diff --git a/admin/auctions.php b/admin/auctions.php
index 57b56bc8..6c31f3dc 100644
--- a/admin/auctions.php
+++ b/admin/auctions.php
@@ -60,7 +60,26 @@
maxpictures = " . $_POST['maxpictures'] . ",
maxuploadsize = " . ($_POST['maxpicturesize'] * 1024) . ",
thumb_show = " . intval($_POST['thumb_show']);
- $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
+ $params = array();
+ $params[] = array(':proxy_bidding', ynbool($_POST['proxy_bidding']), 'str');
+ $params[] = array(':edit_starttime', $_POST['edit_starttime'], 'int');
+ $params[] = array(':cust_increment', $_POST['cust_increment'], 'int');
+ $params[] = array(':hours_countdown', $_POST['hours_countdown'], 'int');
+ $params[] = array(':ao_hpf_enabled', ynbool($_POST['ao_hpf_enabled']), 'str');
+ $params[] = array(':ao_hi_enabled', ynbool($_POST['ao_hi_enabled']), 'str');
+ $params[] = array(':ao_bi_enabled', ynbool($_POST['ao_bi_enabled']), 'str');
+ $params[] = array(':subtitle', ynbool($_POST['subtitle']), 'str');
+ $params[] = array(':extra_cat', ynbool($_POST['extra_cat']), 'str');
+ $params[] = array(':autorelist', ynbool($_POST['autorelist']), 'str');
+ $params[] = array(':autorelist_max', $_POST['autorelist_max'], 'int');
+ $params[] = array(':ae_status', ynbool($_POST['status']), 'str');
+ $params[] = array(':ae_timebefore', $_POST['timebefore'], 'int');
+ $params[] = array(':ae_extend', $_POST['extend'], 'int');
+ $params[] = array(':picturesgallery', $_POST['picturesgallery'], 'int');
+ $params[] = array(':maxpictures', $_POST['maxpictures'], 'int');
+ $params[] = array(':maxuploadsize', $_POST['maxpicturesize'], 'int');
+ $params[] = array(':thumb_show', $_POST['thumb_show'], 'int');
+ $db->query($query, $params);
$ERR = $MSG['5088'];
}
$system->SETTINGS['edit_starttime'] = $_POST['edit_starttime'];
diff --git a/admin/invoice.php b/admin/invoice.php
index ed664de7..5eb87a07 100644
--- a/admin/invoice.php
+++ b/admin/invoice.php
@@ -224,6 +224,7 @@
'TO_DATE' => ($to_date == 0) ? '' : $to_date,
'USER_SEARCH' => (!$searchuser) ? '' : $username,
'NO_USER_SEARCH' => (!$searchuser),
+ 'HASH' => $_SESSION['WEBID_ADMIN_NUMBER'],
'PAGNATION' => ($PAGES > 1),
'PREV' => ($PAGES > 1 && $PAGE > 1) ? '' . $MSG['5119'] . ' ' : '',
diff --git a/docs/changes.txt b/docs/changes.txt
index ada6cf00..68ccc041 100644
--- a/docs/changes.txt
+++ b/docs/changes.txt
@@ -9,5 +9,6 @@
- Fixed reserve not met Items being incorrectly marked as sold in the database (Bug #464) (Thanks pani100)
- Fixed shipping fee not being added to cost of item (Bug #454)
- Fixed link in pay.php to contact seller (Bug #445) (Thanks pani100)
+- Fixed admin invoices view
for older changes check out http://www.webidsupport.com/wiki/Change_Log
\ No newline at end of file
diff --git a/includes/class_MPTTcategories.php b/includes/class_MPTTcategories.php
index 4ec0c82b..9e4247bd 100644
--- a/includes/class_MPTTcategories.php
+++ b/includes/class_MPTTcategories.php
@@ -19,21 +19,22 @@ class MPTTcategories
// Add an element to the tree as a child of $parent and as $child_num'th child. If $data is not supplied the insert id will be returned.
function add($parent_id, $child_num = 0, $misc_data = false)
{
- global $system, $DBPrefix;
+ global $system, $DBPrefix, $db;
if(!is_numeric($parent_id) || $parent_id < 0)
{
return false;
}
if($parent_id != 0)
{
- $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = " . $parent_id;
- $res = mysql_query($query);
- $system->check_mysql($res, $query, __LINE__, __FILE__);
- if(mysql_num_rows($res) != 1)
+ $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = :parent_id";
+ $params = array();
+ $params[] = array(':parent_id', $parent_id, 'int');
+ $db->query($query, $params);
+ if($db->numrows() != 1)
{ // Row must exist.
return false;
}
- $parent = mysql_fetch_assoc($res);
+ $parent = $db->fetch();
}
else
{
@@ -70,9 +71,9 @@ function add($parent_id, $child_num = 0, $misc_data = false)
// Make a hole for the new element.
$query = "UPDATE " . $DBPrefix . "categories SET left_id = left_id + 2 WHERE " . $boundry[0] . " > " . $boundry[2] . " AND " . $boundry[1] . " > " . $boundry[2];
- $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
+ $db->direct_query($query);
$query = "UPDATE " . $DBPrefix . "categories SET right_id = right_id + 2 WHERE " . $boundry[1] . " > " . $boundry[2];
- $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
+ $db->direct_query($query);
// Insert the new element.
$data = array(
@@ -87,11 +88,11 @@ function add($parent_id, $child_num = 0, $misc_data = false)
}
$data = $this->build_sql($data);
$query = "INSERT INTO " . $DBPrefix . "categories SET " . $data;
- $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
+ $db->direct_query($query);
if(!$misc_data)
{
- return mysql_insert_id();
+ return $db->lastInsertId();
}
return true;
}
@@ -99,83 +100,90 @@ function add($parent_id, $child_num = 0, $misc_data = false)
// Deletes element $id with or without children. If children should be kept they will become children of $id's parent.
function delete($id, $keep_children = false)
{
- global $system, $DBPrefix;
+ global $system, $DBPrefix, $db;
if(!is_numeric($id) || $id <= 0 || !is_bool($keep_children))
{
return false;
}
- $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = " . $id;
- $res = mysql_query($query);
- $system->check_mysql($res, $query, __LINE__, __FILE__);
- if(mysql_num_rows($res) != 1)
+ $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = :cat_id";
+ $params = array();
+ $params[] = array(':cat_id', $id, 'int');
+ $db->query($query, $params);
+ if($db->numrows() != 1)
{ // Row must exist.
return false;
}
- $a = mysql_fetch_assoc($res);
+ $a = $db->fetch();
if(!$keep_children)
{
// Delete the element with children.
$query = "DELETE FROM " . $DBPrefix . "categories WHERE left_id >= " . $a['left_id'] . " AND right_id <= " . $a['right_id'];
- $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
+ $db->direct_query($query);
// Remove the hole.
$diff = $a['right_id'] - $a['left_id'] + 1;
$query = "UPDATE " . $DBPrefix . "categories SET left_id = left_id - " . $diff . " WHERE right_id > " . $a['right_id'] . " AND left_id > " . $a['right_id'];
- $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
+ $db->direct_query($query);
$query = "UPDATE " . $DBPrefix . "categories SET right_id = right_id - " . $diff . " WHERE right_id > " . $a['right_id'];
- $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
+ $db->direct_query($query);
// No level cahnges needed.
}
else
{
// Delete ONLY the element.
- $query = "DELETE FROM " . $DBPrefix . "categories WHERE cat_id = " . $id;
- $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
+ $query = "DELETE FROM " . $DBPrefix . "categories WHERE cat_id = :cat_id";
+ $params = array();
+ $params[] = array(':cat_id', $id, 'int');
+ $db->query($query, $params);
// Fix children.
$query = "UPDATE " . $DBPrefix . "categories SET left_id = left_id - 1, right_id = right_id - 1, level = level - 1 WHERE left_id >= " . $a['left_id'] . " AND right_id <= " . $a['right_id'];
- $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
+ $db->direct_query($query);
// Remove hole.
$query = "UPDATE " . $DBPrefix . "categories SET left_id = left_id - 2 WHERE right_id > " . ($a['right_id'] - 1) . " AND left_id > " . ($a['right_id'] - 1);
- $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
+ $db->direct_query($query);
$query = "UPDATE " . $DBPrefix . "categories SET right_id = right_id - 2 WHERE right_id > " . ($a['right_id'] - 1);
- $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
+ $db->direct_query($query);
}
}
// Move an element (with children) $id, under element $target_id as the $child_num'th child of that element
function move($id, $target_id, $child_num = 0)
{
- global $system, $DBPrefix;
+ global $system, $DBPrefix, $db;
if(!is_numeric($id) || !is_numeric($target_id) || !is_numeric($child_num))
{
return false;
}
if($target_id != 0)
{
- $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = " . $id . " OR cat_id = " . $target_id;
+ $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = :cat_id OR cat_id = :target_id";
// I want the to be returned in order.
$query .= ' ORDER BY cat_id ' . (($id < $target_id) ? 'ASC' : 'DESC');
- $res = mysql_query($query);
- $system->check_mysql($res, $query, __LINE__, __FILE__);
- if(mysql_num_rows($res) != 2)
+ $params = array();
+ $params[] = array(':cat_id', $id, 'int');
+ $params[] = array(':target_id', $target_id, 'int');
+ $db->query($query, $params);
+ if($db->numrows() != 2)
{ // Both rows must exist.
return false;
}
- $a = mysql_fetch_assoc($res); // This is being moved.
- $b = mysql_fetch_assoc($res); // This is the target.
+ $data = $db->fetchall();
+ $a = $data[0]; // This is being moved.
+ $b = $data[1]; // This is the target.
}
else
{
- $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = " . $id;
+ $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = :cat_id";
+ $params = array();
+ $params[] = array(':cat_id', $id, 'int');
+ $db->query($query, $params);
- $res = mysql_query($query);
- $system->check_mysql($res, $query, __LINE__, __FILE__);
- if(mysql_num_rows($res) != 1)
+ if($db->numrows() != 1)
{ // Row must exist.
return false;
}
- $a = mysql_fetch_assoc($res); // This is being moved.
+ $a = $db->fetch(); // This is being moved.
// Virtual root element.
$b = $this->get_virtual_root();
@@ -232,60 +240,62 @@ function move($id, $target_id, $child_num = 0)
// Give the needed rows negative id's.
$query = "UPDATE " . $DBPrefix . "categories SET left_id = left_id * -1, right_id = right_id * -1 WHERE left_id >= " . $a['left_id'] . " AND right_id <= " . $a['right_id'];
- $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
+ $db->direct_query($query);
// Remove the hole.
$query = "UPDATE " . $DBPrefix . "categories SET left_id = left_id - " . $diff . " WHERE right_id > " . $a['right_id'] . " AND left_id > " . $a['right_id'];
- $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
+ $db->direct_query($query);
$query = "UPDATE " . $DBPrefix . "categories SET right_id = right_id - " . $diff . " WHERE right_id > " . $a['right_id'];
- $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
+ $db->direct_query($query);
// Add hole
$query = "UPDATE " . $DBPrefix . "categories SET left_id = left_id + " . $diff . " WHERE " . $boundry[0] . " > " . $size . " AND " . $boundry[1] . " > " . $size;
- $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
+ $db->direct_query($query);
$query = "UPDATE " . $DBPrefix . "categories SET right_id = right_id + " . $diff . " WHERE " . $boundry[2] . " > " . $size;
- $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
+ $db->direct_query($query);
// Fill hole & update rows & multiply by -1
$query = "UPDATE " . $DBPrefix . "categories SET left_id = (left_id - (" . $dist . ")) * -1, right_id = (right_id - (" . $dist . ")) * -1, level = level + (" . $ldiff . ") WHERE left_id < 0";
- $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
+ $db->direct_query($query);
return true;
}
// Copies element $id (with children) to $parent as the $child_mun'th child.
function copy($id, $parent, $child_num = 0)
{
- global $system, $DBPrefix;
+ global $system, $DBPrefix, $db;
if(!is_numeric($id) || $id < 0 ||!is_numeric($parent) || $parent < 0)
{
return false;
}
// Get branch left & right id's.
- $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = " . $id;
- $res = mysql_query($query);
- $system->check_mysql($res, $query, __LINE__, __FILE__);
- if(mysql_num_rows($res) != 1)
+ $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = :cat_id";
+ $params = array();
+ $params[] = array(':cat_id', $id, 'int');
+ $db->query($query, $params);
+
+ if($db->numrows() != 1)
{ // Row must Exist.
return false;
}
- $a = mysql_fetch_assoc($res);
+ $a = $db->fetch();
// Get child data.
$query = "SELECT * FROM " . $DBPrefix . "categories WHERE left_id >= " . $a['left_id'] . " AND right_id <= " . $a['right_id'];
- $res = mysql_query($query);
- $system->check_mysql($res, $query, __LINE__, __FILE__);
- while($row = mysql_fetch_assoc($res))
+ $db->direct_query($query);
+ while($row = $db->fetch())
{
$data[] = $row;
}
if($parent != 0)
{
- $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = " . $parent;
- $res = mysql_query($query);
- $system->check_mysql($res, $query, __LINE__, __FILE__);
+ $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = :parent_id";
+ $params = array();
+ $params[] = array(':parent_id', $parent, 'int');
+ $db->query($query, $params);
- if(mysql_num_rows($res) != 1)
+ if($db->numrows() != 1)
{ // Row must exist.
return false;
}
- $b = mysql_fetch_assoc($res);
+ $b = $db->fetch();
}
else
{
@@ -330,9 +340,9 @@ function copy($id, $parent, $child_num = 0)
// Add hole.
$query = "UPDATE " . $DBPrefix . "categories SET left_id = left_id + " . $diff . " WHERE " . $boundry[0] . " > " . $boundry[3] . " AND " . $boundry[1] . " > " . $boundry[3];
- $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
+ $db->direct_query($query);
$query = "UPDATE " . $DBPrefix . "categories SET right_id = right_id + " . $diff . " WHERE " . $boundry[2] . " > " . $boundry[3];
- $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
+ $db->direct_query($query);
// Now we have to insert all the new elements.
for($i = 0, $n = count($data); $i< $n; $i++)
@@ -347,7 +357,7 @@ function copy($id, $parent, $child_num = 0)
$data[$i] = $this->build_sql($data[$i]);
$query = "INSERT INTO " . $DBPrefix . "categories SET " . $data[$i];
- $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
+ $db->direct_query($query);
}
return true;
}
@@ -355,12 +365,15 @@ function copy($id, $parent, $child_num = 0)
// get a nodes children
function get_children($left_id, $right_id, $level)
{
- global $system, $DBPrefix;
- $query = "SELECT * FROM " . $DBPrefix . "categories WHERE left_id > " . $left_id . " AND right_id < " . $right_id . " AND level = " . ($level + 1) . " ORDER BY cat_name";
- $res = mysql_query($query);
- $system->check_mysql($res, $query, __LINE__, __FILE__);
+ global $system, $DBPrefix, $db;
+ $query = "SELECT * FROM " . $DBPrefix . "categories WHERE left_id > :left_id AND right_id < :right_id AND level = :level ORDER BY cat_name";
+ $params = array();
+ $params[] = array(':left_id', $left_id, 'int');
+ $params[] = array(':right_id', $right_id, 'int');
+ $params[] = array(':level', ($level + 1), 'int');
+ $db->query($query, $params);
$children = array();
- while($child = mysql_fetch_assoc($res))
+ while($child = $db->fetch())
{
$children[] = $child;
}
@@ -371,17 +384,19 @@ function get_children($left_id, $right_id, $level)
// return a list of every child node of a given parent node
function get_children_list($left_id, $right_id, $return = 'cat_id')
{
- global $system, $DBPrefix;
+ global $system, $DBPrefix, $db;
if (empty($left_id) || empty($right_id))
{
return array();
}
- $query = "SELECT " . $return . " FROM " . $DBPrefix . "categories WHERE left_id > " . $left_id . " AND right_id < " . $right_id;
- $res = mysql_query($query);
- $system->check_mysql($res, $query, __LINE__, __FILE__);
+ $query = "SELECT " . $return . " FROM " . $DBPrefix . "categories WHERE left_id > :left_id AND right_id < :right_id";
+ $params = array();
+ $params[] = array(':left_id', $left_id, 'int');
+ $params[] = array(':right_id', $right_id, 'int');
+ $db->query($query, $params);
$children = array();
- while($child = mysql_fetch_assoc($res))
+ while($child = $db->fetch())
{
$children[] = $child;
}
@@ -392,18 +407,20 @@ function get_children_list($left_id, $right_id, $return = 'cat_id')
//returns an ordered list of categories
function display_tree($left_id, $right_id, $indent = "\t")
{
- global $system, $DBPrefix;
+ global $system, $DBPrefix, $db;
// start with an empty $right stack
$right = array();
$return = array();
// now, retrieve all descendants of the $root node
- $query = "SELECT * FROM " . $DBPrefix . "categories WHERE left_id > " . $left_id . " AND right_id < " . $right_id . " ORDER BY left_id ASC";
- $res = mysql_query($query);
- $system->check_mysql($res, $query, __LINE__, __FILE__);
+ $query = "SELECT * FROM " . $DBPrefix . "categories WHERE left_id > :left_id AND right_id < :right_id ORDER BY left_id ASC";
+ $params = array();
+ $params[] = array(':left_id', $left_id, 'int');
+ $params[] = array(':right_id', $right_id, 'int');
+ $db->query($query, $params);
// display each row
- while ($row = mysql_fetch_array($res))
+ while ($row = $db->fetch())
{
// only check stack if there is one
if (count($right) > 0)
@@ -425,30 +442,31 @@ function display_tree($left_id, $right_id, $indent = "\t")
// Return the left_id, right_id and level for the virtual root node.
function get_virtual_root()
{
- global $system, $DBPrefix;
+ global $system, $DBPrefix, $db;
// Virtual root element as parent.
$query = "SELECT right_id FROM " . $DBPrefix . "categories ORDER BY right_id DESC LIMIT 1";
- $res = mysql_query($query);
- $system->check_mysql($res, $query, __LINE__, __FILE__);
- $row = mysql_fetch_assoc($res);
+ $db->direct_query($query);
+ $row = $db->fetch();
$root = array('left_id' => 1, 'right_id' => $row['right_id'], 'level' => -1);
return $root;
}
function get_bread_crumbs($left_id, $right_id)
{
- global $system, $DBPrefix;
+ global $system, $DBPrefix, $db;
if (empty($left_id) || empty($right_id))
{
return array();
}
// return an array of all parent nodes
- $query = "SELECT cat_name, cat_id FROM " . $DBPrefix . "categories WHERE left_id <= " . $left_id . " AND right_id >= " . $right_id . " ORDER BY left_id ASC";
- $res = mysql_query($query);
- $system->check_mysql($res, $query, __LINE__, __FILE__);
+ $query = "SELECT cat_name, cat_id FROM " . $DBPrefix . "categories WHERE left_id <= :left_id AND right_id >= :right_id ORDER BY left_id ASC";
+ $params = array();
+ $params[] = array(':left_id', $left_id, 'int');
+ $params[] = array(':right_id', $right_id, 'int');
+ $db->query($query, $params);
$array = array();
- while ($row = mysql_fetch_assoc($res))
+ while ($row = $db->fetch())
{
$array[] = $row;
}
@@ -474,12 +492,13 @@ function build_sql($data)
function check_category($id)
{
- global $system, $DBPrefix;
+ global $system, $DBPrefix, $db;
- $query = "SELECT cat_id FROM " . $DBPrefix . "categories WHERE cat_id = " . $id . " LIMIT 1";
- $res = mysql_query($query);
- $system->check_mysql($res, $query, __LINE__, __FILE__);
- if (mysql_num_rows($res) > 0)
+ $query = "SELECT cat_id FROM " . $DBPrefix . "categories WHERE cat_id = :cat_id LIMIT 1";
+ $params = array();
+ $params[] = array(':cat_id', $id, 'int');
+ $db->query($query, $params);
+ if ($db->numrows() > 0)
{
return true;
}
diff --git a/index.php b/index.php
index 42a54a3e..32fee668 100644
--- a/index.php
+++ b/index.php
@@ -61,17 +61,19 @@ function ShowFlags()
}
$query = "SELECT cat_id FROM " . $DBPrefix . "categories WHERE parent_id = -1";
-$res = mysql_query($query);
-$system->check_mysql($res, $query, __LINE__, __FILE__);
+$db->direct_query($query);
+$parent_id = $db->result('cat_id');
$query = "SELECT * FROM " . $DBPrefix . "categories
- WHERE parent_id = " . mysql_result($res, 0) . "
+ WHERE parent_id = :parent_id
" . $catsorting . "
- LIMIT " . $system->SETTINGS['catstoshow'];
-$res = mysql_query($query);
-$system->check_mysql($res, $query, __LINE__, __FILE__);
+ LIMIT :limit";
+$params = array();
+$params[] = array(':parent_id', $parent_id, 'int');
+$params[] = array(':limit', $system->SETTINGS['catstoshow'], 'int');
+$db->query($query, $params);
-while ($row = mysql_fetch_assoc($res))
+while ($row = $db->fetch())
{
$template->assign_block_vars('cat_list', array(
'CATAUCNUM' => ($row['sub_counter'] != 0) ? '(' . $row['sub_counter'] . ')' : '',
@@ -85,14 +87,15 @@ function ShowFlags()
// get featured items
$query = "SELECT id, title, current_bid, pict_url, ends, num_bids, minimum_bid, bn_only, buy_now
FROM " . $DBPrefix . "auctions
- WHERE closed = 0 AND suspended = 0 AND starts <= " . $NOW . "
+ WHERE closed = 0 AND suspended = 0 AND starts <= :time
AND featured = 'y'
ORDER BY RAND() DESC LIMIT 12";
-$res = mysql_query($query);
-$system->check_mysql($res, $query, __LINE__, __FILE__);
+$params = array();
+$params[] = array(':time', $NOW, 'int');
+$db->query($query, $params);
$i = 0;
-while($row = mysql_fetch_assoc($res))
+while ($row = $db->fetch())
{
$ends = $row['ends'];
$difference = $ends - time();
@@ -121,14 +124,16 @@ function ShowFlags()
// get last created auctions
$query = "SELECT id, title, starts from " . $DBPrefix . "auctions
WHERE closed = 0 AND suspended = 0
- AND starts <= " . $NOW . "
+ AND starts <= :time
ORDER BY starts DESC
- LIMIT " . $system->SETTINGS['lastitemsnumber'];
-$res = mysql_query($query);
-$system->check_mysql($res, $query, __LINE__, __FILE__);
+ LIMIT :limit";
+$params = array();
+$params[] = array(':time', $NOW, 'int');
+$params[] = array(':limit', $system->SETTINGS['lastitemsnumber'], 'int');
+$db->query($query, $params);
$i = 0;
-while ($row = mysql_fetch_assoc($res))
+while ($row = $db->fetch())
{
$template->assign_block_vars('auc_last', array(
'BGCOLOUR' => (!($i % 2)) ? '' : 'class="alt-row"',
@@ -142,13 +147,15 @@ function ShowFlags()
$auc_last = ($i > 0) ? true : false;
// get ending soon auctions
$query = "SELECT ends, id, title FROM " . $DBPrefix . "auctions
- WHERE closed = 0 AND suspended = 0 AND starts <= " . $NOW . "
- ORDER BY ends LIMIT " . $system->SETTINGS['endingsoonnumber'];
-$res = mysql_query($query);
-$system->check_mysql($res, $query, __LINE__, __FILE__);
+ WHERE closed = 0 AND suspended = 0 AND starts <= :time
+ ORDER BY ends LIMIT :limit";
+$params = array();
+$params[] = array(':time', $NOW, 'int');
+$params[] = array(':limit', $system->SETTINGS['endingsoonnumber'], 'int');
+$db->query($query, $params);
$i = 0;
-while ($row = mysql_fetch_assoc($res))
+while ($row = $db->fetch())
{
$difference = $row['ends'] - time();
if ($difference > 0)
@@ -173,13 +180,15 @@ function ShowFlags()
$query = "SELECT a.id, a.title, a.current_bid, a.pict_url, a.ends, a.num_bids, a.minimum_bid
FROM " . $DBPrefix . "auctions a
LEFT JOIN " . $DBPrefix . "auccounter c ON (a.id = c.auction_id)
- WHERE closed = 0 AND suspended = 0 AND starts <= " . $NOW . "
- ORDER BY c.counter DESC LIMIT " . $system->SETTINGS['hotitemsnumber'];
-$res = mysql_query($query);
-$system->check_mysql($res, $query, __LINE__, __FILE__);
+ WHERE closed = 0 AND suspended = 0 AND starts <= :time
+ ORDER BY c.counter DESC LIMIT :limit";
+$params = array();
+$params[] = array(':time', $NOW, 'int');
+$params[] = array(':limit', $system->SETTINGS['hotitemsnumber'], 'int');
+$db->query($query, $params);
$i = 0;
-while ($row = mysql_fetch_assoc($res))
+while ($row = $db->fetch())
{
$i++;
$ends = $row['ends'];
@@ -204,11 +213,13 @@ function ShowFlags()
$hot_items = ($i > 0) ? true : false;
// Build list of help topics
-$query = "SELECT id, category FROM " . $DBPrefix . "faqscat_translated WHERE lang = '" . $language . "' ORDER BY category ASC";
-$res = mysql_query($query);
-$system->check_mysql($res, $query, __LINE__, __FILE__);
+$query = "SELECT id, category FROM " . $DBPrefix . "faqscat_translated WHERE lang = :language ORDER BY category ASC";
+$params = array();
+$params[] = array(':language', $language, 'str');
+$db->query($query, $params);
+
$i = 0;
-while ($faqscat = mysql_fetch_assoc($res))
+while ($faqscat = $db->fetch())
{
$template->assign_block_vars('helpbox', array(
'ID' => $faqscat['id'],
@@ -223,11 +234,13 @@ function ShowFlags()
{
$query = "SELECT n.title As t, n.new_date, t.* FROM " . $DBPrefix . "news n
LEFT JOIN " . $DBPrefix . "news_translated t ON (t.id = n.id)
- WHERE t.lang = '" . $language . "' AND n.suspended = 0
- ORDER BY new_date DESC, id DESC LIMIT " . $system->SETTINGS['newstoshow'];
- $res = mysql_query($query);
- $system->check_mysql($res, $query, __LINE__, __FILE__);
- while ($new = mysql_fetch_assoc($res))
+ WHERE t.lang = :language AND n.suspended = 0
+ ORDER BY new_date DESC, id DESC LIMIT :limit";
+ $params = array();
+ $params[] = array(':language', $language, 'str');
+ $params[] = array(':limit', $system->SETTINGS['newstoshow'], 'int');
+ $db->query($query, $params);
+ while ($new = $db->fetch())
{
$template->assign_block_vars('newsbox', array(
'ID' => $new['id'],
diff --git a/logout.php b/logout.php
index 0cf5f891..aeaae43f 100644
--- a/logout.php
+++ b/logout.php
@@ -14,14 +14,18 @@
include 'common.php';
-$query = "DELETE from " . $DBPrefix . "online WHERE SESSION = 'uId-" . $_SESSION['WEBID_LOGGED_IN'] . "'";
-$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
+$query = "DELETE from " . $DBPrefix . "online WHERE SESSION = :session";
+$params = array();
+$params[] = array(':session', 'uId-' . $_SESSION['WEBID_LOGGED_IN'], 'str');
+$db->query($query, $params);
unset($_SESSION['WEBID_LOGGED_IN'], $_SESSION['WEBID_LOGGED_NUMBER'], $_SESSION['WEBID_LOGGED_PASS']);
if (isset($_COOKIE['WEBID_RM_ID']))
{
- $query = "DELETE FROM " . $DBPrefix . "rememberme WHERE hashkey = '" . alphanumeric($_COOKIE['WEBID_RM_ID']) . "'";
- $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
+ $query = "DELETE FROM " . $DBPrefix . "rememberme WHERE hashkey = :hashkey";
+ $params = array();
+ $params[] = array(':hashkey', alphanumeric($_COOKIE['WEBID_RM_ID']), 'str');
+ $db->query($query, $params);
setcookie('WEBID_RM_ID', '', time() - 3600);
}
diff --git a/order_packingslip.php b/order_packingslip.php
index 5d6c3eda..d2681d30 100644
--- a/order_packingslip.php
+++ b/order_packingslip.php
@@ -26,17 +26,19 @@
$query = "SELECT w.id, w.winner, w.closingdate, a.id AS auc_id, a.title, w.qty, w.seller As uid
FROM " . $DBPrefix . "auctions a
LEFT JOIN " . $DBPrefix . "winners w ON (a.id = w.auction)
- WHERE a.id = " . intval($_POST['pfval']) . " AND w.id =". intval($_POST['pfwon']) ;
-$res = mysql_query($query);
-$system->check_mysql($res, $query, __LINE__, __FILE__);
+ WHERE a.id = :auc_id AND w.id = :winner_id";
+$params = array();
+$params[] = array(':auc_id', $_POST['pfval'], 'int');
+$params[] = array(':winner_id', $_POST['pfwon'], 'int');
+$db->query($query, $params);
// check its real
-if (mysql_num_rows($res) < 1)
+if ($db->numrows() < 1)
{
invalidinvoice(true);
}
-$data = mysql_fetch_assoc($res);
+$data = $db->fetch();
$winner = getAddresswinner($data['winner']);
// build winners address
diff --git a/order_print.php b/order_print.php
index 4c17d162..ee0f155d 100644
--- a/order_print.php
+++ b/order_print.php
@@ -15,11 +15,15 @@
include 'common.php';
include $include_path . 'functions_invoices.php';
-// If user is not logged in redirect to login page
-if (!$user->is_logged_in())
+// first chanck if from admin
+if (!(isset($_GET['hash']) && $_SESSION['INVOICE_RETURN'] == 'admin/invoice.php' && $_GET['hash'] == $_SESSION['WEBID_ADMIN_NUMBER']))
{
- header('location: user_login.php');
- exit;
+ // If user is not logged in redirect to login page
+ if (!$user->is_logged_in())
+ {
+ header('location: user_login.php');
+ exit;
+ }
}
// is this an auction invoice or fee invoice
@@ -49,23 +53,28 @@
$query = "SELECT w.id, w.winner, w.closingdate As date, a.id AS auc_id, a.title, a.shipping_cost, a.shipping_cost_additional, a.shipping, a.shipping_terms, w.bid, w.qty, a.user As seller_id, a.tax, a.taxinc
FROM " . $DBPrefix . "auctions a
LEFT JOIN " . $DBPrefix . "winners w ON (a.id = w.auction)
- WHERE a.id = " . intval($_POST['pfval']) . " AND w.id = " . intval($_POST['pfwon']);
+ WHERE a.id = :auc_id AND w.id = :winner_id";
+ $params = array();
+ $params[] = array(':auc_id', $_POST['pfval'], 'int');
+ $params[] = array(':winner_id', $_POST['pfwon'], 'int');
+ $db->query($query, $params);
}
else
{
// get fee data
- $query = "SELECT * FROM " . $DBPrefix . "useraccounts WHERE useracc_id = " . intval($_GET['id']);
+ $query = "SELECT * FROM " . $DBPrefix . "useraccounts WHERE useracc_id = :user_id";
+ $params = array();
+ $params[] = array(':user_id', $_GET['id'], 'int');
+ $db->query($query, $params);
}
-$res = mysql_query($query);
-$system->check_mysql($res, $query, __LINE__, __FILE__);
// check its real
-if (mysql_num_rows($res) < 1)
+if ($db->numrows() < 1)
{
invalidinvoice();
}
-$data = mysql_fetch_assoc($res);
+$data = $db->fetch();
if ($auction)
{
diff --git a/themes/admin/invoice.tpl b/themes/admin/invoice.tpl
index 092bf596..659831ae 100644
--- a/themes/admin/invoice.tpl
+++ b/themes/admin/invoice.tpl
@@ -63,7 +63,7 @@
| {invoices.INFO} |
{invoices.TOTAL} |
- {L_898} {L_1058}
+ {L_898} {L_1058}
|