diff --git a/README.md b/README.md
index 37d9885..a2e4489 100644
--- a/README.md
+++ b/README.md
@@ -14,4 +14,38 @@ A simple website with some JavaScript Games
1. Fork this repo.
2. Checkout your fork.
3. Make changes and commit them to your fork.
- 4. Hit the button that says "Submit Pull Request" on your forked repo.
\ No newline at end of file
+ 4. Hit the button that says "Submit Pull Request" on your forked repo.
+
+
+### SQL Lite DB Initialization
+
+
+```sql
+sqlite3 clubpanda.sqlite
+
+CREATE TABLE scores (
+ score_id INTEGER PRIMARY KEY AUTOINCREMENT,
+ game INTEGER NOT NULL,
+ user_id mediumint(9) NOT NULL,
+ score mediumint(9) NOT NULL
+);
+
+
+CREATE TABLE users (
+ user_id INTEGER PRIMARY KEY AUTOINCREMENT,
+ first_name varchar(20) NOT NULL,
+ last_name varchar(40) NOT NULL,
+ user_name varchar(60) NOT NULL,
+ pass char(40) NOT NULL,
+ registration_date datetime NOT NULL,
+ admin tinyint(1) NOT NULL
+);
+
+select score, users.user_name username from scores inner join users on users.user_id=scores.user_id where game = '1' order by score desc limit 20
+
+.exit
+```
+
+
+Notes on php sqlite documentation: https://www.php.net/manual/en/sqlite3.construct.php
+
diff --git a/club_connect.php b/club_connect.php
index f4607c9..d88d3d2 100644
--- a/club_connect.php
+++ b/club_connect.php
@@ -1,10 +1,3 @@
diff --git a/docker-compose.yml b/docker-compose.yml
index 0180332..8aaaf02 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,19 +1,5 @@
version: '3'
-# how to access sql when running -- used to import database into docker container
-# mysql --port=3306 --host=127.0.0.1 -u root --password=password
-services:
- clubdb:
- image: mysql
- command: --default-authentication-plugin=mysql_native_password
- restart: always
- environment:
- MYSQL_ROOT_PASSWORD: password
- volumes:
- - "./db:/var/lib/mysql"
- ports:
- - "3306:3306"
-
# Php-fpm configuration
php:
build: ./php_docker/
@@ -30,7 +16,5 @@ services:
- .:/app/public
links:
- php
- - clubdb
depends_on:
- php
- - clubdb
\ No newline at end of file
diff --git a/games/highscore.php b/games/highscore.php
index b2168aa..3a259ad 100644
--- a/games/highscore.php
+++ b/games/highscore.php
@@ -5,7 +5,9 @@
echo '
High Scores
';
$q = "select * from scores where game = '$game_id' order by score desc limit 20";
-$r = mysqli_query($dbc, $q);
+
+$q = "select score, users.user_name username from scores inner join users on users.user_id=scores.user_id where game = '$game_id' order by score desc limit 20";
+$r = $db->query($q);
echo '';
echo '
@@ -15,27 +17,13 @@ echo '
';
$rank = 0;
-while($row = mysqli_fetch_array($r))
+while($row = $r->fetchArray())
{
$rank ++;
echo '';
-
echo '' . $rank . ' | ';
-
- echo '';
-
- $q2 = "select user_name from users where user_id='". $row['user_id'] .
- "' limit 1";
- $r2 = mysqli_query($dbc, $q2);
-
- while($row2 = mysqli_fetch_array($r2))
- echo $row2['user_name'];
-
- echo ' | ';
-
- //score
+ echo '' . $row['username'] . ' | ';
echo '' . $row['score'] . ' | ';
-
echo '
';
}
echo '
';
diff --git a/games/insertScore.php b/games/insertScore.php
index 641660d..a2a0d0e 100644
--- a/games/insertScore.php
+++ b/games/insertScore.php
@@ -6,17 +6,17 @@ include_once '../club_connect.php';
if(isset($_POST['game_new_score']))
{
- $i_game = mysqli_real_escape_string($dbc,
+ $i_game = $db->escapeString(
trim($_POST['game']));
- $i_user_id = mysqli_real_escape_string($dbc,
+ $i_user_id = $db->escapeString(
trim($_POST['user_id_score']));
- $i_score = mysqli_real_escape_string($dbc,
+ $i_score = $db->escapeString(
trim($_POST['score_validate']));
$q = "insert into scores(game, user_id, score)
values('$i_game','$i_user_id','$i_score')";
if($i_user_id > 0)
- $r = mysqli_query($dbc, $q);
+ $r = $db->query($q);
if($i_game == 1)
header("Location: bamboofield.php");
diff --git a/games/userscores.php b/games/userscores.php
index 53b8f93..fc1f39c 100644
--- a/games/userscores.php
+++ b/games/userscores.php
@@ -6,10 +6,9 @@ if($loggedIn)
{
echo 'User\'s Personal Records
';
-
- $q = "select * from scores where user_id='" . $_SESSION['user_id']
+ $q = "select score, users.user_name username from scores inner join users on users.user_id=scores.user_id where scores.user_id='" . $_SESSION['user_id']
. "' and game='$game_id' order by score desc limit 20";
- $r = mysqli_query($dbc, $q);
+ $r = $db->query($q);
echo '';
echo '
@@ -17,20 +16,10 @@ if($loggedIn)
Score |
';
- while($row = mysqli_fetch_array($r))
+ while($row = $r->fetchArray())
{
- echo '';
-
- $q2 = "select user_name from users where user_id='"
- . $row['user_id'] . "' limit 1";
- $r2 = mysqli_query($dbc, $q2);
-
- while($row2 = mysqli_fetch_array($r2))
- echo $row2['user_name'];
-
- echo ' | ';
-
- //score
+ echo '
';
+ echo '' . $row['username'] . ' | ';
echo '' . $row['score'] . ' |
';
}
echo '
';
diff --git a/includes/header.php b/includes/header.php
index d42265e..85eeac6 100644
--- a/includes/header.php
+++ b/includes/header.php
@@ -27,14 +27,11 @@ if((md5($_SERVER['HTTP_USERAGENT'] . 'salt')) == ($_SESSION['agent']) &&
$q = "select admin from users where user_name='" .
$_SESSION['username'] . "'";
- $r = mysqli_query($dbc, $q);
+ $r = $db->querySingle($q, true);
- if(@mysqli_num_rows($r) == 1)
+ if($r)
{
- while($row = mysqli_fetch_array($r))
- $checka = $row['admin'];
-
- if($checka)
+ if($r['admin'])
$admin = true;
}
}
diff --git a/php_docker/Dockerfile b/php_docker/Dockerfile
index 2cc0335..8a10824 100644
--- a/php_docker/Dockerfile
+++ b/php_docker/Dockerfile
@@ -1,6 +1,9 @@
FROM php:7.4.3-fpm-alpine3.11
-RUN docker-php-ext-install mysqli
+RUN apk update \
+ && apk add sqlite \
+ && apk add socat \
+ && apk add php-sqlite3
# Copy the php config file
COPY ./php-fpm.conf /usr/local/etc/php-fpm.d/www.conf
diff --git a/user/profile.php b/user/profile.php
index 3034a47..d174f8f 100644
--- a/user/profile.php
+++ b/user/profile.php
@@ -19,13 +19,13 @@ if(isset($_POST['log_in']))
{
//echo 'Login procces';
if(isset($_POST['user_name']))
- $i_username = @mysqli_real_escape_string($dbc,
+ $i_username = $db->escapeString(
trim($_POST['user_name']));
else
$errors['User Name'] = 'You need to enter a user name!';
if(isset($_POST['password']))
- $i_password = @mysqli_real_escape_string($dbc,
+ $i_password = $db->escapeString(
trim($_POST['password']));
else
$errors['password'] = "You need to enter a password!";
@@ -35,42 +35,30 @@ if(isset($_POST['log_in']))
{
//valid username
$q3 = "select * from users where user_name='$i_username'";
- //echo $q3;
- $r3 = mysqli_query($dbc, $q3);
+ $r3 = $db->querySingle($q3, true);
- if(@mysqli_num_rows($r3) == 1)
+ if($r3) //not empty
{
- //echo 'das good';
- $firstName = "";
- while($row = mysqli_fetch_array($r3))
- $firstName = $row['first_name'];
-
+ $firstName = $r3['first_name'];
$q2 = "select * from users where user_name =
'$i_username' and pass ='" . SHA1($i_password
. $firstName) . "'";
+ $r2 = $db->querySingle($q2, true);
+ if($r2)
+ {
+ $_SESSION['use'] = true;
+ $_SESSION['fname'] = $firstName;
+ $_SESSION['user_id'] = $r2['user_id'];
+ $_SESSION['username'] = $r2['user_name'];
+ $_SESSION['agent'] = md5($_SERVER['HTTP_USERAGENT'] . 'salt');
- $r2 = mysqli_query($dbc, $q2);
+ if($dir == 2)
+ header("Location: ../index.php");
+ else
+ header("Location: index.php");
- if(@mysqli_num_rows($r2) == 1)
- {
- while($row = mysqli_fetch_array($r2))
- {
-
- $_SESSION['use'] = true;
- $_SESSION['fname'] = $firstName;
- $_SESSION['user_id'] = $row['user_id'];
- $_SESSION['username'] = $row['user_name'];
- $_SESSION['agent'] = md5($_SERVER['HTTP_USERAGENT']
- . 'salt');
-
- if($dir == 2)
- header("Location: ../index.php");
- else
- header("Location: index.php");
-
- }
}
else
{
diff --git a/user/register.php b/user/register.php
index a13bb99..7fdeeca 100644
--- a/user/register.php
+++ b/user/register.php
@@ -7,17 +7,17 @@ if(!$loggedIn)
if(isset($_POST['newUser']))
{
- $i_first = mysqli_real_escape_string($dbc, trim($_POST['first']));
- $i_last = mysqli_real_escape_string($dbc, trim($_POST['last']));
- $i_pass = mysqli_real_escape_string($dbc, trim($_POST['pass']));
- $i_user = mysqli_real_escape_string($dbc, trim($_POST['user_name']));
+ $i_first = $db->escapeString(trim($_POST['first']));
+ $i_last = $db->escapeString(trim($_POST['last']));
+ $i_pass = $db->escapeString(trim($_POST['pass']));
+ $i_user = $db->escapeString(trim($_POST['user_name']));
if($i_first && $i_last && $i_pass && $i_user)
{
$q = "select user_id from users where user_name='$i_user'";
- $r = mysqli_query($dbc, $q);
+ $r = $db->query($q);
- if(@mysqli_num_rows($r) == 1)
+ if($r->numColumns() && $r->columnType(0) != SQLITE3_NULL)
{
$errors['name'] = "That user name is already in use.";
}
@@ -44,9 +44,8 @@ if(!$loggedIn)
$q = "insert into users(first_name, last_name, user_name, pass,
registration_date, admin) values ('$i_first', '$i_last'
- , '$i_user', '$passcom', now(), false)";
- $r = mysqli_query($dbc, $q);
-
+ , '$i_user', '$passcom', date('now'), false)";
+ $r = $db->query($q);
header("Location: index.php");
}