diff --git a/lib/Default/AbstractSmrAccount.class.inc b/lib/Default/AbstractSmrAccount.class.inc index e354e4aa1..0de091c67 100644 --- a/lib/Default/AbstractSmrAccount.class.inc +++ b/lib/Default/AbstractSmrAccount.class.inc @@ -73,6 +73,7 @@ abstract class AbstractSmrAccount { protected $friendlyColour; protected $neutralColour; protected $enemyColour; + protected $SQL; protected $npc; @@ -181,7 +182,8 @@ abstract class AbstractSmrAccount { function __construct($accountID) { $this->db = new SmrMySqlDatabase(); - $this->db->query('SELECT * FROM account WHERE account_id = '.$this->db->escapeNumber($accountID).' LIMIT 1'); + $this->SQL = 'account_id = ' . $this->db->escapeNumber($accountID); + $this->db->query('SELECT * FROM account WHERE '.$this->SQL.' LIMIT 1'); if ($this->db->nextRecord()) { $row = $this->db->getRow(); @@ -251,7 +253,7 @@ abstract class AbstractSmrAccount { public function isDisabled() { $this->db->query('SELECT * FROM account_is_closed JOIN closing_reason USING(reason_id) ' . - 'WHERE account_id = '.$this->db->escapeNumber($this->account_id).' LIMIT 1'); + 'WHERE '.$this->SQL.' LIMIT 1'); if ($this->db->nextRecord()) { // get the expire time $expireTime = $this->db->getInt('expires'); @@ -273,7 +275,7 @@ abstract class AbstractSmrAccount { } public function isSmsBlacklisted() { - $this->db->query('SELECT reason FROM account_sms_blacklist WHERE account_id = ' . $this->db->escapeNumber($this->account_id) . ' LIMIT 1'); + $this->db->query('SELECT reason FROM account_sms_blacklist WHERE ' . $this->SQL . ' LIMIT 1'); if ($this->db->nextRecord()) return $this->db->getField('reason'); else @@ -308,7 +310,7 @@ abstract class AbstractSmrAccount { ', friendly_colour = ' . $this->db->escapeString($this->friendlyColour, true, true). ', neutral_colour = ' . $this->db->escapeString($this->neutralColour, true, true). ', enemy_colour = ' . $this->db->escapeString($this->enemyColour, true, true). - ' WHERE account_id = '.$this->db->escapeNumber($this->account_id).' LIMIT 1'); + ' WHERE '.$this->SQL.' LIMIT 1'); $this->hasChanged = false; } @@ -318,14 +320,13 @@ abstract class AbstractSmrAccount { // more than 50 elements in it? - $this->db->query('SELECT account_id,time,ip FROM account_has_ip WHERE account_id = '.$this->db->escapeNumber($this->account_id).' ORDER BY time ASC'); + $this->db->query('SELECT time,ip FROM account_has_ip WHERE '.$this->SQL.' ORDER BY time ASC'); if ($this->db->getNumRows() > 50 && $this->db->nextRecord()) { - $delete_id = $this->db->getField('account_id'); $delete_time = $this->db->getField('time'); $delete_ip = $this->db->getField('ip'); $this->db->query('DELETE FROM account_has_ip - WHERE account_id = '.$this->db->escapeNumber($delete_id).' AND + WHERE '.$this->SQL.' AND time = '.$this->db->escapeNumber($delete_time).' AND ip = '.$this->db->escapeString($delete_ip)); } @@ -388,7 +389,7 @@ abstract class AbstractSmrAccount { protected function getHOFData() { if(!isset($this->HOF)) { //Get Player HOF - $this->db->query('SELECT type,sum(amount) as amount FROM player_hof WHERE account_id=' . $this->db->escapeNumber($this->getAccountID()).' AND game_id IN (SELECT game_id FROM game WHERE ignore_stats = '.$this->db->escapeBoolean(false).') GROUP BY type'); + $this->db->query('SELECT type,sum(amount) as amount FROM player_hof WHERE ' . $this->SQL . ' AND game_id IN (SELECT game_id FROM game WHERE ignore_stats = \'FALSE\') GROUP BY type'); $this->HOF = array(); while($this->db->nextRecord()) { $hof =& $this->HOF; @@ -498,7 +499,7 @@ abstract class AbstractSmrAccount { if(!isset($this->credits)||!isset($this->rewardCredits)) { $this->credits = 0; $this->rewardCredits = 0; - $this->db->query('SELECT * FROM account_has_credits WHERE account_id = '.$this->db->escapeNumber($this->getAccountID()).' LIMIT 1'); + $this->db->query('SELECT * FROM account_has_credits WHERE '.$this->SQL.' LIMIT 1'); if ($this->db->nextRecord()) { $this->credits = $this->db->getInt('credits_left'); $this->rewardCredits = $this->db->getInt('reward_credits'); @@ -528,7 +529,7 @@ abstract class AbstractSmrAccount { if($this->credits==0&&$this->rewardCredits==0) $this->db->query('REPLACE INTO account_has_credits (account_id, credits_left, reward_credits) VALUES('.$this->db->escapeNumber($this->getAccountID()).', '.$this->db->escapeNumber($credits).','.$this->db->escapeNumber($rewardCredits).')'); else - $this->db->query('UPDATE account_has_credits SET credits_left='.$this->db->escapeNumber($credits).', reward_credits='.$this->db->escapeNumber($rewardCredits).' WHERE account_id='.$this->db->escapeNumber($this->getAccountID()).' LIMIT 1'); + $this->db->query('UPDATE account_has_credits SET credits_left='.$this->db->escapeNumber($credits).', reward_credits='.$this->db->escapeNumber($rewardCredits).' WHERE '.$this->SQL.' LIMIT 1'); $this->credits=$credits; $this->rewardCredits=$rewardCredits; } @@ -549,7 +550,7 @@ abstract class AbstractSmrAccount { if($this->credits==0&&$this->rewardCredits==0) $this->db->query('REPLACE INTO account_has_credits (account_id, credits_left) VALUES('.$this->db->escapeNumber($this->getAccountID()).', '.$this->db->escapeNumber($credits).')'); else - $this->db->query('UPDATE account_has_credits SET credits_left='.$this->db->escapeNumber($credits).' WHERE account_id='.$this->db->escapeNumber($this->getAccountID()).' LIMIT 1'); + $this->db->query('UPDATE account_has_credits SET credits_left='.$this->db->escapeNumber($credits).' WHERE '.$this->SQL.' LIMIT 1'); $this->credits=$credits; } @@ -577,7 +578,7 @@ abstract class AbstractSmrAccount { if($this->credits==0&&$this->rewardCredits==0) $this->db->query('REPLACE INTO account_has_credits (account_id, reward_credits) VALUES('.$this->db->escapeNumber($this->getAccountID()).', '.$this->db->escapeNumber($credits).')'); else - $this->db->query('UPDATE account_has_credits SET reward_credits='.$this->db->escapeNumber($credits).' WHERE account_id='.$this->db->escapeNumber($this->getAccountID()).' LIMIT 1'); + $this->db->query('UPDATE account_has_credits SET reward_credits='.$this->db->escapeNumber($credits).' WHERE '.$this->SQL.' LIMIT 1'); $this->rewardCredits=$credits; } @@ -666,13 +667,6 @@ abstract class AbstractSmrAccount { $db2->query('INSERT INTO account_donated (account_id, time, amount) VALUES ('.$db2->escapeNumber($this->getAccountID()).', ' . $db2->escapeNumber($db->getInt('time')) . ' , '.$db2->escapeNumber($db->getInt('amount')).')'); -// $db = new $databaseClassName(); -// $db->query('SELECT permission_id FROM account_has_permission ' . -// 'WHERE account_id = '.$db->escapeNumber($accountID)); -// $db2 = new SmrMySqlDatabase(); -// while($db->nextRecord()) -// $db2->query('INSERT IGNORE INTO account_has_permission (account_id, permission_id) VALUES ('.$db2->escapeNumber($this->getAccountID()).', ' . $db2->escapeNumber($db->getInt('permission_id')).')'); - //Warning: Column name should be escaped somehow. $this->db->query('UPDATE account SET `'.$databaseInfo['Column'].'` = ' . $this->db->escapeNumber($accountID) . ' WHERE account_id = '.$this->db->escapeNumber($this->getAccountID()).' LIMIT 1'); $this->increaseSmrCredits($credits); @@ -811,7 +805,7 @@ abstract class AbstractSmrAccount { return; if(!in_array($template,array_keys(Globals::getAvailableTemplates()))) throw new Exception('Template not allowed: '.$template); - $this->db->query('UPDATE account SET template = ' . $this->db->escapeString($template) . ' WHERE account_id = '.$this->db->escapeNumber($this->getAccountID()).' LIMIT 1'); + $this->db->query('UPDATE account SET template = ' . $this->db->escapeString($template) . ' WHERE '.$this->SQL.' LIMIT 1'); $this->template = $template; $colourSchemes = Globals::getAvailableColourSchemes($template); $this->setColourScheme($colourSchemes[0]); @@ -1121,9 +1115,7 @@ abstract class AbstractSmrAccount { public function getPermissions() { if(!isset($this->permissions)) { $this->permissions = array(); - $this->db->query('SELECT permission_id - FROM account_has_permission - WHERE account_id = ' . $this->db->escapeNumber($this->getAccountID())); + $this->db->query('SELECT permission_id FROM account_has_permission WHERE ' . $this->SQL); while($this->db->nextRecord()) { $this->permissions[$this->db->getInt('permission_id')] = true; } @@ -1143,7 +1135,7 @@ abstract class AbstractSmrAccount { if(!isset($this->points)) { $this->points=0; $this->db->lockTable('account_has_points'); - $this->db->query('SELECT * FROM account_has_points WHERE account_id = '.$this->db->escapeNumber($this->getAccountID()).' LIMIT 1'); + $this->db->query('SELECT * FROM account_has_points WHERE '.$this->SQL.' LIMIT 1'); if($this->db->nextRecord()) { $this->points=$this->db->getInt('points'); $lastUpdate = $this->db->getInt('last_update'); @@ -1169,9 +1161,9 @@ abstract class AbstractSmrAccount { if ($this->points==0) $this->db->query('INSERT INTO account_has_points (account_id, points, last_update) VALUES ('.$this->db->escapeNumber($this->getAccountID()).', '.$this->db->escapeNumber($numPoints).', '.$this->db->escapeNumber($lastUpdate?$lastUpdate:TIME).')'); else if($numPoints<=0) - $this->db->query('DELETE FROM account_has_points WHERE account_id = '.$this->db->escapeNumber($this->getAccountID()).' LIMIT 1'); + $this->db->query('DELETE FROM account_has_points WHERE '.$this->SQL.' LIMIT 1'); else - $this->db->query('UPDATE account_has_points SET points = '.$this->db->escapeNumber($numPoints).($lastUpdate ? ', last_update = '.$this->db->escapeNumber(TIME) : '').' WHERE account_id = '.$this->db->escapeNumber($this->getAccountID()).' LIMIT 1'); + $this->db->query('UPDATE account_has_points SET points = '.$this->db->escapeNumber($numPoints).($lastUpdate ? ', last_update = '.$this->db->escapeNumber(TIME) : '').' WHERE '.$this->SQL.' LIMIT 1'); $this->points=$numPoints; } @@ -1245,19 +1237,19 @@ abstract class AbstractSmrAccount { (account_id, reason_id, suspicion, expires) VALUES('.$this->db->escapeNumber($this->getAccountID()).', '.$this->db->escapeNumber($reasonID).', '.$this->db->escapeString($suspicion).', '.$this->db->escapeNumber($expireTime).')'); $this->db->lockTable('active_session'); - $this->db->query('DELETE FROM active_session WHERE account_id = '.$this->db->escapeNumber($this->getAccountID()).' LIMIT 1'); + $this->db->query('DELETE FROM active_session WHERE '.$this->SQL.' LIMIT 1'); $this->db->unlock(); $this->db->query('INSERT INTO account_has_closing_history (account_id, time, admin_id, action) VALUES(' . $this->db->escapeNumber($this->getAccountID()) . ', ' . $this->db->escapeNumber(TIME) . ', ' . $this->db->escapeNumber($admin->getAccountID()) . ', ' . $this->db->escapeString('Closed') . ');'); $this->db->query('UPDATE player SET newbie_turns = 1 - WHERE account_id = ' . $this->db->escapeNumber($this->getAccountID()) . ' + WHERE ' . $this->SQL . ' AND newbie_turns = 0 AND land_on_planet = ' . $this->db->escapeBoolean(false)); $this->db->query('SELECT game_id FROM game JOIN player USING (game_id) - WHERE account_id = ' . $this->db->escapeNumber($this->getAccountID()) . ' + WHERE ' . $this->SQL . ' AND end_date >= ' . $this->db->escapeNumber(TIME)); while ($this->db->nextRecord()) { $player =& SmrPlayer::getPlayer($this->getAccountID(), $this->db->getInt('game_id')); @@ -1266,20 +1258,18 @@ abstract class AbstractSmrAccount { } $this->log(LOG_TYPE_ACCOUNT_CHANGES, 'Account closed by ' . $admin->getLogin() . '.'); if($removeExceptions!==false) - $this->db->query('DELETE FROM account_exceptions WHERE account_id = ' . $this->db->escapeNumber($this->getAccountID())); + $this->db->query('DELETE FROM account_exceptions WHERE ' . $this->SQL); } public function unbanAccount(SmrAccount &$admin = null,$currException=false) { $adminID = 0; if($admin!==null) $adminID = $admin->getAccountID(); - $this->db->query('DELETE FROM account_is_closed - WHERE account_id = ' . $this->db->escapeNumber($this->getAccountID()) . ' LIMIT 1'); + $this->db->query('DELETE FROM account_is_closed WHERE ' . $this->SQL . ' LIMIT 1'); $this->db->query('INSERT INTO account_has_closing_history (account_id, time, admin_id, action) VALUES(' . $this->db->escapeNumber($this->getAccountID()) . ', ' . $this->db->escapeNumber(TIME) . ', ' . $this->db->escapeNumber($adminID) . ', ' . $this->db->escapeString('Opened') . ')'); - $this->db->query('UPDATE player SET last_turn_update = GREATEST(' . $this->db->escapeNumber(TIME) . ', last_turn_update) - WHERE account_id = ' . $this->db->escapeNumber($this->getAccountID())); + $this->db->query('UPDATE player SET last_turn_update = GREATEST(' . $this->db->escapeNumber(TIME) . ', last_turn_update) WHERE ' . $this->SQL); if($admin!==null) $this->log(LOG_TYPE_ACCOUNT_CHANGES, 'Account reopened by ' . $admin->getLogin() . '.'); else diff --git a/lib/Default/AbstractSmrPlayer.class.inc b/lib/Default/AbstractSmrPlayer.class.inc index 9b2c8efe6..554faacd0 100644 --- a/lib/Default/AbstractSmrPlayer.class.inc +++ b/lib/Default/AbstractSmrPlayer.class.inc @@ -167,7 +167,7 @@ abstract class AbstractSmrPlayer { public function isDraftLeader() { if(!isset($this->draftLeader)) { $this->draftLeader = false; - $this->db->query('SELECT 1 FROM draft_leaders WHERE game_id = ' . $this->db->escapeNumber($this->getGameID()) . ' AND account_id = ' . $this->db->escapeNumber($this->getAccountID()) . ' LIMIT 1'); + $this->db->query('SELECT 1 FROM draft_leaders WHERE ' . $this->SQL . ' LIMIT 1'); if ($this->db->nextRecord()) { $this->draftLeader = true; } @@ -178,7 +178,7 @@ abstract class AbstractSmrPlayer { public function getGPWriter() { if(!isset($this->gpWriter)) { $this->gpWriter = false; - $this->db->query('SELECT position FROM galactic_post_writer WHERE game_id = ' . $this->db->escapeNumber($this->getGameID()) . ' AND account_id = ' . $this->db->escapeNumber($this->getAccountID())); + $this->db->query('SELECT position FROM galactic_post_writer WHERE ' . $this->SQL); if ($this->db->nextRecord()) { $this->gpWriter = $this->db->getField('position'); } @@ -229,9 +229,7 @@ abstract class AbstractSmrPlayer { $this->canFed[$raceID2] = $this->getRelation($raceID2) >= ALIGN_FED_PROTECTION; } $this->db->query('SELECT race_id, allowed FROM player_can_fed - WHERE account_id = ' . $this->db->escapeNumber($this->getAccountID()) . ' - AND game_id = ' . $this->db->escapeNumber($this->getGameID()) . ' - AND expiry > ' . $this->db->escapeNumber(TIME) . ';'); + WHERE ' . $this->SQL . ' AND expiry > ' . $this->db->escapeNumber(TIME)); while($this->db->nextRecord()) { $this->canFed[$this->db->getInt('race_id')] = $this->db->getBoolean('allowed'); } @@ -559,8 +557,7 @@ abstract class AbstractSmrPlayer { $this->allianceRoles[$allianceID] = 0; $this->db->query('SELECT role_id FROM player_has_alliance_role - WHERE account_id=' . $this->db->escapeNumber($this->getAccountID()) . ' - AND game_id=' . $this->db->escapeNumber($this->getGameID()) . ' + WHERE ' . $this->SQL . ' AND alliance_id=' . $this->db->escapeNumber($allianceID) . ' LIMIT 1'); if ($this->db->nextRecord()) { diff --git a/lib/Default/SmrLocation.class.inc b/lib/Default/SmrLocation.class.inc index 49b1425ac..9db155934 100644 --- a/lib/Default/SmrLocation.class.inc +++ b/lib/Default/SmrLocation.class.inc @@ -5,6 +5,7 @@ class SmrLocation { protected static $CACHE_SECTOR_LOCATIONS = array(); protected $db; + protected $SQL; protected $typeID; protected $name; @@ -39,10 +40,8 @@ class SmrLocation { $db = new SmrMySqlDatabase(); $db->query('SELECT location_type_id FROM location WHERE sector_id = ' . $db->escapeNumber($sectorID) . ' AND game_id=' . $db->escapeNumber($gameID)); $locations = array(); - $i=0; while($db->nextRecord()) { - $locations[$i] = self::getLocation($db->getField('location_type_id')); - $i++; + $locations[] = self::getLocation($db->getField('location_type_id')); } self::$CACHE_SECTOR_LOCATIONS[$gameID][$sectorID] = $locations; } @@ -51,15 +50,15 @@ class SmrLocation { public static function &getLocation($locationTypeID,$forceUpdate = false) { if($forceUpdate || !isset(self::$CACHE_LOCATIONS[$locationTypeID])) { - $p = new SmrLocation($locationTypeID); - self::$CACHE_LOCATIONS[$locationTypeID] = $p; + self::$CACHE_LOCATIONS[$locationTypeID] = new SmrLocation($locationTypeID); } return self::$CACHE_LOCATIONS[$locationTypeID]; } protected function __construct($locationTypeID) { $this->db = new SmrMySqlDatabase(); - $this->db->query('SELECT location_type_id,location_name,location_processor,location_image FROM location_type WHERE location_type_id = ' . $this->db->escapeNumber($locationTypeID) . ' LIMIT 1'); + $this->SQL = 'location_type_id = ' . $this->db->escapeNumber($locationTypeID); + $this->db->query('SELECT location_type_id,location_name,location_processor,location_image FROM location_type WHERE ' . $this->SQL . ' LIMIT 1'); if($this->db->nextRecord()) { $this->typeID = $this->db->getField('location_type_id'); @@ -96,7 +95,7 @@ class SmrLocation { return; } $this->name = $name; - $this->db->query('UPDATE location_type SET location_name=' . $this->db->escapeString($this->name) . ' WHERE location_type_id=' . $this->db->escapeNumber($this->getTypeID()) . ' LIMIT 1'); + $this->db->query('UPDATE location_type SET location_name=' . $this->db->escapeString($this->name) . ' WHERE ' . $this->SQL . ' LIMIT 1'); } public function hasAction() { @@ -113,7 +112,7 @@ class SmrLocation { public function isFed() { if(!isset($this->fed)) { - $this->db->query('SELECT * FROM location_is_fed WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' LIMIT 1'); + $this->db->query('SELECT * FROM location_is_fed WHERE ' . $this->SQL . ' LIMIT 1'); $this->fed = $this->db->nextRecord(); } return $this->fed; @@ -128,14 +127,14 @@ class SmrLocation { $this->fed = true; } else if($bool===false) { - $this->db->query('DELETE FROM location_is_fed WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' LIMIT 1'); + $this->db->query('DELETE FROM location_is_fed WHERE ' . $this->SQL . ' LIMIT 1'); $this->fed = false; } } public function isBank() { if(!isset($this->bank)) { - $this->db->query('SELECT * FROM location_is_bank WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' LIMIT 1'); + $this->db->query('SELECT * FROM location_is_bank WHERE ' . $this->SQL . ' LIMIT 1'); $this->bank = $this->db->nextRecord(); } return $this->bank; @@ -149,14 +148,14 @@ class SmrLocation { $this->bank = true; } else if($bool===false) { - $this->db->query('DELETE FROM location_is_bank WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' LIMIT 1'); + $this->db->query('DELETE FROM location_is_bank WHERE ' . $this->SQL . ' LIMIT 1'); $this->bank = false; } } public function isBar() { if(!isset($this->bar)) { - $this->db->query('SELECT * FROM location_is_bar WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' LIMIT 1'); + $this->db->query('SELECT * FROM location_is_bar WHERE ' . $this->SQL . ' LIMIT 1'); $this->bar = $this->db->nextRecord(); } return $this->bar; @@ -170,14 +169,14 @@ class SmrLocation { $this->bar = true; } else if($bool===false) { - $this->db->query('DELETE FROM location_is_bar WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' LIMIT 1'); + $this->db->query('DELETE FROM location_is_bar WHERE ' . $this->SQL . ' LIMIT 1'); $this->bar = false; } } public function isHQ() { if(!isset($this->HQ)) { - $this->db->query('SELECT * FROM location_is_hq WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' LIMIT 1'); + $this->db->query('SELECT * FROM location_is_hq WHERE ' . $this->SQL . ' LIMIT 1'); $this->HQ = $this->db->nextRecord(); } return $this->HQ; @@ -191,14 +190,14 @@ class SmrLocation { $this->HQ = true; } else if($bool===false) { - $this->db->query('DELETE FROM location_is_hq WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' LIMIT 1'); + $this->db->query('DELETE FROM location_is_hq WHERE ' . $this->SQL . ' LIMIT 1'); $this->HQ = false; } } public function isUG() { if(!isset($this->UG)) { - $this->db->query('SELECT * FROM location_is_ug WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' LIMIT 1'); + $this->db->query('SELECT * FROM location_is_ug WHERE ' . $this->SQL . ' LIMIT 1'); $this->UG = $this->db->nextRecord(); } return $this->UG; @@ -212,7 +211,7 @@ class SmrLocation { $this->UG = true; } else if($bool===false) { - $this->db->query('DELETE FROM location_is_ug WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' LIMIT 1'); + $this->db->query('DELETE FROM location_is_ug WHERE ' . $this->SQL . ' LIMIT 1'); $this->UG = false; } } @@ -220,7 +219,7 @@ class SmrLocation { public function &getHardwareSold() { if(!isset($this->hardwareSold)) { $this->hardwareSold = array(); - $this->db->query('SELECT hardware_type_id FROM location_sells_hardware WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID())); + $this->db->query('SELECT hardware_type_id FROM location_sells_hardware WHERE ' . $this->SQL); while($this->db->nextRecord()) { $this->hardwareSold[$this->db->getInt('hardware_type_id')] = Globals::getHardwareTypes($this->db->getInt('hardware_type_id')); } @@ -249,7 +248,7 @@ class SmrLocation { public function removeHardwareSold($hardwareTypeID) { if(!$this->isHardwareSold($hardwareTypeID)) return; - $this->db->query('DELETE FROM location_sells_hardware WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' AND hardware_type_id = ' . $this->db->escapeNumber($hardwareTypeID) . ' LIMIT 1'); + $this->db->query('DELETE FROM location_sells_hardware WHERE ' . $this->SQL . ' AND hardware_type_id = ' . $this->db->escapeNumber($hardwareTypeID) . ' LIMIT 1'); unset($this->hardwareSold[$hardwareTypeID]); } @@ -257,7 +256,7 @@ class SmrLocation { if(!isset($this->shipsSold)) { require_once(get_file_loc('AbstractSmrShip.class.inc')); $this->shipsSold = array(); - $this->db->query('SELECT * FROM location_sells_ships WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID())); + $this->db->query('SELECT * FROM location_sells_ships WHERE ' . $this->SQL); while($this->db->nextRecord()) { $this->shipsSold[$this->db->getInt('ship_type_id')] = AbstractSmrShip::getBaseShip(Globals::getGameType(SmrSession::$game_id), $this->db->getInt('ship_type_id')); } @@ -286,7 +285,7 @@ class SmrLocation { public function removeShipSold($shipTypeID) { if(!$this->isShipSold($shipTypeID)) return; - $this->db->query('DELETE FROM location_sells_ships WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' AND ship_type_id = ' . $this->db->escapeNumber($shipTypeID) . ' LIMIT 1'); + $this->db->query('DELETE FROM location_sells_ships WHERE ' . $this->SQL . ' AND ship_type_id = ' . $this->db->escapeNumber($shipTypeID) . ' LIMIT 1'); unset($this->shipsSold[$shipTypeID]); } @@ -294,7 +293,7 @@ class SmrLocation { if(!isset($this->weaponsSold)) { require_once(get_file_loc('SmrWeapon.class.inc')); $this->weaponsSold = array(); - $this->db->query('SELECT * FROM location_sells_weapons WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID())); + $this->db->query('SELECT * FROM location_sells_weapons WHERE ' . $this->SQL); while($this->db->nextRecord()) $this->weaponsSold[$this->db->getInt('weapon_type_id')] = SmrWeapon::getWeapon(Globals::getGameType(SmrSession::$game_id),$this->db->getInt('weapon_type_id')); } @@ -322,7 +321,7 @@ class SmrLocation { public function removeWeaponSold($weaponTypeID) { if(!$this->isWeaponSold($weaponTypeID)) return; - $this->db->query('DELETE FROM location_sells_weapons WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' AND weapon_type_id = ' . $this->db->escapeNumber($weaponTypeID) . ' LIMIT 1'); + $this->db->query('DELETE FROM location_sells_weapons WHERE ' . $this->SQL . ' AND weapon_type_id = ' . $this->db->escapeNumber($weaponTypeID) . ' LIMIT 1'); unset($this->weaponsSold[$weaponTypeID]); } diff --git a/lib/Default/SmrPlanet.class.inc b/lib/Default/SmrPlanet.class.inc index feda4801f..3b7110c24 100644 --- a/lib/Default/SmrPlanet.class.inc +++ b/lib/Default/SmrPlanet.class.inc @@ -11,6 +11,7 @@ class SmrPlanet { protected $maxBuildings; protected $db; + protected $SQL; protected $sectorID; protected $gameID; @@ -112,8 +113,9 @@ class SmrPlanet { protected function __construct($gameID,$sectorID,$create=false) { $this->db = new SmrMySqlDatabase(); + $this->SQL = 'game_id = ' . $this->db->escapeNumber($gameID) . ' AND sector_id = ' . $this->db->escapeNumber($sectorID); - $this->db->query('SELECT * FROM planet WHERE game_id = ' . $this->db->escapeNumber($gameID) . ' AND sector_id = ' . $this->db->escapeNumber($sectorID)); + $this->db->query('SELECT * FROM planet WHERE ' . $this->SQL); if ($this->db->nextRecord()) { $this->sectorID = $this->db->getInt('sector_id'); $this->gameID = $this->db->getInt('game_id'); @@ -515,7 +517,7 @@ class SmrPlanet { // initialize cargo array $this->stockpile = array(); // get supplies from db - $this->db->query('SELECT good_id, amount FROM planet_has_cargo WHERE game_id = ' . $this->db->escapeNumber($this->getGameID()) . ' AND sector_id = ' . $this->db->escapeNumber($this->getSectorID())); + $this->db->query('SELECT good_id, amount FROM planet_has_cargo WHERE ' . $this->SQL); // adding cargo and amount to array while ($this->db->nextRecord()) $this->stockpile[$this->db->getInt('good_id')] = $this->db->getInt('amount'); @@ -565,7 +567,7 @@ class SmrPlanet { $this->buildings = array(); // get buildingss from db - $this->db->query('SELECT construction_id, amount FROM planet_has_building WHERE game_id = ' . $this->db->escapeNumber($this->getGameID()) . ' AND sector_id = ' . $this->db->escapeNumber($this->getSectorID())); + $this->db->query('SELECT construction_id, amount FROM planet_has_building WHERE ' . $this->SQL); // adding building and amount to array while ($this->db->nextRecord()) { $this->buildings[$this->db->getInt('construction_id')] = $this->db->getInt('amount'); @@ -617,12 +619,7 @@ class SmrPlanet { if(!isset($this->currentlyBuilding)) { $this->currentlyBuilding = array(); - $this->db->query(' - SELECT * - FROM planet_is_building - WHERE game_id = ' . $this->db->escapeNumber($this->getGameID()) . ' - AND sector_id = ' . $this->db->escapeNumber($this->getSectorID())); - + $this->db->query('SELECT * FROM planet_is_building WHERE ' . $this->SQL); while($this->db->nextRecord()) { if($this->db->getInt('time_complete') <= TIME) { $expGain = $this->getConstructionExp($this->db->getInt('construction_id')); @@ -677,8 +674,7 @@ class SmrPlanet { public function setTypeID($num) { $this->typeID = $num; - $this->db->query('UPDATE planet SET planet_type_id = '.$this->db->escapeNumber($num).' WHERE game_id = ' . $this->getGameID() - . ' AND sector_id = '.$this->getSectorID()); + $this->db->query('UPDATE planet SET planet_type_id = '.$this->db->escapeNumber($num).' WHERE '.$this->SQL); //this will allow get to load new set from db unset($this->canOptions); @@ -807,8 +803,7 @@ class SmrPlanet { credits = ' . $this->db->escapeNumber($this->credits) . ', bonds = ' . $this->db->escapeNumber($this->bonds) . ', maturity = ' . $this->db->escapeNumber($this->maturity) . ' - WHERE game_id = ' . $this->db->escapeNumber($this->gameID) . ' - AND sector_id = ' . $this->db->escapeNumber($this->sectorID)); + WHERE ' . $this->SQL); $this->hasChanged = false; } @@ -820,8 +815,7 @@ class SmrPlanet { 'VALUES(' . $this->db->escapeNumber($this->getGameID()) . ', ' . $this->db->escapeNumber($this->getSectorID()) . ', ' . $this->db->escapeNumber($id) . ', ' . $this->db->escapeNumber($amount) . ')'); } else { - $this->db->query('DELETE FROM planet_has_cargo WHERE game_id = ' . $this->db->escapeNumber($this->getGameID()) . ' - AND sector_id = ' . $this->db->escapeNumber($this->getSectorID()) . ' + $this->db->query('DELETE FROM planet_has_cargo WHERE ' . $this->SQL . ' AND good_id = ' . $this->db->escapeNumber($id)); } } @@ -829,9 +823,7 @@ class SmrPlanet { if(count($this->hasStoppedBuilding)>0) { - $this->db->query('DELETE FROM planet_is_building - WHERE game_id = ' . $this->db->escapeNumber($this->getGameID()) . ' - AND sector_id = ' . $this->db->escapeNumber($this->getSectorID()) . ' + $this->db->query('DELETE FROM planet_is_building WHERE ' . $this->SQL . ' AND building_slot_id IN (' . $this->db->escapeArray($this->hasStoppedBuilding) . ') LIMIT ' . count($this->hasStoppedBuilding)); $this->hasStoppedBuilding = array(); } @@ -843,9 +835,7 @@ class SmrPlanet { 'VALUES(' . $this->db->escapeNumber($this->gameID) . ', ' . $this->db->escapeNumber($this->sectorID) . ', ' . $this->db->escapeNumber($id) . ', ' . $this->db->escapeNumber($this->getBuilding($id)) . ')'); } else { - $this->db->query('DELETE FROM planet_has_building - WHERE game_id = ' . $this->db->escapeNumber($this->gameID) . ' - AND sector_id = ' . $this->db->escapeNumber($this->sectorID) . ' + $this->db->query('DELETE FROM planet_has_building WHERE ' . $this->SQL . ' AND construction_id = ' . $this->db->escapeNumber($id)); } $this->hasChangedBuildings[$id] = false; @@ -1272,13 +1262,13 @@ class SmrPlanet { public function creditCurrentAttackersForKill() { //get all players involved for HoF - $this->db->query('SELECT account_id,level FROM player_attacks_planet WHERE game_id = ' . $this->db->escapeNumber($this->getGameID()) . ' AND sector_id = ' . $this->db->escapeNumber($this->getSectorID()) . ' AND time > ' . $this->db->escapeNumber(TIME - self::TIME_TO_CREDIT_BUST)); + $this->db->query('SELECT account_id,level FROM player_attacks_planet WHERE ' . $this->SQL . ' AND time > ' . $this->db->escapeNumber(TIME - self::TIME_TO_CREDIT_BUST)); while ($this->db->nextRecord()) { $currPlayer = SmrPlayer::getPlayer($this->db->getInt('account_id'),$this->getGameID()); $currPlayer->increaseHOF($this->db->getInt('level'),array('Combat','Planet','Levels'), HOF_PUBLIC); $currPlayer->increaseHOF(1,array('Combat','Planet','Completed'), HOF_PUBLIC); } - $this->db->query('DELETE FROM player_attacks_planet WHERE sector_id = ' . $this->db->escapeNumber($this->getSectorID()) . ' AND game_id = ' . $this->db->escapeNumber($this->getGameID())); + $this->db->query('DELETE FROM player_attacks_planet WHERE ' . $this->SQL); } public function &killPlanetByPlayer(AbstractSmrPlayer &$killer) { @@ -1286,7 +1276,7 @@ class SmrPlanet { $this->creditCurrentAttackersForKill(); //kick everyone from planet - $this->db->query('UPDATE player SET land_on_planet = \'FALSE\' WHERE sector_id = ' . $this->db->escapeNumber($this->getSectorID()) . ' AND game_id = ' . $this->db->escapeNumber($this->getGameID())); + $this->db->query('UPDATE player SET land_on_planet = \'FALSE\' WHERE ' . $this->SQL); $this->removeClaimed(); $this->removePassword(); return $return;