Updating mainfile from RavenNuke 2.51

Posted: Tue Sep 24, 2013 3:16 am

Today I decided to take a look line by line on mainfile.php.

Example:

Find

Code:

function update_points($id) {


   global $db, $prefix, $user, $user_prefix;


   if (is_user($user)) {


      if(!is_array($user)) {


         $cookie = cookiedecode($user);


         $username = trim($cookie[1]);


      } else {


         $username = trim($user[1]);


      }


      if ($db->sql_numrows($db->sql_query('SELECT * FROM ' . $prefix . '_groups')) > '0') {


         $id = intval($id);


         $result = $db->sql_query('SELECT points FROM ' . $prefix . '_groups_points WHERE id=\'' . $id . '\'');


         list($points) = $db->sql_fetchrow($result);


         $db->sql_query('UPDATE ' . $user_prefix.'_users SET points=points+' . $points . ' WHERE username=\'' . $username . '\'');


      }


   }


}

Replace with

Code:

function update_points($id) {


   global $db, $prefix, $user, $user_prefix;


   if (is_user($user)) {


      if(!is_array($user)) {


         $cookie = cookiedecode($user);


         $username = trim($cookie[1]);


      } else {


         $username = trim($user[1]);


      }


      if ($db->sql_numrows($db->sql_query('SELECT * FROM `' . $prefix . '_groups`')) > '0') {


         $id = intval($id);


         $result = $db->sql_query('SELECT `points` FROM `' . $prefix . '_groups_points` WHERE `id` = \'' . $id . '\'');


         list($points) = $db->sql_fetchrow($result);


         $db->sql_query('UPDATE `' . $user_prefix.'_users` SET `points` = `points`+' . $points . ' WHERE `username` = \'' . $username . '\'');


      }


   }


}

I found out more and I will post the whole update from mainfile.php for RavenNuke 2.51

Posted: Tue Sep 24, 2013 3:23 am

here I show u more

Code:

function adminblock() {


   global $admin, $admin_file, $db, $prefix, $user_prefix;


   if (is_admin($admin)) {


      $sql = 'SELECT `title`, `content`, `bid` FROM `' . $prefix . '_blocks` WHERE `bkey` = \'admin\'';


      $result = $db->sql_query($sql);


      while (list($title, $content, $bid) = $db->sql_fetchrow($result)) {


         $content = preg_replace('/\badmin.php/', $admin_file . '.php', $content);


         themesidebox($title, $content, $bid);


      }


      $title = _WAITINGCONT;


      $display = 0;


      $content = '<div class="ul-box"><ul class="rn-ul">';


      $num = $db->sql_numrows($db->sql_query('SELECT * FROM `' . $prefix . '_queue`'));


      $display = $display + $num;


      if ($num > 0) $content .= '<li><a href="' . $admin_file . '.php?op=submissions">' . _SUBMISSIONS . '</a>: ' . $num . '</li>';


      $num = $db->sql_numrows($db->sql_query('SELECT * FROM ' . $prefix . '_reviews_add'));


      $display = $display + $num;


      if ($num > 0) $content .= '<li><a href="' . $admin_file . '.php?op=reviews">' . _WREVIEWS . '</a>: ' . $num . '</li>';


      $num = $db->sql_numrows($db->sql_query('SELECT * FROM `' . $prefix . '_links_newlink`'));


      $display = $display + $num;


      if ($num > 0) $content .= '<li><a href="' . $admin_file . '.php?op=Links">' . _WLINKS . '</a>: ' . $num . '</li>';


      $modreql = $db->sql_numrows($db->sql_query('SELECT * FROM `' . $prefix . '_links_modrequest` WHERE `brokenlink` = 0'));


      $display = $display + $modreql;


      if ($modreql > 0) $content .= '<li><a href="' . $admin_file . '.php?op=LinksListModRequests">' . _MODREQLINKS . '</a>: ' . $modreql . '</li>';


      $brokenl = $db->sql_numrows($db->sql_query('SELECT * FROM `' . $prefix . '_links_modrequest` WHERE `brokenlink` = 1'));


      $display = $display + $brokenl;


      if ($brokenl > 0) $content .= '<li><a href="' . $admin_file . '.php?op=LinksListBrokenLinks">' . _BROKENLINKS . '</a>: ' . $brokenl . '</li>';


      $num = $db->sql_numrows($db->sql_query('SELECT * FROM `' . $prefix . '_nsngd_new`'));


      $display = $display + $num;


      if ($num > 0) $content .= '<li><a href="' . $admin_file . '.php?op=DownloadNew">' . _UDOWNLOADS . '</a>: ' . $num . '</li>';


      $modreqd = $db->sql_numrows($db->sql_query('SELECT * FROM `' . $prefix . '_nsngd_mods` WHERE `brokendownload` = 0'));


      $display = $display + $modreqd;


      if ($modreqd > 0) $content .= '<li><a href="' . $admin_file . '.php?op=DownloadModifyRequests">' . _MODREQDOWN . '</a>: ' . $modreqd . '</li>';


      $brokend = $db->sql_numrows($db->sql_query('SELECT * FROM `' . $prefix . '_nsngd_mods` WHERE `brokendownload` = 1'));


      $display = $display + $brokend;


      if ($brokend > 0) $content .= '<li><a href="' . $admin_file . '.php?op=DownloadBroken">' . _BROKENDOWN . '</a>: ' . $brokend . '</li>';


      $result = $db->sql_query('SELECT COUNT(*) FROM `' . $prefix . '_gcal_event` WHERE `approved` = 0');


      list($num) = $db->sql_fetchrow($result, SQL_NUM);


      $display = $display + $num;


      if ($num > 0) $content .= '<li><a href="' . $admin_file . '.php?op=gcalendar">' . _GCALENDAR_EVENTS . '</a>: ' . $num . '</li>';


      if (file_exists('modules/Your_Account/credits.html')) {


         $ya_expire = 0;


         $past = 0;


         $configresult = $db->sql_query('SELECT `config_name` , `config_value` FROM `' . $user_prefix . '_users_config` WHERE `config_name`=\'expiring\'');


         $ya_config = $db->sql_fetchrow($configresult);


         $ya_expire = $ya_config['config_value'];


         if ($ya_expire != 0) {


            $past = time() - $ya_expire;


            $res = $db->sql_query('SELECT `user_id` FROM `' . $user_prefix . '_users_temp` WHERE `time` < \'' . $past . '\'');


            while (list($uid) = $db->sql_fetchrow($res)) {


               $db->sql_query('DELETE FROM `' . $user_prefix . '_users_temp` WHERE `user_id` = \'' . $uid . '\'');


               $db->sql_query('DELETE FROM `' . $user_prefix . '_users_temp_field_values` WHERE `uid` = \'' . $uid . '\'');


            }


         }


         $result = $db->sql_query('SELECT COUNT(*) FROM `' . $user_prefix . '_users_temp` WHERE `admin_approve`= 1');


         list($numapproved) = $db->sql_fetchrow($result, SQL_NUM);


         $result = $db->sql_query('SELECT COUNT(*) FROM `' . $user_prefix . '_users_temp` WHERE `admin_approve`= 0');


         list($numneeds) = $db->sql_fetchrow($result, SQL_NUM);


         $num = $numapproved + $numneeds;


         $display = $display + $num;


         if ($num > 0) $content .= '<li><a href="' . $admin_file . '.php?op=yaUsers" title="' . _WAITINGAPPROVAL . ' = '. $numneeds . ' '._WAITINGACTIVATION.' = '. $numapproved . '">' . _USERS . '</a>: ' . $num . '</li>';


      }


      $content .= '</ul></div><div class="block-spacer">&nbsp;</div>';


      if($display > 0) themesidebox($title, $content, $bid);


   }


}

registered · Site Admin Joined: Jun 04, 2004 Posts: 6437

What is the reason for adding single quotes around attribute names in SQL is...? Performance, security, standards compliance?

I'm sure you could go on all day (for several days) with this, but, please, cut to the choice and make a point. A link to proof your point would be nice, too.

Posted: Tue Sep 24, 2013 4:33 pm

Well my point is very simple. I just notice one part from the code is ok and other not so I am trying to do a little bit makeup and clean code for a better performance. Take a look at the whole mainfile.php and u will see the different.

Posted: Wed Sep 25, 2013 9:23 am

There is ONE very good reason to use single back-tick quotes but the code you have posted is actually detrimental to performance so in order to help you understand what you have done, your going to have to tell me why YOU think your code is better.

Posted: Wed Sep 25, 2013 4:13 pm

well, I guess we all agree single quotes will load the site twice faster and backticks would make anything parsing your code less confused and more understandable. I don't know but I do like it so please explain to me what could be the most efficient way to code or make it better. If I compare old modules and block with what I see right now. I think it was a disaster.

Example:

Code:

function is_group($user, $name) {


          global $prefix, $db, $user_prefix, $cookie, $user;


     if (is_user($user)) {


          if(!is_array($user)) {


          $cookie = cookiedecode($user);


          $uid = intval($cookie[0]);


          } else {


          $uid = intval($user[0]);


          }


          $result = $db->sql_query("SELECT points FROM ".$user_prefix."_users WHERE user_id='$uid'");


          $row = $db->sql_fetchrow($result);


          $points = intval($row['points']);


          $db->sql_freeresult($result);


          $result2 = $db->sql_query("SELECT mod_group FROM ".$prefix."_modules WHERE title='$name'");


          $row2 = $db->sql_fetchrow($result2);


          $mod_group = intval($row2['mod_group']);


          $db->sql_freeresult($result2);


          $result3 = $db->sql_query("SELECT points FROM ".$prefix."_groups WHERE id='$mod_group'");


          $row3 = $db->sql_fetchrow($result3);


          $grp = intval($row3['points']);


          $db->sql_freeresult($result3);


          if (($points >= 0 AND $points >= $grp) OR $mod_group == 0) {


           return 1;


          }


     }


     return 0;


}

Then I want to convert it like this:

Code:

function is_group($user, $name) {


          global $prefix, $db, $user_prefix, $cookie, $user;


     if (is_user($user)) {


          if(!is_array($user)) {


          $cookie = cookiedecode($user);


          $uid = intval($cookie[0]);


          } else {


          $uid = intval($user[0]);


          }


          $result = $db->sql_query('SELECT `points` FROM `' . $user_prefix . '_users` WHERE `user_id` = \'' . $uid . '\'');


          $row = $db->sql_fetchrow($result);


          $points = intval($row['points']);


          $db->sql_freeresult($result);


          $result2 = $db->sql_query('SELECT `mod_group` FROM `' . $prefix . '_modules` WHERE `title` = \'' . $name . '\'');


          $row2 = $db->sql_fetchrow($result2);


          $mod_group = intval($row2['mod_group']);


          $db->sql_freeresult($result2);


          $result3 = $db->sql_query('SELECT `points` FROM `' . $prefix . '_groups WHERE `id` = \'' . $mod_group . '\'');


          $row3 = $db->sql_fetchrow($result3);


          $grp = intval($row3['points']);


          $db->sql_freeresult($result3);


          if (($points >= 0 AND $points >= $grp) OR $mod_group == 0) {


           return 1;


          }


     }


     return 0;


}

Note: I learned it from Neralex's module, that is what he used to do with all the new modules.

If you open index.php from the last news module I can see clean code and all single quotes and backtick

Code:

function theindex($new_topic = 0) {


   global $db, $storyhome, $topicname, $topicimage, $topictext, $datetime, $user, $cookie, $nukeurl, $prefix, $multilingual, $currentlang, $articlecomm, $sitename, $user_news, $userinfo;


   // Query TON addons


   $sql_ton = 'SELECT `newsrows`, `bookmark`, `linklocation`, `articlelink`, `TON_useTitleLink`, `TON_usePDF`, `TON_useRating`, `TON_useSendToFriend`, `showtags`, `TON_useCharLimit`, `TON_CharLimit`, `usedisqus`, `shortname`, `googlapi`, `usegooglsb`, `newssort`, `newsorder` FROM `' . $prefix . '_ton`';

Posted: Wed Sep 25, 2013 4:30 pm

I'm no mySQL expert but as far as I know, there is only one valid reason for using backticks around field names and that is to prevent collisions with keywords that mySQL uses for it's built in functions.
If you look at the lists here http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html you can see that some keywords could easily be used by accident, such as 'default', 'desc' etc.
Of course we now have a conundrum developing.......
On the one hand, it makes perfect sense to backtick everything to help ensure a field we used doesn't cause a problem in the future if mySQL suddenly adds another function but on the other hand, every backtick needs to be parsed by PHP, which degrades performance.

It's really down to personal preference and the developers own coding style so there isn't really a right or wrong way to do it.

Posted: Thu Sep 26, 2013 3:16 am

Thanks for this info Guardian2003, I think it is true to change anything we have to single quotes and backtick

registered · Site Admin Joined: Aug 22, 2007 Posts: 1775

Guardian is right, it's really down to the developers own coding style. The News module was going through many hands since some years. The results of them are different ways of coding. I have only tried to choose one way. I have seen it many times in the code-lines from Palbin and i like simply his clean style. Smile

Posted: Thu Sep 26, 2013 2:01 pm

hicuxunicorniobestbuildpc wrote:

Thanks for this info Guardian2003, I think it is true to change anything we have to single quotes and backtick

I agree that it is nice when there is consistency with coding style. As part of a development team, we try very hard to be consistent with our code and have our own internal set of coding standards to try and ensure no matter who writes a piece of code, you cannot tell if someone else makes some edits further down the road.

The one thing you do have to be careful of though, especially in a public forum like this is simply posting snippets of code and then another snippet of the same code without explaining fully the differences and why the code has changed. Visitors might accidentally assume the original code has a bug and you are proposing a fix or worse case, because this site uses re-writing, the code might get mangled when it is posted and someone might end up replacing existing working code with something that doesn't work.