diff --git a/public/include/classes/base.class.php b/public/include/classes/base.class.php index 30a2b25e..aea25d60 100644 --- a/public/include/classes/base.class.php +++ b/public/include/classes/base.class.php @@ -8,6 +8,7 @@ if (!defined('SECURITY')) // some cross-class functions. class Base { private $sError = ''; + private $values = array(), $types = ''; public function setDebug($debug) { $this->debug = $debug; @@ -30,6 +31,9 @@ class Base { public function setToken($token) { $this->token = $token; } + public function setBlock($block) { + $this->block= $block; + } public function setBitcoin($bitcoin) { $this->bitcoin = $bitcoin; } @@ -89,5 +93,24 @@ class Base { $this->debug->append("Unable to update " . $field['name'] . " with " . $field['value'] . " for ID $id"); return false; } + + /** + * We may need to generate our bind_param list + **/ + public function addParam($type, &$value) { + $this->values[] = $value; + $this->types .= $type; + } + public function getParam() { + $array = array_merge(array($this->types), $this->values); + // See here why we need this: http://stackoverflow.com/questions/16120822/mysqli-bind-param-expected-to-be-a-reference-value-given + if (strnatcmp(phpversion(),'5.3') >= 0) { + $refs = array(); + foreach($array as $key => $value) + $refs[$key] = &$array[$key]; + return $refs; + } + return $array; + } } ?> diff --git a/public/include/classes/transaction.class.php b/public/include/classes/transaction.class.php index 7b02561c..4aa7fbd7 100644 --- a/public/include/classes/transaction.class.php +++ b/public/include/classes/transaction.class.php @@ -4,29 +4,11 @@ if (!defined('SECURITY')) die('Hacking attempt'); -class Transaction { +class Transaction extends Base { private $sError = ''; private $table = 'transactions'; - private $tableBlocks = 'blocks'; public $num_rows = 0; - public function __construct($debug, $mysqli, $config, $block, $user) { - $this->debug = $debug; - $this->mysqli = $mysqli; - $this->config = $config; - $this->block = $block; - $this->user = $user; - $this->debug->append("Instantiated Transaction class", 2); - } - - // get and set methods - private function setErrorMessage($msg) { - $this->sError = $msg; - } - public function getError() { - return $this->sError; - } - /** * Add a new transaction to our class table * @param account_id int Account ID to book transaction for @@ -109,7 +91,8 @@ class Transaction { if (!empty($value)) { switch ($key) { case 'type': - $aFilter[] = "t.type = '$value'"; + $aFilter[] = "t.type = ?"; + $this->addParam('s', $value); break; case 'status': switch ($value) { @@ -127,10 +110,12 @@ class Transaction { } break; case 'account': - $aFilter[] = "LOWER(a.username) = LOWER('$value')"; + $aFilter[] = "LOWER(a.username) = LOWER(?)"; + $this->addParam('s', $value); break; case 'address': - $aFilter[] = "t.coin_address = '$value'"; + $aFilter[] = "t.coin_address = ?"; + $this->addParam('s', $value); break; } } @@ -143,12 +128,16 @@ class Transaction { ORDER BY id DESC LIMIT ?,? "; + // Add some other params to query + $this->addParam('i', $start); + $this->addParam('i', $limit); $stmt = $this->mysqli->prepare($sql); if ($this->checkStmt($stmt) && $stmt->bind_param('ii', $start, $limit) && $stmt->execute() && $result = $stmt->get_result()) { // Fetch matching row count $num_rows = $this->mysqli->prepare("SELECT FOUND_ROWS() AS num_rows"); if ($num_rows->execute() && $row_count = $num_rows->get_result()->fetch_object()->num_rows) $this->num_rows = $row_count; + if ($this->checkStmt($stmt) && call_user_func_array( array($stmt, 'bind_param'), $this->getParam()) && $stmt->execute() && $result = $stmt->get_result()) return $result->fetch_all(MYSQLI_ASSOC); } $this->debug->append('Unable to fetch transactions'); @@ -178,15 +167,6 @@ class Transaction { return false; } - private function checkStmt($bState) { - if ($bState ===! true) { - $this->debug->append("Failed to prepare statement: " . $this->mysqli->error); - $this->setErrorMessage('Internal application Error'); - return false; - } - return true; - } - /** * Get all donation transactions * Used on donors page @@ -278,4 +258,9 @@ class Transaction { } } -$transaction = new Transaction($debug, $mysqli, $config, $block, $user); +$transaction = new Transaction(); +$transaction->setDebug($debug); +$transaction->setMysql($mysqli); +$transaction->setConfig($config); +$transaction->setBlock($block); +$transaction->setUser($user); diff --git a/public/include/pages/admin/transactions.inc.php b/public/include/pages/admin/transactions.inc.php index 1abeaf8a..e068d293 100644 --- a/public/include/pages/admin/transactions.inc.php +++ b/public/include/pages/admin/transactions.inc.php @@ -14,6 +14,7 @@ if (!$smarty->isCached('master.tpl', $smarty_cache_key)) { $debug->append('No cached version available, fetching from backend', 3); $aTransactions = $transaction->getAllTransactions(@$_REQUEST['start'], @$_REQUEST['filter'], $iLimit); $iCountTransactions = $transaction->num_rows; + empty($_REQUEST['start']) ? $start = 0 : $start = $_REQUEST['start']; $aTransactionTypes = $transaction->getTypes(); if (!$aTransactions) $_SESSION['POPUP'][] = array('CONTENT' => 'Could not find any transaction', 'TYPE' => 'errormsg'); $smarty->assign('LIMIT', $iLimit);