diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/account/list.php | 2 | ||||
| -rw-r--r-- | lib/conf/file.php | 2 | ||||
| -rw-r--r-- | lib/login.php | 14 | ||||
| -rw-r--r-- | lib/notes/delete.php | 2 | ||||
| -rw-r--r-- | lib/notes/edit.php | 11 | ||||
| -rw-r--r-- | lib/notes/move.php | 8 | ||||
| -rw-r--r-- | lib/notes/new.php | 11 | ||||
| -rw-r--r-- | lib/notes/source.php | 6 | ||||
| -rw-r--r-- | lib/notes/user.php | 10 | ||||
| -rw-r--r-- | lib/notes/view.php | 6 | ||||
| -rw-r--r-- | lib/sql.php | 35 | ||||
| -rw-r--r-- | lib/static/home.md | 12 |
12 files changed, 66 insertions, 53 deletions
diff --git a/lib/account/list.php b/lib/account/list.php index 56392c0..c45a8ca 100644 --- a/lib/account/list.php +++ b/lib/account/list.php @@ -27,5 +27,5 @@ $n = sql("SELECT account.id AS id, login AS name, nc.count AS nbNotes, pc.count "GROUP BY blog_posts.owner) pc ON pc.owner = account.id ". get_filter("cat") . " ORDER BY " . get_filter("order") . " " . get_filter("way") . " "); -while ($nn = mysql_fetch_assoc($n)) $users[] = $nn; +while ($nn = $n->fetch()) $users[] = $nn; require("tpl/account/list.php"); diff --git a/lib/conf/file.php b/lib/conf/file.php index 2e8cd18..945bf3e 100644 --- a/lib/conf/file.php +++ b/lib/conf/file.php @@ -1,6 +1,6 @@ <?php -$baseurl = "http://adnab.me/files/"; +$baseurl = "http://adnab.me/~katchup/files/"; $savedir = getcwd() . "/files/"; $img_mini_width = 127; diff --git a/lib/login.php b/lib/login.php index 2ba954e..a58ee75 100644 --- a/lib/login.php +++ b/lib/login.php @@ -2,7 +2,7 @@ require("conf/login.php"); -session_start($session_name); +session_start(); $priv = array(0 => "Anonymous", 1 => "Member", 2 => "Administrator"); $user = array('id' => 0, 'name' => 'Anonymous', 'priv' => 0); @@ -15,9 +15,9 @@ if (isset($_GET['logout'])) { } if (isset($_POST['login']) && isset($_POST['pw'])) { - $sql = sql("SELECT id FROM account ". - "WHERE login = '" . esc($_POST['login']) . "' AND password = PASSWORD('" . esc($_POST['pw']) . "')"); - if ($util = mysql_fetch_assoc($sql)) { + $sql = sql("SELECT id FROM account WHERE login = ? AND password = PASSWORD(?)", + esc($_POST['login']), esc($_POST['pw'])); + if ($util = $sql->fetch()) { $_SESSION['user_id'] = intval($util['id']); } else { $error = "Wrong username or password."; @@ -31,9 +31,9 @@ if (isset($_SESSION['user_id'])) { $user = $_SESSION['user']; } else { $sql = sql("SELECT login AS name, id, priv ". - "FROM account ". - "WHERE id = " . $_SESSION['user_id']); - if ($util = mysql_fetch_assoc($sql)) { + "FROM account WHERE id = ?", + $_SESSION['user_id']); + if ($util = $sql->fetch()) { $user['id'] = $_SESSION['user_id']; $user['name'] = $util['name']; $user['priv'] = $util['priv']; diff --git a/lib/notes/delete.php b/lib/notes/delete.php index 43dbf44..179f788 100644 --- a/lib/notes/delete.php +++ b/lib/notes/delete.php @@ -3,7 +3,7 @@ assert_redir(count($args) >= 3, 'notes'); $noteid = intval($args[2]); -$note = mysql_fetch_assoc(sql("SELECT owner FROM notes WHERE id = $noteid")); +$note = sql("SELECT owner FROM notes WHERE id = $noteid")->fetch(); assert_error($note && ($note['owner'] == $user['id'] || $user['priv'] >= $priv_admin), "This note does not exist, or you are not allowed to delete it."); diff --git a/lib/notes/edit.php b/lib/notes/edit.php index ec479b0..cecbb2d 100644 --- a/lib/notes/edit.php +++ b/lib/notes/edit.php @@ -5,12 +5,12 @@ require("lib/markdown.php"); assert_redir(count($args) == 3, 'notes'); $noteid = intval($args[2]); -$note = mysql_fetch_assoc(sql( +$note = sql( "SELECT na.id AS id, na.title AS title, na.text AS text, na.public AS public, na.owner AS owner, ". "nb.title AS parent_title, nb.id AS parent_id, account.login AS ownername FROM notes na ". "LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ". "WHERE na.id = $noteid" -)); +)->fetch(); assert_error($note && ($note['owner'] == $user['id'] || $user['priv'] >= $priv_admin), "This note does not exist, or you are not allowed to edit it."); @@ -29,9 +29,10 @@ if (isset($_POST['title']) && isset($_POST['text'])) { $preview = $note_html; $message = "Your preview is below the edit form."; } else { - sql("UPDATE notes SET title = '" . escs($note_title) . "', text = '" . escs($note_text) . - "', text_html = '" . escs($note_html) . "', public = " . ($note_public?'1':'0') . - " WHERE id = $noteid"); + sql("UPDATE notes SET title = ?, text = ?, text_html = ?, ". + " public = " . ($note_public?'1':'0') . + " WHERE id = $noteid", + escs($note_title), escs($note_text), escs($note_html)); header("Location: view-notes-" . $noteid); die(); } diff --git a/lib/notes/move.php b/lib/notes/move.php index d51b4ad..2f6375a 100644 --- a/lib/notes/move.php +++ b/lib/notes/move.php @@ -3,12 +3,12 @@ assert_redir(count($args) >= 3, 'notes'); $noteid = intval($args[2]); -$note = mysql_fetch_assoc(sql( +$note = sql( "SELECT na.id AS id, na.title AS title, na.text AS text, na.public AS public, na.owner AS owner, ". "nb.title AS parent_title, nb.id AS parent_id, account.login AS ownername FROM notes na ". "LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ". "WHERE na.id = $noteid" -)); +)->fetch(); assert_error($note && ($note['owner'] == $user['id'] || $user['priv'] >= $priv_admin), "This note does not exist, or you are not allowed to move it."); @@ -16,7 +16,7 @@ if (count($args) == 4) { $newparent = intval($args[3]); // SHOULD CHECK FOR TREE CONSISTENCY, SKIP FOR NOW. if ($newparent != 0) { - $p = mysql_fetch_assoc(sql("SELECT id, owner FROM notes WHERE id = $newparent")); + $p = sql("SELECT id, owner FROM notes WHERE id = $newparent")->fetch(); } if ($newparent != 0 && !$p) { $error = "Selected parent does not exist."; @@ -32,7 +32,7 @@ if (count($args) == 4) { $notes_tree = array(); $n = sql("SELECT id, parent, title FROM notes ". "WHERE owner = " . $user['id'] . " AND id != $noteid AND parent != $noteid ORDER BY title ASC"); -while ($nn = mysql_fetch_assoc($n)) { +while ($nn = $n->fetch()) { if (isset($notes_tree[$nn['parent']])) { $notes_tree[$nn['parent']][] = $nn; } else { diff --git a/lib/notes/new.php b/lib/notes/new.php index 1213b94..adad015 100644 --- a/lib/notes/new.php +++ b/lib/notes/new.php @@ -6,12 +6,12 @@ assert_redir(count($args) == 3, 'notes'); $parentid = intval($args[2]); if ($parentid != 0) { - $parent = mysql_fetch_assoc(sql( + $parent = sql( "SELECT na.id AS id, na.title AS title, na.text_html AS html, na.public AS public, na.owner AS owner, ". "nb.title AS parent_title, nb.id AS parent_id, account.login AS ownername FROM notes na ". "LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ". "WHERE na.id = $parentid" - )); + )->fetch(); assert_error($parent && $parent['owner'] == $user['id'], "The selected parent does not exist, or you cannot create children for it."); } @@ -28,9 +28,10 @@ if (isset($_POST['title']) && isset($_POST['text'])) { $error = "You must enter a title for your note"; } else { sql("INSERT INTO notes(owner, parent, title, text, text_html, public) ". - "VALUES(" . $user['id'] . ", $parentid, '" . escs($note_title) . "', '" . - escs($note_text) . "', '" . escs($note_html) . "', ". ($note_public?'1':'0') . ")"); - header("Location: view-notes-" . mysql_insert_id()); + "VALUES(?, ?, ?, ?, ?, ". ($note_public?'1':'0') . ")", + $user['id'], $parentid, escs($note_title), + escs($note_text), escs($note_html)); + header("Location: view-notes-" . $sql_conn->lastInsertId()); die(); } } diff --git a/lib/notes/source.php b/lib/notes/source.php index d032d33..091ab8c 100644 --- a/lib/notes/source.php +++ b/lib/notes/source.php @@ -3,7 +3,7 @@ assert_redir(count($args) == 3, 'notes'); $noteid = intval($args[2]); -$note = mysql_fetch_assoc(sql("SELECT id, title, text, public, owner FROM notes WHERE id = $noteid")); +$note = sql("SELECT id, title, text, public, owner FROM notes WHERE id = $noteid")->fetch(); assert_error($note && ($note['public'] != 0 || $note['owner'] == $user['id']), "This note does not exist, or you are not allowed to see it."); @@ -15,8 +15,8 @@ assert_error($note && ($note['public'] != 0 || $note['owner'] == $user['id']), <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> </head> <body> -<pre><? echo htmlspecialchars($note['text']); ?></pre> +<pre><?php echo htmlspecialchars($note['text']); ?></pre> </body> </html> -<? +<?php die(); diff --git a/lib/notes/user.php b/lib/notes/user.php index e420946..a2982be 100644 --- a/lib/notes/user.php +++ b/lib/notes/user.php @@ -6,7 +6,7 @@ $userid = intval($args[2]); if ($userid == $user['id']) { $note_owner = $user; } else { - $note_owner = mysql_fetch_assoc(sql("SELECT login AS name, id FROM account WHERE id = $userid")); + $note_owner = sql("SELECT login AS name, id FROM account WHERE id = $userid")->fetch(); assert_error($note_owner, "That user id does not exist.", "no such user"); } @@ -15,14 +15,14 @@ $n = sql("SELECT account.id AS id, login AS name, COUNT(notes.id) AS nbNotes FRO "LEFT JOIN notes ON notes.owner = account.id ". "WHERE notes.public != 0 AND notes.id != 0 ". "GROUP BY account.id ORDER BY nbNotes DESC"); -while ($nn = mysql_fetch_assoc($n)) $users[] = $nn; +while ($nn =$n->fetch()) $users[] = $nn; $notes_tree = array(); $n = sql("SELECT id, parent, title FROM notes ". - "WHERE owner = $userid ". + "WHERE owner = ? ". ($userid == $user['id'] ? "" : "AND public != 0 "). - "ORDER BY title ASC"); -while ($nn = mysql_fetch_assoc($n)) { + "ORDER BY title ASC", $userid); +while ($nn = $n->fetch()) { if (isset($notes_tree[$nn['parent']])) { $notes_tree[$nn['parent']][] = $nn; } else { diff --git a/lib/notes/view.php b/lib/notes/view.php index a6a014c..d29732d 100644 --- a/lib/notes/view.php +++ b/lib/notes/view.php @@ -3,12 +3,12 @@ assert_redir(count($args) == 3, 'notes'); $noteid = intval($args[2]); -$note = mysql_fetch_assoc(sql( +$note = sql( "SELECT na.id AS id, na.title AS title, na.text_html AS html, na.public AS public, na.owner AS owner, ". "nb.title AS parent_title, nb.id AS parent_id, account.login AS ownername FROM notes na ". "LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ". - "WHERE na.id = $noteid" -)); + "WHERE na.id = ?", $noteid +)->fetch(); assert_error($note && ($note['public'] != 0 || $note['owner'] == $user['id'] || $user['priv'] >= $priv_admin), "This note does not exist, or you are not allowed to see it."); diff --git a/lib/sql.php b/lib/sql.php index 9f65568..839d469 100644 --- a/lib/sql.php +++ b/lib/sql.php @@ -4,30 +4,40 @@ require("conf/sql.php"); $sql_queries = 0; $sql_connected = false; +$sql_conn = null; function sql_connect() { - global $sql_server, $sql_user, $sql_password, $sql_database, $sql_connected; + global $sql_server, $sql_user, $sql_password, $sql_database, $sql_connected, $sql_conn; if ($sql_connected == true) return; - if (!@mysql_connect($sql_server, $sql_user, $sql_password)) { + + try { + $sql_conn = new PDO("mysql:host=$sql_server;dbname=$sql_database;charset=utf8", + $sql_user, $sql_password, [ + PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, + PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, + PDO::ATTR_EMULATE_PREPARES => false, + ]); + } catch(PDOException $e) { $title = "Cannot connect to SQL server"; - $error = "An error has occurred with the SQL server !"; + $error = "An error has occurred with the SQL server ! " . $e->getMessage(); require("tpl/general/empty.php"); } - mysql_select_db($sql_database); - mysql_query("SET NAMES 'utf8'"); $sql_connected = true; } -function sql($r) { - global $sql_queries, $sql_connected; +function sql($r, ...$args) { + global $sql_queries, $sql_connected, $sql_conn; if ($sql_connected != true) sql_connect(); $sql_queries++; - if ($a = mysql_query($r)) { - return $a; - } else { + + $stmt = $sql_conn->prepare($r); + try { + $stmt->execute($args); + return $stmt; + } catch(PDOException $e) { $title = "SQL error."; $request = $r; - $sql_error = mysql_error(); + $sql_error = $e->getMessage(); require("tpl/general/sqlerror.php"); } } @@ -40,8 +50,7 @@ function esca($v) { } } function escs($v) { - sql_connect(); - return mysql_escape_string($v); + return $v; } function esc($v) { return escs(esca($v)); diff --git a/lib/static/home.md b/lib/static/home.md index e291e72..db11071 100644 --- a/lib/static/home.md +++ b/lib/static/home.md @@ -2,21 +2,22 @@ Page destinée à être peuplée (plus ou moins intensément) dans un futur proc ### Fiche d'identité -Patronyme +Identification : Alex AUVOLAT--BERNSTEIN Occupation -: Étudiant au Département d'Informatique de l'ENS +: Étudiant au [Département d'Informatique](http://www.di.ens.fr) de l'[ENS](http://www.ens.fr/) Cursus -: Élève normalien (2013-) +: Élève à l'ENS rue d'Ulm (2013-) : Prépa MPSI/MP au lycée Masséna (2011-2013) : Lycée Albert Calmette (2008-2011) : École Montessori Les Pouces Verts (1997-2008) : Conservatoire (dans ma jeunesse) Contact -: `alex [chez] adnab.me`, ou bien `alex.auvolat [chez] ens.fr` +: `alex.auvolat [chez] ens.fr` +: `alex [chez] adnab.me` Intérêts en informatique : Systèmes d'exploitations originaux @@ -33,6 +34,7 @@ Compétences remarquables : Programmation : Administration Linux : Anglais (bilingue) +: Piano ### Le serveur `adnab.me` @@ -41,7 +43,7 @@ Localisation : <http://adnab.me> Services -: [Dépôts Git](http://adnab.me/cgi-bin/cgit.cgi/) +: [Dépôts Git](http://adnab.me/cgit/) |