Replaced all mysql queries with mysqli.

rothkj1022 · Sep 2, 2014 · a39f04e · a39f04e
1 parent 843695d
commit a39f04e
Show file tree

Hide file tree

Showing 34 changed files with 2,947 additions and 780 deletions.
diff --git a/css/main.css → css/all.css b/css/main.css → css/all.css
@@ -6,7 +6,7 @@ html, body {
 body {
 	/*background-color: #000;
 	background: #000 url(../images/bg2.jpg) center top no-repeat;*/
-	background-color: #2f692c;
+	background-color: #777;
 	color: #000;
 	font-family: Verdana, Arial, Helvetica, sans-serif;
 	font-size: 13px;

diff --git a/docs/changelog.txt b/docs/changelog.txt
@@ -1,5 +1,6 @@
 PHP Pick 'Em change log
-
+
+1.0.11 - 9/1/2014 - updated installer with 2014 schedule
 1.0.10 - 8/26/2013 - updated installer with 2013 schedule
 1.0.9 - 9/2/2012 - updated installer with 2012 schedule
 1.0.8 - 8/8/2011 - updated phpmailer to 5.2

diff --git a/email_templates.php b/email_templates.php
@@ -3,42 +3,44 @@
 
 if (!$isAdmin) {
 	header('Location: index.php');
+	exit;
 }
 
 $email_template_key = $_POST['email_template_key'];
 if ($_POST['action'] == 'Update') {
-	$sql = "update " . $db_prefix . "email_templates ";
+	$sql = "update " . DB_PREFIX . "email_templates ";
 	$sql .= "set subject = '" . mysql_real_escape_string($_POST['subject']) . "', message = '" . mysql_real_escape_string($_POST['message']) . "' ";
 	$sql .= "where email_template_key = '" . $email_template_key . "';";
-	mysql_query($sql);
-	header('Location: email_templates.php');
-	exit;
+	if ($query = $mysqli->query($sql)) {
+		header('Location: email_templates.php');
+		exit;
+	} else {
+		die('Error updating email template.');
+	}
 } else if (!empty($email_template_key)) {
-	$sql = "select * from " . $db_prefix . "email_templates where email_template_key = '" . $email_template_key . "'";
-	$query = mysql_query($sql);
-	$result = mysql_fetch_array($query);
-	$subject = $result['subject'];
-	$message = $result['message'];
+	$sql = "select * from " . DB_PREFIX . "email_templates where email_template_key = '" . $email_template_key . "'";
+	$query = $mysqli->query($sql);
+	if ($row = mysql_fetch_array($query)) {
+		$subject = $row['subject'];
+		$message = $row['message'];
+	}
+	$query->free();
 }
 
 include('includes/header.php');
 ?>
 <script language="JavaScript" type="text/javascript" src="js/cbrte/html2xhtml.js"></script>
 <script language="JavaScript" type="text/javascript" src="js/cbrte/richtext_compressed.js"></script>
 <script language="JavaScript" type="text/javascript">
-<!--
-function submitForm() {
-	//make sure hidden and iframe values are in sync for all rtes before submitting form
-	updateRTEs();
-
-	return true;
-}
+	function submitForm() {
+		//make sure hidden and iframe values are in sync for all rtes before submitting form
+		updateRTEs();
+		return true;
+	}
 
-//Usage: initRTE(imagesPath, includesPath, cssFile, genXHTML, encHTML)
-initRTE("js/cbrte/images/", "js/cbrte/", "", true);
-//-->
+	//Usage: initRTE(imagesPath, includesPath, cssFile, genXHTML, encHTML)
+	initRTE("js/cbrte/images/", "js/cbrte/", "", true);
 </script>
-<noscript><p><b>Javascript must be enabled to use this form.</b></p></noscript>
 <h1>Email Templates</h1>
 <form name="emailtemplate" action="email_templates.php" method="post" onsubmit="return submitForm();">
 <table cellpadding="4" cellspacing="0">
@@ -48,11 +50,14 @@ function submitForm() {
 			<select name="email_template_key">
 				<option value=""></option>
 				<?php
-				$sql = "select * from " . $db_prefix . "email_templates";
-				$query = mysql_query($sql);
-				while ($result = mysql_fetch_array($query)) {
-					echo '<option value="' . $result['email_template_key'] . '"' . (($email_template_key == $result['email_template_key']) ? ' selected="selected"' : '') . '>' . $result['email_template_title'] . '</option>' . "\n";
+				$sql = "select * from " . DB_PREFIX . "email_templates";
+				$query = $mysqli->query($sql);
+				if ($query->num_rows > 0) {
+					while ($row = $query->fetch_assoc()) {
+						echo '<option value="' . $row['email_template_key'] . '"' . (($email_template_key == $row['email_template_key']) ? ' selected="selected"' : '') . '>' . $row['email_template_title'] . '</option>' . "\n";
+					}
 				}
+				$query->free;
 				?>
 			</select>&nbsp;<input type="submit" value="Select" />
 		</td>
@@ -80,19 +85,17 @@ function submitForm() {
 		</td>
 		<td>
 			<script language="JavaScript" type="text/javascript">
-			<!--
 			//build new richTextEditor
 			var message = new richTextEditor('message');
-			<?php
-			//format content for preloading
-			if (!empty($message)) {
-				$message = rteSafe($message);
-			}
-			?>
+<?php
+//format content for preloading
+if (!empty($message)) {
+	$message = rteSafe($message);
+}
+?>
 			message.html = '<?php echo $message; ?>';
 			//rte1.toggleSrc = false;
 			message.build();
-			//-->
 			</script>
 		</td>
 	</tr>

diff --git a/entry_form.php b/entry_form.php
@@ -5,26 +5,30 @@
 if ($_POST['action'] == 'Submit') {
 	$week = $_POST['week'];
 	$cutoffDateTime = getCutoffDateTime($week);
-	
+
 	//update summary table
-	$sql = "delete from " . $db_prefix . "picksummary where weekNum = " . $_POST['week'] . " and userID = " . $user->userID . ";";
-	mysql_query($sql) or die('Error updating picks summary: ' . mysql_error());
-	$sql = "insert into " . $db_prefix . "picksummary (weekNum, userID, showPicks) values (" . $_POST['week'] . ", " . $user->userID . ", " . (int)$_POST['showPicks'] . ");";
-	mysql_query($sql) or die('Error updating picks summary: ' . mysql_error());
-	
+	$sql = "delete from " . DB_PREFIX . "picksummary where weekNum = " . $_POST['week'] . " and userID = " . $user->userID . ";";
+	$mysqli->query($sql) or die('Error updating picks summary: ' . $mysqli->error);
+	$sql = "insert into " . DB_PREFIX . "picksummary (weekNum, userID, showPicks) values (" . $_POST['week'] . ", " . $user->userID . ", " . (int)$_POST['showPicks'] . ");";
+	$mysqli->query($sql) or die('Error updating picks summary: ' . $mysqli->error);
+
 	//loop through non-expire weeks and update picks
-	$sql = "select * from " . $db_prefix . "schedule where weekNum = " . $_POST['week'] . " and (DATE_ADD(NOW(), INTERVAL " . SERVER_TIMEZONE_OFFSET . " HOUR) < gameTimeEastern and DATE_ADD(NOW(), INTERVAL " . SERVER_TIMEZONE_OFFSET . " HOUR) < '" . $cutoffDateTime . "');";
-	$query = mysql_query($sql);
-	while ($result = mysql_fetch_array($query)) {
-		$sql = "delete from " . $db_prefix . "picks where userID = " . $user->userID . " and gameID = " . $result['gameID'];
-		mysql_query($sql) or die('Error deleting picks: ' . mysql_error());
-
-		if (!empty($_POST['game' . $result['gameID']])) {
-			$sql = "insert into " . $db_prefix . "picks (userID, gameID, pickID) values (" . $user->userID . ", " . $result['gameID'] . ", '" . $_POST['game' . $result['gameID']] . "')";
-			mysql_query($sql) or die('Error inserting pick: ' . mysql_error());
+	$sql = "select * from " . DB_PREFIX . "schedule where weekNum = " . $_POST['week'] . " and (DATE_ADD(NOW(), INTERVAL " . SERVER_TIMEZONE_OFFSET . " HOUR) < gameTimeEastern and DATE_ADD(NOW(), INTERVAL " . SERVER_TIMEZONE_OFFSET . " HOUR) < '" . $cutoffDateTime . "');";
+	$query = $mysqli->query($sql);
+	if ($query->num_rows > 0) {
+		while ($row = $query->fetch_assoc()) {
+			$sql = "delete from " . DB_PREFIX . "picks where userID = " . $user->userID . " and gameID = " . $row['gameID'];
+			$mysqli->query($sql) or die('Error deleting picks: ' . $mysqli->error);
+
+			if (!empty($_POST['game' . $row['gameID']])) {
+				$sql = "insert into " . DB_PREFIX . "picks (userID, gameID, pickID) values (" . $user->userID . ", " . $row['gameID'] . ", '" . $_POST['game' . $row['gameID']] . "')";
+				$mysqli->query($sql) or die('Error inserting picks: ' . $mysqli->error);
+			}
 		}
 	}
+	$query->free;
 	header('Location: results.php?week=' . $_POST['week']);
+	exit;
 } else {
 	$week = (int)$_GET['week'];
 	if (empty($week)) {
@@ -39,19 +43,22 @@
 include('includes/column_right.php');
 
 //display week nav
-$sql = "select distinct weekNum from " . $db_prefix . "schedule order by weekNum;";
-$query = mysql_query($sql);
+$sql = "select distinct weekNum from " . DB_PREFIX . "schedule order by weekNum;";
+$query = $mysqli->query($sql);
 $weekNav = '<div class="navbar3"><b>Go to week:</b> ';
 $i = 0;
-while ($result = mysql_fetch_array($query)) {
-	if ($i > 0) $weekNav .= ' | ';
-	if ($week !== (int)$result['weekNum']) {
-		$weekNav .= '<a href="entry_form.php?week=' . $result['weekNum'] . '">' . $result['weekNum'] . '</a>';
-	} else {
-		$weekNav .= $result['weekNum'];
+if ($query->num_rows > 0) {
+	while ($row = $query->fetch_assoc()) {
+		if ($i > 0) $weekNav .= ' | ';
+		if ($week !== (int)$row['weekNum']) {
+			$weekNav .= '<a href="entry_form.php?week=' . $row['weekNum'] . '">' . $row['weekNum'] . '</a>';
+		} else {
+			$weekNav .= $row['weekNum'];
+		}
+		$i++;
 	}
-	$i++;
 }
+$query->free;
 $weekNav .= '</div>' . "\n";
 echo $weekNav;
 ?>
@@ -73,7 +80,7 @@ function checkform() {
 							if (!radioIsChecked(allR[i].name)) {
 								allChecked = false;
 							}
-						}      
+						}
 				    }
 				    if (!allChecked) {
     					return confirm('One or more picks are missing for the current week.  Do you wish to submit anyway?');
@@ -94,62 +101,63 @@ function radioIsChecked(elmName) {
 	<?php
 	//get existing picks
 	$picks = getUserPicks($week, $user->userID);
-	
+
 	//get show picks status
-	$sql = "select * from " . $db_prefix . "picksummary where weekNum = " . $week . " and userID = " . $user->userID . ";";
-	$query = mysql_query($sql);
-	if (mysql_num_rows($query) > 0) {
-		$result = mysql_fetch_array($query);
-		$showPicks = (int)$result['showPicks'];
+	$sql = "select * from " . DB_PREFIX . "picksummary where weekNum = " . $week . " and userID = " . $user->userID . ";";
+	$query = $mysqli->query($sql);
+	if ($query->num_rows > 0) {
+		$row = $query->fetch_assoc();
+		$showPicks = (int)$row['showPicks'];
 	} else {
 		$showPicks = 1;
 	}
-
+	$query->free;
+
 	//display schedule for week
 	$sql = "select s.*, (DATE_ADD(NOW(), INTERVAL " . SERVER_TIMEZONE_OFFSET . " HOUR) > gameTimeEastern or DATE_ADD(NOW(), INTERVAL " . SERVER_TIMEZONE_OFFSET . " HOUR) > '" . $cutoffDateTime . "')  as expired ";
-	$sql .= "from " . $db_prefix . "schedule s ";
-	$sql .= "inner join " . $db_prefix . "teams ht on s.homeID = ht.teamID ";
-	$sql .= "inner join " . $db_prefix . "teams vt on s.visitorID = vt.teamID ";
+	$sql .= "from " . DB_PREFIX . "schedule s ";
+	$sql .= "inner join " . DB_PREFIX . "teams ht on s.homeID = ht.teamID ";
+	$sql .= "inner join " . DB_PREFIX . "teams vt on s.visitorID = vt.teamID ";
 	$sql .= "where s.weekNum = " . $week . " ";
 	$sql .= "order by s.gameTimeEastern, s.gameID";
 	//echo $sql;
-	$query = mysql_query($sql);
-	if (mysql_num_rows($query) > 0) {
+	$query = $mysqli->query($sql);
+	if ($query->num_rows > 0) {
 		echo '<form name="entryForm" action="entry_form.php" method="post" onsubmit="return checkform();">' . "\n";
 		echo '<input type="hidden" name="week" value="' . $week . '" />' . "\n";
 		echo '<table cellpadding="4" cellspacing="0" class="table1">' . "\n";
 		//echo '	<tr><th>Home</th><th>Visitor</th><th align="left">Game</th><th>Time / Result</th><th>Your Pick</th></tr>' . "\n";
 		$i = 0;
-		while ($result = mysql_fetch_array($query)) {
-			$homeTeam = new team($result['homeID']);
-			$visitorTeam = new team($result['visitorID']);
+		while ($row = $query->fetch_assoc()) {
+			$homeTeam = new team($row['homeID']);
+			$visitorTeam = new team($row['visitorID']);
 			$rowclass = (($i % 2 == 0) ? ' class="altrow"' : '');
-			//$pickExpired = ((date("U") > strtotime($result['gameTimeEastern'])) ? true : false);
+			//$pickExpired = ((date("U") > strtotime($row['gameTimeEastern'])) ? true : false);
 			echo '		<tr' . $rowclass . '>' . "\n";
 			echo '			<td align="center">' . "\n";
 			echo '				<table width="100%" border="0" cellpadding="2" cellspacing="0" class="nostyle">' . "\n";
 			echo '					<tr valign="middle">' . "\n";
-			echo '						<td align="center"><label for="' . $result['gameID'] . $visitorTeam->teamID . '"><img src="images/helmets_big/' . strtolower($visitorTeam->teamID) . '1.gif" onclick="document.entryForm.game' . $result['gameID'] . '[0].checked=true;" /></label><br /><span style="font-size: 9px;"><b>' . $visitorTeam->city . ' ' . $visitorTeam->team . '</b><br />Record: ' . getTeamRecord($visitorTeam->teamID) . '<br />Streak: ' . getTeamStreak($visitorTeam->teamID) . '</span></td>' . "\n";
+			echo '						<td align="center"><label for="' . $row['gameID'] . $visitorTeam->teamID . '"><img src="images/helmets_big/' . strtolower($visitorTeam->teamID) . '1.gif" onclick="document.entryForm.game' . $row['gameID'] . '[0].checked=true;" /></label><br /><span style="font-size: 9px;"><b>' . $visitorTeam->city . ' ' . $visitorTeam->team . '</b><br />Record: ' . getTeamRecord($visitorTeam->teamID) . '<br />Streak: ' . getTeamStreak($visitorTeam->teamID) . '</span></td>' . "\n";
 			echo '						<td align="center">at</td>' . "\n";
-			echo '						<td align="center"><label for="' . $result['gameID'] . $homeTeam->teamID . '"><img src="images/helmets_big/' . strtolower($homeTeam->teamID) . '2.gif" onclick="document.entryForm.game' . $result['gameID'] . '[1].checked=true;" /></label><br /><span style="font-size: 9px;"><b>' . $homeTeam->city . ' ' . $homeTeam->team . '</b><br />Record: ' . getTeamRecord($homeTeam->teamID) . '<br />Streak: ' . getTeamStreak($homeTeam->teamID) . '</span></td>' . "\n";
+			echo '						<td align="center"><label for="' . $row['gameID'] . $homeTeam->teamID . '"><img src="images/helmets_big/' . strtolower($homeTeam->teamID) . '2.gif" onclick="document.entryForm.game' . $row['gameID'] . '[1].checked=true;" /></label><br /><span style="font-size: 9px;"><b>' . $homeTeam->city . ' ' . $homeTeam->team . '</b><br />Record: ' . getTeamRecord($homeTeam->teamID) . '<br />Streak: ' . getTeamStreak($homeTeam->teamID) . '</span></td>' . "\n";
 			echo '					</tr>' . "\n";
-			if (strlen($result['homeScore']) > 0 && strlen($result['visitorScore']) > 0) {
+			if (strlen($row['homeScore']) > 0 && strlen($row['visitorScore']) > 0) {
 				//if score is entered, show score
-				echo '					<tr><td colspan="3" align="center"><b>Final: ' . $result['visitorScore'] . ' - ' . $result['homeScore'] . '</b></td></tr>' . "\n";
+				echo '					<tr><td colspan="3" align="center"><b>Final: ' . $row['visitorScore'] . ' - ' . $row['homeScore'] . '</b></td></tr>' . "\n";
 			} else {
 				//else show time of game
-				echo '					<tr><td colspan="3" align="center">' . date('D n/j g:i a', strtotime($result['gameTimeEastern'])) . ' ET</td></tr>' . "\n";
+				echo '					<tr><td colspan="3" align="center">' . date('D n/j g:i a', strtotime($row['gameTimeEastern'])) . ' ET</td></tr>' . "\n";
 			}
 			echo '				</table>' . "\n";
 			echo '			</td>' . "\n";
 			echo '			<td align="left"><b>Your Pick:</b><br />' . "\n";
-			if (!$result['expired']) {
+			if (!$row['expired']) {
 				//if game is not expired, show pick
-				echo '			<input type="radio" name="game' . $result['gameID'] . '" value="' . $visitorTeam->teamID . '" id="' . $result['gameID'] . $visitorTeam->teamID . '"' . (($picks[$result['gameID']]['pickID'] == $visitorTeam->teamID) ? ' checked="checked"' : '') . ' /> <label for="' . $result['gameID'] . $visitorTeam->teamID . '">' . $visitorTeam->teamName . '</label><br />' . "\n";
-				echo '			<input type="radio" name="game' . $result['gameID'] . '" value="' . $homeTeam->teamID . '" id="' . $result['gameID'] . $homeTeam->teamID . '"' . (($picks[$result['gameID']]['pickID'] == $homeTeam->teamID) ? ' checked="checked"' : '') . ' /> <label for="' . $result['gameID'] . $homeTeam->teamID . '">' . $homeTeam->teamName . '</label><br />' . "\n";
+				echo '			<input type="radio" name="game' . $row['gameID'] . '" value="' . $visitorTeam->teamID . '" id="' . $row['gameID'] . $visitorTeam->teamID . '"' . (($picks[$row['gameID']]['pickID'] == $visitorTeam->teamID) ? ' checked="checked"' : '') . ' /> <label for="' . $row['gameID'] . $visitorTeam->teamID . '">' . $visitorTeam->teamName . '</label><br />' . "\n";
+				echo '			<input type="radio" name="game' . $row['gameID'] . '" value="' . $homeTeam->teamID . '" id="' . $row['gameID'] . $homeTeam->teamID . '"' . (($picks[$row['gameID']]['pickID'] == $homeTeam->teamID) ? ' checked="checked"' : '') . ' /> <label for="' . $row['gameID'] . $homeTeam->teamID . '">' . $homeTeam->teamName . '</label><br />' . "\n";
 			} else {
 				//else show locked pick
-				$pickID = getPickID($result['gameID'], $user->userID);
+				$pickID = getPickID($row['gameID'], $user->userID);
 				if (!empty($pickID)) {
 					$statusImg = '';
 					$pickTeam = new team($pickID);
@@ -160,7 +168,7 @@ function radioIsChecked(elmName) {
 				}
 				if ($scoreEntered) {
 					//set status of pick (correct, incorrect)
-					if ($pickID == $result['winnerID']) {
+					if ($pickID == $row['winnerID']) {
 						$statusImg = '<img src="images/check_16x16.png" width="16" height="16" alt="" />';
 					} else {
 						$statusImg = '<img src="images/cross_16x16.png" width="16" height="16" alt="" />';
@@ -184,12 +192,11 @@ function radioIsChecked(elmName) {
 				<h2>Latest Comments:</h2>
 				<p>comment</p>
 				<div>
-				
+
 				</div>
 			</td>
 		</tr>
 	</table>
 //-->
 <?php
-include('includes/footer.php'); 
-?>
+include('includes/footer.php');
diff --git a/includes/application_top.php b/includes/application_top.php
@@ -18,34 +18,40 @@
 	$_GET[$key] = $purifier->purify($value);
 }
 
-if ($dbConnected) {
+$mysqli = new mysqli(DB_HOSTNAME, DB_USERNAME, DB_PASSWORD, DB_DATABASE) or die('error connecting to db');
+//echo DB_HOSTNAME.' '.DB_USERNAME.' '.DB_PASSWORD.' '.DB_DATABASE;
+//echo 'kjr';
+$mysqli->set_charset('utf8');
+//if (!$mysqli) {
 	//check for presence of install folder
 	if (is_dir('install')) {
 		//do a query to see if db installed
 		//$testQueryOK = false;
-		$sql = "select * from  " . $db_prefix . "teams";
+		$sql = "select * from  " . DB_PREFIX . "teams";
 		//die($sql);
-		if ($query = mysql_query($sql)) {
+		if ($query = $mysqli->query($sql)) {
 			//query is ok, display warning
 			$warnings[] = 'For security, please delete or rename the install folder.';
+			$query->free();
 		} else {
 			//tables not not present, redirect to installer
 			header('location: ./install/');
 			exit;
 		}
 	}
-} else {
-	die('Database not connected.  Please check your config file for proper installation.');
-}
+//} else {
+//	die('Database not connected.  Please check your config file for proper installation.');
+//}
 
 session_start();
 require('includes/classes/login.php');
 $login = new Login;
 
 $okFiles = array('login.php', 'signup.php', 'password_reset.php');
 if (!in_array(basename($_SERVER['PHP_SELF']), $okFiles) && (empty($_SESSION['logged']) || $_SESSION['logged'] !== 'yes')) {
-	header( 'Location: login.php' ) ;
-} else {
+	header( 'Location: login.php' );
+	exit;
+} else if (!empty($_SESSION['loggedInUser'])) {
 	$user = $login->get_user($_SESSION['loggedInUser']);
 	$adminUser = $login->get_user('admin');
 }