From b1605f98a089c6558b65168ba83b8937f6ba9c03 Mon Sep 17 00:00:00 2001
From: Ruslans Jermakovics <vaflancher@gmail.com>
Date: Sat, 1 Apr 2023 14:40:41 +0300
Subject: [PATCH] Migrate from ODBC to PDO extension. Fix wrong column in
 character module. Question during installation on changing the database
 collate.

---
 README.md                    |  14 +++--
 config.php                   |   1 +
 includes/comment.php         |   3 +-
 includes/functions.php       |  11 +++-
 includes/mmw_sql.php         | 112 +++++++++++++++++++++++++----------
 includes/theme_functions.php |   5 +-
 install.php                  |  32 ++++++----
 modules/character.php        |   2 +-
 modules/gallery.php          |   7 ++-
 modules/lostpass.php         |   4 +-
 modules/news_full.php        |  14 +++--
 modules/user.php             |   5 +-
 12 files changed, 146 insertions(+), 64 deletions(-)

diff --git a/README.md b/README.md
index b36e6a4..ac06377 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@
     Created: 2009-03-17
     Repository: https://github.com/Vaflan/MyMuWeb
     Author: Ruslans Jermakovics <Vaflan>
-    Contact: https://github.com/Vaflan
+    Contact: http://mymuweb.ru
 
 
 ## Instruction
@@ -13,10 +13,11 @@ The first step, you need PHP settings:
 * On Windows system ~ C:\WINDOWS\php.ini (extensions with .dll)
 * On Linux system ~ /etc/php/phpX.X/php.ini
 
-
-    extension = gd2
-    extension = odbc
-    error_reporting = E_ALL & ~E_NOTICE
+      extension = gd2
+      extension = pdo
+      extension = odbc
+      extension = pdo_odbc
+      error_reporting = E_ALL & ~E_NOTICE
 
 *********************************************************************
 The second step, add library if database uses MD5
@@ -41,4 +42,5 @@ The third step is to change socks
 *********************************************************************
 
 
-### Thanks for using MyMuWeb by Vaflan!
\ No newline at end of file
+### Thanks for using MyMuWeb by Vaflan!
+Special thanks to the **x-Mu** Community: https://x-mu.net/?board=84.0
\ No newline at end of file
diff --git a/config.php b/config.php
index 15b3f4f..bbd6f59 100644
--- a/config.php
+++ b/config.php
@@ -12,6 +12,7 @@
 $mmw['sql']['user'] = 'USER';                               // Login SQL
 $mmw['sql']['pass'] = 'PASSWORD';                           // Pass SQL
 $mmw['sql']['database'] = 'MuOnline';                       // DataBase SQL
+// Example: $mmw['sql']['driver'] = 'dblib:host=%host%;dbname=%dbnm%';
 
 
 // MyMuWeb Config
diff --git a/includes/comment.php b/includes/comment.php
index 3d8e444..a119fc9 100644
--- a/includes/comment.php
+++ b/includes/comment.php
@@ -57,7 +57,8 @@
 }
 
 
-$result = mssql_query("SELECT mc.c_id,
+$result = mssql_query("SELECT
+	mc.c_id,
 	mc.c_char,
 	mc.c_text,
 	mc.c_date,
diff --git a/includes/functions.php b/includes/functions.php
index a85d5fc..acebe9e 100644
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -266,6 +266,12 @@ function default_img($src)
 /////// Start BBCode Formats ///////
 function bbcode($text)
 {
+	global $flash_body_size;
+	if (empty($flash_body_size)) {
+		$flash_body_size = 426;
+	}
+	$aspectRatioHeight = round($flash_body_size * 9 / 16);
+
 	$bbCode = array(
 		'/\[br\]/is' => '<br>',
 		'/\[hr\]/is' => '<hr>',
@@ -287,10 +293,9 @@ function bbcode($text)
 		'/\[font\=(.*?)\](.*?)\[\/font\]/is' => '<span style="font:$1">$2</span>',
 		'/\[size\=(.*?)\](.*?)\[\/size\]/is' => '<span style="font-size:$1 pt;">$2</span>',
 		'/\[url\=(.*?)\](.*?)\[\/url\]/is' => '<a target="_blank" href="$1">$2</a>',
-		'/\[video\].*youtube.com\/watch[^=]+=(.*?)\[\/video\]/is' => '<iframe width="416" height="234" src="https://www.youtube.com/embed/$1" frameborder="0" allow="accelerometer;autoplay;clipboard-write;encrypted-media;gyroscope;picture-in-picture" allowfullscreen></iframe>',
+		'/\[video\].*youtube.com\/watch[^=]+=(.*?)\[\/video\]/is' => '<iframe width="' . $flash_body_size . '" height="' . $aspectRatioHeight . '" src="https://www.youtube.com/embed/$1" frameborder="0" allow="accelerometer;autoplay;clipboard-write;encrypted-media;gyroscope;picture-in-picture" allowfullscreen></iframe>',
 	);
-	$text = preg_replace(array_keys($bbCode), array_values($bbCode), $text);
-	return $text;
+	return preg_replace(array_keys($bbCode), array_values($bbCode), $text);
 }
 
 /////// END BBCode Formats ///////
diff --git a/includes/mmw_sql.php b/includes/mmw_sql.php
index 8813d6c..bbb5e63 100644
--- a/includes/mmw_sql.php
+++ b/includes/mmw_sql.php
@@ -1,8 +1,8 @@
 <?php
 /*
-	It's bridge from mssql to odbc
+	It's bridge from mssql to pdo
 	Copyright by Ruslans Jermakovics [Vaflan]
-	Version of bridge 2.1 - 23:39 12.02.2023
+	Version of bridge 3.0 - 00:00 08.03.2023
 	Insert to config.php: require_once __DIR__ . '/includes/mmwsql.php';
 */
 
@@ -18,18 +18,21 @@
 	function mssql_connect($servername = null, $username = null, $password = null, $new_link = false)
 	{
 		global $mmwsql;
+
 		$mmwsql = array(
 			'connect' => true,
 			'host' => $servername,
 			'user' => $username,
 			'pass' => $password,
+			'driver' => $mmwsql['driver'] ?: 'odbc:Driver={SQL Server};Server={%host%};Database={%dbnm%};',
 		);
+		// Example Linux with dblib: $mmwsql['driver'] = 'dblib:host=%host%;dbname=%dbnm%';
 
-		if (!extension_loaded('odbc')) {
-			throw new Exception('ODBC extension not loaded. Please open php.ini and add odbc extension (extension=odbc)');
+		if (!extension_loaded('pdo')) {
+			throw new Exception('PDO extension not loaded. Please open php.ini and add pdo extension');
 		}
 
-		return true;
+		return $mmwsql['connect'];
 	}
 
 	/**
@@ -39,11 +42,24 @@ function mssql_connect($servername = null, $username = null, $password = null, $
 	function mssql_select_db($database_name, $link_identifier = null)
 	{
 		global $mmwsql;
+
 		$mmwsql['dbnm'] = $database_name;
 		if ($link_identifier) {
-			return $mmwsql['connect'] = odbc_connect('Driver={SQL Server};Server={' . $mmwsql['host'] . '};Database={' . $mmwsql['dbnm'] . '};', $mmwsql['user'], $mmwsql['pass']);
+			$mmwsql['connect'] = new PDO(
+				str_replace(
+					array_map(static function ($value) {
+						return '%' . $value . '%';
+					}, array_keys($mmwsql)),
+					array_values($mmwsql),
+					$mmwsql['driver']
+				),
+				$mmwsql['user'],
+				$mmwsql['pass']
+			);
+			$mmwsql['list'] = array();
 		}
-		return false;
+
+		return $mmwsql['connect'];
 	}
 
 	/**
@@ -53,15 +69,22 @@ function mssql_select_db($database_name, $link_identifier = null)
 	function mssql_query($query, $link_identifier = null, $batch_size = 0)
 	{
 		global $mmwsql;
+
+		$lastQuery = end($mmwsql['list']);
+		if ($lastQuery['id']) {
+			$lastQuery['id']->closeCursor();
+		}
+
 		$mmwsql['last_query'] = $query;
 		$mmwsql['list'][] = array(
-			'id' => @odbc_exec($link_identifier ? $link_identifier : $mmwsql['connect'], $query),
+			'id' => $mmwsql['connect']->query($query),
 			'query' => $query,
 		);
 		$resourceId = end($mmwsql['list'])['id'];
 		if ($resourceId === false) {
-			throw new Exception(odbc_errormsg() . PHP_EOL . $query);
+			throw new Exception(mssql_get_last_message() . PHP_EOL . $query);
 		}
+
 		return $resourceId;
 	}
 
@@ -71,7 +94,6 @@ function mssql_query($query, $link_identifier = null, $batch_size = 0)
 	 */
 	function mssql_fetch_row($result)
 	{
-		/* ODBC fetch_row have issue, hack by Vaflan .!.. */
 		return mssql_fetch_array($result, MSSQL_NUM);
 	}
 
@@ -81,9 +103,13 @@ function mssql_fetch_row($result)
 	 */
 	function mssql_fetch_assoc($result_id)
 	{
-		if ($result = odbc_fetch_array($result_id)) {
-			return $result;
+		/** @var $result_id PDOStatement */
+
+		// Important BOTH! mssql_fetch_assoc have issue, hack by Vaflan .!..
+		if ($data = $result_id->fetch(PDO::FETCH_BOTH)) {
+			return $data;
 		}
+
 		return false;
 	}
 
@@ -93,18 +119,19 @@ function mssql_fetch_assoc($result_id)
 	 */
 	function mssql_fetch_array($result, $result_type = MSSQL_BOTH)
 	{
-		$rows = mssql_fetch_assoc($result);
-		if ($rows) {
-			switch ($result_type) {
-				case MSSQL_BOTH:
-					return array_merge($rows, array_values($rows));
-				case MSSQL_NUM:
-					return array_values($rows);
-				case MSSQL_ASSOC:
-					return $rows;
-			}
+		/** @var $result PDOStatement */
+		switch ($result_type) {
+			case MSSQL_NUM:
+				$pdoFetch = PDO::FETCH_NUM;
+				break;
+			case MSSQL_ASSOC:
+				$pdoFetch = PDO::FETCH_ASSOC;
+				break;
+			default:
+				$pdoFetch = PDO::FETCH_BOTH;
 		}
-		return false;
+
+		return $result->fetch($pdoFetch) ?: false;
 	}
 
 	/**
@@ -113,7 +140,22 @@ function mssql_fetch_array($result, $result_type = MSSQL_BOTH)
 	 */
 	function mssql_num_rows($result)
 	{
-		return odbc_num_rows($result);
+		global $mmwsql;
+
+		/** @var $result PDOStatement */
+		$count = $result->rowCount();
+		if ($count === -1) {
+			//trigger_error('[mssql_num_rows] PDO cant return correct row count');
+			$result->closeCursor();
+			$countQuery = preg_replace('/^SELECT(.*?)FROM/is', 'SELECT COUNT(*) FROM', $result->queryString);
+			if (strpos($countQuery, 'ORDER BY') !== false) {
+				$countQuery = substr($countQuery, 0, strpos($countQuery, 'ORDER BY'));
+			}
+			$count = (int)$mmwsql['connect']->query($countQuery)->fetchColumn();
+			$result->execute();
+		}
+
+		return $count;
 	}
 
 	/**
@@ -122,9 +164,11 @@ function mssql_num_rows($result)
 	 */
 	function mssql_result($result, $row = 0, $field = 0)
 	{
-		/* ODBC result haven't rows params, hack by Vaflan .!.. */
+		/** @var $result PDOStatement */
+
+		/* PDO result haven't rows params, hack by Vaflan .!.. */
 		$i = 0;
-		while ($rows = @odbc_fetch_array($result)) {
+		while ($rows = $result->fetch(PDO::FETCH_BOTH)) {
 			if ($i == $row) {
 				foreach ($rows as $k => $v) {
 					if ($k == $field) {
@@ -134,6 +178,7 @@ function mssql_result($result, $row = 0, $field = 0)
 			}
 			$i++;
 		}
+
 		return false;
 	}
 
@@ -144,7 +189,10 @@ function mssql_result($result, $row = 0, $field = 0)
 	function mssql_get_last_message()
 	{
 		global $mmwsql;
-		return odbc_errormsg($mmwsql['connect']);
+
+		$errorInfo = $mmwsql['connect']->errorInfo();
+
+		return $errorInfo[2] ?: reset($errorInfo);
 	}
 
 	/**
@@ -153,7 +201,8 @@ function mssql_get_last_message()
 	 */
 	function mssql_num_fields($result)
 	{
-		return odbc_num_fields($result);
+		/** @var $result PDOStatement */
+		return $result->columnCount();
 	}
 
 	/**
@@ -163,7 +212,10 @@ function mssql_num_fields($result)
 	function mssql_close($link_identifier)
 	{
 		global $mmwsql;
-		odbc_close($mmwsql['connect']);
-		return $link_identifier === $mmwsql['connect'];
+
+		$isCurrentConnection = ($link_identifier === $mmwsql['connect']);
+		unset($mmwsql['connect']);
+
+		return $isCurrentConnection;
 	}
 }
\ No newline at end of file
diff --git a/includes/theme_functions.php b/includes/theme_functions.php
index dde1aa1..91e6d0a 100644
--- a/includes/theme_functions.php
+++ b/includes/theme_functions.php
@@ -76,7 +76,10 @@ function theme()
 function menu($style = null)
 {
 	global $mmw;
-	require __DIR__ . '/menu.php';
+	if (!isset($mmw['menu'])) {
+		require_once __DIR__ . '/menu.php';
+	}
+
 	if (empty($style)) {
 		$style = '<a href="$1">$2</a><br>';
 	}
diff --git a/install.php b/install.php
index 2f1092c..a933ab1 100644
--- a/install.php
+++ b/install.php
@@ -47,11 +47,18 @@
 		: array('Database does not support MD5!', 'No');
 	?>
 	<form name="set_md5" method="post" action="?page=3">
+		<label>
+			Change database COLLATE
+			<select name="collate" title="Set COLLATE" style="margin:0;padding:0;">
+				<option value="false">No</option>
+				<option value="true">Yes</option>
+			</select>
+		</label><br>
 		<label>
 			In "config.php" Now MD5:
 			<select name="md5" title="Set MD5 Option" style="margin:0;padding:0;">
-				<option value="true"<?php echo $md5Selector[true]; ?>>Yes</option>
 				<option value="false"<?php echo $md5Selector[false]; ?>>No</option>
+				<option value="true"<?php echo $md5Selector[true]; ?>>Yes</option>
 			</select>
 		</label><br>
 		<b style="color:red;"><?php echo $md5Info[0]; ?></b><br>
@@ -68,15 +75,14 @@
 	if (($_POST['md5'] === 'true' && !$mmw['md5']) || ($_POST['md5'] === 'false' && $mmw['md5'])) {
 		$configFile = 'config.php';
 		$configData = file_get_contents($configFile);
-		$configData = preg_replace('/\$mmw\[\'md5\'] = (true|false);/', "\$mmw['md5'] = {$_POST['md5']}22;", $configData);
+		$configData = preg_replace('/\$mmw\[\'md5\'] = (true|false);/', "\$mmw['md5'] = {$_POST['md5']};", $configData);
 		file_put_contents($configFile, $configData);
 		$mmw['md5'] = $_POST['md5'];
 	}
 	@file_put_contents('includes/installed.php', "<?php\n// MyMuWeb Installed Date\n\$mmw['installed'] = '" . time() . "';\n");
 	?>
-	<b>Tables and columns install end!</b> [<a href="#"
-											   onclick="document.getElementById('install_log').style.display=''">Show</a>]
-	<br>
+	<b>Tables and columns install end!</b>
+	[<a href="#" onclick="document.getElementById('install_log').style.display=''">Show</a>]<br>
 	On the next page you can choose the site administrator<br>
 	<div class="buttonFlow">
 		<button onclick="window.location.href='?page=4'">Next &#8594;</button>
@@ -89,12 +95,14 @@
 	<?php
 	$queryList = array();
 
-	// DECODE DATABASE
-	$queryList['decode_database'] = array(
-		"ALTER DATABASE {$mmw['sql']['database']} SET SINGLE_USER WITH ROLLBACK IMMEDIATE",
-		"ALTER DATABASE {$mmw['sql']['database']} COLLATE SQL_Latin1_General_CP1_CI_AS",
-		"ALTER DATABASE {$mmw['sql']['database']} SET MULTI_USER"
-	);
+	if ($_POST['collate'] === 'true') {
+		// DECODE DATABASE
+		$queryList['decode_database'] = array(
+			"ALTER DATABASE {$mmw['sql']['database']} SET SINGLE_USER WITH ROLLBACK IMMEDIATE",
+			"ALTER DATABASE {$mmw['sql']['database']} COLLATE SQL_Latin1_General_CP1_CI_AS",
+			"ALTER DATABASE {$mmw['sql']['database']} SET MULTI_USER"
+		);
+	}
 
 	// CREAT TABLES
 	$queryList['load_db_mmw'] = @file_get_contents('includes/db_mmw.sql');
@@ -126,7 +134,7 @@
 		"ALTER TABLE MEMB_INFO ADD mmw_coin int not null default 0",
 		"ALTER TABLE warehouse ADD extMoney bigint null default 0",
 		"ALTER TABLE Character ADD {$mmw['reset_column']} int not null default 0",
-		"ALTER TABLE Character ADD leadership int not null default 0",
+		"ALTER TABLE Character ADD Leadership int not null default 0",
 		"ALTER TABLE Guild ADD G_Union int not null default 0",
 		"ALTER TABLE GuildMember ADD G_Status tinyint not null default 0",
 	);
diff --git a/modules/character.php b/modules/character.php
index d02fd50..46fa88e 100644
--- a/modules/character.php
+++ b/modules/character.php
@@ -112,7 +112,7 @@
 					<?php endif; ?>
 					<tr>
 						<td style="text-align:right"><?php echo mmw_lang_status; ?>:</td>
-						<td><?php echo ctlCode($info[16]); ?></td>
+						<td><?php echo ctlCode($info[15]); ?></td>
 					</tr>
 					<tr>
 						<td style="text-align:right"><?php echo mmw_lang_class; ?>:</td>
diff --git a/modules/gallery.php b/modules/gallery.php
index 864bdad..1817e02 100644
--- a/modules/gallery.php
+++ b/modules/gallery.php
@@ -8,6 +8,7 @@
  * @var string $die_start
  * @var string $die_end
  * @var string $rowbr
+ * @var int $flash_body_size
  */
 
 $dir = 'media/gallery/';
@@ -104,7 +105,7 @@ function byteConvert($bytes)
 			<tr>
 				<td align="right"><?php echo mmw_lang_image_comment; ?>:</td>
 				<td>
-					<input name="comment" type="text" size="30" maxlength="30" value="<?php echo $_POST['comment']; ?>">
+					<input name="comment" type="text" size="30" maxlength="255" value="<?php echo $_POST['comment']; ?>">
 				</td>
 			</tr>
 			<tr>
@@ -180,7 +181,7 @@ function byteConvert($bytes)
 			$smallUrl = $dir . 'small_' . $file_name . '.' . $format;
 
 			if (!is_file($smallUrl)) {
-				img_resize($url, 300, 300, $dir, 'small_' . $file_name . '.' . $format);
+				img_resize($url, $flash_body_size, $flash_body_size, $dir, 'small_' . $file_name . '.' . $format);
 			}
 			$image_size = getimagesize($smallUrl);
 
@@ -210,7 +211,7 @@ function byteConvert($bytes)
 			<tr>
 				<td style="padding:2px;width:160px;text-align:center">
 					<a href="?op=gallery&w=' . $file_name . '" title="' . mmw_lang_image_size . ': ' . $width . ' x ' . $height . '">
-						<img src="' . $smallUrl . '" border="0" height="' . $sizeH . '" width="' . $sizeW . '">
+						<img src="' . $smallUrl . '" height="' . $sizeH . '" width="' . $sizeW . '" alt="' . $name . '" border="0">
 					</a>
 				</td>
 				<td style="padding:4px;" valign="top">
diff --git a/modules/lostpass.php b/modules/lostpass.php
index b23489d..2db1b89 100644
--- a/modules/lostpass.php
+++ b/modules/lostpass.php
@@ -10,7 +10,9 @@
  * @var string $okey_end
  */
 
-$step = intval($_GET['step']);
+$step = isset($_GET['step'])
+	? intval($_GET['step'])
+	: 0;
 
 
 if ($step === 1) {
diff --git a/modules/news_full.php b/modules/news_full.php
index e826b2f..1cea36b 100644
--- a/modules/news_full.php
+++ b/modules/news_full.php
@@ -15,20 +15,24 @@
 	'total_comment' => mmw_lang_total_comment,
 );
 
+if (!isset($mmw['news_row_end'])) {
+	$mmw['news_row_end'] = '';
+}
+
 while ($row = mssql_fetch_row($get_news)) {
+	$content = '';
 	$date = date('H:i:s d.m.Y', $row[3]);
+
 	if (!empty($row[4])) {
-		$news_row_1 = $mmw['news_row_1'] . $row[4] . $mmw['news_row_end'];
+		$content .= $mmw['news_row_1'] . bbcode($row[4]) . $mmw['news_row_end'];
 	}
 	if (!empty($row[5])) {
-		$news_row_2 = $mmw['news_row_2'] . $row[5] . $mmw['news_row_end'];
+		$content .= $mmw['news_row_2'] . bbcode($row[5]) . $mmw['news_row_end'];
 	}
 	if (!empty($row[6])) {
-		$news_row_3 = $mmw['news_row_3'] . $row[6] . $mmw['news_row_end'];
+		$content .= $mmw['news_row_3'] . bbcode($row[6]) . $mmw['news_row_end'];
 	}
 
-	$content = bbcode($news_row_1 . $news_row_2 . $news_row_3);
-
 	echo <<<HTML
 <div class="eBlock" style="width:100%;border:0;padding:0">
 	<div class="eTitle">{$row[0]}</div>
diff --git a/modules/user.php b/modules/user.php
index 7bb5ba4..072b550 100644
--- a/modules/user.php
+++ b/modules/user.php
@@ -15,7 +15,10 @@
 
 $acc_online_check = (int)@current(mssql_fetch_row(mssql_query("SELECT ConnectStat FROM dbo.MEMB_STAT WHERE memb___id='{$account}'")));
 
-$userModule = preg_replace('/[^\w_-]/', '', $_GET['u']);
+$userModule = !empty($_GET['u'])
+	? preg_replace('/[^\w_-]/', '', $_GET['u'])
+	: null;
+
 if (empty($userModule)) {
 	require_once 'modules/user/acc.php';
 } elseif (is_file('modules/user/' . $userModule . '.php')) {