ldt/partstock
ldt/partstock
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fixing database accesses

Browse source
This commit is contained in:
Thomas Weinhold 2020-09-25 23:38:55 +02:00
commit b4e6c2f9bb
5 changed files with 40 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

8
includes/mysql.php
View file

@ -6,8 +6,8 @@
if (!$GlobalMysqlHandler) if (!$GlobalMysqlHandler)
{ {
$err_msg = "Cannot connect to mysql database \"$GlobalMysqlHost\" as \"$GlobalMysqlUser\"!"; $err_msg = "Cannot connect to mysql database \"$GlobalMysqlHost\" as \"$GlobalMysqlUser\"!";
$err_msg += "\nErrno: " . mysqli_connect_errno(); $err_msg .= "\nErrno: " . mysqli_connect_errno();
$err_msg += "\nError: " . mysqli_connect_error(); $err_msg .= "\nError: " . mysqli_connect_error();
ErrorLog($err_msg); ErrorLog($err_msg);
$MysqlErrorsArePresent = 1; $MysqlErrorsArePresent = 1;
} }
@ -16,8 +16,8 @@
if (!mysqli_select_db($GlobalMysqlHandler, $GlobalMysqlDatabase)) if (!mysqli_select_db($GlobalMysqlHandler, $GlobalMysqlDatabase))
{ {
$err_msg = "Cannot select mysql database \"$GlobalMysqlDatabase\"!"; $err_msg = "Cannot select mysql database \"$GlobalMysqlDatabase\"!";
$err_msg += "\nErrno: " . mysqli_connect_errno(); $err_msg .= "\nErrno: " . mysqli_connect_errno();
$err_msg += "\nError: " . mysqli_connect_error(); $err_msg .= "\nError: " . mysqli_connect_error();
ErrorLog($err_msg); ErrorLog($err_msg);
$MysqlErrorsArePresent = 2; $MysqlErrorsArePresent = 2;
} }

12
includes/user.php
View file

@ -6,11 +6,11 @@ if ($ToDo=="Login")
{ {
$Login = (isset($_POST['Login'])) ? $_POST['Login'] :""; $Login = (isset($_POST['Login'])) ? $_POST['Login'] :"";
$Password = (isset($_POST['Password'])) ? md5($_POST['Password']):""; $Password = (isset($_POST['Password'])) ? md5($_POST['Password']):"";
if ($Login=="root") if ($Login=="root")
{ {
global $CfgRootPassword; global $CfgRootPassword;
if ($Password==$CfgRootPassword) if ($Password==$CfgRootPassword)
{ {
MessageSuccess(LangSpell('ScentenceLoginSucceeded')."\n"); MessageSuccess(LangSpell('ScentenceLoginSucceeded')."\n");
@ -24,7 +24,7 @@ if ($ToDo=="Login")
$_SESSION['Id']=0; $_SESSION['Id']=0;
$_SESSION['Login']=""; $_SESSION['Login']="";
$_SESSION['Time']=0; $_SESSION['Time']=0;
} }
} }
else if ($Login) else if ($Login)
{ {
@ -47,7 +47,7 @@ if ($ToDo=="Login")
$_SESSION['Id']=0; $_SESSION['Id']=0;
$_SESSION['Login']=""; $_SESSION['Login']="";
$_SESSION['Time']=0; $_SESSION['Time']=0;
} }
} }
else else
{ {
@ -149,10 +149,10 @@ function UserLoadSettings()
global $GlobalTemplate; global $GlobalTemplate;
global $CfgStdTemplate; global $CfgStdTemplate;
global $GlobalLanguage; global $GlobalLanguage;
global $CfgStdLanguage; global $CfgStdLanguage;
if (isset($_SESSION['Id']) && $_SESSION['Id']>0) if (isset($_SESSION['Id']) && $_SESSION['Id']>0)
{ {
$LoadQuery="SELECT `Template` , `Language` FROM `User` WHERE `Id` =".$_SESSION['Id']; $LoadQuery="SELECT `Template` , `Language` FROM `User` WHERE `Id` =".$_SESSION['Id'];

20
pages/consistency_check_databse.php
View file

@ -85,16 +85,16 @@ if (UserGetLogin()=="root")
mysqli_query($CheckHandler, 'ALTER TABLE `Types` DROP PRIMARY KEY , ADD PRIMARY KEY ( `Id` )'); mysqli_query($CheckHandler, 'ALTER TABLE `Types` DROP PRIMARY KEY , ADD PRIMARY KEY ( `Id` )');
mysqli_query($CheckHandler, 'ALTER TABLE `Types` CHANGE `Id` `Id` INT( 11 ) NOT NULL AUTO_INCREMENT '); mysqli_query($CheckHandler, 'ALTER TABLE `Types` CHANGE `Id` `Id` INT( 11 ) NOT NULL AUTO_INCREMENT ');
mysqli_query($CheckHandler, 'ALTER TABLE `Types` ADD `Name` varchar(100) COLLATE utf8_unicode_ci NOT NULL'); mysqli_query($CheckHandler, 'ALTER TABLE `Types` ADD `Name` varchar(100) COLLATE utf8_unicode_ci NOT NULL');
mysqli_query($CheckHandler, 'ALTER TABLE `Types` ADD `ShortName` varchar(10) COLLATE utf8_unicode_ci NOT NULL'); mysqli_query($CheckHandler, "ALTER TABLE `Types` ADD `ShortName` varchar(10) COLLATE utf8_unicode_ci NOT NULL DEFAULT ''");
mysqli_query($CheckHandler, 'ALTER TABLE `Types` ADD `NameValue1` varchar(50) COLLATE utf8_unicode_ci NOT NULL'); mysqli_query($CheckHandler, "ALTER TABLE `Types` ADD `NameValue1` varchar(50) COLLATE utf8_unicode_ci NOT NULL DEFAULT ''");
mysqli_query($CheckHandler, 'ALTER TABLE `Types` ADD `UnitValue1` varchar(20) COLLATE utf8_unicode_ci NOT NULL'); mysqli_query($CheckHandler, "ALTER TABLE `Types` ADD `UnitValue1` varchar(20) COLLATE utf8_unicode_ci NOT NULL DEFAULT ''");
mysqli_query($CheckHandler, 'ALTER TABLE `Types` ADD `NameValue2` varchar(50) COLLATE utf8_unicode_ci NOT NULL'); mysqli_query($CheckHandler, "ALTER TABLE `Types` ADD `NameValue2` varchar(50) COLLATE utf8_unicode_ci NOT NULL DEFAULT ''");
mysqli_query($CheckHandler, 'ALTER TABLE `Types` ADD `UnitValue2` varchar(20) COLLATE utf8_unicode_ci NOT NULL'); mysqli_query($CheckHandler, "ALTER TABLE `Types` ADD `UnitValue2` varchar(20) COLLATE utf8_unicode_ci NOT NULL DEFAULT ''");
mysqli_query($CheckHandler, 'ALTER TABLE `Types` ADD `NameValue3` varchar(50) COLLATE utf8_unicode_ci NOT NULL'); mysqli_query($CheckHandler, "ALTER TABLE `Types` ADD `NameValue3` varchar(50) COLLATE utf8_unicode_ci NOT NULL DEFAULT ''");
mysqli_query($CheckHandler, 'ALTER TABLE `Types` ADD `UnitValue3` varchar(20) COLLATE utf8_unicode_ci NOT NULL'); mysqli_query($CheckHandler, "ALTER TABLE `Types` ADD `UnitValue3` varchar(20) COLLATE utf8_unicode_ci NOT NULL DEFAULT ''");
mysqli_query($CheckHandler, 'ALTER TABLE `Types` ADD `ParentId` int(11) NOT NULL'); mysqli_query($CheckHandler, "ALTER TABLE `Types` ADD `ParentId` int(11) NOT NULL");
mysqli_query($CheckHandler, 'ALTER TABLE `Types` ADD `LockId` int(11) NOT NULL'); mysqli_query($CheckHandler, "ALTER TABLE `Types` ADD `LockId` int(11) NOT NULL DEFAULT '0'");
mysqli_query($CheckHandler, 'ALTER TABLE `Types` ADD `LockTime` int(11) NOT NULL'); mysqli_query($CheckHandler, "ALTER TABLE `Types` ADD `LockTime` int(11) NOT NULL DEFAULT '0'");
//User //User
mysqli_query($CheckHandler, 'CREATE TABLE IF NOT EXISTS `User` ( `Id` int(11) NOT NULL AUTO_INCREMENT, PRIMARY KEY (`Id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; '); mysqli_query($CheckHandler, 'CREATE TABLE IF NOT EXISTS `User` ( `Id` int(11) NOT NULL AUTO_INCREMENT, PRIMARY KEY (`Id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; ');
mysqli_query($CheckHandler, 'ALTER TABLE `User` ADD `Id` int(11) NOT NULL AUTO_INCREMENT'); mysqli_query($CheckHandler, 'ALTER TABLE `User` ADD `Id` int(11) NOT NULL AUTO_INCREMENT');

33
pages/edit_types.php
View file

@ -8,14 +8,14 @@ function WriteTypeList($ParentId, $ParentIsLocked)
global $GlobalContent; global $GlobalContent;
global $GlobalTemplate; global $GlobalTemplate;
global $EditTypesEditId; global $EditTypesEditId;
$ListQuery="SELECT * FROM `Types` WHERE `ParentId` =$ParentId"; $ListQuery="SELECT * FROM `Types` WHERE `ParentId` =$ParentId";
$ListQuery=mysqli_query($GlobalMysqlHandler, $ListQuery); $ListQuery=mysqli_query($GlobalMysqlHandler, $ListQuery);
if (!$ParentId || NestedListVisibilityIsSet($ParentId, 'EditTypes')) if (!$ParentId || NestedListVisibilityIsSet($ParentId, 'EditTypes'))
$GlobalContent .= "<ul style=\"display:block;\">\n"; $GlobalContent .= "<ul style=\"display:block;\">\n";
else else
$GlobalContent .= "<ul style=\"display:none;\">\n"; $GlobalContent .= "<ul style=\"display:none;\">\n";
if (mysqli_num_rows($ListQuery)) if (mysqli_num_rows($ListQuery))
{ {
@ -26,7 +26,7 @@ function WriteTypeList($ParentId, $ParentIsLocked)
&& !( LockIsActive('Types',$ListData['Id']) || $ParentIsLocked) && !( LockIsActive('Types',$ListData['Id']) || $ParentIsLocked)
) )
{ //edit entry { //edit entry
$GlobalContent .= " <li>\n"; $GlobalContent .= " <li>\n";
$GlobalContent .= ' <a href="index.php?Page=EditTypes&ToDo=DeleteType&Id='.$ListData['Id'].'" title="'.LangSpellHtml('TagTitleDelete').'">'.OtherGetIcon('Delete',"Button").'</a>'; $GlobalContent .= ' <a href="index.php?Page=EditTypes&ToDo=DeleteType&Id='.$ListData['Id'].'" title="'.LangSpellHtml('TagTitleDelete').'">'.OtherGetIcon('Delete',"Button").'</a>';
$GlobalContent .= ' <form action="index.php?Page=EditTypes&ToDo=EditTypeSave" method="post">'; $GlobalContent .= ' <form action="index.php?Page=EditTypes&ToDo=EditTypeSave" method="post">';
$GlobalContent .= ' <input type="hidden" name="Id" value="'.$ListData['Id'].'">'; $GlobalContent .= ' <input type="hidden" name="Id" value="'.$ListData['Id'].'">';
@ -56,7 +56,7 @@ function WriteTypeList($ParentId, $ParentIsLocked)
} }
else else
{ //just show entry { //just show entry
$GlobalContent .= " <li>\n"; $GlobalContent .= " <li>\n";
if (LockIsActive('Types',$ListData['Id']) || $ParentIsLocked) if (LockIsActive('Types',$ListData['Id']) || $ParentIsLocked)
{ {
$GlobalContent .= ' '.OtherGetIcon('LockActive'); $GlobalContent .= ' '.OtherGetIcon('LockActive');
@ -71,7 +71,7 @@ function WriteTypeList($ParentId, $ParentIsLocked)
$GlobalContent .= " (".NestedListCountSubElements($ListData['Id'],'Types').")"; $GlobalContent .= " (".NestedListCountSubElements($ListData['Id'],'Types').")";
$GlobalContent .= " \n</li>\n"; $GlobalContent .= " \n</li>\n";
} }
WriteTypeList($ListData['Id'],$ParentIsLocked); WriteTypeList($ListData['Id'],$ParentIsLocked);
} }
} }
@ -103,7 +103,7 @@ if (UserHasRight('EditTypes'))
$Id = $_POST['Id']; $Id = $_POST['Id'];
$Name = $_POST['Name']; $Name = $_POST['Name'];
$MoveId = (isset($_POST['MoveToId']))? $_POST['MoveToId']:0; $MoveId = (isset($_POST['MoveToId']))? $_POST['MoveToId']:0;
if ($MoveId) if ($MoveId)
{ {
$MoveQuery = ""; $MoveQuery = "";
@ -131,7 +131,7 @@ if (UserHasRight('EditTypes'))
ErrorLog("[edit_types.php] Db error on moving element with id $Id to parent id $MoveId"); ErrorLog("[edit_types.php] Db error on moving element with id $Id to parent id $MoveId");
} }
} }
//$ChangeItemQuery="UPDATE `Types` SET `Name` = '$Name' WHERE `Id` =$Id LIMIT 1 ;"; //$ChangeItemQuery="UPDATE `Types` SET `Name` = '$Name' WHERE `Id` =$Id LIMIT 1 ;";
$ChangeItemQuery="UPDATE `Types` SET `Name` = '$Name', `ShortName` = '".$_POST['ShortName']."', `NameValue1` = '".$_POST['NameValue1']."', `NameValue2` = '".$_POST['NameValue2']."', `NameValue3` = '".$_POST['NameValue3']."', `UnitValue1` = '".$_POST['UnitValue1']."', `UnitValue2` = '".$_POST['UnitValue2']."', `UnitValue3` = '".$_POST['UnitValue3']."' WHERE `Id` =$Id LIMIT 1 ;"; $ChangeItemQuery="UPDATE `Types` SET `Name` = '$Name', `ShortName` = '".$_POST['ShortName']."', `NameValue1` = '".$_POST['NameValue1']."', `NameValue2` = '".$_POST['NameValue2']."', `NameValue3` = '".$_POST['NameValue3']."', `UnitValue1` = '".$_POST['UnitValue1']."', `UnitValue2` = '".$_POST['UnitValue2']."', `UnitValue3` = '".$_POST['UnitValue3']."' WHERE `Id` =$Id LIMIT 1 ;";
if (!mysqli_query($GlobalMysqlHandler, $ChangeItemQuery)) if (!mysqli_query($GlobalMysqlHandler, $ChangeItemQuery))
@ -199,13 +199,16 @@ if (UserHasRight('EditTypes'))
if (trim($NewTypeName)!="") if (trim($NewTypeName)!="")
{ {
global $GlobalMysqlHandler; global $GlobalMysqlHandler;
$InsertQuery="INSERT INTO `Types` ( `Name` , `ParentId` ) VALUES ( '$NewTypeName', '$ParentId' );"; $InsertQuery="INSERT INTO `Types` (`Name`, `ParentId`) VALUES ( '$NewTypeName', '$ParentId');";
if (mysqli_query($GlobalMysqlHandler, $InsertQuery)) $QueyResult = mysqli_query($GlobalMysqlHandler, $InsertQuery);
{ if ($QueyResult === True) {
MessageSuccess(LangSpell('EditTypesNewTypeAdded')); MessageSuccess(LangSpell('EditTypesNewTypeAdded'));
} } else {
else $err_msg = "Cannot create new type!";
{ $err_msg .= "\nErrno: " . mysqli_connect_errno();
$err_msg .= "\nError: " . mysqli_connect_error();
$err_msg .= "\nQuery: " . $InsertQuery;
ErrorLog($err_msg);
MessageError(LangSpell('SentenceDatabaseError')); MessageError(LangSpell('SentenceDatabaseError'));
} }
} }
@ -297,7 +300,7 @@ if (UserHasRight('EditTypes') || UserHasRight('ViewSTPV'))
} }
$ToDo=""; $ToDo="";
} }
/////////////// ///////////////
// sow types // sow types
if ($ToDo=="") if ($ToDo=="")

4
pages/edit_vendors.php
View file

@ -88,8 +88,8 @@ if (UserHasRight('EditVendors'))
$InsertVendorQuery = "INSERT INTO `Vendors` (`Name`, `Homepage`, `MinBill`, `ShippingCost`, `LockId`, `LockTime`) VALUES ('$Name', '$Homepage', '$MinBill', '$ShippingCost', 0, 0);"; $InsertVendorQuery = "INSERT INTO `Vendors` (`Name`, `Homepage`, `MinBill`, `ShippingCost`, `LockId`, `LockTime`) VALUES ('$Name', '$Homepage', '$MinBill', '$ShippingCost', 0, 0);";
if (mysqli_query($GlobalMysqlHandler, $InsertVendorQuery) === false) { if (mysqli_query($GlobalMysqlHandler, $InsertVendorQuery) === false) {
$err_msg = "Database error while insert new vendor!"; $err_msg = "Database error while insert new vendor!";
$err_msg += "\nErrno: " . mysqli_connect_errno(); $err_msg .= "\nErrno: " . mysqli_connect_errno();
$err_msg += "\nError: " . mysqli_connect_error(); $err_msg .= "\nError: " . mysqli_connect_error();
ErrorLog($err_msg); ErrorLog($err_msg);
MessageError(LangSpell('SentenceDatabaseError')); MessageError(LangSpell('SentenceDatabaseError'));
} else { } else {