Skip to content

Commit

Permalink
new DbInterface usage
Browse files Browse the repository at this point in the history
  • Loading branch information
sveneld committed Feb 28, 2024
1 parent 2592601 commit 7113bb6
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 26 deletions.
4 changes: 2 additions & 2 deletions actions-qrcode.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,13 @@ function response($message,$error=0,$log=1)
{
if (isset($_COOKIE["loguserid"]))
{
$userid=$db->conn->real_escape_string(trim($_COOKIE["loguserid"]));
$userid=$db->escape(trim($_COOKIE["loguserid"]));
}
else $userid=0;
$number=getphonenumber($userid);
logresult($number,$message);
}
$db->conn->commit();
$db->commit();
echo '<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"><title>',$systemname,'</title>';
echo '<base href="',$systemURL,'" />';
echo '<link rel="stylesheet" type="text/css" href="css/bootstrap.min.css" />';
Expand Down
48 changes: 24 additions & 24 deletions actions-web.php
Original file line number Diff line number Diff line change
Expand Up @@ -13,15 +13,15 @@ function response($message, $error = 0, $additional = '', $log = 1)
$json = json_encode($json);
if ($log == 1 and $message) {
if (isset($_COOKIE['loguserid'])) {
$userid = $db->conn->real_escape_string(trim($_COOKIE['loguserid']));
$userid = $db->escape(trim($_COOKIE['loguserid']));
} else {
$userid = 0;
}

$number = getphonenumber($userid);
logresult($number, $message);
}
$db->conn->commit();
$db->commit();
echo $json;
exit;
}
Expand Down Expand Up @@ -204,7 +204,7 @@ function where($userId, $bike)
function addnote($userId, $bikeNum, $message)
{
global $db;
$userNote = $db->conn->real_escape_string(trim($message));
$userNote = $db->escape(trim($message));

$result = $db->query("SELECT userName,number from users where userId='$userId'");
$row = $result->fetch_assoc();
Expand All @@ -219,7 +219,7 @@ function addnote($userId, $bikeNum, $message)
$bikeStatus = _('used by') . ' ' . $userName . ' +' . $phone;
}
$db->query("INSERT INTO notes SET bikeNum='$bikeNum',userId='$userId',note='$userNote'");
$noteid = $db->conn->insert_id;
$noteid = $db->getLastInsertId();
notifyAdmins(_('Note #') . $noteid . ': b.' . $bikeNum . ' (' . $bikeStatus . ') ' . _('by') . ' ' . $userName . '/' . $phone . ':' . $userNote);
}

Expand All @@ -228,7 +228,7 @@ function listbikes($stand)
global $db, $forcestack;

$stacktopbike = false;
$stand = $db->conn->real_escape_string($stand);
$stand = $db->escape($stand);
if ($forcestack) {
$result = $db->query("SELECT standId FROM stands WHERE standName='$stand'");
$row = $result->fetch_assoc();
Expand Down Expand Up @@ -437,14 +437,14 @@ function register($number, $code, $checkcode, $fullname, $email, $password, $pas
{
global $db, $dbpassword, $countrycode, $systemURL;

$number = $db->conn->real_escape_string(trim($number));
$code = $db->conn->real_escape_string(trim($code));
$checkcode = $db->conn->real_escape_string(trim($checkcode));
$fullname = $db->conn->real_escape_string(trim($fullname));
$email = $db->conn->real_escape_string(trim($email));
$password = $db->conn->real_escape_string(trim($password));
$password2 = $db->conn->real_escape_string(trim($password2));
$existing = $db->conn->real_escape_string(trim($existing));
$number = $db->escape(trim($number));
$code = $db->escape(trim($code));
$checkcode = $db->escape(trim($checkcode));
$fullname = $db->escape(trim($fullname));
$email = $db->escape(trim($email));
$password = $db->escape(trim($password));
$password2 = $db->escape(trim($password2));
$existing = $db->escape(trim($existing));
$parametercheck = $number . ';' . str_replace(' ', '', $code) . ';' . $checkcode;
if ($password != $password2) {
response(_('Password do not match. Please correct and try again.'), ERROR);
Expand All @@ -454,7 +454,7 @@ function register($number, $code, $checkcode, $fullname, $email, $password, $pas
if ($result->num_rows == 1) {
if (!$existing) { // new user registration
$result = $db->query("INSERT INTO users SET userName='$fullname',password=SHA2('$password',512),mail='$email',number='$number',privileges=0");
$userId = $db->conn->insert_id;
$userId = $db->getLastInsertId();
sendConfirmationEmail($email);
response(_('You have been successfully registered. Please, check your email and read the instructions to finish your registration.'));
} else { // existing user, password change
Expand All @@ -469,7 +469,7 @@ function register($number, $code, $checkcode, $fullname, $email, $password, $pas
}
} else { // SMS system disabled
$result = $db->query("INSERT INTO users SET userName='$fullname',password=SHA2('$password',512),mail='$email',number='',privileges=0");
$userId = $db->conn->insert_id;
$userId = $db->getLastInsertId();
$result = $db->query("UPDATE users SET number='$userId' WHERE userId='$userId'");
sendConfirmationEmail($email);
response(_('You have been successfully registered. Please, check your email and read the instructions to finish your registration. Your number for login is:') . ' ' . $userId);
Expand All @@ -480,8 +480,8 @@ function login($number, $password)
{
global $db, $systemURL, $countrycode;

$number = $db->conn->real_escape_string(trim($number));
$password = $db->conn->real_escape_string(trim($password));
$number = $db->escape(trim($number));
$password = $db->escape(trim($password));
$number = str_replace(' ', '', $number);
$number = str_replace('-', '', $number);
$number = str_replace('/', '', $number);
Expand All @@ -497,7 +497,7 @@ function login($number, $password)
$timeStamp = time() + 86400 * 14; // 14 days to keep user logged in
$result = $db->query("DELETE FROM sessions WHERE userId='$userId'");
$result = $db->query("INSERT INTO sessions SET userId='$userId',sessionId='$sessionId',timeStamp='$timeStamp'");
$db->conn->commit();
$db->commit();
setcookie('loguserid', $userId, time() + 86400 * 14);
setcookie('logsession', $sessionId, time() + 86400 * 14);
header('HTTP/1.1 302 Found');
Expand All @@ -516,10 +516,10 @@ function logout()
{
global $db, $systemURL;
if (isset($_COOKIE['loguserid']) and isset($_COOKIE['logsession'])) {
$userid = $db->conn->real_escape_string(trim($_COOKIE['loguserid']));
$session = $db->conn->real_escape_string(trim($_COOKIE['logsession']));
$userid = $db->escape(trim($_COOKIE['loguserid']));
$session = $db->escape(trim($_COOKIE['logsession']));
$result = $db->query("DELETE FROM sessions WHERE userId='$userid'");
$db->conn->commit();
$db->commit();
}
header('HTTP/1.1 302 Found');
header('Location: ' . $systemURL);
Expand All @@ -543,7 +543,7 @@ function smscode($number)
srand();

$number = normalizephonenumber($number);
$number = $db->conn->real_escape_string($number);
$number = $db->escape($number);
$userexists = 0;
$result = $db->query("SELECT userId FROM users WHERE number='$number'");
if ($result->num_rows) {
Expand All @@ -559,7 +559,7 @@ function smscode($number)
$text = _('Enter this code to change password:') . ' ' . $smscode;
}

$text = $db->conn->real_escape_string($text);
$text = $db->escape($text);

if (!issmssystemenabled()) {
$result = $db->query("INSERT INTO sent SET number='$number',text='$text'");
Expand Down Expand Up @@ -742,7 +742,7 @@ function resetpassword($number)
{
global $db, $mailer, $systemname, $systemrules, $systemURL;

$number = $db->conn->real_escape_string(trim($number));
$number = $db->escape(trim($number));

$result = $db->query("SELECT mail,userName FROM users WHERE number='$number'");
if (!$result->num_rows) {
Expand Down

0 comments on commit 7113bb6

Please sign in to comment.