Permalink
Browse files

Replaced all mysql queries with mysqli.

  • Loading branch information...
Kevin Roth
Kevin Roth committed Sep 2, 2014
1 parent 843695d commit a39f04eda1d6e5f7cf058e3f56a14e103cec1dea
@@ -6,7 +6,7 @@ html, body {
body {
/*background-color: #000;
background: #000 url(../images/bg2.jpg) center top no-repeat;*/
background-color: #2f692c;
background-color: #777;
color: #000;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 13px;
View
@@ -1,5 +1,6 @@
PHP Pick 'Em change log
1.0.11 - 9/1/2014 - updated installer with 2014 schedule
1.0.10 - 8/26/2013 - updated installer with 2013 schedule
1.0.9 - 9/2/2012 - updated installer with 2012 schedule
1.0.8 - 8/8/2011 - updated phpmailer to 5.2
View
@@ -3,42 +3,44 @@
if (!$isAdmin) {
header('Location: index.php');
exit;
}
$email_template_key = $_POST['email_template_key'];
if ($_POST['action'] == 'Update') {
$sql = "update " . $db_prefix . "email_templates ";
$sql = "update " . DB_PREFIX . "email_templates ";
$sql .= "set subject = '" . mysql_real_escape_string($_POST['subject']) . "', message = '" . mysql_real_escape_string($_POST['message']) . "' ";
$sql .= "where email_template_key = '" . $email_template_key . "';";
mysql_query($sql);
header('Location: email_templates.php');
exit;
if ($query = $mysqli->query($sql)) {
header('Location: email_templates.php');
exit;
} else {
die('Error updating email template.');
}
} else if (!empty($email_template_key)) {
$sql = "select * from " . $db_prefix . "email_templates where email_template_key = '" . $email_template_key . "'";
$query = mysql_query($sql);
$result = mysql_fetch_array($query);
$subject = $result['subject'];
$message = $result['message'];
$sql = "select * from " . DB_PREFIX . "email_templates where email_template_key = '" . $email_template_key . "'";
$query = $mysqli->query($sql);
if ($row = mysql_fetch_array($query)) {
$subject = $row['subject'];
$message = $row['message'];
}
$query->free();
}
include('includes/header.php');
?>
<script language="JavaScript" type="text/javascript" src="js/cbrte/html2xhtml.js"></script>
<script language="JavaScript" type="text/javascript" src="js/cbrte/richtext_compressed.js"></script>
<script language="JavaScript" type="text/javascript">
<!--
function submitForm() {
//make sure hidden and iframe values are in sync for all rtes before submitting form
updateRTEs();
return true;
}
function submitForm() {
//make sure hidden and iframe values are in sync for all rtes before submitting form
updateRTEs();
return true;
}
//Usage: initRTE(imagesPath, includesPath, cssFile, genXHTML, encHTML)
initRTE("js/cbrte/images/", "js/cbrte/", "", true);
//-->
//Usage: initRTE(imagesPath, includesPath, cssFile, genXHTML, encHTML)
initRTE("js/cbrte/images/", "js/cbrte/", "", true);
</script>
<noscript><p><b>Javascript must be enabled to use this form.</b></p></noscript>
<h1>Email Templates</h1>
<form name="emailtemplate" action="email_templates.php" method="post" onsubmit="return submitForm();">
<table cellpadding="4" cellspacing="0">
@@ -48,11 +50,14 @@ function submitForm() {
<select name="email_template_key">
<option value=""></option>
<?php
$sql = "select * from " . $db_prefix . "email_templates";
$query = mysql_query($sql);
while ($result = mysql_fetch_array($query)) {
echo '<option value="' . $result['email_template_key'] . '"' . (($email_template_key == $result['email_template_key']) ? ' selected="selected"' : '') . '>' . $result['email_template_title'] . '</option>' . "\n";
$sql = "select * from " . DB_PREFIX . "email_templates";
$query = $mysqli->query($sql);
if ($query->num_rows > 0) {
while ($row = $query->fetch_assoc()) {
echo '<option value="' . $row['email_template_key'] . '"' . (($email_template_key == $row['email_template_key']) ? ' selected="selected"' : '') . '>' . $row['email_template_title'] . '</option>' . "\n";
}
}
$query->free;
?>
</select>&nbsp;<input type="submit" value="Select" />
</td>
@@ -80,19 +85,17 @@ function submitForm() {
</td>
<td>
<script language="JavaScript" type="text/javascript">
<!--
//build new richTextEditor
var message = new richTextEditor('message');
<?php
//format content for preloading
if (!empty($message)) {
$message = rteSafe($message);
}
?>
<?php
//format content for preloading
if (!empty($message)) {
$message = rteSafe($message);
}
?>
message.html = '<?php echo $message; ?>';
//rte1.toggleSrc = false;
message.build();
//-->
</script>
</td>
</tr>
View
@@ -5,26 +5,30 @@
if ($_POST['action'] == 'Submit') {
$week = $_POST['week'];
$cutoffDateTime = getCutoffDateTime($week);
//update summary table
$sql = "delete from " . $db_prefix . "picksummary where weekNum = " . $_POST['week'] . " and userID = " . $user->userID . ";";
mysql_query($sql) or die('Error updating picks summary: ' . mysql_error());
$sql = "insert into " . $db_prefix . "picksummary (weekNum, userID, showPicks) values (" . $_POST['week'] . ", " . $user->userID . ", " . (int)$_POST['showPicks'] . ");";
mysql_query($sql) or die('Error updating picks summary: ' . mysql_error());
$sql = "delete from " . DB_PREFIX . "picksummary where weekNum = " . $_POST['week'] . " and userID = " . $user->userID . ";";
$mysqli->query($sql) or die('Error updating picks summary: ' . $mysqli->error);
$sql = "insert into " . DB_PREFIX . "picksummary (weekNum, userID, showPicks) values (" . $_POST['week'] . ", " . $user->userID . ", " . (int)$_POST['showPicks'] . ");";
$mysqli->query($sql) or die('Error updating picks summary: ' . $mysqli->error);
//loop through non-expire weeks and update picks
$sql = "select * from " . $db_prefix . "schedule where weekNum = " . $_POST['week'] . " and (DATE_ADD(NOW(), INTERVAL " . SERVER_TIMEZONE_OFFSET . " HOUR) < gameTimeEastern and DATE_ADD(NOW(), INTERVAL " . SERVER_TIMEZONE_OFFSET . " HOUR) < '" . $cutoffDateTime . "');";
$query = mysql_query($sql);
while ($result = mysql_fetch_array($query)) {
$sql = "delete from " . $db_prefix . "picks where userID = " . $user->userID . " and gameID = " . $result['gameID'];
mysql_query($sql) or die('Error deleting picks: ' . mysql_error());
if (!empty($_POST['game' . $result['gameID']])) {
$sql = "insert into " . $db_prefix . "picks (userID, gameID, pickID) values (" . $user->userID . ", " . $result['gameID'] . ", '" . $_POST['game' . $result['gameID']] . "')";
mysql_query($sql) or die('Error inserting pick: ' . mysql_error());
$sql = "select * from " . DB_PREFIX . "schedule where weekNum = " . $_POST['week'] . " and (DATE_ADD(NOW(), INTERVAL " . SERVER_TIMEZONE_OFFSET . " HOUR) < gameTimeEastern and DATE_ADD(NOW(), INTERVAL " . SERVER_TIMEZONE_OFFSET . " HOUR) < '" . $cutoffDateTime . "');";
$query = $mysqli->query($sql);
if ($query->num_rows > 0) {
while ($row = $query->fetch_assoc()) {
$sql = "delete from " . DB_PREFIX . "picks where userID = " . $user->userID . " and gameID = " . $row['gameID'];
$mysqli->query($sql) or die('Error deleting picks: ' . $mysqli->error);
if (!empty($_POST['game' . $row['gameID']])) {
$sql = "insert into " . DB_PREFIX . "picks (userID, gameID, pickID) values (" . $user->userID . ", " . $row['gameID'] . ", '" . $_POST['game' . $row['gameID']] . "')";
$mysqli->query($sql) or die('Error inserting picks: ' . $mysqli->error);
}
}
}
$query->free;
header('Location: results.php?week=' . $_POST['week']);
exit;
} else {
$week = (int)$_GET['week'];
if (empty($week)) {
@@ -39,19 +43,22 @@
include('includes/column_right.php');
//display week nav
$sql = "select distinct weekNum from " . $db_prefix . "schedule order by weekNum;";
$query = mysql_query($sql);
$sql = "select distinct weekNum from " . DB_PREFIX . "schedule order by weekNum;";
$query = $mysqli->query($sql);
$weekNav = '<div class="navbar3"><b>Go to week:</b> ';
$i = 0;
while ($result = mysql_fetch_array($query)) {
if ($i > 0) $weekNav .= ' | ';
if ($week !== (int)$result['weekNum']) {
$weekNav .= '<a href="entry_form.php?week=' . $result['weekNum'] . '">' . $result['weekNum'] . '</a>';
} else {
$weekNav .= $result['weekNum'];
if ($query->num_rows > 0) {
while ($row = $query->fetch_assoc()) {
if ($i > 0) $weekNav .= ' | ';
if ($week !== (int)$row['weekNum']) {
$weekNav .= '<a href="entry_form.php?week=' . $row['weekNum'] . '">' . $row['weekNum'] . '</a>';
} else {
$weekNav .= $row['weekNum'];
}
$i++;
}
$i++;
}
$query->free;
$weekNav .= '</div>' . "\n";
echo $weekNav;
?>
@@ -73,7 +80,7 @@ function checkform() {
if (!radioIsChecked(allR[i].name)) {
allChecked = false;
}
}
}
}
if (!allChecked) {
return confirm('One or more picks are missing for the current week. Do you wish to submit anyway?');
@@ -94,62 +101,63 @@ function radioIsChecked(elmName) {
<?php
//get existing picks
$picks = getUserPicks($week, $user->userID);
//get show picks status
$sql = "select * from " . $db_prefix . "picksummary where weekNum = " . $week . " and userID = " . $user->userID . ";";
$query = mysql_query($sql);
if (mysql_num_rows($query) > 0) {
$result = mysql_fetch_array($query);
$showPicks = (int)$result['showPicks'];
$sql = "select * from " . DB_PREFIX . "picksummary where weekNum = " . $week . " and userID = " . $user->userID . ";";
$query = $mysqli->query($sql);
if ($query->num_rows > 0) {
$row = $query->fetch_assoc();
$showPicks = (int)$row['showPicks'];
} else {
$showPicks = 1;
}
$query->free;
//display schedule for week
$sql = "select s.*, (DATE_ADD(NOW(), INTERVAL " . SERVER_TIMEZONE_OFFSET . " HOUR) > gameTimeEastern or DATE_ADD(NOW(), INTERVAL " . SERVER_TIMEZONE_OFFSET . " HOUR) > '" . $cutoffDateTime . "') as expired ";
$sql .= "from " . $db_prefix . "schedule s ";
$sql .= "inner join " . $db_prefix . "teams ht on s.homeID = ht.teamID ";
$sql .= "inner join " . $db_prefix . "teams vt on s.visitorID = vt.teamID ";
$sql .= "from " . DB_PREFIX . "schedule s ";
$sql .= "inner join " . DB_PREFIX . "teams ht on s.homeID = ht.teamID ";
$sql .= "inner join " . DB_PREFIX . "teams vt on s.visitorID = vt.teamID ";
$sql .= "where s.weekNum = " . $week . " ";
$sql .= "order by s.gameTimeEastern, s.gameID";
//echo $sql;
$query = mysql_query($sql);
if (mysql_num_rows($query) > 0) {
$query = $mysqli->query($sql);
if ($query->num_rows > 0) {
echo '<form name="entryForm" action="entry_form.php" method="post" onsubmit="return checkform();">' . "\n";
echo '<input type="hidden" name="week" value="' . $week . '" />' . "\n";
echo '<table cellpadding="4" cellspacing="0" class="table1">' . "\n";
//echo ' <tr><th>Home</th><th>Visitor</th><th align="left">Game</th><th>Time / Result</th><th>Your Pick</th></tr>' . "\n";
$i = 0;
while ($result = mysql_fetch_array($query)) {
$homeTeam = new team($result['homeID']);
$visitorTeam = new team($result['visitorID']);
while ($row = $query->fetch_assoc()) {
$homeTeam = new team($row['homeID']);
$visitorTeam = new team($row['visitorID']);
$rowclass = (($i % 2 == 0) ? ' class="altrow"' : '');
//$pickExpired = ((date("U") > strtotime($result['gameTimeEastern'])) ? true : false);
//$pickExpired = ((date("U") > strtotime($row['gameTimeEastern'])) ? true : false);
echo ' <tr' . $rowclass . '>' . "\n";
echo ' <td align="center">' . "\n";
echo ' <table width="100%" border="0" cellpadding="2" cellspacing="0" class="nostyle">' . "\n";
echo ' <tr valign="middle">' . "\n";
echo ' <td align="center"><label for="' . $result['gameID'] . $visitorTeam->teamID . '"><img src="images/helmets_big/' . strtolower($visitorTeam->teamID) . '1.gif" onclick="document.entryForm.game' . $result['gameID'] . '[0].checked=true;" /></label><br /><span style="font-size: 9px;"><b>' . $visitorTeam->city . ' ' . $visitorTeam->team . '</b><br />Record: ' . getTeamRecord($visitorTeam->teamID) . '<br />Streak: ' . getTeamStreak($visitorTeam->teamID) . '</span></td>' . "\n";
echo ' <td align="center"><label for="' . $row['gameID'] . $visitorTeam->teamID . '"><img src="images/helmets_big/' . strtolower($visitorTeam->teamID) . '1.gif" onclick="document.entryForm.game' . $row['gameID'] . '[0].checked=true;" /></label><br /><span style="font-size: 9px;"><b>' . $visitorTeam->city . ' ' . $visitorTeam->team . '</b><br />Record: ' . getTeamRecord($visitorTeam->teamID) . '<br />Streak: ' . getTeamStreak($visitorTeam->teamID) . '</span></td>' . "\n";
echo ' <td align="center">at</td>' . "\n";
echo ' <td align="center"><label for="' . $result['gameID'] . $homeTeam->teamID . '"><img src="images/helmets_big/' . strtolower($homeTeam->teamID) . '2.gif" onclick="document.entryForm.game' . $result['gameID'] . '[1].checked=true;" /></label><br /><span style="font-size: 9px;"><b>' . $homeTeam->city . ' ' . $homeTeam->team . '</b><br />Record: ' . getTeamRecord($homeTeam->teamID) . '<br />Streak: ' . getTeamStreak($homeTeam->teamID) . '</span></td>' . "\n";
echo ' <td align="center"><label for="' . $row['gameID'] . $homeTeam->teamID . '"><img src="images/helmets_big/' . strtolower($homeTeam->teamID) . '2.gif" onclick="document.entryForm.game' . $row['gameID'] . '[1].checked=true;" /></label><br /><span style="font-size: 9px;"><b>' . $homeTeam->city . ' ' . $homeTeam->team . '</b><br />Record: ' . getTeamRecord($homeTeam->teamID) . '<br />Streak: ' . getTeamStreak($homeTeam->teamID) . '</span></td>' . "\n";
echo ' </tr>' . "\n";
if (strlen($result['homeScore']) > 0 && strlen($result['visitorScore']) > 0) {
if (strlen($row['homeScore']) > 0 && strlen($row['visitorScore']) > 0) {
//if score is entered, show score
echo ' <tr><td colspan="3" align="center"><b>Final: ' . $result['visitorScore'] . ' - ' . $result['homeScore'] . '</b></td></tr>' . "\n";
echo ' <tr><td colspan="3" align="center"><b>Final: ' . $row['visitorScore'] . ' - ' . $row['homeScore'] . '</b></td></tr>' . "\n";
} else {
//else show time of game
echo ' <tr><td colspan="3" align="center">' . date('D n/j g:i a', strtotime($result['gameTimeEastern'])) . ' ET</td></tr>' . "\n";
echo ' <tr><td colspan="3" align="center">' . date('D n/j g:i a', strtotime($row['gameTimeEastern'])) . ' ET</td></tr>' . "\n";
}
echo ' </table>' . "\n";
echo ' </td>' . "\n";
echo ' <td align="left"><b>Your Pick:</b><br />' . "\n";
if (!$result['expired']) {
if (!$row['expired']) {
//if game is not expired, show pick
echo ' <input type="radio" name="game' . $result['gameID'] . '" value="' . $visitorTeam->teamID . '" id="' . $result['gameID'] . $visitorTeam->teamID . '"' . (($picks[$result['gameID']]['pickID'] == $visitorTeam->teamID) ? ' checked="checked"' : '') . ' /> <label for="' . $result['gameID'] . $visitorTeam->teamID . '">' . $visitorTeam->teamName . '</label><br />' . "\n";
echo ' <input type="radio" name="game' . $result['gameID'] . '" value="' . $homeTeam->teamID . '" id="' . $result['gameID'] . $homeTeam->teamID . '"' . (($picks[$result['gameID']]['pickID'] == $homeTeam->teamID) ? ' checked="checked"' : '') . ' /> <label for="' . $result['gameID'] . $homeTeam->teamID . '">' . $homeTeam->teamName . '</label><br />' . "\n";
echo ' <input type="radio" name="game' . $row['gameID'] . '" value="' . $visitorTeam->teamID . '" id="' . $row['gameID'] . $visitorTeam->teamID . '"' . (($picks[$row['gameID']]['pickID'] == $visitorTeam->teamID) ? ' checked="checked"' : '') . ' /> <label for="' . $row['gameID'] . $visitorTeam->teamID . '">' . $visitorTeam->teamName . '</label><br />' . "\n";
echo ' <input type="radio" name="game' . $row['gameID'] . '" value="' . $homeTeam->teamID . '" id="' . $row['gameID'] . $homeTeam->teamID . '"' . (($picks[$row['gameID']]['pickID'] == $homeTeam->teamID) ? ' checked="checked"' : '') . ' /> <label for="' . $row['gameID'] . $homeTeam->teamID . '">' . $homeTeam->teamName . '</label><br />' . "\n";
} else {
//else show locked pick
$pickID = getPickID($result['gameID'], $user->userID);
$pickID = getPickID($row['gameID'], $user->userID);
if (!empty($pickID)) {
$statusImg = '';
$pickTeam = new team($pickID);
@@ -160,7 +168,7 @@ function radioIsChecked(elmName) {
}
if ($scoreEntered) {
//set status of pick (correct, incorrect)
if ($pickID == $result['winnerID']) {
if ($pickID == $row['winnerID']) {
$statusImg = '<img src="images/check_16x16.png" width="16" height="16" alt="" />';
} else {
$statusImg = '<img src="images/cross_16x16.png" width="16" height="16" alt="" />';
@@ -184,12 +192,11 @@ function radioIsChecked(elmName) {
<h2>Latest Comments:</h2>
<p>comment</p>
<div>
</div>
</td>
</tr>
</table>
//-->
<?php
include('includes/footer.php');
?>
include('includes/footer.php');
@@ -18,34 +18,40 @@
$_GET[$key] = $purifier->purify($value);
}
if ($dbConnected) {
$mysqli = new mysqli(DB_HOSTNAME, DB_USERNAME, DB_PASSWORD, DB_DATABASE) or die('error connecting to db');
//echo DB_HOSTNAME.' '.DB_USERNAME.' '.DB_PASSWORD.' '.DB_DATABASE;
//echo 'kjr';
$mysqli->set_charset('utf8');
//if (!$mysqli) {
//check for presence of install folder
if (is_dir('install')) {
//do a query to see if db installed
//$testQueryOK = false;
$sql = "select * from " . $db_prefix . "teams";
$sql = "select * from " . DB_PREFIX . "teams";
//die($sql);
if ($query = mysql_query($sql)) {
if ($query = $mysqli->query($sql)) {
//query is ok, display warning
$warnings[] = 'For security, please delete or rename the install folder.';
$query->free();
} else {
//tables not not present, redirect to installer
header('location: ./install/');
exit;
}
}
} else {
die('Database not connected. Please check your config file for proper installation.');
}
//} else {
// die('Database not connected. Please check your config file for proper installation.');
//}
session_start();
require('includes/classes/login.php');
$login = new Login;
$okFiles = array('login.php', 'signup.php', 'password_reset.php');
if (!in_array(basename($_SERVER['PHP_SELF']), $okFiles) && (empty($_SESSION['logged']) || $_SESSION['logged'] !== 'yes')) {
header( 'Location: login.php' ) ;
} else {
header( 'Location: login.php' );
exit;
} else if (!empty($_SESSION['loggedInUser'])) {
$user = $login->get_user($_SESSION['loggedInUser']);
$adminUser = $login->get_user('admin');
}
Oops, something went wrong.

0 comments on commit a39f04e

Please sign in to comment.