diff -u bookmarks2/account_setup.php bookmarks/account_setup.php --- bookmarks2/account_setup.php Tue Jan 18 16:33:27 2005 +++ bookmarks/account_setup.php Tue Jan 18 16:44:50 2005 @@ -9,7 +9,7 @@ $password_verify = $_POST['password_verify']; } -if ($username && $password && ($password == $password_verify)) { +if (!empty ($username) && !empty ($password) && ($password == $password_verify)) { $crypted_password = crypt($password, '27'); debug("Username: $username", 2); debug("Password: $password -> $crypted_password", 2); @@ -36,7 +36,7 @@
Your passwords didn't match, try again.
"; } +if (!empty ($password) && $password != $password_verify) { echo "

Your passwords didn't match, try again.
"; } ?> @@ -44,7 +44,7 @@ - + diff -u bookmarks2/add_bookmark.php bookmarks/add_bookmark.php --- bookmarks2/add_bookmark.php Tue Jan 18 16:33:27 2005 +++ bookmarks/add_bookmark.php Tue Jan 18 17:20:48 2005 @@ -29,40 +29,42 @@ if ($APB_SETTINGS['auth_user_id']) { // We have an authenticated user. - + $id = null; if (isset($_GET['id'])) { - $id = $_GET['id']; + $id = addslashes ($_GET['id']); } // Javascript quickadd uses get to add bookmarks, so let's // try to accommodate that if (isset($_GET['form_title'])) { - $form_title = $_GET['form_title']; + $form_title = addslashes ($_GET['form_title']); } if (isset($_GET['form_url'])) { - $form_url = $_GET['form_url']; + $form_url = addslashes ($_GET['form_url']); } print "
"; print "
" . (($id) ? 'Edit' : 'Add') . " Bookmark

\n"; $action = ''; + $form_private = null; + $form_description = null; if (isset($_GET['action'])) { - $action = $_GET['action']; + $action = addslashes ($_GET['action']); } if (isset($_POST['form_url'])) { - $form_url = $_POST['form_url']; + $form_url = addslashes ($_POST['form_url']); } // If we're going to insert, we need to have a URL. [LBS 20020211] - if ($action == 'insert_bookmark' && $form_url) { + if ($action == 'insert_bookmark' && !empty ($form_url)) { $form_group_type = $_POST['form_group_type']; - if ('' != $_POST['form_group_title']) + if (!empty ($_POST['form_group_title'])) { $form_group_title = $_POST['form_group_title']; } @@ -116,7 +118,7 @@ $form_id = $_POST['form_id']; } - if ($form_id) { + if (!empty ($form_id)) { // Hacked this line, because I'm not sure it's needed... plus it helps @@ -125,15 +127,15 @@ if (1) { if (isset($_GET['form_title'])) { - $form_title = $_GET['form_title']; + $form_title = addslashes ($_GET['form_title']); } if (isset($_POST['form_title'])) { - $form_title = $_POST['form_title']; + $form_title = addslashes ($_POST['form_title']); } - $form_description = $_POST['form_description']; - $form_private = $_POST['form_private']; - $back_url = $_POST['back_url']; + $form_description = addslashes ($_POST['form_description']); + $form_private = addslashes ($_POST['form_private']); + $back_url = addslashes ($_POST['back_url']); $query = " UPDATE apb_bookmarks SET group_id = '$form_group_id', @@ -171,9 +173,9 @@ } } else { - $form_title = $_POST['form_title']; - $form_description = $_POST['form_description']; - $form_private = $_POST['form_private']; + $form_title = addslashes ($_POST['form_title']); + $form_description = addslashes ($_POST['form_description']); + $form_private = addslashes ($_POST['form_private']); $query = " INSERT INTO apb_bookmarks (group_id, bookmark_title, bookmark_url, bookmark_description, @@ -249,7 +251,7 @@ $form_title = $b->title(); $form_url = $b->url(); $form_description = $b->description(); - $form_private = $b->private(); + $form_private = $b->apb_private(); $id_owner_user_id = $b->user_id(); } @@ -272,7 +274,7 @@
Existing Group:
-
+

@@ -281,7 +283,7 @@ New Group:
- +
Parent Group:
@@ -295,7 +297,8 @@ // If there are not any groups yet, show the simple group editor. [LBS 20020211] else { - if (!$form_group_title) { $form_group_title = "My First Group"; } + $form_group_title = null; + if (!empty ($form_group_title)) { $form_group_title = "My First Group"; } ?> @@ -316,7 +319,7 @@ $form_title = $_GET['form_title']; } ?> -
+
@@ -329,14 +332,14 @@ $form_url = $_GET['form_url']; } ?> -
+
Description:
-
+
diff -u bookmarks2/apb_bookmark_class.php bookmarks/apb_bookmark_class.php --- bookmarks2/apb_bookmark_class.php Tue Jan 18 16:33:27 2005 +++ bookmarks/apb_bookmark_class.php Tue Jan 18 16:41:05 2005 @@ -101,7 +101,7 @@ return $this->creation_date; } - function private () { + function apb_private () { if (! $this->private) { #debug("No private, loading vars"); $this->load_vars($this->id); @@ -126,7 +126,7 @@ $this->title() || $this->load_vars($this->id); // If we're in "edit mode" go to a different link than the normal one. - if ($APB_SETTINGS['auth_user_id'] AND $APB_SETTINGS['edit_mode']) { + if ($APB_SETTINGS['auth_user_id'] AND !empty ($APB_SETTINGS['edit_mode'])) { $url = $APB_SETTINGS['apb_url']."add_bookmark.php?id="; // Show an icon to let you know if something is private. if ($this->private) { $private_icon = " Private"; } @@ -146,7 +146,7 @@ ">". $this->title. "". - $private_icon; + ((!empty ($private_icon)) ? $private_icon : ''); return $link; } @@ -183,4 +183,4 @@ } -?> \ No newline at end of file +?> diff -u bookmarks2/apb_common.php bookmarks/apb_common.php --- bookmarks2/apb_common.php Tue Jan 18 16:33:27 2005 +++ bookmarks/apb_common.php Tue Jan 18 17:13:44 2005 @@ -54,7 +54,7 @@ /* Database Connection */ // All database queries should use mysql_db_query($APB_SETTINGS['apb_database'], $query); -mysql_pconnect ($APB_SETTINGS['apb_host'], $APB_SETTINGS['apb_username'], $APB_SETTINGS['apb_password']); +mysql_pconnect ($APB_SETTINGS['apb_host'], $APB_SETTINGS['apb_username'], $APB_SETTINGS['apb_password']) or die ('Error db connect:' . mysql_error ()); //echo "[[[".$APB_SETTINGS['apb_username']."]]]"; /* class files */ @@ -78,17 +78,18 @@ // By default we allow the login button to be displayed. [LBS 20020211] $APB_SETTINGS["allow_login"] = 1; +$APB_SETTINGS['auth_user_id'] = false; debug("About to do authentication..."); /* Authentication */ if ($APB_SETTINGS['auth_type'] == 'cookie') { - $cookie_username = $_COOKIE['cookie_username']; - $cookie_password = $_COOKIE['cookie_password']; + $cookie_username = (!empty ($_COOKIE['cookie_username']) ? $_COOKIE['cookie_username'] : false); + $cookie_password = (!empty ($_COOKIE['cookie_password']) ? $_COOKIE['cookie_password'] : false); debug("Auth type is cookie", 4); $query = "SELECT * FROM apb_users WHERE username = '$cookie_username'"; debug($query, 5); - $result = mysql_db_query($APB_SETTINGS['apb_database'], $query); + $result = mysql_db_query($APB_SETTINGS['apb_database'], $query) or die ('Error with query: ' . mysql_error ()); if (mysql_num_rows($result) > 0) { debug("Username $cookie_username found", 4); $row = mysql_fetch_assoc($result); @@ -157,13 +158,18 @@ $APB_SETTINGS['log_start'] = "apb_bookmark()"; if (is_array($constructor)) { - $bookmark_id = $constructor['bookmark_id']; - if (!$apb_bookmarks[$bookmark_id]) { + if (!empty ($constructor['bookmark_id'])) { + $bookmark_id = $constructor['bookmark_id']; + } + else { + return (false); + } + if (empty ($apb_bookmarks[$bookmark_id])) { $apb_bookmarks[$bookmark_id] = new Bookmark($bookmark_id); } } else { $bookmark_id = $constructor; - if (!$apb_bookmarks[$bookmark_id]) { + if (empty ($apb_bookmarks[$bookmark_id])) { $apb_bookmarks[$bookmark_id] = new Bookmark($bookmark_id); } } @@ -188,12 +194,12 @@ if (is_array($constructor)) { $group_id = $constructor['group_id']; - if (!$apb_groups[$group_id]) { + if (empty ($apb_groups[$group_id])) { $apb_groups[$group_id] = new Group($group_id); } } else { $group_id = $constructor; - if (!$apb_groups[$group_id]) { + if (empty ($apb_groups[$group_id])) { $apb_groups[$group_id] = new Group($group_id); } } @@ -310,7 +316,7 @@ "
"; } ?> - + @@ -67,7 +67,7 @@
Username:
Password: