From 4f6ed4e3c8f93ca4b86e65a281094e8af02d7ebd Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Wed, 4 May 2005 06:09:25 +0000 Subject: [PATCH] r66: Moving all DB stuff to be handled by ISSO. Working with our one big $bugsys class instead of a $env and a $bugsys --- admin/options.php | 6 +- admin/priority.php | 14 +- admin/product.php | 34 ++-- admin/resolution.php | 14 +- admin/severity.php | 14 +- admin/status.php | 14 +- admin/usergroup.php | 20 +- docs/lang_file_to_db.php | 2 +- docs/phrasetools.php | 18 +- docs/update_bug_table_cache.php | 6 +- editcomment.php | 6 +- editreport.php | 4 +- includes/config.php.new | 7 + includes/functions.php | 173 +---------------- includes/functions_datastore.php | 88 ++++----- includes/functions_template.php | 8 +- includes/init.php | 317 ++++++++++++++----------------- index.php | 6 +- login.php | 2 +- newcomment.php | 6 +- newreport.php | 10 +- register.php | 14 +- search.php | 8 +- showreport.php | 6 +- 24 files changed, 307 insertions(+), 490 deletions(-) diff --git a/admin/options.php b/admin/options.php index 57edd01..dbbf728 100755 --- a/admin/options.php +++ b/admin/options.php @@ -34,7 +34,7 @@ if ($_POST['do'] == 'update') foreach ($settings AS $varname => $value) { - $DB_sql->query("REPLACE INTO " . TABLE_PREFIX . "setting (varname, value) VALUES ('" . addslasheslike(trim($varname)) . "', '" . addslasheslike(trim($value)) . "')"); + $db->query("REPLACE INTO " . TABLE_PREFIX . "setting (varname, value) VALUES ('" . addslasheslike(trim($varname)) . "', '" . addslasheslike(trim($value)) . "')"); } build_settings(); @@ -50,8 +50,8 @@ if ($_REQUEST['do'] == 'modify') $admin->form_start('options.php', 'update'); - $settings = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "setting "); - while ($setting = $DB_sql->fetch_array($settings)) + $settings = $db->query("SELECT * FROM " . TABLE_PREFIX . "setting "); + while ($setting = $db->fetch_array($settings)) { $options["$setting[varname]"] = $setting['value']; } diff --git a/admin/priority.php b/admin/priority.php index 9985b8d..c26be9e 100755 --- a/admin/priority.php +++ b/admin/priority.php @@ -30,7 +30,7 @@ if (empty($_REQUEST['do'])) if ($_REQUEST['do'] == 'kill') { sanitize(array('priorityid' => INT)); - $DB_sql->query("DELETE FROM " . TABLE_PREFIX . "priority WHERE priorityid = $vars[priorityid]"); + $db->query("DELETE FROM " . TABLE_PREFIX . "priority WHERE priorityid = $vars[priorityid]"); build_priorities(); $admin->redirect('priority.php?do=modify'); } @@ -48,7 +48,7 @@ if ($_REQUEST['do'] == 'delete') if ($_POST['do'] == 'insert') { sanitize(array('priority' => STR, 'displayorder' => INT)); - $DB_sql->query("INSERT INTO " . TABLE_PREFIX . "priority (priority, displayorder) VALUES ('" . addslasheslike($vars['priority']) . "', $vars[displayorder])"); + $db->query("INSERT INTO " . TABLE_PREFIX . "priority (priority, displayorder) VALUES ('" . addslasheslike($vars['priority']) . "', $vars[displayorder])"); build_priorities(); $admin->redirect('priority.php?do=modify'); } @@ -76,7 +76,7 @@ if ($_REQUEST['do'] == 'add') if ($_POST['do'] == 'update') { sanitize(array('priorityid' => INT, 'priority' => STR, 'displayorder' => INT)); - $DB_sql->query("UPDATE " . TABLE_PREFIX . "priority SET priority = '" . addslasheslike($vars['priority']) . "', displayorder = $vars[displayorder] WHERE priorityid = $vars[priorityid]"); + $db->query("UPDATE " . TABLE_PREFIX . "priority SET priority = '" . addslasheslike($vars['priority']) . "', displayorder = $vars[displayorder] WHERE priorityid = $vars[priorityid]"); build_priorities(); $admin->redirect('priority.php?do=modify'); } @@ -87,7 +87,7 @@ if ($_REQUEST['do'] == 'edit') { sanitize(array('priorityid' => INT)); - $priority = $DB_sql->query_first("SELECT * FROM " . TABLE_PREFIX . "priority WHERE priorityid = $vars[priorityid]"); + $priority = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "priority WHERE priorityid = $vars[priorityid]"); if (!is_array($priority)) { $admin->error('-1'); @@ -114,17 +114,17 @@ if ($_REQUEST['do'] == 'modify') { $admin->page_start(phrase('priority_manager')); - $priorities = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "priority ORDER BY displayorder"); + $priorities = $db->query("SELECT * FROM " . TABLE_PREFIX . "priority ORDER BY displayorder"); $admin->form_start('priority.php', 'null'); $admin->table_start(); $admin->table_head(phrase('priority_manager')); - while ($priority = $DB_sql->fetch_array($priorities)) + while ($priority = $db->fetch_array($priorities)) { $admin->row_text("$priority[displayorder]: $priority[priority]", "(priorityid: $priority[priorityid]) " . phrase('edit_wraplink') . " " . phrase('delete_wraplink') . ""); } - $DB_sql->free_result($priorityes); + $db->free_result($priorityes); $admin->row_span('', 'tfoot', 'center', 3); $admin->table_end(); diff --git a/admin/product.php b/admin/product.php index d0e73f4..b5a28a1 100755 --- a/admin/product.php +++ b/admin/product.php @@ -66,7 +66,7 @@ if ($_REQUEST['do'] == 'killversion') { sanitize(array('versionid' => INT)); - $DB_sql->query("DELETE FROM " . TABLE_PREFIX . "version WHERE versionid = $vars[versionid]"); + $db->query("DELETE FROM " . TABLE_PREFIX . "version WHERE versionid = $vars[versionid]"); // #*# figure out what we do with bugs build_versions(); @@ -87,7 +87,7 @@ if ($_REQUEST['do'] == 'deleteversion') if ($_REQUEST['do'] == 'insertversion') { sanitize(array('productid' => INT, 'version' => STR, 'displayorder' => INT)); - $DB_sql->query("INSERT INTO " . TABLE_PREFIX . "version (productid, version, displayorder) VALUES ($vars[productid], '" . addslasheslike($vars['version']) . "', $vars[displayorder])"); + $db->query("INSERT INTO " . TABLE_PREFIX . "version (productid, version, displayorder) VALUES ($vars[productid], '" . addslasheslike($vars['version']) . "', $vars[displayorder])"); build_versions(); $admin->redirect('product.php?do=modify'); } @@ -102,7 +102,7 @@ if ($_REQUEST['do'] == 'addversion') if ($vars['productid'] != -1) { - $product = $DB_sql->query_first("SELECT * FROM " . TABLE_PREFIX . "product WHERE productid = $vars[productid]"); + $product = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "product WHERE productid = $vars[productid]"); if (!is_array($product)) { $admin->error('-1'); @@ -137,7 +137,7 @@ if ($_REQUEST['do'] == 'updateversion') $admin->error(phrase('fill_in_version_number')); } - $DB_sql->query("UPDATE " . TABLE_PREFIX . "version SET version = '" . addslasheslike($vars['version']) . "', displayorder = $vars[displayorder] WHERE versionid = $vars[versionid]"); + $db->query("UPDATE " . TABLE_PREFIX . "version SET version = '" . addslasheslike($vars['version']) . "', displayorder = $vars[displayorder] WHERE versionid = $vars[versionid]"); build_versions(); $admin->redirect('product.php?do=modify'); @@ -151,7 +151,7 @@ if ($_REQUEST['do'] == 'editversion') $admin->page_start(phrase('edit_version')); - $version = $DB_sql->query_first("SELECT * FROM " . TABLE_PREFIX . "version WHERE versionid = $vars[versionid]"); + $version = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "version WHERE versionid = $vars[versionid]"); if (!is_array($version)) { $admin->error('-1'); @@ -176,14 +176,14 @@ if ($_REQUEST['do'] == 'killproduct') { sanitize(array('productid' => INT)); - $allprods = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "product WHERE productid = $vars[productid] OR componentmother = $vars[productid]"); - while ($prod = $DB_sql->fetch_array($allprods)) + $allprods = $db->query("SELECT * FROM " . TABLE_PREFIX . "product WHERE productid = $vars[productid] OR componentmother = $vars[productid]"); + while ($prod = $db->fetch_array($allprods)) { $list[] = $prod['productid']; } - $DB_sql->query("DELETE FROM " . TABLE_PREFIX . "product WHERE productid IN (" . implode(', ', $list) . ")"); - $DB_sql->query("DELETE FROM " . TABLE_PREFIX . "version WHERE productid IN (" . implode(', ', $list) . ")"); + $db->query("DELETE FROM " . TABLE_PREFIX . "product WHERE productid IN (" . implode(', ', $list) . ")"); + $db->query("DELETE FROM " . TABLE_PREFIX . "version WHERE productid IN (" . implode(', ', $list) . ")"); // #*# do bug kills here build_products(); @@ -210,7 +210,7 @@ if ($_REQUEST['do'] == 'insertproduct') $admin->error(phrase('go_back_and_fill_both_fields')); } - $DB_sql->query(" + $db->query(" INSERT INTO " . TABLE_PREFIX . "product (shortname, title, componentmother, description, displayorder) VALUES @@ -261,7 +261,7 @@ if ($_REQUEST['do'] == 'updateproduct') $admin->error('-1'); } - $DB_sql->query("UPDATE " . TABLE_PREFIX . "product SET title = '" . addslasheslike($vars['title']) . "', shortname = '" . addslasheslike($vars['shortname']) . "', description = '" . addslasheslike($vars['description']) . "', displayorder = $vars[displayorder] WHERE productid = $vars[productid]"); + $db->query("UPDATE " . TABLE_PREFIX . "product SET title = '" . addslasheslike($vars['title']) . "', shortname = '" . addslasheslike($vars['shortname']) . "', description = '" . addslasheslike($vars['description']) . "', displayorder = $vars[displayorder] WHERE productid = $vars[productid]"); build_products(); $admin->redirect('product.php?do=modify'); @@ -275,7 +275,7 @@ if ($_REQUEST['do'] == 'editproduct') $admin->page_start(phrase('edit_product')); - $product = $DB_sql->query_first("SELECT * FROM " . TABLE_PREFIX . "product WHERE productid = $vars[productid]"); + $product = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "product WHERE productid = $vars[productid]"); if (!is_array($product)) { @@ -308,7 +308,7 @@ if ($_POST['do'] == 'displayorder') { $id = intval($name[1]); $order = intval($displayorder); - $DB_sql->query("UPDATE " . TABLE_PREFIX . "$name[0] SET displayorder = $order WHERE $name[0]id = $id"); + $db->query("UPDATE " . TABLE_PREFIX . "$name[0] SET displayorder = $order WHERE $name[0]id = $id"); } } build_products(); @@ -337,8 +337,8 @@ EOF; $admin->form_start('product.php', 'displayorder'); - $products = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "product ORDER BY displayorder ASC"); - while ($prod = $DB_sql->fetch_array($products)) + $products = $db->query("SELECT * FROM " . TABLE_PREFIX . "product ORDER BY displayorder ASC"); + while ($prod = $db->fetch_array($products)) { if (!$prod['componentmother']) { @@ -352,8 +352,8 @@ EOF; } $products = (array)$product; - $versions = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "version ORDER BY displayorder ASC"); - while ($vers = $DB_sql->fetch_array($versions)) + $versions = $db->query("SELECT * FROM " . TABLE_PREFIX . "version ORDER BY displayorder ASC"); + while ($vers = $db->fetch_array($versions)) { $version["$vers[productid]"]["$vers[versionid]"] = $vers; } diff --git a/admin/resolution.php b/admin/resolution.php index e7ce80e..cbe95cd 100755 --- a/admin/resolution.php +++ b/admin/resolution.php @@ -30,7 +30,7 @@ if (empty($_REQUEST['do'])) if ($_REQUEST['do'] == 'kill') { sanitize(array('resolutionid' => INT)); - $DB_sql->query("DELETE FROM " . TABLE_PREFIX . "resolution WHERE resolutionid = $vars[resolutionid]"); + $db->query("DELETE FROM " . TABLE_PREFIX . "resolution WHERE resolutionid = $vars[resolutionid]"); build_resolutions(); $admin->redirect('resolution.php?do=modify'); } @@ -48,7 +48,7 @@ if ($_REQUEST['do'] == 'delete') if ($_POST['do'] == 'insert') { sanitize(array('resolution' => STR, 'displayorder' => INT)); - $DB_sql->query("INSERT INTO " . TABLE_PREFIX . "resolution (resolution, displayorder) VALUES ('" . addslasheslike($vars['resolution']) . "', $vars[displayorder])"); + $db->query("INSERT INTO " . TABLE_PREFIX . "resolution (resolution, displayorder) VALUES ('" . addslasheslike($vars['resolution']) . "', $vars[displayorder])"); build_resolutions(); $admin->redirect('resolution.php?do=modify'); } @@ -76,7 +76,7 @@ if ($_REQUEST['do'] == 'add') if ($_POST['do'] == 'update') { sanitize(array('resolutionid' => INT, 'resolution' => STR, 'displayorder' => INT)); - $DB_sql->query("UPDATE " . TABLE_PREFIX . "resolution SET resolution = '" . addslasheslike($vars['resolution']) . "', displayorder = $vars[displayorder] WHERE resolutionid = $vars[resolutionid]"); + $db->query("UPDATE " . TABLE_PREFIX . "resolution SET resolution = '" . addslasheslike($vars['resolution']) . "', displayorder = $vars[displayorder] WHERE resolutionid = $vars[resolutionid]"); build_resolutions(); $admin->redirect('resolution.php?do=modify'); } @@ -87,7 +87,7 @@ if ($_REQUEST['do'] == 'edit') { sanitize(array('resolutionid' => INT)); - $resolution = $DB_sql->query_first("SELECT * FROM " . TABLE_PREFIX . "resolution WHERE resolutionid = $vars[resolutionid]"); + $resolution = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "resolution WHERE resolutionid = $vars[resolutionid]"); if (!is_array($resolution)) { $admin->error('-1'); @@ -114,17 +114,17 @@ if ($_REQUEST['do'] == 'modify') { $admin->page_start(phrase('resolution_manager')); - $resolutions = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "resolution ORDER BY displayorder"); + $resolutions = $db->query("SELECT * FROM " . TABLE_PREFIX . "resolution ORDER BY displayorder"); $admin->form_start('resolution.php', 'null'); $admin->table_start(); $admin->table_head(phrase('resolution_manager')); - while ($resolution = $DB_sql->fetch_array($resolutions)) + while ($resolution = $db->fetch_array($resolutions)) { $admin->row_text("$resolution[displayorder]: $resolution[resolution]", "(resolutionid: $resolution[resolutionid]) " . phrase('edit_wraplink') . " " . phrase('delete_wraplink') . ""); } - $DB_sql->free_result($resolutiones); + $db->free_result($resolutiones); $admin->row_span('', 'tfoot', 'center', 3); $admin->table_end(); diff --git a/admin/severity.php b/admin/severity.php index 7e76c12..2c6776e 100755 --- a/admin/severity.php +++ b/admin/severity.php @@ -30,7 +30,7 @@ if (empty($_REQUEST['do'])) if ($_REQUEST['do'] == 'kill') { sanitize(array('severityid' => INT)); - $DB_sql->query("DELETE FROM " . TABLE_PREFIX . "severity WHERE severityid = $vars[severityid]"); + $db->query("DELETE FROM " . TABLE_PREFIX . "severity WHERE severityid = $vars[severityid]"); build_severities(); $admin->redirect('severity.php?do=modify'); } @@ -48,7 +48,7 @@ if ($_REQUEST['do'] == 'delete') if ($_POST['do'] == 'insert') { sanitize(array('severity' => STR, 'displayorder' => INT)); - $DB_sql->query("INSERT INTO " . TABLE_PREFIX . "severity (severity, displayorder) VALUES ('" . addslasheslike($vars['severity']) . "', $vars[displayorder])"); + $db->query("INSERT INTO " . TABLE_PREFIX . "severity (severity, displayorder) VALUES ('" . addslasheslike($vars['severity']) . "', $vars[displayorder])"); build_severities(); $admin->redirect('severity.php?do=modify'); } @@ -76,7 +76,7 @@ if ($_REQUEST['do'] == 'add') if ($_POST['do'] == 'update') { sanitize(array('severityid' => INT, 'severity' => STR, 'displayorder' => INT)); - $DB_sql->query("UPDATE " . TABLE_PREFIX . "severity SET severity = '" . addslasheslike($vars['severity']) . "', displayorder = $vars[displayorder] WHERE severityid = $vars[severityid]"); + $db->query("UPDATE " . TABLE_PREFIX . "severity SET severity = '" . addslasheslike($vars['severity']) . "', displayorder = $vars[displayorder] WHERE severityid = $vars[severityid]"); build_severities(); $admin->redirect('severity.php?do=modify'); } @@ -87,7 +87,7 @@ if ($_REQUEST['do'] == 'edit') { sanitize(array('severityid' => INT)); - $severity = $DB_sql->query_first("SELECT * FROM " . TABLE_PREFIX . "severity WHERE severityid = $vars[severityid]"); + $severity = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "severity WHERE severityid = $vars[severityid]"); if (!is_array($severity)) { $admin->error('-1'); @@ -114,17 +114,17 @@ if ($_REQUEST['do'] == 'modify') { $admin->page_start('Severity Manager'); - $severities = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "severity ORDER BY displayorder"); + $severities = $db->query("SELECT * FROM " . TABLE_PREFIX . "severity ORDER BY displayorder"); $admin->form_start('severity.php', 'null'); $admin->table_start(); $admin->table_head('Severity Manager'); - while ($severity = $DB_sql->fetch_array($severities)) + while ($severity = $db->fetch_array($severities)) { $admin->row_text("$severity[displayorder]: $severity[severity]", "(severityid: $severity[severityid]) " . phrase('edit_wraplink') . " " . phrase('delete_wraplink') . ""); } - $DB_sql->free_result($severityes); + $db->free_result($severityes); $admin->row_span('', 'tfoot', 'center', 3); $admin->table_end(); diff --git a/admin/status.php b/admin/status.php index a3d2bc8..c7f6cf2 100755 --- a/admin/status.php +++ b/admin/status.php @@ -30,7 +30,7 @@ if (empty($_REQUEST['do'])) if ($_REQUEST['do'] == 'kill') { sanitize(array('statusid' => INT)); - $DB_sql->query("DELETE FROM " . TABLE_PREFIX . "status WHERE statusid = $vars[statusid]"); + $db->query("DELETE FROM " . TABLE_PREFIX . "status WHERE statusid = $vars[statusid]"); build_statuses(); $admin->redirect('status.php?do=modify'); } @@ -48,7 +48,7 @@ if ($_REQUEST['do'] == 'delete') if ($_POST['do'] == 'insert') { sanitize(array('status' => STR, 'displayorder' => INT)); - $DB_sql->query("INSERT INTO " . TABLE_PREFIX . "status (status, displayorder) VALUES ('" . addslasheslike($vars['status']) . "', $vars[displayorder])"); + $db->query("INSERT INTO " . TABLE_PREFIX . "status (status, displayorder) VALUES ('" . addslasheslike($vars['status']) . "', $vars[displayorder])"); build_statuses(); $admin->redirect('status.php?do=modify'); } @@ -76,7 +76,7 @@ if ($_REQUEST['do'] == 'add') if ($_POST['do'] == 'update') { sanitize(array('statusid' => INT, 'status' => STR, 'displayorder' => INT)); - $DB_sql->query("UPDATE " . TABLE_PREFIX . "status SET status = '" . addslasheslike($vars['status']) . "', displayorder = $vars[displayorder] WHERE statusid = $vars[statusid]"); + $db->query("UPDATE " . TABLE_PREFIX . "status SET status = '" . addslasheslike($vars['status']) . "', displayorder = $vars[displayorder] WHERE statusid = $vars[statusid]"); build_statuses(); $admin->redirect('status.php?do=modify'); } @@ -87,7 +87,7 @@ if ($_REQUEST['do'] == 'edit') { sanitize(array('statusid' => INT)); - $status = $DB_sql->query_first("SELECT * FROM " . TABLE_PREFIX . "status WHERE statusid = $vars[statusid]"); + $status = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "status WHERE statusid = $vars[statusid]"); if (!is_array($status)) { $admin->error('-1'); @@ -114,17 +114,17 @@ if ($_REQUEST['do'] == 'modify') { $admin->page_start('Status Manager'); - $statuses = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "status"); + $statuses = $db->query("SELECT * FROM " . TABLE_PREFIX . "status"); $admin->form_start('status.php', 'null'); $admin->table_start(); $admin->table_head('Status Manager'); - while ($status = $DB_sql->fetch_array($statuses)) + while ($status = $db->fetch_array($statuses)) { $admin->row_text("$status[displayorder]: $status[status]", "(statusid: $status[statusid]) " . phrase('edit_wraplink') . " " . phrase('delete_wraplink') . ""); } - $DB_sql->free_result($statuses); + $db->free_result($statuses); $admin->row_span('', 'tfoot', 'center', 3); $admin->table_end(); diff --git a/admin/usergroup.php b/admin/usergroup.php index ab99c1a..2a159b5 100755 --- a/admin/usergroup.php +++ b/admin/usergroup.php @@ -36,8 +36,8 @@ if ($_REQUEST['do'] == 'kill') $admin->error(phrase('cant_delete_default_usergroup')); } - $DB_sql->query("DELETE FROM " . TABLE_PREFIX . "usergroup WHERE usergroupid = $vars[usergroupid]"); - $DB_sql->query("UPDATE " . TABLE_PREFIX . "user SET usergroupid = 2 WHERE usergroupid = $vars[usergroupid]"); + $db->query("DELETE FROM " . TABLE_PREFIX . "usergroup WHERE usergroupid = $vars[usergroupid]"); + $db->query("UPDATE " . TABLE_PREFIX . "user SET usergroupid = 2 WHERE usergroupid = $vars[usergroupid]"); build_usergroups(); build_assignedto(); @@ -74,7 +74,7 @@ if ($_REQUEST['do'] == 'add' OR $_REQUEST['do'] == 'edit') if ($edit) { - $usergroup = $DB_sql->query_first("SELECT * FROM " . TABLE_PREFIX . "usergroup WHERE usergroupid = $vars[usergroupid]"); + $usergroup = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "usergroup WHERE usergroupid = $vars[usergroupid]"); if (!is_array($usergroup)) { $admin->error('-1'); @@ -161,7 +161,7 @@ if ($_POST['do'] == 'insert') $permissionvalue += $_PERMISSION["$permtitle"] * $binaryswitch; } - $DB_sql->query(" + $db->query(" INSERT INTO " . TABLE_PREFIX . "usergroup (title, displaytitle, opentag, closetag, permissions) VALUES @@ -189,7 +189,7 @@ if ($_POST['do'] == 'update') $permissionvalue += $_PERMISSION["$permtitle"] * $binaryswitch; } - $DB_sql->query(" + $db->query(" UPDATE " . TABLE_PREFIX . "usergroup SET title = '" . addslasheslike($vars['title']) . "', displaytitle = '" . addslasheslike($vars['displaytitle']) . "', @@ -215,21 +215,21 @@ if ($_REQUEST['do'] == 'modify') $admin->table_start(); $admin->table_head(phrase('usergroup_manager'), 3); - $groups = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "usergroup ORDER BY usergroupid ASC"); - while ($group = $DB_sql->fetch_array($groups)) + $groups = $db->query("SELECT * FROM " . TABLE_PREFIX . "usergroup ORDER BY usergroupid ASC"); + while ($group = $db->fetch_array($groups)) { $usergroups["$group[usergroupid]"] = $group; } - $DB_sql->free_result($groups); + $db->free_result($groups); - $groups = $DB_sql->query(" + $groups = $db->query(" SELECT COUNT(user.userid) AS total, user.usergroupid FROM " . TABLE_PREFIX . "user AS user LEFT JOIN " . TABLE_PREFIX . "usergroup AS usergroup USING (usergroupid) GROUP BY usergroup.usergroupid ORDER BY usergroup.usergroupid" ); - while ($group = $DB_sql->fetch_array($groups)) + while ($group = $db->fetch_array($groups)) { $usergroups["$group[usergroupid]"]['total'] = $group['total']; } diff --git a/docs/lang_file_to_db.php b/docs/lang_file_to_db.php index 90a2734..b4b557a 100644 --- a/docs/lang_file_to_db.php +++ b/docs/lang_file_to_db.php @@ -25,6 +25,6 @@ $sql .= implode(',', $sqlbits); echo "
$sql
"; -$DB_sql->query($sql); +$db->query($sql); ?> \ No newline at end of file diff --git a/docs/phrasetools.php b/docs/phrasetools.php index b174ab9..b39209f 100644 --- a/docs/phrasetools.php +++ b/docs/phrasetools.php @@ -72,7 +72,7 @@ if ($_REQUEST['do']) if ($_REQUEST['do'] == 'kill') { - $DB_sql->query("DELETE FROM " . TABLE_PREFIX . "phrase WHERE varname = '" . addslasheslike($vars['varname']) . "'"); + $db->query("DELETE FROM " . TABLE_PREFIX . "phrase WHERE varname = '" . addslasheslike($vars['varname']) . "'"); header("Location: phrasetools.php"); } @@ -80,7 +80,7 @@ if ($_REQUEST['do'] == 'kill') if ($_REQUEST['do'] == 'delete') { - $phrase = $DB_sql->query_first("SELECT * FROM " . TABLE_PREFIX . "phrase WHERE varname = '" . addslasheslike($vars['varname']) . "'"); + $phrase = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "phrase WHERE varname = '" . addslasheslike($vars['varname']) . "'"); if (!$phrase) { echo 'Not a valid phrase!'; @@ -95,7 +95,7 @@ if ($_REQUEST['do'] == 'delete') if ($_POST['do'] == 'insert') { $vars['varname'] = str_replace(' ', '_', $vars['varname']); - $DB_sql->query(" + $db->query(" INSERT INTO " . TABLE_PREFIX . "phrase (varname, phrasetext) VALUES @@ -109,7 +109,7 @@ if ($_POST['do'] == 'insert') if ($_POST['do'] == 'update') { - $DB_sql->query(" + $db->query(" UPDATE " . TABLE_PREFIX . "phrase SET varname = '" . addslasheslike(sanitize_name($vars['varname'])) . "', phrasetext = '" . addslasheslike($vars['phrasetext']) . "' @@ -122,7 +122,7 @@ if ($_POST['do'] == 'update') if ($_REQUEST['do'] == 'edit') { - $phrase = $DB_sql->query_first("SELECT * FROM " . TABLE_PREFIX . "phrase WHERE varname = '" . addslasheslike($vars['varname']) . "'"); + $phrase = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "phrase WHERE varname = '" . addslasheslike($vars['varname']) . "'"); if (!$phrase) { echo 'Not a valid phrase!'; @@ -163,8 +163,8 @@ if ($_REQUEST['do'] == 'search') $where = "varname LIKE '%$vars[varname]%' $use[matcher] phrasetext LIKE '%$vars[phrasetext]%'"; } - $phrases = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "phrase WHERE $where"); - $numrows = $DB_sql->num_rows($phrases); + $phrases = $db->query("SELECT * FROM " . TABLE_PREFIX . "phrase WHERE $where"); + $numrows = $db->num_rows($phrases); if ($numrows < 1) { @@ -174,14 +174,14 @@ if ($_REQUEST['do'] == 'search') if ($numrows > 2) { - while ($phrase = $DB_sql->fetch_array($phrases)) + while ($phrase = $db->fetch_array($phrases)) { echo "
\$bugsys->language['$phrase[varname]'] =======> " . htmlspecialcharslike($phrase['phrasetext']) . "
"; } } else { - $phrase = $DB_sql->fetch_array($phrases); + $phrase = $db->fetch_array($phrases); header("Location: phrasetools.php?do=edit&varname=$phrase[varname]"); } } diff --git a/docs/update_bug_table_cache.php b/docs/update_bug_table_cache.php index 2681a49..0098748 100644 --- a/docs/update_bug_table_cache.php +++ b/docs/update_bug_table_cache.php @@ -3,9 +3,9 @@ chdir('./../'); require_once('./global.php'); -$comments = $DB_sql->query("SELECT * FROM comment ORDER BY bugid, dateline ASC"); +$comments = $db->query("SELECT * FROM comment ORDER BY bugid, dateline ASC"); -while ($comment = $DB_sql->fetch_array($comments)) +while ($comment = $db->fetch_array($comments)) { if (!isset($replace["$comment[bugid]"])) { @@ -16,7 +16,7 @@ while ($comment = $DB_sql->fetch_array($comments)) foreach ($replace AS $bugid => $newfields) { - $DB_sql->query("UPDATE bug SET initialreport = $newfields[initialreport], dateline = $newfields[dateline], lastposttime = $newfields[lastposttime], lastpostby = $newfields[lastpostby] WHERE bugid = $bugid"); + $db->query("UPDATE bug SET initialreport = $newfields[initialreport], dateline = $newfields[dateline], lastposttime = $newfields[lastposttime], lastpostby = $newfields[lastpostby] WHERE bugid = $bugid"); echo "

Updated $bugid

"; } diff --git a/editcomment.php b/editcomment.php index a1c1ec0..7823c39 100644 --- a/editcomment.php +++ b/editcomment.php @@ -18,7 +18,7 @@ require_once('./global.php'); sanitize(array('commentid' => INT)); -$comment = $DB_sql->query_first(" +$comment = $db->query_first(" SELECT comment.*, user.email, user.showemail, user.displayname FROM " . TABLE_PREFIX . "comment AS comment LEFT JOIN " . TABLE_PREFIX . "user AS user @@ -32,7 +32,7 @@ if (!$comment) exit; } -$bug = $DB_sql->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $comment[bugid]"); +$bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $comment[bugid]"); if (!((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers'))) { @@ -81,7 +81,7 @@ if ($_POST['do'] == 'update') $vars['comment_parsed'] = htmlspecialcharslike($vars['comment_parsed']); } - $DB_sql->query(" + $db->query(" UPDATE " . TABLE_PREFIX . "comment SET comment = '" . addslasheslike($vars['comment']) . "', comment_parsed = '" . addslasheslike(nl2br($vars['comment_parsed'])) . "' diff --git a/editreport.php b/editreport.php index 36e7511..c90fd10 100644 --- a/editreport.php +++ b/editreport.php @@ -19,7 +19,7 @@ require_once('./global.php'); sanitize(array('bugid' => INT)); -$bug = $DB_sql->query_first(" +$bug = $db->query_first(" SELECT bug.*, user.email, user.displayname, user.showemail FROM " . TABLE_PREFIX . "bug AS bug LEFT JOIN " . TABLE_PREFIX . "user AS user @@ -87,7 +87,7 @@ if ($_POST['do'] == 'update') exit; } - $DB_sql->query(" + $db->query(" UPDATE " . TABLE_PREFIX . "bug SET summary = '" . addslasheslike($vars['summary']) . "', priority = $vars[priority], status = $vars[status], diff --git a/includes/config.php.new b/includes/config.php.new index 4bc3c0d..1520398 100644 --- a/includes/config.php.new +++ b/includes/config.php.new @@ -46,6 +46,13 @@ $database = 'bugdb'; // it! $usepconnect = 0; +// ################################################################### +// ///////////////////////// PATH TO ISSO +// ------------------------------------------------------------------- +// The full, hard path to the ISSO framework on your server. This +// should end in a trailing slash!! +$pathtoisso = '/htdocs/isso/' + // ################################################################### // ///////////////////////// TABLE PREFIX // ------------------------------------------------------------------- diff --git a/includes/functions.php b/includes/functions.php index 970af09..483f64b 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -48,169 +48,6 @@ function phrase() } } -// ########################## Start sanitize ######################### -function sanitize($toclean) -{ - global $vars; - - foreach ($toclean AS $varname => $cleaner) - { - $varvalue = $_REQUEST["$varname"]; - switch (strtoupper($cleaner)) - { - case 'STR': - $cleaned = trim($varvalue); - break; - - case 'STR_NOHTML': - $cleaned = htmlspecialcharslike(trim($varvalue)); - break; - - case 'INT': - $cleaned = intval($varvalue); - break; - - case 'FLOAT': - $cleaned = floatval($varvalue); - break; - - default: break; - } - $vars["$varname"] = $cleaned; - } -} - -// ##################### Start fetch_random_chars #################### -function fetch_random_chars($length = 0) -{ - // Gimme a length! - if (!$length) - { - $length = rand(20, 65); - } - - // Number of ints in our salt - $intcount = rand(0, intval($length / 2)); - - // Number of chars - $charcount = $length - $intcount; - - // Upper-case chars - $upperchars = rand(1, intval($charcount / 2)); - - // Lower-case chars - $lowerchars = $charcount - $upperchars; - - // Generate ints - for ($i = 0; $i < $intcount; $i++) - { - $string[] = rand(0, 9); - } - - // Generate upper chars - for ($i = 0; $i < $upperchars; $i++) - { - $string[] = chr(rand(65, 90)); - } - - // Generate lower chars - for ($i = 0; $i < $lowerchars; $i++) - { - $string[] = chr(rand(97, 122)); - } - - // Randomly key the chars - foreach ($string AS $char) - { - $rand = mt_rand(); - $newstr["$rand"] = $char; - } - - // Sort the chars by thier random assignment - ksort($newstr); - - // Flatten the array - $string = ''; - foreach ($newstr AS $char) - { - $string .= $char; - } - - return $string; -} - -// ######################## Start mysetcookie ######################## -function mysetcookie($name, $value = false, $sticky = true) -{ - // Expire the cookie if it doesn't have a value - if (!$value) - { - setcookie($name, $value, time() - (2 * 900), '/'); - } - else - { - // Make the cookie one that stays? - if ($sticky) - { - $expire = time() + 60 * 60 * 24 * 365; - } - else - { - $expire = 0; - } - setcookie($name, $value, $expire, '/'); - } -} - -// ############################ Start iff ############################ -function iff($condition, $true, $false = null) -{ - return ($condition) ? ($true) : ($false); -} - -// ######################## Start exec_swap_bg ####################### -function exec_swap_bg($class1 = 'alt1', $class2 = 'alt2') -{ - global $row_class; - static $row_count; - - $row_class = iff($row_count % 2, $class1, $class2); - $row_count++; -} - -// ####################### Start addslasheslike ###################### -// leave this named as such for easy typing -function addslasheslike($str) -{ - static $mqgpc; - - if (!isset($mqgpc)) - { - $mqgpc = get_magic_quotes_gpc(); - } - - if ($mqgpc) - { - return $str; - } - else - { - return addslashes($str); - } -} - -// #################### Start htmlspecialcharslike ################### -function htmlspecialcharslike($str) -{ - return str_replace(array('"', '<', '>'), array('"', '<', '>'), $str); -} - -// ##################### Start unhtmlspecialchars #################### -function unhtmlspecialchars($str) -{ - return str_replace(array('"', '<', '>'), array('"', '<', '>'), $str); -} - // ################## Start fetch_user_display_name ################## // preps a dispaly name if one isn't set // should be able to be removed by the final version as registration should set this @@ -278,7 +115,7 @@ function can_perform($bitmask, $userinfo = null) // NB: need to make sure we have the option to turn off just p/c selection without v function construct_pcv_select($select = '', $prefix = '     ') { - global $bugsys, $DB_sql, $tpl; + global $bugsys, $tpl; static $HTML; if ($HTML) @@ -289,8 +126,8 @@ function construct_pcv_select($select = '', $prefix = '    & $selected = ' checked="checked"'; - $products_fetch = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "product ORDER BY displayorder ASC"); - while ($product = $DB_sql->fetch_array($products_fetch)) + $products_fetch = $bugsys->db->query("SELECT * FROM " . TABLE_PREFIX . "product ORDER BY displayorder ASC"); + while ($product = $bugsys->db->fetch_array($products_fetch)) { if ($product['componentmother']) { @@ -302,8 +139,8 @@ function construct_pcv_select($select = '', $prefix = '    & } } - $versions_fetch = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "version ORDER BY displayorder"); - while ($version = $DB_sql->fetch_array($versions_fetch)) + $versions_fetch = $bugsys->db->query("SELECT * FROM " . TABLE_PREFIX . "version ORDER BY displayorder"); + while ($version = $bugsys->db->fetch_array($versions_fetch)) { $versions["$version[productid]"]["$version[versionid]"] = $version; } diff --git a/includes/functions_datastore.php b/includes/functions_datastore.php index 46b2471..706f081 100755 --- a/includes/functions_datastore.php +++ b/includes/functions_datastore.php @@ -13,15 +13,15 @@ // ###################### Start build_languages ###################### function build_languages() { - global $DB_sql, $bugsys; + global $bugsys; - $languages = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "language"); - while ($language = $DB_sql->fetch_array($languages)) + $languages = $bugsys->db->query("SELECT * FROM " . TABLE_PREFIX . "language"); + while ($language = $bugsys->db->fetch_array($languages)) { $tempstore["$language[languageid]"] = $language; } - $DB_sql->query(" + $bugsys->db->query(" ### replacing the language cache ### REPLACE INTO " . TABLE_PREFIX . "datastore (title, data) VALUES ('language', '" . addslasheslike(serialize($tempstore)) . "')" @@ -33,15 +33,15 @@ function build_languages() // ####################### Start build_settings ###################### function build_settings() { - global $DB_sql, $bugsys; + global $bugsys; - $settings = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "setting"); - while ($setting = $DB_sql->fetch_array($settings)) + $settings = $bugsys->db->query("SELECT * FROM " . TABLE_PREFIX . "setting"); + while ($setting = $bugsys->db->fetch_array($settings)) { $options["$setting[varname]"] = $setting['value']; } - $DB_sql->query(" + $bugsys->db->query(" ### replacing the setting cache ### REPLACE INTO " . TABLE_PREFIX . "datastore (title, data) VALUES ('setting', '" . addslasheslike(serialize($options)) . "')" @@ -53,15 +53,15 @@ function build_settings() // ###################### Start build_usergroups ##################### function build_usergroups() { - global $DB_sql, $bugsys; + global $bugsys; - $usergroups = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "usergroup"); - while ($usergroup = $DB_sql->fetch_array($usergroups)) + $usergroups = $bugsys->db->query("SELECT * FROM " . TABLE_PREFIX . "usergroup"); + while ($usergroup = $bugsys->db->fetch_array($usergroups)) { $groups["$usergroup[usergroupid]"] = $usergroup; } - $DB_sql->query(" + $bugsys->db->query(" ### replacing usergroup cache ### REPLACE INTO " . TABLE_PREFIX . "datastore (title, data) VALUES ('usergroup', '" . addslasheslike(serialize($groups)) . "')" @@ -73,15 +73,15 @@ function build_usergroups() // ####################### Start build_statuses ###################### function build_statuses() { - global $DB_sql, $bugsys; + global $bugsys; - $statuses = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "status ORDER BY displayorder ASC"); - while ($status = $DB_sql->fetch_array($statuses)) + $statuses = $bugsys->db->query("SELECT * FROM " . TABLE_PREFIX . "status ORDER BY displayorder ASC"); + while ($status = $bugsys->db->fetch_array($statuses)) { $tempstore["$status[statusid]"] = $status; } - $DB_sql->query(" + $bugsys->db->query(" ### replacing status cache ### REPLACE INTO " . TABLE_PREFIX . "datastore (title, data) VALUES ('status', '" . addslasheslike(serialize($tempstore)) . "')" @@ -93,15 +93,15 @@ function build_statuses() // ###################### Start build_severities ##################### function build_severities() { - global $DB_sql, $bugsys; + global $bugsys; - $severities = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "severity ORDER BY displayorder ASC"); - while ($severity = $DB_sql->fetch_array($severities)) + $severities = $bugsys->db->query("SELECT * FROM " . TABLE_PREFIX . "severity ORDER BY displayorder ASC"); + while ($severity = $bugsys->db->fetch_array($severities)) { $tempstore["$severity[severityid]"] = $severity; } - $DB_sql->query(" + $bugsys->db->query(" ### replacing severity cache ### REPLACE INTO " . TABLE_PREFIX . "datastore (title, data) VALUES ('severity', '" . addslasheslike(serialize($tempstore)) . "')" @@ -113,15 +113,15 @@ function build_severities() // ###################### Start build_priorities ##################### function build_priorities() { - global $DB_sql, $bugsys; + global $bugsys; - $priorities = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "priority ORDER BY displayorder ASC"); - while ($priority = $DB_sql->fetch_array($priorities)) + $priorities = $bugsys->db->query("SELECT * FROM " . TABLE_PREFIX . "priority ORDER BY displayorder ASC"); + while ($priority = $bugsys->db->fetch_array($priorities)) { $tempstore["$priority[priorityid]"] = $priority; } - $DB_sql->query(" + $bugsys->db->query(" ### replacing priority cache ### REPLACE INTO " . TABLE_PREFIX . "datastore (title, data) VALUES ('priority', '" . addslasheslike(serialize($tempstore)) . "')" @@ -133,21 +133,21 @@ function build_priorities() // ###################### Start build_assignedto ##################### function build_assignedto() { - global $DB_sql, $bugsys; + global $bugsys; - $users = $DB_sql->query(" + $users = $bugsys->db->query(" SELECT user.email, user.displayname, user.userid, user.showemail FROM " . TABLE_PREFIX . "user AS user LEFT JOIN " . TABLE_PREFIX . "usergroup AS usergroup ON (user.usergroupid = usergroup.usergroupid) WHERE (usergroup.permissions & " . CANBEASSIGNEDTO . ")" ); - while ($user = $DB_sql->fetch_array($users)) + while ($user = $bugsys->db->fetch_array($users)) { fetch_user_display_name($user); $devs["$user[userid]"] = $user; } - $DB_sql->query(" + $bugsys->db->query(" ### replacing developer / assign to cache ### REPLACE INTO " . TABLE_PREFIX . "datastore (title, data) VALUES ('assignto', '" . addslasheslike(serialize($devs)) . "')" @@ -159,15 +159,15 @@ function build_assignedto() // ##################### Start build_resolutions ##################### function build_resolutions() { - global $DB_sql, $bugsys; + global $bugsys; - $resolutions = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "resolution ORDER BY displayorder ASC"); - while ($resolution = $DB_sql->fetch_array($resolutions)) + $resolutions = $bugsys->db->query("SELECT * FROM " . TABLE_PREFIX . "resolution ORDER BY displayorder ASC"); + while ($resolution = $bugsys->db->fetch_array($resolutions)) { $tempstore["$resolution[resolutionid]"] = $resolution; } - $DB_sql->query(" + $bugsys->db->query(" ### replacing resolution cache ### REPLACE INTO " . TABLE_PREFIX . "datastore (title, data) VALUES ('resolution', '" . addslasheslike(serialize($tempstore)) . "')" @@ -179,15 +179,15 @@ function build_resolutions() // ####################### Start build_versions ###################### function build_versions() { - global $DB_sql, $bugsys; + global $bugsys; - $versions = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "version ORDER BY displayorder ASC"); - while ($version = $DB_sql->fetch_array($versions)) + $versions = $bugsys->db->query("SELECT * FROM " . TABLE_PREFIX . "version ORDER BY displayorder ASC"); + while ($version = $bugsys->db->fetch_array($versions)) { $tempstore["$version[versionid]"] = $version; } - $DB_sql->query(" + $bugsys->db->query(" ### replacing version cache ### REPLACE INTO " . TABLE_PREFIX . "datastore (title, data) VALUES ('version', '" . addslasheslike(serialize($tempstore)) . "')" @@ -199,15 +199,15 @@ function build_versions() // ####################### Start build_products ###################### function build_products() { - global $DB_sql, $bugsys; + global $bugsys; - $products = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "product ORDER BY displayorder ASC"); - while ($product = $DB_sql->fetch_array($products)) + $products = $bugsys->db->query("SELECT * FROM " . TABLE_PREFIX . "product ORDER BY displayorder ASC"); + while ($product = $bugsys->db->fetch_array($products)) { $tempstore["$product[productid]"] = $product; } - $DB_sql->query(" + $bugsys->db->query(" ### replacing product / component cache ### REPLACE INTO " . TABLE_PREFIX . "datastore (title, data) VALUES ('product', '" . addslasheslike(serialize($tempstore)) . "')" @@ -219,15 +219,15 @@ function build_products() // ##################### Start build_templatesets #################### function build_templatesets() { - global $DB_sql, $bugsys; + global $bugsys; - $templatesets = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "templateset"); - while ($templateset = $DB_sql->fetch_array($templatesets)) + $templatesets = $bugsys->db->query("SELECT * FROM " . TABLE_PREFIX . "templateset"); + while ($templateset = $bugsys->db->fetch_array($templatesets)) { $tempstore["$templateset[templatesetid]"] = $templateset; } - $DB_sql->query(" + $bugsys->db->query(" ### replacing the template set cache ### REPLACE INTO " . TABLE_PREFIX . "datastore (title, data) VALUES ('templateset', '" . addslasheslike(serialize($tempstore)) . "')" diff --git a/includes/functions_template.php b/includes/functions_template.php index 6d18df4..05afa3a 100644 --- a/includes/functions_template.php +++ b/includes/functions_template.php @@ -58,7 +58,7 @@ class Template // ###################### Start Template::flush ###################### function flush($template) { - global $DB_sql; + global $db; ob_start(); @@ -70,10 +70,10 @@ class Template if (DEVDEBUG AND $_GET['query']) { - if (is_array($DB_sql->query_history)) + if (is_array($db->query_history)) { echo '
';
-				foreach ($DB_sql->query_history AS $query)
+				foreach ($db->query_history AS $query)
 				{
 					echo $query . "\n\n
\n\n"; } @@ -97,7 +97,7 @@ class Template $debug .= "\r

\r\r"; $debug .= "\r\t\r\t"; - $debug .= "\r\t\r\r\r\t
" . 'construct_debug_info_list()' . "$revisionTotal queries used: " . sizeof($DB_sql->query_history) . ""; + $debug .= "\r\tTotal queries used: " . sizeof($db->query_history) . ""; $debug .= "
"; $debug .= "\r" . iff(is_array($this->uncached), sizeof($uncached) . " Uncached Template(s)\r
\r") . "\r

"; diff --git a/includes/init.php b/includes/init.php index 8f12124..b560b26 100755 --- a/includes/init.php +++ b/includes/init.php @@ -13,18 +13,8 @@ error_reporting(E_ALL & ~E_NOTICE); // ################################################################### -if (PHP_VERSION < '4.1.0') -{ - echo 'you do not have a new enough version of PHP'; - exit; -} - -// ################################################################### -// set quotes runtime -set_magic_quotes_runtime(0); +// initialize the database -// ################################################################### -// Initialize the database if (!file_exists('./includes/config.php')) { echo 'includes/config.php needs to be present!'; @@ -32,186 +22,169 @@ if (!file_exists('./includes/config.php')) } require_once('./includes/config.php'); -require_once('./includes/db_mysql.php'); -$DB_sql = new DB_Sql(); -$DB_sql->appname = 'BugStrike'; -$DB_sql->database = $database; -$DB_sql->connect($servername, $username, $password, $usepconnect); +define('ISSO_ESCAPE_STRINGS', 1); +define('ISSO_CHECK_POST_REFERER', 1); + +require_once($pathtoisso . 'kernel.php'); +$bugsys =& $_isso; +$bugsys->application = 'BugStrike'; +$bugsys->apppath = $bugsys->fetch_sourcepath(getcwd()); +$bugsys->appversion = '[#]version[#]'; +$bugsys->debug = $debug; +$bugsys->sourcepath = $bugsys->fetch_sourcepath($pathtoisso); + +$bugsys->load('db_mysql'); +$db->database = $database; +$db->connect($servername, $username, $password, $usepconnect); + +$bugsys->load('functions'); +$bugsys->load('mail'); + define('DEVDEBUG', $debug); define('TABLE_PREFIX', $tableprefix); define('COOKIE_PREFIX', $cookieprefix); + unset($database, $servername, $username, $password, $usepconnect, $tableprefix, $cookieprefix); -// ################################################################### -// Initialize our environment require_once('./includes/functions_datastore.php'); require_once('./includes/functions.php'); -class BugTracker + +// ################################################################### +// init the big four +$bugsys->options = array(); +$bugsys->userinfo = array(); +$bugsys->language = array(); +$bugsys->datastore = array(); + +// ################################################################### +// populate our caches +$datastoretemp = $db->query("SELECT * FROM " . TABLE_PREFIX . "datastore"); +while ($store = $db->fetch_array($datastoretemp)) { - var $options = array(); - var $userinfo = array(); - var $language = array(); - var $datastore = array(); - - function BugTracker() + $bugsys->datastore["$store[title]"] = unserialize($store['data']); +} +$bugsys->options = $bugsys->datastore['setting']; +unset($bugsys->datastore['setting']); + +$mail->from = $bugsys->options['webmasteremail']; +$mail->fromname = 'BugStrike Notification'; + +// ################################################################### +// load userinfo +$userid = intval($_COOKIE[COOKIE_PREFIX . 'userid']); + +$userinfo = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = $userid"); +if (is_array($userinfo) AND $_COOKIE[COOKIE_PREFIX . 'authkey'] == $userinfo['authkey']) +{ + $userinfo['permissions'] = (int)$bugsys->datastore['usergroup']["$userinfo[usergroupid]"]['permissions']; + $userinfo['displaytitle'] = $bugsys->datastore['usergroup']["$userinfo[usergroupid]"]['displaytitle']; + fetch_user_display_name($userinfo); + $userinfo['mdisplayname'] = $bugsys->datastore['usergroup']["$userinfo[usergroupid]"]['opentag'] . $userinfo['displayname'] . $bugsys->datastore['usergroup']["$userinfo[usergroupid]"]['closetag']; + $bugsys->userinfo = $userinfo; +} +else +{ + mysetcookie(COOKIE_PREFIX . 'userid'); + mysetcookie(COOKIE_PREFIX . 'authkey'); + $bugsys->userinfo = array( + 'usergroupid' => 1, + 'userid' => 0, + 'email' => '', + 'displayname' => '', + 'permissions' => $bugsys->datastore['usergroup'][1]['permissions'], + 'displaytitle' => $bugsys->datastore['usergroup'][1]['displaytitle'], + 'mdisplayname' => $bugsys->datastore['usergroup'][1]['opentag'] . '' . $bugsys->datastore['usergroup'][1]['closetag'] + ); +} + +// ################################################################### +// pull our languageid +if ($bugsys->userinfo['userid']) +{ + $languageid = $bugsys->userinfo['languageid']; + $language = $bugsys->datastore['language']["$languageid"]; +} +if (!$languageid) +{ + foreach ($bugsys->datastore['language'] AS $language) { - global $DB_sql, $vars; - - // Fetch all the datastore caches - $datastoretemp = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "datastore"); - while ($store = $DB_sql->fetch_array($datastoretemp)) + if ($language['default']) { - $this->datastore["$store[title]"] = unserialize($store['data']); - } - - // Assign options and fetch the userinfo - $this->options = $this->datastore['setting']; - unset($this->datastore['setting']); - $this->userinfo = (array)$this->fetch_userinfo(-1, true); - - // Pull our languageid - if ($this->userinfo['userid']) - { - $languageid = $this->userinfo['languageid']; - $language = $this->datastore['language']["$languageid"]; - } - if (!$languageid) - { - foreach ($this->datastore['language'] AS $language) - { - if ($language['default']) - { - $languageid = $language['languageid']; - $language = $this->datastore['language']["$languageid"]; - break; - } - } - } - - $this->options['lang_id'] = $language['languageid']; - $this->options['lang_charset'] = $language['charset']; - $this->options['lang_dir'] = $language['direction']; - $this->options['lang_code'] = $language['languagecode']; - - /* - // can't use this because not everyone has MySQL >= 4.0.17 ... one day, one day - $phrases = $DB_sql->query(" - (SELECT varname, phrasetext FROM " . TABLE_PREFIX . "phrase) - UNION DISTINCT - (SELECT varname AS lvarname, phrasetext AS lphrasetext FROM " . TABLE_PREFIX . "locale AS locale WHERE languageid = " . $this->options['lang_id'] . ")" - ); - while ($phrase = $DB_sql->fetch_array($phrases)) - { - $this->language["$phrase[varname]"] = $phrase['phrasetext']; - } - $DB_sql->free_result($phrases); - */ - - // load master language - $phrases = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "phrase"); - while ($phrase = $DB_sql->fetch_array($phrases)) - { - $this->language["$phrase[varname]"] = $phrase['phrasetext']; - } - $DB_sql->free_result($phrases); - - // load locale data - $locale = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "locale WHERE languageid = " . $this->options['lang_id']); - while ($phrase = $DB_sql->fetch_array($locale)) - { - $this->language["$phrase[varname]"] = $phrase['phrasetext']; - } - $DB_sql->free_result($phrases); - - // get the templateset - if ($this->userinfo['userid']) - { - $templatesetid = $this->userinfo['templatesetid']; - $templateset = $this->datastore['templateset']["$templatesetid"]; - } - if (!$templatesetid) - { - foreach ($this->datastore['templateset'] AS $templateset) - { - if ($templateset['default']) - { - $templatesetid = $templateset['templatesetid']; - $templateset = $this->datastore['templateset']["$templatesetid"]; - } - } - } - - // load the template system - if (file_exists("./templates/$templateset[shortname]/tsinfo.php")) - { - $this->options['ts_includepath'] = "./templates/$templateset[shortname]/"; - } - else - { - echo "template set info (templates/$templateset[shortname]/tsinfo.php) could not be loaded!"; - exit; + $languageid = $language['languageid']; + $language = $bugsys->datastore['language']["$languageid"]; + break; } } - - function fetch_userinfo($userid = -1, $verify_password = false) +} + +$bugsys->options['lang_id'] = $language['languageid']; +$bugsys->options['lang_charset'] = $language['charset']; +$bugsys->options['lang_dir'] = $language['direction']; +$bugsys->options['lang_code'] = $language['languagecode']; + +// ################################################################### +// load master language +/* +// can't use this because not everyone has MySQL >= 4.0.17 ... one day, one day +$phrases = $db->query(" + (SELECT varname, phrasetext FROM " . TABLE_PREFIX . "phrase) + UNION DISTINCT + (SELECT varname AS lvarname, phrasetext AS lphrasetext FROM " . TABLE_PREFIX . "locale AS locale WHERE languageid = " . $bugsys->options['lang_id'] . ")" +); +while ($phrase = $db->fetch_array($phrases)) +{ + $bugsys->language["$phrase[varname]"] = $phrase['phrasetext']; +} +$db->free_result($phrases); +*/ + +$phrases = $db->query("SELECT * FROM " . TABLE_PREFIX . "phrase"); +while ($phrase = $db->fetch_array($phrases)) +{ + $bugsys->language["$phrase[varname]"] = $phrase['phrasetext']; +} +$db->free_result($phrases); + +// ################################################################### +// load locale data +$locale = $db->query("SELECT * FROM " . TABLE_PREFIX . "locale WHERE languageid = " . $bugsys->options['lang_id']); +while ($phrase = $db->fetch_array($locale)) +{ + $bugsys->language["$phrase[varname]"] = $phrase['phrasetext']; +} +$db->free_result($phrases); + +// ################################################################### +// get the templateset +if ($bugsys->userinfo['userid']) +{ + $templatesetid = $bugsys->userinfo['templatesetid']; + $templateset = $bugsys->datastore['templateset']["$templatesetid"]; +} +if (!$templatesetid) +{ + foreach ($bugsys->datastore['templateset'] AS $templateset) { - global $DB_sql; - - // Get the userid if not specified - if ($userid == -1) + if ($templateset['default']) { - $userid = intval($_COOKIE[COOKIE_PREFIX . 'userid']); - } - - // Set the falseinfo stuff - $falseinfo = array( - 'usergroupid' => 1, - 'userid' => 0, - 'email' => '', - 'displayname' => '', - 'permissions' => $this->datastore['usergroup'][1]['permissions'], - 'displaytitle' => $this->datastore['usergroup'][1]['displaytitle'], - 'mdisplayname' => $this->datastore['usergroup'][1]['opentag'] . '' . $this->datastore['usergroup'][1]['closetag'] - ); - - // Get the userinfo - $userinfo = $DB_sql->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = $userid"); - if (is_array($userinfo)) - { - $userinfo['permissions'] = (int)$this->datastore['usergroup']["$userinfo[usergroupid]"]['permissions']; - $userinfo['displaytitle'] = $this->datastore['usergroup']["$userinfo[usergroupid]"]['displaytitle']; - fetch_user_display_name($userinfo); - $userinfo['mdisplayname'] = $this->datastore['usergroup']["$userinfo[usergroupid]"]['opentag'] . $userinfo['displayname'] . $this->datastore['usergroup']["$userinfo[usergroupid]"]['closetag']; - // Verify that the cookie isn't fake - if ($verify_password) - { - if ($_COOKIE[COOKIE_PREFIX . 'authkey'] == $userinfo['authkey']) - { - return $userinfo; - } - else - { - mysetcookie(COOKIE_PREFIX . 'userid'); - mysetcookie(COOKIE_PREFIX . 'authkey'); - return $falseinfo; - } - } - else - { - return $userinfo; - } - } - else - { - mysetcookie(COOKIE_PREFIX . 'userid'); - mysetcookie(COOKIE_PREFIX . 'authkey'); - return $falseinfo; + $templatesetid = $templateset['templatesetid']; + $templateset = $bugsys->datastore['templateset']["$templatesetid"]; } } } -$bugsys = new BugTracker(); +// ################################################################### +// load the template system +if (file_exists("./templates/$templateset[shortname]/tsinfo.php")) +{ + $bugsys->options['ts_includepath'] = "./templates/$templateset[shortname]/"; +} +else +{ + echo "template set info (templates/$templateset[shortname]/tsinfo.php) could not be loaded!"; + exit; +} // ################################################################### // Initialize usergroup system diff --git a/index.php b/index.php index 57ee967..fb44545 100644 --- a/index.php +++ b/index.php @@ -27,7 +27,7 @@ if (!can_perform('canviewbugs')) // #*# pagination needs to be done here -$bugs_fetch = $DB_sql->query(" +$bugs_fetch = $db->query(" SELECT bug.*, user1.displayname AS firstreport, user2.displayname AS lastpost FROM " . TABLE_PREFIX . "bug AS bug LEFT JOIN user AS user1 @@ -37,7 +37,7 @@ $bugs_fetch = $DB_sql->query(" ORDER BY bug.lastposttime DESC" ); -while ($bug = $DB_sql->fetch_array($bugs_fetch)) +while ($bug = $db->fetch_array($bugs_fetch)) { $bug['product'] = $bugsys->datastore['product']["$bug[productid]"]['title']; $bug['version'] = $bugsys->datastore['version']["$bug[versionid]"]['version']; @@ -47,7 +47,7 @@ while ($bug = $DB_sql->fetch_array($bugs_fetch)) eval('$bugs .= "' . $tpl->fetch('trackerhome_bits') . '";'); } -$DB_sql->free_result($bugs_fetch); +$db->free_result($bugs_fetch); $show['newreport'] = iff(can_perform('cansubmitbugs'), true, false); diff --git a/login.php b/login.php index f8fe72b..387cb29 100755 --- a/login.php +++ b/login.php @@ -51,7 +51,7 @@ if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin') $url = 'index.php'; } - $userinfo = $DB_sql->query_first("SELECT * FROM user WHERE email = '" . addslasheslike($vars['email']) . "'"); + $userinfo = $db->query_first("SELECT * FROM user WHERE email = '" . addslasheslike($vars['email']) . "'"); if (md5(md5($vars['password']) . md5($userinfo['salt'])) == $userinfo['password']) { mysetcookie(COOKIE_PREFIX . 'userid', $userinfo['userid'], $vars['rememberme']); diff --git a/newcomment.php b/newcomment.php index 3a143fd..c5ae26b 100644 --- a/newcomment.php +++ b/newcomment.php @@ -44,7 +44,7 @@ if ($_POST['do'] == 'insert') $time = time(); - $DB_sql->query(" + $db->query(" INSERT INTO " . TABLE_PREFIX . "comment (bugid, userid, dateline, comment, comment_parsed) VALUES @@ -54,7 +54,7 @@ if ($_POST['do'] == 'insert') )" ); - $DB_sql->query("UPDATE " . TABLE_PREFIX . "bug SET lastposttime = $time, lastpostby = " . $bugsys->userinfo['userid'] . " WHERE bugid = $vars[bugid]"); + $db->query("UPDATE " . TABLE_PREFIX . "bug SET lastposttime = $time, lastpostby = " . $bugsys->userinfo['userid'] . " WHERE bugid = $vars[bugid]"); echo "comment inserted"; } @@ -65,7 +65,7 @@ if ($_REQUEST['do'] == 'add') { sanitize(array('bugid' => INT)); - $bug = $DB_sql->query_first("SELECT bug.*, comment.comment FROM " . TABLE_PREFIX . "bug LEFT JOIN " . TABLE_PREFIX . "comment AS comment ON (bug.bugid = comment.bugid) WHERE bug.bugid = $vars[bugid]"); + $bug = $db->query_first("SELECT bug.*, comment.comment FROM " . TABLE_PREFIX . "bug LEFT JOIN " . TABLE_PREFIX . "comment AS comment ON (bug.bugid = comment.bugid) WHERE bug.bugid = $vars[bugid]"); if (!$bug) { echo 'alert: bad bug'; diff --git a/newreport.php b/newreport.php index afde98b..78a78ec 100755 --- a/newreport.php +++ b/newreport.php @@ -115,7 +115,7 @@ if ($_POST['do'] == 'insert') } // create the bug report - $DB_sql->query(" + $db->query(" INSERT INTO " . TABLE_PREFIX . "bug (userid, productid, componentid, versionid, summary, severity, priority, status, assignedto, resolution) VALUES @@ -124,12 +124,12 @@ if ($_POST['do'] == 'insert') )" ); - $bugid = $DB_sql->insert_id(); + $bugid = $db->insert_id(); $time = time(); // insert the comment to the database - $DB_sql->query(" + $db->query(" INSERT INTO " . TABLE_PREFIX . "comment (bugid, userid, dateline, comment, comment_parsed) VALUES @@ -139,9 +139,9 @@ if ($_POST['do'] == 'insert') )" ); - $initialreport = $DB_sql->insert_id(); + $initialreport = $db->insert_id(); - $DB_sql->query("UPDATE " . TABLE_PREFIX . "bug SET dateline = $time, initialreport = $initialreport, lastposttime = $time, lastpostby = " . $bugsys->userinfo['userid'] . " WHERE bugid = $bugid"); + $db->query("UPDATE " . TABLE_PREFIX . "bug SET dateline = $time, initialreport = $initialreport, lastposttime = $time, lastpostby = " . $bugsys->userinfo['userid'] . " WHERE bugid = $bugid"); echo "bug is done!"; } diff --git a/register.php b/register.php index 898af9b..ae33eee 100755 --- a/register.php +++ b/register.php @@ -69,7 +69,7 @@ if ($_POST['do'] == 'insert') $errors[] = 'The password you specified was blank.'; } - if (is_array($DB_sql->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE email = '" . addslasheslike($vars['email']) . "'"))) + if (is_array($db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE email = '" . addslasheslike($vars['email']) . "'"))) { $errors[] = 'The specified email is already in use.'; } @@ -98,7 +98,7 @@ if ($_POST['do'] == 'insert') } } - $DB_sql->query(" + $db->query(" INSERT INTO " . TABLE_PREFIX . "user (email, displayname, password, salt, authkey, showemail, languageid, usergroupid) VALUES @@ -113,14 +113,14 @@ if ($_POST['do'] == 'insert') )" ); - $userid = $DB_sql->insert_id(); + $userid = $db->insert_id(); // Verify email address if ($usergroupid == 3) { $activationid = fetch_random_chars(25); - $DB_sql->query("INSERT INTO " . TABLE_PREFIX . "useractivation (userid, activator, dateline, usergroupid) VALUES ($userid, '$activationid', " . NOW . ", 2)"); + $db->query("INSERT INTO " . TABLE_PREFIX . "useractivation (userid, activator, dateline, usergroupid) VALUES ($userid, '$activationid', " . NOW . ", 2)"); mymail(addslasheslike($vars['email']), 'Welcome to ' . $bugsys->options['trackertitle'], "Hi " . addslasheslike($vars['displayname']) . " you need to activate your account: http://devbox/bugtraq/register.php?do=activate&userid=" . $userid . "&activator=" . $activationid); @@ -150,10 +150,10 @@ if ($_REQUEST['do'] == 'activate') { sanitize(array('userid' => INT, 'activator' => STR)); - if ($useractivation = $DB_sql->query_first("SELECT * FROM " . TABLE_PREFIX . "useractivation WHERE userid = $vars[userid] AND activator = '" . addslasheslike($vars['activator']) . "'")) + if ($useractivation = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "useractivation WHERE userid = $vars[userid] AND activator = '" . addslasheslike($vars['activator']) . "'")) { - $DB_sql->query("UPDATE " . TABLE_PREFIX . "user SET usergroupid = $useractivation[usergroupid] WHERE userid = $vars[userid]"); - $DB_sql->query("DELETE FROM " . TABLE_PREFIX . "useractivation WHERE userid = $vars[userid]"); + $db->query("UPDATE " . TABLE_PREFIX . "user SET usergroupid = $useractivation[usergroupid] WHERE userid = $vars[userid]"); + $db->query("DELETE FROM " . TABLE_PREFIX . "useractivation WHERE userid = $vars[userid]"); echo 'your account is now activated and you can now login'; } else diff --git a/search.php b/search.php index ec15213..5f0862a 100644 --- a/search.php +++ b/search.php @@ -110,7 +110,7 @@ if ($_REQUEST['do'] == 'results') { // force email or name?? make a distinction? // more elegant way to do this? probably - $user = $DB_sql->query_first("SELECT * FROM user WHERE email = '$vars[reporter]' OR MATCH (displayname) AGAINST ('$vars[reporter]')"); + $user = $db->query_first("SELECT * FROM user WHERE email = '$vars[reporter]' OR MATCH (displayname) AGAINST ('$vars[reporter]')"); if ($user['userid']) { $querybuild['reporter'] = "AND bug.userid = $user[userid] OR comment.userid = $user[userid]"; @@ -187,7 +187,7 @@ if ($_REQUEST['do'] == 'results') // ------------------------------------------------------------------- // do the search - $search = $DB_sql->query(" + $search = $db->query(" SELECT bug.*, comment.commentid, user1.displayname AS firstreport, user2.displayname AS lastpost @@ -203,7 +203,7 @@ if ($_REQUEST['do'] == 'results') $sortclause" ); - $numrows = $DB_sql->num_rows($search); + $numrows = $db->num_rows($search); if ($numrows < 1) { @@ -211,7 +211,7 @@ if ($_REQUEST['do'] == 'results') exit; } - while ($bug = $DB_sql->fetch_array($search)) + while ($bug = $db->fetch_array($search)) { $bug['product'] = $bugsys->datastore['product']["$bug[productid]"]['title']; $bug['version'] = $bugsys->datastore['version']["$bug[versionid]"]['version']; diff --git a/showreport.php b/showreport.php index bf882e8..31dfb36 100644 --- a/showreport.php +++ b/showreport.php @@ -29,7 +29,7 @@ if (!can_perform('canviewbugs')) // get the report sanitize(array('bugid' => INT, 'hilight' => STR)); -$bug = $DB_sql->query_first(" +$bug = $db->query_first(" SELECT bug.*, user.displayname, user.email, user.showemail FROM " . TABLE_PREFIX . "bug AS bug LEFT JOIN " . TABLE_PREFIX . "user AS user @@ -82,7 +82,7 @@ print_r($hilight); // ------------------------------------------------------------------- // get comments -$comments_fetch = $DB_sql->query(" +$comments_fetch = $db->query(" SELECT comment.*, user.email, user.showemail, user.displayname FROM " . TABLE_PREFIX . "comment AS comment LEFT JOIN " . TABLE_PREFIX . "user AS user @@ -90,7 +90,7 @@ $comments_fetch = $DB_sql->query(" WHERE comment.bugid = $vars[bugid] ORDER BY comment.dateline ASC" ); -while ($comment = $DB_sql->fetch_array($comments_fetch)) +while ($comment = $db->fetch_array($comments_fetch)) { $comment['posttime'] = datelike('standard', $comment['dateline']); $comment['postby'] = construct_user_display($comment); -- 2.43.5