public function executeInner() { // instantiate db $dbManager = new DBManager(); // make comments safe and nicely formatted // TODO: strip tags with exceptions (see examples at http://us2.php.net/manual/en/function.strip-tags.php) // allowable tags <b><strong><u><i><a><em> possibly allowable <ul><ol><li> // TODO: convert "safe" tags to safe implementations, ex <strong style="foo"></strong> becomes <strong></strong> // TODO: sanitize anchor tags, ex <a href="javascript://"> is killed and <a href="foo"> becomes <a href="foo" target="_blank"> // escape strings for insert $name = $dbManager->escapeString($this->name); $contents = $dbManager->escapeString($this->contents); // do query $result = mysql_query("INSERT INTO blogcomments SET blogid=" . $this->blogId . ",name='{$name}', message='{$contents}'"); // check if successful if ($result) { $this->addNotice("Successfully posted a blog entry from \"" . $this->name . "\"."); // TODO: determine why trend micro firewall causing this to hang and why email not sending even when not hanging //$this->notifyAdmins(); } else { $this->addError("An error occured attempting to add a blog post. " . $dbManager->getLastError()); } // return success regardless since returned to the same place and error displayed return GlobalConstants::SUCCESS; }
protected function executeInner() { // update user in database $userid = $this->getUser()->getUserid(); // instantiate db $dbManager = new DBManager(); // escape strings for insert $email = $dbManager->escapeString($this->email); $result = null; if (!Str::nullOrEmpty($this->password)) { // they put something in for password, update it $password = md5($this->password); $result = mysql_query("UPDATE users SET email='{$email}', password='******' WHERE userid = {$userid}"); } else { // just update email $result = mysql_query("UPDATE users SET email='{$email}' WHERE userid = {$userid}"); } // check if successful if (!$result) { $this->addError("An error occured attempting update user info. " . $dbManager->getLastError()); return GlobalConstants::USER_INPUT; } $this->addNotice("Successfully updated user info for \"" . $this->email . "\"."); // get new user object $result = mysql_query("SELECT * FROM users WHERE userid = {$userid}"); $user = mysql_fetch_object($result, 'User'); // update user object in session $_SESSION[ValidateCredentials::USER_KEY] = $user; // return success regardless since returned to the same place and error displayed return GlobalConstants::SUCCESS; }
protected function executeInner() { // instantiate db $dbManager = new DBManager(); // do query $result = mysql_query("DELETE FROM blogcomments WHERE commentid = " . $this->commentId); // check if successful if ($result) { $this->addNotice("blog.notice.commentDeleted", array("id" => $this->commentId)); } else { $this->addError("blog.error.failedCommentDeletion", array("id" => $this->commentId, "error" => $dbManager->getLastError())); } // return success regardless since returned to the same place and error displayed return GlobalConstants::SUCCESS; }
public function executeInner() { // instantiate db $dbManager = new DBManager(); // escape strings for insert $title = $dbManager->escapeString($this->postTitle); $contents = $dbManager->escapeString($this->contents); // do query $result = mysql_query("UPDATE blog SET title='{$title}', message='{$contents}' WHERE blogid = " . $this->blogId); // check if successful if ($result) { $this->addNotice("blog.notice.blogUpdated", array('id' => $this->blogId)); } else { $this->addError("blog.error.failedBlogUpdate", array("error" => $dbManager->getLastError())); } // return success regardless since returned to the same place and error displayed return GlobalConstants::SUCCESS; }