From 2462ebe5e8ac3fd9fc29abbcc6658fa445101af9 Mon Sep 17 00:00:00 2001
From: Robert Anderson <randerson@lbsd.net>
Date: Mon, 20 Apr 2009 14:30:36 +0000
Subject: [PATCH] Added better checks for SQL failing
---
webui/group-add.php | 33 ++++++++++++------
webui/group-attribute-change.php | 2 +-
webui/group-delete.php | 49 ++++++++++++--------------
webui/group-main.php | 1 -
webui/user-attribute-delete.php | 2 +-
webui/user-groups-delete.php | 2 +-
webui/wisp-multiuser-add.php | 2 +-
webui/wisp-user-delete.php | 60 ++++++++++++++------------------
webui/wisp-user-edit.php | 11 +++---
9 files changed, 80 insertions(+), 82 deletions(-)
diff --git a/webui/group-add.php b/webui/group-add.php
index 76ccb967..0f155fa5 100644
--- a/webui/group-add.php
+++ b/webui/group-add.php
@@ -82,28 +82,39 @@ if (isset($_POST['frmaction']) && $_POST['frmaction'] == "add") {
<?php
- $stmt = $db->prepare("INSERT INTO ${DB_TABLE_PREFIX}groups (Name,Priority,Disabled,Comment) VALUES (?,?,?,?)");
+ if (!empty($_POST['group_name'])) {
- $res = $stmt->execute(array(
- $_POST['group_name'],
- $_POST['group_priority'],
- $_POST['group_disabled'],
- $_POST['group_comment'],
- ));
- if ($res) {
+ $stmt = $db->prepare("INSERT INTO ${DB_TABLE_PREFIX}groups (Name,Priority,Disabled,Comment) VALUES (?,?,?,?)");
+
+ $res = $stmt->execute(array(
+ $_POST['group_name'],
+ $_POST['group_priority'],
+ $_POST['group_disabled'],
+ $_POST['group_comment'],
+ ));
+ if ($res) {
+
+?>
+
+ <div class="notice">Group created</div>
+
+<?php
+
+ } else {
?>
- <div class="notice">Group created</div>
+ <div class="warning">Failed to create group</div>
+ <div class="warning"><?php print_r($stmt->errorInfo()) ?></div>
<?php
+ }
} else {
?>
- <div class="warning">Failed to create group</div>
- <div class="warning"><?php print_r($stmt->errorInfo()) ?></div>
+ <div class="warning">Group name cannot be empty!</div>
<?php
diff --git a/webui/group-attribute-change.php b/webui/group-attribute-change.php
index 6008271e..c39750e9 100644
--- a/webui/group-attribute-change.php
+++ b/webui/group-attribute-change.php
@@ -158,7 +158,7 @@ if (isset($_POST['frmaction']) && $_POST['frmaction'] == "change") {
$updateStr = implode(', ',$updates);
$res = $db->exec("UPDATE ${DB_TABLE_PREFIX}group_attributes SET $updateStr WHERE ID = ".$db->quote($_POST['attr_id']));
- if ($res) {
+ if ($res !== FALSE) {
?>
diff --git a/webui/group-delete.php b/webui/group-delete.php
index 5f9b3927..5960f310 100644
--- a/webui/group-delete.php
+++ b/webui/group-delete.php
@@ -79,57 +79,52 @@ if (isset($_POST['frmaction']) && $_POST['frmaction'] == "delete") {
$db->beginTransaction();
- $resultRemoveMembers = $db->exec("DELETE FROM ${DB_TABLE_PREFIX}users_to_groups WHERE GroupID = ".$db->quote($_POST['group_id']));
- $resultRemoveAttributes = $db->exec("DELETE FROM ${DB_TABLE_PREFIX}group_attributes WHERE GroupID = ".$db->quote($_POST['group_id']));
- $resultRemoveGroup = $db->exec("DELETE FROM ${DB_TABLE_PREFIX}groups WHERE ID = ".$db->quote($_POST['group_id']));
-
- if ($resultRemoveMembers && $resultRemoveAttributes && $resultRemoveGroup) {
-
+ $res = $db->exec("DELETE FROM ${DB_TABLE_PREFIX}users_to_groups WHERE GroupID = ".$db->quote($_POST['group_id']));
+ if ($res !== FALSE) {
+ $res = $db->exec("DELETE FROM ${DB_TABLE_PREFIX}group_attributes WHERE GroupID = ".$db->quote($_POST['group_id']));
+ if ($res !== FALSE) {
+ $res = $db->exec("DELETE FROM ${DB_TABLE_PREFIX}groups WHERE ID = ".$db->quote($_POST['group_id']));
+ if ($res !== FALSE) {
?>
-
- <div class="notice">Group deleted</div>
-
+ <div class="notice">Group deleted</div>
<?php
-
- $db->commit();
+ $db->commit();
+ } else {
+?>
+ <div class="warning">Error deleting group</div>
+ <div class="warning"><?php print_r($db->errorInfo()) ?></div>
+<?php
+ $db->rollback();
+ }
+ } else {
+?>
+ <div class="warning">Error deleting group</div>
+ <div class="warning"><?php print_r($db->errorInfo()) ?></div>
+<?php
+ $db->rollback();
+ }
} else {
-
?>
-
<div class="warning">Error deleting group</div>
<div class="warning"><?php print_r($db->errorInfo()) ?></div>
-
<?php
-
$db->rollback();
}
} else {
-
?>
-
<div class="notice">Group not deleted, aborted by user</div>
-
<?php
-
}
# Warn
} else {
-
?>
-
<div class="warning">Invocation error, no group ID</div>
-
<?php
-
}
} else {
-
?>
-
<div class="warning">Invalid invocation</div>
-
<?php
-
}
printFooter();
diff --git a/webui/group-main.php b/webui/group-main.php
index b54db367..f5663832 100644
--- a/webui/group-main.php
+++ b/webui/group-main.php
@@ -83,7 +83,6 @@ printHeader(array(
$sql = "SELECT ID, Name, Priority, Disabled, Comment FROM ${DB_TABLE_PREFIX}groups ORDER BY ID";
$res = $db->query($sql);
- $rownums = 0;
while ($row = $res->fetchObject()) {
?>
diff --git a/webui/user-attribute-delete.php b/webui/user-attribute-delete.php
index de48aa9b..fc74bbaa 100644
--- a/webui/user-attribute-delete.php
+++ b/webui/user-attribute-delete.php
@@ -80,7 +80,7 @@ if (isset($_POST['frmaction']) && $_POST['frmaction'] == "delete") {
if (isset($_POST['attr_id'])) {
if (isset($_POST['confirm']) && $_POST['confirm'] == "yes") {
$res = $db->exec("DELETE FROM ${DB_TABLE_PREFIX}user_attributes WHERE ID = ".$db->quote($_POST['attr_id']));
- if ($res) {
+ if ($res !== FALSE) {
?>
diff --git a/webui/user-groups-delete.php b/webui/user-groups-delete.php
index e0e99abb..55244ece 100644
--- a/webui/user-groups-delete.php
+++ b/webui/user-groups-delete.php
@@ -88,7 +88,7 @@ if (isset($_POST['frmaction']) && $_POST['frmaction'] == "delete") {
GroupID = ".$db->quote($_POST['group_id'])
);
- if ($res) {
+ if ($res !== FALSE) {
?>
diff --git a/webui/wisp-multiuser-add.php b/webui/wisp-multiuser-add.php
index 08526f3a..2158bb1a 100644
--- a/webui/wisp-multiuser-add.php
+++ b/webui/wisp-multiuser-add.php
@@ -86,7 +86,7 @@ if (isset($_POST['frmaction']) && $_POST['frmaction'] == "insert") {
<?php
#FIXME
# Perform checks on input
- if (isset($_POST['num_users']) && isset($_POST['session_timeout']) && isset($_POST['data_limit']) && isset($_POST['time_limit'])) {
+ if (!empty($_POST['num_users']) && !empty($_POST['session_timeout']) && !empty($_POST['data_limit']) && !empty($_POST['time_limit'])) {
$db->beginTransaction();
$numberOfUsers = (int)$_POST['num_users'];
diff --git a/webui/wisp-user-delete.php b/webui/wisp-user-delete.php
index 2c23734a..2018cad4 100644
--- a/webui/wisp-user-delete.php
+++ b/webui/wisp-user-delete.php
@@ -65,72 +65,64 @@ if (isset($_POST['frmaction']) && $_POST['frmaction'] == "delete") {
<div class="warning">No user selected</div>
<?php
-
}
# SQL Updates
} elseif (isset($_POST['frmaction']) && $_POST['frmaction'] == "delete2") {
-
?>
-
<p class="pageheader">User Remove Results</p>
-
<?php
-
if (isset($_POST['user_id'])) {
if (isset($_POST['confirm']) && $_POST['confirm'] == "yes") {
$db->beginTransaction();
# Delete user data
- $userDataDeleteResult = $db->exec("DELETE FROM userdata WHERE UserID = ".$db->quote($_POST['user_id']));
- # Delete user attributes
- $attrDeleteResult = $db->exec("DELETE FROM user_attributes WHERE UserID = ".$db->quote($_POST['user_id']));
- # Delete from users
- $userDeleteResult = $db->exec("DELETE FROM users WHERE ID = ".$db->quote($_POST['user_id']));
-
- if ($userDataDeleteResult && $attrDeleteResult && $userDeleteResult) {
+ $res = $db->exec("DELETE FROM userdata WHERE UserID = ".$db->quote($_POST['user_id']));
+ if ($res !== FALSE) {
+ # Delete user attributes
+ $res = $db->exec("DELETE FROM user_attributes WHERE UserID = ".$db->quote($_POST['user_id']));
+ if ($res !== FALSE) {
+ # Delete from users
+ $res = $db->exec("DELETE FROM users WHERE ID = ".$db->quote($_POST['user_id']));
+ if ($res !== FALSE) {
?>
-
- <div class="notice">User with ID: <?php print_r($_POST['user_id']);?> deleted</div>
-
+ <div class="notice">User with ID: <?php print_r($_POST['user_id']); ?> deleted!</div>
<?php
-
- $db->commit();
+ $db->commit();
+ } else {
+?>
+ <div class="warning">Failed to delete user!</div>
+ <div class="warning"><?php print_r($db->errorInfo()); ?></div>
+<?php
+ $db->rollback();
+ }
+ } else {
+?>
+ <div class="warning">Failed to delete user!</div>
+ <div class="warning"><?php print_r($db->errorInfo()); ?></div>
+<?php
+ $db->rollback();
+ }
} else {
-
?>
-
- <div class="warning">Error deleting user</div>
- <div class="warning"><?php print_r($db->errorInfo()) ?></div>
-
+ <div class="warning">Failed to delete user!</div>
+ <div class="warning"><?php print_r($db->errorInfo()); ?></div>
<?php
-
$db->rollback();
}
} else {
-
?>
-
<div class="warning">Delete user aborted</div>
-
<?php
-
}
} else {
-
?>
-
<div class="warning">No user selected</div>
-
<?php
-
}
} else {
?>
-
<div class="warning">Invocation error</div>
-
<?php
-
}
printFooter();
diff --git a/webui/wisp-user-edit.php b/webui/wisp-user-edit.php
index 1f641acb..5b36d8a3 100644
--- a/webui/wisp-user-edit.php
+++ b/webui/wisp-user-edit.php
@@ -205,6 +205,12 @@ if (isset($_POST['frmaction']) && $_POST['frmaction'] == "edit") {
<?php
+ $userDataResult->closeCursor();
+ $framedIPResult->closeCursor();
+ $dataLimitResult->closeCursor();
+ $timeLimitResult->closeCursor();
+ $callingStationResult->closeCursor();
+
} else {
?>
@@ -215,11 +221,6 @@ if (isset($_POST['frmaction']) && $_POST['frmaction'] == "edit") {
}
- $userDataResult->closeCursor();
- $framedIPResult->closeCursor();
- $dataLimitResult->closeCursor();
- $timeLimitResult->closeCursor();
- $callingStationResult->closeCursor();
# SQL Updates
} elseif (isset($_POST['frmaction']) && $_POST['frmaction'] == "edit2") {
--
GitLab