Start moving admin stuff to PDO

2025-03-12 14:40:09 +01:00 · 2021-07-10 16:21:01 -04:00 · 2021-07-10 16:21:01 -04:00 · a6f63b6781
commit a6f63b6781
parent c9fe44913a
4 changed files with 98 additions and 135 deletions
--- a/admin/admin.php
+++ b/admin/admin.php
@ -37,29 +37,32 @@ if (isset($_GET['logout'])) {
 $date = date('jS F Y');
 $ip   = $_SERVER['REMOTE_ADDR'];
 require_once('../config.php');
 $con = mysqli_connect($dbhost, $dbuser, $dbpassword, $dbname);
-if (mysqli_connect_errno()) {
+$conn = new PDO(
-    $sql_error = mysqli_connect_error();
+    "mysql:host=$db_host;dbname=$db_schema;charset=utf8",
-    die("Unable connect to database");
+    $db_user,
-}
+    $db_pass,
    $db_opts
 );
 $query = "SELECT @last_id := MAX(id) FROM admin_history";
-$result = mysqli_query($con, $query);
+$query = $conn->query('SELECT @last_id := MAX(id) FROM admin_history');
-while ($row = mysqli_fetch_array($result)) {
+while ($row = $query->fetch()) {
    $last_id = $row['@last_id := MAX(id)'];
 }
-$query  = "SELECT * FROM admin_history WHERE id=" . Trim($last_id);
+$query = $conn->prepare('SELECT ip, last_date FROM admin_history WHERE id = ?');
-$result = mysqli_query($con, $query);
+$query->execute([$last_id]);
-while ($row = mysqli_fetch_array($result)) {
+while ($row = $query->fetch()) {
    $last_date = $row['last_date'];
    $last_ip   = $row['ip'];
 }
 /* This seems to take the same path in both cases and be overly convoluted, so I rewrote it below but kept this in case I
 * am missing something...
 if ($last_ip == $ip) {
    if ($last_date == $date) {
@ -70,13 +73,15 @@ if ($last_ip == $ip) {
 } else {
    $query = "INSERT INTO admin_history (last_date,ip) VALUES ('$date','$ip')";
    mysqli_query($con, $query);
 }*/
 if ($last_ip !== $ip || $last_date !== $date) {
    $conn->prepare('INSERT INTO admin_history (ip, last_date) VALUES (?, ?)')->execute([$date, $ip]);
 }
 $query  = $conn->query('SELECT user, pass FROM admin');
-$query  = "SELECT * FROM admin";
+while ($row = $query->fetch()) {
 $result = mysqli_query($con, $query);
 while ($row = mysqli_fetch_array($result)) {
    $adminid  = Trim($row['user']);
    $password = Trim($row['pass']);
 }
@ -184,23 +189,20 @@ while ($row = mysqli_fetch_array($result)) {
 												</tr>
 												<?php
                                                $rec_limit = 10;
 												$query     = "SELECT count(id) FROM admin_history";
 												$retval    = mysqli_query($con, $query);
-												$row       = mysqli_fetch_array($retval);
+                                                $query = $conn->query('SELECT COUNT(*) FROM admin_history');
-												$rec_count = Trim($row[0]);
+												$row = $query->fetch(PDO::FETCH_NUM);
 												$rec_count = $row[0];
-												$sql      = "SELECT * FROM admin_history ORDER BY `id` DESC LIMIT $rec_limit";
+												$query = $conn->prepare('SELECT ip, last_date FROM admin_history ORDER BY `id` LIMIT ?');
-												$result   = mysqli_query($con, $sql);
+												$query->execute([$rec_limit]);
-												// Loop through each record
+												while ($row = $query->fetch()) {
 												while ($row = mysqli_fetch_array($result)) {
 													// Populate and display result data in each row
 													echo '<tr>';
 													echo '<td>' . $row['last_date'] . '</td>';
 													echo '<td>' . $row['ip'] . '</td>';
 												}
 													echo '</tr>';
 												}
 												?>
 											</tbody>
 										</table>
--- a/admin/dashboard.php
+++ b/admin/dashboard.php
@ -15,10 +15,8 @@
 session_start();
-if (isset($_SESSION['login'])) {
+if (!isset($_SESSION['login'])) {
-// Do nothing	
+    header('Location: .');
 } else {
    header("Location: .");
    exit();
 }
@ -38,92 +36,72 @@ $date = date('jS F Y');
 $ip   = $_SERVER['REMOTE_ADDR'];
 require_once('../config.php');
 require_once('../includes/functions.php');
 $con = mysqli_connect($dbhost, $dbuser, $dbpassword, $dbname);
-if (mysqli_connect_errno()) {
+$conn = new PDO(
-    $sql_error = mysqli_connect_error();
+    "mysql:host=$db_host;dbname=$db_schema;charset=utf8",
-    die("Unable connect to database");
+    $db_user,
-}
+    $db_pass,
    $db_opts
 );
-$query = "SELECT @last_id := MAX(id) FROM admin_history";
+$query = $conn->query('SELECT @last_id := MAX(id) FROM admin_history');
-$result = mysqli_query($con, $query);
+while ($row = $query->fetch()) {
 while ($row = mysqli_fetch_array($result)) {
    $last_id = $row['@last_id := MAX(id)'];
 }
-$query  = "SELECT * FROM admin_history WHERE id=" . Trim($last_id);
+$query = $conn->prepare('SELECT ip, last_date FROM admin_history WHERE id = ?');
-$result = mysqli_query($con, $query);
+$query->execute([$last_id]);
-while ($row = mysqli_fetch_array($result)) {
+while ($row = $query->fetch()) {
    $last_date = $row['last_date'];
    $last_ip   = $row['ip'];
 }
 if ($last_ip == $ip) {
    if ($last_date == $date) {
-    } else {
+if ($last_ip !== $ip || $last_date !== $date) {
-        $query = "INSERT INTO admin_history (last_date,ip) VALUES ('$date','$ip')";
+    $conn->prepare('INSERT INTO admin_history (ip, last_date) VALUES (?, ?)')->execute([$date, $ip]);
        mysqli_query($con, $query);
    }
 } else {
    $query = "INSERT INTO admin_history (last_date,ip) VALUES ('$date','$ip')";
    mysqli_query($con, $query);
 }
 $query  = "SELECT * FROM page_view";
 $result = mysqli_query($con, $query);
 while ($row = mysqli_fetch_array($result)) {
    $total_page  = isset($total_page) + Trim($row['tpage']);
    $total_visit = isset($total_visit) + Trim($row['tvisit']);
 }
-$query = "SELECT @last_id := MAX(id) FROM page_view";
+$query = $conn->query("SELECT @last_id := MAX(id) FROM page_view");
 $row = $query->fetch(PDO::FETCH_NUM);
 $page_last_id = intval($row[0]);
 $result = mysqli_query($con, $query);
-while ($row = mysqli_fetch_array($result)) {
+$query = $conn->prepare('SELECT tpage, tvisit FROM page_view WHERE id = ?');
-    $page_last_id = $row['@last_id := MAX(id)'];
+$query->execute([$page_last_id]);
 }
-$query  = "SELECT * FROM page_view WHERE id=" . Trim($page_last_id);
+while ($row = $query->fetch()) {
 $result = mysqli_query($con, $query);
 while ($row = mysqli_fetch_array($result)) {
    $today_page  = $row['tpage'];
    $today_visit = $row['tvisit'];
 }
-$query  = "SELECT * FROM site_info";
+$query = $conn->query('SELECT email FROM site_info');
 $result = mysqli_query($con, $query);
-while ($row = mysqli_fetch_array($result)) {
+while ($row = $query->fetch()) {
    $admin_email = Trim($row['email']);
 }
 $c_date = date('jS F Y');
 $query  = "SELECT id, username, date, ip FROM users where date='$c_date'";
 $result = mysqli_query($con, $query);
-while ($row = mysqli_fetch_array($result)) {
+/* Number of users today */
-    $today_users_count = $today_users_count + 1;
+$query = $conn->prepare('SELECT COUNT(*) FROM users WHERE `date` = ?');
-}
+$query->execute([$c_date]);
 $today_users_count = intval($query->fetch(PDO::FETCH_NUM)[0]);
-$query  = "SELECT id, ip, title, date, now_time, s_date, views, member FROM pastes where s_date='$c_date'";
+/* Number of pastes today */
-$result = mysqli_query($con, $query);
+$query = $conn->prepare('SELECT COUNT(*) FROM pastes where s_date = ?');
 $query->execute([$c_date]);
 $today_pastes_count = intval($query->fetch(PDO::FETCH_NUM)[0]);
 while ($row = mysqli_fetch_array($result)) {
    $today_pastes_count = $today_pastes_count + 1;
 }
 for ($loop = 0; $loop <= 6; $loop++) {
    $myid   = $page_last_id - $loop;
-    $query  = "SELECT * FROM page_view WHERE id='$myid'";
+    $query  = $conn->prepare("SELECT date, tpage, tvisit FROM page_view WHERE id = ?");
-    $result = mysqli_query($con, $query);
+    $query->execute([$myid]);
-    while ($row = mysqli_fetch_array($result)) {
+    while ($row = $query->fetch()) {
        $sdate = $row['date'];
        $sdate = str_replace(date('Y'), '', $sdate);
        $sdate = str_replace('January', 'Jan', $sdate);
@ -233,8 +211,8 @@ for ($loop = 0; $loop <= 6; $loop++) {
 						</thead>
 						<tbody>
 						<?php
-						$res = getRecentadmin($con, 7);
+						$res = getRecentadmin($conn, 7);
-						while ($row = mysqli_fetch_array($res)) {
+						foreach ($res as $row) {
 							$title    = Trim($row['title']);
 							$p_id     = Trim($row['id']);
 							$p_date   = Trim($row['s_date']);
@ -284,31 +262,18 @@ for ($loop = 0; $loop <= 6; $loop++) {
 						</thead>
 						<tbody>
 						<?php
-						$query = "SELECT @last_id := MAX(id) FROM users";
+                        $most_recent_users = $conn->query('SELECT id, username, date, ip FROM users ORDER BY id DESC LIMIT 7')->fetchAll();
-						$result = mysqli_query($con, $query);
+                        $last_id = intval(
                                $conn->query('SELECT MAX(id) FROM users')->fetch(PDO::FETCH_NUM)[0]
                        );
-						if($result) {
+                        foreach ($most_recent_users as $user) {
 							while ($row = mysqli_fetch_array($result)) {
 								$last_id = $row['@last_id := MAX(id)'];
 							}
 						}
 						for ($uloop = 0; $uloop <= 6; $uloop++) {
 							$r_my_id = $last_id - $uloop;
 							$query   = "SELECT * FROM users WHERE id='$r_my_id'";
 							$result  = mysqli_query($con, $query);
 							while ($row = mysqli_fetch_array($result)) {
 								$u_date   = $row['date'];
 								$ip       = $row['ip'];
 								$username = $row['username'];
 							}
                            echo "
 										  <tr>
-											<td>$r_my_id</td>
+											<td>${user['id']}</td>
-											<td>$username</td>
+											<td>${user['username']}</td>
-											<td>$u_date</td>
+											<td>${user['date']}</td>
-											<td><span class='label label-default'>$ip</span></td>
+											<td><span class='label label-default'>${user['ip']}</span></td>
 										  </tr> ";
                        }
@ -344,8 +309,8 @@ for ($loop = 0; $loop <= 6; $loop++) {
 						</thead>
 						<tbody>
 						<?php
-						$res = getreports($con, 7);
+						$res = getreports($conn, 7);
-						while ($row = mysqli_fetch_array($res)) {
+						foreach ($res as $row) {
 							$r_paste    = Trim($row['p_report']);
 							$r_id     = Trim($row['id']);
 							$r_date   = Trim($row['t_report']);
--- a/admin/index.php
+++ b/admin/index.php
@ -20,18 +20,18 @@ session_start();
 require_once ('../config.php');
-$con = mysqli_connect($dbhost, $dbuser, $dbpassword, $dbname);
+$conn = new PDO(
-if (mysqli_connect_errno()) {
+    "mysql:host=$db_host;dbname=$db_schema;charset=utf8",
-	$sql_error = mysqli_connect_error();
+    $db_user,
-	die("Unable connect to database");
+    $db_pass,
-}
+    $db_opts
 );
-$query =  "SELECT * FROM admin";
+$query  = $conn->query('SELECT user, pass FROM admin');
 $result = mysqli_query($con,$query);
-while($row = mysqli_fetch_array($result)) {
+while ($row = $query->fetch()) {
    $adminid  = Trim($row['user']);
-	$password =   $row['pass'];
+    $password = Trim($row['pass']);
 }
 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
--- a/includes/functions.php
+++ b/includes/functions.php
@ -83,12 +83,11 @@ function checkFavorite($paste_id, $user_id, $conn) {
        }
      }
- function getreports($conn, $count = 10)
+      function getreports($conn, $count = 10) {
-{
+    $query = $conn->prepare('SELECT * FROM user_reports LIMIT ?');
-    $limit  = $count ? "limit $count" : "";
+    $query->execute([$count]);
-    $query  = "SELECT * FROM user_reports $count";
+
-    $result = mysqli_query($conn, $query);
+    return $query->fetchAll();
    return $result;
 }   
  function sandwitch($str){
@ -233,13 +232,10 @@ LIMIT ?");
 function getRecentadmin($conn, $count = 5)
 {
-    $limit  = $count ? "limit $count" : "";
+    $query = $conn->prepare('SELECT id, ip title, date, now_time, s_date, views, member FROM pastes ORDER BY id DESC LIMIT 0, ?');
-    $query  = "SELECT id, ip, title, date, now_time, s_date, views, member 
+    $query->execute([$count]);
-FROM pastes
+
-ORDER BY id DESC
+    return $query->fetchAll();
 LIMIT 0 , $count";
    $result = mysqli_query($conn, $query);
    return $result;
 }    
 function getpopular($conn, $count = 10)
 {