From 0b46ec160e39bd3aca5be9cbe199a70940dca81b Mon Sep 17 00:00:00 2001 From: "Pierre Habouzit (MadCoder" Date: Thu, 30 Dec 2004 10:42:36 +0000 Subject: [PATCH] backport + htdocs/. is $globals->db->query clean Patches applied: * opensource@polytechnique.org--2005/platal--release--0.9.3--patch-11 Env:: -> Session:: * opensource@polytechnique.org--2005/platal--release--0.9.3--patch-13 wibble git-archimport-id: opensource@polytechnique.org--2005/platal--mainline--0.9--patch-196 --- htdocs/acces_smtp.php | 15 ++--- htdocs/advanced_search.php | 5 +- htdocs/alias.php | 23 +++---- htdocs/auth-groupex.php | 5 +- htdocs/emails.php | 28 ++++----- htdocs/epouse.php | 14 ++--- htdocs/fiche.php | 13 ++-- htdocs/fiche_referent.php | 95 +++++++++++----------------- htdocs/getphoto.php | 14 ++--- htdocs/login.php | 20 +++--- htdocs/motdepassemd5.php | 3 +- htdocs/profil.php | 21 +++---- htdocs/recovery.php | 40 ++++-------- htdocs/referent.php | 153 +++++++++++++++++++++------------------------ htdocs/skins.php | 6 +- htdocs/tmpPWD.php | 21 +++---- htdocs/trombino.php | 8 +-- htdocs/trombipromo.php | 34 +++++----- htdocs/webredirect.php | 19 +++--- include/xorg/page.inc.php | 6 +- templates/skins.tpl | 8 +-- 21 files changed, 234 insertions(+), 317 deletions(-) diff --git a/htdocs/acces_smtp.php b/htdocs/acces_smtp.php index 0ff134b..e8711c2 100644 --- a/htdocs/acces_smtp.php +++ b/htdocs/acces_smtp.php @@ -24,28 +24,25 @@ new_skinned_page('acces_smtp.tpl', AUTH_MDP); $uid = Session::getInt('uid'); $pass = Env::get('smtppass1'); -$log = Env::getMixed('log'); +$log = Session::getMixed('log'); if ( Env::get('op') == "Valider" && Env::get('smtppass1') == Env::get('smtppass2') && strlen($pass) >= 6 ) { - $globals->db->query("update auth_user_md5 set smtppass = '$pass' where user_id = $uid"); + $globals->xdb->execute('update auth_user_md5 set smtppass = {?} where user_id = {?}', $pass, $uid); $page->trig('Mot de passe enregistré'); $log->log("passwd_ssl"); } elseif (Env::get('op') == "Supprimer") { - $globals->db->query("update auth_user_md5 set smtppass = '' where user_id = $uid"); + $globals->xdb->execute('update auth_user_md5 set smtppass = "" where user_id = {?}', $uid); $page->trig('Compte SMTP et NNTP supprimé'); $log->log("passwd_del"); } -$result = $globals->db->query("select IF(smtppass != '', 'actif', '') from auth_user_md5 where user_id = ".$uid); -list($actif) = mysql_fetch_row($result); -mysql_free_result($result); - -$page->assign('actif', $actif); -$page->run($actif); +$res = $globals->xdb->query("select IF(smtppass != '', 'actif', '') from auth_user_md5 where user_id = {?}", $uid); +$page->assign('actif', $res->fetchOneCell()); +$page->run(); // vim:et:sw=4: ?> diff --git a/htdocs/advanced_search.php b/htdocs/advanced_search.php index f0b5ae3..7242559 100644 --- a/htdocs/advanced_search.php +++ b/htdocs/advanced_search.php @@ -47,15 +47,14 @@ function form_prepare() } else { $sql = 'DESCRIBE applis_def type'; } - $res = $globals->db->query($sql); - $row = mysql_fetch_row($res); + $res = $globals->xdb->query($sql); + $row = $res->fetchOneRow(); if (Env::has('school')) { $types = $row[0]; } else { $types = explode('(',$row[1]); $types = str_replace("'","",substr($types[1],0,-1)); } - mysql_free_result($res); $page->assign('choix_diplomas', explode(',',$types)); } diff --git a/htdocs/alias.php b/htdocs/alias.php index 439d758..fe5e67d 100644 --- a/htdocs/alias.php +++ b/htdocs/alias.php @@ -30,17 +30,14 @@ $forlife = Session::get('forlife'); $page->assign('demande', AliasReq::get_unique_request($uid)); //Récupération des alias éventuellement existants -$sql = "SELECT alias - FROM virtual - INNER JOIN virtual_redirect USING(vid) - WHERE ( redirect='$forlife@{$globals->mail->domain}' - OR redirect='$forlife@{$globals->mail->domain2}' ) - AND alias LIKE '%@{$globals->mail->alias_dom}'"; -if($result = $globals->db->query($sql)) { - list($aliases) = mysql_fetch_row($result); - mysql_free_result($result); - $page->assign('actuel',$aliases); -} +$res = $globals->xdb->query( + "SELECT alias + FROM virtual + INNER JOIN virtual_redirect USING(vid) + WHERE ( redirect={?} OR redirect= {?} ) + AND alias LIKE '%@{$globals->mail->alias_dom}'", + $forlife.'@'.$globals->mail->domain, $forlife.'@'.$globals->mail->domain2); +$page->assign('actuel', $res->fetchOneCell()); //Si l'utilisateur vient de faire une damande if (Env::has('alias') and Env::has('raison')) { @@ -59,8 +56,8 @@ if (Env::has('alias') and Env::has('raison')) { $page->run('error'); } else { //vérifier que l'alias n'est pas déja pris - $result = $globals->db->query("SELECT 1 FROM virtual WHERE alias='$alias@{$globals->mail->alias_dom}'"); - if (mysql_num_rows($result)>0) { + $res = $globals->xdb->query('SELECT COUNT(*) FROM virtual WHERE alias={?}', $alias.'@'.$globals->mail->alias_dom); + if ($res->fetchOneCell() > 0) { $page->trig("L'alias $alias@{$globals->mail->alias_dom} a déja été attribué. Tu ne peux donc pas l'obtenir."); $page->run('error'); diff --git a/htdocs/auth-groupex.php b/htdocs/auth-groupex.php index 9887ea2..83c0d1b 100644 --- a/htdocs/auth-groupex.php +++ b/htdocs/auth-groupex.php @@ -89,8 +89,9 @@ function gpex_make_params($chlg, $privkey, $datafields) { } /* on parcourt les entrees de groupes_auth */ -$res = $globals->db->query("select privkey,name,datafields from groupesx_auth"); -while (list($privkey,$name,$datafields) = mysql_fetch_row($res)) { +$res = $globals->xdb->iterRow('select privkey,name,datafields from groupesx_auth'); + +while (list($privkey,$name,$datafields) = $res->next()) { if (md5($gpex_challenge.$privkey) == $gpex_pass) { $returl = $gpex_url.gpex_make_params($gpex_challenge,$privkey,$datafields); header("Location:$returl"); diff --git a/htdocs/emails.php b/htdocs/emails.php index 361f169..e914ed4 100644 --- a/htdocs/emails.php +++ b/htdocs/emails.php @@ -25,11 +25,9 @@ new_skinned_page('emails.tpl',AUTH_COOKIE); $uid = Session::getInt('uid'); if (Post::has('best')) { - $globals->db->query("UPDATE aliases SET flags='' WHERE flags='bestalias' AND id=$uid"); - $globals->db->query("UPDATE aliases SET flags='epouse' WHERE flags='epouse,bestalias' AND id=$uid"); - $globals->db->query("UPDATE aliases - SET flags=CONCAT(flags,',','bestalias') - WHERE id=$uid AND alias='".Post::get('best')."'"); + $globals->xdb->execute("UPDATE aliases SET flags='' WHERE flags='bestalias' AND id={?}", $uid); + $globals->xdb->execute("UPDATE aliases SET flags='epouse' WHERE flags='epouse,bestalias' AND id={?}", $uid); + $globals->xdb->execute("UPDATE aliases SET flags=CONCAT(flags,',','bestalias') WHERE id={?} AND alias={?}", $uid, Post::get('best')); } // on regarde si on a affaire à un homonyme @@ -47,18 +45,14 @@ $page->mysql_assign($sql, 'mails', 'nb_mails'); // on regarde si l'utilisateur a un alias et si oui on l'affiche ! $forlife = Session::get('forlife'); -$sql = "SELECT alias - FROM virtual AS v - INNER JOIN virtual_redirect AS vr USING(vid) - WHERE ( redirect='$forlife@{$globals->mail->domain}' - OR redirect='$forlife@{$globals->mail->domain2}' ) - AND alias LIKE '%@{$globals->mail->alias_dom}'"; -$result = $globals->db->query($sql); -if ($result && list($aliases) = mysql_fetch_row($result)) { - list($melix) = split('@', $aliases); - $page->assign('melix', $melix); -} -mysql_free_result($result); +$res = $globals->xdb->query( + "SELECT alias + FROM virtual AS v + INNER JOIN virtual_redirect AS vr USING(vid) + WHERE (redirect={?} OR redirect={?}) + AND alias LIKE '%@{$globals->mail->alias_dom}'", + $forlife.'@'.$globals->mail->domain, $forlife.'@'.$globals->mail->domain2); +$page->assign('melix', $res->fetchOneCell()); $page->run(); ?> diff --git a/htdocs/epouse.php b/htdocs/epouse.php index 5a71439..99987f6 100644 --- a/htdocs/epouse.php +++ b/htdocs/epouse.php @@ -25,14 +25,14 @@ require_once("xorg.misc.inc.php"); new_skinned_page('epouse.tpl', AUTH_MDP); -$res = $globals->db->query( - "SELECT u.nom,u.epouse,u.flags,e.alias - FROM auth_user_md5 AS u - LEFT JOIN aliases AS e ON(u.user_id = e.id) - WHERE user_id=".Session::getInt('uid'); +$res = $globals->xdb->query( + "SELECT u.nom,u.epouse,u.flags,e.alias + FROM auth_user_md5 AS u + LEFT JOIN aliases AS e ON(u.user_id = e.id) + WHERE user_id={?}", Session::getInt('uid')); -list($nom,$epouse_old,$flags,$alias_old) = mysql_fetch_row($res); -$flags=new flagset($flags); +list($nom,$epouse_old,$flags,$alias_old) = $res->fetchOneRow(); +$flags = new flagset($flags); $page->assign('is_femme', $flags->hasflag("femme")); $page->assign('epouse_old', $epouse_old); $page->assign('alias_old', $alias_old); diff --git a/htdocs/fiche.php b/htdocs/fiche.php index f8c10c6..712a54a 100644 --- a/htdocs/fiche.php +++ b/htdocs/fiche.php @@ -36,14 +36,15 @@ if (Env::has('user')) { } if (Env::has('mat')) { - $res = $globals->db->query("SELECT alias - FROM aliases AS a - INNER JOIN auth_user_md5 AS u ON (a.id=u.user_id AND a.type='a_vie') - WHERE matricule=".Env::getInt('mat')); - if (!(list($login) = mysql_fetch_row($res))) { + $res = $globals->xdb->query( + "SELECT alias + FROM aliases AS a + INNER JOIN auth_user_md5 AS u ON (a.id=u.user_id AND a.type='a_vie') + WHERE matricule={?}", Env::getInt('mat')); + $login = $res->fetchOneCell(); + if (empty($login)) { $page->kill("cette page n'existe pas"); } - mysql_free_result($res); } $new = Env::get('modif') == 'new'; diff --git a/htdocs/fiche_referent.php b/htdocs/fiche_referent.php index 04f3c4c..14992fa 100644 --- a/htdocs/fiche_referent.php +++ b/htdocs/fiche_referent.php @@ -27,18 +27,17 @@ if (!Env::has('user')) { exit; } -$reqsql = "SELECT prenom, nom, user_id, promo, cv, a.alias AS bestalias - FROM auth_user_md5 AS u - INNER JOIN aliases AS a ON (u.user_id=a.id AND FIND_IN_SET('bestalias',a.flags)) - INNER JOIN aliases AS a1 ON (u.user_id=a1.id AND a1.alias = '".Env::get('user')."' AND a1.type!='homonyme')"; -$result = $globals->db->query($reqsql); -if (mysql_num_rows($result)!=1) { +$res = $globals->xdb->query( + "SELECT prenom, nom, user_id, promo, cv, a.alias AS bestalias + FROM auth_user_md5 AS u + INNER JOIN aliases AS a ON (u.user_id=a.id AND FIND_IN_SET('bestalias',a.flags)) + INNER JOIN aliases AS a1 ON (u.user_id=a1.id AND a1.alias = {?} AND a1.type!='homonyme')", + Env::get('user')); +if ($res->numRows() != 1) { exit; } -if (list($prenom, $nom, $user_id, $promo, $cv, $bestalias) = mysql_fetch_row($result)) { - mysql_free_result($result); -} +list($prenom, $nom, $user_id, $promo, $cv, $bestalias) = $res->fetchOneRow(); $page->assign('prenom', $prenom); $page->assign('nom', $nom); @@ -48,66 +47,48 @@ $page->assign('bestalias', $bestalias); //recuperation des infos professionnelles -$reqsql = - "SELECT e.entreprise, s.label as secteur , ss.label as ss_secteur , f.fonction_fr as fonction, - e.poste, e.adr1, e.adr2, e.adr3, e.cp, e.ville, - gp.pays, gr.name, e.tel, e.fax - FROM entreprises AS e - LEFT JOIN emploi_secteur AS s ON(e.secteur = s.id) - LEFT JOIN emploi_ss_secteur AS ss ON(e.ss_secteur = ss.id AND e.secteur = ss.secteur) - LEFT JOIN fonctions_def AS f ON(e.fonction = f.id) - LEFT JOIN geoloc_pays AS gp ON (gp.a2 = e.pays) - LEFT JOIN geoloc_region AS gr ON (gr.a2 = e.pays and gr.region = e.region) - WHERE e.uid = $user_id - ORDER BY e.entrid - "; - -$result = $globals->db->query($reqsql); - -while($tmp = mysql_fetch_assoc($result)) { - if (trim(join('',$tmp))) { - $adr_pro[] = $tmp; - } -} -$page->assign_by_ref('adr_pro', $adr_pro); -mysql_free_result($result); +$res = $globals->xdb->query( + "SELECT e.entreprise, s.label as secteur , ss.label as ss_secteur , f.fonction_fr as fonction, + e.poste, e.adr1, e.adr2, e.adr3, e.cp, e.ville, + gp.pays, gr.name, e.tel, e.fax + FROM entreprises AS e + LEFT JOIN emploi_secteur AS s ON(e.secteur = s.id) + LEFT JOIN emploi_ss_secteur AS ss ON(e.ss_secteur = ss.id AND e.secteur = ss.secteur) + LEFT JOIN fonctions_def AS f ON(e.fonction = f.id) + LEFT JOIN geoloc_pays AS gp ON (gp.a2 = e.pays) + LEFT JOIN geoloc_region AS gr ON (gr.a2 = e.pays and gr.region = e.region) + WHERE e.uid = {?} + ORDER BY e.entrid", $user_id); +$page->assign('adr_pro', $res->fetchAllAssoc()); ///// recuperations infos referent -$pays = $secteurs = $ss_secteurs = Array(); //expertise -$result = $globals->db->query("SELECT expertise FROM mentor WHERE uid = $user_id"); -if(list($expertise) = mysql_fetch_row($result)) { - $page->assign('expertise', $expertise); -} -mysql_free_result($result); +$res = $globals->xdb->query("SELECT expertise FROM mentor WHERE uid = {?}", $user_id); +$page->assign('expertise', $res->fetchOneCell()); //secteurs -$result = $globals->db->query("SELECT s.label, ss.label - FROM mentor_secteurs AS m - LEFT JOIN emploi_secteur AS s ON(m.secteur = s.id) - LEFT JOIN emploi_ss_secteur AS ss ON(m.secteur = ss.secteur AND m.ss_secteur = ss.id) - WHERE uid = $user_id"); -while(list($sec, $ssec) = mysql_fetch_row($result)) { +$secteurs = $ss_secteurs = Array(); +$res = $globals->xdb->iterRow( + "SELECT s.label, ss.label + FROM mentor_secteurs AS m + LEFT JOIN emploi_secteur AS s ON(m.secteur = s.id) + LEFT JOIN emploi_ss_secteur AS ss ON(m.secteur = ss.secteur AND m.ss_secteur = ss.id) + WHERE uid = {?}", $user_id); +while (list($sec, $ssec) = $res->next()) { $secteurs[] = $sec; $ss_secteurs[] = $ssec; } -mysql_free_result($result); - -//pays -$result = $globals->db->query("SELECT gp.pays - FROM mentor_pays AS m - LEFT JOIN geoloc_pays AS gp ON(m.pid = gp.a2) - WHERE uid = $user_id"); -while (list($p) = mysql_fetch_row($result)) { - $pays[] = $p; -} -mysql_free_result($result); - $page->assign_by_ref('secteurs', $secteurs); $page->assign_by_ref('ss_secteurs', $ss_secteurs); -$page->assign_by_ref('pays', $pays); +//pays +$res = $globals->xdb->query( + "SELECT gp.pays + FROM mentor_pays AS m + LEFT JOIN geoloc_pays AS gp ON(m.pid = gp.a2) + WHERE uid = {?}", $user_id); +$page->assign('pays', $res->fetchColumn()); $page->run(); ?> diff --git a/htdocs/getphoto.php b/htdocs/getphoto.php index 932be6d..4cd6956 100644 --- a/htdocs/getphoto.php +++ b/htdocs/getphoto.php @@ -31,16 +31,16 @@ if (Env::has('x')) { echo $myphoto->data; } else { if(preg_match('/^\d*$/', Env::get('x'))) { - $result = $globals->db->query('SELECT attachmime, attach FROM photo WHERE uid = '.Env::getInt('x')); + $res = $globals->xdb->query('SELECT attachmime, attach FROM photo WHERE uid = {?}', Env::getInt('x')); } else { - $sql = "SELECT attachmime, attach - FROM photo AS p - INNER JOIN aliases AS a ON p.uid=a.id - WHERE alias='".Env::get('x')."'"; - $result = $globals->db->query($sql); + $res = $globals->xdb->query( + "SELECT attachmime, attach + FROM photo AS p + INNER JOIN aliases AS a ON p.uid=a.id + WHERE alias={?}", Env::get('x')); } - if( list($type,$data) = @mysql_fetch_row($result) ) { + if( list($type,$data) = $res->fetchOneRow() ) { Header( "Content-type: image/$type"); echo $data; } else { diff --git a/htdocs/login.php b/htdocs/login.php index e892b3c..7d1e428 100644 --- a/htdocs/login.php +++ b/htdocs/login.php @@ -22,9 +22,8 @@ require_once('xorg.inc.php'); new_skinned_page('login.tpl', AUTH_COOKIE); -$param=$globals->db->query('SELECT date,naissance FROM auth_user_md5 WHERE user_id='.Session::getInt('uid')); -list($date,$naissance) = mysql_fetch_row($param); -mysql_free_result($param); +$res = $globals->xdb->query('SELECT date,naissance FROM auth_user_md5 WHERE user_id={?}', Session::getInt('uid')); +list($date,$naissance) = $res->fetchOneRow(); if ($naissance==0 || $naissance=='0000-00-00') { $page->assign('ask_naissance', true); @@ -34,19 +33,18 @@ if ($naissance==0 || $naissance=='0000-00-00') { // incitation à mettre à jour la fiche -$res = $globals->db->query('SELECT date FROM auth_user_md5 WHERE user_id='.Session::getInt('uid')); -list($d) = mysql_fetch_row($res); -$date_maj = mktime(0, 0, 0, substr($d, 5, 2), substr($d, 8, 2), substr($d, 0, 4)); -if(( (time() - $date_maj) > 60 * 60 * 24 * 400)) { // si fiche date de + de 400j; +$res = $globals->xdb->query('SELECT date FROM auth_user_md5 WHERE user_id={?}', Session::getInt('uid')); +$d = $res->fetchOneCell(); +$d2 = mktime(0, 0, 0, substr($d, 5, 2), substr($d, 8, 2), substr($d, 0, 4)); +if( (time() - $d2) > 60 * 60 * 24 * 400 ) { + // si fiche date de + de 400j; $page->assign('fiche_incitation', $d); } // incitation à mettre une photo -$res = $globals->db->query('SELECT 1 FROM photo WHERE uid='.Session::getInt('uid')); -if (mysql_num_rows($res) == 0) - $page->assign('photo_incitation', true); -mysql_free_result($res); +$res = $globals->xdb->query('SELECT COUNT(*) FROM photo WHERE uid={?}', Session::getInt('uid')); +$page->assign('photo_incitation', $res->fetchOneCell() == 0); // affichage de la boîte avec quelques liens diff --git a/htdocs/motdepassemd5.php b/htdocs/motdepassemd5.php index 4e7a7f7..ce034ac 100644 --- a/htdocs/motdepassemd5.php +++ b/htdocs/motdepassemd5.php @@ -24,8 +24,7 @@ require_once('xorg.inc.php'); if (Env::has('response2')) { $_SESSION['password'] = $password = Post::get('response2'); - $sql = "UPDATE auth_user_md5 SET password='$password' WHERE user_id=".Session::getInt('uid'); - $globals->db->query($sql); + $globals->xdb->execute('UPDATE auth_user_md5 SET password={?} WHERE user_id={?}', $password, Session::getInt('uid')); $log =& Session::getMixed('log'); $log->log('passwd', ''); diff --git a/htdocs/profil.php b/htdocs/profil.php index e299102..b84d20f 100644 --- a/htdocs/profil.php +++ b/htdocs/profil.php @@ -36,13 +36,13 @@ $new_tab = Env::has('suivant') ? get_next_tab($opened_tab) : $opened_tab; // pour tous les tabs, on recupere les bits car on a besoin de tous les bits pour en mettre a jour un, la date d naissance pour verifier // quelle est bien rentree et la date. -$sql = "SELECT FIND_IN_SET('mobile_public', bits), FIND_IN_SET('mobile_ax', bits), - FIND_IN_SET('web_public', bits), FIND_IN_SET('libre_public', bits), - naissance, DATE_FORMAT(date,'%d.%m.%Y') - FROM auth_user_md5 - WHERE user_id=".Session::getInt('uid'); -$result = $globals->db->query($sql); -list($mobile_public, $mobile_ax,$web_public, $libre_public, $naissance, $date_modif_profil) = mysql_fetch_row($result); +$res = $globals->xdb->query( + "SELECT FIND_IN_SET('mobile_public', bits), FIND_IN_SET('mobile_ax', bits), + FIND_IN_SET('web_public', bits), FIND_IN_SET('libre_public', bits), + naissance, DATE_FORMAT(date,'%d.%m.%Y') + FROM auth_user_md5 + WHERE user_id={?}", Session::getInt('uid')); +list($mobile_public, $mobile_ax,$web_public, $libre_public, $naissance, $date_modif_profil) = $res->fetchOneRow(); // lorsqu'on n'a pas la date de naissance en base de données if (!$naissance) { @@ -56,7 +56,7 @@ if (!$naissance) { //sinon $birth = sprintf("%s-%s-%s", substr(Env::get('birth'),4,4), substr(Env::get('birth'),2,2), substr(Env::get('birth'),0,2)); - $globals->db->query("UPDATE auth_user_md5 SET naissance='$birth' WHERE user_id=".Session::getInt('uid')); + $globals->xdb->execute("UPDATE auth_user_md5 SET naissance={?} WHERE user_id={?}", $birth, Session::getInt('uid')); $page->assign('etat_naissance','ok'); $page->run(); } else { @@ -84,7 +84,7 @@ if (Env::has('modifier') || Env::has('suivant')) { /* on sauvegarde les changements dans user_changes : * on a juste besoin d'insérer le user_id de la personne dans la table */ - $globals->db->query('REPLACE INTO user_changes SET user_id='.Session::getInt('uid')); + $globals->xdb->execute('REPLACE INTO user_changes SET user_id={?}', Session::getInt('uid')); //Mise a jour des bits // bits : set('mobile_public','mobile_ax','web_public','libre_public') @@ -94,8 +94,7 @@ if (Env::has('modifier') || Env::has('suivant')) { if ($web_public) $bits_reply .= 'web_public,'; if ($libre_public) $bits_reply .= 'libre_public,'; if (!empty($bits_reply)) $bits_reply = substr($bits_reply, 0, -1); - $sql = "UPDATE auth_user_md5 set bits = '$bits_reply' WHERE user_id=".Session::getInt('uid'); - $globals->db->query($sql); + $globals->xdb->execute('UPDATE auth_user_md5 set bits={?} WHERE user_id={?}', $bits_reply, Session::getInt('uid')); if (!Session::has('suid')) { require_once('notifs.inc.php'); diff --git a/htdocs/recovery.php b/htdocs/recovery.php index db2f2d0..e7d8770 100644 --- a/htdocs/recovery.php +++ b/htdocs/recovery.php @@ -33,43 +33,25 @@ if (Env::has('login') and Env::has('birth')) { // paragraphe rajouté : si la date de naissance dans la base n'existe pas, on l'update // avec celle fournie ici en espérant que c'est la bonne - $sql="SELECT user_id, naissance - FROM auth_user_md5 AS u - INNER JOIN aliases AS a ON (u.user_id=a.id AND type!='homonyme') - WHERE a.alias='$mailorg' AND u.perms IN ('admin','user') AND u.deces=0"; - $result=$globals->db->query($sql); - if (list($uid,$naissance)=mysql_fetch_array($result)) { - if((strlen($naissance))<5) { - $globals->db->query("UPDATE auth_user_md5 SET naissance='$birth' WHERE user_id=$uid"); - $naissance = $birth; - } - } - mysql_free_result($result); + $res = $globals->xdb->query( + "SELECT user_id, naissance + FROM auth_user_md5 AS u + INNER JOIN aliases AS a ON (u.user_id=a.id AND type!='homonyme') + WHERE a.alias={?} AND u.perms IN ('admin','user') AND u.deces=0", $mailorg); + list($uid, $naissance) = $res->fetchOneRow(); if ($naissance == $birth) { $page->assign('ok', true); - $url = rand_url_id(); - $stamp = date('Y-m-d H:i:s'); - $sql = "INSERT INTO perte_pass (certificat,uid,created) VALUES ('$url',$uid,'$stamp')"; - - $globals->db->query($sql); - // on recupere les emails sans tenir comptes du flags active (ni des autres) - // sauf qu'il ne faut pas prendre la ligne qui possède l'éventuel appel - // au filtre personnel (ligne dont le num = 0) - $result=$globals->db->query("select email from emails where uid = $uid and NOT FIND_IN_SET('filter', flags)"); - - $emails = array(); - while(list($email) = mysql_fetch_row($result)) { - $emails[] = $email; - } - mysql_free_result($result); - $emails = implode(',', $emails); + $url = rand_url_id(); + $globals->xdb->execute('INSERT INTO perte_pass (certificat,uid,created) VALUES ({?},{?},NOW())', $url, $uid); + $res = $globals->xdb->query('SELECT email FROM emails WHERE uid = {?} AND NOT FIND_IN_SET("filter", flags)', $uid); + $mails = implode(', ', $res->fetchColumn()); require_once("diogenes.hermes.inc.php"); $mymail = new HermesMailer(); $mymail->setFrom('"Gestion des mots de passe" '); - $mymail->addTo($emails); + $mymail->addTo($mails); $mymail->setSubject('Ton certificat d\'authentification'); $mymail->setTxtBody("Visite la page suivante qui expire dans six heures : {$globals->baseurl}/tmpPWD.php?certificat=$url diff --git a/htdocs/referent.php b/htdocs/referent.php index 3daea44..c4f13eb 100644 --- a/htdocs/referent.php +++ b/htdocs/referent.php @@ -41,34 +41,30 @@ $page->assign('secteur_selectionne',$secteur_selectionne); $page->assign('ss_secteur_selectionne',$ss_secteur_selectionne); //recuperation des noms de secteurs -$res = $globals->db->query("SELECT id, label FROM emploi_secteur"); +$res = $globals->xdb->iterRow("SELECT id, label FROM emploi_secteur"); $secteurs[''] = ''; -while(list($tmp_id, $tmp_label) = mysql_fetch_row($res)) { +while (list($tmp_id, $tmp_label) = $res->next()) { $secteurs[$tmp_id] = $tmp_label; } -mysql_free_result($res); $page->assign_by_ref('secteurs', $secteurs); //on recupere les sous-secteurs si necessaire $ss_secteurs[''] = ''; -if(!empty($secteur_selectionne)) +if (!empty($secteur_selectionne)) { - $res = $globals->db->query("SELECT id, label FROM emploi_ss_secteur - WHERE secteur = '$secteur_selectionne'"); - while(list($tmp_id, $tmp_label) = mysql_fetch_row($res)) { - $ss_secteurs[$tmp_id] = $tmp_label; + $res = $globals->xdb->iterRow("SELECT id, label FROM emploi_ss_secteur WHERE secteur = {?}", $secteur_selectionne); + while (list($tmp_id, $tmp_label) = $res->next()) { + $ss_secteurs[$tmp_id] = $tmp_label; } - mysql_free_result($res); } $page->assign_by_ref('ss_secteurs', $ss_secteurs); //recuperation des noms de pays -$res = $globals->db->query("SELECT a2, pays FROM geoloc_pays WHERE pays <> '' ORDER BY pays"); +$res = $globals->xdb->iterRow("SELECT a2, pays FROM geoloc_pays WHERE pays <> '' ORDER BY pays"); $pays['00'] = ''; -while(list($tmp_id, $tmp_label) = mysql_fetch_row($res)) { +while (list($tmp_id, $tmp_label) = $res->next()) { $pays[$tmp_id] = $tmp_label; } -mysql_free_result($res); $page->assign_by_ref('pays', $pays); //On vient d'un formulaire @@ -78,87 +74,78 @@ if (Env::has('Chercher')) { $champ_select = $champ_select.', mp.pid'; $champ_select = $champ_select.', ms.secteur, ms.ss_secteur'; - $clause_from = ' FROM mentor as m LEFT JOIN auth_user_md5 AS a ON(m.uid = a.user_id)' - . ' INNER JOIN aliases AS l ON (a.user_id=l.id AND FIND_IN_SET(\'bestalias\',l.flags)' - . ' LEFT JOIN mentor_pays AS mp ON(m.uid = mp.uid)' - . ' LEFT JOIN mentor_secteurs AS ms ON(m.uid = ms.uid)'; + $clause_from = ' FROM mentor AS m + LEFT JOIN auth_user_md5 AS a ON(m.uid = a.user_id) + INNER JOIN aliases AS l ON (a.user_id=l.id AND FIND_IN_SET(\'bestalias\',l.flags) + LEFT JOIN mentor_pays AS mp ON(m.uid = mp.uid) + LEFT JOIN mentor_secteurs AS ms ON(m.uid = ms.uid)'; - $clause_where = 'WHERE'; + $clause_where = ''; if ($pays_selectionne != '00') { - $clause_where = $clause_where." mp.pid = '$pays_selectionne' AND"; + $clause_where = $clause_where." mp.pid = '".addslashes($pays_selectionne)."' AND"; } - if ($secteur_selectionne != '') - { - $clause_where = $clause_where." ms.secteur = '$secteur_selectionne' AND"; - if($ss_secteur_selectionne) - $clause_where = $clause_where." ms.ss_secteur = '$ss_secteur_selectionne' AND"; + if ($secteur_selectionne) { + $clause_where = $clause_where." ms.secteur = '".addslashes($secteur_selectionne)."' AND"; + if($ss_secteur_selectionne) { + $clause_where = $clause_where." ms.ss_secteur = '".addslashes($ss_secteur_selectionne)."' AND"; + } } - if($expertise_champ != '') - { - $clause_where = $clause_where." MATCH(m.expertise) AGAINST('".addslashes($expertise_champ)."') AND"; + if($expertise_champ) { + $clause_where = $clause_where." MATCH(m.expertise) AGAINST('".addslashes($expertise_champ)."') AND"; } - if($clause_where != 'WHERE'){ - - $show_formulaire = false; - $clause_where = substr($clause_where, 0, -3); //on vire le dernier AND - - $sql = "SELECT $champ_select $clause_from $clause_where - GROUP BY uid ORDER BY RAND(".Session::getInt('uid').')'; - - $res = $globals->db->query($sql); - - if (mysql_num_rows($res) == 0) { - $page->assign('recherche_trop_large',true); - mysql_free_result($res); - } - else{ - if (Env::has('page_courante')) { - $page_courante = Env::getInt('page_courante'); - } - else{ - $page_courante = 1; - } - - $current_uid = 0; - $nb_resultats = 0; - $page->assign('resultats',true); - $personnes = Array(); - $page->assign_by_ref('personnes',$personnes); - while((list($uid, $prenom, $nom, $promo, $bestalias, - $expertise_bd, $pays_id, $secteur_id, $ss_secteur_id) = mysql_fetch_row($res)) - || ($nb_resultats >= $nb_max_resultats_total)){ - if($current_uid != $uid){ - $current_uid = $uid; - $page_correspondante = (int)($nb_resultats / $nb_max_resultats_par_page) +1; - $nb_resultats++; - if( $page_correspondante == $page_courante){ - $pers_trouve['nom'] = $nom; - $pers_trouve['prenom'] = $prenom; - $pers_trouve['promo'] = $promo; - $pers_trouve['bestalias'] = $bestalias; - $pers_trouve['expertise'] = $expertise_bd; - $personnes[] = $pers_trouve; - } - } - } - $nb_pages = (int) ($nb_resultats/$nb_max_resultats_par_page) + 1; - $page->assign('nb_pages_total', $nb_pages); - $page->assign('page_courante', $page_courante); - mysql_free_result($res); - }//fin else - }//fin if clause_where non vide -}//fin if Chercher -//sinon on affiche le formulaire + if($clause_where) { + + $show_formulaire = false; + $clause_where = substr($clause_where, 0, -3); //on vire le dernier AND + + $sql = "SELECT $champ_select $clause_from WHERE $clause_where GROUP BY uid ORDER BY RAND(".Session::getInt('uid').')'; + $res = $globals->xdb->iterRow($sql); + + if ($res->total() == 0) { + $page->assign('recherche_trop_large',true); + } else { + if (Env::has('page_courante')) { + $page_courante = Env::getInt('page_courante'); + } else { + $page_courante = 1; + } + + $current_uid = 0; + $nb_resultats = 0; + $page->assign('resultats',true); + $personnes = Array(); + $page->assign_by_ref('personnes',$personnes); + while( (list($uid, $prenom, $nom, $promo, $bestalias, + $expertise_bd, $pays_id, $secteur_id, $ss_secteur_id) = $res->next()) + || ($nb_resultats >= $nb_max_resultats_total)){ + if ($current_uid != $uid) { + $current_uid = $uid; + $page_correspondante = (int)($nb_resultats / $nb_max_resultats_par_page) +1; + $nb_resultats++; + if( $page_correspondante == $page_courante){ + $pers_trouve['nom'] = $nom; + $pers_trouve['prenom'] = $prenom; + $pers_trouve['promo'] = $promo; + $pers_trouve['bestalias'] = $bestalias; + $pers_trouve['expertise'] = $expertise_bd; + $personnes[] = $pers_trouve; + } + } + } + $nb_pages = (int) ($nb_resultats/$nb_max_resultats_par_page) + 1; + $page->assign('nb_pages_total', $nb_pages); + $page->assign('page_courante', $page_courante); + mysql_free_result($res); + } + } +} if ($show_formulaire) { - $res = $globals->db->query("SELECT count(*) FROM mentor"); - list($nb) = mysql_fetch_row($res); - mysql_free_result($res); - - $page->assign('mentors_number',$nb); + $res = $globals->xdb->query("SELECT count(*) FROM mentor"); + $page->assign('mentors_number', $res->fetchOneCell()); } $page->run(); diff --git a/htdocs/skins.php b/htdocs/skins.php index aeec1ab..549e92d 100644 --- a/htdocs/skins.php +++ b/htdocs/skins.php @@ -26,9 +26,7 @@ if (!$globals->skin->enable) { new_skinned_page('skins.tpl', AUTH_COOKIE); if (Env::has('newskin')) { // formulaire soumis, traitons les données envoyées - $globals->db->query('UPDATE auth_user_quick - SET skin='.Env::getInt('newskin').' - WHERE user_id='.Session::getInt('uid')); + $globals->xdb->execute('UPDATE auth_user_quick SET skin={?} WHERE user_id={?}', Env::getInt('newskin'), Session::getInt('uid')); set_skin(); } @@ -37,7 +35,7 @@ $sql = "SELECT s.*,auteur,count(*) AS nb LEFT JOIN auth_user_quick AS a ON s.id=a.skin WHERE skin_tpl != '' AND ext != '' GROUP BY id ORDER BY s.date DESC"; -$page->mysql_assign($sql, 'skins'); +$page->assign_by_ref('skins', $globals->xdb->iterator($sql)); $page->run(); ?> diff --git a/htdocs/tmpPWD.php b/htdocs/tmpPWD.php index bc5fb7c..f323227 100644 --- a/htdocs/tmpPWD.php +++ b/htdocs/tmpPWD.php @@ -21,24 +21,19 @@ require_once("xorg.inc.php"); -$sql = "DELETE FROM perte_pass WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created"; -$globals->db->query($sql); +$globals->xdb->execute('DELETE FROM perte_pass WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created'); -$certificat = Env::get('certificat'); -$sql = "SELECT uid FROM perte_pass WHERE certificat='$certificat'"; -$result = $globals->db->query($sql); +$certif = Env::get('certificat'); +$res = $globals->xdb->query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif); -if ($ligne = mysql_fetch_array($result)) { - $uid=$ligne["uid"]; - if (Post::has('response2')) { // la variable $response existe-t-elle ? - // OUI, alors changeons le mot de passe +if ($ligne = $res->fetchOneAssoc()) { + $uid = $ligne["uid"]; + if (Post::has('response2')) { $password = Post::get('response2'); - $sql = "UPDATE auth_user_md5 SET password='$password' WHERE user_id='$uid' AND perms IN('admin','user')"; - $globals->db->query($sql); $logger = new DiogenesCoreLogger($uid); + $globals->xdb->query('UPDATE auth_user_md5 SET password={?} WHERE user_id={?} AND perms IN("admin","user")', $password, $uid); + $globals->xdb->query('DELETE FROM perte_pass WHERE certificat={?}', $certif); $logger->log("passwd",""); - $sql = "DELETE FROM perte_pass WHERE certificat='$certificat'"; - $globals->db->query($sql); new_skinned_page('tmpPWD.success.tpl', AUTH_PUBLIC); $page->run(); } else { diff --git a/htdocs/trombino.php b/htdocs/trombino.php index 56ddffa..d10c1ab 100644 --- a/htdocs/trombino.php +++ b/htdocs/trombino.php @@ -55,12 +55,12 @@ if (Env::has('ordi') and } } elseif (Env::get('suppr')) { // effacement de la photo - $globals->db->query('DELETE FROM photo WHERE uid = '.Session::getInt('uid')); - $globals->db->query('DELETE FROM requests WHERE user_id = '.Session::getInt('uid').' AND type="photo"'); + $globals->xdb->execute('DELETE FROM photo WHERE uid = {?}', Session::getInt('uid')); + $globals->xdb->execute('DELETE FROM requests WHERE user_id = {?} AND type="photo"', Session::getInt('uid')); } -$sql = $globals->db->query('SELECT * FROM requests WHERE user_id='.Session::getInt('uid').' AND type="photo"'); -$page->assign('submited', mysql_num_rows($sql) > 0); +$sql = $globals->xdb->query('SELECT COUNT(*) FROM requests WHERE user_id={?} AND type="photo"', Session::getInt('uid')); +$page->assign('submited', $sql->fetchOneCell()); $page->run(); diff --git a/htdocs/trombipromo.php b/htdocs/trombipromo.php index ef84632..a499834 100644 --- a/htdocs/trombipromo.php +++ b/htdocs/trombipromo.php @@ -29,26 +29,22 @@ function getList($offset,$limit) { $xpromo = Env::getInt('xpromo'); $where = ( $xpromo>0 ? "WHERE promo='$xpromo'" : "" ); - $res = $globals->db->query("SELECT COUNT(*) - FROM auth_user_md5 AS u - RIGHT JOIN photo AS p ON u.user_id=p.uid - $where"); - list($pnb) = mysql_fetch_row($res); - mysql_free_result($res); + $res = $globals->xdb->query( + "SELECT COUNT(*) + FROM auth_user_md5 AS u + RIGHT JOIN photo AS p ON u.user_id=p.uid + $where"); + $pnb = $res->fetchOneCell(); - $sql = "SELECT promo,user_id,a.alias AS forlife,nom,prenom - FROM photo AS p - INNER JOIN auth_user_md5 AS u ON u.user_id=p.uid - INNER JOIN aliases AS a ON ( u.user_id=a.id AND a.type='a_vie' ) - $where - ORDER BY promo,nom,prenom LIMIT ".($offset*$limit).",$limit"; - - $res = $globals->db->query($sql); - $list = Array(); - while($tmp = mysql_fetch_assoc($res)) $list[] = $tmp; - mysql_free_result($res); - - return Array($pnb, $list); + $res = $globals->xdb->query( + "SELECT promo,user_id,a.alias AS forlife,nom,prenom + FROM photo AS p + INNER JOIN auth_user_md5 AS u ON u.user_id=p.uid + INNER JOIN aliases AS a ON ( u.user_id=a.id AND a.type='a_vie' ) + $where + ORDER BY promo,nom,prenom LIMIT {?}, {?}", $offset*$limit, $limit); + + return Array($pnb, $res->fetchAllAssoc()); } if (Env::has('xpromo')) { diff --git a/htdocs/webredirect.php b/htdocs/webredirect.php index 1b99b76..9bff9b5 100644 --- a/htdocs/webredirect.php +++ b/htdocs/webredirect.php @@ -26,20 +26,19 @@ $log =& Session::getMixed('log'); $url = Env::get('url'); if ((Env::get('submit') == 'Valider' or Env::get('submit') == 'Modifier') and Env::has('url')) { - // on change la redirection (attention à http://) - $globals->db->query("update auth_user_quick set redirecturl = '$url' where user_id = ".Session::getInt('uid')); - if (mysql_errno() == 0) { + if ($globals->xdb->execute('UPDATE auth_user_quick SET redirecturl = {?} WHERE user_id = {?}', + $url, Session::getInt('uid'))) + { $log->log('carva_add', 'http://'.Env::get('url')); $page->trig("Redirection activée vers $url"); } else { $page->trig('Erreur de mise à jour'); } } elseif (Env::get('submit') == "Supprimer") { - // on supprime la redirection - $globals->db->query("update auth_user_quick set redirecturl = '' where user_id = ".Session::getInt('uid')); - if (mysql_errno() == 0) { + if ($globals->xdb->execute("UPDATE auth_user_quick SET redirecturl = '' WHERE user_id = {?}", Session::getInt('uid'))) + { $log->log("carva_del", $url); - Post::kil('url'); + Post::kill('url'); $page->trig('Redirection supprimée'); } else { $page->trig('Erreur de suppression'); @@ -47,10 +46,8 @@ if ((Env::get('submit') == 'Valider' or Env::get('submit') == 'Modifier') and En } -$result = $globals->db->query("select redirecturl from auth_user_quick where user_id = ".Session::getInt('uid')); -list($carva) = mysql_fetch_row($result); -mysql_free_result($result); -$page->assign('carva', $carva); +$res = $globals->xdb->query('SELECT redirecturl FROM auth_user_quick WHERE user_id = {?}', Session::getInt('uid')); +$page->assign('carva', $res->fetchOneCell()); $page->run(); ?> diff --git a/include/xorg/page.inc.php b/include/xorg/page.inc.php index 4696b0e..faf8fd3 100644 --- a/include/xorg/page.inc.php +++ b/include/xorg/page.inc.php @@ -208,10 +208,8 @@ class XorgPage extends DiogenesCorePage } if (!empty($var_found_rows)) { - $n_res = $globals->db->query('SELECT FOUND_ROWS()'); - $r = mysql_fetch_row($n_res); - $this->assign($var_found_rows, $r[0]); - mysql_free_result($n_res); + $res = $globals->xdb->query('SELECT FOUND_ROWS()'); + $this->assign($var_found_rows, $res->fetchOneCell()); //si la trace était activée on affiche la trace sur la requête initiale if ($switch_trace) { $globals->db->trace_on(); diff --git a/templates/skins.tpl b/templates/skins.tpl index a60bff9..79e4e79 100644 --- a/templates/skins.tpl +++ b/templates/skins.tpl @@ -18,10 +18,8 @@ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * ***************************************************************************} +

Skins Polytechnique.org

-

- Skins Polytechnique.org -

Tu n'aimes pas les couleurs ou l'apparence de Polytechnique.org ? Normal, les goûts et les couleurs, ça ne se discute pas. Certains préfèrent une page sérieuse, d'autres plus @@ -41,7 +39,7 @@ Pour toute information compl

-{foreach item=skin from=$skins} + {iterate item=skin from=$skins} -{/foreach} + {/iterate}
@@ -59,7 +57,7 @@ Pour toute information compl [ CAPTURE D'ECRAN ]
-- 2.1.4