From 75057f07edfe2fd8cad316701555b7a56dc01da6 Mon Sep 17 00:00:00 2001 From: neoraider Date: Sat, 4 Mar 2006 14:41:05 +0000 Subject: Unnoetige DB-Klasse entfernt + alle Aufrufe auf AdoDB umgestellt; Unquote-Funktion hinzugefuegt --- code/db.inc.php | 28 ++++------------------------ code/links.inc.php | 2 +- code/message.inc.php | 4 ++-- code/nav.inc.php | 4 ++-- code/pages.inc.php | 21 +++++++++++---------- code/user.inc.php | 12 ++++++------ code/util.inc.php | 11 +++++++++++ 7 files changed, 37 insertions(+), 45 deletions(-) (limited to 'code') diff --git a/code/db.inc.php b/code/db.inc.php index 5fbd8e8..d5d2107 100644 --- a/code/db.inc.php +++ b/code/db.inc.php @@ -2,33 +2,13 @@ if(!defined('DB_INC')) { define('DB_INC', 1); - include('config/config.inc.php'); + require_once('config/config.inc.php'); - include('adodb.inc.php'); + require_once('adodb/adodb.inc.php'); - class DB { - var $conn; - - function DB($driver, $server, $user, $passwort, $database) { - $this->conn = ADONewConnection($driver); - $this->conn->PConnect($server, $user, $passwort, $database); - } - - function Query($query, $args = false) { - return $this->conn->Execute($query, $args); - } - - function QueryLimit($query, $numrows = -1, $offset = -1, $args = false) { - return $this->conn->SelectLimit($query, $numrows, $offset, $args); - } - - function InsertID() { - return $this->conn->Insert_ID(); - } - } - - $db = new DB($config['driver'], $config['server'], $config['user'], + $db = &ADONewConnection($config['driver']); + $db->PConnect($config['server'], $config['user'], $config['password'], $config['db']); } ?> diff --git a/code/links.inc.php b/code/links.inc.php index 2e8d551..c207945 100644 --- a/code/links.inc.php +++ b/code/links.inc.php @@ -2,7 +2,7 @@ if(!defined('LINKS_INC')) { define('LINKS_INC', 1); - include('code/user.inc.php'); + require_once('code/user.inc.php'); class Links { function GetNeonLink($page) { diff --git a/code/message.inc.php b/code/message.inc.php index 7b49a66..c351e70 100644 --- a/code/message.inc.php +++ b/code/message.inc.php @@ -2,9 +2,9 @@ if(!defined('MESSAGE_INC')) { define('MESSAGE_INC', 1); - include('config/config.inc.php'); + require_once('config/config.inc.php'); - include('code/util.inc.php'); + require_once('code/util.inc.php'); $message['Error'] = 'Error'; $message['PageNotFound'] = 'The page \'$page\' does not exist.'; diff --git a/code/nav.inc.php b/code/nav.inc.php index 1a4a5bd..642efe0 100644 --- a/code/nav.inc.php +++ b/code/nav.inc.php @@ -2,13 +2,13 @@ if(!defined('NAV_INC')) { define('NAV_INC', 1); - include('code/links.inc.php'); + require_once('code/links.inc.php'); class Nav { var $entries = array(); function Nav() { - $res = $GLOBALS['db']->Query('SELECT * FROM nav ORDER BY id'); + $res = $GLOBALS['db']->Execute('SELECT * FROM nav ORDER BY id'); while(!$res->EOF) { $this->entries[$res->fields[0]] = new NavEntry($res->fields[1], $res->fields[2], $res->fields[3]); diff --git a/code/pages.inc.php b/code/pages.inc.php index 4516303..710bb44 100644 --- a/code/pages.inc.php +++ b/code/pages.inc.php @@ -2,9 +2,9 @@ if(!defined('PAGES_INC')) { define('PAGES_INC', 1); - include('code/db.inc.php'); - include('code/user.inc.php'); - include('code/handlers.inc.php'); + require_once('code/db.inc.php'); + require_once('code/user.inc.php'); + require_once('code/handlers.inc.php'); class Pages { function Get($name, $type, $extra = null) { @@ -12,14 +12,14 @@ return array('title' => $name, 'content' => ErrorMessage('PageNotFound', array('page' => $name))); - $res = $GLOBALS['db']->Query('SELECT id, handler, data FROM pages WHERE name = ? AND type = ?', array($name, $type)); + $res = $GLOBALS['db']->Execute('SELECT id, handler, data FROM pages WHERE name = ? AND type = ?', array($name, $type)); if(!$this->HasAccess($name, $type)) return array('title' => $name, 'content' => ErrorMessage('Forbidden', array('page' => $name))); parse_str($res->fields[2], $data); - $data = array_map('stripslashes', $data); + $data = array_map('Unquote', $data); if($extra) $data = array_merge($data, $extra); $data['_id'] = $res->fields[0]; $data['_page'] = $name; @@ -32,14 +32,14 @@ return array('title' => $name, 'content' => ErrorMessage('PageNotFound', array('page' => $name))); - $res = $GLOBALS['db']->Query('SELECT id, handler, data FROM pages WHERE name = ? AND type = ?', array($name, $type)); + $res = $GLOBALS['db']->Execute('SELECT id, handler, data FROM pages WHERE name = ? AND type = ?', array($name, $type)); if(!$GLOBALS['user']->IsAdmin()) return array('title' => $name, 'content' => ErrorMessage('Forbidden', array('page' => $name))); parse_str($res->fields[2], $data = null); - $data = array_map('stripslashes', $data); + $data = array_map('Unquote', $data); $data['_id'] = $res->fields[0]; $data['_page'] = $name; @@ -47,15 +47,16 @@ } function Exists($name, $type) { - $res = $GLOBALS['db']->Query('SELECT id FROM pages WHERE name = ? AND type = ?', array($name, $type)); + $res = $GLOBALS['db']->Execute('SELECT id FROM pages WHERE name = ? AND type = ?', array($name, $type)); return ($res->RecordCount() > 0); } function HasAccess($name, $type) { - $res = $GLOBALS['db']->Query('SELECT access FROM pages WHERE name = ? AND type = ?', array($name, $type)); + $gid = $GLOBALS['user']->GetGid(); + $res = $GLOBALS['db']->Execute('SELECT access FROM pages WHERE name = ? AND type = ?', array($name, $type)); - return ($GLOBALS['user']->IsAdmin() || ($res->fields[0] & (1 << $GLOBALS['user']->GetGid())) != 0); + return ($GLOBALS['user']->IsAdmin() || (ord($res->fields[0][$gid/8]) & (1 << ($gid%8))) != 0); } } diff --git a/code/user.inc.php b/code/user.inc.php index 7bd1e99..3cd39bf 100644 --- a/code/user.inc.php +++ b/code/user.inc.php @@ -2,7 +2,7 @@ if(!defined('USER_INC')) { define('USER_INC', 1); - include('code/db.inc.php'); + require_once('code/db.inc.php'); class User { var $uid = 0, $gid = 0; @@ -10,7 +10,7 @@ function User() { if($_COOKIE['login']) { - $res = $GLOBALS['db']->Query('SELECT id, gid, sid FROM users WHERE id = ? AND sid = ?', + $res = $GLOBALS['db']->Execute('SELECT id, gid, sid FROM users WHERE id = ? AND sid = ?', array(substr($_COOKIE['login'], 32), substr($_COOKIE['login'], 0, 32))); @@ -24,7 +24,7 @@ } if($this->uid == 0 && $_GET['login']) { - $res = $GLOBALS['db']->Query('SELECT id, gid, sid FROM users WHERE id = ? AND sid = ?', + $res = $GLOBALS['db']->Execute('SELECT id, gid, sid FROM users WHERE id = ? AND sid = ?', array(substr($_GET['login'], 32), substr($_GET['login'], 0, 32))); @@ -39,13 +39,13 @@ } function Login($name, $pass) { - $res = $GLOBALS['db']->Query('SELECT id, gid FROM users WHERE user = ? AND password = ?', array($name, $pass)); + $res = $GLOBALS['db']->Execute('SELECT id, gid FROM users WHERE user = ? AND password = ?', array($name, $pass)); if($res->RecordCount()) { $id = $res->fields[0]; $sid = md5(uniqid($name . " * " . $pass . " * " . rand())); - $GLOBALS['db']->Query('UPDATE users SET sid = ? WHERE id = ?', array($sid, $id)); + $GLOBALS['db']->Execute('UPDATE users SET sid = ? WHERE id = ?', array($sid, $id)); $this->uid = $id; $this->gid = $res->fields[1]; @@ -62,7 +62,7 @@ } function Logout() { - $GLOBALS['db']->Query('UPDATE users SET sid = \'\' WHERE id = ?', $this->uid); + $GLOBALS['db']->Execute('UPDATE users SET sid = \'\' WHERE id = ?', $this->uid); $this->uid = 0; $this->gid = 0; diff --git a/code/util.inc.php b/code/util.inc.php index c2a8adf..724f8bd 100644 --- a/code/util.inc.php +++ b/code/util.inc.php @@ -12,5 +12,16 @@ return strtr($string, $tr); } + + if(get_magic_quotes_gpc()) { + function Unquote($string) { + return stripslashes($string); + } + } + else { + function Unquote($string) { + return $string; + } + } } ?> -- cgit v1.2.3