diff --git a/account.php b/account.php index 23b0b0a..a7e4006 100644 --- a/account.php +++ b/account.php @@ -13,13 +13,14 @@ header("Pragma: no-cache"); header("Cache-control: no-cache"); //check command and process -do_account($cmd); +if(isset($_POST['cmd'])) + do_account($_POST['cmd']); +else + do_account($_GET['cmd']); //process according to $cmd from URL function do_account($cmd = null) { - global $ext_username, $ext_password, $ext_password2, $ext_realname, $ext_email; - if (! $cmd) return 0; switch($cmd) { @@ -68,58 +69,56 @@ function retry($cmd, $msg) //create new account function cmd_do_new() { - global $ext_username, $ext_password, $ext_password2, $ext_realname, $ext_email; - global $current; - - if(ereg("^.+@.+\\..+$", $ext_username)) + + if(ereg("^.+@.+\\..+$", $_POST['ext_username'])) { - $ext_username = ""; + $_POST['ext_username'] = ""; retry("new", "Invalid Username, must not contain special characters"); return; } - if(strlen($ext_username) < 3) + if(strlen($_POST['ext_username']) < 3) { - $ext_username = ""; + $_POST['ext_username'] = ""; retry("new", "Username must be at least 3 characters"); return; } - if(strlen($ext_password) < 5) + if(strlen($_POST['ext_password']) < 5) { retry("new", "Password must be at least 5 characters"); return; } - if($ext_password != $ext_password2) + if($_POST['ext_password'] != $_POST['ext_password2']) { retry("new", "Passwords don't match"); return; } - if(strlen($ext_realname) == 0) + if(!isset($_POST['ext_realname'])) { retry("new", "You don't have a Real name?"); return; } - if(!ereg("^.+@.+\\..+$", $ext_email)) + if(!ereg("^.+@.+\\..+$", $_POST['ext_email'])) { - $ext_email = ""; + $_POST['ext_email'] = ""; retry("new", "Invalid email address"); return; } $user = new User(); - if($user->exists($ext_username)) + if($user->exists($_POST['ext_username'])) { - $ext_username = ""; + $_POST['ext_username'] = ""; retry("new", "That username is already in use"); return; } - $result = $user->create($ext_username, $ext_password, $ext_realname, $ext_email); + $result = $user->create($_POST['ext_username'], $_POST['ext_password'], $_POST['ext_realname'], $_POST['ext_email']); if($result == null) { - $user->login($ext_username, $ext_password); - addmsg("Account created! ($ext_username)", "green"); + $user->login($_POST['ext_username'], $_POST['ext_password']); + addmsg("Account created! (".$_POST['ext_username'].")", "green"); redirect(apidb_fullurl()); } else @@ -129,11 +128,9 @@ function cmd_do_new() //email lost password function cmd_send_passwd() { - global $ext_username; - $user = new User(); - $userid = $user->lookup_userid($ext_username); + $userid = $user->lookup_userid($_POST['ext_username']); $passwd = generate_passwd(); if ($userid) @@ -163,7 +160,7 @@ function cmd_send_passwd() } else { - addmsg("Sorry, that username [$ext_username] does not exist.", "red"); + addmsg("Sorry, that username (".$_POST['ext_username'].") does not exist.", "red"); } redirect(apidb_fullurl("account.php?cmd=login")); @@ -172,24 +169,20 @@ function cmd_send_passwd() //on login handler function cmd_do_login() { - global $ext_username, $ext_password; - global $ext_referer; - global $current; - $user = new User(); - $result = $user->login($ext_username, $ext_password); + $result = $user->login($_POST['ext_username'], $_POST['ext_password']); if($result == null) { - $current = $user; + $_SESSION['current'] = $user; addmsg("You are successfully logged in as '$user->username'.", "green"); redirect(apidb_fullurl("index.php")); } else { retry("login","Login failed ($result)"); - $current = 0; + $_SESSION['current'] = ""; } } -?> +?> \ No newline at end of file diff --git a/addcomment.php b/addcomment.php index 6aac406..f6bb4c1 100644 --- a/addcomment.php +++ b/addcomment.php @@ -4,7 +4,7 @@ include("path.php"); require(BASE."include/"."incl.php"); require(BASE."include/"."application.php"); -global $current; + if(!$appId) { errorpage('Internal Database Access Error'); @@ -33,7 +33,7 @@ if($body) $body1 = mysql_escape_string($body); // get current userid - $userId = (loggedin()) ? $current->userid : 0; + $userId = (loggedin()) ? $_SESSION['current']->userid : 0; $result = mysql_query("INSERT INTO appComments VALUES (NOW(), null, $thread, ". "$appId, $versionId, $userId, '$hostname', '$subject', ". @@ -53,7 +53,7 @@ if($body) $fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId); $ms .= APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId"."\n"; $ms .= "\n"; - $ms .= ($current->username ? $current->username : "Anonymous")." added comment to ".$fullAppName."\n"; + $ms .= ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous")." added comment to ".$fullAppName."\n"; $ms .= "\n"; $ms .= "Subject: ".$subject."\n"; $ms .= "\n"; @@ -74,7 +74,7 @@ if($body) $fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId); $ms = APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId"."\n"; $ms .= "\n"; - $ms .= ($current->username ? $current->username : "Anonymous")." added comment to ".$fullAppName."\n"; + $ms .= ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous")." added comment to ".$fullAppName."\n"; $ms .= "\n"; $ms .= "Subject: ".$subject."\n"; $ms .= "\n"; @@ -121,7 +121,7 @@ else echo '',"\n"; echo "\n"; - echo " \n"; + echo " \n"; echo "\n"; echo " \n"; echo "\n"; diff --git a/admin/addAppNote.php b/admin/addAppNote.php index 69d9545..ed66342 100644 --- a/admin/addAppNote.php +++ b/admin/addAppNote.php @@ -40,7 +40,7 @@ if($sub == "Submit") $fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId); $ms = APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId"."\n"; $ms .= "\n"; - $ms .= ($current->username ? $current->username : "Anonymous")." added note to ".$fullAppName."\n"; + $ms .= ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous")." added note to ".$fullAppName."\n"; $ms .= "\n"; $ms .= "title: ".$noteTitle."\n"; $ms .= "\n"; diff --git a/admin/adminAppQueue.php b/admin/adminAppQueue.php index 7608f42..a9d1403 100644 --- a/admin/adminAppQueue.php +++ b/admin/adminAppQueue.php @@ -20,12 +20,12 @@ else if (!havepriv("admin")) } -if ($sub) +if ($_REQUEST['sub']) { - if ($queueId) + if ($_REQUEST['queueId']) { //get data - $query = "SELECT * from appQueue where queueId = $queueId;"; + $query = "SELECT * from appQueue where queueId = ".$_REQUEST['queueId'].";"; $result = mysql_query($query); $ob = mysql_fetch_object($result); mysql_free_result($result); @@ -39,14 +39,14 @@ if ($sub) } //process according to sub flag - if ($sub == 'view' && $queueId) + if ($_REQUEST['sub'] == 'view' && $_REQUEST['queueId']) { $x = new TableVE("view"); apidb_header("Admin App Queue"); echo '',"\n"; echo '',"\n"; - echo '',"\n"; + echo '',"\n"; If ($ob->queueCatId == -1) //app version { @@ -160,7 +160,7 @@ if ($sub) $checkvendor = $ob2->vendorId; } } - if(checkvendor) + if($checkvendor) { $ob->queueVendor = ''; @@ -206,50 +206,50 @@ if ($sub) echo html_frame_end(" "); echo html_back_link(1,'adminAppQueue.php'); } - else if ($sub == 'add' && $queueId) + else if ($_REQUEST['sub'] == 'add' && $_REQUEST['queueId']) { //add item to main db $statusMessage = ""; $goodtogo = 0; - if ($type == 'app') + if ($_REQUEST['type'] == 'app') { //process as application family - if ($altvendor == 0 && $queueVendor) + if ($_REQUEST['altvendor'] == 0 && $_REQUEST['queueVendor']) { //add new vendor - mysql_query("INSERT into vendor VALUES (null, '".addslashes($queueVendor)."', '');"); - $altvendor = mysql_insert_id(); + mysql_query("INSERT into vendor VALUES (null, '".addslashes($_REQUEST['queueVendor'])."', '');"); + $_REQUEST['altvendor'] = mysql_insert_id(); } $query = "INSERT into appFamily VALUES (null, '". - addslashes($queueName)."', $altvendor, '', '". - addslashes($queueDesc)."', '". - addslashes($queueURL)."', $cat);"; + addslashes($_REQUEST['queueName'])."', ".$_REQUEST['altvendor'].", '', '". + addslashes($_REQUEST['queueDesc'])."', '". + addslashes($_REQUEST['queueURL'])."', ".$_REQUEST['cat'].");"; if (mysql_query($query)) { //get the id of the app just added - $appParent = mysql_insert_id(); + $_REQUEST['appParent'] = mysql_insert_id(); //delete queue item - mysql_query("DELETE from appQueue where queueId = $queueId;"); + mysql_query("DELETE from appQueue where queueId = ".$_REQUEST['queueId'].";"); //set ver if not set - if (!$queueVersion) - $queueVersion = '1.0'; - if (!$queueDesc) - $queueDesc = 'released version'; + if (!$_REQUEST['queueVersion']) + $_REQUEST['queueVersion'] = '1.0'; + if (!$_REQUEST['queueDesc']) + $_REQUEST['queueDesc'] = 'released version'; - $verQuery = "INSERT into appVersion VALUES (null, $appParent, '". - addslashes($queueVersion)."', '', '". - addslashes($queueDesc)."', '". - addslashes($queueURL)."', 0.0, 0.0);"; + $verQuery = "INSERT into appVersion VALUES (null, ".$_REQUEST['appParent'].", '". + addslashes($_REQUEST['queueVersion'])."', '', '". + addslashes($_REQUEST['queueDesc'])."', '". + addslashes($_REQUEST['queueURL'])."', 0.0, 0.0);"; //Now add a version if (mysql_query($verQuery)) { //successful - $appVersion = mysql_insert_id(); - addmsg("The application $queueName was successfully added into the database", "green"); + $_REQUEST['appVersion'] = mysql_insert_id(); + addmsg("The application ".$_REQUEST['queueName']." was successfully added into the database", "green"); $goodtogo = 1; } else @@ -268,23 +268,23 @@ if ($sub) addmsg($statusMessage, "red"); } } - else if ($type == 'ver') + else if ($_REQUEST['type'] == 'ver') { //process as application version - if ($appParent) + if ($_REQUEST['appParent']) { - $query = "INSERT into appVersion VALUES (null, $appParent, '". - addslashes($queueVersion)."', '', '". - addslashes($queueDesc)."', '". - addslashes($queueURL)."', 0.0, 0.0);"; + $query = "INSERT into appVersion VALUES (null, ".$_REQUEST['appParent'].", '". + addslashes($_REQUEST['queueVersion'])."', '', '". + addslashes($_REQUEST['queueDesc'])."', '". + addslashes($_REQUEST['queueURL'])."', 0.0, 0.0);"; if (mysql_query($query)) { //successful - $appVersion = mysql_insert_id(); - $statusMessage = "

The application $queueName was successfully added into the database

\n"; - addmsg($statusMessage,Green); - mysql_query("DELETE from appQueue where queueId = $queueId;"); + $_REQUEST['appVersion'] = mysql_insert_id(); + $statusMessage = "

The application ".$_REQUEST['queueName']." was successfully added into the database

\n"; + addmsg($statusMessage,"Green"); + mysql_query("DELETE from appQueue where queueId = ".$_REQUEST['queueId'].";"); $goodtogo = 1; } @@ -292,13 +292,13 @@ if ($sub) { //error $statusMessage = "

Database Error!
".mysql_error()."

\n"; - addmsg($statusMessage,red); + addmsg($statusMessage,"red"); } } else { addmsg("You did not pick an application Parent!",red); - redirect(apidb_fullurl("admin/adminAppQueue.php?cat=view&queueId=$queueId")); + redirect(apidb_fullurl("admin/adminAppQueue.php?cat=view&queueId=".$_REQUEST['queueId'])); exit; } @@ -308,13 +308,13 @@ if ($sub) //Send Status Email if ($ob->queueEmail && $goodtogo) { - $fullAppName = lookupAppName($appParent)." Version: ".lookupVersionName($appParent, $appVersion); + $fullAppName = lookupAppName($_REQUEST['appParent'])." Version: ".lookupVersionName($_REQUEST['appParent'], $_REQUEST['appVersion']); $ms = "Application Database Status Report\n"; $ms .= "----------------------------------\n\n"; $ms .= "Your application: ".$fullAppName." has been entered "; $ms .= "into the application database.\n\n"; - $ms .= APPDB_ROOT."appview.php?appId=$appParent&versionId=$appVersion"."\n\n"; + $ms .= APPDB_ROOT."appview.php?appId=".$_REQUEST['appParent']."&versionId=".$_REQUEST['appVersion']."\n\n"; $ms .= "Thanks!\n\n"; $ms .= $emailtext; @@ -322,12 +322,12 @@ if ($sub) } if ($goodtogo) { - $email = getNotifyEmailAddressList($appParent, $appVersion); + $email = getNotifyEmailAddressList($_REQUEST['appParent'], $_REQUEST['appVersion']); if($email) { - $fullAppName = "Application: ".lookupAppName($appParent). - " Version: ".lookupVersionName($appParent, $appVersion); - $ms = APPDB_ROOT."appview.php?appId=$appParent&versionId=$appVersion"."\n\n"; + $fullAppName = "Application: ".lookupAppName($_REQUEST['appParent']). + " Version: ".lookupVersionName($_REQUEST['appParent'], $_REQUEST['appVersion']); + $ms = APPDB_ROOT."appview.php?appId=".$_REQUEST['appParent']."&versionId=".$_REQUEST['appVersion']."\n\n"; $ms .= "New Application added to database:\n\n"; $ms .= $fullAppName."\n\n"; $ms .= STANDARD_NOTIFY_FOOTER; @@ -338,24 +338,24 @@ if ($sub) { $email = "no one"; } - addmsg("mesage sent to: ".$email, green); + addmsg("mesage sent to: ".$email, "green"); } //done - addmsg("Veiw App", "green"); + addmsg("Veiw App", "green"); redirect(apidb_fullurl("admin/adminAppQueue.php")); exit; } - else if ($sub == 'Delete' && $queueId) + else if ($_REQUEST['sub'] == 'Delete' && $_REQUEST['queueId']) { //delete main item - $query = "DELETE from appQueue where queueId = $queueId;"; + $query = "DELETE from appQueue where queueId = ".$_REQUEST['queueId'].";"; $result = mysql_query($query); if(!$result) { //error addmsg("Internal Error: unable to delete selected application!", "red"); - redirect(apidb_fullurl("admin/adminAppQueue.php?appId=$appId&versionId=$versionId")); + redirect(apidb_fullurl("admin/adminAppQueue.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId'])); } else { @@ -364,7 +364,7 @@ if ($sub) { if($ob->queueCatId == -1) //app version { - $fullAppName = lookupAppName($appParent)." Version: ".$ob->queueVersion; + $fullAppName = lookupAppName($_REQUEST['appParent'])." Version: ".$ob->queueVersion; } else { $fullAppName = $ob->queueName." Version: ".$ob->queueVersion; @@ -381,7 +381,7 @@ if ($sub) } //success addmsg("Application was successfully deleted from the Queue.", "green"); - redirect(apidb_fullurl("admin/adminAppQueue.php?appId=$appId&versionId=$versionId")); + redirect(apidb_fullurl("admin/adminAppQueue.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId'])); } } else diff --git a/appbrowse.php b/appbrowse.php index bf0555f..edd3c04 100644 --- a/appbrowse.php +++ b/appbrowse.php @@ -11,7 +11,8 @@ require(BASE."include/"."category.php"); function admin_menu() { - global $catId; + if(isset($_REQUEST['catId'])) $catId=$_REQUEST['catId']; + else $catId=""; $m = new htmlmenu("Admin"); $m->add("Edit this Category", $apidb_root."admin/editCategory.php?catId=$catId"); @@ -22,10 +23,8 @@ function admin_menu() $m->done(); } -$catId = $_REQUEST['catId']; - -if(!$catId) - $catId = 0; // ROOT +if(isset($_REQUEST['catId'])) $catId=$_REQUEST['catId']; +else $catId=0; // ROOT if( !is_numeric($catId) ) { diff --git a/deletecomment.php b/deletecomment.php index 6f570e3..07af704 100644 --- a/deletecomment.php +++ b/deletecomment.php @@ -67,7 +67,7 @@ if($email) $fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId); $ms .= APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId\n"; $ms .= "\n"; - $ms .= ($current->username ? $current->username : "Anonymous")." deleted comment from ".$fullAppName."\n"; + $ms .= ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous")." deleted comment from ".$fullAppName."\n"; $ms .= "\n"; $ms .= "Subject: ".$subject."\n"; $ms .= "\n"; diff --git a/include/comments.php b/include/comments.php index 7d6f2a4..6265e2f 100644 --- a/include/comments.php +++ b/include/comments.php @@ -217,7 +217,6 @@ function display_comments_flat($appId, $versionId) function view_app_comments($appId, $versionId, $threadId = 0) { - global $current; global $cmode; // count posts @@ -235,9 +234,9 @@ function view_app_comments($appId, $versionId, $threadId = 0) { //FIXME we need to change this so not logged in users can change current view as well if ($cmode) - $current->setpref("comments:mode", $cmode); + $_SESSION[current]->setpref("comments:mode", $cmode); - $sel[$current->getpref("comments:mode")] = 'selected'; + $sel[$_SESSION['current']->getpref("comments:mode")] = 'selected'; echo ' - + @@ -23,11 +23,11 @@ - + - + diff --git a/include/form_login.php b/include/form_login.php index 8a9e5cd..76d6571 100644 --- a/include/form_login.php +++ b/include/form_login.php @@ -24,7 +24,7 @@ function cmd_send_passwd() {
From:  ". ($current->username ? $current->username : "Anonymous") ."
 ". ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous") ."
Subject:  
',"\n"; echo "Application Comments $messageCount total comments "; echo 'Mode
  User Name
  Password
  Real Name
  Email Address
 
- + @@ -43,7 +43,7 @@ function cmd_send_passwd() { echo html_frame_end(" "); echo '',"\n"; -echo '',"\n"; +echo '',"\n"; echo '',"\n"; ?> diff --git a/include/form_new.php b/include/form_new.php index 2a1bbe7..76e8ce4 100644 --- a/include/form_new.php +++ b/include/form_new.php @@ -15,7 +15,7 @@ echo html_frame_start("Create New Application DB Account","400","",0)
User Name '>
Password
- + @@ -27,11 +27,11 @@ echo html_frame_start("Create New Application DB Account","400","",0) - + - + diff --git a/include/html.php b/include/html.php index 3a49f72..734bd3a 100644 --- a/include/html.php +++ b/include/html.php @@ -197,7 +197,7 @@ function html_frame_start($title = "", $width = "", $extra = "", $innerPad = 5) if ($width) { $width = 'width="'.$width.'"'; } -$str .= '
User Name '>
Password
Real Name '>
Email Address '>
'."\n"; +$str = '
'."\n"; if ($title) { diff --git a/include/incl.php b/include/incl.php index 7a8c20e..b802f55 100644 --- a/include/incl.php +++ b/include/incl.php @@ -6,7 +6,6 @@ */ //set global path -global $apidb_root; $apidb_root = BASE; //get modules @@ -60,9 +59,9 @@ function apidb_fullpath($path) */ function apidb_header($title = 0) { - global $apidb_root, $current; + global $apidb_root; - $username = $current->username; + $username = isset($_SESSION['current'])?$_SESSION['current']->username:""; // Set Page Title $page_title = $title; @@ -97,7 +96,6 @@ function apidb_header($title = 0) function apidb_footer() { global $apidb_root; - global $current; echo html_frame_end(); @@ -105,7 +103,7 @@ function apidb_footer() echo "
\n"; // Display Footer - if(!$header_disabled) + if(!isset($header_disabled)) include(BASE."include/"."footer.php"); } @@ -202,7 +200,6 @@ function redirectref($url = null) */ function addmsg($text, $color = "black") { - global $current; global $PHPSESSID; if($color) @@ -220,7 +217,6 @@ function addmsg($text, $color = "black") */ function dumpmsgbuffer() { - global $current; global $PHPSESSID; $result = mysql_query("SELECT * FROM sessionMessages WHERE sessionId = '$PHPSESSID'"); diff --git a/include/rating.php b/include/rating.php index 6622ce5..4799423 100644 --- a/include/rating.php +++ b/include/rating.php @@ -15,12 +15,11 @@ */ function rating_current_for_user($versionId, $system) { - global $current; if(!loggedin()) return 0; - $userId = $current->userid; + $userId = $_SESSION['current']->userid; $result = mysql_query("SELECT score FROM appRating WHERE versionId = $versionId AND system = '$system' AND userId = $userId"); if(!$result) @@ -38,7 +37,6 @@ function rating_current_for_user($versionId, $system) */ function rating_menu() { - global $versionId; global $apidb_root; $s = 's1'; @@ -46,8 +44,8 @@ function rating_menu() $j = new htmlmenu("Compatibility Rating","updaterating.php"); - $r_win = rating_current_for_user($versionId, "windows"); - $r_fake = rating_current_for_user($versionId, "fake"); + $r_win = rating_current_for_user($_REQUEST['versionId'], "windows"); + $r_fake = rating_current_for_user($_REQUEST['versionId'], "fake"); $wchk = array('checked',' ',' ',' ',' ',' '); $fchk = array('checked',' ',' ',' ',' ',' '); @@ -78,7 +76,7 @@ function rating_menu() $j->addmisc("","center"); - $j->addmisc(""); + $j->addmisc(""); $j->add("Rating Help", $apidb_root."help/?topic=ratings"); @@ -161,7 +159,6 @@ function rating_stars_for_version($versionId, $system) */ function rating_update($vars) { - global $current; if(!loggedin()) { @@ -169,7 +166,7 @@ function rating_update($vars) return; } - $userId = $current->userid; + $userId = $_SESSION[current]->userid; $versionId = $vars["versionId"]; $score_w = $vars["score_w"]; $score_f = $vars["score_f"]; diff --git a/include/sidebar.php b/include/sidebar.php index 137d300..5d50e43 100644 --- a/include/sidebar.php +++ b/include/sidebar.php @@ -33,7 +33,7 @@ function global_sidebar_menu() { function app_search_box($q = '') { global $apidb_root; - $str .= '
'."\n"; + $str = ''."\n"; $str .= ""; $str .= "\n"; $str .= "
\n"; diff --git a/include/sidebar_login.php b/include/sidebar_login.php index 559886a..a83d019 100644 --- a/include/sidebar_login.php +++ b/include/sidebar_login.php @@ -16,14 +16,13 @@ function global_sidebar_login() { if(loggedin()) { - global $current; $g->add("Logout", $apidb_root."account.php?cmd=logout"); $g->add("Preferences", $apidb_root."preferences.php"); /* if this user maintains any applications list them */ /* in their sidebar */ - $apps_user_maintains = getAppsFromUserId($current->userid); + $apps_user_maintains = getAppsFromUserId($_SESSION['current']->userid); if($apps_user_maintains) { $g->addmisc(""); diff --git a/include/tableve.php b/include/tableve.php index 3ef9688..3eaedeb 100644 --- a/include/tableve.php +++ b/include/tableve.php @@ -193,7 +193,7 @@ class TableVE { { $result = mysql_query("SELECT $idField, $nameField FROM $table $where ORDER BY $nameField"); - if(!result) + if(!$result) return; // Oops echo "