eliminating possible xss
eliminating possible xss

<?php <?php
   
/** /**
* Any five card poker hand display interface * Any five card poker hand display interface
* *
* @author Razvan Stanga <git@razvi.ro> * @author Razvan Stanga <git@razvi.ro>
*/ */
   
class Display { class Display {
private $smarty; private $smarty;
private $dbConnection; private $dbConnection;
   
function __construct () { function __construct () {
$this->dbConnection = new dbConnection; $this->dbConnection = new dbConnection;
   
require (appRoot."include/lib/Smarty.class.php"); require (appRoot."include/lib/Smarty.class.php");
$this->smarty = new Smarty; $this->smarty = new Smarty;
$this->smarty->compile_check = true; $this->smarty->compile_check = true;
$this->smarty->debugging = false; $this->smarty->debugging = false;
$this->smarty->template_dir = appRoot."style/tpl"; $this->smarty->template_dir = appRoot."style/tpl";
$this->smarty->compile_dir = appRoot."style/tpl_c"; $this->smarty->compile_dir = appRoot."style/tpl_c";
} }
   
/** /**
* Collects all data needes to generate the page and shows the page * Collects all data needes to generate the page and shows the page
* *
* @param int $page current page * @param int $page current page
* @param int $hand current hand filter like for of a kind * @param int $hand current hand filter like for of a kind
* @param string $card current card filter like 2 hearts * @param string $card current card filter like 2 hearts
* @param bool $ajax returnes ony the content with ajax * @param bool $ajax returnes ony the content with ajax
* @return void * @return void
*/ */
   
public function page ($page, $hand="", $card="", $ajax=false) { public function page ($page, $hand="", $card="", $ajax=false) {
   
$sqlFilter = "WHERE 1=1"; $sqlFilter = "WHERE 1=1";
$params = ""; $params = "";
if ($hand != "") { if ($hand != "") {
$sqlFilter .= " AND `hand`='".$hand."'"; $sqlFilter .= " AND `hand`='".$hand."'";
$params .= "&hand=".$hand; $params .= "&hand=".$hand;
} }
if ($card != "") { if ($card != "") {
$sqlFilter .= " AND FIND_IN_SET('".$card."', `combo`)"; $sqlFilter .= " AND FIND_IN_SET('".$card."', `combo`)";
$params .= "&card=".urlencode ($card); $params .= "&card=".urlencode ($card);
} }
   
$q = $this->dbConnection->dbQuery ("SELECT COUNT(*) as count FROM `cards` ".$sqlFilter); $q = $this->dbConnection->dbQuery ("SELECT COUNT(*) as count FROM `cards` ".$sqlFilter);
$total = $this->dbConnection->dbFetchArray ($q); $total = $this->dbConnection->dbFetchArray ($q);
   
$paginationData = $this->paginationData ($page, $total['count'], 100); $paginationData = $this->paginationData ($page, $total['count'], 100);
$pagination = $this->pagination ($paginationData['total'], "index.php?", $paginationData['page'], $paginationData['offset'], 'page', $params); $pagination = $this->pagination ($paginationData['total'], "index.php?", $paginationData['page'], $paginationData['offset'], 'page', $params);
$this->smarty->assign ("pagination", $pagination); $this->smarty->assign ("pagination", $pagination);
   
$databaseQuery = "SELECT * FROM `cards` ".$sqlFilter." LIMIT ".$paginationData['min'].", ".$paginationData['offset']; $databaseQuery = "SELECT * FROM `cards` ".$sqlFilter." LIMIT ".$paginationData['min'].", ".$paginationData['offset'];
   
$startTime = microtime (true); $startTime = microtime (true);
$q = $this->dbConnection->dbQuery ($databaseQuery); $q = $this->dbConnection->dbQuery ($databaseQuery);
$endTime = microtime (true); $endTime = microtime (true);
$this->smarty->assign ("queryTime", ($endTime-$startTime)); $this->smarty->assign ("queryTime", ($endTime-$startTime));
   
$rows = array (); $rows = array ();
while ( $row = $this->dbConnection->dbFetchArray ($q) ) { while ( $row = $this->dbConnection->dbFetchArray ($q) ) {
$rows[ $row['id'] ] = $row; $rows[ $row['id'] ] = $row;
} }
$this->smarty->assign ("rows", $rows); $this->smarty->assign ("rows", $rows);
$this->smarty->assign ("hands", Anyfivecardpokerhand::$hands ); $this->smarty->assign ("hands", Anyfivecardpokerhand::$hands );
$this->smarty->assign ("cards", Anyfivecardpokerhand::$cards ); $this->smarty->assign ("cards", Anyfivecardpokerhand::$cards );
$this->smarty->assign ("types", Anyfivecardpokerhand::$types ); $this->smarty->assign ("types", Anyfivecardpokerhand::$types );
$this->smarty->assign ("databaseQuery", $databaseQuery); $this->smarty->assign ("databaseQuery", $databaseQuery);
  $this->smarty->assign ("currentCard", $card);
  $this->smarty->assign ("currentHand", $hand);
   
if ( $ajax == true ) { if ( $ajax == true ) {
$this->smarty->display ("table.tpl"); $this->smarty->display ("table.tpl");
} else { } else {
$this->buildStats (); $this->buildStats ();
$this->smarty->display ("index.tpl"); $this->smarty->display ("index.tpl");
} }
} }
   
/** /**
* Stats builder. Fetches info from database like how many full hose combinations are there * Stats builder. Fetches info from database like how many full hose combinations are there
* *
* @return void * @return void
*/ */
   
private function buildStats () { private function buildStats () {
$stats = array (); $stats = array ();
$q = $this->dbConnection->dbQuery ("SELECT COUNT(*) as count, hand FROM `cards` GROUP BY `hand`"); $q = $this->dbConnection->dbQuery ("SELECT COUNT(*) as count, hand FROM `cards` GROUP BY `hand`");
while ( $row = $this->dbConnection->dbFetchArray ($q) ) { while ( $row = $this->dbConnection->dbFetchArray ($q) ) {
$stats[ $row['hand'] ] = $row['count']; $stats[ $row['hand'] ] = $row['count'];
$stats['all'] += $row['count']; $stats['all'] += $row['count'];
} }
$this->smarty->assign ("stats", $stats); $this->smarty->assign ("stats", $stats);
} }
   
/** /**
* Pagination. Returnes an array with the linkes for pagination to be used in template * Pagination. Returnes an array with the linkes for pagination to be used in template
* *
* @param int $totalitems total items * @param int $totalitems total items
* @param string $link pagination link * @param string $link pagination link
* @param int $page current page * @param int $page current page
* @param int $offset how many items per page * @param int $offset how many items per page
* @param string $pagename GET url param for page * @param string $pagename GET url param for page
* @param string $params extra params to add to the pagination link * @param string $params extra params to add to the pagination link
* @return array * @return array
*/ */
   
private function pagination ($totalitems, $link, $page, $offset, $pagename='page', $params=null) { private function pagination ($totalitems, $link, $page, $offset, $pagename='page', $params=null) {
$pagination = array (); $pagination = array ();
$pages = 6; $pages = 6;
$nrpages = ceil ($totalitems/$offset); $nrpages = ceil ($totalitems/$offset);
$pagination['totalpages'] = $nrpages; $pagination['totalpages'] = $nrpages;
$pagination['totalitems'] = $totalitems; $pagination['totalitems'] = $totalitems;
$pagination['pages'] = array (); $pagination['pages'] = array ();
$pagination['page'] = $page; $pagination['page'] = $page;
   
for ($i=1 ; $i<=$nrpages ; $i++) { for ($i=1 ; $i<=$nrpages ; $i++) {
   
if ( $i <= $page - $pages or $i >= $page + $pages ) { if ( $i <= $page - $pages or $i >= $page + $pages ) {
if ($i==1) { if ($i==1) {
$pagination['firstpage'] = $link."&".$pagename."=".$i.$params; $pagination['firstpage'] = $link."&".$pagename."=".$i.$params;
$pagination['firstpagenr'] = $i; $pagination['firstpagenr'] = $i;
} }
if ( $i == $nrpages ) { if ( $i == $nrpages ) {
$pagination['lastpage'] = $link."&".$pagename."=".$i.$params; $pagination['lastpage'] = $link."&".$pagename."=".$i.$params;
$pagination['lastpagenr'] = $i; $pagination['lastpagenr'] = $i;
} }
} }
   
if ($page > 1) { if ($page > 1) {
$prevpage = $page - 1; $prevpage = $page - 1;
if ( $prevpage == 1 ) { if ( $prevpage == 1 ) {
$pagination['prevpage'] = $link.$params; $pagination['prevpage'] = $link.$params;
} else { } else {
$pagination['prevpage'] = $link."&".$pagename."=".$prevpage.$params; $pagination['prevpage'] = $link."&".$pagename."=".$prevpage.$params;
} }
$pagination['prevpagenr'] = $prevpage; $pagination['prevpagenr'] = $prevpage;
} }
   
if ($i <= $page + $pages && $i >= $page - $pages) { if ($i <= $page + $pages && $i >= $page - $pages) {
if ( $page == $i ) { if ( $page == $i ) {
$pagination['pages'][$i] = $link."&".$pagename."=".$i.$params; $pagination['pages'][$i] = $link."&".$pagename."=".$i.$params;
} else { } else {
if ( $i == 1 ) { if ( $i == 1 ) {
$pagination['pages'][$i] = $link.$params; $pagination['pages'][$i] = $link.$params;
} else { } else {
$pagination['pages'][$i] = $link."&".$pagename."=".$i.$params; $pagination['pages'][$i] = $link."&".$pagename."=".$i.$params;
} }
} }
} }
   
if ($page < $nrpages) { if ($page < $nrpages) {
$nextpage = $page + 1; $nextpage = $page + 1;
$pagination['nextpage'] = $link."&".$pagename."=".$nextpage.$params; $pagination['nextpage'] = $link."&".$pagename."=".$nextpage.$params;
$pagination['nextpagenr'] = $nextpage; $pagination['nextpagenr'] = $nextpage;
} }
} }
return $pagination; return $pagination;
} }
   
/** /**
* Pagination data calculator. Returnes data to be used in sql query and in pagination * Pagination data calculator. Returnes data to be used in sql query and in pagination
* *
* @param int $page current page * @param int $page current page
* @param int $total total items * @param int $total total items
* @param int $offset how many items per page * @param int $offset how many items per page
* @return array * @return array
*/ */
   
private function paginationData ($page, $total, $offset=10) { private function paginationData ($page, $total, $offset=10) {
$offset = $offset ? $offset : 1; $offset = $offset ? $offset : 1;
$ret = array (); $ret = array ();
$ret['total'] = $total; $ret['total'] = $total;
$ret['offset'] = $offset ? $offset : 1; $ret['offset'] = $offset ? $offset : 1;
$ret['page'] = $page; $ret['page'] = $page;
$ret['page'] = (int) $ret['page'] ? $ret['page'] : 1; $ret['page'] = (int) $ret['page'] ? $ret['page'] : 1;
$ret['page'] = abs ( (int) $ret['page'] ); $ret['page'] = abs ( (int) $ret['page'] );
$ret['min'] = ($ret['page'] - 1) * $offset; $ret['min'] = ($ret['page'] - 1) * $offset;
$pages = ceil ($total / $offset); $pages = ceil ($total / $offset);
if ( $ret['page'] > $pages ) { if ( $ret['page'] > $pages ) {
$ret['page'] = 1; $ret['page'] = 1;
$ret['min'] = 0; $ret['min'] = 0;
} }
return $ret; return $ret;
} }
} }
   
?> ?>
<!DOCTYPE html <!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head> <head>
<title>Anyfivecardpokerhand - demo</title> <title>Anyfivecardpokerhand - demo</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type="text/javascript" src="https://www.google.com/jsapi"></script> <script type="text/javascript" src="https://www.google.com/jsapi"></script>
<script type="text/javascript"> <script type="text/javascript">
google.load("jquery", "1.7.1"); google.load("jquery", "1.7.1");
google.load("jqueryui", "1.8.16"); google.load("jqueryui", "1.8.16");
</script> </script>
   
<link type="text/css" href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.17/themes/black-tie/jquery-ui.css" rel="stylesheet" media="all" /> <link type="text/css" href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.17/themes/black-tie/jquery-ui.css" rel="stylesheet" media="all" />
<link type="text/css" href="style/css/colors-classic.css" rel="stylesheet" /> <link type="text/css" href="style/css/colors-classic.css" rel="stylesheet" />
<link type="text/css" href="style/css/colors-fresh.css" rel="stylesheet" /> <link type="text/css" href="style/css/colors-fresh.css" rel="stylesheet" />
<link type="text/css" href="style/css/global.css" rel="stylesheet" /> <link type="text/css" href="style/css/global.css" rel="stylesheet" />
</head> </head>
<body class="wp-admin"> <body class="wp-admin">
<div id="wrapper"> <div id="wrapper">
   
<table class="widefat post fixed"> <table class="widefat post fixed">
<tr> <tr>
<th class="manage-column">Filters</th> <th class="manage-column">Filters</th>
</tr> </tr>
<tr> <tr>
<td> <td>
<form id="filterform" method="get" action=""> <form id="filterform" method="get" action="">
<select name="hand" id="hand"> <select name="hand" id="hand">
<option value="">all - {$stats.all}</option> <option value="">all - {$stats.all}</option>
{foreach key=k item=v from=$hands} {foreach key=k item=v from=$hands}
<option value="{$k}"{if $smarty.get.hand && $smarty.get.hand == $k} selected="selected"{/if}>{$v} - {$stats.$k}</option> <option value="{$k}"{if $currentHand && $currentHand == $k} selected="selected"{/if}>{$v} - {$stats.$k}</option>
{/foreach} {/foreach}
</select> </select>
<select name="card" id="card"> <select name="card" id="card">
<option value="">all</option> <option value="">all</option>
{foreach key=k item=card from=$cards} {foreach key=k item=card from=$cards}
{foreach key=k2 item=type from=$types} {foreach key=k2 item=type from=$types}
<option value="{$card} {$type}"{if $smarty.get.card && $smarty.get.card == "$card $type"} selected="selected"{/if}>{$card} {$type}</option> <option value="{$card} {$type}"{if $currentCard && $currentCard == "$card $type"} selected="selected"{/if}>{$card} {$type}</option>
{/foreach} {/foreach}
{/foreach} {/foreach}
</select> </select>
<input type="submit" name="sub" value="Filter" /> <input type="submit" name="sub" value="Filter" />
</form> </form>
</td> </td>
</tr> </tr>
</table> </table>
   
<div id="content"> <div id="content">
{include file="table.tpl"} {include file="table.tpl"}
</div> </div>
   
</div> </div>
   
{literal} {literal}
<script type="text/javascript"> <script type="text/javascript">
/* /*
$("#hand").change (function (){ $("#hand").change (function (){
$("#content").load ("index.php?hand="+encodeURIComponent($(this).val())+"&ajax=true"); $("#content").load ("index.php?hand="+encodeURIComponent($(this).val())+"&ajax=true");
}); });
*/ */
$("#filterform").submit (function (){ $("#filterform").submit (function (){
$("#content").load ("index.php?hand="+encodeURIComponent($("#hand").val())+"&card="+encodeURIComponent($("#card").val())+"&ajax=true"); $("#content").load ("index.php?hand="+encodeURIComponent($("#hand").val())+"&card="+encodeURIComponent($("#card").val())+"&ajax=true");
return false; return false;
}); });
</script> </script>
{/literal} {/literal}
   
</body> </body>
</html> </html>
<table class="widefat post fixed"> <table class="widefat post fixed">
<tr> <tr>
<td id="pagination"> <td id="pagination">
{if $smarty.get.hand != ""} {if $currentHand != ""}
{assign var="_hand" value=$smarty.get.hand} Showing <strong>{$hands.$currentHand}{if $currentCard}/{$currentCard}{/if}</strong> combinations
Showing <strong>{$hands.$_hand}{if $smarty.get.card}/{$smarty.get.card|htmlentities}{/if}</strong> combinations  
{else} {else}
Showing <strong>all{if $smarty.get.card}/{$smarty.get.card|htmlentities}{/if}</strong> combinations Showing <strong>all{if $currentCard}/{$currentCard}{/if}</strong> combinations
{/if} {/if}
<br /> <br />
   
{if $pagination.firstpage}<a href="{$pagination.firstpage}">first page</a> | {/if} {if $pagination.firstpage}<a href="{$pagination.firstpage}">first page</a> | {/if}
   
{foreach key=k item=v from=$pagination.pages} {foreach key=k item=v from=$pagination.pages}
{if $k != $pagination.page} {if $k != $pagination.page}
<a href="{$v}">{$k}</a> <a href="{$v}">{$k}</a>
{else} {else}
{$k} {$k}
{/if} {/if}
{/foreach} {/foreach}
   
{if $pagination.lastpage} | <a href="{$pagination.lastpage}">last page</a>{/if} | {$pagination.totalpages} pages | {$pagination.totalitems} combinations {if $pagination.lastpage} | <a href="{$pagination.lastpage}">last page</a>{/if} | {$pagination.totalpages} pages | {$pagination.totalitems} combinations
</td> </td>
</tr> </tr>
</table> </table>
comments