2014-02-14 16:02:59 +01:00
< ? php
2014-02-17 21:30:36 +01:00
@ ( require_once ( 'config.php' ));
include ( 'version.php' );
2014-11-08 16:10:31 +01:00
$debug = 0 ; // Set to 1 in order to enable debug mode (shows sensitive database info), use for troubleshooting
2014-02-17 21:30:36 +01:00
$footer = " © Copyright 2014 $wsn . Powered by <a href='http://github.com/cydrobolt/polr'>Polr</a> ver $version build $reldate " ;
2014-11-19 02:15:20 +01:00
$hidefooter = true ; // Let's hide this for now
2014-02-14 16:02:59 +01:00
//connect to mysql with $mysqli variable
2014-11-20 22:47:06 +01:00
$mysqli = new mysqli ( $host , $user , $passwd , $db ) ;
if ( $mysqli -> connect_errno ) {
echo " Database error. If you are a member of the general public, contact an administrator to solve this issue.
If you are the administrator of this website , please make sure your database is turned on and that credentials are correct . " ;
die ();
2014-11-20 22:25:06 +01:00
}
2014-11-08 00:14:21 +01:00
// Attempt to set Charset as UTF8 to avoid real_escape_string vulnerabilities
if ( ! $mysqli -> set_charset ( " utf8 " )) {
$insecure = TRUE ;
} else {
$insecure = FALSE ;
}
2014-02-14 16:02:59 +01:00
2014-06-21 15:27:18 +02:00
function autoloader ( $class ) {
include $class . '.php' ;
}
2014-02-14 16:02:59 +01:00
2014-06-21 15:27:18 +02:00
spl_autoload_register ( 'autoloader' );
session_start ();
function sqlex ( $table , $rowf , $where , $wval ) {
global $mysqli ; //Import var into function
2014-02-14 16:02:59 +01:00
//Sanitize strings
2014-06-21 15:27:18 +02:00
$rowfs = $mysqli -> real_escape_string ( $rowf );
$tables = $mysqli -> real_escape_string ( $table );
$wheres = $mysqli -> real_escape_string ( $where );
$wvals = $mysqli -> real_escape_string ( $wval );
2014-11-08 22:13:25 +01:00
$q2p = " SELECT { $rowfs } FROM { $tables } WHERE { $wheres } =? " ;
2014-11-08 21:11:03 +01:00
$stmt = $mysqli -> prepare ( $q2p );
2014-11-08 22:13:25 +01:00
$stmt -> bind_param ( 's' , $wvals );
2014-11-08 21:11:03 +01:00
$stmt -> execute ();
$result = $stmt -> get_result ();
2014-06-21 15:27:18 +02:00
$numrows = $result -> num_rows ;
if ( ! $numrows ) {
return false ;
} else {
return true ;
}
2014-02-14 16:02:59 +01:00
}
2014-11-08 21:11:03 +01:00
function sqlfetch ( $table , $rowf , $where , $wval ) {
global $mysqli ;
$rowfs = $mysqli -> real_escape_string ( $rowf );
$tables = $mysqli -> real_escape_string ( $table );
$wheres = $mysqli -> real_escape_string ( $where );
$wvals = $mysqli -> real_escape_string ( $wval );
//$query = "SELECT $rowfs FROM $tables WHERE $wheres='$wvals'";
2014-11-08 22:13:25 +01:00
$q2p = " SELECT { $rowfs } FROM { $tables } WHERE { $wheres } =? " ;
2014-11-08 21:11:03 +01:00
$stmt = $mysqli -> prepare ( $q2p );
2014-11-08 22:13:25 +01:00
$stmt -> bind_param ( 's' , $wvals );
2014-11-08 21:11:03 +01:00
$stmt -> execute ();
$result = $stmt -> get_result ();
$row = mysqli_fetch_assoc ( $result );
return $row [ $rowf ];
}
2014-06-21 15:27:18 +02:00
2014-11-08 21:43:11 +01:00
//SQL Functions
//Sanitize input when using sqlrun!
function sqlrun ( $query ) {
global $mysqli ;
$queryrs = $query ;
2014-11-08 22:13:25 +01:00
$resultrs = $mysqli -> query ( $queryrs ) or ( $err = $mysqli -> error );
if ( strstr ( $err , " already exists " )) {
echo " <br />Could not create tables because the database already has Polr tables (perhaps from a previous installation?). Delete the existing Polr table and try again. You can also export the database and restore it after installation, however, the old database may not be compatible. " ;
die ();
}
2014-11-08 21:43:11 +01:00
return true ;
}
2014-06-21 15:27:18 +02:00
function showerror () {
//Show an error, and die. If Debug is on, show SQL error message
global $debug ;
global $mysqli ;
2014-11-08 21:11:03 +01:00
echo " There seems to be a problem. Contact an administrator to report this issue. " ;
2014-06-21 15:27:18 +02:00
if ( $debug == 1 ) {
echo " <br>Error:<br> " ;
echo $mysqli -> error ;
}
die ();
2014-02-14 16:02:59 +01:00
}
2014-06-21 15:27:18 +02:00
function filterurl ( $url ) {
if ( ! filter_var ( $url , FILTER_VALIDATE_URL , FILTER_FLAG_HOST_REQUIRED )) {
2014-02-14 16:02:59 +01:00
return false ;
2014-06-21 15:27:18 +02:00
} else {
return true ;
2014-02-14 16:02:59 +01:00
}
2014-06-21 15:27:18 +02:00
}
function filteremail ( $email ) {
// Validate an email
if ( ! filter_var ( $email , FILTER_VALIDATE_EMAIL )) {
return false ;
} else {
2014-02-14 16:02:59 +01:00
return true ;
}
}