mike/wishlist
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

converted from the mysql_ API to the PDO library

Browse source
This commit is contained in:
Ryan Walberg 2012-11-22 04:36:20 +00:00
parent 75aefbd9e3
commit 246232f0a3
31 changed files with 1460 additions and 1217 deletions
Download patch file Download diff file Expand all files Collapse all files

121
src/users.php
View file

@ -13,9 +13,10 @@
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
include("config.php");
include("db.php");
include("funcLib.php");
require_once(dirname(__FILE__) . "/includes/funcLib.php");
require_once(dirname(__FILE__) . "/includes/MySmarty.class.php");
$smarty = new MySmarty();
$opt = $smarty->opt();
session_start();
if (!isset($_SESSION["userid"])) {
@ -32,7 +33,7 @@ if ($_SESSION["admin"] != 1) {
}
if (!empty($_GET["message"])) {
$message = strip_tags($_GET["message"]);
$message = $_GET["message"];
}
if (isset($_GET["action"]))
@ -48,11 +49,6 @@ if ($action == "insert" || $action == "update") {
$email_msgs = (strtoupper($_GET["email_msgs"]) == "ON" ? 1 : 0);
$approved = (strtoupper($_GET["approved"]) == "ON" ? 1 : 0);
$userisadmin = (strtoupper($_GET["admin"]) == "ON" ? 1 : 0);
if (!get_magic_quotes_gpc()) {
$username = addslashes($username);
$fullname = addslashes($fullname);
$email = addslashes($email);
}
$haserror = false;
if ($username == "") {
@ -75,19 +71,37 @@ if ($action == "delete") {
// work ourselves.
$deluserid = (int) $_GET["userid"];
mysql_query("DELETE FROM {$OPT["table_prefix"]}shoppers WHERE shopper = $deluserid OR mayshopfor = $deluserid") or die("Could not query: " . mysql_error());
$stmt = $smarty->dbh()->prepare("DELETE FROM {$opt["table_prefix"]}shoppers WHERE shopper = ? OR mayshopfor = ?");
$stmt->bindParam(1, $deluserid, PDO::PARAM_INT);
$stmt->bindParam(2, $deluserid, PDO::PARAM_INT);
$stmt->execute();
// we can't leave messages with dangling senders, so delete those too.
mysql_query("DELETE FROM {$OPT["table_prefix"]}messages WHERE sender = $deluserid OR recipient = $deluserid") or die("Could not query: " . mysql_error());
mysql_query("DELETE FROM {$OPT["table_prefix"]}events WHERE userid = $deluserid") or die("Could not query: " . mysql_error());
mysql_query("DELETE FROM {$OPT["table_prefix"]}items WHERE userid = $deluserid") or die("Could not query: " . mysql_error());
mysql_query("DELETE FROM {$OPT["table_prefix"]}users WHERE userid = $deluserid") or die("Could not query: " . mysql_error());
$stmt = $smarty->dbh()->prepare("DELETE FROM {$opt["table_prefix"]}messages WHERE sender = ? OR recipient = ?");
$stmt->bindParam(1, $deluserid, PDO::PARAM_INT);
$stmt->bindParam(2, $deluserid, PDO::PARAM_INT);
$stmt->execute();
$stmt = $smarty->dbh()->prepare("DELETE FROM {$opt["table_prefix"]}events WHERE userid = ?");
$stmt->bindParam(1, $deluserid, PDO::PARAM_INT);
$stmt->execute();
$stmt = $smarty->dbh()->prepare("DELETE FROM {$opt["table_prefix"]}items WHERE userid = ?");
$stmt->bindParam(1, $deluserid, PDO::PARAM_INT);
$stmt->execute();
$stmt = $smarty->dbh()->prepare("DELETE FROM {$opt["table_prefix"]}users WHERE userid = ?");
$stmt->bindParam(1, $deluserid, PDO::PARAM_INT);
$stmt->execute();
header("Location: " . getFullPath("users.php?message=User+deleted."));
exit;
}
else if ($action == "edit") {
$query = "SELECT username, fullname, email, email_msgs, approved, admin FROM {$OPT["table_prefix"]}users WHERE userid = " . (int) $_GET["userid"];
$rs = mysql_query($query) or die("Could not query: " . mysql_error());
if ($row = mysql_fetch_array($rs,MYSQL_ASSOC)) {
$stmt = $smarty->dbh()->prepare("SELECT username, fullname, email, email_msgs, approved, admin FROM {$opt["table_prefix"]}users WHERE userid = ?");
$stmt->bindValue(1, (int) $_GET["userid"], PDO::PARAM_INT);
$stmt->execute();
if ($row = $stmt->fetch()) {
$username = $row["username"];
$fullname = $row["fullname"];
$email = $row["email"];
@ -108,16 +122,23 @@ else if ($action == "") {
else if ($action == "insert") {
if (!$haserror) {
// generate a password and insert the row.
$pwd = generatePassword();
$query = "INSERT INTO {$OPT["table_prefix"]}users(username,password,fullname,email,email_msgs,approved,admin) " .
"VALUES('$username',{$OPT["password_hasher"]}('$pwd'),'$fullname'," . ($email == "" ? "NULL" : "'$email'") . ",$email_msgs,$approved,$userisadmin)";
mysql_query($query) or die("Could not query: " . mysql_error());
$pwd = generatePassword($opt);
$stmt = $smarty->dbh()->prepare("INSERT INTO {$opt["table_prefix"]}users(username,password,fullname,email,email_msgs,approved,admin) VALUES(?, {$opt["password_hasher"]}(?), ?, ?, ?, ?, ?)");
$stmt->bindParam(1, $username, PDO::PARAM_STR);
$stmt->bindParam(2, $pwd, PDO::PARAM_STR);
$stmt->bindParam(3, $fullname, PDO::PARAM_STR);
$stmt->bindParam(4, $email, PDO::PARAM_STR);
$stmt->bindParam(5, $email_msgs, PDO::PARAM_BOOL);
$stmt->bindParam(6, $approved, PDO::PARAM_BOOL);
$stmt->bindParam(7, $userisadmin, PDO::PARAM_BOOL);
$stmt->execute();
mail(
$email,
"Gift Registry account created",
"Your Gift Registry account was created.\r\n" .
"Your username is $username and your password is $pwd.",
"From: {$OPT["email_from"]}\r\nReply-To: {$OPT["email_reply_to"]}\r\nX-Mailer: {$OPT["email_xmailer"]}\r\n"
"From: {$opt["email_from"]}\r\nReply-To: {$opt["email_reply_to"]}\r\nX-Mailer: {$opt["email_xmailer"]}\r\n"
) or die("Mail not accepted for $email");
header("Location: " . getFullPath("users.php?message=User+added+and+e-mail+sent."));
exit;
@ -125,15 +146,23 @@ else if ($action == "insert") {
}
else if ($action == "update") {
if (!$haserror) {
$query = "UPDATE {$OPT["table_prefix"]}users SET " .
"username = '$username', " .
"fullname = '$fullname', " .
"email = " . ($email == "" ? "NULL" : "'$email'") . ", " .
"email_msgs = $email_msgs, " .
"approved = $approved, " .
"admin = $userisadmin " .
"WHERE userid = " . $_GET["userid"];
mysql_query($query) or die("Could not query: " . mysql_error());
$stmt = $smarty->dbh()->prepare("UPDATE {$opt["table_prefix"]}users SET " .
"username = ?, " .
"fullname = ?, " .
"email = ?, " .
"email_msgs = ?, " .
"approved = ?, " .
"admin = ? " .
"WHERE userid = ?");
$stmt->bindParam(1, $username, PDO::PARAM_STR);
$stmt->bindParam(2, $pwd, PDO::PARAM_STR);
$stmt->bindParam(3, $fullname, PDO::PARAM_STR);
$stmt->bindParam(4, $email, PDO::PARAM_STR);
$stmt->bindParam(5, $email_msgs, PDO::PARAM_BOOL);
$stmt->bindParam(6, $approved, PDO::PARAM_BOOL);
$stmt->bindParam(7, $userisadmin, PDO::PARAM_BOOL);
$stmt->bindValue(8, (int) $_GET["userid"], PDO::PARAM_INT);
$stmt->execute();
header("Location: " . getFullPath("users.php?message=User+updated."));
exit;
}
@ -141,19 +170,18 @@ else if ($action == "update") {
else if ($action == "reset") {
$resetuserid = $_GET["userid"];
$resetemail = $_GET["email"];
if (!get_magic_quotes_gpc()) {
$resetuserid = addslashes($resetuserid);
$resetemail = addslashes($resetemail);
}
// generate a password and insert the row.
$pwd = generatePassword();
$query = "UPDATE {$OPT["table_prefix"]}users SET password = {$OPT["password_hasher"]}('$pwd') WHERE userid = $resetuserid";
mysql_query($query) or die("Could not query: " . mysql_error());
$pwd = generatePassword($opt);
$stmt = $smarty->dbh()->prepare("UPDATE {$opt["table_prefix"]}users SET password = {$opt["password_hasher"]}(?) WHERE userid = ?");
$stmt->bindParam(1, $pwd, PDO::PARAM_STR);
$stmt->bindParam(2, $resetuserid, PDO::PARAM_INT);
$stmt->execute();
mail(
$resetemail,
"Gift Registry password reset",
"Your Gift Registry password was reset to $pwd.",
"From: {$OPT["email_from"]}\r\nReply-To: {$OPT["email_reply_to"]}\r\nX-Mailer: {$OPT["email_xmailer"]}\r\n"
"From: {$opt["email_from"]}\r\nReply-To: {$opt["email_reply_to"]}\r\nX-Mailer: {$opt["email_xmailer"]}\r\n"
) or die("Mail not accepted for $email");
header("Location: " . getFullPath("users.php?message=Password+reset."));
exit;
@ -163,17 +191,14 @@ else {
exit;
}
$query = "SELECT userid, username, fullname, email, email_msgs, approved, admin FROM {$OPT["table_prefix"]}users ORDER BY username";
$rs = mysql_query($query) or die("Could not query: " . mysql_error());
$stmt = $smarty->dbh()->prepare("SELECT userid, username, fullname, email, email_msgs, approved, admin FROM {$opt["table_prefix"]}users ORDER BY username");
$stmt->execute();
$users = array();
while ($row = mysql_fetch_array($rs, MYSQL_ASSOC)) {
while ($row = $stmt->fetch()) {
$users[] = $row;
}
mysql_free_result($rs);
define('SMARTY_DIR',str_replace("\\","/",getcwd()).'/includes/Smarty-3.1.12/libs/');
require_once(SMARTY_DIR . 'Smarty.class.php');
$smarty = new Smarty();
$smarty->assign('action', $action);
$smarty->assign('username', $username);
if (isset($username_error)) {
@ -190,13 +215,15 @@ if (isset($email_error)) {
$smarty->assign('email_msgs', $email_msgs);
$smarty->assign('approved', $approved);
$smarty->assign('userisadmin', $userisadmin);
$smarty->assign('haserror', $haserror);
if (isset($haserror)) {
$smarty->assign('haserror', $haserror);
}
$smarty->assign('users', $users);
if (isset($message)) {
$smarty->assign('message', $message);
}
$smarty->assign('userid', $userid);
$smarty->assign('isadmin', $_SESSION["admin"]);
$smarty->assign('opt', $OPT);
$smarty->assign('opt', $smarty->opt());
$smarty->display('users.tpl');
?>