Skip to content
Permalink
Browse files Browse the repository at this point in the history
prevent review sql injection, removed uness
  • Loading branch information
philipblaquiere committed Jan 3, 2015
1 parent 010cd29 commit 6cf0b5f
Show file tree
Hide file tree
Showing 15 changed files with 95 additions and 164 deletions.
3 changes: 2 additions & 1 deletion application/controllers/home.php
Expand Up @@ -10,6 +10,7 @@ public function __construct()

public function index()
{
$this->view_wrapper('home');
$data['page'] = "home";
$this->view_wrapper('home', $data);
}
}
6 changes: 4 additions & 2 deletions application/controllers/register.php
Expand Up @@ -15,7 +15,8 @@ public function __construct()
public function index()
{
//Validation on input (requires that all fields exist)
$this->view_wrapper('register');
$data['page'] = "register";
$this->view_wrapper('register', $data);
}

public function password_match($pw1)
Expand Down Expand Up @@ -71,7 +72,8 @@ public function create()
$user['name'] = $_SESSION['player']['name'];
$this->user_model->create($user);
$this->system_message_model->set_message($user['name'] . ', you have successfully linked your League of Legends account! You can now post comments.', MESSAGE_INFO);
$this->view_wrapper('home');
$data['page'] = "home";
$this->view_wrapper('home', $data);
}
}
}
6 changes: 6 additions & 0 deletions application/controllers/review.php
Expand Up @@ -56,4 +56,10 @@ public function comment()
}
$this->review_model->comment($comment);
}

public function get($id)
{
$data['reviews'] = $this->review_model->get($id);
$this->load->view('comments', $data);
}
}
3 changes: 3 additions & 0 deletions application/controllers/summoner.php
Expand Up @@ -46,6 +46,7 @@ public function index($id)
else
{
$data['title'] = $summoner_name[$id];
$data['id'] = $id;
}

$data['reviews'] = $this->review_model->get($id);
Expand All @@ -60,6 +61,8 @@ public function index($id)
$data['stats'] = array_slice($stats, 0, 4);
$data['review_stats'] = array_slice($stats, 4, 2);
$data['sub_title'] = "Look below for game reviews";
$data['summonerid'] = $id;
$data['page'] = "summoner";
}
$this->view_wrapper('summoner', $data);
}
Expand Down
2 changes: 1 addition & 1 deletion application/libraries/Recent_games.php
Expand Up @@ -97,7 +97,7 @@ private function get_player_names($games, $id)
array_push($playerids, $id);
for ($i=0; $i < self::NUM_GAMES_RETURN; $i++)
{
if(array_key_exists($i, $games[self::LOL_GAMES]))
if($games != null && array_key_exists($i, $games[self::LOL_GAMES]))
{
$game = $games[self::LOL_GAMES][$i];
foreach ($game[self::LOL_PLAYERS] as $player)
Expand Down
22 changes: 11 additions & 11 deletions application/models/review_model.php
Expand Up @@ -11,9 +11,9 @@ public function __construct()
public function create($review)
{
$sql = "INSERT INTO reviews (id, fromid, from_name, toid, gameid)
VALUES ('" . $review['id'] . "','" . $review['fromid'] . "','" . $review['from_name'] . "','" . $review['toid'] . "','" . $review['gameid'] . "')";
VALUES (?,?,?,?,?)";

$this->db1->query($sql);
$this->db1->query($sql, array($review['id'], $review['fromid'], $review['from_name'], $review['toid'], $review['gameid']));
}

public function update($review)
Expand All @@ -22,9 +22,9 @@ public function update($review)
$skill_value = $review['value'];
$reviewid = $review['id'];
$sql = "UPDATE reviews
SET $skill = '$skill_value'
WHERE id = '$reviewid'";
$result = $this->db1->query($sql);
SET $skill = ?
WHERE id = ?";
$result = $this->db1->query($sql, array($skill_value, $reviewid));
return TRUE;
}

Expand All @@ -33,9 +33,9 @@ public function comment($comment)
$message = $comment['message'];
$reviewid = $comment['id'];
$sql = "UPDATE reviews
SET message = '$message'
WHERE id = '$reviewid'";
$result = $this->db1->query($sql);
SET message = ?
WHERE id = ?";
$result = $this->db1->query($sql, array($message, $reviewid));
return TRUE;
}

Expand Down Expand Up @@ -66,14 +66,14 @@ public function recent($gameids)

public function get($toid)
{
$sql = "SELECT * FROM reviews
$sql = "SELECT * FROM reviews
WHERE toid = '$toid'
AND (message IS NOT NULL
OR skill1 != 0
OR skill2 != 0
OR skill3 != 0
OR skill4 != 0)";
OR skill4 != 0)
ORDER BY created DESC";
$result = $this->db1->query($sql);
return $result->result_array();
}
Expand Down
35 changes: 35 additions & 0 deletions application/views/comments.php
@@ -0,0 +1,35 @@
<div class="row">
<div class="reviews-title">
<p></p>
</div>
</div>
<div class="row">
<div class="col-md-7">
<div class="reviews-content">
<?php if(empty($reviews)) { ?>
<p>No reviews</p>
<?php } else { foreach ($reviews as $review) { ?>
<div class="review-header">
<p>
<a href="<?php echo site_url('summoner')."/".$review['fromid'] ?>"><?php echo $review['from_name'] ?></a>:
<?php if($review['skill1'] != 0) { ?>
Game-sense-<?php echo $review['skill1'] ?>
<?php } if($review['skill2'] != 0) { ?>
Helpful-<?php echo $review['skill2'] ?>
<?php } if($review['skill3'] != 0) { ?>
Skillful-<?php echo $review['skill4'] ?>
<?php } if($review['skill4'] != 0) { ?>
Delivery-<?php echo $review['skill4'] ?>
<?php } ?>
<?php echo $review['created'] ?>
</p>
</div>
<div class="review-body">
<?php if($review['message'] != NULL) { ?>
<p><?php echo $review['message']?></p>
<?php } ?>
</div>
<?php } } ?>
</div>
</div>
</div>
3 changes: 1 addition & 2 deletions application/views/include/footer.php
@@ -1,6 +1,5 @@
<!-- Content-->
</div><!-- Container -->
</div><!-- Wrap -->
</div><!-- Container -->
<div class="footer">
<div class="copyright">Copyright &copy; <?php echo strftime('%Y'); ?></div>
</div>
Expand Down
5 changes: 2 additions & 3 deletions application/views/include/header.php
Expand Up @@ -28,7 +28,6 @@
<!--<link href="<?php echo base_url('assets/css/fbscript.css') ?>" rel="stylesheet" />-->
</head>

<body>
<div id="wrap">
<!-- Content -->
<body <?php if($page == "summoner") { ?>id="<?php echo $summonerid ?>" <?php } ?> class="<?php echo $page ?>">
<!-- -->

48 changes: 0 additions & 48 deletions application/views/recent_games.php
@@ -1,48 +0,0 @@
<?php if(empty($games)) { ?>
<span class="open_sans">No matches have been played</span>
<?php } ?>
<?php foreach ($games as $game) { ?>

<div class="lol-match row">
<div class="col-md-9">
<table class="table table-condensed">
<th class="col-md-1"/>
<th class="col-md-3"></th>
<th>Player</th>
<?php foreach ($game['100'] as $player) { ?>
<tr>
<td>
<?php if(isset($player['championSprite'])) { ?>
<img src="<?php echo $player['championSprite'] ?>" class="img-responsive" alt="Responsive image">
<?php } ?>
</td>
<td >
<div class="lol-match-player-name">
<strong><?php echo $player['name'] ?></strong>
</div>
</td>
</tr>
<?php } ?>
</table>
<table class="table table-condensed">
<th class="col-md-1"/>
<th class="col-md-3"></th>
<th>Player</th>
<?php foreach ($game['200'] as $player) { ?>
<tr>
<td>
<?php if(isset($player['championSprite'])) { ?>
<img src="<?php echo $player['championSprite'] ?>" class="img-responsive" alt="Responsive image">
<?php } ?>
</td>
<td >
<div class="lol-match-player-name">
<strong><?php echo $player['name'] ?></strong>
</div>
</td>
</tr>
<?php } ?>
</table>
</div>
</div>
<?php } ?>
34 changes: 0 additions & 34 deletions application/views/register_lol.php

This file was deleted.

14 changes: 0 additions & 14 deletions application/views/search.php

This file was deleted.

40 changes: 3 additions & 37 deletions application/views/summoner.php
Expand Up @@ -43,7 +43,7 @@
<div class="col-md-4 col-md-offset-4"><span class="open_sans"></span></div>
</div>
<?php } else { ?>
<div class="summoner-games">
<div id="sg_<?php echo $id ?>" class="summoner-games">
<div class="row">
<div class="col-md-7">
<div class="panel-group" id="accordion" role="tablist" aria-multiselectable="true">
Expand Down Expand Up @@ -124,42 +124,8 @@
</div>
<?php } ?>

<div class="summoner-reviews">
<div class="row">
<div class="reviews-title">
<p></p>
</div>
</div>
<div class="row">
<div class="col-md-7">
<div class="reviews-content">
<?php if(empty($reviews)) { ?>
<p>No reviews left for <?php echo $title ?></p>
<?php } else { foreach ($reviews as $review) { ?>
<div class="review-header">
<p>
<a href="<?php echo site_url('summoner')."/".$review['fromid'] ?>"><?php echo $review['from_name'] ?></a>:
<?php if($review['skill1'] != 0) { ?>.
Game-sense-<?php echo $review['skill1'] ?>
<?php } if($review['skill2'] != 0) { ?>
Helpful-<?php echo $review['skill2'] ?>
<?php } if($review['skill3'] != 0) { ?>
Skillful-<?php echo $review['skill4'] ?>
<?php } if($review['skill4'] != 0) { ?>
Delivery-<?php echo $review['skill4'] ?>
<?php } ?>
<?php echo $review['created'] ?>
</p>
</div>
<div class="review-body">
<?php if($review['message'] != NULL) { ?>
<p><?php echo $review['message']?></p>
<?php } ?>
</div>
<?php } } ?>
</div>
</div>
</div>
<div id="sr_<?php echo $id ?>" class="summoner-reviews">

</div>


5 changes: 5 additions & 0 deletions assets/css/custom.css
Expand Up @@ -226,6 +226,10 @@
}
.review-header{
}
.review-body{
margin-top: -5px;
padding-bottom: 5px;
}
ul
{
list-style-type: none;
Expand All @@ -237,6 +241,7 @@ ul
padding-right: 15px;
max-width: 400px;
}

.summoner-games{
}
.top-buffer { margin-top:20px; }
Expand Down
33 changes: 22 additions & 11 deletions assets/js/custom.js
Expand Up @@ -104,17 +104,6 @@ $(".region-list li a").click(function(event) {
$(this).parents('.input-group-btn').find('.dropdown-toggle').html(selText + ' <span class="caret"></span> ');
});

function reloadLoLRegister(message) {
alert("in reload");
$.ajax({
url: '/LoLRep/add_esport/register_LoL',
type: "post",
data: {},
success: function(data){
$("#authenticate_runepage_page").html(message);
}
});
}

function switchButtonToRegister()
{
Expand Down Expand Up @@ -307,3 +296,25 @@ $(document).on('change', ".skill-radio", function() {
});
});

$(document).ready(function() {
if($('body').is('.summoner')){

var summonerId = document.getElementsByTagName("body")[0].id
$("#sr_"+summonerId).html('<div class="row"><div class="col-md-1 col-md-offset-5"><div class="spinner"><i class="fa-li fa fa-spinner fa-spin fa-2x"></i></div></div></div>');

$.ajax({
url: "/perfect/index.php/review/get/"+summonerId,
type: 'POST',
data: {},
success: function(data){
$("#sr_"+summonerId).html();
$("#sr_"+summonerId).html(data);
},
error:function(jqXHR, textStatus, errorThrown){
$("#"+buttonId).html('An error has occured creating the review:' + textStatus +errorThrown);
return;
}
});
}
});

0 comments on commit 6cf0b5f

Please sign in to comment.