#!/usr/bin/perl # we use DBI, for it's sexy body use DBI; # database connection my $GLOBAL_DBH = undef; ## # Returns the kwote count sub get_kwote_count { # connect my $dbh = get_db_connection(); # execute my $sth = $dbh->prepare("SELECT COUNT(*) as kwote_count FROM kwote"); $sth->execute(); # return my $row = $sth->fetchrow_hashref(); return $row->{"kwote_count"}; } ## # Returns the kwote_backup count sub get_kwote_backup_count { # connect my $dbh = get_db_connection(); # execute my $sth = $dbh->prepare("SELECT COUNT(*) as kwote_count FROM kwote_backup"); $sth->execute(); # return my $row = $sth->fetchrow_hashref(); return $row->{"kwote_count"}; } ## # does some minor database cleanup sub cleanup { # get a db connection my $dbh = get_db_connection(); # backup kwotes to be deleted my $sth = $dbh->prepare( "INSERT INTO kwote_backup SELECT * FROM kwote WHERE ". "(now()-submit_dt)>? AND rating<0" ); $sth->bind_param(1, NEGATIVE_KWOTE_TTL); $sth->execute() or die "Couldn't backup kwotes"; # delete kwotes $sth = $dbh->prepare( "DELETE FROM kwote WHERE (now()-submit_dt)>? AND rating<0" ); $sth->bind_param(1, NEGATIVE_KWOTE_TTL); $sth->execute() or die "Couldn't delete kwotes"; # delete the vote log (this doesn't affect kwote rating) $sth = $dbh->prepare( "DELETE FROM vote WHERE (now()-vote_dt)>?" ); $sth->bind_param(1, VOTE_TTL); $sth->execute() or die "Couldn't delete votes"; # let em know we're good print "Kwote Database cleanup complete\n"; # w00t return 0; } ## # votes on a kwote sub vote { my ($addr, $kid, $amt) = @_; # connect to db my $dbh = get_db_connection(); # prepare statement my $sth = $dbh->prepare( "SELECT COUNT(*) as vote_count FROM vote WHERE ". "ip_address=? AND kwote_id=?" ); $sth->bind_param(1, $addr); $sth->bind_param(2, $kid); # execute $sth->execute(); # get row my $row = $sth->fetchrow_hashref(); # check if they suck return undef if ($row->{"vote_count"}>=MAX_VOTES_PER_IP); # prepare $sth = $dbh->prepare( "UPDATE kwote SET rating=rating+(?) WHERE id=?" ); $sth->bind_param(1, $amt); $sth->bind_param(2, $kid); $sth->execute() or return undef; # record the vote $sth = $dbh->prepare( "INSERT INTO vote (ip_address, kwote_id, vote_dt) ". "VALUES (?, ?, now())" ); $sth->bind_param(1, $addr); $sth->bind_param(2, $kid); $sth->execute() or return undef; # we're good return 1; } ## # adds a kwote to the database sub add_kwote { my ($dbh, $kwote_text, $ip_address) = @_; my ($addr, $kid, $amt) = @_; # make sure the kwote is ok return undef if (!defined($kwote_text) || $kwote_text eq ""); # prepare statement my $sth = $dbh->prepare( "SELECT COUNT(*) as kwote_count FROM kwote WHERE ip_address=? AND (now()-submit_dt)bind_param(1, $ip_address); $sth->bind_param(2, SECS_BETWEEN_KWOTES); # execute $sth->execute() or return undef; # get row my $row = $sth->fetchrow_hashref() or return undef; # check if they suck return undef if ($row->{"kwote_count"}>=MAX_KWOTES_PER_IP); # prepare statement my $sth = $dbh->prepare( "INSERT INTO kwote (submit_dt, content, rating, ip_address) ". "VALUES (now(), ?, ?, ?)" ) or return undef; # bind params $sth->bind_param(1, $kwote_text); # this is the kwote text $sth->bind_param(2, 0); # no rating as of yet $sth->bind_param(3, $ip_address); # the ip address # execute $sth->execute() or return undef; # return the id return $dbh->{insertid}; } ## # adds a kwote to the database sub get_kwote { my ($dbh, $kid) = @_; # prepare statement my $sth = $dbh->prepare( "SELECT * FROM kwote WHERE id=?" ) or return undef; # bind params $sth->bind_param(1, $kid); # execute $sth->execute() or return undef; # get the row my $row = $sth->fetchrow_hashref(); # return the id return (defined($row)) ? $row : undef; } ## # Gets a list of kwotes sub list_kwotes { my ($dbh, $sort_by, $order_direction, $return_amt, $start_index, $search_string) = @_; # clean up the numbers $return_amt =~ s/[^0-9]//ig; $start_index =~ s/[^0-9]//ig; # ensure these numbers are ok if ($start_index eq "" || int($start_index)<=0) { $start_index = 0; } if ($return_amt eq "" || int($return_amt)<=0 || int($return_amt) > 200) { $return_amt = 20; } # break out the keywords my @kws = split(/,/,$search_string); # build SQL query my $sql = "SELECT * FROM kwote "; # search stuff if (defined($search_string)) { $sql .= "WHERE 1=1 "; foreach my $kw (@kws) { $sql.= "AND content LIKE ? "; } } # sorting and paging if (defined($sort_by)) { $sql .= "ORDER BY $sort_by $order_direction "; } # paging $sql .= "LIMIT $start_index, $return_amt "; # prepare my $sth = $dbh->prepare($sql) or return undef; # apply the search criteria if (defined($search_string)) { for ($i=0; $i<@kws; $i++) { $sth->bind_param($i+1, "\%".$kws[$i]."\%"); } } # execute $sth->execute() or return undef; # get the rows my @rows; while (my $row = $sth->fetchrow_hashref()) { push(@rows, $row); } # return it return @rows; } ## # Connect to the database sub get_db_connection { if (!$GLOBAL_DBH) { $GLOBAL_DBH = DBI->connect( "dbi:".DB_TYPE.":".DB_NAME.":".DB_HOST, DB_USER, DB_PASS ); } return $GLOBAL_DBH; } ## # Escape html sub html_escape { my ($data) = @_; $data =~ s//>/g; $data =~ s/\n/
/g; $data =~ s/"/"/g; return $data; } ## # Sends the HTML header sub send_html_header { print STDOUT "Content-type: text/html\n\n"; } ## # Renders an HTML template sub wrap_template { my ($template_file, %vars) = @_; open(IN,"$template_file"); my $data = join("",); close(IN); foreach $key (keys %vars) { $data =~ s/\${$key}/$vars{$key}/ig; } return $data; } ## # Wraps and renders a template sub render_template { my ($template_file, %vars) = @_; my $data = wrap_template($template_file, %vars); print STDOUT $data; } ## # Parse form data sub parse_form { my (@pairs, $pair, $buffer, %FORM); if ($ENV{'REQUEST_METHOD'} eq 'GET') { @pairs = split(/&/, $ENV{'QUERY_STRING'}); } elsif ($ENV{'REQUEST_METHOD'} eq 'POST') { read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); @pairs = split(/&/, $buffer); } foreach $pair (@pairs) { local($name, $value) = split(/=/, $pair); $name =~ tr/+/ /; $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $FORM{$name} = $value; } return %FORM; } 1;