diff --git a/interface/lib/classes/db_mysql.inc.php b/interface/lib/classes/db_mysql.inc.php
index feab66cd936bbbbb8df15d49e39c9564fb13e6b0..cd9c333b22040081932c4d8a70902c2809ef1e48 100644
--- a/interface/lib/classes/db_mysql.inc.php
+++ b/interface/lib/classes/db_mysql.inc.php
@@ -171,14 +171,10 @@ class db
} elseif(is_null($sValue) || (is_string($sValue) && (strcmp($sValue, '#NULL#') == 0))) {
$sTxt = 'NULL';
} elseif(is_array($sValue)) {
- if(isset($sValue['SQL'])) {
- $sTxt = $sValue['SQL'];
- } else {
- $sTxt = '';
- foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';
- $sTxt = '(' . substr($sTxt, 1) . ')';
- if($sTxt == '()') $sTxt = '(0)';
- }
+ $sTxt = '';
+ foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';
+ $sTxt = '(' . substr($sTxt, 1) . ')';
+ if($sTxt == '()') $sTxt = '(0)';
} else {
$sTxt = '\'' . $this->escape($sValue) . '\'';
}
@@ -258,7 +254,7 @@ class db
private function _query($sQuery = '') {
global $app;
-
+
$aArgs = func_get_args();
if ($sQuery == '') {
@@ -354,7 +350,7 @@ class db
* @return array result row or NULL if none found
*/
public function queryOneRecord($sQuery = '') {
-
+
$aArgs = func_get_args();
if(!empty($aArgs)) {
$sQuery = array_shift($aArgs);
@@ -363,7 +359,7 @@ class db
}
array_unshift($aArgs, $sQuery);
}
-
+
$oResult = call_user_func_array([&$this, 'query'], $aArgs);
if(!$oResult) return null;
@@ -750,7 +746,7 @@ class db
foreach($insert_data as $key => $val) {
$key_str .= '??,';
$params[] = $key;
-
+
$val_str .= '?,';
$v_params[] = $val;
}
@@ -764,7 +760,7 @@ class db
$this->query("INSERT INTO ?? $insert_data_str", $tablename);
$app->log("deprecated use of passing values to datalogInsert() - table " . $tablename, 1);
}
-
+
$old_rec = array();
$index_value = $this->insertID();
if(!$index_value && isset($insert_data[$index_field])) {
@@ -1112,7 +1108,7 @@ class db
* @access public
* @return string 'mariadb' or string 'mysql'
*/
-
+
public function getDatabaseType() {
$tmp = $this->queryOneRecord('SELECT VERSION() as version');
if(stristr($tmp['version'],'mariadb')) {
@@ -1140,7 +1136,7 @@ class db
return $version[0];
}
}
-
+
/**
* Get a mysql password hash
*
@@ -1150,9 +1146,9 @@ class db
*/
public function getPasswordHash($password) {
-
+
$password_type = 'password';
-
+
/* Disabled until caching_sha2_password is implemented
if($this->getDatabaseType() == 'mysql' && $this->getDatabaseVersion(true) >= 8) {
// we are in MySQL 8 mode
@@ -1162,16 +1158,16 @@ class db
}
}
*/
-
+
if($password_type == 'caching_sha2_password') {
/*
- caching_sha2_password hashing needs to be implemented, have not
+ caching_sha2_password hashing needs to be implemented, have not
found valid PHP implementation for the new password hash type.
*/
} else {
$password_hash = '*'.strtoupper(sha1(sha1($password, true)));
}
-
+
return $password_hash;
}
diff --git a/interface/web/login/password_reset.php b/interface/web/login/password_reset.php
index 9a2541bba0ed5179ddd04dded34a5bb66333840e..2e1d5e6aad0c912a7f3c9f7a82efb259735b78df 100644
--- a/interface/web/login/password_reset.php
+++ b/interface/web/login/password_reset.php
@@ -47,7 +47,7 @@ include ISPC_ROOT_PATH.'/web/login/lib/lang/'.$app->functions->check_language($c
$app->tpl->setVar($wb);
$continue = true;
-if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '' && $_POST['username'] != 'admin') {
+if(isset($_POST['username']) && is_string($_POST['username']) && $_POST['username'] != '' && isset($_POST['email']) && is_string($_POST['email']) && $_POST['email'] != '' && $_POST['username'] != 'admin') {
if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) {
$app->tpl->setVar("error", $wb['user_regex_error']);
$continue = false;
@@ -60,11 +60,13 @@ if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '
$username = $_POST['username'];
$email = $_POST['email'];
- $client = $app->db->queryOneRecord("SELECT client.*, sys_user.lost_password_function, sys_user.lost_password_hash, IF(sys_user.lost_password_reqtime IS NOT NULL AND DATE_SUB(NOW(), INTERVAL 15 MINUTE) < sys_user.lost_password_reqtime, 1, 0) as `lost_password_wait` FROM client,sys_user WHERE client.username = ? AND client.email = ? AND client.client_id = sys_user.client_id", $username, $email);
+ if($continue) {
+ $client = $app->db->queryOneRecord("SELECT client.*, sys_user.lost_password_function, sys_user.lost_password_hash, IF(sys_user.lost_password_reqtime IS NOT NULL AND DATE_SUB(NOW(), INTERVAL 15 MINUTE) < sys_user.lost_password_reqtime, 1, 0) as `lost_password_wait` FROM client,sys_user WHERE client.username = ? AND client.email = ? AND client.client_id = sys_user.client_id", $username, $email);
+ }
- if($client['lost_password_function'] == 0) {
+ if($client && $client['lost_password_function'] == 0) {
$app->tpl->setVar("error", $wb['lost_password_function_disabled_txt']);
- } elseif($client['lost_password_wait'] == 1) {
+ } elseif($client && $client['lost_password_wait'] == 1) {
$app->tpl->setVar("error", $wb['lost_password_function_wait_txt']);
} elseif ($continue) {
if($client['client_id'] > 0) {
@@ -111,7 +113,7 @@ if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '
$app->tpl->setVar("error", $wb['user_regex_error']);
$continue = false;
}
-
+
$username = $_GET['username'];
$hash = $_GET['hash'];
@@ -127,7 +129,7 @@ if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '
if($client['client_id'] > 0) {
$server_config_array = $app->getconf->get_global_config();
$min_password_length = $app->auth->get_min_password_length();
-
+
$new_password = $app->auth->get_random_password($min_password_length, true);
$new_password_encrypted = $app->auth->crypt_password($new_password);
diff --git a/server/lib/classes/cron.d/300-quota_notify.inc.php b/server/lib/classes/cron.d/300-quota_notify.inc.php
index bd6a410309cb35b77bf41468805b547a82723410..5e1bb922767e395569a045e394c3b65b555c1445 100644
--- a/server/lib/classes/cron.d/300-quota_notify.inc.php
+++ b/server/lib/classes/cron.d/300-quota_notify.inc.php
@@ -250,7 +250,7 @@ class cronjob_quota_notify extends cronjob {
//* Send quota notifications
if(($web_config['overquota_notify_admin'] == 'y' || $web_config['overquota_notify_client'] == 'y') && $send_notification == true) {
- $app->dbmaster->datalogUpdate('web_domain', array("last_quota_notification" => array("SQL" => "CURDATE()")), 'domain_id', $rec['domain_id']);
+ $app->dbmaster->datalogUpdate('web_domain', array("last_quota_notification" => date('Y-m-d')), 'domain_id', $rec['domain_id']);
$placeholders = array('{domain}' => $rec['domain'],
'{admin_mail}' => ($global_config['admin_mail'] != ''? $global_config['admin_mail'] : 'root'),
@@ -379,7 +379,7 @@ class cronjob_quota_notify extends cronjob {
elseif($mail_config['overquota_notify_freq'] > 0 && $rec['notified_before'] >= $mail_config['overquota_notify_freq']) $send_notification = true;
if(($mail_config['overquota_notify_admin'] == 'y' || $mail_config['overquota_notify_client'] == 'y') && $send_notification == true) {
- $app->dbmaster->datalogUpdate('mail_user', array("last_quota_notification" => array("SQL" => "CURDATE()")), 'mailuser_id', $rec['mailuser_id']);
+ $app->dbmaster->datalogUpdate('mail_user', array("last_quota_notification" => date('Y-m-d')), 'mailuser_id', $rec['mailuser_id']);
$placeholders = array('{email}' => $rec['email'],
'{admin_mail}' => ($global_config['admin_mail'] != ''? $global_config['admin_mail'] : 'root'),
@@ -466,7 +466,7 @@ class cronjob_quota_notify extends cronjob {
//* Send quota notifications
if(($web_config['overquota_db_notify_admin'] == 'y' || $web_config['overquota_db_notify_client'] == 'y') && $send_notification == true) {
- $app->dbmaster->datalogUpdate('web_database', array("last_quota_notification" => array("SQL" => "CURDATE()")), 'database_id', $rec['database_id']);
+ $app->dbmaster->datalogUpdate('web_database', array("last_quota_notification" => date('Y-m-d')), 'database_id', $rec['database_id']);
$placeholders = array(
'{database_name}' => $rec['database_name'],
'{admin_mail}' => ($global_config['admin_mail'] != ''? $global_config['admin_mail'] : 'root'),
diff --git a/server/lib/classes/db_mysql.inc.php b/server/lib/classes/db_mysql.inc.php
index df38086ebee7ff73d67ba437c36e7172b7a15c77..9b9d43b442898309a91d67c087d447d062353fc7 100644
--- a/server/lib/classes/db_mysql.inc.php
+++ b/server/lib/classes/db_mysql.inc.php
@@ -171,14 +171,10 @@ class db
} elseif(is_null($sValue) || (is_string($sValue) && (strcmp($sValue, '#NULL#') == 0))) {
$sTxt = 'NULL';
} elseif(is_array($sValue)) {
- if(isset($sValue['SQL'])) {
- $sTxt = $sValue['SQL'];
- } else {
- $sTxt = '';
- foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';
- $sTxt = '(' . substr($sTxt, 1) . ')';
- if($sTxt == '()') $sTxt = '(0)';
- }
+ $sTxt = '';
+ foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';
+ $sTxt = '(' . substr($sTxt, 1) . ')';
+ if($sTxt == '()') $sTxt = '(0)';
} else {
$sTxt = '\'' . $this->escape($sValue) . '\'';
}
@@ -258,7 +254,7 @@ class db
private function _query($sQuery = '') {
global $app;
-
+
$aArgs = func_get_args();
if ($sQuery == '') {
@@ -354,7 +350,7 @@ class db
* @return array result row or NULL if none found
*/
public function queryOneRecord($sQuery = '') {
-
+
$aArgs = func_get_args();
if(!empty($aArgs)) {
$sQuery = array_shift($aArgs);
@@ -363,7 +359,7 @@ class db
}
array_unshift($aArgs, $sQuery);
}
-
+
$oResult = call_user_func_array([&$this, 'query'], $aArgs);
if(!$oResult) return null;
@@ -750,7 +746,7 @@ class db
foreach($insert_data as $key => $val) {
$key_str .= '??,';
$params[] = $key;
-
+
$val_str .= '?,';
$v_params[] = $val;
}
@@ -764,7 +760,7 @@ class db
$this->query("INSERT INTO ?? $insert_data_str", $tablename);
$app->log("deprecated use of passing values to datalogInsert() - table " . $tablename, 1);
}
-
+
$old_rec = array();
$index_value = $this->insertID();
if(!$index_value && isset($insert_data[$index_field])) {
@@ -1140,7 +1136,7 @@ class db
return $version[0];
}
}
-
+
/**
* Get a mysql password hash
*
@@ -1148,11 +1144,11 @@ class db
* @param string cleartext password
* @return string Password hash
*/
-
+
public function getPasswordHash($password) {
-
+
$password_type = 'password';
-
+
/* Disabled until caching_sha2_password is implemented
if($this->getDatabaseType() == 'mysql' && $this->getDatabaseVersion(true) >= 8) {
// we are in MySQL 8 mode
@@ -1162,16 +1158,16 @@ class db
}
}
*/
-
+
if($password_type == 'caching_sha2_password') {
/*
- caching_sha2_password hashing needs to be implemented, have not
+ caching_sha2_password hashing needs to be implemented, have not
found valid PHP implementation for the new password hash type.
*/
} else {
$password_hash = '*'.strtoupper(sha1(sha1($password, true)));
}
-
+
return $password_hash;
}