Skip to content

Commit

Permalink
Database as new class with interface (#169)
Browse files Browse the repository at this point in the history
* Database as new class with interface
  • Loading branch information
sveneld authored Feb 28, 2024
1 parent 61ae30a commit 7baec5f
Show file tree
Hide file tree
Showing 18 changed files with 457 additions and 143 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ RUN sed -i '/security.debian.org/d' /etc/apt/sources.list \
RUN echo "deb http://archive.debian.org/debian/ stretch main" > /etc/apt/sources.list \
&& echo "deb http://archive.debian.org/debian-security stretch/updates main" >> /etc/apt/sources.list

RUN apt-get update && apt-get install -y zlib1g-dev libicu-dev g++ wget git
RUN apt-get update && apt-get install -y zlib1g-dev libicu-dev g++ wget git zip

RUN wget --no-check-certificate https://pecl.php.net/get/xdebug-2.5.5.tgz \
&& pecl install --offline ./xdebug-2.5.5.tgz \
Expand Down
85 changes: 46 additions & 39 deletions actions-sms.php
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
<?php

use BikeShare\Db\DbInterface;
use BikeShare\Db\MysqliDb;

require_once 'vendor/autoload.php';
require("common.php");

function help($number)
Expand Down Expand Up @@ -320,7 +325,7 @@ function returnBike($number,$bike,$stand,$message="",$force=FALSE)
{
$userNote="";
}
else $userNote=$db->conn->real_escape_string(trim($matches[1]));
else $userNote=$db->escape(trim($matches[1]));

$result=$db->query("UPDATE bikes SET currentUser=NULL,currentStand=$standId WHERE bikeNum=$bikeNum");
if ($userNote)
Expand Down Expand Up @@ -509,28 +514,30 @@ function freeBikes($number)

function log_sms($sms_uuid, $sender, $receive_time, $sms_text, $ip)
{
global $dbserver,$dbuser,$dbpassword,$dbname;
$localdb=new Database($dbserver,$dbuser,$dbpassword,$dbname);
$localdb->connect();
$localdb->conn->autocommit(TRUE);

$sms_uuid =$localdb->conn->real_escape_string($sms_uuid);
$sender =$localdb->conn->real_escape_string($sender);
$receive_time =$localdb->conn->real_escape_string($receive_time);
$sms_text =$localdb->conn->real_escape_string($sms_text);
$ip =$localdb->conn->real_escape_string($ip);

$result =$localdb->query("SELECT sms_uuid FROM received WHERE sms_uuid='$sms_uuid'");
if (DEBUG===FALSE AND $result->num_rows>=1) // sms already exists in DB, possible problem
{
notifyAdmins(_('Problem with SMS')." $sms_uuid!",1);
return FALSE;
}
else
{
$result =$localdb->query("INSERT INTO received SET sms_uuid='$sms_uuid',sender='$sender',receive_time='$receive_time',sms_text='$sms_text',ip='$ip'");
}

global $dbserver, $dbuser, $dbpassword, $dbname;
/**
* @var DbInterface
*/
$localdb = new MysqliDb($dbserver, $dbuser, $dbpassword, $dbname);
$localdb->connect();

#TODO does it needed???
$localdb->setAutocommit(true);

$sms_uuid = $localdb->escape($sms_uuid);
$sender = $localdb->escape($sender);
$receive_time = $localdb->escape($receive_time);
$sms_text = $localdb->escape($sms_text);
$ip = $localdb->escape($ip);

$result = $localdb->query("SELECT sms_uuid FROM received WHERE sms_uuid='$sms_uuid'");
if (DEBUG === FALSE and $result->num_rows >= 1) {
// sms already exists in DB, possible problem
notifyAdmins(_('Problem with SMS') . " $sms_uuid!", 1);
return FALSE;
} else {
$result = $localdb->query("INSERT INTO received SET sms_uuid='$sms_uuid',sender='$sender',receive_time='$receive_time',sms_text='$sms_text',ip='$ip'");
}
}


Expand All @@ -554,7 +561,7 @@ function delnote($number,$bikeNum,$message)
}
else
{
sendSMS($number,_('Error in bike number / stand name specification:'.$db->conn->real_escape_string($bikeNum)));
sendSMS($number,_('Error in bike number / stand name specification:'.$db->escape($bikeNum)));
return;
}

Expand Down Expand Up @@ -587,15 +594,15 @@ function delnote($number,$bikeNum,$message)
$reportedBy=$row["userName"];

$matches=explode(" ",$message,3);
$userNote=$db->conn->real_escape_string(trim($matches[2]));
$userNote=$db->escape(trim($matches[2]));

if($userNote=='')
{
$userNote='%';
}

$result=$db->query("UPDATE notes SET deleted=NOW() where bikeNum=$bikeNum and deleted is null and note like '%$userNote%'");
$count = $db->conn->affected_rows;
$count = $db->getAffectedRows();

if($count == 0)
{
Expand Down Expand Up @@ -647,15 +654,15 @@ function untag($number,$standName,$message)


$matches=explode(" ",$message,3);
$userNote=$db->conn->real_escape_string(trim($matches[2]));
$userNote=$db->escape(trim($matches[2]));

if($userNote=='')
{
$userNote='%';
}

$result=$db->query("update notes join bikes on notes.bikeNum = bikes.bikeNum set deleted=now() where bikes.currentStand='$standId' and note like '%$userNote%' and deleted is null");
$count = $db->conn->affected_rows;
$count = $db->getAffectedRows();

if($count == 0)
{
Expand Down Expand Up @@ -706,15 +713,15 @@ function delstandnote($number,$standName,$message)


$matches=explode(" ",$message,3);
$userNote=$db->conn->real_escape_string(trim($matches[2]));
$userNote=$db->escape(trim($matches[2]));

if($userNote=='')
{
$userNote='%';
}

$result=$db->query("UPDATE notes SET deleted=NOW() where standId=$standId and deleted is null and note like '%$userNote%'");
$count = $db->conn->affected_rows;
$count = $db->getAffectedRows();

if($count == 0)
{
Expand Down Expand Up @@ -765,7 +772,7 @@ function standNote($number,$standName,$message)


$matches=explode(" ",$message,3);
$userNote=$db->conn->real_escape_string(trim($matches[2]));
$userNote=$db->escape(trim($matches[2]));

if ($userNote=="") //deletemmm
{
Expand All @@ -781,7 +788,7 @@ function standNote($number,$standName,$message)
else
{
$db->query("INSERT INTO notes SET standId='$standId',userId='$userId',note='$userNote'");
$noteid=$db->conn->insert_id;
$noteid=$db->getLastInsertId();
sendSMS($number,_('Note for stand')." ".$standName." "._('saved').".");
notifyAdmins(_('Note #').$noteid.": "._("on stand")." ".$standName." "._('by')." ".$reportedBy." (".$number."):".$userNote);
}
Expand Down Expand Up @@ -813,7 +820,7 @@ function tag($number,$standName,$message)


$matches=explode(" ",$message,3);
$userNote=$db->conn->real_escape_string(trim($matches[2]));
$userNote=$db->escape(trim($matches[2]));

if ($userNote=="") //deletemmm
{
Expand All @@ -829,7 +836,7 @@ function tag($number,$standName,$message)
else
{
$db->query("INSERT INTO notes (bikeNum,userId,note) SELECT bikeNum,'$userId','$userNote' FROM bikes where currentStand='$standId'");
//$noteid=$db->conn->insert_id;
//$noteid=$db->getLastInsertId();
sendSMS($number,_('All bikes on stand')." ".$standName." "._('tagged').".");
notifyAdmins(_('All bikes on stand')." "."$standName".' '._('tagged by')." ".$reportedBy." (".$number.")". _("with note:").$userNote);
}
Expand All @@ -855,7 +862,7 @@ function note($number,$bikeNum,$message)
}
else
{
sendSMS($number,_('Error in bike number / stand name specification:'.$db->conn->real_escape_string($bikeNum)));
sendSMS($number,_('Error in bike number / stand name specification:'.$db->escape($bikeNum)));
return;
}

Expand Down Expand Up @@ -892,7 +899,7 @@ function note($number,$bikeNum,$message)
else
{
$matches=explode(" ",$message,3);
$userNote=$db->conn->real_escape_string(trim($matches[2]));
$userNote=$db->escape(trim($matches[2]));
}

if ($userNote=="")
Expand All @@ -911,7 +918,7 @@ function note($number,$bikeNum,$message)
else
{
$db->query("INSERT INTO notes SET bikeNum='$bikeNum',userId='$userId',note='$userNote'");
$noteid=$db->conn->insert_id;
$noteid=$db->getLastInsertId();
sendSMS($number,_('Note for bike')." ".$bikeNum." "._('saved').".");
notifyAdmins(_('Note #').$noteid.": b.".$bikeNum." (".$bikeStatus.") "._('by')." ".$reportedBy." (".$number."):".$userNote);
}
Expand Down Expand Up @@ -1028,8 +1035,8 @@ function add($number,$email,$phone,$message)
sendSMS($number,_('Contact information is in incorrect format. Use:')." ADD king@earth.com 0901456789 Martin Luther King Jr.");
return;
}
$userName=$db->conn->real_escape_string(trim($matches[2]));
$email=$db->conn->real_escape_string(trim($matches[1]));
$userName=$db->escape(trim($matches[2]));
$email=$db->escape(trim($matches[1]));

$result=$db->query("INSERT into users SET userName='$userName',number=$phone,mail='$email'");

Expand Down
13 changes: 10 additions & 3 deletions admin.php
Original file line number Diff line number Diff line change
@@ -1,15 +1,22 @@
<?php

use BikeShare\Db\DbInterface;
use BikeShare\Db\MysqliDb;

require_once 'vendor/autoload.php';
require("config.php");
require("db.class.php");
require('actions-web.php');

$db=new Database($dbserver,$dbuser,$dbpassword,$dbname);
/**
* @var DbInterface
*/
$db=new MysqliDb($dbserver,$dbuser,$dbpassword,$dbname);
$db->connect();

checksession();

if (isset($_COOKIE["loguserid"])) {
$userid = $db->conn->real_escape_string(trim($_COOKIE["loguserid"]));
$userid = $db->escape(trim($_COOKIE["loguserid"]));
} else {
$userid = 0;
}
Expand Down
11 changes: 9 additions & 2 deletions agree.php
Original file line number Diff line number Diff line change
@@ -1,9 +1,16 @@
<?php

use BikeShare\Db\DbInterface;
use BikeShare\Db\MysqliDb;

require_once 'vendor/autoload.php';
require("config.php");
require("db.class.php");
require('actions-web.php');

$db=new Database($dbserver,$dbuser,$dbpassword,$dbname);
/**
* @var DbInterface
*/
$db=new MysqliDb($dbserver,$dbuser,$dbpassword,$dbname);
$db->connect();
?>
<!DOCTYPE html>
Expand Down
15 changes: 11 additions & 4 deletions command.php
Original file line number Diff line number Diff line change
@@ -1,19 +1,26 @@
<?php

use BikeShare\Db\DbInterface;
use BikeShare\Db\MysqliDb;

require_once 'vendor/autoload.php';
require("config.php");
require("db.class.php");
require('actions-web.php');

$db=new Database($dbserver,$dbuser,$dbpassword,$dbname);
/**
* @var DbInterface
*/
$db=new MysqliDb($dbserver,$dbuser,$dbpassword,$dbname);
$db->connect();

if (isset($_COOKIE["loguserid"])) {
$userid = $db->conn->real_escape_string(trim($_COOKIE["loguserid"]));
$userid = $db->escape(trim($_COOKIE["loguserid"]));
} else {
$userid = 0;
}

if (isset($_COOKIE["logsession"])) {
$session = $db->conn->real_escape_string(trim($_COOKIE["logsession"]));
$session = $db->escape(trim($_COOKIE["logsession"]));
} else {
$session = '';
}
Expand Down
Loading

0 comments on commit 7baec5f

Please sign in to comment.