/*******************************************\ | * Ce programme est sous licence GNU GPL * | | * This software is under GNU/GPL licence * | | * * * * * * * * * * * * * * * * * * * * * * | | * http://www.gnu.org/copyleft/gpl.html * | \*******************************************/ /* Créé par Laurent Coustet <ed@zehome.com> * http://ed.zehome.com/ * Made by Laurent Coustet <ed@zehome.com> */ #include <stdarg.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <mysql/mysql.h> #include "mysql.h" #include "debug.h" #include "guestbook.h" /* vim: set shiftwidth=2 tabstop=2 */ void GetGB () { MYSQL mysql; MYSQL_ROW row; MYSQL_RES *result; MYSQL_FIELD *field; ST_GB *guestbook; unsigned int num_fields; unsigned int i,j=0; unsigned long *lengths; connect(&mysql); query(&mysql,"SELECT id,auteur,ip,browser,texte,DATE_FORMAT(date,'%W %%e %M %Y') AS formated_date FROM site_guestbook ORDER by date desc",NULL); if ((result = mysql_store_result(&mysql))==NULL) { // ERROR("Impossible d'executer une requete SQL!"); printf("Impossible d'executer une requete SQL!\n"); return; } num_fields = mysql_num_fields(result); // On attribue a guestbook la taille nécessaire. //guestbook = malloc((int)num_fields*sizeof(ST_GB)); guestbook = malloc(sizeof(ST_GB)*1000); field = mysql_fetch_field(result); while((row = mysql_fetch_row(result))) { lengths = mysql_fetch_lengths(result); for(i = 0; i < num_fields && i<999; i++) { if (strcmp(field[i].name,"id")==0) { guestbook[j].id = atoi(row[i]); } if (strcmp(field[i].name,"ip")==0) { guestbook[j].ip = strdup(row[i]); } if (strcmp(field[i].name,"texte")==0) { guestbook[j].texte = strdup(row[i]); } if (strcmp(field[i].name,"auteur")==0) { guestbook[j].auteur = strdup(row[i]); } if (strcmp(field[i].name,"formated_date")==0) { guestbook[j].date = strdup(row[i]); } } j++; } // while print_gb_head(); for(i=0;i< mysql_num_rows(result);i++) { printf("<h1 style=\"text-align: left; font-size: 1em;\">Posté par : %s, %s (%s)</h1>\n<br />\n%s\n", guestbook[i].auteur, guestbook[i].date, guestbook[i].ip, guestbook[i].texte); free(guestbook[i].auteur); free(guestbook[i].date); free(guestbook[i].ip); free(guestbook[i].texte); } free(guestbook); mysql_free_result(result); disconnect(&mysql); return; } void print_gb_head() { printf("<h1>Le livre d'or</h1>\n\n"); printf("<form method=\"post\" /><input type=\"hidden\" name=\"page\" value=\"addgb\" />\n"); printf("Auteur: <input type=\"text\" name=\"auteur\"><br />\n"); printf("Texte: <textarea name=\"texte\" cols=\"50\"></textarea><br />\n"); printf("<input type=\"submit\" value=\"Envoyer\" />\n</form>\n"); } char *sanitize(char *t, int len) { char *new; int pos = 0; len += 64; new = malloc(len); while (*t) { switch (*t) { case '>': if (pos + 4 > len) { len += 64; realloc(new, len); } new[pos++] = '&'; new[pos++] = 'g'; new[pos++] = 't'; new[pos] = ';'; break; case '<': if (pos + 4 > len) { len += 64; realloc(new, len); } new[pos++] = '&'; new[pos++] = 'l'; new[pos++] = 't'; new[pos] = ';'; break; case '\"': if (pos + 2 > len) { len += 64; realloc(new, len); } new[pos++] = '\\'; new[pos] = '\"'; break; default: new[pos] = *t; break; } pos++; t++; } new[pos] = '\0'; return new; } int AddGB(char *texte, char *auteur, char *ip, char *browser) { MYSQL mysql; char *saut, *stexte, *sip, *sbrowser; connect(&mysql); if ((! auteur) || (! ip) || (! texte)) return 1; saut = sanitize(auteur, strlen(auteur)); stexte = sanitize(texte, strlen(texte)); sip = sanitize(ip, strlen(ip)); sbrowser = sanitize(browser, strlen(browser)); query(&mysql,"INSERT INTO site_guestbook (texte,auteur,ip,browser,date) VALUES (\"%s\",\"%s\",\"%s\",\"%s\",NOW())",stexte,saut,sip,sbrowser); disconnect(&mysql); free(saut); free(stexte); free(sip); free(sbrowser); return 0; }