From b9a66360297d3225926b31e0e268e0e06c9b91e5 Mon Sep 17 00:00:00 2001 From: skodak Date: Sat, 31 May 2008 10:43:51 +0000 Subject: [PATCH] MDL-14679 towards /admin conversion --- admin/handlevirus.php | 2 +- admin/modules.php | 77 ++++++++++++++++++++-------------------- admin/roles/assign.php | 2 +- admin/roles/override.php | 2 +- admin/uploadpicture.php | 7 ++-- admin/user.php | 20 +++++------ auth/email/auth.php | 11 +++--- auth/ldap/auth.php | 6 ++-- lib/authlib.php | 4 +-- 9 files changed, 65 insertions(+), 66 deletions(-) diff --git a/admin/handlevirus.php b/admin/handlevirus.php index 59464ea4c1b..b81faa4d0ff 100644 --- a/admin/handlevirus.php +++ b/admin/handlevirus.php @@ -29,7 +29,7 @@ while(!feof($fd)) { $bits = explode('/',$file); $a->filename = $bits[count($bits)-1]; - if (!$log = get_record("log","module","upload","info",$file,"action","upload")) { + if (!$log = $DB->get_record("log", array("module"=>"upload", "info"=>$file, "action"=>"upload"))) { $a->action = clam_handle_infected_file($file,0,false); clam_replace_infected_file($file); notify_admins_unknown($file,$a); diff --git a/admin/modules.php b/admin/modules.php index bb04cd85218..a387847cce1 100644 --- a/admin/modules.php +++ b/admin/modules.php @@ -33,43 +33,42 @@ /// If data submitted, then process and store. if (!empty($hide) and confirm_sesskey()) { - if (!$module = get_record("modules", "name", $hide)) { + if (!$module = $DB->get_record("modules", array("name"=>$hide))) { print_error('moduledoesnotexist', 'error'); } - set_field("modules", "visible", "0", "id", $module->id); // Hide main module + $DB->set_field("modules", "visible", "0", array("id"=>$module->id)); // Hide main module // Remember the visibility status in visibleold // and hide... - $sql = "UPDATE {$CFG->prefix}course_modules - SET visibleold=visible, - visible=0 - WHERE module={$module->id}"; - execute_sql($sql, false); + $sql = "UPDATE {course_modules} + SET visibleold=visible, visible=0 + WHERE module=?"; + $DB->execute($sql, array($module->id)); // clear the course modinfo cache for courses // where we just deleted something - $sql = "UPDATE {$CFG->prefix}course - SET modinfo='' - WHERE id IN (SELECT DISTINCT course - FROM {$CFG->prefix}course_modules - WHERE visibleold=1 AND module={$module->id})"; - execute_sql($sql, false); + $sql = "UPDATE {course} + SET modinfo='' + WHERE id IN (SELECT DISTINCT course + FROM {course_modules} + WHERE visibleold=1 AND module=?)"; + $DB->execute($sql, array($module->id)); admin_get_root(true, false); // settings not required - only pages } if (!empty($show) and confirm_sesskey()) { - if (!$module = get_record("modules", "name", $show)) { + if (!$module = $DB->get_record("modules", array("name"=>$show))) { print_error('moduledoesnotexist', 'error'); } - set_field("modules", "visible", "1", "id", $module->id); // Show main module - set_field('course_modules', 'visible', '1', 'visibleold', - '1', 'module', $module->id); // Get the previous saved visible state for the course module. + $DB->set_field("modules", "visible", "1", array("id"=>$module->id)); // Show main module + $DB->set_field('course_modules', 'visible', '1', 'visibleold', + '1', array('module'=>$module->id)); // Get the previous saved visible state for the course module. // clear the course modinfo cache for courses // where we just made something visible - $sql = "UPDATE {$CFG->prefix}course - SET modinfo='' - WHERE id IN (SELECT DISTINCT course - FROM {$CFG->prefix}course_modules - WHERE visible=1 AND module={$module->id})"; - execute_sql($sql, false); + $sql = "UPDATE {course} + SET modinfo = '' + WHERE id IN (SELECT DISTINCT course + FROM {course_modules} + WHERE visible=1 AND module=?)"; + $DB->execute($sql, array($module->id)); admin_get_root(true, false); // settings not required - only pages } @@ -92,12 +91,12 @@ print_error("cannotdeleteforummudule", 'forum'); } - if (!$module = get_record("modules", "name", $delete)) { + if (!$module = $DB->get_record("modules", array("name"=>$delete))) { print_error('moduledoesnotexist', 'error'); } // OK, first delete all the relevant instances from all course sections - if ($coursemods = get_records("course_modules", "module", $module->id)) { + if ($coursemods = $DB->get_records("course_modules", array("module"=>$module->id))) { foreach ($coursemods as $coursemod) { if (! delete_mod_from_section($coursemod->id, $coursemod->section)) { notify("Could not delete the $strmodulename with id = $coursemod->id from section $coursemod->section"); @@ -106,41 +105,41 @@ } // delete calendar events - if (!delete_records("event", "modulename", $delete)) { + if (!$DB->delete_records("event", array("modulename"=>$delete))) { notify("Error occurred while deleting all $strmodulename records in calendar event table"); } // clear course.modinfo for courses // that used this module... - $sql = "UPDATE {$CFG->prefix}course - SET modinfo='' - WHERE id IN (SELECT DISTINCT course - FROM {$CFG->prefix}course_modules - WHERE module={$module->id})"; - execute_sql($sql, false); + $sql = "UPDATE {course} + SET modinfo='' + WHERE id IN (SELECT DISTINCT course + FROM {course_modules} + WHERE module=?)"; + $DB->execute_sql($sql, array($module->id)); // Now delete all the course module records - if (!delete_records("course_modules", "module", $module->id)) { + if (!$DB->delete_records("course_modules", array("module"=>$module->id))) { notify("Error occurred while deleting all $strmodulename records in course_modules table"); } // Then delete all the logs - if (!delete_records("log", "module", $module->name)) { + if (!$DB->delete_records("log", array("module"=>$module->name))) { notify("Error occurred while deleting all $strmodulename records in log table"); } // And log_display information - if (!delete_records("log_display", "module", $module->name)) { + if (!$DB->delete_records("log_display", array("module"=>$module->name))) { notify("Error occurred while deleting all $strmodulename records in log_display table"); } // And the module entry itself - if (!delete_records("modules", "name", $module->name)) { + if (!$DB->delete_records("modules", array("name"=>$module->name))) { notify("Error occurred while deleting the $strmodulename record from modules table"); } // And the module configuration records - if (!execute_sql("DELETE FROM {$CFG->prefix}config WHERE name LIKE '{$module->name}_%'")) { + if (!$DB->execute("DELETE FROM {config} WHERE name LIKE ?", array("{$module->name}_%"))) { notify("Error occurred while deleting the $strmodulename records from the config table"); } @@ -179,7 +178,7 @@ /// Get and sort the existing modules - if (!$modules = get_records("modules")) { + if (!$modules = $DB->get_records("modules")) { print_error('moduledoesnotexist', 'error'); } @@ -218,7 +217,7 @@ $settings = ""; } - $count = count_records_select("$module->name",'course<>0'); + $count = $DB->count_records_select($module->name, "course<>0"); if ($count>0) { $countlink = "wwwroot}/course/search.php?modulelist=$module->name" . "&sesskey={$USER->sesskey}\" title=\"$strshowmodulecourse\">$count"; diff --git a/admin/roles/assign.php b/admin/roles/assign.php index 7f4b19ad2a0..523b8a36e40 100755 --- a/admin/roles/assign.php +++ b/admin/roles/assign.php @@ -304,7 +304,7 @@ * get_users_by_capability() because * * 1) get_users_by_capability() does not deal with searching by name * * 2) exceptions array can be potentially large for large courses * - * 3) get_recordset_sql() is more efficient * + * 3) $DB->get_recordset_sql() is more efficient * * * ************************************************************************/ diff --git a/admin/roles/override.php b/admin/roles/override.php index 237fa9d3a90..a2e3641b175 100755 --- a/admin/roles/override.php +++ b/admin/roles/override.php @@ -8,7 +8,7 @@ $courseid = optional_param('courseid', 0, PARAM_INT); // needed for user tabs $cancel = optional_param('cancel', 0, PARAM_BOOL); - if (!$context = get_record('context', 'id', $contextid)) { + if (!$context = $DB->get_record('context', array('id'=>$contextid))) { print_error('wrongcontextid', 'error'); } diff --git a/admin/uploadpicture.php b/admin/uploadpicture.php index 54aace9d457..be1102ed72b 100644 --- a/admin/uploadpicture.php +++ b/admin/uploadpicture.php @@ -62,7 +62,7 @@ admin_externalpage_print_header(); print_heading_with_help($struploadpictures, 'uploadpictures'); $mform = new admin_uploadpicture_form(); -if ($formdata = $mform->get_data()) { +if ($formdata = $mform->get_data(false)) { if (!array_key_exists($userfield, $userfields)) { notify(get_string('uploadpicture_baduserfield','admin')); } else { @@ -115,8 +115,7 @@ if ($formdata = $mform->get_data()) { strlen($basename) - strlen($extension) - 1); // userfield names are safe, so don't quote them. - if (!($user = get_record('user', $userfields[$userfield], - addslashes($uservalue)))) { + if (!($user = $DB->get_record('user', array($userfields[$userfield], $uservalue)))) { $userserrors++; $a = new Object(); $a->userfield = clean_param($userfields[$userfield], PARAM_CLEANHTML); @@ -124,7 +123,7 @@ if ($formdata = $mform->get_data()) { notify(get_string('uploadpicture_usernotfound', 'admin', $a)); continue; } - $haspicture = get_field('user', 'picture', 'id', $user->id); + $haspicture = $DB->get_field('user', 'picture', array('id'=>$user->id)); if ($haspicture && !$overwritepicture) { notify(get_string('uploadpicture_userskipped', 'admin', $user->username)); continue; diff --git a/admin/user.php b/admin/user.php index f02ca42f488..c19b1ae428d 100644 --- a/admin/user.php +++ b/admin/user.php @@ -39,13 +39,13 @@ admin_externalpage_print_header(); if ($confirmuser and confirm_sesskey()) { - if (!$user = get_record('user', 'id', $confirmuser)) { + if (!$user = $DB->get_record('user', array('id'=>$confirmuser))) { print_error('nousers'); } $auth = get_auth_plugin($user->auth); - $result = $auth->user_confirm(addslashes($user->username), addslashes($user->secret)); + $result = $auth->user_confirm($user->username, $user->secret); if ($result == AUTH_CONFIRM_OK or $result == AUTH_CONFIRM_ALREADY) { notify(get_string('userconfirmed', '', fullname($user, true)) ); @@ -59,7 +59,7 @@ print_error('nopermissions', 'error', '', 'delete a user'); } - if (!$user = get_record('user', 'id', $delete)) { + if (!$user = $DB->get_record('user', array('id'=>$delete))) { print_error('nousers', 'error'); } @@ -86,7 +86,7 @@ // TODO: this should be under a separate capability print_error('nopermissions', 'error', '', 'modify the NMET access control list'); } - if (!$user = get_record('user', 'id', $acl)) { + if (!$user = $DB->get_record('user', array('id'=>$acl))) { print_error('nousers', 'error'); } if (!is_mnet_remote_user($user)) { @@ -96,22 +96,22 @@ if ($accessctrl != 'allow' and $accessctrl != 'deny') { print_error('invalidaccessparameter', 'error'); } - $aclrecord = get_record('mnet_sso_access_control', 'username', $user->username, 'mnet_host_id', $user->mnethostid); + $aclrecord = $DB->get_record('mnet_sso_access_control', array('username'=>$user->username, 'mnet_host_id'=>$user->mnethostid)); if (empty($aclrecord)) { $aclrecord = new object(); $aclrecord->mnet_host_id = $user->mnethostid; $aclrecord->username = $user->username; $aclrecord->accessctrl = $accessctrl; - if (!insert_record('mnet_sso_access_control', $aclrecord)) { + if (!$DB->insert_record('mnet_sso_access_control', $aclrecord)) { print_error('dbnotinsert', 'debug', '', 'the MNET access control list'); } } else { $aclrecord->accessctrl = $accessctrl; - if (!update_record('mnet_sso_access_control', $aclrecord)) { + if (!$DB->update_record('mnet_sso_access_control', $aclrecord)) { print_error('dbnotupdate', 'debug', '', 'the MNET access control list'); } } - $mnethosts = get_records('mnet_host', '', '', 'id', 'id,wwwroot,name'); + $mnethosts = $DB->get_records('mnet_host', null, 'id', 'id,wwwroot,name'); notify("MNET access control list updated: username '$user->username' from host '" . $mnethosts[$user->mnethostid]->name . "' access now set to '$accessctrl'."); @@ -181,7 +181,7 @@ $countries = get_list_of_countries(); if (empty($mnethosts)) { - $mnethosts = get_records('mnet_host', '', '', 'id', 'id,wwwroot,name'); + $mnethosts = $DB->get_records('mnet_host', null, 'id', 'id,wwwroot,name'); } foreach ($users as $key => $user) { @@ -239,7 +239,7 @@ // for remote users, shuffle columns around and display MNET stuff if (is_mnet_remote_user($user)) { $accessctrl = 'allow'; - if ($acl = get_record('mnet_sso_access_control', 'username', $user->username, 'mnet_host_id', $user->mnethostid)) { + if ($acl = $DF->get_record('mnet_sso_access_control', array('username'=>$user->username, 'mnet_host_id'=>$user->mnethostid))) { $accessctrl = $acl->accessctrl; } $changeaccessto = ($accessctrl == 'deny' ? 'allow' : 'deny'); diff --git a/auth/email/auth.php b/auth/email/auth.php index 8109d6c81d0..a67754ee301 100644 --- a/auth/email/auth.php +++ b/auth/email/auth.php @@ -116,10 +116,11 @@ class auth_plugin_email extends auth_plugin_base { /** * Confirm the new user as registered. * - * @param string $username (with system magic quotes) - * @param string $confirmsecret (with system magic quotes) + * @param string $username + * @param string $confirmsecret */ function user_confirm($username, $confirmsecret) { + global $DB; $user = get_complete_user_data('username', $username); if (!empty($user)) { @@ -129,11 +130,11 @@ class auth_plugin_email extends auth_plugin_base { } else if ($user->auth != 'email') { return AUTH_CONFIRM_ERROR; - } else if ($user->secret == stripslashes($confirmsecret)) { // They have provided the secret key to get in - if (!set_field("user", "confirmed", 1, "id", $user->id)) { + } else if ($user->secret == $confirmsecret) { // They have provided the secret key to get in + if (!$DB->set_field("user", "confirmed", 1, array("id"=>$user->id))) { return AUTH_CONFIRM_FAIL; } - if (!set_field("user", "firstaccess", time(), "id", $user->id)) { + if (!$DB->set_field("user", "firstaccess", time(), array("id"=>$user->id))) { return AUTH_CONFIRM_FAIL; } return AUTH_CONFIRM_OK; diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php index 77d01971d07..3334e27527d 100644 --- a/auth/ldap/auth.php +++ b/auth/ldap/auth.php @@ -433,8 +433,8 @@ class auth_plugin_ldap extends auth_plugin_base { /** * Confirm the new user as registered. * - * @param string $username (with system magic quotes) - * @param string $confirmsecret (with system magic quotes) + * @param string $username + * @param string $confirmsecret */ function user_confirm($username, $confirmsecret) { $user = get_complete_user_data('username', $username); @@ -446,7 +446,7 @@ class auth_plugin_ldap extends auth_plugin_base { } else if ($user->auth != 'ldap') { return AUTH_CONFIRM_ERROR; - } else if ($user->secret == stripslashes($confirmsecret)) { // They have provided the secret key to get in + } else if ($user->secret == $confirmsecret) { // They have provided the secret key to get in if (!$this->user_activate($username)) { return AUTH_CONFIRM_FAIL; } diff --git a/lib/authlib.php b/lib/authlib.php index d076646d701..5ea18ed3836 100644 --- a/lib/authlib.php +++ b/lib/authlib.php @@ -215,8 +215,8 @@ class auth_plugin_base { /** * Confirm the new user as registered. * - * @param string $username (with system magic quotes) - * @param string $confirmsecret (with system magic quotes) + * @param string $username + * @param string $confirmsecret */ function user_confirm($username, $confirmsecret) { //override when can confirm