From 8354bd53a327cb438755da1349e39ae2da88c764 Mon Sep 17 00:00:00 2001
From: PioDer <piotrek@pioder.pl>
Date: Sun, 15 Feb 2015 23:32:03 +0100
Subject: [PATCH] several updates in admin controller (buildURL) implemented
 two new functions (variable cleaning) to use in future

---
 inc/controllers/AdminController.class.php | 50 +++++++++++------------
 inc/misc_functions.php                    | 25 ++++++++++++
 2 files changed, 50 insertions(+), 25 deletions(-)

diff --git a/inc/controllers/AdminController.class.php b/inc/controllers/AdminController.class.php
index f762e4d..dcbd41e 100644
--- a/inc/controllers/AdminController.class.php
+++ b/inc/controllers/AdminController.class.php
@@ -30,13 +30,13 @@ class AdminController extends Controller
 		
 		if (!$this->getModel('SessionModel')->isLogged())
 		{
-			$this->getView('MainView')->forum_message('You are not logged.', 'index.php?mode=login', true);
+			$this->getView('MainView')->forum_message('You are not logged.', buildURL('index.php?mode=login'), true);
 			$lockv = true;
 		}
 		
 		if ($this->getModel('SessionModel')->getRank() == RANK_USER && !isset($lockv))
 		{
-			$this->getView('MainView')->forum_message('You are not admin', 'index.php');
+			$this->getView('MainView')->forum_message('You are not admin', buildURL('index.php'));
 			$lockv = true;
 		}
 		
@@ -63,7 +63,7 @@ class AdminController extends Controller
 		
 			if ($user_info == null)
 			{
-				$this->getView('MainView')->forum_message('User does not exist!', 'index.php?mode=admin&amp;submode=users'); 
+				$this->getView('MainView')->forum_message('User does not exist!', buildURL('index.php?mode=admin&amp;submode=users', true)); 
 				$lockv = true;
 			}
 			else
@@ -148,7 +148,7 @@ class AdminController extends Controller
 						
 						$this->getModel('UsersModel')->changeUserRank($_GET['id'], $_POST['user_rank']);
 						$this->getModel('UsersModel')->updateUserProfile($_GET['id'], $_POST['nick'], $_POST['email'], $_POST['location'], $_POST['signature'], $av);
-						$this->getView('MainView')->forum_message('User profile has changed.', 'index.php?mode=admin&amp;submode=users');
+						$this->getView('MainView')->forum_message('User profile has changed.', buildURL('index.php?mode=admin&amp;submode=users', true));
 						$lockv = true;
 
 					}
@@ -216,14 +216,14 @@ class AdminController extends Controller
 			$user_info = $this->getModel('UsersModel')->getUserInformation($_GET['id']);
 			if ($user_info == null)
 			{
-				$this->getView('MainView')->forum_message('User does not exist!', 'index.php?mode=admin&amp;submode=users'); 
+				$this->getView('MainView')->forum_message('User does not exist!', buildURL('index.php?mode=admin&amp;submode=users', true)); 
 				$lockv = true;
 			}
 			else
 			{
 				if ($_GET['id'] == $this->getModel('SessionModel')->getID())
 				{
-					$this->getView('MainView')->forum_message('You cannot delete own profile!', 'index.php?mode=admin&amp;submode=users'); 
+					$this->getView('MainView')->forum_message('You cannot delete own profile!', buildURL('index.php?mode=admin&amp;submode=users', true)); 
 					$lockv = true;
 				}
 			}
@@ -236,12 +236,12 @@ class AdminController extends Controller
 					$this->getModel('UsersModel')->deleteUser($_GET['id']);
 					if ($user_info['avatar'] != null) //delete user's avatar
 						unlink('./'.$user_info['avatar']);
-					$this->getView('MainView')->forum_message('Profile deleted. Redirecting to users list...', 'index.php?mode=admin&amp;submode=users'); 
+					$this->getView('MainView')->forum_message('Profile deleted. Redirecting to users list...', buildURL('index.php?mode=admin&amp;submode=users', true)); 
 					$lockv = true;
 				}
 				else
 				{
-					$this->forward('index.php?mode=admin&submode=users');
+					$this->forward(buildURL('index.php?mode=admin&submode=users'));
 				}
 			}
 			
@@ -284,7 +284,7 @@ class AdminController extends Controller
 					if ($_POST['forum_desc'] !=  $this->getModel('ConfigModel')->getConf('forum_desc'))
 						$this->getModel('ConfigModel')->updateConf('forum_desc', $_POST['forum_desc']);
 					
-					$this->getView('MainView')->forum_message('Forum configuration updated. Redirecting...', 'index.php?mode=admin&amp;submode=config'); 
+					$this->getView('MainView')->forum_message('Forum configuration updated. Redirecting...', buildURL('index.php?mode=admin&amp;submode=config', true)); 
 					$lockv = true;
 				}
 			}
@@ -348,7 +348,7 @@ class AdminController extends Controller
 			
 			if ($forum_info == null)
 			{
-				$this->getView('MainView')->forum_message('Forum does not exist!', 'index.php?mode=admin&amp;submode=forums'); 
+				$this->getView('MainView')->forum_message('Forum does not exist!', buildURL('index.php?mode=admin&amp;submode=forums', true)); 
 				$lockv = true;
 			}
 
@@ -357,11 +357,11 @@ class AdminController extends Controller
 				if (!isset($_POST['rejected']))
 				{
 					$this->getModel('ForumsModel')->deleteForum($_GET['id']);
-					$this->getView('MainView')->forum_message('Forum deleted. Redirecting...', 'index.php?mode=admin&amp;submode=forums');
+					$this->getView('MainView')->forum_message('Forum deleted. Redirecting...', buildURL('index.php?mode=admin&amp;submode=forums', true));
 					$lockv = true;		
 				}
 				else
-					$this->forward('index.php?mode=admin&submode=forums');
+					$this->forward(buildURL('index.php?mode=admin&submode=forums', true));
 			}
 			
 			if (!isset($lockv))
@@ -380,7 +380,7 @@ class AdminController extends Controller
 			
 			if ($cat_info == null)
 			{
-				$this->getView('MainView')->forum_message('Category does not exist!', 'index.php?mode=admin&amp;submode=forums'); 
+				$this->getView('MainView')->forum_message('Category does not exist!', buildURL('index.php?mode=admin&amp;submode=forums', true)); 
 				$lockv = true;
 			}
 
@@ -389,11 +389,11 @@ class AdminController extends Controller
 				if (!isset($_POST['rejected']))
 				{
 					$this->getModel('ForumsModel')->deleteCat($_GET['id']);
-					$this->getView('MainView')->forum_message('Category deleted. Redirecting...', 'index.php?mode=admin&amp;submode=forums');
+					$this->getView('MainView')->forum_message('Category deleted. Redirecting...', buildURL('index.php?mode=admin&amp;submode=forums', true));
 					$lockv = true;		
 				}
 				else
-					$this->forward('index.php?mode=admin&submode=forums');
+					$this->forward(buildURL('index.php?mode=admin&submode=forums', true));
 			}
 			
 			if (!isset($lockv))
@@ -415,7 +415,7 @@ class AdminController extends Controller
 			
 			if ($cat_info == null)
 			{
-				$this->getView('MainView')->forum_message('Category does not exist!', 'index.php?mode=admin&amp;submode=forums'); 
+				$this->getView('MainView')->forum_message('Category does not exist!', buildURL('index.php?mode=admin&amp;submode=forums', true)); 
 				$lockv = true;
 			}
 		}
@@ -432,13 +432,13 @@ class AdminController extends Controller
 				if ($m == 'add')
 				{
 					$this->getModel('ForumsModel')->addCat($_POST['name']);
-					$this->getView('MainView')->forum_message('Category added. Redirecting...', 'index.php?mode=admin&amp;submode=forums'); 
+					$this->getView('MainView')->forum_message('Category added. Redirecting...', buildURL('index.php?mode=admin&amp;submode=forums', true)); 
 					$lockv = true;
 				}	
 				else
 				{
 					$this->getModel('ForumsModel')->changeCat($_GET['id'], $_POST['name']);
-					$this->getView('MainView')->forum_message('Category updated. Redirecting...', 'index.php?mode=admin&amp;submode=forums'); 
+					$this->getView('MainView')->forum_message('Category updated. Redirecting...', buildURL('index.php?mode=admin&amp;submode=forums', true)); 
 					$lockv = true;
 				}
 			}
@@ -469,7 +469,7 @@ class AdminController extends Controller
 			
 			if ($forum_info == null)
 			{
-				$this->getView('MainView')->forum_message('Forum does not exist!', 'index.php?mode=admin&amp;submode=forums'); 
+				$this->getView('MainView')->forum_message('Forum does not exist!', buildURL('index.php?mode=admin&amp;submode=forums', true));
 				$lockv = true;
 			}
 		}
@@ -496,13 +496,13 @@ class AdminController extends Controller
 				if ($m == 'add')
 				{
 					$this->getModel('ForumsModel')->addForum($_POST['name'], $_POST['desc'], $_POST['category_id'], $_POST['locked']);
-					$this->getView('MainView')->forum_message('Forum added. Redirecting...', 'index.php?mode=admin&amp;submode=forums'); 
+					$this->getView('MainView')->forum_message('Forum added. Redirecting...', buildURL('index.php?mode=admin&amp;submode=forums', true)); 
 					$lockv = true;
 				}	
 				else
 				{
 					$this->getModel('ForumsModel')->changeForum($_GET['id'], $_POST['name'], $_POST['desc'], $_POST['category_id'], $_POST['locked']);
-					$this->getView('MainView')->forum_message('Forum updated. Redirecting...', 'index.php?mode=admin&amp;submode=forums'); 
+					$this->getView('MainView')->forum_message('Forum updated. Redirecting...', buildURL('index.php?mode=admin&amp;submode=forums', true)); 
 					$lockv = true;
 				}
 			}
@@ -546,7 +546,7 @@ class AdminController extends Controller
 			
 			if ($ban_info == null)
 			{
-				$this->getView('MainView')->forum_message('Ban does not exist!', 'index.php?mode=admin&amp;submode=banlist'); 
+				$this->getView('MainView')->forum_message('Ban does not exist!', buildURL('index.php?mode=admin&amp;submode=banlist', true)); 
 				$lockv = true;
 			}
 
@@ -555,11 +555,11 @@ class AdminController extends Controller
 				if (!isset($_POST['rejected']))
 				{
 					$this->getModel('BansModel')->deleteBan($_GET['id']);
-					$this->getView('MainView')->forum_message('Ban deleted. Redirecting...', 'index.php?mode=admin&amp;submode=banlist');
+					$this->getView('MainView')->forum_message('Ban deleted. Redirecting...', buildURL('index.php?mode=admin&amp;submode=banlist', true));
 					$lockv = true;		
 				}
 				else
-					$this->forward('index.php?mode=admin&submode=banlist');
+					$this->forward(buildURL('index.php?mode=admin&submode=banlist', true));
 			}
 			
 			if (!isset($lockv))
@@ -594,7 +594,7 @@ class AdminController extends Controller
 				if ($msg == '')
 				{
 					$this->getModel('BansModel')->addBan($_POST['user_id'], $_POST['reason']);
-					$this->getView('MainView')->forum_message('Ban added. Redirecting...', 'index.php?mode=admin&amp;submode=banlist'); 
+					$this->getView('MainView')->forum_message('Ban added. Redirecting...', buildURL('index.php?mode=admin&amp;submode=banlist', true)); 
 					$lockv = true;
 				}
 			}
diff --git a/inc/misc_functions.php b/inc/misc_functions.php
index e2d4fc2..466f0d9 100644
--- a/inc/misc_functions.php
+++ b/inc/misc_functions.php
@@ -20,4 +20,29 @@ function buildURL($URI, $https = false)
 	
 	return $url;
 }
+
+function post_default($key, $default='')
+{
+	$_POST[$key] = (isset($_POST[$key])) ? stripslashes($_POST[$key]) : $default;
+}
+
+function clean_input(&$input, $dbobj, $opts = null)
+{
+	$input = trim($input);
+	$input = $dbobj->real_escape_string($input);
+    
+	if ($opts != null)
+	{
+		if (in_array('spchars', $opts)) //special chars
+				$input = htmlspecialchars($input);
+		
+		if (in_array('nnegint', $opts)) //non-negative integer
+		{
+			$int_options = array('options' => array('min_range' => 0));
+			$input = var_dump(filter_var($input, FILTER_VALIDATE_INT, $int_options));
+		}	
+	}
+	else
+		$input = strip_tags($input);     
+}
 ?>
\ No newline at end of file