Commit 7a1b6a5b by Saucy

Fix: PHP v7 database connections, using PDO instead of mysql

parent 59e167db
# Frostapaintball.se
Sadly the database structure (.sql file) is nowhere to be found. :(
However, I tried to recreate it, and it is found in the /sql folder.
## Changes to made the website display on a PHP v7 configuration
Some updates are made to make the website usable/visible on PHP version 7. I've tried to change as little as possible because I still want it to show how my code looked back then, and I don't want to spend time updating something that's (for me) completely useless:
/inc/conn.php:
- Change mysql connection to PDO.
- Remove mysql_real_escape_string().
/inc/functions.php:
- Remove annoying error.
/index.php:
- Change mysql functions to PDO.
- Fix error about magic keywords - but in reality I forgot to stringify what I was checking `$username` against...
/info.php:
- Change mysql functions to PDO.
/links.php:
- Change mysql functions to PDO.
/team.php:
- Change mysql functions to PDO.
- Fix error about magic keywords - but in reality I forgot to stringify what I was checking `$username` against...
/sql/frostapaintball.sql:
- Add a best-I-could-to-recreate-the-database-structure file. Mostly so I could get the website to display correctly.
......@@ -6,9 +6,16 @@ $mysql_database = 'database';
$mysql_user = 'username';
$mysql_password = 'password';
$conn = mysql_connect($mysql_server, $mysql_user, $mysql_password);
mysql_select_db($mysql_database, $conn);
$conn = new PDO(
"mysql:host=$mysql_server;dbname=$mysql_database",
$mysql_user,
$mysql_password,
[
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::MYSQL_ATTR_FOUND_ROWS => true,
PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'
]
);
// En funktion att anv�ndas n�r magic_quotes_gpc inte �r satt. F�r att f�rhindra SQL-injections, eller i lidrigare fall MySQl-fel.
function db_escape ($post)
......@@ -17,7 +24,7 @@ function db_escape ($post)
if (get_magic_quotes_gpc()) {
$post = stripslashes($post);
}
return mysql_real_escape_string($post);
return $post;
}
foreach ($post as $key => $val) {
......
......@@ -127,7 +127,7 @@ function bbkod($text) {
$num_smilies = count($smilies);
for ($i = 0; $i < $num_smilies; $i++)
$text = preg_replace("#(?<=.\W|\W.|^\W)".preg_quote($smilies[$i], '#')."(?=.\W|\W.|\W$)#m",
'$1<img src="./forum/images/smilies/'.$img[$i].'" alt="'.$text[$i].'">$2', $text);
'$1<img src="./forum/images/smilies/'.$img[$i].'">$2', $text);
$text = nl2br($text);
......
......@@ -213,16 +213,18 @@ if (!isset($_SESSION['sess_user'])){
if (!isset($_GET['news'])) {
$nyhet = 0;
$resultat = mysql_query("SELECT * FROM news ORDER BY newsID DESC") or die (mysql_error());
while($row = mysql_fetch_array($resultat)) {
$sqlNews = "SELECT * FROM legacy_frostapaintball_news ORDER BY newsID DESC";
$stmtNews = $conn->prepare($sqlNews);
$stmtNews->execute();
while($row = $stmtNews->fetch()) {
$id = $row['newsID'];
$title = $row['title'];
$date = $row['date'];
$text = $row['text'];
$user = $row['user'];
if($user == Admin)
$user = Ss;
if($user == 'Admin')
$user = 'Sås';
echo "<div id=\"content\">
<div id=\"title\">
......@@ -257,16 +259,19 @@ if (!isset($_SESSION['sess_user'])){
/* Anv�nd intval() f�r att undvika s.k. SQL INJECTIONS,
dvs. att folk kan typ radera din databas... */
}
$resultat3 = mysql_query("SELECT * FROM news WHERE newsID = $nyhet LIMIT 1") or die (mysql_error());
if($row3 = mysql_fetch_array($resultat3)) {
$sqlNewsSingle = "SELECT * FROM legacy_frostapaintball_news WHERE newsID = $nyhet LIMIT 1";
$stmtNewsSingle = $conn->prepare($sqlNewsSingle);
$stmtNewsSingle->execute();
if($row3 = $stmtNewsSingle->fetch()) {
$id = $row3['newsID'];
$title = $row3['title'];
$date = $row3['date'];
$text = $row3['text'];
$user = $row3['user'];
if($user == Admin)
$user = Ss;
if($user == 'Admin')
$user = 'Sås';
echo "
<div id=\"content\">
......
......@@ -181,8 +181,10 @@ echo "<div id=\"content\">
<div id=\"spacer\"></div>
<div id=\"text\">";
$resultat = mysql_query("SELECT * FROM info WHERE infoID = 1") or die (mysql_error());
while($row = mysql_fetch_array($resultat)) {
$sql = "SELECT * FROM legacy_frostapaintball_info WHERE infoID = 1";
$stmt = $conn->prepare($sql);
$stmt->execute();
while($row = $stmt->fetch()) {
$text = $row['text'];
echo bbkod($text);
......
......@@ -184,8 +184,11 @@ echo "<div id=\"content\">
<div id=\"spacer\"></div>
<div id=\"text\">";
$resultat = mysql_query("SELECT * FROM info WHERE infoID = 2") or die (mysql_error());
while($row = mysql_fetch_array($resultat)) {
$sql = "SELECT * FROM legacy_frostapaintball_info WHERE infoID = 2";
$stmt = $conn->prepare($sql);
$stmt->execute();
while($row = $stmt->fetch()) {
$text = $row['text'];
echo bbkod($text);
......
SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8mb4 */;
CREATE TABLE `legacy_frostapaintball_info` (
`infoID` int(10) UNSIGNED NOT NULL,
`text` text COLLATE utf8_unicode_ci NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
INSERT INTO `legacy_frostapaintball_info` (`infoID`, `text`) VALUES
(1, 'Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.'),
(2, 'Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.');
CREATE TABLE `legacy_frostapaintball_members` (
`membersID` int(10) UNSIGNED NOT NULL,
`user` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
`pass` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
`name` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
`lastname` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
`role` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
`team` varchar(255) COLLATE utf8_unicode_ci NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
INSERT INTO `legacy_frostapaintball_members` (`membersID`, `user`, `pass`, `name`, `lastname`, `role`, `team`) VALUES
(1, 'Admin', 'admin', 'Name', 'Lastname', 'Role', 'Admins');
CREATE TABLE `legacy_frostapaintball_news` (
`newsID` int(10) UNSIGNED NOT NULL,
`title` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
`date` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
`text` text COLLATE utf8_unicode_ci NOT NULL,
`user` varchar(255) COLLATE utf8_unicode_ci NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
INSERT INTO `legacy_frostapaintball_news` (`newsID`, `title`, `date`, `text`, `user`) VALUES
(1, 'dev', '2016-05-19', 'Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.', 'Admin');
ALTER TABLE `legacy_frostapaintball_info`
ADD PRIMARY KEY (`infoID`);
ALTER TABLE `legacy_frostapaintball_members`
ADD PRIMARY KEY (`membersID`);
ALTER TABLE `legacy_frostapaintball_news`
ADD PRIMARY KEY (`newsID`);
ALTER TABLE `legacy_frostapaintball_info`
MODIFY `infoID` int(10) UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=3;
ALTER TABLE `legacy_frostapaintball_members`
MODIFY `membersID` int(10) UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=2;
ALTER TABLE `legacy_frostapaintball_news`
MODIFY `newsID` int(10) UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=2;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
......@@ -210,16 +210,19 @@ echo "<div id=\"content\">
<u>Team HeadZ</u><br /><br />";
$resultat = mysql_query("SELECT * FROM members ORDER BY membersID") or die (mysql_error());
while($row = mysql_fetch_array($resultat)) {
$sql = "SELECT * FROM legacy_frostapaintball_members ORDER BY membersID";
$stmt = $conn->prepare($sql);
$stmt->execute();
while($row = $stmt->fetch()) {
$id = $row['membersID'];
$user = $row['user'];
$name = $row['name'];
$lastname = $row['lastname'];
$role = $row['role'];
if($user == Admin)
$user = Ss;
if($user == 'Admin')
$user = 'Sås';
echo "$role: $name \"$user\" $lastname <br />";
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment