# 
# 
# patch "hostconfig.dist"
#  from [094160cadf511eb392c4949f4b846735a0a87025]
#    to [f194cf04bfa0ffb93df9434ceec738670202f2c3]
# 
# patch "www/admin-description_backend.php"
#  from [35aaa14b1ed2fd7b061c029208d095f3ed520a58]
#    to [77be066f94469962dee95ebcbe852d3f7ef3bfc0]
# 
# patch "www/admin-files_backend.php"
#  from [ef16f5dbaffe7f400e6b75126f7707abb5d5f9af]
#    to [8109ee3be651cbd4d693b930060403c1a7149a46]
# 
# patch "www/admin-permissions_backend.php"
#  from [9dfe7767585351057995a7131f324748ec3136d1]
#    to [f03b110a705a1d3ae8ebed71987a94ebc2adaa80]
# 
# patch "www/admin-resources_backend.php"
#  from [d1f490cc113924a005b87acd0228eb369e29cea6]
#    to [c25e06b302ff66e55ecee79a85765f2e90339d2e]
# 
# patch "www/admin-source_control_backend.php"
#  from [fff189e4e8c4853672c1fc299fee91abb4c6e683]
#    to [6271371add902909298ece584864171f20e24ec5]
# 
# patch "www/common-ctrl.php"
#  from [5cdf8502620216366fe9a4fbf60f228ef2e4414b]
#    to [8e9d200ced9294036b3f336eb34b00a9f00ac038]
# 
# patch "www/common-resource.php"
#  from [bb89b43d6a10482146c02944a319179a2e60a85e]
#    to [958c85685f30e4a13024444e460b2c11528aa454]
# 
# patch "www/common.php"
#  from [4dfe605e35ec8b2f139630192a65b7c5fe7a4a17]
#    to [3088c0608938da725d06013aa0f9d6d7eaa16527]
# 
# patch "www/index.php"
#  from [8cda77dbe2da163ecad68bce5e4e9d036025a7d8]
#    to [3361dc77f10506370f720fae8b77065029d082ad]
# 
# patch "www/login.php"
#  from [2411034b91d3b8441676c2ca0d559b32682027f5]
#    to [53f3fcfe78d47e975b16cc3237465f91688225fe]
# 
# patch "www/proj-ctrl.php"
#  from [5e750a6316c4026612c6e578c8f604470394b702]
#    to [ce8e7729dcf57087f1948f384f6455cdb986cae2]
# 
# patch "www/project.php"
#  from [3260a28bfd208039e33b8637a1ec5a5c4ee85dba]
#    to [02a98d34f5ed4b461542afedd2e846f980fe1731]
# 
============================================================
--- hostconfig.dist	094160cadf511eb392c4949f4b846735a0a87025
+++ hostconfig.dist	f194cf04bfa0ffb93df9434ceec738670202f2c3
@@ -1,6 +1,8 @@
 userpass "username" "password"
 hostname "hostname"
 serverdir "/home/timothy/experiment"
+adodb_path "/usr/share/adodb" 
+dbtype "postgres"
 dbstring "dbname=testdb"
 admin "127.0.0.5:12345"
 
============================================================
--- www/admin-description_backend.php	35aaa14b1ed2fd7b061c029208d095f3ed520a58
+++ www/admin-description_backend.php	77be066f94469962dee95ebcbe852d3f7ef3bfc0
@@ -16,5 +16,5 @@
 					"longdescription" => file_get_contents($projwww . "/longdescription")));
 	}
 }
-pg_close($db);
+$db->Close();
 ?>
============================================================
--- www/admin-files_backend.php	ef16f5dbaffe7f400e6b75126f7707abb5d5f9af
+++ www/admin-files_backend.php	8109ee3be651cbd4d693b930060403c1a7149a46
@@ -47,5 +47,5 @@
 	file_put_contents($projwww . "/files-about/" . basename($args->file), $args->filedesc);
 	print $json->encode(array("ok" => "ok"));
 }
-pg_close($db);
+$db->Close();
 ?>
============================================================
--- www/admin-permissions_backend.php	9dfe7767585351057995a7131f324748ec3136d1
+++ www/admin-permissions_backend.php	f03b110a705a1d3ae8ebed71987a94ebc2adaa80
@@ -1,25 +1,23 @@
 <?
 include_once("common-ctrl.php");
 
 function maintlist() {
-	global $db, $safeproj;
+	global $db,$project;
 	$fields = "username, give, upload, homepage, access, server, description";
-	$query = sprintf("SELECT %s FROM permissions WHERE ", $fields);
-	$query = $query . "project = '%s'";
-	$result = pg_exec($db, sprintf($query, $safeproj));
+	$query = sprintf("SELECT %s FROM permissions WHERE project=?", $fields);
+	$result = $db->Execute($query, array($project));
 	$out = array();
 	if ($result) {
-		$rows = pg_numrows($result);
-		for($i = 0; $i < $rows; ++$i) {
-			$row = pg_fetch_row ($result,$i);
-			$perm['username']	= $row[0];
-			$perm['give']		= ($row[1] == 1);
-			$perm['upload']		= ($row[2] == 1);
-			$perm['homepage']	= ($row[3] == 1);
-			$perm['access']		= ($row[4] == 1);
-			$perm['server']		= ($row[5] == 1);
-			$perm['description']	= ($row[6] == 1);
+		while (!$result->EOF) {
+			$perm['username']	= $result->fields[0];
+			$perm['give']		= ($result->fields[1] == 1);
+			$perm['upload']		= ($result->fields[2] == 1);
+			$perm['homepage']	= ($result->fields[3] == 1);
+			$perm['access']		= ($result->fields[4] == 1);
+			$perm['server']		= ($result->fields[5] == 1);
+			$perm['description']	= ($result->fields[6] == 1);
 			$out[] = $perm;
+			$result->MoveNext();
 		}
 	}
 	return $out;
@@ -45,24 +43,28 @@
 				$res["error"] = "You're not allowed to revoke your own permissions to edit maintainers.";
 				break;
 			}
-			pg_exec($db, "BEGIN");
+			$db->BeginTrans();
 			$begun = true;
-			pg_exec($db, "LOCK TABLE permissions");
-			$query = sprintf("DELETE FROM permissions WHERE project = '%s'", $safeproj);
-			$result = pg_exec($db, $query);
+			#			pg_exec($db, "LOCK TABLE permissions");
+			$result = $db->Execute("DELETE FROM permissions WHERE project=?", array($project));
 			if (!$result) {
 				$res['error'] = 'Internal server error.';
 				$ok = false;
 				break;
 			}
 			$fields = "username, project, give, upload, homepage, access, server, description";
-			$query = sprintf("INSERT INTO permissions (%s) VALUES (%%s)", $fields);
+			$query = sprintf("INSERT INTO permissions (%s) VALUES (i?,?,?,?,?,?,?,?)", $fields);
+			$istmt = $db->Prepare($query);
 			foreach ($args->newmaint as $i) {
-				$values = sprintf("'%s', '%s', %s, %s, %s, %s, %s, %s",
-						pg_escape_string($i->username), $safeproj,
-						$i->give?1:0, $i->upload?1:0, $i->homepage?1:0,
-						$i->access?1:0, $i->server?1:0, $i->description?1:0);
-				$result = pg_exec($db, sprintf($query, $values));
+				$result = $db->Execute($istmt, 
+						array($i->username, 
+							$project,
+							$i->give?1:0, 
+							$i->upload?1:0, 
+							$i->homepage?1:0,
+							$i->access?1:0, 
+							$i->server?1:0, 
+							$i->description?1:0));
 				if (!$result) {
 					$res['error'] = 'Internal server error.';
 					$ok = false;
@@ -73,10 +75,10 @@
 				$res["maintainers"] = maintlist();
 		} while(false);
 		if (!$ok && $begun)
-			pg_exec($db, "ROLLBACK");
+			$db->RollbackTrans();
 		print $json->encode($res);
-		pg_exec($db, "END");
+		$db->CommitTrans();
 	}
 }
-pg_close($db);
+$db->Close();
 ?>
============================================================
--- www/admin-resources_backend.php	d1f490cc113924a005b87acd0228eb369e29cea6
+++ www/admin-resources_backend.php	c25e06b302ff66e55ecee79a85765f2e90339d2e
@@ -10,17 +10,15 @@
 	$res = array();
 	$ok = true;
 	do {
-		pg_exec($db, "BEGIN");
-		pg_exec($db, "LOCK TABLE resources");
-		$query = sprintf("DELETE FROM resources WHERE project = '%s'", $safeproj);
-		$result = pg_exec($db, $query);
+		$db->BeginTrans();
+		#		pg_exec($db, "LOCK TABLE resources");
+		$result = $db->Execute("DELETE FROM resources WHERE project=?", array($project));
 		if (!$result) {
 			$res['error'] = 'Internal server error. (1)';
 			$ok = false;
 			break;
 		}
-		$fields = "project, name, type, data";
-		$query = sprintf("INSERT INTO resources (%s) VALUES (%%s)", $fields);
+		$istmt =  $db->Prepare("INSERT INTO resources(project,name,type,data) VALUES(?,?,?,?)");
 		foreach ($args->newresources as $i) {
 			if ($i->type == "link") {
 				$type = 0;
@@ -29,15 +27,14 @@
 			} else {
 				$type = -1;
 			}
-			$values = sprintf("'%s', '%s', %s, '%s'",
-					$safeproj,
-					pg_escape_string($i->name),
+			$values = array($project,
+					$i->name,
 					$type,
-					pg_escape_string($i->data));
-			$result = pg_exec($db, sprintf($query, $values));
+					$i->data);
+			$result = $db->Execute($istmt, $values);
 			if (!$result) {
 				$res['error'] = 'Internal server error. (2)';
-				$res['verboseError'] = sprintf($query, $values);
+				$res['verboseError'] = sprintf("inserting into resources: %s, %s, %s, %s", $project, $i->name,$type,$i->data);
 				$ok = false;
 				break;
 			}
@@ -46,9 +43,10 @@
 			$res["resources"] = resourcelist();
 	} while(false);
 	if (!$ok)
-		pg_exec($db, "ROLLBACK");
+		$db->RollbackTrans();
+	else
+		$db->CommitTrans();
 	print $json->encode($res);
-	pg_exec($db, "END");
 }
-pg_close($db);
+$db->Close();
 ?>
============================================================
--- www/admin-source_control_backend.php	fff189e4e8c4853672c1fc299fee91abb4c6e683
+++ www/admin-source_control_backend.php	6271371add902909298ece584864171f20e24ec5
@@ -83,5 +83,5 @@
 		print $json->encode(array("result" => "ok"));
 	}
 }
-pg_close($db);
+$db->Close();
 ?>
============================================================
--- www/common-ctrl.php	5cdf8502620216366fe9a4fbf60f228ef2e4414b
+++ www/common-ctrl.php	8e9d200ced9294036b3f336eb34b00a9f00ac038
@@ -5,7 +5,6 @@
 $action = $args->action; if($_REQUEST['action']) $action = $_REQUEST['action'];
 $project = $args->project; if($_REQUEST['project']) $project = $_REQUEST['project'];
 
-$safeproj = pg_escape_string($project);
 $projdir = "$serverdir/projects/" . basename($project);
 $projwww = "$serverdir/www/projects/" . basename($project);
 $monotone = "$monotone --confdir '$projdir'";
@@ -18,16 +17,12 @@
 	else
 		return $args->$name;
 }
-function safearg($name) {
-	return pg_escape_string(getarg($name));
-}
 function dirsafe($name) {
 	return ($name == basename($name)) && ($name != '..');
 }
 
 if (!$project) {
 	$project = basename(dirname($_SERVER['PHP_SELF']));
-	$safeproj = pg_escape_string($project);
 }
 function allowed($what) {
 	global $json, $permissions, $validuser, $username;
@@ -52,15 +47,15 @@
 if ($validuser) {
 	$fields = "give, upload, homepage, access, server, description";
 	$query = sprintf("SELECT %s FROM permissions WHERE ", $fields);
-	$query = $query . "username = '%s' AND project = '%s'";
-	$result = pg_exec($db, sprintf($query, $safeuser, $safeproj));
+	$query = $query . "username=? AND project=?";
+	$result = $db->Execute($query, array($username, $project));
 	if ($result) {
-		$rows = pg_numrows($result);
+		$rows = $result->RecordCount();
 		$permissions['rows'] = $rows;
-		$permissions['safeuser'] = $safeuser;
-		$permissions['safeproj'] = $safeproj;
+		$permissions['username'] = $username;
+		$permissions['project'] = $project;
 		if ($rows == 1) {
-			$row = pg_fetch_row ($result, 0);
+			$row = $result->FetchRow();
 			$permissions['give']		= ($row[0] == 1);
 			$permissions['upload']		= ($row[1] == 1);
 			$permissions['homepage']		= ($row[2] == 1);
============================================================
--- www/common-resource.php	bb89b43d6a10482146c02944a319179a2e60a85e
+++ www/common-resource.php	958c85685f30e4a13024444e460b2c11528aa454
@@ -1,14 +1,13 @@
 <?
 include_once("common.php");
 function resourcelist() {
-	global $db, $safeproj;
-	$query = "SELECT name, type, data FROM resources WHERE project = '%s'";
-	$result = pg_exec($db, sprintf($query, $safeproj));
+	global $db, $project;
+	$query = "SELECT name, type, data FROM resources WHERE project=?";
+	$result = $db->Execute($db, $query, array($project));
 	$out = array();
 	if ($result) {
-		$rows = pg_numrows($result);
-		for($i = 0; $i < $rows; ++$i) {
-			$row = pg_fetch_row ($result,$i);
+		while (!$result->EOF) {
+			$row = $result->FetchRow();
 			$r['name'] = $row[0];
 			if ($row[1] == 0) {
 				$r['type'] = "link";
============================================================
--- www/common.php	4dfe605e35ec8b2f139630192a65b7c5fe7a4a17
+++ www/common.php	3088c0608938da725d06013aa0f9d6d7eaa16527
@@ -33,6 +33,10 @@
 		$hostname = nxt($splitconf);
 	} elseif($i == "serverdir") {
 		$serverdir = nxt($splitconf);
+	} elseif($i == "adodb_path") {
+		$adodb_path = nxt($splitconf);
+	} elseif($i == "dbtype") {
+		$dbtype = nxt($splitconf);
 	} elseif($i == "dbstring") {
 		$dbstring = nxt($splitconf);
 	} elseif($i == "hostkey") {
@@ -91,16 +95,14 @@
 	$shapass = '';
 }
 
-$safeuser = pg_escape_string($username);
-
+include_once($adodb_path);
 $validuser = false;
-$db = pg_connect($dbstring);
-$query = sprintf("SELECT password FROM users WHERE username = '%s'", $safeuser);
-$result = pg_exec($db, $query);
+$db = &ADONewConnection( rawurlencode($dbstring) );
+$result = $db->Execute("SELECT password FROM users WHERE username=?", array($username));
 if ($result) {
-	$rows = pg_numrows($result);
+	$rows = $result->RecordCount();
 	if ($rows == 1) {
-		$row = pg_fetch_row ($result, 0);
+		$row = $result->fields[0];
 		if ($row[0] == $shapass) {
 			$validuser = true;
 		}
============================================================
--- www/index.php	8cda77dbe2da163ecad68bce5e4e9d036025a7d8
+++ www/index.php	3361dc77f10506370f720fae8b77065029d082ad
@@ -20,25 +20,24 @@
 <?
 #$query = "SELECT name, directory FROM projects";
 $query = "SELECT name FROM projects";
-$result = pg_exec($db, $query);
+$result = $db->Execute($query);
 if (!$result) {printf("ERROR"); }
-$rows = pg_numrows($result);
-for($i = 0; $i < $rows; ++$i) {
-	$row = pg_fetch_row ($result,$i);
+while (!$result->EOF) {
 	printf("<div class=\"record\">\n");
-	printf("<span style=\"font-weight: bold;\">%s</span> | \n", $row[0]);
-	printf("<a href=\"projects/%s/\">Project info page</a> | \n", $row[0]);
+	printf("<span style=\"font-weight: bold;\">%s</span> | \n", $result->fields[0]);
+	printf("<a href=\"projects/%s/\">Project info page</a> | \n", $result->fields[0]);
 	if ($validuser) {
 		printf("<a href=\"projects/%s/admin.php\">Maintainer Page</a> | \n", $row[0]);
 	}
-	printf("<tt>mtn pull %s.%s \\*</tt>\n", $row[0], $hostname);
+	printf("<tt>mtn pull %s.%s \\*</tt>\n", $result->fields[0], $hostname);
 	printf("<hr />\n");
-	if (is_file("projects/$row[0]/description")) {
-		print file_get_contents("projects/$row[0]/description");
+	if (is_file("projects/$result->fields[0]/description")) {
+		print file_get_contents("projects/$result->fields[0]/description");
 	}
 	printf("</div>\n");
+	$result->MoveNext();
 }
-pg_close();
+$db->Close();
 ?>
 
 </div>
============================================================
--- www/login.php	2411034b91d3b8441676c2ca0d559b32682027f5
+++ www/login.php	53f3fcfe78d47e975b16cc3237465f91688225fe
@@ -42,21 +42,26 @@
 	if ($username == "" || $shapass == "") {
 		$res = "Your username and password cannot be blank.<br/>\n";
 	} else {
-		pg_exec($db, "BEGIN");
-		pg_exec($db, "LOCK TABLE users");
-		$query = sprintf("SELECT * FROM users WHERE username = '%s'", $safeuser);
-		$result = pg_exec($db, $query);
+		$db->BeginTrans();
+		#		pg_exec($db, "LOCK TABLE users");
+		$result = $db->Execute("SELECT * FROM users WHERE username=?", array($username));
 		if (!$result) {
 			$res = "Internal server error.<br/>\n";
-		} else if (pg_numrows($result) == 0) {
+		} else if ($result->RecordCount() == 0) {
 			$query = "INSERT INTO users (username, password) VALUES ('%s', '%s')";
-			pg_exec($db, sprintf($query, $safeuser, $shapass));
-			$res = "Added user $username.<br/>\n";
-			$validuser = true;
+			$ires = $db->Execute("INSERT INTO users (username, password) VALUES(?,?)",
+				array($username, $shapass));
+			if (!$ires) {
+				$res = "That username is already taken.<br/>\n";
+				$db->RollbackTrans();
+			} else {
+				$res = "Added user $username.<br/>\n";
+				$validuser = true;
+			}
 		} else {
 			$res = "That username is already taken.<br/>\n";
 		}
-		pg_exec($db, "END");
+		$db->CommitTrans();
 	}
 	docookie($username, $shapass);
 	page_head();
@@ -69,8 +74,8 @@
 		if ($newpass == "") {
 			$res = "Your new password cannot be blank.";
 		} else {
-			$query = "UPDATE users SET password = '%s' WHERE username = '%s'";
-			$result = pg_exec($db, sprintf($query, sha1($newpass), $safeuser));
+			$query = "UPDATE users SET password=? WHERE username=?";
+			$result = $db->Execute($query, array(sha1($newpass), $username));
 			if(!result) {
 				$res = "Internal server error.";
 			} else {
============================================================
--- www/proj-ctrl.php	5e750a6316c4026612c6e578c8f604470394b702
+++ www/proj-ctrl.php	ce8e7729dcf57087f1948f384f6455cdb986cae2
@@ -19,7 +19,7 @@
 		print "parent.status(\"Error: username or password is incorrect.\");\n";
 	}
 	print "</script></head><body>File uploaded</body></html>";
-	pg_close();
+	$db->Close();
 	exit;
 } else if ($action === "upload_files") {
 	header('Content-type: text/html');
@@ -54,7 +54,7 @@
 			print "parent.status(\"" . $st . "\");";
 	} while (false);
 	print "</script></head><body>File uploaded</body></html>";
-	pg_close();
+	$db->Close();
 	exit;
 }
 
@@ -76,24 +76,22 @@
 }
 
 function maintlist() {
-	global $db, $safeproj;
+	global $db, $project;
 	$fields = "username, give, upload, homepage, access, server, description";
-	$query = sprintf("SELECT %s FROM permissions WHERE ", $fields);
-	$query = $query . "project = '%s'";
-	$result = pg_exec($db, sprintf($query, $safeproj));
+	$query = sprintf("SELECT %s FROM permissions WHERE project=?", $fields);
+	$result = $db->Execute($query, array($project));
 	$out = array();
 	if ($result) {
-		$rows = pg_numrows($result);
-		for($i = 0; $i < $rows; ++$i) {
-			$row = pg_fetch_row ($result,$i);
-			$perm['username']	= $row[0];
-			$perm['give']		= ($row[1] == 1);
-			$perm['upload']		= ($row[2] == 1);
-			$perm['homepage']	= ($row[3] == 1);
-			$perm['access']		= ($row[4] == 1);
-			$perm['server']		= ($row[5] == 1);
-			$perm['description']	= ($row[6] == 1);
+		while (!$result->EOF) {
+			$perm['username']	= $result->fields[0];
+			$perm['give']		= ($result->fields[1] == 1);
+			$perm['upload']		= ($result->fields[2] == 1);
+			$perm['homepage']	= ($result->fields[3] == 1);
+			$perm['access']		= ($result->fields[4] == 1);
+			$perm['server']		= ($result->fields[5] == 1);
+			$perm['description']	= ($result->fields[6] == 1);
 			$out[] = $perm;
+			$result->MoveNext();
 		}
 	}
 	return $out;
@@ -103,12 +101,12 @@
 
 if ($action == "new_project") {
 	if ($validuser) {
-		pg_exec($db, "BEGIN");
-		pg_exec($db, "LOCK TABLE projects, permissions");
+		$db->BeginTrans();
+		#		pg_exec($db, "LOCK TABLE projects, permissions");
 		$err = false;
 
-		$query = "SELECT * FROM projects WHERE name = '%s'";
-		$result = pg_exec($db, sprintf($query, $safeproj));
+		$result = $db->Execute("SELECT * FROM projects WHERE name=?",
+			array($project));
 		do {
 			if(!preg_match('/^[a-zA-Z0-9-]*$/D', $project)) {
 				print $json->encode(array("error" => "Only letters, numbers, and dash are allowed in a project name."));
@@ -120,7 +118,7 @@
 				print $json->encode(array("error" => "Internal server error."));
 				break;
 			}
-			if(pg_numrows($result)) {
+			if ($result->RecordCount()) {
 				print $json->encode(array("error" => "That project name is already taken."));
 				$err = true;
 				break;
@@ -128,17 +126,15 @@
 			$projdir = $serverdir . '/projects/'. $project;
 			$projwww = $serverdir . '/www/projects/'. $project;
 #			$query = "INSERT INTO projects (name, directory) VALUES ('%s', '%s')";
-			$query = "INSERT INTO projects (name) VALUES ('%s')";
-			$result = pg_exec($db, sprintf($query, $safeproj, '/foobar'));
+			$result = $db->Execute("INSERT INTO projects (name) VALUES (?)", array($project));
 			if(!$result) {
 				$err = true; 
 				print $json->encode(array("error" => "Internal server error."));
 				break;
 			}
 			$fields = "username, project, give, upload, homepage, access, server, description";
-			$query = sprintf("INSERT INTO permissions (%s) VALUES (%%s)", $fields);
-			$values = sprintf("'%s', '%s', 1, 1, 1, 1, 1, 1", $username, $safeproj);
-			$result = pg_exec($db, sprintf($query, $values));
+			$query = sprintf("INSERT INTO permissions (%s) VALUES (?,?,1,1,1,1,1,1)", $fields);
+			$result = $db->Execute($query, array($username, $project)));
 			if(!$result) {
 				$err = true; 
 				print $json->encode(array("error" => "Internal server error."));
@@ -163,14 +159,14 @@
 			usherctrl("ADD $project");
 		} while (false);
 		if ($err)
-			pg_exec($db, "ROLLBACK");
+			$db->RollbackTrans();
 		else
 			print $json->encode(array("name" => $project));
 
-		pg_exec($db, "END");
+		$db->CommitTrans();
 	} else
 		print $json->encode(array("error" => "username or password incorrect."));
 } else
 	print $json->encode(array("error" => sprintf("'%s' not implemented.", $action)));
-pg_close($db);
+$db->Close();
 ?>
============================================================
--- www/project.php	3260a28bfd208039e33b8637a1ec5a5c4ee85dba
+++ www/project.php	02a98d34f5ed4b461542afedd2e846f980fe1731
@@ -1,12 +1,11 @@
 <?
 include_once('common.php');
 $hostname = "localhost";
 $project = basename(dirname($_SERVER['PHP_SELF']));
-$safeproj = pg_escape_string($project);
 $level = 'project';
 
 function mkfilediv() {
-	global $safeproj;
+	global $project;
 	$files = scandir("files");
 	$filediv_header = "<hr/>\n<p>"
 	. "This project has released the following files:</p>\n\n"