Rewrote all code related to delvote_ips column to use serialize()
authorDan
Sun, 02 Sep 2007 00:23:07 -0400
changeset 112 008b1c42be72
parent 111 b348ace50bc7
child 113 6f357b951f7a
Rewrote all code related to delvote_ips column to use serialize()
includes/functions.php
includes/pageutils.php
plugins/SpecialPageFuncs.php
upgrade.php
--- a/includes/functions.php	Sat Sep 01 23:29:33 2007 -0400
+++ b/includes/functions.php	Sun Sep 02 00:23:07 2007 -0400
@@ -872,7 +872,8 @@
   global $db, $session, $paths, $template, $plugins; // Common objects
   if($session->get_permissions('vote_reset') && $paths->cpage['delvotes'] > 0)
   {
-    $hr = implode(', ', explode('|', $paths->cpage['delvote_ips']));
+    $delvote_ips = unserialize($paths->cpage['delvote_ips']);
+    $hr = htmlspecialchars(implode(', ', $delvote_ips['u']));
     $is = 'is';
     $s = '';
     $s2 = 's';
--- a/includes/pageutils.php	Sat Sep 01 23:29:33 2007 -0400
+++ b/includes/pageutils.php	Sun Sep 02 00:23:07 2007 -0400
@@ -405,18 +405,23 @@
     
     $prot = ( $namespace == 'System' ) ? 1 : 0;
     
+    $ips = array(
+      'ip' => array(),
+      'u' => array()
+      );
+    
     $page_data = Array(
       'name'=>$name,
       'urlname'=>$page_id,
       'namespace'=>$namespace,
-      'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>$prot,'delvotes'=>0,'delvote_ips'=>'','wiki_mode'=>2,
+      'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>$prot,'delvotes'=>0,'delvote_ips'=>serialize($ips),'wiki_mode'=>2,
     );
     
     // die('PageUtils::createpage: Creating page with this data:<pre>' . print_r($page_data, true) . '</pre>');
     
     $paths->add_page($page_data);
     
-    $qa = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,visible,protected) VALUES(\''.$db->escape($name).'\', \''.$db->escape($page_id).'\', \''.$namespace.'\', '. ( $visible ? '1' : '0' ) .', '.$prot.');');
+    $qa = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\''.$db->escape($name).'\', \''.$db->escape($page_id).'\', \''.$namespace.'\', '. ( $visible ? '1' : '0' ) .', '.$prot.', \'' . $db->escape(serialize($ips)) . '\');');
     $qb = $db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace) VALUES(\''.$db->escape($page_id).'\', \''.$namespace.'\');');
     $qc = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'create\', \''.$session->username.'\', \''.$db->escape($page_id).'\', \''.$namespace.'\');');
     
@@ -1302,25 +1307,60 @@
   function delvote($page_id, $namespace)
   {
     global $db, $session, $paths, $template, $plugins; // Common objects
-    if(!$session->get_permissions('vote_delete'))
+    if ( !$session->get_permissions('vote_delete') )
+    {
       return 'Access denied';
-    $pname = $paths->nslist[$namespace] . $page_id;
-    $cv = $paths->pages[$pname]['delvotes'];
-    $ips = $paths->pages[$pname]['delvote_ips'];
-    $ips = explode('|', $ips);
-    if(in_array($_SERVER['REMOTE_ADDR'], $ips)) return('It appears that you have already voted to have this page deleted.');
-    if($session->user_logged_in)
-      if(in_array($session->username, $ips))
-        return('It appears that you have already voted to have this page deleted.');
-    $ips[] = $_SERVER['REMOTE_ADDR'];
-    if($session->user_logged_in) $ips[] = $session->username;
-    $ips = implode('|', $ips);
-    $ips = substr($ips, 1, strlen($ips));
+    }
+    
+    if ( $namespace == 'Admin' || $namespace == 'Special' || $namespace == 'System' )
+    {
+      return 'Special pages and system messages can\'t be voted for deletion.';
+    }
+    
+    $pname = $paths->nslist[$namespace] . sanitize_page_id($page_id);
+    
+    if ( !isset($paths->pages[$pname]) )
+    {
+      return 'The page does not exist.';
+    }
+    
+    $cv  =& $paths->pages[$pname]['delvotes'];
+    $ips =  $paths->pages[$pname]['delvote_ips'];
+    
+    if ( empty($ips) )
+    {
+      $ips = array(
+        'ip' => array(),
+        'u' => array()
+        );
+    }
+    else
+    {
+      $ips = @unserialize($ips);
+      if ( !$ips )
+      {
+        $ips = array(
+        'ip' => array(),
+        'u' => array()
+        );
+      }
+    }
+    
+    if ( in_array($session->username, $ips['u']) || in_array($_SERVER['REMOTE_ADDR'], $ips['ip']) )
+    {
+      return 'It appears that you have already voted to have this page deleted.';
+    }
+    
+    $ips['u'][] = $session->username;
+    $ips['ip'][] = $_SERVER['REMOTE_ADDR'];
+    $ips = $db->escape( serialize($ips) );
+    
     $cv++;
+    
     $q = 'UPDATE '.table_prefix.'pages SET delvotes='.$cv.',delvote_ips=\''.$ips.'\' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\'';
     $w = $db->sql_query($q);
-    if(!$w) return("Error updating pages table: ".mysql_error()."\n\nAttemped SQL:\n".$q);
-    return('Your vote to have this page deleted has been cast.'."\nYou are encouraged to leave a comment explaining the reason for your vote.");
+    
+    return 'Your vote to have this page deleted has been cast.'."\nYou are encouraged to leave a comment explaining the reason for your vote.";
   }
   
   /**
@@ -1334,7 +1374,7 @@
   {
     global $db, $session, $paths, $template, $plugins; // Common objects
     if(!$session->get_permissions('vote_reset')) die('You need moderator rights in order to do this, stinkin\' hacker.');
-    $q = 'UPDATE '.table_prefix.'pages SET delvotes=0,delvote_ips=\'\' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\'';
+    $q = 'UPDATE '.table_prefix.'pages SET delvotes=0,delvote_ips=\'' . $db->escape(serialize(array('ip'=>array(),'u'=>array()))) . '\' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\'';
     $e = $db->sql_query($q);
     if(!$e) $db->_die('The number of delete votes was not reset.');
     else return('The number of votes for having this page deleted has been reset to zero.');
--- a/plugins/SpecialPageFuncs.php	Sat Sep 01 23:29:33 2007 -0400
+++ b/plugins/SpecialPageFuncs.php	Sun Sep 02 00:23:07 2007 -0400
@@ -127,6 +127,12 @@
       $db->_die('An SQL injection attempt was caught at '.dirname(__FILE__).':'.__LINE__.'.');
     }
     
+    $ips = array(
+      'ip' => array(),
+      'u' => array()
+      );
+    $ips = $db->escape(serialize($ips));
+    
     $urlname = sanitize_page_id($urlname);
     $urlname = $db->escape($urlname);
     
@@ -140,7 +146,7 @@
       $db->_die('The page log could not be updated.');
     }
     
-    $q = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace) VALUES(\''.$name.'\', \''.$urlname.'\', \''.$_POST['namespace'].'\');');
+    $q = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,delvote_ips) VALUES(\''.$name.'\', \''.$urlname.'\', \''.$_POST['namespace'].'\',\'' . $ips . '\');');
     if ( !$q )
     {
       $db->_die('The page entry could not be inserted.');
--- a/upgrade.php	Sat Sep 01 23:29:33 2007 -0400
+++ b/upgrade.php	Sun Sep 02 00:23:07 2007 -0400
@@ -77,6 +77,7 @@
   );
 $this_version   = '1.0.1';
 $func_list = Array(
+    '1.0' => Array('u_1_0_1_update_del_votes'),
     '1.0b4' => Array('u_1_0_RC1_update_user_ids', 'u_1_0_RC1_add_admins_to_group', 'u_1_0_RC1_alter_files_table', 'u_1_0_RC1_destroy_session_cookie', 'u_1_0_RC1_set_contact_email', 'u_1_0_RC1_update_page_text'), // ,
     // '1.0RC2' => Array('u_1_0_populate_userpage_comments')
     '1.0RC3' => Array('u_1_0_RC3_make_users_extra')
@@ -353,23 +354,51 @@
   }
 }
 
-function u_1_0_populate_userpage_comments()
+function u_1_0_1_update_del_votes()
 {
-  //
-  // UNFINISHED...
-  //
-  
-  /*
   global $db;
-  $q = $db->sql_query('SELECT COUNT(c.comment_id) AS num_comments...');
+  $q = $db->sql_query('SELECT urlname, namespace, delvote_ips FROM '.table_prefix.'pages;');
   if ( !$q )
     $db->_die();
   
-  while ( $row = $db->fetchrow() )
+  while ( $row = $db->fetchrow($q) )
   {
-    
+    $ips = strval($row['delvote_ips']);
+    if ( is_array( @unserialize($ips) ) )
+      continue;
+    $ips = explode('|', $ips);
+    $new = array(
+      'ip' => array(),
+      'u' => array()
+      );
+    $i = 0;
+    $prev = '';
+    $prev_is_ip = false;
+    foreach ( $ips as $ip )
+    {
+      $i++;
+      $current_is_ip = is_valid_ip($ip);
+      if ( $current_is_ip && $prev_is_ip )
+      {
+        $new['u'][] = $prev;
+      }
+      if ( $current_is_ip )
+      {
+        $new['ip'][] = $ip;
+      }
+      else
+      {
+        $new['u'][] = $ip;
+      }
+      $prev = $ip;
+      $prev_is_ip = $current_is_ip;
+    }
+    $new = serialize($new);
+    $e = $db->sql_query('UPDATE '.table_prefix.'pages SET delvote_ips=\'' . $db->escape($new) . '\' WHERE urlname=\'' . $db->escape($row['urlname']) . '\' AND namespace=\'' . $db->escape($row['namespace']) . '\';');
+    if ( !$e )
+      $db->_die();
   }
-  */
+  $db->free_result($q);
 }
 
 function u_1_0_RC3_make_users_extra()