Skip to content
Permalink
Browse files

PDO

PDO
  • Loading branch information...
renlok committed Aug 31, 2014
1 parent f8d7ce9 commit 380b5ac4204d1a3f21fb152a6abba751f909cbb5
Showing with 26 additions and 18 deletions.
  1. +11 −8 admin/wordsfilter.php
  2. +15 −10 includes/functions_admin.php
@@ -23,12 +23,14 @@
if (isset($_POST['action']) && $_POST['action'] == 'update')
{
// Update database
$query = "UPDATE " . $DBPrefix . "settings SET wordsfilter = '" . $_POST['wordsfilter'] . "'";
$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
$query = "UPDATE " . $DBPrefix . "settings SET wordsfilter = :wordsfilter";
$params = array();
$params[] = array(':wordsfilter', ynbool($_POST['wordsfilter']), 'str');
$db->query($query, $params);
//purge the old wordlist
$query = "DELETE FROM " . $DBPrefix . "filterwords";
$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
$db->direct_query($query);
//rebuild the wordlist
$TMP = explode("\n", $_POST['filtervalues']);
@@ -39,8 +41,10 @@
$v = trim($v);
if (!empty($v))
{
$query = "INSERT INTO " . $DBPrefix . "filterwords VALUES ('" . $v . "')";
$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
$query = "INSERT INTO " . $DBPrefix . "filterwords VALUES (:word)";
$params = array();
$params[] = array(':word', $v, 'str');
$db->query($query, $params);
}
}
}
@@ -49,11 +53,10 @@
}
$query = "SELECT * FROM " . $DBPrefix . "filterwords";
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
$db->direct_query($query);
$WORDSLIST = '';
while ($word = mysql_fetch_assoc($res))
while ($word = $db->fetch())
{
$WORDSLIST .= $word['word'] . "\n";
}
@@ -18,17 +18,19 @@
{
function checklogin()
{
global $_SESSION, $system, $DBPrefix;
global $_SESSION, $system, $DBPrefix, $db;
if (isset($_SESSION['WEBID_ADMIN_NUMBER']) && isset($_SESSION['WEBID_ADMIN_IN']) && isset($_SESSION['WEBID_ADMIN_PASS']))
{
$query = "SELECT hash, password FROM " . $DBPrefix . "adminusers WHERE password = '" . $_SESSION['WEBID_ADMIN_PASS'] . "' AND id = " . $_SESSION['WEBID_ADMIN_IN'];
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
$params = array();
$params[] = array(':admin_pass', $_SESSION['WEBID_ADMIN_PASS'], 'str');
$params[] = array(':admin_id', $_SESSION['WEBID_ADMIN_IN'], 'int');
$db->query($query, $params);
if (mysql_num_rows($res) > 0)
if ($db->numrows() > 0)
{
$user_data = mysql_fetch_array($res);
$user_data = $db->fetch();
if (strspn($user_data['password'], $user_data['hash']) == $_SESSION['WEBID_ADMIN_NUMBER'])
{
@@ -41,17 +43,19 @@ function checklogin()
function getAdminNotes()
{
global $_SESSION, $system, $DBPrefix;
global $_SESSION, $system, $DBPrefix, $db;
if (isset($_SESSION['WEBID_ADMIN_NUMBER']) && isset($_SESSION['WEBID_ADMIN_IN']) && isset($_SESSION['WEBID_ADMIN_PASS']))
{
$query = "SELECT notes FROM " . $DBPrefix . "adminusers WHERE password = '" . $_SESSION['WEBID_ADMIN_PASS'] . "' AND id = " . $_SESSION['WEBID_ADMIN_IN'];
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
$params = array();
$params[] = array(':admin_pass', $_SESSION['WEBID_ADMIN_PASS'], 'str');
$params[] = array(':admin_id', $_SESSION['WEBID_ADMIN_IN'], 'int');
$db->query($query, $params);
if (mysql_num_rows($res) > 0)
if ($db->numrows() > 0)
{
return mysql_result($res, 0);
return $db->result();
}
}
return '';
@@ -78,6 +82,7 @@ function loadblock($title = '', $description = '', $type = '', $name = '', $defa
function generateSelect($name = '', $options = array(), $usekey = true)
{
global $selectsetting;
$html = '<select name="' . $name . '">';
foreach ($options as $option => $value)
{

0 comments on commit 380b5ac

Please sign in to comment.
You can’t perform that action at this time.