diff --git a/checkin_notes b/checkin_notes index e74e079b6d..b231ccad04 100644 --- a/checkin_notes +++ b/checkin_notes @@ -10774,3 +10774,33 @@ David 12 Nov 2007 user/ forum*.php pm.php (new) + +David 12 Nov 2007 + - user web: update other code to use new-style DB interfaces + + html/ + inc/ + akismet.inc + boinc_db.inc + db.inc + db_conn.inc + user/ + account_finish_action.php + am_set_info.php + apps.php + create_account_info.php + delete_profile.php + edit_email_action.php + edit_passwd_action.php + forum_edit.php + forum_get_data.php + home.php + login_action.php + lookup_account.php + opt_out.php + pm.php + profile_rate.php + profile_search_action.php + results.php + validate_amil_addr.php + workunit.php diff --git a/html/inc/akismet.inc b/html/inc/akismet.inc index f720fdcea2..d92a790067 100644 --- a/html/inc/akismet.inc +++ b/html/inc/akismet.inc @@ -13,7 +13,7 @@ function akismet_check($user, $post) { $post = urlencode($post); $ip = urlencode($_SERVER['REMOTE_ADDR']); $referrer = urlencode($_SERVER['HTTP_REFERER']); - $author = urlencode($user->getName()); + $author = urlencode($user->name); $useragent = urlencode($_SERVER['HTTP_USER_AGENT']); $request = "blog=$master_url"; @@ -55,4 +55,4 @@ function akismet_request($request, $host, $path, $port = 80) { return $response; } -?> \ No newline at end of file +?> diff --git a/html/inc/boinc_db.inc b/html/inc/boinc_db.inc index 31f367b156..6fe95bfc97 100644 --- a/html/inc/boinc_db.inc +++ b/html/inc/boinc_db.inc @@ -45,6 +45,10 @@ class BoincDb extends DbConn { $db = self::get(); return $db->base_escape_string($string); } + static function error() { + $db = self::get(); + return $db->base_error(); + } } class BoincUser { @@ -167,6 +171,31 @@ class BoincResult { } } +class BoincWorkunit { + static function lookup_id($id) { + $db = BoincDb::get(); + return $db->lookup_id($id, 'workunit', 'BoincWorkunit'); + } +} + +class BoincApp { + static function lookup_id($id) { + $db = BoincDb::get(); + return $db->lookup_id($id, 'app', 'BoincApp'); + } + static function enum($clause) { + $db = BoincDb::get(); + return $db->enum('app', 'BoincApp', $clause); + } +} + +class BoincAppVersion { + static function enum($clause) { + $db = BoincDb::get(); + return $db->enum('app_version', 'BoincAppVersion', $clause); + } +} + class BoincProfile { static function lookup($clause) { $db = BoincDb::get(); @@ -184,6 +213,10 @@ class BoincProfile { $db = BoincDb::get(); return $db->enum('profile', 'BoincProfile', $clause, $clause2); } + function delete_aux() { + $db = BoincDb::get(); + return $db->delete_aux('profile', $clause); + } } class BoincTeamAdmin { @@ -230,6 +263,17 @@ class BoincPrivateMessage { $db = BoincDb::get(); return $db->delete($this, 'private_messages'); } + function delete_aux($clause) { + $db = BoincDb::get(); + return $db->delete_aux('private_messages', $clause); + } +} + +class BoincPlatform { + static function enum($clause) { + $db = BoincDb::get(); + return $db->enum('platform', 'BoincPlatform', $clause); + } } ?> diff --git a/html/inc/db.inc b/html/inc/db.inc index d21278dbd5..3dc33e17c8 100644 --- a/html/inc/db.inc +++ b/html/inc/db.inc @@ -34,6 +34,7 @@ function db_init_aux($try_replica=false) { } function lookup_user_auth($auth) { + $auth = BoincDb::escape_string($auth); return BoincUser::lookup("authenticator='$auth'"); } @@ -42,10 +43,12 @@ function lookup_user_id($id) { } function lookup_user_email_addr($email_addr) { - return BoincUser::lookup("email_addr='$email_addr'"); + $e = BoincDb::escape_string($email_addr); + return BoincUser::lookup("email_addr='$e'"); } function lookup_user_name($name) { + $name = BoincDb::escape_string($name); $users = BoincUser::enum("name='".boinc_real_escape_string($name)."'"); if (sizeof($users)==1) { return $users[0]; @@ -66,6 +69,7 @@ function lookup_team_founder($id) { } function lookup_team_name($name) { + $name = BoincDb::escape_string($name); return BoincTeam::lookup("name='$name'"); } diff --git a/html/inc/db_conn.inc b/html/inc/db_conn.inc index 77a2a4cf95..58bbc14444 100644 --- a/html/inc/db_conn.inc +++ b/html/inc/db_conn.inc @@ -119,6 +119,9 @@ class DbConn { function base_escape_string($string) { return mysql_real_escape_string($string, $this->db_conn); } + function base_error() { + return mysql_error($this->db_conn); + } } ?> diff --git a/html/inc/pm.inc b/html/inc/pm.inc index 775a0b62ca..6e0db3436e 100644 --- a/html/inc/pm.inc +++ b/html/inc/pm.inc @@ -101,7 +101,7 @@ function pm_send($to, $subject, $content) { function pm_count($userid, $duration) { $time = time() - $duration; - return PrivateMessage::count("senderid=$userid AND date>$time"); + return BoincPrivateMessage::count("senderid=$userid AND date>$time"); } function check_pm_count($userid) { diff --git a/html/user/account_finish_action.php b/html/user/account_finish_action.php index d3ade2be6f..34bf481d37 100644 --- a/html/user/account_finish_action.php +++ b/html/user/account_finish_action.php @@ -7,7 +7,7 @@ include_once("../inc/email.inc"); function show_error($str) { page_head("Can't update account"); echo "$str
\n"; - echo mysql_error(); + echo BoincDb::error(); echo "

Click your browser's Back button to try again.\n

\n"; page_tail(); exit(); diff --git a/html/user/am_set_info.php b/html/user/am_set_info.php index 87180c74cf..f8c844aa64 100644 --- a/html/user/am_set_info.php +++ b/html/user/am_set_info.php @@ -137,7 +137,7 @@ if (strlen($query)) { if ($result) { success(""); } else { - xml_error(-1, "database error: ".mysql_error()); + xml_error(-1, "database error: ".BoincDb::error()); } } else { success(""); diff --git a/html/user/apps.php b/html/user/apps.php index d98fbf26ae..88b263c2b3 100644 --- a/html/user/apps.php +++ b/html/user/apps.php @@ -1,19 +1,12 @@ deprecated) continue; - array_push($platforms, $platform); -} -mysql_free_result($r2); +$platforms = BoincPlatform::enum("deprecated=0"); $xml = $_GET['xml']; if ($xml) { @@ -26,10 +19,10 @@ if ($xml) { "; start_table(); } -$result = mysql_query("select * from app where deprecated=0"); +$apps = BoincApp::enum("deprecated=0"); -while ($app = mysql_fetch_object($result)) { +foreach ($apps as $app) { if ($xml) { echo "\n"; echo " $app->user_friendly_name\n"; @@ -42,9 +35,8 @@ while ($app = mysql_fetch_object($result)) { for ($i=0; $iid and platformid = $platform->id"); - while ($av = mysql_fetch_object($r2)) { - if ($av->deprecated) continue; + $avs = BoincAppVersion::enum("appid=$app->id and platformid = $platform->id and deprecated=0"); + foreach($avs as $av) { if (!$newest || $av->version_num>$newest->version_num) { $newest = $av; } @@ -74,7 +66,7 @@ while ($app = mysql_fetch_object($result)) { echo " \n"; } } -mysql_free_result($result); + if ($xml) { echo "\n"; } else { diff --git a/html/user/create_account_action.php b/html/user/create_account_action.php index eb0851e307..d54cf3e4c1 100644 --- a/html/user/create_account_action.php +++ b/html/user/create_account_action.php @@ -1,6 +1,6 @@ \n"; - echo mysql_error(); + echo BoincDb::error(); echo "

Click your browser's Back button to try again.\n

\n"; page_tail(); exit(); @@ -25,7 +25,6 @@ if (parse_bool($config, "disable_account_creation")) { exit(); } -db_init(); init_session(); // see whether the new account should be pre-enrolled in a team, diff --git a/html/user/delete_profile.php b/html/user/delete_profile.php index 3d1cccfa63..be0a12d6f6 100644 --- a/html/user/delete_profile.php +++ b/html/user/delete_profile.php @@ -1,9 +1,8 @@ id"); + BoincProfile::delete_aux("userid = $user->id"); if ($result) { delete_user_pictures($user->id); page_head("Delete Confirmation"); - mysql_query("update user set has_profile=0 where id=$user->id"); + $user->update("has_profile=0"); echo "Your profile has been deleted
"; } else { diff --git a/html/user/edit_email_action.php b/html/user/edit_email_action.php index 1d362964ab..b0a3307c45 100644 --- a/html/user/edit_email_action.php +++ b/html/user/edit_email_action.php @@ -1,11 +1,10 @@ id"; - $result = mysql_query($query); + $result = $user->update("email_addr='$email_addr', passwd_hash='$passwd_hash'"); if ($result) { echo " The email address of your account is now $email_addr. diff --git a/html/user/edit_passwd_action.php b/html/user/edit_passwd_action.php index 28465b4c8b..b4947b4fbe 100644 --- a/html/user/edit_passwd_action.php +++ b/html/user/edit_passwd_action.php @@ -1,11 +1,9 @@ email_addr); -$query = "update user set passwd_hash='$passwd_hash' where id=$user->id"; -$result = mysql_query($query); +$result = $user->update("passwd_hash='$passwd_hash'"); if ($result) { echo "Your password has been changed."; } else { diff --git a/html/user/edit_user_info_action.php b/html/user/edit_user_info_action.php index f1c72aeb7c..e147f7dd00 100644 --- a/html/user/edit_user_info_action.php +++ b/html/user/edit_user_info_action.php @@ -1,11 +1,10 @@ id"); +$result = $user->update("name='$name', url='$url', country='$country', postal_code='$postal_code'"); if ($result) { Header("Location: home.php"); } else { diff --git a/html/user/forum_edit.php b/html/user/forum_edit.php index bc258d9c39..16120735b1 100644 --- a/html/user/forum_edit.php +++ b/html/user/forum_edit.php @@ -47,7 +47,7 @@ if (post_str('submit',true) && (!$preview)) { $add_signature = 0; } $content = substr($content, 0, 64000); - $content = mysql_real_escape_string($content); + $content = BoincDb::escape_string($content); $post->update("signature=$add_signature, content='$content'"); // If this post belongs to the creator of the thread and is at top-level @@ -58,7 +58,7 @@ if (post_str('submit',true) && (!$preview)) { $t = post_str('title'); $t = trim($t); $t = strip_tags($ts); - $t = mysql_real_escape_string($t); + $t = BoincDb::escape_string($t); $thread->update("title='$t'"); } diff --git a/html/user/forum_get_data.php b/html/user/forum_get_data.php index 93f92c72f2..432efb3b72 100644 --- a/html/user/forum_get_data.php +++ b/html/user/forum_get_data.php @@ -1,88 +1,75 @@ 50) { $count = 10; } $length = get_int("contentlength", true); if (($length == null) || ($length <= 0)) { $length = 0; } - $res = mysql_query("SELECT * FROM post WHERE user=$userid ORDER BY timestamp DESC LIMIT $count"); - if ($res) { - $count = mysql_num_rows($res); + $posts = BoincPost::enum("user=$userid ORDER BY timestamp DESC LIMIT $count"); + $count = count($posts); + echo "\n"; + echo "$count\n"; + echo "\n"; - echo "\n"; - echo "$count\n"; - echo "\n"; - - while ($row = mysql_fetch_object($res)) { - $thread = mysql_query("SELECT * FROM thread WHERE id=".$row->thread); - $thread = mysql_fetch_object($thread); - echo "\n"; - echo " $row->id\n"; - echo " $row->thread\n"; - echo " title."]]>\n"; - echo " $row->timestamp\n"; - if ($length > 0) { - echo " content, 0, $length)."]]>\n"; - } else { - echo " content."]]>\n"; - } - echo "\n"; + foreach ($posts as $post) { + $thread = BoincThread::lookup_id($post->thread); + echo "\n"; + echo " $post->id\n"; + echo " $post->thread\n"; + echo " title."]]>\n"; + echo " $post->timestamp\n"; + if ($length > 0) { + echo " content, 0, $length)."]]>\n"; + } else { + echo " content."]]>\n"; } - - echo "\n"; - echo "\n"; - } else { - xml_error(-1, "Database error"); + echo "\n"; } + + echo "\n"; + echo "\n"; } elseif ($method == "user_threads") { - - $userid = get_int("userid", true); - $user = lookup_user_id($userid); - if (!$user) { xml_error(-136); } - $count = get_int("count", true); if (!$count || $count <= 0 || $count > 50) { $count = 10; } - $res = mysql_query("SELECT * FROM thread WHERE owner=$userid ORDER BY timestamp DESC LIMIT $count"); - if ($res) { - $count = mysql_num_rows($res); + $threads = BoincThread::enum("owner=$userid ORDER BY timestamp DESC LIMIT $count"); + $count = count($threads); - echo "\n"; - echo "$count\n"; - echo "\n"; - while ($row = mysql_fetch_object($res)) { - echo "\n"; - echo " $row->id\n"; - echo " $row->forum\n"; - echo " $row->replies\n"; - echo " $row->views\n"; - echo " $row->timestamp\n"; - echo " <![CDATA[$row->title]]>\n"; - echo "\n"; - } - - echo "\n"; - echo "\n"; - } else { - xml_error(-1, "Database error"); + echo "\n"; + echo "$count\n"; + echo "\n"; + foreach($threads as $thread) { + echo "\n"; + echo " $thread->id\n"; + echo " $thread->forum\n"; + echo " $thread->replies\n"; + echo " $thread->views\n"; + echo " $thread->timestamp\n"; + echo " <![CDATA[$thread->title]]>\n"; + echo "\n"; } + + echo "\n"; + echo "\n"; } ?> diff --git a/html/user/home.php b/html/user/home.php index 2d5e226cd4..b2512dbbab 100644 --- a/html/user/home.php +++ b/html/user/home.php @@ -2,14 +2,13 @@ require_once("../inc/util.inc"); require_once("../inc/user.inc"); -require_once("../inc/db.inc"); +require_once("../inc/boinc_db.inc"); require_once("../inc/forum.inc"); -// show the home page of whoever's logged in +// show the home page of logged-in user -db_init(); $user = get_logged_in_user(); -$user = getForumPreferences($user); +BoincForumPrefs::lookup($user); $user = get_other_projects($user); $init = isset($_COOKIE['init']); diff --git a/html/user/login_action.php b/html/user/login_action.php index 11f28ef558..546fbe0306 100644 --- a/html/user/login_action.php +++ b/html/user/login_action.php @@ -1,15 +1,15 @@ authenticator, 0, 1) == 'x'){ //User has been bad so we are going to take away ability to post for awhile. error_page("This account has been administratively disabled."); } +$user = lookup_user_auth($authenticator); if (!$user) { page_head("Log in"); echo " diff --git a/html/user/lookup_account.php b/html/user/lookup_account.php index ee6fe84744..97d8f5aae2 100644 --- a/html/user/lookup_account.php +++ b/html/user/lookup_account.php @@ -2,7 +2,7 @@ // RPC handler for account lookup -require_once("../inc/db.inc"); +require_once("../inc/boinc_db.inc"); require_once("../inc/util.inc"); require_once("../inc/email.inc"); require_once("../inc/xml.inc"); @@ -14,7 +14,8 @@ if ($retval) xml_error($retval); $email_addr = get_str("email_addr"); $passwd_hash = process_user_text(get_str("passwd_hash", true)); -$user = lookup_user_email_addr($email_addr); +$email_addr = BoincDb::escape_string($email_addr); +$user = BoincUser::lookup("email_addr='$email_addr'); if (!$user) { xml_error(-136); } @@ -33,7 +34,7 @@ $auth_hash = md5($user->authenticator.$user->email_addr); // if (!strlen($user->passwd_hash)) { $user->passwd_hash = $auth_hash; - mysql_query("update user set passwd_hash='$user->passwd_hash' where id=$user->id"); + $user->update(passwd_hash='$user->passwd_hash'"); } // if the given password hash matches (auth+email), accept it diff --git a/html/user/opt_out.php b/html/user/opt_out.php index 1ef84b7925..3b89f253d3 100644 --- a/html/user/opt_out.php +++ b/html/user/opt_out.php @@ -1,9 +1,7 @@ authenticator) != $code) { error_page("bad code"); } -$result = mysql_query("update user set send_email=0 where id=$userid"); +$result = $user->update("send_email=0"); -page_head("$email removed from mailing list"); +if ($result) { + page_head("$email removed from mailing list"); + echo " + No further emails will be sent to $user->email_addr. + To resume getting emails, + go here + "; + page_tail(); +} +error_page("database error"); -echo " -No further emails will be sent to $user->email_addr. -To resume getting emails, -go here -"; - -page_tail(); ?> diff --git a/html/user/pm.php b/html/user/pm.php index d8411c9e6b..641e66ac59 100644 --- a/html/user/pm.php +++ b/html/user/pm.php @@ -1,5 +1,6 @@ id ORDER BY date DESC" ); if (count($msgs) == 0) { @@ -135,14 +136,16 @@ function do_new($logged_in_user) { function do_delete($logged_in_user) { $id = get_int("id", true); - if ($id == null) { $id = post_int("id"); } + if ($id == null) { + $id = post_int("id"); + } check_tokens($logged_in_user->authenticator); - mysql_query("DELETE FROM private_messages WHERE userid=".$logged_in_user->id." AND id=$id"); + BoincPrivateMessage::delete_aux("userid=".$logged_in_user->id." AND id=$id"); header("Location: pm.php"); } function do_send($logged_in_user) { - check_banished(new User($logged_in_user->id)); + check_banished($logged_in_user); check_tokens($logged_in_user->authenticator); $to = stripslashes(post_str("to", true)); @@ -155,7 +158,7 @@ function do_send($logged_in_user) { if (($to == null) || ($subject == null) || ($content == null)) { pm_create_new(tra("You need to fill all fields to send a private message")); } else { - akismet_check(new User($logged_in_user->id), $content); + akismet_check($logged_in_user, $content); $to = str_replace(", ", ",", $to); // Filter out spaces after separator $users = explode(",", $to); @@ -233,7 +236,7 @@ function do_confirmedblock($logged_in_user) { function do_delete_selected($logged_in_user) { check_tokens($logged_in_user->authenticator); foreach ($_POST["pm_select"] as $id) { - $id = mysql_real_escape_string($id); + $id = BoincDb::escape_string($id); $msg = BoincPrivateMessage::lookup_id($id); if ($msg && $msg->userid == $logged_in_user->id) { $msg->delete(); @@ -245,7 +248,7 @@ function do_delete_selected($logged_in_user) { function do_mark_as_read_selected($logged_in_user) { check_tokens($logged_in_user->authenticator); foreach ($_POST["pm_select"] as $id) { - $id = mysql_real_escape_string($id); + $id = BoincDb::escape_string($id); $msg = BoincPrivateMessage::lookup_id($id); if ($msg && $msg->userid == $logged_in_user->id) { $msg->update("opened=1"); @@ -257,7 +260,7 @@ function do_mark_as_read_selected($logged_in_user) { function do_mark_as_unread_selected($logged_in_user) { check_tokens($logged_in_user->authenticator); foreach ($_POST["pm_select"] as $id) { - $id = mysql_real_escape_string($id); + $id = BoincDb::escape_string($id); $msg = BoincPrivateMessage::lookup_id($id); if ($msg && $msg->userid == $logged_in_user->id) { $msg->update("opened=0"); diff --git a/html/user/profile_rate.php b/html/user/profile_rate.php index 310d095c25..43ca4fd9c9 100644 --- a/html/user/profile_rate.php +++ b/html/user/profile_rate.php @@ -1,8 +1,6 @@ ".user_links($user)."".date_str($user->create_time)."".$user->country."".(int)$user->total_credit."".(int)$user->expavg_credit."\n"; } -db_init(); - $search_string = get_str('search_string'); $offset = get_int('offset', true); if (!$offset) $offset=0; @@ -18,8 +16,7 @@ $count = 10; page_head("Profile search results"); echo "

Profiles containing '$search_string'

\n"; -$q = "select * from profile where match(response1, response2) against ('$search_string') limit $offset,$count"; -$result = mysql_query($q); +$profiles = BoincProfile::enum("match(response1, response2) against ('$search_string') limit $offset,$count"); echo " @@ -28,12 +25,11 @@ echo "
User name Joined project
"; $n = 0; -while ($profile = mysql_fetch_object($result)) { +foreach($profiles as $profile) { show_profile_link($profile, $n+$offset+1); $n += 1; } echo "
Recent credit
"; -mysql_free_result($result); if ($offset==0 && $n==0) { echo "No profiles found containing '$search_string'"; diff --git a/html/user/results.php b/html/user/results.php index 6f2ff5132e..21dcda899e 100644 --- a/html/user/results.php +++ b/html/user/results.php @@ -1,7 +1,8 @@ = $results_per_page) break; show_result_row($res, true, false, true); $i++; } -mysql_free_result($result); echo "\n"; echo show_result_navigation( diff --git a/html/user/validate_email_addr.php b/html/user/validate_email_addr.php index 0df57daedb..686e3116d2 100644 --- a/html/user/validate_email_addr.php +++ b/html/user/validate_email_addr.php @@ -1,11 +1,9 @@ id"); + $result = $user->update("email_validated=1"); if (!$result) { error_page("Database update failed - please try again later."); } diff --git a/html/user/workunit.php b/html/user/workunit.php index 5cf21d3b3b..f5c33c88f5 100644 --- a/html/user/workunit.php +++ b/html/user/workunit.php @@ -1,18 +1,18 @@ appid); +$app = BoincApp::lookup_id($wu->appid); start_table(); row2("application", $app->user_friendly_name); @@ -37,11 +37,10 @@ end_table(); project_workunit($wu); result_table_start(false, true, true); -$result = mysql_query("select * from result where workunitid=$wuid"); -while ($res = mysql_fetch_object($result)) { +$results = BoincResult::enum("workunitid=$wuid"); +foreach ($results as $result) { show_result_row($res, false, true, true); } -mysql_free_result($result); echo "\n"; page_tail();