1
0
mirror of https://github.com/cydrobolt/polr.git synced 2024-11-12 21:22:28 +01:00
polr/lib-core.php
2015-09-16 19:27:02 -04:00

121 lines
3.5 KiB
PHP

<?php
/*
# Copyright (C) 2013-2015 Chaoyi Zha
# Polr is an open-source project licensed under the GPL.
# The above copyright notice and the following license are applicable to
# the entire project, unless explicitly defined otherwise.
# http://github.com/cydrobolt/polr
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or (at
# your option) any later version.
# See http://www.gnu.org/copyleft/gpl.html for the full text of the
# license.
#
*/
@(require_once('config.php'));
include('version.php');
// set to 1 in order to enable debug mode (shows sensitive database info), use for troubleshooting
$debug = 0;
// connect to mysql trhough the $mysqli variable
$mysqli = new mysqli($host, $user, $passwd, $db);
if ($mysqli->connect_errno) {
echo "Database error. If you are a member of the general public, contact an administrator to solve this issue.
If you are the administrator of this website, please make sure your database is turned on and that credentials are correct.";
die();
}
// attempt to set Charset as UTF8 to avoid real_escape_string vulnerabilities
if (!$mysqli->set_charset("utf8")) {
$insecure = true;
} else {
$insecure = false;
}
function autoloader($class) {
include $class . '.php';
}
spl_autoload_register('autoloader');
session_start();
function sqlex($table, $rowf, $where, $wval) {
global $mysqli;
$rowfs = $mysqli->real_escape_string($rowf);
$tables = $mysqli->real_escape_string($table);
$wheres = $mysqli->real_escape_string($where);
$q2p = "SELECT {$rowfs} FROM {$tables} WHERE {$wheres}=?";
$stmt = $mysqli->prepare($q2p);
$stmt->bind_param('s', $wval);
$stmt->execute();
$result = $stmt->get_result();
$numrows = $result->num_rows;
if (!$numrows) {
return false;
} else {
return true;
}
}
function sqlfetch($table, $rowf, $where, $wval) {
global $mysqli;
$rowfs = $mysqli->real_escape_string($rowf);
$tables = $mysqli->real_escape_string($table);
$wheres = $mysqli->real_escape_string($where);
$q2p = "SELECT {$rowfs} FROM {$tables} WHERE {$wheres}=?";
$stmt = $mysqli->prepare($q2p);
$stmt->bind_param('s', $wval);
$stmt->execute();
$result = $stmt->get_result();
$row = mysqli_fetch_assoc($result);
return $row[$rowf];
}
// sanitize input when using sqlrun!
function sqlrun($query) {
global $mysqli;
$queryrs = $query;
$resultrs = $mysqli->query($queryrs) or ($err = $mysqli->error);
if (strstr($err, "already exists")) {
echo "<br />Could not create tables because the database already has Polr tables (perhaps from a previous installation?). If you wanted a clean install, delete the existing Polr table and try again. Otherwise, your existing database may be used. ";
die();
}
return true;
}
function showerror() {
// show an error and die. If `debug` is on, show SQL error message
global $debug;
global $mysqli;
echo "There seems to be a problem. Contact an administrator to report this issue.";
if ($debug == 1) {
echo "<br>Error:<br>";
echo $mysqli->error;
}
die();
}
function filterurl($url) {
if (!filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_HOST_REQUIRED)) {
return false;
} else {
return true;
}
}
function filteremail($email) {
// validate an email
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
return false;
} else {
return true;
}
}