diff options
author | Chaoyi Zha <summermontreal@gmail.com> | 2015-09-17 02:27:02 +0300 |
---|---|---|
committer | Chaoyi Zha <summermontreal@gmail.com> | 2015-09-17 02:27:02 +0300 |
commit | a167653b791efe3dc085702d111edab9494d958d (patch) | |
tree | f3156b0e237b266e50c95496c7d8e58438d8d789 | |
parent | b914c763783375ce22a2748a1c1a06637ccc3808 (diff) |
Small fixes & add YOURLS migrationfeature/yourls_migration
-rw-r--r-- | admin/ucp-disablelink.php | 4 | ||||
-rw-r--r-- | lib-core.php | 31 | ||||
-rw-r--r-- | migrations/yourls.php | 38 |
3 files changed, 54 insertions, 19 deletions
diff --git a/admin/ucp-disablelink.php b/admin/ucp-disablelink.php index 01b679e..bd15cb3 100644 --- a/admin/ucp-disablelink.php +++ b/admin/ucp-disablelink.php @@ -5,7 +5,6 @@ $polrauth = new polrauth(); $baseval = $mysqli->real_escape_string($_POST['baseval']); $userinfo = $polrauth->islogged(); if(!is_array($userinfo)) { - //not logged in die('401 Unauthorized (not logged in)'); } $role = $userinfo['role']; @@ -16,10 +15,9 @@ if($role!='adm') { die('401 Unauthorized (not admin)'); } -//if all works out $orig = $mysqli->real_escape_string(sqlfetch('redirinfo', 'rurl', 'baseval', $baseval)); $query = "UPDATE redirinfo SET rurl='disabled', etc2='Disabled by {$user} on UNIXDATE {$date}', etc='{$orig}' WHERE baseval='{$baseval}';"; $result = $mysqli->query($query) or die('error'); echo 'success'; -die(); //all works out :) +die(); diff --git a/lib-core.php b/lib-core.php index f1d310e..3367bbf 100644 --- a/lib-core.php +++ b/lib-core.php @@ -16,17 +16,19 @@ */ @(require_once('config.php')); include('version.php'); -$debug = 0; // Set to 1 in order to enable debug mode (shows sensitive database info), use for troubleshooting -$footer = "© Copyright 2014 $wsn. Powered by <a href='http://github.com/cydrobolt/polr'>Polr</a> ver $version build $reldate"; -$hidefooter = true; // Let's hide this for now -//connect to mysql with $mysqli variable -$mysqli = new mysqli($host, $user, $passwd, $db) ; + +// set to 1 in order to enable debug mode (shows sensitive database info), use for troubleshooting +$debug = 0; + +// connect to mysql trhough the $mysqli variable +$mysqli = new mysqli($host, $user, $passwd, $db); + if ($mysqli->connect_errno) { echo "Database error. If you are a member of the general public, contact an administrator to solve this issue. If you are the administrator of this website, please make sure your database is turned on and that credentials are correct."; die(); } -// Attempt to set Charset as UTF8 to avoid real_escape_string vulnerabilities +// attempt to set Charset as UTF8 to avoid real_escape_string vulnerabilities if (!$mysqli->set_charset("utf8")) { $insecure = true; } else { @@ -41,14 +43,14 @@ spl_autoload_register('autoloader'); session_start(); function sqlex($table, $rowf, $where, $wval) { global $mysqli; - //Sanitize strings + $rowfs = $mysqli->real_escape_string($rowf); $tables = $mysqli->real_escape_string($table); $wheres = $mysqli->real_escape_string($where); - $wvals = $mysqli->real_escape_string($wval); + $q2p = "SELECT {$rowfs} FROM {$tables} WHERE {$wheres}=?"; $stmt = $mysqli->prepare($q2p); - $stmt->bind_param('s', $wvals); + $stmt->bind_param('s', $wval); $stmt->execute(); $result = $stmt->get_result(); $numrows = $result->num_rows; @@ -65,20 +67,17 @@ function sqlfetch($table, $rowf, $where, $wval) { $rowfs = $mysqli->real_escape_string($rowf); $tables = $mysqli->real_escape_string($table); $wheres = $mysqli->real_escape_string($where); - $wvals = $mysqli->real_escape_string($wval); - //$query = "SELECT $rowfs FROM $tables WHERE $wheres='$wvals'"; $q2p = "SELECT {$rowfs} FROM {$tables} WHERE {$wheres}=?"; $stmt = $mysqli->prepare($q2p); - $stmt->bind_param('s', $wvals); + $stmt->bind_param('s', $wval); $stmt->execute(); $result = $stmt->get_result(); $row = mysqli_fetch_assoc($result); return $row[$rowf]; } -//SQL Functions -//Sanitize input when using sqlrun! +// sanitize input when using sqlrun! function sqlrun($query) { global $mysqli; $queryrs = $query; @@ -92,7 +91,7 @@ function sqlrun($query) { function showerror() { - //Show an error, and die. If Debug is on, show SQL error message + // show an error and die. If `debug` is on, show SQL error message global $debug; global $mysqli; echo "There seems to be a problem. Contact an administrator to report this issue."; @@ -112,7 +111,7 @@ function filterurl($url) { } } function filteremail($email) { - // Validate an email + // validate an email if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { return false; } else { diff --git a/migrations/yourls.php b/migrations/yourls.php new file mode 100644 index 0000000..569d15d --- /dev/null +++ b/migrations/yourls.php @@ -0,0 +1,38 @@ +<?php +/* +# Copyright (C) 2013-2015 Chaoyi Zha +# Polr is an open-source project licensed under the GPL. +# The above copyright notice and the following license are applicable to +# the entire project, unless explicitly defined otherwise. +# http://github.com/cydrobolt/polr +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or (at +# your option) any later version. +# See http://www.gnu.org/copyleft/gpl.html for the full text of the +# license. +# + + +# YOURLS -> Polr Migration +*/ + +require_once 'lib-core.php'; + +function perform_migration($yourls_host, $yourls_user, $yourls_passwd, $yourls_db) + $yourls_mysqli = new mysqli($yourls_host, $yourls_user, $yourls_passwd, $yourls_db); + + $qp = "SELECT (`keyword`, `url`, `ip`, `clicks`, `timestamp`) FROM `URL`"; + $stmt = $yourls_mysqli->prepare($qp); + $stmt->bind_param('s', $wval); + $stmt->execute(); + $result = $stmt->get_result(); + + $yourls_rows = $yourls_mysqli->fetch_array($result, MYSQLI_NUM); + foreach ($yourls_rows as $ylsr) { + // for each YOURLS row, insert the row into the Polr database + $qpi = "INSERT INTO `redirinfo` (`baseval`, `rurl`, `ip`, `clicks`, `date`) VALUES (?, ?, ?, ?, ?)"; + $stmti = $mysqli->prepare($qpi); + $stmt->bind_param('sssss', $ylsr['keyword'], $ylsr['url'], $ylsr['clicks'], $ylsr['timestamp']); + $stmti->execute(); + } |