mike/wishlist
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

converted from the mysql_ API to the PDO library

Browse source
This commit is contained in:
Ryan Walberg 2012-11-22 04:36:20 +00:00
parent 75aefbd9e3
commit 246232f0a3
31 changed files with 1460 additions and 1217 deletions
Download patch file Download diff file Expand all files Collapse all files

129
src/includes/config.php Normal file
View file

@ -0,0 +1,129 @@
<?php
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
function getGlobalOptions() {
return array(
/* The PDO connection string.
http://www.php.net/manual/en/pdo.connections.php
*/
"pdo_connection_string" => "mysql:host=localhost;dbname=giftreg",
/* The database username and password. */
"pdo_username" => "dbusername",
"pdo_password" => "dbpassword",
/* The maximum number of days before an event which produces a notification. */
"event_threshold" => "60",
/* Whether or not requesting to shop for someone is immediately approved.
0 = auto-approve,
1 = require approval
*/
"shop_requires_approval" => 1,
/* Whether or not requesting a new account is immediately approved.
0 = auto-approve,
1 = require administrator approval
*/
"newuser_requires_approval" => 1,
/* Whether or not whom an item is reserved/bought by is hidden. */
"anonymous_purchasing" => 0,
/* The number of your items that show on each page. */
"items_per_page" => 10,
/* The e-mail From: header. */
"email_from" => "webmaster@" . $_SERVER['SERVER_NAME'],
/* The e-mail Reply-To: header. */
"email_reply_to" => "your@address.com",
/* The e-mail X-Mailer header. */
"email_xmailer" => "PHP/" . phpversion(),
/* Whether or not to show brief blurbs in certain spots which describe how
features work.
0 = don't help text,
1 = show help text
*/
"show_helptext" => 0,
/* Whether or not clicking the Delete Item link requires a JavaScript-based
confirmation.
0 = don't show confirmation,
1 = show confirmation
*/
"confirm_item_deletes" => 0,
/* Whether or not to allow multiple quantities of an item. */
"allow_multiples" => 1,
/* This is prefixed to all currency values, set it as appropriate for your currency. */
"currency_symbol" => "$", // US or other dollars
//"currency_symbol" => "&#163;", // Pound (£) symbol
//"currency_symbol" => "&#165;", // Yen
//"currency_symbol" => "&#8364;", // Euro
//"currency_symbol" => "&euro;", // Euro alternative
/* If this is set to something other than "" then phpgiftreg will expect that
string to prefix all tables in this installation. Useful for running
multiple phpgiftreg installations in the same MySQL database.
*/
"table_prefix" => "",
//"table_prefix" => "gift_", // all tables must be prefixed by `gift_'
/* Whether or not your own events show up on the home page.
0 = don't show my own events,
1 = show my own events
*/
"show_own_events" => 1,
/* The length of random generated passwords. */
"password_length" => 8,
/* Whether or not to hide the price when it's $0.00.
0 = don't hide it,
1 = hide it
*/
"hide_zero_price" => 1,
/* Whether or not to hash passwords. Your version of MySQL may or may not
support it.
"MD5" = use MySQL's MD5() function,
"SHA1" = use MySQL's SHA1() function,
"" = use nothing (store passwords in plaintext).
If you switch this on, you're going to need to do a
UPDATE users SET password = MD5(password)
on your database to convert the passwords. This operation is NON-REVERSIBLE!
*/
"password_hasher" => "SHA1",
/* Whether or not to allow image uploads. If on, the next option must point to
a valid subdirectory that is writeable by the web server. The setup.php
script will confirm this.
0 = don't allow images,
1 = allow images
*/
"allow_images" => 1,
/* The *sub*-directory we we can store item images. If you don't want to
allow images to be attached to items, leave this variable empty ("").
Trailing / is optional.
*/
"image_subdir" => "item_images"
);
}
?>

179
src/includes/funcLib.php Normal file
View file

@ -0,0 +1,179 @@
<?php
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
function getFullPath($url) {
$fp = $_SERVER["SERVER_PORT"] == "443" ? "https://" : "http://";
$fp .= $_SERVER["HTTP_HOST"];
$dir = dirname($_SERVER["PHP_SELF"]);
if ($dir != "/")
$fp .= $dir;
$fp .= "/" . $url;
return $fp;
}
function jsEscape($s) {
return str_replace("\"","\\u0022",str_replace("'","\\'",str_replace("\r\n","\\r\\n",$s)));
}
function adjustAllocQuantity($itemid, $userid, $bought, $adjust, $dbh, $opt) {
$howmany = getExistingQuantity($itemid, $userid, $bought, $dbh, $opt);
if ($howmany == 0) {
if ($adjust < 0) {
// can't subtract anything from 0.
return 0;
}
else {
$stmt = $dbh->prepare("INSERT INTO {$opt["table_prefix"]}allocs(itemid,userid,bought,quantity) VALUES(?, ?, ?, ?)");
$stmt->bindParam(1, $itemid, PDO::PARAM_INT);
$stmt->bindParam(2, $userid, PDO::PARAM_INT);
$stmt->bindParam(3, $bought, PDO::PARAM_BOOL);
$stmt->bindParam(4, $adjust, PDO::PARAM_INT);
$stmt->execute();
return $howmany;
}
}
else {
/* figure out the real amount to adjust by, in case someone claims to have
received 3 of something from a buyer when they only bought 2. */
if ($adjust < 0) {
if (abs($adjust) > $howmany)
$actual = -$howmany;
else
$actual = $adjust;
}
else {
$actual = $adjust;
}
if ($howmany + $actual == 0) {
$stmt = $dbh->prepare("DELETE FROM {$opt["table_prefix"]}allocs WHERE itemid = ? AND userid = ? AND bought = ?");
$stmt->bindParam(1, $itemid, PDO::PARAM_INT);
$stmt->bindParam(2, $userid, PDO::PARAM_INT);
$stmt->bindParam(3, $bought, PDO::PARAM_BOOL);
$stmt->execute();
}
else {
$stmt = $dbh->prepare("UPDATE {$opt["table_prefix"]}allocs " .
"SET quantity = quantity + ? " . // because "quantity + -5" is okay.
"WHERE itemid = ? AND userid = ? AND bought = ?");
$stmt->bindParam(1, $actual, PDO::PARAM_INT);
$stmt->bindParam(2, $itemid, PDO::PARAM_INT);
$stmt->bindParam(3, $userid, PDO::PARAM_INT);
$stmt->bindParam(4, $bought, PDO::PARAM_BOOL);
$stmt->execute();
}
return $actual;
}
}
function getExistingQuantity($itemid, $userid, $bought, $dbh, $opt) {
$stmt = $dbh->prepare("SELECT quantity FROM {$opt["table_prefix"]}allocs WHERE bought = ? AND userid = ? AND itemid = ?");
$stmt->bindParam(1, $bought, PDO::PARAM_BOOL);
$stmt->bindParam(2, $userid, PDO::PARAM_INT);
$stmt->bindParam(3, $itemid, PDO::PARAM_INT);
$stmt->execute();
if ($row = $stmt->fetch()) {
return $row["quantity"];
}
else {
return 0;
}
}
function sendMessage($sender, $recipient, $message, $dbh, $opt) {
$stmt = $dbh->prepare("INSERT INTO {$opt["table_prefix"]}messages(sender,recipient,message,created) VALUES(?, ?, ?, ?)");
$stmt->bindParam(1, $sender, PDO::PARAM_INT);
$stmt->bindParam(2, $recipient, PDO::PARAM_INT);
$stmt->bindParam(3, $message, PDO::PARAM_STR);
$stmt->bindValue(4, strftime("%Y-%m-%d"), PDO::PARAM_STR);
$stmt->execute();
// determine if e-mail must be sent.
$stmt = $dbh->prepare("SELECT ur.email_msgs, ur.email AS remail, us.fullname, us.email AS semail FROM {$opt["table_prefix"]}users ur " .
"INNER JOIN {$opt["table_prefix"]}users us ON us.userid = ? " .
"WHERE ur.userid = ?");
$stmt->bindParam(1, $sender, PDO::PARAM_INT);
$stmt->bindParam(2, $recipient, PDO::PARAM_INT);
$stmt->execute();
if ($row = $stmt->fetch()) {
if ($row["email_msgs"] == 1) {
mail(
$row["remail"],
"Gift Registry message from " . $row["fullname"],
$row["fullname"] . " <" . $row["semail"] . "> sends:\r\n" . $message,
"From: {$opt["email_from"]}\r\nReply-To: " . $row["semail"] . "\r\nX-Mailer: {$opt["email_xmailer"]}\r\n"
) or die("Mail not accepted for " . $row["remail"]);
}
}
else {
die("recipient doesn't exist");
}
}
function generatePassword($opt) {
//* borrowed from hitech-password.php - a PHP Message board script
//* (c) Hitech Scripts 2003
//* For more information, visit http://www.hitech-scripts.com
//* modified for phpgiftreg by Chris Clonch
mt_srand((double) microtime() * 1000000);
$newstring = "";
if ($opt["password_length"] > 0) {
while(strlen($newstring) < $opt["password_length"]) {
switch (mt_rand(1,3)) {
case 1: $newstring .= chr(mt_rand(48,57)); break; // 0-9
case 2: $newstring .= chr(mt_rand(65,90)); break; // A-Z
case 3: $newstring .= chr(mt_rand(97,122)); break; // a-z
}
}
}
return $newstring;
}
function formatPrice($price, $opt) {
if ($price == 0.0 && $opt["hide_zero_price"])
return "&nbsp;";
else
return $opt["currency_symbol"] . number_format($price,2,".",",");
}
function stampUser($userid, $dbh, $opt) {
$stmt = $dbh->prepare("UPDATE {$opt["table_prefix"]}users SET list_stamp = NOW() WHERE userid = ?");
$stmt->bindParam(1, $userid, PDO::PARAM_INT);
$stmt->execute();
}
function deleteImageForItem($itemid, $dbh, $opt) {
$stmt = $dbh->prepare("SELECT image_filename FROM {$opt["table_prefix"]}items WHERE itemid = ?");
$stmt->bindParam(1, $itemid, PDO::PARAM_INT);
$stmt->execute();
if ($row = $stmt->fetch()) {
if ($row["image_filename"] != "") {
unlink($opt["image_subdir"] . "/" . $row["image_filename"]);
}
$stmt = $dbh->prepare("UPDATE {$opt["table_prefix"]}items SET image_filename = NULL WHERE itemid = ?");
$stmt->bindParam(1, $itemid, PDO::PARAM_INT);
$stmt->execute();
}
}
function fixForJavaScript($s) {
$s = htmlentities($s);
$s = str_replace("'","\\'",$s);
$s = str_replace("\r\n","<br />",$s);
$s = str_replace("\n","<br />",$s);
return $s;
}
?>