Pull out DB code from trusted user page

* Move DB code in tu.php and tu.php and tu_list.php to new functions in
accfuncs.inc.php
* Centralization of DB code important in a future transition to PDO interface

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

web/html/tu.php

@@ -23,43 +23,15 @@ if ($atype == "Trusted User" || $atype == "Developer") {
 
 	if (isset($_GET['id'])) {
 		if (is_numeric($_GET['id'])) {
-
+			$row = vote_details($_GET['id']);
-			$q = "SELECT * FROM TU_VoteInfo ";
-			$q.= "WHERE ID = " . $_GET['id'];
-
-			$dbh = db_connect();
-			$results = db_query($q, $dbh);
-			$row = mysql_fetch_assoc($results);
 
 			if (empty($row)) {
 				print __("Could not retrieve proposal details.");
 			} else {
 				$isrunning = $row['End'] > time() ? 1 : 0;
 
-				$qvoted = "SELECT * FROM TU_Votes WHERE ";
-				$qvoted.= "VoteID = " . $row['ID'] . " AND ";
-				$qvoted.= "UserID = " . uid_from_sid($_COOKIE["AURSID"]);
-				$result = db_query($qvoted, $dbh);
-				if ($result) {
-					$hasvoted = mysql_num_rows($result);
-				}
-				else {
-					$hasvoted = 0;
-				}
-
 				# List voters of a proposal.
-				$qwhoVoted = "SELECT tv.UserID,U.Username
+				$whovoted = voter_list($row['ID']);
-					FROM TU_Votes tv, Users U
-					WHERE tv.VoteID = {$row['ID']}
-					AND tv.UserID = U.ID
-					ORDER BY Username";
-				$result = db_query($qwhoVoted,$dbh);
-				if (mysql_num_rows($result) > 0) {
-					$whovoted = '';
-					while ($who = mysql_fetch_assoc($result)) {
-						$whovoted.= '<a href="account.php?Action=AccountInfo&amp;ID='.$who['UserID'].'">'.$who['Username'].'</a> ';
-					}
-				}
 
 				$canvote = 1;
 				$errorvote = "";
@@ -69,8 +41,9 @@ if ($atype == "Trusted User" || $atype == "Developer") {
 				} else if ($row['User'] == username_from_sid($_COOKIE["AURSID"])) {
 					$canvote = 0;
 					$errorvote = __("You cannot vote in an proposal about you.");
-				} else if ($hasvoted != 0) {
+				} else if (tu_voted($row['ID'], uid_from_sid($_COOKIE["AURSID"]))) {
 					$canvote = 0;
+					$hasvoted = 1;
 					$errorvote = __("You've already voted for this proposal.");
 				}
 
@@ -84,25 +57,18 @@ if ($atype == "Trusted User" || $atype == "Developer") {
 							$myvote = "Abstain";
 						}
 
-						$qvote = "UPDATE TU_VoteInfo SET " . $myvote . " = " . ($row[$myvote] + 1) . " WHERE ID = " . $row['ID'];
+						cast_proposal_vote($row['ID'], uid_from_sid($_COOKIE["AURSID"]), $myvote, $row[$myvote] + 1);
-						db_query($qvote, $dbh);
-						$qvote = "INSERT INTO TU_Votes (VoteID, UserID) VALUES (" . $row['ID'] . ", " . uid_from_sid($_COOKIE["AURSID"]) . ")";
-						db_query($qvote, $dbh);
 
 						# Can't vote anymore
 						#
 						$canvote = 0;
 						$errorvote = __("You've already voted for this proposal.");
-						# Update if they voted
-						$result = db_query($qvoted, $dbh);
-						if ($result) {
-							$hasvoted = mysql_num_rows($result);
-						}
 
-						$results = db_query($q, $dbh);
+						# Update if they voted
-						if ($results) {
+						if (tu_voted($row['ID'], uid_from_sid($_COOKIE["AURSID"]))) {
-							$row = mysql_fetch_assoc($results);
+							$hasvoted = 1;
 						}
+						$row = vote_details($_GET['id']);
 					}
 				}
 				include("tu_details.php");
@@ -112,8 +78,6 @@ if ($atype == "Trusted User" || $atype == "Developer") {
 		}
 
 	} else {
-		$dbh = db_connect();
-
 		$limit = $pp;
 		if (isset($_GET['off']))
 			$offset = $_GET['off'];
@@ -137,33 +101,29 @@ if ($atype == "Trusted User" || $atype == "Developer") {
 		$lim = ($limit > 0) ? " LIMIT $limit OFFSET $off" : "";
 		$by_next = ($by == 'desc') ? 'asc' : 'desc';
 
-		$q = "SELECT * FROM TU_VoteInfo WHERE End > " . time() . " ORDER BY Submitted " . $order;
+		$result = current_proposal_list($order);
-		$result = db_query($q, $dbh);
-
 		$type = __("Current Votes");
 		include("tu_list.php");
 ?>
 
 <?php
-		$q = "SELECT * FROM TU_VoteInfo WHERE End < " . time() . " ORDER BY Submitted " . $order . $lim;
+		$result = past_proposal_list($order, $lim);
-		$result = db_query($q, $dbh);
 
 		$type = __("Past Votes");
 		include("tu_list.php");
 
-		$qnext = "SELECT ID FROM TU_VoteInfo";
+		$nextresult = proposal_count();
-		$nextresult = db_query($qnext, $dbh);
 ?>
 <div class="box">
 	<p><a href="addvote.php"><?php print __("Add Proposal") ?></a></p>
 
-	<?php if (mysql_num_rows($result)):
+	<?php if ($result):
 		$by = htmlentities($by, ENT_QUOTES); ?>
 		<?php if ($off != 0):
 			$back = (($off - $limit) <= 0) ? 0 : $off - $limit; ?>
 			<a href='tu.php?off=<?php print $back ?>&amp;by=<?php print $by ?>'><?php print __("Back") ?></a>
 		<?php endif; ?>
-		<?php if (($off + $limit) < mysql_num_rows($nextresult)):
+		<?php if (($off + $limit) < $nextresult):
 			$forw = $off + $limit; ?>
 		<a href="tu.php?off=<?php print $forw ?>&amp;by=<?php print $by ?>"><?php print __("Next") ?></a>
 		<?php endif; ?>

web/lib/acctfuncs.inc.php

@@ -779,3 +779,107 @@ function own_account_details($sid, $dbh=NULL) {
 
 	return $row;
 }
+
+function tu_voted($voteid, $uid, $dbh=NULL) {
+	if (!$dbh) {
+		$dbh = db_connect();
+	}
+
+	$q = "SELECT * FROM TU_Votes WHERE VoteID = " . intval($voteid) . " AND UserID = " . intval($uid);
+	$result = db_query($q, $dbh);
+	if (mysql_num_rows($result)) {
+		return true;
+	}
+	else {
+		return false;
+	}
+}
+
+function current_proposal_list($order, $dbh=NULL) {
+	if (!$dbh) {
+		$dbh = db_connect();
+	}
+
+	$q = "SELECT * FROM TU_VoteInfo WHERE End > " . time() . " ORDER BY Submitted " . $order;
+	$result = db_query($q, $dbh);
+
+	while ($row = mysql_fetch_assoc($result)) {
+		$details[] = $row;
+	}
+
+	return $details;
+}
+
+function past_proposal_list($order, $lim, $dbh=NULL) {
+	if (!$dbh) {
+		$dbh = db_connect();
+	}
+
+	$q = "SELECT * FROM TU_VoteInfo WHERE End < " . time() . " ORDER BY Submitted " . $order . $lim;
+	$result = db_query($q, $dbh);
+
+	while ($row = mysql_fetch_assoc($result)) {
+		$details[] = $row;
+	}
+
+	return $details;
+}
+
+function proposal_count($dbh=NULL) {
+	if (!$dbh) {
+		$dbh = db_connect();
+	}
+
+	$q = "SELECT COUNT(*) FROM TU_VoteInfo";
+	$result = db_query($q, $dbh);
+	$row = mysql_fetch_row($result);
+
+	return $row[0];
+}
+
+function vote_details($voteid, $dbh=NULL) {
+	if (!$dbh) {
+		$dbh = db_connect();
+	}
+
+	$q = "SELECT * FROM TU_VoteInfo ";
+	$q.= "WHERE ID = " . intval($voteid);
+
+	$result = db_query($q, $dbh);
+	$row = mysql_fetch_assoc($result);
+
+	return $row;
+}
+
+function voter_list($voteid, $dbh=NULL) {
+	if (!$dbh) {
+		$dbh = db_connect();
+	}
+
+	$q = "SELECT tv.UserID,U.Username ";
+	$q.= "FROM TU_Votes tv, Users U ";
+	$q.= "WHERE tv.VoteID = " . intval($voteid);
+	$q.= " AND tv.UserID = U.ID ";
+	$q.= "ORDER BY Username";
+
+	$result = db_query($q, $dbh);
+	if ($result) {
+		while ($row = mysql_fetch_assoc($result)) {
+			$whovoted.= '<a href="account.php?Action=AccountInfo&amp;ID='.$row['UserID'].'">'.$row['Username'].'</a> ';
+		}
+	}
+	return $whovoted;
+}
+
+function cast_proposal_vote($voteid, $uid, $vote, $newtotal, $dbh=NULL) {
+	if (!$dbh) {
+		$dbh = db_connect();
+	}
+
+	$q = "UPDATE TU_VoteInfo SET " . $vote . " = " . ($newtotal) . " WHERE ID = " . $voteid;
+	db_query($q, $dbh);
+
+	$q = "INSERT INTO TU_Votes (VoteID, UserID) VALUES (" . $voteid . ", " . $uid . ")";
+	db_query($q, $dbh);
+
+}

web/template/tu_list.php

@@ -14,9 +14,15 @@
 		</thead>
 
 		<tbody>
-			<?php if (mysql_num_rows($result) == 0): ?>
+			<?php if (empty($result)): ?>
 			<tr><td align="center" colspan="0"><?php print __("No results found.") ?></td></tr>
-			<?php else: for ($i = 0; $row = mysql_fetch_assoc($result); $i++): (($i % 2) == 0) ? $c = 'odd' : $c = 'even'; ?>
+			<?php else: while (list($indx, $row) = each($result)):
+				if ($indx % 2):
+					$c = "even";
+				else:
+					$c = "odd";
+				endif;
+			?>
 			<tr class="<?php print $c ?>">
 				<td><?php $row["Agenda"] = htmlspecialchars(substr($row["Agenda"], 0, $prev_Len)); ?>
 					<a href="tu.php?id=<?php print $row['ID'] ?>"><?php print $row["Agenda"] ?></a></span></span>
@@ -34,23 +40,15 @@
 				<td><?php print $row['Yes'] ?></td>
 				<td><?php print $row['No'] ?></td>
 				<td>
-					<?php
+					<?php if (tu_voted($row['ID'], uid_from_sid($_COOKIE["AURSID"]))): ?>
-					$q = "SELECT * FROM TU_Votes WHERE VoteID = " . $row['ID'] . " AND UserID = " . uid_from_sid($_COOKIE["AURSID"]);
-					$result_tulist = db_query($q, $dbh);
-					if ($result_tulist):
-						$hasvoted = mysql_num_rows($result_tulist);
-					else:
-						$hasvoted = 0;
-					endif;
-						if ($hasvoted == 0): ?>
-					<span style="color: red; font-weight: bold"><?php print __("No") ?></span>
-					<?php else: ?>
 					<span style="color: green; font-weight: bold"><?php print __("Yes") ?></span>
+					<?php else: ?>
+					<span style="color: red; font-weight: bold"><?php print __("No") ?></span>
 					<?php endif; ?>
 				</td>
 			</tr>
 			<?php
-			endfor;
+			endwhile;
 			endif;
 			?>
 		</tbody>