1
0
mirror of https://github.com/cydrobolt/polr.git synced 2024-11-14 14:12:29 +01:00
polr/req.php

102 lines
3.1 KiB
PHP
Raw Normal View History

<?php
2014-02-17 21:30:36 +01:00
@(require_once('config.php'));
include('version.php');
2014-11-08 16:10:31 +01:00
$debug = 0; // Set to 1 in order to enable debug mode (shows sensitive database info), use for troubleshooting
2014-02-17 21:30:36 +01:00
$footer = "&copy; Copyright 2014 $wsn. Powered by <a href='http://github.com/cydrobolt/polr'>Polr</a> ver $version build $reldate";
//connect to mysql with $mysqli variable
$mysqli = new mysqli($host, $user, $passwd, $db) or $wp = 1; //If cannot connect, then set var $wp to 1
2014-11-08 00:14:21 +01:00
// Attempt to set Charset as UTF8 to avoid real_escape_string vulnerabilities
if (!$mysqli->set_charset("utf8")) {
$insecure = TRUE;
} else {
$insecure = FALSE;
}
function autoloader($class) {
include $class . '.php';
}
spl_autoload_register('autoloader');
session_start();
function sqlex($table, $rowf, $where, $wval) {
global $mysqli; //Import var into function
//Sanitize strings
$rowfs = $mysqli->real_escape_string($rowf);
$tables = $mysqli->real_escape_string($table);
$wheres = $mysqli->real_escape_string($where);
$wvals = $mysqli->real_escape_string($wval);
2014-11-08 22:13:25 +01:00
$q2p = "SELECT {$rowfs} FROM {$tables} WHERE {$wheres}=?";
$stmt = $mysqli->prepare($q2p);
2014-11-08 22:13:25 +01:00
$stmt->bind_param('s', $wvals);
$stmt->execute();
$result = $stmt->get_result();
$numrows = $result->num_rows;
if (!$numrows) {
return false;
} else {
return true;
}
}
function sqlfetch($table, $rowf, $where, $wval) {
global $mysqli;
$rowfs = $mysqli->real_escape_string($rowf);
$tables = $mysqli->real_escape_string($table);
$wheres = $mysqli->real_escape_string($where);
$wvals = $mysqli->real_escape_string($wval);
//$query = "SELECT $rowfs FROM $tables WHERE $wheres='$wvals'";
2014-11-08 22:13:25 +01:00
$q2p = "SELECT {$rowfs} FROM {$tables} WHERE {$wheres}=?";
$stmt = $mysqli->prepare($q2p);
2014-11-08 22:13:25 +01:00
$stmt->bind_param('s', $wvals);
$stmt->execute();
$result = $stmt->get_result();
$row = mysqli_fetch_assoc($result);
return $row[$rowf];
}
2014-11-08 21:43:11 +01:00
//SQL Functions
//Sanitize input when using sqlrun!
function sqlrun($query) {
global $mysqli;
$queryrs = $query;
2014-11-08 22:13:25 +01:00
$resultrs = $mysqli->query($queryrs) or ($err = $mysqli->error);
if (strstr($err, "already exists")) {
echo "<br />Could not create tables because the database already has Polr tables (perhaps from a previous installation?). Delete the existing Polr table and try again. You can also export the database and restore it after installation, however, the old database may not be compatible. ";
die();
}
2014-11-08 21:43:11 +01:00
return true;
}
function showerror() {
//Show an error, and die. If Debug is on, show SQL error message
global $debug;
global $mysqli;
echo "There seems to be a problem. Contact an administrator to report this issue.";
if ($debug == 1) {
echo "<br>Error:<br>";
echo $mysqli->error;
}
die();
}
function filterurl($url) {
if (!filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_HOST_REQUIRED)) {
return false;
} else {
return true;
}
}
function filteremail($email) {
// Validate an email
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
return false;
} else {
return true;
}
}