Mercurial > hg > fapweb
changeset 1116:d5847f016de5
Merge.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Mon, 14 Oct 2019 10:34:06 +0300 |
| parents | 24e6915fc0fb (diff) 0eca3f1b1d48 (current diff) |
| children | 43c384a37d19 |
| files | admajax.php |
| diffstat | 11 files changed, 298 insertions(+), 301 deletions(-) [+] |
line wrap: on
line diff
--- a/admajax.js.php Wed Sep 27 14:16:11 2017 +0300 +++ b/admajax.js.php Mon Oct 14 10:34:06 2019 +0300 @@ -31,7 +31,7 @@ foreach (stExecSQL("SELECT * FROM settings_groups") as $group) { $args = array(); - if (($res = stExecSQL("SELECT * FROM settings WHERE vgroup=".$group["id"])) !== false) + if (($res = stExecSQL("SELECT * FROM settings WHERE vgroup=".$group["id"])) !== FALSE) { foreach ($res as $item) {
--- a/admajax.php Wed Sep 27 14:16:11 2017 +0300 +++ b/admajax.php Mon Oct 14 10:34:06 2019 +0300 @@ -24,11 +24,11 @@ stChkRequestItemFail("name", $fake, $res, array(CHK_ISGT, VT_STR, 0, "Compo name is empty."), - array(CHK_LTEQ, VT_STR, SET_LEN_COMPO_NAME, "Compo name too long (%1 chars, must be less than %2).")); + array(CHK_LTEQ, VT_STR, SQL_LEN_COMPO_NAME, "Compo name too long (%1 chars, must be less than %2).")); stChkRequestItemFail("description", $fake, $res, array(CHK_ISGT, VT_STR, 10, "Compo description too short (%1 chars, must be more than %2)"), - array(CHK_LTEQ, VT_STR, SET_LEN_COMPO_DESC, "Compo description too long (%1 chars, must be less than %2).")); + array(CHK_LTEQ, VT_STR, SQL_LEN_COMPO_DESC, "Compo description too long (%1 chars, must be less than %2).")); // Not a full check? if (!$full) @@ -49,7 +49,7 @@ array(CHK_ARRAY_KEY, $previewTypeList, "Invalid preview type value.")); stChkRequestItemFail("cpath", $fake, $res, - array(CHK_LTEQ, VT_STR, SET_LEN_COMPO_PATH, "Compo file path too long (%1 chars, must be less than %2).")); + array(CHK_LTEQ, VT_STR, SQL_LEN_COMPO_PATH, "Compo file path too long (%1 chars, must be less than %2).")); break; } @@ -67,11 +67,11 @@ // Things common for all compo types stChkRequestItemFail("name", $fake, $res, array(CHK_ISGT, VT_STR, 0, "Name is empty."), - array(CHK_LTEQ, VT_STR, SET_LEN_ENTRY_NAME, "Name too long (%1 chars, must be less than %2).")); + array(CHK_LTEQ, VT_STR, SQL_LEN_ENTRY_NAME, "Name too long (%1 chars, must be less than %2).")); stChkRequestItemFail("notes", $fake, $res, array(CHK_TYPE, VT_TEXT, "Invalid data."), - array(CHK_LTEQ, VT_STR, SET_LEN_ENTRY_NOTES, "Entry notes are too long (%1 chars, must be less than %2).")); + array(CHK_LTEQ, VT_STR, SQL_LEN_ENTRY_NOTES, "Entry notes are too long (%1 chars, must be less than %2).")); // Check based on compo type switch ($ctype) @@ -82,11 +82,11 @@ stChkRequestItemFail("author", $fake, $res, array(CHK_ISGT, VT_STR, 0, "Author name not set."), - array(CHK_LTEQ, VT_STR, SET_LEN_ENTRY_AUTHOR, "Entry author too long (%1 chars, must be less than %2).")); + array(CHK_LTEQ, VT_STR, SQL_LEN_ENTRY_AUTHOR, "Entry author too long (%1 chars, must be less than %2).")); stChkRequestItemFail("info", $fake, $res, array(CHK_TYPE, VT_TEXT, "Invalid data."), - array(CHK_LTEQ, VT_STR, SET_LEN_ENTRY_INFO, "Entry info text too long (%1 chars, must be less than %2).")); + array(CHK_LTEQ, VT_STR, SQL_LEN_ENTRY_INFO, "Entry info text too long (%1 chars, must be less than %2).")); if ($full) { @@ -118,15 +118,15 @@ stChkRequestItemFail("text", $fake, $res, array(CHK_ISGT, VT_STR, 0, "News text too short."), - array(CHK_LTEQ, VT_STR, SET_LEN_NEWS_TEXT, "News text too long (%1 chars, must be less than %2).")); + array(CHK_LTEQ, VT_STR, SQL_LEN_NEWS_TEXT, "News text too long (%1 chars, must be less than %2).")); stChkRequestItemFail("author", $fake, $res, array(CHK_ISGT, VT_STR, 0, "News author name not set."), - array(CHK_LTEQ, VT_STR, SET_LEN_NEWS_AUTHOR, "News author name too long (%1 chars, must be less than %2).")); + array(CHK_LTEQ, VT_STR, SQL_LEN_NEWS_AUTHOR, "News author name too long (%1 chars, must be less than %2).")); stChkRequestItemFail("title", $fake, $res, array(CHK_ISGT, VT_STR, 0, "News title not set."), - array(CHK_LTEQ, VT_STR, SET_LEN_NEWS_TITLE, "News title too long (%1 chars. must be less than %2).")); + array(CHK_LTEQ, VT_STR, SQL_LEN_NEWS_TITLE, "News title too long (%1 chars. must be less than %2).")); return $res; } @@ -140,7 +140,7 @@ { case COMPO_NORMAL: $str1 = - " File path: ".stGetFormTextInput(40, SET_LEN_COMPO_PATH, "cpath", $id, $prefix, $item["cpath"])."<br />\n"; + " File path: ".stGetFormTextInput(40, SQL_LEN_COMPO_PATH, "cpath", $id, $prefix, $item["cpath"])."<br />\n"; $str2 = " ".stGetFormCheckBoxInput("voting", $id, $prefix, $item["voting"], @@ -158,7 +158,7 @@ " <h2>#".$id." - ".chentities($item["name"])."</h2>\n". " Type: ".stGetFormOptionListFromArray($prefix."type".$id, " ", FALSE, $compoModeData, $item["ctype"], 0, 0, "updateCompoType(".$id.")"). " - ".$compoModeData[$item["ctype"]][1]."<br />\n". - " Name: ".stGetFormTextInput(40, SET_LEN_COMPO_NAME, "name", $id, $prefix, $item["name"])."<br />\n". + " Name: ".stGetFormTextInput(40, SQL_LEN_COMPO_NAME, "name", $id, $prefix, $item["name"])."<br />\n". $str1. "<div class=\"compoDesc\"><h3>Description</h3>".stGetFormTextArea(8, 60, "description", $id, $prefix, $item["description"])."</div>\n". "<div class=\"compoDesc\"><h3>Notes (shown in results)</h3>".stGetFormTextArea(8, 60, "notes", $id, $prefix, $item["notes"])."</div>\n". @@ -175,10 +175,10 @@ { return " <h2>".chentities($item["title"])."</h2>\n". - " ".stGetFormTextInput(40, SET_LEN_NEWS_TITLE, "title", $id, $prefix, $item["title"]). + " ".stGetFormTextInput(40, SQL_LEN_NEWS_TITLE, "title", $id, $prefix, $item["title"]). " - posted ".date("d M Y / H:i", $item["utime"])."<br />\n". " ".stGetFormTextArea(5, 60, "text", $id, $prefix, $item["text"])."<br />\n". - " ".stGetFormTextInput(20, SET_LEN_NEWS_AUTHOR, "author", $id, $prefix, $item["author"])."\n". + " ".stGetFormTextInput(20, SQL_LEN_NEWS_AUTHOR, "author", $id, $prefix, $item["author"])."\n". " ".stGetFormButtonInput("", "upd".$id, $prefix, "Update", "updateNews(".$id.")")."\n". " ".stGetFormButtonInput("", "del".$id, $prefix, "Delete", "deleteNews(".$id.")")."\n"; } @@ -193,7 +193,7 @@ $str = "<div class=\"editControl\"><span class=\"editControlTitle\">".chentities($title)."</span>\n"; // Show currently selected / active file - if (($efile = stFetchSQL("SELECT * FROM files WHERE deleted=0 AND id=".$entry[$file_id])) !== false) + if (($efile = stFetchSQL("SELECT * FROM files WHERE deleted=0 AND id=".$entry[$file_id])) !== FALSE) { $str .= "<div>File: <b>".chentities($efile["filename"])."</b></div>\n". @@ -252,7 +252,7 @@ { echo " <div class=\"entryRow ".($row % 2 == 1 ? "rodd" : "reven"). - "\"".($mode == EEMODE_NORMAL ? " id=\"entry".$eid."\" onClick=\"activateEntry(".$eid.", false)\"" : "").">\n"; + "\"".($mode == EEMODE_NORMAL ? " id=\"entry".$eid."\" onClick=\"activateEntry(".$eid.", FALSE)\"" : "").">\n"; } // Only show show_id if this is a normal compo and we are not adding @@ -267,8 +267,8 @@ case COMPO_NORMAL: echo " <div class=\"entryCell entryBasic\">\n". - " ".stGetEditFormTextInput($mode, "Name", 20, SET_LEN_ENTRY_NAME, "name", $eid, $prefix, $item["name"])."\n". - " ".stGetEditFormTextInput($mode, "Author", 20, SET_LEN_ENTRY_AUTHOR, "author", $eid, $prefix, $item["author"])."\n". + " ".stGetEditFormTextInput($mode, "Name", 20, SQL_LEN_ENTRY_NAME, "name", $eid, $prefix, $item["name"])."\n". + " ".stGetEditFormTextInput($mode, "Author", 20, SQL_LEN_ENTRY_AUTHOR, "author", $eid, $prefix, $item["author"])."\n". " </div>\n". " <div class=\"entryCell entryFiles\">\n". ($mode == 2 ? "Files can be uploaded after adding the entry" : ""). @@ -332,10 +332,10 @@ case COMPO_ASSIGN: echo " <div class=\"entryCell entryBase\">". - stGetEditFormTextInput($mode, "Name", 15, SET_LEN_ENTRY_AUTHOR, "name", $eid, $prefix, $item["name"]). + stGetEditFormTextInput($mode, "Name", 15, SQL_LEN_ENTRY_AUTHOR, "name", $eid, $prefix, $item["name"]). "</div>\n". " <div class=\"entryCell entryEvalue\">". - stGetEditFormTextInput($mode, $compoModeData[$compo["ctype"]][2], 5, SET_LEN_ENTRY_AUTHOR, "evalue", $eid, $prefix, $item["evalue"]). + stGetEditFormTextInput($mode, $compoModeData[$compo["ctype"]][2], 5, SQL_LEN_ENTRY_AUTHOR, "evalue", $eid, $prefix, $item["evalue"]). "</div>\n". " <div class=\"entryCell entryNotes\">\n". " ".stGetEditFormTextArea($mode, "Notes", 2, 30, "notes", $eid, $prefix, $item["notes"])."\n". @@ -474,7 +474,7 @@ $sql = stPrepareSQL("SELECT * FROM entries WHERE show_id=%d AND compo_id=%d", $show_id, $compo_id); - if (($entry = stFetchSQL($sql)) !== false) + if (($entry = stFetchSQL($sql)) !== FALSE) { // Entry show#/title/author information $str = @@ -485,7 +485,7 @@ "</div>"; // File information for quick reference - if (($efile = stFetchSQL("SELECT * FROM files WHERE deleted=0 AND id=".$entry["file_id"])) !== false) + if (($efile = stFetchSQL("SELECT * FROM files WHERE deleted=0 AND id=".$entry["file_id"])) !== FALSE) { foreach (array("S" => "filename", "O" => "origname") as $ftitle => $fid) { @@ -516,7 +516,7 @@ if ($compoID > 0) { $sql = stPrepareSQL("SELECT * FROM compos WHERE id=%d", $compoID); - if (($entry = stFetchSQL($sql)) !== false) + if (($entry = stFetchSQL($sql)) !== FALSE) $strCompo = chentities($entry["name"]); $strCurrEntry = stGetInfoEntryData(stGetDisplayVar("compoCurrEntry"), $compoID, TRUE); @@ -544,7 +544,7 @@ $str = stGetFormOptionListStart("ctrlEntryList", $indent, $outer); - if (($res = stExecSQL($sql)) !== false) + if (($res = stExecSQL($sql)) !== FALSE) { foreach ($res as $item) { @@ -572,7 +572,7 @@ $str = stGetFormOptionListStart("ctrlRotationLists", $indent, $outer); $currListID = stGetDisplayVar("rotateList"); - if (($res = stExecSQL($sql)) !== false) + if (($res = stExecSQL($sql)) !== FALSE) { foreach ($res as $item) { @@ -591,7 +591,7 @@ $str = stGetFormOptionListStart("ctrlDisplaySlides", $indent, $outer); $sql = "SELECT * FROM display_slides ORDER BY id DESC"; - if (($res = stExecSQL($sql)) !== false) + if (($res = stExecSQL($sql)) !== FALSE) { foreach ($res as $item) $str .= stGetFormOptionListItem($indent." ", $item["id"], FALSE, $item["title"]); @@ -604,19 +604,19 @@ function stGetInfoRotationListEditFull($indent, $outer, $list_id) { $sql = stPrepareSQL("SELECT * FROM rot_list_data WHERE id=%d", $list_id); - if (($data = stFetchSQL($sql)) === false) + if (($data = stFetchSQL($sql)) === FALSE) return "<p>No such rotation list ID #".intval($list_id)."</p>"; $str = ($outer ? $indent."<div class=\"ctrlBox\" id=\"ctrlRotationListEdit\">\n" : ""). $indent." <div class=\"ctrlTitle\">Edit rotation list</div>\n". - $indent." ".stGetFormTextInput(30, SET_LEN_ROT_LIST_NAME, "", "ctrlEDRotationListName", "", $data["name"])."\n". + $indent." ".stGetFormTextInput(30, SQL_LEN_ROT_LIST_NAME, "", "ctrlEDRotationListName", "", $data["name"])."\n". $indent." ".stGetFormButtonInput("updname", "", "", "Save", "updateRotationList(".$list_id.")")."\n". "<div>Available slides:</div>\n". stGetFormOptionListStart("ctrlEDDisplaySlides", $indent." ", TRUE); $sql = "SELECT * FROM display_slides"; - if (($res = stExecSQL($sql)) !== false) + if (($res = stExecSQL($sql)) !== FALSE) { foreach ($res as $item) $str .= stGetFormOptionListItem($indent." ", $item["id"], FALSE, $item["title"]); @@ -650,7 +650,7 @@ $str = stGetFormOptionListStart("ctrlEDRotationList", $indent, $outer); - if (($res = stExecSQL($sql)) !== false) + if (($res = stExecSQL($sql)) !== FALSE) { foreach ($res as $item) { @@ -670,7 +670,7 @@ $str = $indent.($outer ? "<div id=\"ctrlActiveRotationList\">" : ""). "<b>Active list:</b> "; - if (($slist = stFetchSQL($sql)) === false) + if (($slist = stFetchSQL($sql)) === FALSE) $str .= "-"; else $str .= chentities(substr($slist["name"], 0, 40)); @@ -689,10 +689,10 @@ $indent." <div class=\"ctrlTitle\">Edit display slide</div>\n"; $sql = stPrepareSQL("SELECT * FROM display_slides WHERE id=%d", $slide_id); - if (($slide = stFetchSQL($sql)) !== false) + if (($slide = stFetchSQL($sql)) !== FALSE) { $str .= - " ".stGetFormTextInput(40, SET_LEN_DISP_SLIDE_TITLE, "", "Title", $prefix, $slide["title"])."<br />\n". + " ".stGetFormTextInput(40, SQL_LEN_DISP_SLIDE_TITLE, "", "Title", $prefix, $slide["title"])."<br />\n". " ".stGetFormTextArea(10, 80, "", "Text", $prefix, $slide["text"])."<br />\n"; } @@ -760,7 +760,7 @@ foreach ($final as $entry) { $sql = stPrepareSQL("UPDATE entries SET show_id=%d WHERE id=%d", $index, $entry); - if (stExecSQL($sql) === false) + if (stExecSQL($sql) === FALSE) { stError("Error updating entry show positions."); break; @@ -889,7 +889,7 @@ $nentries = $ncompos = 0; foreach (stExecSQL("SELECT * FROM compos WHERE ctype=".COMPO_NORMAL) as $compo) { - if (($ne = stFetchSQLColumn("SELECT COUNT(*) FROM entries WHERE compo_id=".$compo["id"])) !== false && $ne > 0) + if (($ne = stFetchSQLColumn("SELECT COUNT(*) FROM entries WHERE compo_id=".$compo["id"])) !== FALSE && $ne > 0) { $nentries += $ne; $ncompos++; @@ -901,7 +901,7 @@ $nentries = $ncompos = 0; foreach (stExecSQL("SELECT * FROM compos WHERE ctype <> ".COMPO_NORMAL) as $compo) { - if (($ne = stFetchSQLColumn("SELECT COUNT(*) FROM entries WHERE compo_id=".$compo["id"])) !== false && $ne > 0) + if (($ne = stFetchSQLColumn("SELECT COUNT(*) FROM entries WHERE compo_id=".$compo["id"])) !== FALSE && $ne > 0) { $nentries += $ne; $ncompos++; @@ -953,7 +953,7 @@ case "setCompoID": if (stChkRequestItem("id", $compo_id, array(CHK_TYPE, VT_INT, "Invalid data."))) { - if (stFetchSQL("SELECT id FROM compos WHERE id=".$compo_id) === false) + if (stFetchSQL("SELECT id FROM compos WHERE id=".$compo_id) === FALSE) stError("Invalid compo ID ".$compo_id); else { @@ -1007,7 +1007,7 @@ stChkRequestItem("duration", $slide_dur, array(CHK_RANGE, VT_INT, array(1, 60), "Invalid duration range, should be 1-60 min."))) { $sql = stPrepareSQL("SELECT * FROM display_slides WHERE id=%d", $slide_id); - if (($slide = stFetchSQL($sql)) !== false) + if (($slide = stFetchSQL($sql)) !== FALSE) { stSetDisplayVar("tempDuration", $slide_dur); stSetDisplayVar("tempSlide", $slide["id"]); @@ -1032,12 +1032,12 @@ if (stChkRequestItem("id", $slide_id, array(CHK_TYPE, VT_INT, "Invalid data."))) { $sql = stPrepareSQL("SELECT * FROM display_slides WHERE id=%d", $slide_id); - if (($slide = stFetchSQL($sql)) !== false) + if (($slide = stFetchSQL($sql)) !== FALSE) { $sql = stPrepareSQL("INSERT INTO display_slides (title,text) VALUES (%s,%s)", $slide["title"]." (copy)", $slide["text"]); - if (($new_id = stExecSQLInsert($sql)) !== false) + if (($new_id = stExecSQLInsert($sql)) !== FALSE) echo stGetInfoDisplaySlideEdit("", TRUE, $new_id); else stError("Could not insert slide."); @@ -1049,7 +1049,7 @@ case "newDisplaySlide": $sql = stPrepareSQL("INSERT INTO display_slides (title) VALUES (%s)", "New slide"); - if (($slide_id = stExecSQLInsert($sql)) !== false) + if (($slide_id = stExecSQLInsert($sql)) !== FALSE) echo stGetInfoDisplaySlideEdit("", TRUE, $slide_id); break; @@ -1057,10 +1057,10 @@ if (stChkRequestItem("id", $slide_id, array(CHK_TYPE, VT_INT, "Invalid data.")) && stChkRequestItem("title", $fake, array(CHK_GTEQ, VT_STR, 1, "Slide title too short."), - array(CHK_LTEQ, VT_STR, SET_LEN_DISP_SLIDE_TITLE, "Slide title too long.") + array(CHK_LTEQ, VT_STR, SQL_LEN_DISP_SLIDE_TITLE, "Slide title too long.") ) && stChkRequestItem("text", $fake, - array(CHK_LTEQ, VT_STR, SET_LEN_DISP_SLIDE_TEXT, "Slide content too long.") + array(CHK_LTEQ, VT_STR, SQL_LEN_DISP_SLIDE_TEXT, "Slide content too long.") )) { $sql = stPrepareSQLUpdate("display_slides", @@ -1070,7 +1070,7 @@ "text" => "S", )); - if (stExecSQL($sql) !== false) + if (stExecSQL($sql) !== FALSE) { stSetStatus(200, "Slide updated."); stDisplayUpdated(); @@ -1092,12 +1092,12 @@ case "newRotationList": $sql = stPrepareSQL("INSERT INTO rot_list_data (name) VALUES (%s)", "New list #"); - if (($list_id = stExecSQLInsert($sql)) !== false) + if (($list_id = stExecSQLInsert($sql)) !== FALSE) { $sql = stPrepareSQL("UPDATE rot_list_data SET name=%s WHERE id=%d", "New list #".$list_id, $list_id); - if (stExecSQLCond($sql, "OK!") !== false) + if (stExecSQLCond($sql, "OK!") !== FALSE) echo stGetInfoRotationListEditFull("", TRUE, $list_id); } break; @@ -1106,7 +1106,7 @@ if (stChkRequestItem("id", $list_id, array(CHK_TYPE, VT_INT, "Invalid data.")) && stChkRequestItem("name", $fake, array(CHK_GTEQ, VT_STR, 3, "Rotation list name too short."), - array(CHK_LTEQ, VT_STR, SET_LEN_ROT_LIST_NAME, "Rotation list name too long."))) + array(CHK_LTEQ, VT_STR, SQL_LEN_ROT_LIST_NAME, "Rotation list name too long."))) { $sql = stPrepareSQLUpdate("rot_list_data", "WHERE id=".$list_id, @@ -1290,7 +1290,7 @@ "ORDER BY compos.id DESC"; $currCompoID = stGetDisplayVar("compoID"); - if (($res = stExecSQL($sql)) !== false) + if (($res = stExecSQL($sql)) !== FALSE) { echo stGetFormOptionListStart("ctrlCompoList", " ", TRUE); foreach ($res as $item) @@ -1327,9 +1327,9 @@ case "news": echo "<form method=\"post\" action=\"\" onsubmit=\"return addNews()\">\n". - " ".stGetFormTextInput(40, SET_LEN_NEWS_TITLE, "", "nntitle", "", "")."<br />\n". + " ".stGetFormTextInput(40, SQL_LEN_NEWS_TITLE, "", "nntitle", "", "")."<br />\n". " ".stGetFormTextArea(5, 60, "", "nntext", "", "")."<br />\n". - " ".stGetFormTextInput(20, SET_LEN_NEWS_AUTHOR, "", "nnauthor", "", "orgaz")."\n". + " ".stGetFormTextInput(20, SQL_LEN_NEWS_AUTHOR, "", "nnauthor", "", "orgaz")."\n". " ".stGetFormSubmitInput("nnadd", "Add post")."\n". " ".stGetFormButtonInput("", "", "", "Clear", "this.form.reset()")."\n". "</form>\n". @@ -1374,10 +1374,10 @@ " <th>Actions</th>\n". " </tr>\n". " <tr>\n". - " <td>".stGetFormTextInput(20, SET_LEN_USERNAME, "name", "x", $prefix, "")."</td>\n". - " <td>".stGetFormTextInput(20, SET_LEN_GROUPS, "groups", "x", $prefix, "")."</td>\n". - " <td>".stGetFormTextInput(30, SET_LEN_ONELINER, "oneliner", "x", $prefix, "")."</td>\n". - " <td>".stGetFormTextInput(20, SET_LEN_EMAIL, "email", "x", $prefix, "")."</td>\n". + " <td>".stGetFormTextInput(20, SQL_LEN_USERNAME, "name", "x", $prefix, "")."</td>\n". + " <td>".stGetFormTextInput(20, SQL_LEN_GROUPS, "groups", "x", $prefix, "")."</td>\n". + " <td>".stGetFormTextInput(30, SQL_LEN_ONELINER, "oneliner", "x", $prefix, "")."</td>\n". + " <td>".stGetFormTextInput(20, SQL_LEN_EMAIL, "email", "x", $prefix, "")."</td>\n". " <td>".stGetFormButtonInput("add", "", $prefix, " Add new ", "addAttendee()")."</td>\n". " </tr>\n". "</table>\n". @@ -1453,9 +1453,9 @@ while ($numVKeys <= $numUsers) { - if (($key = stGenerateUserKey()) !== false) + if (($key = stGenerateUserKey()) !== FALSE) { - if (stExecSQL(stPrepareSQL("INSERT INTO userkeys (key) VALUES (%s)", $key)) !== false) + if (stExecSQL(stPrepareSQL("INSERT INTO userkeys (key) VALUES (%s)", $key)) !== FALSE) $numVKeys++; } } @@ -1538,7 +1538,7 @@ echo "<form method=\"post\" action=\"\" onsubmit=\"return addCompo()\">\n". "<b>Name:<b>". - " ".stGetFormTextInput(64, SET_LEN_COMPO_NAME, "", "ncname", "", "")."<br />\n". + " ".stGetFormTextInput(64, SQL_LEN_COMPO_NAME, "", "ncname", "", "")."<br />\n". "<b>Description:</b>". " ".stGetFormTextArea(5, 60, "", "ncdescription", "", "")."<br />\n". " ".stGetFormSubmitInput("nccompo", "Add compo")."\n". @@ -1636,19 +1636,19 @@ if ($index++ > 0) echo ","; echo "\"".$compo["id"]."\":\"".chentities($compo["name"]). - (($ne !== false && $ne > 0) ? " <span class='cnotice'>(".$ne.")</span>" : "")."\""; + (($ne !== FALSE && $ne > 0) ? " <span class='cnotice'>(".$ne.")</span>" : "")."\""; } break; case "compovoting": $id = intval(stGetRequestItem("id", 0)); - if (($compo = stFetchSQL("SELECT * FROM compos WHERE id=".$id)) !== false) + if (($compo = stFetchSQL("SELECT * FROM compos WHERE id=".$id)) !== FALSE) echo stGetCompoVoting($compo, FALSE); break; case "entries": $id = intval(stGetRequestItem("id", 0)); - if (($compo = stFetchSQL("SELECT * FROM compos WHERE id=".$id)) !== false) + if (($compo = stFetchSQL("SELECT * FROM compos WHERE id=".$id)) !== FALSE) { $nentries = stFetchSQLColumn("SELECT COUNT(*) FROM entries WHERE compo_id=".$id); $prefix = "ne"; @@ -1720,7 +1720,7 @@ { // Attendees require some more work $sql = stPrepareSQL("SELECT * FROM attendees WHERE id=%d", $id); - if (($attn = stFetchSQL($sql)) !== false) + if (($attn = stFetchSQL($sql)) !== FALSE) { $sql = stPrepareSQL("DELETE FROM attendees WHERE id=%d", $id); stExecSQLCond($sql, "OK, attendee ".$id." deleted."); @@ -1876,7 +1876,7 @@ if ($type == "compo") { // Check if compo ID exists - if (($compo = stFetchSQL("SELECT * FROM compos WHERE id=".$id)) === false) + if (($compo = stFetchSQL("SELECT * FROM compos WHERE id=".$id)) === FALSE) stError("No such compo ID."); else if (stValidateRequestCompoData(TRUE, $compo["ctype"])) @@ -1962,12 +1962,12 @@ // Check if already assigned to someone .. $key_id = intval(stGetRequestItem("key_id", 0)); $sql = stPrepareSQL("SELECT * FROM userkeys WHERE id=%d", $key_id); - if (stFetchSQL($sql) === false) + if (stFetchSQL($sql) === FALSE) stError("Invalid key ID #."); else { $sql = stPrepareSQL("SELECT * FROM attendees WHERE key_id=%d", $key_id); - if (($attn = stFetchSQL($sql)) !== false && $attn["id"] != $id) + if (($attn = stFetchSQL($sql)) !== FALSE && $attn["id"] != $id) stError("That key has already been assigned to another attendee!"); else {
--- a/dbdefs.inc.php Wed Sep 27 14:16:11 2017 +0300 +++ b/dbdefs.inc.php Mon Oct 14 10:34:06 2019 +0300 @@ -3,6 +3,39 @@ $dbVersion = 31; // +// Define sizes of database fields, see createdb.php +// and also the places where input is validated. +// +define("SQL_LEN_USERNAME", 32); +define("SQL_LEN_GROUPS", 64); +define("SQL_LEN_ONELINER", 64); +define("SQL_LEN_EMAIL", 80); +define("SQL_LEN_REGHOST", 128); + +define("SQL_LEN_NEWS_TITLE", 128); +define("SQL_LEN_NEWS_TEXT", 4096); +define("SQL_LEN_NEWS_AUTHOR", 64); + +define("SQL_LEN_COMPO_NAME", 128); +define("SQL_LEN_COMPO_DESC", 4096); +define("SQL_LEN_COMPO_NOTES", 4096); +define("SQL_LEN_COMPO_PATH", 128); + +define("SQL_LEN_ENTRY_NAME", 64); +define("SQL_LEN_ENTRY_AUTHOR", 64); +define("SQL_LEN_ENTRY_FILENAME", 128); +define("SQL_LEN_ENTRY_INFO", 50*4); +define("SQL_LEN_ENTRY_NOTES", 1024); +define("SQL_LEN_ENTRY_PREVIEW_FILE", 128); + +define("SQL_LEN_DISP_SLIDE_TITLE", 64); +define("SQL_LEN_DISP_SLIDE_TEXT", 4096); +define("SQL_LEN_ROT_LIST_NAME", 128); + +define("SQL_LEN_USERKEY", 64); + + +// // Site settings and defaults we put in // $siteSettingsGroups = [ @@ -25,25 +58,25 @@ "userTimeout" => [VT_INT, 120, "User pages (voting) timeout in minutes"], "admTimeout" => [VT_INT, 15, "Administration interface timeout in minutes"], - "showAdmin" => [VT_BOOL, false, "Always show administration interface link on the menu"], - "showAttendees" => [VT_BOOL, true, "Show attendees list"], + "showAdmin" => [VT_BOOL, FALSE, "Always show administration interface link on the menu"], + "showAttendees" => [VT_BOOL, TRUE, "Show attendees list"], - "showResults" => [VT_BOOL, false, "Enable results page"], + "showResults" => [VT_BOOL, FALSE, "Enable results page"], - "showInfoTextOnAbout" => [VT_BOOL, false, "Show site info HTML on About page"], + "showInfoTextOnAbout" => [VT_BOOL, FALSE, "Show site info HTML on About page"], - "requireEMail" => [VT_BOOL, false, "Require e-mail address in registrations"], - "allowRegister" => [VT_BOOL, false, "Enable event registration"], + "requireEMail" => [VT_BOOL, FALSE, "Require e-mail address in registrations"], + "allowRegister" => [VT_BOOL, FALSE, "Enable event registration"], - "allowVoting" => [VT_BOOL, false, "Enable voting (individual compos must be enabled as well)"], + "allowVoting" => [VT_BOOL, FALSE, "Enable voting (individual compos must be enabled as well)"], ], // // News related // "news" => [ - "showNews" => [VT_BOOL, true, "Enable News link on main menu + News page"], - "showNewsOnAbout" => [VT_BOOL, true, "Show latest news item on About page"], + "showNews" => [VT_BOOL, TRUE, "Enable News link on main menu + News page"], + "showNewsOnAbout" => [VT_BOOL, TRUE, "Show latest news item on About page"], "msgNewsHeader" => [VT_TEXT, " <h1>The FAPper's news outlet</h1> @@ -54,7 +87,7 @@ // Event / schedule information // "event" => [ - "showSchedule" => [VT_BOOL, true, "Enable Schedule link on main menu + Schedule page"], + "showSchedule" => [VT_BOOL, TRUE, "Enable Schedule link on main menu + Schedule page"], "msgEventDescription" => [VT_TEXT, " <h1>Event program & schedule</h1> @@ -90,7 +123,7 @@ // Competitions // "compos" => [ - "showCompos" => [VT_BOOL, true, "Enable Compos link on main menu + Compos page"], + "showCompos" => [VT_BOOL, TRUE, "Enable Compos link on main menu + Compos page"], "msgCompoDescription" => [VT_TEXT, " <h1>General</h1> @@ -141,17 +174,17 @@ "news" => [ ["id" , "INTEGER", "PRIMARY KEY", "AUTOINCREMENT"], ["utime" , "INT"], - ["title" , "VARCHAR(".SET_LEN_NEWS_TITLE.")"], - ["text" , "VARCHAR(".SET_LEN_NEWS_TEXT.")"], - ["author" , "VARCHAR(".SET_LEN_NEWS_AUTHOR.")"], + ["title" , "VARCHAR(".SQL_LEN_NEWS_TITLE.")"], + ["text" , "VARCHAR(".SQL_LEN_NEWS_TEXT.")"], + ["author" , "VARCHAR(".SQL_LEN_NEWS_AUTHOR.")"], ["persist" , "INT", "DEFAULT 0"], ], "compos" => [ ["id" , "INTEGER", "PRIMARY KEY", "AUTOINCREMENT"], - ["name" , "VARCHAR(".SET_LEN_COMPO_NAME.")"], - ["description" , "VARCHAR(".SET_LEN_COMPO_DESC.")"], - ["notes" , "VARCHAR(".SET_LEN_COMPO_NOTES.")"], + ["name" , "VARCHAR(".SQL_LEN_COMPO_NAME.")"], + ["description" , "VARCHAR(".SQL_LEN_COMPO_DESC.")"], + ["notes" , "VARCHAR(".SQL_LEN_COMPO_NOTES.")"], ["visible" , "INT", "DEFAULT 0"], ["voting" , "INT", "DEFAULT 0"], @@ -164,17 +197,17 @@ // For COMPO_POINTS and COMPO_ASSIGN, show on results page or not ["ctype" , "INT", "DEFAULT 0"], - ["cpath" , "VARCHAR(".SET_LEN_COMPO_PATH.")"], + ["cpath" , "VARCHAR(".SQL_LEN_COMPO_PATH.")"], ], "entries" => [ ["id" , "INTEGER", "PRIMARY KEY", "AUTOINCREMENT"], ["show_id" , "INT", "DEFAULT 0"], - ["name" , "VARCHAR(".SET_LEN_ENTRY_NAME.")"], - ["author" , "VARCHAR(".SET_LEN_ENTRY_AUTHOR.")"], + ["name" , "VARCHAR(".SQL_LEN_ENTRY_NAME.")"], + ["author" , "VARCHAR(".SQL_LEN_ENTRY_AUTHOR.")"], ["compo_id" , "INT", "DEFAULT 0"], - ["info" , "VARCHAR(".SET_LEN_ENTRY_INFO.")", "DEFAULT NULL"], - ["notes" , "VARCHAR(".SET_LEN_ENTRY_NOTES.")", "DEFAULT NULL"], + ["info" , "VARCHAR(".SQL_LEN_ENTRY_INFO.")", "DEFAULT NULL"], + ["notes" , "VARCHAR(".SQL_LEN_ENTRY_NOTES.")", "DEFAULT NULL"], ["flags" , "INT", "DEFAULT 0"], ["evalue" , "INT", "DEFAULT 0"], ["file_id" , "INT", "DEFAULT 0"], // uploaded file id from "files" table @@ -186,8 +219,8 @@ "files" => [ ["id" , "INTEGER", "PRIMARY KEY", "AUTOINCREMENT"], - ["filename" , "VARCHAR(".SET_LEN_ENTRY_FILENAME.")", "DEFAULT NULL"], // stored filename - ["origname" , "VARCHAR(".SET_LEN_ENTRY_FILENAME.")", "DEFAULT NULL"], // original uploaded filename + ["filename" , "VARCHAR(".SQL_LEN_ENTRY_FILENAME.")", "DEFAULT NULL"], // stored filename + ["origname" , "VARCHAR(".SQL_LEN_ENTRY_FILENAME.")", "DEFAULT NULL"], // original uploaded filename ["filetype" , "VARCHAR(32)", "DEFAULT NULL"], // type of the file, if any, as key from $fileTypeData ["uploadtype" , "VARCHAR(32)", "DEFAULT NULL"], // "preview", "entry" ["filesize" , "INT", "DEFAULT 0"], // uploaded size @@ -200,11 +233,11 @@ "attendees" => [ ["id" , "INTEGER", "PRIMARY KEY", "AUTOINCREMENT"], ["regtime" , "INT"], - ["name" , "VARCHAR(".SET_LEN_USERNAME.")"], - ["groups" , "VARCHAR(".SET_LEN_GROUPS.")"], - ["oneliner" , "VARCHAR(".SET_LEN_ONELINER.")"], - ["email" , "VARCHAR(".SET_LEN_EMAIL.")"], - ["reghost" , "VARCHAR(".SET_LEN_REGHOST.")", "DEFAULT NULL"], + ["name" , "VARCHAR(".SQL_LEN_USERNAME.")"], + ["groups" , "VARCHAR(".SQL_LEN_GROUPS.")"], + ["oneliner" , "VARCHAR(".SQL_LEN_ONELINER.")"], + ["email" , "VARCHAR(".SQL_LEN_EMAIL.")"], + ["reghost" , "VARCHAR(".SQL_LEN_REGHOST.")", "DEFAULT NULL"], ["key_id" , "INT", "DEFAULT NULL"], ["usr_flags" , "INT", "DEFAULT 0"], ["adm_flags" , "INT", "DEFAULT 0"], @@ -212,7 +245,7 @@ "userkeys" => [ ["id" , "INTEGER", "PRIMARY KEY", "AUTOINCREMENT"], - ["key" , "VARCHAR(".SET_LEN_USERKEY.")"], + ["key" , "VARCHAR(".SQL_LEN_USERKEY.")"], ["active" , "INT", "DEFAULT 0"], ], @@ -237,13 +270,13 @@ "display_slides" => [ ["id" , "INTEGER", "PRIMARY KEY", "AUTOINCREMENT"], - ["title" , "VARCHAR(".SET_LEN_DISP_SLIDE_TITLE.")"], - ["text" , "VARCHAR(".SET_LEN_DISP_SLIDE_TEXT.")"], + ["title" , "VARCHAR(".SQL_LEN_DISP_SLIDE_TITLE.")"], + ["text" , "VARCHAR(".SQL_LEN_DISP_SLIDE_TEXT.")"], ], "rot_list_data" => [ ["id" , "INTEGER", "PRIMARY KEY", "AUTOINCREMENT"], - ["name" , "VARCHAR(".SET_LEN_ROT_LIST_NAME.")"], + ["name" , "VARCHAR(".SQL_LEN_ROT_LIST_NAME.")"], ], "rot_list_slides" => [ @@ -270,7 +303,7 @@ "compoCurrEntry" => [VT_INT, 0, "Current / next compo entry to be shown"], // Not user-manageable - "tempSlideSet" => [VT_BOOL, false, "Temporary slide set"], + "tempSlideSet" => [VT_BOOL, FALSE, "Temporary slide set"], "activeSlideMode" => [VT_INT, 0, "Current active slide display mode"], "activeSlide" => [VT_INT, 0, "Current active slide"], @@ -282,7 +315,7 @@ "lastUpdate" => [VT_INT, 0, "Timestamp of last slide update"], "screenCmd" => [VT_STR, "", "Off-channel showscreen command"], - "screenCmdSet" => [VT_BOOL, false, "Off-channel showscreen command has been set"], + "screenCmdSet" => [VT_BOOL, FALSE, "Off-channel showscreen command has been set"], ];
--- a/faptool.php Wed Sep 27 14:16:11 2017 +0300 +++ b/faptool.php Mon Oct 14 10:34:06 2019 +0300 @@ -48,7 +48,7 @@ if (wtExec(wtGetExecutable("gfxconv"), wtGetExecutableArgs("gfxconv"). escapeshellarg($inFilename)." -f png -o ".escapeshellarg($tmpFilename), - 0) === false) + 0) === FALSE) return FALSE; if (!file_exists($tmpFilename)) @@ -225,7 +225,7 @@ // Save current working directory and chdir to target $cwd = getcwd(); - if (!is_dir($path) || chdir($path) === false) + if (!is_dir($path) || chdir($path) === FALSE) { echo "ERROR: Failed to chdir to '".$path."', can't unpack archive.\n"; return FALSE; @@ -256,7 +256,7 @@ { printf(" %03d | %s%s%s | %-40s | %-5s | %s\n", $entry["id"], - ($efile !== false) ? "E" : ".", + ($efile !== FALSE) ? "E" : ".", isset($pdata["file"]) ? "P" : ".", $pdata["valid"] ? "V" : ".", substr($entry["name"]." by ".$entry["author"], 0, 40), @@ -280,7 +280,7 @@ if (!isset($pdata["file"])) { // No source preview, check if we have entry file either? - if ($efile === false) + if ($efile === FALSE) { echo "INFO: No entry file for ".wtNiceName($compo, $entry, $efile). @@ -298,7 +298,7 @@ // Preview source file does not exist, let's see .. $edata = stProbeFileInfo($filename, TRUE); - if ($edata === false) + if ($edata === FALSE) { echo "ERROR: Invalid/unsupported file type for entry ".wtNiceName($compo, $entry, $efile)."\n"; @@ -311,12 +311,12 @@ // Entry is an archive file .. $path = stMakePath(FALSE, FALSE, array($setEntryPath, "UNPACKS", $efile["filename"])); - if (wtUnpackArchiveTo($efile["filetype"], $filename, $path) === false) + if (wtUnpackArchiveTo($efile["filetype"], $filename, $path) === FALSE) return FALSE; // Scan through files ... $dir = opendir($path); - while (($dentry = readdir($dir)) !== false) + while (($dentry = readdir($dir)) !== FALSE) { $fname = $path."/".$dentry; if ($dentry != "." && $dentry != "..") @@ -325,8 +325,8 @@ echo "XXX: ".$dentry." :: ".$fname."\n"; else if (is_file($fname) && - ($mdata = stProbeFileInfo($fname, TRUE)) !== false && - ($found = wtEntryToSource($compo, $fname, $mdata, $filename, $pdata, $outFilename, $force)) === true) + ($mdata = stProbeFileInfo($fname, TRUE)) !== FALSE && + ($found = wtEntryToSource($compo, $fname, $mdata, $filename, $pdata, $outFilename, $force)) === TRUE) break; } } @@ -451,7 +451,7 @@ function wtCropFilenamesRec($path, $len) { $dir = opendir($path); - while (($dentry = readdir($dir)) !== false) + while (($dentry = readdir($dir)) !== FALSE) { $fname = $path."/".$dentry; $nname = $path."/".wtCropFilename($dentry, $len); @@ -460,14 +460,14 @@ if (is_dir($fname)) { wtCropFilenamesRec($fname, $len); - if (rename($fname, $nname) === false) + if (rename($fname, $nname) === FALSE) { echo "ERROR: Could not rename DIR '".$fname."' -> '".$nname."'.\n"; return FALSE; } } else - if (is_file($fname) && rename($fname, $nname) === false) + if (is_file($fname) && rename($fname, $nname) === FALSE) { echo "ERROR: Could not rename FILE '".$fname."' -> '".$nname."'.\n"; return FALSE; @@ -483,7 +483,7 @@ global $setEntryPath; // Get latest file for the entry - if (($efile = stFetchSQL("SELECT * FROM files WHERE deleted=0 AND id=".$entry["file_id"])) === false) + if (($efile = stFetchSQL("SELECT * FROM files WHERE deleted=0 AND id=".$entry["file_id"])) === FALSE) { echo "INFO: No entry file for ".wtNiceName($compo, $entry, $efile)."\n"; return FALSE; @@ -501,7 +501,7 @@ // Get file data $edata = stProbeFileInfo($filename, TRUE); - if ($edata === false) + if ($edata === FALSE) { echo "ERROR: Invalid/unsupported file type for entry ".wtNiceName($compo, $entry, $efile)."\n"; @@ -537,7 +537,7 @@ $sbinfoStr = implode("\n", $sbinfo); // Create the destination directory - if (wtMakeDir(stMakePath(FALSE, FALSE, array($pathPrefix, $compo["cpath"])), 0755) === false) + if (wtMakeDir(stMakePath(FALSE, FALSE, array($pathPrefix, $compo["cpath"])), 0755) === FALSE) return FALSE; // Form the destination path and/or filename @@ -552,7 +552,7 @@ if ($copyOnly) { $dstFilename = stMakePath(FALSE, FALSE, array($pathPrefix, $compo["cpath"], $dstFileBase)); - if (copy($filename, $dstFilename) === false) + if (copy($filename, $dstFilename) === FALSE) { echo "ERROR: Failed to copy '".$filename."' to '".$dstFilename."'\n"; return FALSE; @@ -562,22 +562,22 @@ if ($edata["class"] == EFILE_ARCHIVE) { // Entry is an archive file, so unpack it - if (wtUnpackArchiveTo($edata["id"], $filename, $dstPath) === false) + if (wtUnpackArchiveTo($edata["id"], $filename, $dstPath) === FALSE) return FALSE; // Crop the filenames from the unpacked archive, if we need to - if ($cropNames !== false) + if ($cropNames !== FALSE) wtCropFilenamesRec($dstPath, $cropNames); } else { // We have a single file (or copyOnly mode) - if (wtMakeDir($dstPath, 0755) === false) + if (wtMakeDir($dstPath, 0755) === FALSE) return FALSE; $dstFilename = stMakePath(FALSE, FALSE, array($dstPath, wtCropFilename($efile["origname"], $cropNames))); - if (copy($filename, $dstFilename) === false) + if (copy($filename, $dstFilename) === FALSE) { echo "ERROR: Failed to copy '".$filename."' to '".$dstFilename."'\n"; return FALSE; @@ -606,7 +606,7 @@ $entry["id"], $entry["name"], $entry["author"], - ($efile !== false) ? " [".$efile["filename"]." / TYPE: '".$efile["filetype"]."']" : ""); + ($efile !== FALSE) ? " [".$efile["filename"]." / TYPE: '".$efile["filetype"]."']" : ""); } @@ -629,14 +629,14 @@ function wtExecOrDie($exe, $args) { - if (wtExec($exe, $args) === false) + if (wtExec($exe, $args) === FALSE) die(); } function wtPurgeDir($path) { - if ($path != "" && $path !== false && file_exists($path) && is_dir($path)) + if ($path != "" && $path !== FALSE && file_exists($path) && is_dir($path)) { // echo "PURGING: ".$path."\n"; foreach (scandir($path) as $file) @@ -658,7 +658,7 @@ if (!file_exists($path)) { echo "INFO: Creating ".$path."\n"; - if (mkdir($path, $perm, TRUE) === false) + if (mkdir($path, $perm, TRUE) === FALSE) die("Could not create directory '".$path."'\n"); } } @@ -784,7 +784,7 @@ // Try to connect to database $spec = stGetSetting("sqlDB"); -if (($db = stConnectSQLDBSpec($spec)) === false) +if (($db = stConnectSQLDBSpec($spec)) === FALSE) die("Could not connect to SQL database '".$spec."'.\n"); echo "Using database spec '".$spec."'.\n"; @@ -832,7 +832,7 @@ if ($argc < 2) die("No filename specified.\n"); - if (($finfo = finfo_open()) === false) + if (($finfo = finfo_open()) === FALSE) die("Internal error. Failed to initialize finfo()."); for ($i = 2; $i < $argc; $i++) @@ -848,7 +848,7 @@ "Probed : ".$sdata."\n". "Mime : ".$smime."\n"; - if (($info = stProbeFileInfo($filename, TRUE)) !== false) + if (($info = stProbeFileInfo($filename, TRUE)) !== FALSE) { $tmp = array(); foreach ($info as $ikey => $ival)
--- a/managedb.php Wed Sep 27 14:16:11 2017 +0300 +++ b/managedb.php Mon Oct 14 10:34:06 2019 +0300 @@ -14,7 +14,6 @@ require_once "mconfig.inc.php"; require_once "msite.inc.php"; -require_once "dbdefs.inc.php"; stCheckCLIExec(); @@ -95,7 +94,7 @@ foreach ($settings as $key => $data) { - $sql = false; + $sql = FALSE; // Get setting type switch ($data[0]) @@ -130,7 +129,7 @@ } } - if ($sql === false) + if ($sql === FALSE) { // Normal insertion of default data $sql = stDBPrepareSQL($outDB, $sqlFmt, @@ -165,7 +164,7 @@ "INSERT INTO ".$groupTable." (name,description) VALUES (%s,%s)", $groupData[$groupID][0], $groupData[$groupID][1]); - if (($gid = stDBExecSQLInsert($outDB, $sql)) === false) + if (($gid = stDBExecSQLInsert($outDB, $sql)) === FALSE) { echo "\nFailed to add group '".$groupID."'\n"; return FALSE; @@ -173,7 +172,7 @@ // Add settings to the group stDBBeginTransaction($outDB); - if (stDoAddSettings($inDB, $outDB, $settings, $table, $upgrade, $gid) === false) + if (stDoAddSettings($inDB, $outDB, $settings, $table, $upgrade, $gid) === FALSE) { echo "\nFailed to add settings to group '".$groupID."'\n"; return FALSE; @@ -219,9 +218,9 @@ $data[$n]); $sql = call_user_func_array('stDBPrepareSQL', $arr); - if (stDBExecSQL($outDB, $sql) === false) + if (stDBExecSQL($outDB, $sql) === FALSE) { - $status = false; + $status = FALSE; break; } } @@ -299,7 +298,7 @@ } $sql = "INSERT INTO ".$table." (".implode(",", $acols).") VALUES (".implode(",", $avals).")"; - if (stDBExecSQL($outDB, $sql) === false) + if (stDBExecSQL($outDB, $sql) === FALSE) { $status = FALSE; break; @@ -314,8 +313,8 @@ // For PostgreSQL we need to update sequences foreach ($sequences as $seq) { - if (($max_id = stDBFetchSQLColumn($outDB, "SELECT MAX(".$seq.") FROM ".$table)) !== false && - ($seq_id = stDBFetchSQLColumn($outDB, "SELECT nextval('".$table."_".$seq."_seq')")) !== false && + if (($max_id = stDBFetchSQLColumn($outDB, "SELECT MAX(".$seq.") FROM ".$table)) !== FALSE && + ($seq_id = stDBFetchSQLColumn($outDB, "SELECT nextval('".$table."_".$seq."_seq')")) !== FALSE && ($seq_id <= $max_id)) { echo "SEQFIX"; @@ -418,10 +417,10 @@ case "new": // Try to connect to database - if (($inSpec = stCArg(2)) === false) + if (($inSpec = stCArg(2)) === FALSE) die("No PDO database spec specified.\n"); - if (($inDB = stConnectSQLDBSpec($inSpec)) === false) + if (($inDB = stConnectSQLDBSpec($inSpec)) === FALSE) die("Could not connect to SQL database '".$inSpec."'.\n"); echo "Using database spec '".$inSpec."'.\n"; @@ -459,7 +458,7 @@ echo "Using INPUT database spec '".$inSpec."'.\n"; - if (($inDB = stConnectSQLDBSpec($inSpec)) === false) + if (($inDB = stConnectSQLDBSpec($inSpec)) === FALSE) die("Could not connect to SQL database '".$inSpec."'.\n"); // Check the current version first ... @@ -473,7 +472,7 @@ else { // Okay, we shall create an upgraded version .. - if (($outDB = stConnectSQLDBSpec($outSpec)) === false) + if (($outDB = stConnectSQLDBSpec($outSpec)) === FALSE) die("Could not connect to SQL database '".$outSpec."'.\n"); echo "Database at version ".$currVersion.", upgrading to ".$dbVersion."\n";
--- a/msite.inc.php Wed Sep 27 14:16:11 2017 +0300 +++ b/msite.inc.php Mon Oct 14 10:34:06 2019 +0300 @@ -5,6 +5,7 @@ // (C) Copyright 2012-2017 Tecnic Software productions (TNSP) // require_once "msitegen.inc.php"; +require_once "dbdefs.inc.php"; // Define modes of party information display system define("SMODE_DISABLED", 0); @@ -12,35 +13,6 @@ define("SMODE_COMPO", 2); -// Define sizes of database fields, see createdb.php -// and also the places where input is validated. -define("SET_LEN_USERNAME", 32); -define("SET_LEN_GROUPS", 64); -define("SET_LEN_ONELINER", 64); -define("SET_LEN_EMAIL", 80); -define("SET_LEN_REGHOST", 128); - -define("SET_LEN_NEWS_TITLE", 128); -define("SET_LEN_NEWS_TEXT", 4096); -define("SET_LEN_NEWS_AUTHOR", 64); - -define("SET_LEN_COMPO_NAME", 128); -define("SET_LEN_COMPO_DESC", 4096); -define("SET_LEN_COMPO_NOTES", 4096); -define("SET_LEN_COMPO_PATH", 128); - -define("SET_LEN_ENTRY_NAME", 64); -define("SET_LEN_ENTRY_AUTHOR", 64); -define("SET_LEN_ENTRY_FILENAME", 128); -define("SET_LEN_ENTRY_INFO", 50*4); -define("SET_LEN_ENTRY_NOTES", 1024); -define("SET_LEN_ENTRY_PREVIEW_FILE", 128); - -define("SET_LEN_DISP_SLIDE_TITLE", 64); -define("SET_LEN_DISP_SLIDE_TEXT", 4096); -define("SET_LEN_ROT_LIST_NAME", 128); - -define("SET_LEN_USERKEY", 64); // @@ -387,7 +359,7 @@ if (isset($displayVars[$name])) { $displayVars[$name] = $value; - $displayVarsChanged[$name] = true; + $displayVarsChanged[$name] = TRUE; } else die("No display var for '".$name."'.\n"); @@ -427,16 +399,16 @@ } echo - stGetTDFormTextInput($edit, 20, SET_LEN_USERNAME, "name", $id, $prefix, $item["name"]). - stGetTDFormTextInput($edit, 20, SET_LEN_GROUPS, "groups", $id, $prefix, $item["groups"]). + stGetTDFormTextInput($edit, 20, SQL_LEN_USERNAME, "name", $id, $prefix, $item["name"]). + stGetTDFormTextInput($edit, 20, SQL_LEN_GROUPS, "groups", $id, $prefix, $item["groups"]). "<td class=\"regtime\">".date("d.m. H:i", $item["regtime"])."</td>". - stGetTDFormTextInput($edit, 30, SET_LEN_ONELINER, "oneliner", $id, $prefix, $item["oneliner"], "autocomplete=\"off\""); + stGetTDFormTextInput($edit, 30, SQL_LEN_ONELINER, "oneliner", $id, $prefix, $item["oneliner"], "autocomplete=\"off\""); if ($full) { echo - stGetTDFormTextInput($edit, 15, SET_LEN_EMAIL, "email", $id, $prefix, $item["email"], "autocomplete=\"off\""). - stGetTDFormTextInput($edit, 15, SET_LEN_REGHOST, "reghost", $id, $prefix, $item["reghost"], "autocomplete=\"off\""); + stGetTDFormTextInput($edit, 15, SQL_LEN_EMAIL, "email", $id, $prefix, $item["email"], "autocomplete=\"off\""). + stGetTDFormTextInput($edit, 15, SQL_LEN_REGHOST, "reghost", $id, $prefix, $item["reghost"], "autocomplete=\"off\""); if ($edit) { @@ -622,19 +594,19 @@ if (stChkRequestItem("name", $name, array(CHK_ISGT, VT_STR, 0, "Handle / name not given."), - array(CHK_LTEQ, VT_STR, SET_LEN_USERNAME, "Handle / name is too long, should be less than ".SET_LEN_USERNAME." characters."))) + array(CHK_LTEQ, VT_STR, SQL_LEN_USERNAME, "Handle / name is too long, should be less than ".SQL_LEN_USERNAME." characters."))) $chk++; else $res = FALSE; if (stChkRequestItem("groups", $groups, - array(CHK_LTEQ, VT_STR, SET_LEN_GROUPS, "Groups are too long, should be less than ".SET_LEN_GROUPS." characters."))) + array(CHK_LTEQ, VT_STR, SQL_LEN_GROUPS, "Groups are too long, should be less than ".SQL_LEN_GROUPS." characters."))) $chk++; else $res = FALSE; if (!stChkRequestItem("oneliner", $oneliner, - array(CHK_LTEQ, VT_STR, SET_LEN_ONELINER, "Oneliner is too long, should be less than ".SET_LEN_ONELINER." characters."))) + array(CHK_LTEQ, VT_STR, SQL_LEN_ONELINER, "Oneliner is too long, should be less than ".SQL_LEN_ONELINER." characters."))) $res = FALSE; $email = stGetRequestItem("email"); @@ -650,22 +622,22 @@ $res = FALSE; } else - if (strlen($email) > SET_LEN_EMAIL) + if (strlen($email) > SQL_LEN_EMAIL) { - stError("E-mail address too long, max ".SET_LEN_EMAIL." characters."); + stError("E-mail address too long, max ".SQL_LEN_EMAIL." characters."); $res = FALSE; } else if (strlen($email) > 0) { - if ($id !== false) + if ($id !== FALSE) // By another ID, if we are updating an entry $sql = stPrepareSQL("SELECT * FROM attendees WHERE id<>%d AND email=%s", $id, $email); else // Or just exists, if adding $sql = stPrepareSQL("SELECT * FROM attendees WHERE email=%s", $email); - if (($data = stFetchSQL($sql)) !== false) + if (($data = stFetchSQL($sql)) !== FALSE) { stError("Someone with the same e-mail address is already registered."); $res = FALSE; @@ -675,14 +647,14 @@ // Check if another user already exists if ($chk >= 2) { - if ($id !== false) + if ($id !== FALSE) // By another ID, if we are updating an entry $sql = stPrepareSQL("SELECT * FROM attendees WHERE id<>%d AND name=%s AND groups=%s", $id, $name, $groups); else // Or just exists, if adding $sql = stPrepareSQL("SELECT * FROM attendees WHERE name=%s AND groups=%s", $name, $groups); - if (($data = stFetchSQL($sql)) !== false) + if (($data = stFetchSQL($sql)) !== FALSE) { stError("Someone with the same name and groups is already registered."); $res = FALSE; @@ -770,7 +742,7 @@ $userKeyMode = stGetSetting("userKeyMode"); $out = array(); $sql = "SELECT * FROM compos ".(($flags & RFLAG_HIDDEN_COMPOS) ? "" : "WHERE visible<>0 ")."ORDER BY name DESC"; - if (($res = stExecSQL($sql)) === false) + if (($res = stExecSQL($sql)) === FALSE) return $out; // For each compo that has been set visible @@ -971,7 +943,7 @@ { global $fileTypeData; - if ($compo === false || $entry === false) + if ($compo === FALSE || $entry === FALSE) return FALSE; $previewPath = stGetSetting("previewPath"); @@ -984,7 +956,7 @@ ); if ($entry["preview_id"] != 0 && - ($efile = stFetchSQL("SELECT * FROM files WHERE deleted=0 AND id=".$entry["preview_id"])) !== false) + ($efile = stFetchSQL("SELECT * FROM files WHERE deleted=0 AND id=".$entry["preview_id"])) !== FALSE) { $pdata["file"] = $efile; if (isset($fileTypeData[$efile["filetype"]]["type"])) @@ -992,7 +964,7 @@ } else if ($entry["file_id"] == 0) - $pdata["valid"] = $efile = false; + $pdata["valid"] = $efile = FALSE; switch ($pdata["type"]) { @@ -1090,7 +1062,7 @@ global $fileTypeData; // Get file magic info - if (($finfo = finfo_open()) === false) + if (($finfo = finfo_open()) === FALSE) { stLogError("Internal error. Failed to initialize finfo()."); return stError("Internal error, failed to probe file."); @@ -1144,7 +1116,7 @@ "VALUES (%s,%s,%d,%d,%d,%s,%d)", $origName, $fileType, $fileSize, $entry["id"], $uploaderID, $type, time()); - if (($fileID = stExecSQLInsert($sql)) === false) + if (($fileID = stExecSQLInsert($sql)) === FALSE) return stFileError($uploaderID, "Failed to add new ".$type." file for entry #".$entry["id"]." '".$origName."'.", "Internal error. Failed to add new file."); @@ -1160,20 +1132,20 @@ // Update entry with generated filename $sql = stPrepareSQL("UPDATE files SET filename=%s WHERE id=%d", $fileName, $fileID); - if (stExecSQL($sql) === false) + if (stExecSQL($sql) === FALSE) return stFileError($uploaderID, "Failed to update newly created files entry #".$fileID." with generated filename '".$fileName."'!", "Internal error. Failed to add new file."); // Update entry's reference $sql = stPrepareSQL("UPDATE entries SET ".$field."=%d WHERE id=%d", $fileID, $entry["id"]); - if (stExecSQL($sql) === false) + if (stExecSQL($sql) === FALSE) return stFileError($uploaderID, "Failed to update entry #".$entry["id"]." ".$type." ID!", "Internal error. Failed to add new file."); // Return file entry - if (($res = stFetchSQL("SELECT * FROM files WHERE id=".$fileID)) === false) + if (($res = stFetchSQL("SELECT * FROM files WHERE id=".$fileID)) === FALSE) return stFileError($uploaderID, "Failed to fetch newly generated files entry #".$fileID, "Internal error. Failed to add new file."); @@ -1199,12 +1171,12 @@ return FALSE; // Check entry existence - if (($entry = stFetchSQL("SELECT * FROM entries WHERE id=".$entryID)) === false) + if (($entry = stFetchSQL("SELECT * FROM entries WHERE id=".$entryID)) === FALSE) return stFileError($userID, "Entry ID #".$entryID." does not exist in the entries table?", "Entry does not exist??"); - if (($compo = stFetchSQL("SELECT * FROM compos WHERE id=".$entry["compo_id"])) === false) + if (($compo = stFetchSQL("SELECT * FROM compos WHERE id=".$entry["compo_id"])) === FALSE) return stFileError($userID, "Compo ID #".$entry["compo_id"]." in entry ID #".$entryID." does not exist!", "Compo does not exist??"); @@ -1232,7 +1204,7 @@ if ($userID != 0) { // Check if the user even exists, just in case - if (($user = stFetchSQL("SELECT * FROM attendees WHERE id=".$userID)) === false) + if (($user = stFetchSQL("SELECT * FROM attendees WHERE id=".$userID)) === FALSE) return stFileError($userID, "User ID #".$userID." does not exist??", "You do not exist. Go away."); @@ -1292,33 +1264,33 @@ // Check file properties .. - if (($fileInfo = stProbeFileInfo($tmpFilename)) === false) + if (($fileInfo = stProbeFileInfo($tmpFilename)) === FALSE) return FALSE; if ($uploadType == "preview" && !isset($fileInfo["type"])) return stError("Preview file upload is not one of the supported preview file types."); // Get original extension - if (($fileExt = $fileInfo["fext"]) === false) + if (($fileExt = $fileInfo["fext"]) === FALSE) { $fileExt = "bin"; - if (($epos = strrpos($orgFilename, ".")) !== false) + if (($epos = strrpos($orgFilename, ".")) !== FALSE) $fileExt = substr($orgFilename, $epos + 1); } // Update current or add new file entry - if (($fentry = stAddFileEntry($entry, $uploadType, $orgFilename, $fileSize, $fileExt, $fileInfo["id"], $userID)) === false) + if (($fentry = stAddFileEntry($entry, $uploadType, $orgFilename, $fileSize, $fileExt, $fileInfo["id"], $userID)) === FALSE) return FALSE; // Set permissions before moving the file - if (chmod($tmpFilename, stGetSetting($uploadType."PathPerms")) === false) + if (chmod($tmpFilename, stGetSetting($uploadType."PathPerms")) === FALSE) return stFileError($userID, "Could not set permissions for uploaded file '".$tmpFilename."'.", "Internal error. Could not set permissions for uploaded file. Contact site admins."); // Move file to its destination $dstFilename = stMakePath(FALSE, TRUE, array(stGetSetting("entryPath"), $compo["cpath"], $fentry["filename"])); - if (@move_uploaded_file($tmpFilename, $dstFilename) === false) + if (@move_uploaded_file($tmpFilename, $dstFilename) === FALSE) return stFileError($userID, "Could not move uploaded file '".$tmpFilename."' to '".$dstFilename."'.", "Internal error. Deploying uploaded file failed! Contact site admins.");
--- a/msitegen.inc.php Wed Sep 27 14:16:11 2017 +0300 +++ b/msitegen.inc.php Mon Oct 14 10:34:06 2019 +0300 @@ -79,7 +79,7 @@ header("HTTP/1.0 ".$statusSet." ".$statusMsg); header("Status: ".$statusSet." ".$statusMsg); } - + if ($errorSet) { echo @@ -112,7 +112,7 @@ switch ($item["vtype"]) { case VT_INT: return intval($item["vint"]); - case VT_BOOL: return intval($item["vint"]) ? true : false; + case VT_BOOL: return intval($item["vint"]) ? TRUE : FALSE; case VT_STR: return $item["vstr"]; case VT_TEXT: return $item["vtext"]; } @@ -172,20 +172,19 @@ function dhentities($str) { - return str_replace(array("<",">"), array("<", ">"), - htmlentities($str, ENT_NOQUOTES, "UTF-8")); + return htmlspecialchars($str, ENT_COMPAT, "UTF-8"); } function chentities($str) { - return htmlentities($str, ENT_NOQUOTES, "UTF-8"); + return htmlspecialchars($str, ENT_NOQUOTES, "UTF-8"); } function ihentities($str) { - return htmlentities($str, ENT_QUOTES, "UTF-8"); + return htmlspecialchars($str, ENT_QUOTES, "UTF-8"); } @@ -290,7 +289,7 @@ if (($csrfID = stGetSessionItem("csrfID", FALSE)) !== FALSE) $str .= stGetFormHiddenInput("csrfID", $csrfID)."\n"; - + return $str; } @@ -341,7 +340,7 @@ { $argc = func_num_args(); $argv = func_get_args(); - + $len = strlen($fmt); $str = ""; $argn = 1; @@ -368,7 +367,7 @@ else $str .= $fmt[$pos]; } - + stError($str); return FALSE; } @@ -381,8 +380,8 @@ // stChkRequestItem("name", FALSE, // array(CHK_ISGT, VT_STR, 0, "Handle / name not given."), // array(CHK_ISGT, VT_STR, 3, "Handle / name too short, should be 3 characters or more."), -// array(CHK_LTEQ, VT_STR, SET_LEN_USERNAME, "Handle / name is too long, should be less than ".SET_LEN_USERNAME." characters."), -// array(CHK_RANGE, VT_STR, array(3, SET_LEN_USERNAME), "Ulululu!"), +// array(CHK_LTEQ, VT_STR, SQL_LEN_USERNAME, "Handle / name is too long, should be less than ".SQL_LEN_USERNAME." characters."), +// array(CHK_RANGE, VT_STR, array(3, SQL_LEN_USERNAME), "Ulululu!"), // ^- ranges specified as array of MIN and MAX values (inclusive) // // array(CHK_CUSTOM, VT_STR, function($value) { return FALSE; }, "Error! Error!"), @@ -425,7 +424,7 @@ $data = trim($_POST[$name]); } - + $slen = strlen($data); @@ -560,8 +559,7 @@ stLogError("Could not connect to SQL database: ".$e->getMessage()."."); return FALSE; } - $db = stConnectSQLDBSpec(stGetSetting("sqlDB")); - return ($db !== false); + return ($db !== FALSE); } @@ -572,7 +570,6 @@ case "d": return intval($value); case "s": return $dbh->quote($value); case "b": return intval($value) ? 1 : 0; - case "D": return intval(stGetRequestItem($value)); case "S": return $dbh->quote(stGetRequestItem($value)); case "Q": return $dbh->quote(stGetRequestItem($value)); @@ -581,12 +578,13 @@ } -function stDBPrepareSQLUpdate($dbh, $table, $cond, $pairs) +function stDBPrepareSQLUpdate($dbh, $table, $cond, $pairs, $values = NULL) { - $sql = array(); + $sql = []; foreach ($pairs as $name => $attr) { - $sql[] = $name."=".stDBGetSQLParam($dbh, $attr, $name); + $sql[] = $name."=".stDBGetSQLParam($dbh, + $attr, $values !== NULL ? $values[$name] : $name); } return "UPDATE ".$table." SET ".implode(",", $sql). @@ -594,15 +592,13 @@ } -function stDBPrepareSQL($dbh) +function stDBPrepareSQL_V($dbh, $fmt, $argv) { - $argc = func_num_args(); - $argv = func_get_args(); - - $fmt = $argv[1]; $len = strlen($fmt); $sql = ""; - $argn = 2; + $argn = 0; + $argc = count($argv); + for ($pos = 0; $pos < $len; $pos++) { if ($fmt[$pos] == "%") @@ -624,34 +620,18 @@ } +function stDBPrepareSQL($dbh) +{ + $argv = func_get_args(); + return stDBPrepareSQL_V($dbh, $argv[1], array_splice($argv, 2)); +} + + function stPrepareSQL() { global $db; - $argc = func_num_args(); $argv = func_get_args(); - - $fmt = $argv[0]; - $len = strlen($fmt); - $sql = ""; - $argn = 1; - for ($pos = 0; $pos < $len; $pos++) - { - if ($fmt[$pos] == "%") - { - if ($argn < $argc) - $sql .= stDBGetSQLParam($db, $fmt[++$pos], $argv[$argn++]); - else - { - stLogError("Invalid SQL statement format string '".$fmt. - "', not enough parameters specified (".$argn." of ".$argc.")"); - return FALSE; - } - } - else - $sql .= $fmt[$pos]; - } - - return $sql; + return stDBPrepareSQL_V($db, $argv[0], array_splice($argv, 1)); } @@ -660,13 +640,13 @@ switch ($dbh->getAttribute(PDO::ATTR_DRIVER_NAME)) { case "pgsql": - if (($res = stDBFetchSQLColumn($dbh, $sql." RETURNING id")) !== false) + if (($res = stDBFetchSQLColumn($dbh, $sql." RETURNING id")) !== FALSE) return $res; else return FALSE; default: - if (stDBExecSQL($dbh, $sql) !== false) + if (stDBExecSQL($dbh, $sql) !== FALSE) return $dbh->lastInsertId(); else return FALSE; @@ -762,46 +742,62 @@ } -function stDBGetTableSchema($dbh, $data) +function stDBGetTableSchema($dbh, $schema) { - $res = array(); + $res = []; $driver = $dbh->getAttribute(PDO::ATTR_DRIVER_NAME); - foreach ($data as $col) + // Go through the table schema, definition by definition + foreach ($schema as $scol) { - $tmp = array(); + $tmp = []; + // And each element of the one definition + // (like 'foo INTEGER AUTOINCREMENT') + foreach ($scol as $elem) switch ($driver) { case "pgsql": - foreach ($col as $elem) + switch ($elem) { - // For Postgres, use SERIAL for autoincrement - if ($elem == "AUTOINCREMENT") + case "AUTOINCREMENT": + // For Postgres, use SERIAL for autoincrement and + // "cleverly" replace the 2nd element with SERIAL + // assuming that it is INTEGER or such. $tmp[1] = "SERIAL"; - else + break; + + case "DATETIME": + $tmp[] = "TIMESTAMPTZ"; + break; + + default: $tmp[] = $elem; + break; } break; case "mysql": - foreach ($col as $elem) + switch ($elem) { - if ($elem != "AUTOINCREMENT") + case "AUTOINCREMENT": $tmp[] = "AUTO_INCREMENT"; - else + break; + + default: $tmp[] = $elem; + break; } break; case "sqlite": - $tmp = $col; + $tmp[] = $elem; break; - + default: - die("Don't know how to handle PDO driver '".$driver."' yet.\n"); + die("Don't know how to handle PDO driver '".$driver."'.\n"); } - + $res[] = implode(" ", $tmp); } @@ -827,14 +823,14 @@ function stStrChop($str, $len) { - return (mb_strlen($str) > $len) ? mb_substr($str, 0, $len - 3)."..." : $str; + return (strlen($str) > $len) ? substr($str, 0, $len - 3)."..." : $str; } function stStrChopPad($str, $len) { $tmp = stStrChop($str, $len); - for ($i = mb_strlen($tmp); $i < $len; $i++) + for ($i = strlen($tmp); $i < $len; $i++) $tmp .= " "; return $tmp; } @@ -905,7 +901,6 @@ "<html>\n". "<head>\n". " <meta charset=\"".$pageCharset."\">\n". - " <meta http-equiv=\"Content-type\" content=\"text/html;charset=".$pageCharset."\">\n". " <title>".strip_tags($pageTitle)."</title>\n". $pageExtra; @@ -953,7 +948,7 @@ $str = $pageTranslations[$msg][$pageLang]; else $str = $msg; - + foreach (func_get_args() as $argn => $argv) $str = preg_replace("/\%".$argn."/", $argv, $str); return $str; @@ -986,7 +981,7 @@ case 404: window.location = "<?php echo $failover ?>"; break; - + case 902: jsStatusMsg(req.statusText); jsMessageBox(req.responseText); @@ -1004,13 +999,13 @@ } } break; - + case 200: if (success) success(req.responseText); jsStatusMsg(req.statusText); break; - + default: if (failure) failure(req.status, req.statusText, req.responseText); @@ -1119,7 +1114,7 @@ { if (($item = stDBFetchSQL($dbh, "SELECT * FROM dbmeta WHERE key=".$dbh->quote($name))) === FALSE) return FALSE; - + return stGetSQLSettingData($item); } @@ -1142,8 +1137,6 @@ $localeInited = TRUE; $pageCharset = "UTF-8"; - mb_internal_encoding($pageCharset); - $tmp = "en_US.".strtolower(str_replace("-", "", $pageCharset)); setlocale(LC_ALL, $tmp); }
--- a/pages/register.inc.php Wed Sep 27 14:16:11 2017 +0300 +++ b/pages/register.inc.php Mon Oct 14 10:34:06 2019 +0300 @@ -170,10 +170,10 @@ " ".stGetFormHiddenInput("mode", "check")."\n". " ".stGetFormHiddenInput("hash", $botCheckHash)."\n". " <table class=\"register\">\n"; - stPrintFormTextInput("Handle:", "(who you are)", 20, SET_LEN_USERNAME, "name"); - stPrintFormTextInput("Group(s):", "(duh)", 30, SET_LEN_GROUPS, "groups"); - stPrintFormTextInput("E-mail:", stCheckRequireEmail() ? "(required)" : "", 30, SET_LEN_EMAIL, "email"); - stPrintFormTextInput("Oneliner:", "(leave a message here)", 30, SET_LEN_ONELINER, "oneliner"); + stPrintFormTextInput("Handle:", "(who you are)", 20, SQL_LEN_USERNAME, "name"); + stPrintFormTextInput("Group(s):", "(duh)", 30, SQL_LEN_GROUPS, "groups"); + stPrintFormTextInput("E-mail:", stCheckRequireEmail() ? "(required)" : "", 30, SQL_LEN_EMAIL, "email"); + stPrintFormTextInput("Oneliner:", "(leave a message here)", 30, SQL_LEN_ONELINER, "oneliner"); stPrintFormTextInput(hashToCheckStr($botCheckHash)." = ", "(I.Q. / robot check". //" [".hashToAnswer($botCheckHash)."]". ")", 20, 20, "botcheck", "autocomplete=\"off\"");
--- a/showajax.php Wed Sep 27 14:16:11 2017 +0300 +++ b/showajax.php Mon Oct 14 10:34:06 2019 +0300 @@ -8,12 +8,12 @@ require_once "msite.inc.php"; -function stPrintCompoEntry($entry, $class, $compo, $title = false) +function stPrintCompoEntry($entry, $class, $compo, $title = FALSE) { echo " <div class=\"".$class."\">\n"; - if ($title !== false) + if ($title !== FALSE) echo " <div class=\"entryTitle\">".$title."</div>\n"; @@ -23,12 +23,12 @@ if ($compo["show_authors"]) { - if ($title === false) + if ($title === FALSE) echo " <div class=\"entryBy\">by</div>\n"; echo " <div class=\"entryAuthor\">".chentities($entry["author"])."</div>\n"; } - if ($title === false) + if ($title === FALSE) echo " <div class=\"entryInfo\">".stConvertCommonDesc($entry["info"], TRUE)."</div>\n"; echo @@ -44,13 +44,13 @@ " <div class=\"compoTitle\">".chentities($compo["name"])." competition</div>\n". " </div>\n"; - if ($entry === false && $prev === false) + if ($entry === FALSE && $prev === FALSE) echo "<div class=\"compoStarting\">... Is about to start ...</div>"; - if ($entry !== false) - stPrintCompoEntry($entry, "compoNext", $compo, false); + if ($entry !== FALSE) + stPrintCompoEntry($entry, "compoNext", $compo, FALSE); - if ($prev !== false) + if ($prev !== FALSE) stPrintCompoEntry($prev, "compoPrev", $compo, "Previous entry"); } @@ -101,7 +101,7 @@ $sql = stPrepareSQL("SELECT * FROM display_slides WHERE id=%d", stGetDisplayVar("tempSlide")); - if (($res = stFetchSQL($sql)) !== false) + if (($res = stFetchSQL($sql)) !== FALSE) { stSetDisplayVar("tempSlideSet", FALSE); stSetDisplayVar("activeSlideMode", SMODE_ROTATE); @@ -136,7 +136,7 @@ "SELECT * FROM rot_list_slides WHERE list_id=%d ORDER BY order_num,id", $list); - if (($slideList = stExecSQL($sql)) !== false) + if (($slideList = stExecSQL($sql)) !== FALSE) { // Get slide at current index $slides = array(); @@ -226,7 +226,7 @@ $sql = stPrepareSQL("SELECT * FROM display_slides WHERE id=%d", stGetDisplayVar("activeSlide")); - if (($slide = stFetchSQL($sql)) !== false) + if (($slide = stFetchSQL($sql)) !== FALSE) stPrintRotationSlide($slide["text"]); } else @@ -240,7 +240,7 @@ "SELECT * FROM compos WHERE id=%d", $compo_id)); - if ($compo !== false) + if ($compo !== FALSE) { $prev = stFetchSQL(stPrepareSQL( "SELECT * FROM entries WHERE compo_id=%d AND show_id=%d AND show_id<>0",
--- a/usrajax.php Wed Sep 27 14:16:11 2017 +0300 +++ b/usrajax.php Mon Oct 14 10:34:06 2019 +0300 @@ -18,7 +18,7 @@ $sql = stPrepareSQL("SELECT id FROM votes WHERE key_id=%d AND entry_id=%d", $key_id, $entry_id); - if (($res = stFetchSQLColumn($sql)) === false) + if (($res = stFetchSQLColumn($sql)) === FALSE) { // Didn't exist, insert it $sql = stPrepareSQL( @@ -85,7 +85,7 @@ // Check vote key validity // $sql = stPrepareSQL("SELECT * FROM userkeys WHERE id=%d", $userKeyId); -if (($key = stFetchSQL($sql)) === false) +if (($key = stFetchSQL($sql)) === FALSE) { stError("Userkey does not exist."); } @@ -101,7 +101,7 @@ case VOTE_ASSIGN: $sql = stPrepareSQL("SELECT id FROM attendees WHERE key_id=%d", $key["id"]); - if (stFetchSQL($sql) === false) + if (stFetchSQL($sql) === FALSE) stError("Userkey is not assigned to any user."); break; } @@ -127,11 +127,11 @@ // Check if the entry_id is actually valid stDBBeginTransaction(); $sql = stPrepareSQL("SELECT * FROM entries WHERE id=%d", $entry_id); - if (($entry = stFetchSQL($sql)) !== false) + if (($entry = stFetchSQL($sql)) !== FALSE) { // Check if the compo is valid for the entry $sql = stPrepareSQL("SELECT * FROM compos WHERE id=%d", $entry["compo_id"]); - if (($compo = stFetchSQL($sql)) !== false && $compo["voting"] != 0) + if (($compo = stFetchSQL($sql)) !== FALSE && $compo["voting"] != 0) stUpdateVote($userKeyId, $entry_id, $vote); } stDBCommitTransaction();
--- a/usrlogin.php Wed Sep 27 14:16:11 2017 +0300 +++ b/usrlogin.php Mon Oct 14 10:34:06 2019 +0300 @@ -32,7 +32,7 @@ $error = 0; $sql = stPrepareSQL("SELECT * FROM userkeys WHERE key=%s", $password); -if (($key = stFetchSQL($sql)) !== false) +if (($key = stFetchSQL($sql)) !== FALSE) { // // Validate login based on current user key mode @@ -46,7 +46,7 @@ case VOTE_ASSIGN: $sql = stPrepareSQL("SELECT id FROM attendees WHERE key_id=%d", $key["id"]); - if (stFetchSQL($sql) === false) + if (stFetchSQL($sql) === FALSE) $error = 3; break; }