_get_one_region($id) * @param int $id * @return bool */ -function mirror_delete_region($id) +public static function delete_region($id) { - return db_query("DELETE FROM mirror_regions WHERE region_id={$id}"); + return DB::query("DELETE FROM mirror_regions WHERE region_id=?", [$id]); } /** * Get an alpha-list of mirrors for select list. * @return array $mirrors */ -function mirror_get_mirrors_select() +public static function get_mirrors_select() { - $mirrors = db_get("SELECT mirror_id,mirror_name FROM mirror_mirrors ORDER BY mirror_name ASC",MYSQL_ASSOC); + $mirrors = DB::get("SELECT mirror_id,mirror_name FROM mirror_mirrors ORDER BY mirror_name ASC",PDO::FETCH_ASSOC); foreach ($mirrors as $mirror) { $retval[$mirror['mirror_id']]=$mirror['mirror_name']; } @@ -92,21 +94,21 @@ function mirror_get_mirrors_select() * Get regions. * @return array */ -function mirror_get_regions() +public static function get_regions() { - return db_get(" - SELECT + return DB::get(" + SELECT mirror_regions.*, COUNT(mirror_id) as mirrors - FROM + FROM mirror_regions LEFT JOIN mirror_mirror_region_map ON mirror_regions.region_id = mirror_mirror_region_map.region_id GROUP BY - mirror_regions.region_id - ",MYSQL_ASSOC); + mirror_regions.region_id + ",PDO::FETCH_ASSOC); } /** @@ -117,9 +119,10 @@ function mirror_get_regions() * @param int $rating * @return bool */ -function mirror_insert_mirror($name,$region_id,$baseurl,$rating) +public static function insert_mirror($name,$region_id,$baseurl,$rating) { - return (db_query("INSERT INTO mirror_mirrors(mirror_name,mirror_baseurl,mirror_rating) VALUES('{$name}','{$baseurl}','{$rating}')") && db_query("INSERT INTO mirror_mirror_region_map(mirror_id,region_id) VALUES('".db_insert_id()."','$region_id')"))?true:false; + return (DB::query("INSERT INTO mirror_mirrors(mirror_name,mirror_baseurl,mirror_rating) VALUES(?,?,?)", [$name, $baseurl, $rating]) && + DB::query("INSERT INTO mirror_mirror_region_map(mirror_id,region_id) VALUES(?,?)", [DB::insert_id(), $region_id]))?true:false; } /** @@ -130,18 +133,20 @@ function mirror_insert_mirror($name,$region_id,$baseurl,$rating) * @param int $rating * @return bool */ -function mirror_update_mirror($id,$name,$region_id,$baseurl,$rating) +public static function update_mirror($id,$name,$region_id,$baseurl,$rating) { - return (db_query("UPDATE mirror_mirrors SET mirror_name='{$name}',mirror_baseurl='{$baseurl}',mirror_rating='{$rating}' WHERE mirror_id={$id}") && db_query("UPDATE mirror_mirror_region_map SET region_id={$region_id} WHERE mirror_id={$id}"))?true:false; + return (DB::query("UPDATE mirror_mirrors SET mirror_name=?,mirror_baseurl=?,mirror_rating=? WHERE mirror_id=?", [$name, $baseurl, $rating, $id]) + && DB::query("UPDATE mirror_mirror_region_map SET region_id=? WHERE mirror_id=?", [$region_id, $id]))?true:false; } /** * Delete mirror. * @return bool */ -function mirror_delete_mirror($mirror_id) +public static function delete_mirror($mirror_id) { - return (db_query("DELETE FROM mirror_mirrors WHERE mirror_id={$mirror_id}")&&db_query("DELETE FROM mirror_mirror_region_map WHERE mirror_id={$mirror_id}"))?true:false; + return (DB::query("DELETE FROM mirror_mirrors WHERE mirror_id=?", [$mirror_id]) + && DB::query("DELETE FROM mirror_mirror_region_map WHERE mirror_id=?", [$mirror_id]))?true:false; } /** @@ -149,18 +154,18 @@ function mirror_delete_mirror($mirror_id) * @param int $mirror_id * @return array mirror information */ -function mirror_get_one_mirror($mirror_id) +public static function get_one_mirror($mirror_id) { - return db_get_one("SELECT mirror_mirrors.*,region_id FROM mirror_mirrors,mirror_mirror_region_map WHERE mirror_mirrors.mirror_id={$mirror_id} AND mirror_mirrors.mirror_id=mirror_mirror_region_map.mirror_id"); + return DB::get_one("SELECT mirror_mirrors.*,region_id FROM mirror_mirrors JOIN mirror_mirror_region_map USING(mirror_id) WHERE mirror_mirrors.mirror_id=?", PDO::FETCH_ASSOC, [$mirror_id]); } /** * Get list of mirrors. * @return array */ -function mirror_get_mirrors() +public static function get_mirrors() { - return db_get(" + return DB::get(" SELECT mirror_mirrors.*, IF(mirror_mirrors.mirror_active='0','DISABLED','ok') as mirror_active, @@ -172,7 +177,7 @@ function mirror_get_mirrors() WHERE mirror_regions.region_id = mirror_mirror_region_map.region_id AND mirror_mirrors.mirror_id = mirror_mirror_region_map.mirror_id - ",MYSQL_ASSOC); + ",PDO::FETCH_ASSOC); } /** @@ -181,9 +186,9 @@ function mirror_get_mirrors() * @param int $priority * @return bool */ -function mirror_insert_product($name,$priority) +public static function insert_product($name,$priority) { - return db_query("INSERT INTO mirror_products(product_name,product_priority) VALUES('{$name}',{$priority})"); + return DB::query("INSERT INTO mirror_products(product_name,product_priority) VALUES(?,?)", [$name, $priority]); } /** @@ -193,9 +198,9 @@ function mirror_insert_product($name,$priority) * @param int $priority * @return bool */ -function mirror_update_product($id,$name,$priority) +public static function update_product($id,$name,$priority) { - return db_query("UPDATE mirror_products SET product_name='{$name}',product_priority={$priority} WHERE product_id={$id}"); + return DB::query("UPDATE mirror_products SET product_name=?,product_priority=? WHERE product_id=?", [$name, $priority, $id]); } /** @@ -203,9 +208,9 @@ function mirror_update_product($id,$name,$priority) * @param int $id * @return array */ -function mirror_get_one_product($id) +public static function get_one_product($id) { - return db_get_one("SELECT * FROM mirror_products WHERE product_id = {$id}"); + return DB::get_one("SELECT * FROM mirror_products WHERE product_id = ?", PDO::FETCH_ASSOC ,[$id]); } /** @@ -213,23 +218,18 @@ function mirror_get_one_product($id) * @param int $id * @return bool */ -function mirror_delete_product($id) +public static function delete_product($id) { - return db_query("DELETE FROM mirror_products WHERE product_id={$id}"); + return DB::query("DELETE FROM mirror_products WHERE product_id=?", [$id]); } /** * Get products. * @return array */ -function mirror_get_products() +public static function get_products() { - return db_get(" - SELECT - * - FROM - mirror_products - ",MYSQL_ASSOC); + return DB::get("SELECT * FROM mirror_products",PDO::FETCH_ASSOC); } /** @@ -237,10 +237,10 @@ function mirror_get_products() * @param string $name * @param int $priority * @return bool - */ -function mirror_insert_os($name,$priority) + */ +public static function insert_os($name,$priority) { - return db_query("INSERT INTO mirror_os(os_name,os_priority) VALUES('{$name}',{$priority})"); + return DB::query("INSERT INTO mirror_os(os_name,os_priority) VALUES(?,?)", [$name, $priority]); } /** @@ -249,10 +249,10 @@ function mirror_insert_os($name,$priority) * @param string $name * @param int $priority * @return bool - */ -function mirror_update_os($id,$name,$priority) + */ +public static function update_os($id,$name,$priority) { - return db_query("UPDATE mirror_os SET os_name='{$name}',os_priority={$priority} WHERE os_id={$id}"); + return DB::query("UPDATE mirror_os SET os_name=?,os_priority=? WHERE os_id=?", [$name, $priority, $id]); } /** @@ -260,9 +260,9 @@ function mirror_update_os($id,$name,$priority) * @param int $id * @return array */ -function mirror_get_one_os($id) +public static function get_one_os($id) { - return db_get_one("SELECT * FROM mirror_os WHERE os_id = {$id}"); + return DB::get_one("SELECT * FROM mirror_os WHERE os_id = ?", PDO::FETCH_ASSOC, [$id]); } /** @@ -270,32 +270,27 @@ function mirror_get_one_os($id) * @param int $id * @return bool */ -function mirror_delete_os($id) +public static function delete_os($id) { - return db_query("DELETE FROM mirror_os WHERE os_id={$id}"); + return DB::query("DELETE FROM mirror_os WHERE os_id=?", [$id]); } /** * Get operating systems. * @return array */ -function mirror_get_oss() +public static function get_oss() { - return db_get(" - SELECT - * - FROM - mirror_os - ",MYSQL_ASSOC); + return DB::get("SELECT * FROM mirror_os",PDO::FETCH_ASSOC); } /** * Get an alpha-list of operating systems for select list. * @return array $oss */ -function mirror_get_oss_select() +public static function get_oss_select() { - $oss = db_get("SELECT os_id,os_name FROM mirror_os ORDER BY os_name ASC",MYSQL_ASSOC); + $oss = DB::get("SELECT os_id,os_name FROM mirror_os ORDER BY os_name ASC",PDO::FETCH_ASSOC); foreach ($oss as $os) { $retval[$os['os_id']]=$os['os_name']; } @@ -306,9 +301,9 @@ function mirror_get_oss_select() * Get an priority-list of operating systems for select list. * @return array $oss */ -function mirror_get_oss_select_priority() +public static function get_oss_select_priority() { - $oss = db_get("SELECT os_id,os_name FROM mirror_os ORDER BY os_priority ASC",MYSQL_ASSOC); + $oss = DB::get("SELECT os_id,os_name FROM mirror_os ORDER BY os_priority ASC",PDO::FETCH_ASSOC); foreach ($oss as $os) { $retval[$os['os_id']]=$os['os_name']; } @@ -319,9 +314,9 @@ function mirror_get_oss_select_priority() * Get an alpha-list of products for select list. * @return array $products */ -function mirror_get_products_select() +public static function get_products_select() { - $products = db_get("SELECT product_id,product_name FROM mirror_products ORDER BY product_name ASC",MYSQL_ASSOC); + $products = DB::get("SELECT product_id,product_name FROM mirror_products ORDER BY product_name ASC",PDO::FETCH_ASSOC); foreach ($products as $product) { $retval[$product['product_id']]=$product['product_name']; } @@ -332,9 +327,9 @@ function mirror_get_products_select() * Get an priority-list of operating systems for select list. * @return array $oss */ -function mirror_get_products_select_priority() +public static function get_products_select_priority() { - $products = db_get("SELECT product_id,product_name FROM mirror_products ORDER BY product_priority ASC",MYSQL_ASSOC); + $products = DB::get("SELECT product_id,product_name FROM mirror_products ORDER BY product_priority ASC",PDO::FETCH_ASSOC); foreach ($products as $product) { $retval[$product['product_id']]=$product['product_name']; } @@ -348,9 +343,9 @@ function mirror_get_products_select_priority() * @param string $path * @return bool */ -function mirror_insert_location($product,$os,$path) +public static function insert_location($product,$os,$path) { - return db_query("INSERT INTO mirror_locations(product_id,os_id,location_path) VALUES({$product},{$os},'{$path}')"); + return DB::query("INSERT INTO mirror_locations(product_id,os_id,location_path) VALUES(?,?,?)", [$product, $os, $path]); } /** @@ -361,9 +356,9 @@ function mirror_insert_location($product,$os,$path) * @param string $path * @return bool */ -function mirror_update_location($location,$product,$os,$path) +public static function update_location($location,$product,$os,$path) { - return db_query("UPDATE mirror_locations SET product_id={$product},os_id={$os},location_path='{$path}' WHERE location_id={$location}"); + return DB::query("UPDATE mirror_locations SET product_id=?,os_id=?,location_path=? WHERE location_id=?", [$product, $os, $path, $location]); } /** @@ -371,18 +366,18 @@ function mirror_update_location($location,$product,$os,$path) * @param int $id * @return bool */ -function mirror_delete_location($id) +public static function delete_location($id) { - return db_query("DELETE FROM mirror_locations WHERE location_id={$id}"); + return DB::query("DELETE FROM mirror_locations WHERE location_id=?", [$id]); } /** * Get locations. * @return array $locations array containing all location information. */ -function mirror_get_locations() +public static function get_locations() { - return db_get(" + return DB::get(" SELECT location_id, product_name, @@ -395,7 +390,7 @@ function mirror_get_locations() WHERE mirror_locations.product_id = mirror_products.product_id AND mirror_locations.os_id = mirror_os.os_id - "); + "); } /** @@ -403,9 +398,9 @@ function mirror_get_locations() * @param int $id * @return array */ -function mirror_get_one_location($id) +public static function get_one_location($id) { - return db_get_one("SELECT * FROM mirror_locations WHERE location_id = {$id}"); + return DB::get_one("SELECT * FROM mirror_locations WHERE location_id = ?", PDO::FETCH_ASSOC, [$id]); } /** @@ -418,10 +413,12 @@ function mirror_get_one_location($id) * @param string $email * @return bool */ -function mirror_insert_user($username,$password,$rpassword,$firstname,$lastname,$email) +public static function insert_user($username,$password,$rpassword,$firstname,$lastname,$email) { if ($password==$rpassword) { - return db_query("INSERT INTO mirror_users(username,password,user_firstname,user_lastname,user_email) VALUES('{$username}',MD5('{$password}'),'{$firstname}','{$lastname}','{$email}')"); + $passwordHash = password_hash($password, PASSWORD_DEFAULT); + return DB::query("INSERT INTO mirror_users(username,password,user_firstname,user_lastname,user_email) VALUES(?,?,?,?,?)", + [$username, $passwordHash, $firstname, $lastname, $email]); } else { set_error('User could not be added because passwords did not match.'); } @@ -438,10 +435,15 @@ function mirror_insert_user($username,$password,$rpassword,$firstname,$lastname, * @param string $email * @return bool */ -function mirror_update_user($user,$username,$password,$rpassword,$firstname,$lastname,$email) +public static function update_user($user,$username,$password,$rpassword,$firstname,$lastname,$email) { - $query = ($password==$rpassword&&!empty($password))?"UPDATE mirror_users SET username='{$username}',password=MD5('{$password}'),user_firstname='{$firstname}',user_lastname='{$lastname}',user_email='{$email}' WHERE user_id={$user}":"UPDATE mirror_users SET username='{$username}',user_firstname='{$firstname}',user_lastname='{$lastname}',user_email='{$email}' WHERE user_id={$user}"; - return db_query($query); + if($password==$rpassword&&!empty($password)) { + $passwordHash = password_hash($password, PASSWORD_DEFAULT); + return DB::query("UPDATE mirror_users SET username=?,password=?,user_firstname=?,user_lastname=?,user_email=? WHERE user_id=?", + [$username, $passwordHash, $firstname, $lastname, $email, $user]); + } + return DB::query("UPDATE mirror_users SET username=?,user_firstname=?,user_lastname=?,user_email=? WHERE user_id=?", + [$username, $firstname, $lastname, $email, $user]); } /** @@ -449,18 +451,18 @@ function mirror_update_user($user,$username,$password,$rpassword,$firstname,$las * @param int $id * @return bool */ -function mirror_delete_user($id) +public static function delete_user($id) { - return db_query("DELETE FROM mirror_users WHERE user_id={$id}"); + return DB::query("DELETE FROM mirror_users WHERE user_id=?", [$id]); } /** * Get users. * @return array $users array containing all user information. */ -function mirror_get_users() +public static function get_users() { - return db_get("SELECT * FROM mirror_users"); + return DB::get("SELECT * FROM mirror_users"); } /** @@ -468,9 +470,9 @@ function mirror_get_users() * @param int $id * @return array */ -function mirror_get_one_user($id) +public static function get_one_user($id) { - return db_get_one("SELECT * FROM mirror_users WHERE user_id = {$id}"); + return DB::get_one("SELECT * FROM mirror_users WHERE user_id = ?", PDO::FETCH_ASSOC, [$id]); } /** @@ -478,18 +480,18 @@ function mirror_get_one_user($id) * @param int $mirror * @return bool */ -function mirror_toggle($mirror) +public static function toggle($mirror) { - return (db_toggle_bool('mirror_mirrors','mirror_id','mirror_active',$mirror))?true:false; + return (DB::query("UPDATE mirror_mirrors SET mirror_active = IF(mirror_active = '1', '0', '1') WHERE mirror_id = ?", [$mirror]))?true:false; } /** * Get mirror statistics. * @return array $stats */ -function mirror_get_mirror_stats() +public static function get_mirror_stats() { - return db_get(" + return DB::get(" SELECT *, COUNT(mirror_log.mirror_id) as count @@ -511,9 +513,9 @@ function mirror_get_mirror_stats() * Get product statistics. * @return array $stats */ -function mirror_get_product_stats() +public static function get_product_stats() { - return db_get(" + return DB::get(" SELECT *, COUNT(mirror_locations.product_id) as count @@ -528,4 +530,3 @@ function mirror_get_product_stats() mirror_locations.product_id "); } -?> diff --git a/php/rss/download-counts.php b/php/rss/download-counts.php index 4559647..94d96dc 100644 --- a/php/rss/download-counts.php +++ b/php/rss/download-counts.php @@ -8,11 +8,10 @@ require_once('../cfg/config.php'); // config file require_once(LIB.'/db.php'); // core mysql wrappers -db_connect(DBHOST,DBUSER,DBPASS); // open persistent connection to db -db_select(DBNAME); // select db +DB::connect(DBHOST,DBUSER,DBPASS,DBNAME); // open persistent connection to db // get download counts per product -$data = db_get("SELECT * FROM mirror_products ORDER BY product_name"); +$data = DB::get("SELECT * FROM mirror_products ORDER BY product_name"); // time to go at the end of each item $now = date('G',time()); @@ -52,4 +51,3 @@ foreach ($data as $product) { } echo "\n".''; -?> -- cgit v1.2.3-65-gdbad