removed ereg/eregi and replaced mysql to mysqli for PHH 7

hjelmua · Aug 26, 2016 · b38ceec · b38ceec
1 parent 21a667d
commit b38ceec
Show file tree

Hide file tree

Showing 51 changed files with 970 additions and 836 deletions.
diff --git a/admin/chngpasswd.php b/admin/chngpasswd.php
@@ -122,20 +122,20 @@
 $get_user = addslashes($get_user);
 
 $query = "select empfullname from ".$db_prefix."employees where empfullname = '".$get_user."'";
-$result = mysql_query($query);
-while ($row=mysql_fetch_array($result)) {
+$result = mysqli_query($GLOBALS["___mysqli_ston"], $query);
+while ($row=mysqli_fetch_array($result)) {
 $username = stripslashes("".$row['empfullname']."");
 }
-mysql_free_result($result);
+((mysqli_free_result($result) || (is_object($result) && (get_class($result) == "mysqli_result"))) ? true : false);
 if (!isset($username)) {echo "username is not defined for this user.\n"; exit;}
 
 if (!empty($get_office)) {
 $query = "select * from ".$db_prefix."offices where officename = '".$get_office."'";
-$result = mysql_query($query);
-while ($row=mysql_fetch_array($result)) {
+$result = mysqli_query($GLOBALS["___mysqli_ston"], $query);
+while ($row=mysqli_fetch_array($result)) {
 $getoffice = "".$row['officename']."";
 }
-mysql_free_result($result);
+((mysqli_free_result($result) || (is_object($result) && (get_class($result) == "mysqli_result"))) ? true : false);
 }
 if (!isset($getoffice)) {echo "Office is not defined for this user. Go back and associate this user with an office.\n"; exit;}
 
@@ -178,11 +178,11 @@
 
 if (!empty($get_office)) {
 $query = "select * from ".$db_prefix."offices where officename = '".$get_office."'";
-$result = mysql_query($query);
-while ($row=mysql_fetch_array($result)) {
+$result = mysqli_query($GLOBALS["___mysqli_ston"], $query);
+while ($row=mysqli_fetch_array($result)) {
 $getoffice = "".$row['officename']."";
 }
-mysql_free_result($result);
+((mysqli_free_result($result) || (is_object($result) && (get_class($result) == "mysqli_result"))) ? true : false);
 }
 if (!isset($getoffice)) {echo "Office is not defined for this user. Go back and associate this user with an office.\n"; exit;}
 
@@ -246,18 +246,22 @@
 
 if (!empty($post_username)) {
 $query = "select * from ".$db_prefix."employees where empfullname = '".$post_username."'";
-$result = mysql_query($query);
-while ($row=mysql_fetch_array($result)) {
+$result = mysqli_query($GLOBALS["___mysqli_ston"], $query);
+while ($row=mysqli_fetch_array($result)) {
 $username = "".$row['empfullname']."";
 }
-mysql_free_result($result);
+((mysqli_free_result($result) || (is_object($result) && (get_class($result) == "mysqli_result"))) ? true : false);
 if (!isset($username)) {echo "username is not defined for this user.\n"; exit;}
 }
 
 $post_username = stripslashes($post_username);
 
 //if (!eregi ("^([[:alnum:]]|~|\!|@|#|\$|%|\^|&|\*|\(|\)|-|\+|`|_|\=|\{|\}|\[|\]|\||\:|\<|\>|\.|,|\?)+$", $new_password)) {
-if (!eregi ("^([[:alnum:]]|~|\!|@|#|\$|%|\^|&|\*|\(|\)|-|\+|`|_|\=|[{]|[}]|\[|\]|\||\:|\<|\>|\.|,|\?)+$", $new_password)) {
+//if (!eregi ("^([[:alnum:]]|~|\!|@|#|\$|%|\^|&|\*|\(|\)|-|\+|`|_|\=|[{]|[}]|\[|\]|\||\:|\<|\>|\.|,|\?)+$", $new_password)) {
+
+if (preg_match("/^[\s\\/;'\"-]*$/i", $new_password)) {
+
+
 $evil_password = '1';
 echo "            <table align=center class=table_border width=60% border=0 cellpadding=0 cellspacing=3>\n";
 echo "              <tr><td class=table_rows width=20 align=center><img src='../images/icons/cancel.png' /></td><td class=table_rows_red>
@@ -312,7 +316,7 @@
 $post_username = addslashes($post_username);
 
 $query = "update ".$db_prefix."employees set employee_passwd = ('".$new_password."') where empfullname = ('".$post_username."')";
-$result = mysql_query($query);
+$result = mysqli_query($GLOBALS["___mysqli_ston"], $query);
 
 $post_username = stripslashes($post_username);
 

diff --git a/admin/database_backup.php b/admin/database_backup.php
@@ -19,7 +19,7 @@
  *   51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA.             *
  ***************************************************************************/
 
-// A thanks goes to the PhpBB team for the inspiration for the memory management and table parsing for MySQL.
+// A thanks goes to the PhpBB team for the inspiration for the memory management and table parsing for mysql.
 
 /**
  * This module will allow a sys admin to backup the database.
@@ -90,7 +90,7 @@ function write_admin_interface() {
 }
 
 /**
- * Determines the memory limit requirements for exporting in MySQL.
+ * Determines the memory limit requirements for exporting in mysql.
  */
 function get_usable_memory() {
     $val = trim(@ini_get('memory_limit'));
@@ -147,27 +147,27 @@ function write_table($table) {
     $sql_data .= "# \n";
 
     $query = "SELECT * FROM $db_prefix$table";
-    $result = mysql_query($query);
+    $result = mysqli_query($GLOBALS["___mysqli_ston"], $query);
     if ($result != false) {
         // Get field information
-        $field_list = mysql_query("SHOW COLUMNS FROM $db_prefix$table");
-        while ($field = mysql_fetch_row($field_list)) {
+        $field_list = mysqli_query($GLOBALS["___mysqli_ston"], "SHOW COLUMNS FROM $db_prefix$table");
+        while ($field = mysqli_fetch_row($field_list)) {
             if ($field[0] == "inout") { // Needs to be escaped
                 $fields .='`inout`, ';
             } else {
                 $fields .= $field[0].", ";
             }
         }
         $fields = rtrim($fields, ', ');
-        $fields_cnt = mysql_num_fields($result);
+        $fields_cnt = (($___mysqli_tmp = mysqli_num_fields($result)) ? $___mysqli_tmp : false);
 
         $sql_data       .= 'INSERT INTO '.$table.' ('.$fields.') VALUES ';
         $first_set      = true;
         $query_len      = 0;
         $max_len        = get_usable_memory();
 
         // Parse the table data and build the insertion statement
-        while ($row = mysql_fetch_row($result)) {
+        while ($row = mysqli_fetch_row($result)) {
             $values = array();
             if ($first_set) {
                 $query = $sql_data . '(';
@@ -197,7 +197,7 @@ function write_table($table) {
                 $first_set = false;
             }
         }
-        mysql_free_result($result);
+        ((mysqli_free_result($result) || (is_object($result) && (get_class($result) == "mysqli_result"))) ? true : false);
 
         // check to make sure we have nothing left to flush
         if (! $first_set && $query) {

diff --git a/admin/database_restore.php b/admin/database_restore.php
@@ -114,37 +114,37 @@ function validInput($backup_file) {
  */
 function clear_table($table) {
     $query = "DELETE FROM $table";
-    $result = mysql_query($query);
+    $result = mysqli_query($GLOBALS["___mysqli_ston"], $query);
     if ($result == false) {
         echo "
-                        Failed to clear table: $table, ".mysql_error().". <br>";
+                        Failed to clear table: $table, ".((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)).". <br>";
     } else {
         echo "
                         Cleared table: $table. <br>";
     }
-    mysql_free_result($result);
+    ((mysqli_free_result($result) || (is_object($result) && (get_class($result) == "mysqli_result"))) ? true : false);
 }
 
 /**
  * Restores information on to the database into table.
- * @param $data is the MySQL data insertion statement.
+ * @param $data is the mysql data insertion statement.
  * @param $table is the table to place the data into.
  * @note If $table does not exist the restore process for the table is skipped.
  */
 function restore_table($data, $table)
 {
     // Add data to the table in the database
-    $result = mysql_query($data);
+    $result = mysqli_query($GLOBALS["___mysqli_ston"], $data);
     if ($result == false) {
         echo "
-                        Failed to restore data, ".mysql_error().". <br>
+                        Failed to restore data, ".((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)).". <br>
                         <br>";
     } else {
         echo "
                         Successfully restored data. <br>
                         <br>";
     }
-    mysql_free_result($result);
+    ((mysqli_free_result($result) || (is_object($result) && (get_class($result) == "mysqli_result"))) ? true : false);
 }
 
 write_admin_interface($title);
@@ -223,14 +223,17 @@ function restore_table($data, $table)
     $filename = $post_backup_file['tmp_name'];
     $file_handle = fopen($filename, "r");
     while ($line = fgets($file_handle)) {
-        if (ereg("# Data from table: ", $line)) {
-            $table = split("# Data from table: ", $line);
+    //    if (ereg("# Data from table: ", $line)) {
+	  if (preg_match("/# Data from table: /", $line)) {
+        //    $table = split("# Data from table: ", $line);
+	    $table = explode('# Data from table: ', $line);
             $table = rtrim($table[1]); // Strip ending characters to get only the table name
             echo "
                         <strong>Restore $table:</strong> <br>
                         Clearing table: $table... <br>";
             clear_table($table);
-        } elseif (ereg("INSERT INTO ", $line)) {
+     //   } elseif (ereg("INSERT INTO ", $line)) {
+	} elseif (preg_match('/INSERT INTO /', $line)) {
             $line = rtrim($line); // Strip ending characters
             restore_table($line, $table);
         }